[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.15-13-g9df639b
by Werner Koch
cvs at cvs.gnupg.org
Wed Dec 18 15:07:28 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 9df639b684f8420452d7b39e1dd1c3b974623921 (commit)
via 7cdb86e0ad7a3f452c2f7358e3e830785281addc (commit)
via fa3f555d756be0229ab10516b901e50230b22033 (commit)
via 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9 (commit)
via 9b516323d7dc3e6103745becb63f5cc9fd8cc606 (commit)
via d0d72d98f34579213230b3febfebd2fd8dff272b (commit)
via 93a96e3c0c33370248f6570d8285c4e811d305d4 (commit)
from b135372176b29ca985afa18398a455fd4e2a2063 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9df639b684f8420452d7b39e1dd1c3b974623921
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 13 10:03:19 2013 +0100
Post release version number bump.
--
diff --git a/NEWS b/NEWS
index 26d6f90..1dfb23f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Noteworthy changes in version 1.4.17 (unreleased)
+-------------------------------------------------
+
Noteworthy changes in version 1.4.16 (2013-12-18)
-------------------------------------------------
diff --git a/configure.ac b/configure.ac
index af78185..377bf06 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.9.3"
# (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [1.4.16])
+m4_define([mym4_version], [1.4.17])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 7cdb86e0ad7a3f452c2f7358e3e830785281addc
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 13 09:07:11 2013 +0100
Release 1.4.16
diff --git a/NEWS b/NEWS
index 55c4f37..26d6f90 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Noteworthy changes in version 1.4.16 (unreleased)
+Noteworthy changes in version 1.4.16 (2013-12-18)
-------------------------------------------------
* Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
diff --git a/README b/README
index 1de2bbf..f025c51 100644
--- a/README
+++ b/README
@@ -783,8 +783,8 @@
How to Get More Information
---------------------------
- The primary WWW page is "http://www.gnupg.org"
- The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
+ The primary WWW page is http://www.gnupg.org
+ The primary FTP site is ftp://ftp.gnupg.org/gcrypt/
See http://www.gnupg.org/download/mirrors.html for a list of
mirrors and use them if possible. You may also find GnuPG
@@ -830,7 +830,7 @@
The driving force behind the development of GnuPG is the company
of its principal author, Werner Koch. Maintenance and improvement
- of GnuPG and related software take up a most of their resources.
+ of GnuPG and related software take up most of their resources.
To continue the work they ask to either donate money, purchase a
support contract, or engage them for custom enhancements. See
http://g10code.com/gnupg-donation.html
commit fa3f555d756be0229ab10516b901e50230b22033
Author: Werner Koch <wk at gnupg.org>
Date: Wed Dec 11 10:20:15 2013 +0100
Change --show-session-key to print the session key earlier.
* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
* g10/decrypt-data.c (decrypt_data): here.
--
This feature can be used to return the session key for just a part of
a file. For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key. The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.
This is the same feature as
commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and
commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0.
GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/encr-data.c b/g10/encr-data.c
index a591beb..8d277ce 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -100,6 +100,16 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
write_status_text (STATUS_DECRYPTION_INFO, buf);
}
+ if (opt.show_session_key)
+ {
+ char *buf = xmalloc (dek->keylen*2 + 20);
+ sprintf (buf, "%d:", dek->algo);
+ for (i=0; i < dek->keylen; i++ )
+ sprintf(buf+strlen(buf), "%02X", dek->key[i] );
+ log_info ("session key: `%s'\n", buf);
+ write_status_text (STATUS_SESSION_KEY, buf);
+ }
+
if( (rc=check_cipher_algo(dek->algo)) )
goto leave;
blocksize = cipher_get_blocksize(dek->algo);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index d03a9a7..5b6d8db 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -587,6 +587,7 @@ proc_encrypted( CTX c, PACKET *pkt )
}
else if( !c->dek )
result = G10ERR_NO_SECKEY;
+
if( !result )
result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
@@ -600,16 +601,6 @@ proc_encrypted( CTX c, PACKET *pkt )
write_status( STATUS_GOODMDC );
else if(!opt.no_mdc_warn)
log_info (_("WARNING: message was not integrity protected\n"));
- if(opt.show_session_key)
- {
- int i;
- char *buf = xmalloc ( c->dek->keylen*2 + 20 );
- sprintf ( buf, "%d:", c->dek->algo );
- for(i=0; i < c->dek->keylen; i++ )
- sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
- log_info( "session key: `%s'\n", buf );
- write_status_text ( STATUS_SESSION_KEY, buf );
- }
}
else if( result == G10ERR_BAD_SIGN ) {
log_error(_("WARNING: encrypted message has been manipulated!\n"));
commit 4466fdba7bb4cac0b5c4a21b98903bb7f27fd9d9
Author: Werner Koch <wk at gnupg.org>
Date: Tue Dec 10 20:33:48 2013 +0100
Update config.{guess,sub} and some copyright notices.
* scripts/config.guess, scripts/config.sub: Update to version
2013-11-29.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/AUTHORS b/AUTHORS
index ff0e69f..29f775f 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -6,8 +6,8 @@ Security related bug reports: <security at gnupg.org>
License: GPLv3+
-Authors
-=======
+Authors with a FSF copyright assignment
+=======================================
Ales Nyakhaychyk <nyakhaychyk at i1fn.linux.by> Translations [be]
@@ -111,19 +111,26 @@ Jaime Sua'rez <jjsuarez at iname.com> Translations [es]
Walter Koch <koch at u32.de> Translations [de]
Werner Koch <wk at gnupg.org> Assigns GNU Privacy Guard and future changes.
- (started the whole thing)
+ (started the whole thing) Assignment contract terminated on 2013-03-29.
Yosiaki IIDA <iida at ring.gr.jp> Translations [ja]
Yuri Chornoivan, yurchor at ukr dot net: Translations [uk]
+Authors with a DCO
+==================
+
+The list of authors who signed the Developer's Certificate of Origin
+is kept in the GIT master branch's copy of this file.
+
Other authors
=============
-The need for copyright disclaimers for translations has been waived in
-December 2012.
+The need for copyright assignments to the FSF has been waived on
+2013-03-29; The need for copyright disclaimers for translations has
+been waived in December 2012.
This program uses the zlib compression library written by
Jean-loup Gailly and Mark Adler.
@@ -156,6 +163,7 @@ details.
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
+ Copyright 2013 Werner Koch
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/NEWS b/NEWS
index 6122540..55c4f37 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,18 @@
Noteworthy changes in version 1.4.16 (unreleased)
-------------------------------------------------
+ * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
+ Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
+ See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576]
+
+ * Put only the major version number by default into armored output.
+
* Do not create a trustdb file if --trust-model=always is used.
- * Only the major version number is by default included in the armored
- output.
+ * Print the keyid for key packets with --list-packets.
+
+ * Changed modular exponentiation algorithm to recover from a small
+ performance loss due to a change in 1.4.14.
Noteworthy changes in version 1.4.15 (2013-10-04)
@@ -2089,6 +2097,7 @@ Noteworthy changes in version 0.2.3
Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008, 2009, 2010, 2011,
2012 Free Software Foundation, Inc.
+Copyright (C) 2013 Werner Koch
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/README b/README
index df8902d..1de2bbf 100644
--- a/README
+++ b/README
@@ -1,11 +1,12 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.14
+ Version 1.4.16
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
2010, 2012, 2013 Free Software Foundation, Inc.
+ Copyright 1997, 1998, 2013 Werner Koch
This file is free software; as a special exception the author
gives unlimited permission to copy and/or distribute it, with or
diff --git a/configure.ac b/configure.ac
index 1b6f7e5..af78185 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,7 @@
# configure.ac script for GnuPG
# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
# 2008, 2009, 2010, 2012, 2013 Free Software Foundation, Inc.
+# Copyright (C) 1998, 2013 Werner Koch
#
# This file is part of GnuPG.
#
diff --git a/g10/gpg.c b/g10/gpg.c
index c58ee41..dbf2f40 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1,6 +1,7 @@
/* gpg.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2007, 2008, 2009, 2010, 2012 Free Software Foundation, Inc.
+ * Copyright (C) 1997, 1998, 2013 Werner Koch
*
* This file is part of GnuPG.
