diff --git a/SOURCES/libgcrypt-1.10.0-allow-short-salt.patch b/SOURCES/libgcrypt-1.10.0-allow-short-salt.patch index 46054cf..6800cf6 100644 --- a/SOURCES/libgcrypt-1.10.0-allow-short-salt.patch +++ b/SOURCES/libgcrypt-1.10.0-allow-short-salt.patch @@ -48,4 +48,30 @@ index c98247d8..aee5bffb 100644 -- 2.37.1 +commit 02718ade6ab5eee38169c2102097166770a2456d +Author: Jakub Jelen +Date: Thu Oct 20 16:33:11 2022 +0200 + visiblity: Check the HMAC key length in FIPS mode + + --- + * src/visibility.c (gcry_md_setkey): Check the HMAC key length in FIPS + mode also in the md_ API. + + Signed-off-by: Jakub Jelen + +diff --git a/src/visibility.c b/src/visibility.c +index 150b197d..73db3dea 100644 +--- a/src/visibility.c ++++ b/src/visibility.c +@@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) + { + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); ++ ++ if (fips_mode () && keylen < 14) ++ return GPG_ERR_INV_VALUE; ++ + return gpg_error (_gcry_md_setkey (hd, key, keylen)); + } + diff --git a/SOURCES/libgcrypt-1.10.0-fips-disable-oaep.patch b/SOURCES/libgcrypt-1.10.0-fips-disable-oaep.patch deleted file mode 100644 index 3de63c8..0000000 --- a/SOURCES/libgcrypt-1.10.0-fips-disable-oaep.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 34d8fc576b3a06dd205f45327a971eb6771e808c Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 17 Aug 2022 09:01:44 +0200 -Subject: [PATCH 1/2] Disable RSA-OAEP padding in FIPS mode - -* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding - in FIPS mode for encryption -* cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for - decryption ---- - -Signed-off-by: Jakub Jelen ---- - cipher/pubkey-util.c | 5 ++++- - cipher/rsa.c | 3 ++- - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c -index 4953caf3..244dd5d4 100644 ---- a/cipher/pubkey-util.c -+++ b/cipher/pubkey-util.c -@@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, - const void * value; - size_t valuelen; - -- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) -+ /* The RSA OAEP encryption requires some more assurances in FIPS */ -+ if (fips_mode ()) -+ rc = GPG_ERR_INV_FLAG; -+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) - rc = GPG_ERR_INV_OBJ; - else - { -diff --git a/cipher/rsa.c b/cipher/rsa.c -index 96dba090..87f57b55 100644 ---- a/cipher/rsa.c -+++ b/cipher/rsa.c -@@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) - rc = GPG_ERR_INV_DATA; - goto leave; - } -- if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1)) -+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 || -+ ctx.encoding == PUBKEY_ENC_OAEP)) - { - rc = GPG_ERR_INV_FLAG; - goto leave; --- -2.37.1 - - -From c6d64e697c2748a49e875060aa753fc568c5f772 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 17 Aug 2022 10:31:19 +0200 -Subject: [PATCH 2/2] tests: Expect the OEAP tests to fail in FIPS mode - -* tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption - to fail in FIPS mode -* tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS - mode ---- - -Signed-off-by: Jakub Jelen ---- - tests/basic.c | 14 +++++++++----- - tests/pkcs1v2.c | 13 +++++++++++++ - 2 files changed, 22 insertions(+), 5 deletions(-) - -diff --git a/tests/basic.c b/tests/basic.c -index 26980e15..b4102c9f 100644 ---- a/tests/basic.c -+++ b/tests/basic.c -@@ -16892,21 +16892,24 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - "(flags oaep)", - 1, - 0, -- 0 }, -+ 0, -+ FLAG_NOFIPS }, - { GCRY_PK_RSA, - "(data\n (flags oaep)\n (hash-algo sha1)\n" - " (value #11223344556677889900AA#))\n", - "(flags oaep)(hash-algo sha1)", - 1, - 0, -- 0 }, -+ 0, -+ FLAG_NOFIPS }, - { GCRY_PK_RSA, - "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" - " (value #11223344556677889900AA#))\n", - "(flags oaep)(hash-algo sha1)(label \"test\")", - 1, - 0, -- 0 }, -+ 0, -+ FLAG_NOFIPS }, - { GCRY_PK_RSA, - "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" - " (value #11223344556677889900AA#)\n" -@@ -16914,7 +16917,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - "(flags oaep)(hash-algo sha1)(label \"test\")", - 1, - 0, -- 0 }, -+ 0, -+ FLAG_NOFIPS }, - { 0, - "(data\n (flags )\n" " (value #11223344556677889900AA#))\n", - NULL, -@@ -16960,7 +16964,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - "(flags pkcs1)", - 1, - 0, -- GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL }, -+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL | FLAG_NOFIPS }, - { 0, - "(data\n (flags pss)\n" - " (value #11223344556677889900AA#))\n", -diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c -index 6c7f3d81..2fd495d5 100644 ---- a/tests/pkcs1v2.c -+++ b/tests/pkcs1v2.c -@@ -186,11 +186,24 @@ check_oaep (void) - err = gcry_pk_encrypt (&ciph, plain, pub_key); - if (err) - { -+ if (in_fips_mode) -+ { -+ gcry_sexp_release (plain); -+ plain = NULL; -+ continue; -+ } - show_sexp ("plain:\n", ciph); - fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err)); - } - else - { -+ if (in_fips_mode) -+ { -+ fail ("The OAEP encryption unexpectedly worked in FIPS mode\n"); -+ gcry_sexp_release (plain); -+ plain = NULL; -+ continue; -+ } - if (extract_cmp_data (ciph, "a", tbl[tno].m[mno].encr, - tbl[tno].m[mno].desc)) - { --- -2.37.1 - diff --git a/SOURCES/libgcrypt-1.10.0-fips-disable-pkcs1.5.patch b/SOURCES/libgcrypt-1.10.0-fips-disable-pkcs1.5.patch deleted file mode 100644 index 325b2fd..0000000 --- a/SOURCES/libgcrypt-1.10.0-fips-disable-pkcs1.5.patch +++ /dev/null @@ -1,219 +0,0 @@ -From c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Fri, 1 Apr 2022 18:29:08 +0200 -Subject: [PATCH 1/3] Do not allow PKCS #1.5 padding for encryption in FIPS - -* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5 - padding for encryption in FIPS mode -* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode --- - -GnuPG-bug-id: 5918 -Signed-off-by: Jakub Jelen ---- - cipher/pubkey-util.c | 5 ++++- - cipher/rsa.c | 5 +++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c -index 68defea6..4953caf3 100644 ---- a/cipher/pubkey-util.c -+++ b/cipher/pubkey-util.c -@@ -957,7 +957,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, - void *random_override = NULL; - size_t random_override_len = 0; - -- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) -+ /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */ -+ if (fips_mode ()) -+ rc = GPG_ERR_INV_FLAG; -+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) - rc = GPG_ERR_INV_OBJ; - else - { -diff --git a/cipher/rsa.c b/cipher/rsa.c -index 771413b3..c6319b67 100644 ---- a/cipher/rsa.c -+++ b/cipher/rsa.c -@@ -1391,6 +1391,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) - rc = GPG_ERR_INV_DATA; - goto leave; - } -+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1)) -+ { -+ rc = GPG_ERR_INV_FLAG; -+ goto leave; -+ } - - /* Extract the key. */ - rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?", --- -2.34.1 - - -From 299e2f93415984919181e0ee651719bbf83bdd2f Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Fri, 1 Apr 2022 18:31:05 +0200 -Subject: [PATCH 2/3] tests: Replace custom bit with more generic flags - -* tests/basic.c (global): New flag FLAG_SPECIAL - (check_pubkey_crypt): Change to use bitfield flags - --- - -GnuPG-bug-id: 5918 -Signed-off-by: Jakub Jelen ---- - tests/basic.c | 19 ++++++++++--------- - 1 file changed, 10 insertions(+), 9 deletions(-) - -diff --git a/tests/basic.c b/tests/basic.c -index a0ad33eb..1c6cb40b 100644 ---- a/tests/basic.c -+++ b/tests/basic.c -@@ -55,11 +55,12 @@ typedef struct test_spec_pubkey - } - test_spec_pubkey_t; - --#define FLAG_CRYPT (1 << 0) --#define FLAG_SIGN (1 << 1) --#define FLAG_GRIP (1 << 2) --#define FLAG_NOFIPS (1 << 3) --#define FLAG_CFB8 (1 << 4) -+#define FLAG_CRYPT (1 << 0) -+#define FLAG_SIGN (1 << 1) -+#define FLAG_GRIP (1 << 2) -+#define FLAG_NOFIPS (1 << 3) -+#define FLAG_CFB8 (1 << 4) -+#define FLAG_SPECIAL (1 << 5) - - static int in_fips_mode; - -@@ -15558,7 +15559,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - int unpadded; - int encrypt_expected_rc; - int decrypt_expected_rc; -- int special; -+ int flags; - } datas[] = - { - { GCRY_PK_RSA, -@@ -15642,14 +15643,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - "(flags oaep)", - 1, - 0, -- GPG_ERR_ENCODING_PROBLEM, 1 }, -+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL }, - { GCRY_PK_RSA, - "(data\n (flags oaep)\n" - " (value #11223344556677889900AA#))\n", - "(flags pkcs1)", - 1, - 0, -- GPG_ERR_ENCODING_PROBLEM, 1 }, -+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL }, - { 0, - "(data\n (flags pss)\n" - " (value #11223344556677889900AA#))\n", -@@ -15725,7 +15726,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - ciph = list; - } - rc = gcry_pk_decrypt (&plain, ciph, skey); -- if (!rc && datas[dataidx].special == 1) -+ if (!rc && (datas[dataidx].flags & FLAG_SPECIAL)) - { - /* It may happen that OAEP formatted data which is - decrypted as pkcs#1 data returns a valid pkcs#1 --- -2.34.1 - - -From f736f3c70182d9c948f9105eb769c47c5578df35 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Fri, 1 Apr 2022 18:34:42 +0200 -Subject: [PATCH 3/3] tests: Expect the RSA PKCS #1.5 encryption to fail in - FIPS mode - -* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to - fail in FIPS mode. Expect failure when wrong padding is selected -* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to - fail in FIPS mode --- - -GnuPG-bug-id: 5918 -Signed-off-by: Jakub Jelen ---- - tests/basic.c | 11 +++++++---- - tests/pkcs1v2.c | 14 +++++++++++++- - 2 files changed, 20 insertions(+), 5 deletions(-) - -diff --git a/tests/basic.c b/tests/basic.c -index 1c6cb40b..85764591 100644 ---- a/tests/basic.c -+++ b/tests/basic.c -@@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - NULL, - 0, - 0, -- 0 }, -+ 0, -+ FLAG_NOFIPS }, - { GCRY_PK_RSA, - "(data\n (flags pkcs1)\n" - " (value #11223344556677889900AA#))\n", - "(flags pkcs1)", - 1, - 0, -- 0 }, -+ 0, -+ FLAG_NOFIPS }, - { GCRY_PK_RSA, - "(data\n (flags oaep)\n" - " (value #11223344556677889900AA#))\n", -@@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - die ("converting data failed: %s\n", gpg_strerror (rc)); - - rc = gcry_pk_encrypt (&ciph, data, pkey); -- if (in_fips_mode && (flags & FLAG_NOFIPS)) -+ if (in_fips_mode && ((flags & FLAG_NOFIPS) || -+ (datas[dataidx].flags & FLAG_NOFIPS))) - { - if (!rc) - fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n"); -@@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, - ciph = list; - } - rc = gcry_pk_decrypt (&plain, ciph, skey); -- if (!rc && (datas[dataidx].flags & FLAG_SPECIAL)) -+ if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL)) - { - /* It may happen that OAEP formatted data which is - decrypted as pkcs#1 data returns a valid pkcs#1 -diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c -index f26e779b..6c7f3d81 100644 ---- a/tests/pkcs1v2.c -+++ b/tests/pkcs1v2.c -@@ -454,7 +454,19 @@ check_v15crypt (void) - gcry_free (seed); - - err = gcry_pk_encrypt (&ciph, plain, pub_key); -- if (err) -+ if (in_fips_mode) -+ { -+ if (!err) -+ { -+ fail ("gcry_pk_encrypt should have failed in FIPS mode:\n"); -+ } -+ gcry_sexp_release (plain); -+ plain = NULL; -+ gcry_sexp_release (ciph); -+ ciph = NULL; -+ continue; -+ } -+ else if (err) - { - show_sexp ("plain:\n", ciph); - fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err)); --- -2.34.1 - diff --git a/SOURCES/libgcrypt-1.10.0-fips-getrandom.patch b/SOURCES/libgcrypt-1.10.0-fips-getrandom.patch index 39ac59c..b0d5bf2 100644 --- a/SOURCES/libgcrypt-1.10.0-fips-getrandom.patch +++ b/SOURCES/libgcrypt-1.10.0-fips-getrandom.patch @@ -24,15 +24,24 @@ diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c index 7580873e..db4b09ed 100644 --- a/random/rndgetentropy.c +++ b/random/rndgetentropy.c -@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t, +@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t, + * never blocking once the kernel is seeded. */ + do { - nbytes = length < sizeof (buffer)? length : sizeof (buffer); +- nbytes = length < sizeof (buffer)? length : sizeof (buffer); _gcry_pre_syscall (); - ret = getentropy (buffer, nbytes); + if (fips_mode ()) -+ ret = getrandom (buffer, nbytes, GRND_RANDOM); ++ { ++ /* The getrandom API returns maximum 32 B of strong entropy */ ++ nbytes = length < 32 ? length : 32; ++ ret = getrandom (buffer, nbytes, GRND_RANDOM); ++ } + else -+ ret = getentropy (buffer, nbytes); ++ { ++ nbytes = length < sizeof (buffer) ? length : sizeof (buffer); ++ ret = getentropy (buffer, nbytes); ++ } _gcry_post_syscall (); } while (ret == -1 && errno == EINTR); diff --git a/SOURCES/libgcrypt-1.10.0-fips-kdf.patch b/SOURCES/libgcrypt-1.10.0-fips-kdf.patch new file mode 100644 index 0000000..955847e --- /dev/null +++ b/SOURCES/libgcrypt-1.10.0-fips-kdf.patch @@ -0,0 +1,87 @@ +From 3c04b692de1e7b45b764ff8d66bf84609b012e3a Mon Sep 17 00:00:00 2001 +From: Tobias Heider +Date: Tue, 27 Sep 2022 13:31:05 +0900 +Subject: [PATCH] kdf:pkdf2: Check minimum allowed key size when running in + FIPS mode. + +* cipher/kdf.c (_gcry_kdf_pkdf2): Add output length check. + +-- + +GnuPG-bug-id: 6219 +--- + cipher/kdf.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/cipher/kdf.c b/cipher/kdf.c +index 81523320..67c60df8 100644 +--- a/cipher/kdf.c ++++ b/cipher/kdf.c +@@ -160,6 +160,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, + return GPG_ERR_INV_VALUE; + #endif + ++ /* Check minimum key size */ ++ if (fips_mode () && dklen < 14) ++ return GPG_ERR_INV_VALUE; ++ + + /* Step 2 */ + l = ((dklen - 1)/ hlen) + 1; +-- +2.37.3 +From e5a5e847b66eb6b80e60a2dffa347268f059aee3 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 4 Oct 2022 12:44:54 +0200 +Subject: [PATCH] tests: Reproducer for short dklen in FIPS mode + +* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and + verify it fails in FIPS mode +-- + +GnuPG-bug-id: 6219 +Signed-off-by: Jakub Jelen +--- + tests/t-kdf.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/tests/t-kdf.c b/tests/t-kdf.c +index c0192d7b..716fb53e 100644 +--- a/tests/t-kdf.c ++++ b/tests/t-kdf.c +@@ -909,6 +909,14 @@ check_pbkdf2 (void) + "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" + "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6" + }, ++ { ++ "password", 8, ++ "salt", 4, ++ GCRY_MD_SHA1, ++ 1, ++ 10, /* too short dklen for FIPS */ ++ "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" ++ }, + { + "password", 8, + "salt", 4, +@@ -1109,7 +1117,7 @@ check_pbkdf2 (void) + GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, + tv[tvidx].salt, tv[tvidx].saltlen, + tv[tvidx].c, tv[tvidx].dklen, outbuf); +- if (in_fips_mode && tvidx > 6) ++ if (in_fips_mode && tvidx > 7) + { + if (!err) + fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n", +@@ -1118,7 +1126,7 @@ check_pbkdf2 (void) + } + if (err) + { +- if (in_fips_mode && tv[tvidx].plen < 14) ++ if (in_fips_mode && (tv[tvidx].plen < 14 || tv[tvidx].dklen < 14)) + { + if (verbose) + fprintf (stderr, +-- +2.37.3 + diff --git a/SOURCES/libgcrypt-1.10.0-fips-keygen.patch b/SOURCES/libgcrypt-1.10.0-fips-keygen.patch new file mode 100644 index 0000000..6df1429 --- /dev/null +++ b/SOURCES/libgcrypt-1.10.0-fips-keygen.patch @@ -0,0 +1,55 @@ +From cd30ed3c0d715aa0c58a32a29cfb1476163a5b94 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Wed, 20 Apr 2022 15:09:41 +0900 +Subject: [PATCH] cipher: Change the bounds for RSA key generation round. + +* cipher/rsa.c (generate_fips): Use 10 for p, 20 for q. + +-- + +Constants from FIPS 186-5-draft. + +GnuPG-bug-id: 5919 +Signed-off-by: NIIBE Yutaka +--- + cipher/rsa.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/cipher/rsa.c b/cipher/rsa.c +index 486a34f0..771413b3 100644 +--- a/cipher/rsa.c ++++ b/cipher/rsa.c +@@ -476,7 +476,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, + + retry: + /* generate p and q */ +- for (i = 0; i < 5 * pbits; i++) ++ for (i = 0; i < 10 * pbits; i++) + { + ploop: + if (!testparms) +@@ -506,10 +506,10 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, + else if (testparms) + goto err; + } +- if (i >= 5 * pbits) ++ if (i >= 10 * pbits) + goto err; + +- for (i = 0; i < 5 * pbits; i++) ++ for (i = 0; i < 20 * pbits; i++) + { + qloop: + if (!testparms) +@@ -555,7 +555,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, + else if (testparms) + goto err; + } +- if (i >= 5 * pbits) ++ if (i >= 20 * pbits) + goto err; + + if (testparms) +-- +2.37.3 + diff --git a/SOURCES/libgcrypt-1.10.0-fips-selftest.patch b/SOURCES/libgcrypt-1.10.0-fips-selftest.patch index 6840c07..7486f4a 100644 --- a/SOURCES/libgcrypt-1.10.0-fips-selftest.patch +++ b/SOURCES/libgcrypt-1.10.0-fips-selftest.patch @@ -921,3 +921,279 @@ index 78c26f2f..9d14a474 100644 -- 2.37.1 + +-- + +ACVP testing uses the test-parms option to specify p and q to be checked +for primality. When test-parms is specified, generate_fips() always +returns keys with p=q=0. These keys then fail the pairwise consistency +test, because they cannot be used to successfully sign a message and +verify the signature. + +Skip the PCT when test-parms is specified. + +Add a regression test to check that this functionality continues to work +in the future. + +Signed-off-by: Clemens Lang +--- + cipher/rsa.c | 5 +- + tests/Makefile.am | 2 +- + tests/t-rsa-testparm.c | 130 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 135 insertions(+), 2 deletions(-) + create mode 100644 tests/t-rsa-testparm.c + +diff --git a/cipher/rsa.c b/cipher/rsa.c +index 87f57b55..1a935d80 100644 +--- a/cipher/rsa.c ++++ b/cipher/rsa.c +@@ -1218,6 +1218,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) + int flags = 0; + gcry_sexp_t l1; + gcry_sexp_t swap_info = NULL; ++ int testparms = 0; + + memset (&sk, 0, sizeof sk); + +@@ -1274,6 +1275,8 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) + } + deriveparms = (genparms? sexp_find_token (genparms, "test-parms", 0) + /**/ : NULL); ++ if (deriveparms) ++ testparms = 1; + + /* Generate. */ + if (deriveparms || fips_mode ()) +@@ -1311,7 +1314,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) + mpi_free (sk.u); + sexp_release (swap_info); + +- if (!ec && fips_mode () && test_keys_fips (*r_skey)) ++ if (!ec && !testparms && fips_mode () && test_keys_fips (*r_skey)) + { + sexp_release (*r_skey); *r_skey = NULL; + fips_signal_error ("self-test after key generation failed"); +diff --git a/tests/Makefile.am b/tests/Makefile.am +index f65725bc..302d923b 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -28,7 +28,7 @@ tests_bin = \ + t-mpi-bit t-mpi-point curves t-lock \ + prime basic keygen pubkey hmac hashtest t-kdf keygrip \ + fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 \ +- t-dsa t-ecdsa t-rsa-pss t-rsa-15 \ ++ t-dsa t-ecdsa t-rsa-pss t-rsa-15 t-rsa-testparm \ + t-ed25519 t-cv25519 t-x448 t-ed448 + + tests_bin_last = benchmark bench-slope +diff --git a/tests/t-rsa-testparm.c b/tests/t-rsa-testparm.c +new file mode 100644 +index 00000000..65617855 +--- /dev/null ++++ b/tests/t-rsa-testparm.c +@@ -0,0 +1,130 @@ ++/* t-rsa-testparm.c - Check the RSA Key Generation test-parm parameter ++ * Copyright (C) 2022 g10 Code GmbH ++ * ++ * This file is part of Libgcrypt. ++ * ++ * Libgcrypt is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU Lesser General Public License as ++ * published by the Free Software Foundation; either version 2.1 of ++ * the License, or (at your option) any later version. ++ * ++ * Libgcrypt is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this program; if not, see . ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++#include ++#include ++#include ++#include ++ ++#include "stopwatch.h" ++ ++#define PGM "t-rsa-testparm" ++#include "t-common.h" ++ ++ ++static void ++check_rsa_testparm () ++{ ++ gpg_error_t err; ++ gcry_sexp_t keyspec = NULL; ++ gcry_sexp_t key = NULL; ++ const char *sexp = "(genkey (rsa (nbits \"2048\") (test-parms " ++ "(e \"65537\")" ++ "(p #00bbccabcee15d343944a47e492d4b1f4de79633e20cbb46f7d2d6813392a807ad048" ++ "cf77528edd19f77e7453f25173b9dcb70423afa2037aae147b81a33d541fc58f875ef" ++ "f1e852ab55e2e09a3debfbc151b3b0d17fef6f74d81fca14fbae531418e211ef81859" ++ "2af70de5cec3b92795cc3578572bf456099cd8727150e523261#)" ++ "(q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc34ecc563d587f166b52d42bfbe2" ++ "2bbc095b0b8426a2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b63481322911e" ++ "bbd7014db83aa051e0ca2dbf302b75cd37f2ae8df90e134226e92f6353a284b28bb30" ++ "af0bbf925b345b955328379866ebac11d55bc80fe84f105d415#)" ++ ")))"; ++ ++ info ("Checking RSA KeyGen test-parm parameter.\n"); ++ ++ err = gcry_sexp_build (&keyspec, NULL, sexp); ++ if (err) ++ { ++ fail ("error building SEXP for test: %s", gpg_strerror (err)); ++ goto leave; ++ } ++ ++ err = gcry_pk_genkey (&key, keyspec); ++ if (err) ++ { ++ fail ("gcry_pk_genkey failed for test: %s", gpg_strerror (err)); ++ goto leave; ++ } ++ ++leave: ++ if (key) ++ gcry_sexp_release (key); ++ if (keyspec) ++ gcry_sexp_release (keyspec); ++} ++ ++ ++int ++main (int argc, char **argv) ++{ ++ int last_argc = -1; ++ ++ if (argc) ++ { argc--; argv++; } ++ ++ while (argc && last_argc != argc ) ++ { ++ last_argc = argc; ++ if (!strcmp (*argv, "--")) ++ { ++ argc--; argv++; ++ break; ++ } ++ else if (!strcmp (*argv, "--help")) ++ { ++ fputs ("usage: " PGM " [options]\n" ++ "Options:\n" ++ " --verbose print timings etc.\n" ++ " --debug flyswatter\n", ++ stdout); ++ exit (0); ++ } ++ else if (!strcmp (*argv, "--verbose")) ++ { ++ verbose++; ++ argc--; argv++; ++ } ++ else if (!strcmp (*argv, "--debug")) ++ { ++ verbose += 2; ++ debug++; ++ argc--; argv++; ++ } ++ else if (!strncmp (*argv, "--", 2)) ++ die ("unknown option '%s'", *argv); ++ ++ } ++ ++ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0)); ++ if (!gcry_check_version (GCRYPT_VERSION)) ++ die ("version mismatch\n"); ++ if (debug) ++ xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 0xffffffff, 0)); ++ ++ start_timer (); ++ check_rsa_testparm (); ++ stop_timer (); ++ ++ info ("All tests completed in %s. Errors: %d\n", ++ elapsed_time (1), error_count); ++ return !!error_count; ++} +-- +2.37.3 +From 149f6f8654fdeaf7aa1ff8ac3d00d7454c0e6eff Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Wed, 5 Oct 2022 16:50:08 +0200 +Subject: [PATCH] fips: Mark gcry_pk_encrypt/decrypt function non-approved + +* src/fips.c (_gcry_fips_indicator_function): Fix typo in sign/verify + function names and add gcry_pk_encrypt and gcry_pk_decrypt. +-- + +Signed-off-by: Jakub Jelen +--- + src/fips.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/fips.c b/src/fips.c +index 9a524ea4..6599121c 100644 +--- a/src/fips.c ++++ b/src/fips.c +@@ -395,8 +395,10 @@ _gcry_fips_indicator_function (va_list arg_ptr) + { + const char *function = va_arg (arg_ptr, const char *); + +- if (strcmp (function, "gcry_sign") == 0 || +- strcmp (function, "gcry_verify") == 0) ++ if (strcmp (function, "gcry_pk_sign") == 0 || ++ strcmp (function, "gcry_pk_verify") == 0 || ++ strcmp (function, "gcry_pk_encrypt") == 0 || ++ strcmp (function, "gcry_pk_decrypt") == 0) + return GPG_ERR_NOT_SUPPORTED; + + return GPG_ERR_NO_ERROR; +-- +2.37.3 + +From f91a0ab12d242815f74bf26c6076e9cf7a790023 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Thu, 6 Oct 2022 09:30:24 +0200 +Subject: [PATCH] cipher: Do not run RSA encryption selftest by default + +* cipher/rsa.c (selftests_rsa): Skip encryption selftest as this + operation is not claimed as part of the certification. +--- + +Signed-off-by: Jakub Jelen +--- + cipher/rsa.