From jan.friedel at oracle.com Wed Jun 1 22:28:05 2016 From: jan.friedel at oracle.com (Jan Friedel) Date: Wed, 1 Jun 2016 22:28:05 +0200 Subject: libgcrypt-1.7.0/1.6.5/1.6.4 vs. differences in longlong.h Message-ID: <574F4555.8080002@oracle.com> Hi, looking at libgcrypt-1.6.5 and libgcrypt-1.7.0, there are significant changes in the mpi/longlong.h which are (?) tough to map to the respective changesets in the libgcrypt git repo. In particular: --- 8< --- % diff -u ./libgcrypt-1.6.5/mpi/longlong.h ./libgcrypt-1.7.0/mpi/longlong.h | ggrep -n -B3 -A3 sparcv8 1115- "rJ" ((USItype)(al)), \ 1116- "rI" ((USItype)(bl)) \ 1117- __CLOBBER_CC) 1118:-#if defined (__sparc_v8__) || defined(__sparcv8) 1119-+# if defined (__sparc_v8__) 1120- /* Don't match immediate range because, 1) it is not often useful, 1121- 2) the 'I' flag thinks of the range as a 13 bit signed interval, % --- 8< --- Compiling version 1.7.0 on a SPARC finishes with a missing/unresolved symbol __udiv_qrnnd during linking. Wouldn't you have any idea why there is the difference in the git repo content vs. longlong.h in the earlier and current versions of libgcrypt (1.6.4, 1.6.5)? Thank you, Jan Friedel From jussi.kivilinna at iki.fi Thu Jun 2 09:35:45 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 2 Jun 2016 10:35:45 +0300 Subject: libgcrypt-1.7.0/1.6.5/1.6.4 vs. differences in longlong.h In-Reply-To: <574F4555.8080002@oracle.com> References: <574F4555.8080002@oracle.com> Message-ID: <574FE1D1.8020900@iki.fi> Hello, On 2016-06-01 23:28, Jan Friedel wrote: > > Hi, > > looking at libgcrypt-1.6.5 and libgcrypt-1.7.0, there are > significant changes in the mpi/longlong.h which are (?) tough to > map to the respective changesets in the libgcrypt git repo. > > In particular: > > --- 8< --- > % diff -u ./libgcrypt-1.6.5/mpi/longlong.h > ./libgcrypt-1.7.0/mpi/longlong.h | ggrep -n -B3 -A3 sparcv8 > 1115- "rJ" ((USItype)(al)), \ > 1116- "rI" ((USItype)(bl)) \ > 1117- __CLOBBER_CC) > 1118:-#if defined (__sparc_v8__) || defined(__sparcv8) > 1119-+# if defined (__sparc_v8__) > 1120- /* Don't match immediate range because, 1) it is not often useful, > 1121- 2) the 'I' flag thinks of the range as a 13 bit signed interval, > % > --- 8< --- > > Compiling version 1.7.0 on a SPARC finishes with a > missing/unresolved symbol __udiv_qrnnd during linking. > > Wouldn't you have any idea why there is the difference in the > git repo content vs. longlong.h in the earlier and current > versions of libgcrypt (1.6.4, 1.6.5)? Libgcrypt 1.6.5 has commit "Fix gcc portability on Solaris 9 SPARC boxes." (d2816248461c24a7ea81a1de2f562f481ccc9edd), which is missing in 1.7.0. http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d2816248461c24a7ea81a1de2f562f481ccc9edd Werner, should this be cherry-picked to 1.7.0 branch? -Jussi From wk at gnupg.org Thu Jun 2 22:08:14 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Jun 2016 22:08:14 +0200 Subject: libgcrypt-1.7.0/1.6.5/1.6.4 vs. differences in longlong.h In-Reply-To: <574FE1D1.8020900@iki.fi> (Jussi Kivilinna's message of "Thu, 2 Jun 2016 10:35:45 +0300") References: <574F4555.8080002@oracle.com> <574FE1D1.8020900@iki.fi> Message-ID: <874m9bqrpt.fsf@wheatstone.g10code.de> On Thu, 2 Jun 2016 09:35, jussi.kivilinna at iki.fi said: > http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d2816248461c24a7ea81a1de2f562f481ccc9edd > > Werner, should this be cherry-picked to 1.7.0 branch? Yeah, this should be cherry-picked. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. /* EFH in Erkrath: https://alt-hochdahl.de/haus */ From cvs at cvs.gnupg.org Thu Jun 2 22:53:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Jun 2016 22:53:08 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-7-g4121f15 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4121f15122501d8946f1589b303d1f7949c15e30 (commit) from 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4121f15122501d8946f1589b303d1f7949c15e30 Author: Werner Koch Date: Mon Sep 7 15:38:04 2015 +0200 Fix gcc portability on Solaris 9 SPARC boxes. * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. -- This patch has been in use by pkgsrc for SunOS mentok 5.9 Generic_117171-02 sun4u sparc SUNW,Sun-Fire-V240 since 2004. GnuPG-bug-id: 1703 Signed-off-by: Werner Koch [cherry-pick of commit d281624] Signed-off-by: Jussi Kivilinna diff --git a/mpi/longlong.h b/mpi/longlong.h index db98e47..0a5acb6 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute__ ((mode (TI))); "rJ" ((USItype)(al)), \ "rI" ((USItype)(bl)) \ __CLOBBER_CC) -# if defined (__sparc_v8__) +# if defined (__sparc_v8__) || defined(__sparcv8) /* Don't match immediate range because, 1) it is not often useful, 2) the 'I' flag thinks of the range as a 13 bit signed interval, while we want to match a 13 bit interval, sign extended to 32 bits, ----------------------------------------------------------------------- Summary of changes: mpi/longlong.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From jussi.kivilinna at iki.fi Thu Jun 2 22:54:59 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 2 Jun 2016 23:54:59 +0300 Subject: libgcrypt-1.7.0/1.6.5/1.6.4 vs. differences in longlong.h In-Reply-To: <874m9bqrpt.fsf@wheatstone.g10code.de> References: <574F4555.8080002@oracle.com> <574FE1D1.8020900@iki.fi> <874m9bqrpt.fsf@wheatstone.g10code.de> Message-ID: <57509D23.3090303@iki.fi> On 02.06.2016 23:08, Werner Koch wrote: > On Thu, 2 Jun 2016 09:35, jussi.kivilinna at iki.fi said: > >> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d2816248461c24a7ea81a1de2f562f481ccc9edd >> >> Werner, should this be cherry-picked to 1.7.0 branch? > > Yeah, this should be cherry-picked. > I cherry-picked and pushed this to master. -Jussi > > Salam-Shalom, > > Werner > From cvs at cvs.gnupg.org Fri Jun 3 15:45:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Jun 2016 15:45:36 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-9-gef6e4d0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 (commit) via 82df6c63a72fdd969c3923523f10d0cef5713ac7 (commit) from 4121f15122501d8946f1589b303d1f7949c15e30 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 Author: Werner Koch Date: Fri Jun 3 15:42:53 2016 +0200 rsa: Implement blinding also for signing. * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... (secret_blinded): new. (rsa_sign): Use blinding by default. -- Although blinding of the RSA sign operation has a noticable speed loss, we better be on the safe site by using it by default. Signed-off-by: Werner Koch diff --git a/cipher/rsa.c b/cipher/rsa.c index cb3c464..ce8e215 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1045,7 +1045,48 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) } } +static void +secret_blinded (gcry_mpi_t output, gcry_mpi_t input, + RSA_secret_key *sk, unsigned int nbits) +{ + gcry_mpi_t r; /* Random number needed for blinding. */ + gcry_mpi_t ri; /* Modular multiplicative inverse of r. */ + gcry_mpi_t bldata; /* Blinded data to decrypt. */ + + /* First, we need a random number r between 0 and n - 1, which is + * relatively prime to n (i.e. it is neither p nor q). The random + * number needs to be only unpredictable, thus we employ the + * gcry_create_nonce function by using GCRY_WEAK_RANDOM with + * gcry_mpi_randomize. */ + r = mpi_snew (nbits); + ri = mpi_snew (nbits); + bldata = mpi_snew (nbits); + + do + { + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + mpi_mod (r, r, sk->n); + } + while (!mpi_invm (ri, r, sk->n)); + + /* Do blinding. We calculate: y = (x * r^e) mod n, where r is the + * random number, e is the public exponent, x is the non-blinded + * input data and n is the RSA modulus. */ + mpi_powm (bldata, r, sk->e, sk->n); + mpi_mulm (bldata, bldata, input, sk->n); + /* Perform decryption. */ + secret (output, bldata, sk); + _gcry_mpi_release (bldata); + + /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x + * is the blinded decrypted data, ri is the modular multiplicative + * inverse of r and n is the RSA modulus. */ + mpi_mulm (output, output, ri, sk->n); + + _gcry_mpi_release (r); + _gcry_mpi_release (ri); +} /********************************************* ************** interface ****************** @@ -1266,9 +1307,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) gcry_mpi_t data = NULL; RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL}; gcry_mpi_t plain = NULL; - gcry_mpi_t r = NULL; /* Random number needed for blinding. */ - gcry_mpi_t ri = NULL; /* Modular multiplicative inverse of r. */ - gcry_mpi_t bldata = NULL;/* Blinded data to decrypt. */ unsigned char *unpad = NULL; size_t unpadlen = 0; @@ -1321,44 +1359,10 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* We use blinding by default to mitigate timing attacks which can be practically mounted over the network as shown by Brumley and Boney in 2003. */ - if (!(ctx.flags & PUBKEY_FLAG_NO_BLINDING)) - { - /* First, we need a random number r between 0 and n - 1, which - is relatively prime to n (i.e. it is neither p nor q). The - random number needs to be only unpredictable, thus we employ - the gcry_create_nonce function by using GCRY_WEAK_RANDOM with - gcry_mpi_randomize. */ - r = mpi_snew (ctx.nbits); - ri = mpi_snew (ctx.nbits); - bldata = mpi_snew (ctx.nbits); - - do - { - _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); - mpi_mod (r, r, sk.n); - } - while (!mpi_invm (ri, r, sk.n)); - - /* Do blinding. We calculate: y = (x * r^e) mod n, where r is - the random number, e is the public exponent, x is the - non-blinded data and n is the RSA modulus. */ - mpi_powm (bldata, r, sk.e, sk.n); - mpi_mulm (bldata, bldata, data, sk.n); - - /* Perform decryption. */ - secret (plain, bldata, &sk); - _gcry_mpi_release (bldata); bldata = NULL; - - /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, - where x is the blinded decrypted data, ri is the modular - multiplicative inverse of r and n is the RSA modulus. */ - mpi_mulm (plain, plain, ri, sk.n); - - _gcry_mpi_release (r); r = NULL; - _gcry_mpi_release (ri); ri = NULL; - } - else + if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) secret (plain, data, &sk); + else + secret_blinded (plain, data, &sk, ctx.nbits); if (DBG_CIPHER) log_printmpi ("rsa_decrypt res", plain); @@ -1403,9 +1407,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_mpi_release (sk.q); _gcry_mpi_release (sk.u); _gcry_mpi_release (data); - _gcry_mpi_release (r); - _gcry_mpi_release (ri); - _gcry_mpi_release (bldata); sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) @@ -1461,7 +1462,10 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* Do RSA computation. */ sig = mpi_new (0); - secret (sig, data, &sk); + if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) + secret (sig, data, &sk); + else + secret_blinded (sig, data, &sk, ctx.nbits); if (DBG_CIPHER) log_printmpi ("rsa_sign res", sig); commit 82df6c63a72fdd969c3923523f10d0cef5713ac7 Author: Werner Koch Date: Fri Jun 3 15:15:36 2016 +0200 random: Remove debug output for getrandom(2) output. * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug output. -- Fixes-commit: ee5a32226a7ca4ab067864e06623fc11a1768900 Signed-off-by: Werner Koch diff --git a/random/rndlinux.c b/random/rndlinux.c index 592b9ac..f08c9f9 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -271,7 +271,6 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, log_fatal ("getrandom returned only" " %ld of %zu requested bytes\n", ret, nbytes); - log_debug ("getrandom returned %zu requested bytes\n", nbytes); (*add)(buffer, nbytes, origin); length -= nbytes; continue; /* until LENGTH is zero. */ ----------------------------------------------------------------------- Summary of changes: cipher/rsa.c | 92 +++++++++++++++++++++++++++++-------------------------- random/rndlinux.c | 1 - 2 files changed, 48 insertions(+), 45 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From alexandre at pujol.io Fri Jun 10 20:48:01 2016 From: alexandre at pujol.io (Alexandre Pujol) Date: Fri, 10 Jun 2016 19:48:01 +0100 Subject: Deterministic key generation from Deterministic Random Bit Generator Message-ID: <8e4af1a5-5b60-9cfd-baa1-5ac8d7e6e9ea@pujol.io> Hi all, For a research project (and therefore for research purpose only), I need to generate an ECC key pair in a deterministic way. I don?t plan to change the key generation algorithm, I just want to force the use of an deterministic random bit generator in order to always get the same DRBG output for a given seed. I have some problems in the implementation using libgrypt. The source code in libgrypt (random/random-drbg.c, tests/random.c) explain how to use DRBG with a personalization string. However according to the NIST ([1] p18) I also need to personalize the nonce and the entropy input to generate a seed. But in libgrypt, it seems there is no way to set them. Does libgrcypt is able to do that? If not what would be the amount of changes to make in libgrypt to achieve this goal. Thanks in advance, Alex [1] http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf From cvs at cvs.gnupg.org Tue Jun 14 15:55:57 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 15:55:57 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-10-ge13a6a1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit) from ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e Author: Werner Koch Date: Tue Jun 14 15:53:10 2016 +0200 cipher: Assign OIDs to the Serpent cipher. * cipher/serpent.c (serpent128_oids, serpent192_oids) (serpent256_oids): New. Add them to the specs blow. (serpent128_aliases): Add "SERPENT-128". (serpent256_aliases, serpent192_aliases): New. Signed-off-by: Werner Koch diff --git a/cipher/serpent.c b/cipher/serpent.c index 4ef7f52..ef19d3b 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -1734,18 +1734,54 @@ serpent_test (void) } +static gcry_cipher_oid_spec_t serpent128_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.1", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.2", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.3", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.4", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + +static gcry_cipher_oid_spec_t serpent192_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.21", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.22", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.23", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.24", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + +static gcry_cipher_oid_spec_t serpent256_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.41", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.42", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.43", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.44", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; -/* "SERPENT" is an alias for "SERPENT128". */ -static const char *cipher_spec_serpent128_aliases[] = +static const char *serpent128_aliases[] = { "SERPENT", + "SERPENT-128", + NULL + }; +static const char *serpent192_aliases[] = + { + "SERPENT-192", + NULL + }; +static const char *serpent256_aliases[] = + { + "SERPENT-256", NULL }; gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = { GCRY_CIPHER_SERPENT128, {0, 0}, - "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128, + "SERPENT128", serpent128_aliases, serpent128_oids, 16, 128, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; @@ -1753,7 +1789,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = { GCRY_CIPHER_SERPENT192, {0, 0}, - "SERPENT192", NULL, NULL, 16, 192, + "SERPENT192", serpent192_aliases, serpent192_oids, 16, 192, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; @@ -1761,7 +1797,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = gcry_cipher_spec_t _gcry_cipher_spec_serpent256 = { GCRY_CIPHER_SERPENT256, {0, 0}, - "SERPENT256", NULL, NULL, 16, 256, + "SERPENT256", serpent256_aliases, serpent256_oids, 16, 256, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; ----------------------------------------------------------------------- Summary of changes: cipher/serpent.