diff options
author | Dimitri John Ledkov <xnox@ubuntu.com> | 2016-08-22 11:00:22 +0100 |
---|---|---|
committer | Dimitri John Ledkov <xnox@ubuntu.com> | 2016-08-22 11:00:22 +0100 |
commit | c4ab11a06b1d2780041297e921906fe26f7f7812 (patch) | |
tree | e8462799da2db1178c78c4ca8a712bfc65d3f013 | |
parent | 25eeb1b675382e8d95f4504a343f09ee481b7970 (diff) |
Cherry-pick upstream patch to stop reseeding global DRBG instance on every call. LP: #1608954
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/patches/libica_v2.6.1_performance_fix.patch | 40 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | src/s390_prng.c | 9 |
4 files changed, 52 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index 346a5d7..666cc88 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libica (2.6.1-3) unstable; urgency=medium + + * Cherry-pick upstream patch to stop reseeding global DRBG instance on + every call. LP: #1608954 + + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 22 Aug 2016 10:59:18 +0100 + libica (2.6.1-2) unstable; urgency=medium * Cherry pick upstream patch to fix symbol visibility and thus diff --git a/debian/patches/libica_v2.6.1_performance_fix.patch b/debian/patches/libica_v2.6.1_performance_fix.patch new file mode 100644 index 0000000..cf4df2b --- /dev/null +++ b/debian/patches/libica_v2.6.1_performance_fix.patch @@ -0,0 +1,40 @@ +Description: ica_random_number_generate performance improvement + Changed the ica_random_number_generate function that asks the + global DRBG instance for random bytes to not reseed the + instance on every call. +Origin: https://sourceforge.net/p/opencryptoki/libica/ci/3bcd3efb0aff364515ab9b3c39dd68fbbb1534d0/ +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libica/+bug/1608954 + +--- a/src/s390_prng.c ++++ b/src/s390_prng.c +@@ -76,10 +76,9 @@ int s390_prng_init(void) + // available. However, the old prng is still initialized but + // only used as a fallback. + if(sha512_switch || sha512_drng_switch){ +- const char *pers = "ica_drbg_global"; + ica_drbg_instantiate(&ica_drbg_global, 256, true, +- ICA_DRBG_SHA512, (unsigned char *)pers, +- strlen(pers)); ++ ICA_DRBG_SHA512, ++ (unsigned char *)"GLOBAL INSTANCE", 15); + } + + // The old prng code starts here: +@@ -181,7 +180,7 @@ int s390_prng(unsigned char *output_data + unsigned char *ptr = output_data; + size_t i = 0; + for(; i < q; i++){ +- status = ica_drbg_generate(ica_drbg_global, 256, true, ++ status = ica_drbg_generate(ica_drbg_global, 256, false, + NULL, 0, ptr, + ICA_DRBG_SHA512 + ->max_no_of_bytes_per_req); +@@ -191,7 +190,7 @@ int s390_prng(unsigned char *output_data + ptr += ICA_DRBG_SHA512->max_no_of_bytes_per_req; + } + if(!status){ +- status = ica_drbg_generate(ica_drbg_global, 256, true, ++ status = ica_drbg_generate(ica_drbg_global, 256, false, + NULL, 0, ptr, r); + if(!status) + return 0; diff --git a/debian/patches/series b/debian/patches/series index 08f0fde..aa4897c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 0004-Make-test-suite-bail-out-upon-errors.patch 0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch 0001-Fix-initialization-of-s390-hardware-switches.patch +libica_v2.6.1_performance_fix.patch diff --git a/src/s390_prng.c b/src/s390_prng.c index 6a7b1f0..a6f8cfb 100644 --- a/src/s390_prng.c +++ b/src/s390_prng.c @@ -76,10 +76,9 @@ int s390_prng_init(void) // available. However, the old prng is still initialized but // only used as a fallback. if(sha512_switch || sha512_drng_switch){ - const char *pers = "ica_drbg_global"; ica_drbg_instantiate(&ica_drbg_global, 256, true, - ICA_DRBG_SHA512, (unsigned char *)pers, - strlen(pers)); + ICA_DRBG_SHA512, + (unsigned char *)"GLOBAL INSTANCE", 15); } // The old prng code starts here: @@ -181,7 +180,7 @@ int s390_prng(unsigned char *output_data, unsigned int output_length) unsigned char *ptr = output_data; size_t i = 0; for(; i < q; i++){ - status = ica_drbg_generate(ica_drbg_global, 256, true, + status = ica_drbg_generate(ica_drbg_global, 256, false, NULL, 0, ptr, ICA_DRBG_SHA512 ->max_no_of_bytes_per_req); @@ -191,7 +190,7 @@ int s390_prng(unsigned char *output_data, unsigned int output_length) ptr += ICA_DRBG_SHA512->max_no_of_bytes_per_req; } if(!status){ - status = ica_drbg_generate(ica_drbg_global, 256, true, + status = ica_drbg_generate(ica_drbg_global, 256, false, NULL, 0, ptr, r); if(!status) return 0; |