libgcrypt/libgcrypt-FIPS-rndjent_poll.patch

Index: libgcrypt-1.10.0/random/rndoldlinux.c
===================================================================
--- libgcrypt-1.10.0.orig/random/rndoldlinux.c
+++ libgcrypt-1.10.0/random/rndoldlinux.c
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
   volatile pid_t apid;
   int fd;
   int n;
-  byte buffer[768];
+  byte buffer[256];
   size_t n_hw;
   size_t want = length;
   size_t last_so_far = 0;
@@ -187,26 +187,43 @@ _gcry_rndoldlinux_gather_random (void (*
       my_pid = apid;
     }
 
+  if (fips_mode())
+    {
+      if (level >= GCRY_VERY_STRONG_RANDOM)
+        {
+          size_t n;
 
-  /* First read from a hardware source.  Note that _gcry_rndhw_poll_slow lets
-     it account only for up to 50% (or 25% for RDRAND) of the requested
-     bytes.  */
-  n_hw = _gcry_rndhw_poll_slow (add, origin, length);
-  if (length > 1)
-    length -= n_hw;
-
-  /* When using a blocking random generator try to get some entropy
-   * from the jitter based RNG.  In this case we take up to 50% of the
-   * remaining requested bytes.  */
-  if (level >= GCRY_VERY_STRONG_RANDOM)
-    {
-      n_hw = _gcry_rndjent_poll (add, origin, length/2);
-      if (n_hw > length/2)
-        n_hw = length/2;
+          n = _gcry_rndjent_poll (add, origin, length);
+          if (n == 0)
+            log_fatal ("unexpected error from rndjent: %s\n",
+                       strerror (errno));
+          if (n > length)
+            n = length;
+          if (length > 1)
+            length -= n;
+        }
+    }
+  else
+    {
+      /* First read from a hardware source.  Note that _gcry_rndhw_poll_slow lets
+         it account only for up to 50% (or 25% for RDRAND) of the requested
+         bytes.  */
+      n_hw = _gcry_rndhw_poll_slow (add, origin, length);
       if (length > 1)
         length -= n_hw;
-    }
 
+      /* When using a blocking random generator try to get some entropy
+       * from the jitter based RNG.  In this case we take up to 50% of the
+       * remaining requested bytes.  */
+      if (level >= GCRY_VERY_STRONG_RANDOM)
+        {
+          n_hw = _gcry_rndjent_poll (add, origin, length/2);
+          if (n_hw > length/2)
+            n_hw = length/2;
+          if (length > 1)
+            length -= n_hw;
+        }
+    }
 
   /* Open the requested device.  The first time a device is to be
      opened we fail with a fatal error if the device does not exists.
@@ -262,8 +279,6 @@ _gcry_rndoldlinux_gather_random (void (*
           do
             {
               nbytes = length < sizeof(buffer)? length : sizeof(buffer);
-              if (nbytes > 256)
-                nbytes = 256;
               _gcry_pre_syscall ();
               ret = getentropy (buffer, nbytes);
               _gcry_post_syscall ();
Index: libgcrypt-1.10.0/random/rndjent.c
===================================================================
--- libgcrypt-1.10.0.orig/random/rndjent.c
+++ libgcrypt-1.10.0/random/rndjent.c
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
       if (!jent_rng_is_initialized)
         {
           /* Auto-initialize.  */
-          jent_rng_is_initialized = 1;
           jent_entropy_collector_free (jent_rng_collector);
           jent_rng_collector = NULL;
           if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
             {
-              if (!jent_entropy_init ())
-                jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+              if (!jent_entropy_init_ex (1, 0))
+                {
+                  jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+                  jent_rng_is_initialized = 1;
+                }
+            }
+        }
+
+      if (!jent_rng_collector)
+        {
+          if (!jent_entropy_init_ex (1, 0))
+            {
+               jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+               jent_rng_is_initialized = 1;
             }
         }
Accepting request 1183811 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 1.11.0: * New and extended interfaces: - Add an API for Key Encapsulation Mechanism (KEM). [T6755] - Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5] - Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268] - Add Classic McEliece algorithm. [rC003367b912] - Add One-Step KDF with hash and MAC. [T5964] - Add KDF algorithm HKDF of RFC-5869. [T5964] - Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3] - Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4] - Add ARIA block cipher algorithm. [rC316c6d7715] - Add explicit FIPS indicators for MD and MAC algorithms. [T6376] - Add support for SHAKE as MGF in RSA. [T6557] - Add gcry_md_read support for SHAKE algorithms. [T6539] - Add gcry_md_hash_buffers_ext function. [T7035] - Add cSHAKE hash algorithm. [rC065b3f4e02] - Support internal generation of IV for AEAD cipher mode. [T4873] * Performance: - Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3] - Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1] - Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16] - Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006] - Add PowerPC vector implementation of SM4. [rC0b2da804ee] - Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006] - Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5] - Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4 and Camellia. [rCcf956793af] - Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f] - Add AVX2 and AVX512 accelerated implementations for GHASH (GCM) and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193] OBS-URL: https://build.opensuse.org/request/show/1183811 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=180 2024-06-28 09:08:29 +00:00			`Index: libgcrypt-1.10.0/random/rndoldlinux.c`
			`===================================================================`
			`--- libgcrypt-1.10.0.orig/random/rndoldlinux.c`
			`+++ libgcrypt-1.10.0/random/rndoldlinux.c`
			`@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*`
			`volatile pid_t apid;`
			`int fd;`
			`int n;`
			`- byte buffer[768];`
			`+ byte buffer[256];`
			`size_t n_hw;`
			`size_t want = length;`
			`size_t last_so_far = 0;`
			`@@ -187,26 +187,43 @@ _gcry_rndoldlinux_gather_random (void (*`
			`my_pid = apid;`
			`}`

			`+ if (fips_mode())`
			`+ {`
			`+ if (level >= GCRY_VERY_STRONG_RANDOM)`
			`+ {`
			`+ size_t n;`

			`- /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets`
			`- it account only for up to 50% (or 25% for RDRAND) of the requested`
			`- bytes. */`
			`- n_hw = _gcry_rndhw_poll_slow (add, origin, length);`
			`- if (length > 1)`
			`- length -= n_hw;`
			`-`
			`- /* When using a blocking random generator try to get some entropy`
			`- * from the jitter based RNG. In this case we take up to 50% of the`
			`- * remaining requested bytes. */`
			`- if (level >= GCRY_VERY_STRONG_RANDOM)`
			`- {`
			`- n_hw = _gcry_rndjent_poll (add, origin, length/2);`
			`- if (n_hw > length/2)`
			`- n_hw = length/2;`
			`+ n = _gcry_rndjent_poll (add, origin, length);`
			`+ if (n == 0)`
			`+ log_fatal ("unexpected error from rndjent: %s\n",`
			`+ strerror (errno));`
			`+ if (n > length)`
			`+ n = length;`
			`+ if (length > 1)`
			`+ length -= n;`
			`+ }`
			`+ }`
			`+ else`
			`+ {`
			`+ /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets`
			`+ it account only for up to 50% (or 25% for RDRAND) of the requested`
			`+ bytes. */`
			`+ n_hw = _gcry_rndhw_poll_slow (add, origin, length);`
			`if (length > 1)`
			`length -= n_hw;`
			`- }`

			`+ /* When using a blocking random generator try to get some entropy`
			`+ * from the jitter based RNG. In this case we take up to 50% of the`
			`+ * remaining requested bytes. */`
			`+ if (level >= GCRY_VERY_STRONG_RANDOM)`
			`+ {`
			`+ n_hw = _gcry_rndjent_poll (add, origin, length/2);`
			`+ if (n_hw > length/2)`
			`+ n_hw = length/2;`
			`+ if (length > 1)`
			`+ length -= n_hw;`
			`+ }`
			`+ }`

			`/* Open the requested device. The first time a device is to be`
			`opened we fail with a fatal error if the device does not exists.`
			`@@ -262,8 +279,6 @@ _gcry_rndoldlinux_gather_random (void (*`
			`do`
			`{`
			`nbytes = length < sizeof(buffer)? length : sizeof(buffer);`
			`- if (nbytes > 256)`
			`- nbytes = 256;`
			`_gcry_pre_syscall ();`
			`ret = getentropy (buffer, nbytes);`
			`_gcry_post_syscall ();`
			`Index: libgcrypt-1.10.0/random/rndjent.c`
			`===================================================================`
			`--- libgcrypt-1.10.0.orig/random/rndjent.c`
			`+++ libgcrypt-1.10.0/random/rndjent.c`
			`@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo`
			`if (!jent_rng_is_initialized)`
			`{`
			`/* Auto-initialize. */`
			`- jent_rng_is_initialized = 1;`
			`jent_entropy_collector_free (jent_rng_collector);`
			`jent_rng_collector = NULL;`
			`if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))`
			`{`
			`- if (!jent_entropy_init ())`
			`- jent_rng_collector = jent_entropy_collector_alloc (1, 0);`
			`+ if (!jent_entropy_init_ex (1, 0))`
			`+ {`
			`+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);`
			`+ jent_rng_is_initialized = 1;`
			`+ }`
			`+ }`
			`+ }`
			`+`
			`+ if (!jent_rng_collector)`
			`+ {`
			`+ if (!jent_entropy_init_ex (1, 0))`
			`+ {`
			`+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);`
			`+ jent_rng_is_initialized = 1;`
			`}`
			`}`