Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
libgcrypt.5103
libgcrypt-fips_pss.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-fips_pss.patch of Package libgcrypt.5103
Index: libgcrypt-1.6.1/tests/fipsdrv.c =================================================================== --- libgcrypt-1.6.1.orig/tests/fipsdrv.c 2015-05-07 14:55:35.795474991 +0200 +++ libgcrypt-1.6.1/tests/fipsdrv.c 2015-05-21 20:20:33.307842361 +0200 @@ -1595,7 +1595,7 @@ run_rsa_gen (int keysize, int pubexp) encoded KEYFILE and the hash algorithm HASHALGO. */ static void run_rsa_sign (const void *data, size_t datalen, - int hashalgo, int pkcs1, const char *keyfile) + int hashalgo, int pkcs1, int pss, const char *keyfile) { gpg_error_t err; @@ -1619,6 +1619,20 @@ run_rsa_sign (const void *data, size_t d gcry_md_algo_name (hashalgo), (int)hashsize, hash); } + else if (pss) + { + unsigned char hash[64]; + unsigned int hashsize; + + hashsize = gcry_md_get_algo_dlen (hashalgo); + if (!hashsize || hashsize > sizeof hash) + die ("digest too long for buffer or unknown hash algorithm\n"); + gcry_md_hash_buffer (hashalgo, hash, data, datalen); + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pss)(salt-length #00#)(hash %s %b))", + gcry_md_algo_name (hashalgo), + (int)hashsize, hash); + } else { gcry_mpi_t tmp; @@ -1686,7 +1700,7 @@ run_rsa_sign (const void *data, size_t d binary signature in SIGFILE. */ static void run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1, - const char *keyfile, const char *sigfile) + int pss, const char *keyfile, const char *sigfile) { gpg_error_t err; @@ -1706,6 +1720,20 @@ run_rsa_verify (const void *data, size_t gcry_md_algo_name (hashalgo), (int)hashsize, hash); } + else if (pss) + { + unsigned char hash[64]; + unsigned int hashsize; + + hashsize = gcry_md_get_algo_dlen (hashalgo); + if (!hashsize || hashsize > sizeof hash) + die ("digest too long for buffer or unknown hash algorithm\n"); + gcry_md_hash_buffer (hashalgo, hash, data, datalen); + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pss)(salt-length #00#)(hash %s %b))", + gcry_md_algo_name (hashalgo), + (int)hashsize, hash); + } else { gcry_mpi_t tmp; @@ -2466,6 +2494,7 @@ main (int argc, char **argv) int no_fips = 0; int progress = 0; int use_pkcs1 = 0; + int use_pss = 0; const char *mode_string; const char *curve_string = NULL; const char *key_string = NULL; @@ -2605,6 +2634,11 @@ main (int argc, char **argv) use_pkcs1 = 1; argc--; argv++; } + else if (!strcmp (*argv, "--pss")) + { + use_pss = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--mct-server")) { mct_server = 1; @@ -2891,7 +2925,7 @@ main (int argc, char **argv) if (!data) die ("no data available (do not use --chunk)\n"); - run_rsa_sign (data, datalen, algo, use_pkcs1, key_string); + run_rsa_sign (data, datalen, algo, use_pkcs1, use_pss, key_string); } else if (!strcmp (mode_string, "rsa-verify")) @@ -2914,7 +2948,7 @@ main (int argc, char **argv) if (access (signature_string, R_OK)) die ("option --signature needs to specify an existing file\n"); - run_rsa_verify (data, datalen, algo, use_pkcs1, key_string, + run_rsa_verify (data, datalen, algo, use_pkcs1, use_pss, key_string, signature_string); } Index: libgcrypt-1.6.1/cipher/pubkey-util.c =================================================================== --- libgcrypt-1.6.1.orig/cipher/pubkey-util.c 2015-05-07 14:55:35.721473959 +0200 +++ libgcrypt-1.6.1/cipher/pubkey-util.c 2015-05-21 20:02:25.204051517 +0200 @@ -1026,6 +1026,21 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i rc = GPG_ERR_DIGEST_ALGO; else { + gcry_sexp_t list; + /* Get SALT-LENGTH. */ + list = sexp_find_token (ldata, "salt-length", 0); + if (list) + { + s = sexp_nth_data (list, 1, &n); + if (!s) + { + rc = GPG_ERR_NO_OBJ; + goto leave; + } + ctx->saltlen = (unsigned int)strtoul (s, NULL, 10); + sexp_release (list); + } + *ret_mpi = sexp_nth_mpi (lhash, 2, GCRYMPI_FMT_USG); if (!*ret_mpi) rc = GPG_ERR_INV_OBJ;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor