From smueller at chronox.de Sun Nov 5 11:48:30 2017 From: smueller at chronox.de (Stephan =?ISO-8859-1?Q?M=FCller?=) Date: Sun, 05 Nov 2017 11:48:30 +0100 Subject: AF_ALG support? Message-ID: <1775329.fN9WmAnrbi@positron.chronox.de> Hi, is there a desire to have support for AF_ALG on Linux added to libgcrypt for accessing hardware cipher implementations? I am thinking of the patch set provided to GnuTLS as found in https://gitlab.com/gnutls/gnutls/issues/308. I would volunteer to provide such implementation. If such support is desired, how shall it be integrated into the existing libgcrypt code tree? Currently, different cipher implementations are selected at compile time with ifdefs. Should there simply be another ifdef added for AF_ALG? Ciao Stephan From sheldon.corey at openmailbox.org Sun Nov 5 14:34:59 2017 From: sheldon.corey at openmailbox.org (Corey W Sheldon) Date: Sun, 5 Nov 2017 13:34:59 +0000 Subject: AF_ALG support? In-Reply-To: <1775329.fN9WmAnrbi@positron.chronox.de> References: <1775329.fN9WmAnrbi@positron.chronox.de> Message-ID: On 11/5/17 10:48 AM, Stephan M?ller wrote: > Hi, > > is there a desire to have support for AF_ALG on Linux added to libgcrypt for > accessing hardware cipher implementations? I am thinking of the patch set > provided to GnuTLS as found in https://gitlab.com/gnutls/gnutls/issues/308. > > I would volunteer to provide such implementation. > > If such support is desired, how shall it be integrated into the existing > libgcrypt code tree? Currently, different cipher implementations are selected > at compile time with ifdefs. Should there simply be another ifdef added for > AF_ALG? > > Ciao > Stephan > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel I'll help with the cycles I have for such an effort. -- Corey W Sheldon, KN4FTO Freelance IT Consultant, Multi-Discipline Tutor Fedora Contributor, N.A. P: 310.909.7672 0xD0C33581852FCCC7||FP=4700 FD6D 3EC2 54F9 46BB 9404 D0C3 3581 852F CCC7 0xD2E1CCE920100F28||FP=7587 9300 8171 DABB CB58 96F7 D2E1 CCE9 2010 0F28 0x147DCFBF56D339DC||FP=DDFC B8FB D28A 95E8 66E5 D237 147D CFBF 56D3 39DC 0xC7DCC808E8F3267F||FP=3B72 89AF 0B1A A121 86DD 6965 C7DC C808 E8F3 267F "Have no way as way, no limitation as limitation." "One must never underestimate the power of boredom...from which creativity is borne. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvs at cvs.gnupg.org Mon Nov 6 07:00:09 2017 From: cvs at cvs.gnupg.org (by Jeremie Courreges-Anglas) Date: Mon, 06 Nov 2017 07:00:09 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-20-g77e314a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 77e314a42a9c3c3557f0e60b3bf6da2ff9f7709a (commit) from 94b84360ca55c407222a3eb8222d8b1816fc617f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77e314a42a9c3c3557f0e60b3bf6da2ff9f7709a Author: Jeremie Courreges-Anglas Date: Mon Nov 6 14:57:28 2017 +0900 build: Don't use /dev/srandom on OpenBSD. -- Ported from GnuPG 1.4. All /dev/*random devices have been equivalent since OpenBSD 4.9, on purpose (/dev/random doesn't block). /dev/srandom has been removed in the OpenBSD 6.3 development cycle, /dev/arandom will likely follow. Signed-off-by: Jeremie Courreges-Anglas diff --git a/configure.ac b/configure.ac index 86035a4..57b840e 100644 --- a/configure.ac +++ b/configure.ac @@ -316,21 +316,8 @@ case "${host}" in ;; esac -# -# Figure out the name of the random device -# -case "${host}" in - *-openbsd*) - NAME_OF_DEV_RANDOM="/dev/srandom" - NAME_OF_DEV_URANDOM="/dev/urandom" - ;; - - *) - NAME_OF_DEV_RANDOM="/dev/random" - NAME_OF_DEV_URANDOM="/dev/urandom" - ;; -esac - +NAME_OF_DEV_RANDOM="/dev/random" +NAME_OF_DEV_URANDOM="/dev/urandom" AC_ARG_ENABLE(endian-check, AC_HELP_STRING([--disable-endian-check], ----------------------------------------------------------------------- Summary of changes: configure.ac | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Thu Nov 9 03:02:00 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 09 Nov 2017 03:02:00 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-21-g621f5c4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 621f5c4e837347308a6b06a8cfbfc47ca9fae69e (commit) from 77e314a42a9c3c3557f0e60b3bf6da2ff9f7709a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 621f5c4e837347308a6b06a8cfbfc47ca9fae69e Author: NIIBE Yutaka Date: Thu Nov 9 10:59:33 2017 +0900 Fix secmem test for machine with larger page. * tests/t-secmem.c (main): Detect page size and setup chunk size. * src/secmem.c (init_pool): Simplify the expression. -- GnuPG-bug-id: 3351 Signed-off-by: NIIBE Yutaka diff --git a/src/secmem.c b/src/secmem.c index 86de72d..f7ad1f6 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -407,7 +407,7 @@ init_pool (pooldesc_t *pool, size_t n) # else pgsize_val = -1; # endif - pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE; + pgsize = (pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE; pool->size = (pool->size + pgsize - 1) & ~(pgsize - 1); # ifdef MAP_ANONYMOUS diff --git a/tests/t-secmem.c b/tests/t-secmem.c index 8f4cce1..ecbc55a 100644 --- a/tests/t-secmem.c +++ b/tests/t-secmem.c @@ -25,6 +25,7 @@ #include #include #include +#include #define PGM "t-secmem" @@ -32,6 +33,11 @@ #include "../src/gcrypt-testapi.h" +#define DEFAULT_PAGE_SIZE 4096 +#define MINIMUM_POOL_SIZE 16384 +static size_t pool_size; +static size_t chunk_size; + static void test_secmem (void) { @@ -42,12 +48,12 @@ test_secmem (void) memset (a, 0, sizeof a); /* Allocating 28*512=14k should work in the default 16k pool even - * with extrem alignment requirements. */ + * with extra alignment requirements. */ for (i=0; i < DIM(a); i++) - a[i] = gcry_xmalloc_secure (512); + a[i] = gcry_xmalloc_secure (chunk_size); /* Allocating another 2k should fail for the default 16k pool. */ - b = gcry_malloc_secure (2048); + b = gcry_malloc_secure (chunk_size*4); if (b) fail ("allocation did not fail as expected\n"); @@ -68,7 +74,7 @@ test_secmem_overflow (void) /* Allocating 150*512=75k should require more than one overflow buffer. */ for (i=0; i < DIM(a); i++) { - a[i] = gcry_xmalloc_secure (512); + a[i] = gcry_xmalloc_secure (chunk_size); if (verbose && !(i %40)) xgcry_control (GCRYCTL_DUMP_SECMEM_STATS, 0 , 0); } @@ -111,6 +117,18 @@ int main (int argc, char **argv) { int last_argc = -1; + long int pgsize_val = -1; + size_t pgsize; + +# if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + pgsize_val = sysconf (_SC_PAGESIZE); +# elif defined(HAVE_GETPAGESIZE) + pgsize_val = getpagesize (); +# endif + pgsize = (pgsize_val > 0)? pgsize_val : DEFAULT_PAGE_SIZE; + + pool_size = (MINIMUM_POOL_SIZE + pgsize - 1) & ~(pgsize - 1); + chunk_size = pool_size / 32; if (argc) { argc--; argv++; } @@ -153,7 +171,7 @@ main (int argc, char **argv) if (debug) xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - xgcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); + xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0); gcry_set_outofcore_handler (outofcore_handler, NULL); xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); ----------------------------------------------------------------------- Summary of changes: src/secmem.c | 2 +- tests/t-secmem.c | 28 +++++++++++++++++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From ametzler at bebt.de Sat Nov 11 12:49:16 2017 From: ametzler at bebt.de (Andreas Metzler) Date: Sat, 11 Nov 2017 12:49:16 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-21-g621f5c4 References: Message-ID: <20171111114916.ldcgmtu75pzbphhe@argenau.bebt.de> [resent, gmane gateway seems to have swallowed the original post] by NIIBE Yutaka wrote: [...] > Fix secmem test for machine with larger page. > * tests/t-secmem.c (main): Detect page size and