From cvs at cvs.gnupg.org Mon Dec 2 19:09:15 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Dec 2013 19:09:15 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-411-gd4ce0cf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d4ce0cfe0d35d7ec69c115456848b5b735c928ea (commit) via 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2 (commit) via 485f35124b1a74af0bad321ed70be3a79d8d11d7 (commit) via ecb90f8e7c6f2516080d27ed7da6a25f2314da3c (commit) via 29eddc2558d4cf39995f66d5fccd62f584d5b203 (commit) from 3b1cc9e6c357574f54160298d731c18f3d717b6c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4ce0cfe0d35d7ec69c115456848b5b735c928ea Author: Werner Koch Date: Mon Dec 2 17:09:04 2013 +0100 ecc: Use constant time point operation for Twisted Edwards. * mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time operation if needed. * tests/benchmark.c (main): Add option --use-secmem. Signed-off-by: Werner Koch diff --git a/mpi/ec.c b/mpi/ec.c index 565644a..6fca95b 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1117,11 +1117,30 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_set_ui (result->y, 1); mpi_set_ui (result->z, 1); - for (j=nbits-1; j >= 0; j--) + if (mpi_is_secure (scalar)) { - _gcry_mpi_ec_dup_point (result, result, ctx); - if (mpi_test_bit (scalar, j) == 1) - _gcry_mpi_ec_add_points (result, result, point, ctx); + /* If SCALAR is in secure memory we assume that it is the + secret key we use constant time operation. */ + mpi_point_struct tmppnt; + + point_init (&tmppnt); + for (j=nbits-1; j >= 0; j--) + { + _gcry_mpi_ec_dup_point (result, result, ctx); + _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx); + if (mpi_test_bit (scalar, j)) + point_set (result, &tmppnt); + } + point_free (&tmppnt); + } + else + { + for (j=nbits-1; j >= 0; j--) + { + _gcry_mpi_ec_dup_point (result, result, ctx); + if (mpi_test_bit (scalar, j)) + _gcry_mpi_ec_add_points (result, result, point, ctx); + } } return; } diff --git a/tests/benchmark.c b/tests/benchmark.c index 8bb8584..3f44e33 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -1286,6 +1286,7 @@ main( int argc, char **argv ) int last_argc = -1; int no_blinding = 0; int use_random_daemon = 0; + int use_secmem = 0; int with_progress = 0; int debug = 0; int pk_count = 100; @@ -1331,6 +1332,11 @@ main( int argc, char **argv ) use_random_daemon = 1; argc--; argv++; } + else if (!strcmp (*argv, "--use-secmem")) + { + use_secmem = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--prefer-standard-rng")) { /* This is anyway the default, but we may want to use it for @@ -1449,7 +1455,7 @@ main( int argc, char **argv ) if (gcry_fips_mode_active ()) in_fips_mode = 1; - else + else if (!use_secmem) gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (use_random_daemon) commit 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2 Author: Werner Koch Date: Mon Dec 2 16:18:25 2013 +0100 ecc: Make gcry_pk_testkey work for Ed25519. * cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G and d. Change all callers. * cipher/ecc.c (gen_y_2): Remove. (check_secret_key): Use generic public key compute function. Adjust for use with Ed25519 and EdDSA. (nist_generate_key): Do not use the compliant key thingy for Ed25519. (ecc_check_secret_key): Make parameter parsing similar to the other functions. * cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so that _gcry_ecc_update_curve_param works correctly. * tests/keygen.c (check_ecc_keys): Add "param" flag. Check all Ed25519 keys. diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index 0cecdc3..74adaec 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -91,7 +91,8 @@ const char *_gcry_ecc_dialect2str (enum ecc_dialects dialect); gcry_mpi_t _gcry_ecc_ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p); gcry_error_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value); -mpi_point_t _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec); +mpi_point_t _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, + mpi_point_t G, gcry_mpi_t d); /*-- ecc.c --*/ diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index 5815e55..f7c1c6d 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -174,10 +174,10 @@ static const ecc_domain_parms_t domain_parms[] = "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" "ffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", - "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d" - "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", - "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6" - "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" + "0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d" + "3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + "0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e" + "662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" }, { "brainpoolP160r1", 160, 0, @@ -442,7 +442,7 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name, /* Give the name of the curve NAME, store the curve parameters into P, - A, B, G, and N if they pint to NULL value. Note that G is returned + A, B, G, and N if they point to NULL value. Note that G is returned in standard uncompressed format. Also update MODEL and DIALECT if they are not NULL. */ gpg_err_code_t @@ -1030,7 +1030,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy) { /* If only the private key is given, compute the public key. */ if (!ec->Q) - ec->Q = _gcry_ecc_compute_public (NULL, ec); + ec->Q = _gcry_ecc_compute_public (NULL, ec, NULL, NULL); if (!ec->Q) return NULL; @@ -1063,7 +1063,7 @@ _gcry_ecc_get_point (const char *name, mpi_ec_t ec) { /* If only the private key is given, compute the public key. */ if (!ec->Q) - ec->Q = _gcry_ecc_compute_public (NULL, ec); + ec->Q = _gcry_ecc_compute_public (NULL, ec, NULL, NULL); if (ec->Q) return point_copy (ec->Q); diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c index 0eb3391..1633d32 100644 --- a/cipher/ecc-misc.c +++ b/cipher/ecc-misc.c @@ -253,13 +253,20 @@ reverse_buffer (unsigned char *buffer, unsigned int length) /* Compute the public key from the the context EC. Obviously a requirement is that the secret key is available in EC. On success Q is returned; on error NULL. If Q is NULL a newly allocated point - is returned. */ + is returned. If G or D are given they override the values taken + from EC. */ mpi_point_t -_gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec) +_gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, + mpi_point_t G, gcry_mpi_t d) { int rc; - if (!ec->d || !ec->G || !ec->p || !ec->a) + if (!G) + G = ec->G; + if (!d) + d = ec->d; + + if (!d || !G || !ec->p || !ec->a) return NULL; if (ec->model == MPI_EC_TWISTEDEDWARDS && !ec->b) return NULL; @@ -280,7 +287,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec) return NULL; memset (hvec, 0, sizeof hvec); - rawmpi = _gcry_mpi_get_buffer (ec->d, 0, &rawmpilen, NULL); + rawmpi = _gcry_mpi_get_buffer (d, 0, &rawmpilen, NULL); if (!rawmpi) return NULL; memset (digest, 0, b); @@ -311,7 +318,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec) if (!Q) Q = gcry_mpi_point_new (0); if (Q) - _gcry_mpi_ec_mul_point (Q, a, ec->G, ec); + _gcry_mpi_ec_mul_point (Q, a, G, ec); mpi_free (a); } else @@ -319,7 +326,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec) if (!Q) Q = gcry_mpi_point_new (0); if (Q) - _gcry_mpi_ec_mul_point (Q, ec->d, ec->G, ec); + _gcry_mpi_ec_mul_point (Q, d, G, ec); } return Q; diff --git a/cipher/ecc.c b/cipher/ecc.c index 72ca726..bda2a86 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -84,8 +84,6 @@ static void *progress_cb_data; /* Local prototypes. */ static void test_keys (ECC_secret_key * sk, unsigned int nbits); -static int check_secret_key (ECC_secret_key * sk); -static gcry_mpi_t gen_y_2 (gcry_mpi_t x, elliptic_curve_t * base); static unsigned int ecc_get_nbits (gcry_sexp_t parms); @@ -109,32 +107,6 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, - -/* - * Solve the right side of the Weierstrass equation. - */ -static gcry_mpi_t -gen_y_2 (gcry_mpi_t x, elliptic_curve_t *base) -{ - gcry_mpi_t three, x_3, axb, y; - - three = mpi_alloc_set_ui (3); - x_3 = mpi_new (0); - axb = mpi_new (0); - y = mpi_new (0); - - mpi_powm (x_3, x, three, base->p); - mpi_mulm (axb, base->a, x, base->p); - mpi_addm (axb, axb, base->b, base->p); - mpi_addm (y, x_3, axb, base->p); - - mpi_free (x_3); - mpi_free (axb); - mpi_free (three); - return y; /* The quadratic value of the coordinate if it exist. */ -} - - /* Standard version of the key generation. */ static gpg_err_code_t nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, @@ -181,55 +153,62 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, * end up with the min(y,p-y) as the y coordinate. Such a public * key allows the most efficient compression: y can simply be * dropped because we know that it's a minimum of the two - * possibilities without any loss of security. */ - { - gcry_mpi_t x, y, negative; - const unsigned int pbits = mpi_get_nbits (E->p); + * possibilities without any loss of security. Note that we don't + * do that for Ed25519 so that we do not violate the special + * construction of the secret key. */ + if (E->dialect == ECC_DIALECT_ED25519) + point_set (&sk->Q, &Q); + else + { + gcry_mpi_t x, y, negative; + const unsigned int pbits = mpi_get_nbits (E->p); - x = mpi_new (pbits); - y = mpi_new (pbits); - negative = mpi_new (pbits); + x = mpi_new (pbits); + y = mpi_new (pbits); + negative = mpi_new (pbits); - if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); + if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - if (E->model == MPI_EC_WEIERSTRASS) - mpi_sub (negative, E->p, y); /* negative = p - y */ - else - mpi_sub (negative, E->p, x); /* negative = p - x */ + if (E->model == MPI_EC_WEIERSTRASS) + mpi_sub (negative, E->p, y); /* negative = p - y */ + else + mpi_sub (negative, E->p, x); /* negative = p - x */ - if (mpi_cmp (negative, y) < 0) /* p - y < p */ - { - /* We need to end up with -Q; this assures that new Q's y is - the smallest one */ - mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ - if (E->model == MPI_EC_WEIERSTRASS) - gcry_mpi_point_snatch_set (&sk->Q, x, negative, mpi_alloc_set_ui (1)); - else - gcry_mpi_point_snatch_set (&sk->Q, negative, y, mpi_alloc_set_ui (1)); - - if (DBG_CIPHER) - log_debug ("ecgen converted Q to a compliant point\n"); - } - else /* p - y >= p */ - { - /* No change is needed exactly 50% of the time: just copy. */ - point_set (&sk->Q, &Q); - if (DBG_CIPHER) - log_debug ("ecgen didn't need to convert Q to a compliant point\n"); - - mpi_free (negative); - if (E->model == MPI_EC_WEIERSTRASS) - mpi_free (x); - else - mpi_free (y); - } + if (mpi_cmp (negative, y) < 0) /* p - y < p */ + { + /* We need to end up with -Q; this assures that new Q's y is + the smallest one */ + mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ + if (E->model == MPI_EC_WEIERSTRASS) + gcry_mpi_point_snatch_set (&sk->Q, x, negative, + mpi_alloc_set_ui (1)); + else + gcry_mpi_point_snatch_set (&sk->Q, negative, y, + mpi_alloc_set_ui (1)); - if (E->model == MPI_EC_WEIERSTRASS) - mpi_free (y); - else - mpi_free (x); - } + if (DBG_CIPHER) + log_debug ("ecgen converted Q to a compliant point\n"); + } + else /* p - y >= p */ + { + /* No change is needed exactly 50% of the time: just copy. */ + point_set (&sk->Q, &Q); + if (DBG_CIPHER) + log_debug ("ecgen didn't need to convert Q to a compliant point\n"); + + mpi_free (negative); + if (E->model == MPI_EC_WEIERSTRASS) + mpi_free (x); + else + mpi_free (y); + } + + if (E->model == MPI_EC_WEIERSTRASS) + mpi_free (y); + else + mpi_free (x); + } point_free (&Q); /* Now we can test our keys (this should never fail!). */ @@ -295,30 +274,26 @@ test_keys (ECC_secret_key *sk, unsigned int nbits) * between the public value and the secret one. */ static int -check_secret_key (ECC_secret_key * sk) +check_secret_key (ECC_secret_key *sk, mpi_ec_t ec, int flags) { int rc = 1; mpi_point_struct Q; - gcry_mpi_t y_2, y2; - gcry_mpi_t x1, x2; - mpi_ec_t ctx = NULL; + gcry_mpi_t x1, y1; + gcry_mpi_t x2 = NULL; + gcry_mpi_t y2 = NULL; point_init (&Q); + x1 = mpi_new (0); + y1 = mpi_new (0); - /* ?primarity test of 'p' */ - /* (...) //!! */ /* G in E(F_p) */ - y_2 = gen_y_2 (sk->E.G.x, &sk->E); /* y^2=x^3+a*x+b */ - y2 = mpi_alloc (0); - x1 = mpi_alloc (0); - x2 = mpi_alloc (0); - mpi_mulm (y2, sk->E.G.y, sk->E.G.y, sk->E.p); /* y^2=y*y */ - if (mpi_cmp (y_2, y2)) + if (!_gcry_mpi_ec_curve_point (&sk->E.G, ec)) { if (DBG_CIPHER) log_debug ("Bad check: Point 'G' does not belong to curve 'E'!\n"); goto leave; } + /* G != PaI */ if (!mpi_cmp_ui (sk->E.G.z, 0)) { @@ -327,37 +302,46 @@ check_secret_key (ECC_secret_key * sk) goto leave; } - ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, 0, - sk->E.p, sk->E.a, sk->E.b); - - _gcry_mpi_ec_mul_point (&Q, sk->E.n, &sk->E.G, ctx); - if (mpi_cmp_ui (Q.z, 0)) + /* Check order of curve. */ + if (sk->E.dialect != ECC_DIALECT_ED25519) { - if (DBG_CIPHER) - log_debug ("check_secret_key: E is not a curve of order n\n"); - goto leave; + _gcry_mpi_ec_mul_point (&Q, sk->E.n, &sk->E.G, ec); + if (mpi_cmp_ui (Q.z, 0)) + { + if (DBG_CIPHER) + log_debug ("check_secret_key: E is not a curve of order n\n"); + goto leave; + } } - /* pubkey cannot be PaI */ + + /* Pubkey cannot be PaI */ if (!mpi_cmp_ui (sk->Q.z, 0)) { if (DBG_CIPHER) log_debug ("Bad check: Q can not be a Point at Infinity!\n"); goto leave; } - /* pubkey = [d]G over E */ - _gcry_mpi_ec_mul_point (&Q, sk->d, &sk->E.G, ctx); - if (_gcry_mpi_ec_get_affine (x1, y_2, &Q, ctx)) + /* pubkey = [d]G over E */ + if (!_gcry_ecc_compute_public (&Q, ec, &sk->E.G, sk->d)) + { + if (DBG_CIPHER) + log_debug ("Bad check: computation of dG failed\n"); + goto leave; + } + if (_gcry_mpi_ec_get_affine (x1, y1, &Q, ec)) { if (DBG_CIPHER) log_debug ("Bad check: Q can not be a Point at Infinity!\n"); goto leave; } - /* Fast path for loaded secret keys - Q is already in affine coordinates */ - if (!mpi_cmp_ui (sk->Q.z, 1)) + if ((flags & PUBKEY_FLAG_EDDSA)) + ; /* Fixme: EdDSA is special. */ + else if (!mpi_cmp_ui (sk->Q.z, 1)) { - if (mpi_cmp (x1, sk->Q.x) || mpi_cmp (y_2, sk->Q.y)) + /* Fast path if Q is already in affine coordinates. */ + if (mpi_cmp (x1, sk->Q.x) || mpi_cmp (y1, sk->Q.y)) { if (DBG_CIPHER) log_debug @@ -367,14 +351,16 @@ check_secret_key (ECC_secret_key * sk) } else { - if (_gcry_mpi_ec_get_affine (x2, y2, &sk->Q, ctx)) + x2 = mpi_new (0); + y2 = mpi_new (0); + if (_gcry_mpi_ec_get_affine (x2, y2, &sk->Q, ec)) { if (DBG_CIPHER) log_debug ("Bad check: Q can not be a Point at Infinity!\n"); goto leave; } - if (mpi_cmp (x1, x2) || mpi_cmp (y_2, y2)) + if (mpi_cmp (x1, x2) || mpi_cmp (y1, y2)) { if (DBG_CIPHER) log_debug @@ -385,11 +371,10 @@ check_secret_key (ECC_secret_key * sk) rc = 0; /* Okay. */ leave: - _gcry_mpi_ec_free (ctx); mpi_free (x2); mpi_free (x1); + mpi_free (y1); mpi_free (y2); - mpi_free (y_2); point_free (&Q); return rc; } @@ -601,28 +586,35 @@ ecc_check_secret_key (gcry_sexp_t keyparms) { gcry_err_code_t rc; gcry_sexp_t l1 = NULL; + int flags = 0; char *curvename = NULL; gcry_mpi_t mpi_g = NULL; gcry_mpi_t mpi_q = NULL; ECC_secret_key sk; + mpi_ec_t ec = NULL; memset (&sk, 0, sizeof sk); - /* - * Extract the key. - */ - rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d", - &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, - &mpi_q, &sk.d, NULL); - if (rc) - goto leave; - if (mpi_g) + /* Look for flags. */ + l1 = gcry_sexp_find_token (keyparms, "flags", 0); + if (l1) { - point_init (&sk.E.G); - rc = _gcry_ecc_os2ec (&sk.E.G, mpi_g); + rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); if (rc) goto leave; } + + /* Extract the parameters. */ + if ((flags & PUBKEY_FLAG_PARAM)) + rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d", + &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, + &mpi_q, &sk.d, NULL); + else + rc = _gcry_sexp_extract_param (keyparms, NULL, "/q?+d", + &mpi_q, &sk.d, NULL); + if (rc) + goto leave; + /* Add missing parameters using the optional curve parameter. */ gcry_sexp_release (l1); l1 = gcry_sexp_find_token (keyparms, "curve", 5); @@ -631,17 +623,32 @@ ecc_check_secret_key (gcry_sexp_t keyparms) curvename = gcry_sexp_nth_string (l1, 1); if (curvename) { - rc = _gcry_ecc_fill_in_curve (0, curvename, &sk.E, NULL); + rc = _gcry_ecc_update_curve_param (curvename, + &sk.E.model, &sk.E.dialect, + &sk.E.p, &sk.E.a, &sk.E.b, + &mpi_g, &sk.E.n); if (rc) return rc; } } + if (mpi_g) + { + point_init (&sk.E.G); + rc = _gcry_ecc_os2ec (&sk.E.G, mpi_g); + if (rc) + goto leave; + } + /* Guess required fields if a curve parameter has not been given. FIXME: This is a crude hacks. We need to fix that. */ if (!curvename) { - sk.E.model = MPI_EC_WEIERSTRASS; - sk.E.dialect = ECC_DIALECT_STANDARD; + sk.E.model = ((flags & PUBKEY_FLAG_EDDSA) + ? MPI_EC_TWISTEDEDWARDS + : MPI_EC_WEIERSTRASS); + sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA) + ? ECC_DIALECT_ED25519 + : ECC_DIALECT_STANDARD); } if (DBG_CIPHER) { @@ -665,24 +672,31 @@ ecc_check_secret_key (gcry_sexp_t keyparms) goto leave; } + ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, 0, + sk.E.p, sk.E.a, sk.E.b); + if (mpi_q) { point_init (&sk.Q); - rc = _gcry_ecc_os2ec (&sk.Q, mpi_q); + if (ec->dialect == ECC_DIALECT_ED25519) + rc = _gcry_ecc_eddsa_decodepoint (mpi_q, ec, &sk.Q, NULL, NULL); + else + rc = _gcry_ecc_os2ec (&sk.Q, mpi_q); if (rc) goto leave; } else { - /* The current test requires Q. */ + /* The secret key test requires Q. */ rc = GPG_ERR_NO_OBJ; goto leave; } - if (check_secret_key (&sk)) + if (check_secret_key (&sk, ec, flags)) rc = GPG_ERR_BAD_SECKEY; leave: + _gcry_mpi_ec_free (ec); gcry_mpi_release (sk.E.p); gcry_mpi_release (sk.E.a); gcry_mpi_release (sk.E.b); @@ -1623,7 +1637,7 @@ _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, mpi_ec_t ec) /* Compute the public point if it is missing. */ if (!ec->Q && ec->d) - ec->Q = _gcry_ecc_compute_public (NULL, ec); + ec->Q = _gcry_ecc_compute_public (NULL, ec, NULL, NULL); /* Encode G and Q. */ mpi_G = _gcry_mpi_ec_ec2os (ec->G, ec); diff --git a/tests/keygen.c b/tests/keygen.c index 48663d4..e8cf7c5 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -90,21 +90,21 @@ show (const char *format, ...) } -static void -show_note (const char *format, ...) -{ - va_list arg_ptr; - - if (!verbose && getenv ("srcdir")) - fputs (" ", stderr); /* To align above "PASS: ". */ - else - fprintf (stderr, "%s: ", PGM); - va_start (arg_ptr, format); - vfprintf (stderr, format, arg_ptr); - if (*format && format[strlen(format)-1] != '\n') - putc ('\n', stderr); - va_end (arg_ptr); -} +/* static void */ +/* show_note (const char *format, ...) */ +/* { */ +/* va_list arg_ptr; */ + +/* if (!verbose && getenv ("srcdir")) */ +/* fputs (" ", stderr); /\* To align above "PASS: ". *\/ */ +/* else */ +/* fprintf (stderr, "%s: ", PGM); */ +/* va_start (arg_ptr, format); */ +/* vfprintf (stderr, format, arg_ptr); */ +/* if (*format && format[strlen(format)-1] != '\n') */ +/* putc ('\n', stderr); */ +/* va_end (arg_ptr); */ +/* } */ static void @@ -376,11 +376,11 @@ check_ecc_keys (void) show ("creating ECC key using curve %s\n", curves[testno]); if (!strcmp (curves[testno], "Ed25519")) rc = gcry_sexp_build (&keyparm, NULL, - "(genkey(ecc(curve %s)(flags eddsa)))", + "(genkey(ecc(curve %s)(flags param eddsa)))", curves[testno]); else rc = gcry_sexp_build (&keyparm, NULL, - "(genkey(ecc(curve %s)(flags )))", + "(genkey(ecc(curve %s)(flags param)))", curves[testno]); if (rc) die ("error creating S-expression: %s\n", gpg_strerror (rc)); @@ -393,10 +393,7 @@ check_ecc_keys (void) if (verbose > 1) show_sexp ("ECC key:\n", key); - if (!strcmp (curves[testno], "Ed25519")) - show_note ("note: gcry_pk_testkey does not yet work for Ed25519\n"); - else - check_generated_ecc_key (key); + check_generated_ecc_key (key); gcry_sexp_release (key); } @@ -415,6 +412,8 @@ check_ecc_keys (void) if (verbose > 1) show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + if (verbose) show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n"); rc = gcry_sexp_build (&keyparm, NULL, @@ -431,6 +430,8 @@ check_ecc_keys (void) if (verbose > 1) show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + gcry_sexp_release (key); } commit 485f35124b1a74af0bad321ed70be3a79d8d11d7 Author: Werner Koch Date: Mon Dec 2 16:06:40 2013 +0100 ecc: Fix eddsa point decompression. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative case. Signed-off-by: Werner Koch diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 92c0713..29145f8 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -252,7 +252,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) /* Choose the desired square root according to parity */ if (mpi_test_bit (x, 0) != !!sign) - gcry_mpi_neg (x, x); + mpi_sub (x, ec->p, x); mpi_free (t); mpi_free (v3); @@ -267,7 +267,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) the usual curve context. If R_ENCPK is not NULL, the encoded PK is stored at that address; this is a new copy to be released by the caller. In contrast to the supplied PK, this is not an MPI and - thus guarnateed to be properly padded. R_ENCPKLEN received the + thus guarnateed to be properly padded. R_ENCPKLEN receives the length of that encoded key. */ gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result, commit ecb90f8e7c6f2516080d27ed7da6a25f2314da3c Author: Werner Koch Date: Fri Nov 29 17:14:33 2013 +0100 ecc: Fix gcry_mpi_ec_curve_point for Weierstrass. * mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation. (ec_pow3): New. (ec_p_init): Always copy B. -- The code path was obviously never tested. Signed-off-by: Werner Koch diff --git a/mpi/ec.c b/mpi/ec.c index 57396ce..565644a 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -288,6 +288,16 @@ ec_pow2 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx) } +/* Shortcut for + ec_powm (B, B, mpi_const (MPI_C_THREE), ctx); + for easier optimization. */ +static void +ec_pow3 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx) +{ + mpi_powm (w, b, mpi_const (MPI_C_THREE), ctx->p); +} + + static void ec_invm (gcry_mpi_t x, gcry_mpi_t a, mpi_ec_t ctx) { @@ -375,8 +385,7 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model, ctx->nbits = mpi_get_nbits (p); ctx->p = mpi_copy (p); ctx->a = mpi_copy (a); - if (b && model == MPI_EC_TWISTEDEDWARDS) - ctx->b = mpi_copy (b); + ctx->b = mpi_copy (b); ctx->t.p_barrett = use_barrett > 0? _gcry_mpi_barrett_init (ctx->p, 0):NULL; @@ -469,7 +478,7 @@ _gcry_mpi_ec_p_internal_new (enum gcry_mpi_ec_models model, /* This is a variant of _gcry_mpi_ec_p_internal_new which returns an - public contect and does some error checking on the supplied + public context and does some error checking on the supplied arguments. On success the new context is stored at R_CTX and 0 is returned; on error NULL is stored at R_CTX and an error code is returned. @@ -1221,21 +1230,20 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx) { case MPI_EC_WEIERSTRASS: { - gcry_mpi_t xx = mpi_new (0); + gcry_mpi_t xxx = mpi_new (0); - /* y^2 == x^3 + a?x^2 + b */ + /* y^2 == x^3 + a?x + b */ ec_pow2 (y, y, ctx); - ec_pow2 (xx, x, ctx); - ec_mulm (w, ctx->a, xx, ctx); + ec_pow3 (xxx, x, ctx); + ec_mulm (w, ctx->a, x, ctx); ec_addm (w, w, ctx->b, ctx); - ec_mulm (xx, xx, x, ctx); - ec_addm (w, w, xx, ctx); + ec_addm (w, w, xxx, ctx); if (!mpi_cmp (y, w)) res = 1; - gcry_mpi_release (xx); + gcry_mpi_release (xxx); } break; case MPI_EC_MONTGOMERY: commit 29eddc2558d4cf39995f66d5fccd62f584d5b203 Author: Werner Koch Date: Thu Nov 28 09:07:15 2013 +0100 mpi: Introduce 4 user flags for gcry_mpi_t. * src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2) (GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New. * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) (gcry_mpi_get_flag, _gcry_mpi_free): Implement them. (gcry_mpi_set_opaque): Keep user flags. -- The space for the flags in the MPI struct is free and thus we can help applications to make use of some flags. This is for example useful to indicate that an MPI needs special processing before use. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 00435e2..ec853c9 100644 --- a/NEWS +++ b/NEWS @@ -101,6 +101,10 @@ Noteworthy changes in version 1.6.0 (unreleased) gcry_mpi_ec_curve_point NEW. GCRYMPI_FLAG_IMMUTABLE NEW. GCRYMPI_FLAG_CONST NEW. + GCRYMPI_FLAG_USER1 NEW. + GCRYMPI_FLAG_USER2 NEW. + GCRYMPI_FLAG_USER3 NEW. + GCRYMPI_FLAG_USER4 NEW. GCRYMPI_CONST_ONE NEW. GCRYMPI_CONST_TWO NEW. GCRYMPI_CONST_THREE NEW. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 4870a1c..91168a8 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4822,6 +4822,11 @@ commonly used constants are pre-defined and accessible using the macros @code{GCRYMPI_CONST_ONE}, @code{GCRYMPI_CONST_TWO}, @code{GCRYMPI_CONST_THREE}, @code{GCRYMPI_CONST_FOUR}, and @code{GCRYMPI_CONST_EIGHT}. + at item GCRYMPI_FLAG_USER1 + at itemx GCRYMPI_FLAG_USER2 + at itemx GCRYMPI_FLAG_USER3 + at itemx GCRYMPI_FLAG_USER4 +These flags are reserved for use by the application. @end table @deftypefun void gcry_mpi_set_flag (@w{gcry_mpi_t @var{a}}, @ diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index a82a8e7..c4259ac 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -220,7 +220,11 @@ _gcry_mpi_free( gcry_mpi_t a ) } /* Check that the flags makes sense. We better allow for bit 1 (value 2) for backward ABI compatibility. */ - if ((a->flags & ~(1|2|4|16))) + if ((a->flags & ~(1|2|4|16 + |GCRYMPI_FLAG_USER1 + |GCRYMPI_FLAG_USER2 + |GCRYMPI_FLAG_USER3 + |GCRYMPI_FLAG_USER4))) log_bug("invalid flag value in mpi_free\n"); gcry_free(a); } @@ -275,7 +279,8 @@ gcry_mpi_set_opaque( gcry_mpi_t a, void *p, unsigned int nbits ) a->alloced = 0; a->nlimbs = 0; a->sign = nbits; - a->flags = 4; + a->flags = 4 | (a->flags & (GCRYMPI_FLAG_USER1|GCRYMPI_FLAG_USER2 + |GCRYMPI_FLAG_USER3|GCRYMPI_FLAG_USER4)); if (gcry_is_secure (a->d)) a->flags |= 1; return a; @@ -603,6 +608,12 @@ gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) case GCRYMPI_FLAG_SECURE: mpi_set_secure(a); break; case GCRYMPI_FLAG_CONST: a->flags |= (16|32); break; case GCRYMPI_FLAG_IMMUTABLE: a->flags |= 16; break; + + case GCRYMPI_FLAG_USER1: + case GCRYMPI_FLAG_USER2: + case GCRYMPI_FLAG_USER3: + case GCRYMPI_FLAG_USER4: a->flags |= flag; break; + case GCRYMPI_FLAG_OPAQUE: default: log_bug("invalid flag value\n"); } @@ -619,6 +630,14 @@ gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) if (!(a->flags & 32)) a->flags &= ~16; break; + + case GCRYMPI_FLAG_USER1: + case GCRYMPI_FLAG_USER2: + case GCRYMPI_FLAG_USER3: + case GCRYMPI_FLAG_USER4: + a->flags &= ~flag; + break; + case GCRYMPI_FLAG_CONST: case GCRYMPI_FLAG_SECURE: case GCRYMPI_FLAG_OPAQUE: @@ -635,6 +654,10 @@ gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) case GCRYMPI_FLAG_OPAQUE: return !!(a->flags & 4); case GCRYMPI_FLAG_IMMUTABLE: return !!(a->flags & 16); case GCRYMPI_FLAG_CONST: return !!(a->flags & 32); + case GCRYMPI_FLAG_USER1: + case GCRYMPI_FLAG_USER2: + case GCRYMPI_FLAG_USER3: + case GCRYMPI_FLAG_USER4: return !!(a->flags & flag); default: log_bug("invalid flag value\n"); } /*NOTREACHED*/ diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 625fa9f..53133bf 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -501,7 +501,11 @@ enum gcry_mpi_flag a way to store some bytes. This is useful for encrypted big integers. */ GCRYMPI_FLAG_IMMUTABLE = 4, /* Mark the MPI as immutable. */ - GCRYMPI_FLAG_CONST = 8 /* Mark the MPI as a constant. */ + GCRYMPI_FLAG_CONST = 8, /* Mark the MPI as a constant. */ + GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1. */ + GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2. */ + GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3. */ + GCRYMPI_FLAG_USER4 = 0x0800,/* User flag 4. */ }; ----------------------------------------------------------------------- Summary of changes: NEWS | 4 + cipher/ecc-common.h | 3 +- cipher/ecc-curves.c | 14 +-- cipher/ecc-eddsa.c | 4 +- cipher/ecc-misc.c | 19 ++-- cipher/ecc.c | 256 +++++++++++++++++++++++++++------------------------ doc/gcrypt.texi | 5 + mpi/ec.c | 55 ++++++++--- mpi/mpiutil.c | 27 +++++- src/gcrypt.h.in | 6 +- tests/benchmark.c | 8 +- tests/keygen.c | 43 ++++----- 12 files changed, 268 insertions(+), 176 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 3 13:17:04 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 03 Dec 2013 13:17:04 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-413-g59b1a1b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 59b1a1b7ee2923e1bf091071ae716d180c6c6006 (commit) via 80896bc8f5e6ed9a627374e34f040ad5f3617584 (commit) from d4ce0cfe0d35d7ec69c115456848b5b735c928ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 59b1a1b7ee2923e1bf091071ae716d180c6c6006 Author: Jussi Kivilinna Date: Tue Dec 3 14:03:09 2013 +0200 rijndael: fix compiler warning on aarch64 * cipher/rijndael.c (do_setkey): Use braces for empty if statement instead of semicolon. -- Patch fixes following warning: rijndael.c: In function 'do_setkey': rijndael.c:507:9: warning: suggest braces around empty body in an 'if' statement [-Wempty-body] ; ^ Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 257a162..8019f0a 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -504,7 +504,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) KC = 4; if (0) - ; + { + ; + } #ifdef USE_PADLOCK else if (hwfeatures & HWF_PADLOCK_AES) { @@ -559,7 +561,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) /* NB: We don't yet support Padlock hardware key generation. */ if (0) - ; + { + ; + } #ifdef USE_AESNI else if (ctx->use_aesni) aesni_do_setkey(ctx, key); commit 80896bc8f5e6ed9a627374e34f040ad5f3617584 Author: Jussi Kivilinna Date: Tue Dec 3 13:57:02 2013 +0200 Add aarch64 (arm64) mpi assembly * mpi/aarch64/mpi-asm-defs.h: New. * mpi/aarch64/mpih-add1.S: New. * mpi/aarch64/mpih-mul1.S: New. * mpi/aarch64/mpih-mul2.S: New. * mpi/aarch64/mpih-mul3.S: New. * mpi/aarch64/mpih-sub1.S: New. * mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64 assembly. * mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm) (count_leading_zeros): New. -- Add preliminary aarch64 assembly implementations for mpi. Signed-off-by: Jussi Kivilinna diff --git a/mpi/aarch64/mpi-asm-defs.h b/mpi/aarch64/mpi-asm-defs.h new file mode 100644 index 0000000..6519065 --- /dev/null +++ b/mpi/aarch64/mpi-asm-defs.h @@ -0,0 +1,4 @@ +/* This file defines some basic constants for the MPI machinery. We + * need to define the types on a per-CPU basis, so it is done with + * this file here. */ +#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG_LONG) diff --git a/mpi/aarch64/mpih-add1.S b/mpi/aarch64/mpih-add1.S new file mode 100644 index 0000000..9f7e2e6 --- /dev/null +++ b/mpi/aarch64/mpih-add1.S @@ -0,0 +1,71 @@ +/* ARM64 add_n -- Add two limb vectors of the same length > 0 and store + * sum in a third limb vector. + * + * Copyright ? 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_add_n( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_ptr_t s2_ptr, x2 + * mpi_size_t size) x3 + */ + +.text + +.globl _gcry_mpih_add_n +.type _gcry_mpih_add_n,%function +_gcry_mpih_add_n: + and x5, x3, #3; + adds xzr, xzr, xzr; /* clear carry flag */ + + cbz x5, .Large_loop; + +.Loop: + ldr x4, [x1], #8; + sub x3, x3, #1; + ldr x11, [x2], #8; + and x5, x3, #3; + adcs x4, x4, x11; + str x4, [x0], #8; + cbz x3, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x4, x6, [x1], #16; + ldp x5, x7, [x2], #16; + ldp x8, x10, [x1], #16; + ldp x9, x11, [x2], #16; + sub x3, x3, #4; + adcs x4, x4, x5; + adcs x6, x6, x7; + adcs x8, x8, x9; + adcs x10, x10, x11; + stp x4, x6, [x0], #16; + stp x8, x10, [x0], #16; + cbnz x3, .Large_loop; + +.Lend: + adc x0, xzr, xzr; + ret; +.size _gcry_mpih_add_n,.-_gcry_mpih_add_n; diff --git a/mpi/aarch64/mpih-mul1.S b/mpi/aarch64/mpih-mul1.S new file mode 100644 index 0000000..cbb333f --- /dev/null +++ b/mpi/aarch64/mpih-mul1.S @@ -0,0 +1,96 @@ +/* ARM64 mul_1 -- Multiply a limb vector with a limb and store the result in + * a second limb vector. + * + * Copyright ? 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_mul_1( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_size_t s1_size, x2 + * mpi_limb_t s2_limb) x3 + */ + +.text + +.globl _gcry_mpih_mul_1 +.type _gcry_mpih_mul_1,%function +_gcry_mpih_mul_1: + and x5, x2, #3; + mov x4, xzr; + + cbz x5, .Large_loop; + +.Loop: + ldr x5, [x1], #8; + sub x2, x2, #1; + mul x9, x5, x3; + umulh x10, x5, x3; + and x5, x2, #3; + adds x4, x4, x9; + str x4, [x0], #8; + adc x4, x10, xzr; + + cbz x2, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x5, x6, [x1]; + sub x2, x2, #4; + + mul x9, x5, x3; + ldp x7, x8, [x1, #16]; + umulh x10, x5, x3; + add x1, x1, #32; + + adds x4, x4, x9; + str x4, [x0], #8; + mul x11, x6, x3; + adc x4, x10, xzr; + + umulh x12, x6, x3; + + adds x4, x4, x11; + str x4, [x0], #8; + mul x13, x7, x3; + adc x4, x12, xzr; + + umulh x14, x7, x3; + + adds x4, x4, x13; + str x4, [x0], #8; + mul x15, x8, x3; + adc x4, x14, xzr; + + umulh x16, x8, x3; + + adds x4, x4, x15; + str x4, [x0], #8; + adc x4, x16, xzr; + + cbnz x2, .Large_loop; + +.Lend: + mov x0, x4; + ret; +.size _gcry_mpih_mul_1,.-_gcry_mpih_mul_1; diff --git a/mpi/aarch64/mpih-mul2.S b/mpi/aarch64/mpih-mul2.S new file mode 100644 index 0000000..bfb3571 --- /dev/null +++ b/mpi/aarch64/mpih-mul2.S @@ -0,0 +1,108 @@ +/* ARM64 mul_2 -- Multiply a limb vector with a limb and add the result to + * a second limb vector. + * + * Copyright ? 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_size_t s1_size, x2 + * mpi_limb_t s2_limb) x3 + */ + +.text + +.globl _gcry_mpih_addmul_1 +.type _gcry_mpih_addmul_1,%function +_gcry_mpih_addmul_1: + and x5, x2, #3; + mov x6, xzr; + mov x7, xzr; + + cbz x5, .Large_loop; + +.Loop: + ldr x5, [x1], #8; + + mul x12, x5, x3; + ldr x4, [x0]; + umulh x13, x5, x3; + sub x2, x2, #1; + + adds x12, x12, x4; + and x5, x2, #3; + adc x13, x13, x7; + adds x12, x12, x6; + str x12, [x0], #8; + adc x6, x7, x13; + + cbz x2, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x5, x9, [x1], #16; + sub x2, x2, #4; + ldp x4, x8, [x0]; + + mul x12, x5, x3; + umulh x13, x5, x3; + + adds x12, x12, x4; + mul x14, x9, x3; + adc x13, x13, x7; + adds x12, x12, x6; + umulh x15, x9, x3; + str x12, [x0], #8; + adc x6, x7, x13; + + adds x14, x14, x8; + ldp x5, x9, [x1], #16; + adc x15, x15, x7; + adds x14, x14, x6; + mul x12, x5, x3; + str x14, [x0], #8; + ldp x4, x8, [x0]; + umulh x13, x5, x3; + adc x6, x7, x15; + + adds x12, x12, x4; + mul x14, x9, x3; + adc x13, x13, x7; + adds x12, x12, x6; + umulh x15, x9, x3; + str x12, [x0], #8; + adc x6, x7, x13; + + adds x14, x14, x8; + adc x15, x15, x7; + adds x14, x14, x6; + str x14, [x0], #8; + adc x6, x7, x15; + + cbnz x2, .Large_loop; + +.Lend: + mov x0, x6; + ret; +.size _gcry_mpih_addmul_1,.-_gcry_mpih_addmul_1; diff --git a/mpi/aarch64/mpih-mul3.S b/mpi/aarch64/mpih-mul3.S new file mode 100644 index 0000000..6f12b7b --- /dev/null +++ b/mpi/aarch64/mpih-mul3.S @@ -0,0 +1,121 @@ +/* ARM mul_3 -- Multiply a limb vector with a limb and subtract the result + * from a second limb vector. + * + * Copyright ? 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_submul_1( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_size_t s1_size, x2 + * mpi_limb_t s2_limb) x3 + */ + +.text + +.globl _gcry_mpih_submul_1 +.type _gcry_mpih_submul_1,%function +_gcry_mpih_submul_1: + and x5, x2, #3; + mov x7, xzr; + cbz x5, .Large_loop; + + subs xzr, xzr, xzr; + +.Loop: + ldr x4, [x1], #8; + cinc x7, x7, cc; + ldr x5, [x0]; + sub x2, x2, #1; + + mul x6, x4, x3; + subs x5, x5, x7; + umulh x4, x4, x3; + and x10, x2, #3; + + cset x7, cc; + subs x5, x5, x6; + add x7, x7, x4; + str x5, [x0], #8; + + cbz x2, .Loop_end; + cbnz x10, .Loop; + + cinc x7, x7, cc; + +.Large_loop: + ldp x4, x8, [x1], #16; + sub x2, x2, #4; + ldp x5, x9, [x0]; + + mul x6, x4, x3; + subs x5, x5, x7; + umulh x4, x4, x3; + + cset x7, cc; + subs x5, x5, x6; + mul x6, x8, x3; + add x7, x7, x4; + str x5, [x0], #8; + cinc x7, x7, cc; + + umulh x8, x8, x3; + + subs x9, x9, x7; + cset x7, cc; + subs x9, x9, x6; + ldp x4, x10, [x1], #16; + str x9, [x0], #8; + add x7, x7, x8; + ldp x5, x9, [x0]; + cinc x7, x7, cc; + + mul x6, x4, x3; + subs x5, x5, x7; + umulh x4, x4, x3; + + cset x7, cc; + subs x5, x5, x6; + mul x6, x10, x3; + add x7, x7, x4; + str x5, [x0], #8; + cinc x7, x7, cc; + + umulh x10, x10, x3; + + subs x9, x9, x7; + cset x7, cc; + subs x9, x9, x6; + add x7, x7, x10; + str x9, [x0], #8; + cinc x7, x7, cc; + + cbnz x2, .Large_loop; + + mov x0, x7; + ret; + +.Loop_end: + cinc x0, x7, cc; + ret; +.size _gcry_mpih_submul_1,.-_gcry_mpih_submul_1; diff --git a/mpi/aarch64/mpih-sub1.S b/mpi/aarch64/mpih-sub1.S new file mode 100644 index 0000000..f18b1cd --- /dev/null +++ b/mpi/aarch64/mpih-sub1.S @@ -0,0 +1,71 @@ +/* ARM64 sub_n -- Subtract two limb vectors of the same length > 0 and store + * sum in a third limb vector. + * + * Copyright ? 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_sub_n( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_ptr_t s2_ptr, x2 + * mpi_size_t size) x3 + */ + +.text + +.globl _gcry_mpih_sub_n +.type _gcry_mpih_sub_n,%function +_gcry_mpih_sub_n: + and x5, x3, #3; + subs xzr, xzr, xzr; /* prepare carry flag for sub */ + + cbz x5, .Large_loop; + +.Loop: + ldr x4, [x1], #8; + sub x3, x3, #1; + ldr x11, [x2], #8; + and x5, x3, #3; + sbcs x4, x4, x11; + str x4, [x0], #8; + cbz x3, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x4, x6, [x1], #16; + ldp x5, x7, [x2], #16; + ldp x8, x10, [x1], #16; + ldp x9, x11, [x2], #16; + sub x3, x3, #4; + sbcs x4, x4, x5; + sbcs x6, x6, x7; + sbcs x8, x8, x9; + sbcs x10, x10, x11; + stp x4, x6, [x0], #16; + stp x8, x10, [x0], #16; + cbnz x3, .Large_loop; + +.Lend: + cset x0, cc; + ret; +.size _gcry_mpih_sub_n,.-_gcry_mpih_sub_n; diff --git a/mpi/config.links b/mpi/config.links index 90d1077..a79b03b 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -136,6 +136,11 @@ case "${host}" in mpi_extra_modules="udiv-qrnnd" mpi_cpu_arch="alpha" ;; + aarch64-*-*) + echo '/* configured for aarch64 */' >>./mpi/asm-syntax.h + path="aarch64" + mpi_cpu_arch="aarch64" + ;; arm*-*-*) if test "$gcry_cv_gcc_arm_platform_as_ok" = "yes" ; then echo '/* configured for arm */' >>./mpi/asm-syntax.h diff --git a/mpi/longlong.h b/mpi/longlong.h index 146830b..8dd8fe8 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -268,6 +268,44 @@ extern UDItype __udiv_qrnnd (); #endif /* __arm__ */ /*************************************** + ********** ARM64 / Aarch64 ********** + ***************************************/ +#if defined(__aarch64__) && W_TYPE_SIZE == 64 +#define add_ssaaaa(sh, sl, ah, al, bh, bl) \ + __asm__ ("adds %1, %4, %5\n" \ + "adc %0, %2, %3\n" \ + : "=r" ((sh)), \ + "=&r" ((sl)) \ + : "r" ((UDItype)(ah)), \ + "r" ((UDItype)(bh)), \ + "r" ((UDItype)(al)), \ + "r" ((UDItype)(bl)) __CLOBBER_CC) +#define sub_ddmmss(sh, sl, ah, al, bh, bl) \ + __asm__ ("subs %1, %4, %5\n" \ + "sbc %0, %2, %3\n" \ + : "=r" ((sh)), \ + "=&r" ((sl)) \ + : "r" ((UDItype)(ah)), \ + "r" ((UDItype)(bh)), \ + "r" ((UDItype)(al)), \ + "r" ((UDItype)(bl)) __CLOBBER_CC) +#define umul_ppmm(ph, pl, m0, m1) \ + do { \ + UDItype __m0 = (m0), __m1 = (m1), __ph; \ + (pl) = __m0 * __m1; \ + __asm__ ("umulh %0,%1,%2" \ + : "=r" (__ph) \ + : "r" (__m0), \ + "r" (__m1)); \ + (ph) = __ph; \ + } while (0) +#define count_leading_zeros(count, x) \ + __asm__ ("clz %0, %1\n" \ + : "=r" ((count)) \ + : "r" ((UDItype)(x))) +#endif /* __aarch64__ */ + +/*************************************** ************** CLIPPER ************** ***************************************/ #if defined (__clipper__) && W_TYPE_SIZE == 32 ----------------------------------------------------------------------- Summary of changes: cipher/rijndael.c | 8 ++- mpi/{amd64 => aarch64}/mpi-asm-defs.h | 0 mpi/{arm => aarch64}/mpih-add1.S | 67 +++++++++--------- mpi/{arm => aarch64}/mpih-mul1.S | 96 +++++++++++++++----------- mpi/aarch64/mpih-mul2.S | 108 +++++++++++++++++++++++++++++ mpi/aarch64/mpih-mul3.S | 121 +++++++++++++++++++++++++++++++++ mpi/{arm => aarch64}/mpih-sub1.S | 68 +++++++++--------- mpi/config.links | 5 ++ mpi/longlong.h | 38 +++++++++++ 9 files changed, 396 insertions(+), 115 deletions(-) copy mpi/{amd64 => aarch64}/mpi-asm-defs.h (100%) copy mpi/{arm => aarch64}/mpih-add1.S (53%) copy mpi/{arm => aarch64}/mpih-mul1.S (50%) create mode 100644 mpi/aarch64/mpih-mul2.S create mode 100644 mpi/aarch64/mpih-mul3.S copy mpi/{arm => aarch64}/mpih-sub1.S (52%) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 3 13:51:10 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Dec 2013 13:51:10 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-414-g2ff86db Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51 (commit) from 59b1a1b7ee2923e1bf091071ae716d180c6c6006 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Add build support for ppc64le. * config.guess, config.sub: Update to latest version (2013-11-29). * m4/libtool.m4: Add patches for ppc64le. -- We don't want to update libtool, thus we use patches supplied by IBM. Signed-off-by: Werner Koch diff --git a/config.guess b/config.guess index ad5f74a..9afd676 100755 --- a/config.guess +++ b/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-07-31' +timestamp='2013-11-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,19 +20,17 @@ timestamp='2012-07-31' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches with a ChangeLog entry to config-patches at gnu.org. + me=`echo "$0" | sed -e 's,.*/,,'` @@ -54,9 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -306,7 +321,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -859,21 +874,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -886,59 +901,54 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -957,54 +967,63 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; + or1k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1208,6 +1227,9 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1234,19 +1256,31 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) diff --git a/config.sub b/config.sub index b15df57..61cb4bc 100755 --- a/config.sub +++ b/config.sub @@ -1,24 +1,18 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-07-31' +timestamp='2013-10-01' -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -26,11 +20,12 @@ timestamp='2012-07-31' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches with a ChangeLog entry to config-patches at gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -73,9 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +116,7 @@ esac maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) @@ -156,7 +149,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -259,10 +252,12 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ @@ -270,10 +265,11 @@ case $basic_machine in | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -291,16 +287,17 @@ case $basic_machine in | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 \ - | or32 \ + | or1k | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -328,7 +325,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -370,13 +367,13 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -385,11 +382,13 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -407,12 +406,13 @@ case $basic_machine in | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ @@ -788,7 +788,7 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; mingw64) @@ -796,7 +796,7 @@ case $basic_machine in os=-mingw64 ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -832,7 +832,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1023,7 +1023,11 @@ case $basic_machine in basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1350,7 +1354,7 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1364,7 +1368,7 @@ case $os in | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1496,9 +1500,6 @@ case $os in -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1547,6 +1548,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; hexagon-*) os=-elf ;; @@ -1590,6 +1594,9 @@ case $basic_machine in mips*-*) os=-elf ;; + or1k-*) + os=-elf + ;; or32-*) os=-coff ;; diff --git a/m4/libtool.m4 b/m4/libtool.m4 index ff871a0..f0a2752 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -1326,7 +1326,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1345,7 +1348,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) ----------------------------------------------------------------------- Summary of changes: config.guess | 182 ++++++++++++++++++++++++++++++++++----------------------- config.sub | 93 +++++++++++++++-------------- m4/libtool.m4 | 10 +++- 3 files changed, 166 insertions(+), 119 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 3 14:01:12 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Dec 2013 14:01:12 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.1.1-2-g46b6d97 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 46b6d97b4a396c16df53e82872c3cc772d427623 (commit) from fd255da47cdecb90d58bc93995dd4af6b434dbeb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 46b6d97b4a396c16df53e82872c3cc772d427623 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Add build support for ppc64le. * config.guess, config.sub: Update to latest version (2013-11-29). * m4/libtool.m4: Add patches for ppc64le. -- We don't want to update libtool, thus we use patches supplied by IBM. diff --git a/config.guess b/config.guess index f475ceb..9afd676 100755 --- a/config.guess +++ b/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2013-02-12' +timestamp='2013-11-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -132,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -853,21 +874,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -880,59 +901,54 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -951,57 +967,63 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1234,19 +1256,31 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) diff --git a/config.sub b/config.sub index 872199a..61cb4bc 100755 --- a/config.sub +++ b/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2013-02-12' +timestamp='2013-10-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -252,12 +252,12 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc \ + | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ @@ -265,6 +265,7 @@ case $basic_machine in | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ @@ -324,7 +325,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -366,13 +367,13 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -381,6 +382,7 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ @@ -794,7 +796,7 @@ case $basic_machine in os=-mingw64 ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -830,7 +832,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1546,6 +1548,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; hexagon-*) os=-elf ;; diff --git a/m4/libtool.m4 b/m4/libtool.m4 index 54cc1f9..bd71daa 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -1282,7 +1282,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1301,7 +1304,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) ----------------------------------------------------------------------- Summary of changes: config.guess | 150 +++++++++++++++++++++++++++++++++++---------------------- config.sub | 21 +++++--- m4/libtool.m4 | 10 +++- 3 files changed, 113 insertions(+), 68 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 4 04:02:01 2013 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 04 Dec 2013 04:02:01 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-415-gc56080c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c56080c26186d25dec05f01831494c77d8d07e13 (commit) from 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c56080c26186d25dec05f01831494c77d8d07e13 Author: NIIBE Yutaka Date: Wed Dec 4 10:03:57 2013 +0900 mpi: fix gcry_mpi_powm for negative base. * mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]: Fix for the case where BASE is negative. * tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19. Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 469c382..4bf0233 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -177,7 +177,7 @@ gcry_mpi_powm (gcry_mpi_t res, } MPN_COPY ( rp, bp, bsize ); rsize = bsize; - rsign = bsign; + rsign = 0; /* Main processing. */ { @@ -192,7 +192,7 @@ gcry_mpi_powm (gcry_mpi_t res, xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); memset( &karactx, 0, sizeof karactx ); - negative_result = (ep[0] & 1) && base->sign; + negative_result = (ep[0] & 1) && bsign; i = esize - 1; e = ep[i]; diff --git a/tests/mpitests.c b/tests/mpitests.c index 1c4edb6..9d1206e 100644 --- a/tests/mpitests.c +++ b/tests/mpitests.c @@ -520,6 +520,25 @@ test_powm (void) if (gcry_mpi_cmp (res, base)) die ("test_powm failed at %d\n", __LINE__); + /* Check for a case: base is negative and expo is even. */ + gcry_mpi_set_ui (base, b_int); + gcry_mpi_neg (base, base); + gcry_mpi_set_ui (exp, e_int * 2); + gcry_mpi_set_ui(mod, m_int); + gcry_mpi_powm (res, base, exp, mod); + /* Result should be positive and it's 7 = (-17)^6 mod 19. */ + if (gcry_mpi_is_neg (res) || gcry_mpi_cmp_ui (res, 7)) + { + if (verbose) + { + fprintf (stderr, "is_neg: %d\n", gcry_mpi_is_neg (res)); + fprintf (stderr, "mpi: "); + gcry_mpi_dump (res); + putc ('\n', stderr); + } + die ("test_powm failed for negative base at %d\n", __LINE__); + } + gcry_mpi_release (base); gcry_mpi_release (exp); gcry_mpi_release (mod); ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 4 ++-- tests/mpitests.c | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 4 17:23:07 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 04 Dec 2013 17:23:07 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-416-g85bb0a9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 85bb0a98ea5add0296cbcc415d557eaa1f6bd294 (commit) from c56080c26186d25dec05f01831494c77d8d07e13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 85bb0a98ea5add0296cbcc415d557eaa1f6bd294 Author: Jussi Kivilinna Date: Wed Dec 4 18:17:22 2013 +0200 mpi: add inline assembly for x86-64 * mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm) (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New. -- Signed-off-by: Jussi Kivilinna diff --git a/mpi/longlong.h b/mpi/longlong.h index 8dd8fe8..4f33937 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -555,6 +555,69 @@ extern USItype __udiv_qrnnd (); #endif #endif /* 80x86 */ +/*************************************** + *********** AMD64 / x86-64 ************ + ***************************************/ +#if defined(__x86_64) && W_TYPE_SIZE == 64 +#define add_ssaaaa(sh, sl, ah, al, bh, bl) \ + __asm__ ("addq %5,%1\n" \ + "adcq %3,%0" \ + : "=r" ((sh)), \ + "=&r" ((sl)) \ + : "0" ((UDItype)(ah)), \ + "g" ((UDItype)(bh)), \ + "1" ((UDItype)(al)), \ + "g" ((UDItype)(bl)) \ + __CLOBBER_CC) +#define sub_ddmmss(sh, sl, ah, al, bh, bl) \ + __asm__ ("subq %5,%1\n" \ + "sbbq %3,%0" \ + : "=r" ((sh)), \ + "=&r" ((sl)) \ + : "0" ((UDItype)(ah)), \ + "g" ((UDItype)(bh)), \ + "1" ((UDItype)(al)), \ + "g" ((UDItype)(bl)) \ + __CLOBBER_CC) +#define umul_ppmm(w1, w0, u, v) \ + __asm__ ("mulq %3" \ + : "=a" ((w0)), \ + "=d" ((w1)) \ + : "0" ((UDItype)(u)), \ + "rm" ((UDItype)(v)) \ + __CLOBBER_CC) +#define udiv_qrnnd(q, r, n1, n0, d) \ + __asm__ ("divq %4" \ + : "=a" ((q)), \ + "=d" ((r)) \ + : "0" ((UDItype)(n0)), \ + "1" ((UDItype)(n1)), \ + "rm" ((UDItype)(d)) \ + __CLOBBER_CC) +#define count_leading_zeros(count, x) \ + do { \ + UDItype __cbtmp; \ + __asm__ ("bsrq %1,%0" \ + : "=r" (__cbtmp) : "rm" ((UDItype)(x)) \ + __CLOBBER_CC); \ + (count) = __cbtmp ^ 63; \ + } while (0) +#define count_trailing_zeros(count, x) \ + do { \ + UDItype __cbtmp; \ + __asm__ ("bsfq %1,%0" \ + : "=r" (__cbtmp) : "rm" ((UDItype)(x)) \ + __CLOBBER_CC); \ + (count) = __cbtmp; \ + } while (0) +#ifndef UMUL_TIME +#define UMUL_TIME 40 +#endif +#ifndef UDIV_TIME +#define UDIV_TIME 40 +#endif +#endif /* __x86_64 */ + /*************************************** ************** I860 ***************** ----------------------------------------------------------------------- Summary of changes: mpi/longlong.h | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From wk at gnupg.org Thu Dec 5 09:09:47 2013 From: wk at gnupg.org (Werner Koch) Date: Thu, 05 Dec 2013 09:09:47 +0100 Subject: Collection of large commit notifications Message-ID: <87iov367n8.fsf@vigenere.g10code.de> Hi, the following commit messages didn't made it to the list due to their size: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-366-gf702d62 Message body is too big: 184756 bytes with a limit of 100 KB Thu Nov 7 11:06:16 2013 Speed-up AES-NI key setup [git] GCRYPT - branch, gcm, created. libgcrypt-1.5.0-389-gbb2888e Message body is too big: 129575 bytes with a limit of 100 KB Thu Nov 14 13:00:32 2013 That is a private branch. [git] gnupg-doc - branch, master, updated. 33fa7092bbda13284f0396fc809270262fb26d7f Message body is too big: 2022772 bytes with a limit of 100 KB Tue Nov 19 14:49:41 2013 Website etc stuff. [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-387-gb49cd64 Message body is too big: 118221 bytes with a limit of 100 KB Tue Nov 19 18:19:52 2013 Add CMAC (Cipher-based MAC) to MAC API [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-402-gdbfa651 Message body is too big: 164166 bytes with a limit of 100 KB Thu Nov 21 15:09:14 2013 GCM: Move gcm_table initialization to setkey [git] Pinentry-QT - branch, master, updated. pinentry-qt-0.5.0-9-g0619bbf Message body is too big: 245526 bytes with a limit of 100 KB Wed Nov 27 14:35:06 2013 [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-417-g7bacf18 Message body is too big: 387974 bytes with a limit of 100 KB Thu Dec 5 08:41:13 2013 Remove macro hacks for internal vs. external functions. Part 1. If you are interested in real time commit notifications, you may join the jabber:gnupg-devel at conference.jabber.gnupg.org MUC. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Thu Dec 5 12:10:53 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 05 Dec 2013 12:10:53 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-418-g7ef43d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f (commit) from 7bacf1812b55fa78db63abaa1f5a9220e9c6cccc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 ecc: Change OID for Ed25519. * cipher/ecc-curves.c (curve_aliased): Add more suitable OID for Ed25519. -- The formerly used OID has been assigned by Peter Gutmann for Curve25519. We better keep them distinct and assign a separate one for Ed25519. Signed-off-by: Werner Koch diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index 5c418d9..8125f24 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -40,7 +40,8 @@ static const struct const char *other; /* Other name. */ } curve_aliases[] = { - { "Ed25519", "1.3.6.1.4.1.3029.1.5.1" }, + /*{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },*/ + { "Ed25519", "1.3.6.1.4.1.11591.15.1" }, { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */ { "NIST P-192", "prime192v1" }, /* X9.62 name. */ ----------------------------------------------------------------------- Summary of changes: cipher/ecc-curves.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 5 13:55:03 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 05 Dec 2013 13:55:03 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-271-g59207a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 59207a86e5f40c77fed296b642bf76692e8eef65 (commit) via 159d42ee6ab21d97f40ee129445f37209b875739 (commit) from 2c9613f3260de96a4af0392adb50d7f9e06cdd70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 59207a86e5f40c77fed296b642bf76692e8eef65 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 gpg: Change OID of Ed25519 and add Brainpool oids. * common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for Ed25519. Add brainpool OIDs. (openpgp_oid_to_curve): Ditto. -- This change is required to the change in Libgcrypt. Note that we will likely use a different OpenPGP algorithm ID for EdDSA and thus the current Ed25519 implementation will not stay with us. Signed-off-by: Werner Koch diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index a1ceba4..05b1a40 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -277,7 +277,7 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits) oidstr = NULL; else if (!strcmp (name, "Ed25519")) { - oidstr = "1.3.6.1.4.1.3029.1.5.1"; + oidstr = "1.3.6.1.4.1.11591.15.1"; nbits = 255; } else if (!strcmp (name, "nistp256")) @@ -295,6 +295,21 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits) oidstr = "1.3.132.0.35"; nbits = 521; } + else if (!strcmp (name,"brainpoolP256r1")) + { + oidstr = "1.3.36.3.3.2.8.1.1.7"; + nbits = 256; + } + else if (!strcmp (name, "brainpoolP384r1")) + { + oidstr = "1.3.36.3.3.2.8.1.1.11"; + nbits = 384; + } + else if (!strcmp (name, "brainpoolP512r1")) + { + oidstr = "1.3.36.3.3.2.8.1.1.13"; + nbits = 512; + } else oidstr = NULL; @@ -314,15 +329,21 @@ openpgp_oid_to_curve (const char *oid) if (!oid) name = ""; - else if (!strcmp (oid, "1.3.6.1.4.1.3029.1.5.1")) + else if (!strcmp (oid, "1.3.6.1.4.1.11591.15.1")) name = "Ed25519"; else if (!strcmp (oid, "1.2.840.10045.3.1.7")) - name = "NIST P-256"; + name = "nistp256"; else if (!strcmp (oid, "1.3.132.0.34")) - name = "NIST P-384"; + name = "nistp384"; else if (!strcmp (oid, "1.3.132.0.35")) - name = "NIST P-521"; - else /* FIXME: Lookup via Libgcrypt. */ + name = "nistp521"; + else if (!strcmp (oid, "1.3.36.3.3.2.8.1.1.7")) + name = "brainpoolP256r1"; + else if (!strcmp (oid, "1.3.36.3.3.2.8.1.1.11")) + name = "brainpoolP384r1"; + else if (!strcmp (oid, "1.3.36.3.3.2.8.1.1.13")) + name = "brainpoolP512r1"; + else name = "?"; return name; commit 159d42ee6ab21d97f40ee129445f37209b875739 Author: Werner Koch Date: Fri Nov 29 15:37:23 2013 +0100 common: Add put_membuf_printf. * common/membuf.c (put_membuf_printf): New. -- This is just a convenience function for easier code readability. Signed-off-by: Werner Koch diff --git a/common/membuf.c b/common/membuf.c index c3480df..02f1b27 100644 --- a/common/membuf.c +++ b/common/membuf.c @@ -1,5 +1,6 @@ /* membuf.c - A simple implementation of a dynamic buffer. * Copyright (C) 2001, 2003, 2009, 2011 Free Software Foundation, Inc. + * Copyright (C) 2013 Werner Koch * * This file is part of GnuPG. * @@ -30,6 +31,7 @@ #include #include #include +#include #include "membuf.h" @@ -122,6 +124,26 @@ put_membuf_str (membuf_t *mb, const char *string) } +void +put_membuf_printf (membuf_t *mb, const char *format, ...) +{ + int rc; + va_list arg_ptr; + char *buf; + + va_start (arg_ptr, format); + rc = estream_vasprintf (&buf, format, arg_ptr); + if (rc < 0) + mb->out_of_core = errno ? errno : ENOMEM; + va_end (arg_ptr); + if (rc >= 0) + { + put_membuf (mb, buf, strlen (buf)); + xfree (buf); + } +} + + void * get_membuf (membuf_t *mb, size_t *len) { diff --git a/common/membuf.h b/common/membuf.h index a76c1be..bf4cf36 100644 --- a/common/membuf.h +++ b/common/membuf.h @@ -30,6 +30,8 @@ #ifndef GNUPG_COMMON_MEMBUF_H #define GNUPG_COMMON_MEMBUF_H +#include "mischelp.h" + /* The definition of the structure is private, we only need it here, so it can be allocated on the stack. */ struct private_membuf_s @@ -52,6 +54,8 @@ void init_membuf_secure (membuf_t *mb, int initiallen); void clear_membuf (membuf_t *mb, size_t amount); void put_membuf (membuf_t *mb, const void *buf, size_t len); void put_membuf_str (membuf_t *mb, const char *string); +void put_membuf_printf (membuf_t *mb, const char *format, + ...) JNLIB_GCC_A_PRINTF(2,3); void *get_membuf (membuf_t *mb, size_t *len); const void *peek_membuf (membuf_t *mb, size_t *len); ----------------------------------------------------------------------- Summary of changes: common/membuf.c | 22 ++++++++++++++++++++++ common/membuf.h | 4 ++++ common/openpgp-oid.c | 33 +++++++++++++++++++++++++++------ 3 files changed, 53 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 6 01:04:10 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 06 Dec 2013 01:04:10 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-419-g5917ce3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5917ce34e3b3eac4c15f62577e4723974024f818 (commit) from 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5917ce34e3b3eac4c15f62577e4723974024f818 Author: Jussi Kivilinna Date: Fri Dec 6 02:02:06 2013 +0200 Fix building on mingw32 * src/gcrypt-int.h: Include . -- 'ulong' is not defined on W32, so we need to include "types.h" in 'gcrypt-int.h'. In file included from ../src/visibility.h:53:0, from ../src/g10lib.h:39, from compat.c:22: ../src/gcrypt-int.h:365:49: error: unknown type name 'ulong' Signed-off-by: Jussi Kivilinna diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index dabc9df..e22baf6 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -25,6 +25,7 @@ #endif #include "gcrypt.h" +#include "types.h" /* These error codes are used but not defined in the required libgpg-error 1.11. Define them here. */ ----------------------------------------------------------------------- Summary of changes: src/gcrypt-int.h | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Dec 7 23:11:23 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 07 Dec 2013 23:11:23 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-422-gd455543 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d4555433b6e422fa69a85cae99961f513e55d82b (commit) via 405021cb6d4e470337302c65dec5bc91491a89c1 (commit) via 4cf2c65fe15173c8d68a141a01b34fc1fb9080b7 (commit) from 5917ce34e3b3eac4c15f62577e4723974024f818 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4555433b6e422fa69a85cae99961f513e55d82b Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 sexp: Allow long names and white space in gcry_sexp_extract_param. * src/sexp.c (_gcry_sexp_vextract_param): Skip white space. Support long parameter names. * tests/tsexp.c (check_extract_param): Add test cases for long parameter names and white space. Signed-off-by: Werner Koch diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 91168a8..927634f 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4145,10 +4145,10 @@ likely want to use @code{GCRYMPI_FMT_USG}. @w{const char *@var{path}}, @ @w{const char *@var{list}}, ...) -Extract parameters from an S-expression using a list of single letter -parameter names. The names of these parameters are specified in -LIST. Some special characters may be given to control the -conversion: +Extract parameters from an S-expression using a list of parameter +names. The names of these parameters are specified in LIST. White +space between the parameter names are ignored. Some special characters +may be given to control the conversion: @table @samp @item + @@ -4162,21 +4162,25 @@ computations; see @code{gcry_mpi_get_opaque} for details. @item & Switch to buffer descriptor mode. See below for details. @item ? -If immediately following a parameter letter, that parameter is -considered optional. +If immediately following a parameter letter (no white space allowed), +that parameter is considered optional. @end table +In general parameter names are single letters. To use a string for a +parameter name, enclose the name in single quotes. + Unless in buffer descriptor mode for each parameter name a pointer to an @code{gcry_mpi_t} variable is expected finally followed by a @code{NULL}. For example @example - _gcry_sexp_extract_param (key, NULL, "n/x+ed", - &mpi_n, &mpi_x, &mpi_e, NULL) + _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'", + &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL) @end example stores the parameter 'n' from @var{key} as an unsigned MPI into - at var{mpi_n}, the parameter 'x' as an opaque MPI into @var{mpi_x}, and -the parameter 'e' again as an unsigned MPI into @var{mpi_e}. + at var{mpi_n}, the parameter 'x' as an opaque MPI into @var{mpi_x}, the +parameter 'e' again as an unsigned MPI into @var{mpi_e}, and the +parameter 'foo' as a signed MPI. @var{path} is an optional string used to locate a token. The exclamation mark separated tokens are used via diff --git a/src/sexp.c b/src/sexp.c index 16def5b..7ff4c0a 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -2113,10 +2113,9 @@ _gcry_sexp_canon_len (const unsigned char *buffer, size_t length, } -/* Extract MPIs from an s-expression using a list of one letter - * parameters. The names of these parameters are given by the string - * LIST. Some special characters may be given to control the - * conversion: +/* Extract MPIs from an s-expression using a list of parameters. The + * names of these parameters are given by the string LIST. Some + * special characters may be given to control the conversion: * * + :: Switch to unsigned integer format (default). * - :: Switch to standard signed format. @@ -2124,6 +2123,9 @@ _gcry_sexp_canon_len (const unsigned char *buffer, size_t length, * & :: Switch to buffer descriptor mode - see below. * ? :: The previous parameter is optional. * + * In general parameter names are single letters. To use a string for + * a parameter name, enclose the name in single quotes. + * * Unless in gcry_buffer_t mode for each parameter name a pointer to * an MPI variable is expected and finally a NULL is expected. * Example: @@ -2158,7 +2160,7 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, const char *list, va_list arg_ptr) { gpg_err_code_t rc; - const char *s; + const char *s, *s2; gcry_mpi_t *array[20]; char arrayisdesc[20]; int idx; @@ -2173,10 +2175,23 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, was found. */ for (s=list, idx=0; *s && idx < DIM (array); s++) { - if (*s == '&' || *s == '+' || *s == '-' || *s == '/' || *s == '?' ) + if (*s == '&' || *s == '+' || *s == '-' || *s == '/' || *s == '?') + ; + else if (whitespacep (s)) ; else { + if (*s == '\'') + { + s++; + s2 = strchr (s, '\''); + if (!s2 || s2 == s) + { + /* Closing quote not found or empty string. */ + return GPG_ERR_SYNTAX; + } + s = s2; + } array[idx] = va_arg (arg_ptr, gcry_mpi_t *); if (!array[idx]) return GPG_ERR_MISSING_VALUE; /* NULL pointer given. */ @@ -2221,11 +2236,29 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, { if (*s == '&' || *s == '+' || *s == '-' || *s == '/') mode = *s; + else if (whitespacep (s)) + ; else if (*s == '?') ; /* Only used via lookahead. */ else { - l1 = _gcry_sexp_find_token (sexp, s, 1); + if (*s == '\'') + { + /* Find closing quote, find token, set S to closing quote. */ + s++; + s2 = strchr (s, '\''); + if (!s2 || s2 == s) + { + /* Closing quote not found or empty string. */ + rc = GPG_ERR_SYNTAX; + goto cleanup; + } + l1 = _gcry_sexp_find_token (sexp, s, s2 - s); + s = s2; + } + else + l1 = _gcry_sexp_find_token (sexp, s, 1); + if (!l1 && s[1] == '?') { /* Optional element not found. */ diff --git a/tests/tsexp.c b/tests/tsexp.c index afa79ff..2f6ad8f 100644 --- a/tests/tsexp.c +++ b/tests/tsexp.c @@ -684,6 +684,18 @@ check_extract_param (void) { sample1, NULL, + "pab'gnq", 7, + GPG_ERR_SYNTAX + }, + { + sample1, + NULL, + "pab''gnq", 7, + GPG_ERR_SYNTAX + }, + { + sample1, + NULL, "pabgnqd", 7, 0, sample1_px, sample1_ax, sample1_bx, sample1_gx, sample1_nx, @@ -692,6 +704,14 @@ check_extract_param (void) { sample1, NULL, + " pab\tg nq\nd ", 7, + 0, + sample1_px, sample1_ax, sample1_bx, sample1_gx, sample1_nx, + sample1_qx, sample1_d + }, + { + sample1, + NULL, "abg", 3, 0, sample1_ax, sample1_bx, sample1_gx @@ -699,6 +719,13 @@ check_extract_param (void) { sample1, NULL, + "ab'g'", 3, + 0, + sample1_ax, sample1_bx, sample1_gx + }, + { + sample1, + NULL, "x?abg", 4, 0, NULL, sample1_ax, sample1_bx, sample1_gx @@ -967,6 +994,50 @@ check_extract_param (void) } gcry_sexp_release (sxp); + + info ("checking gcry_sexp_extract_param long name\n"); + + memset (ioarray, 0, sizeof ioarray); + memset (mpis, 0, sizeof mpis); + + err = gcry_sexp_new (&sxp, sample1, 0, 1); + if (err) + die ("converting string to sexp failed: %s", gpg_strerror (err)); + + err = gcry_sexp_extract_param (sxp, "key-data!private-key", + "&'curve'+p", + ioarray+0, mpis+0, NULL); + if (err) + fail ("gcry_sexp_extract_param long name failed: %s", gpg_strerror (err)); + + if (!ioarray[0].data) + fail ("gcry_sexp_extract_param long name failed: no curve"); + else if (ioarray[0].size != 7) + fail ("gcry_sexp_extract_param long name failed: curve has wrong size"); + else if (ioarray[0].len != 7) + fail ("gcry_sexp_extract_param long name failed: curve has wrong length"); + else if (ioarray[0].off) + fail ("gcry_sexp_extract_param long name failed: curve has OFF set"); + else if (strncmp (ioarray[0].data, "Ed25519", 7)) + { + fail ("gcry_sexp_extract_param long name failed: curve mismatch"); + gcry_log_debug ("expected: %s\n", "Ed25519"); + gcry_log_debug (" got: %.*s\n", (int)ioarray[0].len, ioarray[0].data); + } + + if (!mpis[0]) + fail ("gcry_sexp_extract_param long name failed: p not returned"); + else if (cmp_mpihex (mpis[0], sample1_p)) + { + fail ("gcry_sexp_extract_param long name failed: p mismatch"); + gcry_log_debug ("expected: %s\n", sample1_p); + gcry_log_debugmpi (" got", mpis[0]); + } + + gcry_mpi_release (mpis[0]); + + gcry_sexp_release (sxp); + } commit 405021cb6d4e470337302c65dec5bc91491a89c1 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 ecc: Merge partly duplicated code. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ... (_gcry_ecc_eddsa_compute_h_d): new function. * cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function. (reverse_buffer): Remove. Signed-off-by: Werner Koch diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index dc4a9d0..c407c74 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -115,6 +115,8 @@ gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result, unsigned char **r_encpk, unsigned int *r_encpklen); +gpg_err_code_t _gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, + gcry_mpi_t d, mpi_ec_t ec); gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 12cdea0..17c1f73 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -368,6 +368,71 @@ _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result, } +/* Compute the A value as used by EdDSA. The caller needs to provide + the context EC and the actual secret D as an MPI. The function + returns a newly allocated 64 byte buffer at r_digest; the first 32 + bytes represent the A value. NULL is returned on error and NULL + stored at R_DIGEST. */ +gpg_err_code_t +_gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, + gcry_mpi_t d, mpi_ec_t ec) +{ + gpg_err_code_t rc; + unsigned char *rawmpi = NULL; + unsigned int rawmpilen; + unsigned char *digest; + gcry_buffer_t hvec[2]; + int hashalgo, b; + + *r_digest = NULL; + + hashalgo = GCRY_MD_SHA512; + if (hashalgo != GCRY_MD_SHA512) + return GPG_ERR_DIGEST_ALGO; + + b = (ec->nbits+7)/8; + if (b != 256/8) + return GPG_ERR_INTERNAL; /* We only support 256 bit. */ + + /* Note that we clear DIGEST so we can use it as input to left pad + the key with zeroes for hashing. */ + digest = gcry_calloc_secure (2, b); + if (!digest) + return gpg_err_code_from_syserror (); + + memset (hvec, 0, sizeof hvec); + + rawmpi = _gcry_mpi_get_buffer (d, 0, &rawmpilen, NULL); + if (!rawmpi) + { + gcry_free (digest); + return gpg_err_code_from_syserror (); + } + + hvec[0].data = digest; + hvec[0].off = 0; + hvec[0].len = b > rawmpilen? b - rawmpilen : 0; + hvec[1].data = rawmpi; + hvec[1].off = 0; + hvec[1].len = rawmpilen; + rc = _gcry_md_hash_buffers (hashalgo, 0, digest, hvec, 2); + gcry_free (rawmpi); + if (rc) + { + gcry_free (digest); + return rc; + } + + /* Compute the A value. */ + reverse_buffer (digest, 32); /* Only the first half of the hash. */ + digest[0] = (digest[0] & 0x7f) | 0x40; + digest[31] &= 0xf8; + + *r_digest = digest; + return 0; +} + + /* Ed25519 version of the key generation. */ gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, @@ -480,8 +545,6 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, if (!mpi_is_opaque (input)) return GPG_ERR_INV_DATA; - if (hashalgo != GCRY_MD_SHA512) - return GPG_ERR_DIGEST_ALGO; /* Initialize some helpers. */ point_init (&I); @@ -496,36 +559,9 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, if (b != 256/8) return GPG_ERR_INTERNAL; /* We only support 256 bit. */ - digest = gcry_calloc_secure (2, b); - if (!digest) - { - rc = gpg_err_code_from_syserror (); - goto leave; - } - - /* Hash the secret key. We clear DIGEST so we can use it as input - to left pad the key with zeroes for hashing. */ - rawmpi = _gcry_mpi_get_buffer (skey->d, 0, &rawmpilen, NULL); - if (!rawmpi) - { - rc = gpg_err_code_from_syserror (); - goto leave; - } - hvec[0].data = digest; - hvec[0].off = 0; - hvec[0].len = b > rawmpilen? b - rawmpilen : 0; - hvec[1].data = rawmpi; - hvec[1].off = 0; - hvec[1].len = rawmpilen; - rc = _gcry_md_hash_buffers (hashalgo, 0, digest, hvec, 2); - gcry_free (rawmpi); rawmpi = NULL; + rc = _gcry_ecc_eddsa_compute_h_d (&digest, skey->d, ctx); if (rc) goto leave; - - /* Compute the A value (this modifies DIGEST). */ - reverse_buffer (digest, 32); /* Only the first half of the hash. */ - digest[0] = (digest[0] & 0x7f) | 0x40; - digest[31] &= 0xf8; _gcry_mpi_set_buffer (a, digest, 32, 0); /* Compute the public key if it has not been supplied as optional diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c index 26c9e8d..ae3e4f0 100644 --- a/cipher/ecc-misc.c +++ b/cipher/ecc-misc.c @@ -236,20 +236,6 @@ _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value) } -static void -reverse_buffer (unsigned char *buffer, unsigned int length) -{ - unsigned int tmp, i; - - for (i=0; i < length/2; i++) - { - tmp = buffer[i]; - buffer[i] = buffer[length-1-i]; - buffer[length-1-i] = tmp; - } -} - - /* Compute the public key from the the context EC. Obviously a requirement is that the secret key is available in EC. On success Q is returned; on error NULL. If Q is NULL a newly allocated point @@ -259,8 +245,6 @@ mpi_point_t _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, mpi_point_t G, gcry_mpi_t d) { - int rc; - if (!G) G = ec->G; if (!d) @@ -275,41 +259,11 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, && (ec->flags & PUBKEY_FLAG_EDDSA)) { gcry_mpi_t a; - unsigned char *rawmpi = NULL; - unsigned int rawmpilen; unsigned char *digest; - gcry_buffer_t hvec[2]; - int b = (ec->nbits+7)/8; - - gcry_assert (b >= 32); - digest = gcry_calloc_secure (2, b); - if (!digest) - return NULL; - memset (hvec, 0, sizeof hvec); - rawmpi = _gcry_mpi_get_buffer (d, 0, &rawmpilen, NULL); - if (!rawmpi) + if (_gcry_ecc_eddsa_compute_h_d (&digest, d, ec)) return NULL; - memset (digest, 0, b); - hvec[0].data = digest; - hvec[0].off = 0; - hvec[0].len = b > rawmpilen? b - rawmpilen : 0; - hvec[1].data = rawmpi; - hvec[1].off = 0; - hvec[1].len = rawmpilen; - /* FIXME: Put and take the hash algo from the context. */ - rc = _gcry_md_hash_buffers (GCRY_MD_SHA512, 0, digest, hvec, 2); - gcry_free (rawmpi); - if (rc) - { - gcry_free (digest); - return NULL; - } - /* Compute the A value. */ - reverse_buffer (digest, 32); /* Only the first half of the hash. */ - digest[0] = (digest[0] & 0x7f) | 0x40; - digest[31] &= 0xf8; a = mpi_snew (0); _gcry_mpi_set_buffer (a, digest, 32, 0); gcry_free (digest); commit 4cf2c65fe15173c8d68a141a01b34fc1fb9080b7 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 ecc: Remove unused internal function. * src/cipher-proto.h (gcry_pk_spec): Remove get_param. * cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from _gcry_ecc_get_param. (_gcry_ecc_get_param): Remove. * cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param. Signed-off-by: Werner Koch diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index 1ee1d39..dc4a9d0 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -80,8 +80,7 @@ gpg_err_code_t _gcry_ecc_update_curve_param (const char *name, const char *_gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits); -gcry_err_code_t _gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey); -gcry_sexp_t _gcry_ecc_get_param_sexp (const char *name); +gcry_sexp_t _gcry_ecc_get_param_sexp (const char *name); /*-- ecc-misc.c --*/ void _gcry_ecc_curve_free (elliptic_curve_t *E); diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index 8125f24..85ebdd3 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -926,20 +926,21 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, } -/* Return the parameters of the curve NAME in an MPI array. */ -gcry_err_code_t -_gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey) +/* Return the parameters of the curve NAME as an S-expression. */ +gcry_sexp_t +_gcry_ecc_get_param_sexp (const char *name) { - gpg_err_code_t err; unsigned int nbits; elliptic_curve_t E; mpi_ec_t ctx; gcry_mpi_t g_x, g_y; + gcry_mpi_t pkey[6]; + gcry_sexp_t result; + int i; memset (&E, 0, sizeof E); - err = _gcry_ecc_fill_in_curve (0, name, &E, &nbits); - if (err) - return err; + if (_gcry_ecc_fill_in_curve (0, name, &E, &nbits)) + return NULL; g_x = mpi_new (0); g_y = mpi_new (0); @@ -962,21 +963,6 @@ _gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey) mpi_free (g_x); mpi_free (g_y); - return 0; -} - - -/* Return the parameters of the curve NAME as an S-expression. */ -gcry_sexp_t -_gcry_ecc_get_param_sexp (const char *name) -{ - gcry_mpi_t pkey[6]; - gcry_sexp_t result; - int i; - - if (_gcry_ecc_get_param (name, pkey)) - return NULL; - if (sexp_build (&result, NULL, "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", pkey[0], pkey[1], pkey[2], pkey[3], pkey[4])) diff --git a/cipher/ecc.c b/cipher/ecc.c index a7de254..e3c49ce 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1755,7 +1755,6 @@ gcry_pk_spec_t _gcry_pubkey_spec_ecc = ecc_get_nbits, run_selftests, compute_keygrip, - _gcry_ecc_get_param, _gcry_ecc_get_curve, _gcry_ecc_get_param_sexp }; diff --git a/src/cipher-proto.h b/src/cipher-proto.h index 11c2862..0955ef5 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -84,10 +84,6 @@ typedef unsigned (*gcry_pk_get_nbits_t) (gcry_sexp_t keyparms); typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md, gcry_sexp_t keyparm); -/* The type used to query ECC curve parameters. */ -typedef gcry_err_code_t (*pk_get_param_t) (const char *name, - gcry_mpi_t *pkey); - /* The type used to query an ECC curve name. */ typedef const char *(*pk_get_curve_t)(gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits); @@ -121,7 +117,6 @@ typedef struct gcry_pk_spec gcry_pk_get_nbits_t get_nbits; selftest_func_t selftest; pk_comp_keygrip_t comp_keygrip; - pk_get_param_t get_param; pk_get_curve_t get_curve; pk_get_curve_param_t get_curve_param; } gcry_pk_spec_t; ----------------------------------------------------------------------- Summary of changes: cipher/ecc-common.h | 5 +-- cipher/ecc-curves.c | 30 +++++----------- cipher/ecc-eddsa.c | 96 +++++++++++++++++++++++++++++++++++---------------- cipher/ecc-misc.c | 48 +------------------------- cipher/ecc.c | 1 - doc/gcrypt.texi | 24 +++++++------ src/cipher-proto.h | 5 --- src/sexp.c | 47 +++++++++++++++++++++---- tests/tsexp.c | 71 +++++++++++++++++++++++++++++++++++++ 9 files changed, 203 insertions(+), 124 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 9 08:38:37 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Dec 2013 08:38:37 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-423-g8072e9f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 8072e9fa4b42ae8e65e266aa158fd903f1bb0927 (commit) from d4555433b6e422fa69a85cae99961f513e55d82b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8072e9fa4b42ae8e65e266aa158fd903f1bb0927 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 tests: Add --csv option to bench-slope. * tests/bench-slope.c (STR, STR2): New. (cvs_mode): New. (num_measurement_repetitions): New. Replace use of NUM_MEASUREMENT_REPETITIONS by this. (current_section_name, current_algo_name, current_mode_name): New. (bench_print_result_csv): New. (bench_print_result_std): Rename from bench_print_result. (bench_print_result): New. Divert depending on CSV_MODE. (bench_print_header, bench_print_footer): take care of CSV_MODE. (bench_print_algo, bench_print_mode): New. Use them instead of explicit printfs. (main): Add options --csv and --repetitions. Signed-off-by: Werner Koch diff --git a/tests/bench-slope.c b/tests/bench-slope.c index fd9f64b..79314c3 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -1,5 +1,5 @@ /* bench-slope.c - for libgcrypt - * Copyright ? 