3
0
forked from pool/libgcrypt

Accepting request 420659 from security:privacy

libgcrypt 1.7.3

OBS-URL: https://build.opensuse.org/request/show/420659
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=87
This commit is contained in:
P. Janouch 2016-08-22 09:21:16 +00:00 committed by Git OBS Bridge
parent 3cd014e39c
commit b75d794f38
21 changed files with 437 additions and 3511 deletions

View File

@ -1,23 +0,0 @@
From fe272496f0f9e6e12bfa35f6f1c9d05af9feca2c Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:13:33 +0100
Subject: [PATCH v3 2/7] Compile DRBG
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
Add the drbg.c file to the Makefile.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
diff --git a/random/Makefile.am b/random/Makefile.am
index c9d587a..e073fa4 100644
--- a/random/Makefile.am
+++ b/random/Makefile.am
@@ -35,6 +35,7 @@ random.c random.h \
rand-internal.h \
random-csprng.c \
random-fips.c \
+drbg.c \
random-system.c \
rndhw.c

View File

@ -1,32 +0,0 @@
From bb91250be3eeb2309285fa9865166cb381104c81 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:14:16 +0100
Subject: [PATCH v3 3/7] Function definitions of interfaces for random.c
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
Specify the function definitions to be integrated into the common
libgcrypt RNG code.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
diff --git a/random/rand-internal.h b/random/rand-internal.h
index 79b23ac..a169a4b 100644
--- a/random/rand-internal.h
+++ b/random/rand-internal.h
@@ -88,6 +88,15 @@ gcry_err_code_t _gcry_rngfips_run_external_test (void *context,
char *buffer, size_t buflen);
void _gcry_rngfips_deinit_external_test (void *context);
+/* drbg-gcry.h */
+void _gcry_drbg_init(int full);
+void _gcry_drbg_close_fds(void);
+void _gcry_drbg_dump_stats(void);
+int _gcry_drbg_is_faked (void);
+gcry_error_t _gcry_drng_add_bytes (const void *buf, size_t buflen, int quality);
+void _gcry_drbg_randomize (void *buffer, size_t length,
+ enum gcry_random_level level);
+gcry_error_t _gcry_drbg_selftest (selftest_report_func_t report);
/*-- random-system.c --*/
void _gcry_rngsystem_initialize (int full);

View File

@ -1,132 +0,0 @@
From 6aa1bc1df0dbbf5b4cb06b86f949aa9d80f68700 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:14:58 +0100
Subject: [PATCH v3 4/7] Invoke DRBG from common libgcrypt RNG code
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
Integrate the DRBG invocation with the common libgcrypt RNG code. This
integration replaces the old ANSI X9.31 RNG invocation. As the ANSI
X9.31 shall only be invoked in FIPS mode and it is sunset at the end of
2014 for FIPS purposes, a complete replacement with the DRBG is
considered appropriate. The DRBG is FIPS approved deterministic random
number generator for the forseeable future.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
Index: libgcrypt-1.6.1/random/random.c
===================================================================
--- libgcrypt-1.6.1.orig/random/random.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/random/random.c 2014-05-06 14:51:42.350644283 +0200
@@ -153,11 +153,13 @@ _gcry_random_initialize (int full)
}
if (fips_mode ())
- _gcry_rngfips_initialize (full);
+ //_gcry_rngfips_initialize (full);
+ _gcry_drbg_init(full);
else if (rng_types.standard)
_gcry_rngcsprng_initialize (full);
else if (rng_types.fips)
- _gcry_rngfips_initialize (full);
+ _gcry_drbg_init(full);
+ //_gcry_rngfips_initialize (full);
else if (rng_types.system)
_gcry_rngsystem_initialize (full);
else
@@ -174,11 +176,13 @@ _gcry_random_close_fds (void)
the entropy gatherer. */
if (fips_mode ())
- _gcry_rngfips_close_fds ();
+ //_gcry_rngfips_close_fds ();
+ _gcry_drbg_close_fds ();
else if (rng_types.standard)
_gcry_rngcsprng_close_fds ();
else if (rng_types.fips)
- _gcry_rngfips_close_fds ();
+ //_gcry_rngfips_close_fds ();
+ _gcry_drbg_close_fds ();
else if (rng_types.system)
_gcry_rngsystem_close_fds ();
else
@@ -212,7 +216,8 @@ void
_gcry_random_dump_stats (void)
{
if (fips_mode ())
- _gcry_rngfips_dump_stats ();
+ //_gcry_rngfips_dump_stats ();
+ _gcry_drbg_dump_stats ();
else
_gcry_rngcsprng_dump_stats ();
}
@@ -271,7 +276,8 @@ int
_gcry_random_is_faked (void)
{
if (fips_mode ())
- return _gcry_rngfips_is_faked ();
+ //return _gcry_rngfips_is_faked ();
+ return _gcry_drbg_is_faked ();
else
return _gcry_rngcsprng_is_faked ();
}
@@ -301,11 +307,13 @@ static void
do_randomize (void *buffer, size_t length, enum gcry_random_level level)
{
if (fips_mode ())
- _gcry_rngfips_randomize (buffer, length, level);
+ //_gcry_rngfips_randomize (buffer, length, level);
+ _gcry_drbg_randomize (buffer, length, level);
else if (rng_types.standard)
_gcry_rngcsprng_randomize (buffer, length, level);
else if (rng_types.fips)
- _gcry_rngfips_randomize (buffer, length, level);
+ //_gcry_rngfips_randomize (buffer, length, level);
+ _gcry_drbg_randomize (buffer, length, level);
else if (rng_types.system)
_gcry_rngsystem_randomize (buffer, length, level);
else /* default */
@@ -437,7 +445,8 @@ _gcry_create_nonce (void *buffer, size_t
nonce generator which is seeded by the RNG actual in use. */
if (fips_mode ())
{
- _gcry_rngfips_create_nonce (buffer, length);
+ //_gcry_rngfips_create_nonce (buffer, length);
+ _gcry_drbg_randomize (buffer, length, GCRY_WEAK_RANDOM);
return;
}
@@ -514,7 +523,8 @@ gpg_error_t
_gcry_random_selftest (selftest_report_func_t report)
{
if (fips_mode ())
- return _gcry_rngfips_selftest (report);
+ //return _gcry_rngfips_selftest (report);
+ return _gcry_drbg_selftest (report);
else
return 0; /* No selftests yet. */
}
@@ -530,6 +540,7 @@ _gcry_random_init_external_test (void **
const void *seed, size_t seedlen,
const void *dt, size_t dtlen)
{
+ return GPG_ERR_NOT_SUPPORTED;
(void)flags;
if (fips_mode ())
return _gcry_rngfips_init_external_test (r_context, flags, key, keylen,
@@ -544,6 +555,7 @@ _gcry_random_init_external_test (void **
gcry_err_code_t
_gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
{
+ return GPG_ERR_NOT_SUPPORTED;
if (fips_mode ())
return _gcry_rngfips_run_external_test (context, buffer, buflen);
else
@@ -554,6 +566,7 @@ _gcry_random_run_external_test (void *co
void
_gcry_random_deinit_external_test (void *context)
{
+ return;
if (fips_mode ())
_gcry_rngfips_deinit_external_test (context);
}

View File

@ -1,31 +0,0 @@
From 67106d6e63ae5aff91e8fc7072def4c027546d39 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:15:43 +0100
Subject: [PATCH v3 5/7] Function definitions for gcry_control callbacks
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
The function definitions implemented in drbg.c which are used for
gcry_control.
Changes v3:
* Remove of set_entropy function call
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
diff --git a/random/random.h b/random/random.h
index 2bc8cab..343b149 100644
--- a/random/random.h
+++ b/random/random.h
@@ -54,7 +54,9 @@ gcry_err_code_t _gcry_random_run_external_test (void *context,
char *buffer, size_t buflen);
void _gcry_random_deinit_external_test (void *context);
-
+/*-- drbg.c --*/
+gpg_err_code_t _gcry_drbg_reinit (u_int32_t flags, struct drbg_string *pers,
+ struct drbg_test_data *test_data);
/*-- rndegd.c --*/
gpg_error_t _gcry_rndegd_set_socket_name (const char *name);