setup chunk size. > * src/secmem.c (init_pool): Simplify the expression. [...] > +# if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) > + pgsize_val = sysconf (_SC_PAGESIZE); > +# elif defined(HAVE_GETPAGESIZE) > + pgsize_val = getpagesize (); > +# endif [...] Thank you. This causes the following error on mingw: ../../tests/t-secmem.c: In function 'main': ../../tests/t-secmem.c:126:16: warning: implicit declaration of function 'getpagesize' [-Wimplicit-function-declaration] pgsize_val = getpagesize (); ^~~~~~~~~~~ I have googled a little bit and found that gnulib's getpagesize.m4 has this comment: dnl mingw has getpagesize() in libgcc.a but doesn't declare it. And indeed it seems to be true, AC_CHECK_FUNCS succeeds but AC_CHECK_DECLS fails. cu Andreas --- a/configure.ac +++ b/configure.ac @@ -1737,6 +1737,9 @@ AC_CHECK_FUNCS(strtoul memmove stricmp a AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4) AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog) AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile) +dnl Also check whether getpagesize() is declared. +dnl mingw has getpagesize() in libgcc.a but doesn't declare it. +AC_CHECK_DECLS([getpagesize]) GNUPG_CHECK_MLOCK --- a/tests/t-secmem.c +++ b/tests/t-secmem.c @@ -122,7 +122,7 @@ main (int argc, char **argv) # if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) pgsize_val = sysconf (_SC_PAGESIZE); -# elif defined(HAVE_GETPAGESIZE) +# elif defined(HAVE_GETPAGESIZE) && HAVE_DECL_GETPAGESIZE pgsize_val = getpagesize (); # endif pgsize = (pgsize_val > 0)? pgsize_val : DEFAULT_PAGE_SIZE; --- a/acinclude.m4 +++ b/acinclude.m4 @@ -209,6 +209,9 @@ mlock(&i, 4); fi if test "$ac_cv_func_mlock" = "yes"; then AC_CHECK_FUNCS(sysconf getpagesize) + dnl Also check whether getpagesize() is declared. + dnl mingw has getpagesize() in libgcc.a but doesn't declare it. + AC_CHECK_DECLS([getpagesize]) AC_MSG_CHECKING(whether mlock is broken) AC_CACHE_VAL(gnupg_cv_have_broken_mlock, AC_TRY_RUN([ @@ -227,7 +230,7 @@ int main() #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) pgsize = sysconf (_SC_PAGESIZE); -#elif defined (HAVE_GETPAGESIZE) +#elif defined (HAVE_GETPAGESIZE) && HAVE_DECL_GETPAGESIZE pgsize = getpagesize(); #else pgsize = -1; From gniibe at fsij.org Tue Nov 14 01:01:03 2017 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 14 Nov 2017 09:01:03 +0900 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-21-g621f5c4 In-Reply-To: <20171111114916.ldcgmtu75pzbphhe@argenau.bebt.de> References: <20171111114916.ldcgmtu75pzbphhe@argenau.bebt.de> Message-ID: <877eutg24g.fsf@iwagami.gniibe.org> Hello, Thank you for useful information. Andreas Metzler wrote: > This causes the following error on mingw: > ../../tests/t-secmem.c: In function 'main': > ../../tests/t-secmem.c:126:16: warning: implicit declaration of function 'getpagesize' [-Wimplicit-function-declaration] > pgsize_val = getpagesize (); > ^~~~~~~~~~~ > > I have googled a little bit and found that gnulib's getpagesize.m4 > has this comment: > dnl mingw has getpagesize() in libgcc.a but doesn't declare it. > > And indeed it seems to be true, AC_CHECK_FUNCS succeeds but > AC_CHECK_DECLS fails. Ah, I see. For t-secmem.c, I tried to follow the way secmem.c does. But, t-secmem routine doesn't check HAVE_MMAP. While MinGW has its own peculiarities, we don't need to check all of them. I think that it is better to use HAVE_MMAP which is already exists. I'll do that (for both of 1.8 and master). -- From cvs at cvs.gnupg.org Tue Nov 14 01:03:17 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 14 Nov 2017 01:03:17 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-22-gc594f18 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c594f187bd457b757112adc551ffa4db92962dc1 (commit) from 621f5c4e837347308a6b06a8cfbfc47ca9fae69e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c594f187bd457b757112adc551ffa4db92962dc1 Author: NIIBE Yutaka Date: Tue Nov 14 09:01:50 2017 +0900 tests: Add HAVE_MMAP check for MinGW. * tests/t-secmem.c (main): Conditionalize with HAVE_MMAP. -- Thanks to: Andreas Metzler Signed-off-by: NIIBE Yutaka diff --git a/tests/t-secmem.c b/tests/t-secmem.c index ecbc55a..baf013d 100644 --- a/tests/t-secmem.c +++ b/tests/t-secmem.c @@ -120,11 +120,13 @@ main (int argc, char **argv) long int pgsize_val = -1; size_t pgsize; +#if HAVE_MMAP # if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) pgsize_val = sysconf (_SC_PAGESIZE); # elif defined(HAVE_GETPAGESIZE) pgsize_val = getpagesize (); # endif +#endif pgsize = (pgsize_val > 0)? pgsize_val : DEFAULT_PAGE_SIZE; pool_size = (MINIMUM_POOL_SIZE + pgsize - 1) & ~(pgsize - 1); ----------------------------------------------------------------------- Summary of changes: tests/t-secmem.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From ametzler at bebt.de Wed Nov 15 19:17:51 2017 From: ametzler at bebt.de (Andreas Metzler) Date: Wed, 15 Nov 2017 19:17:51 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-21-g621f5c4 In-Reply-To: <877eutg24g.fsf@iwagami.gniibe.org> References: <20171111114916.ldcgmtu75pzbphhe@argenau.bebt.de> <877eutg24g.fsf@iwagami.gniibe.org> Message-ID: <20171115181751.vl233j2ur5syygsk@argenau.bebt.de> On 2017-11-14 NIIBE Yutaka wrote: > Andreas Metzler wrote: > > This causes the following error on mingw: > > ../../tests/t-secmem.c: In function 'main': > > ../../tests/t-secmem.c:126:16: warning: implicit declaration of function 'getpagesize' [-Wimplicit-function-declaration] > > pgsize_val = getpagesize (); [...] > > And indeed it seems to be true, AC_CHECK_FUNCS succeeds but > > AC_CHECK_DECLS fails. > Ah, I see. > For t-secmem.c, I tried to follow the way secmem.c does. But, t-secmem > routine doesn't check HAVE_MMAP. > While MinGW has its own peculiarities, we don't need to check all of > them. I think that it is better to use HAVE_MMAP which is already > exists. > I'll do that (for both of 1.8 and master). Thanks, worked for me. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From arunisaac at systemreboot.net Wed Nov 15 17:49:49 2017 From: arunisaac at systemreboot.net (Arun Isaac) Date: Wed, 15 Nov 2017 22:19:49 +0530 Subject: Documentation of `gcry_mpi_div' function's `round' argument Message-ID: <94dc896d.AEEASv92hVQAAAAAAAAAAAP_lo0AAAACwQwAAAAAAAW9WABaDHAz@mailjet.com> https://gnupg.org/documentation/manuals/gcrypt/Calculations.html The documentation for `gcry_mpi_div' says the following regarding its argument `round': "round should be negative or 0." What does `round' do? Is it to indicate that the quotient should be rounded to the nearest integer? A little bit more clarity in the documentation would be nice. Thanks for developing libgcrypt! From cvs at cvs.gnupg.org Wed Nov 15 20:42:23 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Nov 2017 20:42:23 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-23-g0abd103 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0abd1031bc0d889f21ddbf4ced8764d2191075fe (commit) from c594f187bd457b757112adc551ffa4db92962dc1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0abd1031bc0d889f21ddbf4ced8764d2191075fe Author: Werner Koch Date: Wed Nov 15 20:35:16 2017 +0100 doc: Clarify gcry_mpi_div -- diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index a684134..dd24469 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4759,7 +4759,9 @@ Basic arithmetic operations: @math{@var{q} = @var{dividend} / @var{divisor}}, @math{@var{r} = @var{dividend} \bmod @var{divisor}}. @var{q} and @var{r} may be passed -as @code{NULL}. @var{round} should be negative or 0. +as @code{NULL}. @var{round} is either negative for floored division +(rounds towards the next lower integer) or zero for truncated division +(rounds towards zero). @end deftypefun @deftypefun void gcry_mpi_mod (@w{gcry_mpi_t @var{r}}, @w{gcry_mpi_t @var{dividend}}, @w{gcry_mpi_t @var{divisor}}) ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Wed Nov 15 20:37:18 2017 From: wk at gnupg.org (Werner Koch) Date: Wed, 15 Nov 2017 20:37:18 +0100 Subject: Documentation of `gcry_mpi_div' function's `round' argument In-Reply-To: <94dc896d.AEEASv92hVQAAAAAAAAAAAP_lo0AAAACwQwAAAAAAAW9WABaDHAz@mailjet.com> (Arun Isaac's message of "Wed, 15 Nov 2017 22:19:49 +0530") References: <94dc896d.AEEASv92hVQAAAAAAAAAAAP_lo0AAAACwQwAAAAAAAW9WABaDHAz@mailjet.com> Message-ID: <87efoz49ld.fsf@wheatstone.g10code.de> On Wed, 15 Nov 2017 17:49, arunisaac at systemreboot.net said: > What does `round' do? Is it to indicate that the quotient should be > rounded to the nearest integer? A little bit more clarity in the > documentation would be nice. Thanks for noting. I changed it to: -- Function: void gcry_mpi_div (gcry_mpi_t Q, gcry_mpi_t R, gcry_mpi_t DIVIDEND, gcry_mpi_t DIVISOR, int ROUND) Q = DIVIDEND / DIVISOR, R = DIVIDEND \bmod DIVISOR. Q and R may be passed as 'NULL'. ROUND is either negative for floored division (rounds towards the next lower integer) or zero for truncated division (rounds towards zero). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From arunisaac at systemreboot.net Wed Nov 15 22:47:09 2017 From: arunisaac at systemreboot.net (Arun Isaac) Date: Thu, 16 Nov 2017 03:17:09 +0530 Subject: Documentation of `gcry_mpi_div' function's `round' argument In-Reply-To: <87efoz49ld.fsf@wheatstone.g10code.de> References: <94dc896d.AEEASv92hVQAAAAAAAAAAAP_lo0AAAACwQwAAAAAAAW9WABaDHAz@mailjet.com> <87efoz49ld.fsf@wheatstone.g10code.de> Message-ID: >> What does `round' do? Is it to indicate that the quotient should be >> rounded to the nearest integer? A little bit more clarity in the >> documentation would be nice. > > Thanks for noting. I changed it to: > > -- Function: void gcry_mpi_div (gcry_mpi_t Q, gcry_mpi_t R, > gcry_mpi_t DIVIDEND, gcry_mpi_t DIVISOR, int ROUND) > > Q = DIVIDEND / DIVISOR, R = DIVIDEND \bmod DIVISOR. Q and R may be > passed as 'NULL'. ROUND is either negative for floored division > (rounds towards the next lower integer) or zero for truncated > division (rounds towards zero). That's clearer. Thanks! From cvs at cvs.gnupg.org Fri Nov 24 10:14:52 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Nov 2017 10:14:52 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-24-g1f6b2f6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1f6b2f6099ebcfd785e2d2ae0aeca810394dbbac (commit) from 0abd1031bc0d889f21ddbf4ced8764d2191075fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f6b2f6099ebcfd785e2d2ae0aeca810394dbbac Author: Werner Koch Date: Thu Nov 23 19:15:41 2017 +0100 api: Add GCRYCTL_AUTO_EXPAND_SECMEM. * src/gcrypt.h.in (GCRYCTL_AUTO_EXPAND_SECMEM): New enum. * src/global.c (_gcry_vcontrol): Implement that. * src/secmem.c (auto_expand): New var. (_gcry_secmem_set_auto_expand): New. (_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND. -- GnuPG-bug-id: 3530 Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 3b49350..8049d7d 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,7 @@ Noteworthy changes in version 1.9.0 (unreleased) [C22/A3/R0] * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mpi_get_ui NEW function. + GCRYCTL_AUTO_EXPAND_SECMEM NEW control code. Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1] diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index dd24469..7831505 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -425,7 +425,7 @@ and freed memory, you need to initialize Libgcrypt this way: /* Allocate a pool of 16k secure memory. This makes the secure memory available and also drops privileges where needed. Note that by using functions like gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt - may extend the secure memory pool with memory which lacks the + may expand the secure memory pool with memory which lacks the property of not being swapped out to disk. */ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); @@ -672,7 +672,7 @@ This command disables the use of the mlock call for secure memory. Disabling the use of mlock may for example be done if an encrypted swap space is in use. This command should be executed right after @code{gcry_check_version}. Note that by using functions like -gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt may extend the secure +gcry_xmalloc_secure and gcry_mpi_snew Libgcrypt may expand the secure memory pool with memory which lacks the property of not being swapped out to disk (but will still be zeroed out on free). @@ -688,7 +688,7 @@ code should drop these extra privileges as soon as possible. If this command has been used the caller is responsible for dropping the privileges. - at item GCRYCTL_INIT_SECMEM; Arguments: int nbytes + at item GCRYCTL_INIT_SECMEM; Arguments: unsigned int nbytes This command is used to allocate a pool of secure memory and thus enabling the use of secure memory. It also drops all extra privileges the process has (i.e. if it is run as setuid (root)). If the argument @@ -696,6 +696,17 @@ the process has (i.e. if it is run as setuid (root)). If the argument of secure memory allocated is currently 16384 bytes; you may thus use a value of 1 to request that default size. + at item GCRYCTL_AUTO_EXPAND_SECMEM; Arguments: unsigned int chunksize +This command enables on-the-fly expanding of the secure memory area. +Note that by using functions like @code{gcry_xmalloc_secure} and + at code{gcry_mpi_snew} will do this auto expanding anyway. The argument +to this option is the suggested size for new secure memory areas. A +larger size improves performance of all memory allocation and +releasing functions. The given chunksize is rounded up to the next +32KiB. The drawback of auto expanding is that memory might be swapped +out to disk; this can be fixed by configuring the system to use an +encrypted swap space. + @item GCRYCTL_TERM_SECMEM; Arguments: none This command zeroises the secure memory and destroys the handler. The secure memory pool may not be used anymore after running this command. diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index b55657f..1eb3d7c 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -332,7 +332,8 @@ enum gcry_ctl_cmds GCRYCTL_DRBG_REINIT = 74, GCRYCTL_SET_TAGLEN = 75, GCRYCTL_GET_TAGLEN = 76, - GCRYCTL_REINIT_SYSCALL_CLAMP = 77 + GCRYCTL_REINIT_SYSCALL_CLAMP = 77, + GCRYCTL_AUTO_EXPAND_SECMEM = 78 }; /* Perform various operations defined by CMD. */ diff --git a/src/global.c b/src/global.c index ad9ab1d..6c2486c 100644 --- a/src/global.c +++ b/src/global.c @@ -531,6 +531,10 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) & ~GCRY_SECMEM_FLAG_SUSPEND_WARNING)); break; + case GCRYCTL_AUTO_EXPAND_SECMEM: + _gcry_secmem_set_auto_expand (va_arg (arg_ptr, unsigned int)); + break; + case GCRYCTL_USE_SECURE_RNDPOOL: global_init (); _gcry_secure_random_alloc (); /* Put random number into secure memory. */ diff --git a/src/secmem.c b/src/secmem.c index f7ad1f6..79c135f 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -91,7 +91,7 @@ typedef struct pooldesc_s static pooldesc_t mainpool; -/* A couple of flags whith some being set early. */ +/* A couple of flags with some being set early. */ static int disable_secmem; static int show_warning; static int not_locked; @@ -99,6 +99,8 @@ static int no_warning; static int suspend_warning; static int no_mlock; static int no_priv_drop; +static unsigned int auto_expand; + /* Lock protecting accesses to the memory pools. */ GPGRT_LOCK_DEFINE (secmem_lock); @@ -458,6 +460,24 @@ init_pool (pooldesc_t *pool, size_t n) mb->flags = 0; } + +/* Enable overflow pool allocation in all cases. CHUNKSIZE is a hint + * on how large to allocate overflow pools. */ +void +_gcry_secmem_set_auto_expand (unsigned int chunksize) +{ + /* Round up to a multiple of the STANDARD_POOL_SIZE. */ + chunksize = ((chunksize + (2*STANDARD_POOL_SIZE) - 1) + / STANDARD_POOL_SIZE ) * STANDARD_POOL_SIZE; + if (chunksize < STANDARD_POOL_SIZE) /* In case of overflow. */ + chunksize = STANDARD_POOL_SIZE; + + SECMEM_LOCK; + auto_expand = chunksize; + SECMEM_UNLOCK; +} + + void _gcry_secmem_set_flags (unsigned flags) { @@ -617,7 +637,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) /* If we are called from xmalloc style function resort to the * overflow pools to return memory. We don't do this in FIPS mode, * though. */ - if (xhint && !fips_mode ()) + if ((xhint || auto_expand) && !fips_mode ()) { for (pool = pool->next; pool; pool = pool->next) { @@ -635,7 +655,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) pool = calloc (1, sizeof *pool); if (!pool) return NULL; /* Not enough memory for a new pool descriptor. */ - pool->size = STANDARD_POOL_SIZE; + pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE; pool->mem = malloc (pool->size); if (!pool->mem) return NULL; /* Not enough memory available for a new pool. */ diff --git a/src/secmem.h b/src/secmem.h index 29dd64f..8ad6ef1 100644 --- a/src/secmem.h +++ b/src/secmem.h @@ -27,6 +27,7 @@ void *_gcry_secmem_malloc (size_t size, int xhint) _GCRY_GCC_ATTR_MALLOC; void *_gcry_secmem_realloc (void *a, size_t newsize, int xhint); int _gcry_secmem_free (void *a); void _gcry_secmem_dump_stats (int extended); +void _gcry_secmem_set_auto_expand (unsigned int chunksize); void _gcry_secmem_set_flags (unsigned flags); unsigned _gcry_secmem_get_flags(void); int _gcry_private_is_secure (const void *p); ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + doc/gcrypt.texi | 17 ++++++++++++++--- src/gcrypt.h.in | 3 ++- src/global.c | 4 ++++ src/secmem.c | 26 +++++++++++++++++++++++--- src/secmem.h | 1 + 6 files changed, 45 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Fri Nov 24 10:54:46 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Nov 2017 10:54:46 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-25-g2ad912d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2ad912d5b7794fb32192fddab1b559c7b86303a2 (commit) from 1f6b2f6099ebcfd785e2d2ae0aeca810394dbbac (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2ad912d5b7794fb32192fddab1b559c7b86303a2 Author: Werner Koch Date: Fri Nov 24 10:44:24 2017 +0100 sexp: Avoid a fatal error in case of ENOMEM in called functions. * src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error return. Replace sprintf by snprintf. (convert_to_hex): Replace sprintf by snprintf. (convert_to_string): Ditto. (_gcry_sexp_sprint): Ditto. -- _gcry_mpi_print can actually return ENOMEM because it inetrnally needs to allocate temporary buffers. Thus BUG was not the right thing to do. This was detected while investigating bug 3530. Replacing sprintf by snprintf is not technically required but some compilers print warnings for the use of sprintf. So let's silence them. Signed-off-by: Werner Koch diff --git a/src/sexp.c b/src/sexp.c index 6077bab..0462d92 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -1,7 +1,7 @@ /* sexp.c - S-Expression handling * Copyright (C) 1999, 2000, 2001, 2002, 2003, * 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 g10 Code GmbH + * Copyright (C) 2013, 2014, 2017 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -15,9 +15,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + * SPDX-License-Identifier: LGPL-2.1+ */ @@ -1429,8 +1429,9 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, } else { - if (_gcry_mpi_print (mpifmt, NULL, 0, &nm, m)) - BUG (); + err = _gcry_mpi_print (mpifmt, NULL, 0, &nm, m); + if (err) + goto leave; MAKE_SPACE (nm); if (!_gcry_is_secure (c.sexp->d) @@ -1456,8 +1457,9 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, *c.pos++ = ST_DATA; STORE_LEN (c.pos, nm); - if (_gcry_mpi_print (mpifmt, c.pos, nm, &nm, m)) - BUG (); + err = _gcry_mpi_print (mpifmt, c.pos, nm, &nm, m); + if (err) + goto leave; c.pos += nm; } } @@ -1521,7 +1523,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, char buf[35]; ARG_NEXT (aint, int); - sprintf (buf, "%d", aint); + snprintf (buf, sizeof buf, "%d", aint); alen = strlen (buf); MAKE_SPACE (alen); *c.pos++ = ST_DATA; @@ -1537,7 +1539,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, char buf[35]; ARG_NEXT (aint, unsigned int); - sprintf (buf, "%u", aint); + snprintf (buf, sizeof buf, "%u", aint); alen = strlen (buf); MAKE_SPACE (alen); *c.pos++ = ST_DATA; @@ -1810,7 +1812,7 @@ convert_to_hex (const unsigned char *src, size_t len, char *dest) { *dest++ = '#'; for (i=0; i < len; i++, dest += 2 ) - sprintf (dest, "%02X", src[i]); + snprintf (dest, 3, "%02X", src[i]); *dest++ = '#'; } return len*2+2; @@ -1839,7 +1841,7 @@ convert_to_string (const unsigned char *s, size_t len, char *dest) default: if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0))) { - sprintf (p, "\\x%02x", *s); + snprintf (p, 5, "\\x%02x", *s); p += 4; } else @@ -1999,7 +2001,7 @@ _gcry_sexp_sprint (const gcry_sexp_t list, int mode, } else { - sprintf (numbuf, "%u:", (unsigned int)n ); + snprintf (numbuf, sizeof numbuf, "%u:", (unsigned int)n ); len += strlen (numbuf) + n; if ( buffer ) { ----------------------------------------------------------------------- Summary of changes: src/sexp.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From daserocke at gmail.com Thu Nov 30 15:01:01 2017 From: daserocke at gmail.com (Steinar Kvarre) Date: Thu, 30 Nov 2017 15:01:01 +0100 Subject: Hi there Developer i just have a question, wld take 3 min. Message-ID: I have tried gnupg, and wonder is there somehow possible to hack the password with the gnupg with X also comes up with password in X windows. (i use xfce4) so i wonderd if between there from gnupg app to X win ask for password, is there a connection, Im just wondering for safety, Sicnelry Steinar Kvarra, Norway. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkg at fifthhorseman.net Thu Nov 30 23:39:36 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 30 Nov 2017 17:39:36 -0500 Subject: Hi there Developer i just have a question, wld take 3 min. In-Reply-To: References: Message-ID: <87bmjjtmqf.fsf@fifthhorseman.net> Hi Steinar-- On Thu 2017-11-30 15:01:01 +0100, Steinar Kvarre wrote: > I have tried gnupg, and wonder is there somehow possible to hack the > password with the gnupg with X also comes up with password in X > windows. (i use xfce4) so i wonderd if between there from gnupg app to > X win ask for password, is there a connection, Im just wondering for > safety, I don't know specifically what your question is, but i think you're asking about the communications channel when GnuPG prompts for a password. On modern GnuPG systems, the communications channel is: * gpg needs access to secret key material. * it asks gpg-agent for the use of a secret key (possibly launching gpg-agent if it's not already launched). * gpg-agent checks to see whether it has unlocked access to that secret key. if it does, it can grant access directly. * if it does not, it launches some version of pinentry to get a passphrase from the user. different versions of pinentry have different ways of communicating with the user. GnuPG itself should never see the password, unless it is invoked with special commands that route the password handling back to it. (e.g. --pinentry-mode=loopback). Can you explain more about what you mean by "hack the password"? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: