| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
--
GnuPG-bug-id: 5596
Contributed-by: Mikhail Ryazanov
|
| |
|
|
|
| |
* cipher/sha256.c: Add X9.62 OID.
* cipher/sha512.c: Ditto.
|
| |
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (ECC_ALGO_BRAINP256R1): New.
(ecc_algo_fips_allowed): Support this curve.
(ecc_algo_name): Ditto.
(ecc_algo_curve): Ditto.
(ecc_nbits): Ditto.
(bench_ecc_init): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (get_file_offset): Compute the maximum offset
of segments.
* src/gen-note-integrity.sh: Likewise.
--
Backport master commit of:
052c5ef4cea56772b7015e36f231fa0bcbf91410
The result is same (in current format of ELF program).
Semantics is more clear. It hashes:
- From the start of shared library file,
- fixed up the ELF header to exclude link-time information,
- up to the last segment.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gen-note-integrity.sh: Simplify detecting 32-bit machine
or 64-bit machine.
--
Backport master commit of:
3c8b6c4a9cad59c5e1db5706f6774a3141b60210
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/Makefile.am (EXTRA_DIST): Change the name of the script.
(libgcrypt.la.done): Invoce OBJCOPY with --add-section.
(libgcrypt.so.hmac): Specify ECHO_N.
* src/fips.c (get_file_offset): Rename from get_file_offsets.
Find the note section and return the value in HMAC.
(hmac256_check): Simplify by HMAC from the note section, not loaded.
(check_binary_integrity): Use dladdr instead of dladdr1.
* src/gen-note-integrity.sh: Rename from genhmac.sh.
Generate ElfN_Nhdr, and then the hmac.
--
Backport master commit of:
a340e980388243ceae6df57d101036f3f2a955be
The idea of use of .note is by Daiki Ueno.
https://gitlab.com/dueno/integrity-notes
Further, instead of NOTE segment loaded onto memory, use noload
section in the file.
Thanks to Clemens Lang for initiating this direction of improvement.
The namespace "FDO" would need to be changed.
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (READELF): Check the tool.
* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
* src/fips.c (get_file_offsets): Rename from get_file_offset.
Determine the OFFSET2 at the end of loadable segments, too.
Add fixup of the ELF header to exclude section information.
(hmac256_check): Finish scanning at the end of loadble segments.
* src/genhmac.sh: New.
--
Backport master commit of:
9dcf9305962b90febdf2d7cc73b49feadbf6a01f
This change fixes the build with ld.gold.
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
--
Backport master commit of:
521500624b4b11538d206137205e2a511dad7072
Coding style fix.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c [ENABLE_HMAC_BINARY_CHECK] (hmac256_check): Use ELF headers
to locate the file offset for the HMAC in addition to information from
the loader
--
Backport master commit of:
beb5d6df5c5785db7c32a24a5d2a351cb964bfbc
The previous method of locating the offset of the .rodata1 section in
the ELF file on disk used information obtained from the loader. This
computed the address of the value in memory at runtime, but the offset
in the file can be different. Specifically, the old code computed
a value relative to ElfW(Phdr).p_vaddr, but the offset in the file is
relative to ElfW(Phdr).p_offset. These values can differ, so the
computed address at runtime must be translated into a file offset
relative to p_offset.
This is largely cosmetic, since the text section that should contain the
HMAC usually has both p_vaddr and p_offset set to 0.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (_gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
Fix the cast.
--
Backport master commit of:
5420cbbd3ec7ebf081224796e8d1f8299f7ad985
The object referenced by H is actually the target object of the
particular struct, so, no problem for alignment.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* m4/gpg-error.m4: Unset GPGRT_CONFIG when it doesn't work well.
--
Cherry-picked the master commit of:
bff9f1b024647e18b2c87dcd769c0e449f7752e6
With older version of libgpg-error (< 1.33), the gpgrt-config
script doesn't support .pc files.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hmac.c: Release HMAC256 context
--
Cherry-picked the master commit of:
6994d874af865cc6ba95a8a6eb5a8fe048e88e07
LeakSanitizer marks the allocation of this context as leaked. Since the
hmac binary is used during the build with --enable-hmac-binary-check,
this fails the build with AddressSanitizer/LeakSanitizer.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_sign_md): Fix memory leak in FIPS mode when
used with SHA1
* tests/basic.c (check_one_cipher_core): Add missing free in error code
triggered in FIPS mode
* tests/dsa-rfc6979.c (check_dsa_rfc6979): Likewise
* tests/pubkey.c (check_x931_derived_key): Likewise
--
Cherry-picked the master commit of:
7fc5d33e74164519edcd8127a35cc21228d2727f
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
--
Cherry-picked the master commit of:
b7dcb576bc1bb2cc23c29395f0c78c495af971d3
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (rotr64): We use u64 in libgcrypt.
--
Cherry-picked the master commit of:
e257fe39b8ffafa3b1fc72b00db1ea43d29c9983
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* random/jitterentropy-base-user.h: Include <fcntl.h> for O_RDONLY
* random/jitterentropy-base-user.h: Include <limits.h> for LONG_MAX
--
Fixes the build with musl libc.
Signed-off-by: Heiko Becker <heirecka@exherbo.org>
|
| |
|
|
| |
--
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/rsa.c (generate_fips): Set the default EC again.
--
GnuPG-bug-id: 5806
Fixes-commit: 40d63d09b2d06631f4d2c3d1b167a620d50c99f8
That minor bug is not found in any released code.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Initialize integer values
not to confuse static analyzers.
(_gcry_ecc_eddsa_verify): Ditto.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
* src/fips.c (hmac256_check): Remove unused assignment.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
* cipher/cipher-siv.c (_gcry_cipher_siv_setkey): Remove dead code
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
* random/jitterentropy-noise.c (jent_memaccess): Move check before
dereferencing the pointer.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (beswap64_block): New.
(argon2_fill_first_blocks): Convert to native endian.
(pseudo_random_generate): Run in native endian.
(argon2_compute_segment): Run in native endian.
(argon2_final): Convert from native endian.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* cipher/blake2.c (blake2b_vl_hash): Wipe the memory.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (argon2_compute): Handle failed job dispatch/wait.
* tests/t-kdf.c (pthread_jobs_launch_job)
(wait_all_jobs_completion): Handle errors returned from pthread functions.
--
This allows thread helpers to return error code, which causes
KDF processing to stop.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (argon2_fill_first_blocks): Convert to use iov
hash_buffers API instead of _gcry_md_*.
--
More direct use of BLAKE2b avoids overhead from md object creation
and cleanup.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* src/gcrypt.h.in (gcry_kdf_job_fn_t): New.
(gcry_kdf_dispatch_job_fn_t): Renamed from 'gcry_kdf_lauch_job_t'; Use
'gcry_kdf_job_fn_t' for function pointer parameter.
(gcry_kdf_wait_all_jobs_fn_t): Renamed from
'gcry_kdf_wait_all_jobs_completion_t'.
(gcry_kdf_thread_ops_t): Rename functions to 'dispatch_job' and
'wait_all_jobs'.
* cipher/kdf.c (argon2_compute): Change to use 'dispatch_job' and
'wait_all_jobs'.
* tests/t-kdf.c (job_thread_param, pthread_jobs_launch_job): Use
'gcry_kdf_job_fn_t' type for 'job'.
--
Rename 'launch_job' to 'dispatch_job', dispatch feels better
word to describe the action here. Also remove '_completion'
from wait_all function name as it makes name unnecessary long.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* src/gcrypt.h.in (gcry_kdf_thread_ops_t): New based on
'struct gcry_kdf_thread_ops'.
(gcry_kdf_compute): Use 'gcry_kdf_thread_ops_t' instead of
'struct gcry_kdf_thread_ops'.
* tests/Makefile.am: Define 't_kdf_LDADD' and 't_kdf_CFLAGS' on
win32/win64 target too.
* tests/t-kdf.c (pthread_jobs_launch_job): Set 'oldest_thread_idx' on
first thread creation.
(wait_all_jobs_completion): Reset 'oldest_thread_idx' to -1.
(my_kdf_derive): Merge HAVE_PTHREAD ifdefs; Initialize 'oldest_thread_idx'
to -1.
--
Windows build was not working because of missing HAVE_PTHREAD in
't-kdf.c' and LDADD/CFLAGS issue in 'Makefile.am'.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (argon2_ctl): Remove.
(argon2_iterator): Remove.
(argon2_compute_segment): Change the API.
(argon2_compute): New.
(argon2_open): No optional N_THERADS any more.
(_gcry_kdf_ctl): Remove.
(_gcry_kdf_iterator, _gcry_kdf_compute_segment): Remove.
(_gcry_kdf_compute): New.
* src/gcrypt-int.h: Update declarations.
* src/gcrypt.h.in: Likewise.
* src/libgcrypt.def: Update.
* src/libgcrypt.vers: Update.
* src/visibility.c: Update.
* src/visibility.h: Update.
* tests/t-kdf.c (check_argon2): Update the test with change of new
API.
--
GnuPG-bug-id: 5797
Co-authored-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (hash): Remove, as it's not possible to implement with
_gcry_md_* programming interface.
(xor_block): New.
(argon2_fill_first_blocks): Rename from argon2_genh0_first_blocks.
(argon2_init): Don't use ->HD any more.
(fill_block, pseudo_random_generate, index_alpha): New.
(argon2_compute_segment): Implement ARGOND, ARGON2I and ARGON2ID.
(argon2_final): Fix using blake2b_vl_hash.
(argon2_open): Fix for parameters and the restriction for output length.
* tests/t-kdf.c (check_argon2): Update test vector for version 0x13.
(main): Enable the test.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* cipher/blake2.c (blake2b_vl_hash): New.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (struct argon2_thread_data): Change layout.
(argon2_iterator): Use struct gcry_kdf_pt_head.
(argon2_compute_segment): Rename from argon2_compute_row.
(argon2_open): Handle N_THREAD maximum.
(_gcry_kdf_iterator): Use struct gcry_kdf_pt_head.
(_gcry_kdf_compute_segment): Rename from _gcry_kdf_compute_row.
* src/gcrypt-int.h: Update declarations.
* src/gcrypt.h.in (struct gcry_kdf_pt_head): Expose the data type.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.c, src/visibility.h: Update.
* tests/t-kdf.c (start_thread, my_kdf_derive): Follow the change.
--
Fixes-commit: bafdb90d97b65db541ea917088ca956e6a364f6b
GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| | |
--
Fixes-commit: 65998903f6d17e702fb35b9d4878e33715981298
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cipher/kdf.c (struct argon2_thread_data): Change layout.
(argon2_iterator): Use struct gcry_kdf_pt_head.
(argon2_compute_segment): Rename from argon2_compute_row.
(argon2_open): Handle N_THREAD maximum.
(_gcry_kdf_iterator): Use struct gcry_kdf_pt_head.
(_gcry_kdf_compute_segment): Rename from _gcry_kdf_compute_row.
* src/gcrypt-int.h: Update declarations.
* src/gcrypt.h.in (struct gcry_kdf_pt_head): Expose the data type.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.c, src/visibility.h: Update.
* tests/t-kdf.c (start_thread, my_kdf_derive): Follow the change.
--
Fixes-commit: bafdb90d97b65db541ea917088ca956e6a364f6b
GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |/
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Check sys/random.h.
* random/rndgetentropy.c [HAVE_SYS_RANDOM_H]: Include it.
--
Reported-by: Christoph Badura <bad@bsd.de>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (hash, argon2_genh0_first_blocks): New for Argon2.
(argon2_init, argon2_ctl, argon2_iterator): Likewise.
(argon2_compute_row, argon2_final, argon2_close): Likewise.
(argon2_open): Likewise.
(balloon_open): New for Balloon.
(_gcry_kdf_open, _gcry_kdf_ctl, _gcry_kdf_iterator): Add new API.
(_gcry_kdf_compute_row, _gcry_kdf_final, _gcry_kdf_close): Likewise.
* src/gcrypt-int.h: Add declarations for new API.
* src/gcrypt.h.in: Likewise.
(enum gcry_kdf_algos): Add GCRY_KDF_ARGON2 and GCRY_KDF_BALLOON.
(enum gcry_kdf_subalgo_argon2): Add GCRY_KDF_ARGON2D,
GCRY_KDF_ARGON2I, and GCRY_KDF_ARGON2ID.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.h: Likewise.
* src/visibility.c: Add new API.
* tests/Makefile.am (t_kdf_LDADD, t_kdf_CFLAGS): Enable use of pthread.
* tests/t-kdf.c (check_argon2): New, not enabled yet.
--
New API has been added, decoupling thread support. Implementation of
Argon2 is on-going. Test is not enabled yet.
GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/types.h (u64): Prefer use of uint64_t with C99 compliant
compiler.
--
In libgcrypt, we use u64 for 64-bit unsigned integer, it's before C99.
Newer jitterentropy introduces use of uint64_t.
In LP64 systems, there are two variants: (1) uint64_t is defined as
unsigned long, (2) uint64_t is defined as unsigned long long.
macOS is the latter.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/t-rsa-15.c (one_test_sexp): Initialize OUT_LEN.
* tests/t-rsa-pss.c (one_test_sexp): Initialize CTX and OUT_LEN.
Fix the if condition.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* mpi/Makefile.am: Add missing header file.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi: List implemented GOST curves.
Update location of the HMAC selftests and add SHA3 ones.
Add information about ECC selftests.
Add information about KDF selftests.
Update information about additional MAC selftests.
Update ifnromation about FIPS allowed algorithms.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_pbkdf2, check_scrypt): Change fprintf format
for plen from "%ld" to "%u" and cast plen to 'unsigned int'.
--
Fix compiler warning: "format ‘%ld’ expects argument of type ‘long int’, but
argument 3 has type ‘size_t’ {aka ‘unsigned int’}".
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* cipher/cipher-gcm.c (setupM): Remove ifdef around 'features'.
--
GnuPG-bug-id: 5796
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* cipher/scrypt.c (_gcry_kdf_scrypt): Single call to PBKDF2.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (check_one): Skip a test with shorter passphrase in
FIPS mode.
(selftest_pbkdf2): Recover selftest cases.
* cipher/mac-hmac.c (check_one): Skip a test with shorter key in FIPS
mode.
(selftests_sha224, selftests_sha256): Recover selftest cases.
(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.
--
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
