From timo.benk at gmx.de Thu Feb 7 19:45:51 2008 From: timo.benk at gmx.de (Timo Benk) Date: Thu, 07 Feb 2008 19:45:51 +0100 Subject: compiling libgcrypt on mingw32/winxp Message-ID: <47AB51DF.5060307@gmx.de> Hi, i try to compile libgcrypt 1.4.0 on mingw32/winxp and i get the following error message: make[2]: Entering directory `/z/libgcrypt-1.4.0/cipher' /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/usr/local/include -g -O2 -Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c -o rijndael.lo rijndael.c gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/usr/local/include -g -O2 -Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c rijndael.c -DDLL_EXPORT -DPIC -o .libs/rijndael.o rijndael.c: In function `do_padlock':^M rijndael.c:2062: error: can't find a register in class `GENERAL_REGS' while reloading `asm'^M make[2]: *** [rijndael.lo] Error 1 make[2]: Leaving directory `/z/libgcrypt-1.4.0/cipher' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/z/libgcrypt-1.4.0' make: *** [all] Error 2 Does anyone know a solution or is there somewhere a howto on compiling libgcrypt for windows? Greetings, -timo -- Timo Benk - Jabber ID: t1m0 at jabber.org - ICQ ID: #153604896 PGP Public Key: http://www.m64s19.vlinux.de/timo_benk_gpg_key.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Feb 7 21:14:21 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Feb 2008 21:14:21 +0100 Subject: compiling libgcrypt on mingw32/winxp In-Reply-To: <47AB51DF.5060307@gmx.de> (Timo Benk's message of "Thu, 07 Feb 2008 19:45:51 +0100") References: <47AB51DF.5060307@gmx.de> Message-ID: <87zlucikwy.fsf@wheatstone.g10code.de> On Thu, 7 Feb 2008 19:45, timo.benk at gmx.de said: > i try to compile libgcrypt 1.4.0 on mingw32/winxp and i get the > following error message: ./configure --disable-padlock Note, that building on Windows is not offically supported. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From gnupg at ethen.de Wed Feb 13 12:58:00 2008 From: gnupg at ethen.de (gnupg at ethen.de) Date: Wed, 13 Feb 2008 12:58:00 +0100 Subject: Need -fomit-frame-pointer to compile Message-ID: <200802131258.03316.gnupg@ethen.de> Just in case it helps: I need -fomit-frame-pointer to compile libgcrypt-1.4.0. gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/extend/download/gpg/tempinst/include -g -O1 -Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c rijndael.c -o rijndael.o rijndael.c: In function `do_padlock': rijndael.c:2062: error: can't find a register in class `GENERAL_REGS' while reloading `asm' gcc -fomit-frame-pointer -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/extend/download/gpg/tempinst/include -g -O1 -Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c rijndael.c -o rijndael.o (no error) gcc --version gcc (GCC) 3.3.3 (SuSE Linux) uname -a Linux name 2.6.5-7.276-default #1 Mon Jul 24 10:45:31 UTC 2006 i686 i686 i386 GNU/Linux From h.habib at gmail.com Thu Feb 14 08:33:12 2008 From: h.habib at gmail.com (Haidar Habib) Date: Thu, 14 Feb 2008 13:03:12 +0530 Subject: forking new process when calling gnutls_global_init() function Message-ID: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> Hi, I am using gnutls and libgcrypt in my application for using TLS in HP-UX. But when calling gnutls_global_init() function it forking a new process giving following trace [New process 28026] warning: reading `r3' register: No data Detaching after fork from process 28026 Can you please help why this new process is being created and how to avoid this. With regards, Haidar Habib From h.habib at gmail.com Thu Feb 14 08:01:24 2008 From: h.habib at gmail.com (h.habib at gmail.com) Date: Wed, 13 Feb 2008 23:01:24 -0800 Subject: forking new process when calling gnutls_global_init() function Message-ID: <23855319.751681202972484072.JavaMail.nabble@isper.nabble.com> I am using gnutls and libgcrypt in my application for using TLS in HP-UX. But when calling gnutls_global_init() function it forking a new process giving following trace [New process 28026] warning: reading `r3' register: No data Detaching after fork from process 28026 Can you please help why this new process is being created and how to avoid this. From gnupg at ethen.de Thu Feb 14 19:39:09 2008 From: gnupg at ethen.de (gnupg at ethen.de) Date: Thu, 14 Feb 2008 19:39:09 +0100 Subject: segfault in gcrypt 1.4.0 Message-ID: <200802141939.10468.gnupg@ethen.de> Hi, I tried to compile gnupg-2.0.8 with libassuan-1.0.4, libgcrypt-1.4.0, libgpg-error-1.5 and libksba-1.0.3. It gives me gpg2 in subdir g10 but stops with make[3]: Entering directory `/extend/gpg/gnupg-2.0.8/tests/openpgp' echo '#!/bin/sh' >./gpg_dearmor echo "../../g10/gpg2 --no-options --no-greeting \ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor chmod 755 ./gpg_dearmor ./gpg_dearmor > ./pubring.gpg < ./pubring.asc ./gpg_dearmor: line 2: 4801 Speicherzugriffsfehler ../../g10/gpg2 --no-options --no-greeting --no-secmem-warning --batch --dearmor make[3]: *** [pubring.gpg] Fehler 139 make[3]: Leaving directory `/extend/gpg/gnupg-2.0.8/tests/openpgp' make[2]: *** [all-recursive] Fehler 1 make[2]: Leaving directory `/extend/gpg/gnupg-2.0.8/tests' make[1]: *** [all-recursive] Fehler 1 make[1]: Leaving directory `/extend/gpg/gnupg-2.0.8' make: *** [all] Fehler 2 To get a closer look I compiled in a seperate directory /extend/gpg. As I wrote yesterday, I need -fomit-frame-pointer to compile libgcrypt-1.4.0: gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/extend/gpg/inst/include -g -O1 -Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c rijndael.c -o rijndael.o rijndael.c: In function `do_padlock': rijndael.c:2062: error: can't find a register in class `GENERAL_REGS' while reloading `asm' gcc --version gcc (GCC) 3.3.3 (SuSE Linux) I figured out that it is libgcrypt what segfaults... (gdb) run Starting program: /extend/gpg/gnupg-2.0.8/g10/gpg2 Program received signal SIGSEGV, Segmentation fault. 0x40095f60 in ?? () from /extend/gpg/inst/lib/libgcrypt.so.11 (gdb) bt #0 0x40095f60 in ?? () from /extend/gpg/inst/lib/libgcrypt.so.11 #1 0x4009d97d in detect_ia32_gnuc () from /extend/gpg/inst/lib/libgcrypt.so.11 #2 0x756ceaf9 in ?? () #3 0x00000000 in ?? () #4 0x756e6547 in ?? () #5 0x49656e69 in ?? () #6 0x6c65746e in ?? () #7 0x401188a4 in __JCR_LIST__ () from /extend/gpg/inst/lib/libgcrypt.so.11 #8 0x4009f100 in _gcry_ath_mutex_destroy () from /extend/gpg/inst/lib/libgcrypt.so.11 #9 0x00000000 in ?? () #10 0x401188a4 in __JCR_LIST__ () from /extend/gpg/inst/lib/libgcrypt.so.11 #11 0x00000001 in ?? () #12 0x00000020 in ?? () #13 0x00000000 in ?? () #14 0x401188a4 in __JCR_LIST__ () from /extend/gpg/inst/lib/libgcrypt.so.11 #15 0x4009da0d in _gcry_detect_hw_features () from /extend/gpg/inst/lib/libgcrypt.so.11 #16 0x00000000 in ?? () #17 0x401188a4 in __JCR_LIST__ () from /extend/gpg/inst/lib/libgcrypt.so.11 #18 0x40098884 in global_init () from /extend/gpg/inst/lib/libgcrypt.so.11 #19 0x00000000 in ?? () #20 0x401188a4 in __JCR_LIST__ () from /extend/gpg/inst/lib/libgcrypt.so.11 #21 0x40098ee2 in _gcry_vcontrol () from /extend/gpg/inst/lib/libgcrypt.so.11 #22 0x080d93ec in ?? () #23 0x00000017 in ?? () #24 0x08049ece in ?? () #25 0x40092f4c in ?? () from /extend/gpg/inst/lib/libgcrypt.so.11 #26 0x00000000 in ?? () #27 0x401188a4 in __JCR_LIST__ () from /extend/gpg/inst/lib/libgcrypt.so.11 #28 0x4009652f in gcry_control () from /extend/gpg/inst/lib/libgcrypt.so.11 #29 0xbffff094 in ?? () #30 0x00000000 in ?? () #31 0x40096511 in gcry_control () from /extend/gpg/inst/lib/libgcrypt.so.11 #32 0x00000000 in ?? () #33 0x4022abd0 in __elf_set___libc_thread_subfreeres_element___rpc_thread_destroy__ () from /lib/tls/libc.so.6 #34 0x00000024 in ?? () #35 0xffffe000 in ?? () #36 0x00001000 in ?? () #37 0xbffff2b4 in ?? () #38 0x400106e5 in _dl_sysdep_start () from /lib/ld-linux.so.2 #39 0x4012e500 in __libc_start_main () from /lib/tls/libc.so.6 #40 0x0804c251 in _start () at ../sysdeps/i386/elf/start.S:102 No problems if I use libgcrypt-1.2.2. How can I fix it? From h.habib at gmail.com Fri Feb 15 12:07:47 2008 From: h.habib at gmail.com (Haidar Habib) Date: Fri, 15 Feb 2008 16:37:47 +0530 Subject: Unable to make gnutls Message-ID: <922d0b4d0802150307m63a848aid637edda81ef7e0e@mail.gmail.com> Hi, I am trying to build gnutls-1.6.3 in HP-UX , but when i am running make command after ./configure it showing following errors. g++: +b: No such file or directory g++: /saurabh/gnutls-1.6.3/lib/.libs:/usr/local/lib: No such file or directory I am makeing from /saurabh/gnutls-1.6.3 directory and used configure with following options ./configure CC=aCC CFLAGS="+d -Aa +DAportable -mt +W930 +W829 +Z -ext -Wl,+s -g" LDFLAGS="-L/usr/local/lib/ -L/usr/local/lib/" pls help. -- With regards, Haidar Habib From wk at gnupg.org Fri Feb 15 18:38:56 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 15 Feb 2008 18:38:56 +0100 Subject: segfault in gcrypt 1.4.0 In-Reply-To: <200802141939.10468.gnupg@ethen.de> (gnupg@ethen.de's message of "Thu, 14 Feb 2008 19:39:09 +0100") References: <200802141939.10468.gnupg@ethen.de> Message-ID: <87k5l615n3.fsf@wheatstone.g10code.de> On Thu, 14 Feb 2008 19:39, gnupg at ethen.de said: > I tried to compile gnupg-2.0.8 with libassuan-1.0.4, libgcrypt-1.4.0, libgpg-error-1.5 and libksba-1.0.3. > It gives me gpg2 in subdir g10 but stops with That segv is because you used an incomplete build of libgcrypt. Use ./configure --disable-padlock to build libgcrypt. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Feb 15 18:41:02 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 15 Feb 2008 18:41:02 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> (Haidar Habib's message of "Thu, 14 Feb 2008 13:03:12 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> Message-ID: <87fxvu15jl.fsf@wheatstone.g10code.de> On Thu, 14 Feb 2008 08:33, h.habib at gmail.com said: > I am using gnutls and libgcrypt in my application for using TLS in > HP-UX. But when calling gnutls_global_init() function it forking a new Please direct your questions to the gnutls mailing list and not to this one (which is dedicated to libgcrypt). Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From h.habib at gmail.com Sun Feb 17 10:30:50 2008 From: h.habib at gmail.com (Haidar Habib) Date: Sun, 17 Feb 2008 15:00:50 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87fxvu15jl.fsf@wheatstone.g10code.de> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <87fxvu15jl.fsf@wheatstone.g10code.de> Message-ID: <922d0b4d0802170130v4e096f50k8777830b0e39c7d3@mail.gmail.com> Thanks for ur response. Actually I raised this to gnutls mailing list but they replied that there is no call to fork in that and asked to raised this to gcrypt mailing list. So I raised this here. So pls help if you can in this regard. Regards, Haidar Habib On Feb 15, 2008 11:11 PM, Werner Koch wrote: > On Thu, 14 Feb 2008 08:33, h.habib at gmail.com said: > > > I am using gnutls and libgcrypt in my application for using TLS in > > HP-UX. But when calling gnutls_global_init() function it forking a new > > Please direct your questions to the gnutls mailing list and not to this > one (which is dedicated to libgcrypt). > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > -- With regards, Md. Haidar Habib Senior Software Engineer haidar.habib at aricent.com Aricent Gurgaon Cell- 09350042332 From simon at josefsson.org Sun Feb 17 17:34:50 2008 From: simon at josefsson.org (Simon Josefsson) Date: Sun, 17 Feb 2008 17:34:50 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802170130v4e096f50k8777830b0e39c7d3@mail.gmail.com> (Haidar Habib's message of "Sun, 17 Feb 2008 15:00:50 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <87fxvu15jl.fsf@wheatstone.g10code.de> <922d0b4d0802170130v4e096f50k8777830b0e39c7d3@mail.gmail.com> Message-ID: <87tzk735jp.fsf@mocca.josefsson.org> The fork is in libgcrypt (rndunix.c), so I think it is an appropriate question for the libgcrypt list. As far as I understand, there is nothing we can do to avoid the fork from gnutls. /Simon "Haidar Habib" writes: > Thanks for ur response. Actually I raised this to gnutls mailing list > but they replied that there is no call to fork in that and asked to > raised this to gcrypt mailing list. So I raised this here. > So pls help if you can in this regard. > > Regards, > Haidar Habib > > On Feb 15, 2008 11:11 PM, Werner Koch wrote: >> On Thu, 14 Feb 2008 08:33, h.habib at gmail.com said: >> >> > I am using gnutls and libgcrypt in my application for using TLS in >> > HP-UX. But when calling gnutls_global_init() function it forking a new >> >> Please direct your questions to the gnutls mailing list and not to this >> one (which is dedicated to libgcrypt). >> >> >> Salam-Shalom, >> >> Werner >> >> -- >> Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. >> >> > > > > -- > With regards, > Md. Haidar Habib > Senior Software Engineer > haidar.habib at aricent.com > Aricent > Gurgaon > Cell- 09350042332 From wk at gnupg.org Mon Feb 18 09:28:28 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Feb 2008 09:28:28 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87tzk735jp.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Sun, 17 Feb 2008 17:34:50 +0100") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <87fxvu15jl.fsf@wheatstone.g10code.de> <922d0b4d0802170130v4e096f50k8777830b0e39c7d3@mail.gmail.com> <87tzk735jp.fsf@mocca.josefsson.org> Message-ID: <87bq6ey8gj.fsf@wheatstone.g10code.de> On Sun, 17 Feb 2008 17:34, simon at josefsson.org said: > The fork is in libgcrypt (rndunix.c), so I think it is an appropriate > question for the libgcrypt list. As far as I understand, there is > nothing we can do to avoid the fork from gnutls. Ah okay. That is the entropy gatherer as used on HPUX. Continuing on gcrypt-devel. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Feb 18 09:36:16 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Feb 2008 09:36:16 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> (Haidar Habib's message of "Thu, 14 Feb 2008 13:03:12 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> Message-ID: <877ih2y83j.fsf@wheatstone.g10code.de> On Thu, 14 Feb 2008 08:33, h.habib at gmail.com said: > I am using gnutls and libgcrypt in my application for using TLS in > HP-UX. But when calling gnutls_global_init() function it forking a new > process giving following trace > [New process 28026] > warning: reading `r3' register: No data > Detaching after fork from process 28026 > > Can you please help why this new process is being created and how to avoid this. On systems with a random device, libgcrypt uses an entropy gatherer which works by running dozens of system tools to gather stats about the system. The error message is likely from one of these tools. I don't know tryhe trace utility but if you can configure it to also show the exec call, you will see the culprit. An easier way to debug this is by setting the envvar: GNUPG_RNDUNIX_DBG=filename The actual code is cipher/rndunix.c . A failure of one of the tools is not a real problem. If track it down we might be able to exclude that tool for a certain version of HPUX. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Feb 18 09:41:29 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Feb 2008 09:41:29 +0100 Subject: Unable to make gnutls In-Reply-To: <922d0b4d0802150307m63a848aid637edda81ef7e0e@mail.gmail.com> (Haidar Habib's message of "Fri, 15 Feb 2008 16:37:47 +0530") References: <922d0b4d0802150307m63a848aid637edda81ef7e0e@mail.gmail.com> Message-ID: <873arqy7uu.fsf@wheatstone.g10code.de> On Fri, 15 Feb 2008 12:07, h.habib at gmail.com said: > make command after ./configure it showing following errors. > > g++: +b: No such file or directory > g++: /saurabh/gnutls-1.6.3/lib/.libs:/usr/local/lib: No such file or directory Please let us know some more context around these error lines. In aprticular the invocation of gcc. We don't use g++ so this error message is strange. > ./configure CC=aCC CFLAGS="+d -Aa +DAportable -mt +W930 +W829 +Z -ext > -Wl,+s -g" LDFLAGS="-L/usr/local/lib/ -L/usr/local/lib/" What is "aCC"? Does that resolve to "g++"? Don't do this, C++ is not the same language as C and thus you can't use a C++ compiler for C code. Though it quite works, you can't do that. Use gcc or any other standard C-89 compiler. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From h.habib at gmail.com Mon Feb 18 11:51:08 2008 From: h.habib at gmail.com (Haidar Habib) Date: Mon, 18 Feb 2008 16:21:08 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <877ih2y83j.fsf@wheatstone.g10code.de> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> Message-ID: <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> Hi Werner, Thanks for your response. I have exported the variable and run the application as you suggested and got the following outful in file. But I don't know what to infer from this. Regards, Haidar START RNDUNIX DEBUG pid=27534 /bin/vmstat -s contributed 0 bytes, usefulness = 2 /bin/vmstat -c contributed 0 bytes, usefulness = 2 /bin/vmstat -i contributed 0 bytes, usefulness = 1 /usr/bin/last -n 50 contributed 0 bytes, usefulness = 0 /usr/bin/nfsstat contributed 1698 bytes, usefulness = 3 /bin/vmstat -f contributed 47 bytes, usefulness = 0 /bin/ps -el contributed 17179 bytes, usefulness = 5 /bin/ps -A contributed 0 bytes, usefulness = 0 /usr/bin/netstat -s contributed 2566 bytes, usefulness = 5 /usr/bin/netstat -m contributed 34 bytes, usefulness = 1 /bin/netstat -in contributed 253 bytes, usefulness = 1 /usr/bin/w contributed 1330 bytes, usefulness = 1 /usr/bin/iostat contributed 42 bytes, usefulness = 0 /usr/bin/uptime contributed 68 bytes, usefulness = 0 /bin/vmstat contributed 135 bytes, usefulness = 0 /usr/bin/ipcs -a contributed 2214 bytes, usefulness = 1 /usr/sbin/ripquery -nw 1 127.0.0.1 contributed 109 bytes, usefulness = 0 /bin/lpstat -t contributed 65 bytes, usefulness = 0 /etc/arp -a contributed 82 bytes, usefulness = 0 /usr/bin/netstat -n contributed 13987 bytes, usefulness = 6 /usr/bin/df contributed 589 bytes, usefulness = 0 Got 40398 bytes, usefulness = 23 On Feb 18, 2008 2:06 PM, Werner Koch wrote: > On Thu, 14 Feb 2008 08:33, h.habib at gmail.com said: > > > > I am using gnutls and libgcrypt in my application for using TLS in > > HP-UX. But when calling gnutls_global_init() function it forking a new > > process giving following trace > > [New process 28026] > > warning: reading `r3' register: No data > > Detaching after fork from process 28026 > > > > Can you please help why this new process is being created and how to avoid this. > > On systems with a random device, libgcrypt uses an entropy gatherer > which works by running dozens of system tools to gather stats about the > system. The error message is likely from one of these tools. I don't > know tryhe trace utility but if you can configure it to also show the > exec call, you will see the culprit. > > An easier way to debug this is by setting the envvar: > > GNUPG_RNDUNIX_DBG=filename > > The actual code is cipher/rndunix.c . > > A failure of one of the tools is not a real problem. If track it down > we might be able to exclude that tool for a certain version of HPUX. > > > Shalom-Salam, > > > Werner > > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > -- With regards, Md. Haidar Habib Senior Software Engineer haidar.habib at aricent.com Aricent Gurgaon Cell- 09350042332 From wk at gnupg.org Mon Feb 18 12:27:30 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Feb 2008 12:27:30 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> (Haidar Habib's message of "Mon, 18 Feb 2008 16:21:08 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> Message-ID: <87fxvqwllp.fsf@wheatstone.g10code.de> On Mon, 18 Feb 2008 11:51, h.habib at gmail.com said: > I have exported the variable and run the application as you suggested > and got the following outful in file. > But I don't know what to infer from this. It does not look bad. If you want to get to the failing tool you need to use your trace utility or chnage the code of rndlinux.c. I don't known that the error message you posted is all about. Is it even an error message worth to care about? What is the actual problem you try to solve? Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From h.habib at gmail.com Mon Feb 18 13:58:48 2008 From: h.habib at gmail.com (Haidar Habib) Date: Mon, 18 Feb 2008 18:28:48 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87fxvqwllp.fsf@wheatstone.g10code.de> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> Message-ID: <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> Hi Werner, The problem what I am facing is that when I am running my application with TLS enabled another process is created with the same executable name as my application. I am concerned of this new process as I have not forked any child process in my application. After debugging the problem I found out that after I called gnutls_global_init() function at the time of initialization of TLS a new process is forked printing following trace in console. [New process 28026] warning: reading `r3' register: No data Detaching after fork from process 28026 As gnutls_global_init() function internally calls many gcrypt functions which may fork a new process, I raised this issue. One more think the same code is running fine in LINUX OS without creating any new process. Hope this clarifies the problem. Haidar On Feb 18, 2008 4:57 PM, Werner Koch wrote: > On Mon, 18 Feb 2008 11:51, h.habib at gmail.com said: > > > I have exported the variable and run the application as you suggested > > and got the following outful in file. > > But I don't know what to infer from this. > > It does not look bad. If you want to get to the failing tool you need > to use your trace utility or chnage the code of rndlinux.c. > > I don't known that the error message you posted is all about. Is it > even an error message worth to care about? > > What is the actual problem you try to solve? > > > > Shalom-Salam, > > Werner > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > -- With regards, Md. Haidar Habib Senior Software Engineer haidar.habib at aricent.com Aricent Gurgaon Cell- 09350042332 From wk at gnupg.org Mon Feb 18 16:56:14 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Feb 2008 16:56:14 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> (Haidar Habib's message of "Mon, 18 Feb 2008 18:28:48 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> Message-ID: <87tzk6tg0x.fsf@wheatstone.g10code.de> On Mon, 18 Feb 2008 13:58, h.habib at gmail.com said: > gnutls_global_init() function at the time of initialization of TLS a > new process is forked printing following trace in console. > > [New process 28026] > warning: reading `r3' register: No data > Detaching after fork from process 28026 Frankly, I still don't understand the origin of this message. My interpretation is that some process reads a register named r3 and returns no data. Whatever this means. The entire output looks like a system call trace utility - I don't know HPUX enough to tell. > One more think the same code is running fine in LINUX OS without > creating any new process. Right. Thai is because it uses /dev/random. As stated when configuring libgcrypt, you are better off running the EGD: The performance of the Unix random gatherer module (rndunix) is not very good and it does not keep the entropy pool over multiple invocations of Libgcrypt base applications. The suggested way to overcome this problem is to use the Entropy Gathering Daemon (EGD) which provides a entropy source for the whole system. It is written in Perl and available at the GnuPG FTP servers. To enable EGD you should rerun configure with the option "--enable-static-rnd=egd". For more information consult the GnuPG webpages: http://www.gnupg.org/download.html#egd Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From h.habib at gmail.com Tue Feb 19 14:05:53 2008 From: h.habib at gmail.com (Haidar Habib) Date: Tue, 19 Feb 2008 18:35:53 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87tzk6tg0x.fsf@wheatstone.g10code.de> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> Message-ID: <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> Hi Wernaer, Thanks for your response. Actually in HPUX machine there is no /dev/random device and I think thats why libgcrypt is forking a new process. As per your suggestion I tried to install EGD but couldn't do so in HPUX because it's showing some errors. So one way of avoiding this is to kill the new process which has been created. Can you pls let us know will there be any problem if we kill the new process which is created. Regards, Haidar On Feb 18, 2008 9:26 PM, Werner Koch wrote: > On Mon, 18 Feb 2008 13:58, h.habib at gmail.com said: > > gnutls_global_init() function at the time of initialization of TLS a > > new process is forked printing following trace in console. > > > > [New process 28026] > > warning: reading `r3' register: No data > > Detaching after fork from process 28026 > > Frankly, I still don't understand the origin of this message. My > interpretation is that some process reads a register named r3 and > returns no data. Whatever this means. The entire output looks like a > system call trace utility - I don't know HPUX enough to tell. > > > One more think the same code is running fine in LINUX OS without > > creating any new process. > > Right. Thai is because it uses /dev/random. As stated when configuring > libgcrypt, you are better off running the EGD: > > The performance of the Unix random gatherer module (rndunix) is not > very good and it does not keep the entropy pool over multiple > invocations of Libgcrypt base applications. The suggested way to > overcome this problem is to use the > > Entropy Gathering Daemon (EGD) > > which provides a entropy source for the whole system. It is written > in Perl and available at the GnuPG FTP servers. To enable EGD you > should rerun configure with the option "--enable-static-rnd=egd". > For more information consult the GnuPG webpages: > > http://www.gnupg.org/download.html#egd > > > > Salam-Shalom, > > > Werner > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > From wk at gnupg.org Tue Feb 19 19:35:09 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 Feb 2008 19:35:09 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> (Haidar Habib's message of "Tue, 19 Feb 2008 18:35:53 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> Message-ID: <87odacpzfm.fsf@wheatstone.g10code.de> On Tue, 19 Feb 2008 14:05, h.habib at gmail.com said: > So one way of avoiding this is to kill the new process which has been created. > Can you pls let us know will there be any problem if we kill the new > process which is created. The procersses are all supposed to be sort-lived - they should not stay for a long time. If they this is a bug in that utility or we call it with options which make it run too long. To help you I need to know the name or the program used to exec that process. It would also be helpful if you can tell us a bit more verbose what your problem is and describe the environment. For example what created the output you posted, etc. If you don't want to send this to a public mailing list, you may consider to hire a consultant (cf. http://www.gnupg.org/service.html). Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kayameti at gmail.com Tue Feb 19 22:25:41 2008 From: kayameti at gmail.com (Metin KAYA) Date: Tue, 19 Feb 2008 23:25:41 +0200 Subject: why do not "gpgme-1.1.4/tests/gpg/t-decrypt.c" and "gpgme-1.1.4/tests/gpg/t-encrypt.c" working? Message-ID: Hi all, I'm new user of gpgme. I installed gpgme-1.1.4 and studied examples of it. But when I try to run t-decrypt and t-encrypt binaries, they give this error: # ./t-encrypt t-encrypt.c:60: GPGME: End of file # ./t-decrypt t-decrypt.c:64: GPGME: Decryption failed I'm using Fedora Core 8 (2.6.23.9-85.fc8) and I want to use gpgme to encrypt/decrypt and assign plain data. Can you help me? How can I encrypt/decrypt/assign plain data via gpgme library functions? -------------- next part -------------- An HTML attachment was scrubbed... URL: From presannar at ami.com Wed Feb 20 03:50:59 2008 From: presannar at ami.com (Presanna Raman) Date: Tue, 19 Feb 2008 21:50:59 -0500 Subject: LibGcrypt verify Help required Message-ID: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC3@atl-ms2.us.megatrends.com> Hi, I am developing an App that needs to verify the signature of a file signed by gpg. I am unable to use gpg in the EFI environment. I have converted the public key, signature from the armored format to the s-expression by extracting the MPI values and building the sexpression from them. The problem is that I am unable to verify the data. I am able to build the public key and signature s-expression without any problems. The statement I use is for public key and signature is rc = gcry_sexp_create(&pkey, buffer, inputFileLength, 1, free); (replace pkey with sign for signature.) the buffer contains the I am using the following statement to build the sexpression of the data rc = gcry_sexp_build(&data, NULL, "(data (flags raw no-blinding) (value %s))", buffer); where the data is provided as the buffer. Can someone help as to where I am going wrong? Is the syntax correct for converting data into sexpression? Pl. Help. With Regards, Presanna Raman. -------------- next part -------------- An HTML attachment was scrubbed... URL: From agl at imperialviolet.org Wed Feb 20 05:42:04 2008 From: agl at imperialviolet.org (Adam Langley) Date: Tue, 19 Feb 2008 20:42:04 -0800 Subject: LibGcrypt verify Help required In-Reply-To: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC3@atl-ms2.us.megatrends.com> References: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC3@atl-ms2.us.megatrends.com> Message-ID: <396556a20802192042y4d04d64an6e2c7dc9d4402a7d@mail.gmail.com> On Feb 19, 2008 6:50 PM, Presanna Raman wrote: > I am developing an App that needs to verify the signature of a file > signed by gpg. I am unable to use gpg in the EFI environment. I have > converted the public key, signature from the armored format to the > s-expression by extracting the MPI values and building the sexpression from > them. The problem is that I am unable to verify the data. I could be wrong, but I'm pretty sure that gpg signature will have rather more encoding. Unless gpg is really in some sort of 'really raw' mode, it should be following the OpenPGP spec[1]. Possibly opencdk is the library that you want for this. [1] http://www.faqs.org/rfcs/rfc2440.html AGL -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org From agl at imperialviolet.org Wed Feb 20 05:46:11 2008 From: agl at imperialviolet.org (Adam Langley) Date: Tue, 19 Feb 2008 20:46:11 -0800 Subject: LibGcrypt verify Help required In-Reply-To: <396556a20802192042y4d04d64an6e2c7dc9d4402a7d@mail.gmail.com> References: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC3@atl-ms2.us.megatrends.com> <396556a20802192042y4d04d64an6e2c7dc9d4402a7d@mail.gmail.com> Message-ID: <396556a20802192046w49254162s5f74ee86e5875799@mail.gmail.com> On Feb 19, 2008 8:42 PM, Adam Langley wrote: > Possibly opencdk is the library that you want for this. Oh, and please note that opencdk appears to be *GPL* licensed, not LGPL. That may affect your plans. AGL -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org From simon at josefsson.org Wed Feb 20 11:25:08 2008 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 20 Feb 2008 11:25:08 +0100 Subject: LibGcrypt verify Help required In-Reply-To: <396556a20802192046w49254162s5f74ee86e5875799@mail.gmail.com> (Adam Langley's message of "Tue, 19 Feb 2008 20:46:11 -0800") References: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC3@atl-ms2.us.megatrends.com> <396556a20802192042y4d04d64an6e2c7dc9d4402a7d@mail.gmail.com> <396556a20802192046w49254162s5f74ee86e5875799@mail.gmail.com> Message-ID: <87r6f7udq3.fsf@mocca.josefsson.org> "Adam Langley" writes: > On Feb 19, 2008 8:42 PM, Adam Langley wrote: >> Possibly opencdk is the library that you want for this. > > Oh, and please note that opencdk appears to be *GPL* licensed, not > LGPL. That may affect your plans. FYI, there is a minimal version of opencdk which is licensed under LGPL, it is included in gnutls. Probably it should be released on its own, but we don't know what to do with the GPL'd larger opencdk in that case. Maybe the lgpl version should be renamed. On the other hand, I'm not sure if any