forked from pool/libgcrypt
c25b02784b
- FIPS changes (from Fedora): - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by libgcrypt-1.6.1-fips-cfgrandom.patch - libgcrypt-fixed-sizet.patch: fixed an int type for -flto - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests OBS-URL: https://build.opensuse.org/request/show/227791 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=46
135 lines
4.7 KiB
Diff
135 lines
4.7 KiB
Diff
Index: libgcrypt-1.6.1/random/random-fips.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.1.orig/random/random-fips.c
|
|
+++ libgcrypt-1.6.1/random/random-fips.c
|
|
@@ -27,10 +27,10 @@
|
|
There are 3 random context which map to the different levels of
|
|
random quality:
|
|
|
|
- Generator Seed and Key Kernel entropy (init/reseed)
|
|
- ------------------------------------------------------------
|
|
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
|
|
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
|
|
+ Generator Seed and Key Kernel entropy (init/reseed)
|
|
+ ---------------------------------------------------------------------------------------
|
|
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
|
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
|
gcry_create_nonce GCRY_STRONG_RANDOM n/a
|
|
|
|
All random generators return their data in 128 bit blocks. If the
|
|
@@ -40,8 +40,10 @@
|
|
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
|
|
|
|
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
|
|
- keyed and seeded from the /dev/random device. Thus these
|
|
- generators may block until the kernel has collected enough entropy.
|
|
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
|
|
+ if the device or symlink to device exists xored with the data
|
|
+ from the /dev/urandom device. This allows the system administrator
|
|
+ to always seed the RNGs from /dev/random if it is required.
|
|
|
|
The gcry_create_nonce generator is keyed and seeded from the
|
|
GCRY_STRONG_RANDOM generator. It may also block if the
|
|
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
|
|
entropy_collect_buffer_len = 0;
|
|
|
|
#if USE_RNDLINUX
|
|
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
|
+ X931_AES_KEYLEN,
|
|
+ -1);
|
|
+ entropy_collect_buffer_len = 0;
|
|
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
|
X931_AES_KEYLEN,
|
|
- GCRY_VERY_STRONG_RANDOM);
|
|
+ GCRY_STRONG_RANDOM);
|
|
#elif USE_RNDW32
|
|
do
|
|
{
|
|
Index: libgcrypt-1.6.1/random/rndlinux.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.1.orig/random/rndlinux.c
|
|
+++ libgcrypt-1.6.1/random/rndlinux.c
|
|
@@ -36,7 +36,9 @@
|
|
#include "g10lib.h"
|
|
#include "rand-internal.h"
|
|
|
|
-static int open_device (const char *name, int retry);
|
|
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
|
+
|
|
+static int open_device (const char *name, int retry, int fatal);
|
|
|
|
|
|
static int
|
|
@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
|
|
* a fatal error but retries until it is able to reopen the device.
|
|
*/
|
|
static int
|
|
-open_device (const char *name, int retry)
|
|
+open_device (const char *name, int retry, int fatal)
|
|
{
|
|
int fd;
|
|
|
|
@@ -67,6 +69,8 @@ open_device (const char *name, int retry
|
|
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
|
again:
|
|
fd = open (name, O_RDONLY);
|
|
+ if (fd == -1 && !fatal)
|
|
+ return fd;
|
|
if (fd == -1 && retry)
|
|
{
|
|
struct timeval tv;
|
|
@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
{
|
|
static int fd_urandom = -1;
|
|
static int fd_random = -1;
|
|
+ static int fd_configured = -1;
|
|
static unsigned char ever_opened;
|
|
int fd;
|
|
int n;
|
|
@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
|
|
close (fd_urandom);
|
|
fd_urandom = -1;
|
|
}
|
|
+ if (fd_configured != -1)
|
|
+ {
|
|
+ close (fd_configured);
|
|
+ fd_configured = -1;
|
|
+ }
|
|
return 0;
|
|
}
|
|
|
|
@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
|
|
that we always require the device to be existent but want a more
|
|
graceful behaviour if the rarely needed close operation has been
|
|
used and the device needs to be re-opened later. */
|
|
+
|
|
+ if (level == -1)
|
|
+ {
|
|
+ if (fd_configured == -1)
|
|
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
|
|
+ fd = fd_configured;
|
|
+ if (fd == -1)
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (level >= 2)
|
|
{
|
|
if (fd_random == -1)
|
|
{
|
|
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
|
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
|
ever_opened |= 1;
|
|
}
|
|
fd = fd_random;
|
|
}
|
|
- else
|
|
+ else if (level != -1)
|
|
{
|
|
if (fd_urandom == -1)
|
|
{
|
|
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
|
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
|
ever_opened |= 2;
|
|
}
|
|
fd = fd_urandom;
|