SHA256
1
0
forked from pool/libgcrypt
libgcrypt/0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
Marcus Meissner 0ee4a0f87b Accepting request 232937 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
  * patches by Stephan Mueller (http://www.chronox.de/drbg.html):
    0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    0007-User-interface-to-DRBG.patch
  * only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
  applied anyway)

OBS-URL: https://build.opensuse.org/request/show/232937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
2014-05-07 15:00:08 +00:00

133 lines
4.5 KiB
Diff

From 6aa1bc1df0dbbf5b4cb06b86f949aa9d80f68700 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:14:58 +0100
Subject: [PATCH v3 4/7] Invoke DRBG from common libgcrypt RNG code
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
Integrate the DRBG invocation with the common libgcrypt RNG code. This
integration replaces the old ANSI X9.31 RNG invocation. As the ANSI
X9.31 shall only be invoked in FIPS mode and it is sunset at the end of
2014 for FIPS purposes, a complete replacement with the DRBG is
considered appropriate. The DRBG is FIPS approved deterministic random
number generator for the forseeable future.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
Index: libgcrypt-1.6.1/random/random.c
===================================================================
--- libgcrypt-1.6.1.orig/random/random.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/random/random.c 2014-05-06 14:51:42.350644283 +0200
@@ -153,11 +153,13 @@ _gcry_random_initialize (int full)
}
if (fips_mode ())
- _gcry_rngfips_initialize (full);
+ //_gcry_rngfips_initialize (full);
+ _gcry_drbg_init(full);
else if (rng_types.standard)
_gcry_rngcsprng_initialize (full);
else if (rng_types.fips)
- _gcry_rngfips_initialize (full);
+ _gcry_drbg_init(full);
+ //_gcry_rngfips_initialize (full);
else if (rng_types.system)
_gcry_rngsystem_initialize (full);
else
@@ -174,11 +176,13 @@ _gcry_random_close_fds (void)
the entropy gatherer. */
if (fips_mode ())
- _gcry_rngfips_close_fds ();
+ //_gcry_rngfips_close_fds ();
+ _gcry_drbg_close_fds ();
else if (rng_types.standard)
_gcry_rngcsprng_close_fds ();
else if (rng_types.fips)
- _gcry_rngfips_close_fds ();
+ //_gcry_rngfips_close_fds ();
+ _gcry_drbg_close_fds ();
else if (rng_types.system)
_gcry_rngsystem_close_fds ();
else
@@ -212,7 +216,8 @@ void
_gcry_random_dump_stats (void)
{
if (fips_mode ())
- _gcry_rngfips_dump_stats ();
+ //_gcry_rngfips_dump_stats ();
+ _gcry_drbg_dump_stats ();
else
_gcry_rngcsprng_dump_stats ();
}
@@ -271,7 +276,8 @@ int
_gcry_random_is_faked (void)
{
if (fips_mode ())
- return _gcry_rngfips_is_faked ();
+ //return _gcry_rngfips_is_faked ();
+ return _gcry_drbg_is_faked ();
else
return _gcry_rngcsprng_is_faked ();
}
@@ -301,11 +307,13 @@ static void
do_randomize (void *buffer, size_t length, enum gcry_random_level level)
{
if (fips_mode ())
- _gcry_rngfips_randomize (buffer, length, level);
+ //_gcry_rngfips_randomize (buffer, length, level);
+ _gcry_drbg_randomize (buffer, length, level);
else if (rng_types.standard)
_gcry_rngcsprng_randomize (buffer, length, level);
else if (rng_types.fips)
- _gcry_rngfips_randomize (buffer, length, level);
+ //_gcry_rngfips_randomize (buffer, length, level);
+ _gcry_drbg_randomize (buffer, length, level);
else if (rng_types.system)
_gcry_rngsystem_randomize (buffer, length, level);
else /* default */
@@ -437,7 +445,8 @@ _gcry_create_nonce (void *buffer, size_t
nonce generator which is seeded by the RNG actual in use. */
if (fips_mode ())
{
- _gcry_rngfips_create_nonce (buffer, length);
+ //_gcry_rngfips_create_nonce (buffer, length);
+ _gcry_drbg_randomize (buffer, length, GCRY_WEAK_RANDOM);
return;
}
@@ -514,7 +523,8 @@ gpg_error_t
_gcry_random_selftest (selftest_report_func_t report)
{
if (fips_mode ())
- return _gcry_rngfips_selftest (report);
+ //return _gcry_rngfips_selftest (report);
+ return _gcry_drbg_selftest (report);
else
return 0; /* No selftests yet. */
}
@@ -530,6 +540,7 @@ _gcry_random_init_external_test (void **
const void *seed, size_t seedlen,
const void *dt, size_t dtlen)
{
+ return GPG_ERR_NOT_SUPPORTED;
(void)flags;
if (fips_mode ())
return _gcry_rngfips_init_external_test (r_context, flags, key, keylen,
@@ -544,6 +555,7 @@ _gcry_random_init_external_test (void **
gcry_err_code_t
_gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
{
+ return GPG_ERR_NOT_SUPPORTED;
if (fips_mode ())
return _gcry_rngfips_run_external_test (context, buffer, buflen);
else
@@ -554,6 +566,7 @@ _gcry_random_run_external_test (void *co
void
_gcry_random_deinit_external_test (void *context)
{
+ return;
if (fips_mode ())
_gcry_rngfips_deinit_external_test (context);
}