powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

libgcrypt package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 4 years ago
parent
938f46b0f6
commit
6b068057f1
24 changed files with 9597 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      SOURCES/hobble-libgcrypt
  2. 73
      SOURCES/libgcrypt-1.5.0-leak.patch
  3. 12
      SOURCES/libgcrypt-1.5.0-noecc.patch
  4. 214
      SOURCES/libgcrypt-1.5.0-tests.patch
  5. 87
      SOURCES/libgcrypt-1.5.0-use-fipscheck.patch
  6. 82
      SOURCES/libgcrypt-1.5.1-use-poll.patch
  7. 30
      SOURCES/libgcrypt-1.5.2-aliasing.patch
  8. 102
      SOURCES/libgcrypt-1.5.2-mpicoder-gccopt.patch
  9. 133
      SOURCES/libgcrypt-1.5.3-ath-reinstall.patch
  10. 972
      SOURCES/libgcrypt-1.5.3-drbg-cavs.patch
  11. 23
      SOURCES/libgcrypt-1.5.3-drbg-init.patch
  12. 2699
      SOURCES/libgcrypt-1.5.3-drbg.patch
  13. 1451
      SOURCES/libgcrypt-1.5.3-fips-cavs.patch
  14. 142
      SOURCES/libgcrypt-1.5.3-fips-cfgrandom.patch
  15. 72
      SOURCES/libgcrypt-1.5.3-fips-ctor.patch
  16. 359
      SOURCES/libgcrypt-1.5.3-fips-reqs.patch
  17. 18
      SOURCES/libgcrypt-1.5.3-fips-test.patch
  18. 32
      SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch
  19. 141
      SOURCES/libgcrypt-1.5.3-rng-predictable.patch
  20. 374
      SOURCES/libgcrypt-1.5.3-rsa-fips-keygen.patch
  21. 38
      SOURCES/libgcrypt-1.5.3-urandom-only.patch
  22. 28
      SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch
  23. 2007
      SOURCES/wk@g10code.com
  24. 499
      SPECS/libgcrypt.spec

9
SOURCES/hobble-libgcrypt
Unescape View File

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
#!/bin/sh

# Quit out if anything fails.
set -e -x

# Clean out patent-or-otherwise-encumbered code.
# EC: ????????? ??/??/2015

rm -f cipher/ecc.c

73
SOURCES/libgcrypt-1.5.0-leak.patch
Unescape View File

@ -0,0 +1,73 @@ @@ -0,0 +1,73 @@
diff -up libgcrypt-1.5.0/cipher/elgamal.c.leak libgcrypt-1.5.0/cipher/elgamal.c
--- libgcrypt-1.5.0/cipher/elgamal.c.leak 2011-02-04 20:09:38.000000000 +0100
+++ libgcrypt-1.5.0/cipher/elgamal.c 2012-12-03 14:51:10.743067964 +0100
@@ -641,7 +641,10 @@ elg_generate_ext (int algo, unsigned int
}
if (xvalue)
- ec = generate_using_x (&sk, nbits, xvalue, retfactors);
+ {
+ ec = generate_using_x (&sk, nbits, xvalue, retfactors);
+ gcry_mpi_release(xvalue);
+ }
else
{
generate (&sk, nbits, retfactors);
diff -up libgcrypt-1.5.0/cipher/primegen.c.leak libgcrypt-1.5.0/cipher/primegen.c
--- libgcrypt-1.5.0/cipher/primegen.c.leak 2012-04-05 15:37:52.000000000 +0200
+++ libgcrypt-1.5.0/cipher/primegen.c 2012-12-03 14:44:14.610010867 +0100
@@ -1198,10 +1198,7 @@ gcry_prime_group_generator (gcry_mpi_t *
gcry_mpi_t prime, gcry_mpi_t *factors,
gcry_mpi_t start_g)
{
- gcry_mpi_t tmp = gcry_mpi_new (0);
- gcry_mpi_t b = gcry_mpi_new (0);
- gcry_mpi_t pmin1 = gcry_mpi_new (0);
- gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+ gcry_mpi_t tmp, b, pmin1, g;
int first = 1;
int i, n;
@@ -1214,6 +1211,11 @@ gcry_prime_group_generator (gcry_mpi_t *
if (n < 2)
return gpg_error (GPG_ERR_INV_ARG);
+ tmp = gcry_mpi_new (0);
+ b = gcry_mpi_new (0);
+ pmin1 = gcry_mpi_new (0);
+ g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+
/* Extra sanity check - usually disabled. */
/* mpi_set (tmp, factors[0]); */
/* for(i = 1; i < n; i++) */
diff -up libgcrypt-1.5.0/cipher/pubkey.c.leak libgcrypt-1.5.0/cipher/pubkey.c
--- libgcrypt-1.5.0/cipher/pubkey.c.leak 2011-06-13 12:23:50.000000000 +0200
+++ libgcrypt-1.5.0/cipher/pubkey.c 2012-12-03 15:23:42.377183489 +0100
@@ -2853,6 +2853,8 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc
REGISTER_DEFAULT_PUBKEYS;
+ init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, gcry_pk_get_nbits (s_pkey));
+
/* Get the key. */
rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module);
if (rc)
@@ -2873,7 +2875,6 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc
algo_elems = pubkey->elements_enc;
/* Get the stuff we want to encrypt. */
- init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, gcry_pk_get_nbits (s_pkey));
rc = sexp_data_to_mpi (s_data, &data, &ctx);
if (rc)
goto leave;
diff -up libgcrypt-1.5.0/src/hmac256.c.leak libgcrypt-1.5.0/src/hmac256.c
--- libgcrypt-1.5.0/src/hmac256.c.leak 2011-02-04 20:17:33.000000000 +0100
+++ libgcrypt-1.5.0/src/hmac256.c 2012-12-03 15:37:36.504955809 +0100
@@ -435,7 +435,6 @@ _gcry_hmac256_finalize (hmac256_context_
tmphd = _gcry_hmac256_new (NULL, 0);
if (!tmphd)
{
- free (hd);
return NULL;
}
_gcry_hmac256_update (tmphd, hd->opad, 64);

12
SOURCES/libgcrypt-1.5.0-noecc.patch
Unescape View File

@ -0,0 +1,12 @@ @@ -0,0 +1,12 @@
diff -up libgcrypt-1.5.0/tests/Makefile.noecc libgcrypt-1.5.0/tests/Makefile
--- libgcrypt-1.5.0/tests/Makefile.in.noecc 2011-07-21 15:34:33.000000000 +0200
+++ libgcrypt-1.5.0/tests/Makefile.in 2011-07-21 15:39:35.000000000 +0200
@@ -57,7 +57,7 @@ TESTS = version$(EXEEXT) t-mpi-bit$(EXEE
ac-data$(EXEEXT) basic$(EXEEXT) mpitests$(EXEEXT) \
tsexp$(EXEEXT) keygen$(EXEEXT) pubkey$(EXEEXT) hmac$(EXEEXT) \
keygrip$(EXEEXT) fips186-dsa$(EXEEXT) aeswrap$(EXEEXT) \
- curves$(EXEEXT) t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
+ t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
$(am__EXEEXT_1) benchmark$(EXEEXT)
# random.c uses fork() thus a test for W32 does not make any sense.

214
SOURCES/libgcrypt-1.5.0-tests.patch
Unescape View File

@ -0,0 +1,214 @@ @@ -0,0 +1,214 @@
diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
--- libgcrypt-1.5.0/cipher/dsa.c.tests 2011-06-13 12:24:46.000000000 +0200
+++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-20 16:44:51.000000000 +0200
@@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
&initial_seed.seedlen);
}
-
- /* Fixme: Enable 186-3 after it has been approved and after fixing
- the generation function. */
- /* if (use_fips186_2) */
- (void)use_fips186_2;
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
- initial_seed.seed,
+
+ if (use_fips186_2)
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- /* else */
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
- /* &prime_q, &prime_p, */
- /* r_counter, */
- /* r_seed, r_seedlen, NULL); */
+ else
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen, NULL);
gcry_sexp_release (initial_seed.sexp);
if (ec)
goto leave;
diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
--- libgcrypt-1.5.0/cipher/primegen.c.tests 2011-03-28 14:19:52.000000000 +0200
+++ libgcrypt-1.5.0/cipher/primegen.c 2011-07-21 14:36:03.000000000 +0200
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
gpg_err_code_t ec;
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
gcry_mpi_t tmpval = NULL; /* Helper variable. */
int hashalgo; /* The id of the Approved Hash Function. */
@@ -1737,7 +1737,7 @@ _gcry_generate_fips186_3_prime (unsigned
}
gcry_mpi_release (prime_q); prime_q = NULL;
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
- value_u, sizeof value_u, NULL));
+ value_u, qbits/8, NULL));
if (ec)
goto leave;
mpi_set_highbit (prime_q, qbits-1 );
@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned
if (seed_plus[i])
break;
}
- gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+ gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
gcry_mpi_release (tmpval); tmpval = NULL;
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
- digest, sizeof digest, NULL));
+ digest, qbits/8, NULL));
if (ec)
goto leave;
if (value_j == value_n)
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
}
/* Step 12: Save p, q, counter and seed. */
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
+/* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
log_printhex("fips186-3 seed:", seed, seedlen);
log_mpidump ("fips186-3 prime p", prime_p);
- log_mpidump ("fips186-3 prime q", prime_q);
+ log_mpidump ("fips186-3 prime q", prime_q); */
if (r_q)
{
*r_q = prime_q;
diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
--- libgcrypt-1.5.0/cipher/rsa.c.tests 2011-06-10 10:53:41.000000000 +0200
+++ libgcrypt-1.5.0/cipher/rsa.c 2011-07-21 14:36:59.000000000 +0200
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
--- libgcrypt-1.5.0/random/random-fips.c.tests 2011-07-20 16:40:59.000000000 +0200
+++ libgcrypt-1.5.0/random/random-fips.c 2011-07-20 16:40:59.000000000 +0200
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
check_guards (rng_ctx);
+ reinitialize:
/* Initialize the cipher handle and thus setup the key if needed. */
if (!rng_ctx->cipher_hd)
{
@@ -710,13 +711,11 @@ get_random (void *buffer, size_t length,
if (rng_ctx->key_init_pid != getpid ()
|| rng_ctx->seed_init_pid != getpid ())
{
- /* We are in a child of us. Because we have no way yet to do
- proper re-initialization (including self-checks etc), the
- only chance we have is to bail out. Obviusly a fork/exec
- won't harm because the exec overwrites the old image. */
- fips_signal_error ("fork without proper re-initialization "
- "detected in RNG");
- goto bailout;
+ /* Just reinitialize the key & seed. */
+ gcry_cipher_close(rng_ctx->cipher_hd);
+ rng_ctx->cipher_hd = NULL;
+ rng_ctx->is_seeded = 0;
+ goto reinitialize;
}
if (x931_aes_driver (buffer, length, rng_ctx))
diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
--- libgcrypt-1.5.0/tests/ac.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/ac.c 2011-07-20 16:40:59.000000000 +0200
@@ -150,6 +150,9 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (gcry_fips_mode_active())
+ /* ac not functional in the fips mode, skip it */
+ return 77;
if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
/* No valuable keys are create, so we can speed up our RNG. */
diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
--- libgcrypt-1.5.0/tests/ac-data.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/ac-data.c 2011-07-20 16:40:59.000000000 +0200
@@ -198,6 +198,9 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (gcry_fips_mode_active())
+ /* ac not functional in the fips mode, skip it */
+ return 77;
if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
--- libgcrypt-1.5.0/tests/ac-schemes.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/ac-schemes.c 2011-07-20 16:40:59.000000000 +0200
@@ -338,6 +338,9 @@ main (int argc, char **argv)
if (! gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (gcry_fips_mode_active())
+ /* ac not functional in the fips mode, skip it */
+ return 77;
if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
--- libgcrypt-1.5.0/tests/keygen.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/keygen.c 2011-07-21 14:39:03.000000000 +0200
@@ -148,12 +148,12 @@ check_rsa_keys (void)
}
if (verbose)
- fprintf (stderr, "creating 1536 bit DSA key\n");
+ fprintf (stderr, "creating 2048 bit DSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
- " (nbits 4:1536)\n"
- " (qbits 3:224)\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -190,11 +190,11 @@ check_rsa_keys (void)
if (verbose)
- fprintf (stderr, "creating 512 bit RSA key with e=257\n");
+ fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 3:257)\n"
" ))", 0, 1);
if (rc)
@@ -208,11 +208,11 @@ check_rsa_keys (void)
gcry_sexp_release (key);
if (verbose)
- fprintf (stderr, "creating 512 bit RSA key with default e\n");
+ fprintf (stderr, "creating 1024 bit RSA key with default secure e\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 1:0)\n"
" ))", 0, 1);
if (rc)

87
SOURCES/libgcrypt-1.5.0-use-fipscheck.patch
Unescape View File

@ -0,0 +1,87 @@ @@ -0,0 +1,87 @@
diff -up libgcrypt-1.5.0/src/fips.c.use-fipscheck libgcrypt-1.5.0/src/fips.c
--- libgcrypt-1.5.0/src/fips.c.use-fipscheck 2011-02-04 20:17:33.000000000 +0100
+++ libgcrypt-1.5.0/src/fips.c 2011-07-20 16:17:21.000000000 +0200
@@ -570,23 +570,48 @@ run_random_selftests (void)
return !!err;
}
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
-
- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -594,7 +619,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -603,7 +628,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;
diff -up libgcrypt-1.5.0/src/Makefile.in.use-fipscheck libgcrypt-1.5.0/src/Makefile.in
--- libgcrypt-1.5.0/src/Makefile.in.use-fipscheck 2011-06-29 10:58:01.000000000 +0200
+++ libgcrypt-1.5.0/src/Makefile.in 2011-07-20 16:19:33.000000000 +0200
@@ -375,7 +375,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
../cipher/libcipher.la \
../random/librandom.la \
../mpi/libmpi.la \
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
dumpsexp_SOURCES = dumpsexp.c
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)