2013 Jussi Kivilinna + * Copyright (C) 2013 Jussi Kivilinna * * This file is part of Libgcrypt. * @@ -27,21 +27,33 @@ #include #ifdef _GCRYPT_IN_LIBGCRYPT -#include "../src/gcrypt-int.h" -#include "../compat/libcompat.h" +# include "../src/gcrypt-int.h" +# include "../compat/libcompat.h" #else -#include +# include +#endif + +#ifndef STR +#define STR(v) #v +#define STR2(v) STR(v) #endif #define PGM "bench-slope" static int verbose; - +static int csv_mode; +static int num_measurement_repetitions; /* CPU Ghz value provided by user, allows constructing cycles/byte and other results. */ static double cpu_ghz = -1; +/* The name of the currently printed section. */ +static char *current_section_name; +/* The name of the currently printed algorithm. */ +static char *current_algo_name; +/* The name of the currently printed mode. */ +static char *current_mode_name; /*************************************** Default parameters for measurements. */ @@ -463,7 +475,41 @@ double_to_str (char *out, size_t outlen, double value) } static void -bench_print_result (double nsecs_per_byte) +bench_print_result_csv (double nsecs_per_byte) +{ + double cycles_per_byte, mbytes_per_sec; + char nsecpbyte_buf[16]; + char mbpsec_buf[16]; + char cpbyte_buf[16]; + + *cpbyte_buf = 0; + + double_to_str (nsecpbyte_buf, sizeof (nsecpbyte_buf), nsecs_per_byte); + + /* If user didn't provide CPU speed, we cannot show cycles/byte results. */ + if (cpu_ghz > 0.0) + { + cycles_per_byte = nsecs_per_byte * cpu_ghz; + double_to_str (cpbyte_buf, sizeof (cpbyte_buf), cycles_per_byte); + } + + mbytes_per_sec = + (1000.0 * 1000.0 * 1000.0) / (nsecs_per_byte * 1024 * 1024); + double_to_str (mbpsec_buf, sizeof (mbpsec_buf), mbytes_per_sec); + + /* We print two empty fields to allow for future enhancements. */ + printf ("%s,%s,%s,,,%s,ns/B,%s,MiB/s,%s,c/B\n", + current_section_name, + current_algo_name? current_algo_name : "", + current_mode_name? current_mode_name : "", + nsecpbyte_buf, + mbpsec_buf, + cpbyte_buf); + +} + +static void +bench_print_result_std (double nsecs_per_byte) { double cycles_per_byte, mbytes_per_sec; char nsecpbyte_buf[16]; @@ -493,17 +539,85 @@ bench_print_result (double nsecs_per_byte) } static void +bench_print_result (double nsecs_per_byte) +{ + if (csv_mode) + bench_print_result_csv (nsecs_per_byte); + else + bench_print_result_std (nsecs_per_byte); +} + +static void +bench_print_section (const char *section_name, const char *print_name) +{ + if (csv_mode) + { + gcry_free (current_section_name); + current_section_name = gcry_xstrdup (section_name); + } + else + printf ("%s:\n", print_name); +} + +static void bench_print_header (int algo_width, const char *algo_name) { - printf (" %-*s | ", algo_width, algo_name); - printf ("%14s %15s %13s\n", "nanosecs/byte", "mebibytes/sec", - "cycles/byte"); + if (csv_mode) + { + gcry_free (current_algo_name); + current_algo_name = gcry_xstrdup (algo_name); + } + else + { + if (algo_width < 0) + printf (" %-*s | ", -algo_width, algo_name); + else + printf (" %-*s | ", algo_width, algo_name); + printf ("%14s %15s %13s\n", "nanosecs/byte", "mebibytes/sec", + "cycles/byte"); + } +} + +static void +bench_print_algo (int algo_width, const char *algo_name) +{ + if (csv_mode) + { + gcry_free (current_algo_name); + current_algo_name = gcry_xstrdup (algo_name); + } + else + { + if (algo_width < 0) + printf (" %-*s | ", -algo_width, algo_name); + else + printf (" %-*s | ", algo_width, algo_name); + } +} + +static void +bench_print_mode (int width, const char *mode_name) +{ + if (csv_mode) + { + gcry_free (current_mode_name); + current_mode_name = gcry_xstrdup (mode_name); + } + else + { + if (width < 0) + printf (" %-*s | ", -width, mode_name); + else + printf (" %*s | ", width, mode_name); + fflush (stdout); + } } static void bench_print_footer (int algo_width) { - printf (" %-*s =\n", algo_width, ""); + if (!csv_mode) + printf (" %-*s =\n", algo_width, ""); } @@ -529,7 +643,7 @@ bench_encrypt_init (struct bench_obj *obj) obj->min_bufsize = BUF_START_SIZE; obj->max_bufsize = BUF_END_SIZE; obj->step_size = BUF_STEP_SIZE; - obj->num_measure_repetitions = NUM_MEASUREMENT_REPETITIONS; + obj->num_measure_repetitions = num_measurement_repetitions; err = gcry_cipher_open (&hd, mode->algo, mode->mode, 0); if (err) @@ -962,8 +1076,7 @@ cipher_bench_one (int algo, struct bench_cipher_mode *pmode) if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN) return; - printf (" %14s | ", mode.name); - fflush (stdout); + bench_print_mode (14, mode.name); obj.ops = mode.ops; obj.priv = &mode; @@ -996,7 +1109,7 @@ cipher_bench (char **argv, int argc) { int i, algo; - printf ("Cipher:\n"); + bench_print_section ("cipher", "Cipher"); if (argv && argc) { @@ -1037,7 +1150,7 @@ bench_hash_init (struct bench_obj *obj) obj->min_bufsize = BUF_START_SIZE; obj->max_bufsize = BUF_END_SIZE; obj->step_size = BUF_STEP_SIZE; - obj->num_measure_repetitions = NUM_MEASUREMENT_REPETITIONS; + obj->num_measure_repetitions = num_measurement_repetitions; err = gcry_md_open (&hd, mode->algo, 0); if (err) @@ -1093,10 +1206,9 @@ hash_bench_one (int algo, struct bench_hash_mode *pmode) mode.algo = algo; if (mode.name[0] == '\0') - printf (" %-14s | ", gcry_md_algo_name (algo)); + bench_print_algo (-14, gcry_md_algo_name (algo)); else - printf (" %14s | ", mode.name); - fflush (stdout); + bench_print_algo (14, mode.name); obj.ops = mode.ops; obj.priv = &mode; @@ -1120,8 +1232,7 @@ hash_bench (char **argv, int argc) { int i, algo; - printf ("Hash:\n"); - + bench_print_section ("hash", "Hash"); bench_print_header (14, ""); if (argv && argc) @@ -1167,7 +1278,7 @@ bench_mac_init (struct bench_obj *obj) obj->min_bufsize = BUF_START_SIZE; obj->max_bufsize = BUF_END_SIZE; obj->step_size = BUF_STEP_SIZE; - obj->num_measure_repetitions = NUM_MEASUREMENT_REPETITIONS; + obj->num_measure_repetitions = num_measurement_repetitions; keylen = gcry_mac_get_algo_keylen (mode->algo); if (keylen == 0) @@ -1247,10 +1358,9 @@ mac_bench_one (int algo, struct bench_mac_mode *pmode) mode.algo = algo; if (mode.name[0] == '\0') - printf (" %-18s | ", gcry_mac_algo_name (algo)); + bench_print_algo (-18, gcry_mac_algo_name (algo)); else - printf (" %18s | ", mode.name); - fflush (stdout); + bench_print_algo (18, mode.name); obj.ops = mode.ops; obj.priv = &mode; @@ -1274,8 +1384,7 @@ mac_bench (char **argv, int argc) { int i, algo; - printf ("MAC:\n"); - + bench_print_section ("mac", "MAC"); bench_print_header (18, ""); if (argv && argc) @@ -1307,10 +1416,13 @@ print_help (void) "usage: bench-slope [options] [hash|mac|cipher [algonames]]", "", " options:", - " --cpu-mhz Set CPU speed for calculating cycles per bytes", - " results.", - " --disable-hwf Disable hardware acceleration feature(s) for", - " benchmarking.", + " --cpu-mhz Set CPU speed for calculating cycles", + " per bytes results.", + " --disable-hwf Disable hardware acceleration feature(s)", + " for benchmarking.", + " --repetitions Use N repetitions (default " + STR2(NUM_MEASUREMENT_REPETITIONS) ")", + " --csv Use CSV output format", NULL }; const char **line; @@ -1341,6 +1453,8 @@ main (int argc, char **argv) int last_argc = -1; int debug = 0; + num_measurement_repetitions = NUM_MEASUREMENT_REPETITIONS; + if (argc) { argc--; @@ -1380,6 +1494,12 @@ main (int argc, char **argv) argc--; argv++; } + else if (!strcmp (*argv, "--csv")) + { + csv_mode = 1; + argc--; + argv++; + } else if (!strcmp (*argv, "--disable-hwf")) { argc--; @@ -1408,6 +1528,25 @@ main (int argc, char **argv) argv++; } } + else if (!strcmp (*argv, "--repetitions")) + { + argc--; + argv++; + if (argc) + { + num_measurement_repetitions = atof (*argv); + if (num_measurement_repetitions < 2) + { + fprintf (stderr, + PGM + ": value for --repetitions too small - using %d\n", + NUM_MEASUREMENT_REPETITIONS); + num_measurement_repetitions = NUM_MEASUREMENT_REPETITIONS; + } + argc--; + argv++; + } + } } gcry_control (GCRYCTL_SET_VERBOSITY, (int) verbose); ----------------------------------------------------------------------- Summary of changes: tests/bench-slope.c | 199 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 169 insertions(+), 30 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 9 08:50:20 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Dec 2013 08:50:20 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.3-4-g450adc3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via 450adc39b461bdf48230fa0f9ef7317e9937a8e5 (commit) from 182640abc40b5ce77d4c0aaa0aa8c09d05a92138 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 450adc39b461bdf48230fa0f9ef7317e9937a8e5 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 tests: Add bench-slope. * tests/bench-slope.c: New. This is a stripped down version taken from master. * tests/Makefile.am (noinst_PROGRAMS): Add bench-slope. diff --git a/tests/Makefile.am b/tests/Makefile.am index 689a3db..e2aa12f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -40,7 +40,7 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS) LDADD = ../src/libgcrypt.la $(DL_LIBS) ../compat/libcompat.la $(GPG_ERROR_LIBS) EXTRA_PROGRAMS = testapi pkbench -noinst_PROGRAMS = $(TESTS) fipsdrv rsacvt +noinst_PROGRAMS = $(TESTS) fipsdrv rsacvt bench-slope EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \ pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h diff --git a/tests/bench-slope.c b/tests/bench-slope.c new file mode 100644 index 0000000..8897b64 --- /dev/null +++ b/tests/bench-slope.c @@ -0,0 +1,1148 @@ +/* bench-slope.c - for libgcrypt + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser general Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include + +#ifdef _GCRYPT_IN_LIBGCRYPT +# include "../src/gcrypt.h" +# include "../compat/libcompat.h" +#else +# include +#endif + +#ifndef STR +#define STR(v) #v +#define STR2(v) STR(v) +#endif + +#define PGM "bench-slope" + +static int verbose; +static int csv_mode; +static int num_measurement_repetitions; + +/* CPU Ghz value provided by user, allows constructing cycles/byte and other + results. */ +static double cpu_ghz = -1; + +/* The name of the currently printed section. */ +static char *current_section_name; +/* The name of the currently printed algorithm. */ +static char *current_algo_name; +/* The name of the currently printed mode. */ +static char *current_mode_name; + + +/*************************************** Default parameters for measurements. */ + +/* Start at small buffer size, to get reasonable timer calibration for fast + * implementations (AES-NI etc). Sixteen selected to support the largest block + * size of current set cipher blocks. */ +#define BUF_START_SIZE 16 + +/* From ~0 to ~4kbytes give comparable results with results from academia + * (SUPERCOP). */ +#define BUF_END_SIZE (BUF_START_SIZE + 4096) + +/* With 128 byte steps, we get (4096)/64 = 64 data points. */ +#define BUF_STEP_SIZE 64 + +/* Number of repeated measurements at each data point. The median of these + * measurements is selected as data point further analysis. */ +#define NUM_MEASUREMENT_REPETITIONS 64 + +/**************************************************** High-resolution timers. */ + +/* This benchmarking module needs needs high resolution timer. */ +#undef NO_GET_NSEC_TIME +#if defined(_WIN32) +struct nsec_time +{ + LARGE_INTEGER perf_count; +}; + +static void +get_nsec_time (struct nsec_time *t) +{ + BOOL ok; + + ok = QueryPerformanceCounter (&t->perf_count); + assert (ok); +} + +static double +get_time_nsec_diff (struct nsec_time *start, struct nsec_time *end) +{ + static double nsecs_per_count = 0.0; + double nsecs; + + if (nsecs_per_count == 0.0) + { + LARGE_INTEGER perf_freq; + BOOL ok; + + /* Get counts per second. */ + ok = QueryPerformanceFrequency (&perf_freq); + assert (ok); + + nsecs_per_count = 1.0 / perf_freq.QuadPart; + nsecs_per_count *= 1000000.0 * 1000.0; /* sec => nsec */ + + assert (nsecs_per_count > 0.0); + } + + nsecs = end->perf_count.QuadPart - start->perf_count.QuadPart; /* counts */ + nsecs *= nsecs_per_count; /* counts * (nsecs / count) => nsecs */ + + return nsecs; +} +#elif defined(HAVE_CLOCK_GETTIME) +struct nsec_time +{ + struct timespec ts; +}; + +static void +get_nsec_time (struct nsec_time *t) +{ + int err; + + err = clock_gettime (CLOCK_REALTIME, &t->ts); + assert (err == 0); +} + +static double +get_time_nsec_diff (struct nsec_time *start, struct nsec_time *end) +{ + double nsecs; + + nsecs = end->ts.tv_sec - start->ts.tv_sec; + nsecs *= 1000000.0 * 1000.0; /* sec => nsec */ + + /* This way we don't have to care if tv_nsec unsigned or signed. */ + if (end->ts.tv_nsec >= start->ts.tv_nsec) + nsecs += end->ts.tv_nsec - start->ts.tv_nsec; + else + nsecs -= start->ts.tv_nsec - end->ts.tv_nsec; + + return nsecs; +} +#elif defined(HAVE_GETTIMEOFDAY) +struct nsec_time +{ + struct timeval tv; +}; + +static void +get_nsec_time (struct nsec_time *t) +{ + int err; + + err = gettimeofday (&t->tv, NULL); + assert (err == 0); +} + +static double +get_time_nsec_diff (struct nsec_time *start, struct nsec_time *end) +{ + double nsecs; + + nsecs = end->tv.tv_sec - start->tv.tv_sec; + nsecs *= 1000000; /* sec => ?sec */ + + /* This way we don't have to care if tv_usec unsigned or signed. */ + if (end->tv.tv_usec >= start->tv.tv_usec) + nsecs += end->tv.tv_usec - start->tv.tv_usec; + else + nsecs -= start->tv.tv_usec - end->tv.tv_usec; + + nsecs *= 1000; /* ?sec => nsec */ + + return nsecs; +} +#else +#define NO_GET_NSEC_TIME 1 +#endif + + +/* If no high resolution timer found, provide dummy bench-slope. */ +#ifdef NO_GET_NSEC_TIME + + +int +main (void) +{ + /* No nsec timer => SKIP test. */ + return 77; +} + + +#else /* !NO_GET_NSEC_TIME */ + + +/********************************************** Slope benchmarking framework. */ + +struct bench_obj +{ + const struct bench_ops *ops; + + unsigned int num_measure_repetitions; + unsigned int min_bufsize; + unsigned int max_bufsize; + unsigned int step_size; + + void *priv; +}; + +typedef int (*const bench_initialize_t) (struct bench_obj * obj); +typedef void (*const bench_finalize_t) (struct bench_obj * obj); +typedef void (*const bench_do_run_t) (struct bench_obj * obj, void *buffer, + size_t buflen); + +struct bench_ops +{ + bench_initialize_t initialize; + bench_finalize_t finalize; + bench_do_run_t do_run; +}; + + +double +get_slope (double (*const get_x) (unsigned int idx, void *priv), + void *get_x_priv, double y_points[], unsigned int npoints, + double *overhead) +{ + double sumx, sumy, sumx2, sumy2, sumxy; + unsigned int i; + double b, a; + + sumx = sumy = sumx2 = sumy2 = sumxy = 0; + + for (i = 0; i < npoints; i++) + { + double x, y; + + x = get_x (i, get_x_priv); /* bytes */ + y = y_points[i]; /* nsecs */ + + sumx += x; + sumy += y; + sumx2 += x * x; + /*sumy2 += y * y;*/ + sumxy += x * y; + } + + b = (npoints * sumxy - sumx * sumy) / (npoints * sumx2 - sumx * sumx); + a = (sumy - b * sumx) / npoints; + + if (overhead) + *overhead = a; /* nsecs */ + + return b; /* nsecs per byte */ +} + + +double +get_bench_obj_point_x (unsigned int idx, void *priv) +{ + struct bench_obj *obj = priv; + return (double) (obj->min_bufsize + (idx * obj->step_size)); +} + + +unsigned int +get_num_measurements (struct bench_obj *obj) +{ + unsigned int buf_range = obj->max_bufsize - obj->min_bufsize; + unsigned int num = buf_range / obj->step_size + 1; + + while (obj->min_bufsize + (num * obj->step_size) > obj->max_bufsize) + num--; + + return num + 1; +} + + +static int +double_cmp (const void *_a, const void *_b) +{ + const double *a, *b; + + a = _a; + b = _b; + + if (*a > *b) + return 1; + if (*a < *b) + return -1; + return 0; +} + + +double +do_bench_obj_measurement (struct bench_obj *obj, void *buffer, size_t buflen, + double *measurement_raw, + unsigned int loop_iterations) +{ + const unsigned int num_repetitions = obj->num_measure_repetitions; + const bench_do_run_t do_run = obj->ops->do_run; + struct nsec_time start, end; + unsigned int rep, loop; + double res; + + if (num_repetitions < 1 || loop_iterations < 1) + return 0.0; + + for (rep = 0; rep < num_repetitions; rep++) + { + get_nsec_time (&start); + + for (loop = 0; loop < loop_iterations; loop++) + do_run (obj, buffer, buflen); + + get_nsec_time (&end); + + measurement_raw[rep] = get_time_nsec_diff (&start, &end); + } + + /* Return median of repeated measurements. */ + qsort (measurement_raw, num_repetitions, sizeof (measurement_raw[0]), + double_cmp); + + if (num_repetitions % 2 == 1) + return measurement_raw[num_repetitions / 2]; + + res = measurement_raw[num_repetitions / 2] + + measurement_raw[num_repetitions / 2 - 1]; + return res / 2; +} + + +unsigned int +adjust_loop_iterations_to_timer_accuracy (struct bench_obj *obj, void *buffer, + double *measurement_raw) +{ + const double increase_thres = 3.0; + double tmp, nsecs; + unsigned int loop_iterations; + unsigned int test_bufsize; + + test_bufsize = obj->min_bufsize; + if (test_bufsize == 0) + test_bufsize += obj->step_size; + + loop_iterations = 0; + do + { + /* Increase loop iterations until we get other results than zero. */ + nsecs = + do_bench_obj_measurement (obj, buffer, test_bufsize, + measurement_raw, ++loop_iterations); + } + while (nsecs < 1.0 - 0.1); + do + { + /* Increase loop iterations until we get reasonable increase for elapsed time. */ + tmp = + do_bench_obj_measurement (obj, buffer, test_bufsize, + measurement_raw, ++loop_iterations); + } + while (tmp < nsecs * (increase_thres - 0.1)); + + return loop_iterations; +} + + +/* Benchmark and return linear regression slope in nanoseconds per byte. */ +double +do_slope_benchmark (struct bench_obj *obj) +{ + unsigned int num_measurements; + double *measurements = NULL; + double *measurement_raw = NULL; + double slope, overhead; + unsigned int loop_iterations, midx, i; + unsigned char *real_buffer = NULL; + unsigned char *buffer; + size_t cur_bufsize; + int err; + + err = obj->ops->initialize (obj); + if (err < 0) + return -1; + + num_measurements = get_num_measurements (obj); + measurements = calloc (num_measurements, sizeof (*measurements)); + if (!measurements) + goto err_free; + + measurement_raw = + calloc (obj->num_measure_repetitions, sizeof (*measurement_raw)); + if (!measurement_raw) + goto err_free; + + if (num_measurements < 1 || obj->num_measure_repetitions < 1 || + obj->max_bufsize < 1 || obj->min_bufsize > obj->max_bufsize) + goto err_free; + + real_buffer = malloc (obj->max_bufsize + 128); + if (!real_buffer) + goto err_free; + /* Get aligned buffer */ + buffer = real_buffer; + buffer += 128 - ((real_buffer - (unsigned char *) 0) & (128 - 1)); + + for (i = 0; i < obj->max_bufsize; i++) + buffer[i] = 0x55 ^ (-i); + + /* Adjust number of loop iterations up to timer accuracy. */ + loop_iterations = adjust_loop_iterations_to_timer_accuracy (obj, buffer, + measurement_raw); + + /* Perform measurements */ + for (midx = 0, cur_bufsize = obj->min_bufsize; + cur_bufsize <= obj->max_bufsize; cur_bufsize += obj->step_size, midx++) + { + measurements[midx] = + do_bench_obj_measurement (obj, buffer, cur_bufsize, measurement_raw, + loop_iterations); + measurements[midx] /= loop_iterations; + } + + assert (midx == num_measurements); + + slope = + get_slope (&get_bench_obj_point_x, obj, measurements, num_measurements, + &overhead); + + free (measurement_raw); + free (real_buffer); + obj->ops->finalize (obj); + + return slope; + +err_free: + if (measurement_raw) + free (measurement_raw); + if (measurements) + free (measurements); + if (real_buffer) + free (real_buffer); + obj->ops->finalize (obj); + + return -1; +} + + +/********************************************************** Printing results. */ + +static void +double_to_str (char *out, size_t outlen, double value) +{ + const char *fmt; + + if (value < 1.0) + fmt = "%.3f"; + else if (value < 100.0) + fmt = "%.2f"; + else + fmt = "%.1f"; + + snprintf (out, outlen, fmt, value); +} + +static void +bench_print_result_csv (double nsecs_per_byte) +{ + double cycles_per_byte, mbytes_per_sec; + char nsecpbyte_buf[16]; + char mbpsec_buf[16]; + char cpbyte_buf[16]; + + *cpbyte_buf = 0; + + double_to_str (nsecpbyte_buf, sizeof (nsecpbyte_buf), nsecs_per_byte); + + /* If user didn't provide CPU speed, we cannot show cycles/byte results. */ + if (cpu_ghz > 0.0) + { + cycles_per_byte = nsecs_per_byte * cpu_ghz; + double_to_str (cpbyte_buf, sizeof (cpbyte_buf), cycles_per_byte); + } + + mbytes_per_sec = + (1000.0 * 1000.0 * 1000.0) / (nsecs_per_byte * 1024 * 1024); + double_to_str (mbpsec_buf, sizeof (mbpsec_buf), mbytes_per_sec); + + /* We print two empty fields to allow for future enhancements. */ + printf ("%s,%s,%s,,,%s,ns/B,%s,MiB/s,%s,c/B\n", + current_section_name, + current_algo_name? current_algo_name : "", + current_mode_name? current_mode_name : "", + nsecpbyte_buf, + mbpsec_buf, + cpbyte_buf); + +} + +static void +bench_print_result_std (double nsecs_per_byte) +{ + double cycles_per_byte, mbytes_per_sec; + char nsecpbyte_buf[16]; + char mbpsec_buf[16]; + char cpbyte_buf[16]; + + strcpy (cpbyte_buf, "-"); + + double_to_str (nsecpbyte_buf, sizeof (nsecpbyte_buf), nsecs_per_byte); + + /* If user didn't provide CPU speed, we cannot show cycles/byte results. */ + if (cpu_ghz > 0.0) + { + cycles_per_byte = nsecs_per_byte * cpu_ghz; + double_to_str (cpbyte_buf, sizeof (cpbyte_buf), cycles_per_byte); + } + + mbytes_per_sec = + (1000.0 * 1000.0 * 1000.0) / (nsecs_per_byte * 1024 * 1024); + double_to_str (mbpsec_buf, sizeof (mbpsec_buf), mbytes_per_sec); + + strncat (nsecpbyte_buf, " ns/B", sizeof (nsecpbyte_buf) - 1); + strncat (mbpsec_buf, " MiB/s", sizeof (mbpsec_buf) - 1); + strncat (cpbyte_buf, " c/B", sizeof (cpbyte_buf) - 1); + + printf ("%14s %15s %13s\n", nsecpbyte_buf, mbpsec_buf, cpbyte_buf); +} + +static void +bench_print_result (double nsecs_per_byte) +{ + if (csv_mode) + bench_print_result_csv (nsecs_per_byte); + else + bench_print_result_std (nsecs_per_byte); +} + +static void +bench_print_section (const char *section_name, const char *print_name) +{ + if (csv_mode) + { + gcry_free (current_section_name); + current_section_name = gcry_xstrdup (section_name); + } + else + printf ("%s:\n", print_name); +} + +static void +bench_print_header (int algo_width, const char *algo_name) +{ + if (csv_mode) + { + gcry_free (current_algo_name); + current_algo_name = gcry_xstrdup (algo_name); + } + else + { + if (algo_width < 0) + printf (" %-*s | ", -algo_width, algo_name); + else + printf (" %-*s | ", algo_width, algo_name); + printf ("%14s %15s %13s\n", "nanosecs/byte", "mebibytes/sec", + "cycles/byte"); + } +} + +static void +bench_print_algo (int algo_width, const char *algo_name) +{ + if (csv_mode) + { + gcry_free (current_algo_name); + current_algo_name = gcry_xstrdup (algo_name); + } + else + { + if (algo_width < 0) + printf (" %-*s | ", -algo_width, algo_name); + else + printf (" %-*s | ", algo_width, algo_name); + } +} + +static void +bench_print_mode (int width, const char *mode_name) +{ + if (csv_mode) + { + gcry_free (current_mode_name); + current_mode_name = gcry_xstrdup (mode_name); + } + else + { + if (width < 0) + printf (" %-*s | ", -width, mode_name); + else + printf (" %*s | ", width, mode_name); + fflush (stdout); + } +} + +static void +bench_print_footer (int algo_width) +{ + if (!csv_mode) + printf (" %-*s =\n", algo_width, ""); +} + + +/********************************************************* Cipher benchmarks. */ + +struct bench_cipher_mode +{ + int mode; + const char *name; + struct bench_ops *ops; + + int algo; +}; + + +static int +bench_encrypt_init (struct bench_obj *obj) +{ + struct bench_cipher_mode *mode = obj->priv; + gcry_cipher_hd_t hd; + int err, keylen; + + obj->min_bufsize = BUF_START_SIZE; + obj->max_bufsize = BUF_END_SIZE; + obj->step_size = BUF_STEP_SIZE; + obj->num_measure_repetitions = num_measurement_repetitions; + + err = gcry_cipher_open (&hd, mode->algo, mode->mode, 0); + if (err) + { + fprintf (stderr, PGM ": error opening cipher `%s'\n", + gcry_cipher_algo_name (mode->algo)); + exit (1); + } + + keylen = gcry_cipher_get_algo_keylen (mode->algo); + if (keylen) + { + char key[keylen]; + int i; + + for (i = 0; i < keylen; i++) + key[i] = 0x33 ^ (11 - i); + + err = gcry_cipher_setkey (hd, key, keylen); + if (err) + { + fprintf (stderr, PGM ": gcry_cipher_setkey failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } + } + else + { + fprintf (stderr, PGM ": failed to get key length for algorithm `%s'\n", + gcry_cipher_algo_name (mode->algo)); + gcry_cipher_close (hd); + exit (1); + } + + obj->priv = hd; + + return 0; +} + +static void +bench_encrypt_free (struct bench_obj *obj) +{ + gcry_cipher_hd_t hd = obj->priv; + + gcry_cipher_close (hd); +} + +static void +bench_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) +{ + gcry_cipher_hd_t hd = obj->priv; + int err; + + err = gcry_cipher_encrypt (hd, buf, buflen, buf, buflen); + if (err) + { + fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } +} + +static void +bench_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) +{ + gcry_cipher_hd_t hd = obj->priv; + int err; + + err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen); + if (err) + { + fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } +} + +static struct bench_ops encrypt_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_encrypt_do_bench +}; + +static struct bench_ops decrypt_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_decrypt_do_bench +}; + + + +static struct bench_cipher_mode cipher_modes[] = { + {GCRY_CIPHER_MODE_ECB, "ECB enc", &encrypt_ops}, + {GCRY_CIPHER_MODE_ECB, "ECB dec", &decrypt_ops}, + {GCRY_CIPHER_MODE_CBC, "CBC enc", &encrypt_ops}, + {GCRY_CIPHER_MODE_CBC, "CBC dec", &decrypt_ops}, + {GCRY_CIPHER_MODE_CFB, "CFB enc", &encrypt_ops}, + {GCRY_CIPHER_MODE_CFB, "CFB dec", &decrypt_ops}, + {GCRY_CIPHER_MODE_OFB, "OFB enc", &encrypt_ops}, + {GCRY_CIPHER_MODE_OFB, "OFB dec", &decrypt_ops}, + {GCRY_CIPHER_MODE_CTR, "CTR enc", &encrypt_ops}, + {GCRY_CIPHER_MODE_CTR, "CTR dec", &decrypt_ops}, + {0}, +}; + + +static void +cipher_bench_one (int algo, struct bench_cipher_mode *pmode) +{ + struct bench_cipher_mode mode = *pmode; + struct bench_obj obj = { 0 }; + double result; + unsigned int blklen; + + mode.algo = algo; + + /* Check if this mode is ok */ + blklen = gcry_cipher_get_algo_blklen (algo); + if (!blklen) + return; + + /* Stream cipher? Only test with ECB. */ + if (blklen == 1 && mode.mode != GCRY_CIPHER_MODE_ECB) + return; + if (blklen == 1 && mode.mode == GCRY_CIPHER_MODE_ECB) + { + mode.mode = GCRY_CIPHER_MODE_STREAM; + mode.name = mode.ops == &encrypt_ops ? "STREAM enc" : "STREAM dec"; + } + + bench_print_mode (14, mode.name); + + obj.ops = mode.ops; + obj.priv = &mode; + + result = do_slope_benchmark (&obj); + + bench_print_result (result); +} + + +static void +_cipher_bench (int algo) +{ + const char *algoname; + int i; + + algoname = gcry_cipher_algo_name (algo); + + bench_print_header (14, algoname); + + for (i = 0; cipher_modes[i].mode; i++) + cipher_bench_one (algo, &cipher_modes[i]); + + bench_print_footer (14); +} + + +void +cipher_bench (char **argv, int argc) +{ + int i, algo; + + bench_print_section ("cipher", "Cipher"); + + if (argv && argc) + { + for (i = 0; i < argc; i++) + { + algo = gcry_cipher_map_name (argv[i]); + if (algo) + _cipher_bench (algo); + } + } + else + { + for (i = 1; i < 400; i++) + if (!gcry_cipher_test_algo (i)) + _cipher_bench (i); + } +} + + +/*********************************************************** Hash benchmarks. */ + +struct bench_hash_mode +{ + const char *name; + struct bench_ops *ops; + + int algo; +}; + + +static int +bench_hash_init (struct bench_obj *obj) +{ + struct bench_hash_mode *mode = obj->priv; + gcry_md_hd_t hd; + int err; + + obj->min_bufsize = BUF_START_SIZE; + obj->max_bufsize = BUF_END_SIZE; + obj->step_size = BUF_STEP_SIZE; + obj->num_measure_repetitions = num_measurement_repetitions; + + err = gcry_md_open (&hd, mode->algo, 0); + if (err) + { + fprintf (stderr, PGM ": error opening hash `%s'\n", + gcry_md_algo_name (mode->algo)); + exit (1); + } + + obj->priv = hd; + + return 0; +} + +static void +bench_hash_free (struct bench_obj *obj) +{ + gcry_md_hd_t hd = obj->priv; + + gcry_md_close (hd); +} + +static void +bench_hash_do_bench (struct bench_obj *obj, void *buf, size_t buflen) +{ + gcry_md_hd_t hd = obj->priv; + + gcry_md_reset (hd); + gcry_md_write (hd, buf, buflen); + gcry_md_final (hd); +} + +static struct bench_ops hash_ops = { + &bench_hash_init, + &bench_hash_free, + &bench_hash_do_bench +}; + + +static struct bench_hash_mode hash_modes[] = { + {"", &hash_ops}, + {0}, +}; + + +static void +hash_bench_one (int algo, struct bench_hash_mode *pmode) +{ + struct bench_hash_mode mode = *pmode; + struct bench_obj obj = { 0 }; + double result; + + mode.algo = algo; + + if (mode.name[0] == '\0') + bench_print_algo (-14, gcry_md_algo_name (algo)); + else + bench_print_algo (14, mode.name); + + obj.ops = mode.ops; + obj.priv = &mode; + + result = do_slope_benchmark (&obj); + + bench_print_result (result); +} + +static void +_hash_bench (int algo) +{ + int i; + + for (i = 0; hash_modes[i].name; i++) + hash_bench_one (algo, &hash_modes[i]); +} + +void +hash_bench (char **argv, int argc) +{ + int i, algo; + + bench_print_section ("hash", "Hash"); + bench_print_header (14, ""); + + if (argv && argc) + { + for (i = 0; i < argc; i++) + { + algo = gcry_md_map_name (argv[i]); + if (algo) + _hash_bench (algo); + } + } + else + { + for (i = 1; i < 400; i++) + if (!gcry_md_test_algo (i)) + _hash_bench (i); + } + + bench_print_footer (14); +} + + +/************************************************************** Main program. */ + +void +print_help (void) +{ + static const char *help_lines[] = { + "usage: bench-slope [options] [hash|cipher [algonames]]", + "", + " options:", + " --cpu-mhz Set CPU speed for calculating cycles", + " per bytes results.", + " --disable-hwf Disable hardware acceleration feature(s)", + " for benchmarking.", + " --repetitions Use N repetitions (default " + STR2(NUM_MEASUREMENT_REPETITIONS) ")", + " --csv Use CSV output format", + NULL + }; + const char **line; + + for (line = help_lines; *line; line++) + fprintf (stdout, "%s\n", *line); +} + + +/* Warm up CPU. */ +static void +warm_up_cpu (void) +{ + struct nsec_time start, end; + + get_nsec_time (&start); + do + { + get_nsec_time (&end); + } + while (get_time_nsec_diff (&start, &end) < 1000.0 * 1000.0 * 1000.0); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + int debug = 0; + + num_measurement_repetitions = NUM_MEASUREMENT_REPETITIONS; + + if (argc) + { + argc--; + argv++; + } + + /* We skip this test if we are running under the test suite (no args + and srcdir defined) and GCRYPT_NO_BENCHMARKS is set. */ + if (!argc && getenv ("srcdir") && getenv ("GCRYPT_NO_BENCHMARKS")) + exit (77); + + while (argc && last_argc != argc) + { + last_argc = argc; + + if (!strcmp (*argv, "--")) + { + argc--; + argv++; + break; + } + else if (!strcmp (*argv, "--help")) + { + print_help (); + exit (0); + } + else if (!strcmp (*argv, "--verbose")) + { + verbose++; + argc--; + argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose += 2; + debug++; + argc--; + argv++; + } + else if (!strcmp (*argv, "--csv")) + { + csv_mode = 1; + argc--; + argv++; + } + else if (!strcmp (*argv, "--disable-hwf")) + { + argc--; + argv++; + if (argc) + { + if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL)) + fprintf (stderr, + PGM + ": unknown hardware feature `%s' - option ignored\n", + *argv); + argc--; + argv++; + } + } + else if (!strcmp (*argv, "--cpu-mhz")) + { + argc--; + argv++; + if (argc) + { + cpu_ghz = atof (*argv); + cpu_ghz /= 1000; /* Mhz => Ghz */ + + argc--; + argv++; + } + } + else if (!strcmp (*argv, "--repetitions")) + { + argc--; + argv++; + if (argc) + { + num_measurement_repetitions = atof (*argv); + if (num_measurement_repetitions < 2) + { + fprintf (stderr, + PGM + ": value for --repetitions too small - using %d\n", + NUM_MEASUREMENT_REPETITIONS); + num_measurement_repetitions = NUM_MEASUREMENT_REPETITIONS; + } + argc--; + argv++; + } + } + } + + gcry_control (GCRYCTL_SET_VERBOSITY, (int) verbose); + + if (!gcry_check_version (GCRYPT_VERSION)) + { + fprintf (stderr, PGM ": version mismatch; pgm=%s, library=%s\n", + GCRYPT_VERSION, gcry_check_version (NULL)); + exit (1); + } + + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + + if (!argc) + { + warm_up_cpu (); + hash_bench (NULL, 0); + cipher_bench (NULL, 0); + } + else if (!strcmp (*argv, "hash")) + { + argc--; + argv++; + + warm_up_cpu (); + hash_bench ((argc == 0) ? NULL : argv, argc); + } + else if (!strcmp (*argv, "cipher")) + { + argc--; + argv++; + + warm_up_cpu (); + cipher_bench ((argc == 0) ? NULL : argv, argc); + } + else + { + fprintf (stderr, PGM ": unknown argument: %s\n", *argv); + print_help (); + } + + return 0; +} + +#endif /* !NO_GET_NSEC_TIME */ ----------------------------------------------------------------------- Summary of changes: tests/Makefile.am | 2 +- tests/bench-slope.c | 1148 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1149 insertions(+), 1 deletion(-) create mode 100644 tests/bench-slope.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 9 09:10:13 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Dec 2013 09:10:13 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-424-g2e5354f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2e5354fe8db5288939733d0fb63ad4c87bc20105 (commit) from 8072e9fa4b42ae8e65e266aa158fd903f1bb0927 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2e5354fe8db5288939733d0fb63ad4c87bc20105 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 tests: Speed up benchmarks in regression test mode. * tests/tsexp.c (check_extract_param): Fix compiler warning. * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST. * tests/bench-slope.c (main): Speed up if in regression test mode. * tests/benchmark.c (main): Ditto. Signed-off-by: Werner Koch diff --git a/tests/Makefile.am b/tests/Makefile.am index 87283f9..3fb9fd6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -23,10 +23,11 @@ TESTS = version mpitests tsexp t-convert \ prime basic keygen pubkey hmac hashtest t-kdf keygrip \ fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 t-ed25519 - # The last tests to run. TESTS += benchmark bench-slope +TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1 + # Need to include ../src in addition to top_srcdir because gcrypt.h is # a built header. diff --git a/tests/bench-slope.c b/tests/bench-slope.c index 79314c3..219e0dd 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -48,6 +48,9 @@ static int num_measurement_repetitions; results. */ static double cpu_ghz = -1; +/* Whether we are running as part of the regression test suite. */ +static int in_regression_test; + /* The name of the currently printed section. */ static char *current_section_name; /* The name of the currently printed algorithm. */ @@ -1453,8 +1456,6 @@ main (int argc, char **argv) int last_argc = -1; int debug = 0; - num_measurement_repetitions = NUM_MEASUREMENT_REPETITIONS; - if (argc) { argc--; @@ -1466,6 +1467,14 @@ main (int argc, char **argv) if (!argc && getenv ("srcdir") && getenv ("GCRYPT_NO_BENCHMARKS")) exit (77); + if (getenv ("GCRYPT_IN_REGRESSION_TEST")) + { + in_regression_test = 1; + num_measurement_repetitions = 2; + } + else + num_measurement_repetitions = NUM_MEASUREMENT_REPETITIONS; + while (argc && last_argc != argc) { last_argc = argc; @@ -1565,6 +1574,9 @@ main (int argc, char **argv) gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + if (in_regression_test) + fputs ("Note: " PGM " running in quick regression test mode.\n", stdout); + if (!argc) { warm_up_cpu (); diff --git a/tests/benchmark.c b/tests/benchmark.c index 3f44e33..62dfc22 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -59,6 +59,9 @@ static int cipher_with_keysetup; /* Whether fips mode was active at startup. */ static int in_fips_mode; +/* Whether we are running as part of the regression test suite. */ +static int in_regression_test; + static const char sample_private_dsa_key_1024[] = "(private-key\n" @@ -266,6 +269,7 @@ die (const char *format, ...) exit (1); } + static void show_sexp (const char *prefix, gcry_sexp_t a) { @@ -1301,6 +1305,12 @@ main( int argc, char **argv ) if (!argc && getenv ("srcdir") && getenv ("GCRYPT_NO_BENCHMARKS")) exit (77); + if (getenv ("GCRYPT_IN_REGRESSION_TEST")) + { + in_regression_test = 1; + pk_count = 10; + } + while (argc && last_argc != argc ) { last_argc = argc; @@ -1473,6 +1483,9 @@ main( int argc, char **argv ) if (mac_repetitions < 1) mac_repetitions = 1; + if (in_regression_test) + fputs ("Note: " PGM " running in quick regression test mode.\n", stdout); + if ( !argc ) { gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); diff --git a/tests/tsexp.c b/tests/tsexp.c index 2f6ad8f..1ab9802 100644 --- a/tests/tsexp.c +++ b/tests/tsexp.c @@ -1022,7 +1022,8 @@ check_extract_param (void) { fail ("gcry_sexp_extract_param long name failed: curve mismatch"); gcry_log_debug ("expected: %s\n", "Ed25519"); - gcry_log_debug (" got: %.*s\n", (int)ioarray[0].len, ioarray[0].data); + gcry_log_debug (" got: %.*s\n", + (int)ioarray[0].len, (char*)ioarray[0].data); } if (!mpis[0]) ----------------------------------------------------------------------- Summary of changes: tests/Makefile.am | 3 ++- tests/bench-slope.c | 16 ++++++++++++++-- tests/benchmark.c | 13 +++++++++++++ tests/tsexp.c | 3 ++- 4 files changed, 31 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 9 19:59:44 2013 From: cvs at cvs.gnupg.org (by David 'Digit' Turner) Date: Mon, 09 Dec 2013 19:59:44 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-425-g2516f0b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2516f0b660b1a7181ad38c44310c627f4f498595 (commit) from 2e5354fe8db5288939733d0fb63ad4c87bc20105 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2516f0b660b1a7181ad38c44310c627f4f498595 Author: David 'Digit' Turner Date: Tue Oct 22 14:26:53 2013 +0200 Update libtool to support Android. * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool repository. -- The patch, which cleanly applies, is commit 8eeeb00daef8c4f720c9b79a0cdb89225d9909b6 Author: David 'Digit' Turner Date: Tue Oct 8 14:37:32 2013 -0700 This patch adds proper Android support to libtool. The main issues are the following: - Versioned libraries are not supported by the platform and its build/packaging tools. - The dynamic linker is not GNU ld, there is no support for DT_RUNPATH. - Similarly, there is no ldconfig. Signed-off-by: Werner Koch diff --git a/m4/libtool.m4 b/m4/libtool.m4 index f0a2752..1d62b05 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -2644,6 +2644,26 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor ----------------------------------------------------------------------- Summary of changes: m4/libtool.m4 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 9 20:11:45 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Dec 2013 20:11:45 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.12-6-g0b192cf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 0b192cff772bd416dc85b8140b9eb0d52e4175dd (commit) via bf0d67dbfa4161e529781d6dfbfcce7126c3bf22 (commit) from b70a430d020e8541f66cca38c00355bab7bb1017 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b192cff772bd416dc85b8140b9eb0d52e4175dd Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Add build support for ppc64le. * config.guess, config.sub: Update to latest version (2013-11-29). * m4/libtool.m4: Add patches for ppc64le. -- We don't want to update libtool, thus we a simple libtool patch supplied by IBM. Signed-off-by: Werner Koch diff --git a/config.guess b/config.guess index f475ceb..9afd676 100755 --- a/config.guess +++ b/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2013-02-12' +timestamp='2013-11-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -132,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -853,21 +874,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -880,59 +901,54 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -951,57 +967,63 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1234,19 +1256,31 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) diff --git a/config.sub b/config.sub index 872199a..61cb4bc 100755 --- a/config.sub +++ b/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2013-02-12' +timestamp='2013-10-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -252,12 +252,12 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc \ + | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ @@ -265,6 +265,7 @@ case $basic_machine in | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ @@ -324,7 +325,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -366,13 +367,13 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -381,6 +382,7 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ @@ -794,7 +796,7 @@ case $basic_machine in os=-mingw64 ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -830,7 +832,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1546,6 +1548,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; hexagon-*) os=-elf ;; diff --git a/m4/libtool.m4 b/m4/libtool.m4 index 259d597..1d62b05 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -1326,7 +1326,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1345,7 +1348,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) commit bf0d67dbfa4161e529781d6dfbfcce7126c3bf22 Author: David 'Digit' Turner Date: Tue Oct 22 14:26:53 2013 +0200 Update libtool to support Android. * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool repository. -- The patch, which cleanly applies, is commit 8eeeb00daef8c4f720c9b79a0cdb89225d9909b6 Author: David 'Digit' Turner Date: Tue Oct 8 14:37:32 2013 -0700 This patch adds proper Android support to libtool. The main issues are the following: - Versioned libraries are not supported by the platform and its build/packaging tools. - The dynamic linker is not GNU ld, there is no support for DT_RUNPATH. - Similarly, there is no ldconfig. Signed-off-by: Werner Koch diff --git a/m4/libtool.m4 b/m4/libtool.m4 index ff871a0..259d597 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -2638,6 +2638,26 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor ----------------------------------------------------------------------- Summary of changes: config.guess | 150 +++++++++++++++++++++++++++++++++++---------------------- config.sub | 21 +++++--- m4/libtool.m4 | 30 +++++++++++- 3 files changed, 133 insertions(+), 68 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 9 20:30:07 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Dec 2013 20:30:07 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-426-g9a37470 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9a37470c50ee9966cb2652617a404ddd54a9c096 (commit) from 2516f0b660b1a7181ad38c44310c627f4f498595 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9a37470c50ee9966cb2652617a404ddd54a9c096 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Fix one-off memory leak when build with Linux capability support. * src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by Mike Crowe . Signed-off-by: Werner Koch diff --git a/src/secmem.c b/src/secmem.c index c350bc9..fd2cdf4 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -243,11 +243,20 @@ lock_pool (void *p, size_t n) #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) int err; - cap_set_proc (cap_from_text ("cap_ipc_lock+ep")); - err = no_mlock? 0 : mlock (p, n); - if (err && errno) - err = errno; - cap_set_proc (cap_from_text ("cap_ipc_lock+p")); + { + cap_t cap; + + cap = cap_from_text ("cap_ipc_lock+ep"); + cap_set_proc (cap); + cap_free (cap); + err = no_mlock? 0 : mlock (p, n); + if (err && errno) + err = errno; + cap_set_proc (cap_from_text ("cap_ipc_lock+p")); + cap = cap_from_text ("cap_ipc_lock+p"); + cap_set_proc (cap); + cap_free(cap); + } if (err) { @@ -474,7 +483,13 @@ secmem_init (size_t n) { #ifdef USE_CAPABILITIES /* drop all capabilities */ - cap_set_proc (cap_from_text ("all-eip")); + { + cap_t cap; + + cap = cap_from_text ("all-eip"); + cap_set_proc (cap); + cap_free (cap); + } #elif !defined(HAVE_DOSISH_SYSTEM) uid_t uid; ----------------------------------------------------------------------- Summary of changes: src/secmem.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 10 08:30:41 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 10 Dec 2013 08:30:41 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-427-geae1e77 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via eae1e7712e1b687bd77eb37d0eb505fc9d46d93c (commit) from 9a37470c50ee9966cb2652617a404ddd54a9c096 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eae1e7712e1b687bd77eb37d0eb505fc9d46d93c Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Fix last commit (9a37470c) * src/secmem.c (lock_pool): Remove remaining line. Reported by Ian Goldberg. diff --git a/src/secmem.c b/src/secmem.c index fd2cdf4..2bf7d8c 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -252,7 +252,6 @@ lock_pool (void *p, size_t n) err = no_mlock? 0 : mlock (p, n); if (err && errno) err = errno; - cap_set_proc (cap_from_text ("cap_ipc_lock+p")); cap = cap_from_text ("cap_ipc_lock+p"); cap_set_proc (cap); cap_free(cap); ----------------------------------------------------------------------- Summary of changes: src/secmem.c | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 10 15:03:21 2013 From: cvs at cvs.gnupg.org (by David 'Digit' Turner) Date: Tue, 10 Dec 2013 15:03:21 +0100 Subject: [git] KSBA - branch, master, updated. libksba-1.3.0-6-gd69cde4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via d69cde444b2a4b106b4d8c6857efe7d5e8ce18fc (commit) via a34986a19b2d597cfa3fac099abe243ce1a896a5 (commit) via ab3fe5dccd5bd814f9e2db943380b28598f8cb7a (commit) from 7b9662f2bf28feb575c4b2b181d88ca61ad43d53 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d69cde444b2a4b106b4d8c6857efe7d5e8ce18fc Author: David 'Digit' Turner Date: Tue Oct 22 14:26:53 2013 +0200 Update libtool to support Android. * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool repository. -- The patch, which cleanly applies, is commit 8eeeb00daef8c4f720c9b79a0cdb89225d9909b6 Author: David 'Digit' Turner Date: Tue Oct 8 14:37:32 2013 -0700 This patch adds proper Android support to libtool. The main issues are the following: - Versioned libraries are not supported by the platform and its build/packaging tools. - The dynamic linker is not GNU ld, there is no support for DT_RUNPATH. - Similarly, there is no ldconfig. Signed-off-by: Werner Koch diff --git a/m4/libtool.m4 b/m4/libtool.m4 index fb2f249..3e5f199 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -2644,6 +2644,26 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor commit a34986a19b2d597cfa3fac099abe243ce1a896a5 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Add build support for ppc64le. * config.guess, config.sub: Update to latest version (2013-11-29). * m4/libtool.m4: Add patches for ppc64le. -- We don't want to update libtool, thus we use patches supplied by IBM. Signed-off-by: Werner Koch diff --git a/config.guess b/config.guess index ad5f74a..9afd676 100755 --- a/config.guess +++ b/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-07-31' +timestamp='2013-11-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,19 +20,17 @@ timestamp='2012-07-31' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches with a ChangeLog entry to config-patches at gnu.org. + me=`echo "$0" | sed -e 's,.*/,,'` @@ -54,9 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -306,7 +321,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -859,21 +874,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -886,59 +901,54 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -957,54 +967,63 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; + or1k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1208,6 +1227,9 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1234,19 +1256,31 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) diff --git a/config.sub b/config.sub index b15df57..61cb4bc 100755 --- a/config.sub +++ b/config.sub @@ -1,24 +1,18 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-07-31' +timestamp='2013-10-01' -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -26,11 +20,12 @@ timestamp='2012-07-31' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches with a ChangeLog entry to config-patches at gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -73,9 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +116,7 @@ esac maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) @@ -156,7 +149,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -259,10 +252,12 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ @@ -270,10 +265,11 @@ case $basic_machine in | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -291,16 +287,17 @@ case $basic_machine in | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 \ - | or32 \ + | or1k | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -328,7 +325,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -370,13 +367,13 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -385,11 +382,13 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -407,12 +406,13 @@ case $basic_machine in | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ @@ -788,7 +788,7 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; mingw64) @@ -796,7 +796,7 @@ case $basic_machine in os=-mingw64 ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -832,7 +832,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1023,7 +1023,11 @@ case $basic_machine in basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1350,7 +1354,7 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1364,7 +1368,7 @@ case $os in | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1496,9 +1500,6 @@ case $os in -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1547,6 +1548,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; hexagon-*) os=-elf ;; @@ -1590,6 +1594,9 @@ case $basic_machine in mips*-*) os=-elf ;; + or1k-*) + os=-elf + ;; or32-*) os=-coff ;; diff --git a/m4/libtool.m4 b/m4/libtool.m4 index 4bedbd3..fb2f249 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -1326,7 +1326,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1345,7 +1348,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) commit ab3fe5dccd5bd814f9e2db943380b28598f8cb7a Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Fix duplicate definition of TRUE and FALSE in grammar file. * src/asn1-parse.y (YYPRINT): Define. (%token-table): Define. (TRUE,FALSE,BOOLEAN): Prefix these tokens with "ksba_" to avoid name conflicts. (key_word, key_word_token): Remove arrays. (%token): Add literal strings to almost all tokens. (yylex): Use yytname array for keyword lookup. -- On AIX header file defines TRUE and FALSE when _ALL_SOURCE is defined, leading to a macro redefinition error. The fix for this problem is straightforward. To make future changes easier I also remove the duplicate definition of the keywords. It is much easier to use the list of keywords already known to Bison. GnuPG-bug-id: 1574 diff --git a/src/asn1-parse.y b/src/asn1-parse.y index eedaa0a..2f739c0 100755 --- a/src/asn1-parse.y +++ b/src/asn1-parse.y @@ -63,10 +63,14 @@ this. Let's hope that this macros works. */ #define yyparse _ksba_asn1_yyparse -/*#define YYDEBUG 1*/ -#define YYERROR_VERBOSE = 1 +/* #define YYDEBUG 1 */ +#define YYERROR_VERBOSE 1 #define MAX_STRING_LENGTH 129 +/* Dummy print so that yytoknum will be defined. */ +#define YYPRINT(F, N, L) do { } while (0); + + /* constants used in the grammar */ enum { CONST_EXPLICIT = 1, @@ -112,51 +116,52 @@ static int yylex (YYSTYPE *lvalp, void *parm); static void yyerror (const char *s); %} -%token ASSIG "::=" +%token-table + +%token ASSIG "::=" %token NUM %token IDENTIFIER -%token OPTIONAL -%token INTEGER -%token SIZE -%token OCTET -%token STRING -%token SEQUENCE -%token BIT -%token UNIVERSAL -%token PRIVATE -%token APPLICATION -%token OPTIONAL -%token DEFAULT -%token CHOICE -%token OF -%token OBJECT -%token STR_IDENTIFIER -%token BOOLEAN -%token TRUE -%token FALSE -%token TOKEN_NULL -%token ANY -%token DEFINED -%token BY -%token SET -%token EXPLICIT -%token IMPLICIT -%token DEFINITIONS -%token TAGS -%token BEGIN -%token END -%token UTCTime -%token GeneralizedTime -%token FROM -%token IMPORTS -%token ENUMERATED -%token UTF8STRING -%token NUMERICSTRING -%token PRINTABLESTRING -%token TELETEXSTRING -%token IA5STRING -%token UNIVERSALSTRING -%token BMPSTRING +%token OPTIONAL "OPTIONAL" +%token INTEGER "INTEGER" +%token SIZE "SIZE" +%token OCTET "OCTET" +%token STRING "STRING" +%token SEQUENCE "SEQUENCE" +%token BIT "BIT" +%token UNIVERSAL "UNIVERSAL" +%token PRIVATE "PRIVATE" +%token DEFAULT "DEFAULT" +%token CHOICE "CHOICE" +%token OF "OF" +%token OBJECT "OBJECT" +%token STR_IDENTIFIER "IDENTIFIER" +%token ksba_BOOLEAN "BOOLEAN" +%token ksba_TRUE "TRUE" +%token ksba_FALSE "FALSE" +%token APPLICATION "APPLICATION" +%token ANY "ANY" +%token DEFINED "DEFINED" +%token SET "SET" +%token BY "BY" +%token EXPLICIT "EXPLICIT" +%token IMPLICIT "IMPLICIT" +%token DEFINITIONS "DEFINITIONS" +%token TAGS "TAGS" +%token ksba_BEGIN "BEGIN" +%token ksba_END "END" +%token UTCTime "UTCTime" +%token GeneralizedTime "GeneralizedTime" +%token FROM "FROM" +%token IMPORTS "IMPORTS" +%token TOKEN_NULL "NULL" +%token ENUMERATED "ENUMERATED" +%token UTF8STRING "UTF8String" +%token NUMERICSTRING "NumericString" +%token PRINTABLESTRING "PrintableString" +%token TELETEXSTRING "TeletexString" +%token IA5STRING "IA5String" +%token UNIVERSALSTRING "UniversalString" +%token BMPSTRING "BMPString" @@ -301,12 +306,12 @@ default : DEFAULT pos_neg_identifier $$ = NEW_NODE (TYPE_DEFAULT); set_str_value ($$, $2); } - | DEFAULT TRUE + | DEFAULT ksba_TRUE { $$ = NEW_NODE (TYPE_DEFAULT); $$->flags.is_true = 1; } - | DEFAULT FALSE + | DEFAULT ksba_FALSE { $$ = NEW_NODE (TYPE_DEFAULT); $$->flags.is_false = 1; @@ -334,7 +339,7 @@ integer_def: INTEGER } ; -boolean_def: BOOLEAN +boolean_def: ksba_BOOLEAN { $$ = NEW_NODE (TYPE_BOOLEAN); } @@ -718,8 +723,8 @@ explicit_implicit : EXPLICIT { $$ = CONST_EXPLICIT; } ; definitions: definitions_id - DEFINITIONS explicit_implicit TAGS "::=" BEGIN imports_def - type_constant_list END + DEFINITIONS explicit_implicit TAGS "::=" ksba_BEGIN imports_def + type_constant_list ksba_END { AsnNode node; @@ -755,29 +760,6 @@ definitions: definitions_id %% -const char *key_word[]={ - "::=","OPTIONAL","INTEGER","SIZE","OCTET","STRING" - ,"SEQUENCE","BIT","UNIVERSAL","PRIVATE","OPTIONAL" - ,"DEFAULT","CHOICE","OF","OBJECT","IDENTIFIER" - ,"BOOLEAN","TRUE","FALSE","APPLICATION","ANY","DEFINED" - ,"SET","BY","EXPLICIT","IMPLICIT","DEFINITIONS","TAGS" - ,"BEGIN","END","UTCTime","GeneralizedTime","FROM" - ,"IMPORTS","NULL","ENUMERATED" - ,"UTF8String","NumericString","PrintableString","TeletexString" - ,"IA5String","UniversalString","BMPString" -}; -const int key_word_token[]={ - ASSIG,OPTIONAL,INTEGER,SIZE,OCTET,STRING - ,SEQUENCE,BIT,UNIVERSAL,PRIVATE,OPTIONAL - ,DEFAULT,CHOICE,OF,OBJECT,STR_IDENTIFIER - ,BOOLEAN,TRUE,FALSE,APPLICATION,ANY,DEFINED - ,SET,BY,EXPLICIT,IMPLICIT,DEFINITIONS,TAGS - ,BEGIN,END,UTCTime,GeneralizedTime,FROM - ,IMPORTS,TOKEN_NULL,ENUMERATED - ,UTF8STRING,NUMERICSTRING,PRINTABLESTRING,TELETEXSTRING - ,IA5STRING,UNIVERSALSTRING,BMPSTRING -}; - /*************************************************************/ /* Function: yylex */ @@ -790,6 +772,7 @@ yylex (YYSTYPE *lvalp, void *parm) { int c,counter=0,k; char string[MAX_STRING_LENGTH]; + size_t len; FILE *fp = PARSECTL->fp; if (!PARSECTL->lineno) @@ -866,15 +849,13 @@ yylex (YYSTYPE *lvalp, void *parm) } /* Is STRING a keyword? */ - for (k=0; k<(sizeof(key_word)/sizeof(char*));k++ ) + len = strlen (string); + for (k = 0; k < YYNTOKENS; k++) { - if (!strcmp(string,key_word[k])) - { - if (PARSECTL->debug) - fprintf (stderr,"%d: yylex found keyword `%s'\n", - PARSECTL->lineno, string); - return key_word_token[k]; - } + if (yytname[k] && yytname[k][0] == '\"' + && !strncmp (yytname[k] + 1, string, len) + && yytname[k][len + 1] == '\"' && !yytname[k][len + 2]) + return yytoknum[k]; } /* STRING is an IDENTIFIER */ @@ -1017,7 +998,7 @@ ksba_asn_parse_file (const char *file_name, ksba_asn_tree_t *result, int debug) parsectl.result_parse = gpg_error (GPG_ERR_SYNTAX); parsectl.parse_tree = NULL; parsectl.all_nodes = NULL; - /*yydebug = 1;*/ + /* yydebug = 1; */ if ( yyparse ((void*)&parsectl) || parsectl.result_parse ) { /* error */ fprintf (stderr, "%s:%d: parse error\n", ----------------------------------------------------------------------- Summary of changes: config.guess | 182 ++++++++++++++++++++++++++++++++---------------------- config.sub | 93 +++++++++++++++------------- m4/libtool.m4 | 30 ++++++++- src/asn1-parse.y | 145 +++++++++++++++++++------------------------ 4 files changed, 249 insertions(+), 201 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 11 10:35:45 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Dec 2013 10:35:45 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-15-g3ae90ff Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 3ae90ff28c500967cb90b1176299d2ca01ef450f (commit) from d04399a6a8b36a7fea92c304aa7309956a2e352b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3ae90ff28c500967cb90b1176299d2ca01ef450f Author: Werner Koch Date: Wed Dec 11 10:20:15 2013 +0100 gpg: Change --show-session-key to print the session key earlier. * g10/cpr.c (write_status_strings): New. (write_status_text): Replace code by a call to write_status_strings. * g10/mainproc.c (proc_encrypted): Remove show_session_key code. * g10/decrypt-data.c (decrypt_data): Add new show_session_key code. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch (cherry picked from commit 101a54add351ff62793cbfbf3877787c4791f833) Resolved Conflicts: doc/DETAILS - removed g10/cpr.c - replace estream fucntion by stdio. g10/mainproc.c - Adjust for changed calling convention. diff --git a/g10/cpr.c b/g10/cpr.c index 1533ac6..0fc45b1 100644 --- a/g10/cpr.c +++ b/g10/cpr.c @@ -1,4 +1,4 @@ -/* status.c - Status message and command-fd interface +/* status.c - Status message and command-fd interface * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, * 2004, 2005, 2006 Free Software Foundation, Inc. * @@ -75,13 +75,13 @@ status_currently_allowed (int no) prompt the user. */ switch (no) { - case STATUS_GET_BOOL: - case STATUS_GET_LINE: - case STATUS_GET_HIDDEN: - case STATUS_GOT_IT: + case STATUS_GET_BOOL: + case STATUS_GET_LINE: + case STATUS_GET_HIDDEN: + case STATUS_GOT_IT: case STATUS_IMPORTED: - case STATUS_IMPORT_OK: - case STATUS_IMPORT_CHECK: + case STATUS_IMPORT_OK: + case STATUS_IMPORT_CHECK: case STATUS_IMPORT_RES: return 1; /* Yes. */ default: @@ -102,7 +102,7 @@ set_status_fd ( int fd ) if ( statusfp && statusfp != stdout && statusfp != stderr ) fclose (statusfp); statusfp = NULL; - if ( fd == -1 ) + if ( fd == -1 ) return; if( fd == 1 ) @@ -132,28 +132,50 @@ write_status ( int no ) write_status_text( no, NULL ); } + +/* Write a status line with code NO followed by the string TEXT and + directly followed by the remaining strings up to a NULL. */ void -write_status_text ( int no, const char *text) +write_status_strings (int no, const char *text, ...) { - if( !statusfp || !status_currently_allowed (no) ) - return; /* Not enabled or allowed. */ + va_list arg_ptr; + const char *s; - fputs ( "[GNUPG:] ", statusfp ); - fputs ( get_status_string (no), statusfp ); - if( text ) { - putc ( ' ', statusfp ); - for (; *text; text++) { - if (*text == '\n') - fputs ( "\\n", statusfp ); - else if (*text == '\r') - fputs ( "\\r", statusfp ); - else - putc ( *(const byte *)text, statusfp ); + if (!statusfp || !status_currently_allowed (no) ) + return; /* Not enabled or allowed. */ + + fputs ("[GNUPG:] ", statusfp); + fputs (get_status_string (no), statusfp); + if ( text ) + { + putc ( ' ', statusfp); + va_start (arg_ptr, text); + s = text; + do + { + for (; *s; s++) + { + if (*s == '\n') + fputs ("\\n", statusfp); + else if (*s == '\r') + fputs ("\\r", statusfp); + else + fputc (*(const byte *)s, statusfp); + } } + while ((s = va_arg (arg_ptr, const char*))); + va_end (arg_ptr); } - putc ('\n',statusfp); - if ( fflush (statusfp) && opt.exit_on_status_write_error ) - g10_exit (0); + putc ('\n', statusfp); + if (fflush (statusfp) && opt.exit_on_status_write_error) + g10_exit (0); +} + + +void +write_status_text (int no, const char *text) +{ + write_status_strings (no, text, NULL); } @@ -163,7 +185,7 @@ write_status_error (const char *where, int errcode) if (!statusfp || !status_currently_allowed (STATUS_ERROR)) return; /* Not enabled or allowed. */ - fprintf (statusfp, "[GNUPG:] %s %s %u\n", + fprintf (statusfp, "[GNUPG:] %s %s %u\n", get_status_string (STATUS_ERROR), where, gpg_err_code (errcode)); if (fflush (statusfp) && opt.exit_on_status_write_error) g10_exit (0); @@ -187,7 +209,7 @@ write_status_text_and_buffer ( int no, const char *string, if( !statusfp || !status_currently_allowed (no) ) return; /* Not enabled or allowed. */ - + if (wrap == -1) { lower_limit--; wrap = 0; @@ -212,8 +234,8 @@ write_status_text_and_buffer ( int no, const char *string, first = 0; } for (esc=0, s=buffer, n=len; n && !esc; s++, n-- ) { - if ( *s == '%' || *(const byte*)s <= lower_limit - || *(const byte*)s == 127 ) + if ( *s == '%' || *(const byte*)s <= lower_limit + || *(const byte*)s == 127 ) esc = 1; if ( wrap && ++count > wrap ) { dowrap=1; @@ -223,7 +245,7 @@ write_status_text_and_buffer ( int no, const char *string, if (esc) { s--; n++; } - if (s != buffer) + if (s != buffer) fwrite (buffer, s-buffer, 1, statusfp ); if ( esc ) { fprintf (statusfp, "%%%02X", *(const byte*)s ); @@ -257,7 +279,7 @@ write_status_begin_signing (gcry_md_hd_t md) char buf[100]; size_t buflen; int i; - + /* We use a hard coded list of possible algorithms. Using other algorithms than specified by OpenPGP does not make sense anyway. We do this out of performance reasons: Walking all @@ -270,7 +292,7 @@ write_status_begin_signing (gcry_md_hd_t md) if (i < 4 || i > 7) if ( gcry_md_is_enabled (md, i) && buflen < DIM(buf) ) { - snprintf (buf+buflen, DIM(buf) - buflen - 1, + snprintf (buf+buflen, DIM(buf) - buflen - 1, "%sH%d", buflen? " ":"",i); buflen += strlen (buf+buflen); } @@ -302,7 +324,7 @@ myread(int fd, void *buf, size_t count) raise (SIGHUP); /* no more input data */ #endif } - } + } return rc; } @@ -316,16 +338,16 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool ) { int i, len; char *string; - + if (statusfp != stdout) fflush (stdout); - + write_status_text (getbool? STATUS_GET_BOOL : hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword); - for (string = NULL, i = len = 200; ; i++ ) + for (string = NULL, i = len = 200; ; i++ ) { - if (i >= len-1 ) + if (i >= len-1 ) { char *save = string; len += 100; @@ -338,7 +360,7 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool ) /* Fixme: why not use our read_line function here? */ if ( myread( opt.command_fd, string+i, 1) != 1 || string[i] == '\n' ) break; - else if ( string[i] == CONTROL_D ) + else if ( string[i] == CONTROL_D ) { /* Found ETX - Cancel the line and return a sole ETX. */ string[0] = CONTROL_D; diff --git a/g10/encr-data.c b/g10/encr-data.c index ee988c9..105b105 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -104,6 +104,23 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) write_status_text (STATUS_DECRYPTION_INFO, buf); } + if (opt.show_session_key) + { + char numbuf[25]; + char *hexbuf; + + snprintf (numbuf, sizeof numbuf, "%d:", dek->algo); + hexbuf = bin2hex (dek->key, dek->keylen, NULL); + if (!hexbuf) + { + rc = gpg_error_from_syserror (); + goto leave; + } + log_info ("session key: '%s%s'\n", numbuf, hexbuf); + write_status_strings (STATUS_SESSION_KEY, numbuf, hexbuf, NULL); + xfree (hexbuf); + } + rc = openpgp_cipher_test_algo (dek->algo); if (rc) goto leave; diff --git a/g10/main.h b/g10/main.h index 4ec0f29..6876e0a 100644 --- a/g10/main.h +++ b/g10/main.h @@ -160,6 +160,8 @@ int is_status_enabled ( void ); void write_status ( int no ); void write_status_error (const char *where, int errcode); void write_status_text ( int no, const char *text ); +void write_status_strings (int no, const char *text, + ...) GNUPG_GCC_A_SENTINEL(0); void write_status_buffer ( int no, const char *buffer, size_t len, int wrap ); void write_status_text_and_buffer ( int no, const char *text, diff --git a/g10/mainproc.c b/g10/mainproc.c index 0387f8a..d399455 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -569,6 +569,7 @@ proc_encrypted( CTX c, PACKET *pkt ) } else if( !c->dek ) result = G10ERR_NO_SECKEY; + if( !result ) result = decrypt_data( c, pkt->pkt.encrypted, c->dek ); @@ -583,16 +584,6 @@ proc_encrypted( CTX c, PACKET *pkt ) write_status( STATUS_GOODMDC ); else if(!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); - if(opt.show_session_key) - { - int i; - char *buf = xmalloc ( c->dek->keylen*2 + 20 ); - sprintf ( buf, "%d:", c->dek->algo ); - for(i=0; i < c->dek->keylen; i++ ) - sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); - log_info( "session key: `%s'\n", buf ); - write_status_text ( STATUS_SESSION_KEY, buf ); - } } else if( result == G10ERR_BAD_SIGN ) { log_error(_("WARNING: encrypted message has been manipulated!\n")); ----------------------------------------------------------------------- Summary of changes: g10/cpr.c | 98 ++++++++++++++++++++++++++++++++++--------------------- g10/encr-data.c | 17 ++++++++++ g10/main.h | 2 ++ g10/mainproc.c | 11 +------ 4 files changed, 80 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 11 10:36:03 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Dec 2013 10:36:03 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-272-g101a54a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 101a54add351ff62793cbfbf3877787c4791f833 (commit) from 59207a86e5f40c77fed296b642bf76692e8eef65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 101a54add351ff62793cbfbf3877787c4791f833 Author: Werner Koch Date: Wed Dec 11 10:20:15 2013 +0100 gpg: Change --show-session-key to print the session key earlier. * g10/cpr.c (write_status_strings): New. (write_status_text): Replace code by a call to write_status_strings. * g10/mainproc.c (proc_encrypted): Remove show_session_key code. * g10/decrypt-data.c (decrypt_data): Add new show_session_key code. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index a52f51c..3f9e747 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -459,9 +459,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: *** SESSION_KEY : The session key used to decrypt the message. This message will - only be emitted when the special option --show-session-key is - used. The format is suitable to be passed to the option - --override-session-key + only be emitted if the option --show-session-key is used. The + format is suitable to be passed as value for the option + --override-session-key. It is not an indication that the + decryption will or has succeeded. *** BEGIN_ENCRYPTION Mark the start of the actual encryption process. diff --git a/g10/cpr.c b/g10/cpr.c index b84710d..988d211 100644 --- a/g10/cpr.c +++ b/g10/cpr.c @@ -139,9 +139,14 @@ write_status ( int no ) } +/* Write a status line with code NO followed by the string TEXT and + directly followed by the remaining strings up to a NULL. */ void -write_status_text (int no, const char *text) +write_status_strings (int no, const char *text, ...) { + va_list arg_ptr; + const char *s; + if (!statusfp || !status_currently_allowed (no) ) return; /* Not enabled or allowed. */ @@ -150,15 +155,22 @@ write_status_text (int no, const char *text) if ( text ) { es_putc ( ' ', statusfp); - for (; *text; text++) + va_start (arg_ptr, text); + s = text; + do { - if (*text == '\n') - es_fputs ("\\n", statusfp); - else if (*text == '\r') - es_fputs ("\\r", statusfp); - else - es_fputc ( *(const byte *)text, statusfp); + for (; *s; s++) + { + if (*s == '\n') + es_fputs ("\\n", statusfp); + else if (*s == '\r') + es_fputs ("\\r", statusfp); + else + es_fputc (*(const byte *)s, statusfp); + } } + while ((s = va_arg (arg_ptr, const char*))); + va_end (arg_ptr); } es_putc ('\n', statusfp); if (es_fflush (statusfp) && opt.exit_on_status_write_error) @@ -166,6 +178,12 @@ write_status_text (int no, const char *text) } +void +write_status_text (int no, const char *text) +{ + write_status_strings (no, text, NULL); +} + /* Wrte an ERROR status line using a full gpg-error error value. */ void write_status_error (const char *where, gpg_error_t err) diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index e219898..4ad47cb 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -106,6 +106,23 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) write_status_text (STATUS_DECRYPTION_INFO, buf); } + if (opt.show_session_key) + { + char numbuf[25]; + char *hexbuf; + + snprintf (numbuf, sizeof numbuf, "%d:", dek->algo); + hexbuf = bin2hex (dek->key, dek->keylen, NULL); + if (!hexbuf) + { + rc = gpg_error_from_syserror (); + goto leave; + } + log_info ("session key: '%s%s'\n", numbuf, hexbuf); + write_status_strings (STATUS_SESSION_KEY, numbuf, hexbuf, NULL); + xfree (hexbuf); + } + rc = openpgp_cipher_test_algo (dek->algo); if (rc) goto leave; diff --git a/g10/main.h b/g10/main.h index fd4e5e9..1b619e0 100644 --- a/g10/main.h +++ b/g10/main.h @@ -167,6 +167,8 @@ void write_status ( int no ); void write_status_error (const char *where, gpg_error_t err); void write_status_errcode (const char *where, int errcode); void write_status_text ( int no, const char *text ); +void write_status_strings (int no, const char *text, + ...) GNUPG_GCC_A_SENTINEL(0); void write_status_buffer ( int no, const char *buffer, size_t len, int wrap ); void write_status_text_and_buffer ( int no, const char *text, diff --git a/g10/mainproc.c b/g10/mainproc.c index bd5cac5..18fe7e7 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -570,6 +570,7 @@ proc_encrypted( CTX c, PACKET *pkt ) } else if( !c->dek ) result = G10ERR_NO_SECKEY; + if (!result) result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek ); @@ -584,16 +585,6 @@ proc_encrypted( CTX c, PACKET *pkt ) write_status( STATUS_GOODMDC ); else if(!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); - if(opt.show_session_key) - { - int i; - char *buf = xmalloc ( c->dek->keylen*2 + 20 ); - sprintf ( buf, "%d:", c->dek->algo ); - for(i=0; i < c->dek->keylen; i++ ) - sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); - log_info( "session key: '%s'\n", buf ); - write_status_text ( STATUS_SESSION_KEY, buf ); - } } else if( result == G10ERR_BAD_SIGN ) { glo_ctrl.lasterr = result; ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 7 ++++--- g10/cpr.c | 34 ++++++++++++++++++++++++++-------- g10/decrypt-data.c | 17 +++++++++++++++++ g10/main.h | 2 ++ g10/mainproc.c | 11 +---------- 5 files changed, 50 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 11 17:08:57 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Dec 2013 17:08:57 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-428-gcd548ba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via cd548ba2dc777b8b27d8d33182ba733c20222120 (commit) from eae1e7712e1b687bd77eb37d0eb505fc9d46d93c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cd548ba2dc777b8b27d8d33182ba733c20222120 Author: Werner Koch Date: Wed Dec 11 16:59:41 2013 +0100 random: Add a feature to close device file descriptors. * src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New. * src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds. * random/random.c (_gcry_random_close_fds): New. * random/random-csprng.c (_gcry_rngcsprng_close_fds): New. * random/random-fips.c (_gcry_rngfips_close_fds): New. * random/random-system.c (_gcry_rngsystem_close_fds): New. * random/rndlinux.c (open_device): Add arg retry. (_gcry_rndlinux_gather_random): Add mode to close open fds. * tests/random.c (check_close_random_device): New. (main): Call new test. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index ec853c9..4c95e8a 100644 --- a/NEWS +++ b/NEWS @@ -72,6 +72,7 @@ Noteworthy changes in version 1.6.0 (unreleased) GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYCTL_SET_PREFERRED_RNG_TYPE NEW. GCRYCTL_GET_CURRENT_RNG_TYPE NEW. + GCRYCTL_CLOSE_RANDOM_DEVICE NEW. GCRY_RNG_TYPE_STANDARD NEW. GCRY_RNG_TYPE_FIPS NEW. GCRY_RNG_TYPE_SYSTEM NEW. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 927634f..97dac1c 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -766,6 +766,14 @@ not an issue when using Linux (rndlinux driver), because this one guarantees to read full 16 bytes from /dev/urandom and thus there is no way for an attacker without kernel access to control these 16 bytes. + at item GCRYCTL_CLOSE_RANDOM_DEVICE; Arguments: none +Try to close the random device. If on Unix system you call fork(), +the child process does no call exec(), and you do not intend to use +Libgcrypt in the child, it might be useful to use this control code to +close the inherited file descriptors of the random device. If +Libgcrypt is later used again by the child, the device will be +re-opened. On non-Unix systems this control code is ignored. + @item GCRYCTL_SET_VERBOSITY; Arguments: int level This command sets the verbosity of the logging. A level of 0 disables all extra logging whereas positive numbers enable more verbose logging. @@ -1355,6 +1363,10 @@ values for @var{what} are defined: Not enough entropy is available. @var{total} holds the number of required bytes. + at item wait_dev_random +Waiting to re-open a random device. @var{total} gives the number of +seconds until the next try. + @item primegen Values for @var{printchar}: @table @code diff --git a/random/rand-internal.h b/random/rand-internal.h index f59a102..79b23ac 100644 --- a/random/rand-internal.h +++ b/random/rand-internal.h @@ -44,6 +44,7 @@ void _gcry_random_progress (const char *what, int printchar, /*-- random-csprng.c --*/ void _gcry_rngcsprng_initialize (int full); +void _gcry_rngcsprng_close_fds (void); void _gcry_rngcsprng_dump_stats (void); void _gcry_rngcsprng_secure_alloc (void); void _gcry_rngcsprng_enable_quick_gen (void); @@ -64,6 +65,7 @@ void _gcry_rngcsprng_fast_poll (void); /*-- random-fips.c --*/ void _gcry_rngfips_initialize (int full); +void _gcry_rngfips_close_fds (void); void _gcry_rngfips_dump_stats (void); int _gcry_rngfips_is_faked (void); gcry_error_t _gcry_rngfips_add_bytes (const void *buf, size_t buflen, @@ -89,6 +91,7 @@ void _gcry_rngfips_deinit_external_test (void *context); /*-- random-system.c --*/ void _gcry_rngsystem_initialize (int full); +void _gcry_rngsystem_close_fds (void); void _gcry_rngsystem_dump_stats (void); int _gcry_rngsystem_is_faked (void); gcry_error_t _gcry_rngsystem_add_bytes (const void *buf, size_t buflen, diff --git a/random/random-csprng.c b/random/random-csprng.c index 9921c4f..b6d7f66 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -154,7 +154,7 @@ static int allow_seed_file_update; static int secure_alloc; /* This function pointer is set to the actual entropy gathering - function during initailization. After initialization it is + function during initialization. After initialization it is guaranteed to point to function. (On systems without a random gatherer module a dummy function is used).*/ static int (*slow_gather_fnc)(void (*)(const void*, size_t, @@ -361,6 +361,20 @@ _gcry_rngcsprng_initialize (int full) } +/* Try to close the FDs of the random gather module. This is + currently only implemented for rndlinux. */ +void +_gcry_rngcsprng_close_fds (void) +{ + lock_pool (); +#if USE_RNDLINUX + _gcry_rndlinux_gather_random (NULL, 0, 0, 0); + pool_filled = 0; /* Force re-open on next use. */ +#endif + unlock_pool (); +} + + void _gcry_rngcsprng_dump_stats (void) { diff --git a/random/random-fips.c b/random/random-fips.c index c8100a2..6ee52f1 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -780,6 +780,19 @@ _gcry_rngfips_initialize (int full) } +/* Try to close the FDs of the random gather module. This is + currently only implemented for rndlinux. */ +void +_gcry_rngfips_close_fds (void) +{ + lock_rng (); +#if USE_RNDLINUX + _gcry_rndlinux_gather_random (NULL, 0, 0, 0); +#endif + unlock_rng (); +} + + /* Print some statistics about the RNG. */ void _gcry_rngfips_dump_stats (void) diff --git a/random/random-system.c b/random/random-system.c index 0ef9d24..3962ab8 100644 --- a/random/random-system.c +++ b/random/random-system.c @@ -193,6 +193,19 @@ _gcry_rngsystem_initialize (int full) } +/* Try to close the FDs of the random gather module. This is + currently only implemented for rndlinux. */ +void +_gcry_rngsystem_close_fds (void) +{ + lock_rng (); +#if USE_RNDLINUX + _gcry_rndlinux_gather_random (NULL, 0, 0, 0); +#endif + unlock_rng (); +} + + /* Print some statistics about the RNG. */ void _gcry_rngsystem_dump_stats (void) diff --git a/random/random.c b/random/random.c index 4679301..97018c4 100644 --- a/random/random.c +++ b/random/random.c @@ -165,6 +165,27 @@ _gcry_random_initialize (int full) } +/* If possible close file descriptors used by the RNG. */ +void +_gcry_random_close_fds (void) +{ + /* Note that we can't do that directly because each random system + has its own lock functions which need to be used for accessing + the entropy gatherer. */ + + if (fips_mode ()) + _gcry_rngfips_close_fds (); + else if (rng_types.standard) + _gcry_rngcsprng_close_fds (); + else if (rng_types.fips) + _gcry_rngfips_close_fds (); + else if (rng_types.system) + _gcry_rngsystem_close_fds (); + else + _gcry_rngcsprng_close_fds (); +} + + /* Return the current RNG type. IGNORE_FIPS_MODE is a flag used to skip the test for FIPS. This is useful, so that we are able to return the type of the RNG even before we have setup FIPS mode diff --git a/random/random.h b/random/random.h index aae07ab..2bc8cab 100644 --- a/random/random.h +++ b/random/random.h @@ -28,6 +28,7 @@ void _gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int), void _gcry_set_preferred_rng_type (int type); void _gcry_random_initialize (int full); +void _gcry_random_close_fds (void); int _gcry_get_rng_type (int ignore_fips_mode); void _gcry_random_dump_stats(void); void _gcry_secure_random_alloc(void); diff --git a/random/rndlinux.c b/random/rndlinux.c index b304cc9..21ea8c4 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -36,7 +36,7 @@ #include "g10lib.h" #include "rand-internal.h" -static int open_device ( const char *name ); +static int open_device (const char *name, int retry); static int @@ -54,15 +54,30 @@ set_cloexec_flag (int fd) /* - * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)). + * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it + * exists)). If RETRY is true, the function does not terminate with + * a fatal error but retries until it is able to reopen the device. */ static int -open_device ( const char *name ) +open_device (const char *name, int retry) { int fd; - fd = open ( name, O_RDONLY ); - if ( fd == -1 ) + if (retry) + _gcry_random_progress ("open_dev_random", 'X', 1, 0); + again: + fd = open (name, O_RDONLY); + if (fd == -1 && retry) + { + struct timeval tv; + + tv.tv_sec = 5; + tv.tv_usec = 0; + _gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec); + select (0, NULL, NULL, NULL, &tv); + goto again; + } + if (fd == -1) log_fatal ("can't open %s: %s\n", name, strerror(errno) ); if (set_cloexec_flag (fd)) @@ -84,6 +99,10 @@ open_device ( const char *name ) } +/* Note that the caller needs to make sure that this function is only + called by one thread at a time. The function returns 0 on success + or true on failure (in which case the caller will signal a fatal + error). */ int _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, enum random_origins), @@ -92,6 +111,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, { static int fd_urandom = -1; static int fd_random = -1; + static unsigned char ever_opened; int fd; int n; byte buffer[768]; @@ -101,6 +121,23 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int any_need_entropy = 0; int delay; + if (!add) + { + /* Special mode to close the descriptors. */ + if (fd_random != -1) + { + close (fd_random); + fd_random = -1; + } + if (fd_urandom != -1) + { + close (fd_urandom); + fd_urandom = -1; + } + return 0; + } + + /* First read from a hardware source. However let it account only for up to 50% of the requested bytes. */ n_hw = _gcry_rndhw_poll_slow (add, origin); @@ -109,17 +146,29 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, if (length > 1) length -= n_hw; - /* Open the requested device. */ + /* Open the requested device. The first time a device is to be + opened we fail with a fatal error if the device does not exists. + In case the device has ever been closed, further open requests + will however retry indefinitely. The rationale for this behaviour is + that we always require the device to be existent but want a more + graceful behaviour if the rarely needed close operation has been + used and the device needs to be re-opened later. */ if (level >= 2) { - if( fd_random == -1 ) - fd_random = open_device ( NAME_OF_DEV_RANDOM ); + if (fd_random == -1) + { + fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1)); + ever_opened |= 1; + } fd = fd_random; } else { - if( fd_urandom == -1 ) - fd_urandom = open_device ( NAME_OF_DEV_URANDOM ); + if (fd_urandom == -1) + { + fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2)); + ever_opened |= 2; + } fd = fd_urandom; } @@ -164,7 +213,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, log_error ("select() error: %s\n", strerror(errno)); if (!delay) delay = 1; /* Use 1 second if we encounter an error before - we have ever blocked. */ + we have ever blocked. */ continue; } } diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 53133bf..5c771e5 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -326,7 +326,8 @@ enum gcry_ctl_cmds GCRYCTL_GET_CURRENT_RNG_TYPE = 66, GCRYCTL_DISABLE_LOCKED_SECMEM = 67, GCRYCTL_DISABLE_PRIV_DROP = 68, - GCRYCTL_SET_CCM_LENGTHS = 69 + GCRYCTL_SET_CCM_LENGTHS = 69, + GCRYCTL_CLOSE_RANDOM_DEVICE = 70 }; /* Perform various operations defined by CMD. */ diff --git a/src/global.c b/src/global.c index 8521e58..8a5d310 100644 --- a/src/global.c +++ b/src/global.c @@ -540,6 +540,10 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) _gcry_use_random_daemon (!! va_arg (arg_ptr, int)); break; + case GCRYCTL_CLOSE_RANDOM_DEVICE: + _gcry_random_close_fds (); + break; + /* This command dumps information pertaining to the configuration of libgcrypt to the given stream. It may be used before the initialization has been finished but not diff --git a/tests/random.c b/tests/random.c index ccaa3f9..10bf646 100644 --- a/tests/random.c +++ b/tests/random.c @@ -270,6 +270,54 @@ check_nonce_forking (void) } +/* Check that a closed random device os re-opened if needed. */ +static void +check_close_random_device (void) +{ +#ifdef HAVE_W32_SYSTEM + if (verbose) + inf ("check_close_random_device skipped: not applicable on Windows\n"); +#else /*!HAVE_W32_SYSTEM*/ + pid_t pid; + int i, status; + char buf[4]; + + if (verbose) + inf ("checking that close_random_device works\n"); + + gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM); + if (verbose) + print_hex ("parent random: ", buf, sizeof buf); + + pid = fork (); + if (pid == (pid_t)(-1)) + die ("fork failed: %s\n", strerror (errno)); + if (!pid) + { + gcry_control (GCRYCTL_CLOSE_RANDOM_DEVICE, 0); + + /* The next call will re-open the device. */ + gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM); + if (verbose) + { + print_hex ("child random : ", buf, sizeof buf); + fflush (stdout); + } + _exit (0); + } + + while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR) + ; + if (i != (pid_t)(-1) + && WIFEXITED (status) && !WEXITSTATUS (status)) + ; + else + die ("child failed\n"); + +#endif /*!HAVE_W32_SYSTEM*/ +} + + static int rng_type (void) { @@ -529,6 +577,7 @@ main (int argc, char **argv) { check_forking (); check_nonce_forking (); + check_close_random_device (); } check_rng_type_switching (); ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + doc/gcrypt.texi | 12 ++++++++ random/rand-internal.h | 3 ++ random/random-csprng.c | 16 ++++++++++- random/random-fips.c | 13 +++++++++ random/random-system.c | 13 +++++++++ random/random.c | 21 ++++++++++++++ random/random.h | 1 + random/rndlinux.c | 71 ++++++++++++++++++++++++++++++++++++++++-------- src/gcrypt.h.in | 3 +- src/global.c | 4 +++ tests/random.c | 49 +++++++++++++++++++++++++++++++++ 12 files changed, 194 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 11 21:01:50 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Dec 2013 21:01:50 +0100 Subject: [git] gnupg-doc - branch, master, updated. 95fd5b9b4e5942d875f39b0b39cc44ece4f53992 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 95fd5b9b4e5942d875f39b0b39cc44ece4f53992 (commit) from bfb83263ceadce7eaf18dc2d2fdcfd48f2fb6c4f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95fd5b9b4e5942d875f39b0b39cc44ece4f53992 Author: Werner Koch Date: Wed Dec 11 21:00:01 2013 +0100 Add workarounds for macro regressions in org-mode 8. diff --git a/web/download/index.org b/web/download/index.org index 9b07567..6bf93ae 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -2,6 +2,9 @@ #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" #+macro: check_sig_note GnuPG distributions are signed. It is wise and more secure to check out for their [[integrity_check.org][integrity]]. +#+macro: ftpopen @@html:FTP@@ + * Download @@ -23,13 +26,13 @@ GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and S/MIME - | GnuPG {{{gnupg_ver}}} full source code | {{{gnupg_size}}} | S | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig][FTP]] | + | GnuPG {{{gnupg_ver}}} full source code | {{{gnupg_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -37,18 +40,18 @@ ** GnuPG 1.4 # <> - | GnuPG {{{gnupg1_ver}}} source compressed using /bzip2/ | {{{gnupg1_size}}} | S | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig][FTP]] | - | GnuPG {{{gnupg1_ver}}} source compressed using /gzip/ | {{{gnupg1_size_gz}}} | S | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.gz][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.gz.sig][FTP]] | - | A patch file to upgrade to a {{{gnupg1_ver}}} source tree | {{{gnupg1_patch_size}}} | S | [[{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_patch_ver}}}.diff.bz2][FTP]] | + | GnuPG {{{gnupg1_ver}}} source compressed using /bzip2/ | {{{gnupg1_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG {{{gnupg1_ver}}} source compressed using /gzip/ | {{{gnupg1_size_gz}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.gz{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.gz.sig{{{ftpclose}}} | + | A patch file to upgrade to a {{{gnupg1_ver}}} source tree | {{{gnupg1_patch_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_patch_ver}}}.diff.bz2{{{ftpclose}}} | SHA-1 checksums for the above files: -#+begin_example: + {{{begin_chksum}}} {{{gnupg1_sha1}}} gnupg-{{{gnupg1_ver}}}.tar.bz2 {{{gnupg1_sha1_gz}}} gnupg-{{{gnupg1_ver}}}.tar.gz {{{gnupg1_patch_sha1}}} gnupg-{{{gnupg1_patch_ver}}}.diff.bz2 -#+end_example: + {{{end_chksum}}} Select one of them. To shorten the download time, you probably want to get the /bzip2/ compressed file. Please try another mirror if @@ -88,8 +91,8 @@ [[../related_software/gpa/index.org][GPA]] is still work in progress, so don't expect that everything works and be careful when using production quality secret keys. - | GPA {{{gpa_ver}}} full source code | {{{gpa_size}}} | S | [[{{{ftp_base}}}/gcrypt/gpa/gpa-{{{gpa_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig][FTP]] | + | GPA {{{gpa_ver}}} full source code | {{{gpa_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | {{{check_sig_note}}} @@ -105,13 +108,13 @@ encryption, decryption, signing, signature verification and key management. - | GPGME {{{gpgme_ver}}} full source code | {{{gpgme_size}}} | S | [[{{{ftp_base}}}/gcrypt/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig][FTP]] | + | GPGME {{{gpgme_ver}}} full source code | {{{gpgme_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{gpgme_sha1}}} gpgme-{{{gpgme_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -122,13 +125,13 @@ [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] is GNU's basic cryptographic library. - | Libgcrypt {{{libgcrypt_ver}}} full source code | {{{libgcrypt_size}}} | S | [[{{{ftp_base}}}/gcrypt/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig][FTP]] | + | Libgcrypt {{{libgcrypt_ver}}} full source code | {{{libgcrypt_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{libgcrypt_sha1}}} libgcrypt-{{{libgcrypt_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -139,13 +142,13 @@ [[../related_software/libraries.en.html#lib-libksba][Libksba]] is a CMS and X.509 access library. - | Libksba {{{libksba_ver}}} full source code | {{{libksba_size}}} | S | [[{{{ftp_base}}}/gcrypt/libksba/libksba-{{{libksba_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig][FTP]] | + | Libksba {{{libksba_ver}}} full source code | {{{libksba_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{libksba_sha1}}} libksba-{{{libksba_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -158,13 +161,13 @@ GnuPG 2.0. It might also be installed as a system daemon for CRL and OCSP checks. - | DirMngr {{{dirmngr_ver}}} full source code | {{{dirmngr_size}}} | S | [[{{{ftp_base}}}/gcrypt/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig][FTP]] | + | DirMngr {{{dirmngr_ver}}} full source code | {{{dirmngr_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{dirmngr_sha1}}} dirmngr-{{{dirmngr_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -176,13 +179,13 @@ [[../related_software/libraries.en.html#lib-libgpg-error][Libgpg-error]] is a small library with error codes and descriptions shared by most GnuPG related software. - | Libgpg-error {{{libgpg_error_ver}}} full source code | {{{libgpg_error_size}}} | S | [[{{{ftp_base}}}/gcrypt/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig][FTP]] | + | Libgpg-error {{{libgpg_error_ver}}} full source code | {{{libgpg_error_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{libgpg_error_sha1}}} libgpg-error-{{{libgpg_error_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -193,13 +196,13 @@ [[../related_software/libraries.en.html#lib-libassuan][Libassuan]] is the IPC library used by some GnuPG related software. - | Libassuan {{{libassuan_ver}}} full source code | {{{libassuan_size}}} | S | [[{{{ftp_base}}}/gcrypt/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2][FTP]] | - | Signature for previous file | | | [[{{{ftp_base}}}/gcrypt/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig][FTP]] | + | Libassuan {{{libassuan_ver}}} full source code | {{{libassuan_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: -#+begin_example: + {{{begin_chksum}}} {{{libassuan_sha1}}} libassuan-{{{libassuan_ver}}}.tar.bz2 -#+end_example: + {{{end_chksum}}} {{{check_sig_note}}} @@ -211,7 +214,7 @@ The latest version of the [[../related_software/libraries.en.html#lib-EGD][Entropy Gathering Daemon]] is available at the usual GnuPG sites: - | EGD 0.8 source code. | 30kB | S | [[ftp://ftp.gnupg.org/gcrypt/egd/egd-0.8.tar.gz][FTP]] | - | Signature for previous file. | | | [[ftp://ftp.gnupg.org/gcrypt/egd/egd-0.8.tar.gz.asc][FTP]] | + | EGD 0.8 source code. | 30kB | S | {{{ftpopen}}}{{{ftp_base}}}/egd/egd-0.8.tar.gz{{{ftpclose}}} | + | Signature for previous file. | | | {{{ftpopen}}}{{{ftp_base}}}/egd/egd-0.8.tar.gz.asc{{{ftpclose}}} | {{{check_sig_note}}} diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 31d7165..2ca4447 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -16,9 +16,9 @@ signature of the file =gnupg-{{{gnupg_ver}}}.tar.bz2= you would use this command: -#+begin_example - gpg --verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig -#+end_example + {{{begin_example}}} + gpg {{{twodashes}}}verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig + {{{end_example}}} This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made @@ -33,19 +33,19 @@ If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file - =gnupg-{{{gnupg_ver}}}.tar.bz2=, you would run the =sha1sum= + gnupg-{{{gnupg_ver}}}.tar.bz2, you would run the =sha1sum= command like this: -#+begin_example + {{{begin_chksum}}} sha1sum gnupg-{{{gnupg_ver}}}.tar.bz2 -#+end_example + {{{end_chksum}}} and check that the output matches the SHA-1 checksum reported on this site. An example of a =sha1sum= output is: -#+begin_example + {{{begin_chksum}}} {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 -#+end_example + {{{end_chksum}}} To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement @@ -56,7 +56,7 @@ For your convenience, all SHA1 sums available for software that can be downloaded from [[ftp://ftp.gnupg.org/][our site]], have been gathered below. -#+begin_example + {{{begin_chksum}}} {{{dirmngr_sha1}}} dirmngr-{{{dirmngr_ver}}}.tar.bz2 {{{gnupg1_patch_sha1}}} gnupg-{{{gnupg1_patch_ver}}}.diff.bz2 {{{gnupg1_sha1_gz}}} gnupg-{{{gnupg1_ver}}}.tar.gz @@ -69,4 +69,7 @@ {{{libgpg_error_sha1}}} libgpg-error-{{{libgpg_error_ver}}}.tar.bz2 {{{libksba_sha1}}} libksba-{{{libksba_ver}}}.tar.bz2 {{{pinentry_sha1}}} pinentry-{{{pinentry_ver}}}.tar.bz2 -#+end_example + {{{end_chksum}}} + + +#eof# diff --git a/web/index.org b/web/index.org index 66423e7..e7bd97a 100644 --- a/web/index.org +++ b/web/index.org @@ -34,7 +34,6 @@ integrated into an installer and features all required tools. Project [[http://www.gnupg.org/aegypten/][Aegypten]] developed the S/MIME functionality in GnuPG 2. - * Latest news #+index: News diff --git a/web/related_software/frontends.org b/web/related_software/frontends.org index e0b0b55..970cd16 100644 --- a/web/related_software/frontends.org +++ b/web/related_software/frontends.org @@ -11,7 +11,7 @@ homogeneous categories. A frontend may belong to one or more categories at a time. A list is sorted in an alphabetical order. - - [[GUI frontends]] + - [[GUI%20frontends][GUI frontends]] - [[MUA frontends]] - [[Chat programs]] - [[Network related]] diff --git a/web/share/btn-donate.png b/web/share/btn-donate.png new file mode 100644 index 0000000..f1d9a46 Binary files /dev/null and b/web/share/btn-donate.png differ diff --git a/web/share/logo-sponsor.png b/web/share/logo-sponsor.png new file mode 100644 index 0000000..fc7abfc Binary files /dev/null and b/web/share/logo-sponsor.png differ diff --git a/web/share/pace.png b/web/share/pace.png new file mode 100644 index 0000000..d627c9a Binary files /dev/null and b/web/share/pace.png differ diff --git a/web/share/setup.inc b/web/share/setup.inc index 19e3b79..d61756a 100644 --- a/web/share/setup.inc +++ b/web/share/setup.inc @@ -4,3 +4,14 @@ # FIXME: Figure out a way to use SETUPFILE based on the directory of # the currently SETUPFILE loaded file. #+SETUPFILE: "/home/wk/s/gnupg-doc/web/swdb.mac" + + +# Org version 8 des not anymore expand macros in all places. We use +# some ugly macros instead of the #+begin_example et al. + +#+macro: begin_example @@html:
@@
+#+macro: end_example   @@html:
@@ +#+macro: begin_chksum @@html:
@@
+#+macro: end_chksum    @@html:
@@ + +#+macro: twodashes @@html:--@@ diff --git a/web/swdb.mac b/web/swdb.mac index a896a04..7b4d696 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -5,7 +5,6 @@ # #+macro: ftp_base ftp://ftp.gnupg.org/gcrypt - # # GnuPG-2 # ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 81 +++++++++++++++++++----------------- web/download/integrity_check.org | 23 +++++----- web/index.org | 1 - web/related_software/frontends.org | 2 +- web/share/btn-donate.png | Bin 0 -> 1596 bytes web/share/logo-sponsor.png | Bin 0 -> 7708 bytes web/share/pace.png | Bin 0 -> 4108 bytes web/share/setup.inc | 11 +++++ web/swdb.mac | 1 - 9 files changed, 67 insertions(+), 52 deletions(-) create mode 100644 web/share/btn-donate.png create mode 100644 web/share/logo-sponsor.png create mode 100644 web/share/pace.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 12 18:56:05 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Dec 2013 18:56:05 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-430-g4ae7732 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4ae77322b681a13da62d01274bcab25be2af12d0 (commit) from 3b30e9840d4b351c4de73b126e561154cb7df4cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ae77322b681a13da62d01274bcab25be2af12d0 Author: Werner Koch Date: Thu Dec 12 18:53:39 2013 +0100 Move list of hardware features to hwfeatures.c. * src/global.c (hwflist, disabled_hw_features): Move to .. * src/hwfeatures.c: here. (_gcry_disable_hw_feature): New. (_gcry_enum_hw_features): New. (_gcry_detect_hw_features): Remove arg DISABLED_FEATURES. * src/global.c (print_config, _gcry_vcontrol, global_init): Adjust accordingly. -- It is better to keep the hardware feature infor at one place. Signed-off-by: Werner Koch diff --git a/src/g10lib.h b/src/g10lib.h index 4e083b8..1e58ef6 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -206,8 +206,10 @@ int _gcry_log_verbosity( int level ); #define HWF_ARM_NEON 4096 +gpg_err_code_t _gcry_disable_hw_feature (const char *name); +void _gcry_detect_hw_features (void); unsigned int _gcry_get_hw_features (void); -void _gcry_detect_hw_features (unsigned int); +const char *_gcry_enum_hw_features (int idx, unsigned int *r_feature); /*-- mpi/mpiutil.c --*/ diff --git a/src/global.c b/src/global.c index cb66d37..9af499e 100644 --- a/src/global.c +++ b/src/global.c @@ -55,31 +55,6 @@ static int force_fips_mode; /* Controlled by global_init(). */ static int any_init_done; -/* A table to map hardware features to a string. */ -static struct -{ - unsigned int flag; - const char *desc; -} hwflist[] = - { - { HWF_PADLOCK_RNG, "padlock-rng" }, - { HWF_PADLOCK_AES, "padlock-aes" }, - { HWF_PADLOCK_SHA, "padlock-sha" }, - { HWF_PADLOCK_MMUL,"padlock-mmul"}, - { HWF_INTEL_PCLMUL,"intel-pclmul" }, - { HWF_INTEL_AESNI, "intel-aesni" }, - { HWF_INTEL_RDRAND,"intel-rdrand" }, - { HWF_INTEL_AVX, "intel-avx" }, - { HWF_INTEL_AVX2, "intel-avx2" }, - { HWF_ARM_NEON, "arm-neon" }, - { 0, NULL} - }; - -/* A bit vector with the hardware features which shall not be used. - This variable must be set prior to any initialization. */ -static unsigned int disabled_hw_features; - - /* Memory management. */ static gcry_handler_alloc_t alloc_func; @@ -125,7 +100,7 @@ global_init (void) /* Before we do any other initialization we need to test available hardware features. */ - _gcry_detect_hw_features (disabled_hw_features); + _gcry_detect_hw_features (); /* Initialize the modules - this is mainly allocating some memory and creating mutexes. */ @@ -289,8 +264,9 @@ _gcry_check_version (const char *req_version) static void print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) { - unsigned int hwf; + unsigned int hwfeatures, afeature; int i; + const char *s; fnc (fp, "version:%s:\n", VERSION); fnc (fp, "ciphers:%s:\n", LIBGCRYPT_CIPHERS); @@ -329,11 +305,11 @@ print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) ":\n"); fnc (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ()); fnc (fp, "threads:%s:\n", ath_get_model (NULL)); - hwf = _gcry_get_hw_features (); + hwfeatures = _gcry_get_hw_features (); fnc (fp, "hwflist:"); - for (i=0; hwflist[i].desc; i++) - if ( (hwf & hwflist[i].flag) ) - fnc (fp, "%s:", hwflist[i].desc); + for (i=0; (s = _gcry_enum_hw_features (i, &afeature)); i++) + if ((hwfeatures & afeature)) + fnc (fp, "%s:", s); fnc (fp, "\n"); /* We use y/n instead of 1/0 for the simple reason that Emacsen's compile error parser would accidently flag that line when printed @@ -343,8 +319,6 @@ print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) _gcry_enforced_fips_mode ()? 'y':'n' ); /* The currently used RNG type. */ { - const char *s; - i = _gcry_get_rng_type (0); switch (i) { @@ -653,16 +627,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) case GCRYCTL_DISABLE_HWF: { const char *name = va_arg (arg_ptr, const char *); - int i; - - for (i=0; hwflist[i].desc; i++) - if (!strcmp (hwflist[i].desc, name)) - { - disabled_hw_features |= hwflist[i].flag; - break; - } - if (!hwflist[i].desc) - rc = GPG_ERR_INV_NAME; + rc = _gcry_disable_hw_feature (name); } break; diff --git a/src/hwf-arm.c b/src/hwf-arm.c index 9ab4cd0..5c99a1d 100644 --- a/src/hwf-arm.c +++ b/src/hwf-arm.c @@ -39,7 +39,8 @@ #define AT_HWCAP 16 #define HWCAP_NEON 4096 -static int get_hwcap(unsigned int *hwcap) +static int +get_hwcap(unsigned int *hwcap) { struct { unsigned int a_type; unsigned int a_val; } auxv; FILE *f; @@ -76,7 +77,8 @@ static int get_hwcap(unsigned int *hwcap) return err; } -static unsigned int detect_arm_at_hwcap(void) +static unsigned int +detect_arm_at_hwcap(void) { unsigned int hwcap; unsigned int features = 0; diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 1e3c27d..43847d2 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -29,11 +29,51 @@ #include "hwf-common.h" +/* A table to map hardware features to a string. */ +static struct +{ + unsigned int flag; + const char *desc; +} hwflist[] = + { + { HWF_PADLOCK_RNG, "padlock-rng" }, + { HWF_PADLOCK_AES, "padlock-aes" }, + { HWF_PADLOCK_SHA, "padlock-sha" }, + { HWF_PADLOCK_MMUL,"padlock-mmul"}, + { HWF_INTEL_PCLMUL,"intel-pclmul" }, + { HWF_INTEL_AESNI, "intel-aesni" }, + { HWF_INTEL_RDRAND,"intel-rdrand" }, + { HWF_INTEL_AVX, "intel-avx" }, + { HWF_INTEL_AVX2, "intel-avx2" }, + { HWF_ARM_NEON, "arm-neon" } + }; + +/* A bit vector with the hardware features which shall not be used. + This variable must be set prior to any initialization. */ +static unsigned int disabled_hw_features; + /* A bit vector describing the hardware features currently available. */ static unsigned int hw_features; +/* Disable a feature by name. This function must be called *before* + _gcry_detect_hw_features is called. */ +gpg_err_code_t +_gcry_disable_hw_feature (const char *name) +{ + int i; + + for (i=0; i < DIM (hwflist); i++) + if (!strcmp (hwflist[i].desc, name)) + { + disabled_hw_features |= hwflist[i].flag; + return 0; + } + return GPG_ERR_INV_NAME; +} + + /* Return a bit vector describing the available hardware features. The HWF_ constants are used to test for them. */ unsigned int @@ -43,11 +83,24 @@ _gcry_get_hw_features (void) } +/* Enumerate all features. The caller is expected to start with an + IDX of 0 and then increment IDX until NULL is returned. */ +const char * +_gcry_enum_hw_features (int idx, unsigned int *r_feature) +{ + if (idx < 0 || idx >= DIM (hwflist)) + return NULL; + if (r_feature) + *r_feature = hwflist[idx].flag; + return hwflist[idx].desc; +} + + /* Detect the available hardware features. This function is called once right at startup and we assume that no other threads are running. */ void -_gcry_detect_hw_features (unsigned int disabled_features) +_gcry_detect_hw_features (void) { hw_features = 0; @@ -65,5 +118,5 @@ _gcry_detect_hw_features (unsigned int disabled_features) } #endif /* HAVE_CPU_ARCH_ARM */ - hw_features &= ~disabled_features; + hw_features &= ~disabled_hw_features; } ----------------------------------------------------------------------- Summary of changes: src/g10lib.h | 4 +++- src/global.c | 51 ++++++++---------------------------------------- src/hwf-arm.c | 6 ++++-- src/hwfeatures.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 4 files changed, 70 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 12 20:29:11 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Dec 2013 20:29:11 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-431-g5e1239b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5e1239b1e2948211ff2675f45cce2b28c3379cfb (commit) from 4ae77322b681a13da62d01274bcab25be2af12d0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e1239b1e2948211ff2675f45cce2b28c3379cfb Author: Werner Koch Date: Thu Dec 12 20:26:56 2013 +0100 Add a configuration file to disable hardware features. * src/hwfeatures.c: Inclyde syslog.h and ctype.h. (HWF_DENY_FILE): New. (my_isascii): New. (parse_hwf_deny_file): New. (_gcry_detect_hw_features): Call it. * src/mpicalc.c (main): Correctly initialize Libgcrypt. Add options "--print-config" and "--disable-hwf". Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 4c95e8a..978047f 100644 --- a/NEWS +++ b/NEWS @@ -46,6 +46,8 @@ Noteworthy changes in version 1.6.0 (unreleased) * Changed gcry_pk_genkey for "ecc" to only include the curve name and not the parameters. The flag "param" may be used to revert this. + * Added a feature to globally disable selected hardware features. + * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_ac_* REMOVED. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 97dac1c..f3af29f 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -210,6 +210,7 @@ of the library are verified. * Initializing the library:: How to initialize the library. * Multi-Threading:: How Libgcrypt can be used in a MT environment. * Enabling FIPS mode:: How to enable the FIPS mode. +* Hardware features:: How to disable hardware features. @end menu @@ -609,6 +610,50 @@ switch back to standard mode without terminating the process first. If the logging verbosity level of Libgcrypt has been set to at least 2, the state transitions and the self-tests are logged. + at node Hardware features + at section How to disable hardware features + at cindex hardware features + +Libgcrypt makes use of certain hardware features. If the use of a +feature is not desired it may be either be disabled by a program or +globally using a configuration file. The currently supported features +are + + at table @code + at item padlock-rng + at item padlock-aes + at item padlock-sha + at item padlock-mmul + at item intel-pclmul + at item intel-aesni + at item intel-rdrand + at item intel-avx + at item intel-avx2 + at item arm-neon + at end table + +To disable a feature for all processes using Libgcrypt 1.6 or newer, +create the file @file{/etc/gcrypt/hwf.deny} and put each feature not +to be used on a single line. Empty lines, white space, and lines +prefixed with a hash mark are ignored. The file should be world +readable. + +To disable a feature specifically for a program that program must tell +it Libgcrypt before before calling @code{gcry_check_version}. +Example:@footnote{NB. Libgcrypt uses the RDRAND feature only as one +source of entropy. A CPU with a broken RDRAND will thus not +compromise of the random number generator} + + at example + gcry_control (GCRYCTL_DISABLE_HWF, "intel-rdrand", NULL); + at end example + + at noindent +To print the list of active features you may use this command: + + at example + mpicalc --print-config | grep ^hwflist: | tr : '\n' | tail -n +2 + at end example @c ********************************************************** diff --git a/src/fips.c b/src/fips.c index 1d7a6a4..8148dcd 100644 --- a/src/fips.c +++ b/src/fips.c @@ -36,7 +36,7 @@ #include "hmac256.h" -/* The name of the file used to foce libgcrypt into fips mode. */ +/* The name of the file used to force libgcrypt into fips mode. */ #define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled" diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 43847d2..6699816 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -20,14 +20,20 @@ #include #include +#include #include #include #include #include +#ifdef HAVE_SYSLOG +# include +#endif /*HAVE_SYSLOG*/ #include "g10lib.h" #include "hwf-common.h" +/* The name of a file used to globally disable selected features. */ +#define HWF_DENY_FILE "/etc/gcrypt/hwf.deny" /* A table to map hardware features to a string. */ static struct @@ -56,7 +62,11 @@ static unsigned int disabled_hw_features; available. */ static unsigned int hw_features; +/* Convenience macros. */ +#define my_isascii(c) (!((c) & 0x80)) + + /* Disable a feature by name. This function must be called *before* _gcry_detect_hw_features is called. */ gpg_err_code_t @@ -96,6 +106,70 @@ _gcry_enum_hw_features (int idx, unsigned int *r_feature) } +/* Read a file with features which shall not be used. The file is a + simple text file where empty lines and lines with the first non + white-space character being '#' are ignored. */ +static void +parse_hwf_deny_file (void) +{ + const char *fname = HWF_DENY_FILE; + FILE *fp; + char buffer[256]; + char *p, *pend; + int i, lnr = 0; + + fp = fopen (fname, "r"); + if (!fp) + return; + + for (;;) + { + if (!fgets (buffer, sizeof buffer, fp)) + { + if (!feof (fp)) + { +#ifdef HAVE_SYSLOG + syslog (LOG_USER|LOG_WARNING, + "Libgcrypt warning: error reading '%s', line %d", + fname, lnr); +#endif /*HAVE_SYSLOG*/ + } + fclose (fp); + return; + } + lnr++; + for (p=buffer; my_isascii (*p) && isspace (*p); p++) + ; + pend = strchr (p, '\n'); + if (pend) + *pend = 0; + pend = p + (*p? (strlen (p)-1):0); + for ( ;pend > p; pend--) + if (my_isascii (*pend) && isspace (*pend)) + *pend = 0; + if (!*p || *p == '#') + continue; + + for (i=0; i < DIM (hwflist); i++) + { + if (!strcmp (hwflist[i].desc, p)) + { + disabled_hw_features |= hwflist[i].flag; + break; + } + } + if (i == DIM (hwflist)) + { +#ifdef HAVE_SYSLOG + syslog (LOG_USER|LOG_WARNING, + "Libgcrypt warning: unknown feature in '%s', line %d", + fname, lnr); +#endif /*HAVE_SYSLOG*/ + } + } +} + + /* Detect the available hardware features. This function is called once right at startup and we assume that no other threads are running. */ @@ -107,6 +181,8 @@ _gcry_detect_hw_features (void) if (fips_mode ()) return; /* Hardware support is not to be evaluated. */ + parse_hwf_deny_file (); + #if defined (HAVE_CPU_ARCH_X86) { hw_features = _gcry_hwf_detect_x86 (); diff --git a/src/mpicalc.c b/src/mpicalc.c index 335b7c3..b2b4335 100644 --- a/src/mpicalc.c +++ b/src/mpicalc.c @@ -40,6 +40,7 @@ #define MPICALC_VERSION "2.0" +#define NEED_LIBGCRYPT_VERSION "1.6.0" #define STACKSIZE 500 static gcry_mpi_t stack[STACKSIZE]; @@ -309,6 +310,7 @@ main (int argc, char **argv) { const char *pgm; int last_argc = -1; + int print_config = 0; int i, c; int state = 0; char strbuf[1000]; @@ -350,10 +352,28 @@ main (int argc, char **argv) "Simple interactive big integer RPN calculator\n" "\n" "Options:\n" - " --version print version information\n", + " --version print version information\n" + " --print-config print the Libgcrypt config\n" + " --disable-hwf NAME disable feature NAME\n", pgm, gcry_check_version (NULL)); exit (0); } + else if (!strcmp (*argv, "--print-config")) + { + argc--; argv++; + print_config = 1; + } + else if (!strcmp (*argv, "--disable-hwf")) + { + argc--; argv++; + if (argc) + { + if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL)) + fprintf (stderr, "%s: unknown hardware feature `%s'" + " - option ignored\n", pgm, *argv); + argc--; argv++; + } + } } if (argc) @@ -362,6 +382,20 @@ main (int argc, char **argv) exit (1); } + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) + { + fprintf (stderr, "%s: Libgcrypt is too old (need %s, have %s)\n", + pgm, NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); + exit (1); + } + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + if (print_config) + { + gcry_control (GCRYCTL_PRINT_CONFIG, stdout); + exit (0); + } + for (i = 0; i < STACKSIZE; i++) stack[i] = NULL; stackidx = 0; ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ doc/gcrypt.texi | 45 ++++++++++++++++++++++++++++++++ src/fips.c | 2 +- src/hwfeatures.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/mpicalc.c | 36 +++++++++++++++++++++++++- 5 files changed, 159 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 10:25:41 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 13 Dec 2013 10:25:41 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-436-ge41d605 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e41d605ee41469e8a33cdc4d38f742cfb931f835 (commit) via a71b810ddd67ca3a1773d8f929d162551abb58eb (commit) via 2e4253dc8eb512cd0e807360926dc6ba912c95b4 (commit) via 69a6d0f9562fcd26112a589318c13de66ce1700e (commit) via e1a3931263e67aacec3c0bfcaa86c7d1441d5c6a (commit) from 5e1239b1e2948211ff2675f45cce2b28c3379cfb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e41d605ee41469e8a33cdc4d38f742cfb931f835 Author: Jussi Kivilinna Date: Fri Dec 13 00:00:08 2013 +0200 Fix empty clobber in AVX2 assembly check * configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly globber. -- Appearently empty globbers only work in some cases on linux, and fail on mingw32. Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index bc86956..b91240b 100644 --- a/configure.ac +++ b/configure.ac @@ -1040,7 +1040,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports AVX2 instructions], [gcry_cv_gcc_inline_asm_avx2=no AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { - __asm__("vpbroadcastb %%xmm7,%%ymm1\n\t":::); + __asm__("vpbroadcastb %%xmm7,%%ymm1\n\t":::"cc"); }]])], [gcry_cv_gcc_inline_asm_avx2=yes])]) if test "$gcry_cv_gcc_inline_asm_avx2" = "yes" ; then commit a71b810ddd67ca3a1773d8f929d162551abb58eb Author: Jussi Kivilinna Date: Thu Dec 12 23:53:28 2013 +0200 Fix W32 build * random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to xmalloc, and gcry_xrealloc to xrealloc. -- Patch fixes following errors: ../random/.libs/librandom.a(rndw32.o): In function `registry_poll': .../libgcrypt/random/rndw32.c:434: undefined reference to `__gcry_USE_THE_UNDERSCORED_FUNCTION' .../libgcrypt/random/rndw32.c:454: undefined reference to `__gcry_USE_THE_UNDERSCORED_FUNCTION' ../random/.libs/librandom.a(rndw32.o): In function `slow_gatherer': .../random/rndw32.c:658: undefined reference to `__gcry_USE_THE_UNDERSCORED_FUNCTION' Signed-off-by: Jussi Kivilinna diff --git a/random/rndw32.c b/random/rndw32.c index 03dffaf..c495131 100644 --- a/random/rndw32.c +++ b/random/rndw32.c @@ -431,7 +431,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), } else { - pPerfData = gcry_xmalloc (cbPerfData); + pPerfData = xmalloc (cbPerfData); for (iterations=0; iterations < 10; iterations++) { dwSize = cbPerfData; @@ -451,7 +451,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), else if (status == ERROR_MORE_DATA) { cbPerfData += PERFORMANCE_BUFFER_STEP; - pPerfData = gcry_xrealloc (pPerfData, cbPerfData); + pPerfData = xrealloc (pPerfData, cbPerfData); } else { @@ -655,7 +655,7 @@ slow_gatherer ( void (*add)(const void*, size_t, enum random_origins), This scan typically yields around 20 pieces of data, there's nothing in the range 65...128 so chances are there won't be anything above there either. */ - buffer = gcry_xmalloc (PERFORMANCE_BUFFER_SIZE); + buffer = xmalloc (PERFORMANCE_BUFFER_SIZE); for (dwType = 0; dwType < 64; dwType++) { switch (dwType) commit 2e4253dc8eb512cd0e807360926dc6ba912c95b4 Author: Jussi Kivilinna Date: Thu Dec 12 13:56:13 2013 +0200 SHA-512: Add AVX and AVX2 implementations for x86-64 * cipher/Makefile.am: Add 'sha512-avx-amd64.S' and 'sha512-avx2-bmi2-amd64.S'. * cipher/sha512-avx-amd64.S: New. * cipher/sha512-avx2-bmi2-amd64.S: New. * cipher/sha512.c (USE_AVX, USE_AVX2): New. (SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'. (SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'. (sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'. (sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'. [USE_AVX] (_gcry_sha512_transform_amd64_avx): New. [USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New. (transform) [USE_AVX2]: Add call for AVX2 implementation. (transform) [USE_AVX]: Add call for AVX implementation. * configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check. (sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'. * doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'. * src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New. * src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2". * src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and HWF_INTEL_BMI2. -- Patch adds fast AVX and AVX2 implementation of SHA-512 by Intel Corporation. The assembly source is licensed under 3-clause BSD license, thus compatible with LGPL2.1+. Original source can be accessed at: http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs Implementation is described in white paper "Fast SHA512 Implementations on Intel? Architecture Processors" http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-sha512-implementat$ Note: AVX implementation uses SHLD instruction to emulate RORQ, since it's faster on Intel Sandy-Bridge. However, on non-Intel CPUs SHLD is much slower than RORQ, so therefore AVX implementation is (for now) limited to Intel CPUs. Note: AVX2 implementation also uses BMI2 instruction rorx, thus additional HWF flag. Benchmarks: cpu Old SSSE3 AVX/AVX2 Old vs AVX/AVX2 vs SSSE3 Intel i5-4570 10.11 c/B 7.56 c/B 6.72 c/B 1.50x 1.12x Intel i5-2450M 14.11 c/B 10.53 c/B 8.88 c/B 1.58x 1.18x Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 88c288a..7c85af2 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -78,7 +78,7 @@ scrypt.c \ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ sha1.c \ -sha256.c sha256-ssse3-amd64.S \ +sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha512.c sha512-ssse3-amd64.S sha512-armv7-neon.S \ stribog.c \ tiger.c \ diff --git a/cipher/sha512-avx-amd64.S b/cipher/sha512-avx-amd64.S new file mode 100644 index 0000000..691d771 --- /dev/null +++ b/cipher/sha512-avx-amd64.S @@ -0,0 +1,412 @@ +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Copyright (c) 2012, Intel Corporation +; +; All rights reserved. +; +; Redistribution and use in source and binary forms, with or without +; modification, are permitted provided that the following conditions are +; met: +; +; * Redistributions of source code must retain the above copyright +; notice, this list of conditions and the following disclaimer. +; +; * Redistributions in binary form must reproduce the above copyright +; notice, this list of conditions and the following disclaimer in the +; documentation and/or other materials provided with the +; distribution. +; +; * Neither the name of the Intel Corporation nor the names of its +; contributors may be used to endorse or promote products derived from +; this software without specific prior written permission. +; +; +; THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY +; EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR +; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +; EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +; PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +; PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +; SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +*/ +/* + * Conversion to GAS assembly and integration to libgcrypt + * by Jussi Kivilinna + */ + +#ifdef __x86_64 +#include +#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA512) + +#ifdef __PIC__ +# define ADD_RIP +rip +#else +# define ADD_RIP +#endif + +.intel_syntax noprefix + +.text + +/* Virtual Registers */ +msg = rdi /* ARG1 */ +digest = rsi /* ARG2 */ +msglen = rdx /* ARG3 */ +T1 = rcx +T2 = r8 +a_64 = r9 +b_64 = r10 +c_64 = r11 +d_64 = r12 +e_64 = r13 +f_64 = r14 +g_64 = r15 +h_64 = rbx +tmp0 = rax + +/* +; Local variables (stack frame) +; Note: frame_size must be an odd multiple of 8 bytes to XMM align RSP +*/ +frame_W = 0 /* Message Schedule */ +frame_W_size = (80 * 8) +frame_WK = ((frame_W) + (frame_W_size)) /* W[t] + K[t] | W[t+1] + K[t+1] */ +frame_WK_size = (2 * 8) +frame_GPRSAVE = ((frame_WK) + (frame_WK_size)) +frame_GPRSAVE_size = (5 * 8) +frame_size = ((frame_GPRSAVE) + (frame_GPRSAVE_size)) + + +/* Useful QWORD "arrays" for simpler memory references */ +#define MSG(i) msg + 8*(i) /* Input message (arg1) */ +#define DIGEST(i) digest + 8*(i) /* Output Digest (arg2) */ +#define K_t(i) .LK512 + 8*(i) ADD_RIP /* SHA Constants (static mem) */ +#define W_t(i) rsp + frame_W + 8*(i) /* Message Schedule (stack frame) */ +#define WK_2(i) rsp + frame_WK + 8*((i) % 2) /* W[t]+K[t] (stack frame) */ +/* MSG, DIGEST, K_t, W_t are arrays */ +/* WK_2(t) points to 1 of 2 qwords at frame.WK depdending on t being odd/even */ + +.macro RotateState + /* Rotate symbles a..h right */ + __TMP = h_64 + h_64 = g_64 + g_64 = f_64 + f_64 = e_64 + e_64 = d_64 + d_64 = c_64 + c_64 = b_64 + b_64 = a_64 + a_64 = __TMP +.endm + +.macro RORQ p1 p2 + /* shld is faster than ror on Intel Sandybridge */ + shld \p1, \p1, (64 - \p2) +.endm + +.macro SHA512_Round t + /* Compute Round %%t */ + mov T1, f_64 /* T1 = f */ + mov tmp0, e_64 /* tmp = e */ + xor T1, g_64 /* T1 = f ^ g */ + RORQ tmp0, 23 /* 41 ; tmp = e ror 23 */ + and T1, e_64 /* T1 = (f ^ g) & e */ + xor tmp0, e_64 /* tmp = (e ror 23) ^ e */ + xor T1, g_64 /* T1 = ((f ^ g) & e) ^ g = CH(e,f,g) */ + add T1, [WK_2(\t)] /* W[t] + K[t] from message scheduler */ + RORQ tmp0, 4 /* 18 ; tmp = ((e ror 23) ^ e) ror 4 */ + xor tmp0, e_64 /* tmp = (((e ror 23) ^ e) ror 4) ^ e */ + mov T2, a_64 /* T2 = a */ + add T1, h_64 /* T1 = CH(e,f,g) + W[t] + K[t] + h */ + RORQ tmp0, 14 /* 14 ; tmp = ((((e ror23)^e)ror4)^e)ror14 = S1(e) */ + add T1, tmp0 /* T1 = CH(e,f,g) + W[t] + K[t] + S1(e) */ + mov tmp0, a_64 /* tmp = a */ + xor T2, c_64 /* T2 = a ^ c */ + and tmp0, c_64 /* tmp = a & c */ + and T2, b_64 /* T2 = (a ^ c) & b */ + xor T2, tmp0 /* T2 = ((a ^ c) & b) ^ (a & c) = Maj(a,b,c) */ + mov tmp0, a_64 /* tmp = a */ + RORQ tmp0, 5 /* 39 ; tmp = a ror 5 */ + xor tmp0, a_64 /* tmp = (a ror 5) ^ a */ + add d_64, T1 /* e(next_state) = d + T1 */ + RORQ tmp0, 6 /* 34 ; tmp = ((a ror 5) ^ a) ror 6 */ + xor tmp0, a_64 /* tmp = (((a ror 5) ^ a) ror 6) ^ a */ + lea h_64, [T1 + T2] /* a(next_state) = T1 + Maj(a,b,c) */ + RORQ tmp0, 28 /* 28 ; tmp = ((((a ror5)^a)ror6)^a)ror28 = S0(a) */ + add h_64, tmp0 /* a(next_state) = T1 + Maj(a,b,c) S0(a) */ + RotateState +.endm + +.macro SHA512_2Sched_2Round_avx t +/* ; Compute rounds %%t-2 and %%t-1 + ; Compute message schedule QWORDS %%t and %%t+1 + + ; Two rounds are computed based on the values for K[t-2]+W[t-2] and + ; K[t-1]+W[t-1] which were previously stored at WK_2 by the message + ; scheduler. + ; The two new schedule QWORDS are stored at [W_t(%%t)] and [W_t(%%t+1)]. + ; They are then added to their respective SHA512 constants at + ; [K_t(%%t)] and [K_t(%%t+1)] and stored at dqword [WK_2(%%t)] + ; For brievity, the comments following vectored instructions only refer to + ; the first of a pair of QWORDS. + ; Eg. XMM4=W[t-2] really means XMM4={W[t-2]|W[t-1]} + ; The computation of the message schedule and the rounds are tightly + ; stitched to take advantage of instruction-level parallelism. + ; For clarity, integer instructions (for the rounds calculation) are indented + ; by one tab. Vectored instructions (for the message scheduler) are indented + ; by two tabs. */ + + vmovdqa xmm4, [W_t(\t-2)] /* XMM4 = W[t-2] */ + vmovdqu xmm5, [W_t(\t-15)] /* XMM5 = W[t-15] */ + mov T1, f_64 + vpsrlq xmm0, xmm4, 61 /* XMM0 = W[t-2]>>61 */ + mov tmp0, e_64 + vpsrlq xmm6, xmm5, 1 /* XMM6 = W[t-15]>>1 */ + xor T1, g_64 + RORQ tmp0, 23 /* 41 */ + vpsrlq xmm1, xmm4, 19 /* XMM1 = W[t-2]>>19 */ + and T1, e_64 + xor tmp0, e_64 + vpxor xmm0, xmm0, xmm1 /* XMM0 = W[t-2]>>61 ^ W[t-2]>>19 */ + xor T1, g_64 + add T1, [WK_2(\t)]; + vpsrlq xmm7, xmm5, 8 /* XMM7 = W[t-15]>>8 */ + RORQ tmp0, 4 /* 18 */ + vpsrlq xmm2, xmm4, 6 /* XMM2 = W[t-2]>>6 */ + xor tmp0, e_64 + mov T2, a_64 + add T1, h_64 + vpxor xmm6, xmm6, xmm7 /* XMM6 = W[t-15]>>1 ^ W[t-15]>>8 */ + RORQ tmp0, 14 /* 14 */ + add T1, tmp0 + vpsrlq xmm8, xmm5, 7 /* XMM8 = W[t-15]>>7 */ + mov tmp0, a_64 + xor T2, c_64 + vpsllq xmm3, xmm4, (64-61) /* XMM3 = W[t-2]<<3 */ + and tmp0, c_64 + and T2, b_64 + vpxor xmm2, xmm2, xmm3 /* XMM2 = W[t-2]>>6 ^ W[t-2]<<3 */ + xor T2, tmp0 + mov tmp0, a_64 + vpsllq xmm9, xmm5, (64-1) /* XMM9 = W[t-15]<<63 */ + RORQ tmp0, 5 /* 39 */ + vpxor xmm8, xmm8, xmm9 /* XMM8 = W[t-15]>>7 ^ W[t-15]<<63 */ + xor tmp0, a_64 + add d_64, T1 + RORQ tmp0, 6 /* 34 */ + xor tmp0, a_64 + vpxor xmm6, xmm6, xmm8 /* XMM6 = W[t-15]>>1 ^ W[t-15]>>8 ^ W[t-15]>>7 ^ W[t-15]<<63 */ + lea h_64, [T1 + T2] + RORQ tmp0, 28 /* 28 */ + vpsllq xmm4, xmm4, (64-19) /* XMM4 = W[t-2]<<25 */ + add h_64, tmp0 + RotateState + vpxor xmm0, xmm0, xmm4 /* XMM0 = W[t-2]>>61 ^ W[t-2]>>19 ^ W[t-2]<<25 */ + mov T1, f_64 + vpxor xmm0, xmm0, xmm2 /* XMM0 = s1(W[t-2]) */ + mov tmp0, e_64 + xor T1, g_64 + vpaddq xmm0, xmm0, [W_t(\t-16)] /* XMM0 = s1(W[t-2]) + W[t-16] */ + vmovdqu xmm1, [W_t(\t- 7)] /* XMM1 = W[t-7] */ + RORQ tmp0, 23 /* 41 */ + and T1, e_64 + xor tmp0, e_64 + xor T1, g_64 + vpsllq xmm5, xmm5, (64-8) /* XMM5 = W[t-15]<<56 */ + add T1, [WK_2(\t+1)] + vpxor xmm6, xmm6, xmm5 /* XMM6 = s0(W[t-15]) */ + RORQ tmp0, 4 /* 18 */ + vpaddq xmm0, xmm0, xmm6 /* XMM0 = s1(W[t-2]) + W[t-16] + s0(W[t-15]) */ + xor tmp0, e_64 + vpaddq xmm0, xmm0, xmm1 /* XMM0 = W[t] = s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16] */ + mov T2, a_64 + add T1, h_64 + RORQ tmp0, 14 /* 14 */ + add T1, tmp0 + vmovdqa [W_t(\t)], xmm0 /* Store W[t] */ + vpaddq xmm0, xmm0, [K_t(t)] /* Compute W[t]+K[t] */ + vmovdqa [WK_2(t)], xmm0 /* Store W[t]+K[t] for next rounds */ + mov tmp0, a_64 + xor T2, c_64 + and tmp0, c_64 + and T2, b_64 + xor T2, tmp0 + mov tmp0, a_64 + RORQ tmp0, 5 /* 39 */ + xor tmp0, a_64 + add d_64, T1 + RORQ tmp0, 6 /* 34 */ + xor tmp0, a_64 + lea h_64, [T1 + T2] + RORQ tmp0, 28 /* 28 */ + add h_64, tmp0 + RotateState +.endm + +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; void sha512_avx(const void* M, void* D, uint64_t L); +; Purpose: Updates the SHA512 digest stored at D with the message stored in M. +; The size of the message pointed to by M must be an integer multiple of SHA512 +; message blocks. +; L is the message length in SHA512 blocks +*/ +.globl _gcry_sha512_transform_amd64_avx +.type _gcry_sha512_transform_amd64_avx, at function; +.align 16 +_gcry_sha512_transform_amd64_avx: + xor eax, eax + + cmp msglen, 0 + je .Lnowork + + /* Allocate Stack Space */ + sub rsp, frame_size + + /* Save GPRs */ + mov [rsp + frame_GPRSAVE + 8 * 0], rbx + mov [rsp + frame_GPRSAVE + 8 * 1], r12 + mov [rsp + frame_GPRSAVE + 8 * 2], r13 + mov [rsp + frame_GPRSAVE + 8 * 3], r14 + mov [rsp + frame_GPRSAVE + 8 * 4], r15 + +.Lupdateblock: + + /* Load state variables */ + mov a_64, [DIGEST(0)] + mov b_64, [DIGEST(1)] + mov c_64, [DIGEST(2)] + mov d_64, [DIGEST(3)] + mov e_64, [DIGEST(4)] + mov f_64, [DIGEST(5)] + mov g_64, [DIGEST(6)] + mov h_64, [DIGEST(7)] + + t = 0 + .rept 80/2 + 1 + /* (80 rounds) / (2 rounds/iteration) + (1 iteration) */ + /* +1 iteration because the scheduler leads hashing by 1 iteration */ + .if t < 2 + /* BSWAP 2 QWORDS */ + vmovdqa xmm1, [.LXMM_QWORD_BSWAP ADD_RIP] + vmovdqu xmm0, [MSG(t)] + vpshufb xmm0, xmm0, xmm1 /* BSWAP */ + vmovdqa [W_t(t)], xmm0 /* Store Scheduled Pair */ + vpaddq xmm0, xmm0, [K_t(t)] /* Compute W[t]+K[t] */ + vmovdqa [WK_2(t)], xmm0 /* Store into WK for rounds */ + .elseif t < 16 + /* BSWAP 2 QWORDS, Compute 2 Rounds */ + vmovdqu xmm0, [MSG(t)] + vpshufb xmm0, xmm0, xmm1 /* BSWAP */ + SHA512_Round (t - 2) /* Round t-2 */ + vmovdqa [W_t(t)], xmm0 /* Store Scheduled Pair */ + vpaddq xmm0, xmm0, [K_t(t)] /* Compute W[t]+K[t] */ + SHA512_Round (t - 1) /* Round t-1 */ + vmovdqa [WK_2(t)], xmm0 /* W[t]+K[t] into WK */ + .elseif t < 79 + /* Schedule 2 QWORDS; Compute 2 Rounds */ + SHA512_2Sched_2Round_avx t + .else + /* Compute 2 Rounds */ + SHA512_Round (t - 2) + SHA512_Round (t - 1) + .endif + t = ((t)+2) + .endr + + /* Update digest */ + add [DIGEST(0)], a_64 + add [DIGEST(1)], b_64 + add [DIGEST(2)], c_64 + add [DIGEST(3)], d_64 + add [DIGEST(4)], e_64 + add [DIGEST(5)], f_64 + add [DIGEST(6)], g_64 + add [DIGEST(7)], h_64 + + /* Advance to next message block */ + add msg, 16*8 + dec msglen + jnz .Lupdateblock + + /* Restore GPRs */ + mov rbx, [rsp + frame_GPRSAVE + 8 * 0] + mov r12, [rsp + frame_GPRSAVE + 8 * 1] + mov r13, [rsp + frame_GPRSAVE + 8 * 2] + mov r14, [rsp + frame_GPRSAVE + 8 * 3] + mov r15, [rsp + frame_GPRSAVE + 8 * 4] + + /* Restore Stack Pointer */ + add rsp, frame_size + + /* Return stack burn depth */ + mov rax, frame_size + +.Lnowork: + ret + +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;; Binary Data +*/ + +.data + +.align 16 + +/* Mask for byte-swapping a couple of qwords in an XMM register using (v)pshufb. */ +.LXMM_QWORD_BSWAP: + .octa 0x08090a0b0c0d0e0f0001020304050607 + +/* K[t] used in SHA512 hashing */ +.LK512: + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + +#endif +#endif diff --git a/cipher/sha512-avx2-bmi2-amd64.S b/cipher/sha512-avx2-bmi2-amd64.S new file mode 100644 index 0000000..878c41b --- /dev/null +++ b/cipher/sha512-avx2-bmi2-amd64.S @@ -0,0 +1,783 @@ +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Copyright (c) 2012, Intel Corporation +; +; All rights reserved. +; +; Redistribution and use in source and binary forms, with or without +; modification, are permitted provided that the following conditions are +; met: +; +; * Redistributions of source code must retain the above copyright +; notice, this list of conditions and the following disclaimer. +; +; * Redistributions in binary form must reproduce the above copyright +; notice, this list of conditions and the following disclaimer in the +; documentation and/or other materials provided with the +; distribution. +; +; * Neither the name of the Intel Corporation nor the names of its +; contributors may be used to endorse or promote products derived from +; this software without specific prior written permission. +; +; +; THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY +; EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR +; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +; EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +; PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +; PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +; SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; This code schedules 1 blocks at a time, with 4 lanes per block +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +*/ +/* + * Conversion to GAS assembly and integration to libgcrypt + * by Jussi Kivilinna + */ + +#ifdef __x86_64 +#include +#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + defined(USE_SHA512) + +#ifdef __PIC__ +# define ADD_RIP +rip +#else +# define ADD_RIP +#endif + +.intel_syntax noprefix + +.text + +/* Virtual Registers */ +Y_0 = ymm4 +Y_1 = ymm5 +Y_2 = ymm6 +Y_3 = ymm7 + +YTMP0 = ymm0 +YTMP1 = ymm1 +YTMP2 = ymm2 +YTMP3 = ymm3 +YTMP4 = ymm8 +XFER = YTMP0 + +BYTE_FLIP_MASK = ymm9 + +INP = rdi /* 1st arg */ +CTX = rsi /* 2nd arg */ +NUM_BLKS = rdx /* 3rd arg */ +c = rcx +d = r8 +e = rdx +y3 = rdi + +TBL = rbp + +a = rax +b = rbx + +f = r9 +g = r10 +h = r11 +old_h = r11 + +T1 = r12 +y0 = r13 +y1 = r14 +y2 = r15 + +y4 = r12 + +/* Local variables (stack frame) */ +#define frame_XFER 0 +#define frame_XFER_size (4*8) +#define frame_SRND (frame_XFER + frame_XFER_size) +#define frame_SRND_size (1*8) +#define frame_INP (frame_SRND + frame_SRND_size) +#define frame_INP_size (1*8) +#define frame_INPEND (frame_INP + frame_INP_size) +#define frame_INPEND_size (1*8) +#define frame_RSPSAVE (frame_INPEND + frame_INPEND_size) +#define frame_RSPSAVE_size (1*8) +#define frame_GPRSAVE (frame_RSPSAVE + frame_RSPSAVE_size) +#define frame_GPRSAVE_size (6*8) +#define frame_size (frame_GPRSAVE + frame_GPRSAVE_size) + +#define VMOVDQ vmovdqu /*; assume buffers not aligned */ + +/* addm [mem], reg */ +/* Add reg to mem using reg-mem add and store */ +.macro addm p1 p2 + add \p2, \p1 + mov \p1, \p2 +.endm + + +/* COPY_YMM_AND_BSWAP ymm, [mem], byte_flip_mask */ +/* Load ymm with mem and byte swap each dword */ +.macro COPY_YMM_AND_BSWAP p1 p2 p3 + VMOVDQ \p1, \p2 + vpshufb \p1, \p1, \p3 +.endm +/* rotate_Ys */ +/* Rotate values of symbols Y0...Y3 */ +.macro rotate_Ys + __Y_ = Y_0 + Y_0 = Y_1 + Y_1 = Y_2 + Y_2 = Y_3 + Y_3 = __Y_ +.endm + +/* RotateState */ +.macro RotateState + /* Rotate symbles a..h right */ + old_h = h + __TMP_ = h + h = g + g = f + f = e + e = d + d = c + c = b + b = a + a = __TMP_ +.endm + +/* %macro MY_VPALIGNR YDST, YSRC1, YSRC2, RVAL */ +/* YDST = {YSRC1, YSRC2} >> RVAL*8 */ +.macro MY_VPALIGNR YDST, YSRC1, YSRC2, RVAL + vperm2f128 \YDST, \YSRC1, \YSRC2, 0x3 /* YDST = {YS1_LO, YS2_HI} */ + vpalignr \YDST, \YDST, \YSRC2, \RVAL /* YDST = {YDS1, YS2} >> RVAL*8 */ +.endm + +.macro FOUR_ROUNDS_AND_SCHED +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 0 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + + /* Extract w[t-7] */ + MY_VPALIGNR YTMP0, Y_3, Y_2, 8 /* YTMP0 = W[-7] */ + /* Calculate w[t-16] + w[t-7] */ + vpaddq YTMP0, YTMP0, Y_0 /* YTMP0 = W[-7] + W[-16] */ + /* Extract w[t-15] */ + MY_VPALIGNR YTMP1, Y_1, Y_0, 8 /* YTMP1 = W[-15] */ + + /* Calculate sigma0 */ + + /* Calculate w[t-15] ror 1 */ + vpsrlq YTMP2, YTMP1, 1 + vpsllq YTMP3, YTMP1, (64-1) + vpor YTMP3, YTMP3, YTMP2 /* YTMP3 = W[-15] ror 1 */ + /* Calculate w[t-15] shr 7 */ + vpsrlq YTMP4, YTMP1, 7 /* YTMP4 = W[-15] >> 7 */ + + mov y3, a /* y3 = a ; MAJA */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + + add h, [rsp+frame_XFER+0*8] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + mov y2, f /* y2 = f ; CH */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + xor y2, g /* y2 = f^g ; CH */ + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + + and y2, e /* y2 = (f^g)&e ; CH */ + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + add d, h /* d = k + w + h + d ; -- */ + + and y3, b /* y3 = (a|c)&b ; MAJA */ + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and T1, c /* T1 = a&c ; MAJB */ + + add y2, y0 /* y2 = S1 + CH ; -- */ + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + + add h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + add h, y3 /* h = t1 + S0 + MAJ ; -- */ + +RotateState + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 1 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + +/*;;;;;;;;;;;;;;;;;;;;;;;;; */ + + /* Calculate w[t-15] ror 8 */ + vpsrlq YTMP2, YTMP1, 8 + vpsllq YTMP1, YTMP1, (64-8) + vpor YTMP1, YTMP1, YTMP2 /* YTMP1 = W[-15] ror 8 */ + /* XOR the three components */ + vpxor YTMP3, YTMP3, YTMP4 /* YTMP3 = W[-15] ror 1 ^ W[-15] >> 7 */ + vpxor YTMP1, YTMP3, YTMP1 /* YTMP1 = s0 */ + + + /* Add three components, w[t-16], w[t-7] and sigma0 */ + vpaddq YTMP0, YTMP0, YTMP1 /* YTMP0 = W[-16] + W[-7] + s0 */ + /* Move to appropriate lanes for calculating w[16] and w[17] */ + vperm2f128 Y_0, YTMP0, YTMP0, 0x0 /* Y_0 = W[-16] + W[-7] + s0 {BABA} */ + /* Move to appropriate lanes for calculating w[18] and w[19] */ + vpand YTMP0, YTMP0, [.LMASK_YMM_LO ADD_RIP] /* YTMP0 = W[-16] + W[-7] + s0 {DC00} */ + + /* Calculate w[16] and w[17] in both 128 bit lanes */ + + /* Calculate sigma1 for w[16] and w[17] on both 128 bit lanes */ + vperm2f128 YTMP2, Y_3, Y_3, 0x11 /* YTMP2 = W[-2] {BABA} */ + vpsrlq YTMP4, YTMP2, 6 /* YTMP4 = W[-2] >> 6 {BABA} */ + + + mov y3, a /* y3 = a ; MAJA */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + add h, [rsp+frame_XFER+1*8] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + + + mov y2, f /* y2 = f ; CH */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + xor y2, g /* y2 = f^g ; CH */ + + + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + and y2, e /* y2 = (f^g)&e ; CH */ + add d, h /* d = k + w + h + d ; -- */ + + and y3, b /* y3 = (a|c)&b ; MAJA */ + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and T1, c /* T1 = a&c ; MAJB */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + add h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + add h, y3 /* h = t1 + S0 + MAJ ; -- */ + +RotateState + + + + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 2 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + +/*;;;;;;;;;;;;;;;;;;;;;;;;; */ + + + vpsrlq YTMP3, YTMP2, 19 /* YTMP3 = W[-2] >> 19 {BABA} */ + vpsllq YTMP1, YTMP2, (64-19) /* YTMP1 = W[-2] << 19 {BABA} */ + vpor YTMP3, YTMP3, YTMP1 /* YTMP3 = W[-2] ror 19 {BABA} */ + vpxor YTMP4, YTMP4, YTMP3 /* YTMP4 = W[-2] ror 19 ^ W[-2] >> 6 {BABA} */ + vpsrlq YTMP3, YTMP2, 61 /* YTMP3 = W[-2] >> 61 {BABA} */ + vpsllq YTMP1, YTMP2, (64-61) /* YTMP1 = W[-2] << 61 {BABA} */ + vpor YTMP3, YTMP3, YTMP1 /* YTMP3 = W[-2] ror 61 {BABA} */ + vpxor YTMP4, YTMP4, YTMP3 /* YTMP4 = s1 = (W[-2] ror 19) ^ (W[-2] ror 61) ^ (W[-2] >> 6) {BABA} */ + + /* Add sigma1 to the other compunents to get w[16] and w[17] */ + vpaddq Y_0, Y_0, YTMP4 /* Y_0 = {W[1], W[0], W[1], W[0]} */ + + /* Calculate sigma1 for w[18] and w[19] for upper 128 bit lane */ + vpsrlq YTMP4, Y_0, 6 /* YTMP4 = W[-2] >> 6 {DC--} */ + + mov y3, a /* y3 = a ; MAJA */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + add h, [rsp+frame_XFER+2*8] /* h = k + w + h ; -- */ + + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + or y3, c /* y3 = a|c ; MAJA */ + mov y2, f /* y2 = f ; CH */ + xor y2, g /* y2 = f^g ; CH */ + + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + and y2, e /* y2 = (f^g)&e ; CH */ + + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + add d, h /* d = k + w + h + d ; -- */ + and y3, b /* y3 = (a|c)&b ; MAJA */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and T1, c /* T1 = a&c ; MAJB */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + add h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + + add h, y3 /* h = t1 + S0 + MAJ ; -- */ + +RotateState + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 3 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + +/*;;;;;;;;;;;;;;;;;;;;;;;;; */ + + vpsrlq YTMP3, Y_0, 19 /* YTMP3 = W[-2] >> 19 {DC--} */ + vpsllq YTMP1, Y_0, (64-19) /* YTMP1 = W[-2] << 19 {DC--} */ + vpor YTMP3, YTMP3, YTMP1 /* YTMP3 = W[-2] ror 19 {DC--} */ + vpxor YTMP4, YTMP4, YTMP3 /* YTMP4 = W[-2] ror 19 ^ W[-2] >> 6 {DC--} */ + vpsrlq YTMP3, Y_0, 61 /* YTMP3 = W[-2] >> 61 {DC--} */ + vpsllq YTMP1, Y_0, (64-61) /* YTMP1 = W[-2] << 61 {DC--} */ + vpor YTMP3, YTMP3, YTMP1 /* YTMP3 = W[-2] ror 61 {DC--} */ + vpxor YTMP4, YTMP4, YTMP3 /* YTMP4 = s1 = (W[-2] ror 19) ^ (W[-2] ror 61) ^ (W[-2] >> 6) {DC--} */ + + /* Add the sigma0 + w[t-7] + w[t-16] for w[18] and w[19] to newly calculated sigma1 to get w[18] and w[19] */ + vpaddq YTMP2, YTMP0, YTMP4 /* YTMP2 = {W[3], W[2], --, --} */ + + /* Form w[19, w[18], w17], w[16] */ + vpblendd Y_0, Y_0, YTMP2, 0xF0 /* Y_0 = {W[3], W[2], W[1], W[0]} */ +/* vperm2f128 Y_0, Y_0, YTMP2, 0x30 */ + + mov y3, a /* y3 = a ; MAJA */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + add h, [rsp+frame_XFER+3*8] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + + + mov y2, f /* y2 = f ; CH */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + xor y2, g /* y2 = f^g ; CH */ + + + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + and y2, e /* y2 = (f^g)&e ; CH */ + add d, h /* d = k + w + h + d ; -- */ + and y3, b /* y3 = (a|c)&b ; MAJA */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and T1, c /* T1 = a&c ; MAJB */ + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + + add h, y1 /* h = k + w + h + S0 ; -- */ + add h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + add h, y3 /* h = t1 + S0 + MAJ ; -- */ + +RotateState + +rotate_Ys +.endm + +.macro DO_4ROUNDS + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 0 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + + mov y2, f /* y2 = f ; CH */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + xor y2, g /* y2 = f^g ; CH */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + and y2, e /* y2 = (f^g)&e ; CH */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + mov y3, a /* y3 = a ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + add h, [rsp + frame_XFER + 8*0] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and y3, b /* y3 = (a|c)&b ; MAJA */ + and T1, c /* T1 = a&c ; MAJB */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + + add d, h /* d = k + w + h + d ; -- */ + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + + + /*add h, y2 ; h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + + /*add h, y3 ; h = t1 + S0 + MAJ ; -- */ + + RotateState + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 1 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + + add old_h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + mov y2, f /* y2 = f ; CH */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + xor y2, g /* y2 = f^g ; CH */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + and y2, e /* y2 = (f^g)&e ; CH */ + add old_h, y3 /* h = t1 + S0 + MAJ ; -- */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + mov y3, a /* y3 = a ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + add h, [rsp + frame_XFER + 8*1] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and y3, b /* y3 = (a|c)&b ; MAJA */ + and T1, c /* T1 = a&c ; MAJB */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + + add d, h /* d = k + w + h + d ; -- */ + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + + + /*add h, y2 ; h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + + /*add h, y3 ; h = t1 + S0 + MAJ ; -- */ + + RotateState + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 2 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + + add old_h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + mov y2, f /* y2 = f ; CH */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + xor y2, g /* y2 = f^g ; CH */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + and y2, e /* y2 = (f^g)&e ; CH */ + add old_h, y3 /* h = t1 + S0 + MAJ ; -- */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + mov y3, a /* y3 = a ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + add h, [rsp + frame_XFER + 8*2] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and y3, b /* y3 = (a|c)&b ; MAJA */ + and T1, c /* T1 = a&c ; MAJB */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + + add d, h /* d = k + w + h + d ; -- */ + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + + + /*add h, y2 ; h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + + /*add h, y3 ; h = t1 + S0 + MAJ ; -- */ + + RotateState + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RND N + 3 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ + + add old_h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + mov y2, f /* y2 = f ; CH */ + rorx y0, e, 41 /* y0 = e >> 41 ; S1A */ + rorx y1, e, 18 /* y1 = e >> 18 ; S1B */ + xor y2, g /* y2 = f^g ; CH */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ; S1 */ + rorx y1, e, 14 /* y1 = (e >> 14) ; S1 */ + and y2, e /* y2 = (f^g)&e ; CH */ + add old_h, y3 /* h = t1 + S0 + MAJ ; -- */ + + xor y0, y1 /* y0 = (e>>41) ^ (e>>18) ^ (e>>14) ; S1 */ + rorx T1, a, 34 /* T1 = a >> 34 ; S0B */ + xor y2, g /* y2 = CH = ((f^g)&e)^g ; CH */ + rorx y1, a, 39 /* y1 = a >> 39 ; S0A */ + mov y3, a /* y3 = a ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ; S0 */ + rorx T1, a, 28 /* T1 = (a >> 28) ; S0 */ + add h, [rsp + frame_XFER + 8*3] /* h = k + w + h ; -- */ + or y3, c /* y3 = a|c ; MAJA */ + + xor y1, T1 /* y1 = (a>>39) ^ (a>>34) ^ (a>>28) ; S0 */ + mov T1, a /* T1 = a ; MAJB */ + and y3, b /* y3 = (a|c)&b ; MAJA */ + and T1, c /* T1 = a&c ; MAJB */ + add y2, y0 /* y2 = S1 + CH ; -- */ + + + add d, h /* d = k + w + h + d ; -- */ + or y3, T1 /* y3 = MAJ = (a|c)&b)|(a&c) ; MAJ */ + add h, y1 /* h = k + w + h + S0 ; -- */ + + add d, y2 /* d = k + w + h + d + S1 + CH = d + t1 ; -- */ + + + add h, y2 /* h = k + w + h + S0 + S1 + CH = t1 + S0 ; -- */ + + add h, y3 /* h = t1 + S0 + MAJ ; -- */ + + RotateState + +.endm + +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; void sha512_rorx(const void* M, void* D, uint64_t L); +; Purpose: Updates the SHA512 digest stored at D with the message stored in M. +; The size of the message pointed to by M must be an integer multiple of SHA512 +; message blocks. +; L is the message length in SHA512 blocks +*/ +.globl _gcry_sha512_transform_amd64_avx2 +.type _gcry_sha512_transform_amd64_avx2, at function; +.align 16 +_gcry_sha512_transform_amd64_avx2: + xor eax, eax + + cmp rdx, 0 + je .Lnowork + + /* Allocate Stack Space */ + mov rax, rsp + sub rsp, frame_size + and rsp, ~(0x20 - 1) + mov [rsp + frame_RSPSAVE], rax + + /* Save GPRs */ + mov [rsp + frame_GPRSAVE + 8 * 0], rbp + mov [rsp + frame_GPRSAVE + 8 * 1], rbx + mov [rsp + frame_GPRSAVE + 8 * 2], r12 + mov [rsp + frame_GPRSAVE + 8 * 3], r13 + mov [rsp + frame_GPRSAVE + 8 * 4], r14 + mov [rsp + frame_GPRSAVE + 8 * 5], r15 + + vpblendd xmm0, xmm0, xmm1, 0xf0 + vpblendd ymm0, ymm0, ymm1, 0xf0 + + shl NUM_BLKS, 7 /* convert to bytes */ + jz .Ldone_hash + add NUM_BLKS, INP /* pointer to end of data */ + mov [rsp + frame_INPEND], NUM_BLKS + + /*; load initial digest */ + mov a,[8*0 + CTX] + mov b,[8*1 + CTX] + mov c,[8*2 + CTX] + mov d,[8*3 + CTX] + mov e,[8*4 + CTX] + mov f,[8*5 + CTX] + mov g,[8*6 + CTX] + mov h,[8*7 + CTX] + + vmovdqa BYTE_FLIP_MASK, [.LPSHUFFLE_BYTE_FLIP_MASK ADD_RIP] + +.Loop0: + lea TBL,[.LK512 ADD_RIP] + + /*; byte swap first 16 dwords */ + COPY_YMM_AND_BSWAP Y_0, [INP + 0*32], BYTE_FLIP_MASK + COPY_YMM_AND_BSWAP Y_1, [INP + 1*32], BYTE_FLIP_MASK + COPY_YMM_AND_BSWAP Y_2, [INP + 2*32], BYTE_FLIP_MASK + COPY_YMM_AND_BSWAP Y_3, [INP + 3*32], BYTE_FLIP_MASK + + mov [rsp + frame_INP], INP + + /*; schedule 64 input dwords, by doing 12 rounds of 4 each */ + movq [rsp + frame_SRND],4 + +.align 16 +.Loop1: + vpaddq XFER, Y_0, [TBL + 0*32] + vmovdqa [rsp + frame_XFER], XFER + FOUR_ROUNDS_AND_SCHED + + vpaddq XFER, Y_0, [TBL + 1*32] + vmovdqa [rsp + frame_XFER], XFER + FOUR_ROUNDS_AND_SCHED + + vpaddq XFER, Y_0, [TBL + 2*32] + vmovdqa [rsp + frame_XFER], XFER + FOUR_ROUNDS_AND_SCHED + + vpaddq XFER, Y_0, [TBL + 3*32] + vmovdqa [rsp + frame_XFER], XFER + add TBL, 4*32 + FOUR_ROUNDS_AND_SCHED + + subq [rsp + frame_SRND], 1 + jne .Loop1 + + movq [rsp + frame_SRND], 2 +.Loop2: + vpaddq XFER, Y_0, [TBL + 0*32] + vmovdqa [rsp + frame_XFER], XFER + DO_4ROUNDS + vpaddq XFER, Y_1, [TBL + 1*32] + vmovdqa [rsp + frame_XFER], XFER + add TBL, 2*32 + DO_4ROUNDS + + vmovdqa Y_0, Y_2 + vmovdqa Y_1, Y_3 + + subq [rsp + frame_SRND], 1 + jne .Loop2 + + addm [8*0 + CTX],a + addm [8*1 + CTX],b + addm [8*2 + CTX],c + addm [8*3 + CTX],d + addm [8*4 + CTX],e + addm [8*5 + CTX],f + addm [8*6 + CTX],g + addm [8*7 + CTX],h + + mov INP, [rsp + frame_INP] + add INP, 128 + cmp INP, [rsp + frame_INPEND] + jne .Loop0 + +.Ldone_hash: + + /* Restore GPRs */ + mov rbp, [rsp + frame_GPRSAVE + 8 * 0] + mov rbx, [rsp + frame_GPRSAVE + 8 * 1] + mov r12, [rsp + frame_GPRSAVE + 8 * 2] + mov r13, [rsp + frame_GPRSAVE + 8 * 3] + mov r14, [rsp + frame_GPRSAVE + 8 * 4] + mov r15, [rsp + frame_GPRSAVE + 8 * 5] + + /* Restore Stack Pointer */ + mov rsp, [rsp + frame_RSPSAVE] + + mov rax, frame_size +.Lnowork: + ret + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; */ +/*;; Binary Data */ + +.data + +.align 64 +/* K[t] used in SHA512 hashing */ +.LK512: + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + +.align 32 + +/* Mask for byte-swapping a couple of qwords in an XMM register using (v)pshufb. */ +.LPSHUFFLE_BYTE_FLIP_MASK: .octa 0x08090a0b0c0d0e0f0001020304050607 + .octa 0x18191a1b1c1d1e1f1011121314151617 + +.LMASK_YMM_LO: .octa 0x00000000000000000000000000000000 + .octa 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + +#endif +#endif diff --git a/cipher/sha512.c b/cipher/sha512.c index 34b3215..586c809 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -74,6 +74,24 @@ #endif +/* USE_AVX indicates whether to compile with Intel AVX code. */ +#undef USE_AVX +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_AVX) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +# define USE_AVX 1 +#endif + + +/* USE_AVX2 indicates whether to compile with Intel AVX2/rorx code. */ +#undef USE_AVX2 +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +# define USE_AVX2 1 +#endif + + typedef struct { u64 h0, h1, h2, h3, h4, h5, h6, h7; @@ -89,6 +107,12 @@ typedef struct #ifdef USE_SSSE3 unsigned int use_ssse3:1; #endif +#ifdef USE_AVX + unsigned int use_avx:1; +#endif +#ifdef USE_AVX2 + unsigned int use_avx2:1; +#endif } SHA512_CONTEXT; static unsigned int @@ -99,6 +123,7 @@ sha512_init (void *context) { SHA512_CONTEXT *ctx = context; SHA512_STATE *hd = &ctx->state; + unsigned int features = _gcry_get_hw_features (); hd->h0 = U64_C(0x6a09e667f3bcc908); hd->h1 = U64_C(0xbb67ae8584caa73b); @@ -116,11 +141,19 @@ sha512_init (void *context) ctx->bctx.bwrite = transform; #ifdef USE_ARM_NEON_ASM - ctx->use_neon = (_gcry_get_hw_features () & HWF_ARM_NEON) != 0; + ctx->use_neon = (features & HWF_ARM_NEON) != 0; #endif #ifdef USE_SSSE3 - ctx->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; + ctx->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0; +#endif +#ifdef USE_AVX + ctx->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU); +#endif +#ifdef USE_AVX2 + ctx->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2); #endif + + (void)features; } static void @@ -128,6 +161,7 @@ sha384_init (void *context) { SHA512_CONTEXT *ctx = context; SHA512_STATE *hd = &ctx->state; + unsigned int features = _gcry_get_hw_features (); hd->h0 = U64_C(0xcbbb9d5dc1059ed8); hd->h1 = U64_C(0x629a292a367cd507); @@ -145,11 +179,19 @@ sha384_init (void *context) ctx->bctx.bwrite = transform; #ifdef USE_ARM_NEON_ASM - ctx->use_neon = (_gcry_get_hw_features () & HWF_ARM_NEON) != 0; + ctx->use_neon = (features & HWF_ARM_NEON) != 0; #endif #ifdef USE_SSSE3 - ctx->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; + ctx->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0; +#endif +#ifdef USE_AVX + ctx->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU); #endif +#ifdef USE_AVX2 + ctx->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2); +#endif + + (void)features; } @@ -507,12 +549,34 @@ unsigned int _gcry_sha512_transform_amd64_ssse3(const void *input_data, void *state, size_t num_blks); #endif +#ifdef USE_AVX +unsigned int _gcry_sha512_transform_amd64_avx(const void *input_data, + void *state, size_t num_blks); +#endif + +#ifdef USE_AVX2 +unsigned int _gcry_sha512_transform_amd64_avx2(const void *input_data, + void *state, size_t num_blks); +#endif + static unsigned int transform (void *context, const unsigned char *data) { SHA512_CONTEXT *ctx = context; +#ifdef USE_AVX2 + if (ctx->use_avx2) + return _gcry_sha512_transform_amd64_avx2 (data, &ctx->state, 1) + + 4 * sizeof(void*); +#endif + +#ifdef USE_AVX + if (ctx->use_avx) + return _gcry_sha512_transform_amd64_avx (data, &ctx->state, 1) + + 4 * sizeof(void*); +#endif + #ifdef USE_SSSE3 if (ctx->use_ssse3) return _gcry_sha512_transform_amd64_ssse3 (data, &ctx->state, 1) diff --git a/configure.ac b/configure.ac index 5990429..bc86956 100644 --- a/configure.ac +++ b/configure.ac @@ -1050,6 +1050,23 @@ fi # +# Check whether GCC inline assembler supports BMI2 instructions +# +AC_CACHE_CHECK([whether GCC inline assembler supports BMI2 instructions], + [gcry_cv_gcc_inline_asm_bmi2], + [gcry_cv_gcc_inline_asm_bmi2=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[void a(void) { + __asm__("rorxl \$23, %%eax, %%edx\\n\\t":::"memory"); + }]])], + [gcry_cv_gcc_inline_asm_bmi2=yes])]) +if test "$gcry_cv_gcc_inline_asm_bmi2" = "yes" ; then + AC_DEFINE(HAVE_GCC_INLINE_ASM_BMI2,1, + [Defined if inline assembler supports BMI2 instructions]) +fi + + +# # Check whether GCC assembler supports features needed for our amd64 # implementations # @@ -1728,6 +1745,8 @@ if test "$found" = "1" ; then x86_64-*-*) # Build with the assembly implementation GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ssse3-amd64.lo" + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-avx-amd64.lo" + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-avx2-bmi2-amd64.lo" ;; esac diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 0f7557d..410c45d 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -624,6 +624,8 @@ are @item padlock-aes @item padlock-sha @item padlock-mmul + at item intel-cpu + at item intel-bmi2 @item intel-ssse3 @item intel-pclmul @item intel-aesni diff --git a/src/g10lib.h b/src/g10lib.h index 6b2bafb..43dc011 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -197,6 +197,8 @@ int _gcry_log_verbosity( int level ); #define HWF_PADLOCK_SHA 4 #define HWF_PADLOCK_MMUL 8 +#define HWF_INTEL_CPU 16 +#define HWF_INTEL_BMI2 32 #define HWF_INTEL_SSSE3 64 #define HWF_INTEL_PCLMUL 128 #define HWF_INTEL_AESNI 256 diff --git a/src/hwf-x86.c b/src/hwf-x86.c index ab6dacd..4e82558 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -189,6 +189,7 @@ detect_x86_gnuc (void) else if (!strcmp (vendor_id, "GenuineIntel")) { /* This is an Intel CPU. */ + result |= HWF_INTEL_CPU; } else if (!strcmp (vendor_id, "AuthenticAMD")) { @@ -231,10 +232,14 @@ detect_x86_gnuc (void) * Source: http://www.sandpile.org/x86/cpuid.htm */ if (max_cpuid_level >= 7 && (features & 0x00000001)) { -#ifdef ENABLE_AVX2_SUPPORT /* Get CPUID:7 contains further Intel feature flags. */ get_cpuid(7, NULL, &features, NULL, NULL); + /* Test bit 8 for BMI2. */ + if (features & 0x00000100) + result |= HWF_INTEL_BMI2; + +#ifdef ENABLE_AVX2_SUPPORT /* Test bit 5 for AVX2. */ if (features & 0x00000020) result |= HWF_INTEL_AVX2; diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 5c3bb18..58099c4 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -46,6 +46,8 @@ static struct { HWF_PADLOCK_AES, "padlock-aes" }, { HWF_PADLOCK_SHA, "padlock-sha" }, { HWF_PADLOCK_MMUL,"padlock-mmul"}, + { HWF_INTEL_CPU, "intel-cpu" }, + { HWF_INTEL_BMI2, "intel-bmi2" }, { HWF_INTEL_SSSE3, "intel-ssse3" }, { HWF_INTEL_PCLMUL,"intel-pclmul" }, { HWF_INTEL_AESNI, "intel-aesni" }, commit 69a6d0f9562fcd26112a589318c13de66ce1700e Author: Jussi Kivilinna Date: Thu Dec 12 12:43:08 2013 +0200 SHA-512: Add SSSE3 implementation for x86-64 * cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'. * cipher/sha512-ssse3-amd64.S: New. * cipher/sha512.c (USE_SSSE3): New. (SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. (sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'. [USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New. (transform) [USE_SSSE3]: Call SSSE3 implementation. * configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'. -- Patch adds fast SSSE3 implementation of SHA-512 by Intel Corporation. The assembly source is licensed under 3-clause BSD license, thus compatible with LGPL2.1+. Original source can be accessed at: http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs Implementation is described in white paper "Fast SHA512 Implementations on Intel? Architecture Processors" http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-sha512-implementations-ia-processors-paper.html Benchmarks: cpu Old New Diff Intel i5-4570 10.11 c/B 7.56 c/B 1.33x Intel i5-2450M 14.11 c/B 10.53 c/B 1.33x Intel Core2 T8100 11.92 c/B 10.22 c/B 1.16x Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 34f74e2..88c288a 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -79,7 +79,7 @@ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ sha1.c \ sha256.c sha256-ssse3-amd64.S \ -sha512.c sha512-armv7-neon.S \ +sha512.c sha512-ssse3-amd64.S sha512-armv7-neon.S \ stribog.c \ tiger.c \ whirlpool.c \ diff --git a/cipher/sha512-ssse3-amd64.S b/cipher/sha512-ssse3-amd64.S new file mode 100644 index 0000000..2a719e5 --- /dev/null +++ b/cipher/sha512-ssse3-amd64.S @@ -0,0 +1,414 @@ +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Copyright (c) 2012, Intel Corporation +; +; All rights reserved. +; +; Redistribution and use in source and binary forms, with or without +; modification, are permitted provided that the following conditions are +; met: +; +; * Redistributions of source code must retain the above copyright +; notice, this list of conditions and the following disclaimer. +; +; * Redistributions in binary form must reproduce the above copyright +; notice, this list of conditions and the following disclaimer in the +; documentation and/or other materials provided with the +; distribution. +; +; * Neither the name of the Intel Corporation nor the names of its +; contributors may be used to endorse or promote products derived from +; this software without specific prior written permission. +; +; +; THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY +; EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR +; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +; EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +; PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +; PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +; SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +*/ +/* + * Conversion to GAS assembly and integration to libgcrypt + * by Jussi Kivilinna + * + * Note: original implementation was named as SHA512-SSE4. However, only SSSE3 + * is required. + */ + +#ifdef __x86_64 +#include +#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA512) + +#ifdef __PIC__ +# define ADD_RIP +rip +#else +# define ADD_RIP +#endif + +.intel_syntax noprefix + +.text + +/* Virtual Registers */ +msg = rdi /* ARG1 */ +digest = rsi /* ARG2 */ +msglen = rdx /* ARG3 */ +T1 = rcx +T2 = r8 +a_64 = r9 +b_64 = r10 +c_64 = r11 +d_64 = r12 +e_64 = r13 +f_64 = r14 +g_64 = r15 +h_64 = rbx +tmp0 = rax + +/* +; Local variables (stack frame) +; Note: frame_size must be an odd multiple of 8 bytes to XMM align RSP +*/ +frame_W = 0 /* Message Schedule */ +frame_W_size = (80 * 8) +frame_WK = ((frame_W) + (frame_W_size)) /* W[t] + K[t] | W[t+1] + K[t+1] */ +frame_WK_size = (2 * 8) +frame_GPRSAVE = ((frame_WK) + (frame_WK_size)) +frame_GPRSAVE_size = (5 * 8) +frame_size = ((frame_GPRSAVE) + (frame_GPRSAVE_size)) + + +/* Useful QWORD "arrays" for simpler memory references */ +#define MSG(i) msg + 8*(i) /* Input message (arg1) */ +#define DIGEST(i) digest + 8*(i) /* Output Digest (arg2) */ +#define K_t(i) .LK512 + 8*(i) ADD_RIP /* SHA Constants (static mem) */ +#define W_t(i) rsp + frame_W + 8*(i) /* Message Schedule (stack frame) */ +#define WK_2(i) rsp + frame_WK + 8*((i) % 2) /* W[t]+K[t] (stack frame) */ +/* MSG, DIGEST, K_t, W_t are arrays */ +/* WK_2(t) points to 1 of 2 qwords at frame.WK depdending on t being odd/even */ + +.macro RotateState + /* Rotate symbles a..h right */ + __TMP = h_64 + h_64 = g_64 + g_64 = f_64 + f_64 = e_64 + e_64 = d_64 + d_64 = c_64 + c_64 = b_64 + b_64 = a_64 + a_64 = __TMP +.endm + +.macro SHA512_Round t + /* Compute Round %%t */ + mov T1, f_64 /* T1 = f */ + mov tmp0, e_64 /* tmp = e */ + xor T1, g_64 /* T1 = f ^ g */ + ror tmp0, 23 /* 41 ; tmp = e ror 23 */ + and T1, e_64 /* T1 = (f ^ g) & e */ + xor tmp0, e_64 /* tmp = (e ror 23) ^ e */ + xor T1, g_64 /* T1 = ((f ^ g) & e) ^ g = CH(e,f,g) */ + add T1, [WK_2(\t)] /* W[t] + K[t] from message scheduler */ + ror tmp0, 4 /* 18 ; tmp = ((e ror 23) ^ e) ror 4 */ + xor tmp0, e_64 /* tmp = (((e ror 23) ^ e) ror 4) ^ e */ + mov T2, a_64 /* T2 = a */ + add T1, h_64 /* T1 = CH(e,f,g) + W[t] + K[t] + h */ + ror tmp0, 14 /* 14 ; tmp = ((((e ror23)^e)ror4)^e)ror14 = S1(e) */ + add T1, tmp0 /* T1 = CH(e,f,g) + W[t] + K[t] + S1(e) */ + mov tmp0, a_64 /* tmp = a */ + xor T2, c_64 /* T2 = a ^ c */ + and tmp0, c_64 /* tmp = a & c */ + and T2, b_64 /* T2 = (a ^ c) & b */ + xor T2, tmp0 /* T2 = ((a ^ c) & b) ^ (a & c) = Maj(a,b,c) */ + mov tmp0, a_64 /* tmp = a */ + ror tmp0, 5 /* 39 ; tmp = a ror 5 */ + xor tmp0, a_64 /* tmp = (a ror 5) ^ a */ + add d_64, T1 /* e(next_state) = d + T1 */ + ror tmp0, 6 /* 34 ; tmp = ((a ror 5) ^ a) ror 6 */ + xor tmp0, a_64 /* tmp = (((a ror 5) ^ a) ror 6) ^ a */ + lea h_64, [T1 + T2] /* a(next_state) = T1 + Maj(a,b,c) */ + ror tmp0, 28 /* 28 ; tmp = ((((a ror5)^a)ror6)^a)ror28 = S0(a) */ + add h_64, tmp0 /* a(next_state) = T1 + Maj(a,b,c) S0(a) */ + RotateState +.endm + +.macro SHA512_2Sched_2Round_sse t +/* ; Compute rounds %%t-2 and %%t-1 + ; Compute message schedule QWORDS %%t and %%t+1 + + ; Two rounds are computed based on the values for K[t-2]+W[t-2] and + ; K[t-1]+W[t-1] which were previously stored at WK_2 by the message + ; scheduler. + ; The two new schedule QWORDS are stored at [W_t(%%t)] and [W_t(%%t+1)]. + ; They are then added to their respective SHA512 constants at + ; [K_t(%%t)] and [K_t(%%t+1)] and stored at dqword [WK_2(%%t)] + ; For brievity, the comments following vectored instructions only refer to + ; the first of a pair of QWORDS. + ; Eg. XMM2=W[t-2] really means XMM2={W[t-2]|W[t-1]} + ; The computation of the message schedule and the rounds are tightly + ; stitched to take advantage of instruction-level parallelism. + ; For clarity, integer instructions (for the rounds calculation) are indented + ; by one tab. Vectored instructions (for the message scheduler) are indented + ; by two tabs. */ + + mov T1, f_64 + movdqa xmm2, [W_t(\t-2)] /* XMM2 = W[t-2] */ + xor T1, g_64 + and T1, e_64 + movdqa xmm0, xmm2 /* XMM0 = W[t-2] */ + xor T1, g_64 + add T1, [WK_2(\t)] + movdqu xmm5, [W_t(\t-15)] /* XMM5 = W[t-15] */ + mov tmp0, e_64 + ror tmp0, 23 /* 41 */ + movdqa xmm3, xmm5 /* XMM3 = W[t-15] */ + xor tmp0, e_64 + ror tmp0, 4 /* 18 */ + psrlq xmm0, 61 - 19 /* XMM0 = W[t-2] >> 42 */ + xor tmp0, e_64 + ror tmp0, 14 /* 14 */ + psrlq xmm3, (8 - 7) /* XMM3 = W[t-15] >> 1 */ + add T1, tmp0 + add T1, h_64 + pxor xmm0, xmm2 /* XMM0 = (W[t-2] >> 42) ^ W[t-2] */ + mov T2, a_64 + xor T2, c_64 + pxor xmm3, xmm5 /* XMM3 = (W[t-15] >> 1) ^ W[t-15] */ + and T2, b_64 + mov tmp0, a_64 + psrlq xmm0, 19 - 6 /* XMM0 = ((W[t-2]>>42)^W[t-2])>>13 */ + and tmp0, c_64 + xor T2, tmp0 + psrlq xmm3, (7 - 1) /* XMM3 = ((W[t-15]>>1)^W[t-15])>>6 */ + mov tmp0, a_64 + ror tmp0, 5 /* 39 */ + pxor xmm0, xmm2 /* XMM0 = (((W[t-2]>>42)^W[t-2])>>13)^W[t-2] */ + xor tmp0, a_64 + ror tmp0, 6 /* 34 */ + pxor xmm3, xmm5 /* XMM3 = (((W[t-15]>>1)^W[t-15])>>6)^W[t-15] */ + xor tmp0, a_64 + ror tmp0, 28 /* 28 */ + psrlq xmm0, 6 /* XMM0 = ((((W[t-2]>>42)^W[t-2])>>13)^W[t-2])>>6 */ + add T2, tmp0 + add d_64, T1 + psrlq xmm3, 1 /* XMM3 = (((W[t-15]>>1)^W[t-15])>>6)^W[t-15]>>1 */ + lea h_64, [T1 + T2] + RotateState + movdqa xmm1, xmm2 /* XMM1 = W[t-2] */ + mov T1, f_64 + xor T1, g_64 + movdqa xmm4, xmm5 /* XMM4 = W[t-15] */ + and T1, e_64 + xor T1, g_64 + psllq xmm1, (64 - 19) - (64 - 61) /* XMM1 = W[t-2] << 42 */ + add T1, [WK_2(\t+1)] + mov tmp0, e_64 + psllq xmm4, (64 - 1) - (64 - 8) /* XMM4 = W[t-15] << 7 */ + ror tmp0, 23 /* 41 */ + xor tmp0, e_64 + pxor xmm1, xmm2 /* XMM1 = (W[t-2] << 42)^W[t-2] */ + ror tmp0, 4 /* 18 */ + xor tmp0, e_64 + pxor xmm4, xmm5 /* XMM4 = (W[t-15]<<7)^W[t-15] */ + ror tmp0, 14 /* 14 */ + add T1, tmp0 + psllq xmm1, (64 - 61) /* XMM1 = ((W[t-2] << 42)^W[t-2])<<3 */ + add T1, h_64 + mov T2, a_64 + psllq xmm4, (64 - 8) /* XMM4 = ((W[t-15]<<7)^W[t-15])<<56 */ + xor T2, c_64 + and T2, b_64 + pxor xmm0, xmm1 /* XMM0 = s1(W[t-2]) */ + mov tmp0, a_64 + and tmp0, c_64 + movdqu xmm1, [W_t(\t- 7)] /* XMM1 = W[t-7] */ + xor T2, tmp0 + pxor xmm3, xmm4 /* XMM3 = s0(W[t-15]) */ + mov tmp0, a_64 + paddq xmm0, xmm3 /* XMM0 = s1(W[t-2]) + s0(W[t-15]) */ + ror tmp0, 5 /* 39 */ + paddq xmm0, [W_t(\t-16)] /* XMM0 = s1(W[t-2]) + s0(W[t-15]) + W[t-16] */ + xor tmp0, a_64 + paddq xmm0, xmm1 /* XMM0 = s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16] */ + ror tmp0, 6 /* 34 */ + movdqa [W_t(\t)], xmm0 /* Store scheduled qwords */ + xor tmp0, a_64 + paddq xmm0, [K_t(t)] /* Compute W[t]+K[t] */ + ror tmp0, 28 /* 28 */ + movdqa [WK_2(t)], xmm0 /* Store W[t]+K[t] for next rounds */ + add T2, tmp0 + add d_64, T1 + lea h_64, [T1 + T2] + RotateState +.endm + +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; void sha512_sse4(const void* M, void* D, uint64_t L); +; Purpose: Updates the SHA512 digest stored at D with the message stored in M. +; The size of the message pointed to by M must be an integer multiple of SHA512 +; message blocks. +; L is the message length in SHA512 blocks. +*/ +.globl _gcry_sha512_transform_amd64_ssse3 +.type _gcry_sha512_transform_amd64_ssse3, at function; +.align 16 +_gcry_sha512_transform_amd64_ssse3: + xor eax, eax + + cmp msglen, 0 + je .Lnowork + + /* Allocate Stack Space */ + sub rsp, frame_size + + /* Save GPRs */ + mov [rsp + frame_GPRSAVE + 8 * 0], rbx + mov [rsp + frame_GPRSAVE + 8 * 1], r12 + mov [rsp + frame_GPRSAVE + 8 * 2], r13 + mov [rsp + frame_GPRSAVE + 8 * 3], r14 + mov [rsp + frame_GPRSAVE + 8 * 4], r15 + +.Lupdateblock: + + /* Load state variables */ + mov a_64, [DIGEST(0)] + mov b_64, [DIGEST(1)] + mov c_64, [DIGEST(2)] + mov d_64, [DIGEST(3)] + mov e_64, [DIGEST(4)] + mov f_64, [DIGEST(5)] + mov g_64, [DIGEST(6)] + mov h_64, [DIGEST(7)] + + t = 0 + .rept 80/2 + 1 + /* (80 rounds) / (2 rounds/iteration) + (1 iteration) */ + /* +1 iteration because the scheduler leads hashing by 1 iteration */ + .if t < 2 + /* BSWAP 2 QWORDS */ + movdqa xmm1, [.LXMM_QWORD_BSWAP ADD_RIP] + movdqu xmm0, [MSG(t)] + pshufb xmm0, xmm1 /* BSWAP */ + movdqa [W_t(t)], xmm0 /* Store Scheduled Pair */ + paddq xmm0, [K_t(t)] /* Compute W[t]+K[t] */ + movdqa [WK_2(t)], xmm0 /* Store into WK for rounds */ + .elseif t < 16 + /* BSWAP 2 QWORDS; Compute 2 Rounds */ + movdqu xmm0, [MSG(t)] + pshufb xmm0, xmm1 /* BSWAP */ + SHA512_Round (t - 2) /* Round t-2 */ + movdqa [W_t(t)], xmm0 /* Store Scheduled Pair */ + paddq xmm0, [K_t(t)] /* Compute W[t]+K[t] */ + SHA512_Round (t - 1) /* Round t-1 */ + movdqa [WK_2(t)], xmm0 /* Store W[t]+K[t] into WK */ + .elseif t < 79 + /* Schedule 2 QWORDS; Compute 2 Rounds */ + SHA512_2Sched_2Round_sse t + .else + /* Compute 2 Rounds */ + SHA512_Round (t - 2) + SHA512_Round (t - 1) + .endif + t = (t)+2 + .endr + + /* Update digest */ + add [DIGEST(0)], a_64 + add [DIGEST(1)], b_64 + add [DIGEST(2)], c_64 + add [DIGEST(3)], d_64 + add [DIGEST(4)], e_64 + add [DIGEST(5)], f_64 + add [DIGEST(6)], g_64 + add [DIGEST(7)], h_64 + + /* Advance to next message block */ + add msg, 16*8 + dec msglen + jnz .Lupdateblock + + /* Restore GPRs */ + mov rbx, [rsp + frame_GPRSAVE + 8 * 0] + mov r12, [rsp + frame_GPRSAVE + 8 * 1] + mov r13, [rsp + frame_GPRSAVE + 8 * 2] + mov r14, [rsp + frame_GPRSAVE + 8 * 3] + mov r15, [rsp + frame_GPRSAVE + 8 * 4] + + /* Restore Stack Pointer */ + add rsp, frame_size + + /* Return stack burn depth */ + mov rax, frame_size + +.Lnowork: + ret + +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;; Binary Data +*/ + +.data + +.align 16 + +/* Mask for byte-swapping a couple of qwords in an XMM register using (v)pshufb. */ +.LXMM_QWORD_BSWAP: + .octa 0x08090a0b0c0d0e0f0001020304050607 + +/* K[t] used in SHA512 hashing */ +.LK512: + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + +#endif +#endif diff --git a/cipher/sha512.c b/cipher/sha512.c index 14608dc..34b3215 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -64,6 +64,16 @@ # endif #endif + +/* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ +#undef USE_SSSE3 +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +# define USE_SSSE3 1 +#endif + + typedef struct { u64 h0, h1, h2, h3, h4, h5, h6, h7; @@ -74,7 +84,10 @@ typedef struct gcry_md_block_ctx_t bctx; SHA512_STATE state; #ifdef USE_ARM_NEON_ASM - int use_neon; + unsigned int use_neon:1; +#endif +#ifdef USE_SSSE3 + unsigned int use_ssse3:1; #endif } SHA512_CONTEXT; @@ -105,6 +118,9 @@ sha512_init (void *context) #ifdef USE_ARM_NEON_ASM ctx->use_neon = (_gcry_get_hw_features () & HWF_ARM_NEON) != 0; #endif +#ifdef USE_SSSE3 + ctx->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; +#endif } static void @@ -131,6 +147,9 @@ sha384_init (void *context) #ifdef USE_ARM_NEON_ASM ctx->use_neon = (_gcry_get_hw_features () & HWF_ARM_NEON) != 0; #endif +#ifdef USE_SSSE3 + ctx->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; +#endif } @@ -483,16 +502,27 @@ void _gcry_sha512_transform_armv7_neon (SHA512_STATE *hd, const u64 k[]); #endif +#ifdef USE_SSSE3 +unsigned int _gcry_sha512_transform_amd64_ssse3(const void *input_data, + void *state, size_t num_blks); +#endif + static unsigned int transform (void *context, const unsigned char *data) { SHA512_CONTEXT *ctx = context; +#ifdef USE_SSSE3 + if (ctx->use_ssse3) + return _gcry_sha512_transform_amd64_ssse3 (data, &ctx->state, 1) + + 4 * sizeof(void*); +#endif + #ifdef USE_ARM_NEON_ASM if (ctx->use_neon) { - _gcry_sha512_transform_armv7_neon(&ctx->state, data, k); + _gcry_sha512_transform_armv7_neon (&ctx->state, data, k); /* _gcry_sha512_transform_armv7_neon does not store sensitive data * to stack. */ diff --git a/configure.ac b/configure.ac index 97401c3..5990429 100644 --- a/configure.ac +++ b/configure.ac @@ -1724,6 +1724,13 @@ if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512.lo" AC_DEFINE(USE_SHA512, 1, [Defined if this module should be included]) + case "${host}" in + x86_64-*-*) + # Build with the assembly implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-ssse3-amd64.lo" + ;; + esac + if test x"$neonsupport" = xyes ; then # Build with the NEON implementation GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-armv7-neon.lo" commit e1a3931263e67aacec3c0bfcaa86c7d1441d5c6a Author: Jussi Kivilinna Date: Wed Dec 11 19:32:08 2013 +0200 SHA-256: Add SSSE3 implementation for x86-64 * cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'. * cipher/sha256-ssse3-amd64.S: New. * cipher/sha256.c (USE_SSSE3): New. (SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. (sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'. (transform): Rename to... (_transform): This. [USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New. (transform): New. * configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check. (sha256): Add 'sha256-ssse3-amd64.lo'. * doc/gcrypt.texi: Document 'intel-ssse3'. * src/g10lib.h (HWF_INTEL_SSSE3): New. * src/hwfeatures.c (hwflist): Add "intel-ssse3". * src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3. -- Patch adds fast SSSE3 implementation of SHA-256 by Intel Corporation. The assembly source is licensed under 3-clause BSD license, thus compatible with LGPL2.1+. Original source can be accessed at: http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs Implementation is described in white paper "Fast SHA - 256 Implementations on Intel? Architecture Processors" http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/sha-256-implementations-paper.html Benchmarks: cpu Old New Diff Intel i5-4570 13.99 c/B 10.66 c/B 1.31x Intel i5-2450M 21.53 c/B 15.79 c/B 1.36x Intel Core2 T8100 20.84 c/B 15.07 c/B 1.38x Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index ff9deca..34f74e2 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -78,7 +78,7 @@ scrypt.c \ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ sha1.c \ -sha256.c \ +sha256.c sha256-ssse3-amd64.S \ sha512.c sha512-armv7-neon.S \ stribog.c \ tiger.c \ diff --git a/cipher/sha256-ssse3-amd64.S b/cipher/sha256-ssse3-amd64.S new file mode 100644 index 0000000..06070d1 --- /dev/null +++ b/cipher/sha256-ssse3-amd64.S @@ -0,0 +1,526 @@ +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Copyright (c) 2012, Intel Corporation +; +; All rights reserved. +; +; Redistribution and use in source and binary forms, with or without +; modification, are permitted provided that the following conditions are +; met: +; +; * Redistributions of source code must retain the above copyright +; notice, this list of conditions and the following disclaimer. +; +; * Redistributions in binary form must reproduce the above copyright +; notice, this list of conditions and the following disclaimer in the +; documentation and/or other materials provided with the +; distribution. +; +; * Neither the name of the Intel Corporation nor the names of its +; contributors may be used to endorse or promote products derived from +; this software without specific prior written permission. +; +; +; THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY +; EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR +; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +; EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +; PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +; PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +; SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; This code is described in an Intel White-Paper: +; "Fast SHA-256 Implementations on Intel Architecture Processors" +; +; To find it, surf to http://www.intel.com/p/en_US/embedded +; and search for that title. +; The paper is expected to be released roughly at the end of April, 2012 +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; This code schedules 1 blocks at a time, with 4 lanes per block +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +*/ +/* + * Conversion to GAS assembly and integration to libgcrypt + * by Jussi Kivilinna + * + * Note: original implementation was named as SHA256-SSE4. However, only SSSE3 + * is required. + */ + +#ifdef __x86_64 +#include +#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA256) + +#ifdef __PIC__ +# define ADD_RIP +rip +#else +# define ADD_RIP +#endif + +.intel_syntax noprefix + +#define MOVDQ movdqu /* assume buffers not aligned */ + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Define Macros*/ + +/* addm [mem], reg + * Add reg to mem using reg-mem add and store */ +.macro addm p1 p2 + add \p2, \p1 + mov \p1, \p2 +.endm + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;*/ + +/* COPY_XMM_AND_BSWAP xmm, [mem], byte_flip_mask + * Load xmm with mem and byte swap each dword */ +.macro COPY_XMM_AND_BSWAP p1 p2 p3 + MOVDQ \p1, \p2 + pshufb \p1, \p3 +.endm + +/*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;*/ + +X0 = xmm4 +X1 = xmm5 +X2 = xmm6 +X3 = xmm7 + +XTMP0 = xmm0 +XTMP1 = xmm1 +XTMP2 = xmm2 +XTMP3 = xmm3 +XTMP4 = xmm8 +XFER = xmm9 + +SHUF_00BA = xmm10 /* shuffle xBxA -> 00BA */ +SHUF_DC00 = xmm11 /* shuffle xDxC -> DC00 */ +BYTE_FLIP_MASK = xmm12 + +NUM_BLKS = rdx /* 3rd arg */ +CTX = rsi /* 2nd arg */ +INP = rdi /* 1st arg */ + +SRND = rdi /* clobbers INP */ +c = ecx +d = r8d +e = edx + +TBL = rbp +a = eax +b = ebx + +f = r9d +g = r10d +h = r11d + +y0 = r13d +y1 = r14d +y2 = r15d + + + +#define _INP_END_SIZE 8 +#define _INP_SIZE 8 +#define _XFER_SIZE 8 +#define _XMM_SAVE_SIZE 0 +/* STACK_SIZE plus pushes must be an odd multiple of 8 */ +#define _ALIGN_SIZE 8 + +#define _INP_END 0 +#define _INP (_INP_END + _INP_END_SIZE) +#define _XFER (_INP + _INP_SIZE) +#define _XMM_SAVE (_XFER + _XFER_SIZE + _ALIGN_SIZE) +#define STACK_SIZE (_XMM_SAVE + _XMM_SAVE_SIZE) + +/* rotate_Xs + * Rotate values of symbols X0...X3 */ +.macro rotate_Xs +X_ = X0 +X0 = X1 +X1 = X2 +X2 = X3 +X3 = X_ +.endm + +/* ROTATE_ARGS + * Rotate values of symbols a...h */ +.macro ROTATE_ARGS +TMP_ = h +h = g +g = f +f = e +e = d +d = c +c = b +b = a +a = TMP_ +.endm + +.macro FOUR_ROUNDS_AND_SCHED + /* compute s0 four at a time and s1 two at a time + * compute W[-16] + W[-7] 4 at a time */ + movdqa XTMP0, X3 + mov y0, e /* y0 = e */ + ror y0, (25-11) /* y0 = e >> (25-11) */ + mov y1, a /* y1 = a */ + palignr XTMP0, X2, 4 /* XTMP0 = W[-7] */ + ror y1, (22-13) /* y1 = a >> (22-13) */ + xor y0, e /* y0 = e ^ (e >> (25-11)) */ + mov y2, f /* y2 = f */ + ror y0, (11-6) /* y0 = (e >> (11-6)) ^ (e >> (25-6)) */ + movdqa XTMP1, X1 + xor y1, a /* y1 = a ^ (a >> (22-13) */ + xor y2, g /* y2 = f^g */ + paddd XTMP0, X0 /* XTMP0 = W[-7] + W[-16] */ + xor y0, e /* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */ + and y2, e /* y2 = (f^g)&e */ + ror y1, (13-2) /* y1 = (a >> (13-2)) ^ (a >> (22-2)) */ + /* compute s0 */ + palignr XTMP1, X0, 4 /* XTMP1 = W[-15] */ + xor y1, a /* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */ + ror y0, 6 /* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */ + xor y2, g /* y2 = CH = ((f^g)&e)^g */ + movdqa XTMP2, XTMP1 /* XTMP2 = W[-15] */ + ror y1, 2 /* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */ + add y2, y0 /* y2 = S1 + CH */ + add y2, [rsp + _XFER + 0*4] /* y2 = k + w + S1 + CH */ + movdqa XTMP3, XTMP1 /* XTMP3 = W[-15] */ + mov y0, a /* y0 = a */ + add h, y2 /* h = h + S1 + CH + k + w */ + mov y2, a /* y2 = a */ + pslld XTMP1, (32-7) + or y0, c /* y0 = a|c */ + add d, h /* d = d + h + S1 + CH + k + w */ + and y2, c /* y2 = a&c */ + psrld XTMP2, 7 + and y0, b /* y0 = (a|c)&b */ + add h, y1 /* h = h + S1 + CH + k + w + S0 */ + por XTMP1, XTMP2 /* XTMP1 = W[-15] ror 7 */ + or y0, y2 /* y0 = MAJ = (a|c)&b)|(a&c) */ + add h, y0 /* h = h + S1 + CH + k + w + S0 + MAJ */ + +ROTATE_ARGS + movdqa XTMP2, XTMP3 /* XTMP2 = W[-15] */ + mov y0, e /* y0 = e */ + mov y1, a /* y1 = a */ + movdqa XTMP4, XTMP3 /* XTMP4 = W[-15] */ + ror y0, (25-11) /* y0 = e >> (25-11) */ + xor y0, e /* y0 = e ^ (e >> (25-11)) */ + mov y2, f /* y2 = f */ + ror y1, (22-13) /* y1 = a >> (22-13) */ + pslld XTMP3, (32-18) + xor y1, a /* y1 = a ^ (a >> (22-13) */ + ror y0, (11-6) /* y0 = (e >> (11-6)) ^ (e >> (25-6)) */ + xor y2, g /* y2 = f^g */ + psrld XTMP2, 18 + ror y1, (13-2) /* y1 = (a >> (13-2)) ^ (a >> (22-2)) */ + xor y0, e /* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */ + and y2, e /* y2 = (f^g)&e */ + ror y0, 6 /* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */ + pxor XTMP1, XTMP3 + xor y1, a /* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */ + xor y2, g /* y2 = CH = ((f^g)&e)^g */ + psrld XTMP4, 3 /* XTMP4 = W[-15] >> 3 */ + add y2, y0 /* y2 = S1 + CH */ + add y2, [rsp + _XFER + 1*4] /* y2 = k + w + S1 + CH */ + ror y1, 2 /* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */ + pxor XTMP1, XTMP2 /* XTMP1 = W[-15] ror 7 ^ W[-15] ror 18 */ + mov y0, a /* y0 = a */ + add h, y2 /* h = h + S1 + CH + k + w */ + mov y2, a /* y2 = a */ + pxor XTMP1, XTMP4 /* XTMP1 = s0 */ + or y0, c /* y0 = a|c */ + add d, h /* d = d + h + S1 + CH + k + w */ + and y2, c /* y2 = a&c */ + /* compute low s1 */ + pshufd XTMP2, X3, 0b11111010 /* XTMP2 = W[-2] {BBAA} */ + and y0, b /* y0 = (a|c)&b */ + add h, y1 /* h = h + S1 + CH + k + w + S0 */ + paddd XTMP0, XTMP1 /* XTMP0 = W[-16] + W[-7] + s0 */ + or y0, y2 /* y0 = MAJ = (a|c)&b)|(a&c) */ + add h, y0 /* h = h + S1 + CH + k + w + S0 + MAJ */ + +ROTATE_ARGS + movdqa XTMP3, XTMP2 /* XTMP3 = W[-2] {BBAA} */ + mov y0, e /* y0 = e */ + mov y1, a /* y1 = a */ + ror y0, (25-11) /* y0 = e >> (25-11) */ + movdqa XTMP4, XTMP2 /* XTMP4 = W[-2] {BBAA} */ + xor y0, e /* y0 = e ^ (e >> (25-11)) */ + ror y1, (22-13) /* y1 = a >> (22-13) */ + mov y2, f /* y2 = f */ + xor y1, a /* y1 = a ^ (a >> (22-13) */ + ror y0, (11-6) /* y0 = (e >> (11-6)) ^ (e >> (25-6)) */ + psrlq XTMP2, 17 /* XTMP2 = W[-2] ror 17 {xBxA} */ + xor y2, g /* y2 = f^g */ + psrlq XTMP3, 19 /* XTMP3 = W[-2] ror 19 {xBxA} */ + xor y0, e /* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */ + and y2, e /* y2 = (f^g)&e */ + psrld XTMP4, 10 /* XTMP4 = W[-2] >> 10 {BBAA} */ + ror y1, (13-2) /* y1 = (a >> (13-2)) ^ (a >> (22-2)) */ + xor y1, a /* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */ + xor y2, g /* y2 = CH = ((f^g)&e)^g */ + ror y0, 6 /* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */ + pxor XTMP2, XTMP3 + add y2, y0 /* y2 = S1 + CH */ + ror y1, 2 /* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */ + add y2, [rsp + _XFER + 2*4] /* y2 = k + w + S1 + CH */ + pxor XTMP4, XTMP2 /* XTMP4 = s1 {xBxA} */ + mov y0, a /* y0 = a */ + add h, y2 /* h = h + S1 + CH + k + w */ + mov y2, a /* y2 = a */ + pshufb XTMP4, SHUF_00BA /* XTMP4 = s1 {00BA} */ + or y0, c /* y0 = a|c */ + add d, h /* d = d + h + S1 + CH + k + w */ + and y2, c /* y2 = a&c */ + paddd XTMP0, XTMP4 /* XTMP0 = {..., ..., W[1], W[0]} */ + and y0, b /* y0 = (a|c)&b */ + add h, y1 /* h = h + S1 + CH + k + w + S0 */ + /* compute high s1 */ + pshufd XTMP2, XTMP0, 0b01010000 /* XTMP2 = W[-2] {DDCC} */ + or y0, y2 /* y0 = MAJ = (a|c)&b)|(a&c) */ + add h, y0 /* h = h + S1 + CH + k + w + S0 + MAJ */ + +ROTATE_ARGS + movdqa XTMP3, XTMP2 /* XTMP3 = W[-2] {DDCC} */ + mov y0, e /* y0 = e */ + ror y0, (25-11) /* y0 = e >> (25-11) */ + mov y1, a /* y1 = a */ + movdqa X0, XTMP2 /* X0 = W[-2] {DDCC} */ + ror y1, (22-13) /* y1 = a >> (22-13) */ + xor y0, e /* y0 = e ^ (e >> (25-11)) */ + mov y2, f /* y2 = f */ + ror y0, (11-6) /* y0 = (e >> (11-6)) ^ (e >> (25-6)) */ + psrlq XTMP2, 17 /* XTMP2 = W[-2] ror 17 {xDxC} */ + xor y1, a /* y1 = a ^ (a >> (22-13) */ + xor y2, g /* y2 = f^g */ + psrlq XTMP3, 19 /* XTMP3 = W[-2] ror 19 {xDxC} */ + xor y0, e /* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */ + and y2, e /* y2 = (f^g)&e */ + ror y1, (13-2) /* y1 = (a >> (13-2)) ^ (a >> (22-2)) */ + psrld X0, 10 /* X0 = W[-2] >> 10 {DDCC} */ + xor y1, a /* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */ + ror y0, 6 /* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */ + xor y2, g /* y2 = CH = ((f^g)&e)^g */ + pxor XTMP2, XTMP3 + ror y1, 2 /* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */ + add y2, y0 /* y2 = S1 + CH */ + add y2, [rsp + _XFER + 3*4] /* y2 = k + w + S1 + CH */ + pxor X0, XTMP2 /* X0 = s1 {xDxC} */ + mov y0, a /* y0 = a */ + add h, y2 /* h = h + S1 + CH + k + w */ + mov y2, a /* y2 = a */ + pshufb X0, SHUF_DC00 /* X0 = s1 {DC00} */ + or y0, c /* y0 = a|c */ + add d, h /* d = d + h + S1 + CH + k + w */ + and y2, c /* y2 = a&c */ + paddd X0, XTMP0 /* X0 = {W[3], W[2], W[1], W[0]} */ + and y0, b /* y0 = (a|c)&b */ + add h, y1 /* h = h + S1 + CH + k + w + S0 */ + or y0, y2 /* y0 = MAJ = (a|c)&b)|(a&c) */ + add h, y0 /* h = h + S1 + CH + k + w + S0 + MAJ */ + +ROTATE_ARGS +rotate_Xs +.endm + +/* input is [rsp + _XFER + %1 * 4] */ +.macro DO_ROUND i1 + mov y0, e /* y0 = e */ + ror y0, (25-11) /* y0 = e >> (25-11) */ + mov y1, a /* y1 = a */ + xor y0, e /* y0 = e ^ (e >> (25-11)) */ + ror y1, (22-13) /* y1 = a >> (22-13) */ + mov y2, f /* y2 = f */ + xor y1, a /* y1 = a ^ (a >> (22-13) */ + ror y0, (11-6) /* y0 = (e >> (11-6)) ^ (e >> (25-6)) */ + xor y2, g /* y2 = f^g */ + xor y0, e /* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */ + ror y1, (13-2) /* y1 = (a >> (13-2)) ^ (a >> (22-2)) */ + and y2, e /* y2 = (f^g)&e */ + xor y1, a /* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */ + ror y0, 6 /* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */ + xor y2, g /* y2 = CH = ((f^g)&e)^g */ + add y2, y0 /* y2 = S1 + CH */ + ror y1, 2 /* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */ + add y2, [rsp + _XFER + \i1 * 4] /* y2 = k + w + S1 + CH */ + mov y0, a /* y0 = a */ + add h, y2 /* h = h + S1 + CH + k + w */ + mov y2, a /* y2 = a */ + or y0, c /* y0 = a|c */ + add d, h /* d = d + h + S1 + CH + k + w */ + and y2, c /* y2 = a&c */ + and y0, b /* y0 = (a|c)&b */ + add h, y1 /* h = h + S1 + CH + k + w + S0 */ + or y0, y2 /* y0 = MAJ = (a|c)&b)|(a&c) */ + add h, y0 /* h = h + S1 + CH + k + w + S0 + MAJ */ + ROTATE_ARGS +.endm + +/* +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; void sha256_sse4(void *input_data, UINT32 digest[8], UINT64 num_blks) +;; arg 1 : pointer to input data +;; arg 2 : pointer to digest +;; arg 3 : Num blocks +*/ +.text +.globl _gcry_sha256_transform_amd64_ssse3 +.type _gcry_sha256_transform_amd64_ssse3, at function; +.align 16 +_gcry_sha256_transform_amd64_ssse3: + push rbx + push rbp + push r13 + push r14 + push r15 + + sub rsp, STACK_SIZE + + shl NUM_BLKS, 6 /* convert to bytes */ + jz .Ldone_hash + add NUM_BLKS, INP /* pointer to end of data */ + mov [rsp + _INP_END], NUM_BLKS + + /* load initial digest */ + mov a,[4*0 + CTX] + mov b,[4*1 + CTX] + mov c,[4*2 + CTX] + mov d,[4*3 + CTX] + mov e,[4*4 + CTX] + mov f,[4*5 + CTX] + mov g,[4*6 + CTX] + mov h,[4*7 + CTX] + + movdqa BYTE_FLIP_MASK, [.LPSHUFFLE_BYTE_FLIP_MASK ADD_RIP] + movdqa SHUF_00BA, [.L_SHUF_00BA ADD_RIP] + movdqa SHUF_DC00, [.L_SHUF_DC00 ADD_RIP] + +.Loop0: + lea TBL, [.LK256 ADD_RIP] + + /* byte swap first 16 dwords */ + COPY_XMM_AND_BSWAP X0, [INP + 0*16], BYTE_FLIP_MASK + COPY_XMM_AND_BSWAP X1, [INP + 1*16], BYTE_FLIP_MASK + COPY_XMM_AND_BSWAP X2, [INP + 2*16], BYTE_FLIP_MASK + COPY_XMM_AND_BSWAP X3, [INP + 3*16], BYTE_FLIP_MASK + + mov [rsp + _INP], INP + + /* schedule 48 input dwords, by doing 3 rounds of 16 each */ + mov SRND, 3 +.align 16 +.Loop1: + movdqa XFER, [TBL + 0*16] + paddd XFER, X0 + movdqa [rsp + _XFER], XFER + FOUR_ROUNDS_AND_SCHED + + movdqa XFER, [TBL + 1*16] + paddd XFER, X0 + movdqa [rsp + _XFER], XFER + FOUR_ROUNDS_AND_SCHED + + movdqa XFER, [TBL + 2*16] + paddd XFER, X0 + movdqa [rsp + _XFER], XFER + FOUR_ROUNDS_AND_SCHED + + movdqa XFER, [TBL + 3*16] + paddd XFER, X0 + movdqa [rsp + _XFER], XFER + add TBL, 4*16 + FOUR_ROUNDS_AND_SCHED + + sub SRND, 1 + jne .Loop1 + + mov SRND, 2 +.Loop2: + paddd X0, [TBL + 0*16] + movdqa [rsp + _XFER], X0 + DO_ROUND 0 + DO_ROUND 1 + DO_ROUND 2 + DO_ROUND 3 + paddd X1, [TBL + 1*16] + movdqa [rsp + _XFER], X1 + add TBL, 2*16 + DO_ROUND 0 + DO_ROUND 1 + DO_ROUND 2 + DO_ROUND 3 + + movdqa X0, X2 + movdqa X1, X3 + + sub SRND, 1 + jne .Loop2 + + addm [4*0 + CTX],a + addm [4*1 + CTX],b + addm [4*2 + CTX],c + addm [4*3 + CTX],d + addm [4*4 + CTX],e + addm [4*5 + CTX],f + addm [4*6 + CTX],g + addm [4*7 + CTX],h + + mov INP, [rsp + _INP] + add INP, 64 + cmp INP, [rsp + _INP_END] + jne .Loop0 + +.Ldone_hash: + add rsp, STACK_SIZE + + pop r15 + pop r14 + pop r13 + pop rbp + pop rbx + + mov rax, STACK_SIZE + ret + + +.data +.align 16 +.LK256: + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 + +.LPSHUFFLE_BYTE_FLIP_MASK: .octa 0x0c0d0e0f08090a0b0405060700010203 + +/* shuffle xBxA -> 00BA */ +.L_SHUF_00BA: .octa 0xFFFFFFFFFFFFFFFF0b0a090803020100 + +/* shuffle xDxC -> DC00 */ +.L_SHUF_DC00: .octa 0x0b0a090803020100FFFFFFFFFFFFFFFF + +#endif +#endif diff --git a/cipher/sha256.c b/cipher/sha256.c index bd5a412..f3c1d62 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -46,11 +46,25 @@ #include "cipher.h" #include "hash-common.h" + +/* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ +#undef USE_SSSE3 +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +# define USE_SSSE3 1 +#endif + + typedef struct { gcry_md_block_ctx_t bctx; u32 h0,h1,h2,h3,h4,h5,h6,h7; +#ifdef USE_SSSE3 + unsigned int use_ssse3:1; +#endif } SHA256_CONTEXT; + static unsigned int transform (void *c, const unsigned char *data); @@ -74,6 +88,10 @@ sha256_init (void *context) hd->bctx.count = 0; hd->bctx.blocksize = 64; hd->bctx.bwrite = transform; + +#ifdef USE_SSSE3 + hd->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; +#endif } @@ -96,6 +114,10 @@ sha224_init (void *context) hd->bctx.count = 0; hd->bctx.blocksize = 64; hd->bctx.bwrite = transform; + +#ifdef USE_SSSE3 + hd->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; +#endif } @@ -148,7 +170,7 @@ Sum1 (u32 x) static unsigned int -transform (void *ctx, const unsigned char *data) +_transform (void *ctx, const unsigned char *data) { SHA256_CONTEXT *hd = ctx; static const u32 K[64] = { @@ -254,6 +276,27 @@ transform (void *ctx, const unsigned char *data) #undef R +#ifdef USE_SSSE3 +unsigned int _gcry_sha256_transform_amd64_ssse3(const void *input_data, + u32 state[8], size_t num_blks); +#endif + + +static unsigned int +transform (void *ctx, const unsigned char *data) +{ + SHA256_CONTEXT *hd = ctx; + +#ifdef USE_SSSE3 + if (hd->use_ssse3) + return _gcry_sha256_transform_amd64_ssse3 (data, &hd->h0, 1) + + 4 * sizeof(void*); +#endif + + return _transform (hd, data); +} + + /* The routine finally terminates the computation and returns the digest. The handle is prepared for a new cycle, but adding bytes diff --git a/configure.ac b/configure.ac index 6d40343..97401c3 100644 --- a/configure.ac +++ b/configure.ac @@ -1077,6 +1077,40 @@ fi # +# Check whether GCC assembler supports features needed for assembly +# implementations that use Intel syntax +# +AC_CACHE_CHECK([whether GCC assembler is compatible for Intel syntax assembly implementations], + [gcry_cv_gcc_platform_as_ok_for_intel_syntax], + [gcry_cv_gcc_platform_as_ok_for_intel_syntax=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__( + ".intel_syntax noprefix\n\t" + "pxor xmm1, xmm7;\n\t" + /* Intel syntax implementation also use GAS macros, so check + * for them here. */ + "VAL_A = xmm4\n\t" + "VAL_B = xmm2\n\t" + ".macro SET_VAL_A p1\n\t" + " VAL_A = \\\\p1 \n\t" + ".endm\n\t" + ".macro SET_VAL_B p1\n\t" + " VAL_B = \\\\p1 \n\t" + ".endm\n\t" + "vmovdqa VAL_A, VAL_B;\n\t" + "SET_VAL_A eax\n\t" + "SET_VAL_B ebp\n\t" + "add VAL_A, VAL_B;\n\t" + "add VAL_B, 0b10101;\n\t" + );]])], + [gcry_cv_gcc_platform_as_ok_for_intel_syntax=yes])]) +if test "$gcry_cv_gcc_platform_as_ok_for_intel_syntax" = "yes" ; then + AC_DEFINE(HAVE_INTEL_SYNTAX_PLATFORM_AS,1, + [Defined if underlying assembler is compatible with Intel syntax assembly implementations]) +fi + + +# # Check whether compiler is configured for ARMv6 or newer architecture # AC_CACHE_CHECK([whether compiler is configured for ARMv6 or newer architecture], @@ -1676,6 +1710,13 @@ LIST_MEMBER(sha256, $enabled_digests) if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256.lo" AC_DEFINE(USE_SHA256, 1, [Defined if this module should be included]) + + case "${host}" in + x86_64-*-*) + # Build with the assembly implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-ssse3-amd64.lo" + ;; + esac fi LIST_MEMBER(sha512, $enabled_digests) diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index f3af29f..0f7557d 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -624,6 +624,7 @@ are @item padlock-aes @item padlock-sha @item padlock-mmul + at item intel-ssse3 @item intel-pclmul @item intel-aesni @item intel-rdrand diff --git a/src/g10lib.h b/src/g10lib.h index 1e58ef6..6b2bafb 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -197,6 +197,7 @@ int _gcry_log_verbosity( int level ); #define HWF_PADLOCK_SHA 4 #define HWF_PADLOCK_MMUL 8 +#define HWF_INTEL_SSSE3 64 #define HWF_INTEL_PCLMUL 128 #define HWF_INTEL_AESNI 256 #define HWF_INTEL_RDRAND 512 diff --git a/src/hwf-x86.c b/src/hwf-x86.c index 784fe2a..ab6dacd 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -206,6 +206,9 @@ detect_x86_gnuc (void) if (features & 0x00000002) result |= HWF_INTEL_PCLMUL; #endif + /* Test bit 9 for SSSE3. */ + if (features & 0x00000200) + result |= HWF_INTEL_SSSE3; #ifdef ENABLE_AESNI_SUPPORT /* Test bit 25 for AES-NI. */ if (features & 0x02000000) diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 6699816..5c3bb18 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -46,6 +46,7 @@ static struct { HWF_PADLOCK_AES, "padlock-aes" }, { HWF_PADLOCK_SHA, "padlock-sha" }, { HWF_PADLOCK_MMUL,"padlock-mmul"}, + { HWF_INTEL_SSSE3, "intel-ssse3" }, { HWF_INTEL_PCLMUL,"intel-pclmul" }, { HWF_INTEL_AESNI, "intel-aesni" }, { HWF_INTEL_RDRAND,"intel-rdrand" }, ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 4 +- cipher/sha256-ssse3-amd64.S | 526 ++++++++++++++++++++++++++ cipher/sha256.c | 45 ++- cipher/sha512-avx-amd64.S | 412 ++++++++++++++++++++ cipher/sha512-avx2-bmi2-amd64.S | 783 +++++++++++++++++++++++++++++++++++++++ cipher/sha512-ssse3-amd64.S | 414 +++++++++++++++++++++ cipher/sha512.c | 102 ++++- configure.ac | 69 +++- doc/gcrypt.texi | 3 + random/rndw32.c | 6 +- src/g10lib.h | 3 + src/hwf-x86.c | 10 +- src/hwfeatures.c | 3 + 13 files changed, 2368 insertions(+), 12 deletions(-) create mode 100644 cipher/sha256-ssse3-amd64.S create mode 100644 cipher/sha512-avx-amd64.S create mode 100644 cipher/sha512-avx2-bmi2-amd64.S create mode 100644 cipher/sha512-ssse3-amd64.S hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 12:07:12 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 13 Dec 2013 12:07:12 +0100 Subject: [git] gnupg-doc - branch, master, updated. 7a8d1d97745cd34dccd7068c23e0e81651cadc44 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7a8d1d97745cd34dccd7068c23e0e81651cadc44 (commit) from 95fd5b9b4e5942d875f39b0b39cc44ece4f53992 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a8d1d97745cd34dccd7068c23e0e81651cadc44 Author: Werner Koch Date: Fri Dec 13 11:50:21 2013 +0100 Add the current blog.gnupg.org site. diff --git a/misc/blog.gnupg.org/drm-info.png b/misc/blog.gnupg.org/drm-info.png new file mode 100644 index 0000000..9cc1450 Binary files /dev/null and b/misc/blog.gnupg.org/drm-info.png differ diff --git a/misc/blog.gnupg.org/img/android.jpg b/misc/blog.gnupg.org/img/android.jpg new file mode 100644 index 0000000..9f3ddad Binary files /dev/null and b/misc/blog.gnupg.org/img/android.jpg differ diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html new file mode 100644 index 0000000..9e9983b --- /dev/null +++ b/misc/blog.gnupg.org/index.html @@ -0,0 +1,322 @@ + + + + + + Blog - Gnu Privacy Guard + + + + ++ + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +

Blogs

+ +
+

Friends tell friends they love GnuPG

+ +
Posted 13th November 2013 by Sam Tuke
+ +
+ +

GnuPG can run almost anywhere

+
+ +

Email encryption is one of those pleasures that can't be enjoyed + alone. Sending yourself messages secured with 4096-bit RSA is great + for proof of concept, but meaningful communication requires two + parties. GnuPG requires both those parties to have their own + keys.

+ +

Less than 1% of all email + traffic is PGP encrypted, meaning that those of us who do make our + messages private routinely find ourselves in the frustrating + predicament of having to share our thoughts insecurely, even though + we know they're being intercepted, even though this is easily + avoidable, and even though we've already taken steps to do so. All + because our friends and colleagues don't know the + benefits of GnuPG.

+ +

Windows, Gnu/Linux, Mac, and Android all have point and click + GnuPG interfaces - at this point, all bases except iPhone are more + or less covered. That means the reason your contacts aren't OpenPGP + ready is not technical. And because GnuPG is Free + Software (and free of charge), it can't be about price.

+ +

A recommendation from you is the most effective way you can + increase the number of GnuPG users, and consequently increase the + percentage of the messages you send that are meaningfully + encrypted. That's why we're asking people in our community to think + of pithy explanations of why GnuPG is important and how it enables + them.

+ +

We've already got quotes from some big names like Bruce Schneier, + Jacob Appelbaum, and Richard Stallman. But the chances are + that your name carries more weight among your + peers. Please use it to share your appreciation for GnuPG!

+ +

If you use social networks, you can + use #iloveGPG to connect your messages to other + people's, and make is easier for us to find and repeat them.

+ +

Look out for weekly quotes posted from the + GnuPG Twitter + and Diaspora + accounts if you need inspiration. Let's fill up + the keyservers + with fresh keys from new users!

+ +
+ +
+

Securing the future of GPG

+
Posted 5th November 2013 by Sam Tuke
+ +

If you've noticed some changes around here, there's a good reason + why. We have a plan for securing the long term stability of GnuPG + development by giving more to our users, and asking more from them + in return.

+ +

You already know that GnuPG is important, and as months of fresh + government spying revelations go by, it's becoming obvious that + GnuPG is one of the very few tools that can still be trusted to keep + our data safe from the overwhelming efforts of international law + enforcement. But developing GnuPG takes work - regular monitoring + for newfound threats and exploits, and new features to keep it sharp + with the latest encryption algorithms. We also need to reach out to + the millions of potential GnuPG users who are asking themselves how + they can make their email secure. Public-private key cryptography + hasn't yet gained mainstream acceptance, but it could if it were + just a little more appealing and accessible.

+ +

To maintain progress within the project we need to make it easier + for GnuPG users to support the work that we do. Ours is an app that + is often hidden from view, relied upon daily by hundreds of + thousands of people, often in life-threatening circumstances, yet + low profile and rarely supported by publicity or donations.

+ +

To change that we're going to launch a new + website with a fresh design, more friendly and accessible + information, and new resources to grow and strengthen our user + group. The new site will also allow the project to accept and manage + new forms of financial support, including automatic subscriptions to + sustain development long term.

+ +

Designing, building and populating the new site will take a few + months, and in order to cover the costs there will be + a crowd-funding campaign with a modest target, in + early December. We have some rewards up our sleeves for those who + donate.

+ +

When that time comes, we'll need your help - + telling your contacts, forwarding the announcement to your + communities, and contributing financially if you can.

+ +

You can subscribe to updates about the campaign using this + form. This is separate to other GnuPG mailing lists - update will be + sent here, and only here.

+ + + + + +
+
+ + +
+ +
+ +
+

New blog, first post

+ +
Posted 30th October 2013 by Sam Tuke
+ +

Welcome to Gnu Privacy Guard's new blog! We're planning some + major changes to gnupg.org and how the project communicates in + general. I'm Sam, and I'll be writing updates here as our work + progresses. In future this blog will be replaced with a more + beautiful and featureful alternative, but bear with us as we get + from here to there.

+ +

For more timely updates you can follow our Twitter + accounts: @GnuPrivacyGuard + and @GnuPG. + That's right, we have two! But I'm going to combine them shortly so + it's easier to keep track [UPDATE: accounts now merged! + Stick with @GnuPG].

+ +

For more information, see + our press + contact page hosted on Totem. That's all for now.

+ +
+ + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/logo-gnupg-light-purple-bg.png b/misc/blog.gnupg.org/logo-gnupg-light-purple-bg.png new file mode 100644 index 0000000..41264d9 Binary files /dev/null and b/misc/blog.gnupg.org/logo-gnupg-light-purple-bg.png differ diff --git a/misc/blog.gnupg.org/logo-openit.png b/misc/blog.gnupg.org/logo-openit.png new file mode 100644 index 0000000..fc7abfc Binary files /dev/null and b/misc/blog.gnupg.org/logo-openit.png differ diff --git a/misc/blog.gnupg.org/pace.png b/misc/blog.gnupg.org/pace.png new file mode 100644 index 0000000..d627c9a Binary files /dev/null and b/misc/blog.gnupg.org/pace.png differ diff --git a/misc/blog.gnupg.org/privacy-policy.en.html b/misc/blog.gnupg.org/privacy-policy.en.html new file mode 100644 index 0000000..3ac5170 --- /dev/null +++ b/misc/blog.gnupg.org/privacy-policy.en.html @@ -0,0 +1,209 @@ + + + + + + + + Blog - Gnu Privacy Guard + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + + [GnuPG Logo] + +   
+ · English ·   +    
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ +

Privacy policy

+ +

Analytics

+ +

This website uses Piwik, a Free Software web analytics system, + to monitor traffic on our Web sites. Piwik records the general + geographical vicinity of visitors as well as their browser and + operating system, and records their navigation within the + sites. This helps us gauge the impact of our materials and improve + our work.

+ +

Our Piwik system preserves privacy by anonymizing visitors' IP + addresses. This means that we will not store any personally + identifiable information about you, even though your visit produces + a record that our site was visited by someone.

+ +

Piwik also respects the "Do Not Track" preference offered by some + browsers, so if you have this option set, Piwik will ignore your + visit entirely. Details of how Piwik protects privacy are + on their + website.

+ +

Newsletter and email notifications

+ +

For now we are using a hosted Free Software mailing list manager + called PHP List for handling our newsletters. PHP List's privacy + policy is available on + their website. PHP List complies with legal + obligations to UK law enforcement. Contact information of + subscribers is not shared with third parties, and is discarded 90 + days after removal from a mailing list.

+ +

GnuPG will never pass contact details to any third party without + prior permission, unless obliged to do so under German law.

+ +		 
  
 
+ +
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/site.css b/misc/blog.gnupg.org/site.css new file mode 100644 index 0000000..418e905 --- /dev/null +++ b/misc/blog.gnupg.org/site.css @@ -0,0 +1,250 @@ +A:link { + color: #784c6c; + font-weight: bold; + text-decoration: none; +} +A:hover { + background-color: #d0dce8; + font-weight: bold; + text-decoration: none; +} +A:visited { + color: #5c6064; + font-weight: bold; + text-decoration: none; +} +A.img:hover { + background-color: #f0f0fc; +} +BLOCKQUOTE { + border: 1px solid black; + padding: 1em; +} +BODY { + margin-left: 0px; + margin-right: 0px; + text-align: left; + color: black; + background-color: #f0f0fc; + font-family: sans-serif; + font-weight: normal; + text-decoration: none; +} +DD { + padding-bottom: 1em; +} +H1 +{ + font-size: large; +} +h2 { + font-size: 1em; + margin: 2em 0 1em; +} +H1:first-letter, +H2:first-letter { + font-size: x-large; +} +H3:first-letter { + font-size: large; +} +H1, +H2, +H3 { + color: #5c6064; + font-weight: bold; + font-variant: small-caps; + letter-spacing: 0.1em; +} +H1:first-letter, +H2:first-letter, +H3:first-letter { + color: #784c6c; +} +IMG { + border: none; +} +LI.important { + color: red; +} +P.out-of-date { + font-style: italic; + font-size: small; +} +PRE, +DIV.samp { + background-color: #ebebf4; + margin: 1em; + border: 1px solid black; + padding: 1em; + font-size: small; +} +SPAN.important { + color: red; +} +DIV.urgent { + width: 85%; + text-align: center; + border: solid red; + font-weight: bold; +} +TABLE.layout { + background-color: transparent; + border-collapse: separate; + border: none; + max-width: 1200px; +} +TD.layout { + border: 1px none black; + padding: 0px; + text-align: right; + vertical-align: top; +} +TABLE.frame { + background-color: transparent; + border-collapse: collapse; + border: 1px none black; +} +TD.frame-right { + border-left: 2px solid #784c6c; +} +TD.frame-bottom, +TD.frame-bottom-lang, +TD.frame-bottom-mirror { + color: #5c6064; + border-top: 2px solid #5c6064; + text-align: left; + font-size: small; + font-weight: bold; +} +TD.frame-bottom-lang, +TD.frame-bottom-mirror { + font-size: x-small; +} +TD.frame-bottom-mirror { + text-align: right; +} +TD.frame-corner { + border-top: 2px solid #5c6064; + border-left: 2px solid #784c6c; +} +TD.frame-spacing { + border: none; + height: 30px; +} +TD.frame-head { + padding: 0px 0px 1em 0px; + border: none; + text-align: center; + vertical-align: middle; + font-size: large; + font-variant: small-caps; + font-weight: bold; + letter-spacing: 0.3em; +} +TD.frame-head-blockquote { + padding: 0px 1em 1em 1em; + border-bottom: 2px solid #5c6064; + vertical-align: middle; + font-family: sans-serif; + text-align: center; + text-decoration: none; + font-size: x-small; + font-variant: small-caps; + letter-spacing: 0.3em; +} +SPAN.g { + color: #784c6c; + font-size: x-large; +} +SPAN.nu { + color: #784c6c; +} +SPAN.pg { + color: #5c6064; + font-size: x-large; +} +A.lang { + font-size: x-small; +} +A.lang:visited { + color: #784c6c; +} +TD.frame-navb { + padding: 0px 0.3em 0.5em 0.3em; + text-align: left; + font-size: small; +} +UL.frame-navb { + margin: 0px; + margin-left: 1em; + padding-left: 1em; +} +UL.frame-navb:first-line { + margin: 0px; + padding-left: 1em; +} +LI.frame-navb { +} +TD.frame-cont { + padding: 0px 1em 1.5em 1em; + text-align: left; + vertical-align: top; +} +DIV.frame-foot { + text-align: center; + font-size: x-small; + color: #5c6064; +} +A.foot:link { + color: #5c6064; + font-size: x-small; + font-weight: normal; + text-decoration: underline; +} +A.foot:visited { + color: #5c6064; + font-size: x-small; + font-weight: normal; + text-decoration: underline; +} +A.foot:hover { + font-size: x-small; + font-weight: normal; +} +#footer-legal { + padding: 0.3em 0; + font-size: 1.5em; + background: #DCDCFF; +} +/*PHP list subscription confirmation box*/ +.subscribed { + background-color: #D4D4D4; + padding: 0.5em; +} + +.left { + float: left; +} + +.right { + float: right; +} + +/*Blog rules*/ +.entry { + clear: both; +} + +/*Image caption rules*/ +.captioned-img { + border: 1px solid #808080; + margin: 1em 0.5em; + padding: 0.5em; + text-align: center; +} + +.captioned-img p { + margin: 0; + padding: 0.5em 0 0.2em 0; +} \ No newline at end of file diff --git a/misc/blog.gnupg.org/upload b/misc/blog.gnupg.org/upload new file mode 100755 index 0000000..9530b1b --- /dev/null +++ b/misc/blog.gnupg.org/upload @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +if [ "$(pwd | awk -F/ '{print $NF}')" != "blog.gnupg.org" ]; then + echo "upload: not invoked from the blog.gnupg.org directory" >&2; + exit 1 +fi + +rsync -vr --exclude '*~' --exclude upload . playfair.gnupg.org:/var/www/git/blog.gnupg.org/htdocs/ + +#eof diff --git a/misc/blog.gnupg.org/valid-xhtml10.png b/misc/blog.gnupg.org/valid-xhtml10.png new file mode 100644 index 0000000..b81de91 Binary files /dev/null and b/misc/blog.gnupg.org/valid-xhtml10.png differ diff --git a/misc/blog.gnupg.org/vcss.gif b/misc/blog.gnupg.org/vcss.gif new file mode 100644 index 0000000..020c75a Binary files /dev/null and b/misc/blog.gnupg.org/vcss.gif differ ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/drm-info.png | Bin 0 -> 3719 bytes misc/blog.gnupg.org/img/android.jpg | Bin 0 -> 58725 bytes misc/blog.gnupg.org/index.html | 322 ++++++++++++++++++++ .../blog.gnupg.org}/logo-gnupg-light-purple-bg.png | Bin 9024 -> 9024 bytes .../blog.gnupg.org/logo-openit.png | Bin 7708 -> 7708 bytes {web/share => misc/blog.gnupg.org}/pace.png | Bin 4108 -> 4108 bytes misc/blog.gnupg.org/privacy-policy.en.html | 209 +++++++++++++ misc/blog.gnupg.org/site.css | 250 +++++++++++++++ misc/blog.gnupg.org/upload | 12 + misc/blog.gnupg.org/valid-xhtml10.png | Bin 0 -> 1882 bytes misc/blog.gnupg.org/vcss.gif | Bin 0 -> 1547 bytes 11 files changed, 793 insertions(+) create mode 100644 misc/blog.gnupg.org/drm-info.png create mode 100644 misc/blog.gnupg.org/img/android.jpg create mode 100644 misc/blog.gnupg.org/index.html copy {web/share => misc/blog.gnupg.org}/logo-gnupg-light-purple-bg.png (100%) copy web/share/logo-sponsor.png => misc/blog.gnupg.org/logo-openit.png (100%) copy {web/share => misc/blog.gnupg.org}/pace.png (100%) create mode 100644 misc/blog.gnupg.org/privacy-policy.en.html create mode 100644 misc/blog.gnupg.org/site.css create mode 100755 misc/blog.gnupg.org/upload create mode 100644 misc/blog.gnupg.org/valid-xhtml10.png create mode 100644 misc/blog.gnupg.org/vcss.gif hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 14:04:46 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Fri, 13 Dec 2013 14:04:46 +0100 Subject: [git] gnupg-doc - branch, master, updated. 5e6df88601381e7db84361af8792f06bc694fdab Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5e6df88601381e7db84361af8792f06bc694fdab (commit) via 3dc5d0dc2f6d412268392c5051186d9514000094 (commit) from 7a8d1d97745cd34dccd7068c23e0e81651cadc44 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e6df88601381e7db84361af8792f06bc694fdab Author: Sam Tuke Date: Fri Dec 13 14:04:22 2013 +0100 Removed whitespace for nazi git hooks diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 8460f54..3d42677 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -43,7 +43,6 @@ - @@ -79,67 +78,67 @@ @@ -238,7 +237,7 @@ alt="Valid CSS!" height="31" width="88" />

- + commit 3dc5d0dc2f6d412268392c5051186d9514000094 Author: Sam Tuke Date: Fri Dec 13 13:59:11 2013 +0100 Added new entry "preparing for launch" diff --git a/misc/blog.gnupg.org/img/mobile-front-page.png b/misc/blog.gnupg.org/img/mobile-front-page.png new file mode 100644 index 0000000..a1a2bc1 Binary files /dev/null and b/misc/blog.gnupg.org/img/mobile-front-page.png differ diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 9e9983b..8460f54 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -1,322 +1,269 @@ - - - Blog - Gnu Privacy Guard - - - -
- +

Blog

- +
- +

Preparing for launch

- +
Posted 13th December 2013 by Sam Tuke
- +

Mid December, giving season, and nearly time for the GnuPG Crowdfunding to commence. We've been working hard on preparations. Drafts of the new mobile website design have been published and met positive feedback, and a community-contibuted promo video was posted on YouTube. GnuPG coverage on Twitter continues to grow with many articles (The Guardian, Kaspersky Labs, The EFF, Lifehacker, ...) and 252 new followers in 6 weeks.

- +
- +

New mobile site draft

- +

Last Friday I announced the crowdfunding to a crowded audience at Berlin event "Whatever happened to privacy", and Markus Beckedahl (Netzpolitik) and Jacob Appelbaum (Tor Project and Wikileaks) amplified the importance of supporting the project. Hugo Roy (FSFE) gave a talk on Wednesday about the campaign at the Paris 'Hackadon' - a new conference for Free Software giving, organised by three crowdfunding organisations. His slides are online in the GPG presentations repository.

- +

Hopefully the crowdfunding page on Goteo (a Free Software Kickstarter) will be ready for launch next week. Email me if you can help with translating the press release - we're aiming for at least three languages. And don't forget you can still sign up for email updates (form below). Thanks for all your support so far!

- + - +
- +
- +
- +

Friends tell friends they love GnuPG

- +
Posted 13th November 2013 by Sam Tuke
- +

GnuPG can run almost anywhere

- +

Email encryption is one of those pleasures that can't be enjoyed alone. Sending yourself messages secured with 4096-bit RSA is great for proof of concept, but meaningful communication requires two parties. GnuPG requires both those parties to have their own keys.

- +

Less than 1% of all email traffic is PGP encrypted, meaning that those of us who do make our messages private routinely find ourselves in the frustrating predicament of having to share our thoughts insecurely, even though we know they're being intercepted, even though this is easily avoidable, and even though we've already taken steps to do so. All because our friends and colleagues don't know the benefits of GnuPG.

Windows, Gnu/Linux, Mac, and Android all have point and click GnuPG interfaces - at this point, all bases except iPhone are more or less covered. That means the reason your contacts aren't OpenPGP ready is not technical. And because GnuPG is Free Software (and free of charge), it can't be about price.

A recommendation from you is the most effective way you can increase the number of GnuPG users, and consequently increase the percentage of the messages you send that are meaningfully encrypted. That's why we're asking people in our community to think of pithy explanations of why GnuPG is important and how it enables them.

- +

We've already got quotes from some big names like Bruce Schneier, Jacob Appelbaum, and Richard Stallman. But the chances are that your name carries more weight among your peers. Please use it to share your appreciation for GnuPG!

- +

If you use social networks, you can use #iloveGPG to connect your messages to other people's, and make is easier for us to find and repeat them.

- +

Look out for weekly quotes posted from the GnuPG Twitter and Diaspora accounts if you need inspiration. Let's fill up the keyservers with fresh keys from new users!

- +
- +
- +

Securing the future of GPG

- +
Posted 5th November 2013 by Sam Tuke

If you've noticed some changes around here, there's a good reason why. We have a plan for securing the long term stability of GnuPG development by giving more to our users, and asking more from them in return.

@@ -155,25 +154,25 @@

When that time comes, we'll need your help - telling your contacts, forwarding the announcement to your communities, and contributing financially if you can.

You can subscribe to updates about the campaign using this form. This is separate to other GnuPG mailing lists - update will be sent here, and only here.

- + - +
- +
- +
- +

New blog, first post

- +
Posted 30th October 2013 by Sam Tuke
- +

Welcome to Gnu Privacy Guard's new blog! We're planning some major changes to gnupg.org and how the project communicates in general. I'm Sam, and I'll be writing updates here as our work progresses. In future this blog will be replaced with a more beautiful and featureful alternative, but bear with us as we get from here to there.

For more timely updates you can follow our Twitter accounts: @GnuPrivacyGuard and @GnuPG. That's right, we have two! But I'm going to combine them shortly so it's easier to keep track [UPDATE: accounts now merged! Stick with @GnuPG].

For more information, see our press contact page hosted on Totem. That's all for now.

- +
-- - - - + + + + + Blog - Gnu Privacy Guard + + + + + +
- - - - - - - - - - - - - - - - - -
  - [GnuPG Logo]  
· English ·     
-
+ + + + + - - - - - - - + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + + [GnuPG Logo] + +   
+ · English ·   +    
+
- - - - - - - - - - - - - - - -
Links - -  
  
 
- 		- - - - - - - - - - - - - - -
- - - -

Blogs

- -
-

Friends tell friends they love GnuPG

- -
Posted 13th November 2013 by Sam Tuke
- -
- -

GnuPG can run almost anywhere

-
- -

Email encryption is one of those pleasures that can't be enjoyed - alone. Sending yourself messages secured with 4096-bit RSA is great - for proof of concept, but meaningful communication requires two - parties. GnuPG requires both those parties to have their own - keys.

- -

Less than 1% of all email - traffic is PGP encrypted, meaning that those of us who do make our - messages private routinely find ourselves in the frustrating - predicament of having to share our thoughts insecurely, even though - we know they're being intercepted, even though this is easily - avoidable, and even though we've already taken steps to do so. All - because our friends and colleagues don't know the - benefits of GnuPG.

- -

Windows, Gnu/Linux, Mac, and Android all have point and click - GnuPG interfaces - at this point, all bases except iPhone are more - or less covered. That means the reason your contacts aren't OpenPGP - ready is not technical. And because GnuPG is Free - Software (and free of charge), it can't be about price.

- -

A recommendation from you is the most effective way you can - increase the number of GnuPG users, and consequently increase the - percentage of the messages you send that are meaningfully - encrypted. That's why we're asking people in our community to think - of pithy explanations of why GnuPG is important and how it enables - them.

- -

We've already got quotes from some big names like Bruce Schneier, - Jacob Appelbaum, and Richard Stallman. But the chances are - that your name carries more weight among your - peers. Please use it to share your appreciation for GnuPG!

- -

If you use social networks, you can - use #iloveGPG to connect your messages to other - people's, and make is easier for us to find and repeat them.

- -

Look out for weekly quotes posted from the - GnuPG Twitter - and Diaspora - accounts if you need inspiration. Let's fill up - the keyservers - with fresh keys from new users!

- -
- -
-

Securing the future of GPG

-
Posted 5th November 2013 by Sam Tuke
- -

If you've noticed some changes around here, there's a good reason - why. We have a plan for securing the long term stability of GnuPG - development by giving more to our users, and asking more from them - in return.

- -

You already know that GnuPG is important, and as months of fresh - government spying revelations go by, it's becoming obvious that - GnuPG is one of the very few tools that can still be trusted to keep - our data safe from the overwhelming efforts of international law - enforcement. But developing GnuPG takes work - regular monitoring - for newfound threats and exploits, and new features to keep it sharp - with the latest encryption algorithms. We also need to reach out to - the millions of potential GnuPG users who are asking themselves how - they can make their email secure. Public-private key cryptography - hasn't yet gained mainstream acceptance, but it could if it were - just a little more appealing and accessible.

- -

To maintain progress within the project we need to make it easier - for GnuPG users to support the work that we do. Ours is an app that - is often hidden from view, relied upon daily by hundreds of - thousands of people, often in life-threatening circumstances, yet - low profile and rarely supported by publicity or donations.

- -

To change that we're going to launch a new - website with a fresh design, more friendly and accessible - information, and new resources to grow and strengthen our user - group. The new site will also allow the project to accept and manage - new forms of financial support, including automatic subscriptions to - sustain development long term.

- -

Designing, building and populating the new site will take a few - months, and in order to cover the costs there will be - a crowd-funding campaign with a modest target, in - early December. We have some rewards up our sleeves for those who - donate.

- -

When that time comes, we'll need your help - - telling your contacts, forwarding the announcement to your - communities, and contributing financially if you can.

- -

You can subscribe to updates about the campaign using this - form. This is separate to other GnuPG mailing lists - update will be - sent here, and only here.

- - - - - -
-
- - -
- -
- -
-

New blog, first post

- -
Posted 30th October 2013 by Sam Tuke
- -

Welcome to Gnu Privacy Guard's new blog! We're planning some - major changes to gnupg.org and how the project communicates in - general. I'm Sam, and I'll be writing updates here as our work - progresses. In future this blog will be replaced with a more - beautiful and featureful alternative, but bear with us as we get - from here to there.

- -

For more timely updates you can follow our Twitter - accounts: @GnuPrivacyGuard - and @GnuPG. - That's right, we have two! But I'm going to combine them shortly so - it's easier to keep track [UPDATE: accounts now merged! - Stick with @GnuPG].

- -

For more information, see - our press - contact page hosted on Totem. That's all for now.

- -
- - - -		 
  
 
-
  -
- - + - - -
+ + + - - - - - - - - - -
 Technical resources for this
- service are sponsered by		 
  - OpenIT -  
-
- -

- - Valid XHTML 1.0! -     - - Digital Respect for the Masses -     - - Peace! -     - - Valid CSS! -

- - - - -
- - - - - - +
Links + +  
  
 
+ + + + + + + + + + + + + + + + + + + +
+ +

Blog

+ +
+ +

Preparing for launch

+ +
Posted 13th December 2013 by Sam Tuke
+ +

Mid December, giving season, and nearly time for the GnuPG Crowdfunding to commence. We've been working hard on preparations. Drafts of the new mobile website design have been published and met positive feedback, and a community-contibuted promo video was posted on YouTube. GnuPG coverage on Twitter continues to grow with many articles (The Guardian, Kaspersky Labs, The EFF, Lifehacker, ...) and 252 new followers in 6 weeks.

+ +
+ +
+ +
+ +

New mobile site draft

+
+ +

Last Friday I announced the crowdfunding to a crowded audience at Berlin event "Whatever happened to privacy", and Markus Beckedahl (Netzpolitik) and Jacob Appelbaum (Tor Project and Wikileaks) amplified the importance of supporting the project. Hugo Roy (FSFE) gave a talk on Wednesday about the campaign at the Paris 'Hackadon' - a new conference for Free Software giving, organised by three crowdfunding organisations. His slides are online in the GPG presentations repository.

+ +

Hopefully the crowdfunding page on Goteo (a Free Software Kickstarter) will be ready for launch next week. Email me if you can help with translating the press release - we're aiming for at least three languages. And don't forget you can still sign up for email updates (form below). Thanks for all your support so far!

+ + + +
+ +
+ +
+ +

Friends tell friends they love GnuPG

+ +
Posted 13th November 2013 by Sam Tuke
+ +
+ +

GnuPG can run almost anywhere

+
+ +

Email encryption is one of those pleasures that can't be enjoyed alone. Sending yourself messages secured with 4096-bit RSA is great for proof of concept, but meaningful communication requires two parties. GnuPG requires both those parties to have their own keys.

+ +

Less than 1% of all email traffic is PGP encrypted, meaning that those of us who do make our messages private routinely find ourselves in the frustrating predicament of having to share our thoughts insecurely, even though we know they're being intercepted, even though this is easily avoidable, and even though we've already taken steps to do so. All because our friends and colleagues don't know the benefits of GnuPG.

+ +

Windows, Gnu/Linux, Mac, and Android all have point and click GnuPG interfaces - at this point, all bases except iPhone are more or less covered. That means the reason your contacts aren't OpenPGP ready is not technical. And because GnuPG is Free Software (and free of charge), it can't be about price.

+ +

A recommendation from you is the most effective way you can increase the number of GnuPG users, and consequently increase the percentage of the messages you send that are meaningfully encrypted. That's why we're asking people in our community to think of pithy explanations of why GnuPG is important and how it enables them.

+ +

We've already got quotes from some big names like Bruce Schneier, Jacob Appelbaum, and Richard Stallman. But the chances are that your name carries more weight among your peers. Please use it to share your appreciation for GnuPG!

+ +

If you use social networks, you can use #iloveGPG to connect your messages to other people's, and make is easier for us to find and repeat them.

+ +

Look out for weekly quotes posted from the GnuPG Twitter and Diaspora accounts if you need inspiration. Let's fill up the keyservers with fresh keys from new users!

+ +
+ +
+ +

Securing the future of GPG

+ +
Posted 5th November 2013 by Sam Tuke
+ +

If you've noticed some changes around here, there's a good reason why. We have a plan for securing the long term stability of GnuPG development by giving more to our users, and asking more from them in return.

+ +

You already know that GnuPG is important, and as months of fresh government spying revelations go by, it's becoming obvious that GnuPG is one of the very few tools that can still be trusted to keep our data safe from the overwhelming efforts of international law enforcement. But developing GnuPG takes work - regular monitoring for newfound threats and exploits, and new features to keep it sharp with the latest encryption algorithms. We also need to reach out to the millions of potential GnuPG users who are asking themselves how they can make their email secure. Public-private key cryptography hasn't yet gained mainstream acceptance, but it could if it were just a little more appealing and accessible.

+ +

To maintain progress within the project we need to make it easier for GnuPG users to support the work that we do. Ours is an app that is often hidden from view, relied upon daily by hundreds of thousands of people, often in life-threatening circumstances, yet low profile and rarely supported by publicity or donations.

+ +

To change that we're going to launch a new website with a fresh design, more friendly and accessible information, and new resources to grow and strengthen our user group. The new site will also allow the project to accept and manage new forms of financial support, including automatic subscriptions to sustain development long term.

+ +

Designing, building and populating the new site will take a few months, and in order to cover the costs there will be a crowd-funding campaign with a modest target, in early December. We have some rewards up our sleeves for those who donate.

+ +

When that time comes, we'll need your help - telling your contacts, forwarding the announcement to your communities, and contributing financially if you can.

+ +

You can subscribe to updates about the campaign using this form. This is separate to other GnuPG mailing lists - update will be sent here, and only here.

+ + + +
+ +
+ +
+ +

New blog, first post

+ +
Posted 30th October 2013 by Sam Tuke
+ +

Welcome to Gnu Privacy Guard's new blog! We're planning some major changes to gnupg.org and how the project communicates in general. I'm Sam, and I'll be writing updates here as our work progresses. In future this blog will be replaced with a more beautiful and featureful alternative, but bear with us as we get from here to there.

+ +

For more timely updates you can follow our Twitter accounts: @GnuPrivacyGuard and @GnuPG. That's right, we have two! But I'm going to combine them shortly so it's easier to keep track [UPDATE: accounts now merged! Stick with @GnuPG].

+ +

For more information, see our press contact page hosted on Totem. That's all for now.

+ +
+ + 		 
  
 
+ + + + + +   + +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+ + + + + + + + + + ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/img/mobile-front-page.png | Bin 0 -> 52816 bytes misc/blog.gnupg.org/index.html | 578 +++++++++++-------------- 2 files changed, 262 insertions(+), 316 deletions(-) create mode 100644 misc/blog.gnupg.org/img/mobile-front-page.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 14:56:09 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 13 Dec 2013 14:56:09 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-438-g764643a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 764643a3d5634bcbc47790bd8505f6a1a5280d9c (commit) via 413bfc4dd358be4728f856292e545fc67078fed8 (commit) from e41d605ee41469e8a33cdc4d38f742cfb931f835 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 764643a3d5634bcbc47790bd8505f6a1a5280d9c Author: Werner Koch Date: Fri Dec 13 14:52:21 2013 +0100 Update license information * LICENSES: New. * Makefile.am (EXTRA_DIST): Add LICENSES. * AUTHORS: Add list of copyright holders. * README: Reference AUTHORS. Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index fcc992c..dc933dc 100644 --- a/AUTHORS +++ b/AUTHORS @@ -6,8 +6,32 @@ Security related bug reports: License (library): LGPLv2.1+ License (manual and tools): GPLv2+ -Libgcrypt used to be part of GnuPG but has been taken out into its own -package on 2000-12-21. +Libgcrypt is free software. See the files COPYING.LIB and COPYING for +copying conditions, and LICENSES for notices about a few contributions +that require these additional notices to be distributed. License +copyright years may be listed using range notation, e.g., 2000-2013, +indicating that every year in the range, inclusive, is a copyrightable +year that would otherwise be listed individually. + + +List of Copyright holders +========================= + + Copyright (C) 1989,1991-2012 Free Software Foundation, Inc. + Copyright (C) 1994 X Consortium + Copyright (C) 1996 L. Peter Deutsch + Copyright (C) 1997 Werner Koch + Copyright (C) 1998 The Internet Society + Copyright (C) 1996-1999 Peter Gutmann, Paul Kendall, and Chris Wedgwood + Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett + Copyright (C) 2003 Nikos Mavroyanopoulos + Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) + Copyright (C) 2012-2013 g10 Code GmbH + Copyright (C) 2012 Simon Josefsson, Niels M?ller + Copyright (c) 2012 Intel Corporation + Copyright (C) 2013 Christian Grothoff + Copyright (C) 2013 Jussi Kivilinna + Copyright (C) 2013 Dmitry Eremin-Solenikov Authors with a FSF copyright assignment @@ -145,6 +169,10 @@ Werner Koch (g10 Code GmbH) More credits ============ + +Libgcrypt used to be part of GnuPG but has been taken out into its own +package on 2000-12-21. + The ATH implementation (src/ath*) has been taken from GPGME and relicensed to the LGPL by the copyright holder of GPGME (g10 Code GmbH); it is now considered to be a part of Libgcrypt. @@ -168,7 +196,7 @@ It has a permissive license and is copyrighted by atsec information security corporation. See the file for details. The file salsa20.c is based on D.J. Bernstein's public domain code and -taken from Nettle. Copyright 2007 Simon Josefsson and Niels M?ller. +taken from Nettle. Copyright 2012 Simon Josefsson and Niels M?ller. This file is free software; as a special exception the author gives diff --git a/LICENSES b/LICENSES new file mode 100644 index 0000000..8594cfd --- /dev/null +++ b/LICENSES @@ -0,0 +1,134 @@ +Additional license notices for Libgcrypt. -*- org -*- + +This file contains the copying permission notices for various files in +the Libgcrypt distribution which are not covered by the GNU Lesser +General Public License (LGPL) or the GNU General Public License (GPL). + +These notices all require that a copy of the notice be included +in the accompanying documentation and be distributed with binary +distributions of the code, so be sure to include this file along +with any binary distributions derived from the GNU C Library. + +* BSD_3Clause + + For files: + - cipher/sha256-ssse3-amd64.S + - cipher/sha512-avx-amd64.S + - cipher/sha512-avx2-bmi2-amd64.S + - cipher/sha512-ssse3-amd64.S + +#+begin_quote + Copyright (c) 2012, Intel Corporation + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + + * Neither the name of the Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + + THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +#+end_quote + +* Simple permissive licenses + + For files: + - cipher/crc.c + +#+begin_quote + Copyright (c) 1996 L. Peter Deutsch + + Permission is granted to copy and distribute this document for + any purpose and without charge, including translations into + other languages and incorporation into compilations, provided + that the copyright notice and this notice are preserved, and + that any substantive changes or deletions from the original are + clearly marked. +#+end_quote + +* IETF permissive licenses + + For files: + - cipher/crc.c + +#+begin_quote + Copyright (C) The Internet Society (1998). All Rights Reserved. + + This document and translations of it may be copied and furnished + to others, and derivative works that comment on or otherwise + explain it or assist in its implementation may be prepared, + copied, published and distributed, in whole or in part, without + restriction of any kind, provided that the above copyright notice + and this paragraph are included on all such copies and derivative + works. However, this document itself may not be modified in any + way, such as by removing the copyright notice or references to + the Internet Society or other Internet organizations, except as + needed for the purpose of developing Internet standards in which + case the procedures for copyrights defined in the Internet + Standards process must be followed, or as required to translate + it into languages other than English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on + an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE + OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY + IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR + PURPOSE. +#+end_quote + +* X License + + For files: + - install.sh + +#+begin_quote + Copyright (C) 1994 X Consortium + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to + deal in the Software without restriction, including without limitation the + rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN + AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- + TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + Except as contained in this notice, the name of the X Consortium shall not + be used in advertising or otherwise to promote the sale, use or other deal- + ings in this Software without prior written authorization from the X Consor- + tium. +#+end_quote diff --git a/Makefile.am b/Makefile.am index f1dbd09..7fb7b50 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,7 +27,7 @@ GITLOG_TO_CHANGELOG=gitlog-to-changelog DIST_SUBDIRS = m4 compat mpi cipher random src doc tests SUBDIRS = compat mpi cipher random src doc tests -EXTRA_DIST = autogen.sh README.GIT \ +EXTRA_DIST = autogen.sh README.GIT LICENSES \ ChangeLog-2011 scripts/ChangeLog-2011 doc/ChangeLog-2011 \ m4/ChangeLog-2011 cipher/ChangeLog-2011 src/ChangeLog-2011 \ random/ChangeLog-2011 tests/ChangeLog-2011 mpi/ChangeLog-2011 \ diff --git a/README b/README index 1778951..ff3ce9c 100644 --- a/README +++ b/README @@ -2,19 +2,11 @@ ------------------------------------ Version 1.6 - !!! THIS IS A DEVELOPMENT VERSION VERSION !!! - - Copyright 2000, 2002, 2003, 2004, 2007, 2008, 2009, - 2011, 2012 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + Copyright (C) 1989,1991-2012 Free Software Foundation, Inc. + Libgcrypt is free software. See the file AUTHORS for full copying + notices, and LICENSES for notices about contributions that require + these additional notices to be distributed. Overview commit 413bfc4dd358be4728f856292e545fc67078fed8 Author: Werner Koch Date: Fri Dec 13 10:53:26 2013 +0100 doc: Minor manual fix. -- diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 410c45d..dc42950 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4922,7 +4922,7 @@ may be used: @deftypefun void gcry_mpi_randomize (@w{gcry_mpi_t @var{w}}, @w{unsigned int @var{nbits}}, @w{enum gcry_random_level @var{level}}) -Set the multi-precision-integers @var{w} to a random value of +Set the multi-precision-integers @var{w} to a random non-negative number of @var{nbits}, using random data quality of level @var{level}. In case @var{nbits} is not a multiple of a byte, @var{nbits} is rounded up to the next byte boundary. When using a @var{level} of ----------------------------------------------------------------------- Summary of changes: AUTHORS | 34 ++++++++++++-- LICENSES | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Makefile.am | 2 +- README | 16 ++----- doc/gcrypt.texi | 2 +- 5 files changed, 171 insertions(+), 17 deletions(-) create mode 100644 LICENSES hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 15:18:20 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 13 Dec 2013 15:18:20 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8e421cc848951159ad81ae9c204ecb7674527b53 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8e421cc848951159ad81ae9c204ecb7674527b53 (commit) via e9c6c27f0592d3624d00d84902e3d4140e9c4b85 (commit) from 5e6df88601381e7db84361af8792f06bc694fdab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8e421cc848951159ad81ae9c204ecb7674527b53 Author: Werner Koch Date: Fri Dec 13 15:16:04 2013 +0100 Added entry "preparing for launch" again. The first commit removed the changes to make the source easy readable. This one fixes that. diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 410ea92..50618c9 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -69,7 +69,83 @@ -

Blogs

+

Blogs

+ +
+

Preparing for launch

+ +
Posted 13th December 2013 by Sam Tuke
+ +

Mid December, giving season, and nearly time for the GnuPG + Crowdfunding to commence. We've been working hard on + preparations. Drafts of the new mobile website design have been + published and met positive feedback, and a community-contibuted + promo video was posted on YouTube. GnuPG coverage on Twitter + continues to grow with many articles + (The + Guardian, Kaspersky + Labs, The + EFF, Lifehacker, + ...) and 252 new followers in 6 weeks.

+ +
+ +
+ +
+ +

New mobile site draft

+
+ +

Last Friday I announced the crowdfunding to a crowded audience at + Berlin event + "Whatever + happened to privacy", and Markus Beckedahl + (Netzpolitik) + and Jacob + Appelbaum (Tor Project and Wikileaks) amplified the importance + of supporting the project. Hugo Roy (FSFE) gave a talk on Wednesday + about the campaign at the Paris + 'Hackadon' - a new conference for + Free Software giving, organised by three + crowdfunding + organisations. His slides are online in the + GPG presentations + repository.

+ +

Hopefully the crowdfunding page on Goteo (a Free Software + Kickstarter) will be ready for launch next week. Email me if you can + help with translating the press release - we're aiming for at least + three languages. And don't forget you can still sign up for email + updates (form below). Thanks for all your support so far!

+ + + + + +
+
+ + +
+ +
+

Date: Fri Dec 13 15:07:17 2013 +0100 Revert "Added new entry "preparing for launch"" This reverts commit 3dc5d0dc2f6d412268392c5051186d9514000094. diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 3d42677..410ea92 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -1,268 +1,321 @@ - - - - - Blog - Gnu Privacy Guard - - - - - - - - - - - - + + + Blog - Gnu Privacy Guard + + + +
- - - - - - - - - - - - - - - - - -
  - - [GnuPG Logo] - -   
- · English ·   -    
-
++ + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + - - - - - - - - + + + + + + - -
- - - - - - - - - - - - - - - -
Links - -  
  
 
- 		- - - - - - - - - - - - - - - - -
- -

Blog

- -
- -

Preparing for launch

- -
Posted 13th December 2013 by Sam Tuke
- -

Mid December, giving season, and nearly time for the GnuPG Crowdfunding to commence. We've been working hard on preparations. Drafts of the new mobile website design have been published and met positive feedback, and a community-contibuted promo video was posted on YouTube. GnuPG coverage on Twitter continues to grow with many articles (The Guardian, Kaspersky Labs, The EFF, Lifehacker, ...) and 252 new followers in 6 weeks.

- -
- -
- -
- -

New mobile site draft

-
- -

Last Friday I announced the crowdfunding to a crowded audience at Berlin event "Whatever happened to privacy", and Markus Beckedahl (Netzpolitik) and Jacob Appelbaum (Tor Project and Wikileaks) amplified the importance of supporting the project. Hugo Roy (FSFE) gave a talk on Wednesday about the campaign at the Paris 'Hackadon' - a new conference for Free Software giving, organised by three crowdfunding organisations. His slides are online in the GPG presentations repository.

- -

Hopefully the crowdfunding page on Goteo (a Free Software Kickstarter) will be ready for launch next week. Email me if you can help with translating the press release - we're aiming for at least three languages. And don't forget you can still sign up for email updates (form below). Thanks for all your support so far!

- - - -
- -
- -
- -

Friends tell friends they love GnuPG

- -
Posted 13th November 2013 by Sam Tuke
- -
- -

GnuPG can run almost anywhere

-
- -

Email encryption is one of those pleasures that can't be enjoyed alone. Sending yourself messages secured with 4096-bit RSA is great for proof of concept, but meaningful communication requires two parties. GnuPG requires both those parties to have their own keys.

- -

Less than 1% of all email traffic is PGP encrypted, meaning that those of us who do make our messages private routinely find ourselves in the frustrating predicament of having to share our thoughts insecurely, even though we know they're being intercepted, even though this is easily avoidable, and even though we've already taken steps to do so. All because our friends and colleagues don't know the benefits of GnuPG.

- -

Windows, Gnu/Linux, Mac, and Android all have point and click GnuPG interfaces - at this point, all bases except iPhone are more or less covered. That means the reason your contacts aren't OpenPGP ready is not technical. And because GnuPG is Free Software (and free of charge), it can't be about price.

- -

A recommendation from you is the most effective way you can increase the number of GnuPG users, and consequently increase the percentage of the messages you send that are meaningfully encrypted. That's why we're asking people in our community to think of pithy explanations of why GnuPG is important and how it enables them.

- -

We've already got quotes from some big names like Bruce Schneier, Jacob Appelbaum, and Richard Stallman. But the chances are that your name carries more weight among your peers. Please use it to share your appreciation for GnuPG!

- -

If you use social networks, you can use #iloveGPG to connect your messages to other people's, and make is easier for us to find and repeat them.

- -

Look out for weekly quotes posted from the GnuPG Twitter and Diaspora accounts if you need inspiration. Let's fill up the keyservers with fresh keys from new users!

- -
- -
- -

Securing the future of GPG

- -
Posted 5th November 2013 by Sam Tuke
- -

If you've noticed some changes around here, there's a good reason why. We have a plan for securing the long term stability of GnuPG development by giving more to our users, and asking more from them in return.

- -

You already know that GnuPG is important, and as months of fresh government spying revelations go by, it's becoming obvious that GnuPG is one of the very few tools that can still be trusted to keep our data safe from the overwhelming efforts of international law enforcement. But developing GnuPG takes work - regular monitoring for newfound threats and exploits, and new features to keep it sharp with the latest encryption algorithms. We also need to reach out to the millions of potential GnuPG users who are asking themselves how they can make their email secure. Public-private key cryptography hasn't yet gained mainstream acceptance, but it could if it were just a little more appealing and accessible.

- -

To maintain progress within the project we need to make it easier for GnuPG users to support the work that we do. Ours is an app that is often hidden from view, relied upon daily by hundreds of thousands of people, often in life-threatening circumstances, yet low profile and rarely supported by publicity or donations.

- -

To change that we're going to launch a new website with a fresh design, more friendly and accessible information, and new resources to grow and strengthen our user group. The new site will also allow the project to accept and manage new forms of financial support, including automatic subscriptions to sustain development long term.

- -

Designing, building and populating the new site will take a few months, and in order to cover the costs there will be a crowd-funding campaign with a modest target, in early December. We have some rewards up our sleeves for those who donate.

- -

When that time comes, we'll need your help - telling your contacts, forwarding the announcement to your communities, and contributing financially if you can.

- -

You can subscribe to updates about the campaign using this form. This is separate to other GnuPG mailing lists - update will be sent here, and only here.

- - - -
- -
- -
- -

New blog, first post

- -
Posted 30th October 2013 by Sam Tuke
- -

Welcome to Gnu Privacy Guard's new blog! We're planning some major changes to gnupg.org and how the project communicates in general. I'm Sam, and I'll be writing updates here as our work progresses. In future this blog will be replaced with a more beautiful and featureful alternative, but bear with us as we get from here to there.

- -

For more timely updates you can follow our Twitter accounts: @GnuPrivacyGuard and @GnuPG. That's right, we have two! But I'm going to combine them shortly so it's easier to keep track [UPDATE: accounts now merged! Stick with @GnuPG].

- -

For more information, see our press contact page hosted on Totem. That's all for now.

- -
- - 		 
  
 
- -
  -
- - - - - - - - - - - - -
 Technical resources for this
- service are sponsered by		 
  - OpenIT -  
-
- -

- - - Valid XHTML 1.0! -     - - Digital Respect for the Masses -     - - Peace! -     - - Valid CSS! -

- - - -
- 		Links + +  
  
- - - - - - +
 
+ + + + + + + + + + + + + + + + + + +
+ + + +

Blogs

+ +
+

Friends tell friends they love GnuPG

+ +
Posted 13th November 2013 by Sam Tuke
+ +
+ +

GnuPG can run almost anywhere

+
+ +

Email encryption is one of those pleasures that can't be enjoyed + alone. Sending yourself messages secured with 4096-bit RSA is great + for proof of concept, but meaningful communication requires two + parties. GnuPG requires both those parties to have their own + keys.

+ +

Less than 1% of all email + traffic is PGP encrypted, meaning that those of us who do make our + messages private routinely find ourselves in the frustrating + predicament of having to share our thoughts insecurely, even though + we know they're being intercepted, even though this is easily + avoidable, and even though we've already taken steps to do so. All + because our friends and colleagues don't know the + benefits of GnuPG.

+ +

Windows, Gnu/Linux, Mac, and Android all have point and click + GnuPG interfaces - at this point, all bases except iPhone are more + or less covered. That means the reason your contacts aren't OpenPGP + ready is not technical. And because GnuPG is Free + Software (and free of charge), it can't be about price.

+ +

A recommendation from you is the most effective way you can + increase the number of GnuPG users, and consequently increase the + percentage of the messages you send that are meaningfully + encrypted. That's why we're asking people in our community to think + of pithy explanations of why GnuPG is important and how it enables + them.

+ +

We've already got quotes from some big names like Bruce Schneier, + Jacob Appelbaum, and Richard Stallman. But the chances are + that your name carries more weight among your + peers. Please use it to share your appreciation for GnuPG!

+ +

If you use social networks, you can + use #iloveGPG to connect your messages to other + people's, and make is easier for us to find and repeat them.

+ +

Look out for weekly quotes posted from the + GnuPG Twitter + and Diaspora + accounts if you need inspiration. Let's fill up + the keyservers + with fresh keys from new users!

+ +
+ +
+

Securing the future of GPG

+
Posted 5th November 2013 by Sam Tuke
+ +

If you've noticed some changes around here, there's a good reason + why. We have a plan for securing the long term stability of GnuPG + development by giving more to our users, and asking more from them + in return.

+ +

You already know that GnuPG is important, and as months of fresh + government spying revelations go by, it's becoming obvious that + GnuPG is one of the very few tools that can still be trusted to keep + our data safe from the overwhelming efforts of international law + enforcement. But developing GnuPG takes work - regular monitoring + for newfound threats and exploits, and new features to keep it sharp + with the latest encryption algorithms. We also need to reach out to + the millions of potential GnuPG users who are asking themselves how + they can make their email secure. Public-private key cryptography + hasn't yet gained mainstream acceptance, but it could if it were + just a little more appealing and accessible.

+ +

To maintain progress within the project we need to make it easier + for GnuPG users to support the work that we do. Ours is an app that + is often hidden from view, relied upon daily by hundreds of + thousands of people, often in life-threatening circumstances, yet + low profile and rarely supported by publicity or donations.

+ +

To change that we're going to launch a new + website with a fresh design, more friendly and accessible + information, and new resources to grow and strengthen our user + group. The new site will also allow the project to accept and manage + new forms of financial support, including automatic subscriptions to + sustain development long term.

+ +

Designing, building and populating the new site will take a few + months, and in order to cover the costs there will be + a crowd-funding campaign with a modest target, in + early December. We have some rewards up our sleeves for those who + donate.

+ +

When that time comes, we'll need your help - + telling your contacts, forwarding the announcement to your + communities, and contributing financially if you can.

+ +

You can subscribe to updates about the campaign using this + form. This is separate to other GnuPG mailing lists - update will be + sent here, and only here.

+ + + + + +
+
+ + +
+ +
+ +
+

New blog, first post

+ +
Posted 30th October 2013 by Sam Tuke
+ +

Welcome to Gnu Privacy Guard's new blog! We're planning some + major changes to gnupg.org and how the project communicates in + general. I'm Sam, and I'll be writing updates here as our work + progresses. In future this blog will be replaced with a more + beautiful and featureful alternative, but bear with us as we get + from here to there.

+ +

For more timely updates you can follow our Twitter + accounts: @GnuPrivacyGuard + and @GnuPG. + That's right, we have two! But I'm going to combine them shortly so + it's easier to keep track [UPDATE: accounts now merged! + Stick with @GnuPG].

+ +

For more information, see + our press + contact page hosted on Totem. That's all for now.

+ +
+ + + +		 
  
 
+ + + +  + +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+ + + + + + + + + + ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/index.html | 653 ++++++++++++++++++++++++---------------- 1 file changed, 391 insertions(+), 262 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 15:19:06 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 13 Dec 2013 15:19:06 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-439-g04615cc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 04615cc6803cdede25fa92e3ff697e252a23cd7a (commit) from 764643a3d5634bcbc47790bd8505f6a1a5280d9c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 04615cc6803cdede25fa92e3ff697e252a23cd7a Author: Jussi Kivilinna Date: Fri Dec 13 16:14:05 2013 +0200 Add missing register clearing in to SHA-256 and SHA-512 assembly * cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return. * cipher/sha512-avx-amd64.S: Ditto. * cipher/sha512-avx2-bmi2-amd64.S: Ditto. * cipher/sha512-ssse3-amd64.S: Ditto. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha256-ssse3-amd64.S b/cipher/sha256-ssse3-amd64.S index 06070d1..bcf0e19 100644 --- a/cipher/sha256-ssse3-amd64.S +++ b/cipher/sha256-ssse3-amd64.S @@ -481,6 +481,20 @@ _gcry_sha256_transform_amd64_ssse3: cmp INP, [rsp + _INP_END] jne .Loop0 + pxor xmm0, xmm0 + pxor xmm1, xmm1 + pxor xmm2, xmm2 + pxor xmm3, xmm3 + pxor xmm4, xmm4 + pxor xmm5, xmm5 + pxor xmm6, xmm6 + pxor xmm7, xmm7 + pxor xmm8, xmm8 + pxor xmm9, xmm9 + pxor xmm10, xmm10 + pxor xmm11, xmm11 + pxor xmm12, xmm12 + .Ldone_hash: add rsp, STACK_SIZE diff --git a/cipher/sha512-avx-amd64.S b/cipher/sha512-avx-amd64.S index 691d771..900936e 100644 --- a/cipher/sha512-avx-amd64.S +++ b/cipher/sha512-avx-amd64.S @@ -267,6 +267,8 @@ _gcry_sha512_transform_amd64_avx: cmp msglen, 0 je .Lnowork + vzeroupper + /* Allocate Stack Space */ sub rsp, frame_size @@ -346,6 +348,18 @@ _gcry_sha512_transform_amd64_avx: /* Restore Stack Pointer */ add rsp, frame_size + vzeroupper + pxor xmm0, xmm0 + pxor xmm1, xmm1 + pxor xmm2, xmm2 + pxor xmm3, xmm3 + pxor xmm4, xmm4 + pxor xmm5, xmm5 + pxor xmm6, xmm6 + pxor xmm7, xmm7 + pxor xmm8, xmm8 + pxor xmm9, xmm9 + /* Return stack burn depth */ mov rax, frame_size diff --git a/cipher/sha512-avx2-bmi2-amd64.S b/cipher/sha512-avx2-bmi2-amd64.S index 878c41b..9ece4fd 100644 --- a/cipher/sha512-avx2-bmi2-amd64.S +++ b/cipher/sha512-avx2-bmi2-amd64.S @@ -604,6 +604,8 @@ _gcry_sha512_transform_amd64_avx2: cmp rdx, 0 je .Lnowork + vzeroupper + /* Allocate Stack Space */ mov rax, rsp sub rsp, frame_size @@ -717,6 +719,18 @@ _gcry_sha512_transform_amd64_avx2: /* Restore Stack Pointer */ mov rsp, [rsp + frame_RSPSAVE] + vzeroupper + pxor xmm0, xmm0 + pxor xmm1, xmm1 + pxor xmm2, xmm2 + pxor xmm3, xmm3 + pxor xmm4, xmm4 + pxor xmm5, xmm5 + pxor xmm6, xmm6 + pxor xmm7, xmm7 + pxor xmm8, xmm8 + pxor xmm9, xmm9 + mov rax, frame_size .Lnowork: ret diff --git a/cipher/sha512-ssse3-amd64.S b/cipher/sha512-ssse3-amd64.S index 2a719e5..4c80baa 100644 --- a/cipher/sha512-ssse3-amd64.S +++ b/cipher/sha512-ssse3-amd64.S @@ -348,6 +348,13 @@ _gcry_sha512_transform_amd64_ssse3: /* Restore Stack Pointer */ add rsp, frame_size + pxor xmm0, xmm0 + pxor xmm1, xmm1 + pxor xmm2, xmm2 + pxor xmm3, xmm3 + pxor xmm4, xmm4 + pxor xmm5, xmm5 + /* Return stack burn depth */ mov rax, frame_size ----------------------------------------------------------------------- Summary of changes: cipher/sha256-ssse3-amd64.S | 14 ++++++++++++++ cipher/sha512-avx-amd64.S | 14 ++++++++++++++ cipher/sha512-avx2-bmi2-amd64.S | 14 ++++++++++++++ cipher/sha512-ssse3-amd64.S | 7 +++++++ 4 files changed, 49 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 15:42:11 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Fri, 13 Dec 2013 15:42:11 +0100 Subject: [git] gnupg-doc - branch, master, updated. ea136bc73c5d637ef85b6b5c383a82a90d017eeb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ea136bc73c5d637ef85b6b5c383a82a90d017eeb (commit) from 8e421cc848951159ad81ae9c204ecb7674527b53 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ea136bc73c5d637ef85b6b5c383a82a90d017eeb Author: Sam Tuke Date: Fri Dec 13 15:40:41 2013 +0100 Added link to draft image diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 50618c9..d426712 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -95,8 +95,10 @@

- + +

New mobile site draft

----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/index.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 15:51:09 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 13 Dec 2013 15:51:09 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-440-gbe2238f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via be2238f68abcc6f2b4e8c38ad9141376ce622a22 (commit) from 04615cc6803cdede25fa92e3ff697e252a23cd7a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be2238f68abcc6f2b4e8c38ad9141376ce622a22 Author: Jussi Kivilinna Date: Fri Dec 13 12:47:56 2013 +0200 SHA-1: Add SSSE3 implementation * cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'. * cipher/sha1-ssse3-amd64.c: New. * cipher/sha1.c (USE_SSSE3): New. (SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. (sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'. (transform): Rename to... (_transform): this. (transform): New. * configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'. -- Patch adds SSSE3 implementation based on white paper "Improving the Performance of the Secure Hash Algorithm (SHA-1)" at http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1 Benchmarks: cpu Old New Diff Intel i5-4570 9.02 c/B 5.22 c/B 1.72x Intel i5-2450M 12.27 c/B 7.24 c/B 1.69x Intel Core2 T8100 7.94 c/B 6.76 c/B 1.17x Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 7c85af2..0477772 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -77,7 +77,7 @@ salsa20.c salsa20-amd64.S salsa20-armv7-neon.S \ scrypt.c \ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ -sha1.c \ +sha1.c sha1-ssse3-amd64.c \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha512.c sha512-ssse3-amd64.S sha512-armv7-neon.S \ stribog.c \ diff --git a/cipher/sha1-ssse3-amd64.c b/cipher/sha1-ssse3-amd64.c new file mode 100644 index 0000000..1342235 --- /dev/null +++ b/cipher/sha1-ssse3-amd64.c @@ -0,0 +1,319 @@ +/* sha1-ssse3-amd64.c - Intel SSSE3 accelerated SHA-1 transform function + * Copyright ? 2013 Jussi Kivilinna + * + * Based on sha1.c: + * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* + * Intel SSSE3 accelerated SHA-1 implementation based on white paper: + * "Improving the Performance of the Secure Hash Algorithm (SHA-1)" + * http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1 + */ + +#ifdef __x86_64__ +#include + +#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA1) + +#ifdef HAVE_STDINT_H +# include /* uintptr_t */ +#elif defined(HAVE_INTTYPES_H) +# include +#else +/* In this case, uintptr_t is provided by config.h. */ +#endif + +#include "bithelp.h" + + +/* Helper macro to force alignment to 16 bytes. */ +#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED +# define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) +#else +# define ATTR_ALIGNED_16 +#endif + + +typedef struct +{ + u32 h0,h1,h2,h3,h4; +} SHA1_STATE; + + +/* Round function macros. */ +#define K1 0x5A827999L +#define K2 0x6ED9EBA1L +#define K3 0x8F1BBCDCL +#define K4 0xCA62C1D6L +#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) +#define F2(x,y,z) ( x ^ y ^ z ) +#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) +#define F4(x,y,z) ( x ^ y ^ z ) +#define R(a,b,c,d,e,f,wk) do { e += rol( a, 5 ) \ + + f( b, c, d ) \ + + wk; \ + b = rol( b, 30 ); \ + } while(0) + +#define WK(i) (wk[i & 15]) + + +static const u32 K_XMM[4][4] ATTR_ALIGNED_16 = + { + { K1, K1, K1, K1 }, + { K2, K2, K2, K2 }, + { K3, K3, K3, K3 }, + { K4, K4, K4, K4 }, + }; +static const u32 bswap_shufb_ctl[4] ATTR_ALIGNED_16 = + { 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f }; + + +/* + * Transform 64 bytes (16 32-bit words) at DATA. + */ +unsigned int +_gcry_sha1_transform_amd64_ssse3 (void *ctx, const unsigned char *data) +{ + SHA1_STATE *state = ctx; + register u32 a, b, c, d, e; /* Local copies of the chaining variables. */ + byte wk_unaligned[4*16+15]; /* The array we work on. */ + u32 *wk = (u32 *)(wk_unaligned + + ((16 - ((uintptr_t)wk_unaligned & 15)) & 15)); + + /* Get the values of the chaining variables. */ + a = state->h0; + b = state->h1; + c = state->h2; + d = state->h3; + e = state->h4; + +#define Wtmp0 "xmm0" +#define Wtmp1 "xmm1" + +#define W0 "xmm2" +#define W1 "xmm3" +#define W2 "xmm4" +#define W3 "xmm5" +#define W4 "xmm6" +#define W5 "xmm7" +#define W6 "xmm8" +#define W7 "xmm9" + +#define BSWAP_REG "xmm10" + + __asm__ volatile ("movdqa %[bswap], %%"BSWAP_REG";\n\t" + :: [bswap] "m" (bswap_shufb_ctl[0])); + +#define W_PRECALC_00_15_0(i, W, tmp0) \ + __asm__ volatile ("movdqu %[data], %%"tmp0";\n\t" \ + ::[data] "m" (*(data+4*(i)))); + +#define W_PRECALC_00_15_1(i, W, tmp0) \ + __asm__ volatile ("pshufb %%"BSWAP_REG", %%"tmp0";\n\t" \ + "movdqa %%"tmp0", %%"W";\n\t" \ + ::: "cc"); + +#define W_PRECALC_00_15_2(i, W, tmp0) \ + __asm__ volatile ("paddd %[k_xmm], %%"tmp0";\n\t" \ + ::[k_xmm] "m" (K_XMM[i / 20][0])); + +#define W_PRECALC_00_15_3(i, W, tmp0) \ + __asm__ volatile ("movdqa %%"tmp0", %[wk];\n\t" \ + :[wk] "=m" (WK(i&~3))); + + /* Precalc 0-15. */ + W_PRECALC_00_15_0(0, W0, Wtmp0); + W_PRECALC_00_15_1(1, W0, Wtmp0); + W_PRECALC_00_15_2(2, W0, Wtmp0); + W_PRECALC_00_15_3(3, W0, Wtmp0); + W_PRECALC_00_15_0(4, W7, Wtmp0); + W_PRECALC_00_15_1(5, W7, Wtmp0); + W_PRECALC_00_15_2(6, W7, Wtmp0); + W_PRECALC_00_15_3(7, W7, Wtmp0); + W_PRECALC_00_15_0(8, W6, Wtmp0); + W_PRECALC_00_15_1(9, W6, Wtmp0); + W_PRECALC_00_15_2(10, W6, Wtmp0); + W_PRECALC_00_15_3(11, W6, Wtmp0); + W_PRECALC_00_15_0(12, W5, Wtmp0); + W_PRECALC_00_15_1(13, W5, Wtmp0); + W_PRECALC_00_15_2(14, W5, Wtmp0); + W_PRECALC_00_15_3(15, W5, Wtmp0); + +#define W_PRECALC_16_31_0(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + __asm__ volatile ("movdqa %%"W_m12", %%"W";\n\t" \ + "palignr $8, %%"W_m16", %%"W";\n\t" \ + "movdqa %%"W_m04", %%"tmp0";\n\t" \ + "psrldq $4, %%"tmp0";\n\t" \ + "pxor %%"W_m08", %%"W";\n\t" \ + :::"cc"); + +#define W_PRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + __asm__ volatile ("pxor %%"W_m16", %%"tmp0";\n\t" \ + "pxor %%"tmp0", %%"W";\n\t" \ + "movdqa %%"W", %%"tmp1";\n\t" \ + "movdqa %%"W", %%"tmp0";\n\t" \ + "pslldq $12, %%"tmp1";\n\t" \ + :::"cc"); + +#define W_PRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + __asm__ volatile ("psrld $31, %%"W";\n\t" \ + "pslld $1, %%"tmp0";\n\t" \ + "por %%"W", %%"tmp0";\n\t" \ + "movdqa %%"tmp1", %%"W";\n\t" \ + "psrld $30, %%"tmp1";\n\t" \ + "pslld $2, %%"W";\n\t" \ + :::"cc"); + +#define W_PRECALC_16_31_3(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + __asm__ volatile ("pxor %%"W", %%"tmp0";\n\t" \ + "pxor %%"tmp1", %%"tmp0";\n\t" \ + "movdqa %%"tmp0", %%"W";\n\t" \ + "paddd %[k_xmm], %%"tmp0";\n\t" \ + "movdqa %%"tmp0", %[wk];\n\t" \ + : [wk] "=m" (WK(i&~3)) \ + : [k_xmm] "m" (K_XMM[i / 20][0])); + + /* Transform 0-15 + Precalc 16-31. */ + R( a, b, c, d, e, F1, WK( 0) ); W_PRECALC_16_31_0(16, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( e, a, b, c, d, F1, WK( 1) ); W_PRECALC_16_31_1(17, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( d, e, a, b, c, F1, WK( 2) ); W_PRECALC_16_31_2(18, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( c, d, e, a, b, F1, WK( 3) ); W_PRECALC_16_31_3(19, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( b, c, d, e, a, F1, WK( 4) ); W_PRECALC_16_31_0(20, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( a, b, c, d, e, F1, WK( 5) ); W_PRECALC_16_31_1(21, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( e, a, b, c, d, F1, WK( 6) ); W_PRECALC_16_31_2(22, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( d, e, a, b, c, F1, WK( 7) ); W_PRECALC_16_31_3(23, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( c, d, e, a, b, F1, WK( 8) ); W_PRECALC_16_31_0(24, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( b, c, d, e, a, F1, WK( 9) ); W_PRECALC_16_31_1(25, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( a, b, c, d, e, F1, WK(10) ); W_PRECALC_16_31_2(26, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( e, a, b, c, d, F1, WK(11) ); W_PRECALC_16_31_3(27, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( d, e, a, b, c, F1, WK(12) ); W_PRECALC_16_31_0(28, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + R( c, d, e, a, b, F1, WK(13) ); W_PRECALC_16_31_1(29, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + R( b, c, d, e, a, F1, WK(14) ); W_PRECALC_16_31_2(30, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + R( a, b, c, d, e, F1, WK(15) ); W_PRECALC_16_31_3(31, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + +#define W_PRECALC_32_79_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + __asm__ volatile ("movdqa %%"W_m04", %%"tmp0";\n\t" \ + "pxor %%"W_m28", %%"W";\n\t" \ + "palignr $8, %%"W_m08", %%"tmp0";\n\t" \ + :::"cc"); + +#define W_PRECALC_32_79_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + __asm__ volatile ("pxor %%"W_m16", %%"W";\n\t" \ + "pxor %%"tmp0", %%"W";\n\t" \ + "movdqa %%"W", %%"tmp0";\n\t" \ + :::"cc"); + +#define W_PRECALC_32_79_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + __asm__ volatile ("psrld $30, %%"W";\n\t" \ + "pslld $2, %%"tmp0";\n\t" \ + "por %%"W", %%"tmp0";\n\t" \ + :::"cc"); + +#define W_PRECALC_32_79_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + __asm__ volatile ("movdqa %%"tmp0", %%"W";\n\t" \ + "paddd %[k_xmm], %%"tmp0";\n\t" \ + "movdqa %%"tmp0", %[wk];\n\t" \ + : [wk] "=m" (WK(i&~3)) \ + : [k_xmm] "m" (K_XMM[i / 20][0])); + + /* Transform 16-63 + Precalc 32-79. */ + R( e, a, b, c, d, F1, WK(16) ); W_PRECALC_32_79_0(32, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( d, e, a, b, c, F1, WK(17) ); W_PRECALC_32_79_1(33, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( c, d, e, a, b, F1, WK(18) ); W_PRECALC_32_79_2(34, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( b, c, d, e, a, F1, WK(19) ); W_PRECALC_32_79_3(35, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( a, b, c, d, e, F2, WK(20) ); W_PRECALC_32_79_0(36, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( e, a, b, c, d, F2, WK(21) ); W_PRECALC_32_79_1(37, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( d, e, a, b, c, F2, WK(22) ); W_PRECALC_32_79_2(38, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( c, d, e, a, b, F2, WK(23) ); W_PRECALC_32_79_3(39, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( b, c, d, e, a, F2, WK(24) ); W_PRECALC_32_79_0(40, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( a, b, c, d, e, F2, WK(25) ); W_PRECALC_32_79_1(41, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( e, a, b, c, d, F2, WK(26) ); W_PRECALC_32_79_2(42, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( d, e, a, b, c, F2, WK(27) ); W_PRECALC_32_79_3(43, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( c, d, e, a, b, F2, WK(28) ); W_PRECALC_32_79_0(44, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( b, c, d, e, a, F2, WK(29) ); W_PRECALC_32_79_1(45, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( a, b, c, d, e, F2, WK(30) ); W_PRECALC_32_79_2(46, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( e, a, b, c, d, F2, WK(31) ); W_PRECALC_32_79_3(47, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( d, e, a, b, c, F2, WK(32) ); W_PRECALC_32_79_0(48, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( c, d, e, a, b, F2, WK(33) ); W_PRECALC_32_79_1(49, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( b, c, d, e, a, F2, WK(34) ); W_PRECALC_32_79_2(50, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( a, b, c, d, e, F2, WK(35) ); W_PRECALC_32_79_3(51, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( e, a, b, c, d, F2, WK(36) ); W_PRECALC_32_79_0(52, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( d, e, a, b, c, F2, WK(37) ); W_PRECALC_32_79_1(53, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( c, d, e, a, b, F2, WK(38) ); W_PRECALC_32_79_2(54, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( b, c, d, e, a, F2, WK(39) ); W_PRECALC_32_79_3(55, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( a, b, c, d, e, F3, WK(40) ); W_PRECALC_32_79_0(56, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( e, a, b, c, d, F3, WK(41) ); W_PRECALC_32_79_1(57, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( d, e, a, b, c, F3, WK(42) ); W_PRECALC_32_79_2(58, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( c, d, e, a, b, F3, WK(43) ); W_PRECALC_32_79_3(59, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( b, c, d, e, a, F3, WK(44) ); W_PRECALC_32_79_0(60, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( a, b, c, d, e, F3, WK(45) ); W_PRECALC_32_79_1(61, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( e, a, b, c, d, F3, WK(46) ); W_PRECALC_32_79_2(62, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( d, e, a, b, c, F3, WK(47) ); W_PRECALC_32_79_3(63, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( c, d, e, a, b, F3, WK(48) ); W_PRECALC_32_79_0(64, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( b, c, d, e, a, F3, WK(49) ); W_PRECALC_32_79_1(65, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( a, b, c, d, e, F3, WK(50) ); W_PRECALC_32_79_2(66, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( e, a, b, c, d, F3, WK(51) ); W_PRECALC_32_79_3(67, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( d, e, a, b, c, F3, WK(52) ); W_PRECALC_32_79_0(68, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( c, d, e, a, b, F3, WK(53) ); W_PRECALC_32_79_1(69, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( b, c, d, e, a, F3, WK(54) ); W_PRECALC_32_79_2(70, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( a, b, c, d, e, F3, WK(55) ); W_PRECALC_32_79_3(71, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( e, a, b, c, d, F3, WK(56) ); W_PRECALC_32_79_0(72, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( d, e, a, b, c, F3, WK(57) ); W_PRECALC_32_79_1(73, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( c, d, e, a, b, F3, WK(58) ); W_PRECALC_32_79_2(74, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( b, c, d, e, a, F3, WK(59) ); W_PRECALC_32_79_3(75, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( a, b, c, d, e, F4, WK(60) ); W_PRECALC_32_79_0(76, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( e, a, b, c, d, F4, WK(61) ); W_PRECALC_32_79_1(77, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( d, e, a, b, c, F4, WK(62) ); W_PRECALC_32_79_2(78, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( c, d, e, a, b, F4, WK(63) ); W_PRECALC_32_79_3(79, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + +#define CLEAR_REG(reg) __asm__ volatile ("pxor %%"reg", %%"reg";\n\t":::"cc"); + + /* Transform 64-79 + Clear XMM registers. */ + R( b, c, d, e, a, F4, WK(64) ); CLEAR_REG(BSWAP_REG); + R( a, b, c, d, e, F4, WK(65) ); CLEAR_REG(Wtmp0); + R( e, a, b, c, d, F4, WK(66) ); CLEAR_REG(Wtmp1); + R( d, e, a, b, c, F4, WK(67) ); CLEAR_REG(W0); + R( c, d, e, a, b, F4, WK(68) ); CLEAR_REG(W1); + R( b, c, d, e, a, F4, WK(69) ); CLEAR_REG(W2); + R( a, b, c, d, e, F4, WK(70) ); CLEAR_REG(W3); + R( e, a, b, c, d, F4, WK(71) ); CLEAR_REG(W4); + R( d, e, a, b, c, F4, WK(72) ); CLEAR_REG(W5); + R( c, d, e, a, b, F4, WK(73) ); CLEAR_REG(W6); + R( b, c, d, e, a, F4, WK(74) ); CLEAR_REG(W7); + R( a, b, c, d, e, F4, WK(75) ); + R( e, a, b, c, d, F4, WK(76) ); + R( d, e, a, b, c, F4, WK(77) ); + R( c, d, e, a, b, F4, WK(78) ); + R( b, c, d, e, a, F4, WK(79) ); + + /* Update the chaining variables. */ + state->h0 += a; + state->h1 += b; + state->h2 += c; + state->h3 += d; + state->h4 += e; + + return /* burn_stack */ 84+15; +} + +#endif +#endif diff --git a/cipher/sha1.c b/cipher/sha1.c index 025b3ab..af57b19 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -43,6 +43,15 @@ #include "hash-common.h" +/* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ +#undef USE_SSSE3 +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +# define USE_SSSE3 1 +#endif + + /* A macro to test whether P is properly aligned for an u32 type. Note that config.h provides a suitable replacement for uintptr_t if it does not exist in stdint.h. */ @@ -56,6 +65,9 @@ typedef struct { gcry_md_block_ctx_t bctx; u32 h0,h1,h2,h3,h4; +#ifdef USE_SSSE3 + unsigned int use_ssse3:1; +#endif } SHA1_CONTEXT; static unsigned int @@ -78,6 +90,10 @@ sha1_init (void *context) hd->bctx.count = 0; hd->bctx.blocksize = 64; hd->bctx.bwrite = transform; + +#ifdef USE_SSSE3 + hd->use_ssse3 = (_gcry_get_hw_features () & HWF_INTEL_SSSE3) != 0; +#endif } @@ -107,7 +123,7 @@ sha1_init (void *context) * Transform NBLOCKS of each 64 bytes (16 32-bit words) at DATA. */ static unsigned int -transform (void *ctx, const unsigned char *data) +_transform (void *ctx, const unsigned char *data) { SHA1_CONTEXT *hd = ctx; const u32 *idata = (const void *)data; @@ -217,6 +233,27 @@ transform (void *ctx, const unsigned char *data) } +#ifdef USE_SSSE3 +unsigned int +_gcry_sha1_transform_amd64_ssse3 (void *state, const unsigned char *data); +#endif + + +static unsigned int +transform (void *ctx, const unsigned char *data) +{ + SHA1_CONTEXT *hd = ctx; + +#ifdef USE_SSSE3 + if (hd->use_ssse3) + return _gcry_sha1_transform_amd64_ssse3 (&hd->h0, data) + + 4 * sizeof(void*); +#endif + + return _transform (hd, data); +} + + /* The routine final terminates the computation and * returns the digest. * The handle is prepared for a new cycle, but adding bytes to the diff --git a/configure.ac b/configure.ac index b91240b..9088d02 100644 --- a/configure.ac +++ b/configure.ac @@ -1773,6 +1773,13 @@ GCRYPT_DIGESTS="$GCRYPT_DIGESTS rmd160.lo sha1.lo" AC_DEFINE(USE_RMD160, 1, [Defined if this module should be included]) AC_DEFINE(USE_SHA1, 1, [Defined if this module should be included]) +case "${host}" in + x86_64-*-*) + # Build with the assembly implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha1-ssse3-amd64.lo" + ;; +esac + LIST_MEMBER(scrypt, $enabled_kdfs) if test "$found" = "1" ; then GCRYPT_KDFS="$GCRYPT_KDFS scrypt.lo" ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 2 +- cipher/sha1-ssse3-amd64.c | 319 +++++++++++++++++++++++++++++++++++++++++++++ cipher/sha1.c | 39 +++++- configure.ac | 7 + 4 files changed, 365 insertions(+), 2 deletions(-) create mode 100644 cipher/sha1-ssse3-amd64.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 16:02:14 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Fri, 13 Dec 2013 16:02:14 +0100 Subject: [git] gnupg-doc - branch, master, updated. 881990dd1457372a1e5334e5df340f2e5858889d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 881990dd1457372a1e5334e5df340f2e5858889d (commit) from ea136bc73c5d637ef85b6b5c383a82a90d017eeb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 881990dd1457372a1e5334e5df340f2e5858889d Author: Sam Tuke Date: Fri Dec 13 16:02:10 2013 +0100 Added blog entry diff --git a/web/index.org b/web/index.org index e7bd97a..96fe038 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,11 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** Blog: Preparing for launch (2013-12-13) + +Mid December, giving season, and nearly time for the GnuPG Crowdfunding +to commence. We've been working hard on preparations ... +[[http://blog.gnupg.org/][{more}]] ** Blog: Friends tell friends they love GnuPG (2013-11-13) ----------------------------------------------------------------------- Summary of changes: web/index.org | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 13 21:49:36 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 13 Dec 2013 21:49:36 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-441-gd2b8532 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d2b853246c2ed056a92096d89c3ca057e45c9c92 (commit) from be2238f68abcc6f2b4e8c38ad9141376ce622a22 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2b853246c2ed056a92096d89c3ca057e45c9c92 Author: Jussi Kivilinna Date: Fri Dec 13 21:07:41 2013 +0200 Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm * cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to 'sha1-ssse3-amd64.S'. * cipher/sha1-ssse3-amd64.c: Remove. * cipher/sha1-ssse3-amd64.S: New. -- Mixed C&asm implementation appears to trigger GCC bugs easily. Therefore convert SSSE3 implementation to pure assembly for safety. Benchmark also show smallish speed improvement. cpu C&asm asm Intel i5-4570 5.22 c/B 5.09 c/B Intel i5-2450M 7.24 c/B 7.00 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 0477772..7d737e2 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -77,7 +77,7 @@ salsa20.c salsa20-amd64.S salsa20-armv7-neon.S \ scrypt.c \ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ -sha1.c sha1-ssse3-amd64.c \ +sha1.c sha1-ssse3-amd64.S \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha512.c sha512-ssse3-amd64.S sha512-armv7-neon.S \ stribog.c \ diff --git a/cipher/sha1-ssse3-amd64.S b/cipher/sha1-ssse3-amd64.S new file mode 100644 index 0000000..5165f3f --- /dev/null +++ b/cipher/sha1-ssse3-amd64.S @@ -0,0 +1,378 @@ +/* sha1-ssse3-amd64.c - Intel SSSE3 accelerated SHA-1 transform function + * Copyright ? 2013 Jussi Kivilinna + * + * Based on sha1.c: + * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* + * Intel SSSE3 accelerated SHA-1 implementation based on white paper: + * "Improving the Performance of the Secure Hash Algorithm (SHA-1)" + * http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1 + */ + +#ifdef __x86_64__ +#include + +#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA1) + +#ifdef __PIC__ +# define RIP (%rip) +#else +# define RIP +#endif + + +/* Context structure */ + +#define state_h0 0 +#define state_h1 4 +#define state_h2 8 +#define state_h3 12 +#define state_h4 16 + + +/* Constants */ + +.data +#define K1 0x5A827999 +#define K2 0x6ED9EBA1 +#define K3 0x8F1BBCDC +#define K4 0xCA62C1D6 +.align 16 +.LK_XMM: +.LK1: .long K1, K1, K1, K1 +.LK2: .long K2, K2, K2, K2 +.LK3: .long K3, K3, K3, K3 +.LK4: .long K4, K4, K4, K4 + +.Lbswap_shufb_ctl: + .long 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f + + +/* Register macros */ + +#define RSTATE %r8 +#define RDATA %r9 +#define ROLDSTACK %r10 + +#define a %eax +#define b %ebx +#define c %ecx +#define d %edx +#define e %edi + +#define RT0 %esi +#define RT1 %ebp + +#define Wtmp0 %xmm0 +#define Wtmp1 %xmm1 + +#define W0 %xmm2 +#define W1 %xmm3 +#define W2 %xmm4 +#define W3 %xmm5 +#define W4 %xmm6 +#define W5 %xmm7 +#define W6 %xmm8 +#define W7 %xmm9 + +#define BSWAP_REG %xmm10 + + +/* Round function macros. */ + +#define WK(i) (((i) & 15) * 4)(%rsp) + +#define R_F1(a,b,c,d,e,i) \ + movl c, RT0; \ + addl WK(i), e; \ + xorl d, RT0; \ + movl a, RT1; \ + andl b, RT0; \ + roll $30, b; \ + xorl d, RT0; \ + leal (RT0,e), e; \ + roll $5, RT1; \ + addl RT1, e; + +#define R_F2(a,b,c,d,e,i) \ + movl c, RT0; \ + addl WK(i), e; \ + xorl b, RT0; \ + roll $30, b; \ + xorl d, RT0; \ + movl a, RT1; \ + leal (RT0,e), e; \ + roll $5, RT1; \ + addl RT1, e; + +#define R_F3(a,b,c,d,e,i) \ + movl c, RT0; \ + movl b, RT1; \ + xorl b, RT0; \ + andl c, RT1; \ + andl d, RT0; \ + addl RT1, e; \ + addl WK(i), e; \ + roll $30, b; \ + movl a, RT1; \ + leal (RT0,e), e; \ + roll $5, RT1; \ + addl RT1, e; + +#define R_F4(a,b,c,d,e,i) R_F2(a,b,c,d,e,i) + +#define R(a,b,c,d,e,f,i) \ + R_##f(a,b,c,d,e,i) + + +/* Input expansion macros. */ + +#define W_PRECALC_00_15_0(i, W, tmp0) \ + movdqu (4*(i))(RDATA), tmp0; + +#define W_PRECALC_00_15_1(i, W, tmp0) \ + pshufb BSWAP_REG, tmp0; \ + movdqa tmp0, W; + +#define W_PRECALC_00_15_2(i, W, tmp0) \ + paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0; + +#define W_PRECALC_00_15_3(i, W, tmp0) \ + movdqa tmp0, WK(i&~3); + +#define W_PRECALC_16_31_0(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + movdqa W_m12, W; \ + palignr $8, W_m16, W; \ + movdqa W_m04, tmp0; \ + psrldq $4, tmp0; \ + pxor W_m08, W; + +#define W_PRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + pxor W_m16, tmp0; \ + pxor tmp0, W; \ + movdqa W, tmp1; \ + movdqa W, tmp0; \ + pslldq $12, tmp1; + +#define W_PRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + psrld $31, W; \ + pslld $1, tmp0; \ + por W, tmp0; \ + movdqa tmp1, W; \ + psrld $30, tmp1; \ + pslld $2, W; + +#define W_PRECALC_16_31_3(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ + pxor W, tmp0; \ + pxor tmp1, tmp0; \ + movdqa tmp0, W; \ + paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0; \ + movdqa tmp0, WK((i)&~3); + +#define W_PRECALC_32_79_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + movdqa W_m04, tmp0; \ + pxor W_m28, W; \ + palignr $8, W_m08, tmp0; + +#define W_PRECALC_32_79_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + pxor W_m16, W; \ + pxor tmp0, W; \ + movdqa W, tmp0; + +#define W_PRECALC_32_79_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + psrld $30, W; \ + pslld $2, tmp0; \ + por W, tmp0; + +#define W_PRECALC_32_79_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ + movdqa tmp0, W; \ + paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0; \ + movdqa tmp0, WK((i)&~3); + +#define CLEAR_REG(reg) pxor reg, reg; + + +/* + * Transform 64 bytes (16 32-bit words) at DATA. + * + * unsigned int + * _gcry_sha1_transform_amd64_ssse3 (void *ctx, const unsigned char *data) + */ +.text +.globl _gcry_sha1_transform_amd64_ssse3 +.type _gcry_sha1_transform_amd64_ssse3, at function +.align 16 +_gcry_sha1_transform_amd64_ssse3: + /* input: + * %rdi: ctx, CTX + * %rsi: data (64 bytes) + * %rdx: ... + */ + + movq %rdi, RSTATE; + movq %rsi, RDATA; + pushq %rbx; + pushq %rbp; + + movq %rsp, ROLDSTACK; + + subq $(16*4), %rsp; + andq $(~31), %rsp; + + /* Get the values of the chaining variables. */ + movl state_h0(RSTATE), a; + movl state_h1(RSTATE), b; + movl state_h2(RSTATE), c; + movl state_h3(RSTATE), d; + movl state_h4(RSTATE), e; + + movdqa .Lbswap_shufb_ctl RIP, BSWAP_REG; + + /* Precalc 0-15. */ + W_PRECALC_00_15_0(0, W0, Wtmp0); + W_PRECALC_00_15_1(1, W0, Wtmp0); + W_PRECALC_00_15_2(2, W0, Wtmp0); + W_PRECALC_00_15_3(3, W0, Wtmp0); + W_PRECALC_00_15_0(4, W7, Wtmp0); + W_PRECALC_00_15_1(5, W7, Wtmp0); + W_PRECALC_00_15_2(6, W7, Wtmp0); + W_PRECALC_00_15_3(7, W7, Wtmp0); + W_PRECALC_00_15_0(8, W6, Wtmp0); + W_PRECALC_00_15_1(9, W6, Wtmp0); + W_PRECALC_00_15_2(10, W6, Wtmp0); + W_PRECALC_00_15_3(11, W6, Wtmp0); + W_PRECALC_00_15_0(12, W5, Wtmp0); + W_PRECALC_00_15_1(13, W5, Wtmp0); + W_PRECALC_00_15_2(14, W5, Wtmp0); + W_PRECALC_00_15_3(15, W5, Wtmp0); + + /* Transform 0-15 + Precalc 16-31. */ + R( a, b, c, d, e, F1, 0 ); W_PRECALC_16_31_0(16, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( e, a, b, c, d, F1, 1 ); W_PRECALC_16_31_1(17, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( d, e, a, b, c, F1, 2 ); W_PRECALC_16_31_2(18, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( c, d, e, a, b, F1, 3 ); W_PRECALC_16_31_3(19, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); + R( b, c, d, e, a, F1, 4 ); W_PRECALC_16_31_0(20, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( a, b, c, d, e, F1, 5 ); W_PRECALC_16_31_1(21, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( e, a, b, c, d, F1, 6 ); W_PRECALC_16_31_2(22, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( d, e, a, b, c, F1, 7 ); W_PRECALC_16_31_3(23, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); + R( c, d, e, a, b, F1, 8 ); W_PRECALC_16_31_0(24, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( b, c, d, e, a, F1, 9 ); W_PRECALC_16_31_1(25, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( a, b, c, d, e, F1, 10 ); W_PRECALC_16_31_2(26, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( e, a, b, c, d, F1, 11 ); W_PRECALC_16_31_3(27, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); + R( d, e, a, b, c, F1, 12 ); W_PRECALC_16_31_0(28, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + R( c, d, e, a, b, F1, 13 ); W_PRECALC_16_31_1(29, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + R( b, c, d, e, a, F1, 14 ); W_PRECALC_16_31_2(30, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + R( a, b, c, d, e, F1, 15 ); W_PRECALC_16_31_3(31, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); + + /* Transform 16-63 + Precalc 32-79. */ + R( e, a, b, c, d, F1, 16 ); W_PRECALC_32_79_0(32, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( d, e, a, b, c, F1, 17 ); W_PRECALC_32_79_1(33, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( c, d, e, a, b, F1, 18 ); W_PRECALC_32_79_2(34, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( b, c, d, e, a, F1, 19 ); W_PRECALC_32_79_3(35, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( a, b, c, d, e, F2, 20 ); W_PRECALC_32_79_0(36, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( e, a, b, c, d, F2, 21 ); W_PRECALC_32_79_1(37, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( d, e, a, b, c, F2, 22 ); W_PRECALC_32_79_2(38, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( c, d, e, a, b, F2, 23 ); W_PRECALC_32_79_3(39, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( b, c, d, e, a, F2, 24 ); W_PRECALC_32_79_0(40, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( a, b, c, d, e, F2, 25 ); W_PRECALC_32_79_1(41, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( e, a, b, c, d, F2, 26 ); W_PRECALC_32_79_2(42, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( d, e, a, b, c, F2, 27 ); W_PRECALC_32_79_3(43, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( c, d, e, a, b, F2, 28 ); W_PRECALC_32_79_0(44, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( b, c, d, e, a, F2, 29 ); W_PRECALC_32_79_1(45, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( a, b, c, d, e, F2, 30 ); W_PRECALC_32_79_2(46, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( e, a, b, c, d, F2, 31 ); W_PRECALC_32_79_3(47, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( d, e, a, b, c, F2, 32 ); W_PRECALC_32_79_0(48, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( c, d, e, a, b, F2, 33 ); W_PRECALC_32_79_1(49, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( b, c, d, e, a, F2, 34 ); W_PRECALC_32_79_2(50, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( a, b, c, d, e, F2, 35 ); W_PRECALC_32_79_3(51, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); + R( e, a, b, c, d, F2, 36 ); W_PRECALC_32_79_0(52, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( d, e, a, b, c, F2, 37 ); W_PRECALC_32_79_1(53, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( c, d, e, a, b, F2, 38 ); W_PRECALC_32_79_2(54, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( b, c, d, e, a, F2, 39 ); W_PRECALC_32_79_3(55, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); + R( a, b, c, d, e, F3, 40 ); W_PRECALC_32_79_0(56, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( e, a, b, c, d, F3, 41 ); W_PRECALC_32_79_1(57, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( d, e, a, b, c, F3, 42 ); W_PRECALC_32_79_2(58, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( c, d, e, a, b, F3, 43 ); W_PRECALC_32_79_3(59, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); + R( b, c, d, e, a, F3, 44 ); W_PRECALC_32_79_0(60, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( a, b, c, d, e, F3, 45 ); W_PRECALC_32_79_1(61, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( e, a, b, c, d, F3, 46 ); W_PRECALC_32_79_2(62, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( d, e, a, b, c, F3, 47 ); W_PRECALC_32_79_3(63, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); + R( c, d, e, a, b, F3, 48 ); W_PRECALC_32_79_0(64, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( b, c, d, e, a, F3, 49 ); W_PRECALC_32_79_1(65, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( a, b, c, d, e, F3, 50 ); W_PRECALC_32_79_2(66, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( e, a, b, c, d, F3, 51 ); W_PRECALC_32_79_3(67, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); + R( d, e, a, b, c, F3, 52 ); W_PRECALC_32_79_0(68, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( c, d, e, a, b, F3, 53 ); W_PRECALC_32_79_1(69, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( b, c, d, e, a, F3, 54 ); W_PRECALC_32_79_2(70, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( a, b, c, d, e, F3, 55 ); W_PRECALC_32_79_3(71, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); + R( e, a, b, c, d, F3, 56 ); W_PRECALC_32_79_0(72, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( d, e, a, b, c, F3, 57 ); W_PRECALC_32_79_1(73, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( c, d, e, a, b, F3, 58 ); W_PRECALC_32_79_2(74, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( b, c, d, e, a, F3, 59 ); W_PRECALC_32_79_3(75, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); + R( a, b, c, d, e, F4, 60 ); W_PRECALC_32_79_0(76, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( e, a, b, c, d, F4, 61 ); W_PRECALC_32_79_1(77, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( d, e, a, b, c, F4, 62 ); W_PRECALC_32_79_2(78, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + R( c, d, e, a, b, F4, 63 ); W_PRECALC_32_79_3(79, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); + + /* Transform 64-79 + Clear XMM registers. */ + R( b, c, d, e, a, F4, 64 ); CLEAR_REG(BSWAP_REG); + R( a, b, c, d, e, F4, 65 ); CLEAR_REG(Wtmp0); + R( e, a, b, c, d, F4, 66 ); CLEAR_REG(Wtmp1); + R( d, e, a, b, c, F4, 67 ); CLEAR_REG(W0); + R( c, d, e, a, b, F4, 68 ); CLEAR_REG(W1); + R( b, c, d, e, a, F4, 69 ); CLEAR_REG(W2); + R( a, b, c, d, e, F4, 70 ); CLEAR_REG(W3); + R( e, a, b, c, d, F4, 71 ); CLEAR_REG(W4); + R( d, e, a, b, c, F4, 72 ); CLEAR_REG(W5); + R( c, d, e, a, b, F4, 73 ); CLEAR_REG(W6); + R( b, c, d, e, a, F4, 74 ); CLEAR_REG(W7); + R( a, b, c, d, e, F4, 75 ); + R( e, a, b, c, d, F4, 76 ); + R( d, e, a, b, c, F4, 77 ); + R( c, d, e, a, b, F4, 78 ); + R( b, c, d, e, a, F4, 79 ); + + /* Update the chaining variables. */ + addl state_h0(RSTATE), a; + addl state_h1(RSTATE), b; + addl state_h2(RSTATE), c; + addl state_h3(RSTATE), d; + addl state_h4(RSTATE), e; + + movl a, state_h0(RSTATE); + movl b, state_h1(RSTATE); + movl c, state_h2(RSTATE); + movl d, state_h3(RSTATE); + movl e, state_h4(RSTATE); + + movq ROLDSTACK, %rsp; + + popq %rbp; + popq %rbx; + + /* burn_stack */ + movl $(16*4 + 2*8 + 31), %eax; + + ret; + +#endif +#endif diff --git a/cipher/sha1-ssse3-amd64.c b/cipher/sha1-ssse3-amd64.c deleted file mode 100644 index 1342235..0000000 --- a/cipher/sha1-ssse3-amd64.c +++ /dev/null @@ -1,319 +0,0 @@ -/* sha1-ssse3-amd64.c - Intel SSSE3 accelerated SHA-1 transform function - * Copyright ? 2013 Jussi Kivilinna - * - * Based on sha1.c: - * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc. - * - * This file is part of Libgcrypt. - * - * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * Libgcrypt is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see . - */ - -/* - * Intel SSSE3 accelerated SHA-1 implementation based on white paper: - * "Improving the Performance of the Secure Hash Algorithm (SHA-1)" - * http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1 - */ - -#ifdef __x86_64__ -#include - -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA1) - -#ifdef HAVE_STDINT_H -# include /* uintptr_t */ -#elif defined(HAVE_INTTYPES_H) -# include -#else -/* In this case, uintptr_t is provided by config.h. */ -#endif - -#include "bithelp.h" - - -/* Helper macro to force alignment to 16 bytes. */ -#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED -# define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) -#else -# define ATTR_ALIGNED_16 -#endif - - -typedef struct -{ - u32 h0,h1,h2,h3,h4; -} SHA1_STATE; - - -/* Round function macros. */ -#define K1 0x5A827999L -#define K2 0x6ED9EBA1L -#define K3 0x8F1BBCDCL -#define K4 0xCA62C1D6L -#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) -#define F2(x,y,z) ( x ^ y ^ z ) -#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) -#define F4(x,y,z) ( x ^ y ^ z ) -#define R(a,b,c,d,e,f,wk) do { e += rol( a, 5 ) \ - + f( b, c, d ) \ - + wk; \ - b = rol( b, 30 ); \ - } while(0) - -#define WK(i) (wk[i & 15]) - - -static const u32 K_XMM[4][4] ATTR_ALIGNED_16 = - { - { K1, K1, K1, K1 }, - { K2, K2, K2, K2 }, - { K3, K3, K3, K3 }, - { K4, K4, K4, K4 }, - }; -static const u32 bswap_shufb_ctl[4] ATTR_ALIGNED_16 = - { 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f }; - - -/* - * Transform 64 bytes (16 32-bit words) at DATA. - */ -unsigned int -_gcry_sha1_transform_amd64_ssse3 (void *ctx, const unsigned char *data) -{ - SHA1_STATE *state = ctx; - register u32 a, b, c, d, e; /* Local copies of the chaining variables. */ - byte wk_unaligned[4*16+15]; /* The array we work on. */ - u32 *wk = (u32 *)(wk_unaligned - + ((16 - ((uintptr_t)wk_unaligned & 15)) & 15)); - - /* Get the values of the chaining variables. */ - a = state->h0; - b = state->h1; - c = state->h2; - d = state->h3; - e = state->h4; - -#define Wtmp0 "xmm0" -#define Wtmp1 "xmm1" - -#define W0 "xmm2" -#define W1 "xmm3" -#define W2 "xmm4" -#define W3 "xmm5" -#define W4 "xmm6" -#define W5 "xmm7" -#define W6 "xmm8" -#define W7 "xmm9" - -#define BSWAP_REG "xmm10" - - __asm__ volatile ("movdqa %[bswap], %%"BSWAP_REG";\n\t" - :: [bswap] "m" (bswap_shufb_ctl[0])); - -#define W_PRECALC_00_15_0(i, W, tmp0) \ - __asm__ volatile ("movdqu %[data], %%"tmp0";\n\t" \ - ::[data] "m" (*(data+4*(i)))); - -#define W_PRECALC_00_15_1(i, W, tmp0) \ - __asm__ volatile ("pshufb %%"BSWAP_REG", %%"tmp0";\n\t" \ - "movdqa %%"tmp0", %%"W";\n\t" \ - ::: "cc"); - -#define W_PRECALC_00_15_2(i, W, tmp0) \ - __asm__ volatile ("paddd %[k_xmm], %%"tmp0";\n\t" \ - ::[k_xmm] "m" (K_XMM[i / 20][0])); - -#define W_PRECALC_00_15_3(i, W, tmp0) \ - __asm__ volatile ("movdqa %%"tmp0", %[wk];\n\t" \ - :[wk] "=m" (WK(i&~3))); - - /* Precalc 0-15. */ - W_PRECALC_00_15_0(0, W0, Wtmp0); - W_PRECALC_00_15_1(1, W0, Wtmp0); - W_PRECALC_00_15_2(2, W0, Wtmp0); - W_PRECALC_00_15_3(3, W0, Wtmp0); - W_PRECALC_00_15_0(4, W7, Wtmp0); - W_PRECALC_00_15_1(5, W7, Wtmp0); - W_PRECALC_00_15_2(6, W7, Wtmp0); - W_PRECALC_00_15_3(7, W7, Wtmp0); - W_PRECALC_00_15_0(8, W6, Wtmp0); - W_PRECALC_00_15_1(9, W6, Wtmp0); - W_PRECALC_00_15_2(10, W6, Wtmp0); - W_PRECALC_00_15_3(11, W6, Wtmp0); - W_PRECALC_00_15_0(12, W5, Wtmp0); - W_PRECALC_00_15_1(13, W5, Wtmp0); - W_PRECALC_00_15_2(14, W5, Wtmp0); - W_PRECALC_00_15_3(15, W5, Wtmp0); - -#define W_PRECALC_16_31_0(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ - __asm__ volatile ("movdqa %%"W_m12", %%"W";\n\t" \ - "palignr $8, %%"W_m16", %%"W";\n\t" \ - "movdqa %%"W_m04", %%"tmp0";\n\t" \ - "psrldq $4, %%"tmp0";\n\t" \ - "pxor %%"W_m08", %%"W";\n\t" \ - :::"cc"); - -#define W_PRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ - __asm__ volatile ("pxor %%"W_m16", %%"tmp0";\n\t" \ - "pxor %%"tmp0", %%"W";\n\t" \ - "movdqa %%"W", %%"tmp1";\n\t" \ - "movdqa %%"W", %%"tmp0";\n\t" \ - "pslldq $12, %%"tmp1";\n\t" \ - :::"cc"); - -#define W_PRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ - __asm__ volatile ("psrld $31, %%"W";\n\t" \ - "pslld $1, %%"tmp0";\n\t" \ - "por %%"W", %%"tmp0";\n\t" \ - "movdqa %%"tmp1", %%"W";\n\t" \ - "psrld $30, %%"tmp1";\n\t" \ - "pslld $2, %%"W";\n\t" \ - :::"cc"); - -#define W_PRECALC_16_31_3(i, W, W_m04, W_m08, W_m12, W_m16, tmp0, tmp1) \ - __asm__ volatile ("pxor %%"W", %%"tmp0";\n\t" \ - "pxor %%"tmp1", %%"tmp0";\n\t" \ - "movdqa %%"tmp0", %%"W";\n\t" \ - "paddd %[k_xmm], %%"tmp0";\n\t" \ - "movdqa %%"tmp0", %[wk];\n\t" \ - : [wk] "=m" (WK(i&~3)) \ - : [k_xmm] "m" (K_XMM[i / 20][0])); - - /* Transform 0-15 + Precalc 16-31. */ - R( a, b, c, d, e, F1, WK( 0) ); W_PRECALC_16_31_0(16, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); - R( e, a, b, c, d, F1, WK( 1) ); W_PRECALC_16_31_1(17, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); - R( d, e, a, b, c, F1, WK( 2) ); W_PRECALC_16_31_2(18, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); - R( c, d, e, a, b, F1, WK( 3) ); W_PRECALC_16_31_3(19, W4, W5, W6, W7, W0, Wtmp0, Wtmp1); - R( b, c, d, e, a, F1, WK( 4) ); W_PRECALC_16_31_0(20, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); - R( a, b, c, d, e, F1, WK( 5) ); W_PRECALC_16_31_1(21, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); - R( e, a, b, c, d, F1, WK( 6) ); W_PRECALC_16_31_2(22, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); - R( d, e, a, b, c, F1, WK( 7) ); W_PRECALC_16_31_3(23, W3, W4, W5, W6, W7, Wtmp0, Wtmp1); - R( c, d, e, a, b, F1, WK( 8) ); W_PRECALC_16_31_0(24, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); - R( b, c, d, e, a, F1, WK( 9) ); W_PRECALC_16_31_1(25, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); - R( a, b, c, d, e, F1, WK(10) ); W_PRECALC_16_31_2(26, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); - R( e, a, b, c, d, F1, WK(11) ); W_PRECALC_16_31_3(27, W2, W3, W4, W5, W6, Wtmp0, Wtmp1); - R( d, e, a, b, c, F1, WK(12) ); W_PRECALC_16_31_0(28, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); - R( c, d, e, a, b, F1, WK(13) ); W_PRECALC_16_31_1(29, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); - R( b, c, d, e, a, F1, WK(14) ); W_PRECALC_16_31_2(30, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); - R( a, b, c, d, e, F1, WK(15) ); W_PRECALC_16_31_3(31, W1, W2, W3, W4, W5, Wtmp0, Wtmp1); - -#define W_PRECALC_32_79_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ - __asm__ volatile ("movdqa %%"W_m04", %%"tmp0";\n\t" \ - "pxor %%"W_m28", %%"W";\n\t" \ - "palignr $8, %%"W_m08", %%"tmp0";\n\t" \ - :::"cc"); - -#define W_PRECALC_32_79_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ - __asm__ volatile ("pxor %%"W_m16", %%"W";\n\t" \ - "pxor %%"tmp0", %%"W";\n\t" \ - "movdqa %%"W", %%"tmp0";\n\t" \ - :::"cc"); - -#define W_PRECALC_32_79_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ - __asm__ volatile ("psrld $30, %%"W";\n\t" \ - "pslld $2, %%"tmp0";\n\t" \ - "por %%"W", %%"tmp0";\n\t" \ - :::"cc"); - -#define W_PRECALC_32_79_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28, tmp0) \ - __asm__ volatile ("movdqa %%"tmp0", %%"W";\n\t" \ - "paddd %[k_xmm], %%"tmp0";\n\t" \ - "movdqa %%"tmp0", %[wk];\n\t" \ - : [wk] "=m" (WK(i&~3)) \ - : [k_xmm] "m" (K_XMM[i / 20][0])); - - /* Transform 16-63 + Precalc 32-79. */ - R( e, a, b, c, d, F1, WK(16) ); W_PRECALC_32_79_0(32, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( d, e, a, b, c, F1, WK(17) ); W_PRECALC_32_79_1(33, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( c, d, e, a, b, F1, WK(18) ); W_PRECALC_32_79_2(34, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( b, c, d, e, a, F1, WK(19) ); W_PRECALC_32_79_3(35, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( a, b, c, d, e, F2, WK(20) ); W_PRECALC_32_79_0(36, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( e, a, b, c, d, F2, WK(21) ); W_PRECALC_32_79_1(37, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( d, e, a, b, c, F2, WK(22) ); W_PRECALC_32_79_2(38, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( c, d, e, a, b, F2, WK(23) ); W_PRECALC_32_79_3(39, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( b, c, d, e, a, F2, WK(24) ); W_PRECALC_32_79_0(40, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( a, b, c, d, e, F2, WK(25) ); W_PRECALC_32_79_1(41, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( e, a, b, c, d, F2, WK(26) ); W_PRECALC_32_79_2(42, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( d, e, a, b, c, F2, WK(27) ); W_PRECALC_32_79_3(43, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( c, d, e, a, b, F2, WK(28) ); W_PRECALC_32_79_0(44, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( b, c, d, e, a, F2, WK(29) ); W_PRECALC_32_79_1(45, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( a, b, c, d, e, F2, WK(30) ); W_PRECALC_32_79_2(46, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( e, a, b, c, d, F2, WK(31) ); W_PRECALC_32_79_3(47, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( d, e, a, b, c, F2, WK(32) ); W_PRECALC_32_79_0(48, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); - R( c, d, e, a, b, F2, WK(33) ); W_PRECALC_32_79_1(49, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); - R( b, c, d, e, a, F2, WK(34) ); W_PRECALC_32_79_2(50, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); - R( a, b, c, d, e, F2, WK(35) ); W_PRECALC_32_79_3(51, W4, W5, W6, W7, W0, W1, W2, W3, Wtmp0); - R( e, a, b, c, d, F2, WK(36) ); W_PRECALC_32_79_0(52, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); - R( d, e, a, b, c, F2, WK(37) ); W_PRECALC_32_79_1(53, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); - R( c, d, e, a, b, F2, WK(38) ); W_PRECALC_32_79_2(54, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); - R( b, c, d, e, a, F2, WK(39) ); W_PRECALC_32_79_3(55, W3, W4, W5, W6, W7, W0, W1, W2, Wtmp0); - R( a, b, c, d, e, F3, WK(40) ); W_PRECALC_32_79_0(56, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); - R( e, a, b, c, d, F3, WK(41) ); W_PRECALC_32_79_1(57, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); - R( d, e, a, b, c, F3, WK(42) ); W_PRECALC_32_79_2(58, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); - R( c, d, e, a, b, F3, WK(43) ); W_PRECALC_32_79_3(59, W2, W3, W4, W5, W6, W7, W0, W1, Wtmp0); - R( b, c, d, e, a, F3, WK(44) ); W_PRECALC_32_79_0(60, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); - R( a, b, c, d, e, F3, WK(45) ); W_PRECALC_32_79_1(61, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); - R( e, a, b, c, d, F3, WK(46) ); W_PRECALC_32_79_2(62, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); - R( d, e, a, b, c, F3, WK(47) ); W_PRECALC_32_79_3(63, W1, W2, W3, W4, W5, W6, W7, W0, Wtmp0); - R( c, d, e, a, b, F3, WK(48) ); W_PRECALC_32_79_0(64, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( b, c, d, e, a, F3, WK(49) ); W_PRECALC_32_79_1(65, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( a, b, c, d, e, F3, WK(50) ); W_PRECALC_32_79_2(66, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( e, a, b, c, d, F3, WK(51) ); W_PRECALC_32_79_3(67, W0, W1, W2, W3, W4, W5, W6, W7, Wtmp0); - R( d, e, a, b, c, F3, WK(52) ); W_PRECALC_32_79_0(68, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( c, d, e, a, b, F3, WK(53) ); W_PRECALC_32_79_1(69, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( b, c, d, e, a, F3, WK(54) ); W_PRECALC_32_79_2(70, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( a, b, c, d, e, F3, WK(55) ); W_PRECALC_32_79_3(71, W7, W0, W1, W2, W3, W4, W5, W6, Wtmp0); - R( e, a, b, c, d, F3, WK(56) ); W_PRECALC_32_79_0(72, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( d, e, a, b, c, F3, WK(57) ); W_PRECALC_32_79_1(73, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( c, d, e, a, b, F3, WK(58) ); W_PRECALC_32_79_2(74, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( b, c, d, e, a, F3, WK(59) ); W_PRECALC_32_79_3(75, W6, W7, W0, W1, W2, W3, W4, W5, Wtmp0); - R( a, b, c, d, e, F4, WK(60) ); W_PRECALC_32_79_0(76, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( e, a, b, c, d, F4, WK(61) ); W_PRECALC_32_79_1(77, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( d, e, a, b, c, F4, WK(62) ); W_PRECALC_32_79_2(78, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - R( c, d, e, a, b, F4, WK(63) ); W_PRECALC_32_79_3(79, W5, W6, W7, W0, W1, W2, W3, W4, Wtmp0); - -#define CLEAR_REG(reg) __asm__ volatile ("pxor %%"reg", %%"reg";\n\t":::"cc"); - - /* Transform 64-79 + Clear XMM registers. */ - R( b, c, d, e, a, F4, WK(64) ); CLEAR_REG(BSWAP_REG); - R( a, b, c, d, e, F4, WK(65) ); CLEAR_REG(Wtmp0); - R( e, a, b, c, d, F4, WK(66) ); CLEAR_REG(Wtmp1); - R( d, e, a, b, c, F4, WK(67) ); CLEAR_REG(W0); - R( c, d, e, a, b, F4, WK(68) ); CLEAR_REG(W1); - R( b, c, d, e, a, F4, WK(69) ); CLEAR_REG(W2); - R( a, b, c, d, e, F4, WK(70) ); CLEAR_REG(W3); - R( e, a, b, c, d, F4, WK(71) ); CLEAR_REG(W4); - R( d, e, a, b, c, F4, WK(72) ); CLEAR_REG(W5); - R( c, d, e, a, b, F4, WK(73) ); CLEAR_REG(W6); - R( b, c, d, e, a, F4, WK(74) ); CLEAR_REG(W7); - R( a, b, c, d, e, F4, WK(75) ); - R( e, a, b, c, d, F4, WK(76) ); - R( d, e, a, b, c, F4, WK(77) ); - R( c, d, e, a, b, F4, WK(78) ); - R( b, c, d, e, a, F4, WK(79) ); - - /* Update the chaining variables. */ - state->h0 += a; - state->h1 += b; - state->h2 += c; - state->h3 += d; - state->h4 += e; - - return /* burn_stack */ 84+15; -} - -#endif -#endif ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 2 +- cipher/sha1-ssse3-amd64.S | 378 +++++++++++++++++++++++++++++++++++++++++++++ cipher/sha1-ssse3-amd64.c | 319 -------------------------------------- 3 files changed, 379 insertions(+), 320 deletions(-) create mode 100644 cipher/sha1-ssse3-amd64.S delete mode 100644 cipher/sha1-ssse3-amd64.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Dec 14 00:16:38 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sat, 14 Dec 2013 00:16:38 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-442-gc86c355 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9 (commit) from d2b853246c2ed056a92096d89c3ca057e45c9c92 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9 Author: Jussi Kivilinna Date: Sat Dec 14 01:11:32 2013 +0200 SHA-1/SSSE3: Do not check for Intel syntax assembly support * cipher/sha1-ssse3-amd64.S: Remove check for HAVE_INTEL_SYNTAX_PLATFORM_AS. * cipher/sha1.c [USE_SSSE3]: Ditto. -- SHA-1 SSSE3 implementation uses AT&T syntax so check for HAVE_INTEL_SYNTAX_PLATFORM_AS is unnecessary. Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha1-ssse3-amd64.S b/cipher/sha1-ssse3-amd64.S index 5165f3f..cf8c079 100644 --- a/cipher/sha1-ssse3-amd64.S +++ b/cipher/sha1-ssse3-amd64.S @@ -30,7 +30,6 @@ #include #if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA1) #ifdef __PIC__ diff --git a/cipher/sha1.c b/cipher/sha1.c index af57b19..18b6daa 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -46,8 +46,7 @@ /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ #undef USE_SSSE3 #if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) + defined(HAVE_GCC_INLINE_ASM_SSSE3) # define USE_SSSE3 1 #endif ----------------------------------------------------------------------- Summary of changes: cipher/sha1-ssse3-amd64.S | 1 - cipher/sha1.c | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Dec 14 10:35:06 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sat, 14 Dec 2013 10:35:06 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-443-gffd9b2a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995 (commit) from c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995 Author: Jussi Kivilinna Date: Sat Dec 14 11:23:03 2013 +0200 Minor fixes to SHA assembly implementations * cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'. * cipher/sha1-ssse3-amd64.S: First line, correct filename. * cipher/sha256-ssse3-amd64.S: Return correct stack burn depth. * cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers. * cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn depth. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 7d737e2..a1718c5 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -78,8 +78,9 @@ scrypt.c \ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ sha1.c sha1-ssse3-amd64.S \ -sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ -sha512.c sha512-ssse3-amd64.S sha512-armv7-neon.S \ +sha256.c sha256-ssse3-amd64.S \ +sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ + sha512-armv7-neon.S \ stribog.c \ tiger.c \ whirlpool.c \ diff --git a/cipher/sha1-ssse3-amd64.S b/cipher/sha1-ssse3-amd64.S index cf8c079..5e5716b 100644 --- a/cipher/sha1-ssse3-amd64.S +++ b/cipher/sha1-ssse3-amd64.S @@ -1,4 +1,4 @@ -/* sha1-ssse3-amd64.c - Intel SSSE3 accelerated SHA-1 transform function +/* sha1-ssse3-amd64.S - Intel SSSE3 accelerated SHA-1 transform function * Copyright ? 2013 Jussi Kivilinna * * Based on sha1.c: diff --git a/cipher/sha256-ssse3-amd64.S b/cipher/sha256-ssse3-amd64.S index bcf0e19..9b27f8f 100644 --- a/cipher/sha256-ssse3-amd64.S +++ b/cipher/sha256-ssse3-amd64.S @@ -504,7 +504,7 @@ _gcry_sha256_transform_amd64_ssse3: pop rbp pop rbx - mov rax, STACK_SIZE + mov eax, STACK_SIZE + 5*8 ret diff --git a/cipher/sha512-avx-amd64.S b/cipher/sha512-avx-amd64.S index 900936e..3449b87 100644 --- a/cipher/sha512-avx-amd64.S +++ b/cipher/sha512-avx-amd64.S @@ -348,17 +348,7 @@ _gcry_sha512_transform_amd64_avx: /* Restore Stack Pointer */ add rsp, frame_size - vzeroupper - pxor xmm0, xmm0 - pxor xmm1, xmm1 - pxor xmm2, xmm2 - pxor xmm3, xmm3 - pxor xmm4, xmm4 - pxor xmm5, xmm5 - pxor xmm6, xmm6 - pxor xmm7, xmm7 - pxor xmm8, xmm8 - pxor xmm9, xmm9 + vzeroall /* Return stack burn depth */ mov rax, frame_size diff --git a/cipher/sha512-avx2-bmi2-amd64.S b/cipher/sha512-avx2-bmi2-amd64.S index 9ece4fd..d6301f3 100644 --- a/cipher/sha512-avx2-bmi2-amd64.S +++ b/cipher/sha512-avx2-bmi2-amd64.S @@ -719,19 +719,9 @@ _gcry_sha512_transform_amd64_avx2: /* Restore Stack Pointer */ mov rsp, [rsp + frame_RSPSAVE] - vzeroupper - pxor xmm0, xmm0 - pxor xmm1, xmm1 - pxor xmm2, xmm2 - pxor xmm3, xmm3 - pxor xmm4, xmm4 - pxor xmm5, xmm5 - pxor xmm6, xmm6 - pxor xmm7, xmm7 - pxor xmm8, xmm8 - pxor xmm9, xmm9 - - mov rax, frame_size + vzeroall + + mov eax, frame_size + 31 .Lnowork: ret ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 5 +++-- cipher/sha1-ssse3-amd64.S | 2 +- cipher/sha256-ssse3-amd64.S | 2 +- cipher/sha512-avx-amd64.S | 12 +----------- cipher/sha512-avx2-bmi2-amd64.S | 16 +++------------- 5 files changed, 9 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Dec 14 18:24:50 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Sat, 14 Dec 2013 18:24:50 +0100 Subject: [git] gnupg-doc - branch, master, updated. 71919c11c84c27513983a8fa77f052ec0bce3d5b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 71919c11c84c27513983a8fa77f052ec0bce3d5b (commit) from 881990dd1457372a1e5334e5df340f2e5858889d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 71919c11c84c27513983a8fa77f052ec0bce3d5b Author: Sam Tuke Date: Sat Dec 14 18:24:38 2013 +0100 Added separate copies of pages for each blog diff --git a/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html b/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html new file mode 100644 index 0000000..d090fc7 --- /dev/null +++ b/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html @@ -0,0 +1,212 @@ + + + + + + Blog - Gnu Privacy Guard + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ +
+

