rpms / libgcrypt

Clone
Source Code
GIT

Blame libgcrypt-1.5.0-tests.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 main rawhide
  1.   c907a55cb5d9d41cad1052d59bc228b87276a0c0
  2.   libgcrypt-1.5.0-tests.patch
Blob History Raw
b505458 
diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
b505458 
--- libgcrypt-1.5.0/cipher/dsa.c.tests	2011-06-13 12:24:46.000000000 +0200
b505458 
+++ libgcrypt-1.5.0/cipher/dsa.c	2011-07-20 16:44:51.000000000 +0200
b505458 
@@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
b505458 
             initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
16991a5 
                                                     &initial_seed.seedlen);
16991a5 
         }
b505458 
-
16991a5 
-      /* Fixme: Enable 186-3 after it has been approved and after fixing
16991a5 
-         the generation function.  */
16991a5 
-      /*   if (use_fips186_2) */
16991a5 
-      (void)use_fips186_2;
b505458 
-      ec = _gcry_generate_fips186_2_prime (nbits, qbits,
b505458 
-                                           initial_seed.seed,
b505458 
+
16991a5 
+      if (use_fips186_2)
16991a5 
+        ec = _gcry_generate_fips186_2_prime (nbits, qbits,
b505458 
+                                           initial_seed.seed,
16991a5 
                                            initial_seed.seedlen,
b505458 
                                            &prime_q, &prime_p,
16991a5 
                                            r_counter,
16991a5 
                                            r_seed, r_seedlen);
16991a5 
-      /*   else */
16991a5 
-      /*     ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
16991a5 
-      /*                                          &prime_q, &prime_p, */
16991a5 
-      /*                                          r_counter, */
16991a5 
-      /*                                          r_seed, r_seedlen, NULL); */
16991a5 
+      else
16991a5 
+        ec = _gcry_generate_fips186_3_prime (nbits, qbits,
16991a5 
+                                          initial_seed.seed,
16991a5 
+                                          initial_seed.seedlen,
16991a5 
+                                          &prime_q, &prime_p,
16991a5 
+                                          r_counter,
16991a5 
+                                          r_seed, r_seedlen, NULL);
16991a5 
       gcry_sexp_release (initial_seed.sexp);
16991a5 
       if (ec)
16991a5 
         goto leave;
b505458 
diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
b505458 
--- libgcrypt-1.5.0/cipher/primegen.c.tests	2011-03-28 14:19:52.000000000 +0200
b505458 
+++ libgcrypt-1.5.0/cipher/primegen.c	2011-07-21 14:36:03.000000000 +0200
16991a5 
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
16991a5 
   gpg_err_code_t ec;
16991a5 
   unsigned char seed_help_buffer[256/8];  /* Used to hold a generated SEED. */
16991a5 
   unsigned char *seed_plus;     /* Malloced buffer to hold SEED+x.  */
16991a5 
-  unsigned char digest[256/8];  /* Helper buffer for SHA-1 digest.  */
16991a5 
+  unsigned char digest[256/8];  /* Helper buffer for SHA-x digest.  */
16991a5 
   gcry_mpi_t val_2 = NULL;      /* Helper for the prime test.  */
16991a5 
   gcry_mpi_t tmpval = NULL;     /* Helper variable.  */
16991a5 
   int hashalgo;                 /* The id of the Approved Hash Function.  */
16991a5 
@@ -1737,7 +1737,7 @@ _gcry_generate_fips186_3_prime (unsigned
16991a5 
         }
16991a5 
       gcry_mpi_release (prime_q); prime_q = NULL;
b505458 
       ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
16991a5 
-                                        value_u, sizeof value_u, NULL));
16991a5 
+                                        value_u, qbits/8, NULL));
16991a5 
       if (ec)
16991a5 
         goto leave;
16991a5 
       mpi_set_highbit (prime_q, qbits-1 );
474b273 
