| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt-int.h: Use gpg_err_code_to_errno.
--
Cherry-picked master commit of:
3962623fe6de5c6d6604db90c8c0869fc3d3b7cf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption
to fail in FIPS mode
* tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS
mode
--
Cherry-picked from master commit:
249ca431ef881d510b90a5d3db9cd8507c4d697b
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding
in FIPS mode for encryption
* cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for
decryption
--
Cherry-picked from master commit:
e552e37983da0c54840786eeff34481685fde1e9
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
| |
--
Cherry-picked from master commit:
0d69847e41e1803654180544fffd4cba3f49cb12
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Use
GRND_RANDOM in FIPS Mode
--
Cherry-picked master commit:
aab1d63e4def41593312f76de016c885ffafecde
The SP800-90C (clarified in IG D.K.) requires the following when
different DRBGs are chained:
* the parent needs to be reseeded before generate operation
* the reseed & generate needs to be atomic
In RHEL, this is addressed by change in the kernel, that will do this
automatically, when the getentropy () is called with GRND_RANDOM flag.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Could be squashed.
* cipher/ecc.c (test_keys_fips): Simplify to accept key in SEXP format
(nist_generate_key): Skip call to test keys
(ecc_generate): Call test keys in FIPS mode later, when we have
complete SEXP key structure.
* cipher/rsa.c (test_keys_fips): Simplify to accept key in SEXP format
(generate_fips): Skip selftest at this stage
(rsa_generate): Test the keys later when we already have key in SEXP
format
--
Cherry-picked from master commit:
a527d252b89958864153da9ad149e97bb96e1692
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc.c (test_keys_fips): New function
(nist_generate_key): In FIPS mode, execute new PCT test
---
Cherry-picked from master commit:
505f048cac8e5af92d3431bd97ade492d1a30bc2
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (test_keys_fips): New.
(generate_fips): Call test_keys_fips.
--
Cherry-picked from master commit:
505f048cac8e5af92d3431bd97ade492d1a30bc2
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi: Document the new function-based fips indicator
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION
* src/fips.c (_gcry_fips_indicator_function): New function indicating
non-approved functions.
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbol
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION
* src/global.c (_gcry_vcontrol): Handle new FIPS indicator.
--
Cherry-picked from master commit:
05a9c9d1ba1db6c1cd160fba979e9ddf4700a0c0
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc.c (selftest_hash_sign): Implement digest & sign KAT
(selftests_ecdsa): Run the original basic test only with extended tests
(run_selftests): Pass-through the extended argument
* cipher/rsa.c (selftest_hash_sign_2048): Implement digest & sign KAT
(selftests_rsa): Run the original basic test only with extended tests
(run_selftests): Pass-through the extended argument
--
Cherry-picked from master commit:
1fc7bfc351ba1d7fa31c0c62a24ad78e9e1cfd5b
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (prepare_macpads): Move the check to...
* src/visibility.c (gcry_mac_setkey): ... here.
--
Cherry-picking the master commit of:
58c92098d053aae7c78cc42bdd7c80c13efc89bb
GnuPG-bug-id: 6039
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_verify_md): Implement support of explicit
hash.
* tests/t-ecdsa.c (one_test_sexp): Use explicit hash.
--
Cherry-picked master commit of:
b2a64ed4f34abbd3871336503bec5ffeb3ad547b
GnuPG-bug-id: 6066
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_fips_indicators): Add test for gcry_control
(GCRYCTL_FIPS_SERVICE_INDICATOR_KDF).
--
Backport master commit of:
37b812f5e2a3c80d4bc104512248a07268f3c98b
Add a tests that checks that
gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_KDF) works correctly, does
not return unexpected values, and returns that only PBKDF2 is approved
at the moment.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-ecdsa.c (one_test_sexp): Re-run signature operation with hash
algorithm explicitly specified in data_tmpl as documented in the
manpage.
--
Cherry-picked master commit of:
45a139b166a3fa18eb1eddf7e02b5cdd890a6c37
The code path to decode the explicit hash algorithm specification in
data_tmpl was previously not covered by tests. Verifying with
a data_tmpl that contains the hash algorithm as string currently fails
and should be enabled later. See also https://dev.gnupg.org/T6066.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/jitterentropy-base-user.h [HAVE_W32_SYSTEM] (jent_ncpu):
Implement.
* random/rndjent.c (_WIN32_WINNT): Define for GetNativeSystemInfo.
(EOPNOTSUPP): Define when not available.
--
Cherry-picked from master commit of:
5dc97e855bb27705a548a297b666b7be7b1c59a3
Reported-by: Eli Zaretskii
GnuPG-bug-id: 5891
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/longlong.h [__hppa] (udiv_qrnnd): Only define
when assembler is enabled.
