3
0
forked from pool/libgcrypt

- Remove unrecognized option: --enable-m-guard

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=182
This commit is contained in:
Pedro Monreal Gonzalez 2024-12-02 12:11:19 +00:00 committed by Git OBS Bridge
commit a86dd9c96a
25 changed files with 5722 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

8
baselibs.conf Normal file
View File

@ -0,0 +1,8 @@
libgcrypt20
provides "libgcrypt-<targettype> = <version>"
obsoletes "libgcrypt-<targettype> <= <version>"
provides "libgcrypt20-hmac-<targettype> = <version>-%release"
obsoletes "libgcrypt20-hmac-<targettype> < <version>-%release"
libgcrypt-devel
requires -libgcrypt-<targettype>
requires "libgcrypt20-<targettype> = <version>"

34
hwf.deny Normal file
View File

@ -0,0 +1,34 @@
# This file can be used to globally disable the use of hardware
# based optimizations. Supported options are:
# padlock-rng
# padlock-aes
# padlock-sha
# padlock-mmul
# intel-cpu
# intel-fast-shld
# intel-bmi2
# intel-ssse3
# intel-sse4.1
# intel-pclmul
# intel-aesni
# intel-rdrand
# intel-avx
# intel-avx2
# intel-fast-vpgather
# intel-rdtsc
# intel-shaext
# intel-vaes-vpclmul
# arm-neon
# arm-aes
# arm-sha1
# arm-sha2
# arm-pmull
# ppc-vcrypto
# ppc-arch_3_00
# ppc-arch_2_07
# ppc-arch_3_10
# s390x-msa
# s390x-msa-4
# s390x-msa-8
# s390x-msa-9
# s390x-vx

View File

@ -0,0 +1,15 @@
Index: libgcrypt-1.10.0/src/fips.c
===================================================================
--- libgcrypt-1.10.0.orig/src/fips.c
+++ libgcrypt-1.10.0/src/fips.c
@@ -890,6 +890,10 @@ fips_new_state (enum module_states new_s
}
+ /* Allow a transition to the current state */
+ if (current_state == new_state)
+ ok = 1;
+
if (ok)
{
current_state = new_state;

BIN
libgcrypt-1.10.3.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

Binary file not shown.

BIN
libgcrypt-1.11.0.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

Binary file not shown.

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,172 @@
Index: libgcrypt-1.11.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.11.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.11.0/doc/gcrypt.texi
@@ -998,13 +998,21 @@ certification. If the function is approv
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
-@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_HASH; Arguments: enum gcry_md_algos
-Check if the given MAC is approved under the current FIPS 140-3
-certification. If the MAC is approved, this function returns
-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
+Check if the given HASH is approved under the current FIPS 140-3
+certification. If the HASH is approved, this function returns
+@code{GPS_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
is returned.
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_MAC; Arguments: enum gcry_mac_algos [, unsigned int]
+
+Check if the given MAC is approved under the current FIPS 140-3
+certification. The second parameter provides the keylen (if the
+algorithm supports different key sizes). If the MAC is approved,
+this function returns @code{GPS_ERR_NO_ERROR}. Otherwise
+@code{GPG_ERR_NOT_SUPPORTED} is returned.
+
@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
Check if the given message digest algorithm is approved under the current
Index: libgcrypt-1.11.0/src/fips.c
===================================================================
--- libgcrypt-1.11.0.orig/src/fips.c
+++ libgcrypt-1.11.0/src/fips.c
@@ -378,31 +378,6 @@ _gcry_fips_indicator_cipher (va_list arg
}
}
-int
-_gcry_fips_indicator_mac (va_list arg_ptr)
-{
- enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
-
- switch (alg)
- {
- case GCRY_MAC_CMAC_AES:
- case GCRY_MAC_HMAC_SHA1:
- case GCRY_MAC_HMAC_SHA224:
- case GCRY_MAC_HMAC_SHA256:
- case GCRY_MAC_HMAC_SHA384:
- case GCRY_MAC_HMAC_SHA512:
- case GCRY_MAC_HMAC_SHA512_224:
- case GCRY_MAC_HMAC_SHA512_256:
- case GCRY_MAC_HMAC_SHA3_224:
- case GCRY_MAC_HMAC_SHA3_256:
- case GCRY_MAC_HMAC_SHA3_384:
- case GCRY_MAC_HMAC_SHA3_512:
- return GPG_ERR_NO_ERROR;
- default:
- return GPG_ERR_NOT_SUPPORTED;
- }
-}
-
/* FIPS approved curves, extracted from:
* cipher/ecc-curves.c:curve_aliases[] and domain_parms[]. */
static const struct
@@ -602,6 +577,62 @@ _gcry_fips_indicator_pk_flags (va_list a
return GPG_ERR_NOT_SUPPORTED;
}
+int
+_gcry_fips_indicator_hash (va_list arg_ptr)
+{
+ enum gcry_md_algos alg = va_arg (arg_ptr, enum gcry_md_algos);
+
+ switch (alg)
+ {
+ case GCRY_MD_SHA1:
+ case GCRY_MD_SHA224:
+ case GCRY_MD_SHA256:
+ case GCRY_MD_SHA384:
+ case GCRY_MD_SHA512:
+ case GCRY_MD_SHA512_224:
+ case GCRY_MD_SHA512_256:
+ case GCRY_MD_SHA3_224:
+ case GCRY_MD_SHA3_256:
+ case GCRY_MD_SHA3_384:
+ case GCRY_MD_SHA3_512:
+ case GCRY_MD_SHAKE128:
+ case GCRY_MD_SHAKE256:
+ return GPG_ERR_NO_ERROR;
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
+}
+
+int
+_gcry_fips_indicator_mac (va_list arg_ptr)
+{
+ enum gcry_mac_algos alg = va_arg (arg_ptr, enum gcry_mac_algos);
+ unsigned int keylen = va_arg (arg_ptr, unsigned int);
+
+ switch (alg)
+ {
+ case GCRY_MAC_HMAC_SHA1:
+ case GCRY_MAC_HMAC_SHA224:
+ case GCRY_MAC_HMAC_SHA256:
+ case GCRY_MAC_HMAC_SHA384:
+ case GCRY_MAC_HMAC_SHA512:
+ case GCRY_MAC_HMAC_SHA512_224:
+ case GCRY_MAC_HMAC_SHA512_256:
+ case GCRY_MAC_HMAC_SHA3_224:
+ case GCRY_MAC_HMAC_SHA3_256:
+ case GCRY_MAC_HMAC_SHA3_384:
+ case GCRY_MAC_HMAC_SHA3_512:
+ if (keylen >= 112) {
+ return GPG_ERR_NO_ERROR;
+ }
+ case GCRY_MAC_CMAC_AES:
+ if (keylen == 128 || keylen == 192 || keylen == 256) {
+ return GPG_ERR_NO_ERROR;
+ }
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
+}
/* This is a test on whether the library is in the error or
operational state. */
Index: libgcrypt-1.11.0/src/g10lib.h
===================================================================
--- libgcrypt-1.11.0.orig/src/g10lib.h
+++ libgcrypt-1.11.0/src/g10lib.h
@@ -469,6 +469,7 @@ void _gcry_fips_signal_error (const char
#endif
int _gcry_fips_indicator_cipher (va_list arg_ptr);
+int _gcry_fips_indicator_hash (va_list arg_ptr);
int _gcry_fips_indicator_mac (va_list arg_ptr);
int _gcry_fips_indicator_md (va_list arg_ptr);
int _gcry_fips_indicator_kdf (va_list arg_ptr);
Index: libgcrypt-1.11.0/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.11.0.orig/src/gcrypt.h.in
+++ libgcrypt-1.11.0/src/gcrypt.h.in
@@ -336,7 +336,8 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
GCRYCTL_MD_CUSTOMIZE = 88,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 89
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 89,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_HASH = 90
};
/* Perform various operations defined by CMD. */
Index: libgcrypt-1.11.0/src/global.c
===================================================================
--- libgcrypt-1.11.0.orig/src/global.c
+++ libgcrypt-1.11.0/src/global.c
@@ -794,6 +794,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_indicator_cipher (arg_ptr);
break;
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_HASH:
+ /* Get FIPS Service Indicator for a given HASH. Returns GPG_ERR_NO_ERROR
+ * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
+ rc = _gcry_fips_indicator_hash (arg_ptr);
+ break;
+
case GCRYCTL_FIPS_SERVICE_INDICATOR_MAC:
/* Get FIPS Service Indicator for a given message authentication code.
* Returns GPG_ERR_NO_ERROR if algorithm is allowed or