Friends tell friends they love GnuPG

+ +
Posted 13th November 2013 by Sam Tuke
+ +
+ +

GnuPG can run almost anywhere

+
+ +

Email encryption is one of those pleasures that can't be enjoyed + alone. Sending yourself messages secured with 4096-bit RSA is great + for proof of concept, but meaningful communication requires two + parties. GnuPG requires both those parties to have their own + keys.

+ +

Less than 1% of all email + traffic is PGP encrypted, meaning that those of us who do make our + messages private routinely find ourselves in the frustrating + predicament of having to share our thoughts insecurely, even though + we know they're being intercepted, even though this is easily + avoidable, and even though we've already taken steps to do so. All + because our friends and colleagues don't know the + benefits of GnuPG.

+ +

Windows, Gnu/Linux, Mac, and Android all have point and click + GnuPG interfaces - at this point, all bases except iPhone are more + or less covered. That means the reason your contacts aren't OpenPGP + ready is not technical. And because GnuPG is Free + Software (and free of charge), it can't be about price.

+ +

A recommendation from you is the most effective way you can + increase the number of GnuPG users, and consequently increase the + percentage of the messages you send that are meaningfully + encrypted. That's why we're asking people in our community to think + of pithy explanations of why GnuPG is important and how it enables + them.

+ +

We've already got quotes from some big names like Bruce Schneier, + Jacob Appelbaum, and Richard Stallman. But the chances are + that your name carries more weight among your + peers. Please use it to share your appreciation for GnuPG!

+ +

If you use social networks, you can + use #iloveGPG to connect your messages to other + people's, and make is easier for us to find and repeat them.

+ +

Look out for weekly quotes posted from the + GnuPG Twitter + and Diaspora + accounts if you need inspiration. Let's fill up + the keyservers + with fresh keys from new users!

+ +
+ 		 
  
 
+
  +
+ + + + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ +
+
+ + + + + + \ No newline at end of file diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index d426712..b1d6b57 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -72,7 +72,7 @@

Blogs

-

Preparing for launch

+

Preparing for launch
Posted 13th December 2013 by Sam Tuke
@@ -150,8 +150,8 @@
-

Friends tell friends they love GnuPG

+

Friends tell friends they love GnuPG
Posted 13th November 2013 by Sam Tuke
@@ -209,8 +209,8 @@
-

Securing the future of GPG

+

Securing the future of GPG
Posted 5th November 2013 by Sam Tuke

If you've noticed some changes around here, there's a good reason @@ -280,7 +280,7 @@

-

New blog, first post

+

New blog, first post
Posted 30th October 2013 by Sam Tuke
diff --git a/misc/blog.gnupg.org/new-blog-first-post.html b/misc/blog.gnupg.org/new-blog-first-post.html new file mode 100644 index 0000000..476781d --- /dev/null +++ b/misc/blog.gnupg.org/new-blog-first-post.html @@ -0,0 +1,182 @@ + + + + + + Blog - Gnu Privacy Guard + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ +
+

New blog, first post

+ +
Posted 30th October 2013 by Sam Tuke
+ +

Welcome to Gnu Privacy Guard's new blog! We're planning some + major changes to gnupg.org and how the project communicates in + general. I'm Sam, and I'll be writing updates here as our work + progresses. In future this blog will be replaced with a more + beautiful and featureful alternative, but bear with us as we get + from here to there.

+ +

For more timely updates you can follow our Twitter + accounts: @GnuPrivacyGuard + and @GnuPG. + That's right, we have two! But I'm going to combine them shortly so + it's easier to keep track [UPDATE: accounts now merged! + Stick with @GnuPG].

+ +

For more information, see + our press + contact page hosted on Totem. That's all for now.

+ +
+ 		 
  
 
+
  +
+ + + + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ +
+
+ + + + + + \ No newline at end of file diff --git a/misc/blog.gnupg.org/preparing-for-launch.html b/misc/blog.gnupg.org/preparing-for-launch.html new file mode 100644 index 0000000..64963bd --- /dev/null +++ b/misc/blog.gnupg.org/preparing-for-launch.html @@ -0,0 +1,229 @@ + + + + + + Blog - Gnu Privacy Guard + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ +
+

Preparing for launch

+ +
Posted 13th December 2013 by Sam Tuke
+ +

Mid December, giving season, and nearly time for the GnuPG + Crowdfunding to commence. We've been working hard on + preparations. Drafts of the new mobile website design have been + published and met positive feedback, and a community-contibuted + promo video was posted on YouTube. GnuPG coverage on Twitter + continues to grow with many articles + (The + Guardian, Kaspersky + Labs, The + EFF, Lifehacker, + ...) and 252 new followers in 6 weeks.

+ +
+ +
+ +
+ + + +

New mobile site draft

+
+ +

Last Friday I announced the crowdfunding to a crowded audience at + Berlin event + "Whatever + happened to privacy", and Markus Beckedahl + (Netzpolitik) + and Jacob + Appelbaum (Tor Project and Wikileaks) amplified the importance + of supporting the project. Hugo Roy (FSFE) gave a talk on Wednesday + about the campaign at the Paris + 'Hackadon' - a new conference for + Free Software giving, organised by three + crowdfunding + organisations. His slides are online in the + GPG presentations + repository.

+ +

Hopefully the crowdfunding page on Goteo (a Free Software + Kickstarter) will be ready for launch next week. Email me if you can + help with translating the press release - we're aiming for at least + three languages. And don't forget you can still sign up for email + updates (form below). Thanks for all your support so far!

+ + + + + +
+
+ + +
+
+ 		 
  
 
+
  +
+ + + + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ +
+
+ + + + + + \ No newline at end of file diff --git a/misc/blog.gnupg.org/securing-the-future-of-gnupg.html b/misc/blog.gnupg.org/securing-the-future-of-gnupg.html new file mode 100644 index 0000000..879bc07 --- /dev/null +++ b/misc/blog.gnupg.org/securing-the-future-of-gnupg.html @@ -0,0 +1,224 @@ + + + + + + Blog - Gnu Privacy Guard + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ +
+

Securing the future of GPG

+
Posted 5th November 2013 by Sam Tuke
+ +

If you've noticed some changes around here, there's a good reason + why. We have a plan for securing the long term stability of GnuPG + development by giving more to our users, and asking more from them + in return.

+ +

You already know that GnuPG is important, and as months of fresh + government spying revelations go by, it's becoming obvious that + GnuPG is one of the very few tools that can still be trusted to keep + our data safe from the overwhelming efforts of international law + enforcement. But developing GnuPG takes work - regular monitoring + for newfound threats and exploits, and new features to keep it sharp + with the latest encryption algorithms. We also need to reach out to + the millions of potential GnuPG users who are asking themselves how + they can make their email secure. Public-private key cryptography + hasn't yet gained mainstream acceptance, but it could if it were + just a little more appealing and accessible.

+ +

To maintain progress within the project we need to make it easier + for GnuPG users to support the work that we do. Ours is an app that + is often hidden from view, relied upon daily by hundreds of + thousands of people, often in life-threatening circumstances, yet + low profile and rarely supported by publicity or donations.

+ +

To change that we're going to launch a new + website with a fresh design, more friendly and accessible + information, and new resources to grow and strengthen our user + group. The new site will also allow the project to accept and manage + new forms of financial support, including automatic subscriptions to + sustain development long term.

+ +

Designing, building and populating the new site will take a few + months, and in order to cover the costs there will be + a crowd-funding campaign with a modest target, in + early December. We have some rewards up our sleeves for those who + donate.

+ +

When that time comes, we'll need your help - + telling your contacts, forwarding the announcement to your + communities, and contributing financially if you can.

+ +

You can subscribe to updates about the campaign using this + form. This is separate to other GnuPG mailing lists - update will be + sent here, and only here.

+ + + + + +
+
+ + +
+ +
+ 		 
  
 
+
  +
+ + + + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ +
+
+ + + + + + \ No newline at end of file ----------------------------------------------------------------------- Summary of changes: .../friends-tell-friends-they-love-gnupg.html | 212 ++++++++++++++++++ misc/blog.gnupg.org/index.html | 12 +- misc/blog.gnupg.org/new-blog-first-post.html | 182 ++++++++++++++++ misc/blog.gnupg.org/preparing-for-launch.html | 229 ++++++++++++++++++++ .../securing-the-future-of-gnupg.html | 224 +++++++++++++++++++ 5 files changed, 853 insertions(+), 6 deletions(-) create mode 100644 misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html create mode 100644 misc/blog.gnupg.org/new-blog-first-post.html create mode 100644 misc/blog.gnupg.org/preparing-for-launch.html create mode 100644 misc/blog.gnupg.org/securing-the-future-of-gnupg.html hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Dec 14 21:44:36 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 14 Dec 2013 21:44:36 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-444-gbfb43a1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via bfb43a17d8db571fca4ed433ee8be5c366745844 (commit) from ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfb43a17d8db571fca4ed433ee8be5c366745844 Author: Werner Koch Date: Sat Dec 14 21:40:36 2013 +0100 tests: Prevent rare failure of gcry_pk_decrypt test. * tests/basic.c (check_pubkey_crypt): Add special mode 1. (main): Add option --loop. -- This failure has been reported by Jussi Kivilinna. The new loop option was needed to track that down. It took me up to 100 iterations to trigger the bug. With the fix applied I am currently at 1000 iteration with no problems. Command line to evoke the problem was: ./basic --pubkey --verbose --loop -1 --die Signed-off-by: Werner Koch diff --git a/tests/basic.c b/tests/basic.c index 789297f..6ffc3f5 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5302,6 +5302,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) int unpadded; int encrypt_expected_rc; int decrypt_expected_rc; + int special; } datas[] = { { GCRY_PK_RSA, @@ -5385,14 +5386,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) "(flags oaep)", 1, 0, - GPG_ERR_ENCODING_PROBLEM }, + GPG_ERR_ENCODING_PROBLEM, 1 }, { GCRY_PK_RSA, "(data\n (flags oaep)\n" " (value #11223344556677889900AA#))\n", "(flags pkcs1)", 1, 0, - GPG_ERR_ENCODING_PROBLEM }, + GPG_ERR_ENCODING_PROBLEM, 1 }, { 0, "(data\n (flags pss)\n" " (value #11223344556677889900AA#))\n", @@ -5424,6 +5425,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) if (!rc) { + int expect_mismatch = 0; + /* Insert decoding hint to CIPH. */ if (datas[dataidx].hint) { @@ -5460,7 +5463,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) ciph = list; } rc = gcry_pk_decrypt (&plain, ciph, skey); - if (gcry_err_code (rc) != datas[dataidx].decrypt_expected_rc) + if (!rc && datas[dataidx].special == 1) + { + /* It may happen that OAEP formatted data which is + decrypted as pkcs#1 data returns a valid pkcs#1 + frame. However, the returned value will not be + identical - thus we expect a mismatch and test further on + whether this mismatch actually happened. */ + expect_mismatch = 1; + } + else if (gcry_err_code (rc) != datas[dataidx].decrypt_expected_rc) { if (verbose) { @@ -5488,8 +5500,19 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) s1 = gcry_sexp_nth_data (p1, 1, &n1); s2 = gcry_sexp_nth_data (p2, 1, &n2); if (n1 != n2 || memcmp (s1, s2, n1)) - fail ("gcry_pk_encrypt/gcry_pk_decrypt do not roundtrip\n"); + { + if (expect_mismatch) + expect_mismatch = 0; + else + fail ("gcry_pk_encrypt/gcry_pk_decrypt " + "do not roundtrip\n"); + } } + + if (expect_mismatch) + fail ("gcry_pk_encrypt/gcry_pk_decrypt " + "expected mismatch did not happen\n"); + gcry_sexp_release (p1); gcry_sexp_release (p2); } @@ -5925,6 +5948,8 @@ main (int argc, char **argv) int use_fips = 0; int selftest_only = 0; int pubkey_only = 0; + int loop = 0; + unsigned int loopcount = 0; if (argc) { argc--; argv++; } @@ -5961,7 +5986,6 @@ main (int argc, char **argv) else if (!strcmp (*argv, "--pubkey")) { pubkey_only = 1; - verbose += 2; argc--; argv++; } else if (!strcmp (*argv, "--die")) @@ -5969,6 +5993,15 @@ main (int argc, char **argv) die_on_error = 1; argc--; argv++; } + else if (!strcmp (*argv, "--loop")) + { + argc--; argv++; + if (argc) + { + loop = atoi (*argv); + argc--; argv++; + } + } } gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); @@ -5996,19 +6029,29 @@ main (int argc, char **argv) /* No valuable keys are create, so we can speed up our RNG. */ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - if (pubkey_only) - check_pubkey (); - else if (!selftest_only) + do { - check_ciphers (); - check_cipher_modes (); - check_bulk_cipher_modes (); - check_digests (); - check_hmac (); - check_mac (); - check_pubkey (); + if (pubkey_only) + check_pubkey (); + else if (!selftest_only) + { + check_ciphers (); + check_cipher_modes (); + check_bulk_cipher_modes (); + check_digests (); + check_hmac (); + check_mac (); + check_pubkey (); + } + loopcount++; + if (loop) + { + fprintf (stderr, "Test iteration %u completed.\n", loopcount); + if (loop != -1) + loop--; + } } - + while (loop); if (in_fips_mode && !selftest_only) { ----------------------------------------------------------------------- Summary of changes: tests/basic.c | 75 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 15 14:07:32 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 15 Dec 2013 14:07:32 +0100 Subject: [git] gnupg-doc - branch, master, updated. b647c067c6622cfde23a2a53718faefdb9f4a5fe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via b647c067c6622cfde23a2a53718faefdb9f4a5fe (commit) from 71919c11c84c27513983a8fa77f052ec0bce3d5b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b647c067c6622cfde23a2a53718faefdb9f4a5fe Author: Werner Koch Date: Sun Dec 15 14:05:52 2013 +0100 Use date prefixed names for blog items. Also add symlinks for already existing items. Changed upload script to also copy links. The reason we prefix the blog entries is for easier maintenace and rebuilding of the index page. diff --git a/misc/blog.gnupg.org/new-blog-first-post.html b/misc/blog.gnupg.org/20131030-new-blog-first-post.html similarity index 100% copy from misc/blog.gnupg.org/new-blog-first-post.html copy to misc/blog.gnupg.org/20131030-new-blog-first-post.html diff --git a/misc/blog.gnupg.org/securing-the-future-of-gnupg.html b/misc/blog.gnupg.org/20131105-securing-the-future-of-gnupg.html similarity index 100% copy from misc/blog.gnupg.org/securing-the-future-of-gnupg.html copy to misc/blog.gnupg.org/20131105-securing-the-future-of-gnupg.html diff --git a/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html b/misc/blog.gnupg.org/20131113-friends-tell-friends-they-love-gnupg.html similarity index 100% copy from misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html copy to misc/blog.gnupg.org/20131113-friends-tell-friends-they-love-gnupg.html diff --git a/misc/blog.gnupg.org/preparing-for-launch.html b/misc/blog.gnupg.org/20131213-preparing-for-launch.html similarity index 100% copy from misc/blog.gnupg.org/preparing-for-launch.html copy to misc/blog.gnupg.org/20131213-preparing-for-launch.html diff --git a/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html b/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html deleted file mode 100644 index d090fc7..0000000 --- a/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html +++ /dev/null @@ -1,212 +0,0 @@ - - - - - - Blog - Gnu Privacy Guard - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
  - [GnuPG Logo]  
· English ·     
-
- - - - - - - - - - - - - - - -
Links - -  
  
 
- 		- - - - - - - - - - - - - - - -
- -
-

Friends tell friends they love GnuPG

- -
Posted 13th November 2013 by Sam Tuke
- -
- -

GnuPG can run almost anywhere

-
- -

Email encryption is one of those pleasures that can't be enjoyed - alone. Sending yourself messages secured with 4096-bit RSA is great - for proof of concept, but meaningful communication requires two - parties. GnuPG requires both those parties to have their own - keys.

- -

Less than 1% of all email - traffic is PGP encrypted, meaning that those of us who do make our - messages private routinely find ourselves in the frustrating - predicament of having to share our thoughts insecurely, even though - we know they're being intercepted, even though this is easily - avoidable, and even though we've already taken steps to do so. All - because our friends and colleagues don't know the - benefits of GnuPG.

- -

Windows, Gnu/Linux, Mac, and Android all have point and click - GnuPG interfaces - at this point, all bases except iPhone are more - or less covered. That means the reason your contacts aren't OpenPGP - ready is not technical. And because GnuPG is Free - Software (and free of charge), it can't be about price.

- -

A recommendation from you is the most effective way you can - increase the number of GnuPG users, and consequently increase the - percentage of the messages you send that are meaningfully - encrypted. That's why we're asking people in our community to think - of pithy explanations of why GnuPG is important and how it enables - them.

- -

We've already got quotes from some big names like Bruce Schneier, - Jacob Appelbaum, and Richard Stallman. But the chances are - that your name carries more weight among your - peers. Please use it to share your appreciation for GnuPG!

- -

If you use social networks, you can - use #iloveGPG to connect your messages to other - people's, and make is easier for us to find and repeat them.

- -

Look out for weekly quotes posted from the - GnuPG Twitter - and Diaspora - accounts if you need inspiration. Let's fill up - the keyservers - with fresh keys from new users!

- -
- 		 
  
 
-
  -
- - - - - - - - - - - - - - -
 Technical resources for this
- service are sponsered by		 
  - OpenIT -  
-
-

- - Valid XHTML 1.0! -     - - Digital Respect for the Masses -     - - Peace! -     - - Valid CSS! -

- -
-
- - - - - - \ No newline at end of file diff --git a/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html b/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html new file mode 120000 index 0000000..a61d858 --- /dev/null +++ b/misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html @@ -0,0 +1 @@ +20131113-friends-tell-friends-they-love-gnupg.html \ No newline at end of file diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index b1d6b57..415780c 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -72,7 +72,8 @@

Blogs

-

Preparing for launch

 +

Preparing for launch
Posted 13th December 2013 by Sam Tuke
@@ -150,8 +151,9 @@
-

Friends tell friends they love GnuPG

 +

Friends tell friends they love GnuPG
Posted 13th November 2013 by Sam Tuke
@@ -209,8 +211,9 @@
-

Securing the future of GPG

 +

Securing the future of GPG
Posted 5th November 2013 by Sam Tuke

If you've noticed some changes around here, there's a good reason @@ -280,8 +283,8 @@

-

New blog, first post

 - +

New blog, first post
Posted 30th October 2013 by Sam Tuke

Welcome to Gnu Privacy Guard's new blog! We're planning some diff --git a/misc/blog.gnupg.org/new-blog-first-post.html b/misc/blog.gnupg.org/new-blog-first-post.html deleted file mode 100644 index 476781d..0000000 --- a/misc/blog.gnupg.org/new-blog-first-post.html +++ /dev/null @@ -1,182 +0,0 @@ - - - - - - Blog - Gnu Privacy Guard - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
  - [GnuPG Logo]  
· English ·     
-
- - - - - - - - - - - - - - - -
Links - -  
  
 
- 		- - - - - - - - - - - - - - - -
- -
-

New blog, first post

- -
Posted 30th October 2013 by Sam Tuke
- -

Welcome to Gnu Privacy Guard's new blog! We're planning some - major changes to gnupg.org and how the project communicates in - general. I'm Sam, and I'll be writing updates here as our work - progresses. In future this blog will be replaced with a more - beautiful and featureful alternative, but bear with us as we get - from here to there.

- -

For more timely updates you can follow our Twitter - accounts: @GnuPrivacyGuard - and @GnuPG. - That's right, we have two! But I'm going to combine them shortly so - it's easier to keep track [UPDATE: accounts now merged! - Stick with @GnuPG].

- -

For more information, see - our press - contact page hosted on Totem. That's all for now.

- -
- 		 
  
 
-
  -
- - - - - - - - - - - - - - -
 Technical resources for this
- service are sponsered by		 
  - OpenIT -  
-
-

- - Valid XHTML 1.0! -     - - Digital Respect for the Masses -     - - Peace! -     - - Valid CSS! -

- -
-
- - - - - - \ No newline at end of file diff --git a/misc/blog.gnupg.org/new-blog-first-post.html b/misc/blog.gnupg.org/new-blog-first-post.html new file mode 120000 index 0000000..735ffd7 --- /dev/null +++ b/misc/blog.gnupg.org/new-blog-first-post.html @@ -0,0 +1 @@ +20131030-new-blog-first-post.html \ No newline at end of file diff --git a/misc/blog.gnupg.org/preparing-for-launch.html b/misc/blog.gnupg.org/preparing-for-launch.html deleted file mode 100644 index 64963bd..0000000 --- a/misc/blog.gnupg.org/preparing-for-launch.html +++ /dev/null @@ -1,229 +0,0 @@ - - - - - - Blog - Gnu Privacy Guard - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
  - [GnuPG Logo]  
· English ·     
-
- - - - - - - - - - - - - - - -
Links - -  
  
 
- 		- - - - - - - - - - - - - - - -
- -
-

Preparing for launch

- -
Posted 13th December 2013 by Sam Tuke
- -

Mid December, giving season, and nearly time for the GnuPG - Crowdfunding to commence. We've been working hard on - preparations. Drafts of the new mobile website design have been - published and met positive feedback, and a community-contibuted - promo video was posted on YouTube. GnuPG coverage on Twitter - continues to grow with many articles - (The - Guardian, Kaspersky - Labs, The - EFF, Lifehacker, - ...) and 252 new followers in 6 weeks.

- -
- -
- -
- - - -

New mobile site draft

-
- -

Last Friday I announced the crowdfunding to a crowded audience at - Berlin event - "Whatever - happened to privacy", and Markus Beckedahl - (Netzpolitik) - and Jacob - Appelbaum (Tor Project and Wikileaks) amplified the importance - of supporting the project. Hugo Roy (FSFE) gave a talk on Wednesday - about the campaign at the Paris - 'Hackadon' - a new conference for - Free Software giving, organised by three - crowdfunding - organisations. His slides are online in the - GPG presentations - repository.

- -

Hopefully the crowdfunding page on Goteo (a Free Software - Kickstarter) will be ready for launch next week. Email me if you can - help with translating the press release - we're aiming for at least - three languages. And don't forget you can still sign up for email - updates (form below). Thanks for all your support so far!

- - - - - -
-
- - -
-
- 		 
  
 
-
  -
- - - - - - - - - - - - - - -
 Technical resources for this
- service are sponsered by		 
  - OpenIT -  
-
-

- - Valid XHTML 1.0! -     - - Digital Respect for the Masses -     - - Peace! -     - - Valid CSS! -

- -
-
- - - - - - \ No newline at end of file diff --git a/misc/blog.gnupg.org/preparing-for-launch.html b/misc/blog.gnupg.org/preparing-for-launch.html new file mode 120000 index 0000000..b76b44a --- /dev/null +++ b/misc/blog.gnupg.org/preparing-for-launch.html @@ -0,0 +1 @@ +20131213-preparing-for-launch.html \ No newline at end of file diff --git a/misc/blog.gnupg.org/securing-the-future-of-gnupg.html b/misc/blog.gnupg.org/securing-the-future-of-gnupg.html deleted file mode 100644 index 879bc07..0000000 --- a/misc/blog.gnupg.org/securing-the-future-of-gnupg.html +++ /dev/null @@ -1,224 +0,0 @@ - - - - - - Blog - Gnu Privacy Guard - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
  - [GnuPG Logo]  
· English ·     
-
- - - - - - - - - - - - - - - -
Links - -  
  
 
- 		- - - - - - - - - - - - - - - -
- -
-

Securing the future of GPG

-
Posted 5th November 2013 by Sam Tuke
- -

If you've noticed some changes around here, there's a good reason - why. We have a plan for securing the long term stability of GnuPG - development by giving more to our users, and asking more from them - in return.

- -

You already know that GnuPG is important, and as months of fresh - government spying revelations go by, it's becoming obvious that - GnuPG is one of the very few tools that can still be trusted to keep - our data safe from the overwhelming efforts of international law - enforcement. But developing GnuPG takes work - regular monitoring - for newfound threats and exploits, and new features to keep it sharp - with the latest encryption algorithms. We also need to reach out to - the millions of potential GnuPG users who are asking themselves how - they can make their email secure. Public-private key cryptography - hasn't yet gained mainstream acceptance, but it could if it were - just a little more appealing and accessible.

- -

To maintain progress within the project we need to make it easier - for GnuPG users to support the work that we do. Ours is an app that - is often hidden from view, relied upon daily by hundreds of - thousands of people, often in life-threatening circumstances, yet - low profile and rarely supported by publicity or donations.

- -

To change that we're going to launch a new - website with a fresh design, more friendly and accessible - information, and new resources to grow and strengthen our user - group. The new site will also allow the project to accept and manage - new forms of financial support, including automatic subscriptions to - sustain development long term.

- -

Designing, building and populating the new site will take a few - months, and in order to cover the costs there will be - a crowd-funding campaign with a modest target, in - early December. We have some rewards up our sleeves for those who - donate.

- -

When that time comes, we'll need your help - - telling your contacts, forwarding the announcement to your - communities, and contributing financially if you can.

- -

You can subscribe to updates about the campaign using this - form. This is separate to other GnuPG mailing lists - update will be - sent here, and only here.

- - - - - -
-
- - -
- -
- 		 
  
 
-
  -
- - - - - - - - - - - - - - -
 Technical resources for this
- service are sponsered by		 
  - OpenIT -  
-
-

- - Valid XHTML 1.0! -     - - Digital Respect for the Masses -     - - Peace! -     - - Valid CSS! -

- -
-
- - - - - - \ No newline at end of file diff --git a/misc/blog.gnupg.org/securing-the-future-of-gnupg.html b/misc/blog.gnupg.org/securing-the-future-of-gnupg.html new file mode 120000 index 0000000..d4d9ad2 --- /dev/null +++ b/misc/blog.gnupg.org/securing-the-future-of-gnupg.html @@ -0,0 +1 @@ +20131105-securing-the-future-of-gnupg.html \ No newline at end of file diff --git a/misc/blog.gnupg.org/upload b/misc/blog.gnupg.org/upload index 9530b1b..7cbb58b 100755 --- a/misc/blog.gnupg.org/upload +++ b/misc/blog.gnupg.org/upload @@ -7,6 +7,7 @@ if [ "$(pwd | awk -F/ '{print $NF}')" != "blog.gnupg.org" ]; then exit 1 fi -rsync -vr --exclude '*~' --exclude upload . playfair.gnupg.org:/var/www/git/blog.gnupg.org/htdocs/ +rsync -vr --links --exclude '*~' --exclude upload \ + . playfair.gnupg.org:/var/www/git/blog.gnupg.org/htdocs/ #eof ----------------------------------------------------------------------- Summary of changes: ...post.html => 20131030-new-blog-first-post.html} | 0 ... => 20131105-securing-the-future-of-gnupg.html} | 0 ...1113-friends-tell-friends-they-love-gnupg.html} | 0 ...nch.html => 20131213-preparing-for-launch.html} | 0 .../friends-tell-friends-they-love-gnupg.html | 213 +----------------- misc/blog.gnupg.org/index.html | 17 +- misc/blog.gnupg.org/new-blog-first-post.html | 183 +--------------- misc/blog.gnupg.org/preparing-for-launch.html | 230 +------------------- .../securing-the-future-of-gnupg.html | 225 +------------------ misc/blog.gnupg.org/upload | 3 +- 10 files changed, 16 insertions(+), 855 deletions(-) copy misc/blog.gnupg.org/{new-blog-first-post.html => 20131030-new-blog-first-post.html} (100%) copy misc/blog.gnupg.org/{securing-the-future-of-gnupg.html => 20131105-securing-the-future-of-gnupg.html} (100%) copy misc/blog.gnupg.org/{friends-tell-friends-they-love-gnupg.html => 20131113-friends-tell-friends-they-love-gnupg.html} (100%) copy misc/blog.gnupg.org/{preparing-for-launch.html => 20131213-preparing-for-launch.html} (100%) mode change 100644 => 120000 misc/blog.gnupg.org/friends-tell-friends-they-love-gnupg.html mode change 100644 => 120000 misc/blog.gnupg.org/new-blog-first-post.html mode change 100644 => 120000 misc/blog.gnupg.org/preparing-for-launch.html mode change 100644 => 120000 misc/blog.gnupg.org/securing-the-future-of-gnupg.html hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 15 16:06:44 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 15 Dec 2013 16:06:44 +0100 Subject: [git] gnupg-doc - branch, master, updated. e5fab3d9058f334faefec3ee923725d0a6fd5518 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e5fab3d9058f334faefec3ee923725d0a6fd5518 (commit) from b647c067c6622cfde23a2a53718faefdb9f4a5fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e5fab3d9058f334faefec3ee923725d0a6fd5518 Author: Werner Koch Date: Sun Dec 15 16:03:45 2013 +0100 Posted article on Libgcrypt 1.6 performance diff --git a/misc/blog.gnupg.org/20131215-gcrypt-bench.html b/misc/blog.gnupg.org/20131215-gcrypt-bench.html new file mode 100644 index 0000000..f52e58f --- /dev/null +++ b/misc/blog.gnupg.org/20131215-gcrypt-bench.html @@ -0,0 +1,344 @@ + + + + + + TITLE - Blog - Gnu Privacy Guard + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

Speedups in Libgcrypt 1.6

+
Posted 15 December 2013 by Werner Koch
+

+Libgcrypt is a building block of modern GnuPG versions (GnuPG 2.x) +and also used by a wide range of other projects. In fact all Linux +distributions install Libgcrypt by default. +

+ +

+One problem with Libgcrypt has always been that it did not deliver +top performance compared to OpenSSL. Even another GNU crypto +library, Nettle, is in some areas faster. The reason for this is +that Libgcrypt was based on an old GnuPG version. Back in the +1990s performance was not the first aim for free crypto software. +The crypto authors haved been treated as arms trafficker in the US +and not allowed to freely distribute their code. Thus the primary +goal was to write free crypto code in one of the free countries. +Further, patents severely hindered the use of crypto algorithms. +This together may explain why top performance was not an issue at +that time. Over the years this changed to the better. However, +free software development is mostly driven by user demand and there +was not much demand for a faster GnuPG. Thus we did not care much +on speeding up Libgcrypt. Well, basic support for VIA and Intel +CPU accelerated encryption features was eventually added but still +lots of other things could have been optimized. +

+ +

+Last year, Jussi Kivilinna joined the team and started to add CPU +optimized implementations of common cipher algorithms. This +changed the picture for cipher and hash algorithms. The soon to be +released Libgcrypt 1.6 is now up to modern standards on what can be +achieved on general purpose CPUs. +

+ +

+To check how 1.6.0 will compare to the older 1.5 version of +Libgcrypt, I did some benchmarks using a Thinkpad X220 which +features an i5-2410M processor at 2.3GHz running a 64 bit Debian +Wheezy. Default compiler options have been used. +

+ +

+First let us see how hash algorithms compare (click to enlarge): +

+ + +
+

libgcrypt-1.6.0-hash-bench_s.png +

+
+ +

+The olive bars indicates how many bytes can be hashed by version +1.5.3, the green bar gives the figure for the new 1.6.0, and +finally for some algorithms the hatched bar to what Nettle 2.7 is +up to. +

+ +

+The number for the completely insecure MD4 algorithms is way to +high (~750 MiB/s) to be included in this chart, thus it has been +capped. For MD5 the old Libgcrypt is faster. This is a bit +surprising but we have not researched the reason; anyway, MD5 shall +not be used by today's software because it has been completely +broken. For most of the other algorithm the performance figures +are all quite similar. For the important SHA-1 algorithm 1.6 gains +top speed of all compared implementations and further speedups are +expected in future versions. +

+ +

+The major improvements are for SHA-256 and SHA-512 (SHA-384 is a +basically SHA-512 with a truncated digest). The use of Intel +provided code which utilizes SSSE3 clearly boosts the performance +on this machine and probably on a wide range of other modern Intel +CPUs. +

+ +

+All hash functions are a target for more optimization in +forthcoming versions of Libgcrypt. +

+ +

+Now what about cipher algorithms? Have a look at this chart: +

+ + +
+

libgcrypt-1.6.0-cipher-bench_s.png +

+
+ +

+First, you notice that we have a lot of algorithms here. The +benchmarks are all done for ECM mode encryption. +

+ +

+There are two extremes here: 3DES is by far the slowest algorithm. +It is also the oldest one but still considered rock solid. In the +top performance range we see two algorithms: Arcfour (sometimes +called RC4), which is a simple, hard to correctly use, and worse +broken design which unfortunately is still used at a lot of places. +Even outperforming that are the modern Salsa algorithms, which are +considered strong and trustworthy. They peak at about 750 MiB/s +and 1150 for the reduced round SalsaR12 variant. Both are easy to +use stream ciphers. +

+ +

+The Serpent (an AES competition final candidate) and Camellia +(preferred in Japan) ciphers are in the same performance range for +1.5 but with the improvements of 1.6 Camellia gets close to the +performance of AES under 1.5. Jussi put a lot of work into fine +tuning AES in 1.6. Thus even with AES-NI hardware acceleration +disabled (as shown here) the throughput for AES encryption has been +doubled. +

+ +

+Given that AES is the standard encryption algorithms today, it is +worth to have a closer look at AES under different modes of +operation. +

+ + +
+

libgcrypt-1.6.0-aes-bench_s.png +

+
+ +

+For each encryption mode you see three groups of bars; one for each +cipher size. The first group is for Libgcrypt 1.5, the second for +1.6, and the third for Nettle. Note that only 1.6 implements all +modes. +

+ +

+It is quite obvious that the throughput available with 1.6 is way +better than with 1.5 and also considerable higher than with Nettle. +

+ +

+Finally we have a look at the performance of AES-NI acceleration: +

+ + +
+

libgcrypt-1.6.0-aesni-bench_s.png +

+
+ +

+This time we have no values for Nettle. If you take the different +scale in consideration it is quite clear how hardware supported +acceleration can boost performance. However, we can?t be sure +whether the CPU has been backdoored to leak key bits. +

+ +

+The actual numbers have been collected using the bench-slope test +program from Libgcrypt and the Nettle benchmark. They are +available in a Gnumeric spreadsheet. +

+ +

+Jussi did a another set of benchmarks which include figures for +OpenSSL; you find them here. He did them using a modified version +of a 2008 speedtest comparison. He compared OpenSSL 1.0.1e, +Libgcrypt-1.5, Libgcrypt-1.6 (ECB & CTR), and Nettle (2.7.1) on +Intel Haswell. Used key sizes were 256 bit or shorter if 256 bit +is not supported. Each measurement did a key setup for encryption, +the encryption, a key setup for decryption, and the decryption all +for different buffer lengths. +

+ + +
+ + + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/20131215-gcrypt-bench.org b/misc/blog.gnupg.org/20131215-gcrypt-bench.org new file mode 100644 index 0000000..4fafe04 --- /dev/null +++ b/misc/blog.gnupg.org/20131215-gcrypt-bench.org @@ -0,0 +1,124 @@ +# About Libgcrypt 1.6 performance + +** Speedups in Libgcrypt 1.6 + + Libgcrypt is a building block of modern GnuPG versions (GnuPG 2.x) + and also used by a wide range of other projects. In fact all Linux + distributions install Libgcrypt by default. + + One problem with Libgcrypt has always been that it did not deliver + top performance compared to OpenSSL. Even another GNU crypto + library, Nettle, is in some areas faster. The reason for this is + that Libgcrypt was based on an old GnuPG version. Back in the + 1990s performance was not the first aim for free crypto software. + The crypto authors haved been treated as arms trafficker in the US + and not allowed to freely distribute their code. Thus the primary + goal was to write free crypto code in one of the free countries. + Further, patents severely hindered the use of crypto algorithms. + This together may explain why top performance was not an issue at + that time. Over the years this changed to the better. However, + free software development is mostly driven by user demand and there + was not much demand for a faster GnuPG. Thus we did not care much + on speeding up Libgcrypt. Well, basic support for VIA and Intel + CPU accelerated encryption features was eventually added but still + lots of other things could have been optimized. + + Last year, Jussi Kivilinna joined the team and started to add CPU + optimized implementations of common cipher algorithms. This + changed the picture for cipher and hash algorithms. The soon to be + released Libgcrypt 1.6 is now up to modern standards on what can be + achieved on general purpose CPUs. + + To check how 1.6.0 will compare to the older 1.5 version of + Libgcrypt, I did some benchmarks using a Thinkpad X220 which + features an i5-2410M processor at 2.3GHz running a 64 bit Debian + Wheezy. Default compiler options have been used. + + First let us see how hash algorithms compare (click to enlarge): + + [[file:img/libgcrypt-1.6.0-hash-bench.png][file:img/libgcrypt-1.6.0-hash-bench_s.png]] + + The olive bars indicates how many bytes can be hashed by version + 1.5.3, the green bar gives the figure for the new 1.6.0, and + finally for some algorithms the hatched bar to what Nettle 2.7 is + up to. + + The number for the completely insecure MD4 algorithms is way to + high (~750 MiB/s) to be included in this chart, thus it has been + capped. For MD5 the old Libgcrypt is faster. This is a bit + surprising but we have not researched the reason; anyway, MD5 shall + not be used by today's software because it has been completely + broken. For most of the other algorithm the performance figures + are all quite similar. For the important SHA-1 algorithm 1.6 gains + top speed of all compared implementations and further speedups are + expected in future versions. + + The major improvements are for SHA-256 and SHA-512 (SHA-384 is a + basically SHA-512 with a truncated digest). The use of Intel + provided code which utilizes SSSE3 clearly boosts the performance + on this machine and probably on a wide range of other modern Intel + CPUs. + + All hash functions are a target for more optimization in + forthcoming versions of Libgcrypt. + + Now what about cipher algorithms? Have a look at this chart: + + [[file:img/libgcrypt-1.6.0-cipher-bench.png][file:img/libgcrypt-1.6.0-cipher-bench_s.png]] + + First, you notice that we have a lot of algorithms here. The + benchmarks are all done for ECM mode encryption. + + There are two extremes here: 3DES is by far the slowest algorithm. + It is also the oldest one but still considered rock solid. In the + top performance range we see two algorithms: Arcfour (sometimes + called RC4), which is a simple, hard to correctly use, and worse + broken design which unfortunately is still used at a lot of places. + Even outperforming that are the modern Salsa algorithms, which are + considered strong and trustworthy. They peak at about 750 MiB/s + and 1150 for the reduced round SalsaR12 variant. Both are easy to + use stream ciphers. + + The Serpent (an AES competition final candidate) and Camellia + (preferred in Japan) ciphers are in the same performance range for + 1.5 but with the improvements of 1.6 Camellia gets close to the + performance of AES under 1.5. Jussi put a lot of work into fine + tuning AES in 1.6. Thus even with AES-NI hardware acceleration + disabled (as shown here) the throughput for AES encryption has been + doubled. + + Given that AES is the standard encryption algorithms today, it is + worth to have a closer look at AES under different modes of + operation. + + [[file:img/libgcrypt-1.6.0-aes-bench.png][file:img/libgcrypt-1.6.0-aes-bench_s.png]] + + For each encryption mode you see three groups of bars; one for each + cipher size. The first group is for Libgcrypt 1.5, the second for + 1.6, and the third for Nettle. Note that only 1.6 implements all + modes. + + It is quite obvious that the throughput available with 1.6 is way + better than with 1.5 and also considerable higher than with Nettle. + + Finally we have a look at the performance of AES-NI acceleration: + + [[file:img/libgcrypt-1.6.0-aesni-bench.png][file:img/libgcrypt-1.6.0-aesni-bench_s.png]] + + This time we have no values for Nettle. If you take the different + scale in consideration it is quite clear how hardware supported + acceleration can boost performance. However, we can?t be sure + whether the CPU has been backdoored to leak key bits. + + The actual numbers have been collected using the bench-slope test + program from Libgcrypt and the Nettle benchmark. They are + available in a Gnumeric [[file:data/gcrypt-bench-x220-2300.gnumeric][spreadsheet]]. + + Jussi did a another set of benchmarks which include figures for + OpenSSL; you find them [[http://koti.kapsi.fi/~jukivili/gcrypt/haswell-3200-ubuntu-saucy-gcrypt.pdf][here]]. He did them using a modified version + of a 2008 [[http://panthema.net/2008/0714-cryptography-speedtest-comparison/][speedtest comparison]]. He compared OpenSSL 1.0.1e, + Libgcrypt-1.5, Libgcrypt-1.6 (ECB & CTR), and Nettle (2.7.1) on + Intel Haswell. Used key sizes were 256 bit or shorter if 256 bit + is not supported. Each measurement did a key setup for encryption, + the encryption, a key setup for decryption, and the decryption all + for different buffer lengths. diff --git a/misc/blog.gnupg.org/data/gcrypt-bench-x220-2300.gnumeric b/misc/blog.gnupg.org/data/gcrypt-bench-x220-2300.gnumeric new file mode 100644 index 0000000..792380b Binary files /dev/null and b/misc/blog.gnupg.org/data/gcrypt-bench-x220-2300.gnumeric differ diff --git a/misc/blog.gnupg.org/entry.templ.html b/misc/blog.gnupg.org/entry.templ.html new file mode 100644 index 0000000..b3ff6e8 --- /dev/null +++ b/misc/blog.gnupg.org/entry.templ.html @@ -0,0 +1,169 @@ + + + + + + TITLE - Blog - Gnu Privacy Guard + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

TITLE

+
Posted DATESTRING by AUTHOR
+ + + +
+ + + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench.png new file mode 100644 index 0000000..1c401ca Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench_s.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench_s.png new file mode 100644 index 0000000..b92517d Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench_s.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench.png new file mode 100644 index 0000000..a48abd5 Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench_s.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench_s.png new file mode 100644 index 0000000..ccaf4dc Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench_s.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench.png new file mode 100644 index 0000000..fdab7d9 Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench_s.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench_s.png new file mode 100644 index 0000000..9da2c55 Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench_s.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench.png new file mode 100644 index 0000000..45cf05f Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench.png differ diff --git a/misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench_s.png b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench_s.png new file mode 100644 index 0000000..314fb5a Binary files /dev/null and b/misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench_s.png differ diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 415780c..a832dbf 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -72,6 +72,19 @@

Blogs

+

Speedups in Libgcrypt 1.6

 +
Posted 15 December 2013 by Werner Koch
+

+[...] To check how the forthcoming version 1.6.0 of Libgcrypt +compares to the older 1.5 version of Libgcrypt, I did some benchmarks +using a Thinkpad X220 which features an i5-2410M processor at 2.3GHz +running a 64 bit Debian Wheezy. +{more} +

+
+ +

Preparing for launch

 @@ -79,8 +92,7 @@

Mid December, giving season, and nearly time for the GnuPG Crowdfunding to commence. We've been working hard on - preparations. Drafts of the new mobile website design have been - published and met positive feedback, and a community-contibuted + preparations. Drafts of the new mobile website design have been published and met positive feedback, and a community-contibuted promo video was posted on YouTube. GnuPG coverage on Twitter continues to grow with many articles (The ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131215-gcrypt-bench.html | 344 ++++++++++++++++++++ misc/blog.gnupg.org/20131215-gcrypt-bench.org | 124 +++++++ .../data/gcrypt-bench-x220-2300.gnumeric | Bin 0 -> 31359 bytes misc/blog.gnupg.org/entry.templ.html | 169 ++++++++++ .../img/libgcrypt-1.6.0-aes-bench.png | Bin 0 -> 33643 bytes .../img/libgcrypt-1.6.0-aes-bench_s.png | Bin 0 -> 11486 bytes .../img/libgcrypt-1.6.0-aesni-bench.png | Bin 0 -> 24412 bytes .../img/libgcrypt-1.6.0-aesni-bench_s.png | Bin 0 -> 8738 bytes .../img/libgcrypt-1.6.0-cipher-bench.png | Bin 0 -> 39754 bytes .../img/libgcrypt-1.6.0-cipher-bench_s.png | Bin 0 -> 12430 bytes .../img/libgcrypt-1.6.0-hash-bench.png | Bin 0 -> 33756 bytes .../img/libgcrypt-1.6.0-hash-bench_s.png | Bin 0 -> 11542 bytes misc/blog.gnupg.org/index.html | 16 +- 13 files changed, 651 insertions(+), 2 deletions(-) create mode 100644 misc/blog.gnupg.org/20131215-gcrypt-bench.html create mode 100644 misc/blog.gnupg.org/20131215-gcrypt-bench.org create mode 100644 misc/blog.gnupg.org/data/gcrypt-bench-x220-2300.gnumeric create mode 100644 misc/blog.gnupg.org/entry.templ.html create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-aes-bench_s.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-aesni-bench_s.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-cipher-bench_s.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench.png create mode 100644 misc/blog.gnupg.org/img/libgcrypt-1.6.0-hash-bench_s.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 15 19:11:03 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 15 Dec 2013 19:11:03 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-445-g110fed2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d (commit) from bfb43a17d8db571fca4ed433ee8be5c366745844 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d Author: Jussi Kivilinna Date: Sun Dec 15 20:07:54 2013 +0200 Use u64 for CCM data lengths * cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF]. [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for data lengths. [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt) (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce) (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag) (_gcry_cipher_ccm_check_tag): Dummy functions returning GPG_ERROR_NOT_SUPPORTED. * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm) (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use u64 instead of size_t for CCM data lengths. * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset) (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED for CCM. (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for GCRYCTL_SET_CCM_LENGTHS length parameters. * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF. * tests/bench-slope.c: Ditto. * tests/benchmark.c: Ditto. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c index d2b8841..47f2162 100644 --- a/cipher/cipher-ccm.c +++ b/cipher/cipher-ccm.c @@ -29,6 +29,9 @@ #include "bufhelp.h" #include "./cipher-internal.h" +/* We need a 64 bit type for this code. */ +#ifdef HAVE_U64_TYPEDEF + #define set_burn(burn, nburn) do { \ unsigned int __nburn = (nburn); \ @@ -149,14 +152,14 @@ _gcry_cipher_ccm_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce, gcry_err_code_t -_gcry_cipher_ccm_set_lengths (gcry_cipher_hd_t c, size_t encryptlen, - size_t aadlen, size_t taglen) +_gcry_cipher_ccm_set_lengths (gcry_cipher_hd_t c, u64 encryptlen, u64 aadlen, + u64 taglen) { unsigned int burn = 0; unsigned char b0[16]; size_t noncelen = 15 - (c->u_iv.iv[0] + 1); - size_t M = taglen; - size_t M_; + u64 M = taglen; + u64 M_; int i; M_ = (M - 2) / 2; @@ -203,7 +206,6 @@ _gcry_cipher_ccm_set_lengths (gcry_cipher_hd_t c, size_t encryptlen, buf_put_be32(&b0[2], aadlen); set_burn (burn, do_cbc_mac (c, b0, 6, 0)); } -#ifdef HAVE_U64_TYPEDEF else if (aadlen > (unsigned int)0xffffffff) { b0[0] = 0xff; @@ -211,7 +213,6 @@ _gcry_cipher_ccm_set_lengths (gcry_cipher_hd_t c, size_t encryptlen, buf_put_be64(&b0[2], aadlen); set_burn (burn, do_cbc_mac (c, b0, 10, 0)); } -#endif /* Generate S_0 and increase counter. */ set_burn (burn, c->spec->encrypt ( &c->context.c, c->u_mode.ccm.s0, @@ -364,3 +365,78 @@ _gcry_cipher_ccm_decrypt (gcry_cipher_hd_t c, unsigned char *outbuf, return err; } + +#else + +/* + * Provide dummy functions so that we avoid adding too much #ifdefs in + * cipher.c. + */ + +gcry_err_code_t +_gcry_cipher_ccm_encrypt(gcry_cipher_hd_t c, unsigned char *outbuf, + size_t outbuflen, const unsigned char *inbuf, + size_t inbuflen) +{ + (void)c; + (void)outbuf; + (void)outbuflen; + (void)inbuf; + (void)inbuflen; + return GPG_ERR_NOT_SUPPORTED; +} + +gcry_err_code_t +_gcry_cipher_ccm_decrypt(gcry_cipher_hd_t c, unsigned char *outbuf, + size_t outbuflen, const unsigned char *inbuf, + size_t inbuflen) +{ + (void)c; + (void)outbuf; + (void)outbuflen; + (void)inbuf; + (void)inbuflen; + return GPG_ERR_NOT_SUPPORTED; +} + +gcry_err_code_t +_gcry_cipher_ccm_set_nonce(gcry_cipher_hd_t c, const unsigned char *nonce, + size_t noncelen) +{ + (void)c; + (void)nonce; + (void)noncelen; + return GPG_ERR_NOT_SUPPORTED; +} + +gcry_err_code_t +_gcry_cipher_ccm_authenticate(gcry_cipher_hd_t c, const unsigned char *abuf, + size_t abuflen) +{ + (void)c; + (void)abuf; + (void)abuflen; + return GPG_ERR_NOT_SUPPORTED; +} + +gcry_err_code_t +_gcry_cipher_ccm_get_tag(gcry_cipher_hd_t c, unsigned char *outtag, + size_t taglen) +{ + (void)c; + (void)outtag; + (void)taglen; + return GPG_ERR_NOT_SUPPORTED; +} + +gcry_err_code_t +_gcry_cipher_ccm_check_tag(gcry_cipher_hd_t c, const unsigned char *intag, + size_t taglen) +{ + (void)c; + (void)intag; + (void)taglen; + return GPG_ERR_NOT_SUPPORTED; +} + +#endif /*HAVE_U64_TYPEDEF*/ diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 6fb3bac..cdac445 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -135,10 +135,11 @@ struct gcry_cipher_handle int unused; /* Number of unused bytes in LASTIV. */ union { +#ifdef HAVE_U64_TYPEDEF /* Mode specific storage for CCM mode. */ struct { - size_t encryptlen; - size_t aadlen; + u64 encryptlen; + u64 aadlen; unsigned int authlen; /* Space to save partial input lengths for MAC. */ @@ -151,6 +152,7 @@ struct gcry_cipher_handle unsigned int lengths:1; /* Set to 1 if CCM length parameters has been processed. */ } ccm; +#endif /* Mode specific storage for CMAC mode. */ struct { @@ -280,9 +282,10 @@ gcry_err_code_t _gcry_cipher_ccm_set_nonce size_t noncelen); gcry_err_code_t _gcry_cipher_ccm_authenticate /* */ (gcry_cipher_hd_t c, const unsigned char *abuf, size_t abuflen); +#ifdef HAVE_U64_TYPEDEF gcry_err_code_t _gcry_cipher_ccm_set_lengths -/* */ (gcry_cipher_hd_t c, size_t encryptedlen, size_t aadlen, - size_t taglen); +/* */ (gcry_cipher_hd_t c, u64 encryptedlen, u64 aadlen, u64 taglen); +#endif gcry_err_code_t _gcry_cipher_ccm_get_tag /* */ (gcry_cipher_hd_t c, unsigned char *outtag, size_t taglen); diff --git a/cipher/cipher.c b/cipher/cipher.c index 8b47abc..8c5a0b4 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -394,11 +394,15 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, switch (mode) { case GCRY_CIPHER_MODE_CCM: +#ifdef HAVE_U64_TYPEDEF if (spec->blocksize != GCRY_CCM_BLOCK_LEN) err = GPG_ERR_INV_CIPHER_MODE; if (!spec->encrypt || !spec->decrypt) err = GPG_ERR_INV_CIPHER_MODE; break; +#else + err = GPG_ERR_NOT_SUPPORTED; +#endif case GCRY_CIPHER_MODE_ECB: case GCRY_CIPHER_MODE_CBC: @@ -686,9 +690,11 @@ cipher_reset (gcry_cipher_hd_t c) } break; +#ifdef HAVE_U64_TYPEDEF case GCRY_CIPHER_MODE_CCM: memset (&c->u_mode.ccm, 0, sizeof c->u_mode.ccm); break; +#endif default: break; /* u_mode unused by other modes. */ @@ -1139,8 +1145,9 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) break; case GCRYCTL_SET_CCM_LENGTHS: +#ifdef HAVE_U64_TYPEDEF { - size_t params[3]; + u64 params[3]; size_t encryptedlen; size_t aadlen; size_t authtaglen; @@ -1148,7 +1155,7 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) if (h->mode != GCRY_CIPHER_MODE_CCM) return gcry_error (GPG_ERR_INV_CIPHER_MODE); - if (!buffer || buflen != 3 * sizeof(size_t)) + if (!buffer || buflen != 3 * sizeof(u64)) return gcry_error (GPG_ERR_INV_ARG); /* This command is used to pass additional length parameters needed @@ -1160,6 +1167,9 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) rc = _gcry_cipher_ccm_set_lengths (h, encryptedlen, aadlen, authtaglen); } +#else + rc = GPG_ERR_NOT_SUPPORTED; +#endif break; case GCRYCTL_DISABLE_ALGO: diff --git a/tests/basic.c b/tests/basic.c index 6ffc3f5..0eb8215 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1545,6 +1545,7 @@ check_gcm_cipher (void) static void check_ccm_cipher (void) { +#ifdef HAVE_U64_TYPEDEF static const struct tv { int algo; @@ -1950,7 +1951,7 @@ check_ccm_cipher (void) static const int cut[] = { 0, 1, 8, 10, 16, 19, -1 }; gcry_cipher_hd_t hde, hdd; unsigned char out[MAX_DATA_LEN]; - size_t ctl_params[3]; + u64 ctl_params[3]; int split, aadsplit; size_t j, i, keylen, blklen, authlen; gcry_error_t err = 0; @@ -2305,10 +2306,11 @@ check_ccm_cipher (void) if (memcmp (buf, tag, taglen) != 0) fail ("cipher-ccm-huge, encrypt mismatch entry\n"); } -#endif if (verbose) fprintf (stderr, " Completed CCM checks.\n"); +#endif +#endif /*HAVE_U64_TYPEDEF*/ } diff --git a/tests/bench-slope.c b/tests/bench-slope.c index 219e0dd..bd05064 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -740,7 +740,7 @@ static struct bench_ops decrypt_ops = { }; - +#ifdef HAVE_U64_TYPEDEF static void bench_ccm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { @@ -748,7 +748,7 @@ bench_ccm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) int err; char tag[8]; char nonce[11] = { 0x80, 0x01, }; - size_t params[3]; + u64 params[3]; gcry_cipher_setiv (hd, nonce, sizeof (nonce)); @@ -792,7 +792,7 @@ bench_ccm_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) int err; char tag[8] = { 0, }; char nonce[11] = { 0x80, 0x01, }; - size_t params[3]; + u64 params[3]; gcry_cipher_setiv (hd, nonce, sizeof (nonce)); @@ -839,7 +839,7 @@ bench_ccm_authenticate_do_bench (struct bench_obj *obj, void *buf, int err; char tag[8] = { 0, }; char nonce[11] = { 0x80, 0x01, }; - size_t params[3]; + u64 params[3]; char data = 0xff; gcry_cipher_setiv (hd, nonce, sizeof (nonce)); @@ -903,6 +903,8 @@ static struct bench_ops ccm_authenticate_ops = { &bench_encrypt_free, &bench_ccm_authenticate_do_bench }; +#endif /*HAVE_U64_TYPEDEF*/ + static void bench_gcm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) @@ -1037,9 +1039,11 @@ static struct bench_cipher_mode cipher_modes[] = { {GCRY_CIPHER_MODE_OFB, "OFB dec", &decrypt_ops}, {GCRY_CIPHER_MODE_CTR, "CTR enc", &encrypt_ops}, {GCRY_CIPHER_MODE_CTR, "CTR dec", &decrypt_ops}, +#ifdef HAVE_U64_TYPEDEF {GCRY_CIPHER_MODE_CCM, "CCM enc", &ccm_encrypt_ops}, {GCRY_CIPHER_MODE_CCM, "CCM dec", &ccm_decrypt_ops}, {GCRY_CIPHER_MODE_CCM, "CCM auth", &ccm_authenticate_ops}, +#endif {GCRY_CIPHER_MODE_GCM, "GCM enc", &gcm_encrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM dec", &gcm_decrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM auth", &gcm_authenticate_ops}, diff --git a/tests/benchmark.c b/tests/benchmark.c index 62dfc22..e009c22 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -562,13 +562,13 @@ mac_bench ( const char *algoname ) } - +#ifdef HAVE_U64_TYPEDEF static void ccm_aead_init(gcry_cipher_hd_t hd, size_t buflen, int authlen) { const int _L = 4; const int noncelen = 15 - _L; char nonce[noncelen]; - size_t params[3]; + u64 params[3]; gcry_error_t err = GPG_ERR_NO_ERROR; memset (nonce, 0x33, noncelen); @@ -594,6 +594,7 @@ static void ccm_aead_init(gcry_cipher_hd_t hd, size_t buflen, int authlen) exit (1); } } +#endif static void @@ -622,8 +623,10 @@ cipher_bench ( const char *algoname ) { GCRY_CIPHER_MODE_CFB, " CFB", 0 }, { GCRY_CIPHER_MODE_OFB, " OFB", 0 }, { GCRY_CIPHER_MODE_CTR, " CTR", 0 }, +#ifdef HAVE_U64_TYPEDEF { GCRY_CIPHER_MODE_CCM, " CCM", 0, ccm_aead_init, GCRY_CCM_BLOCK_LEN, 8 }, +#endif { GCRY_CIPHER_MODE_GCM, " GCM", 0, NULL, GCRY_GCM_BLOCK_LEN, GCRY_GCM_BLOCK_LEN }, { GCRY_CIPHER_MODE_STREAM, "", 0 }, ----------------------------------------------------------------------- Summary of changes: cipher/cipher-ccm.c | 88 ++++++++++++++++++++++++++++++++++++++++++---- cipher/cipher-internal.h | 11 +++--- cipher/cipher.c | 14 ++++++-- tests/basic.c | 6 ++-- tests/bench-slope.c | 12 ++++--- tests/benchmark.c | 7 ++-- 6 files changed, 118 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 11:20:47 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Mon, 16 Dec 2013 11:20:47 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-447-g953535a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 953535a7de68cf62b5b1ad6f96ea3a9edd83762c (commit) via 5c31990214b58c4e17edb01fbbe6d9f573975a22 (commit) from 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 953535a7de68cf62b5b1ad6f96ea3a9edd83762c Author: Jussi Kivilinna Date: Mon Dec 16 12:15:37 2013 +0200 Change dummy variable in mpih-div.c to mpi_limb_t type * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy variable to 'mpi_limb_t' type from 'int'. -- Patch attempts to fix problem reported by Matthias Wachs: while updating our buildbots I got another compile error: On a OS X machine: Darwin luke.net.in.tum.de 11.3.0 Darwin Kernel Version 11.3.0: Thu Jan 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64 x86_64 /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/opt/local/include -I/opt/local/include -g -O2 -Wall -MT mpih-div.lo -MD -MP -MF .deps/mpih-div.Tpo -c -o mpih-div.lo mpih-div.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/opt/local/include -I/opt/local/include -g -O2 -Wall -MT mpih-div.lo -MD -MP -MF .deps/mpih-div.Tpo -c mpih-div.c -fno-common -DPIC -o .libs/mpih-div.o mpih-div.c: In function '_gcry_mpih_mod_1': mpih-div.c:183: error: unsupported inline asm: input constraint with a matching output constraint of incompatible type! make[2]: *** [mpih-div.lo] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 The new x86-64 inline assembly for MPI expects outputs to be limb sized variables (64-bit), but mpi/mpih-div.c was using 32-bit dummy variable. Appearently this mismatch between assembly output and variable sizes does not fail on every platform. Signed-off-by: Jussi Kivilinna diff --git a/mpi/mpih-div.c b/mpi/mpih-div.c index 0bddd22..57c1b58 100644 --- a/mpi/mpih-div.c +++ b/mpi/mpih-div.c @@ -48,7 +48,7 @@ _gcry_mpih_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size, { mpi_size_t i; mpi_limb_t n1, n0, r; - int dummy GCC_ATTR_UNUSED; + mpi_limb_t dummy GCC_ATTR_UNUSED; /* Botch: Should this be handled at all? Rely on callers? */ if( !dividend_size ) @@ -396,7 +396,7 @@ _gcry_mpih_divmod_1( mpi_ptr_t quot_ptr, { mpi_size_t i; mpi_limb_t n1, n0, r; - int dummy GCC_ATTR_UNUSED; + mpi_limb_t dummy GCC_ATTR_UNUSED; if( !dividend_size ) return 0; commit 5c31990214b58c4e17edb01fbbe6d9f573975a22 Author: Jussi Kivilinna Date: Mon Dec 16 11:54:37 2013 +0200 Remove duplicate gcry_mac_hd_t typedef * cipher/mac-internal.h (gcry_mac_hd_t): Remove. -- Attempt to fix problem reported by Matthias Wachs: On a freebsd 9.1 amd64 and a debian Lenny x86 system: In file included from mac.c:27: mac-internal.h:22: error: redefinition of typedef 'gcry_mac_hd_t' ../src/gcrypt.h:1301: error: previous declaration of 'gcry_mac_hd_t' was here *** [mac.lo] Error code 1 Signed-off-by: Jussi Kivilinna diff --git a/cipher/mac-internal.h b/cipher/mac-internal.h index 2a5e7c6..6fc304b 100644 --- a/cipher/mac-internal.h +++ b/cipher/mac-internal.h @@ -19,7 +19,6 @@ /* The data object used to hold a handle to an encryption object. */ struct gcry_mac_handle; -typedef struct gcry_mac_handle *gcry_mac_hd_t; /* ----------------------------------------------------------------------- Summary of changes: cipher/mac-internal.h | 1 - mpi/mpih-div.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 11:56:36 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 11:56:36 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-450-ga6b9304 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via a6b9304a889397ac98e1c2c4ac3e178669d94492 (commit) via 5a7ce59396fe56f0d681df314bfbdb5f7732d4b1 (commit) via dec048b2ec79271a2f4405be5b87b1e768b3f1a9 (commit) from 953535a7de68cf62b5b1ad6f96ea3a9edd83762c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a6b9304a889397ac98e1c2c4ac3e178669d94492 Author: Werner Koch Date: Mon Dec 16 11:43:22 2013 +0100 Add configure option --enable-large-data-tests. * configure.ac: Add option --enable-large-data-tests. * tests/hashtest-256g.in: New. * tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in. (TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and tests_sh_last. (tests_sh_last): Add hashtest-256g (noinst_PROGRAMS): Add only tests_bin and tests_bin_last. (bench-slope.log, hashtest-256g.log): New rules to enforce serial run. Signed-off-by: Werner Koch diff --git a/README b/README index ff3ce9c..558e008 100644 --- a/README +++ b/README @@ -80,6 +80,10 @@ Here is a list of configure options which are sometimes useful for installation. + --enable-large-data-tests + With this option a "make check" will take really + long due to extra checks for the hash algorithms. + --enable-m-guard Enable the integrated malloc checking code. Please note that this feature does not work on all CPUs diff --git a/configure.ac b/configure.ac index 9088d02..571e156 100644 --- a/configure.ac +++ b/configure.ac @@ -524,6 +524,16 @@ if test "$use_m_guard" = yes ; then AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) fi +# Implementation of the --enable-large-data-tests switch. +AC_MSG_CHECKING([whether to run large data tests]) +AC_ARG_ENABLE(large-data-tests, + AC_HELP_STRING([--enable-large-data-tests], + [Enable the real long ruinning large data tests]), + large_data_tests=$enableval,large_data_tests=no) +AC_MSG_RESULT($large_data_tests) +AC_SUBST(RUN_LARGE_DATA_TESTS, $large_data_tests) + + # Implementation of the --with-capabilities switch. # Check whether we want to use Linux capabilities AC_MSG_CHECKING([whether use of capabilities is requested]) @@ -1914,6 +1924,7 @@ src/libgcrypt-config src/versioninfo.rc tests/Makefile ]) +AC_CONFIG_FILES([tests/hashtest-256g], [chmod +x tests/hashtest-256g]) AC_OUTPUT diff --git a/tests/Makefile.am b/tests/Makefile.am index 3fb9fd6..f5b5b9f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -18,13 +18,24 @@ ## Process this file with automake to produce Makefile.in -TESTS = version mpitests tsexp t-convert \ +tests_bin = \ + version mpitests tsexp t-convert \ t-mpi-bit t-mpi-point curves \ prime basic keygen pubkey hmac hashtest t-kdf keygrip \ fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 t-ed25519 -# The last tests to run. -TESTS += benchmark bench-slope +tests_bin_last = benchmark bench-slope + +tests_sh = + +tests_sh_last = hashtest-256g + +TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last) + +# Force sequential run of some tests. +bench-slope.log: benchmark.log +hashtest-256g.log: bench-slope.log + TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1 @@ -37,8 +48,8 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS) LDADD = ../src/libgcrypt.la $(DL_LIBS) ../compat/libcompat.la $(GPG_ERROR_LIBS) EXTRA_PROGRAMS = testapi pkbench -noinst_PROGRAMS = $(TESTS) fipsdrv rsacvt genhashdata +noinst_PROGRAMS = $(tests_bin) $(tests_bin_last) fipsdrv rsacvt genhashdata EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \ pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \ - t-ed25519.inp stopwatch.h + t-ed25519.inp stopwatch.h hashtest-256g.in diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in new file mode 100755 index 0000000..02ab3f6 --- /dev/null +++ b/tests/hashtest-256g.in @@ -0,0 +1,7 @@ +#!/bin/sh + +algos="SHA1 SHA256" + +test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77 +echo " now running 256 GiB tests for $algos - this takes looong" +exec ./hashtest --gigs 256 $algos commit 5a7ce59396fe56f0d681df314bfbdb5f7732d4b1 Author: Werner Koch Date: Mon Dec 16 09:45:02 2013 +0100 random: Call random progress handler more often. * random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress indicator earlier. -- GnuPG-bug-id: 1531 Signed-off-by: Werner Koch diff --git a/random/rndlinux.c b/random/rndlinux.c index 21ea8c4..89ac203 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -183,6 +183,18 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, struct timeval tv; int rc; + /* If we collected some bytes update the progress indicator. We + do this always and not just if the select timed out because + often just a few bytes are gathered within the timeout + period. */ + if (any_need_entropy || last_so_far != (want - length) ) + { + last_so_far = want - length; + _gcry_random_progress ("need_entropy", 'X', + (int)last_so_far, (int)want); + any_need_entropy = 1; + } + /* If the system has no limit on the number of file descriptors and we encounter an fd which is larger than the fd_set size, we don't use the select at all. The select code is only used @@ -198,13 +210,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, tv.tv_usec = delay? 0 : 100000; if ( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) { - if (!any_need_entropy || last_so_far != (want - length) ) - { - last_so_far = want - length; - _gcry_random_progress ("need_entropy", 'X', - (int)last_so_far, (int)want); - any_need_entropy = 1; - } + any_need_entropy = 1; delay = 3; /* Use 3 seconds henceforth. */ continue; } commit dec048b2ec79271a2f4405be5b87b1e768b3f1a9 Author: Werner Koch Date: Mon Dec 16 09:22:10 2013 +0100 cipher: Normalize the MPIs used as input to secret key functions. * cipher/dsa.c (sign): Normalize INPUT. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Reduce DATA before passing to secret. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. This is an extra pre-caution in case RSA blinding has been disabled. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch diff --git a/cipher/dsa.c b/cipher/dsa.c index 5d29ba4..50bdab1 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -583,7 +583,10 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey, mpi_rshift (hash, hash, abits - qbits); } else - hash = input; + { + mpi_normalize (input); + hash = input; + } again: /* Create the K value. */ diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 3645e7d..a71a9bc 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -497,10 +497,13 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) static void -decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) +decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) { gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + mpi_normalize (a); + mpi_normalize (b); + /* output = b/(a^x) mod p */ mpi_powm( t1, a, skey->x, skey->p ); mpi_invm( t1, t1, skey->p ); diff --git a/cipher/rsa.c b/cipher/rsa.c index a97dcfd..e595e38 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -712,6 +712,9 @@ stronger_key_check ( RSA_secret_key *skey ) static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) { + /* Remove superfluous leading zeroes from INPUT. */ + mpi_normalize (input); + if (!skey->p || !skey->q || !skey->u) { mpi_powm (output, input, skey->d, skey->n); @@ -997,6 +1000,13 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } } + /* Better make sure that there are no superfluous leading zeroes in + the input and it has not been "padded" using multiples of N. + This mitigates side-channel attacks (CVE-2013-4576). */ + mpi_normalize (data); + mpi_fdiv_r (data, data, sk.n); + + /* Allocate MPI for the plaintext. */ plain = mpi_snew (ctx.nbits); /* We use blinding by default to mitigate timing attacks which can ----------------------------------------------------------------------- Summary of changes: README | 4 ++++ cipher/dsa.c | 5 ++++- cipher/elgamal.c | 5 ++++- cipher/rsa.c | 10 ++++++++++ configure.ac | 11 +++++++++++ random/rndlinux.c | 20 +++++++++++++------- tests/Makefile.am | 21 ++++++++++++++++----- tests/hashtest-256g.in | 7 +++++++ 8 files changed, 69 insertions(+), 14 deletions(-) create mode 100755 tests/hashtest-256g.in hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 13:03:46 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 13:03:46 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-451-g0d3bd23 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020 (commit) from a6b9304a889397ac98e1c2c4ac3e178669d94492 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020 Author: Werner Koch Date: Mon Dec 16 12:43:50 2013 +0100 tests: Add SHA-512 to the long hash test. * tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512. * tests/hashtest-256g.in (algos): Add test for SHA-512. Signed-off-by: Werner Koch diff --git a/tests/genhashdata.c b/tests/genhashdata.c index 8777f9c..e16c49b 100644 --- a/tests/genhashdata.c +++ b/tests/genhashdata.c @@ -40,6 +40,19 @@ $ for i in -64 -1 0 1 64; do ./genhashdata --gigs 256 --bytes $i|sha256sum;done 5a2e21b1e79cd866acf53a2a18ca76bd4e02c4b01bf4627354171824c812d95f - 34444808af8e9d995e67f9e155ed94bf55f195a51dc1d8a989e6bcf95511c8a2 - + +$ for i in -64 -1 0 1 64; do ./genhashdata --gigs 256 --bytes $i|sha512sum;done +e01bf8140874bf240e8426cb2bcbc377cbed2e6037334116637149e1cd8cd462 \ +96828b71f32b9f002771d4cb51172ce578b73b7939221e4df655ecd08601e655 - +4917ff94514b1757705c289fdc3e7d6ffcce5771b20ae237ebc03d2ec9eb435f \ +b7ce9f0e27272be8cced77a5edae1a01a0ad62b0a44169d88bbee45474a17734 - +1e28e8b3c79f2f47da11f3c0b7da4e7981e7d932db6d17d528a31e191922edda \ +8fc4bb2df10ea876232db5a1c606bc41886e8b2c570a3e721221f60c8c7dc4ab - +027d3324dd1cf127770ceb53681f4c70937c9bca4e3acd5fd76cb266c7d4527d \ +58140290a1822e8d60c4d3ae9725fb923183230d6dfd2d7d73c0d74a4757f34a - +49920704ea9d6ee19f0742d6c868110fa3eda8ac09f026e9ef22cc731af53020 \ +de40eedef66cb1afd94c61e285fa9327e01336e804903740a9145ab1f065c2d5 - + */ #include diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in index 02ab3f6..e897c54 100755 --- a/tests/hashtest-256g.in +++ b/tests/hashtest-256g.in @@ -1,6 +1,6 @@ #!/bin/sh -algos="SHA1 SHA256" +algos="SHA1 SHA256 SHA512" test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77 echo " now running 256 GiB tests for $algos - this takes looong" diff --git a/tests/hashtest.c b/tests/hashtest.c index 15310d0..6fbce0c 100644 --- a/tests/hashtest.c +++ b/tests/hashtest.c @@ -63,6 +63,7 @@ static struct { { GCRY_MD_SHA1, 256, -0, "71b923afde1c8c040884c723a2e3335b333e64c6" }, { GCRY_MD_SHA1, 256, 1, "2d99f9b5b86e9c9c937104f4242bd6b8bc0927ef" }, { GCRY_MD_SHA1, 256, 64, "a60dabe8d749f798b7ec3a684cc3eab487451482" }, + { GCRY_MD_SHA224, 256, -64, "b5672b54d2480a5688a2dc727a1ad4db7a81ef31ce8999e0bbaeffdc" }, { GCRY_MD_SHA224, 256, -1, @@ -73,6 +74,7 @@ static struct { "e578d5d523320876565bbbc892511a485427caee6dd754d57e3e58c2" }, { GCRY_MD_SHA224, 256, 64, "ff0464df248cd298b63765bc4f87f21e25c93c657fdf3656d3c878e5" }, + { GCRY_MD_SHA256, 256, -64, "87a9828d3de78d55d252341db2a622908c4e0ceaee9961ecf9768700fc799ec8" }, { GCRY_MD_SHA256, 256, -1, @@ -83,10 +85,25 @@ static struct { "5a2e21b1e79cd866acf53a2a18ca76bd4e02c4b01bf4627354171824c812d95f" }, { GCRY_MD_SHA256, 256, 64, "34444808af8e9d995e67f9e155ed94bf55f195a51dc1d8a989e6bcf95511c8a2" }, - { 0 } -}; + { GCRY_MD_SHA512, 256, -64, + "e01bf8140874bf240e8426cb2bcbc377cbed2e6037334116637149e1cd8cd462" + "96828b71f32b9f002771d4cb51172ce578b73b7939221e4df655ecd08601e655" }, + { GCRY_MD_SHA512, 256, -1, + "4917ff94514b1757705c289fdc3e7d6ffcce5771b20ae237ebc03d2ec9eb435f" + "b7ce9f0e27272be8cced77a5edae1a01a0ad62b0a44169d88bbee45474a17734" }, + { GCRY_MD_SHA512, 256, 0, + "1e28e8b3c79f2f47da11f3c0b7da4e7981e7d932db6d17d528a31e191922edda" + "8fc4bb2df10ea876232db5a1c606bc41886e8b2c570a3e721221f60c8c7dc4ab" }, + { GCRY_MD_SHA512, 256, 1, + "027d3324dd1cf127770ceb53681f4c70937c9bca4e3acd5fd76cb266c7d4527d" + "58140290a1822e8d60c4d3ae9725fb923183230d6dfd2d7d73c0d74a4757f34a" }, + { GCRY_MD_SHA512, 256, 64, + "49920704ea9d6ee19f0742d6c868110fa3eda8ac09f026e9ef22cc731af53020" + "de40eedef66cb1afd94c61e285fa9327e01336e804903740a9145ab1f065c2d5" }, + { 0 } +}; ----------------------------------------------------------------------- Summary of changes: tests/genhashdata.c | 13 +++++++++++++ tests/hashtest-256g.in | 2 +- tests/hashtest.c | 21 +++++++++++++++++++-- 3 files changed, 33 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 17:54:13 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 17:54:13 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-454-g93919d6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 93919d63c887bdef31f94aeccac94f108fe129d3 (commit) via 0ea9731e1c93a962f6266004ab0e7418c19d6277 (commit) via 9a912f8c4f366c53f1cdb94513b67b937e87178b (commit) from 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 93919d63c887bdef31f94aeccac94f108fe129d3 Author: Werner Koch Date: Mon Dec 16 17:49:56 2013 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 48f8a21..8f43923 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.6.1 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.6.0 (2013-12-16) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 66c3120..c99765c 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.10" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [6]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_micro, [1]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 0ea9731e1c93a962f6266004ab0e7418c19d6277 Author: Werner Koch Date: Mon Dec 16 17:38:55 2013 +0100 Release 1.6.0. diff --git a/NEWS b/NEWS index 978047f..48f8a21 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.6.0 (unreleased) +Noteworthy changes in version 1.6.0 (2013-12-16) ------------------------------------------------ * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is @@ -12,6 +12,9 @@ Noteworthy changes in version 1.6.0 (unreleased) * Removed deprecated control codes. + * Improved performance of most cipher algorithms as well as for the + SHA family of hash functions. + * Added support for the IDEA cipher algorithm. * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. @@ -48,6 +51,8 @@ Noteworthy changes in version 1.6.0 (unreleased) * Added a feature to globally disable selected hardware features. + * Added debug helper functions. + * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_ac_* REMOVED. diff --git a/README b/README index 558e008..43f9094 100644 --- a/README +++ b/README @@ -3,6 +3,8 @@ Version 1.6 Copyright (C) 1989,1991-2012 Free Software Foundation, Inc. + Copyright (C) 2012-2013 g10 Code GmbH + Copyright (C) 2013 Jussi Kivilinna Libgcrypt is free software. See the file AUTHORS for full copying notices, and LICENSES for notices about contributions that require @@ -33,7 +35,7 @@ You should get the latest versions of course. After building and installing the libgpg-error package, you may - continue with Libgcrypt installation As with allmost all GNU + continue with Libgcrypt installation as with allmost all GNU packages, you just have to do ./configure @@ -237,7 +239,8 @@ actual terms. The helper programs (e.g. gcryptrnd and getrandom) as well as the documentation are distributed under the terms of the GNU General Public License (GPL); see the file COPYING for the - actual terms. + actual terms. The file LICENSES has notices about contributions + that require these additional notices are distributed. This library used to be available under the GPL - this was changed with version 1.1.7 with the rationale that there are now many free @@ -263,6 +266,14 @@ Commercial grade support for Libgcrypt is available; please see http://www.gnupg.org/service.html . + Commercial grade support for Libgcrypt is available; for a listing + of offers see http://www.gnupg.org/service.html . The driving + force behind the development of Libgcrypt is the company of its + principal author, Werner Koch. Maintenance and improvement of + Libgcrypt takes up a lot resources. To allow him to continue his + work, he asks to either purchase a support contract, engage them + for custom enhancements, or to donate money. See http://g10code.com . + This file is Free Software; as a special exception the authors gives unlimited permission to copy and/or distribute it, with or without diff --git a/compat/compat.c b/compat/compat.c index d259130..5678067 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -25,12 +25,14 @@ const char * _gcry_compat_identification (void) { + /* For complete list of copyright holders see the file AUTHORS in + the source distribution. */ static const char blurb[] = "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" - "Copyright 2000, 2002, 2003, 2004, 2007, 2008, 2009,\n" - " 2010, 2011, 2012 Free Software Foundation, Inc.\n" - "Copyright 2012, 2013 g10 Code GmbH\n" + "Copyright (C) 2000-2012 Free Software Foundation, Inc.\n" + "Copyright (C) 2012-2013 g10 Code GmbH\n" + "Copyright (C) 2013 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" "\n\n"; diff --git a/configure.ac b/configure.ac index 571e156..66c3120 100644 --- a/configure.ac +++ b/configure.ac @@ -54,15 +54,15 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) -# CAUTION: Due to the ABI change in 1.6 the LT version numbers below have -# already been set for the next release. Thus don't update them for -# the 1.6.0 release. LIBGCRYPT_LT_CURRENT=20 LIBGCRYPT_LT_AGE=0 LIBGCRYPT_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. +# +# 1.6: ABI and API change but the change is to most users irrelevant +# and thus the API version number has not been incremented. LIBGCRYPT_CONFIG_API_VERSION=1 # If you change the required gpg-error version, please remove commit 9a912f8c4f366c53f1cdb94513b67b937e87178b Author: Werner Koch Date: Mon Dec 16 16:54:53 2013 +0100 doc: Change yat2m to allow arbitrary condition names. * doc/yat2m.c (MAX_CONDITION_NESTING): New. (gpgone_defined): Remove. (condition_s, condition_stack, condition_stack_idx): New. (cond_is_active, cond_in_verbatim): New. (add_predefined_macro, set_macro, macro_set_p): New. (evaluate_conditions, push_condition, pop_condition): New. (parse_file): Rewrite to use the condition stack. (top_parse_file): Set prefined macros. (main): Change -D to define arbitrary macros. -- This change allows the use of other conditionals than "gpgone" and thus make "gpgtwoone" et al. actually work. It does now also track conditionals over included files. Signed-off-by: Werner Koch From GnuPG master commit a15c35f37ed2b58805adc213029998aa3e52f038 diff --git a/doc/yat2m.c b/doc/yat2m.c index 9d7bdec..2ac4390 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,6 +1,6 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005 g10 Code GmbH - * Copyright (C) 2006, 2008 Free Software Foundation, Inc. + * Copyright (C) 2005, 2013 g10 Code GmbH + * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ */ /* - This is a simple textinfo to man page converter. It needs some + This is a simple texinfo to man page converter. It needs some special markup in th e texinfo and tries best to get a create man page. It has been designed for the GnuPG man pages and thus only a few texinfo commands are supported. @@ -72,7 +72,21 @@ extracted from one file, either using the --store or the --select option. - + If you want to indent tables in the source use this style: + + @table foo + @item + @item + @table + @item + @end + @end + + Don't change the indentation within a table and keep the same + number of white space at the start of the line. yat2m simply + detects the number of white spaces in front of an @item and remove + this number of spaces from all following lines until a new @item + is found or there are less spaces than for the last @item. */ #include @@ -93,6 +107,9 @@ character. */ #define LINESIZE 1024 +/* Number of allowed condition nestings. */ +#define MAX_CONDITION_NESTING 10 + /* Option flags. */ static int verbose; static int quiet; @@ -103,10 +120,6 @@ static const char *opt_select; static const char *opt_include; static int opt_store; -/* The only define we understand is -D gpgone. Thus we need a simple - boolean tro track it. */ -static int gpgone_defined; - /* Flag to keep track whether any error occurred. */ static int any_error; @@ -115,7 +128,7 @@ static int any_error; struct macro_s { struct macro_s *next; - char *value; /* Malloced value. */ + char *value; /* Malloced value. */ char name[1]; }; typedef struct macro_s *macro_t; @@ -123,6 +136,24 @@ typedef struct macro_s *macro_t; /* List of all defined macros. */ static macro_t macrolist; +/* List of global macro names. The value part is not used. */ +static macro_t predefinedmacrolist; + +/* Object to keep track of @isset and @ifclear. */ +struct condition_s +{ + int manverb; /* "manverb" needs special treatment. */ + int isset; /* This is an @isset condition. */ + char name[1]; /* Name of the condition macro. */ +}; +typedef struct condition_s *condition_t; + +/* The stack used to evaluate conditions. And the current states. */ +static condition_t condition_stack[MAX_CONDITION_NESTING]; +static int condition_stack_idx; +static int cond_is_active; /* State of ifset/ifclear */ +static int cond_in_verbatim; /* State of "manverb". */ + /* Object to store one line of content. */ struct line_buffer_s @@ -299,7 +330,158 @@ isodatestring (void) } +/* Add NAME to the list of predefined macros which are global for all + files. */ +static void +add_predefined_macro (const char *name) +{ + macro_t m; + + for (m=predefinedmacrolist; m; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m) + { + m = xcalloc (1, sizeof *m + strlen (name)); + strcpy (m->name, name); + m->next = predefinedmacrolist; + predefinedmacrolist = m; + } +} + + +/* Create or update a macro with name MACRONAME and set its values TO + MACROVALUE. Note that ownership of the macro value is transferred + to this function. */ +static void +set_macro (const char *macroname, char *macrovalue) +{ + macro_t m; + + for (m=macrolist; m; m = m->next) + if (!strcmp (m->name, macroname)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (macroname)); + strcpy (m->name, macroname); + m->next = macrolist; + macrolist = m; + } + m->value = macrovalue; + macrovalue = NULL; +} + + +/* Return true if the macro NAME is set, i.e. not the empty string and + not evaluating to 0. */ +static int +macro_set_p (const char *name) +{ + macro_t m; + + for (m = macrolist; m ; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m || !m->value || !*m->value) + return 0; + if ((*m->value & 0x80) || !isdigit (*m->value)) + return 1; /* Not a digit but some other string. */ + return !!atoi (m->value); +} + + +/* Evaluate the current conditions. */ +static void +evaluate_conditions (const char *fname, int lnr) +{ + int i; + + /* for (i=0; i < condition_stack_idx; i++) */ + /* inf ("%s:%d: stack[%d] %s %s %c", */ + /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */ + /* condition_stack[i]->name, */ + /* (macro_set_p (condition_stack[i]->name) */ + /* ^ !condition_stack[i]->isset)? 't':'f'); */ + + cond_is_active = 1; + cond_in_verbatim = 0; + if (condition_stack_idx) + { + for (i=0; i < condition_stack_idx; i++) + { + if (condition_stack[i]->manverb) + cond_in_verbatim = (macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset); + else if (!(macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset)) + { + cond_is_active = 0; + break; + } + } + } + + /* inf ("%s:%d: active=%d verbatim=%d", */ + /* fname, lnr, cond_is_active, cond_in_verbatim); */ +} + +/* Push a condition with condition macro NAME onto the stack. If + ISSET is true, a @isset condition is pushed. */ +static void +push_condition (const char *name, int isset, const char *fname, int lnr) +{ + condition_t cond; + int manverb = 0; + + if (condition_stack_idx >= MAX_CONDITION_NESTING) + { + err ("%s:%d: condition nested too deep", fname, lnr); + return; + } + + if (!strcmp (name, "manverb")) + { + if (!isset) + { + err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr); + return; + } + manverb = 1; + } + + cond = xcalloc (1, sizeof *cond + strlen (name)); + cond->manverb = manverb; + cond->isset = isset; + strcpy (cond->name, name); + + condition_stack[condition_stack_idx++] = cond; + evaluate_conditions (fname, lnr); +} + + +/* Remove the last condition from the stack. ISSET is used for error + reporting. */ +static void +pop_condition (int isset, const char *fname, int lnr) +{ + if (!condition_stack_idx) + { + err ("%s:%d: unbalanced \"@end %s\"", + fname, lnr, isset?"isset":"isclear"); + return; + } + condition_stack_idx--; + free (condition_stack[condition_stack_idx]); + condition_stack[condition_stack_idx] = NULL; + evaluate_conditions (fname, lnr); +} + + + /* Return a section buffer for the section NAME. Allocate a new buffer if this is a new section. Keep track of the sections in THEPAGE. This function may reallocate the section array in THEPAGE. */ @@ -400,7 +582,7 @@ static void start_page (char *name) { if (verbose) - inf ("starting page `%s'", name); + inf ("starting page '%s'", name); assert (!thepage.name); thepage.name = xstrdup (name); thepage.n_sections = 0; @@ -420,7 +602,7 @@ write_th (FILE *fp) p = strrchr (name, '.'); if (!p || !p[1]) { - err ("no section name in man page `%s'", thepage.name); + err ("no section name in man page '%s'", thepage.name); free (name); return -1; } @@ -577,7 +759,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, ignore_args = 1; /* Parameterized macros are not yet supported. */ } else - inf ("texinfo command `%s' not supported (%.*s)", command, + inf ("texinfo command '%s' not supported (%.*s)", command, ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } @@ -591,7 +773,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, i--; if (i) { - err ("closing brace for command `%s' not found", command); + err ("closing brace for command '%s' not found", command); return len; } if (n > 2 && !ignore_args) @@ -766,13 +948,13 @@ finish_page (void) return; /* No page active. */ if (verbose) - inf ("finishing page `%s'", thepage.name); + inf ("finishing page '%s'", thepage.name); if (opt_select) { if (!strcmp (opt_select, thepage.name)) { - inf ("selected `%s'", thepage.name ); + inf ("selected '%s'", thepage.name ); fp = stdout; } else @@ -784,10 +966,10 @@ finish_page (void) } else if (opt_store) { - inf ("writing `%s'", thepage.name ); + inf ("writing '%s'", thepage.name ); fp = fopen ( thepage.name, "w" ); if (!fp) - die ("failed to create `%s': %s\n", thepage.name, strerror (errno)); + die ("failed to create '%s': %s\n", thepage.name, strerror (errno)); } else fp = stdout; @@ -848,14 +1030,9 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) int lnr = 0; /* Fixme: The following state variables don't carry over to include files. */ - int in_verbatim = 0; int skip_to_end = 0; /* Used to skip over menu entries. */ int skip_sect_line = 0; /* Skip after @mansect. */ - int ifset_nesting = 0; /* How often a ifset has been seen. */ - int ifclear_nesting = 0; /* How often a ifclear has been seen. */ - int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */ - int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */ - int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */ + int item_indent = 0; /* How far is the current @item indented. */ /* Helper to define a macro. */ char *macroname = NULL; @@ -868,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { size_t n = strlen (line); int got_line = 0; - char *p; + char *p, *pend; lnr++; if (!n || line[n-1] != '\n') @@ -879,6 +1056,24 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) } line[--n] = 0; + /* Kludge to allow indentation of tables. */ + for (p=line; *p == ' ' || *p == '\t'; p++) + ; + if (*p) + { + if (*p == '@' && !strncmp (p+1, "item", 4)) + item_indent = p - line; /* Set a new indent level. */ + else if (p - line < item_indent) + item_indent = 0; /* Switch off indention. */ + + if (item_indent) + { + memmove (line, line+item_indent, n - item_indent + 1); + n -= item_indent; + } + } + + if (*line == '@') { for (p=line+1, n=1; *p && *p != ' ' && *p != '\t'; p++) @@ -897,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "macro", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - macro_t m; - if (macrovalueused) macrovalue[--macrovalueused] = 0; /* Kill the last LF. */ macrovalue[macrovalueused] = 0; /* Terminate macro. */ macrovalue = xrealloc (macrovalue, macrovalueused+1); - for (m= macrolist; m; m = m->next) - if (!strcmp (m->name, macroname)) - break; - if (m) - free (m->value); - else - { - m = xcalloc (1, sizeof *m + strlen (macroname)); - strcpy (m->name, macroname); - m->next = macrolist; - macrolist = m; - } - m->value = macrovalue; + set_macro (macroname, macrovalue); macrovalue = NULL; free (macroname); macroname = NULL; @@ -964,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) if (n == 6 && !memcmp (line, "@ifset", 6) && (line[6]==' '||line[6]=='\t')) { - ifset_nesting++; - - if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) + for (p=line+7; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_verbatim) - err ("%s:%d: nested \"@ifset manverb\"", fname, lnr); - else - in_verbatim = ifset_nesting; + err ("%s:%d: name missing after \"@ifset\"", fname, lnr); + continue; } - else if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 1, fname, lnr); + continue; + } + else if (n == 8 && !memcmp (line, "@ifclear", 8) + && (line[8]==' '||line[8]=='\t')) + { + for (p=line+9; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_gpgone) - err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr); - else - in_gpgone = ifset_nesting; + err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr); + continue; } + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 0, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -988,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifset", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - if (in_verbatim && ifset_nesting == in_verbatim) - in_verbatim = 0; - if (in_gpgone && ifset_nesting == in_gpgone) - in_gpgone = 0; - - if (ifset_nesting) - ifset_nesting--; - else - err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr); - continue; - } - else if (n == 8 && !memcmp (line, "@ifclear", 8) - && (line[8]==' '||line[8]=='\t')) - { - ifclear_nesting++; - - if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) - { - if (not_in_gpgone) - err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr); - else - not_in_gpgone = ifclear_nesting; - } - - else if (!strncmp (p, "isman", 5) - && (p[5]==' '||p[5]=='\t'||!p[5])) - { - if (not_in_man) - err ("%s:%d: nested \"@ifclear isman\"", fname, lnr); - else - not_in_man = ifclear_nesting; - } - + pop_condition (1, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1029,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifclear", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) { - if (not_in_gpgone && ifclear_nesting == not_in_gpgone) - not_in_gpgone = 0; - if (not_in_man && ifclear_nesting == not_in_man) - not_in_man = 0; - - if (ifclear_nesting) - ifclear_nesting--; - else - err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr); + pop_condition (0, fname, lnr); continue; } } /* Take action on ifset/ifclear. */ - if ( (in_gpgone && !gpgone_defined) - || (not_in_gpgone && gpgone_defined) - || not_in_man) + if (!cond_is_active) continue; /* Process commands. */ @@ -1057,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { skip_to_end = 0; } - else if (in_verbatim) + else if (cond_in_verbatim) { got_line = 1; } @@ -1129,7 +1277,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) } if (!incfp) - err ("can't open include file `%s':%s", + err ("can't open include file '%s':%s", incname, strerror (errno)); else { @@ -1149,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) else if (!skip_to_end) got_line = 1; - if (got_line && in_verbatim) + if (got_line && cond_in_verbatim) add_content (*section_name, line, 1); else if (got_line && thepage.name && *section_name && !in_pause) add_content (*section_name, line, 0); @@ -1168,13 +1316,19 @@ top_parse_file (const char *fname, FILE *fp) { char *section_name = NULL; /* Name of the current section or NULL if not in a section. */ + macro_t m; + while (macrolist) { - macro_t m = macrolist->next; - free (m->value); - free (m); - macrolist = m; + macro_t next = macrolist->next; + free (macrolist->value); + free (macrolist); + macrolist = next; } + for (m=predefinedmacrolist; m; m = m->next) + set_macro (m->name, xstrdup ("1")); + cond_is_active = 1; + cond_in_verbatim = 0; parse_file (fname, fp, §ion_name, 0); free (section_name); @@ -1190,6 +1344,12 @@ main (int argc, char **argv) opt_source = "GNU"; opt_release = ""; + /* Define default macros. The trick is that these macros are not + defined when using the actual texinfo renderer. */ + add_predefined_macro ("isman"); + add_predefined_macro ("manverb"); + + /* Option parsing. */ if (argc) { argc--; argv++; @@ -1294,8 +1454,7 @@ main (int argc, char **argv) argc--; argv++; if (argc) { - if (!strcmp (*argv, "gpgone")) - gpgone_defined = 1; + add_predefined_macro (*argv); argc--; argv++; } } ----------------------------------------------------------------------- Summary of changes: NEWS | 11 +- README | 15 ++- compat/compat.c | 8 +- configure.ac | 8 +- doc/yat2m.c | 373 +++++++++++++++++++++++++++++++++++++++---------------- 5 files changed, 298 insertions(+), 117 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 17:55:37 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 17:55:37 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, created. libgcrypt-1.5.0-454-g93919d6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been created at 93919d63c887bdef31f94aeccac94f108fe129d3 (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 18:00:26 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 18:00:26 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-2-g210b723 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 210b7237706f6ad5cbc1a3362707f63db2c8a780 (commit) from 93919d63c887bdef31f94aeccac94f108fe129d3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 210b7237706f6ad5cbc1a3362707f63db2c8a780 Author: Werner Koch Date: Mon Dec 16 17:58:42 2013 +0100 Open new development branch. -- diff --git a/NEWS b/NEWS index 8f43923..dbe30ee 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.6.1 (unreleased) +Noteworthy changes in version 1.7.0 (unreleased) ------------------------------------------------ diff --git a/README b/README index 43f9094..938c6c6 100644 --- a/README +++ b/README @@ -1,6 +1,8 @@ Libgcrypt - The GNU Crypto Library ------------------------------------ - Version 1.6 + Version 1.7 + + ==== THIS IS A DEVELOPMENT VERSION - NOT FOR REAL USE ==== Copyright (C) 1989,1991-2012 Free Software Foundation, Inc. Copyright (C) 2012-2013 g10 Code GmbH diff --git a/configure.ac b/configure.ac index c99765c..ed14d89 100644 --- a/configure.ac +++ b/configure.ac @@ -29,8 +29,8 @@ min_automake_version="1.10" # commit and push so that the git magic is able to work. See below # for the LT versions. m4_define(mym4_version_major, [1]) -m4_define(mym4_version_minor, [6]) -m4_define(mym4_version_micro, [1]) +m4_define(mym4_version_minor, [7]) +m4_define(mym4_version_micro, [0]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- README | 4 +++- configure.ac | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 18:45:53 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 18:45:53 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.3-5-g6366348 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via 636634871211da16ca5659926e744599a3538d26 (commit) from 450adc39b461bdf48230fa0f9ef7317e9937a8e5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 636634871211da16ca5659926e744599a3538d26 Author: Werner Koch Date: Mon Dec 16 18:44:15 2013 +0100 Declare eol. -- diff --git a/AUTHORS b/AUTHORS index 5eab32a..e7ffaea 100644 --- a/AUTHORS +++ b/AUTHORS @@ -3,6 +3,7 @@ Homepage: http://www.gnu.org/software/libgcrypt/ Maintainer: Werner Koch Bug reports: or http://bugs.gnupg.org Security related bug reports: +End-of-life: 2016-12-31 License (library): LGPLv2.1+ License (manual and tools): GPLv2+ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 16 20:16:28 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Dec 2013 20:16:28 +0100 Subject: [git] gnupg-doc - branch, master, updated. de3e6ae5fe1ac665afaaac30db0e23fb3dcb16ee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via de3e6ae5fe1ac665afaaac30db0e23fb3dcb16ee (commit) from e5fab3d9058f334faefec3ee923725d0a6fd5518 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de3e6ae5fe1ac665afaaac30db0e23fb3dcb16ee Author: Werner Koch Date: Mon Dec 16 20:14:56 2013 +0100 Add Libgcrypt 1.6.0 release info. diff --git a/web/download/index.org b/web/download/index.org index 6bf93ae..bd441a6 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -1,7 +1,7 @@ #+TITLE: GnuPG - Download #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" -#+macro: check_sig_note GnuPG distributions are signed. It is wise and more secure to check out for their [[integrity_check.org][integrity]]. +#+macro: check_sig_note GnuPG distributions are signed. It is wise and more secure to check out for their [[integrity_check.org][@@html:@@integrity@@html:@@]]. #+macro: ftpopen @@html:FTP@@ @@ -91,8 +91,8 @@ [[../related_software/gpa/index.org][GPA]] is still work in progress, so don't expect that everything works and be careful when using production quality secret keys. - | GPA {{{gpa_ver}}} full source code | {{{gpa_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GPA {{{gpa_ver}}} full source code | {{{gpa_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | {{{check_sig_note}}} @@ -108,8 +108,8 @@ encryption, decryption, signing, signature verification and key management. - | GPGME {{{gpgme_ver}}} full source code | {{{gpgme_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GPGME {{{gpgme_ver}}} full source code | {{{gpgme_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: {{{begin_chksum}}} @@ -125,8 +125,8 @@ [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] is GNU's basic cryptographic library. - | Libgcrypt {{{libgcrypt_ver}}} full source code | {{{libgcrypt_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Libgcrypt {{{libgcrypt_ver}}} full source code | {{{libgcrypt_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: {{{begin_chksum}}} @@ -142,8 +142,8 @@ [[../related_software/libraries.en.html#lib-libksba][Libksba]] is a CMS and X.509 access library. - | Libksba {{{libksba_ver}}} full source code | {{{libksba_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Libksba {{{libksba_ver}}} full source code | {{{libksba_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: {{{begin_chksum}}} @@ -161,8 +161,8 @@ GnuPG 2.0. It might also be installed as a system daemon for CRL and OCSP checks. - | DirMngr {{{dirmngr_ver}}} full source code | {{{dirmngr_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | DirMngr {{{dirmngr_ver}}} full source code | {{{dirmngr_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: {{{begin_chksum}}} @@ -179,8 +179,8 @@ [[../related_software/libraries.en.html#lib-libgpg-error][Libgpg-error]] is a small library with error codes and descriptions shared by most GnuPG related software. - | Libgpg-error {{{libgpg_error_ver}}} full source code | {{{libgpg_error_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Libgpg-error {{{libgpg_error_ver}}} full source code | {{{libgpg_error_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: {{{begin_chksum}}} @@ -196,8 +196,8 @@ [[../related_software/libraries.en.html#lib-libassuan][Libassuan]] is the IPC library used by some GnuPG related software. - | Libassuan {{{libassuan_ver}}} full source code | {{{libassuan_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | - | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/gcrypt/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Libassuan {{{libassuan_ver}}} full source code | {{{libassuan_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | SHA-1 checksum for the above file: {{{begin_chksum}}} diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 2ca4447..fccf565 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -72,4 +72,4 @@ {{{end_chksum}}} -#eof# +# eof # diff --git a/web/index.org b/web/index.org index 96fe038..978ef8c 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,18 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** Libgcrypt 1.6.0 released (2013-10-16) + +The GNU project is pleased to announce the availability of Libgcrypt +version 1.6.0. This is the new stable version of Libgcrypt with the API +being mostly compatible to previous versions. Due to the removal of +certain long deprecated functions this version introduces an ABI +change. + +The main features of this version are performance improvements, +better support for elliptic curves, new algorithms and modes, as well as +API and internal cleanups. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html][{more}]] + ** Blog: Preparing for launch (2013-12-13) Mid December, giving season, and nearly time for the GnuPG Crowdfunding diff --git a/web/swdb.mac b/web/swdb.mac index 7b4d696..bc6aa97 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -59,9 +59,9 @@ # # LIBGCRYPT # -#+macro: libgcrypt_ver 1.5.3 -#+macro: libgcrypt_size 1473k -#+macro: libgcrypt_sha1 2c6553cc17f2a1616d512d6870fe95edf6b0e26e +#+macro: libgcrypt_ver 1.6.0 +#+macro: libgcrypt_size 2441k +#+macro: libgcrypt_sha1 43283c0b41c41e3d3bc13c2d8f937dfe2aaa1a77 # ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 30 +++++++++++++++--------------- web/download/integrity_check.org | 2 +- web/index.org | 12 ++++++++++++ web/swdb.mac | 6 +++--- 4 files changed, 31 insertions(+), 19 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 18 15:07:28 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Dec 2013 15:07:28 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.15-13-g9df639b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 9df639b684f8420452d7b39e1dd1c3b974623921 (commit) via 7cdb86e0ad7a3f452c2f7358e3e830785281addc (commit) via fa3f555d756be0229ab10516b901e50230b22033 (commit) via 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9 (commit) via 9b516323d7dc3e6103745becb63f5cc9fd8cc606 (commit) via d0d72d98f34579213230b3febfebd2fd8dff272b (commit) via 93a96e3c0c33370248f6570d8285c4e811d305d4 (commit) from b135372176b29ca985afa18398a455fd4e2a2063 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9df639b684f8420452d7b39e1dd1c3b974623921 Author: Werner Koch Date: Fri Dec 13 10:03:19 2013 +0100 Post release version number bump. -- diff --git a/NEWS b/NEWS index 26d6f90..1dfb23f 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 1.4.17 (unreleased) +------------------------------------------------- + Noteworthy changes in version 1.4.16 (2013-12-18) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index af78185..377bf06 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.9.3" # (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.4.16]) +m4_define([mym4_version], [1.4.17]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 7cdb86e0ad7a3f452c2f7358e3e830785281addc Author: Werner Koch Date: Fri Dec 13 09:07:11 2013 +0100 Release 1.4.16 diff --git a/NEWS b/NEWS index 55c4f37..26d6f90 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.4.16 (unreleased) +Noteworthy changes in version 1.4.16 (2013-12-18) ------------------------------------------------- * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic diff --git a/README b/README index 1de2bbf..f025c51 100644 --- a/README +++ b/README @@ -783,8 +783,8 @@ How to Get More Information --------------------------- - The primary WWW page is "http://www.gnupg.org" - The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" + The primary WWW page is http://www.gnupg.org + The primary FTP site is ftp://ftp.gnupg.org/gcrypt/ See http://www.gnupg.org/download/mirrors.html for a list of mirrors and use them if possible. You may also find GnuPG @@ -830,7 +830,7 @@ The driving force behind the development of GnuPG is the company of its principal author, Werner Koch. Maintenance and improvement - of GnuPG and related software take up a most of their resources. + of GnuPG and related software take up most of their resources. To continue the work they ask to either donate money, purchase a support contract, or engage them for custom enhancements. See http://g10code.com/gnupg-donation.html commit fa3f555d756be0229ab10516b901e50230b22033 Author: Werner Koch Date: Wed Dec 11 10:20:15 2013 +0100 Change --show-session-key to print the session key earlier. * g10/mainproc.c (proc_encrypted): Move show_session_key code to ... * g10/decrypt-data.c (decrypt_data): here. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. This is the same feature as commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch diff --git a/g10/encr-data.c b/g10/encr-data.c index a591beb..8d277ce 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -100,6 +100,16 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) write_status_text (STATUS_DECRYPTION_INFO, buf); } + if (opt.show_session_key) + { + char *buf = xmalloc (dek->keylen*2 + 20); + sprintf (buf, "%d:", dek->algo); + for (i=0; i < dek->keylen; i++ ) + sprintf(buf+strlen(buf), "%02X", dek->key[i] ); + log_info ("session key: `%s'\n", buf); + write_status_text (STATUS_SESSION_KEY, buf); + } + if( (rc=check_cipher_algo(dek->algo)) ) goto leave; blocksize = cipher_get_blocksize(dek->algo); diff --git a/g10/mainproc.c b/g10/mainproc.c index d03a9a7..5b6d8db 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -587,6 +587,7 @@ proc_encrypted( CTX c, PACKET *pkt ) } else if( !c->dek ) result = G10ERR_NO_SECKEY; + if( !result ) result = decrypt_data( c, pkt->pkt.encrypted, c->dek ); @@ -600,16 +601,6 @@ proc_encrypted( CTX c, PACKET *pkt ) write_status( STATUS_GOODMDC ); else if(!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); - if(opt.show_session_key) - { - int i; - char *buf = xmalloc ( c->dek->keylen*2 + 20 ); - sprintf ( buf, "%d:", c->dek->algo ); - for(i=0; i < c->dek->keylen; i++ ) - sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); - log_info( "session key: `%s'\n", buf ); - write_status_text ( STATUS_SESSION_KEY, buf ); - } } else if( result == G10ERR_BAD_SIGN ) { log_error(_("WARNING: encrypted message has been manipulated!\n")); commit 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9 Author: Werner Koch Date: Tue Dec 10 20:33:48 2013 +0100 Update config.{guess,sub} and some copyright notices. * scripts/config.guess, scripts/config.sub: Update to version 2013-11-29. Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index ff0e69f..29f775f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -6,8 +6,8 @@ Security related bug reports: License: GPLv3+ -Authors -======= +Authors with a FSF copyright assignment +======================================= Ales Nyakhaychyk Translations [be] @@ -111,19 +111,26 @@ Jaime Sua'rez Translations [es] Walter Koch Translations [de] Werner Koch Assigns GNU Privacy Guard and future changes. - (started the whole thing) + (started the whole thing) Assignment contract terminated on 2013-03-29. Yosiaki IIDA Translations [ja] Yuri Chornoivan, yurchor at ukr dot net: Translations [uk] +Authors with a DCO +================== + +The list of authors who signed the Developer's Certificate of Origin +is kept in the GIT master branch's copy of this file. + Other authors ============= -The need for copyright disclaimers for translations has been waived in -December 2012. +The need for copyright assignments to the FSF has been waived on +2013-03-29; The need for copyright disclaimers for translations has +been waived in December 2012. This program uses the zlib compression library written by Jean-loup Gailly and Mark Adler. @@ -156,6 +163,7 @@ details. Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. + Copyright 2013 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/NEWS b/NEWS index 6122540..55c4f37 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,18 @@ Noteworthy changes in version 1.4.16 (unreleased) ------------------------------------------------- + * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic + Cryptanalysis attack as described by Genkin, Shamir, and Tromer. + See . [CVE-2013-4576] + + * Put only the major version number by default into armored output. + * Do not create a trustdb file if --trust-model=always is used. - * Only the major version number is by default included in the armored - output. + * Print the keyid for key packets with --list-packets. + + * Changed modular exponentiation algorithm to recover from a small + performance loss due to a change in 1.4.14. Noteworthy changes in version 1.4.15 (2013-10-04) @@ -2089,6 +2097,7 @@ Noteworthy changes in version 0.2.3 Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. +Copyright (C) 2013 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/README b/README index df8902d..1de2bbf 100644 --- a/README +++ b/README @@ -1,11 +1,12 @@ GnuPG - The GNU Privacy Guard ------------------------------- - Version 1.4.14 + Version 1.4.16 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Free Software Foundation, Inc. + Copyright 1997, 1998, 2013 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or diff --git a/configure.ac b/configure.ac index 1b6f7e5..af78185 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,7 @@ # configure.ac script for GnuPG # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, # 2008, 2009, 2010, 2012, 2013 Free Software Foundation, Inc. +# Copyright (C) 1998, 2013 Werner Koch # # This file is part of GnuPG. # diff --git a/g10/gpg.c b/g10/gpg.c index c58ee41..dbf2f40 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1,6 +1,7 @@ /* gpg.c - The GnuPG utility (main for gpg) * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * 2007, 2008, 2009, 2010, 2012 Free Software Foundation, Inc. + * Copyright (C) 1997, 1998, 2013 Werner Koch * * This file is part of GnuPG. * diff --git a/scripts/config.guess b/scripts/config.guess index ad5f74a..9afd676 100755 --- a/scripts/config.guess +++ b/scripts/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-07-31' +timestamp='2013-11-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,19 +20,17 @@ timestamp='2012-07-31' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches with a ChangeLog entry to config-patches at gnu.org. + me=`echo "$0" | sed -e 's,.*/,,'` @@ -54,9 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -306,7 +321,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -859,21 +874,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -886,59 +901,54 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -957,54 +967,63 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; + or1k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1208,6 +1227,9 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1234,19 +1256,31 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) diff --git a/scripts/config.sub b/scripts/config.sub index b15df57..61cb4bc 100755 --- a/scripts/config.sub +++ b/scripts/config.sub @@ -1,24 +1,18 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2013 Free Software Foundation, Inc. -timestamp='2012-07-31' +timestamp='2013-10-01' -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -26,11 +20,12 @@ timestamp='2012-07-31' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches with a ChangeLog entry to config-patches at gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -73,9 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +116,7 @@ esac maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) @@ -156,7 +149,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -259,10 +252,12 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ @@ -270,10 +265,11 @@ case $basic_machine in | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -291,16 +287,17 @@ case $basic_machine in | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 \ - | or32 \ + | or1k | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -328,7 +325,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -370,13 +367,13 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -385,11 +382,13 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -407,12 +406,13 @@ case $basic_machine in | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ @@ -788,7 +788,7 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; mingw64) @@ -796,7 +796,7 @@ case $basic_machine in os=-mingw64 ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -832,7 +832,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1023,7 +1023,11 @@ case $basic_machine in basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1350,7 +1354,7 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1364,7 +1368,7 @@ case $os in | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1496,9 +1500,6 @@ case $os in -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1547,6 +1548,9 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; hexagon-*) os=-elf ;; @@ -1590,6 +1594,9 @@ case $basic_machine in mips*-*) os=-elf ;; + or1k-*) + os=-elf + ;; or32-*) os=-coff ;; commit 9b516323d7dc3e6103745becb63f5cc9fd8cc606 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Prepare for newer automakes which default to parallel tests. * checks/Makefile.am: Add a list of test dependencies. -- We want to keep the tests in a specific order because that helps to compare tests and some tests rely on others anyway. Signed-off-by: Werner Koch diff --git a/checks/Makefile.am b/checks/Makefile.am index 0cfbe1c..1791091 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -30,6 +30,35 @@ TESTS = version.test mds.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test +# Force sequential run of tests as in the good old times +mds.log: version.log +decrypt.log: mds.log +decrypt-dsa.log: decrypt.log +sigs.log: decrypt-dsa.log +sigs-dsa.log: sigs.log +encrypt.log: sigs-dsa.log +encrypt-dsa.log: encrypt.log +seat.log: encrypt-dsa.log +clearsig.log: seat.log +encryptp.log: clearsig.log +detach.log: encryptp.log +armsigs.log: detach.log +armencrypt.log: armsigs.log +armencryptp.log: armencrypt.log +signencrypt.log: armencryptp.log +signencrypt-dsa.log: signencrypt.log +armsignencrypt.log: signencrypt-dsa.log +armdetach.log: armsignencrypt.log +armdetachm.log: armdetach.log +detachm.log: armdetachm.log +genkey1024.log: detachm.log +conventional.log: genkey1024.log +conventional-mdc.log: conventional.log +multisig.log: conventional-mdc.log +verify.log: multisig.log +armor.log: verify.log + + TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \ commit d0d72d98f34579213230b3febfebd2fd8dff272b Author: Werner Koch Date: Wed Nov 27 14:22:10 2013 +0100 Normalize the MPIs used as input to secret key functions. * cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Pass reduced data to secret. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/dsa.c (sign): Normalize HASH. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. In particular they are used by the acoustic crypt-analysis. This is an extra pre-caution which alone would not be sufficient to mitigate the described attack. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch diff --git a/cipher/dsa.c b/cipher/dsa.c index 69b7d1b..e23f05c 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -274,7 +274,7 @@ check_secret_key( DSA_secret_key *sk ) /**************** * Make a DSA signature from HASH and put it into r and s. * - * Without generating the k this function runs in + * Without generating the k this function runs in * about 26ms on a 300 Mhz Mobile Pentium */ @@ -285,6 +285,8 @@ sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey ) MPI kinv; MPI tmp; + mpi_normalize (hash); + /* select a random k with 0 < k < q */ k = gen_k( skey->q ); @@ -311,7 +313,7 @@ sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey ) /**************** * Returns true if the signature composed from R and S is valid. * - * Without the checks this function runs in + * Without the checks this function runs in * about 31ms on a 300 Mhz Mobile Pentium */ static int diff --git a/cipher/elgamal.c b/cipher/elgamal.c index c3f0862..5143ecc 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -374,6 +374,9 @@ decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) { MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + mpi_normalize (a); + mpi_normalize (b); + /* output = b/(a^x) mod p */ mpi_powm( t1, a, skey->x, skey->p ); mpi_invm( t1, t1, skey->p ); diff --git a/cipher/rsa.c b/cipher/rsa.c index c52704c..c4d5161 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -308,9 +308,14 @@ secret(MPI output, MPI input, RSA_secret_key *skey ) MPI m2 = mpi_alloc_secure (nlimbs); MPI h = mpi_alloc_secure (nlimbs); # ifdef USE_BLINDING - MPI r = mpi_alloc_secure (nlimbs); MPI bdata= mpi_alloc_secure (nlimbs); + MPI r = mpi_alloc_secure (nlimbs); +# endif /* USE_BLINDING */ + + /* Remove superfluous leading zeroes from INPUT. */ + mpi_normalize (input); +# ifdef USE_BLINDING /* Blind: bdata = (data * r^e) mod n */ randomize_mpi (r, mpi_get_nbits (skey->n), 0); mpi_fdiv_r (r, r, skey->n); @@ -338,8 +343,8 @@ secret(MPI output, MPI input, RSA_secret_key *skey ) mpi_add ( output, m1, h ); # ifdef USE_BLINDING - /* Unblind: output = (output * r^(-1)) mod n */ mpi_free (bdata); + /* Unblind: output = (output * r^(-1)) mod n */ mpi_invm (r, r, skey->n); mpi_mulm (output, output, r, skey->n); mpi_free (r); @@ -419,6 +424,7 @@ int rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) { RSA_secret_key sk; + MPI input; if( algo != 1 && algo != 2 ) return G10ERR_PUBKEY_ALGO; @@ -429,8 +435,16 @@ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) sk.p = skey[3]; sk.q = skey[4]; sk.u = skey[5]; - *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); - secret( *result, data[0], &sk ); + + /* Better make sure that there are no superfluous leading zeroes + in the input and it has not been padded using multiples of N. + This mitigates side-channel attacks (CVE-2013-4576). */ + input = mpi_alloc (0); + mpi_normalize (data[0]); + mpi_fdiv_r (input, data[0], sk.n); + *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); + secret (*result, input, &sk); + mpi_free (input); return 0; } commit 93a96e3c0c33370248f6570d8285c4e811d305d4 Author: Werner Koch Date: Tue Oct 22 14:26:53 2013 +0200 Use blinding for the RSA secret operation. * cipher/random.c (randomize_mpi): New. * g10/gpgv.c (randomize_mpi): New stub. * cipher/rsa.c (USE_BLINDING): Define macro. (secret): Implement blinding. -- GPG 1.x has never used any protection against timing attacks on the RSA secret operation. The rationale for this has been that there was no way to mount a remote timing attack on GnuPG. With the turning up of Acoustic Cryptanalysis (http://cs.tau.ac.il/~tromer/acoustic) this assumption no longer holds true and thus we need to do do something about it. Blinding seems to be a suitable mitigation to the threat of key extraction. It does not help against distinguishing used keys, though. Note that GPG 2.x uses Libgcrypt which does blinding by default. The performance penalty is negligible: Modifying the core pubkey_sign or pubkey_decrypt function to run 100 times in a loop, the entire execution times for signing or decrypting a small message using a 4K RSA key on a Thinkpad X220 are Without blinding: 5.2s (8.9s) With blinding: 5.6s (9.3s) The numbers in parentheses give the values without the recently implemented k-ary exponentiation code. Thus for the next release the user will actually experience faster signing and decryption. A drawback of blinding is that we need random numbers even for decryption (albeit at low quality). Signed-off-by: Werner Koch CVE-id: CVE-2013-4576 diff --git a/cipher/random.c b/cipher/random.c index b634161..7549517 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -284,6 +284,18 @@ randomize_buffer( byte *buffer, size_t length, int level ) } +/* Randomize the MPI by setting it to NBITS of random of quality LEVEL. */ +void +randomize_mpi (MPI mpi, size_t nbits, int level) +{ + unsigned char *buffer; + + buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); + mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); + xfree (buffer); +} + + int random_is_faked() { diff --git a/cipher/random.h b/cipher/random.h index ca02df1..01ee11b 100644 --- a/cipher/random.h +++ b/cipher/random.h @@ -30,6 +30,7 @@ int quick_random_gen( int onoff ); int random_is_faked(void); void random_disable_locking (void); void randomize_buffer( byte *buffer, size_t length, int level ); +void randomize_mpi (MPI mpi, size_t nbits, int level); byte *get_random_bits( size_t nbits, int level, int secure ); void fast_random_poll( void ); diff --git a/cipher/rsa.c b/cipher/rsa.c index 1cdc600..c52704c 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1,5 +1,5 @@ /* rsa.c - RSA function - * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn) + * Copyright (C) 1997, 1998, 1999, 2013 by Werner Koch (dd9jn) * Copyright (C) 2000, 2001 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -22,7 +22,7 @@ which expires on September 20, 2000. The patent holder placed that patent into the public domain on Sep 6th, 2000. */ - + #include #include #include @@ -32,6 +32,10 @@ #include "cipher.h" #include "rsa.h" +/* Blinding is used to mitigate side-channel attacks. You may undef + this to speed up the operation in case the system is secured + against physical and network mounted side-channel attacks. */ +#define USE_BLINDING 1 typedef struct { MPI n; /* modulus */ @@ -103,7 +107,7 @@ generate( RSA_secret_key *sk, unsigned nbits ) /* make sure that nbits is even so that we generate p, q of equal size */ if ( (nbits&1) ) - nbits++; + nbits++; n = mpi_alloc ( mpi_nlimb_hint_from_nbits (nbits) ); @@ -146,7 +150,7 @@ generate( RSA_secret_key *sk, unsigned nbits ) 65537 as the new best practice. See FIPS-186-3. */ e = mpi_alloc ( mpi_nlimb_hint_from_nbits (32) ); - mpi_set_ui( e, 65537); + mpi_set_ui( e, 65537); while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ mpi_add_ui( e, e, 2); @@ -268,7 +272,7 @@ stronger_key_check ( RSA_secret_key *skey ) mpi_invm(t, skey->p, skey->q ); if ( mpi_cmp(t, skey->u ) ) log_info ( "RSA Oops: u is wrong\n"); - + log_info ( "RSA secret key check finished\n"); mpi_free (t); @@ -286,9 +290,9 @@ stronger_key_check ( RSA_secret_key *skey ) * * Or faster: * - * m1 = c ^ (d mod (p-1)) mod p - * m2 = c ^ (d mod (q-1)) mod q - * h = u * (m2 - m1) mod q + * m1 = c ^ (d mod (p-1)) mod p + * m2 = c ^ (d mod (q-1)) mod q + * h = u * (m2 - m1) mod q * m = m1 + h * p * * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY. @@ -299,13 +303,26 @@ secret(MPI output, MPI input, RSA_secret_key *skey ) #if 0 mpi_powm( output, input, skey->d, skey->n ); #else - MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); - MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); - MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); - + int nlimbs = mpi_get_nlimbs (skey->n)+1; + MPI m1 = mpi_alloc_secure (nlimbs); + MPI m2 = mpi_alloc_secure (nlimbs); + MPI h = mpi_alloc_secure (nlimbs); +# ifdef USE_BLINDING + MPI r = mpi_alloc_secure (nlimbs); + MPI bdata= mpi_alloc_secure (nlimbs); + + /* Blind: bdata = (data * r^e) mod n */ + randomize_mpi (r, mpi_get_nbits (skey->n), 0); + mpi_fdiv_r (r, r, skey->n); + mpi_powm (bdata, r, skey->e, skey->n); + mpi_mulm (bdata, bdata, input, skey->n); + input = bdata; +# endif /* USE_BLINDING */ + + /* RSA secret operation: */ /* m1 = c ^ (d mod (p-1)) mod p */ mpi_sub_ui( h, skey->p, 1 ); - mpi_fdiv_r( h, skey->d, h ); + mpi_fdiv_r( h, skey->d, h ); mpi_powm( m1, input, h, skey->p ); /* m2 = c ^ (d mod (q-1)) mod q */ mpi_sub_ui( h, skey->q, 1 ); @@ -313,14 +330,21 @@ secret(MPI output, MPI input, RSA_secret_key *skey ) mpi_powm( m2, input, h, skey->q ); /* h = u * ( m2 - m1 ) mod q */ mpi_sub( h, m2, m1 ); - if ( mpi_is_neg( h ) ) + if ( mpi_is_neg( h ) ) mpi_add ( h, h, skey->q ); - mpi_mulm( h, skey->u, h, skey->q ); + mpi_mulm( h, skey->u, h, skey->q ); /* m = m2 + h * p */ mpi_mul ( h, h, skey->p ); mpi_add ( output, m1, h ); - /* ready */ - + +# ifdef USE_BLINDING + /* Unblind: output = (output * r^(-1)) mod n */ + mpi_free (bdata); + mpi_invm (r, r, skey->n); + mpi_mulm (output, output, r, skey->n); + mpi_free (r); +# endif /* USE_BLINDING */ + mpi_free ( h ); mpi_free ( m1 ); mpi_free ( m2 ); diff --git a/g10/gpgv.c b/g10/gpgv.c index a337fc7..b679853 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -389,6 +389,7 @@ void cipher_sync( CIPHER_HANDLE c ) {} void random_dump_stats(void) {} int quick_random_gen( int onoff ) { return -1;} void randomize_buffer( byte *buffer, size_t length, int level ) {} +void randomize_mpi (MPI mpi, size_t nbits, int level) {} int random_is_faked() { return -1;} byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} void set_random_seed_file( const char *name ) {} ----------------------------------------------------------------------- Summary of changes: AUTHORS | 18 +++-- NEWS | 18 ++++- README | 9 +-- checks/Makefile.am | 29 ++++++++ cipher/dsa.c | 6 +- cipher/elgamal.c | 3 + cipher/random.c | 12 ++++ cipher/random.h | 1 + cipher/rsa.c | 76 +++++++++++++++------ configure.ac | 3 +- g10/encr-data.c | 10 +++ g10/gpg.c | 1 + g10/gpgv.c | 1 + g10/mainproc.c | 11 +-- scripts/config.guess | 182 ++++++++++++++++++++++++++++++-------------------- scripts/config.sub | 93 ++++++++++++++------------ 16 files changed, 312 insertions(+), 161 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 18 18:06:27 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Dec 2013 18:06:27 +0100 Subject: [git] gnupg-doc - branch, master, updated. 9fef86fa099390a7f00609cc8956276f0c796b77 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 9fef86fa099390a7f00609cc8956276f0c796b77 (commit) from de3e6ae5fe1ac665afaaac30db0e23fb3dcb16ee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9fef86fa099390a7f00609cc8956276f0c796b77 Author: Werner Koch Date: Wed Dec 18 18:04:54 2013 +0100 Release info for GnuPG 1.4.16 diff --git a/README b/README index 197935e..20a4033 100644 --- a/README +++ b/README @@ -42,6 +42,9 @@ Redirect /faq.html http://www.gnupg.org/documentation/faqs.html Redirect /why-not-idea.html http://www.gnupg.org/faq/why-not-idea.html Redirect /howtos/ch/ http://www.gnupg.org/howtos/zh/ + +Redirect /fund http://goteo.org/project/gnupg-new-website-and-infrastructure + #+END_EXAMPLE The howtos are symlinked into the www.gnupg.org tree. diff --git a/web/index.org b/web/index.org index 978ef8c..a72290b 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,12 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 1.4.16 released (2013-12-18) :important: + +Along with the publication of an interesting new [[http://www.cs.tau.ac.il/~tromer/acoustic/][side channel attack]] +by Genkin, Shamir, and Tromer we announce the availability of a new +stable GnuPG release to relieve this bug: Version 1.4.16 ... [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]] + ** Libgcrypt 1.6.0 released (2013-10-16) The GNU project is pleased to announce the availability of Libgcrypt @@ -79,8 +85,9 @@ now --- most of them have not been updated for many years anyway. ** Blog: Securing the future of GPG (2013-11-05) -We have a plan for securing the long term stability of GnuPG development by giving more to our users, and asking more from them in return ... -[[http://blog.gnupg.org/][{more}]] +We have a plan for securing the long term stability of GnuPG +development by giving more to our users, and asking more from them in +return ... [[http://blog.gnupg.org/][{more}]] ** Security update for GnuPG (2013-10-05) :important: diff --git a/web/swdb.mac b/web/swdb.mac index bc6aa97..ae2558d 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -16,20 +16,20 @@ # # GnuPG-1 # -#+macro: gnupg1_ver 1.4.15 +#+macro: gnupg1_ver 1.4.16 #+macro: gnupg1_branch STABLE-BRANCH-1-4 -#+macro: gnupg1_size 3569k -#+macro: gnupg1_size_gz 4948k -#+macro: gnupg1_sha1 63ebf0ab375150903c65738070e4105200197fd4 -#+macro: gnupg1_sha1_gz 2881c8174c15bb86ecf2e879cb7ca22c91fbcf93 -# -#+macro: gnupg1_patch_ver 1.4.14-1.4.15 -#+macro: gnupg1_patch_size 37k -#+macro: gnupg1_patch_sha1 0e3a593da55be0fb9a556513ce034e13677e5ebc -# -#+macro: gnupg1_w32cli_ver 1.4.15 -#+macro: gnupg1_w32cli_size 1568k -#+macro: gnupg1_w32cli_sha1 1adda83f3eda5a2ac6d362c294e31fbb529a03e4 +#+macro: gnupg1_size 3571k +#+macro: gnupg1_size_gz 4955k +#+macro: gnupg1_sha1 0bf5e475f3eb6f33d5474d017fe5bf66070e43f4 +#+macro: gnupg1_sha1_gz ea40324a5b2e3a16ffb63ea0ccc950a3faf5b11c +# +#+macro: gnupg1_patch_ver 1.4.15-1.4.16 +#+macro: gnupg1_patch_size 26k +#+macro: gnupg1_patch_sha1 82079c7c183467b4dd3795ca197983cd2494cec4 +# +#+macro: gnupg1_w32cli_ver 1.4.16 +#+macro: gnupg1_w32cli_size 1573k +#+macro: gnupg1_w32cli_sha1 ead70b47218ba76da51c16b652bee2a712faf2f6 # ----------------------------------------------------------------------- Summary of changes: README | 3 +++ web/index.org | 11 +++++++++-- web/swdb.mac | 26 +++++++++++++------------- 3 files changed, 25 insertions(+), 15 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 18 18:26:32 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Dec 2013 18:26:32 +0100 Subject: [git] gnupg-doc - branch, master, updated. d9eff053aac6791b2054e6c5fb5ee1b3f3d294d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d9eff053aac6791b2054e6c5fb5ee1b3f3d294d1 (commit) from 9fef86fa099390a7f00609cc8956276f0c796b77 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9eff053aac6791b2054e6c5fb5ee1b3f3d294d1 Author: Werner Koch Date: Wed Dec 18 18:25:05 2013 +0100 Add new blog entry. diff --git a/misc/blog.gnupg.org/20131218-getting-goteo-approval.html b/misc/blog.gnupg.org/20131218-getting-goteo-approval.html new file mode 100644 index 0000000..9b76146 --- /dev/null +++ b/misc/blog.gnupg.org/20131218-getting-goteo-approval.html @@ -0,0 +1,207 @@ + + + + + + Getting Goteo approval - Blog - GNU Privacy Guard + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

Getting Goteo approval

+
Posted 18th December 2013 by Sam Tuke
+ +
+ +

Pending project on Goteo

+
+ +

The targets are set, the rewards are prepared, the press release + has been edited and translated, and now we?re waiting for + approval from the crowdfunding + platform Goteo.

+ +

Goteo is like indiegogo, but more forward thinking. It has a + special focus on communal benefits and rewards - projects that + benefit society as a whole, not just project donors (though they + can get special rewards too).

+ + +

Every ?good? produced by a campaign on Goteo, be it artwork, + software, event, or manufactured product, has a license assigned + to it, like GPL or Creative Commons, and as well as asking for + money, projects ask for other forms of help called ?non-economic + needs?, like translations or product + testing. Goteo?s own + source code is Free Software too, meaning anyone can run + their own Goteo crowdfunding server. That?s the feature that + swung our decision to use it for GnuPG.

+ + +

Because the type of project on Goteo is quite specific + however, the acceptance phase of launching crowdfunding is + taking us longer than expected. Right now we?re working with + Goteo?s small team to answer questions which aren?t on the + webforms you fill out when you design your project with their + system.

+ +

I?m hoping to provide what?s necesasry and get acceptance + quickly. As soon as we have it the crowdfunding will launch + and newsletter subscribers + and Twitter followers + will be the first to know.

+
+ + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/img/goteo-review.png b/misc/blog.gnupg.org/img/goteo-review.png new file mode 100644 index 0000000..33ac693 Binary files /dev/null and b/misc/blog.gnupg.org/img/goteo-review.png differ diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index a832dbf..f7031ae 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -72,6 +72,57 @@

Blogs

+

Getting Goteo approval

 +
Posted 18th December 2013 by Sam Tuke
+ +
+ +

Pending project on Goteo

+
+ +

The targets are set, the rewards are prepared, the press release + has been edited and translated, and now we?re waiting for + approval from the crowdfunding + platform Goteo.

+ +

Goteo is like indiegogo, but more forward thinking. It has a + special focus on communal benefits and rewards - projects that + benefit society as a whole, not just project donors (though they + can get special rewards too).

+ + +

Every ?good? produced by a campaign on Goteo, be it artwork, + software, event, or manufactured product, has a license assigned + to it, like GPL or Creative Commons, and as well as asking for + money, projects ask for other forms of help called ?non-economic + needs?, like translations or product + testing. Goteo?s own + source code is Free Software too, meaning anyone can run + their own Goteo crowdfunding server. That?s the feature that + swung our decision to use it for GnuPG.

+ + +

Because the type of project on Goteo is quite specific + however, the acceptance phase of launching crowdfunding is + taking us longer than expected. Right now we?re working with + Goteo?s small team to answer questions which aren?t on the + webforms you fill out when you design your project with their + system.

+ +

I?m hoping to provide what?s necesasry and get acceptance + quickly. As soon as we have it the crowdfunding will launch + and newsletter subscribers + and Twitter followers + will be the first to know.

+
+ + + + +

Speedups in Libgcrypt 1.6
Posted 15 December 2013 by Werner Koch
----------------------------------------------------------------------- Summary of changes: ...l.html => 20131218-getting-goteo-approval.html} | 46 ++++++++++++++++-- misc/blog.gnupg.org/img/goteo-review.png | Bin 0 -> 42048 bytes misc/blog.gnupg.org/index.html | 51 ++++++++++++++++++++ 3 files changed, 93 insertions(+), 4 deletions(-) copy misc/blog.gnupg.org/{entry.templ.html => 20131218-getting-goteo-approval.html} (67%) create mode 100644 misc/blog.gnupg.org/img/goteo-review.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 18 18:44:24 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Wed, 18 Dec 2013 18:44:24 +0100 Subject: [git] gnupg-doc - branch, master, updated. ff3cd45936039ad4f7c83de9bde1f09e1c9ad261 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ff3cd45936039ad4f7c83de9bde1f09e1c9ad261 (commit) from d9eff053aac6791b2054e6c5fb5ee1b3f3d294d1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ff3cd45936039ad4f7c83de9bde1f09e1c9ad261 Author: Sam Tuke Date: Wed Dec 18 18:44:29 2013 +0100 Added news entry for goteo blog post diff --git a/web/index.org b/web/index.org index a72290b..6f0d68a 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,11 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** Blog: Getting Goteo crowdfunding approval (2013-12-18) + +The targets are set, the rewards are prepared, the press release has been edited and translated, and now we're waiting for approval from the crowdfunding platform Goteo ... +[[http://blog.gnupg.org/][{more}]] + ** GnuPG 1.4.16 released (2013-12-18) :important: Along with the publication of an interesting new [[http://www.cs.tau.ac.il/~tromer/acoustic/][side channel attack]] ----------------------------------------------------------------------- Summary of changes: web/index.org | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 18 18:51:44 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Dec 2013 18:51:44 +0100 Subject: [git] gnupg-doc - branch, master, updated. 6d4d09294732b1a4df99b22806f1aac317d93383 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 6d4d09294732b1a4df99b22806f1aac317d93383 (commit) from ff3cd45936039ad4f7c83de9bde1f09e1c9ad261 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6d4d09294732b1a4df99b22806f1aac317d93383 Author: Werner Koch Date: Wed Dec 18 18:50:16 2013 +0100 Add permanent links to block entries at the index page. diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index f7031ae..3d14957 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -117,6 +117,11 @@ >newsletter subscribers and Twitter followers will be the first to know.

+ +

+ +
@@ -126,13 +131,14 @@

Speedups in Libgcrypt 1.6
Posted 15 December 2013 by Werner Koch
-

-[...] To check how the forthcoming version 1.6.0 of Libgcrypt -compares to the older 1.5 version of Libgcrypt, I did some benchmarks -using a Thinkpad X220 which features an i5-2410M processor at 2.3GHz -running a 64 bit Debian Wheezy. -{more} -

+

+ [...] To check how the forthcoming version 1.6.0 of Libgcrypt + compares to the older 1.5 version of Libgcrypt, I did some benchmarks + using a Thinkpad X220 which features an i5-2410M processor at 2.3GHz + running a 64 bit Debian Wheezy. + {more} +

+

@@ -210,6 +216,7 @@ running a 64 bit Debian Wheezy. >Receive email updates +

@@ -271,6 +278,8 @@ running a 64 bit Debian Wheezy. the keyservers with fresh keys from new users!

+

@@ -343,6 +352,8 @@ running a 64 bit Debian Wheezy. >Receive email updates +

@@ -372,6 +383,7 @@ running a 64 bit Debian Wheezy. our press contact page hosted on Totem. That's all for now.

+

diff --git a/misc/blog.gnupg.org/site.css b/misc/blog.gnupg.org/site.css index 418e905..7ca5919 100644 --- a/misc/blog.gnupg.org/site.css +++ b/misc/blog.gnupg.org/site.css @@ -236,6 +236,19 @@ A.foot:hover { clear: both; } +/* The perma link . */ +.permalink { + float: right; + font-style: italic; + font-size: 0.6em; + margin-bottom: 1em; +} + +a.permalink:before { + content: "{permanent link}"; +} + + /*Image caption rules*/ .captioned-img { border: 1px solid #808080; @@ -247,4 +260,7 @@ A.foot:hover { .captioned-img p { margin: 0; padding: 0.5em 0 0.2em 0; -} \ No newline at end of file +} + + +/* eof */ \ No newline at end of file diff --git a/web/index.org b/web/index.org index 6f0d68a..3963eab 100644 --- a/web/index.org +++ b/web/index.org @@ -46,8 +46,9 @@ all [[file:news.org][news of previous years]] is also available. ** Blog: Getting Goteo crowdfunding approval (2013-12-18) -The targets are set, the rewards are prepared, the press release has been edited and translated, and now we're waiting for approval from the crowdfunding platform Goteo ... -[[http://blog.gnupg.org/][{more}]] +The targets are set, the rewards are prepared, the press release has +been edited and translated, and now we're waiting for approval from +the crowdfunding platform Goteo ... [[http://blog.gnupg.org/20131218-getting-goteo-approval.html][{more}]] ** GnuPG 1.4.16 released (2013-12-18) :important: ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/index.html | 26 +++++++++++++++++++------- misc/blog.gnupg.org/site.css | 18 +++++++++++++++++- web/index.org | 5 +++-- 3 files changed, 39 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 19 10:46:18 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Dec 2013 10:46:18 +0100 Subject: [git] gnupg-doc - branch, master, updated. 7f5d9ac122a2e9b8b818a7a7a04f19a3c330acd4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7f5d9ac122a2e9b8b818a7a7a04f19a3c330acd4 (commit) from 6d4d09294732b1a4df99b22806f1aac317d93383 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7f5d9ac122a2e9b8b818a7a7a04f19a3c330acd4 Author: Werner Koch Date: Thu Dec 19 00:24:28 2013 +0100 Add press release. diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html new file mode 100644 index 0000000..102758e --- /dev/null +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html @@ -0,0 +1,238 @@ + + + + + + GnuPG launches crowdfunding campaign - Blog - Gnu Privacy Guard + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

Press release: GnuPG encryption project launches crowdfunding + campaign

+
Posted 19th December 2013 by Sam Tuke
+ + +

Today GNU Privacy Guard (GnuPG) has launched its first + crowdfunding campaign with the aim of building a new + website and long term infrastructure. The 24.000 EUR target will + fund:

+ +
    +
  • Fresh web interfaces for gnupg.org including mobile
    • +
  • Completion and release of GnuPG 2.1
    • +
  • Anonymous Tor network access to the website
    • +
  • A new user friendly download page suitable for all devices
    • +
  • A new server for web services
    • +
  • New pages convening external guides, videos, and handbooks
    • +
  • Facilities for processing recurring donations for long + term project support
    • +
+ +

Project founder and Lead Developer Werner Koch said ?GnuPG has + seen a huge upsurge in popularity following recent state + spying revelations. After 16 years of continuous development, + we are now asking for community support to capitalise on + consumer demand for privacy, and make GnuPG easy to access for + mainstream audiences?.

+ +

GnuPG is one of the few tools remaining above suspicion in the + wake of leaked NSA documents. Edward Snowden and his contacts + including Bruce Schneier switched to GnuPG when they began handling + the secret + documents earlier this year. The Wall Street Journal, The + Committee to Protect Journalists, and ProPublica have all embraced + GnuPG for protection of staff and sources. Phil Zimmerman, original + inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in + wake of the news.

+ +

?GnuPG is a key part of modern privacy infrastructure? said + Sam Tuke, Campaign Manager, GnuPG. ?Millions of users rely on + GnuPG to work securely on servers, laptops and smartphones, + but 2013 donations totaling 3.000 EUR to date have not even + covered fixed costs. Supporting new algorithms like elliptical + curve and fixing newfound exploits fast takes a lot of work + which is done voluntarily. Now is the time for people to + contribute to making GnuPG slick and more sustainable in + future?.

+ +

Jacob Appelbaum, Tor Project developer, added ?GnuPG is + important - it allows us the assurances we need to do our + work. Community funding is a critical part of a confident + outlook for GnuPG in future.?

+ + +

For further information, please contact Sam Tuke.
+ Email: samtuke [at] gnupg.org
+ Phone: +49 176 81923811 +

+ +

About GNU Privacy Guard

+ +

GnuPG is a leading cryptography app that protects emails and + data from interception. It is developed by a community of Free + Software engineers led by Werner Koch. GnuPG is used and + recommended by the world?s top security experts, including + Bruce Schneier and Phil Zimmerman. It offers best in class + privacy free of charge and restriction. Hundreds of companies + have integrated GnuPG into their products to perform mission + critical security, including Red Hat, Deutsche Bahn, and many + others.

+ +

http://gnupg.org

+ +
+ + + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 3d14957..6d504d4 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -71,6 +71,90 @@

Blogs

+ + +
+

Press release: GnuPG encryption project launches crowdfunding + campaign

 +
Posted 19th December 2013 by Sam Tuke
+ + +

Today GNU Privacy Guard (GnuPG) has launched its first + crowdfunding campaign with the aim of building a new + website and long term infrastructure. The 24.000 EUR target will + fund:

+ +
    +
  • Fresh web interfaces for gnupg.org including mobile
    • +
  • Completion and release of GnuPG 2.1
    • +
  • Anonymous Tor network access to the website
    • +
  • A new user friendly download page suitable for all devices
    • +
  • A new server for web services
    • +
  • New pages convening external guides, videos, and handbooks
    • +
  • Facilities for processing recurring donations for long + term project support
    • +
+ +

Project founder and Lead Developer Werner Koch said ?GnuPG has + seen a huge upsurge in popularity following recent state + spying revelations. After 16 years of continuous development, + we are now asking for community support to capitalise on + consumer demand for privacy, and make GnuPG easy to access for + mainstream audiences?.

+ +

GnuPG is one of the few tools remaining above suspicion in the + wake of leaked NSA documents. Edward Snowden and his contacts + including Bruce Schneier switched to GnuPG when they began handling + the secret + documents earlier this year. The Wall Street Journal, The + Committee to Protect Journalists, and ProPublica have all embraced + GnuPG for protection of staff and sources. Phil Zimmerman, original + inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in + wake of the news.

+ +

?GnuPG is a key part of modern privacy infrastructure? said + Sam Tuke, Campaign Manager, GnuPG. ?Millions of users rely on + GnuPG to work securely on servers, laptops and smartphones, + but 2013 donations totaling 3.000 EUR to date have not even + covered fixed costs. Supporting new algorithms like elliptical + curve and fixing newfound exploits fast takes a lot of work + which is done voluntarily. Now is the time for people to + contribute to making GnuPG slick and more sustainable in + future?.

+ +

Jacob Appelbaum, Tor Project developer, added ?GnuPG is + important - it allows us the assurances we need to do our + work. Community funding is a critical part of a confident + outlook for GnuPG in future.?

+ + +

For further information, please contact Sam Tuke.
+ Email: samtuke [at] gnupg.org
+ Phone: +49 176 81923811 +

+ +

About GNU Privacy Guard

+ +

GnuPG is a leading cryptography app that protects emails and + data from interception. It is developed by a community of Free + Software engineers led by Werner Koch. GnuPG is used and + recommended by the world?s top security experts, including + Bruce Schneier and Phil Zimmerman. It offers best in class + privacy free of charge and restriction. Hundreds of companies + have integrated GnuPG into their products to perform mission + critical security, including Red Hat, Deutsche Bahn, and many + others.

+ +

http://gnupg.org

+ +

+
+ + +

Getting Goteo approval

 ----------------------------------------------------------------------- Summary of changes: ...ml => 20131219-gnupg-launches-crowfunding.html} | 121 ++++++++++++-------- misc/blog.gnupg.org/index.html | 84 ++++++++++++++ 2 files changed, 160 insertions(+), 45 deletions(-) copy misc/blog.gnupg.org/{20131218-getting-goteo-approval.html => 20131219-gnupg-launches-crowfunding.html} (55%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 19 11:18:36 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Dec 2013 11:18:36 +0100 Subject: [git] gnupg-doc - branch, master, updated. 4216dc56dd676827f5180f9c5a4060566621336e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4216dc56dd676827f5180f9c5a4060566621336e (commit) from 7f5d9ac122a2e9b8b818a7a7a04f19a3c330acd4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4216dc56dd676827f5180f9c5a4060566621336e Author: Werner Koch Date: Thu Dec 19 11:15:24 2013 +0100 Fix spelling of PRZ's name. diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html index 102758e..087024f 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html @@ -104,8 +104,9 @@ including Bruce Schneier switched to GnuPG when they began handling the secret documents earlier this year. The Wall Street Journal, The - Committee to Protect Journalists, and ProPublica have all embraced - GnuPG for protection of staff and sources. Phil Zimmerman, original + Committee to Protect Journalists, and + ProPublica have all embraced + GnuPG for protection of staff and sources. Phil Zimmermann, original inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in wake of the news.

@@ -136,7 +137,7 @@ data from interception. It is developed by a community of Free Software engineers led by Werner Koch. GnuPG is used and recommended by the world?s top security experts, including - Bruce Schneier and Phil Zimmerman. It offers best in class + Bruce Schneier and Phil Zimmermann. It offers best in class privacy free of charge and restriction. Hundreds of companies have integrated GnuPG into their products to perform mission critical security, including Red Hat, Deutsche Bahn, and many diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 6d504d4..23640bd 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -108,11 +108,13 @@ wake of leaked NSA documents. Edward Snowden and his contacts including Bruce Schneier switched to GnuPG when they began handling the secret - documents earlier this year. The Wall Street Journal, The - Committee to Protect Journalists, and ProPublica have all embraced - GnuPG for protection of staff and sources. Phil Zimmerman, original - inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in - wake of the news.

+ documents earlier + this year. The Wall Street Journal, The Committee to Protect + Journalists, + and ProPublica + have all embraced GnuPG for protection of staff and sources. Phil + Zimmermann, original inventor of Pretty Good Privacy (PGP), has also + moved to GnuPG in wake of the news.

?GnuPG is a key part of modern privacy infrastructure? said Sam Tuke, Campaign Manager, GnuPG. ?Millions of users rely on @@ -141,7 +143,7 @@ data from interception. It is developed by a community of Free Software engineers led by Werner Koch. GnuPG is used and recommended by the world?s top security experts, including - Bruce Schneier and Phil Zimmerman. It offers best in class + Bruce Schneier and Phil Zimmermann. It offers best in class privacy free of charge and restriction. Hundreds of companies have integrated GnuPG into their products to perform mission critical security, including Red Hat, Deutsche Bahn, and many ----------------------------------------------------------------------- Summary of changes: .../20131219-gnupg-launches-crowfunding.html | 7 ++++--- misc/blog.gnupg.org/index.html | 14 ++++++++------ 2 files changed, 12 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 19 11:29:11 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Dec 2013 11:29:11 +0100 Subject: [git] gnupg-doc - branch, master, updated. 05af0ed341744e57635f29ee68fa62f955c4c0eb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 05af0ed341744e57635f29ee68fa62f955c4c0eb (commit) from 4216dc56dd676827f5180f9c5a4060566621336e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 05af0ed341744e57635f29ee68fa62f955c4c0eb Author: Werner Koch Date: Thu Dec 19 11:27:46 2013 +0100 Add news entry diff --git a/web/index.org b/web/index.org index 3963eab..e6e8171 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,13 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG launches crowdfunding campaign (2013-12-19) + +Today GNU Privacy Guard (GnuPG) has launched its first [[http://goteo.org/project/gnupg-new-website-and-infrastructure][crowdfunding +campaign]] with the aim of building a new website and long term +infrastructure. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] + + ** Blog: Getting Goteo crowdfunding approval (2013-12-18) The targets are set, the rewards are prepared, the press release has ----------------------------------------------------------------------- Summary of changes: web/index.org | 7 +++++++ 1 file changed, 7 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 19 12:38:14 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Thu, 19 Dec 2013 12:38:14 +0100 Subject: [git] gnupg-doc - branch, master, updated. 702dc9f631026a0492a61d4380314c870da0f137 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 702dc9f631026a0492a61d4380314c870da0f137 (commit) from 05af0ed341744e57635f29ee68fa62f955c4c0eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 702dc9f631026a0492a61d4380314c870da0f137 Author: Sam Tuke Date: Thu Dec 19 12:38:04 2013 +0100 Added German PR release diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html new file mode 100644 index 0000000..b8bfe27 --- /dev/null +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html @@ -0,0 +1,200 @@ + + + + + + GnuPG launches crowdfunding campaign - Blog - Gnu Privacy Guard + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + +
+ +

Das GnuPG Verschl?sselungsprojekt startet Crowd-Finanzierungs-Kampagne.

+ +

Heute wurde die erste Kampagne zur Crowd-Finanzierung des GNU Privacy Guards (GnuPG, GPG) gestartet. Das Ziel ist die Erstellung einer neuen Webpr?senz und einer zukunftssicheren Infrastruktur. Die anvisierten 24.000 Euro werden die folgenden Punkte finanzieren:

+ +
    +
  • Neue Webseiten f?r gnupg.org mit Unterst?tzung f?r mobile Ger?te
    • +
  • Neue Seiten f?r externe Anleitungen, Videos und Handb?cher
    • +
  • Eine benutzerfreundliche Downloadseite f?r alle Ger?te
    • +
  • Anonymer Zugang zur Webpr?senz mittels Tor
    • +
  • Ein neuer Server f?r Web-Dienste
    • +
  • Fertigstellung und Freigabe der GnuPG Version 2.1
    • +
  • Einrichtungen zur Verarbeitung von regelm??igen Spenden zur Sicherstellung eines langfristigen Supports.
    • +
+ +

Der Gr?nder und Chefentwickler des Projekts, Werner Koch, erkl?rt hierzu: ?Seit den diesj?hrigen Spionageenth?llungen hat GnuPG stark an Popularit?t gewonnen. Nach 16 Jahren kontinuierlicher Entwicklung bitten wir nun um allgemeine Unterst?tzung der Finanzierung unserer Arbeit zum Schutz der Privatsph?re. GnuPG soll f?r die Allgemeinheit einfacher zu benutzen und verstehen sein.?

+ +

GnuPG is eines der wenigen Werkzeuge, die auch nach dem Auffliegen der NSA-Dokumente ?ber jeden Verdacht einer m?glichen Korrumpierung erhaben sind. Edward Snowden und seine Kontaktpersonen, ebenso wie auch Bruce Schneier, benutzen GnuPG, seit sie Anfang des Jahres mit der Durchsicht der geheimen NSA-Unterlagen begannen[2]. Das Wall Street Journal, das Komitee zum Schutze der Journalisten und ProPublica[3] haben sich alle auf die Verwendung von GnuPG geeinigt, um so ihre Mitarbeiter und Quellen zu sch?tzen. Phil Zimmermann, der urspr?ngliche Erfinder von Pretty Good Privacy (PGP), benutzt als Reaktion auf die j?ngsten Ereignisse ebenfalls GnuPG.

+ +

?GnuPG ist eine fundamentale Komponente des modernen Schutzes der Privatsph?re? sagt Sam Tuke, der die GnuPG Kampage leitet. ?Millionen von Benutzern verlassen sich auf GnuPG, um sicher mit Servern, Laptops und Smartphones zu arbeiten?. Der Spendeneingang von bis dato insgesamt 3000 Euro in 2013 deckt allerdings nicht einmal die Fixkosten des Projekts. Die Unterst?tzung von neuen Algorithmen, wie etwa elliptischen Kurven, sowie das Beheben von neu entdeckten Fehlern, kostet viel an freiwillig geleisteter Zeit. Es ist nun an der Zeit, mitzuhelfen, GnuPG aufzupolieren und ihm eine gesicherte Zukunft zu gew?hren.

+ +

Jakob Appelbaum, Entwickler beim Tor Projekt, f?gt hinzu: ?GnuPG is wichtig - es gibt uns die Verl?sslichkeit, die wir f?r unsere Arbeit ben?tigen. Eine F?rderung durch die Gemeinschaft ist ein absolut notwendiger Teil einer zuversichtlichen Perspektive f?r GnuPG?.

+ +

F?r weiteren Informationen wenden Sie sich bitte an Sam Tuke. +
Email: samtuke [at] gnupg.org +
Telefon: +49 176 81923811 (Englisch)

+ +
    + http://goteo.org/project/gnupg-new-website-and-infrastructure
  1. +
    2. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
  2. +
    3. http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php +
+ +

?ber den GNU Privacy Guard

+ +

GnuPG ist eine f?hrende kryptographische Anwendung, die dem Schutze von Emails und anderen Daten vor unerw?nschtem Mitlesen dient. Sie wurde von einer Gruppe von Open-Source-Programmierern um Werner Koch entwickelt. GnuPG wird von den f?hrenden Sicherheitsexperten benutzt und empfohlen, u.a. von Bruce Schneier und Phil Zimmermann. GnuPG bietet ohne Einschr?nkung kostenlosen und erstklassigen Privatsph?renschutz. Hunderte von Firmen, unter ihnen RedHat, die Deutsche Bahn und viele weitere, haben GnuPG in ihre Systeme integriert, um unternehmenskritische Daten zu sch?tzen.

+ +
+ + + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + ----------------------------------------------------------------------- Summary of changes: ...=> 20131219-gnupg-launches-crowfunding.de.html} | 111 +++++++------------- 1 file changed, 36 insertions(+), 75 deletions(-) copy misc/blog.gnupg.org/{20131219-gnupg-launches-crowfunding.html => 20131219-gnupg-launches-crowfunding.de.html} (52%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 19 12:39:37 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Thu, 19 Dec 2013 12:39:37 +0100 Subject: [git] gnupg-doc - branch, master, updated. 6450bde9af3156e3427283da99f3f795a405c7a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 6450bde9af3156e3427283da99f3f795a405c7a7 (commit) from 702dc9f631026a0492a61d4380314c870da0f137 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6450bde9af3156e3427283da99f3f795a405c7a7 Author: Sam Tuke Date: Thu Dec 19 12:39:43 2013 +0100 Fixed structure bug diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html index b8bfe27..3f4bc08 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html @@ -97,9 +97,9 @@
Telefon: +49 176 81923811 (Englisch)

    - http://goteo.org/project/gnupg-new-website-and-infrastructure
  1. -
    2. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
  2. -
    3. http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php +
  3. http://goteo.org/project/gnupg-new-website-and-infrastructure
    4. +
  4. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
    5. +
  5. http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php

?ber den GNU Privacy Guard

----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 19 13:33:55 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Dec 2013 13:33:55 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8d53893ccfeb48214dbfd082562126c2965d191e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8d53893ccfeb48214dbfd082562126c2965d191e (commit) from 6450bde9af3156e3427283da99f3f795a405c7a7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8d53893ccfeb48214dbfd082562126c2965d191e Author: Werner Koch Date: Thu Dec 19 13:32:29 2013 +0100 Add translations of the press release. diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html index 3f4bc08..072b8f8 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html @@ -1,5 +1,5 @@ - + @@ -26,7 +26,13 @@   - · English ·   + · + English + ·   + Francaise + ·   + Deutsch + ·         @@ -70,7 +76,8 @@
-

Das GnuPG Verschl?sselungsprojekt startet Crowd-Finanzierungs-Kampagne.

+

Das GnuPG Verschl?sselungsprojekt startet Crowd-Finanzierungs-Kampagne.

+
2013-12-19

Heute wurde die erste Kampagne zur Crowd-Finanzierung des GNU Privacy Guards (GnuPG, GPG) gestartet. Das Ziel ist die Erstellung einer neuen Webpr?senz und einer zukunftssicheren Infrastruktur. Die anvisierten 24.000 Euro werden die folgenden Punkte finanzieren:

diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html new file mode 100644 index 0000000..4fb0d45 --- /dev/null +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html @@ -0,0 +1,248 @@ + + + + + + Le projet de chiffrement GnuPG lance sa campagne de financement - Blog - Gnu Privacy Guard + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· + English + ·   + Francaise ·   + Deutsch + ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

Le projet de chiffrement GnuPG lance sa campagne de financement

+
2013-12-19
+ +

La premi?re campagne + de financement de Gnu Privacy Guard (GnuPG) a ?t? lanc?e + aujourd'hui. Elle a pour objectif de cr?er un nouveau site web et + des infrastructures de long terme pour le projet. La lev?e de 24000? + permettra de financer

+ +
    +
  • une nouvelle interface web pour gnupg.org, version mobile incluse
    • +
  • de nouvelles pages comportant guides, vid?os et manuels
    • +
  • Une nouvelle page de t?l?chargement facile d'utilisation pour + tous les types d'appareils
    • +
  • l'acc?s anonyme au site via le r?seau Tor
    • +
  • un nouveau serveur pour les services web
    • +
  • l'ach?vement et le lancement de la version 2.1 de GnuPG
    • +
  • des infrastructures pour g?rer les dons r?guliers pour le + soutien du projet sur le long terme
    • +
+ +

Le fondateur du projet et d?veloppeur principal Werner Koch a + d?clar? "GnuPG a b?n?fici? d'un important regain de popularit? ? la + suite des r?centes r?v?lations sur l'espionage d'Etat. Apr?s 16 ans + de d?veloppement continu, nous demandons maintenant un soutien de la + communaut? pour capitaliser sur les demandes d'une meilleure + protection de la vie priv?e et rendre GnuPG plus facilement + accessible au grand public.

+ +

GnuPG est un des rares outils restant ? l'abri des soup?ons dans + le sillage des documents fuit?s de la NSA. Edward Snowden et ses + contacts, dont Bruce Schneier, se sont mis ? utiliser GnuPG + au d?but de l'ann?e, lorsqu'ils ont commenc? ? s'occuper des + documents secrets. Le Wall Street Journal, Le Comit? pour la + Protection des Journalistes + et ProPublica + ont tous adopt? GnuPG pour prot?ger leurs employ?s et leurs + sources. Phil Zimmermann, l'inventeur originel de Pretty Good + Privacy (PGP), a aussi choisi d'uiliser GnuPG en r?action ? + l'actualit? r?cente.

+ +

"GnuPG est une composante fondamentale des infrastructures + modernes de protection de la vie priv?e" a d?clar? Sam Tuke, le + directeur de campagne de GnuPG. "Des millions d'utilisateurs se + fient ? GnuPG pour pouvoir travailler de mani?re s?curis?e sur leurs + serveurs, laptops et smartphones; mais les dons effectu?s en 2013 + n'ont repr?sent? que 3.000 EUR et ne suffisent m?me pas ? couvrir + les co?ts fixes du projet. Supporter de nouveaux algorithmes, comme + les courbes ?lliptiques, et r?agir rapidement en cas de d?couverte + de nouvelles possibilit?s d'attaques repr?sente une lourde charge de + travail, actuellement assur?e b?n?volement.

+ +

Jacob Appelbaum, d?veloppeur Tor, a ajout? "Le travail effectu? + par GnuPG est important et n?cessite du soutien. Les financements de + la communaut? sont fondamentaux pour envisager l'avenir de GnuPG + avec confiance".

+ +

+ Pour plus d'informations, contactez Sam Tuke
+ Email: samtuke [at] gnupg.org
+ T?l?phone: +49 176 81923811
+

+ +

A propos de Gnu Privacy Guard

+ +

GnuPG est une application majeure de chiffrement qui prot?ge des + interceptions emails et donn?es. Elle est d?velopp?e par une + communaut? d'ing?nieurs de logiciel libre men?e par Werner + Koch. GnuPG est utilis? et recommand?e par les experts + internationaux en s?curit? les plus reconnus, dont Bruce Schneier et + Phil Zimmerman. Elle permet de prot?ger sa vie priv?e, et ce + gratuitement et sans restriction. Des centaines d'entreprises ont + int?gr? GnuPG dans leurs produits pour en assurer la s?curit?, y + compris Red Hat, Deutsche Bahn et de nombreuses autres.

+ +

http://gnupg.org

+ +
+ + + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html index 087024f..aabc626 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html @@ -26,7 +26,13 @@   - · English ·   + · + English + ·   + Francaise + ·   + Deutsch + ·         diff --git a/web/favicon.ico b/web/favicon.ico new file mode 100644 index 0000000..2e6939f Binary files /dev/null and b/web/favicon.ico differ diff --git a/web/index.org b/web/index.org index e6e8171..6d06b0a 100644 --- a/web/index.org +++ b/web/index.org @@ -46,16 +46,15 @@ all [[file:news.org][news of previous years]] is also available. ** GnuPG launches crowdfunding campaign (2013-12-19) -Today GNU Privacy Guard (GnuPG) has launched its first [[http://goteo.org/project/gnupg-new-website-and-infrastructure][crowdfunding -campaign]] with the aim of building a new website and long term -infrastructure. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] - +Today GNU Privacy Guard (GnuPG) has launched its first +[[http://goteo.org/project/gnupg-new-website-and-infrastructure][crowdfunding campaign]] with the aim of building a new website and long term +infrastructure. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] [[http://blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html][{deutsch}]] [[http://blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html][{francaise}]] ** Blog: Getting Goteo crowdfunding approval (2013-12-18) The targets are set, the rewards are prepared, the press release has been edited and translated, and now we're waiting for approval from -the crowdfunding platform Goteo ... [[http://blog.gnupg.org/20131218-getting-goteo-approval.html][{more}]] +the crowdfunding platform Goteo ... [[http://blog.gnupg.org/20131218-getting-goteo-approval.html][{more}]] ** GnuPG 1.4.16 released (2013-12-18) :important: ----------------------------------------------------------------------- Summary of changes: .../20131219-gnupg-launches-crowfunding.de.html | 13 +- .../20131219-gnupg-launches-crowfunding.fr.html | 248 ++++++++++++++++++++ .../20131219-gnupg-launches-crowfunding.html | 8 +- web/favicon.ico | Bin 0 -> 10134 bytes web/index.org | 9 +- 5 files changed, 269 insertions(+), 9 deletions(-) create mode 100644 misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html create mode 100644 web/favicon.ico hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 20 09:45:39 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Dec 2013 09:45:39 +0100 Subject: [git] gnupg-doc - branch, master, updated. 06f3e4ce972af2694fc88c1c3ae4604fb4652218 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 06f3e4ce972af2694fc88c1c3ae4604fb4652218 (commit) from 8d53893ccfeb48214dbfd082562126c2965d191e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 06f3e4ce972af2694fc88c1c3ae4604fb4652218 Author: Werner Koch Date: Fri Dec 20 09:42:37 2013 +0100 Added 0x10 years gnupg blog entry. Also fixes some minor things. diff --git a/misc/blog.gnupg.org/entry.templ.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html similarity index 64% copy from misc/blog.gnupg.org/entry.templ.html copy to misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html index b3ff6e8..3b816a9 100644 --- a/misc/blog.gnupg.org/entry.templ.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html @@ -3,7 +3,7 @@ - TITLE - Blog - Gnu Privacy Guard + 0x10 Years of protecting privacy - Blog - GnuPG @@ -70,13 +70,56 @@
-

TITLE

-
Posted DATESTRING by AUTHOR
+

16 Years of protecting privacy

+
Posted 20th December 2013 by Sam Tuke
+

+Today marks 16 years since the first release of GNU Privacy Guard +(GnuPG). In that time the project has grown from being a hacker?s +hobby into one of the world?s most critical anti-surveillance +tools. Today GnuPG stands at the front line of the battle between +invasive surveillance and civil liberties. +

+

+?Time has proven Free Software to be the most trustworthy defender +against companies and governments seeking to undermine citizen +privacy? said Werner Koch, GnuPG Founder and Lead Developer. ?Although +funding our work has not always been easy, the need for universally +accessible privacy tools has never been more apparent?. +

-
+

+Some of the world?s top security specialists are now counted among +GnuPG users, including Bruce Schneier, Jacob Appelbaum, and Phil +Zimmerman, inventor of PGP. This summer the world learned of the +extent of Government spying thanks to whistleblowers and journalists +communicating using GnuPG encrypted emails. Market leading servers +from Red Hat and Debian have built their reputation for security on +the foundation of GnuPG-verified software. +

+

+?The success of GnuPG?s first crowdfunding campaign, which received +90% of it?s target in 24 hours, shows a fresh willingness among users +to support GnuPG in it?s 16th year, and points to new opportunities +for the project in future? said Sam Tuke, GnuPG Campaign Manager. +?The release of GnuPG 2.1 and the launch of a newly designed website +later this year will bring GnuPG and its clients for Windows, Mac, +Gnu/Linux, and Android to new audiences?. +

+ +

+Over the years GnuPG has kept up to date with new algorithms, such as +Elliptic Curve Cryptography, and reactive to new threats, such as key +extraction via acoustic monitoring, which was announced two days ago +by researchers as GnuPG updates were released, in coordination with +developers. Members remain confident of the future of GnuPG and look +forward to facing the privacy threats of tomorrow with community +support. +

+ +
diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org new file mode 100644 index 0000000..b21e464 --- /dev/null +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org @@ -0,0 +1,42 @@ +# + +** 16 Years of protecting privacy + :PROPERTIES: + :PUBDATE: <2013-12-20 Fri 09:18> + :END: + +Today marks 16 years since the first release of GNU Privacy Guard +(GnuPG). In that time the project has grown from being a hacker?s +hobby into one of the world?s most critical anti-surveillance +tools. Today GnuPG stands at the front line of the battle between +invasive surveillance and civil liberties. + +?Time has proven [[http://fsfe.org/freesoftware/basics/4freedoms.en.html][Free Software]] to be the most trustworthy defender +against companies and governments seeking to undermine citizen +privacy? said Werner Koch, GnuPG Founder and Lead Developer. ?Although +funding our work has not always been easy, the need for universally +accessible privacy tools has never been more apparent?. + +Some of the world?s top security specialists are now counted among +GnuPG users, including Bruce Schneier, Jacob Appelbaum, and Phil +Zimmerman, inventor of PGP. This summer the world learned of the +extent of Government spying thanks to whistleblowers and journalists +communicating using GnuPG encrypted emails. Market leading servers +from Red Hat and Debian have built their reputation for security on +the foundation of GnuPG-verified software. + +?The success of GnuPG?s first crowdfunding campaign, which received +90% of it?s target in 24 hours, shows a fresh willingness among users +to support GnuPG in it?s 16th year, and points to new opportunities +for the project in future? said Sam Tuke, GnuPG Campaign Manager. +?The release of GnuPG 2.1 and the launch of a newly designed website +later this year will bring GnuPG and its clients for Windows, Mac, +Gnu/Linux, and Android to new audiences?. + +Over the years GnuPG has kept up to date with new algorithms, such as +Elliptic Curve Cryptography, and reactive to new threats, such as key +extraction via acoustic monitoring, which was announced two days ago +by researchers as GnuPG updates were released, in coordination with +developers. Members remain confident of the future of GnuPG and look +forward to facing the privacy threats of tomorrow with community +support. diff --git a/misc/blog.gnupg.org/entry.templ.html b/misc/blog.gnupg.org/entry.templ.html index b3ff6e8..b66ba6d 100644 --- a/misc/blog.gnupg.org/entry.templ.html +++ b/misc/blog.gnupg.org/entry.templ.html @@ -3,7 +3,7 @@ - TITLE - Blog - Gnu Privacy Guard + TITLE - Blog - GnuPG diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 23640bd..1e2c461 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -3,7 +3,7 @@ - Blog - Gnu Privacy Guard + Blog - GNU Privacy Guard @@ -72,6 +72,63 @@

Blogs

+
+

16 Years of protecting privacy

 +
Posted 20th December 2013 by Sam Tuke
+ +

+Today marks 16 years since the first release of GNU Privacy Guard +(GnuPG). In that time the project has grown from being a hacker?s +hobby into one of the world?s most critical anti-surveillance +tools. Today GnuPG stands at the front line of the battle between +invasive surveillance and civil liberties. +

+ +

+?Time has proven Free Software to be the most trustworthy defender +against companies and governments seeking to undermine citizen +privacy? said Werner Koch, GnuPG Founder and Lead Developer. ?Although +funding our work has not always been easy, the need for universally +accessible privacy tools has never been more apparent?. +

+ +

+Some of the world?s top security specialists are now counted among +GnuPG users, including Bruce Schneier, Jacob Appelbaum, and Phil +Zimmerman, inventor of PGP. This summer the world learned of the +extent of Government spying thanks to whistleblowers and journalists +communicating using GnuPG encrypted emails. Market leading servers +from Red Hat and Debian have built their reputation for security on +the foundation of GnuPG-verified software. +

+ +

+?The success of GnuPG?s first crowdfunding campaign, which received +90% of it?s target in 24 hours, shows a fresh willingness among users +to support GnuPG in it?s 16th year, and points to new opportunities +for the project in future? said Sam Tuke, GnuPG Campaign Manager. +?The release of GnuPG 2.1 and the launch of a newly designed website +later this year will bring GnuPG and its clients for Windows, Mac, +Gnu/Linux, and Android to new audiences?. +

+ +

+Over the years GnuPG has kept up to date with new algorithms, such as +Elliptic Curve Cryptography, and reactive to new threats, such as key +extraction via acoustic monitoring, which was announced two days ago +by researchers as GnuPG updates were released, in coordination with +developers. Members remain confident of the future of GnuPG and look +forward to facing the privacy threats of tomorrow with community +support. +

+ + +

+ +
+
\"CC-BY-SA
+ src=\"/share/cc-by-sa-3.0_80x15.png\"/>
These web pages are Copyright 1998--2013 The GnuPG Project? and licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See - copying for details. + copying for details.
")) (goto-char (point-max)) (insert " ----------------------------------------------------------------------- Summary of changes: ...proval.html => 20131220-gnupg-turned-0x10.html} | 95 ++++++++++---------- misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org | 42 +++++++++ misc/blog.gnupg.org/entry.templ.html | 2 +- misc/blog.gnupg.org/index.html | 59 +++++++++++- web/share/gpgweb.el | 8 +- 5 files changed, 155 insertions(+), 51 deletions(-) copy misc/blog.gnupg.org/{20131218-getting-goteo-approval.html => 20131220-gnupg-turned-0x10.html} (65%) create mode 100644 misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 20 17:59:46 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Dec 2013 17:59:46 +0100 Subject: [git] gnupg-doc - branch, master, updated. e0d4d18f1e5018dda44d3d7424fabfb0dbc101d6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e0d4d18f1e5018dda44d3d7424fabfb0dbc101d6 (commit) from 06f3e4ce972af2694fc88c1c3ae4604fb4652218 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e0d4d18f1e5018dda44d3d7424fabfb0dbc101d6 Author: Werner Koch Date: Fri Dec 20 17:58:18 2013 +0100 Add link to "16 years ..." entry and put link at gnupg.org. diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html index 3b816a9..4e135e7 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html @@ -100,13 +100,15 @@ the foundation of GnuPG-verified software.

-?The success of GnuPG?s first crowdfunding campaign, which received -90% of it?s target in 24 hours, shows a fresh willingness among users -to support GnuPG in it?s 16th year, and points to new opportunities -for the project in future? said Sam Tuke, GnuPG Campaign Manager. -?The release of GnuPG 2.1 and the launch of a newly designed website -later this year will bring GnuPG and its clients for Windows, Mac, -Gnu/Linux, and Android to new audiences?. +?The success of GnuPG?s +first crowdfunding campaign, which received 90% of it?s target in 24 +hours, shows a fresh willingness among users to support GnuPG in it?s +16th year, and points to new opportunities for the project in future? +said Sam Tuke, GnuPG Campaign Manager. ?The release of GnuPG 2.1 and +the launch of a newly designed website later this year will bring +GnuPG and its clients for Windows, Mac, Gnu/Linux, and Android to new +audiences?.

diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 1e2c461..0ae6d34 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -104,13 +104,15 @@ the foundation of GnuPG-verified software.

-?The success of GnuPG?s first crowdfunding campaign, which received -90% of it?s target in 24 hours, shows a fresh willingness among users -to support GnuPG in it?s 16th year, and points to new opportunities -for the project in future? said Sam Tuke, GnuPG Campaign Manager. -?The release of GnuPG 2.1 and the launch of a newly designed website -later this year will bring GnuPG and its clients for Windows, Mac, -Gnu/Linux, and Android to new audiences?. +?The success of GnuPG?s +first crowdfunding campaign, which received 90% of it?s target in 24 +hours, shows a fresh willingness among users to support GnuPG in it?s +16th year, and points to new opportunities for the project in future? +said Sam Tuke, GnuPG Campaign Manager. ?The release of GnuPG 2.1 and +the launch of a newly designed website later this year will bring +GnuPG and its clients for Windows, Mac, Gnu/Linux, and Android to new +audiences?.

diff --git a/web/index.org b/web/index.org index 6d06b0a..7f4645e 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,16 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. + +** 16 Years of protecting privacy (2013-12-20) + +Today marks 16 years since the first release of GnuPG. In that time +the project has grown from being a hacker?s hobby into one of the +world?s most critical anti-surveillance tools. Today GnuPG stands at +the front line of the battle between invasive surveillance and civil +liberties. [[http://blog.gnupg.org/20131220-gnupg-turned-0x10.html][{more}]] + + ** GnuPG launches crowdfunding campaign (2013-12-19) Today GNU Privacy Guard (GnuPG) has launched its first ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html | 16 +++++++++------- misc/blog.gnupg.org/index.html | 16 +++++++++------- web/index.org | 10 ++++++++++ 3 files changed, 28 insertions(+), 14 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 20 18:45:23 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Dec 2013 18:45:23 +0100 Subject: [git] gnupg-doc - branch, master, updated. ecb95b769ac65f3777b845d80f5560383a119fa0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ecb95b769ac65f3777b845d80f5560383a119fa0 (commit) from e0d4d18f1e5018dda44d3d7424fabfb0dbc101d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ecb95b769ac65f3777b845d80f5560383a119fa0 Author: Werner Koch Date: Fri Dec 20 18:43:55 2013 +0100 Add Spanish a translation. diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html index 072b8f8..05de71f 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.de.html @@ -29,6 +29,8 @@ · English ·   + Espa?ol + ·   Francaise ·   Deutsch diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.es.html similarity index 50% copy from misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html copy to misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.es.html index aabc626..2802b06 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.es.html @@ -1,9 +1,9 @@ - + - GnuPG launches crowdfunding campaign - Blog - Gnu Privacy Guard + GnuPG lanza campa?a de financiaci?n colectiva - Blog - Gnu Privacy Guard @@ -27,7 +27,9 @@ · - English + English + ·   + Espa?ol ·   Francaise ·   @@ -74,80 +76,89 @@ -

-

Press release: GnuPG encryption project launches crowdfunding - campaign

-
Posted 19th December 2013 by Sam Tuke
+

GnuPG lanza campa?a de financiaci?n colectiva

+
2013-12-19 (translation by Vlax)
+ +

Con el objetivo de construir un nuevo sitio web, a partir de hoy + GNU Privacy Guard (GnuPG) convoca a participar con donaciones + econ?micas y colaboraciones distribuidas [1] que a largo plazo + puedan mejorar su infraestructura.

-

Today GNU Privacy Guard (GnuPG) has launched its first - crowdfunding campaign with the aim of building a new - website and long term infrastructure. The 24.000 EUR target will - fund:

+

La meta son 24.000 euros que servir?n para financiar:

    -
  • Fresh web interfaces for gnupg.org including mobile
    • -
  • Completion and release of GnuPG 2.1
    • -
  • Anonymous Tor network access to the website
    • -
  • A new user friendly download page suitable for all devices
    • -
  • A new server for web services
    • -
  • New pages convening external guides, videos, and handbooks
    • -
  • Facilities for processing recurring donations for long - term project support
    • +
  • Nuevas Interfaces Web para el sitio gnupg.org que incluyan versiones para m?vil
    • +
  • Finalizaci?n y liberaci?n de GnuPG 2.1
    • +
  • Acceso an?nimo desde la red Tor a la web de GnuPG
    • +
  • Una nueva p?gina que facilite la descarga desde cualquier dispositivo
    • +
  • Un nuevo servidor web
    • +
  • Nuevas p?ginas con referencias a gu?as externas, v?deos y manuales
    • +
  • Sistema para procesar donativos constantes en apoyo de + proyectos de largo plazo.
-

Project founder and Lead Developer Werner Koch said ?GnuPG has - seen a huge upsurge in popularity following recent state - spying revelations. After 16 years of continuous development, - we are now asking for community support to capitalise on - consumer demand for privacy, and make GnuPG easy to access for - mainstream audiences?.

- -

GnuPG is one of the few tools remaining above suspicion in the - wake of leaked NSA documents. Edward Snowden and his contacts - including Bruce Schneier switched to GnuPG when they began handling - the secret - documents earlier this year. The Wall Street Journal, The - Committee to Protect Journalists, and - ProPublica have all embraced - GnuPG for protection of staff and sources. Phil Zimmermann, original - inventor of Pretty Good Privacy (PGP), has also moved to GnuPG in - wake of the news.

- -

?GnuPG is a key part of modern privacy infrastructure? said - Sam Tuke, Campaign Manager, GnuPG. ?Millions of users rely on - GnuPG to work securely on servers, laptops and smartphones, - but 2013 donations totaling 3.000 EUR to date have not even - covered fixed costs. Supporting new algorithms like elliptical - curve and fixing newfound exploits fast takes a lot of work - which is done voluntarily. Now is the time for people to - contribute to making GnuPG slick and more sustainable in - future?.

- -

Jacob Appelbaum, Tor Project developer, added ?GnuPG is - important - it allows us the assurances we need to do our - work. Community funding is a critical part of a confident - outlook for GnuPG in future.?

- - -

For further information, please contact Sam Tuke.
- Email: samtuke [at] gnupg.org
- Phone: +49 176 81923811 +

Werner Koch, fundador del proyecto y principal desarrollador + asegura que "la popularidad de GnuPG se ha incrementado luego de las + recientes revelaciones sobre el espionaje gubernamental. Despu?s de + 16 a?os de continuo desarrollo, ahora solicitamos el apoyo de la + comunidad para aprovechar esta exigencia en favor de la privacidad + de los usuarios, haciendo que GnuPG sea de f?cil de uso para el + p?blico en general".

+ +

A ra?z de las fugas de documentos de la NSA, GnuPG permanece como + una de las pocas herramientas fuera de toda sospecha. Edward Snowden + y sus contactos, incluyendo a Bruce Schneier, cambiaron a GnuPG + cuando a principios de este a?o [2] comenzaron a manipular + documentos secretos. El peri?dico The Wall Street Journal, el Comit? + para la Protecci?n de los Periodistas, y la organizaci?n ProPublica + [3] utilizan GnuPG para la protecci?n de sus colaboradores y de sus + fuentes de informaci?n. Por su parte y a ra?z de estas revelaciones, + Phil Zimmermann, el inventor de 'Pretty Good Privacy' (PGP), tambi?n + se cambi? a GnuPG.

+ +

"GnuPG es una parte estrat?gica en la infraestructura moderna de + privacidad", dijo Sam Tuke, el Director de campa?as de + GnuPG. "Millones de usuarios conf?an en GnuPG para trabajar de modo + seguro en servidores, ordenadores port?tiles y tel?fonos + inteligentes, pero las donaciones que hemos obtenido durante el a?o + 2013 no cubren siquiera los gastos normales. El soporte para los + nuevos algoritmos como el de curva el?ptica, y la soluci?n de fallas + t?cnicas lleva una gran cantidad de trabajo que se realiza + voluntariamente. Este es el momento para que la gente contribuya + para lograr que GnuPG sea m?s eficiente y autosuficiente en el + futuro".

+ +

Jacob Appelbaum, desarrollador del Proyecto Tor, agreg? que + "GnuPG es importante porque nos ofrece garant?as que necesitamos + para hacer nuestro trabajo. La financiaci?n comunitaria es una parte + fundamental de la perspectiva de confianza futura para GnuPG".

+ +

+ Para m?s informaci?n, p?ngase en contacto con Sam Tuke.
+ Email: samtuke [at] gnupg.org
+ Tel?fono: +49 176 81923811

-

About GNU Privacy Guard

- -

GnuPG is a leading cryptography app that protects emails and - data from interception. It is developed by a community of Free - Software engineers led by Werner Koch. GnuPG is used and - recommended by the world?s top security experts, including - Bruce Schneier and Phil Zimmermann. It offers best in class - privacy free of charge and restriction. Hundreds of companies - have integrated GnuPG into their products to perform mission - critical security, including Red Hat, Deutsche Bahn, and many - others.

+
    +
  1. http://goteo.org/project/gnupg-new-website-and-infrastructure
    2. +
  2. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
    3. +
  3. http://www.cjr.org/behind_the_news/hacks_hackers_security_for_jou.php
    4. +
+ +

Acerca del Guardi?n de Privacidad de GnuPG

+ +

GnuPG es una aplicaci?n l?der en criptograf?a que permite + proteger datos y correos electr?nicos, del riesgo de ser + interceptados. Desarrollado por una comunidad de ingenieros de + software libre encabezada por Werner Koch, GnuPG es utilizado y + recomendado por expertos en seguridad de todo el mundo, como Bruce + Schneier y Phil Zimmermann, ya que ofrece la mejor clase de + privacidad de manera gratuita, sin costos ni restricciones. Cientos + de compa??as, incluyendo Red Hat, Deutsche Bahn y muchos otros, han + integrado GnuPG en sus productos para cumplir sus objetivos de + proporcionar seguridad cr?tica.

http://gnupg.org

diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html index 4fb0d45..a1d318c 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.fr.html @@ -29,6 +29,8 @@ · English ·   + Espa?ol + ·   Francaise ·   Deutsch ·   diff --git a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html index aabc626..4a0ea08 100644 --- a/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html +++ b/misc/blog.gnupg.org/20131219-gnupg-launches-crowfunding.html @@ -29,6 +29,8 @@ · English ·   + Espa?ol + ·   Francaise ·   Deutsch ----------------------------------------------------------------------- Summary of changes: .../20131219-gnupg-launches-crowfunding.de.html | 2 + ...=> 20131219-gnupg-launches-crowfunding.es.html} | 147 +++++++++++--------- .../20131219-gnupg-launches-crowfunding.fr.html | 2 + .../20131219-gnupg-launches-crowfunding.html | 2 + 4 files changed, 85 insertions(+), 68 deletions(-) copy misc/blog.gnupg.org/{20131219-gnupg-launches-crowfunding.html => 20131219-gnupg-launches-crowfunding.es.html} (50%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 20 23:05:17 2013 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Dec 2013 23:05:17 +0100 Subject: [git] gnupg-doc - branch, master, updated. 273e836c238e97add26bf39aaee1a54e414a7653 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 273e836c238e97add26bf39aaee1a54e414a7653 (commit) from ecb95b769ac65f3777b845d80f5560383a119fa0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 273e836c238e97add26bf39aaee1a54e414a7653 Author: Werner Koch Date: Fri Dec 20 23:03:54 2013 +0100 Add link to a French translation. diff --git a/README b/README index 20a4033..cd096ea 100644 --- a/README +++ b/README @@ -11,7 +11,10 @@ HTML files. - web/ :: Source files for the web. This also include images etc. - web/share :: Logos, CSS, macros and elisp for building. - - misc :: Otehr websites etc. + - misc :: Other websites etc. + - blog.gnupg.org + - git.gnupg.org + - howtos.gnupg.org :: Manuals etc. - build-aux :: Build helper rscripts - tools/ :: Tools used to build the web site. - stage/ :: staging directory for the site. diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html index 4e135e7..c7b8d2b 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html @@ -121,6 +121,10 @@ forward to facing the privacy threats of tomorrow with community support.

+

Update: Here is a +French translation

+
----------------------------------------------------------------------- Summary of changes: README | 5 ++++- misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 22 16:39:00 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Sun, 22 Dec 2013 16:39:00 +0100 Subject: [git] gnupg-doc - branch, master, updated. 98fc97cef0e64bbc1a285b90f37fece73338b587 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 98fc97cef0e64bbc1a285b90f37fece73338b587 (commit) from 273e836c238e97add26bf39aaee1a54e414a7653 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 98fc97cef0e64bbc1a285b90f37fece73338b587 Author: Sam Tuke Date: Sun Dec 22 16:19:39 2013 +0100 Added Filipino translation by Filipinolawyer diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html new file mode 100644 index 0000000..e57e374 --- /dev/null +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html @@ -0,0 +1,181 @@ + + + + + + 0x10 Years of protecting privacy - Blog - GnuPG + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
· English ·     
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

16 Years of protecting privacy

+
Posted 20th December 2013 by Sam Tuke
+ +

Thanks to 'FilipinoLawyer' for this translation.

+ +

Noong Disyembre 20, 2013 ay ika-16 taon mula ng unang labas ng GNU Privacy Guard (GnuPG). Sa loob ng mga panahong ito, ang proyekto ay lumago mula sa pagiging isang libangan ng mga hacker tungo sa isa sa mga pinakakritikal na gamit sa buong mundo laban sa pagmamatyag o surveillance. Ngayon ang GnuPG ay isa sa mga nasa harapan ng pagtatanggol ng kalayaang sibil at karapatan laban sa mapanalakay na pagmamatyag.

+ +

Ayon kay Werner Koch, nagtatag at Lead Developer ng GnuPG: ?Time has proven Free Software to be the most trustworthy defender against companies and governments seeking to undermine citizen privacy?. Aniya: ?Although funding our work has not always been easy, the need for universally accessible privacy tools has never been more apparent?.

+ +

"Sa maraming panahon, napatunayan na ang Free Software ang pinaka-mapagkakatiwalaang tagapagtanggol laban sa mga kumpanya at mga pamahalaan na naglalayong pahinain ang pribisiya o privacy ng mamamayan" at "Kahit na ang pagpopondo ng aming trabaho ay hindi palaging madali, ang pangkalahatang pangangailangan para makukuha ng gamit para sa pribisiya o privacy tool ay naging mas maliwanag".

+

Ang ilan sa mga nangungunang espesyalista sa seguridad ay gumagamit ng GnuPG kabilang sina Bruce Schneier, Jacob Appelbaum, at Phil Zimmerman, imbentor ng PGP. Noong mga nakalipas na buwan ng taong ito, nalaman ng buong mundo ang lawak ng pagmamatyag o pagiispiya ng mga gobyerno at dapat na pasalamatan ang mga whistleblowers at mamamahayag na nagbunyag nito gamit ang GnuPG-encrypted email sa kanilang paguusap. Ang mga pangunahing IT server na Red Hat at Debian ay gumagamit din ng GnuPG at inilagay ang kanilang reputasyon para sa seguridad sa pamamagitan ng mga GnuPG-verified software.

+ +

Ayon kay Sam Tuke, GnuPG Campaign Manager: ?The success of GnuPG?s first crowdfunding campaign, which received 90% of it?s target in 24 hours, shows a fresh willingness among users to support GnuPG in it?s 16th year, and points to new opportunities for the project in future?. Aniya: ?The release of GnuPG 2.1 and the launch of a newly designed website later this year will bring GnuPG and its clients for Windows, Mac, Gnu/Linux, and Android to new audiences?.

+ +

"Ang tagumpay ng unang kampanya ng GnuPG para makalikom ng donasyon sa publiko o crowdfunding, na nakatanggap ng 90% ng target na donasyon sa loob lamang ng 24 oras, ay nagpapakita ng isang sariwang pagpayag ng mga gumagamit ng GnuPG upang suportahan ang GnuPG sa ika-16 na taon nito, patungo sa mga bagong oportunidad para sa proyekto sa hinaharap" at "Ang paglabas ng GnuPG 2.1 at ang paglulunsad ng isang bagong dinisenyong website sa susunod na parte ng taong ito ay makakatulong sa pagbahagi ng GnuPG at mga proyekto nito sa Windows, Mac, GNU / Linux, at Android sa mga bagong madla".

+ +

Sa paglipas ng mga taon ang GnuPG ay pinananatiling ito ay gumagamit ng mga napapanahon at bagong algorithm, katulad ng Elliptic Curve Cryptography, at tumutugon sa mga bagong pagbabanta sa tulong ng at koordinasyon sa mga developer. Ang mga miyembro at gumagamit ng GnuPG ay nananatiling tiwala sa kinabukasan ng GnuPG at inaasahang ang paglaban sa mga maaaring banta sa pribisiya sa hinaharap ay may suporta mula sa komunidad.

+ +
+ + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + ----------------------------------------------------------------------- Summary of changes: ...x10.html => 20131220-gnupg-turned-0x10.ph.html} | 55 ++++---------------- 1 file changed, 9 insertions(+), 46 deletions(-) copy misc/blog.gnupg.org/{20131220-gnupg-turned-0x10.html => 20131220-gnupg-turned-0x10.ph.html} (54%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 22 16:44:03 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Sun, 22 Dec 2013 16:44:03 +0100 Subject: [git] gnupg-doc - branch, master, updated. f699837acf63b0abdef3456e0eda4b6fc8b48f19 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f699837acf63b0abdef3456e0eda4b6fc8b48f19 (commit) from 98fc97cef0e64bbc1a285b90f37fece73338b587 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f699837acf63b0abdef3456e0eda4b6fc8b48f19 Author: Sam Tuke Date: Sun Dec 22 16:44:19 2013 +0100 Added link to PH translation diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html index c7b8d2b..0f9e1f1 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html @@ -26,7 +26,11 @@   - · English ·   + + · English ·   + Filipino + ·   +       ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 22 16:45:22 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Sun, 22 Dec 2013 16:45:22 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8792519910dac828e707038fb2d95ee02aca3814 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8792519910dac828e707038fb2d95ee02aca3814 (commit) from f699837acf63b0abdef3456e0eda4b6fc8b48f19 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8792519910dac828e707038fb2d95ee02aca3814 Author: Sam Tuke Date: Sun Dec 22 16:45:39 2013 +0100 Fixed url diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html index 0f9e1f1..ffe6cbf 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html @@ -28,7 +28,7 @@ · English ·   - Filipino + Filipino ·     ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 22 16:47:12 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Sun, 22 Dec 2013 16:47:12 +0100 Subject: [git] gnupg-doc - branch, master, updated. b19213de162ab5ab5f2e82263b09100e2883de41 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via b19213de162ab5ab5f2e82263b09100e2883de41 (commit) from 8792519910dac828e707038fb2d95ee02aca3814 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b19213de162ab5ab5f2e82263b09100e2883de41 Author: Sam Tuke Date: Sun Dec 22 16:47:31 2013 +0100 Fixed twitter profile link diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html index e57e374..fba2941 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html @@ -73,7 +73,7 @@

16 Years of protecting privacy

Posted 20th December 2013 by Sam Tuke
-

Thanks to 'FilipinoLawyer' for this translation.

+

Thanks to 'FilipinoLawyer' for this translation.

Noong Disyembre 20, 2013 ay ika-16 taon mula ng unang labas ng GNU Privacy Guard (GnuPG). Sa loob ng mga panahong ito, ang proyekto ay lumago mula sa pagiging isang libangan ng mga hacker tungo sa isa sa mga pinakakritikal na gamit sa buong mundo laban sa pagmamatyag o surveillance. Ngayon ang GnuPG ay isa sa mga nasa harapan ng pagtatanggol ng kalayaang sibil at karapatan laban sa mapanalakay na pagmamatyag.

----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131220-gnupg-turned-0x10.ph.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Dec 29 03:07:59 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Sun, 29 Dec 2013 03:07:59 +0100 Subject: [git] gnupg-doc - branch, master, updated. 64572a6ec9e1d2669c4b9136c16de72f6e4b357c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 64572a6ec9e1d2669c4b9136c16de72f6e4b357c (commit) from b19213de162ab5ab5f2e82263b09100e2883de41 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64572a6ec9e1d2669c4b9136c16de72f6e4b357c Author: Sam Tuke Date: Sun Dec 29 03:08:36 2013 +0100 Added link to spanish translation Reformatted links to external translations diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html index ffe6cbf..694a1c2 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html @@ -125,9 +125,14 @@ forward to facing the privacy threats of tomorrow with community support.

-

Update: Here is a -French translation

+
----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131220-gnupg-turned-0x10.html | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 30 10:58:41 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Mon, 30 Dec 2013 10:58:41 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-10-gbbcb121 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via bbcb12187afb1756cb27296166b57fa19ee45d4d (commit) from b7e814f93ee40fcfe17a187a8989c07fde2ba0cd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bbcb12187afb1756cb27296166b57fa19ee45d4d Author: Jussi Kivilinna Date: Mon Dec 30 11:57:57 2013 +0200 Fix buggy/incomplete detection of AVX/AVX2 support * configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2 inline assembly checks. * src/hwf-x86.c [__i386__] (get_xgetbv): New function. [__x86_64__] (get_xgetbv): New function. [HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are supported by OS. -- This patch is based on original patch and bug report by Panagiotis Christopoulos: Adding better detection of AVX/AVX2 support After upgrading libgcrypt from 1.5.3 to 1.6.0 on a remote XEN system (linode) my gpg2 stopped working properly, throwing SIGILL signals when doing sha512 operations etc. I managed to debug this with the help of Doublas Freed (dwfreed at mtu.edu) and it seems that the current AVX detection just checks for bit 28 on cpuid but the check still works on systems that have disabled the avx/avx2 instructions for some reason (eg. performance/unstability) resulting in SIGILLs (eg. when trying _gcry_sha512_transform_amd64_avx() ). From Intel resources[1][2], I found additional checks for better AVX detection and applied them in the following patch. Please review/change accordingly and commit some better AVX detection mechanism. The AVX part is tested but could not test the AVX2 one, because I lack proper hardware. I can provide additional information upon request. Use the patch only as a guideline, as it's not thoroughly tested. [1] http://software.intel.com/en-us/blogs/2011/04/14/is-avx-enabled [2] http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf (sections 14.3 and 14.7.1) Reported-by: Panagiotis Christopoulos (pchrist) Cc: Doublas Freed Cc: Tim Harder Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index 27de850..8b43d9a 100644 --- a/configure.ac +++ b/configure.ac @@ -1033,7 +1033,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports AVX instructions], [gcry_cv_gcc_inline_asm_avx=no AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { - __asm__("vaesdeclast (%[mem]),%%xmm0,%%xmm7\n\t"::[mem]"r"(0):); + __asm__("xgetbv; vaesdeclast (%[mem]),%%xmm0,%%xmm7\n\t"::[mem]"r"(0):); }]])], [gcry_cv_gcc_inline_asm_avx=yes])]) if test "$gcry_cv_gcc_inline_asm_avx" = "yes" ; then @@ -1050,7 +1050,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports AVX2 instructions], [gcry_cv_gcc_inline_asm_avx2=no AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[void a(void) { - __asm__("vpbroadcastb %%xmm7,%%ymm1\n\t":::"cc"); + __asm__("xgetbv; vpbroadcastb %%xmm7,%%ymm1\n\t":::"cc"); }]])], [gcry_cv_gcc_inline_asm_avx2=yes])]) if test "$gcry_cv_gcc_inline_asm_avx2" = "yes" ; then diff --git a/src/hwf-x86.c b/src/hwf-x86.c index 4e82558..0591b4f 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -95,6 +95,21 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, if (edx) *edx = regs[3]; } + +static unsigned int +get_xgetbv(void) +{ + unsigned int t_eax; + + asm volatile + ("xgetbv\n\t" + : "=a" (t_eax) + : "c" (0) + ); + + return t_eax; +} + #endif /* i386 && GNUC */ @@ -129,6 +144,21 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, if (edx) *edx = regs[3]; } + +static unsigned int +get_xgetbv(void) +{ + unsigned int t_eax; + + asm volatile + ("xgetbv\n\t" + : "=a" (t_eax) + : "c" (0) + ); + + return t_eax; +} + #endif /* x86-64 && GNUC */ @@ -138,9 +168,12 @@ detect_x86_gnuc (void) { char vendor_id[12+1]; unsigned int features; + unsigned int os_supports_avx_avx2_registers = 0; unsigned int max_cpuid_level; unsigned int result = 0; + (void)os_supports_avx_avx2_registers; + if (!is_cpuid_available()) return 0; @@ -215,10 +248,20 @@ detect_x86_gnuc (void) if (features & 0x02000000) result |= HWF_INTEL_AESNI; #endif /*ENABLE_AESNI_SUPPORT*/ +#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT) + /* Test bit 27 for OSXSAVE (required for AVX/AVX2). */ + if (features & 0x08000000) + { + /* Check that OS has enabled both XMM and YMM state support. */ + if ((get_xgetbv() & 0x6) == 0x6) + os_supports_avx_avx2_registers = 1; + } +#endif #ifdef ENABLE_AVX_SUPPORT /* Test bit 28 for AVX. */ if (features & 0x10000000) - result |= HWF_INTEL_AVX; + if (os_supports_avx_avx2_registers) + result |= HWF_INTEL_AVX; #endif /*ENABLE_AVX_SUPPORT*/ #ifdef ENABLE_DRNG_SUPPORT /* Test bit 30 for RDRAND. */ @@ -242,6 +285,7 @@ detect_x86_gnuc (void) #ifdef ENABLE_AVX2_SUPPORT /* Test bit 5 for AVX2. */ if (features & 0x00000020) + if (os_supports_avx_avx2_registers) result |= HWF_INTEL_AVX2; #endif /*ENABLE_AVX_SUPPORT*/ } ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++-- src/hwf-x86.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 30 14:13:59 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Mon, 30 Dec 2013 14:13:59 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-12-g7547898 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 7547898109c72a97e3102b2a045ee4fdb2aa40bf (commit) via a05be441d8cd89b90d8d58e3a343a436dae377d0 (commit) from bbcb12187afb1756cb27296166b57fa19ee45d4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7547898109c72a97e3102b2a045ee4fdb2aa40bf Author: Jussi Kivilinna Date: Mon Dec 30 15:10:13 2013 +0200 Add AMD64 assembly implementation for arcfour * cipher/Makefile.am: Add 'arcfour-amd64.S'. * cipher/arcfour-amd64.S: New. * cipher/arcfour.c (USE_AMD64_ASM): New. [USE_AMD64_ASM] (ARCFOUR_context, _gcry_arcfour_amd64) (encrypt_stream): New. * configure.ac [host=x86_64]: Add 'arcfour-amd64.lo'. -- Patch adds Marc Bevand's public-domain AMD64 assembly implementation of RC4 to libgcrypt. Original implementation is at: http://www.zorinaq.com/papers/rc4-amd64.html Benchmarks on Intel i5-4570 (3200 Mhz): New: ARCFOUR | nanosecs/byte mebibytes/sec cycles/byte STREAM enc | 1.29 ns/B 737.7 MiB/s 4.14 c/B STREAM dec | 1.31 ns/B 730.6 MiB/s 4.18 c/B Old (C-language): ARCFOUR | nanosecs/byte mebibytes/sec cycles/byte STREAM enc | 2.09 ns/B 457.4 MiB/s 6.67 c/B STREAM dec | 2.09 ns/B 457.2 MiB/s 6.68 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 98c6254..15400e5 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -56,7 +56,7 @@ dsa-common.c rsa-common.c \ rmd.h EXTRA_libcipher_la_SOURCES = \ -arcfour.c \ +arcfour.c arcfour-amd64.S \ blowfish.c blowfish-amd64.S \ cast5.c cast5-amd64.S cast5-arm.S \ crc.c \ diff --git a/cipher/arcfour-amd64.S b/cipher/arcfour-amd64.S new file mode 100644 index 0000000..c32cd6f --- /dev/null +++ b/cipher/arcfour-amd64.S @@ -0,0 +1,97 @@ +/* +** RC4 implementation optimized for AMD64. +** +** Author: Marc Bevand +** Licence: I hereby disclaim the copyright on this code and place it +** in the public domain. +** +** The throughput achieved by this code is about 320 MBytes/sec, on +** a 1.8 GHz AMD Opteron (rev C0) processor. +** +** 2013/12/20 : +** - Integrated to libgcrypt +** - 4.18 cycles/byte on Intel i5-4570 +*/ + +#ifdef __x86_64__ +#include +#if defined(USE_ARCFOUR) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) + +.text +.align 16 +.globl _gcry_arcfour_amd64 +.type _gcry_arcfour_amd64, at function +_gcry_arcfour_amd64: + push %rbp + push %rbx + mov %rdi, %rbp # key = ARG(key) + mov %rsi, %rbx # rbx = ARG(len) + mov %rdx, %rsi # in = ARG(in) + mov %rcx, %rdi # out = ARG(out) + mov (4*256)(%rbp), %ecx # x = key->x + mov (4*256+4)(%rbp),%edx # y = key->y + inc %rcx # x++ + and $255, %rcx # x &= 0xff + lea -8(%rbx,%rsi), %rbx # rbx = in+len-8 + mov %rbx, %r9 # tmp = in+len-8 + mov (%rbp,%rcx,4), %eax # tx = d[x] + cmp %rsi, %rbx # cmp in with in+len-8 + jl .Lend # jump if (in+len-8 < in) + +.Lstart: + add $8, %rsi # increment in + add $8, %rdi # increment out + + # generate the next 8 bytes of the rc4 stream into %r8 + mov $8, %r11 # byte counter +1: add %al, %dl # y += tx + mov (%rbp,%rdx,4), %ebx # ty = d[y] + mov %ebx, (%rbp,%rcx,4) # d[x] = ty + add %al, %bl # val = ty + tx + mov %eax, (%rbp,%rdx,4) # d[y] = tx + inc %cl # x++ (NEXT ROUND) + mov (%rbp,%rcx,4), %eax # tx = d[x] (NEXT ROUND) + shl $8, %r8 + movb (%rbp,%rbx,4), %r8b # val = d[val] + dec %r11b + jnz 1b + + # xor 8 bytes + bswap %r8 + xor -8(%rsi), %r8 + cmp %r9, %rsi # cmp in+len-8 with in + mov %r8, -8(%rdi) + jle .Lstart # jump if (in <= in+len-8) + +.Lend: + add $8, %r9 # tmp = in+len + + # handle the last bytes, one by one +1: cmp %rsi, %r9 # cmp in with in+len + jle .Lfinished # jump if (in+len <= in) + add %al, %dl # y += tx + mov (%rbp,%rdx,4), %ebx # ty = d[y] + mov %ebx, (%rbp,%rcx,4) # d[x] = ty + add %al, %bl # val = ty + tx + mov %eax, (%rbp,%rdx,4) # d[y] = tx + inc %cl # x++ (NEXT ROUND) + mov (%rbp,%rcx,4), %eax # tx = d[x] (NEXT ROUND) + movb (%rbp,%rbx,4), %r8b # val = d[val] + xor (%rsi), %r8b # xor 1 byte + movb %r8b, (%rdi) + inc %rsi # in++ + inc %rdi # out++ + jmp 1b + +.Lfinished: + dec %rcx # x-- + movb %dl, (4*256)(%rbp) # key->y = y + movb %cl, (4*256+4)(%rbp) # key->x = x + pop %rbx + pop %rbp + ret +.L__gcry_arcfour_amd64_end: +.size _gcry_arcfour_amd64,.L__gcry_arcfour_amd64_end-_gcry_arcfour_amd64 + +#endif +#endif diff --git a/cipher/arcfour.c b/cipher/arcfour.c index d692c84..27537bf 100644 --- a/cipher/arcfour.c +++ b/cipher/arcfour.c @@ -31,8 +31,33 @@ #include "g10lib.h" #include "cipher.h" +/* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ +#undef USE_AMD64_ASM +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +# define USE_AMD64_ASM 1 +#endif + static const char *selftest(void); +#ifdef USE_AMD64_ASM + +typedef struct { + u32 sbox[256]; + u32 idx_i, idx_j; +} ARCFOUR_context; + +void _gcry_arcfour_amd64(void *key, size_t len, const byte *indata, + byte *outdata); + +static void +encrypt_stream (void *context, + byte *outbuf, const byte *inbuf, size_t length) +{ + _gcry_arcfour_amd64 (context, length, inbuf, outbuf ); +} + +#else /*!USE_AMD64_ASM*/ + typedef struct { byte sbox[256]; int idx_i, idx_j; @@ -96,6 +121,8 @@ encrypt_stream (void *context, _gcry_burn_stack (64); } +#endif /*!USE_AMD64_ASM*/ + static gcry_err_code_t do_arcfour_setkey (void *context, const byte *key, unsigned int keylen) diff --git a/configure.ac b/configure.ac index 8b43d9a..1715161 100644 --- a/configure.ac +++ b/configure.ac @@ -1505,6 +1505,13 @@ LIST_MEMBER(arcfour, $enabled_ciphers) if test "$found" = "1"; then GCRYPT_CIPHERS="$GCRYPT_CIPHERS arcfour.lo" AC_DEFINE(USE_ARCFOUR, 1, [Defined if this module should be included]) + + case "${host}" in + x86_64-*-*) + # Build with the assembly implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS arcfour-amd64.lo" + ;; + esac fi LIST_MEMBER(blowfish, $enabled_ciphers) commit a05be441d8cd89b90d8d58e3a343a436dae377d0 Author: Jussi Kivilinna Date: Mon Dec 30 15:10:13 2013 +0200 Parse /proc/cpuinfo for ARM HW features * src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO) (detect_arm_proc_cpuinfo): New. (_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for HW features. -- Some Linux platforms (read: Android) block read access to '/proc/self/auxv', which prevents NEON HW detection. Patch adds alternative check which parses '/proc/cpuinfo' which should be accessable by Android applications. Signed-off-by: Jussi Kivilinna diff --git a/src/hwf-arm.c b/src/hwf-arm.c index 8071894..dbbb607 100644 --- a/src/hwf-arm.c +++ b/src/hwf-arm.c @@ -32,6 +32,7 @@ #endif #undef HAS_SYS_AT_HWCAP +#undef HAS_PROC_CPUINFO #ifdef __linux__ #define HAS_SYS_AT_HWCAP 1 @@ -94,6 +95,54 @@ detect_arm_at_hwcap(void) return features; } +#define HAS_PROC_CPUINFO 1 + +static unsigned int +detect_arm_proc_cpuinfo(void) +{ + char buf[1024]; /* large enough */ + char *str_features, *str_neon; + FILE *f; + int readlen, i; + static int cpuinfo_initialized = 0; + static unsigned int stored_cpuinfo_features; + + if (cpuinfo_initialized) + return stored_cpuinfo_features; + + f = fopen("/proc/cpuinfo", "r"); + if (!f) + return 0; + + memset (buf, 0, sizeof(buf)); + readlen = fread (buf, 1, sizeof(buf), f); + fclose (f); + if (readlen <= 0 || readlen > sizeof(buf)) + return 0; + + buf[sizeof(buf) - 1] = '\0'; + + cpuinfo_initialized = 1; + stored_cpuinfo_features = 0; + + /* Find features line. */ + str_features = strstr(buf, "Features"); + if (!str_features) + return stored_cpuinfo_features; + + /* Lines to strings. */ + for (i = 0; i < sizeof(buf); i++) + if (buf[i] == '\n') + buf[i] = '\0'; + + /* Check for NEON. */ + str_neon = strstr(str_features, " neon"); + if (str_neon && (str_neon[5] == ' ' || str_neon[5] == '\0')) + stored_cpuinfo_features |= HWF_ARM_NEON; + + return stored_cpuinfo_features; +} + #endif /* __linux__ */ unsigned int @@ -103,8 +152,10 @@ _gcry_hwf_detect_arm (void) #if defined (HAS_SYS_AT_HWCAP) ret |= detect_arm_at_hwcap (); -#else - ret |= 0; +#endif + +#if defined (HAS_PROC_CPUINFO) + ret |= detect_arm_proc_cpuinfo (); #endif #if defined(__ARM_NEON__) && defined(ENABLE_NEON_SUPPORT) ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 2 +- cipher/arcfour-amd64.S | 97 ++++++++++++++++++++++++++++++++++++++++++++++++ cipher/arcfour.c | 27 ++++++++++++++ configure.ac | 7 ++++ src/hwf-arm.c | 55 ++++++++++++++++++++++++++- 5 files changed, 185 insertions(+), 3 deletions(-) create mode 100644 cipher/arcfour-amd64.S hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 30 15:36:08 2013 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Mon, 30 Dec 2013 15:36:08 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-13-g7fef7f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 7fef7f481c0a1542be34d1dc831f58d41846ac29 (commit) from 7547898109c72a97e3102b2a045ee4fdb2aa40bf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7fef7f481c0a1542be34d1dc831f58d41846ac29 Author: Jussi Kivilinna Date: Mon Dec 30 16:34:29 2013 +0200 Add blowfish/serpent ARM assembly files to Makefile.am * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'. -- Fix for bug https://bugs.g10code.com/gnupg/issue1584 Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 15400e5..462e6db 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -57,7 +57,7 @@ rmd.h EXTRA_libcipher_la_SOURCES = \ arcfour.c arcfour-amd64.S \ -blowfish.c blowfish-amd64.S \ +blowfish.c blowfish-amd64.S blowfish-arm.S \ cast5.c cast5-amd64.S cast5-arm.S \ crc.c \ des.c \ @@ -76,7 +76,7 @@ rsa.c \ salsa20.c salsa20-amd64.S salsa20-armv7-neon.S \ scrypt.c \ seed.c \ -serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \ +serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S serpent-armv7-neon.S \ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ sha1-armv7-neon.S \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 30 20:35:25 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Mon, 30 Dec 2013 20:35:25 +0100 Subject: [git] gnupg-doc - branch, master, updated. c293aac788008289557065430b3d1ecb798c36f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c293aac788008289557065430b3d1ecb798c36f9 (commit) from 64572a6ec9e1d2669c4b9136c16de72f6e4b357c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c293aac788008289557065430b3d1ecb798c36f9 Author: Sam Tuke Date: Mon Dec 30 20:36:01 2013 +0100 Added new blog entry "how good is goteo" with imgs and css diff --git a/misc/blog.gnupg.org/20131230-how-good-is-goteo.html b/misc/blog.gnupg.org/20131230-how-good-is-goteo.html new file mode 100644 index 0000000..5c08016 --- /dev/null +++ b/misc/blog.gnupg.org/20131230-how-good-is-goteo.html @@ -0,0 +1,239 @@ + + + + + + How good is Goteo - Blog - GnuPG + + + + ++ + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo]  
+ · English ·   + Filipino + ·   +    
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+ 		+ + + + + + + + + + + + + + + +
+ + + +
+

How good is Goteo? An appraisal

+
Posted 30th December 2013 by Sam Tuke
+ +
+ +

A wall of donor faces on Goteo

+
+ +

"One question: why did you choose the quite unknown Spanish crowdfunding site Goteo?" So shot back the reply to the press release I had just sent to a few dozen selected journalists announcing the launch of the GnuPG crowdfunding campaign. "You won't get any exposure on there, we got a few hundred thousand hits just from being on indiegogo" I was told by one experienced crowdfunder at my favourite Berlin hackerspace last month. "What's Goteo?" has been one of the most frequently asked questions of this campaign from friends and supporters.

+ +

I ummed and ahhed over which crowfunding platform to choose. It's a decision that has a huge impact on the campaign - market exposure, transaction costs, and design and layout are just a few of the many factors that have to be taken into account. This is a crowded market - new crowdfunding sites are popping up each week as more companies try to cash in on what has is recognised a key tech trend of 2013. An estimated $5bn was raised by crowdfunders this year. That equates to around $35m in commission fees for the platforms hosting these campaigns, who typically charge between 5-10%. It's no surprise that everyone wants a slice.

+ +
+ +

"Non-economic donations"

+
+ +

Goteo however, is unique. Right now it's the only crowdfunding software that is itself Free Software, allowing everyone to inspect how it works and run their own copy. Even though I don't plan to run my own Kickstarter competitor any time soon, the fact we can check its code, make improvements, and follow the development process is really important. I want Goteo to prosper profitably because, aside from all its other good points, I know some of that profit will be invested in the platform itself, which shall remain free and accessible to everyone under the terms of the AGPL3 license.

+ +

Goteo is also the only such site to my knowledge that's built with public money. Funded by Spain's Department for Education, Culture and Sport, Barcelona's City Council, and The University of Andalucia, Goteo exists to host projects which "contribute to the common good, free knowledge, and open code". Everything about the platform and the projects it hosts point to common goods, shared resources, and collaborative effort.

+ +

Besides that, these are other great features make it stand out:

+ +
    +
  • Signup and donation workflow is smooth and simple
    • +
  • Great focus on social media and sharing links (we had hundreds of tweets from these)
    • +
  • Users can login with many social networks, including OpenID and LinkedIn
    • +
  • Clean and professional design with easy access to key information
    • +
  • Built in license chooser for all "goods" projects produce (categories for software, artwork, etc.)
    • +
  • Mandatory delivery timeframe / deadline setter with public calendar
    • +
  • Nice "image wall widget" of donors faces has potential, provides public recognition of donations
    • +
  • Web forms for project creation are comprehensive, well designed, and highly usable
    • +
  • Crowdsourcing of extra skills ("non-economic donations") works really well
    • +
  • Donations are guaranteed by PayPal and Goteo, not pledged or retractable
    • +
  • Goteo staff are friendly and knowledgable, providing personal guidance and assistance
    • +
  • Many funding successes, including a few related to hardware, software, and Hackerspaces
    • +
+ +Many of those benefits are obvious before launching a campaign. However, on the list of problems I experienced with the platform, most weren't discovered until the point of execution (orange = fix in progress): + +
    +
  • User-set passwords are automatically emailed in plain text after registration (insecure)
    • +
  • Rewards can't be customised, e.g. select t-shirt size
    • +
  • Once a campaign is launched, no aspect can be edited directly (though news can be added)
    • +
  • The order of images for the campaign page is random - the first image visitors see can't be specified
    • +
  • The launch date of the campaign is chosen by Goteo administrators, it can't be specified
    • +
  • No markup is available for text formatting
    • +
  • Pictures are limited and can't be placed between text to break up the page
    • +
  • There's a bug that causes double posting of news items
    • +
  • Shipping for rewards is not configurable - international shipping can't be billed
    • +
  • The website is not mobile friendly (minimum page width is 940px)
    • +
  • HTTPS is not available to donors for transferring personal details
    • +
+ +Besides that, I spotted a few opportunities for improvement: + +
    +
  • Send emails to people who didn't complete their donation ("abandoned carts" - indiegogo does this)
    • +
  • Allow managers to specify the content of social media messages
    • +
+ +
+ +

Goteo's license on GitHub

+
+ +

Some of the problems listed are a real pain. Because I couldn't choose the launch date, and hadn't planned for an in-depth human review by Goteo, our project went public days later than I expected, at a time when I was travelling and without connectivity. Goteo's campaigns team is helpful and responsive however, and even in the last few weeks several translation problems have been fixed which I had previously reported. I'm confident that the other most serious issues will be addressed in a timely manner.

+ +

In all, we took a gamble by using Goteo, but one that paid off. It's focus on communal work and rewards is unique amongst its competitors, and when it comes to copyleft licensing they stand alone in practicing what they preach. Nearly all the convenient features that you'd expect from more established platforms are included, together with a pleasant functional interface. Donations are worry-free for both donors and recipients (though I can't comment on the final transfer process until later next month).

+ +

Best of all perhaps, staff at Goteo are knowledgable and supportive and have time to invest in making projects a success. And when launch day comes and you're expecting the unexpected, that's very reassuring.

+ +
+ + + +		 
  
 
+
  +
+ + + + + + + + + + + + +
 Technical resources for this
+ service are sponsered by		 
  + OpenIT +  
+
+ +

+ + Valid XHTML 1.0! +     + + Digital Respect for the Masses +     + + Peace! +     + + Valid CSS! +

+ + + +
+
+ + + + + + + \ No newline at end of file diff --git a/misc/blog.gnupg.org/img/goteo-github-license.png b/misc/blog.gnupg.org/img/goteo-github-license.png new file mode 100644 index 0000000..d704b49 Binary files /dev/null and b/misc/blog.gnupg.org/img/goteo-github-license.png differ diff --git a/misc/blog.gnupg.org/img/goteo-pledge-wall.png b/misc/blog.gnupg.org/img/goteo-pledge-wall.png new file mode 100644 index 0000000..579076a Binary files /dev/null and b/misc/blog.gnupg.org/img/goteo-pledge-wall.png differ diff --git a/misc/blog.gnupg.org/img/non-economic-goteo.png b/misc/blog.gnupg.org/img/non-economic-goteo.png new file mode 100644 index 0000000..6d8768c Binary files /dev/null and b/misc/blog.gnupg.org/img/non-economic-goteo.png differ diff --git a/misc/blog.gnupg.org/index.html b/misc/blog.gnupg.org/index.html index 0ae6d34..35e2dad 100644 --- a/misc/blog.gnupg.org/index.html +++ b/misc/blog.gnupg.org/index.html @@ -71,6 +71,85 @@

Blogs

+
+ +

How good is Goteo? An appraisal

+ +
Posted 30th December 2013 by Sam Tuke
+ +
+ +

A wall of donor faces on Goteo

+
+ +

"One question: why did you choose the quite unknown Spanish crowdfunding site Goteo?" So shot back the reply to the press release I had just sent to a few dozen selected journalists announcing the launch of the GnuPG crowdfunding campaign. "You won't get any exposure on there, we got a few hundred thousand hits just from being on indiegogo" I was told by one experienced crowdfunder at my favourite Berlin hackerspace last month. "What's Goteo?" has been one of the most frequently asked questions of this campaign from friends and supporters.

+ +

I ummed and ahhed over which crowfunding platform to choose. It's a decision that has a huge impact on the campaign - market exposure, transaction costs, and design and layout are just a few of the many factors that have to be taken into account. This is a crowded market - new crowdfunding sites are popping up each week as more companies try to cash in on what has is recognised a key tech trend of 2013. An estimated $5bn was raised by crowdfunders this year. That equates to around $35m in commission fees for the platforms hosting these campaigns, who typically charge between 5-10%. It's no surprise that everyone wants a slice.

+ +
+ +

"Non-economic donations"

+
+ +

Goteo however, is unique. Right now it's the only crowdfunding software that is itself Free Software, allowing everyone to inspect how it works and run their own copy. Even though I don't plan to run my own Kickstarter competitor any time soon, the fact we can check its code, make improvements, and follow the development process is really important. I want Goteo to prosper profitably because, aside from all its other good points, I know some of that profit will be invested in the platform itself, which shall remain free and accessible to everyone under the terms of the AGPL3 license.

+ +

Goteo is also the only such site to my knowledge that's built with public money. Funded by Spain's Department for Education, Culture and Sport, Barcelona's City Council, and The University of Andalucia, Goteo exists to host projects which "contribute to the common good, free knowledge, and open code". Everything about the platform and the projects it hosts point to common goods, shared resources, and collaborative effort.

+ +

Besides that, these are other great features make it stand out:

+ +
    +
  • Signup and donation workflow is smooth and simple
    • +
  • Great focus on social media and sharing links (we had hundreds of tweets from these)
    • +
  • Users can login with many social networks, including OpenID and LinkedIn
    • +
  • Clean and professional design with easy access to key information
    • +
  • Built in license chooser for all "goods" projects produce (categories for software, artwork, etc.)
    • +
  • Mandatory delivery timeframe / deadline setter with public calendar
    • +
  • Nice "image wall widget" of donors faces has potential, provides public recognition of donations
    • +
  • Web forms for project creation are comprehensive, well designed, and highly usable
    • +
  • Crowdsourcing of extra skills ("non-economic donations") works really well
    • +
  • Donations are guaranteed by PayPal and Goteo, not pledged or retractable
    • +
  • Goteo staff are friendly and knowledgable, providing personal guidance and assistance
    • +
  • Many funding successes, including a few related to hardware, software, and Hackerspaces
    • +
+ +Many of those benefits are obvious before launching a campaign. However, on the list of problems I experienced with the platform, most weren't discovered until the point of execution (orange = fix in progress): + +
    +
  • User-set passwords are automatically emailed in plain text after registration (insecure)
    • +
  • Rewards can't be customised, e.g. select t-shirt size
    • +
  • Once a campaign is launched, no aspect can be edited directly (though news can be added)
    • +
  • The order of images for the campaign page is random - the first image visitors see can't be specified
    • +
  • The launch date of the campaign is chosen by Goteo administrators, it can't be specified
    • +
  • No markup is available for text formatting
    • +
  • Pictures are limited and can't be placed between text to break up the page
    • +
  • There's a bug that causes double posting of news items
    • +
  • Shipping for rewards is not configurable - international shipping can't be billed
    • +
  • The website is not mobile friendly (minimum page width is 940px)
    • +
  • HTTPS is not available to donors for transferring personal details
    • +
+ +Besides that, I spotted a few opportunities for improvement: + +
    +
  • Send emails to people who didn't complete their donation ("abandoned carts" - indiegogo does this)
    • +
  • Allow managers to specify the content of social media messages
    • +
+ +
+ +

Goteo's license on GitHub

+
+ +

Some of the problems listed are a real pain. Because I couldn't choose the launch date, and hadn't planned for an in-depth human review by Goteo, our project went public days later than I expected, at a time when I was travelling and without connectivity. Goteo's campaigns team is helpful and responsive however, and even in the last few weeks several translation problems have been fixed which I had previously reported. I'm confident that the other most serious issues will be addressed in a timely manner.

+ +

In all, we took a gamble by using Goteo, but one that paid off. It's focus on communal work and rewards is unique amongst its competitors, and when it comes to copyleft licensing they stand alone in practicing what they preach. Nearly all the convenient features that you'd expect from more established platforms are included, together with a pleasant functional interface. Donations are worry-free for both donors and recipients (though I can't comment on the final transfer process until later next month).

+ +

Best of all perhaps, staff at Goteo are knowledgable and supportive and have time to invest in making projects a success. And when launch day comes and you're expecting the unexpected, that's very reassuring.

+ +

+ +
70730 bytes misc/blog.gnupg.org/img/goteo-pledge-wall.png | Bin 0 -> 85535 bytes misc/blog.gnupg.org/img/non-economic-goteo.png | Bin 0 -> 27242 bytes misc/blog.gnupg.org/index.html | 79 +++++++ misc/blog.gnupg.org/site.css | 13 +- 6 files changed, 328 insertions(+), 3 deletions(-) create mode 100644 misc/blog.gnupg.org/20131230-how-good-is-goteo.html create mode 100644 misc/blog.gnupg.org/img/goteo-github-license.png create mode 100644 misc/blog.gnupg.org/img/goteo-pledge-wall.png create mode 100644 misc/blog.gnupg.org/img/non-economic-goteo.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Dec 30 20:39:51 2013 From: cvs at cvs.gnupg.org (by Sam Tuke) Date: Mon, 30 Dec 2013 20:39:51 +0100 Subject: [git] gnupg-doc - branch, master, updated. 1ea495ecb24eed0e90ceaac94fd0d3bf990a5fc6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1ea495ecb24eed0e90ceaac94fd0d3bf990a5fc6 (commit) from c293aac788008289557065430b3d1ecb798c36f9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ea495ecb24eed0e90ceaac94fd0d3bf990a5fc6 Author: Sam Tuke Date: Mon Dec 30 20:40:36 2013 +0100 Added link to goteo blog post diff --git a/web/index.org b/web/index.org index 7f4645e..86e700b 100644 --- a/web/index.org +++ b/web/index.org @@ -44,6 +44,10 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttp://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** How good is Goteo? An appraisal (2013-12-30) + +"One question: why did you choose the quite unknown Spanish crowdfunding site Goteo?" So shot back the reply to the press release I had just sent to a few dozen selected journalists announcing the launch of the GnuPG crowdfunding campaign. This is my experience of the Goteo crowfunding platform and conclusions. +liberties. [[http://blog.gnupg.org/20131230-how-good-is-goteo.html][{more}]] ** 16 Years of protecting privacy (2013-12-20) ----------------------------------------------------------------------- Summary of changes: web/index.org | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org