--
Cherry-picked form master commit of:
c0692324fe8b3806eefc5017767917dca9cd94d0
GnuPG-bug-id: 5976
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_ocb_cipher_checksum): Check the right value for
errors
--
Cherry-picked from master commit of:
a15cb31bf7338ab36562bea6d7ab6e8d776eadb5
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/aeswrap.c (check_one_with_padding): Free hd on error paths
* tests/basic.c (check_ccm_cipher): Free context on error paths
(check_ocb_cipher_checksum): Ditto.
(do_check_xts_cipher): Ditto.
(check_gost28147_cipher_basic): Ditto.
* tests/bench-slope.c (bench_ecc_init): Free memory on invalid input.
* tests/t-cv25519.c (test_it): Free memory on error path
* tests/t-dsa.c (hex2buffer): Free memory on error path
* tests/t-ecdsa.c (hex2buffer): Free memory on error path
(one_test_sexp): Cleanup memory on exit
* tests/t-mpi-point.c (check_ec_mul): Free memory on error
(check_ec_mul_reduction): Ditto
* tests/t-rsa-15.c (hex2buffer): Ditto
* tests/t-rsa-pss.c (hex2buffer): Ditto
* tests/t-x448.c (test_it): Free memory on error path
* tests/testdrv.c (my_spawn): Free memory on error paths
--
Cherry-picked from master commit of:
ef2e1523c33c3143b4fee0c00f88a5a0842b337f
GnuPG-bug-id: 5973
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (rsa_check_keysize): Formatting.
(rsa_check_verify_keysize): New function.
(rsa_verify): Allow using smaller keys for verification.
--
Applied the master commit of:
ca2afc9fb64d9a9b2f8930ba505d9ab6c8a57667
GnuPG-bug-id: 5975
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt-int.h (_gcry_kdf_compute): Return gcry_err_code_t.
--
Cherry-pick master commit of:
4019f1a66b15d2ef82eb059c432e6b09b2c69b21
GnuPG-bug-id: 5980
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/mpih-const-time.c (_gcry_mpih_cmp_ui): Compare 64-bit
value correctly.
--
Cherry-picked master commit:
a611e3a25d61505698e2bb38ec2db38bc6a74820
Reported-by: Guido Vranken <guidovranken@gmail.com>
GnuPG-bug-id: 5970
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (_gcry_rngdrbg_randomize): Update change of PID
detection.
--
Applied the master commit of:
df7879a86b1de8eaf2d784687155c4274574b120
In a child process, it calls to drbg_reseed again and again, without
this change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode. Expect failure when wrong padding is selected
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode
--
Applied the master commit of:
f736f3c70182d9c948f9105eb769c47c5578df35
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (global): New flag FLAG_SPECIAL
(check_pubkey_crypt): Change to use bitfield flags
--
Applied the master commit of:
299e2f93415984919181e0ee651719bbf83bdd2f
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5
padding for encryption in FIPS mode
* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode
--
Applied the master commit of:
c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (drbg_instance): New at BSS.
(_drbg_init_internal): Don't allocate at secure memory.
(_gcry_rngdrbg_close_fds): Follow the change.
--
Applied the master commit of:
f436bf4451cb2ad0a1f56aa843bf79a58878022f
GnuPG-bug-id: 5933
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (generate_fips): Use 10 for p, 20 for q.
--
Applied the master commit of:
cd30ed3c0d715aa0c58a32a29cfb1476163a5b94
Constants from FIPS 186-5-draft.
GnuPG-bug-id: 5919
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (generate_fips): Set the least significant bit.
--
Cherry-picked master commit of:
51754fa2ed06cc41487324432dbea654642ef244
GnuPG-bug-id: 5919
Fixes-commit: 5f9b3c2e220ca6d0eaff32324a973ef67933a844
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hwf-ppc.c (ppc_features): Add HWF_PPC_ARCH_3_10.
--
Cherry-picked master commit of:
df7879a86b1de8eaf2d784687155c4274574b120
GnuPG-bug-id: T5913
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/blake2.c (blake2b_vl_hash): Fix the last step.
* cipher/kdf.c (argon2_open): Check the value.
--
Cherry-picked master commit of:
564739a58426d89db2f0c9334659949e503d2c59
Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
--
GnuPG-bug-id: 5596
Contributed-by: Mikhail Ryazanov
|
|
|
|
|
| |
* cipher/sha256.c: Add X9.62 OID.
* cipher/sha512.c: Ditto.
|
|
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (ECC_ALGO_BRAINP256R1): New.
(ecc_algo_fips_allowed): Support this curve.
(ecc_algo_name): Ditto.
(ecc_algo_curve): Ditto.
(ecc_nbits): Ditto.
(bench_ecc_init): Ditto.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (get_file_offset): Compute the maximum offset
of segments.
* src/gen-note-integrity.sh: Likewise.
--
Backport master commit of:
052c5ef4cea56772b7015e36f231fa0bcbf91410
The result is same (in current format of ELF program).
Semantics is more clear. It hashes:
- From the start of shared library file,
- fixed up the ELF header to exclude link-time information,
- up to the last segment.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gen-note-integrity.sh: Simplify detecting 32-bit machine
or 64-bit machine.
--
Backport master commit of:
3c8b6c4a9cad59c5e1db5706f6774a3141b60210
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/Makefile.am (EXTRA_DIST): Change the name of the script.
(libgcrypt.la.done): Invoce OBJCOPY with --add-section.
(libgcrypt.so.hmac): Specify ECHO_N.
* src/fips.c (get_file_offset): Rename from get_file_offsets.
Find the note section and return the value in HMAC.
(hmac256_check): Simplify by HMAC from the note section, not loaded.
(check_binary_integrity): Use dladdr instead of dladdr1.
* src/gen-note-integrity.sh: Rename from genhmac.sh.
Generate ElfN_Nhdr, and then the hmac.
--
Backport master commit of:
a340e980388243ceae6df57d101036f3f2a955be
The idea of use of .note is by Daiki Ueno.
https://gitlab.com/dueno/integrity-notes
Further, instead of NOTE segment loaded onto memory, use noload
section in the file.
Thanks to Clemens Lang for initiating this direction of improvement.
The namespace "FDO" would need to be changed.
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (READELF): Check the tool.
* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
* src/fips.c (get_file_offsets): Rename from get_file_offset.
Determine the OFFSET2 at the end of loadable segments, too.
Add fixup of the ELF header to exclude section information.
(hmac256_check): Finish scanning at the end of loadble segments.
* src/genhmac.sh: New.
--
Backport master commit of:
9dcf9305962b90febdf2d7cc73b49feadbf6a01f
This change fixes the build with ld.gold.
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
--
Backport master commit of:
521500624b4b11538d206137205e2a511dad7072
Coding style fix.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c [ENABLE_HMAC_BINARY_CHECK] (hmac256_check): Use ELF headers
to locate the file offset for the HMAC in addition to information from
the loader
--
Backport master commit of:
beb5d6df5c5785db7c32a24a5d2a351cb964bfbc
The previous method of locating the offset of the .rodata1 section in
the ELF file on disk used information obtained from the loader. This
computed the address of the value in memory at runtime, but the offset
in the file can be different. Specifically, the old code computed
a value relative to ElfW(Phdr).p_vaddr, but the offset in the file is
relative to ElfW(Phdr).p_offset. These values can differ, so the
computed address at runtime must be translated into a file offset
relative to p_offset.
This is largely cosmetic, since the text section that should contain the
HMAC usually has both p_vaddr and p_offset set to 0.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (_gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
Fix the cast.
--
Backport master commit of:
5420cbbd3ec7ebf081224796e8d1f8299f7ad985
The object referenced by H is actually the target object of the
particular struct, so, no problem for alignment.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* m4/gpg-error.m4: Unset GPGRT_CONFIG when it doesn't work well.
--
Cherry-picked the master commit of:
bff9f1b024647e18b2c87dcd769c0e449f7752e6
With older version of libgpg-error (< 1.33), the gpgrt-config
script doesn't support .pc files.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hmac.c: Release HMAC256 context
--
Cherry-picked the master commit of:
6994d874af865cc6ba95a8a6eb5a8fe048e88e07
LeakSanitizer marks the allocation of this context as leaked. Since the
hmac binary is used during the build with --enable-hmac-binary-check,
this fails the build with AddressSanitizer/LeakSanitizer.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_sign_md): Fix memory leak in FIPS mode when
used with SHA1
* tests/basic.c (check_one_cipher_core): Add missing free in error code
triggered in FIPS mode
* tests/dsa-rfc6979.c (check_dsa_rfc6979): Likewise
* tests/pubkey.c (check_x931_derived_key): Likewise
--
Cherry-picked the master commit of:
7fc5d33e74164519edcd8127a35cc21228d2727f
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
| |
--
Cherry-picked the master commit of:
b7dcb576bc1bb2cc23c29395f0c78c495af971d3
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (rotr64): We use u64 in libgcrypt.
--
Cherry-picked the master commit of:
e257fe39b8ffafa3b1fc72b00db1ea43d29c9983
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* random/jitterentropy-base-user.h: Include <fcntl.h> for O_RDONLY
* random/jitterentropy-base-user.h: Include <limits.h> for LONG_MAX
--
Fixes the build with musl libc.
Signed-off-by: Heiko Becker <heirecka@exherbo.org>
|
|
|
|
| |
--
|
| |
|