From gniibe at fsij.org  Wed Nov 19 02:48:28 2025
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Wed, 19 Nov 2025 10:48:28 +0900
Subject: [PATCH] mpi: Introduce mpi_tfr and use it for point_tfr.
Message-ID: <4e65996bb8707c890bff7aeb6e1ec44610b49257.1763514035.git.gniibe@fsij.org>


* mpi/ec.c (point_tfr): New.
(mpi_ec_mul_point_lli): Use point_tfr.
* mpi/mpiutil.c (_gcry_mpi_tfr): New.
* src/mpi.h (mpi_tfr): New.
(_gcry_mpi_tfr): New.

--

The intention is to decrese EM signal and to increse EM noise, wrt the
Hamming distance signal for memory write operation.

Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 mpi/ec.c      | 28 +++++++++++++++++++++++++--
 mpi/mpiutil.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/mpi.h     |  2 ++
 3 files changed, 81 insertions(+), 2 deletions(-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mpi-Introduce-mpi_tfr-and-use-it-for-point_tfr.patch
Type: text/x-patch
Size: 4734 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20251119/528006a7/attachment.bin>

From gniibe at fsij.org  Wed Nov 19 02:57:29 2025
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Wed, 19 Nov 2025 10:57:29 +0900
Subject: [PATCH] mpi: Introduce mpi_tfr and use it for point_tfr.
In-Reply-To: <4e65996bb8707c890bff7aeb6e1ec44610b49257.1763514035.git.gniibe@fsij.org>
References: <4e65996bb8707c890bff7aeb6e1ec44610b49257.1763514035.git.gniibe@fsij.org>
Message-ID: <877bvmainq.fsf@haruna.fsij.org>

NIIBE Yutaka <gniibe at fsij.org> wrote:
> The intention is to decrese EM signal and to increse EM noise, wrt the
> Hamming distance signal for memory write operation.

And here is backported patch for 1.11 branch.
-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mpi-Introduce-mpi_tfr-and-use-it-for-point_tfr.patch
Type: text/x-diff
Size: 5704 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20251119/df394002/attachment-0001.patch>

From gniibe at fsij.org  Thu Nov 20 02:59:44 2025
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Thu, 20 Nov 2025 10:59:44 +0900
Subject: From master cherry-pick/backport to 1.11 branch
Message-ID: <87o6oxa2gf.fsf@haruna.fsij.org>

Hello,

If no objections, for LIBGCRYPT-1.11-BRANCH,

I'd like to backport the master commit of:

    1003c941 * Add stack burning for PQC algorithms

Also I'd like to cherry-pick the commits of

the const-time thingy:

    11e8f4a8 * const-time: add 64-bit fast paths for const-time buffer functions
    4c253746 * mceliece6688128f: use const-time helper for memory comparison
    4012e9a0 * mceliece6688128f: harden mask generation against branch optimization
    4e963e91 * sntrup761: use const-time helpers for memory comparison and cond move
    bf7546c5 * sntrup761: harden mask generation against branch optimization
    052b03fb * kyber: harden mask generation against branch optimization
    96534d8c * mpih-pow: harden condition calculation against branch optimization
    ee5cb383 * cipher-xts: harden mask generation against branch optimization
    f6b7a40f * rijndael: harden mask generation against branch optimization

and fixes for:

    5bd93201 * mceliece6688128f: fix stack overflow crash on win64/wine
    a786e3b6 * mceliece6688128f: fix UBSAN runtime errors

and build clean up for portability:

    371e1f1f * Update autogen.sh also for test(1) -o adjustment.
    e9019e32 * Adjust scripts for test(1) operator -a removal
    ce034f72 * Update autogen.sh and gpg-error.m4 from upstream.

and a fix for a test program:

    9f26fa62 * t-kem: fix test loop iteration
-- 


From glin at suse.com  Thu Nov 20 03:54:54 2025
From: glin at suse.com (Gary Lin)
Date: Thu, 20 Nov 2025 10:54:54 +0800
Subject: DCO
Message-ID: <pvpcmdq6wxiss5w7lyjsqj4exv3q2texvo3jvpadrpdi7t6aza@6t767nlqz7z7>

Libgcrypt Developer's Certificate of Origin.  Version 1.0
=========================================================

By making a contribution to the Libgcrypt project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the free software license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the
    best of my knowledge, is covered under an appropriate free
    software license and I have the right under that license to
    submit that work with modifications, whether created in whole
    or in part by me, under the same free software license
    (unless I am permitted to submit under a different license),
    as indicated in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including
    all personal information I submit with it, including my
    sign-off) is maintained indefinitely and may be redistributed
    consistent with this project or the free software license(s)
    involved.

Signed-off-by: Gary Lin <glin at suse.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20251120/011c08c1/attachment.sig>

From glin at suse.com  Thu Nov 20 03:50:42 2025
From: glin at suse.com (Gary Lin)
Date: Thu, 20 Nov 2025 10:50:42 +0800
Subject: [PATCH] kdf: Avoid redundant memcpy()
In-Reply-To: <2f6dc952-8bfc-429e-9f9c-61a82b196f54@iki.fi>
References: <20250902071427.1781-1-glin@suse.com>
 <2f6dc952-8bfc-429e-9f9c-61a82b196f54@iki.fi>
Message-ID: <ncalkcqxubfx5tj664qjiioli3foixd56rhrnyn3txgjtdgnt7@caa3ikwosxcy>

On Thu, Sep 25, 2025 at 09:28:22AM +0300, Jussi Kivilinna wrote:
> Hello,
> 
> Thanks for the patch. Before this can be applied, we'd need "DCO" from you.
> 
> Please check doc/HACKING for "License policy" and about sending "Libgcrypt Developer's Certificate of Origin".
> 
Sorry for the delay. It took me a while to contact our legal team.
I'll sign the DCO later.

Gary Lin

> -Jussi
> 
> On 02/09/2025 10:14, Gary Lin via Gcrypt-devel wrote:
> > * cipher/kdf.c (fill_block): Xor 'ref_block' and 'prev_block' directly to
> >    avoid a redundant memcpy().
> > 
> > Signed-off-by: Gary Lin <glin at suse.com>
> > ---
> >   cipher/kdf.c | 9 +++++++--
> >   1 file changed, 7 insertions(+), 2 deletions(-)
> > 
> > diff --git a/cipher/kdf.c b/cipher/kdf.c
> > index 71156ea4..16cec4e4 100644
> > --- a/cipher/kdf.c
> > +++ b/cipher/kdf.c
> > @@ -588,9 +588,14 @@ fill_block (const u64 *prev_block, const u64 *ref_block, u64 *curr_block,
> >     u64 block_tmp[ARGON2_WORDS_IN_BLOCK];
> >     int i;
> > -  memcpy (block_r, ref_block, 1024);
> >     if (prev_block)
> > -    xor_block (block_r, prev_block);
> > +    {
> > +      for (i = 0; i < ARGON2_WORDS_IN_BLOCK; i++)
> > +        block_r[i] = ref_block[i] ^ prev_block[i];
> > +    }
> > +  else
> > +    memcpy (block_r, ref_block, 1024);
> > +
> >     memcpy (block_tmp, block_r, 1024);
> >     if (with_xor)
> 


From jussi.kivilinna at iki.fi  Thu Nov 20 19:07:53 2025
From: jussi.kivilinna at iki.fi (Jussi Kivilinna)
Date: Thu, 20 Nov 2025 20:07:53 +0200
Subject: [PATCH] kdf: Avoid redundant memcpy()
In-Reply-To: <ncalkcqxubfx5tj664qjiioli3foixd56rhrnyn3txgjtdgnt7@caa3ikwosxcy>
References: <20250902071427.1781-1-glin@suse.com>
 <2f6dc952-8bfc-429e-9f9c-61a82b196f54@iki.fi>
 <ncalkcqxubfx5tj664qjiioli3foixd56rhrnyn3txgjtdgnt7@caa3ikwosxcy>
Message-ID: <8236ab32-2e5a-4aef-b291-bab96b3e5be2@iki.fi>

Hello,

On 20/11/2025 04:50, Gary Lin via Gcrypt-devel wrote:
> On Thu, Sep 25, 2025 at 09:28:22AM +0300, Jussi Kivilinna wrote:
>> Hello,
>>
>> Thanks for the patch. Before this can be applied, we'd need "DCO" from you.
>>
>> Please check doc/HACKING for "License policy" and about sending "Libgcrypt Developer's Certificate of Origin".
>>
> Sorry for the delay. It took me a while to contact our legal team.
> I'll sign the DCO later.

Thanks. I've applied the patch to master.

-Jussi


From wk at gnupg.org  Fri Nov 21 16:15:07 2025
From: wk at gnupg.org (Werner Koch)
Date: Fri, 21 Nov 2025 16:15:07 +0100
Subject: From master cherry-pick/backport to 1.11 branch
In-Reply-To: <87o6oxa2gf.fsf@haruna.fsij.org> (NIIBE Yutaka via Gcrypt-devel's
 message of "Thu, 20 Nov 2025 10:59:44 +0900")
References: <87o6oxa2gf.fsf@haruna.fsij.org>
Message-ID: <87v7j3qux0.fsf@jacob.g10code.de>

On Thu, 20 Nov 2025 10:59, NIIBE Yutaka said:

> If no objections, for LIBGCRYPT-1.11-BRANCH,

From my POV, go ahead.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20251121/e19e586c/attachment.sig>

From gniibe at fsij.org  Tue Nov 25 05:32:35 2025
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 25 Nov 2025 13:32:35 +0900
Subject: [PATCH] cipher:kyber: Apply a change from upstream.
Message-ID: <bdc3724d721dfd65fdd8cad311855461f9a101c1.1764045140.git.gniibe@fsij.org>


* cipher/kyber-kdep.c (crypto_kem_dec): Fix the buffer size.

--

Manually apply upstream main commit in of:
	4768bd37c02f9c40a46cb49d4d1f4d5e612bb882

Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 cipher/kyber-kdep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-cipher-kyber-Apply-a-change-from-upstream.patch
Type: text/x-patch
Size: 469 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20251125/835d290d/attachment.bin>