Blame SOURCES/libgcrypt-1.5.0-tests.patch

6e4d5d
diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
6e4d5d
--- libgcrypt-1.5.0/cipher/dsa.c.tests	2011-06-13 12:24:46.000000000 +0200
6e4d5d
+++ libgcrypt-1.5.0/cipher/dsa.c	2011-07-20 16:44:51.000000000 +0200
6e4d5d
@@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
6e4d5d
             initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
6e4d5d
                                                     &initial_seed.seedlen);
6e4d5d
         }
6e4d5d
-
6e4d5d
-      /* Fixme: Enable 186-3 after it has been approved and after fixing
6e4d5d
-         the generation function.  */
6e4d5d
-      /*   if (use_fips186_2) */
6e4d5d
-      (void)use_fips186_2;
6e4d5d
-      ec = _gcry_generate_fips186_2_prime (nbits, qbits,
6e4d5d
-                                           initial_seed.seed,
6e4d5d
+      
6e4d5d
+      if (use_fips186_2)
6e4d5d
+        ec = _gcry_generate_fips186_2_prime (nbits, qbits, 
6e4d5d
+                                           initial_seed.seed, 
6e4d5d
                                            initial_seed.seedlen,
6e4d5d
                                            &prime_q, &prime_p,
6e4d5d
                                            r_counter,
6e4d5d
                                            r_seed, r_seedlen);
6e4d5d
-      /*   else */
6e4d5d
-      /*     ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
6e4d5d
-      /*                                          &prime_q, &prime_p, */
6e4d5d
-      /*                                          r_counter, */
6e4d5d
-      /*                                          r_seed, r_seedlen, NULL); */
6e4d5d
+      else
6e4d5d
+        ec = _gcry_generate_fips186_3_prime (nbits, qbits,
6e4d5d
+                                          initial_seed.seed,
6e4d5d
+                                          initial_seed.seedlen,
6e4d5d
+                                          &prime_q, &prime_p,
6e4d5d
+                                          r_counter,
6e4d5d
+                                          r_seed, r_seedlen, NULL);
6e4d5d
       gcry_sexp_release (initial_seed.sexp);
6e4d5d
       if (ec)
6e4d5d
         goto leave;
6e4d5d
diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
6e4d5d
--- libgcrypt-1.5.0/cipher/primegen.c.tests	2011-03-28 14:19:52.000000000 +0200
6e4d5d
+++ libgcrypt-1.5.0/cipher/primegen.c	2011-07-21 14:36:03.000000000 +0200
6e4d5d
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
6e4d5d
   gpg_err_code_t ec;
6e4d5d
   unsigned char seed_help_buffer[256/8];  /* Used to hold a generated SEED. */
6e4d5d
   unsigned char *seed_plus;     /* Malloced buffer to hold SEED+x.  */
6e4d5d
-  unsigned char digest[256/8];  /* Helper buffer for SHA-1 digest.  */
6e4d5d
+  unsigned char digest[256/8];  /* Helper buffer for SHA-x digest.  */
6e4d5d
   gcry_mpi_t val_2 = NULL;      /* Helper for the prime test.  */
6e4d5d
   gcry_mpi_t tmpval = NULL;     /* Helper variable.  */
6e4d5d
   int hashalgo;                 /* The id of the Approved Hash Function.  */
6e4d5d
@@ -1737,7 +1737,7 @@ _gcry_generate_fips186_3_prime (unsigned
6e4d5d
         }
6e4d5d
       gcry_mpi_release (prime_q); prime_q = NULL;
6e4d5d
       ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
6e4d5d
-                                        value_u, sizeof value_u, NULL));
6e4d5d
+                                        value_u, qbits/8, NULL));
6e4d5d
       if (ec)
6e4d5d
         goto leave;
6e4d5d
       mpi_set_highbit (prime_q, qbits-1 );
6e4d5d
@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned
6e4d5d
               if (seed_plus[i])
6e4d5d
                 break;
6e4d5d
             }
6e4d5d
-          gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
6e4d5d
+          gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
6e4d5d
 
6e4d5d
           gcry_mpi_release (tmpval); tmpval = NULL;
6e4d5d
           ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
6e4d5d
-                                            digest, sizeof digest, NULL));
6e4d5d
+                                            digest, qbits/8, NULL));
6e4d5d
           if (ec)
6e4d5d
             goto leave;
6e4d5d
           if (value_j == value_n)
6e4d5d
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
6e4d5d
     }
6e4d5d
 
6e4d5d
   /* Step 12:  Save p, q, counter and seed.  */
6e4d5d
-  log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
6e4d5d
+/*  log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
6e4d5d
              mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
6e4d5d
   log_printhex("fips186-3 seed:", seed, seedlen);
6e4d5d
   log_mpidump ("fips186-3 prime p", prime_p);
6e4d5d
-  log_mpidump ("fips186-3 prime q", prime_q);
6e4d5d
+  log_mpidump ("fips186-3 prime q", prime_q); */
6e4d5d
   if (r_q)
6e4d5d
     {
6e4d5d
       *r_q = prime_q;
6e4d5d
diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
6e4d5d
--- libgcrypt-1.5.0/cipher/rsa.c.tests	2011-06-10 10:53:41.000000000 +0200
6e4d5d
+++ libgcrypt-1.5.0/cipher/rsa.c	2011-07-21 14:36:59.000000000 +0200
6e4d5d
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
6e4d5d
 
6e4d5d
   *swapped = 0;
6e4d5d
 
6e4d5d
-  if (e_value == 1)   /* Alias for a secure value. */
6e4d5d
+  if (e_value == 1 || e_value == 0)   /* Alias for a secure value. */
6e4d5d
     e_value = 65537;
6e4d5d
 
6e4d5d
   /* Point 1 of section 4.1:  k = 1024 + 256s with S >= 0  */
6e4d5d
diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
6e4d5d
--- libgcrypt-1.5.0/random/random-fips.c.tests	2011-07-20 16:40:59.000000000 +0200
6e4d5d
+++ libgcrypt-1.5.0/random/random-fips.c	2011-07-20 16:40:59.000000000 +0200
6e4d5d
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
6e4d5d
 
6e4d5d
   check_guards (rng_ctx);
6e4d5d
 
6e4d5d
+ reinitialize:
6e4d5d
   /* Initialize the cipher handle and thus setup the key if needed.  */
6e4d5d
   if (!rng_ctx->cipher_hd)
6e4d5d
     {
6e4d5d
@@ -710,13 +711,11 @@ get_random (void *buffer, size_t length,
6e4d5d
   if (rng_ctx->key_init_pid != getpid ()
6e4d5d
       || rng_ctx->seed_init_pid != getpid ())
6e4d5d
     {
6e4d5d
-      /* We are in a child of us.  Because we have no way yet to do
6e4d5d
-         proper re-initialization (including self-checks etc), the
6e4d5d
-         only chance we have is to bail out.  Obviusly a fork/exec
6e4d5d
-         won't harm because the exec overwrites the old image. */
6e4d5d
-      fips_signal_error ("fork without proper re-initialization "
6e4d5d
-                         "detected in RNG");
6e4d5d
-      goto bailout;
6e4d5d
+      /* Just reinitialize the key & seed. */
6e4d5d
+      gcry_cipher_close(rng_ctx->cipher_hd);
6e4d5d
+      rng_ctx->cipher_hd = NULL;
6e4d5d
+      rng_ctx->is_seeded = 0;
6e4d5d
+      goto reinitialize;
6e4d5d
     }
6e4d5d
 
6e4d5d
   if (x931_aes_driver (buffer, length, rng_ctx))
6e4d5d
diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
6e4d5d
--- libgcrypt-1.5.0/tests/ac.c.tests	2011-02-04 20:18:20.000000000 +0100
6e4d5d
+++ libgcrypt-1.5.0/tests/ac.c	2011-07-20 16:40:59.000000000 +0200
6e4d5d
@@ -150,6 +150,9 @@ main (int argc, char **argv)
6e4d5d
   if (!gcry_check_version (GCRYPT_VERSION))
6e4d5d
     die ("version mismatch\n");
6e4d5d
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
6e4d5d
+  if (gcry_fips_mode_active())
6e4d5d
+    /* ac not functional in the fips mode, skip it */
6e4d5d
+    return 77;
6e4d5d
   if (debug)
6e4d5d
     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
6e4d5d
   /* No valuable keys are create, so we can speed up our RNG. */
6e4d5d
diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
6e4d5d
--- libgcrypt-1.5.0/tests/ac-data.c.tests	2011-02-04 20:18:20.000000000 +0100
6e4d5d
+++ libgcrypt-1.5.0/tests/ac-data.c	2011-07-20 16:40:59.000000000 +0200
6e4d5d
@@ -198,6 +198,9 @@ main (int argc, char **argv)
6e4d5d
   if (!gcry_check_version (GCRYPT_VERSION))
6e4d5d
     die ("version mismatch\n");
6e4d5d
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
6e4d5d
+  if (gcry_fips_mode_active())
6e4d5d
+    /* ac not functional in the fips mode, skip it */
6e4d5d
+    return 77;
6e4d5d
   if (debug)
6e4d5d
     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
6e4d5d
 
6e4d5d
diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
6e4d5d
--- libgcrypt-1.5.0/tests/ac-schemes.c.tests	2011-02-04 20:18:20.000000000 +0100
6e4d5d
+++ libgcrypt-1.5.0/tests/ac-schemes.c	2011-07-20 16:40:59.000000000 +0200
6e4d5d
@@ -338,6 +338,9 @@ main (int argc, char **argv)
6e4d5d
   if (! gcry_check_version (GCRYPT_VERSION))
6e4d5d
     die ("version mismatch\n");
6e4d5d
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
6e4d5d
+  if (gcry_fips_mode_active())
6e4d5d
+    /* ac not functional in the fips mode, skip it */
6e4d5d
+    return 77;
6e4d5d
   if (debug)
6e4d5d
     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
6e4d5d
 
6e4d5d
diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
6e4d5d
--- libgcrypt-1.5.0/tests/keygen.c.tests	2011-02-04 20:18:20.000000000 +0100
6e4d5d
+++ libgcrypt-1.5.0/tests/keygen.c	2011-07-21 14:39:03.000000000 +0200
6e4d5d
@@ -148,12 +148,12 @@ check_rsa_keys (void)
6e4d5d
     }
6e4d5d
 
6e4d5d
   if (verbose)
6e4d5d
-    fprintf (stderr, "creating 1536 bit DSA key\n");
6e4d5d
+    fprintf (stderr, "creating 2048 bit DSA key\n");
6e4d5d
   rc = gcry_sexp_new (&keyparm,
6e4d5d
                       "(genkey\n"
6e4d5d
                       " (dsa\n"
6e4d5d
-                      "  (nbits 4:1536)\n"
6e4d5d
-                      "  (qbits 3:224)\n"
6e4d5d
+                      "  (nbits 4:2048)\n"
6e4d5d
+                      "  (qbits 3:256)\n"
6e4d5d
                       " ))", 0, 1);
6e4d5d
   if (rc)
6e4d5d
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
6e4d5d
@@ -190,11 +190,11 @@ check_rsa_keys (void)
6e4d5d
 
6e4d5d
 
6e4d5d
   if (verbose)
6e4d5d
-    fprintf (stderr, "creating 512 bit RSA key with e=257\n");
6e4d5d
+    fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
6e4d5d
   rc = gcry_sexp_new (&keyparm,
6e4d5d
                       "(genkey\n"
6e4d5d
                       " (rsa\n"
6e4d5d
-                      "  (nbits 3:512)\n"
6e4d5d
+                      "  (nbits 4:1024)\n"
6e4d5d
                       "  (rsa-use-e 3:257)\n"
6e4d5d
                       " ))", 0, 1);
6e4d5d
   if (rc)
6e4d5d
@@ -208,11 +208,11 @@ check_rsa_keys (void)
6e4d5d
   gcry_sexp_release (key);
6e4d5d
 
6e4d5d
   if (verbose)
6e4d5d
-    fprintf (stderr, "creating 512 bit RSA key with default e\n");
6e4d5d
+    fprintf (stderr, "creating 1024 bit RSA key with default secure e\n");
6e4d5d
   rc = gcry_sexp_new (&keyparm,
6e4d5d
                       "(genkey\n"
6e4d5d
                       " (rsa\n"
6e4d5d
-                      "  (nbits 3:512)\n"
6e4d5d
+                      "  (nbits 4:1024)\n"
6e4d5d
                       "  (rsa-use-e 1:0)\n"
6e4d5d
                       " ))", 0, 1);
6e4d5d
   if (rc)