Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory
checked in at 2022-09-19 16:02:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Mon Sep 19 16:02:44 2022 rev:93 rq:1004197 version:1.9.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2022-09-07
11:05:09.888273563 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new.2083/libgcrypt.changes
2022-09-19 16:02:45.978058930 +0200
@@ -1,0 +2,20 @@
+Thu Sep 8 10:34:53 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
+ * Add libgcrypt-FIPS-rndjent_poll.patch
+ * Rebase libgcrypt-jitterentropy-3.4.0.patch
+
+-------------------------------------------------------------------
+Wed Sep 7 22:03:51 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
+ * Consider approved keylength greater or equal to 112 bits.
+ * Add libgcrypt-FIPS-kdf-leylength.patch
+
+-------------------------------------------------------------------
+Wed Sep 7 12:53:14 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Zeroize buffer and digest in check_binary_integrity()
+ * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
+
+-------------------------------------------------------------------
New:
----
libgcrypt-FIPS-Zeroize-hmac.patch
libgcrypt-FIPS-kdf-leylength.patch
libgcrypt-FIPS-rndjent_poll.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.zgXpFt/_old 2022-09-19 16:02:47.010061687 +0200
+++ /var/tmp/diff_new_pack.zgXpFt/_new 2022-09-19 16:02:47.018061708 +0200
@@ -107,6 +107,12 @@
Patch46: libgcrypt-jitterentropy-3.4.0.patch
#PATCH-FIX-SUSE bsc#1182983 gpg: out of core handler ignored in FIPS mode
while typing Tab key to Auto-Completion
Patch47: libgcrypt-out-of-core-handler.patch
+#PATCH-FIX-SUSE bsc#1191020 FIPS: Zeroize buffer and digest in
check_binary_integrity()
+Patch48: libgcrypt-FIPS-Zeroize-hmac.patch
+#PATCH-FIX-SUSE bsc#1190700 FIPS: Check keylength in gcry_fips_indicator_kdf()
+Patch49: libgcrypt-FIPS-kdf-leylength.patch
+#PATCH-FIX-SUSE bsc#1202117 FIPS: Get most of the entropy from rndjent_poll
+Patch50: libgcrypt-FIPS-rndjent_poll.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.27
++++++ libgcrypt-FIPS-Zeroize-hmac.patch ++++++
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -905,6 +905,10 @@ check_binary_integrity (void)
char *fname = NULL;
const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+ /* A buffer of 64 bytes plus one for a LF and one to
+ * detect garbage. */
+ unsigned char buffer[64+1+1];
+
if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath,
sizeof(libpath)))
err = gpg_error_from_syserror ();
else
@@ -927,9 +931,6 @@ check_binary_integrity (void)
err = gpg_error_from_syserror ();
else
{
- /* A buffer of 64 bytes plus one for a LF and one to
- detect garbage. */
- unsigned char buffer[64+1+1];
const unsigned char *s;
int n;
@@ -957,6 +958,9 @@ check_binary_integrity (void)
}
}
}
+ /* Zeroize digest and buffer */
+ memset (digest, 0, sizeof(digest));
+ memset (buffer, 0, sizeof(buffer));
reporter ("binary", 0, fname, err? gpg_strerror (err):NULL);
#ifdef HAVE_SYSLOG
if (err)
++++++ libgcrypt-FIPS-kdf-leylength.patch ++++++
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -475,10 +475,15 @@ int
_gcry_fips_indicator_kdf (va_list arg_ptr)
{
enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
+ unsigned int keylen = 0;
switch (alg)
{
case GCRY_KDF_PBKDF2:
+ keylen = va_arg (arg_ptr, unsigned int);
+ if (keylen < 112) {
+ return GPG_ERR_NOT_SUPPORTED;
+ }
return GPG_ERR_NO_ERROR;
default:
return GPG_ERR_NOT_SUPPORTED;
Index: libgcrypt-1.9.4/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.9.4.orig/doc/gcrypt.texi
+++ libgcrypt-1.9.4/doc/gcrypt.texi
@@ -983,10 +983,12 @@ algorithm supports different key sizes).
this function returns @code{GPS_ERR_NO_ERROR}. Otherwise
@code{GPG_ERR_NOT_SUPPORTED}
is returned.
-@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos [,
unsigned int]
Check if the given KDF is approved under the current FIPS 140-3
-certification. If the KDF is approved, this function returns
@code{GPG_ERR_NO_ERROR}.
+certification. The second parameter provides the keylength in bits.
+Keylength values of less that 112 bits are considered non-approved.
+If the KDF is approved, this function returns @code{GPG_ERR_NO_ERROR}.
Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK; Arguments: enum gcry_pk_algos
++++++ libgcrypt-FIPS-rndjent_poll.patch ++++++
Index: libgcrypt-1.9.4/random/rndlinux.c
===================================================================
--- libgcrypt-1.9.4.orig/random/rndlinux.c
+++ libgcrypt-1.9.4/random/rndlinux.c
@@ -141,7 +141,7 @@ _gcry_rndlinux_gather_random (void (*add
volatile pid_t apid;
int fd;
int n;
- byte buffer[768];
+ byte buffer[256];
size_t n_hw;
size_t want = length;
size_t last_so_far = 0;
@@ -196,26 +196,43 @@ _gcry_rndlinux_gather_random (void (*add
my_pid = apid;
}
+ if (fips_mode())
+ {
+ if (level >= GCRY_VERY_STRONG_RANDOM)
+ {
+ size_t n;
- /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
- it account only for up to 50% (or 25% for RDRAND) of the requested
- bytes. */
- n_hw = _gcry_rndhw_poll_slow (add, origin, length);
- if (length > 1)
- length -= n_hw;
-
- /* When using a blocking random generator try to get some entropy
- * from the jitter based RNG. In this case we take up to 50% of the
- * remaining requested bytes. */
- if (level >= GCRY_VERY_STRONG_RANDOM)
- {
- n_hw = _gcry_rndjent_poll (add, origin, length/2);
- if (n_hw > length/2)
- n_hw = length/2;
+ n = _gcry_rndjent_poll (add, origin, length);
+ if (n == 0)
+ log_fatal ("unexpected error from rndjent: %s\n",
+ strerror (errno));
+ if (n > length)
+ n = length;
+ if (length > 1)
+ length -= n;
+ }
+ }
+ else
+ {
+ /* First read from a hardware source. Note that _gcry_rndhw_poll_slow
lets
+ it account only for up to 50% (or 25% for RDRAND) of the requested
+ bytes. */
+ n_hw = _gcry_rndhw_poll_slow (add, origin, length);
if (length > 1)
length -= n_hw;
- }
+ /* When using a blocking random generator try to get some entropy
+ * from the jitter based RNG. In this case we take up to 50% of the
+ * remaining requested bytes. */
+ if (level >= GCRY_VERY_STRONG_RANDOM)
+ {
+ n_hw = _gcry_rndjent_poll (add, origin, length/2);
+ if (n_hw > length/2)
+ n_hw = length/2;
+ if (length > 1)
+ length -= n_hw;
+ }
+ }
/* Open the requested device. The first time a device is to be
opened we fail with a fatal error if the device does not exists.
@@ -283,8 +301,6 @@ _gcry_rndlinux_gather_random (void (*add
do
{
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
- if (nbytes > 256)
- nbytes = 256;
_gcry_pre_syscall ();
ret = getentropy (buffer, nbytes);
_gcry_post_syscall ();
Index: libgcrypt-1.9.4/random/rndjent.c
===================================================================
--- libgcrypt-1.9.4.orig/random/rndjent.c
+++ libgcrypt-1.9.4/random/rndjent.c
@@ -279,13 +279,24 @@ _gcry_rndjent_poll (void (*add)(const vo
if (!jent_rng_is_initialized)
{
/* Auto-initialize. */
- jent_rng_is_initialized = 1;
jent_entropy_collector_free (jent_rng_collector);
jent_rng_collector = NULL;
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
{
- if (!jent_entropy_init ())
- jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ if (!jent_entropy_init_ex (1, 0))
+ {
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ jent_rng_is_initialized = 1;
+ }
+ }
+ }
+
+ if (!jent_rng_collector)
+ {
+ if (!jent_entropy_init_ex (1, 0))
+ {
+ jent_rng_collector = jent_entropy_collector_alloc (1, 0);
+ jent_rng_is_initialized = 1;
}
}
++++++ libgcrypt-jitterentropy-3.4.0.patch ++++++
--- /var/tmp/diff_new_pack.zgXpFt/_old 2022-09-19 16:02:47.194062178 +0200
+++ /var/tmp/diff_new_pack.zgXpFt/_new 2022-09-19 16:02:47.198062189 +0200
@@ -57,9 +57,8 @@
+ * pros and cons considering that the SHA3 operation is not that
+ * expensive.
*/
--#ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
+ #ifndef JENT_CPU_JITTERENTROPY_SECURE_MEMORY
- jent_random_data(ec);
-+#ifndef CONFIG_CRYPTO_CPU_JITTERENTROPY_SECURE_MEMORY
+ jent_read_random_block(ec, NULL, 0);
#endif
@@ -72,19 +71,16 @@
/*
* Requesting disabling and forcing of internal timer
-@@ -405,9 +415,8 @@ static struct rand_data
+@@ -405,7 +415,7 @@ static struct rand_data
return NULL;
if (!(flags & JENT_DISABLE_MEMORY_ACCESS)) {
- uint32_t memsize = jent_memsize(flags);
--
-- entropy_collector->mem = _gcry_calloc (1, memsize);
+ memsize = jent_memsize(flags);
-+ entropy_collector->mem = (unsigned char *)jent_zalloc(memsize);
- #ifdef JENT_RANDOM_MEMACCESS
- /*
-@@ -431,13 +440,19 @@ static struct rand_data
+ entropy_collector->mem = _gcry_calloc (1, memsize);
+
+@@ -431,13 +441,19 @@ static struct rand_data
entropy_collector->memaccessloops = JENT_MEMORY_ACCESSLOOPS;
}
@@ -105,7 +101,7 @@
entropy_collector->fips_enabled = 1;
/* Initialize the APT */
-@@ -469,7 +484,7 @@ static struct rand_data
+@@ -469,7 +485,7 @@ static struct rand_data
err:
if (entropy_collector->mem != NULL)
@@ -114,7 +110,7 @@
jent_zfree(entropy_collector, sizeof(struct rand_data));
return NULL;
}
-@@ -511,6 +526,7 @@ JENT_PRIVATE_STATIC
+@@ -511,6 +527,7 @@ JENT_PRIVATE_STATIC
void jent_entropy_collector_free(struct rand_data *entropy_collector)
{
if (entropy_collector != NULL) {
@@ -122,7 +118,7 @@
jent_notime_disable(entropy_collector);
if (entropy_collector->mem != NULL) {
jent_zfree(entropy_collector->mem,
-@@ -664,6 +680,7 @@ static inline int jent_entropy_init_comm
+@@ -664,6 +681,7 @@ static inline int jent_entropy_init_comm
int ret;
jent_notime_block_switch();
@@ -130,7 +126,7 @@
if (sha3_tester())
return EHASH;
-@@ -710,6 +727,8 @@ int jent_entropy_init_ex(unsigned int os
+@@ -710,6 +728,8 @@ int jent_entropy_init_ex(unsigned int os
if (ret)
return ret;
@@ -139,17 +135,10 @@
/* Test without internal timer unless caller does not want it */
if (!(flags & JENT_FORCE_INTERNAL_TIMER))
ret = jent_time_entropy_init(osr,
-@@ -725,10 +744,14 @@ int jent_entropy_init_ex(unsigned int os
- return jent_entropy_init_common_post(ret);
- }
-
--#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
- JENT_PRIVATE_STATIC
- int jent_entropy_switch_notime_impl(struct jent_notime_thread *new_thread)
- {
+@@ -732,3 +752,9 @@ int jent_entropy_switch_notime_impl(stru
return jent_notime_switch(new_thread);
}
--#endif
+ #endif
+
+JENT_PRIVATE_STATIC
+int jent_set_fips_failure_callback(jent_fips_failure_cb cb)
@@ -383,7 +372,7 @@
}
#define MAX_ACC_LOOP_BIT 7
-@@ -184,37 +202,37 @@ static inline uint32_t xoshiro128starsta
+@@ -184,13 +202,12 @@ static inline uint32_t xoshiro128starsta
static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
@@ -395,11 +384,10 @@
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
uint32_t addressMask;
- uint64_t acc_loop_cnt;
--
-- if (NULL == ec || NULL == ec->mem)
-- return;
--
-- addressMask = ec->memmask;
+
+ if (NULL == ec || NULL == ec->mem)
+ return;
+@@ -199,7 +216,7 @@ static void jent_memaccess(struct rand_d
/* Ensure that macros cannot overflow jent_loop_shuffle() */
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
@@ -407,18 +395,8 @@
+ uint64_t acc_loop_cnt =
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
-+ if (NULL == ec || NULL == ec->mem)
-+ return;
-+ addressMask = ec->memmask;
-+
/*
- * Mix the current data into prngState
- *
- * Any time you see a PRNG in a noise source, you should be concerned.
- *
- * The PRNG doesn't directly produce the raw noise, it just adjusts the
- * location being updated. The timing of the update is part of the raw
- * sample. The main thing this process gets you isn't better
+@@ -213,8 +230,10 @@ static void jent_memaccess(struct rand_d
* "per-update: timing, it gets you mostly independent "per-update"
* timing, so we can now benefit from the Central Limit Theorem!
*/
@@ -431,7 +409,7 @@
/*
* testing purposes -- allow test app to set the counter, not
-@@ -358,21 +376,21 @@ unsigned int jent_measure_jitter(struct
+@@ -358,21 +377,21 @@ unsigned int jent_measure_jitter(struct
/**
* Generator of one 256 bit random number
@@ -458,7 +436,7 @@
/* If a stuck measurement is received, repeat measurement */
if (jent_measure_jitter(ec, 0, NULL))
continue;
-@@ -385,3 +403,22 @@ void jent_random_data(struct rand_data *
+@@ -385,3 +404,22 @@ void jent_random_data(struct rand_data *
break;
}
}
@@ -561,18 +539,7 @@
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy.h
+++ libgcrypt-1.9.4/random/jitterentropy.h
-@@ -42,6 +42,10 @@
- #ifndef _JITTERENTROPY_H
- #define _JITTERENTROPY_H
-
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
- /***************************************************************************
- * Jitter RNG Configuration Section
- *
-@@ -49,7 +53,7 @@
+@@ -49,7 +49,7 @@
***************************************************************************/
/*
@@ -581,7 +548,7 @@
*
* In case the hardware is identified to not provide a high-resolution time
* stamp, this option enables a built-in high-resolution time stamp mechanism.
-@@ -166,7 +173,7 @@ struct rand_data
+@@ -166,7 +166,7 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
@@ -590,7 +557,7 @@
uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS (SHA3_256_SIZE_DIGEST_BITS)
-@@ -378,29 +389,34 @@ int jent_entropy_init(void);
+@@ -378,28 +379,34 @@ int jent_entropy_init(void);
JENT_PRIVATE_STATIC
int jent_entropy_init_ex(unsigned int osr, unsigned int flags);
@@ -627,19 +594,9 @@
};
-#ifdef JENT_CONF_ENABLE_INTERNAL_TIMER
--
+
JENT_PRIVATE_STATIC
int jent_notime_init(void **ctx);
-
-@@ -448,4 +464,8 @@ uint64_t jent_lfsr_var_stat(struct rand_
-
- /* -- END of statistical test function -- */
-
-+#ifdef __cplusplus
-+}
-+#endif
-+
- #endif /* _JITTERENTROPY_H */
Index: libgcrypt-1.9.4/random/jitterentropy-base-user.h
===================================================================
--- libgcrypt-1.9.4.orig/random/jitterentropy-base-user.h
