Browse Source

libgcrypt package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 5 years ago
parent
commit
6b068057f1
  1. 9
      SOURCES/hobble-libgcrypt
  2. 73
      SOURCES/libgcrypt-1.5.0-leak.patch
  3. 12
      SOURCES/libgcrypt-1.5.0-noecc.patch
  4. 214
      SOURCES/libgcrypt-1.5.0-tests.patch
  5. 87
      SOURCES/libgcrypt-1.5.0-use-fipscheck.patch
  6. 82
      SOURCES/libgcrypt-1.5.1-use-poll.patch
  7. 30
      SOURCES/libgcrypt-1.5.2-aliasing.patch
  8. 102
      SOURCES/libgcrypt-1.5.2-mpicoder-gccopt.patch
  9. 133
      SOURCES/libgcrypt-1.5.3-ath-reinstall.patch
  10. 972
      SOURCES/libgcrypt-1.5.3-drbg-cavs.patch
  11. 23
      SOURCES/libgcrypt-1.5.3-drbg-init.patch
  12. 2699
      SOURCES/libgcrypt-1.5.3-drbg.patch
  13. 1451
      SOURCES/libgcrypt-1.5.3-fips-cavs.patch
  14. 142
      SOURCES/libgcrypt-1.5.3-fips-cfgrandom.patch
  15. 72
      SOURCES/libgcrypt-1.5.3-fips-ctor.patch
  16. 359
      SOURCES/libgcrypt-1.5.3-fips-reqs.patch
  17. 18
      SOURCES/libgcrypt-1.5.3-fips-test.patch
  18. 32
      SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch
  19. 141
      SOURCES/libgcrypt-1.5.3-rng-predictable.patch
  20. 374
      SOURCES/libgcrypt-1.5.3-rsa-fips-keygen.patch
  21. 38
      SOURCES/libgcrypt-1.5.3-urandom-only.patch
  22. 28
      SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch
  23. 2007
      SOURCES/wk@g10code.com
  24. 499
      SPECS/libgcrypt.spec

9
SOURCES/hobble-libgcrypt

@ -0,0 +1,9 @@
#!/bin/sh

# Quit out if anything fails.
set -e -x

# Clean out patent-or-otherwise-encumbered code.
# EC: ????????? ??/??/2015

rm -f cipher/ecc.c

73
SOURCES/libgcrypt-1.5.0-leak.patch

@ -0,0 +1,73 @@
diff -up libgcrypt-1.5.0/cipher/elgamal.c.leak libgcrypt-1.5.0/cipher/elgamal.c
--- libgcrypt-1.5.0/cipher/elgamal.c.leak 2011-02-04 20:09:38.000000000 +0100
+++ libgcrypt-1.5.0/cipher/elgamal.c 2012-12-03 14:51:10.743067964 +0100
@@ -641,7 +641,10 @@ elg_generate_ext (int algo, unsigned int
}
if (xvalue)
- ec = generate_using_x (&sk, nbits, xvalue, retfactors);
+ {
+ ec = generate_using_x (&sk, nbits, xvalue, retfactors);
+ gcry_mpi_release(xvalue);
+ }
else
{
generate (&sk, nbits, retfactors);
diff -up libgcrypt-1.5.0/cipher/primegen.c.leak libgcrypt-1.5.0/cipher/primegen.c
--- libgcrypt-1.5.0/cipher/primegen.c.leak 2012-04-05 15:37:52.000000000 +0200
+++ libgcrypt-1.5.0/cipher/primegen.c 2012-12-03 14:44:14.610010867 +0100
@@ -1198,10 +1198,7 @@ gcry_prime_group_generator (gcry_mpi_t *
gcry_mpi_t prime, gcry_mpi_t *factors,
gcry_mpi_t start_g)
{
- gcry_mpi_t tmp = gcry_mpi_new (0);
- gcry_mpi_t b = gcry_mpi_new (0);
- gcry_mpi_t pmin1 = gcry_mpi_new (0);
- gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+ gcry_mpi_t tmp, b, pmin1, g;
int first = 1;
int i, n;
@@ -1214,6 +1211,11 @@ gcry_prime_group_generator (gcry_mpi_t *
if (n < 2)
return gpg_error (GPG_ERR_INV_ARG);
+ tmp = gcry_mpi_new (0);
+ b = gcry_mpi_new (0);
+ pmin1 = gcry_mpi_new (0);
+ g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+
/* Extra sanity check - usually disabled. */
/* mpi_set (tmp, factors[0]); */
/* for(i = 1; i < n; i++) */
diff -up libgcrypt-1.5.0/cipher/pubkey.c.leak libgcrypt-1.5.0/cipher/pubkey.c
--- libgcrypt-1.5.0/cipher/pubkey.c.leak 2011-06-13 12:23:50.000000000 +0200
+++ libgcrypt-1.5.0/cipher/pubkey.c 2012-12-03 15:23:42.377183489 +0100
@@ -2853,6 +2853,8 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc
REGISTER_DEFAULT_PUBKEYS;
+ init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, gcry_pk_get_nbits (s_pkey));
+
/* Get the key. */
rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module);
if (rc)
@@ -2873,7 +2875,6 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc
algo_elems = pubkey->elements_enc;
/* Get the stuff we want to encrypt. */
- init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, gcry_pk_get_nbits (s_pkey));
rc = sexp_data_to_mpi (s_data, &data, &ctx);
if (rc)
goto leave;
diff -up libgcrypt-1.5.0/src/hmac256.c.leak libgcrypt-1.5.0/src/hmac256.c
--- libgcrypt-1.5.0/src/hmac256.c.leak 2011-02-04 20:17:33.000000000 +0100
+++ libgcrypt-1.5.0/src/hmac256.c 2012-12-03 15:37:36.504955809 +0100
@@ -435,7 +435,6 @@ _gcry_hmac256_finalize (hmac256_context_
tmphd = _gcry_hmac256_new (NULL, 0);
if (!tmphd)
{
- free (hd);
return NULL;
}
_gcry_hmac256_update (tmphd, hd->opad, 64);

12
SOURCES/libgcrypt-1.5.0-noecc.patch

@ -0,0 +1,12 @@
diff -up libgcrypt-1.5.0/tests/Makefile.noecc libgcrypt-1.5.0/tests/Makefile
--- libgcrypt-1.5.0/tests/Makefile.in.noecc 2011-07-21 15:34:33.000000000 +0200
+++ libgcrypt-1.5.0/tests/Makefile.in 2011-07-21 15:39:35.000000000 +0200
@@ -57,7 +57,7 @@ TESTS = version$(EXEEXT) t-mpi-bit$(EXEE
ac-data$(EXEEXT) basic$(EXEEXT) mpitests$(EXEEXT) \
tsexp$(EXEEXT) keygen$(EXEEXT) pubkey$(EXEEXT) hmac$(EXEEXT) \
keygrip$(EXEEXT) fips186-dsa$(EXEEXT) aeswrap$(EXEEXT) \
- curves$(EXEEXT) t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
+ t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
$(am__EXEEXT_1) benchmark$(EXEEXT)
# random.c uses fork() thus a test for W32 does not make any sense.

214
SOURCES/libgcrypt-1.5.0-tests.patch

@ -0,0 +1,214 @@
diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
--- libgcrypt-1.5.0/cipher/dsa.c.tests 2011-06-13 12:24:46.000000000 +0200
+++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-20 16:44:51.000000000 +0200
@@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
&initial_seed.seedlen);
}
-
- /* Fixme: Enable 186-3 after it has been approved and after fixing
- the generation function. */
- /* if (use_fips186_2) */
- (void)use_fips186_2;
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
- initial_seed.seed,
+
+ if (use_fips186_2)
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- /* else */
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
- /* &prime_q, &prime_p, */
- /* r_counter, */
- /* r_seed, r_seedlen, NULL); */
+ else
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen, NULL);
gcry_sexp_release (initial_seed.sexp);
if (ec)
goto leave;
diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
--- libgcrypt-1.5.0/cipher/primegen.c.tests 2011-03-28 14:19:52.000000000 +0200
+++ libgcrypt-1.5.0/cipher/primegen.c 2011-07-21 14:36:03.000000000 +0200
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
gpg_err_code_t ec;
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
gcry_mpi_t tmpval = NULL; /* Helper variable. */
int hashalgo; /* The id of the Approved Hash Function. */
@@ -1737,7 +1737,7 @@ _gcry_generate_fips186_3_prime (unsigned
}
gcry_mpi_release (prime_q); prime_q = NULL;
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
- value_u, sizeof value_u, NULL));
+ value_u, qbits/8, NULL));
if (ec)
goto leave;
mpi_set_highbit (prime_q, qbits-1 );
@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned
if (seed_plus[i])
break;
}
- gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+ gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
gcry_mpi_release (tmpval); tmpval = NULL;
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
- digest, sizeof digest, NULL));
+ digest, qbits/8, NULL));
if (ec)
goto leave;
if (value_j == value_n)
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
}
/* Step 12: Save p, q, counter and seed. */
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
+/* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
log_printhex("fips186-3 seed:", seed, seedlen);
log_mpidump ("fips186-3 prime p", prime_p);
- log_mpidump ("fips186-3 prime q", prime_q);
+ log_mpidump ("fips186-3 prime q", prime_q); */
if (r_q)
{
*r_q = prime_q;
diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
--- libgcrypt-1.5.0/cipher/rsa.c.tests 2011-06-10 10:53:41.000000000 +0200
+++ libgcrypt-1.5.0/cipher/rsa.c 2011-07-21 14:36:59.000000000 +0200
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
--- libgcrypt-1.5.0/random/random-fips.c.tests 2011-07-20 16:40:59.000000000 +0200
+++ libgcrypt-1.5.0/random/random-fips.c 2011-07-20 16:40:59.000000000 +0200
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
check_guards (rng_ctx);
+ reinitialize:
/* Initialize the cipher handle and thus setup the key if needed. */
if (!rng_ctx->cipher_hd)
{
@@ -710,13 +711,11 @@ get_random (void *buffer, size_t length,
if (rng_ctx->key_init_pid != getpid ()
|| rng_ctx->seed_init_pid != getpid ())
{
- /* We are in a child of us. Because we have no way yet to do
- proper re-initialization (including self-checks etc), the
- only chance we have is to bail out. Obviusly a fork/exec
- won't harm because the exec overwrites the old image. */
- fips_signal_error ("fork without proper re-initialization "
- "detected in RNG");
- goto bailout;
+ /* Just reinitialize the key & seed. */
+ gcry_cipher_close(rng_ctx->cipher_hd);
+ rng_ctx->cipher_hd = NULL;
+ rng_ctx->is_seeded = 0;
+ goto reinitialize;
}
if (x931_aes_driver (buffer, length, rng_ctx))
diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
--- libgcrypt-1.5.0/tests/ac.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/ac.c 2011-07-20 16:40:59.000000000 +0200
@@ -150,6 +150,9 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (gcry_fips_mode_active())
+ /* ac not functional in the fips mode, skip it */
+ return 77;
if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
/* No valuable keys are create, so we can speed up our RNG. */
diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
--- libgcrypt-1.5.0/tests/ac-data.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/ac-data.c 2011-07-20 16:40:59.000000000 +0200
@@ -198,6 +198,9 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (gcry_fips_mode_active())
+ /* ac not functional in the fips mode, skip it */
+ return 77;
if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
--- libgcrypt-1.5.0/tests/ac-schemes.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/ac-schemes.c 2011-07-20 16:40:59.000000000 +0200
@@ -338,6 +338,9 @@ main (int argc, char **argv)
if (! gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (gcry_fips_mode_active())
+ /* ac not functional in the fips mode, skip it */
+ return 77;
if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
--- libgcrypt-1.5.0/tests/keygen.c.tests 2011-02-04 20:18:20.000000000 +0100
+++ libgcrypt-1.5.0/tests/keygen.c 2011-07-21 14:39:03.000000000 +0200
@@ -148,12 +148,12 @@ check_rsa_keys (void)
}
if (verbose)
- fprintf (stderr, "creating 1536 bit DSA key\n");
+ fprintf (stderr, "creating 2048 bit DSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
- " (nbits 4:1536)\n"
- " (qbits 3:224)\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -190,11 +190,11 @@ check_rsa_keys (void)
if (verbose)
- fprintf (stderr, "creating 512 bit RSA key with e=257\n");
+ fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 3:257)\n"
" ))", 0, 1);
if (rc)
@@ -208,11 +208,11 @@ check_rsa_keys (void)
gcry_sexp_release (key);
if (verbose)
- fprintf (stderr, "creating 512 bit RSA key with default e\n");
+ fprintf (stderr, "creating 1024 bit RSA key with default secure e\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 1:0)\n"
" ))", 0, 1);
if (rc)

87
SOURCES/libgcrypt-1.5.0-use-fipscheck.patch

@ -0,0 +1,87 @@
diff -up libgcrypt-1.5.0/src/fips.c.use-fipscheck libgcrypt-1.5.0/src/fips.c
--- libgcrypt-1.5.0/src/fips.c.use-fipscheck 2011-02-04 20:17:33.000000000 +0100
+++ libgcrypt-1.5.0/src/fips.c 2011-07-20 16:17:21.000000000 +0200
@@ -570,23 +570,48 @@ run_random_selftests (void)
return !!err;
}
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
-
- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -594,7 +619,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -603,7 +628,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;
diff -up libgcrypt-1.5.0/src/Makefile.in.use-fipscheck libgcrypt-1.5.0/src/Makefile.in
--- libgcrypt-1.5.0/src/Makefile.in.use-fipscheck 2011-06-29 10:58:01.000000000 +0200
+++ libgcrypt-1.5.0/src/Makefile.in 2011-07-20 16:19:33.000000000 +0200
@@ -375,7 +375,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
../cipher/libcipher.la \
../random/librandom.la \
../mpi/libmpi.la \
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
dumpsexp_SOURCES = dumpsexp.c
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)

82
SOURCES/libgcrypt-1.5.1-use-poll.patch

@ -0,0 +1,82 @@
diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndlinux.c
--- libgcrypt-1.5.1/random/rndlinux.c.use-poll 2013-03-20 15:33:26.504867356 +0100
+++ libgcrypt-1.5.1/random/rndlinux.c 2013-03-20 15:37:24.999944048 +0100
@@ -32,6 +32,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <poll.h>
#include "types.h"
#include "g10lib.h"
#include "rand-internal.h"
@@ -142,49 +143,37 @@ _gcry_rndlinux_gather_random (void (*add
}
/* Enter the read loop. */
- delay = 0; /* Start with 0 seconds so that we do no block on the
+ delay = 100; /* Start with 0 seconds so that we do no block on the
first iteration and in turn call the progress function
before blocking. To give the OS a better chance to
return with something we will actually use 100ms. */
while (length)
{
- fd_set rfds;
- struct timeval tv;
int rc;
+ struct pollfd pfd;
- /* If the system has no limit on the number of file descriptors
- and we encounter an fd which is larger than the fd_set size,
- we don't use the select at all. The select code is only used
- to emit progress messages. A better solution would be to
- fall back to poll() if available. */
-#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE)
-#endif
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+
+ if ( !(rc=poll(&pfd, 1, delay)) )
{
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = delay;
- tv.tv_usec = delay? 0 : 100000;
- if ( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
- {
- if (!any_need_entropy || last_so_far != (want - length) )
- {
- last_so_far = want - length;
- _gcry_random_progress ("need_entropy", 'X',
- (int)last_so_far, (int)want);
- any_need_entropy = 1;
- }
- delay = 3; /* Use 3 seconds henceforth. */
- continue;
- }
- else if( rc == -1 )
+ if (!any_need_entropy || last_so_far != (want - length) )
{
- log_error ("select() error: %s\n", strerror(errno));
- if (!delay)
- delay = 1; /* Use 1 second if we encounter an error before
+ last_so_far = want - length;
+ _gcry_random_progress ("need_entropy", 'X',
+ (int)last_so_far, (int)want);
+ any_need_entropy = 1;
+ }
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before
we have ever blocked. */
- continue;
- }
+ continue;
}
do

30
SOURCES/libgcrypt-1.5.2-aliasing.patch

@ -0,0 +1,30 @@
diff -up libgcrypt-1.5.2/cipher/Makefile.am.aliasing libgcrypt-1.5.2/cipher/Makefile.am
--- libgcrypt-1.5.2/cipher/Makefile.am.aliasing 2013-04-18 16:49:13.000000000 +0200
+++ libgcrypt-1.5.2/cipher/Makefile.am 2013-04-25 21:48:57.867465215 +0200
@@ -81,3 +81,9 @@ tiger.o: $(srcdir)/tiger.c
tiger.lo: $(srcdir)/tiger.c
`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
+
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
diff -up libgcrypt-1.5.2/cipher/Makefile.in.aliasing libgcrypt-1.5.2/cipher/Makefile.in
--- libgcrypt-1.5.2/cipher/Makefile.in.aliasing 2013-04-18 17:06:03.000000000 +0200
+++ libgcrypt-1.5.2/cipher/Makefile.in 2013-04-25 21:48:59.164493610 +0200
@@ -638,6 +638,12 @@ tiger.o: $(srcdir)/tiger.c
tiger.lo: $(srcdir)/tiger.c
`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c `
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff -up libgcrypt-1.5.2/cipher/rijndael.c.aliasing libgcrypt-1.5.2/cipher/rijndael.c

102
SOURCES/libgcrypt-1.5.2-mpicoder-gccopt.patch

@ -0,0 +1,102 @@
diff -up libgcrypt-1.5.2/mpi/mpicoder.c.gccopt libgcrypt-1.5.2/mpi/mpicoder.c
--- libgcrypt-1.5.2/mpi/mpicoder.c.gccopt 2013-04-18 16:48:42.000000000 +0200
+++ libgcrypt-1.5.2/mpi/mpicoder.c 2013-06-20 10:24:57.241510589 +0200
@@ -555,16 +555,16 @@ gcry_mpi_print (enum gcry_mpi_format for
extra=1;
}
- if (buffer && n > len)
- {
- /* The provided buffer is too short. */
- gcry_free (tmp);
- return gcry_error (GPG_ERR_TOO_SHORT);
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (n > len)
+ {
+ /* The provided buffer is too short. */
+ gcry_free (tmp);
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ }
if (extra)
*s++ = 0;
memcpy (s, tmp, n-extra);
@@ -580,12 +580,12 @@ gcry_mpi_print (enum gcry_mpi_format for
/* Note: We ignore the sign for this format. */
/* FIXME: for performance reasons we should put this into
mpi_aprint because we can then use the buffer directly. */
- if (buffer && n > len)
- return gcry_error (GPG_ERR_TOO_SHORT);
if (buffer)
{
unsigned char *tmp;
+ if (n > len)
+ return gcry_error (GPG_ERR_TOO_SHORT);
tmp = _gcry_mpi_get_buffer (a, &n, NULL);
if (!tmp)
return gpg_error_from_syserror ();
@@ -603,14 +603,13 @@ gcry_mpi_print (enum gcry_mpi_format for
if( a->sign )
return gcry_error (GPG_ERR_INV_ARG);
- if (buffer && n+2 > len)
- return gcry_error (GPG_ERR_TOO_SHORT);
-
if (buffer)
{
unsigned char *tmp;
unsigned char *s = buffer;
+ if (n+2 > len)
+ return gcry_error (GPG_ERR_TOO_SHORT);
s[0] = nbits >> 8;
s[1] = nbits;
@@ -641,16 +640,16 @@ gcry_mpi_print (enum gcry_mpi_format for
extra=1;
}
- if (buffer && n+4 > len)
- {
- gcry_free(tmp);
- return gcry_error (GPG_ERR_TOO_SHORT);
- }
-
if (buffer)
{
unsigned char *s = buffer;
+ if (n+4 > len)
+ {
+ gcry_free(tmp);
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ }
+
*s++ = n >> 24;
*s++ = n >> 16;
*s++ = n >> 8;
@@ -677,15 +676,15 @@ gcry_mpi_print (enum gcry_mpi_format for
if (!n || (*tmp & 0x80))
extra = 2;
- if (buffer && 2*n + extra + !!a->sign + 1 > len)
- {
- gcry_free(tmp);
- return gcry_error (GPG_ERR_TOO_SHORT);
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (2*n + extra + !!a->sign + 1 > len)
+ {
+ gcry_free(tmp);
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ }
if (a->sign)
*s++ = '-';
if (extra)

133
SOURCES/libgcrypt-1.5.3-ath-reinstall.patch

@ -0,0 +1,133 @@
diff -up libgcrypt-1.5.3/src/ath.c.ath-reinstall libgcrypt-1.5.3/src/ath.c
--- libgcrypt-1.5.3/src/ath.c.ath-reinstall 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/src/ath.c 2017-02-28 14:37:15.267668432 +0100
@@ -36,7 +36,7 @@
#include <errno.h>
#include "ath.h"
-
+#include "g10lib.h"
/* The interface table. */
@@ -45,6 +45,13 @@ static struct ath_ops ops;
/* True if we should use the external callbacks. */
static int ops_set;
+struct lock_list
+{
+ ath_mutex_t *lock;
+ struct lock_list *next;
+};
+
+static struct lock_list *reinstallable_locks;
/* For the dummy interface. */
#define MUTEX_UNLOCKED ((ath_mutex_t) 0)
@@ -62,6 +69,50 @@ static int ops_set;
/* The lock we take while checking for lazy lock initialization. */
static ath_mutex_t check_init_lock = ATH_MUTEX_INITIALIZER;
+static void
+add_reinstallable_lock(ath_mutex_t *lock)
+{
+ struct lock_list *ll, *new, **ptr;
+
+ new = gcry_calloc(1, sizeof(*new));
+ if (!new)
+ abort();
+
+ for (ll = reinstallable_locks, ptr = &reinstallable_locks; ll != NULL; ptr = &ll->next, ll = ll->next)
+ {
+ if (ll->lock == lock)
+ {
+ gcry_free(new);
+ return;
+ }
+ }
+
+ new->lock = lock;
+ *ptr = new;
+}
+
+static void
+remove_reinstallable_lock(ath_mutex_t *lock)
+{
+ struct lock_list *ll, **ptr;
+
+ for (ll = reinstallable_locks, ptr = &reinstallable_locks; ll != NULL; ptr = &ll->next, ll = ll->next)
+ {
+ if (ll->lock == lock)
+ {
+ *ptr = ll->next;
+ gcry_free(ll);
+ /* we do not store duplicates */
+ return;
+ }
+ }
+
+#ifndef NDEBUG
+ /* lock not found, should not happen */
+ abort();
+#endif
+}
+
int
ath_init (void)
{
@@ -85,7 +136,9 @@ ath_init (void)
gpg_err_code_t
ath_install (struct ath_ops *ath_ops, int check_only)
{
- if (check_only)
+ gpg_err_code_t err = 0;
+
+ if (check_only && ops_set)
{
unsigned int option = 0;
@@ -119,7 +172,25 @@ ath_install (struct ath_ops *ath_ops, in
else
ops_set = 0;
- return 0;
+ if (ops_set && reinstallable_locks)
+ {
+ struct lock_list *ll;
+
+ ath_init();
+ for (ll = reinstallable_locks; ll != NULL;)
+ {
+ struct lock_list *prev;
+
+ if (ath_mutex_init(ll->lock))
+ err = GPG_ERR_NOT_SUPPORTED;
+ prev = ll;
+ ll = ll->next;
+ gcry_free(prev);
+ }
+ reinstallable_locks = NULL;
+ }
+
+ return err;
}
@@ -143,6 +214,8 @@ ath_mutex_init (ath_mutex_t *lock)
{
if (ops_set)
return mutex_init (lock, 0);
+ else
+ add_reinstallable_lock(lock);
#ifndef NDEBUG
*lock = MUTEX_UNLOCKED;
@@ -168,6 +241,8 @@ ath_mutex_destroy (ath_mutex_t *lock)
(*ops.mutex_unlock) (&check_init_lock);
return (*ops.mutex_destroy) (lock);
}
+ else
+ remove_reinstallable_lock(lock);
#ifndef NDEBUG
assert (*lock == MUTEX_UNLOCKED);

972
SOURCES/libgcrypt-1.5.3-drbg-cavs.patch

@ -0,0 +1,972 @@
diff -up libgcrypt-1.5.3/random/drbg.c.drbg-cavs libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.drbg-cavs 2017-02-28 14:28:55.695906569 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2017-02-28 14:28:55.700906686 +0100
@@ -2130,6 +2130,16 @@ gcry_drbg_cavs_test (struct gcry_drbg_te
if (ret)
goto outbuf;
+ if (test->entropyrsd)
+ {
+ gcry_drbg_string_fill (&testentropy, test->entropyrsd,
+ test->entropyrsdlen);
+ gcry_drbg_string_fill (&addtl, test->addtlrsd,
+ test->addtlrsdlen);
+ if (gcry_drbg_reseed (drbg, &addtl))
+ goto outbuf;
+ }
+
gcry_drbg_string_fill (&addtl, test->addtla, test->addtllen);
if (test->entpra)
{
diff -up libgcrypt-1.5.3/random/random.h.drbg-cavs libgcrypt-1.5.3/random/random.h
--- libgcrypt-1.5.3/random/random.h.drbg-cavs 2017-02-28 14:28:55.686906357 +0100
+++ libgcrypt-1.5.3/random/random.h 2017-02-28 14:28:55.700906686 +0100
@@ -69,6 +69,10 @@ struct gcry_drbg_test_vector
size_t perslen;
unsigned char *expected;
size_t expectedlen;
+ unsigned char *entropyrsd;
+ size_t entropyrsdlen;
+ unsigned char *addtlrsd;
+ size_t addtlrsdlen;
};
gpg_err_code_t gcry_drbg_cavs_test (struct gcry_drbg_test_vector *test,
diff -up libgcrypt-1.5.3/tests/cavs_driver.pl.drbg-cavs libgcrypt-1.5.3/tests/cavs_driver.pl
--- libgcrypt-1.5.3/tests/cavs_driver.pl.drbg-cavs 2017-02-28 14:28:55.674906074 +0100
+++ libgcrypt-1.5.3/tests/cavs_driver.pl 2017-02-28 14:41:46.086048300 +0100
@@ -192,15 +192,17 @@ my $rsa_derive;
# Sign a message with RSA
# $1: data to be signed in hex form
# $2: Hash algo
-# $3: Key file in PEM format with the private key
+# $3: PSS flag
+# $4: Key file in PEM format with the private key
# return: digest in hex format
my $rsa_sign;
# Verify a message with RSA
# $1: data to be verified in hex form
# $2: hash algo
-# $3: file holding the public RSA key in PEM format
-# $4: file holding the signature in binary form
+# $3: PSS flag
+# $4: file holding the public RSA key in PEM format
+# $5: file holding the signature in binary form
# return: 1 == verified / 0 == not verified
my $rsa_verify;
@@ -329,6 +331,8 @@ my $rsa_keygen;
my $rsa_keygen_kat;
+my $drbg_kat;
+
################################################################
##### OpenSSL interface functions
################################################################
@@ -350,9 +354,10 @@ sub openssl_encdec($$$$$) {
return bin2hex($data);
}
-sub openssl_rsa_sign($$$) {
+sub openssl_rsa_sign($$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift; # unsupported
my $keyfile = shift;
$data=hex2bin($data);
@@ -365,6 +370,7 @@ sub openssl_rsa_sign($$$) {
sub openssl_rsa_verify($$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift; # unsupported
my $keyfile = shift;
my $sigfile = shift;
@@ -497,27 +503,38 @@ sub libgcrypt_rsa_keygen_kat($$$$) {
}
-sub libgcrypt_rsa_sign($$$) {
+sub libgcrypt_rsa_sign($$$$) {
my $data = shift;
my $hashalgo = shift;
+ my $pss = shift;
my $keyfile = shift;
die "ARCFOUR not available for RSA" if $opt{'R'};
+ if ($pss) {
+ return pipe_through_program($data,
+ "fipsdrv --pss --algo $hashalgo --key $keyfile rsa-sign");
+ }
return pipe_through_program($data,
"fipsdrv --pkcs1 --algo $hashalgo --key $keyfile rsa-sign");
}
-sub libgcrypt_rsa_verify($$$$) {
+sub libgcrypt_rsa_verify($$$$$) {
my $data = shift;
my $hashalgo = shift;
+ my $pss = shift;
my $keyfile = shift;
my $sigfile = shift;
die "ARCFOUR not available for RSA" if $opt{'R'};
+
+ if ($pss) {
+ $data = pipe_through_program($data,
+ "fipsdrv --pss --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify");
+ } else {
$data = pipe_through_program($data,
"fipsdrv --pkcs1 --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify");
-
+ }
# Parse through the output information
return ($data =~ /GOOD signature/);
}
@@ -543,6 +560,16 @@ sub libgcrypt_hash($$) {
return pipe_through_program($pt, $program);
}
+sub libgcrypt_hash_mct($$) {
+ my $pt = shift;
+ my $hashalgo = shift;
+
+ my $program = "fipsdrv --algo $hashalgo --loop digest";
+ die "ARCFOUR not available for hashes" if $opt{'R'};
+
+ return pipe_through_program($pt, $program);
+}
+
sub libgcrypt_state_cipher($$$$$) {
my $cipher = shift;
my $enc = (shift) ? "encrypt": "decrypt";
@@ -693,6 +720,35 @@ sub libgcrypt_dsa_verify($$$$) {
return ($ret =~ /GOOD signature/);
}
+sub libgcrypt_drbg_kat($$$$$$$$$$$$$$$$$) {
+ my $mode = shift;
+ my $cipher = shift;
+ my $pr = shift;
+ my $ent = shift;
+ my $entlen = shift;
+ my $nonce = shift;
+ my $noncelen = shift;
+ my $entrs = shift;
+ my $addtlrs = shift;
+ my $entpra = shift;
+ my $entprb = shift;
+ my $addtla = shift;
+ my $addtlb = shift;
+ my $addtllen = shift;
+ my $pers = shift;
+ my $perslen = shift;
+ my $expectedlen = shift;
+
+ my $entprlen = $entlen;
+
+ # concatenate entropy and nonce
+ $ent .= $nonce;
+ $entlen = $entlen + $noncelen;
+
+ return lc(pipe_through_program("$mode\n$pr\n$entlen\n$ent\n$perslen\n$pers\n$expectedlen\n$addtllen\n$entrs\n$addtlrs\n$addtla\n$addtlb\n$entprlen\n$entpra\n$entprb\n", "./fipsdrv --algo $cipher drbg"));
+}
+
+
######### End of libgcrypt implementation ################
################################################################
@@ -1468,13 +1524,17 @@ sub hash_mct($$) {
my $md0=$pt;
my $md1=$pt;
my $md2=$pt;
- for (my $i=0; $i<1000; ++$i) {
- #print STDERR "outer loop $j; inner loop $i\n";
- my $mi= $md0 . $md1 . $md2;
- $md0=$md1;
- $md1=$md2;
- $md2 = &$hash($mi, $cipher);
- $md2 =~ s/\n//;
+ if ($opt{'I'} && $opt{'I'} eq 'libgcrypt') {
+ $md2 = &libgcrypt_hash_mct($pt, $cipher);
+ } else {
+ for (my $i=0; $i<1000; ++$i) {
+ #print STDERR "outer loop $j; inner loop $i\n";
+ my $mi= $md0 . $md1 . $md2;
+ $md0=$md1;
+ $md1=$md2;
+ $md2 = &$hash($mi, $cipher);
+ $md2 =~ s/\n//;
+ }
}
$out .= "MD = $md2\n\n";
$pt=$md2;
@@ -1483,21 +1543,65 @@ sub hash_mct($$) {
return $out;
}
+sub drbg_kat_driver($$$$$$$$$$$$$$$$$) {
+ my $mode = shift;
+ my $cipher = shift;
+ my $pr = shift;
+ my $ent = shift;
+ my $entlen = shift;
+ my $nonce = shift;
+ my $noncelen = shift;
+ my $entrs = shift;
+ my $addtlrs = shift;
+ my $entpra = shift;
+ my $entprb = shift;
+ my $addtla = shift;
+ my $addtlb = shift;
+ my $addtllen = shift;
+ my $pers = shift;
+ my $perslen = shift;
+ my $expectedlen = shift;
+
+ my $out = "";
+
+ $out .= "ReturnedBits = " . &$drbg_kat($mode,
+ $cipher,
+ $pr,
+ $ent,
+ $entlen,
+ $nonce,
+ $noncelen,
+ $entrs,
+ $addtlrs,
+ $entpra,
+ $entprb,
+ $addtla,
+ $addtlb,
+ $addtllen,
+ $pers,
+ $perslen,
+ $expectedlen) . "\n";
+
+ return $out;
+}
+
# RSA SigGen test
# $1: Message to be signed in hex form
# $2: Hash algorithm
-# $3: file name with RSA key in PEM form
+# $3: Use PSS
+# $4: file name with RSA key in PEM form
# return: string formatted as expected by CAVS
-sub rsa_siggen($$$) {
+sub rsa_siggen($$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift;
my $keyfile = shift;
my $out = "";
$out .= "SHAAlg = $cipher\n";
$out .= "Msg = $data\n";
- $out .= "S = " . &$rsa_sign($data, lc($cipher), $keyfile) . "\n";
+ $out .= "S = " . &$rsa_sign($data, lc($cipher), $pss, $keyfile) . "\n";
return $out;
}
@@ -1505,13 +1609,15 @@ sub rsa_siggen($$$) {
# RSA SigVer test
# $1: Message to be verified in hex form
# $2: Hash algoritm
-# $3: Signature of message in hex form
-# $4: n of the RSA key in hex in hex form
-# $5: e of the RSA key in hex in hex form
+# $3: Use PSS
+# $4: Signature of message in hex form
+# $5: n of the RSA key in hex in hex form
+# $6: e of the RSA key in hex in hex form
# return: string formatted as expected by CAVS
-sub rsa_sigver($$$$$) {
+sub rsa_sigver($$$$$$) {
my $data = shift;
my $cipher = shift;
+ my $pss = shift;
my $signature = shift;
my $n = shift;
my $e = shift;
@@ -1534,7 +1640,7 @@ sub rsa_sigver($$$$$) {
print FH hex2bin($signature);
close FH;
- $out .= "Result = " . (&$rsa_verify($data, lc($cipher), $keyfile, $sigfile) ? "P\n" : "F\n");
+ $out .= "Result = " . (&$rsa_verify($data, lc($cipher), $pss, $keyfile, $sigfile) ? "P\n" : "F\n");
unlink($keyfile);
unlink($sigfile);
@@ -1905,13 +2011,14 @@ sub rsa_keygen_driver($$) {
# $2 p in hex form
# $3 q in hex form
# return: string formatted as expected by CAVS
-sub rsa_keygen_kat_driver($$$) {
+sub rsa_keygen_kat_driver($$$$) {
my $mod = shift;
+ my $e = shift;
my $p = shift;
my $q = shift;
my $out = "";
- my $ret = &$rsa_keygen_kat($mod, $p, $q);
+ my $ret = &$rsa_keygen_kat($mod, $e, $p, $q);
my ($Result) = split(/\n/, $ret);
die "Return value does not contain all expected values of Result for rsa_keygen_kat"
if (!defined($Result));
@@ -1999,8 +2106,24 @@ sub parse($$) {
my $xq1 = "";
my $xq2 = "";
my $Xq = "";
+ my $pr = 0;
+ my $ent = "";
+ my $entlen = 0;
+ my $nonce = "";
+ my $noncelen = 0;
+ my $entrs = "";
+ my $addtlrs = "";
+ my $entpra = "x";
+ my $entprb = "x";
+ my $addtla = "x";
+ my $addtlb = "x";
+ my $addtllen = 0;
+ my $pers = "";
+ my $perslen = 0;
+ my $expectedlen = 0;
my $mode = "";
+ my $pss = 0;
open(IN, "<$infile");
while(<IN>) {
@@ -2029,7 +2152,7 @@ sub parse($$) {
##### Extract cipher
# XXX there may be more - to be added
- if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA|KeyGen - Random Probably Prime|KeyPair|PQGVer)/) {
+ if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA|KeyGen - Random Probably Prime|KeyPair|PQGVer|DRBG800-90A)/) {
if ($tmpline =~ /CBC/) { $mode="cbc"; }
elsif ($tmpline =~ /ECB/) { $mode="ecb"; }
elsif ($tmpline =~ /OFB/) { $mode="ofb"; }
@@ -2078,7 +2201,11 @@ sub parse($$) {
if ($tt == 0) {
##### Identify the test type
- if ($tmpline =~ /KeyGen - Random Probably Prime Known Answer Test/) {
+ if ($tmpline =~ /DRBG800-90A/) {
+ $tt = 20;
+ die "Interface function drbg_kat for DRBG KAT not defined for tested library"
+ if (!defined($drbg_kat));
+ } elsif ($tmpline =~ /KeyGen - Random Probably Prime Known Answer Test/) {
$tt = 19;
die "Interface function rsa_keygen_kat for RSA key generation KAT not defined for tested library"
if (!defined($rsa_keygen_kat));
@@ -2123,10 +2250,16 @@ sub parse($$) {
die "Interface function state_rng for RNG KAT not defined for tested library"
if (!defined($state_rng));
} elsif ($tmpline =~ /SigVer/ ) {
+ if ($tmpline =~ /RSASSA-PSS/) {
+ $pss = 1;
+ }
$tt = 6;
die "Interface function rsa_verify or gen_rsakey for RSA verification not defined for tested library"
if (!defined($rsa_verify) || !defined($gen_rsakey));
} elsif ($tmpline =~ /SigGen/ ) {
+ if ($tmpline =~ /RSASSA-PSS/) {
+ $pss = 1;
+ }
$tt = 5;
die "Interface function rsa_sign or gen_rsakey for RSA sign not defined for tested library"
if (!defined($rsa_sign) || !defined($gen_rsakey));
@@ -2252,7 +2385,7 @@ sub parse($$) {
$out .= "G = " . $pqg{'G'} . "\n\n";
}
}
- elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests
+ elsif ($line =~ /^\[mod\s*=\s*(.*)\]/) { # found in RSA requests
$modulus = $1;
$out .= $line . "\n\n"; # print it
# generate the private key with given bit length now
@@ -2277,10 +2410,21 @@ sub parse($$) {
$n=$1;
}
elsif ($line =~ /^e\s*=\s*(.*)/) { # found in RSA requests
- $e=$1;
if ($tt == 19) {
+ if ($modulus ne "" &&
+ $e ne "" &&
+ $prandom ne "") {
+ $out .= rsa_keygen_kat_driver($modulus,
+ $e,
+ $prandom,
+ "00");
+ $prandom = "";
+ $qrandom = "";
+ $e = "";
+ }
$out .= $line . "\n"; # print it
}
+ $e=$1;
}
elsif ($line =~ /^S\s*=\s*(.*)/) { # found in RSA requests
die "S seen twice - input file crap" if ($signature ne "");
@@ -2306,6 +2450,89 @@ sub parse($$) {
if ($tlen ne "");
$tlen=$1;
}
+ elsif ($tt == 20) {
+ if ($line =~ /Hash_DRBG/) { # HASH DRBG request
+ $mode = "hash";
+ }
+ elsif ($line =~ /HMAC_DRBG/) { # HMAC DRBG request
+ $mode = "hmac";
+ }
+ elsif ($line =~ /CTR_DRBG/) { # CTR DRBG request
+ $mode = "ctr";
+ }
+ elsif ($line =~ /^\[SHA-1\]/) {
+ $cipher= "sha-1";
+ }
+ elsif ($line =~ /^\[SHA-256\]/) {
+ $cipher= "sha-256";
+ }
+ elsif ($line =~ /^\[SHA-384\]/) {
+ $cipher= "sha-384";
+ }
+ elsif ($line =~ /^\[SHA-512\]/) {
+ $cipher= "sha-512";
+ }
+ elsif ($line =~ /^\[AES-128 use df\]/) {
+ $cipher= "aes-128";
+ }
+ elsif ($line =~ /^\[AES-192 use df\]/) {
+ $cipher= "aes-192";
+ }
+ elsif ($line =~ /^\[AES-256 use df\]/) {
+ $cipher= "aes-256";
+ }
+ elsif ($line =~ /^\[PredictionResistance\s*=\s*True\]/) {
+ $pr = 1;
+ }
+ elsif ($line =~ /^\[PredictionResistance\s*=\s*False\]/) {
+ $pr = 0;
+ }
+ elsif ($line =~ /^\[EntropyInputLen\s*=\s*(.*)\]/) {
+ $entlen = $1;
+ }
+ elsif ($line =~ /^\[NonceLen\s*=\s*(.*)\]/) {
+ $noncelen = $1;
+ }
+ elsif ($line =~ /^\[PersonalizationStringLen\s*=\s*(.*)\]/) {
+ $perslen = $1;
+ }
+ elsif ($line =~ /^\[AdditionalInputLen\s*=\s*(.*)\]/) {
+ $addtllen = $1;
+ }
+ elsif ($line =~ /^\[ReturnedBitsLen\s*=\s*(.*)\]/) {
+ $expectedlen = $1;
+ }
+ elsif ($line =~ /^EntropyInput\s*=\s*(.*)/) {
+ $ent = $1;
+ }
+ elsif ($line =~ /^EntropyInputReseed\s*=\s*(.*)/) {
+ $entrs = $1;
+ }
+ elsif ($line =~ /^Nonce\s*=\s*(.*)/) {
+ $nonce = $1;
+ }
+ elsif ($line =~ /^PersonalizationString\s*=\s*(.*)/) {
+ $pers = $1;
+ }
+ elsif ($line =~ /^AdditionalInput\s*=\s*(.*)/) {
+ if ($addtla eq "x") {
+ $addtla = $1;
+ } else {
+ $addtlb = $1;
+ }
+ }
+ elsif ($line =~ /^EntropyInputPR\s*=\s*(.*)/) {
+ if ($entpra eq "x") {
+ $entpra = $1;
+ } else {
+ $entprb = $1;
+ }
+ }
+ elsif ($line =~ /^AdditionalInputReseed\s*=\s*(.*)/) {
+ $addtlrs = $1;
+ }
+ $out .= $line . "\n"; # print it
+ }
elsif ($line =~ /^N\s*=\s*(.*)/) { #DSA KeyPair
die "N seen twice - check input file"
if ($capital_n);
@@ -2396,10 +2623,6 @@ sub parse($$) {
$qrandom = $1;
$out .= $line . "\n"; # print it
}
- elsif ($tt == 19 && $line =~ /^ / && $qrandom eq "") { #RSA key gen KAT
- $qrandom = "00";
- $out .= $line . "\n"; # print it
- }
else {
$out .= $line . "\n";
}
@@ -2442,13 +2665,13 @@ sub parse($$) {
}
elsif ($tt == 5) {
if ($pt ne "" && $cipher ne "" && $rsa_keyfile ne "") {
- $out .= rsa_siggen($pt, $cipher, $rsa_keyfile);
+ $out .= rsa_siggen($pt, $cipher, $pss, $rsa_keyfile);
$pt = "";
}
}
elsif ($tt == 6) {
if ($pt ne "" && $cipher ne "" && $signature ne "" && $n ne "" && $e ne "") {
- $out .= rsa_sigver($pt, $cipher, $signature, $n, $e);
+ $out .= rsa_sigver($pt, $cipher, $pss, $signature, $n, $e);
$pt = "";
$signature = "";
}
@@ -2635,6 +2858,37 @@ sub parse($$) {
$e = "";
}
}
+ elsif ($tt == 20) {
+ if (($pr == 1 && $entpra ne "x" && $entprb ne "x") ||
+ ($pr == 0 && $addtla ne "x" && $addtlb ne "x")) {
+ $out .= drbg_kat_driver($mode,
+ $cipher,
+ $pr,
+ $ent,
+ $entlen,
+ $nonce,
+ $noncelen,
+ $entrs,
+ $addtlrs,
+ $entpra,
+ $entprb,
+ $addtla,
+ $addtlb,
+ $addtllen,
+ $pers,
+ $perslen,
+ $expectedlen);
+ $entpra = "x";
+ $entprb = "x";
+ $addtla = "x";
+ $addtlb = "x";
+ $ent = "";
+ $nonce = "";
+ $pers = "";
+ $entrs = "";
+ $addtlrs = "";
+ }
+ }
elsif ($tt > 0) {
die "Test case $tt not defined";
}
@@ -2701,6 +2955,7 @@ sub main() {
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
$rsa_keygen = \&libgcrypt_rsa_keygen;
$rsa_keygen_kat = \&libgcrypt_rsa_keygen_kat;
+ $drbg_kat = \&libgcrypt_drbg_kat;
} else {
die "Invalid interface option given";
}
diff -up libgcrypt-1.5.3/tests/fipsdrv.c.drbg-cavs libgcrypt-1.5.3/tests/fipsdrv.c
--- libgcrypt-1.5.3/tests/fipsdrv.c.drbg-cavs 2017-02-28 14:28:55.674906074 +0100
+++ libgcrypt-1.5.3/tests/fipsdrv.c 2017-02-28 14:43:28.320456712 +0100
@@ -22,6 +22,7 @@
#endif
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <string.h>
#include <stdarg.h>
#include <errno.h>
@@ -893,8 +894,10 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf;
- while (*p)
- *p++ = tolower(*p);
+ while (*p) {
+ *p = tolower(*p);
+ ++p;
+ }
p = buf;
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2;
@@ -1256,6 +1259,46 @@ run_digest (int digest_algo, const void
gcry_md_close (hd);
}
+/* Run inner loop of digest mct operation. */
+static void
+run_digest_mct_loop (int digest_algo, const void *data, size_t datalen, int iter)
+{
+ gpg_error_t err;
+ gcry_md_hd_t hd;
+ const unsigned char *digest;
+ unsigned int digestlen;
+ int i;
+ unsigned char *buf;
+
+ err = gcry_md_open (&hd, digest_algo, 0);
+ if (err)
+ die ("gcry_md_open failed for algo %d: %s\n",
+ digest_algo, gpg_strerror (err));
+
+ digestlen = gcry_md_get_algo_dlen (digest_algo);
+ if (digestlen != datalen)
+ die ("Unexpected seed size %u for Hash mct algo %d\n", datalen, digest_algo);
+
+ buf = malloc (3*datalen);
+ if (!buf)
+ die ("Buffer allocation failed\n");
+
+ memcpy (buf, data, datalen);
+ memcpy (buf + datalen, data, datalen);
+ memcpy (buf + 2*datalen, data, datalen);
+
+ for (i = 0; i < iter; ++i)
+ {
+ gcry_md_reset (hd);
+ gcry_md_write (hd, buf, 3*datalen);
+ digest = gcry_md_read (hd, digest_algo);
+ memmove (buf, buf + datalen, 2*datalen);
+ memcpy (buf + 2*datalen, digest, datalen);
+ }
+ print_buffer (digest, digestlen);
+ gcry_md_close (hd);
+}
+
/* Run a HMAC operation. */
static void
@@ -1403,7 +1446,7 @@ run_rsa_keygen (const void *data, size_t
gcry_sexp_release (l1);
if (!mpi)
die ("parameter %c missing in private-key\n", parmlist[idx]);
- print_mpi_line (mpi, 1);
+ print_mpi_line (mpi, parmlist[idx] != 'd');
gcry_mpi_release (mpi);
}
@@ -1592,7 +1635,7 @@ run_rsa_gen (int keysize, int pubexp)
encoded KEYFILE and the hash algorithm HASHALGO. */
static void
run_rsa_sign (const void *data, size_t datalen,
- int hashalgo, int pkcs1, const char *keyfile)
+ int hashalgo, int pkcs1, int pss, const char *keyfile)
{
gpg_error_t err;
@@ -1616,6 +1659,20 @@ run_rsa_sign (const void *data, size_t d
gcry_md_algo_name (hashalgo),
(int)hashsize, hash);
}
+ else if (pss)
+ {
+ unsigned char hash[64];
+ unsigned int hashsize;
+
+ hashsize = gcry_md_get_algo_dlen (hashalgo);
+ if (!hashsize || hashsize > sizeof hash)
+ die ("digest too long for buffer or unknown hash algorithm\n");
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pss)(hash %s %b))",
+ gcry_md_algo_name (hashalgo),
+ (int)hashsize, hash);
+ }
else
{
gcry_mpi_t tmp;
@@ -1683,7 +1740,7 @@ run_rsa_sign (const void *data, size_t d
binary signature in SIGFILE. */
static void
run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1,
- const char *keyfile, const char *sigfile)
+ int pss, const char *keyfile, const char *sigfile)
{
gpg_error_t err;
@@ -1703,6 +1760,20 @@ run_rsa_verify (const void *data, size_t
gcry_md_algo_name (hashalgo),
(int)hashsize, hash);
}
+ else if (pss)
+ {
+ unsigned char hash[64];
+ unsigned int hashsize;
+
+ hashsize = gcry_md_get_algo_dlen (hashalgo);
+ if (!hashsize || hashsize > sizeof hash)
+ die ("digest too long for buffer or unknown hash algorithm\n");
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pss)(hash %s %b))",
+ gcry_md_algo_name (hashalgo),
+ (int)hashsize, hash);
+ }
else
{
gcry_mpi_t tmp;
@@ -2220,7 +2291,150 @@ run_dsa_verify (const void *data, size_t
gcry_sexp_release (s_data);
}
+struct gcry_drbg_test_vector
+{
+ uint32_t flags;
+ unsigned char *entropy;
+ size_t entropylen;
+ unsigned char *entpra;
+ unsigned char *entprb;
+ size_t entprlen;
+ unsigned char *addtla;
+ unsigned char *addtlb;
+ size_t addtllen;
+ unsigned char *pers;
+ size_t perslen;
+ unsigned char *expected;
+ size_t expectedlen;
+ unsigned char *entropyrsd;
+ size_t entropyrsdlen;
+ unsigned char *addtlrsd;
+ size_t addtlrsdlen;
+ };
+
+static uint32_t
+decode_drbg_flags(const char *algo, const char *mode, const char *pr)
+{
+ uint32_t flags = 0;
+
+ if (*pr == '1')
+ flags = GCRY_DRBG_PREDICTION_RESIST;
+
+ if (!strcmp(algo, "sha-1"))
+ flags |= GCRY_DRBG_HASHSHA1;
+ else if (!strcmp(algo, "sha-256"))
+ flags |= GCRY_DRBG_HASHSHA256;
+ else if (!strcmp(algo, "sha-384"))
+ flags |= GCRY_DRBG_HASHSHA384;
+ else if (!strcmp(algo, "sha-512"))
+ flags |= GCRY_DRBG_HASHSHA512;
+ else if (!strcmp(algo, "aes-128"))
+ flags |= GCRY_DRBG_SYM128;
+ else if (!strcmp(algo, "aes-192"))
+ flags |= GCRY_DRBG_SYM192;
+ else if (!strcmp(algo, "aes-256"))
+ flags |= GCRY_DRBG_SYM256;
+
+ if (!strcmp(mode, "hmac"))
+ flags |= GCRY_DRBG_HMAC;
+ else if (!strcmp(mode, "ctr"))
+ flags |= GCRY_DRBG_CTRAES;
+
+ return flags;
+}
+
+static void
+run_drbg_test (const char *algo, void *data, size_t datalen)
+{
+ char *ptr = data;
+ char *mode;
+ char *pr;
+ char *entlen;
+ char *ent;
+ char *perslen;
+ char *pers;
+ char *expectedlen;
+ char *addtllen;
+ char *entrsd;
+ char *addtlrsd;
+ char *addtla;
+ char *addtlb;
+ char *entprlen;
+ char *entpra;
+ char *entprb;
+ unsigned char *buf;
+ size_t len;
+ struct gcry_drbg_test_vector vect;
+
+ mode = strsep(&ptr, "\n");
+ pr = strsep(&ptr, "\n");
+ entlen = strsep(&ptr, "\n");
+ ent = strsep(&ptr, "\n");
+ perslen = strsep(&ptr, "\n");
+ pers = strsep(&ptr, "\n");
+ expectedlen = strsep(&ptr, "\n");
+ addtllen = strsep(&ptr, "\n");
+ entrsd = strsep(&ptr, "\n");
+ addtlrsd = strsep(&ptr, "\n");
+ addtla = strsep(&ptr, "\n");
+ addtlb = strsep(&ptr, "\n");
+ entprlen = strsep(&ptr, "\n");
+ entpra = strsep(&ptr, "\n");
+ entprb = strsep(&ptr, "\n");
+
+ if (entprb == NULL) {
+ fprintf(stderr, "ERROR - Missing input data\n");
+ return;
+ }
+
+ vect.flags = decode_drbg_flags(algo, mode, pr);
+
+ vect.entropy = hex2buffer(ent, &len);
+ vect.entropylen = atoi(entlen) / 8;
+ if (len != vect.entropylen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ vect.pers = hex2buffer(pers, &len);
+ vect.perslen = atoi(perslen) / 8;
+ if (len != vect.perslen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ vect.expectedlen = atoi(expectedlen) / 8;
+ vect.expected = NULL;
+ vect.addtlrsdlen = vect.addtllen = atoi(addtllen) / 8;
+ vect.addtla = hex2buffer(addtla, &len);
+ vect.addtlb = hex2buffer(addtlb, &len);
+ vect.entropyrsdlen = vect.entprlen = atoi(entprlen) / 8;
+ vect.entpra = hex2buffer(entpra, &len);
+ vect.entprb = hex2buffer(entprb, &len);
+ if (*entrsd != '\0') {
+ vect.entropyrsd = hex2buffer(entrsd, &len);
+ if (len != vect.entropyrsdlen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ if (*addtlrsd != '\0') {
+ vect.addtlrsd = hex2buffer(addtlrsd, &len);
+ if (len != vect.addtlrsdlen) {
+ fprintf(stderr, "ERROR - inconsistent input data\n");
+ return;
+ }
+ } else {
+ vect.addtlrsd = NULL;
+ }
+ } else {
+ vect.entropyrsd = NULL;
+ vect.addtlrsd = NULL;
+ }
+
+ buf = gcry_xmalloc(vect.expectedlen);
+ gcry_control(75, &vect, buf);
+
+ print_data_line(buf, vect.expectedlen);
+}
static void
@@ -2251,6 +2465,7 @@ usage (int show_help)
" --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n"
+ " --pss Use PKCS#1 PSS encoding\n"
" --mct-server Run a monte carlo test server\n"
" --loop Enable random loop mode\n"
" --progress Print pogress indicators\n"
@@ -2268,6 +2483,7 @@ main (int argc, char **argv)
int no_fips = 0;
int progress = 0;
int use_pkcs1 = 0;
+ int use_pss = 0;
const char *mode_string;
const char *key_string = NULL;
const char *iv_string = NULL;
@@ -2398,6 +2614,11 @@ main (int argc, char **argv)
use_pkcs1 = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--pss"))
+ {
+ use_pss = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--mct-server"))
{
mct_server = 1;
@@ -2414,7 +2635,10 @@ main (int argc, char **argv)
usage (0);
mode_string = *argv;
- if (!strcmp (mode_string, "rsa-derive"))
+ if (!strcmp (mode_string, "rsa-derive") ||
+ !strcmp (mode_string, "rsa-keygen") ||
+ !strcmp (mode_string, "rsa-keygen-kat") ||
+ !strcmp(mode_string, "drbg"))
binary_input = 1;
if (argc == 2 && strcmp (argv[1], "-"))
@@ -2557,7 +2781,14 @@ main (int argc, char **argv)
if (!data)
die ("no data available (do not use --chunk)\n");
- run_digest (algo, data, datalen);
+ if (loop_mode)
+ {
+ run_digest_mct_loop (algo, data, datalen, 1000);
+ }
+ else
+ {
+ run_digest (algo, data, datalen);
+ }
}
else if (!strcmp (mode_string, "random"))
{
@@ -2602,6 +2833,12 @@ main (int argc, char **argv)
deinit_external_rng_test (context);
}
+ else if (!strcmp (mode_string, "drbg"))
+ {
+ if (!algo_string)
+ die ("--algo required in this mode\n");
+ run_drbg_test (algo_string, data, datalen);
+ }
else if (!strcmp (mode_string, "hmac-sha"))
{
int algo;
@@ -2679,7 +2916,7 @@ main (int argc, char **argv)
if (!data)
die ("no data available (do not use --chunk)\n");
- run_rsa_sign (data, datalen, algo, use_pkcs1, key_string);
+ run_rsa_sign (data, datalen, algo, use_pkcs1, use_pss, key_string);
}
else if (!strcmp (mode_string, "rsa-verify"))
@@ -2702,7 +2939,7 @@ main (int argc, char **argv)
if (access (signature_string, R_OK))
die ("option --signature needs to specify an existing file\n");
- run_rsa_verify (data, datalen, algo, use_pkcs1, key_string,
+ run_rsa_verify (data, datalen, algo, use_pkcs1, use_pss, key_string,
signature_string);
}
@@ -2783,12 +3020,6 @@ main (int argc, char **argv)
gcry_free (data);
- /* Because Libgcrypt does not enforce FIPS mode in all cases we let
- the process die if Libgcrypt is not anymore in FIPS mode after
- the actual operation. */
- if (!no_fips && !gcry_fips_mode_active ())
- die ("FIPS mode is not anymore active\n");
-
if (verbose)
fputs (PGM ": ready\n", stderr);