View File

@ -0,0 +1,42 @@
Index: libgcrypt-1.10.2/src/fips.c
===================================================================
--- libgcrypt-1.10.2.orig/src/fips.c
+++ libgcrypt-1.10.2/src/fips.c
@@ -520,10 +520,15 @@ int
_gcry_fips_indicator_kdf (va_list arg_ptr)
{
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
+ unsigned int keylen = 0;
switch (alg)
{
case GCRY_KDF_PBKDF2:
+ keylen = va_arg (arg_ptr, unsigned int);
+ if (keylen < 112) {
+ return GPG_ERR_NOT_SUPPORTED;
+ }
return GPG_ERR_NO_ERROR;
default:
return GPG_ERR_NOT_SUPPORTED;
Index: libgcrypt-1.10.2/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.2/doc/gcrypt.texi
@@ -970,12 +970,13 @@ is approved under the current FIPS 140-3
combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
-@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos [, unsigned int]
Check if the given KDF is approved under the current FIPS 140-3
-certification. If the KDF is approved, this function returns
-@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
-is returned.
+certification. The second parameter provides the keylength in bits.
+Keylength values of less that 112 bits are considered non-approved.
+If the KDF is approved, this function returns @code{GPG_ERR_NO_ERROR}.
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *

177
libgcrypt-FIPS-SLI-pk.patch Normal file
View File

@ -0,0 +1,177 @@
Index: libgcrypt-1.11.0/src/fips.c
===================================================================
--- libgcrypt-1.11.0.orig/src/fips.c
+++ libgcrypt-1.11.0/src/fips.c
@@ -38,6 +38,7 @@
#include "g10lib.h"
#include "cipher-proto.h"
+#include "cipher.h"
#include "../random/random.h"
/* The states of the finite state machine used in fips mode. */
@@ -400,6 +401,94 @@ _gcry_fips_indicator_mac (va_list arg_pt
default:
return GPG_ERR_NOT_SUPPORTED;
}
+}
+
+/* FIPS approved curves, extracted from:
+ * cipher/ecc-curves.c:curve_aliases[] and domain_parms[]. */
+static const struct
+{
+ const char *name; /* Our name. */
+ const char *other; /* Other name. */
+} fips_approved_curve[] =
+ {
+ /* "NIST P-192" is non-approved if FIPS 140-3 */
+ /* { "NIST P-192", "1.2.840.10045.3.1.1" }, /\* X9.62 OID *\/ */
+ /* { "NIST P-192", "prime192v1" }, /\* X9.62 name. *\/ */
+ /* { "NIST P-192", "secp192r1" }, /\* SECP name. *\/ */
+ /* { "NIST P-192", "nistp192" }, /\* rfc5656. *\/ */
+
+ { "NIST P-224", "secp224r1" },
+ { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
+ { "NIST P-224", "nistp224" }, /* rfc5656. */
+
+ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
+ { "NIST P-256", "prime256v1" },
+ { "NIST P-256", "secp256r1" },
+ { "NIST P-256", "nistp256" }, /* rfc5656. */
+
+ { "NIST P-384", "secp384r1" },
+ { "NIST P-384", "1.3.132.0.34" },
+ { "NIST P-384", "nistp384" }, /* rfc5656. */
+
+ { "NIST P-521", "secp521r1" },
+ { "NIST P-521", "1.3.132.0.35" },
+ { "NIST P-521", "nistp521" }, /* rfc5656. */
+ { NULL, NULL}
+ };
+
+enum pk_operation convert_from_pk_usage(unsigned int pk_usage)
+{
+ switch (pk_usage)
+ {
+ case GCRY_PK_USAGE_SIGN:
+ return PUBKEY_OP_SIGN;
+ case GCRY_PK_USAGE_ENCR:
+ return PUBKEY_OP_ENCRYPT;
+ default:
+ return PUBKEY_OP_DECRYPT;
+ }
+}
+
+int
+_gcry_fips_indicator_pk (va_list arg_ptr)
+{
+ enum gcry_pk_algos alg = va_arg (arg_ptr, enum gcry_pk_algos);
+ enum pk_operation oper;
+ unsigned int keylen;
+ const char *curve_name;
+
+ switch (alg)
+ {
+ case GCRY_PK_RSA:
+ case GCRY_PK_RSA_E:
+ case GCRY_PK_RSA_S:
+ oper = convert_from_pk_usage(va_arg (arg_ptr, unsigned int));
+ switch (oper)
+ {
+ case PUBKEY_OP_ENCRYPT:
+ case PUBKEY_OP_DECRYPT:
+ return GPG_ERR_NOT_SUPPORTED;
+ default:
+ keylen = va_arg (arg_ptr, unsigned int);
+ if (keylen < 2048)
+ return GPG_ERR_NOT_SUPPORTED;
+ return GPG_ERR_NO_ERROR;
+ }
+ case GCRY_PK_ECC:
+ case GCRY_PK_ECDH:
+ case GCRY_PK_ECDSA:
+ curve_name = va_arg (arg_ptr, const char *);
+ for (int idx = 0; fips_approved_curve[idx].name; ++idx)
+ {
+ /* Check for the usual name and an alias. */
+ if (!strcmp (curve_name, fips_approved_curve[idx].name) ||
+ !strcmp (curve_name, fips_approved_curve[idx].other))
+ return GPG_ERR_NO_ERROR;
+ }
+ return GPG_ERR_NOT_SUPPORTED;
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
}
int
Index: libgcrypt-1.11.0/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.11.0.orig/src/gcrypt.h.in
+++ libgcrypt-1.11.0/src/gcrypt.h.in
@@ -335,7 +335,8 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
- GCRYCTL_MD_CUSTOMIZE = 88
+ GCRYCTL_MD_CUSTOMIZE = 88,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 89
};
/* Perform various operations defined by CMD. */
Index: libgcrypt-1.11.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.11.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.11.0/doc/gcrypt.texi
@@ -1010,6 +1010,19 @@ Check if the given message digest algori
FIPS 140-3 certification. If the algorithm is approved, this function returns
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK; Arguments: enum gcry_pk_algos [, constantsGCRY_PK_USAGE_ENCR or GCRY_PK_USAGE_SIGN, unsigned int (only for GCRY_PK_RSA)] [, const char * (only for GCRY_PK_ECC, GCRY_PK_ECDH or GCRY_PK_ECDSA)]
+
+Check if the given asymmetric cipher is approved under the current
+FIPS 140-3 certification. For GCRY_PK_RSA, two additional parameter
+are required: first describes the purpose of the algorithm through one
+of the constants (GCRY_PK_USAGE_ENCR for encryption or decryption
+operations; GCRY_PK_USAGE_SIGN for sign or verify operations). Second
+one is the key length. For GCRY_PK_ECC, GCRY_PK_ECDH and
+GCRY_PK_ECDSA, only a single parameter is needed: the curve name or
+its alias as @code{const char *}. If the combination is approved, this
+function returns @code{GPG_ERR_NO_ERROR}. Otherwise
+@code{GPG_ERR_NOT_SUPPORTED} is returned.
+
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
Check if the given public key operation flag or s-expression object name is
Index: libgcrypt-1.11.0/src/g10lib.h
===================================================================
--- libgcrypt-1.11.0.orig/src/g10lib.h
+++ libgcrypt-1.11.0/src/g10lib.h
@@ -473,6 +473,7 @@ int _gcry_fips_indicator_mac (va_list ar
int _gcry_fips_indicator_md (va_list arg_ptr);
int _gcry_fips_indicator_kdf (va_list arg_ptr);
int _gcry_fips_indicator_function (va_list arg_ptr);
+int _gcry_fips_indicator_pk (va_list arg_ptr);
int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
int _gcry_fips_is_operational (void);
Index: libgcrypt-1.11.0/src/global.c
===================================================================
--- libgcrypt-1.11.0.orig/src/global.c
+++ libgcrypt-1.11.0/src/global.c
@@ -828,6 +828,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_indicator_pk_flags (arg_ptr);
break;
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_PK:
+ /* Get FIPS Service Indicator for a given asymmetric algorithm. For
+ * GCRY_PK_RSA, an additional parameter for the operation mode is
+ * required. For ECC, ECDH and ECDSA, the additional parameter is the
+ * curve name or its alias. Returns GPG_ERR_NO_ERROR if the
+ * algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise. */
+ rc = _gcry_fips_indicator_pk (arg_ptr);
+ break;
+
case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */
rc = GPG_ERR_NOT_SUPPORTED;
break;

View File

@ -0,0 +1,16 @@
Index: libgcrypt-1.10.3/random/rndjent.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndjent.c
+++ libgcrypt-1.10.3/random/rndjent.c
@@ -319,7 +319,10 @@ _gcry_rndjent_poll (void (*add)(const vo
jent_rng_totalcalls++;
rc = jent_read_entropy_safe (&jent_rng_collector, buffer, n);
if (rc < 0)
- break;
+ {
+ fips_signal_error ("jitter entropy failed");
+ break;
+ }
/* We need to hash the output to conform to the BSI
* NTG.1 specs. */
_gcry_md_hash_buffer (GCRY_MD_SHA256, buffer, buffer, rc);

View File

@ -0,0 +1,183 @@
Index: libgcrypt-1.10.3/random/Makefile.am
===================================================================
--- libgcrypt-1.10.3.orig/random/Makefile.am
+++ libgcrypt-1.10.3/random/Makefile.am
@@ -21,7 +21,7 @@
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
-AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) -ljitterentropy
noinst_LTLIBRARIES = librandom.la
@@ -45,14 +45,7 @@ rndoldlinux.c \
rndegd.c \
rndunix.c \
rndw32.c \
-rndw32ce.c \
-jitterentropy-gcd.c jitterentropy-gcd.h \
-jitterentropy-health.c jitterentropy-health.h \
-jitterentropy-noise.c jitterentropy-noise.h \
-jitterentropy-sha3.c jitterentropy-sha3.h \
-jitterentropy-timer.c jitterentropy-timer.h \
-jitterentropy-base.h \
-jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+rndw32ce.c
# The rndjent module needs to be compiled without optimization. */
if ENABLE_O_FLAG_MUNGING
@@ -61,20 +54,8 @@ else
o_flag_munging = cat
endif
-rndjent.o: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.o: $(srcdir)/rndjent.c
`echo $(COMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
-rndjent.lo: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.lo: $(srcdir)/rndjent.c
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
Index: libgcrypt-1.10.3/random/rndjent.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndjent.c
+++ libgcrypt-1.10.3/random/rndjent.c
@@ -94,17 +94,12 @@
* jitterentropy-user-base.h file. */
/* Tell jitterentropy* that all functions shall be static. */
-#define JENT_PRIVATE_COMPILE 1
+#undef JENT_PRIVATE_COMPILE
-#include "jitterentropy-base.c"
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
#include <pthread.h>
#endif /* JENT_CONF_ENABLE_INTERNAL_TIMER */
-#include "jitterentropy-gcd.c"
-#include "jitterentropy-health.c"
-#include "jitterentropy-noise.c"
-#include "jitterentropy-sha3.c"
-#include "jitterentropy-timer.c"
+#include <jitterentropy.h>
/* This is the lock we use to serialize access to this RNG. The extra
* integer variable is only used to check the locking state; that is,
Index: libgcrypt-1.10.3/random/Makefile.in
===================================================================
--- libgcrypt-1.10.3.orig/random/Makefile.in
+++ libgcrypt-1.10.3/random/Makefile.in
@@ -147,12 +147,7 @@ am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/jitterentropy-base.Plo \
- ./$(DEPDIR)/jitterentropy-gcd.Plo \
- ./$(DEPDIR)/jitterentropy-health.Plo \
- ./$(DEPDIR)/jitterentropy-noise.Plo \
- ./$(DEPDIR)/jitterentropy-sha3.Plo \
- ./$(DEPDIR)/jitterentropy-timer.Plo \
+am__depfiles_remade = \
./$(DEPDIR)/random-csprng.Plo ./$(DEPDIR)/random-drbg.Plo \
./$(DEPDIR)/random-system.Plo ./$(DEPDIR)/random.Plo \
./$(DEPDIR)/rndegd.Plo ./$(DEPDIR)/rndgetentropy.Plo \
@@ -378,7 +373,7 @@ top_srcdir = @top_srcdir@
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
-AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) -ljitterentropy
noinst_LTLIBRARIES = librandom.la
GCRYPT_MODULES = @GCRYPT_RANDOM@
librandom_la_DEPENDENCIES = $(GCRYPT_MODULES)
@@ -398,14 +393,7 @@ rndoldlinux.c \
rndegd.c \
rndunix.c \
rndw32.c \
-rndw32ce.c \
-jitterentropy-gcd.c jitterentropy-gcd.h \
-jitterentropy-health.c jitterentropy-health.h \
-jitterentropy-noise.c jitterentropy-noise.h \
-jitterentropy-sha3.c jitterentropy-sha3.h \
-jitterentropy-timer.c jitterentropy-timer.h \
-jitterentropy-base.h \
-jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+rndw32ce.c
@ENABLE_O_FLAG_MUNGING_FALSE@o_flag_munging = cat
@@ -465,12 +453,6 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-base.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-gcd.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-health.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-noise.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-sha3.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-timer.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-csprng.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-drbg.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-system.Plo@am__quote@ # am--include-marker
@@ -641,12 +623,6 @@ clean-am: clean-generic clean-libtool cl
mostlyclean-am
distclean: distclean-am
- -rm -f ./$(DEPDIR)/jitterentropy-base.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-gcd.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-health.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-noise.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-sha3.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-timer.Plo
-rm -f ./$(DEPDIR)/random-csprng.Plo
-rm -f ./$(DEPDIR)/random-drbg.Plo
-rm -f ./$(DEPDIR)/random-system.Plo
@@ -704,12 +680,6 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/jitterentropy-base.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-gcd.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-health.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-noise.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-sha3.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-timer.Plo
-rm -f ./$(DEPDIR)/random-csprng.Plo
-rm -f ./$(DEPDIR)/random-drbg.Plo
-rm -f ./$(DEPDIR)/random-system.Plo
@@ -759,22 +729,10 @@ uninstall-am:
.PRECIOUS: Makefile
-rndjent.o: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.o: $(srcdir)/rndjent.c
`echo $(COMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
-rndjent.lo: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.lo: $(srcdir)/rndjent.c
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
# Tell versions [3.59,3.63) of GNU make to not export all variables.

View File

@ -0,0 +1,41 @@
Index: libgcrypt-1.10.3/random/rndgetentropy.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndgetentropy.c
+++ libgcrypt-1.10.3/random/rndgetentropy.c
@@ -53,16 +53,30 @@ _gcry_rndgetentropy_gather_random (void
/* When using a blocking random generator try to get some entropy
* from the jitter based RNG. In this case we take up to 50% of the
- * remaining requested bytes. */
+ * remaining requested bytes. In FIPS mode, we get all the entropy
+ * from the jitter RNG. */
if (level >= GCRY_VERY_STRONG_RANDOM)
{
size_t n;
- n = _gcry_rndjent_poll (add, origin, length/2);
- if (n > length/2)
- n = length/2;
- if (length > 1)
- length -= n;
+ /* In FIPS mode, use the whole length of the entropy buffer from
+ * Jitter RNG */
+ if (fips_mode ())
+ {
+ n = _gcry_rndjent_poll (add, origin, length);
+ if (n != length)
+ fips_signal_error ("jitter entropy failed");
+ else
+ length = 0;
+ }
+ else
+ {
+ n = _gcry_rndjent_poll (add, origin, length/2);
+ if (n > length/2)
+ n = length/2;
+ if (length > 1)
+ length -= n;
+ }
}
/* Enter the loop. */

View File

@ -0,0 +1,114 @@
Index: libgcrypt-1.10.0/random/rndoldlinux.c
===================================================================
--- libgcrypt-1.10.0.orig/random/rndoldlinux.c
+++ libgcrypt-1.10.0/random/rndoldlinux.c
@@ -132,7 +132,7 @@ _gcry_rndoldlinux_gather_random (void (*
volatile pid_t apid;
int fd;
int n;
- byte buffer[768];
+ byte buffer[256];
size_t n_hw;
size_t want = length;
size_t last_so_far = 0;
@@ -187,26 +187,43 @@ _gcry_rndoldlinux_gather_random (void (*
my_pid = apid;
}
+ if (fips_mode())
+ {
+ if (level >= GCRY_VERY_STRONG_RANDOM)
+ {
+ size_t n;
- /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
- it account only for up to 50% (or 25% for RDRAND) of the requested
- bytes. */
- n_hw = _gcry_rndhw_poll_slow (add, origin, length);
- if (length > 1)
- length -= n_hw;
-
- /* When using a blocking random generator try to get some entropy
- * from the jitter based RNG. In this case we take up to 50% of the
- * remaining requested bytes. */
- if (level >= GCRY_VERY_STRONG_RANDOM)
- {
- n_hw = _gcry_rndjent_poll (add, origin, length/2);
- if (n_hw > length/2)
- n_hw = length/2;
+ n = _gcry_rndjent_poll (add, origin, length);
+ if (n == 0)
+ log_fatal ("unexpected error from rndjent: %s\n",
+ strerror (errno));
+ if (n > length)
+ n = length;
+ if (length > 1)
+ length -= n;
+ }
+ }
+ else
+ {
+ /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
+ it account only for up to 50% (or 25% for RDRAND) of the requested
+ bytes. */
+ n_hw = _gcry_rndhw_poll_slow (add, origin, length);
if (length > 1)
length -= n_hw;
- }
+ /* When using a blocking random generator try to get some entropy
+ * from the jitter based RNG. In this case we take up to 50% of the
+ * remaining requested bytes. */
+ if (level >= GCRY_VERY_STRONG_RANDOM)
+ {
+ n_hw = _gcry_rndjent_poll (add, origin, length/2);
+ if (n_hw > length/2)
+ n_hw = length/2;
+ if (length > 1)
+ length -= n_hw;
+ }
+ }
/* Open the requested device. The first time a device is to be
opened we fail with a fatal error if the device does not exists.
@@ -262,8 +279,6 @@ _gcry_rndoldlinux_gather_random (void (*
do
{
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
- if (nbytes > 256)
- nbytes = 256;
_gcry_pre_syscall ();
ret = getentropy (buffer, nbytes);
_gcry_post_syscall ();
Index: libgcrypt-1.10.0/random/rndjent.c
===================================================================
--- libgcrypt-1.10.0.orig/random/rndjent.c
+++ libgcrypt-1.10.0/random/rndjent.c
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
if (!jent_rng_is_initialized)
{
/* Auto-initialize. */
- jent_rng_is_initialized = 1;
jent_entropy_collector_free (jent_rng_collector);
jent_rng_collector = NULL;
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
{
- if (!jent_entropy_init ())
- jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ if (!jent_entropy_init_ex (1, 0))
+ {
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ jent_rng_is_initialized = 1;
+ }
+ }
+ }
+
+ if (!jent_rng_collector)
+ {
+ if (!jent_entropy_init_ex (1, 0))
+ {
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ jent_rng_is_initialized = 1;
}
}

View File

@ -0,0 +1,618 @@
Index: libgcrypt-1.10.0/random/jitterentropy-base.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base.c
+++ libgcrypt-1.10.0/random/jitterentropy-base.c
@@ -42,7 +42,7 @@
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
* change without a bump of the major version) */
-#define MINVERSION 3 /* API compatible, ABI may change, functional
+#define MINVERSION 4 /* API compatible, ABI may change, functional
* enhancements only, consumer can be left unchanged if
* enhancements are not considered */
#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
@@ -200,29 +200,38 @@ ssize_t jent_read_entropy(struct rand_da
tocopy = (DATA_SIZE_BITS / 8);
else
tocopy = len;
- memcpy(p, &ec->data, tocopy);
+
+ jent_read_random_block(ec, p, tocopy);
len -= tocopy;
p += tocopy;
}
/*
- * To be on the safe side, we generate one more round of entropy
- * which we do not give out to the caller. That round shall ensure
- * that in case the calling application crashes, memory dumps, pages
- * out, or due to the CPU Jitter RNG lingering in memory for long
- * time without being moved and an attacker cracks the application,
- * all he reads in the entropy pool is a value that is NEVER EVER
- * being used for anything. Thus, he does NOT see the previous value
- * that was returned to the caller for cryptographic purposes.
+ * Enhanced backtracking support: At this point, the hash state
+ * contains the digest of the previous Jitter RNG collection round
+ * which is inserted there by jent_read_random_block with the SHA
+ * update operation. At the current code location we completed
+ * one request for a caller and we do not know how long it will
+ * take until a new request is sent to us. To guarantee enhanced
+ * backtracking resistance at this point (i.e. ensure that an attacker
+ * cannot obtain information about prior random numbers we generated),
+ * but still stirring the hash state with old data the Jitter RNG
+ * obtains a new message digest from its state and re-inserts it.
+ * After this operation, the Jitter RNG state is still stirred with
+ * the old data, but an attacker who gets access to the memory after
+ * this point cannot deduce the random numbers produced by the
+ * Jitter RNG prior to this point.
*/
/*
- * If we use secured memory, do not use that precaution as the secure
- * memory protects the entropy pool. Moreover, note that using this
- * call reduces the speed of the RNG by up to half
+ * If we use secured memory, where backtracking support may not be
+ * needed because the state is protected in a different method,
+ * it is permissible to drop this support. But strongly weigh the
+ * pros and cons considering that the SHA3 operation is not that
+ * expensive.
*/
#ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
- jent_random_data(ec);
+ jent_read_random_block(ec, NULL, 0);
#endif
err:
@@ -379,6 +388,7 @@ static struct rand_data
*jent_entropy_collector_alloc_internal(unsigned int osr, unsigned int flags)
{
struct rand_data *entropy_collector;
+ uint32_t memsize = 0;
/*
* Requesting disabling and forcing of internal timer
@@ -405,7 +415,7 @@ static struct rand_data
return NULL;
if (!(flags & JENT_DISABLE_MEMORY_ACCESS)) {
- uint32_t memsize = jent_memsize(flags);
+ memsize = jent_memsize(flags);
entropy_collector->mem = _gcry_calloc (1, memsize);
@@ -431,13 +441,19 @@ static struct rand_data
entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
}
+ if (sha3_alloc(&entropy_collector->hash_state))
+ goto err;
+
+ /* Initialize the hash state */
+ sha3_256_init(entropy_collector->hash_state);
+
/* verify and set the oversampling rate */
if (osr < JENT_MIN_OSR)
osr = JENT_MIN_OSR;
entropy_collector->osr = osr;
entropy_collector->flags = flags;
- if (jent_fips_enabled() || (flags & JENT_FORCE_FIPS))
+ if ((flags & JENT_FORCE_FIPS) || jent_fips_enabled())
entropy_collector->fips_enabled = 1;
/* Initialize the APT */
@@ -469,7 +485,7 @@ static struct rand_data
err:
if (entropy_collector->mem != NULL)
- jent_zfree(entropy_collector->mem, JENT_MEMORY_SIZE);
+ jent_zfree(entropy_collector->mem, memsize);
jent_zfree(entropy_collector, sizeof(struct rand_data));
return NULL;
}
@@ -511,6 +527,7 @@ JENT_PRIVATE_STATIC
void jent_entropy_collector_free(struct rand_data *entropy_collector)
{
if (entropy_collector != NULL) {
+ sha3_dealloc(entropy_collector->hash_state);
jent_notime_disable(entropy_collector);
if (entropy_collector->mem != NULL) {
jent_zfree(entropy_collector->mem,
@@ -664,6 +681,7 @@ static inline int jent_entropy_init_comm
int ret;
jent_notime_block_switch();
+ jent_health_cb_block_switch();
if (sha3_tester())
return EHASH;
@@ -710,6 +728,8 @@ int jent_entropy_init_ex(unsigned int os
if (ret)
return ret;
+ ret = ENOTIME;
+
/* Test without internal timer unless caller does not want it */
if (!(flags & JENT_FORCE_INTERNAL_TIMER))
ret = jent_time_entropy_init(osr,
@@ -732,3 +752,9 @@ int jent_entropy_switch_notime_impl(stru
return jent_notime_switch(new_thread);
}
#endif
+
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb)
+{
+ return jent_set_fips_failure_callback_internal(cb);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-gcd.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-gcd.c
+++ libgcrypt-1.10.0/random/jitterentropy-gcd.c
@@ -113,12 +113,8 @@ int jent_gcd_analyze(uint64_t *delta_his
goto out;
}
- /*
- * Ensure that we have variations in the time stamp below 100 for at
- * least 10% of all checks -- on some platforms, the counter increments
- * in multiples of 100, but not always
- */
- if (running_gcd >= 100) {
+ /* Set a sensible maximum value. */
+ if (running_gcd >= UINT32_MAX / 2) {
ret = ECOARSETIME;
goto out;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.c
+++ libgcrypt-1.10.0/random/jitterentropy-health.c
@@ -19,9 +19,24 @@
* DAMAGE.
*/
-#include "jitterentropy.h"
#include "jitterentropy-health.h"
+static jent_fips_failure_cb fips_cb = NULL;
+static int jent_health_cb_switch_blocked = 0;
+
+void jent_health_cb_block_switch(void)
+{
+ jent_health_cb_switch_blocked = 1;
+}
+
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb)
+{
+ if (jent_health_cb_switch_blocked)
+ return -EAGAIN;
+ fips_cb = cb;
+ return 0;
+}
+
/***************************************************************************
* Lag Predictor Test
*
@@ -434,5 +449,9 @@ unsigned int jent_health_failure(struct
if (!ec->fips_enabled)
return 0;
+ if (fips_cb && ec->health_failure) {
+ fips_cb(ec, ec->health_failure);
+ }
+
return ec->health_failure;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.h
+++ libgcrypt-1.10.0/random/jitterentropy-health.h
@@ -20,11 +20,16 @@
#ifndef JITTERENTROPY_HEALTH_H
#define JITTERENTROPY_HEALTH_H
+#include "jitterentropy.h"
+
#ifdef __cplusplus
extern "C"
{
#endif
+void jent_health_cb_block_switch(void);
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb);
+
static inline uint64_t jent_delta(uint64_t prev, uint64_t next)
{
return (next - prev);
Index: libgcrypt-1.10.0/random/jitterentropy-noise.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.c
+++ libgcrypt-1.10.0/random/jitterentropy-noise.c
@@ -33,7 +33,7 @@
* Update of the loop count used for the next round of
* an entropy collection.
*
- * @ec [in] entropy collector struct -- may be NULL
+ * @ec [in] entropy collector struct
* @bits [in] is the number of low bits of the timer to consider
* @min [in] is the number of bits we shift the timer value to the right at
* the end to make sure we have a guaranteed minimum value
@@ -61,16 +61,13 @@ static uint64_t jent_loop_shuffle(struct
* Mix the current state of the random number into the shuffle
* calculation to balance that shuffle a bit more.
*/
- if (ec) {
- jent_get_nstime_internal(ec, &time);
- time ^= ec->data[0];
- }
+ jent_get_nstime_internal(ec, &time);
/*
* We fold the time value as much as possible to ensure that as many
* bits of the time stamp are included as possible.
*/
- for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
+ for (i = 0; (((sizeof(time) << 3) + bits - 1) / bits) > i; i++) {
shuffle ^= time & mask;
time = time >> bits;
}
@@ -91,11 +88,11 @@ static uint64_t jent_loop_shuffle(struct
* This function injects the individual bits of the time value into the
* entropy pool using a hash.
*
- * @ec [in] entropy collector struct -- may be NULL
- * @time [in] time stamp to be injected
+ * @ec [in] entropy collector struct
+ * @time [in] time delta to be injected
* @loop_cnt [in] if a value not equal to 0 is set, use the given value as
* number of loops to perform the hash operation
- * @stuck [in] Is the time stamp identified as stuck?
+ * @stuck [in] Is the time delta identified as stuck?
*
* Output:
* updated hash context
@@ -104,17 +101,19 @@ static void jent_hash_time(struct rand_d
uint64_t loop_cnt, unsigned int stuck)
{
HASH_CTX_ON_STACK(ctx);
- uint8_t itermediary[SHA3_256_SIZE_DIGEST];
+ uint8_t intermediary[SHA3_256_SIZE_DIGEST];
uint64_t j = 0;
- uint64_t hash_loop_cnt;
#define MAX_HASH_LOOP 3
#define MIN_HASH_LOOP 0
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_HASH_LOOP + MIN_HASH_LOOP) > 63);
- hash_loop_cnt =
+ uint64_t hash_loop_cnt =
jent_loop_shuffle(ec, MAX_HASH_LOOP, MIN_HASH_LOOP);
+ /* Use the memset to shut up valgrind */
+ memset(intermediary, 0, sizeof(intermediary));
+
sha3_256_init(&ctx);
/*
@@ -125,35 +124,54 @@ static void jent_hash_time(struct rand_d
hash_loop_cnt = loop_cnt;
/*
- * This loop basically slows down the SHA-3 operation depending
- * on the hash_loop_cnt. Each iteration of the loop generates the
- * same result.
+ * This loop fills a buffer which is injected into the entropy pool.
+ * The main reason for this loop is to execute something over which we
+ * can perform a timing measurement. The injection of the resulting
+ * data into the pool is performed to ensure the result is used and
+ * the compiler cannot optimize the loop away in case the result is not
+ * used at all. Yet that data is considered "additional information"
+ * considering the terminology from SP800-90A without any entropy.
+ *
+ * Note, it does not matter which or how much data you inject, we are
+ * interested in one Keccack1600 compression operation performed with
+ * the sha3_final.
*/
for (j = 0; j < hash_loop_cnt; j++) {
- sha3_update(&ctx, ec->data, SHA3_256_SIZE_DIGEST);
- sha3_update(&ctx, (uint8_t *)&time, sizeof(uint64_t));
+ sha3_update(&ctx, intermediary, sizeof(intermediary));
+ sha3_update(&ctx, (uint8_t *)&ec->rct_count,
+ sizeof(ec->rct_count));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_cutoff,
+ sizeof(ec->apt_cutoff));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_observations,
+ sizeof(ec->apt_observations));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_count,
+ sizeof(ec->apt_count));
+ sha3_update(&ctx,(uint8_t *) &ec->apt_base,
+ sizeof(ec->apt_base));
sha3_update(&ctx, (uint8_t *)&j, sizeof(uint64_t));
+ sha3_final(&ctx, intermediary);
+ }
- /*
- * If the time stamp is stuck, do not finally insert the value
- * into the entropy pool. Although this operation should not do
- * any harm even when the time stamp has no entropy, SP800-90B
- * requires that any conditioning operation to have an identical
- * amount of input data according to section 3.1.5.
- */
+ /*
+ * Inject the data from the previous loop into the pool. This data is
+ * not considered to contain any entropy, but it stirs the pool a bit.
+ */
+ sha3_update(ec->hash_state, intermediary, sizeof(intermediary));
- /*
- * The sha3_final operations re-initialize the context for the
- * next loop iteration.
- */
- if (stuck || (j < hash_loop_cnt - 1))
- sha3_final(&ctx, itermediary);
- else
- sha3_final(&ctx, ec->data);
- }
+ /*
+ * Insert the time stamp into the hash context representing the pool.
+ *
+ * If the time stamp is stuck, do not finally insert the value into the
+ * entropy pool. Although this operation should not do any harm even
+ * when the time stamp has no entropy, SP800-90B requires that any
+ * conditioning operation to have an identical amount of input data
+ * according to section 3.1.5.
+ */
+ if (!stuck)
+ sha3_update(ec->hash_state, (uint8_t *)&time, sizeof(uint64_t));
jent_memset_secure(&ctx, SHA_MAX_CTX_SIZE);
- jent_memset_secure(itermediary, sizeof(itermediary));
+ jent_memset_secure(intermediary, sizeof(intermediary));
}
#define MAX_ACC_LOOP_BIT 7
@@ -184,13 +202,12 @@ static inline uint32_t xoshiro128starsta
static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
- uint64_t i = 0;
+ uint64_t i = 0, time = 0;
union {
uint32_t u[4];
uint8_t b[sizeof(uint32_t) * 4];
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
uint32_t addressMask;
- uint64_t acc_loop_cnt;
if (NULL == ec || NULL == ec->mem)
return;
@@ -199,7 +216,7 @@ static void jent_memaccess(struct rand_d
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
- acc_loop_cnt =
+ uint64_t acc_loop_cnt =
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
/*
@@ -213,8 +230,10 @@ static void jent_memaccess(struct rand_d
* "per-update: timing, it gets you mostly independent "per-update"
* timing, so we can now benefit from the Central Limit Theorem!
*/
- for (i = 0; i < sizeof(prngState); i++)
- prngState.b[i] ^= ec->data[i];
+ for (i = 0; i < sizeof(prngState); i++) {
+ jent_get_nstime_internal(ec, &time);
+ prngState.b[i] ^= (uint8_t)(time & 0xff);
+ }
/*
* testing purposes -- allow test app to set the counter, not
@@ -358,21 +377,21 @@ unsigned int jent_measure_jitter(struct
/**
* Generator of one 256 bit random number
- * Function fills rand_data->data
+ * Function fills rand_data->hash_state
*
* @ec [in] Reference to entropy collector
*/
void jent_random_data(struct rand_data *ec)
{
- unsigned int k = 0, safety_factor = ENTROPY_SAFETY_FACTOR;
+ unsigned int k = 0, safety_factor = 0;
- if (!ec->fips_enabled)
- safety_factor = 0;
+ if (ec->fips_enabled)
+ safety_factor = ENTROPY_SAFETY_FACTOR;
/* priming of the ->prev_time value */
jent_measure_jitter(ec, 0, NULL);
- while (1) {
+ while (!jent_health_failure(ec)) {
/* If a stuck measurement is received, repeat measurement */
if (jent_measure_jitter(ec, 0, NULL))
continue;
@@ -385,3 +404,22 @@ void jent_random_data(struct rand_data *
break;
}
}
+
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len)
+{
+ uint8_t jent_block[SHA3_256_SIZE_DIGEST];
+
+ BUILD_BUG_ON(SHA3_256_SIZE_DIGEST != (DATA_SIZE_BITS / 8));
+
+ /* The final operation automatically re-initializes the ->hash_state */
+ sha3_final(ec->hash_state, jent_block);
+ if (dst_len)
+ memcpy(dst, jent_block, dst_len);
+
+ /*
+ * Stir the new state with the data from the old state - the digest
+ * of the old data is not considered to have entropy.
+ */
+ sha3_update(ec->hash_state, jent_block, sizeof(jent_block));
+ jent_memset_secure(jent_block, sizeof(jent_block));
+}
Index: libgcrypt-1.10.0/random/jitterentropy-noise.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.h
+++ libgcrypt-1.10.0/random/jitterentropy-noise.h
@@ -31,6 +31,7 @@ unsigned int jent_measure_jitter(struct
uint64_t loop_cnt,
uint64_t *ret_current_delta);
void jent_random_data(struct rand_data *ec);
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len);
#ifdef __cplusplus
}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.c
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.c
@@ -19,6 +19,7 @@
*/
#include "jitterentropy-sha3.h"
+#include "jitterentropy.h"
/***************************************************************************
* Message Digest Implementation
@@ -380,3 +381,23 @@ int sha3_tester(void)
return 0;
}
+
+int sha3_alloc(void **hash_state)
+{
+ struct sha_ctx *tmp;
+
+ tmp = jent_zalloc(SHA_MAX_CTX_SIZE);
+ if (!tmp)
+ return 1;
+
+ *hash_state = tmp;
+
+ return 0;
+}
+
+void sha3_dealloc(void *hash_state)
+{
+ struct sha_ctx *ctx = (struct sha_ctx *)hash_state;
+
+ jent_zfree(ctx, SHA_MAX_CTX_SIZE);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.h
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.h
@@ -47,6 +47,8 @@ struct sha_ctx {
void sha3_256_init(struct sha_ctx *ctx);
void sha3_update(struct sha_ctx *ctx, const uint8_t *in, size_t inlen);
void sha3_final(struct sha_ctx *ctx, uint8_t *digest);
+int sha3_alloc(void **hash_state);
+void sha3_dealloc(void *hash_state);
int sha3_tester(void);
#ifdef __cplusplus
Index: libgcrypt-1.10.0/random/jitterentropy-timer.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-timer.c
+++ libgcrypt-1.10.0/random/jitterentropy-timer.c
@@ -202,8 +202,8 @@ int jent_notime_enable(struct rand_data
if (jent_force_internal_timer || (flags & JENT_FORCE_INTERNAL_TIMER)) {
/* Self test not run yet */
if (!jent_force_internal_timer &&
- jent_time_entropy_init(flags | JENT_FORCE_INTERNAL_TIMER,
- ec->osr))
+ jent_time_entropy_init(ec->osr,
+ flags | JENT_FORCE_INTERNAL_TIMER))
return EHEALTH;
ec->enable_notime = 1;
Index: libgcrypt-1.10.0/random/jitterentropy.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy.h
+++ libgcrypt-1.10.0/random/jitterentropy.h
@@ -49,7 +49,7 @@
***************************************************************************/
/*
- * Enable timer-less timer support
+ * Enable timer-less timer support with JENT_CONF_ENABLE_INTERNAL_TIMER
*
* In case the hardware is identified to not provide a high-resolution time
* stamp, this option enables a built-in high-resolution time stamp mechanism.
@@ -166,7 +166,7 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
- uint8_t data[SHA3_256_SIZE_DIGEST]; /* SENSITIVE Actual random number */
+ void *hash_state; /* SENSITIVE hash state entropy pool */
uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
@@ -378,28 +378,34 @@ int jent_entropy_init(void);
JENT_PRIVATE_STATIC
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
+/*
+ * Set a callback to run on health failure in FIPS mode.
+ * This function will take an action determined by the caller.
+ */
+typedef void (*jent_fips_failure_cb)(struct rand_data *ec,
+ unsigned int health_failure);
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb);
+
/* return version number of core library */
JENT_PRIVATE_STATIC
unsigned int jent_version(void);
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
/* Set a different thread handling logic for the notimer support */
JENT_PRIVATE_STATIC
int jent_entropy_switch_notime_impl(struct jent_notime_thread *new_thread);
-#endif
/* -- END of Main interface functions -- */
/* -- BEGIN timer-less threading support functions to prevent code dupes -- */
-struct jent_notime_ctx {
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
+
+struct jent_notime_ctx {
pthread_attr_t notime_pthread_attr; /* pthreads library */
pthread_t notime_thread_id; /* pthreads thread ID */
-#endif
};
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
JENT_PRIVATE_STATIC
int jent_notime_init(void **ctx);
Index: libgcrypt-1.10.0/random/jitterentropy-base-user.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base-user.h
+++ libgcrypt-1.10.0/random/jitterentropy-base-user.h
@@ -213,12 +213,12 @@ static inline void jent_get_cachesize(lo
ext = strstr(buf, "K");
if (ext) {
shift = 10;
- ext = '\0';
+ *ext = '\0';
} else {
ext = strstr(buf, "M");
if (ext) {
shift = 20;
- ext = '\0';
+ *ext = '\0';
}
}

View File

@ -0,0 +1,35 @@
--- libgcrypt-1.10.3.orig/acinclude.m4
+++ libgcrypt-1.10.3/acinclude.m4
@@ -130,10 +130,10 @@ EOF
ac_nlist=conftest.nm
if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \| cut -d \' \' -f 2 \> $ac_nlist) && test -s "$ac_nlist"; then
# See whether the symbols have a leading underscore.
- if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then
+ if grep -E '^_nm_test_func' "$ac_nlist" >/dev/null; then
ac_cv_sys_symbol_underscore=yes
else
- if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then
+ if grep -E '^nm_test_func ' "$ac_nlist" >/dev/null; then
:
else
echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD
--- libgcrypt-1.10.3.orig/src/libgcrypt-config.in
+++ libgcrypt-1.10.3/src/libgcrypt-config.in
@@ -154,7 +154,7 @@ if test "$echo_cflags" = "yes"; then
tmp=""
for i in $includes $cflags_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done
@@ -175,7 +175,7 @@ if test "$echo_libs" = "yes"; then
tmp=""
for i in $libdirs $libs_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done

View File

@ -0,0 +1,24 @@
Index: libgcrypt-1.10.2/autogen.sh
===================================================================
--- libgcrypt-1.10.2.orig/autogen.sh
+++ libgcrypt-1.10.2/autogen.sh
@@ -249,7 +249,7 @@ if [ "$myhost" = "find-version" ]; then
fi
beta=no
- if [ -e .git ]; then
+ if false; then
ingit=yes
tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
tmp=$(echo "$tmp" | sed s/^"$package"//)
@@ -265,8 +265,8 @@ if [ "$myhost" = "find-version" ]; then
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
else
ingit=no
- beta=yes
- tmp="-unknown"
+ beta=no
+ tmp=""
rev="0000000"
rvd="0"
fi

View File

@ -0,0 +1,76 @@
commit 2c5e5ab6843d747c4b877d2c6f47226f61e9ff14
Author: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun Jun 12 21:51:34 2022 +0300
ppc enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch 3.00
* cipher/chacha20.c (chacha20_do_setkey) [USE_PPC_VEC]: Enable
P10 assembly for HWF_PPC_ARCH_3_00 if ENABLE_FORCE_SOFT_HWFEATURES is
defined.
* cipher/poly1305.c (poly1305_init) [POLY1305_USE_PPC_VEC]: Likewise.
* cipher/rijndael.c (do_setkey) [USE_PPC_CRYPTO_WITH_PPC9LE]: Likewise.
---
This change allows testing P10 implementations with P9 and with QEMU-PPC.
GnuPG-bug-id: 6006
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Index: libgcrypt-1.10.2/cipher/chacha20.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/chacha20.c
+++ libgcrypt-1.10.2/cipher/chacha20.c
@@ -484,6 +484,11 @@ chacha20_do_setkey (CHACHA20_context_t *
ctx->use_ppc = (features & HWF_PPC_ARCH_2_07) != 0;
# ifndef WORDS_BIGENDIAN
ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
# endif
#endif
#ifdef USE_S390X_VX
Index: libgcrypt-1.10.2/cipher/poly1305.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/poly1305.c
+++ libgcrypt-1.10.2/cipher/poly1305.c
@@ -90,11 +90,19 @@ static void poly1305_init (poly1305_cont
const byte key[POLY1305_KEYLEN])
{
POLY1305_STATE *st = &ctx->state;
+ unsigned int features = _gcry_get_hw_features ();
#ifdef POLY1305_USE_PPC_VEC
- ctx->use_p10 = (_gcry_get_hw_features () & HWF_PPC_ARCH_3_10) != 0;
+ ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
#endif
+ (void)features;
+
ctx->leftover = 0;
st->h[0] = 0;
Index: libgcrypt-1.10.2/cipher/rijndael.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/rijndael.c
+++ libgcrypt-1.10.2/cipher/rijndael.c
@@ -605,6 +605,12 @@ do_setkey (RIJNDAEL_context *ctx, const
bulk_ops->xts_crypt = _gcry_aes_ppc9le_xts_crypt;
if (hwfeatures & HWF_PPC_ARCH_3_10) /* for P10 */
bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ if (hwfeatures & HWF_PPC_ARCH_3_00)
+ bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# endif
}
#endif
#ifdef USE_PPC_CRYPTO

1857
libgcrypt.changes Normal file

File diff suppressed because it is too large Load Diff

86
libgcrypt.keyring Normal file
View File

@ -0,0 +1,86 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

192
libgcrypt.spec Normal file
View File

@ -0,0 +1,192 @@
#
# spec file for package libgcrypt
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libsover 20
%define libsoname %{name}%{libsover}
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
Name: libgcrypt
Version: 1.11.0
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
Group: Development/Libraries/C and C++
URL: https://gnupg.org/software/libgcrypt
Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
Source3: random.conf
Source4: hwf.deny
# https://www.gnupg.org/signature_key.html
Source5: https://gnupg.org/signature_key.asc#/%{name}.keyring
Source99: libgcrypt.changes
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
Patch2: libgcrypt-nobetasuffix.patch
# FIPS patches:
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
Patch100: libgcrypt-FIPS-SLI-pk.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS: Check keylength in gcry_fips_indicator_kdf()
Patch101: libgcrypt-FIPS-SLI-kdf-leylength.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS add indicators
Patch102: libgcrypt-FIPS-SLI-hash-mac.patch
#PATCH-FIX-SUSE bsc#1202117 FIPS: Get most of the entropy from rndjent_poll
Patch104: libgcrypt-FIPS-rndjent_poll.patch
#PATCH-FIX-SUSE bsc#1220896 FIPS: Replace the built-in jitter rng with standalone version
Patch105: libgcrypt-FIPS-jitter-standalone.patch
#PATCH-FIX-SUSE bsc#1220895 FIPS: Enforce the interpretation and use of jitter rng
Patch106: libgcrypt-FIPS-jitter-errorcodes.patch
#PATCH-FIX-SUSE bsc#1220893 FIPS: Use Jitter RNG for the whole length entropy buffer
Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch
BuildRequires: automake >= 1.14
BuildRequires: libgpg-error-devel >= 1.49
BuildRequires: libtool
BuildRequires: makeinfo
BuildRequires: pkgconfig
%{?suse_build_hwcaps_libs}
%description
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%package -n %{libsoname}
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: System/Libraries
BuildRequires: jitterentropy-devel >= 3.4.0
Requires: libjitterentropy3 >= 3.4.0
Provides: %{libsoname}-hmac = %{version}-%{release}
Obsoletes: %{libsoname}-hmac < %{version}-%{release}
%description -n %{libsoname}
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).
%package devel
Summary: The GNU Crypto Library
License: GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Requires: jitterentropy-devel >= 3.4.0
Requires: libgpg-error-devel >= 1.49
%description devel
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
This package contains needed files to compile and link against the
library.
%prep
%autosetup -p1
# Rename the internal .hmac file to include the so library version
sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile.am src/Makefile.in
# Replace the built-in jitter rng with the standalone version [bsc#1220896]
find . -type f -name "jitterentropy*" -print -delete
%build
export PUBKEYS="dsa elgamal rsa ecc"
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4 aria"
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
export KDFS="s2k pkdf2 scrypt"
autoreconf -fi
date=$(date -u '+%%Y-%%m-%%dT%%H:%%M+0000' -r %{SOURCE99})
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
%configure \
--with-fips-module-version="Libgcrypt version %{version}-%{release}" \
--enable-hmac-binary-check="%{hmac_key}" \
--enable-ciphers="$CIPHERS" \
--enable-pubkey-ciphers="$PUBKEYS" \
--enable-digests="$DIGESTS" \
--enable-kdfs="$KDFS" \
--enable-noexecstack \
--disable-static \
%ifarch %{sparc}
--disable-asm \
%endif
--enable-random=getentropy \
--enable-jent-support \
%{nil}
%make_build
%check
make -k check
# run the regression tests also in FIPS mode
LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
%install
%make_install
# this is a hack that re-defines the __spec_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
cd src \
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac \
%{nil}
rm %{buildroot}%{_libdir}/%{name}.la
# Create /etc/gcrypt directory and install random.conf
mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/gcrypt/hwf.deny
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%files -n %{libsoname}
%license COPYING COPYING.LIB LICENSES
%doc AUTHORS ChangeLog NEWS README THANKS TODO
%{_libdir}/%{name}.so.*
%dir %{_sysconfdir}/gcrypt
%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
%config(noreplace) %{_sysconfdir}/gcrypt/hwf.deny
%files devel
%license COPYING COPYING.LIB LICENSES
%{_bindir}/dumpsexp
%{_bindir}/hmac256
%{_bindir}/mpicalc
%{_bindir}/%{name}-config
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/libgcrypt.pc
%{_datadir}/aclocal/%{name}.m4
%{_includedir}/gcrypt*.h
%{_infodir}/gcrypt.info*%{ext_info}*
%{_mandir}/man1/*
%changelog

9
random.conf Normal file
View File

@ -0,0 +1,9 @@
# This file can be used to globally change parameters of
# the random generator. Supported options are:
# Always use the non-blocking /dev/urandom or the respective
# system call instead of the blocking /dev/random.
# only-urandom
# Disable the use of the jitter based entropy generator.
# disable-jent