[libgcrypt] add back the nistp521r1 EC curve
Tomáš Mráz
tmraz at fedoraproject.org
Tue Jan 21 15:04:52 UTC 2014
commit 1725d42356fd2fc5aa09437a0dbcf7dbcafc129f
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue Jan 21 16:05:07 2014 +0100
add back the nistp521r1 EC curve
- fix a bug in the Whirlpool hash implementation
- speed up the PBKDF2 computation
ecc.c | 19 +++++++++++++++++++
libgcrypt-1.5.3-pbkdf-speedup.patch | 32 ++++++++++++++++++++++++++++++++
libgcrypt-1.5.3-whirlpool-bug.patch | 28 ++++++++++++++++++++++++++++
libgcrypt.spec | 15 ++++++++++++++-
4 files changed, 93 insertions(+), 1 deletions(-)
---
diff --git a/ecc.c b/ecc.c
index bf63f4b..5e4717e 100644
--- a/ecc.c
+++ b/ecc.c
@@ -100,6 +100,9 @@ static const struct
{ "NIST P-384", "secp384r1" },
{ "NIST P-384", "1.3.132.0.34" },
+ { "NIST P-521", "secp521r1" },
+ { "NIST P-521", "1.3.132.0.35" },
+
{ NULL, NULL}
};
@@ -142,6 +145,22 @@ static const ecc_domain_parms_t domain_parms[] =
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
"0a60b1ce1d7e819d7a431d7c90ea0e5f"
},
+ {
+ "NIST P-521", 521, 1,
+ "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+ "0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef10"
+ "9e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+ "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+
+ "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
+ "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+ "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
+ "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
+ },
{ NULL, 0, 0, NULL, NULL, NULL, NULL }
};
diff --git a/libgcrypt-1.5.3-pbkdf-speedup.patch b/libgcrypt-1.5.3-pbkdf-speedup.patch
new file mode 100644
index 0000000..7017367
--- /dev/null
+++ b/libgcrypt-1.5.3-pbkdf-speedup.patch
@@ -0,0 +1,32 @@
+diff -up libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup libgcrypt-1.5.3/cipher/kdf.c
+--- libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup 2014-01-21 15:49:22.676638703 +0100
++++ libgcrypt-1.5.3/cipher/kdf.c 2014-01-21 15:52:40.115047218 +0100
+@@ -172,19 +172,21 @@ pkdf2 (const void *passphrase, size_t pa
+ return ec;
+ }
+
++ ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
++ if (ec)
++ {
++ gcry_md_close (md);
++ gcry_free (sbuf);
++ return ec;
++ }
++
+ /* Step 3 and 4. */
+ memcpy (sbuf, salt, saltlen);
+ for (lidx = 1; lidx <= l; lidx++)
+ {
+ for (iter = 0; iter < iterations; iter++)
+ {
+- ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
+- if (ec)
+- {
+- gcry_md_close (md);
+- gcry_free (sbuf);
+- return ec;
+- }
++ gcry_md_reset (md);
+ if (!iter) /* Compute U_1: */
+ {
+ sbuf[saltlen] = (lidx >> 24);
diff --git a/libgcrypt-1.5.3-whirlpool-bug.patch b/libgcrypt-1.5.3-whirlpool-bug.patch
new file mode 100644
index 0000000..f64c94f
--- /dev/null
+++ b/libgcrypt-1.5.3-whirlpool-bug.patch
@@ -0,0 +1,28 @@
+diff -up libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug libgcrypt-1.5.3/cipher/whirlpool.c
+--- libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug 2013-05-22 18:02:54.000000000 +0200
++++ libgcrypt-1.5.3/cipher/whirlpool.c 2014-01-21 15:45:51.308919415 +0100
+@@ -56,6 +56,7 @@ typedef struct {
+ unsigned char buffer[BLOCK_SIZE];
+ size_t count;
+ unsigned char length[32];
++ int bug;
+ } whirlpool_context_t;
+
+
+@@ -1185,6 +1186,7 @@ whirlpool_init (void *ctx)
+ whirlpool_context_t *context = ctx;
+
+ memset (context, 0, sizeof (*context));
++ context->bug = secure_getenv("GCRYPT_WHIRLPOOL_BUG") != NULL;
+ }
+
+
+@@ -1316,7 +1318,7 @@ whirlpool_add (whirlpool_context_t *cont
+ buffer_n--;
+ }
+ whirlpool_add (context, NULL, 0);
+- if (!buffer_n)
++ if (context->bug && !buffer_n)
+ /* Done. */
+ return;
+ }
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 833e92a..e6aec0f 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -1,6 +1,6 @@
Name: libgcrypt
Version: 1.5.3
-Release: 2%{?dist}
+Release: 3%{?dist}
URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC
@@ -33,6 +33,12 @@ Patch12: libgcrypt-1.5.2-aliasing.patch
Patch13: libgcrypt-1.5.2-mpicoder-gccopt.patch
# fix tests to work with approved ECC
Patch14: libgcrypt-1.5.3-ecc-test-fix.patch
+# pbkdf2 speedup - upstream
+Patch15: libgcrypt-1.5.3-pbkdf-speedup.patch
+# fix bug in whirlpool implementation (for backwards compatibility
+# with files generated with buggy version set environment
+# varible GCRYPT_WHIRLPOOL_BUG
+Patch16: libgcrypt-1.5.3-whirlpool-bug.patch
%define gcrylibdir %{_libdir}
@@ -77,6 +83,8 @@ applications using libgcrypt.
%patch12 -p1 -b .aliasing
%patch13 -p1 -b .gccopt
%patch14 -p1 -b .eccfix
+%patch15 -p1 -b .pbkdf-speedup
+%patch16 -p1 -b .whirlpool-bug
cp %{SOURCE4} cipher/
rm -rf tests/curves.c
cp %{SOURCE5} tests/curves.c
@@ -181,6 +189,11 @@ exit 0
%doc COPYING
%changelog
+* Tue Jan 21 2014 Tomáš Mráz <tmraz at redhat.com> 1.5.3-3
+- add back the nistp521r1 EC curve
+- fix a bug in the Whirlpool hash implementation
+- speed up the PBKDF2 computation
+
* Sun Oct 20 2013 Tom Callaway <spot at fedoraproject.org> - 1.5.3-2
- add cleared ECC support
More information about the scm-commits
mailing list