From collin.funk1 at gmail.com Fri May 2 07:20:58 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Thu, 1 May 2025 22:20:58 -0700 Subject: [PATCH libgcrypt 2/2] tests: Fix link errors for t-thread-local. In-Reply-To: <20250502052113.350052-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: <20250502052113.350052-2-collin.funk1@gmail.com> On platforms where pthread_create is not in libc t-thread-local fails to link. Issue found on NetBSD 10.0. * tests/Makefile.am (t_thread_local_LDADD): Add $(standard_ldadd), $(GPG_ERROR_MT_LIBS), and @LDADD_FOR_TESTS_KLUDGE at . (t_thread_local_CFLAGS): Add $(GPG_ERROR_MT_CFLAGS). -- GnuPG-bug-id: 7634 Signed-off-by: Collin Funk --- tests/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 3170a58e..cef9b700 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -94,6 +94,8 @@ t_secmem_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@ testapi_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@ t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@ t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS) +t_thread_local_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@ +t_thread_local_CFLAGS = $(GPG_ERROR_MT_CFLAGS) testdrv_LDADD = $(LDADD_FOR_TESTS_KLUDGE) # Build a version of the test driver for the build platform. -- 2.49.0 From collin.funk1 at gmail.com Fri May 2 07:20:57 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Thu, 1 May 2025 22:20:57 -0700 Subject: [PATCH libgcrypt 1/2] cipher:aria: Fix compiler error on NetBSD. Message-ID: <20250502052113.350052-1-collin.funk1@gmail.com> * cipher/aria.c (bswap32) [__NetBSD__]: Define internal function to something else to avoid possible system definitions. -- GnuPG-bug-id: 7633 Signed-off-by: Collin Funk --- cipher/aria.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cipher/aria.c b/cipher/aria.c index bc2d4384..cabae4a6 100644 --- a/cipher/aria.c +++ b/cipher/aria.c @@ -641,6 +641,11 @@ u32 rotr32(u32 v, u32 r) return ror(v, r); } +/* Avoid a compiler error due to the definition of bswap32 on NetBSD. */ +#if defined (__NetBSD__) +#undef bswap32 +#define bswap32 _aria_bswap32 +#endif static ALWAYS_INLINE u32 bswap32(u32 v) { -- 2.49.0 From collin.funk1 at gmail.com Fri May 2 07:25:57 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Thu, 01 May 2025 22:25:57 -0700 Subject: DCO for Collin Funk Message-ID: <87h623y462.fsf@gmail.com> Libgcrypt Developer's Certificate of Origin. Version 1.0 ========================================================= By making a contribution to the Libgcrypt project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Collin Funk -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From jussi.kivilinna at iki.fi Fri May 2 11:42:48 2025 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 2 May 2025 12:42:48 +0300 Subject: [PATCH libgcrypt 1/2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: <20250502052113.350052-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: Hello, On 02/05/2025 08:20, Collin Funk via Gcrypt-devel wrote: > * cipher/aria.c (bswap32) [__NetBSD__]: Define internal function to > something else to avoid possible system definitions. > > -- > > GnuPG-bug-id: 7633 > Signed-off-by: Collin Funk > --- > cipher/aria.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/cipher/aria.c b/cipher/aria.c > index bc2d4384..cabae4a6 100644 > --- a/cipher/aria.c > +++ b/cipher/aria.c > @@ -641,6 +641,11 @@ u32 rotr32(u32 v, u32 r) > return ror(v, r); > } > > +/* Avoid a compiler error due to the definition of bswap32 on NetBSD. */ > +#if defined (__NetBSD__) > +#undef bswap32 > +#define bswap32 _aria_bswap32 > +#endif > static ALWAYS_INLINE > u32 bswap32(u32 v) > { I think it would be better to just remove this bswap32 wrapper function and change aria_diff_byte() to use _gcry_bswap32 directly. -Jussi From collin.funk1 at gmail.com Fri May 2 19:51:09 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Fri, 02 May 2025 10:51:09 -0700 Subject: [PATCH libgcrypt 1/2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: <878qne3nqq.fsf@gmail.com> Jussi Kivilinna writes: > I think it would be better to just remove this bswap32 wrapper function > and change aria_diff_byte() to use _gcry_bswap32 directly. Yes, you are right. That is much simpler... Collin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From collin.funk1 at gmail.com Fri May 2 19:53:49 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Fri, 2 May 2025 10:53:49 -0700 Subject: [PATCH libgcrypt v2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: <20250502052113.350052-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: <20250502175358.33416-1-collin.funk1@gmail.com> * cipher/aria.c (bswap32): Remove function that conflicts with system definitions on NetBSD. (aria_diff_byte): Use _gcry_bswap32. -- GnuPG-bug-id: 7633 Signed-off-by: Collin Funk --- cipher/aria.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/cipher/aria.c b/cipher/aria.c index bc2d4384..26546a63 100644 --- a/cipher/aria.c +++ b/cipher/aria.c @@ -641,12 +641,6 @@ u32 rotr32(u32 v, u32 r) return ror(v, r); } -static ALWAYS_INLINE -u32 bswap32(u32 v) -{ - return _gcry_bswap32(v); -} - static ALWAYS_INLINE u32 get_u8(u32 x, u32 y) { @@ -727,7 +721,7 @@ static inline void aria_diff_byte(u32 *t1, u32 *t2, u32 *t3) { *t1 = ((*t1 << 8) & 0xff00ff00) ^ ((*t1 >> 8) & 0x00ff00ff); *t2 = rotr32(*t2, 16); - *t3 = bswap32(*t3); + *t3 = _gcry_bswap32(*t3); } /* Key XOR Layer */ -- 2.49.0 From jussi.kivilinna at iki.fi Sat May 3 10:50:17 2025 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sat, 3 May 2025 11:50:17 +0300 Subject: [PATCH libgcrypt v2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: <20250502175358.33416-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> <20250502175358.33416-1-collin.funk1@gmail.com> Message-ID: Hello, On 02/05/2025 20:53, Collin Funk via Gcrypt-devel wrote: > * cipher/aria.c (bswap32): Remove function that conflicts with system > definitions on NetBSD. > (aria_diff_byte): Use _gcry_bswap32. Thanks. Both patches have been applied to master. -Jussi From eggert at cs.ucla.edu Sat May 10 07:45:52 2025 From: eggert at cs.ucla.edu (Paul Eggert) Date: Fri, 9 May 2025 22:45:52 -0700 Subject: libgcrypt "allow to" comment fixes Message-ID: <77e5f775-cabb-4b55-a0c6-4ae4f1890faf@cs.ucla.edu> libgcrypt contains several instances of ungrammatical English phrases like "This allows to keep it uninitialized", where grammatical English would be something like "This allows keeping it uninitialized". I noticed this when correcting some grammar in Emacs and Gnulib comments. Proposed libgcrypt patch attached. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-ungrammatical-use-of-allow-to.patch Type: text/x-patch Size: 22172 bytes Desc: not available URL: From collin.funk1 at gmail.com Mon May 12 00:26:29 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Sun, 11 May 2025 15:26:29 -0700 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. Message-ID: <20250511222648.351275-1-collin.funk1@gmail.com> * COPYING: Update to latest from Gnulib. * COPYING.LIB: Likewise. * doc/gpl.texi: Likewise. * doc/lgpl.texi: Likewise. * cipher/scrypt.c: Link to gnu.org instead of mentioning the old FSF address. Signed-off-by: Collin Funk --- COPYING | 9 ++++----- COPYING.LIB | 9 ++++----- cipher/scrypt.c | 5 ++--- doc/gpl.texi | 17 ++++++++--------- doc/lgpl.texi | 20 +++++++++----------- 5 files changed, 27 insertions(+), 33 deletions(-) diff --git a/COPYING b/COPYING index d159169d..9efa6fbc 100644 --- a/COPYING +++ b/COPYING @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -304,8 +304,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + with this program; if not, see . Also add information on how to contact you by electronic and paper mail. @@ -329,8 +328,8 @@ necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. - , 1 April 1989 - Ty Coon, President of Vice + , 1 April 1989 + Moe Ghoul, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may diff --git a/COPYING.LIB b/COPYING.LIB index 4362b491..f6683e74 100644 --- a/COPYING.LIB +++ b/COPYING.LIB @@ -2,7 +2,7 @@ Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -484,8 +484,7 @@ convey the exclusion of warranty; and each file should have at least the Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + License along with this library; if not, see . Also add information on how to contact you by electronic and paper mail. @@ -496,7 +495,7 @@ necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. - , 1 April 1990 - Ty Coon, President of Vice + , 1 April 1990 + Moe Ghoul, President of Vice That's all there is to it! diff --git a/cipher/scrypt.c b/cipher/scrypt.c index a6d15a84..e0d5df9e 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -35,9 +35,8 @@ * License for more details. * * You should have received a copy of the GNU Lesser General Public License - * along with the nettle library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02111-1301, USA. + * along with the nettle library; see the file COPYING.LIB. If not, see + * . */ #include diff --git a/doc/gpl.texi b/doc/gpl.texi index 38aa9182..27e3ed1e 100644 --- a/doc/gpl.texi +++ b/doc/gpl.texi @@ -6,7 +6,7 @@ @display Copyright @copyright{} 1989, 1991 Free Software Foundation, Inc. -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -292,12 +292,12 @@ @item BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW at . EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE at . THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU at . SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. @@ -344,12 +344,11 @@ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE at . See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +along with this program; if not, see . @end smallexample Also add information on how to contact you by electronic and paper mail. @@ -378,8 +377,8 @@ Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. - at var{signature of Ty Coon}, 1 April 1989 -Ty Coon, President of Vice + at var{signature of Moe Ghoul}, 1 April 1989 +Moe Ghoul, President of Vice @end example This General Public License does not permit incorporating your program into diff --git a/doc/lgpl.texi b/doc/lgpl.texi index ab03d6cc..93663f7a 100644 --- a/doc/lgpl.texi +++ b/doc/lgpl.texi @@ -6,12 +6,12 @@ @display Copyright @copyright{} 1991, 1999 Free Software Foundation, Inc. -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. -[This is the first released version of the Lesser GPL. It also counts +[This is the first released version of the Lesser GPL at . It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] @end display @@ -474,13 +474,13 @@ @item BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW at . EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY ``AS IS'' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +PURPOSE at . THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU at . SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. @item @@ -523,13 +523,11 @@ This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE at . See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public -License along with this library; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, -USA. +License along with this library; if not, see . @end smallexample Also add information on how to contact you by electronic and paper mail. @@ -542,8 +540,8 @@ Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. - at var{signature of Ty Coon}, 1 April 1990 -Ty Coon, President of Vice + at var{signature of Moe Ghoul}, 1 April 1990 +Moe Ghoul, President of Vice @end smallexample That's all there is to it! -- 2.49.0 From wk at gnupg.org Mon May 12 17:49:48 2025 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 May 2025 17:49:48 +0200 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. In-Reply-To: <20250511222648.351275-1-collin.funk1@gmail.com> (Collin Funk via Gcrypt-devel's message of "Sun, 11 May 2025 15:26:29 -0700") References: <20250511222648.351275-1-collin.funk1@gmail.com> Message-ID: <87frh97rs3.fsf@jacob.g10code.de> On Sun, 11 May 2025 15:26, Collin Funk said: > * COPYING: Update to latest from Gnulib. > * COPYING.LIB: Likewise. > * doc/gpl.texi: Likewise. > * doc/lgpl.texi: Likewise. > * cipher/scrypt.c: Link to gnu.org instead of mentioning the old FSF Thanks. Applied to master. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From collin.funk1 at gmail.com Mon May 12 19:19:59 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Mon, 12 May 2025 10:19:59 -0700 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. In-Reply-To: <87frh97rs3.fsf@jacob.g10code.de> References: <20250511222648.351275-1-collin.funk1@gmail.com> <87frh97rs3.fsf@jacob.g10code.de> Message-ID: <87plgdn3uo.fsf@gmail.com> Werner Koch writes: > Thanks. Applied to master. Thanks! FYI, build-aux/ltmain.sh and m4/libtool.m4 still have the old FSF address, but I expect that to change when all of our systems have a more recent libtool. No need to change it ourselves, I think. Collin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From gniibe at fsij.org Tue May 13 02:28:28 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 13 May 2025 09:28:28 +0900 Subject: [PATCH] mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. Message-ID: * mpi/ec.c (_gcry_mpi_ec_get_affine): Fix for possible leak. -- GnuPG-bug-id: 7519 Signed-off-by: NIIBE Yutaka --- mpi/ec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-mpi-ec-Use-ec_mulm_lli-in-_gcry_mpi_ec_get_affine.patch Type: text/x-patch Size: 951 bytes Desc: not available URL: From wk at gnupg.org Tue May 13 14:37:52 2025 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 May 2025 14:37:52 +0200 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. In-Reply-To: <87plgdn3uo.fsf@gmail.com> (Collin Funk via Gcrypt-devel's message of "Mon, 12 May 2025 10:19:59 -0700") References: <20250511222648.351275-1-collin.funk1@gmail.com> <87frh97rs3.fsf@jacob.g10code.de> <87plgdn3uo.fsf@gmail.com> Message-ID: <87sel865zz.fsf@jacob.g10code.de> On Mon, 12 May 2025 10:19, Collin Funk said: > FSF address, but I expect that to change when all of our systems have a > more recent libtool. No need to change it ourselves, I think. Actually we try not to update libtool due to a not good track record in breaking cross-builds for Windows. IIRC, we still have some custom modifications applied. Most stuff of libtool is actually not required here. I can imagine to have a much simpler version which just gives the correct linker and compiler flags for the supported platforms and does not try to build wrappers for testing and convenience libraries. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From wk at gnupg.org Tue May 13 14:39:06 2025 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 May 2025 14:39:06 +0200 Subject: [PATCH] mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. In-Reply-To: (NIIBE Yutaka via Gcrypt-devel's message of "Tue, 13 May 2025 09:28:28 +0900") References: Message-ID: <87o6vw65xx.fsf@jacob.g10code.de> On Tue, 13 May 2025 09:28, NIIBE Yutaka said: > * mpi/ec.c (_gcry_mpi_ec_get_affine): Fix for possible leak. BTW, Do we have benchmarks for these LLI changes. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From gniibe at fsij.org Wed May 14 04:32:07 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 14 May 2025 11:32:07 +0900 Subject: [PATCH] mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. In-Reply-To: <87o6vw65xx.fsf@jacob.g10code.de> References: <87o6vw65xx.fsf@jacob.g10code.de> Message-ID: <874ixnudlk.fsf@haruna.fsij.org> Werner Koch wrote: > On Tue, 13 May 2025 09:28, NIIBE Yutaka said: >> * mpi/ec.c (_gcry_mpi_ec_get_affine): Fix for possible leak. > > BTW, Do we have benchmarks for these LLI changes. I used standard one of libgcrypt/tests/benchmark. For 64-bit architectures, changes resulted better; This is due to the improvements with the code paths of LLI version (_gcry_mpih_powm_lli uses Montgomery exponentiation, mpi_ec_mul_point_lli has optimization with affine coordinates). The approach taken for those improvements could be applied to existing generic code paths, if done carefully. This... is left as an exercise for the hackers. -- From gniibe at fsij.org Wed May 14 06:35:43 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 14 May 2025 13:35:43 +0900 Subject: [PATCH] mpi:ec: Least leak with k^(-1) for ECDSA. Message-ID: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> * src/mpi.h (_gcry_mpi_assign_limb_space): Add. (_gcry_mpih_mod_lli, _gcry_mpih_mul_lli): Add. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Take care about least leak with k^(-1). -- GnuPG-bug-id: 7519 Signed-off-by: NIIBE Yutaka --- cipher/ecc-ecdsa.c | 20 +++++++++++++++++++- src/mpi.h | 7 +++++++ 2 files changed, 26 insertions(+), 1 deletion(-) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-mpi-ec-Least-leak-with-k-1-for-ECDSA.patch Type: text/x-patch Size: 2579 bytes Desc: not available URL: From jcb62281 at gmail.com Thu May 15 07:29:38 2025 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Thu, 15 May 2025 00:29:38 -0500 Subject: [PATCH] mpi:ec: Least leak with k^(-1) for ECDSA. In-Reply-To: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> References: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> Message-ID: On 5/13/25 23:35, NIIBE Yutaka via Gcrypt-devel wrote: > * src/mpi.h (_gcry_mpi_assign_limb_space): Add. > (_gcry_mpih_mod_lli, _gcry_mpih_mul_lli): Add. > * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Take care > about least leak with k^(-1). > > -- > > GnuPG-bug-id: 7519 > Signed-off-by: NIIBE Yutaka > --- > cipher/ecc-ecdsa.c | 20 +++++++++++++++++++- > src/mpi.h | 7 +++++++ > 2 files changed, 26 insertions(+), 1 deletion(-) I note from the diff context that the next step after the part you are changing is to remove a blinding factor from the result. If the calculation is performed blinded, why is least-leak important enough here to justify the added code complexity? Note that introducing an "mpi_mulm_lli" as an LLI drop-in replacement for "mpi_mulm" would also address my concern.? Also note that using least-leak for the blinding/unblinding steps might be more important than for any of the blinded steps in the middle. -- Jacob From gniibe at fsij.org Fri May 16 02:48:05 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 16 May 2025 09:48:05 +0900 Subject: [PATCH] mpi:ec: Least leak with k^(-1) for ECDSA. In-Reply-To: References: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> Message-ID: <878qmxs7ne.fsf@haruna.fsij.org> Jacob Bachmeyer wrote: > I note from the diff context that the next step after the part you are > changing is to remove a blinding factor from the result. Could be. Currently, my focus is the leaks of K and K^(-1). Blinding here is for the private key (ec->d). > If the calculation is performed blinded, why is least-leak important > enough here to justify the added code complexity? The patch I sent is for K^(-1). (The code would be looked complex, but actually the execution code path is simpler than the one by mpi_mulm. We don't have mpi_mulm_lli or mpi_mul_lli yet.) -- From collin.funk1 at gmail.com Sat May 17 06:10:37 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Fri, 16 May 2025 21:10:37 -0700 Subject: [PATCH libgcrypt] Fix missing simd-common-riscv.h in libgcrypt tarball. Message-ID: <20250517041053.130195-1-collin.funk1@gmail.com> * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add simd-common-riscv.h. -- GnuPG-bug-id: 7647 Signed-off-by: Collin Funk --- cipher/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index c33cce0a..2e129cab 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -129,7 +129,7 @@ EXTRA_libcipher_la_SOURCES = \ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ serpent-avx512-x86.c serpent-armv7-neon.S \ - simd-common-aarch64.h simd-common-ppc.h \ + simd-common-aarch64.h simd-common-ppc.h simd-common-riscv.h \ sm4.c sm4-aesni-avx-amd64.S sm4-aesni-avx2-amd64.S \ sm4-gfni-avx2-amd64.S sm4-gfni-avx512-amd64.S \ sm4-aarch64.S sm4-armv8-aarch64-ce.S sm4-armv9-aarch64-sve-ce.S \ -- 2.49.0 From jussi.kivilinna at iki.fi Mon May 19 17:59:26 2025 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Mon, 19 May 2025 18:59:26 +0300 Subject: [PATCH libgcrypt] Fix missing simd-common-riscv.h in libgcrypt tarball. In-Reply-To: <20250517041053.130195-1-collin.funk1@gmail.com> References: <20250517041053.130195-1-collin.funk1@gmail.com> Message-ID: <3190c0c9-0859-4c12-b256-8e0bf19f5270@iki.fi> Hello, On 17/05/2025 07:10, Collin Funk via Gcrypt-devel wrote: > * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add > simd-common-riscv.h. > > -- > > GnuPG-bug-id: 7647 > Signed-off-by: Collin Funk > --- Thanks, patch applied to master. -Jussi From guido at trentalancia.com Sun May 25 17:25:56 2025 From: guido at trentalancia.com (Guido Trentalancia) Date: Sun, 25 May 2025 17:25:56 +0200 Subject: [PATCH libgcrypt] Disable CPU speculation-related misfeatures Message-ID: <1748186756.27370.3.camel@trentalancia.com> Disable CPU speculation-related misfeatures which are in fact vulnerabilities causing data leaks: - Speculative Store Bypass - Indirect Branch Speculation - Flush L1D Cache on context switch out of the task For further information see the kernel documentation: Documentation/userspace-api/spec_ctrl.rst Signed-off-by: Guido Trentalancia --- src/global.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) --- a/src/global.c 2024-04-26 14:08:12.000000000 +0200 +++ b/src/global.c 2025-05-25 16:03:24.718598884 +0200 @@ -33,6 +33,7 @@ #ifdef HAVE_SYSLOG # include #endif /*HAVE_SYSLOG*/ +#include #include "g10lib.h" #include "gcrypt-testapi.h" @@ -95,6 +96,26 @@ global_init (void) return; _gcry_global_any_init_done = 1; +/* Disable CPU speculation-related misfeatures which are in + * fact vulnerabilities causing data leaks: see the kernel + * documentation: Documentation/userspace-api/spec_ctrl.rst + * + * - Speculative Store Bypass + * - Indirect Branch Speculation + * - Flush L1D Cache on context switch out of the task + */ +#ifdef PR_SPEC_STORE_BYPASS + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); +#endif + +#ifdef PR_SPEC_INDIRECT_BRANCH + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); +#endif + +#ifdef PR_SPEC_L1D_FLUSH + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_FORCE_DISABLE, 0, 0); +#endif + /* Tell the random module that we have seen an init call. */ _gcry_set_preferred_rng_type (0); From collin.funk1 at gmail.com Sun May 25 21:58:52 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Sun, 25 May 2025 12:58:52 -0700 Subject: [PATCH libgcrypt] Disable CPU speculation-related misfeatures In-Reply-To: <1748186756.27370.3.camel@trentalancia.com> References: <1748186756.27370.3.camel@trentalancia.com> Message-ID: <87ecwcea2r.fsf@gmail.com> Guido Trentalancia via Gcrypt-devel writes: > --- a/src/global.c 2024-04-26 14:08:12.000000000 +0200 > +++ b/src/global.c 2025-05-25 16:03:24.718598884 +0200 > @@ -33,6 +33,7 @@ > #ifdef HAVE_SYSLOG > # include > #endif /*HAVE_SYSLOG*/ > +#include This would cause a compilation error on many platforms since sys/prctl.h is Linux-specific. Collin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From guido at trentalancia.com Sun May 25 22:14:39 2025 From: guido at trentalancia.com (Guido Trentalancia) Date: Sun, 25 May 2025 22:14:39 +0200 Subject: [PATCH libgcrypt v2] Disable CPU speculation-related misfeatures In-Reply-To: <87ecwcea2r.fsf@gmail.com> References: <1748186756.27370.3.camel@trentalancia.com> <87ecwcea2r.fsf@gmail.com> Message-ID: <1748204079.1126.1.camel@trentalancia.com> Thanks for pointing this out Collin, here is a revised v2 version of the patch... Disable CPU speculation-related misfeatures which are in fact vulnerabilities causing data leaks: - Speculative Store Bypass - Indirect Branch Speculation - Flush L1D Cache on context switch out of the task For further information see the kernel documentation: Documentation/userspace-api/spec_ctrl.rst --- a/src/global.c 2024-04-26 14:08:12.000000000 +0200 +++ b/src/global.c 2025-05-25 16:03:24.718598884 +0200 @@ -33,6 +33,9 @@ #ifdef HAVE_SYSLOG # include #endif /*HAVE_SYSLOG*/ +#if defined(__linux__) +#include +#endif #include "g10lib.h" #include "gcrypt-testapi.h" @@ -95,6 +96,28 @@ global_init (void) return; _gcry_global_any_init_done = 1; +#if defined(__linux__) +/* Disable CPU speculation-related misfeatures which are in + * fact vulnerabilities causing data leaks: see the kernel + * documentation: Documentation/userspace-api/spec_ctrl.rst + * + * - Speculative Store Bypass + * - Indirect Branch Speculation + * - Flush L1D Cache on context switch out of the task + */ +#ifdef PR_SPEC_STORE_BYPASS + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); +#endif + +#ifdef PR_SPEC_INDIRECT_BRANCH + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); +#endif + +#ifdef PR_SPEC_L1D_FLUSH + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_FORCE_DISABLE, 0, 0); +#endif +#endif /* __linux__ */ + /* Tell the random module that we have seen an init call. */ _gcry_set_preferred_rng_type (0); On Sun, 25/05/2025 at 12.58 -0700, Collin Funk wrote: > Guido Trentalancia via Gcrypt-devel writes: > > > --- a/src/global.c 2024-04-26 14:08:12.000000000 +0200 > > +++ b/src/global.c 2025-05-25 16:03:24.718598884 +0200 > > @@ -33,6 +33,7 @@ > > #ifdef HAVE_SYSLOG > > # include > > #endif /*HAVE_SYSLOG*/ > > +#include > > This would cause a compilation error on many platforms since > sys/prctl.h > is Linux-specific. > > Collin From wk at gnupg.org Mon May 26 16:53:58 2025 From: wk at gnupg.org (Werner Koch) Date: Mon, 26 May 2025 16:53:58 +0200 Subject: [PATCH libgcrypt] Disable CPU speculation-related misfeatures In-Reply-To: <1748186756.27370.3.camel@trentalancia.com> (Guido Trentalancia via Gcrypt-devel's message of "Sun, 25 May 2025 17:25:56 +0200") References: <1748186756.27370.3.camel@trentalancia.com> Message-ID: <87iklnfmnt.fsf@jacob.g10code.de> On Sun, 25 May 2025 17:25, Guido Trentalancia said: > Disable CPU speculation-related misfeatures which are in > fact vulnerabilities causing data leaks: Please see my comments on gnupg-devel. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From guido at trentalancia.com Mon May 26 19:11:21 2025 From: guido at trentalancia.com (Guido Trentalancia) Date: Mon, 26 May 2025 19:11:21 +0200 Subject: [PATCH libgcrypt] Disable CPU speculation-related misfeatures In-Reply-To: <87iklnfmnt.fsf@jacob.g10code.de> References: <1748186756.27370.3.camel@trentalancia.com> <87iklnfmnt.fsf@jacob.g10code.de> Message-ID: <1748279481.6610.21.camel@trentalancia.com> The vulnerabilities being tackled by the patch proposed here are hardware vulnerabilities that exist in the CPU. They were introduced with branch-prediction and other speculative- execution CPU optimizations. Because, once exploited, they materialize in Information Disclosure (data leaks), cryptographic software is the most affected class of software, because cryptographic keys or encrypted data can be leaked. Unfortunately not all of such hardware vulnerabilities can be tackled by a CPU microcode update, some of them need to be tackled in software: this is what this patch aims to do (software-based mitigation of hardware vulnerabilities). An equivalent patch has been already proposed for the gnupg application and another one might be proposed for the gnutls library. In fact, only tackling libgcrypt is not enough, because cryptographic applications such as gnupg also handle the cryptographic keys (e.g. passphrases) and the sensitive data to be encrypted: these are then passed to the libgcrypt cryptographic functions for actual encryption and decryption. The "pros" of this patch are that it avoids the risk of leaking cryptographic keys or decrypted data on CPUs that are affected by those vulnerabilities. The "cons" of this patch are decreased execution speed: this is not normally noticeable to the user. I hope this helps. On Mon, 26/05/2025 at 16.53 +0200, Werner Koch wrote: > On Sun, 25 May 2025 17:25, Guido Trentalancia said: > > Disable CPU speculation-related misfeatures which are in > > fact vulnerabilities causing data leaks: > > Please see my comments on gnupg-devel. > > > Shalom-Salam, > > Werner > From falko.strenzke at mtg.de Tue May 27 07:24:37 2025 From: falko.strenzke at mtg.de (Falko Strenzke) Date: Tue, 27 May 2025 07:24:37 +0200 Subject: [PATCH libgcrypt] Disable CPU speculation-related misfeatures In-Reply-To: <1748279481.6610.21.camel@trentalancia.com> References: <1748186756.27370.3.camel@trentalancia.com> <87iklnfmnt.fsf@jacob.g10code.de> <1748279481.6610.21.camel@trentalancia.com> Message-ID: <5519fb43-ae22-4eea-a52d-e67b17c01173@mtg.de> Hi Guido, is it possible to provide references to publications for the problem that you aim to solve? Best regards, Falko Am 26.05.25 um 19:11 schrieb Guido Trentalancia via Gcrypt-devel: > The vulnerabilities being tackled by the patch proposed here are > hardware vulnerabilities that exist in the CPU. > > They were introduced with branch-prediction and other speculative- > execution CPU optimizations. > > Because, once exploited, they materialize in Information Disclosure > (data leaks), cryptographic software is the most affected class of > software, because cryptographic keys or encrypted data can be leaked. > > Unfortunately not all of such hardware vulnerabilities can be tackled > by a CPU microcode update, some of them need to be tackled in software: > this is what this patch aims to do (software-based mitigation of > hardware vulnerabilities). > > An equivalent patch has been already proposed for the gnupg application > and another one might be proposed for the gnutls library. > > In fact, only tackling libgcrypt is not enough, because cryptographic > applications such as gnupg also handle the cryptographic keys (e.g. > passphrases) and the sensitive data to be encrypted: these are then > passed to the libgcrypt cryptographic functions for actual encryption > and decryption. > > The "pros" of this patch are that it avoids the risk of leaking > cryptographic keys or decrypted data on CPUs that are affected by those > vulnerabilities. > > The "cons" of this patch are decreased execution speed: this is not > normally noticeable to the user. > > I hope this helps. > > On Mon, 26/05/2025 at 16.53 +0200, Werner Koch wrote: >> On Sun, 25 May 2025 17:25, Guido Trentalancia said: >>> Disable CPU speculation-related misfeatures which are in >>> fact vulnerabilities causing data leaks: >> Please see my comments on gnupg-devel. >> >> >> Shalom-Salam, >> >> Werner >> > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gcrypt-devel -- *MTG AG* Dr. Falko Strenzke Phone: +49 6151 8000 24 E-Mail: falko.strenzke at mtg.de Web: mtg.de ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: J?rgen Ruf (CEO), Tamer Kemer?z Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5050 bytes Desc: Kryptografische S/MIME-Signatur URL: From guido at trentalancia.com Tue May 27 15:46:10 2025 From: guido at trentalancia.com (Guido Trentalancia) Date: Tue, 27 May 2025 15:46:10 +0200 Subject: [PATCH libgcrypt] Disable CPU speculation-related misfeatures In-Reply-To: <5519fb43-ae22-4eea-a52d-e67b17c01173@mtg.de> References: <1748186756.27370.3.camel@trentalancia.com> <87iklnfmnt.fsf@jacob.g10code.de> <1748279481.6610.21.camel@trentalancia.com> <5519fb43-ae22-4eea-a52d-e67b17c01173@mtg.de> Message-ID: <1748353570.6156.24.camel@trentalancia.com> Here is a list of useful documentation and references... Informative material: https://en.wikipedia.org/wiki/Spectre_(security_v ulnerability) Official CVE classification of the vulnerabities:- Speculative Store Bypass (SSB), also known as "Spectre variant 4": CVE-2018-3639 and CVE- 2021-0089- Indirect Branch Speculation, also known as "Spectre variant 2": CVE-2017-5715- Flush L1D Cache (on context switch out of the task): CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Vendor classification of the vulnerabilities (Intel only):- Speculative Store Bypass (SSB) also known as "Spectre variant 4": INTEL-SA-00115 (h ttps://www.intel.com/content/www/us/en/security-center/advisory/intel- sa-00115.html) and INTEL-SA-00516 (https://www.intel.com/content/www/us /en/security-center/advisory/intel-sa-00516.html)- Indirect Branch Speculation also known as "Spectre variant 2": INTEL-SA-00088 (https:// www.intel.com/content/www/us/en/security-center/advisory/intel-sa- 00088.html and https://www.intel.com/content/www/us/en/developer/articl es/technical/software-security-guidance/advisory-guidance/branch- target-injection.html)- Flush L1D Cache (on context switch out of the task): INTEL-SA-00161 (https://www.intel.com/content/www/us/en/security -center/advisory/intel-sa-00161.html and https://www.intel.com/content/ www/us/en/developer/articles/technical/software-security- guidance/advisory-guidance/l1-terminal-fault.html) Table of affected processors (Intel only): https://www.intel.com/conten t/www/us/en/developer/topic-technology/software-security- guidance/processors-affected-consolidated-product-cpu-model.html Vendor classification of the vulnerabilities (AMD): search https://www. amd.com/en/resources/product-security.html Vendor classification of the vulnerabilities (ARM) with table of affected processors: https://developer.arm.com/documentation/110280/lat est/ Additional notes:- Flush L1D Cache should be disabled by default, although I cannot verify this for all CPU / microcode variants- booting with the kernel parameter "mitigation=auto" does not necessarily disable all the vulnerabilities !- in order to fully disable the above mentioned vulnerabilities at boot-time, the following kernel parameters should be used: spec_store_bypass_disable=on spectre_v2=on spectre_v2_user=on- the proposed patch does not fully disable the above mentioned vulnerabilities, instead it aims to disable them only for selected patched software (gnupg, libgcrypt and eventually gnutls): this allows to keep execution speed optimizations for software not dealing with security-sensitive data such as cryptographic software The above information is based on research that I carried out, I hope it helps, although the information provided is not meant to be exhaustive. You are invited to carry out independent additional research if needed... Regards, Guido On Tue, 27/05/2025 at 07.24 +0200, Falko Strenzke wrote: > Hi Guido, > is it possible to provide references to publications for the problem > that you aim to solve? > Best regards, > Falko > Am 26.05.25 um 19:11 schrieb Guido Trentalancia via Gcrypt-devel: > > The vulnerabilities being tackled by the patch proposed here are > > hardware vulnerabilities that exist in the CPU. > > > > They were introduced with branch-prediction and other speculative- > > execution CPU optimizations. > > > > Because, once exploited, they materialize in Information Disclosure > > (data leaks), cryptographic software is the most affected class of > > software, because cryptographic keys or encrypted data can be > > leaked. > > > > Unfortunately not all of such hardware vulnerabilities can be > > tackled > > by a CPU microcode update, some of them need to be tackled in > > software: > > this is what this patch aims to do (software-based mitigation of > > hardware vulnerabilities). > > > > An equivalent patch has been already proposed for the gnupg > > application > > and another one might be proposed for the gnutls library. > > > > In fact, only tackling libgcrypt is not enough, because > > cryptographic > > applications such as gnupg also handle the cryptographic keys (e.g. > > passphrases) and the sensitive data to be encrypted: these are then > > passed to the libgcrypt cryptographic functions for actual > > encryption > > and decryption. > > > > The "pros" of this patch are that it avoids the risk of leaking > > cryptographic keys or decrypted data on CPUs that are affected by > > those > > vulnerabilities. > > > > The "cons" of this patch are decreased execution speed: this is not > > normally noticeable to the user. > > > > I hope this helps. > > > > On Mon, 26/05/2025 at 16.53 +0200, Werner Koch wrote: > > > On Sun, 25 May 2025 17:25, Guido Trentalancia said: > > > > Disable CPU speculation-related misfeatures which are in > > > > fact vulnerabilities causing data leaks: > > > > > > Please see my comments on gnupg-devel. > > > > > > > > > Shalom-Salam, > > > > > > Werner > > > > > > > _______________________________________________ > > Gcrypt-devel mailing list > > Gcrypt-devel at gnupg.org > > https://lists.gnupg.org/mailman/listinfo/gcrypt-devel > > -- > MTG AG > Dr. Falko Strenzke > Phone: +49 6151 8000 24 > E-Mail: falko.strenzke at mtg.de > Web: mtg.de > MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany > Commercial register: HRB 8901 > Register Court: Amtsgericht Darmstadt > Management Board: J?rgen Ruf (CEO), Tamer Kemer?z > Chairman of the Supervisory Board: Dr. Thomas Milde > > This email may contain confidential and/or privileged information. If > you are not the correct recipient or have received this email in > error, > please inform the sender immediately and delete this > email.Unauthorised copying or distribution of this email is not > permitted. > > Data protection information: Privacy policy -------------- next part -------------- An HTML attachment was scrubbed... URL: