From l.palm at m-privacy.de Wed Apr 8 16:31:52 2015 From: l.palm at m-privacy.de (Lew Palm) Date: Wed, 08 Apr 2015 16:31:52 +0200 Subject: Bug report: _gcry_fast_random_poll() sets local variable to NULL (maybe we shouldn't) Message-ID: <55253BD8.804@m-privacy.de> Hi gcrypt folks, I observed our libgcrypt-based 64-bit application crashing on Windows 7 with segfaults. We use a current libgcrypt version from the git repo (40a7bdf50e19faaf106470897fed72af623adc50). I hunted down the problem to md_open() in md.c, line 369: *h = hd; h is a NULL pointer in that situation. But why? _gcry_fast_random_poll() (md.c, line 358) is the evildoer! Before the _gcry_fast_random_poll() call, h points to something reasonable, but after this call it points to NULL. _gcry_fast_random_poll() seems to do something nasty with the stack. Regards, Lew -- Dipl.-Inf. Lew Palm Softwareentwicklung m-privacy GmbH Werner-Vo?-Damm 62 12101 Berlin Fon: +49 30 24632203 Fax: +49 30 99296856 http://www.m-privacy.de GnuPG-Key-ID: 0xD51C760C Amtsgericht Charlottenburg, HRB 84946 Gesch?ftsf?hrer: Dipl.-Kfm. Holger Maczkowsky, Roman Maczkowsky -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jan.svensson at hush.com Wed Apr 8 23:07:32 2015 From: jan.svensson at hush.com (Jan Svensson) Date: Wed, 08 Apr 2015 23:07:32 +0200 Subject: Blind signatures with libgcrypt Message-ID: <20150408210732.CECC3E0549@smtp.hushmail.com> Hello, I'm working on a project where I'm thinking of creating three small programs in e.g. the C language that all would use Libgcrypt if possible: * a program "generate_blinding_factor" that generates a blinding factor "b". * a program "blind" that takes a short text message in clear text and a blinding factor "b" as input parameters and gives as output the message in blinded format. * a program "unblind" that takes a signed blinded message and a blinding factor "b" as input parameters and unblinds the message to get the output of the signed message in clear text. Course of events: 1. the user would use "generate_blinding_factor" to generate a blinding factor "b" 2. the user would use "blind" with parameters "message" and "b" to blind the clear text message. 3. the user would send the blinded message to the signer. 4. the signer would sign the blinded message with e.g. "gpg --output blinded_message.sig --sign blinded_message" while not being able to see the clear text of the message he/she signs. 5. the signer would send the signed blinded message back to the user. 6. the user would use "unblind" with parameters "signed blinded message" and "b" to unblind the message and getting the clear text message signed by the signer. 7. the user would later (at the same time as other users) anonymously send the signed message to the signer. We can assume that the signer keeps the blinded message he/she received in step 3 above so when the signer in step 7 gets to see the unblinded message in clear text, now also with the signers signature, then the signer cannot link those two messages to each other, i.e. sign(blind(message,b),d) and sign(message,d) cannot be linked. Would it be possible to do the above with Libgcrypt and RSA? I've read in http://www.gnupg.org/documentation/manuals/gcrypt/gcrypt.pdf that Libgcrypt uses blinding for RSA decryption. It would be really nice if it was possible to use Libgcrypt in this project since I suppose it would be much more complicated for me to try to fetch the relevant code from Libgcrypt and then try to build all the three programs above without any library calls to Libgcrypt. Kind regards, Jan From grothoff at gnunet.org Thu Apr 9 00:38:57 2015 From: grothoff at gnunet.org (Christian Grothoff) Date: Thu, 09 Apr 2015 00:38:57 +0200 Subject: Blind signatures with libgcrypt In-Reply-To: <20150408210732.CECC3E0549@smtp.hushmail.com> References: <20150408210732.CECC3E0549@smtp.hushmail.com> Message-ID: <5525AE01.8060600@gnunet.org> Hi Jan, You can find sample code for doing this in GNUnet: https://gnunet.org/svn/gnunet/src/util/crypto_rsa.c Happy hacking! Christian On 04/08/2015 11:07 PM, Jan Svensson wrote: > Hello, > > I'm working on a project where I'm thinking of creating three small programs in e.g. the C language that all would use Libgcrypt if possible: > * a program "generate_blinding_factor" that generates a blinding factor "b". > * a program "blind" that takes a short text message in clear text and a blinding factor "b" as input parameters and gives as output the message in blinded format. > * a program "unblind" that takes a signed blinded message and a blinding factor "b" as input parameters and unblinds the message to get the output of the signed message in clear text. > > Course of events: > 1. the user would use "generate_blinding_factor" to generate a blinding factor "b" > 2. the user would use "blind" with parameters "message" and "b" to blind the clear text message. > 3. the user would send the blinded message to the signer. > 4. the signer would sign the blinded message with e.g. "gpg --output blinded_message.sig --sign blinded_message" while not being able to see the clear text of the message he/she signs. > 5. the signer would send the signed blinded message back to the user. > 6. the user would use "unblind" with parameters "signed blinded message" and "b" to unblind the message and getting the clear text message signed by the signer. > 7. the user would later (at the same time as other users) anonymously send the signed message to the signer. > > We can assume that the signer keeps the blinded message he/she received in step 3 above so when the signer in step 7 gets to see the unblinded message in clear text, now also with the signers signature, then the signer cannot link those two messages to each other, i.e. sign(blind(message,b),d) and sign(message,d) cannot be linked. > > Would it be possible to do the above with Libgcrypt and RSA? I've read in http://www.gnupg.org/documentation/manuals/gcrypt/gcrypt.pdf that Libgcrypt uses blinding for RSA decryption. It would be really nice if it was possible to use Libgcrypt in this project since I suppose it would be much more complicated for me to try to fetch the relevant code from Libgcrypt and then try to build all the three programs above without any library calls to Libgcrypt. > > Kind regards, > Jan > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Apr 9 10:43:42 2015 From: wk at gnupg.org (Werner Koch) Date: Thu, 09 Apr 2015 10:43:42 +0200 Subject: Bug report: _gcry_fast_random_poll() sets local variable to NULL (maybe we shouldn't) In-Reply-To: <55253BD8.804@m-privacy.de> (Lew Palm's message of "Wed, 08 Apr 2015 16:31:52 +0200") References: <55253BD8.804@m-privacy.de> Message-ID: <87zj6hwv29.fsf@vigenere.g10code.de> On Wed, 8 Apr 2015 16:31, l.palm at m-privacy.de said: > I observed our libgcrypt-based 64-bit application crashing on Windows 7 You can'd build Libgcrypt as 64 bit Windows DLL. Well, it may build but there are several things which will go wrong. In particular the RNG won't work as expected. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From paulepanter at users.sourceforge.net Sat Apr 11 10:14:55 2015 From: paulepanter at users.sourceforge.net (Paul Menzel) Date: Sat, 11 Apr 2015 10:14:55 +0200 Subject: Warnings from Clang 3.7 Message-ID: <1428740094.2456.48.camel@users.sourceforge.net> Dear Libgrypt developers, with Debian Sid/unstable I installed the package `clang-3.7` and build Libgrypt 1.6.3 with it. Clang 3.7 reports some warnings. Are these expected? If not, could you address those please? Please find the log pasted at the end of the message. Thanks, Paul PS: Please CC me on replies as I am not subscribed to the list. $ CC=clang-3.7 ./configure [?] Libgcrypt v1.6.3 has been configured as follows: Platform: GNU/Linux (i686-pc-linux-gnu) Hardware detection module: hwf-x86 Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 tiger whirlpool stribog Enabled kdf algorithms: s2k pkdf2 scrypt Enabled pubkey algorithms: dsa elgamal rsa ecc Random number generator: default Using linux capabilities: no Try using Padlock crypto: yes Try using AES-NI crypto: yes Try using Intel PCLMUL: yes Try using DRNG (RDRAND): yes Try using Intel AVX: yes Try using Intel AVX2: yes Try using ARM NEON: n/a $ CC=clang-3.7 make make all-recursive make[1]: Entering directory '/mnt/libgcrypt-1.6.3' Making all in compat make[2]: Entering directory '/mnt/libgcrypt-1.6.3/compat' /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT compat.lo -MD -MP -MF .deps/compat.Tpo -c -o compat.lo compat.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT compat.lo -MD -MP -MF .deps/compat.Tpo -c compat.c -fPIC -DPIC -o .libs/compat.o mv -f .deps/compat.Tpo .deps/compat.Plo /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -o libcompat.la compat.lo libtool: link: ar cru .libs/libcompat.a .libs/compat.o ar: `u' modifier ignored since `D' is the default (see `U') libtool: link: ranlib .libs/libcompat.a libtool: link: ( cd ".libs" && rm -f "libcompat.la" && ln -s "../libcompat.la" "libcompat.la" ) make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/compat' Making all in mpi make[2]: Entering directory '/mnt/libgcrypt-1.6.3/mpi' /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-add.lo -MD -MP -MF .deps/mpi-add.Tpo -c -o mpi-add.lo mpi-add.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-add.lo -MD -MP -MF .deps/mpi-add.Tpo -c mpi-add.c -fPIC -DPIC -o .libs/mpi-add.o mv -f .deps/mpi-add.Tpo .deps/mpi-add.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-bit.lo -MD -MP -MF .deps/mpi-bit.Tpo -c -o mpi-bit.lo mpi-bit.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-bit.lo -MD -MP -MF .deps/mpi-bit.Tpo -c mpi-bit.c -fPIC -DPIC -o .libs/mpi-bit.o mv -f .deps/mpi-bit.Tpo .deps/mpi-bit.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-cmp.lo -MD -MP -MF .deps/mpi-cmp.Tpo -c -o mpi-cmp.lo mpi-cmp.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-cmp.lo -MD -MP -MF .deps/mpi-cmp.Tpo -c mpi-cmp.c -fPIC -DPIC -o .libs/mpi-cmp.o mv -f .deps/mpi-cmp.Tpo .deps/mpi-cmp.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-div.lo -MD -MP -MF .deps/mpi-div.Tpo -c -o mpi-div.lo mpi-div.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-div.lo -MD -MP -MF .deps/mpi-div.Tpo -c mpi-div.c -fPIC -DPIC -o .libs/mpi-div.o mv -f .deps/mpi-div.Tpo .deps/mpi-div.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-gcd.lo -MD -MP -MF .deps/mpi-gcd.Tpo -c -o mpi-gcd.lo mpi-gcd.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-gcd.lo -MD -MP -MF .deps/mpi-gcd.Tpo -c mpi-gcd.c -fPIC -DPIC -o .libs/mpi-gcd.o mv -f .deps/mpi-gcd.Tpo .deps/mpi-gcd.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-inline.lo -MD -MP -MF .deps/mpi-inline.Tpo -c -o mpi-inline.lo mpi-inline.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-inline.lo -MD -MP -MF .deps/mpi-inline.Tpo -c mpi-inline.c -fPIC -DPIC -o .libs/mpi-inline.o mv -f .deps/mpi-inline.Tpo .deps/mpi-inline.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-inv.lo -MD -MP -MF .deps/mpi-inv.Tpo -c -o mpi-inv.lo mpi-inv.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-inv.lo -MD -MP -MF .deps/mpi-inv.Tpo -c mpi-inv.c -fPIC -DPIC -o .libs/mpi-inv.o mv -f .deps/mpi-inv.Tpo .deps/mpi-inv.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-mul.lo -MD -MP -MF .deps/mpi-mul.Tpo -c -o mpi-mul.lo mpi-mul.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-mul.lo -MD -MP -MF .deps/mpi-mul.Tpo -c mpi-mul.c -fPIC -DPIC -o .libs/mpi-mul.o mv -f .deps/mpi-mul.Tpo .deps/mpi-mul.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-mod.lo -MD -MP -MF .deps/mpi-mod.Tpo -c -o mpi-mod.lo mpi-mod.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-mod.lo -MD -MP -MF .deps/mpi-mod.Tpo -c mpi-mod.c -fPIC -DPIC -o .libs/mpi-mod.o mv -f .deps/mpi-mod.Tpo .deps/mpi-mod.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-pow.lo -MD -MP -MF .deps/mpi-pow.Tpo -c -o mpi-pow.lo mpi-pow.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-pow.lo -MD -MP -MF .deps/mpi-pow.Tpo -c mpi-pow.c -fPIC -DPIC -o .libs/mpi-pow.o mv -f .deps/mpi-pow.Tpo .deps/mpi-pow.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-mpow.lo -MD -MP -MF .deps/mpi-mpow.Tpo -c -o mpi-mpow.lo mpi-mpow.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-mpow.lo -MD -MP -MF .deps/mpi-mpow.Tpo -c mpi-mpow.c -fPIC -DPIC -o .libs/mpi-mpow.o mv -f .deps/mpi-mpow.Tpo .deps/mpi-mpow.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-scan.lo -MD -MP -MF .deps/mpi-scan.Tpo -c -o mpi-scan.lo mpi-scan.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpi-scan.lo -MD -MP -MF .deps/mpi-scan.Tpo -c mpi-scan.c -fPIC -DPIC -o .libs/mpi-scan.o mv -f .deps/mpi-scan.Tpo .deps/mpi-scan.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpicoder.lo -MD -MP -MF .deps/mpicoder.Tpo -c -o mpicoder.lo mpicoder.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpicoder.lo -MD -MP -MF .deps/mpicoder.Tpo -c mpicoder.c -fPIC -DPIC -o .libs/mpicoder.o mv -f .deps/mpicoder.Tpo .deps/mpicoder.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpih-div.lo -MD -MP -MF .deps/mpih-div.Tpo -c -o mpih-div.lo mpih-div.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpih-div.lo -MD -MP -MF .deps/mpih-div.Tpo -c mpih-div.c -fPIC -DPIC -o .libs/mpih-div.o mv -f .deps/mpih-div.Tpo .deps/mpih-div.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpih-mul.lo -MD -MP -MF .deps/mpih-mul.Tpo -c -o mpih-mul.lo mpih-mul.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpih-mul.lo -MD -MP -MF .deps/mpih-mul.Tpo -c mpih-mul.c -fPIC -DPIC -o .libs/mpih-mul.o mv -f .deps/mpih-mul.Tpo .deps/mpih-mul.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpiutil.lo -MD -MP -MF .deps/mpiutil.Tpo -c -o mpiutil.lo mpiutil.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpiutil.lo -MD -MP -MF .deps/mpiutil.Tpo -c mpiutil.c -fPIC -DPIC -o .libs/mpiutil.o mv -f .deps/mpiutil.Tpo .deps/mpiutil.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ec.lo -MD -MP -MF .deps/ec.Tpo -c -o ec.lo ec.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ec.lo -MD -MP -MF .deps/ec.Tpo -c ec.c -fPIC -DPIC -o .libs/ec.o mv -f .deps/ec.Tpo .deps/ec.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ec-ed25519.lo -MD -MP -MF .deps/ec-ed25519.Tpo -c -o ec-ed25519.lo ec-ed25519.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ec-ed25519.lo -MD -MP -MF .deps/ec-ed25519.Tpo -c ec-ed25519.c -fPIC -DPIC -o .libs/ec-ed25519.o mv -f .deps/ec-ed25519.Tpo .deps/ec-ed25519.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c -o mpih-add1-asm.lo mpih-add1-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-add1-asm.lo -MD -MP -MF .deps/mpih-add1-asm.Tpo -c mpih-add1-asm.S -fPIC -DPIC -o .libs/mpih-add1-asm.o mv -f .deps/mpih-add1-asm.Tpo .deps/mpih-add1-asm.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-sub1-asm.lo -MD -MP -MF .deps/mpih-sub1-asm.Tpo -c -o mpih-sub1-asm.lo mpih-sub1-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-sub1-asm.lo -MD -MP -MF .deps/mpih-sub1-asm.Tpo -c mpih-sub1-asm.S -fPIC -DPIC -o .libs/mpih-sub1-asm.o mv -f .deps/mpih-sub1-asm.Tpo .deps/mpih-sub1-asm.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-mul1-asm.lo -MD -MP -MF .deps/mpih-mul1-asm.Tpo -c -o mpih-mul1-asm.lo mpih-mul1-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-mul1-asm.lo -MD -MP -MF .deps/mpih-mul1-asm.Tpo -c mpih-mul1-asm.S -fPIC -DPIC -o .libs/mpih-mul1-asm.o mv -f .deps/mpih-mul1-asm.Tpo .deps/mpih-mul1-asm.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-mul2-asm.lo -MD -MP -MF .deps/mpih-mul2-asm.Tpo -c -o mpih-mul2-asm.lo mpih-mul2-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-mul2-asm.lo -MD -MP -MF .deps/mpih-mul2-asm.Tpo -c mpih-mul2-asm.S -fPIC -DPIC -o .libs/mpih-mul2-asm.o mv -f .deps/mpih-mul2-asm.Tpo .deps/mpih-mul2-asm.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-mul3-asm.lo -MD -MP -MF .deps/mpih-mul3-asm.Tpo -c -o mpih-mul3-asm.lo mpih-mul3-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-mul3-asm.lo -MD -MP -MF .deps/mpih-mul3-asm.Tpo -c mpih-mul3-asm.S -fPIC -DPIC -o .libs/mpih-mul3-asm.o mv -f .deps/mpih-mul3-asm.Tpo .deps/mpih-mul3-asm.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-lshift-asm.lo -MD -MP -MF .deps/mpih-lshift-asm.Tpo -c -o mpih-lshift-asm.lo mpih-lshift-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-lshift-asm.lo -MD -MP -MF .deps/mpih-lshift-asm.Tpo -c mpih-lshift-asm.S -fPIC -DPIC -o .libs/mpih-lshift-asm.o mv -f .deps/mpih-lshift-asm.Tpo .deps/mpih-lshift-asm.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-rshift-asm.lo -MD -MP -MF .deps/mpih-rshift-asm.Tpo -c -o mpih-rshift-asm.lo mpih-rshift-asm.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT mpih-rshift-asm.lo -MD -MP -MF .deps/mpih-rshift-asm.Tpo -c mpih-rshift-asm.S -fPIC -DPIC -o .libs/mpih-rshift-asm.o mv -f .deps/mpih-rshift-asm.Tpo .deps/mpih-rshift-asm.Plo /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -o libmpi.la mpi-add.lo mpi-bit.lo mpi-cmp.lo mpi-div.lo mpi-gcd.lo mpi-inline.lo mpi-inv.lo mpi-mul.lo mpi-mod.lo mpi-pow.lo mpi-mpow.lo mpi-scan.lo mpicoder.lo mpih-div.lo mpih-mul.lo mpiutil.lo ec.lo ec-ed25519.lo mpih-add1-asm.lo mpih-sub1-asm.lo mpih-mul1-asm.lo mpih-mul2-asm.lo mpih-mul3-asm.lo mpih-lshift-asm.lo mpih-rshift-asm.lo libtool: link: ar cru .libs/libmpi.a .libs/mpi-add.o .libs/mpi-bit.o .libs/mpi-cmp.o .libs/mpi-div.o .libs/mpi-gcd.o .libs/mpi-inline.o .libs/mpi-inv.o .libs/mpi-mul.o .libs/mpi-mod.o .libs/mpi-pow.o .libs/mpi-mpow.o .libs/mpi-scan.o .libs/mpicoder.o .libs/mpih-div.o .libs/mpih-mul.o .libs/mpiutil.o .libs/ec.o .libs/ec-ed25519.o .libs/mpih-add1-asm.o .libs/mpih-sub1-asm.o .libs/mpih-mul1-asm.o .libs/mpih-mul2-asm.o .libs/mpih-mul3-asm.o .libs/mpih-lshift-asm.o .libs/mpih-rshift-asm.o ar: `u' modifier ignored since `D' is the default (see `U') libtool: link: ranlib .libs/libmpi.a libtool: link: ( cd ".libs" && rm -f "libmpi.la" && ln -s "../libmpi.la" "libmpi.la" ) make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/mpi' Making all in cipher make[2]: Entering directory '/mnt/libgcrypt-1.6.3/cipher' /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher.lo -MD -MP -MF .deps/cipher.Tpo -c -o cipher.lo cipher.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher.lo -MD -MP -MF .deps/cipher.Tpo -c cipher.c -fPIC -DPIC -o .libs/cipher.o mv -f .deps/cipher.Tpo .deps/cipher.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-cbc.lo -MD -MP -MF .deps/cipher-cbc.Tpo -c -o cipher-cbc.lo cipher-cbc.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-cbc.lo -MD -MP -MF .deps/cipher-cbc.Tpo -c cipher-cbc.c -fPIC -DPIC -o .libs/cipher-cbc.o mv -f .deps/cipher-cbc.Tpo .deps/cipher-cbc.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-cfb.lo -MD -MP -MF .deps/cipher-cfb.Tpo -c -o cipher-cfb.lo cipher-cfb.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-cfb.lo -MD -MP -MF .deps/cipher-cfb.Tpo -c cipher-cfb.c -fPIC -DPIC -o .libs/cipher-cfb.o mv -f .deps/cipher-cfb.Tpo .deps/cipher-cfb.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-ofb.lo -MD -MP -MF .deps/cipher-ofb.Tpo -c -o cipher-ofb.lo cipher-ofb.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-ofb.lo -MD -MP -MF .deps/cipher-ofb.Tpo -c cipher-ofb.c -fPIC -DPIC -o .libs/cipher-ofb.o mv -f .deps/cipher-ofb.Tpo .deps/cipher-ofb.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-ctr.lo -MD -MP -MF .deps/cipher-ctr.Tpo -c -o cipher-ctr.lo cipher-ctr.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-ctr.lo -MD -MP -MF .deps/cipher-ctr.Tpo -c cipher-ctr.c -fPIC -DPIC -o .libs/cipher-ctr.o mv -f .deps/cipher-ctr.Tpo .deps/cipher-ctr.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-aeswrap.lo -MD -MP -MF .deps/cipher-aeswrap.Tpo -c -o cipher-aeswrap.lo cipher-aeswrap.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-aeswrap.lo -MD -MP -MF .deps/cipher-aeswrap.Tpo -c cipher-aeswrap.c -fPIC -DPIC -o .libs/cipher-aeswrap.o mv -f .deps/cipher-aeswrap.Tpo .deps/cipher-aeswrap.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-ccm.lo -MD -MP -MF .deps/cipher-ccm.Tpo -c -o cipher-ccm.lo cipher-ccm.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-ccm.lo -MD -MP -MF .deps/cipher-ccm.Tpo -c cipher-ccm.c -fPIC -DPIC -o .libs/cipher-ccm.o mv -f .deps/cipher-ccm.Tpo .deps/cipher-ccm.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-cmac.lo -MD -MP -MF .deps/cipher-cmac.Tpo -c -o cipher-cmac.lo cipher-cmac.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-cmac.lo -MD -MP -MF .deps/cipher-cmac.Tpo -c cipher-cmac.c -fPIC -DPIC -o .libs/cipher-cmac.o mv -f .deps/cipher-cmac.Tpo .deps/cipher-cmac.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-gcm.lo -MD -MP -MF .deps/cipher-gcm.Tpo -c -o cipher-gcm.lo cipher-gcm.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-gcm.lo -MD -MP -MF .deps/cipher-gcm.Tpo -c cipher-gcm.c -fPIC -DPIC -o .libs/cipher-gcm.o mv -f .deps/cipher-gcm.Tpo .deps/cipher-gcm.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-selftest.lo -MD -MP -MF .deps/cipher-selftest.Tpo -c -o cipher-selftest.lo cipher-selftest.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cipher-selftest.lo -MD -MP -MF .deps/cipher-selftest.Tpo -c cipher-selftest.c -fPIC -DPIC -o .libs/cipher-selftest.o mv -f .deps/cipher-selftest.Tpo .deps/cipher-selftest.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT pubkey.lo -MD -MP -MF .deps/pubkey.Tpo -c -o pubkey.lo pubkey.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT pubkey.lo -MD -MP -MF .deps/pubkey.Tpo -c pubkey.c -fPIC -DPIC -o .libs/pubkey.o mv -f .deps/pubkey.Tpo .deps/pubkey.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT pubkey-util.lo -MD -MP -MF .deps/pubkey-util.Tpo -c -o pubkey-util.lo pubkey-util.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT pubkey-util.lo -MD -MP -MF .deps/pubkey-util.Tpo -c pubkey-util.c -fPIC -DPIC -o .libs/pubkey-util.o mv -f .deps/pubkey-util.Tpo .deps/pubkey-util.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT md.lo -MD -MP -MF .deps/md.Tpo -c -o md.lo md.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT md.lo -MD -MP -MF .deps/md.Tpo -c md.c -fPIC -DPIC -o .libs/md.o mv -f .deps/md.Tpo .deps/md.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac.lo -MD -MP -MF .deps/mac.Tpo -c -o mac.lo mac.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac.lo -MD -MP -MF .deps/mac.Tpo -c mac.c -fPIC -DPIC -o .libs/mac.o mv -f .deps/mac.Tpo .deps/mac.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac-hmac.lo -MD -MP -MF .deps/mac-hmac.Tpo -c -o mac-hmac.lo mac-hmac.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac-hmac.lo -MD -MP -MF .deps/mac-hmac.Tpo -c mac-hmac.c -fPIC -DPIC -o .libs/mac-hmac.o mv -f .deps/mac-hmac.Tpo .deps/mac-hmac.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac-cmac.lo -MD -MP -MF .deps/mac-cmac.Tpo -c -o mac-cmac.lo mac-cmac.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac-cmac.lo -MD -MP -MF .deps/mac-cmac.Tpo -c mac-cmac.c -fPIC -DPIC -o .libs/mac-cmac.o mv -f .deps/mac-cmac.Tpo .deps/mac-cmac.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac-gmac.lo -MD -MP -MF .deps/mac-gmac.Tpo -c -o mac-gmac.lo mac-gmac.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mac-gmac.lo -MD -MP -MF .deps/mac-gmac.Tpo -c mac-gmac.c -fPIC -DPIC -o .libs/mac-gmac.o mv -f .deps/mac-gmac.Tpo .deps/mac-gmac.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT kdf.lo -MD -MP -MF .deps/kdf.Tpo -c -o kdf.lo kdf.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT kdf.lo -MD -MP -MF .deps/kdf.Tpo -c kdf.c -fPIC -DPIC -o .libs/kdf.o mv -f .deps/kdf.Tpo .deps/kdf.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hmac-tests.lo -MD -MP -MF .deps/hmac-tests.Tpo -c -o hmac-tests.lo hmac-tests.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hmac-tests.lo -MD -MP -MF .deps/hmac-tests.Tpo -c hmac-tests.c -fPIC -DPIC -o .libs/hmac-tests.o mv -f .deps/hmac-tests.Tpo .deps/hmac-tests.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT primegen.lo -MD -MP -MF .deps/primegen.Tpo -c -o primegen.lo primegen.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT primegen.lo -MD -MP -MF .deps/primegen.Tpo -c primegen.c -fPIC -DPIC -o .libs/primegen.o mv -f .deps/primegen.Tpo .deps/primegen.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hash-common.lo -MD -MP -MF .deps/hash-common.Tpo -c -o hash-common.lo hash-common.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hash-common.lo -MD -MP -MF .deps/hash-common.Tpo -c hash-common.c -fPIC -DPIC -o .libs/hash-common.o hash-common.c:109:11: warning: comparison of array 'hd->buf' equal to a null pointer is always false [-Wtautological-pointer-compare] if (hd->buf == NULL || hd->bwrite == NULL) ~~~~^~~ ~~~~ 1 warning generated. mv -f .deps/hash-common.Tpo .deps/hash-common.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT dsa-common.lo -MD -MP -MF .deps/dsa-common.Tpo -c -o dsa-common.lo dsa-common.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT dsa-common.lo -MD -MP -MF .deps/dsa-common.Tpo -c dsa-common.c -fPIC -DPIC -o .libs/dsa-common.o mv -f .deps/dsa-common.Tpo .deps/dsa-common.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rsa-common.lo -MD -MP -MF .deps/rsa-common.Tpo -c -o rsa-common.lo rsa-common.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rsa-common.lo -MD -MP -MF .deps/rsa-common.Tpo -c rsa-common.c -fPIC -DPIC -o .libs/rsa-common.o mv -f .deps/rsa-common.Tpo .deps/rsa-common.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT arcfour.lo -MD -MP -MF .deps/arcfour.Tpo -c -o arcfour.lo arcfour.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT arcfour.lo -MD -MP -MF .deps/arcfour.Tpo -c arcfour.c -fPIC -DPIC -o .libs/arcfour.o mv -f .deps/arcfour.Tpo .deps/arcfour.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT blowfish.lo -MD -MP -MF .deps/blowfish.Tpo -c -o blowfish.lo blowfish.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT blowfish.lo -MD -MP -MF .deps/blowfish.Tpo -c blowfish.c -fPIC -DPIC -o .libs/blowfish.o mv -f .deps/blowfish.Tpo .deps/blowfish.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cast5.lo -MD -MP -MF .deps/cast5.Tpo -c -o cast5.lo cast5.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT cast5.lo -MD -MP -MF .deps/cast5.Tpo -c cast5.c -fPIC -DPIC -o .libs/cast5.o mv -f .deps/cast5.Tpo .deps/cast5.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT des.lo -MD -MP -MF .deps/des.Tpo -c -o des.lo des.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT des.lo -MD -MP -MF .deps/des.Tpo -c des.c -fPIC -DPIC -o .libs/des.o mv -f .deps/des.Tpo .deps/des.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c -o rijndael.lo rijndael.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c rijndael.c -fPIC -DPIC -o .libs/rijndael.o mv -f .deps/rijndael.Tpo .deps/rijndael.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT twofish.lo -MD -MP -MF .deps/twofish.Tpo -c -o twofish.lo twofish.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT twofish.lo -MD -MP -MF .deps/twofish.Tpo -c twofish.c -fPIC -DPIC -o .libs/twofish.o mv -f .deps/twofish.Tpo .deps/twofish.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT serpent.lo -MD -MP -MF .deps/serpent.Tpo -c -o serpent.lo serpent.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT serpent.lo -MD -MP -MF .deps/serpent.Tpo -c serpent.c -fPIC -DPIC -o .libs/serpent.o mv -f .deps/serpent.Tpo .deps/serpent.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT serpent-avx2-amd64.lo -MD -MP -MF .deps/serpent-avx2-amd64.Tpo -c -o serpent-avx2-amd64.lo serpent-avx2-amd64.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT serpent-avx2-amd64.lo -MD -MP -MF .deps/serpent-avx2-amd64.Tpo -c serpent-avx2-amd64.S -fPIC -DPIC -o .libs/serpent-avx2-amd64.o mv -f .deps/serpent-avx2-amd64.Tpo .deps/serpent-avx2-amd64.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rfc2268.lo -MD -MP -MF .deps/rfc2268.Tpo -c -o rfc2268.lo rfc2268.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rfc2268.lo -MD -MP -MF .deps/rfc2268.Tpo -c rfc2268.c -fPIC -DPIC -o .libs/rfc2268.o mv -f .deps/rfc2268.Tpo .deps/rfc2268.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT seed.lo -MD -MP -MF .deps/seed.Tpo -c -o seed.lo seed.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT seed.lo -MD -MP -MF .deps/seed.Tpo -c seed.c -fPIC -DPIC -o .libs/seed.o mv -f .deps/seed.Tpo .deps/seed.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT camellia.lo -MD -MP -MF .deps/camellia.Tpo -c -o camellia.lo camellia.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT camellia.lo -MD -MP -MF .deps/camellia.Tpo -c camellia.c -fPIC -DPIC -o .libs/camellia.o mv -f .deps/camellia.Tpo .deps/camellia.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT camellia-glue.lo -MD -MP -MF .deps/camellia-glue.Tpo -c -o camellia-glue.lo camellia-glue.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT camellia-glue.lo -MD -MP -MF .deps/camellia-glue.Tpo -c camellia-glue.c -fPIC -DPIC -o .libs/camellia-glue.o mv -f .deps/camellia-glue.Tpo .deps/camellia-glue.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT camellia-aesni-avx-amd64.lo -MD -MP -MF .deps/camellia-aesni-avx-amd64.Tpo -c -o camellia-aesni-avx-amd64.lo camellia-aesni-avx-amd64.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT camellia-aesni-avx-amd64.lo -MD -MP -MF .deps/camellia-aesni-avx-amd64.Tpo -c camellia-aesni-avx-amd64.S -fPIC -DPIC -o .libs/camellia-aesni-avx-amd64.o mv -f .deps/camellia-aesni-avx-amd64.Tpo .deps/camellia-aesni-avx-amd64.Plo /bin/sh ../libtool --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT camellia-aesni-avx2-amd64.lo -MD -MP -MF .deps/camellia-aesni-avx2-amd64.Tpo -c -o camellia-aesni-avx2-amd64.lo camellia-aesni-avx2-amd64.S libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -MT camellia-aesni-avx2-amd64.lo -MD -MP -MF .deps/camellia-aesni-avx2-amd64.Tpo -c camellia-aesni-avx2-amd64.S -fPIC -DPIC -o .libs/camellia-aesni-avx2-amd64.o mv -f .deps/camellia-aesni-avx2-amd64.Tpo .deps/camellia-aesni-avx2-amd64.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT idea.lo -MD -MP -MF .deps/idea.Tpo -c -o idea.lo idea.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT idea.lo -MD -MP -MF .deps/idea.Tpo -c idea.c -fPIC -DPIC -o .libs/idea.o mv -f .deps/idea.Tpo .deps/idea.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT salsa20.lo -MD -MP -MF .deps/salsa20.Tpo -c -o salsa20.lo salsa20.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT salsa20.lo -MD -MP -MF .deps/salsa20.Tpo -c salsa20.c -fPIC -DPIC -o .libs/salsa20.o mv -f .deps/salsa20.Tpo .deps/salsa20.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT gost28147.lo -MD -MP -MF .deps/gost28147.Tpo -c -o gost28147.lo gost28147.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT gost28147.lo -MD -MP -MF .deps/gost28147.Tpo -c gost28147.c -fPIC -DPIC -o .libs/gost28147.o mv -f .deps/gost28147.Tpo .deps/gost28147.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT dsa.lo -MD -MP -MF .deps/dsa.Tpo -c -o dsa.lo dsa.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT dsa.lo -MD -MP -MF .deps/dsa.Tpo -c dsa.c -fPIC -DPIC -o .libs/dsa.o mv -f .deps/dsa.Tpo .deps/dsa.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rsa.lo -MD -MP -MF .deps/rsa.Tpo -c -o rsa.lo rsa.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rsa.lo -MD -MP -MF .deps/rsa.Tpo -c rsa.c -fPIC -DPIC -o .libs/rsa.o mv -f .deps/rsa.Tpo .deps/rsa.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT elgamal.lo -MD -MP -MF .deps/elgamal.Tpo -c -o elgamal.lo elgamal.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT elgamal.lo -MD -MP -MF .deps/elgamal.Tpo -c elgamal.c -fPIC -DPIC -o .libs/elgamal.o mv -f .deps/elgamal.Tpo .deps/elgamal.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc.lo -MD -MP -MF .deps/ecc.Tpo -c -o ecc.lo ecc.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc.lo -MD -MP -MF .deps/ecc.Tpo -c ecc.c -fPIC -DPIC -o .libs/ecc.o mv -f .deps/ecc.Tpo .deps/ecc.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-curves.lo -MD -MP -MF .deps/ecc-curves.Tpo -c -o ecc-curves.lo ecc-curves.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-curves.lo -MD -MP -MF .deps/ecc-curves.Tpo -c ecc-curves.c -fPIC -DPIC -o .libs/ecc-curves.o mv -f .deps/ecc-curves.Tpo .deps/ecc-curves.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-misc.lo -MD -MP -MF .deps/ecc-misc.Tpo -c -o ecc-misc.lo ecc-misc.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-misc.lo -MD -MP -MF .deps/ecc-misc.Tpo -c ecc-misc.c -fPIC -DPIC -o .libs/ecc-misc.o mv -f .deps/ecc-misc.Tpo .deps/ecc-misc.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-ecdsa.lo -MD -MP -MF .deps/ecc-ecdsa.Tpo -c -o ecc-ecdsa.lo ecc-ecdsa.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-ecdsa.lo -MD -MP -MF .deps/ecc-ecdsa.Tpo -c ecc-ecdsa.c -fPIC -DPIC -o .libs/ecc-ecdsa.o mv -f .deps/ecc-ecdsa.Tpo .deps/ecc-ecdsa.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-eddsa.lo -MD -MP -MF .deps/ecc-eddsa.Tpo -c -o ecc-eddsa.lo ecc-eddsa.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-eddsa.lo -MD -MP -MF .deps/ecc-eddsa.Tpo -c ecc-eddsa.c -fPIC -DPIC -o .libs/ecc-eddsa.o mv -f .deps/ecc-eddsa.Tpo .deps/ecc-eddsa.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-gost.lo -MD -MP -MF .deps/ecc-gost.Tpo -c -o ecc-gost.lo ecc-gost.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT ecc-gost.lo -MD -MP -MF .deps/ecc-gost.Tpo -c ecc-gost.c -fPIC -DPIC -o .libs/ecc-gost.o mv -f .deps/ecc-gost.Tpo .deps/ecc-gost.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT crc.lo -MD -MP -MF .deps/crc.Tpo -c -o crc.lo crc.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT crc.lo -MD -MP -MF .deps/crc.Tpo -c crc.c -fPIC -DPIC -o .libs/crc.o mv -f .deps/crc.Tpo .deps/crc.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT gostr3411-94.lo -MD -MP -MF .deps/gostr3411-94.Tpo -c -o gostr3411-94.lo gostr3411-94.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT gostr3411-94.lo -MD -MP -MF .deps/gostr3411-94.Tpo -c gostr3411-94.c -fPIC -DPIC -o .libs/gostr3411-94.o mv -f .deps/gostr3411-94.Tpo .deps/gostr3411-94.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT stribog.lo -MD -MP -MF .deps/stribog.Tpo -c -o stribog.lo stribog.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT stribog.lo -MD -MP -MF .deps/stribog.Tpo -c stribog.c -fPIC -DPIC -o .libs/stribog.o mv -f .deps/stribog.Tpo .deps/stribog.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT md4.lo -MD -MP -MF .deps/md4.Tpo -c -o md4.lo md4.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT md4.lo -MD -MP -MF .deps/md4.Tpo -c md4.c -fPIC -DPIC -o .libs/md4.o mv -f .deps/md4.Tpo .deps/md4.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT md5.lo -MD -MP -MF .deps/md5.Tpo -c -o md5.lo md5.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT md5.lo -MD -MP -MF .deps/md5.Tpo -c md5.c -fPIC -DPIC -o .libs/md5.o mv -f .deps/md5.Tpo .deps/md5.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT sha256.lo -MD -MP -MF .deps/sha256.Tpo -c -o sha256.lo sha256.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT sha256.lo -MD -MP -MF .deps/sha256.Tpo -c sha256.c -fPIC -DPIC -o .libs/sha256.o mv -f .deps/sha256.Tpo .deps/sha256.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT sha512.lo -MD -MP -MF .deps/sha512.Tpo -c -o sha512.lo sha512.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT sha512.lo -MD -MP -MF .deps/sha512.Tpo -c sha512.c -fPIC -DPIC -o .libs/sha512.o mv -f .deps/sha512.Tpo .deps/sha512.Plo `echo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -c ./tiger.c | sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g' ` libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O1 -fvisibility=hidden -Wall -c ./tiger.c -fPIC -DPIC -o .libs/tiger.o /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT whirlpool.lo -MD -MP -MF .deps/whirlpool.Tpo -c -o whirlpool.lo whirlpool.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT whirlpool.lo -MD -MP -MF .deps/whirlpool.Tpo -c whirlpool.c -fPIC -DPIC -o .libs/whirlpool.o mv -f .deps/whirlpool.Tpo .deps/whirlpool.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rmd160.lo -MD -MP -MF .deps/rmd160.Tpo -c -o rmd160.lo rmd160.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rmd160.lo -MD -MP -MF .deps/rmd160.Tpo -c rmd160.c -fPIC -DPIC -o .libs/rmd160.o mv -f .deps/rmd160.Tpo .deps/rmd160.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT sha1.lo -MD -MP -MF .deps/sha1.Tpo -c -o sha1.lo sha1.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT sha1.lo -MD -MP -MF .deps/sha1.Tpo -c sha1.c -fPIC -DPIC -o .libs/sha1.o mv -f .deps/sha1.Tpo .deps/sha1.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT scrypt.lo -MD -MP -MF .deps/scrypt.Tpo -c -o scrypt.lo scrypt.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT scrypt.lo -MD -MP -MF .deps/scrypt.Tpo -c scrypt.c -fPIC -DPIC -o .libs/scrypt.o mv -f .deps/scrypt.Tpo .deps/scrypt.Plo /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -o libcipher.la cipher.lo cipher-cbc.lo cipher-cfb.lo cipher-ofb.lo cipher-ctr.lo cipher-aeswrap.lo cipher-ccm.lo cipher-cmac.lo cipher-gcm.lo cipher-selftest.lo pubkey.lo pubkey-util.lo md.lo mac.lo mac-hmac.lo mac-cmac.lo mac-gmac.lo kdf.lo hmac-tests.lo primegen.lo hash-common.lo dsa-common.lo rsa-common.lo arcfour.lo blowfish.lo cast5.lo des.lo rijndael.lo twofish.lo serpent.lo serpent-avx2-amd64.lo rfc2268.lo seed.lo camellia.lo camellia-glue.lo camellia-aesni-avx-amd64.lo camellia-aesni-avx2-amd64.lo idea.lo salsa20.lo gost28147.lo dsa.lo rsa.lo elgamal.lo ecc.lo ecc-curves.lo ecc-misc.lo ecc-ecdsa.lo ecc-eddsa.lo ecc-gost.lo crc.lo gostr3411-94.lo stribog.lo md4.lo md5.lo sha256.lo sha512.lo tiger.lo whirlpool.lo rmd160.lo sha1.lo scrypt.lo libtool: link: ar cru .libs/libcipher.a .libs/cipher.o .libs/cipher-cbc.o .libs/cipher-cfb.o .libs/cipher-ofb.o .libs/cipher-ctr.o .libs/cipher-aeswrap.o .libs/cipher-ccm.o .libs/cipher-cmac.o .libs/cipher-gcm.o .libs/cipher-selftest.o .libs/pubkey.o .libs/pubkey-util.o .libs/md.o .libs/mac.o .libs/mac-hmac.o .libs/mac-cmac.o .libs/mac-gmac.o .libs/kdf.o .libs/hmac-tests.o .libs/primegen.o .libs/hash-common.o .libs/dsa-common.o .libs/rsa-common.o .libs/arcfour.o .libs/blowfish.o .libs/cast5.o .libs/des.o .libs/rijndael.o .libs/twofish.o .libs/serpent.o .libs/serpent-avx2-amd64.o .libs/rfc2268.o .libs/seed.o .libs/camellia.o .libs/camellia-glue.o .libs/camellia-aesni-avx-amd64.o .libs/camellia-aesni-avx2-amd64.o .libs/idea.o .libs/salsa20.o .libs/gost28147.o .libs/dsa.o .libs/rsa.o .libs/elgamal.o .libs/ecc.o .libs/ecc-curves.o .libs/ecc-misc.o .libs/ecc-ecdsa.o .libs/ecc-eddsa.o .libs/ecc-gost.o .libs/crc.o .libs/gostr3411-94.o .libs/stribog.o .libs/md4.o .libs/md5.o .libs/sha256.o .libs/sha512.o .libs/tiger.o .libs/whirlpool.o .libs/rmd160.o .libs/sha1.o .libs/scrypt.o ar: `u' modifier ignored since `D' is the default (see `U') libtool: link: ranlib .libs/libcipher.a libtool: link: ( cd ".libs" && rm -f "libcipher.la" && ln -s "../libcipher.la" "libcipher.la" ) make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/cipher' Making all in random make[2]: Entering directory '/mnt/libgcrypt-1.6.3/random' /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random.lo -MD -MP -MF .deps/random.Tpo -c -o random.lo random.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random.lo -MD -MP -MF .deps/random.Tpo -c random.c -fPIC -DPIC -o .libs/random.o mv -f .deps/random.Tpo .deps/random.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random-csprng.lo -MD -MP -MF .deps/random-csprng.Tpo -c -o random-csprng.lo random-csprng.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random-csprng.lo -MD -MP -MF .deps/random-csprng.Tpo -c random-csprng.c -fPIC -DPIC -o .libs/random-csprng.o mv -f .deps/random-csprng.Tpo .deps/random-csprng.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random-fips.lo -MD -MP -MF .deps/random-fips.Tpo -c -o random-fips.lo random-fips.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random-fips.lo -MD -MP -MF .deps/random-fips.Tpo -c random-fips.c -fPIC -DPIC -o .libs/random-fips.o mv -f .deps/random-fips.Tpo .deps/random-fips.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random-system.lo -MD -MP -MF .deps/random-system.Tpo -c -o random-system.lo random-system.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random-system.lo -MD -MP -MF .deps/random-system.Tpo -c random-system.c -fPIC -DPIC -o .libs/random-system.o mv -f .deps/random-system.Tpo .deps/random-system.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rndhw.lo -MD -MP -MF .deps/rndhw.Tpo -c -o rndhw.lo rndhw.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rndhw.lo -MD -MP -MF .deps/rndhw.Tpo -c rndhw.c -fPIC -DPIC -o .libs/rndhw.o mv -f .deps/rndhw.Tpo .deps/rndhw.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rndlinux.lo -MD -MP -MF .deps/rndlinux.Tpo -c -o rndlinux.lo rndlinux.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rndlinux.lo -MD -MP -MF .deps/rndlinux.Tpo -c rndlinux.c -fPIC -DPIC -o .libs/rndlinux.o mv -f .deps/rndlinux.Tpo .deps/rndlinux.Plo /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -o librandom.la random.lo random-csprng.lo random-fips.lo random-system.lo rndhw.lo rndlinux.lo libtool: link: ar cru .libs/librandom.a .libs/random.o .libs/random-csprng.o .libs/random-fips.o .libs/random-system.o .libs/rndhw.o .libs/rndlinux.o ar: `u' modifier ignored since `D' is the default (see `U') libtool: link: ranlib .libs/librandom.a libtool: link: ( cd ".libs" && rm -f "librandom.la" && ln -s "../librandom.la" "librandom.la" ) make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/random' Making all in src make[2]: Entering directory '/mnt/libgcrypt-1.6.3/src' /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-visibility.lo -MD -MP -MF .deps/libgcrypt_la-visibility.Tpo -c -o libgcrypt_la-visibility.lo `test -f 'visibility.c' || echo './'`visibility.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-visibility.lo -MD -MP -MF .deps/libgcrypt_la-visibility.Tpo -c visibility.c -fPIC -DPIC -o .libs/libgcrypt_la-visibility.o mv -f .deps/libgcrypt_la-visibility.Tpo .deps/libgcrypt_la-visibility.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-misc.lo -MD -MP -MF .deps/libgcrypt_la-misc.Tpo -c -o libgcrypt_la-misc.lo `test -f 'misc.c' || echo './'`misc.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-misc.lo -MD -MP -MF .deps/libgcrypt_la-misc.Tpo -c misc.c -fPIC -DPIC -o .libs/libgcrypt_la-misc.o mv -f .deps/libgcrypt_la-misc.Tpo .deps/libgcrypt_la-misc.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-global.lo -MD -MP -MF .deps/libgcrypt_la-global.Tpo -c -o libgcrypt_la-global.lo `test -f 'global.c' || echo './'`global.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-global.lo -MD -MP -MF .deps/libgcrypt_la-global.Tpo -c global.c -fPIC -DPIC -o .libs/libgcrypt_la-global.o global.c:587:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 58: /* Init external random test. */ ^ global.c:604:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 59: /* Run external random test. */ ^ global.c:615:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 60: /* Deinit external random test. */ ^ global.c:621:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 61: /* Run external lock test */ ^ global.c:624:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 62: /* RFU */ ^ 5 warnings generated. mv -f .deps/libgcrypt_la-global.Tpo .deps/libgcrypt_la-global.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-sexp.lo -MD -MP -MF .deps/libgcrypt_la-sexp.Tpo -c -o libgcrypt_la-sexp.lo `test -f 'sexp.c' || echo './'`sexp.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-sexp.lo -MD -MP -MF .deps/libgcrypt_la-sexp.Tpo -c sexp.c -fPIC -DPIC -o .libs/libgcrypt_la-sexp.o mv -f .deps/libgcrypt_la-sexp.Tpo .deps/libgcrypt_la-sexp.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-hwfeatures.lo -MD -MP -MF .deps/libgcrypt_la-hwfeatures.Tpo -c -o libgcrypt_la-hwfeatures.lo `test -f 'hwfeatures.c' || echo './'`hwfeatures.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-hwfeatures.lo -MD -MP -MF .deps/libgcrypt_la-hwfeatures.Tpo -c hwfeatures.c -fPIC -DPIC -o .libs/libgcrypt_la-hwfeatures.o mv -f .deps/libgcrypt_la-hwfeatures.Tpo .deps/libgcrypt_la-hwfeatures.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-stdmem.lo -MD -MP -MF .deps/libgcrypt_la-stdmem.Tpo -c -o libgcrypt_la-stdmem.lo `test -f 'stdmem.c' || echo './'`stdmem.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-stdmem.lo -MD -MP -MF .deps/libgcrypt_la-stdmem.Tpo -c stdmem.c -fPIC -DPIC -o .libs/libgcrypt_la-stdmem.o mv -f .deps/libgcrypt_la-stdmem.Tpo .deps/libgcrypt_la-stdmem.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-secmem.lo -MD -MP -MF .deps/libgcrypt_la-secmem.Tpo -c -o libgcrypt_la-secmem.lo `test -f 'secmem.c' || echo './'`secmem.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-secmem.lo -MD -MP -MF .deps/libgcrypt_la-secmem.Tpo -c secmem.c -fPIC -DPIC -o .libs/libgcrypt_la-secmem.o mv -f .deps/libgcrypt_la-secmem.Tpo .deps/libgcrypt_la-secmem.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-missing-string.lo -MD -MP -MF .deps/libgcrypt_la-missing-string.Tpo -c -o libgcrypt_la-missing-string.lo `test -f 'missing-string.c' || echo './'`missing-string.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-missing-string.lo -MD -MP -MF .deps/libgcrypt_la-missing-string.Tpo -c missing-string.c -fPIC -DPIC -o .libs/libgcrypt_la-missing-string.o mv -f .deps/libgcrypt_la-missing-string.Tpo .deps/libgcrypt_la-missing-string.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-fips.lo -MD -MP -MF .deps/libgcrypt_la-fips.Tpo -c -o libgcrypt_la-fips.lo `test -f 'fips.c' || echo './'`fips.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-fips.lo -MD -MP -MF .deps/libgcrypt_la-fips.Tpo -c fips.c -fPIC -DPIC -o .libs/libgcrypt_la-fips.o mv -f .deps/libgcrypt_la-fips.Tpo .deps/libgcrypt_la-fips.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-hmac256.lo -MD -MP -MF .deps/libgcrypt_la-hmac256.Tpo -c -o libgcrypt_la-hmac256.lo `test -f 'hmac256.c' || echo './'`hmac256.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-hmac256.lo -MD -MP -MF .deps/libgcrypt_la-hmac256.Tpo -c hmac256.c -fPIC -DPIC -o .libs/libgcrypt_la-hmac256.o mv -f .deps/libgcrypt_la-hmac256.Tpo .deps/libgcrypt_la-hmac256.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-context.lo -MD -MP -MF .deps/libgcrypt_la-context.Tpo -c -o libgcrypt_la-context.lo `test -f 'context.c' || echo './'`context.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-context.lo -MD -MP -MF .deps/libgcrypt_la-context.Tpo -c context.c -fPIC -DPIC -o .libs/libgcrypt_la-context.o mv -f .deps/libgcrypt_la-context.Tpo .deps/libgcrypt_la-context.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-ath.lo -MD -MP -MF .deps/libgcrypt_la-ath.Tpo -c -o libgcrypt_la-ath.lo `test -f 'ath.c' || echo './'`ath.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-ath.lo -MD -MP -MF .deps/libgcrypt_la-ath.Tpo -c ath.c -fPIC -DPIC -o .libs/libgcrypt_la-ath.o mv -f .deps/libgcrypt_la-ath.Tpo .deps/libgcrypt_la-ath.Plo /bin/sh ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT hwf-x86.lo -MD -MP -MF .deps/hwf-x86.Tpo -c -o hwf-x86.lo hwf-x86.c libtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT hwf-x86.lo -MD -MP -MF .deps/hwf-x86.Tpo -c hwf-x86.c -fPIC -DPIC -o .libs/hwf-x86.o mv -f .deps/hwf-x86.Tpo .deps/hwf-x86.Plo /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -Wl,--version-script=./libgcrypt.vers -version-info 20:3:0 -o libgcrypt.la -rpath /usr/local/lib libgcrypt_la-visibility.lo libgcrypt_la-misc.lo libgcrypt_la-global.lo libgcrypt_la-sexp.lo libgcrypt_la-hwfeatures.lo libgcrypt_la-stdmem.lo libgcrypt_la-secmem.lo libgcrypt_la-missing-string.lo libgcrypt_la-fips.lo libgcrypt_la-hmac256.lo libgcrypt_la-context.lo libgcrypt_la-ath.lo hwf-x86.lo ../cipher/libcipher.la ../random/librandom.la ../mpi/libmpi.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -shared -fPIC -DPIC .libs/libgcrypt_la-visibility.o .libs/libgcrypt_la-misc.o .libs/libgcrypt_la-global.o .libs/libgcrypt_la-sexp.o .libs/libgcrypt_la-hwfeatures.o .libs/libgcrypt_la-stdmem.o .libs/libgcrypt_la-secmem.o .libs/libgcrypt_la-missing-string.o .libs/libgcrypt_la-fips.o .libs/libgcrypt_la-hmac256.o .libs/libgcrypt_la-context.o .libs/libgcrypt_la-ath.o .libs/hwf-x86.o -Wl,--whole-archive ../cipher/.libs/libcipher.a ../random/.libs/librandom.a ../mpi/.libs/libmpi.a ../compat/.libs/libcompat.a -Wl,--no-whole-archive -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -O2 -Wl,--version-script=./libgcrypt.vers -Wl,-soname -Wl,libgcrypt.so.20 -o .libs/libgcrypt.so.20.0.3 libtool: link: (cd ".libs" && rm -f "libgcrypt.so.20" && ln -s "libgcrypt.so.20.0.3" "libgcrypt.so.20") libtool: link: (cd ".libs" && rm -f "libgcrypt.so" && ln -s "libgcrypt.so.20.0.3" "libgcrypt.so") libtool: link: ( cd ".libs" && rm -f "libgcrypt.la" && ln -s "../libgcrypt.la" "libgcrypt.la" ) clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT dumpsexp-dumpsexp.o -MD -MP -MF .deps/dumpsexp-dumpsexp.Tpo -c -o dumpsexp-dumpsexp.o `test -f 'dumpsexp.c' || echo './'`dumpsexp.c mv -f .deps/dumpsexp-dumpsexp.Tpo .deps/dumpsexp-dumpsexp.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -o dumpsexp dumpsexp-dumpsexp.o libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o dumpsexp dumpsexp-dumpsexp.o clang-3.7 -DHAVE_CONFIG_H -I. -I.. -DSTANDALONE -g -O2 -fvisibility=hidden -Wall -MT hmac256-hmac256.o -MD -MP -MF .deps/hmac256-hmac256.Tpo -c -o hmac256-hmac256.o `test -f 'hmac256.c' || echo './'`hmac256.c mv -f .deps/hmac256-hmac256.Tpo .deps/hmac256-hmac256.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -DSTANDALONE -g -O2 -fvisibility=hidden -Wall -o hmac256 hmac256-hmac256.o libtool: link: clang-3.7 -DSTANDALONE -g -O2 -fvisibility=hidden -Wall -o hmac256 hmac256-hmac256.o clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT mpicalc-mpicalc.o -MD -MP -MF .deps/mpicalc-mpicalc.Tpo -c -o mpicalc-mpicalc.o `test -f 'mpicalc.c' || echo './'`mpicalc.c mv -f .deps/mpicalc-mpicalc.Tpo .deps/mpicalc-mpicalc.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -o mpicalc mpicalc-mpicalc.o libgcrypt.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o .libs/mpicalc mpicalc-mpicalc.o ./.libs/libgcrypt.so -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/src' Making all in doc make[2]: Entering directory '/mnt/libgcrypt-1.6.3/doc' make all-am make[3]: Entering directory '/mnt/libgcrypt-1.6.3/doc' clang-3.7 -o yat2m ./yat2m.c for file in gcrypt.texi ; do \ ./yat2m -I . --release "Libgcrypt 1.6.3" --source "Libgcrypt" --store \ `test -f '$file' || echo './'`$file ; done yat2m: writing 'hmac256.1' make[3]: Leaving directory '/mnt/libgcrypt-1.6.3/doc' make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/doc' Making all in tests make[2]: Entering directory '/mnt/libgcrypt-1.6.3/tests' clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT version.o -MD -MP -MF .deps/version.Tpo -c -o version.o version.c mv -f .deps/version.Tpo .deps/version.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o version version.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o version version.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT mpitests.o -MD -MP -MF .deps/mpitests.Tpo -c -o mpitests.o mpitests.c mv -f .deps/mpitests.Tpo .deps/mpitests.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o mpitests mpitests.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o mpitests mpitests.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT tsexp.o -MD -MP -MF .deps/tsexp.Tpo -c -o tsexp.o tsexp.c mv -f .deps/tsexp.Tpo .deps/tsexp.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o tsexp tsexp.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o tsexp tsexp.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT t-convert.o -MD -MP -MF .deps/t-convert.Tpo -c -o t-convert.o t-convert.c mv -f .deps/t-convert.Tpo .deps/t-convert.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o t-convert t-convert.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o t-convert t-convert.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT t-mpi-bit.o -MD -MP -MF .deps/t-mpi-bit.Tpo -c -o t-mpi-bit.o t-mpi-bit.c mv -f .deps/t-mpi-bit.Tpo .deps/t-mpi-bit.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o t-mpi-bit t-mpi-bit.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o t-mpi-bit t-mpi-bit.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT t-mpi-point.o -MD -MP -MF .deps/t-mpi-point.Tpo -c -o t-mpi-point.o t-mpi-point.c mv -f .deps/t-mpi-point.Tpo .deps/t-mpi-point.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o t-mpi-point t-mpi-point.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o t-mpi-point t-mpi-point.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT curves.o -MD -MP -MF .deps/curves.Tpo -c -o curves.o curves.c mv -f .deps/curves.Tpo .deps/curves.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o curves curves.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o curves curves.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT t-lock.o -MD -MP -MF .deps/t-lock.Tpo -c -o t-lock.o t-lock.c mv -f .deps/t-lock.Tpo .deps/t-lock.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o t-lock t-lock.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error -lpthread libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o t-lock t-lock.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -lpthread -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT prime.o -MD -MP -MF .deps/prime.Tpo -c -o prime.o prime.c mv -f .deps/prime.Tpo .deps/prime.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o prime prime.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o prime prime.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT basic.o -MD -MP -MF .deps/basic.Tpo -c -o basic.o basic.c basic.c:5632:7: warning: variable 'pkey' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ basic.c:5638:33: note: uninitialized use occurs here do_check_one_pubkey (n, skey, pkey, ^~~~ basic.c:5632:3: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ basic.c:5628:25: note: initialize the variable 'pkey' to silence this warning gcry_sexp_t skey, pkey; ^ = NULL ^[1 warning generated. mv -f .deps/basic.Tpo .deps/basic.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o basic basic.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o basic basic.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT keygen.o -MD -MP -MF .deps/keygen.Tpo -c -o keygen.o keygen.c mv -f .deps/keygen.Tpo .deps/keygen.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o keygen keygen.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o keygen keygen.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT pubkey.o -MD -MP -MF .deps/pubkey.Tpo -c -o pubkey.o pubkey.c pubkey.c:341:7: warning: variable 'sec_key' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!rc) ^~~ pubkey.c:347:11: note: uninitialized use occurs here *skey = sec_key; ^~~~~~~ pubkey.c:341:3: note: remove the 'if' if its condition is always true if (!rc) ^~~~~~~~ pubkey.c:326:31: note: initialize the variable 'sec_key' to silence this warning gcry_sexp_t pub_key, sec_key; ^ = NULL 1 warning generated. mv -f .deps/pubkey.Tpo .deps/pubkey.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o pubkey pubkey.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o pubkey pubkey.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hmac.o -MD -MP -MF .deps/hmac.Tpo -c -o hmac.o hmac.c mv -f .deps/hmac.Tpo .deps/hmac.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o hmac hmac.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o hmac hmac.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hashtest.o -MD -MP -MF .deps/hashtest.Tpo -c -o hashtest.o hashtest.c mv -f .deps/hashtest.Tpo .deps/hashtest.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o hashtest hashtest.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o hashtest hashtest.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT t-kdf.o -MD -MP -MF .deps/t-kdf.Tpo -c -o t-kdf.o t-kdf.c mv -f .deps/t-kdf.Tpo .deps/t-kdf.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o t-kdf t-kdf.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o t-kdf t-kdf.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT keygrip.o -MD -MP -MF .deps/keygrip.Tpo -c -o keygrip.o keygrip.c mv -f .deps/keygrip.Tpo .deps/keygrip.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o keygrip keygrip.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o keygrip keygrip.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT fips186-dsa.o -MD -MP -MF .deps/fips186-dsa.Tpo -c -o fips186-dsa.o fips186-dsa.c mv -f .deps/fips186-dsa.Tpo .deps/fips186-dsa.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o fips186-dsa fips186-dsa.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o fips186-dsa fips186-dsa.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT aeswrap.o -MD -MP -MF .deps/aeswrap.Tpo -c -o aeswrap.o aeswrap.c mv -f .deps/aeswrap.Tpo .deps/aeswrap.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o aeswrap aeswrap.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o aeswrap aeswrap.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT pkcs1v2.o -MD -MP -MF .deps/pkcs1v2.Tpo -c -o pkcs1v2.o pkcs1v2.c mv -f .deps/pkcs1v2.Tpo .deps/pkcs1v2.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o pkcs1v2 pkcs1v2.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o pkcs1v2 pkcs1v2.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT random.o -MD -MP -MF .deps/random.Tpo -c -o random.o random.c mv -f .deps/random.Tpo .deps/random.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o random random.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o random random.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT dsa-rfc6979.o -MD -MP -MF .deps/dsa-rfc6979.Tpo -c -o dsa-rfc6979.o dsa-rfc6979.c mv -f .deps/dsa-rfc6979.Tpo .deps/dsa-rfc6979.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o dsa-rfc6979 dsa-rfc6979.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o dsa-rfc6979 dsa-rfc6979.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT t-ed25519.o -MD -MP -MF .deps/t-ed25519.Tpo -c -o t-ed25519.o t-ed25519.c mv -f .deps/t-ed25519.Tpo .deps/t-ed25519.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o t-ed25519 t-ed25519.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o t-ed25519 t-ed25519.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT benchmark.o -MD -MP -MF .deps/benchmark.Tpo -c -o benchmark.o benchmark.c mv -f .deps/benchmark.Tpo .deps/benchmark.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o benchmark benchmark.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o benchmark benchmark.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT bench-slope.o -MD -MP -MF .deps/bench-slope.Tpo -c -o bench-slope.o bench-slope.c mv -f .deps/bench-slope.Tpo .deps/bench-slope.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o bench-slope bench-slope.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o bench-slope bench-slope.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT fipsdrv.o -MD -MP -MF .deps/fipsdrv.Tpo -c -o fipsdrv.o fipsdrv.c fipsdrv.c:752:7: warning: variable 's_sig' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ fipsdrv.c:760:10: note: uninitialized use occurs here return s_sig; ^~~~~ fipsdrv.c:752:3: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ fipsdrv.c:741:20: note: initialize the variable 's_sig' to silence this warning gcry_sexp_t s_sig; ^ = NULL fipsdrv.c:1299:7: warning: variable 's_keyspec' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] if (!datalen) ^~~~~~~~ fipsdrv.c:1307:33: note: uninitialized use occurs here err = gcry_pk_genkey (&s_key, s_keyspec); ^~~~~~~~~ fipsdrv.c:1299:3: note: remove the 'if' if its condition is always false if (!datalen) ^~~~~~~~~~~~~ fipsdrv.c:1294:24: note: initialize the variable 's_keyspec' to silence this warning gcry_sexp_t s_keyspec, s_key, s_top, l1; ^ = NULL fipsdrv.c:1558:11: warning: variable 's_data' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ fipsdrv.c:1571:31: note: uninitialized use occurs here err = gcry_pk_sign (&s_sig, s_data, s_key); ^~~~~~ fipsdrv.c:1558:7: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ fipsdrv.c:1533:21: note: initialize the variable 's_data' to silence this warning gcry_sexp_t s_data, s_key, s_sig, s_tmp; ^ = NULL fipsdrv.c:1645:11: warning: variable 's_data' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ fipsdrv.c:1660:32: note: uninitialized use occurs here err = gcry_pk_verify (s_sig, s_data, s_key); ^~~~~~ fipsdrv.c:1645:7: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ fipsdrv.c:1624:21: note: initialize the variable 's_data' to silence this warning gcry_sexp_t s_data, s_key, s_sig; ^ = NULL fipsdrv.c:1757:43: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] l2 = gcry_sexp_find_token (l1, "pqg"+idx, 1); ~~~~~^~~~ fipsdrv.c:1757:43: note: use array indexing to silence this warning l2 = gcry_sexp_find_token (l1, "pqg"+idx, 1); ^ & [ ] fipsdrv.c:1880:7: warning: variable 's_data' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ fipsdrv.c:1892:31: note: uninitialized use occurs here err = gcry_pk_sign (&s_sig, s_data, s_key); ^~~~~~ fipsdrv.c:1880:3: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ fipsdrv.c:1874:21: note: initialize the variable 's_data' to silence this warning gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2; ^ = NULL fipsdrv.c:1974:7: warning: variable 's_data' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ fipsdrv.c:1987:32: note: uninitialized use occurs here err = gcry_pk_verify (s_sig, s_data, s_key); ^~~~~~ fipsdrv.c:1974:3: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ fipsdrv.c:1966:21: note: initialize the variable 's_data' to silence this warning gcry_sexp_t s_data, s_key, s_sig; ^ = NULL 7 warnings generated. mv -f .deps/fipsdrv.Tpo .deps/fipsdrv.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o fipsdrv fipsdrv.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o fipsdrv fipsdrv.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT rsacvt.o -MD -MP -MF .deps/rsacvt.Tpo -c -o rsacvt.o rsacvt.c mv -f .deps/rsacvt.Tpo .deps/rsacvt.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o rsacvt rsacvt.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o rsacvt rsacvt.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT genhashdata.o -MD -MP -MF .deps/genhashdata.Tpo -c -o genhashdata.o genhashdata.c mv -f .deps/genhashdata.Tpo .deps/genhashdata.Po /bin/sh ../libtool --tag=CC --mode=link clang-3.7 -g -O2 -fvisibility=hidden -Wall -no-install -o genhashdata genhashdata.o ../src/libgcrypt.la ../compat/libcompat.la -L/usr/lib/i386-linux-gnu -lgpg-error libtool: link: clang-3.7 -g -O2 -fvisibility=hidden -Wall -o genhashdata genhashdata.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a -L/usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/libgpg-error.so -Wl,-rpath -Wl,/mnt/libgcrypt-1.6.3/src/.libs make[2]: Leaving directory '/mnt/libgcrypt-1.6.3/tests' make[2]: Entering directory '/mnt/libgcrypt-1.6.3' make[2]: Leaving directory '/mnt/libgcrypt-1.6.3' make[1]: Leaving directory '/mnt/libgcrypt-1.6.3' -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part URL: From paulepanter at users.sourceforge.net Sat Apr 11 10:29:48 2015 From: paulepanter at users.sourceforge.net (Paul Menzel) Date: Sat, 11 Apr 2015 10:29:48 +0200 Subject: [PATCH] cipher/rijndael.c: Cast loop variable to unsigned in comparison In-Reply-To: <1428740094.2456.48.camel@users.sourceforge.net> References: <1428740094.2456.48.camel@users.sourceforge.net> Message-ID: <1428740988.2456.57.camel@users.sourceforge.net> Date: Sat, 11 Apr 2015 08:38:47 +0200 Currently, building GRUB, Clang 3.7 warns about a comparison of integers of different size. clang-3.7 -DHAVE_CONFIG_H -I. -I.. -Wall -W -DGRUB_MACHINE_COREBOOT=1 -DGRUB_MACHINE=I386_COREBOOT -m32 -msoft-float -Xclang -msoft-float -Xclang -no-implicit-float -nostdinc -isystem /usr/lib/llvm-3.7/bin/../lib/clang/3.7.0/include -I../include -I../include -DGRUB_FILE=\"lib/libgcrypt-grub/cipher/rijndael.c\" -I. -I. -I.. -I.. -I../include -I../include -I../grub-core/lib/libgcrypt-grub/src/ -I../grub-core/lib/libgcrypt_wrap -I../grub-core/lib/posix_wrap -D_GCRYPT_IN_LIBGCRYPT=1 -I../include/grub/gcrypt -D_FILE_OFFSET_BITS=64 -Os -Wall -W -Wshadow -Wpointer-arith -Wundef -Wchar-subscripts -Wcomment -Wdeprecated-declarations -Wdisabled-optimization -Wdiv-by-zero -Wfloat-equal -Wformat-extra-args -Wformat-security -Wformat-y2k -Wimplicit -Wimplicit-function-declaration -Wimplicit-int -Wmain -Wmissing-braces -Wmissing-format-attribute -Wmultichar -Wparentheses -Wreturn-type -Wsequence-point -Wshadow -Wsign-compare -Wswitch -Wtrigraphs -Wunknown-pragmas -Wunused -Wunused-function -Wunused-label -Wunused-parameter -Wunused-value -Wunused-variable -Wwrite-strings -Wnested-externs -Wstrict-prototypes -g -Wredundant-decls -Wmissing-prototypes -Wmissing-declarations -Wextra -Wattributes -Wendif-labels -Winit-self -Wint-to-pointer-cast -Winvalid-pch -Wmissing-field-initializers -Wnonnull -Woverflow -Wvla -Wpointer-to-int-cast -Wstrict-aliasing -Wvariadic-macros -Wvolatile-register-var -Wpointer-sign -Wmissing-include-dirs -Wmissing-prototypes -Wmissing-declarations -Wformat=2 -march=i386 -m32 -malign-jumps=1 -malign-loops=1 -malign-functions=1 -freg-struct-return -mno-mmx -mno-sse -mno-sse2 -mno-3dnow -fno-dwarf2-cfi-asm -fno-asynchronous-unwind-tables -fno-stack-protector -Werror -ffreestanding -Wno-error -Wno-missing-field-initializers -Wno-redundant-decls -Wno-undef -fno-builtin -Wno-cast-align -MT lib/libgcrypt-grub/cipher/gcry_rijndael_module-rijndael.o -MD -MP -MF lib/libgcrypt-grub/cipher/.deps-core/gcry_rijndael_module-rijndael.Tpo -c -o lib/libgcrypt-grub/cipher/gcry_rijndael_module-rijndael.o `test -f 'lib/libgcrypt-grub/cipher/rijndael.c' || echo './'`lib/libgcrypt-grub/cipher/rijndael.c lib/libgcrypt-grub/cipher/rijndael.c:352:21: warning: comparison of integers of different signs: 'int' and 'const unsigned int' [-Wsign-compare] for (i = 0; i < keylen; i++) ~ ^ ~~~~~~ 1 warning generated. Address the warning by casting the loop variable `i` to unsigned in the comparison. Signed-off-by: Paul Menzel --- For some reason this warning is not shown when building Libgrypt 1.6.3 directly. But I did not investigate further. cipher/rijndael.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 8019f0a..b36f687 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -578,7 +578,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) #define k k.data #define tk tk.data #define W (ctx->keyschenc) - for (i = 0; i < keylen; i++) + for (i = 0; (unsigned) i < keylen; i++) { k[i >> 2][i & 3] = key[i]; } -- 2.1.4 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part URL: From paulepanter at users.sourceforge.net Sat Apr 11 10:39:45 2015 From: paulepanter at users.sourceforge.net (Paul Menzel) Date: Sat, 11 Apr 2015 10:39:45 +0200 Subject: Result from Clang 3.7 static analyzer In-Reply-To: <1428740094.2456.48.camel@users.sourceforge.net> References: <1428740094.2456.48.camel@users.sourceforge.net> Message-ID: <1428741585.2456.62.camel@users.sourceforge.net> Dear Libgrypt developers, Am Samstag, den 11.04.2015, 10:14 +0200 schrieb Paul Menzel: > with Debian Sid/unstable I installed the package `clang-3.7` and build > Libgrypt 1.6.3 with it. [?] please find the compressed report of the Clang static analyzer scan-build attached. $ ./configure [?] $ scan-build-3.7 -o sb make -j [?] $ scan-view-3.7 sb/2015-04-11-102006-4869-1 You can access the HTML pages individually or use a HTTP server to browse them more easily. The program `scan-view` will start such a HTTP server and server the pages on http://127.0.0.1:8181. Thanks, Paul -------------- next part -------------- A non-text attachment was scrubbed... Name: scan-build-2015-04-11.7z Type: application/x-7z-compressed Size: 345297 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part URL: From wk at gnupg.org Sat Apr 11 14:59:21 2015 From: wk at gnupg.org (Werner Koch) Date: Sat, 11 Apr 2015 14:59:21 +0200 Subject: [PATCH] cipher/rijndael.c: Cast loop variable to unsigned in comparison In-Reply-To: <1428740988.2456.57.camel@users.sourceforge.net> (Paul Menzel's message of "Sat, 11 Apr 2015 10:29:48 +0200") References: <1428740094.2456.48.camel@users.sourceforge.net> <1428740988.2456.57.camel@users.sourceforge.net> Message-ID: <87k2xiom6u.fsf@vigenere.g10code.de> On Sat, 11 Apr 2015 10:29, paulepanter at users.sourceforge.net said: > lib/libgcrypt-grub/cipher/rijndael.c:352:21: warning: comparison of integers of different signs: 'int' and 'const unsigned int' > [-Wsign-compare] > for (i = 0; i < keylen; i++) > ~ ^ ~~~~~~ > 1 warning generated. > > Address the warning by casting the loop variable `i` to unsigned in the > comparison. That won't work. In any case this is not a problem because the range of these variables is very limited and way below wrapping around. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Sat Apr 11 14:57:02 2015 From: wk at gnupg.org (Werner Koch) Date: Sat, 11 Apr 2015 14:57:02 +0200 Subject: Warnings from Clang 3.7 In-Reply-To: <1428740094.2456.48.camel@users.sourceforge.net> (Paul Menzel's message of "Sat, 11 Apr 2015 10:14:55 +0200") References: <1428740094.2456.48.camel@users.sourceforge.net> Message-ID: <87oamuomap.fsf@vigenere.g10code.de> On Sat, 11 Apr 2015 10:14, paulepanter at users.sourceforge.net said: > Clang 3.7 reports some warnings. Are these expected? If not, could you I recently spend a lot of time with the STACK utility to make the code more robust. Backporting these changes is not necessary justified. This if you want the latest code please use git master. > fipsdrv.c:752:7: warning: variable 's_sig' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] This is in the regression test suite and in particular this program is not actually used. Salam-Shalom, Werner p.s. Over-optimizing compilers are a PITA and a major security risk -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From paulepanter at users.sourceforge.net Sat Apr 11 22:18:38 2015 From: paulepanter at users.sourceforge.net (Paul Menzel) Date: Sat, 11 Apr 2015 22:18:38 +0200 Subject: Warnings from Clang 3.7 In-Reply-To: <87oamuomap.fsf@vigenere.g10code.de> References: <1428740094.2456.48.camel@users.sourceforge.net> <87oamuomap.fsf@vigenere.g10code.de> Message-ID: <1428783518.17111.17.camel@users.sourceforge.net> Dear Werner, Thank you for the quick reply! Am Samstag, den 11.04.2015, 14:57 +0200 schrieb Werner Koch: > On Sat, 11 Apr 2015 10:14, paulepanter at users.sourceforge.net said: > > > Clang 3.7 reports some warnings. Are these expected? If not, could you > > I recently spend a lot of time with the STACK utility to make the code > more robust. Could you please give me an URL to that utility? Searching with the keywords *stack* and *utility* does not give any useful results. > Backporting these changes is not necessary justified. Agreed. > This if you want the latest code please use git master. Ah, I didn?t know about the official Git repository. The search engine had the page at the Free Software Directory [1] sorted at the top. This seems outdated as it shows Libgrypt 1.6.2 as the latest release and lists a CVS command to get a VCS checkout. -d :pserver:anoncvs at cvs.gnupg.org:/cvs/gnupg And on the ?official? site [2], I overread it in the sentence. Development versions are available at ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/. To access the GIT repository you may use this command: "git clone git://git.gnupg.org/libgcrypt.git" I think I was distracted, because clicking on the FTP URL gives an error, that the directory does not exist. Could you please also add a link to the Gitweb installation to browse the repository online. Lastly, on the Gitweb page [1], it?d be great to have the clone URL listed. With commit a06fbc0 (wipememory: use one-byte aligned type for unaligned memory accesses), Clang 3.7 shows the following warnings. $ CC=clang-3.7 ./configure --disable-bindings --disable-doc $ CC=clang-3.7 make -j 6 [?] /bin/bash ../libtool --tag=CC --mode=compile clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT primegen.lo -MD -MP -MF .deps/primegen.Tpo -c -o primegen.lo primegen.c poly1305.c:351:29: warning: unused variable 'poly1305_default_ops' [-Wunused-const-variable] static const poly1305_ops_t poly1305_default_ops = { ^ [?] liblibtool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-hwfeatures.lo -MD -MP -MF .deps/libgcrypt_la-hwfeatures.Tpo -c hwfeatures.c -fPIC -DPIC -o .libs/libgcrypt_la-hwfeatures.o global.c:578:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 58: /* Init external random test. */ ^ global.c:595:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 59: /* Run external random test. */ ^ global.c:606:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 60: /* Deinit external random test. */ ^ global.c:612:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 61: /* Run external lock test */ ^ global.c:615:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 62: /* RFU */ ^tool: compile: clang-3.7 -DHAVE_CONFIG_H -I. -I.. -g -O2 -fvisibility=hidden -Wall -MT libgcrypt_la-hwfeatures.lo -MD -MP -MF .deps/libgcrypt_la-hwfeatures.Tpo -c hwfeatures.c -fPIC -DPIC -o .libs/libgcrypt_la-hwfeatures.o global.c:578:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 58: /* Init external random test. */ ^ global.c:595:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 59: /* Run external random test. */ ^ global.c:606:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 60: /* Deinit external random test. */ ^ global.c:612:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 61: /* Run external lock test */ ^ global.c:615:10: warning: case value not in enumerated type 'enum gcry_ctl_cmds' [-Wswitch] case 62: /* RFU */ ^ [?] clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hmac.o -MD -MP -MF .deps/hmac.Tpo -c -o hmac.o hmac.c basic.c:7170:7: warning: variable 'pkey' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!err) ^~~~ basic.c:7176:33: note: uninitialized use occurs here do_check_one_pubkey (n, skey, pkey, ^~~~ basic.c:7170:3: note: remove the 'if' if its condition is always true if (!err) ^~~~~~~~~ basic.c:7166:25: note: initialize the variable 'pkey' to silence this warning gcry_sexp_t skey, pkey; ^ = NULL mv -f .deps/t-sexp.Tpo .deps/t-sexp.Po clang-3.7 -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -O2 -fvisibility=hidden -Wall -MT hashtest.o -MD -MP -MF .deps/hashtest.Tpo -c -o hashtest.o hashtest.c pubkey.c:341:7: warning: variable 'sec_key' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] if (!rc) ^~~ pubkey.c:347:11: note: uninitialized use occurs here *skey = sec_key; ^~~~~~~ pubkey.c:341:3: note: remove the 'if' if its condition is always true if (!rc) ^~~~~~~~ pubkey.c:326:31: note: initialize the variable 'sec_key' to silence this warning gcry_sexp_t pub_key, sec_key; ^ = NULL mv -f .deps/t-mpi-point.Tpo .deps/t-mpi-point.Po [?] > > fipsdrv.c:752:7: warning: variable 's_sig' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] > > This is in the regression test suite and in particular this program is > not actually used. I see. I don?t paste the warnings in here then. Should the file then be removed from the repository? Thanks, Paul [1] http://directory.fsf.org/wiki/Libgcrypt [2] https://www.gnu.org/software/libgcrypt/ [3] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=summary -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part URL: From cvs at cvs.gnupg.org Sun Apr 12 19:52:22 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 12 Apr 2015 19:52:22 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-182-g6e31a28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6e31a2805c5e808fe50a0c2529823f6501db2d38 (commit) from a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e31a2805c5e808fe50a0c2529823f6501db2d38 Author: Werner Koch Date: Sun Apr 12 19:50:49 2015 +0200 Add git url to AUTHORS -- diff --git a/AUTHORS b/AUTHORS index e186a48..1e34aed 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,7 +1,9 @@ Library: Libgcrypt Homepage: http://www.gnu.org/software/libgcrypt/ +Download: ftp://ftp.gnupg.org/gcrypt/libgcrypt/ +Repository: git://git.gnupg.org/libgcrypt.git Maintainer: Werner Koch -Bug reports: http://bugs.gnupg.org +Bug reports: https://bugs.gnupg.org Security related bug reports: License (library): LGPLv2.1+ License (manual and tools): GPLv2+ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Sun Apr 12 19:50:15 2015 From: wk at gnupg.org (Werner Koch) Date: Sun, 12 Apr 2015 19:50:15 +0200 Subject: Warnings from Clang 3.7 In-Reply-To: <1428783518.17111.17.camel@users.sourceforge.net> (Paul Menzel's message of "Sat, 11 Apr 2015 22:18:38 +0200") References: <1428740094.2456.48.camel@users.sourceforge.net> <87oamuomap.fsf@vigenere.g10code.de> <1428783518.17111.17.camel@users.sourceforge.net> Message-ID: <87zj6dkzhk.fsf@vigenere.g10code.de> On Sat, 11 Apr 2015 22:18, paulepanter at users.sourceforge.net said: >> This if you want the latest code please use git master. > > Ah, I didn?t know about the official Git repository. The search engine Thanks for noting that. I just added a long to the AUTHORS file. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Mon Apr 13 17:19:09 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 17:19:09 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-183-g9fca468 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9fca46864e1b5a9c788072113589454adb89fa97 (commit) from 6e31a2805c5e808fe50a0c2529823f6501db2d38 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9fca46864e1b5a9c788072113589454adb89fa97 Author: Werner Koch Date: Mon Apr 13 11:48:33 2015 +0200 mpi: Fix gcry_mpi_copy for NULL opaque data. * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed. -- gcry_mpi_set_opaque allows to store NULL as opaque data. Thus we also need to take care when copying such data. Signed-off-by: Werner Koch diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index fbbd3b4..71b3f1c 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -343,7 +343,8 @@ _gcry_mpi_copy (gcry_mpi_t a) if( a && (a->flags & 4) ) { void *p = _gcry_is_secure(a->d)? xmalloc_secure ((a->sign+7)/8) : xmalloc ((a->sign+7)/8); - memcpy( p, a->d, (a->sign+7)/8 ); + if (a->d) + memcpy( p, a->d, (a->sign+7)/8 ); b = mpi_set_opaque( NULL, p, a->sign ); b->flags &= ~(16|32); /* Reset the immutable and constant flags. */ } ----------------------------------------------------------------------- Summary of changes: mpi/mpiutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Apr 13 19:24:04 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Apr 2015 19:24:04 +0200 Subject: Warnings from Clang 3.7 In-Reply-To: <87zj6dkzhk.fsf@vigenere.g10code.de> (Werner Koch's message of "Sun, 12 Apr 2015 19:50:15 +0200") References: <1428740094.2456.48.camel@users.sourceforge.net> <87oamuomap.fsf@vigenere.g10code.de> <1428783518.17111.17.camel@users.sourceforge.net> <87zj6dkzhk.fsf@vigenere.g10code.de> Message-ID: <87h9skhrgr.fsf@vigenere.g10code.de> On Sun, 12 Apr 2015 19:50, wk at gnupg.org said: > Thanks for noting that. I just added a long to the AUTHORS file. Huh? I meant: pointer to the git repo to the AUTHORS file. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From tsoome at me.com Mon Apr 13 19:31:24 2015 From: tsoome at me.com (Toomas Soome) Date: Mon, 13 Apr 2015 20:31:24 +0300 Subject: signed/unsigned compare in cipher/rijndael.c Message-ID: <624913B5-CD72-45E8-A8F3-8FE02BF96B6D@me.com> hi! do_setkey() in cipher/rijndael.c has argument unsigned keylen which is compared in for loop with int i - and making compilers to spit warning about comparing signed with unsigned. since i is only used in this loop (line #350) and using positive values, its safe to declare i as unsigned as well (line #217). could you please fix it?:) rgds, toomas From cvs at cvs.gnupg.org Wed Apr 15 12:36:46 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Apr 2015 12:36:46 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-185-gfe38d38 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fe38d3815b4cd203cd529949e244aca80d32897f (commit) via 3b03a3b493233a472da531d8d9582d1be6d376b0 (commit) from 9fca46864e1b5a9c788072113589454adb89fa97 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe38d3815b4cd203cd529949e244aca80d32897f Author: Werner Koch Date: Wed Apr 15 12:34:38 2015 +0200 tests: Add option to time the S2K function. * tests/t-kdf.c: Include stopwatch.h. (dummy_consumer): new. (bench_s2k): New. (main): Add option parser and option --s2k. -- For example: $ ./t-kdf --s2k 17659904 88.0ms $ ./t-kdf --s2k 65536 0.3ms This test is similar to the code done by gpg-agent to calibrate the S2K count. diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 8e728d5..18c8357 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -28,6 +28,8 @@ #include #include "../src/gcrypt-int.h" +#include "stopwatch.h" + #ifndef DIM # define DIM(v) (sizeof(v)/sizeof((v)[0])) @@ -62,6 +64,58 @@ die (const char *format, ...) static void +dummy_consumer (volatile char *buffer, size_t buflen) +{ + (void)buffer; + (void)buflen; +} + + +static void +bench_s2k (unsigned long s2kcount) +{ + gpg_error_t err; + const char passphrase[] = "123456789abcdef0"; + char keybuf[128/8]; + unsigned int repetitions = 10; + unsigned int count; + const char *elapsed; + int pass = 0; + + again: + start_timer (); + for (count = 0; count < repetitions; count++) + { + err = gcry_kdf_derive (passphrase, strlen (passphrase), + GCRY_KDF_ITERSALTED_S2K, + GCRY_MD_SHA1, "saltsalt", 8, s2kcount, + sizeof keybuf, keybuf); + if (err) + die ("gcry_kdf_derive failed: %s\n", gpg_strerror (err)); + dummy_consumer (keybuf, sizeof keybuf); + } + stop_timer (); + + elapsed = elapsed_time (repetitions); + if (!pass++) + { + if (!atoi (elapsed)) + { + repetitions = 10000; + goto again; + } + else if (atoi (elapsed) < 10) + { + repetitions = 100; + goto again; + } + } + + printf ("%s\n", elapsed); +} + + +static void check_openpgp (void) { /* Test vectors manually created with gpg 1.4 derived code: In @@ -1122,10 +1176,58 @@ check_scrypt (void) int main (int argc, char **argv) { - if (argc > 1 && !strcmp (argv[1], "--verbose")) - verbose = 1; - else if (argc > 1 && !strcmp (argv[1], "--debug")) - verbose = debug = 1; + int last_argc = -1; + unsigned long s2kcount = 0; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + { + fputs ("usage: t-kdf [options]" + "Options:\n" + " --verbose print timinigs etc.\n" + " --debug flyswatter\n" + " --s2k print the time needed for S2K\n", + stdout); + exit (0); + } + else if (!strcmp (*argv, "--verbose")) + { + verbose++; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose += 2; + debug++; + argc--; argv++; + } + else if (!strcmp (*argv, "--s2k")) + { + s2kcount = 1; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + die ("unknown option '%s'\n", *argv); + } + + if (s2kcount) + { + if (argc != 1) + die ("usage: t-kdf --s2k S2KCOUNT\n", stderr ); + s2kcount = strtoul (*argv, NULL, 10); + if (!s2kcount) + die ("t-kdf: S2KCOUNT must be positive\n", stderr ); + } if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); @@ -1135,9 +1237,14 @@ main (int argc, char **argv) if (debug) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); - check_openpgp (); - check_pbkdf2 (); - check_scrypt (); + if (s2kcount) + bench_s2k (s2kcount); + else + { + check_openpgp (); + check_pbkdf2 (); + check_scrypt (); + } return error_count ? 1 : 0; } commit 3b03a3b493233a472da531d8d9582d1be6d376b0 Author: Werner Koch Date: Wed Apr 15 12:30:50 2015 +0200 tests: Improve stopwatch.h * tests/stopwatch.h (elapsed_time): Add arg divisor. diff --git a/tests/benchmark.c b/tests/benchmark.c index 6be9509..b6cd7a8 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -463,7 +463,7 @@ random_bench (int very_strong) for (i=0; i < 100; i++) gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); } start_timer (); @@ -471,7 +471,7 @@ random_bench (int very_strong) gcry_randomize (buf, 8, very_strong? GCRY_VERY_STRONG_RANDOM:GCRY_STRONG_RANDOM); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); putchar ('\n'); if (verbose) @@ -531,7 +531,7 @@ md_bench ( const char *algoname ) gcry_md_write (hd, buf, bufsize); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_md_reset (hd); @@ -541,7 +541,7 @@ md_bench ( const char *algoname ) gcry_md_write (hd, buf, bufsize/10); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_md_reset (hd); @@ -551,7 +551,7 @@ md_bench ( const char *algoname ) gcry_md_write (hd, buf, 1); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -561,7 +561,7 @@ md_bench ( const char *algoname ) gcry_md_putc (hd, buf[j]); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_md_close (hd); @@ -585,7 +585,7 @@ md_bench ( const char *algoname ) for (i=0; i < 100; i++) gcry_md_hash_buffer (algo, digest, largebuf, 10000); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); free (largebuf_base); putchar ('\n'); @@ -680,7 +680,7 @@ mac_bench ( const char *algoname ) macoutlen = maclen; gcry_mac_read (hd, mac[0], &macoutlen); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_mac_reset (hd); @@ -692,7 +692,7 @@ mac_bench ( const char *algoname ) macoutlen = maclen; gcry_mac_read (hd, mac[1], &macoutlen); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_mac_reset (hd); @@ -704,7 +704,7 @@ mac_bench ( const char *algoname ) macoutlen = maclen; gcry_mac_read (hd, mac[2], &macoutlen); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_mac_close (hd); @@ -968,7 +968,7 @@ cipher_bench ( const char *algoname ) } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_cipher_close (hd); if (err) @@ -1049,7 +1049,7 @@ cipher_bench ( const char *algoname ) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_cipher_close (hd); if (err) @@ -1113,7 +1113,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) gcry_sexp_release (key_spec); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); x = gcry_mpi_new (p_sizes[testno]); @@ -1133,7 +1133,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) die ("signing failed (%d): %s\n", count, gpg_strerror (err)); } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1150,7 +1150,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); if (no_blinding) { @@ -1172,7 +1172,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) die ("signing failed (%d): %s\n", count, gpg_strerror (err)); } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); } @@ -1260,7 +1260,7 @@ elg_bench (int iterations, int print_header) } } stop_timer (); - snprintf (timerbuf1, sizeof timerbuf1, " %s", elapsed_time ()); + snprintf (timerbuf1, sizeof timerbuf1, " %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1278,7 +1278,7 @@ elg_bench (int iterations, int print_header) } stop_timer (); - printf (" %s %s\n", elapsed_time (), timerbuf1); + printf (" %s %s\n", elapsed_time (1), timerbuf1); fflush (stdout); gcry_sexp_release (plain); @@ -1368,7 +1368,7 @@ dsa_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1384,7 +1384,7 @@ dsa_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s\n", elapsed_time ()); + printf (" %s\n", elapsed_time (1)); fflush (stdout); gcry_sexp_release (sig); @@ -1478,7 +1478,7 @@ ecc_bench (int iterations, int print_header) gcry_sexp_release (key_spec); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); x = gcry_mpi_new (p_size); @@ -1513,7 +1513,7 @@ ecc_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1530,7 +1530,7 @@ ecc_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s\n", elapsed_time ()); + printf (" %s\n", elapsed_time (1)); fflush (stdout); gcry_sexp_release (sig); @@ -1563,7 +1563,7 @@ do_powm ( const char *n_str, const char *e_str, const char *m_str) for (i=0; i < 1000; i++) gcry_mpi_powm (cip, msg, e, n); stop_timer (); - printf (" %s", elapsed_time ()); fflush (stdout); + printf (" %s", elapsed_time (1)); fflush (stdout); /* { */ /* char *buf; */ @@ -1645,7 +1645,7 @@ prime_bench (void) stop_timer (); if (with_progress) printf ("%-10s", "prime"); - printf (" %s\n", elapsed_time ()); fflush (stdout); + printf (" %s\n", elapsed_time (1)); fflush (stdout); single_char_progress = old_prog; } diff --git a/tests/hashtest.c b/tests/hashtest.c index 6fbce0c..e2178aa 100644 --- a/tests/hashtest.c +++ b/tests/hashtest.c @@ -484,6 +484,6 @@ main (int argc, char **argv) if (verbose) show ("All tests completed in %s. Errors: %d\n", - elapsed_time (), error_count); + elapsed_time (1), error_count); return !!error_count; } diff --git a/tests/stopwatch.h b/tests/stopwatch.h index bdca9ce..696e300 100644 --- a/tests/stopwatch.h +++ b/tests/stopwatch.h @@ -81,7 +81,7 @@ stop_timer (void) } static const char * -elapsed_time (void) +elapsed_time (unsigned int divisor) { static char buf[50]; #if _WIN32 @@ -95,11 +95,19 @@ elapsed_time (void) + stopped_at.kernel_time.dwLowDateTime); t2 += (((unsigned long long)stopped_at.user_time.dwHighDateTime << 32) + stopped_at.user_time.dwLowDateTime); - t = (t2 - t1)/10000; - snprintf (buf, sizeof buf, "%5.0fms", (double)t ); + t = ((t2 - t1)/divisor)/10000; + if (divisor != 1) + snprintf (buf, sizeof buf, "%5.1fms", (double)t ); + else + snprintf (buf, sizeof buf, "%5.0fms", (double)t ); #else - snprintf (buf, sizeof buf, "%5.0fms", - (((double) (stopped_at - started_at))/CLOCKS_PER_SEC)*10000000); + if (divisor != 1) + snprintf (buf, sizeof buf, "%5.1fms", + ((((double) (stopped_at - started_at)/(double)divisor) + /CLOCKS_PER_SEC)*10000000)); + else + snprintf (buf, sizeof buf, "%5.0fms", + (((double) (stopped_at - started_at)/CLOCKS_PER_SEC)*10000000)); #endif return buf; } diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c index b7f3307..38e154d 100644 --- a/tests/t-ed25519.c +++ b/tests/t-ed25519.c @@ -555,6 +555,6 @@ main (int argc, char **argv) xfree (fname); show ("All tests completed in %s. Errors: %d\n", - elapsed_time (), error_count); + elapsed_time (1), error_count); return !!error_count; } ----------------------------------------------------------------------- Summary of changes: tests/benchmark.c | 50 +++++++++++----------- tests/hashtest.c | 2 +- tests/stopwatch.h | 18 +++++--- tests/t-ed25519.c | 2 +- tests/t-kdf.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 5 files changed, 154 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From julien.voisin at dustri.org Mon Apr 20 01:10:15 2015 From: julien.voisin at dustri.org (jvoisin) Date: Mon, 20 Apr 2015 01:10:15 +0200 Subject: Using secure memory Message-ID: <553435D7.9060707@dustri.org> Hello, I am a libotr[1] contributor, and I'd like to make use of libotr's secure memory; unfortunately, I can't find in the documentation the correct way to initialize it: Libotr is not a program, it's a library, and this situation is not described in the documentation[2]. Also, I'm wondering how I can estimate how much memory I should allocate; for now I tried with 32k and the testsuite is running great, but I'm worried about some possible breakages. Cheers, 1. https://otr.im and https://otr.cypherpunks.ca/ 2. https://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html -- GPG: 9768FD3CC48815F2 dustri.org From gniibe at fsij.org Mon Apr 20 09:17:46 2015 From: gniibe at fsij.org (NIIBE Yutaka) Date: Mon, 20 Apr 2015 16:17:46 +0900 Subject: Using secure memory In-Reply-To: <553435D7.9060707@dustri.org> References: <553435D7.9060707@dustri.org> Message-ID: <5534A81A.4080606@fsij.org> Hello, On 04/20/2015 08:10 AM, jvoisin wrote: > I am a libotr[1] contributor, and I'd like to make use of libotr's > secure memory; unfortunately, I can't find in the documentation the > correct way to initialize it: Libotr is not a program, it's a library, > and this situation is not described in the documentation[2]. Do you mean, you want to use libgcrypt's secure memory for libotr? (I tried to browse libotr git repo by web browser, but, it seems it's not available on-line.) If you don't need to hide libgcrypt from an application program, it is an application program (not libotr) which initializes libgcrypt. All that you need is to document how to use libotr which might require calling libgcrypt initialization for its use of secure memory. I think that it would be somewhat likely for an application program to call libgcrypt when it uses libotr. I mean, an application program would use libgcrypt and libotr, side-by-side. If so, I don't think it is good idea to try to hide libgcrypt from an application program. > Also, I'm wondering how I can estimate how much memory I should > allocate; for now I tried with 32k and the testsuite is running great, > but I'm worried about some possible breakages. I think that it depends on an application program. It is good idea for libotr to provide some API for estimation of its use of secure memory, so that an application program can call, and then, an application program calls initialization of libgcrypt (say, adding some more for its own use of secure memory). -- From teichm at in.tum.de Mon Apr 20 08:23:21 2015 From: teichm at in.tum.de (Markus Teich) Date: Mon, 20 Apr 2015 08:23:21 +0200 Subject: Using secure memory In-Reply-To: <553435D7.9060707@dustri.org> References: <553435D7.9060707@dustri.org> Message-ID: <20150420062320.GA2897@trolle> jvoisin wrote: > Hello, I am a libotr[1] contributor, and I'd like to make use of libotr's > secure memory; unfortunately, I can't find in the documentation the correct > way to initialize it: Libotr is not a program, it's a library, and this > situation is not described in the documentation[2]. > > Also, I'm wondering how I can estimate how much memory I should allocate; for > now I tried with 32k and the testsuite is running great, but I'm worried about > some possible breakages. Heyho, I looked at the libgcrypt initialization of libotr once and remember to see a comment there that they disable the secure memory, because it cannot be dynamically resized. Basically you have to know how much secure memory you need (which you don't for OTR), and specify it at the beginning. Maybe this has been changed in the recent past, at least it would be nice to dynamically resize the amount of secure memory. --Markus From wk at gnupg.org Mon Apr 20 11:01:29 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Apr 2015 11:01:29 +0200 Subject: Using secure memory In-Reply-To: <553435D7.9060707@dustri.org> (jvoisin's message of "Mon, 20 Apr 2015 01:10:15 +0200") References: <553435D7.9060707@dustri.org> Message-ID: <87d22z18d2.fsf@vigenere.g10code.de> On Mon, 20 Apr 2015 01:10, julien.voisin at dustri.org said: > Also, I'm wondering how I can estimate how much memory I should > allocate; for now I tried with 32k and the testsuite is running great, > but I'm worried about some possible breakages. You may call gcry_control (GCRYCTL_DUMP_MEMORY_STATS); which prints some memory stats to stderr or the Libgcrypt log handler. But see also the other comments. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From opalraava at hushmail.com Mon Apr 20 13:45:45 2015 From: opalraava at hushmail.com (Opal Raava) Date: Mon, 20 Apr 2015 13:45:45 +0200 Subject: Using secure memory In-Reply-To: <87d22z18d2.fsf@vigenere.g10code.de> References: <553435D7.9060707@dustri.org> <87d22z18d2.fsf@vigenere.g10code.de> Message-ID: Hi folks, I made a little test program to se what dump_memory_stats would look like. Nothing happened, and I saw that GCRYCTL_DUMP_MEMORY_STATS is a no-op right now: $ grep -n -A2 GCRYCTL_DUMP_MEMORY_STATS `find . -name *.c` ./src/global.c:361: case GCRYCTL_DUMP_MEMORY_STATS: ./src/global.c-362- /*m_print_stats("[fixme: prefix]");*/ ./src/global.c-363- break; I can't find the function m_print_stats() anywhere either. Laters, --Opal On 04/20/2015 11:01 AM, Werner Koch wrote: > On Mon, 20 Apr 2015 01:10, julien.voisin at dustri.org said: > >> Also, I'm wondering how I can estimate how much memory I should >> allocate; for now I tried with 32k and the testsuite is running great, >> but I'm worried about some possible breakages. > > You may call > > gcry_control (GCRYCTL_DUMP_MEMORY_STATS); > > which prints some memory stats to stderr or the Libgcrypt log handler. > But see also the other comments. > > > Shalom-Salam, > > Werner > From opalraava at hushmail.com Mon Apr 20 14:39:20 2015 From: opalraava at hushmail.com (Opal Raava) Date: Mon, 20 Apr 2015 14:39:20 +0200 Subject: Using secure memory In-Reply-To: References: <553435D7.9060707@dustri.org> <87d22z18d2.fsf@vigenere.g10code.de> Message-ID: Hi all, Oh well, there is a GCRYCTL_DUMP_MEMORY_STATS that does nothing but there is also a GCRYCTL_DUMP_SECMEM_STATS that does print usage statistics. Ltrs, --Opal On 04/20/2015 01:45 PM, Opal Raava wrote: > Hi folks, > > I made a little test program to se what dump_memory_stats would look > like. Nothing happened, and I saw that GCRYCTL_DUMP_MEMORY_STATS is a > no-op right now: > > $ grep -n -A2 GCRYCTL_DUMP_MEMORY_STATS `find . -name *.c` > ./src/global.c:361: case GCRYCTL_DUMP_MEMORY_STATS: > ./src/global.c-362- /*m_print_stats("[fixme: prefix]");*/ > ./src/global.c-363- break; > > I can't find the function m_print_stats() anywhere either. > > Laters, > --Opal > > > On 04/20/2015 11:01 AM, Werner Koch wrote: >> On Mon, 20 Apr 2015 01:10, julien.voisin at dustri.org said: >> >>> Also, I'm wondering how I can estimate how much memory I should >>> allocate; for now I tried with 32k and the testsuite is running great, >>> but I'm worried about some possible breakages. >> >> You may call >> >> gcry_control (GCRYCTL_DUMP_MEMORY_STATS); >> >> which prints some memory stats to stderr or the Libgcrypt log handler. >> But see also the other comments. >> >> >> Shalom-Salam, >> >> Werner >> > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > From wk at gnupg.org Mon Apr 20 15:10:07 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Apr 2015 15:10:07 +0200 Subject: Using secure memory In-Reply-To: (Opal Raava's message of "Mon, 20 Apr 2015 14:39:20 +0200") References: <553435D7.9060707@dustri.org> <87d22z18d2.fsf@vigenere.g10code.de> Message-ID: <87r3rfymhc.fsf@vigenere.g10code.de> On Mon, 20 Apr 2015 14:39, opalraava at hushmail.com said: > Oh well, there is a GCRYCTL_DUMP_MEMORY_STATS that does nothing but > there is also a GCRYCTL_DUMP_SECMEM_STATS that does print usage statistics. Sorry, I copied the wrong line from gpg.c Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jussi.kivilinna at iki.fi Sun Apr 26 13:47:30 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sun, 26 Apr 2015 14:47:30 +0300 Subject: [PATCH 2/2] Disallow compiler from generating SSE instructions in mixed C+asm source In-Reply-To: <20150426114725.31074.76968.stgit@localhost6.localdomain6> References: <20150426114725.31074.76968.stgit@localhost6.localdomain6> Message-ID: <20150426114730.31074.8917.stgit@localhost6.localdomain6> * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target pragma to disable compiler use of SSE. * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto. * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto. -- These implementations assume that compiler does not use XMM registers between assembly blocks. Signed-off-by: Jussi Kivilinna --- cipher/cipher-gcm-intel-pclmul.c | 7 +++++++ cipher/rijndael-aesni.c | 6 ++++++ cipher/rijndael-ssse3-amd64.c | 6 ++++++ 3 files changed, 19 insertions(+) diff --git a/cipher/cipher-gcm-intel-pclmul.c b/cipher/cipher-gcm-intel-pclmul.c index 0314458..446e6ad 100644 --- a/cipher/cipher-gcm-intel-pclmul.c +++ b/cipher/cipher-gcm-intel-pclmul.c @@ -32,6 +32,13 @@ #ifdef GCM_USE_INTEL_PCLMUL + +#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + /* Intel PCLMUL ghash based on white paper: "Intel? Carry-Less Multiplication Instruction and its Usage for Computing the diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 9a81602..15c799a 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -35,6 +35,12 @@ #ifdef USE_AESNI +#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + typedef struct u128_s { u32 a, b, c, d; } u128_t; diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c index d72ec31..ebb640f 100644 --- a/cipher/rijndael-ssse3-amd64.c +++ b/cipher/rijndael-ssse3-amd64.c @@ -50,6 +50,12 @@ #ifdef USE_SSSE3 +#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + /* Two macros to be called prior and after the use of SSSE3 instructions. There should be no external function calls between the use of these macros. There purpose is to make sure that the From jussi.kivilinna at iki.fi Sun Apr 26 13:47:25 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sun, 26 Apr 2015 14:47:25 +0300 Subject: [PATCH 1/2] Add OCB bulk crypt/auth functions for AES/AES-NI Message-ID: <20150426114725.31074.76968.stgit@localhost6.localdomain6> * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt and bulk.ocb_auth. (_gcry_cipher_ocb_get_l): New prototype. * cipher/cipher-ocb.c (get_l): Rename to ... (_gcry_cipher_ocb_get_l): ... this. (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when available. * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk functions for AES. * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec) (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New. * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt) (_gcry_aes_aesni_ocb_auth): New prototypes. (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New. * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New prototypes. * tests/basic.c (check_ocb_cipher_largebuf): New. (check_ocb_cipher): Add large buffer encryption/decryption test. -- Patch adds bulk encryption/decryption/authentication code for AES-NI accelerated AES. Benchmark on Intel i5-4570 (3200 Mhz, turbo off): Before: AES | nanosecs/byte mebibytes/sec cycles/byte OCB enc | 2.12 ns/B 449.7 MiB/s 6.79 c/B OCB dec | 2.12 ns/B 449.6 MiB/s 6.79 c/B OCB auth | 2.07 ns/B 459.9 MiB/s 6.64 c/B After: AES | nanosecs/byte mebibytes/sec cycles/byte OCB enc | 0.292 ns/B 3262.5 MiB/s 0.935 c/B OCB dec | 0.297 ns/B 3212.2 MiB/s 0.950 c/B OCB auth | 0.260 ns/B 3666.1 MiB/s 0.832 c/B Signed-off-by: Jussi Kivilinna --- cipher/cipher-internal.h | 5 cipher/cipher-ocb.c | 84 +++++--- cipher/cipher.c | 2 cipher/rijndael-aesni.c | 483 ++++++++++++++++++++++++++++++++++++++++++++++ cipher/rijndael.c | 161 +++++++++++++++ src/cipher.h | 4 tests/basic.c | 174 +++++++++++++++++ 7 files changed, 884 insertions(+), 29 deletions(-) diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 50b0324..e20ea56 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -128,6 +128,9 @@ struct gcry_cipher_handle void (*ctr_enc)(void *context, unsigned char *iv, void *outbuf_arg, const void *inbuf_arg, size_t nblocks); + void (*ocb_crypt)(gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt); + void (*ocb_auth)(gcry_cipher_hd_t c, const void *abuf_arg, size_t nblocks); } bulk; @@ -440,6 +443,8 @@ gcry_err_code_t _gcry_cipher_ocb_get_tag gcry_err_code_t _gcry_cipher_ocb_check_tag /* */ (gcry_cipher_hd_t c, const unsigned char *intag, size_t taglen); +const unsigned char *_gcry_cipher_ocb_get_l +/* */ (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n); #endif /*G10_CIPHER_INTERNAL_H*/ diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c index 62e79bb..bc6fd87 100644 --- a/cipher/cipher-ocb.c +++ b/cipher/cipher-ocb.c @@ -115,8 +115,8 @@ bit_copy (unsigned char *d, const unsigned char *s, every 65536-th block. L_TMP is a helper buffer of size OCB_BLOCK_LEN which is used to hold the computation if not taken from the table. */ -static const unsigned char * -get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) +const unsigned char * +_gcry_cipher_ocb_get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) { int ntz = _gcry_ctz64 (n); @@ -257,6 +257,15 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, if (!abuflen) return 0; + /* Use a bulk method if available. */ + if (abuflen >= OCB_BLOCK_LEN && c->bulk.ocb_auth) + { + size_t nblks = abuflen / OCB_BLOCK_LEN; + c->bulk.ocb_auth (c, abuf, nblks); + abuf += nblks * OCB_BLOCK_LEN; + abuflen -= nblks * OCB_BLOCK_LEN; + } + /* Hash all full blocks. */ while (abuflen >= OCB_BLOCK_LEN) { @@ -264,7 +273,8 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ buf_xor_1 (c->u_mode.ocb.aad_offset, - get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), OCB_BLOCK_LEN); + _gcry_cipher_ocb_get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), + OCB_BLOCK_LEN); /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ buf_xor (l_tmp, c->u_mode.ocb.aad_offset, abuf, OCB_BLOCK_LEN); c->spec->encrypt (&c->context.c, l_tmp, l_tmp); @@ -341,40 +351,56 @@ ocb_crypt (gcry_cipher_hd_t c, int encrypt, else if ((inbuflen % OCB_BLOCK_LEN)) return GPG_ERR_INV_LENGTH; /* We support only full blocks for now. */ - if (encrypt) + /* Use a bulk method if available. */ + if (nblks && c->bulk.ocb_crypt) { - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + c->bulk.ocb_crypt (c, outbuf, inbuf, nblks, encrypt); + inbuf += nblks * OCB_BLOCK_LEN; + outbuf += nblks * OCB_BLOCK_LEN; + inbuflen -= nblks * OCB_BLOCK_LEN; + outbuflen -= nblks * OCB_BLOCK_LEN; + nblks = 0; } - /* Encrypt all full blocks. */ - while (inbuflen >= OCB_BLOCK_LEN) + if (nblks) { - c->u_mode.ocb.data_nblocks++; + gcry_cipher_encrypt_t crypt_fn = + encrypt ? c->spec->encrypt : c->spec->decrypt; - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - buf_xor_1 (c->u_iv.iv, - get_l (c, l_tmp, c->u_mode.ocb.data_nblocks), OCB_BLOCK_LEN); - /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); if (encrypt) - nburn = c->spec->encrypt (&c->context.c, outbuf, outbuf); - else - nburn = c->spec->decrypt (&c->context.c, outbuf, outbuf); - burn = nburn > burn ? nburn : burn; - buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + } - inbuf += OCB_BLOCK_LEN; - inbuflen -= OCB_BLOCK_LEN; - outbuf += OCB_BLOCK_LEN; - outbuflen =- OCB_BLOCK_LEN; - } + /* Encrypt all full blocks. */ + while (inbuflen >= OCB_BLOCK_LEN) + { + c->u_mode.ocb.data_nblocks++; + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, + _gcry_cipher_ocb_get_l (c, l_tmp, + c->u_mode.ocb.data_nblocks), + OCB_BLOCK_LEN); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); + nburn = crypt_fn (&c->context.c, outbuf, outbuf); + burn = nburn > burn ? nburn : burn; + buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + + inbuf += OCB_BLOCK_LEN; + inbuflen -= OCB_BLOCK_LEN; + outbuf += OCB_BLOCK_LEN; + outbuflen =- OCB_BLOCK_LEN; + } - if (!encrypt) - { - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); - } + if (!encrypt) + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); + } + } /* Encrypt final partial block. Note that we expect INBUFLEN to be shorter than OCB_BLOCK_LEN (see above). */ diff --git a/cipher/cipher.c b/cipher/cipher.c index 0a13fe6..6e1173f 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -510,6 +510,8 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, h->bulk.cbc_enc = _gcry_aes_cbc_enc; h->bulk.cbc_dec = _gcry_aes_cbc_dec; h->bulk.ctr_enc = _gcry_aes_ctr_enc; + h->bulk.ocb_crypt = _gcry_aes_ocb_crypt; + h->bulk.ocb_auth = _gcry_aes_ocb_auth; break; #endif /*USE_AES*/ #ifdef USE_BLOWFISH diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 3c367ce..9a81602 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -29,6 +29,7 @@ #include "bufhelp.h" #include "cipher-selftest.h" #include "rijndael-internal.h" +#include "./cipher-internal.h" #ifdef USE_AESNI @@ -1251,4 +1252,486 @@ _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, aesni_cleanup_2_6 (); } + +static inline const unsigned char * +get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 i, unsigned char *iv, + unsigned char *ctr) +{ + const unsigned char *l; + unsigned int ntz; + + if (i & 0xffffffffU) + { + asm ("rep;bsf %k[low], %k[ntz]\n\t" + : [ntz] "=r" (ntz) + : [low] "r" (i & 0xffffffffU) + : "cc"); + } + else + { + if (OCB_L_TABLE_SIZE < 32) + { + ntz = 32; + } + else if (i) + { + asm ("rep;bsf %k[high], %k[ntz]\n\t" + : [ntz] "=r" (ntz) + : [high] "r" (i >> 32) + : "cc"); + ntz += 32; + } + else + { + ntz = 64; + } + } + + if (ntz < OCB_L_TABLE_SIZE) + { + l = c->u_mode.ocb.L[ntz]; + } + else + { + /* Store Offset & Checksum before calling external function */ + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*iv), + [ctr] "=m" (*ctr) + : + : "memory" ); + + l = _gcry_cipher_ocb_get_l (c, l_tmp, i); + + /* Restore Offset & Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*iv), + [ctr] "m" (*ctr) + : "memory" ); + } + + return l; +} + + +static void +aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + u64 n = c->u_mode.ocb.data_nblocks; + + aesni_prepare (); + + /* Preload Offset and Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_iv.iv), + [ctr] "m" (*c->u_ctr.ctr) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*l[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*l[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*l[2]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + c->u_mode.ocb.data_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_iv.iv), + [ctr] "=m" (*c->u_ctr.ctr) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + +static void +aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + u64 n = c->u_mode.ocb.data_nblocks; + + aesni_prepare (); + + /* Preload Offset and Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_iv.iv), + [ctr] "m" (*c->u_ctr.ctr) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*l[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*l[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*l[2]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_dec_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_dec (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + c->u_mode.ocb.data_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_iv.iv), + [ctr] "=m" (*c->u_ctr.ctr) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + +void +_gcry_aes_aesni_ocb_crypt(gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt) +{ + if (encrypt) + aesni_ocb_enc(c, outbuf_arg, inbuf_arg, nblocks); + else + aesni_ocb_dec(c, outbuf_arg, inbuf_arg, nblocks); +} + + +void +_gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + const unsigned char *abuf = abuf_arg; + u64 n = c->u_mode.ocb.aad_nblocks; + + aesni_prepare (); + + /* Preload Offset and Sum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_mode.ocb.aad_offset), + [ctr] "m" (*c->u_mode.ocb.aad_sum) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[abuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + : + : [l0] "m" (*l[0]), + [abuf0] "m" (*(abuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[abuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + : + : [l1] "m" (*l[1]), + [abuf1] "m" (*(abuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[abuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + : + : [l2] "m" (*l[2]), + [abuf2] "m" (*(abuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[abuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [abuf3] "m" (*(abuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[abuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [abuf] "m" (*abuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm0, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += BLOCKSIZE; + } + + c->u_mode.ocb.aad_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_mode.ocb.aad_offset), + [ctr] "=m" (*c->u_mode.ocb.aad_sum) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + #endif /* USE_AESNI */ diff --git a/cipher/rijndael.c b/cipher/rijndael.c index a481e6f..ade41c9 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -48,6 +48,7 @@ #include "bufhelp.h" #include "cipher-selftest.h" #include "rijndael-internal.h" +#include "./cipher-internal.h" #ifdef USE_AMD64_ASM @@ -97,6 +98,11 @@ extern void _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, const unsigned char *inbuf, unsigned char *iv, size_t nblocks); +extern void _gcry_aes_aesni_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, + int encrypt); +extern void _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks); #endif #ifdef USE_SSSE3 @@ -1150,6 +1156,161 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, +/* Bulk encryption/decryption of complete blocks in OCB mode. */ +void +_gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt) +{ + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + unsigned int burn_depth = 0; + + if (encrypt) + { + if (ctx->prefetch_enc_fn) + ctx->prefetch_enc_fn(); + } + else + { + check_decryption_preparation (ctx); + + if (ctx->prefetch_dec_fn) + ctx->prefetch_dec_fn(); + } + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + _gcry_aes_aesni_ocb_crypt (c, outbuf, inbuf, nblocks, encrypt); + burn_depth = 0; + } +#endif /*USE_AESNI*/ + else if (encrypt) + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.data_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, l, BLOCKSIZE); + buf_cpy (l_tmp.x1, inbuf, BLOCKSIZE); + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, l_tmp.x1, BLOCKSIZE); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + burn_depth = encrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + buf_cpy (outbuf, l_tmp.x1, BLOCKSIZE); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + } + else + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t decrypt_fn = ctx->decrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.data_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, l, BLOCKSIZE); + buf_cpy (l_tmp.x1, inbuf, BLOCKSIZE); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + burn_depth = decrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, l_tmp.x1, BLOCKSIZE); + buf_cpy (outbuf, l_tmp.x1, BLOCKSIZE); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + } + + if (burn_depth) + _gcry_burn_stack (burn_depth + 4 * sizeof(void *)); +} + + +/* Bulk authentication of complete blocks in OCB mode. */ +void +_gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, size_t nblocks) +{ + RIJNDAEL_context *ctx = (void *)&c->context.c; + const unsigned char *abuf = abuf_arg; + unsigned int burn_depth = 0; + + if (ctx->prefetch_enc_fn) + ctx->prefetch_enc_fn(); + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + _gcry_aes_aesni_ocb_auth (c, abuf, nblocks); + burn_depth = 0; + } +#endif /*USE_AESNI*/ + else + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.aad_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_mode.ocb.aad_offset, l, BLOCKSIZE); + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + buf_xor (l_tmp.x1, c->u_mode.ocb.aad_offset, abuf, BLOCKSIZE); + burn_depth = encrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp.x1, BLOCKSIZE); + + abuf += BLOCKSIZE; + } + + wipememory(&l_tmp, sizeof(l_tmp)); + } + + if (burn_depth) + _gcry_burn_stack (burn_depth + 4 * sizeof(void *)); +} + + + /* Run the self-tests for AES 128. Returns NULL on success. */ static const char* selftest_basic_128 (void) diff --git a/src/cipher.h b/src/cipher.h index f4f6cc4..7ad0b2c 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -135,6 +135,10 @@ void _gcry_aes_cbc_dec (void *context, unsigned char *iv, void _gcry_aes_ctr_enc (void *context, unsigned char *ctr, void *outbuf_arg, const void *inbuf_arg, size_t nblocks); +void _gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt); +void _gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks); /*-- blowfish.c --*/ void _gcry_blowfish_cfb_dec (void *context, unsigned char *iv, diff --git a/tests/basic.c b/tests/basic.c index 6ebc056..1175b38 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -3153,6 +3153,172 @@ do_check_ocb_cipher (int inplace) static void +check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) +{ + static const unsigned char key[32] = + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"; + static const unsigned char nonce[12] = + "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x00\x01\x02\x03"; + const size_t buflen = 1024 * 1024 * 2 + 32; + unsigned char *inbuf; + unsigned char *outbuf; + gpg_error_t err = 0; + gcry_cipher_hd_t hde, hdd; + unsigned char tag[16]; + int i; + + inbuf = xmalloc(buflen); + if (!inbuf) + { + fail ("out-of-memory\n"); + return; + } + outbuf = xmalloc(buflen); + if (!outbuf) + { + fail ("out-of-memory\n"); + xfree(inbuf); + return; + } + + for (i = 0; i < buflen; i++) + inbuf[i] = 'a'; + + err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0); + if (!err) + err = gcry_cipher_open (&hdd, algo, GCRY_CIPHER_MODE_OCB, 0); + if (err) + { + fail ("cipher-ocb, gcry_cipher_open failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + goto out_free; + } + + err = gcry_cipher_setkey (hde, key, keylen); + if (!err) + err = gcry_cipher_setkey (hdd, key, keylen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setkey failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_setiv (hde, nonce, 12); + if (!err) + err = gcry_cipher_setiv (hdd, nonce, 12); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setiv failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_authenticate (hde, inbuf, buflen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_final (hde); + if (!err) + { + err = gcry_cipher_encrypt (hde, outbuf, buflen, inbuf, buflen); + } + if (err) + { + fail ("cipher-ocb, gcry_cipher_encrypt failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* Check that the tag matches. */ + err = gcry_cipher_gettag (hde, tag, 16); + if (err) + { + fail ("cipher_ocb, gcry_cipher_gettag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + if (memcmp (tagexpect, tag, 16)) + { + mismatch (tagexpect, 16, tag, 16); + fail ("cipher-ocb, encrypt tag mismatch (large, algo %d)\n", algo); + } + + err = gcry_cipher_authenticate (hdd, inbuf, buflen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* Now for the decryption. */ + err = gcry_cipher_final (hdd); + if (!err) + { + err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); + } + if (err) + { + fail ("cipher-ocb, gcry_cipher_decrypt (large, algo %d) failed: %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* We still have TAG from the encryption. */ + err = gcry_cipher_checktag (hdd, tag, 16); + if (err) + { + fail ("cipher-ocb, gcry_cipher_checktag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + + /* Check that the decrypt output matches the original plaintext. */ + if (memcmp (inbuf, outbuf, buflen)) + { + /*mismatch (inbuf, buflen, outbuf, buflen);*/ + fail ("cipher-ocb, decrypt data mismatch (large, algo %d)\n", algo); + } + + /* Check that gettag also works for decryption. */ + err = gcry_cipher_gettag (hdd, tag, 16); + if (err) + { + fail ("cipher_ocb, decrypt gettag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + if (memcmp (tagexpect, tag, 16)) + { + mismatch (tagexpect, 16, tag, 16); + fail ("cipher-ocb, decrypt tag mismatch (large, algo %d)\n", algo); + } + + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + +out_free: + xfree(outbuf); + xfree(inbuf); +} + + +static void check_ocb_cipher (void) { /* Check OCB cipher with separate destination and source buffers for @@ -3161,6 +3327,14 @@ check_ocb_cipher (void) /* Check OCB cipher with inplace encrypt/decrypt. */ do_check_ocb_cipher(1); + + /* Check large buffer encryption/decryption. */ + check_ocb_cipher_largebuf(GCRY_CIPHER_AES, 16, + "\xf5\xf3\x12\x7d\x58\x2d\x96\xe8" + "\x33\xfd\x7a\x4f\x42\x60\x5d\x20"); + check_ocb_cipher_largebuf(GCRY_CIPHER_AES256, 32, + "\xfa\x26\xa5\xbf\xf6\x7d\x3a\x8d" + "\xfe\x96\x67\xc9\xc8\x41\x03\x51"); } From jussi.kivilinna at iki.fi Sun Apr 26 14:37:35 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sun, 26 Apr 2015 15:37:35 +0300 Subject: [RFC PATCH] Prepare random/win32.c fast poll for 64-bit Windows In-Reply-To: <20130807075944.5233.46101.stgit@localhost6.localdomain6> References: <20130807075944.5233.46101.stgit@localhost6.localdomain6> Message-ID: <553CDC0F.7040906@iki.fi> On 07.08.2013 10:59, Jussi Kivilinna wrote: > * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to > ADDINT. > (_gcry_rndw32_gather_random_fast): Add ADDPTR. > (_gcry_rndw32_gather_random_fast): Disable entropy gathering from > GetQueueStatus(QS_ALLEVENTS). > (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and > maximumWorkingSetSize to SIZE_T from DWORD. > (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of > minimumWorkingSetSize and maximumWorkingSetSize to random poll. > (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly > using intrinsic. > -- > > Introduce entropy gatherer changes related to 64-bit Windows platform as done > in cryptlib fast poll: > - Change ADD macro to ADDPTR/ADDINT to handle pointer values. ADDPTR > discards high 32-bits of 64-bit pointer values. > - minimum/maximumWorkingSetSize changed to SIZE_T type to avoid stack > corruption on 64-bit; only low 32-bits are used for entropy. > - Use __rdtsc() intrinsic on 64-bit (as TSC is always available). > > Signed-off-by: Jussi Kivilinna > > -- > Would this be enough for 64-bit Windows support? > > Slow poll differences cryptlib vs libgcrypt appear to be limited to sensor > data reading from third party programs and reading of PnP data. Any comments on this? -Jussi > --- > random/rndw32.c | 83 ++++++++++++++++++++++++++++++++++--------------------- > 1 file changed, 52 insertions(+), 31 deletions(-) > > diff --git a/random/rndw32.c b/random/rndw32.c > index 5c5d6c6..7e78b50 100644 > --- a/random/rndw32.c > +++ b/random/rndw32.c > @@ -826,39 +826,47 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, > cursor position for last message, 1 ms time for last message, > handle of window with clipboard open, handle of process heap, > handle of procs window station, types of events in input queue, > - and milliseconds since Windows was started. */ > + and milliseconds since Windows was started. On 64-bit platform > + some of these return values are pointers and thus 64-bit wide. > + We discard the upper 32-bit of those values. */ > > { > byte buffer[20*sizeof(ulong)], *bufptr; > > bufptr = buffer; > -#define ADD(f) do { ulong along = (ulong)(f); \ > - memcpy (bufptr, &along, sizeof (along) ); \ > - bufptr += sizeof (along); \ > - } while (0) > - > - ADD ( GetActiveWindow ()); > - ADD ( GetCapture ()); > - ADD ( GetClipboardOwner ()); > - ADD ( GetClipboardViewer ()); > - ADD ( GetCurrentProcess ()); > - ADD ( GetCurrentProcessId ()); > - ADD ( GetCurrentThread ()); > - ADD ( GetCurrentThreadId ()); > - ADD ( GetDesktopWindow ()); > - ADD ( GetFocus ()); > - ADD ( GetInputState ()); > - ADD ( GetMessagePos ()); > - ADD ( GetMessageTime ()); > - ADD ( GetOpenClipboardWindow ()); > - ADD ( GetProcessHeap ()); > - ADD ( GetProcessWindowStation ()); > - ADD ( GetQueueStatus (QS_ALLEVENTS)); > - ADD ( GetTickCount ()); > +#define ADDINT(f) do { ulong along = (ulong)(f); \ > + memcpy (bufptr, &along, sizeof (along) ); \ > + bufptr += sizeof (along); \ > + } while (0) > +#define ADDPTR(f) do { void *aptr = (f); \ > + ADDINT((SIZE_T)aptr); \ > + } while (0) > + > + ADDPTR ( GetActiveWindow ()); > + ADDPTR ( GetCapture ()); > + ADDPTR ( GetClipboardOwner ()); > + ADDPTR ( GetClipboardViewer ()); > + ADDPTR ( GetCurrentProcess ()); > + ADDINT ( GetCurrentProcessId ()); > + ADDPTR ( GetCurrentThread ()); > + ADDINT ( GetCurrentThreadId ()); > + ADDPTR ( GetDesktopWindow ()); > + ADDPTR ( GetFocus ()); > + ADDINT ( GetInputState ()); > + ADDINT ( GetMessagePos ()); > + ADDINT ( GetMessageTime ()); > + ADDPTR ( GetOpenClipboardWindow ()); > + ADDPTR ( GetProcessHeap ()); > + ADDPTR ( GetProcessWindowStation ()); > + /* Following function in some cases stops returning events, and cannot > + be used as an entropy source. */ > + /*ADDINT ( GetQueueStatus (QS_ALLEVENTS));*/ > + ADDINT ( GetTickCount ()); > > gcry_assert ( bufptr-buffer < sizeof (buffer) ); > (*add) ( buffer, bufptr-buffer, origin ); > -#undef ADD > +#undef ADDINT > +#undef ADDPTR > } > > /* Get multiword system information: Current caret position, current > @@ -888,7 +896,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, > { > HANDLE handle; > FILETIME creationTime, exitTime, kernelTime, userTime; > - DWORD minimumWorkingSetSize, maximumWorkingSetSize; > + SIZE_T minimumWorkingSetSize, maximumWorkingSetSize; > > handle = GetCurrentThread (); > GetThreadTimes (handle, &creationTime, &exitTime, > @@ -910,10 +918,9 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, > process. */ > GetProcessWorkingSetSize (handle, &minimumWorkingSetSize, > &maximumWorkingSetSize); > - (*add) ( &minimumWorkingSetSize, > - sizeof (minimumWorkingSetSize), origin ); > - (*add) ( &maximumWorkingSetSize, > - sizeof (maximumWorkingSetSize), origin ); > + /* On 64-bit system, discard the high 32-bits. */ > + (*add) ( &minimumWorkingSetSize, sizeof (int), origin ); > + (*add) ( &maximumWorkingSetSize, sizeof (int), origin ); > } > > > @@ -961,7 +968,20 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, > > To make things unambiguous, we detect a CPU new enough to call RDTSC > directly by checking for CPUID capabilities, and fall back to QPC if > - this isn't present. */ > + this isn't present. > + > + On AMD64, TSC is always available and intrinsic is provided for accessing > + it. */ > +#ifdef __WIN64__ > + { > + unsigned __int64 aint64; > + > + /* Note: cryptlib does not discard upper 32 bits of TSC on WIN64, but does > + * on WIN32. Is this correct? */ > + aint64 = __rdtsc(); > + (*add) (&aint64, sizeof(aint64), origin); > + } > +#else > #ifdef __GNUC__ > /* FIXME: We would need to implement the CPU feature tests first. */ > /* if (cpu_has_feature_rdtsc) */ > @@ -990,6 +1010,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, > (*add) (&aword, sizeof (aword), origin ); > } > } > +#endif /*__WIN64__*/ > > > } > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Apr 27 13:59:50 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Apr 2015 13:59:50 +0200 Subject: [RFC PATCH] Prepare random/win32.c fast poll for 64-bit Windows In-Reply-To: <553CDC0F.7040906@iki.fi> (Jussi Kivilinna's message of "Sun, 26 Apr 2015 15:37:35 +0300") References: <20130807075944.5233.46101.stgit@localhost6.localdomain6> <553CDC0F.7040906@iki.fi> Message-ID: <877fsxlr2h.fsf@vigenere.g10code.de> On Sun, 26 Apr 2015 14:37, jussi.kivilinna at iki.fi said: >> Introduce entropy gatherer changes related to 64-bit Windows platform as done >> in cryptlib fast poll: >> - Change ADD macro to ADDPTR/ADDINT to handle pointer values. ADDPTR >> discards high 32-bits of 64-bit pointer values. >> - minimum/maximumWorkingSetSize changed to SIZE_T type to avoid stack >> corruption on 64-bit; only low 32-bits are used for entropy. >> - Use __rdtsc() intrinsic on 64-bit (as TSC is always available). >> >> Signed-off-by: Jussi Kivilinna >> >> -- >> Would this be enough for 64-bit Windows support? >> >> Slow poll differences cryptlib vs libgcrypt appear to be limited to sensor >> data reading from third party programs and reading of PnP data. > > Any comments on this? I can't say for sure whether this is sufficient. But if this patch tracks the changes from cryptlib it should be okay. Cryptlib might have introduced other changes since the last time I checked. I assume you only looked for the 64 bit changes, right? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Apr 27 14:08:10 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Apr 2015 14:08:10 +0200 Subject: [PATCH 1/2] Add OCB bulk crypt/auth functions for AES/AES-NI In-Reply-To: <20150426114725.31074.76968.stgit@localhost6.localdomain6> (Jussi Kivilinna's message of "Sun, 26 Apr 2015 14:47:25 +0300") References: <20150426114725.31074.76968.stgit@localhost6.localdomain6> Message-ID: <87y4ldkc45.fsf@vigenere.g10code.de> On Sun, 26 Apr 2015 13:47, jussi.kivilinna at iki.fi said: > Patch adds bulk encryption/decryption/authentication code for AES-NI > accelerated AES. COOL. That is the speed I was hoping for. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Apr 27 14:05:51 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 27 Apr 2015 14:05:51 +0200 Subject: [PATCH 2/2] Disallow compiler from generating SSE instructions in mixed C+asm source In-Reply-To: <20150426114730.31074.8917.stgit@localhost6.localdomain6> (Jussi Kivilinna's message of "Sun, 26 Apr 2015 14:47:30 +0300") References: <20150426114725.31074.76968.stgit@localhost6.localdomain6> <20150426114730.31074.8917.stgit@localhost6.localdomain6> Message-ID: <87383llqsg.fsf@vigenere.g10code.de> On Sun, 26 Apr 2015 13:47, jussi.kivilinna at iki.fi said: > +#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) >= 404 > +/* Prevent compiler from issuing SSE instructions between asm blocks. */ > +# pragma GCC target("no-sse") > +#endif What about changing this to --8<---------------cut here---------------start------------->8--- #if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ /* Prevent compiler from issuing SSE instructions between asm blocks. */ # pragma GCC target("no-sse") #endif --8<---------------cut here---------------end--------------->8--- Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jussi.kivilinna at iki.fi Tue Apr 28 17:57:59 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Tue, 28 Apr 2015 18:57:59 +0300 Subject: [RFC PATCH] Prepare random/win32.c fast poll for 64-bit Windows In-Reply-To: <877fsxlr2h.fsf@vigenere.g10code.de> References: <20130807075944.5233.46101.stgit@localhost6.localdomain6> <553CDC0F.7040906@iki.fi> <877fsxlr2h.fsf@vigenere.g10code.de> Message-ID: <553FAE07.6090900@iki.fi> On 27.04.2015 14:59, Werner Koch wrote: > On Sun, 26 Apr 2015 14:37, jussi.kivilinna at iki.fi said: > >>> Introduce entropy gatherer changes related to 64-bit Windows platform as done >>> in cryptlib fast poll: >>> - Change ADD macro to ADDPTR/ADDINT to handle pointer values. ADDPTR >>> discards high 32-bits of 64-bit pointer values. >>> - minimum/maximumWorkingSetSize changed to SIZE_T type to avoid stack >>> corruption on 64-bit; only low 32-bits are used for entropy. >>> - Use __rdtsc() intrinsic on 64-bit (as TSC is always available). >>> >>> Signed-off-by: Jussi Kivilinna >>> >>> -- >>> Would this be enough for 64-bit Windows support? >>> >>> Slow poll differences cryptlib vs libgcrypt appear to be limited to sensor >>> data reading from third party programs and reading of PnP data. >> >> Any comments on this? > > I can't say for sure whether this is sufficient. But if this patch > tracks the changes from cryptlib it should be okay. Cryptlib might have > introduced other changes since the last time I checked. > > I assume you only looked for the 64 bit changes, right? Yes, I tracked the changes related to 64-bit Windows. There is issues with 64-bit Windows build that needs fixing also. Differences between System V ABI and Win64 ABI cause problems with AMD64 assembly parts and at some places pointers are cast to 'long' and on Win64 sizeof pointer != sizeof long. -Jussi > > > Shalom-Salam, > > Werner > From dima.ky at gmail.com Wed Apr 29 16:40:26 2015 From: dima.ky at gmail.com (Dima Kukulniak) Date: Wed, 29 Apr 2015 18:40:26 +0400 Subject: rc4 amd64 assembler implementation is buggy Message-ID: Hello, I've checked the code available via git and it turned out rc4 in amd64 assembly is not correctly implemented. The following change fixed it for me. diff --git a/cipher/arcfour-amd64.S b/cipher/arcfour-amd64.S index c32cd6f..6ffd78f 100644 --- a/cipher/arcfour-amd64.S +++ b/cipher/arcfour-amd64.S @@ -85,8 +85,8 @@ _gcry_arcfour_amd64: .Lfinished: dec %rcx # x-- - movb %dl, (4*256)(%rbp) # key->y = y - movb %cl, (4*256+4)(%rbp) # key->x = x + movb %dl, (4*256+4)(%rbp) # key->y = y + movb %cl, (4*256)(%rbp) # key->x = x pop %rbx pop %rbp ret I'd appreciate to have it pushed to the master. Thank you. -- regards, Dima -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvs at cvs.gnupg.org Wed Apr 29 17:17:26 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 29 Apr 2015 17:17:26 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-187-gf88266c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via f88266c0f868d7bf51a215d5531bb9f2b4dad19e (commit) via 305cc878d395475c46b4ef52f4764bd0c85bf8ac (commit) from fe38d3815b4cd203cd529949e244aca80d32897f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e Author: Jussi Kivilinna Date: Wed Apr 22 20:29:05 2015 +0300 Disallow compiler from generating SSE instructions in mixed C+asm source * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target pragma to disable compiler use of SSE. * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto. * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto. -- These implementations assume that compiler does not use XMM registers between assembly blocks. Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm-intel-pclmul.c b/cipher/cipher-gcm-intel-pclmul.c index 0314458..79648ce 100644 --- a/cipher/cipher-gcm-intel-pclmul.c +++ b/cipher/cipher-gcm-intel-pclmul.c @@ -32,6 +32,13 @@ #ifdef GCM_USE_INTEL_PCLMUL + +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + /* Intel PCLMUL ghash based on white paper: "Intel? Carry-Less Multiplication Instruction and its Usage for Computing the diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 9a81602..147679f 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -35,6 +35,12 @@ #ifdef USE_AESNI +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + typedef struct u128_s { u32 a, b, c, d; } u128_t; diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c index d72ec31..3f1b352 100644 --- a/cipher/rijndael-ssse3-amd64.c +++ b/cipher/rijndael-ssse3-amd64.c @@ -50,6 +50,12 @@ #ifdef USE_SSSE3 +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + /* Two macros to be called prior and after the use of SSSE3 instructions. There should be no external function calls between the use of these macros. There purpose is to make sure that the commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac Author: Jussi Kivilinna Date: Sat Apr 18 17:41:34 2015 +0300 Add OCB bulk crypt/auth functions for AES/AES-NI * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt and bulk.ocb_auth. (_gcry_cipher_ocb_get_l): New prototype. * cipher/cipher-ocb.c (get_l): Rename to ... (_gcry_cipher_ocb_get_l): ... this. (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when available. * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk functions for AES. * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec) (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New. * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt) (_gcry_aes_aesni_ocb_auth): New prototypes. (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New. * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New prototypes. * tests/basic.c (check_ocb_cipher_largebuf): New. (check_ocb_cipher): Add large buffer encryption/decryption test. -- Patch adds bulk encryption/decryption/authentication code for AES-NI accelerated AES. Benchmark on Intel i5-4570 (3200 Mhz, turbo off): Before: AES | nanosecs/byte mebibytes/sec cycles/byte OCB enc | 2.12 ns/B 449.7 MiB/s 6.79 c/B OCB dec | 2.12 ns/B 449.6 MiB/s 6.79 c/B OCB auth | 2.07 ns/B 459.9 MiB/s 6.64 c/B After: AES | nanosecs/byte mebibytes/sec cycles/byte OCB enc | 0.292 ns/B 3262.5 MiB/s 0.935 c/B OCB dec | 0.297 ns/B 3212.2 MiB/s 0.950 c/B OCB auth | 0.260 ns/B 3666.1 MiB/s 0.832 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 50b0324..e20ea56 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -128,6 +128,9 @@ struct gcry_cipher_handle void (*ctr_enc)(void *context, unsigned char *iv, void *outbuf_arg, const void *inbuf_arg, size_t nblocks); + void (*ocb_crypt)(gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt); + void (*ocb_auth)(gcry_cipher_hd_t c, const void *abuf_arg, size_t nblocks); } bulk; @@ -440,6 +443,8 @@ gcry_err_code_t _gcry_cipher_ocb_get_tag gcry_err_code_t _gcry_cipher_ocb_check_tag /* */ (gcry_cipher_hd_t c, const unsigned char *intag, size_t taglen); +const unsigned char *_gcry_cipher_ocb_get_l +/* */ (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n); #endif /*G10_CIPHER_INTERNAL_H*/ diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c index 62e79bb..bc6fd87 100644 --- a/cipher/cipher-ocb.c +++ b/cipher/cipher-ocb.c @@ -115,8 +115,8 @@ bit_copy (unsigned char *d, const unsigned char *s, every 65536-th block. L_TMP is a helper buffer of size OCB_BLOCK_LEN which is used to hold the computation if not taken from the table. */ -static const unsigned char * -get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) +const unsigned char * +_gcry_cipher_ocb_get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) { int ntz = _gcry_ctz64 (n); @@ -257,6 +257,15 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, if (!abuflen) return 0; + /* Use a bulk method if available. */ + if (abuflen >= OCB_BLOCK_LEN && c->bulk.ocb_auth) + { + size_t nblks = abuflen / OCB_BLOCK_LEN; + c->bulk.ocb_auth (c, abuf, nblks); + abuf += nblks * OCB_BLOCK_LEN; + abuflen -= nblks * OCB_BLOCK_LEN; + } + /* Hash all full blocks. */ while (abuflen >= OCB_BLOCK_LEN) { @@ -264,7 +273,8 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ buf_xor_1 (c->u_mode.ocb.aad_offset, - get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), OCB_BLOCK_LEN); + _gcry_cipher_ocb_get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), + OCB_BLOCK_LEN); /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ buf_xor (l_tmp, c->u_mode.ocb.aad_offset, abuf, OCB_BLOCK_LEN); c->spec->encrypt (&c->context.c, l_tmp, l_tmp); @@ -341,40 +351,56 @@ ocb_crypt (gcry_cipher_hd_t c, int encrypt, else if ((inbuflen % OCB_BLOCK_LEN)) return GPG_ERR_INV_LENGTH; /* We support only full blocks for now. */ - if (encrypt) + /* Use a bulk method if available. */ + if (nblks && c->bulk.ocb_crypt) { - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + c->bulk.ocb_crypt (c, outbuf, inbuf, nblks, encrypt); + inbuf += nblks * OCB_BLOCK_LEN; + outbuf += nblks * OCB_BLOCK_LEN; + inbuflen -= nblks * OCB_BLOCK_LEN; + outbuflen -= nblks * OCB_BLOCK_LEN; + nblks = 0; } - /* Encrypt all full blocks. */ - while (inbuflen >= OCB_BLOCK_LEN) + if (nblks) { - c->u_mode.ocb.data_nblocks++; + gcry_cipher_encrypt_t crypt_fn = + encrypt ? c->spec->encrypt : c->spec->decrypt; - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - buf_xor_1 (c->u_iv.iv, - get_l (c, l_tmp, c->u_mode.ocb.data_nblocks), OCB_BLOCK_LEN); - /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); if (encrypt) - nburn = c->spec->encrypt (&c->context.c, outbuf, outbuf); - else - nburn = c->spec->decrypt (&c->context.c, outbuf, outbuf); - burn = nburn > burn ? nburn : burn; - buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + } - inbuf += OCB_BLOCK_LEN; - inbuflen -= OCB_BLOCK_LEN; - outbuf += OCB_BLOCK_LEN; - outbuflen =- OCB_BLOCK_LEN; - } + /* Encrypt all full blocks. */ + while (inbuflen >= OCB_BLOCK_LEN) + { + c->u_mode.ocb.data_nblocks++; + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, + _gcry_cipher_ocb_get_l (c, l_tmp, + c->u_mode.ocb.data_nblocks), + OCB_BLOCK_LEN); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); + nburn = crypt_fn (&c->context.c, outbuf, outbuf); + burn = nburn > burn ? nburn : burn; + buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + + inbuf += OCB_BLOCK_LEN; + inbuflen -= OCB_BLOCK_LEN; + outbuf += OCB_BLOCK_LEN; + outbuflen =- OCB_BLOCK_LEN; + } - if (!encrypt) - { - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); - } + if (!encrypt) + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); + } + } /* Encrypt final partial block. Note that we expect INBUFLEN to be shorter than OCB_BLOCK_LEN (see above). */ diff --git a/cipher/cipher.c b/cipher/cipher.c index 0a13fe6..6e1173f 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -510,6 +510,8 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, h->bulk.cbc_enc = _gcry_aes_cbc_enc; h->bulk.cbc_dec = _gcry_aes_cbc_dec; h->bulk.ctr_enc = _gcry_aes_ctr_enc; + h->bulk.ocb_crypt = _gcry_aes_ocb_crypt; + h->bulk.ocb_auth = _gcry_aes_ocb_auth; break; #endif /*USE_AES*/ #ifdef USE_BLOWFISH diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 3c367ce..9a81602 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -29,6 +29,7 @@ #include "bufhelp.h" #include "cipher-selftest.h" #include "rijndael-internal.h" +#include "./cipher-internal.h" #ifdef USE_AESNI @@ -1251,4 +1252,486 @@ _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, aesni_cleanup_2_6 (); } + +static inline const unsigned char * +get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 i, unsigned char *iv, + unsigned char *ctr) +{ + const unsigned char *l; + unsigned int ntz; + + if (i & 0xffffffffU) + { + asm ("rep;bsf %k[low], %k[ntz]\n\t" + : [ntz] "=r" (ntz) + : [low] "r" (i & 0xffffffffU) + : "cc"); + } + else + { + if (OCB_L_TABLE_SIZE < 32) + { + ntz = 32; + } + else if (i) + { + asm ("rep;bsf %k[high], %k[ntz]\n\t" + : [ntz] "=r" (ntz) + : [high] "r" (i >> 32) + : "cc"); + ntz += 32; + } + else + { + ntz = 64; + } + } + + if (ntz < OCB_L_TABLE_SIZE) + { + l = c->u_mode.ocb.L[ntz]; + } + else + { + /* Store Offset & Checksum before calling external function */ + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*iv), + [ctr] "=m" (*ctr) + : + : "memory" ); + + l = _gcry_cipher_ocb_get_l (c, l_tmp, i); + + /* Restore Offset & Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*iv), + [ctr] "m" (*ctr) + : "memory" ); + } + + return l; +} + + +static void +aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + u64 n = c->u_mode.ocb.data_nblocks; + + aesni_prepare (); + + /* Preload Offset and Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_iv.iv), + [ctr] "m" (*c->u_ctr.ctr) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*l[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*l[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*l[2]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + c->u_mode.ocb.data_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_iv.iv), + [ctr] "=m" (*c->u_ctr.ctr) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + +static void +aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + u64 n = c->u_mode.ocb.data_nblocks; + + aesni_prepare (); + + /* Preload Offset and Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_iv.iv), + [ctr] "m" (*c->u_ctr.ctr) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*l[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*l[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*l[2]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_dec_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_dec (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + c->u_mode.ocb.data_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_iv.iv), + [ctr] "=m" (*c->u_ctr.ctr) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + +void +_gcry_aes_aesni_ocb_crypt(gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt) +{ + if (encrypt) + aesni_ocb_enc(c, outbuf_arg, inbuf_arg, nblocks); + else + aesni_ocb_dec(c, outbuf_arg, inbuf_arg, nblocks); +} + + +void +_gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + const unsigned char *abuf = abuf_arg; + u64 n = c->u_mode.ocb.aad_nblocks; + + aesni_prepare (); + + /* Preload Offset and Sum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_mode.ocb.aad_offset), + [ctr] "m" (*c->u_mode.ocb.aad_sum) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[abuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + : + : [l0] "m" (*l[0]), + [abuf0] "m" (*(abuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[abuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + : + : [l1] "m" (*l[1]), + [abuf1] "m" (*(abuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[abuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + : + : [l2] "m" (*l[2]), + [abuf2] "m" (*(abuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[abuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [abuf3] "m" (*(abuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[abuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [abuf] "m" (*abuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm0, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += BLOCKSIZE; + } + + c->u_mode.ocb.aad_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_mode.ocb.aad_offset), + [ctr] "=m" (*c->u_mode.ocb.aad_sum) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + #endif /* USE_AESNI */ diff --git a/cipher/rijndael.c b/cipher/rijndael.c index a481e6f..ade41c9 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -48,6 +48,7 @@ #include "bufhelp.h" #include "cipher-selftest.h" #include "rijndael-internal.h" +#include "./cipher-internal.h" #ifdef USE_AMD64_ASM @@ -97,6 +98,11 @@ extern void _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, const unsigned char *inbuf, unsigned char *iv, size_t nblocks); +extern void _gcry_aes_aesni_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, + int encrypt); +extern void _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks); #endif #ifdef USE_SSSE3 @@ -1150,6 +1156,161 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, +/* Bulk encryption/decryption of complete blocks in OCB mode. */ +void +_gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt) +{ + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + unsigned int burn_depth = 0; + + if (encrypt) + { + if (ctx->prefetch_enc_fn) + ctx->prefetch_enc_fn(); + } + else + { + check_decryption_preparation (ctx); + + if (ctx->prefetch_dec_fn) + ctx->prefetch_dec_fn(); + } + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + _gcry_aes_aesni_ocb_crypt (c, outbuf, inbuf, nblocks, encrypt); + burn_depth = 0; + } +#endif /*USE_AESNI*/ + else if (encrypt) + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.data_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, l, BLOCKSIZE); + buf_cpy (l_tmp.x1, inbuf, BLOCKSIZE); + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, l_tmp.x1, BLOCKSIZE); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + burn_depth = encrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + buf_cpy (outbuf, l_tmp.x1, BLOCKSIZE); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + } + else + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t decrypt_fn = ctx->decrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.data_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, l, BLOCKSIZE); + buf_cpy (l_tmp.x1, inbuf, BLOCKSIZE); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + burn_depth = decrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, l_tmp.x1, BLOCKSIZE); + buf_cpy (outbuf, l_tmp.x1, BLOCKSIZE); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + } + + if (burn_depth) + _gcry_burn_stack (burn_depth + 4 * sizeof(void *)); +} + + +/* Bulk authentication of complete blocks in OCB mode. */ +void +_gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, size_t nblocks) +{ + RIJNDAEL_context *ctx = (void *)&c->context.c; + const unsigned char *abuf = abuf_arg; + unsigned int burn_depth = 0; + + if (ctx->prefetch_enc_fn) + ctx->prefetch_enc_fn(); + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + _gcry_aes_aesni_ocb_auth (c, abuf, nblocks); + burn_depth = 0; + } +#endif /*USE_AESNI*/ + else + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.aad_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_mode.ocb.aad_offset, l, BLOCKSIZE); + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + buf_xor (l_tmp.x1, c->u_mode.ocb.aad_offset, abuf, BLOCKSIZE); + burn_depth = encrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp.x1, BLOCKSIZE); + + abuf += BLOCKSIZE; + } + + wipememory(&l_tmp, sizeof(l_tmp)); + } + + if (burn_depth) + _gcry_burn_stack (burn_depth + 4 * sizeof(void *)); +} + + + /* Run the self-tests for AES 128. Returns NULL on success. */ static const char* selftest_basic_128 (void) diff --git a/src/cipher.h b/src/cipher.h index f4f6cc4..7ad0b2c 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -135,6 +135,10 @@ void _gcry_aes_cbc_dec (void *context, unsigned char *iv, void _gcry_aes_ctr_enc (void *context, unsigned char *ctr, void *outbuf_arg, const void *inbuf_arg, size_t nblocks); +void _gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt); +void _gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks); /*-- blowfish.c --*/ void _gcry_blowfish_cfb_dec (void *context, unsigned char *iv, diff --git a/tests/basic.c b/tests/basic.c index 6ebc056..1175b38 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -3153,6 +3153,172 @@ do_check_ocb_cipher (int inplace) static void +check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) +{ + static const unsigned char key[32] = + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"; + static const unsigned char nonce[12] = + "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x00\x01\x02\x03"; + const size_t buflen = 1024 * 1024 * 2 + 32; + unsigned char *inbuf; + unsigned char *outbuf; + gpg_error_t err = 0; + gcry_cipher_hd_t hde, hdd; + unsigned char tag[16]; + int i; + + inbuf = xmalloc(buflen); + if (!inbuf) + { + fail ("out-of-memory\n"); + return; + } + outbuf = xmalloc(buflen); + if (!outbuf) + { + fail ("out-of-memory\n"); + xfree(inbuf); + return; + } + + for (i = 0; i < buflen; i++) + inbuf[i] = 'a'; + + err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0); + if (!err) + err = gcry_cipher_open (&hdd, algo, GCRY_CIPHER_MODE_OCB, 0); + if (err) + { + fail ("cipher-ocb, gcry_cipher_open failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + goto out_free; + } + + err = gcry_cipher_setkey (hde, key, keylen); + if (!err) + err = gcry_cipher_setkey (hdd, key, keylen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setkey failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_setiv (hde, nonce, 12); + if (!err) + err = gcry_cipher_setiv (hdd, nonce, 12); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setiv failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_authenticate (hde, inbuf, buflen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_final (hde); + if (!err) + { + err = gcry_cipher_encrypt (hde, outbuf, buflen, inbuf, buflen); + } + if (err) + { + fail ("cipher-ocb, gcry_cipher_encrypt failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* Check that the tag matches. */ + err = gcry_cipher_gettag (hde, tag, 16); + if (err) + { + fail ("cipher_ocb, gcry_cipher_gettag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + if (memcmp (tagexpect, tag, 16)) + { + mismatch (tagexpect, 16, tag, 16); + fail ("cipher-ocb, encrypt tag mismatch (large, algo %d)\n", algo); + } + + err = gcry_cipher_authenticate (hdd, inbuf, buflen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* Now for the decryption. */ + err = gcry_cipher_final (hdd); + if (!err) + { + err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); + } + if (err) + { + fail ("cipher-ocb, gcry_cipher_decrypt (large, algo %d) failed: %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* We still have TAG from the encryption. */ + err = gcry_cipher_checktag (hdd, tag, 16); + if (err) + { + fail ("cipher-ocb, gcry_cipher_checktag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + + /* Check that the decrypt output matches the original plaintext. */ + if (memcmp (inbuf, outbuf, buflen)) + { + /*mismatch (inbuf, buflen, outbuf, buflen);*/ + fail ("cipher-ocb, decrypt data mismatch (large, algo %d)\n", algo); + } + + /* Check that gettag also works for decryption. */ + err = gcry_cipher_gettag (hdd, tag, 16); + if (err) + { + fail ("cipher_ocb, decrypt gettag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + if (memcmp (tagexpect, tag, 16)) + { + mismatch (tagexpect, 16, tag, 16); + fail ("cipher-ocb, decrypt tag mismatch (large, algo %d)\n", algo); + } + + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + +out_free: + xfree(outbuf); + xfree(inbuf); +} + + +static void check_ocb_cipher (void) { /* Check OCB cipher with separate destination and source buffers for @@ -3161,6 +3327,14 @@ check_ocb_cipher (void) /* Check OCB cipher with inplace encrypt/decrypt. */ do_check_ocb_cipher(1); + + /* Check large buffer encryption/decryption. */ + check_ocb_cipher_largebuf(GCRY_CIPHER_AES, 16, + "\xf5\xf3\x12\x7d\x58\x2d\x96\xe8" + "\x33\xfd\x7a\x4f\x42\x60\x5d\x20"); + check_ocb_cipher_largebuf(GCRY_CIPHER_AES256, 32, + "\xfa\x26\xa5\xbf\xf6\x7d\x3a\x8d" + "\xfe\x96\x67\xc9\xc8\x41\x03\x51"); } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm-intel-pclmul.c | 7 + cipher/cipher-internal.h | 5 + cipher/cipher-ocb.c | 84 ++++--- cipher/cipher.c | 2 + cipher/rijndael-aesni.c | 489 +++++++++++++++++++++++++++++++++++++++ cipher/rijndael-ssse3-amd64.c | 6 + cipher/rijndael.c | 161 +++++++++++++ src/cipher.h | 4 + tests/basic.c | 174 ++++++++++++++ 9 files changed, 903 insertions(+), 29 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From jussi.kivilinna at iki.fi Thu Apr 30 16:04:05 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 30 Apr 2015 17:04:05 +0300 Subject: [PATCH] Fix buggy RC4 AMD64 assembly and add test to notice similar issues Message-ID: <20150430140405.24395.92542.stgit@localhost6.localdomain6> * cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of 'x' and 'y'. * tests/basic.c (get_algo_mode_blklen): New. (check_one_cipher_core): Add new tests for split buffer input on encryption and decryption. -- Reported-by: Dima Kukulniak Signed-off-by: Jussi Kivilinna --- cipher/arcfour-amd64.S | 4 + tests/basic.c | 153 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 154 insertions(+), 3 deletions(-) diff --git a/cipher/arcfour-amd64.S b/cipher/arcfour-amd64.S index c32cd6f..8b8031a 100644 --- a/cipher/arcfour-amd64.S +++ b/cipher/arcfour-amd64.S @@ -85,8 +85,8 @@ _gcry_arcfour_amd64: .Lfinished: dec %rcx # x-- - movb %dl, (4*256)(%rbp) # key->y = y - movb %cl, (4*256+4)(%rbp) # key->x = x + movb %cl, (4*256)(%rbp) # key->y = y + movb %dl, (4*256+4)(%rbp) # key->x = x pop %rbx pop %rbp ret diff --git a/tests/basic.c b/tests/basic.c index 1175b38..3d370d1 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -4676,6 +4676,26 @@ check_bulk_cipher_modes (void) } +static unsigned int get_algo_mode_blklen(int algo, int mode) +{ + unsigned int blklen = gcry_cipher_get_algo_blklen(algo); + + /* Some modes override blklen. */ + switch (mode) + { + case GCRY_CIPHER_MODE_STREAM: + case GCRY_CIPHER_MODE_OFB: + case GCRY_CIPHER_MODE_CTR: + case GCRY_CIPHER_MODE_CCM: + case GCRY_CIPHER_MODE_GCM: + case GCRY_CIPHER_MODE_POLY1305: + return 1; + } + + return blklen; +} + + /* The core of the cipher check. In addition to the parameters passed to check_one_cipher it also receives the KEY and the plain data. PASS is printed with error messages. The function returns 0 on @@ -4688,14 +4708,27 @@ check_one_cipher_core (int algo, int mode, int flags, { gcry_cipher_hd_t hd; unsigned char in_buffer[1040+1], out_buffer[1040+1]; + unsigned char enc_result[1040]; unsigned char *in, *out; int keylen; gcry_error_t err = 0; + unsigned int blklen; + unsigned int piecelen; + unsigned int pos; + + blklen = get_algo_mode_blklen(algo, mode); assert (nkey == 32); assert (nplain == 1040); assert (sizeof(in_buffer) == nplain + 1); assert (sizeof(out_buffer) == sizeof(in_buffer)); + assert (blklen > 0); + + if (mode == GCRY_CIPHER_MODE_CBC && (flags & GCRY_CIPHER_CBC_CTS)) + { + /* TODO: examine why CBC with CTS fails. */ + blklen = nplain; + } if (!bufshift) { @@ -4758,6 +4791,8 @@ check_one_cipher_core (int algo, int mode, int flags, return -1; } + memcpy (enc_result, out, nplain); + gcry_cipher_reset (hd); err = gcry_cipher_decrypt (hd, in, nplain, out, nplain); @@ -4787,6 +4822,10 @@ check_one_cipher_core (int algo, int mode, int flags, return -1; } + if (memcmp (enc_result, out, nplain)) + fail ("pass %d, algo %d, mode %d, in-place, encrypt mismatch\n", + pass, algo, mode); + gcry_cipher_reset (hd); err = gcry_cipher_decrypt (hd, out, nplain, NULL, 0); @@ -4803,6 +4842,119 @@ check_one_cipher_core (int algo, int mode, int flags, fail ("pass %d, algo %d, mode %d, in-place, encrypt-decrypt mismatch\n", pass, algo, mode); + /* Again, splitting encryption in multiple operations. */ + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + err = gcry_cipher_encrypt (hd, out + pos, piecelen, plain + pos, + piecelen); + if (err) + { + fail ("pass %d, algo %d, mode %d, split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_encrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (enc_result, out, nplain)) + fail ("pass %d, algo %d, mode %d, split-buffer, encrypt mismatch\n", + pass, algo, mode); + + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + err = gcry_cipher_decrypt (hd, in + pos, piecelen, out + pos, piecelen); + if (err) + { + fail ("pass %d, algo %d, mode %d, split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_decrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (plain, in, nplain)) + fail ("pass %d, algo %d, mode %d, split-buffer, encrypt-decrypt mismatch\n", + pass, algo, mode); + + /* Again, using in-place encryption and splitting encryption in multiple + * operations. */ + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + memcpy (out + pos, plain + pos, piecelen); + err = gcry_cipher_encrypt (hd, out + pos, piecelen, NULL, 0); + if (err) + { + fail ("pass %d, algo %d, mode %d, in-place split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_encrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (enc_result, out, nplain)) + fail ("pass %d, algo %d, mode %d, in-place split-buffer, encrypt mismatch\n", + pass, algo, mode); + + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + err = gcry_cipher_decrypt (hd, out + pos, piecelen, NULL, 0); + if (err) + { + fail ("pass %d, algo %d, mode %d, in-place split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_decrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (plain, out, nplain)) + fail ("pass %d, algo %d, mode %d, in-place split-buffer, encrypt-decrypt" + " mismatch\n", pass, algo, mode); + gcry_cipher_close (hd); @@ -4810,7 +4962,6 @@ check_one_cipher_core (int algo, int mode, int flags, } - static void check_one_cipher (int algo, int mode, int flags) {