|
 |
247b211 |
diff -up libgcrypt-1.6.1/cipher/dsa.c.tests libgcrypt-1.6.1/cipher/dsa.c
|
|
|
247b211 |
--- libgcrypt-1.6.1/cipher/dsa.c.tests 2014-02-28 13:39:01.727288335 +0100
|
|
|
247b211 |
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-02-28 13:46:21.727458285 +0100
|
|
|
247b211 |
@@ -423,22 +423,29 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
|
247b211 |
initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1,
|
|
|
16991a5 |
&initial_seed.seedlen);
|
|
|
16991a5 |
}
|
|
|
b505458 |
-
|
|
|
16991a5 |
- /* Fixme: Enable 186-3 after it has been approved and after fixing
|
|
|
16991a5 |
- the generation function. */
|
|
|
16991a5 |
- /* if (use_fips186_2) */
|
|
|
16991a5 |
- (void)use_fips186_2;
|
|
|
b505458 |
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|
|
16991a5 |
+ if (use_fips186_2)
|
|
|
247b211 |
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|
|
247b211 |
initial_seed.seed,
|
|
|
16991a5 |
initial_seed.seedlen,
|
|
|
b505458 |
&prime_q, &prime_p,
|
|
|
16991a5 |
r_counter,
|
|
|
16991a5 |
r_seed, r_seedlen);
|
|
|
16991a5 |
- /* else */
|
|
|
16991a5 |
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
|
|
|
16991a5 |
- /* &prime_q, &prime_p, */
|
|
|
16991a5 |
- /* r_counter, */
|
|
|
16991a5 |
- /* r_seed, r_seedlen, NULL); */
|
|
|
247b211 |
+ else if (!domain->p || !domain->q)
|
|
|
16991a5 |
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
|
|
16991a5 |
+ initial_seed.seed,
|
|
|
16991a5 |
+ initial_seed.seedlen,
|
|
|
16991a5 |
+ &prime_q, &prime_p,
|
|
|
16991a5 |
+ r_counter,
|
|
|
16991a5 |
+ r_seed, r_seedlen, NULL);
|
|
|
247b211 |
+ else
|
|
|
247b211 |
+ {
|
|
|
247b211 |
+ /* Domain parameters p and q are given; use them. */
|
|
|
247b211 |
+ prime_p = mpi_copy (domain->p);
|
|
|
247b211 |
+ prime_q = mpi_copy (domain->q);
|
|
|
247b211 |
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
|
|
247b211 |
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
|
|
247b211 |
+ ec = 0;
|
|
|
247b211 |
+ }
|
|
|
247b211 |
sexp_release (initial_seed.sexp);
|
|
|
16991a5 |
if (ec)
|
|
|
16991a5 |
goto leave;
|
|
|
247b211 |
@@ -829,13 +829,12 @@ dsa_generate (const gcry_sexp_t genparms
|
|
|
247b211 |
sexp_release (l1);
|
|
|
247b211 |
sexp_release (domainsexp);
|
|
|
247b211 |
|
|
|
247b211 |
- /* Check that all domain parameters are available. */
|
|
|
247b211 |
- if (!domain.p || !domain.q || !domain.g)
|
|
|
247b211 |
+ /* Check that p and q domain parameters are available. */
|
|
|
247b211 |
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
|
|
247b211 |
{
|
|
|
247b211 |
_gcry_mpi_release (domain.p);
|
|
|
247b211 |
_gcry_mpi_release (domain.q);
|
|
|
247b211 |
_gcry_mpi_release (domain.g);
|
|
|
247b211 |
- sexp_release (deriveparms);
|
|
|
247b211 |
return GPG_ERR_MISSING_VALUE;
|
|
|
247b211 |
}
|
|
|
247b211 |
|
|
|
247b211 |
diff -up libgcrypt-1.6.1/cipher/primegen.c.tests libgcrypt-1.6.1/cipher/primegen.c
|
|
|
247b211 |
--- libgcrypt-1.6.1/cipher/primegen.c.tests 2014-01-29 10:48:38.000000000 +0100
|
|
|
247b211 |
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-02-28 13:49:52.291325147 +0100
|
|
|
247b211 |
@@ -1649,7 +1649,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
|
16991a5 |
gpg_err_code_t ec;
|
|
|
16991a5 |
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
|
|
16991a5 |
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
|
|
|
16991a5 |
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
|
|
|
16991a5 |
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
|
|
|
16991a5 |
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
|
|
|
16991a5 |
gcry_mpi_t tmpval = NULL; /* Helper variable. */
|
|
|
16991a5 |
int hashalgo; /* The id of the Approved Hash Function. */
|
|
|
247b211 |
@@ -1739,7 +1739,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
|
16991a5 |
}
|
|
|
247b211 |
_gcry_mpi_release (prime_q); prime_q = NULL;
|
|
|
247b211 |
ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
|
|
|
247b211 |
- value_u, sizeof value_u, NULL);
|
|
|
247b211 |
+ value_u, qbits/8, NULL);
|
|
|
16991a5 |
if (ec)
|
|
|
16991a5 |
goto leave;
|
|
|
16991a5 |
mpi_set_highbit (prime_q, qbits-1 );
|
|
|
247b211 |
@@ -1784,11 +1784,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
|
16991a5 |
if (seed_plus[i])
|
|
|
16991a5 |
break;
|
|
|
16991a5 |
}
|
|
|
247b211 |
- _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
|
|
|
247b211 |
+ _gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
|
|
|
b505458 |
|
|
|
247b211 |
_gcry_mpi_release (tmpval); tmpval = NULL;
|
|
|
247b211 |
ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
|
|
|
247b211 |
- digest, sizeof digest, NULL);
|
|
|
247b211 |
+ digest, qbits/8, NULL);
|
|
|
474b273 |
if (ec)
|
|
|
474b273 |
goto leave;
|
|
|
474b273 |
if (value_j == value_n)
|
|
|
247b211 |
@@ -1824,11 +1824,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
|
16991a5 |
}
|
|
|
16991a5 |
|
|
|
16991a5 |
/* Step 12: Save p, q, counter and seed. */
|
|
|
16991a5 |
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
|
|
247b211 |
+ /* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
|
|
16991a5 |
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
|
|
|
247b211 |
log_printhex ("fips186-3 seed", seed, seedlen);
|
|
|
247b211 |
log_printmpi ("fips186-3 p", prime_p);
|
|
|
247b211 |
- log_printmpi ("fips186-3 q", prime_q);
|
|
|
247b211 |
+ log_printmpi ("fips186-3 q", prime_q); */
|
|
|
16991a5 |
if (r_q)
|
|
|
16991a5 |
{
|
|
|
16991a5 |
*r_q = prime_q;
|
|
|
247b211 |
diff -up libgcrypt-1.6.1/cipher/rsa.c.tests libgcrypt-1.6.1/cipher/rsa.c
|
|
|
247b211 |
--- libgcrypt-1.6.1/cipher/rsa.c.tests 2014-01-29 08:49:49.000000000 +0100
|
|
|
247b211 |
+++ libgcrypt-1.6.1/cipher/rsa.c 2014-02-28 13:39:01.727288335 +0100
|
|
|
247b211 |
@@ -399,7 +399,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
|
|
16991a5 |
|
|
|
16991a5 |
*swapped = 0;
|
|
|
16991a5 |
|
|
|
16991a5 |
- if (e_value == 1) /* Alias for a secure value. */
|
|
|
16991a5 |
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
|
|
b505458 |
e_value = 65537;
|
|
|
16991a5 |
|
|
|
16991a5 |
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
|
|
247b211 |
diff -up libgcrypt-1.6.1/random/random-fips.c.tests libgcrypt-1.6.1/random/random-fips.c
|
|
|
247b211 |
--- libgcrypt-1.6.1/random/random-fips.c.tests 2014-01-29 10:48:38.000000000 +0100
|
|
|
247b211 |
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 13:39:01.727288335 +0100
|
|
|
247b211 |
@@ -692,6 +692,7 @@ get_random (void *buffer, size_t length,
|
|
|
16991a5 |
|
|
|
16991a5 |
check_guards (rng_ctx);
|
|
|
16991a5 |
|
|
|
16991a5 |
+ reinitialize:
|
|
|
16991a5 |
/* Initialize the cipher handle and thus setup the key if needed. */
|
|
|
16991a5 |
if (!rng_ctx->cipher_hd)
|
|
|
16991a5 |
{
|
|
|
247b211 |
@@ -711,13 +712,11 @@ get_random (void *buffer, size_t length,
|
|
|
16991a5 |
if (rng_ctx->key_init_pid != getpid ()
|
|
|
16991a5 |
|| rng_ctx->seed_init_pid != getpid ())
|
|
|
16991a5 |
{
|
|
|
16991a5 |
- /* We are in a child of us. Because we have no way yet to do
|
|
|
16991a5 |
- proper re-initialization (including self-checks etc), the
|
|
|
16991a5 |
- only chance we have is to bail out. Obviusly a fork/exec
|
|
|
16991a5 |
- won't harm because the exec overwrites the old image. */
|
|
|
16991a5 |
- fips_signal_error ("fork without proper re-initialization "
|
|
|
16991a5 |
- "detected in RNG");
|
|
|
16991a5 |
- goto bailout;
|
|
|
16991a5 |
+ /* Just reinitialize the key & seed. */
|
|
|
16991a5 |
+ gcry_cipher_close(rng_ctx->cipher_hd);
|
|
|
16991a5 |
+ rng_ctx->cipher_hd = NULL;
|
|
|
16991a5 |
+ rng_ctx->is_seeded = 0;
|
|
|
16991a5 |
+ goto reinitialize;
|
|
|
16991a5 |
}
|
|
|
16991a5 |
|
|
|
16991a5 |
if (x931_aes_driver (buffer, length, rng_ctx))
|
|
|
247b211 |
diff -up libgcrypt-1.6.1/tests/keygen.c.tests libgcrypt-1.6.1/tests/keygen.c
|
|
|
247b211 |
--- libgcrypt-1.6.1/tests/keygen.c.tests 2014-02-28 13:39:01.728288358 +0100
|
|
|
247b211 |
+++ libgcrypt-1.6.1/tests/keygen.c 2014-02-28 13:42:18.288831563 +0100
|
|
|
247b211 |
@@ -215,11 +215,11 @@ check_rsa_keys (void)
|
|
|
16991a5 |
|
|
|
16991a5 |
|
|
|
16991a5 |
if (verbose)
|
|
|
247b211 |
- show ("creating 512 bit RSA key with e=257\n");
|
|
|
247b211 |
+ show ("creating 1024 bit RSA key with e=257\n");
|
|
|
b505458 |
rc = gcry_sexp_new (&keyparm,
|
|
|
16991a5 |
"(genkey\n"
|
|
|
16991a5 |
" (rsa\n"
|
|
|
16991a5 |
- " (nbits 3:512)\n"
|
|
|
16991a5 |
+ " (nbits 4:1024)\n"
|
|
|
16991a5 |
" (rsa-use-e 3:257)\n"
|
|
|
16991a5 |
" ))", 0, 1);
|
|
|
16991a5 |
if (rc)
|
|
|
247b211 |
@@ -233,11 +233,11 @@ check_rsa_keys (void)
|
|
|
16991a5 |
gcry_sexp_release (key);
|
|
|
16991a5 |
|
|
|
16991a5 |
if (verbose)
|
|
|
247b211 |
- show ("creating 512 bit RSA key with default e\n");
|
|
|
247b211 |
+ show ("creating 1024 bit RSA key with default e\n");
|
|
|
b505458 |
rc = gcry_sexp_new (&keyparm,
|
|
|
16991a5 |
"(genkey\n"
|
|
|
16991a5 |
" (rsa\n"
|
|
|
16991a5 |
- " (nbits 3:512)\n"
|
|
|
16991a5 |
+ " (nbits 4:1024)\n"
|
|
|
16991a5 |
" (rsa-use-e 1:0)\n"
|
|
|
16991a5 |
" ))", 0, 1);
|
|
|
16991a5 |
if (rc)
|
|
|
247b211 |
@@ -307,12 +307,12 @@ check_dsa_keys (void)
|
|
|
247b211 |
}
|
|
|
247b211 |
|
|
|
247b211 |
if (verbose)
|
|
|
247b211 |
- show ("creating 1536 bit DSA key\n");
|
|
|
247b211 |
+ show ("creating 2048 bit DSA key\n");
|
|
|
247b211 |
rc = gcry_sexp_new (&keyparm,
|
|
|
247b211 |
"(genkey\n"
|
|
|
247b211 |
" (dsa\n"
|
|
|
247b211 |
- " (nbits 4:1536)\n"
|
|
|
247b211 |
- " (qbits 3:224)\n"
|
|
|
247b211 |
+ " (nbits 4:2048)\n"
|
|
|
247b211 |
+ " (qbits 3:256)\n"
|
|
|
247b211 |
" ))", 0, 1);
|
|
|
247b211 |
if (rc)
|
|
|
247b211 |
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|