*
diff --git a/scripts/config.guess b/scripts/config.guess
index ad5f74a..9afd676 100755
--- a/scripts/config.guess
+++ b/scripts/config.guess
@@ -1,14 +1,12 @@
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
-# 2011, 2012 Free Software Foundation, Inc.
+# Copyright 1992-2013 Free Software Foundation, Inc.
-timestamp='2012-07-31'
+timestamp='2013-11-29'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@@ -22,19 +20,17 @@ timestamp='2012-07-31'
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-
-# Originally written by Per Bothner. Please send patches (context
-# diff format) to <config-patches at gnu.org> and include a ChangeLog
-# entry.
+# the same distribution terms that you use for the rest of that
+# program. This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
#
-# This script attempts to guess a canonical system name similar to
-# config.sub. If it succeeds, it prints the system name on stdout, and
-# exits with 0. Otherwise, it exits with 1.
+# Originally written by Per Bothner.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+#
+# Please send patches with a ChangeLog entry to config-patches at gnu.org.
+
me=`echo "$0" | sed -e 's,.*/,,'`
@@ -54,9 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
-Free Software Foundation, Inc.
+Copyright 1992-2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+case "${UNAME_SYSTEM}" in
+Linux|GNU|GNU/*)
+ # If the system lacks a compiler, then just pick glibc.
+ # We could probably try harder.
+ LIBC=gnu
+
+ eval $set_cc_for_build
+ cat <<-EOF > $dummy.c
+ #include <features.h>
+ #if defined(__UCLIBC__)
+ LIBC=uclibc
+ #elif defined(__dietlibc__)
+ LIBC=dietlibc
+ #else
+ LIBC=gnu
+ #endif
+ EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ ;;
+esac
+
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
@@ -306,7 +321,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit ;;
- arm:riscos:*:*|arm:RISCOS:*:*)
+ arm*:riscos:*:*|arm*:RISCOS:*:*)
echo arm-unknown-riscos
exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
@@ -859,21 +874,21 @@ EOF
exit ;;
*:GNU:*:*)
# the GNU system
- echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
- echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
aarch64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
@@ -886,59 +901,54 @@ EOF
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
+ arc:Linux:*:* | arceb:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arm*:Linux:*:*)
eval $set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_EABI__
then
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
else
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
- echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
else
- echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
fi
fi
exit ;;
avr32*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
cris:Linux:*:*)
- echo ${UNAME_MACHINE}-axis-linux-gnu
+ echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
crisv32:Linux:*:*)
- echo ${UNAME_MACHINE}-axis-linux-gnu
+ echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
frv:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
hexagon:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:Linux:*:*)
- LIBC=gnu
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #ifdef __dietlibc__
- LIBC=dietlibc
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
- echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
ia64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m32r*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m68*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
@@ -957,54 +967,63 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
- test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
+ or1k:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
or32:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
padre:Linux:*:*)
- echo sparc-unknown-linux-gnu
+ echo sparc-unknown-linux-${LIBC}
exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-gnu
+ echo hppa64-unknown-linux-${LIBC}
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
- PA7*) echo hppa1.1-unknown-linux-gnu ;;
- PA8*) echo hppa2.0-unknown-linux-gnu ;;
- *) echo hppa-unknown-linux-gnu ;;
+ PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+ PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+ *) echo hppa-unknown-linux-${LIBC} ;;
esac
exit ;;
ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-gnu
+ echo powerpc64-unknown-linux-${LIBC}
exit ;;
ppc:Linux:*:*)
- echo powerpc-unknown-linux-gnu
+ echo powerpc-unknown-linux-${LIBC}
+ exit ;;
+ ppc64le:Linux:*:*)
+ echo powerpc64le-unknown-linux-${LIBC}
+ exit ;;
+ ppcle:Linux:*:*)
+ echo powerpcle-unknown-linux-${LIBC}
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
- echo ${UNAME_MACHINE}-ibm-linux
+ echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sh*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
tile*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
vax:Linux:*:*)
- echo ${UNAME_MACHINE}-dec-linux-gnu
+ echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
@@ -1208,6 +1227,9 @@ EOF
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
echo i586-pc-haiku
exit ;;
+ x86_64:Haiku:*:*)
+ echo x86_64-unknown-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
@@ -1234,19 +1256,31 @@ EOF
exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
- case $UNAME_PROCESSOR in
- i386)
- eval $set_cc_for_build
- if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
- if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_64BIT_ARCH >/dev/null
- then
- UNAME_PROCESSOR="x86_64"
- fi
- fi ;;
- unknown) UNAME_PROCESSOR=powerpc ;;
- esac
+ eval $set_cc_for_build
+ if test "$UNAME_PROCESSOR" = unknown ; then
+ UNAME_PROCESSOR=powerpc
+ fi
+ if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ case $UNAME_PROCESSOR in
+ i386) UNAME_PROCESSOR=x86_64 ;;
+ powerpc) UNAME_PROCESSOR=powerpc64 ;;
+ esac
+ fi
+ fi
+ elif test "$UNAME_PROCESSOR" = i386 ; then
+ # Avoid executing cc on OS X 10.9, as it ships with a stub
+ # that puts up a graphical alert prompting to install
+ # developer tools. Any system running Mac OS X 10.7 or
+ # later (Darwin 11 and later) is required to have a 64-bit
+ # processor. This is not true of the ARM version of Darwin
+ # that Apple uses in portable devices.
+ UNAME_PROCESSOR=x86_64
+ fi
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
diff --git a/scripts/config.sub b/scripts/config.sub
index b15df57..61cb4bc 100755
--- a/scripts/config.sub
+++ b/scripts/config.sub
@@ -1,24 +1,18 @@
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
-# 2011, 2012 Free Software Foundation, Inc.
+# Copyright 1992-2013 Free Software Foundation, Inc.
-timestamp='2012-07-31'
+timestamp='2013-10-01'
-# This file is (in principle) common to ALL GNU software.
-# The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine. It does not imply ALL GNU software can.
-#
-# This file is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
@@ -26,11 +20,12 @@ timestamp='2012-07-31'
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
+# the same distribution terms that you use for the rest of that
+# program. This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
-# Please send patches to <config-patches at gnu.org>. Submit a context
-# diff and a properly formatted GNU ChangeLog entry.
+# Please send patches with a ChangeLog entry to config-patches at gnu.org.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
@@ -73,9 +68,7 @@ Report bugs and patches to <config-patches at gnu.org>."
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
-Free Software Foundation, Inc.
+Copyright 1992-2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -123,7 +116,7 @@ esac
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
@@ -156,7 +149,7 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray | -microblaze)
+ -apple | -axis | -knuth | -cray | -microblaze*)
os=
basic_machine=$1
;;
@@ -259,10 +252,12 @@ case $basic_machine in
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
- | be32 | be64 \
+ | arc | arceb \
+ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
+ | avr | avr32 \
+ | be32 | be64 \
| bfin \
- | c4x | clipper \
+ | c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
| epiphany \
| fido | fr30 | frv \
@@ -270,10 +265,11 @@ case $basic_machine in
| hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
+ | k1om \
| le32 | le64 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | mcore | mep | metag \
+ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@@ -291,16 +287,17 @@ case $basic_machine in
| mipsisa64r2 | mipsisa64r2el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
+ | mipsr5900 | mipsr5900el \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| moxie \
| mt \
| msp430 \
| nds32 | nds32le | nds32be \
- | nios | nios2 \
+ | nios | nios2 | nios2eb | nios2el \
| ns16k | ns32k \
| open8 \
- | or32 \
+ | or1k | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
@@ -328,7 +325,7 @@ case $basic_machine in
c6x)
basic_machine=tic6x-unknown
;;
- m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
@@ -370,13 +367,13 @@ case $basic_machine in
| aarch64-* | aarch64_be-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
- | clipper-* | craynv-* | cydra-* \
+ | c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
@@ -385,11 +382,13 @@ case $basic_machine in
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
+ | k1om-* \
| le32-* | le64-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
+ | microblaze-* | microblazeel-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@@ -407,12 +406,13 @@ case $basic_machine in
| mipsisa64r2-* | mipsisa64r2el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipsr5900-* | mipsr5900el-* \
| mipstx39-* | mipstx39el-* \
| mmix-* \
| mt-* \
| msp430-* \
| nds32-* | nds32le-* | nds32be-* \
- | nios-* | nios2-* \
+ | nios-* | nios2-* | nios2eb-* | nios2el-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| open8-* \
| orion-* \
@@ -788,7 +788,7 @@ case $basic_machine in
basic_machine=ns32k-utek
os=-sysv
;;
- microblaze)
+ microblaze*)
basic_machine=microblaze-xilinx
;;
mingw64)
@@ -796,7 +796,7 @@ case $basic_machine in
os=-mingw64
;;
mingw32)
- basic_machine=i386-pc
+ basic_machine=i686-pc
os=-mingw32
;;
mingw32ce)
@@ -832,7 +832,7 @@ case $basic_machine in
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
;;
msys)
- basic_machine=i386-pc
+ basic_machine=i686-pc
os=-msys
;;
mvs)
@@ -1023,7 +1023,11 @@ case $basic_machine in
basic_machine=i586-unknown
os=-pw32
;;
- rdos)
+ rdos | rdos64)
+ basic_machine=x86_64-pc
+ os=-rdos
+ ;;
+ rdos32)
basic_machine=i386-pc
os=-rdos
;;
@@ -1350,7 +1354,7 @@ case $os in
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
- | -sym* | -kopensolaris* \
+ | -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
@@ -1364,7 +1368,7 @@ case $os in
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
- | -linux-newlib* | -linux-uclibc* \
+ | -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
@@ -1496,9 +1500,6 @@ case $os in
-aros*)
os=-aros
;;
- -kaos*)
- os=-kaos
- ;;
-zvmoe)
os=-zvmoe
;;
@@ -1547,6 +1548,9 @@ case $basic_machine in
c4x-* | tic4x-*)
os=-coff
;;
+ c8051-*)
+ os=-elf
+ ;;
hexagon-*)
os=-elf
;;
@@ -1590,6 +1594,9 @@ case $basic_machine in
mips*-*)
os=-elf
;;
+ or1k-*)
+ os=-elf
+ ;;
or32-*)
os=-coff
;;
commit 9b516323d7dc3e6103745becb63f5cc9fd8cc606
Author: Werner Koch <wk at gnupg.org>
Date: Tue Oct 22 14:26:53 2013 +0200
Prepare for newer automakes which default to parallel tests.
* checks/Makefile.am: Add a list of test dependencies.
--
We want to keep the tests in a specific order because that helps to
compare tests and some tests rely on others anyway.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/checks/Makefile.am b/checks/Makefile.am
index 0cfbe1c..1791091 100644
--- a/checks/Makefile.am
+++ b/checks/Makefile.am
@@ -30,6 +30,35 @@ TESTS = version.test mds.test \
conventional.test conventional-mdc.test \
multisig.test verify.test armor.test
+# Force sequential run of tests as in the good old times
+mds.log: version.log
+decrypt.log: mds.log
+decrypt-dsa.log: decrypt.log
+sigs.log: decrypt-dsa.log
+sigs-dsa.log: sigs.log
+encrypt.log: sigs-dsa.log
+encrypt-dsa.log: encrypt.log
+seat.log: encrypt-dsa.log
+clearsig.log: seat.log
+encryptp.log: clearsig.log
+detach.log: encryptp.log
+armsigs.log: detach.log
+armencrypt.log: armsigs.log
+armencryptp.log: armencrypt.log
+signencrypt.log: armencryptp.log
+signencrypt-dsa.log: signencrypt.log
+armsignencrypt.log: signencrypt-dsa.log
+armdetach.log: armsignencrypt.log
+armdetachm.log: armdetach.log
+detachm.log: armdetachm.log
+genkey1024.log: detachm.log
+conventional.log: genkey1024.log
+conventional-mdc.log: conventional.log
+multisig.log: conventional-mdc.log
+verify.log: multisig.log
+armor.log: verify.log
+
+
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
commit d0d72d98f34579213230b3febfebd2fd8dff272b
Author: Werner Koch <wk at gnupg.org>
Date: Wed Nov 27 14:22:10 2013 +0100
Normalize the MPIs used as input to secret key functions.
* cipher/rsa.c (secret): Normalize the INPUT.
