rpm/libgcrypt
SHA256
1
0
Fork 0
forked from pool/libgcrypt
Code Pull Requests Activity
44e7a5642f
libgcrypt/libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
Tomáš Chvátal 7da0c092f1 Accepting request 592205 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ 
- Extended the fipsdrv dsa-sign and dsa-verify commands with the
  --algo parameter for the FIPS testing of DSA SigVer and SigGen
  (bsc#1064455).
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch

OBS-URL: https://build.opensuse.org/request/show/592205
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=108
2018-03-29 09:57:58 +00:00

66 lines
2.0 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Index: libgcrypt-1.6.1/tests/fipsdrv.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/fipsdrv.c
+++ libgcrypt-1.6.1/tests/fipsdrv.c
@@ -2190,11 +2190,12 @@ dsa_hash_from_key(gcry_sexp_t s_key)
return GCRY_MD_NONE;
}
-
+
/* Sign DATA of length DATALEN using the key taken from the S-expression
encoded KEYFILE. */
static void
-run_dsa_sign (const void *data, size_t datalen, const char *keyfile)
+run_dsa_sign (const void *data, size_t datalen,
+ int hashalgo, const char *keyfile)
{
gpg_error_t err;
@@ -2202,13 +2203,20 @@ run_dsa_sign (const void *data, size_t d
char hash[128];
gcry_mpi_t tmpmpi;
int algo;
+ int algo_len;
+ int hashalgo_len;
s_key = read_sexp_from_file (keyfile);
algo = dsa_hash_from_key(s_key);
+ algo_len = gcry_md_get_algo_dlen(algo);
+ hashalgo_len = gcry_md_get_algo_dlen(hashalgo);
- gcry_md_hash_buffer (algo, hash, data, datalen);
+ if (hashalgo_len < algo_len)
+ algo_len = hashalgo_len;
+
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
- gcry_md_get_algo_dlen(algo), NULL);
+ algo_len, NULL);
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -3000,14 +3008,21 @@ main (int argc, char **argv)
}
else if (!strcmp (mode_string, "dsa-sign"))
{
+ int algo;
+
if (!key_string)
die ("option --key is required in this mode\n");
if (access (key_string, R_OK))
die ("option --key needs to specify an existing keyfile\n");
+ if (!algo_string)
+ die ("option --algo is required in this mode\n");
+ algo = gcry_md_map_name (algo_string);
+ if (!algo)
+ die ("digest algorithm `%s' is not supported\n", algo_string);
if (!data)
die ("no data available (do not use --chunk)\n");
- run_dsa_sign (data, datalen, key_string);
+ run_dsa_sign (data, datalen, algo, key_string);
}
else if (!strcmp (mode_string, "dsa-verify"))
{
View Git Blame Copy Permalink