Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
libgcrypt.25806
libgcrypt-fips_dont_seed_drbg_in_selftests.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-fips_dont_seed_drbg_in_selftests.patch of Package libgcrypt.25806
Index: libgcrypt-1.6.1/random/drbg.c =================================================================== --- libgcrypt-1.6.1.orig/random/drbg.c 2017-07-13 13:36:36.057989859 +0200 +++ libgcrypt-1.6.1/random/drbg.c 2017-07-13 13:38:48.564149105 +0200 @@ -2198,24 +2198,22 @@ gcry_drbg_healthcheck_sanity (struct gcr if (!drbg) goto outbuf; + drbg->core = &gcry_drbg_cores[coreref]; + /* if the following tests fail, it is likely that there is a buffer * overflow and we get a SIGSEV */ - ret = gcry_drbg_instantiate (drbg, NULL, coreref, 1); - if (ret) - goto outbuf; max_addtllen = gcry_drbg_max_addtl (); max_request_bytes = gcry_drbg_max_request_bytes (); /* overflow addtllen with additonal info string */ gcry_drbg_string_fill (&addtl, test->addtla, (max_addtllen + 1)); len = gcry_drbg_generate (drbg, buf, test->expectedlen, &addtl); if (len) - goto outdrbg; + goto outbuf; /* overflow max_bits */ len = gcry_drbg_generate (drbg, buf, (max_request_bytes + 1), NULL); if (len) - goto outdrbg; - gcry_drbg_uninstantiate (drbg); + goto outbuf; /* test failing entropy source as defined in 11.3.2 */ test_data.testentropy = NULL; @@ -2229,7 +2227,7 @@ gcry_drbg_healthcheck_sanity (struct gcr test_data.testentropy = &testentropy; gcry_drbg_string_fill (&testentropy, test->entropy, test->entropylen); /* overflow max addtllen with personalization string */ - tmpret = gcry_drbg_instantiate (drbg, &addtl, coreref, 0); + tmpret = gcry_drbg_seed(drbg, &addtl, 0); if (!tmpret) goto outdrbg; Index: libgcrypt-1.6.1/cipher/rsa.c =================================================================== --- libgcrypt-1.6.1.orig/cipher/rsa.c 2017-07-13 13:36:36.001988953 +0200 +++ libgcrypt-1.6.1/cipher/rsa.c 2017-07-13 13:36:36.097990505 +0200 @@ -1856,6 +1856,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc const char plaintext[] = "Jim quickly realized that the beautiful gowns are expensive."; gcry_sexp_t plain = NULL; gcry_sexp_t encr = NULL; + gcry_sexp_t encr_nobl = NULL; gcry_mpi_t ciphertext = NULL; gcry_sexp_t decr = NULL; char *decr_plaintext = NULL; @@ -1914,8 +1915,18 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc goto leave; } + /* We need to avoid seeding the drbg in selftests. For that we must + tell the library to not use blinding for RSA decryption. + For that we need to recreate the sexp with the "no-blinding" flag */ + err = sexp_build (&encr_nobl, NULL, "(enc-val (flags no-blinding) (rsa (a %M)))", ciphertext); + if (err) + { + errtxt = "adding no-blinding flags failed"; + goto leave; + } + /* Decrypt. */ - err = _gcry_pk_decrypt (&decr, encr, skey); + err = _gcry_pk_decrypt (&decr, encr_nobl, skey); if (err) { errtxt = "decrypt failed"; @@ -1953,6 +1964,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc _gcry_mpi_release (ciphertext); _gcry_mpi_release (ref_mpi); sexp_release (encr); + sexp_release (encr_nobl); sexp_release (plain); return errtxt; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor