forked from pool/libgcrypt
c2b9970a6d
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible to previous versions if they used the ac interface. Check NEWS in libgcrypt-devel for removed interfaces. * Removed the module register subsystem. * The deprecated message digest debug macros have been removed. Use gcry_md_debug instead. * Removed deprecated control codes. * Improved performance of most cipher algorithms as well as for the SHA family of hash functions. * Added support for the IDEA cipher algorithm. * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. * Added limited support for the GOST 28147-89 cipher algorithm. * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) hash algorithms. * Added a random number generator to directly use the system's RNG. Also added an interface to prefer the use of a specified RNG. * Added support for the SCRYPT algorithm. * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242]. * Added support for Deterministic DSA as per RFC-6969. * Added support for curve Ed25519. * Added a scatter gather hash convenience function. * Added several MPI amd SEXP helper functions. * Added support for negative numbers to gcry_mpi_print, gcry_mpi_aprint and gcry_mpi_scan. * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now deprecated. Use GCRY_PK_ECC if you need an algorithm id. * Changed gcry_pk_genkey for "ecc" to only include the curve name and not the parameters. The flag "param" may be used to revert this. OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=32
170 lines
5.8 KiB
Diff
170 lines
5.8 KiB
Diff
From: draht@suse.com
|
|
Subject: /etc/gcrypt/rngseed symlink
|
|
|
|
logic error in evaluation of routine to open /dev/{u,}random or
|
|
/etc/gcrypt/rngseed (open_device()) causes abort() in cases where
|
|
do_randomize(nbytes, level) is called with level == 1
|
|
(GCRY_STRONG_RANDOM).
|
|
|
|
References: bnc#724841
|
|
https://bugzilla.novell.com/show_bug.cgi?id=724841
|
|
|
|
---
|
|
random/random-csprng.c | 2 +-
|
|
random/random-fips.c | 10 +++++-----
|
|
random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------
|
|
3 files changed, 48 insertions(+), 12 deletions(-)
|
|
|
|
Index: libgcrypt-1.6.0/random/random-csprng.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.0.orig/random/random-csprng.c
|
|
+++ libgcrypt-1.6.0/random/random-csprng.c
|
|
@@ -832,7 +832,7 @@ read_seed_file (void)
|
|
* entropy drivers, however the rndlinux driver will use
|
|
* /dev/urandom and return some stuff - Do not read too much as we
|
|
* want to be friendly to the scare system entropy resource. */
|
|
- read_random_source ( RANDOM_ORIGIN_INIT, 16, GCRY_WEAK_RANDOM );
|
|
+ read_random_source ( RANDOM_ORIGIN_INIT, 16, -1 );
|
|
|
|
allow_seed_file_update = 1;
|
|
return 1;
|
|
Index: libgcrypt-1.6.0/random/random-fips.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.0.orig/random/random-fips.c
|
|
+++ libgcrypt-1.6.0/random/random-fips.c
|
|
@@ -27,10 +27,10 @@
|
|
There are 3 random context which map to the different levels of
|
|
random quality:
|
|
|
|
- Generator Seed and Key Kernel entropy (init/reseed)
|
|
- ------------------------------------------------------------
|
|
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
|
|
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
|
|
+ Generator Seed and Key Kernel entropy (init/reseed)
|
|
+ ---------------------------------------------------------------------------------------
|
|
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
|
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
|
gcry_create_nonce GCRY_STRONG_RANDOM n/a
|
|
|
|
All random generators return their data in 128 bit blocks. If the
|
|
@@ -562,7 +562,7 @@ get_entropy (size_t nbytes)
|
|
#if USE_RNDLINUX
|
|
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
|
X931_AES_KEYLEN,
|
|
- GCRY_VERY_STRONG_RANDOM);
|
|
+ -1);
|
|
#elif USE_RNDW32
|
|
do
|
|
{
|
|
Index: libgcrypt-1.6.0/random/rndlinux.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.0.orig/random/rndlinux.c
|
|
+++ libgcrypt-1.6.0/random/rndlinux.c
|
|
@@ -36,7 +36,8 @@
|
|
#include "g10lib.h"
|
|
#include "rand-internal.h"
|
|
|
|
-static int open_device (const char *name, int retry);
|
|
+static int open_device (const char *name, int retry, int fatal);
|
|
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
|
|
|
|
|
static int
|
|
@@ -59,7 +60,7 @@ set_cloexec_flag (int fd)
|
|
* a fatal error but retries until it is able to reopen the device.
|
|
*/
|
|
static int
|
|
-open_device (const char *name, int retry)
|
|
+open_device (const char *name, int retry, int fatal)
|
|
{
|
|
int fd;
|
|
|
|
@@ -77,8 +78,11 @@ open_device (const char *name, int retry
|
|
select (0, NULL, NULL, NULL, &tv);
|
|
goto again;
|
|
}
|
|
- if (fd == -1)
|
|
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
|
+ {
|
|
+ if (fatal)
|
|
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
|
+ return fd;
|
|
+ }
|
|
|
|
if (set_cloexec_flag (fd))
|
|
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
|
|
@@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add
|
|
{
|
|
static int fd_urandom = -1;
|
|
static int fd_random = -1;
|
|
+ static int fd_configured = -1;
|
|
static unsigned char ever_opened;
|
|
int fd;
|
|
int n;
|
|
byte buffer[768];
|
|
size_t n_hw;
|
|
+ size_t orig_length = length;
|
|
size_t want = length;
|
|
size_t last_so_far = 0;
|
|
int any_need_entropy = 0;
|
|
@@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add
|
|
that we always require the device to be existent but want a more
|
|
graceful behaviour if the rarely needed close operation has been
|
|
used and the device needs to be re-opened later. */
|
|
+
|
|
+ /* Clarification: path how "level == -1" comes about:
|
|
+ gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
|
|
+ do_randomize(buffer, nbytes, level) ->
|
|
+ _gcry_rngcsprng_randomize(buffer, length, level) ->
|
|
+ read_pool (p, n, level) ->
|
|
+ read_seed_file(),
|
|
+ random_poll() ->
|
|
+ read_random_source(..., ..., GCRY_STRONG_RANDOM),
|
|
+ read_random_source(... , ..., , -1 ) (note: -1) ->
|
|
+ slow_gather_fnc(..., ..., ..., level)
|
|
+ function pointer set by getfnc_gather_random() to
|
|
+ _gcry_rndlinux_gather_random() , which is here.
|
|
+ */
|
|
+
|
|
+
|
|
+ if (level == -1)
|
|
+ {
|
|
+ if (fd_configured == -1)
|
|
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0);
|
|
+ fd = fd_configured;
|
|
+ if (fd == -1)
|
|
+ level = 1;
|
|
+ }
|
|
+
|
|
+
|
|
if (level >= 2)
|
|
{
|
|
if (fd_random == -1)
|
|
{
|
|
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
|
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
|
ever_opened |= 1;
|
|
}
|
|
fd = fd_random;
|
|
}
|
|
- else
|
|
+ else if (level != -1)
|
|
{
|
|
if (fd_urandom == -1)
|
|
{
|
|
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
|
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
|
ever_opened |= 2;
|
|
}
|
|
fd = fd_urandom;
|
|
@@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add
|
|
}
|
|
memset(buffer, 0, sizeof(buffer) );
|
|
|
|
+ if (level == -1)
|
|
+ _gcry_rndlinux_gather_random(add, origin, orig_length, 1);
|
|
+
|
|
if (any_need_entropy)
|
|
_gcry_random_progress ("need_entropy", 'X', (int)want, (int)want);
|
|
|