3
0
forked from pool/libgcrypt

Accepting request 1183830 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1183830
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=103
This commit is contained in:
Dominique Leuenberger 2024-07-24 13:29:19 +00:00 committed by Git OBS Bridge
commit eb967db9b2
15 changed files with 405 additions and 2788 deletions

BIN
libgcrypt-1.10.3.tar.bz2 (Stored with Git LFS)

Binary file not shown.

Binary file not shown.

3
libgcrypt-1.11.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:09120c9867ce7f2081d6aaa1775386b98c2f2f246135761aae47d81f58685b9c
size 4180345

Binary file not shown.

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,8 @@
Index: libgcrypt-1.10.2/doc/gcrypt.texi
Index: libgcrypt-1.11.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.2/doc/gcrypt.texi
@@ -985,13 +985,21 @@ certification. If the function is approv
--- libgcrypt-1.11.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.11.0/doc/gcrypt.texi
@@ -998,13 +998,21 @@ certification. If the function is approv
@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
@ -28,11 +28,11 @@ Index: libgcrypt-1.10.2/doc/gcrypt.texi
@item GCRYCTL_FIPS_SERVICE_INDICATOR_MD; Arguments: enum gcry_md_algos
Check if the given message digest algorithm is approved under the current
Index: libgcrypt-1.10.2/src/fips.c
Index: libgcrypt-1.11.0/src/fips.c
===================================================================
--- libgcrypt-1.10.2.orig/src/fips.c
+++ libgcrypt-1.10.2/src/fips.c
@@ -377,31 +378,6 @@ _gcry_fips_indicator_cipher (va_list arg
--- libgcrypt-1.11.0.orig/src/fips.c
+++ libgcrypt-1.11.0/src/fips.c
@@ -378,31 +378,6 @@ _gcry_fips_indicator_cipher (va_list arg
}
}
@ -64,7 +64,7 @@ Index: libgcrypt-1.10.2/src/fips.c
/* FIPS approved curves, extracted from:
* cipher/ecc-curves.c:curve_aliases[] and domain_parms[]. */
static const struct
@@ -598,6 +574,62 @@ _gcry_fips_indicator_pk_flags (va_list a
@@ -602,6 +577,62 @@ _gcry_fips_indicator_pk_flags (va_list a
return GPG_ERR_NOT_SUPPORTED;
}
@ -127,11 +127,11 @@ Index: libgcrypt-1.10.2/src/fips.c
/* This is a test on whether the library is in the error or
operational state. */
Index: libgcrypt-1.10.2/src/g10lib.h
Index: libgcrypt-1.11.0/src/g10lib.h
===================================================================
--- libgcrypt-1.10.2.orig/src/g10lib.h
+++ libgcrypt-1.10.2/src/g10lib.h
@@ -456,6 +456,7 @@ void _gcry_fips_signal_error (const char
--- libgcrypt-1.11.0.orig/src/g10lib.h
+++ libgcrypt-1.11.0/src/g10lib.h
@@ -469,6 +469,7 @@ void _gcry_fips_signal_error (const char
#endif
int _gcry_fips_indicator_cipher (va_list arg_ptr);
@ -139,25 +139,25 @@ Index: libgcrypt-1.10.2/src/g10lib.h
int _gcry_fips_indicator_mac (va_list arg_ptr);
int _gcry_fips_indicator_md (va_list arg_ptr);
int _gcry_fips_indicator_kdf (va_list arg_ptr);
Index: libgcrypt-1.10.2/src/gcrypt.h.in
Index: libgcrypt-1.11.0/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.10.2.orig/src/gcrypt.h.in
+++ libgcrypt-1.10.2/src/gcrypt.h.in
@@ -335,7 +335,8 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
--- libgcrypt-1.11.0.orig/src/gcrypt.h.in
+++ libgcrypt-1.11.0/src/gcrypt.h.in
@@ -336,7 +336,8 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 88
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 88,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_HASH = 89
GCRYCTL_MD_CUSTOMIZE = 88,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 89
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 89,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_HASH = 90
};
/* Perform various operations defined by CMD. */
Index: libgcrypt-1.10.2/src/global.c
Index: libgcrypt-1.11.0/src/global.c
===================================================================
--- libgcrypt-1.10.2.orig/src/global.c
+++ libgcrypt-1.10.2/src/global.c
@@ -791,6 +791,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
--- libgcrypt-1.11.0.orig/src/global.c
+++ libgcrypt-1.11.0/src/global.c
@@ -794,6 +794,12 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_indicator_cipher (arg_ptr);
break;

