Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2014-09-04 07:55:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2014-08-16 15:37:36.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2014-09-04 07:55:55.000000000 +0200
@@ -1,0 +2,15 @@
+Mon Sep 1 10:57:06 UTC 2014 - vcizek@suse.com
+
+- fix an issue in DRBG patchset
+ * size_t type is 32-bit on 32-bit systems
+- fix a potential NULL pointer deference in DRBG patchset
+ * patches from https://bugs.g10code.com/gnupg/issue1701
+- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
+- added v9-0007-User-interface-to-DRBG.patch
+- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
+- removed v7-0007-User-interface-to-DRBG.patch
+- add a subpackage for CAVS testing
+ * add cavs_driver.pl and cavs-test.sh from the kernel cavs package
+ * added drbg_test.patch
+
+-------------------------------------------------------------------
Old:
----
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
0007-User-interface-to-DRBG.patch
New:
----
cavs-test.sh
cavs_driver.pl
drbg_test.patch
v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
v9-0007-User-interface-to-DRBG.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.jC7aRw/_old 2014-09-04 07:55:57.000000000 +0200
+++ /var/tmp/diff_new_pack.jC7aRw/_new 2014-09-04 07:55:57.000000000 +0200
@@ -32,6 +32,9 @@
Source2: baselibs.conf
# http://www.gnupg.org/signature_key.en.html
Source4: %{name}.keyring
+# cavs test framework
+Source5: cavs-test.sh
+Source6: cavs_driver.pl
Patch0: %{name}-ppc64.patch
Patch1: %{name}-strict-aliasing.patch
Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch
@@ -49,15 +52,16 @@
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
# add support for SP800-90A DRBG (fate#316929, bnc#856312)
-Patch21: 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
+Patch21: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
Patch22: 0002-Compile-DRBG.patch
Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch
Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
-Patch27: 0007-User-interface-to-DRBG.patch
+Patch27: v9-0007-User-interface-to-DRBG.patch
Patch28: libgcrypt-fix-rng.patch
Patch29: libgcrypt-init-at-elf-load-fips.patch
+Patch30: drbg_test.patch
BuildRequires: automake >= 1.11
BuildRequires: libgpg-error-devel >= 1.11
BuildRequires: libtool
@@ -65,8 +69,6 @@
%if 0%{?suse_version} > 1310
BuildRequires: fipscheck
%endif
-# not for base packages to avoid huge cycles
-#BuildRequires: gpg-offline
%description
Libgcrypt is a general purpose library of cryptographic building
@@ -111,6 +113,16 @@
This package contains needed files to compile and link against the
library.
+%package cavs
+Summary: The GNU Crypto Library
+License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT
+Group: Development/Libraries/C and C++
+Requires: %{libsoname} = %{version}
+Requires: %{libsoname}-hmac
+
+%description cavs
+CAVS testing framework for libgcrypt
+
%if 0%{?separate_hmac256_binary}
%package hmac256
@@ -150,6 +162,7 @@
%patch27 -p1
%patch28 -p1
%patch29 -p1
+%patch30 -p1
%endif
%patch13 -p1
%patch14 -p1
@@ -207,6 +220,12 @@
make DESTDIR=%{buildroot} install %{?_smp_mflags}
rm %{buildroot}%{_libdir}/%{name}.la
+# cavs
+install -m 0755 -d %{buildroot}/%{_libexecdir}/%{name}
+install -m 0755 %{SOURCE5} %{buildroot}/%{_libexecdir}/%{name}
+install -m 0755 %{SOURCE6} %{buildroot}/%{_libexecdir}/%{name}
+mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}/%{_libexecdir}/%{name}
+mv %{buildroot}%{_bindir}/drbg_test %{buildroot}/%{_libexecdir}/%{name}
%post -n %{libsoname} -p /sbin/ldconfig
@@ -255,4 +274,8 @@
%{_bindir}/.hmac256.hmac
%doc %{_mandir}/man1/hmac256.1*
+%files cavs
+%defattr(-,root,root)
+%{_libexecdir}/%{name}
+
%changelog
++++++ cavs-test.sh ++++++
#!/bin/bash
#
# This is the driver script around the actual FIPS testing
# Written by: Stephan MÃŒller
# (c) atsec information security corporation
# The easiest way to perform the cipher compliance testing
# is the following:
#
# 1. patch/compile/copy the openssl binary with the patch if necessary
# (old versions hang when running the MC test if unpatched)
#
# 2. unpack the test vector ZIP file to a local dir
#
# 3. set PATH in a way that cavs_driver.pl is found
#
# 4. go to the local dir where you unzipped the test vector archive and execute
# $0
#
# 5. send atsec the prepared CAVS_results-*.zip archive found in the same dir
DATE=$(date +%Y%m%d)
ARCH=$(uname -m)
PATH=$PATH:$(pwd)
# test interface to be used
# can be overridden by passing an argument to this script
# possible values are:
# openssl OpenSSL (default)
# libgcrypt Libgcrypt
# cryptoapi Kernel
INTERFACE="libgcrypt"
if [ "$1" == "-I" -a -n "$2" ]; then
INTERFACE="$2"
fi
for i in $(find ./ -name "*.req");
do
(
cd $(dirname $i) || exit 1
# We have to see whether we check on DSA based on path name
echo $(dirname $i) | if [ ! $(grep -v DSA) ]; then
/usr/lib/libgcrypt/cavs_driver.pl -I $INTERFACE -D $(basename $i)
else
/usr/lib/libgcrypt/cavs_driver.pl -I $INTERFACE $(basename $i)
fi
# for CAVS, we have path/req/<testvectors>
# and want to have the responses in path/resp/*.rsp
if [ $(basename $(dirname $i)) = "req" ]; then
mkdir ../resp > /dev/null 2>&1
outfile="$(basename $i .req).rsp"
mv "$outfile" ../resp/
fi
) &
done
wait
zip -r CAVS_results-$ARCH-$DATE.zip $(find ./ -name "*.rsp")
++++++ cavs_driver.pl ++++++
++++ 3072 lines (skipped)
++++++ drbg_test.patch ++++++
++++ 1303 lines (skipped)
++++++ v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch ++++++
++++ 2406 lines (skipped)
++++++ v9-0007-User-interface-to-DRBG.patch ++++++
From 581c850aa7ac63086a489480efa4cc0bf8cfd510 Mon Sep 17 00:00:00 2001
From: Stephan Mueller
Date: Thu, 21 Aug 2014 21:26:27 +0200
Subject: [PATCH v9 7/7] User interface to DRBG
DRBG Usage
==========
The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.
Usage without any additional data
---------------------------------
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Usage with personalization string during initialization
-------------------------------------------------------
struct drbg_string pers;
drbg_string_fill(&pers, "string", strlen("string"));
// The reset completely re-initializes the DRBG with the provided
// personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Usage with additional information string during random number request
---------------------------------------------------------------------
struct drbg_string addtl;
drbg_string_fill(&addtl, "string", strlen("string"));
// The following call is a wrapper to gcry_randomize() and returns
// the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);
Usage with personalization and additional information strings
-------------------------------------------------------------
Just mix both scenarios above.
Switch the DRBG type to some other type
---------------------------------------
// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_NOPR_CTRAES128, NULL, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Signed-off-by: Stephan Mueller
---
src/gcrypt.h.in | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 144 insertions(+), 13 deletions(-)
Index: libgcrypt-1.6.1/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.6.1.orig/src/gcrypt.h.in 2014-01-29 10:49:05.000000000 +0100
+++ libgcrypt-1.6.1/src/gcrypt.h.in 2014-09-02 13:45:42.439648231 +0200
@@ -193,7 +193,7 @@ gcry_error_t gcry_err_make_from_errno (g
/* Return an error value with the system error ERR. */
gcry_err_code_t gcry_error_from_errno (int err);
-
+
/* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore
used. However we keep it to allow for some source code
compatibility if used in the standard way. */
@@ -228,7 +228,7 @@ struct gcry_thread_cbs
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))}
-
+
/* A generic context object as used by some functions. */
struct gcry_context;
typedef struct gcry_context *gcry_ctx_t;
@@ -254,7 +254,7 @@ typedef struct
} gcry_buffer_t;
-
+
/* Check that the library fulfills the version requirement. */
const char *gcry_check_version (const char *req_version);
@@ -329,7 +329,8 @@ enum gcry_ctl_cmds
GCRYCTL_SET_CCM_LENGTHS = 69,
GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
- GCRYCTL_REACTIVATE_FIPS_FLAG = 72
+ GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+ GCRYCTL_DRBG_REINIT = 74,
};
/* Perform various operations defined by CMD. */
@@ -477,7 +478,7 @@ gpg_error_t gcry_sexp_extract_param (gcr
const char *list,
...) _GCRY_GCC_ATTR_SENTINEL(0);
-
+
/*******************************************
* *
* Multi Precision Integer Functions *
@@ -833,7 +834,7 @@ gcry_mpi_t _gcry_mpi_get_const (int no);
#endif /* GCRYPT_NO_MPI_MACROS */
-
+
/************************************
* *
* Symmetric Cipher Functions *
@@ -1015,7 +1016,7 @@ size_t gcry_cipher_get_algo_blklen (int
#define gcry_cipher_test_algo(a) \
gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
-
+
/************************************
* *
* Asymmetric Cipher Functions *
@@ -1114,7 +1115,7 @@ gcry_sexp_t gcry_pk_get_param (int algo,
gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
int mode, gcry_ctx_t ctx);
-
+
/************************************
* *
@@ -1291,7 +1292,7 @@ void gcry_md_debug (gcry_md_hd_t hd, con
#define gcry_md_get_asnoid(a,b,n) \
gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
-
+
/**********************************************
* *
@@ -1407,7 +1408,7 @@ int gcry_mac_map_name (const char *name)
#define gcry_mac_test_algo(a) \
gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
-
+
/******************************
* *
* Key Derivation Functions *
@@ -1435,7 +1436,7 @@ gpg_error_t gcry_kdf_derive (const void
-
+
/************************************
* *
* Random Generating Functions *
@@ -1504,7 +1505,7 @@ void gcry_create_nonce (void *buffer, si
-
+
/*******************************/
/* */
/* Prime Number Functions */
@@ -1563,7 +1564,7 @@ void gcry_prime_release_factors (gcry_mp
gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
-
+
/************************************
* *
* Miscellaneous Stuff *
@@ -1668,6 +1669,136 @@ int gcry_is_secure (const void *a) _GCRY
/* Return true if Libgcrypt is in FIPS mode. */
#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
+/* DRBG test data */
+struct drbg_test_data {
+ struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */
+ int fail_seed_source:1; /* if set, the seed function will return an
+ * error */
+};
+
+/* DRBG input data structure for DRBG generate with additional information
+ * string */
+struct drbg_gen {
+ unsigned char *outbuf; /* output buffer for random numbers */
+ unsigned int outlen; /* size of output buffer */
+ struct drbg_string *addtl; /* input buffer for
+ * additional information string */
+ struct drbg_test_data *test_data; /* test data */
+};
+
+/*
+ * Concatenation Helper and string operation helper
+ *
+ * SP800-90A requires the concatenation of different data. To avoid copying
+ * buffers around or allocate additional memory, the following data structure
+ * is used to point to the original memory with its size. In addition, it
+ * is used to build a linked list. The linked list defines the concatenation
+ * of individual buffers. The order of memory block referenced in that
+ * linked list determines the order of concatenation.
+ */
+/* DRBG string definition */
+struct drbg_string {
+ const unsigned char *buf;
+ size_t len;
+ struct drbg_string *next;
+};
+
+static inline void drbg_string_fill(struct drbg_string *string,
+ const unsigned char *buf, size_t len)
+{
+ string->buf = buf;
+ string->len = len;
+ string->next = NULL;
+}
+
+/* this is a wrapper function for users of libgcrypt */
+static inline void gcry_randomize_drbg(void *outbuf, size_t outlen,
+ enum gcry_random_level level,
+ struct drbg_string *addtl)
+{
+ struct drbg_gen genbuf;
+ genbuf.outbuf = (unsigned char *)outbuf;
+ genbuf.outlen = outlen;
+ genbuf.addtl = addtl;
+ genbuf.test_data = NULL;
+ gcry_randomize(&genbuf, 0, level);
+}
+
+/* this is a wrapper function for users of libgcrypt */
+static inline void gcry_randomize_drbg_test(void *outbuf, size_t outlen,
+ enum gcry_random_level level,
+ struct drbg_string *addtl,
+ struct drbg_test_data *test_data)
+{
+ struct drbg_gen genbuf;
+ genbuf.outbuf = (unsigned char *)outbuf;
+ genbuf.outlen = outlen;
+ genbuf.addtl = addtl;
+ genbuf.test_data = test_data;
+ gcry_randomize(&genbuf, 0, level);
+}
+
+
+/*
+ * DRBG flags bitmasks
+ *
+ * 31 (B) 28 19 (A) 0
+ * +-+-+-+--------+---+-----------+-----+
+ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
+ * +-+-+-+--------+- -+-----------+-----+
+ * ctl flg| |drbg use selection flags
+ *
+ */
+
+/* internal state control flags (B) */
+#define DRBG_PREDICTION_RESIST ((u_int32_t)1<<28)
+
+/* CTR type modifiers (A.1)*/
+#define DRBG_CTRAES ((u_int32_t)1<<0)
+#define DRBG_CTRSERPENT ((u_int32_t)1<<1)
+#define DRBG_CTRTWOFISH ((u_int32_t)1<<2)
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT | DRBG_CTRTWOFISH)
+
+/* HASH type modifiers (A.2)*/
+#define DRBG_HASHSHA1 ((u_int32_t)1<<4)
+#define DRBG_HASHSHA224 ((u_int32_t)1<<5)
+#define DRBG_HASHSHA256 ((u_int32_t)1<<6)
+#define DRBG_HASHSHA384 ((u_int32_t)1<<7)
+#define DRBG_HASHSHA512 ((u_int32_t)1<<8)
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 | \
+ DRBG_HASHSHA256 | DRBG_HASHSHA384 | \
+ DRBG_HASHSHA512)
+/* type modifiers (A.3)*/
+#define DRBG_HMAC ((u_int32_t)1<<12)
+#define DRBG_SYM128 ((u_int32_t)1<<13)
+#define DRBG_SYM192 ((u_int32_t)1<<14)
+#define DRBG_SYM256 ((u_int32_t)1<<15)
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 | \
+ DRBG_SYM256)
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK | DRBG_TYPE_MASK)
+
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 | DRBG_HMAC)
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256|DRBG_HMAC)
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384|DRBG_HMAC)
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512|DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
#if 0 /* (Keep Emacsens' auto-indent happy.) */
{
N§²æìržyéZ)z{.±ç(húéì¹»®&Þ¢§²ë¢ž¢¶v+b¢v¥rŠjwlzf¢^ˬyÊ&+~
éi¢§²ë¢ž