View File

@ -1,63 +0,0 @@
From bac07e2002f1de9b9ffad477135a67b1bdcf5d85 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:16:24 +0100
Subject: [PATCH v3 6/7] DRBG specific gcry_control requests
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
gcry_control GCRYCTL_DRBG_REINIT
================================
This control request re-initializes the DRBG completely, i.e. the entire
state of the DRBG is zeroized (with two exceptions listed in
GCRYCTL_DRBG_SET_ENTROPY).
The control request takes the following values which influences how
the DRBG is re-initialized:
* __u32 flags: This variable specifies the DRBG type to be used for the
next initialization. If set to 0, the previous DRBG type is
used for the initialization. The DRBG type is an OR of the
mandatory flags of the requested DRBG strength and DRBG
cipher type. Optionally, the prediction resistance flag
can be ORed into the flags variable. For example:
- CTR-DRBG with AES-128 without prediction
resistance:
DRBG_CTRAES128
- HMAC-DRBG with SHA-512 with prediction resistance:
DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
* struct drbg_string *pers: personalization string to be used for
initialization.
* struct drbg_test_data *test: TEST parameter only -- should be NULL in
normal use -- parameter sets predefined
"entropy"
The variable of flags is independent from the pers/perslen variables. If
flags is set to 0 and perslen is set to 0, the current DRBG type is
completely reset without using a personalization string.
Changes v3:
* addition of struct drbg_test_data *test to reinit call
* change personalization string invocation to struct drbg_string
* remove set_entropy call
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
diff --git a/src/global.c b/src/global.c
index 4e8df86..5c19cca 100644
--- a/src/global.c
+++ b/src/global.c
@@ -671,6 +671,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
rc = GPG_ERR_NOT_IMPLEMENTED;
break;
+ case GCRYCTL_DRBG_REINIT:
+ {
+ u_int32_t flags = va_arg (arg_ptr, u_int32_t);
+ struct drbg_string *pers = va_arg (arg_ptr, struct drbg_string *);
+ struct drbg_test_data *test_data = va_arg (arg_ptr, struct drbg_test_data *);
+ rc = _gcry_drbg_reinit(flags, pers, test_data);
+ }
+ break;
+
default:
_gcry_set_preferred_rng_type (0);
rc = GPG_ERR_INV_OP;

