[libgcrypt] add back the nistp521r1 EC curve

Tomáš Mráz tmraz at fedoraproject.org
Tue Jan 21 15:04:52 UTC 2014 

commit 1725d42356fd2fc5aa09437a0dbcf7dbcafc129f
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Tue Jan 21 16:05:07 2014 +0100

    add back the nistp521r1 EC curve
    
    - fix a bug in the Whirlpool hash implementation
    - speed up the PBKDF2 computation

 ecc.c                               |   19 +++++++++++++++++++
 libgcrypt-1.5.3-pbkdf-speedup.patch |   32 ++++++++++++++++++++++++++++++++
 libgcrypt-1.5.3-whirlpool-bug.patch |   28 ++++++++++++++++++++++++++++
 libgcrypt.spec                      |   15 ++++++++++++++-
 4 files changed, 93 insertions(+), 1 deletions(-)
---
diff --git a/ecc.c b/ecc.c
index bf63f4b..5e4717e 100644
--- a/ecc.c
+++ b/ecc.c
@@ -100,6 +100,9 @@ static const struct
     { "NIST P-384", "secp384r1" },
     { "NIST P-384", "1.3.132.0.34" },
 
+    { "NIST P-521", "secp521r1" },
+    { "NIST P-521", "1.3.132.0.35" },
+
     { NULL, NULL}
   };
 
@@ -142,6 +145,22 @@ static const ecc_domain_parms_t domain_parms[] =
       "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
       "0a60b1ce1d7e819d7a431d7c90ea0e5f"
     },
+    {
+      "NIST P-521", 521, 1,
+      "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+      "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+      "0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef10"
+      "9e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+      "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+      "ffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+
+      "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
+      "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+      "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
+      "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
+    },
 
     { NULL, 0, 0, NULL, NULL, NULL, NULL }
   };
diff --git a/libgcrypt-1.5.3-pbkdf-speedup.patch b/libgcrypt-1.5.3-pbkdf-speedup.patch
new file mode 100644
index 0000000..7017367
--- /dev/null
+++ b/libgcrypt-1.5.3-pbkdf-speedup.patch
@@ -0,0 +1,32 @@
+diff -up libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup libgcrypt-1.5.3/cipher/kdf.c
+--- libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup	2014-01-21 15:49:22.676638703 +0100
++++ libgcrypt-1.5.3/cipher/kdf.c	2014-01-21 15:52:40.115047218 +0100
+@@ -172,19 +172,21 @@ pkdf2 (const void *passphrase, size_t pa
+       return ec;
+     }
+ 
++  ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
++  if (ec)
++    {
++      gcry_md_close (md);
++      gcry_free (sbuf);
++      return ec;
++    }
++
+   /* Step 3 and 4. */
+   memcpy (sbuf, salt, saltlen);
+   for (lidx = 1; lidx <= l; lidx++)
+     {
+       for (iter = 0; iter < iterations; iter++)
+         {
+-          ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
+-          if (ec)
+-            {
+-              gcry_md_close (md);
+-              gcry_free (sbuf);
+-              return ec;
+-            }
++          gcry_md_reset (md);
+           if (!iter) /* Compute U_1:  */
+             {
+               sbuf[saltlen]     = (lidx >> 24);
diff --git a/libgcrypt-1.5.3-whirlpool-bug.patch b/libgcrypt-1.5.3-whirlpool-bug.patch
new file mode 100644
index 0000000..f64c94f
--- /dev/null
+++ b/libgcrypt-1.5.3-whirlpool-bug.patch
@@ -0,0 +1,28 @@
+diff -up libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug libgcrypt-1.5.3/cipher/whirlpool.c
+--- libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug	2013-05-22 18:02:54.000000000 +0200
++++ libgcrypt-1.5.3/cipher/whirlpool.c	2014-01-21 15:45:51.308919415 +0100
+@@ -56,6 +56,7 @@ typedef struct {
+   unsigned char buffer[BLOCK_SIZE];
+   size_t count;
+   unsigned char length[32];
++  int bug;
+ } whirlpool_context_t;
+ 
+ 
+@@ -1185,6 +1186,7 @@ whirlpool_init (void *ctx)
+   whirlpool_context_t *context = ctx;
+ 
+   memset (context, 0, sizeof (*context));
++  context->bug = secure_getenv("GCRYPT_WHIRLPOOL_BUG") != NULL;
+ }
+ 
+ 
+@@ -1316,7 +1318,7 @@ whirlpool_add (whirlpool_context_t *cont
+ 	  buffer_n--;
+ 	}
+       whirlpool_add (context, NULL, 0);
+-      if (!buffer_n)
++      if (context->bug && !buffer_n)
+ 	/* Done.  */
+         return;
+     }
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 833e92a..e6aec0f 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.5.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@@ -33,6 +33,12 @@ Patch12: libgcrypt-1.5.2-aliasing.patch
 Patch13: libgcrypt-1.5.2-mpicoder-gccopt.patch
 # fix tests to work with approved ECC
 Patch14: libgcrypt-1.5.3-ecc-test-fix.patch
+# pbkdf2 speedup - upstream
+Patch15: libgcrypt-1.5.3-pbkdf-speedup.patch
+# fix bug in whirlpool implementation (for backwards compatibility
+# with files generated with buggy version set environment
+# varible GCRYPT_WHIRLPOOL_BUG
+Patch16: libgcrypt-1.5.3-whirlpool-bug.patch
 
 %define gcrylibdir %{_libdir}
 
@@ -77,6 +83,8 @@ applications using libgcrypt.
 %patch12 -p1 -b .aliasing
 %patch13 -p1 -b .gccopt
 %patch14 -p1 -b .eccfix
+%patch15 -p1 -b .pbkdf-speedup
+%patch16 -p1 -b .whirlpool-bug
 cp %{SOURCE4} cipher/
 rm -rf tests/curves.c
 cp %{SOURCE5} tests/curves.c
@@ -181,6 +189,11 @@ exit 0
 %doc COPYING
 
 %changelog
+* Tue Jan 21 2014 Tomáš Mráz <tmraz at redhat.com> 1.5.3-3
+- add back the nistp521r1 EC curve
+- fix a bug in the Whirlpool hash implementation
+- speed up the PBKDF2 computation
+
 * Sun Oct 20 2013 Tom Callaway <spot at fedoraproject.org> - 1.5.3-2
 - add cleared ECC support

More information about the scm-commits mailing list