Accepting request 698628 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/698628 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=76
This commit is contained in:
commit
8d3c3ab6bd
260
libgcrypt-1.8.3-fips-ctor.patch
Normal file
260
libgcrypt-1.8.3-fips-ctor.patch
Normal file
@ -0,0 +1,260 @@
|
|||||||
|
Index: libgcrypt-1.8.4/cipher/md.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/cipher/md.c 2019-03-25 16:58:52.844354398 +0100
|
||||||
|
+++ libgcrypt-1.8.4/cipher/md.c 2019-03-25 16:58:53.512358321 +0100
|
||||||
|
@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||||
|
|
||||||
|
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
||||||
|
{
|
||||||
|
- _gcry_inactivate_fips_mode ("MD5 used");
|
||||||
|
if (_gcry_enforced_fips_mode () )
|
||||||
|
{
|
||||||
|
- /* We should never get to here because we do not register
|
||||||
|
- MD5 in enforced fips mode. But better throw an error. */
|
||||||
|
err = GPG_ERR_DIGEST_ALGO;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Index: libgcrypt-1.8.4/src/fips.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/src/fips.c 2019-03-25 16:58:52.844354398 +0100
|
||||||
|
+++ libgcrypt-1.8.4/src/fips.c 2019-03-25 16:58:53.516358344 +0100
|
||||||
|
@@ -91,6 +91,31 @@ static void fips_new_state (enum module_
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
+/* Initialize the FSM lock - this function may only
|
||||||
|
+ be called once and is intended to be run from the library
|
||||||
|
+ constructor */
|
||||||
|
+void
|
||||||
|
+_gcry_initialize_fsm_lock (void)
|
||||||
|
+{
|
||||||
|
+ gpg_error_t err;
|
||||||
|
+ /* Intitialize the lock to protect the FSM. */
|
||||||
|
+ err = gpgrt_lock_init (&fsm_lock);
|
||||||
|
+ if (err)
|
||||||
|
+ {
|
||||||
|
+ /* If that fails we can't do anything but abort the
|
||||||
|
+ process. We need to use log_info so that the FSM won't
|
||||||
|
+ get involved. */
|
||||||
|
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
||||||
|
+ gpg_strerror (err));
|
||||||
|
+#ifdef HAVE_SYSLOG
|
||||||
|
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||||
|
+ "creating FSM lock failed: %s - abort",
|
||||||
|
+ gpg_strerror (err));
|
||||||
|
+#endif /*HAVE_SYSLOG*/
|
||||||
|
+ abort ();
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Check whether the OS is in FIPS mode and record that in a module
|
||||||
|
local variable. If FORCE is passed as true, fips mode will be
|
||||||
|
enabled anyway. Note: This function is not thread-safe and should
|
||||||
|
@@ -100,7 +125,6 @@ void
|
||||||
|
_gcry_initialize_fips_mode (int force)
|
||||||
|
{
|
||||||
|
static int done;
|
||||||
|
- gpg_error_t err;
|
||||||
|
|
||||||
|
/* Make sure we are not accidentally called twice. */
|
||||||
|
if (done)
|
||||||
|
@@ -190,24 +214,6 @@ _gcry_initialize_fips_mode (int force)
|
||||||
|
/* Yes, we are in FIPS mode. */
|
||||||
|
FILE *fp;
|
||||||
|
|
||||||
|
- /* Intitialize the lock to protect the FSM. */
|
||||||
|
- err = gpgrt_lock_init (&fsm_lock);
|
||||||
|
- if (err)
|
||||||
|
- {
|
||||||
|
- /* If that fails we can't do anything but abort the
|
||||||
|
- process. We need to use log_info so that the FSM won't
|
||||||
|
- get involved. */
|
||||||
|
- log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
||||||
|
- gpg_strerror (err));
|
||||||
|
-#ifdef HAVE_SYSLOG
|
||||||
|
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||||
|
- "creating FSM lock failed: %s - abort",
|
||||||
|
- gpg_strerror (err));
|
||||||
|
-#endif /*HAVE_SYSLOG*/
|
||||||
|
- abort ();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-
|
||||||
|
/* If the FIPS force files exists, is readable and has a number
|
||||||
|
!= 0 on its first line, we enable the enforced fips mode. */
|
||||||
|
fp = fopen (FIPS_FORCE_FILE, "r");
|
||||||
|
@@ -370,16 +376,20 @@ _gcry_fips_is_operational (void)
|
||||||
|
{
|
||||||
|
int result;
|
||||||
|
|
||||||
|
- if (!fips_mode ())
|
||||||
|
+ lock_fsm ();
|
||||||
|
+ if (current_state == STATE_POWERON && !fips_mode ())
|
||||||
|
+ /* If we are at this point in POWERON state it means the FIPS
|
||||||
|
+ module installation was not completed. (/etc/system-fips
|
||||||
|
+ is not present.) */
|
||||||
|
result = 1;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- lock_fsm ();
|
||||||
|
- if (current_state == STATE_INIT)
|
||||||
|
+ if (current_state == STATE_INIT || current_state == STATE_SELFTEST)
|
||||||
|
{
|
||||||
|
- /* If we are still in the INIT state, we need to run the
|
||||||
|
- selftests so that the FSM can eventually get into
|
||||||
|
- operational state. Given that we would need a 2-phase
|
||||||
|
+ /* If we are still in the INIT (or SELFTEST) state,
|
||||||
|
+ we need to run (or finish) the selftests so
|
||||||
|
+ that the FSM can eventually get into operational
|
||||||
|
+ state. Given that we would need a 2-phase
|
||||||
|
initialization of libgcrypt, but that has traditionally
|
||||||
|
not been enforced, we use this on demand self-test
|
||||||
|
checking. Note that Proper applications would do the
|
||||||
|
@@ -395,9 +405,11 @@ _gcry_fips_is_operational (void)
|
||||||
|
lock_fsm ();
|
||||||
|
}
|
||||||
|
|
||||||
|
- result = (current_state == STATE_OPERATIONAL);
|
||||||
|
- unlock_fsm ();
|
||||||
|
+ result = (current_state == STATE_OPERATIONAL) || !fips_mode ();
|
||||||
|
+ /* We always run the selftests but ignore the result
|
||||||
|
+ in non-FIPS mode. */
|
||||||
|
}
|
||||||
|
+ unlock_fsm ();
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -722,9 +734,25 @@ _gcry_fips_run_selftests (int extended)
|
||||||
|
{
|
||||||
|
enum module_states result = STATE_ERROR;
|
||||||
|
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
||||||
|
+ int in_poweron;
|
||||||
|
|
||||||
|
- if (fips_mode ())
|
||||||
|
- fips_new_state (STATE_SELFTEST);
|
||||||
|
+ lock_fsm ();
|
||||||
|
+ in_poweron = (current_state == STATE_POWERON);
|
||||||
|
+ unlock_fsm ();
|
||||||
|
+
|
||||||
|
+ fips_new_state (STATE_SELFTEST);
|
||||||
|
+
|
||||||
|
+ /* We first check the integrity of the binary.
