forked from pool/libgcrypt
Accepting request 940468 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch OBS-URL: https://build.opensuse.org/request/show/940468 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=152
This commit is contained in:
parent
b49d3291e1
commit
ca014dcd4e
230
libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
Normal file
230
libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
Normal file
@ -0,0 +1,230 @@
|
||||
From d5bf106468e6c6b0f33b193abf04590e4e9fc011 Mon Sep 17 00:00:00 2001
|
||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Tue, 30 Nov 2021 22:04:16 +0200
|
||||
Subject: gcry_mpi_sub_ui: fix subtracting from negative value
|
||||
|
||||
* mpi/mpi-add.c (_gcry_mpi_sub_ui): Set output sign bit when 'u'
|
||||
is negative.
|
||||
* tests/mpitests.c (test_add): Additional tests for mpi_add_ui; Check
|
||||
test output and fail if output does not match expected.
|
||||
(test_sub): Additional tests for mpi_sub_ui; Check test output and fail
|
||||
if output does not match expected.
|
||||
(test_mul): Additional tests for mpi_mul_ui; Check test output and fail
|
||||
if output does not match expected.
|
||||
--
|
||||
|
||||
Reported-by: Guido Vranken <guidovranken@gmail.com>
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
---
|
||||
mpi/mpi-add.c | 1 +
|
||||
tests/mpitests.c | 119 ++++++++++++++++++++++++++++++++++++++++++++---
|
||||
2 files changed, 113 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/mpi/mpi-add.c b/mpi/mpi-add.c
|
||||
index 53f476e0..38dd352f 100644
|
||||
--- a/mpi/mpi-add.c
|
||||
+++ b/mpi/mpi-add.c
|
||||
@@ -191,6 +191,7 @@ _gcry_mpi_sub_ui(gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
|
||||
cy = _gcry_mpih_add_1(wp, up, usize, v);
|
||||
wp[usize] = cy;
|
||||
wsize = usize + cy;
|
||||
+ wsign = 1;
|
||||
}
|
||||
else { /* The signs are different. Need exact comparison to determine
|
||||
* which operand to subtract from which. */
|
||||
diff --git a/tests/mpitests.c b/tests/mpitests.c
|
||||
index 96e01551..48ea18b2 100644
|
||||
--- a/tests/mpitests.c
|
||||
+++ b/tests/mpitests.c
|
||||
@@ -378,7 +378,8 @@ test_add (void)
|
||||
gcry_mpi_t two;
|
||||
gcry_mpi_t ff;
|
||||
gcry_mpi_t result;
|
||||
- unsigned char* pc;
|
||||
+ gcry_mpi_t minusfive;
|
||||
+ char *pc;
|
||||
|
||||
gcry_mpi_scan(&one, GCRYMPI_FMT_USG, ones, sizeof(ones), NULL);
|
||||
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
|
||||
@@ -386,21 +387,47 @@ test_add (void)
|
||||
result = gcry_mpi_new(0);
|
||||
|
||||
gcry_mpi_add(result, one, two);
|
||||
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
if (debug)
|
||||
gcry_log_debug ("Result of one plus two:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "030303030303030303030303030303030303030303030303"
|
||||
+ "030303030303030303030303030303030303030303030303") != 0)
|
||||
+ fail ("mpi_add failed at line %d", __LINE__);
|
||||
gcry_free(pc);
|
||||
|
||||
gcry_mpi_add(result, ff, one);
|
||||
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
if (debug)
|
||||
gcry_log_debug ("Result of ff plus one:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "010101010101010101010101010101010101010101010101"
|
||||
+ "01010101010101010101010101010101010101010101010100") != 0)
|
||||
+ fail ("mpi_add failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_scan(&minusfive, GCRYMPI_FMT_HEX, "-5", 0, NULL);
|
||||
+ gcry_mpi_add_ui (result, minusfive, 2);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of minus five plus two:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "-03") != 0)
|
||||
+ fail ("mpi_add_ui failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_add_ui (result, result, 3);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of minus three plus three:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "00") != 0)
|
||||
+ fail ("mpi_add_ui failed at line %d", __LINE__);
|
||||
gcry_free(pc);
|
||||
|
||||
gcry_mpi_release(one);
|
||||
gcry_mpi_release(two);
|
||||
gcry_mpi_release(ff);
|
||||
gcry_mpi_release(result);
|
||||
+ gcry_mpi_release(minusfive);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -408,24 +435,76 @@ test_add (void)
|
||||
static int
|
||||
test_sub (void)
|
||||
{
|
||||
+ gcry_mpi_t zero;
|
||||
gcry_mpi_t one;
|
||||
gcry_mpi_t two;
|
||||
+ gcry_mpi_t five;
|
||||
gcry_mpi_t result;
|
||||
- unsigned char* pc;
|
||||
+ gcry_mpi_t minusfive;
|
||||
+ char *pc;
|
||||
|
||||
gcry_mpi_scan(&one, GCRYMPI_FMT_USG, ones, sizeof(ones), NULL);
|
||||
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
|
||||
result = gcry_mpi_new(0);
|
||||
gcry_mpi_sub(result, two, one);
|
||||
|
||||
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
if (debug)
|
||||
gcry_log_debug ("Result of two minus one:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "010101010101010101010101010101010101010101010101"
|
||||
+ "010101010101010101010101010101010101010101010101") != 0)
|
||||
+ fail ("mpi_sub failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ zero = gcry_mpi_new(0);
|
||||
+ five = gcry_mpi_new(0);
|
||||
+ minusfive = gcry_mpi_new(0);
|
||||
+ gcry_mpi_set_ui (zero, 0);
|
||||
+ gcry_mpi_set_ui (one, 1);
|
||||
+ gcry_mpi_set_ui (two, 2);
|
||||
+ gcry_mpi_set_ui (five, 5);
|
||||
+ gcry_mpi_sub (minusfive, zero, five);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, minusfive);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of zero minus five:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "-05") != 0)
|
||||
+ fail ("mpi_sub failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_sub_ui (result, five, 2);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of five minus two:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "03") != 0)
|
||||
+ fail ("mpi_sub_ui failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_sub_ui (result, one, 10);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of one minus ten:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "-09") != 0)
|
||||
+ fail ("mpi_sub_ui failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_sub_ui (result, minusfive, 2);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of minus five minus two:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "-07") != 0)
|
||||
+ fail ("mpi_sub_ui failed at line %d", __LINE__);
|
||||
gcry_free(pc);
|
||||
|
||||
gcry_mpi_release(one);
|
||||
gcry_mpi_release(two);
|
||||
gcry_mpi_release(result);
|
||||
+ gcry_mpi_release(zero);
|
||||
+ gcry_mpi_release(five);
|
||||
+ gcry_mpi_release(minusfive);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -436,21 +515,47 @@ test_mul (void)
|
||||
gcry_mpi_t two;
|
||||
gcry_mpi_t three;
|
||||
gcry_mpi_t result;
|
||||
- unsigned char* pc;
|
||||
+ gcry_mpi_t minusfive;
|
||||
+ char *pc;
|
||||
|
||||
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
|
||||
gcry_mpi_scan(&three, GCRYMPI_FMT_USG, threes, sizeof(threes), NULL);
|
||||
result = gcry_mpi_new(0);
|
||||
gcry_mpi_mul(result, two, three);
|
||||
|
||||
- gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
if (debug)
|
||||
gcry_log_debug ("Result of two mul three:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "060C12181E242A30363C42484E545A60666C72787E848A90"
|
||||
+ "969CA2A8AEB4BAC0C6CCD2D8DEE4EAF0F6FD03090F151B21"
|
||||
+ "1B150F0902FCF6F0EAE4DED8D2CCC6C0BAB4AEA8A29C9690"
|
||||
+ "8A847E78726C66605A544E48423C36302A241E18120C06") != 0)
|
||||
+ fail ("mpi_mul failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_scan(&minusfive, GCRYMPI_FMT_HEX, "-5", 0, NULL);
|
||||
+ gcry_mpi_mul_ui (result, minusfive, 3);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of minus five mul three:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "-0F") != 0)
|
||||
+ fail ("mpi_mul_ui failed at line %d", __LINE__);
|
||||
+ gcry_free(pc);
|
||||
+
|
||||
+ gcry_mpi_mul_ui (result, result, 0);
|
||||
+
|
||||
+ gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char **)&pc, NULL, result);
|
||||
+ if (debug)
|
||||
+ gcry_log_debug ("Result of minus fifteen mul zero:\n%s\n", pc);
|
||||
+ if (strcmp (pc, "00") != 0)
|
||||
+ fail ("mpi_mul_ui failed at line %d", __LINE__);
|
||||
gcry_free(pc);
|
||||
|
||||
gcry_mpi_release(two);
|
||||
gcry_mpi_release(three);
|
||||
gcry_mpi_release(result);
|
||||
+ gcry_mpi_release(minusfive);
|
||||
return 1;
|
||||
}
|
||||
|
||||
--
|
||||
2.33.1
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 7 09:41:01 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
|
||||
* gcry_mpi_sub_ui: fix subtracting from negative value
|
||||
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 23 12:08:24 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
@ -77,6 +77,8 @@ Patch28: libgcrypt-PCT-ECC.patch
|
||||
Patch29: libgcrypt-fips_selftest_trigger_file.patch
|
||||
#PATCH-FIX-SUSE bsc#1189745 The t-lock test is not build with phtread in gcc7, works in gcc11
|
||||
Patch30: libgcrypt-pthread-in-t-lock-test.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1193480 FIPS: gcry_mpi_sub_ui: fix subtracting from negative value
|
||||
Patch31: libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
|
||||
BuildRequires: automake >= 1.14
|
||||
BuildRequires: fipscheck
|
||||
BuildRequires: libgpg-error-devel >= 1.27
|
||||
|
Loading…
Reference in New Issue
Block a user