diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2023-03-01 15:39:15 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-07 15:26:44 +0900 |
| commit | 45b80678109e5817b7cd15566a9d6c96b064b95f (patch) | |
| tree | 97753e8a801fc79569239653939a0044875fad14 /random | |
| parent | 654d0dfa04993ebe28c0536d42f4bc6d87c28369 (diff) | |
| download | libgcrypt-45b80678109e5817b7cd15566a9d6c96b064b95f.tar.gz | |
random: Remove unused SHA384 DRBGs.
* random/random-drbg.c (global): Remove unused SHA384-based defines.
(drbg_cores): Remove SHA384 configurations.
(drbg_sec_strength): Remove unused SHA384.
--
These are no longer allowed by FIPS and it looks like they were never
usable as they do not have any conversion from the string flags.
GnuPG-bug-id: 6393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'random')
| -rw-r--r-- | random/random-drbg.c | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/random/random-drbg.c b/random/random-drbg.c index f1cfe286..af49a5a5 100644 --- a/random/random-drbg.c +++ b/random/random-drbg.c @@ -188,11 +188,9 @@ #define DRBG_HASHSHA1 ((u32)1<<4) #define DRBG_HASHSHA224 ((u32)1<<5) #define DRBG_HASHSHA256 ((u32)1<<6) -#define DRBG_HASHSHA384 ((u32)1<<7) #define DRBG_HASHSHA512 ((u32)1<<8) #define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \ - | DRBG_HASHSHA256 | DRBG_HASHSHA384 \ - | DRBG_HASHSHA512) + | DRBG_HASHSHA256 | DRBG_HASHSHA512) /* type modifiers (A.3)*/ #define DRBG_HMAC ((u32)1<<12) #define DRBG_SYM128 ((u32)1<<13) @@ -211,23 +209,18 @@ #define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256) #define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1) #define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256) -#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384) #define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512) #define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1) #define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256) -#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384) #define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512) #define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \ | DRBG_HMAC) #define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \ | DRBG_HMAC) -#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \ - | DRBG_HMAC) #define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \ | DRBG_HMAC) #define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC) #define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC) -#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC) #define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC) @@ -359,12 +352,10 @@ static const struct drbg_core_s drbg_cores[] = { /* Hash DRBGs */ {DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1}, {DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256}, - {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384}, {DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512}, /* HMAC DRBGs */ {DRBG_HASHSHA1 | DRBG_HMAC, 20, 20, GCRY_MD_SHA1}, {DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256}, - {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384}, {DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512}, /* block ciphers */ {DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128}, @@ -543,7 +534,7 @@ drbg_sec_strength (u32 flags) else if (flags & DRBG_SYM192) return 24; else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) || - (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512)) + (flags & DRBG_HASHSHA512)) return 32; else return 32; |