82
SOURCES/libgcrypt-1.5.1-use-poll.patch
Unescape View File

@ -0,0 +1,82 @@ @@ -0,0 +1,82 @@
diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndlinux.c
--- libgcrypt-1.5.1/random/rndlinux.c.use-poll 2013-03-20 15:33:26.504867356 +0100
+++ libgcrypt-1.5.1/random/rndlinux.c 2013-03-20 15:37:24.999944048 +0100
@@ -32,6 +32,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <poll.h>
#include "types.h"
#include "g10lib.h"
#include "rand-internal.h"
@@ -142,49 +143,37 @@ _gcry_rndlinux_gather_random (void (*add
}
/* Enter the read loop. */
- delay = 0; /* Start with 0 seconds so that we do no block on the
+ delay = 100; /* Start with 0 seconds so that we do no block on the
first iteration and in turn call the progress function
before blocking. To give the OS a better chance to
return with something we will actually use 100ms. */
while (length)
{
- fd_set rfds;
- struct timeval tv;
int rc;
+ struct pollfd pfd;
- /* If the system has no limit on the number of file descriptors
- and we encounter an fd which is larger than the fd_set size,
- we don't use the select at all. The select code is only used
- to emit progress messages. A better solution would be to
- fall back to poll() if available. */
-#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE)
-#endif
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+
+ if ( !(rc=poll(&pfd, 1, delay)) )
{
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = delay;
- tv.tv_usec = delay? 0 : 100000;
- if ( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
- {
- if (!any_need_entropy || last_so_far != (want - length) )
- {
- last_so_far = want - length;
- _gcry_random_progress ("need_entropy", 'X',
- (int)last_so_far, (int)want);
- any_need_entropy = 1;
- }
- delay = 3; /* Use 3 seconds henceforth. */
- continue;
- }
- else if( rc == -1 )
+ if (!any_need_entropy || last_so_far != (want - length) )
{
- log_error ("select() error: %s\n", strerror(errno));
- if (!delay)
- delay = 1; /* Use 1 second if we encounter an error before
+ last_so_far = want - length;
+ _gcry_random_progress ("need_entropy", 'X',
+ (int)last_so_far, (int)want);
+ any_need_entropy = 1;
+ }
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before
we have ever blocked. */
- continue;
- }
+ continue;
}
do

30
SOURCES/libgcrypt-1.5.2-aliasing.patch
Unescape View File

@ -0,0 +1,30 @@ @@ -0,0 +1,30 @@
diff -up libgcrypt-1.5.2/cipher/Makefile.am.aliasing libgcrypt-1.5.2/cipher/Makefile.am
--- libgcrypt-1.5.2/cipher/Makefile.am.aliasing 2013-04-18 16:49:13.000000000 +0200
+++ libgcrypt-1.5.2/cipher/Makefile.am 2013-04-25 21:48:57.867465215 +0200
@@ -81,3 +81,9 @@ tiger.o: $(srcdir)/tiger.c
tiger.lo: $(srcdir)/tiger.c
`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
+
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
diff -up libgcrypt-1.5.2/cipher/Makefile.in.aliasing libgcrypt-1.5.2/cipher/Makefile.in
--- libgcrypt-1.5.2/cipher/Makefile.in.aliasing 2013-04-18 17:06:03.000000000 +0200
+++ libgcrypt-1.5.2/cipher/Makefile.in 2013-04-25 21:48:59.164493610 +0200
@@ -638,6 +638,12 @@ tiger.o: $(srcdir)/tiger.c
tiger.lo: $(srcdir)/tiger.c
`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff -up libgcrypt-1.5.2/cipher/rijndael.c.aliasing libgcrypt-1.5.2/cipher/rijndael.c

102
SOURCES/libgcrypt-1.5.2-mpicoder-gccopt.patch
Unescape View File

@ -0,0 +1,102 @@ @@ -0,0 +1,102 @@
diff -up libgcrypt-1.5.2/mpi/mpicoder.c.gccopt libgcrypt-1.5.2/mpi/mpicoder.c
--- libgcrypt-1.5.2/mpi/mpicoder.c.gccopt 2013-04-18 16:48:42.000000000 +0200
+++ libgcrypt-1.5.2/mpi/mpicoder.c 2013-06-20 10:24:57.241510589 +0200
@@ -555,16 +555,16 @@ gcry_mpi_print (enum gcry_mpi_format for
extra=1;
}
- if (buffer && n > len)
- {
- /* The provided buffer is too short. */
- gcry_free (tmp);
- return gcry_error (GPG_ERR_TOO_SHORT);
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (n > len)
+ {
+ /* The provided buffer is too short. */
+ gcry_free (tmp);
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ }
if (extra)
*s++ = 0;
memcpy (s, tmp, n-extra);
@@ -580,12 +580,12 @@ gcry_mpi_print (enum gcry_mpi_format for
/* Note: We ignore the sign for this format. */
/* FIXME: for performance reasons we should put this into
mpi_aprint because we can then use the buffer directly. */
- if (buffer && n > len)
- return gcry_error (GPG_ERR_TOO_SHORT);
if (buffer)
{
unsigned char *tmp;
+ if (n > len)
+ return gcry_error (GPG_ERR_TOO_SHORT);
tmp = _gcry_mpi_get_buffer (a, &n, NULL);
if (!tmp)
return gpg_error_from_syserror ();
@@ -603,14 +603,13 @@ gcry_mpi_print (enum gcry_mpi_format for
if( a->sign )
return gcry_error (GPG_ERR_INV_ARG);
- if (buffer && n+2 > len)
- return gcry_error (GPG_ERR_TOO_SHORT);
-
if (buffer)
{
unsigned char *tmp;
unsigned char *s = buffer;
+ if (n+2 > len)
+ return gcry_error (GPG_ERR_TOO_SHORT);
s[0] = nbits >> 8;
s[1] = nbits;
@@ -641,16 +640,16 @@ gcry_mpi_print (enum gcry_mpi_format for
extra=1;
}
- if (buffer && n+4 > len)
- {
- gcry_free(tmp);
- return gcry_error (GPG_ERR_TOO_SHORT);
- }
-
if (buffer)
{
unsigned char *s = buffer;
+ if (n+4 > len)
+ {
+ gcry_free(tmp);
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ }
+
*s++ = n >> 24;
*s++ = n >> 16;
*s++ = n >> 8;
@@ -677,15 +676,15 @@ gcry_mpi_print (enum gcry_mpi_format for
if (!n || (*tmp & 0x80))
extra = 2;
- if (buffer && 2*n + extra + !!a->sign + 1 > len)
- {
- gcry_free(tmp);
- return gcry_error (GPG_ERR_TOO_SHORT);
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (2*n + extra + !!a->sign + 1 > len)
+ {
+ gcry_free(tmp);
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ }
if (a->sign)
*s++ = '-';
if (extra)

133
SOURCES/libgcrypt-1.5.3-ath-reinstall.patch
Unescape View File

@ -0,0 +1,133 @@ @@ -0,0 +1,133 @@
diff -up libgcrypt-1.5.3/src/ath.c.ath-reinstall libgcrypt-1.5.3/src/ath.c
--- libgcrypt-1.5.3/src/ath.c.ath-reinstall 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/src/ath.c 2017-02-28 14:37:15.267668432 +0100
@@ -36,7 +36,7 @@
#include <errno.h>
#include "ath.h"
-
+#include "g10lib.h"
/* The interface table. */
@@ -45,6 +45,13 @@ static struct ath_ops ops;
/* True if we should use the external callbacks. */
static int ops_set;
+struct lock_list
+{
+ ath_mutex_t *lock;
+ struct lock_list *next;
+};
+
+static struct lock_list *reinstallable_locks;
/* For the dummy interface. */
#define MUTEX_UNLOCKED ((ath_mutex_t) 0)
@@ -62,6 +69,50 @@ static int ops_set;
/* The lock we take while checking for lazy lock initialization. */
static ath_mutex_t check_init_lock = ATH_MUTEX_INITIALIZER;
+static void
+add_reinstallable_lock(ath_mutex_t *lock)
+{
+ struct lock_list *ll, *new, **ptr;
+
+ new = gcry_calloc(1, sizeof(*new));
+ if (!new)
+ abort();
+
+ for (ll = reinstallable_locks, ptr = &reinstallable_locks; ll != NULL; ptr = &ll->next, ll = ll->next)
+ {
+ if (ll->lock == lock)
+ {
+ gcry_free(new);
+ return;
+ }
+ }
+
+ new->lock = lock;
+ *ptr = new;
+}
+
+static void
+remove_reinstallable_lock(ath_mutex_t *lock)
+{
+ struct lock_list *ll, **ptr;
+
+ for (ll = reinstallable_locks, ptr = &reinstallable_locks; ll != NULL; ptr = &ll->next, ll = ll->next)
+ {
+ if (ll->lock == lock)
+ {
+ *ptr = ll->next;
+ gcry_free(ll);
+ /* we do not store duplicates */
+ return;
+ }
+ }
+
+#ifndef NDEBUG
+ /* lock not found, should not happen */
+ abort();
+#endif
+}
+
int
ath_init (void)
{
@@ -85,7 +136,9 @@ ath_init (void)
gpg_err_code_t
ath_install (struct ath_ops *ath_ops, int check_only)
{
- if (check_only)
+ gpg_err_code_t err = 0;
+
+ if (check_only && ops_set)
{
unsigned int option = 0;
@@ -119,7 +172,25 @@ ath_install (struct ath_ops *ath_ops, in
else
ops_set = 0;
- return 0;
+ if (ops_set && reinstallable_locks)
+ {
+ struct lock_list *ll;
+
+ ath_init();
+ for (ll = reinstallable_locks; ll != NULL;)
+ {
+ struct lock_list *prev;
+
+ if (ath_mutex_init(ll->lock))
+ err = GPG_ERR_NOT_SUPPORTED;
+ prev = ll;
+ ll = ll->next;
+ gcry_free(prev);
+ }
+ reinstallable_locks = NULL;
+ }
+
+ return err;
}
@@ -143,6 +214,8 @@ ath_mutex_init (ath_mutex_t *lock)
{
if (ops_set)
return mutex_init (lock, 0);
+ else
+ add_reinstallable_lock(lock);
#ifndef NDEBUG
*lock = MUTEX_UNLOCKED;
@@ -168,6 +241,8 @@ ath_mutex_destroy (ath_mutex_t *lock)
(*ops.mutex_unlock) (&check_init_lock);
return (*ops.mutex_destroy) (lock);
}
+ else
+ remove_reinstallable_lock(lock);
#ifndef NDEBUG
assert (*lock == MUTEX_UNLOCKED);

972
SOURCES/libgcrypt-1.5.3-drbg-cavs.patch
Unescape View File

@ -0,0 +1,972 @@ @@ -0,0 +1,972 @@
diff -up libgcrypt-1.5.3/random/drbg.c.drbg-cavs libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.drbg-cavs 2017-02-28 14:28:55.695906569 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2017-02-28 14:28:55.700906686 +0100
@@ -2130,6 +2130,16 @@ gcry_drbg_cavs_test (struct gcry_drbg_te
if (ret)
goto outbuf;
+ if (test->entropyrsd)
+ {
+ gcry_drbg_string_fill (&testentropy, test->entropyrsd,
+ test->entropyrsdlen);
+ gcry_drbg_string_fill (&addtl, test->addtlrsd,
+ test->addtlrsdlen);
+ if (gcry_drbg_reseed (drbg, &addtl))
+ goto outbuf;
+ }
+
gcry_drbg_string_fill (&addtl, test->addtla, test->addtllen);
if (test->entpra)
{
diff -up libgcrypt-1.5.3/random/random.h.drbg-cavs libgcrypt-1.5.3/random/random.h
--- libgcrypt-1.5.3/random/random.h.drbg-cavs 2017-02-28 14:28:55.686906357 +0100
+++ libgcrypt-1.5.3/random/random.h 2017-02-28 14:28:55.700906686 +0100
@@ -69,6 +69,10 @@ struct gcry_drbg_test_vector
size_t perslen;
unsigned char *expected;
size_t expectedlen;
+ unsigned char *entropyrsd;
+ size_t entropyrsdlen;
+ unsigned char *addtlrsd;
+ size_t addtlrsdlen;
};
gpg_err_code_t gcry_drbg_cavs_test (struct gcry_drbg_test_vector *test,
diff -up libgcrypt-1.5.3/tests/cavs_driver.pl.drbg-cavs libgcrypt-1.5.3/tests/cavs_driver.pl
--- libgcrypt-1.5.3/tests/cavs_driver.pl.drbg-cavs 2017-02-28 14:28:55.674906074 +0100
+++ libgcrypt-1.5.3/tests/cavs_driver.pl 2017-02-28 14:41:46.086048300 +0100
@@ -192,15 +192,17 @@ my $rsa_derive;
# Sign a message with RSA
# $1: data to be signed in hex form
# $2: Hash algo
-# $3: Key file in PEM format with the private key
+# $3: PSS flag
+# $4: Key file in PEM format with the private key
# return: digest in hex format
my $rsa_sign;
# Verify a message with RSA
# $1: data to be verified in hex form
# $2: hash algo
-# $3: file holding the public RSA key in PEM format
-# $4: file holding the signature in binary form
+# $3: PSS flag
+# $4: file holding the public RSA key in PEM format
+# $5: file holding the signature in binary form
# return: 1 == verified / 0 == not verified
my $rsa_verify;
@@ -329,6 +331,8 @@ my $rsa_keygen;
my $rsa_keygen_kat;
+my $drbg_kat;
+
################################################################
##### OpenSSL interface functions
################################################################
@@ -350,9 +354,10 @@ sub openssl_encdec($$$$$) {
return bin2hex($data);
}
-sub openssl_rsa_sign($$$) {
+sub openssl_rsa_sign($$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift; # unsupported
my $keyfile = shift;
$data=hex2bin($data);
@@ -365,6 +370,7 @@ sub openssl_rsa_sign($$$) {
sub openssl_rsa_verify($$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift; # unsupported
my $keyfile = shift;
my $sigfile = shift;
@@ -497,27 +503,38 @@ sub libgcrypt_rsa_keygen_kat($$$$) {
}
-sub libgcrypt_rsa_sign($$$) {
+sub libgcrypt_rsa_sign($$$$) {
my $data = shift;
my $hashalgo = shift;
+ my $pss = shift;
my $keyfile = shift;
die "ARCFOUR not available for RSA" if $opt{'R'};
+ if ($pss) {
+ return pipe_through_program($data,
+ "fipsdrv --pss --algo $hashalgo --key $keyfile rsa-sign");
+ }
return pipe_through_program($data,
"fipsdrv --pkcs1 --algo $hashalgo --key $keyfile rsa-sign");
}
-sub libgcrypt_rsa_verify($$$$) {
+sub libgcrypt_rsa_verify($$$$$) {
my $data = shift;
my $hashalgo = shift;
+ my $pss = shift;
my $keyfile = shift;
my $sigfile = shift;
die "ARCFOUR not available for RSA" if $opt{'R'};
+
+ if ($pss) {
+ $data = pipe_through_program($data,
+ "fipsdrv --pss --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify");
+ } else {
$data = pipe_through_program($data,
"fipsdrv --pkcs1 --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify");
-
+ }
# Parse through the output information
return ($data =~ /GOOD signature/);
}
@@ -543,6 +560,16 @@ sub libgcrypt_hash($$) {
return pipe_through_program($pt, $program);
}
+sub libgcrypt_hash_mct($$) {
+ my $pt = shift;
+ my $hashalgo = shift;
+
+ my $program = "fipsdrv --algo $hashalgo --loop digest";
+ die "ARCFOUR not available for hashes" if $opt{'R'};
+
+ return pipe_through_program($pt, $program);
+}
+
sub libgcrypt_state_cipher($$$$$) {
my $cipher = shift;
my $enc = (shift) ? "encrypt": "decrypt";
@@ -693,6 +720,35 @@ sub libgcrypt_dsa_verify($$$$) {
return ($ret =~ /GOOD signature/);
}
+sub libgcrypt_drbg_kat($$$$$$$$$$$$$$$$$) {
+ my $mode = shift;
+ my $cipher = shift;
+ my $pr = shift;
+ my $ent = shift;
+ my $entlen = shift;
+ my $nonce = shift;
+ my $noncelen = shift;
+ my $entrs = shift;
+ my $addtlrs = shift;
+ my $entpra = shift;
+ my $entprb = shift;
+ my $addtla = shift;
+ my $addtlb = shift;
+ my $addtllen = shift;
+ my $pers = shift;
+ my $perslen = shift;
+ my $expectedlen = shift;
+
+ my $entprlen = $entlen;
+
+ # concatenate entropy and nonce
+ $ent .= $nonce;
+ $entlen = $entlen + $noncelen;
+
+ return lc(pipe_through_program("$mode\n$pr\n$entlen\n$ent\n$perslen\n$pers\n$expectedlen\n$addtllen\n$entrs\n$addtlrs\n$addtla\n$addtlb\n$entprlen\n$entpra\n$entprb\n", "./fipsdrv --algo $cipher drbg"));
+}
+
+
######### End of libgcrypt implementation ################
################################################################
@@ -1468,13 +1524,17 @@ sub hash_mct($$) {
my $md0=$pt;
my $md1=$pt;
my $md2=$pt;
- for (my $i=0; $i<1000; ++$i) {
- #print STDERR "outer loop $j; inner loop $i\n";
- my $mi= $md0 . $md1 . $md2;
- $md0=$md1;
- $md1=$md2;
- $md2 = &$hash($mi, $cipher);
- $md2 =~ s/\n//;
+ if ($opt{'I'} && $opt{'I'} eq 'libgcrypt') {
+ $md2 = &libgcrypt_hash_mct($pt, $cipher);
+ } else {
+ for (my $i=0; $i<1000; ++$i) {
+ #print STDERR "outer loop $j; inner loop $i\n";
+ my $mi= $md0 . $md1 . $md2;
+ $md0=$md1;
+ $md1=$md2;
+ $md2 = &$hash($mi, $cipher);
+ $md2 =~ s/\n//;
+ }
}
$out .= "MD = $md2\n\n";
$pt=$md2;
@@ -1483,21 +1543,65 @@ sub hash_mct($$) {
return $out;
}
+sub drbg_kat_driver($$$$$$$$$$$$$$$$$) {
+ my $mode = shift;
+ my $cipher = shift;
+ my $pr = shift;
+ my $ent = shift;
+ my $entlen = shift;
+ my $nonce = shift;
+ my $noncelen = shift;
+ my $entrs = shift;
+ my $addtlrs = shift;
+ my $entpra = shift;
+ my $entprb = shift;
+ my $addtla = shift;
+ my $addtlb = shift;
+ my $addtllen = shift;
+ my $pers = shift;
+ my $perslen = shift;
+ my $expectedlen = shift;
+
+ my $out = "";
+
+ $out .= "ReturnedBits = " . &$drbg_kat($mode,
+ $cipher,
+ $pr,
+ $ent,
+ $entlen,
+ $nonce,
+ $noncelen,
+ $entrs,
+ $addtlrs,
+ $entpra,
+ $entprb,
+ $addtla,
+ $addtlb,
+ $addtllen,
+ $pers,
+ $perslen,
+ $expectedlen) . "\n";
+
+ return $out;
+}
+
# RSA SigGen test
# $1: Message to be signed in hex form
# $2: Hash algorithm
-# $3: file name with RSA key in PEM form
+# $3: Use PSS
+# $4: file name with RSA key in PEM form
# return: string formatted as expected by CAVS
-sub rsa_siggen($$$) {
+sub rsa_siggen($$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift;
my $keyfile = shift;
my $out = "";
$out .= "SHAAlg = $cipher\n";
$out .= "Msg = $data\n";
- $out .= "S = " . &$rsa_sign($data, lc($cipher), $keyfile) . "\n";
+ $out .= "S = " . &$rsa_sign($data, lc($cipher), $pss, $keyfile) . "\n";
return $out;
}
@@ -1505,13 +1609,15 @@ sub rsa_siggen($$$) {
# RSA SigVer test
# $1: Message to be verified in hex form
# $2: Hash algoritm
-# $3: Signature of message in hex form
-# $4: n of the RSA key in hex in hex form
-# $5: e of the RSA key in hex in hex form
+# $3: Use PSS
+# $4: Signature of message in hex form
+# $5: n of the RSA key in hex in hex form
+# $6: e of the RSA key in hex in hex form
# return: string formatted as expected by CAVS
-sub rsa_sigver($$$$$) {
+sub rsa_sigver($$$$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift;
my $signature = shift;
my $n = shift;
my $e = shift;
@@ -1534,7 +1640,7 @@ sub rsa_sigver($$$$$) {
print FH hex2bin($signature);
close FH;
- $out .= "Result = " . (&$rsa_verify($data, lc($cipher), $keyfile, $sigfile) ? "P\n" : "F\n");
+ $out .= "Result = " . (&$rsa_verify($data, lc($cipher), $pss, $keyfile, $sigfile) ? "P\n" : "F\n");
unlink($keyfile);
unlink($sigfile);
@@ -1905,13 +2011,14 @@ sub rsa_keygen_driver($$) {
# $2 p in hex form
# $3 q in hex form
# return: string formatted as expected by CAVS
-sub rsa_keygen_kat_driver($$$) {
+sub rsa_keygen_kat_driver($$$$) {
my $mod = shift;
+ my $e = shift;
my $p = shift;
my $q = shift;
my $out = "";
- my $ret = &$rsa_keygen_kat($mod, $p, $q);
+ my $ret = &$rsa_keygen_kat($mod, $e, $p, $q);
my ($Result) = split(/\n/, $ret);
die "Return value does not contain all expected values of Result for rsa_keygen_kat"
if (!defined($Result));
@@ -1999,8 +2106,24 @@ sub parse($$) {
my $xq1 = "";
my $xq2 = "";
my $Xq = "";
+ my $pr = 0;
+ my $ent = "";
+ my $entlen = 0;
+ my $nonce = "";
+ my $noncelen = 0;
+ my $entrs = "";
+ my $addtlrs = "";
+ my $entpra = "x";
+ my $entprb = "x";
+ my $addtla = "x";
+ my $addtlb = "x";
+ my $addtllen = 0;
+ my $pers = "";
+ my $perslen = 0;
+ my $expectedlen = 0;
my $mode = "";
+ my $pss = 0;
open(IN, "<$infile");
while(<IN>) {
@@ -2029,7 +2152,7 @@ sub parse($$) {
##### Extract cipher
# XXX there may be more - to be added
- if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA|KeyGen - Random Probably Prime|KeyPair|PQGVer)/) {
+ if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA|KeyGen - Random Probably Prime|KeyPair|PQGVer|DRBG800-90A)/) {
if ($tmpline =~ /CBC/) { $mode="cbc"; }
elsif ($tmpline =~ /ECB/) { $mode="ecb"; }
elsif ($tmpline =~ /OFB/) { $mode="ofb"; }
@@ -2078,7 +2201,11 @@ sub parse($$) {
if ($tt == 0) {
##### Identify the test type
- if ($tmpline =~ /KeyGen - Random Probably Prime Known Answer Test/) {
+ if ($tmpline =~ /DRBG800-90A/) {
+ $tt = 20;
+ die "Interface function drbg_kat for DRBG KAT not defined for tested library"
+ if (!defined($drbg_kat));
+ } elsif ($tmpline =~ /KeyGen - Random Probably Prime Known Answer Test/) {
$tt = 19;
die "Interface function rsa_keygen_kat for RSA key generation KAT not defined for tested library"
if (!defined($rsa_keygen_kat));
@@ -2123,10 +2250,16 @@ sub parse($$) {
die "Interface function state_rng for RNG KAT not defined for tested library"
if (!defined($state_rng));
} elsif ($tmpline =~ /SigVer/ ) {
+ if ($tmpline =~ /RSASSA-PSS/) {
+ $pss = 1;
+ }
$tt = 6;
die "Interface function rsa_verify or gen_rsakey for RSA verification not defined for tested library"
if (!defined($rsa_verify) || !defined($gen_rsakey));
} elsif ($tmpline =~ /SigGen/ ) {
+ if ($tmpline =~ /RSASSA-PSS/) {
+ $pss = 1;
+ }
$tt = 5;
die "Interface function rsa_sign or gen_rsakey for RSA sign not defined for tested library"
if (!defined($rsa_sign) || !defined($gen_rsakey));
@@ -2252,7 +2385,7 @@ sub parse($$) {
$out .= "G = " . $pqg{'G'} . "\n\n";
}
}
- elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests
+ elsif ($line =~ /^\[mod\s*=\s*(.*)\]/) { # found in RSA requests
$modulus = $1;
$out .= $line . "\n\n"; # print it
# generate the private key with given bit length now
@@ -2277,10 +2410,21 @@ sub parse($$) {
$n=$1;
}
elsif ($line =~ /^e\s*=\s*(.*)/) { # found in RSA requests
- $e=$1;
if ($tt == 19) {
+ if ($modulus ne "" &&
+ $e ne "" &&
+ $prandom ne "") {
+ $out .= rsa_keygen_kat_driver($modulus,
+ $e,
+ $prandom,
+ "00");
+ $prandom = "";
+ $qrandom = "";
+ $e = "";
+ }
$out .= $line . "\n"; # print it
}
+ $e=$1;
}
elsif ($line =~ /^S\s*=\s*(.*)/) { # found in RSA requests
die "S seen twice - input file crap" if ($signature ne "");
@@ -2306,6 +2450,89 @@ sub parse($$) {
if ($tlen ne "");
$tlen=$1;
}
+ elsif ($tt == 20) {
+ if ($line =~ /Hash_DRBG/) { # HASH DRBG request
+ $mode = "hash";
+ }
+ elsif ($line =~ /HMAC_DRBG/) { # HMAC DRBG request
+ $mode = "hmac";
+ }
+ elsif ($line =~ /CTR_DRBG/) { # CTR DRBG request
+ $mode = "ctr";
+ }
+ elsif ($line =~ /^\[SHA-1\]/) {
+ $cipher= "sha-1";
+ }
+ elsif ($line =~ /^\[SHA-256\]/) {
+ $cipher= "sha-256";
+ }
+ elsif ($line =~ /^\[SHA-384\]/) {
+ $cipher= "sha-384";
+ }
+ elsif ($line =~ /^\[SHA-512\]/) {
+ $cipher= "sha-512";
+ }
+ elsif ($line =~ /^\[AES-128 use df\]/) {
+ $cipher= "aes-128";
+ }
+ elsif ($line =~ /^\[AES-192 use df\]/) {
+ $cipher= "aes-192";
+ }
+ elsif ($line =~ /^\[AES-256 use df\]/) {
+ $cipher= "aes-256";
+ }
+ elsif ($line =~ /^\[PredictionResistance\s*=\s*True\]/) {
+ $pr = 1;
+ }
+ elsif ($line =~ /^\[PredictionResistance\s*=\s*False\]/) {
+ $pr = 0;
+ }
+ elsif ($line =~ /^\[EntropyInputLen\s*=\s*(.*)\]/) {
+ $entlen = $1;
+ }
+ elsif ($line =~ /^\[NonceLen\s*=\s*(.*)\]/) {
+ $noncelen = $1;
+ }
+ elsif ($line =~ /^\[PersonalizationStringLen\s*=\s*(.*)\]/) {
+ $perslen = $1;
+ }
+ elsif ($line =~ /^\[AdditionalInputLen\s*=\s*(.*)\]/) {
+ $addtllen = $1;
+ }
+ elsif ($line =~ /^\[ReturnedBitsLen\s*=\s*(.*)\]/) {
+ $expectedlen = $1;
+ }
+ elsif ($line =~ /^EntropyInput\s*=\s*(.*)/) {
+ $ent = $1;
+ }
+ elsif ($line =~ /^EntropyInputReseed\s*=\s*(.*)/) {
+ $entrs = $1;
+ }
+ elsif ($line =~ /^Nonce\s*=\s*(.*)/) {
+ $nonce = $1;
+ }
+ elsif ($line =~ /^PersonalizationString\s*=\s*(.*)/) {
+ $pers = $1;
+ }
+ elsif ($line =~ /^AdditionalInput\s*=\s*(.*)/) {
+ if ($addtla eq "x") {
+ $addtla = $1;
+ } else {
+ $addtlb = $1;
+ }
+ }
+ elsif ($line =~ /^EntropyInputPR\s*=\s*(.*)/) {
+ if ($entpra eq "x") {
+ $entpra = $1;
+ } else {
+ $entprb = $1;
+ }
+ }
+ elsif ($line =~ /^AdditionalInputReseed\s*=\s*(.*)/) {
+ $addtlrs = $1;
+ }
+ $out .= $line . "\n"; # print it
+ }
elsif ($line =~ /^N\s*=\s*(.*)/) { #DSA KeyPair
die "N seen twice - check input file"
if ($capital_n);
@@ -2396,10 +2623,6 @@ sub parse($$) {
$qrandom = $1;
$out .= $line . "\n"; # print it
}
- elsif ($tt == 19 && $line =~ /^ / && $qrandom eq "") { #RSA key gen KAT
- $qrandom = "00";
- $out .= $line . "\n"; # print it
- }
else {
$out .= $line . "\n";
}
@@ -2442,13 +2665,13 @@ sub parse($$) {
}
elsif ($tt == 5) {
if ($pt ne "" && $cipher ne "" && $rsa_keyfile ne "") {
- $out .= rsa_siggen($pt, $cipher, $rsa_keyfile);
+ $out .= rsa_siggen($pt, $cipher, $pss, $rsa_keyfile);
$pt = "";
}
}
elsif ($tt == 6) {
if ($pt ne "" && $cipher ne "" && $signature ne "" && $n ne "" && $e ne "") {
- $out .= rsa_sigver($pt, $cipher, $signature, $n, $e);
+ $out .= rsa_sigver($pt, $cipher, $pss, $signature, $n, $e);
$pt = "";
$signature = "";
}
@@ -2635,6 +2858,37 @@ sub parse($$) {
$e = "";
}
}
+ elsif ($tt == 20) {
+ if (($pr == 1 && $entpra ne "x" && $entprb ne "x") ||
+ ($pr == 0 && $addtla ne "x" && $addtlb ne "x")) {
+ $out .= drbg_kat_driver($mode,
+ $cipher,
+ $pr,
+ $ent,
+ $entlen,
+ $nonce,
+ $noncelen,
+ $entrs,
+ $addtlrs,
+ $entpra,
+ $entprb,
+ $addtla,
+ $addtlb,
+ $addtllen,
+ $pers,
+ $perslen,
+ $expectedlen);
+ $entpra = "x";
+ $entprb = "x";
+ $addtla = "x";
+ $addtlb = "x";
+ $ent = "";
+ $nonce = "";
+ $pers = "";
+ $entrs = "";
+ $addtlrs = "";
+ }
+ }
elsif ($tt > 0) {
die "Test case $tt not defined";
}
@@ -2701,6 +2955,7 @@ sub main() {
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
$rsa_keygen = \&libgcrypt_rsa_keygen;
$rsa_keygen_kat = \&libgcrypt_rsa_keygen_kat;
+ $drbg_kat = \&libgcrypt_drbg_kat;
} else {
die "Invalid interface option given";
}
diff -up libgcrypt-1.5.3/tests/fipsdrv.c.drbg-cavs libgcrypt-1.5.3/tests/fipsdrv.c
--- libgcrypt-1.5.3/tests/fipsdrv.c.drbg-cavs 2017-02-28 14:28:55.674906074 +0100
+++ libgcrypt-1.5.3/tests/fipsdrv.c 2017-02-28 14:43:28.320456712 +0100
@@ -22,6 +22,7 @@
#endif
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include <stdarg.h>
#include <errno.h>
@@ -893,8 +894,10 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf;
- while (*p)
- *p++ = tolower(*p);
+ while (*p) {
+ *p = tolower(*p);
+ ++p;
+ }
p = buf;
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2;
@@ -1256,6 +1259,46 @@ run_digest (int digest_algo, const void
gcry_md_close (hd);
}
+/* Run inner loop of digest mct operation. */
+static void
+run_digest_mct_loop (int digest_algo, const void *data, size_t datalen, int iter)
+{
+ gpg_error_t err;
+ gcry_md_hd_t hd;
+ const unsigned char *digest;
+ unsigned int digestlen;
+ int i;
+ unsigned char *buf;
+
+ err = gcry_md_open (&hd, digest_algo, 0);
+ if (err)
+ die ("gcry_md_open failed for algo %d: %s\n",
+ digest_algo, gpg_strerror (err));
+
+ digestlen = gcry_md_get_algo_dlen (digest_algo);
+ if (digestlen != datalen)
+ die ("Unexpected seed size %u for Hash mct algo %d\n", datalen, digest_algo);
+
+ buf = malloc (3*datalen);
+ if (!buf)
+ die ("Buffer allocation failed\n");
+
+ memcpy (buf, data, datalen);
+ memcpy (buf + datalen, data, datalen);
+ memcpy (buf + 2*datalen, data, datalen);
+
+ for (i = 0; i < iter; ++i)
+ {
+ gcry_md_reset (hd);
+ gcry_md_write (hd, buf, 3*datalen);
+ digest = gcry_md_read (hd, digest_algo);
+ memmove (buf, buf + datalen, 2*datalen);
+ memcpy (buf + 2*datalen, digest, datalen);
+ }
+ print_buffer (digest, digestlen);
+ gcry_md_close (hd);
+}
+
/* Run a HMAC operation. */
static void
@@ -1403,7 +1446,7 @@ run_rsa_keygen (const void *data, size_t
gcry_sexp_release (l1);
if (!mpi)
die ("parameter %c missing in private-key\n", parmlist[idx]);
- print_mpi_line (mpi, 1);
+ print_mpi_line (mpi, parmlist[idx] != 'd');
gcry_mpi_release (mpi);
}
@@ -1592,7 +1635,7 @@ run_rsa_gen (int keysize, int pubexp)
encoded KEYFILE and the hash algorithm HASHALGO. */
static void
run_rsa_sign (const void *data, size_t datalen,
- int hashalgo, int pkcs1, const char *keyfile)
+ int hashalgo, int pkcs1, int pss, const char *keyfile)
{
gpg_error_t err;
@@ -1616,6 +1659,20 @@ run_rsa_sign (const void *data, size_t d
gcry_md_algo_name (hashalgo),
(int)hashsize, hash);
}
+ else if (pss)
+ {
+ unsigned char hash[64];
+ unsigned int hashsize;
+
+ hashsize = gcry_md_get_algo_dlen (hashalgo);
+ if (!hashsize || hashsize > sizeof hash)
+ die ("digest too long for buffer or unknown hash algorithm\n");
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pss)(hash %s %b))",
+ gcry_md_algo_name (hashalgo),
+ (int)hashsize, hash);
+ }
else
{
gcry_mpi_t tmp;
@@ -1683,7 +1740,7 @@ run_rsa_sign (const void *data, size_t d
binary signature in SIGFILE. */
static void
run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1,
- const char *keyfile, const char *sigfile)
+ int pss, const char *keyfile, const char *sigfile)
{
gpg_error_t err;
@@ -1703,6 +1760,20 @@ run_rsa_verify (const void *data, size_t
gcry_md_algo_name (hashalgo),
(int)hashsize, hash);
}
+ else if (pss)
+ {
+ unsigned char hash[64];
+ unsigned int hashsize;
+
+ hashsize = gcry_md_get_algo_dlen (hashalgo);
+ if (!hashsize || hashsize > sizeof hash)
+ die ("digest too long for buffer or unknown hash algorithm\n");
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pss)(hash %s %b))",
+ gcry_md_algo_name (hashalgo),
+ (int)hashsize, hash);
+ }
else
{
gcry_mpi_t tmp;
@@ -2220,7 +2291,150 @@ run_dsa_verify (const void *data, size_t
gcry_sexp_release (s_data);
}
+struct gcry_drbg_test_vector
+{
+ uint32_t flags;
+ unsigned char *entropy;
+ size_t entropylen;
+ unsigned char *entpra;
+ unsigned char *entprb;
+ size_t entprlen;
+ unsigned char *addtla;
+ unsigned char *addtlb;
+ size_t addtllen;
+ unsigned char *pers;
+ size_t perslen;
+ unsigned char *expected;
+ size_t expectedlen;
+ unsigned char *entropyrsd;
+ size_t entropyrsdlen;
+ unsigned char *addtlrsd;
+ size_t addtlrsdlen;
+ };
+
+static uint32_t
+decode_drbg_flags(const char *algo, const char *mode, const char *pr)
+{
+ uint32_t flags = 0;
+
+ if (*pr == '1')
+ flags = GCRY_DRBG_PREDICTION_RESIST;
+
+ if (!strcmp(algo, "sha-1"))
+ flags |= GCRY_DRBG_HASHSHA1;
+ else if (!strcmp(algo, "sha-256"))
+ flags |= GCRY_DRBG_HASHSHA256;
+ else if (!strcmp(algo, "sha-384"))
+ flags |= GCRY_DRBG_HASHSHA384;
+ else if (!strcmp(algo, "sha-512"))
+ flags |= GCRY_DRBG_HASHSHA512;
+ else if (!strcmp(algo, "aes-128"))
+ flags |= GCRY_DRBG_SYM128;
+ else if (!strcmp(algo, "aes-192"))
+ flags |= GCRY_DRBG_SYM192;
+ else if (!strcmp(algo, "aes-256"))
+ flags |= GCRY_DRBG_SYM256;
+
+ if (!strcmp(mode, "hmac"))
+ flags |= GCRY_DRBG_HMAC;
+ else if (!strcmp(mode, "ctr"))
+ flags |= GCRY_DRBG_CTRAES;
+
+ return flags;
+}
+
+static void
+run_drbg_test (const char *algo, void *data, size_t datalen)
+{
+ char *ptr = data;
+ char *mode;
+ char *pr;
+ char *entlen;
+ char *ent;
+ char *perslen;
+ char *pers;
+ char *expectedlen;
+ char *addtllen;
+ char *entrsd;
+ char *addtlrsd;
+ char *addtla;
+ char *addtlb;
+ char *entprlen;
+ char *entpra;
+ char *entprb;
+ unsigned char *buf;
+ size_t len;
+ struct gcry_drbg_test_vector vect;
+
+ mode = strsep(&ptr, "\n");
+ pr = strsep(&ptr, "\n");
+ entlen = strsep(&ptr, "\n");
+ ent = strsep(&ptr, "\n");
+ perslen = strsep(&ptr, "\n");
+ pers = strsep(&ptr, "\n");
+ expectedlen = strsep(&ptr, "\n");
+ addtllen = strsep(&ptr, "\n");
+ entrsd = strsep(&ptr, "\n");
+ addtlrsd = strsep(&ptr, "\n");
+ addtla = strsep(&ptr, "\n");
+ addtlb = strsep(&ptr, "\n");
+ entprlen = strsep(&ptr, "\n");
+ entpra = strsep(&ptr, "\n");
+ entprb = strsep(&ptr, "\n");
+
+ if (entprb == NULL) {
+ fprintf(stderr, "ERROR - Missing input data\n");
+ return;
+ }
+
+ vect.flags = decode_drbg_flags(algo, mode, pr);
+
+ vect.entropy = hex2buffer(ent, &len);
+ vect.entropylen = atoi(entlen) / 8;
+ if (len != vect.entropylen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ vect.pers = hex2buffer(pers, &len);
+ vect.perslen = atoi(perslen) / 8;
+ if (len != vect.perslen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ vect.expectedlen = atoi(expectedlen) / 8;
+ vect.expected = NULL;
+ vect.addtlrsdlen = vect.addtllen = atoi(addtllen) / 8;
+ vect.addtla = hex2buffer(addtla, &len);
+ vect.addtlb = hex2buffer(addtlb, &len);
+ vect.entropyrsdlen = vect.entprlen = atoi(entprlen) / 8;
+ vect.entpra = hex2buffer(entpra, &len);
+ vect.entprb = hex2buffer(entprb, &len);
+ if (*entrsd != '\0') {
+ vect.entropyrsd = hex2buffer(entrsd, &len);
+ if (len != vect.entropyrsdlen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ if (*addtlrsd != '\0') {
+ vect.addtlrsd = hex2buffer(addtlrsd, &len);
+ if (len != vect.addtlrsdlen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ } else {
+ vect.addtlrsd = NULL;
+ }
+ } else {
+ vect.entropyrsd = NULL;
+ vect.addtlrsd = NULL;
+ }
+
+ buf = gcry_xmalloc(vect.expectedlen);
+ gcry_control(75, &vect, buf);
+
+ print_data_line(buf, vect.expectedlen);
+}
static void
@@ -2251,6 +2465,7 @@ usage (int show_help)
" --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n"
+ " --pss Use PKCS#1 PSS encoding\n"
" --mct-server Run a monte carlo test server\n"
" --loop Enable random loop mode\n"
" --progress Print pogress indicators\n"
@@ -2268,6 +2483,7 @@ main (int argc, char **argv)
int no_fips = 0;
int progress = 0;
int use_pkcs1 = 0;
+ int use_pss = 0;
const char *mode_string;
const char *key_string = NULL;
const char *iv_string = NULL;
@@ -2398,6 +2614,11 @@ main (int argc, char **argv)
use_pkcs1 = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--pss"))
+ {
+ use_pss = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--mct-server"))
{
mct_server = 1;
@@ -2414,7 +2635,10 @@ main (int argc, char **argv)
usage (0);
mode_string = *argv;
- if (!strcmp (mode_string, "rsa-derive"))
+ if (!strcmp (mode_string, "rsa-derive") ||
+ !strcmp (mode_string, "rsa-keygen") ||
+ !strcmp (mode_string, "rsa-keygen-kat") ||
+ !strcmp(mode_string, "drbg"))
binary_input = 1;
if (argc == 2 && strcmp (argv[1], "-"))
@@ -2557,7 +2781,14 @@ main (int argc, char **argv)
if (!data)
die ("no data available (do not use --chunk)\n");
- run_digest (algo, data, datalen);
+ if (loop_mode)
+ {
+ run_digest_mct_loop (algo, data, datalen, 1000);
+ }
+ else
+ {
+ run_digest (algo, data, datalen);
+ }
}
else if (!strcmp (mode_string, "random"))
{
@@ -2602,6 +2833,12 @@ main (int argc, char **argv)
deinit_external_rng_test (context);
}
+ else if (!strcmp (mode_string, "drbg"))
+ {
+ if (!algo_string)
+ die ("--algo required in this mode\n");
+ run_drbg_test (algo_string, data, datalen);
+ }
else if (!strcmp (mode_string, "hmac-sha"))
{
int algo;
@@ -2679,7 +2916,7 @@ main (int argc, char **argv)
if (!data)
die ("no data available (do not use --chunk)\n");
- run_rsa_sign (data, datalen, algo, use_pkcs1, key_string);
+ run_rsa_sign (data, datalen, algo, use_pkcs1, use_pss, key_string);
}
else if (!strcmp (mode_string, "rsa-verify"))
@@ -2702,7 +2939,7 @@ main (int argc, char **argv)
if (access (signature_string, R_OK))
die ("option --signature needs to specify an existing file\n");
- run_rsa_verify (data, datalen, algo, use_pkcs1, key_string,
+ run_rsa_verify (data, datalen, algo, use_pkcs1, use_pss, key_string,
signature_string);
}
@@ -2783,12 +3020,6 @@ main (int argc, char **argv)
gcry_free (data);
- /* Because Libgcrypt does not enforce FIPS mode in all cases we let
- the process die if Libgcrypt is not anymore in FIPS mode after
- the actual operation. */
- if (!no_fips && !gcry_fips_mode_active ())
- die ("FIPS mode is not anymore active\n");
-
if (verbose)
fputs (PGM ": ready\n", stderr);

23
SOURCES/libgcrypt-1.5.3-drbg-init.patch
Unescape View File

@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
diff -up libgcrypt-1.5.3/random/drbg.c.drbg-init libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.drbg-init 2017-02-28 14:28:55.000000000 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2017-02-28 15:15:54.401291408 +0100
@@ -1820,12 +1820,16 @@ _gcry_drbg_randomize (void *buffer, size
enum gcry_random_level level)
{
(void) level;
- gcry_drbg_lock ();
if (NULL == gcry_drbg)
{
- fips_signal_error ("DRBG is not initialized");
- goto bailout;
+ _gcry_drbg_init(1);
+ if (NULL == gcry_drbg)
+ {
+ log_fatal ("DRBG is not initialized\n");
+ goto bailout;
+ }
}
+ gcry_drbg_lock ();
/* As reseeding changes the entire state of the DRBG, including any
* key, either a re-init or a reseed is sufficient for a fork */

2699
SOURCES/libgcrypt-1.5.3-drbg.patch
View File

File diff suppressed because it is too large Load Diff

1451
SOURCES/libgcrypt-1.5.3-fips-cavs.patch
View File

File diff suppressed because it is too large Load Diff

142
SOURCES/libgcrypt-1.5.3-fips-cfgrandom.patch
Unescape View File

@ -0,0 +1,142 @@ @@ -0,0 +1,142 @@
diff -up libgcrypt-1.5.3/random/drbg.c.cfgrandom libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.cfgrandom 2014-10-30 16:42:49.000000000 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2014-10-30 16:46:57.291800433 +0100
@@ -485,8 +485,11 @@ gcry_drbg_get_entropy (struct gcry_drbg_
read_cb_size = len;
read_cb_len = 0;
#if USE_RNDLINUX
+ _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,
+ -1);
+ read_cb_len = 0;
rc = _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDUNIX
rc = _gcry_rndunix_gather_random (read_cb, 0, length,
GCRY_VERY_STRONG_RANDOM);
diff -up libgcrypt-1.5.3/random/random-fips.c.cfgrandom libgcrypt-1.5.3/random/random-fips.c
--- libgcrypt-1.5.3/random/random-fips.c.cfgrandom 2014-10-30 16:42:49.942216405 +0100
+++ libgcrypt-1.5.3/random/random-fips.c 2014-10-30 16:42:49.970217037 +0100
@@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of
random quality:
- Generator Seed and Key Kernel entropy (init/reseed)
- ------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ Generator Seed and Key Kernel entropy (init/reseed)
+ ---------------------------------------------------------------------------------------
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the
@@ -40,8 +40,10 @@
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
- keyed and seeded from the /dev/random device. Thus these
- generators may block until the kernel has collected enough entropy.
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
+ if the device or symlink to device exists xored with the data
+ from the /dev/urandom device. This allows the system administrator
+ to always seed the RNGs from /dev/random if it is required.
The gcry_create_nonce generator is keyed and seeded from the
GCRY_STRONG_RANDOM generator. It may also block if the
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
entropy_collect_buffer_len = 0;
#if USE_RNDLINUX
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
+ X931_AES_KEYLEN,
+ -1);
+ entropy_collect_buffer_len = 0;
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDW32
do
{
diff -up libgcrypt-1.5.3/random/rndlinux.c.cfgrandom libgcrypt-1.5.3/random/rndlinux.c
--- libgcrypt-1.5.3/random/rndlinux.c.cfgrandom 2014-10-30 16:42:49.949216563 +0100
+++ libgcrypt-1.5.3/random/rndlinux.c 2014-10-30 16:42:49.971217059 +0100
@@ -37,7 +37,9 @@
#include "g10lib.h"
#include "rand-internal.h"
-static int open_device ( const char *name );
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
+
+static int open_device ( const char *name, int fatal );
static int
@@ -58,13 +60,17 @@ set_cloexec_flag (int fd)
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
*/
static int
-open_device ( const char *name )
+open_device ( const char *name, int fatal )
{
int fd;
fd = open ( name, O_RDONLY );
if ( fd == -1 )
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ {
+ if (! fatal)
+ return fd;
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ }
if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
@@ -93,6 +99,7 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int fd_configured = -1;
int fd;
int n;
byte buffer[768];
@@ -101,6 +108,7 @@ _gcry_rndlinux_gather_random (void (*add
size_t last_so_far = 0;
int any_need_entropy = 0;
int delay;
+ size_t orig_length = length;
/* First read from a hardware source. However let it account only
for up to 50% of the requested bytes. */
@@ -111,16 +119,26 @@ _gcry_rndlinux_gather_random (void (*add
length -= n_hw;
/* Open the requested device. */
+
+ if (level == -1)
+ {
+ if (fd_configured == -1)
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
+ fd = fd_configured;
+ if (fd == -1)
+ return -1;
+ }
+
if (level >= 2)
{
if( fd_random == -1 )
- fd_random = open_device ( NAME_OF_DEV_RANDOM );
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
fd = fd_random;
}
- else
+ else if (level != -1)
{
if( fd_urandom == -1 )
- fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
fd = fd_urandom;
}

72
SOURCES/libgcrypt-1.5.3-fips-ctor.patch
Unescape View File

@ -0,0 +1,72 @@ @@ -0,0 +1,72 @@
diff -up libgcrypt-1.5.3/cipher/md.c.fips-ctor libgcrypt-1.5.3/cipher/md.c
--- libgcrypt-1.5.3/cipher/md.c.fips-ctor 2013-07-25 11:10:03.000000000 +0200
+++ libgcrypt-1.5.3/cipher/md.c 2014-12-12 15:32:35.464515238 +0100
@@ -570,11 +570,8 @@ md_enable (gcry_md_hd_t hd, int algorith
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}
diff -up libgcrypt-1.5.3/src/global.c.fips-ctor libgcrypt-1.5.3/src/global.c
--- libgcrypt-1.5.3/src/global.c.fips-ctor 2014-12-12 15:32:35.463515215 +0100
+++ libgcrypt-1.5.3/src/global.c 2014-12-12 16:46:33.424883301 +0100
@@ -140,6 +140,34 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ int no_secmem_save;
+
+ /* it should be always 0 at this point but let's keep on the safe side */
+ no_secmem_save = no_secure_memory;
+ no_secure_memory = 1;
+ /* force selftests */
+ global_init ();
+ if (fips_mode ())
+ _gcry_random_initialize (1);
+ _gcry_fips_run_selftests (0);
+ no_secure_memory = no_secmem_save;
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -500,8 +528,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+ && !_gcry_is_fips_mode_inactive ())
err = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -600,7 +627,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!any_init_done)
+ if (fips_mode ())
{
/* Not yet intialized at all. Set the enforced fips mode flag */
_gcry_set_enforced_fips_mode ();

