forked from pool/libgcrypt
Marcus Meissner
0ee4a0f87b
- add support for SP800-90A DRBG (fate#316929, bnc#856312) * patches by Stephan Mueller (http://www.chronox.de/drbg.html): 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch 0007-User-interface-to-DRBG.patch * only after 13.1 (the patches need libgpg-error 1.13) - drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't applied anyway) OBS-URL: https://build.opensuse.org/request/show/232937 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=51
64 lines
2.6 KiB
Diff
64 lines
2.6 KiB
Diff
From bac07e2002f1de9b9ffad477135a67b1bdcf5d85 Mon Sep 17 00:00:00 2001
|
|
From: Stephan Mueller <smueller@chronox.de>
|
|
Date: Sat, 8 Mar 2014 23:16:24 +0100
|
|
Subject: [PATCH v3 6/7] DRBG specific gcry_control requests
|
|
To: gcrypt-devel@gnupg.org
|
|
Cc: jeremy.wayne.powell@gmail.com
|
|
|
|
gcry_control GCRYCTL_DRBG_REINIT
|
|
================================
|
|
This control request re-initializes the DRBG completely, i.e. the entire
|
|
state of the DRBG is zeroized (with two exceptions listed in
|
|
GCRYCTL_DRBG_SET_ENTROPY).
|
|
|
|
The control request takes the following values which influences how
|
|
the DRBG is re-initialized:
|
|
* __u32 flags: This variable specifies the DRBG type to be used for the
|
|
next initialization. If set to 0, the previous DRBG type is
|
|
used for the initialization. The DRBG type is an OR of the
|
|
mandatory flags of the requested DRBG strength and DRBG
|
|
cipher type. Optionally, the prediction resistance flag
|
|
can be ORed into the flags variable. For example:
|
|
- CTR-DRBG with AES-128 without prediction
|
|
resistance:
|
|
DRBG_CTRAES128
|
|
- HMAC-DRBG with SHA-512 with prediction resistance:
|
|
DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
|
|
* struct drbg_string *pers: personalization string to be used for
|
|
initialization.
|
|
* struct drbg_test_data *test: TEST parameter only -- should be NULL in
|
|
normal use -- parameter sets predefined
|
|
"entropy"
|
|
The variable of flags is independent from the pers/perslen variables. If
|
|
flags is set to 0 and perslen is set to 0, the current DRBG type is
|
|
completely reset without using a personalization string.
|
|
|
|
Changes v3:
|
|
|
|
* addition of struct drbg_test_data *test to reinit call
|
|
* change personalization string invocation to struct drbg_string
|
|
* remove set_entropy call
|
|
|
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
|
---
|
|
diff --git a/src/global.c b/src/global.c
|
|
index 4e8df86..5c19cca 100644
|
|
--- a/src/global.c
|
|
+++ b/src/global.c
|
|
@@ -671,6 +671,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
|
|
rc = GPG_ERR_NOT_IMPLEMENTED;
|
|
break;
|
|
|
|
+ case GCRYCTL_DRBG_REINIT:
|
|
+ {
|
|
+ u_int32_t flags = va_arg (arg_ptr, u_int32_t);
|
|
+ struct drbg_string *pers = va_arg (arg_ptr, struct drbg_string *);
|
|
+ struct drbg_test_data *test_data = va_arg (arg_ptr, struct drbg_test_data *);
|
|
+ rc = _gcry_drbg_reinit(flags, pers, test_data);
|
|
+ }
|
|
+ break;
|
|
+
|
|
default:
|
|
_gcry_set_preferred_rng_type (0);
|
|
rc = GPG_ERR_INV_OP;
|