packages/libgcrypt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 1.10.2

Browse Source
This commit is contained in:
zhengxiaoxiao 2023-07-24 16:21:53 +08:00
parent 6c7dc4542b
commit fda38d4252
17 changed files with 33 additions and 2627 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Use-the-compiler-switch-O0-for-compiling-jitterentro.patch Normal file
View File

@ -0,0 +1,25 @@
From 642d43d4545b48322dc10a5b9f08bc5d09a8591f Mon Sep 17 00:00:00 2001
From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
Date: Tue, 1 Aug 2023 12:05:44 +0800
Subject: [PATCH] Use the compiler switch -O0 for compiling jitterentropy.c.
---
random/jitterentropy-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/random/jitterentropy-base.c b/random/jitterentropy-base.c
index cf7630d..08a2cd3 100644
--- a/random/jitterentropy-base.c
+++ b/random/jitterentropy-base.c
@@ -55,7 +55,7 @@
***************************************************************************/
#ifdef __OPTIMIZE__
- #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c."
+ #pragma GCC optimize ("O0")
#endif
/*
--
2.33.0

104
backport-libgcrypt-1.6.1-mpicoder-gccopt.patch
View File

@ -1,104 +0,0 @@
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra = 1;
}
- if (buffer && n > len)
- {
- /* The provided buffer is too short. */
- xfree (tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (n > len)
+ {
+ /* The provided buffer is too short. */
+ xfree (tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (extra == 1)
*s++ = 0;
else if (extra)
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
/* Note: We ignore the sign for this format. */
/* FIXME: for performance reasons we should put this into
mpi_aprint because we can then use the buffer directly. */
-
- if (buffer && n > len)
- return GPG_ERR_TOO_SHORT;
if (buffer)
{
unsigned char *tmp;
+ if (n > len)
+ return GPG_ERR_TOO_SHORT;
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
if (!tmp)
return gpg_err_code_from_syserror ();
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (negative)
return GPG_ERR_INV_ARG;
- if (buffer && n+2 > len)
- return GPG_ERR_TOO_SHORT;
-
if (buffer)
{
unsigned char *tmp;
unsigned char *s = buffer;
+ if (n+2 > len)
+ return GPG_ERR_TOO_SHORT;
+
s[0] = nbits >> 8;
s[1] = nbits;
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra=1;
}
- if (buffer && n+4 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
-
if (buffer)
{
unsigned char *s = buffer;
+ if (n+4 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
+
*s++ = n >> 24;
*s++ = n >> 16;
*s++ = n >> 8;
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (!n || (*tmp & 0x80))
extra = 2;
- if (buffer && 2*n + extra + negative + 1 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (2*n + extra + negative + 1 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (negative)
*s++ = '-';
if (extra)

122
backport-libgcrypt-1.7.3-ecc-test-fix.patch
View File

@ -1,122 +0,0 @@
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
@@ -1412,7 +1412,7 @@ ecc_bench (int iterations, int print_hea
{
#if USE_ECC
gpg_error_t err;
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519",
"gost256", "gost512" };
int testno;
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
"ECDSA, 224 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
{
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
-
-
-
- {
"ECDSA, 224 bits (prime field)",
"With SHA-1, message = \"sample\"",
"sha1", "sample",

1311
backport-libgcrypt-1.7.3-fips-cavs.patch
View File

File diff suppressed because it is too large Load Diff

73
backport-libgcrypt-1.8.3-fips-ctor.patch
View File

@ -1,73 +0,0 @@
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
@@ -141,6 +141,34 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ int no_secmem_save;
+
+ /* it should be always 0 at this point but let's keep on the safe side */
+ no_secmem_save = no_secure_memory;
+ no_secure_memory = 1;
+ /* force selftests */
+ global_init();
+ _gcry_fips_run_selftests (0);
+ if (!fips_mode())
+ _gcry_random_close_fds ();
+ no_secure_memory = no_secmem_save;
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+ && !_gcry_is_fips_mode_inactive ())
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!_gcry_global_any_init_done)
+ if (fips_mode ())
{
- /* Not yet initialized at all. Set the enforced fips mode flag */
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
_gcry_set_preferred_rng_type (0);
_gcry_set_enforced_fips_mode ();
}
diff --git a/tests/t-secmem.c b/tests/t-secmem.c
index 2b769134..1d33bbfd 100644
--- a/tests/t-secmem.c
+++ b/tests/t-secmem.c
@@ -54,7 +54,7 @@ test_secmem (void)
/* Allocating another 2k should fail for the default 16k pool. */
b = gcry_malloc_secure (chunk_size*4);
- if (b)
+ if (b && !gcry_fips_mode_active ())
fail ("allocation did not fail as expected\n");
for (i=0; i < DIM(a); i++)

113
backport-libgcrypt-1.8.3-fips-enttest.patch
View File

@ -1,113 +0,0 @@
diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c
--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/random/random-drbg.c 2019-06-24 10:04:23.219547141 +0200
@@ -317,6 +317,7 @@ struct drbg_state_s
gcry_cipher_hd_t ctr_handle; /* CTR mode cipher handle */
int seeded:1; /* DRBG fully seeded? */
int pr:1; /* Prediction resistance enabled? */
+ int ent_primed:1; /* Previous entropy data primed? */
/* Taken from libgcrypt ANSI X9.31 DRNG: We need to keep track of the
* process which did the initialization so that we can detect a fork.
* The volatile modifier is required so that the compiler does not
@@ -324,6 +325,7 @@ struct drbg_state_s
pid_t seed_init_pid;
const struct drbg_state_ops_s *d_ops;
const struct drbg_core_s *core;
+ unsigned char ent_hash[64]; /* Hash of previous entropy data */
struct drbg_test_data_s *test_data;
};
@@ -610,11 +612,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
size_t len)
{
int rc = 0;
+ unsigned char newhash[64];
/* Perform testing as defined in 11.3.2 */
if (drbg->test_data && drbg->test_data->fail_seed_source)
return -1;
+redo:
read_cb_buffer = buffer;
read_cb_size = len;
read_cb_len = 0;
@@ -634,6 +638,27 @@ drbg_get_entropy (drbg_state_t drbg, uns
#else
rc = -1;
#endif
+
+ /* to avoid storing the actual entropy obtained for indefinite
+ time, we just store the SHA-512 hash of the entropy gathered
+ */
+ _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);
+
+ if (!drbg->ent_primed)
+ {
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
+ drbg->ent_primed = 1;
+ goto redo;
+ }
+
+ if (memcmp (newhash, drbg->ent_hash, sizeof (drbg->ent_hash)) == 0)
+ {
+ fips_signal_error ("Entropy source failed the continuous test");
+ return -1; /* continuous entropy test failed */
+ }
+
+ memcpy (drbg->ent_hash, newhash, sizeof (drbg->ent_hash));
+
return rc;
}
@@ -1341,26 +1366,38 @@ drbg_seed (drbg_state_t drbg, drbg_strin
}
else
{
+ int nonce = 0;
/* Gather entropy equal to the security strength of the DRBG.
* With a derivation function, a nonce is required in addition
* to the entropy. A nonce must be at least 1/2 of the security
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
* of the strength. The consideration of a nonce is only
- * applicable during initial seeding. */
+ * applicable during initial seeding.
+ * To avoid pulling different length of data from entropy
+ * source, we use 2 * strength for initial seeding. */
entropylen = drbg_sec_strength (drbg->core->flags);
if (!entropylen)
return GPG_ERR_GENERAL;
if (0 == reseed)
- /* make sure we round up strength/2 in
- * case it is not divisible by 2 */
- entropylen = ((entropylen + 1) / 2) * 3;
+ {
+ nonce = 1;
+ }
dbg (("DRBG: (re)seeding with %lu bytes of entropy\n", entropylen));
- entropy = xcalloc_secure (1, entropylen);
+ entropy = xcalloc_secure (nonce + 1, entropylen);
if (!entropy)
return GPG_ERR_ENOMEM;
ret = drbg_get_entropy (drbg, entropy, entropylen);
if (ret)
goto out;
+ if (nonce)
+ {
+ ret = drbg_get_entropy (drbg, entropy + entropylen, entropylen);
+ if (ret)
+ goto out;
+ /* make sure we round up strength/2 in
+ * case it is not divisible by 2 */
+ entropylen = 2 * entropylen;
+ }
drbg_string_fill (&data1, entropy, entropylen);
}
@@ -1597,6 +1634,7 @@ drbg_instantiate (drbg_state_t drbg,
drbg->core = &drbg_cores[coreref];
drbg->pr = pr;
drbg->seeded = 0;
+ drbg->ent_primed = 0;
if (drbg->core->flags & DRBG_HMAC)
drbg->d_ops = &drbg_hmac_ops;
else if (drbg->core->flags & DRBG_HASH_MASK)

37
backport-libgcrypt-1.8.3-md-fips-enforce.patch
View File

@ -1,37 +0,0 @@
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
}
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
+ if (!err && !spec->flags.fips && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 7a48e98a..48309b9a 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -1104,6 +1104,13 @@ check_pbkdf2 (void)
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
tv[tvidx].salt, tv[tvidx].saltlen,
tv[tvidx].c, tv[tvidx].dklen, outbuf);
+ if (gcry_fips_mode_active() && tvidx > 6)
+ {
+ if (!err)
+ fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
+ tvidx, gpg_strerror (err));
+ continue;
+ }
if (err)
fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))

64
backport-libgcrypt-1.8.4-fips-keygen.patch
View File

@ -1,64 +0,0 @@
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
+ else if (!domain->p || !domain->q)
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ if (fips_mode() && nbits < 2048)
return GPG_ERR_INV_VALUE;
/* The random quality depends on the transient_key flag. */
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */

185
backport-libgcrypt-1.8.4-tests-fipsmode.patch
View File

@ -1,185 +0,0 @@
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
@@ -6964,7 +6964,7 @@ check_ciphers (void)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_EAX, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
@@ -7010,12 +7010,18 @@ check_cipher_modes(void)
check_cfb_cipher ();
check_ofb_cipher ();
check_ccm_cipher ();
- check_gcm_cipher ();
- check_poly1305_cipher ();
- check_ocb_cipher ();
+ if (!in_fips_mode)
+ {
+ check_gcm_cipher ();
+ check_poly1305_cipher ();
+ check_ocb_cipher ();
+ }
check_xts_cipher ();
check_eax_cipher ();
- check_gost28147_cipher ();
+ if (!in_fips_mode)
+ {
+ check_gost28147_cipher ();
+ }
check_stream_cipher ();
check_stream_cipher_large_block ();
@@ -10001,7 +10007,7 @@ check_mac (void)
show_mac_not_available (algos[i].algo);
continue;
}
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
{
if (verbose)
fprintf (stderr, " algorithm %d not available in fips mode\n",
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
/* If we are in fips mode do some more tests. */
gcry_md_hd_t md;
- /* First trigger a self-test. */
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("not in operational state after self-test\n");
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
gcry_md_close (md);
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("expected error state but still in operational state\n");
- else
- {
- /* Now run a self-test and to get back into
- operational state. */
- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
- fail ("did not reach operational after error "
- "and self-test\n");
- }
}
}
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
&& algo != GCRY_CIPHER_CHACHA20)
continue;
- if (modes[modeidx].req_blocksize > 0
- && blklen != modes[modeidx].req_blocksize)
+ if ((modes[modeidx].req_blocksize > 0
+ && blklen != modes[modeidx].req_blocksize)
+ || (in_fips_mode
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
{
printf (" %7s %7s", "-", "-" );
continue;
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
return;
/* GCM has restrictions for block-size */
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
return;
/* XTS has restrictions for block-size */
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
rc = gcry_sexp_new
(&key_spec,
"(genkey (dsa (transient-key)(domain"
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
+ " 2c8d7469db02e24d592394a7dba069e9#)"
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
+ " 7441a0a5#)"
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
")))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
" (use-fips186)"
" (transient-key)"
" (derive-parms"
- " (seed #f770a4598ff756931fc529764513b103ce57d85f4ad8c5cf297c9b4d48241c5b#))))",
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
@@ -560,6 +560,9 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
+ /* Curve25519 isn't supported in fips mode */
+ if (gcry_fips_mode_active())
+ return 77;
start_timer ();
check_cv25519 ();
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
@@ -174,7 +174,8 @@ main (int argc, char **argv)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
xgcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0));
- gcry_set_outofcore_handler (outofcore_handler, NULL);
+ if (!gcry_fips_mode_active ())
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
/* Libgcrypt prints a warning when the first overflow is allocated;
@@ -184,7 +185,8 @@ main (int argc, char **argv)
test_secmem ();
- test_secmem_overflow ();
+ if (!gcry_fips_mode_active ())
+ test_secmem_overflow ();
/* FIXME: We need to improve the tests, for example by registering
* our own log handler and comparing the output of
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */

77
backport-libgcrypt-1.8.4-use-poll.patch
View File

@ -1,77 +0,0 @@
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
@@ -32,6 +32,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <poll.h>
#if defined(__APPLE__) && defined(__MACH__)
#include <Availability.h>
#ifdef __MAC_10_11
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
return with something we will actually use 100ms. */
while (length)
{
- fd_set rfds;
- struct timeval tv;
int rc;
+ struct pollfd pfd;
/* If we have a modern operating system, we first try to use the new
* getentropy function. That call guarantees that the kernel's
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
any_need_entropy = 1;
}
- /* If the system has no limit on the number of file descriptors
- and we encounter an fd which is larger than the fd_set size,
- we don't use the select at all. The select code is only used
- to emit progress messages. A better solution would be to
- fall back to poll() if available. */
-#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE)
-#endif
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+
+ _gcry_pre_syscall ();
+ rc = poll(&pfd, 1, delay);
+ _gcry_post_syscall ();
+ if (!rc)
{
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = delay;
- tv.tv_usec = delay? 0 : 100000;
- _gcry_pre_syscall ();
- rc = select (fd+1, &rfds, NULL, NULL, &tv);
- _gcry_post_syscall ();
- if (!rc)
- {
- any_need_entropy = 1;
- delay = 3; /* Use 3 seconds henceforth. */
- continue;
- }
- else if( rc == -1 )
- {
- log_error ("select() error: %s\n", strerror(errno));
- if (!delay)
- delay = 1; /* Use 1 second if we encounter an error before
- we have ever blocked. */
- continue;
- }
+ any_need_entropy = 1;
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before
+ we have ever blocked. */
+ continue;
}
do

139
backport-libgcrypt-1.8.5-fips-module.patch
View File

@ -1,139 +0,0 @@
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
@@ -35,10 +35,6 @@
#include "hmac256.h"
-/* The name of the file used to force libgcrypt into fips mode. */
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
-
-
/* The states of the finite state machine used in fips mode. */
enum module_states
{
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
- /* For testing the system it is useful to override the system
- provided detection of the FIPS mode and force FIPS mode using a
- file. The filename is hardwired so that there won't be any
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
- actually used. The file itself may be empty. */
- if ( !access (FIPS_FORCE_FILE, F_OK) )
- {
- gcry_assert (!_gcry_no_fips_mode_required);
- goto leave;
- }
-
- /* Checking based on /proc file properties. */
- {
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
- FILE *fp;
- int saved_errno;
-
- fp = fopen (procfname, "r");
- if (fp)
- {
- char line[256];
-
- if (fgets (line, sizeof line, fp) && atoi (line))
- {
- /* System is in fips mode. */
- fclose (fp);
- gcry_assert (!_gcry_no_fips_mode_required);
- goto leave;
- }
- fclose (fp);
- }
- else if ((saved_errno = errno) != ENOENT
- && saved_errno != EACCES
- && !access ("/proc/version", F_OK) )
- {
- /* Problem reading the fips file despite that we have the proc
- file system. We better stop right away. */
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
- procfname, strerror (saved_errno));
-#ifdef HAVE_SYSLOG
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
- "reading `%s' failed: %s - abort",
- procfname, strerror (saved_errno));
-#endif /*HAVE_SYSLOG*/
- abort ();
- }
- }
-
/* Fips not not requested, set flag. */
_gcry_no_fips_mode_required = 1;
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
/*-- fips.c --*/
+/* The name of the file used to force libgcrypt into fips mode. */
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
+
extern int _gcry_no_fips_mode_required;
void _gcry_initialize_fips_mode (int force);
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
rv = access (FIPS_MODULE_PATH, F_OK);
if (rv < 0 && errno != ENOENT)
rv = 0;
+
+ /* For testing the system it is useful to override the system
+ provided detection of the FIPS mode and force FIPS mode using a
+ file. The filename is hardwired so that there won't be any
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
+ actually used. The file itself may be empty. */
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
+ {
+ rv = 0;
+ force_fips_mode = 1;
+ }
+
+ /* Checking based on /proc file properties. */
+ {
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
+ FILE *fp;
+ int saved_errno;
+
+ fp = fopen (procfname, "r");
+ if (fp)
+ {
+ char line[256];
+
+ if (fgets (line, sizeof line, fp) && atoi (line))
+ {
+ /* System is in fips mode. */
+ rv = 0;
+ force_fips_mode = 1;
+ }
+ fclose (fp);
+ }
+ else if ((saved_errno = errno) != ENOENT
+ && saved_errno != EACCES
+ && !access ("/proc/version", F_OK) )
+ {
+ /* Problem reading the fips file despite that we have the proc
+ file system. We better stop right away. */
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
+ procfname, strerror (saved_errno));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "reading `%s' failed: %s - abort",
+ procfname, strerror (saved_errno));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+ }
if (!rv)
{

277
backport-libgcrypt-1.8.5-getrandom.patch
View File

@ -1,277 +0,0 @@
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
/*-- random-csprng.c --*/
void _gcry_rngcsprng_initialize (int full);
+void _gcry_rngcsprng_deinit (void);
void _gcry_rngcsprng_close_fds (void);
void _gcry_rngcsprng_dump_stats (void);
void _gcry_rngcsprng_secure_alloc (void);
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
/*-- random-drbg.c --*/
void _gcry_rngdrbg_inititialize (int full);
+void _gcry_rngdrbg_deinit (void);
void _gcry_rngdrbg_close_fds (void);
void _gcry_rngdrbg_dump_stats (void);
int _gcry_rngdrbg_is_faked (void);
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
+ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
}
+/* Deinitialize this random subsystem. */
+void
+_gcry_random_deinit (void)
+{
+ if (fips_mode ())
+ _gcry_rngdrbg_deinit ();
+ else if (rng_types.standard)
+ _gcry_rngcsprng_deinit ();
+ else if (rng_types.fips)
+ _gcry_rngdrbg_deinit ();
+ else
+ _gcry_rngcsprng_deinit ();
+ /* not needed for system */
+}
+
+
/* If possible close file descriptors used by the RNG. */
void
_gcry_random_close_fds (void)
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
#endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
}
+void
+_gcry_rngcsprng_deinit (void)
+{
+ lock_pool();
+ pool_writepos = 0;
+ pool_readpos = 0;
+ pool_filled = 0;
+ pool_filled_counter = 0;
+ did_initial_extra_seeding = 0;
+ pool_balance = 0;
+ just_mixed = 0;
+ unlock_pool();
+}
+
+
/* Try to close the FDs of the random gather module. This is
currently only implemented for rndlinux. */
void
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+ char buffer[1];
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret != -1 || errno != ENOSYS)
+ {
+ fnc = _gcry_rndlinux_gather_random;
+ return fnc;
+ }
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
}
/*
+ * Deinitialize the DRBG invoked by the libgcrypt API
+ * It will be automatically re-initialized on next call
+ */
+void
+_gcry_rngdrbg_deinit (void)
+{
+ drbg_lock ();
+ if (drbg_state)
+ {
+ drbg_uninstantiate (drbg_state);
+ drbg_state = NULL;
+ }
+ drbg_unlock ();
+}
+
+/*
* Backend handler function for GCRYCTL_DRBG_REINIT
*
* Select a different DRBG type and initialize it.
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
void _gcry_set_preferred_rng_type (int type);
void _gcry_random_initialize (int full);
+void _gcry_random_deinit (void);
void _gcry_random_close_fds (void);
int _gcry_get_rng_type (int ignore_fips_mode);
void _gcry_random_dump_stats(void);
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
@@ -35,6 +35,7 @@
#if defined(__linux__) || !defined(HAVE_GETENTROPY)
#ifdef HAVE_SYSCALL
# include <sys/syscall.h>
+# include <linux/random.h>
# ifdef __NR_getrandom
# define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
# endif
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
if (!add)
{
/* Special mode to close the descriptors. */
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
apid = getpid ();
if (my_pid != apid)
{
- if (fd_random != -1)
+ if (fd_random >= 0)
{
close (fd_random);
fd_random = -1;
}
- if (fd_urandom != -1)
+ if (fd_urandom >= 0)
{
close (fd_urandom);
fd_urandom = -1;
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
+ {
+ long ret;
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ {
+ fd_urandom = -2;
+ fd_random = -2;
+ }
+ }
+#endif
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
{
if (fd_random == -1)
{
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
- ; /* getentropy is not supported - fallback to pulling from fd. */
- else
+ if (1)
{ /* getentropy is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getentropy: %s\n",
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
-
+int _gcry_in_constructor (void);
#endif /* G10LIB_H */
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
@@ -145,10 +145,18 @@ global_init (void)
#define FIPS_MODULE_PATH "/etc/system-fips"
#endif
+static int in_constructor = 0;
+
+int _gcry_in_constructor(void)
+{
+ return in_constructor;
+}
+
void __attribute__ ((constructor)) _gcry_global_constructor (void)
{
int rv;
+ in_constructor = 1;
rv = access (FIPS_MODULE_PATH, F_OK);
if (rv < 0 && errno != ENOENT)
rv = 0;
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
/* force selftests */
global_init();
_gcry_fips_run_selftests (0);
- if (!fips_mode())
- _gcry_random_close_fds ();
+ _gcry_random_close_fds ();
+ _gcry_random_deinit ();
no_secure_memory = no_secmem_save;
}
+
+ in_constructor = 0;
}
/* This function is called by the macro fips_is_operational and makes

34
backport-libgcrypt-1.8.5-intel-cet.patch
View File

@ -1,34 +0,0 @@
From b04c0a86b19856071c29d2a6285f3240c606ee7a Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 27 Apr 2021 09:08:41 -0700
Subject: [PATCH] Always include <config.h> in cipher assembly codes
* cipher/poly1305-s390x.S: Always include <config.h>.
When Intel CET is enabled, we need to include <cet.h> in assembly codes
to mark Intel CET support even if it is empty. We should always include
<config.h> in cipher assembly codes so that they will be marked for
Intel CET support when compiling for x86-64 and i686.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
cipher/poly1305-s390x.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cipher/poly1305-s390x.S b/cipher/poly1305-s390x.S
index 844245f6..28bed560 100644
--- a/cipher/poly1305-s390x.S
+++ b/cipher/poly1305-s390x.S
@@ -18,8 +18,8 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
#include <config.h>
+#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
#if defined(HAVE_GCC_INLINE_ASM_S390X)
#include "asm-poly1305-s390x.h"
--
GitLab

77
backport-libgcrypt-1.8.5-use-fipscheck.patch
View File

@ -1,77 +0,0 @@
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
@@ -581,23 +581,50 @@ run_random_selftests (void)
return !!err;
}
+#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+#endif
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
-
- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -605,7 +632,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -614,7 +641,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;

BIN
libgcrypt-1.10.2.tar.bz2 Normal file
View File

Binary file not shown.

BIN
libgcrypt-1.9.4.tar.bz2
View File

Binary file not shown.

22
libgcrypt.spec
View File

@ -3,7 +3,7 @@
%global hmackey orboDeJITITejsirpADONivirpUkvarP
Name: libgcrypt
Version: 1.9.4
Version: 1.10.2
Release: 1
Summary: A general-purpose cryptography library
License: LGPLv2+
@ -11,19 +11,7 @@ URL: https://www.gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
Source7: random.conf
Patch0: backport-libgcrypt-1.8.5-use-fipscheck.patch
Patch1: backport-libgcrypt-1.8.4-fips-keygen.patch
Patch2: backport-libgcrypt-1.8.4-tests-fipsmode.patch
Patch3: backport-libgcrypt-1.7.3-fips-cavs.patch
Patch4: backport-libgcrypt-1.8.4-use-poll.patch
Patch5: backport-libgcrypt-1.6.1-mpicoder-gccopt.patch
Patch6: backport-libgcrypt-1.7.3-ecc-test-fix.patch
Patch7: backport-libgcrypt-1.8.3-fips-ctor.patch
Patch8: backport-libgcrypt-1.8.5-getrandom.patch
Patch9: backport-libgcrypt-1.8.3-fips-enttest.patch
Patch10: backport-libgcrypt-1.8.3-md-fips-enforce.patch
Patch11: backport-libgcrypt-1.8.5-intel-cet.patch
Patch12: backport-libgcrypt-1.8.5-fips-module.patch
Patch0: Use-the-compiler-switch-O0-for-compiling-jitterentro.patch
BuildRequires: gcc texinfo autoconf automake libtool
BuildRequires: gawk libgpg-error-devel >= 1.11 pkgconfig
@ -131,6 +119,12 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
%{_infodir}/gcrypt.info*
%changelog
* Mon Jul 24 2023 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 1.10.2-1
- Type:requirements
- ID:NA
- SUG:NA
- DESC:Update version to 1.10.1
* Thu Dec 30 2021 zoulin <zoulin13@huawei.com> - 1.9.4-1
- Type:requirements
- ID:NA