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/cipher/rsa.c b/cipher/rsa.c +index 56dde3d1..df4af94b 100644 +--- a/cipher/rsa.c ++++ b/cipher/rsa.c +@@ -2169,10 +2169,13 @@ selftests_rsa (selftest_report_func_t report, int extended) + if (errtxt) + goto failed; + +- what = "encrypt"; +- errtxt = selftest_encr_2048 (pkey, skey); +- if (errtxt) +- goto failed; ++ if (extended) ++ { ++ what = "encrypt"; ++ errtxt = selftest_encr_2048 (pkey, skey); ++ if (errtxt) ++ goto failed; ++ } + + sexp_release (pkey); + sexp_release (skey); +-- +2.37.3 + diff --git a/SOURCES/libgcrypt-1.10.0-sha3-large.patch b/SOURCES/libgcrypt-1.10.0-sha3-large.patch new file mode 100644 index 0000000..d03407e --- /dev/null +++ b/SOURCES/libgcrypt-1.10.0-sha3-large.patch @@ -0,0 +1,621 @@ +From 2c1bb2f34f2812888f75c476037afae6d9e21798 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 23 Sep 2022 18:39:20 +0200 +Subject: [PATCH] keccak: Use size_t to avoid integer overflow + +Any input to the SHA3 functions > 4GB was giving wrong result when it +was invoked in one-shot, while working correctly when it was fed by +chunks. It turned out that the calculation in the `keccak_write` +overflows the `unsigned int` type (`nlanes * 8` does not fit 32b when +the `inlen` > 4GB). + +* cipher/keccak-armv7-neon.S: Fix function name in comment and change + parameter type to size_t +* cipher/keccak.c (keccak_ops_t): Change absorb function signature to + use size_t + (keccak_absorb_lanes64_avx512): Change nlanes type to size_t + (_gcry_keccak_absorb_lanes64_armv7_neon): Ditto. + (keccak_absorb_lanes64_armv7_neon): Ditto. + (keccak_absorb_lanes32bi): Ditto. + (keccak_absorb_lanes32bi_bmi2): Ditto. + (keccak_write): Change nlanes variable to use size_t and avoid + overflow when calculating count. +* cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Change + nlanes argument to use size_t. + +--- + +Signed-off-by: Jakub Jelen +--- + cipher/keccak-armv7-neon.S | 10 +++++----- + cipher/keccak.c | 20 ++++++++++---------- + cipher/keccak_permute_64.h | 2 +- + 3 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/cipher/keccak-armv7-neon.S b/cipher/keccak-armv7-neon.S +index 0bec8d50..28a284a1 100644 +--- a/cipher/keccak-armv7-neon.S ++++ b/cipher/keccak-armv7-neon.S +@@ -467,11 +467,11 @@ _gcry_keccak_permute_armv7_neon: + .ltorg + .size _gcry_keccak_permute_armv7_neon,.-_gcry_keccak_permute_armv7_neon; + +-@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state, @r4 +-@ int pos, @r1 +-@ const byte *lanes, @r2 +-@ unsigned int nlanes, @r3 +-@ int blocklanes) @ r5 callable from C ++@//unsigned _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, @r4 ++@ int pos, @r1 ++@ const byte *lanes, @r2 ++@ size_t nlanes, @r3 ++@ int blocklanes) @ r5 callable from C + .p2align 3 + .global _gcry_keccak_absorb_lanes64_armv7_neon + .type _gcry_keccak_absorb_lanes64_armv7_neon,%function; +diff --git a/cipher/keccak.c b/cipher/keccak.c +index e7e42473..6c385f71 100644 +--- a/cipher/keccak.c ++++ b/cipher/keccak.c +@@ -131,7 +131,7 @@ typedef struct + { + unsigned int (*permute)(KECCAK_STATE *hd); + unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes, +- unsigned int nlanes, int blocklanes); ++ size_t nlanes, int blocklanes); + unsigned int (*extract) (KECCAK_STATE *hd, unsigned int pos, byte *outbuf, + unsigned int outlen); + } keccak_ops_t; +@@ -513,7 +513,7 @@ static const keccak_ops_t keccak_avx512_64_ops = + unsigned int _gcry_keccak_permute_armv7_neon(u64 *state); + unsigned int _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, int pos, + const byte *lanes, +- unsigned int nlanes, ++ size_t nlanes, + int blocklanes); + + static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd) +@@ -523,7 +523,7 @@ static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd) + + static unsigned int + keccak_absorb_lanes64_armv7_neon(KECCAK_STATE *hd, int pos, const byte *lanes, +- unsigned int nlanes, int blocklanes) ++ size_t nlanes, int blocklanes) + { + if (blocklanes < 0) + { +@@ -571,7 +571,7 @@ static const keccak_ops_t keccak_armv7_neon_64_ops = + + static unsigned int + keccak_absorb_lanes32bi(KECCAK_STATE *hd, int pos, const byte *lanes, +- unsigned int nlanes, int blocklanes) ++ size_t nlanes, int blocklanes) + { + unsigned int burn = 0; + +@@ -653,7 +653,7 @@ keccak_absorb_lane32bi_bmi2(u32 *lane, u32 x0, u32 x1) + + static unsigned int + keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes, +- unsigned int nlanes, int blocklanes) ++ size_t nlanes, int blocklanes) + { + unsigned int burn = 0; + +@@ -873,7 +873,8 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen) + const byte *inbuf = inbuf_arg; + unsigned int nburn, burn = 0; + unsigned int count, i; +- unsigned int pos, nlanes; ++ unsigned int pos; ++ size_t nlanes; + + #ifdef USE_S390X_CRYPTO + if (ctx->kimd_func) +@@ -918,8 +919,7 @@ keccak_write (void *context, const void *inbuf_arg, size_t inlen) + burn = nburn > burn ? nburn : burn; + inlen -= nlanes * 8; + inbuf += nlanes * 8; +- count += nlanes * 8; +- count = count % bsize; ++ count = ((size_t) count + nlanes * 8) % bsize; + } + + if (inlen) +diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h +index b28c871e..45ef462f 100644 +--- a/cipher/keccak_permute_64.h ++++ b/cipher/keccak_permute_64.h +@@ -292,7 +292,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) + + static unsigned int + KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, +- unsigned int nlanes, int blocklanes) ++ size_t nlanes, int blocklanes) + { + unsigned int burn = 0; + +-- +GitLab + + + +From 910dcbcef36e1cd3de3dde192d829a1513273e14 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna +Date: Sun, 25 Sep 2022 22:23:22 +0300 +Subject: [PATCH] tests/hashtest: add hugeblock & disable-hwf options and 6 gig + test vectors + +* .gitignore: Add 'tests/hashtest-6g'. +* configure.ac: Add 'tests/hashtest-6g'. +* tests/Makefile: Add 'hashtest-6g'. +* tests/hashtest-6g.in: New. +* tests/hashtest-256g.in: Add SHA3-512 to algos. +* tests/hashtest.c (use_hugeblock): New. +(testvectors): Add 256 GiB test vectors for BLAKE2S, BLAKE2B and +whirlpool; Add 6 GiB test vectors for SHA1, SHA256, SHA512, SHA3, SM3, +BLAKE2S, BLAKE2B, WHIRLPOOL, CRC32 and CRC24. +(run_longtest); Use huge 5 GiB pattern block when requested. +(main): Add '--hugeblock' and '--disable-hwf' options. +* tests/testdrv.c: Add 'hashtest-6g'; Add SHA3 to 'hashtest-256g'. +--- + +Signed-off-by: Jussi Kivilinna +--- + .gitignore | 1 + + configure.ac | 1 + + tests/Makefile.am | 9 +- + tests/hashtest-256g.in | 2 +- + tests/hashtest-6g.in | 7 ++ + tests/hashtest.c | 249 +++++++++++++++++++++++++++++++++++++++-- + tests/testdrv.c | 7 +- + 7 files changed, 261 insertions(+), 15 deletions(-) + create mode 100644 tests/hashtest-6g.in + +diff --git a/configure.ac b/configure.ac +index c8f24dcc..c39257b5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3511,6 +3511,7 @@ src/libgcrypt.pc + src/versioninfo.rc + tests/Makefile + ]) ++AC_CONFIG_FILES([tests/hashtest-6g], [chmod +x tests/hashtest-6g]) + AC_CONFIG_FILES([tests/hashtest-256g], [chmod +x tests/hashtest-256g]) + AC_CONFIG_FILES([tests/basic-disable-all-hwf], [chmod +x tests/basic-disable-all-hwf]) + AC_OUTPUT +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 302d923b..75aa5cf7 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -44,13 +44,14 @@ tests_bin_last = benchmark bench-slope + + tests_sh = basic-disable-all-hwf + +-tests_sh_last = hashtest-256g ++tests_sh_last = hashtest-6g hashtest-256g + + TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last) + + # Force sequential run of some tests. + bench-slope.log: benchmark.log +-hashtest-256g.log: bench-slope.log ++hashtest-6g.log: bench-slope.log ++hashtest-256g.log: hashtest-6g.log + + + TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1 +@@ -76,8 +77,8 @@ CLEANFILES = testdrv-build + EXTRA_DIST = README rsa-16k.key \ + pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \ + t-ed25519.inp t-ed448.inp t-dsa.inp t-ecdsa.inp t-rsa-15.inp \ +- t-rsa-pss.inp stopwatch.h hashtest-256g.in sha3-224.h \ +- sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \ ++ t-rsa-pss.inp stopwatch.h hashtest-6g.in hashtest-256g.in \ ++ sha3-224.h sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \ + basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh + + LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@ +diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in +index a52b8692..44b69897 100755 +--- a/tests/hashtest-256g.in ++++ b/tests/hashtest-256g.in +@@ -1,6 +1,6 @@ + #!/bin/sh + +-algos="SHA1 SHA256 SHA512 SM3" ++algos="SHA1 SHA256 SHA512 SHA3-512 SM3" + + test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77 + echo " now running 256 GiB tests for $algos - this takes looong" +diff --git a/tests/hashtest-6g.in b/tests/hashtest-6g.in +new file mode 100644 +index 00000000..b3f3e2ff +--- /dev/null ++++ b/tests/hashtest-6g.in +@@ -0,0 +1,7 @@ ++#!/bin/sh ++ ++algos="SHA1 SHA256 SHA512 SHA3-512 SM3 BLAKE2S_256 BLAKE2B_512 CRC32 CRC24RFC2440" ++ ++test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77 ++echo " now running 6 GiB tests for $algos - this can take long" ++exec ./hashtest@EXEEXT@ --hugeblock --gigs 6 $algos +diff --git a/tests/hashtest.c b/tests/hashtest.c +index 4c9704f3..9389e50c 100644 +--- a/tests/hashtest.c ++++ b/tests/hashtest.c +@@ -34,6 +34,7 @@ + #define PGM "hashtest" + #include "t-common.h" + ++static int use_hugeblock; + static int missing_test_vectors; + + static struct { +@@ -113,6 +114,169 @@ static struct { + { GCRY_MD_SM3, 256, +64, + "ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" }, + ++ { GCRY_MD_BLAKE2S_256, 256, -64, ++ "8a3d4f712275e8e8da70c76501cce364c75f8dd09748be58cf63c9ce38d62627" }, ++ { GCRY_MD_BLAKE2S_256, 256, -1, ++ "0c01c9ad1e60e27dc889f2c9034a949ca8b9a9dc90dd99be64963af306d47b92" }, ++ { GCRY_MD_BLAKE2S_256, 256, +0, ++ "f8c43d5c4bad93aca702c8c466987c5ac5e640a29b37dd9904252ff27b2348a0" }, ++ { GCRY_MD_BLAKE2S_256, 256, +1, ++ "24c34b167b4eea1a7eb7d572ff3cf669a9856ea91bb112e9ef2ccd4b1aceccb4" }, ++ { GCRY_MD_BLAKE2S_256, 256, +64, ++ "2f8d754f98e2d4ed7744389f89d0bdb9b770c9fa215b8badd3129ea1364af867" }, ++ ++ { GCRY_MD_BLAKE2B_512, 256, -64, ++ "36d32ae4deeacab4119401c52e2aec5545675bd2dce4f67871ddc73671a05f94" ++ "e8332c2a31f32f5601878606a571aa7b43029dac3ae71cf9ef141d05651dc4bf" }, ++ { GCRY_MD_BLAKE2B_512, 256, -1, ++ "b5dc439f51664a6c9cbc87e2de98ce608ac4064a779e5140909d75d2120c9b2a" ++ "a1d4ae7be9c1ba97025be91ddcfbe42c791c3231cffbfa4b5368ba18f9590e1b" }, ++ { GCRY_MD_BLAKE2B_512, 256, +0, ++ "c413d011ba9abbf118dd96bfc827f5fd94493d8350df9f7aff834faace5adba2" ++ "0c3037069dfb2c81718ffc7b418ce1c1320d334b6fe8cddfb5d2dd19eb530853" }, ++ { GCRY_MD_BLAKE2B_512, 256, +1, ++ "b6dfb821f1c8167fb33995c29485010da56abd539c3d04ab9c222844301b8bba" ++ "6f57a48e45a748e40847084b93f26706aae82212550671c736becffcc6fb1496" }, ++ { GCRY_MD_BLAKE2B_512, 256, +64, ++ "8c21316a4a02044e302d503d0fe669d905c40d9d80ecd5aafc8e30f1df06736f" ++ "51fdaf6002160bb8fe4e868eaad9623fc5ecdd728bcbfee4a19b386503710f48" }, ++ ++ { GCRY_MD_WHIRLPOOL, 256, -64, ++ "aabf62344c1aa82d2dc7605f339b3571d540f1f320f97e6a8c0229645ee61f1f" ++ "da796acde2f96caa1c56eb2c2f9a6029a6242ad690479def66feac44334cc3af" }, ++ { GCRY_MD_WHIRLPOOL, 256, -1, ++ "9a35ec14aa9cefd40e04295d45d39f3111a98c2d76d90c54a7d2b8f2f5b9302b" ++ "79663eab6b6674625c3ae3e4b5dbb3b0a2f5b2f49a7a59cd1723e2b16a3efea2" }, ++ { GCRY_MD_WHIRLPOOL, 256, +0, ++ "818ad31a5110b6217cc6ffa099d554aaadc9566bf5291e104a5d58b21d51ae4d" ++ "c216c6de888d1359066c584e24e6606f530a3fce80ef78aed8564de4a28801c8" }, ++ { GCRY_MD_WHIRLPOOL, 256, +1, ++ "298805f5fc68488712427c1bcb27581d91aa04337c1c6b4657489ed3d239bb8b" ++ "c70ef654065d380ac1f5596aca5cb59e6da8044b5a067e32ea4cd94ca606f9f3" }, ++ { GCRY_MD_WHIRLPOOL, 256, +64, ++ "7bd35c3bee621bc0fb8907904b3b84d6cf4fae4c22cc64fbc744c8c5c8de806d" ++ "0f11a27892d531dc907426597737762c83e3ddcdc62f50d16d130aaefaeec436" }, ++ ++ { GCRY_MD_SHA1, 6, -64, ++ "eeee82d952403313bd63d6d7c8e342df0a1eea77" }, ++ { GCRY_MD_SHA1, 6, -1, ++ "8217b9f987d67db5880bcfff1d6763a6514d629f" }, ++ { GCRY_MD_SHA1, 6, +0, ++ "2b38aa63c05668217e5331320a4aee0adad7fc3b" }, ++ { GCRY_MD_SHA1, 6, +1, ++ "f3222de4d0704554cff0a537bc95b30f15daa94f" }, ++ { GCRY_MD_SHA1, 6, +64, ++ "b3bdd8065bb92d8208d55d28fad2281c6fbf2601" }, ++ ++ { GCRY_MD_SHA256, 6, -64, ++ "a2d5add5be904b70d6ef9bcd5feb9c6cfc2be0799732a122d9eccb576ff5a922" }, ++ { GCRY_MD_SHA256, 6, -1, ++ "88293b7e0e5a47fdef1148c6e510f95272770db6b5296958380209ba57db7a5d" }, ++ { GCRY_MD_SHA256, 6, +0, ++ "ccee8e8dfc366eba67471e49c45057b0041be0d2206c6de1aa765ce07ecfc434" }, ++ { GCRY_MD_SHA256, 6, +1, ++ "f4a89e92b38e0e61ee17079dc31411de06cfe1f77c83095ae1a2e7aa0205d94b" }, ++ { GCRY_MD_SHA256, 6, +64, ++ "338708608c2356ed2927a85b08fe745223c6140243fb3a87f309e12b31b946a8" }, ++ ++ { GCRY_MD_SHA512, 6, -64, ++ "658f52850932633c00b2f1d65b874c540ab84e2c0fe84a8a6c35f8e90e6f6a9c" ++ "2f7e0ccca5064783562a42ad8f47eab48687aaf6998b04ee94441e82c14e834d" }, ++ { GCRY_MD_SHA512, 6, -1, ++ "9ead6d66b46a3a72d77c7990874cfebc1575e5bfda6026430d76b3db6cc62d52" ++ "4ca0dd2674b9c24208b2e780d75542572eee8df6724acadcc23a03eed8f82f0a" }, ++ { GCRY_MD_SHA512, 6, +0, ++ "03e4549eb28bd0fb1606c321f1498503b5e889bec8d799cf0688567c7f8ac0d9" ++ "a7ec4e84d1d729d6a359797656e286617c3ef82abb51991bb576aaf05f7b6573" }, ++ { GCRY_MD_SHA512, 6, +1, ++ "ffe52f6385ccde6fa7d45845787d8f9993fdcb5833fb58b13c424a84e39ea50f" ++ "52d40e254fe667cb0104ffe3837dc8d0eee3c81721cb8eac10d5851dfb1f91db" }, ++ { GCRY_MD_SHA512, 6, +64, ++ "4a19da3d5eaaa79ac1eaff5e4062f23ee56573411f8d302f7bf3c6da8779bd00" ++ "a936e9ad7f535597a49162ed308b0cced7724667f97a1bb24540152fcfe3ec95" }, ++ ++ { GCRY_MD_SHA3_512, 6, -64, ++ "a99f2913d3beb9b45273402e30daa4d25c7a5e9eb8cf6039996eb2292a45c04c" ++ "b9e3a1a187f71920626f465ed6cf7dc34047ec5578e05516374bb9c56683903a" }, ++ { GCRY_MD_SHA3_512, 6, -1, ++ "fca50bde79c55e5fc4c9d97e66eb5cfacef7032395848731e645ca42f07f8d38" ++ "be1d593727c2a82b9a9bc058ebc9744971f867fa920cfa902023448243ac017b" }, ++ { GCRY_MD_SHA3_512, 6, +0, ++ "c61bb345c0a553edaa89fd38114ac9799b6d307ba8e3cde53552ad4c77cfe4b7" ++ "2671d82c1519c8e7b23153a9268e2939239564fc7c2060608aa42955e938840d" }, ++ { GCRY_MD_SHA3_512, 6, +1, ++ "502a83d8d1b977312806382a45c1cc9c0e7db437ca962e37eb181754d59db686" ++ "14d91df286d510411adf69f7c9befc1027bdc0c33a48a5dd6ae0957b9061e7ca" }, ++ { GCRY_MD_SHA3_512, 6, +64, ++ "207bfb83ae788ddd4531188567f0892bbddbbc88d69bc196b2357bee3e668706" ++ "c27f832ecb50e9ae5b63e9f384bdc37373958d4a14f3825146d2f6b1a65d8e51" }, ++ ++ { GCRY_MD_SM3, 6, -64, ++ "41d96d19cef4c942b0f5f4cdc3e1afe440dc62c0bc103a2c0e9eee9e1733a74a" }, ++ { GCRY_MD_SM3, 6, -1, ++ "b7689cc4ef6c7dc795b9e5e6998e5cc3dc1daec02bc1181cdbef8d6812b4957a" }, ++ { GCRY_MD_SM3, 6, +0, ++ "c6eae4a82052423cf98017bde4dee8769947c66120a1a2ff79f0f0dc945a3272" }, ++ { GCRY_MD_SM3, 6, +1, ++ "f6590f161fee11529585c7a9dfc725f8b81951e49b616844097a3dbdc9ffdbec" }, ++ { GCRY_MD_SM3, 6, +64, ++ "f3277fa90c47afe5e4fc52374aadf8e96bc29c2b5a7a4ebf5d704245ada837ea" }, ++ ++ { GCRY_MD_BLAKE2S_256, 6, -64, ++ "0f3c17610777c34d40a0d11a93d5e5ed444ce16edefebabd0bc8e30392d5c2db" }, ++ { GCRY_MD_BLAKE2S_256, 6, -1, ++ "92cbcf142c45de9d64da9791c51dce4e32b58f74d9f3d201b1ea74deac765f51" }, ++ { GCRY_MD_BLAKE2S_256, 6, +0, ++ "b20702cb5a0bee2ab104f38eb513429589310a7edde81dd1f40043be7d16d0de" }, ++ { GCRY_MD_BLAKE2S_256, 6, +1, ++ "bfc17dc74930989841da05aac08402bf0dcb4a597b17c52402a516ea7e541cdf" }, ++ { GCRY_MD_BLAKE2S_256, 6, +64, ++ "d85588cdf5a00bec1327da02f22f1a10b68dd9d6b730f30a3aa65af3a51c1722" }, ++ ++ { GCRY_MD_BLAKE2B_512, 6, -64, ++ "30b6015f94524861b04b83f0455be10a993460e0f8f0fd755fc3d0270b0c7d00" ++ "039a6e01684ce0689ce4ef70932bd19a676acf4b4ea521c30337d2f445fc2055" }, ++ { GCRY_MD_BLAKE2B_512, 6, -1, ++ "49abef820ad7fc5e6ed9b63acddce639a69dcd749b0798b140216649bc3b927c" ++ "637dbe1cb39a41bbafe7f8b675401ccdcf69a7fba227ae4cda5cd28b9ff36776" }, ++ { GCRY_MD_BLAKE2B_512, 6, +0, ++ "4182a7307a89391b78af9dbc3ba1e8d643708abbed5919086aa6e2bc65ae9597" ++ "e40229450c86ac5d3117b006427dd0131f5ae4c1a1d64c81420d2731536c81d8" }, ++ { GCRY_MD_BLAKE2B_512, 6, +1, ++ "33c0d9e65b1b18e9556134a08c1e725c19155bbf6ed4349d7d6d678f1827fef3" ++ "74b6e3381471f3d3fff7ffbcb9474ce9038143b99e25cd5f8afbb336313d4648" }, ++ { GCRY_MD_BLAKE2B_512, 6, +64, ++ "d2d7f388611af78a2ea40b06f99993cff156afd25cbc47695bdb567d4d35b992" ++ "0ff8c325c359a2bdeddf54ececc671ac7b981031e90a7d63d6e0415ec4484282" }, ++ ++ { GCRY_MD_WHIRLPOOL, 6, -64, ++ "247707d1f9cf31b90ee68527144b1c20ad5ce96293bdccd1a81c8f40bc9df10c" ++ "e7441ac3b3097162d6fbf4d4b67b8fa09de451e2d920f16aad78c47ab00cb833" }, ++ { GCRY_MD_WHIRLPOOL, 6, -1, ++ "af49e4a553bdbec1fdafc41713029e0fb1666894753c0ab3ecb280fc5af6eff8" ++ "253120745a229d7a8b5831711e4fd16ed0741258504d8a47e2b42aa2f1886968" }, ++ { GCRY_MD_WHIRLPOOL, 6, +0, ++ "f269ffa424bc2aad2da654f01783fc9b2b431219f2b05784d718da0935e78792" ++ "9207b000ebbfb63dfdcc8adf8e5bd321d9616c1b8357430b9be6cb4640df8609" }, ++ { GCRY_MD_WHIRLPOOL, 6, +1, ++ "52b77eb13129151b69b63c09abb655dc9cb046cafd4cbf7d4a82ae04b61ef9e6" ++ "531dde04cae7c5ab400ed8ee8da2e3f490d177289b2b3aa29b12b292954b902c" }, ++ { GCRY_MD_WHIRLPOOL, 6, +64, ++ "60a950c92f3f08abbc81c41c86ce0463679ffd5ab420e988e15b210615b454ae" ++ "69607d14a1806fa44aacf8c926fbdcee998af46f56e0c642d3fb4ee54c8fb917" }, ++ ++ { GCRY_MD_CRC32, 6, -64, "20739052" }, ++ { GCRY_MD_CRC32, 6, -1, "971a5a74" }, ++ { GCRY_MD_CRC32, 6, +0, "bf48113c" }, ++ { GCRY_MD_CRC32, 6, +1, "c7678ad5" }, ++ { GCRY_MD_CRC32, 6, +64, "1efa7255" }, ++ ++ { GCRY_MD_CRC24_RFC2440, 6, -64, "747e81" }, ++ { GCRY_MD_CRC24_RFC2440, 6, -1, "deb97d" }, ++ { GCRY_MD_CRC24_RFC2440, 6, +0, "7d5bea" }, ++ { GCRY_MD_CRC24_RFC2440, 6, +1, "acc351" }, ++ { GCRY_MD_CRC24_RFC2440, 6, +64, "9d9032" }, ++ + { 0 } + }; + +@@ -251,12 +415,38 @@ run_longtest (int algo, int gigs) + gcry_md_hd_t hd_post = NULL; + gcry_md_hd_t hd_post2 = NULL; + char pattern[1024]; +- int i, g; ++ char *hugepattern = NULL; ++ size_t hugesize; ++ size_t hugegigs; ++ int i, g, gppos, gptot; + const unsigned char *digest; + unsigned int digestlen; + + memset (pattern, 'a', sizeof pattern); + ++ if (use_hugeblock) ++ { ++ hugegigs = 5; ++ if (sizeof(size_t) >= 8) ++ { ++ hugesize = hugegigs*1024*1024*1024; ++ hugepattern = malloc(hugesize); ++ if (hugepattern != NULL) ++ memset(hugepattern, 'a', hugesize); ++ else ++ show_note ("failed to allocate %d GiB huge pattern block: %s", ++ hugegigs, strerror(errno)); ++ } ++ else ++ show_note ("cannot allocate %d GiB huge pattern block on 32-bit system", ++ hugegigs); ++ } ++ if (hugepattern == NULL) ++ { ++ hugegigs = 0; ++ hugesize = 0; ++ } ++ + err = gcry_md_open (&hd, algo, 0); + if (err) + { +@@ -267,9 +457,17 @@ run_longtest (int algo, int gigs) + + digestlen = gcry_md_get_algo_dlen (algo); + +- +- for (g=0; g < gigs; g++) ++ gppos = 0; ++ gptot = 0; ++ for (g=0; g < gigs; ) + { ++ if (gppos >= 16) ++ { ++ gptot += 16; ++ gppos -= 16; ++ show_note ("%d GiB so far hashed with %s", gptot, ++ gcry_md_algo_name (algo)); ++ } + if (g == gigs - 1) + { + for (i = 0; i < 1024*1023; i++) +@@ -283,16 +481,24 @@ run_longtest (int algo, int gigs) + die ("gcry_md_copy failed for %s (%d): %s", + gcry_md_algo_name (algo), algo, gpg_strerror (err)); + gcry_md_write (hd, pattern, sizeof pattern); ++ g++; ++ gppos++; ++ } ++ else if (hugepattern != NULL && gigs - g > hugegigs) ++ { ++ gcry_md_write (hd, hugepattern, hugesize); ++ g += hugegigs; ++ gppos += hugegigs; + } + else + { + for (i = 0; i < 1024*1024; i++) + gcry_md_write (hd, pattern, sizeof pattern); ++ g++; ++ gppos++; + } +- if (g && !(g % 16)) +- show_note ("%d GiB so far hashed with %s", g, gcry_md_algo_name (algo)); + } +- if (g >= 16) ++ if (g >= 16 && gppos) + show_note ("%d GiB hashed with %s", g, gcry_md_algo_name (algo)); + + err = gcry_md_copy (&hd_post, hd); +@@ -335,6 +541,8 @@ run_longtest (int algo, int gigs) + gcry_md_close (hd_pre2); + gcry_md_close (hd_post); + gcry_md_close (hd_post2); ++ ++ free(hugepattern); + } + + +@@ -361,9 +569,12 @@ main (int argc, char **argv) + { + fputs ("usage: " PGM " [options] [algos]\n" + "Options:\n" +- " --verbose print timings etc.\n" +- " --debug flyswatter\n" +- " --gigs N Run a test on N GiB\n", ++ " --verbose print timings etc.\n" ++ " --debug flyswatter\n" ++ " --hugeblock Use 5 GiB pattern block\n" ++ " --gigs N Run a test on N GiB\n" ++ " --disable-hwf Disable hardware acceleration feature(s)\n" ++ " for benchmarking.\n", + stdout); + exit (0); + } +@@ -378,6 +589,11 @@ main (int argc, char **argv) + debug++; + argc--; argv++; + } ++ else if (!strcmp (*argv, "--hugeblock")) ++ { ++ use_hugeblock = 1; ++ argc--; argv++; ++ } + else if (!strcmp (*argv, "--gigs")) + { + argc--; argv++; +@@ -387,6 +603,21 @@ main (int argc, char **argv) + argc--; argv++; + } + } ++ else if (!strcmp (*argv, "--disable-hwf")) ++ { ++ argc--; ++ argv++; ++ if (argc) ++ { ++ if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL)) ++ fprintf (stderr, ++ PGM ++ ": unknown hardware feature `%s' - option ignored\n", ++ *argv); ++ argc--; ++ argv++; ++ } ++ } + else if (!strncmp (*argv, "--", 2)) + die ("unknown option '%s'", *argv); + } +diff --git a/tests/testdrv.c b/tests/testdrv.c +index 0ccde326..bfca4c23 100644 +--- a/tests/testdrv.c ++++ b/tests/testdrv.c +@@ -78,7 +78,12 @@ static struct { + { "t-ed448" }, + { "benchmark" }, + { "bench-slope" }, +- { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SM3", ++ { "hashtest-6g", "hashtest", "--hugeblock --gigs 6 SHA1 SHA256 SHA512 " ++ "SHA3-512 SM3 BLAKE2S_256 " ++ "BLAKE2B_512 CRC32 " ++ "CRC24RFC2440", ++ LONG_RUNNING }, ++ { "hashtest-256g", "hashtest", "--gigs 256 SHA1 SHA256 SHA512 SHA3-512 SM3", + LONG_RUNNING }, + { NULL } + }; +-- +2.34.1 + +From 567bc62e1c3046594088de7209fee7c545ece1e3 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 30 Sep 2022 14:54:14 +0200 +Subject: [PATCH] tests: Avoid memory leak + +* tests/hashtest.c (run_longtest): Avoid memory leak on error +-- + +Signed-off-by: Jakub Jelen +--- + tests/hashtest.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/hashtest.c b/tests/hashtest.c +index 9389e50c..379f7c40 100644 +--- a/tests/hashtest.c ++++ b/tests/hashtest.c +@@ -452,6 +452,7 @@ run_longtest (int algo, int gigs) + { + fail ("gcry_md_open failed for %s (%d): %s", + gcry_md_algo_name (algo), algo, gpg_strerror (err)); ++ free(hugepattern); + return; + } + +-- +2.37.3 + diff --git a/SPECS/libgcrypt.spec b/SPECS/libgcrypt.spec index da99e44..a7a91e9 100644 --- a/SPECS/libgcrypt.spec +++ b/SPECS/libgcrypt.spec @@ -16,19 +16,25 @@ print(string.sub(hash, 0, 16)) Name: libgcrypt Version: 1.10.0 -Release: 5%{?dist} +Release: 8%{?dist} URL: https://www.gnupg.org/ Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig Source2: wk@g10code.com Patch1: libgcrypt-1.10.0-disable-brainpool.patch -Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch Patch3: libgcrypt-1.10.0-ppc-hwf.patch Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch Patch5: libgcrypt-1.10.0-allow-short-salt.patch Patch6: libgcrypt-1.10.0-fips-getrandom.patch +# https://dev.gnupg.org/T6127 +# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html Patch7: libgcrypt-1.10.0-fips-selftest.patch -Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch +# https://dev.gnupg.org/T6217 +Patch9: libgcrypt-1.10.0-sha3-large.patch +# https://dev.gnupg.org/T5919 +Patch10: libgcrypt-1.10.0-fips-keygen.patch +# https://dev.gnupg.org/T6219 +Patch11: libgcrypt-1.10.0-fips-kdf.patch %global gcrylibdir %{_libdir} %global gcrysoname libgcrypt.so.20 @@ -65,13 +71,14 @@ applications using libgcrypt. %prep %setup -q %patch1 -p1 -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 -%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %build # This package has a configure test which uses ASMs, but does not link the @@ -190,6 +197,22 @@ mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt %license COPYING %changelog +* Thu Oct 20 2022 Jakub Jelen - 1.10.0-8 +- Fix unneeded PBKDF2 passphrase length limitation in FIPS mode +- Enforce HMAC key lengths in MD API in FIPS mode + +* Thu Oct 06 2022 Jakub Jelen - 1.10.0-7 +- Properly enforce KDF limits in FIPS mode (#2130275) +- Fix memory leak in large digest test (#2129150) +- Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275) +- Skip RSA encryption/decryption selftest in FIPS mode (#2130275) + +* Tue Sep 27 2022 Jakub Jelen - 1.10.0-6 +- Fix SHA3 digests with large inputs (#2129150) +- Fix FIPS RSA PCT (#2128455) +- Fix RSA FIPS Keygen that non-deterministically fails (#2130275) +- Get max 32B from getrandom in FIPS mode (#2130275) + * Wed Aug 17 2022 Jakub Jelen - 1.10.0-5 - Allow signature verification with smaller RSA keys (#2083846) - Allow short salt for KDF (#2114870)