Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory
checked in at 2021-02-08 11:47:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Mon Feb 8 11:47:03 2021 rev:84 rq:868946 version:1.9.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2020-10-29
09:21:26.554638072 +0100
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new.28504/libgcrypt.changes
2021-02-08 11:47:05.589677498 +0100
@@ -1,0 +2,89 @@
+Tue Feb 2 01:06:47 UTC 2021 - Pedro Monreal <[email protected]>
+
+- Update to 1.9.1
+ * *Fix exploitable bug* in hash functions introduced with
+ 1.9.0. [bsc#1181632, CVE-2021-3345]
+ * Return an error if a negative MPI is used with sexp scan
+ functions.
+ * Check for operational FIPS in the random and KDF functions.
+ * Fix compile error on ARMv7 with NEON disabled.
+ * Fix self-test in KDF module.
+ * Improve assembler checks for better LTO support.
+ * Fix 32-bit cross build on x86.
+ * Fix non-NEON ARM assembly implementation for SHA512.
+ * Fix build problems with the cipher_bulk_ops_t typedef.
+ * Fix Ed25519 private key handling for preceding ZEROs.
+ * Fix overflow in modular inverse implementation.
+ * Fix register access for AVX/AVX2 implementations of Blake2.
+ * Add optimized cipher and hash functions for s390x/zSeries.
+ * Use hardware bit counting functionx when available.
+ * Update DSA functions to match FIPS 186-3.
+ * New self-tests for CMACs and KDFs.
+ * Add bulk cipher functions for OFB and GCM modes.
+- Update libgpg-error required version
+
+-------------------------------------------------------------------
+Tue Feb 1 12:03:31 UTC 2021 - Pedro Monreal <[email protected]>
+
+- Use the suffix variable correctly in get_hmac_path()
+- Rebase libgcrypt-fips_selftest_trigger_file.patch
+
+-------------------------------------------------------------------
+Mon Jan 25 12:38:35 UTC 2021 - Pedro Monreal <[email protected]>
+
+- Add the global config file /etc/gcrypt/random.conf
+ * This file can be used to globally change parameters of the random
+ generator with the options: only-urandom and disable-jent.
+
+-------------------------------------------------------------------
+Thu Jan 21 15:42:15 UTC 2021 - Pedro Monreal <[email protected]>
+
+- Update to 1.9.0:
+ New stable branch of Libgcrypt with full API and ABI compatibility
+ to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
+ * New and extended interfaces:
+ - New curves Ed448, X448, and SM2.
+ - New cipher mode EAX.
+ - New cipher algo SM4.
+ - New hash algo SM3.
+ - New hash algo variants SHA512/224 and SHA512/256.
+ - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
+ SM3, SM4 and for a GOST variant.
+ - New convenience function gcry_mpi_get_ui.
+ - gcry_sexp_extract_param understands new format specifiers to
+ directly store to integers and strings.
+ - New function gcry_ecc_mul_point and curve constants for Curve448
+ and Curve25519.
+ - New function gcry_ecc_get_algo_keylen.
+ - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
+ secure memory area.
+ * Performance optimizations and bug fixes: See Release-info.
+ * Other features:
+ - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
+ - Add mitigation against ECC timing attack CVE-2019-13627.
+ - Internal cleanup of the ECC implementation.
+ - Support reading EC point in compressed format for some curves.
+- Rebase patches:
+ * libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
+ * libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
+ * libgcrypt-1.6.1-use-fipscheck.patch
+ * drbg_test.patch
+ * libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
+ * libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
+ * libgcrypt-1.8.4-fips-keygen.patch
+ * libgcrypt-1.8.4-getrandom.patch
+ * libgcrypt-fix-tests-fipsmode.patch
+ * libgcrypt-global_init-constructor.patch
+ * libgcrypt-ecc-ecdsa-no-blinding.patch
+ * libgcrypt-PCT-RSA.patch
+ * libgcrypt-PCT-ECC.patch
+- Remove patches:
+ * libgcrypt-unresolved-dladdr.patch
+ * libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
+ * libgcrypt-CVE-2019-12904-GCM.patch
+ * libgcrypt-CVE-2019-12904-AES.patch
+ * libgcrypt-CMAC-AES-TDES-selftest.patch
+ * libgcrypt-1.6.1-fips-cfgrandom.patch
+ * libgcrypt-fips_rsa_no_enforced_mode.patch
+
+-------------------------------------------------------------------
Old:
----
libgcrypt-1.6.1-fips-cfgrandom.patch
libgcrypt-1.8.7.tar.bz2
libgcrypt-1.8.7.tar.bz2.sig
libgcrypt-CMAC-AES-TDES-selftest.patch
libgcrypt-CVE-2019-12904-AES.patch
libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
libgcrypt-CVE-2019-12904-GCM.patch
libgcrypt-fips_rsa_no_enforced_mode.patch
libgcrypt-unresolved-dladdr.patch
New:
----
libgcrypt-1.9.1.tar.bz2
libgcrypt-1.9.1.tar.bz2.sig
random.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.269680222 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.273680228 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libgcrypt
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
%define libsoname %{name}%{libsover}
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
-Version: 1.8.7
+Version: 1.9.1
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -31,67 +31,55 @@
Source:
https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
Source1:
https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
-Source4: %{name}.keyring
# https://www.gnupg.org/signature_key.en.html
+Source4: libgcrypt.keyring
# cavs test framework
Source5: cavs-test.sh
Source6: cavs_driver.pl
-Source99: %{name}.changes
-Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch
-Patch4: %{name}-sparcv9.diff
-#PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS)
-#was: libgcrypt-1.5.0-as-needed.patch
-Patch5: libgcrypt-unresolved-dladdr.patch
+Source7: random.conf
+Source99: libgcrypt.changes
+Patch1: libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
+Patch2: libgcrypt-sparcv9.diff
#PATCH-FIX-SUSE: N/A
-Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
-Patch12: libgcrypt-1.6.1-use-fipscheck.patch
-Patch13: libgcrypt-1.6.1-fips-cavs.patch
-#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
-Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
-Patch28: libgcrypt-fix-rng.patch
+Patch3: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
+Patch4: libgcrypt-1.6.1-use-fipscheck.patch
+Patch5: libgcrypt-1.6.1-fips-cavs.patch
+Patch6: libgcrypt-fix-rng.patch
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
-Patch30: drbg_test.patch
+Patch7: drbg_test.patch
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-sign
-Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
+Patch8: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
-Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
-Patch39: libgcrypt-1.8.3-fips-ctor.patch
-Patch42: libgcrypt-fips_rsa_no_enforced_mode.patch
-Patch43: libgcrypt-1.8.4-use_xfree.patch
-Patch44: libgcrypt-1.8.4-allow_FSM_same_state.patch
-Patch45: libgcrypt-1.8.4-getrandom.patch
-#PATCH-FIX-UPSTREAM bsc#1138939 CVE-2019-12904 C implementation of AES is
-#vulnerable to a flush-and-reload side-channel attack
-Patch46: libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
-Patch47: libgcrypt-CVE-2019-12904-GCM.patch
-Patch48: libgcrypt-CVE-2019-12904-AES.patch
-Patch49: libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
-#PATCH-FIX-SUSE bsc#1155338 bsc#1155338 FIPS: CMAC AES and TDES self tests
missing
-Patch50: libgcrypt-CMAC-AES-TDES-selftest.patch
+Patch9: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
+Patch10: libgcrypt-1.8.3-fips-ctor.patch
+Patch11: libgcrypt-1.8.4-use_xfree.patch
+Patch12: libgcrypt-1.8.4-allow_FSM_same_state.patch
+Patch13: libgcrypt-1.8.4-getrandom.patch
+Patch14: libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
#PATCH-FIX-SUSE Fix test in FIPS mode
-Patch51: libgcrypt-dsa-rfc6979-test-fix.patch
-Patch52: libgcrypt-fix-tests-fipsmode.patch
+Patch15: libgcrypt-dsa-rfc6979-test-fix.patch
+Patch16: libgcrypt-fix-tests-fipsmode.patch
#PATCH-FIX-SUSE bsc#1155337 FIPS: RSA/DSA/ECDSA are missing hashing operation
-Patch53: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
+Patch17: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
#PATCH-FIX-SUSE bsc#1161220 FIPS: libgcrypt RSA siggen/keygen: 4k not supported
-Patch54: libgcrypt-1.8.4-fips-keygen.patch
+Patch18: libgcrypt-1.8.4-fips-keygen.patch
#PATCH-FIX-SUSE bsc#1164950 Run self-tests from the constructor
-Patch55: libgcrypt-invoke-global_init-from-constructor.patch
+Patch19: libgcrypt-invoke-global_init-from-constructor.patch
#PATCH-FIX-SUSE bsc#1164950 Restore the self-tests from the constructor
-Patch56: libgcrypt-Restore-self-tests-from-constructor.patch
-Patch57: libgcrypt-FIPS-GMAC_AES-benckmark.patch
-Patch58: libgcrypt-global_init-constructor.patch
-Patch59: libgcrypt-random_selftests-testentropy.patch
-Patch60: libgcrypt-rsa-no-blinding.patch
-Patch61: libgcrypt-ecc-ecdsa-no-blinding.patch
+Patch20: libgcrypt-Restore-self-tests-from-constructor.patch
+Patch21: libgcrypt-FIPS-GMAC_AES-benckmark.patch
+Patch22: libgcrypt-global_init-constructor.patch
+Patch23: libgcrypt-random_selftests-testentropy.patch
+Patch24: libgcrypt-rsa-no-blinding.patch
+Patch25: libgcrypt-ecc-ecdsa-no-blinding.patch
#PATCH-FIX-SUSE bsc#1165539 FIPS: Use the new signature operation in PCT
-Patch62: libgcrypt-PCT-RSA.patch
-Patch63: libgcrypt-PCT-DSA.patch
-Patch64: libgcrypt-PCT-ECC.patch
-Patch65: libgcrypt-fips_selftest_trigger_file.patch
+Patch26: libgcrypt-PCT-RSA.patch
+Patch27: libgcrypt-PCT-DSA.patch
+Patch28: libgcrypt-PCT-ECC.patch
+Patch29: libgcrypt-fips_selftest_trigger_file.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
-BuildRequires: libgpg-error-devel >= 1.25
+BuildRequires: libgpg-error-devel >= 1.27
BuildRequires: libtool
BuildRequires: pkgconfig
@@ -128,7 +116,7 @@
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
-Requires: libgpg-error-devel >= 1.13
+Requires: libgpg-error-devel >= 1.27
Requires(post): %{install_info_prereq}
%description devel
@@ -156,7 +144,7 @@
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
-Requires: libgpg-error-devel
+Requires: libgpg-error-devel >= 1.27
Requires(post): %{install_info_prereq}
%description hmac256
@@ -165,7 +153,7 @@
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
-%endif # #if separate_hmac256_binary
+%endif
%prep
%setup -q
@@ -223,6 +211,10 @@
touch %{buildroot}/%{_libdir}/.%{name}.so.%{libsover}.fips
%endif
+# Create /etc/gcrypt directory and install random.conf
+mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/gcrypt
+install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/gcrypt/random.conf
+
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%post devel
@@ -234,14 +226,16 @@
%files -n %{libsoname}
%license COPYING.LIB
%{_libdir}/%{name}.so.*
+%dir %{_sysconfdir}/gcrypt
+%config(noreplace) %{_sysconfdir}/gcrypt/random.conf
%if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.*.hmac
-%endif # %%if 0%%{?build_hmac256}
+%endif
%files -n %{libsoname}-hmac
%if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.*.fips
-%endif # %%if 0%%{?build_hmac256}
+%endif
%files devel
%license COPYING COPYING.LIB
@@ -257,7 +251,7 @@
%if 0%{?separate_hmac256_binary}
%files hmac256
-%endif # %%if 0%%{?separate_hmac256_binary}
+%endif
%{_bindir}/hmac256
%{_bindir}/.hmac256.hmac
%doc %{_mandir}/man1/hmac256.1*
++++++ drbg_test.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.349680352 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.349680352 +0100
@@ -1,7 +1,7 @@
-Index: libgcrypt-1.7.2/tests/drbg_test.c
+Index: libgcrypt-1.9.0/tests/drbg_test.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ libgcrypt-1.7.2/tests/drbg_test.c 2016-08-16 16:04:52.289060124 +0200
+--- /dev/null
++++ libgcrypt-1.9.0/tests/drbg_test.c
@@ -0,0 +1,1332 @@
+/* DRBG test for libgcrypt
+ Copyright (C) 2014 Stephan Mueller <[email protected]>
@@ -1335,11 +1335,26 @@
+ return 0;
+}
+
-Index: libgcrypt-1.7.2/Makefile.am
+Index: libgcrypt-1.9.0/Makefile.am
===================================================================
---- libgcrypt-1.7.2.orig/Makefile.am 2016-08-16 15:57:43.397736723 +0200
-+++ libgcrypt-1.7.2/Makefile.am 2016-08-16 15:57:44.341752563 +0200
-@@ -42,6 +42,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
+--- libgcrypt-1.9.0.orig/Makefile.am
++++ libgcrypt-1.9.0/Makefile.am
+@@ -39,6 +39,14 @@ else
+ doc =
+ endif
+
++bin_PROGRAMS = fipsdrv drbg_test
++
++fipsdrv_SOURCES = tests/fipsdrv.c
++fipsdrv_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
++
++drbg_test_CPPFLAGS = -I../src -I$(top_srcdir)/src
++drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
++drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+
+ DIST_SUBDIRS = m4 compat mpi cipher random src doc tests
+ SUBDIRS = compat mpi cipher random src $(doc) tests
+@@ -51,6 +59,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
DISTCLEANFILES =
@@ -1352,5 +1367,5 @@
+drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
+drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
- # Add all the files listed in "distfiles" files to the distribution,
- # apply version number s to some files and create a VERSION file which
+ # Add all the files listed in "distfiles" files to the distribution
+ dist-hook: gen-ChangeLog
++++++ libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.361680371 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.361680371 +0100
@@ -1,16 +1,17 @@
-Index: libgcrypt-1.8.3/cipher/Makefile.am
+Index: libgcrypt-1.9.0/cipher/Makefile.am
===================================================================
---- libgcrypt-1.8.3.orig/cipher/Makefile.am
-+++ libgcrypt-1.8.3/cipher/Makefile.am
-@@ -128,3 +128,11 @@ tiger.o: $(srcdir)/tiger.c
+--- libgcrypt-1.9.0.orig/cipher/Makefile.am
++++ libgcrypt-1.9.0/cipher/Makefile.am
+@@ -155,6 +155,12 @@ tiger.o: $(srcdir)/tiger.c Makefile
+ tiger.lo: $(srcdir)/tiger.c Makefile
+ `echo $(LTCOMPILE) -c $< | $(o_flag_munging) `
- tiger.lo: $(srcdir)/tiger.c
- `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
-+
+# rijndael.c needs -fno-strict-aliasing
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
-+
+
+ # We need to disable instrumentation for these modules as they use cc as
+ # thin assembly front-end and do not tolerate in-between function calls
++++++ libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.373680390 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.373680390 +0100
@@ -17,7 +17,7 @@
+
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
+ {
-+ gcry_assert (!no_fips_mode_required);
++ gcry_assert (!_gcry_no_fips_mode_required);
+ goto leave;
+ }
+
++++++ libgcrypt-1.6.1-use-fipscheck.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.389680417 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.389680417 +0100
@@ -3,27 +3,15 @@
src/fips.c | 39 ++++++++++++++++++++++++++++++++-------
2 files changed, 33 insertions(+), 8 deletions(-)
-Index: libgcrypt-1.6.2/src/Makefile.in
+Index: libgcrypt-1.9.0/src/fips.c
===================================================================
---- libgcrypt-1.6.2.orig/src/Makefile.in 2014-11-05 20:33:18.000000000
+0000
-+++ libgcrypt-1.6.2/src/Makefile.in 2014-11-05 20:34:04.000000000 +0000
-@@ -449,7 +449,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
- ../cipher/libcipher.la \
- ../random/librandom.la \
- ../mpi/libmpi.la \
-- ../compat/libcompat.la $(GPG_ERROR_LIBS)
-+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
-
- dumpsexp_SOURCES = dumpsexp.c
- dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
-Index: libgcrypt-1.6.2/src/fips.c
-===================================================================
---- libgcrypt-1.6.2.orig/src/fips.c 2014-11-05 20:33:18.000000000 +0000
-+++ libgcrypt-1.6.2/src/fips.c 2014-11-05 20:34:04.000000000 +0000
-@@ -589,23 +589,48 @@ run_random_selftests (void)
+--- libgcrypt-1.9.0.orig/src/fips.c
++++ libgcrypt-1.9.0/src/fips.c
+@@ -603,23 +603,49 @@ run_random_selftests (void)
return !!err;
}
++#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path,
size_t pathlen)
+{
@@ -31,23 +19,23 @@
+ void *dl, *sym;
+ int rv = -1;
+
-+ dl = dlopen(libname, RTLD_LAZY);
-+ if (dl == NULL) {
-+ return -1;
-+ }
++ dl = dlopen(libname, RTLD_LAZY);
++ if (dl == NULL)
++ return -1;
+
+ sym = dlsym(dl, symbolname);
++ if (sym != NULL && dladdr(sym, &info))
++ {
++ strncpy(path, info.dli_fname, pathlen-1);
++ path[pathlen-1] = '\0';
++ rv = 0;
++ }
+
-+ if (sym != NULL && dladdr(sym, &info)) {
-+ strncpy(path, info.dli_fname, pathlen-1);
-+ path[pathlen-1] = '\0';
-+ rv = 0;
-+ }
++ dlclose(dl);
+
-+ dlclose(dl);
-+
+ return rv;
+}
++#endif
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
@@ -61,10 +49,9 @@
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
--
-- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
-+
+
+- if (!dladdr ("gcry_check_version", &info))
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath,
sizeof(libpath)))
err = gpg_error_from_syserror ();
else
@@ -74,7 +61,7 @@
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
-@@ -613,7 +638,7 @@ check_binary_integrity (void)
+@@ -627,7 +652,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
@@ -83,7 +70,7 @@
if (!fname)
err = gpg_error_from_syserror ();
else
-@@ -622,7 +647,7 @@ check_binary_integrity (void)
+@@ -636,7 +661,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
++++++ libgcrypt-1.8.3-fips-ctor.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.397680430 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.397680430 +0100
@@ -1,8 +1,8 @@
-Index: libgcrypt-1.8.4/cipher/md.c
+Index: libgcrypt-1.9.0/cipher/md.c
===================================================================
---- libgcrypt-1.8.4.orig/cipher/md.c 2019-03-25 16:58:52.844354398 +0100
-+++ libgcrypt-1.8.4/cipher/md.c 2019-03-25 16:58:53.512358321 +0100
-@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith
+--- libgcrypt-1.9.0.orig/cipher/md.c
++++ libgcrypt-1.9.0/cipher/md.c
+@@ -564,11 +564,8 @@ md_enable (gcry_md_hd_t hd, int algorith
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
@@ -14,14 +14,15 @@
err = GPG_ERR_DIGEST_ALGO;
}
}
-Index: libgcrypt-1.8.4/src/fips.c
+Index: libgcrypt-1.9.0/src/fips.c
===================================================================
---- libgcrypt-1.8.4.orig/src/fips.c 2019-03-25 16:58:52.844354398 +0100
-+++ libgcrypt-1.8.4/src/fips.c 2019-03-25 16:58:53.516358344 +0100
-@@ -91,6 +91,31 @@ static void fips_new_state (enum module_
+--- libgcrypt-1.9.0.orig/src/fips.c
++++ libgcrypt-1.9.0/src/fips.c
+@@ -90,7 +90,31 @@ static void fips_new_state (enum module_
+ #define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p))
- �
+-�
+/* Initialize the FSM lock - this function may only
+ be called once and is intended to be run from the library
+ constructor */
@@ -46,11 +47,11 @@
+ abort ();
+ }
+}
-+�
++
/* Check whether the OS is in FIPS mode and record that in a module
local variable. If FORCE is passed as true, fips mode will be
enabled anyway. Note: This function is not thread-safe and should
-@@ -100,7 +125,6 @@ void
+@@ -100,7 +124,6 @@ void
_gcry_initialize_fips_mode (int force)
{
static int done;
@@ -58,7 +59,7 @@
/* Make sure we are not accidentally called twice. */
if (done)
-@@ -190,24 +214,6 @@ _gcry_initialize_fips_mode (int force)
+@@ -190,24 +213,6 @@ _gcry_initialize_fips_mode (int force)
/* Yes, we are in FIPS mode. */
FILE *fp;
@@ -83,7 +84,7 @@
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
-@@ -370,16 +376,20 @@ _gcry_fips_is_operational (void)
+@@ -356,16 +361,20 @@ _gcry_fips_is_operational (void)
{
int result;
@@ -92,7 +93,7 @@
+ if (current_state == STATE_POWERON && !fips_mode ())
+ /* If we are at this point in POWERON state it means the FIPS
+ module installation was not completed. (/etc/system-fips
-+ is not present.) */
++ is not present.) */
result = 1;
else
{
@@ -110,7 +111,7 @@
initialization of libgcrypt, but that has traditionally
not been enforced, we use this on demand self-test
checking. Note that Proper applications would do the
-@@ -395,9 +405,11 @@ _gcry_fips_is_operational (void)
+@@ -381,9 +390,11 @@ _gcry_fips_is_operational (void)
lock_fsm ();
}
@@ -124,7 +125,7 @@
return result;
}
-@@ -722,9 +734,25 @@ _gcry_fips_run_selftests (int extended)
+@@ -729,9 +740,25 @@ _gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
@@ -152,14 +153,17 @@
if (run_cipher_selftests (extended))
goto leave;
-@@ -743,18 +771,12 @@ _gcry_fips_run_selftests (int extended)
+@@ -753,21 +780,12 @@ _gcry_fips_run_selftests (int extended)
if (run_pubkey_selftests (extended))
goto leave;
-- /* Now check the integrity of the binary. We do this this after
-- having checked the HMAC code. */
-- if (check_binary_integrity ())
-- goto leave;
+- if (fips_mode ())
+- {
+- /* Now check the integrity of the binary. We do this this after
+- having checked the HMAC code. */
+- if (check_binary_integrity ())
+- goto leave;
+- }
-
/* All selftests passed. */
result = STATE_OPERATIONAL;
@@ -172,7 +176,7 @@
return ec;
}
-@@ -810,6 +832,7 @@ fips_new_state (enum module_states new_s
+@@ -823,6 +841,7 @@ fips_new_state (enum module_states new_s
{
case STATE_POWERON:
if (new_state == STATE_INIT
@@ -180,7 +184,7 @@
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
-@@ -824,6 +847,8 @@ fips_new_state (enum module_states new_s
+@@ -837,6 +856,8 @@ fips_new_state (enum module_states new_s
case STATE_SELFTEST:
if (new_state == STATE_OPERATIONAL
@@ -189,11 +193,11 @@
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
-Index: libgcrypt-1.8.4/src/global.c
+Index: libgcrypt-1.9.0/src/global.c
===================================================================
---- libgcrypt-1.8.4.orig/src/global.c 2019-03-25 16:58:52.844354398 +0100
-+++ libgcrypt-1.8.4/src/global.c 2019-03-25 16:58:53.516358344 +0100
-@@ -145,6 +145,29 @@ global_init (void)
+--- libgcrypt-1.9.0.orig/src/global.c
++++ libgcrypt-1.9.0/src/global.c
+@@ -141,6 +141,29 @@ global_init (void)
}
@@ -223,38 +227,40 @@
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
-@@ -675,8 +698,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
+@@ -672,9 +695,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+- rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+ && !_gcry_is_fips_mode_inactive ())
- rc = GPG_ERR_GENERAL; /* Used as TRUE value */
++ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
-@@ -753,9 +775,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
+ case GCRYCTL_FORCE_FIPS_MODE:
+@@ -750,9 +772,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
-- if (!any_init_done)
-+ if (fips_mode ())
+- if (!_gcry_global_any_init_done)
++ if (fips_mode())
{
- /* Not yet initialized at all. Set the enforced fips mode flag */
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
_gcry_set_preferred_rng_type (0);
_gcry_set_enforced_fips_mode ();
}
-Index: libgcrypt-1.8.4/src/g10lib.h
+Index: libgcrypt-1.9.0/src/g10lib.h
===================================================================
---- libgcrypt-1.8.4.orig/src/g10lib.h 2019-03-25 16:58:52.844354398 +0100
-+++ libgcrypt-1.8.4/src/g10lib.h 2019-03-25 16:58:53.516358344 +0100
-@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
+--- libgcrypt-1.9.0.orig/src/g10lib.h
++++ libgcrypt-1.9.0/src/g10lib.h
+@@ -429,6 +429,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
- /*-- fips.c --*/
+ extern int _gcry_no_fips_mode_required;
+void _gcry_initialize_fsm_lock (void);
+
void _gcry_initialize_fips_mode (int force);
- int _gcry_fips_mode (void);
+ /* This macro returns true if fips mode is enabled. This is
++++++ libgcrypt-1.8.4-fips-keygen.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.413680455 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.413680455 +0100
@@ -1,33 +1,32 @@
-Index: libgcrypt-1.8.2/cipher/dsa.c
+Index: libgcrypt-1.9.1/cipher/dsa.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/dsa.c
-+++ libgcrypt-1.8.2/cipher/dsa.c
-@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
+--- libgcrypt-1.9.1.orig/cipher/dsa.c
++++ libgcrypt-1.9.1/cipher/dsa.c
+@@ -457,13 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
-- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
+ else if (!domain->p || !domain->q)
-+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
-+ initial_seed.seed,
-+ initial_seed.seedlen,
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
-+ {
-+ /* Domain parameters p and q are given; use them. */
-+ prime_p = mpi_copy (domain->p);
-+ prime_q = mpi_copy (domain->q);
-+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
-+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
-+ ec = 0;
-+ }
++ {
++ /* Domain parameters p and q are given; use them. */
++ prime_p = mpi_copy (domain->p);
++ prime_q = mpi_copy (domain->q);
++ gcry_assert (mpi_get_nbits (prime_p) == nbits);
++ gcry_assert (mpi_get_nbits (prime_q) == qbits);
++ ec = 0;
++ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
-@@ -857,13 +868,12 @@ dsa_generate (const gcry_sexp_t genparms
+@@ -859,13 +868,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
@@ -43,15 +42,15 @@
return GPG_ERR_MISSING_VALUE;
}
-Index: libgcrypt-1.8.2/cipher/rsa.c
+Index: libgcrypt-1.9.1/cipher/rsa.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/rsa.c
-+++ libgcrypt-1.8.2/cipher/rsa.c
+--- libgcrypt-1.9.1.orig/cipher/rsa.c
++++ libgcrypt-1.9.1/cipher/rsa.c
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
-- if (fips_mode() && nbits != 2048 && nbits != 3072)
+- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ if (fips_mode() && nbits < 2048)
return GPG_ERR_INV_VALUE;
++++++ libgcrypt-1.8.4-getrandom.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:07.425680475 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:07.425680475 +0100
@@ -1,7 +1,7 @@
-Index: libgcrypt-1.8.4/random/random-csprng.c
+Index: libgcrypt-1.9.1/random/random-csprng.c
===================================================================
---- libgcrypt-1.8.4.orig/random/random-csprng.c
-+++ libgcrypt-1.8.4/random/random-csprng.c
+--- libgcrypt-1.9.1.orig/random/random-csprng.c
++++ libgcrypt-1.9.1/random/random-csprng.c
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
@@ -13,7 +13,7 @@
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
-@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
+@@ -1202,6 +1206,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
@@ -31,39 +31,69 @@
+ return fnc;
+ }
+ else
-+ /* The syscall is not supported - fallback to /dev/urandom. */
++ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
-Index: libgcrypt-1.8.4/random/random.c
+Index: libgcrypt-1.9.1/random/random.c
===================================================================
---- libgcrypt-1.8.4.orig/random/random.c
-+++ libgcrypt-1.8.4/random/random.c
+--- libgcrypt-1.9.1.orig/random/random.c
++++ libgcrypt-1.9.1/random/random.c
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
-+ if (!fp) /* We make only_urandom the default. */
++ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
-Index: libgcrypt-1.8.4/random/rndlinux.c
+Index: libgcrypt-1.9.1/random/rndlinux.c
===================================================================
---- libgcrypt-1.8.4.orig/random/rndlinux.c
-+++ libgcrypt-1.8.4/random/rndlinux.c
-@@ -34,6 +34,7 @@
- #include <fcntl.h>
- #if defined(__linux__) && defined(HAVE_SYSCALL)
+--- libgcrypt-1.9.1.orig/random/rndlinux.c
++++ libgcrypt-1.9.1/random/rndlinux.c
+@@ -39,6 +39,7 @@ extern int getentropy (void *buf, size_t
+ #if defined(__linux__) || !defined(HAVE_GETENTROPY)
+ #ifdef HAVE_SYSCALL
# include <sys/syscall.h>
+# include <linux/random.h>
- #endif
-
- #include "types.h"
-@@ -248,6 +249,18 @@ _gcry_rndlinux_gather_random (void (*add
+ # ifdef __NR_getrandom
+ # define getentropy(buf,buflen) syscall (__NR_getrandom, buf, buflen, 0)
+ # endif
+@@ -155,12 +156,12 @@ _gcry_rndlinux_gather_random (void (*add
+ if (!add)
+ {
+ /* Special mode to close the descriptors. */
+- if (fd_random != -1)
++ if (fd_random >= 0)
+ {
+ close (fd_random);
+ fd_random = -1;
+ }
+- if (fd_urandom != -1)
++ if (fd_urandom >= 0)
+ {
+ close (fd_urandom);
+ fd_urandom = -1;
+@@ -176,12 +177,12 @@ _gcry_rndlinux_gather_random (void (*add
+ apid = getpid ();
+ if (my_pid != apid)
+ {
+- if (fd_random != -1)
++ if (fd_random >= 0)
+ {
+ close (fd_random);
+ fd_random = -1;
+ }
+- if (fd_urandom != -1)
++ if (fd_urandom >= 0)
+ {
+ close (fd_urandom);
+ fd_urandom = -1;
+@@ -230,6 +231,17 @@ _gcry_rndlinux_gather_random (void (*add
{
if (fd_urandom == -1)
{
@@ -76,28 +106,19 @@
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ fd_urandom = -2;
-+ else
-+ /* The syscall is not supported - fallback to /dev/urandom. */
++ else /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2),
1);
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
ever_opened |= 2;
}
-@@ -275,6 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
- * syscall and not a new device and thus we are not able to use
- * select(2) to have a timeout. */
- #if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
-+ if (fd == -2)
- {
- long ret;
- size_t nbytes;
-@@ -290,9 +304,7 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -272,9 +284,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
-- ; /* The syscall is not supported - fallback to pulling from fd.
*/
+- ; /* getentropy is not supported - fallback to pulling from fd.
*/
- else
+ if (1)
- { /* The syscall is supported. Some sanity checks. */
+ { /* getentropy is supported. Some sanity checks. */
if (ret == -1)
- log_fatal ("unexpected error from getrandom: %s\n",
+ log_fatal ("unexpected error from getentropy: %s\n",
++++++ libgcrypt-1.8.7.tar.bz2 -> libgcrypt-1.9.1.tar.bz2 ++++++
++++ 96620 lines of diff (skipped)
++++++ libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.397683672 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.397683672 +0100
@@ -1,7 +1,7 @@
-Index: libgcrypt-1.8.2/cipher/pubkey.c
+Index: libgcrypt-1.9.0/cipher/pubkey.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/pubkey.c
-+++ libgcrypt-1.8.2/cipher/pubkey.c
+--- libgcrypt-1.9.0.orig/cipher/pubkey.c
++++ libgcrypt-1.9.0/cipher/pubkey.c
@@ -384,6 +384,33 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain,
}
@@ -106,10 +106,10 @@
/*
Test a key.
-Index: libgcrypt-1.8.2/cipher/pubkey-internal.h
+Index: libgcrypt-1.9.0/cipher/pubkey-internal.h
===================================================================
---- libgcrypt-1.8.2.orig/cipher/pubkey-internal.h
-+++ libgcrypt-1.8.2/cipher/pubkey-internal.h
+--- libgcrypt-1.9.0.orig/cipher/pubkey-internal.h
++++ libgcrypt-1.9.0/cipher/pubkey-internal.h
@@ -43,6 +43,8 @@ void _gcry_pk_util_free_encoding_ctx (st
gcry_err_code_t _gcry_pk_util_data_to_mpi (gcry_sexp_t input,
gcry_mpi_t *ret_mpi,
@@ -119,11 +119,11 @@
-Index: libgcrypt-1.8.2/cipher/pubkey-util.c
+Index: libgcrypt-1.9.0/cipher/pubkey-util.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/pubkey-util.c
-+++ libgcrypt-1.8.2/cipher/pubkey-util.c
-@@ -1119,3 +1119,50 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
+--- libgcrypt-1.9.0.orig/cipher/pubkey-util.c
++++ libgcrypt-1.9.0/cipher/pubkey-util.c
+@@ -1158,3 +1158,50 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
return rc;
}
@@ -174,11 +174,11 @@
+
+ return rc;
+}
-Index: libgcrypt-1.8.2/src/g10lib.h
+Index: libgcrypt-1.9.0/src/g10lib.h
===================================================================
---- libgcrypt-1.8.2.orig/src/g10lib.h
-+++ libgcrypt-1.8.2/src/g10lib.h
-@@ -288,6 +288,10 @@ gpg_err_code_t _gcry_generate_fips186_3_
+--- libgcrypt-1.9.0.orig/src/g10lib.h
++++ libgcrypt-1.9.0/src/g10lib.h
+@@ -299,6 +299,10 @@ gpg_err_code_t _gcry_generate_fips186_3_
gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
unsigned int bits);
@@ -189,10 +189,10 @@
/* Replacements of missing functions (missing-string.c). */
#ifndef HAVE_STPCPY
-Index: libgcrypt-1.8.2/src/visibility.c
+Index: libgcrypt-1.9.0/src/visibility.c
===================================================================
---- libgcrypt-1.8.2.orig/src/visibility.c
-+++ libgcrypt-1.8.2/src/visibility.c
+--- libgcrypt-1.9.0.orig/src/visibility.c
++++ libgcrypt-1.9.0/src/visibility.c
@@ -992,6 +992,18 @@ gcry_pk_decrypt (gcry_sexp_t *result, gc
}
@@ -228,11 +228,11 @@
gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey)
{
if (!fips_is_operational ())
-Index: libgcrypt-1.8.2/src/visibility.h
+Index: libgcrypt-1.9.0/src/visibility.h
===================================================================
---- libgcrypt-1.8.2.orig/src/visibility.h
-+++ libgcrypt-1.8.2/src/visibility.h
-@@ -357,8 +357,10 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
+--- libgcrypt-1.9.0.orig/src/visibility.h
++++ libgcrypt-1.9.0/src/visibility.h
+@@ -360,8 +360,10 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
#define gcry_pk_get_param _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_get_nbits _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
@@ -242,4 +242,4 @@
+#define gcry_pk_verify_md _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pk_verify _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_pubkey_get_sexp _gcry_USE_THE_UNDERSCORED_FUNCTION
-
+ #define gcry_ecc_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
++++++ libgcrypt-PCT-ECC.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.409683691 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.413683698 +0100
@@ -1,80 +1,46 @@
-Index: libgcrypt-1.8.2/cipher/ecc.c
+Index: libgcrypt-1.9.0/cipher/ecc.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/ecc.c
-+++ libgcrypt-1.8.2/cipher/ecc.c
-@@ -99,7 +99,7 @@ static void *progress_cb_data;
+--- libgcrypt-1.9.0.orig/cipher/ecc.c
++++ libgcrypt-1.9.0/cipher/ecc.c
+@@ -100,7 +100,7 @@ static void *progress_cb_data;
�
/* Local prototypes. */
--static void test_keys (ECC_secret_key * sk, unsigned int nbits);
-+static int test_keys (ECC_secret_key * sk, unsigned int nbits);
- static void test_ecdh_only_keys (ECC_secret_key * sk, unsigned int nbits, int
flags);
+-static void test_keys (mpi_ec_t ec, unsigned int nbits);
++static int test_keys (mpi_ec_t ec, unsigned int nbits);
+ static void test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, int flags);
static unsigned int ecc_get_nbits (gcry_sexp_t parms);
-@@ -152,6 +152,7 @@ nist_generate_key (ECC_secret_key *sk, e
- gcry_random_level_t random_level;
- gcry_mpi_t x, y;
- const unsigned int pbits = mpi_get_nbits (E->p);
-+ int free_skEname = 0;
-
- point_init (&Q);
-
-@@ -176,7 +177,6 @@ nist_generate_key (ECC_secret_key *sk, e
+@@ -256,8 +256,10 @@ nist_generate_key (mpi_ec_t ec, int flag
+ else if (ec->model == MPI_EC_MONTGOMERY)
+ test_ecdh_only_keys (ec, ec->nbits - 63, flags);
else
- sk->d = _gcry_dsa_gen_k (E->n, random_level);
-
+- test_keys (ec, ec->nbits - 64);
-
- /* Compute Q. */
- _gcry_mpi_ec_mul_point (&Q, sk->d, &E->G, ctx);
-
-@@ -190,6 +190,12 @@ nist_generate_key (ECC_secret_key *sk, e
- point_set (&sk->E.G, &E->G);
- sk->E.n = mpi_copy (E->n);
- sk->E.h = mpi_copy (E->h);
-+ if (E->name)
-+ {
-+ free_skEname = 1;
-+ sk->E.name = _gcry_xstrdup(E->name);
-+ }
-+
- point_init (&sk->Q);
-
- x = mpi_new (pbits);
-@@ -261,10 +267,16 @@ nist_generate_key (ECC_secret_key *sk, e
- if ((flags & PUBKEY_FLAG_NO_KEYTEST))
- ; /* User requested to skip the test. */
- else if (sk->E.model != MPI_EC_MONTGOMERY)
-- test_keys (sk, nbits - 64);
+ {
-+ if (test_keys (sk, nbits - 64))
++ if (test_keys (ec, ec->nbits - 64))
+ return GPG_ERR_BAD_SIGNATURE;
+ }
- else
- test_ecdh_only_keys (sk, nbits - 64, flags);
-
-+ if (free_skEname)
-+ xfree ((void*)sk->E.name);
-+
return 0;
}
-@@ -275,9 +287,10 @@ nist_generate_key (ECC_secret_key *sk, e
+@@ -268,9 +270,10 @@ nist_generate_key (mpi_ec_t ec, int flag
* test if the information is recuperated.
* Second, test with the sign and verify functions.
*/
-static void
+static int
- test_keys (ECC_secret_key *sk, unsigned int nbits)
+ test_keys (mpi_ec_t ec, unsigned int nbits)
{
-+ int result = -1; /* Default to failure. */
- ECC_public_key pk;
++ int result = -1; /* Default to failure. */
gcry_mpi_t test = mpi_new (nbits);
mpi_point_struct R_;
-@@ -297,17 +310,190 @@ test_keys (ECC_secret_key *sk, unsigned
+ gcry_mpi_t c = mpi_new (nbits);
+@@ -285,23 +288,205 @@ test_keys (mpi_ec_t ec, unsigned int nbi
_gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
-- if (_gcry_ecc_ecdsa_sign (test, sk, r, s, 0, 0) )
+- if (_gcry_ecc_ecdsa_sign (test, ec, r, s, 0, 0) )
- log_fatal ("ECDSA operation: sign failed\n");
+ /* Use the gcry_pk_sign_md API in order to comply with FIPS 140-2,
+ * which requires full signature operation for PCT (hashing +
@@ -102,7 +68,7 @@
+ xfree (buf);
+ buf = NULL;
-- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s))
+- if (_gcry_ecc_ecdsa_verify (test, ec, r, s))
+ sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))");
+
+ /* Assemble the point Q from affine coordinates by simple
@@ -111,11 +77,10 @@
+ gcry_mpi_t Qy = NULL;
+ Qx = mpi_new (0);
+ Qy = mpi_new (0);
-+ ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, flags,
-+ sk->E.p, sk->E.a, sk->E.b);
-+ if (_gcry_mpi_ec_get_affine (Qx, Qy, &(sk->Q), ctx))
- {
-- log_fatal ("ECDSA operation: sign, verify failed\n");
++ ctx = _gcry_mpi_ec_p_internal_new (ec->model, ec->dialect, flags,
++ ec->p, ec->a, ec->b);
++ if (_gcry_mpi_ec_get_affine (Qx, Qy, ec->Q, ctx))
++ {
+ if (DBG_CIPHER)
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
+ }
@@ -163,11 +128,11 @@
+ xfree (rawqy);
+
+ /* build ECC private key sexp in s_skey */
-+ if (sk->E.name)
++ if (ec->name)
+ {
+ if (sexp_build (&s_skey, NULL,
+ "(private-key (ecc (curve %s)(d %m)(q %b)))",
-+ sk->E.name, sk->d, qlen, q))
++ ec->name, ec->d, qlen, q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
@@ -178,16 +143,16 @@
+ if (sexp_build (&s_skey, NULL,
+ "(private-key"
+ " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q
%b)))",
-+ "NIST P-512", sk->d, sk->E.p, sk->E.a, sk->E.b,
sk->E.n, sk->E.h,
++ "NIST P-512", ec->d, ec->p, ec->a, ec->b, ec->n, ec->h,
+ qlen, q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
-+
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
-+ {
+ {
+- log_fatal ("ECDSA operation: sign, verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_sign failed\n");
+ goto leave;
@@ -210,10 +175,10 @@
+
+ /* verify */
+ /* build public key sexp in s_pkey */
-+ if (pk.E.name)
++ if (ec->name)
+ {
+ if (sexp_build (&s_pkey, NULL,
-+ "(public-key (ecc (curve %s)(q %b)))", pk.E.name, qlen,
q))
++ "(public-key (ecc (curve %s)(q %b)))", ec->name, qlen,
q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for public key.\n");
@@ -224,7 +189,7 @@
+ if (sexp_build (&s_pkey, NULL,
+ "(public-key"
+ " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q
%b)))",
-+ "NIST P-512", pk.E.p, pk.E.a, pk.E.b, pk.E.n, pk.E.h,
qlen, q))
++ "NIST P-512", ec->p, ec->a, ec->b, ec->n, ec->h, qlen,
q))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
@@ -263,10 +228,9 @@
+ result = 0; /* The test succeeded. */
+ leave:
- point_free (&pk.Q);
- _gcry_ecc_curve_free (&pk.E);
-
-@@ -317,6 +503,16 @@ test_keys (ECC_secret_key *sk, unsigned
+ point_free (&R_);
+ mpi_free (s);
+ mpi_free (r);
mpi_free (out);
mpi_free (c);
mpi_free (test);
@@ -283,10 +247,10 @@
}
-Index: libgcrypt-1.8.2/cipher/pubkey.c
+Index: libgcrypt-1.9.0/cipher/pubkey.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/pubkey.c
-+++ libgcrypt-1.8.2/cipher/pubkey.c
+--- libgcrypt-1.9.0.orig/cipher/pubkey.c
++++ libgcrypt-1.9.0/cipher/pubkey.c
@@ -390,6 +390,7 @@ calculate_hash (gcry_md_hd_t hd, gcry_se
gcry_err_code_t rc;
const unsigned char *digest;
@@ -318,10 +282,10 @@
return rc;
}
-Index: libgcrypt-1.8.2/cipher/pubkey-internal.h
+Index: libgcrypt-1.9.0/cipher/pubkey-internal.h
===================================================================
---- libgcrypt-1.8.2.orig/cipher/pubkey-internal.h
-+++ libgcrypt-1.8.2/cipher/pubkey-internal.h
+--- libgcrypt-1.9.0.orig/cipher/pubkey-internal.h
++++ libgcrypt-1.9.0/cipher/pubkey-internal.h
@@ -45,6 +45,8 @@ gcry_err_code_t _gcry_pk_util_data_to_mp
struct pk_encoding_ctx *ctx);
gcry_err_code_t _gcry_pk_util_get_algo (gcry_sexp_t input,
@@ -331,11 +295,11 @@
-Index: libgcrypt-1.8.2/cipher/pubkey-util.c
+Index: libgcrypt-1.9.0/cipher/pubkey-util.c
===================================================================
---- libgcrypt-1.8.2.orig/cipher/pubkey-util.c
-+++ libgcrypt-1.8.2/cipher/pubkey-util.c
-@@ -1120,6 +1120,40 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
+--- libgcrypt-1.9.0.orig/cipher/pubkey-util.c
++++ libgcrypt-1.9.0/cipher/pubkey-util.c
+@@ -1159,6 +1159,40 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i
return rc;
}
++++++ libgcrypt-PCT-RSA.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.425683718 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.429683724 +0100
@@ -2,7 +2,7 @@
===================================================================
--- libgcrypt-1.8.2.orig/cipher/rsa.c
+++ libgcrypt-1.8.2/cipher/rsa.c
-@@ -159,27 +159,103 @@ test_keys (RSA_secret_key *sk, unsigned
+@@ -159,22 +159,97 @@ test_keys (RSA_secret_key *sk, unsigned
/* Create another random plaintext as data for signature checking. */
_gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
@@ -112,12 +112,6 @@
leave:
_gcry_mpi_release (signature);
_gcry_mpi_release (decr_plaintext);
- _gcry_mpi_release (ciphertext);
- _gcry_mpi_release (plaintext);
-+
- return result;
- }
-
@@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
/* This sexp trickery is to prevent the use of blinding.
* The flag doesn't get inherited by encr, so we have to
@@ -127,11 +121,3 @@
memset(buf, 0, sizeof(buf));
err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
if (err)
-@@ -2012,6 +2088,7 @@ selftests_rsa (selftest_report_func_t re
- sexp_release (skey);
- if (report)
- report ("pubkey", GCRY_PK_RSA, what, errtxt);
-+
- return GPG_ERR_SELFTEST_FAILED;
- }
-
++++++ libgcrypt-ecc-ecdsa-no-blinding.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.449683756 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.449683756 +0100
@@ -1,8 +1,8 @@
-Index: libgcrypt-1.8.5/cipher/ecc.c
+Index: libgcrypt-1.9.0/cipher/ecc.c
===================================================================
---- libgcrypt-1.8.5.orig/cipher/ecc.c
-+++ libgcrypt-1.8.5/cipher/ecc.c
-@@ -2060,11 +2060,11 @@ selftest_sign (gcry_sexp_t pkey, gcry_se
+--- libgcrypt-1.9.0.orig/cipher/ecc.c
++++ libgcrypt-1.9.0/cipher/ecc.c
+@@ -1581,11 +1581,11 @@ selftest_sign (gcry_sexp_t pkey, gcry_se
{
/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
static const char sample_data[] =
@@ -16,19 +16,19 @@
" (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
/**/ "62113d8a62add1bf#))";
static const char signature_r[] =
-Index: libgcrypt-1.8.5/cipher/ecc-ecdsa.c
+Index: libgcrypt-1.9.0/cipher/ecc-ecdsa.c
===================================================================
---- libgcrypt-1.8.5.orig/cipher/ecc-ecdsa.c
-+++ libgcrypt-1.8.5/cipher/ecc-ecdsa.c
-@@ -52,6 +52,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
- mpi_ec_t ctx;
+--- libgcrypt-1.9.0.orig/cipher/ecc-ecdsa.c
++++ libgcrypt-1.9.0/cipher/ecc-ecdsa.c
+@@ -51,6 +51,7 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
+ unsigned int abits, qbits;
gcry_mpi_t b; /* Random number needed for blinding. */
gcry_mpi_t bi; /* multiplicative inverse of B. */
+ int with_blinding = !(flags & PUBKEY_FLAG_NO_BLINDING);
if (DBG_CIPHER)
log_mpidump ("ecdsa sign hash ", input );
-@@ -65,12 +66,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
+@@ -64,12 +65,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
b = mpi_snew (qbits);
bi = mpi_snew (qbits);
@@ -36,48 +36,47 @@
+ if (with_blinding)
{
- _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
-- mpi_mod (b, b, skey->E.n);
+- mpi_mod (b, b, ec->n);
+ do
+ {
+ _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
-+ mpi_mod (b, b, skey->E.n);
++ mpi_mod (b, b, ec->n);
+ }
-+ while (!mpi_invm (bi, b, skey->E.n));
++ while (!mpi_invm (bi, b, ec->n));
}
-- while (!mpi_invm (bi, b, skey->E.n));
+- while (!mpi_invm (bi, b, ec->n));
k = NULL;
dr = mpi_alloc (0);
-@@ -128,14 +132,25 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
+@@ -126,14 +130,23 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input,
}
while (!mpi_cmp_ui (r, 0));
- /* Computation of dr, sum, and s are blinded with b. */
-- mpi_mulm (dr, b, skey->d, skey->E.n);
-- mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */
-- mpi_mulm (sum, b, hash, skey->E.n);
-- mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */
+- mpi_mulm (dr, b, ec->d, ec->n);
+- mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */
+- mpi_mulm (sum, b, hash, ec->n);
+- mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */
+- mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */
+- /* Undo blinding by b^-1 */
+- mpi_mulm (s, bi, s, ec->n);
+ if (!with_blinding)
+ {
-+ mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */
-+ mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n
*/
-+ }
++ mpi_mulm (dr, ec->d, r, ec->n); /* dr = d*r mod n */
++ mpi_addm (sum, hash, dr, ec->n); /* sum = hash + (d*r) mod n */
++ }
+ else
+ {
-+ /* Computation of dr, sum, and s are blinded with b. */
-+ mpi_mulm (dr, b, skey->d, skey->E.n);
-+ mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */
-+ mpi_mulm (sum, b, hash, skey->E.n);
-+ mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */
-+ }
- mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n
*/
-- /* Undo blinding by b^-1 */
-- mpi_mulm (s, bi, s, skey->E.n);
++ mpi_mulm (dr, b, ec->d, ec->n);
++ mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */
++ mpi_mulm (sum, b, hash, ec->n);
++ mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */
++ }
++ mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n
*/
+ if (with_blinding)
+ {
-+ /* Undo blinding by b^-1 */
-+ mpi_mulm (s, bi, s, skey->E.n);
-+ }
++ mpi_mulm (s, bi, s, ec->n); /* Undo blinding by b^-1 */
++ }
}
while (!mpi_cmp_ui (s, 0));
++++++ libgcrypt-fips_selftest_trigger_file.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.461683776 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.461683776 +0100
@@ -1,9 +1,9 @@
-Index: libgcrypt-1.8.2/src/fips.c
+Index: libgcrypt-1.9.1/src/fips.c
===================================================================
---- libgcrypt-1.8.2.orig/src/fips.c 2020-04-16 21:15:01.633217969 +0200
-+++ libgcrypt-1.8.2/src/fips.c 2020-04-16 21:21:44.279376166 +0200
-@@ -651,7 +651,7 @@ get_library_path(const char *libname, co
- }
+--- libgcrypt-1.9.1.orig/src/fips.c
++++ libgcrypt-1.9.1/src/fips.c
+@@ -660,7 +660,7 @@ get_library_path(const char *libname, co
+ #endif
static gpg_error_t
-get_hmac_path(char **fname)
@@ -11,25 +11,25 @@
{
char libpath[4096];
gpg_error_t err;
-@@ -676,7 +676,7 @@ get_hmac_path(char **fname)
- p = *fname;
- memmove (p+1, p, strlen (p)+1);
- *p = '.';
-- strcat (*fname, ".hmac");
-+ strcat (*fname, suffix);
- err = 0;
- }
+@@ -685,7 +685,7 @@ get_hmac_path(char **fname)
+ p = *fname;
+ memmove (p+1, p, strlen (p)+1);
+ *p = '.';
+- strcat (*fname, ".hmac");
++ strcat (*fname, suffix);
+ err = 0;
+ }
}
-@@ -708,7 +708,7 @@ check_binary_integrity (void)
+@@ -717,7 +717,7 @@ check_binary_integrity (void)
else
{
FILE *fp;
-- err = get_hmac_path(&fname);
-+ err = get_hmac_path(&fname, ".hmac");
- if (!err)
- {
+- err = get_hmac_path(&fname);
++ err = get_hmac_path(&fname, ".hmac");
+ if (!err)
+ {
/* Open the file. */
-@@ -769,7 +769,7 @@ can_skip_selftests(void)
+@@ -779,7 +779,7 @@ can_skip_selftests(void)
if (fips_mode())
return 0;
++++++ libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.469683789 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.469683789 +0100
@@ -13,7 +13,7 @@
static void
-run_dsa_sign (const void *data, size_t datalen, const char *keyfile)
+run_dsa_sign (const void *data, size_t datalen,
-+ int hashalgo, const char *keyfile)
++ int hashalgo, const char *keyfile)
{
gpg_error_t err;
@@ -31,7 +31,7 @@
- gcry_md_hash_buffer (algo, hash, data, datalen);
+ if (hashalgo_len < algo_len)
-+ algo_len = hashalgo_len;
++ algo_len = hashalgo_len;
+
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
++++++ libgcrypt-fix-tests-fipsmode.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.485683815 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.489683821 +0100
@@ -1,8 +1,9 @@
-diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode
libgcrypt-1.8.4/tests/basic.c
---- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17
17:29:40.000000000 +0200
-+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
-@@ -6964,7 +6964,7 @@ check_ciphers (void)
- check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
+Index: libgcrypt-1.9.1/tests/basic.c
+===================================================================
+--- libgcrypt-1.9.1.orig/tests/basic.c
++++ libgcrypt-1.9.1/tests/basic.c
+@@ -9978,7 +9978,7 @@ check_ciphers (void)
+ check_one_cipher (algos[i], GCRY_CIPHER_MODE_EAX, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
@@ -10,7 +11,7 @@
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
-@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
+@@ -10025,12 +10025,18 @@ check_cipher_modes(void)
check_cfb_cipher ();
check_ofb_cipher ();
check_ccm_cipher ();
@@ -24,6 +25,7 @@
+ check_ocb_cipher ();
+ }
check_xts_cipher ();
+ check_eax_cipher ();
- check_gost28147_cipher ();
+ if (!in_fips_mode)
+ {
@@ -32,7 +34,7 @@
check_stream_cipher ();
check_stream_cipher_large_block ();
-@@ -10001,7 +10007,7 @@ check_mac (void)
+@@ -13383,7 +13389,7 @@ check_mac (void)
show_mac_not_available (algos[i].algo);
continue;
}
@@ -41,16 +43,16 @@
{
if (verbose)
fprintf (stderr, " algorithm %d not available in fips mode\n",
-@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
+@@ -14508,8 +14514,6 @@ main (int argc, char **argv)
/* If we are in fips mode do some more tests. */
gcry_md_hd_t md;
- /* First trigger a self-test. */
-- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("not in operational state after self-test\n");
-@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
+@@ -14534,15 +14538,6 @@ main (int argc, char **argv)
gcry_md_close (md);
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
fail ("expected error state but still in operational
state\n");
@@ -58,7 +60,7 @@
- {
- /* Now run a self-test and to get back into
- operational state. */
-- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+- xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
- fail ("did not reach operational after error "
- "and self-test\n");
@@ -66,26 +68,28 @@
}
}
-diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode
libgcrypt-1.8.4/tests/benchmark.c
---- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12
11:31:44.859603883 +0100
-+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
-@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
- || (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
+Index: libgcrypt-1.9.1/tests/benchmark.c
+===================================================================
+--- libgcrypt-1.9.1.orig/tests/benchmark.c
++++ libgcrypt-1.9.1/tests/benchmark.c
+@@ -943,8 +943,10 @@ cipher_bench ( const char *algoname )
+ && algo != GCRY_CIPHER_CHACHA20)
continue;
- if (modes[modeidx].req_blocksize > 0
- && blklen != modes[modeidx].req_blocksize)
+ if ((modes[modeidx].req_blocksize > 0
+ && blklen != modes[modeidx].req_blocksize)
-+ || (in_fips_mode
++ || (in_fips_mode
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
{
printf (" %7s %7s", "-", "-" );
continue;
-diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode
libgcrypt-1.8.4/tests/bench-slope.c
---- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23
19:16:58.000000000 +0100
-+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325
+0100
-@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
+Index: libgcrypt-1.9.1/tests/bench-slope.c
+===================================================================
+--- libgcrypt-1.9.1.orig/tests/bench-slope.c
++++ libgcrypt-1.9.1/tests/bench-slope.c
+@@ -1573,7 +1573,7 @@ cipher_bench_one (int algo, struct bench
return;
/* GCM has restrictions for block-size */
@@ -94,9 +98,10 @@
return;
/* XTS has restrictions for block-size */
-diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode
libgcrypt-1.8.4/tests/pubkey.c
---- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23
19:16:58.000000000 +0100
-+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
+Index: libgcrypt-1.9.1/tests/pubkey.c
+===================================================================
+--- libgcrypt-1.9.1.orig/tests/pubkey.c
++++ libgcrypt-1.9.1/tests/pubkey.c
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
rc = gcry_sexp_new
(&key_spec,
@@ -137,39 +142,27 @@
")))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
-@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
+@@ -596,7 +611,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
" (use-fips186)"
" (transient-key)"
" (derive-parms"
-- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
+- " (seed
#f770a4598ff756931fc529764513b103ce57d85f4ad8c5cf297c9b4d48241c5b#))))",
+ " (seed
#8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
-diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode
libgcrypt-1.8.4/tests/t-cv25519.c
---- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23
19:16:58.000000000 +0100
-+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
-@@ -560,6 +560,9 @@ main (int argc, char **argv)
- xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
- xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
- xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-+ /* Curve25519 isn't supported in fips mode */
-+ if (gcry_fips_mode_active())
-+ return 77;
-
- start_timer ();
- check_cv25519 ();
-diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode
libgcrypt-1.8.4/tests/t-secmem.c
---- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23
19:19:54.000000000 +0100
-+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
+Index: libgcrypt-1.9.1/tests/t-secmem.c
+===================================================================
+--- libgcrypt-1.9.1.orig/tests/t-secmem.c
++++ libgcrypt-1.9.1/tests/t-secmem.c
@@ -174,7 +174,8 @@ main (int argc, char **argv)
- xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
- xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
- xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
+ xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
+ xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
+ xgcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0));
- gcry_set_outofcore_handler (outofcore_handler, NULL);
+ if (!gcry_fips_mode_active ())
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
- xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
/* Libgcrypt prints a warning when the first overflow is allocated;
@@ -184,7 +185,8 @@ main (int argc, char **argv)
++++++ libgcrypt-global_init-constructor.patch ++++++
--- /var/tmp/diff_new_pack.RjV2q5/_old 2021-02-08 11:47:09.497683834 +0100
+++ /var/tmp/diff_new_pack.RjV2q5/_new 2021-02-08 11:47:09.501683841 +0100
@@ -1,7 +1,7 @@
-Index: libgcrypt-1.8.2/src/global.c
+Index: libgcrypt-1.9.1/src/global.c
===================================================================
---- libgcrypt-1.8.2.orig/src/global.c 2020-04-16 21:13:28.252717330 +0200
-+++ libgcrypt-1.8.2/src/global.c 2020-04-16 21:13:47.960822991 +0200
+--- libgcrypt-1.9.1.orig/src/global.c
++++ libgcrypt-1.9.1/src/global.c
@@ -86,7 +86,7 @@ static gpg_err_code_t external_lock_test
likely to be called at startup. The suggested way for an
application to make sure that this has been called is by using
@@ -45,11 +45,11 @@
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
-Index: libgcrypt-1.8.2/src/fips.c
+Index: libgcrypt-1.9.1/src/fips.c
===================================================================
---- libgcrypt-1.8.2.orig/src/fips.c 2020-04-16 21:13:28.252717330 +0200
-+++ libgcrypt-1.8.2/src/fips.c 2020-04-16 21:14:44.781127616 +0200
-@@ -125,6 +125,7 @@ void
+--- libgcrypt-1.9.1.orig/src/fips.c
++++ libgcrypt-1.9.1/src/fips.c
+@@ -124,6 +124,7 @@ void
_gcry_initialize_fips_mode (int force)
{
static int done;
@@ -57,48 +57,33 @@
/* Make sure we are not accidentally called twice. */
if (done)
-@@ -214,6 +215,23 @@ _gcry_initialize_fips_mode (int force)
+@@ -213,6 +214,23 @@ _gcry_initialize_fips_mode (int force)
/* Yes, we are in FIPS mode. */
FILE *fp;
+ /* Intitialize the lock to protect the FSM. */
+ err = gpgrt_lock_init (&fsm_lock);
+ if (err)
-+ {
-+ /* If that fails we can't do anything but abort the
-+ process. We need to use log_info so that the FSM won't
-+ get involved. */
-+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
-+ gpg_strerror (err));
++ {
++ /* If that fails we can't do anything but abort the
++ * process. We need to use log_info so that the FSM won't
++ * get involved. */
++ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
++ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
-+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
-+ "creating FSM lock failed: %s - abort",
-+ gpg_strerror (err));
++ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
++ "creating FSM lock failed: %s - abort",
++ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
-+ abort ();
-+ }
++ abort ();
++ }
+
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
-@@ -614,10 +632,10 @@ get_library_path(const char *libname, co
- void *dl, *sym;
- int rv = -1;
-
-- dl = dlopen(libname, RTLD_LAZY);
-- if (dl == NULL) {
-- return -1;
-- }
-+ dl = dlopen(libname, RTLD_LAZY);
-+ if (dl == NULL) {
-+ return -1;
-+ }
-
- sym = dlsym(dl, symbolname);
-
-@@ -632,6 +650,39 @@ get_library_path(const char *libname, co
- return rv;
+@@ -641,6 +659,39 @@ get_library_path(const char *libname, co
}
+ #endif
+static gpg_error_t
+get_hmac_path(char **fname)
@@ -112,23 +97,23 @@
+ {
+ *fname = _gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
+ if (!*fname)
-+ err = gpg_error_from_syserror ();
++ err = gpg_error_from_syserror ();
+ else
-+ {
++ {
+ char *p;
+
-+ /* Prefix the basename with a dot. */
-+ strcpy (*fname, libpath);
-+ p = strrchr (*fname, '/');
-+ if (p)
++ /* Prefix the basename with a dot. */
++ strcpy (*fname, libpath);
++ p = strrchr (*fname, '/');
++ if (p)
+ p++;
-+ else
-+ p = *fname;
-+ memmove (p+1, p, strlen (p)+1);
-+ *p = '.';
-+ strcat (*fname, ".hmac");
-+ err = 0;
-+ }
++ else
++ p = *fname;
++ memmove (p+1, p, strlen (p)+1);
++ *p = '.';
++ strcat (*fname, ".hmac");
++ err = 0;
++ }
+ }
+ return err;
+}
@@ -136,7 +121,7 @@
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
-@@ -656,25 +707,10 @@ check_binary_integrity (void)
+@@ -665,25 +716,10 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
@@ -144,7 +129,10 @@
- if (!fname)
- err = gpg_error_from_syserror ();
- else
-- {
++ FILE *fp;
++ err = get_hmac_path(&fname);
++ if (!err)
+ {
- FILE *fp;
- char *p;
-
@@ -159,14 +147,10 @@
- *p = '.';
- strcat (fname, ".hmac");
-
-+ FILE *fp;
-+ err = get_hmac_path(&fname);
-+ if (!err)
-+ {
/* Open the file. */
fp = fopen (fname, "r");
if (!fp)
-@@ -725,6 +761,33 @@ check_binary_integrity (void)
+@@ -734,6 +770,33 @@ check_binary_integrity (void)
#endif
}
@@ -200,18 +184,18 @@
/* Run the self-tests. If EXTENDED is true, extended versions of the
selftest are run, that is more tests than required by FIPS. */
-@@ -733,26 +795,13 @@ _gcry_fips_run_selftests (int extended)
+@@ -742,26 +805,13 @@ _gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
- int in_poweron;
-
+-
- lock_fsm ();
- in_poweron = (current_state == STATE_POWERON);
- unlock_fsm ();
-
- fips_new_state (STATE_SELFTEST);
--
+
- /* We first check the integrity of the binary.
- If run from the constructor we are in POWERON state,
- we return and finish the remaining selftests before
@@ -231,8 +215,8 @@
if (run_cipher_selftests (extended))
goto leave;
-@@ -762,6 +811,9 @@ _gcry_fips_run_selftests (int extended)
- if (run_mac_selftests (extended))
+@@ -774,6 +824,9 @@ _gcry_fips_run_selftests (int extended)
+ if (run_kdf_selftests (extended))
goto leave;
+ if (check_binary_integrity ())
@@ -241,7 +225,7 @@
/* Run random tests before the pubkey tests because the latter
require random. */
if (run_random_selftests ())
-@@ -775,7 +827,8 @@ _gcry_fips_run_selftests (int extended)
+@@ -787,7 +840,8 @@ _gcry_fips_run_selftests (int extended)
ec = 0;
leave:
@@ -251,7 +235,7 @@
return ec;
}
-@@ -831,7 +884,6 @@ fips_new_state (enum module_states new_s
+@@ -843,7 +897,6 @@ fips_new_state (enum module_states new_s
{
case STATE_POWERON:
if (new_state == STATE_INIT
@@ -259,7 +243,7 @@
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
-@@ -846,8 +898,6 @@ fips_new_state (enum module_states new_s
+@@ -858,8 +911,6 @@ fips_new_state (enum module_states new_s
case STATE_SELFTEST:
if (new_state == STATE_OPERATIONAL
++++++ random.conf ++++++
# This file can be used to globally change parameters of
# the random generator. Supported options are:
# Always use the non-blocking /dev/urandom or the respective
# system call instead of the blocking /dev/random.
only-urandom
# Disable the use of the jitter based entropy generator.
#disable-jent