|
||||||
|
+ If run from the constructor we are in POWERON state,
|
||||||
|
+ we return and finish the remaining selftests before
|
||||||
|
+ real use of the library. It will be in the POWERON
|
||||||
|
+ state meanwhile. */
|
||||||
|
+ if (in_poweron)
|
||||||
|
+ if (check_binary_integrity ())
|
||||||
|
+ goto leave;
|
||||||
|
+
|
||||||
|
+ if (in_poweron)
|
||||||
|
+ return 0;
|
||||||
|
|
||||||
|
if (run_cipher_selftests (extended))
|
||||||
|
goto leave;
|
||||||
|
@@ -743,18 +771,12 @@ _gcry_fips_run_selftests (int extended)
|
||||||
|
if (run_pubkey_selftests (extended))
|
||||||
|
goto leave;
|
||||||
|
|
||||||
|
- /* Now check the integrity of the binary. We do this this after
|
||||||
|
- having checked the HMAC code. */
|
||||||
|
- if (check_binary_integrity ())
|
||||||
|
- goto leave;
|
||||||
|
-
|
||||||
|
/* All selftests passed. */
|
||||||
|
result = STATE_OPERATIONAL;
|
||||||
|
ec = 0;
|
||||||
|
|
||||||
|
leave:
|
||||||
|
- if (fips_mode ())
|
||||||
|
- fips_new_state (result);
|
||||||
|
+ fips_new_state (result);
|
||||||
|
|
||||||
|
return ec;
|
||||||
|
}
|
||||||
|
@@ -810,6 +832,7 @@ fips_new_state (enum module_states new_s
|
||||||
|
{
|
||||||
|
case STATE_POWERON:
|
||||||
|
if (new_state == STATE_INIT
|
||||||
|
+ || new_state == STATE_SELFTEST
|
||||||
|
|| new_state == STATE_ERROR
|
||||||
|
|| new_state == STATE_FATALERROR)
|
||||||
|
ok = 1;
|
||||||
|
@@ -824,6 +847,8 @@ fips_new_state (enum module_states new_s
|
||||||
|
|
||||||
|
case STATE_SELFTEST:
|
||||||
|
if (new_state == STATE_OPERATIONAL
|
||||||
|
+ || new_state == STATE_INIT
|
||||||
|
+ || new_state == STATE_SELFTEST
|
||||||
|
|| new_state == STATE_ERROR
|
||||||
|
|| new_state == STATE_FATALERROR)
|
||||||
|
ok = 1;
|
||||||
|
Index: libgcrypt-1.8.4/src/global.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/src/global.c 2019-03-25 16:58:52.844354398 +0100
|
||||||
|
+++ libgcrypt-1.8.4/src/global.c 2019-03-25 16:58:53.516358344 +0100
|
||||||
|
@@ -145,6 +145,29 @@ global_init (void)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE_PATH
|
||||||
|
+#define FIPS_MODULE_PATH "/etc/system-fips"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
||||||
|
+{
|
||||||
|
+ int rv;
|
||||||
|
+
|
||||||
|
+ /* We always need the FSM lock to be functional. */
|
||||||
|
+ _gcry_initialize_fsm_lock ();
|
||||||
|
+
|
||||||
|
+ rv = access (FIPS_MODULE_PATH, F_OK);
|
||||||
|
+ if (rv < 0 && errno != ENOENT)
|
||||||
|
+ rv = 0;
|
||||||
|
+
|
||||||
|
+ if (!rv)
|
||||||
|
+ {
|
||||||
|
+ /* We run the integrity check at this point. The remaining
|
||||||
|
+ selftests are run before use of the library by application. */
|
||||||
|
+ _gcry_fips_run_selftests (0);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* This function is called by the macro fips_is_operational and makes
|
||||||
|
sure that the minimal initialization has been done. This is far
|
||||||
|
from a perfect solution and hides problems with an improper
|
||||||
|
@@ -675,8 +698,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
|
|
||||||
|
case GCRYCTL_FIPS_MODE_P:
|
||||||
|
if (fips_mode ()
|
||||||
|
- && !_gcry_is_fips_mode_inactive ()
|
||||||
|
- && !no_secure_memory)
|
||||||
|
+ && !_gcry_is_fips_mode_inactive ())
|
||||||
|
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -753,9 +775,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
|
break;
|
||||||
|
|
||||||
|
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
||||||
|
- if (!any_init_done)
|
||||||
|
+ if (fips_mode ())
|
||||||
|
{
|
||||||
|
- /* Not yet initialized at all. Set the enforced fips mode flag */
