|
|
diff -up libgcrypt-1.5.3/cipher/dsa.c.fips-reqs libgcrypt-1.5.3/cipher/dsa.c |
|
|
--- libgcrypt-1.5.3/cipher/dsa.c.fips-reqs 2014-11-12 17:05:01.000000000 +0100 |
|
|
+++ libgcrypt-1.5.3/cipher/dsa.c 2014-11-14 14:32:23.751354070 +0100 |
|
|
@@ -55,42 +55,86 @@ typedef struct |
|
|
} dsa_domain_t; |
|
|
|
|
|
|
|
|
-/* A sample 1024 bit DSA key used for the selftests. */ |
|
|
+/* A sample 2048 bit DSA key used for the selftests. */ |
|
|
static const char sample_secret_key[] = |
|
|
"(private-key" |
|
|
" (dsa" |
|
|
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" |
|
|
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" |
|
|
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" |
|
|
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)" |
|
|
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)" |
|
|
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" |
|
|
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" |
|
|
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" |
|
|
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)" |
|
|
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" |
|
|
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" |
|
|
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" |
|
|
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)" |
|
|
-" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))"; |
|
|
-/* A sample 1024 bit DSA key used for the selftests (public only). */ |
|
|
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862" |
|
|
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6" |
|
|
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552" |
|
|
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a" |
|
|
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503" |
|
|
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34" |
|
|
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b" |
|
|
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7" |
|
|
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557" |
|
|
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a" |
|
|
+" 2c8d7469db02e24d592394a7dba069e9#)" |
|
|
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056" |
|
|
+" 7441a0a5#)" |
|
|
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8" |
|
|
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba" |
|
|
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a" |
|
|
+" 0df242b75b414df372121e53a553f222f836b000f016485b" |
|
|
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a" |
|
|
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023" |
|
|
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7" |
|
|
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a" |
|
|
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095" |
|
|
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e" |
|
|
+" 45f322f82e4e85ca3ab85591b3c2a966#)" |
|
|
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb" |
|
|
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444" |
|
|
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c" |
|
|
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c" |
|
|
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c" |
|
|
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675" |
|
|
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc" |
|
|
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490" |
|
|
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d" |
|
|
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3" |
|
|
+" 0acb673717a0d2fb3b50c893f7dab14f#)" |
|
|
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800" |
|
|
+" ec55f6cc#)))"; |
|
|
+/* A sample 2048 bit DSA key used for the selftests (public only). */ |
|
|
static const char sample_public_key[] = |
|
|
"(public-key" |
|
|
" (dsa" |
|
|
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" |
|
|
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" |
|
|
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" |
|
|
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)" |
|
|
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)" |
|
|
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" |
|
|
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" |
|
|
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" |
|
|
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)" |
|
|
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" |
|
|
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" |
|
|
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" |
|
|
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))"; |
|
|
- |
|
|
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862" |
|
|
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6" |
|
|
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552" |
|
|
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a" |
|
|
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503" |
|
|
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34" |
|
|
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b" |
|
|
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7" |
|
|
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557" |
|
|
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a" |
|
|
+" 2c8d7469db02e24d592394a7dba069e9#)" |
|
|
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056" |
|
|
+" 7441a0a5#)" |
|
|
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8" |
|
|
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba" |
|
|
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a" |
|
|
+" 0df242b75b414df372121e53a553f222f836b000f016485b" |
|
|
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a" |
|
|
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023" |
|
|
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7" |
|
|
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a" |
|
|
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095" |
|
|
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e" |
|
|
+" 45f322f82e4e85ca3ab85591b3c2a966#)" |
|
|
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb" |
|
|
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444" |
|
|
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c" |
|
|
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c" |
|
|
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c" |
|
|
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675" |
|
|
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc" |
|
|
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490" |
|
|
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d" |
|
|
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3" |
|
|
+" 0acb673717a0d2fb3b50c893f7dab14f#)))"; |
|
|
|
|
|
|
|
|
� |
|
|
@@ -1046,14 +1090,14 @@ dsa_get_nbits (int algo, gcry_mpi_t *pke |
|
|
*/ |
|
|
|
|
|
static const char * |
|
|
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) |
|
|
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) |
|
|
{ |
|
|
static const char sample_data[] = |
|
|
"(data (flags raw)" |
|
|
- " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))"; |
|
|
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4f1e2d3c4b5a6978879605142#))"; |
|
|
static const char sample_data_bad[] = |
|
|
"(data (flags raw)" |
|
|
- " (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))"; |
|
|
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d401e2d3c4b5a6978879605142#))"; |
|
|
|
|
|
const char *errtxt = NULL; |
|
|
gcry_error_t err; |
|
|
@@ -1131,7 +1175,7 @@ selftests_dsa (selftest_report_func_t re |
|
|
} |
|
|
|
|
|
what = "sign"; |
|
|
- errtxt = selftest_sign_1024 (pkey, skey); |
|
|
+ errtxt = selftest_sign (pkey, skey); |
|
|
if (errtxt) |
|
|
goto failed; |
|
|
|
|
|
diff -up libgcrypt-1.5.3/cipher/rsa.c.fips-reqs libgcrypt-1.5.3/cipher/rsa.c |
|
|
--- libgcrypt-1.5.3/cipher/rsa.c.fips-reqs 2014-11-12 17:05:01.299387339 +0100 |
|
|
+++ libgcrypt-1.5.3/cipher/rsa.c 2014-11-14 14:06:00.099602441 +0100 |
|
|
@@ -52,33 +52,57 @@ typedef struct |
|
|
} RSA_secret_key; |
|
|
|
|
|
|
|
|
-/* A sample 1024 bit RSA key used for the selftests. */ |
|
|
+/* A sample 2048 bit RSA key used for the selftests. */ |
|
|
static const char sample_secret_key[] = |
|
|
"(private-key" |
|
|
" (rsa" |
|
|
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" |
|
|
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" |
|
|
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" |
|
|
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)" |
|
|
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00" |
|
|
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a" |
|
|
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe" |
|
|
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075" |
|
|
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc" |
|
|
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1" |
|
|
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4" |
|
|
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4" |
|
|
+" ff50db2045a2eb167af2d528c1fd4e0371#)" |
|
|
" (e #010001#)" |
|
|
-" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11" |
|
|
-" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd" |
|
|
-" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21" |
|
|
-" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)" |
|
|
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" |
|
|
-" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)" |
|
|
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" |
|
|
-" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)" |
|
|
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" |
|
|
-" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))"; |
|
|
-/* A sample 1024 bit RSA key used for the selftests (public only). */ |
|
|
+" (d #03b1e24a94e50ab21f8619701ec97679be2cf8f733c9331d9e2974dba721" |
|
|
+" 27e5def480290e78a769f96b19d28397a284868fb614ca9b1fb3a0d7efed" |
|
|
+" df41451204ce71aceba659f6ed15964ebb317712364e1cfaf2fded77d658" |
|
|
+" 8561acc49c97c2d7efe75f1534b35bd4f6561e1f468b45590db34553d4d0" |
|
|
+" c2cb4d806b74e1b2c52740462538865d9792b0aefbbf7b9827f4b3badcb3" |
|
|
+" 5adab638266a2d2fb8422a7a19142e08848e56af77a66c39b2afafa2e15b" |
|
|
+" 1a7e4ed1f2c7ed350678c0465d86472af97371b13ef5058662f835ef9087" |
|
|
+" f6cca8281bbf1b6b155c737b33d9e443350df85e7cc3b507231fb839f41f" |
|
|
+" 02c654b29017f35d69007c70e13ba0e5#)" |
|
|
+" (p #00ccbe7b096906ee45bf884738a8f817e5b6ba6755e3e8058bb8e253d68e" |
|
|
+" ef2ce74f4af74e268d850b3fecc31cd4ebec6ac8722a257dfda67796f01e" |
|
|
+" cd2857f83730756bbdd47b0c87c56c8740a5bb272c78c9745a545b0b306f" |
|
|
+" 444afa71e4216166f9ee65de7c04d7fda9155b7fe27aba698672a6068d9b" |
|
|
+" 9055609e4c5da9b655#)" |
|
|
+" (q #00fc5c6e16ce1f037bcdf7b372b28f1672b856aef7cd67d84e7d07afd543" |
|
|
+" 26c335be438f4e2f1c434e6bd2b2ec526d97522bcc5c3a6bf414c674da66" |
|
|
+" 381c7a3f842fe3f95ab865694606a33779b2a15b58ed5ea75f8c6566bbd1" |
|
|
+" 2436e637a73d49778a8c34d86929f34d5822b05124b640a886590ab7ba5c" |
|
|
+" 97da57e836da7a9cad#)" |
|
|
+" (u #2396c191175e0a83d2dc7b69b2591d3358523f18c709501cb9a1bb4ca238" |
|
|
+" 404c9a8efe9c9092d0719f899950911f348b745311114a70e2f730d88c80" |
|
|
+" e1cc9ff163171a7d67294ccb4e747be03e9e2ff4678fecb95c001e7ea27b" |
|
|
+" 92c96f4ce40ef94863cd50225dbfb69d01336af450be86984fca3f3afacf" |
|
|
+" 0740c4aaadaebebf#)))"; |
|
|
+/* A sample 2048 bit RSA key used for the selftests (public only). */ |
|
|
static const char sample_public_key[] = |
|
|
"(public-key" |
|
|
" (rsa" |
|
|
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" |
|
|
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" |
|
|
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" |
|
|
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)" |
|
|
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00" |
|
|
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a" |
|
|
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe" |
|
|
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075" |
|
|
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc" |
|
|
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1" |
|
|
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4" |
|
|
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4" |
|
|
+" ff50db2045a2eb167af2d528c1fd4e0371#)" |
|
|
" (e #010001#)))"; |
|
|
|
|
|
|
|
|
@@ -1379,20 +1403,35 @@ compute_keygrip (gcry_md_hd_t md, gcry_s |
|
|
*/ |
|
|
|
|
|
static const char * |
|
|
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) |
|
|
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) |
|
|
{ |
|
|
static const char sample_data[] = |
|
|
"(data (flags pkcs1)" |
|
|
- " (hash sha1 #11223344556677889900aabbccddeeff10203040#))"; |
|
|
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708090a1b1c1#))"; |
|
|
static const char sample_data_bad[] = |
|
|
"(data (flags pkcs1)" |
|
|
- " (hash sha1 #11223344556677889900aabbccddeeff80203040#))"; |
|
|
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708091a1b1c1#))"; |
|
|
+ static const char signature_ka[] = |
|
|
+ "(sig-val \n" |
|
|
+ " (rsa \n" |
|
|
+ " (s #0B12D55738B099D401C81BEEDA54E045B4B7D9CDA5A8769E9C484F696A58912A" |
|
|
+ "1E5DE7E5A2D181DA15A5C254D802AB75F1056E27406850AC7BE310BC32D2CED8" |
|
|
+ "6697FE84508F7EFFF4D147C52E955A0873EF2F52ED71F2FC9C3C12D4045CB643" |
|
|
+ "70158378E1494D8FBAD2248B9B64233D2CC2C1932B0531E539DEB07434B76D3B" |
|
|
+ "6959E8A37E33B234C0C8C2C8FB1D00939239C9C491B2EBEED77BF952B597E11B" |
|
|
+ "D4ED0C103D2B88BC78B4E505CF9D8D08B585CE3688D4FBE83ED58D1E1341AC4D" |
|
|
+ "7C5EFF3CBC565CC7AE61C2F568426763A5239D31C1FFFD366984901679A343C4" |
|
|
+ "01BB778BBA5E533B7875BA658A19AA9E56170F4A28E4322BF1621175FB06463E#)\n" |
|
|
+ " )\n" |
|
|
+ " )\n"; |
|
|
|
|
|
const char *errtxt = NULL; |
|
|
gcry_error_t err; |
|
|
gcry_sexp_t data = NULL; |
|
|
gcry_sexp_t data_bad = NULL; |
|
|
gcry_sexp_t sig = NULL; |
|
|
+ char buf[1024]; |
|
|
+ size_t len; |
|
|
|
|
|
err = gcry_sexp_sscan (&data, NULL, |
|
|
sample_data, strlen (sample_data)); |
|
|
@@ -1411,6 +1450,12 @@ selftest_sign_1024 (gcry_sexp_t pkey, gc |
|
|
errtxt = "signing failed"; |
|
|
goto leave; |
|
|
} |
|
|
+ len = gcry_sexp_sprint (sig, GCRYSEXP_FMT_ADVANCED, buf, sizeof(buf)); |
|
|
+ if (len != sizeof (signature_ka) - 1 || memcmp (buf, signature_ka, len) != 0) |
|
|
+ { |
|
|
+ errtxt = "signature KAT failed"; |
|
|
+ goto leave; |
|
|
+ } |
|
|
err = gcry_pk_verify (sig, data, pkey); |
|
|
if (err) |
|
|
{ |
|
|
@@ -1467,11 +1512,11 @@ extract_a_from_sexp (gcry_sexp_t encr_da |
|
|
|
|
|
|
|
|
static const char * |
|
|
-selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) |
|
|
+selftest_encr (gcry_sexp_t pkey, gcry_sexp_t skey) |
|
|
{ |
|
|
const char *errtxt = NULL; |
|
|
gcry_error_t err; |
|
|
- const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */ |
|
|
+ const unsigned int nbits = 2000; /* Encrypt 2000 random bits. */ |
|
|
gcry_mpi_t plaintext = NULL; |
|
|
gcry_sexp_t plain = NULL; |
|
|
gcry_sexp_t encr = NULL; |
|
|
@@ -1594,12 +1639,12 @@ selftests_rsa (selftest_report_func_t re |
|
|
} |
|
|
|
|
|
what = "sign"; |
|
|
- errtxt = selftest_sign_1024 (pkey, skey); |
|
|
+ errtxt = selftest_sign (pkey, skey); |
|
|
if (errtxt) |
|
|
goto failed; |
|
|
|
|
|
what = "encrypt"; |
|
|
- errtxt = selftest_encr_1024 (pkey, skey); |
|
|
+ errtxt = selftest_encr (pkey, skey); |
|
|
if (errtxt) |
|
|
goto failed; |
|
|
|
|
|
diff -up libgcrypt-1.5.3/random/drbg.c.fips-reqs libgcrypt-1.5.3/random/drbg.c |
|
|
--- libgcrypt-1.5.3/random/drbg.c.fips-reqs 2014-11-12 17:05:01.000000000 +0100 |
|
|
+++ libgcrypt-1.5.3/random/drbg.c 2014-11-14 14:45:33.820190218 +0100 |
|
|
@@ -390,6 +390,9 @@ gcry_drbg_fips_continuous_test (struct g |
|
|
ret = memcmp (drbg->prev, buf, gcry_drbg_blocklen (drbg)); |
|
|
memcpy (drbg->prev, buf, gcry_drbg_blocklen (drbg)); |
|
|
/* the test shall pass when the two compared values are not equal */ |
|
|
+ if (ret == 0) |
|
|
+ fips_signal_error ("duplicate block returned by DRBG"); |
|
|
+ |
|
|
return ret != 0; |
|
|
} |
|
|
|
|
|
diff -up libgcrypt-1.5.3/src/visibility.c.fips-reqs libgcrypt-1.5.3/src/visibility.c |
|
|
--- libgcrypt-1.5.3/src/visibility.c.fips-reqs 2013-07-25 11:10:04.000000000 +0200 |
|
|
+++ libgcrypt-1.5.3/src/visibility.c 2014-11-12 17:05:27.251973230 +0100 |
|
|
@@ -1217,6 +1217,9 @@ gcry_kdf_derive (const void *passphrase, |
|
|
unsigned long iterations, |
|
|
size_t keysize, void *keybuffer) |
|
|
{ |
|
|
+ if (!fips_is_operational ()) |
|
|
+ return gpg_error (fips_not_operational ()); |
|
|
+ |
|
|
return _gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo, |
|
|
salt, saltlen, iterations, keysize, keybuffer); |
|
|
} |
|
|
@@ -1271,6 +1274,13 @@ void |
|
|
gcry_mpi_randomize (gcry_mpi_t w, |
|
|
unsigned int nbits, enum gcry_random_level level) |
|
|
{ |
|
|
+ if (!fips_is_operational ()) |
|
|
+ { |
|
|
+ (void)fips_not_operational (); |
|
|
+ fips_signal_fatal_error ("called in non-operational state"); |
|
|
+ fips_noreturn (); |
|
|
+ } |
|
|
+ |
|
|
_gcry_mpi_randomize (w, nbits, level); |
|
|
} |
|
|
|
|
|
@@ -1296,6 +1306,9 @@ gcry_prime_generate (gcry_mpi_t *prime, |
|
|
gcry_random_level_t random_level, |
|
|
unsigned int flags) |
|
|
{ |
|
|
+ if (!fips_is_operational ()) |
|
|
+ return gpg_error (fips_not_operational ()); |
|
|
+ |
|
|
return _gcry_prime_generate (prime, prime_bits, factor_bits, factors, |
|
|
cb_func, cb_arg, random_level, flags); |
|
|
}
|
|
|
|