23
SOURCES/libgcrypt-1.5.3-drbg-init.patch

@ -0,0 +1,23 @@
diff -up libgcrypt-1.5.3/random/drbg.c.drbg-init libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.drbg-init 2017-02-28 14:28:55.000000000 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2017-02-28 15:15:54.401291408 +0100
@@ -1820,12 +1820,16 @@ _gcry_drbg_randomize (void *buffer, size
enum gcry_random_level level)
{
(void) level;
- gcry_drbg_lock ();
if (NULL == gcry_drbg)
{
- fips_signal_error ("DRBG is not initialized");
- goto bailout;
+ _gcry_drbg_init(1);
+ if (NULL == gcry_drbg)
+ {
+ log_fatal ("DRBG is not initialized\n");
+ goto bailout;
+ }
}
+ gcry_drbg_lock ();
/* As reseeding changes the entire state of the DRBG, including any
* key, either a re-init or a reseed is sufficient for a fork */

2699
SOURCES/libgcrypt-1.5.3-drbg.patch

File diff suppressed because it is too large Load Diff

1451
SOURCES/libgcrypt-1.5.3-fips-cavs.patch

File diff suppressed because it is too large Load Diff

142
SOURCES/libgcrypt-1.5.3-fips-cfgrandom.patch

@ -0,0 +1,142 @@
diff -up libgcrypt-1.5.3/random/drbg.c.cfgrandom libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.cfgrandom 2014-10-30 16:42:49.000000000 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2014-10-30 16:46:57.291800433 +0100
@@ -485,8 +485,11 @@ gcry_drbg_get_entropy (struct gcry_drbg_
read_cb_size = len;
read_cb_len = 0;
#if USE_RNDLINUX
+ _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,
+ -1);
+ read_cb_len = 0;
rc = _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDUNIX
rc = _gcry_rndunix_gather_random (read_cb, 0, length,
GCRY_VERY_STRONG_RANDOM);
diff -up libgcrypt-1.5.3/random/random-fips.c.cfgrandom libgcrypt-1.5.3/random/random-fips.c
--- libgcrypt-1.5.3/random/random-fips.c.cfgrandom 2014-10-30 16:42:49.942216405 +0100
+++ libgcrypt-1.5.3/random/random-fips.c 2014-10-30 16:42:49.970217037 +0100
@@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of
random quality:
- Generator Seed and Key Kernel entropy (init/reseed)
- ------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ Generator Seed and Key Kernel entropy (init/reseed)
+ ---------------------------------------------------------------------------------------
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the
@@ -40,8 +40,10 @@
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
- keyed and seeded from the /dev/random device. Thus these
- generators may block until the kernel has collected enough entropy.
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
+ if the device or symlink to device exists xored with the data
+ from the /dev/urandom device. This allows the system administrator
+ to always seed the RNGs from /dev/random if it is required.
The gcry_create_nonce generator is keyed and seeded from the
GCRY_STRONG_RANDOM generator. It may also block if the
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
entropy_collect_buffer_len = 0;
#if USE_RNDLINUX
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
+ X931_AES_KEYLEN,
+ -1);
+ entropy_collect_buffer_len = 0;
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN,
- GCRY_VERY_STRONG_RANDOM);
+ GCRY_STRONG_RANDOM);
#elif USE_RNDW32
do
{
diff -up libgcrypt-1.5.3/random/rndlinux.c.cfgrandom libgcrypt-1.5.3/random/rndlinux.c
--- libgcrypt-1.5.3/random/rndlinux.c.cfgrandom 2014-10-30 16:42:49.949216563 +0100
+++ libgcrypt-1.5.3/random/rndlinux.c 2014-10-30 16:42:49.971217059 +0100
@@ -37,7 +37,9 @@
#include "g10lib.h"
#include "rand-internal.h"
-static int open_device ( const char *name );
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
+
+static int open_device ( const char *name, int fatal );
static int
@@ -58,13 +60,17 @@ set_cloexec_flag (int fd)
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
*/
static int
-open_device ( const char *name )
+open_device ( const char *name, int fatal )
{
int fd;
fd = open ( name, O_RDONLY );
if ( fd == -1 )
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ {
+ if (! fatal)
+ return fd;
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ }
if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
@@ -93,6 +99,7 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int fd_configured = -1;
int fd;
int n;
byte buffer[768];
@@ -101,6 +108,7 @@ _gcry_rndlinux_gather_random (void (*add
size_t last_so_far = 0;
int any_need_entropy = 0;
int delay;
+ size_t orig_length = length;
/* First read from a hardware source. However let it account only
for up to 50% of the requested bytes. */
@@ -111,16 +119,26 @@ _gcry_rndlinux_gather_random (void (*add
length -= n_hw;
/* Open the requested device. */
+
+ if (level == -1)
+ {
+ if (fd_configured == -1)
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
+ fd = fd_configured;
+ if (fd == -1)
+ return -1;
+ }
+
if (level >= 2)
{
if( fd_random == -1 )
- fd_random = open_device ( NAME_OF_DEV_RANDOM );
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
fd = fd_random;
}
- else
+ else if (level != -1)
{
if( fd_urandom == -1 )
- fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
fd = fd_urandom;
}

72
SOURCES/libgcrypt-1.5.3-fips-ctor.patch

@ -0,0 +1,72 @@
diff -up libgcrypt-1.5.3/cipher/md.c.fips-ctor libgcrypt-1.5.3/cipher/md.c
--- libgcrypt-1.5.3/cipher/md.c.fips-ctor 2013-07-25 11:10:03.000000000 +0200
+++ libgcrypt-1.5.3/cipher/md.c 2014-12-12 15:32:35.464515238 +0100
@@ -570,11 +570,8 @@ md_enable (gcry_md_hd_t hd, int algorith
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}
diff -up libgcrypt-1.5.3/src/global.c.fips-ctor libgcrypt-1.5.3/src/global.c
--- libgcrypt-1.5.3/src/global.c.fips-ctor 2014-12-12 15:32:35.463515215 +0100
+++ libgcrypt-1.5.3/src/global.c 2014-12-12 16:46:33.424883301 +0100
@@ -140,6 +140,34 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ int no_secmem_save;
+
+ /* it should be always 0 at this point but let's keep on the safe side */
+ no_secmem_save = no_secure_memory;
+ no_secure_memory = 1;
+ /* force selftests */
+ global_init ();
+ if (fips_mode ())
+ _gcry_random_initialize (1);
+ _gcry_fips_run_selftests (0);
+ no_secure_memory = no_secmem_save;
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -500,8 +528,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+ && !_gcry_is_fips_mode_inactive ())
err = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -600,7 +627,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!any_init_done)
+ if (fips_mode ())
{
/* Not yet intialized at all. Set the enforced fips mode flag */
_gcry_set_enforced_fips_mode ();

359
SOURCES/libgcrypt-1.5.3-fips-reqs.patch

@ -0,0 +1,359 @@
diff -up libgcrypt-1.5.3/cipher/dsa.c.fips-reqs libgcrypt-1.5.3/cipher/dsa.c
--- libgcrypt-1.5.3/cipher/dsa.c.fips-reqs 2014-11-12 17:05:01.000000000 +0100
+++ libgcrypt-1.5.3/cipher/dsa.c 2014-11-14 14:32:23.751354070 +0100
@@ -55,42 +55,86 @@ typedef struct
} dsa_domain_t;
-/* A sample 1024 bit DSA key used for the selftests. */
+/* A sample 2048 bit DSA key used for the selftests. */
static const char sample_secret_key[] =
"(private-key"
" (dsa"
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
-" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
-/* A sample 1024 bit DSA key used for the selftests (public only). */
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+" 2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+" 7441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
+" 0acb673717a0d2fb3b50c893f7dab14f#)"
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800"
+" ec55f6cc#)))";
+/* A sample 2048 bit DSA key used for the selftests (public only). */
static const char sample_public_key[] =
"(public-key"
" (dsa"
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
-
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+" 2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+" 7441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
+" 0acb673717a0d2fb3b50c893f7dab14f#)))";
@@ -1046,14 +1090,14 @@ dsa_get_nbits (int algo, gcry_mpi_t *pke
*/
static const char *
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags raw)"
- " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4f1e2d3c4b5a6978879605142#))";
static const char sample_data_bad[] =
"(data (flags raw)"
- " (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d401e2d3c4b5a6978879605142#))";
const char *errtxt = NULL;
gcry_error_t err;
@@ -1131,7 +1175,7 @@ selftests_dsa (selftest_report_func_t re
}
what = "sign";
- errtxt = selftest_sign_1024 (pkey, skey);
+ errtxt = selftest_sign (pkey, skey);
if (errtxt)
goto failed;
diff -up libgcrypt-1.5.3/cipher/rsa.c.fips-reqs libgcrypt-1.5.3/cipher/rsa.c
--- libgcrypt-1.5.3/cipher/rsa.c.fips-reqs 2014-11-12 17:05:01.299387339 +0100
+++ libgcrypt-1.5.3/cipher/rsa.c 2014-11-14 14:06:00.099602441 +0100
@@ -52,33 +52,57 @@ typedef struct
} RSA_secret_key;
-/* A sample 1024 bit RSA key used for the selftests. */
+/* A sample 2048 bit RSA key used for the selftests. */
static const char sample_secret_key[] =
"(private-key"
" (rsa"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
" (e #010001#)"
-" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11"
-" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd"
-" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21"
-" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)"
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
-" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)"
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
-" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)"
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
-" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
-/* A sample 1024 bit RSA key used for the selftests (public only). */
+" (d #03b1e24a94e50ab21f8619701ec97679be2cf8f733c9331d9e2974dba721"
+" 27e5def480290e78a769f96b19d28397a284868fb614ca9b1fb3a0d7efed"
+" df41451204ce71aceba659f6ed15964ebb317712364e1cfaf2fded77d658"
+" 8561acc49c97c2d7efe75f1534b35bd4f6561e1f468b45590db34553d4d0"
+" c2cb4d806b74e1b2c52740462538865d9792b0aefbbf7b9827f4b3badcb3"
+" 5adab638266a2d2fb8422a7a19142e08848e56af77a66c39b2afafa2e15b"
+" 1a7e4ed1f2c7ed350678c0465d86472af97371b13ef5058662f835ef9087"
+" f6cca8281bbf1b6b155c737b33d9e443350df85e7cc3b507231fb839f41f"
+" 02c654b29017f35d69007c70e13ba0e5#)"
+" (p #00ccbe7b096906ee45bf884738a8f817e5b6ba6755e3e8058bb8e253d68e"
+" ef2ce74f4af74e268d850b3fecc31cd4ebec6ac8722a257dfda67796f01e"
+" cd2857f83730756bbdd47b0c87c56c8740a5bb272c78c9745a545b0b306f"
+" 444afa71e4216166f9ee65de7c04d7fda9155b7fe27aba698672a6068d9b"
+" 9055609e4c5da9b655#)"
+" (q #00fc5c6e16ce1f037bcdf7b372b28f1672b856aef7cd67d84e7d07afd543"
+" 26c335be438f4e2f1c434e6bd2b2ec526d97522bcc5c3a6bf414c674da66"
+" 381c7a3f842fe3f95ab865694606a33779b2a15b58ed5ea75f8c6566bbd1"
+" 2436e637a73d49778a8c34d86929f34d5822b05124b640a886590ab7ba5c"
+" 97da57e836da7a9cad#)"
+" (u #2396c191175e0a83d2dc7b69b2591d3358523f18c709501cb9a1bb4ca238"
+" 404c9a8efe9c9092d0719f899950911f348b745311114a70e2f730d88c80"
+" e1cc9ff163171a7d67294ccb4e747be03e9e2ff4678fecb95c001e7ea27b"
+" 92c96f4ce40ef94863cd50225dbfb69d01336af450be86984fca3f3afacf"
+" 0740c4aaadaebebf#)))";
+/* A sample 2048 bit RSA key used for the selftests (public only). */
static const char sample_public_key[] =
"(public-key"
" (rsa"
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
" (e #010001#)))";
@@ -1379,20 +1403,35 @@ compute_keygrip (gcry_md_hd_t md, gcry_s
*/
static const char *
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
{
static const char sample_data[] =
"(data (flags pkcs1)"
- " (hash sha1 #11223344556677889900aabbccddeeff10203040#))";
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708090a1b1c1#))";
static const char sample_data_bad[] =
"(data (flags pkcs1)"
- " (hash sha1 #11223344556677889900aabbccddeeff80203040#))";
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708091a1b1c1#))";
+ static const char signature_ka[] =
+ "(sig-val \n"
+ " (rsa \n"
+ " (s #0B12D55738B099D401C81BEEDA54E045B4B7D9CDA5A8769E9C484F696A58912A"
+ "1E5DE7E5A2D181DA15A5C254D802AB75F1056E27406850AC7BE310BC32D2CED8"
+ "6697FE84508F7EFFF4D147C52E955A0873EF2F52ED71F2FC9C3C12D4045CB643"
+ "70158378E1494D8FBAD2248B9B64233D2CC2C1932B0531E539DEB07434B76D3B"
+ "6959E8A37E33B234C0C8C2C8FB1D00939239C9C491B2EBEED77BF952B597E11B"
+ "D4ED0C103D2B88BC78B4E505CF9D8D08B585CE3688D4FBE83ED58D1E1341AC4D"
+ "7C5EFF3CBC565CC7AE61C2F568426763A5239D31C1FFFD366984901679A343C4"
+ "01BB778BBA5E533B7875BA658A19AA9E56170F4A28E4322BF1621175FB06463E#)\n"
+ " )\n"
+ " )\n";
const char *errtxt = NULL;
gcry_error_t err;
gcry_sexp_t data = NULL;
gcry_sexp_t data_bad = NULL;
gcry_sexp_t sig = NULL;
+ char buf[1024];
+ size_t len;
err = gcry_sexp_sscan (&data, NULL,
sample_data, strlen (sample_data));
@@ -1411,6 +1450,12 @@ selftest_sign_1024 (gcry_sexp_t pkey, gc
errtxt = "signing failed";
goto leave;
}
+ len = gcry_sexp_sprint (sig, GCRYSEXP_FMT_ADVANCED, buf, sizeof(buf));
+ if (len != sizeof (signature_ka) - 1 || memcmp (buf, signature_ka, len) != 0)
+ {
+ errtxt = "signature KAT failed";
+ goto leave;
+ }
err = gcry_pk_verify (sig, data, pkey);
if (err)
{
@@ -1467,11 +1512,11 @@ extract_a_from_sexp (gcry_sexp_t encr_da
static const char *
-selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+selftest_encr (gcry_sexp_t pkey, gcry_sexp_t skey)
{
const char *errtxt = NULL;
gcry_error_t err;
- const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */
+ const unsigned int nbits = 2000; /* Encrypt 2000 random bits. */
gcry_mpi_t plaintext = NULL;
gcry_sexp_t plain = NULL;
gcry_sexp_t encr = NULL;
@@ -1594,12 +1639,12 @@ selftests_rsa (selftest_report_func_t re
}
what = "sign";
- errtxt = selftest_sign_1024 (pkey, skey);
+ errtxt = selftest_sign (pkey, skey);
if (errtxt)
goto failed;
what = "encrypt";
- errtxt = selftest_encr_1024 (pkey, skey);
+ errtxt = selftest_encr (pkey, skey);
if (errtxt)
goto failed;
diff -up libgcrypt-1.5.3/random/drbg.c.fips-reqs libgcrypt-1.5.3/random/drbg.c
--- libgcrypt-1.5.3/random/drbg.c.fips-reqs 2014-11-12 17:05:01.000000000 +0100
+++ libgcrypt-1.5.3/random/drbg.c 2014-11-14 14:45:33.820190218 +0100
@@ -390,6 +390,9 @@ gcry_drbg_fips_continuous_test (struct g
ret = memcmp (drbg->prev, buf, gcry_drbg_blocklen (drbg));
memcpy (drbg->prev, buf, gcry_drbg_blocklen (drbg));
/* the test shall pass when the two compared values are not equal */
+ if (ret == 0)
+ fips_signal_error ("duplicate block returned by DRBG");
+
return ret != 0;
}
diff -up libgcrypt-1.5.3/src/visibility.c.fips-reqs libgcrypt-1.5.3/src/visibility.c
--- libgcrypt-1.5.3/src/visibility.c.fips-reqs 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/src/visibility.c 2014-11-12 17:05:27.251973230 +0100
@@ -1217,6 +1217,9 @@ gcry_kdf_derive (const void *passphrase,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
return _gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations, keysize, keybuffer);
}
@@ -1271,6 +1274,13 @@ void
gcry_mpi_randomize (gcry_mpi_t w,
unsigned int nbits, enum gcry_random_level level)
{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
_gcry_mpi_randomize (w, nbits, level);
}
@@ -1296,6 +1306,9 @@ gcry_prime_generate (gcry_mpi_t *prime,
gcry_random_level_t random_level,
unsigned int flags)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
return _gcry_prime_generate (prime, prime_bits, factor_bits, factors,
cb_func, cb_arg, random_level, flags);
}

18
SOURCES/libgcrypt-1.5.3-fips-test.patch

@ -0,0 +1,18 @@
diff -up libgcrypt-1.5.3/tests/basic.c.fips-test libgcrypt-1.5.3/tests/basic.c
--- libgcrypt-1.5.3/tests/basic.c.fips-test 2014-09-26 17:36:41.620556071 +0200
+++ libgcrypt-1.5.3/tests/basic.c 2014-09-26 17:36:43.317594382 +0200
@@ -563,6 +563,14 @@ check_ctr_cipher (void)
if (!tv[i].algo)
continue;
+ if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode)
+ {
+ if (verbose)
+ fprintf (stderr, " algorithm %d not available in fips mode\n",
+ tv[i].algo);
+ continue;
+ }
+
err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
if (!err)
err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);

32
SOURCES/libgcrypt-1.5.3-pbkdf-speedup.patch

@ -0,0 +1,32 @@
diff -up libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup libgcrypt-1.5.3/cipher/kdf.c
--- libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup 2014-01-21 15:49:22.676638703 +0100
+++ libgcrypt-1.5.3/cipher/kdf.c 2014-01-21 15:52:40.115047218 +0100
@@ -172,19 +172,21 @@ pkdf2 (const void *passphrase, size_t pa
return ec;
}
+ ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
+ if (ec)
+ {
+ gcry_md_close (md);
+ gcry_free (sbuf);
+ return ec;
+ }
+
/* Step 3 and 4. */
memcpy (sbuf, salt, saltlen);
for (lidx = 1; lidx <= l; lidx++)
{
for (iter = 0; iter < iterations; iter++)
{
- ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
- if (ec)
- {
- gcry_md_close (md);
- gcry_free (sbuf);
- return ec;
- }
+ gcry_md_reset (md);
if (!iter) /* Compute U_1: */
{
sbuf[saltlen] = (lidx >> 24);

141
SOURCES/libgcrypt-1.5.3-rng-predictable.patch

@ -0,0 +1,141 @@
diff -up libgcrypt-1.5.3/random/random-csprng.c.rng-predictable libgcrypt-1.5.3/random/random-csprng.c
--- libgcrypt-1.5.3/random/random-csprng.c.rng-predictable 2015-08-11 14:31:35.904275580 +0200
+++ libgcrypt-1.5.3/random/random-csprng.c 2016-08-17 23:35:15.691980751 +0200
@@ -561,41 +561,46 @@ _gcry_rngcsprng_randomize (void *buffer,
/*
- Mix the pool:
-
- |........blocks*20byte........|20byte|..44byte..|
- <..44byte..> <20byte>
- | |
- | +------+
- +---------------------------|----------+
- v v
- |........blocks*20byte........|20byte|..44byte..|
- <.....64bytes.....>
- |
- +----------------------------------+
- Hash
- v
- |.............................|20byte|..44byte..|
- <20byte><20byte><..44byte..>
- | |
- | +---------------------+
- +-----------------------------+ |
- v v
- |.............................|20byte|..44byte..|
- <.....64byte......>
- |
- +-------------------------+
- Hash
- v
- |.............................|20byte|..44byte..|
- <20byte><20byte><..44byte..>
-
- and so on until we did this for all blocks.
-
- To better protect against implementation errors in this code, we
- xor a digest of the entire pool into the pool before mixing.
-
- Note: this function must only be called with a locked pool.
+ * Mix the 600 byte pool. Note that the 64 byte scratch area directly
+ * follows the pool. The numbers in the diagram give the number of
+ * bytes.
+ * <................600...............> <.64.>
+ * pool |------------------------------------| |------|
+ * <20><.24.> <20>
+ * | | +-----+
+ * +-----|-------------------------------|-+
+ * +-------------------------------|-|-+
+ * v v v
+ * |------|
+ * <hash>
+ * +---------------------------------------+
+ * v
+ * <20>
+ * pool' |------------------------------------|
+ * <20><20><.24.>
+ * +---|-----|---------------------------+
+ * +-----|---------------------------|-+
+ * +---------------------------|-|-+
+ * v v v
+ * |------|
+ * <hash>
+ * |
+ * +-----------------------------------+
+ * v
+ * <20>
+ * pool'' |------------------------------------|
+ * <20><20><20><.24.>
+ * +---|-----|-----------------------+
+ * +-----|-----------------------|-+
+ * +-----------------------|-|-+
+ * v v v
+ *
+ * and so on until we did this for all 30 blocks.
+ *
+ * To better protect against implementation errors in this code, we
+ * xor a digest of the entire pool into the pool before mixing.
+ *
+ * Note: this function must only be called with a locked pool.
*/
static void
mix_pool(unsigned char *pool)
@@ -615,32 +620,30 @@ mix_pool(unsigned char *pool)
gcry_assert (pool_is_locked);
_gcry_rmd160_init( &md );
- /* Loop over the pool. */
+ /* pool_0 -> pool'. */
pend = pool + POOLSIZE;
- memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
- memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
- _gcry_rmd160_mixblock( &md, hashbuf);
- memcpy(pool, hashbuf, 20 );
+ memcpy (hashbuf, pend - DIGESTLEN, DIGESTLEN);
+ memcpy (hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
+ _gcry_rmd160_mixblock (&md, hashbuf);
+ memcpy (pool, hashbuf, DIGESTLEN);
if (failsafe_digest_valid && pool == rndpool)
{
- for (i=0; i < 20; i++)
+ for (i=0; i < DIGESTLEN; i++)
pool[i] ^= failsafe_digest[i];
}
+ /* Loop for the remaining iterations. */
p = pool;
for (n=1; n < POOLBLOCKS; n++)
{
- memcpy (hashbuf, p, DIGESTLEN);
-
- p += DIGESTLEN;
- if (p+DIGESTLEN+BLOCKLEN < pend)
- memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
+ if (p + BLOCKLEN < pend)
+ memcpy (hashbuf, p, BLOCKLEN);
else
{
- unsigned char *pp = p + DIGESTLEN;
+ unsigned char *pp = p;
- for (i=DIGESTLEN; i < BLOCKLEN; i++ )
+ for (i=0; i < BLOCKLEN; i++ )
{
if ( pp >= pend )
pp = pool;
@@ -648,8 +651,9 @@ mix_pool(unsigned char *pool)
}
}
- _gcry_rmd160_mixblock ( &md, hashbuf);
- memcpy(p, hashbuf, 20 );
+ _gcry_rmd160_mixblock (&md, hashbuf);
+ p += DIGESTLEN;
+ memcpy (p, hashbuf, DIGESTLEN);
}
/* Our hash implementation does only leave small parts (64 bytes)

374
SOURCES/libgcrypt-1.5.3-rsa-fips-keygen.patch

@ -0,0 +1,374 @@
diff -up libgcrypt-1.5.3/cipher/primegen.c.fips-keygen libgcrypt-1.5.3/cipher/primegen.c
--- libgcrypt-1.5.3/cipher/primegen.c.fips-keygen 2014-10-21 15:05:59.434189992 +0200
+++ libgcrypt-1.5.3/cipher/primegen.c 2014-10-21 15:05:59.458190534 +0200
@@ -1189,6 +1189,22 @@ gcry_prime_check (gcry_mpi_t x, unsigned
return gcry_error (err);
}
+/* Check whether the number X is prime according to FIPS 186-4 table C.2. */
+gpg_err_code_t
+_gcry_fips186_4_prime_check (gcry_mpi_t x, unsigned int bits)
+{
+ gpg_err_code_t ec = GPG_ERR_NO_ERROR;
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
+
+ /* We use 5 or 4 rounds as specified in table C.2 */
+ if (! check_prime (x, val_2, bits > 1024 ? 4 : 5, NULL, NULL))
+ ec = GPG_ERR_NO_PRIME;
+
+ mpi_free (val_2);
+
+ return ec;
+}
+
/* Find a generator for PRIME where the factorization of (prime-1) is
in the NULL terminated array FACTORS. Return the generator as a
newly allocated MPI in R_G. If START_G is not NULL, use this as s
diff -up libgcrypt-1.5.3/cipher/rsa.c.fips-keygen libgcrypt-1.5.3/cipher/rsa.c
--- libgcrypt-1.5.3/cipher/rsa.c.fips-keygen 2014-10-21 15:05:59.423189744 +0200
+++ libgcrypt-1.5.3/cipher/rsa.c 2014-10-21 15:12:45.200350340 +0200
@@ -328,6 +328,279 @@ generate_std (RSA_secret_key *sk, unsign
}
+/****************
+ * Generate a key pair with a key of size NBITS.
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
+ * = 1 request the use of a "secure" exponent; this is required by some
+ * specification to be 65537.
+ * > 2 Use this public exponent. If the given exponent
+ * is not odd one is internally added to it.
+ * TESTPARMS: If set, do not generate but test whether the p,q is probably prime
+ * Returns key with zeroes to not break code calling this function.
+ * TRANSIENT_KEY: If true, generate the primes using the standard RNG.
+ * Returns: 2 structures filled with all needed values
+ */
+static gpg_err_code_t
+generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ gcry_sexp_t testparms, int transient_key)
+{
+ gcry_mpi_t p, q; /* the two primes */
+ gcry_mpi_t d; /* the private key */
+ gcry_mpi_t u;
+ gcry_mpi_t p1, q1;
+ gcry_mpi_t n; /* the public key */
+ gcry_mpi_t e; /* the exponent */
+ gcry_mpi_t g;
+ gcry_mpi_t minp;
+ gcry_mpi_t diff, mindiff;
+ gcry_random_level_t random_level;
+ unsigned int pbits = nbits/2;
+ unsigned int i;
+ int pqswitch;
+ gpg_err_code_t ec = GPG_ERR_NO_PRIME;
+
+ if (nbits < 1024 || (nbits & 0x1FF))
+ return GPG_ERR_INV_VALUE;
+ if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ return GPG_ERR_INV_VALUE;
+
+ /* The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+
+ if (testparms)
+ {
+ /* Parameters to derive the key are given. */
+ /* Note that we explicitly need to setup the values of tbl
+ because some compilers (e.g. OpenWatcom, IRIX) don't allow
+ to initialize a structure with automatic variables. */
+ struct { const char *name; gcry_mpi_t *value; } tbl[] = {
+ { "e" },
+ { "p" },
+ { "q" },
+ { NULL }
+ };
+ int idx;
+ gcry_sexp_t oneparm;
+
+ tbl[0].value = &e;
+ tbl[1].value = &p;
+ tbl[2].value = &q;
+
+ for (idx=0; tbl[idx].name; idx++)
+ {
+ oneparm = gcry_sexp_find_token (testparms, tbl[idx].name, 0);
+ if (oneparm)
+ {
+ *tbl[idx].value = gcry_sexp_nth_mpi (oneparm, 1,
+ GCRYMPI_FMT_USG);
+ gcry_sexp_release (oneparm);
+ }
+ }
+ for (idx=0; tbl[idx].name; idx++)
+ if (!*tbl[idx].value)
+ break;
+ if (tbl[idx].name)
+ {
+ /* At least one parameter is missing. */
+ for (idx=0; tbl[idx].name; idx++)
+ gcry_mpi_release (*tbl[idx].value);
+ return GPG_ERR_MISSING_VALUE;
+ }
+ }
+ else
+ {
+ if (use_e < 65537)
+ use_e = 65537; /* This is the smallest value allowed by FIPS */
+
+ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+
+ use_e |= 1; /* make sure this is odd */
+ mpi_set_ui (e, use_e);
+
+ p = gcry_mpi_snew (pbits);
+ q = gcry_mpi_snew (pbits);
+ }
+
+ n = gcry_mpi_new (nbits);
+ d = gcry_mpi_snew (nbits);
+ u = gcry_mpi_snew (nbits);
+
+ /* prepare approximate minimum p and q */
+ minp = gcry_mpi_new (pbits);
+ mpi_set_ui (minp, 0xB504F334);
+ gcry_mpi_lshift (minp, minp, pbits - 32);
+
+ /* prepare minimum p and q difference */
+ diff = gcry_mpi_new (pbits);
+ mindiff = gcry_mpi_new (pbits - 99);
+ mpi_set_ui (mindiff, 1);
+ gcry_mpi_lshift (mindiff, mindiff, pbits - 100);
+
+ p1 = gcry_mpi_snew (pbits);
+ q1 = gcry_mpi_snew (pbits);
+ g = gcry_mpi_snew (pbits);
+
+retry:
+ /* generate p and q */
+ for (i = 0; i < 5 * pbits; i++)
+ {
+ ploop:
+ if (!testparms)
+ {
+ gcry_mpi_randomize (p, pbits, random_level);
+ }
+ if (mpi_cmp (p, minp) < 0)
+ {
+ if (testparms) goto err;
+ goto ploop;
+ }
+
+ mpi_sub_ui (p1, p, 1);
+ if (gcry_mpi_gcd (g, p1, e))
+ {
+ if (_gcry_fips186_4_prime_check (p, pbits) != GPG_ERR_NO_ERROR)
+ {
+ /* not a prime */
+ if (testparms) goto err;
+ }
+ else
+ break;
+ }
+ else if (testparms) goto err;
+ }
+ if (i >= 5 * pbits)
+ goto err;
+
+ for (i = 0; i < 5 * pbits; i++)
+ {
+ qloop:
+ if (!testparms)
+ {
+ gcry_mpi_randomize (q, pbits, random_level);
+ }
+ if (mpi_cmp (q, minp) < 0)
+ {
+ if (testparms) goto err;
+ goto qloop;
+ }
+ if (mpi_cmp (p, q) > 0)
+ {
+ pqswitch = 1;
+ mpi_sub (diff, p, q);
+ }
+ else
+ {
+ pqswitch = 0;
+ mpi_sub (diff, q, p);
+ }
+ if (mpi_cmp (diff, mindiff) < 0)
+ {
+ if (testparms) goto err;
+ goto qloop;
+ }
+
+ mpi_sub_ui (q1, q, 1);
+ if (gcry_mpi_gcd (g, q1, e))
+ {
+ if (_gcry_fips186_4_prime_check (q, pbits) != GPG_ERR_NO_ERROR)
+ {
+ /* not a prime */
+ if (testparms) goto err;
+ }
+ else
+ break;
+ }
+ else if (testparms) goto err;
+ }
+ if (i >= 5 * pbits)
+ goto err;
+
+ if (testparms)
+ {
+ mpi_clear (p);
+ mpi_clear (q);
+ }
+ else
+ {
+ gcry_mpi_t f;
+
+ if (pqswitch)
+ {
+ gcry_mpi_t tmp;
+
+ tmp = p;
+ p = q;
+ q = tmp;
+ }
+
+ f = gcry_mpi_snew (nbits);
+
+ /* calculate the modulus */
+ mpi_mul(n, p, q);
+
+ /* calculate the secret key d = e^1 mod phi */
+ gcry_mpi_gcd (g, p1, q1);
+ mpi_fdiv_q (f, p1, g);
+ mpi_mul (f, f, q1);
+
+ mpi_invm (d, e, f);
+
+ gcry_mpi_release (f);
+
+ if (mpi_get_nbits (d) < pbits) goto retry;
+
+ /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+ mpi_invm(u, p, q );
+ }
+
+ ec = 0;
+
+ if( DBG_CIPHER )
+ {
+ log_mpidump(" p= ", p );
+ log_mpidump(" q= ", q );
+ log_mpidump(" n= ", n );
+ log_mpidump(" e= ", e );
+ log_mpidump(" d= ", d );
+ log_mpidump(" u= ", u );
+ }
+
+err:
+
+ gcry_mpi_release (p1);
+ gcry_mpi_release (q1);
+ gcry_mpi_release (g);
+ gcry_mpi_release (minp);
+ gcry_mpi_release (mindiff);
+ gcry_mpi_release (diff);
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (ec || (!testparms && test_keys (sk, nbits - 64)))
+ {
+ gcry_mpi_release (sk->n); sk->n = NULL;
+ gcry_mpi_release (sk->e); sk->e = NULL;
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->d); sk->d = NULL;
+ gcry_mpi_release (sk->u); sk->u = NULL;
+ if (!ec)
+ {
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+ }
+
+ return ec;
+}
+
+
/* Helper for generate_x931. */
static gcry_mpi_t
gen_x931_parm_xp (unsigned int nbits)
@@ -812,7 +1085,7 @@ rsa_generate_ext (int algo, unsigned int
}
}
- if (deriveparms || use_x931 || fips_mode ())
+ if (deriveparms || use_x931)
{
int swapped;
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
@@ -841,8 +1114,14 @@ rsa_generate_ext (int algo, unsigned int
transient_key = 1;
gcry_sexp_release (l1);
}
+ deriveparms = (genparms?
+ gcry_sexp_find_token (genparms, "test-parms", 0) : NULL);
/* Generate. */
- ec = generate_std (&sk, nbits, evalue, transient_key);
+ if (deriveparms || fips_mode())
+ ec = generate_fips (&sk, nbits, evalue, deriveparms, transient_key);
+ else
+ ec = generate_std (&sk, nbits, evalue, transient_key);
+ gcry_sexp_release (deriveparms);
}
if (!ec)
diff -up libgcrypt-1.5.3/src/g10lib.h.fips-keygen libgcrypt-1.5.3/src/g10lib.h
--- libgcrypt-1.5.3/src/g10lib.h.fips-keygen 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/src/g10lib.h 2014-10-21 15:05:59.459190556 +0200
@@ -195,6 +195,9 @@ gpg_err_code_t _gcry_generate_fips186_3_
int *r_counter,
void **r_seed, size_t *r_seedlen, int *r_hashalgo);
+gpg_err_code_t _gcry_fips186_4_prime_check
+ (const gcry_mpi_t x, unsigned int bits);
+
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
diff -up libgcrypt-1.5.3/tests/keygen.c.fips-keygen libgcrypt-1.5.3/tests/keygen.c
--- libgcrypt-1.5.3/tests/keygen.c.fips-keygen 2014-10-21 15:05:59.424189766 +0200
+++ libgcrypt-1.5.3/tests/keygen.c 2014-10-21 15:05:59.459190556 +0200
@@ -190,12 +190,12 @@ check_rsa_keys (void)
if (verbose)
- fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
+ fprintf (stderr, "creating 1024 bit RSA key with e=65539\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
" (nbits 4:1024)\n"
- " (rsa-use-e 3:257)\n"
+ " (rsa-use-e 5:65539)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -204,7 +204,7 @@ check_rsa_keys (void)
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
- check_generated_rsa_key (key, 257);
+ check_generated_rsa_key (key, 65539);
gcry_sexp_release (key);
if (verbose)

38
SOURCES/libgcrypt-1.5.3-urandom-only.patch

@ -0,0 +1,38 @@
diff -up libgcrypt-1.5.3/random/random-csprng.c.urandom-only libgcrypt-1.5.3/random/random-csprng.c
--- libgcrypt-1.5.3/random/random-csprng.c.urandom-only 2013-07-25 11:10:04.000000000 +0200
+++ libgcrypt-1.5.3/random/random-csprng.c 2015-04-10 10:31:39.797534903 +0200
@@ -855,7 +855,7 @@ _gcry_rngcsprng_update_seed_file (void)
if ( !allow_seed_file_update )
{
unlock_pool ();
- log_info(_("note: random_seed file not updated\n"));
+ /* log_info(_("note: random_seed file not updated\n")); */
return;
}
@@ -1120,8 +1120,7 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
- if ( !access (NAME_OF_DEV_RANDOM, R_OK)
- && !access (NAME_OF_DEV_URANDOM, R_OK))
+ if (!access (NAME_OF_DEV_URANDOM, R_OK))
{
fnc = _gcry_rndlinux_gather_random;
return fnc;
diff -up libgcrypt-1.5.3/random/rndlinux.c.urandom-only libgcrypt-1.5.3/random/rndlinux.c
--- libgcrypt-1.5.3/random/rndlinux.c.urandom-only 2014-12-12 16:51:56.000000000 +0100
+++ libgcrypt-1.5.3/random/rndlinux.c 2015-04-10 10:34:13.615111926 +0200
@@ -132,7 +132,11 @@ _gcry_rndlinux_gather_random (void (*add
if (level >= 2)
{
if( fd_random == -1 )
- fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
+ /* We try to open /dev/random first but in case the open fails
+ we gracefully retry with /dev/urandom. */
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 0 );
+ if (fd_random == -1)
+ fd_random = open_device ( NAME_OF_DEV_URANDOM, 1 );
fd = fd_random;
}
else if (level != -1)

28
SOURCES/libgcrypt-1.5.3-whirlpool-bug.patch

@ -0,0 +1,28 @@
diff -up libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug libgcrypt-1.5.3/cipher/whirlpool.c
--- libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug 2013-05-22 18:02:54.000000000 +0200
+++ libgcrypt-1.5.3/cipher/whirlpool.c 2014-01-21 15:45:51.308919415 +0100
@@ -56,6 +56,7 @@ typedef struct {
unsigned char buffer[BLOCK_SIZE];
size_t count;
unsigned char length[32];
+ int bug;
} whirlpool_context_t;
@@ -1185,6 +1186,7 @@ whirlpool_init (void *ctx)
whirlpool_context_t *context = ctx;
memset (context, 0, sizeof (*context));
+ context->bug = secure_getenv("GCRYPT_WHIRLPOOL_BUG") != NULL;
}
@@ -1316,7 +1318,7 @@ whirlpool_add (whirlpool_context_t *cont
buffer_n--;
}
whirlpool_add (context, NULL, 0);
- if (!buffer_n)
+ if (context->bug && !buffer_n)
/* Done. */
return;
}

2007
SOURCES/wk@g10code.com

File diff suppressed because it is too large Load Diff

499
SPECS/libgcrypt.spec

@ -0,0 +1,499 @@
Name: libgcrypt
Version: 1.5.3
Release: 14%{?dist}
URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC
# cipher support. We have to remove it in the tarball we ship with
# the hobble-libgcrypt script.
#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: wk@g10code.com
Source3: hobble-libgcrypt
# do not run the ecc curves test
Patch1: libgcrypt-1.5.0-noecc.patch
# make FIPS hmac compatible with fipscheck - non upstreamable
Patch2: libgcrypt-1.5.0-use-fipscheck.patch
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
Patch5: libgcrypt-1.5.0-tests.patch
# make the FIPS-186-3 DSA CAVS testable
Patch7: libgcrypt-1.5.3-fips-cavs.patch
# fix for memory leaks an other errors found by Coverity scan
Patch9: libgcrypt-1.5.0-leak.patch
# use poll instead of select when gathering randomness
Patch11: libgcrypt-1.5.1-use-poll.patch
# compile rijndael with -fno-strict-aliasing
Patch12: libgcrypt-1.5.2-aliasing.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.5.2-mpicoder-gccopt.patch
# pbkdf2 speedup - upstream
Patch15: libgcrypt-1.5.3-pbkdf-speedup.patch
# fix bug in whirlpool implementation (for backwards compatibility
# with files generated with buggy version set environment
# varible GCRYPT_WHIRLPOOL_BUG
Patch16: libgcrypt-1.5.3-whirlpool-bug.patch
# FIPS DRBG
Patch17: libgcrypt-1.5.3-drbg.patch
# Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.5.3-fips-ctor.patch
# Make it possible to run the test suite in the FIPS mode
Patch19: libgcrypt-1.5.3-fips-test.patch
# Make the FIPS RSA keygen to be FIPS 186-4 compliant
Patch20: libgcrypt-1.5.3-rsa-fips-keygen.patch
# add configurable source of RNG seed and seed by default
# from /dev/urandom in the FIPS mode
Patch21: libgcrypt-1.5.3-fips-cfgrandom.patch
# update the selftests for new FIPS requirements
Patch22: libgcrypt-1.5.3-fips-reqs.patch
# use only urandom if /dev/random cannot be opened
Patch24: libgcrypt-1.5.3-urandom-only.patch
# fix predictable PRNG output
Patch26: libgcrypt-1.5.3-rng-predictable.patch
# add drgb cavs test
Patch27: libgcrypt-1.5.3-drbg-cavs.patch
# allow reinitialization of ath in the FIPS mode
Patch28: libgcrypt-1.5.3-ath-reinstall.patch
# allow auto-initialization of drbg
Patch29: libgcrypt-1.5.3-drbg-init.patch

%define gcrylibdir %{_libdir}

# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
# Documentation and some utilities are GPLv2+ licensed. These files
# are in the devel subpackage.
License: LGPLv2+
Summary: A general-purpose cryptography library
BuildRequires: gawk, libgpg-error-devel >= 1.4, pkgconfig
BuildRequires: fipscheck
# This is needed only when patching the .texi doc.
BuildRequires: texinfo
Group: System Environment/Libraries

%package devel
Summary: Development files for the %{name} package
License: LGPLv2+ and GPLv2+
Group: Development/Libraries
Requires(pre): /sbin/install-info
Requires(post): /sbin/install-info
Requires: libgpg-error-devel
Requires: %{name} = %{version}-%{release}

%description
Libgcrypt is a general purpose crypto library based on the code used
in GNU Privacy Guard. This is a development version.

%description devel
Libgcrypt is a general purpose crypto library based on the code used
in GNU Privacy Guard. This package contains files needed to develop
applications using libgcrypt.

%prep
%setup -q
%{SOURCE3}
%patch1 -p1 -b .noecc
%patch2 -p1 -b .use-fipscheck
%patch5 -p1 -b .tests
%patch7 -p1 -b .cavs
%patch9 -p1 -b .leak
%patch11 -p1 -b .use-poll
%patch12 -p1 -b .aliasing
%patch13 -p1 -b .gccopt
%patch15 -p1 -b .pbkdf-speedup
%patch16 -p1 -b .whirlpool-bug
%patch17 -p1 -b .drbg
%patch18 -p1 -b .fips-ctor
%patch19 -p1 -b .fips-test
%patch20 -p1 -b .fips-keygen
%patch21 -p1 -b .cfgrandom
%patch22 -p1 -b .fips-reqs
%patch24 -p1 -b .urandom-only
%patch26 -p1 -b .rng-predictable
%patch27 -p1 -b .drbg-cavs
%patch28 -p1 -b .ath-reinstall
%patch29 -p1 -b .drbg-init

%build
%configure --disable-static \
%ifarch sparc64
--disable-asm \
%endif
--enable-noexecstack \
--enable-hmac-binary-check \
--enable-pubkey-ciphers='dsa elgamal rsa' \
--disable-O-flag-munging
make %{?_smp_mflags}

%check
fipshmac src/.libs/libgcrypt.so.??
make check

# Add generation of HMAC checksums of the final stripped binaries
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
fipshmac $RPM_BUILD_ROOT%{gcrylibdir}/*.so.?? \
%{nil}

%install
make install DESTDIR=$RPM_BUILD_ROOT

# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
# a file conflict between 32- and 64-bit versions of this package.
# Also replace my_host with none.
sed -i -e 's,^libdir="/usr/lib.*"$,libdir="/usr/lib",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config
sed -i -e 's,^my_host=".*"$,my_host="none",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config

rm -f ${RPM_BUILD_ROOT}/%{_infodir}/dir ${RPM_BUILD_ROOT}/%{_libdir}/*.la
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_libdir}

%if "%{gcrylibdir}" != "%{_libdir}"
# Relocate the shared libraries to %{gcrylibdir}.
mkdir -p $RPM_BUILD_ROOT%{gcrylibdir}
for shlib in $RPM_BUILD_ROOT%{_libdir}/*.so* ; do
if test -L "$shlib" ; then
rm "$shlib"
else
mv "$shlib" $RPM_BUILD_ROOT%{gcrylibdir}/
fi
done

# Overwrite development symlinks.
pushd $RPM_BUILD_ROOT/%{_libdir}
for shlib in %{gcrylibdir}/lib*.so.* ; do
shlib=`echo "$shlib" | sed -e 's,//,/,g'`
target=`basename "$shlib" | sed -e 's,\.so.*,,g'`.so
ln -sf $shlib $target
done
popd

# Add soname symlink.
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/
%endif


# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
# that _someone_ owns it.
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post devel
[ -f %{_infodir}/gcrypt.info.gz ] && \
/sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir
exit 0

%preun devel
if [ $1 = 0 -a -f %{_infodir}/gcrypt.info.gz ]; then
/sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir
fi
exit 0

%files
%defattr(-,root,root,-)
%dir /etc/gcrypt
%{gcrylibdir}/libgcrypt.so.*
%{gcrylibdir}/.libgcrypt.so.*.hmac
%doc COPYING.LIB AUTHORS NEWS THANKS

%files devel
%defattr(-,root,root,-)
%{_bindir}/%{name}-config
%{_bindir}/dumpsexp
%{_bindir}/hmac256
%{_includedir}/*
%{_libdir}/*.so
%{_datadir}/aclocal/*

%{_infodir}/gcrypt.info*
%doc COPYING

%changelog
* Tue Feb 28 2017 Tomáš Mráz <tmraz@redhat.com> 1.5.3-14
- add DRBG CAVS driver and other necessary CAVS driver updates (#1172568)
- allow ath reinitialization in FIPS mode
- allow for auto-initialization of DRBG

* Tue Oct 25 2016 Tomáš Mráz <tmraz@redhat.com> 1.5.3-13.1
- fix CVE-2016-6313 - predictable PRNG output (#1366105)

* Fri Apr 10 2015 Tomáš Mráz <tmraz@redhat.com> 1.5.3-13
- touch only urandom in the selftest and when /dev/random is
unavailable for example by SELinux confinement
- fix the RSA selftest key (p q swap)

* Wed Jan 14 2015 Tomáš Mráz <tmraz@redhat.com> 1.5.3-12
- use macros instead of inline functions in the public header

* Fri Dec 12 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-11
- do not initialize secure memory during the selftest

* Fri Nov 14 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-10
- update the selftests for the new FIPS requirements

* Fri Oct 31 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-9
- apply the fips-cfgrandom change also to the drbg seeding

* Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-7
- make the RSA keygen to be compliant to FIPS 186-4 in
FIPS mode

* Fri Sep 26 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-5
- add FIPS DRBG implementation
- run the FIPS POST tests in shared library constructor
- make it possible to run the test suite in the FIPS mode

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.5.3-4
- Mass rebuild 2014-01-24

* Tue Jan 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-3
- fix a bug in the Whirlpool hash implementation
- speed up the PBKDF2 computation

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.5.3-2
- Mass rebuild 2013-12-27

* Fri Jul 26 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.3-1
- new upstream version fixing cache side-channel attack on RSA private keys

* Thu Jun 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-3
- silence false error detected by valgrind (#968288)

* Thu Apr 25 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-2
- silence strict aliasing warning in Rijndael
- apply UsrMove
- spec file cleanups

* Fri Apr 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-1
- new upstream version

* Wed Mar 20 2013 Tomas Mraz <tmraz@redhat.com> 1.5.1-1
- new upstream version

* Tue Mar 5 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-11
- use poll() instead of select() when gathering randomness (#913773)

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Jan 3 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-9
- allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)

* Mon Dec 3 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-8
- fix multilib conflict in libgcrypt-config
- fix minor memory leaks and other bugs found by Coverity scan

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Thu Apr 5 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-5
- Correctly rebuild the info documentation

* Wed Apr 4 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-4
- Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Mon Aug 15 2011 Kalev Lember <kalevlember@gmail.com> 1.5.0-2
- Rebuilt for rpm bug #728707

* Thu Jul 21 2011 Tomas Mraz <tmraz@redhat.com> 1.5.0-1
- new upstream version

* Mon Jun 20 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-4
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed

* Mon May 30 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-3
- Make the FIPS-186-3 DSA implementation CAVS testable
- add configurable source of RNG seed /etc/gcrypt/rngseed
in the FIPS mode (#700388)

* Fri Feb 11 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-1
- new upstream version with minor changes

* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Fri Feb 4 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-6
- fix a bug in the fips-186-3 dsa parameter generation code

* Tue Feb 1 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-5
- use /dev/urandom for seeding in the FIPS mode
- make the tests to pass in the FIPS mode also fixing
the FIPS-186-3 DSA keygen

* Sun Feb 14 2010 Rex Dieter <rdieter@fedoraproject.org> 1.4.5-4
- FTBFS libgcrypt-1.4.5-3.fc13: ImplicitDSOLinking (#564973)

* Wed Feb 3 2010 Tomas Mraz <tmraz@redhat.com> 1.4.5-3
- drop the S390 build workaround as it is no longer needed
- additional spec file cleanups for merge review (#226008)

* Mon Dec 21 2009 Tomas Mraz <tmraz@redhat.com> 1.4.5-1
- workaround for build on S390 (#548825)
- spec file cleanups
- upgrade to new minor upstream release

* Tue Aug 11 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-8
- fix warning when installed with --excludedocs (#515961)

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Jun 18 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-6
- and now really apply the padlock patch

* Wed Jun 17 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-5
- fix VIA padlock RNG inline assembly call (#505724)

* Thu Mar 5 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-4
- with the integrity verification check the library needs to link to libdl
(#488702)

* Tue Mar 3 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-3
- add hmac FIPS integrity verification check

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-1
- update to 1.4.4
- do not abort when the fips mode kernel flag is inaccessible
due to permissions (#470219)
- hobble the library to drop the ECC support

* Mon Oct 20 2008 Dennis Gilmore <dennis@ausil.us> 1.4.3-2
- disable asm on sparc64

* Thu Sep 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1
- update to 1.4.3
- own /etc/gcrypt

* Mon Sep 15 2008 Nalin Dahyabhai <nalin@redhat.com>
- invoke make with %%{?_smp_mflags} to build faster on multi-processor
systems (Steve Grubb)

* Mon Sep 8 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
- update to 1.4.2

* Tue Apr 29 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
- update to 1.4.1
- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced
by the configure script

* Thu Apr 3 2008 Joe Orton <jorton@redhat.com> 1.4.0-3
- add patch from upstream to fix severe performance regression
in entropy gathering

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
- Autorebuild for GCC 4.3

* Mon Dec 10 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.4.0-1
- update to 1.4.0

* Tue Oct 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-6
- use ldconfig to build the soname symlink for packaging along with the
shared library (#334731)

* Wed Aug 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-5
- add missing gawk buildrequirement
- switch from explicitly specifying the /dev/random RNG to just verifying
that the non-LGPL ones were disabled by the configure script

* Thu Aug 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-4
- clarify license
- force use of the linux /dev/random RNG, to avoid accidentally falling back
to others which would affect the license of the resulting library

* Mon Jul 30 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-3
- disable static libraries (part of #249815)

* Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-2
- move libgcrypt shared library to /%%{_lib} (#249815)

* Tue Feb 6 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-1
- update to 1.2.4

* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-2
- make use of install-info more failsafe (Ville Skyttä, #223705)

* Fri Sep 1 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-1
- update to 1.2.3

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-3.1
- rebuild

* Mon Jun 05 2006 Jesse Keating <jkeating@redhat.com> 1.2.2-3
- Added missing buildreq pkgconfig

* Tue May 16 2006 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-2
- remove file conflicts in libgcrypt-config by making the 64-bit version
think the libraries are in /usr/lib (which is wrong, but which it also
prunes from the suggest --libs output, so no harm done, hopefully)

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Wed Oct 5 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-1
- update to 1.2.2

* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.1-1
- update to 1.2.1

* Fri Jul 30 2004 Florian La Roche <Florian.LaRoche@redhat.de>
- another try to package the symlink

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Sun May 2 2004 Bill Nottingham <notting@redhat.com> - 1.2.0-1
- update to official 1.2.0

* Fri Apr 16 2004 Bill Nottingham <notting@redhat.com> - 1.1.94-1
- update to 1.1.94

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche@redhat.de>
- add symlinks to shared libs at compile time

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Thu Mar 20 2003 Jeff Johnson <jbj@redhat.com> 1.1.12-1
- upgrade to 1.1.12 (beta).

* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Tue May 21 2002 Jeff Johnson <jbj@redhat.com>
- update to 1.1.7
- change license to LGPL.
- include splint annotations patch.
- install info pages.

* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.6-1
- update to 1.1.6

* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.5-1
- fix the Source tag so that it's a real URL

* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package
Loading…
Cancel
Save