From jussi.kivilinna at iki.fi Thu Jan 2 20:03:55 2014 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 02 Jan 2014 21:03:55 +0200 Subject: cipher/sha1-ssse3-amd64.S In-Reply-To: <52C588BE.3030801@free.fr> References: <52C57728.9050708@free.fr> <52C5795C.8020908@free.fr> <52C588BE.3030801@free.fr> Message-ID: <52C5B81B.3000105@iki.fi> On 02.01.2014 17:41, Richard PALO wrote: > Le 02/01/14 15:36, Richard PALO a ?crit : >> Hi, sorry I forgot to mention that all the other cipher/*amd64.S modules >> seem to build without error. >> cheers >> >> Le 02/01/14 15:26, Richard PALO a ?crit : >>> Hyv?? Paiv??, >>> >>> I understand you more or less maintain the amd64 cipher code in >>> libgcrypt. >>> >>> I'm experiencing the following trying to do a pkgsrc build with >>> libgcrypt-1.6.O on SunOS (illumos): >>> >>>> richard at devzoneX:/var/tmp/pkgsrc/security/libgcrypt/work/libgcrypt-1.6.0/cipher$ >>>> >>>> /opt/local/gcc48/bin/gcc -DHAVE_CONFIG_H -I. -I.. -I../src >>>> -I/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include >>>> -I/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext >>>> -D_REENTRANT -O2 -MT sha1-ssse3-amd64.lo -MD -MP -MF >>>> .deps/sha1-ssse3-amd64.Tpo -c sha1-ssse3-amd64.S -fPIC -DPIC -o >>>> .libs/sha1-ssse3-amd64.o -v >>>> Using built-in specs. >>>> COLLECT_GCC=/opt/local/gcc48/bin/gcc >>>> Target: x86_64-sun-solaris2.11 >>>> Configured with: ../gcc-4.8.2/configure --enable-languages='c obj-c++ >>>> objc go fortran c++' --enable-shared --enable-long-long >>>> --with-local-prefix=/opt/local/gcc48 --enable-libssp >>>> --enable-threads=posix --with-boot-ldflags='-static-libstdc++ >>>> -static-libgcc -Wl,-R/opt/local/lib ' --disable-nls >>>> --with-cloog=/opt/local --enable-cloog-backend=isl >>>> --enable-__cxa_atexit >>>> --with-gxx-include-dir=/opt/local/gcc48/include/c++/ --with-gnu-as >>>> --with-as=/usr/gnu/bin/as --without-gnu-ld --with-ld=/usr/bin/ld >>>> --prefix=/opt/local/gcc48 --build=x86_64-sun-solaris2.11 >>>> --host=x86_64-sun-solaris2.11 --infodir=/opt/local/gcc48/info >>>> --mandir=/opt/local/gcc48/man >>>> Thread model: posix >>>> gcc version 4.8.2 (GCC) >>>> COLLECT_GCC_OPTIONS='-D' 'HAVE_CONFIG_H' '-I' '.' '-I' '..' '-I' >>>> '../src' '-I' >>>> '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include' '-I' >>>> '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext' >>>> '-D' '_REENTRANT' '-O2' '-MT' 'sha1-ssse3-amd64.lo' '-MD' '-MP' '-MF' >>>> '.deps/sha1-ssse3-amd64.Tpo' '-c' '-fPIC' '-D' 'PIC' '-o' >>>> '.libs/sha1-ssse3-amd64.o' '-v' '-mtune=generic' '-march=x86-64' >>>> /opt/local/gcc48/libexec/gcc/x86_64-sun-solaris2.11/4.8.2/cc1 -E >>>> -lang-asm -quiet -v -I . -I .. -I ../src -I >>>> /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include -I >>>> /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext -MD >>>> .libs/sha1-ssse3-amd64.d -MF .deps/sha1-ssse3-amd64.Tpo -MP -MT >>>> sha1-ssse3-amd64.lo -P -D HAVE_CONFIG_H -D _REENTRANT -D PIC >>>> sha1-ssse3-amd64.S -mtune=generic -march=x86-64 -fPIC -O2 >>>> -fno-directives-only -o /var/tmp//ccAxWPXX.s >>>> ignoring nonexistent directory >>>> "/opt/local/gcc48/lib/gcc/x86_64-sun-solaris2.11/4.8.2/../../../../x86_64-sun-solaris2.11/include" >>>> >>>> >>>> #include "..." search starts here: >>>> #include <...> search starts here: >>>> . >>>> .. >>>> ../src >>>> /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include >>>> /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext >>>> /opt/local/gcc48/lib/gcc/x86_64-sun-solaris2.11/4.8.2/include >>>> /opt/local/gcc48/include >>>> /opt/local/gcc48/lib/gcc/x86_64-sun-solaris2.11/4.8.2/include-fixed >>>> /usr/include >>>> End of search list. >>>> COLLECT_GCC_OPTIONS='-D' 'HAVE_CONFIG_H' '-I' '.' '-I' '..' '-I' >>>> '../src' '-I' >>>> '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include' '-I' >>>> '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext' >>>> '-D' '_REENTRANT' '-O2' '-MT' 'sha1-ssse3-amd64.lo' '-MD' '-MP' '-MF' >>>> '.deps/sha1-ssse3-amd64.Tpo' '-c' '-fPIC' '-D' 'PIC' '-o' >>>> '.libs/sha1-ssse3-amd64.o' '-v' '-mtune=generic' '-march=x86-64' >>>> /usr/gnu/bin/as -v -I . -I .. -I ../src -I >>>> /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include -I >>>> /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext -V >>>> -Qy -s --64 -o .libs/sha1-ssse3-amd64.o /var/tmp//ccAxWPXX.s >>>> GNU assembler version 2.23.1 (i386-pc-solaris2.11) using BFD version >>>> (GNU Binutils) 2.23.1 >>>> /var/tmp//ccAxWPXX.s: Assembler messages: >>>> /var/tmp//ccAxWPXX.s:34: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:38: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:42: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:46: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:54: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:58: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:62: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:66: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:70: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:74: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:78: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:82: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:86: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:90: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:94: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:98: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:102: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:106: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:110: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:114: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:119: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:123: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:127: Error: unbalanced parenthesis in operand 1. >>>> /var/tmp//ccAxWPXX.s:132: Error: unbalanced parenthesis in operand 1. >>> >>> >>> apparently the paddd code, such as >>> `paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0;` >>> isn't digested well, appended is the generated assembler code. >>> >>> Do you have any suggestions other than configure `--disable-asm`? >>> >>> thanks, >>> >>> richard >> > > > Hi again, after finding the following: > https://sourceware.org/bugzilla/show_bug.cgi?id=4572 > > I tried using '-Wa,--divide' and that seemed to workaround the problem... > > perhaps the code, or at least the Makefile could be adapted accordingly? > I think proper check for this should be added to configure.ac and update CFLAGS if '-Wa,--divide' is required. (And if '-Wa,--divide' does not work, assembly code could be disabled.) -Jussi > cheers > From jussi.kivilinna at iki.fi Sun Jan 5 17:43:05 2014 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sun, 05 Jan 2014 18:43:05 +0200 Subject: [PATCH] Fix constant division for AMD64 assembly on Solaris/x86 Message-ID: <20140105164305.5915.22002.stgit@localhost6.localdomain6> * configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for constant division in assembly and test for "-Wa,--divide" workaround. (gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division. -- Appearantly on Solaris/x86 '/' character is treated as begining of line comment. This causes problems when compiling SHA-1 SSSE3 implementation: On 02.01.2014 16:26, Richard PALO wrote: >> COLLECT_GCC_OPTIONS='-D' 'HAVE_CONFIG_H' '-I' '.' '-I' '..' '-I' '../src' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext' '-D' '_REENTRANT' '-O2' '-MT' 'sha1-ssse3-amd64.lo' '-MD' '-MP' '-MF' '.deps/sha1-ssse3-amd64.Tpo' '-c' '-fPIC' '-D' 'PIC' '-o' '.libs/sha1-ssse3-amd64.o' '-v' '-mtune=generic' '-march=x86-64' >> /usr/gnu/bin/as -v -I . -I .. -I ../src -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext -V -Qy -s --64 -o .libs/sha1-ssse3-amd64.o /var/tmp//ccAxWPXX.s >> GNU assembler version 2.23.1 (i386-pc-solaris2.11) using BFD version (GNU Binutils) 2.23.1 >> /var/tmp//ccAxWPXX.s: Assembler messages: >> /var/tmp//ccAxWPXX.s:34: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:38: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:42: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:46: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:54: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:58: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:62: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:66: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:70: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:74: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:78: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:82: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:86: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:90: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:94: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:98: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:102: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:106: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:110: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:114: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:119: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:123: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:127: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:132: Error: unbalanced parenthesis in operand 1. > > > apparently the paddd code, such as > `paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0;` > isn't digested well, appended is the generated assembler code. On 02.01.2014 17:41, Richard PALO wrote: > Hi again, after finding the following: > https://sourceware.org/bugzilla/show_bug.cgi?id=4572 > > I tried using '-Wa,--divide' and that seemed to workaround the problem... > > perhaps the code, or at least the Makefile could be adapted accordingly? Patch adds detection of this feature and attempts to workaround issue with by adding "-Wa,--divide" to CFLAGS. If workaround does not work (old GAS on Solaris/x86), we'll disable AMD64 assembly. Reported-by: Richard PALO Signed-off-by: Jussi Kivilinna --- configure.ac | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e98fa4e..cdd82f0 100644 --- a/configure.ac +++ b/configure.ac @@ -1077,11 +1077,42 @@ fi # +# Check whether GCC assembler needs "-Wa,--divide" to correctly handle +# constant division +# +if test $amd64_as_feature_detection = yes; then + AC_CACHE_CHECK([whether GCC assembler handles division correctly], + [gcry_cv_gcc_as_const_division_ok], + [gcry_cv_gcc_as_const_division_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__("xorl \$(123456789/12345678), %ebp;\n\t");]])], + [gcry_cv_gcc_as_const_division_ok=yes])]) + if test "$gcry_cv_gcc_as_const_division_ok" = "no" ; then + # + # Add '-Wa,--divide' to CFLAGS and try check again. + # + _gcc_cflags_save="$CFLAGS" + CFLAGS="$CFLAGS -Wa,--divide" + AC_CACHE_CHECK([whether GCC assembler handles division correctly with "-Wa,--divide"], + [gcry_cv_gcc_as_const_division_with_wadivide_ok], + [gcry_cv_gcc_as_const_division_with_wadivide_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__("xorl \$(123456789/12345678), %ebp;\n\t");]])], + [gcry_cv_gcc_as_const_division_with_wadivide_ok=yes])]) + CFLAGS="$_gcc_cflags_save" + if test "$gcry_cv_gcc_as_const_division_ok" = "yes" ; then + CFLAGS="$CFLAGS -Wa,--divide" + fi + fi +fi + + +# # Check whether GCC assembler supports features needed for our amd64 # implementations # if test $amd64_as_feature_detection = yes; then - AC_CACHE_CHECK([whether GCC assembler is compatible for amd64 assembly implementations], + AC_CACHE_CHECK([whether GCC assembler is compatible for amd64 assembly implementations], [gcry_cv_gcc_amd64_platform_as_ok], [gcry_cv_gcc_amd64_platform_as_ok=no AC_COMPILE_IFELSE([AC_LANG_SOURCE( @@ -1094,6 +1125,11 @@ if test $amd64_as_feature_detection = yes; then "asmfunc:\n\t" ".size asmfunc,.-asmfunc;\n\t" ".type asmfunc, at function;\n\t" + /* Test if assembler allows use of '/' for constant division + * (Solaris/x86 issue). If previous constant division check + * and "-Wa,--divide" workaround failed, this causes assembly + * to be disable on this machine. */ + "xorl \$(123456789/12345678), %ebp;\n\t" );]])], [gcry_cv_gcc_amd64_platform_as_ok=yes])]) if test "$gcry_cv_gcc_amd64_platform_as_ok" = "yes" ; then From jussi.kivilinna at iki.fi Tue Jan 7 17:25:23 2014 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Tue, 07 Jan 2014 18:25:23 +0200 Subject: Fwd: Re: [PATCH] Fix constant division for AMD64 assembly on Solaris/x86 In-Reply-To: <52CC1D80.7020402@free.fr> References: <52CC1D80.7020402@free.fr> Message-ID: <52CC2A73.9000602@iki.fi> -------- Original Message -------- Subject: Re: [PATCH] Fix constant division for AMD64 assembly on Solaris/x86 Date: Tue, 07 Jan 2014 16:30:08 +0100 From: Richard PALO To: Jussi Kivilinna Le 05/01/14 17:43, Jussi Kivilinna a ?crit : Hi, I needed to adjust your patch a bit to work, namely CFLAGS => CPPFLAGS and a bit of logic after the -Wa,--divide test as follows: > + if test "$gcry_cv_gcc_as_const_division_with_wadivide_ok" = "no" ; then > + CPPFLAGS="$_gcc_cppflags_save" > + fi this seems to be alright for me now.. cheers -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-PATCH-Fix-constant-division-for-AMD64-assembly-on-So.patch Type: text/x-patch Size: 2961 bytes Desc: not available URL: From dbaryshkov at gmail.com Wed Jan 8 00:35:03 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Wed, 8 Jan 2014 03:35:03 +0400 Subject: Question on gcry_pk_sign and flags Message-ID: Hello, I'm seeking an advice on the following problem: Currently GOST signatures are triggered by a flag 'gost' passed alongside the data. Essentially setting (flags gost) enforces the 'raw' encoding. I cannot pass (flags raw gost), it would be a conflict detected by 'raw' flag handling. This scheme works if I try to sign the data with sexp like: '(data(flags gost)(value #000000...#))'. The problem comes with sexp like '(data(flags gost)(hash stribog256 #000000#))'. Function _gcry_pk_util_data_to_mpi() contains additional requirements for handling ecoding=raw + lhash data: else if (ctx->encoding == PUBKEY_ENC_RAW && lhash && ((parsed_flags & PUBKEY_FLAG_RAW_FLAG) || (parsed_flags & PUBKEY_FLAG_RFC6979))) This check fails in my case and thus I end up with GPG_ERR_CONFLICT return code. What would be the best way to solve this problem: 1) Add (|| parsed_flags & PUBKEY_FLAG_GOST) to the check? 2) Add implicit PUBKEY_FLAG_RAW_FLAG if the gost flag is given? 3) Anything else? -- With best wishes Dmitry From wk at gnupg.org Wed Jan 8 08:08:06 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 08 Jan 2014 08:08:06 +0100 Subject: Question on gcry_pk_sign and flags In-Reply-To: (Dmitry Eremin-Solenikov's message of "Wed, 8 Jan 2014 03:35:03 +0400") References: Message-ID: <8738kzc5nt.fsf@vigenere.g10code.de> On Wed, 8 Jan 2014 00:35, dbaryshkov at gmail.com said: > 2) Add implicit PUBKEY_FLAG_RAW_FLAG if the gost flag is given? That is how I would solve it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Wed Jan 8 19:45:39 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jan 2014 19:45:39 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-14-ge313b9d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e313b9d7b76f1d04be1e8c9d654166e9f73e0249 (commit) from 7fef7f481c0a1542be34d1dc831f58d41846ac29 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e313b9d7b76f1d04be1e8c9d654166e9f73e0249 Author: Werner Koch Date: Wed Jan 8 19:45:13 2014 +0100 Typo fixes. -- diff --git a/NEWS b/NEWS index dbe30ee..878742e 100644 --- a/NEWS +++ b/NEWS @@ -36,7 +36,7 @@ Noteworthy changes in version 1.6.0 (2013-12-16) * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See [CVE-2013-4242]. - * Added support for Deterministic DSA as per RFC-6969. + * Added support for Deterministic DSA as per RFC-6979. * Added support for curve Ed25519. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index dc42950..d5b6c8e 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -951,7 +951,7 @@ The default is @code{GCRY_RNG_TYPE_STANDARD} unless FIPS mode as been enabled; in which case @code{GCRY_RNG_TYPE_FIPS} is used and locked against further changes. - at item GCRYCTL_GETT_CURRENT_RNG_TYPE; Arguments: int * + at item GCRYCTL_GET_CURRENT_RNG_TYPE; Arguments: int * This command stores the type of the currently used RNG as an integer value at the provided address. ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- doc/gcrypt.texi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Wed Jan 8 20:03:39 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jan 2014 20:03:39 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-15-g4b7db51 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4b7db51ad5d1bf98fd08ca3048f258059eca61a4 (commit) from e313b9d7b76f1d04be1e8c9d654166e9f73e0249 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4b7db51ad5d1bf98fd08ca3048f258059eca61a4 Author: Werner Koch Date: Wed Jan 8 20:03:15 2014 +0100 Fix another minor typo. -- diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index d5b6c8e..dfff1b1 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3321,7 +3321,7 @@ memory, two fast convenience function are available for this task: @code{gcry_md_hash_buffers} is a shortcut function to calculate a message digest from several buffers. This function does not require a -context and immediately returns the message digest of of the data +context and immediately returns the message digest of the data described by @var{iov} and @var{iovcnt}. @var{digest} must be allocated by the caller, large enough to hold the message digest yielded by the the specified algorithm @var{algo}. This required size ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From gniibe at fsij.org Thu Jan 9 13:59:35 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 09 Jan 2014 21:59:35 +0900 Subject: secp256k1 Message-ID: <1389272375.4793.1.camel@latx1.gniibe.org> Can I add secp256k1 curve? OID is 1.3.132.0.10. One of my customers of FST-01 wants to pay in Bitcoin (no, I haven't had wallet yet), and I realized that this curve is used. It would be good if ECDSA with secp256k1 can be computed with libgcrypt. -- From jussi.kivilinna at iki.fi Thu Jan 9 17:20:54 2014 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 09 Jan 2014 18:20:54 +0200 Subject: [PATCH] Fix constant division for AMD64 assembly on Solaris/x86 In-Reply-To: <52CC1D80.7020402@free.fr> References: <20140105164305.5915.22002.stgit@localhost6.localdomain6> <52CC1D80.7020402@free.fr> Message-ID: <52CECC66.9000004@iki.fi> On 07.01.2014 17:30, Richard PALO wrote: > Le 05/01/14 17:43, Jussi Kivilinna a ?crit : > > Hi, I needed to adjust your patch a bit to work, namely CFLAGS => CPPFLAGS and a bit of logic after the -Wa,--divide test as follows: >> + if test "$gcry_cv_gcc_as_const_division_with_wadivide_ok" = "no" ; then >> + CPPFLAGS="$_gcc_cppflags_save" >> + fi Ah, configure.ac checks are inline assembly in C-language; so CFLAGS are used there. But CPPFLAGS are used for *.S assembly files. Does attached patch work? It modifies CFLAGS for the check and applies the workaround to CPPFLAGS if needed. -Jussi > > this seems to be alright for me now.. > > cheers -------------- next part -------------- A non-text attachment was scrubbed... Name: fix-amd64-assembly-on-solaris_x86.patch Type: text/x-patch Size: 6654 bytes Desc: not available URL: From wk at gnupg.org Thu Jan 9 20:22:40 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 09 Jan 2014 20:22:40 +0100 Subject: secp256k1 In-Reply-To: <1389272375.4793.1.camel@latx1.gniibe.org> (NIIBE Yutaka's message of "Thu, 09 Jan 2014 21:59:35 +0900") References: <1389272375.4793.1.camel@latx1.gniibe.org> Message-ID: <87d2k19czj.fsf@vigenere.g10code.de> On Thu, 9 Jan 2014 13:59, gniibe at fsij.org said: > Can I add secp256k1 curve? OID is 1.3.132.0.10. AFAIK, the Koblitz curves are still patented. I maybe wrong, though. In general binary curves are considered potetial weak or at least very fragile. Thus the suggestion for new applications is not to use them. However, if you really like to experiment with them, you may add this curve. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gniibe at fsij.org Fri Jan 10 01:42:31 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 10 Jan 2014 09:42:31 +0900 Subject: secp256k1 In-Reply-To: <87d2k19czj.fsf@vigenere.g10code.de> References: <1389272375.4793.1.camel@latx1.gniibe.org> <87d2k19czj.fsf@vigenere.g10code.de> Message-ID: <1389314551.2254.1.camel@cfw2.gniibe.org> On 2014-01-09 at 20:22 +0100, Werner Koch wrote: > On Thu, 9 Jan 2014 13:59, gniibe at fsij.org said: > > Can I add secp256k1 curve? OID is 1.3.132.0.10. > > AFAIK, the Koblitz curves are still patented. I maybe wrong, though. > > In general binary curves are considered potetial weak or at least very > fragile. Thus the suggestion for new applications is not to use them. > > However, if you really like to experiment with them, you may add this > curve. I had also thought that it were one of Koblitz curves, as defined: http://www.springerreference.com/docs/html/chapterdbid/317770.html That is, Anomalous Binary Curves. But, the curve, secp256k1, is the curve over primary field. In the document of SEC 2: Recommended Elliptic Curve Domain Parameters, it says (page 4): Parameters associated with a Koblitz curve admit especially efficient implementation. The name Koblitz curve is best-known when used to describe binary anomalous curves over F 2^m which have a, b \in {0, 1} [9]. Here it is generalized to refer also to curves over p which possess an efficiently computable endomorphism [7]. The reference here is: [7] R. Gallant. Faster elliptic curve cryptography using efficient endomorphisms. Presentation at ECC '99, 1999. It's http://cacr.uwaterloo.ca/conferences/1999/ecc99/gallant.ps This optimization technique is now called Gallant, Lambert and Vanstone method (or GLV method in short). Gallant, Lambert and Vanstone: Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms: http://www.iacr.org/archive/crypto2001/21390189.pdf I don't know this technique is patented or not. At the start, I don't have an idea to implement this technique, but, I am going to just define the curve by adding its domain parameter. -- From gniibe at fsij.org Fri Jan 10 09:45:35 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 10 Jan 2014 17:45:35 +0900 Subject: secp256k1 In-Reply-To: <1389314551.2254.1.camel@cfw2.gniibe.org> References: <1389272375.4793.1.camel@latx1.gniibe.org> <87d2k19czj.fsf@vigenere.g10code.de> <1389314551.2254.1.camel@cfw2.gniibe.org> Message-ID: <1389343535.2254.7.camel@cfw2.gniibe.org> On 2014-01-10 at 09:42 +0900, NIIBE Yutaka wrote: > At the start, I don't have an idea to implement this technique, but, I > am going to just define the curve by adding its domain parameter. I mean something like this. I also would like to add a key in tests/basic.c. diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index ed629fc..822685d 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -73,6 +73,8 @@ static const struct { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"}, { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"}, + { "secp256k1", "1.3.132.0.10" }, + { NULL, NULL} }; @@ -297,6 +299,17 @@ static const ecc_domain_parms_t domain_parms[] = "c83ab156d77f1496bf7eb3351e1ee4e43dc1a18b91b24640b6dbb92cb1add371e", }, + { + "secp256k1", 256, 0, + MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD, + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", + "0x0000000000000000000000000000000000000000000000000000000000000000", + "0x0000000000000000000000000000000000000000000000000000000000000007", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8" + }, + { NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL } }; diff --git a/tests/curves.c b/tests/curves.c index 198693e..04e6bc9 100644 --- a/tests/curves.c +++ b/tests/curves.c @@ -29,7 +29,7 @@ #include "../src/gcrypt-int.h" /* Number of curves defined in ../cipger/ecc.c */ -#define N_CURVES 15 +#define N_CURVES 16 /* A real world sample public key. */ static char const sample_key_1[] = -- From wk at gnupg.org Fri Jan 10 15:16:17 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 10 Jan 2014 15:16:17 +0100 Subject: secp256k1 In-Reply-To: <1389343535.2254.7.camel@cfw2.gniibe.org> (NIIBE Yutaka's message of "Fri, 10 Jan 2014 17:45:35 +0900") References: <1389272375.4793.1.camel@latx1.gniibe.org> <87d2k19czj.fsf@vigenere.g10code.de> <1389314551.2254.1.camel@cfw2.gniibe.org> <1389343535.2254.7.camel@cfw2.gniibe.org> Message-ID: <87wqi79b2m.fsf@vigenere.g10code.de> On Fri, 10 Jan 2014 09:45, gniibe at fsij.org said: > I mean something like this. I also would like to add a key in > tests/basic.c. Great. Go ahead for master. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Fri Jan 10 15:43:27 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 10 Jan 2014 15:43:27 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-17-gb0ac1f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via b0ac1f9b143aa15855914ba93fef900288d45c9c (commit) via df9b4eabf52faee6f289a4bc62219684442ae383 (commit) from 4b7db51ad5d1bf98fd08ca3048f258059eca61a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b0ac1f9b143aa15855914ba93fef900288d45c9c Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Use the generic autogen.sh script. * autogen.rc: New. * Makefile.am (EXTRA_DIST): Add it. * autogen.sh: Update from current GnuPG. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index 8458dd0..937bdaf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -28,7 +28,7 @@ GITLOG_TO_CHANGELOG=gitlog-to-changelog DIST_SUBDIRS = m4 compat mpi cipher random src doc tests SUBDIRS = compat mpi cipher random src doc tests -EXTRA_DIST = autogen.sh README.GIT LICENSES \ +EXTRA_DIST = autogen.sh autogen.rc README.GIT LICENSES \ ChangeLog-2011 build-aux/ChangeLog-2011 doc/ChangeLog-2011 \ m4/ChangeLog-2011 cipher/ChangeLog-2011 src/ChangeLog-2011 \ random/ChangeLog-2011 tests/ChangeLog-2011 mpi/ChangeLog-2011 \ diff --git a/autogen.rc b/autogen.rc new file mode 100644 index 0000000..09a9b9c --- /dev/null +++ b/autogen.rc @@ -0,0 +1,17 @@ +# autogen.sh configuration for Libgcrypt -*- sh -*- + +case "$myhost" in + w32) + configure_opts=" + --with-gpg-error-prefix=@SYSROOT@ + " + ;; + + amd64) + configure_opts=" + --with-gpg-error-prefix=@SYSROOT@ + " + ;; +esac + +final_info="./configure --enable-maintainer-mode && make" diff --git a/autogen.sh b/autogen.sh index 841c2c2..471193c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,7 +1,6 @@ #! /bin/sh -# Run this to generate all the initial makefiles, etc. -# -# Copyright (C) 2003 g10 Code GmbH +# autogen.sh +# Copyright (C) 2003, 2014 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -10,6 +9,13 @@ # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# This is a generic script to create the configure script and handle cross +# build environments. It requires the presence of a autogen.rc file to +# configure it for the respective package. It is maintained as part of +# GnuPG and source copied by other packages. +# +# Version: 2014-01-10 configure_ac="configure.ac" @@ -18,7 +24,7 @@ cvtver () { } check_version () { - if [ `("$1" --version || echo "0") | cvtver` -ge "$2" ]; then + if [ $(( `("$1" --version || echo "0") | cvtver` >= $2 )) = 1 ]; then return 0 fi echo "**Error**: "\`$1\'" not installed or too old." >&2 @@ -28,89 +34,176 @@ check_version () { return 1 } +fatal () { + echo "autogen.sh:" "$*" >&2 + DIE=yes +} + +info () { + if [ -z "${SILENT}" ]; then + echo "autogen.sh:" "$*" + fi +} + +die_p () { + if [ "$DIE" = "yes" ]; then + echo "autogen.sh: Stop." >&2 + exit 1 + fi +} + +replace_sysroot () { + configure_opts=$(echo $configure_opts | sed "s#@SYSROOT@#${w32root}#g") + extraoptions=$(echo $extraoptions | sed "s#@SYSROOT@#${w32root}#g") +} + +# Allow to override the default tool names +AUTOCONF=${AUTOCONF_PREFIX}${AUTOCONF:-autoconf}${AUTOCONF_SUFFIX} +AUTOHEADER=${AUTOCONF_PREFIX}${AUTOHEADER:-autoheader}${AUTOCONF_SUFFIX} + +AUTOMAKE=${AUTOMAKE_PREFIX}${AUTOMAKE:-automake}${AUTOMAKE_SUFFIX} +ACLOCAL=${AUTOMAKE_PREFIX}${ACLOCAL:-aclocal}${AUTOMAKE_SUFFIX} + +GETTEXT=${GETTEXT_PREFIX}${GETTEXT:-gettext}${GETTEXT_SUFFIX} +MSGMERGE=${GETTEXT_PREFIX}${MSGMERGE:-msgmerge}${GETTEXT_SUFFIX} DIE=no FORCE= +SILENT= +tmp=$(dirname "$0") +tsdir=$(cd "${tmp}"; pwd) + +if [ -n "${AUTOGEN_SH_SILENT}" ]; then + SILENT=" --silent" +fi +if test x"$1" = x"--help"; then + echo "usage: ./autogen.sh [--silent] [--force] [--build-TYPE] [ARGS]" + exit 0 +fi +if test x"$1" = x"--silent"; then + SILENT=" --silent" + shift +fi if test x"$1" = x"--force"; then FORCE=" --force" shift fi -# Begin list of optional variables sourced from ~/.gnupg-autogen.rc + +# Reject unsafe characters in $HOME, $tsdir and cwd. We consider spaces +# as unsafe because it is too easy to get scripts wrong in this regard. +am_lf=' +' +case `pwd` in + *[\;\\\"\#\$\&\'\`$am_lf\ \ ]*) + fatal "unsafe working directory name" ;; +esac +case $tsdir in + *[\;\\\"\#\$\&\'\`$am_lf\ \ ]*) + fatal "unsafe source directory: \`$tsdir'" ;; +esac +case $HOME in + *[\;\\\"\#\$\&\'\`$am_lf\ \ ]*) + fatal "unsafe home directory: \`$HOME'" ;; +esac +die_p + + +# List of variables sourced from autogen.rc. The strings '@SYSROOT@' in +# these variables are replaced by the actual system root. +configure_opts= +extraoptions= +# List of optional variables sourced from autogen.rc and ~/.gnupg-autogen.rc w32_toolprefixes= w32_extraoptions= w32ce_toolprefixes= w32ce_extraoptions= +w64_toolprefixes= +w64_extraoptions= amd64_toolprefixes= # End list of optional variables sourced from ~/.gnupg-autogen.rc # What follows are variables which are sourced but default to # environment variables or lacking them hardcoded values. #w32root= #w32ce_root= +#w64root= #amd64root= -if [ -f "$HOME/.gnupg-autogen.rc" ]; then - echo "sourcing extra definitions from $HOME/.gnupg-autogen.rc" - . "$HOME/.gnupg-autogen.rc" -fi - # Convenience option to use certain configure options for some hosts. myhost="" myhostsub="" case "$1" in --build-w32) myhost="w32" + shift ;; --build-w32ce) myhost="w32" myhostsub="ce" + shift ;; --build-w64) myhost="w32" myhostsub="64" + shift ;; --build-amd64) myhost="amd64" + shift ;; --build*) - echo "**Error**: invalid build option $1" >&2 - exit 1 + fatal "**Error**: invalid build option $1" + shift ;; - *) + *) ;; esac +die_p + + +# Source our configuration +if [ -f "${tsdir}/autogen.rc" ]; then + . "${tsdir}/autogen.rc" +fi +# Source optional site specific configuration +if [ -f "$HOME/.gnupg-autogen.rc" ]; then + info "sourcing extra definitions from $HOME/.gnupg-autogen.rc" + . "$HOME/.gnupg-autogen.rc" +fi -# ***** W32 build script ******* -# Used to cross-compile for Windows. +# ****************** +# W32 build script +# ****************** if [ "$myhost" = "w32" ]; then - tmp=`dirname $0` - tsdir=`cd "$tmp"; pwd` - shift - if [ ! -f $tsdir/config.guess ]; then - echo "$tsdir/config.guess not found" >&2 + if [ ! -f "$tsdir/build-aux/config.guess" ]; then + fatal "$tsdir/build-aux/config.guess not found" exit 1 fi - build=`$tsdir/config.guess` + build=`$tsdir/build-aux/config.guess` case $myhostsub in ce) w32root="$w32ce_root" [ -z "$w32root" ] && w32root="$HOME/w32ce_root" - toolprefixes="arm-mingw32ce" + toolprefixes="$w32ce_toolprefixes arm-mingw32ce" + extraoptions="$extraoptions $w32ce_extraoptions" ;; 64) w32root="$w64root" [ -z "$w32root" ] && w32root="$HOME/w64root" - toolprefixes="$amd64_toolprefixes amd64-mingw32msvc" + toolprefixes="$w64_toolprefixes x86_64-w64-mingw32" + extraoptions="$extraoptions $w64_extraoptions" ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" toolprefixes="$w32_toolprefixes i686-w64-mingw32 i586-mingw32msvc" toolprefixes="$toolprefixes i386-mingw32msvc mingw32" + extraoptions="$extraoptions $w32_extraoptions" ;; esac - echo "Using $w32root as standard install directory" >&2 + info "Using $w32root as standard install directory" + replace_sysroot # Locate the cross compiler crossbindir= @@ -122,48 +215,49 @@ if [ "$myhost" = "w32" ]; then fi done if [ -z "$crossbindir" ]; then - echo "Cross compiler kit not installed" >&2 - if [ -z "$sub" ]; then - echo "Under Debian GNU/Linux, you may install it using" >&2 - echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 + fatal "cross compiler kit not installed" + if [ -z "$myhostsub" ]; then + info "Under Debian GNU/Linux, you may install it using" + info " apt-get install mingw32 mingw32-runtime mingw32-binutils" fi - echo "Stop." >&2 - exit 1 + die_p fi if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then - echo "Pease run a 'make distclean' first" >&2 - exit 1 + fatal "Please run a 'make distclean' first" + die_p fi fi - $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ - --host=${host} --build=${build} \ - --with-gpg-error-prefix=${w32root} - exit $? + $tsdir/configure --enable-maintainer-mode ${SILENT} \ + --prefix=${w32root} \ + --host=${host} --build=${build} \ + ${configure_opts} ${extraoptions} "$@" + rc=$? + exit $rc fi # ***** end W32 build script ******* - # ***** AMD64 cross build script ******* # Used to cross-compile for AMD64 (for testing) if [ "$myhost" = "amd64" ]; then - tmp=`dirname $0` - tsdir=`cd "$tmp"; pwd` shift - if [ ! -f $tsdir/config.guess ]; then - echo "$tsdir/config.guess not found" >&2 + if [ ! -f $tsdir/build-aux/config.guess ]; then + echo "$tsdir/build-aux/config.guess not found" >&2 exit 1 fi - build=`$tsdir/config.guess` + build=`$tsdir/build-aux/config.guess` [ -z "$amd64root" ] && amd64root="$HOME/amd64root" - echo "Using $amd64root as standard install directory" >&2 + info "Using $amd64root as standard install directory" + replace_sysroot + + toolprefixes="$amd64_toolprefixes x86_64-linux-gnu amd64-linux-gnu" # Locate the cross compiler crossbindir= - for host in x86_64-linux-gnu amd64-linux-gnu; do + for host in $toolprefixes ; do if ${host}-gcc --version >/dev/null 2>&1 ; then crossbindir=/usr/${host}/bin conf_CC="CC=${host}-gcc" @@ -183,15 +277,16 @@ if [ "$myhost" = "amd64" ]; then fi fi - $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \ + $tsdir/configure --enable-maintainer-mode ${SILENT} \ + --prefix=${amd64root} \ --host=${host} --build=${build} \ - --with-gpg-error-prefix=${amd64root} - + ${configure_opts} ${extraoptions} "$@" rc=$? exit $rc fi # ***** end AMD64 cross build script ******* + # Grep the required versions from configure.ac autoconf_vers=`sed -n '/^AC_PREREQ(/ { s/^.*(\(.*\))/\1/p @@ -205,29 +300,22 @@ q }' ${configure_ac}` automake_vers_num=`echo "$automake_vers" | cvtver` -#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { -#s/^.*(\(.*\))/\1/p -#q -#}' ${configure_ac}` -#gettext_vers_num=`echo "$gettext_vers" | cvtver` - +if [ -d "${tsdir}/po" ]; then + gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { +s/^.*\[\(.*\)])/\1/p +q +}' ${configure_ac}` + gettext_vers_num=`echo "$gettext_vers" | cvtver` +else + gettext_vers="n/a" +fi -if [ -z "$autoconf_vers" -o -z "$automake_vers" ] +if [ -z "$autoconf_vers" -o -z "$automake_vers" -o -z "$gettext_vers" ] then echo "**Error**: version information not found in "\`${configure_ac}\'"." >&2 exit 1 fi -# Allow to override the default tool names -AUTOCONF=${AUTOCONF_PREFIX}${AUTOCONF:-autoconf}${AUTOCONF_SUFFIX} -AUTOHEADER=${AUTOCONF_PREFIX}${AUTOHEADER:-autoheader}${AUTOCONF_SUFFIX} - -AUTOMAKE=${AUTOMAKE_PREFIX}${AUTOMAKE:-automake}${AUTOMAKE_SUFFIX} -ACLOCAL=${AUTOMAKE_PREFIX}${ACLOCAL:-aclocal}${AUTOMAKE_SUFFIX} - -#GETTEXT=${GETTEXT_PREFIX}${GETTEXT:-gettext}${GETTEXT_SUFFIX} -#MSGMERGE=${GETTEXT_PREFIX}${MSGMERGE:-msgmerge}${GETTEXT_SUFFIX} - if check_version $AUTOCONF $autoconf_vers_num $autoconf_vers ; then check_version $AUTOHEADER $autoconf_vers_num $autoconf_vers autoconf @@ -235,45 +323,71 @@ fi if check_version $AUTOMAKE $automake_vers_num $automake_vers; then check_version $ACLOCAL $automake_vers_num $autoconf_vers automake fi -#if check_version $GETTEXT $gettext_vers_num $gettext_vers; then -# check_version $MSGMERGE $gettext_vers_num $gettext_vers gettext -#fi +if [ "$gettext_vers" != "n/a" ]; then + if check_version $GETTEXT $gettext_vers_num $gettext_vers; then + check_version $MSGMERGE $gettext_vers_num $gettext_vers gettext + fi +fi -if test "$DIE" = "yes"; then +if [ "$DIE" = "yes" ]; then cat <&2 + [ -z "${SILENT}" ] && cat < Date: Thu Jan 9 19:14:09 2014 +0100 Move all helper scripts to build-aux/ * scripts/: Rename to build-aux/. * compile, config.guess, config.rpath, config.sub * depcomp, doc/mdate-sh, doc/texinfo.tex * install-sh, ltmain.sh, missing: Move to build-aux/. * Makefile.am (EXTRA_DIST): Adjust. * configure.ac (AC_CONFIG_AUX_DIR): New. (AM_SILENT_RULES): New. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index 7fb7b50..8458dd0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,11 +27,12 @@ GITLOG_TO_CHANGELOG=gitlog-to-changelog DIST_SUBDIRS = m4 compat mpi cipher random src doc tests SUBDIRS = compat mpi cipher random src doc tests -EXTRA_DIST = autogen.sh README.GIT LICENSES \ - ChangeLog-2011 scripts/ChangeLog-2011 doc/ChangeLog-2011 \ - m4/ChangeLog-2011 cipher/ChangeLog-2011 src/ChangeLog-2011 \ + +EXTRA_DIST = autogen.sh README.GIT LICENSES \ + ChangeLog-2011 build-aux/ChangeLog-2011 doc/ChangeLog-2011 \ + m4/ChangeLog-2011 cipher/ChangeLog-2011 src/ChangeLog-2011 \ random/ChangeLog-2011 tests/ChangeLog-2011 mpi/ChangeLog-2011 \ - scripts/git-log-footer scripts/git-log-fix + build-aux/git-log-footer build-aux/git-log-fix DISTCLEANFILES = @@ -59,9 +60,9 @@ gen-ChangeLog: if test -d $(top_srcdir)/.git; then \ (cd $(top_srcdir) && \ $(GITLOG_TO_CHANGELOG) --append-dot --tear-off \ - --amend=scripts/git-log-fix \ + --amend=build-aux/git-log-fix \ --since=$(gen_start_date) ) > $(distdir)/cl-t; \ - cat $(top_srcdir)/scripts/git-log-footer >> $(distdir)/cl-t; \ + cat $(top_srcdir)/build-aux/git-log-footer >> $(distdir)/cl-t;\ rm -f $(distdir)/ChangeLog; \ mv $(distdir)/cl-t $(distdir)/ChangeLog; \ fi diff --git a/scripts/ChangeLog-2011 b/build-aux/ChangeLog-2011 similarity index 100% rename from scripts/ChangeLog-2011 rename to build-aux/ChangeLog-2011 diff --git a/compile b/build-aux/compile similarity index 100% rename from compile rename to build-aux/compile diff --git a/config.guess b/build-aux/config.guess similarity index 100% rename from config.guess rename to build-aux/config.guess diff --git a/config.rpath b/build-aux/config.rpath similarity index 100% rename from config.rpath rename to build-aux/config.rpath diff --git a/config.sub b/build-aux/config.sub similarity index 100% rename from config.sub rename to build-aux/config.sub diff --git a/scripts/db2any b/build-aux/db2any similarity index 99% rename from scripts/db2any rename to build-aux/db2any index 96606f8..a240aaa 100755 --- a/scripts/db2any +++ b/build-aux/db2any @@ -438,7 +438,7 @@ render_texinfo () { sgml2xml -x lower $input > $tmpxml [ $verbose = yes ] && echo "running docbook2texi on '$tmpxml' ..." >&2 docbook2texi $tmpxml | sed 's,--,---,' >$output - rm $tmpxml + rm $tmpxml [ $verbose = yes ] && echo "texinfo '$output' created" >&2 } diff --git a/depcomp b/build-aux/depcomp similarity index 100% rename from depcomp rename to build-aux/depcomp diff --git a/scripts/distfiles b/build-aux/distfiles similarity index 100% rename from scripts/distfiles rename to build-aux/distfiles diff --git a/scripts/git-log-fix b/build-aux/git-log-fix similarity index 100% rename from scripts/git-log-fix rename to build-aux/git-log-fix diff --git a/scripts/git-log-footer b/build-aux/git-log-footer similarity index 100% rename from scripts/git-log-footer rename to build-aux/git-log-footer diff --git a/install-sh b/build-aux/install-sh similarity index 100% rename from install-sh rename to build-aux/install-sh diff --git a/ltmain.sh b/build-aux/ltmain.sh similarity index 99% rename from ltmain.sh rename to build-aux/ltmain.sh index 24e3fd3..859599a 100644 --- a/ltmain.sh +++ b/build-aux/ltmain.sh @@ -9662,4 +9662,3 @@ build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # sh-indentation:2 # End: # vi:sw=2 - diff --git a/doc/mdate-sh b/build-aux/mdate-sh similarity index 100% rename from doc/mdate-sh rename to build-aux/mdate-sh diff --git a/missing b/build-aux/missing similarity index 100% rename from missing rename to build-aux/missing diff --git a/doc/texinfo.tex b/build-aux/texinfo.tex similarity index 99% rename from doc/texinfo.tex rename to build-aux/texinfo.tex index 8083622..8f99418 100644 --- a/doc/texinfo.tex +++ b/build-aux/texinfo.tex @@ -310,7 +310,7 @@ % We don't want .vr (or whatever) entries like this: % \entry{{\tt \indexbackslash }acronym}{32}{\code {\acronym}} % "\acronym" won't work when it's read back in; - % it needs to be + % it needs to be % {\code {{\tt \backslashcurfont }acronym} \shipout\vbox{% % Do this early so pdf references go to the beginning of the page. @@ -661,7 +661,7 @@ \def\?{?\spacefactor=\endofsentencespacefactor\space} % @frenchspacing on|off says whether to put extra space after punctuation. -% +% \def\onword{on} \def\offword{off} % @@ -1216,7 +1216,7 @@ where each line of input produces a line of output.} % that's what we do). % double active backslashes. -% +% {\catcode`\@=0 \catcode`\\=\active @gdef at activebackslashdouble{% @catcode`@\=@active @@ -1227,11 +1227,11 @@ where each line of input produces a line of output.} % not active characters. hyperref.dtx (which has the same problem as % us) handles it with this amazing macro to replace tokens. I've % tinkered with it a little for texinfo, but it's definitely from there. -% +% % #1 is the tokens to replace. % #2 is the replacement. % #3 is the control sequence with the string. -% +% \def\HyPsdSubst#1#2#3{% \def\HyPsdReplace##1#1##2\END{% ##1% @@ -1420,7 +1420,7 @@ where each line of input produces a line of output.} % tried to figure out what each command should do in the context % of @url. for now, just make @/ a no-op, that's the only one % people have actually reported a problem with. - % + % \normalturnoffactive \def\@{@}% \let\/=\empty @@ -1547,7 +1547,7 @@ where each line of input produces a line of output.} % Definitions for a main text size of 11pt. This is the default in % Texinfo. -% +% \def\definetextfontsizexi{ % Text fonts (11.2pt, magstep1). \def\textnominalsize{11pt} @@ -1672,7 +1672,7 @@ where each line of input produces a line of output.} % section, chapter, etc., sizes following suit. This is for the GNU % Press printing of the Emacs 22 manual. Maybe other manuals in the % future. Used with @smallbook, which sets the leading to 12pt. -% +% \def\definetextfontsizex{% % Text fonts (10pt). \def\textnominalsize{10pt} @@ -1758,7 +1758,7 @@ where each line of input produces a line of output.} \setfont\secsf\sfbshape{12}{1000} \let\secbf\secrm \setfont\secsc\scbshape{10}{\magstep1} -\font\seci=cmmi12 +\font\seci=cmmi12 \font\secsy=cmsy10 scaled \magstep1 % Subsection fonts (10pt). @@ -1799,7 +1799,7 @@ where each line of input produces a line of output.} % We provide the user-level command % @fonttextsize 10 % (or 11) to redefine the text font size. pt is assumed. -% +% \def\xword{10} \def\xiword{11} % @@ -1809,7 +1809,7 @@ where each line of input produces a line of output.} % % Set \globaldefs so that documents can use this inside @tex, since % makeinfo 4.8 does not support it, but we need it nonetheless. - % + % \begingroup \globaldefs=1 \ifx\textsizearg\xword \definetextfontsizex \else \ifx\textsizearg\xiword \definetextfontsizexi @@ -2094,7 +2094,7 @@ where each line of input produces a line of output.} % each of the four underscores in __typeof__. This is undesirable in % some manuals, especially if they don't have long identifiers in % general. @allowcodebreaks provides a way to control this. -% +% \newif\ifallowcodebreaks \allowcodebreakstrue \def\keywordtrue{true} @@ -2225,7 +2225,7 @@ where each line of input produces a line of output.} % @acronym for "FBI", "NATO", and the like. % We print this one point size smaller, since it's intended for % all-uppercase. -% +% \def\acronym#1{\doacronym #1,,\finish} \def\doacronym#1,#2,#3\finish{% {\selectfonts\lsize #1}% @@ -2237,7 +2237,7 @@ where each line of input produces a line of output.} % @abbr for "Comput. J." and the like. % No font change, but don't do end-of-sentence spacing. -% +% \def\abbr#1{\doabbr #1,,\finish} \def\doabbr#1,#2,#3\finish{% {\plainfrenchspacing #1}% @@ -2256,43 +2256,43 @@ where each line of input produces a line of output.} % Theiling, which support regular, slanted, bold and bold slanted (and % "outlined" (blackboard board, sort of) versions, which we don't need). % It is available from http://www.ctan.org/tex-archive/fonts/eurosym. -% +% % Although only regular is the truly official Euro symbol, we ignore % that. The Euro is designed to be slightly taller than the regular % font height. -% +% % feymr - regular % feymo - slanted % feybr - bold % feybo - bold slanted -% +% % There is no good (free) typewriter version, to my knowledge. % A feymr10 euro is ~7.3pt wide, while a normal cmtt10 char is ~5.25pt wide. % Hmm. -% +% % Also doesn't work in math. Do we need to do math with euro symbols? % Hope not. -% -% +% +% \def\euro{{\eurofont e}} \def\eurofont{% % We set the font at each command, rather than predefining it in % \textfonts and the other font-switching commands, so that % installations which never need the symbol don't have to have the % font installed. - % + % % There is only one designed size (nominal 10pt), so we always scale % that to the current nominal size. - % + % % By the way, simply using "at 1em" works for cmr10 and the like, but % does not work for cmbx10 and other extended/shrunken fonts. - % + % \def\eurosize{\csname\curfontsize nominalsize\endcsname}% % - \ifx\curfontstyle\bfstylename + \ifx\curfontstyle\bfstylename % bold: \font\thiseurofont = \ifusingit{feybo10}{feybr10} at \eurosize - \else + \else % regular: \font\thiseurofont = \ifusingit{feymo10}{feymr10} at \eurosize \fi @@ -2316,7 +2316,7 @@ where each line of input produces a line of output.} % Laurent Siebenmann reports \Orb undefined with: % Textures 1.7.7 (preloaded format=plain 93.10.14) (68K) 16 APR 2004 02:38 % so we'll define it if necessary. -% +% \ifx\Orb\undefined \def\Orb{\mathhexbox20D} \fi @@ -2632,7 +2632,7 @@ where each line of input produces a line of output.} % cause the example and the item to crash together. So we use this % bizarre value of 10001 as a signal to \aboveenvbreak to insert % \parskip glue after all. Section titles are handled this way also. - % + % \penalty 10001 \endgroup \itemxneedsnegativevskipfalse @@ -3428,7 +3428,7 @@ where each line of input produces a line of output.} % processing continues to some further point. On the other hand, it % seems \endinput does not hurt in the printed index arg, since that % is still getting written without apparent harm. - % + % % Sample source (mac-idx3.tex, reported by Graham Percival to % help-texinfo, 22may06): % @macro funindex {WORD} @@ -3436,12 +3436,12 @@ where each line of input produces a line of output.} % @end macro % ... % @funindex commtest - % + % % The above is not enough to reproduce the bug, but it gives the flavor. - % + % % Sample whatsit resulting: % . at write3{\entry{xyz}{@folio }{@code {xyz at endinput }}} - % + % % So: \let\endinput = \empty % @@ -3677,11 +3677,11 @@ where each line of input produces a line of output.} % makeinfo does not expand macros in the argument to @deffn, which ends up % writing an index entry, and texindex isn't prepared for an index sort entry % that starts with \. - % + % % Since macro invocations are followed by braces, we can just redefine them % to take a single TeX argument. The case of a macro invocation that % goes to end-of-line is not handled. - % + % \macrolist } @@ -3807,7 +3807,7 @@ where each line of input produces a line of output.} % to re-insert the same penalty (values >10000 are used for various % signals); since we just inserted a non-discardable item, any % following glue (such as a \parskip) would be a breakpoint. For example: - % + % % @deffn deffn-whatever % @vindex index-whatever % Description. @@ -4759,11 +4759,11 @@ where each line of input produces a line of output.} % glue accumulate. (Not a breakpoint because it's preceded by a % discardable item.) \vskip-\parskip - % + % % This is purely so the last item on the list is a known \penalty > % 10000. This is so \startdefun can avoid allowing breakpoints after % section headings. Otherwise, it would insert a valid breakpoint between: - % + % % @section sec-whatever % @deffn def-whatever \penalty 10001 @@ -4821,7 +4821,7 @@ where each line of input produces a line of output.} % These characters do not print properly in the Computer Modern roman % fonts, so we must take special care. This is more or less redundant % with the Texinfo input format setup at the end of this file. -% +% \def\activecatcodes{% \catcode`\"=\active \catcode`\$=\active @@ -5416,8 +5416,8 @@ where each line of input produces a line of output.} % from cmtt (char 0x0d). The undirected quote is ugly, so don't make it % the default, but it works for pasting with more pdf viewers (at least % evince), the lilypond developers report. xpdf does work with the -% regular 0x27. -% +% regular 0x27. +% \def\codequoteright{% \expandafter\ifx\csname SETcodequoteundirected\endcsname\relax '% @@ -5429,7 +5429,7 @@ where each line of input produces a line of output.} % and a similar option for the left quote char vs. a grave accent. % Modern fonts display ASCII 0x60 as a grave accent, so some people like % the code environments to do likewise. -% +% \def\codequoteleft{% \expandafter\ifx\csname SETcodequotebacktick\endcsname\relax `% @@ -5572,7 +5572,7 @@ where each line of input produces a line of output.} % by \defargscommonending, instead of 10000, since the sectioning % commands also insert a nobreak penalty, and we don't want to allow % a break between a section heading and a defun. - % + % \ifnum\lastpenalty=10002 \penalty2000 \fi % % Similarly, after a section heading, do not allow a break. @@ -5950,7 +5950,7 @@ where each line of input produces a line of output.} % This does \let #1 = #2, with \csnames; that is, % \let \csname#1\endcsname = \csname#2\endcsname % (except of course we have to play expansion games). -% +% \def\cslet#1#2{% \expandafter\let \csname#1\expandafter\endcsname @@ -7420,7 +7420,7 @@ should work if nowhere else does.} % Same as @turnoffactive except outputs \ as {\tt\char`\\} instead of % the literal character `\'. -% +% @def at normalturnoffactive{% @let\=@normalbackslash @let"=@normaldoublequote diff --git a/configure.ac b/configure.ac index 1715161..05cdaf8 100644 --- a/configure.ac +++ b/configure.ac @@ -72,6 +72,7 @@ NEED_GPG_ERROR_VERSION=1.11 PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION +AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_SRCDIR([src/libgcrypt.vers]) AM_INIT_AUTOMAKE AC_CONFIG_HEADER(config.h) @@ -79,6 +80,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_LIBOBJ_DIR([compat]) AC_CANONICAL_HOST AM_MAINTAINER_MODE +AM_SILENT_RULES AH_TOP([ #ifndef _GCRYPT_CONFIG_H_INCLUDED diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index dfff1b1..cef6318 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2798,9 +2798,11 @@ supported parameters are: @table @code @item nbits -This is always required to specify the length of the key. The argument -is a string with a number in C-notation. The value should be a multiple -of 8. +This is always required to specify the length of the key. The +argument is a string with a number in C-notation. The value should be +a multiple of 8. Note that the S-expression syntax requires that a +number is prefixed with its string length; thus the @code{4:} in the +above example. @item curve @var{name} For ECC a named curve may be used instead of giving the number of ----------------------------------------------------------------------- Summary of changes: Makefile.am | 13 +- autogen.rc | 17 ++ autogen.sh | 276 ++++++++++++++++++++++---------- {scripts => build-aux}/ChangeLog-2011 | 0 compile => build-aux/compile | 0 config.guess => build-aux/config.guess | 0 config.rpath => build-aux/config.rpath | 0 config.sub => build-aux/config.sub | 0 {scripts => build-aux}/db2any | 2 +- depcomp => build-aux/depcomp | 0 {scripts => build-aux}/distfiles | 0 {scripts => build-aux}/git-log-fix | 0 {scripts => build-aux}/git-log-footer | 0 install-sh => build-aux/install-sh | 0 ltmain.sh => build-aux/ltmain.sh | 1 - {doc => build-aux}/mdate-sh | 0 missing => build-aux/missing | 0 {doc => build-aux}/texinfo.tex | 86 +++++----- configure.ac | 2 + doc/gcrypt.texi | 8 +- 20 files changed, 270 insertions(+), 135 deletions(-) create mode 100644 autogen.rc rename {scripts => build-aux}/ChangeLog-2011 (100%) rename compile => build-aux/compile (100%) rename config.guess => build-aux/config.guess (100%) rename config.rpath => build-aux/config.rpath (100%) rename config.sub => build-aux/config.sub (100%) rename {scripts => build-aux}/db2any (99%) rename depcomp => build-aux/depcomp (100%) rename {scripts => build-aux}/distfiles (100%) rename {scripts => build-aux}/git-log-fix (100%) rename {scripts => build-aux}/git-log-footer (100%) rename install-sh => build-aux/install-sh (100%) rename ltmain.sh => build-aux/ltmain.sh (99%) rename {doc => build-aux}/mdate-sh (100%) rename missing => build-aux/missing (100%) rename {doc => build-aux}/texinfo.tex (99%) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From dbaryshkov at gmail.com Fri Jan 10 15:55:01 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 10 Jan 2014 18:55:01 +0400 Subject: [PATCH v3] Truncate hash values for ECDSA signature scheme In-Reply-To: <1388435917-16834-1-git-send-email-dbaryshkov@gmail.com> References: <1388435917-16834-1-git-send-email-dbaryshkov@gmail.com> Message-ID: On Tue, Dec 31, 2013 at 12:38 AM, Dmitry Eremin-Solenikov wrote: > * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque > mpis as required for DSA and ECDSA signature schemas. > * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to > behave like the rest of internal sign/verify functions. > * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation. > * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation. > * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): > as required by ECDSA scheme, truncate hash values to bitlength of > used curve. > * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash > truncation. > > Signed-off-by: Dmitry Eremin-Solenikov > --- > > * Change in V3 - fix testcases to use (hash sha1 ... ) S-exp instead of > (value ...) - otherwise it will not be converted to an opaque MPI. > > cipher/dsa-common.c | 33 ++++++++++++++++++++ > cipher/dsa.c | 81 ++++++++++++++++++++---------------------------- > cipher/ecc-ecdsa.c | 28 ++++++++--------- > cipher/pubkey-internal.h | 3 ++ > tests/pubkey.c | 47 +++++++++++++++++++++++++++- > 5 files changed, 129 insertions(+), 63 deletions(-) Ping? -- With best wishes Dmitry From dbaryshkov at gmail.com Fri Jan 10 15:58:38 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 10 Jan 2014 18:58:38 +0400 Subject: Libgcrypt threads model In-Reply-To: References: Message-ID: Anybody? On Mon, Dec 23, 2013 at 2:05 PM, Dmitry Eremin-Solenikov wrote: > Hello, > > While adapting old GnuTLS gcrypt backend to current libgcrypt codebase, > I stumbled upon current Libgcrypt threading code. > > After carving through ath.c, I have the following impression: > > Despite all definitions in ath.c gcrypt does not really support > either W32 threads or pthreads on systems which do not > support weak symbols (are there any of them?). Is it true? > Is it intentional? > > How would ath mutexes behave if libgcrypt is linked into > an application with static pthreads? With pth or npth? > With w32? > > Is it correct that GCRYCTL_SET_THREAD_CBS gcry_control > is also deprecated and should not be used in contemporary code? > > -- > With best wishes > Dmitry -- With best wishes Dmitry From jussi.kivilinna at iki.fi Fri Jan 10 16:06:56 2014 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 10 Jan 2014 17:06:56 +0200 Subject: [PATCH] Fix constant division for AMD64 assembly on Solaris/x86 In-Reply-To: <52CEE808.3020504@free.fr> References: <20140105164305.5915.22002.stgit@localhost6.localdomain6> <52CC1D80.7020402@free.fr> <52CECC66.9000004@iki.fi> <52CEE808.3020504@free.fr> Message-ID: <52D00C90.4020204@iki.fi> On 09.01.2014 20:18, Richard PALO wrote: > Le 09/01/14 17:20, Jussi Kivilinna a ?crit : >> On 07.01.2014 17:30, Richard PALO wrote: >>> Le 05/01/14 17:43, Jussi Kivilinna a ?crit : >>> >>> Hi, I needed to adjust your patch a bit to work, namely CFLAGS => CPPFLAGS and a bit of logic after the -Wa,--divide test as follows: >>>> + if test "$gcry_cv_gcc_as_const_division_with_wadivide_ok" = "no" ; then >>>> + CPPFLAGS="$_gcc_cppflags_save" >>>> + fi >> >> Ah, configure.ac checks are inline assembly in C-language; so CFLAGS are used there. But CPPFLAGS are used for *.S assembly files. Does attached patch work? It modifies CFLAGS for the check and applies the workaround to CPPFLAGS if needed. >> >> -Jussi >> >>> >>> this seems to be alright for me now.. >>> >>> cheers >> > Hi Jussi, > > Do you mean the updated patch I sent doesn't work for you? > > That's real strange. I believe both CPPFLAGS and CFLAGS are always used during configure. That's why I used only cppflags in the reworked patch, and on my machine it works fine (as follows): > You're right. I was not fully aware about where/how CPPFLAGS are used, and got confused. Sorry. -Jussi >> configure:16940: checking whether GCC assembler handles division correctly >> configure:16950: gcc -c -O2 -I/opt/local/include -I/usr/include -fvisibility=hidden -I/opt/local/include -I/usr/include -D_REENTRANT conftest.c >&5 >> /var/tmp//ccvAWXuj.s: Assembler messages: >> /var/tmp//ccvAWXuj.s:3: Error: unbalanced parenthesis in operand 1. >> configure:16950: $? = 1 >> configure: failed program was: >> | /* confdefs.h */ >> | #define PACKAGE_NAME "libgcrypt" >> | #define PACKAGE_TARNAME "libgcrypt" >> | #define PACKAGE_VERSION "1.6.0" >> | #define PACKAGE_STRING "libgcrypt 1.6.0" >> | #define PACKAGE_BUGREPORT "http://bugs.gnupg.org" >> | #define PACKAGE_URL "" >> | #define PACKAGE "libgcrypt" >> | #define VERSION "1.6.0" >> | #define PACKAGE "libgcrypt" >> | #define VERSION "1.6.0" >> | #define STDC_HEADERS 1 >> | #define HAVE_SYS_TYPES_H 1 >> | #define HAVE_SYS_STAT_H 1 >> | #define HAVE_STDLIB_H 1 >> | #define HAVE_STRING_H 1 >> | #define HAVE_MEMORY_H 1 >> | #define HAVE_STRINGS_H 1 >> | #define HAVE_INTTYPES_H 1 >> | #define HAVE_STDINT_H 1 >> | #define HAVE_UNISTD_H 1 >> | #define __EXTENSIONS__ 1 >> | #define _ALL_SOURCE 1 >> | #define _GNU_SOURCE 1 >> | #define _POSIX_PTHREAD_SEMANTICS 1 >> | #define _TANDEM_SOURCE 1 >> | #define HAVE_DLFCN_H 1 >> | #define LT_OBJDIR ".libs/" >> | #define SIZEOF_UNSIGNED_SHORT 2 >> | #define SIZEOF_UNSIGNED_INT 4 >> | #define SIZEOF_UNSIGNED_LONG 8 >> | #define SIZEOF_UNSIGNED_LONG_LONG 8 >> | #define HAVE_UINTPTR_T 1 >> | #define EGD_SOCKET_NAME "" >> | #define ENABLE_DRNG_SUPPORT 1 >> | #define PRINTABLE_OS_NAME "SunOS" >> | #define NAME_OF_DEV_RANDOM "/dev/random" >> | #define NAME_OF_DEV_URANDOM "/dev/urandom" >> | #define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT >> | #define HAVE_PTHREAD /**/ >> | #define PTHREAD_IN_USE_DETECTION_HARD 1 >> | #define USE_POSIX_THREADS 1 >> | #define USE_POSIX_THREADS_WEAK 1 >> | #define HAVE_PTHREAD_RWLOCK 1 >> | #define HAVE_PTHREAD_MUTEX_RECURSIVE 1 >> | #define STDC_HEADERS 1 >> | #define HAVE_UNISTD_H 1 >> | #define HAVE_SYS_SELECT_H 1 >> | #define HAVE_SYS_MSG_H 1 >> | #define RETSIGTYPE void >> | #define HAVE_DECL_SYS_SIGLIST 0 >> | #define HAVE_USHORT_TYPEDEF 1 >> | #define HAVE_ULONG_TYPEDEF 1 >> | #define HAVE_SYS_SOCKET_H 1 >> | #define HAVE_BUILTIN_BSWAP32 1 >> | #define HAVE_BUILTIN_BSWAP64 1 >> | #define HAVE_VLA 1 >> | #define GCRY_USE_VISIBILITY 1 >> | #define HAVE_GCC_ATTRIBUTE_ALIGNED 1 >> | #define HAVE_GCC_ASM_VOLATILE_MEMORY 1 >> | #define HAVE_GCC_INLINE_ASM_SSSE3 1 >> | #define HAVE_GCC_INLINE_ASM_PCLMUL 1 >> | #define HAVE_GCC_INLINE_ASM_AVX 1 >> | #define HAVE_GCC_INLINE_ASM_AVX2 1 >> | #define HAVE_GCC_INLINE_ASM_BMI2 1 >> | /* end confdefs.h. */ >> | __asm__("xorl $(123456789/12345678), %ebp;\n\t"); >> configure:16955: result: no >> configure:16963: checking whether GCC assembler handles division correctly with "-Wa,--divide" >> configure:16973: gcc -c -O2 -I/opt/local/include -I/usr/include -fvisibility=hidden -I/opt/local/include -I/usr/include -D_REENTRANT -Wa,--divide conftest.c >&5 >> configure:16973: $? = 0 >> configure:16978: result: yes >> configure:16991: checking whether GCC assembler is compatible for amd64 assembly implementations >> configure:17015: gcc -c -O2 -I/opt/local/include -I/usr/include -fvisibility=hidden -I/opt/local/include -I/usr/include -D_REENTRANT -Wa,--divide conftest.c >&5 >> configure:17015: $? = 0 >> configure:17020: result: yes >> configure:17034: checking whether GCC assembler is compatible for Intel syntax assembly implementations >> configure:17062: gcc -c -O2 -I/opt/local/include -I/usr/include -fvisibility=hidden -I/opt/local/include -I/usr/include -D_REENTRANT -Wa,--divide conftest.c >&5 >> configure:17062: $? = 0 >> configure:17067: result: yes > > > By the way, I should remind that this patch only fixes assembly with gas (GNU as) which has the '--divide' option... > User's of sun's /usr/bin/as will get the assembler disabled. > > > From dbaryshkov at gmail.com Fri Jan 10 23:53:02 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Sat, 11 Jan 2014 02:53:02 +0400 Subject: [libksba] Libksba behaviour wrt. certificates with no extensions Message-ID: Hello, I'm debugging libksba behaviour wrt. a very lame certificate - it's a self signed certificate with no extensions defined used to sign/encrypt S/MIME messages. I'm attaching a certificate to the e-mail (it comes from an example at RFC 4491). The problem is that when asked for ksba_cert_is_ca() -> ksba_get_extension() -> read_extension() it (if I debugged it right) finds a dummy extension node, sets cert->cache.n_extns to 1 then fails the OID check and returns GPG_ERR_NO_VALUE. >From my understanding _ksba_asn_find_node should have returned NULL, as there are no extensions in the certificate. Is it a bug? Is it a misfuture? -- With best wishes Dmitry -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 34.10-01.der Type: application/x-x509-ca-cert Size: 468 bytes Desc: not available URL: From cvs at cvs.gnupg.org Sun Jan 12 10:08:14 2014 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 12 Jan 2014 10:08:14 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-18-g4337689 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 43376891c01f4aff1fbfb23beafebb5adfd0868c (commit) from b0ac1f9b143aa15855914ba93fef900288d45c9c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 43376891c01f4aff1fbfb23beafebb5adfd0868c Author: Jussi Kivilinna Date: Sun Jan 12 10:53:47 2014 +0200 Fix constant division for AMD64 assembly on Solaris/x86 * configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for constant division in assembly and test for "-Wa,--divide" workaround. (gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division. -- Appearantly on Solaris/x86 '/' character is treated as begining of line comment by GNU as. This causes problems when compiling SHA-1 SSSE3 implementation: On 02.01.2014 16:26, Richard PALO wrote: >> COLLECT_GCC_OPTIONS='-D' 'HAVE_CONFIG_H' '-I' '.' '-I' '..' '-I' '../src' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext' '-D' '_REENTRANT' '-O2' '-MT' 'sha1-ssse3-amd64.lo' '-MD' '-MP' '-MF' '.deps/sha1-ssse3-amd64.Tpo' '-c' '-fPIC' '-D' 'PIC' '-o' '.libs/sha1-ssse3-amd64.o' '-v' '-mtune=generic' '-march=x86-64' >> /usr/gnu/bin/as -v -I . -I .. -I ../src -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext -V -Qy -s --64 -o .libs/sha1-ssse3-amd64.o /var/tmp//ccAxWPXX.s >> GNU assembler version 2.23.1 (i386-pc-solaris2.11) using BFD version (GNU Binutils) 2.23.1 >> /var/tmp//ccAxWPXX.s: Assembler messages: >> /var/tmp//ccAxWPXX.s:34: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:38: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:42: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:46: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:54: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:58: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:62: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:66: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:70: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:74: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:78: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:82: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:86: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:90: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:94: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:98: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:102: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:106: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:110: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:114: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:119: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:123: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:127: Error: unbalanced parenthesis in operand 1. >> /var/tmp//ccAxWPXX.s:132: Error: unbalanced parenthesis in operand 1. > > > apparently the paddd code, such as > `paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0;` > isn't digested well, appended is the generated assembler code. On 02.01.2014 17:41, Richard PALO wrote: > Hi again, after finding the following: > https://sourceware.org/bugzilla/show_bug.cgi?id=4572 > > I tried using '-Wa,--divide' and that seemed to workaround the problem... > > perhaps the code, or at least the Makefile could be adapted accordingly? Patch adds detection of this feature and attempts to workaround issue with by adding "-Wa,--divide" to CPPFLAGS. If workaround does not work (old GAS on Solaris/x86), we'll disable AMD64 assembly. [v3]: - Update CPPFLAGS after testing instead of CFLAGS. Reported-and-tested-by: Richard PALO Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index 05cdaf8..fac5f7a 100644 --- a/configure.ac +++ b/configure.ac @@ -1079,11 +1079,42 @@ fi # +# Check whether GCC assembler needs "-Wa,--divide" to correctly handle +# constant division +# +if test $amd64_as_feature_detection = yes; then + AC_CACHE_CHECK([whether GCC assembler handles division correctly], + [gcry_cv_gcc_as_const_division_ok], + [gcry_cv_gcc_as_const_division_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__("xorl \$(123456789/12345678), %ebp;\n\t");]])], + [gcry_cv_gcc_as_const_division_ok=yes])]) + if test "$gcry_cv_gcc_as_const_division_ok" = "no" ; then + # + # Add '-Wa,--divide' to CPPFLAGS and try check again. + # + _gcc_cppflags_save="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -Wa,--divide" + AC_CACHE_CHECK([whether GCC assembler handles division correctly with "-Wa,--divide"], + [gcry_cv_gcc_as_const_division_with_wadivide_ok], + [gcry_cv_gcc_as_const_division_with_wadivide_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__("xorl \$(123456789/12345678), %ebp;\n\t");]])], + [gcry_cv_gcc_as_const_division_with_wadivide_ok=yes])]) + if test "$gcry_cv_gcc_as_const_division_ok_with_wadivide_ok" = "no" ; then + # '-Wa,--divide' did not work, restore old flags. + CPPFLAGS="$_gcc_cppflags_save" + fi + fi +fi + + +# # Check whether GCC assembler supports features needed for our amd64 # implementations # if test $amd64_as_feature_detection = yes; then - AC_CACHE_CHECK([whether GCC assembler is compatible for amd64 assembly implementations], + AC_CACHE_CHECK([whether GCC assembler is compatible for amd64 assembly implementations], [gcry_cv_gcc_amd64_platform_as_ok], [gcry_cv_gcc_amd64_platform_as_ok=no AC_COMPILE_IFELSE([AC_LANG_SOURCE( @@ -1096,6 +1127,11 @@ if test $amd64_as_feature_detection = yes; then "asmfunc:\n\t" ".size asmfunc,.-asmfunc;\n\t" ".type asmfunc, at function;\n\t" + /* Test if assembler allows use of '/' for constant division + * (Solaris/x86 issue). If previous constant division check + * and "-Wa,--divide" workaround failed, this causes assembly + * to be disable on this machine. */ + "xorl \$(123456789/12345678), %ebp;\n\t" );]])], [gcry_cv_gcc_amd64_platform_as_ok=yes])]) if test "$gcry_cv_gcc_amd64_platform_as_ok" = "yes" ; then ----------------------------------------------------------------------- Summary of changes: configure.ac | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Sun Jan 12 14:04:24 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sun, 12 Jan 2014 14:04:24 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-19-g019e0e9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 019e0e9e8c77a2edf283745e05e9301673ea6a0a (commit) from 43376891c01f4aff1fbfb23beafebb5adfd0868c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 019e0e9e8c77a2edf283745e05e9301673ea6a0a Author: NIIBE Yutaka Date: Sun Jan 12 21:54:57 2014 +0900 Add secp256k1 curve. * cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID. (domain_parms): Add secp256k1's domain paramerter. * tests/basic.c (check_pubkey): Add a key of secp256k1. * tests/curves.c (N_CURVES): Updated. -- The key in check_pubkey is from "Test vector 1" of following page. https://en.bitcoin.it/wiki/BIP_0032_TestVectors Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index ed629fc..a4bce67 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -73,6 +73,8 @@ static const struct { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"}, { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"}, + { "secp256k1", "1.3.132.0.10" }, + { NULL, NULL} }; @@ -297,6 +299,17 @@ static const ecc_domain_parms_t domain_parms[] = "c83ab156d77f1496bf7eb3351e1ee4e43dc1a18b91b24640b6dbb92cb1add371e", }, + { + "secp256k1", 256, 0, + MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD, + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", + "0x0000000000000000000000000000000000000000000000000000000000000000", + "0x0000000000000000000000000000000000000000000000000000000000000007", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8" + }, + { NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL } }; diff --git a/tests/basic.c b/tests/basic.c index 0eb8215..56328d1 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5901,6 +5901,28 @@ check_pubkey (void) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } + }, + { /* secp256k1 test 256 bit. */ + GCRY_PK_ECDSA, FLAG_SIGN, + { + "(private-key\n" + " (ecc\n" + " (curve secp256k1)\n" + " (q #0439A36013301597DAEF41FBE593A02CC513D0B55527EC2D" + " F1050E2E8FF49C85C23CBE7DED0E7CE6A594896B8F62888F" + " DBC5C8821305E2EA42BF01E37300116281#)\n" + " (d #E8F32E723DECF4051AEFAC8E2C93C9C5B214313817CDB01A" + " 1494B917C8436B35#)))\n", + + "(public-key\n" + " (ecc\n" + " (curve secp256k1)\n" + " (q #0439A36013301597DAEF41FBE593A02CC513D0B55527EC2D" + " F1050E2E8FF49C85C23CBE7DED0E7CE6A594896B8F62888F" + " DBC5C8821305E2EA42BF01E37300116281#)))\n" + + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" } } }; int i; diff --git a/tests/curves.c b/tests/curves.c index 198693e..04e6bc9 100644 --- a/tests/curves.c +++ b/tests/curves.c @@ -29,7 +29,7 @@ #include "../src/gcrypt-int.h" /* Number of curves defined in ../cipger/ecc.c */ -#define N_CURVES 15 +#define N_CURVES 16 /* A real world sample public key. */ static char const sample_key_1[] = ----------------------------------------------------------------------- Summary of changes: cipher/ecc-curves.c | 13 +++++++++++++ tests/basic.c | 22 ++++++++++++++++++++++ tests/curves.c | 2 +- 3 files changed, 36 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From gniibe at fsij.org Sun Jan 12 14:12:04 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Sun, 12 Jan 2014 22:12:04 +0900 Subject: secp256k1 In-Reply-To: <87wqi79b2m.fsf@vigenere.g10code.de> References: <1389272375.4793.1.camel@latx1.gniibe.org> <87d2k19czj.fsf@vigenere.g10code.de> <1389314551.2254.1.camel@cfw2.gniibe.org> <1389343535.2254.7.camel@cfw2.gniibe.org> <87wqi79b2m.fsf@vigenere.g10code.de> Message-ID: <1389532324.13265.0.camel@latx1.gniibe.org> On 2014-01-10 at 15:16 +0100, Werner Koch wrote: > On Fri, 10 Jan 2014 09:45, gniibe at fsij.org said: > > > I mean something like this. I also would like to add a key in > > tests/basic.c. > > Great. Go ahead for master. Done. -- From cvs at cvs.gnupg.org Sun Jan 12 21:02:11 2014 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 12 Jan 2014 21:02:11 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-20-gef3e66e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ef3e66e168c4b9b86bfc4903001631e53a7125d8 (commit) from 019e0e9e8c77a2edf283745e05e9301673ea6a0a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef3e66e168c4b9b86bfc4903001631e53a7125d8 Author: Jussi Kivilinna Date: Sun Jan 12 22:01:28 2014 +0200 Fix assembly division check * configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable name mismatch at '--Wa,--divide' workaround check. -- Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index fac5f7a..7d37f94 100644 --- a/configure.ac +++ b/configure.ac @@ -1101,7 +1101,7 @@ if test $amd64_as_feature_detection = yes; then AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[__asm__("xorl \$(123456789/12345678), %ebp;\n\t");]])], [gcry_cv_gcc_as_const_division_with_wadivide_ok=yes])]) - if test "$gcry_cv_gcc_as_const_division_ok_with_wadivide_ok" = "no" ; then + if test "$gcry_cv_gcc_as_const_division_with_wadivide_ok" = "no" ; then # '-Wa,--divide' did not work, restore old flags. CPPFLAGS="$_gcc_cppflags_save" fi ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Jan 13 11:12:44 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Jan 2014 11:12:44 +0100 Subject: [PATCH] [for-1.6] Add blowfish/serpent ARM assembly files to Makefile.am In-Reply-To: <20131230143856.11907.39432.stgit@localhost6.localdomain6> (Jussi Kivilinna's message of "Mon, 30 Dec 2013 16:38:56 +0200") References: <20131230143856.11907.39432.stgit@localhost6.localdomain6> Message-ID: <87ob3g8a1v.fsf@vigenere.g10code.de> On Mon, 30 Dec 2013 15:38, jussi.kivilinna at iki.fi said: > Fix for bug https://bugs.g10code.com/gnupg/issue1584 You may use GnuPG-bug-id: 1584 for this. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jan 13 11:17:10 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Jan 2014 11:17:10 +0100 Subject: Libgcrypt threads model In-Reply-To: (Dmitry Eremin-Solenikov's message of "Fri, 10 Jan 2014 18:58:38 +0400") References: Message-ID: <87k3e489uh.fsf@vigenere.g10code.de> On Fri, 10 Jan 2014 15:58, dbaryshkov at gmail.com said: >> Despite all definitions in ath.c gcrypt does not really support >> either W32 threads or pthreads on systems which do not >> support weak symbols (are there any of them?). Is it true? >> Is it intentional? That is quite possible. I did this code a long time ago and planned to improve it for non-ELF platforms. However, I never came that. >> How would ath mutexes behave if libgcrypt is linked into >> an application with static pthreads? With pth or npth? >> With w32? Pth shall not be supported anymore. nPth: We have to check. w32: it should just work or you have found a bug. >> Is it correct that GCRYCTL_SET_THREAD_CBS gcry_control >> is also deprecated and should not be used in contemporary code? Right. All platforms hav settled for a standard threads implementation and that is what we will use. The callbacks are soo ugly. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Mon Jan 13 11:26:19 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Jan 2014 11:26:19 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-30-g518ae27 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 518ae274a1845ce626b2b4223a9b3805cbbab1a7 (commit) from 91d3a2cc7ed2114b9f1821133eafc79efb55edca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 518ae274a1845ce626b2b4223a9b3805cbbab1a7 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Use internal malloc function in fips.c * src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/. -- This fixes a build problem with ENABLE_HMAC_BINARY_CHECK. Reported-by: Michal Vyskocil. diff --git a/src/fips.c b/src/fips.c index 8148dcd..3ab33f9 100644 --- a/src/fips.c +++ b/src/fips.c @@ -602,7 +602,7 @@ check_binary_integrity (void) err = gpg_error (GPG_ERR_INTERNAL); else { - fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 ); + fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 ); if (!fname) err = gpg_error_from_syserror (); else ----------------------------------------------------------------------- Summary of changes: src/fips.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Jan 13 11:20:46 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Jan 2014 11:20:46 +0100 Subject: [PATCH] Use internall malloc in fips.c In-Reply-To: <20131219104253.GA19714@linux-xtv2.site> (Michal Vyskocil's message of "Thu, 19 Dec 2013 11:42:57 +0100") References: <20131219104253.GA19714@linux-xtv2.site> Message-ID: <87d2jw89oh.fsf@vigenere.g10code.de> On Thu, 19 Dec 2013 11:42, mvyskocil at suse.cz said: > I've found this minor issue in 1.6.0 - gcry_malloc is not available in > fips.c, so and internal one is used instead. Thanks. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dbaryshkov at gmail.com Mon Jan 13 11:42:51 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Mon, 13 Jan 2014 14:42:51 +0400 Subject: Libgcrypt threads model In-Reply-To: <87k3e489uh.fsf@vigenere.g10code.de> References: <87k3e489uh.fsf@vigenere.g10code.de> Message-ID: Hello, On Mon, Jan 13, 2014 at 2:17 PM, Werner Koch wrote: > On Fri, 10 Jan 2014 15:58, dbaryshkov at gmail.com said: > >>> Despite all definitions in ath.c gcrypt does not really support >>> either W32 threads or pthreads on systems which do not >>> support weak symbols (are there any of them?). Is it true? >>> Is it intentional? > > That is quite possible. I did this code a long time ago and planned to > improve it for non-ELF platforms. However, I never came that. > >>> How would ath mutexes behave if libgcrypt is linked into >>> an application with static pthreads? With pth or npth? >>> With w32? > > Pth shall not be supported anymore. > nPth: We have to check. > w32: it should just work or you have found a bug. It looks so: there is no code for w32 (and for pthread w/o weak symbols). The ath.c will default to "none" implementation. So the code will work till there are multiple threads racing for libgcrypt. And as the mutexes seem to be used only in prime pool and random code, this can be left unnoticed for quite long time (till somebody implements concurrent attack on libgcrypt's random generator). -- With best wishes Dmitry From cvs at cvs.gnupg.org Mon Jan 13 11:53:02 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Jan 2014 11:53:02 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-31-g5f2af6c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5f2af6c26bc04975c0b518881532871d7387d7ce (commit) from 518ae274a1845ce626b2b4223a9b3805cbbab1a7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5f2af6c26bc04975c0b518881532871d7387d7ce Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Fix macro conflict in NetBSD * cipher/bithelp.h (bswap32): Rename to _gcry_bswap32. (bswap64): Rename to _gcry_bswap64. -- NetBSD provides system macros bswap32 and bswap64 which conflicts with our macros. Prefixing them with _gcry_ is easier than to come up with a proper test. GnuPG-bug-id: 1600 Signed-off-by: Werner Koch (cherry picked from commit 36214bfa8f612cd2faa4de217d1a12a8b5faadbf) diff --git a/cipher/bithelp.h b/cipher/bithelp.h index 418bdf5..6e59c53 100644 --- a/cipher/bithelp.h +++ b/cipher/bithelp.h @@ -39,9 +39,10 @@ static inline u32 ror(u32 x, int n) /* Byte swap for 32-bit and 64-bit integers. If available, use compiler provided helpers. */ #ifdef HAVE_BUILTIN_BSWAP32 -# define bswap32 __builtin_bswap32 +# define _gcry_bswap32 __builtin_bswap32 #else -static inline u32 bswap32(u32 x) +static inline u32 +_gcry_bswap32(u32 x) { return ((rol(x, 8) & 0x00ff00ffL) | (ror(x, 8) & 0xff00ff00L)); } @@ -49,29 +50,30 @@ static inline u32 bswap32(u32 x) #ifdef HAVE_U64_TYPEDEF # ifdef HAVE_BUILTIN_BSWAP64 -# define bswap64 __builtin_bswap64 +# define _gcry_bswap64 __builtin_bswap64 # else -static inline u64 bswap64(u64 x) +static inline u64 +_gcry_bswap64(u64 x) { - return ((u64)bswap32(x) << 32) | (bswap32(x >> 32)); + return ((u64)_gcry_bswap32(x) << 32) | (_gcry_bswap32(x >> 32)); } # endif #endif /* Endian dependent byte swap operations. */ #ifdef WORDS_BIGENDIAN -# define le_bswap32(x) bswap32(x) +# define le_bswap32(x) _gcry_bswap32(x) # define be_bswap32(x) ((u32)(x)) # ifdef HAVE_U64_TYPEDEF -# define le_bswap64(x) bswap64(x) +# define le_bswap64(x) _gcry_bswap64(x) # define be_bswap64(x) ((u64)(x)) # endif #else # define le_bswap32(x) ((u32)(x)) -# define be_bswap32(x) bswap32(x) +# define be_bswap32(x) _gcry_bswap32(x) # ifdef HAVE_U64_TYPEDEF # define le_bswap64(x) ((u64)(x)) -# define be_bswap64(x) bswap64(x) +# define be_bswap64(x) _gcry_bswap64(x) # endif #endif ----------------------------------------------------------------------- Summary of changes: cipher/bithelp.h | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Jan 13 14:10:04 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Jan 2014 14:10:04 +0100 Subject: Libgcrypt threads model In-Reply-To: (Dmitry Eremin-Solenikov's message of "Mon, 13 Jan 2014 14:42:51 +0400") References: <87k3e489uh.fsf@vigenere.g10code.de> Message-ID: <874n5881ub.fsf@vigenere.g10code.de> On Mon, 13 Jan 2014 11:42, dbaryshkov at gmail.com said: > It looks so: there is no code for w32 (and for pthread w/o weak symbols). > The ath.c will default to "none" implementation. So the code will work > till there are multiple threads racing for libgcrypt. And as the mutexes Ooops. That needs to be fixed before we start to use it for Windows. Given that I am currently porting GnuPG 2.1, I'll will immediately start working on that. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gmazyland at gmail.com Mon Jan 13 21:30:42 2014 From: gmazyland at gmail.com (Milan Broz) Date: Mon, 13 Jan 2014 21:30:42 +0100 Subject: [PATCH] PBKDF2: Use gcry_md_reset to speed up calculation. Message-ID: <1389645042-8236-1-git-send-email-gmazyland@gmail.com> * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset to speed up calculation. -- Current PBKDF2 implementation uses gcry_md_set_key in every iteration which is extremely slow (even in comparison with other implementations). Use gcry_md_reset instead and set key only once. With this test program: char input[32000], salt[8], key[16]; gcry_kdf_derive(input, sizeof(input), GCRY_KDF_PBKDF2, gcry_md_map_name("sha1"), salt, sizeof(salt), 100000, sizeof(key), key); running time without patch: real 0m11.165s user 0m11.136s sys 0m0.000s and with patch applied real 0m0.230s user 0m0.184s sys 0m0.024s (The problem was found when cryptsetup started to use gcrypt internal PBKDF2 and for very long keyfiles unlocking time increased drastically. See https://bugzilla.redhat.com/show_bug.cgi?id=1051733) Signed-off-by: Milan Broz --- cipher/kdf.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/cipher/kdf.c b/cipher/kdf.c index 503f068..af0dc48 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -175,19 +175,21 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, return ec; } + ec = _gcry_md_setkey (md, passphrase, passphraselen); + if (ec) + { + _gcry_md_close (md); + xfree (sbuf); + return ec; + } + /* Step 3 and 4. */ memcpy (sbuf, salt, saltlen); for (lidx = 1; lidx <= l; lidx++) { for (iter = 0; iter < iterations; iter++) { - ec = _gcry_md_setkey (md, passphrase, passphraselen); - if (ec) - { - _gcry_md_close (md); - xfree (sbuf); - return ec; - } + _gcry_md_reset (md); if (!iter) /* Compute U_1: */ { sbuf[saltlen] = (lidx >> 24); -- 1.8.5.2 From gmazyland at gmail.com Mon Jan 13 21:29:58 2014 From: gmazyland at gmail.com (Milan Broz) Date: Mon, 13 Jan 2014 21:29:58 +0100 Subject: DCO Message-ID: <52D44CC6.4050707@gmail.com> Libgcrypt Developer's Certificate of Origin. Version 1.0 ========================================================= By making a contribution to the Libgcrypt project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Milan Broz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From dbaryshkov at gmail.com Mon Jan 13 23:30:33 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Tue, 14 Jan 2014 02:30:33 +0400 Subject: Key Derivation API Message-ID: Hello, As I'm digging into gpgsm support for GOST curves and kx/ecdh schemes for GnuTLS, I feel a desperate need for the key derivation API not limited to plain ECDH. Is it fine to extend the key exchange API on top of gcry_pk_encrypt()/decrypt() (to add plain DH shared secret computation, GOST algorithms, etc)? Would it be better to add special gcry_pk_derive (?) API? Actually I had the following prototype in mind: gcry_error_t gcry_pk_derive (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t privkey, gcry_sexp_t pubkey) -- With best wishes Dmitry -------------- next part -------------- An HTML attachment was scrubbed... URL: From gniibe at fsij.org Tue Jan 14 03:28:12 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 14 Jan 2014 11:28:12 +0900 Subject: gcry_mpi_ec_p_new and its parameter checking Message-ID: <1389666492.2085.3.camel@cfw2.gniibe.org> Coefficient a=0 is valid (as secp256k1), but the internal function _gcry_mpi_ec_p_new doesn't allow me to create the context. I don't know how much checking of parameters should be done with it, but checking against a=0 (to be failed) is wrong. I wrote following patch, as a possible fix. This will cause two failures of tests/t-mpi-point.c: t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (1) t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (2) Adding checking like: || !mpi_cmp_ui (p, 0) || !mpi_cmp_ui (p, 1) makes sense and fix those failures. But I know that p=2 and p=3 are also not good, and I wonder. As it's internal function, I think that it is not expected to check all wrong combinations of p and a, but some typical failures. I'd propose just removing checking a==0 and adding checking p==0 and p==1. Or should we change tests/t-mpi-point.c? diff --git a/mpi/ec.c b/mpi/ec.c index 9e007cd..4f35de0 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -495,7 +495,7 @@ _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx, mpi_ec_t ec; *r_ctx = NULL; - if (!p || !a || !mpi_cmp_ui (a, 0)) + if (!p || !a) return GPG_ERR_EINVAL; ctx = _gcry_ctx_alloc (CONTEXT_TYPE_EC, sizeof *ec, ec_deinit); -- From wk at gnupg.org Tue Jan 14 09:50:14 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 14 Jan 2014 09:50:14 +0100 Subject: Key Derivation API In-Reply-To: (Dmitry Eremin-Solenikov's message of "Tue, 14 Jan 2014 02:30:33 +0400") References: Message-ID: <877ga36j7d.fsf@vigenere.g10code.de> On Mon, 13 Jan 2014 23:30, dbaryshkov at gmail.com said: > I feel a desperate need for the key derivation API not limited to plain > ECDH. Can you explain what you want to do with it? Do you want to create an ephemeral key from a long term ECC key? That can easily be done using the context based ECC API. Sure that is somewhat low-level but it is quite flexible and probably the best way until common usage patterns are established. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Jan 14 10:04:15 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 14 Jan 2014 10:04:15 +0100 Subject: gcry_mpi_ec_p_new and its parameter checking In-Reply-To: <1389666492.2085.3.camel@cfw2.gniibe.org> (NIIBE Yutaka's message of "Tue, 14 Jan 2014 11:28:12 +0900") References: <1389666492.2085.3.camel@cfw2.gniibe.org> Message-ID: <8738kr6ik0.fsf@vigenere.g10code.de> On Tue, 14 Jan 2014 03:28, gniibe at fsij.org said: > Coefficient a=0 is valid (as secp256k1), but the internal function > _gcry_mpi_ec_p_new doesn't allow me to create the context. I can't remember why I did this test. At a quick glance there is no risk of a division by zero. Checking P would have made more sense if that is really a concern. A cause for that check may have been that I tested some gnunet code and it passed a bad A. > I don't know how much checking of parameters should be done with it, > but checking against a=0 (to be failed) is wrong. Weel, for that strange curve ;-) > t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (1) > t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (2) Remove these tests. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dbaryshkov at gmail.com Tue Jan 14 12:27:46 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Tue, 14 Jan 2014 15:27:46 +0400 Subject: Key Derivation API In-Reply-To: <877ga36j7d.fsf@vigenere.g10code.de> References: <877ga36j7d.fsf@vigenere.g10code.de> Message-ID: Hello, On Tue, Jan 14, 2014 at 12:50 PM, Werner Koch wrote: > On Mon, 13 Jan 2014 23:30, dbaryshkov at gmail.com said: > >> I feel a desperate need for the key derivation API not limited to plain >> ECDH. > > Can you explain what you want to do with it? Do you want to create an > ephemeral key from a long term ECC key? That can easily be done using > the context based ECC API. Sure that is somewhat low-level but it is > quite flexible and probably the best way until common usage patterns are > established. I need to create shared key material, but using special scheme defined in rfc4357 [1] for GOST R 34.10-2001 (and currently being extended to GOST R 34.10-2012 by using Stribog instead of old GOST R 34.11-94 hashing). Basically it is ECDH, but with an additional salt (called UKM) being used: shared = hash( (UKM * d) (mod p) x Q ) where p is (sub-)group size, d is my private key, Q is 'their' public key and UKM is a salt/noonce/whatever. [1] https://tools.ietf.org/html/rfc4357 -- With best wishes Dmitry From cvs at cvs.gnupg.org Tue Jan 14 16:40:00 2014 From: cvs at cvs.gnupg.org (by Milan Broz) Date: Tue, 14 Jan 2014 16:40:00 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-33-g04cda6b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 04cda6b7cc16f3f52c12d9d3e46c56701003496e (commit) via dfde161355b15b25b1d1214d5ee0338e50b33517 (commit) from 5f2af6c26bc04975c0b518881532871d7387d7ce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 04cda6b7cc16f3f52c12d9d3e46c56701003496e Author: Milan Broz Date: Mon Jan 13 21:30:42 2014 +0100 PBKDF2: Use gcry_md_reset to speed up calculation. * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset to speed up calculation. -- Current PBKDF2 implementation uses gcry_md_set_key in every iteration which is extremely slow (even in comparison with other implementations). Use gcry_md_reset instead and set key only once. With this test program: char input[32000], salt[8], key[16]; gcry_kdf_derive(input, sizeof(input), GCRY_KDF_PBKDF2, gcry_md_map_name("sha1"), salt, sizeof(salt), 100000, sizeof(key), key); running time without patch: real 0m11.165s user 0m11.136s sys 0m0.000s and with patch applied real 0m0.230s user 0m0.184s sys 0m0.024s (The problem was found when cryptsetup started to use gcrypt internal PBKDF2 and for very long keyfiles unlocking time increased drastically. See https://bugzilla.redhat.com/show_bug.cgi?id=1051733) Signed-off-by: Milan Broz diff --git a/cipher/kdf.c b/cipher/kdf.c index 503f068..af0dc48 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -175,19 +175,21 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, return ec; } + ec = _gcry_md_setkey (md, passphrase, passphraselen); + if (ec) + { + _gcry_md_close (md); + xfree (sbuf); + return ec; + } + /* Step 3 and 4. */ memcpy (sbuf, salt, saltlen); for (lidx = 1; lidx <= l; lidx++) { for (iter = 0; iter < iterations; iter++) { - ec = _gcry_md_setkey (md, passphrase, passphraselen); - if (ec) - { - _gcry_md_close (md); - xfree (sbuf); - return ec; - } + _gcry_md_reset (md); if (!iter) /* Compute U_1: */ { sbuf[saltlen] = (lidx >> 24); commit dfde161355b15b25b1d1214d5ee0338e50b33517 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Add DCO entry for Milan Broz. -- diff --git a/AUTHORS b/AUTHORS index dc933dc..2c92998 100644 --- a/AUTHORS +++ b/AUTHORS @@ -154,6 +154,9 @@ Jussi Kivilinna Jussi Kivilinna 2013-05-06:5186720A.4090101 at iki.fi: +Milan Broz +2014-01-13:52D44CC6.4050707 at gmail.com: + Rafa?l Carr? 2012-04-20:4F91988B.1080502 at videolan.org: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 +++ cipher/kdf.c | 16 +++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Tue Jan 14 16:32:45 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 14 Jan 2014 16:32:45 +0100 Subject: [PATCH] PBKDF2: Use gcry_md_reset to speed up calculation. In-Reply-To: <1389645042-8236-1-git-send-email-gmazyland@gmail.com> (Milan Broz's message of "Mon, 13 Jan 2014 21:30:42 +0100") References: <1389645042-8236-1-git-send-email-gmazyland@gmail.com> Message-ID: <87eh4a60ki.fsf@vigenere.g10code.de> On Mon, 13 Jan 2014 21:30, gmazyland at gmail.com said: > * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset > to speed up calculation. Thanks. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Wed Jan 15 04:47:55 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 15 Jan 2014 04:47:55 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-34-g49edeeb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 49edeebb43174865cf4fa2c170a42a8e4274c4f0 (commit) from 04cda6b7cc16f3f52c12d9d3e46c56701003496e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 49edeebb43174865cf4fa2c170a42a8e4274c4f0 Author: NIIBE Yutaka Date: Wed Jan 15 12:41:37 2014 +0900 ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1. * mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0. * tests/t-mpi-point.c (context_alloc): Remove two spurious tests. -- It is no problem when a==0. Signed-off-by: NIIBE Yutaka diff --git a/mpi/ec.c b/mpi/ec.c index 9e007cd..4f35de0 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -495,7 +495,7 @@ _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx, mpi_ec_t ec; *r_ctx = NULL; - if (!p || !a || !mpi_cmp_ui (a, 0)) + if (!p || !a) return GPG_ERR_EINVAL; ctx = _gcry_ctx_alloc (CONTEXT_TYPE_EC, sizeof *ec, ec_deinit); diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index ae52601..d60b3f0 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -434,28 +434,18 @@ context_alloc (void) gcry_mpi_release (a); gcry_ctx_release (ctx); - p = gcry_mpi_set_ui (NULL, 0); + p = NULL; a = gcry_mpi_set_ui (NULL, 0); - err = ec_p_new (&ctx, p, a); - if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) - fail ("ec_p_new: bad parameter detection failed (1)\n"); - - gcry_mpi_set_ui (p, 1); - err = ec_p_new (&ctx, p, a); - if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) - fail ("ec_p_new: bad parameter detection failed (2)\n"); - gcry_mpi_release (p); - p = NULL; err = ec_p_new (&ctx, p, a); if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) - fail ("ec_p_new: bad parameter detection failed (3)\n"); + fail ("ec_p_new: bad parameter detection failed (1)\n"); gcry_mpi_release (a); a = NULL; err = ec_p_new (&ctx, p, a); if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) - fail ("ec_p_new: bad parameter detection failed (4)\n"); + fail ("ec_p_new: bad parameter detection failed (2)\n"); } ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 2 +- tests/t-mpi-point.c | 16 +++------------- 2 files changed, 4 insertions(+), 14 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Thu Jan 16 17:25:19 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Jan 2014 17:25:19 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via cfc151ba637200e4fc05d9481a8df2071b2f9a47 (commit) from 49edeebb43174865cf4fa2c170a42a8e4274c4f0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cfc151ba637200e4fc05d9481a8df2071b2f9a47 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Replace ath based mutexes by gpgrt based locks. * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13. (gl_LOCK): Remove. * src/ath.c, src/ath.h: Remove. Remove from all files. Replace all mutexes by gpgrt based statically initialized locks. * src/global.c (global_init): Remove ath_init. (_gcry_vcontrol): Make ath install a dummy function. (print_config): Remove threads info line. * doc/gcrypt.texi: Simplify the multi-thread related documentation. -- The current code does only work on ELF systems with weak symbol support. In particular no locks were used under Windows. With the new gpgrt_lock functions from the soon to be released libgpg-error 1.13 we have a better portable scheme which also allows for static initialized mutexes. Signed-off-by: Werner Koch diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c index 50ac107..698742d 100644 --- a/cipher/cipher-aeswrap.c +++ b/cipher/cipher-aeswrap.c @@ -25,7 +25,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "bufhelp.h" #include "./cipher-internal.h" diff --git a/cipher/cipher-cbc.c b/cipher/cipher-cbc.c index 4b929da..67814b7 100644 --- a/cipher/cipher-cbc.c +++ b/cipher/cipher-cbc.c @@ -26,7 +26,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "./cipher-internal.h" #include "bufhelp.h" diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c index 9d0bf0a..3d5f220 100644 --- a/cipher/cipher-ccm.c +++ b/cipher/cipher-ccm.c @@ -25,7 +25,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "bufhelp.h" #include "./cipher-internal.h" diff --git a/cipher/cipher-cfb.c b/cipher/cipher-cfb.c index 8539f54..f289ed3 100644 --- a/cipher/cipher-cfb.c +++ b/cipher/cipher-cfb.c @@ -26,7 +26,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "bufhelp.h" #include "./cipher-internal.h" diff --git a/cipher/cipher-ctr.c b/cipher/cipher-ctr.c index 1e7133c..4bbfaae 100644 --- a/cipher/cipher-ctr.c +++ b/cipher/cipher-ctr.c @@ -26,7 +26,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "bufhelp.h" #include "./cipher-internal.h" diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index cdd35ad..0534761 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -26,7 +26,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "bufhelp.h" #include "./cipher-internal.h" diff --git a/cipher/cipher-ofb.c b/cipher/cipher-ofb.c index 3842774..7db7658 100644 --- a/cipher/cipher-ofb.c +++ b/cipher/cipher-ofb.c @@ -26,7 +26,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "bufhelp.h" #include "./cipher-internal.h" diff --git a/cipher/cipher.c b/cipher/cipher.c index 8c5a0b4..baa4720 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -27,7 +27,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "./cipher-internal.h" diff --git a/cipher/kdf.c b/cipher/kdf.c index af0dc48..ad5c46e 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -26,7 +26,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "kdf-internal.h" diff --git a/cipher/md.c b/cipher/md.c index 1b59765..f4fb129 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -27,7 +27,6 @@ #include "g10lib.h" #include "cipher.h" -#include "ath.h" #include "rmd.h" diff --git a/cipher/primegen.c b/cipher/primegen.c index 645b0f8..9f6ec70 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -29,7 +29,6 @@ #include "g10lib.h" #include "mpi.h" #include "cipher.h" -#include "ath.h" static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel, int (*extra_check)(void *, gcry_mpi_t), @@ -141,18 +140,15 @@ struct primepool_s }; struct primepool_s *primepool; /* Mutex used to protect access to the primepool. */ -static ath_mutex_t primepool_lock; +GPGRT_LOCK_DEFINE (primepool_lock); gcry_err_code_t _gcry_primegen_init (void) { - gcry_err_code_t ec; - - ec = ath_mutex_init (&primepool_lock); - if (ec) - return gpg_err_code_from_errno (ec); - return ec; + /* This function was formerly used to initialize the primepool + Mutex. This has been replace by a static initialization. */ + return 0; } @@ -446,12 +442,11 @@ prime_generate_internal (int need_q_factor, goto leave; } - if (ath_mutex_lock (&primepool_lock)) - { - err = GPG_ERR_INTERNAL; - goto leave; - } + err = gpgrt_lock_lock (&primepool_lock); + if (err) + goto leave; is_locked = 1; + for (i = 0; i < n; i++) { perms[i] = 1; @@ -470,11 +465,9 @@ prime_generate_internal (int need_q_factor, pool[i] = get_pool_prime (fbits, poolrandomlevel); if (!pool[i]) { - if (ath_mutex_unlock (&primepool_lock)) - { - err = GPG_ERR_INTERNAL; - goto leave; - } + err = gpgrt_lock_unlock (&primepool_lock); + if (err) + goto leave; is_locked = 0; } } @@ -483,23 +476,20 @@ prime_generate_internal (int need_q_factor, pool_in_use[i] = i; factors[i] = pool[i]; } - if (is_locked && ath_mutex_unlock (&primepool_lock)) - { - err = GPG_ERR_INTERNAL; - goto leave; - } + + if (is_locked && (err = gpgrt_lock_unlock (&primepool_lock))) + goto leave; is_locked = 0; } else { /* Get next permutation. */ m_out_of_n ( (char*)perms, n, m); - if (ath_mutex_lock (&primepool_lock)) - { - err = GPG_ERR_INTERNAL; - goto leave; - } + + if ((err = gpgrt_lock_lock (&primepool_lock))) + goto leave; is_locked = 1; + for (i = j = 0; (i < m) && (j < n); i++) if (perms[i]) { @@ -509,11 +499,8 @@ prime_generate_internal (int need_q_factor, pool[i] = get_pool_prime (fbits, poolrandomlevel); if (!pool[i]) { - if (ath_mutex_unlock (&primepool_lock)) - { - err = GPG_ERR_INTERNAL; - goto leave; - } + if ((err = gpgrt_lock_unlock (&primepool_lock))) + goto leave; is_locked = 0; } } @@ -522,12 +509,11 @@ prime_generate_internal (int need_q_factor, pool_in_use[j] = i; factors[j++] = pool[i]; } - if (is_locked && ath_mutex_unlock (&primepool_lock)) - { - err = GPG_ERR_INTERNAL; - goto leave; - } + + if (is_locked && (err = gpgrt_lock_unlock (&primepool_lock))) + goto leave; is_locked = 0; + if (i == n) { /* Ran out of permutations: Allocate new primes. */ @@ -686,7 +672,7 @@ prime_generate_internal (int need_q_factor, leave: if (pool) { - is_locked = !ath_mutex_lock (&primepool_lock); + is_locked = !gpgrt_lock_lock (&primepool_lock); for(i = 0; i < m; i++) { if (pool[i]) @@ -703,8 +689,8 @@ prime_generate_internal (int need_q_factor, mpi_free (pool[i]); } } - if (is_locked && ath_mutex_unlock (&primepool_lock)) - err = GPG_ERR_INTERNAL; + if (is_locked) + err = gpgrt_lock_unlock (&primepool_lock); is_locked = 0; xfree (pool); } diff --git a/cipher/pubkey.c b/cipher/pubkey.c index d130388..9aeaced 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -28,7 +28,6 @@ #include "g10lib.h" #include "mpi.h" #include "cipher.h" -#include "ath.h" #include "context.h" #include "pubkey-internal.h" diff --git a/compat/compat.c b/compat/compat.c index 5678067..39d6498 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -31,8 +31,8 @@ _gcry_compat_identification (void) "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" "Copyright (C) 2000-2012 Free Software Foundation, Inc.\n" - "Copyright (C) 2012-2013 g10 Code GmbH\n" - "Copyright (C) 2013 Jussi Kivilinna\n" + "Copyright (C) 2012-2014 g10 Code GmbH\n" + "Copyright (C) 2013-2014 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" "\n\n"; diff --git a/configure.ac b/configure.ac index 7d37f94..6272871 100644 --- a/configure.ac +++ b/configure.ac @@ -67,7 +67,7 @@ LIBGCRYPT_CONFIG_API_VERSION=1 # If you change the required gpg-error version, please remove # unnecessary error code defines in src/gcrypt-int.h. -NEED_GPG_ERROR_VERSION=1.11 +NEED_GPG_ERROR_VERSION=1.13 PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION @@ -733,11 +733,6 @@ if test "$have_pthread" = yes; then AC_DEFINE(HAVE_PTHREAD, ,[Define if we have pthread.]) fi -# -# See which thread system we have -# FIXME: Thus duplicates the above check. -# -gl_LOCK # Solaris needs -lsocket and -lnsl. Unisys system includes # gethostbyname in libsocket but needs libnsl for socket. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 25d8227..7712b80 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -188,8 +188,8 @@ the same handle, he has to take care of the serialization of such functions himself. If not described otherwise, every function is thread-safe. -Libgcrypt depends on the library `libgpg-error', which -contains common error handling related code for GnuPG components. +Libgcrypt depends on the library `libgpg-error', which contains some +common code used by other GnuPG components. @c ********************************************************** @c ******************* Preparation ************************ @@ -343,8 +343,7 @@ after program startup. The function @code{gcry_check_version} initializes some subsystems used by Libgcrypt and must be invoked before any other function in the -library, with the exception of the @code{GCRYCTL_SET_THREAD_CBS} command -(called via the @code{gcry_control} function). +library. @xref{Multi-Threading}. Furthermore, this function returns the version number of the library. @@ -450,51 +449,16 @@ thread-safe if you adhere to the following requirements: @itemize @bullet @item -If your application is multi-threaded, you must set the thread support -callbacks with the @code{GCRYCTL_SET_THREAD_CBS} command - at strong{before} any other function in the library. - -This is easy enough if you are indeed writing an application using -Libgcrypt. It is rather problematic if you are writing a library -instead. Here are some tips what to do if you are writing a library: - -If your library requires a certain thread package, just initialize -Libgcrypt to use this thread package. If your library supports multiple -thread packages, but needs to be configured, you will have to -implement a way to determine which thread package the application -wants to use with your library anyway. Then configure Libgcrypt to use -this thread package. - -If your library is fully reentrant without any special support by a -thread package, then you are lucky indeed. Unfortunately, this does -not relieve you from doing either of the two above, or use a third -option. The third option is to let the application initialize Libgcrypt -for you. Then you are not using Libgcrypt transparently, though. - -As if this was not difficult enough, a conflict may arise if two -libraries try to initialize Libgcrypt independently of each others, and -both such libraries are then linked into the same application. To -make it a bit simpler for you, this will probably work, but only if -both libraries have the same requirement for the thread package. This -is currently only supported for the non-threaded case, GNU Pth and -pthread. - If you use pthread and your applications forks and does not directly call exec (even calling stdio functions), all kind of problems may occur. Future versions of Libgcrypt will try to cleanup using pthread_atfork but even that may lead to problems. This is a common problem with almost all applications using pthread and fork. -Note that future versions of Libgcrypt will drop this flexible thread -support and instead only support the platforms standard thread -implementation. - @item The function @code{gcry_check_version} must be called before any other -function in the library, except the @code{GCRYCTL_SET_THREAD_CBS} -command (called via the @code{gcry_control} function), because it -initializes the thread support subsystem in Libgcrypt. To +function in the library. To achieve this in multi-threaded programs, you must synchronize the memory with respect to other threads that also want to use Libgcrypt. For this, it is sufficient to call @@ -515,52 +479,6 @@ Just like the function @code{gpg_strerror}, the function @end itemize -Libgcrypt contains convenient macros, which define the -necessary thread callbacks for PThread and for GNU Pth: - - at table @code - at item GCRY_THREAD_OPTION_PTH_IMPL - -This macro defines the following (static) symbols: - at code{gcry_pth_init}, @code{gcry_pth_mutex_init}, - at code{gcry_pth_mutex_destroy}, @code{gcry_pth_mutex_lock}, - at code{gcry_pth_mutex_unlock}, @code{gcry_pth_read}, - at code{gcry_pth_write}, @code{gcry_pth_select}, - at code{gcry_pth_waitpid}, @code{gcry_pth_accept}, - at code{gcry_pth_connect}, @code{gcry_threads_pth}. - -After including this macro, @code{gcry_control()} shall be used with a -command of @code{GCRYCTL_SET_THREAD_CBS} in order to register the -thread callback structure named ``gcry_threads_pth''. Example: - - at smallexample - ret = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); - at end smallexample - - - at item GCRY_THREAD_OPTION_PTHREAD_IMPL - -This macro defines the following (static) symbols: - at code{gcry_pthread_mutex_init}, @code{gcry_pthread_mutex_destroy}, - at code{gcry_pthread_mutex_lock}, @code{gcry_pthread_mutex_unlock}, - at code{gcry_threads_pthread}. - -After including this macro, @code{gcry_control()} shall be used with a -command of @code{GCRYCTL_SET_THREAD_CBS} in order to register the -thread callback structure named ``gcry_threads_pthread''. Example: - - at smallexample - ret = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); - at end smallexample - - - at end table - -Note that these macros need to be terminated with a semicolon. Keep -in mind that these are convenient macros for C programmers; C++ -programmers might have to wrap these macros in an ``extern C'' body. - - @node Enabling FIPS mode @section How to enable the FIPS mode @cindex FIPS mode @@ -863,8 +781,7 @@ This command returns true if the command@* GCRYCTL_INITIALIZATION_FINISHED has already been run. @item GCRYCTL_SET_THREAD_CBS; Arguments: struct ath_ops *ath_ops -This command registers a thread-callback structure. - at xref{Multi-Threading}. +This command is obsolete since version 1.6. @item GCRYCTL_FAST_POLL; Arguments: none Run a fast random poll. @@ -2762,7 +2679,7 @@ operations. @var{cmd} controls what is to be done. The return value is Disable the algorithm given as an algorithm id in @var{buffer}. @var{buffer} must point to an @code{int} variable with the algorithm id and @var{buflen} must have the value @code{sizeof (int)}. This -fucntion is not thread safe and should thus be used before any other +function is not thread safe and should thus be used before any other threads are started. @end table diff --git a/random/random-csprng.c b/random/random-csprng.c index 87235d8..429c84f 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -60,7 +60,6 @@ #include "random.h" #include "rand-internal.h" #include "cipher.h" /* Required for the rmd160_hash_buffer() prototype. */ -#include "ath.h" #ifndef RAND_MAX /* For SunOS. */ #define RAND_MAX 32767 @@ -181,7 +180,7 @@ static int quick_test; static int faked_rng; /* This is the lock we use to protect all pool operations. */ -static ath_mutex_t pool_lock; +GPGRT_LOCK_DEFINE (pool_lock); /* This is a helper for assert calls. These calls are used to assert that functions are called in a locked state. It is not meant to be @@ -259,14 +258,10 @@ static void initialize_basics(void) { static int initialized; - int err; if (!initialized) { initialized = 1; - err = ath_mutex_init (&pool_lock); - if (err) - log_fatal ("failed to create the pool lock: %s\n", strerror (err) ); #ifdef USE_RANDOM_DAEMON _gcry_daemon_initialize_basics (); @@ -286,9 +281,9 @@ lock_pool (void) { int err; - err = ath_mutex_lock (&pool_lock); + err = gpgrt_lock_lock (&pool_lock); if (err) - log_fatal ("failed to acquire the pool lock: %s\n", strerror (err)); + log_fatal ("failed to acquire the pool lock: %s\n", gpg_strerror (err)); pool_is_locked = 1; } @@ -299,9 +294,9 @@ unlock_pool (void) int err; pool_is_locked = 0; - err = ath_mutex_unlock (&pool_lock); + err = gpgrt_lock_unlock (&pool_lock); if (err) - log_fatal ("failed to release the pool lock: %s\n", strerror (err)); + log_fatal ("failed to release the pool lock: %s\n", gpg_strerror (err)); } diff --git a/random/random-daemon.c b/random/random-daemon.c index 98a0153..8ea4df2 100644 --- a/random/random-daemon.c +++ b/random/random-daemon.c @@ -28,8 +28,6 @@ sensitive data. */ -#error This dameon needs to be fixed due to the ath changes - #include #include #include @@ -42,7 +40,6 @@ #include "g10lib.h" #include "random.h" -#include "ath.h" @@ -51,7 +48,7 @@ #define RANDOM_DAEMON_SOCKET "/var/run/libgcrypt/S.gcryptrnd" /* The lock serializing access to the daemon. */ -static ath_mutex_t daemon_lock = ATH_MUTEX_INITIALIZER; +GPGRT_LOCK_DEFINE (daemon_lock); /* The socket connected to the daemon. */ static int daemon_socket = -1; @@ -129,16 +126,7 @@ connect_to_socket (const char *socketname, int *sock) void _gcry_daemon_initialize_basics (void) { - static int initialized; - int err; - - if (!initialized) - { - initialized = 1; - err = ath_mutex_init (&daemon_lock); - if (err) - log_fatal ("failed to create the daemon lock: %s\n", strerror (err) ); - } + /* Not anymore required. */ } @@ -213,7 +201,7 @@ call_daemon (const char *socketname, if (!req_nbytes) return 0; - ath_mutex_lock (&daemon_lock); + gpgrt_lock_lock (&daemon_lock); /* Open the socket if that has not been done. */ if (!initialized) @@ -225,7 +213,7 @@ call_daemon (const char *socketname, { daemon_socket = -1; log_info ("not using random daemon\n"); - ath_mutex_unlock (&daemon_lock); + gpgrt_lock_unlock (&daemon_lock); return err; } } @@ -233,7 +221,7 @@ call_daemon (const char *socketname, /* Check that we have a valid socket descriptor. */ if ( daemon_socket == -1 ) { - ath_mutex_unlock (&daemon_lock); + gpgrt_lock_unlock (&daemon_lock); return gcry_error (GPG_ERR_INTERNAL); } @@ -325,7 +313,7 @@ call_daemon (const char *socketname, } while (req_nbytes); - ath_mutex_unlock (&daemon_lock); + gpgrt_lock_unlock (&daemon_lock); return err; } diff --git a/random/random-fips.c b/random/random-fips.c index d00825e..0a76362 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -66,13 +66,12 @@ #include "g10lib.h" #include "random.h" #include "rand-internal.h" -#include "ath.h" /* This is the lock we use to serialize access to this RNG. The extra integer variable is only used to check the locking state; that is, it is not meant to be thread-safe but merely as a failsafe feature to assert proper locking. */ -static ath_mutex_t fips_rng_lock; +GPGRT_LOCK_DEFINE (fips_rng_lock); static int fips_rng_is_locked; @@ -190,15 +189,11 @@ static void basic_initialization (void) { static int initialized; - int my_errno; if (initialized) return; initialized = 1; - my_errno = ath_mutex_init (&fips_rng_lock); - if (my_errno) - log_fatal ("failed to create the RNG lock: %s\n", strerror (my_errno)); fips_rng_is_locked = 0; /* Make sure that we are still using the values we have @@ -214,11 +209,11 @@ basic_initialization (void) static void lock_rng (void) { - int my_errno; + gpg_err_code_t rc; - my_errno = ath_mutex_lock (&fips_rng_lock); - if (my_errno) - log_fatal ("failed to acquire the RNG lock: %s\n", strerror (my_errno)); + rc = gpgrt_lock_lock (&fips_rng_lock); + if (rc) + log_fatal ("failed to acquire the RNG lock: %s\n", gpg_strerror (rc)); fips_rng_is_locked = 1; } @@ -227,12 +222,12 @@ lock_rng (void) static void unlock_rng (void) { - int my_errno; + gpg_err_code_t rc; fips_rng_is_locked = 0; - my_errno = ath_mutex_unlock (&fips_rng_lock); - if (my_errno) - log_fatal ("failed to release the RNG lock: %s\n", strerror (my_errno)); + rc = gpgrt_lock_unlock (&fips_rng_lock); + if (rc) + log_fatal ("failed to release the RNG lock: %s\n", gpg_strerror (rc)); } static void diff --git a/random/random-system.c b/random/random-system.c index 3962ab8..8b79511 100644 --- a/random/random-system.c +++ b/random/random-system.c @@ -35,13 +35,12 @@ #include "g10lib.h" #include "random.h" #include "rand-internal.h" -#include "ath.h" /* This is the lock we use to serialize access to this RNG. The extra integer variable is only used to check the locking state; that is, it is not meant to be thread-safe but merely as a failsafe feature to assert proper locking. */ -static ath_mutex_t system_rng_lock; +GPGRT_LOCK_DEFINE (system_rng_lock); static int system_rng_is_locked; @@ -58,16 +57,11 @@ static void basic_initialization (void) { static int initialized; - int my_errno; if (initialized) return; initialized = 1; - my_errno = ath_mutex_init (&system_rng_lock); - if (my_errno) - log_fatal ("failed to create the System RNG lock: %s\n", - strerror (my_errno)); system_rng_is_locked = 0; /* Make sure that we are still using the values we traditionally @@ -83,12 +77,12 @@ basic_initialization (void) static void lock_rng (void) { - int my_errno; + gpg_err_code_t rc; - my_errno = ath_mutex_lock (&system_rng_lock); - if (my_errno) + rc = gpgrt_lock_lock (&system_rng_lock); + if (rc) log_fatal ("failed to acquire the System RNG lock: %s\n", - strerror (my_errno)); + gpg_strerror (rc)); system_rng_is_locked = 1; } @@ -97,13 +91,13 @@ lock_rng (void) static void unlock_rng (void) { - int my_errno; + gpg_err_code_t rc; system_rng_is_locked = 0; - my_errno = ath_mutex_unlock (&system_rng_lock); - if (my_errno) + rc = gpgrt_lock_unlock (&system_rng_lock); + if (rc) log_fatal ("failed to release the System RNG lock: %s\n", - strerror (my_errno)); + gpg_strerror (rc)); } diff --git a/random/random.c b/random/random.c index ff9d6d2..41d4cb3 100644 --- a/random/random.c +++ b/random/random.c @@ -34,7 +34,6 @@ #include "random.h" #include "rand-internal.h" #include "cipher.h" /* For _gcry_sha1_hash_buffer(). */ -#include "ath.h" /* If not NULL a progress function called from certain places and the @@ -54,7 +53,7 @@ static struct /* This is the lock we use to protect the buffer used by the nonce generation. */ -static ath_mutex_t nonce_buffer_lock; +GPGRT_LOCK_DEFINE (nonce_buffer_lock); @@ -140,18 +139,6 @@ _gcry_set_preferred_rng_type (int type) void _gcry_random_initialize (int full) { - static int nonce_initialized; - int err; - - if (!nonce_initialized) - { - nonce_initialized = 1; - err = ath_mutex_init (&nonce_buffer_lock); - if (err) - log_fatal ("failed to create the nonce buffer lock: %s\n", - strerror (err) ); - } - if (fips_mode ()) _gcry_rngfips_initialize (full); else if (rng_types.standard) @@ -450,10 +437,10 @@ _gcry_create_nonce (void *buffer, size_t length) _gcry_random_initialize (1); /* Acquire the nonce buffer lock. */ - err = ath_mutex_lock (&nonce_buffer_lock); + err = gpgrt_lock_lock (&nonce_buffer_lock); if (err) log_fatal ("failed to acquire the nonce buffer lock: %s\n", - strerror (err)); + gpg_strerror (err)); apid = getpid (); /* The first time initialize our buffer. */ @@ -501,10 +488,10 @@ _gcry_create_nonce (void *buffer, size_t length) } /* Release the nonce buffer lock. */ - err = ath_mutex_unlock (&nonce_buffer_lock); + err = gpgrt_lock_unlock (&nonce_buffer_lock); if (err) log_fatal ("failed to release the nonce buffer lock: %s\n", - strerror (err)); + gpg_strerror (err)); } diff --git a/src/Makefile.am b/src/Makefile.am index c020239..b764852 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -61,8 +61,7 @@ libgcrypt_la_SOURCES = \ stdmem.c stdmem.h secmem.c secmem.h \ mpi.h missing-string.c fips.c \ hmac256.c hmac256.h context.c context.h \ - ec-context.h \ - ath.h ath.c + ec-context.h EXTRA_libgcrypt_la_SOURCES = hwf-x86.c hwf-arm.c gcrypt_hwf_modules = @GCRYPT_HWF_MODULES@ diff --git a/src/ath.c b/src/ath.c deleted file mode 100644 index 7a7035d..0000000 --- a/src/ath.c +++ /dev/null @@ -1,333 +0,0 @@ -/* ath.c - A Thread-safeness library. - * Copyright (C) 2002, 2003, 2004, 2011 Free Software Foundation, Inc. - * - * This file is part of Libgcrypt. - * - * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser general Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * Libgcrypt is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see . - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#if USE_POSIX_THREADS_WEAK -# include -#endif - -#include "ath.h" - - - -/* On an ELF system it is easy to use pthreads using weak references. - Take care not to test the address of a weak referenced function we - actually use; some GCC versions have a bug were &foo != NULL is - always evaluated to true in PIC mode. USING_PTHREAD_AS_DEFAULT is - used by ath_install to detect the default usage of pthread. */ -#if USE_POSIX_THREADS_WEAK -# pragma weak pthread_cancel -# pragma weak pthread_mutex_init -# pragma weak pthread_mutex_lock -# pragma weak pthread_mutex_unlock -# pragma weak pthread_mutex_destroy -#endif - -/* For the dummy interface. The MUTEX_NOTINIT value is used to check - that a mutex has been initialized. */ -#define MUTEX_NOTINIT ((ath_mutex_t) 0) -#define MUTEX_UNLOCKED ((ath_mutex_t) 1) -#define MUTEX_LOCKED ((ath_mutex_t) 2) -#define MUTEX_DESTROYED ((ath_mutex_t) 3) - - -/* Return the thread type from the option field. */ -#define GET_OPTION(a) ((a) & 0xff) - - - -enum ath_thread_model { - ath_model_undefined = 0, - ath_model_none, /* No thread support. */ - ath_model_pthreads_weak, /* POSIX threads using weak symbols. */ - ath_model_pthreads, /* POSIX threads directly linked. */ - ath_model_w32 /* Microsoft Windows threads. */ -}; - - -/* The thread model in use. */ -static enum ath_thread_model thread_model; - - -/* Initialize the ath subsystem. This is called as part of the - Libgcrypt initialization. It's purpose is to initialize the - locking system. It returns 0 on sucess or an ERRNO value on error. - In the latter case it is not defined whether ERRNO was changed. - - Note: This should be called as early as possible because it is not - always possible to detect the thread model to use while already - running multi threaded. */ -int -ath_init (void) -{ - int err = 0; - - if (thread_model) - return 0; /* Already initialized - no error. */ - - if (0) - ; -#if USE_POSIX_THREADS_WEAK - else if (pthread_cancel) - { - thread_model = ath_model_pthreads_weak; - } -#endif - else - { - /* Assume a single threaded application. */ - thread_model = ath_model_none; - } - - return err; -} - - -/* Return the used thread model as string for display purposes an if - R_MODEL is not null store its internal number at R_MODEL. */ -const char * -ath_get_model (int *r_model) -{ - if (r_model) - *r_model = thread_model; - switch (thread_model) - { - case ath_model_undefined: return "undefined"; - case ath_model_none: return "none"; - case ath_model_pthreads_weak: return "pthread(weak)"; - case ath_model_pthreads: return "pthread"; - case ath_model_w32: return "w32"; - default: return "?"; - } -} - - -/* This function was used in old Libgcrypt versions (via - GCRYCTL_SET_THREAD_CBS) to register the thread callback functions. - It is not anymore required. However to allow existing code to - continue to work, we keep this function and check that no user - defined callbacks are used and that the requested thread system - matches the one Libgcrypt is using. */ -gpg_err_code_t -ath_install (struct ath_ops *ath_ops) -{ - gpg_err_code_t rc; - unsigned int thread_option; - - /* Fist call ath_init so that we know our thread model. */ - rc = ath_init (); - if (rc) - return rc; - - /* Check if the requested thread option is compatible to the - thread option we are already committed to. */ - thread_option = ath_ops? GET_OPTION (ath_ops->option) : 0; - - /* Return an error if the requested thread model does not match the - configured one. */ - if (0) - ; -#if USE_POSIX_THREADS_WEAK - else if (thread_model == ath_model_pthreads_weak) - { - if (thread_option == ATH_THREAD_OPTION_PTHREAD) - return 0; /* Okay - compatible. */ - if (thread_option == ATH_THREAD_OPTION_PTH) - return 0; /* Okay - compatible. */ - } -#endif /*USE_POSIX_THREADS_WEAK*/ - else if (thread_option == ATH_THREAD_OPTION_PTH) - { - if (thread_model == ath_model_none) - return 0; /* Okay - compatible. */ - } - else if (thread_option == ATH_THREAD_OPTION_DEFAULT) - return 0; /* No thread support requested. */ - - return GPG_ERR_NOT_SUPPORTED; -} - - -/* Initialize a new mutex. This function returns 0 on success or an - system error code (i.e. an ERRNO value). ERRNO may or may not be - changed on error. */ -int -ath_mutex_init (ath_mutex_t *lock) -{ - int err; - - switch (thread_model) - { - case ath_model_none: - *lock = MUTEX_UNLOCKED; - err = 0; - break; - -#if USE_POSIX_THREADS_WEAK - case ath_model_pthreads_weak: - { - pthread_mutex_t *plck; - - plck = malloc (sizeof *plck); - if (!plck) - err = errno? errno : ENOMEM; - else - { - err = pthread_mutex_init (plck, NULL); - if (err) - free (plck); - else - *lock = (void*)plck; - } - } - break; -#endif /*USE_POSIX_THREADS_WEAK*/ - - default: - err = EINVAL; - break; - } - - return err; -} - - -/* Destroy a mutex. This function is a NOP if LOCK is NULL. If the - mutex is still locked it can't be destroyed and the function - returns EBUSY. ERRNO may or may not be changed on error. */ -int -ath_mutex_destroy (ath_mutex_t *lock) -{ - int err; - - if (!*lock) - return 0; - - switch (thread_model) - { - case ath_model_none: - if (*lock != MUTEX_UNLOCKED) - err = EBUSY; - else - { - *lock = MUTEX_DESTROYED; - err = 0; - } - break; - -#if USE_POSIX_THREADS_WEAK - case ath_model_pthreads_weak: - { - pthread_mutex_t *plck = (pthread_mutex_t*) (*lock); - - err = pthread_mutex_destroy (plck); - if (!err) - { - free (plck); - lock = NULL; - } - } - break; -#endif /*USE_POSIX_THREADS_WEAK*/ - - default: - err = EINVAL; - break; - } - - return err; -} - - -/* Lock the mutex LOCK. On success the function returns 0; on error - an error code. ERRNO may or may not be changed on error. */ -int -ath_mutex_lock (ath_mutex_t *lock) -{ - int err; - - switch (thread_model) - { - case ath_model_none: - if (*lock == MUTEX_NOTINIT) - err = EINVAL; - else if (*lock == MUTEX_UNLOCKED) - { - *lock = MUTEX_LOCKED; - err = 0; - } - else - err = EDEADLK; - break; - -#if USE_POSIX_THREADS_WEAK - case ath_model_pthreads_weak: - err = pthread_mutex_lock ((pthread_mutex_t*)(*lock)); - break; -#endif /*USE_POSIX_THREADS_WEAK*/ - - default: - err = EINVAL; - break; - } - - return err; -} - -/* Unlock the mutex LOCK. On success the function returns 0; on error - an error code. ERRNO may or may not be changed on error. */ -int -ath_mutex_unlock (ath_mutex_t *lock) -{ - int err; - - switch (thread_model) - { - case ath_model_none: - if (*lock == MUTEX_NOTINIT) - err = EINVAL; - else if (*lock == MUTEX_LOCKED) - { - *lock = MUTEX_UNLOCKED; - err = 0; - } - else - err = EPERM; - break; - -#if USE_POSIX_THREADS_WEAK - case ath_model_pthreads_weak: - err = pthread_mutex_unlock ((pthread_mutex_t*)(*lock)); - break; -#endif /*USE_POSIX_THREADS_WEAK*/ - - default: - err = EINVAL; - break; - } - - return err; -} diff --git a/src/ath.h b/src/ath.h deleted file mode 100644 index a132e0b..0000000 --- a/src/ath.h +++ /dev/null @@ -1,93 +0,0 @@ -/* ath.h - Thread-safeness library. - * Copyright (C) 2002, 2003, 2004, 2011 Free Software Foundation, Inc. - * - * This file is part of Libgcrypt. - * - * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser general Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * Libgcrypt is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see . - */ - -#ifndef ATH_H -#define ATH_H - -#include - -#ifdef _WIN32 -# include -# include -#else /* !_WIN32 */ -# ifdef HAVE_SYS_SELECT_H -# include -# else -# include -# endif -# include -# ifdef HAVE_SYS_MSG_H -# include /* (e.g. for zOS) */ -# endif -# include -#endif /* !_WIN32 */ -#include - - - -/* Define _ATH_EXT_SYM_PREFIX if you want to give all external symbols - a prefix. */ -#define _ATH_EXT_SYM_PREFIX _gcry_ - -#ifdef _ATH_EXT_SYM_PREFIX -#define _ATH_PREFIX1(x,y) x ## y -#define _ATH_PREFIX2(x,y) _ATH_PREFIX1(x,y) -#define _ATH_PREFIX(x) _ATH_PREFIX2(_ATH_EXT_SYM_PREFIX,x) -#define ath_install _ATH_PREFIX(ath_install) -#define ath_init _ATH_PREFIX(ath_init) -#define ath_get_model _ATH_PREFIX(ath_get_model) -#define ath_mutex_init _ATH_PREFIX(ath_mutex_init) -#define ath_mutex_destroy _ATH_PREFIX(ath_mutex_destroy) -#define ath_mutex_lock _ATH_PREFIX(ath_mutex_lock) -#define ath_mutex_unlock _ATH_PREFIX(ath_mutex_unlock) -#endif - - -enum ath_thread_option - { - ATH_THREAD_OPTION_DEFAULT = 0, - ATH_THREAD_OPTION_USER = 1, - ATH_THREAD_OPTION_PTH = 2, - ATH_THREAD_OPTION_PTHREAD = 3 - }; - -struct ath_ops -{ - /* The OPTION field encodes the thread model and the version number - of this structure. - Bits 7 - 0 are used for the thread model - Bits 15 - 8 are used for the version number. - */ - unsigned int option; - -}; - -gpg_err_code_t ath_install (struct ath_ops *ath_ops); -int ath_init (void); -const char *ath_get_model (int *r_model); - -/* Functions for mutual exclusion. */ -typedef void *ath_mutex_t; - -int ath_mutex_init (ath_mutex_t *mutex); -int ath_mutex_destroy (ath_mutex_t *mutex); -int ath_mutex_lock (ath_mutex_t *mutex); -int ath_mutex_unlock (ath_mutex_t *mutex); - -#endif /* ATH_H */ diff --git a/src/fips.c b/src/fips.c index 3ab33f9..c90e4b6 100644 --- a/src/fips.c +++ b/src/fips.c @@ -31,7 +31,6 @@ #endif /*HAVE_SYSLOG*/ #include "g10lib.h" -#include "ath.h" #include "cipher-proto.h" #include "hmac256.h" @@ -69,7 +68,7 @@ static int enforced_fips_mode; static int inactive_fips_mode; /* This is the lock we use to protect the FSM. */ -static ath_mutex_t fsm_lock; +GPGRT_LOCK_DEFINE (fsm_lock); /* The current state of the FSM. The whole state machinery is only used while in fips mode. Change this only while holding fsm_lock. */ @@ -181,18 +180,18 @@ _gcry_initialize_fips_mode (int force) FILE *fp; /* Intitialize the lock to protect the FSM. */ - err = ath_mutex_init (&fsm_lock); + err = gpgrt_lock_init (&fsm_lock); if (err) { /* If that fails we can't do anything but abort the process. We need to use log_info so that the FSM won't get involved. */ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n", - strerror (err)); + gpg_strerror (err)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "creating FSM lock failed: %s - abort", - strerror (err)); + gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ abort (); } @@ -222,15 +221,15 @@ lock_fsm (void) { gpg_error_t err; - err = ath_mutex_lock (&fsm_lock); + err = gpgrt_lock_lock (&fsm_lock); if (err) { log_info ("FATAL: failed to acquire the FSM lock in libgrypt: %s\n", - strerror (err)); + gpg_strerror (err)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "acquiring FSM lock failed: %s - abort", - strerror (err)); + gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ abort (); } @@ -241,15 +240,15 @@ unlock_fsm (void) { gpg_error_t err; - err = ath_mutex_unlock (&fsm_lock); + err = gpgrt_lock_unlock (&fsm_lock); if (err) { log_info ("FATAL: failed to release the FSM lock in libgrypt: %s\n", - strerror (err)); + gpg_strerror (err)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "releasing FSM lock failed: %s - abort", - strerror (err)); + gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ abort (); } diff --git a/src/global.c b/src/global.c index 9af499e..b2b1de6 100644 --- a/src/global.c +++ b/src/global.c @@ -2,7 +2,7 @@ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 * 2004, 2005, 2006, 2008, 2011, * 2012 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2014 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -38,7 +38,7 @@ #include "cipher.h" #include "stdmem.h" /* our own memory allocator */ #include "secmem.h" /* our own secmem allocator */ -#include "ath.h" + @@ -86,14 +86,6 @@ global_init (void) /* Tell the random module that we have seen an init call. */ _gcry_set_preferred_rng_type (0); - /* Initialize our portable thread/mutex wrapper. */ - err = ath_init (); - if (err) - { - err = gpg_error_from_errno (err); - goto fail; - } - /* See whether the system is in FIPS mode. This needs to come as early as possible but after ATH has been initialized. */ _gcry_initialize_fips_mode (force_fips_mode); @@ -304,7 +296,6 @@ print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) #endif ":\n"); fnc (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ()); - fnc (fp, "threads:%s:\n", ath_get_model (NULL)); hwfeatures = _gcry_get_hw_features (); fnc (fp, "hwflist:"); for (i=0; (s = _gcry_enum_hw_features (i, &afeature)); i++) @@ -476,10 +467,10 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) break; case GCRYCTL_SET_THREAD_CBS: + /* This is now a dummy call. We used to install our own thread + library here. */ _gcry_set_preferred_rng_type (0); - rc = ath_install (va_arg (arg_ptr, void *)); - if (!rc) - global_init (); + global_init (); break; case GCRYCTL_FAST_POLL: diff --git a/src/secmem.c b/src/secmem.c index 2bf7d8c..cfea921 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -37,7 +37,6 @@ #endif #endif -#include "ath.h" #include "g10lib.h" #include "secmem.h" @@ -86,11 +85,11 @@ static int no_priv_drop; static unsigned int cur_alloced, cur_blocks; /* Lock protecting accesses to the memory pool. */ -static ath_mutex_t secmem_lock; +GPGRT_LOCK_DEFINE (secmem_lock); /* Convenient macros. */ -#define SECMEM_LOCK ath_mutex_lock (&secmem_lock) -#define SECMEM_UNLOCK ath_mutex_unlock (&secmem_lock) +#define SECMEM_LOCK gpgrt_lock_lock (&secmem_lock) +#define SECMEM_UNLOCK gpgrt_lock_unlock (&secmem_lock) /* The size of the memblock structure; this does not include the memory that is available to the user. */ @@ -536,12 +535,7 @@ _gcry_secmem_init (size_t n) gcry_err_code_t _gcry_secmem_module_init () { - int err; - - err = ath_mutex_init (&secmem_lock); - if (err) - log_fatal ("could not allocate secmem lock\n"); - + /* No anymore needed. */ return 0; } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-aeswrap.c | 1 - cipher/cipher-cbc.c | 1 - cipher/cipher-ccm.c | 1 - cipher/cipher-cfb.c | 1 - cipher/cipher-ctr.c | 1 - cipher/cipher-gcm.c | 1 - cipher/cipher-ofb.c | 1 - cipher/cipher.c | 1 - cipher/kdf.c | 1 - cipher/md.c | 1 - cipher/primegen.c | 68 ++++------ cipher/pubkey.c | 1 - compat/compat.c | 4 +- configure.ac | 7 +- doc/gcrypt.texi | 95 +------------- random/random-csprng.c | 15 +-- random/random-daemon.c | 24 +--- random/random-fips.c | 23 ++-- random/random-system.c | 24 ++-- random/random.c | 23 +--- src/Makefile.am | 3 +- src/ath.c | 333 ----------------------------------------------- src/ath.h | 93 ------------- src/fips.c | 21 ++- src/global.c | 19 +-- src/secmem.c | 14 +- 26 files changed, 90 insertions(+), 687 deletions(-) delete mode 100644 src/ath.c delete mode 100644 src/ath.h hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Thu Jan 16 18:42:47 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 16 Jan 2014 18:42:47 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: (by Werner Koch's message of "Thu, 16 Jan 2014 17:25:19 +0100") References: Message-ID: <87ppnr3js8.fsf@vigenere.g10code.de> On Thu, 16 Jan 2014 17:25, cvs at cvs.gnupg.org said: > support. In particular no locks were used under Windows. With the > new gpgrt_lock functions from the soon to be released libgpg-error > 1.13 we have a better portable scheme which also allows for static BTW, I have tested the latest libgpg-error on Linux, W32, W64, OpenBSD, and AIX(gcc). I'd appreciate to see tests on a few more platforms before I do a release. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From john at masinter.net Thu Jan 16 18:21:12 2014 From: john at masinter.net (John Masinter) Date: Thu, 16 Jan 2014 12:21:12 -0500 Subject: 2014 FIPS disallows ANSI X9.31 Message-ID: I searched several months back in the maillist archives for this subject, and did not see a discussion. The ANSI X 9.31 RNG should be replaced with FIPS recommended SP800-90 DRBG. We need this to certify GnuPG which uses libgcrypt. Is there any branch or work planned to address the 2014 change in FIPS requirements? Any pointers or lists, source branches, or anything that may help implement this is appreciated. Or is there any option to build GnuPG with OpenSSL? (Are you laughing now?:) Thank you very much for any input on the subject. -------------- next part -------------- An HTML attachment was scrubbed... URL: From j.breier at gmx.de Thu Jan 16 23:17:30 2014 From: j.breier at gmx.de (Jakob Breier) Date: Thu, 16 Jan 2014 23:17:30 +0100 Subject: 2014 FIPS disallows ANSI X9.31 In-Reply-To: References: Message-ID: <52D85A7A.5000300@gmx.de> On 16.01.2014 18:21, John Masinter wrote: > The ANSI X 9.31 RNG should be replaced with FIPS recommended SP800-90 > DRBG. ? > Or is there any option to build GnuPG with OpenSSL? (Are you laughing > now?:) You would not want to use OpenSSL. Their Dual_EC_DRBG implementation is horribly broken and will crash or stall your program. See https://lwn.net/Articles/578375/ for more details. Regards, Jakob Breier From wk at gnupg.org Fri Jan 17 08:30:23 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Jan 2014 08:30:23 +0100 Subject: 2014 FIPS disallows ANSI X9.31 In-Reply-To: <52D85A7A.5000300@gmx.de> (Jakob Breier's message of "Thu, 16 Jan 2014 23:17:30 +0100") References: <52D85A7A.5000300@gmx.de> Message-ID: <878uuf2hgw.fsf@vigenere.g10code.de> On Thu, 16 Jan 2014 23:17, j.breier at gmx.de said: > You would not want to use OpenSSL. Their Dual_EC_DRBG implementation is > horribly broken and will crash or stall your program. See Which is good and probably done on purpose. SP800-90 has several options for a Deterministic RNG and no mentally sane developer would implement the EC based one. Well, unless there is a strong monetary incentive. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Jan 17 08:36:33 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Jan 2014 08:36:33 +0100 Subject: 2014 FIPS disallows ANSI X9.31 In-Reply-To: (John Masinter's message of "Thu, 16 Jan 2014 12:21:12 -0500") References: Message-ID: <874n532h6m.fsf@vigenere.g10code.de> On Thu, 16 Jan 2014 18:21, john at masinter.net said: > The ANSI X 9.31 RNG should be replaced with FIPS recommended SP800-90 DRBG. Libgcrypt has a mechanism to select from several RNG implementaions. Adding another one will be simple. However, it is quite some work to actually code and test it. Frankly, I once looked the options but then figured that X9.31 will be easier to implement and did just that. > Is there any branch or work planned to address the 2014 change in FIPS > requirements? Is there anyone who wants to sponsor that? From a technical and privacy point of view a FIPS certification is useless. In particular a DRNG which does not address the problem of the seed. > Or is there any option to build GnuPG with OpenSSL? (Are you laughing now?:) GnuPG is tightly coupled to Libgcrypt. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From j.breier at gmx.de Fri Jan 17 11:22:11 2014 From: j.breier at gmx.de (Jakob Breier) Date: Fri, 17 Jan 2014 11:22:11 +0100 Subject: 2014 FIPS disallows ANSI X9.31 In-Reply-To: <878uuf2hgw.fsf@vigenere.g10code.de> References: <52D85A7A.5000300@gmx.de> <878uuf2hgw.fsf@vigenere.g10code.de> Message-ID: <52D90453.30502@gmx.de> On 17.01.2014 08:30, Werner Koch wrote: > On Thu, 16 Jan 2014 23:17, j.breier at gmx.de said: > >> You would not want to use OpenSSL. Their Dual_EC_DRBG implementation is >> horribly broken and will crash or stall your program. See > Which is good and probably done on purpose. > > SP800-90 has several options for a Deterministic RNG and no mentally > sane developer would implement the EC based one. Well, unless there is > a strong monetary incentive. > > > Salam-Shalom, > > Werner > I know. I probably should have added a smiley somewhere in that mail in addition to the link to clarify this was a joke. A sad joke at that given how much trust in such standards has been undermined by the Dual_EC_DRBG. Regards, Jakob From dbaryshkov at gmail.com Fri Jan 17 11:30:02 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 17 Jan 2014 14:30:02 +0400 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: <87ppnr3js8.fsf@vigenere.g10code.de> References: <87ppnr3js8.fsf@vigenere.g10code.de> Message-ID: Hello, On Thu, Jan 16, 2014 at 9:42 PM, Werner Koch wrote: > On Thu, 16 Jan 2014 17:25, cvs at cvs.gnupg.org said: > >> support. In particular no locks were used under Windows. With the >> new gpgrt_lock functions from the soon to be released libgpg-error >> 1.13 we have a better portable scheme which also allows for static > > BTW, I have tested the latest libgpg-error on Linux, W32, W64, OpenBSD, > and AIX(gcc). I'd appreciate to see tests on a few more platforms > before I do a release. The gen-posix-lock-obj requirements will immediately rule libgcrypt out of nearly all embedded devices - OpenEmbedded, OpenWRT and most of the other embedded distributions use cross-compilation. -- With best wishes Dmitry From dbaryshkov at gmail.com Fri Jan 17 12:36:40 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 17 Jan 2014 15:36:40 +0400 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: References: <87ppnr3js8.fsf@vigenere.g10code.de> Message-ID: On Fri, Jan 17, 2014 at 2:30 PM, Dmitry Eremin-Solenikov wrote: > Hello, > > On Thu, Jan 16, 2014 at 9:42 PM, Werner Koch wrote: >> On Thu, 16 Jan 2014 17:25, cvs at cvs.gnupg.org said: >> >>> support. In particular no locks were used under Windows. With the >>> new gpgrt_lock functions from the soon to be released libgpg-error >>> 1.13 we have a better portable scheme which also allows for static >> >> BTW, I have tested the latest libgpg-error on Linux, W32, W64, OpenBSD, >> and AIX(gcc). I'd appreciate to see tests on a few more platforms >> before I do a release. > > The gen-posix-lock-obj requirements will immediately rule libgcrypt out > of nearly all embedded devices - OpenEmbedded, OpenWRT and > most of the other embedded distributions use cross-compilation. Werner, is there any reason, why you don't want to include exact mutex implementation into generated gpg-error.h header file? It would be platform dependent, of course, but existing 'dumped' mutexes also look platform dependent (and very fragile). E.g. in it's current state gpg-error.h is definitely not multi-platform safe. Just stating (on posix systems) to #include and to have pthread_mutex_t as a part of gpgrt_lock_t. And last BTW: if you care about ABI, most probably '_vers' field should be moved to the beginning of the gpgrt_lock_t structure - thus it can be safely checked. And one would probably need the 'mutex type' magic value - because otherwise one can (theoretically) build gpg-error library with posix header for win32 and this will be unnoticed (if _vers fields fall to the same place). What do you think? -- With best wishes Dmitry From wk at gnupg.org Fri Jan 17 13:25:58 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Jan 2014 13:25:58 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: (Dmitry Eremin-Solenikov's message of "Fri, 17 Jan 2014 14:30:02 +0400") References: <87ppnr3js8.fsf@vigenere.g10code.de> Message-ID: <87ioti23s9.fsf@vigenere.g10code.de> On Fri, 17 Jan 2014 11:30, dbaryshkov at gmail.com said: > The gen-posix-lock-obj requirements will immediately rule libgcrypt out > of nearly all embedded devices - OpenEmbedded, OpenWRT and > most of the other embedded distributions use cross-compilation. I know. However, for non-cross building this is the easiest way. For cross-building we need a way to specify or test the required information. In fact, that is how it has been implemented for Windows. I have currently non up-to-date cross platforms installed on my development box, thus I have not implemented that. Sure it has to be done. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Jan 17 13:44:18 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Jan 2014 13:44:18 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: (Dmitry Eremin-Solenikov's message of "Fri, 17 Jan 2014 15:36:40 +0400") References: <87ppnr3js8.fsf@vigenere.g10code.de> Message-ID: <87eh4622xp.fsf@vigenere.g10code.de> On Fri, 17 Jan 2014 12:36, dbaryshkov at gmail.com said: > into generated gpg-error.h header file? It would be platform > dependent, of course, Right and that is what needs to be avoided. gpgrt shall replace platform dependent code in Libgcrypt, GPGME, and GnuPG. It makes more sense to do have the platform dependent code at just one place. In particular a future 64 bit Windows implementation of GnuPG will need it (e.g. sizeof(HANDLE) > sizeof(int)) > but existing 'dumped' mutexes also look platform dependent (and very fragile). I can't see how this is fragile. Alignment requirements? The test case should exhibity this soon. Not exposing the internals also allows to change the internal implementation; for example from the fork problematic pthread mutexes to the cleaner semaphores. > E.g. in it's current state gpg-error.h is definitely not multi-platform safe. As with several other header files, they are platform dependent. We can't use configure macros in a public header. > And last BTW: if you care about ABI, most probably '_vers' field should be moved > to the beginning of the gpgrt_lock_t structure - thus it can be safely Breaks alignment requirements. Thus it is easier to move it to the end. Okay, I could add another union or swap the union and the struct. Is it worth the trouble? > And one would probably need the 'mutex type' magic value - because > otherwise one can (theoretically) build gpg-error library with posix header > for win32 and this will be unnoticed (if _vers fields fall to the same place). That has always been the case. The configure macro actually prints a warning if you use a wrong one. Thanks for the comments. I'll change the build systems to allow the inclusion of pre-generated lock objects for cross-compiling. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dbaryshkov at gmail.com Fri Jan 17 14:12:20 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 17 Jan 2014 17:12:20 +0400 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: <87eh4622xp.fsf@vigenere.g10code.de> References: <87ppnr3js8.fsf@vigenere.g10code.de> <87eh4622xp.fsf@vigenere.g10code.de> Message-ID: On Fri, Jan 17, 2014 at 4:44 PM, Werner Koch wrote: > On Fri, 17 Jan 2014 12:36, dbaryshkov at gmail.com said: > >> into generated gpg-error.h header file? It would be platform >> dependent, of course, > > Right and that is what needs to be avoided. gpgrt shall replace > platform dependent code in Libgcrypt, GPGME, and GnuPG. It makes more > sense to do have the platform dependent code at just one place. In > particular a future 64 bit Windows implementation of GnuPG will need it > (e.g. sizeof(HANDLE) > sizeof(int)) I fully understand and support your idea of handling platform-dependent code in one place. I suggest to have a platform-independent API, but with platform dependent ABI. Applications using gpgrt won't be caring about exact _internals_ of gpgrt_lock_t (or GPGRT_LOCK_INITIALIZER). They should use those identifiers in the program code as black boxes. > >> but existing 'dumped' mutexes also look platform dependent (and very fragile). > > I can't see how this is fragile. Alignment requirements? The test case > should exhibity this soon. Alignment, contents, libc/libpthread versioning, etc. > Not exposing the internals also allows to change the internal > implementation; for example from the fork problematic pthread mutexes to > the cleaner semaphores. Even if we put exact implementation to the header, we still can change it later - provided we have proper structure versioning. You did this in the past with thread CBS structure, so I see no problem with that. Consider Linux kernel code. You have spinlock_t definition right in the headers. Every file wanting to work with spinlocks, has to include that. However nobody (well, except those who really have to) bothers to look inside it. >> E.g. in it's current state gpg-error.h is definitely not multi-platform safe. > > As with several other header files, they are platform dependent. We > can't use configure macros in a public header. You are correct about configure macros. However we can have one 'threading' part for all posix systems. >> And last BTW: if you care about ABI, most probably '_vers' field should be moved >> to the beginning of the gpgrt_lock_t structure - thus it can be safely > > Breaks alignment requirements. Thus it is easier to move it to the end. > Okay, I could add another union or swap the union and the struct. Is it > worth the trouble? It definitely is. Consider gpgrt switching from pthread to some 'semaphores'. And let's suppose that sizeof(semaphore) > sizeof(pthread_mutex_t). Thus version checking code will become completely useless - if you pass old structure to new code, you risk doing 'after allocated block' access. If you pass new structure to old code, it will face random garbage in the _vers field (and by chance that garbage might have 1 in the right place). > >> And one would probably need the 'mutex type' magic value - because >> otherwise one can (theoretically) build gpg-error library with posix header >> for win32 and this will be unnoticed (if _vers fields fall to the same place). > > That has always been the case. The configure macro actually prints a > warning if you use a wrong one. This > > Thanks for the comments. I'll change the build systems to allow the > inclusion of pre-generated lock objects for cross-compiling. I think this defeats the idea of encapsulation of information about pthread_mutex_t structure in the libc headers. Teoretically one would have to have a special copy of 'lock object' for each CPU-OS-libc combination. Does it worth trouble? -- With best wishes Dmitry From john at masinter.net Fri Jan 17 15:07:50 2014 From: john at masinter.net (John Masinter) Date: Fri, 17 Jan 2014 09:07:50 -0500 Subject: 2014 FIPS disallows ANSI X9.31 In-Reply-To: <874n532h6m.fsf@vigenere.g10code.de> References: <874n532h6m.fsf@vigenere.g10code.de> Message-ID: Thank you for the reply! Yes, I agree FIPS is useless. But its required in order to sell any hardware or software based product into many areas of the public sector. With so many Linux based products already FIPS certified, I'm surprised that this has not been done for Gcrypt. Or maybe those products did this already, but were not good netizens, and did not share the result. Okay, if my colleagues agree to allow me the time to update Gcrypt to SP800-90, then of course I'll share the results back here. Thanks again for the tips and advice. --John Masinter -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Jan 17 15:29:28 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Jan 2014 15:29:28 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-35-gcfc151b In-Reply-To: (Dmitry Eremin-Solenikov's message of "Fri, 17 Jan 2014 17:12:20 +0400") References: <87ppnr3js8.fsf@vigenere.g10code.de> <87eh4622xp.fsf@vigenere.g10code.de> Message-ID: <871u061y2f.fsf@vigenere.g10code.de> On Fri, 17 Jan 2014 14:12, dbaryshkov at gmail.com said: > I fully understand and support your idea of handling platform-dependent code > in one place. I suggest to have a platform-independent API, but with platform > dependent ABI. Applications using gpgrt won't be caring about exact An ABI is always platform dependent. > of gpgrt_lock_t (or GPGRT_LOCK_INITIALIZER). They should use those identifiers > in the program code as black boxes. Right. That is the case. >> I can't see how this is fragile. Alignment requirements? The test case >> should exhibity this soon. > > Alignment, contents, libc/libpthread versioning, etc. If you change the ABI of a platform you can't expect that any old binary continues to work. Thus libc or libpthread are not a problem. I don't know what you mean by content - if you mean the static mutex initializer, this is part of the ABI. Alignment: well, there is no fully portable solution. > Even if we put exact implementation to the header, we still can change > it later - provided we have proper structure versioning. You did > this in the past with thread CBS structure, so I see no problem with that. Al kind of mess may happen if you include pthreads.h in a header used by a program which does not use threads. Thus better avoid it. > Every file wanting to work with spinlocks, has to include that. However nobody > (well, except those who really have to) bothers to look inside it. Spinlocks are not portable and application code should avoid them. We need them for Windows because there is no way to statically initialize a critical section. But that is used only inside libgpg-error (and often also in libintl). > You are correct about configure macros. However we can have one 'threading' > part for all posix systems. Actually I am not proposing an API for threads. That would end up into including the Windows pthread implementation and writing wrappers for pthread. For GnuPG we already use nPth as a threading library. However, for libraries we need a basic locking feature and that is what gpgrt_lock provides. Currently we have ad-doc lock support at several places (libgcrypt, gpgme) which is more or less correctly implemented (Libgcrypt 1.6 misses support for Windows). Unfortunately, there are more platforms than only Posix. In general we support Windows 32 and 64 bit, Windows CE, VMS, and Android. Most multi-component projects use a portability abstraction layer. GnuPG is still missing a well-defined portability layer. gpgrt will eventually be ours. > It definitely is. Consider gpgrt switching from pthread to some 'semaphores'. > And let's suppose that sizeof(semaphore) > sizeof(pthread_mutex_t). > Thus version checking code will become completely useless - if you pass Frankly, the version checking is just there because it is good style to add a version identifier to complex data structures. It is not meant as a real portability help but as a failsafe measurement: if (lock->vers != LOCK_ABI_VERSION) abort (); if (sizeof (gpgrt_lock_t) < sizeof (_gpgrt_lock_t)) abort (); For reason of cleanness and uniformity with Windows, I will rework the definition to prepend the version information. >> Thanks for the comments. I'll change the build systems to allow the >> inclusion of pre-generated lock objects for cross-compiling. > > I think this defeats the idea of encapsulation of information about > pthread_mutex_t > structure in the libc headers. Teoretically one would have to have a special > copy of 'lock object' for each CPU-OS-libc combination. Does it worth trouble? I think so. I would love to not expose it in the header. However, static initializers are that useful that it is worth to run in some trouble with cross-compiling. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gmazyland at gmail.com Fri Jan 17 19:25:39 2014 From: gmazyland at gmail.com (Milan Broz) Date: Fri, 17 Jan 2014 19:25:39 +0100 Subject: Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? Message-ID: <52D975A3.6080609@gmail.com> Hi, since this commit (present in 1.6.0) "md: Fix Whirlpool flaw." http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=0a28b2d2c9181a536fc894e24626714832619923 seems that Whirlpool hash produces different output if data are written in parts. (If entered as one buffer, it seems to be compatible though.) Unfortunately, cryptsetup in its anti-forensic filter uses something like this: gcry_md_write(iv, iv_size) gcry_md_write(buf, buf_size) gcry_md_read ... Change above seems to breaks all LUKS devices which used Whirlpool as hash before and upgraded to gcrypt 1.6.0 (cryptsetup cannot open them anymore). See for example https://bbs.archlinux.org/viewtopic.php?id=175737 Is my assumption that all whirlpool implementations before libgcrypt 1.6.0 are broken if used this way? (Using different crypto backend seems to support this assumption...) Thanks, Milan From wk at gnupg.org Fri Jan 17 21:26:10 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 17 Jan 2014 21:26:10 +0100 Subject: Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? In-Reply-To: <52D975A3.6080609@gmail.com> (Milan Broz's message of "Fri, 17 Jan 2014 19:25:39 +0100") References: <52D975A3.6080609@gmail.com> Message-ID: <87sismz76l.fsf@vigenere.g10code.de> On Fri, 17 Jan 2014 19:25, gmazyland at gmail.com said: > Is my assumption that all whirlpool implementations before > libgcrypt 1.6.0 are broken if used this way? Right. Now why are you using a non-standard algorithm and then also hit the 62 byte problem :-( Anyway, I see that we need to do something about it. Changing the correct implementation is not a good idea but I would be possible to add a bug emulation flag. We do something similar in GnuPG to workaround a pgp-2 incompatibility. I can see two ways to implement it: If you only hash small amounts of data, retrying with the hash operation with the bug emulation flag set would be the easiest way. The other option would be to implement a variant of Whirlpool with this bug not fixed. Then you could add this as a second hash algorithm to the same context and hash only one. That is practical for streamed data but it does not save time because it always hashes twice (could be optimized but we would end up with quite some complexity). I would really prefer to add a bug emulation flag so that you could go and re-encrypt the data on the fly (using the fixed Whirlpool or SHA-x for better performance). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gmazyland at gmail.com Fri Jan 17 21:58:07 2014 From: gmazyland at gmail.com (Milan Broz) Date: Fri, 17 Jan 2014 21:58:07 +0100 Subject: Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? In-Reply-To: <87sismz76l.fsf@vigenere.g10code.de> References: <52D975A3.6080609@gmail.com> <87sismz76l.fsf@vigenere.g10code.de> Message-ID: <52D9995F.1070808@gmail.com> On 01/17/2014 09:26 PM, Werner Koch wrote: > On Fri, 17 Jan 2014 19:25, gmazyland at gmail.com said: > >> Is my assumption that all whirlpool implementations before >> libgcrypt 1.6.0 are broken if used this way? > > Right. Now why are you using a non-standard algorithm and then also hit > the 62 byte problem :-( Whirlpool was never default but people like to fiddle with things :) No idea how many devices use this but with more systems using libgcrypt 1.6.0, more problems will appear... > Anyway, I see that we need to do something about it. Changing the > correct implementation is not a good idea but I would be possible to add > a bug emulation flag. We do something similar in GnuPG to workaround a > pgp-2 incompatibility. > > I can see two ways to implement it: If you only hash small amounts of > data, retrying with the hash operation with the bug emulation flag set > would be the easiest way. The other option would be to implement a > variant of Whirlpool with this bug not fixed. Then you could add this > as a second hash algorithm to the same context and hash only one. That > is practical for streamed data but it does not save time because it > always hashes twice (could be optimized but we would end up with quite > some complexity). The problem is in AF filter http://code.google.com/p/cryptsetup/source/browse/lib/luks1/af.c which uses hash to diffuse key to several encrypted sectors, hash is called a lot of times there. But I really do not care about speed here - the goal is create to some easy way how to fix existing LUKS headers to work with new gcrypt. > I would really prefer to add a bug emulation flag so that you could go > and re-encrypt the data on the fly (using the fixed Whirlpool or SHA-x > for better performance). Yes, I prefer this as well. I had already code to reencrypt device, here we need only to reencrypt header and keyslots. I just need to have access to both whirlpool variants. So if there is a "bug emulation flag" it could help to implement it. Thanks, Milan From cvs at cvs.gnupg.org Sun Jan 19 15:15:14 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 19 Jan 2014 15:15:14 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-37-g94030e4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 94030e44aaff805d754e368507f16dd51a531b72 (commit) via c3b30bae7d1e157f8b65e32ba1b3a516f2bbf58b (commit) from cfc151ba637200e4fc05d9481a8df2071b2f9a47 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 94030e44aaff805d754e368507f16dd51a531b72 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 md: Add Whirlpool bug emulation feature. * src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New. * src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS. Change all code to implement that flag. * cipher/md.c (gcry_md_context): Replace SECURE and FINALIZED by bit field FLAGS. Add flag BUGEMU1. Change all users. (md_open): Replace args SECURE and HMAC by FLAGS. Init flags.bugemu1. (_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1. (md_enable): Pass bugemu1 flag to the hash init function. (_gcry_md_reset): Ditto. -- This problem is for example exhibited in the Linux cryptsetup tool. See https://bbs.archlinux.org/viewtopic.php?id=175737 . It has be been tracked down by Milan Broz. The suggested way of using the flag is: if (whirlpool_bug_assumed) { #if GCRYPT_VERSION_NUMBER >= 0x010601 err = gcry_md_open (&hd, GCRY_MD_WHIRLPOOL, GCRY_MD_FLAG_BUGEMU1) if (gpg_err_code (err) == GPG_ERR_INV_ARG) error ("Need at least Libggcrypt 1.6.1 for the fix"); else { do_hash (hd); gcry_md_close (hd); } #endif } Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 4bf4a06..5e21eb6 100644 --- a/NEWS +++ b/NEWS @@ -8,10 +8,13 @@ Noteworthy changes in version 1.7.0 (unreleased) * Support curves GOST R 34.10-2001 and GOST R 34.10-2012. + * Add emulation from broken Whirlpool code prior to 1.6.0. + * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mac_get_algo NEW. GCRY_MAC_HMAC_MD2 NEW. + GCRY_MD_FLAG_BUGEMU1 NEW. Noteworthy changes in version 1.6.0 (2013-12-16) diff --git a/cipher/crc.c b/cipher/crc.c index 4f72ffb..1322f0d 100644 --- a/cipher/crc.c +++ b/cipher/crc.c @@ -149,9 +149,12 @@ CRC_CONTEXT; /* CRC32 */ static void -crc32_init (void *context) +crc32_init (void *context, unsigned int flags) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; + + (void)flags; + ctx->CRC = 0 ^ 0xffffffffL; } @@ -184,9 +187,12 @@ crc32_final (void *context) /* CRC32 a'la RFC 1510 */ static void -crc32rfc1510_init (void *context) +crc32rfc1510_init (void *context, unsigned int flags) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; + + (void)flags; + ctx->CRC = 0; } @@ -237,9 +243,12 @@ crc32rfc1510_final (void *context) #define CRC24_POLY 0x1864cfbL static void -crc24rfc2440_init (void *context) +crc24rfc2440_init (void *context, unsigned int flags) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; + + (void)flags; + ctx->CRC = CRC24_INIT; } diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c index b3326aa..9a39733 100644 --- a/cipher/gostr3411-94.c +++ b/cipher/gostr3411-94.c @@ -44,10 +44,12 @@ static unsigned int transform (void *c, const unsigned char *data, size_t nblks); static void -gost3411_init (void *context) +gost3411_init (void *context, unsigned int flags) { GOSTR3411_CONTEXT *hd = context; + (void)flags; + memset (&hd->hd, 0, sizeof(hd->hd)); memset (hd->h, 0, 32); memset (hd->sigma, 0, 32); diff --git a/cipher/md.c b/cipher/md.c index f4fb129..a332e03 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -1,7 +1,7 @@ /* md.c - message digest dispatcher * Copyright (C) 1998, 1999, 2002, 2003, 2006, * 2008 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2014 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -93,9 +93,12 @@ struct gcry_md_context { int magic; size_t actual_handle_size; /* Allocated size of this handle. */ - int secure; FILE *debug; - int finalized; + struct { + unsigned int secure: 1; + unsigned int finalized:1; + unsigned int bugemu1:1; + } flags; GcryDigestEntry *list; byte *macpads; int macpads_Bsize; /* Blocksize as used for the HMAC pads. */ @@ -269,9 +272,11 @@ check_digest_algo (int algorithm) * may be 0. */ static gcry_err_code_t -md_open (gcry_md_hd_t *h, int algo, int secure, int hmac) +md_open (gcry_md_hd_t *h, int algo, unsigned int flags) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t err = 0; + int secure = !!(flags & GCRY_MD_FLAG_SECURE); + int hmac = !!(flags & GCRY_MD_FLAG_HMAC); int bufsize = secure ? 512 : 1024; struct gcry_md_context *ctx; gcry_md_hd_t hd; @@ -315,7 +320,8 @@ md_open (gcry_md_hd_t *h, int algo, int secure, int hmac) memset (hd->ctx, 0, sizeof *hd->ctx); ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL; ctx->actual_handle_size = n + sizeof (struct gcry_md_context); - ctx->secure = secure; + ctx->flags.secure = secure; + ctx->flags.bugemu1 = !!(flags & GCRY_MD_FLAG_BUGEMU1); if (hmac) { @@ -371,13 +377,12 @@ _gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags) gcry_err_code_t rc; gcry_md_hd_t hd; - if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC))) + if ((flags & ~(GCRY_MD_FLAG_SECURE + | GCRY_MD_FLAG_HMAC + | GCRY_MD_FLAG_BUGEMU1))) rc = GPG_ERR_INV_ARG; else - { - rc = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE), - (flags & GCRY_MD_FLAG_HMAC)); - } + rc = md_open (&hd, algo, flags); *h = rc? NULL : hd; return rc; @@ -423,7 +428,7 @@ md_enable (gcry_md_hd_t hd, int algorithm) - sizeof (entry->context)); /* And allocate a new list entry. */ - if (h->secure) + if (h->flags.secure) entry = xtrymalloc_secure (size); else entry = xtrymalloc (size); @@ -438,7 +443,8 @@ md_enable (gcry_md_hd_t hd, int algorithm) h->list = entry; /* And init this instance. */ - entry->spec->init (&entry->context.c); + entry->spec->init (&entry->context.c, + h->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0); } } @@ -467,7 +473,7 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd) md_write (ahd, NULL, 0); n = (char *) ahd->ctx - (char *) ahd; - if (a->secure) + if (a->flags.secure) bhd = xtrymalloc_secure (n + sizeof (struct gcry_md_context)); else bhd = xtrymalloc (n + sizeof (struct gcry_md_context)); @@ -505,7 +511,7 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd) { for (ar = a->list; ar; ar = ar->next) { - if (a->secure) + if (a->flags.secure) br = xtrymalloc_secure (sizeof *br + ar->spec->contextsize - sizeof(ar->context)); @@ -560,12 +566,13 @@ _gcry_md_reset (gcry_md_hd_t a) /* Note: We allow this even in fips non operational mode. */ - a->bufpos = a->ctx->finalized = 0; + a->bufpos = a->ctx->flags.finalized = 0; for (r = a->ctx->list; r; r = r->next) { memset (r->context.c, 0, r->spec->contextsize); - (*r->spec->init) (&r->context.c); + (*r->spec->init) (&r->context.c, + a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0); } if (a->ctx->macpads) md_write (a, a->ctx->macpads, a->ctx->macpads_Bsize); /* inner pad */ @@ -642,7 +649,7 @@ md_final (gcry_md_hd_t a) { GcryDigestEntry *r; - if (a->ctx->finalized) + if (a->ctx->flags.finalized) return; if (a->bufpos) @@ -651,7 +658,7 @@ md_final (gcry_md_hd_t a) for (r = a->ctx->list; r; r = r->next) (*r->spec->final) (&r->context.c); - a->ctx->finalized = 1; + a->ctx->flags.finalized = 1; if (a->ctx->macpads) { @@ -660,8 +667,11 @@ md_final (gcry_md_hd_t a) byte *p = md_read (a, algo); size_t dlen = md_digest_length (algo); gcry_md_hd_t om; - gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0); + gcry_err_code_t err; + err = md_open (&om, algo, + ((a->ctx->flags.secure? GCRY_MD_FLAG_SECURE:0) + | (a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0))); if (err) _gcry_fatal_error (err, NULL); md_write (om, @@ -864,7 +874,7 @@ _gcry_md_hash_buffer (int algo, void *digest, } } - err = md_open (&h, algo, 0, 0); + err = md_open (&h, algo, 0); if (err) log_bug ("gcry_md_open failed for algo %d: %s", algo, gpg_strerror (gcry_error(err))); @@ -925,7 +935,7 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, } } - rc = md_open (&h, algo, 0, hmac); + rc = md_open (&h, algo, (hmac? GCRY_MD_FLAG_HMAC:0)); if (rc) return rc; @@ -1158,7 +1168,7 @@ _gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes) switch (cmd) { case GCRYCTL_IS_SECURE: - *nbytes = h->ctx->secure; + *nbytes = h->ctx->flags.secure; break; case GCRYCTL_IS_ALGO_ENABLED: diff --git a/cipher/md4.c b/cipher/md4.c index 40dc058..7291254 100644 --- a/cipher/md4.c +++ b/cipher/md4.c @@ -69,10 +69,12 @@ static unsigned int transform ( void *c, const unsigned char *data, size_t nblks ); static void -md4_init( void *context ) +md4_init (void *context, unsigned int flags) { MD4_CONTEXT *ctx = context; + (void)flags; + ctx->A = 0x67452301; ctx->B = 0xefcdab89; ctx->C = 0x98badcfe; diff --git a/cipher/md5.c b/cipher/md5.c index d06d3f7..73ad968 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -53,10 +53,12 @@ static unsigned int transform ( void *ctx, const unsigned char *data, size_t datalen ); static void -md5_init( void *context ) +md5_init( void *context, unsigned int flags) { MD5_CONTEXT *ctx = context; + (void)flags; + ctx->A = 0x67452301; ctx->B = 0xefcdab89; ctx->C = 0x98badcfe; diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 224694f..1a58ba6 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -143,11 +143,13 @@ static unsigned int transform ( void *ctx, const unsigned char *data, size_t nblks ); -void -_gcry_rmd160_init (void *context) +static void +rmd160_init (void *context, unsigned int flags) { RMD160_CONTEXT *hd = context; + (void)flags; + hd->h0 = 0x67452301; hd->h1 = 0xEFCDAB89; hd->h2 = 0x98BADCFE; @@ -162,6 +164,12 @@ _gcry_rmd160_init (void *context) } +void +_gcry_rmd160_init (void *context) +{ + rmd160_init (context, 0); +} + /**************** * Transform the message X which consists of 16 32-bit-words @@ -528,6 +536,6 @@ gcry_md_spec_t _gcry_digest_spec_rmd160 = { GCRY_MD_RMD160, {0, 0}, "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20, - _gcry_rmd160_init, _gcry_md_block_write, rmd160_final, rmd160_read, + rmd160_init, _gcry_md_block_write, rmd160_final, rmd160_read, sizeof (RMD160_CONTEXT) }; diff --git a/cipher/sha1.c b/cipher/sha1.c index 889a7ea..65bd686 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -106,11 +106,13 @@ transform (void *c, const unsigned char *data, size_t nblks); static void -sha1_init (void *context) +sha1_init (void *context, unsigned int flags) { SHA1_CONTEXT *hd = context; unsigned int features = _gcry_get_hw_features (); + (void)flags; + hd->h0 = 0x67452301; hd->h1 = 0xefcdab89; hd->h2 = 0x98badcfe; @@ -425,7 +427,7 @@ _gcry_sha1_hash_buffer (void *outbuf, const void *buffer, size_t length) { SHA1_CONTEXT hd; - sha1_init (&hd); + sha1_init (&hd, 0); _gcry_md_block_write (&hd, buffer, length); sha1_final (&hd); memcpy (outbuf, hd.bctx.buf, 20); @@ -438,7 +440,7 @@ _gcry_sha1_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt) { SHA1_CONTEXT hd; - sha1_init (&hd); + sha1_init (&hd, 0); for (;iovcnt > 0; iov++, iovcnt--) _gcry_md_block_write (&hd, (const char*)iov[0].data + iov[0].off, iov[0].len); diff --git a/cipher/sha256.c b/cipher/sha256.c index 601e9c0..4efaec6 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -92,11 +92,13 @@ transform (void *c, const unsigned char *data, size_t nblks); static void -sha256_init (void *context) +sha256_init (void *context, unsigned int flags) { SHA256_CONTEXT *hd = context; unsigned int features = _gcry_get_hw_features (); + (void)flags; + hd->h0 = 0x6a09e667; hd->h1 = 0xbb67ae85; hd->h2 = 0x3c6ef372; @@ -128,11 +130,13 @@ sha256_init (void *context) static void -sha224_init (void *context) +sha224_init (void *context, unsigned int flags) { SHA256_CONTEXT *hd = context; unsigned int features = _gcry_get_hw_features (); + (void)flags; + hd->h0 = 0xc1059ed8; hd->h1 = 0x367cd507; hd->h2 = 0x3070dd17; diff --git a/cipher/sha512.c b/cipher/sha512.c index 3474694..92b4913 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -119,12 +119,14 @@ static unsigned int transform (void *context, const unsigned char *data, size_t nblks); static void -sha512_init (void *context) +sha512_init (void *context, unsigned int flags) { SHA512_CONTEXT *ctx = context; SHA512_STATE *hd = &ctx->state; unsigned int features = _gcry_get_hw_features (); + (void)flags; + hd->h0 = U64_C(0x6a09e667f3bcc908); hd->h1 = U64_C(0xbb67ae8584caa73b); hd->h2 = U64_C(0x3c6ef372fe94f82b); @@ -157,12 +159,14 @@ sha512_init (void *context) } static void -sha384_init (void *context) +sha384_init (void *context, unsigned int flags) { SHA512_CONTEXT *ctx = context; SHA512_STATE *hd = &ctx->state; unsigned int features = _gcry_get_hw_features (); + (void)flags; + hd->h0 = U64_C(0xcbbb9d5dc1059ed8); hd->h1 = U64_C(0x629a292a367cd507); hd->h2 = U64_C(0x9159015a3070dd17); diff --git a/cipher/stribog.c b/cipher/stribog.c index 6d1d342..942bbf4 100644 --- a/cipher/stribog.c +++ b/cipher/stribog.c @@ -1198,10 +1198,12 @@ transform (void *context, const unsigned char *inbuf_arg, size_t datalen); static void -stribog_init_512 (void *context) +stribog_init_512 (void *context, unsigned int flags) { STRIBOG_CONTEXT *hd = context; + (void)flags; + memset (hd, 0, sizeof (*hd)); hd->bctx.blocksize = 64; @@ -1209,10 +1211,11 @@ stribog_init_512 (void *context) } static void -stribog_init_256 (void *context) +stribog_init_256 (void *context, unsigned int flags) { STRIBOG_CONTEXT *hd = context; - stribog_init_512 (context); + + stribog_init_512 (context, flags); memset (hd->h, 1, 64); } diff --git a/cipher/whirlpool.c b/cipher/whirlpool.c index 57ca882..ffc6662 100644 --- a/cipher/whirlpool.c +++ b/cipher/whirlpool.c @@ -54,6 +54,11 @@ typedef u64 whirlpool_block_t[BLOCK_SIZE / 8]; typedef struct { gcry_md_block_ctx_t bctx; whirlpool_block_t hash_state; + int use_bugemu; + struct { + size_t count; + unsigned char length[32]; + } bugemu; } whirlpool_context_t; @@ -1166,7 +1171,7 @@ whirlpool_transform (void *ctx, const unsigned char *data, size_t nblks); static void -whirlpool_init (void *ctx) +whirlpool_init (void *ctx, unsigned int flags) { whirlpool_context_t *context = ctx; @@ -1174,9 +1179,17 @@ whirlpool_init (void *ctx) context->bctx.blocksize = BLOCK_SIZE; context->bctx.bwrite = whirlpool_transform; + if ((flags & GCRY_MD_FLAG_BUGEMU1)) + { + memset (&context->bugemu, 0, sizeof context->bugemu); + context->use_bugemu = 1; + } + else + context->use_bugemu = 0; } + /* * Transform block. */ @@ -1295,15 +1308,120 @@ whirlpool_transform ( void *c, const unsigned char *data, size_t nblks ) return burn; } + +/* Bug compatibility Whirlpool version. */ +static void +whirlpool_add_bugemu (whirlpool_context_t *context, + const void *buffer_arg, size_t buffer_n) +{ + const unsigned char *buffer = buffer_arg; + u64 buffer_size; + unsigned int carry; + unsigned int i; + + buffer_size = buffer_n; + + if (context->bugemu.count == BLOCK_SIZE) + { + /* Flush the buffer. */ + whirlpool_transform (context, context->bctx.buf, 1); + context->bugemu.count = 0; + } + if (! buffer) + return; /* Nothing to add. */ + + if (context->bugemu.count) + { + while (buffer_n && (context->bugemu.count < BLOCK_SIZE)) + { + context->bctx.buf[context->bugemu.count++] = *buffer++; + buffer_n--; + } + whirlpool_add_bugemu (context, NULL, 0); + if (!buffer_n) + return; /* Done. This is the bug we emulate. */ + } + + while (buffer_n >= BLOCK_SIZE) + { + whirlpool_transform (context, buffer, 1); + context->bugemu.count = 0; + buffer_n -= BLOCK_SIZE; + buffer += BLOCK_SIZE; + } + while (buffer_n && (context->bugemu.count < BLOCK_SIZE)) + { + context->bctx.buf[context->bugemu.count++] = *buffer++; + buffer_n--; + } + + /* Update bit counter. */ + carry = 0; + buffer_size <<= 3; + for (i = 1; i <= 32; i++) + { + if (! (buffer_size || carry)) + break; + + carry += context->bugemu.length[32 - i] + (buffer_size & 0xFF); + context->bugemu.length[32 - i] = carry; + buffer_size >>= 8; + carry >>= 8; + } + gcry_assert (! (buffer_size || carry)); +} + + +/* Bug compatibility Whirlpool version. */ +static void +whirlpool_final_bugemu (void *ctx) +{ + whirlpool_context_t *context = ctx; + unsigned int i; + + /* Flush. */ + whirlpool_add_bugemu (context, NULL, 0); + + /* Pad. */ + context->bctx.buf[context->bugemu.count++] = 0x80; + + if (context->bugemu.count > 32) + { + /* An extra block is necessary. */ + while (context->bugemu.count < 64) + context->bctx.buf[context->bugemu.count++] = 0; + whirlpool_add_bugemu (context, NULL, 0); + } + while (context->bugemu.count < 32) + context->bctx.buf[context->bugemu.count++] = 0; + + /* Add length of message. */ + memcpy (context->bctx.buf + context->bugemu.count, + context->bugemu.length, 32); + context->bugemu.count += 32; + whirlpool_add_bugemu (context, NULL, 0); + + block_to_buffer (context->bctx.buf, context->hash_state, i); +} + + static void whirlpool_write (void *ctx, const void *buffer, size_t buffer_n) { whirlpool_context_t *context = ctx; - u64 old_nblocks = context->bctx.nblocks; - _gcry_md_block_write (context, buffer, buffer_n); + if (context->use_bugemu) + { + whirlpool_add_bugemu (context, buffer, buffer_n); + } + else + { + u64 old_nblocks = context->bctx.nblocks; + + _gcry_md_block_write (context, buffer, buffer_n); - gcry_assert (old_nblocks <= context->bctx.nblocks); + gcry_assert (old_nblocks <= context->bctx.nblocks); + } } static void @@ -1314,6 +1432,12 @@ whirlpool_final (void *ctx) u64 t, th, lsb, msb; unsigned char *length; + if (context->use_bugemu) + { + whirlpool_final_bugemu (ctx); + return; + } + t = context->bctx.nblocks; /* if (sizeof t == sizeof context->bctx.nblocks) */ th = context->bctx.nblocks_high; diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 7712b80..4a91790 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3111,6 +3111,22 @@ The size of the MAC is equal to the message digest of the underlying hash algorithm. If you want CBC message authentication codes based on a cipher, see @xref{Working with cipher handles}. + at item GCRY_MD_FLAG_BUGEMU1 + at cindex bug emulation +Versions of Libgcrypt before 1.6.0 had a bug in the Whirlpool code +which led to a wrong result for certain input sizes and write +patterns. Using this flag emulates that bug. This may for example be +useful for applications which use Whirlpool as part of their key +generation. It is strongly suggested to use this flag only if really +needed and if possible to the data should be re-processed using the +regular Whirlpool algorithm. + +Note that this flag works for the entire hash context. If needed +arises it may be used to enable bug emulation for other hash +algorithms. Thus you should not use this flag for a multi-algorithm +hash context. + + @end table @c begin table of hash flags diff --git a/src/cipher-proto.h b/src/cipher-proto.h index 0955ef5..8267791 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -204,7 +204,7 @@ typedef struct gcry_cipher_spec */ /* Type for the md_init function. */ -typedef void (*gcry_md_init_t) (void *c); +typedef void (*gcry_md_init_t) (void *c, unsigned int flags); /* Type for the md_write function. */ typedef void (*gcry_md_write_t) (void *c, const void *buf, size_t nbytes); diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index f8318c0..b06f259 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1151,7 +1151,8 @@ enum gcry_md_algos enum gcry_md_flags { GCRY_MD_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */ - GCRY_MD_FLAG_HMAC = 2 /* Make an HMAC out of this algorithm. */ + GCRY_MD_FLAG_HMAC = 2, /* Make an HMAC out of this algorithm. */ + GCRY_MD_FLAG_BUGEMU1 = 0x0100 }; /* (Forward declaration.) */ diff --git a/tests/basic.c b/tests/basic.c index 697485e..5fd7131 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -4046,6 +4046,7 @@ check_digests (void) #endif { 0 } }; + gcry_error_t err; int i; if (verbose) @@ -4074,6 +4075,58 @@ check_digests (void) algos[i].expect); } + /* Check the Whirlpool bug emulation. */ + if (!gcry_md_test_algo (GCRY_MD_WHIRLPOOL) && !in_fips_mode) + { + static const char expect[] = + "\x35\x28\xd6\x4c\x56\x2c\x55\x2e\x3b\x91\x93\x95\x7b\xdd\xcc\x6e" + "\x6f\xb7\xbf\x76\x22\x9c\xc6\x23\xda\x3e\x09\x9b\x36\xe8\x6d\x76" + "\x2f\x94\x3b\x0c\x63\xa0\xba\xa3\x4d\x66\x71\xe6\x5d\x26\x67\x28" + "\x36\x1f\x0e\x1a\x40\xf0\xce\x83\x50\x90\x1f\xfa\x3f\xed\x6f\xfd"; + gcry_md_hd_t hd; + int algo = GCRY_MD_WHIRLPOOL; + unsigned char *p; + int mdlen; + + err = gcry_md_open (&hd, GCRY_MD_WHIRLPOOL, GCRY_MD_FLAG_BUGEMU1); + if (err) + { + fail ("algo %d, gcry_md_open failed: %s\n", algo, gpg_strerror (err)); + goto leave; + } + + mdlen = gcry_md_get_algo_dlen (algo); + if (mdlen < 1 || mdlen > 500) + { + fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); + gcry_md_close (hd); + goto leave; + } + + /* Hash 62 byes in chunks. */ + gcry_md_write (hd, "1234567890", 10); + gcry_md_write (hd, "1234567890123456789012345678901234567890123456789012", + 52); + + p = gcry_md_read (hd, algo); + + if (memcmp (p, expect, mdlen)) + { + printf ("computed: "); + for (i = 0; i < mdlen; i++) + printf ("%02x ", p[i] & 0xFF); + printf ("\nexpected: "); + for (i = 0; i < mdlen; i++) + printf ("%02x ", expect[i] & 0xFF); + printf ("\n"); + + fail ("algo %d, digest mismatch\n", algo); + } + + gcry_md_close (hd); + } + + leave: if (verbose) fprintf (stderr, "Completed hash checks.\n"); } commit c3b30bae7d1e157f8b65e32ba1b3a516f2bbf58b Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Actually check for uint64_t. * configure.ac: Check size of uint64_t and the UINT64_C macro. -- configure.ac used $ac_cv_sizeof_uint64_t but never set this variable. Due to the availability of long long on all platforms supporting uint64_t this was not a real problem. Found while remove the corresponding test from gnupg. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 6272871..c3ab96f 100644 --- a/configure.ac +++ b/configure.ac @@ -350,6 +350,15 @@ if test "$ac_cv_sizeof_unsigned_short" = "0" \ AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]); fi +# Ensure that we have UINT64_C before we bother to check for uint64_t +AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[uint64_t foo=UINT64_C(42);]])], + gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no)) +if test "$gnupg_cv_uint64_c_works" = "yes" ; then + AC_CHECK_SIZEOF(uint64_t) +fi + # Do we have any 64-bit data types? if test "$ac_cv_sizeof_unsigned_int" != "8" \ && test "$ac_cv_sizeof_unsigned_long" != "8" \ ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++ cipher/crc.c | 15 ++++-- cipher/gostr3411-94.c | 4 +- cipher/md.c | 56 ++++++++++++--------- cipher/md4.c | 4 +- cipher/md5.c | 4 +- cipher/rmd160.c | 14 ++++-- cipher/sha1.c | 8 +-- cipher/sha256.c | 8 ++- cipher/sha512.c | 8 ++- cipher/stribog.c | 9 ++-- cipher/whirlpool.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++-- configure.ac | 9 ++++ doc/gcrypt.texi | 16 ++++++ src/cipher-proto.h | 2 +- src/gcrypt.h.in | 3 +- tests/basic.c | 53 ++++++++++++++++++++ 17 files changed, 300 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Sun Jan 19 15:13:43 2014 From: wk at gnupg.org (Werner Koch) Date: Sun, 19 Jan 2014 15:13:43 +0100 Subject: Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? In-Reply-To: <52D9995F.1070808@gmail.com> (Milan Broz's message of "Fri, 17 Jan 2014 21:58:07 +0100") References: <52D975A3.6080609@gmail.com> <87sismz76l.fsf@vigenere.g10code.de> <52D9995F.1070808@gmail.com> Message-ID: <87fvokys88.fsf@vigenere.g10code.de> On Fri, 17 Jan 2014 21:58, gmazyland at gmail.com said: > So if there is a "bug emulation flag" it could help to implement it. Done in master. The code is not very sophisticated: I added the flag and then re-added most of the old code. If this works out for you I will backport it to 1.6 and release a 1.6.1 soon. The suggested way of using the flag is: if (whirlpool_bug_assumed) { #if GCRYPT_VERSION_NUMBER >= 0x010601 err = gcry_md_open (&hd, GCRY_MD_WHIRLPOOL, GCRY_MD_FLAG_BUGEMU1) if (gpg_err_code (err) == GPG_ERR_INV_ARG) error ("Need at least Libggcrypt 1.6.1 for the fix"); else { do_hash (hd); gcry_md_close (hd); } #endif } Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gmazyland at gmail.com Sun Jan 19 20:49:41 2014 From: gmazyland at gmail.com (Milan Broz) Date: Sun, 19 Jan 2014 20:49:41 +0100 Subject: Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? In-Reply-To: <87fvokys88.fsf@vigenere.g10code.de> References: <52D975A3.6080609@gmail.com> <87sismz76l.fsf@vigenere.g10code.de> <52D9995F.1070808@gmail.com> <87fvokys88.fsf@vigenere.g10code.de> Message-ID: <52DC2C55.4020701@gmail.com> On 01/19/2014 03:13 PM, Werner Koch wrote: > On Fri, 17 Jan 2014 21:58, gmazyland at gmail.com said: > >> So if there is a "bug emulation flag" it could help to implement it. > > Done in master. The code is not very sophisticated: I added the flag and > then re-added most of the old code. If this works out for you I > will backport it to 1.6 and release a 1.6.1 soon. It works, thanks! Please could you also add pbkdf2 speed fix to 1.6.1? Because cryptsetup supports several backends (where this flawed whirlpool was never present), I won't do any automatic repairs but instead I added internal "whirlpool_gcryptbug" hash name to gcrypt cryptsetup backend (which uses this flag with gcrypt > 1.6.0) This will allow people to use it if really needed. Thanks, Milan From wk at gnupg.org Mon Jan 20 08:56:17 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Jan 2014 08:56:17 +0100 Subject: Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? In-Reply-To: <52DC2C55.4020701@gmail.com> (Milan Broz's message of "Sun, 19 Jan 2014 20:49:41 +0100") References: <52D975A3.6080609@gmail.com> <87sismz76l.fsf@vigenere.g10code.de> <52D9995F.1070808@gmail.com> <87fvokys88.fsf@vigenere.g10code.de> <52DC2C55.4020701@gmail.com> Message-ID: <87ob37xf1a.fsf@vigenere.g10code.de> On Sun, 19 Jan 2014 20:49, gmazyland at gmail.com said: > It works, thanks! Please could you also add pbkdf2 speed fix to 1.6.1? Sure. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Mon Jan 20 11:13:56 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 20 Jan 2014 11:13:56 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-39-gdad06e4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via dad06e4d1b835bac778b87090b1d3894b7535b14 (commit) via 192e77d123fdb04c459c998b9eb1731618a833fa (commit) from 94030e44aaff805d754e368507f16dd51a531b72 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dad06e4d1b835bac778b87090b1d3894b7535b14 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 cipher: Fix commit 94030e44 * cipher/tiger.c (tiger_init): Add arg FLAGS. (tiger1_init, tiger2_init): Ditto. diff --git a/cipher/tiger.c b/cipher/tiger.c index 17c4119..91db4e6 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -610,20 +610,26 @@ do_init (void *context, int variant) } static void -tiger_init (void *context) +tiger_init (void *context, unsigned int flags) { + (void)flags; + do_init (context, 0); } static void -tiger1_init (void *context) +tiger1_init (void *context, unsigned int flags) { + (void)flags; + do_init (context, 1); } static void -tiger2_init (void *context) +tiger2_init (void *context, unsigned int flags) { + (void)flags; + do_init (context, 2); } commit 192e77d123fdb04c459c998b9eb1731618a833fa Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 tests: Rename tsexp.c * tests/tsexp.c: Rename to t-sexp.c Signed-off-by: Werner Koch diff --git a/tests/Makefile.am b/tests/Makefile.am index f5b5b9f..884fb3d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in tests_bin = \ - version mpitests tsexp t-convert \ + version mpitests t-sexp t-convert \ t-mpi-bit t-mpi-point curves \ prime basic keygen pubkey hmac hashtest t-kdf keygrip \ fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 t-ed25519 diff --git a/tests/tsexp.c b/tests/t-sexp.c similarity index 99% rename from tests/tsexp.c rename to tests/t-sexp.c index 1ab9802..ec8b280 100644 --- a/tests/tsexp.c +++ b/tests/t-sexp.c @@ -1,4 +1,4 @@ -/* tsexp.c - S-expression regression tests +/* t-sexp.c - S-expression regression tests * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. * * This file is part of Libgcrypt. @@ -28,7 +28,7 @@ #include #include "../src/gcrypt-int.h" -#define PGMNAME "tsexp" +#define PGMNAME "t-sexp" #ifndef DIM # define DIM(v) (sizeof(v)/sizeof((v)[0])) ----------------------------------------------------------------------- Summary of changes: cipher/tiger.c | 12 +++++++++--- tests/Makefile.am | 2 +- tests/{tsexp.c => t-sexp.c} | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) rename tests/{tsexp.c => t-sexp.c} (99%) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Jan 20 11:35:32 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Jan 2014 11:35:32 +0100 Subject: Storing keys and signatures as sexps In-Reply-To: <877gaykl4p.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sat, 21 Dec 2013 21:24:38 +0100") References: <877gaykl4p.fsf@gnu.org> Message-ID: <87bnz7j5zf.fsf@vigenere.g10code.de> On Sat, 21 Dec 2013 21:24, ludo at gnu.org said: > For the purposes of signing package binaries exported from Guix, I am > considering storing both key pairs and signatures using the sexp > ?advanced? external representation [0]. Nice. Slowly the SPKI data structures get some notice. > AFAICS the format is generic, stable, and not libgcrypt-specific, so > this looks like a reasonable choice. I tried to model it along SPKI but there are for sure some Libgcrypt specific details. LSH also uses (still?) S-expression. > Nevertheless, is there anything you would caution about? If you want to hash the material you need to convert it to canonical format first - but that is easy. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ludo at gnu.org Mon Jan 20 18:27:01 2014 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Mon, 20 Jan 2014 18:27:01 +0100 Subject: Storing keys and signatures as sexps In-Reply-To: <87bnz7j5zf.fsf@vigenere.g10code.de> (Werner Koch's message of "Mon, 20 Jan 2014 11:35:32 +0100") References: <877gaykl4p.fsf@gnu.org> <87bnz7j5zf.fsf@vigenere.g10code.de> Message-ID: <87wqhuo97e.fsf@gnu.org> Werner Koch skribis: > On Sat, 21 Dec 2013 21:24, ludo at gnu.org said: [...] >> AFAICS the format is generic, stable, and not libgcrypt-specific, so >> this looks like a reasonable choice. > > I tried to model it along SPKI but there are for sure some Libgcrypt > specific details. LSH also uses (still?) S-expression. There are differences between sexps produced by lsh?s libspki, and gcrypt sexps. Notably: ? libspki stores RSA public keys as shown in , with tokens like ?rsa-pkcs1-md5?, whereas gcrypt produces something slightly different; ? lsh has its own format to represent password-protected key pairs (with the limitation that the whole key pair is encrypted); ? higher-level SPKI sexps like signatures are not standardized; for instance gcrypt uses the ?sig-val? token, whereas spki.txt suggests something slightly different. (Niels and I discussed some of these items at .) It would be great if we could work towards unifying the sexps used in both implementations. >> Nevertheless, is there anything you would caution about? > > If you want to hash the material you need to convert it to canonical > format first - but that is easy. Right. Thanks for your feedback! Ludo?. From wk at gnupg.org Thu Jan 23 11:29:01 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 23 Jan 2014 11:29:01 +0100 Subject: Storing keys and signatures as sexps In-Reply-To: <87wqhuo97e.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Mon, 20 Jan 2014 18:27:01 +0100") References: <877gaykl4p.fsf@gnu.org> <87bnz7j5zf.fsf@vigenere.g10code.de> <87wqhuo97e.fsf@gnu.org> Message-ID: <87zjmndmaa.fsf@vigenere.g10code.de> On Mon, 20 Jan 2014 18:27, ludo at gnu.org said: > ? libspki stores RSA public keys as shown in > , with tokens like > ?rsa-pkcs1-md5?, whereas gcrypt produces something slightly > different; Right, the one-identifier approach for all algorithms involved has not been of my taste. And well, SPKI was dead even back in 2001 when I cam up with our format. > It would be great if we could work towards unifying the sexps used in > both implementations. That would be quite hard given that we need to take care of backward compatibility and a software base in production use form more than a decade. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Thu Jan 23 15:31:45 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jan 2014 15:31:45 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-40-g4ad3417 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4ad3417acab5021db1f722c314314ce4b781833a (commit) from dad06e4d1b835bac778b87090b1d3894b7535b14 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ad3417acab5021db1f722c314314ce4b781833a Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Support building using the latest mingw-w64 toolchain. * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection. -- This patch is related to Debian-bug-id 730271 for GnuPG 1.4: From: Stephen Kitt All MinGW targets require underscores when linking. This patch fixes acinclude.m4 and the resulting configure so they don't limit the use of underscores to the old mingw32msvc targets. Signed-off-by: Werner Koch diff --git a/acinclude.m4 b/acinclude.m4 index fdb2d17..0791b84 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -101,7 +101,7 @@ AC_DEFUN([GNUPG_CHECK_GNUMAKE], AC_DEFUN([GNUPG_SYS_SYMBOL_UNDERSCORE], [tmp_do_check="no" case "${host}" in - *-mingw32msvc*) + *-mingw32*) ac_cv_sys_symbol_underscore=yes ;; i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp) ----------------------------------------------------------------------- Summary of changes: acinclude.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From dbaryshkov at gmail.com Fri Jan 24 12:02:14 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 24 Jan 2014 15:02:14 +0400 Subject: [PATCH 1/2] Fix number of blocks passed used in _gcry_rmd160_mixblock Message-ID: <1390561335-19320-1-git-send-email-dbaryshkov@gmail.com> * cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform -- Currently _gcry_rmd160_mixblock() passes 64 as nblocks to transform() function, while passing only one block of data. This causes acess after the allocated data and tons of errors on each valgrind invokation. Signed-off-by: Dmitry Eremin-Solenikov --- cipher/rmd160.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 1a58ba6..2aba0fe 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -421,7 +421,7 @@ _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) { char *p = blockof64byte; - transform ( hd, blockof64byte, 64 ); + transform ( hd, blockof64byte, 1 ); #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) X(0); X(1); -- 1.8.5.2 From dbaryshkov at gmail.com Fri Jan 24 12:02:15 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Fri, 24 Jan 2014 15:02:15 +0400 Subject: [PATCH 2/2] Pass -no-install to libtool while building tests In-Reply-To: <1390561335-19320-1-git-send-email-dbaryshkov@gmail.com> References: <1390561335-19320-1-git-send-email-dbaryshkov@gmail.com> Message-ID: <1390561335-19320-2-git-send-email-dbaryshkov@gmail.com> * tests/Makefile.am: add AM_LDFLAGS = -no-install -- There is little point building tests with support for installation. Passing -no-install stops libtool from building wrapper scripts, thus allowing direct gdb/valgrind invocation on programs in tests/ subdirectory. Signed-off-by: Dmitry Eremin-Solenikov --- tests/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 884fb3d..1a1bb1c 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -45,6 +45,7 @@ TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1 AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) +AM_LDFLAGS = -no-install LDADD = ../src/libgcrypt.la $(DL_LIBS) ../compat/libcompat.la $(GPG_ERROR_LIBS) EXTRA_PROGRAMS = testapi pkbench -- 1.8.5.2 From wk at gnupg.org Fri Jan 24 15:13:56 2014 From: wk at gnupg.org (Werner Koch) Date: Fri, 24 Jan 2014 15:13:56 +0100 Subject: [PATCH 2/2] Pass -no-install to libtool while building tests In-Reply-To: <1390561335-19320-2-git-send-email-dbaryshkov@gmail.com> (Dmitry Eremin-Solenikov's message of "Fri, 24 Jan 2014 15:02:15 +0400") References: <1390561335-19320-1-git-send-email-dbaryshkov@gmail.com> <1390561335-19320-2-git-send-email-dbaryshkov@gmail.com> Message-ID: <8761p9a2mz.fsf@vigenere.g10code.de> On Fri, 24 Jan 2014 12:02, dbaryshkov at gmail.com said: > There is little point building tests with support for installation. > Passing -no-install stops libtool from building wrapper scripts, > thus allowing direct gdb/valgrind invocation on programs in tests/ Cool. I didn't notice this option. I will add it to all gnupg related libs. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ludo at gnu.org Fri Jan 24 17:42:41 2014 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Fri, 24 Jan 2014 17:42:41 +0100 Subject: Storing keys and signatures as sexps In-Reply-To: <87zjmndmaa.fsf@vigenere.g10code.de> (Werner Koch's message of "Thu, 23 Jan 2014 11:29:01 +0100") References: <877gaykl4p.fsf@gnu.org> <87bnz7j5zf.fsf@vigenere.g10code.de> <87wqhuo97e.fsf@gnu.org> <87zjmndmaa.fsf@vigenere.g10code.de> Message-ID: <87fvodfi0u.fsf@gnu.org> Werner Koch skribis: > On Mon, 20 Jan 2014 18:27, ludo at gnu.org said: > >> ? libspki stores RSA public keys as shown in >> , with tokens like >> ?rsa-pkcs1-md5?, whereas gcrypt produces something slightly >> different; > > Right, the one-identifier approach for all algorithms involved has not > been of my taste. And well, SPKI was dead even back in 2001 when I cam > up with our format. Yeah. What gcrypt uses looks more flexible and extensible. >> It would be great if we could work towards unifying the sexps used in >> both implementations. > > That would be quite hard given that we need to take care of backward > compatibility and a software base in production use form more than a > decade. Maybe i?d be easier for lsh to support new formats because it doesn?t export its sexp API, so it could convert from one representation to another internally. Food for thought... Thanks, Ludo?. From dbaryshkov at gmail.com Sat Jan 25 00:21:38 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Sat, 25 Jan 2014 03:21:38 +0400 Subject: [PATCH 1/2] Fix memory leaks in ecc code Message-ID: <1390605699-21175-1-git-send-email-dbaryshkov@gmail.com> * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi values. * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error path. * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi. -- ==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8 ==11657== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==11657== by 0x404178F: _gcry_private_malloc (stdmem.c:113) ==11657== by 0x403CED1: do_malloc.constprop.4 (global.c:768) ==11657== by 0x403DD01: _gcry_xmalloc (global.c:790) ==11657== by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84) ==11657== by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466) ==11657== by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796) ==11657== by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327) ==11657== by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378) ==11657== by 0x407B895: compute_keygrip (ecc.c:1492) ==11657== by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674) ==11657== by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056) ==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7 ==16502== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==16502== by 0x404B4DE: _gcry_private_malloc (stdmem.c:113) ==16502== by 0x404667B: do_malloc (global.c:768) ==16502== by 0x40466E7: _gcry_malloc (global.c:790) ==16502== by 0x4046A55: _gcry_xmalloc (global.c:944) ==16502== by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84) ==16502== by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548) ==16502== by 0x40A72B2: scanval (ecc-curves.c:432) ==16502== by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685) ==16502== by 0x4058164: _gcry_pk_get_curve (pubkey.c:747) ==16502== by 0x4043E14: gcry_pk_get_curve (visibility.c:1067) ==16502== by 0x8048934: check_matching (curves.c:124) Signed-off-by: Dmitry Eremin-Solenikov --- cipher/ecc-curves.c | 22 ++++++++++++++++++---- cipher/ecc.c | 2 +- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index dc74ee0..0f622f7 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -575,6 +575,7 @@ _gcry_ecc_update_curve_param (const char *name, return gpg_err_code_from_syserror (); strcpy (stpcpy (stpcpy (buf, "0x04"), domain_parms[idx].g_x+2), domain_parms[idx].g_y+2); + _gcry_mpi_release (*g); *g = scanval (buf); xfree (buf); } @@ -583,13 +584,25 @@ _gcry_ecc_update_curve_param (const char *name, if (dialect) *dialect = domain_parms[idx].dialect; if (p) - *p = scanval (domain_parms[idx].p); + { + _gcry_mpi_release (*p); + *p = scanval (domain_parms[idx].p); + } if (a) - *a = scanval (domain_parms[idx].a); + { + _gcry_mpi_release (*a); + *a = scanval (domain_parms[idx].a); + } if (b) - *b = scanval (domain_parms[idx].b); + { + _gcry_mpi_release (*b); + *b = scanval (domain_parms[idx].b); + } if (n) - *n = scanval (domain_parms[idx].n); + { + _gcry_mpi_release (*n); + *n = scanval (domain_parms[idx].n); + } return 0; } @@ -669,6 +682,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits) for (idx = 0; domain_parms[idx].desc; idx++) { + mpi_free (tmp); tmp = scanval (domain_parms[idx].p); if (!mpi_cmp (tmp, E.p)) { diff --git a/cipher/ecc.c b/cipher/ecc.c index 0e5776c..e0be2d4 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1520,7 +1520,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) &values[0], &values[1], &values[2], &values[3], &values[4]); if (rc) - return rc; + goto leave; } } -- 1.8.5.2 From dbaryshkov at gmail.com Sat Jan 25 00:21:39 2014 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Sat, 25 Jan 2014 03:21:39 +0400 Subject: [PATCH 2/2] Fix most of memory leaks in tests code In-Reply-To: <1390605699-21175-1-git-send-email-dbaryshkov@gmail.com> References: <1390605699-21175-1-git-send-email-dbaryshkov@gmail.com> Message-ID: <1390605699-21175-2-git-send-email-dbaryshkov@gmail.com> * tests/basic.c (check_ccm_cipher): Close cipher after use. * tests/basic.c (check_one_cipher): Correct length of used buffer. * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer initialized. * tests/keygen.c (check_ecc_keys): Release generated key. * tests/t-mpi-point.c (context_param): Release mpi Q. * tests/t-sexp.c (check_extract_param): Release extracted number. -- The only remaining reported memory leak is one expected leak from mpitests.c. Signed-off-by: Dmitry Eremin-Solenikov --- tests/basic.c | 6 +++++- tests/benchmark.c | 2 +- tests/keygen.c | 1 + tests/mpitests.c | 1 + tests/t-mpi-point.c | 1 + tests/t-sexp.c | 1 + 6 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/basic.c b/tests/basic.c index 8cd638d..bd90d53 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -2450,6 +2450,8 @@ check_ccm_cipher (void) if (memcmp (buf, tag, taglen) != 0) fail ("cipher-ccm-large, encrypt mismatch entry\n"); + + gcry_cipher_close (hde); } #if 0 @@ -2542,6 +2544,8 @@ check_ccm_cipher (void) if (memcmp (buf, tag, taglen) != 0) fail ("cipher-ccm-huge, encrypt mismatch entry\n"); + + gcry_cipher_close (hde); } if (verbose) @@ -3733,7 +3737,7 @@ check_one_cipher (int algo, int mode, int flags) return; /* Pass 2: Key not aligned and data not aligned. */ - memmove (plain+1, plain, 1024); + memmove (plain+1, plain, 1040); if (check_one_cipher_core (algo, mode, flags, key+1, 32, plain+1, 1040, bufshift, 2+10*bufshift)) return; diff --git a/tests/benchmark.c b/tests/benchmark.c index e009c22..5efc083 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -656,7 +656,7 @@ cipher_bench ( const char *algoname ) } repetitions *= cipher_repetitions; - raw_buf = gcry_xmalloc (allocated_buflen+15); + raw_buf = gcry_xcalloc (allocated_buflen+15, 1); buf = (raw_buf + ((16 - ((size_t)raw_buf & 0x0f)) % buffer_alignment)); outbuf = raw_outbuf = gcry_xmalloc (allocated_buflen+15); diff --git a/tests/keygen.c b/tests/keygen.c index e8cf7c5..4aff9c9 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -413,6 +413,7 @@ check_ecc_keys (void) show_sexp ("ECC key:\n", key); check_generated_ecc_key (key); + gcry_sexp_release (key); if (verbose) show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n"); diff --git a/tests/mpitests.c b/tests/mpitests.c index 9d1206e..d75aca9 100644 --- a/tests/mpitests.c +++ b/tests/mpitests.c @@ -212,6 +212,7 @@ test_opaque (void) if (debug) gcry_log_debugmpi ("mpi", a); + gcry_mpi_release (a); p = gcry_xstrdup ("This is a test buffer"); a = gcry_mpi_set_opaque_copy (NULL, p, 21*8+1); diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index d60b3f0..88bb5bd 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -601,6 +601,7 @@ context_param (void) if (err) fail ("setting Q for nistp256 failed: %s\n", gpg_strerror (err)); get_and_cmp_mpi ("q", sample_p256_q, "nistp256(2)", ctx); + gcry_mpi_release (q); /* Get as s-expression. */ err = gcry_pubkey_get_sexp (&sexp, 0, ctx); diff --git a/tests/t-sexp.c b/tests/t-sexp.c index ec8b280..4c48277 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -1035,6 +1035,7 @@ check_extract_param (void) gcry_log_debugmpi (" got", mpis[0]); } + gcry_free (ioarray[0].data); gcry_mpi_release (mpis[0]); gcry_sexp_release (sxp); -- 1.8.5.2 From wk at gnupg.org Mon Jan 27 14:25:11 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Jan 2014 14:25:11 +0100 Subject: [PATCH 1/2] Fix number of blocks passed used in _gcry_rmd160_mixblock In-Reply-To: <1390561335-19320-1-git-send-email-dbaryshkov@gmail.com> (Dmitry Eremin-Solenikov's message of "Fri, 24 Jan 2014 15:02:14 +0400") References: <1390561335-19320-1-git-send-email-dbaryshkov@gmail.com> Message-ID: <87k3dl7e14.fsf@vigenere.g10code.de> On Fri, 24 Jan 2014 12:02, dbaryshkov at gmail.com said: > Currently _gcry_rmd160_mixblock() passes 64 as nblocks to transform() > function, while passing only one block of data. This causes acess after > the allocated data and tons of errors on each valgrind invokation. Great. That is also the solution for the crashe I experienced on Windows. Thanks. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Mon Jan 27 14:35:36 2014 From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov) Date: Mon, 27 Jan 2014 14:35:36 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-48-g5c150ec Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5c150ece094bf0a504a111ce6c7b72e8d0b0457a (commit) via 6d87e6abdfb7552323a95401f14e6367398a3e5a (commit) from 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5c150ece094bf0a504a111ce6c7b72e8d0b0457a Author: Dmitry Eremin-Solenikov Date: Sat Jan 25 03:21:39 2014 +0400 Fix most of memory leaks in tests code * tests/basic.c (check_ccm_cipher): Close cipher after use. * tests/basic.c (check_one_cipher): Correct length of used buffer. * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer initialized. * tests/keygen.c (check_ecc_keys): Release generated key. * tests/t-mpi-point.c (context_param): Release mpi Q. * tests/t-sexp.c (check_extract_param): Release extracted number. -- The only remaining reported memory leak is one expected leak from mpitests.c. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/tests/basic.c b/tests/basic.c index e85e4e1..4474a9d 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -2213,6 +2213,8 @@ check_ccm_cipher (void) if (memcmp (buf, tag, taglen) != 0) fail ("cipher-ccm-large, encrypt mismatch entry\n"); + + gcry_cipher_close (hde); } #if 0 @@ -2305,6 +2307,8 @@ check_ccm_cipher (void) if (memcmp (buf, tag, taglen) != 0) fail ("cipher-ccm-huge, encrypt mismatch entry\n"); + + gcry_cipher_close (hde); } if (verbose) @@ -3496,7 +3500,7 @@ check_one_cipher (int algo, int mode, int flags) return; /* Pass 2: Key not aligned and data not aligned. */ - memmove (plain+1, plain, 1024); + memmove (plain+1, plain, 1040); if (check_one_cipher_core (algo, mode, flags, key+1, 32, plain+1, 1040, bufshift, 2+10*bufshift)) return; diff --git a/tests/benchmark.c b/tests/benchmark.c index e009c22..5efc083 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -656,7 +656,7 @@ cipher_bench ( const char *algoname ) } repetitions *= cipher_repetitions; - raw_buf = gcry_xmalloc (allocated_buflen+15); + raw_buf = gcry_xcalloc (allocated_buflen+15, 1); buf = (raw_buf + ((16 - ((size_t)raw_buf & 0x0f)) % buffer_alignment)); outbuf = raw_outbuf = gcry_xmalloc (allocated_buflen+15); diff --git a/tests/keygen.c b/tests/keygen.c index e8cf7c5..4aff9c9 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -413,6 +413,7 @@ check_ecc_keys (void) show_sexp ("ECC key:\n", key); check_generated_ecc_key (key); + gcry_sexp_release (key); if (verbose) show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n"); diff --git a/tests/mpitests.c b/tests/mpitests.c index 9d1206e..d75aca9 100644 --- a/tests/mpitests.c +++ b/tests/mpitests.c @@ -212,6 +212,7 @@ test_opaque (void) if (debug) gcry_log_debugmpi ("mpi", a); + gcry_mpi_release (a); p = gcry_xstrdup ("This is a test buffer"); a = gcry_mpi_set_opaque_copy (NULL, p, 21*8+1); diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index d60b3f0..88bb5bd 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -601,6 +601,7 @@ context_param (void) if (err) fail ("setting Q for nistp256 failed: %s\n", gpg_strerror (err)); get_and_cmp_mpi ("q", sample_p256_q, "nistp256(2)", ctx); + gcry_mpi_release (q); /* Get as s-expression. */ err = gcry_pubkey_get_sexp (&sexp, 0, ctx); diff --git a/tests/t-sexp.c b/tests/t-sexp.c index ec8b280..4c48277 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -1035,6 +1035,7 @@ check_extract_param (void) gcry_log_debugmpi (" got", mpis[0]); } + gcry_free (ioarray[0].data); gcry_mpi_release (mpis[0]); gcry_sexp_release (sxp); commit 6d87e6abdfb7552323a95401f14e6367398a3e5a Author: Dmitry Eremin-Solenikov Date: Sat Jan 25 03:21:38 2014 +0400 Fix memory leaks in ecc code * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi values. * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error path. * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi. -- ==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8 ==11657== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==11657== by 0x404178F: _gcry_private_malloc (stdmem.c:113) ==11657== by 0x403CED1: do_malloc.constprop.4 (global.c:768) ==11657== by 0x403DD01: _gcry_xmalloc (global.c:790) ==11657== by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84) ==11657== by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466) ==11657== by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796) ==11657== by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327) ==11657== by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378) ==11657== by 0x407B895: compute_keygrip (ecc.c:1492) ==11657== by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674) ==11657== by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056) ==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7 ==16502== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==16502== by 0x404B4DE: _gcry_private_malloc (stdmem.c:113) ==16502== by 0x404667B: do_malloc (global.c:768) ==16502== by 0x40466E7: _gcry_malloc (global.c:790) ==16502== by 0x4046A55: _gcry_xmalloc (global.c:944) ==16502== by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84) ==16502== by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548) ==16502== by 0x40A72B2: scanval (ecc-curves.c:432) ==16502== by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685) ==16502== by 0x4058164: _gcry_pk_get_curve (pubkey.c:747) ==16502== by 0x4043E14: gcry_pk_get_curve (visibility.c:1067) ==16502== by 0x8048934: check_matching (curves.c:124) Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index dc74ee0..0f622f7 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -575,6 +575,7 @@ _gcry_ecc_update_curve_param (const char *name, return gpg_err_code_from_syserror (); strcpy (stpcpy (stpcpy (buf, "0x04"), domain_parms[idx].g_x+2), domain_parms[idx].g_y+2); + _gcry_mpi_release (*g); *g = scanval (buf); xfree (buf); } @@ -583,13 +584,25 @@ _gcry_ecc_update_curve_param (const char *name, if (dialect) *dialect = domain_parms[idx].dialect; if (p) - *p = scanval (domain_parms[idx].p); + { + _gcry_mpi_release (*p); + *p = scanval (domain_parms[idx].p); + } if (a) - *a = scanval (domain_parms[idx].a); + { + _gcry_mpi_release (*a); + *a = scanval (domain_parms[idx].a); + } if (b) - *b = scanval (domain_parms[idx].b); + { + _gcry_mpi_release (*b); + *b = scanval (domain_parms[idx].b); + } if (n) - *n = scanval (domain_parms[idx].n); + { + _gcry_mpi_release (*n); + *n = scanval (domain_parms[idx].n); + } return 0; } @@ -669,6 +682,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits) for (idx = 0; domain_parms[idx].desc; idx++) { + mpi_free (tmp); tmp = scanval (domain_parms[idx].p); if (!mpi_cmp (tmp, E.p)) { diff --git a/cipher/ecc.c b/cipher/ecc.c index 0e5776c..e0be2d4 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1520,7 +1520,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) &values[0], &values[1], &values[2], &values[3], &values[4]); if (rc) - return rc; + goto leave; } } ----------------------------------------------------------------------- Summary of changes: cipher/ecc-curves.c | 22 ++++++++++++++++++---- cipher/ecc.c | 2 +- tests/basic.c | 6 +++++- tests/benchmark.c | 2 +- tests/keygen.c | 1 + tests/mpitests.c | 1 + tests/t-mpi-point.c | 1 + tests/t-sexp.c | 1 + 8 files changed, 29 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Jan 27 14:30:53 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Jan 2014 14:30:53 +0100 Subject: [PATCH 1/2] Fix memory leaks in ecc code In-Reply-To: <1390605699-21175-1-git-send-email-dbaryshkov@gmail.com> (Dmitry Eremin-Solenikov's message of "Sat, 25 Jan 2014 03:21:38 +0400") References: <1390605699-21175-1-git-send-email-dbaryshkov@gmail.com> Message-ID: <87fvo97drm.fsf@vigenere.g10code.de> On Sat, 25 Jan 2014 00:21, dbaryshkov at gmail.com said: > * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi > values. > * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error > path. > * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi. Thanks. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jan 27 14:42:19 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Jan 2014 14:42:19 +0100 Subject: Libgcrypt threads model In-Reply-To: (Dmitry Eremin-Solenikov's message of "Mon, 13 Jan 2014 14:42:51 +0400") References: <87k3e489uh.fsf@vigenere.g10code.de> Message-ID: <877g9l7d8k.fsf@vigenere.g10code.de> On Mon, 13 Jan 2014 11:42, dbaryshkov at gmail.com said: > It looks so: there is no code for w32 (and for pthread w/o weak symbols). > The ath.c will default to "none" implementation. So the code will work Fixed for Windows in 1.6. For master we are moving stuff to libgpg-error. I have to see what to do about non-ELF/non-Windows platforms. AIX is such a candidate. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jan 27 14:40:10 2014 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Jan 2014 14:40:10 +0100 Subject: [PATCH] Just use m68k for m68k-atari-mint platform In-Reply-To: <52B31752.4010304@fairlite.co.uk> (Alan's message of "Thu, 19 Dec 2013 15:57:06 +0000") References: <52B31752.4010304@fairlite.co.uk> Message-ID: <87bnyx7dc5.fsf@vigenere.g10code.de> On Thu, 19 Dec 2013 16:57, alanh at fairlite.co.uk said: > A small patch to limit the atari build to m68k only. > - path="m68k/mc68020 m68k" > + path="m68k" Can you give me a little bit of background? Building with 68020 has been used for ages: 693d9d2a mpi/config.links \ (Werner Koch 1998-02-16 20:05:00 +0000 263) path="m68k/mc68020 m68k" I think that has been copied from an very old GMP library. What has changed or is it about different Atari models? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From alanh at fairlite.co.uk Mon Jan 27 15:01:51 2014 From: alanh at fairlite.co.uk (Alan Hourihane) Date: Mon, 27 Jan 2014 14:01:51 +0000 Subject: [PATCH] Just use m68k for m68k-atari-mint platform In-Reply-To: <87bnyx7dc5.fsf@vigenere.g10code.de> References: <52B31752.4010304@fairlite.co.uk> <87bnyx7dc5.fsf@vigenere.g10code.de> Message-ID: <52E666CF.9000705@fairlite.co.uk> On 01/27/14 13:40, Werner Koch wrote: > On Thu, 19 Dec 2013 16:57, alanh at fairlite.co.uk said: >> A small patch to limit the atari build to m68k only. >> - path="m68k/mc68020 m68k" >> + path="m68k" > Can you give me a little bit of background? Building with 68020 has > been used for ages: > > 693d9d2a mpi/config.links \ > (Werner Koch 1998-02-16 20:05:00 +0000 263) path="m68k/mc68020 m68k" > > I think that has been copied from an very old GMP library. What has > changed or is it about different Atari models? > It's different Atari models, and there are 68000 versions too. Alan. From cvs at cvs.gnupg.org Mon Jan 27 14:28:26 2014 From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov) Date: Mon, 27 Jan 2014 14:28:26 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-46-g5d23e7b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41 (commit) via f7df906171854b6b6506b82d4fee2c2ebb0327ea (commit) via 79da0358fd555361e1ce4202f55494a8918eb8ae (commit) via bf34bfa5c458ee5ece91f25e3b4194d768498ab6 (commit) via ff91ec934ed52294cddcd7dcfacc04721a0487bf (commit) via 24e65d715812cea28732397870cb1585b8435521 (commit) from 4ad3417acab5021db1f722c314314ce4b781833a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41 Author: Dmitry Eremin-Solenikov Date: Fri Jan 24 15:02:14 2014 +0400 Fix number of blocks passed used in _gcry_rmd160_mixblock * cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform -- Currently _gcry_rmd160_mixblock() passes 64 as nblocks to transform() function, while passing only one block of data. This causes acess after the allocated data and tons of errors on each valgrind invokation. Signed-off-by: Dmitry Eremin-Solenikov This fixes commit 50b8c834. diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 1a58ba6..2aba0fe 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -421,7 +421,7 @@ _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) { char *p = blockof64byte; - transform ( hd, blockof64byte, 64 ); + transform ( hd, blockof64byte, 1 ); #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) X(0); X(1); commit f7df906171854b6b6506b82d4fee2c2ebb0327ea Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Small Windows build tweaks. * configure.ac (HAVE_PTHREAD): Do test when building for Windows. * tests/basic.c: Replace "%zi" by "%z" and a cast to make it work under Windows. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 4d16fc6..6254453 100644 --- a/configure.ac +++ b/configure.ac @@ -729,9 +729,11 @@ AC_SUBST(PTH_LIBS) # # Check whether pthreads is available # -AC_CHECK_LIB(pthread,pthread_create,have_pthread=yes) -if test "$have_pthread" = yes; then - AC_DEFINE(HAVE_PTHREAD, 1 ,[Define if we have pthread.]) +if test "$have_w32_system" != yes; then + AC_CHECK_LIB(pthread,pthread_create,have_pthread=yes) + if test "$have_pthread" = yes; then + AC_DEFINE(HAVE_PTHREAD, 1 ,[Define if we have pthread.]) + fi fi diff --git a/tests/basic.c b/tests/basic.c index 5fd7131..e85e4e1 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -4063,11 +4063,11 @@ check_digests (void) continue; } if (verbose) - fprintf (stderr, " checking %s [%i] for length %zi\n", + fprintf (stderr, " checking %s [%i] for length %d\n", gcry_md_algo_name (algos[i].md), algos[i].md, !strcmp (algos[i].data, "!")? - 1000000 : strlen(algos[i].data)); + 1000000 : (int)strlen(algos[i].data)); check_one_md (algos[i].md, algos[i].data, strlen (algos[i].data), algos[i].expect); @@ -4488,10 +4488,10 @@ check_hmac (void) } if (verbose) fprintf (stderr, - " checking %s [%i] for %zi byte key and %zi byte data\n", + " checking %s [%i] for %d byte key and %d byte data\n", gcry_md_algo_name (algos[i].md), algos[i].md, - strlen(algos[i].key), strlen(algos[i].data)); + (int)strlen(algos[i].key), (int)strlen(algos[i].data)); check_one_hmac (algos[i].md, algos[i].data, strlen (algos[i].data), algos[i].key, strlen(algos[i].key), @@ -5091,10 +5091,10 @@ check_mac (void) } if (verbose) fprintf (stderr, - " checking %s [%i] for %zi byte key and %zi byte data\n", + " checking %s [%i] for %d byte key and %d byte data\n", gcry_mac_algo_name (algos[i].algo), algos[i].algo, - strlen(algos[i].key), strlen(algos[i].data)); + (int)strlen(algos[i].key), (int)strlen(algos[i].data)); check_one_mac (algos[i].algo, algos[i].data, strlen (algos[i].data), algos[i].key, strlen(algos[i].key), algos[i].iv, commit 79da0358fd555361e1ce4202f55494a8918eb8ae Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Update gpg-error autoconf macros to fix threading problems. * m4/gpg-error.m4: Update to version 2014-01-24. * tests/Makefile.am (t_lock_LDADD): Use MT Libs. diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 index eb5d7c4..053eceb 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 @@ -1,5 +1,5 @@ # gpg-error.m4 - autoconf macro to detect libgpg-error. -# Copyright (C) 2002, 2003, 2004 g10 Code GmbH +# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -8,26 +8,33 @@ # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Last-changed: 2014-01-24 + dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS +dnl +dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS, +dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS. The _MT_ variants are +dnl used for programs requireding real multi thread support. dnl AC_DEFUN([AM_PATH_GPG_ERROR], -[ +[ AC_REQUIRE([AC_CANONICAL_HOST]) + gpg_error_config_prefix="" dnl --with-libgpg-error-prefix=PFX is the preferred name for this option, dnl since that is consistent with how our three siblings use the directory/ dnl package name in --with-$dir_name-prefix=PFX. AC_ARG_WITH(libgpg-error-prefix, - AC_HELP_STRING([--with-libgpg-error-prefix=PFX], - [prefix where GPG Error is installed (optional)]), - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + AC_HELP_STRING([--with-libgpg-error-prefix=PFX], + [prefix where GPG Error is installed (optional)]), + [gpg_error_config_prefix="$withval"]) dnl Accept --with-gpg-error-prefix and make it work the same as dnl --with-libgpg-error-prefix above, for backwards compatibility, dnl but do not document this old, inconsistently-named option. AC_ARG_WITH(gpg-error-prefix,, - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + [gpg_error_config_prefix="$withval"]) if test x$gpg_error_config_prefix != x ; then if test x${GPG_ERROR_CONFIG+set} != xset ; then @@ -39,7 +46,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR], min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then req_major=`echo $min_gpg_error_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` req_minor=`echo $min_gpg_error_version | \ @@ -62,12 +70,13 @@ AC_DEFUN([AM_PATH_GPG_ERROR], if test $ok = yes; then GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` + GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null` + GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null` AC_MSG_RESULT([yes ($gpg_error_config_version)]) ifelse([$2], , :, [$2]) - if test x"$host" != x ; then - gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` - if test x"$gpg_error_config_host" != xnone ; then - if test x"$gpg_error_config_host" != x"$host" ; then + gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` + if test x"$gpg_error_config_host" != xnone ; then + if test x"$gpg_error_config_host" != x"$host" ; then AC_MSG_WARN([[ *** *** The config script $GPG_ERROR_CONFIG was @@ -76,15 +85,18 @@ AC_DEFUN([AM_PATH_GPG_ERROR], *** You may want to use the configure option --with-gpg-error-prefix *** to specify a matching config script. ***]]) - fi fi fi else GPG_ERROR_CFLAGS="" GPG_ERROR_LIBS="" + GPG_ERROR_MT_CFLAGS="" + GPG_ERROR_MT_LIBS="" AC_MSG_RESULT(no) ifelse([$3], , :, [$3]) fi AC_SUBST(GPG_ERROR_CFLAGS) AC_SUBST(GPG_ERROR_LIBS) + AC_SUBST(GPG_ERROR_MT_CFLAGS) + AC_SUBST(GPG_ERROR_MT_LIBS) ]) diff --git a/tests/Makefile.am b/tests/Makefile.am index ac5ab70..4cf7a44 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -46,9 +46,9 @@ AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) AM_LDFLAGS = -no-install -default_ldadd = \ +standard_ldadd = \ ../src/libgcrypt.la $(DL_LIBS) \ - ../compat/libcompat.la $(GPG_ERROR_LIBS) + ../compat/libcompat.la EXTRA_PROGRAMS = testapi pkbench noinst_PROGRAMS = $(tests_bin) $(tests_bin_last) fipsdrv rsacvt genhashdata @@ -58,5 +58,6 @@ EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \ pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \ t-ed25519.inp stopwatch.h hashtest-256g.in -LDADD = $(default_ldadd) -t_lock_LDADD = $(default_ldadd) $(LIBMULTITHREAD) +LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) +t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) +t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS) commit bf34bfa5c458ee5ece91f25e3b4194d768498ab6 Author: Dmitry Eremin-Solenikov Date: Fri Jan 24 15:02:15 2014 +0400 tests: Pass -no-install to libtool * tests/Makefile.am: add AM_LDFLAGS = -no-install -- There is little point building tests with support for installation. Passing -no-install stops libtool from building wrapper scripts, thus allowing direct gdb/valgrind invocation on programs in tests/ subdirectory. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/tests/Makefile.am b/tests/Makefile.am index f0a4633..ac5ab70 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -44,6 +44,7 @@ TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1 # a built header. AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) +AM_LDFLAGS = -no-install default_ldadd = \ ../src/libgcrypt.la $(DL_LIBS) \ commit ff91ec934ed52294cddcd7dcfacc04721a0487bf Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 tests: Add a test for the internal locking * src/global.c (external_lock_test): New. (_gcry_vcontrol): Call new function with formerly reserved code 61. * tests/t-common.h: New. Taken from current libgpg-error. * tests/t-lock.c: New. Based on t-lock.c from libgpg-error. * configure.ac (HAVE_PTHREAD): Set macro to 1 if defined. (AC_CHECK_FUNCS): Check for flockfile. * tests/Makefile.am (tests_bin): Add t-lock. (noinst_HEADERS): Add t-common.h (LDADD): Move value to ... (default_ldadd): new. (t_lock_LDADD): New. -- Signed-off-by: Werner Koch (cherry picked from commit fa42c61a84996b6a7574c32233dfd8d9f254d93a) Resolved conflicts: * src/ath.c: Remove as not anymore used in 1.7. * tests/Makefile.am: Merge. Changes: * src/global.c (external_lock_test): Use the gpgrt function for locking. Changed subject because here we are only adding the test case. diff --git a/configure.ac b/configure.ac index 1d5027a..4d16fc6 100644 --- a/configure.ac +++ b/configure.ac @@ -731,7 +731,7 @@ AC_SUBST(PTH_LIBS) # AC_CHECK_LIB(pthread,pthread_create,have_pthread=yes) if test "$have_pthread" = yes; then - AC_DEFINE(HAVE_PTHREAD, ,[Define if we have pthread.]) + AC_DEFINE(HAVE_PTHREAD, 1 ,[Define if we have pthread.]) fi @@ -1364,7 +1364,7 @@ AC_CHECK_FUNCS(strtoul memmove stricmp atexit raise) # Other checks AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4) AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog) -AC_CHECK_FUNCS(fcntl ftruncate) +AC_CHECK_FUNCS(fcntl ftruncate flockfile) GNUPG_CHECK_MLOCK diff --git a/src/global.c b/src/global.c index b2b1de6..ec0cc3f 100644 --- a/src/global.c +++ b/src/global.c @@ -66,6 +66,8 @@ static gcry_handler_no_mem_t outofcore_handler; static void *outofcore_handler_value; static int no_secure_memory; +/* Prototypes. */ +static gpg_err_code_t external_lock_test (int cmd); @@ -607,7 +609,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) _gcry_random_deinit_external_test (ctx); } break; - case 61: /* RFU */ + case 61: /* Run external lock test */ + rc = external_lock_test (va_arg (arg_ptr, int)); break; case 62: /* RFU */ break; @@ -1108,3 +1111,48 @@ _gcry_set_progress_handler (void (*cb)(void *,const char*,int, int, int), _gcry_register_primegen_progress (cb, cb_data); _gcry_register_random_progress (cb, cb_data); } + + + +/* This is a helper for the regression test suite to test Libgcrypt's locks. + It works using a one test lock with CMD controlling what to do: + + 30111 - Allocate and init lock + 30112 - Take lock + 30113 - Release lock + 30114 - Destroy lock. + + This function is used by tests/t-lock.c - it is not part of the + public API! + */ +static gpg_err_code_t +external_lock_test (int cmd) +{ + GPGRT_LOCK_DEFINE (testlock); + gpg_err_code_t rc = 0; + + switch (cmd) + { + case 30111: /* Init Lock. */ + rc = gpgrt_lock_init (&testlock); + break; + + case 30112: /* Take Lock. */ + rc = gpgrt_lock_lock (&testlock); + break; + + case 30113: /* Release Lock. */ + rc = gpgrt_lock_unlock (&testlock); + break; + + case 30114: /* Destroy Lock. */ + rc = gpgrt_lock_destroy (&testlock); + break; + + default: + rc = GPG_ERR_INV_OP; + break; + } + + return rc; +} diff --git a/tests/Makefile.am b/tests/Makefile.am index 884fb3d..f0a4633 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -20,7 +20,7 @@ tests_bin = \ version mpitests t-sexp t-convert \ - t-mpi-bit t-mpi-point curves \ + t-mpi-bit t-mpi-point curves t-lock \ prime basic keygen pubkey hmac hashtest t-kdf keygrip \ fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 t-ed25519 @@ -45,11 +45,17 @@ TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1 AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) -LDADD = ../src/libgcrypt.la $(DL_LIBS) ../compat/libcompat.la $(GPG_ERROR_LIBS) +default_ldadd = \ + ../src/libgcrypt.la $(DL_LIBS) \ + ../compat/libcompat.la $(GPG_ERROR_LIBS) EXTRA_PROGRAMS = testapi pkbench noinst_PROGRAMS = $(tests_bin) $(tests_bin_last) fipsdrv rsacvt genhashdata +noinst_HEADERS = t-common.h EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \ pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \ t-ed25519.inp stopwatch.h hashtest-256g.in + +LDADD = $(default_ldadd) +t_lock_LDADD = $(default_ldadd) $(LIBMULTITHREAD) diff --git a/tests/t-common.h b/tests/t-common.h new file mode 100644 index 0000000..288963d --- /dev/null +++ b/tests/t-common.h @@ -0,0 +1,99 @@ +/* t-common.h - Common code for the tests. + * Copyright (C) 2013 g10 Code GmbH + * + * This file is part of libgpg-error. + * + * libgpg-error is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * libgpg-error is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#include "../src/gcrypt.h" + +#ifndef PGM +# error Macro PGM not defined. +#endif + + +static int verbose; +static int debug; +static int errorcount; + + +static void +die (const char *format, ...) +{ + va_list arg_ptr ; + + fflush (stdout); +#ifdef HAVE_FLOCKFILE + flockfile (stderr); +#endif + fprintf (stderr, "%s: ", PGM); + va_start (arg_ptr, format) ; + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + if (*format && format[strlen(format)-1] != '\n') + putc ('\n', stderr); +#ifdef HAVE_FLOCKFILE + funlockfile (stderr); +#endif + exit (1); +} + + +static void +fail (const char *format, ...) +{ + va_list arg_ptr; + + fflush (stdout); +#ifdef HAVE_FLOCKFILE + flockfile (stderr); +#endif + fprintf (stderr, "%s: ", PGM); + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + if (*format && format[strlen(format)-1] != '\n') + putc ('\n', stderr); +#ifdef HAVE_FLOCKFILE + funlockfile (stderr); +#endif + errorcount++; + if (errorcount >= 50) + die ("stopped after 50 errors."); +} + + +static void +show (const char *format, ...) +{ + va_list arg_ptr; + + if (!verbose) + return; +#ifdef HAVE_FLOCKFILE + flockfile (stderr); +#endif + fprintf (stderr, "%s: ", PGM); + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + if (*format && format[strlen(format)-1] != '\n') + putc ('\n', stderr); + va_end (arg_ptr); +#ifdef HAVE_FLOCKFILE + funlockfile (stderr); +#endif +} diff --git a/tests/t-lock.c b/tests/t-lock.c new file mode 100644 index 0000000..c6c1e41 --- /dev/null +++ b/tests/t-lock.c @@ -0,0 +1,460 @@ +/* t-lock.c - Check the lock functions + * Copyright (C) 2014 g10 Code GmbH + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#if HAVE_CONFIG_H +# include +#endif + +#include +#include +#include +#include +#include +#include +#if HAVE_PTHREAD +# include +#endif + +#define PGM "t-lock" + +#include "t-common.h" + +/* Mingw requires us to include windows.h after winsock2.h which is + included by gcrypt.h. */ +#ifdef _WIN32 +# include +#endif + +#ifdef _WIN32 +# define THREAD_RET_TYPE DWORD WINAPI +# define THREAD_RET_VALUE 0 +#else +# define THREAD_RET_TYPE void * +# define THREAD_RET_VALUE NULL +#endif + +#define PRIV_CTL_EXTERNAL_LOCK_TEST 61 +#define EXTERNAL_LOCK_TEST_INIT 30111 +#define EXTERNAL_LOCK_TEST_LOCK 30112 +#define EXTERNAL_LOCK_TEST_UNLOCK 30113 +#define EXTERNAL_LOCK_TEST_DESTROY 30114 + + +/* Number of threads to run. */ +#define N_NONCE_THREADS 8 +/* Number of interations. */ +#define N_NONCE_ITERATIONS 1000 +/* Requested nonce size. */ +#define NONCE_SIZE 11 + + +/* This tests works by having a a couple of accountant threads which do + random transactions between accounts and a revision threads which + checks that the balance of all accounts is invariant. The idea for + this check is due to Bruno Haible. */ +#define N_ACCOUNT 8 +#define ACCOUNT_VALUE 42 +static int account[N_ACCOUNT]; + +/* Number of transactions done by each accountant. */ +#define N_TRANSACTIONS 1000 + +/* Number of accountants to run. */ +#define N_ACCOUNTANTS 5 + +/* Maximum transaction value. A quite low value is used so that we + would get an integer overflow. */ +#define MAX_TRANSACTION_VALUE 50 + +/* Flag to tell the revision thread to finish. */ +static volatile int stop_revision_thread; + + +struct thread_arg_s +{ + int no; +}; + + + + +/* Wrapper functions to access Libgcrypt's internal test lock. */ +static void +external_lock_test_init (int line) +{ + gpg_error_t err; + + err = gcry_control (PRIV_CTL_EXTERNAL_LOCK_TEST, EXTERNAL_LOCK_TEST_INIT); + if (err) + fail ("init lock failed at %d: %s", line, gpg_strerror (err)); +} + +static void +external_lock_test_lock (int line) +{ + gpg_error_t err; + + err = gcry_control (PRIV_CTL_EXTERNAL_LOCK_TEST, EXTERNAL_LOCK_TEST_LOCK); + if (err) + fail ("taking lock failed at %d: %s", line, gpg_strerror (err)); +} + +static void +external_lock_test_unlock (int line) +{ + gpg_error_t err; + + err = gcry_control (PRIV_CTL_EXTERNAL_LOCK_TEST, EXTERNAL_LOCK_TEST_UNLOCK); + if (err) + fail ("releasing lock failed at %d: %s", line, gpg_strerror (err)); + +} + +static void +external_lock_test_destroy (int line) +{ + gpg_error_t err; + + err = gcry_control (PRIV_CTL_EXTERNAL_LOCK_TEST, EXTERNAL_LOCK_TEST_DESTROY); + if (err) + fail ("destroying lock failed at %d: %s", line, gpg_strerror (err)); +} + + + + +/* The nonce thread. We simply request a couple of nonces and + return. */ +static THREAD_RET_TYPE +nonce_thread (void *argarg) +{ + struct thread_arg_s *arg = argarg; + int i; + char nonce[NONCE_SIZE]; + + for (i = 0; i < N_NONCE_ITERATIONS; i++) + { + gcry_create_nonce (nonce, sizeof nonce); + if (i && !(i%100)) + show ("thread %d created %d nonces so far", arg->no, i); + } + + gcry_free (arg); + return THREAD_RET_VALUE; +} + + +/* To check our locking function we run several threads all accessing + the nonce functions. If this function returns we know that there + are no obvious deadlocks or failed lock initialization. */ +static void +check_nonce_lock (void) +{ + struct thread_arg_s *arg; +#ifdef _WIN32 + HANDLE threads[N_NONCE_THREADS]; + int i; + int rc; + + for (i=0; i < N_NONCE_THREADS; i++) + { + arg = gcry_xmalloc (sizeof *arg); + arg->no = i; + threads[i] = CreateThread (NULL, 0, nonce_thread, arg, 0, NULL); + if (!threads[i]) + die ("error creating nonce thread %d: rc=%d", + i, (int)GetLastError ()); + } + + for (i=0; i < N_NONCE_THREADS; i++) + { + rc = WaitForSingleObject (threads[i], INFINITE); + if (rc == WAIT_OBJECT_0) + show ("nonce thread %d has terminated", i); + else + fail ("waiting for nonce thread %d failed: %d", + i, (int)GetLastError ()); + CloseHandle (threads[i]); + } + +#elif HAVE_PTHREAD + pthread_t threads[N_NONCE_THREADS]; + int rc, i; + + for (i=0; i < N_NONCE_THREADS; i++) + { + arg = gcry_xmalloc (sizeof *arg); + arg->no = i; + pthread_create (&threads[i], NULL, nonce_thread, arg); + } + + for (i=0; i < N_NONCE_THREADS; i++) + { + rc = pthread_join (threads[i], NULL); + if (rc) + fail ("pthread_join failed for nonce thread %d: %s", + i, strerror (errno)); + else + show ("nonce thread %d has terminated", i); + } + +#endif /*!_WIN32*/ +} + + +/* Initialze all accounts. */ +static void +init_accounts (void) +{ + int i; + + for (i=0; i < N_ACCOUNT; i++) + account[i] = ACCOUNT_VALUE; +} + + +/* Check that the sum of all accounts matches the intial sum. */ +static void +check_accounts (void) +{ + int i, sum; + + sum = 0; + for (i = 0; i < N_ACCOUNT; i++) + sum += account[i]; + if (sum != N_ACCOUNT * ACCOUNT_VALUE) + die ("accounts out of balance"); +} + + +static void +print_accounts (void) +{ + int i; + + for (i=0; i < N_ACCOUNT; i++) + printf ("account %d: %6d\n", i, account[i]); +} + + +/* Get a a random integer value in the range 0 to HIGH. */ +static unsigned int +get_rand (int high) +{ + return (unsigned int)(1+(int)((double)(high+1)*rand ()/(RAND_MAX+1.0))) - 1; +} + + +/* Pick a random account. Note that this fucntion is not + thread-safe. */ +static int +pick_account (void) +{ + return get_rand (N_ACCOUNT - 1); +} + + +/* Pick a random value for a transaction. This is not thread-safe. */ +static int +pick_value (void) +{ + return get_rand (MAX_TRANSACTION_VALUE); +} + + +/* This is the revision department. */ +static THREAD_RET_TYPE +revision_thread (void *arg) +{ + (void)arg; + + while (!stop_revision_thread) + { + external_lock_test_lock (__LINE__); + check_accounts (); + external_lock_test_unlock (__LINE__); + } + return THREAD_RET_VALUE; +} + + +/* This is one of our accountants. */ +static THREAD_RET_TYPE +accountant_thread (void *arg) +{ + int i; + int acc1, acc2; + int value; + + (void)arg; + + for (i = 0; i < N_TRANSACTIONS; i++) + { + external_lock_test_lock (__LINE__); + acc1 = pick_account (); + acc2 = pick_account (); + value = pick_value (); + account[acc1] += value; + account[acc2] -= value; + external_lock_test_unlock (__LINE__); + } + return THREAD_RET_VALUE; +} + + +static void +run_test (void) +{ +#ifdef _WIN32 + HANDLE rthread; + HANDLE athreads[N_ACCOUNTANTS]; + int i; + int rc; + + external_lock_test_init (__LINE__); + stop_revision_thread = 0; + rthread = CreateThread (NULL, 0, revision_thread, NULL, 0, NULL); + if (!rthread) + die ("error creating revision thread: rc=%d", (int)GetLastError ()); + + for (i=0; i < N_ACCOUNTANTS; i++) + { + athreads[i] = CreateThread (NULL, 0, accountant_thread, NULL, 0, NULL); + if (!athreads[i]) + die ("error creating accountant thread %d: rc=%d", + i, (int)GetLastError ()); + } + + for (i=0; i < N_ACCOUNTANTS; i++) + { + rc = WaitForSingleObject (athreads[i], INFINITE); + if (rc == WAIT_OBJECT_0) + show ("accountant thread %d has terminated", i); + else + fail ("waiting for accountant thread %d failed: %d", + i, (int)GetLastError ()); + CloseHandle (athreads[i]); + } + stop_revision_thread = 1; + + rc = WaitForSingleObject (rthread, INFINITE); + if (rc == WAIT_OBJECT_0) + show ("revision thread has terminated"); + else + fail ("waiting for revision thread failed: %d", (int)GetLastError ()); + CloseHandle (rthread); + +#else /*!_WIN32*/ + pthread_t rthread; + pthread_t athreads[N_ACCOUNTANTS]; + int rc, i; + + external_lock_test_init (__LINE__); + stop_revision_thread = 0; + pthread_create (&rthread, NULL, revision_thread, NULL); + + for (i=0; i < N_ACCOUNTANTS; i++) + pthread_create (&athreads[i], NULL, accountant_thread, NULL); + + for (i=0; i < N_ACCOUNTANTS; i++) + { + rc = pthread_join (athreads[i], NULL); + if (rc) + fail ("pthread_join failed for accountant thread %d: %s", + i, strerror (errno)); + else + show ("accountant thread %d has terminated", i); + } + + stop_revision_thread = 1; + rc = pthread_join (rthread, NULL); + if (rc) + fail ("pthread_join failed for the revision thread: %s", strerror (errno)); + else + show ("revision thread has terminated"); + +#endif /*!_WIN32*/ + + external_lock_test_destroy (__LINE__); +} + + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + + if (argc) + { + argc--; argv++; + } + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--help")) + { + puts ( +"usage: ./t-lock [options]\n" +"\n" +"Options:\n" +" --verbose Show what is going on\n" +" --debug Flyswatter\n" +); + exit (0); + } + if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose = debug = 1; + argc--; argv++; + } + } + + srand (time(NULL)*getpid()); + + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch"); + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + + check_nonce_lock (); + + init_accounts (); + check_accounts (); + + run_test (); + check_accounts (); + + /* Run a second time to check deinit code. */ + run_test (); + check_accounts (); + + if (verbose) + print_accounts (); + + return errorcount ? 1 : 0; +} commit 24e65d715812cea28732397870cb1585b8435521 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 Check compiler features only for the relevant platform. * mpi/config.links (mpi_cpu_arch): Always set for ARM. Set for HPPA. Set to "undefined" for unknown platforms. (try_asm_modules): Act upon only after having detected the CPU. * configure.ac: Move the call to config.links before the platform specific compiler checks. Check platform specific features only if the platform is targeted. -- There is no need to check x86 options if we are targeting ARM and vice versa. This may only introduce build problems. With this patch the summary output at the end of the compiler also shows more reasonable messages. Signed-off-by: Werner Koch (cherry picked from commit 04d478d9b0f92d80105ddaf2c011f40ae8260cfb) diff --git a/configure.ac b/configure.ac index c3ab96f..1d5027a 100644 --- a/configure.ac +++ b/configure.ac @@ -575,10 +575,6 @@ AC_ARG_ENABLE(padlock-support, [Disable support for the PadLock Engine of VIA processors]), padlocksupport=$enableval,padlocksupport=yes) AC_MSG_RESULT($padlocksupport) -if test x"$padlocksupport" = xyes ; then - AC_DEFINE(ENABLE_PADLOCK_SUPPORT, 1, - [Enable support for the PadLock engine.]) -fi # Implementation of the --disable-aesni-support switch. AC_MSG_CHECKING([whether AESNI support is requested]) @@ -603,10 +599,6 @@ AC_ARG_ENABLE(drng-support, [Disable support for the Intel DRNG (RDRAND instruction)]), drngsupport=$enableval,drngsupport=yes) AC_MSG_RESULT($drngsupport) -if test x"$drngsupport" = xyes ; then - AC_DEFINE(ENABLE_DRNG_SUPPORT, 1, - [Enable support for Intel DRNG (RDRAND instruction).]) -fi # Implementation of the --disable-avx-support switch. AC_MSG_CHECKING([whether AVX support is requested]) @@ -995,19 +987,121 @@ fi # +# Check whether GCC assembler supports features needed for our ARM +# implementations. This needs to be done before setting up the +# assembler stuff. +# +AC_CACHE_CHECK([whether GCC assembler is compatible for ARM assembly implementations], + [gcry_cv_gcc_arm_platform_as_ok], + [gcry_cv_gcc_arm_platform_as_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__( + /* Test if assembler supports UAL syntax. */ + ".syntax unified\n\t" + ".arm\n\t" /* our assembly code is in ARM mode */ + /* Following causes error if assembler ignored '.syntax unified'. */ + "asmfunc:\n\t" + "add %r0, %r0, %r4, ror #12;\n\t" + + /* Test if '.type' and '.size' are supported. */ + ".size asmfunc,.-asmfunc;\n\t" + ".type asmfunc,%function;\n\t" + );]])], + [gcry_cv_gcc_arm_platform_as_ok=yes])]) +if test "$gcry_cv_gcc_arm_platform_as_ok" = "yes" ; then + AC_DEFINE(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS,1, + [Defined if underlying assembler is compatible with ARM assembly implementations]) +fi + + +# +# Check whether underscores in symbols are required. This needs to be +# done before setting up the assembler stuff. +# +GNUPG_SYS_SYMBOL_UNDERSCORE() + + +################################# +#### #### +#### Setup assembler stuff. #### +#### Define mpi_cpu_arch. #### +#### #### +################################# +AC_ARG_ENABLE(mpi-path, + AC_HELP_STRING([--enable-mpi-path=EXTRA_PATH], + [prepend EXTRA_PATH to list of CPU specific optimizations]), + mpi_extra_path="$enableval",mpi_extra_path="") +AC_MSG_CHECKING(architecture and mpi assembler functions) +if test -f $srcdir/mpi/config.links ; then + . $srcdir/mpi/config.links + AC_CONFIG_LINKS("$mpi_ln_list") + ac_cv_mpi_sflags="$mpi_sflags" + AC_MSG_RESULT($mpi_cpu_arch) +else + AC_MSG_RESULT(failed) + AC_MSG_ERROR([mpi/config.links missing!]) +fi +MPI_SFLAGS="$ac_cv_mpi_sflags" +AC_SUBST(MPI_SFLAGS) + +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_ADD1, test "$mpi_mod_asm_mpih_add1" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_SUB1, test "$mpi_mod_asm_mpih_sub1" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_MUL1, test "$mpi_mod_asm_mpih_mul1" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_MUL2, test "$mpi_mod_asm_mpih_mul2" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_MUL3, test "$mpi_mod_asm_mpih_mul3" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_LSHIFT, test "$mpi_mod_asm_mpih_lshift" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_MPIH_RSHIFT, test "$mpi_mod_asm_mpih_rshift" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_UDIV, test "$mpi_mod_asm_udiv" = yes) +AM_CONDITIONAL(MPI_MOD_ASM_UDIV_QRNND, test "$mpi_mod_asm_udiv_qrnnd" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_ADD1, test "$mpi_mod_c_mpih_add1" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_SUB1, test "$mpi_mod_c_mpih_sub1" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_MUL1, test "$mpi_mod_c_mpih_mul1" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_MUL2, test "$mpi_mod_c_mpih_mul2" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_MUL3, test "$mpi_mod_c_mpih_mul3" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_LSHIFT, test "$mpi_mod_c_mpih_lshift" = yes) +AM_CONDITIONAL(MPI_MOD_C_MPIH_RSHIFT, test "$mpi_mod_c_mpih_rshift" = yes) +AM_CONDITIONAL(MPI_MOD_C_UDIV, test "$mpi_mod_c_udiv" = yes) +AM_CONDITIONAL(MPI_MOD_C_UDIV_QRNND, test "$mpi_mod_c_udiv_qrnnd" = yes) + +# Reset non applicable feature flags. +if test "$mpi_cpu_arch" != "x86" ; then + aesnisupport="n/a" + pclmulsupport="n/a" + avxsupport="n/a" + avx2support="n/a" + padlocksupport="n/a" + drngsupport="n/a" +fi + +if test "$mpi_cpu_arch" != "arm" ; then + neonsupport="n/a" +fi + + +############################################# +#### #### +#### Platform specific compiler checks. #### +#### #### +############################################# + +# # Check whether GCC inline assembler supports SSSE3 instructions # This is required for the AES-NI instructions. # AC_CACHE_CHECK([whether GCC inline assembler supports SSSE3 instructions], [gcry_cv_gcc_inline_asm_ssse3], - [gcry_cv_gcc_inline_asm_ssse3=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_ssse3="n/a" + else + gcry_cv_gcc_inline_asm_ssse3=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[static unsigned char be_mask[16] __attribute__ ((aligned (16))) = { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; void a(void) { __asm__("pshufb %[mask], %%xmm2\n\t"::[mask]"m"(*be_mask):); }]])], - [gcry_cv_gcc_inline_asm_ssse3=yes])]) + [gcry_cv_gcc_inline_asm_ssse3=yes]) + fi]) if test "$gcry_cv_gcc_inline_asm_ssse3" = "yes" ; then AC_DEFINE(HAVE_GCC_INLINE_ASM_SSSE3,1, [Defined if inline assembler supports SSSE3 instructions]) @@ -1019,12 +1113,16 @@ fi # AC_CACHE_CHECK([whether GCC inline assembler supports PCLMUL instructions], [gcry_cv_gcc_inline_asm_pclmul], - [gcry_cv_gcc_inline_asm_pclmul=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_pclmul="n/a" + else + gcry_cv_gcc_inline_asm_pclmul=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { __asm__("pclmulqdq \$0, %%xmm1, %%xmm3\n\t":::"cc"); }]])], - [gcry_cv_gcc_inline_asm_pclmul=yes])]) + [gcry_cv_gcc_inline_asm_pclmul=yes]) + fi]) if test "$gcry_cv_gcc_inline_asm_pclmul" = "yes" ; then AC_DEFINE(HAVE_GCC_INLINE_ASM_PCLMUL,1, [Defined if inline assembler supports PCLMUL instructions]) @@ -1036,12 +1134,16 @@ fi # AC_CACHE_CHECK([whether GCC inline assembler supports AVX instructions], [gcry_cv_gcc_inline_asm_avx], - [gcry_cv_gcc_inline_asm_avx=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_avx="n/a" + else + gcry_cv_gcc_inline_asm_avx=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { __asm__("xgetbv; vaesdeclast (%[mem]),%%xmm0,%%xmm7\n\t"::[mem]"r"(0):); }]])], - [gcry_cv_gcc_inline_asm_avx=yes])]) + [gcry_cv_gcc_inline_asm_avx=yes]) + fi]) if test "$gcry_cv_gcc_inline_asm_avx" = "yes" ; then AC_DEFINE(HAVE_GCC_INLINE_ASM_AVX,1, [Defined if inline assembler supports AVX instructions]) @@ -1053,12 +1155,16 @@ fi # AC_CACHE_CHECK([whether GCC inline assembler supports AVX2 instructions], [gcry_cv_gcc_inline_asm_avx2], - [gcry_cv_gcc_inline_asm_avx2=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_avx2="n/a" + else + gcry_cv_gcc_inline_asm_avx2=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { __asm__("xgetbv; vpbroadcastb %%xmm7,%%ymm1\n\t":::"cc"); }]])], - [gcry_cv_gcc_inline_asm_avx2=yes])]) + [gcry_cv_gcc_inline_asm_avx2=yes]) + fi]) if test "$gcry_cv_gcc_inline_asm_avx2" = "yes" ; then AC_DEFINE(HAVE_GCC_INLINE_ASM_AVX2,1, [Defined if inline assembler supports AVX2 instructions]) @@ -1070,12 +1176,16 @@ fi # AC_CACHE_CHECK([whether GCC inline assembler supports BMI2 instructions], [gcry_cv_gcc_inline_asm_bmi2], - [gcry_cv_gcc_inline_asm_bmi2=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_bmi2="n/a" + else + gcry_cv_gcc_inline_asm_bmi2=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { __asm__("rorxl \$23, %%eax, %%edx\\n\\t":::"memory"); }]])], - [gcry_cv_gcc_inline_asm_bmi2=yes])]) + [gcry_cv_gcc_inline_asm_bmi2=yes]) + fi]) if test "$gcry_cv_gcc_inline_asm_bmi2" = "yes" ; then AC_DEFINE(HAVE_GCC_INLINE_ASM_BMI2,1, [Defined if inline assembler supports BMI2 instructions]) @@ -1120,8 +1230,11 @@ fi if test $amd64_as_feature_detection = yes; then AC_CACHE_CHECK([whether GCC assembler is compatible for amd64 assembly implementations], [gcry_cv_gcc_amd64_platform_as_ok], - [gcry_cv_gcc_amd64_platform_as_ok=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_amd64_platform_as_ok="n/a" + else + gcry_cv_gcc_amd64_platform_as_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[__asm__( /* Test if '.type' and '.size' are supported. */ /* These work only on ELF targets. */ @@ -1137,7 +1250,8 @@ if test $amd64_as_feature_detection = yes; then * to be disable on this machine. */ "xorl \$(123456789/12345678), %ebp;\n\t" );]])], - [gcry_cv_gcc_amd64_platform_as_ok=yes])]) + [gcry_cv_gcc_amd64_platform_as_ok=yes]) + fi]) if test "$gcry_cv_gcc_amd64_platform_as_ok" = "yes" ; then AC_DEFINE(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS,1, [Defined if underlying assembler is compatible with amd64 assembly implementations]) @@ -1151,8 +1265,11 @@ fi # AC_CACHE_CHECK([whether GCC assembler is compatible for Intel syntax assembly implementations], [gcry_cv_gcc_platform_as_ok_for_intel_syntax], - [gcry_cv_gcc_platform_as_ok_for_intel_syntax=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_platform_as_ok_for_intel_syntax="n/a" + else + gcry_cv_gcc_platform_as_ok_for_intel_syntax=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[__asm__( ".intel_syntax noprefix\n\t" "pxor xmm1, xmm7;\n\t" @@ -1172,7 +1289,8 @@ AC_CACHE_CHECK([whether GCC assembler is compatible for Intel syntax assembly im "add VAL_A, VAL_B;\n\t" "add VAL_B, 0b10101;\n\t" );]])], - [gcry_cv_gcc_platform_as_ok_for_intel_syntax=yes])]) + [gcry_cv_gcc_platform_as_ok_for_intel_syntax=yes]) + fi]) if test "$gcry_cv_gcc_platform_as_ok_for_intel_syntax" = "yes" ; then AC_DEFINE(HAVE_INTEL_SYNTAX_PLATFORM_AS,1, [Defined if underlying assembler is compatible with Intel syntax assembly implementations]) @@ -1184,7 +1302,10 @@ fi # AC_CACHE_CHECK([whether compiler is configured for ARMv6 or newer architecture], [gcry_cv_cc_arm_arch_is_v6], - [AC_EGREP_CPP(yes, + [if test "$mpi_cpu_arch" != "arm" ; then + gcry_cv_cc_arm_arch_is_v6="n/a" + else + AC_EGREP_CPP(yes, [#if defined(__arm__) && \ ((defined(__ARM_ARCH) && __ARM_ARCH >= 6) \ || defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) \ @@ -1195,7 +1316,8 @@ AC_CACHE_CHECK([whether compiler is configured for ARMv6 or newer architecture], || defined(__ARM_ARCH_7EM__)) yes #endif - ], gcry_cv_cc_arm_arch_is_v6=yes, gcry_cv_cc_arm_arch_is_v6=no)]) + ], gcry_cv_cc_arm_arch_is_v6=yes, gcry_cv_cc_arm_arch_is_v6=no) + fi]) if test "$gcry_cv_cc_arm_arch_is_v6" = "yes" ; then AC_DEFINE(HAVE_ARM_ARCH_V6,1, [Defined if ARM architecture is v6 or newer]) @@ -1207,8 +1329,11 @@ fi # AC_CACHE_CHECK([whether GCC inline assembler supports NEON instructions], [gcry_cv_gcc_inline_asm_neon], - [gcry_cv_gcc_inline_asm_neon=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [if test "$mpi_cpu_arch" != "arm" ; then + gcry_cv_gcc_inline_asm_neon="n/a" + else + gcry_cv_gcc_inline_asm_neon=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[__asm__( ".syntax unified\n\t" ".thumb\n\t" @@ -1219,40 +1344,14 @@ AC_CACHE_CHECK([whether GCC inline assembler supports NEON instructions], "vadd.s64 %d3, %d2, %d3;\n\t" ); ]])], - [gcry_cv_gcc_inline_asm_neon=yes])]) + [gcry_cv_gcc_inline_asm_neon=yes]) + fi]) if test "$gcry_cv_gcc_inline_asm_neon" = "yes" ; then AC_DEFINE(HAVE_GCC_INLINE_ASM_NEON,1, [Defined if inline assembler supports NEON instructions]) fi -# -# Check whether GCC assembler supports features needed for our ARM -# implementations -# -AC_CACHE_CHECK([whether GCC assembler is compatible for ARM assembly implementations], - [gcry_cv_gcc_arm_platform_as_ok], - [gcry_cv_gcc_arm_platform_as_ok=no - AC_COMPILE_IFELSE([AC_LANG_SOURCE( - [[__asm__( - /* Test if assembler supports UAL syntax. */ - ".syntax unified\n\t" - ".arm\n\t" /* our assembly code is in ARM mode */ - /* Following causes error if assembler ignored '.syntax unified'. */ - "asmfunc:\n\t" - "add %r0, %r0, %r4, ror #12;\n\t" - - /* Test if '.type' and '.size' are supported. */ - ".size asmfunc,.-asmfunc;\n\t" - ".type asmfunc,%function;\n\t" - );]])], - [gcry_cv_gcc_arm_platform_as_ok=yes])]) -if test "$gcry_cv_gcc_arm_platform_as_ok" = "yes" ; then - AC_DEFINE(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS,1, - [Defined if underlying assembler is compatible with ARM assembly implementations]) -fi - - ####################################### #### Checks for library functions. #### ####################################### @@ -1368,48 +1467,8 @@ fi # -# Setup assembler stuff. -# -# Note that config.links also defines mpi_cpu_arch, which is required -# later on. +# Other defines # -GNUPG_SYS_SYMBOL_UNDERSCORE() -AC_ARG_ENABLE(mpi-path, - AC_HELP_STRING([--enable-mpi-path=EXTRA_PATH], - [prepend EXTRA_PATH to list of CPU specific optimizations]), - mpi_extra_path="$enableval",mpi_extra_path="") -AC_MSG_CHECKING(for mpi assembler functions) -if test -f $srcdir/mpi/config.links ; then - . $srcdir/mpi/config.links - AC_CONFIG_LINKS("$mpi_ln_list") - ac_cv_mpi_sflags="$mpi_sflags" - AC_MSG_RESULT(done) -else - AC_MSG_RESULT(failed) - AC_MSG_ERROR([mpi/config.links missing!]) -fi -MPI_SFLAGS="$ac_cv_mpi_sflags" -AC_SUBST(MPI_SFLAGS) - -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_ADD1, test "$mpi_mod_asm_mpih_add1" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_SUB1, test "$mpi_mod_asm_mpih_sub1" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_MUL1, test "$mpi_mod_asm_mpih_mul1" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_MUL2, test "$mpi_mod_asm_mpih_mul2" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_MUL3, test "$mpi_mod_asm_mpih_mul3" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_LSHIFT, test "$mpi_mod_asm_mpih_lshift" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_MPIH_RSHIFT, test "$mpi_mod_asm_mpih_rshift" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_UDIV, test "$mpi_mod_asm_udiv" = yes) -AM_CONDITIONAL(MPI_MOD_ASM_UDIV_QRNND, test "$mpi_mod_asm_udiv_qrnnd" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_ADD1, test "$mpi_mod_c_mpih_add1" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_SUB1, test "$mpi_mod_c_mpih_sub1" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_MUL1, test "$mpi_mod_c_mpih_mul1" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_MUL2, test "$mpi_mod_c_mpih_mul2" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_MUL3, test "$mpi_mod_c_mpih_mul3" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_LSHIFT, test "$mpi_mod_c_mpih_lshift" = yes) -AM_CONDITIONAL(MPI_MOD_C_MPIH_RSHIFT, test "$mpi_mod_c_mpih_rshift" = yes) -AM_CONDITIONAL(MPI_MOD_C_UDIV, test "$mpi_mod_c_udiv" = yes) -AM_CONDITIONAL(MPI_MOD_C_UDIV_QRNND, test "$mpi_mod_c_udiv_qrnnd" = yes) - if test mym4_isgit = "yes"; then AC_DEFINE(IS_DEVELOPMENT_VERSION,1, [Defined if this is not a regular release]) @@ -1538,6 +1597,14 @@ if test x"$neonsupport" = xyes ; then AC_DEFINE(ENABLE_NEON_SUPPORT,1, [Enable support for ARM NEON instructions.]) fi +if test x"$padlocksupport" = xyes ; then + AC_DEFINE(ENABLE_PADLOCK_SUPPORT, 1, + [Enable support for the PadLock engine.]) +fi +if test x"$drngsupport" = xyes ; then + AC_DEFINE(ENABLE_DRNG_SUPPORT, 1, + [Enable support for Intel DRNG (RDRAND instruction).]) +fi # Define conditional sources and config.h symbols depending on the diff --git a/mpi/config.links b/mpi/config.links index a79b03b..57e6c2a 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -21,6 +21,10 @@ # sourced by ../configure to get the list of files to link # this should set $mpi_ln_list. # Note: this is called from the above directory. +# +# Reguired variables: +# $ac_cv_sys_symbol_underscore +# $gcry_cv_gcc_arm_platform_as_ok mpi_sflags= mpi_extra_modules= @@ -39,7 +43,6 @@ mpi_optional_modules=`$AWK '/^#BEGIN_ASM_LIST/,/^#END_ASM_LIST/ { echo '/* created by config.links - do not edit */' >./mpi/asm-syntax.h echo "/* Host: ${host} */" >>./mpi/asm-syntax.h -if test "$try_asm_modules" = "yes" ; then case "${host}" in powerpc-apple-darwin* | \ i[34567]86*-*-openbsd[12]* | \ @@ -142,10 +145,10 @@ case "${host}" in mpi_cpu_arch="aarch64" ;; arm*-*-*) + mpi_cpu_arch="arm" if test "$gcry_cv_gcc_arm_platform_as_ok" = "yes" ; then echo '/* configured for arm */' >>./mpi/asm-syntax.h path="arm" - mpi_cpu_arch="arm" else echo '/* No assembler modules configured */' >>./mpi/asm-syntax.h path="" @@ -155,16 +158,19 @@ case "${host}" in echo '/* configured for HPPA (pa7000) */' >>./mpi/asm-syntax.h path="hppa1.1 hppa" mpi_extra_modules="udiv-qrnnd" + mpi_cpu_arch="hppa" ;; hppa1.0*-*-*) echo '/* configured for HPPA 1.0 */' >>./mpi/asm-syntax.h path="hppa" mpi_extra_modules="udiv-qrnnd" + mpi_cpu_arch="hppa" ;; hppa*-*-*) # assume pa7100 echo '/* configured for HPPA (pa7100) */' >>./mpi/asm-syntax.h path="pa7100 hppa1.1 hppa" mpi_extra_modules="udiv-qrnnd" + mpi_cpu_arch="hppa" ;; sparc64-*-linux-gnu) echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h @@ -300,6 +306,7 @@ case "${host}" in mpi_sflags="-Wa,-mpwr" path="power" mpi_extra_modules="udiv-w-sdiv" + mpi_cpu_arch="ppc" ;; rs6000-*-* | \ power-*-* | \ @@ -333,13 +340,23 @@ case "${host}" in mpi_cpu_arch="ppc" ;; *) - echo '/* No assembler modules configured */' >>./mpi/asm-syntax.h + echo '/* Platform not known */' >>./mpi/asm-syntax.h path="" ;; esac -else - echo '/* Assembler modules disabled on request */' >>./mpi/asm-syntax.h + +# If asm modules are disabled reset the found variables but keep +# mpi_cpu_arch. +if test "$try_asm_modules" != "yes" ; then + echo '/* Assembler modules disabled on request */' >./mpi/asm-syntax.h path="" + mpi_sflags="" + mpi_extra_modules="" +fi + +# Make sure that mpi_cpu_arch is not the empty string. +if test x"$mpi_cpu_arch" = x ; then + mpi_cpu_arch="unknown" fi ----------------------------------------------------------------------- Summary of changes: cipher/rmd160.c | 2 +- configure.ac | 281 ++++++++++++++++++++------------ m4/gpg-error.m4 | 38 +++-- mpi/config.links | 27 +++- src/global.c | 50 +++++- tests/Makefile.am | 12 +- tests/basic.c | 12 +- tests/t-common.h | 99 ++++++++++++ tests/t-lock.c | 460 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 847 insertions(+), 134 deletions(-) create mode 100644 tests/t-common.h create mode 100644 tests/t-lock.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From gniibe at fsij.org Tue Jan 28 08:14:52 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 28 Jan 2014 16:14:52 +0900 Subject: Fix for RSA Blinding Message-ID: <1390893292.1541.12.camel@cfw2.gniibe.org> Hello, I think that we need a fix for RSA blinding. When the random value is not coprime to N, rsa_decrypt simply fails with GPG_ERR_INTERNAL. Comment says "r" should be relatively prime to N, but there is no code to guarantee that. It would be better comment mentioned multiples of p (and q), too. When computation of invert successes, it means it's not coprime. Thus, this is my proposal fix. diff --git a/cipher/rsa.c b/cipher/rsa.c index e595e38..9a8d235 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1023,13 +1023,12 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) ri = mpi_snew (ctx.nbits); bldata = mpi_snew (ctx.nbits); - _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); - mpi_mod (r, r, sk.n); - if (!mpi_invm (ri, r, sk.n)) + do { - rc = GPG_ERR_INTERNAL; - goto leave; + _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); + mpi_mod (r, r, sk.n); } + while (!mpi_invm (ri, r, sk.n)); /* Do blinding. We calculate: y = (x * r^e) mod n, where r is the random number, e is the public exponent, x is the -- From cvs at cvs.gnupg.org Tue Jan 28 13:04:34 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Jan 2014 13:04:34 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-51-gcbdc355 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via cbdc355415f83ed62da4f3618767eba54d7e6d37 (commit) via 7460e9243b3cc050631c37ed4f2713ae7bcb6762 (commit) via 3caa0f1319dc4779e0d6eee4460c1af2a12b2c3c (commit) from 5c150ece094bf0a504a111ce6c7b72e8d0b0457a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbdc355415f83ed62da4f3618767eba54d7e6d37 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 sexp: Fix broken gcry_sexp_nth. * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data element. (NODE): Remove unused typedef. (ST_HINT): Comment unused macro. * tests/t-sexp.c (bug_1594): New. (main): Run new test. -- Before 1.6.0 gcry_sexp_nth (list, 0) with a LIST of "(a (b 3:pqr) (c 3:456) (d 3:xyz))" returned the entire list. 1.6.0 instead returned NULL. However, this is also surprising and the expected value would be "(a)". This patch fixes this. Somewhat related to that gcry_sexp_nth returned a broken list if requesting index 1 of a list like "(n foo)". It returned just the "foo" but not as a list which is required by the S-expression specs. Due to this patch the returned value is now "(foo)". Thanks to Ludovic Court?s for pointing out these problems. GnuPG-bug-id: 1594 diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 4a91790..c5c3b45 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4064,8 +4064,9 @@ no such element, @code{NULL} is returned. @deftypefun gcry_sexp_t gcry_sexp_car (@w{const gcry_sexp_t @var{list}}) Create and return a new S-expression from the first element in - at var{list}; this called the "type" and should always exist and be a -string. @code{NULL} is returned in case of a problem. + at var{list}; this is called the "type" and should always exist per +S-expression specification and in general be a string. @code{NULL} is +returned in case of a problem. @end deftypefun @deftypefun gcry_sexp_t gcry_sexp_cdr (@w{const gcry_sexp_t @var{list}}) diff --git a/src/sexp.c b/src/sexp.c index f31da00..0e4af52 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -1,7 +1,7 @@ /* sexp.c - S-Expression handling * Copyright (C) 1999, 2000, 2001, 2002, 2003, * 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2014 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -32,7 +32,55 @@ #define GCRYPT_NO_MPI_MACROS 1 #include "g10lib.h" -typedef struct gcry_sexp *NODE; + +/* Notes on the internal memory layout. + + We store an S-expression as one memory buffer with tags, length and + value. The simplest list would thus be: + + /----------+----------+---------+------+-----------+----------\ + | open_tag | data_tag | datalen | data | close_tag | stop_tag | + \----------+----------+---------+------+-----------+----------/ + + Expressed more compact and with an example: + + /----+----+----+---+----+----\ + | OT | DT | DL | D | CT | ST | "(foo)" + \----+----+----+---+----+----/ + + The open tag must always be the first tag of a list as requires by + the S-expression specs. At least data element (data_tag, datalen, + data) is required as well. The close_tag finishes the list and + would actually be sufficient. For fail-safe reasons a final stop + tag is always the last byte in a buffer; it has a value of 0 so + that string function accidently applied to an S-expression will + never access unallocated data. We do not support display hints and + thus don't need to represent them. A list may have more an + arbitrary number of data elements but at least one is required. + The length of each data must be greater than 0 and has a current + limit to 65535 bytes (by means of the DATALEN type). + + A list with two data elements: + + /----+----+----+---+----+----+---+----+----\ + | OT | DT | DL | D | DT | DL | D | CT | ST | "(foo bar)" + \----+----+----+---+----+----+---+----+----/ + + In the above example both DL fields have a value of 3. + A list of a list with one data element: + + /----+----+----+----+---+----+----+----\ + | OT | OT | DT | DL | D | CT | CT | ST | "((foo))" + \----+----+----+----+---+----+----+----/ + + A list with one element followed by another list: + + /----+----+----+---+----+----+----+---+----+----+----\ + | OT | DT | DL | D | OT | DT | DL | D | CT | CT | ST | "(foo (bar))" + \----+----+----+---+----+----+----+---+----+----+----/ + + */ + typedef unsigned short DATALEN; struct gcry_sexp @@ -42,11 +90,11 @@ struct gcry_sexp #define ST_STOP 0 #define ST_DATA 1 /* datalen follows */ -#define ST_HINT 2 /* datalen follows */ +/*#define ST_HINT 2 datalen follows (currently not used) */ #define ST_OPEN 3 #define ST_CLOSE 4 -/* the atoi macros assume that the buffer has only valid digits */ +/* The atoi macros assume that the buffer has only valid digits. */ #define atoi_1(p) (*(p) - '0' ) #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) @@ -167,9 +215,10 @@ _gcry_sexp_dump (const gcry_sexp_t a) } } -/**************** - * Pass list through except when it is an empty list - in that case - * return NULL and release the passed list. + +/* Pass list through except when it is an empty list - in that case + * return NULL and release the passed list. This is used to make sure + * that no forbidden empty lists are created. */ static gcry_sexp_t normalize ( gcry_sexp_t list ) @@ -501,7 +550,7 @@ _gcry_sexp_length (const gcry_sexp_t list) /* Return the internal lengths offset of LIST. That is the size of - the buffer from the first ST_OPEN, which is retruned at R_OFF, to + the buffer from the first ST_OPEN, which is returned at R_OFF, to the corresponding ST_CLOSE inclusive. */ static size_t get_internal_buffer (const gcry_sexp_t list, size_t *r_off) @@ -542,8 +591,8 @@ get_internal_buffer (const gcry_sexp_t list, size_t *r_off) -/* Extract the CAR of the given list. May return NULL for bad lists - or memory failure. */ +/* Extract the n-th element of the given LIST. Returns NULL for + no-such-element, a corrupt list, or memory failure. */ gcry_sexp_t _gcry_sexp_nth (const gcry_sexp_t list, int number) { @@ -587,15 +636,16 @@ _gcry_sexp_nth (const gcry_sexp_t list, int number) if (*p == ST_DATA) { - memcpy (&n, p, sizeof n); - p += sizeof n; - newlist = xtrymalloc (sizeof *newlist + n + 1); + memcpy (&n, p+1, sizeof n); + newlist = xtrymalloc (sizeof *newlist + 1 + 1 + sizeof n + n + 1); if (!newlist) return NULL; d = newlist->d; - memcpy (d, p, n); - d += n; - *d++ = ST_STOP; + *d++ = ST_OPEN; + memcpy (d, p, 1 + sizeof n + n); + d += 1 + sizeof n + n; + *d++ = ST_CLOSE; + *d = ST_STOP; } else if (*p == ST_OPEN) { @@ -639,6 +689,7 @@ _gcry_sexp_nth (const gcry_sexp_t list, int number) return normalize (newlist); } + gcry_sexp_t _gcry_sexp_car (const gcry_sexp_t list) { diff --git a/tests/t-sexp.c b/tests/t-sexp.c index 3510382..1051723 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -978,6 +978,74 @@ check_extract_param (void) } +/* A test based on bug 1594. */ +static void +bug_1594 (void) +{ +static char thing[] = + "(signature" + " (public-key" + " (rsa" + " (n #00A53A6B3A50BE571F805BD98ECE1FCE4CE291C3D4D3E971740E1EE6D447F526" + " 6AC8973DDC82F0ADD234CC82E0A0A3F48B81ACC8B038DB8ACC3E78DC2ED2642F" + " 6BA353FCA60F47C2801DEB477B37FB8B2F5508AA1C6D922780DB142DEA19B812" + " C4E64F1138AD3BD61C58DB2D2591BE0BF36A1AC588AA45763BCDFF581050ABA8" + " CA47BD9723ADD6A308AE28471EDD2B16D03C941D4F2B7E019C43AF8972880633" + " 54E97B7E19F1677D84B69A26B184A77B719DD72C48E0EE36107046F786566A9D" + " 13BAD724D6D78F24700FC22FC000E1B2A8C1B08ED62008395B0764CD9B55E80D" + " A0A2B61C698DC27EA98E68BB576ACFC2B91B4D7283E7D960948D049D6E3C4CB1" + " F489B460A120A4BB6C04A843FD3A67454136DE61CF68A927871EFFA9141BD372" + " A748593C703E0301F039A9E674C50301BFC385BABE5B154250E7D57B82DB31F1" + " E1AC696F870DCD8FE8DEC75608B988FCA3B484F1FD7755BF452F99597269AF02" + " E8AF87D0F93DB427291659183D077254C835BFB6DDFD87CD0B5E0738682FCD34" + " 923F22551F73944E6CBE3ED6879B4414676B5DA0F30ED21DFA12BD2230C3C5D2" + " EA116A3EFEB4AEC21C58E63FAFA549A63190F01859445E9B80F427B80FD4C884" + " 2AD41FE760A3E9DEDFB56CEBE8EA783838B2B392CACDDC760CCE212E388AFBC1" + " 95DC6D0ED87E9091F82A82CE372738C8DE8ABD76ACD06AC8B80AA0597162DF59" + " 67#)" + " (e #010001#))))"; + gcry_sexp_t sig, pubkey, n, n_val; + + info ("checking fix for bug 1594\n"); + + if (gcry_sexp_new (&sig, thing, 0, 1)) + die ("scanning fixed string failed\n"); + pubkey = gcry_sexp_find_token (sig, "public-key", 0); + gcry_sexp_release (sig); + if (!pubkey) + { + fail ("'public-key' token not found"); + return; + } + n = gcry_sexp_find_token (pubkey, "n", 0); + if (!n) + { + fail ("'n' token not found"); + gcry_sexp_release (pubkey); + return; + } + n_val = gcry_sexp_nth (n, 1); + /* Bug 1594 would require the following test: + * if (n_val) + * fail ("extracting 1-th of 'n' list did not fail"); + * However, we meanwhile modified the S-expression functions to + * behave like Scheme to allow the access of any element of a list. + */ + if (!n_val) + fail ("extracting 1-th of 'n' list failed"); + /*gcry_log_debugsxp ("1-th", n_val); => "(#00A5...#)" */ + gcry_sexp_release (n_val); + n_val = gcry_sexp_nth (n, 2); + if (n_val) + fail ("extracting 2-th of 'n' list did not fail"); + n_val = gcry_sexp_nth (n, 0); + if (!n_val) + fail ("extracting 0-th of 'n' list failed"); + /*gcry_log_debugsxp ("0-th", n_val); => "(n)" */ + if (gcry_sexp_nth (n_val, 1)) + fail ("extracting 1-th of car of 'n' list did not fail"); + gcry_sexp_release (n_val); +} int @@ -1040,6 +1108,7 @@ main (int argc, char **argv) back_and_forth (); check_sscan (); check_extract_param (); + bug_1594 (); return errorcount? 1:0; } commit 7460e9243b3cc050631c37ed4f2713ae7bcb6762 Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 tests: Improve t-common.h. * tests/t-common.h: Add couple of macros. Check that config.h has been included. (show): Rename to info. * tests/t-lock.c, tests/t-sexp.c: Adjust for changes. Signed-off-by: Werner Koch diff --git a/tests/t-common.h b/tests/t-common.h index 288963d..3546986 100644 --- a/tests/t-common.h +++ b/tests/t-common.h @@ -21,16 +21,39 @@ #include "../src/gcrypt.h" -#ifndef PGM -# error Macro PGM not defined. +#ifndef PGMNAME +# error Macro PGMNAME not defined. #endif +#ifndef _GCRYPT_CONFIG_H_INCLUDED +# error config.h not included +#endif + +/* A couple of useful macros. */ +#ifndef DIM +# define DIM(v) (sizeof(v)/sizeof((v)[0])) +#endif +#define my_isascii(c) (!((c) & 0x80)) +#define digitp(p) (*(p) >= '0' && *(p) <= '9') +#define hexdigitp(a) (digitp (a) \ + || (*(a) >= 'A' && *(a) <= 'F') \ + || (*(a) >= 'a' && *(a) <= 'f')) +#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ + *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) +#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) +#define xmalloc(a) gcry_xmalloc ((a)) +#define xcalloc(a,b) gcry_xcalloc ((a),(b)) +#define xstrdup(a) gcry_xstrdup ((a)) +#define xfree(a) gcry_free ((a)) +#define pass() do { ; } while (0) +/* Standard global variables. */ static int verbose; static int debug; static int errorcount; +/* Reporting functions. */ static void die (const char *format, ...) { @@ -40,7 +63,7 @@ die (const char *format, ...) #ifdef HAVE_FLOCKFILE flockfile (stderr); #endif - fprintf (stderr, "%s: ", PGM); + fprintf (stderr, "%s: ", PGMNAME); va_start (arg_ptr, format) ; vfprintf (stderr, format, arg_ptr); va_end (arg_ptr); @@ -62,7 +85,7 @@ fail (const char *format, ...) #ifdef HAVE_FLOCKFILE flockfile (stderr); #endif - fprintf (stderr, "%s: ", PGM); + fprintf (stderr, "%s: ", PGMNAME); va_start (arg_ptr, format); vfprintf (stderr, format, arg_ptr); va_end (arg_ptr); @@ -78,7 +101,7 @@ fail (const char *format, ...) static void -show (const char *format, ...) +info (const char *format, ...) { va_list arg_ptr; @@ -87,7 +110,7 @@ show (const char *format, ...) #ifdef HAVE_FLOCKFILE flockfile (stderr); #endif - fprintf (stderr, "%s: ", PGM); + fprintf (stderr, "%s: ", PGMNAME); va_start (arg_ptr, format); vfprintf (stderr, format, arg_ptr); if (*format && format[strlen(format)-1] != '\n') diff --git a/tests/t-lock.c b/tests/t-lock.c index c6c1e41..22b67ef 100644 --- a/tests/t-lock.c +++ b/tests/t-lock.c @@ -31,7 +31,7 @@ # include #endif -#define PGM "t-lock" +#define PGMNAME "t-lock" #include "t-common.h" @@ -152,7 +152,7 @@ nonce_thread (void *argarg) { gcry_create_nonce (nonce, sizeof nonce); if (i && !(i%100)) - show ("thread %d created %d nonces so far", arg->no, i); + info ("thread %d created %d nonces so far", arg->no, i); } gcry_free (arg); @@ -186,7 +186,7 @@ check_nonce_lock (void) { rc = WaitForSingleObject (threads[i], INFINITE); if (rc == WAIT_OBJECT_0) - show ("nonce thread %d has terminated", i); + info ("nonce thread %d has terminated", i); else fail ("waiting for nonce thread %d failed: %d", i, (int)GetLastError ()); @@ -211,7 +211,7 @@ check_nonce_lock (void) fail ("pthread_join failed for nonce thread %d: %s", i, strerror (errno)); else - show ("nonce thread %d has terminated", i); + info ("nonce thread %d has terminated", i); } #endif /*!_WIN32*/ @@ -345,7 +345,7 @@ run_test (void) { rc = WaitForSingleObject (athreads[i], INFINITE); if (rc == WAIT_OBJECT_0) - show ("accountant thread %d has terminated", i); + info ("accountant thread %d has terminated", i); else fail ("waiting for accountant thread %d failed: %d", i, (int)GetLastError ()); @@ -355,7 +355,7 @@ run_test (void) rc = WaitForSingleObject (rthread, INFINITE); if (rc == WAIT_OBJECT_0) - show ("revision thread has terminated"); + info ("revision thread has terminated"); else fail ("waiting for revision thread failed: %d", (int)GetLastError ()); CloseHandle (rthread); @@ -379,7 +379,7 @@ run_test (void) fail ("pthread_join failed for accountant thread %d: %s", i, strerror (errno)); else - show ("accountant thread %d has terminated", i); + info ("accountant thread %d has terminated", i); } stop_revision_thread = 1; @@ -387,7 +387,7 @@ run_test (void) if (rc) fail ("pthread_join failed for the revision thread: %s", strerror (errno)); else - show ("revision thread has terminated"); + info ("revision thread has terminated"); #endif /*!_WIN32*/ @@ -438,6 +438,9 @@ main (int argc, char **argv) gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch"); + /* We are using non-public interfaces - check the exact version. */ + if (strcmp (gcry_check_version (NULL), GCRYPT_VERSION)) + die ("exact version match failed"); gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); diff --git a/tests/t-sexp.c b/tests/t-sexp.c index 4c48277..3510382 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -1,5 +1,6 @@ /* t-sexp.c - S-expression regression tests - * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. + * Copyright (C) 2014 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -14,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ #ifdef HAVE_CONFIG_H @@ -29,72 +29,7 @@ #include "../src/gcrypt-int.h" #define PGMNAME "t-sexp" - -#ifndef DIM -# define DIM(v) (sizeof(v)/sizeof((v)[0])) -#endif -#define my_isascii(c) (!((c) & 0x80)) -#define digitp(p) (*(p) >= '0' && *(p) <= '9') -#define hexdigitp(a) (digitp (a) \ - || (*(a) >= 'A' && *(a) <= 'F') \ - || (*(a) >= 'a' && *(a) <= 'f')) -#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ - *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) -#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) -#define xmalloc(a) gcry_xmalloc ((a)) -#define xcalloc(a,b) gcry_xcalloc ((a),(b)) -#define xstrdup(a) gcry_xstrdup ((a)) -#define xfree(a) gcry_free ((a)) -#define pass() do { ; } while (0) - - -static int verbose; -static int error_count; - -static void -die (const char *format, ...) -{ - va_list arg_ptr ; - - fflush (stdout); - fprintf (stderr, "%s: ", PGMNAME); - va_start( arg_ptr, format ) ; - vfprintf (stderr, format, arg_ptr ); - va_end(arg_ptr); - if (*format && format[strlen(format)-1] != '\n') - putc ('\n', stderr); - exit (1); -} - -static void -info (const char *format, ...) -{ - va_list arg_ptr; - - if (verbose) - { - va_start( arg_ptr, format ) ; - vfprintf (stderr, format, arg_ptr ); - va_end(arg_ptr); - if (*format && format[strlen(format)-1] != '\n') - putc ('\n', stderr); - } -} - -static void -fail ( const char *format, ... ) -{ - va_list arg_ptr ; - - fputs (PGMNAME ": ", stderr); - va_start( arg_ptr, format ) ; - vfprintf (stderr, format, arg_ptr ); - va_end(arg_ptr); - if (*format && format[strlen(format)-1] != '\n') - putc ('\n', stderr); - error_count++; -} - +#include "t-common.h" /* Convert STRING consisting of hex characters into its binary @@ -1043,14 +978,62 @@ check_extract_param (void) } + + int main (int argc, char **argv) { - if (argc > 1 && !strcmp (argv[1], "--verbose")) - verbose = 1; + int last_argc = -1; + + if (argc) + { + argc--; argv++; + } + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + { + puts ( +"usage: " PGMNAME " [options]\n" +"\n" +"Options:\n" +" --verbose Show what is going on\n" +" --debug Flyswatter\n" +); + exit (0); + } + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose = debug = 1; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + die ("unknown option '%s'", *argv); + } + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch"); + /* #include "../src/gcrypt-int.h" indicates that internal interfaces + may be used; thus better do an exact version check. */ + if (strcmp (gcry_check_version (NULL), GCRYPT_VERSION)) + die ("exact version match failed"); + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); basic (); canon_len (); @@ -1058,5 +1041,5 @@ main (int argc, char **argv) check_sscan (); check_extract_param (); - return error_count? 1:0; + return errorcount? 1:0; } commit 3caa0f1319dc4779e0d6eee4460c1af2a12b2c3c Author: Werner Koch Date: Thu Jan 9 19:14:09 2014 +0100 mpi: Minor fix for Atari-mint. * mpi/config.links [m68k-atari-mint]: Do not assume 68020. Suggested by Alan Hourihane. (cherry picked from commit 420f42a5752e90a8b27d58ffa1ddfe6e4ab341e8) diff --git a/mpi/config.links b/mpi/config.links index 57e6c2a..0217d35 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -260,7 +260,7 @@ case "${host}" in m68k-atari-mint) echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h - path="m68k/mc68020 m68k" + path="m68k" mpi_cpu_arch="m68k" ;; m68000*-*-* | \ ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 5 +- mpi/config.links | 2 +- src/sexp.c | 83 ++++++++++++++++++----- tests/t-common.h | 35 ++++++++-- tests/t-lock.c | 19 +++--- tests/t-sexp.c | 196 ++++++++++++++++++++++++++++++++++-------------------- 6 files changed, 235 insertions(+), 105 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Tue Jan 28 12:58:56 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 28 Jan 2014 12:58:56 +0100 Subject: Sexp changes between 1.5.3 and 1.6.0 In-Reply-To: <87ob4aklkb.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sat, 21 Dec 2013 21:15:16 +0100") References: <87txe2o2fi.fsf@gnu.org> <87iouiknwm.fsf@vigenere.g10code.de> <87ob4aklkb.fsf@gnu.org> Message-ID: <87r47s48sf.fsf@vigenere.g10code.de> On Sat, 21 Dec 2013 21:15, ludo at gnu.org said: > (BTW, as a Schemer, it took me a while to understand that car and nth do > not correspond to their traditional Lisp counterpart: the Lisp car and > nth return the given element, regardless of whether it is a list or an Well, that is a bug and it is related to your reproted bug 1594. I have now fixed it in master and will backport it to 1.6: sexp: Fix broken gcry_sexp_nth. * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data element. (NODE): Remove unused typedef. (ST_HINT): Comment unused macro. * tests/t-sexp.c (bug_1594): New. (main): Run new test. -- Before 1.6.0 gcry_sexp_nth (list, 0) with a LIST of "(a (b 3:pqr) (c 3:456) (d 3:xyz))" returned the entire list. 1.6.0 instead returned NULL. However, this is also surprising and the expected value would be "(a)". This patch fixes this. Somewhat related to that gcry_sexp_nth returned a broken list if requesting index 1 of a list like "(n foo)". It returned just the "foo" but not as a list which is required by the S-expression specs. Due to this patch the returned value is now "(foo)". Thanks to Ludovic Court?s for pointing out these problems. GnuPG-bug-id: 1594 I don't expect that this will introduce incompatibilities. A reason why we have this uncommon behaviour in Libgcrypt is a bug in the original GnuPG-2 code which created an S-expression "foo" at one place. This is clearly not allowed but I realized that too late and thus had to stick with it for some years. Meanwhile this problem has been solved in GnuPG. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Jan 28 15:54:35 2014 From: wk at gnupg.org (Werner Koch) Date: Tue, 28 Jan 2014 15:54:35 +0100 Subject: Fix for RSA Blinding In-Reply-To: <1390893292.1541.12.camel@cfw2.gniibe.org> (NIIBE Yutaka's message of "Tue, 28 Jan 2014 16:14:52 +0900") References: <1390893292.1541.12.camel@cfw2.gniibe.org> Message-ID: <87iot440no.fsf@vigenere.g10code.de> On Tue, 28 Jan 2014 08:14, gniibe at fsij.org said: > I think that we need a fix for RSA blinding. When the random value is > not coprime to N, rsa_decrypt simply fails with GPG_ERR_INTERNAL. You are completely correct. Can you push a patch for Libgcrypt? I can take care of fixing it for gnupg 1.4. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Tue Jan 28 17:03:08 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Jan 2014 17:03:08 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-52-g52f7c48 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 52f7c48c901a3de51bd690a218f3de2f71e8d790 (commit) from cbdc355415f83ed62da4f3618767eba54d7e6d37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52f7c48c901a3de51bd690a218f3de2f71e8d790 Author: Werner Koch Date: Tue Jan 28 17:00:27 2014 +0100 cipher: Take care of ENABLE_NEON_SUPPORT. * cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if ENABLE_NEON_SUPPORT is defined. * cipher/serpent.c (USE_NEON): Ditto. * cipher/sha1.c (USE_NEON): Ditto. * cipher/sha512.c (USE_ARM_NEON_ASM): Ditto. -- The generic C source files must only include NEON support if that is enabled. The dedicated ASM files are conditionally compiled and thus do not need to use it. GnuPG-bug-id: 1603 Signed-off-by: Werner Koch diff --git a/cipher/salsa20.c b/cipher/salsa20.c index 72b28b0..d75fe51 100644 --- a/cipher/salsa20.c +++ b/cipher/salsa20.c @@ -49,12 +49,13 @@ /* USE_ARM_NEON_ASM indicates whether to enable ARM NEON assembly code. */ #undef USE_ARM_NEON_ASM -#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) -# if defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_NEON) +#ifdef ENABLE_NEON_SUPPORT +# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \ + && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \ + && defined(HAVE_GCC_INLINE_ASM_NEON) # define USE_ARM_NEON_ASM 1 # endif -#endif +#endif /*ENABLE_NEON_SUPPORT*/ #define SALSA20_MIN_KEY_SIZE 16 /* Bytes. */ diff --git a/cipher/serpent.c b/cipher/serpent.c index 8e647d4..0be49da 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -48,13 +48,13 @@ /* USE_NEON indicates whether to enable ARM NEON assembly code. */ #undef USE_NEON -#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) -# if defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_NEON) +#ifdef ENABLE_NEON_SUPPORT +# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \ + && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \ + && defined(HAVE_GCC_INLINE_ASM_NEON) # define USE_NEON 1 # endif -#endif - +#endif /*ENABLE_NEON_SUPPORT*/ /* Number of rounds per Serpent encrypt/decrypt operation. */ #define ROUNDS 32 diff --git a/cipher/sha1.c b/cipher/sha1.c index 65bd686..00c57dd 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -66,12 +66,13 @@ /* USE_NEON indicates whether to enable ARM NEON assembly code. */ #undef USE_NEON -#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) -# if defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_NEON) +#ifdef ENABLE_NEON_SUPPORT +# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \ + && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \ + && defined(HAVE_GCC_INLINE_ASM_NEON) # define USE_NEON 1 # endif -#endif +#endif /*ENABLE_NEON_SUPPORT*/ /* A macro to test whether P is properly aligned for an u32 type. diff --git a/cipher/sha512.c b/cipher/sha512.c index 92b4913..7d60df0 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -57,12 +57,13 @@ /* USE_ARM_NEON_ASM indicates whether to enable ARM NEON assembly code. */ #undef USE_ARM_NEON_ASM -#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) -# if defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_NEON) +#ifdef ENABLE_NEON_SUPPORT +# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \ + && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \ + && defined(HAVE_GCC_INLINE_ASM_NEON) # define USE_ARM_NEON_ASM 1 # endif -#endif +#endif /*ENABLE_NEON_SUPPORT*/ /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ ----------------------------------------------------------------------- Summary of changes: cipher/salsa20.c | 9 +++++---- cipher/serpent.c | 10 +++++----- cipher/sha1.c | 9 +++++---- cipher/sha512.c | 9 +++++---- 4 files changed, 20 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Wed Jan 29 00:36:27 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 29 Jan 2014 00:36:27 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-53-g121a90d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 121a90d8931944974054f7d94f63b7f89df87fa5 (commit) from 52f7c48c901a3de51bd690a218f3de2f71e8d790 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 121a90d8931944974054f7d94f63b7f89df87fa5 Author: NIIBE Yutaka Date: Wed Jan 29 08:32:46 2014 +0900 Fix RSA Blinding. * cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse. Signed-off-by: NIIBE Yutaka diff --git a/cipher/rsa.c b/cipher/rsa.c index e595e38..9a8d235 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1023,13 +1023,12 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) ri = mpi_snew (ctx.nbits); bldata = mpi_snew (ctx.nbits); - _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); - mpi_mod (r, r, sk.n); - if (!mpi_invm (ri, r, sk.n)) + do { - rc = GPG_ERR_INTERNAL; - goto leave; + _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); + mpi_mod (r, r, sk.n); } + while (!mpi_invm (ri, r, sk.n)); /* Do blinding. We calculate: y = (x * r^e) mod n, where r is the random number, e is the public exponent, x is the ----------------------------------------------------------------------- Summary of changes: cipher/rsa.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From gniibe at fsij.org Wed Jan 29 00:43:58 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 29 Jan 2014 08:43:58 +0900 Subject: Fix for RSA Blinding In-Reply-To: <87iot440no.fsf@vigenere.g10code.de> References: <1390893292.1541.12.camel@cfw2.gniibe.org> <87iot440no.fsf@vigenere.g10code.de> Message-ID: <1390952638.1543.0.camel@cfw2.gniibe.org> On 2014-01-28 at 15:54 +0100, Werner Koch wrote: > You are completely correct. Can you push a patch for Libgcrypt? I can > take care of fixing it for gnupg 1.4. Done. We know that the probability of getting an error is very very small (far smaller than something like hardware error). It's for correctness of code. -- From wk at gnupg.org Wed Jan 29 08:32:03 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 29 Jan 2014 08:32:03 +0100 Subject: Fix for RSA Blinding In-Reply-To: <1390952638.1543.0.camel@cfw2.gniibe.org> (NIIBE Yutaka's message of "Wed, 29 Jan 2014 08:43:58 +0900") References: <1390893292.1541.12.camel@cfw2.gniibe.org> <87iot440no.fsf@vigenere.g10code.de> <1390952638.1543.0.camel@cfw2.gniibe.org> Message-ID: <87iot32qh8.fsf@vigenere.g10code.de> On Wed, 29 Jan 2014 00:43, gniibe at fsij.org said: > Done. Thanks. Will also go into 1.6.1. > We know that the probability of getting an error is very very small > (far smaller than something like hardware error). Sure. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Wed Jan 29 10:49:39 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 29 Jan 2014 10:49:39 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-54-gaea96a6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via aea96a64fbc58a0b6f9f435e97e93294c6eb1052 (commit) from 121a90d8931944974054f7d94f63b7f89df87fa5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aea96a64fbc58a0b6f9f435e97e93294c6eb1052 Author: Werner Koch Date: Wed Jan 29 10:44:36 2014 +0100 Reserve control code for FIPS extensions. * src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New. (GCRYCTL_REACTIVATE_FIPS_FLAG): New. * src/global.c (_gcry_vcontrol): Add them but return not_implemented. diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index b06f259..c84a3f7 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -327,7 +327,9 @@ enum gcry_ctl_cmds GCRYCTL_DISABLE_LOCKED_SECMEM = 67, GCRYCTL_DISABLE_PRIV_DROP = 68, GCRYCTL_SET_CCM_LENGTHS = 69, - GCRYCTL_CLOSE_RANDOM_DEVICE = 70 + GCRYCTL_CLOSE_RANDOM_DEVICE = 70, + GCRYCTL_INACTIVATE_FIPS_FLAG = 71, + GCRYCTL_REACTIVATE_FIPS_FLAG = 72 }; /* Perform various operations defined by CMD. */ diff --git a/src/global.c b/src/global.c index ec0cc3f..4e8df86 100644 --- a/src/global.c +++ b/src/global.c @@ -666,6 +666,11 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) | GCRY_SECMEM_FLAG_NO_PRIV_DROP)); break; + case GCRYCTL_INACTIVATE_FIPS_FLAG: + case GCRYCTL_REACTIVATE_FIPS_FLAG: + rc = GPG_ERR_NOT_IMPLEMENTED; + break; + default: _gcry_set_preferred_rng_type (0); rc = GPG_ERR_INV_OP; ----------------------------------------------------------------------- Summary of changes: src/gcrypt.h.in | 4 +++- src/global.c | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Wed Jan 29 14:49:12 2014 From: wk at gnupg.org (Werner Koch) Date: Wed, 29 Jan 2014 14:49:12 +0100 Subject: Libgcrypt 1.6.1 released Message-ID: <87iot2290n.fsf@vigenere.g10code.de> Hello! The GNU project is pleased to announce the availability of Libgcrypt version 1.6.1. This is a maintenance release to fix problems found in the recently released 1.6.0 version. Libgcrypt is a general purpose library of cryptographic building blocks. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required for proper use Libgcrypt. Noteworthy changes in version 1.6.1 (2014-01-29) ================================================ * Added emulation for broken Whirlpool code prior to 1.6.0. * Improved performance of KDF functions. * Improved ECDSA compliance. * Fixed locking for Windows and non-ELF Pthread systems (regression in 1.6.0) * Fixed message digest lookup by OID (regression in 1.6.0). * Fixed a build problem on NetBSD. * Fixed memory leaks in ECC code. * Fixed some asm build problems and feature detection bugs. * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_MD_FLAG_BUGEMU1 NEW (minor API change). Download ======== Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source tarball and its digital signature are: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2 (2413k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2.sig That file is bzip2 compressed. A gzip compressed version is here: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.gz (2872k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.gz.sig Alternativley you may upgrade using this patch file: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0-1.6.1.diff.bz2 (244k) In order to check that the version of Libgcrypt you are going to build is an original and unmodified one, you can do it in one of the following ways: * Check the supplied OpenPGP signature. For example to check the signature of the file libgcrypt-1.6.1.tar.bz2 you would use this command: gpg --verify libgcrypt-1.6.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by the release signing key 4F25E3B6 which is certified by my well known key 1E42B367. To retrieve the keys you may use the command "gpg --fetch-key finger:wk at g10code.com". * If you are not able to use GnuPG, you have to verify the SHA-1 checksum: sha1sum libgcrypt-1.6.1.tar.bz2 and check that the output matches the first line from the following list: f03d9b63ac3b17a6972fc11150d136925b702f02 libgcrypt-1.6.1.tar.bz2 fe6d442881a28a37d16348cdbf96b41b8ef38ced libgcrypt-1.6.1.tar.gz 35d002247186884ba3730c91f196a5de48c3fcf8 libgcrypt-1.6.0-1.6.1.diff.bz2 Copying ======= Libgcrypt is distributed under the terms of the GNU Lesser General Public License (LGPLv2.1+). The helper programs as well as the documentation are distributed under the terms of the GNU General Public License (GPLv2+). The file LICENSES has notices about contributions that require these additional notices are distributed. Support ======= For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. A listing with commercial support offers for Libgcrypt and related software is available at the GnuPG web site [2]. The driving force behind the development of Libgcrypt is my company g10 Code. Maintenance and improvement of Libgcrypt and related software takes up most of our resources. To allow us to continue our work on free software, we ask to either purchase a support contract, engage us for custom enhancements, or to donate money: http://g10code.com/gnupg-donation.html Thanks ====== Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel [2] http://www.gnupg.org/service.html -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 180 bytes Desc: not available URL: From cvs at cvs.gnupg.org Wed Jan 29 15:19:11 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 29 Jan 2014 15:19:11 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-55-g6e83552 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6e83552dde83a8b4f639071551a20e33a9d46eb9 (commit) from aea96a64fbc58a0b6f9f435e97e93294c6eb1052 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e83552dde83a8b4f639071551a20e33a9d46eb9 Author: Werner Koch Date: Wed Jan 29 15:17:37 2014 +0100 Update NEWS to be aligned with 1.6.1. -- diff --git a/NEWS b/NEWS index 5e21eb6..e1bb772 100644 --- a/NEWS +++ b/NEWS @@ -1,14 +1,25 @@ Noteworthy changes in version 1.7.0 (unreleased) ------------------------------------------------ - * Fix a 1.6.0 introduced regression in looking up an message digest - by OID. + * Added emulation for broken Whirlpool code prior to 1.6.0. - * Support curve sec256k1. + * Added support for curve sec256k1. - * Support curves GOST R 34.10-2001 and GOST R 34.10-2012. + * Added support for curves GOST R 34.10-2001 and GOST R 34.10-2012. - * Add emulation from broken Whirlpool code prior to 1.6.0. + * Improved performance of KDF functions. + + * Improved ECDSA compliance. + + * Moved locking out to libgpg-error. + + * Fixed message digest lookup by OID (regression in 1.6.0). + + * Fixed a build problem on NetBSD. + + * Fixed memory leaks in ECC code. + + * Fixed some asm build problems and feature detection bugs. * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------------------------------------------------------------- Summary of changes: NEWS | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From ludo at gnu.org Thu Jan 30 12:03:30 2014 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Thu, 30 Jan 2014 12:03:30 +0100 Subject: Sexp changes between 1.5.3 and 1.6.0 In-Reply-To: <87r47s48sf.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 28 Jan 2014 12:58:56 +0100") References: <87txe2o2fi.fsf@gnu.org> <87iouiknwm.fsf@vigenere.g10code.de> <87ob4aklkb.fsf@gnu.org> <87r47s48sf.fsf@vigenere.g10code.de> Message-ID: <87ppn9ohod.fsf@gnu.org> Werner Koch skribis: > On Sat, 21 Dec 2013 21:15, ludo at gnu.org said: > >> (BTW, as a Schemer, it took me a while to understand that car and nth do >> not correspond to their traditional Lisp counterpart: the Lisp car and >> nth return the given element, regardless of whether it is a list or an > > Well, that is a bug and it is related to your reproted bug 1594. I have > now fixed it in master and will backport it to 1.6: OK, thanks. The fix is not in 1.6.1, is it? (I didn?t see mention of it in the announcement.) > sexp: Fix broken gcry_sexp_nth. > > * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data > element. > (NODE): Remove unused typedef. > (ST_HINT): Comment unused macro. > > * tests/t-sexp.c (bug_1594): New. > (main): Run new test. > -- > > Before 1.6.0 gcry_sexp_nth (list, 0) with a LIST of "(a (b 3:pqr) (c > 3:456) (d 3:xyz))" returned the entire list. 1.6.0 instead returned > NULL. However, this is also surprising and the expected value would > be "(a)". This patch fixes this. > > Somewhat related to that gcry_sexp_nth returned a broken list if > requesting index 1 of a list like "(n foo)". It returned just the > "foo" but not as a list which is required by the S-expression specs. > Due to this patch the returned value is now "(foo)". Which spec are you referring to here? doesn?t specify ?car?, ?cdr?, ?nth?, etc. Cheers, Ludo?. From wk at gnupg.org Thu Jan 30 12:51:33 2014 From: wk at gnupg.org (Werner Koch) Date: Thu, 30 Jan 2014 12:51:33 +0100 Subject: Sexp changes between 1.5.3 and 1.6.0 In-Reply-To: <87ppn9ohod.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 30 Jan 2014 12:03:30 +0100") References: <87txe2o2fi.fsf@gnu.org> <87iouiknwm.fsf@vigenere.g10code.de> <87ob4aklkb.fsf@gnu.org> <87r47s48sf.fsf@vigenere.g10code.de> <87ppn9ohod.fsf@gnu.org> Message-ID: <87ppn9znzu.fsf@vigenere.g10code.de> On Thu, 30 Jan 2014 12:03, ludo at gnu.org said: > Werner Koch skribis: > >> On Sat, 21 Dec 2013 21:15, ludo at gnu.org said: >> >>> (BTW, as a Schemer, it took me a while to understand that car and nth do >>> not correspond to their traditional Lisp counterpart: the Lisp car and >>> nth return the given element, regardless of whether it is a list or an >> >> Well, that is a bug and it is related to your reproted bug 1594. I have >> now fixed it in master and will backport it to 1.6: > > OK, thanks. The fix is not in 1.6.1, is it? (I didn?t see mention of > it in the announcement.) Sure it is in 1.6.1: 8ca59661. > Which spec are you referring to here? > doesn?t specify ?car?, I meant that there are only lists and the lists may not be empty. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From gniibe at fsij.org Fri Jan 31 02:41:10 2014 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 31 Jan 2014 10:41:10 +0900 Subject: Fix for RSA Blinding In-Reply-To: <87iot32qh8.fsf@vigenere.g10code.de> References: <1390893292.1541.12.camel@cfw2.gniibe.org> <87iot440no.fsf@vigenere.g10code.de> <1390952638.1543.0.camel@cfw2.gniibe.org> <87iot32qh8.fsf@vigenere.g10code.de> Message-ID: <1391132470.2120.1.camel@cfw2.gniibe.org> I got an idea or two for improvements around our implementation of RSA Blinding (in the function rsa_decrypt in cipher/rsa.c). For RSA Blinding, we need a random value R (0 <= R <= N - 1, coprime to N) and R^-1 mod N. We use R^e to encode input, and use R^-1 to decode output. Currently, the procedure is like: (a) Get R. (b) Compute R^-1 mod N. When fail (R is not coprime to N), go back to (a). (c) Compute R^e My idea is: (1) We can use Chinese Remainder Theorem (CRT) to construct R and R^-1. Procedure will be like: (a1) Get R1. Go back to (a1), if it's not 0 < R1 < p. (a2) Get R2. Go back to (a2), if it's not 0 < R2 < q. (b') Compute m1 = R1^-1 mod p and m2 = R2^-1 mod q. Then compute R^-1 with the expression: h = u * (m1 - m2) mod q m = m1 + h * p R^-1 = m (c') Compute R^e by R1 and R2, likewise. (2) I read the RSA Bulletin #2 (January 1996) [0], and it was suggested to use deterministic way for getting random value R. I think that the basic idea is as same as the one of RFC 6979. It would be good to introduce this method. [0] Timing Attacks on Cryptosystems: ftp://ftp.rsa.com/pub/pdfs/bull-2.pdf Well, I will implement (1) above, when I will have time. I think that it will be somewhat faster, then. The mathematical proof of (1) is left as my homework. --