non-gnutls applications needs anything from the full opencdk that isn't in the lgpl opencdk. However, I would also recommend looking at GPGME. /Simon From h.habib at gmail.com Wed Feb 20 14:38:49 2008 From: h.habib at gmail.com (Haidar Habib) Date: Wed, 20 Feb 2008 19:08:49 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87odacpzfm.fsf@wheatstone.g10code.de> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> <87odacpzfm.fsf@wheatstone.g10code.de> Message-ID: <922d0b4d0802200538o12c56f59pe704bec4dc5ea325@mail.gmail.com> Hi Werner, > The procersses are all supposed to be sort-lived - they should not stay > for a long time. If they this is a bug in that utility or we call it > with options which make it run too long. The process is not short-lived i.e. its remain as long as the original process which created it is alive. > To help you I need to know the name or the program used to exec that > process. It would also be helpful if you can tell us a bit more verbose > what your problem is and describe the environment. For example what > created the output you posted, etc. lets say our process name is dfn_tls. When we run this process and then do ps -aef we get the following output. haidar 24069 24068 0 17:53:54 ttyp1 0:00 ./dfn_tls clientDfn.cfg haidar 24068 23117 0 17:53:51 ttyp1 0:04 ./dfn_tls clientDfn.cfg Here PID 24068 is our original process and 24068 is the child process created by 24068. Following is the code snipate where some gnutls and gcrypt function has been called. After debugging we have seen that whenever gnutls_global_init() is called the new process is spawned. We are using HP-UX JOSH B.11.11 U 9000/785 3695850352 unlimited-user license machine. If I kill process 24068 then also our process is running fine with intact TLS functionality. void init(string cafile, string certfile, string keyfile) { gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); int ret; if( (ret=gnutls_global_init()) < 0) { cout<<"TLS initialization error. "< wrote: > On Tue, 19 Feb 2008 14:05, h.habib at gmail.com said: > > > So one way of avoiding this is to kill the new process which has been created. > > Can you pls let us know will there be any problem if we kill the new > > process which is created. > > The procersses are all supposed to be sort-lived - they should not stay > for a long time. If they this is a bug in that utility or we call it > with options which make it run too long. > > To help you I need to know the name or the program used to exec that > process. It would also be helpful if you can tell us a bit more verbose > what your problem is and describe the environment. For example what > created the output you posted, etc. > > If you don't want to send this to a public mailing list, you may > consider to hire a consultant (cf. http://www.gnupg.org/service.html). > > > Shalom-Salam, > > > Werner > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > -- With regards, Md. Haidar Habib Senior Software Engineer haidar.habib at aricent.com Aricent Gurgaon Cell- 09350042332 From wk at gnupg.org Wed Feb 20 18:57:35 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 20 Feb 2008 18:57:35 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802200538o12c56f59pe704bec4dc5ea325@mail.gmail.com> (Haidar Habib's message of "Wed, 20 Feb 2008 19:08:49 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> <87odacpzfm.fsf@wheatstone.g10code.de> <922d0b4d0802200538o12c56f59pe704bec4dc5ea325@mail.gmail.com> Message-ID: <87zltvv7cg.fsf@wheatstone.g10code.de> On Wed, 20 Feb 2008 14:38, h.habib at gmail.com said: > lets say our process name is dfn_tls. When we run this process and then > do ps -aef we get the following output. > > haidar 24069 24068 0 17:53:54 ttyp1 0:00 ./dfn_tls clientDfn.cfg > haidar 24068 23117 0 17:53:51 ttyp1 0:04 ./dfn_tls clientDfn.cfg Okay that is useful. I have not looked at the code for a long time, so please excuse that I didn't mentioned it right away. What libgcrypt with rndunix does is to chreate a child process which runs an the actual entropy gathering (spawing system utilities). The child communicates via a pipe with the parent and is controlled by the parent reading from the child. Thus after the parent read enough (i.e. got enough entropy), the child (the entropy gatherer loop) will eventually wait in a write call until the parent reads again from it. So now if you kill that child and libgcrypt (the parent) needs to get more entropy it sits in a read without the other other end connected and thus gets an EPIPE. You should see a "reading from gatherer pipe failed: %s" error message. Of course we could restart the gatherer process but as it should never terminate in the first place there is no point in starting it again. libgcrypt will instead hang in its random generator because it is not able to load new entropy into its pool. If there is a real problem, you should either fire up a debugger or sprinkle more debug printfs into it. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From presannar at ami.com Wed Feb 20 23:57:39 2008 From: presannar at ami.com (Presanna Raman) Date: Wed, 20 Feb 2008 17:57:39 -0500 Subject: LibGcrypt verify Help required In-Reply-To: <396556a20802192046w49254162s5f74ee86e5875799@mail.gmail.com> Message-ID: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC5@atl-ms2.us.megatrends.com> Thankx Adam for the suggestion. Unfortunately, I will have to use G-Crypt lib. I did look at how openCdk verifies a signature. It is the same that I have followed. I have a detached Armored Signature, the Armored Public Key and the binary file which was used to generate the detached signature. On going thru the RFC 4880 I gather that the 2 mpi's part of the signature packet contain the hashed data. I use this to construct the sexpression equivalent for the signature. Similarly, I use the 4 mpi's of the public key to construct the public key s-expression. What I am not sure is how do I generate the sexpression of the data? Should I encode the data using some hashing algorithm and then generate the sexpression for verification? Or am I missing something. The RFC specifies that the preferred encoding in OpenPGP is PKCS#1. But using PKCS1 as the flag in constructing the sexpression I get back Error status GPG_ERR_CONFLICT. Any help will be appreciated. On a side Note, In the function gcry_mpi_set_opaque() the a->sign is set as nbit with no check made to make sure if the value is signed. Is this correct? With Regards, Presanna Raman. > -----Original Message----- > From: alangley at gmail.com [SMTP:alangley at gmail.com] On Behalf Of Adam Langley > Sent: Tuesday, February 19, 2008 11:46 PM > To: Presanna Raman > Cc: gcrypt-devel at gnupg.org > Subject: Re: LibGcrypt verify Help required > > On Feb 19, 2008 8:42 PM, Adam Langley wrote: > > Possibly opencdk is the library that you want for this. > > Oh, and please note that opencdk appears to be *GPL* licensed, not > LGPL. That may affect your plans. > > > AGL > > -- > Adam Langley agl at imperialviolet.org http://www.imperialviolet.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From presannar at ami.com Thu Feb 21 00:07:51 2008 From: presannar at ami.com (Presanna Raman) Date: Wed, 20 Feb 2008 18:07:51 -0500 Subject: LibGcrypt verify Help required In-Reply-To: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC5@atl-ms2.us.megatrends.com> Message-ID: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC6@atl-ms2.us.megatrends.com> NM Regarding the gcry_mpi_set_opaque. I stand corrected. > -----Original Message----- > From: Presanna Raman > Sent: Wednesday, February 20, 2008 5:58 PM > To: gcrypt-devel at gnupg.org; 'Adam Langley' > Subject: RE: LibGcrypt verify Help required > > Thankx Adam for the suggestion. Unfortunately, I will have to use G-Crypt lib. I did look at how openCdk verifies a signature. It is the same that I have followed. I have a detached Armored Signature, the Armored Public Key and the binary file which was used to generate the detached signature. On going thru the RFC 4880 I gather that the 2 mpi's part of the signature packet contain the hashed data. I use this to construct the sexpression equivalent for the signature. Similarly, I use the 4 mpi's of the public key to construct the public key s-expression. What I am not sure is how do I generate the sexpression of the data? Should I encode the data using some hashing algorithm and then generate the sexpression for verification? Or am I missing something. The RFC specifies that the preferred encoding in OpenPGP is PKCS#1. But using PKCS1 as the flag in constructing the sexpression I get back Error status GPG_ERR_CONFLICT. Any help will be appreciated. > > On a side Note, In the function gcry_mpi_set_opaque() the a->sign is set as nbit with no check made to make sure if the value is signed. Is this correct? > > With Regards, > > Presanna Raman. > > -----Original Message----- > From: alangley at gmail.com [SMTP:alangley at gmail.com] On Behalf Of Adam Langley > Sent: Tuesday, February 19, 2008 11:46 PM > To: Presanna Raman > Cc: gcrypt-devel at gnupg.org > Subject: Re: LibGcrypt verify Help required > > On Feb 19, 2008 8:42 PM, Adam Langley wrote: > > Possibly opencdk is the library that you want for this. > > Oh, and please note that opencdk appears to be *GPL* licensed, not > LGPL. That may affect your plans. > > > AGL > > -- > Adam Langley agl at imperialviolet.org http://www.imperialviolet.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From presannar at ami.com Thu Feb 21 01:15:18 2008 From: presannar at ami.com (Presanna Raman) Date: Wed, 20 Feb 2008 19:15:18 -0500 Subject: LibGcrypt verify Help required In-Reply-To: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC5@atl-ms2.us.megatrends.com> Message-ID: <9B4771B4D9FB73498B40311D4E7E8EE50567CCC7@atl-ms2.us.megatrends.com> On reading up further and analyzing the code, I came across the following. The description for the sexp_data_to_mpi function says that "Either the VALUE or the HASH element must be present for use with signatures. VALUE is used for encryption." (data [(flags [pkcs1])] [(hash )] [(value )] ) So am I correct to assume that inorder to verify a binary file I first need to calculate the Hash value for that file and replace in the above expression and not provide the binary file as is. So my S-expression for the data will be something like "(data (flags pkcs1(hash rmd160 )))". If I need to verify the signature of text file I provide it as the ? Is this a right assumption? With Regards, Presanna Raman. > -----Original Message----- > From: Presanna Raman > Sent: Wednesday, February 20, 2008 5:58 PM > To: gcrypt-devel at gnupg.org; 'Adam Langley' > Subject: RE: LibGcrypt verify Help required > > Thankx Adam for the suggestion. Unfortunately, I will have to use G-Crypt lib. I did look at how openCdk verifies a signature. It is the same that I have followed. I have a detached Armored Signature, the Armored Public Key and the binary file which was used to generate the detached signature. On going thru the RFC 4880 I gather that the 2 mpi's part of the signature packet contain the hashed data. I use this to construct the sexpression equivalent for the signature. Similarly, I use the 4 mpi's of the public key to construct the public key s-expression. What I am not sure is how do I generate the sexpression of the data? Should I encode the data using some hashing algorithm and then generate the sexpression for verification? Or am I missing something. The RFC specifies that the preferred encoding in OpenPGP is PKCS#1. But using PKCS1 as the flag in constructing the sexpression I get back Error status GPG_ERR_CONFLICT. Any help will be appreciated. > > On a side Note, In the function gcry_mpi_set_opaque() the a->sign is set as nbit with no check made to make sure if the value is signed. Is this correct? > > With Regards, > > Presanna Raman. > > -----Original Message----- > From: alangley at gmail.com [SMTP:alangley at gmail.com] On Behalf Of Adam Langley > Sent: Tuesday, February 19, 2008 11:46 PM > To: Presanna Raman > Cc: gcrypt-devel at gnupg.org > Subject: Re: LibGcrypt verify Help required > > On Feb 19, 2008 8:42 PM, Adam Langley wrote: > > Possibly opencdk is the library that you want for this. > > Oh, and please note that opencdk appears to be *GPL* licensed, not > LGPL. That may affect your plans. > > > AGL > > -- > Adam Langley agl at imperialviolet.org http://www.imperialviolet.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From h.habib at gmail.com Thu Feb 21 12:51:48 2008 From: h.habib at gmail.com (Haidar Habib) Date: Thu, 21 Feb 2008 17:21:48 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87zltvv7cg.fsf@wheatstone.g10code.de> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> <87odacpzfm.fsf@wheatstone.g10code.de> <922d0b4d0802200538o12c56f59pe704bec4dc5ea325@mail.gmail.com> <87zltvv7cg.fsf@wheatstone.g10code.de> Message-ID: <922d0b4d0802210351m3744b72aj592f3ba795aa29f7@mail.gmail.com> Hi Werner, I have done some debugging on the child process. Following is the output of bactrace(bt) of functions call by it. Pls look into this if this helps. #0 0xc0201020 in _write_sys+0x10 () from /usr/lib/libc.2 #1 0xc020d13c in write+0xc4 () from /usr/lib/libc.2 #2 0xc6478130 in start_gatherer+0x320 () from /usr/local/lib/libgcrypt.sl.13 #3 0xc64784f4 in _gcry_rndunix_gather_random+0x148 () from /usr/local/lib/libgcrypt.sl.13 #4 0xc642e128 in read_random_source+0xe0 () from /usr/local/lib/libgcrypt.sl.13 #5 0xc642dc04 in random_poll+0x58 () from /usr/local/lib/libgcrypt.sl.13 #6 0xc642d6bc in read_pool+0x308 () from /usr/local/lib/libgcrypt.sl.13 #7 0xc642c6cc in gcry_randomize+0x1b0 () from /usr/local/lib/libgcrypt.sl.13 #8 0xc5b46fa0 in gc_pseudo_random+0x38 () from /usr/local/lib/libgnutls-extra.sl.13 #9 0xc6357c84 in gnutls_global_init+0x42c () from /usr/local/lib/libgnutls.sl.13 Actually my concern is why the child process is visible in HPUX os and not in LINUX. Is this because in HPUX there is no /dev/random device defined or due to any other reason. For us it is not a good option to have a child process wtih our actual process. So can you pls provide some fix so that no child process is present there . Regards, Haidar On Wed, Feb 20, 2008 at 11:27 PM, Werner Koch wrote: > On Wed, 20 Feb 2008 14:38, h.habib at gmail.com said: > > > lets say our process name is dfn_tls. When we run this process and then > > do ps -aef we get the following output. > > > > haidar 24069 24068 0 17:53:54 ttyp1 0:00 ./dfn_tls clientDfn.cfg > > haidar 24068 23117 0 17:53:51 ttyp1 0:04 ./dfn_tls clientDfn.cfg > > Okay that is useful. I have not looked at the code for a long time, so > please excuse that I didn't mentioned it right away. What libgcrypt > with rndunix does is to chreate a child process which runs an the actual > entropy gathering (spawing system utilities). The child communicates > via a pipe with the parent and is controlled by the parent reading from > the child. Thus after the parent read enough (i.e. got enough entropy), > the child (the entropy gatherer loop) will eventually wait in a write > call until the parent reads again from it. > > So now if you kill that child and libgcrypt (the parent) needs to get > more entropy it sits in a read without the other other end connected and > thus gets an EPIPE. You should see a > > "reading from gatherer pipe failed: %s" > > error message. Of course we could restart the gatherer process but as > it should never terminate in the first place there is no point in > starting it again. libgcrypt will instead hang in its random generator > because it is not able to load new entropy into its pool. > > If there is a real problem, you should either fire up a debugger or > sprinkle more debug printfs into it. > > > > > Shalom-Salam, > > Werner > > > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > From simon at josefsson.org Thu Feb 21 14:25:18 2008 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 21 Feb 2008 14:25:18 +0100 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <922d0b4d0802210351m3744b72aj592f3ba795aa29f7@mail.gmail.com> (Haidar Habib's message of "Thu, 21 Feb 2008 17:21:48 +0530") References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <877ih2y83j.fsf@wheatstone.g10code.de> <922d0b4d0802180251g651c2beeq78f855f5f4c34fcb@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> <87odacpzfm.fsf@wheatstone.g10code.de> <922d0b4d0802200538o12c56f59pe704bec4dc5ea325@mail.gmail.com> <87zltvv7cg.fsf@wheatstone.g10code.de> <922d0b4d0802210351m3744b72aj592f3ba795aa29f7@mail.gmail.com> Message-ID: <87bq6ao30h.fsf@mocca.josefsson.org> "Haidar Habib" writes: > Hi Werner, > > I have done some debugging on the child process. Following is the > output of bactrace(bt) of functions call by it. > Pls look into this if this helps. > > > #0 0xc0201020 in _write_sys+0x10 () from /usr/lib/libc.2 > #1 0xc020d13c in write+0xc4 () from /usr/lib/libc.2 > #2 0xc6478130 in start_gatherer+0x320 () from /usr/local/lib/libgcrypt.sl.13 > #3 0xc64784f4 in _gcry_rndunix_gather_random+0x148 () > from /usr/local/lib/libgcrypt.sl.13 > #4 0xc642e128 in read_random_source+0xe0 () > from /usr/local/lib/libgcrypt.sl.13 > #5 0xc642dc04 in random_poll+0x58 () from /usr/local/lib/libgcrypt.sl.13 > #6 0xc642d6bc in read_pool+0x308 () from /usr/local/lib/libgcrypt.sl.13 > #7 0xc642c6cc in gcry_randomize+0x1b0 () from /usr/local/lib/libgcrypt.sl.13 > #8 0xc5b46fa0 in gc_pseudo_random+0x38 () > from /usr/local/lib/libgnutls-extra.sl.13 > #9 0xc6357c84 in gnutls_global_init+0x42c () > from /usr/local/lib/libgnutls.sl.13 This looks consistent with what Werner described how it is intended to work. > Actually my concern is why the child process is visible in HPUX os and > not in LINUX. Is this because in HPUX there is no /dev/random device > defined or due to any other reason. Yes, that's the reason. On linux, cipher/rndlinux.c is used, which is very different from cipher/rndunix.c which is used under HPUX. > For us it is not a good option to have a child process wtih our actual process. > So can you pls provide some fix so that no child process is present there . EGD was suggested, and if it didn't work, the only other option is to modify libgcrypt to do something else -- you could check with the HPUX documentation if there isn't a entropy API somewhere. I wouldn't consider forking a child process to be a problem though. It is how libgcrypt was intended to work on generic unix systems. If you could describe in more detail why you think that is a problem (memory usage?), maybe that problem could be fixed. /Simon > > Regards, > Haidar > > On Wed, Feb 20, 2008 at 11:27 PM, Werner Koch wrote: >> On Wed, 20 Feb 2008 14:38, h.habib at gmail.com said: >> >> > lets say our process name is dfn_tls. When we run this process and then >> > do ps -aef we get the following output. >> > >> > haidar 24069 24068 0 17:53:54 ttyp1 0:00 ./dfn_tls clientDfn.cfg >> > haidar 24068 23117 0 17:53:51 ttyp1 0:04 ./dfn_tls clientDfn.cfg >> >> Okay that is useful. I have not looked at the code for a long time, so >> please excuse that I didn't mentioned it right away. What libgcrypt >> with rndunix does is to chreate a child process which runs an the actual >> entropy gathering (spawing system utilities). The child communicates >> via a pipe with the parent and is controlled by the parent reading from >> the child. Thus after the parent read enough (i.e. got enough entropy), >> the child (the entropy gatherer loop) will eventually wait in a write >> call until the parent reads again from it. >> >> So now if you kill that child and libgcrypt (the parent) needs to get >> more entropy it sits in a read without the other other end connected and >> thus gets an EPIPE. You should see a >> >> "reading from gatherer pipe failed: %s" >> >> error message. Of course we could restart the gatherer process but as >> it should never terminate in the first place there is no point in >> starting it again. libgcrypt will instead hang in its random generator >> because it is not able to load new entropy into its pool. >> >> If there is a real problem, you should either fire up a debugger or >> sprinkle more debug printfs into it. >> >> >> >> >> Shalom-Salam, >> >> Werner >> >> >> >> -- >> Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. >> >> From gnupg at ethen.de Thu Feb 21 21:13:25 2008 From: gnupg at ethen.de (gnupg at ethen.de) Date: Thu, 21 Feb 2008 21:13:25 +0100 Subject: segfault in gcrypt 1.4.0 In-Reply-To: <87k5l615n3.fsf@wheatstone.g10code.de> References: <200802141939.10468.gnupg@ethen.de> <87k5l615n3.fsf@wheatstone.g10code.de> Message-ID: <200802212113.25546.gnupg@ethen.de> > > I tried to compile gnupg-2.0.8 with libassuan-1.0.4, libgcrypt-1.4.0, > > libgpg-error-1.5 and libksba-1.0.3. It gives me gpg2 in subdir g10 but > > stops with > > That segv is because you used an incomplete build of libgcrypt. I don't get what's "incomplete" here. > > Use > > ./configure --disable-padlock > > to build libgcrypt. I suffer the same problem as before that I need to set CFLAGS="-fomit-frame-pointer" to be able to compile rijndael.c which gives me a seg-faulting gnupg. A workaround I found is to start "make" without CFLAGS, compile rijndael.c by hand and start "make" again. From wk at gnupg.org Fri Feb 22 08:03:01 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 22 Feb 2008 08:03:01 +0100 Subject: segfault in gcrypt 1.4.0 In-Reply-To: <200802212113.25546.gnupg@ethen.de> (gnupg@ethen.de's message of "Thu, 21 Feb 2008 21:13:25 +0100") References: <200802141939.10468.gnupg@ethen.de> <87k5l615n3.fsf@wheatstone.g10code.de> <200802212113.25546.gnupg@ethen.de> Message-ID: <873arlpj6i.fsf@wheatstone.g10code.de> On Thu, 21 Feb 2008 21:13, gnupg at ethen.de said: > I don't get what's "incomplete" here. Neiterh do I ;-). The bug report was not really clear on what you did. it looked like the library was build despite that a compile bug occurred. > I suffer the same problem as before that I need to set > CFLAGS="-fomit-frame-pointer" to be able to compile rijndael.c which gives me You may not use -fomit-frame-pointer with libgcrypt 1.4.0 on ia32. We have a fix in the works. Please describe the problem again you have compiling libgcrypt (rijndael.c?). > A workaround I found is to start "make" without CFLAGS, compile rijndael.c by Don't mess around with the build system and then wonder about bugs at other places. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From gnupg at ethen.de Fri Feb 22 15:43:25 2008 From: gnupg at ethen.de (gnupg at ethen.de) Date: Fri, 22 Feb 2008 15:43:25 +0100 Subject: segfault in gcrypt 1.4.0 In-Reply-To: <873arlpj6i.fsf@wheatstone.g10code.de> References: <200802141939.10468.gnupg@ethen.de> <200802212113.25546.gnupg@ethen.de> <873arlpj6i.fsf@wheatstone.g10code.de> Message-ID: <200802221543.25800.gnupg@ethen.de> > Neiterh do I ;-). The bug report was not really clear on what you did. > it looked like the library was build despite that a compile bug occurred. No, this one wasn't. > You may not use -fomit-frame-pointer with libgcrypt 1.4.0 on ia32. We > have a fix in the works. Please describe the problem again you have > compiling libgcrypt (rijndael.c?). Without -fomit-frame-pointer I can't compile rijndael.c, no matter if I use ./configure --disable-padlock or not. Please see my message 2008-02-13 12:58 MESZ. If I set CFLAGS="-fomit-frame-pointer" for the whole libgcrypt-build I get that segfault in gnupg, no matter if I use ./configure --disable-padlock or not. Hope that helps. From h.habib at gmail.com Mon Feb 25 13:56:53 2008 From: h.habib at gmail.com (Haidar Habib) Date: Mon, 25 Feb 2008 18:26:53 +0530 Subject: forking new process when calling gnutls_global_init() function In-Reply-To: <87bq6ao30h.fsf@mocca.josefsson.org> References: <922d0b4d0802132333q124568e2q908cf7a52be86a66@mail.gmail.com> <87fxvqwllp.fsf@wheatstone.g10code.de> <922d0b4d0802180458w56cc0e0ag4572632819004fe5@mail.gmail.com> <87tzk6tg0x.fsf@wheatstone.g10code.de> <922d0b4d0802190505w75918248pe9b3944ed4723d92@mail.gmail.com> <87odacpzfm.fsf@wheatstone.g10code.de> <922d0b4d0802200538o12c56f59pe704bec4dc5ea325@mail.gmail.com> <87zltvv7cg.fsf@wheatstone.g10code.de> <922d0b4d0802210351m3744b72aj592f3ba795aa29f7@mail.gmail.com> <87bq6ao30h.fsf@mocca.josefsson.org> Message-ID: <922d0b4d0802250456i410f3de9t72c5a7e6806fec69@mail.gmail.com> Thanks