diff --git a/libgcrypt-1.8.4-allow_FSM_same_state.patch b/libgcrypt-1.8.4-allow_FSM_same_state.patch new file mode 100644 index 0000000..2ec4129 --- /dev/null +++ b/libgcrypt-1.8.4-allow_FSM_same_state.patch @@ -0,0 +1,15 @@ +Index: libgcrypt-1.8.4/src/fips.c +=================================================================== +--- libgcrypt-1.8.4.orig/src/fips.c ++++ libgcrypt-1.8.4/src/fips.c +@@ -930,6 +930,10 @@ fips_new_state (enum module_states new_s + + } + ++ /* Allow a transition to the current state */ ++ if (current_state == new_state) ++ ok = 1; ++ + if (ok) + { + current_state = new_state; diff --git a/libgcrypt-1.8.4-use_xfree.patch b/libgcrypt-1.8.4-use_xfree.patch new file mode 100644 index 0000000..b104472 --- /dev/null +++ b/libgcrypt-1.8.4-use_xfree.patch @@ -0,0 +1,39 @@ +Index: libgcrypt-1.8.4/src/hmac256.c +=================================================================== +--- libgcrypt-1.8.4.orig/src/hmac256.c ++++ libgcrypt-1.8.4/src/hmac256.c +@@ -69,6 +69,7 @@ typedef uint32_t u32; + + #ifdef STANDALONE + #define xtrymalloc(a) malloc((a)) ++#define xfree(a) free((a)) + #define gpg_err_set_errno(a) (errno = (a)) + #else + #include "g10lib.h" +@@ -341,7 +342,7 @@ _gcry_hmac256_new (const void *key, size + tmphd = _gcry_hmac256_new (NULL, 0); + if (!tmphd) + { +- free (hd); ++ xfree (hd); + return NULL; + } + _gcry_hmac256_update (tmphd, key, keylen); +@@ -373,7 +374,7 @@ _gcry_hmac256_release (hmac256_context_t + /* Note: We need to take care not to modify errno. */ + if (ctx->use_hmac) + my_wipememory (ctx->opad, 64); +- free (ctx); ++ xfree (ctx); + } + } + +@@ -489,7 +490,7 @@ _gcry_hmac256_file (void *result, size_t + while ( (nread = fread (buffer, 1, buffer_size, fp))) + _gcry_hmac256_update (hd, buffer, nread); + +- free (buffer); ++ xfree (buffer); + + if (ferror (fp)) + { diff --git a/libgcrypt-binary_integrity_in_non-FIPS.patch b/libgcrypt-binary_integrity_in_non-FIPS.patch new file mode 100644 index 0000000..78fbba2 --- /dev/null +++ b/libgcrypt-binary_integrity_in_non-FIPS.patch @@ -0,0 +1,84 @@ +Index: libgcrypt-1.8.2/src/fips.c +=================================================================== +--- libgcrypt-1.8.2.orig/src/fips.c 2019-03-27 13:15:14.190987624 +0100 ++++ libgcrypt-1.8.2/src/fips.c 2019-03-27 13:18:07.047986428 +0100 +@@ -115,6 +115,50 @@ _gcry_initialize_fsm_lock (void) + abort (); + } + } ++ ++/* Checks whether the library will enter the FIPS mode. ++ Uses the same logic as _gcry_initialize_fips_mode */ ++static int ++will_enter_fips (void) ++{ ++ /* for convenience, so that a process can run fips-enabled, but ++ not necessarily all of them, enable FIPS mode via environment ++ variable LIBGCRYPT_FORCE_FIPS_MODE. */ ++ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL) ++ return 1; ++ ++ /* For testing the system it is useful to override the system ++ provided detection of the FIPS mode and force FIPS mode using a ++ file. The filename is hardwired so that there won't be any ++ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is ++ actually used. The file itself may be empty. */ ++ if ( !access (FIPS_FORCE_FILE, F_OK) ) ++ return 1; ++ ++ /* Checking based on /proc file properties. */ ++ { ++ static const char procfname[] = "/proc/sys/crypto/fips_enabled"; ++ FILE *fp; ++ ++ fp = fopen (procfname, "r"); ++ if (fp) ++ { ++ char line[256]; ++ ++ if (fgets (line, sizeof line, fp) && atoi (line)) ++ { ++ /* System is in fips mode. */ ++ fclose (fp); ++ return 1; ++ } ++ fclose (fp); ++ } ++ } ++ ++ return 0; ++} ++ ++ + + /* Check whether the OS is in FIPS mode and record that in a module + local variable. If FORCE is passed as true, fips mode will be +@@ -631,10 +675,10 @@ get_library_path(const char *libname, co + + /* Run an integrity check on the binary. Returns 0 on success. */ + static int +-check_binary_integrity (void) ++check_binary_integrity () + { + #ifdef ENABLE_HMAC_BINARY_CHECK +- gpg_error_t err; ++ gpg_error_t err = 0; + char libpath[4096]; + unsigned char digest[32]; + int dlen; +@@ -675,7 +719,14 @@ check_binary_integrity (void) + /* Open the file. */ + fp = fopen (fname, "r"); + if (!fp) +- err = gpg_error_from_syserror (); ++ { ++ /* Missing checksum is a problem only in FIPS mode. ++ As the integrity check was moved to the POWERON state, ++ we no longer can rely on fips_mode(). Because at the point, ++ the library is not yet initialized. */ ++ if (will_enter_fips() || errno != ENOENT) ++ err = gpg_error_from_syserror (); ++ } + else + { + /* A buffer of 64 bytes plus one for a LF and one to diff --git a/libgcrypt.changes b/libgcrypt.changes index b36fdae..38719ba 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Apr 23 12:38:40 UTC 2019 - Jason Sikes + +- Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that + was partially causing bsc#1131183. +- Fixed race condition in multi-threaded applications by allowing a FSM state + transition to the current state. This means some tests are run twice. + * Added libgcrypt-1.8.4-allow_FSM_same_state.patch +- Fixed an issue in malloc/free wrappers so that memory created by the malloc() + wrappers will be destroyed using the free() wrappers. + * Added libgcrypt-1.8.4-use_xfree.patch + ------------------------------------------------------------------- Fri Apr 5 21:56:00 UTC 2019 - Jason Sikes diff --git a/libgcrypt.spec b/libgcrypt.spec index ca988db..f0f4c2e 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -59,7 +59,10 @@ Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch Patch39: libgcrypt-1.8.3-fips-ctor.patch Patch40: libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch +Patch41: libgcrypt-binary_integrity_in_non-FIPS.patch Patch42: libgcrypt-fips_rsa_no_enforced_mode.patch +Patch43: libgcrypt-1.8.4-use_xfree.patch +Patch44: libgcrypt-1.8.4-allow_FSM_same_state.patch BuildRequires: automake >= 1.14 BuildRequires: fipscheck BuildRequires: libgpg-error-devel >= 1.25