From b626ac7062a1bc5dfdc9da09cb56b30bd211b476f3e3b2d600c9470f9fc0a1a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Tue, 19 May 2020 12:29:20 +0000 Subject: [PATCH] Accepting request 807298 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872] * Print the debug messages in test_keys() only in debug mode. - Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch libgcrypt-PCT-ECC.patch OBS-URL: https://build.opensuse.org/request/show/807298 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=135 --- libgcrypt-PCT-DSA.patch | 24 +++++++++---- libgcrypt-PCT-ECC.patch | 74 +++++++++++++++++++++++++++++------------ libgcrypt-PCT-RSA.patch | 34 ++++++++++++++----- libgcrypt.changes | 8 +++++ 4 files changed, 103 insertions(+), 37 deletions(-) diff --git a/libgcrypt-PCT-DSA.patch b/libgcrypt-PCT-DSA.patch index 1df41dc..ed0c27a 100644 --- a/libgcrypt-PCT-DSA.patch +++ b/libgcrypt-PCT-DSA.patch @@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/dsa.c =================================================================== --- libgcrypt-1.8.2.orig/cipher/dsa.c +++ libgcrypt-1.8.2/cipher/dsa.c -@@ -181,24 +181,91 @@ test_keys (DSA_secret_key *sk, unsigned +@@ -181,24 +181,101 @@ test_keys (DSA_secret_key *sk, unsigned /* Create a random plaintext. */ _gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM); @@ -23,7 +23,8 @@ Index: libgcrypt-1.8.2/cipher/dsa.c + + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + { -+ log_debug ("gcry_pk_sign failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_sign/open failed\n"); + goto leave; + } + @@ -31,6 +32,7 @@ Index: libgcrypt-1.8.2/cipher/dsa.c + _gcry_md_write (hd, buf, buflen); + + xfree (buf); ++ buf = NULL; + + /* build DSA private key sexp in s_skey */ + sexp_build (&s_skey, NULL, "(private-key (dsa(p %m)(q %m)(g %m)(y %m)(x %m)))", @@ -38,20 +40,23 @@ Index: libgcrypt-1.8.2/cipher/dsa.c + sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))"); + if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey)) + { -+ log_debug ("gcry_pk_sign failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_sign failed\n"); + goto leave; + } + + /* Check that the signature and the original plaintext differ. */ + if (_gcry_sexp_extract_param (r_sig, NULL, "rs", &r_sig_mpi, &s_sig_mpi, NULL)) + { -+ log_debug ("extracting signature data failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("extracting signature data failed\n"); + goto leave; + } + + if ( !verify (r_sig_mpi, s_sig_mpi, data, &pk)) + { -+ log_debug ("Signature failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("Signature failed\n"); + goto leave; /* Signature matches but should not. */ + } + @@ -64,17 +69,22 @@ Index: libgcrypt-1.8.2/cipher/dsa.c + sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))"); + + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) -+ log_debug ("gcry_md_open failed\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("gcry_md_open failed\n"); ++ } + + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, data); + _gcry_md_write (hd, buf, buflen); + + xfree (buf); ++ buf = NULL; + + /* verify the signature */ + if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey)) + { -+ log_debug ("gcry_pk_verify failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_verify failed\n"); + goto leave; /* Signature does not match. */ + } diff --git a/libgcrypt-PCT-ECC.patch b/libgcrypt-PCT-ECC.patch index 0916bd8..6cd7f17 100644 --- a/libgcrypt-PCT-ECC.patch +++ b/libgcrypt-PCT-ECC.patch @@ -70,7 +70,7 @@ Index: libgcrypt-1.8.2/cipher/ecc.c ECC_public_key pk; gcry_mpi_t test = mpi_new (nbits); mpi_point_struct R_; -@@ -297,17 +310,161 @@ test_keys (ECC_secret_key *sk, unsigned +@@ -297,17 +310,190 @@ test_keys (ECC_secret_key *sk, unsigned _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); @@ -91,13 +91,18 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + int flags = 0; + + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) -+ log_debug ("gcry_pk_sign failed: _gcry_md_open\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_sign failed: _gcry_md_open\n"); ++ } + + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test); + _gcry_md_write (hd, buf, buflen); + + xfree (buf); -+ ++ buf = NULL; + +- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s)) + sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))"); + + /* Assemble the point Q from affine coordinates by simple @@ -109,7 +114,11 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, flags, + sk->E.p, sk->E.a, sk->E.b); + if (_gcry_mpi_ec_get_affine (Qx, Qy, &(sk->Q), ctx)) -+ log_debug ("ecdh: Failed to get affine coordinates for Q\n"); + { +- log_fatal ("ECDSA operation: sign, verify failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("ecdh: Failed to get affine coordinates for Q\n"); ++ } + + unsigned char *rawqx, *rawqy; + unsigned int rawqxlen, rawqylen; @@ -118,7 +127,6 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + + if (rawqxlen != rawqylen) + { -+ // log_debug ("qx and qy size differ: %d != %d\n", rawqxlen, rawqylen); + if (rawqxlen < rawqylen) + { + size_t diff = rawqylen - rawqxlen; @@ -153,16 +161,17 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + _gcry_mpi_release (Qy); + xfree (rawqx); + xfree (rawqy); - -- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s)) ++ + /* build ECC private key sexp in s_skey */ + if (sk->E.name) - { -- log_fatal ("ECDSA operation: sign, verify failed\n"); ++ { + if (sexp_build (&s_skey, NULL, + "(private-key (ecc (curve %s)(d %m)(q %b)))", + sk->E.name, sk->d, qlen, q)) -+ log_debug ("ecc: Failed to build sexp for private key.\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("ecc: Failed to build sexp for private key.\n"); ++ } + } + else + { @@ -171,25 +180,31 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))", + "NIST P-512", sk->d, sk->E.p, sk->E.a, sk->E.b, sk->E.n, sk->E.h, + qlen, q)) -+ log_debug ("ecc: Failed to build sexp for private key.\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("ecc: Failed to build sexp for private key.\n"); ++ } + } + + if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey)) + { -+ log_debug ("ecc: gcry_pk_sign failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("ecc: gcry_pk_sign failed\n"); + goto leave; + } + + /* Check that the signature and the original test differ. */ + if (_gcry_sexp_extract_param (r_sig, NULL, "s", &s_sig_mpi, NULL)) + { -+ log_debug ("extracting signature data failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("extracting signature data failed\n"); + goto leave; + } + + if (!mpi_cmp (s_sig_mpi, test)) + { -+ log_debug ("Signature failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("Signature failed\n"); + goto leave; /* Signature and test match but should not. */ + } + @@ -199,7 +214,10 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + { + if (sexp_build (&s_pkey, NULL, + "(public-key (ecc (curve %s)(q %b)))", pk.E.name, qlen, q)) -+ log_debug ("ecc: Failed to build sexp for public key.\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("ecc: Failed to build sexp for public key.\n"); ++ } + } + else + { @@ -207,36 +225,48 @@ Index: libgcrypt-1.8.2/cipher/ecc.c + "(public-key" + " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))", + "NIST P-512", pk.E.p, pk.E.a, pk.E.b, pk.E.n, pk.E.h, qlen, q)) -+ log_debug ("ecc: Failed to build sexp for private key.\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("ecc: Failed to build sexp for private key.\n"); ++ } + } + + _gcry_md_close (hd); + + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) -+ log_debug ("gcry_pk_verify failed: _gcry_md_open\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_verify failed: _gcry_md_open\n"); ++ } + + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test); + _gcry_md_write (hd, buf, buflen); + + xfree (buf); ++ buf = NULL; + + /* verify the signature */ + if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey)) + { -+ log_debug ("ecc: gcry_pk_verify failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("ecc: gcry_pk_verify failed\n"); + goto leave; /* Signature does not match. */ } if (DBG_CIPHER) - log_debug ("ECDSA operation: sign, verify ok.\n"); - -+ result = 0; /* The test succeeded. */ +- log_debug ("ECDSA operation: sign, verify ok.\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("ECDSA operation: sign, verify ok.\n"); ++ } + ++ result = 0; /* The test succeeded. */ + + leave: point_free (&pk.Q); _gcry_ecc_curve_free (&pk.E); -@@ -317,6 +474,16 @@ test_keys (ECC_secret_key *sk, unsigned +@@ -317,6 +503,16 @@ test_keys (ECC_secret_key *sk, unsigned mpi_free (out); mpi_free (c); mpi_free (test); diff --git a/libgcrypt-PCT-RSA.patch b/libgcrypt-PCT-RSA.patch index c0765d6..1ce1849 100644 --- a/libgcrypt-PCT-RSA.patch +++ b/libgcrypt-PCT-RSA.patch @@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c =================================================================== --- libgcrypt-1.8.2.orig/cipher/rsa.c +++ libgcrypt-1.8.2/cipher/rsa.c -@@ -159,27 +159,93 @@ test_keys (RSA_secret_key *sk, unsigned +@@ -159,27 +159,103 @@ test_keys (RSA_secret_key *sk, unsigned /* Create another random plaintext as data for signature checking. */ _gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); @@ -32,7 +32,8 @@ Index: libgcrypt-1.8.2/cipher/rsa.c - goto leave; /* Signature matches but should not. */ + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + { -+ log_debug ("gcry_pk_sign failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_sign/open failed\n"); + goto leave_hash; + } + @@ -40,6 +41,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c + _gcry_md_write (hd, buf, buflen); + + xfree (buf); ++ buf = NULL; + + /* build RSA private key sexp in s_skey */ + sexp_build (&s_skey, NULL, @@ -50,20 +52,23 @@ Index: libgcrypt-1.8.2/cipher/rsa.c + + if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey)) + { -+ log_debug ("gcry_pk_sign failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_sign failed\n"); + goto leave_hash; + } + + /* Check that the signature and the original plaintext differ. */ + if (_gcry_sexp_extract_param (r_sig, "sig-val!rsa", "s", &r_sig_mpi, NULL)) + { -+ log_debug ("extracting signature data failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("extracting signature data failed\n"); + goto leave_hash; + } + + if (!mpi_cmp (r_sig_mpi, plaintext)) + { -+ log_debug ("Signature failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("Signature failed\n"); + goto leave_hash; /* Signature and plaintext match but should not. */ + } + @@ -75,17 +80,22 @@ Index: libgcrypt-1.8.2/cipher/rsa.c + sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))"); + + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) -+ log_debug ("gcry_md_open failed\n"); ++ { ++ if (DBG_CIPHER) ++ log_debug ("gcry_md_open failed\n"); ++ } + + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, plaintext); + _gcry_md_write (hd, buf, buflen); + + xfree (buf); ++ buf = NULL; + + /* verify the signature */ + if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey)) + { -+ log_debug ("gcry_pk_verify failed\n"); ++ if (DBG_CIPHER) ++ log_debug ("gcry_pk_verify failed\n"); + goto leave_hash; /* Signature does not match. */ + } @@ -108,7 +118,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c return result; } -@@ -1903,7 +1969,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc +@@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc /* This sexp trickery is to prevent the use of blinding. * The flag doesn't get inherited by encr, so we have to * derive a new sexp from the ciphertext */ @@ -117,3 +127,11 @@ Index: libgcrypt-1.8.2/cipher/rsa.c memset(buf, 0, sizeof(buf)); err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext); if (err) +@@ -2012,6 +2088,7 @@ selftests_rsa (selftest_report_func_t re + sexp_release (skey); + if (report) + report ("pubkey", GCRY_PK_RSA, what, errtxt); ++ + return GPG_ERR_SELFTEST_FAILED; + } + diff --git a/libgcrypt.changes b/libgcrypt.changes index e494145..93d361b 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue May 19 11:25:37 UTC 2020 - Pedro Monreal Gonzalez + +- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872] + * Print the debug messages in test_keys() only in debug mode. +- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch + libgcrypt-PCT-ECC.patch + ------------------------------------------------------------------- Mon Apr 27 08:55:12 UTC 2020 - Pedro Monreal Gonzalez