forked from pool/libgcrypt
Accepting request 868925 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.1 * *Fix exploitable bug* in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345] * Return an error if a negative MPI is used with sexp scan functions. * Check for operational FIPS in the random and KDF functions. * Fix compile error on ARMv7 with NEON disabled. * Fix self-test in KDF module. * Improve assembler checks for better LTO support. * Fix 32-bit cross build on x86. * Fix non-NEON ARM assembly implementation for SHA512. * Fix build problems with the cipher_bulk_ops_t typedef. * Fix Ed25519 private key handling for preceding ZEROs. * Fix overflow in modular inverse implementation. * Fix register access for AVX/AVX2 implementations of Blake2. * Add optimized cipher and hash functions for s390x/zSeries. * Use hardware bit counting functionx when available. * Update DSA functions to match FIPS 186-3. * New self-tests for CMACs and KDFs. * Add bulk cipher functions for OFB and GCM modes. - Update libgpg-error required version - Use the suffix variable correctly in get_hmac_path() - Rebase libgcrypt-fips_selftest_trigger_file.patch - Add the global config file /etc/gcrypt/random.conf * This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent. - Update to 1.9.0: OBS-URL: https://build.opensuse.org/request/show/868925 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142
This commit is contained in:
parent
a15018a4a1
commit
dea0435690
@ -1,7 +1,7 @@
|
|||||||
Index: libgcrypt-1.7.2/tests/drbg_test.c
|
Index: libgcrypt-1.9.0/tests/drbg_test.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
--- /dev/null
|
||||||
+++ libgcrypt-1.7.2/tests/drbg_test.c 2016-08-16 16:04:52.289060124 +0200
|
+++ libgcrypt-1.9.0/tests/drbg_test.c
|
||||||
@@ -0,0 +1,1332 @@
|
@@ -0,0 +1,1332 @@
|
||||||
+/* DRBG test for libgcrypt
|
+/* DRBG test for libgcrypt
|
||||||
+ Copyright (C) 2014 Stephan Mueller <smueller@chronox.de>
|
+ Copyright (C) 2014 Stephan Mueller <smueller@chronox.de>
|
||||||
@ -1335,11 +1335,26 @@ Index: libgcrypt-1.7.2/tests/drbg_test.c
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
Index: libgcrypt-1.7.2/Makefile.am
|
Index: libgcrypt-1.9.0/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.7.2.orig/Makefile.am 2016-08-16 15:57:43.397736723 +0200
|
--- libgcrypt-1.9.0.orig/Makefile.am
|
||||||
+++ libgcrypt-1.7.2/Makefile.am 2016-08-16 15:57:44.341752563 +0200
|
+++ libgcrypt-1.9.0/Makefile.am
|
||||||
@@ -42,6 +42,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
|
@@ -39,6 +39,14 @@ else
|
||||||
|
doc =
|
||||||
|
endif
|
||||||
|
|
||||||
|
+bin_PROGRAMS = fipsdrv drbg_test
|
||||||
|
+
|
||||||
|
+fipsdrv_SOURCES = tests/fipsdrv.c
|
||||||
|
+fipsdrv_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||||
|
+
|
||||||
|
+drbg_test_CPPFLAGS = -I../src -I$(top_srcdir)/src
|
||||||
|
+drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
|
||||||
|
+drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||||
|
|
||||||
|
DIST_SUBDIRS = m4 compat mpi cipher random src doc tests
|
||||||
|
SUBDIRS = compat mpi cipher random src $(doc) tests
|
||||||
|
@@ -51,6 +59,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
|
||||||
|
|
||||||
DISTCLEANFILES =
|
DISTCLEANFILES =
|
||||||
|
|
||||||
@ -1352,5 +1367,5 @@ Index: libgcrypt-1.7.2/Makefile.am
|
|||||||
+drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
|
+drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
|
||||||
+drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
+drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||||
|
|
||||||
# Add all the files listed in "distfiles" files to the distribution,
|
# Add all the files listed in "distfiles" files to the distribution
|
||||||
# apply version number s to some files and create a VERSION file which
|
dist-hook: gen-ChangeLog
|
||||||
|
@ -1,16 +1,17 @@
|
|||||||
Index: libgcrypt-1.8.3/cipher/Makefile.am
|
Index: libgcrypt-1.9.0/cipher/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.3.orig/cipher/Makefile.am
|
--- libgcrypt-1.9.0.orig/cipher/Makefile.am
|
||||||
+++ libgcrypt-1.8.3/cipher/Makefile.am
|
+++ libgcrypt-1.9.0/cipher/Makefile.am
|
||||||
@@ -128,3 +128,11 @@ tiger.o: $(srcdir)/tiger.c
|
@@ -155,6 +155,12 @@ tiger.o: $(srcdir)/tiger.c Makefile
|
||||||
|
tiger.lo: $(srcdir)/tiger.c Makefile
|
||||||
|
`echo $(LTCOMPILE) -c $< | $(o_flag_munging) `
|
||||||
|
|
||||||
tiger.lo: $(srcdir)/tiger.c
|
|
||||||
`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
|
|
||||||
+
|
|
||||||
+# rijndael.c needs -fno-strict-aliasing
|
+# rijndael.c needs -fno-strict-aliasing
|
||||||
+rijndael.o: $(srcdir)/rijndael.c
|
+rijndael.o: $(srcdir)/rijndael.c
|
||||||
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
|
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
|
||||||
+
|
+
|
||||||
+rijndael.lo: $(srcdir)/rijndael.c
|
+rijndael.lo: $(srcdir)/rijndael.c
|
||||||
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
|
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
|
||||||
+
|
|
||||||
|
# We need to disable instrumentation for these modules as they use cc as
|
||||||
|
# thin assembly front-end and do not tolerate in-between function calls
|
||||||
|
@ -17,7 +17,7 @@ Index: libgcrypt-1.5.2/src/fips.c
|
|||||||
+
|
+
|
||||||
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
|
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
|
||||||
+ {
|
+ {
|
||||||
+ gcry_assert (!no_fips_mode_required);
|
+ gcry_assert (!_gcry_no_fips_mode_required);
|
||||||
+ goto leave;
|
+ goto leave;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
|
@ -1,85 +0,0 @@
|
|||||||
Index: libgcrypt-1.8.4/random/rndlinux.c
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.8.4.orig/random/rndlinux.c
|
|
||||||
+++ libgcrypt-1.8.4/random/rndlinux.c
|
|
||||||
@@ -40,7 +40,9 @@
|
|
||||||
#include "g10lib.h"
|
|
||||||
#include "rand-internal.h"
|
|
||||||
|
|
||||||
-static int open_device (const char *name, int retry);
|
|
||||||
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
|
||||||
+
|
|
||||||
+static int open_device (const char *name, int retry, int fatal);
|
|
||||||
|
|
||||||
|
|
||||||
static int
|
|
||||||
@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
|
|
||||||
* a fatal error but retries until it is able to reopen the device.
|
|
||||||
*/
|
|
||||||
static int
|
|
||||||
-open_device (const char *name, int retry)
|
|
||||||
+open_device (const char *name, int retry, int fatal)
|
|
||||||
{
|
|
||||||
int fd;
|
|
||||||
|
|
||||||
@@ -71,6 +73,8 @@ open_device (const char *name, int retry
|
|
||||||
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
|
||||||
again:
|
|
||||||
fd = open (name, O_RDONLY);
|
|
||||||
+ if (fd == -1 && !fatal)
|
|
||||||
+ return fd;
|
|
||||||
if (fd == -1 && retry)
|
|
||||||
{
|
|
||||||
struct timeval tv;
|
|
||||||
@@ -116,6 +120,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
{
|
|
||||||
static int fd_urandom = -1;
|
|
||||||
static int fd_random = -1;
|
|
||||||
+ static int fd_configured = -1;
|
|
||||||
static int only_urandom = -1;
|
|
||||||
static unsigned char ever_opened;
|
|
||||||
static volatile pid_t my_pid; /* The volatile is there to make sure
|
|
||||||
@@ -156,6 +161,11 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
close (fd_urandom);
|
|
||||||
fd_urandom = -1;
|
|
||||||
}
|
|
||||||
+ if (fd_configured != -1)
|
|
||||||
+ {
|
|
||||||
+ close (fd_configured);
|
|
||||||
+ fd_configured = -1;
|
|
||||||
+ }
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -215,11 +225,21 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
that we always require the device to be existent but want a more
|
|
||||||
graceful behaviour if the rarely needed close operation has been
|
|
||||||
used and the device needs to be re-opened later. */
|
|
||||||
+
|
|
||||||
+ if (level == -1)
|
|
||||||
+ {
|
|
||||||
+ if (fd_configured == -1)
|
|
||||||
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
|
|
||||||
+ fd = fd_configured;
|
|
||||||
+ if (fd == -1)
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
|
|
||||||
{
|
|
||||||
if (fd_random == -1)
|
|
||||||
{
|
|
||||||
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
|
||||||
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
|
||||||
ever_opened |= 1;
|
|
||||||
}
|
|
||||||
fd = fd_random;
|
|
||||||
@@ -228,7 +248,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
{
|
|
||||||
if (fd_urandom == -1)
|
|
||||||
{
|
|
||||||
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
|
||||||
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
|
||||||
ever_opened |= 2;
|
|
||||||
}
|
|
||||||
fd = fd_urandom;
|
|
@ -3,27 +3,15 @@
|
|||||||
src/fips.c | 39 ++++++++++++++++++++++++++++++++-------
|
src/fips.c | 39 ++++++++++++++++++++++++++++++++-------
|
||||||
2 files changed, 33 insertions(+), 8 deletions(-)
|
2 files changed, 33 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
Index: libgcrypt-1.6.2/src/Makefile.in
|
Index: libgcrypt-1.9.0/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.6.2.orig/src/Makefile.in 2014-11-05 20:33:18.000000000 +0000
|
--- libgcrypt-1.9.0.orig/src/fips.c
|
||||||
+++ libgcrypt-1.6.2/src/Makefile.in 2014-11-05 20:34:04.000000000 +0000
|
+++ libgcrypt-1.9.0/src/fips.c
|
||||||
@@ -449,7 +449,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
@@ -603,23 +603,49 @@ run_random_selftests (void)
|
||||||
../cipher/libcipher.la \
|
|
||||||
../random/librandom.la \
|
|
||||||
../mpi/libmpi.la \
|
|
||||||
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
|
||||||
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
|
|
||||||
|
|
||||||
dumpsexp_SOURCES = dumpsexp.c
|
|
||||||
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
|
|
||||||
Index: libgcrypt-1.6.2/src/fips.c
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.6.2.orig/src/fips.c 2014-11-05 20:33:18.000000000 +0000
|
|
||||||
+++ libgcrypt-1.6.2/src/fips.c 2014-11-05 20:34:04.000000000 +0000
|
|
||||||
@@ -589,23 +589,48 @@ run_random_selftests (void)
|
|
||||||
return !!err;
|
return !!err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
+#ifdef ENABLE_HMAC_BINARY_CHECK
|
||||||
+static int
|
+static int
|
||||||
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
|
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
|
||||||
+{
|
+{
|
||||||
@ -31,23 +19,23 @@ Index: libgcrypt-1.6.2/src/fips.c
|
|||||||
+ void *dl, *sym;
|
+ void *dl, *sym;
|
||||||
+ int rv = -1;
|
+ int rv = -1;
|
||||||
+
|
+
|
||||||
+ dl = dlopen(libname, RTLD_LAZY);
|
+ dl = dlopen(libname, RTLD_LAZY);
|
||||||
+ if (dl == NULL) {
|
+ if (dl == NULL)
|
||||||
+ return -1;
|
+ return -1;
|
||||||
+ }
|
|
||||||
+
|
+
|
||||||
+ sym = dlsym(dl, symbolname);
|
+ sym = dlsym(dl, symbolname);
|
||||||
|
+ if (sym != NULL && dladdr(sym, &info))
|
||||||
|
+ {
|
||||||
|
+ strncpy(path, info.dli_fname, pathlen-1);
|
||||||
|
+ path[pathlen-1] = '\0';
|
||||||
|
+ rv = 0;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ if (sym != NULL && dladdr(sym, &info)) {
|
+ dlclose(dl);
|
||||||
+ strncpy(path, info.dli_fname, pathlen-1);
|
|
||||||
+ path[pathlen-1] = '\0';
|
|
||||||
+ rv = 0;
|
|
||||||
+ }
|
|
||||||
+
|
+
|
||||||
+ dlclose(dl);
|
|
||||||
+
|
|
||||||
+ return rv;
|
+ return rv;
|
||||||
+}
|
+}
|
||||||
|
+#endif
|
||||||
+
|
+
|
||||||
/* Run an integrity check on the binary. Returns 0 on success. */
|
/* Run an integrity check on the binary. Returns 0 on success. */
|
||||||
static int
|
static int
|
||||||
@ -61,10 +49,9 @@ Index: libgcrypt-1.6.2/src/fips.c
|
|||||||
int dlen;
|
int dlen;
|
||||||
char *fname = NULL;
|
char *fname = NULL;
|
||||||
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
|
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
|
||||||
-
|
|
||||||
- if (!dladdr ("gcry_check_version", &info))
|
|
||||||
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||||
+
|
|
||||||
|
- if (!dladdr ("gcry_check_version", &info))
|
||||||
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
|
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
else
|
else
|
||||||
@ -74,7 +61,7 @@ Index: libgcrypt-1.6.2/src/fips.c
|
|||||||
key, strlen (key));
|
key, strlen (key));
|
||||||
if (dlen < 0)
|
if (dlen < 0)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
@@ -613,7 +638,7 @@ check_binary_integrity (void)
|
@@ -627,7 +652,7 @@ check_binary_integrity (void)
|
||||||
err = gpg_error (GPG_ERR_INTERNAL);
|
err = gpg_error (GPG_ERR_INTERNAL);
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -83,7 +70,7 @@ Index: libgcrypt-1.6.2/src/fips.c
|
|||||||
if (!fname)
|
if (!fname)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
else
|
else
|
||||||
@@ -622,7 +647,7 @@ check_binary_integrity (void)
|
@@ -636,7 +661,7 @@ check_binary_integrity (void)
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
/* Prefix the basename with a dot. */
|
/* Prefix the basename with a dot. */
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
Index: libgcrypt-1.8.4/cipher/md.c
|
Index: libgcrypt-1.9.0/cipher/md.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/cipher/md.c 2019-03-25 16:58:52.844354398 +0100
|
--- libgcrypt-1.9.0.orig/cipher/md.c
|
||||||
+++ libgcrypt-1.8.4/cipher/md.c 2019-03-25 16:58:53.512358321 +0100
|
+++ libgcrypt-1.9.0/cipher/md.c
|
||||||
@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith
|
@@ -564,11 +564,8 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||||
|
|
||||||
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
||||||
{
|
{
|
||||||
@ -14,14 +14,15 @@ Index: libgcrypt-1.8.4/cipher/md.c
|
|||||||
err = GPG_ERR_DIGEST_ALGO;
|
err = GPG_ERR_DIGEST_ALGO;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Index: libgcrypt-1.8.4/src/fips.c
|
Index: libgcrypt-1.9.0/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/src/fips.c 2019-03-25 16:58:52.844354398 +0100
|
--- libgcrypt-1.9.0.orig/src/fips.c
|
||||||
+++ libgcrypt-1.8.4/src/fips.c 2019-03-25 16:58:53.516358344 +0100
|
+++ libgcrypt-1.9.0/src/fips.c
|
||||||
@@ -91,6 +91,31 @@ static void fips_new_state (enum module_
|
@@ -90,7 +90,31 @@ static void fips_new_state (enum module_
|
||||||
|
#define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p))
|
||||||
|
|
||||||
|
|
||||||
|
-
|
||||||
+/* Initialize the FSM lock - this function may only
|
+/* Initialize the FSM lock - this function may only
|
||||||
+ be called once and is intended to be run from the library
|
+ be called once and is intended to be run from the library
|
||||||
+ constructor */
|
+ constructor */
|
||||||
@ -46,11 +47,11 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
+ abort ();
|
+ abort ();
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
/* Check whether the OS is in FIPS mode and record that in a module
|
/* Check whether the OS is in FIPS mode and record that in a module
|
||||||
local variable. If FORCE is passed as true, fips mode will be
|
local variable. If FORCE is passed as true, fips mode will be
|
||||||
enabled anyway. Note: This function is not thread-safe and should
|
enabled anyway. Note: This function is not thread-safe and should
|
||||||
@@ -100,7 +125,6 @@ void
|
@@ -100,7 +124,6 @@ void
|
||||||
_gcry_initialize_fips_mode (int force)
|
_gcry_initialize_fips_mode (int force)
|
||||||
{
|
{
|
||||||
static int done;
|
static int done;
|
||||||
@ -58,7 +59,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
|
|
||||||
/* Make sure we are not accidentally called twice. */
|
/* Make sure we are not accidentally called twice. */
|
||||||
if (done)
|
if (done)
|
||||||
@@ -190,24 +214,6 @@ _gcry_initialize_fips_mode (int force)
|
@@ -190,24 +213,6 @@ _gcry_initialize_fips_mode (int force)
|
||||||
/* Yes, we are in FIPS mode. */
|
/* Yes, we are in FIPS mode. */
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
|
||||||
@ -83,7 +84,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
/* If the FIPS force files exists, is readable and has a number
|
/* If the FIPS force files exists, is readable and has a number
|
||||||
!= 0 on its first line, we enable the enforced fips mode. */
|
!= 0 on its first line, we enable the enforced fips mode. */
|
||||||
fp = fopen (FIPS_FORCE_FILE, "r");
|
fp = fopen (FIPS_FORCE_FILE, "r");
|
||||||
@@ -370,16 +376,20 @@ _gcry_fips_is_operational (void)
|
@@ -356,16 +361,20 @@ _gcry_fips_is_operational (void)
|
||||||
{
|
{
|
||||||
int result;
|
int result;
|
||||||
|
|
||||||
@ -92,7 +93,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
+ if (current_state == STATE_POWERON && !fips_mode ())
|
+ if (current_state == STATE_POWERON && !fips_mode ())
|
||||||
+ /* If we are at this point in POWERON state it means the FIPS
|
+ /* If we are at this point in POWERON state it means the FIPS
|
||||||
+ module installation was not completed. (/etc/system-fips
|
+ module installation was not completed. (/etc/system-fips
|
||||||
+ is not present.) */
|
+ is not present.) */
|
||||||
result = 1;
|
result = 1;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -110,7 +111,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
initialization of libgcrypt, but that has traditionally
|
initialization of libgcrypt, but that has traditionally
|
||||||
not been enforced, we use this on demand self-test
|
not been enforced, we use this on demand self-test
|
||||||
checking. Note that Proper applications would do the
|
checking. Note that Proper applications would do the
|
||||||
@@ -395,9 +405,11 @@ _gcry_fips_is_operational (void)
|
@@ -381,9 +390,11 @@ _gcry_fips_is_operational (void)
|
||||||
lock_fsm ();
|
lock_fsm ();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -124,7 +125,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -722,9 +734,25 @@ _gcry_fips_run_selftests (int extended)
|
@@ -729,9 +740,25 @@ _gcry_fips_run_selftests (int extended)
|
||||||
{
|
{
|
||||||
enum module_states result = STATE_ERROR;
|
enum module_states result = STATE_ERROR;
|
||||||
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
||||||
@ -152,14 +153,17 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
|
|
||||||
if (run_cipher_selftests (extended))
|
if (run_cipher_selftests (extended))
|
||||||
goto leave;
|
goto leave;
|
||||||
@@ -743,18 +771,12 @@ _gcry_fips_run_selftests (int extended)
|
@@ -753,21 +780,12 @@ _gcry_fips_run_selftests (int extended)
|
||||||
if (run_pubkey_selftests (extended))
|
if (run_pubkey_selftests (extended))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
- /* Now check the integrity of the binary. We do this this after
|
- if (fips_mode ())
|
||||||
- having checked the HMAC code. */
|
- {
|
||||||
- if (check_binary_integrity ())
|
- /* Now check the integrity of the binary. We do this this after
|
||||||
- goto leave;
|
- having checked the HMAC code. */
|
||||||
|
- if (check_binary_integrity ())
|
||||||
|
- goto leave;
|
||||||
|
- }
|
||||||
-
|
-
|
||||||
/* All selftests passed. */
|
/* All selftests passed. */
|
||||||
result = STATE_OPERATIONAL;
|
result = STATE_OPERATIONAL;
|
||||||
@ -172,7 +176,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
|
|
||||||
return ec;
|
return ec;
|
||||||
}
|
}
|
||||||
@@ -810,6 +832,7 @@ fips_new_state (enum module_states new_s
|
@@ -823,6 +841,7 @@ fips_new_state (enum module_states new_s
|
||||||
{
|
{
|
||||||
case STATE_POWERON:
|
case STATE_POWERON:
|
||||||
if (new_state == STATE_INIT
|
if (new_state == STATE_INIT
|
||||||
@ -180,7 +184,7 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
|| new_state == STATE_ERROR
|
|| new_state == STATE_ERROR
|
||||||
|| new_state == STATE_FATALERROR)
|
|| new_state == STATE_FATALERROR)
|
||||||
ok = 1;
|
ok = 1;
|
||||||
@@ -824,6 +847,8 @@ fips_new_state (enum module_states new_s
|
@@ -837,6 +856,8 @@ fips_new_state (enum module_states new_s
|
||||||
|
|
||||||
case STATE_SELFTEST:
|
case STATE_SELFTEST:
|
||||||
if (new_state == STATE_OPERATIONAL
|
if (new_state == STATE_OPERATIONAL
|
||||||
@ -189,11 +193,11 @@ Index: libgcrypt-1.8.4/src/fips.c
|
|||||||
|| new_state == STATE_ERROR
|
|| new_state == STATE_ERROR
|
||||||
|| new_state == STATE_FATALERROR)
|
|| new_state == STATE_FATALERROR)
|
||||||
ok = 1;
|
ok = 1;
|
||||||
Index: libgcrypt-1.8.4/src/global.c
|
Index: libgcrypt-1.9.0/src/global.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/src/global.c 2019-03-25 16:58:52.844354398 +0100
|
--- libgcrypt-1.9.0.orig/src/global.c
|
||||||
+++ libgcrypt-1.8.4/src/global.c 2019-03-25 16:58:53.516358344 +0100
|
+++ libgcrypt-1.9.0/src/global.c
|
||||||
@@ -145,6 +145,29 @@ global_init (void)
|
@@ -141,6 +141,29 @@ global_init (void)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -223,38 +227,40 @@ Index: libgcrypt-1.8.4/src/global.c
|
|||||||
/* This function is called by the macro fips_is_operational and makes
|
/* This function is called by the macro fips_is_operational and makes
|
||||||
sure that the minimal initialization has been done. This is far
|
sure that the minimal initialization has been done. This is far
|
||||||
from a perfect solution and hides problems with an improper
|
from a perfect solution and hides problems with an improper
|
||||||
@@ -675,8 +698,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
@@ -672,9 +695,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
|
|
||||||
case GCRYCTL_FIPS_MODE_P:
|
case GCRYCTL_FIPS_MODE_P:
|
||||||
if (fips_mode ()
|
if (fips_mode ()
|
||||||
- && !_gcry_is_fips_mode_inactive ()
|
- && !_gcry_is_fips_mode_inactive ()
|
||||||
- && !no_secure_memory)
|
- && !no_secure_memory)
|
||||||
|
- rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
||||||
+ && !_gcry_is_fips_mode_inactive ())
|
+ && !_gcry_is_fips_mode_inactive ())
|
||||||
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
+ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -753,9 +775,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
case GCRYCTL_FORCE_FIPS_MODE:
|
||||||
|
@@ -750,9 +772,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
||||||
- if (!any_init_done)
|
- if (!_gcry_global_any_init_done)
|
||||||
+ if (fips_mode ())
|
+ if (fips_mode())
|
||||||
{
|
{
|
||||||
- /* Not yet initialized at all. Set the enforced fips mode flag */
|
- /* Not yet initialized at all. Set the enforced fips mode flag */
|
||||||
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
|
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
|
||||||
_gcry_set_preferred_rng_type (0);
|
_gcry_set_preferred_rng_type (0);
|
||||||
_gcry_set_enforced_fips_mode ();
|
_gcry_set_enforced_fips_mode ();
|
||||||
}
|
}
|
||||||
Index: libgcrypt-1.8.4/src/g10lib.h
|
Index: libgcrypt-1.9.0/src/g10lib.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/src/g10lib.h 2019-03-25 16:58:52.844354398 +0100
|
--- libgcrypt-1.9.0.orig/src/g10lib.h
|
||||||
+++ libgcrypt-1.8.4/src/g10lib.h 2019-03-25 16:58:53.516358344 +0100
|
+++ libgcrypt-1.9.0/src/g10lib.h
|
||||||
@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
@@ -429,6 +429,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
||||||
|
|
||||||
/*-- fips.c --*/
|
extern int _gcry_no_fips_mode_required;
|
||||||
|
|
||||||
+void _gcry_initialize_fsm_lock (void);
|
+void _gcry_initialize_fsm_lock (void);
|
||||||
+
|
+
|
||||||
void _gcry_initialize_fips_mode (int force);
|
void _gcry_initialize_fips_mode (int force);
|
||||||
|
|
||||||
int _gcry_fips_mode (void);
|
/* This macro returns true if fips mode is enabled. This is
|
||||||
|
@ -1,33 +1,32 @@
|
|||||||
Index: libgcrypt-1.8.2/cipher/dsa.c
|
Index: libgcrypt-1.9.1/cipher/dsa.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/dsa.c
|
--- libgcrypt-1.9.1.orig/cipher/dsa.c
|
||||||
+++ libgcrypt-1.8.2/cipher/dsa.c
|
+++ libgcrypt-1.9.1/cipher/dsa.c
|
||||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||||
&prime_q, &prime_p,
|
&prime_q, &prime_p,
|
||||||
r_counter,
|
r_counter,
|
||||||
r_seed, r_seedlen);
|
r_seed, r_seedlen);
|
||||||
- else
|
- else
|
||||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
|
||||||
+ else if (!domain->p || !domain->q)
|
+ else if (!domain->p || !domain->q)
|
||||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||||
+ initial_seed.seed,
|
initial_seed.seed,
|
||||||
+ initial_seed.seedlen,
|
initial_seed.seedlen,
|
||||||
&prime_q, &prime_p,
|
&prime_q, &prime_p,
|
||||||
r_counter,
|
r_counter,
|
||||||
r_seed, r_seedlen, NULL);
|
r_seed, r_seedlen, NULL);
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ /* Domain parameters p and q are given; use them. */
|
+ /* Domain parameters p and q are given; use them. */
|
||||||
+ prime_p = mpi_copy (domain->p);
|
+ prime_p = mpi_copy (domain->p);
|
||||||
+ prime_q = mpi_copy (domain->q);
|
+ prime_q = mpi_copy (domain->q);
|
||||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||||
+ ec = 0;
|
+ ec = 0;
|
||||||
+ }
|
+ }
|
||||||
sexp_release (initial_seed.sexp);
|
sexp_release (initial_seed.sexp);
|
||||||
if (ec)
|
if (ec)
|
||||||
goto leave;
|
goto leave;
|
||||||
@@ -857,13 +868,12 @@ dsa_generate (const gcry_sexp_t genparms
|
@@ -859,13 +868,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||||
sexp_release (l1);
|
sexp_release (l1);
|
||||||
sexp_release (domainsexp);
|
sexp_release (domainsexp);
|
||||||
|
|
||||||
@ -43,15 +42,15 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
|
|||||||
return GPG_ERR_MISSING_VALUE;
|
return GPG_ERR_MISSING_VALUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
Index: libgcrypt-1.8.2/cipher/rsa.c
|
Index: libgcrypt-1.9.1/cipher/rsa.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/rsa.c
|
--- libgcrypt-1.9.1.orig/cipher/rsa.c
|
||||||
+++ libgcrypt-1.8.2/cipher/rsa.c
|
+++ libgcrypt-1.9.1/cipher/rsa.c
|
||||||
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
||||||
|
|
||||||
if (nbits < 1024 || (nbits & 0x1FF))
|
if (nbits < 1024 || (nbits & 0x1FF))
|
||||||
return GPG_ERR_INV_VALUE;
|
return GPG_ERR_INV_VALUE;
|
||||||
- if (fips_mode() && nbits != 2048 && nbits != 3072)
|
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
||||||
+ if (fips_mode() && nbits < 2048)
|
+ if (fips_mode() && nbits < 2048)
|
||||||
return GPG_ERR_INV_VALUE;
|
return GPG_ERR_INV_VALUE;
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Index: libgcrypt-1.8.4/random/random-csprng.c
|
Index: libgcrypt-1.9.1/random/random-csprng.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/random/random-csprng.c
|
--- libgcrypt-1.9.1.orig/random/random-csprng.c
|
||||||
+++ libgcrypt-1.8.4/random/random-csprng.c
|
+++ libgcrypt-1.9.1/random/random-csprng.c
|
||||||
@@ -55,6 +55,10 @@
|
@@ -55,6 +55,10 @@
|
||||||
#ifdef __MINGW32__
|
#ifdef __MINGW32__
|
||||||
#include <process.h>
|
#include <process.h>
|
||||||
@ -13,7 +13,7 @@ Index: libgcrypt-1.8.4/random/random-csprng.c
|
|||||||
#include "g10lib.h"
|
#include "g10lib.h"
|
||||||
#include "random.h"
|
#include "random.h"
|
||||||
#include "rand-internal.h"
|
#include "rand-internal.h"
|
||||||
@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
|
@@ -1202,6 +1206,22 @@ getfnc_gather_random (void))(void (*)(co
|
||||||
enum random_origins, size_t, int);
|
enum random_origins, size_t, int);
|
||||||
|
|
||||||
#if USE_RNDLINUX
|
#if USE_RNDLINUX
|
||||||
@ -31,39 +31,69 @@ Index: libgcrypt-1.8.4/random/random-csprng.c
|
|||||||
+ return fnc;
|
+ return fnc;
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
+#endif
|
+#endif
|
||||||
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
||||||
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
||||||
{
|
{
|
||||||
Index: libgcrypt-1.8.4/random/random.c
|
Index: libgcrypt-1.9.1/random/random.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/random/random.c
|
--- libgcrypt-1.9.1.orig/random/random.c
|
||||||
+++ libgcrypt-1.8.4/random/random.c
|
+++ libgcrypt-1.9.1/random/random.c
|
||||||
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
||||||
unsigned int result = 0;
|
unsigned int result = 0;
|
||||||
|
|
||||||
fp = fopen (fname, "r");
|
fp = fopen (fname, "r");
|
||||||
- if (!fp)
|
- if (!fp)
|
||||||
- return result;
|
- return result;
|
||||||
+ if (!fp) /* We make only_urandom the default. */
|
+ if (!fp) /* We make only_urandom the default. */
|
||||||
+ return RANDOM_CONF_ONLY_URANDOM;
|
+ return RANDOM_CONF_ONLY_URANDOM;
|
||||||
|
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
Index: libgcrypt-1.8.4/random/rndlinux.c
|
Index: libgcrypt-1.9.1/random/rndlinux.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.4.orig/random/rndlinux.c
|
--- libgcrypt-1.9.1.orig/random/rndlinux.c
|
||||||
+++ libgcrypt-1.8.4/random/rndlinux.c
|
+++ libgcrypt-1.9.1/random/rndlinux.c
|
||||||
@@ -34,6 +34,7 @@
|
@@ -39,6 +39,7 @@ extern int getentropy (void *buf, size_t
|
||||||
#include <fcntl.h>
|
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
#ifdef HAVE_SYSCALL
|
||||||
# include <sys/syscall.h>
|
# include <sys/syscall.h>
|
||||||
+# include <linux/random.h>
|
+# include <linux/random.h>
|
||||||
#endif
|
# ifdef __NR_getrandom
|
||||||
|
# define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
|
||||||
#include "types.h"
|
# endif
|
||||||
@@ -248,6 +249,18 @@ _gcry_rndlinux_gather_random (void (*add
|
@@ -155,12 +156,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
if (!add)
|
||||||
|
{
|
||||||
|
/* Special mode to close the descriptors. */
|
||||||
|
- if (fd_random != -1)
|
||||||
|
+ if (fd_random >= 0)
|
||||||
|
{
|
||||||
|
close (fd_random);
|
||||||
|
fd_random = -1;
|
||||||
|
}
|
||||||
|
- if (fd_urandom != -1)
|
||||||
|
+ if (fd_urandom >= 0)
|
||||||
|
{
|
||||||
|
close (fd_urandom);
|
||||||
|
fd_urandom = -1;
|
||||||
|
@@ -176,12 +177,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
apid = getpid ();
|
||||||
|
if (my_pid != apid)
|
||||||
|
{
|
||||||
|
- if (fd_random != -1)
|
||||||
|
+ if (fd_random >= 0)
|
||||||
|
{
|
||||||
|
close (fd_random);
|
||||||
|
fd_random = -1;
|
||||||
|
}
|
||||||
|
- if (fd_urandom != -1)
|
||||||
|
+ if (fd_urandom >= 0)
|
||||||
|
{
|
||||||
|
close (fd_urandom);
|
||||||
|
fd_urandom = -1;
|
||||||
|
@@ -230,6 +231,17 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
{
|
{
|
||||||
if (fd_urandom == -1)
|
if (fd_urandom == -1)
|
||||||
{
|
{
|
||||||
@ -76,28 +106,19 @@ Index: libgcrypt-1.8.4/random/rndlinux.c
|
|||||||
+ _gcry_post_syscall ();
|
+ _gcry_post_syscall ();
|
||||||
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
||||||
+ fd_urandom = -2;
|
+ fd_urandom = -2;
|
||||||
+ else
|
+ else /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
|
||||||
+#endif
|
+#endif
|
||||||
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||||
ever_opened |= 2;
|
ever_opened |= 2;
|
||||||
}
|
}
|
||||||
@@ -275,6 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
|
@@ -272,9 +284,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
* syscall and not a new device and thus we are not able to use
|
|
||||||
* select(2) to have a timeout. */
|
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
+ if (fd == -2)
|
|
||||||
{
|
|
||||||
long ret;
|
|
||||||
size_t nbytes;
|
|
||||||
@@ -290,9 +304,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
_gcry_post_syscall ();
|
_gcry_post_syscall ();
|
||||||
}
|
}
|
||||||
while (ret == -1 && errno == EINTR);
|
while (ret == -1 && errno == EINTR);
|
||||||
- if (ret == -1 && errno == ENOSYS)
|
- if (ret == -1 && errno == ENOSYS)
|
||||||
- ; /* The syscall is not supported - fallback to pulling from fd. */
|
- ; /* getentropy is not supported - fallback to pulling from fd. */
|
||||||
- else
|
- else
|
||||||
+ if (1)
|
+ if (1)
|
||||||
{ /* The syscall is supported. Some sanity checks. */
|
{ /* getentropy is supported. Some sanity checks. */
|
||||||
if (ret == -1)
|
if (ret == -1)
|
||||||
log_fatal ("unexpected error from getrandom: %s\n",
|
log_fatal ("unexpected error from getentropy: %s\n",
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748
|
|
||||||
size 2985660
|
|
Binary file not shown.
3
libgcrypt-1.9.1.tar.bz2
Normal file
3
libgcrypt-1.9.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:c5a67a8b9b2bd370fb415ed1ee31c7172e5683076493cf4a3678a0fbdf0265d9
|
||||||
|
size 3202683
|
BIN
libgcrypt-1.9.1.tar.bz2.sig
Normal file
BIN
libgcrypt-1.9.1.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,322 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.3/cipher/cipher-cmac.c.cmac-selftest libgcrypt-1.8.3/cipher/cipher-cmac.c
|
|
||||||
--- libgcrypt-1.8.3/cipher/cipher-cmac.c.cmac-selftest 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/cipher/cipher-cmac.c 2019-05-31 17:33:35.594407152 +0200
|
|
||||||
@@ -251,3 +251,246 @@ _gcry_cipher_cmac_set_subkeys (gcry_ciph
|
|
||||||
|
|
||||||
return GPG_ERR_NO_ERROR;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+/* CMAC selftests.
|
|
||||||
+ * Copyright (C) 2008 Free Software Foundation, Inc.
|
|
||||||
+ * Copyright (C) 2019 Red Hat, Inc.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Check one MAC with MAC ALGO using the regular MAC
|
|
||||||
+ * API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key
|
|
||||||
+ * and (EXPECT,EXPECTLEN) the expected result. If TRUNC is set, the
|
|
||||||
+ * EXPECTLEN may be less than the digest length. Returns NULL on
|
|
||||||
+ * success or a string describing the failure. */
|
|
||||||
+static const char *
|
|
||||||
+check_one (int algo,
|
|
||||||
+ const void *data, size_t datalen,
|
|
||||||
+ const void *key, size_t keylen,
|
|
||||||
+ const void *expect, size_t expectlen)
|
|
||||||
+{
|
|
||||||
+ gcry_mac_hd_t hd;
|
|
||||||
+ unsigned char mac[512]; /* hardcoded to avoid allocation */
|
|
||||||
+ size_t macoutlen = expectlen;
|
|
||||||
+
|
|
||||||
+/* printf ("MAC algo %d\n", algo); */
|
|
||||||
+ if (_gcry_mac_get_algo_maclen (algo) != expectlen ||
|
|
||||||
+ expectlen > sizeof (mac))
|
|
||||||
+ return "invalid tests data";
|
|
||||||
+ if (_gcry_mac_open (&hd, algo, 0, NULL))
|
|
||||||
+ return "gcry_mac_open failed";
|
|
||||||
+ if (_gcry_mac_setkey (hd, key, keylen))
|
|
||||||
+ {
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ return "gcry_md_setkey failed";
|
|
||||||
+ }
|
|
||||||
+ if (_gcry_mac_write (hd, data, datalen))
|
|
||||||
+ {
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ return "gcry_mac_write failed";
|
|
||||||
+ }
|
|
||||||
+ if (_gcry_mac_read (hd, mac, &macoutlen))
|
|
||||||
+ {
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ return "gcry_mac_read failed";
|
|
||||||
+ }
|
|
||||||
+ _gcry_mac_close (hd);
|
|
||||||
+ if (macoutlen != expectlen || memcmp (mac, expect, expectlen))
|
|
||||||
+ {
|
|
||||||
+/* int i; */
|
|
||||||
+
|
|
||||||
+/* fputs (" {", stdout); */
|
|
||||||
+/* for (i=0; i < expectlen-1; i++) */
|
|
||||||
+/* { */
|
|
||||||
+/* if (i && !(i % 8)) */
|
|
||||||
+/* fputs ("\n ", stdout); */
|
|
||||||
+/* printf (" 0x%02x,", mac[i]); */
|
|
||||||
+/* } */
|
|
||||||
+/* printf (" 0x%02x } },\n", mac[i]); */
|
|
||||||
+
|
|
||||||
+ return "does not match";
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+selftests_cmac_tdes (int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ const char *what;
|
|
||||||
+ const char *errtxt;
|
|
||||||
+
|
|
||||||
+ what = "Basic TDES";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57", 20,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\x74\x3d\xdb\xe0\xce\x2d\xc2\xed", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ if (extended)
|
|
||||||
+ {
|
|
||||||
+ what = "Extended TDES #1";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "", 0,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\xb7\xa6\x88\xe1\x22\xff\xaf\x95", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended TDES #2";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96", 8,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\x8e\x8f\x29\x31\x36\x28\x37\x97", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended TDES #3";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_3DES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 32,
|
|
||||||
+ "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
|
|
||||||
+ "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", 24,
|
|
||||||
+ "\x33\xe6\xb1\x09\x24\x00\xea\xe5", 8);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0; /* Succeeded. */
|
|
||||||
+
|
|
||||||
+ failed:
|
|
||||||
+ if (report)
|
|
||||||
+ report ("cmac", GCRY_MAC_CMAC_3DES, what, errtxt);
|
|
||||||
+ return GPG_ERR_SELFTEST_FAILED;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+selftests_cmac_aes (int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ const char *what;
|
|
||||||
+ const char *errtxt;
|
|
||||||
+
|
|
||||||
+ what = "Basic AES128";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
|
|
||||||
+ "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
|
|
||||||
+ "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Basic AES192";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
|
|
||||||
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
|
|
||||||
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 24,
|
|
||||||
+ "\x8a\x1d\xe5\xbe\x2e\xb3\x1a\xad\x08\x9a\x82\xe6\xee\x90\x8b\x0e", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Basic AES256";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 40,
|
|
||||||
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
|
|
||||||
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 32,
|
|
||||||
+ "\xaa\xf3\xd8\xf1\xde\x56\x40\xc2\x32\xf5\xb1\x69\xb9\xc9\x11\xe6", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ if (extended)
|
|
||||||
+ {
|
|
||||||
+ what = "Extended AES #1";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "", 0,
|
|
||||||
+ "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 16,
|
|
||||||
+ "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended AES #2";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 16,
|
|
||||||
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
|
|
||||||
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 24,
|
|
||||||
+ "\x9e\x99\xa7\xbf\x31\xe7\x10\x90\x06\x62\xf6\x5e\x61\x7c\x51\x84", 16);
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+
|
|
||||||
+ what = "Extended AES #3";
|
|
||||||
+ errtxt = check_one (GCRY_MAC_CMAC_AES,
|
|
||||||
+ "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
|
|
||||||
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
|
|
||||||
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
|
|
||||||
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 64,
|
|
||||||
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
|
|
||||||
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 32,
|
|
||||||
+ "\xe1\x99\x21\x90\x54\x9f\x6e\xd5\x69\x6a\x2c\x05\x6c\x31\x54\x10", 16 );
|
|
||||||
+ if (errtxt)
|
|
||||||
+ goto failed;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0; /* Succeeded. */
|
|
||||||
+
|
|
||||||
+ failed:
|
|
||||||
+ if (report)
|
|
||||||
+ report ("cmac", GCRY_MAC_CMAC_AES, what, errtxt);
|
|
||||||
+ return GPG_ERR_SELFTEST_FAILED;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Run a full self-test for ALGO and return 0 on success. */
|
|
||||||
+static gpg_err_code_t
|
|
||||||
+run_cmac_selftests (int algo, int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ gpg_err_code_t ec;
|
|
||||||
+
|
|
||||||
+ switch (algo)
|
|
||||||
+ {
|
|
||||||
+ case GCRY_MAC_CMAC_3DES:
|
|
||||||
+ ec = selftests_cmac_tdes (extended, report);
|
|
||||||
+ break;
|
|
||||||
+ case GCRY_MAC_CMAC_AES:
|
|
||||||
+ ec = selftests_cmac_aes (extended, report);
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+ default:
|
|
||||||
+ ec = GPG_ERR_MAC_ALGO;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ return ec;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/* Run the selftests for CMAC with CMAC algorithm ALGO with optional
|
|
||||||
+ reporting function REPORT. */
|
|
||||||
+gpg_error_t
|
|
||||||
+_gcry_cmac_selftest (int algo, int extended, selftest_report_func_t report)
|
|
||||||
+{
|
|
||||||
+ gcry_err_code_t ec = 0;
|
|
||||||
+
|
|
||||||
+ if (!_gcry_mac_algo_info( algo, GCRYCTL_TEST_ALGO, NULL, NULL ))
|
|
||||||
+ {
|
|
||||||
+ ec = run_cmac_selftests (algo, extended, report);
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ ec = GPG_ERR_MAC_ALGO;
|
|
||||||
+ if (report)
|
|
||||||
+ report ("mac", algo, "module", "algorithm not available");
|
|
||||||
+ }
|
|
||||||
+ return gpg_error (ec);
|
|
||||||
+}
|
|
||||||
diff -up libgcrypt-1.8.3/src/cipher-proto.h.cmac-selftest libgcrypt-1.8.3/src/cipher-proto.h
|
|
||||||
--- libgcrypt-1.8.3/src/cipher-proto.h.cmac-selftest 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/src/cipher-proto.h 2019-05-31 17:29:34.574588234 +0200
|
|
||||||
@@ -256,6 +256,8 @@ gcry_error_t _gcry_pk_selftest (int algo
|
|
||||||
selftest_report_func_t report);
|
|
||||||
gcry_error_t _gcry_hmac_selftest (int algo, int extended,
|
|
||||||
selftest_report_func_t report);
|
|
||||||
+gcry_error_t _gcry_cmac_selftest (int algo, int extended,
|
|
||||||
+ selftest_report_func_t report);
|
|
||||||
|
|
||||||
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.3/src/fips.c.cmac-selftest libgcrypt-1.8.3/src/fips.c
|
|
||||||
--- libgcrypt-1.8.3/src/fips.c.cmac-selftest 2018-11-01 15:40:36.051865535 +0100
|
|
||||||
+++ libgcrypt-1.8.3/src/fips.c 2019-05-31 17:31:20.157756640 +0200
|
|
||||||
@@ -521,29 +521,32 @@ run_digest_selftests (int extended)
|
|
||||||
|
|
||||||
/* Run self-tests for all HMAC algorithms. Return 0 on success. */
|
|
||||||
static int
|
|
||||||
-run_hmac_selftests (int extended)
|
|
||||||
+run_mac_selftests (int extended)
|
|
||||||
{
|
|
||||||
- static int algos[] =
|
|
||||||
+ static int algos[][2] =
|
|
||||||
{
|
|
||||||
- GCRY_MD_SHA1,
|
|
||||||
- GCRY_MD_SHA224,
|
|
||||||
- GCRY_MD_SHA256,
|
|
||||||
- GCRY_MD_SHA384,
|
|
||||||
- GCRY_MD_SHA512,
|
|
||||||
- GCRY_MD_SHA3_224,
|
|
||||||
- GCRY_MD_SHA3_256,
|
|
||||||
- GCRY_MD_SHA3_384,
|
|
||||||
- GCRY_MD_SHA3_512,
|
|
||||||
- 0
|
|
||||||
+ { GCRY_MD_SHA1, 0 },
|
|
||||||
+ { GCRY_MD_SHA224, 0 },
|
|
||||||
+ { GCRY_MD_SHA256, 0 },
|
|
||||||
+ { GCRY_MD_SHA384, 0 },
|
|
||||||
+ { GCRY_MD_SHA512, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_224, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_256, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_384, 0 },
|
|
||||||
+ { GCRY_MD_SHA3_512, 0 },
|
|
||||||
+ { GCRY_MAC_CMAC_3DES, 1 },
|
|
||||||
+ { GCRY_MAC_CMAC_AES, 1 },
|
|
||||||
+ { 0, 0 }
|
|
||||||
};
|
|
||||||
int idx;
|
|
||||||
gpg_error_t err;
|
|
||||||
int anyerr = 0;
|
|
||||||
|
|
||||||
- for (idx=0; algos[idx]; idx++)
|
|
||||||
+ for (idx=0; algos[idx][0]; idx++)
|
|
||||||
{
|
|
||||||
- err = _gcry_hmac_selftest (algos[idx], extended, reporter);
|
|
||||||
- reporter ("hmac", algos[idx], NULL,
|
|
||||||
+ err = algos[idx][1] ? _gcry_cmac_selftest (algos[idx][0], extended, reporter) :
|
|
||||||
+ _gcry_hmac_selftest (algos[idx][0], extended, reporter);
|
|
||||||
+ reporter (algos[idx][1] ? "cmac" : "hmac", algos[idx][0], NULL,
|
|
||||||
err? gpg_strerror (err):NULL);
|
|
||||||
if (err)
|
|
||||||
anyerr = 1;
|
|
||||||
@@ -747,7 +750,7 @@ _gcry_fips_run_selftests (int extended)
|
|
||||||
if (run_digest_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
- if (run_hmac_selftests (extended))
|
|
||||||
+ if (run_mac_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
/* Run random tests before the pubkey tests because the latter
|
|
@ -1,322 +0,0 @@
|
|||||||
From daedbbb5541cd8ecda1459d3b843ea4d92788762 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
Date: Fri, 31 May 2019 17:18:09 +0300
|
|
||||||
Subject: [PATCH] AES: move look-up tables to .data section and unshare between
|
|
||||||
processes
|
|
||||||
|
|
||||||
* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
|
|
||||||
* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
|
|
||||||
(enc_tables): New structure for encryption table with counters before
|
|
||||||
and after.
|
|
||||||
(encT): New macro.
|
|
||||||
(dec_tables): Add counters before and after encryption table; Move
|
|
||||||
from .rodata to .data section.
|
|
||||||
(do_encrypt): Change 'encT' to 'enc_tables.T'.
|
|
||||||
(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
|
|
||||||
* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
|
|
||||||
with length not multiple of 256.
|
|
||||||
(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
|
|
||||||
to unshare look-up table pages between processes.
|
|
||||||
--
|
|
||||||
|
|
||||||
GnuPG-bug-id: 4541
|
|
||||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
---
|
|
||||||
cipher/rijndael-internal.h | 4 +-
|
|
||||||
cipher/rijndael-tables.h | 155 +++++++++++++++++++++----------------
|
|
||||||
cipher/rijndael.c | 35 +++++++--
|
|
||||||
3 files changed, 118 insertions(+), 76 deletions(-)
|
|
||||||
|
|
||||||
Index: libgcrypt-1.8.4/cipher/rijndael-internal.h
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.8.4.orig/cipher/rijndael-internal.h
|
|
||||||
+++ libgcrypt-1.8.4/cipher/rijndael-internal.h
|
|
||||||
@@ -29,11 +29,13 @@
|
|
||||||
#define BLOCKSIZE (128/8)
|
|
||||||
|
|
||||||
|
|
||||||
-/* Helper macro to force alignment to 16 bytes. */
|
|
||||||
+/* Helper macro to force alignment to 16 or 64 bytes. */
|
|
||||||
#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
|
|
||||||
# define ATTR_ALIGNED_16 __attribute__ ((aligned (16)))
|
|
||||||
+# define ATTR_ALIGNED_64 __attribute__ ((aligned (64)))
|
|
||||||
#else
|
|
||||||
# define ATTR_ALIGNED_16
|
|
||||||
+# define ATTR_ALIGNED_64
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
Index: libgcrypt-1.8.4/cipher/rijndael-tables.h
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.8.4.orig/cipher/rijndael-tables.h
|
|
||||||
+++ libgcrypt-1.8.4/cipher/rijndael-tables.h
|
|
||||||
@@ -21,80 +21,98 @@
|
|
||||||
/* To keep the actual implementation at a readable size we use this
|
|
||||||
include file to define the tables. */
|
|
||||||
|
|
||||||
-static const u32 encT[256] =
|
|
||||||
+static struct
|
|
||||||
+{
|
|
||||||
+ volatile u32 counter_head;
|
|
||||||
+ u32 cacheline_align[64 / 4 - 1];
|
|
||||||
+ u32 T[256];
|
|
||||||
+ volatile u32 counter_tail;
|
|
||||||
+} enc_tables ATTR_ALIGNED_64 =
|
|
||||||
{
|
|
||||||
- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
|
|
||||||
- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
|
|
||||||
- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
|
|
||||||
- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
|
|
||||||
- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
|
|
||||||
- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
|
|
||||||
- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
|
|
||||||
- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
|
|
||||||
- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
|
|
||||||
- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
|
|
||||||
- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
|
|
||||||
- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
|
|
||||||
- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
|
|
||||||
- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
|
|
||||||
- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
|
|
||||||
- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
|
|
||||||
- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
|
|
||||||
- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
|
|
||||||
- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
|
|
||||||
- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
|
|
||||||
- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
|
|
||||||
- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
|
|
||||||
- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
|
|
||||||
- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
|
|
||||||
- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
|
|
||||||
- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
|
|
||||||
- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
|
|
||||||
- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
|
|
||||||
- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
|
|
||||||
- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
|
|
||||||
- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
|
|
||||||
- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
|
|
||||||
- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
|
|
||||||
- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
|
|
||||||
- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
|
|
||||||
- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
|
|
||||||
- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
|
|
||||||
- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
|
|
||||||
- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
|
|
||||||
- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
|
|
||||||
- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
|
|
||||||
- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
|
|
||||||
- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
|
|
||||||
- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
|
|
||||||
- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
|
|
||||||
- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
|
|
||||||
- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
|
|
||||||
- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
|
|
||||||
- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
|
|
||||||
- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
|
|
||||||
- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
|
|
||||||
- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
|
|
||||||
- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
|
|
||||||
- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
|
|
||||||
- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
|
|
||||||
- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
|
|
||||||
- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
|
|
||||||
- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
|
|
||||||
- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
|
|
||||||
- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
|
|
||||||
- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
|
|
||||||
- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
|
|
||||||
- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
|
|
||||||
- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
|
|
||||||
+ 0,
|
|
||||||
+ { 0, },
|
|
||||||
+ {
|
|
||||||
+ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
|
|
||||||
+ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
|
|
||||||
+ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
|
|
||||||
+ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
|
|
||||||
+ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
|
|
||||||
+ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
|
|
||||||
+ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
|
|
||||||
+ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
|
|
||||||
+ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
|
|
||||||
+ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
|
|
||||||
+ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
|
|
||||||
+ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
|
|
||||||
+ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
|
|
||||||
+ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
|
|
||||||
+ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
|
|
||||||
+ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
|
|
||||||
+ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
|
|
||||||
+ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
|
|
||||||
+ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
|
|
||||||
+ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
|
|
||||||
+ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
|
|
||||||
+ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
|
|
||||||
+ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
|
|
||||||
+ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
|
|
||||||
+ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
|
|
||||||
+ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
|
|
||||||
+ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
|
|
||||||
+ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
|
|
||||||
+ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
|
|
||||||
+ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
|
|
||||||
+ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
|
|
||||||
+ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
|
|
||||||
+ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
|
|
||||||
+ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
|
|
||||||
+ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
|
|
||||||
+ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
|
|
||||||
+ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
|
|
||||||
+ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
|
|
||||||
+ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
|
|
||||||
+ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
|
|
||||||
+ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
|
|
||||||
+ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
|
|
||||||
+ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
|
|
||||||
+ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
|
|
||||||
+ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
|
|
||||||
+ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
|
|
||||||
+ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
|
|
||||||
+ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
|
|
||||||
+ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
|
|
||||||
+ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
|
|
||||||
+ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
|
|
||||||
+ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
|
|
||||||
+ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
|
|
||||||
+ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
|
|
||||||
+ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
|
|
||||||
+ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
|
|
||||||
+ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
|
|
||||||
+ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
|
|
||||||
+ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
|
|
||||||
+ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
|
|
||||||
+ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
|
|
||||||
+ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
|
|
||||||
+ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
|
|
||||||
+ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
|
|
||||||
+ },
|
|
||||||
+ 0
|
|
||||||
};
|
|
||||||
|
|
||||||
-static const struct
|
|
||||||
+#define encT enc_tables.T
|
|
||||||
+
|
|
||||||
+static struct
|
|
||||||
{
|
|
||||||
+ volatile u32 counter_head;
|
|
||||||
+ u32 cacheline_align[64 / 4 - 1];
|
|
||||||
u32 T[256];
|
|
||||||
byte inv_sbox[256];
|
|
||||||
-} dec_tables =
|
|
||||||
+ volatile u32 counter_tail;
|
|
||||||
+} dec_tables ATTR_ALIGNED_64 =
|
|
||||||
{
|
|
||||||
+ 0,
|
|
||||||
+ { 0, },
|
|
||||||
{
|
|
||||||
0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
|
|
||||||
0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
|
|
||||||
@@ -194,7 +212,8 @@ static const struct
|
|
||||||
0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
|
|
||||||
0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
|
|
||||||
0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
|
|
||||||
- }
|
|
||||||
+ },
|
|
||||||
+ 0
|
|
||||||
};
|
|
||||||
|
|
||||||
#define decT dec_tables.T
|
|
||||||
Index: libgcrypt-1.8.4/cipher/rijndael.c
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.8.4.orig/cipher/rijndael.c
|
|
||||||
+++ libgcrypt-1.8.4/cipher/rijndael.c
|
|
||||||
@@ -227,11 +227,11 @@ static const char *selftest(void);
|
|
||||||
|
|
||||||
|
|
||||||
/* Prefetching for encryption/decryption tables. */
|
|
||||||
-static void prefetch_table(const volatile byte *tab, size_t len)
|
|
||||||
+static inline void prefetch_table(const volatile byte *tab, size_t len)
|
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
- for (i = 0; i < len; i += 8 * 32)
|
|
||||||
+ for (i = 0; len - i >= 8 * 32; i += 8 * 32)
|
|
||||||
{
|
|
||||||
(void)tab[i + 0 * 32];
|
|
||||||
(void)tab[i + 1 * 32];
|
|
||||||
@@ -242,17 +242,37 @@ static void prefetch_table(const volatil
|
|
||||||
(void)tab[i + 6 * 32];
|
|
||||||
(void)tab[i + 7 * 32];
|
|
||||||
}
|
|
||||||
+ for (; i < len; i += 32)
|
|
||||||
+ {
|
|
||||||
+ (void)tab[i];
|
|
||||||
+ }
|
|
||||||
|
|
||||||
(void)tab[len - 1];
|
|
||||||
}
|
|
||||||
|
|
||||||
static void prefetch_enc(void)
|
|
||||||
{
|
|
||||||
- prefetch_table((const void *)encT, sizeof(encT));
|
|
||||||
+ /* Modify counters to trigger copy-on-write and unsharing if physical pages
|
|
||||||
+ * of look-up table are shared between processes. Modifying counters also
|
|
||||||
+ * causes checksums for pages to change and hint same-page merging algorithm
|
|
||||||
+ * that these pages are frequently changing. */
|
|
||||||
+ enc_tables.counter_head++;
|
|
||||||
+ enc_tables.counter_tail++;
|
|
||||||
+
|
|
||||||
+ /* Prefetch look-up tables to cache. */
|
|
||||||
+ prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
|
|
||||||
}
|
|
||||||
|
|
||||||
static void prefetch_dec(void)
|
|
||||||
{
|
|
||||||
+ /* Modify counters to trigger copy-on-write and unsharing if physical pages
|
|
||||||
+ * of look-up table are shared between processes. Modifying counters also
|
|
||||||
+ * causes checksums for pages to change and hint same-page merging algorithm
|
|
||||||
+ * that these pages are frequently changing. */
|
|
||||||
+ dec_tables.counter_head++;
|
|
||||||
+ dec_tables.counter_tail++;
|
|
||||||
+
|
|
||||||
+ /* Prefetch look-up tables to cache. */
|
|
||||||
prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx,
|
|
||||||
#ifdef USE_AMD64_ASM
|
|
||||||
# ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
|
|
||||||
return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
|
|
||||||
- encT);
|
|
||||||
+ enc_tables.T);
|
|
||||||
# else
|
|
||||||
/* Call SystemV ABI function without storing non-volatile XMM registers,
|
|
||||||
* as target function does not use vector instruction sets. */
|
|
||||||
@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx,
|
|
||||||
return ret;
|
|
||||||
# endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
|
|
||||||
#elif defined(USE_ARM_ASM)
|
|
||||||
- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT);
|
|
||||||
+ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
|
|
||||||
+ enc_tables.T);
|
|
||||||
#else
|
|
||||||
return do_encrypt_fn (ctx, bx, ax);
|
|
||||||
#endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/
|
|
||||||
@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx,
|
|
||||||
#ifdef USE_AMD64_ASM
|
|
||||||
# ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
|
|
||||||
return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
|
|
||||||
- &dec_tables);
|
|
||||||
+ dec_tables.T);
|
|
||||||
# else
|
|
||||||
/* Call SystemV ABI function without storing non-volatile XMM registers,
|
|
||||||
* as target function does not use vector instruction sets. */
|
|
||||||
@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx,
|
|
||||||
# endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
|
|
||||||
#elif defined(USE_ARM_ASM)
|
|
||||||
return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
|
|
||||||
- &dec_tables);
|
|
||||||
+ dec_tables.T);
|
|
||||||
#else
|
|
||||||
return do_decrypt_fn (ctx, bx, ax);
|
|
||||||
#endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/
|
|
@ -1,80 +0,0 @@
|
|||||||
From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
Date: Sat, 27 Apr 2019 19:33:28 +0300
|
|
||||||
Subject: [PATCH] Prefetch GCM look-up tables
|
|
||||||
|
|
||||||
* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
|
|
||||||
(prefetch_tables): New.
|
|
||||||
(ghash_internal): Call prefetch_tables.
|
|
||||||
--
|
|
||||||
|
|
||||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
---
|
|
||||||
cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++
|
|
||||||
1 file changed, 33 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
|
|
||||||
index c19f09f2..11f119aa 100644
|
|
||||||
--- a/cipher/cipher-gcm.c
|
|
||||||
+++ b/cipher/cipher-gcm.c
|
|
||||||
@@ -118,6 +118,34 @@ static const u16 gcmR[256] = {
|
|
||||||
0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
|
|
||||||
};
|
|
||||||
|
|
||||||
+static inline
|
|
||||||
+void prefetch_table(const void *tab, size_t len)
|
|
||||||
+{
|
|
||||||
+ const volatile byte *vtab = tab;
|
|
||||||
+ size_t i;
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < len; i += 8 * 32)
|
|
||||||
+ {
|
|
||||||
+ (void)vtab[i + 0 * 32];
|
|
||||||
+ (void)vtab[i + 1 * 32];
|
|
||||||
+ (void)vtab[i + 2 * 32];
|
|
||||||
+ (void)vtab[i + 3 * 32];
|
|
||||||
+ (void)vtab[i + 4 * 32];
|
|
||||||
+ (void)vtab[i + 5 * 32];
|
|
||||||
+ (void)vtab[i + 6 * 32];
|
|
||||||
+ (void)vtab[i + 7 * 32];
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ (void)vtab[len - 1];
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static inline void
|
|
||||||
+do_prefetch_tables (const void *gcmM, size_t gcmM_size)
|
|
||||||
+{
|
|
||||||
+ prefetch_table(gcmM, gcmM_size);
|
|
||||||
+ prefetch_table(gcmR, sizeof(gcmR));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#ifdef GCM_TABLES_USE_U64
|
|
||||||
static void
|
|
||||||
bshift (u64 * b0, u64 * b1)
|
|
||||||
@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM)
|
|
||||||
#define fillM(c) \
|
|
||||||
do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table)
|
|
||||||
#define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table)
|
|
||||||
+#define prefetch_tables(c) \
|
|
||||||
+ do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table))
|
|
||||||
|
|
||||||
#else
|
|
||||||
|
|
||||||
@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf)
|
|
||||||
|
|
||||||
#define fillM(c) do { } while (0)
|
|
||||||
#define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf)
|
|
||||||
+#define prefetch_tables(c) do {} while (0)
|
|
||||||
|
|
||||||
#endif /* !GCM_USE_TABLES */
|
|
||||||
|
|
||||||
@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf,
|
|
||||||
const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
|
|
||||||
unsigned int burn = 0;
|
|
||||||
|
|
||||||
+ prefetch_tables (c);
|
|
||||||
+
|
|
||||||
while (nblocks)
|
|
||||||
{
|
|
||||||
burn = GHASH (c, result, buf);
|
|
@ -1,168 +0,0 @@
|
|||||||
From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
Date: Fri, 31 May 2019 17:27:25 +0300
|
|
||||||
Subject: [PATCH] GCM: move look-up table to .data section and unshare between
|
|
||||||
processes
|
|
||||||
|
|
||||||
* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
|
|
||||||
(gcmR): Move to 'gcm_table' structure.
|
|
||||||
(gcm_table): New structure for look-up table with counters before and
|
|
||||||
after.
|
|
||||||
(gcmR): New macro.
|
|
||||||
(prefetch_table): Handle input with length not multiple of 256.
|
|
||||||
(do_prefetch_tables): Modify pre- and post-table counters to unshare
|
|
||||||
look-up table pages between processes.
|
|
||||||
--
|
|
||||||
|
|
||||||
GnuPG-bug-id: 4541
|
|
||||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
||||||
---
|
|
||||||
cipher/cipher-gcm.c | 106 +++++++++++++++++++++++++++++---------------
|
|
||||||
1 file changed, 70 insertions(+), 36 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
|
|
||||||
index 11f119aa..194e2ec9 100644
|
|
||||||
--- a/cipher/cipher-gcm.c
|
|
||||||
+++ b/cipher/cipher-gcm.c
|
|
||||||
@@ -30,6 +30,14 @@
|
|
||||||
#include "./cipher-internal.h"
|
|
||||||
|
|
||||||
|
|
||||||
+/* Helper macro to force alignment to 16 or 64 bytes. */
|
|
||||||
+#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
|
|
||||||
+# define ATTR_ALIGNED_64 __attribute__ ((aligned (64)))
|
|
||||||
+#else
|
|
||||||
+# define ATTR_ALIGNED_64
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+
|
|
||||||
#ifdef GCM_USE_INTEL_PCLMUL
|
|
||||||
extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c);
|
|
||||||
|
|
||||||
@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf,
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef GCM_USE_TABLES
|
|
||||||
-static const u16 gcmR[256] = {
|
|
||||||
- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
|
|
||||||
- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
|
|
||||||
- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
|
|
||||||
- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
|
|
||||||
- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
|
|
||||||
- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
|
|
||||||
- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
|
|
||||||
- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
|
|
||||||
- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
|
|
||||||
- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
|
|
||||||
- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
|
|
||||||
- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
|
|
||||||
- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
|
|
||||||
- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
|
|
||||||
- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
|
|
||||||
- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
|
|
||||||
- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
|
|
||||||
- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
|
|
||||||
- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
|
|
||||||
- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
|
|
||||||
- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
|
|
||||||
- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
|
|
||||||
- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
|
|
||||||
- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
|
|
||||||
- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
|
|
||||||
- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
|
|
||||||
- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
|
|
||||||
- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
|
|
||||||
- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
|
|
||||||
- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
|
|
||||||
- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
|
|
||||||
- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
|
|
||||||
-};
|
|
||||||
+static struct
|
|
||||||
+{
|
|
||||||
+ volatile u32 counter_head;
|
|
||||||
+ u32 cacheline_align[64 / 4 - 1];
|
|
||||||
+ u16 R[256];
|
|
||||||
+ volatile u32 counter_tail;
|
|
||||||
+} gcm_table ATTR_ALIGNED_64 =
|
|
||||||
+ {
|
|
||||||
+ 0,
|
|
||||||
+ { 0, },
|
|
||||||
+ {
|
|
||||||
+ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
|
|
||||||
+ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
|
|
||||||
+ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
|
|
||||||
+ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
|
|
||||||
+ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
|
|
||||||
+ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
|
|
||||||
+ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
|
|
||||||
+ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
|
|
||||||
+ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
|
|
||||||
+ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
|
|
||||||
+ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
|
|
||||||
+ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
|
|
||||||
+ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
|
|
||||||
+ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
|
|
||||||
+ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
|
|
||||||
+ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
|
|
||||||
+ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
|
|
||||||
+ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
|
|
||||||
+ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
|
|
||||||
+ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
|
|
||||||
+ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
|
|
||||||
+ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
|
|
||||||
+ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
|
|
||||||
+ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
|
|
||||||
+ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
|
|
||||||
+ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
|
|
||||||
+ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
|
|
||||||
+ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
|
|
||||||
+ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
|
|
||||||
+ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
|
|
||||||
+ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
|
|
||||||
+ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
|
|
||||||
+ },
|
|
||||||
+ 0
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+#define gcmR gcm_table.R
|
|
||||||
|
|
||||||
static inline
|
|
||||||
void prefetch_table(const void *tab, size_t len)
|
|
||||||
@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len)
|
|
||||||
const volatile byte *vtab = tab;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
- for (i = 0; i < len; i += 8 * 32)
|
|
||||||
+ for (i = 0; len - i >= 8 * 32; i += 8 * 32)
|
|
||||||
{
|
|
||||||
(void)vtab[i + 0 * 32];
|
|
||||||
(void)vtab[i + 1 * 32];
|
|
||||||
@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len)
|
|
||||||
(void)vtab[i + 6 * 32];
|
|
||||||
(void)vtab[i + 7 * 32];
|
|
||||||
}
|
|
||||||
+ for (; i < len; i += 32)
|
|
||||||
+ {
|
|
||||||
+ (void)vtab[i];
|
|
||||||
+ }
|
|
||||||
|
|
||||||
(void)vtab[len - 1];
|
|
||||||
}
|
|
||||||
@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len)
|
|
||||||
static inline void
|
|
||||||
do_prefetch_tables (const void *gcmM, size_t gcmM_size)
|
|
||||||
{
|
|
||||||
+ /* Modify counters to trigger copy-on-write and unsharing if physical pages
|
|
||||||
+ * of look-up table are shared between processes. Modifying counters also
|
|
||||||
+ * causes checksums for pages to change and hint same-page merging algorithm
|
|
||||||
+ * that these pages are frequently changing. */
|
|
||||||
+ gcm_table.counter_head++;
|
|
||||||
+ gcm_table.counter_tail++;
|
|
||||||
+
|
|
||||||
+ /* Prefetch look-up tables to cache. */
|
|
||||||
prefetch_table(gcmM, gcmM_size);
|
|
||||||
- prefetch_table(gcmR, sizeof(gcmR));
|
|
||||||
+ prefetch_table(&gcm_table, sizeof(gcm_table));
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef GCM_TABLES_USE_U64
|
|
@ -1,7 +1,7 @@
|
|||||||
Index: libgcrypt-1.8.2/cipher/pubkey.c
|
Index: libgcrypt-1.9.0/cipher/pubkey.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/pubkey.c
|
--- libgcrypt-1.9.0.orig/cipher/pubkey.c
|
||||||
+++ libgcrypt-1.8.2/cipher/pubkey.c
|
+++ libgcrypt-1.9.0/cipher/pubkey.c
|
||||||
@@ -384,6 +384,33 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain,
|
@@ -384,6 +384,33 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -106,10 +106,10 @@ Index: libgcrypt-1.8.2/cipher/pubkey.c
|
|||||||
/*
|
/*
|
||||||
Test a key.
|
Test a key.
|
||||||
|
|
||||||
Index: libgcrypt-1.8.2/cipher/pubkey-internal.h
|
Index: libgcrypt-1.9.0/cipher/pubkey-internal.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/pubkey-internal.h
|
--- libgcrypt-1.9.0.orig/cipher/pubkey-internal.h
|
||||||
+++ libgcrypt-1.8.2/cipher/pubkey-internal.h
|
+++ libgcrypt-1.9.0/cipher/pubkey-internal.h
|
||||||
@@ -43,6 +43,8 @@ void _gcry_pk_util_free_encoding_ctx (st
|
@@ -43,6 +43,8 @@ void _gcry_pk_util_free_encoding_ctx (st
|
||||||
gcry_err_code_t _gcry_pk_util_data_to_mpi (gcry_sexp_t input,
|
gcry_err_code_t _gcry_pk_util_data_to_mpi (gcry_sexp_t input,
|
||||||
gcry_mpi_t *ret_mpi,
|
gcry_mpi_t *ret_mpi,
|
||||||
@ -119,11 +119,11 @@ Index: libgcrypt-1.8.2/cipher/pubkey-internal.h
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Index: libgcrypt-1.8.2/cipher/pubkey-util.c
|
Index: libgcrypt-1.9.0/cipher/pubkey-util.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/pubkey-util.c
|
--- libgcrypt-1.9.0.orig/cipher/pubkey-util.c
|
||||||
+++ libgcrypt-1.8.2/cipher/pubkey-util.c
|
+++ libgcrypt-1.9.0/cipher/pubkey-util.c
|
||||||
@@ -1119,3 +1119,50 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
|
@@ -1158,3 +1158,50 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
@ -174,11 +174,11 @@ Index: libgcrypt-1.8.2/cipher/pubkey-util.c
|
|||||||
+
|
+
|
||||||
+ return rc;
|
+ return rc;
|
||||||
+}
|
+}
|
||||||
Index: libgcrypt-1.8.2/src/g10lib.h
|
Index: libgcrypt-1.9.0/src/g10lib.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/src/g10lib.h
|
--- libgcrypt-1.9.0.orig/src/g10lib.h
|
||||||
+++ libgcrypt-1.8.2/src/g10lib.h
|
+++ libgcrypt-1.9.0/src/g10lib.h
|
||||||
@@ -288,6 +288,10 @@ gpg_err_code_t _gcry_generate_fips186_3_
|
@@ -299,6 +299,10 @@ gpg_err_code_t _gcry_generate_fips186_3_
|
||||||
gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
|
gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
|
||||||
unsigned int bits);
|
unsigned int bits);
|
||||||
|
|
||||||
@ -189,10 +189,10 @@ Index: libgcrypt-1.8.2/src/g10lib.h
|
|||||||
|
|
||||||
/* Replacements of missing functions (missing-string.c). */
|
/* Replacements of missing functions (missing-string.c). */
|
||||||
#ifndef HAVE_STPCPY
|
#ifndef HAVE_STPCPY
|
||||||
Index: libgcrypt-1.8.2/src/visibility.c
|
Index: libgcrypt-1.9.0/src/visibility.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/src/visibility.c
|
--- libgcrypt-1.9.0.orig/src/visibility.c
|
||||||
+++ libgcrypt-1.8.2/src/visibility.c
|
+++ libgcrypt-1.9.0/src/visibility.c
|
||||||
@@ -992,6 +992,18 @@ gcry_pk_decrypt (gcry_sexp_t *result, gc
|
@@ -992,6 +992,18 @@ gcry_pk_decrypt (gcry_sexp_t *result, gc
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -228,11 +228,11 @@ Index: libgcrypt-1.8.2/src/visibility.c
|
|||||||
gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey)
|
gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey)
|
||||||
{
|
{
|
||||||
if (!fips_is_operational ())
|
if (!fips_is_operational ())
|
||||||
Index: libgcrypt-1.8.2/src/visibility.h
|
Index: libgcrypt-1.9.0/src/visibility.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/src/visibility.h
|
--- libgcrypt-1.9.0.orig/src/visibility.h
|
||||||
+++ libgcrypt-1.8.2/src/visibility.h
|
+++ libgcrypt-1.9.0/src/visibility.h
|
||||||
@@ -357,8 +357,10 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
|
@@ -360,8 +360,10 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
|
||||||
#define gcry_pk_get_param _gcry_USE_THE_UNDERSCORED_FUNCTION
|
#define gcry_pk_get_param _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
#define gcry_pk_get_nbits _gcry_USE_THE_UNDERSCORED_FUNCTION
|
#define gcry_pk_get_nbits _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
#define gcry_pk_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
|
#define gcry_pk_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
@ -242,4 +242,4 @@ Index: libgcrypt-1.8.2/src/visibility.h
|
|||||||
+#define gcry_pk_verify_md _gcry_USE_THE_UNDERSCORED_FUNCTION
|
+#define gcry_pk_verify_md _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
#define gcry_pk_verify _gcry_USE_THE_UNDERSCORED_FUNCTION
|
#define gcry_pk_verify _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
#define gcry_pubkey_get_sexp _gcry_USE_THE_UNDERSCORED_FUNCTION
|
#define gcry_pubkey_get_sexp _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
|
#define gcry_ecc_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
|
||||||
|
@ -1,80 +1,46 @@
|
|||||||
Index: libgcrypt-1.8.2/cipher/ecc.c
|
Index: libgcrypt-1.9.0/cipher/ecc.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/ecc.c
|
--- libgcrypt-1.9.0.orig/cipher/ecc.c
|
||||||
+++ libgcrypt-1.8.2/cipher/ecc.c
|
+++ libgcrypt-1.9.0/cipher/ecc.c
|
||||||
@@ -99,7 +99,7 @@ static void *progress_cb_data;
|
@@ -100,7 +100,7 @@ static void *progress_cb_data;
|
||||||
|
|
||||||
|
|
||||||
/* Local prototypes. */
|
/* Local prototypes. */
|
||||||
-static void test_keys (ECC_secret_key * sk, unsigned int nbits);
|
-static void test_keys (mpi_ec_t ec, unsigned int nbits);
|
||||||
+static int test_keys (ECC_secret_key * sk, unsigned int nbits);
|
+static int test_keys (mpi_ec_t ec, unsigned int nbits);
|
||||||
static void test_ecdh_only_keys (ECC_secret_key * sk, unsigned int nbits, int flags);
|
static void test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, int flags);
|
||||||
static unsigned int ecc_get_nbits (gcry_sexp_t parms);
|
static unsigned int ecc_get_nbits (gcry_sexp_t parms);
|
||||||
|
|
||||||
@@ -152,6 +152,7 @@ nist_generate_key (ECC_secret_key *sk, e
|
@@ -256,8 +256,10 @@ nist_generate_key (mpi_ec_t ec, int flag
|
||||||
gcry_random_level_t random_level;
|
else if (ec->model == MPI_EC_MONTGOMERY)
|
||||||
gcry_mpi_t x, y;
|
test_ecdh_only_keys (ec, ec->nbits - 63, flags);
|
||||||
const unsigned int pbits = mpi_get_nbits (E->p);
|
|
||||||
+ int free_skEname = 0;
|
|
||||||
|
|
||||||
point_init (&Q);
|
|
||||||
|
|
||||||
@@ -176,7 +177,6 @@ nist_generate_key (ECC_secret_key *sk, e
|
|
||||||
else
|
else
|
||||||
sk->d = _gcry_dsa_gen_k (E->n, random_level);
|
- test_keys (ec, ec->nbits - 64);
|
||||||
|
|
||||||
-
|
-
|
||||||
/* Compute Q. */
|
|
||||||
_gcry_mpi_ec_mul_point (&Q, sk->d, &E->G, ctx);
|
|
||||||
|
|
||||||
@@ -190,6 +190,12 @@ nist_generate_key (ECC_secret_key *sk, e
|
|
||||||
point_set (&sk->E.G, &E->G);
|
|
||||||
sk->E.n = mpi_copy (E->n);
|
|
||||||
sk->E.h = mpi_copy (E->h);
|
|
||||||
+ if (E->name)
|
|
||||||
+ {
|
+ {
|
||||||
+ free_skEname = 1;
|
+ if (test_keys (ec, ec->nbits - 64))
|
||||||
+ sk->E.name = _gcry_xstrdup(E->name);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
point_init (&sk->Q);
|
|
||||||
|
|
||||||
x = mpi_new (pbits);
|
|
||||||
@@ -261,10 +267,16 @@ nist_generate_key (ECC_secret_key *sk, e
|
|
||||||
if ((flags & PUBKEY_FLAG_NO_KEYTEST))
|
|
||||||
; /* User requested to skip the test. */
|
|
||||||
else if (sk->E.model != MPI_EC_MONTGOMERY)
|
|
||||||
- test_keys (sk, nbits - 64);
|
|
||||||
+ {
|
|
||||||
+ if (test_keys (sk, nbits - 64))
|
|
||||||
+ return GPG_ERR_BAD_SIGNATURE;
|
+ return GPG_ERR_BAD_SIGNATURE;
|
||||||
+ }
|
+ }
|
||||||
else
|
|
||||||
test_ecdh_only_keys (sk, nbits - 64, flags);
|
|
||||||
|
|
||||||
+ if (free_skEname)
|
|
||||||
+ xfree ((void*)sk->E.name);
|
|
||||||
+
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -275,9 +287,10 @@ nist_generate_key (ECC_secret_key *sk, e
|
@@ -268,9 +270,10 @@ nist_generate_key (mpi_ec_t ec, int flag
|
||||||
* test if the information is recuperated.
|
* test if the information is recuperated.
|
||||||
* Second, test with the sign and verify functions.
|
* Second, test with the sign and verify functions.
|
||||||
*/
|
*/
|
||||||
-static void
|
-static void
|
||||||
+static int
|
+static int
|
||||||
test_keys (ECC_secret_key *sk, unsigned int nbits)
|
test_keys (mpi_ec_t ec, unsigned int nbits)
|
||||||
{
|
{
|
||||||
+ int result = -1; /* Default to failure. */
|
+ int result = -1; /* Default to failure. */
|
||||||
ECC_public_key pk;
|
|
||||||
gcry_mpi_t test = mpi_new (nbits);
|
gcry_mpi_t test = mpi_new (nbits);
|
||||||
mpi_point_struct R_;
|
mpi_point_struct R_;
|
||||||
@@ -297,17 +310,190 @@ test_keys (ECC_secret_key *sk, unsigned
|
gcry_mpi_t c = mpi_new (nbits);
|
||||||
|
@@ -285,23 +288,205 @@ test_keys (mpi_ec_t ec, unsigned int nbi
|
||||||
|
|
||||||
_gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
|
_gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
|
||||||
|
|
||||||
- if (_gcry_ecc_ecdsa_sign (test, sk, r, s, 0, 0) )
|
- if (_gcry_ecc_ecdsa_sign (test, ec, r, s, 0, 0) )
|
||||||
- log_fatal ("ECDSA operation: sign failed\n");
|
- log_fatal ("ECDSA operation: sign failed\n");
|
||||||
+ /* Use the gcry_pk_sign_md API in order to comply with FIPS 140-2,
|
+ /* Use the gcry_pk_sign_md API in order to comply with FIPS 140-2,
|
||||||
+ * which requires full signature operation for PCT (hashing +
|
+ * which requires full signature operation for PCT (hashing +
|
||||||
@ -102,7 +68,7 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+ xfree (buf);
|
+ xfree (buf);
|
||||||
+ buf = NULL;
|
+ buf = NULL;
|
||||||
|
|
||||||
- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s))
|
- if (_gcry_ecc_ecdsa_verify (test, ec, r, s))
|
||||||
+ sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))");
|
+ sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))");
|
||||||
+
|
+
|
||||||
+ /* Assemble the point Q from affine coordinates by simple
|
+ /* Assemble the point Q from affine coordinates by simple
|
||||||
@ -111,11 +77,10 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+ gcry_mpi_t Qy = NULL;
|
+ gcry_mpi_t Qy = NULL;
|
||||||
+ Qx = mpi_new (0);
|
+ Qx = mpi_new (0);
|
||||||
+ Qy = mpi_new (0);
|
+ Qy = mpi_new (0);
|
||||||
+ ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, flags,
|
+ ctx = _gcry_mpi_ec_p_internal_new (ec->model, ec->dialect, flags,
|
||||||
+ sk->E.p, sk->E.a, sk->E.b);
|
+ ec->p, ec->a, ec->b);
|
||||||
+ if (_gcry_mpi_ec_get_affine (Qx, Qy, &(sk->Q), ctx))
|
+ if (_gcry_mpi_ec_get_affine (Qx, Qy, ec->Q, ctx))
|
||||||
{
|
+ {
|
||||||
- log_fatal ("ECDSA operation: sign, verify failed\n");
|
|
||||||
+ if (DBG_CIPHER)
|
+ if (DBG_CIPHER)
|
||||||
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
|
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
|
||||||
+ }
|
+ }
|
||||||
@ -163,11 +128,11 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+ xfree (rawqy);
|
+ xfree (rawqy);
|
||||||
+
|
+
|
||||||
+ /* build ECC private key sexp in s_skey */
|
+ /* build ECC private key sexp in s_skey */
|
||||||
+ if (sk->E.name)
|
+ if (ec->name)
|
||||||
+ {
|
+ {
|
||||||
+ if (sexp_build (&s_skey, NULL,
|
+ if (sexp_build (&s_skey, NULL,
|
||||||
+ "(private-key (ecc (curve %s)(d %m)(q %b)))",
|
+ "(private-key (ecc (curve %s)(d %m)(q %b)))",
|
||||||
+ sk->E.name, sk->d, qlen, q))
|
+ ec->name, ec->d, qlen, q))
|
||||||
+ {
|
+ {
|
||||||
+ if (DBG_CIPHER)
|
+ if (DBG_CIPHER)
|
||||||
+ log_debug ("ecc: Failed to build sexp for private key.\n");
|
+ log_debug ("ecc: Failed to build sexp for private key.\n");
|
||||||
@ -178,16 +143,16 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+ if (sexp_build (&s_skey, NULL,
|
+ if (sexp_build (&s_skey, NULL,
|
||||||
+ "(private-key"
|
+ "(private-key"
|
||||||
+ " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
|
+ " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
|
||||||
+ "NIST P-512", sk->d, sk->E.p, sk->E.a, sk->E.b, sk->E.n, sk->E.h,
|
+ "NIST P-512", ec->d, ec->p, ec->a, ec->b, ec->n, ec->h,
|
||||||
+ qlen, q))
|
+ qlen, q))
|
||||||
+ {
|
+ {
|
||||||
+ if (DBG_CIPHER)
|
+ if (DBG_CIPHER)
|
||||||
+ log_debug ("ecc: Failed to build sexp for private key.\n");
|
+ log_debug ("ecc: Failed to build sexp for private key.\n");
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+
|
|
||||||
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
|
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
|
||||||
+ {
|
{
|
||||||
|
- log_fatal ("ECDSA operation: sign, verify failed\n");
|
||||||
+ if (DBG_CIPHER)
|
+ if (DBG_CIPHER)
|
||||||
+ log_debug ("ecc: gcry_pk_sign failed\n");
|
+ log_debug ("ecc: gcry_pk_sign failed\n");
|
||||||
+ goto leave;
|
+ goto leave;
|
||||||
@ -210,10 +175,10 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+
|
+
|
||||||
+ /* verify */
|
+ /* verify */
|
||||||
+ /* build public key sexp in s_pkey */
|
+ /* build public key sexp in s_pkey */
|
||||||
+ if (pk.E.name)
|
+ if (ec->name)
|
||||||
+ {
|
+ {
|
||||||
+ if (sexp_build (&s_pkey, NULL,
|
+ if (sexp_build (&s_pkey, NULL,
|
||||||
+ "(public-key (ecc (curve %s)(q %b)))", pk.E.name, qlen, q))
|
+ "(public-key (ecc (curve %s)(q %b)))", ec->name, qlen, q))
|
||||||
+ {
|
+ {
|
||||||
+ if (DBG_CIPHER)
|
+ if (DBG_CIPHER)
|
||||||
+ log_debug ("ecc: Failed to build sexp for public key.\n");
|
+ log_debug ("ecc: Failed to build sexp for public key.\n");
|
||||||
@ -224,7 +189,7 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+ if (sexp_build (&s_pkey, NULL,
|
+ if (sexp_build (&s_pkey, NULL,
|
||||||
+ "(public-key"
|
+ "(public-key"
|
||||||
+ " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
|
+ " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
|
||||||
+ "NIST P-512", pk.E.p, pk.E.a, pk.E.b, pk.E.n, pk.E.h, qlen, q))
|
+ "NIST P-512", ec->p, ec->a, ec->b, ec->n, ec->h, qlen, q))
|
||||||
+ {
|
+ {
|
||||||
+ if (DBG_CIPHER)
|
+ if (DBG_CIPHER)
|
||||||
+ log_debug ("ecc: Failed to build sexp for private key.\n");
|
+ log_debug ("ecc: Failed to build sexp for private key.\n");
|
||||||
@ -263,10 +228,9 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
+ result = 0; /* The test succeeded. */
|
+ result = 0; /* The test succeeded. */
|
||||||
|
|
||||||
+ leave:
|
+ leave:
|
||||||
point_free (&pk.Q);
|
point_free (&R_);
|
||||||
_gcry_ecc_curve_free (&pk.E);
|
mpi_free (s);
|
||||||
|
mpi_free (r);
|
||||||
@@ -317,6 +503,16 @@ test_keys (ECC_secret_key *sk, unsigned
|
|
||||||
mpi_free (out);
|
mpi_free (out);
|
||||||
mpi_free (c);
|
mpi_free (c);
|
||||||
mpi_free (test);
|
mpi_free (test);
|
||||||
@ -283,10 +247,10 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
Index: libgcrypt-1.8.2/cipher/pubkey.c
|
Index: libgcrypt-1.9.0/cipher/pubkey.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/pubkey.c
|
--- libgcrypt-1.9.0.orig/cipher/pubkey.c
|
||||||
+++ libgcrypt-1.8.2/cipher/pubkey.c
|
+++ libgcrypt-1.9.0/cipher/pubkey.c
|
||||||
@@ -390,6 +390,7 @@ calculate_hash (gcry_md_hd_t hd, gcry_se
|
@@ -390,6 +390,7 @@ calculate_hash (gcry_md_hd_t hd, gcry_se
|
||||||
gcry_err_code_t rc;
|
gcry_err_code_t rc;
|
||||||
const unsigned char *digest;
|
const unsigned char *digest;
|
||||||
@ -318,10 +282,10 @@ Index: libgcrypt-1.8.2/cipher/pubkey.c
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
Index: libgcrypt-1.8.2/cipher/pubkey-internal.h
|
Index: libgcrypt-1.9.0/cipher/pubkey-internal.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/pubkey-internal.h
|
--- libgcrypt-1.9.0.orig/cipher/pubkey-internal.h
|
||||||
+++ libgcrypt-1.8.2/cipher/pubkey-internal.h
|
+++ libgcrypt-1.9.0/cipher/pubkey-internal.h
|
||||||
@@ -45,6 +45,8 @@ gcry_err_code_t _gcry_pk_util_data_to_mp
|
@@ -45,6 +45,8 @@ gcry_err_code_t _gcry_pk_util_data_to_mp
|
||||||
struct pk_encoding_ctx *ctx);
|
struct pk_encoding_ctx *ctx);
|
||||||
gcry_err_code_t _gcry_pk_util_get_algo (gcry_sexp_t input,
|
gcry_err_code_t _gcry_pk_util_get_algo (gcry_sexp_t input,
|
||||||
@ -331,11 +295,11 @@ Index: libgcrypt-1.8.2/cipher/pubkey-internal.h
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Index: libgcrypt-1.8.2/cipher/pubkey-util.c
|
Index: libgcrypt-1.9.0/cipher/pubkey-util.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/pubkey-util.c
|
--- libgcrypt-1.9.0.orig/cipher/pubkey-util.c
|
||||||
+++ libgcrypt-1.8.2/cipher/pubkey-util.c
|
+++ libgcrypt-1.9.0/cipher/pubkey-util.c
|
||||||
@@ -1120,6 +1120,40 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
|
@@ -1159,6 +1159,40 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/cipher/rsa.c
|
--- libgcrypt-1.8.2.orig/cipher/rsa.c
|
||||||
+++ libgcrypt-1.8.2/cipher/rsa.c
|
+++ libgcrypt-1.8.2/cipher/rsa.c
|
||||||
@@ -159,27 +159,103 @@ test_keys (RSA_secret_key *sk, unsigned
|
@@ -159,22 +159,97 @@ test_keys (RSA_secret_key *sk, unsigned
|
||||||
/* Create another random plaintext as data for signature checking. */
|
/* Create another random plaintext as data for signature checking. */
|
||||||
_gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
|
_gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
|
||||||
|
|
||||||
@ -112,12 +112,6 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
|
|||||||
leave:
|
leave:
|
||||||
_gcry_mpi_release (signature);
|
_gcry_mpi_release (signature);
|
||||||
_gcry_mpi_release (decr_plaintext);
|
_gcry_mpi_release (decr_plaintext);
|
||||||
_gcry_mpi_release (ciphertext);
|
|
||||||
_gcry_mpi_release (plaintext);
|
|
||||||
+
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
|
@@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
|
||||||
/* This sexp trickery is to prevent the use of blinding.
|
/* This sexp trickery is to prevent the use of blinding.
|
||||||
* The flag doesn't get inherited by encr, so we have to
|
* The flag doesn't get inherited by encr, so we have to
|
||||||
@ -127,11 +121,3 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
|
|||||||
memset(buf, 0, sizeof(buf));
|
memset(buf, 0, sizeof(buf));
|
||||||
err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
|
err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
|
||||||
if (err)
|
if (err)
|
||||||
@@ -2012,6 +2088,7 @@ selftests_rsa (selftest_report_func_t re
|
|
||||||
sexp_release (skey);
|
|
||||||
if (report)
|
|
||||||
report ("pubkey", GCRY_PK_RSA, what, errtxt);
|
|
||||||
+
|
|
||||||
return GPG_ERR_SELFTEST_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
Index: libgcrypt-1.8.5/cipher/ecc.c
|
Index: libgcrypt-1.9.0/cipher/ecc.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.5.orig/cipher/ecc.c
|
--- libgcrypt-1.9.0.orig/cipher/ecc.c
|
||||||
+++ libgcrypt-1.8.5/cipher/ecc.c
|
+++ libgcrypt-1.9.0/cipher/ecc.c
|
||||||
@@ -2060,11 +2060,11 @@ selftest_sign (gcry_sexp_t pkey, gcry_se
|
@@ -1581,11 +1581,11 @@ selftest_sign (gcry_sexp_t pkey, gcry_se
|
||||||
{
|
{
|
||||||
/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
|
/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
|
||||||
static const char sample_data[] =
|
static const char sample_data[] =
|
||||||
@ -16,19 +16,19 @@ Index: libgcrypt-1.8.5/cipher/ecc.c
|
|||||||
" (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
|
" (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
|
||||||
/**/ "62113d8a62add1bf#))";
|
/**/ "62113d8a62add1bf#))";
|
||||||
static const char signature_r[] =
|
static const char signature_r[] =
|
||||||
Index: libgcrypt-1.8.5/cipher/ecc-ecdsa.c
|
Index: libgcrypt-1.9.0/cipher/ecc-ecdsa.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.5.orig/cipher/ecc-ecdsa.c
|
--- libgcrypt-1.9.0.orig/cipher/ecc-ecdsa.c
|
||||||
+++ libgcrypt-1.8.5/cipher/ecc-ecdsa.c
|
+++ libgcrypt-1.9.0/cipher/ecc-ecdsa.c
|
||||||
@@ -52,6 +52,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
|
@@ -51,6 +51,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
|
||||||
mpi_ec_t ctx;
|
unsigned int abits, qbits;
|
||||||
gcry_mpi_t b; /* Random number needed for blinding. */
|
gcry_mpi_t b; /* Random number needed for blinding. */
|
||||||
gcry_mpi_t bi; /* multiplicative inverse of B. */
|
gcry_mpi_t bi; /* multiplicative inverse of B. */
|
||||||
+ int with_blinding = !(flags & PUBKEY_FLAG_NO_BLINDING);
|
+ int with_blinding = !(flags & PUBKEY_FLAG_NO_BLINDING);
|
||||||
|
|
||||||
if (DBG_CIPHER)
|
if (DBG_CIPHER)
|
||||||
log_mpidump ("ecdsa sign hash ", input );
|
log_mpidump ("ecdsa sign hash ", input );
|
||||||
@@ -65,12 +66,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
|
@@ -64,12 +65,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
|
||||||
|
|
||||||
b = mpi_snew (qbits);
|
b = mpi_snew (qbits);
|
||||||
bi = mpi_snew (qbits);
|
bi = mpi_snew (qbits);
|
||||||
@ -36,48 +36,47 @@ Index: libgcrypt-1.8.5/cipher/ecc-ecdsa.c
|
|||||||
+ if (with_blinding)
|
+ if (with_blinding)
|
||||||
{
|
{
|
||||||
- _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
|
- _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
|
||||||
- mpi_mod (b, b, skey->E.n);
|
- mpi_mod (b, b, ec->n);
|
||||||
+ do
|
+ do
|
||||||
+ {
|
+ {
|
||||||
+ _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
|
+ _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
|
||||||
+ mpi_mod (b, b, skey->E.n);
|
+ mpi_mod (b, b, ec->n);
|
||||||
+ }
|
+ }
|
||||||
+ while (!mpi_invm (bi, b, skey->E.n));
|
+ while (!mpi_invm (bi, b, ec->n));
|
||||||
}
|
}
|
||||||
- while (!mpi_invm (bi, b, skey->E.n));
|
- while (!mpi_invm (bi, b, ec->n));
|
||||||
|
|
||||||
k = NULL;
|
k = NULL;
|
||||||
dr = mpi_alloc (0);
|
dr = mpi_alloc (0);
|
||||||
@@ -128,14 +132,25 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
|
@@ -126,14 +130,23 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
|
||||||
}
|
}
|
||||||
while (!mpi_cmp_ui (r, 0));
|
while (!mpi_cmp_ui (r, 0));
|
||||||
|
|
||||||
- /* Computation of dr, sum, and s are blinded with b. */
|
- /* Computation of dr, sum, and s are blinded with b. */
|
||||||
- mpi_mulm (dr, b, skey->d, skey->E.n);
|
- mpi_mulm (dr, b, ec->d, ec->n);
|
||||||
- mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */
|
- mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */
|
||||||
- mpi_mulm (sum, b, hash, skey->E.n);
|
- mpi_mulm (sum, b, hash, ec->n);
|
||||||
- mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */
|
- mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */
|
||||||
|
- mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */
|
||||||
|
- /* Undo blinding by b^-1 */
|
||||||
|
- mpi_mulm (s, bi, s, ec->n);
|
||||||
+ if (!with_blinding)
|
+ if (!with_blinding)
|
||||||
+ {
|
+ {
|
||||||
+ mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */
|
+ mpi_mulm (dr, ec->d, r, ec->n); /* dr = d*r mod n */
|
||||||
+ mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n */
|
+ mpi_addm (sum, hash, dr, ec->n); /* sum = hash + (d*r) mod n */
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ /* Computation of dr, sum, and s are blinded with b. */
|
+ mpi_mulm (dr, b, ec->d, ec->n);
|
||||||
+ mpi_mulm (dr, b, skey->d, skey->E.n);
|
+ mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */
|
||||||
+ mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */
|
+ mpi_mulm (sum, b, hash, ec->n);
|
||||||
+ mpi_mulm (sum, b, hash, skey->E.n);
|
+ mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */
|
||||||
+ mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */
|
+ }
|
||||||
+ }
|
+ mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */
|
||||||
mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */
|
|
||||||
- /* Undo blinding by b^-1 */
|
|
||||||
- mpi_mulm (s, bi, s, skey->E.n);
|
|
||||||
+ if (with_blinding)
|
+ if (with_blinding)
|
||||||
+ {
|
+ {
|
||||||
+ /* Undo blinding by b^-1 */
|
+ mpi_mulm (s, bi, s, ec->n); /* Undo blinding by b^-1 */
|
||||||
+ mpi_mulm (s, bi, s, skey->E.n);
|
+ }
|
||||||
+ }
|
|
||||||
}
|
}
|
||||||
while (!mpi_cmp_ui (s, 0));
|
while (!mpi_cmp_ui (s, 0));
|
||||||
|
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
Index: libgcrypt-1.8.2/cipher/rsa.c
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.8.2.orig/cipher/rsa.c 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.2/cipher/rsa.c 2019-03-26 11:14:33.737388126 +0100
|
|
||||||
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
|
||||||
|
|
||||||
if (nbits < 1024 || (nbits & 0x1FF))
|
|
||||||
return GPG_ERR_INV_VALUE;
|
|
||||||
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
|
||||||
+ if (fips_mode() && nbits != 2048 && nbits != 3072)
|
|
||||||
return GPG_ERR_INV_VALUE;
|
|
||||||
|
|
||||||
/* The random quality depends on the transient_key flag. */
|
|
@ -1,9 +1,9 @@
|
|||||||
Index: libgcrypt-1.8.2/src/fips.c
|
Index: libgcrypt-1.9.1/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/src/fips.c 2020-04-16 21:15:01.633217969 +0200
|
--- libgcrypt-1.9.1.orig/src/fips.c
|
||||||
+++ libgcrypt-1.8.2/src/fips.c 2020-04-16 21:21:44.279376166 +0200
|
+++ libgcrypt-1.9.1/src/fips.c
|
||||||
@@ -651,7 +651,7 @@ get_library_path(const char *libname, co
|
@@ -660,7 +660,7 @@ get_library_path(const char *libname, co
|
||||||
}
|
#endif
|
||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
-get_hmac_path(char **fname)
|
-get_hmac_path(char **fname)
|
||||||
@ -11,25 +11,25 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
{
|
{
|
||||||
char libpath[4096];
|
char libpath[4096];
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
@@ -676,7 +676,7 @@ get_hmac_path(char **fname)
|
@@ -685,7 +685,7 @@ get_hmac_path(char **fname)
|
||||||
p = *fname;
|
p = *fname;
|
||||||
memmove (p+1, p, strlen (p)+1);
|
memmove (p+1, p, strlen (p)+1);
|
||||||
*p = '.';
|
*p = '.';
|
||||||
- strcat (*fname, ".hmac");
|
- strcat (*fname, ".hmac");
|
||||||
+ strcat (*fname, suffix);
|
+ strcat (*fname, suffix);
|
||||||
err = 0;
|
err = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -708,7 +708,7 @@ check_binary_integrity (void)
|
@@ -717,7 +717,7 @@ check_binary_integrity (void)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
- err = get_hmac_path(&fname);
|
- err = get_hmac_path(&fname);
|
||||||
+ err = get_hmac_path(&fname, ".hmac");
|
+ err = get_hmac_path(&fname, ".hmac");
|
||||||
if (!err)
|
if (!err)
|
||||||
{
|
{
|
||||||
/* Open the file. */
|
/* Open the file. */
|
||||||
@@ -769,7 +769,7 @@ can_skip_selftests(void)
|
@@ -779,7 +779,7 @@ can_skip_selftests(void)
|
||||||
if (fips_mode())
|
if (fips_mode())
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ Index: libgcrypt-1.6.1/tests/fipsdrv.c
|
|||||||
static void
|
static void
|
||||||
-run_dsa_sign (const void *data, size_t datalen, const char *keyfile)
|
-run_dsa_sign (const void *data, size_t datalen, const char *keyfile)
|
||||||
+run_dsa_sign (const void *data, size_t datalen,
|
+run_dsa_sign (const void *data, size_t datalen,
|
||||||
+ int hashalgo, const char *keyfile)
|
+ int hashalgo, const char *keyfile)
|
||||||
|
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
@ -31,7 +31,7 @@ Index: libgcrypt-1.6.1/tests/fipsdrv.c
|
|||||||
|
|
||||||
- gcry_md_hash_buffer (algo, hash, data, datalen);
|
- gcry_md_hash_buffer (algo, hash, data, datalen);
|
||||||
+ if (hashalgo_len < algo_len)
|
+ if (hashalgo_len < algo_len)
|
||||||
+ algo_len = hashalgo_len;
|
+ algo_len = hashalgo_len;
|
||||||
+
|
+
|
||||||
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
|
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
|
||||||
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
|
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
|
Index: libgcrypt-1.9.1/tests/basic.c
|
||||||
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
|
===================================================================
|
||||||
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
|
--- libgcrypt-1.9.1.orig/tests/basic.c
|
||||||
@@ -6964,7 +6964,7 @@ check_ciphers (void)
|
+++ libgcrypt-1.9.1/tests/basic.c
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
|
@@ -9978,7 +9978,7 @@ check_ciphers (void)
|
||||||
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_EAX, 0);
|
||||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
|
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
|
||||||
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||||
@ -10,7 +11,7 @@ diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basi
|
|||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
|
||||||
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
|
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
|
||||||
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
|
||||||
@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
|
@@ -10025,12 +10025,18 @@ check_cipher_modes(void)
|
||||||
check_cfb_cipher ();
|
check_cfb_cipher ();
|
||||||
check_ofb_cipher ();
|
check_ofb_cipher ();
|
||||||
check_ccm_cipher ();
|
check_ccm_cipher ();
|
||||||
@ -24,6 +25,7 @@ diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basi
|
|||||||
+ check_ocb_cipher ();
|
+ check_ocb_cipher ();
|
||||||
+ }
|
+ }
|
||||||
check_xts_cipher ();
|
check_xts_cipher ();
|
||||||
|
check_eax_cipher ();
|
||||||
- check_gost28147_cipher ();
|
- check_gost28147_cipher ();
|
||||||
+ if (!in_fips_mode)
|
+ if (!in_fips_mode)
|
||||||
+ {
|
+ {
|
||||||
@ -32,7 +34,7 @@ diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basi
|
|||||||
check_stream_cipher ();
|
check_stream_cipher ();
|
||||||
check_stream_cipher_large_block ();
|
check_stream_cipher_large_block ();
|
||||||
|
|
||||||
@@ -10001,7 +10007,7 @@ check_mac (void)
|
@@ -13383,7 +13389,7 @@ check_mac (void)
|
||||||
show_mac_not_available (algos[i].algo);
|
show_mac_not_available (algos[i].algo);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -41,16 +43,16 @@ diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basi
|
|||||||
{
|
{
|
||||||
if (verbose)
|
if (verbose)
|
||||||
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||||
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
|
@@ -14508,8 +14514,6 @@ main (int argc, char **argv)
|
||||||
/* If we are in fips mode do some more tests. */
|
/* If we are in fips mode do some more tests. */
|
||||||
gcry_md_hd_t md;
|
gcry_md_hd_t md;
|
||||||
|
|
||||||
- /* First trigger a self-test. */
|
- /* First trigger a self-test. */
|
||||||
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
|
||||||
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||||
fail ("not in operational state after self-test\n");
|
fail ("not in operational state after self-test\n");
|
||||||
|
|
||||||
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
|
@@ -14534,15 +14538,6 @@ main (int argc, char **argv)
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||||
fail ("expected error state but still in operational state\n");
|
fail ("expected error state but still in operational state\n");
|
||||||
@ -58,7 +60,7 @@ diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basi
|
|||||||
- {
|
- {
|
||||||
- /* Now run a self-test and to get back into
|
- /* Now run a self-test and to get back into
|
||||||
- operational state. */
|
- operational state. */
|
||||||
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
|
||||||
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||||
- fail ("did not reach operational after error "
|
- fail ("did not reach operational after error "
|
||||||
- "and self-test\n");
|
- "and self-test\n");
|
||||||
@ -66,26 +68,28 @@ diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basi
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
|
Index: libgcrypt-1.9.1/tests/benchmark.c
|
||||||
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
|
===================================================================
|
||||||
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
|
--- libgcrypt-1.9.1.orig/tests/benchmark.c
|
||||||
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
|
+++ libgcrypt-1.9.1/tests/benchmark.c
|
||||||
|| (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
|
@@ -943,8 +943,10 @@ cipher_bench ( const char *algoname )
|
||||||
|
&& algo != GCRY_CIPHER_CHACHA20)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
- if (modes[modeidx].req_blocksize > 0
|
- if (modes[modeidx].req_blocksize > 0
|
||||||
- && blklen != modes[modeidx].req_blocksize)
|
- && blklen != modes[modeidx].req_blocksize)
|
||||||
+ if ((modes[modeidx].req_blocksize > 0
|
+ if ((modes[modeidx].req_blocksize > 0
|
||||||
+ && blklen != modes[modeidx].req_blocksize)
|
+ && blklen != modes[modeidx].req_blocksize)
|
||||||
+ || (in_fips_mode
|
+ || (in_fips_mode
|
||||||
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
|
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
|
||||||
{
|
{
|
||||||
printf (" %7s %7s", "-", "-" );
|
printf (" %7s %7s", "-", "-" );
|
||||||
continue;
|
continue;
|
||||||
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
|
Index: libgcrypt-1.9.1/tests/bench-slope.c
|
||||||
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
===================================================================
|
||||||
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
|
--- libgcrypt-1.9.1.orig/tests/bench-slope.c
|
||||||
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
|
+++ libgcrypt-1.9.1/tests/bench-slope.c
|
||||||
|
@@ -1573,7 +1573,7 @@ cipher_bench_one (int algo, struct bench
|
||||||
return;
|
return;
|
||||||
|
|
||||||
/* GCM has restrictions for block-size */
|
/* GCM has restrictions for block-size */
|
||||||
@ -94,9 +98,10 @@ diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/test
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
/* XTS has restrictions for block-size */
|
/* XTS has restrictions for block-size */
|
||||||
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
|
Index: libgcrypt-1.9.1/tests/pubkey.c
|
||||||
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
===================================================================
|
||||||
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
|
--- libgcrypt-1.9.1.orig/tests/pubkey.c
|
||||||
|
+++ libgcrypt-1.9.1/tests/pubkey.c
|
||||||
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
|
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
|
||||||
rc = gcry_sexp_new
|
rc = gcry_sexp_new
|
||||||
(&key_spec,
|
(&key_spec,
|
||||||
@ -137,39 +142,27 @@ diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pub
|
|||||||
")))", 0, 1);
|
")))", 0, 1);
|
||||||
if (rc)
|
if (rc)
|
||||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||||
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
@@ -596,7 +611,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
||||||
" (use-fips186)"
|
" (use-fips186)"
|
||||||
" (transient-key)"
|
" (transient-key)"
|
||||||
" (derive-parms"
|
" (derive-parms"
|
||||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
- " (seed #f770a4598ff756931fc529764513b103ce57d85f4ad8c5cf297c9b4d48241c5b#))))",
|
||||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||||
0, 1);
|
0, 1);
|
||||||
if (rc)
|
if (rc)
|
||||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||||
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
|
Index: libgcrypt-1.9.1/tests/t-secmem.c
|
||||||
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
===================================================================
|
||||||
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
|
--- libgcrypt-1.9.1.orig/tests/t-secmem.c
|
||||||
@@ -560,6 +560,9 @@ main (int argc, char **argv)
|
+++ libgcrypt-1.9.1/tests/t-secmem.c
|
||||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
|
||||||
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
|
||||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
+ /* Curve25519 isn't supported in fips mode */
|
|
||||||
+ if (gcry_fips_mode_active())
|
|
||||||
+ return 77;
|
|
||||||
|
|
||||||
start_timer ();
|
|
||||||
check_cv25519 ();
|
|
||||||
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
|
|
||||||
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
|
|
||||||
@@ -174,7 +174,8 @@ main (int argc, char **argv)
|
@@ -174,7 +174,8 @@ main (int argc, char **argv)
|
||||||
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
|
||||||
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||||
xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
|
xgcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0));
|
||||||
- gcry_set_outofcore_handler (outofcore_handler, NULL);
|
- gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||||
+ if (!gcry_fips_mode_active ())
|
+ if (!gcry_fips_mode_active ())
|
||||||
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
|
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||||
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||||
|
|
||||||
/* Libgcrypt prints a warning when the first overflow is allocated;
|
/* Libgcrypt prints a warning when the first overflow is allocated;
|
||||||
@@ -184,7 +185,8 @@ main (int argc, char **argv)
|
@@ -184,7 +185,8 @@ main (int argc, char **argv)
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Index: libgcrypt-1.8.2/src/global.c
|
Index: libgcrypt-1.9.1/src/global.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/src/global.c 2020-04-16 21:13:28.252717330 +0200
|
--- libgcrypt-1.9.1.orig/src/global.c
|
||||||
+++ libgcrypt-1.8.2/src/global.c 2020-04-16 21:13:47.960822991 +0200
|
+++ libgcrypt-1.9.1/src/global.c
|
||||||
@@ -86,7 +86,7 @@ static gpg_err_code_t external_lock_test
|
@@ -86,7 +86,7 @@ static gpg_err_code_t external_lock_test
|
||||||
likely to be called at startup. The suggested way for an
|
likely to be called at startup. The suggested way for an
|
||||||
application to make sure that this has been called is by using
|
application to make sure that this has been called is by using
|
||||||
@ -45,11 +45,11 @@ Index: libgcrypt-1.8.2/src/global.c
|
|||||||
/* This function is called by the macro fips_is_operational and makes
|
/* This function is called by the macro fips_is_operational and makes
|
||||||
sure that the minimal initialization has been done. This is far
|
sure that the minimal initialization has been done. This is far
|
||||||
from a perfect solution and hides problems with an improper
|
from a perfect solution and hides problems with an improper
|
||||||
Index: libgcrypt-1.8.2/src/fips.c
|
Index: libgcrypt-1.9.1/src/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libgcrypt-1.8.2.orig/src/fips.c 2020-04-16 21:13:28.252717330 +0200
|
--- libgcrypt-1.9.1.orig/src/fips.c
|
||||||
+++ libgcrypt-1.8.2/src/fips.c 2020-04-16 21:14:44.781127616 +0200
|
+++ libgcrypt-1.9.1/src/fips.c
|
||||||
@@ -125,6 +125,7 @@ void
|
@@ -124,6 +124,7 @@ void
|
||||||
_gcry_initialize_fips_mode (int force)
|
_gcry_initialize_fips_mode (int force)
|
||||||
{
|
{
|
||||||
static int done;
|
static int done;
|
||||||
@ -57,48 +57,33 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
|
|
||||||
/* Make sure we are not accidentally called twice. */
|
/* Make sure we are not accidentally called twice. */
|
||||||
if (done)
|
if (done)
|
||||||
@@ -214,6 +215,23 @@ _gcry_initialize_fips_mode (int force)
|
@@ -213,6 +214,23 @@ _gcry_initialize_fips_mode (int force)
|
||||||
/* Yes, we are in FIPS mode. */
|
/* Yes, we are in FIPS mode. */
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
|
||||||
+ /* Intitialize the lock to protect the FSM. */
|
+ /* Intitialize the lock to protect the FSM. */
|
||||||
+ err = gpgrt_lock_init (&fsm_lock);
|
+ err = gpgrt_lock_init (&fsm_lock);
|
||||||
+ if (err)
|
+ if (err)
|
||||||
+ {
|
+ {
|
||||||
+ /* If that fails we can't do anything but abort the
|
+ /* If that fails we can't do anything but abort the
|
||||||
+ process. We need to use log_info so that the FSM won't
|
+ * process. We need to use log_info so that the FSM won't
|
||||||
+ get involved. */
|
+ * get involved. */
|
||||||
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
||||||
+ gpg_strerror (err));
|
+ gpg_strerror (err));
|
||||||
+#ifdef HAVE_SYSLOG
|
+#ifdef HAVE_SYSLOG
|
||||||
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||||
+ "creating FSM lock failed: %s - abort",
|
+ "creating FSM lock failed: %s - abort",
|
||||||
+ gpg_strerror (err));
|
+ gpg_strerror (err));
|
||||||
+#endif /*HAVE_SYSLOG*/
|
+#endif /*HAVE_SYSLOG*/
|
||||||
+ abort ();
|
+ abort ();
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
/* If the FIPS force files exists, is readable and has a number
|
/* If the FIPS force files exists, is readable and has a number
|
||||||
!= 0 on its first line, we enable the enforced fips mode. */
|
!= 0 on its first line, we enable the enforced fips mode. */
|
||||||
fp = fopen (FIPS_FORCE_FILE, "r");
|
fp = fopen (FIPS_FORCE_FILE, "r");
|
||||||
@@ -614,10 +632,10 @@ get_library_path(const char *libname, co
|
@@ -641,6 +659,39 @@ get_library_path(const char *libname, co
|
||||||
void *dl, *sym;
|
|
||||||
int rv = -1;
|
|
||||||
|
|
||||||
- dl = dlopen(libname, RTLD_LAZY);
|
|
||||||
- if (dl == NULL) {
|
|
||||||
- return -1;
|
|
||||||
- }
|
|
||||||
+ dl = dlopen(libname, RTLD_LAZY);
|
|
||||||
+ if (dl == NULL) {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
sym = dlsym(dl, symbolname);
|
|
||||||
|
|
||||||
@@ -632,6 +650,39 @@ get_library_path(const char *libname, co
|
|
||||||
return rv;
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
+static gpg_error_t
|
+static gpg_error_t
|
||||||
+get_hmac_path(char **fname)
|
+get_hmac_path(char **fname)
|
||||||
@ -112,23 +97,23 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
+ {
|
+ {
|
||||||
+ *fname = _gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
|
+ *fname = _gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
|
||||||
+ if (!*fname)
|
+ if (!*fname)
|
||||||
+ err = gpg_error_from_syserror ();
|
+ err = gpg_error_from_syserror ();
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ char *p;
|
+ char *p;
|
||||||
+
|
+
|
||||||
+ /* Prefix the basename with a dot. */
|
+ /* Prefix the basename with a dot. */
|
||||||
+ strcpy (*fname, libpath);
|
+ strcpy (*fname, libpath);
|
||||||
+ p = strrchr (*fname, '/');
|
+ p = strrchr (*fname, '/');
|
||||||
+ if (p)
|
+ if (p)
|
||||||
+ p++;
|
+ p++;
|
||||||
+ else
|
+ else
|
||||||
+ p = *fname;
|
+ p = *fname;
|
||||||
+ memmove (p+1, p, strlen (p)+1);
|
+ memmove (p+1, p, strlen (p)+1);
|
||||||
+ *p = '.';
|
+ *p = '.';
|
||||||
+ strcat (*fname, ".hmac");
|
+ strcat (*fname, ".hmac");
|
||||||
+ err = 0;
|
+ err = 0;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ return err;
|
+ return err;
|
||||||
+}
|
+}
|
||||||
@ -136,7 +121,7 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
/* Run an integrity check on the binary. Returns 0 on success. */
|
/* Run an integrity check on the binary. Returns 0 on success. */
|
||||||
static int
|
static int
|
||||||
check_binary_integrity (void)
|
check_binary_integrity (void)
|
||||||
@@ -656,25 +707,10 @@ check_binary_integrity (void)
|
@@ -665,25 +716,10 @@ check_binary_integrity (void)
|
||||||
err = gpg_error (GPG_ERR_INTERNAL);
|
err = gpg_error (GPG_ERR_INTERNAL);
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -144,7 +129,10 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
- if (!fname)
|
- if (!fname)
|
||||||
- err = gpg_error_from_syserror ();
|
- err = gpg_error_from_syserror ();
|
||||||
- else
|
- else
|
||||||
- {
|
+ FILE *fp;
|
||||||
|
+ err = get_hmac_path(&fname);
|
||||||
|
+ if (!err)
|
||||||
|
{
|
||||||
- FILE *fp;
|
- FILE *fp;
|
||||||
- char *p;
|
- char *p;
|
||||||
-
|
-
|
||||||
@ -159,14 +147,10 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
- *p = '.';
|
- *p = '.';
|
||||||
- strcat (fname, ".hmac");
|
- strcat (fname, ".hmac");
|
||||||
-
|
-
|
||||||
+ FILE *fp;
|
|
||||||
+ err = get_hmac_path(&fname);
|
|
||||||
+ if (!err)
|
|
||||||
+ {
|
|
||||||
/* Open the file. */
|
/* Open the file. */
|
||||||
fp = fopen (fname, "r");
|
fp = fopen (fname, "r");
|
||||||
if (!fp)
|
if (!fp)
|
||||||
@@ -725,6 +761,33 @@ check_binary_integrity (void)
|
@@ -734,6 +770,33 @@ check_binary_integrity (void)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -200,18 +184,18 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
|
|
||||||
/* Run the self-tests. If EXTENDED is true, extended versions of the
|
/* Run the self-tests. If EXTENDED is true, extended versions of the
|
||||||
selftest are run, that is more tests than required by FIPS. */
|
selftest are run, that is more tests than required by FIPS. */
|
||||||
@@ -733,26 +795,13 @@ _gcry_fips_run_selftests (int extended)
|
@@ -742,26 +805,13 @@ _gcry_fips_run_selftests (int extended)
|
||||||
{
|
{
|
||||||
enum module_states result = STATE_ERROR;
|
enum module_states result = STATE_ERROR;
|
||||||
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
||||||
- int in_poweron;
|
- int in_poweron;
|
||||||
|
-
|
||||||
- lock_fsm ();
|
- lock_fsm ();
|
||||||
- in_poweron = (current_state == STATE_POWERON);
|
- in_poweron = (current_state == STATE_POWERON);
|
||||||
- unlock_fsm ();
|
- unlock_fsm ();
|
||||||
-
|
-
|
||||||
- fips_new_state (STATE_SELFTEST);
|
- fips_new_state (STATE_SELFTEST);
|
||||||
-
|
|
||||||
- /* We first check the integrity of the binary.
|
- /* We first check the integrity of the binary.
|
||||||
- If run from the constructor we are in POWERON state,
|
- If run from the constructor we are in POWERON state,
|
||||||
- we return and finish the remaining selftests before
|
- we return and finish the remaining selftests before
|
||||||
@ -231,8 +215,8 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
if (run_cipher_selftests (extended))
|
if (run_cipher_selftests (extended))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
@@ -762,6 +811,9 @@ _gcry_fips_run_selftests (int extended)
|
@@ -774,6 +824,9 @@ _gcry_fips_run_selftests (int extended)
|
||||||
if (run_mac_selftests (extended))
|
if (run_kdf_selftests (extended))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
+ if (check_binary_integrity ())
|
+ if (check_binary_integrity ())
|
||||||
@ -241,7 +225,7 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
/* Run random tests before the pubkey tests because the latter
|
/* Run random tests before the pubkey tests because the latter
|
||||||
require random. */
|
require random. */
|
||||||
if (run_random_selftests ())
|
if (run_random_selftests ())
|
||||||
@@ -775,7 +827,8 @@ _gcry_fips_run_selftests (int extended)
|
@@ -787,7 +840,8 @@ _gcry_fips_run_selftests (int extended)
|
||||||
ec = 0;
|
ec = 0;
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
@ -251,7 +235,7 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
|
|
||||||
return ec;
|
return ec;
|
||||||
}
|
}
|
||||||
@@ -831,7 +884,6 @@ fips_new_state (enum module_states new_s
|
@@ -843,7 +897,6 @@ fips_new_state (enum module_states new_s
|
||||||
{
|
{
|
||||||
case STATE_POWERON:
|
case STATE_POWERON:
|
||||||
if (new_state == STATE_INIT
|
if (new_state == STATE_INIT
|
||||||
@ -259,7 +243,7 @@ Index: libgcrypt-1.8.2/src/fips.c
|
|||||||
|| new_state == STATE_ERROR
|
|| new_state == STATE_ERROR
|
||||||
|| new_state == STATE_FATALERROR)
|
|| new_state == STATE_FATALERROR)
|
||||||
ok = 1;
|
ok = 1;
|
||||||
@@ -846,8 +898,6 @@ fips_new_state (enum module_states new_s
|
@@ -858,8 +911,6 @@ fips_new_state (enum module_states new_s
|
||||||
|
|
||||||
case STATE_SELFTEST:
|
case STATE_SELFTEST:
|
||||||
if (new_state == STATE_OPERATIONAL
|
if (new_state == STATE_OPERATIONAL
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
From: mvyskocil@suse.cz
|
|
||||||
Subject: unresolved dladdr symbol
|
|
||||||
|
|
||||||
When linking with --as-needed, some symbols are ommited. Add a DL_LIBS for
|
|
||||||
dladdr symbol to fix the issue.
|
|
||||||
|
|
||||||
References: bnc#701267
|
|
||||||
https://bugzilla.novell.com/show_bug.cgi?id=701267
|
|
||||||
Original-name: libgcrypt-1.5.0-as-needed.patch
|
|
||||||
|
|
||||||
Index: libgcrypt-1.5.2/src/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- libgcrypt-1.5.2.orig/src/Makefile.am
|
|
||||||
+++ libgcrypt-1.5.2/src/Makefile.am
|
|
||||||
@@ -110,7 +110,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
|
||||||
../cipher/libcipher.la \
|
|
||||||
../random/librandom.la \
|
|
||||||
../mpi/libmpi.la \
|
|
||||||
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
|
||||||
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) $(DL_LIBS)
|
|
||||||
|
|
||||||
|
|
||||||
dumpsexp_SOURCES = dumpsexp.c
|
|
@ -1,3 +1,92 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 2 01:06:47 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.9.1
|
||||||
|
* *Fix exploitable bug* in hash functions introduced with
|
||||||
|
1.9.0. [bsc#1181632, CVE-2021-3345]
|
||||||
|
* Return an error if a negative MPI is used with sexp scan
|
||||||
|
functions.
|
||||||
|
* Check for operational FIPS in the random and KDF functions.
|
||||||
|
* Fix compile error on ARMv7 with NEON disabled.
|
||||||
|
* Fix self-test in KDF module.
|
||||||
|
* Improve assembler checks for better LTO support.
|
||||||
|
* Fix 32-bit cross build on x86.
|
||||||
|
* Fix non-NEON ARM assembly implementation for SHA512.
|
||||||
|
* Fix build problems with the cipher_bulk_ops_t typedef.
|
||||||
|
* Fix Ed25519 private key handling for preceding ZEROs.
|
||||||
|
* Fix overflow in modular inverse implementation.
|
||||||
|
* Fix register access for AVX/AVX2 implementations of Blake2.
|
||||||
|
* Add optimized cipher and hash functions for s390x/zSeries.
|
||||||
|
* Use hardware bit counting functionx when available.
|
||||||
|
* Update DSA functions to match FIPS 186-3.
|
||||||
|
* New self-tests for CMACs and KDFs.
|
||||||
|
* Add bulk cipher functions for OFB and GCM modes.
|
||||||
|
- Update libgpg-error required version
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 1 12:03:31 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Use the suffix variable correctly in get_hmac_path()
|
||||||
|
- Rebase libgcrypt-fips_selftest_trigger_file.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 25 12:38:35 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Add the global config file /etc/gcrypt/random.conf
|
||||||
|
* This file can be used to globally change parameters of the random
|
||||||
|
generator with the options: only-urandom and disable-jent.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 21 15:42:15 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.9.0:
|
||||||
|
New stable branch of Libgcrypt with full API and ABI compatibility
|
||||||
|
to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
|
||||||
|
* New and extended interfaces:
|
||||||
|
- New curves Ed448, X448, and SM2.
|
||||||
|
- New cipher mode EAX.
|
||||||
|
- New cipher algo SM4.
|
||||||
|
- New hash algo SM3.
|
||||||
|
- New hash algo variants SHA512/224 and SHA512/256.
|
||||||
|
- New MAC algos for Blake-2 algorithms, the new SHA512 variants,
|
||||||
|
SM3, SM4 and for a GOST variant.
|
||||||
|
- New convenience function gcry_mpi_get_ui.
|
||||||
|
- gcry_sexp_extract_param understands new format specifiers to
|
||||||
|
directly store to integers and strings.
|
||||||
|
- New function gcry_ecc_mul_point and curve constants for Curve448
|
||||||
|
and Curve25519.
|
||||||
|
- New function gcry_ecc_get_algo_keylen.
|
||||||
|
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
|
||||||
|
secure memory area.
|
||||||
|
* Performance optimizations and bug fixes: See Release-info.
|
||||||
|
* Other features:
|
||||||
|
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
|
||||||
|
- Add mitigation against ECC timing attack CVE-2019-13627.
|
||||||
|
- Internal cleanup of the ECC implementation.
|
||||||
|
- Support reading EC point in compressed format for some curves.
|
||||||
|
- Rebase patches:
|
||||||
|
* libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
|
||||||
|
* libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
|
||||||
|
* libgcrypt-1.6.1-use-fipscheck.patch
|
||||||
|
* drbg_test.patch
|
||||||
|
* libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
|
||||||
|
* libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
|
||||||
|
* libgcrypt-1.8.4-fips-keygen.patch
|
||||||
|
* libgcrypt-1.8.4-getrandom.patch
|
||||||
|
* libgcrypt-fix-tests-fipsmode.patch
|
||||||
|
* libgcrypt-global_init-constructor.patch
|
||||||
|
* libgcrypt-ecc-ecdsa-no-blinding.patch
|
||||||
|
* libgcrypt-PCT-RSA.patch
|
||||||
|
* libgcrypt-PCT-ECC.patch
|
||||||
|
- Remove patches:
|
||||||
|
* libgcrypt-unresolved-dladdr.patch
|
||||||
|
* libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
|
||||||
|
* libgcrypt-CVE-2019-12904-GCM.patch
|
||||||
|
* libgcrypt-CVE-2019-12904-AES.patch
|
||||||
|
* libgcrypt-CMAC-AES-TDES-selftest.patch
|
||||||
|
* libgcrypt-1.6.1-fips-cfgrandom.patch
|
||||||
|
* libgcrypt-fips_rsa_no_enforced_mode.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Oct 24 10:25:13 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
Sat Oct 24 10:25:13 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
100
libgcrypt.spec
100
libgcrypt.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package libgcrypt
|
# spec file for package libgcrypt
|
||||||
#
|
#
|
||||||
# Copyright (c) 2020 SUSE LLC
|
# Copyright (c) 2021 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -22,7 +22,7 @@
|
|||||||
%define libsoname %{name}%{libsover}
|
%define libsoname %{name}%{libsover}
|
||||||
%define cavs_dir %{_libexecdir}/%{name}/cavs
|
%define cavs_dir %{_libexecdir}/%{name}/cavs
|
||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.8.7
|
Version: 1.9.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The GNU Crypto Library
|
Summary: The GNU Crypto Library
|
||||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||||
@ -31,67 +31,55 @@ URL: https://directory.fsf.org/wiki/Libgcrypt
|
|||||||
Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
|
Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
|
||||||
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
|
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Source4: %{name}.keyring
|
|
||||||
# https://www.gnupg.org/signature_key.en.html
|
# https://www.gnupg.org/signature_key.en.html
|
||||||
|
Source4: libgcrypt.keyring
|
||||||
# cavs test framework
|
# cavs test framework
|
||||||
Source5: cavs-test.sh
|
Source5: cavs-test.sh
|
||||||
Source6: cavs_driver.pl
|
Source6: cavs_driver.pl
|
||||||
Source99: %{name}.changes
|
Source7: random.conf
|
||||||
Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch
|
Source99: libgcrypt.changes
|
||||||
Patch4: %{name}-sparcv9.diff
|
Patch1: libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
|
||||||
#PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS)
|
Patch2: libgcrypt-sparcv9.diff
|
||||||
#was: libgcrypt-1.5.0-as-needed.patch
|
|
||||||
Patch5: libgcrypt-unresolved-dladdr.patch
|
|
||||||
#PATCH-FIX-SUSE: N/A
|
#PATCH-FIX-SUSE: N/A
|
||||||
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
|
Patch3: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
|
||||||
Patch12: libgcrypt-1.6.1-use-fipscheck.patch
|
Patch4: libgcrypt-1.6.1-use-fipscheck.patch
|
||||||
Patch13: libgcrypt-1.6.1-fips-cavs.patch
|
Patch5: libgcrypt-1.6.1-fips-cavs.patch
|
||||||
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
|
Patch6: libgcrypt-fix-rng.patch
|
||||||
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
|
|
||||||
Patch28: libgcrypt-fix-rng.patch
|
|
||||||
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
|
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
|
||||||
Patch30: drbg_test.patch
|
Patch7: drbg_test.patch
|
||||||
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-sign
|
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-sign
|
||||||
Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
|
Patch8: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
|
||||||
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
|
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
|
||||||
Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
|
Patch9: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
|
||||||
Patch39: libgcrypt-1.8.3-fips-ctor.patch
|
Patch10: libgcrypt-1.8.3-fips-ctor.patch
|
||||||
Patch42: libgcrypt-fips_rsa_no_enforced_mode.patch
|
Patch11: libgcrypt-1.8.4-use_xfree.patch
|
||||||
Patch43: libgcrypt-1.8.4-use_xfree.patch
|
Patch12: libgcrypt-1.8.4-allow_FSM_same_state.patch
|
||||||
Patch44: libgcrypt-1.8.4-allow_FSM_same_state.patch
|
Patch13: libgcrypt-1.8.4-getrandom.patch
|
||||||
Patch45: libgcrypt-1.8.4-getrandom.patch
|
Patch14: libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
|
||||||
#PATCH-FIX-UPSTREAM bsc#1138939 CVE-2019-12904 C implementation of AES is
|
|
||||||
#vulnerable to a flush-and-reload side-channel attack
|
|
||||||
Patch46: libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
|
|
||||||
Patch47: libgcrypt-CVE-2019-12904-GCM.patch
|
|
||||||
Patch48: libgcrypt-CVE-2019-12904-AES.patch
|
|
||||||
Patch49: libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
|
|
||||||
#PATCH-FIX-SUSE bsc#1155338 bsc#1155338 FIPS: CMAC AES and TDES self tests missing
|
|
||||||
Patch50: libgcrypt-CMAC-AES-TDES-selftest.patch
|
|
||||||
#PATCH-FIX-SUSE Fix test in FIPS mode
|
#PATCH-FIX-SUSE Fix test in FIPS mode
|
||||||
Patch51: libgcrypt-dsa-rfc6979-test-fix.patch
|
Patch15: libgcrypt-dsa-rfc6979-test-fix.patch
|
||||||
Patch52: libgcrypt-fix-tests-fipsmode.patch
|
Patch16: libgcrypt-fix-tests-fipsmode.patch
|
||||||
#PATCH-FIX-SUSE bsc#1155337 FIPS: RSA/DSA/ECDSA are missing hashing operation
|
#PATCH-FIX-SUSE bsc#1155337 FIPS: RSA/DSA/ECDSA are missing hashing operation
|
||||||
Patch53: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
|
Patch17: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
|
||||||
#PATCH-FIX-SUSE bsc#1161220 FIPS: libgcrypt RSA siggen/keygen: 4k not supported
|
#PATCH-FIX-SUSE bsc#1161220 FIPS: libgcrypt RSA siggen/keygen: 4k not supported
|
||||||
Patch54: libgcrypt-1.8.4-fips-keygen.patch
|
Patch18: libgcrypt-1.8.4-fips-keygen.patch
|
||||||
#PATCH-FIX-SUSE bsc#1164950 Run self-tests from the constructor
|
#PATCH-FIX-SUSE bsc#1164950 Run self-tests from the constructor
|
||||||
Patch55: libgcrypt-invoke-global_init-from-constructor.patch
|
Patch19: libgcrypt-invoke-global_init-from-constructor.patch
|
||||||
#PATCH-FIX-SUSE bsc#1164950 Restore the self-tests from the constructor
|
#PATCH-FIX-SUSE bsc#1164950 Restore the self-tests from the constructor
|
||||||
Patch56: libgcrypt-Restore-self-tests-from-constructor.patch
|
Patch20: libgcrypt-Restore-self-tests-from-constructor.patch
|
||||||
Patch57: libgcrypt-FIPS-GMAC_AES-benckmark.patch
|
Patch21: libgcrypt-FIPS-GMAC_AES-benckmark.patch
|
||||||
Patch58: libgcrypt-global_init-constructor.patch
|
Patch22: libgcrypt-global_init-constructor.patch
|
||||||
Patch59: libgcrypt-random_selftests-testentropy.patch
|
Patch23: libgcrypt-random_selftests-testentropy.patch
|
||||||
Patch60: libgcrypt-rsa-no-blinding.patch
|
Patch24: libgcrypt-rsa-no-blinding.patch
|
||||||
Patch61: libgcrypt-ecc-ecdsa-no-blinding.patch
|
Patch25: libgcrypt-ecc-ecdsa-no-blinding.patch
|
||||||
#PATCH-FIX-SUSE bsc#1165539 FIPS: Use the new signature operation in PCT
|
#PATCH-FIX-SUSE bsc#1165539 FIPS: Use the new signature operation in PCT
|
||||||
Patch62: libgcrypt-PCT-RSA.patch
|
Patch26: libgcrypt-PCT-RSA.patch
|
||||||
Patch63: libgcrypt-PCT-DSA.patch
|
Patch27: libgcrypt-PCT-DSA.patch
|
||||||
Patch64: libgcrypt-PCT-ECC.patch
|
Patch28: libgcrypt-PCT-ECC.patch
|
||||||
Patch65: libgcrypt-fips_selftest_trigger_file.patch
|
Patch29: libgcrypt-fips_selftest_trigger_file.patch
|
||||||
BuildRequires: automake >= 1.14
|
BuildRequires: automake >= 1.14
|
||||||
BuildRequires: fipscheck
|
BuildRequires: fipscheck
|
||||||
BuildRequires: libgpg-error-devel >= 1.25
|
BuildRequires: libgpg-error-devel >= 1.27
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
|
|
||||||
@ -128,7 +116,7 @@ License: GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
|
|||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Requires: %{libsoname} = %{version}
|
Requires: %{libsoname} = %{version}
|
||||||
Requires: glibc-devel
|
Requires: glibc-devel
|
||||||
Requires: libgpg-error-devel >= 1.13
|
Requires: libgpg-error-devel >= 1.27
|
||||||
Requires(post): %{install_info_prereq}
|
Requires(post): %{install_info_prereq}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
@ -156,7 +144,7 @@ Summary: The GNU Crypto Library
|
|||||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later
|
License: GPL-2.0-or-later AND LGPL-2.1-or-later
|
||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Requires: %{libsoname} = %{version}
|
Requires: %{libsoname} = %{version}
|
||||||
Requires: libgpg-error-devel
|
Requires: libgpg-error-devel >= 1.27
|
||||||
Requires(post): %{install_info_prereq}
|
Requires(post): %{install_info_prereq}
|
||||||
|
|
||||||
%description hmac256
|
%description hmac256
|
||||||
@ -165,7 +153,7 @@ blocks. It is originally based on code used by GnuPG. It does not
|
|||||||
provide any implementation of OpenPGP or other protocols. Thorough
|
provide any implementation of OpenPGP or other protocols. Thorough
|
||||||
understanding of applied cryptography is required to use Libgcrypt.
|
understanding of applied cryptography is required to use Libgcrypt.
|
||||||
|
|
||||||
%endif # #if separate_hmac256_binary
|
%endif
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
@ -223,6 +211,10 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
|
|||||||
touch %{buildroot}/%{_libdir}/.%{name}.so.%{libsover}.fips
|
touch %{buildroot}/%{_libdir}/.%{name}.so.%{libsover}.fips
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Create /etc/gcrypt directory and install random.conf
|
||||||
|
mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
|
||||||
|
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
|
||||||
|
|
||||||
%post -n %{libsoname} -p /sbin/ldconfig
|
%post -n %{libsoname} -p /sbin/ldconfig
|
||||||
%postun -n %{libsoname} -p /sbin/ldconfig
|
%postun -n %{libsoname} -p /sbin/ldconfig
|
||||||
%post devel
|
%post devel
|
||||||
@ -234,14 +226,16 @@ touch %{buildroot}/%{_libdir}/.%{name}.so.%{libsover}.fips
|
|||||||
%files -n %{libsoname}
|
%files -n %{libsoname}
|
||||||
%license COPYING.LIB
|
%license COPYING.LIB
|
||||||
%{_libdir}/%{name}.so.*
|
%{_libdir}/%{name}.so.*
|
||||||
|
%dir %{_sysconfdir}/gcrypt
|
||||||
|
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
|
||||||
%if 0%{?build_hmac256}
|
%if 0%{?build_hmac256}
|
||||||
%{_libdir}/.libgcrypt.so.*.hmac
|
%{_libdir}/.libgcrypt.so.*.hmac
|
||||||
%endif # %%if 0%%{?build_hmac256}
|
%endif
|
||||||
|
|
||||||
%files -n %{libsoname}-hmac
|
%files -n %{libsoname}-hmac
|
||||||
%if 0%{?build_hmac256}
|
%if 0%{?build_hmac256}
|
||||||
%{_libdir}/.libgcrypt.so.*.fips
|
%{_libdir}/.libgcrypt.so.*.fips
|
||||||
%endif # %%if 0%%{?build_hmac256}
|
%endif
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%license COPYING COPYING.LIB
|
%license COPYING COPYING.LIB
|
||||||
@ -257,7 +251,7 @@ touch %{buildroot}/%{_libdir}/.%{name}.so.%{libsover}.fips
|
|||||||
|
|
||||||
%if 0%{?separate_hmac256_binary}
|
%if 0%{?separate_hmac256_binary}
|
||||||
%files hmac256
|
%files hmac256
|
||||||
%endif # %%if 0%%{?separate_hmac256_binary}
|
%endif
|
||||||
%{_bindir}/hmac256
|
%{_bindir}/hmac256
|
||||||
%{_bindir}/.hmac256.hmac
|
%{_bindir}/.hmac256.hmac
|
||||||
%doc %{_mandir}/man1/hmac256.1*
|
%doc %{_mandir}/man1/hmac256.1*
|
||||||
|
9
random.conf
Normal file
9
random.conf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# This file can be used to globally change parameters of
|
||||||
|
# the random generator. Supported options are:
|
||||||
|
|
||||||
|
# Always use the non-blocking /dev/urandom or the respective
|
||||||
|
# system call instead of the blocking /dev/random.
|
||||||
|
only-urandom
|
||||||
|
|
||||||
|
# Disable the use of the jitter based entropy generator.
|
||||||
|
#disable-jent
|
Loading…
Reference in New Issue
Block a user