pool/libgcrypt
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae21839c90
libgcrypt/libgcrypt-fips_selftest_trigger_file.patch
Vítězslav Čížek 9a7cde5372 Accepting request 805624 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ 
- FIPS: libgcrypt: Double free in test_keys() on failed signature
  verification [bsc#1169944]
  * Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- Ship the FIPS checksum file in the shared library package and
  create a separate trigger file for the FIPS selftests (bsc#1169569)
  * add libgcrypt-fips_selftest_trigger_file.patch
  * refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
  by libgcrypt-global_init-constructor.patch

- FIPS: Verify that the generated signature and the original input
  differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
  assembling the Q point from affine coordinates.
- Refreshed patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
  * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

OBS-URL: https://build.opensuse.org/request/show/805624
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134
2020-05-14 15:39:34 +00:00

41 lines
1.0 KiB
Diff
Raw Blame History

Index: libgcrypt-1.8.2/src/fips.c
===================================================================
--- libgcrypt-1.8.2.orig/src/fips.c 2020-04-16 21:15:01.633217969 +0200
+++ libgcrypt-1.8.2/src/fips.c 2020-04-16 21:21:44.279376166 +0200
@@ -651,7 +651,7 @@ get_library_path(const char *libname, co
}
static gpg_error_t
-get_hmac_path(char **fname)
+get_hmac_path(char **fname, char *suffix)
{
char libpath[4096];
gpg_error_t err;
@@ -676,7 +676,7 @@ get_hmac_path(char **fname)
p = *fname;
memmove (p+1, p, strlen (p)+1);
*p = '.';
- strcat (*fname, ".hmac");
+ strcat (*fname, suffix);
err = 0;
}
}
@@ -708,7 +708,7 @@ check_binary_integrity (void)
else
{
FILE *fp;
- err = get_hmac_path(&fname);
+ err = get_hmac_path(&fname, ".hmac");
if (!err)
{
/* Open the file. */
@@ -769,7 +769,7 @@ can_skip_selftests(void)
if (fips_mode())
return 0;
- if (get_hmac_path(&fname))
+ if (get_hmac_path(&fname, ".fips"))
return 0;
/* check the hmac presence */
Reference in New Issue View Git Blame Copy Permalink