(rsa_decrypt): Pass reduced data to secret.
* cipher/elgamal.c (decrypt): Normalize A and B.
* cipher/dsa.c (sign): Normalize HASH.
--
mpi_normalize is in general not required because extra leading zeroes
do not harm the computation. However, adding extra all zero limbs or
padding with multiples of N may be useful in side-channel attacks. In
particular they are used by the acoustic crypt-analysis. This is an
extra pre-caution which alone would not be sufficient to mitigate the
described attack.
CVE-id: CVE-2013-4576
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 69b7d1b..e23f05c 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -274,7 +274,7 @@ check_secret_key( DSA_secret_key *sk )
/****************
* Make a DSA signature from HASH and put it into r and s.
*
- * Without generating the k this function runs in
+ * Without generating the k this function runs in
* about 26ms on a 300 Mhz Mobile Pentium
*/
@@ -285,6 +285,8 @@ sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey )
MPI kinv;
MPI tmp;
+ mpi_normalize (hash);
+
/* select a random k with 0 < k < q */
k = gen_k( skey->q );
@@ -311,7 +313,7 @@ sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey )
/****************
* Returns true if the signature composed from R and S is valid.
*
- * Without the checks this function runs in
+ * Without the checks this function runs in
* about 31ms on a 300 Mhz Mobile Pentium
*/
static int
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index c3f0862..5143ecc 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -374,6 +374,9 @@ decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey )
{
MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+ mpi_normalize (a);
+ mpi_normalize (b);
+
/* output = b/(a^x) mod p */
mpi_powm( t1, a, skey->x, skey->p );
mpi_invm( t1, t1, skey->p );
diff --git a/cipher/rsa.c b/cipher/rsa.c
index c52704c..c4d5161 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -308,9 +308,14 @@ secret(MPI output, MPI input, RSA_secret_key *skey )
MPI m2 = mpi_alloc_secure (nlimbs);
MPI h = mpi_alloc_secure (nlimbs);
# ifdef USE_BLINDING
- MPI r = mpi_alloc_secure (nlimbs);
MPI bdata= mpi_alloc_secure (nlimbs);
+ MPI r = mpi_alloc_secure (nlimbs);
+# endif /* USE_BLINDING */
+
+ /* Remove superfluous leading zeroes from INPUT. */
+ mpi_normalize (input);
+# ifdef USE_BLINDING
/* Blind: bdata = (data * r^e) mod n */
randomize_mpi (r, mpi_get_nbits (skey->n), 0);
mpi_fdiv_r (r, r, skey->n);
@@ -338,8 +343,8 @@ secret(MPI output, MPI input, RSA_secret_key *skey )
mpi_add ( output, m1, h );
# ifdef USE_BLINDING
- /* Unblind: output = (output * r^(-1)) mod n */
mpi_free (bdata);
+ /* Unblind: output = (output * r^(-1)) mod n */
mpi_invm (r, r, skey->n);
mpi_mulm (output, output, r, skey->n);
mpi_free (r);
@@ -419,6 +424,7 @@ int
rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
{
RSA_secret_key sk;
+ MPI input;
if( algo != 1 && algo != 2 )
return G10ERR_PUBKEY_ALGO;
@@ -429,8 +435,16 @@ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
sk.p = skey[3];
sk.q = skey[4];
sk.u = skey[5];
- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
- secret( *result, data[0], &sk );
+
+ /* Better make sure that there are no superfluous leading zeroes
+ in the input and it has not been padded using multiples of N.
+ This mitigates side-channel attacks (CVE-2013-4576). */
+ input = mpi_alloc (0);
+ mpi_normalize (data[0]);
+ mpi_fdiv_r (input, data[0], sk.n);
+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n));
+ secret (*result, input, &sk);
+ mpi_free (input);
return 0;
}
commit 93a96e3c0c33370248f6570d8285c4e811d305d4
Author: Werner Koch <wk at gnupg.org>
Date: Tue Oct 22 14:26:53 2013 +0200
Use blinding for the RSA secret operation.
* cipher/random.c (randomize_mpi): New.
* g10/gpgv.c (randomize_mpi): New stub.