@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned
16991a5 
               if (seed_plus[i])
16991a5 
                 break;
16991a5 
             }
16991a5 
-          gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
16991a5 
+          gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
b505458
16991a5 
           gcry_mpi_release (tmpval); tmpval = NULL;
16991a5 
           ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
474b273 
-                                            digest, sizeof digest, NULL));
474b273 
+                                            digest, qbits/8, NULL));
474b273 
           if (ec)
474b273 
             goto leave;
474b273 
           if (value_j == value_n)
16991a5 
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
16991a5 
     }
16991a5
16991a5 
   /* Step 12:  Save p, q, counter and seed.  */
16991a5 
-  log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
16991a5 
+/*  log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
16991a5 
              mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
16991a5 
   log_printhex("fips186-3 seed:", seed, seedlen);
16991a5 
   log_mpidump ("fips186-3 prime p", prime_p);
16991a5 
-  log_mpidump ("fips186-3 prime q", prime_q);
16991a5 
+  log_mpidump ("fips186-3 prime q", prime_q); */
16991a5 
   if (r_q)
16991a5 
     {
16991a5 
       *r_q = prime_q;
b505458 
diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
b505458 
--- libgcrypt-1.5.0/cipher/rsa.c.tests	2011-06-10 10:53:41.000000000 +0200
b505458 
+++ libgcrypt-1.5.0/cipher/rsa.c	2011-07-21 14:36:59.000000000 +0200
16991a5 
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
16991a5
16991a5 
   *swapped = 0;
16991a5
16991a5 
-  if (e_value == 1)   /* Alias for a secure value. */
16991a5 
+  if (e_value == 1 || e_value == 0)   /* Alias for a secure value. */
b505458 
     e_value = 65537;
16991a5
16991a5 
   /* Point 1 of section 4.1:  k = 1024 + 256s with S >= 0  */
b505458 
diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
b505458 
--- libgcrypt-1.5.0/random/random-fips.c.tests	2011-07-20 16:40:59.000000000 +0200
b505458 
+++ libgcrypt-1.5.0/random/random-fips.c	2011-07-20 16:40:59.000000000 +0200
16991a5 
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
16991a5
16991a5 
   check_guards (rng_ctx);
16991a5
16991a5 
+ reinitialize:
16991a5 
   /* Initialize the cipher handle and thus setup the key if needed.  */
16991a5 
   if (!rng_ctx->cipher_hd)
16991a5 
     {
16991a5 
@@ -710,13 +711,11 @@ get_random (void *buffer, size_t length,
16991a5 
   if (rng_ctx->key_init_pid != getpid ()
16991a5 
       || rng_ctx->seed_init_pid != getpid ())
16991a5 
     {
16991a5 
-      /* We are in a child of us.  Because we have no way yet to do
16991a5 
-         proper re-initialization (including self-checks etc), the
16991a5 
-         only chance we have is to bail out.  Obviusly a fork/exec
16991a5 
-         won't harm because the exec overwrites the old image. */
16991a5 
-      fips_signal_error ("fork without proper re-initialization "
16991a5 
-                         "detected in RNG");
16991a5 
-      goto bailout;
16991a5 
+      /* Just reinitialize the key & seed. */
16991a5 
+      gcry_cipher_close(rng_ctx->cipher_hd);
16991a5 
+      rng_ctx->cipher_hd = NULL;
16991a5 
+      rng_ctx->is_seeded = 0;
16991a5 
+      goto reinitialize;
16991a5 
     }
16991a5
16991a5 
   if (x931_aes_driver (buffer, length, rng_ctx))
b505458 
diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
b505458 
--- libgcrypt-1.5.0/tests/ac.c.tests	2011-02-04 20:18:20.000000000 +0100
b505458 
+++ libgcrypt-1.5.0/tests/ac.c	2011-07-20 16:40:59.000000000 +0200
16991a5 
@@ -150,6 +150,9 @@ main (int argc, char **argv)
16991a5 
   if (!gcry_check_version (GCRYPT_VERSION))
16991a5 
     die ("version mismatch\n");
16991a5 
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
16991a5 
+  if (gcry_fips_mode_active())
16991a5 
+    /* ac not functional in the fips mode, skip it */
16991a5 
+    return 77;
16991a5 
   if (debug)
16991a5 
     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
16991a5 
   /* No valuable keys are create, so we can speed up our RNG. */
b505458 
diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
b505458 
--- libgcrypt-1.5.0/tests/ac-data.c.tests	2011-02-04 20:18:20.000000000 +0100
b505458 
+++ libgcrypt-1.5.0/tests/ac-data.c	2011-07-20 16:40:59.000000000 +0200
16991a5 
@@ -198,6 +198,9 @@ main (int argc, char **argv)
16991a5 
   if (!gcry_check_version (GCRYPT_VERSION))
16991a5 
     die ("version mismatch\n");
16991a5 
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
16991a5 
+  if (gcry_fips_mode_active())
16991a5 
+    /* ac not functional in the fips mode, skip it */
16991a5 
+    return 77;
16991a5 
   if (debug)
16991a5 
     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
16991a5
b505458 
diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
b505458 
--- libgcrypt-1.5.0/tests/ac-schemes.c.tests	2011-02-04 20:18:20.000000000 +0100
b505458 
+++ libgcrypt-1.5.0/tests/ac-schemes.c	2011-07-20 16:40:59.000000000 +0200
16991a5 
@@ -338,6 +338,9 @@ main (int argc, char **argv)
16991a5 
   if (! gcry_check_version (GCRYPT_VERSION))
16991a5 
     die ("version mismatch\n");
16991a5 
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
16991a5 
+  if (gcry_fips_mode_active())
16991a5 
+    /* ac not functional in the fips mode, skip it */
16991a5 
+    return 77;
16991a5 
   if (debug)
16991a5 
     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
16991a5
b505458 
diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
b505458 
--- libgcrypt-1.5.0/tests/keygen.c.tests	2011-02-04 20:18:20.000000000 +0100
b505458 
+++ libgcrypt-1.5.0/tests/keygen.c	2011-07-21 14:39:03.000000000 +0200
16991a5 
@@ -148,12 +148,12 @@ check_rsa_keys (void)
16991a5 
     }
16991a5
16991a5 
   if (verbose)
16991a5 
-    fprintf (stderr, "creating 1536 bit DSA key\n");
16991a5 
+    fprintf (stderr, "creating 2048 bit DSA key\n");
b505458 
   rc = gcry_sexp_new (&keyparm,
16991a5 
                       "(genkey\n"
16991a5 
                       " (dsa\n"
16991a5 
-                      "  (nbits 4:1536)\n"
16991a5 
-                      "  (qbits 3:224)\n"
16991a5 
+                      "  (nbits 4:2048)\n"
16991a5 
+                      "  (qbits 3:256)\n"
16991a5 
                       " ))", 0, 1);
16991a5 
   if (rc)
16991a5 
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
16991a5 
@@ -190,11 +190,11 @@ check_rsa_keys (void)
16991a5
16991a5
16991a5 
   if (verbose)
16991a5 
-    fprintf (stderr, "creating 512 bit RSA key with e=257\n");
16991a5 
+    fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
b505458 
   rc = gcry_sexp_new (&keyparm,
16991a5 
                       "(genkey\n"
16991a5 
                       " (rsa\n"
16991a5 
-                      "  (nbits 3:512)\n"
16991a5 
+                      "  (nbits 4:1024)\n"
16991a5 
                       "  (rsa-use-e 3:257)\n"
16991a5 
                       " ))", 0, 1);
16991a5 
   if (rc)
16991a5 
@@ -208,11 +208,11 @@ check_rsa_keys (void)
16991a5 
   gcry_sexp_release (key);
16991a5
16991a5 
   if (verbose)
16991a5 
-    fprintf (stderr, "creating 512 bit RSA key with default e\n");
16991a5 
+    fprintf (stderr, "creating 1024 bit RSA key with default secure e\n");
b505458 
   rc = gcry_sexp_new (&keyparm,
16991a5 
                       "(genkey\n"
16991a5 
                       " (rsa\n"
16991a5 
-                      "  (nbits 3:512)\n"
16991a5 
+                      "  (nbits 4:1024)\n"
16991a5 
                       "  (rsa-use-e 1:0)\n"
16991a5 
                       " ))", 0, 1);
16991a5 
   if (rc)
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.