|
||||||
|
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
|
||||||
|
_gcry_set_preferred_rng_type (0);
|
||||||
|
_gcry_set_enforced_fips_mode ();
|
||||||
|
}
|
||||||
|
Index: libgcrypt-1.8.4/src/g10lib.h
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/src/g10lib.h 2019-03-25 16:58:52.844354398 +0100
|
||||||
|
+++ libgcrypt-1.8.4/src/g10lib.h 2019-03-25 16:58:53.516358344 +0100
|
||||||
|
@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
||||||
|
|
||||||
|
/*-- fips.c --*/
|
||||||
|
|
||||||
|
+void _gcry_initialize_fsm_lock (void);
|
||||||
|
+
|
||||||
|
void _gcry_initialize_fips_mode (int force);
|
||||||
|
|
||||||
|
int _gcry_fips_mode (void);
|
15
libgcrypt-1.8.4-allow_FSM_same_state.patch
Normal file
15
libgcrypt-1.8.4-allow_FSM_same_state.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
Index: libgcrypt-1.8.4/src/fips.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/src/fips.c
|
||||||
|
+++ libgcrypt-1.8.4/src/fips.c
|
||||||
|
@@ -930,6 +930,10 @@ fips_new_state (enum module_states new_s
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Allow a transition to the current state */
|
||||||
|
+ if (current_state == new_state)
|
||||||
|
+ ok = 1;
|
||||||
|
+
|
||||||
|
if (ok)
|
||||||
|
{
|
||||||
|
current_state = new_state;
|
103
libgcrypt-1.8.4-getrandom.patch
Normal file
103
libgcrypt-1.8.4-getrandom.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
Index: libgcrypt-1.8.4/random/random-csprng.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/random/random-csprng.c
|
||||||
|
+++ libgcrypt-1.8.4/random/random-csprng.c
|
||||||
|
@@ -55,6 +55,10 @@
|
||||||
|
#ifdef __MINGW32__
|
||||||
|
#include <process.h>
|
||||||
|
#endif
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||||
|
+# include <sys/syscall.h>
|
||||||
|
+# include <linux/random.h>
|
||||||
|
+#endif
|
||||||
|
#include "g10lib.h"
|
||||||
|
#include "random.h"
|
||||||
|
#include "rand-internal.h"
|
||||||
|
@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
|
||||||
|
enum random_origins, size_t, int);
|
||||||
|
|
||||||
|
#if USE_RNDLINUX
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ long ret;
|
||||||
|
+ char buffer[1];
|
||||||
|
+
|
||||||
|
+ _gcry_pre_syscall ();
|
||||||
|
+ ret = syscall (__NR_getrandom,
|
||||||
|
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||||
|
+ _gcry_post_syscall ();
|
||||||
|
+ if (ret != -1 || errno != ENOSYS)
|
||||||
|
+ {
|
||||||
|
+ fnc = _gcry_rndlinux_gather_random;
|
||||||
|
+ return fnc;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
|
+#endif
|
||||||
|
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
||||||
|
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
||||||
|
{
|
||||||
|
Index: libgcrypt-1.8.4/random/random.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/random/random.c
|
||||||
|
+++ libgcrypt-1.8.4/random/random.c
|
||||||
|
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
||||||
|
unsigned int result = 0;
|
||||||
|
|
||||||
|
fp = fopen (fname, "r");
|
||||||
|
- if (!fp)
|
||||||
|
- return result;
|
||||||
|
+ if (!fp) /* We make only_urandom the default. */
|
||||||
|
+ return RANDOM_CONF_ONLY_URANDOM;
|
||||||
|
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
Index: libgcrypt-1.8.4/random/rndlinux.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/random/rndlinux.c
|
||||||
|
+++ libgcrypt-1.8.4/random/rndlinux.c
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
#include <fcntl.h>
|
||||||
|
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||||
|
# include <sys/syscall.h>
|
||||||
|
+# include <linux/random.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "types.h"
|
||||||
|
@@ -248,6 +249,18 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
{
|
||||||
|
if (fd_urandom == -1)
|
||||||
|
{
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ long ret;
|
||||||
|
+
|
||||||
|
+ _gcry_pre_syscall ();
|
||||||
|
+ ret = syscall (__NR_getrandom,
|
||||||
|
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||||
|
+ _gcry_post_syscall ();
|
||||||
|
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
||||||
|
+ fd_urandom = -2;
|
||||||
|
+ else
|
||||||
|
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
|
+#endif
|
||||||
|
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
||||||
|
ever_opened |= 2;
|
||||||
|
}
|
||||||
|
@@ -275,6 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
* syscall and not a new device and thus we are not able to use
|
||||||
|
* select(2) to have a timeout. */
|
||||||
|
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ if (fd == -2)
|
||||||
|
{
|
||||||
|
long ret;
|
||||||
|
size_t nbytes;
|
||||||
|
@@ -290,9 +304,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
_gcry_post_syscall ();
|
||||||
|
}
|
||||||
|
while (ret == -1 && errno == EINTR);
|
||||||
|
- if (ret == -1 && errno == ENOSYS)
|
||||||
|
- ; /* The syscall is not supported - fallback to pulling from fd. */
|
||||||
|
- else
|
||||||
|
+ if (1)
|
||||||
|
{ /* The syscall is supported. Some sanity checks. */
|
||||||
|
if (ret == -1)
|
||||||
|
log_fatal ("unexpected error from getrandom: %s\n",
|
39
libgcrypt-1.8.4-use_xfree.patch
Normal file
39
libgcrypt-1.8.4-use_xfree.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
Index: libgcrypt-1.8.4/src/hmac256.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/src/hmac256.c
|
||||||
|
+++ libgcrypt-1.8.4/src/hmac256.c
|
||||||
|
@@ -69,6 +69,7 @@ typedef uint32_t u32;
|
||||||
|
|
||||||
|
#ifdef STANDALONE
|
||||||
|
#define xtrymalloc(a) malloc((a))
|
||||||
|
+#define xfree(a) free((a))
|
||||||
|
#define gpg_err_set_errno(a) (errno = (a))
|
||||||
|
#else
|
||||||
|
#include "g10lib.h"
|
||||||
|
@@ -341,7 +342,7 @@ _gcry_hmac256_new (const void *key, size
|
||||||
|
tmphd = _gcry_hmac256_new (NULL, 0);
|
||||||
|
if (!tmphd)
|
||||||
|
{
|
||||||
|
- free (hd);
|
||||||
|
+ xfree (hd);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
_gcry_hmac256_update (tmphd, key, keylen);
|
||||||
|
@@ -373,7 +374,7 @@ _gcry_hmac256_release (hmac256_context_t
|
||||||
|
/* Note: We need to take care not to modify errno. */
|
||||||
|
if (ctx->use_hmac)
|
||||||
|
my_wipememory (ctx->opad, 64);
|
||||||
|
- free (ctx);
|
||||||
|
+ xfree (ctx);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -489,7 +490,7 @@ _gcry_hmac256_file (void *result, size_t
|
||||||
|
while ( (nread = fread (buffer, 1, buffer_size, fp)))
|
||||||
|
_gcry_hmac256_update (hd, buffer, nread);
|
||||||
|
|
||||||
|
- free (buffer);
|
||||||
|
+ xfree (buffer);
|
||||||
|
|
||||||
|
if (ferror (fp))
|
||||||
|
{
|
@ -1,15 +1,82 @@
|
|||||||
Index: libgcrypt-1.8.4/src/fips.c
|
Index: libgcrypt-1.8.2/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/src/fips.c 2018-11-26 17:30:28.040692529 +0100
|
--- libgcrypt-1.8.2.orig/src/fips.c 2019-03-27 13:15:14.190987624 +0100
|
||||||
+++ libgcrypt-1.8.4/src/fips.c 2018-11-26 17:59:04.130934181 +0100
|
+++ libgcrypt-1.8.2/src/fips.c 2019-03-27 13:18:07.047986428 +0100
|
||||||
@@ -663,7 +663,11 @@ check_binary_integrity (void)
|
@@ -115,6 +115,50 @@ _gcry_initialize_fsm_lock (void)
|
||||||
|
abort ();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/* Checks whether the library will enter the FIPS mode.
|
||||||
|
+ Uses the same logic as _gcry_initialize_fips_mode */
|
||||||
|
+static int
|
||||||
|
+will_enter_fips (void)
|
||||||
|
+{
|
||||||
|
+ /* for convenience, so that a process can run fips-enabled, but
|
||||||
|
+ not necessarily all of them, enable FIPS mode via environment
|
||||||
|
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
|
||||||
|
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
+ /* For testing the system it is useful to override the system
|
||||||
|
+ provided detection of the FIPS mode and force FIPS mode using a
|
||||||
|
+ file. The filename is hardwired so that there won't be any
|
||||||
|
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||||
|
+ actually used. The file itself may be empty. */
|
||||||
|
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
+ /* Checking based on /proc file properties. */
|
||||||
|
+ {
|
||||||
|
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||||
|
+ FILE *fp;
|
||||||
|
+
|
||||||
|
+ fp = fopen (procfname, "r");
|
||||||
|
+ if (fp)
|
||||||
|
+ {
|
||||||
|
+ char line[256];
|
||||||
|
+
|
||||||
|
+ if (fgets (line, sizeof line, fp) && atoi (line))
|
||||||
|
+ {
|
||||||
|
+ /* System is in fips mode. */
|
||||||
|
+ fclose (fp);
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+ fclose (fp);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
|
||||||
|
/* Check whether the OS is in FIPS mode and record that in a module
|
||||||
|
local variable. If FORCE is passed as true, fips mode will be
|
||||||
|
@@ -631,10 +675,10 @@ get_library_path(const char *libname, co
|
||||||
|
|
||||||
|
/* Run an integrity check on the binary. Returns 0 on success. */
|
||||||
|
static int
|
||||||
|
-check_binary_integrity (void)
|
||||||
|
+check_binary_integrity ()
|
||||||
|
{
|
||||||
|
#ifdef ENABLE_HMAC_BINARY_CHECK
|
||||||
|
- gpg_error_t err;
|
||||||
|
+ gpg_error_t err = 0;
|
||||||
|
char libpath[4096];
|
||||||
|
unsigned char digest[32];
|
||||||
|
int dlen;
|
||||||
|
@@ -675,7 +719,14 @@ check_binary_integrity (void)
|
||||||
/* Open the file. */
|
/* Open the file. */
|
||||||
fp = fopen (fname, "r");
|
fp = fopen (fname, "r");
|
||||||
if (!fp)
|
if (!fp)
|
||||||
- err = gpg_error_from_syserror ();
|
- err = gpg_error_from_syserror ();
|
||||||
+ {
|
+ {
|
||||||
+ /* Missing checksum is a problem only in FIPS mode */
|
+ /* Missing checksum is a problem only in FIPS mode.
|
||||||
+ if (fips_mode() || errno != ENOENT)
|
+ As the integrity check was moved to the POWERON state,
|
||||||
|
+ we no longer can rely on fips_mode(). Because at the point,
|
||||||
|
+ the library is not yet initialized. */
|
||||||
|
+ if (will_enter_fips() || errno != ENOENT)
|
||||||
+ err = gpg_error_from_syserror ();
|
+ err = gpg_error_from_syserror ();
|
||||||
+ }
|
+ }
|
||||||
else
|
else
|
||||||
|
28
libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
Normal file
28
libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
Index: libgcrypt-1.8.4/src/global.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.4.orig/src/global.c 2019-03-25 16:58:45.880313488 +0100
|
||||||
|
+++ libgcrypt-1.8.4/src/global.c 2019-03-25 16:58:45.896313582 +0100
|
||||||
|
@@ -144,11 +144,6 @@ global_init (void)
|
||||||
|
BUG ();
|
||||||
|
}
|
||||||
|
|
||||||
|
-
|
||||||
|
-#ifndef FIPS_MODULE_PATH
|
||||||
|
-#define FIPS_MODULE_PATH "/etc/system-fips"
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
||||||
|
{
|
||||||
|
int rv;
|
||||||
|
@@ -156,11 +151,6 @@ void __attribute__ ((constructor)) _gcry
|
||||||
|
/* We always need the FSM lock to be functional. */
|
||||||
|
_gcry_initialize_fsm_lock ();
|
||||||
|
|
||||||
|
- rv = access (FIPS_MODULE_PATH, F_OK);
|
||||||
|
- if (rv < 0 && errno != ENOENT)
|
||||||
|
- rv = 0;
|
||||||
|
-
|
||||||
|
- if (!rv)
|
||||||
|
{
|
||||||
|
/* We run the integrity check at this point. The remaining
|
||||||
|
selftests are run before use of the library by application. */
|
13
libgcrypt-fips_rsa_no_enforced_mode.patch
Normal file
13
libgcrypt-fips_rsa_no_enforced_mode.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: libgcrypt-1.8.2/cipher/rsa.c
|
||||||
|
===================================================================
|
||||||
|
--- libgcrypt-1.8.2.orig/cipher/rsa.c 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.2/cipher/rsa.c 2019-03-26 11:14:33.737388126 +0100
|
||||||
|
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
||||||
|
|
||||||
|
if (nbits < 1024 || (nbits & 0x1FF))
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
||||||
|
+ if (fips_mode() && nbits != 2048 && nbits != 3072)
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
|
||||||
|
/* The random quality depends on the transient_key flag. */
|
@ -1,13 +0,0 @@
|
|||||||
Index: libgcrypt-1.6.1/src/global.c
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.6.1.orig/src/global.c
|
|
||||||
+++ libgcrypt-1.6.1/src/global.c
|
|
||||||
@@ -76,7 +76,7 @@ static gpg_err_code_t external_lock_test
|
|
||||||
likely to be called at startup. The suggested way for an
|
|
||||||
application to make sure that this has been called is by using
|
|
||||||
gcry_check_version. */
|
|
||||||
-static void
|
|
||||||
+static void __attribute__((constructor))
|
|
||||||
global_init (void)
|
|
||||||
{
|
|
||||||
gcry_error_t err = 0;
|
|
@ -1,3 +1,64 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 26 06:47:45 UTC 2019 - Jason Sikes <jsikes@suse.de>
|
||||||
|
|
||||||
|
- do not try to open /dev/urandom if getrandom() works
|
||||||
|
* Added libgcrypt-1.8.4-getrandom.patch
|
||||||
|
- Drop libgcrypt-init-at-elf-load-fips.patch obsoleted
|
||||||
|
by libgcrypt-1.8.3-fips-ctor.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 23 12:38:40 UTC 2019 - Jason Sikes <jsikes@suse.de>
|
||||||
|
|
||||||
|
- Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that
|
||||||
|
was partially causing bsc#1131183.
|
||||||
|
- Fixed race condition in multi-threaded applications by allowing a FSM state
|
||||||
|
transition to the current state. This means some tests are run twice.
|
||||||
|
* Added libgcrypt-1.8.4-allow_FSM_same_state.patch
|
||||||
|
- Fixed an issue in malloc/free wrappers so that memory created by the malloc()
|
||||||
|
wrappers will be destroyed using the free() wrappers.
|
||||||
|
* Added libgcrypt-1.8.4-use_xfree.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 5 21:56:00 UTC 2019 - Jason Sikes <jsikes@suse.de>
|
||||||
|
|
||||||
|
- removed libgcrypt-binary_integrity_in_non-FIPS.patch since it was breaking
|
||||||
|
libotr. bsc#1131183
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 26 16:30:23 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
|
||||||
|
are invoked as well as the state transition, adjust the code so
|
||||||
|
a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
|
||||||
|
* update libgcrypt-binary_integrity_in_non-FIPS.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 26 16:25:18 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
|
||||||
|
* add libgcrypt-fips_rsa_no_enforced_mode.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 22 14:13:05 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
- Don't run full self-tests from constructor (bsc#1097073)
|
||||||
|
* Don't call global_init() from the constructor, _gcry_global_constructor()
|
||||||
|
from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
|
||||||
|
integrity check instead.
|
||||||
|
* Only the binary checksum will be verified, the remaining
|
||||||
|
self-tests will be run upon the library initialization
|
||||||
|
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
|
||||||
|
- Drop libgcrypt-init-at-elf-load-fips.patch and
|
||||||
|
libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
|
||||||
|
by libgcrypt-1.8.3-fips-ctor.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 7 10:53:40 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||||
|
|
||||||
|
- Skip all the self-tests except for binary integrity when called
|
||||||
|
from the constructor (bsc#1097073)
|
||||||
|
* Added libgcrypt-1.8.3-fips-ctor.patch from Fedora
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package libgcrypt
|
# spec file for package libgcrypt
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -48,7 +48,6 @@ Patch13: libgcrypt-1.6.1-fips-cavs.patch
|
|||||||
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
|
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
|
||||||
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
|
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
|
||||||
Patch28: libgcrypt-fix-rng.patch
|
Patch28: libgcrypt-fix-rng.patch
|
||||||
Patch29: libgcrypt-init-at-elf-load-fips.patch
|
|
||||||
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
|
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
|
||||||
Patch30: drbg_test.patch
|
Patch30: drbg_test.patch
|
||||||
#PATCH-FIX-SUSE run FIPS self-test from constructor
|
#PATCH-FIX-SUSE run FIPS self-test from constructor
|
||||||
@ -57,7 +56,13 @@ Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
|
|||||||
Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
|
Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
|
||||||
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
|
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
|
||||||
Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
|
Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
|
||||||
Patch37: libgcrypt-binary_integrity_in_non-FIPS.patch
|
Patch39: libgcrypt-1.8.3-fips-ctor.patch
|
||||||
|
Patch40: libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
|
||||||
|
Patch41: libgcrypt-binary_integrity_in_non-FIPS.patch
|
||||||
|
Patch42: libgcrypt-fips_rsa_no_enforced_mode.patch
|
||||||
|
Patch43: libgcrypt-1.8.4-use_xfree.patch
|
||||||
|
Patch44: libgcrypt-1.8.4-allow_FSM_same_state.patch
|
||||||
|
Patch45: libgcrypt-1.8.4-getrandom.patch
|
||||||
BuildRequires: automake >= 1.14
|
BuildRequires: automake >= 1.14
|
||||||
BuildRequires: fipscheck
|
BuildRequires: fipscheck
|
||||||
BuildRequires: libgpg-error-devel >= 1.25
|
BuildRequires: libgpg-error-devel >= 1.25
|
||||||
@ -137,20 +142,7 @@ understanding of applied cryptography is required to use Libgcrypt.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch3 -p1
|
%autopatch -p1
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
%patch12 -p1
|
|
||||||
%patch28 -p1
|
|
||||||
%patch29 -p1
|
|
||||||
%patch30 -p1
|
|
||||||
%patch32 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
%patch14 -p1
|
|
||||||
%patch35 -p1
|
|
||||||
%patch36 -p1
|
|
||||||
%patch37 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
echo building with build_hmac256 set to %{build_hmac256}
|
echo building with build_hmac256 set to %{build_hmac256}
|
||||||
|
Loading…
Reference in New Issue
Block a user