* cipher/rsa.c (USE_BLINDING): Define macro.
(secret): Implement blinding.
--
GPG 1.x has never used any protection against timing attacks on the
RSA secret operation. The rationale for this has been that there was
no way to mount a remote timing attack on GnuPG. With the turning up
of Acoustic Cryptanalysis (http://cs.tau.ac.il/~tromer/acoustic) this
assumption no longer holds true and thus we need to do do something
about it. Blinding seems to be a suitable mitigation to the threat of
key extraction. It does not help against distinguishing used keys,
though.
Note that GPG 2.x uses Libgcrypt which does blinding by default.
The performance penalty is negligible: Modifying the core pubkey_sign
or pubkey_decrypt function to run 100 times in a loop, the entire
execution times for signing or decrypting a small message using a 4K
RSA key on a Thinkpad X220 are
Without blinding: 5.2s (8.9s)
With blinding: 5.6s (9.3s)
The numbers in parentheses give the values without the recently
implemented k-ary exponentiation code. Thus for the next release the
user will actually experience faster signing and decryption. A
drawback of blinding is that we need random numbers even for
decryption (albeit at low quality).
Signed-off-by: Werner Koch <wk at gnupg.org>
CVE-id: CVE-2013-4576
diff --git a/cipher/random.c b/cipher/random.c
index b634161..7549517 100644
--- a/cipher/random.c
+++ b/cipher/random.c
@@ -284,6 +284,18 @@ randomize_buffer( byte *buffer, size_t length, int level )
}
+/* Randomize the MPI by setting it to NBITS of random of quality LEVEL. */
+void
+randomize_mpi (MPI mpi, size_t nbits, int level)
+{
+ unsigned char *buffer;
+
+ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi));
+ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0);
+ xfree (buffer);
+}
+
+
int
random_is_faked()
{
diff --git a/cipher/random.h b/cipher/random.h
index ca02df1..01ee11b 100644
--- a/cipher/random.h
+++ b/cipher/random.h
@@ -30,6 +30,7 @@ int quick_random_gen( int onoff );
int random_is_faked(void);
void random_disable_locking (void);
void randomize_buffer( byte *buffer, size_t length, int level );
+void randomize_mpi (MPI mpi, size_t nbits, int level);
byte *get_random_bits( size_t nbits, int level, int secure );
void fast_random_poll( void );
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 1cdc600..c52704c 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1,5 +1,5 @@
/* rsa.c - RSA function
- * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)
+ * Copyright (C) 1997, 1998, 1999, 2013 by Werner Koch (dd9jn)
* Copyright (C) 2000, 2001 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@@ -22,7 +22,7 @@
which expires on September 20, 2000. The patent holder placed that
patent into the public domain on Sep 6th, 2000.
*/
-
+
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
@@ -32,6 +32,10 @@
#include "cipher.h"
#include "rsa.h"
+/* Blinding is used to mitigate side-channel attacks. You may undef
+ this to speed up the operation in case the system is secured
+ against physical and network mounted side-channel attacks. */
+#define USE_BLINDING 1
typedef struct {
MPI n; /* modulus */
@@ -103,7 +107,7 @@ generate( RSA_secret_key *sk, unsigned nbits )
/* make sure that nbits is even so that we generate p, q of equal size */
if ( (nbits&1) )
- nbits++;
+ nbits++;
n = mpi_alloc ( mpi_nlimb_hint_from_nbits (nbits) );
@@ -146,7 +150,7 @@ generate( RSA_secret_key *sk, unsigned nbits )
65537 as the new best practice. See FIPS-186-3.
*/
e = mpi_alloc ( mpi_nlimb_hint_from_nbits (32) );
- mpi_set_ui( e, 65537);
+ mpi_set_ui( e, 65537);
while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */
mpi_add_ui( e, e, 2);
@@ -268,7 +272,7 @@ stronger_key_check ( RSA_secret_key *skey )
mpi_invm(t, skey->p, skey->q );
if ( mpi_cmp(t, skey->u ) )
log_info ( "RSA Oops: u is wrong\n");
-
+
log_info ( "RSA secret key check finished\n");
mpi_free (t);
@@ -286,9 +290,9 @@ stronger_key_check ( RSA_secret_key *skey )
*
* Or faster:
*
- * m1 = c ^ (d mod (p-1)) mod p
- * m2 = c ^ (d mod (q-1)) mod q
- * h = u * (m2 - m1) mod q
+ * m1 = c ^ (d mod (p-1)) mod p
+ * m2 = c ^ (d mod (q-1)) mod q
+ * h = u * (m2 - m1) mod q
* m = m1 + h * p
*
* Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
@@ -299,13 +303,26 @@ secret(MPI output, MPI input, RSA_secret_key *skey )
#if 0
mpi_powm( output, input, skey->d, skey->n );
#else
- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
-
+ int nlimbs = mpi_get_nlimbs (skey->n)+1;
+ MPI m1 = mpi_alloc_secure (nlimbs);
+ MPI m2 = mpi_alloc_secure (nlimbs);
+ MPI h = mpi_alloc_secure (nlimbs);
+# ifdef USE_BLINDING
+ MPI r = mpi_alloc_secure (nlimbs);
+ MPI bdata= mpi_alloc_secure (nlimbs);
+
+ /* Blind: bdata = (data * r^e) mod n */
+ randomize_mpi (r, mpi_get_nbits (skey->n), 0);
+ mpi_fdiv_r (r, r, skey->n);
+ mpi_powm (bdata, r, skey->e, skey->n);
+ mpi_mulm (bdata, bdata, input, skey->n);
+ input = bdata;
+# endif /* USE_BLINDING */
+
+ /* RSA secret operation: */
/* m1 = c ^ (d mod (p-1)) mod p */
mpi_sub_ui( h, skey->p, 1 );
- mpi_fdiv_r( h, skey->d, h );
+ mpi_fdiv_r( h, skey->d, h );
mpi_powm( m1, input, h, skey->p );
/* m2 = c ^ (d mod (q-1)) mod q */
mpi_sub_ui( h, skey->q, 1 );
@@ -313,14 +330,21 @@ secret(MPI output, MPI input, RSA_secret_key *skey )
mpi_powm( m2, input, h, skey->q );
/* h = u * ( m2 - m1 ) mod q */
mpi_sub( h, m2, m1 );
- if ( mpi_is_neg( h ) )
+ if ( mpi_is_neg( h ) )
mpi_add ( h, h, skey->q );
- mpi_mulm( h, skey->u, h, skey->q );
+ mpi_mulm( h, skey->u, h, skey->q );
/* m = m2 + h * p */
mpi_mul ( h, h, skey->p );
mpi_add ( output, m1, h );
- /* ready */
-
+
+# ifdef USE_BLINDING
+ /* Unblind: output = (output * r^(-1)) mod n */
+ mpi_free (bdata);
+ mpi_invm (r, r, skey->n);
+ mpi_mulm (output, output, r, skey->n);
+ mpi_free (r);
+# endif /* USE_BLINDING */
+
mpi_free ( h );
mpi_free ( m1 );
mpi_free ( m2 );
diff --git a/g10/gpgv.c b/g10/gpgv.c
index a337fc7..b679853 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -389,6 +389,7 @@ void cipher_sync( CIPHER_HANDLE c ) {}
void random_dump_stats(void) {}
int quick_random_gen( int onoff ) { return -1;}
void randomize_buffer( byte *buffer, size_t length, int level ) {}
+void randomize_mpi (MPI mpi, size_t nbits, int level) {}
int random_is_faked() { return -1;}
byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;}
void set_random_seed_file( const char *name ) {}
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 18 +++--
NEWS | 18 ++++-
README | 9 +--
checks/Makefile.am | 29 ++++++++
cipher/dsa.c | 6 +-
cipher/elgamal.c | 3 +
cipher/random.c | 12 ++++
cipher/random.h | 1 +
cipher/rsa.c | 76 +++++++++++++++------
configure.ac | 3 +-
g10/encr-data.c | 10 +++
g10/gpg.c | 1 +
g10/gpgv.c | 1 +
g10/mainproc.c | 11 +--
scripts/config.guess | 182 ++++++++++++++++++++++++++++++--------------------
scripts/config.sub | 93 ++++++++++++++------------
16 files changed, 312 insertions(+), 161 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list