Hello community, here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2014-05-10 08:32:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old) and /work/SRC/openSUSE:Factory/.libgcrypt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libgcrypt" Changes: -------- --- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2014-04-05 16:50:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2014-05-10 08:32:13.000000000 +0200 @@ -1,0 +2,16 @@ +Tue May 6 13:28:33 UTC 2014 - vcizek@suse.com + +- add support for SP800-90A DRBG (fate#316929, bnc#856312) + * patches by Stephan Mueller (http://www.chronox.de/drbg.html): + 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 + 0002-Compile-DRBG.patch + 0003-Function-definitions-of-interfaces-for-random.c.patch + 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch + 0005-Function-definitions-for-gcry_control-callbacks.patch + 0006-DRBG-specific-gcry_control-requests.patch + 0007-User-interface-to-DRBG.patch + * only after 13.1 (the patches need libgpg-error 1.13) +- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't + applied anyway) + +------------------------------------------------------------------- Old: ---- libgcrypt-fips-allow-legacy.patch New: ---- 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch 0007-User-interface-to-DRBG.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgcrypt.spec ++++++ --- /var/tmp/diff_new_pack.HHd3BP/_old 2014-05-10 08:32:14.000000000 +0200 +++ /var/tmp/diff_new_pack.HHd3BP/_new 2014-05-10 08:32:14.000000000 +0200 @@ -43,12 +43,19 @@ Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff #PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com Patch8: libgcrypt-1.6.0-use-intenal-functions.patch -Patch10: libgcrypt-fips-allow-legacy.patch Patch11: libgcrypt-fixed-sizet.patch Patch12: libgcrypt-1.6.1-use-fipscheck.patch Patch13: libgcrypt-1.6.1-fips-cavs.patch #PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch +# add support for SP800-90A DRBG (fate#316929, bnc#856312) +Patch21: 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 +Patch22: 0002-Compile-DRBG.patch +Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch +Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch +Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch +Patch26: 0006-DRBG-specific-gcry_control-requests.patch +Patch27: 0007-User-interface-to-DRBG.patch BuildRequires: automake >= 1.11 BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libtool @@ -119,10 +126,16 @@ %patch5 -p1 %patch7 -p1 %patch8 -p1 -#%patch10 -p1 %patch11 -p1 %if 0%{?suse_version} > 1310 %patch12 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch27 -p1 %endif %patch13 -p1 %patch14 -p1 ++++++ 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 ++++++ ++++ 2375 lines (skipped) ++++++ 0002-Compile-DRBG.patch ++++++ From fe272496f0f9e6e12bfa35f6f1c9d05af9feca2c Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller@chronox.de> Date: Sat, 8 Mar 2014 23:13:33 +0100 Subject: [PATCH v3 2/7] Compile DRBG To: gcrypt-devel@gnupg.org Cc: jeremy.wayne.powell@gmail.com Add the drbg.c file to the Makefile. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- diff --git a/random/Makefile.am b/random/Makefile.am index c9d587a..e073fa4 100644 --- a/random/Makefile.am +++ b/random/Makefile.am @@ -35,6 +35,7 @@ random.c random.h \ rand-internal.h \ random-csprng.c \ random-fips.c \ +drbg.c \ random-system.c \ rndhw.c ++++++ 0003-Function-definitions-of-interfaces-for-random.c.patch ++++++ From bb91250be3eeb2309285fa9865166cb381104c81 Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller@chronox.de> Date: Sat, 8 Mar 2014 23:14:16 +0100 Subject: [PATCH v3 3/7] Function definitions of interfaces for random.c To: gcrypt-devel@gnupg.org Cc: jeremy.wayne.powell@gmail.com Specify the function definitions to be integrated into the common libgcrypt RNG code. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- diff --git a/random/rand-internal.h b/random/rand-internal.h index 79b23ac..a169a4b 100644 --- a/random/rand-internal.h +++ b/random/rand-internal.h @@ -88,6 +88,15 @@ gcry_err_code_t _gcry_rngfips_run_external_test (void *context, char *buffer, size_t buflen); void _gcry_rngfips_deinit_external_test (void *context); +/* drbg-gcry.h */ +void _gcry_drbg_init(int full); +void _gcry_drbg_close_fds(void); +void _gcry_drbg_dump_stats(void); +int _gcry_drbg_is_faked (void); +gcry_error_t _gcry_drng_add_bytes (const void *buf, size_t buflen, int quality); +void _gcry_drbg_randomize (void *buffer, size_t length, + enum gcry_random_level level); +gcry_error_t _gcry_drbg_selftest (selftest_report_func_t report); /*-- random-system.c --*/ void _gcry_rngsystem_initialize (int full); ++++++ 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch ++++++ From 6aa1bc1df0dbbf5b4cb06b86f949aa9d80f68700 Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller@chronox.de> Date: Sat, 8 Mar 2014 23:14:58 +0100 Subject: [PATCH v3 4/7] Invoke DRBG from common libgcrypt RNG code To: gcrypt-devel@gnupg.org Cc: jeremy.wayne.powell@gmail.com Integrate the DRBG invocation with the common libgcrypt RNG code. This integration replaces the old ANSI X9.31 RNG invocation. As the ANSI X9.31 shall only be invoked in FIPS mode and it is sunset at the end of 2014 for FIPS purposes, a complete replacement with the DRBG is considered appropriate. The DRBG is FIPS approved deterministic random number generator for the forseeable future. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- Index: libgcrypt-1.6.1/random/random.c =================================================================== --- libgcrypt-1.6.1.orig/random/random.c 2014-01-29 10:48:38.000000000 +0100 +++ libgcrypt-1.6.1/random/random.c 2014-05-06 14:51:42.350644283 +0200 @@ -153,11 +153,13 @@ _gcry_random_initialize (int full) } if (fips_mode ()) - _gcry_rngfips_initialize (full); + //_gcry_rngfips_initialize (full); + _gcry_drbg_init(full); else if (rng_types.standard) _gcry_rngcsprng_initialize (full); else if (rng_types.fips) - _gcry_rngfips_initialize (full); + _gcry_drbg_init(full); + //_gcry_rngfips_initialize (full); else if (rng_types.system) _gcry_rngsystem_initialize (full); else @@ -174,11 +176,13 @@ _gcry_random_close_fds (void) the entropy gatherer. */ if (fips_mode ()) - _gcry_rngfips_close_fds (); + //_gcry_rngfips_close_fds (); + _gcry_drbg_close_fds (); else if (rng_types.standard) _gcry_rngcsprng_close_fds (); else if (rng_types.fips) - _gcry_rngfips_close_fds (); + //_gcry_rngfips_close_fds (); + _gcry_drbg_close_fds (); else if (rng_types.system) _gcry_rngsystem_close_fds (); else @@ -212,7 +216,8 @@ void _gcry_random_dump_stats (void) { if (fips_mode ()) - _gcry_rngfips_dump_stats (); + //_gcry_rngfips_dump_stats (); + _gcry_drbg_dump_stats (); else _gcry_rngcsprng_dump_stats (); } @@ -271,7 +276,8 @@ int _gcry_random_is_faked (void) { if (fips_mode ()) - return _gcry_rngfips_is_faked (); + //return _gcry_rngfips_is_faked (); + return _gcry_drbg_is_faked (); else return _gcry_rngcsprng_is_faked (); } @@ -301,11 +307,13 @@ static void do_randomize (void *buffer, size_t length, enum gcry_random_level level) { if (fips_mode ()) - _gcry_rngfips_randomize (buffer, length, level); + //_gcry_rngfips_randomize (buffer, length, level); + _gcry_drbg_randomize (buffer, length, level); else if (rng_types.standard) _gcry_rngcsprng_randomize (buffer, length, level); else if (rng_types.fips) - _gcry_rngfips_randomize (buffer, length, level); + //_gcry_rngfips_randomize (buffer, length, level); + _gcry_drbg_randomize (buffer, length, level); else if (rng_types.system) _gcry_rngsystem_randomize (buffer, length, level); else /* default */ @@ -437,7 +445,8 @@ _gcry_create_nonce (void *buffer, size_t nonce generator which is seeded by the RNG actual in use. */ if (fips_mode ()) { - _gcry_rngfips_create_nonce (buffer, length); + //_gcry_rngfips_create_nonce (buffer, length); + _gcry_drbg_randomize (buffer, length, GCRY_WEAK_RANDOM); return; } @@ -514,7 +523,8 @@ gpg_error_t _gcry_random_selftest (selftest_report_func_t report) { if (fips_mode ()) - return _gcry_rngfips_selftest (report); + //return _gcry_rngfips_selftest (report); + return _gcry_drbg_selftest (report); else return 0; /* No selftests yet. */ } @@ -530,6 +540,7 @@ _gcry_random_init_external_test (void ** const void *seed, size_t seedlen, const void *dt, size_t dtlen) { + return GPG_ERR_NOT_SUPPORTED; (void)flags; if (fips_mode ()) return _gcry_rngfips_init_external_test (r_context, flags, key, keylen, @@ -544,6 +555,7 @@ _gcry_random_init_external_test (void ** gcry_err_code_t _gcry_random_run_external_test (void *context, char *buffer, size_t buflen) { + return GPG_ERR_NOT_SUPPORTED; if (fips_mode ()) return _gcry_rngfips_run_external_test (context, buffer, buflen); else @@ -554,6 +566,7 @@ _gcry_random_run_external_test (void *co void _gcry_random_deinit_external_test (void *context) { + return; if (fips_mode ()) _gcry_rngfips_deinit_external_test (context); } ++++++ 0005-Function-definitions-for-gcry_control-callbacks.patch ++++++ From 67106d6e63ae5aff91e8fc7072def4c027546d39 Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller@chronox.de> Date: Sat, 8 Mar 2014 23:15:43 +0100 Subject: [PATCH v3 5/7] Function definitions for gcry_control callbacks To: gcrypt-devel@gnupg.org Cc: jeremy.wayne.powell@gmail.com The function definitions implemented in drbg.c which are used for gcry_control. Changes v3: * Remove of set_entropy function call Signed-off-by: Stephan Mueller <smueller@chronox.de> --- diff --git a/random/random.h b/random/random.h index 2bc8cab..343b149 100644 --- a/random/random.h +++ b/random/random.h @@ -54,7 +54,9 @@ gcry_err_code_t _gcry_random_run_external_test (void *context, char *buffer, size_t buflen); void _gcry_random_deinit_external_test (void *context); - +/*-- drbg.c --*/ +gpg_err_code_t _gcry_drbg_reinit (u_int32_t flags, struct drbg_string *pers, + struct drbg_test_data *test_data); /*-- rndegd.c --*/ gpg_error_t _gcry_rndegd_set_socket_name (const char *name); ++++++ 0006-DRBG-specific-gcry_control-requests.patch ++++++ From bac07e2002f1de9b9ffad477135a67b1bdcf5d85 Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller@chronox.de> Date: Sat, 8 Mar 2014 23:16:24 +0100 Subject: [PATCH v3 6/7] DRBG specific gcry_control requests To: gcrypt-devel@gnupg.org Cc: jeremy.wayne.powell@gmail.com gcry_control GCRYCTL_DRBG_REINIT ================================ This control request re-initializes the DRBG completely, i.e. the entire state of the DRBG is zeroized (with two exceptions listed in GCRYCTL_DRBG_SET_ENTROPY). The control request takes the following values which influences how the DRBG is re-initialized: * __u32 flags: This variable specifies the DRBG type to be used for the next initialization. If set to 0, the previous DRBG type is used for the initialization. The DRBG type is an OR of the mandatory flags of the requested DRBG strength and DRBG cipher type. Optionally, the prediction resistance flag can be ORed into the flags variable. For example: - CTR-DRBG with AES-128 without prediction resistance: DRBG_CTRAES128 - HMAC-DRBG with SHA-512 with prediction resistance: DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST * struct drbg_string *pers: personalization string to be used for initialization. * struct drbg_test_data *test: TEST parameter only -- should be NULL in normal use -- parameter sets predefined "entropy" The variable of flags is independent from the pers/perslen variables. If flags is set to 0 and perslen is set to 0, the current DRBG type is completely reset without using a personalization string. Changes v3: * addition of struct drbg_test_data *test to reinit call * change personalization string invocation to struct drbg_string * remove set_entropy call Signed-off-by: Stephan Mueller <smueller@chronox.de> --- diff --git a/src/global.c b/src/global.c index 4e8df86..5c19cca 100644 --- a/src/global.c +++ b/src/global.c @@ -671,6 +671,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) rc = GPG_ERR_NOT_IMPLEMENTED; break; + case GCRYCTL_DRBG_REINIT: + { + u_int32_t flags = va_arg (arg_ptr, u_int32_t); + struct drbg_string *pers = va_arg (arg_ptr, struct drbg_string *); + struct drbg_test_data *test_data = va_arg (arg_ptr, struct drbg_test_data *); + rc = _gcry_drbg_reinit(flags, pers, test_data); + } + break; + default: _gcry_set_preferred_rng_type (0); rc = GPG_ERR_INV_OP; ++++++ 0007-User-interface-to-DRBG.patch ++++++ Changes v4: * add fail_seed_source to struct drbg_test_data Signed-off-by: Stephan Mueller <smueller@chronox.de> --- diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index c84a3f7..2a17dcd 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -193,7 +193,7 @@ gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err); /* Return an error value with the system error ERR. */ gcry_err_code_t gcry_error_from_errno (int err); - + /* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore used. However we keep it to allow for some source code compatibility if used in the standard way. */ @@ -228,7 +228,7 @@ struct gcry_thread_cbs (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))} - + /* A generic context object as used by some functions. */ struct gcry_context; typedef struct gcry_context *gcry_ctx_t; @@ -254,7 +254,7 @@ typedef struct } gcry_buffer_t; - + /* Check that the library fulfills the version requirement. */ const char *gcry_check_version (const char *req_version); @@ -329,13 +329,14 @@ enum gcry_ctl_cmds GCRYCTL_SET_CCM_LENGTHS = 69, GCRYCTL_CLOSE_RANDOM_DEVICE = 70, GCRYCTL_INACTIVATE_FIPS_FLAG = 71, - GCRYCTL_REACTIVATE_FIPS_FLAG = 72 + GCRYCTL_REACTIVATE_FIPS_FLAG = 72, + GCRYCTL_DRBG_REINIT = 73, }; /* Perform various operations defined by CMD. */ gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...); - + /* S-expression management. */ /* The object to represent an S-expression as used with the public key @@ -477,7 +478,7 @@ gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp, const char *list, ...) _GCRY_GCC_ATTR_SENTINEL(0); - + /******************************************* * * * Multi Precision Integer Functions * @@ -833,7 +834,7 @@ gcry_mpi_t _gcry_mpi_get_const (int no); #endif /* GCRYPT_NO_MPI_MACROS */ - + /************************************ * * * Symmetric Cipher Functions * @@ -1015,7 +1016,7 @@ size_t gcry_cipher_get_algo_blklen (int algo); #define gcry_cipher_test_algo(a) \ gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) - + /************************************ * * * Asymmetric Cipher Functions * @@ -1114,7 +1115,7 @@ gcry_sexp_t gcry_pk_get_param (int algo, const char *name); gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx); - + /************************************ * * @@ -1291,7 +1292,7 @@ void gcry_md_debug (gcry_md_hd_t hd, const char *suffix); #define gcry_md_get_asnoid(a,b,n) \ gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n)) - + /********************************************** * * @@ -1411,7 +1412,7 @@ int gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE; #define gcry_mac_test_algo(a) \ gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) - + /****************************** * * * Key Derivation Functions * @@ -1439,7 +1440,7 @@ gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen, - + /************************************ * * * Random Generating Functions * @@ -1508,7 +1509,7 @@ void gcry_create_nonce (void *buffer, size_t length); - + /*******************************/ /* */ /* Prime Number Functions */ @@ -1567,7 +1568,7 @@ void gcry_prime_release_factors (gcry_mpi_t *factors); gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags); - + /************************************ * * * Miscellaneous Stuff * @@ -1672,6 +1673,136 @@ int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE; /* Return true if Libgcrypt is in FIPS mode. */ #define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0) +/* DRBG test data */ +struct drbg_test_data { + struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */ + int fail_seed_source:1; /* if set, the seed function will return an + * error */ +}; + +/* DRBG input data structure for DRBG generate with additional information + * string */ +struct drbg_gen { + unsigned char *outbuf; /* output buffer for random numbers */ + unsigned int outlen; /* size of output buffer */ + struct drbg_string *addtl; /* input buffer for + * additional information string */ + struct drbg_test_data *test_data; /* test data */ +}; + +/* + * Concatenation Helper and string operation helper + * + * SP800-90A requires the concatenation of different data. To avoid copying + * buffers around or allocate additional memory, the following data structure + * is used to point to the original memory with its size. In addition, it + * is used to build a linked list. The linked list defines the concatenation + * of individual buffers. The order of memory block referenced in that + * linked list determines the order of concatenation. + */ +/* DRBG string definition */ +struct drbg_string { + const unsigned char *buf; + size_t len; + struct drbg_string *next; +}; + +static inline void drbg_string_fill(struct drbg_string *string, + const unsigned char *buf, size_t len) +{ + string->buf = buf; + string->len = len; + string->next = NULL; +} + +/* this is a wrapper function for users of libgcrypt */ +static inline void gcry_randomize_drbg(void *outbuf, size_t outlen, + enum gcry_random_level level, + struct drbg_string *addtl) +{ + struct drbg_gen genbuf; + genbuf.outbuf = outbuf; + genbuf.outlen = outlen; + genbuf.addtl = addtl; + genbuf.test_data = NULL; + gcry_randomize(&genbuf, 0, level); +} + +/* this is a wrapper function for users of libgcrypt */ +static inline void gcry_randomize_drbg_test(void *outbuf, size_t outlen, + enum gcry_random_level level, + struct drbg_string *addtl, + struct drbg_test_data *test_data) +{ + struct drbg_gen genbuf; + genbuf.outbuf = outbuf; + genbuf.outlen = outlen; + genbuf.addtl = addtl; + genbuf.test_data = test_data; + gcry_randomize(&genbuf, 0, level); +} + + +/* + * DRBG flags bitmasks + * + * 31 (B) 28 19 (A) 0 + * +-+-+-+--------+---+-----------+-----+ + * |~|~|u|~~~~~~~~| 3 | 2 | 1 | + * +-+-+-+--------+- -+-----------+-----+ + * ctl flg| |drbg use selection flags + * + */ + +/* internal state control flags (B) */ +#define DRBG_PREDICTION_RESIST ((u_int32_t)1<<28) + +/* CTR type modifiers (A.1)*/ +#define DRBG_CTRAES ((u_int32_t)1<<0) +#define DRBG_CTRSERPENT ((u_int32_t)1<<1) +#define DRBG_CTRTWOFISH ((u_int32_t)1<<2) +#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT | DRBG_CTRTWOFISH) + +/* HASH type modifiers (A.2)*/ +#define DRBG_HASHSHA1 ((u_int32_t)1<<4) +#define DRBG_HASHSHA224 ((u_int32_t)1<<5) +#define DRBG_HASHSHA256 ((u_int32_t)1<<6) +#define DRBG_HASHSHA384 ((u_int32_t)1<<7) +#define DRBG_HASHSHA512 ((u_int32_t)1<<8) +#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 | \ + DRBG_HASHSHA256 | DRBG_HASHSHA384 | \ + DRBG_HASHSHA512) +/* type modifiers (A.3)*/ +#define DRBG_HMAC ((u_int32_t)1<<12) +#define DRBG_SYM128 ((u_int32_t)1<<13) +#define DRBG_SYM192 ((u_int32_t)1<<14) +#define DRBG_SYM256 ((u_int32_t)1<<15) +#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 | \ + DRBG_SYM256) +#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK | DRBG_TYPE_MASK) + +#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128) +#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192) +#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256) +#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128) +#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192) +#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256) +#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1) +#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256) +#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384) +#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512) +#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1) +#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256) +#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384) +#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512) +#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 | DRBG_HMAC) +#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256|DRBG_HMAC) +#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384|DRBG_HMAC) +#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512|DRBG_HMAC) +#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC) +#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC) +#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC) +#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC) #if 0 /* (Keep Emacsens' auto-indent happy.) */ {