View File

@ -1,7 +1,7 @@
Index: libgcrypt-1.10.2/src/fips.c
Index: libgcrypt-1.11.0/src/fips.c
===================================================================
--- libgcrypt-1.10.2.orig/src/fips.c
+++ libgcrypt-1.10.2/src/fips.c
--- libgcrypt-1.11.0.orig/src/fips.c
+++ libgcrypt-1.11.0/src/fips.c
@@ -38,6 +38,7 @@
#include "g10lib.h"
@ -10,7 +10,7 @@ Index: libgcrypt-1.10.2/src/fips.c
#include "../random/random.h"
/* The states of the finite state machine used in fips mode. */
@@ -399,6 +400,94 @@ _gcry_fips_indicator_mac (va_list arg_pt
@@ -400,6 +401,94 @@ _gcry_fips_indicator_mac (va_list arg_pt
default:
return GPG_ERR_NOT_SUPPORTED;
}
@ -105,25 +105,25 @@ Index: libgcrypt-1.10.2/src/fips.c
}
int
Index: libgcrypt-1.10.2/src/gcrypt.h.in
Index: libgcrypt-1.11.0/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.10.2.orig/src/gcrypt.h.in
+++ libgcrypt-1.10.2/src/gcrypt.h.in
@@ -334,7 +334,8 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
--- libgcrypt-1.11.0.orig/src/gcrypt.h.in
+++ libgcrypt-1.11.0/src/gcrypt.h.in
@@ -335,7 +335,8 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 88
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
- GCRYCTL_MD_CUSTOMIZE = 88
+ GCRYCTL_MD_CUSTOMIZE = 88,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK = 89
};
/* Perform various operations defined by CMD. */
Index: libgcrypt-1.10.2/doc/gcrypt.texi
Index: libgcrypt-1.11.0/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.10.2.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.2/doc/gcrypt.texi
@@ -997,6 +997,19 @@ Check if the given message digest algori
--- libgcrypt-1.11.0.orig/doc/gcrypt.texi
+++ libgcrypt-1.11.0/doc/gcrypt.texi
@@ -1010,6 +1010,19 @@ Check if the given message digest algori
FIPS 140-3 certification. If the algorithm is approved, this function returns
@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
@ -143,11 +143,11 @@ Index: libgcrypt-1.10.2/doc/gcrypt.texi
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
Check if the given public key operation flag or s-expression object name is
Index: libgcrypt-1.10.2/src/g10lib.h
Index: libgcrypt-1.11.0/src/g10lib.h
===================================================================
--- libgcrypt-1.10.2.orig/src/g10lib.h
+++ libgcrypt-1.10.2/src/g10lib.h
@@ -460,6 +460,7 @@ int _gcry_fips_indicator_mac (va_list ar
--- libgcrypt-1.11.0.orig/src/g10lib.h
+++ libgcrypt-1.11.0/src/g10lib.h
@@ -473,6 +473,7 @@ int _gcry_fips_indicator_mac (va_list ar
int _gcry_fips_indicator_md (va_list arg_ptr);
int _gcry_fips_indicator_kdf (va_list arg_ptr);
int _gcry_fips_indicator_function (va_list arg_ptr);
@ -155,11 +155,11 @@ Index: libgcrypt-1.10.2/src/g10lib.h
int _gcry_fips_indicator_pk_flags (va_list arg_ptr);
int _gcry_fips_is_operational (void);
Index: libgcrypt-1.10.2/src/global.c
Index: libgcrypt-1.11.0/src/global.c
===================================================================
--- libgcrypt-1.10.2.orig/src/global.c
+++ libgcrypt-1.10.2/src/global.c
@@ -825,6 +834,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
--- libgcrypt-1.11.0.orig/src/global.c
+++ libgcrypt-1.11.0/src/global.c
@@ -828,6 +828,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_indicator_pk_flags (arg_ptr);
break;

View File

@ -0,0 +1,16 @@
Index: libgcrypt-1.10.3/random/rndjent.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndjent.c
+++ libgcrypt-1.10.3/random/rndjent.c
@@ -319,7 +319,10 @@ _gcry_rndjent_poll (void (*add)(const vo
jent_rng_totalcalls++;
rc = jent_read_entropy_safe (&jent_rng_collector, buffer, n);
if (rc < 0)
- break;
+ {
+ fips_signal_error ("jitter entropy failed");
+ break;
+ }
/* We need to hash the output to conform to the BSI
* NTG.1 specs. */
_gcry_md_hash_buffer (GCRY_MD_SHA256, buffer, buffer, rc);

View File

@ -0,0 +1,183 @@
Index: libgcrypt-1.10.3/random/Makefile.am
===================================================================
--- libgcrypt-1.10.3.orig/random/Makefile.am
+++ libgcrypt-1.10.3/random/Makefile.am
@@ -21,7 +21,7 @@
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
-AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) -ljitterentropy
noinst_LTLIBRARIES = librandom.la
@@ -45,14 +45,7 @@ rndoldlinux.c \
rndegd.c \
rndunix.c \
rndw32.c \
-rndw32ce.c \
-jitterentropy-gcd.c jitterentropy-gcd.h \
-jitterentropy-health.c jitterentropy-health.h \
-jitterentropy-noise.c jitterentropy-noise.h \
-jitterentropy-sha3.c jitterentropy-sha3.h \
-jitterentropy-timer.c jitterentropy-timer.h \
-jitterentropy-base.h \
-jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+rndw32ce.c
# The rndjent module needs to be compiled without optimization. */
if ENABLE_O_FLAG_MUNGING
@@ -61,20 +54,8 @@ else
o_flag_munging = cat
endif
-rndjent.o: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.o: $(srcdir)/rndjent.c
`echo $(COMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
-rndjent.lo: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.lo: $(srcdir)/rndjent.c
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
Index: libgcrypt-1.10.3/random/rndjent.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndjent.c
+++ libgcrypt-1.10.3/random/rndjent.c
@@ -94,17 +94,12 @@
* jitterentropy-user-base.h file. */
/* Tell jitterentropy* that all functions shall be static. */
-#define JENT_PRIVATE_COMPILE 1
+#undef JENT_PRIVATE_COMPILE
-#include "jitterentropy-base.c"
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
#include <pthread.h>
#endif /* JENT_CONF_ENABLE_INTERNAL_TIMER */
-#include "jitterentropy-gcd.c"
-#include "jitterentropy-health.c"
-#include "jitterentropy-noise.c"
-#include "jitterentropy-sha3.c"
-#include "jitterentropy-timer.c"
+#include <jitterentropy.h>
/* This is the lock we use to serialize access to this RNG. The extra
* integer variable is only used to check the locking state; that is,
Index: libgcrypt-1.10.3/random/Makefile.in
===================================================================
--- libgcrypt-1.10.3.orig/random/Makefile.in
+++ libgcrypt-1.10.3/random/Makefile.in
@@ -147,12 +147,7 @@ am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/jitterentropy-base.Plo \
- ./$(DEPDIR)/jitterentropy-gcd.Plo \
- ./$(DEPDIR)/jitterentropy-health.Plo \
- ./$(DEPDIR)/jitterentropy-noise.Plo \
- ./$(DEPDIR)/jitterentropy-sha3.Plo \
- ./$(DEPDIR)/jitterentropy-timer.Plo \
+am__depfiles_remade = \
./$(DEPDIR)/random-csprng.Plo ./$(DEPDIR)/random-drbg.Plo \
./$(DEPDIR)/random-system.Plo ./$(DEPDIR)/random.Plo \
./$(DEPDIR)/rndegd.Plo ./$(DEPDIR)/rndgetentropy.Plo \
@@ -378,7 +373,7 @@ top_srcdir = @top_srcdir@
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
-AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) -ljitterentropy
noinst_LTLIBRARIES = librandom.la
GCRYPT_MODULES = @GCRYPT_RANDOM@
librandom_la_DEPENDENCIES = $(GCRYPT_MODULES)
@@ -398,14 +393,7 @@ rndoldlinux.c \
rndegd.c \
rndunix.c \
rndw32.c \
-rndw32ce.c \
-jitterentropy-gcd.c jitterentropy-gcd.h \
-jitterentropy-health.c jitterentropy-health.h \
-jitterentropy-noise.c jitterentropy-noise.h \
-jitterentropy-sha3.c jitterentropy-sha3.h \
-jitterentropy-timer.c jitterentropy-timer.h \
-jitterentropy-base.h \
-jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+rndw32ce.c
@ENABLE_O_FLAG_MUNGING_FALSE@o_flag_munging = cat
@@ -465,12 +453,6 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-base.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-gcd.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-health.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-noise.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-sha3.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitterentropy-timer.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-csprng.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-drbg.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-system.Plo@am__quote@ # am--include-marker
@@ -641,12 +623,6 @@ clean-am: clean-generic clean-libtool cl
mostlyclean-am
distclean: distclean-am
- -rm -f ./$(DEPDIR)/jitterentropy-base.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-gcd.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-health.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-noise.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-sha3.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-timer.Plo
-rm -f ./$(DEPDIR)/random-csprng.Plo
-rm -f ./$(DEPDIR)/random-drbg.Plo
-rm -f ./$(DEPDIR)/random-system.Plo
@@ -704,12 +680,6 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/jitterentropy-base.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-gcd.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-health.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-noise.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-sha3.Plo
- -rm -f ./$(DEPDIR)/jitterentropy-timer.Plo
-rm -f ./$(DEPDIR)/random-csprng.Plo
-rm -f ./$(DEPDIR)/random-drbg.Plo
-rm -f ./$(DEPDIR)/random-system.Plo
@@ -759,22 +729,10 @@ uninstall-am:
.PRECIOUS: Makefile
-rndjent.o: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.o: $(srcdir)/rndjent.c
`echo $(COMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
-rndjent.lo: $(srcdir)/rndjent.c jitterentropy-base-user.h \
- $(srcdir)/jitterentropy-gcd.c $(srcdir)/jitterentropy-gcd.h \
- $(srcdir)/jitterentropy-health.c $(srcdir)/jitterentropy-health.h \
- $(srcdir)/jitterentropy-noise.c $(srcdir)/jitterentropy-noise.h \
- $(srcdir)/jitterentropy-sha3.c $(srcdir)/jitterentropy-sha3.h \
- $(srcdir)/jitterentropy-timer.c $(srcdir)/jitterentropy-timer.h \
- $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h
+rndjent.lo: $(srcdir)/rndjent.c
`echo $(LTCOMPILE) -c $(srcdir)/rndjent.c | $(o_flag_munging) `
# Tell versions [3.59,3.63) of GNU make to not export all variables.

View File

@ -0,0 +1,41 @@
Index: libgcrypt-1.10.3/random/rndgetentropy.c
===================================================================
--- libgcrypt-1.10.3.orig/random/rndgetentropy.c
+++ libgcrypt-1.10.3/random/rndgetentropy.c
@@ -53,16 +53,30 @@ _gcry_rndgetentropy_gather_random (void
/* When using a blocking random generator try to get some entropy
* from the jitter based RNG. In this case we take up to 50% of the
- * remaining requested bytes. */
+ * remaining requested bytes. In FIPS mode, we get all the entropy
+ * from the jitter RNG. */
if (level >= GCRY_VERY_STRONG_RANDOM)
{
size_t n;
- n = _gcry_rndjent_poll (add, origin, length/2);
- if (n > length/2)
- n = length/2;
- if (length > 1)
- length -= n;
+ /* In FIPS mode, use the whole length of the entropy buffer from
+ * Jitter RNG */
+ if (fips_mode ())
+ {
+ n = _gcry_rndjent_poll (add, origin, length);
+ if (n != length)
+ fips_signal_error ("jitter entropy failed");
+ else
+ length = 0;
+ }
+ else
+ {
+ n = _gcry_rndjent_poll (add, origin, length/2);
+ if (n > length/2)
+ n = length/2;
+ if (length > 1)
+ length -= n;
+ }
}
/* Enter the loop. */

View File

@ -1,618 +0,0 @@
Index: libgcrypt-1.10.0/random/jitterentropy-base.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base.c
+++ libgcrypt-1.10.0/random/jitterentropy-base.c
@@ -42,7 +42,7 @@
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
* change without a bump of the major version) */
-#define MINVERSION 3 /* API compatible, ABI may change, functional
+#define MINVERSION 4 /* API compatible, ABI may change, functional
* enhancements only, consumer can be left unchanged if
* enhancements are not considered */
#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
@@ -200,29 +200,38 @@ ssize_t jent_read_entropy(struct rand_da
tocopy = (DATA_SIZE_BITS / 8);
else
tocopy = len;
- memcpy(p, &ec->data, tocopy);
+
+ jent_read_random_block(ec, p, tocopy);
len -= tocopy;
p += tocopy;
}
/*
- * To be on the safe side, we generate one more round of entropy
- * which we do not give out to the caller. That round shall ensure
- * that in case the calling application crashes, memory dumps, pages
- * out, or due to the CPU Jitter RNG lingering in memory for long
- * time without being moved and an attacker cracks the application,
- * all he reads in the entropy pool is a value that is NEVER EVER
- * being used for anything. Thus, he does NOT see the previous value
- * that was returned to the caller for cryptographic purposes.
+ * Enhanced backtracking support: At this point, the hash state
+ * contains the digest of the previous Jitter RNG collection round
+ * which is inserted there by jent_read_random_block with the SHA
+ * update operation. At the current code location we completed
+ * one request for a caller and we do not know how long it will
+ * take until a new request is sent to us. To guarantee enhanced
+ * backtracking resistance at this point (i.e. ensure that an attacker
+ * cannot obtain information about prior random numbers we generated),
+ * but still stirring the hash state with old data the Jitter RNG
+ * obtains a new message digest from its state and re-inserts it.
+ * After this operation, the Jitter RNG state is still stirred with
+ * the old data, but an attacker who gets access to the memory after
+ * this point cannot deduce the random numbers produced by the
+ * Jitter RNG prior to this point.
*/
/*
- * If we use secured memory, do not use that precaution as the secure
- * memory protects the entropy pool. Moreover, note that using this
- * call reduces the speed of the RNG by up to half
+ * If we use secured memory, where backtracking support may not be
+ * needed because the state is protected in a different method,
+ * it is permissible to drop this support. But strongly weigh the
+ * pros and cons considering that the SHA3 operation is not that
+ * expensive.
*/
#ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
- jent_random_data(ec);
+ jent_read_random_block(ec, NULL, 0);
#endif
err:
@@ -379,6 +388,7 @@ static struct rand_data
*jent_entropy_collector_alloc_internal(unsigned int osr, unsigned int flags)
{
struct rand_data *entropy_collector;
+ uint32_t memsize = 0;
/*
* Requesting disabling and forcing of internal timer
@@ -405,7 +415,7 @@ static struct rand_data
return NULL;
if (!(flags & JENT_DISABLE_MEMORY_ACCESS)) {
- uint32_t memsize = jent_memsize(flags);
+ memsize = jent_memsize(flags);
entropy_collector->mem = _gcry_calloc (1, memsize);
@@ -431,13 +441,19 @@ static struct rand_data
entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
}
+ if (sha3_alloc(&entropy_collector->hash_state))
+ goto err;
+
+ /* Initialize the hash state */
+ sha3_256_init(entropy_collector->hash_state);
+
/* verify and set the oversampling rate */
if (osr < JENT_MIN_OSR)
osr = JENT_MIN_OSR;
entropy_collector->osr = osr;
entropy_collector->flags = flags;
- if (jent_fips_enabled() || (flags & JENT_FORCE_FIPS))
+ if ((flags & JENT_FORCE_FIPS) || jent_fips_enabled())
entropy_collector->fips_enabled = 1;
/* Initialize the APT */
@@ -469,7 +485,7 @@ static struct rand_data
err:
if (entropy_collector->mem != NULL)
- jent_zfree(entropy_collector->mem, JENT_MEMORY_SIZE);
+ jent_zfree(entropy_collector->mem, memsize);
jent_zfree(entropy_collector, sizeof(struct rand_data));
return NULL;
}
@@ -511,6 +527,7 @@ JENT_PRIVATE_STATIC
void jent_entropy_collector_free(struct rand_data *entropy_collector)
{
if (entropy_collector != NULL) {
+ sha3_dealloc(entropy_collector->hash_state);
jent_notime_disable(entropy_collector);
if (entropy_collector->mem != NULL) {
jent_zfree(entropy_collector->mem,
@@ -664,6 +681,7 @@ static inline int jent_entropy_init_comm
int ret;
jent_notime_block_switch();
+ jent_health_cb_block_switch();
if (sha3_tester())
return EHASH;
@@ -710,6 +728,8 @@ int jent_entropy_init_ex(unsigned int os
if (ret)
return ret;
+ ret = ENOTIME;
+
/* Test without internal timer unless caller does not want it */
if (!(flags & JENT_FORCE_INTERNAL_TIMER))
ret = jent_time_entropy_init(osr,
@@ -732,3 +752,9 @@ int jent_entropy_switch_notime_impl(stru
return jent_notime_switch(new_thread);
}
#endif
+
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb)
+{
+ return jent_set_fips_failure_callback_internal(cb);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-gcd.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-gcd.c
+++ libgcrypt-1.10.0/random/jitterentropy-gcd.c
@@ -113,12 +113,8 @@ int jent_gcd_analyze(uint64_t *delta_his
goto out;
}
- /*
- * Ensure that we have variations in the time stamp below 100 for at
- * least 10% of all checks -- on some platforms, the counter increments
- * in multiples of 100, but not always
- */
- if (running_gcd >= 100) {
+ /* Set a sensible maximum value. */
+ if (running_gcd >= UINT32_MAX / 2) {
ret = ECOARSETIME;
goto out;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.c
+++ libgcrypt-1.10.0/random/jitterentropy-health.c
@@ -19,9 +19,24 @@
* DAMAGE.
*/
-#include "jitterentropy.h"
#include "jitterentropy-health.h"
+static jent_fips_failure_cb fips_cb = NULL;
+static int jent_health_cb_switch_blocked = 0;
+
+void jent_health_cb_block_switch(void)
+{
+ jent_health_cb_switch_blocked = 1;
+}
+
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb)
+{
+ if (jent_health_cb_switch_blocked)
+ return -EAGAIN;
+ fips_cb = cb;
+ return 0;
+}
+
/***************************************************************************
* Lag Predictor Test
*
@@ -434,5 +449,9 @@ unsigned int jent_health_failure(struct
if (!ec->fips_enabled)
return 0;
+ if (fips_cb && ec->health_failure) {
+ fips_cb(ec, ec->health_failure);
+ }
+
return ec->health_failure;
}
Index: libgcrypt-1.10.0/random/jitterentropy-health.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-health.h
+++ libgcrypt-1.10.0/random/jitterentropy-health.h
@@ -20,11 +20,16 @@
#ifndef JITTERENTROPY_HEALTH_H
#define JITTERENTROPY_HEALTH_H
+#include "jitterentropy.h"
+
#ifdef __cplusplus
extern "C"
{
#endif
+void jent_health_cb_block_switch(void);
+int jent_set_fips_failure_callback_internal(jent_fips_failure_cb cb);
+
static inline uint64_t jent_delta(uint64_t prev, uint64_t next)
{
return (next - prev);
Index: libgcrypt-1.10.0/random/jitterentropy-noise.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.c
+++ libgcrypt-1.10.0/random/jitterentropy-noise.c
@@ -33,7 +33,7 @@
* Update of the loop count used for the next round of
* an entropy collection.
*
- * @ec [in] entropy collector struct -- may be NULL
+ * @ec [in] entropy collector struct
* @bits [in] is the number of low bits of the timer to consider
* @min [in] is the number of bits we shift the timer value to the right at
* the end to make sure we have a guaranteed minimum value
@@ -61,16 +61,13 @@ static uint64_t jent_loop_shuffle(struct
* Mix the current state of the random number into the shuffle
* calculation to balance that shuffle a bit more.
*/
- if (ec) {
- jent_get_nstime_internal(ec, &time);
- time ^= ec->data[0];
- }
+ jent_get_nstime_internal(ec, &time);
/*
* We fold the time value as much as possible to ensure that as many
* bits of the time stamp are included as possible.
*/
- for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
+ for (i = 0; (((sizeof(time) << 3) + bits - 1) / bits) > i; i++) {
shuffle ^= time & mask;
time = time >> bits;
}
@@ -91,11 +88,11 @@ static uint64_t jent_loop_shuffle(struct
* This function injects the individual bits of the time value into the
* entropy pool using a hash.
*
- * @ec [in] entropy collector struct -- may be NULL
- * @time [in] time stamp to be injected
+ * @ec [in] entropy collector struct
+ * @time [in] time delta to be injected
* @loop_cnt [in] if a value not equal to 0 is set, use the given value as
* number of loops to perform the hash operation
- * @stuck [in] Is the time stamp identified as stuck?
+ * @stuck [in] Is the time delta identified as stuck?
*
* Output:
* updated hash context
@@ -104,17 +101,19 @@ static void jent_hash_time(struct rand_d
uint64_t loop_cnt, unsigned int stuck)
{
HASH_CTX_ON_STACK(ctx);
- uint8_t itermediary[SHA3_256_SIZE_DIGEST];
+ uint8_t intermediary[SHA3_256_SIZE_DIGEST];
uint64_t j = 0;
- uint64_t hash_loop_cnt;
#define MAX_HASH_LOOP 3
#define MIN_HASH_LOOP 0
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_HASH_LOOP + MIN_HASH_LOOP) > 63);
- hash_loop_cnt =
+ uint64_t hash_loop_cnt =
jent_loop_shuffle(ec, MAX_HASH_LOOP, MIN_HASH_LOOP);
+ /* Use the memset to shut up valgrind */
+ memset(intermediary, 0, sizeof(intermediary));
+
sha3_256_init(&ctx);
/*
@@ -125,35 +124,54 @@ static void jent_hash_time(struct rand_d
hash_loop_cnt = loop_cnt;
/*
- * This loop basically slows down the SHA-3 operation depending
- * on the hash_loop_cnt. Each iteration of the loop generates the
- * same result.
+ * This loop fills a buffer which is injected into the entropy pool.
+ * The main reason for this loop is to execute something over which we
+ * can perform a timing measurement. The injection of the resulting
+ * data into the pool is performed to ensure the result is used and
+ * the compiler cannot optimize the loop away in case the result is not
+ * used at all. Yet that data is considered "additional information"
+ * considering the terminology from SP800-90A without any entropy.
+ *
+ * Note, it does not matter which or how much data you inject, we are
+ * interested in one Keccack1600 compression operation performed with
+ * the sha3_final.
*/
for (j = 0; j < hash_loop_cnt; j++) {
- sha3_update(&ctx, ec->data, SHA3_256_SIZE_DIGEST);
- sha3_update(&ctx, (uint8_t *)&time, sizeof(uint64_t));
+ sha3_update(&ctx, intermediary, sizeof(intermediary));
+ sha3_update(&ctx, (uint8_t *)&ec->rct_count,
+ sizeof(ec->rct_count));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_cutoff,
+ sizeof(ec->apt_cutoff));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_observations,
+ sizeof(ec->apt_observations));
+ sha3_update(&ctx, (uint8_t *)&ec->apt_count,
+ sizeof(ec->apt_count));
+ sha3_update(&ctx,(uint8_t *) &ec->apt_base,
+ sizeof(ec->apt_base));
sha3_update(&ctx, (uint8_t *)&j, sizeof(uint64_t));
+ sha3_final(&ctx, intermediary);
+ }
- /*
- * If the time stamp is stuck, do not finally insert the value
- * into the entropy pool. Although this operation should not do
- * any harm even when the time stamp has no entropy, SP800-90B
- * requires that any conditioning operation to have an identical
- * amount of input data according to section 3.1.5.
- */
+ /*
+ * Inject the data from the previous loop into the pool. This data is
+ * not considered to contain any entropy, but it stirs the pool a bit.
+ */
+ sha3_update(ec->hash_state, intermediary, sizeof(intermediary));
- /*
- * The sha3_final operations re-initialize the context for the
- * next loop iteration.
- */
- if (stuck || (j < hash_loop_cnt - 1))
- sha3_final(&ctx, itermediary);
- else
- sha3_final(&ctx, ec->data);
- }
+ /*
+ * Insert the time stamp into the hash context representing the pool.
+ *
+ * If the time stamp is stuck, do not finally insert the value into the
+ * entropy pool. Although this operation should not do any harm even
+ * when the time stamp has no entropy, SP800-90B requires that any
+ * conditioning operation to have an identical amount of input data
+ * according to section 3.1.5.
+ */
+ if (!stuck)
+ sha3_update(ec->hash_state, (uint8_t *)&time, sizeof(uint64_t));
jent_memset_secure(&ctx, SHA_MAX_CTX_SIZE);
- jent_memset_secure(itermediary, sizeof(itermediary));
+ jent_memset_secure(intermediary, sizeof(intermediary));
}
#define MAX_ACC_LOOP_BIT 7
@@ -184,13 +202,12 @@ static inline uint32_t xoshiro128starsta
static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
- uint64_t i = 0;
+ uint64_t i = 0, time = 0;
union {
uint32_t u[4];
uint8_t b[sizeof(uint32_t) * 4];
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
uint32_t addressMask;
- uint64_t acc_loop_cnt;
if (NULL == ec || NULL == ec->mem)
return;
@@ -199,7 +216,7 @@ static void jent_memaccess(struct rand_d
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
- acc_loop_cnt =
+ uint64_t acc_loop_cnt =
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
/*
@@ -213,8 +230,10 @@ static void jent_memaccess(struct rand_d
* "per-update: timing, it gets you mostly independent "per-update"
* timing, so we can now benefit from the Central Limit Theorem!
*/
- for (i = 0; i < sizeof(prngState); i++)
- prngState.b[i] ^= ec->data[i];
+ for (i = 0; i < sizeof(prngState); i++) {
+ jent_get_nstime_internal(ec, &time);
+ prngState.b[i] ^= (uint8_t)(time & 0xff);
+ }
/*
* testing purposes -- allow test app to set the counter, not
@@ -358,21 +377,21 @@ unsigned int jent_measure_jitter(struct
/**
* Generator of one 256 bit random number
- * Function fills rand_data->data
+ * Function fills rand_data->hash_state
*
* @ec [in] Reference to entropy collector
*/
void jent_random_data(struct rand_data *ec)
{
- unsigned int k = 0, safety_factor = ENTROPY_SAFETY_FACTOR;
+ unsigned int k = 0, safety_factor = 0;
- if (!ec->fips_enabled)
- safety_factor = 0;
+ if (ec->fips_enabled)
+ safety_factor = ENTROPY_SAFETY_FACTOR;
/* priming of the ->prev_time value */
jent_measure_jitter(ec, 0, NULL);
- while (1) {
+ while (!jent_health_failure(ec)) {
/* If a stuck measurement is received, repeat measurement */
if (jent_measure_jitter(ec, 0, NULL))
continue;
@@ -385,3 +404,22 @@ void jent_random_data(struct rand_data *
break;
}
}
+
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len)
+{
+ uint8_t jent_block[SHA3_256_SIZE_DIGEST];
+
+ BUILD_BUG_ON(SHA3_256_SIZE_DIGEST != (DATA_SIZE_BITS / 8));
+
+ /* The final operation automatically re-initializes the ->hash_state */
+ sha3_final(ec->hash_state, jent_block);
+ if (dst_len)
+ memcpy(dst, jent_block, dst_len);
+
+ /*
+ * Stir the new state with the data from the old state - the digest
+ * of the old data is not considered to have entropy.
+ */
+ sha3_update(ec->hash_state, jent_block, sizeof(jent_block));
+ jent_memset_secure(jent_block, sizeof(jent_block));
+}
Index: libgcrypt-1.10.0/random/jitterentropy-noise.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-noise.h
+++ libgcrypt-1.10.0/random/jitterentropy-noise.h
@@ -31,6 +31,7 @@ unsigned int jent_measure_jitter(struct
uint64_t loop_cnt,
uint64_t *ret_current_delta);
void jent_random_data(struct rand_data *ec);
+void jent_read_random_block(struct rand_data *ec, char *dst, size_t dst_len);
#ifdef __cplusplus
}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.c
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.c
@@ -19,6 +19,7 @@
*/
#include "jitterentropy-sha3.h"
+#include "jitterentropy.h"
/***************************************************************************
* Message Digest Implementation
@@ -380,3 +381,23 @@ int sha3_tester(void)
return 0;
}
+
+int sha3_alloc(void **hash_state)
+{
+ struct sha_ctx *tmp;
+
+ tmp = jent_zalloc(SHA_MAX_CTX_SIZE);
+ if (!tmp)
+ return 1;
+
+ *hash_state = tmp;
+
+ return 0;
+}
+
+void sha3_dealloc(void *hash_state)
+{
+ struct sha_ctx *ctx = (struct sha_ctx *)hash_state;
+
+ jent_zfree(ctx, SHA_MAX_CTX_SIZE);
+}
Index: libgcrypt-1.10.0/random/jitterentropy-sha3.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-sha3.h
+++ libgcrypt-1.10.0/random/jitterentropy-sha3.h
@@ -47,6 +47,8 @@ struct sha_ctx {
void sha3_256_init(struct sha_ctx *ctx);
void sha3_update(struct sha_ctx *ctx, const uint8_t *in, size_t inlen);
void sha3_final(struct sha_ctx *ctx, uint8_t *digest);
+int sha3_alloc(void **hash_state);
+void sha3_dealloc(void *hash_state);
int sha3_tester(void);
#ifdef __cplusplus
Index: libgcrypt-1.10.0/random/jitterentropy-timer.c
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-timer.c
+++ libgcrypt-1.10.0/random/jitterentropy-timer.c
@@ -202,8 +202,8 @@ int jent_notime_enable(struct rand_data
if (jent_force_internal_timer || (flags & JENT_FORCE_INTERNAL_TIMER)) {
/* Self test not run yet */
if (!jent_force_internal_timer &&
- jent_time_entropy_init(flags | JENT_FORCE_INTERNAL_TIMER,
- ec->osr))
+ jent_time_entropy_init(ec->osr,
+ flags | JENT_FORCE_INTERNAL_TIMER))
return EHEALTH;
ec->enable_notime = 1;
Index: libgcrypt-1.10.0/random/jitterentropy.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy.h
+++ libgcrypt-1.10.0/random/jitterentropy.h
@@ -49,7 +49,7 @@
***************************************************************************/
/*
- * Enable timer-less timer support
+ * Enable timer-less timer support with JENT_CONF_ENABLE_INTERNAL_TIMER
*
* In case the hardware is identified to not provide a high-resolution time
* stamp, this option enables a built-in high-resolution time stamp mechanism.
@@ -166,7 +166,7 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
- uint8_t data[SHA3_256_SIZE_DIGEST]; /* SENSITIVE Actual random number */
+ void *hash_state; /* SENSITIVE hash state entropy pool */
uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
@@ -378,28 +378,34 @@ int jent_entropy_init(void);
JENT_PRIVATE_STATIC
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
+/*
+ * Set a callback to run on health failure in FIPS mode.
+ * This function will take an action determined by the caller.
+ */
+typedef void (*jent_fips_failure_cb)(struct rand_data *ec,
+ unsigned int health_failure);
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb);
+
/* return version number of core library */
JENT_PRIVATE_STATIC
unsigned int jent_version(void);
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
/* Set a different thread handling logic for the notimer support */
JENT_PRIVATE_STATIC
int jent_entropy_switch_notime_impl(struct jent_notime_thread *new_thread);
-#endif
/* -- END of Main interface functions -- */
/* -- BEGIN timer-less threading support functions to prevent code dupes -- */
-struct jent_notime_ctx {
#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
+
+struct jent_notime_ctx {
pthread_attr_t notime_pthread_attr; /* pthreads library */
pthread_t notime_thread_id; /* pthreads thread ID */
-#endif
};
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
JENT_PRIVATE_STATIC
int jent_notime_init(void **ctx);
Index: libgcrypt-1.10.0/random/jitterentropy-base-user.h
===================================================================
--- libgcrypt-1.10.0.orig/random/jitterentropy-base-user.h
+++ libgcrypt-1.10.0/random/jitterentropy-base-user.h
@@ -213,12 +213,12 @@ static inline void jent_get_cachesize(lo
ext = strstr(buf, "K");
if (ext) {
shift = 10;
- ext = '\0';
+ *ext = '\0';
} else {
ext = strstr(buf, "M");
if (ext) {
shift = 20;
- ext = '\0';
+ *ext = '\0';
}
}

View File

@ -1,35 +0,0 @@
--- libgcrypt-1.10.3.orig/acinclude.m4
+++ libgcrypt-1.10.3/acinclude.m4
@@ -130,10 +130,10 @@ EOF
ac_nlist=conftest.nm
if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \| cut -d \' \' -f 2 \> $ac_nlist) && test -s "$ac_nlist"; then
# See whether the symbols have a leading underscore.
- if egrep '^_nm_test_func' "$ac_nlist" >/dev/null; then
+ if grep -E '^_nm_test_func' "$ac_nlist" >/dev/null; then
ac_cv_sys_symbol_underscore=yes
else
- if egrep '^nm_test_func ' "$ac_nlist" >/dev/null; then
+ if grep -E '^nm_test_func ' "$ac_nlist" >/dev/null; then
:
else
echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD
--- libgcrypt-1.10.3.orig/src/libgcrypt-config.in
+++ libgcrypt-1.10.3/src/libgcrypt-config.in
@@ -154,7 +154,7 @@ if test "$echo_cflags" = "yes"; then
tmp=""
for i in $includes $cflags_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done
@@ -175,7 +175,7 @@ if test "$echo_libs" = "yes"; then
tmp=""
for i in $libdirs $libs_final; do
- if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ if echo "$tmp" | @GREP@ -F -v -- "$i" >/dev/null; then
tmp="$tmp $i"
fi
done

View File

@ -1,76 +0,0 @@
commit 2c5e5ab6843d747c4b877d2c6f47226f61e9ff14
Author: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun Jun 12 21:51:34 2022 +0300
ppc enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch 3.00
* cipher/chacha20.c (chacha20_do_setkey) [USE_PPC_VEC]: Enable
P10 assembly for HWF_PPC_ARCH_3_00 if ENABLE_FORCE_SOFT_HWFEATURES is
defined.
* cipher/poly1305.c (poly1305_init) [POLY1305_USE_PPC_VEC]: Likewise.
* cipher/rijndael.c (do_setkey) [USE_PPC_CRYPTO_WITH_PPC9LE]: Likewise.
---
This change allows testing P10 implementations with P9 and with QEMU-PPC.
GnuPG-bug-id: 6006
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Index: libgcrypt-1.10.2/cipher/chacha20.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/chacha20.c
+++ libgcrypt-1.10.2/cipher/chacha20.c
@@ -484,6 +484,11 @@ chacha20_do_setkey (CHACHA20_context_t *
ctx->use_ppc = (features & HWF_PPC_ARCH_2_07) != 0;
# ifndef WORDS_BIGENDIAN
ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
# endif
#endif
#ifdef USE_S390X_VX
Index: libgcrypt-1.10.2/cipher/poly1305.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/poly1305.c
+++ libgcrypt-1.10.2/cipher/poly1305.c
@@ -90,11 +90,19 @@ static void poly1305_init (poly1305_cont
const byte key[POLY1305_KEYLEN])
{
POLY1305_STATE *st = &ctx->state;
+ unsigned int features = _gcry_get_hw_features ();
#ifdef POLY1305_USE_PPC_VEC
- ctx->use_p10 = (_gcry_get_hw_features () & HWF_PPC_ARCH_3_10) != 0;
+ ctx->use_p10 = (features & HWF_PPC_ARCH_3_10) != 0;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ ctx->use_p10 |= (features & HWF_PPC_ARCH_3_00) != 0;
+# endif
#endif
+ (void)features;
+
ctx->leftover = 0;
st->h[0] = 0;
Index: libgcrypt-1.10.2/cipher/rijndael.c
===================================================================
--- libgcrypt-1.10.2.orig/cipher/rijndael.c
+++ libgcrypt-1.10.2/cipher/rijndael.c
@@ -605,6 +605,12 @@ do_setkey (RIJNDAEL_context *ctx, const
bulk_ops->xts_crypt = _gcry_aes_ppc9le_xts_crypt;
if (hwfeatures & HWF_PPC_ARCH_3_10) /* for P10 */
bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* HWF_PPC_ARCH_3_10 above is used as soft HW-feature indicator for P10.
+ * Actual implementation works with HWF_PPC_ARCH_3_00 also. */
+ if (hwfeatures & HWF_PPC_ARCH_3_00)
+ bulk_ops->gcm_crypt = _gcry_aes_p10le_gcm_crypt;
+# endif
}
#endif
#ifdef USE_PPC_CRYPTO

View File

@ -1,3 +1,97 @@
-------------------------------------------------------------------
Thu Jun 20 08:11:07 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 1.11.0:
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24. [rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation. [rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
- Add AVX512 implementation for SHA512. [rC089223aa3b]
- Add AVX512 implementation for Serpent. [rCce95b6ec35]
- Add AVX512 implementation for Poly1305 and ChaCha20. [rCcd3ed49770, rC9a63cfd617]
- Add AVX512 accelerated implementation for SHA3 and Blake2. [rCbeaad75f46,rC909daa700e]
- Add VAES/AVX2 accelerated i386 implementation for AES. [rC4a42a042bc]
- Add bulk processing for XTS mode of Camellia and SM4. [rC32b18cdb87, rCaad3381e93]
- Accelerate XTS and ECB modes for Twofish and Serpent. [rCd078a928f5,rC8a1fe5f78f]
- Add AArch64 crypto/SHA512 extension implementation for SHA512. [rCe51d3b8330]
- Add AArch64 crypto-extension implementation for Camellia. [rC898c857206]
- Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
* Bug fixes:
- For PowerPC check for missing optimization level for vector register usage. [T5785]
- Fix EdDSA secret key check. [T6511]
- Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
- Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
- Fix AESWRAP padding length check. [T7130]
* Other:
- Allow empty password for Argon2 KDF. [rCa20700c55f]
- Various constant time operation imporvements.
- Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
- Support for the random server has been removed. [T5811]
- The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
supported any more. Please use valgrind or other tools. [T5822]
- Logging is now done via the libgpg-error logging functions. [rCab0bdc72c7]
* Remove patches fixed upstream:
- libgcrypt-no-deprecated-grep-alias.patch
- libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
- libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
* Rebase patches:
- libgcrypt-FIPS-jitter-errorcodes.patch
- libgcrypt-FIPS-jitter-whole-entropy.patch
-------------------------------------------------------------------
Wed Mar 20 20:31:40 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
* Add libgcrypt-FIPS-jitter-whole-entropy.patch
-------------------------------------------------------------------
Wed Mar 20 15:13:04 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
* Add libgcrypt-FIPS-jitter-errorcodes.patch
-------------------------------------------------------------------
Mon Mar 11 16:02:55 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
* Add libgcrypt-FIPS-jitter-standalone.patch
* Remove not needed libgcrypt-jitterentropy-3.4.0.patch
-------------------------------------------------------------------
Mon Feb 26 12:13:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update upstream libgcrypt.keyring
-------------------------------------------------------------------
Sat Jan 27 13:37:34 UTC 2024 - Dirk Müller <dmueller@suse.com>

View File

@ -20,7 +20,7 @@
%define libsoname %{name}%{libsover}
%define hmac_key orboDeJITITejsirpADONivirpUkvarP
Name: libgcrypt
Version: 1.10.3
Version: 1.11.0
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
@ -31,14 +31,12 @@ Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz
Source2: baselibs.conf
Source3: random.conf
Source4: hwf.deny
# https://gnupg.org/signature_key.asc
Source5: libgcrypt.keyring
# https://www.gnupg.org/signature_key.html
Source5: https://gnupg.org/signature_key.asc#/%{name}.keyring
Source99: libgcrypt.changes
Patch1: libgcrypt-1.10.0-allow_FSM_same_state.patch
#PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
Patch2: libgcrypt-nobetasuffix.patch
# https://dev.gnupg.org/T6964
Patch3: libgcrypt-no-deprecated-grep-alias.patch
# FIPS patches:
#PATCH-FIX-SUSE bsc#1190700 FIPS: Provide a service-level indicator for PK
Patch100: libgcrypt-FIPS-SLI-pk.patch
@ -46,15 +44,16 @@ Patch100: libgcrypt-FIPS-SLI-pk.patch
Patch101: libgcrypt-FIPS-SLI-kdf-leylength.patch
#PATCH-FIX-SUSE bsc#1190700 FIPS add indicators
Patch102: libgcrypt-FIPS-SLI-hash-mac.patch
#PATCH-FIX-SUSE bsc#1202117 jsc#SLE-24941 FIPS: Port libgcrypt to use jitterentropy
Patch103: libgcrypt-jitterentropy-3.4.0.patch
#PATCH-FIX-SUSE bsc#1202117 FIPS: Get most of the entropy from rndjent_poll
Patch104: libgcrypt-FIPS-rndjent_poll.patch
# POWER patches [jsc#PED-5088] POWER performance enhancements for cryptography
Patch200: libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
Patch201: libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch
#PATCH-FIX-SUSE bsc#1220896 FIPS: Replace the built-in jitter rng with standalone version
Patch105: libgcrypt-FIPS-jitter-standalone.patch
#PATCH-FIX-SUSE bsc#1220895 FIPS: Enforce the interpretation and use of jitter rng
Patch106: libgcrypt-FIPS-jitter-errorcodes.patch
#PATCH-FIX-SUSE bsc#1220893 FIPS: Use Jitter RNG for the whole length entropy buffer
Patch107: libgcrypt-FIPS-jitter-whole-entropy.patch
BuildRequires: automake >= 1.14
BuildRequires: libgpg-error-devel >= 1.27
BuildRequires: libgpg-error-devel >= 1.49
BuildRequires: libtool
BuildRequires: makeinfo
BuildRequires: pkgconfig
@ -70,6 +69,8 @@ understanding of applied cryptography is required to use Libgcrypt.
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: System/Libraries
BuildRequires: jitterentropy-devel >= 3.4.0
Requires: libjitterentropy3 >= 3.4.0
Provides: %{libsoname}-hmac = %{version}-%{release}
Obsoletes: %{libsoname}-hmac < %{version}-%{release}
@ -83,7 +84,8 @@ License: GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Requires: libgpg-error-devel >= 1.27
Requires: jitterentropy-devel >= 3.4.0
Requires: libgpg-error-devel >= 1.49
%description devel
Libgcrypt is a general purpose library of cryptographic building
@ -100,9 +102,12 @@ library.
# Rename the internal .hmac file to include the so library version
sed -i "s/libgcrypt\.so\.hmac/\.libgcrypt\.so\.%{libsover}\.hmac/g" src/Makefile.am src/Makefile.in
# Replace the built-in jitter rng with the standalone version [bsc#1220896]
find . -type f -name "jitterentropy*" -print -delete
%build
export PUBKEYS="dsa elgamal rsa ecc"
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4"
export CIPHERS="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20 sm4 aria"
export DIGESTS="crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2 sm3"
export KDFS="s2k pkdf2 scrypt"
@ -124,6 +129,7 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
--disable-asm \
%endif
--enable-random=getentropy \
--enable-jent-support \
%{nil}
%make_build
@ -140,7 +146,6 @@ LIBGCRYPT_FORCE_FIPS_MODE=1 make -k check || true
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
%define libpath %{buildroot}%{_libdir}/libgcrypt.so.%{libsover}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \