From 45b80678109e5817b7cd15566a9d6c96b064b95f Mon Sep 17 00:00:00 2001

From: Jakub Jelen <jjelen@redhat.com>

Date: Wed, 1 Mar 2023 15:39:15 +0100

Subject: [PATCH] random: Remove unused SHA384 DRBGs.

* random/random-drbg.c (global): Remove unused SHA384-based defines.

(drbg_cores): Remove SHA384 configurations.

(drbg_sec_strength): Remove unused SHA384.

--

These are no longer allowed by FIPS and it looks like they were never

usable as they do not have any conversion from the string flags.

GnuPG-bug-id: 6393

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

---

 random/random-drbg.c | 13 ++-----------

 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/random/random-drbg.c b/random/random-drbg.c

index f1cfe286..af49a5a5 100644

--- a/random/random-drbg.c

+++ b/random/random-drbg.c

@@ -188,11 +188,9 @@

 #define DRBG_HASHSHA1		((u32)1<<4)

 #define DRBG_HASHSHA224		((u32)1<<5)

 #define DRBG_HASHSHA256		((u32)1<<6)

-#define DRBG_HASHSHA384		((u32)1<<7)

 #define DRBG_HASHSHA512		((u32)1<<8)

 #define DRBG_HASH_MASK		(DRBG_HASHSHA1 | DRBG_HASHSHA224 \

-				 | DRBG_HASHSHA256 | DRBG_HASHSHA384 \

-				 | DRBG_HASHSHA512)

+				 | DRBG_HASHSHA256 | DRBG_HASHSHA512)

 /* type modifiers (A.3)*/

 #define DRBG_HMAC		((u32)1<<12)

 #define DRBG_SYM128		((u32)1<<13)

@@ -211,23 +209,18 @@

 #define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)

 #define DRBG_PR_HASHSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)

 #define DRBG_PR_HASHSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)

-#define DRBG_PR_HASHSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)

 #define DRBG_PR_HASHSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)

 #define DRBG_NOPR_HASHSHA1   (DRBG_HASHSHA1)

 #define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)

-#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)

 #define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)

 #define DRBG_PR_HMACSHA1     (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \

                               | DRBG_HMAC)

 #define DRBG_PR_HMACSHA256   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \

                               | DRBG_HMAC)

-#define DRBG_PR_HMACSHA384   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \

-                              | DRBG_HMAC)

 #define DRBG_PR_HMACSHA512   (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \

                               | DRBG_HMAC)

 #define DRBG_NOPR_HMACSHA1   (DRBG_HASHSHA1 | DRBG_HMAC)

 #define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)

-#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)

 #define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)

@@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = {

   /* Hash DRBGs */

   {DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},

   {DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},

-  {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},

   {DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},

   /* HMAC DRBGs */

   {DRBG_HASHSHA1   | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},

   {DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},

-  {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},

   {DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},

   /* block ciphers */

   {DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},

@@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags)

   else if (flags & DRBG_SYM192)

     return 24;

   else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||

-	   (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))

+	   (flags & DRBG_HASHSHA512))

     return 32;

   else

     return 32;

-- 

2.39.2