359
SOURCES/libgcrypt-1.5.3-fips-reqs.patch
Unescape View File

@ -0,0 +1,359 @@ @@ -0,0 +1,359 @@
diff -up libgcrypt-1.5.3/cipher/dsa.c.fips-reqs libgcrypt-1.5.3/cipher/dsa.c
--- libgcrypt-1.5.3/cipher/dsa.c.fips-reqs 2014-11-12 17:05:01.000000000 +0100
+++ libgcrypt-1.5.3/cipher/dsa.c 2014-11-14 14:32:23.751354070 +0100
@@ -55,42 +55,86 @@ typedef struct
} dsa_domain_t;
-/* A sample 1024 bit DSA key used for the selftests. */
+/* A sample 2048 bit DSA key used for the selftests. */
static const char sample_secret_key[] =
"(private-key"
" (dsa"
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
-" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
-/* A sample 1024 bit DSA key used for the selftests (public only). */
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+" 2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+" 7441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
+" 0acb673717a0d2fb3b50c893f7dab14f#)"
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800"
+" ec55f6cc#)))";
+/* A sample 2048 bit DSA key used for the selftests (public only). */
static const char sample_public_key[] =
"(public-key"
" (dsa"
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
-
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+" 2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+" 7441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
+" 0acb673717a0d2fb3b50c893f7dab14f#)))";
@@ -1046,14 +1090,14 @@ dsa_get_nbits (int algo, gcry_mpi_t *pke
*/
static const char *
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags raw)"
- " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4f1e2d3c4b5a6978879605142#))";
static const char sample_data_bad[] =
"(data (flags raw)"
- " (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d401e2d3c4b5a6978879605142#))";
const char *errtxt = NULL;
gcry_error_t err;
@@ -1131,7 +1175,7 @@ selftests_dsa (selftest_report_func_t re
}
what = "sign";
- errtxt = selftest_sign_1024 (pkey, skey);
+ errtxt = selftest_sign (pkey, skey);
if (errtxt)
goto failed;
diff -up libgcrypt-1.5.3/cipher/rsa.c.fips-reqs libgcrypt-1.5.3/cipher/rsa.c
--- libgcrypt-1.5.3/cipher/rsa.c.fips-reqs 2014-11-12 17:05:01.299387339 +0100
+++ libgcrypt-1.5.3/cipher/rsa.c 2014-11-14 14:06:00.099602441 +0100
@@ -52,33 +52,57 @@ typedef struct
} RSA_secret_key;
-/* A sample 1024 bit RSA key used for the selftests. */
+/* A sample 2048 bit RSA key used for the selftests. */
static const char sample_secret_key[] =
"(private-key"
" (rsa"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
" (e #010001#)"
-" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11"
-" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd"
-" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21"
-" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)"
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
-" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)"
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
-" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)"
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
-" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
-/* A sample 1024 bit RSA key used for the selftests (public only). */
+" (d #03b1e24a94e50ab21f8619701ec97679be2cf8f733c9331d9e2974dba721"
+" 27e5def480290e78a769f96b19d28397a284868fb614ca9b1fb3a0d7efed"
+" df41451204ce71aceba659f6ed15964ebb317712364e1cfaf2fded77d658"
+" 8561acc49c97c2d7efe75f1534b35bd4f6561e1f468b45590db34553d4d0"
+" c2cb4d806b74e1b2c52740462538865d9792b0aefbbf7b9827f4b3badcb3"
+" 5adab638266a2d2fb8422a7a19142e08848e56af77a66c39b2afafa2e15b"
+" 1a7e4ed1f2c7ed350678c0465d86472af97371b13ef5058662f835ef9087"
+" f6cca8281bbf1b6b155c737b33d9e443350df85e7cc3b507231fb839f41f"
+" 02c654b29017f35d69007c70e13ba0e5#)"
+" (p #00ccbe7b096906ee45bf884738a8f817e5b6ba6755e3e8058bb8e253d68e"
+" ef2ce74f4af74e268d850b3fecc31cd4ebec6ac8722a257dfda67796f01e"
+" cd2857f83730756bbdd47b0c87c56c8740a5bb272c78c9745a545b0b306f"
+" 444afa71e4216166f9ee65de7c04d7fda9155b7fe27aba698672a6068d9b"
+" 9055609e4c5da9b655#)"
+" (q #00fc5c6e16ce1f037bcdf7b372b28f1672b856aef7cd67d84e7d07afd543"
+" 26c335be438f4e2f1c434e6bd2b2ec526d97522bcc5c3a6bf414c674da66"
+" 381c7a3f842fe3f95ab865694606a33779b2a15b58ed5ea75f8c6566bbd1"
+" 2436e637a73d49778a8c34d86929f34d5822b05124b640a886590ab7ba5c"
+" 97da57e836da7a9cad#)"
+" (u #2396c191175e0a83d2dc7b69b2591d3358523f18c709501cb9a1bb4ca238"
+" 404c9a8efe9c9092d0719f899950911f348b745311114a70e2f730d88c80"
+" e1cc9ff163171a7d67294ccb4e747be03e9e2ff4678fecb95c001e7ea27b"
+" 92c96f4ce40ef94863cd50225dbfb69d01336af450be86984fca3f3afacf"
+" 0740c4aaadaebebf#)))";
+/* A sample 2048 bit RSA key used for the selftests (public only). */
static const char sample_public_key[] =
"(public-key"
" (rsa"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
" (e #010001#)))";
@@ -1379,20 +1403,35 @@ compute_keygrip (gcry_md_hd_t md, gcry_s
*/
static const char *
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags pkcs1)"
- " (hash sha1 #11223344556677889900aabbccddeeff10203040#))";
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708090a1b1c1#))";
static const char sample_data_bad[] =
"(data (flags pkcs1)"
- " (hash sha1 #11223344556677889900aabbccddeeff80203040#))";
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708091a1b1c1#))";
+ static const char signature_ka[] =
+ "(sig-val \n"
+ " (rsa \n"
+ " (s #0B12D55738B099D401C81BEEDA54E045B4B7D9CDA5A8769E9C484F696A58912A"
+ "1E5DE7E5A2D181DA15A5C254D802AB75F1056E27406850AC7BE310BC32D2CED8"
+ "6697FE84508F7EFFF4D147C52E955A0873EF2F52ED71F2FC9C3C12D4045CB643"
+ "70158378E1494D8FBAD2248B9B64233D2CC2C1932B0531E539DEB07434B76D3B"
+ "6959E8A37E33B234C0C8C2C8FB1D00939239C9C491B2EBEED77BF952B597E11B"
+ "D4ED0C103D2B88BC78B4E505CF9D8D08B585CE3688D4FBE83ED58D1E1341AC4D"
+ "7C5EFF3CBC565CC7AE61C2F568426763A5239D31C1FFFD366984901679A343C4"
+ "01BB778BBA5E533B7875BA658A19AA9E56170F4A28E4322BF1621175FB06463E#)\n"
+ " )\n"
+ " )\n";
const char *errtxt = NULL;
gcry_error_t err;
gcry_sexp_t data = NULL;
gcry_sexp_t data_bad = NULL;
gcry_sexp_t sig = NULL;
+ char buf[1024];
+ size_t len;
err = gcry_sexp_sscan (&data, NULL,
sample_data, strlen (sample_data));
@@ -1411,6 +1450,12 @@ selftest_sign_1024 (gcry_sexp_t pkey, gc
errtxt = "signing failed";
goto leave;
}
+ len = gcry_sexp_sprint (sig, GCRYSEXP_FMT_ADVANCED, buf, sizeof(buf));
+ if (len != sizeof (signature_ka) - 1 || memcmp (buf, signature_ka, len) != 0)
+ {
+ errtxt = "signature KAT failed";
+ goto leave;
+ }
err = gcry_pk_verify (sig, data, pkey);
if (err)
{
@@ -1467,11 +1512,11 @@ extract_a_from_sexp (gcry_sexp_t encr_da
static const char *
-selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_encr (gcry_sexp_t pkey, gcry_sexp_t skey)
{
const char *errtxt = NULL;
gcry_error_t err;
- const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */
+ const unsigned int nbits = 2000; /* Encrypt 2000 random bits. */
gcry_mpi_t plaintext = NULL;
gcry_sexp_t plain = NULL;
gcry_sexp_t encr = NULL;
@@ -1594,12 +1639,12 @@ selftests_rsa (selftest_report_func_t re
}
what = "sign";
- errtxt = selftest_sign_1024 (pkey, skey);
+ errtxt = selftest_sign (pkey, skey);
if (errtxt)
goto failed;
what = "encrypt";
- errtxt = selftest_encr_1024 (pkey, skey);
+ errtxt = selftest_encr (pkey, skey);
if (errtxt)
goto failed;
diff -up libgcrypt-1.5.3/random/drbg.c.fips-reqs libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.fips-reqs 2014-11-12 17:05:01.000000000 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2014-11-14 14:45:33.820190218 +0100
@@ -390,6 +390,9 @@ gcry_drbg_fips_continuous_test (struct g
ret = memcmp (drbg->prev, buf, gcry_drbg_blocklen (drbg));
memcpy (drbg->prev, buf, gcry_drbg_blocklen (drbg));
/* the test shall pass when the two compared values are not equal */
+ if (ret == 0)
+ fips_signal_error ("duplicate block returned by DRBG");
+
return ret != 0;
}
diff -up libgcrypt-1.5.3/src/visibility.c.fips-reqs libgcrypt-1.5.3/src/visibility.c
--- libgcrypt-1.5.3/src/visibility.c.fips-reqs 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/src/visibility.c 2014-11-12 17:05:27.251973230 +0100
@@ -1217,6 +1217,9 @@ gcry_kdf_derive (const void *passphrase,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
return _gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations, keysize, keybuffer);
}
@@ -1271,6 +1274,13 @@ void
gcry_mpi_randomize (gcry_mpi_t w,
unsigned int nbits, enum gcry_random_level level)
{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
_gcry_mpi_randomize (w, nbits, level);
}
@@ -1296,6 +1306,9 @@ gcry_prime_generate (gcry_mpi_t *prime,
gcry_random_level_t random_level,
unsigned int flags)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
return _gcry_prime_generate (prime, prime_bits, factor_bits, factors,
cb_func, cb_arg, random_level, flags);
}

18
SOURCES/libgcrypt-1.5.3-fips-test.patch
Unescape View File

@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
diff -up libgcrypt-1.5.3/tests/basic.c.fips-test libgcrypt-1.5.3/tests/basic.c
--- libgcrypt-1.5.3/tests/basic.c.fips-test 2014-09-26 17:36:41.620556071 +0200
+++ libgcrypt-1.5.3/tests/basic.c 2014-09-26 17:36:43.317594382 +0200
@@ -563,6 +563,14 @@ check_ctr_cipher (void)
if (!tv[i].algo)
continue;
+ if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode)
+ {
+ if (verbose)
+ fprintf (stderr, " algorithm %d not available in fips mode\n",
+ tv[i].algo);
+ continue;
+ }
+
err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
if (!err)
err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);

32
SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch
Unescape View File

@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
diff -up libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup libgcrypt-1.5.3/cipher/kdf.c
--- libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup 2014-01-21 15:49:22.676638703 +0100
+++ libgcrypt-1.5.3/cipher/kdf.c 2014-01-21 15:52:40.115047218 +0100
@@ -172,19 +172,21 @@ pkdf2 (const void *passphrase, size_t pa
return ec;
}
+ ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
+ if (ec)
+ {
+ gcry_md_close (md);
+ gcry_free (sbuf);
+ return ec;
+ }
+
/* Step 3 and 4. */
memcpy (sbuf, salt, saltlen);
for (lidx = 1; lidx <= l; lidx++)
{
for (iter = 0; iter < iterations; iter++)
{
- ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
- if (ec)
- {
- gcry_md_close (md);
- gcry_free (sbuf);
- return ec;
- }
+ gcry_md_reset (md);
if (!iter) /* Compute U_1: */
{
sbuf[saltlen] = (lidx >> 24);

141
SOURCES/libgcrypt-1.5.3-rng-predictable.patch
Unescape View File

@ -0,0 +1,141 @@ @@ -0,0 +1,141 @@
diff -up libgcrypt-1.5.3/random/random-csprng.c.rng-predictable libgcrypt-1.5.3/random/random-csprng.c
--- libgcrypt-1.5.3/random/random-csprng.c.rng-predictable 2015-08-11 14:31:35.904275580 +0200
+++ libgcrypt-1.5.3/random/random-csprng.c 2016-08-17 23:35:15.691980751 +0200
@@ -561,41 +561,46 @@ _gcry_rngcsprng_randomize (void *buffer,
/*
- Mix the pool:
-
- |........blocks*20byte........|20byte|..44byte..|
- <..44byte..> <20byte>
- | |
- | +------+
- +---------------------------|----------+
- v v
- |........blocks*20byte........|20byte|..44byte..|
- <.....64bytes.....>
- |
- +----------------------------------+
- Hash
- v
- |.............................|20byte|..44byte..|
- <20byte><20byte><..44byte..>
- | |
- | +---------------------+
- +-----------------------------+ |
- v v
- |.............................|20byte|..44byte..|
- <.....64byte......>
- |
- +-------------------------+
- Hash
- v
- |.............................|20byte|..44byte..|
- <20byte><20byte><..44byte..>
-
- and so on until we did this for all blocks.
-
- To better protect against implementation errors in this code, we
- xor a digest of the entire pool into the pool before mixing.
-
- Note: this function must only be called with a locked pool.
+ * Mix the 600 byte pool. Note that the 64 byte scratch area directly
+ * follows the pool. The numbers in the diagram give the number of
+ * bytes.
+ * <................600...............> <.64.>
+ * pool |------------------------------------| |------|
+ * <20><.24.> <20>
+ * | | +-----+
+ * +-----|-------------------------------|-+
+ * +-------------------------------|-|-+
+ * v v v
+ * |------|
+ * <hash>
+ * +---------------------------------------+
+ * v
+ * <20>
+ * pool' |------------------------------------|
+ * <20><20><.24.>
+ * +---|-----|---------------------------+
+ * +-----|---------------------------|-+
+ * +---------------------------|-|-+
+ * v v v
+ * |------|
+ * <hash>
+ * |
+ * +-----------------------------------+
+ * v
+ * <20>
+ * pool'' |------------------------------------|
+ * <20><20><20><.24.>
+ * +---|-----|-----------------------+
+ * +-----|-----------------------|-+
+ * +-----------------------|-|-+
+ * v v v
+ *
+ * and so on until we did this for all 30 blocks.
+ *
+ * To better protect against implementation errors in this code, we
+ * xor a digest of the entire pool into the pool before mixing.
+ *
+ * Note: this function must only be called with a locked pool.
*/
static void
mix_pool(unsigned char *pool)
@@ -615,32 +620,30 @@ mix_pool(unsigned char *pool)
gcry_assert (pool_is_locked);
_gcry_rmd160_init( &md );
- /* Loop over the pool. */
+ /* pool_0 -> pool'. */
pend = pool + POOLSIZE;
- memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
- memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
- _gcry_rmd160_mixblock( &md, hashbuf);
- memcpy(pool, hashbuf, 20 );
+ memcpy (hashbuf, pend - DIGESTLEN, DIGESTLEN);
+ memcpy (hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
+ _gcry_rmd160_mixblock (&md, hashbuf);
+ memcpy (pool, hashbuf, DIGESTLEN);
if (failsafe_digest_valid && pool == rndpool)
{
- for (i=0; i < 20; i++)
+ for (i=0; i < DIGESTLEN; i++)
pool[i] ^= failsafe_digest[i];
}
+ /* Loop for the remaining iterations. */
p = pool;
for (n=1; n < POOLBLOCKS; n++)
{
- memcpy (hashbuf, p, DIGESTLEN);
-
- p += DIGESTLEN;
- if (p+DIGESTLEN+BLOCKLEN < pend)
- memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
+ if (p + BLOCKLEN < pend)
+ memcpy (hashbuf, p, BLOCKLEN);
else
{
- unsigned char *pp = p + DIGESTLEN;
+ unsigned char *pp = p;
- for (i=DIGESTLEN; i < BLOCKLEN; i++ )
+ for (i=0; i < BLOCKLEN; i++ )
{
if ( pp >= pend )
pp = pool;
@@ -648,8 +651,9 @@ mix_pool(unsigned char *pool)
}
}
- _gcry_rmd160_mixblock ( &md, hashbuf);
- memcpy(p, hashbuf, 20 );
+ _gcry_rmd160_mixblock (&md, hashbuf);
+ p += DIGESTLEN;
+ memcpy (p, hashbuf, DIGESTLEN);
}
/* Our hash implementation does only leave small parts (64 bytes)

374
SOURCES/libgcrypt-1.5.3-rsa-fips-keygen.patch
Unescape View File

@ -0,0 +1,374 @@ @@ -0,0 +1,374 @@
diff -up libgcrypt-1.5.3/cipher/primegen.c.fips-keygen libgcrypt-1.5.3/cipher/primegen.c
--- libgcrypt-1.5.3/cipher/primegen.c.fips-keygen 2014-10-21 15:05:59.434189992 +0200
+++ libgcrypt-1.5.3/cipher/primegen.c 2014-10-21 15:05:59.458190534 +0200
@@ -1189,6 +1189,22 @@ gcry_prime_check (gcry_mpi_t x, unsigned
return gcry_error (err);
}
+/* Check whether the number X is prime according to FIPS 186-4 table C.2. */
+gpg_err_code_t
+_gcry_fips186_4_prime_check (gcry_mpi_t x, unsigned int bits)
+{
+ gpg_err_code_t ec = GPG_ERR_NO_ERROR;
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
+
+ /* We use 5 or 4 rounds as specified in table C.2 */
+ if (! check_prime (x, val_2, bits > 1024 ? 4 : 5, NULL, NULL))
+ ec = GPG_ERR_NO_PRIME;
+
+ mpi_free (val_2);
+
+ return ec;
+}
+
/* Find a generator for PRIME where the factorization of (prime-1) is
in the NULL terminated array FACTORS. Return the generator as a
newly allocated MPI in R_G. If START_G is not NULL, use this as s
diff -up libgcrypt-1.5.3/cipher/rsa.c.fips-keygen libgcrypt-1.5.3/cipher/rsa.c
--- libgcrypt-1.5.3/cipher/rsa.c.fips-keygen 2014-10-21 15:05:59.423189744 +0200
+++ libgcrypt-1.5.3/cipher/rsa.c 2014-10-21 15:12:45.200350340 +0200
@@ -328,6 +328,279 @@ generate_std (RSA_secret_key *sk, unsign
}
+/****************
+ * Generate a key pair with a key of size NBITS.
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
+ * = 1 request the use of a "secure" exponent; this is required by some
+ * specification to be 65537.
+ * > 2 Use this public exponent. If the given exponent
+ * is not odd one is internally added to it.
+ * TESTPARMS: If set, do not generate but test whether the p,q is probably prime
+ * Returns key with zeroes to not break code calling this function.
+ * TRANSIENT_KEY: If true, generate the primes using the standard RNG.
+ * Returns: 2 structures filled with all needed values
+ */
+static gpg_err_code_t
+generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ gcry_sexp_t testparms, int transient_key)
+{
+ gcry_mpi_t p, q; /* the two primes */
+ gcry_mpi_t d; /* the private key */
+ gcry_mpi_t u;
+ gcry_mpi_t p1, q1;
+ gcry_mpi_t n; /* the public key */
+ gcry_mpi_t e; /* the exponent */
+ gcry_mpi_t g;
+ gcry_mpi_t minp;
+ gcry_mpi_t diff, mindiff;
+ gcry_random_level_t random_level;
+ unsigned int pbits = nbits/2;
+ unsigned int i;
+ int pqswitch;
+ gpg_err_code_t ec = GPG_ERR_NO_PRIME;
+
+ if (nbits < 1024 || (nbits & 0x1FF))
+ return GPG_ERR_INV_VALUE;
+ if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ return GPG_ERR_INV_VALUE;
+
+ /* The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+
+ if (testparms)
+ {
+ /* Parameters to derive the key are given. */
+ /* Note that we explicitly need to setup the values of tbl
+ because some compilers (e.g. OpenWatcom, IRIX) don't allow
+ to initialize a structure with automatic variables. */
+ struct { const char *name; gcry_mpi_t *value; } tbl[] = {
+ { "e" },
+ { "p" },
+ { "q" },
+ { NULL }
+ };
+ int idx;
+ gcry_sexp_t oneparm;
+
+ tbl[0].value = &e;
+ tbl[1].value = &p;
+ tbl[2].value = &q;
+
+ for (idx=0; tbl[idx].name; idx++)
+ {
+ oneparm = gcry_sexp_find_token (testparms, tbl[idx].name, 0);
+ if (oneparm)
+ {
+ *tbl[idx].value = gcry_sexp_nth_mpi (oneparm, 1,
+ GCRYMPI_FMT_USG);
+ gcry_sexp_release (oneparm);
+ }
+ }
+ for (idx=0; tbl[idx].name; idx++)
+ if (!*tbl[idx].value)
+ break;
+ if (tbl[idx].name)
+ {
+ /* At least one parameter is missing. */
+ for (idx=0; tbl[idx].name; idx++)
+ gcry_mpi_release (*tbl[idx].value);
+ return GPG_ERR_MISSING_VALUE;
+ }
+ }
+ else
+ {
+ if (use_e < 65537)
+ use_e = 65537; /* This is the smallest value allowed by FIPS */
+
+ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+
+ use_e |= 1; /* make sure this is odd */
+ mpi_set_ui (e, use_e);
+
+ p = gcry_mpi_snew (pbits);
+ q = gcry_mpi_snew (pbits);
+ }
+
+ n = gcry_mpi_new (nbits);
+ d = gcry_mpi_snew (nbits);
+ u = gcry_mpi_snew (nbits);
+
+ /* prepare approximate minimum p and q */
+ minp = gcry_mpi_new (pbits);
+ mpi_set_ui (minp, 0xB504F334);
+ gcry_mpi_lshift (minp, minp, pbits - 32);
+
+ /* prepare minimum p and q difference */
+ diff = gcry_mpi_new (pbits);
+ mindiff = gcry_mpi_new (pbits - 99);
+ mpi_set_ui (mindiff, 1);
+ gcry_mpi_lshift (mindiff, mindiff, pbits - 100);
+
+ p1 = gcry_mpi_snew (pbits);
+ q1 = gcry_mpi_snew (pbits);
+ g = gcry_mpi_snew (pbits);
+
+retry:
+ /* generate p and q */
+ for (i = 0; i < 5 * pbits; i++)
+ {
+ ploop:
+ if (!testparms)
+ {
+ gcry_mpi_randomize (p, pbits, random_level);
+ }
+ if (mpi_cmp (p, minp) < 0)
+ {
+ if (testparms) goto err;
+ goto ploop;
+ }
+
+ mpi_sub_ui (p1, p, 1);
+ if (gcry_mpi_gcd (g, p1, e))
+ {
+ if (_gcry_fips186_4_prime_check (p, pbits) != GPG_ERR_NO_ERROR)
+ {
+ /* not a prime */
+ if (testparms) goto err;
+ }
+ else
+ break;
+ }
+ else if (testparms) goto err;
+ }
+ if (i >= 5 * pbits)
+ goto err;
+
+ for (i = 0; i < 5 * pbits; i++)
+ {
+ qloop:
+ if (!testparms)
+ {
+ gcry_mpi_randomize (q, pbits, random_level);
+ }
+ if (mpi_cmp (q, minp) < 0)
+ {
+ if (testparms) goto err;
+ goto qloop;
+ }
+ if (mpi_cmp (p, q) > 0)
+ {
+ pqswitch = 1;
+ mpi_sub (diff, p, q);
+ }
+ else
+ {
+ pqswitch = 0;
+ mpi_sub (diff, q, p);
+ }
+ if (mpi_cmp (diff, mindiff) < 0)
+ {
+ if (testparms) goto err;
+ goto qloop;
+ }
+
+ mpi_sub_ui (q1, q, 1);
+ if (gcry_mpi_gcd (g, q1, e))
+ {
+ if (_gcry_fips186_4_prime_check (q, pbits) != GPG_ERR_NO_ERROR)
+ {
+ /* not a prime */
+ if (testparms) goto err;
+ }
+ else
+ break;
+ }
+ else if (testparms) goto err;
+ }
+ if (i >= 5 * pbits)
+ goto err;
+
+ if (testparms)
+ {
+ mpi_clear (p);
+ mpi_clear (q);
+ }
+ else
+ {
+ gcry_mpi_t f;
+
+ if (pqswitch)
+ {
+ gcry_mpi_t tmp;
+
+ tmp = p;
+ p = q;
+ q = tmp;
+ }
+
+ f = gcry_mpi_snew (nbits);
+
+ /* calculate the modulus */
+ mpi_mul(n, p, q);
+
+ /* calculate the secret key d = e^1 mod phi */
+ gcry_mpi_gcd (g, p1, q1);
+ mpi_fdiv_q (f, p1, g);
+ mpi_mul (f, f, q1);
+
+ mpi_invm (d, e, f);
+
+ gcry_mpi_release (f);
+
+ if (mpi_get_nbits (d) < pbits) goto retry;
+
+ /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+ mpi_invm(u, p, q );
+ }
+
+ ec = 0;
+
+ if( DBG_CIPHER )
+ {
+ log_mpidump(" p= ", p );
+ log_mpidump(" q= ", q );
+ log_mpidump(" n= ", n );
+ log_mpidump(" e= ", e );
+ log_mpidump(" d= ", d );
+ log_mpidump(" u= ", u );
+ }
+
+err:
+
+ gcry_mpi_release (p1);
+ gcry_mpi_release (q1);
+ gcry_mpi_release (g);
+ gcry_mpi_release (minp);
+ gcry_mpi_release (mindiff);
+ gcry_mpi_release (diff);
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (ec || (!testparms && test_keys (sk, nbits - 64)))
+ {
+ gcry_mpi_release (sk->n); sk->n = NULL;
+ gcry_mpi_release (sk->e); sk->e = NULL;
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->d); sk->d = NULL;
+ gcry_mpi_release (sk->u); sk->u = NULL;
+ if (!ec)
+ {
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+ }
+
+ return ec;
+}
+
+
/* Helper for generate_x931. */
static gcry_mpi_t
gen_x931_parm_xp (unsigned int nbits)
@@ -812,7 +1085,7 @@ rsa_generate_ext (int algo, unsigned int
}
}
- if (deriveparms || use_x931 || fips_mode ())
+ if (deriveparms || use_x931)
{
int swapped;
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
@@ -841,8 +1114,14 @@ rsa_generate_ext (int algo, unsigned int
transient_key = 1;
gcry_sexp_release (l1);
}
+ deriveparms = (genparms?
+ gcry_sexp_find_token (genparms, "test-parms", 0) : NULL);
/* Generate. */
- ec = generate_std (&sk, nbits, evalue, transient_key);
+ if (deriveparms || fips_mode())
+ ec = generate_fips (&sk, nbits, evalue, deriveparms, transient_key);
+ else
+ ec = generate_std (&sk, nbits, evalue, transient_key);
+ gcry_sexp_release (deriveparms);
}
if (!ec)
diff -up libgcrypt-1.5.3/src/g10lib.h.fips-keygen libgcrypt-1.5.3/src/g10lib.h
--- libgcrypt-1.5.3/src/g10lib.h.fips-keygen 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/src/g10lib.h 2014-10-21 15:05:59.459190556 +0200
@@ -195,6 +195,9 @@ gpg_err_code_t _gcry_generate_fips186_3_
int *r_counter,
void **r_seed, size_t *r_seedlen, int *r_hashalgo);
+gpg_err_code_t _gcry_fips186_4_prime_check
+ (const gcry_mpi_t x, unsigned int bits);
+
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
diff -up libgcrypt-1.5.3/tests/keygen.c.fips-keygen libgcrypt-1.5.3/tests/keygen.c
--- libgcrypt-1.5.3/tests/keygen.c.fips-keygen 2014-10-21 15:05:59.424189766 +0200
+++ libgcrypt-1.5.3/tests/keygen.c 2014-10-21 15:05:59.459190556 +0200
@@ -190,12 +190,12 @@ check_rsa_keys (void)
if (verbose)
- fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
+ fprintf (stderr, "creating 1024 bit RSA key with e=65539\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
" (nbits 4:1024)\n"
- " (rsa-use-e 3:257)\n"
+ " (rsa-use-e 5:65539)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -204,7 +204,7 @@ check_rsa_keys (void)
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
- check_generated_rsa_key (key, 257);
+ check_generated_rsa_key (key, 65539);
gcry_sexp_release (key);
if (verbose)

38
SOURCES/libgcrypt-1.5.3-urandom-only.patch
Unescape View File

@ -0,0 +1,38 @@ @@ -0,0 +1,38 @@
diff -up libgcrypt-1.5.3/random/random-csprng.c.urandom-only libgcrypt-1.5.3/random/random-csprng.c
--- libgcrypt-1.5.3/random/random-csprng.c.urandom-only 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/random/random-csprng.c 2015-04-10 10:31:39.797534903 +0200
@@ -855,7 +855,7 @@ _gcry_rngcsprng_update_seed_file (void)
if ( !allow_seed_file_update )
{
unlock_pool ();
- log_info(_("note: random_seed file not updated\n"));
+ /* log_info(_("note: random_seed file not updated\n")); */
return;
}
@@ -1120,8 +1120,7 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
- if ( !access (NAME_OF_DEV_RANDOM, R_OK)
- && !access (NAME_OF_DEV_URANDOM, R_OK))
+ if (!access (NAME_OF_DEV_URANDOM, R_OK))
{
fnc = _gcry_rndlinux_gather_random;
return fnc;
diff -up libgcrypt-1.5.3/random/rndlinux.c.urandom-only libgcrypt-1.5.3/random/rndlinux.c
--- libgcrypt-1.5.3/random/rndlinux.c.urandom-only 2014-12-12 16:51:56.000000000 +0100
+++ libgcrypt-1.5.3/random/rndlinux.c 2015-04-10 10:34:13.615111926 +0200
@@ -132,7 +132,11 @@ _gcry_rndlinux_gather_random (void (*add
if (level >= 2)
{
if( fd_random == -1 )
- fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
+ /* We try to open /dev/random first but in case the open fails
+ we gracefully retry with /dev/urandom. */
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 0 );
+ if (fd_random == -1)
+ fd_random = open_device ( NAME_OF_DEV_URANDOM, 1 );
fd = fd_random;
}
else if (level != -1)

28
SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch
Unescape View File

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
diff -up libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug libgcrypt-1.5.3/cipher/whirlpool.c
--- libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug 2013-05-22 18:02:54.000000000 +0200
+++ libgcrypt-1.5.3/cipher/whirlpool.c 2014-01-21 15:45:51.308919415 +0100
@@ -56,6 +56,7 @@ typedef struct {
unsigned char buffer[BLOCK_SIZE];
size_t count;
unsigned char length[32];
+ int bug;
} whirlpool_context_t;
@@ -1185,6 +1186,7 @@ whirlpool_init (void *ctx)
whirlpool_context_t *context = ctx;
memset (context, 0, sizeof (*context));
+ context->bug = secure_getenv("GCRYPT_WHIRLPOOL_BUG") != NULL;
}
@@ -1316,7 +1318,7 @@ whirlpool_add (whirlpool_context_t *cont
buffer_n--;
}
whirlpool_add (context, NULL, 0);
- if (!buffer_n)
+ if (context->bug && !buffer_n)
/* Done. */
return;
}

2007
SOURCES/wk@g10code.com
View File

File diff suppressed because it is too large Load Diff

499
SPECS/libgcrypt.spec
Unescape View File

@ -0,0 +1,499 @@ @@ -0,0 +1,499 @@
Name: libgcrypt
Version: 1.5.3
Release: 14%{?dist}
URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC
# cipher support. We have to remove it in the tarball we ship with
# the hobble-libgcrypt script.
#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: wk@g10code.com
Source3: hobble-libgcrypt
# do not run the ecc curves test
Patch1: libgcrypt-1.5.0-noecc.patch
# make FIPS hmac compatible with fipscheck - non upstreamable
Patch2: libgcrypt-1.5.0-use-fipscheck.patch
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
Patch5: libgcrypt-1.5.0-tests.patch
# make the FIPS-186-3 DSA CAVS testable
Patch7: libgcrypt-1.5.3-fips-cavs.patch
# fix for memory leaks an other errors found by Coverity scan
Patch9: libgcrypt-1.5.0-leak.patch
# use poll instead of select when gathering randomness
Patch11: libgcrypt-1.5.1-use-poll.patch
# compile rijndael with -fno-strict-aliasing
Patch12: libgcrypt-1.5.2-aliasing.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.5.2-mpicoder-gccopt.patch
# pbkdf2 speedup - upstream
Patch15: libgcrypt-1.5.3-pbkdf-speedup.patch
# fix bug in whirlpool implementation (for backwards compatibility
# with files generated with buggy version set environment
# varible GCRYPT_WHIRLPOOL_BUG
Patch16: libgcrypt-1.5.3-whirlpool-bug.patch
# FIPS DRBG
Patch17: libgcrypt-1.5.3-drbg.patch
# Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.5.3-fips-ctor.patch
# Make it possible to run the test suite in the FIPS mode
Patch19: libgcrypt-1.5.3-fips-test.patch
# Make the FIPS RSA keygen to be FIPS 186-4 compliant
Patch20: libgcrypt-1.5.3-rsa-fips-keygen.patch
# add configurable source of RNG seed and seed by default
# from /dev/urandom in the FIPS mode
Patch21: libgcrypt-1.5.3-fips-cfgrandom.patch
# update the selftests for new FIPS requirements
Patch22: libgcrypt-1.5.3-fips-reqs.patch
# use only urandom if /dev/random cannot be opened
Patch24: libgcrypt-1.5.3-urandom-only.patch
# fix predictable PRNG output
Patch26: libgcrypt-1.5.3-rng-predictable.patch
# add drgb cavs test
Patch27: libgcrypt-1.5.3-drbg-cavs.patch
# allow reinitialization of ath in the FIPS mode
Patch28: libgcrypt-1.5.3-ath-reinstall.patch
# allow auto-initialization of drbg
Patch29: libgcrypt-1.5.3-drbg-init.patch

%define gcrylibdir %{_libdir}

# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
# Documentation and some utilities are GPLv2+ licensed. These files
# are in the devel subpackage.
License: LGPLv2+
Summary: A general-purpose cryptography library
BuildRequires: gawk, libgpg-error-devel >= 1.4, pkgconfig
BuildRequires: fipscheck
# This is needed only when patching the .texi doc.
BuildRequires: texinfo
Group: System Environment/Libraries

%package devel
Summary: Development files for the %{name} package
License: LGPLv2+ and GPLv2+
Group: Development/Libraries
Requires(pre): /sbin/install-info
Requires(post): /sbin/install-info
Requires: libgpg-error-devel
Requires: %{name} = %{version}-%{release}

%description
Libgcrypt is a general purpose crypto library based on the code used
in GNU Privacy Guard. This is a development version.

%description devel
Libgcrypt is a general purpose crypto library based on the code used
in GNU Privacy Guard. This package contains files needed to develop
applications using libgcrypt.

%prep
%setup -q
%{SOURCE3}
%patch1 -p1 -b .noecc
%patch2 -p1 -b .use-fipscheck
%patch5 -p1 -b .tests
%patch7 -p1 -b .cavs
%patch9 -p1 -b .leak
%patch11 -p1 -b .use-poll
%patch12 -p1 -b .aliasing
%patch13 -p1 -b .gccopt
%patch15 -p1 -b .pbkdf-speedup
%patch16 -p1 -b .whirlpool-bug
%patch17 -p1 -b .drbg
%patch18 -p1 -b .fips-ctor
%patch19 -p1 -b .fips-test
%patch20 -p1 -b .fips-keygen
%patch21 -p1 -b .cfgrandom
%patch22 -p1 -b .fips-reqs
%patch24 -p1 -b .urandom-only
%patch26 -p1 -b .rng-predictable
%patch27 -p1 -b .drbg-cavs
%patch28 -p1 -b .ath-reinstall
%patch29 -p1 -b .drbg-init

%build
%configure --disable-static \
%ifarch sparc64
--disable-asm \
%endif
--enable-noexecstack \
--enable-hmac-binary-check \
--enable-pubkey-ciphers='dsa elgamal rsa' \
--disable-O-flag-munging
make %{?_smp_mflags}

%check
fipshmac src/.libs/libgcrypt.so.??
make check

# Add generation of HMAC checksums of the final stripped binaries
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
fipshmac $RPM_BUILD_ROOT%{gcrylibdir}/*.so.?? \
%{nil}

%install
make install DESTDIR=$RPM_BUILD_ROOT

# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
# a file conflict between 32- and 64-bit versions of this package.
# Also replace my_host with none.
sed -i -e 's,^libdir="/usr/lib.*"$,libdir="/usr/lib",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config
sed -i -e 's,^my_host=".*"$,my_host="none",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config

rm -f ${RPM_BUILD_ROOT}/%{_infodir}/dir ${RPM_BUILD_ROOT}/%{_libdir}/*.la
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_libdir}

%if "%{gcrylibdir}" != "%{_libdir}"
# Relocate the shared libraries to %{gcrylibdir}.
mkdir -p $RPM_BUILD_ROOT%{gcrylibdir}
for shlib in $RPM_BUILD_ROOT%{_libdir}/*.so* ; do
if test -L "$shlib" ; then
rm "$shlib"
else
mv "$shlib" $RPM_BUILD_ROOT%{gcrylibdir}/
fi
done

# Overwrite development symlinks.
pushd $RPM_BUILD_ROOT/%{_libdir}
for shlib in %{gcrylibdir}/lib*.so.* ; do
shlib=`echo "$shlib" | sed -e 's,//,/,g'`
target=`basename "$shlib" | sed -e 's,\.so.*,,g'`.so
ln -sf $shlib $target
done
popd

# Add soname symlink.
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/
%endif


# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
# that _someone_ owns it.
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post devel
[ -f %{_infodir}/gcrypt.info.gz ] && \
/sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir
exit 0

%preun devel
if [ $1 = 0 -a -f %{_infodir}/gcrypt.info.gz ]; then
/sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir
fi
exit 0

%files
%defattr(-,root,root,-)
%dir /etc/gcrypt
%{gcrylibdir}/libgcrypt.so.*
%{gcrylibdir}/.libgcrypt.so.*.hmac
%doc COPYING.LIB AUTHORS NEWS THANKS

%files devel
%defattr(-,root,root,-)
%{_bindir}/%{name}-config
%{_bindir}/dumpsexp
%{_bindir}/hmac256
%{_includedir}/*
%{_libdir}/*.so
%{_datadir}/aclocal/*

%{_infodir}/gcrypt.info*
%doc COPYING

%changelog
* Tue Feb 28 2017 Tomáš Mráz <tmraz@redhat.com> 1.5.3-14
- add DRBG CAVS driver and other necessary CAVS driver updates (#1172568)
- allow ath reinitialization in FIPS mode
- allow for auto-initialization of DRBG

* Tue Oct 25 2016 Tomáš Mráz <tmraz@redhat.com> 1.5.3-13.1
- fix CVE-2016-6313 - predictable PRNG output (#1366105)

* Fri Apr 10 2015 Tomáš Mráz <tmraz@redhat.com> 1.5.3-13
- touch only urandom in the selftest and when /dev/random is
unavailable for example by SELinux confinement
- fix the RSA selftest key (p q swap)

* Wed Jan 14 2015 Tomáš Mráz <tmraz@redhat.com> 1.5.3-12
- use macros instead of inline functions in the public header

* Fri Dec 12 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-11
- do not initialize secure memory during the selftest

* Fri Nov 14 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-10
- update the selftests for the new FIPS requirements

* Fri Oct 31 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-9
- apply the fips-cfgrandom change also to the drbg seeding

* Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-7
- make the RSA keygen to be compliant to FIPS 186-4 in
FIPS mode

* Fri Sep 26 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-5
- add FIPS DRBG implementation
- run the FIPS POST tests in shared library constructor
- make it possible to run the test suite in the FIPS mode

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.5.3-4
- Mass rebuild 2014-01-24

* Tue Jan 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-3
- fix a bug in the Whirlpool hash implementation
- speed up the PBKDF2 computation

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.5.3-2
- Mass rebuild 2013-12-27

* Fri Jul 26 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.3-1
- new upstream version fixing cache side-channel attack on RSA private keys

* Thu Jun 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-3
- silence false error detected by valgrind (#968288)

* Thu Apr 25 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-2
- silence strict aliasing warning in Rijndael
- apply UsrMove
- spec file cleanups

* Fri Apr 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-1
- new upstream version

* Wed Mar 20 2013 Tomas Mraz <tmraz@redhat.com> 1.5.1-1
- new upstream version

* Tue Mar 5 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-11
- use poll() instead of select() when gathering randomness (#913773)

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Jan 3 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-9
- allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)

* Mon Dec 3 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-8
- fix multilib conflict in libgcrypt-config
- fix minor memory leaks and other bugs found by Coverity scan

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Thu Apr 5 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-5
- Correctly rebuild the info documentation

* Wed Apr 4 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-4
- Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Mon Aug 15 2011 Kalev Lember <kalevlember@gmail.com> 1.5.0-2
- Rebuilt for rpm bug #728707

* Thu Jul 21 2011 Tomas Mraz <tmraz@redhat.com> 1.5.0-1
- new upstream version

* Mon Jun 20 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-4
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed

* Mon May 30 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-3
- Make the FIPS-186-3 DSA implementation CAVS testable
- add configurable source of RNG seed /etc/gcrypt/rngseed
in the FIPS mode (#700388)

* Fri Feb 11 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-1
- new upstream version with minor changes

* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Fri Feb 4 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-6
- fix a bug in the fips-186-3 dsa parameter generation code

* Tue Feb 1 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-5
- use /dev/urandom for seeding in the FIPS mode
- make the tests to pass in the FIPS mode also fixing
the FIPS-186-3 DSA keygen

* Sun Feb 14 2010 Rex Dieter <rdieter@fedoraproject.org> 1.4.5-4
- FTBFS libgcrypt-1.4.5-3.fc13: ImplicitDSOLinking (#564973)

* Wed Feb 3 2010 Tomas Mraz <tmraz@redhat.com> 1.4.5-3
- drop the S390 build workaround as it is no longer needed
- additional spec file cleanups for merge review (#226008)

* Mon Dec 21 2009 Tomas Mraz <tmraz@redhat.com> 1.4.5-1
- workaround for build on S390 (#548825)
- spec file cleanups
- upgrade to new minor upstream release

* Tue Aug 11 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-8
- fix warning when installed with --excludedocs (#515961)

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Jun 18 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-6
- and now really apply the padlock patch

* Wed Jun 17 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-5
- fix VIA padlock RNG inline assembly call (#505724)

* Thu Mar 5 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-4
- with the integrity verification check the library needs to link to libdl
(#488702)

* Tue Mar 3 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-3
- add hmac FIPS integrity verification check

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-1
- update to 1.4.4
- do not abort when the fips mode kernel flag is inaccessible
due to permissions (#470219)
- hobble the library to drop the ECC support

* Mon Oct 20 2008 Dennis Gilmore <dennis@ausil.us> 1.4.3-2
- disable asm on sparc64

* Thu Sep 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1
- update to 1.4.3
- own /etc/gcrypt

* Mon Sep 15 2008 Nalin Dahyabhai <nalin@redhat.com>
- invoke make with %%{?_smp_mflags} to build faster on multi-processor
systems (Steve Grubb)

* Mon Sep 8 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
- update to 1.4.2

* Tue Apr 29 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
- update to 1.4.1
- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced
by the configure script

* Thu Apr 3 2008 Joe Orton <jorton@redhat.com> 1.4.0-3
- add patch from upstream to fix severe performance regression
in entropy gathering

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
- Autorebuild for GCC 4.3

* Mon Dec 10 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.4.0-1
- update to 1.4.0

* Tue Oct 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-6
- use ldconfig to build the soname symlink for packaging along with the
shared library (#334731)

* Wed Aug 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-5
- add missing gawk buildrequirement
- switch from explicitly specifying the /dev/random RNG to just verifying
that the non-LGPL ones were disabled by the configure script

* Thu Aug 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-4
- clarify license
- force use of the linux /dev/random RNG, to avoid accidentally falling back
to others which would affect the license of the resulting library

* Mon Jul 30 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-3
- disable static libraries (part of #249815)

* Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-2
- move libgcrypt shared library to /%%{_lib} (#249815)

* Tue Feb 6 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-1
- update to 1.2.4

* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-2
- make use of install-info more failsafe (Ville Skyttä, #223705)

* Fri Sep 1 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-1
- update to 1.2.3

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-3.1
- rebuild

* Mon Jun 05 2006 Jesse Keating <jkeating@redhat.com> 1.2.2-3
- Added missing buildreq pkgconfig

* Tue May 16 2006 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-2
- remove file conflicts in libgcrypt-config by making the 64-bit version
think the libraries are in /usr/lib (which is wrong, but which it also
prunes from the suggest --libs output, so no harm done, hopefully)

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Wed Oct 5 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-1
- update to 1.2.2

* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.1-1
- update to 1.2.1

* Fri Jul 30 2004 Florian La Roche <Florian.LaRoche@redhat.de>
- another try to package the symlink

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Sun May 2 2004 Bill Nottingham <notting@redhat.com> - 1.2.0-1
- update to official 1.2.0

* Fri Apr 16 2004 Bill Nottingham <notting@redhat.com> - 1.1.94-1
- update to 1.1.94

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche@redhat.de>
- add symlinks to shared libs at compile time

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Thu Mar 20 2003 Jeff Johnson <jbj@redhat.com> 1.1.12-1
- upgrade to 1.1.12 (beta).

* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Tue May 21 2002 Jeff Johnson <jbj@redhat.com>
- update to 1.1.7
- change license to LGPL.
- include splint annotations patch.
- install info pages.

* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.6-1
- update to 1.1.6

* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.5-1
- fix the Source tag so that it's a real URL

* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package
Write Preview
Loading…
Cancel
Save