View File

@ -1,9 +1,9 @@
Index: libgcrypt-1.6.1/tests/drbg_test.c
Index: libgcrypt-1.7.2/tests/drbg_test.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ libgcrypt-1.6.1/tests/drbg_test.c 2014-09-02 16:49:42.279449470 +0200
@@ -0,0 +1,1279 @@
+/* DRBG test for libgcryt
+++ libgcrypt-1.7.2/tests/drbg_test.c 2016-08-16 16:04:52.289060124 +0200
@@ -0,0 +1,1332 @@
+/* DRBG test for libgcrypt
+ Copyright (C) 2014 Stephan Mueller <smueller@chronox.de>
+
+ Compile:
@ -17,69 +17,155 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+#include <config.h>
+#endif
+#include <getopt.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <asm/types.h>
+#include <types.h>
+#include <unistd.h>
+#include "gcrypt.h"
+
+/* The following definitions are taken verbatim from random/random-drbg.c.
+ * libgcrypt upstream removed the public apis from gcrypt.h in
+ * http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fd13372fa9069d3a72947ea59c57e33637c936bf
+ */
+/******************************************************************
+ * Constants
+ ******************************************************************/
+
+/*
+ * DRBG flags bitmasks
+ *
+ * 31 (B) 28 19 (A) 0
+ * +-+-+-+--------+---+-----------+-----+
+ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
+ * +-+-+-+--------+- -+-----------+-----+
+ * ctl flg| |drbg use selection flags
+ *
+ */
+
+/* Internal state control flags (B) */
+#define DRBG_PREDICTION_RESIST ((u32)1<<28)
+
+/* CTR type modifiers (A.1)*/
+#define DRBG_CTRAES ((u32)1<<0)
+#define DRBG_CTRSERPENT ((u32)1<<1)
+#define DRBG_CTRTWOFISH ((u32)1<<2)
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT \
+ | DRBG_CTRTWOFISH)
+
+/* HASH type modifiers (A.2)*/
+#define DRBG_HASHSHA1 ((u32)1<<4)
+#define DRBG_HASHSHA224 ((u32)1<<5)
+#define DRBG_HASHSHA256 ((u32)1<<6)
+#define DRBG_HASHSHA384 ((u32)1<<7)
+#define DRBG_HASHSHA512 ((u32)1<<8)
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \
+ | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
+ | DRBG_HASHSHA512)
+/* type modifiers (A.3)*/
+#define DRBG_HMAC ((u32)1<<12)
+#define DRBG_SYM128 ((u32)1<<13)
+#define DRBG_SYM192 ((u32)1<<14)
+#define DRBG_SYM256 ((u32)1<<15)
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 \
+ | DRBG_SYM256)
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK \
+ | DRBG_TYPE_MASK)
+
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
+ | DRBG_HMAC)
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
+ | DRBG_HMAC)
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
+ | DRBG_HMAC)
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
+ | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
+
+
+/* The default DRGB type. */
+#define DRBG_DEFAULT_TYPE DRBG_NOPR_HMACSHA256
+
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
+
+/* bin/hex conversion stolen from OpenSSL */
+static int bin2hex(const unsigned char *in,int len,char *out)
+static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+static char hex_char(unsigned int bin, int u)
+{
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1=0,n2=0 ; n1 < len ; ++n1)
+ {
+ ch=in[n1] >> 4;
+ if (ch <= 0x09)
+ out[n2++]=ch+'0';
+ else
+ out[n2++]=ch-10+'a';
+ ch=in[n1] & 0x0f;
+ if(ch <= 0x09)
+ out[n2++]=ch+'0';
+ else
+ out[n2++]=ch-10+'a';
+ }
+ out[n2]='\0';
+ return n2;
+ if (bin < sizeof(hex_char_map_l))
+ return (u) ? hex_char_map_u[bin] : hex_char_map_l[bin];
+ return 'X';
+}
+
+int hex2bin(const char *in, unsigned char *out)
+/*
+ * Convert binary string into hex representation
+ * @bin input buffer with binary data
+ * @binlen length of bin
+ * @hex output buffer to store hex data
+ * @hexlen length of already allocated hex buffer (should be at least
+ * twice binlen -- if not, only a fraction of binlen is converted)
+ * @u case of hex characters (0=>lower case, 1=>upper case)
+ */
+static void bin2hex(const unsigned char *bin, size_t binlen,
+ char *hex, size_t hexlen, int u)
+{
+ int n1, n2;
+ unsigned char ch;
+ size_t i = 0;
+ size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
+
+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
+ { /* first byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ if(!in[n1])
+ {
+ out[n2++]=ch;
+ break;
+ }
+ out[n2] = ch << 4;
+ /* second byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ out[n2++] |= ch;
+ for (i = 0; i < chars; i++) {
+ hex[(i*2)] = hex_char((bin[i] >> 4), u);
+ hex[((i*2)+1)] = hex_char((bin[i] & 0x0f), u);
+ }
+}
+
+static int bin_char(unsigned char hex)
+{
+ if (48 <= hex && 57 >= hex)
+ return (hex - 48);
+ if (65 <= hex && 70 >= hex)
+ return (hex - 55);
+ if (97 <= hex && 102 >= hex)
+ return (hex - 87);
+ return 0;
+}
+/*
+ * Convert hex representation into binary string
+ * @hex input buffer with hex representation
+ * @hexlen length of hex
+ * @bin output buffer with binary data
+ * @binlen length of already allocated bin buffer (should be at least
+ * half of hexlen -- if not, only a fraction of hexlen is converted)
+ */
+static void hex2bin(const unsigned char *hex, size_t hexlen,
+ unsigned char *bin, size_t binlen)
+{
+ size_t i = 0;
+ size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
+
+ for (i = 0; i < chars; i++) {
+ bin[i] = bin_char(hex[(i*2)]) << 4;
+ bin[i] |= bin_char(hex[((i*2)+1)]);
+ }
+ return n2;
+}
+
+/* Print a error message and exit the process with an error code. */
@ -95,7 +181,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+}
+
+
+struct drbg_test_vector
+struct gcry_drbg_test_vector
+{
+ u_int32_t flags; /* flags selecting the DRBG type */
+ unsigned char *entropy; /* entropy string for initialization -- this
@ -120,7 +206,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ size_t expectedlen; /* length of expected random value */
+};
+
+struct drbg_test_vector drbg_test_pr[] = {
+struct gcry_drbg_test_vector drbg_test_pr[] = {
+ {
+ .flags = (DRBG_PR_HASHSHA256),
+ .entropy = (unsigned char *)
@ -549,7 +635,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ },
+};
+
+struct drbg_test_vector drbg_test_nopr[] = {
+struct gcry_drbg_test_vector drbg_test_nopr[] = {
+ {
+ .flags = DRBG_NOPR_HASHSHA256,
+ .entropy = (unsigned char *)
@ -927,57 +1013,22 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ },
+};
+
+
+/*
+ * CAVS Test driver
+ *
+ * @test: one test vector
+ * @pr: true/false for enabling or disabling prediction resistance
+ */
+int drbg_cavs_test(struct drbg_test_vector *test, unsigned char *buf,
+ size_t buflen)
+{
+ int ret = -1;
+ struct drbg_test_data test_data;
+ struct drbg_string addtl, pers, testentropy;
+
+ test_data.testentropy = &testentropy;
+ drbg_string_fill(&testentropy, test->entropy, test->entropylen);
+ drbg_string_fill(&pers, test->pers, test->perslen);
+ ret = gcry_control(GCRYCTL_DRBG_REINIT, test->flags, &pers, &test_data);
+ if(ret)
+ {
+ printf("Test FAIL: re-init DRBG with test entropy\n");
+ return ret;
+ }
+
+ drbg_string_fill(&addtl, test->addtla, test->addtllen);
+ if(test->entpra)
+ drbg_string_fill(&testentropy, test->entpra, test->entprlen);
+ gcry_randomize_drbg_test(buf, buflen, GCRY_STRONG_RANDOM, &addtl,
+ &test_data);
+
+ drbg_string_fill(&addtl, test->addtlb, test->addtllen);
+ if(test->entpra)
+ drbg_string_fill(&testentropy, test->entprb, test->entprlen);
+
+ gcry_randomize_drbg_test(buf, buflen, GCRY_STRONG_RANDOM, &addtl,
+ &test_data);
+
+ return ret;
+}
+
+struct drbg_flags
+{
+ u_int32_t flags;
+};
+
+gpg_err_code_t
+gcry_drbg_cavs_test (struct gcry_drbg_test_vector *test, unsigned char *buf);
+extern gpg_err_code_t
+gcry_drbg_healthcheck_one (struct gcry_drbg_test_vector *test);
+
+void builtin_test(void)
+{
+ /* this must be larger than 128 as otherwise there is a crash */
+#define OUTLEN 150
+ char rndbuf[OUTLEN];
+ char out[200];
+ char out[(OUTLEN * 2 + 1)];
+ int i = 0;
+ int ret = 0;
+ int result = 0;
@ -1013,8 +1064,10 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ if(0 == ret)
+ {
+ printf("Test PASS: enabling DRBG %d\n", i);
+ memset(rndbuf, 0, OUTLEN);
+ gcry_randomize(&rndbuf, OUTLEN, GCRY_STRONG_RANDOM);
+ bin2hex(rndbuf, OUTLEN, out);
+ memset(out, 0, sizeof(out));
+ bin2hex(rndbuf, OUTLEN, out, sizeof(out), 0);
+ printf("Test PASS: gcry_randomize generated strong random bytes for DRBG %d: %s\n", i, out);
+ }
+ else
@ -1033,8 +1086,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ for(i = 0; ARRAY_SIZE(drbg_test_nopr) > i; i++)
+ {
+ memset(rndbuf, 0, drbg_test_nopr[i].expectedlen);
+ drbg_cavs_test(&drbg_test_nopr[i], rndbuf, drbg_test_nopr[i].expectedlen);
+ ret = memcmp(drbg_test_nopr[i].expected, rndbuf, drbg_test_nopr[i].expectedlen);
+ ret = gcry_control(75, &drbg_test_nopr[i], NULL);
+ if(ret)
+ printf("CAVS test (nopr) FAILED %d, testdef %d\n", ret, i);
+ else
@ -1045,8 +1097,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ for(i = 0; ARRAY_SIZE(drbg_test_pr) > i; i++)
+ {
+ memset(rndbuf, 0, drbg_test_pr[i].expectedlen);
+ drbg_cavs_test(&drbg_test_pr[i], rndbuf, drbg_test_pr[i].expectedlen);
+ ret = memcmp(drbg_test_pr[i].expected, rndbuf, drbg_test_pr[i].expectedlen);
+ ret = gcry_control(75, &drbg_test_pr[i], NULL);
+ if(ret)
+ printf("CAVS test (pr) FAILED %d, testdef %d\n", ret, i);
+ else
@ -1076,7 +1127,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+
+}
+
+static void generate_test(struct drbg_test_vector *test)
+static void generate_test(struct gcry_drbg_test_vector *test)
+{
+ unsigned char *buf;
+#define DATALEN 10
@ -1090,7 +1141,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+
+ if (test && test->flags)
+ {
+ if (gcry_control(GCRYCTL_DRBG_REINIT, test->flags, NULL, NULL))
+ if (gcry_control(GCRYCTL_DRBG_REINIT, test->flags, NULL))
+ {
+ printf("Test FAIL: re-init DRBG with test entropy\n");
+ return;
@ -1108,6 +1159,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ }
+
+ gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
+ write(1, buf, len);
+ free (buf);
+ }
+}
@ -1140,7 +1192,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ }
+
+ tmp = drbg_malloc(tmplen);
+ hex2bin(in, tmp);
+ hex2bin(in, strlen(in), tmp, tmplen);
+ *out = tmp;
+ *len = tmplen;
+}
@ -1167,13 +1219,12 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+main (int argc, char **argv)
+{
+ int c = 0;
+ long len = 0;
+ unsigned char *buf;
+ unsigned char *outbuf;
+ struct drbg_test_vector exttest;
+ struct gcry_drbg_test_vector exttest;
+#define MAXDATA 256
+
+ memset(&exttest, 0, sizeof(struct drbg_test_vector));
+ memset(&exttest, 0, sizeof(struct gcry_drbg_test_vector));
+ gcry_control (GCRYCTL_SET_VERBOSITY, 2);
+ gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+ if (!gcry_check_version ("1.5.0"))
@ -1233,32 +1284,34 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ hex2bin_m(optarg, &exttest.pers, &exttest.perslen);
+ break;
+ case 'l':
+ len = atol(optarg);
+ exttest.expectedlen = atoi(optarg);
+ break;
+ default:
+ usage();
+ }
+ }
+
+ if (0 >= len)
+ if (0 >= exttest.expectedlen)
+ usage();
+
+ buf = malloc(len);
+ buf = malloc(exttest.expectedlen);
+ if(!buf) {
+ fprintf(stderr, "Cannot allocate %li bytes\n", len);
+ fprintf(stderr, "Cannot allocate %li bytes\n", exttest.expectedlen);
+ return -1;
+ }
+ outbuf = malloc(len * 2 + 1);
+ outbuf = malloc(exttest.expectedlen * 2 + 1);
+ if(!outbuf) {
+ fprintf(stderr, "Cannot allocate %li bytes\n", (len*2+1));
+ fprintf(stderr, "Cannot allocate %li bytes\n",
+ (exttest.expectedlen*2+1));
+ return -1;
+ }
+ memset(outbuf, 0, len * 2 + 1);
+ memset(outbuf, 0, exttest.expectedlen * 2 + 1);
+ if (exttest.entropy)
+ drbg_cavs_test(&exttest, buf, len);
+ gcry_control(75, &exttest, buf);
+ else
+ gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
+ bin2hex(buf, len, outbuf);
+ gcry_randomize(buf, exttest.expectedlen, GCRY_STRONG_RANDOM);
+ bin2hex(buf, exttest.expectedlen,
+ outbuf, exttest.expectedlen * 2 + 1, 0);
+
+ printf("%s\n", outbuf);
+
@ -1282,11 +1335,11 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
+ return 0;
+}
+
Index: libgcrypt-1.6.1/Makefile.am
Index: libgcrypt-1.7.2/Makefile.am
===================================================================
--- libgcrypt-1.6.1.orig/Makefile.am 2014-01-12 12:19:50.000000000 +0100
+++ libgcrypt-1.6.1/Makefile.am 2014-09-02 16:51:10.315504510 +0200
@@ -36,6 +36,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
--- libgcrypt-1.7.2.orig/Makefile.am 2016-08-16 15:57:43.397736723 +0200
+++ libgcrypt-1.7.2/Makefile.am 2016-08-16 15:57:44.341752563 +0200
@@ -42,6 +42,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
DISTCLEANFILES =

View File

@ -1,6 +1,7 @@
diff -up libgcrypt-1.6.1/tests/cavs_driver.pl.cavs libgcrypt-1.6.1/tests/cavs_driver.pl
--- libgcrypt-1.6.1/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
+++ libgcrypt-1.6.1/tests/cavs_driver.pl 2014-02-28 14:46:16.436544639 +0100
Index: libgcrypt-1.7.2/tests/cavs_driver.pl
===================================================================
--- libgcrypt-1.7.2.orig/tests/cavs_driver.pl
+++ libgcrypt-1.7.2/tests/cavs_driver.pl
@@ -1,9 +1,11 @@
#!/usr/bin/env perl
#
@ -674,9 +675,10 @@ diff -up libgcrypt-1.6.1/tests/cavs_driver.pl.cavs libgcrypt-1.6.1/tests/cavs_dr
$dsa_sign = \&libgcrypt_dsa_sign;
$dsa_verify = \&libgcrypt_dsa_verify;
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
diff -up libgcrypt-1.6.1/tests/cavs_tests.sh.cavs libgcrypt-1.6.1/tests/cavs_tests.sh
--- libgcrypt-1.6.1/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
+++ libgcrypt-1.6.1/tests/cavs_tests.sh 2014-02-28 14:46:16.437544662 +0100
Index: libgcrypt-1.7.2/tests/cavs_tests.sh
===================================================================
--- libgcrypt-1.7.2.orig/tests/cavs_tests.sh
+++ libgcrypt-1.7.2/tests/cavs_tests.sh
@@ -55,7 +55,7 @@ function run_one_test () {
[ -d "$respdir" ] || mkdir "$respdir"
[ -f "$rspfile" ] && rm "$rspfile"
@ -686,10 +688,11 @@ diff -up libgcrypt-1.6.1/tests/cavs_tests.sh.cavs libgcrypt-1.6.1/tests/cavs_tes
dflag="-D"
fi
diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
--- libgcrypt-1.6.1/tests/fipsdrv.c.cavs 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/fipsdrv.c 2014-02-28 14:46:16.437544662 +0100
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
Index: libgcrypt-1.7.2/tests/fipsdrv.c
===================================================================
--- libgcrypt-1.7.2.orig/tests/fipsdrv.c
+++ libgcrypt-1.7.2/tests/fipsdrv.c
@@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf;
@ -699,7 +702,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2;
@@ -1675,14 +1678,14 @@ run_rsa_verify (const void *data, size_t
@@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
/* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */
static gcry_sexp_t
@ -717,7 +720,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err));
@@ -1700,7 +1703,7 @@ dsa_gen (int keysize)
@@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
/* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */
static gcry_sexp_t
@ -726,7 +729,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
{
gpg_error_t err;
gcry_sexp_t keyspec, key;
@@ -1709,10 +1712,11 @@ dsa_gen_with_seed (int keysize, const vo
@@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
"(genkey"
" (dsa"
" (nbits %d)"
@ -740,7 +743,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err));
@@ -1720,6 +1724,37 @@ dsa_gen_with_seed (int keysize, const vo
@@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
err = gcry_pk_genkey (&key, keyspec);
if (err)
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
@ -778,7 +781,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
gcry_sexp_release (keyspec);
@@ -1732,7 +1767,7 @@ dsa_gen_with_seed (int keysize, const vo
@@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
with one parameter per line in hex format using this order: p, q,
g, seed, counter, h. */
static void
@ -787,7 +790,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
{
gcry_sexp_t l1, l2;
gcry_mpi_t mpi;
@@ -1768,6 +1803,9 @@ print_dsa_domain_parameters (gcry_sexp_t
@@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
}
gcry_sexp_release (l1);
@ -797,7 +800,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
/* Extract the seed values. */
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
if (!l1)
@@ -1819,38 +1857,106 @@ print_dsa_domain_parameters (gcry_sexp_t
@@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
}
@ -914,7 +917,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
fp = fopen (filename, "wb");
if (!fp)
@@ -1863,6 +1969,53 @@ run_dsa_gen (int keysize, const char *fi
@@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
}
@ -968,7 +971,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
/* Sign DATA of length DATALEN using the key taken from the S-expression
encoded KEYFILE. */
@@ -1872,11 +2025,16 @@ run_dsa_sign (const void *data, size_t d
@@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
{
gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
@ -988,7 +991,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -1887,8 +2045,6 @@ run_dsa_sign (const void *data, size_t d
@@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err));
@ -997,7 +1000,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
err = gcry_pk_sign (&s_sig, s_data, s_key);
if (err)
{
@@ -1964,13 +2120,18 @@ run_dsa_verify (const void *data, size_t
@@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
{
gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig;
@ -1005,11 +1008,11 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
+ char hash[128];
gcry_mpi_t tmpmpi;
+ int algo;
+
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
+
+ gcry_md_hash_buffer (algo, hash, data, datalen);
/* Note that we can't simply use %b with HASH to build the
S-expression, because that might yield a negative value. */
@ -1019,7 +1022,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -1981,7 +2142,6 @@ run_dsa_verify (const void *data, size_t
@@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err));
@ -1027,24 +1030,24 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
s_sig = read_sexp_from_file (sigfile);
err = gcry_pk_verify (s_sig, s_data, s_key);
@@ -2014,7 +2174,7 @@ usage (int show_help)
"Run a crypto operation using hex encoded input and output.\n"
@@ -2304,7 +2464,7 @@ usage (int show_help)
"MODE:\n"
" encrypt, decrypt, digest, random, hmac-sha,\n"
- " rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n"
+ " rsa-{derive,gen,sign,verify}, dsa-{pq-gen,g-gen,gen,sign,verify}\n"
" rsa-{derive,gen,sign,verify},\n"
- " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
+ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
"OPTIONS:\n"
" --verbose Print additional information\n"
" --binary Input and output is in binary form\n"
@@ -2024,6 +2184,7 @@ usage (int show_help)
" --dt DT Use the hex encoded DT for the RNG\n"
@@ -2315,6 +2475,7 @@ usage (int show_help)
" --algo NAME Use algorithm NAME\n"
" --curve NAME Select ECC curve spec NAME\n"
" --keysize N Use a keysize of N bits\n"
+ " --qize N Use a DSA q parameter size of N bits\n"
" --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n"
@@ -2050,6 +2211,7 @@ main (int argc, char **argv)
@@ -2344,6 +2505,7 @@ main (int argc, char **argv)
const char *dt_string = NULL;
const char *algo_string = NULL;
const char *keysize_string = NULL;
@ -1052,7 +1055,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
const char *signature_string = NULL;
FILE *input;
void *data;
@@ -2143,6 +2305,14 @@ main (int argc, char **argv)
@@ -2437,6 +2599,14 @@ main (int argc, char **argv)
keysize_string = *argv;
argc--; argv++;
}
@ -1067,17 +1070,16 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
else if (!strcmp (*argv, "--signature"))
{
argc--; argv++;
@@ -2463,23 +2633,49 @@ main (int argc, char **argv)
@@ -2792,23 +2962,49 @@ main (int argc, char **argv)
}
else if (!strcmp (mode_string, "dsa-pqg-gen"))
{
- int keysize;
+ int keysize, qsize;
keysize = keysize_string? atoi (keysize_string) : 0;
if (keysize < 1024 || keysize > 3072)
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
+
+ keysize = keysize_string? atoi (keysize_string) : 0;
+ if (keysize < 1024 || keysize > 3072)
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
@ -1086,10 +1088,11 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
+ else if (!strcmp (mode_string, "dsa-g-gen"))
+ {
+ int keysize, qsize;
+
+ keysize = keysize_string? atoi (keysize_string) : 0;
+ if (keysize < 1024 || keysize > 3072)
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
keysize = keysize_string? atoi (keysize_string) : 0;
if (keysize < 1024 || keysize > 3072)
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");

View File

@ -1,55 +1,8 @@
Index: libgcrypt-1.6.1/random/random-fips.c
Index: libgcrypt-1.7.2/random/rndlinux.c
===================================================================
--- libgcrypt-1.6.1.orig/random/random-fips.c
+++ libgcrypt-1.6.1/random/random-fips.c
@@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of
random quality:
- Generator Seed and Key Kernel entropy (init/reseed)
- ------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ Generator Seed and Key Kernel entropy (init/reseed)
+ ---------------------------------------------------------------------------------------
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the
@@ -40,8 +40,10 @@
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
- keyed and seeded from the /dev/random device. Thus these
- generators may block until the kernel has collected enough entropy.
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
+ if the device or symlink to device exists xored with the data
+ from the /dev/urandom device. This allows the system administrator
+ to always seed the RNGs from /dev/random if it is required.
The gcry_create_nonce generator is keyed and seeded from the
GCRY_STRONG_RANDOM generator. It may also block if the
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
entropy_collect_buffer_len = 0;
#if USE_RNDLINUX
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
+ X931_AES_KEYLEN,
+ -1);
+ entropy_collect_buffer_len = 0;
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDW32
do
{
Index: libgcrypt-1.6.1/random/rndlinux.c
===================================================================
--- libgcrypt-1.6.1.orig/random/rndlinux.c
+++ libgcrypt-1.6.1/random/rndlinux.c
@@ -36,7 +36,9 @@
--- libgcrypt-1.7.2.orig/random/rndlinux.c
+++ libgcrypt-1.7.2/random/rndlinux.c
@@ -40,7 +40,9 @@
#include "g10lib.h"
#include "rand-internal.h"
@ -60,7 +13,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
static int
@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
* a fatal error but retries until it is able to reopen the device.
*/
static int
@ -69,7 +22,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
{
int fd;
@@ -67,6 +69,8 @@ open_device (const char *name, int retry
@@ -71,6 +73,8 @@ open_device (const char *name, int retry
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
again:
fd = open (name, O_RDONLY);
@ -78,7 +31,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
if (fd == -1 && retry)
{
struct timeval tv;
@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
@ -86,7 +39,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
static unsigned char ever_opened;
int fd;
int n;
@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
close (fd_urandom);
fd_urandom = -1;
}
@ -98,7 +51,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
return 0;
}
@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */

View File

@ -1,7 +1,8 @@
diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhelp.h
--- libgcrypt-1.6.3/cipher/bufhelp.h.aliasing 2015-02-27 10:54:03.000000000 +0100
+++ libgcrypt-1.6.3/cipher/bufhelp.h 2015-03-13 15:03:43.301749751 +0100
@@ -80,7 +80,7 @@ do_bytes:
Index: libgcrypt-1.7.2/cipher/bufhelp.h
===================================================================
--- libgcrypt-1.7.2.orig/cipher/bufhelp.h
+++ libgcrypt-1.7.2/cipher/bufhelp.h
@@ -91,7 +91,7 @@ do_bytes:
for (; len; len--)
*dst++ = *src++;
#endif /*__GNUC__ >= 4 && (__x86_64__ || __i386__)*/
@ -10,7 +11,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
/* Optimized function for buffer xoring */
@@ -117,7 +117,7 @@ do_bytes:
@@ -128,7 +128,7 @@ do_bytes:
/* Handle tail. */
for (; len; len--)
*dst++ = *src1++ ^ *src2++;
@ -18,8 +19,8 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
+} __attribute__ ((optimize("no-strict-aliasing")))
/* Optimized function for buffer xoring with two destination buffers. Used
@@ -155,7 +155,7 @@ do_bytes:
/* Optimized function for in-place buffer xoring. */
@@ -200,7 +200,7 @@ do_bytes:
/* Handle tail. */
for (; len; len--)
*dst1++ = (*dst2++ ^= *src++);
@ -28,7 +29,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
/* Optimized function for combined buffer xoring and copying. Used by mainly
@@ -208,7 +208,7 @@ do_bytes:
@@ -253,7 +253,7 @@ do_bytes:
*dst_xor++ = *srcdst_cpy ^ *src_xor++;
*srcdst_cpy++ = temp;
}
@ -37,7 +38,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
/* Optimized function for combined buffer xoring and copying. Used by mainly
@@ -234,7 +234,7 @@ buf_eq_const(const void *_a, const void
@@ -279,7 +279,7 @@ buf_eq_const(const void *_a, const void
diff -= !!(a[i] - b[i]);
return !diff;
@ -46,7 +47,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
@@ -246,14 +246,14 @@ static inline u32 buf_get_be32(const voi
@@ -291,14 +291,14 @@ static inline u32 buf_get_be32(const voi
const byte *in = _buf;
return ((u32)in[0] << 24) | ((u32)in[1] << 16) | \
((u32)in[2] << 8) | (u32)in[3];
@ -63,7 +64,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
static inline void buf_put_be32(void *_buf, u32 val)
{
@@ -262,7 +262,7 @@ static inline void buf_put_be32(void *_b
@@ -307,7 +307,7 @@ static inline void buf_put_be32(void *_b
out[1] = val >> 16;
out[2] = val >> 8;
out[3] = val;
@ -72,16 +73,16 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
static inline void buf_put_le32(void *_buf, u32 val)
{
@@ -271,7 +271,7 @@ static inline void buf_put_le32(void *_b
@@ -316,7 +316,7 @@ static inline void buf_put_le32(void *_b
out[2] = val >> 16;
out[1] = val >> 8;
out[0] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#ifdef HAVE_U64_TYPEDEF
/* Functions for loading and storing unaligned u64 values of different
@@ -283,7 +283,7 @@ static inline u64 buf_get_be64(const voi
@@ -328,7 +328,7 @@ static inline u64 buf_get_be64(const voi
((u64)in[2] << 40) | ((u64)in[3] << 32) | \
((u64)in[4] << 24) | ((u64)in[5] << 16) | \
((u64)in[6] << 8) | (u64)in[7];
@ -90,7 +91,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
static inline u64 buf_get_le64(const void *_buf)
{
@@ -292,7 +292,7 @@ static inline u64 buf_get_le64(const voi
@@ -337,7 +337,7 @@ static inline u64 buf_get_le64(const voi
((u64)in[5] << 40) | ((u64)in[4] << 32) | \
((u64)in[3] << 24) | ((u64)in[2] << 16) | \
((u64)in[1] << 8) | (u64)in[0];
@ -99,7 +100,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
static inline void buf_put_be64(void *_buf, u64 val)
{
@@ -305,7 +305,7 @@ static inline void buf_put_be64(void *_b
@@ -350,7 +350,7 @@ static inline void buf_put_be64(void *_b
out[5] = val >> 16;
out[6] = val >> 8;
out[7] = val;
@ -108,70 +109,70 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
static inline void buf_put_le64(void *_buf, u64 val)
{
@@ -318,7 +318,7 @@ static inline void buf_put_le64(void *_b
@@ -363,7 +363,7 @@ static inline void buf_put_le64(void *_b
out[2] = val >> 16;
out[1] = val >> 8;
out[0] = val;
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#endif /*HAVE_U64_TYPEDEF*/
#else /*BUFHELP_FAST_UNALIGNED_ACCESS*/
@@ -328,24 +328,24 @@ static inline void buf_put_le64(void *_b
@@ -377,24 +377,24 @@ typedef struct bufhelp_u32_s
static inline u32 buf_get_be32(const void *_buf)
{
return be_bswap32(*(const u32 *)_buf);
return be_bswap32(((const bufhelp_u32_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u32 buf_get_le32(const void *_buf)
{
return le_bswap32(*(const u32 *)_buf);
return le_bswap32(((const bufhelp_u32_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be32(void *_buf, u32 val)
{
u32 *out = _buf;
*out = be_bswap32(val);
bufhelp_u32_t *out = _buf;
out->a = be_bswap32(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le32(void *_buf, u32 val)
{
u32 *out = _buf;
*out = le_bswap32(val);
bufhelp_u32_t *out = _buf;
out->a = le_bswap32(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#ifdef HAVE_U64_TYPEDEF
/* Functions for loading and storing unaligned u64 values of different
@@ -353,24 +353,24 @@ static inline void buf_put_le32(void *_b
typedef struct bufhelp_u64_s
@@ -407,24 +407,24 @@ typedef struct bufhelp_u64_s
static inline u64 buf_get_be64(const void *_buf)
{
return be_bswap64(*(const u64 *)_buf);
return be_bswap64(((const bufhelp_u64_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline u64 buf_get_le64(const void *_buf)
{
return le_bswap64(*(const u64 *)_buf);
return le_bswap64(((const bufhelp_u64_t *)_buf)->a);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_be64(void *_buf, u64 val)
{
u64 *out = _buf;
*out = be_bswap64(val);
bufhelp_u64_t *out = _buf;
out->a = be_bswap64(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
static inline void buf_put_le64(void *_buf, u64 val)
{
u64 *out = _buf;
*out = le_bswap64(val);
bufhelp_u64_t *out = _buf;
out->a = le_bswap64(val);
-}
+} __attribute__ ((optimize("no-strict-aliasing")))
#endif /*HAVE_U64_TYPEDEF*/
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f9461b4619bb78b273a88d468915750d418e89a3ea3b641bab0563a9af4b04d0
size 2480467

Binary file not shown.

3
libgcrypt-1.7.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ddac6111077d0a1612247587be238c5294dd0ee4d76dc7ba783cc55fb0337071
size 2861294

BIN
libgcrypt-1.7.3.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,182 +0,0 @@
Index: libgcrypt-1.6.1/cipher/dsa.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/dsa.c 2014-01-24 10:45:35.000000000 +0100
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-09-17 14:16:40.827152998 +0200
@@ -67,7 +67,7 @@ static const char *dsa_names[] =
/* A sample 1024 bit DSA key used for the selftests. */
-static const char sample_secret_key[] =
+static const char sample_secret_key_1024[] =
"(private-key"
" (dsa"
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
@@ -85,7 +85,7 @@ static const char sample_secret_key[] =
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
/* A sample 1024 bit DSA key used for the selftests (public only). */
-static const char sample_public_key[] =
+static const char sample_public_key_1024[] =
"(public-key"
" (dsa"
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
@@ -102,6 +102,23 @@ static const char sample_public_key[] =
" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
+/* 2048 DSA key from RFC 6979 A.2.2 */
+static const char sample_public_key_2048[] =
+"(public-key"
+" (dsa"
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)))";
+
+static const char sample_secret_key_2048[] =
+"(private-key"
+" (dsa"
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)"
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800ec55f6cc#)))";
@@ -369,6 +386,8 @@ generate_fips186 (DSA_secret_key *sk, un
gcry_mpi_t value_x = NULL; /* The secret exponent. */
gcry_mpi_t value_h = NULL; /* Helper. */
gcry_mpi_t value_e = NULL; /* Helper. */
+ gcry_mpi_t value_c = NULL; /* helper for x */
+ gcry_mpi_t value_qm2 = NULL; /* q - 2 */
/* Preset return values. */
*r_counter = 0;
@@ -389,9 +408,7 @@ generate_fips186 (DSA_secret_key *sk, un
/* Check that QBITS and NBITS match the standard. Note that FIPS
186-3 uses N for QBITS and L for NBITS. */
- if (nbits == 1024 && qbits == 160)
- ;
- else if (nbits == 2048 && qbits == 224)
+ if (nbits == 2048 && qbits == 224)
;
else if (nbits == 2048 && qbits == 256)
;
@@ -426,19 +443,18 @@ generate_fips186 (DSA_secret_key *sk, un
/* Fixme: Enable 186-3 after it has been approved and after fixing
the generation function. */
- /* if (use_fips186_2) */
- (void)use_fips186_2;
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ if (use_fips186_2)
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- /* else */
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
- /* &prime_q, &prime_p, */
- /* r_counter, */
- /* r_seed, r_seedlen, NULL); */
+ else
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen, NULL);
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -459,17 +475,23 @@ generate_fips186 (DSA_secret_key *sk, un
while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
}
-
- /* Select a random number x with: 0 < x < q */
+ value_c = mpi_snew (qbits);
value_x = mpi_snew (qbits);
+ value_qm2 = mpi_snew (qbits);
+ mpi_sub_ui (value_qm2, prime_q, 2);
+
+ /* FIPS 186-4 B.1.2 steps 4-6 */
do
{
if( DBG_CIPHER )
progress('.');
- _gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
- mpi_clear_highbit (value_x, qbits+1);
+ _gcry_mpi_randomize (value_c, qbits, GCRY_VERY_STRONG_RANDOM);
+ mpi_clear_highbit (value_c, qbits+1);
}
- while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
+ while (mpi_cmp (value_c, value_qm2) > 0);
+
+ /* x = c + 1 */
+ mpi_add_ui(value_x, value_c, 1);
/* y = g^x mod p */
value_y = mpi_alloc_like (prime_p);
@@ -502,6 +524,8 @@ generate_fips186 (DSA_secret_key *sk, un
_gcry_mpi_release (value_x);
_gcry_mpi_release (value_h);
_gcry_mpi_release (value_e);
+ _gcry_mpi_release (value_c);
+ _gcry_mpi_release (value_qm2);
/* As a last step test this keys (this should never fail of course). */
if (!ec && test_keys (sk, qbits) )
@@ -1218,10 +1242,10 @@ selftests_dsa (selftest_report_func_t re
/* Convert the S-expressions into the internal representation. */
what = "convert";
- err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key));
+ err = sexp_sscan (&skey, NULL, sample_secret_key_2048, strlen (sample_secret_key_2048));
if (!err)
err = sexp_sscan (&pkey, NULL,
- sample_public_key, strlen (sample_public_key));
+ sample_public_key_2048, strlen (sample_public_key_2048));
if (err)
{
errtxt = _gcry_strerror (err);
Index: libgcrypt-1.6.1/cipher/primegen.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/primegen.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-09-16 16:42:53.713019269 +0200
@@ -1668,9 +1668,7 @@ _gcry_generate_fips186_3_prime (unsigned
/* Step 1: Check the requested prime lengths. */
/* Note that due to the size of our buffers QBITS is limited to 256. */
- if (pbits == 1024 && qbits == 160)
- hashalgo = GCRY_MD_SHA1;
- else if (pbits == 2048 && qbits == 224)
+ if (pbits == 2048 && qbits == 224)
hashalgo = GCRY_MD_SHA224;
else if (pbits == 2048 && qbits == 256)
hashalgo = GCRY_MD_SHA256;
Index: libgcrypt-1.6.1/Makefile.am
===================================================================
--- libgcrypt-1.6.1.orig/Makefile.am 2014-09-16 16:42:53.707019195 +0200
+++ libgcrypt-1.6.1/Makefile.am 2014-09-16 16:42:53.713019269 +0200
@@ -36,7 +36,7 @@ EXTRA_DIST = autogen.sh autogen.rc READM
DISTCLEANFILES =
-bin_PROGRAMS = fipsdrv drbg_test
+bin_PROGRAMS = fipsdrv fips186_dsa drbg_test
fipsdrv_SOURCES = tests/fipsdrv.c
fipsdrv_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
@@ -45,6 +45,9 @@ drbg_test_CPPFLAGS = -I../src -I$(top_sr
drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+fips186_dsa_SOURCES = tests/fips186-dsa.c
+fips186_dsa_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+
# Add all the files listed in "distfiles" files to the distribution,
# apply version number s to some files and create a VERSION file which
# we need for the Prereq: patch file trick.

View File

@ -1,30 +0,0 @@
Index: libgcrypt-1.6.1/cipher/ecc-curves.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/ecc-curves.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/ecc-curves.c 2014-09-18 17:48:15.645814378 +0200
@@ -114,7 +114,7 @@ static const ecc_domain_parms_t domain_p
"0x6666666666666666666666666666666666666666666666666666666666666658"
},
{
- "NIST P-192", 192, 1,
+ "NIST P-192", 192, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
Index: libgcrypt-1.6.1/cipher/pubkey-util.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/pubkey-util.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/cipher/pubkey-util.c 2014-09-18 18:27:24.928658758 +0200
@@ -593,7 +593,11 @@ _gcry_pk_util_init_encoding_ctx (struct
ctx->nbits = nbits;
ctx->encoding = PUBKEY_ENC_UNKNOWN;
ctx->flags = 0;
- ctx->hash_algo = GCRY_MD_SHA1;
+ if (fips_mode()) {
+ ctx->hash_algo = GCRY_MD_SHA256;
+ } else {
+ ctx->hash_algo = GCRY_MD_SHA1;
+ }
ctx->label = NULL;
ctx->labellen = 0;
ctx->saltlen = 20;

View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.6.1/random/random.c
Index: libgcrypt-1.7.2/random/random.c
===================================================================
--- libgcrypt-1.6.1.orig/random/random.c
+++ libgcrypt-1.6.1/random/random.c
@@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t
--- libgcrypt-1.7.2.orig/random/random.c
+++ libgcrypt-1.7.2/random/random.c
@@ -419,6 +419,9 @@ _gcry_create_nonce (void *buffer, size_t
size_t n;
int err;
@ -12,7 +12,7 @@ Index: libgcrypt-1.6.1/random/random.c
/* First check whether we shall use the FIPS nonce generator. This
is only done in FIPS mode, in all other modes, we use our own
nonce generator which is seeded by the RNG actual in use. */
@@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t
@@ -433,9 +436,6 @@ _gcry_create_nonce (void *buffer, size_t
FIPS mode (not that this means it is also used if the FIPS RNG
has been selected but we are not in fips mode). */
@ -20,5 +20,5 @@ Index: libgcrypt-1.6.1/random/random.c
- _gcry_random_initialize (1);
-
/* Acquire the nonce buffer lock. */
err = ath_mutex_lock (&nonce_buffer_lock);
err = gpgrt_lock_lock (&nonce_buffer_lock);
if (err)

View File

@ -8,16 +8,16 @@ by choosing v8-like insns for 32-bit v9 mode too.
mpi/longlong.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libgcrypt-1.6.4/mpi/longlong.h
Index: libgcrypt-1.7.2/mpi/longlong.h
===================================================================
--- libgcrypt-1.6.4.orig/mpi/longlong.h 2015-09-07 15:33:48.000000000 +0200
+++ libgcrypt-1.6.4/mpi/longlong.h 2015-09-08 10:36:28.124169828 +0200
@@ -1287,7 +1287,7 @@ typedef unsigned int UTItype __attribute
--- libgcrypt-1.7.2.orig/mpi/longlong.h
+++ libgcrypt-1.7.2/mpi/longlong.h
@@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute
"rJ" ((USItype)(al)), \
"rI" ((USItype)(bl)) \
__CLOBBER_CC)
-#if defined (__sparc_v8__) || defined(__sparcv8)
+#if defined (__sparc_v8__) || defined(__sparcv8) || defined(__sparc_v9__)
-# if defined (__sparc_v8__) || defined(__sparcv8)
+# if defined (__sparc_v8__) || defined(__sparcv8) || defined(__space_v9__)
/* Don't match immediate range because, 1) it is not often useful,
2) the 'I' flag thinks of the range as a 13 bit signed interval,
while we want to match a 13 bit interval, sign extended to 32 bits,

View File

@ -1,3 +1,147 @@
-------------------------------------------------------------------
Sat Aug 20 10:38:15 UTC 2016 - mpluskal,vcizek,astieger}@suse.com
- libgcrypt 1.7.3:
* security issue already fixes with 1.6.6
* Fix building of some asm modules with older compilers and CPUs.
* ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
- includes changes from libgcrypt 1.7.2:
* Bug fixes:
- Fix setting of the ECC cofactor if parameters are specified.
- Fix memory leak in the ECC code.
- Remove debug message about unsupported getrandom syscall.
- Fix build problems related to AVX use.
- Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
* Internal changes:
- Improved fatal error message for wrong use of gcry_md_read.
- Disallow symmetric encryption/decryption if key is not set.
- includes changes from 1.7.1:
* Bug fixes:
- Fix ecc_verify for cofactor support.
- Fix portability bug when using gcc with Solaris 9 SPARC.
- Build fix for OpenBSD/amd64
- Add OIDs to the Serpent ciphers.
* Internal changes:
- Use getrandom system call on Linux if available.
- Blinding is now also used for RSA signature creation.
- Changed names of debug envvars
- includes changes from 1.7.0:
* New algorithms and modes:
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
- ChaCha20 stream cipher.
- Poly1305 message authentication algorithm
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
mode.
- OCB mode.
- HMAC-MD2 for use by legacy applications.
* New curves for ECC:
- Curve25519.
- sec256k1.
- GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance:
- Improved performance of KDF functions.
- Assembler optimized implementations of Blowfish and Serpent on
ARM.
- Assembler optimized implementation of 3DES on x86.
- Improved AES using the SSSE3 based vector permutation method by
Mike Hamburg.
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
about 20% faster than SSSE3 and more than 100% faster than the
generic C implementation.
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
- 60-90% speedup for Whirlpool on x86.
- 300% speedup for RIPE MD-160.
- Up to 11 times speedup for CRC functions on x86.
* Other features:
- Improved ECDSA and FIPS 186-4 compliance.
- Support for Montgomery curves.
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
algorithm.
- gcry_mpi_ec_sub to subtract two points on a curve.
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
hash part.
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
random number generator.
- Map deprecated RSA algo number to the RSA algo number for better
backward compatibility. [from 1.6.2]
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
[from 1.6.3]
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]. [from 1.6.3]
- Flag "no-keytest" for ECC key generation. Due to a bug in
the parser that flag will also be accepted but ignored by older
version of Libgcrypt. [from 1.6.4]
- Speed up the random number generator by requiring less extra
seeding. [from 1.6.4]
- Always verify a created RSA signature to avoid private key leaks
due to hardware failures. [from 1.6.4]
- Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details. [from 1.6.5]
* Internal changes:
- Moved locking out to libgpg-error.
- Support of the SYSROOT envvar in the build system.
- Refactor some code.
- The availability of a 64 bit integer type is now mandatory.
* Bug fixes:
- Fixed message digest lookup by OID (regression in 1.6.0).
- Fixed a build problem on NetBSD
- Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release:
gcry_cipher_final NEW macro.
GCRY_CIPHER_MODE_CFB8 NEW constant.
GCRY_CIPHER_MODE_OCB NEW.
GCRY_CIPHER_MODE_POLY1305 NEW.
gcry_cipher_set_sbox NEW macro.
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MAC_HMAC_SHA3_224 NEW.
GCRY_MAC_HMAC_SHA3_256 NEW.
GCRY_MAC_HMAC_SHA3_384 NEW.
GCRY_MAC_HMAC_SHA3_512 NEW.
GCRY_MAC_POLY1305 NEW.
GCRY_MAC_POLY1305_AES NEW.
GCRY_MAC_POLY1305_CAMELLIA NEW.
GCRY_MAC_POLY1305_SEED NEW.
GCRY_MAC_POLY1305_SERPENT NEW.
GCRY_MAC_POLY1305_TWOFISH NEW.
gcry_md_extract NEW.
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
GCRY_MD_GOSTR3411_CP NEW.
GCRY_MD_SHA3_224 NEW.
GCRY_MD_SHA3_256 NEW.
GCRY_MD_SHA3_384 NEW.
GCRY_MD_SHA3_512 NEW.
GCRY_MD_SHAKE128 NEW.
GCRY_MD_SHAKE256 NEW.
gcry_mpi_ec_decode_point NEW.
gcry_mpi_ec_sub NEW.
GCRY_PK_EDDSA NEW constant.
GCRYCTL_GET_TAGLEN NEW.
GCRYCTL_SET_SBOX NEW.
GCRYCTL_SET_TAGLEN NEW.
- Apply libgcrypt-1.6.3-aliasing.patch only on big-endian
architectures
- update drbg_test.patch and install cavs testing directory again
- As DRBG is upstream, drop pateches:
v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
v9-0007-User-interface-to-DRBG.patch
libgcrypt-fix-rng.patch
- drop obsolete:
libgcrypt-fips-dsa.patch
libgcrypt-fips_ecdsa.patch
-------------------------------------------------------------------
Wed Aug 17 18:21:44 UTC 2016 - astieger@suse.com

View File

@ -19,10 +19,10 @@
%define build_hmac256 1
%define separate_hmac256_binary 0
%define libsoname %{name}20
%define sosuffix 20.0.6
%define sosuffix 20.1.3
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
Version: 1.6.6
Version: 1.7.3
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@ -50,28 +50,16 @@ Patch12: libgcrypt-1.6.1-use-fipscheck.patch
Patch13: libgcrypt-1.6.1-fips-cavs.patch
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
# add support for SP800-90A DRBG (fate#316929, bnc#856312)
Patch21: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
Patch22: 0002-Compile-DRBG.patch
Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch
Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
Patch27: v9-0007-User-interface-to-DRBG.patch
Patch28: libgcrypt-fix-rng.patch
Patch29: libgcrypt-init-at-elf-load-fips.patch
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
Patch30: drbg_test.patch
#PATCH-FIX-SUSE bnc#894216 make DSA compliant with FIPS 186-4
Patch31: libgcrypt-fips-dsa.patch
#PATCH-FIX-SUSE run FIPS self-test from constructor
Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
#PATCH-FIX-SUSE bnc#896202 make ECDSA compliant with FIPS 186-4
Patch33: libgcrypt-fips_ecdsa.patch
Patch34: libgcrypt-1.6.3-aliasing.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.11
BuildRequires: libgpg-error-devel >= 1.13
BuildRequires: libtool
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -107,7 +95,7 @@ License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Requires: libgpg-error-devel >= 1.8
Requires: libgpg-error-devel >= 1.13
Requires(post): %{install_info_prereq}
%description devel
@ -155,20 +143,15 @@ understanding of applied cryptography is required to use Libgcrypt.
%patch5 -p1
%patch7 -p1
%patch12 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
# This patch breaks x86_64 builds but is needed for big-endian
# architectures
%ifarch ppc ppc64 s390 s390x
%patch34 -p1
%endif
%patch13 -p1
%patch14 -p1
@ -176,7 +159,7 @@ understanding of applied cryptography is required to use Libgcrypt.
echo building with build_hmac256 set to %{build_hmac256}
%{?suse_update_config}
autoreconf -fi
date=$(date -u +%Y-%m-%dT%H:%M+0000 -r %{SOURCE99})
date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
%configure --with-pic \
@ -212,7 +195,7 @@ fipshmac src/.libs/libgcrypt.so.??
# make check
%install
make DESTDIR=%{buildroot} install %{?_smp_mflags}
make %{?_smp_mflags} DESTDIR=%{buildroot} install
rm %{buildroot}%{_libdir}/%{name}.la
# cavs
@ -220,14 +203,11 @@ install -m 0755 -d %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/fips186_dsa %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%post devel
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
@ -248,7 +228,7 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
%files devel
%defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
%{_infodir}/gcrypt.info.gz
%{_infodir}/gcrypt.info%{ext_info}
%{_bindir}/dumpsexp
%{_bindir}/mpicalc
%{_bindir}/%{name}-config

File diff suppressed because it is too large Load Diff

View File

@ -1,309 +0,0 @@
From 581c850aa7ac63086a489480efa4cc0bf8cfd510 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Thu, 21 Aug 2014 21:26:27 +0200
Subject: [PATCH v9 7/7] User interface to DRBG
DRBG Usage
==========
The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.
Usage without any additional data
---------------------------------
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Usage with personalization string during initialization
-------------------------------------------------------
struct drbg_string pers;
drbg_string_fill(&pers, "string", strlen("string"));
// The reset completely re-initializes the DRBG with the provided
// personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Usage with additional information string during random number request
---------------------------------------------------------------------
struct drbg_string addtl;
drbg_string_fill(&addtl, "string", strlen("string"));
// The following call is a wrapper to gcry_randomize() and returns
// the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);
Usage with personalization and additional information strings
-------------------------------------------------------------
Just mix both scenarios above.
Switch the DRBG type to some other type
---------------------------------------
// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_NOPR_CTRAES128, NULL, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
src/gcrypt.h.in | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 144 insertions(+), 13 deletions(-)
Index: libgcrypt-1.6.1/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.6.1.orig/src/gcrypt.h.in 2014-01-29 10:49:05.000000000 +0100
+++ libgcrypt-1.6.1/src/gcrypt.h.in 2014-09-02 13:45:42.439648231 +0200
@@ -193,7 +193,7 @@ gcry_error_t gcry_err_make_from_errno (g
/* Return an error value with the system error ERR. */
gcry_err_code_t gcry_error_from_errno (int err);
-
+
/* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore
used. However we keep it to allow for some source code
compatibility if used in the standard way. */
@@ -228,7 +228,7 @@ struct gcry_thread_cbs
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))}
-
+
/* A generic context object as used by some functions. */
struct gcry_context;
typedef struct gcry_context *gcry_ctx_t;
@@ -254,7 +254,7 @@ typedef struct
} gcry_buffer_t;
-
+
/* Check that the library fulfills the version requirement. */
const char *gcry_check_version (const char *req_version);
@@ -329,7 +329,8 @@ enum gcry_ctl_cmds
GCRYCTL_SET_CCM_LENGTHS = 69,
GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
- GCRYCTL_REACTIVATE_FIPS_FLAG = 72
+ GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+ GCRYCTL_DRBG_REINIT = 74,
};
/* Perform various operations defined by CMD. */
@@ -477,7 +478,7 @@ gpg_error_t gcry_sexp_extract_param (gcr
const char *list,
...) _GCRY_GCC_ATTR_SENTINEL(0);
-
+
/*******************************************
* *
* Multi Precision Integer Functions *
@@ -833,7 +834,7 @@ gcry_mpi_t _gcry_mpi_get_const (int no);
#endif /* GCRYPT_NO_MPI_MACROS */
-
+
/************************************
* *
* Symmetric Cipher Functions *
@@ -1015,7 +1016,7 @@ size_t gcry_cipher_get_algo_blklen (int
#define gcry_cipher_test_algo(a) \
gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
-
+
/************************************
* *
* Asymmetric Cipher Functions *
@@ -1114,7 +1115,7 @@ gcry_sexp_t gcry_pk_get_param (int algo,
gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
int mode, gcry_ctx_t ctx);
-
+
/************************************
* *
@@ -1291,7 +1292,7 @@ void gcry_md_debug (gcry_md_hd_t hd, con
#define gcry_md_get_asnoid(a,b,n) \
gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
-
+
/**********************************************
* *
@@ -1407,7 +1408,7 @@ int gcry_mac_map_name (const char *name)
#define gcry_mac_test_algo(a) \
gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
-
+
/******************************
* *
* Key Derivation Functions *
@@ -1435,7 +1436,7 @@ gpg_error_t gcry_kdf_derive (const void
-
+
/************************************
* *
* Random Generating Functions *
@@ -1504,7 +1505,7 @@ void gcry_create_nonce (void *buffer, si
-
+
/*******************************/
/* */
/* Prime Number Functions */
@@ -1563,7 +1564,7 @@ void gcry_prime_release_factors (gcry_mp
gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
-
+
/************************************
* *
* Miscellaneous Stuff *
@@ -1668,6 +1669,136 @@ int gcry_is_secure (const void *a) _GCRY
/* Return true if Libgcrypt is in FIPS mode. */
#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
+/* DRBG test data */
+struct drbg_test_data {
+ struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */
+ int fail_seed_source:1; /* if set, the seed function will return an
+ * error */
+};
+
+/* DRBG input data structure for DRBG generate with additional information
+ * string */
+struct drbg_gen {
+ unsigned char *outbuf; /* output buffer for random numbers */
+ unsigned int outlen; /* size of output buffer */
+ struct drbg_string *addtl; /* input buffer for
+ * additional information string */
+ struct drbg_test_data *test_data; /* test data */
+};
+
+/*
+ * Concatenation Helper and string operation helper
+ *
+ * SP800-90A requires the concatenation of different data. To avoid copying
+ * buffers around or allocate additional memory, the following data structure
+ * is used to point to the original memory with its size. In addition, it
+ * is used to build a linked list. The linked list defines the concatenation
+ * of individual buffers. The order of memory block referenced in that
+ * linked list determines the order of concatenation.
+ */
+/* DRBG string definition */
+struct drbg_string {
+ const unsigned char *buf;
+ size_t len;
+ struct drbg_string *next;
+};
+
+static inline void drbg_string_fill(struct drbg_string *string,
+ const unsigned char *buf, size_t len)
+{
+ string->buf = buf;
+ string->len = len;
+ string->next = NULL;
+}
+
+/* this is a wrapper function for users of libgcrypt */
+static inline void gcry_randomize_drbg(void *outbuf, size_t outlen,
+ enum gcry_random_level level,
+ struct drbg_string *addtl)
+{
+ struct drbg_gen genbuf;
+ genbuf.outbuf = (unsigned char *)outbuf;
+ genbuf.outlen = outlen;
+ genbuf.addtl = addtl;
+ genbuf.test_data = NULL;
+ gcry_randomize(&genbuf, 0, level);
+}
+
+/* this is a wrapper function for users of libgcrypt */
+static inline void gcry_randomize_drbg_test(void *outbuf, size_t outlen,
+ enum gcry_random_level level,
+ struct drbg_string *addtl,
+ struct drbg_test_data *test_data)
+{
+ struct drbg_gen genbuf;
+ genbuf.outbuf = (unsigned char *)outbuf;
+ genbuf.outlen = outlen;
+ genbuf.addtl = addtl;
+ genbuf.test_data = test_data;
+ gcry_randomize(&genbuf, 0, level);
+}
+
+
+/*
+ * DRBG flags bitmasks
+ *
+ * 31 (B) 28 19 (A) 0
+ * +-+-+-+--------+---+-----------+-----+
+ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
+ * +-+-+-+--------+- -+-----------+-----+
+ * ctl flg| |drbg use selection flags
+ *
+ */
+
+/* internal state control flags (B) */
+#define DRBG_PREDICTION_RESIST ((u_int32_t)1<<28)
+
+/* CTR type modifiers (A.1)*/
+#define DRBG_CTRAES ((u_int32_t)1<<0)
+#define DRBG_CTRSERPENT ((u_int32_t)1<<1)
+#define DRBG_CTRTWOFISH ((u_int32_t)1<<2)
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT | DRBG_CTRTWOFISH)
+
+/* HASH type modifiers (A.2)*/
+#define DRBG_HASHSHA1 ((u_int32_t)1<<4)
+#define DRBG_HASHSHA224 ((u_int32_t)1<<5)
+#define DRBG_HASHSHA256 ((u_int32_t)1<<6)
+#define DRBG_HASHSHA384 ((u_int32_t)1<<7)
+#define DRBG_HASHSHA512 ((u_int32_t)1<<8)
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 | \
+ DRBG_HASHSHA256 | DRBG_HASHSHA384 | \
+ DRBG_HASHSHA512)
+/* type modifiers (A.3)*/
+#define DRBG_HMAC ((u_int32_t)1<<12)
+#define DRBG_SYM128 ((u_int32_t)1<<13)
+#define DRBG_SYM192 ((u_int32_t)1<<14)
+#define DRBG_SYM256 ((u_int32_t)1<<15)
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 | \
+ DRBG_SYM256)
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK | DRBG_TYPE_MASK)
+
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 | DRBG_HMAC)
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256|DRBG_HMAC)
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384|DRBG_HMAC)
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512|DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
#if 0 /* (Keep Emacsens' auto-indent happy.) */
{