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Wed Jun 15 09:20:22 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 09:20:22 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-12-gc3173bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit) via 131b4f0634cee0e5c47d2250c59f51127b10f7b3 (commit) from e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc Author: Werner Koch Date: Wed Jun 15 09:18:31 2016 +0200 doc: Describe envvars. * doc/gcrypt.texi: Add chapter Configuration. Signed-off-by: Werner Koch diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 0171cd6..c2c39ad 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -14,7 +14,7 @@ which is GNU's library of cryptographic building blocks. @noindent Copyright @copyright{} 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 Free Software Foundation, Inc. @* -Copyright @copyright{} 2012, 2013 g10 Code GmbH +Copyright @copyright{} 2012, 2013, 2016 g10 Code GmbH @quotation Permission is granted to copy, distribute and/or modify this document @@ -94,7 +94,8 @@ section entitled ``GNU General Public License''. * MPI library:: How to work with multi-precision-integers. * Prime numbers:: How to use the Prime number related functions. * Utilities:: Utility functions. -* Tools:: Utility tools +* Tools:: Utility tools. +* Configuration:: Configuration files and evironment variables. * Architecture:: How Libgcrypt works internally. Appendices @@ -497,6 +498,7 @@ Just like the function @code{gpg_strerror}, the function @cindex FIPS mode @cindex FIPS 140 + at anchor{enabling fips mode} Libgcrypt may be used in a FIPS 140-2 mode. Note, that this does not necessary mean that Libcgrypt is an appoved FIPS 140-2 module. Check the NIST database at @url{http://csrc.nist.gov/groups/STM/cmvp/} to see what @@ -545,6 +547,7 @@ If the logging verbosity level of Libgcrypt has been set to at least @section How to disable hardware features @cindex hardware features + at anchor{hardware features} Libgcrypt makes use of certain hardware features. If the use of a feature is not desired it may be either be disabled by a program or globally using a configuration file. The currently supported features @@ -5306,6 +5309,82 @@ Print version of the program and exit. @manpause @c ********************************************************** + at c **************** Environment Variables ***************** + at c ********************************************************** + at node Configuration + at chapter Configuration files and evironment variables + +This chapter describes which files and environment variables can be +used to change the behaviour of Libgcrypt. + + at noindent +The environment variables considered by Libgcrypt are: + + at table @code + + at item GCRYPT_BARRETT + at cindex GCRYPT_BARRETT +By setting this variable to any value a different algorithm for +modular reduction is used for ECC. + + at item GCRYPT_RNDUNIX_DBG + at item GCRYPT_RNDUNIX_DBGALL + at cindex GCRYPT_RNDUNIX_DBG + at cindex GCRYPT_RNDUNIX_DBGALL +These two environment variables are used to enable debug output for +the rndunix entropy gatherer, which is used on systems lacking a +/dev/random device. The value of @code{GCRYPT_RNDUNIX_DBG} is a file +name or @code{-} for stdout. Debug output is the written to this +file. By setting @code{GCRYPT_RNDUNIX_DBGALL} to any value the debug +output will be more verbose. + + at item GCRYPT_RNDW32_NOPERF + at cindex GCRYPT_RNDW32_NOPERF +Setting this environment variable on Windows to any value disables +the use of performance data (@code{HKEY_PERFORMANCE_DATA}) as source +for entropy. On some older Windows systems this could help to speed +up the creation of random numbers but also decreases the amount of +data used to init the random number generator. + + at item HOME + at cindex HOME +This is used to locate the socket to connect to the EGD random +daemon. The EGD can be used on system without a /dev/random to speed +up the random number generator. It is not needed on the majority of +today's operating systems and support for EGD requires the use of a +configure option at build time. + + at end table + + at noindent +The files which Libgcrypt uses to retrieve system information and the +files which can be created by the user to modify Libgcrypt's behavior +are: + + at table @file + + at item /etc/gcrypt/hwf.deny + at cindex /etc/gcrypt/hwf.deny +This file can be used to disable the use of hardware based +optimizations, @pxref{hardware features}. + + at item /etc/gcrypt/fips_enabled + at itemx /proc/sys/crypto/fips_enabled + at cindex /etc/gcrypt/fips_enabled + at cindex fips_enabled +On Linux these files are used to enable FIPS mode, @pxref{enabling fips mode}. + + at item /proc/cpuinfo + at itemx /proc/self/auxv + at cindex /proc/cpuinfo + at cindex /proc/self/auxv +On Linux running on the ARM architecture, these files are used to read +hardware capabilities of the CPU. + + at end table + + + at c ********************************************************** @c ***************** Architecure Overview ***************** @c ********************************************************** @node Architecture commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3 Author: Werner Koch Date: Wed Jun 15 09:17:44 2016 +0200 random: Change names of debug envvars. * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG. * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to GCRYPT_RNDW32_NOPERF. Signed-off-by: Werner Koch diff --git a/random/rndunix.c b/random/rndunix.c index 2e13298..e7238f4 100644 --- a/random/rndunix.c +++ b/random/rndunix.c @@ -714,7 +714,7 @@ start_gatherer( int pipefd ) int dbgall; { - const char *s = getenv("GNUPG_RNDUNIX_DBG"); + const char *s = getenv("GCRYPT_RNDUNIX_DBG"); if( s ) { dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a"); if( !dbgfp ) @@ -723,7 +723,7 @@ start_gatherer( int pipefd ) else fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid()); } - dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL"); + dbgall = !!getenv("GCRYPT_RNDUNIX_DBGALL"); } /* close all files but the ones we need */ { int nmax, n1, n2, i; diff --git a/random/rndw32.c b/random/rndw32.c index 1c0fc3d..de6e783 100644 --- a/random/rndw32.c +++ b/random/rndw32.c @@ -419,7 +419,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), this can consume tens of MB of memory and huge amounts of CPU time while it gathers its data, and even running once can still consume about 1/2MB of memory */ - if (getenv ("GNUPG_RNDW32_NOPERF")) + if (getenv ("GCRYPT_RNDW32_NOPERF")) { static int shown; ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- random/rndunix.c | 4 +-- random/rndw32.c | 2 +- 3 files changed, 84 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Wed Jun 15 09:56:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 09:56:23 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-23-gfa917d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fa917d2e24b0c98143a079ab4889ad8f69bee446 (commit) via 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223 (commit) via 33b6637a56231f66792fb66ff30a0c4145bfac68 (commit) via 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 (commit) via 1f769e3e8442bae2f1f73c656920bb2df70153c0 (commit) via 52cdfb1960808aaad48b5a501bbce0e3141c3961 (commit) via b766ea14ad1c27d6160531b200cc70aaa479c6dc (commit) via dc76313308c184c92eb78452b503405b90fc7ebd (commit) via bd39eb9fba47dc8500c83769a679cc8b683d6c6e (commit) via c05837211e5221d3f56146865e823bc20b4ff1ab (commit) via caa9d14c914bf6116ec3f773a322a94e2be0c0fb (commit) from c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: NEWS | 24 +++++++++++++++++++++++- README | 4 ++++ configure.ac | 4 ++-- 3 files changed, 29 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Thu Jun 16 04:02:33 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Thu, 16 Jun 2016 04:02:33 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-2-g0f3a069 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 (commit) from fa917d2e24b0c98143a079ab4889ad8f69bee446 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 Author: Niibe Yutaka Date: Thu Jun 16 10:56:28 2016 +0900 ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default cofactor as 1, when not specified. -- GnuPG-bug-id: 2347 Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc.c b/cipher/ecc.c index b09902e..8af0d14 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -806,6 +806,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms) sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -941,6 +943,8 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) sk.E.dialect = ((ctx.flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -1107,6 +1111,8 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) pk.E.dialect = ((sigflags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!pk.E.h) + pk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) @@ -1322,6 +1328,8 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) { pk.E.model = MPI_EC_WEIERSTRASS; pk.E.dialect = ECC_DIALECT_STANDARD; + if (!pk.E.h) + pk.E.h = mpi_const (MPI_C_ONE); } /* @@ -1577,6 +1585,8 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) { sk.E.model = MPI_EC_WEIERSTRASS; sk.E.dialect = ECC_DIALECT_STANDARD; + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -1859,6 +1869,8 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) dialect = ((flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!values[5]) + values[5] = mpi_const (MPI_C_ONE); } /* Check that all parameters are known and normalize all MPIs (that ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From teichm at in.tum.de Mon Jun 20 01:02:19 2016 From: teichm at in.tum.de (Markus Teich) Date: Mon, 20 Jun 2016 01:02:19 +0200 Subject: best way to copy a gcry_mpi_point_t? Message-ID: <20160619230219.GF3509@trolle> Heyho, since I only see gcry_mpi_copy, but no gcry_mpi_point_copy, what would be the most efficient way to copy a point? Using something like the following seems confusing: gcry_mpi_ec_mul(new, GCRYMPI_CONST_ONE, old, ctx); --Markus From stefbon at gmail.com Tue Jun 21 19:19:09 2016 From: stefbon at gmail.com (Stef Bon) Date: Tue, 21 Jun 2016 19:19:09 +0200 Subject: Use of chacha20 with poly135. Message-ID: Hi, I'm working on a fuse fs for sftp. It's not ready yet, and first I want it to make it work with "simple" ciphers as AES and 3DES. Does libgrypt support the combination of a cipher and mac like chacha20 and poly135? I see calls like gcry_cipher_gettag and gcry_cipher_authenticate. Stef From teichm at in.tum.de Wed Jun 22 23:01:30 2016 From: teichm at in.tum.de (Markus Teich) Date: Wed, 22 Jun 2016 23:01:30 +0200 Subject: aliasing problem in gcry_mpi_ec_mul() Message-ID: <20160622210130.GE5947@trolle> Heyho, I noticed an undocumented inconsistency with the low level ECC functions. This happens for Edwards Curve computations. When giving the mul function the same point twice, once as output and once as input, the computation fails, because the result-> coordinates are set to the zero point and therefore the input is lost in the beginning of _gcry_mpi_ec_mul_point(). The expected behavior for the following call would be to multiply P by s and update P to hold the result: gcry_mpi_ec_mul(P, s, P, ctx); At least for addition it works this way and I can happily add P to itself and store it within P again in the same call: gcry_mpi_ec_add(P, P, P, ctx); Christian mentioned this problem class is called "aliasing". I don't know if any other functions are affected by this problem and found no obvious fix for the mul function. If this discrepancy is intended it should be documented at least. Also the documentation on https://www.gnupg.org/documentation/manuals/gcrypt/ is out of date and should be updated. --Markus From cvs at cvs.gnupg.org Sat Jun 25 15:40:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 15:40:41 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-4-g5a5b055 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5a5b055b81ee60a22a846bdf2031516b1c24df98 (commit) via 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac (commit) from 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5a5b055b81ee60a22a846bdf2031516b1c24df98 Author: Werner Koch Date: Sat Jun 25 15:38:06 2016 +0200 Improve robustness and help lint. * cipher/rsa.c (rsa_encrypt): Check for !DATA. * cipher/md.c (search_oid): Check early for !OID. (md_copy): Use gpg_err_code_from_syserror. Replace chains of if(!err) tests. * cipher/cipher.c (search_oid): Check early for !OID. * src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0. * mpi/mpicoder.c (onecompl): Allow for A==NULL to help static analyzers. -- The change for md_copy is to help static analyzers which have no idea that gpg_err_code_from_syserror will never return 0. A gcc attribute returns_nonzero would be a nice to have. Some changes are due to the fact the macros like mpi_is_immutable gracefully handle a NULL arg but a static analyzer the considers that the function allows for a NULL arg. Signed-off-by: Werner Koch diff --git a/cipher/cipher.c b/cipher/cipher.c index bdcbfbd..2b7bf21 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -175,8 +175,10 @@ search_oid (const char *oid, gcry_cipher_oid_spec_t *oid_spec) gcry_cipher_spec_t *spec; int i; - if (oid && ((! strncmp (oid, "oid.", 4)) - || (! strncmp (oid, "OID.", 4)))) + if (!oid) + return NULL; + + if (!strncmp (oid, "oid.", 4) || !strncmp (oid, "OID.", 4)) oid += 4; spec = spec_from_oid (oid); diff --git a/cipher/md.c b/cipher/md.c index 344c1f2..a39e18a 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -198,8 +198,10 @@ search_oid (const char *oid, gcry_md_oid_spec_t *oid_spec) gcry_md_spec_t *spec; int i; - if (oid && ((! strncmp (oid, "oid.", 4)) - || (! strncmp (oid, "OID.", 4)))) + if (!oid) + return NULL; + + if (!strncmp (oid, "oid.", 4) || !strncmp (oid, "OID.", 4)) oid += 4; spec = spec_from_oid (oid); @@ -471,51 +473,48 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd) else bhd = xtrymalloc (n + sizeof (struct gcry_md_context)); - if (! bhd) - err = gpg_err_code_from_errno (errno); - - if (! err) + if (!bhd) { - bhd->ctx = b = (void *) ((char *) bhd + n); - /* No need to copy the buffer due to the write above. */ - gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1)); - bhd->bufsize = ahd->bufsize; - bhd->bufpos = 0; - gcry_assert (! ahd->bufpos); - memcpy (b, a, sizeof *a); - b->list = NULL; - b->debug = NULL; + err = gpg_err_code_from_syserror (); + goto leave; } + bhd->ctx = b = (void *) ((char *) bhd + n); + /* No need to copy the buffer due to the write above. */ + gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1)); + bhd->bufsize = ahd->bufsize; + bhd->bufpos = 0; + gcry_assert (! ahd->bufpos); + memcpy (b, a, sizeof *a); + b->list = NULL; + b->debug = NULL; + /* Copy the complete list of algorithms. The copied list is reversed, but that doesn't matter. */ - if (!err) + for (ar = a->list; ar; ar = ar->next) { - for (ar = a->list; ar; ar = ar->next) + if (a->flags.secure) + br = xtrymalloc_secure (ar->actual_struct_size); + else + br = xtrymalloc (ar->actual_struct_size); + if (!br) { - if (a->flags.secure) - br = xtrymalloc_secure (ar->actual_struct_size); - else - br = xtrymalloc (ar->actual_struct_size); - if (!br) - { - err = gpg_err_code_from_errno (errno); - md_close (bhd); - break; - } - - memcpy (br, ar, ar->actual_struct_size); - br->next = b->list; - b->list = br; + err = gpg_err_code_from_syserror (); + md_close (bhd); + goto leave; } + + memcpy (br, ar, ar->actual_struct_size); + br->next = b->list; + b->list = br; } - if (a->debug && !err) + if (a->debug) md_start_debug (bhd, "unknown"); - if (!err) - *b_hd = bhd; + *b_hd = bhd; + leave: return err; } diff --git a/cipher/rsa.c b/cipher/rsa.c index ce8e215..b6c7374 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1247,7 +1247,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; if (DBG_CIPHER) log_mpidump ("rsa_encrypt data", data); - if (mpi_is_opaque (data)) + if (!data || mpi_is_opaque (data)) { rc = GPG_ERR_INV_DATA; goto leave; diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index e315576..4c63a14 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -403,14 +403,16 @@ onecompl (gcry_mpi_t a) mpi_ptr_t ap; mpi_size_t n; unsigned int i; - unsigned int nbits = mpi_get_nbits (a); + unsigned int nbits; - if (mpi_is_immutable (a)) + if (!a || mpi_is_immutable (a)) { mpi_immutable_failed (); return; } + nbits = mpi_get_nbits (a); + mpi_normalize (a); ap = a->d; n = a->nlimbs; diff --git a/src/misc.c b/src/misc.c index ac64d70..413d7d8 100644 --- a/src/misc.c +++ b/src/misc.c @@ -291,7 +291,7 @@ do_printhex (const char *text, const char *text2, log_debug ("%*s ", (int)strlen(text), ""); } } - if (length) + if (length && buffer) { const unsigned char *p = buffer; for (; length--; p++) commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac Author: Werner Koch Date: Thu Jun 23 10:29:08 2016 +0200 cipher: Improve fatal error message for bad use of gcry_md_read. * cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG. -- Signed-off-by: Werner Koch diff --git a/cipher/md.c b/cipher/md.c index d0ef00f..344c1f2 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -847,7 +847,7 @@ md_read( gcry_md_hd_t a, int algo ) return r->spec->read (&r->context.c); } } - BUG(); + _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, "request algo not in md context"); return NULL; } ----------------------------------------------------------------------- Summary of changes: cipher/cipher.c | 6 +++-- cipher/md.c | 69 ++++++++++++++++++++++++++++----------------------------- cipher/rsa.c | 2 +- mpi/mpicoder.c | 6 +++-- src/misc.c | 2 +- 5 files changed, 44 insertions(+), 41 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Sat Jun 25 16:12:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 16:12:15 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-6-g1feb019 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1feb01940062a74c27230434fc3babdddca8caf4 (commit) via c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9 (commit) from 5a5b055b81ee60a22a846bdf2031516b1c24df98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1feb01940062a74c27230434fc3babdddca8caf4 Author: Werner Koch Date: Sat Jun 25 16:07:16 2016 +0200 doc: Update yat2m. * doc/yat2m.c: Update from Libgpg-error -- Taken from Libgpg-error commit 9b5e3d1608922f4aaf9958e022431849d5a58501 Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 86c3c70..7599081 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -13,7 +13,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, see . + * along with this program; if not, see . */ /* @@ -104,6 +104,29 @@ #include +#if __GNUC__ +# define MY_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +#else +# define MY_GCC_VERSION 0 +#endif + +#if MY_GCC_VERSION >= 20500 +# define ATTR_PRINTF(f, a) __attribute__ ((format(printf,f,a))) +# define ATTR_NR_PRINTF(f, a) __attribute__ ((noreturn, format(printf,f,a))) +#else +# define ATTR_PRINTF(f, a) +# define ATTR_NR_PRINTF(f, a) +#endif +#if MY_GCC_VERSION >= 30200 +# define ATTR_MALLOC __attribute__ ((__malloc__)) +#else +# define ATTR_MALLOC +#endif + + + #define PGM "yat2m" #define VERSION "1.0" @@ -120,6 +143,7 @@ static int quiet; static int debug; static const char *opt_source; static const char *opt_release; +static const char *opt_date; static const char *opt_select; static const char *opt_include; static int opt_store; @@ -213,8 +237,16 @@ static const char * const standard_sections[] = static void proc_texi_buffer (FILE *fp, const char *line, size_t len, int *table_level, int *eol_action); +static void die (const char *format, ...) ATTR_NR_PRINTF(1,2); +static void err (const char *format, ...) ATTR_PRINTF(1,2); +static void inf (const char *format, ...) ATTR_PRINTF(1,2); +static void *xmalloc (size_t n) ATTR_MALLOC; +static void *xcalloc (size_t n, size_t m) ATTR_MALLOC; + +/*-- Functions --*/ + /* Print diagnostic message and exit with failure. */ static void die (const char *format, ...) @@ -323,8 +355,12 @@ isodatestring (void) { static char buffer[11+5]; struct tm *tp; - time_t atime = time (NULL); + time_t atime; + if (opt_date && *opt_date) + atime = strtoul (opt_date, NULL, 10); + else + atime = time (NULL); if (atime < 0) strcpy (buffer, "????" "-??" "-??"); else @@ -553,7 +589,7 @@ get_section_buffer (const char *name) for (i=0; i < thepage.n_sections; i++) if (!thepage.sections[i].name) break; - if (i < thepage.n_sections) + if (thepage.n_sections && i < thepage.n_sections) sect = thepage.sections + i; else { @@ -679,6 +715,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } cmdtbl[] = { { "command", 0, "\\fB", "\\fR" }, { "code", 0, "\\fB", "\\fR" }, + { "url", 0, "\\fB", "\\fR" }, { "sc", 0, "\\fB", "\\fR" }, { "var", 0, "\\fI", "\\fR" }, { "samp", 0, "\\(aq", "\\(aq" }, @@ -699,6 +736,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "emph", 0, "\\fI", "\\fR" }, { "w", 1 }, { "c", 5 }, + { "efindex", 1 }, { "opindex", 1 }, { "cpindex", 1 }, { "cindex", 1 }, @@ -846,7 +884,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } else inf ("texinfo command '%s' not supported (%.*s)", command, - ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); + (int)((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } if (*rest == '{') @@ -958,7 +996,7 @@ proc_texi_buffer (FILE *fp, const char *line, size_t len, assert (n <= len); s += n; len -= n; s--; len++; - in_cmd = 0; + /* in_cmd = 0; -- doc only */ } } @@ -1367,7 +1405,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) } if (!incfp) - err ("can't open include file '%s':%s", + err ("can't open include file '%s': %s", incname, strerror (errno)); else { @@ -1466,13 +1504,14 @@ main (int argc, char **argv) "Extract man pages from a Texinfo source.\n\n" " --source NAME use NAME as source field\n" " --release STRING use STRING as the release field\n" + " --date EPOCH use EPOCH as publication date\n" " --store write output using @manpage name\n" " --select NAME only output pages with @manpage NAME\n" " --verbose enable extra informational output\n" " --debug enable additional debug output\n" " --help display this help and exit\n" " -I DIR also search in include DIR\n" - " -D gpgone the only useable define\n\n" + " -D gpgone the only usable define\n\n" "With no FILE, or when FILE is -, read standard input.\n\n" "Report bugs to ."); exit (0); @@ -1519,6 +1558,15 @@ main (int argc, char **argv) argc--; argv++; } } + else if (!strcmp (*argv, "--date")) + { + argc--; argv++; + if (argc) + { + opt_date = *argv; + argc--; argv++; + } + } else if (!strcmp (*argv, "--store")) { opt_store = 1; commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9 Author: Werner Koch Date: Sat Jun 25 16:09:20 2016 +0200 tests: Add attributes to helper functions. * tests/t-common.h (die, fail, info): Add attributes. * tests/random.c (die, inf): Ditto. * tests/pubkey.c (die, fail, info): Add attributes. * tests/fipsdrv.c (die): Add attribute. (main): Take care of missing --key,--iv,--dt options. Signed-off-by: Werner Koch diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index 49253cb..63c5176 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -134,6 +134,11 @@ struct tag_info }; +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + /* Print a error message and exit the process with an error code. */ static void @@ -1150,7 +1155,7 @@ run_cipher_mct_loop (int encrypt_mode, int cipher_algo, int cipher_mode, blocklen = gcry_cipher_get_algo_blklen (cipher_algo); if (!blocklen || blocklen > sizeof output) - die ("invalid block length %d\n", blocklen); + die ("invalid block length %d\n", (int)blocklen); gcry_cipher_ctl (hd, PRIV_CIPHERCTL_DISABLE_WEAK_KEY, NULL, 0); @@ -2570,7 +2575,8 @@ main (int argc, char **argv) die ("no version info in input\n"); } if (atoi (key_buffer) != 1) - die ("unsupported input version %s\n", key_buffer); + die ("unsupported input version %s\n", + (const char*)key_buffer); gcry_free (key_buffer); if (!(key_buffer = read_textline (input))) die ("no iteration count in input\n"); @@ -2644,11 +2650,11 @@ main (int argc, char **argv) unsigned char buffer[16]; size_t count = 0; - if (hex2bin (key_string, key, 16) < 0 ) + if (!key_string || hex2bin (key_string, key, 16) < 0 ) die ("value for --key are not 32 hex digits\n"); - if (hex2bin (iv_string, seed, 16) < 0 ) + if (!iv_string || hex2bin (iv_string, seed, 16) < 0 ) die ("value for --iv are not 32 hex digits\n"); - if (hex2bin (dt_string, dt, 16) < 0 ) + if (!dt_string || hex2bin (dt_string, dt, 16) < 0 ) die ("value for --dt are not 32 hex digits\n"); /* The flag value 1 disables the dup check, so that the RNG diff --git a/tests/pubkey.c b/tests/pubkey.c index b691913..3eb5b4f 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -115,6 +115,15 @@ static const char sample_public_key_1[] = static int verbose; static int error_count; + +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +static void fail (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +static void info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + + static void die (const char *format, ...) { diff --git a/tests/random.c b/tests/random.c index 3c08726..65e5670 100644 --- a/tests/random.c +++ b/tests/random.c @@ -43,6 +43,13 @@ static int verbose; static int debug; static int with_progress; +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +static void inf (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + + static void die (const char *format, ...) { diff --git a/tests/t-common.h b/tests/t-common.h index 3546986..68a7804 100644 --- a/tests/t-common.h +++ b/tests/t-common.h @@ -52,6 +52,13 @@ static int verbose; static int debug; static int errorcount; +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +static void fail (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +static void info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + /* Reporting functions. */ static void diff --git a/tests/t-sexp.c b/tests/t-sexp.c index 33a58ff..edb37a2 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -81,7 +81,7 @@ hex2mpiopa (const char *string) die ("hex2mpiopa '%s' failed: parser error\n", string); val = gcry_mpi_set_opaque (NULL, buffer, buflen*8); if (!buffer) - die ("hex2mpiopa '%s' failed: set_opaque error%s\n", string); + die ("hex2mpiopa '%s' failed: set_opaque error\n", string); return val; } @@ -510,7 +510,7 @@ back_and_forth_one (int testno, const char *buffer, size_t length) } if (compare_to_canon (se1, canon, canonlen)) { - fail ("baf %d: converting to advanced failed.\n", + fail ("baf %d: converting to advanced failed: %s\n", testno, gpg_strerror (rc)); return; } ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++------- tests/fipsdrv.c | 16 +++++++++----- tests/pubkey.c | 9 ++++++++ tests/random.c | 7 +++++++ tests/t-common.h | 7 +++++++ tests/t-sexp.c | 4 ++-- 6 files changed, 92 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Sat Jun 25 20:54:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 20:54:34 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-7-g7a7f7c1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 7a7f7c147f888367dfee6093d26bfeaf750efc3a (commit) from 1feb01940062a74c27230434fc3babdddca8caf4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a Author: Werner Koch Date: Sat Jun 25 20:52:47 2016 +0200 ecc: Fix memory leak. * cipher/ecc.c (ecc_check_secret_key): Do not init point if already set. Signed-off-by: Werner Koch diff --git a/cipher/ecc.c b/cipher/ecc.c index 8af0d14..e25bf09 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -790,7 +790,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms) } if (mpi_g) { - point_init (&sk.E.G); + if (!sk.E.G.x) + point_init (&sk.E.G); rc = _gcry_ecc_os2ec (&sk.E.G, mpi_g); if (rc) goto leave; ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From sokhanget010 at icloud.com Sun Jun 26 05:15:53 2016 From: sokhanget010 at icloud.com (Sokha Nget) Date: Sun, 26 Jun 2016 10:15:53 +0700 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-307-g57b60bb Message-ID: <7C64FCE0-3505-4A35-AACE-96D0A005BCC8@icloud.com> Sokhanget010 at gmail.com From cvs at cvs.gnupg.org Mon Jun 27 17:26:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Jun 2016 17:26:32 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-9-g4d634a0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4d634a098742ff425b324e9f2a67b9f62de09744 (commit) via ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c (commit) from 7a7f7c147f888367dfee6093d26bfeaf750efc3a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4d634a098742ff425b324e9f2a67b9f62de09744 Author: Werner Koch Date: Mon Jun 27 17:22:18 2016 +0200 tests: Do not test SHAKE128 et al with gcry_md_hash_buffer. * tests/benchmark.c (md_bench): Do not test variable lengths algos with the gcry_md_hash_buffer. Signed-off-by: Werner Koch diff --git a/tests/benchmark.c b/tests/benchmark.c index 53b83b1..d387c56 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -572,21 +572,24 @@ md_bench ( const char *algoname ) if (gcry_md_get_algo_dlen (algo) > sizeof digest) die ("digest buffer too short\n"); - largebuf_base = malloc (10000+15); - if (!largebuf_base) - die ("out of core\n"); - largebuf = (largebuf_base - + ((16 - ((size_t)largebuf_base & 0x0f)) % buffer_alignment)); - - for (i=0; i < 10000; i++) - largebuf[i] = i; - start_timer (); - for (repcount=0; repcount < hash_repetitions; repcount++) - for (i=0; i < 100; i++) - gcry_md_hash_buffer (algo, digest, largebuf, 10000); - stop_timer (); - printf (" %s", elapsed_time (1)); - free (largebuf_base); + if (gcry_md_get_algo_dlen (algo)) + { + largebuf_base = malloc (10000+15); + if (!largebuf_base) + die ("out of core\n"); + largebuf = (largebuf_base + + ((16 - ((size_t)largebuf_base & 0x0f)) % buffer_alignment)); + + for (i=0; i < 10000; i++) + largebuf[i] = i; + start_timer (); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 100; i++) + gcry_md_hash_buffer (algo, digest, largebuf, 10000); + stop_timer (); + printf (" %s", elapsed_time (1)); + free (largebuf_base); + } putchar ('\n'); fflush (stdout); commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c Author: Werner Koch Date: Mon Jun 27 17:11:23 2016 +0200 md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer. * cipher/md.c (md_read): Detect missing read function. (_gcry_md_hash_buffers): Return an error. Signed-off-by: Werner Koch diff --git a/cipher/md.c b/cipher/md.c index a39e18a..27a0efb 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -831,9 +831,8 @@ md_read( gcry_md_hd_t a, int algo ) { if (r->next) log_debug ("more than one algorithm in md_read(0)\n"); - if (r->spec->read == NULL) - return NULL; - return r->spec->read (&r->context.c); + if (r->spec->read) + return r->spec->read (&r->context.c); } } else @@ -841,12 +840,17 @@ md_read( gcry_md_hd_t a, int algo ) for (r = a->ctx->list; r; r = r->next) if (r->spec->algo == algo) { - if (r->spec->read == NULL) - return NULL; - return r->spec->read (&r->context.c); + if (r->spec->read) + return r->spec->read (&r->context.c); + break; } } - _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, "request algo not in md context"); + + if (r && !r->spec->read) + _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, + "requested algo has no fixed digest length"); + else + _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, "requested algo not in md context"); return NULL; } @@ -1010,6 +1014,7 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, normal functions. */ gcry_md_hd_t h; gpg_err_code_t rc; + int dlen; if (algo == GCRY_MD_MD5 && fips_mode ()) { @@ -1022,6 +1027,12 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, } } + /* Detect SHAKE128 like algorithms which we can't use because + * our API does not allow for a variable length digest. */ + dlen = md_digest_length (algo); + if (!dlen) + return GPG_ERR_DIGEST_ALGO; + rc = md_open (&h, algo, (hmac? GCRY_MD_FLAG_HMAC:0)); if (rc) return rc; @@ -1041,7 +1052,7 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, for (;iovcnt; iov++, iovcnt--) md_write (h, (const char*)iov[0].data + iov[0].off, iov[0].len); md_final (h); - memcpy (digest, md_read (h, algo), md_digest_length (algo)); + memcpy (digest, md_read (h, algo), dlen); md_close (h); } ----------------------------------------------------------------------- Summary of changes: cipher/md.c | 27 +++++++++++++++++++-------- tests/benchmark.c | 33 ++++++++++++++++++--------------- 2 files changed, 37 insertions(+), 23 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From gniibe at fsij.org Wed Jun 29 02:40:59 2016 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 29 Jun 2016 09:40:59 +0900 Subject: cipher/sha1-avx-amd64.S is for AVX (not AVX2)? Message-ID: <70518b08-d2eb-586d-ebcc-94ebd77c6834@fsij.org> Hello, While looking at this issue: https://bugs.gnupg.org/gnupg/issue2396 I found a problem in cipher/sha1-avx-amd64.S. While I don't have knowledge of those instructions, it seems for me that something like following is needed, for a platform where AVX2 is not supported. Jussi, could you please confirm? diff --git a/cipher/sha1-avx-amd64.S b/cipher/sha1-avx-amd64.S index 062a45b..70efe95 100644 --- a/cipher/sha1-avx-amd64.S +++ b/cipher/sha1-avx-amd64.S @@ -31,8 +31,8 @@ #if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ - defined(HAVE_GCC_INLINE_ASM_BMI2) && \ - defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(USE_SHA1) + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA1) #ifdef __PIC__ # define RIP (%rip) -- From jussi.kivilinna at iki.fi Wed Jun 29 13:57:30 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Wed, 29 Jun 2016 14:57:30 +0300 Subject: cipher/sha1-avx-amd64.S is for AVX (not AVX2)? In-Reply-To: <70518b08-d2eb-586d-ebcc-94ebd77c6834@fsij.org> References: <70518b08-d2eb-586d-ebcc-94ebd77c6834@fsij.org> Message-ID: <5773B7AA.5050700@iki.fi> Hello, On 2016-06-29 03:40, NIIBE Yutaka wrote: > Hello, > > While looking at this issue: > https://bugs.gnupg.org/gnupg/issue2396 > > I found a problem in cipher/sha1-avx-amd64.S. > > While I don't have knowledge of those instructions, it seems for me > that something like following is needed, for a platform where AVX2 is > not supported. > > Jussi, could you please confirm? Yes, '#if' clause in sha1-avx-amd64.S is wrong. > > diff --git a/cipher/sha1-avx-amd64.S b/cipher/sha1-avx-amd64.S > index 062a45b..70efe95 100644 > --- a/cipher/sha1-avx-amd64.S > +++ b/cipher/sha1-avx-amd64.S > @@ -31,8 +31,8 @@ > > #if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ > defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ > - defined(HAVE_GCC_INLINE_ASM_BMI2) && \ > - defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(USE_SHA1) > + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ > + defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA1) This should be changed to match '#define USE_AVX' part in 'sha1.c': #if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA1) I can make the change on weekend. -Jussi > > #ifdef __PIC__ > # define RIP (%rip) > From mfpnb at plass-family.net Wed Jun 29 19:44:34 2016 From: mfpnb at plass-family.net (Michael Plass) Date: Wed, 29 Jun 2016 10:44:34 -0700 Subject: PIC, alignment problems with libcrypt on armv7 Message-ID: I recently tracked down a couple of problems with libcrypt-1.7.1 in the context of netbsd pkgsrc on raspberry pi 2 (armv7). The details are covered in this thread: http://mail-index.netbsd.org/tech-pkg/2016/06/29/msg017059.html The first problem is a non-PIC reference in cipher/poly1305-armv7-neon.S that prevents the library from being loaded when using ASLR: ============================== commit 9bf37f803059304b1f46747953ef8e961c7e643b Author: Michael Plass Date: Wed Jun 29 10:15:16 2016 -0700 Remove a non-PIC reference in armv7 poly1305. diff --git a/cipher/poly1305-armv7-neon.S b/cipher/poly1305-armv7-neon.S index 1134e85..e2727bd 100644 --- a/cipher/poly1305-armv7-neon.S +++ b/cipher/poly1305-armv7-neon.S @@ -52,7 +52,7 @@ _gcry_poly1305_armv7_neon_init_ext: and r2, r2, r2 moveq r14, #-1 ldmia r1!, {r2-r5} - ldr r7, =.Lpoly1305_init_constants_neon + adr r7, .Lpoly1305_init_constants_neon mov r6, r2 mov r8, r2, lsr #26 mov r9, r3, lsr #20 ============================== The second problem showed up as a bus error running tests/basic. The problem is that ldm/stm don't deal with unaligned accesses even on armv7 (see http://www.heyrick.co.uk/armwiki/Unaligned_data_access). My workaround is to undef the gcc-defined feature symbol, but a better fix would be to strip out the conditional guards, since the alignment adjustments are needed on all versions. ============================== commit 68c3274900ea129099f04892d32ccbb061ff6a72 Author: Michael Plass Date: Wed Jun 29 10:27:55 2016 -0700 Avoid doing unaligned ldm/stm even on armv7 - it does not work. diff --git a/cipher/rijndael-arm.S b/cipher/rijndael-arm.S index 694369d..34a9acc 100644 --- a/cipher/rijndael-arm.S +++ b/cipher/rijndael-arm.S @@ -19,6 +19,7 @@ */ #include +#undef __ARM_FEATURE_UNALIGNED #if defined(__ARMEL__) #ifdef HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS ============================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From jussi.kivilinna at iki.fi Thu Jun 30 09:43:33 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 30 Jun 2016 10:43:33 +0300 Subject: PIC, alignment problems with libcrypt on armv7 In-Reply-To: References: Message-ID: <5774CDA5.2090001@iki.fi> Hello, On 2016-06-29 20:44, Michael Plass wrote: > I recently tracked down a couple of problems with libcrypt-1.7.1 in the > context of netbsd pkgsrc on raspberry pi 2 (armv7). Thanks for tracking and reporting these. > > The details are covered in this thread: > > http://mail-index.netbsd.org/tech-pkg/2016/06/29/msg017059.html > > The first problem is a non-PIC reference in cipher/poly1305-armv7-neon.S > that prevents the library from being loaded when using ASLR: Looks correct. I need to review other armv7 assembly for similar errors. I wonder if there is automated way to check resulting library for such non-PIC references. If there is, such check could be incorporated to build process and abort build if found. > > ============================== > commit 9bf37f803059304b1f46747953ef8e961c7e643b > Author: Michael Plass > Date: Wed Jun 29 10:15:16 2016 -0700 > > Remove a non-PIC reference in armv7 poly1305. > > diff --git a/cipher/poly1305-armv7-neon.S b/cipher/poly1305-armv7-neon.S > index 1134e85..e2727bd 100644 > --- a/cipher/poly1305-armv7-neon.S > +++ b/cipher/poly1305-armv7-neon.S > @@ -52,7 +52,7 @@ _gcry_poly1305_armv7_neon_init_ext: > and r2, r2, r2 > moveq r14, #-1 > ldmia r1!, {r2-r5} > - ldr r7, =.Lpoly1305_init_constants_neon > + adr r7, .Lpoly1305_init_constants_neon > mov r6, r2 > mov r8, r2, lsr #26 > mov r9, r3, lsr #20 > ============================== > > The second problem showed up as a bus error running tests/basic. > The problem is that ldm/stm don't deal with unaligned accesses even > on armv7 (see http://www.heyrick.co.uk/armwiki/Unaligned_data_access). > My workaround is to undef the gcc-defined feature symbol, but a better > fix would be to strip out the conditional guards, since the alignment > adjustments are needed on all versions. I have made wrong assumption about unaligned accesses with ldm/stm. I'll make the needed changes and add proper unaligned buffer test cases so that these will be caught in future. -Jussi > ============================== > commit 68c3274900ea129099f04892d32ccbb061ff6a72 > Author: Michael Plass > Date: Wed Jun 29 10:27:55 2016 -0700 > > Avoid doing unaligned ldm/stm even on armv7 - it does not work. > > diff --git a/cipher/rijndael-arm.S b/cipher/rijndael-arm.S > index 694369d..34a9acc 100644 > --- a/cipher/rijndael-arm.S > +++ b/cipher/rijndael-arm.S > @@ -19,6 +19,7 @@ > */ > > #include > +#undef __ARM_FEATURE_UNALIGNED > > #if defined(__ARMEL__) > #ifdef HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS > ============================== > > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > From cvs at cvs.gnupg.org Thu Jun 30 13:02:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Jun 2016 13:02:41 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-10-g6965515 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6965515c73632a088fb126a4a55e95121671fa98 (commit) from 4d634a098742ff425b324e9f2a67b9f62de09744 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6965515c73632a088fb126a4a55e95121671fa98 Author: Werner Koch Date: Thu Jun 30 13:00:50 2016 +0200 random: Remove debug message about not supported getrandom syscall. * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug for getrandom error ENOSYS. Signed-off-by: Werner Koch diff --git a/random/rndlinux.c b/random/rndlinux.c index f08c9f9..2b563bf 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -275,7 +275,6 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, length -= nbytes; continue; /* until LENGTH is zero. */ } - log_debug ("syscall(getrandom) not supported; errno = %d\n", errno); } #endif ----------------------------------------------------------------------- Summary of changes: random/rndlinux.c | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From jussi.kivilinna at iki.fi Thu Jun 30 23:38:55 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 1 Jul 2016 00:38:55 +0300 Subject: PIC, alignment problems with libcrypt on armv7 In-Reply-To: <5774CDA5.2090001@iki.fi> References: <5774CDA5.2090001@iki.fi> Message-ID: <5775916F.8010505@iki.fi> On 30.06.2016 10:43, Jussi Kivilinna wrote: >> The second problem showed up as a bus error running tests/basic. >> The problem is that ldm/stm don't deal with unaligned accesses even >> on armv7 (see http://www.heyrick.co.uk/armwiki/Unaligned_data_access). >> My workaround is to undef the gcc-defined feature symbol, but a better >> fix would be to strip out the conditional guards, since the alignment >> adjustments are needed on all versions. > > I have made wrong assumption about unaligned accesses with ldm/stm. > I'll make the needed changes and add proper unaligned buffer test cases > so that these will be caught in future. > Appears that there is proper tests for unaligned buffers. However those tests did not fail for me, since on Linux unaligned ldm/stm exception is caught and handled by kernel. -Jussi From jussi.kivilinna at iki.fi Thu Jun 30 23:55:23 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 01 Jul 2016 00:55:23 +0300 Subject: [PATCH 1/4] Fix wrong CPU feature #ifdef for SHA1/AVX Message-ID: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> * cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2. -- Signed-off-by: Jussi Kivilinna --- cipher/sha1-avx-amd64.S | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cipher/sha1-avx-amd64.S b/cipher/sha1-avx-amd64.S index 062a45b..3b3a6d1 100644 --- a/cipher/sha1-avx-amd64.S +++ b/cipher/sha1-avx-amd64.S @@ -31,8 +31,7 @@ #if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ - defined(HAVE_GCC_INLINE_ASM_BMI2) && \ - defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(USE_SHA1) + defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA1) #ifdef __PIC__ # define RIP (%rip) From jussi.kivilinna at iki.fi Thu Jun 30 23:55:28 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 01 Jul 2016 00:55:28 +0300 Subject: [PATCH 2/4] Fix non-PIC reference in PIC for poly1305/ARMv7-NEON In-Reply-To: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> References: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> Message-ID: <146732372807.13382.4008149858131410366.stgit@localhost6.localdomain6> * cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New. (_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER. -- Reported-by: Michael Plass Signed-off-by: Jussi Kivilinna --- cipher/poly1305-armv7-neon.S | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/cipher/poly1305-armv7-neon.S b/cipher/poly1305-armv7-neon.S index 1134e85..b1554ed 100644 --- a/cipher/poly1305-armv7-neon.S +++ b/cipher/poly1305-armv7-neon.S @@ -33,6 +33,19 @@ .fpu neon .arm +#ifdef __PIC__ +# define GET_DATA_POINTER(reg, name, rtmp) \ + ldr reg, 1f; \ + ldr rtmp, 2f; \ + b 3f; \ + 1: .word _GLOBAL_OFFSET_TABLE_-(3f+8); \ + 2: .word name(GOT); \ + 3: add reg, pc, reg; \ + ldr reg, [reg, rtmp]; +#else +# define GET_DATA_POINTER(reg, name, rtmp) ldr reg, =name +#endif + .text .p2align 2 @@ -52,7 +65,7 @@ _gcry_poly1305_armv7_neon_init_ext: and r2, r2, r2 moveq r14, #-1 ldmia r1!, {r2-r5} - ldr r7, =.Lpoly1305_init_constants_neon + GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8) mov r6, r2 mov r8, r2, lsr #26 mov r9, r3, lsr #20 From jussi.kivilinna at iki.fi Thu Jun 30 23:55:33 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 01 Jul 2016 00:55:33 +0300 Subject: [PATCH 3/4] Avoid unaligned accesses with ARM ldm/stm instructions In-Reply-To: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> References: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> Message-ID: <146732373309.13382.4945298976946258097.stgit@localhost6.localdomain6> * cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always compile with unaligned load/store code paths. * cipher/sha512-arm.S: Ditto. -- Reported-by: Michael Plass Signed-off-by: Jussi Kivilinna --- cipher/rijndael-arm.S | 12 ++++-------- cipher/sha512-arm.S | 3 +-- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/cipher/rijndael-arm.S b/cipher/rijndael-arm.S index 694369d..e3a91c2 100644 --- a/cipher/rijndael-arm.S +++ b/cipher/rijndael-arm.S @@ -225,7 +225,7 @@ _gcry_aes_arm_encrypt_block: push {%r4-%r11, %ip, %lr}; /* read input block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if src is unaligned */ tst %r2, #3; beq 1f; @@ -238,7 +238,6 @@ _gcry_aes_arm_encrypt_block: b 2f; .ltorg 1: -#endif /* aligned load */ ldm %r2, {RA, RB, RC, RD}; #ifndef __ARMEL__ @@ -277,7 +276,7 @@ _gcry_aes_arm_encrypt_block: add %sp, #16; /* store output block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if dst is unaligned */ tst RT0, #3; beq 1f; @@ -290,7 +289,6 @@ _gcry_aes_arm_encrypt_block: b 2f; .ltorg 1: -#endif /* aligned store */ #ifndef __ARMEL__ rev RA, RA; @@ -484,7 +482,7 @@ _gcry_aes_arm_decrypt_block: push {%r4-%r11, %ip, %lr}; /* read input block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if src is unaligned */ tst %r2, #3; beq 1f; @@ -497,7 +495,6 @@ _gcry_aes_arm_decrypt_block: b 2f; .ltorg 1: -#endif /* aligned load */ ldm %r2, {RA, RB, RC, RD}; #ifndef __ARMEL__ @@ -533,7 +530,7 @@ _gcry_aes_arm_decrypt_block: add %sp, #16; /* store output block */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if dst is unaligned */ tst RT0, #3; beq 1f; @@ -546,7 +543,6 @@ _gcry_aes_arm_decrypt_block: b 2f; .ltorg 1: -#endif /* aligned store */ #ifndef __ARMEL__ rev RA, RA; diff --git a/cipher/sha512-arm.S b/cipher/sha512-arm.S index 28f156e..94ec014 100644 --- a/cipher/sha512-arm.S +++ b/cipher/sha512-arm.S @@ -323,7 +323,7 @@ _gcry_sha512_transform_arm: stm RWhi, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} /* Load input to w[16] */ -#ifndef __ARM_FEATURE_UNALIGNED + /* test if data is unaligned */ tst %r1, #3; beq 1f; @@ -341,7 +341,6 @@ _gcry_sha512_transform_arm: read_be64_unaligned_4(%r1, 12 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); b 2f; -#endif 1: /* aligned load */ add RWhi, %sp, #(w(0)); From jussi.kivilinna at iki.fi Thu Jun 30 23:55:38 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 01 Jul 2016 00:55:38 +0300 Subject: [PATCH 4/4] Disallow encryption/decryption if key is not set In-Reply-To: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> References: <146732372300.13382.9740337901889609550.stgit@localhost6.localdomain6> Message-ID: <146732373813.13382.1433970089743537954.stgit@localhost6.localdomain6> * cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not NONE, make sure that key is set. * cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear 'marks.key' when reseting state. -- Reported-by: Andreas Metzler Signed-off-by: Jussi Kivilinna --- cipher/cipher-ccm.c | 3 +++ cipher/cipher.c | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c index 4d8f816..d7f14d8 100644 --- a/cipher/cipher-ccm.c +++ b/cipher/cipher-ccm.c @@ -110,6 +110,7 @@ gcry_err_code_t _gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce, size_t noncelen) { + unsigned int marks_key; size_t L = 15 - noncelen; size_t L_; @@ -122,12 +123,14 @@ _gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce, return GPG_ERR_INV_LENGTH; /* Reset state */ + marks_key = c->marks.key; memset (&c->u_mode, 0, sizeof(c->u_mode)); memset (&c->marks, 0, sizeof(c->marks)); memset (&c->u_iv, 0, sizeof(c->u_iv)); memset (&c->u_ctr, 0, sizeof(c->u_ctr)); memset (c->lastiv, 0, sizeof(c->lastiv)); c->unused = 0; + c->marks.key = marks_key; /* Setup CTR */ c->u_ctr.ctr[0] = L_; diff --git a/cipher/cipher.c b/cipher/cipher.c index 2b7bf21..ff3340f 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -818,6 +818,12 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, { gcry_err_code_t rc; + if (c->mode != GCRY_CIPHER_MODE_NONE && !c->marks.key) + { + log_error ("cipher_encrypt: key not set\n"); + return GPG_ERR_MISSING_KEY; + } + switch (c->mode) { case GCRY_CIPHER_MODE_ECB: @@ -935,6 +941,12 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, { gcry_err_code_t rc; + if (c->mode != GCRY_CIPHER_MODE_NONE && !c->marks.key) + { + log_error ("cipher_decrypt: key not set\n"); + return GPG_ERR_MISSING_KEY; + } + switch (c->mode) { case GCRY_CIPHER_MODE_ECB: