3
0
forked from pool/libgcrypt
libgcrypt/0006-DRBG-specific-gcry_control-requests.patch
Marcus Meissner 0ee4a0f87b Accepting request 232937 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
  * patches by Stephan Mueller (http://www.chronox.de/drbg.html):
    0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    0007-User-interface-to-DRBG.patch
  * only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
  applied anyway)

OBS-URL: https://build.opensuse.org/request/show/232937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
2014-05-07 15:00:08 +00:00

64 lines
2.6 KiB
Diff

From bac07e2002f1de9b9ffad477135a67b1bdcf5d85 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 8 Mar 2014 23:16:24 +0100
Subject: [PATCH v3 6/7] DRBG specific gcry_control requests
To: gcrypt-devel@gnupg.org
Cc: jeremy.wayne.powell@gmail.com
gcry_control GCRYCTL_DRBG_REINIT
================================
This control request re-initializes the DRBG completely, i.e. the entire
state of the DRBG is zeroized (with two exceptions listed in
GCRYCTL_DRBG_SET_ENTROPY).
The control request takes the following values which influences how
the DRBG is re-initialized:
* __u32 flags: This variable specifies the DRBG type to be used for the
next initialization. If set to 0, the previous DRBG type is
used for the initialization. The DRBG type is an OR of the
mandatory flags of the requested DRBG strength and DRBG
cipher type. Optionally, the prediction resistance flag
can be ORed into the flags variable. For example:
- CTR-DRBG with AES-128 without prediction
resistance:
DRBG_CTRAES128
- HMAC-DRBG with SHA-512 with prediction resistance:
DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
* struct drbg_string *pers: personalization string to be used for
initialization.
* struct drbg_test_data *test: TEST parameter only -- should be NULL in
normal use -- parameter sets predefined
"entropy"
The variable of flags is independent from the pers/perslen variables. If
flags is set to 0 and perslen is set to 0, the current DRBG type is
completely reset without using a personalization string.
Changes v3:
* addition of struct drbg_test_data *test to reinit call
* change personalization string invocation to struct drbg_string
* remove set_entropy call
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
diff --git a/src/global.c b/src/global.c
index 4e8df86..5c19cca 100644
--- a/src/global.c
+++ b/src/global.c
@@ -671,6 +671,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
rc = GPG_ERR_NOT_IMPLEMENTED;
break;
+ case GCRYCTL_DRBG_REINIT:
+ {
+ u_int32_t flags = va_arg (arg_ptr, u_int32_t);
+ struct drbg_string *pers = va_arg (arg_ptr, struct drbg_string *);
+ struct drbg_test_data *test_data = va_arg (arg_ptr, struct drbg_test_data *);
+ rc = _gcry_drbg_reinit(flags, pers, test_data);
+ }
+ break;
+
default:
_gcry_set_preferred_rng_type (0);
rc = GPG_ERR_INV_OP;