[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-152-gdd5df19

by Werner Koch cvs at cvs.gnupg.org
Mon Jan 5 17:53:43 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  dd5df198727ea5d8f6b04288e14fd732051453c8 (commit)
       via  f65276970a6dcd6d9bca94cecc49b68acdcc9492 (commit)
       via  95a751d9cef2c6dfcd7358154bcdbbdf35e31a2e (commit)
       via  1a6d65ac0aab335541726d02f2046d883a768ec3 (commit)
       via  c420c0fff5e3b5bdd9ef1a6a4a9b2e1da8301416 (commit)
       via  943ce27e6a13057c988c35c913dc6a3f56149591 (commit)
      from  d7c7453cf5e6b8f3c6b522a30e680f844a28c9de (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dd5df198727ea5d8f6b04288e14fd732051453c8
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jan 5 17:47:26 2015 +0100

    doc: Update yat2m to current upstream version (GnuPG).

diff --git a/doc/yat2m.c b/doc/yat2m.c
index 2ac4390..86c3c70 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -87,6 +87,10 @@
     detects the number of white spaces in front of an @item and remove
     this number of spaces from all following lines until a new @item
     is found or there are less spaces than for the last @item.
+
+    Note that @* does only work correctly if used at the end of an
+    input line.
+
 */
 
 #include <stdio.h>
@@ -136,6 +140,9 @@ typedef struct macro_s *macro_t;
 /* List of all defined macros. */
 static macro_t macrolist;
 
+/* List of variables set by @set. */
+static macro_t variablelist;
+
 /* List of global macro names.  The value part is not used.  */
 static macro_t predefinedmacrolist;
 
@@ -375,8 +382,44 @@ set_macro (const char *macroname, char *macrovalue)
 }
 
 
-/* Return true if the macro NAME is set, i.e. not the empty string and
-   not evaluating to 0.  */
+/* Create or update a variable with name and value given in NAMEANDVALUE.  */
+static void
+set_variable (char *nameandvalue)
+{
+  macro_t m;
+  const char *value;
+  char *p;
+
+  for (p = nameandvalue; *p && *p != ' ' && *p != '\t'; p++)
+    ;
+  if (!*p)
+    value = "";
+  else
+    {
+      *p++ = 0;
+      while (*p == ' ' || *p == '\t')
+        p++;
+      value = p;
+    }
+
+  for (m=variablelist; m; m = m->next)
+    if (!strcmp (m->name, nameandvalue))
+      break;
+  if (m)
+    free (m->value);
+  else
+    {
+      m = xcalloc (1, sizeof *m + strlen (nameandvalue));
+      strcpy (m->name, nameandvalue);
+      m->next = variablelist;
+      variablelist = m;
+    }
+  m->value = xstrdup (value);
+}
+
+
+/* Return true if the macro or variable NAME is set, i.e. not the
+   empty string and not evaluating to 0.  */
 static int
 macro_set_p (const char *name)
 {
@@ -385,6 +428,10 @@ macro_set_p (const char *name)
   for (m = macrolist; m ; m = m->next)
     if (!strcmp (m->name, name))
       break;
+  if (!m)
+    for (m = variablelist; m ; m = m->next)
+      if (!strcmp (m->name, name))
+        break;
   if (!m || !m->value || !*m->value)
     return 0;
   if ((*m->value & 0x80) || !isdigit (*m->value))
@@ -609,6 +656,7 @@ write_th (FILE *fp)
   *p++ = 0;
   fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
            name, p, isodatestring (), opt_release, opt_source);
+  free (name);
   return 0;
 }
 
@@ -664,8 +712,11 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
     { "table",   3 },
     { "itemize",   3 },
     { "bullet",  0, "* " },
+    { "*",       0, "\n.br"},
+    { "/",       0 },
     { "end",     4 },
     { "quotation",1, ".RS\n\\fB" },
+    { "value", 8 },
     { NULL }
   };
   size_t n;
@@ -741,11 +792,46 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
         case 7:
           ignore_args = 1;
           break;
+        case 8:
+          ignore_args = 1;
+          if (*rest != '{')
+            {
+              err ("opening brace for command '%s' missing", command);
+              return len;
+            }
+          else
+            {
+              /* Find closing brace.  */
+              for (s=rest+1, n=1; *s && n < len; s++, n++)
+                if (*s == '}')
+                  break;
+              if (*s != '}')
+                {
+                  err ("closing brace for command '%s' not found", command);
+                  return len;
+                }
+              else
+                {
+                  size_t len = s - (rest + 1);
+                  macro_t m;
+
+                  for (m = variablelist; m; m = m->next)
+                    if (strlen (m->name) == len
+                        &&!strncmp (m->name, rest+1, len))
+                      break;
+                  if (m)
+                    fputs (m->value, fp);
+                  else
+                    inf ("texinfo variable '%.*s' is not set",
+                         (int)len, rest+1);
+                }
+            }
+          break;
         default:
           break;
         }
     }
-  else
+  else /* macro */
     {
       macro_t m;
 
@@ -1215,6 +1301,10 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
               macrovalue = xmalloc ((macrovaluesize = 1024));
               macrovalueused = 0;
             }
+          else if (n == 4 && !memcmp (line, "@set", 4))
+            {
+              set_variable (p);
+            }
           else if (n == 8 && !memcmp (line, "@manpage", 8))
             {
               free (*section_name);
@@ -1325,6 +1415,13 @@ top_parse_file (const char *fname, FILE *fp)
       free (macrolist);
       macrolist = next;
     }
+  while (variablelist)
+    {
+      macro_t next = variablelist->next;
+      free (variablelist->value);
+      free (variablelist);
+      variablelist = next;
+    }
   for (m=predefinedmacrolist; m; m = m->next)
     set_macro (m->name, xstrdup ("1"));
   cond_is_active = 1;

commit f65276970a6dcd6d9bca94cecc49b68acdcc9492
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jan 5 17:46:05 2015 +0100

    build: Require automake 1.14.
    
    * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/configure.ac b/configure.ac
index 71c50c0..161571a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,7 +21,7 @@
 # (Process this file with autoconf to produce a configure script.)
 AC_REVISION($Revision$)
 AC_PREREQ(2.60)
-min_automake_version="1.10"
+min_automake_version="1.14"
 
 # To build a release you need to create a tag with the version number
 # (git tag -s libgcrypt-n.m.k) and run "./autogen.sh --force".  Please
@@ -75,7 +75,7 @@ VERSION=$PACKAGE_VERSION
 
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_SRCDIR([src/libgcrypt.vers])
-AM_INIT_AUTOMAKE([dist-bzip2])
+AM_INIT_AUTOMAKE([serial-tests dist-bzip2])
 AC_CONFIG_HEADER(config.h)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_LIBOBJ_DIR([compat])

commit 95a751d9cef2c6dfcd7358154bcdbbdf35e31a2e
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jan 5 17:16:04 2015 +0100

    cipher: Add the original PD notice to rijndael-ssse3-amd64.c
    
    --

diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c
index 112ab22..d72ec31 100644
--- a/cipher/rijndael-ssse3-amd64.c
+++ b/cipher/rijndael-ssse3-amd64.c
@@ -15,6 +15,23 @@
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ *
+ * The code is based on the public domain library libvpaes version 0.5
+ * available at http://crypto.stanford.edu/vpaes/ and which carries
+ * this notice:
+ *
+ *     libvpaes: constant-time SSSE3 AES encryption and decryption.
+ *     version 0.5
+ *
+ *     By Mike Hamburg, Stanford University, 2009.  Public domain.
+ *     I wrote essentially all of this code.  I did not write the test
+ *     vectors; they are the NIST known answer tests.  I hereby release all
+ *     the code and documentation here that I wrote into the public domain.
+ *
+ *     This is an implementation of AES following my paper,
+ *       "Accelerating AES with Vector Permute Instructions"
+ *       CHES 2009; http://shiftleft.org/papers/vector_aes/
  */
 
 #include <config.h>
@@ -36,7 +53,7 @@
 /* Two macros to be called prior and after the use of SSSE3
   instructions.  There should be no external function calls between
   the use of these macros.  There purpose is to make sure that the
-  SSE regsiters are cleared and won't reveal any information about
+  SSE registers are cleared and won't reveal any information about
   the key or the data.  */
 #define vpaes_ssse3_prepare_enc(const_ptr) \
     asm volatile ("lea	.Laes_consts(%%rip), %q0 \n\t" \

commit 1a6d65ac0aab335541726d02f2046d883a768ec3
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jan 5 17:04:10 2015 +0100

    Replace camel case of internal scrypt functions.
    
    * cipher/scrypt.c (_salsa20_core): Rename to salsa20_core.  Change
    callers.
    (_scryptBlockMix): Rename to scrypt_block_mix.  Change callers.
    (_scryptROMix): Rename to scrypt_ro_mix. Change callers.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/scrypt.c b/cipher/scrypt.c
index aca903d..3c21c2a 100644
--- a/cipher/scrypt.c
+++ b/cipher/scrypt.c
@@ -76,7 +76,7 @@
 
 
 static void
-_salsa20_core(u32 *dst, const u32 *src, unsigned rounds)
+salsa20_core (u32 *dst, const u32 *src, unsigned int rounds)
 {
   u32 x[SALSA20_INPUT_LENGTH];
   unsigned i;
@@ -108,7 +108,7 @@ _salsa20_core(u32 *dst, const u32 *src, unsigned rounds)
 
 
 static void
-_scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2)
+scrypt_block_mix (u32 r, unsigned char *B, unsigned char *tmp2)
 {
   u64 i;
   unsigned char *X = tmp2;
@@ -142,7 +142,7 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2)
       buf_xor(X, X, &B[i * 64], 64);
 
       /* X = Salsa (T) */
-      _salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8);
+      salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8);
 
       /* Y[i] = X */
       memcpy (&Y[i * 64], X, 64);
@@ -173,8 +173,9 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2)
 #endif
 }
 
+
 static void
-_scryptROMix (u32 r, unsigned char *B, u64 N,
+scrypt_ro_mix (u32 r, unsigned char *B, u64 N,
 	      unsigned char *tmp1, unsigned char *tmp2)
 {
   unsigned char *X = B, *T = B;
@@ -201,7 +202,7 @@ _scryptROMix (u32 r, unsigned char *B, u64 N,
       memcpy (&tmp1[i * 128 * r], X, 128 * r);
 
       /* X =  ScryptBlockMix (X) */
-      _scryptBlockMix (r, X, tmp2);
+      scrypt_block_mix (r, X, tmp2);
     }
 
   /* for i = 0 to N - 1 do */
@@ -216,7 +217,7 @@ _scryptROMix (u32 r, unsigned char *B, u64 N,
       buf_xor (T, T, &tmp1[j * 128 * r], 128 * r);
 
       /* X = scryptBlockMix (T) */
-      _scryptBlockMix (r, T, tmp2);
+      scrypt_block_mix (r, T, tmp2);
     }
 
 #if 0
@@ -234,7 +235,9 @@ _scryptROMix (u32 r, unsigned char *B, u64 N,
 #endif
 }
 
-/**
+
+/*
+ *
  */
 gcry_err_code_t
 _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
@@ -306,7 +309,7 @@ _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
                         1 /* iterations */, p * r128, B);
 
   for (i = 0; !ec && i < p; i++)
-    _scryptROMix (r, &B[i * r128], N, tmp1, tmp2);
+    scrypt_ro_mix (r, &B[i * r128], N, tmp1, tmp2);
 
   for (i = 0; !ec && i < p; i++)
     ec = _gcry_kdf_pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, B, p * r128,

commit c420c0fff5e3b5bdd9ef1a6a4a9b2e1da8301416
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Dec 28 14:26:48 2014 +0100

    doc: State that gcry_md_write et al may be used after md_read.
    
    --

diff --git a/cipher/hash-common.c b/cipher/hash-common.c
index ed63a0b..9a007e1 100644
--- a/cipher/hash-common.c
+++ b/cipher/hash-common.c
@@ -95,7 +95,10 @@ _gcry_hash_selftest_check_one (int algo,
 
 /* Common function to write a chunk of data to the transform function
    of a hash algorithm.  Note that the use of the term "block" does
-   not imply a fixed size block.  */
+   not imply a fixed size block.  Note that we explicitly allow to use
+   this function after the context has been finalized; the result does
+   not have any meaning but writing after finalize is sometimes
+   helpful to mitigate timing attacks. */
 void
 _gcry_md_block_write (void *context, const void *inbuf_arg, size_t inlen)
 {
diff --git a/cipher/md.c b/cipher/md.c
index f9414de..9fef555 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -642,6 +642,9 @@ md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen)
 }
 
 
+/* Note that this function may be used after finalize and read to keep
+   on writing to the transform function so to mitigate timing
+   attacks.  */
 void
 _gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
 {
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index be5f805..30acd2f 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3233,7 +3233,11 @@ by just one character.  Both methods can be used on the same hash context.
 
 Pass @var{length} bytes of the data in @var{buffer} to the digest object
 with handle @var{h} to update the digest values. This
-function should be used for large blocks of data.
+function should be used for large blocks of data.  If this function is
+used after the context has been finalized, it will keep on pushing
+the data through the algorithm specific transform function and change
+the context; however the results are not meaningful and this feature
+is only available to mitigate timing attacks.
 @end deftypefun
 
 @deftypefun void gcry_md_putc (gcry_md_hd_t @var{h}, int @var{c})
@@ -3253,7 +3257,9 @@ message digest or some padding.
 Finalize the message digest calculation.  This is not really needed
 because @code{gcry_md_read} does this implicitly.  After this has been
 done no further updates (by means of @code{gcry_md_write} or
- at code{gcry_md_putc} are allowed.  Only the first call to this function
+ at code{gcry_md_putc} should be done; However, to mitigate timing
+attacks it is sometimes useful to keep on updating the context after
+having stored away the actual digest.  Only the first call to this function
 has an effect. It is implemented as a macro.
 @end deftypefun
 
@@ -3266,8 +3272,9 @@ function:
 calculation.  This function may be used as often as required but it will
 always return the same value for one handle.  The returned message digest
 is allocated within the message context and therefore valid until the
-handle is released or reseted (using @code{gcry_md_close} or
- at code{gcry_md_reset}.  @var{algo} may be given as 0 to return the only
+handle is released or reset-ed (using @code{gcry_md_close} or
+ at code{gcry_md_reset} or it has been updated as a mitigation measure
+against timing attacks.  @var{algo} may be given as 0 to return the only
 enabled message digest or it may specify one of the enabled algorithms.
 The function does return @code{NULL} if the requested algorithm has not
 been enabled.
@@ -3680,10 +3687,13 @@ see how it is actually done.
 @deftypefun gcry_error_t gcry_mac_write (gcry_mac_hd_t @var{h}, const void *@var{buffer}, size_t @var{length})
 
 Pass @var{length} bytes of the data in @var{buffer} to the MAC object
-with handle @var{h} to update the MAC values.
+with handle @var{h} to update the MAC values.  If this function is
+used after the context has been finalized, it will keep on pushing the
+data through the algorithm specific transform function and thereby
+change the context; however the results are not meaningful and this
+feature is only available to mitigate timing attacks.
 @end deftypefun
 
-
 The way to read out the calculated MAC is by using the function:
 
 @deftypefun gcry_error_t gcry_mac_read (gcry_mac_hd_t @var{h}, void *@var{buffer}, size_t *@var{length})
@@ -3694,7 +3704,6 @@ Function copies the resulting MAC value to @var{buffer} of the length
 then length of MAC is returned through @var{length}.
 @end deftypefun
 
-
 To compare existing MAC value with recalculated MAC, one is to use the function:
 
 @deftypefun gcry_error_t gcry_mac_verify (gcry_mac_hd_t @var{h}, void *@var{buffer}, size_t @var{length})

commit 943ce27e6a13057c988c35c913dc6a3f56149591
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Dec 19 09:11:08 2014 +0100

    doc: typo fix
    
    --
    GnuPG-bug-id: 1589

diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 108d53a..be5f805 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3414,7 +3414,7 @@ hashed can be written to files on request.
 @deftypefun void gcry_md_debug (gcry_md_hd_t @var{h}, const char *@var{suffix})
 
 Enable debugging for the digest object with handle @var{h}.  This
-creates create files named @file{dbgmd-<n>.<string>} while doing the
+creates files named @file{dbgmd-<n>.<string>} while doing the
 actual hashing.  @var{suffix} is the string part in the filename.  The
 number is a counter incremented for each new hashing.  The data in the
 file is the raw data as passed to @code{gcry_md_write} or

-----------------------------------------------------------------------

Summary of changes:
 cipher/hash-common.c          |    5 +-
 cipher/md.c                   |    3 ++
 cipher/rijndael-ssse3-amd64.c |   19 +++++++-
 cipher/scrypt.c               |   19 ++++----
 configure.ac                  |    4 +-
 doc/gcrypt.texi               |   25 ++++++----
 doc/yat2m.c                   |  103 +++++++++++++++++++++++++++++++++++++++--
 7 files changed, 155 insertions(+), 23 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits




More information about the Gcrypt-devel mailing list