for all your suggestions. Finally I am able to do away with this problem by installing random generator software KRNG11i in my HPUX machine. This software created /dev/random and now no child process is created. Thanks Regards, Haidar Habib On Thu, Feb 21, 2008 at 6:55 PM, Simon Josefsson wrote: > "Haidar Habib" writes: > > > Hi Werner, > > > > I have done some debugging on the child process. Following is the > > output of bactrace(bt) of functions call by it. > > Pls look into this if this helps. > > > > > > #0 0xc0201020 in _write_sys+0x10 () from /usr/lib/libc.2 > > #1 0xc020d13c in write+0xc4 () from /usr/lib/libc.2 > > #2 0xc6478130 in start_gatherer+0x320 () from /usr/local/lib/libgcrypt.sl.13 > > #3 0xc64784f4 in _gcry_rndunix_gather_random+0x148 () > > from /usr/local/lib/libgcrypt.sl.13 > > #4 0xc642e128 in read_random_source+0xe0 () > > from /usr/local/lib/libgcrypt.sl.13 > > #5 0xc642dc04 in random_poll+0x58 () from /usr/local/lib/libgcrypt.sl.13 > > #6 0xc642d6bc in read_pool+0x308 () from /usr/local/lib/libgcrypt.sl.13 > > #7 0xc642c6cc in gcry_randomize+0x1b0 () from /usr/local/lib/libgcrypt.sl.13 > > #8 0xc5b46fa0 in gc_pseudo_random+0x38 () > > from /usr/local/lib/libgnutls-extra.sl.13 > > #9 0xc6357c84 in gnutls_global_init+0x42c () > > from /usr/local/lib/libgnutls.sl.13 > > This looks consistent with what Werner described how it is intended to > work. > > > Actually my concern is why the child process is visible in HPUX os and > > not in LINUX. Is this because in HPUX there is no /dev/random device > > defined or due to any other reason. > > Yes, that's the reason. On linux, cipher/rndlinux.c is used, which is > very different from cipher/rndunix.c which is used under HPUX. > > > For us it is not a good option to have a child process wtih our actual process. > > So can you pls provide some fix so that no child process is present there . > > EGD was suggested, and if it didn't work, the only other option is to > modify libgcrypt to do something else -- you could check with the HPUX > documentation if there isn't a entropy API somewhere. > > I wouldn't consider forking a child process to be a problem though. It > is how libgcrypt was intended to work on generic unix systems. If you > could describe in more detail why you think that is a problem (memory > usage?), maybe that problem could be fixed. > > /Simon > > > > > > > Regards, > > Haidar > > > > On Wed, Feb 20, 2008 at 11:27 PM, Werner Koch wrote: > >> On Wed, 20 Feb 2008 14:38, h.habib at gmail.com said: > >> > >> > lets say our process name is dfn_tls. When we run this process and then > >> > do ps -aef we get the following output. > >> > > >> > haidar 24069 24068 0 17:53:54 ttyp1 0:00 ./dfn_tls clientDfn.cfg > >> > haidar 24068 23117 0 17:53:51 ttyp1 0:04 ./dfn_tls clientDfn.cfg > >> > >> Okay that is useful. I have not looked at the code for a long time, so > >> please excuse that I didn't mentioned it right away. What libgcrypt > >> with rndunix does is to chreate a child process which runs an the actual > >> entropy gathering (spawing system utilities). The child communicates > >> via a pipe with the parent and is controlled by the parent reading from > >> the child. Thus after the parent read enough (i.e. got enough entropy), > >> the child (the entropy gatherer loop) will eventually wait in a write > >> call until the parent reads again from it. > >> > >> So now if you kill that child and libgcrypt (the parent) needs to get > >> more entropy it sits in a read without the other other end connected and > >> thus gets an EPIPE. You should see a > >> > >> "reading from gatherer pipe failed: %s" > >> > >> error message. Of course we could restart the gatherer process but as > >> it should never terminate in the first place there is no point in > >> starting it again. libgcrypt will instead hang in its random generator > >> because it is not able to load new entropy into its pool. > >> > >> If there is a real problem, you should either fire up a debugger or > >> sprinkle more debug printfs into it. > >> > >> > >> > >> > >> Shalom-Salam, > >> > >> Werner > >> > >> > >> > >> -- > >> Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > >> > >> > From wk at gnupg.org Mon Feb 25 14:31:16 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 25 Feb 2008 14:31:16 +0100 Subject: segfault in gcrypt 1.4.0 In-Reply-To: <200802221543.25800.gnupg@ethen.de> (gnupg@ethen.de's message of "Fri, 22 Feb 2008 15:43:25 +0100") References: <200802141939.10468.gnupg@ethen.de> <200802212113.25546.gnupg@ethen.de> <873arlpj6i.fsf@wheatstone.g10code.de> <200802221543.25800.gnupg@ethen.de> Message-ID: <87fxvhjh7f.fsf@wheatstone.g10code.de> On Fri, 22 Feb 2008 15:43, gnupg at ethen.de said: > Without -fomit-frame-pointer I can't compile rijndael.c, no matter if I > use ./configure --disable-padlock or not. Please see my message 2008-02-13 > 12:58 MESZ. >From looking at the soruce that seems to be impossible. The __asm__ code is only used with padlock support configured. Please check whether #define ENABLE_PADLOCK_SUPPORT 1 is enabled. It should not be if you used ./confgure --disable-padlock-support Maybe I falsely suggested to use --disable-padlock which has no effect. > If I set CFLAGS="-fomit-frame-pointer" for the whole libgcrypt-build I get > that segfault in gnupg, no matter if I use ./configure --disable-padlock or That is a different problem which happens only witout a frame pointer. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kayameti at gmail.com Mon Feb 25 10:25:24 2008 From: kayameti at gmail.com (Metin KAYA) Date: Mon, 25 Feb 2008 11:25:24 +0200 Subject: how to compile this code Message-ID: Hi all, I installed libgcrypt-1.4.0 and want to compile this code (which is from "selftest()" function of "cipher/blowfish.c"): -------------------- test.c ------------------------ #include #include #include #include int main(){ BLOWFISH_context c; byte plain[] = "BLOWFISH"; byte buffer[8]; bf_setkey((void *) &c, (const unsigned char*) "abcdefghijklmnopqrstuvwxyz", 26); encrypt_block((void *) &c, buffer, plain); if(memcmp(buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8)){ printf("Blowfish selftest failed (1).\n"); exit(-1); } decrypt_block((void *) &c, buffer, buffer); if(memcmp(buffer, plain, 8)){ printf("Blowfish selftest failed (2).\n"); exit(-1); } return 0; } When I give " gcc -Wall -lgcrypt -L/usr/local/lib/ -I/usr/local/include/ -o test test.c -L/usr/local/lib/libgcrypt.so -Wl,--rpath -Wl,/usr/local/lib" command to compile the code, it gives these errors: test.c: In function 'main': test.c:9: error: 'BLOWFISH_context' undeclared (first use in this function) test.c:9: error: (Each undeclared identifier is reported only once test.c:9: error: for each function it appears in.) test.c:9: error: expected ';' before 'c' test.c:10: error: 'byte' undeclared (first use in this function) test.c:10: error: expected ';' before 'plain' test.c:11: error: expected ';' before 'buffer' test.c:13: warning: implicit declaration of function 'bf_setkey' test.c:13: error: 'c' undeclared (first use in this function) test.c:14: warning: implicit declaration of function 'encrypt_block' test.c:14: error: 'buffer' undeclared (first use in this function) test.c:14: error: 'plain' undeclared (first use in this function) test.c:21: warning: implicit declaration of function 'decrypt_block' How can I fix this error? Please help. Thanks a lot. Best regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnupg at ethen.de Tue Feb 26 18:11:03 2008 From: gnupg at ethen.de (gnupg at ethen.de) Date: Tue, 26 Feb 2008 18:11:03 +0100 Subject: segfault in gcrypt 1.4.0 In-Reply-To: <87fxvhjh7f.fsf@wheatstone.g10code.de> References: <200802141939.10468.gnupg@ethen.de> <200802221543.25800.gnupg@ethen.de> <87fxvhjh7f.fsf@wheatstone.g10code.de> Message-ID: <200802261811.04283.gnupg@ethen.de> > ./confgure --disable-padlock-support That fixed it... I don't understand why there is a difference with or without --disable-padlock-support on a non-VIA CPU. Does my Pentium III have anything to do with padlock? What would --enable-padlock-support give me?