+
+# eof #
-----------------------------------------------------------------------
Summary of changes:
misc/blog.gnupg.org/20150101-happy-gnu-year.org | 97 +++++++++++++++++++++++
misc/blog.gnupg.org/upload | 9 ++-
tools/mkkudos.sh | 14 +++-
web/donate/index.org | 19 ++---
4 files changed, 126 insertions(+), 13 deletions(-)
create mode 100644 misc/blog.gnupg.org/20150101-happy-gnu-year.org
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jan 2 20:14:31 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 02 Jan 2015 20:14:31 +0100
Subject: [git] gnupg-doc - branch, master,
updated. 1e69a038458b3374d5a3f7df55b39e256b7b3ff3
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 1e69a038458b3374d5a3f7df55b39e256b7b3ff3 (commit)
via 39278e9e7f25faf22a466749e663a4af2175298f (commit)
via 187e982d9b7d088a8f0508dc84cca3baf2b7b15d (commit)
via 71de861ee508ad2472d38abb8574fdb709dbc2f5 (commit)
via 8401a50feb2eddbd905530a9b9256fee78927fe5 (commit)
from 0ca1d50a7e58d991e7b572ecb58f8925f54e4157 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1e69a038458b3374d5a3f7df55b39e256b7b3ff3
Author: Werner Koch
Date: Fri Jan 2 20:08:01 2015 +0100
web: Move most news from 2014 to the archive.
diff --git a/web/index.org b/web/index.org
index b21c029..d0e2f61 100644
--- a/web/index.org
+++ b/web/index.org
@@ -96,7 +96,7 @@ a lot of bugs and brings some new features. Read more about 2.1 at
the [[file:faq/whats-new-in-2.1.org][feature overview]] page and in the [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000360.html][announcement]] mail.
-** Libksba 1.3.2 released :important:
+** Libksba 1.3.2 released (2014-11-25) :important:
This is a security fix release and all users of Libksba should update
to this version. Note that *GnuPG 2.x* makes use of Libksba and thus
@@ -111,96 +111,6 @@ features a lot of new things including support for ECC. Read more at
the [[file:faq/whats-new-in-2.1.org][feature overview]] page and in the [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html][announcement]] mail.
-** A beta for GnuPG 2.1.0 released (2014-10-03)
-
-A beta release for the forthcoming GnuPG 2.1 version is now
-available. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html][{more}]]
-
-** GPA 0.95 released
-
-GPA is the GNU Privacy Assistant, a frontend to GnuPG. This new
-release has support for ECC keys and improves on the UI server
-feature. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000356.html][{more}]]
-
-** GnuPG 2.0.26 released (2014-08-12)
-
-GnuPG 2.0.26 is now available. This is a maintenance release. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000353.html][{more}]]
-
-** Libgcrypt 1.5.4 security fix release :important:
-
-Using any Libgcrypt version less than 1.5.4 with GnuPG 2.0.x and
-Elgamal encryption keys is vulnerable to the /Get Your Hands Off My
-Laptop/ attack. Please update to the newly released Libgcrypt 1.5.4
-or a 1.6 version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html][{more}]]
-
-** Get Your Hands Off My Laptop (2014-08-07)
-
-Daniel Genkin, Itamar Pipman, and Eran Tromer latest side channel
-attack targets an /older version/ of GnuPG. If your GnuPG and
-Libgcrypt versions are up-to-date you are safe. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000349.html][{more}]]
-
-** GPGME 1.5.1 and 1.4.4 released (2014-08-07) :important:
-
-A security fix release for the GPGME library is available. It is
-suggested to update to one of these version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000350.html][{more}]]
-
-** GnuPG 2.0.25 and 1.4.18 released (2014-06-30)
-
-To fix a minor regression in the previous releases we released today
-new versions of GnuPG-1 and GnuPG-2: [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]]
-
-** GnuPG 2.0.24 released (2014-06-24) :important:
-
-GnuPG 2.0.24 is now available. This GnuPG-2 release features a fix
-for a denial of service attack and a few other changes. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html][{more}]]
-
-
-** GnuPG 1.4.17 released (2014-06-23) :important:
-
-GnuPG 1.4.17 is now available. This GnuPG-1 release features a fix
-for a denial of service attack and a few other minor changes. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]]
-
-
-** GnuPG 2.0.23 released (2014-06-03)
-
-We are pleased to announce the availability of GnuPG 2.0.23. This is
-a maintenance release with a few new features. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html][{more}]]
-
-
-** Goteo campaign: preliminary results (2014-05-12)
-
-The blog has a report on the current status of the campaign including
-an overview of the financial results. [[https://www.gnupg.org/blog/20140512-rewards-sent.html][{read here}]]
-
-** Mission complete: campaign ends, closing stats (2014-02-06)
-
-After 50 days of crowdfunding, the GnuPG campaign for new website and
-infrastructure will close tomorrow. That means rewards for backers can
-now be ordered and preparations for dispatch can begin. Here are the
-results so far. [[https://www.gnupg.org/blog/20140206-crowdfunding-complete.html][{more}]]
-
-
-** 16 Years of protecting privacy (2013-12-20)
-
-Today marks 16 years since the first release of GnuPG. In that time
-the project has grown from being a hacker?s hobby into one of the
-world?s most critical anti-surveillance tools. Today GnuPG stands at
-the front line of the battle between invasive surveillance and civil
-liberties. [[https://www.gnupg.org/blog/20131220-gnupg-turned-0x10.html][{more}]]
-
-** GnuPG launches crowdfunding campaign (2013-12-19)
-
-Today GNU Privacy Guard (GnuPG) has launched its first
-[[http://goteo.org/project/gnupg-new-website-and-infrastructure][crowdfunding campaign]] with the aim of building a new website and long term
-infrastructure. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.de.html][{deutsch}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.fr.html][{francaise}]]
-
-** GnuPG 1.4.16 released (2013-12-18) :important:
-
-Along with the publication of an interesting new [[http://www.cs.tau.ac.il/~tromer/acoustic/][side channel attack]]
-by Genkin, Shamir, and Tromer we announce the availability of a new
-stable GnuPG release to relieve this bug: Version 1.4.16 ... [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]]
-
-
* COMMENT
This is the publishing info used for the GnuPG pages
diff --git a/web/news.org b/web/news.org
index 0d4f32c..6cfbd15 100644
--- a/web/news.org
+++ b/web/news.org
@@ -7,6 +7,96 @@ On this page you'll find all the news of previous years in reverse
chronological order. News for the current year are found at the [[index][main
page]].
+
+** A beta for GnuPG 2.1.0 released (2014-10-03)
+
+A beta release for the forthcoming GnuPG 2.1 version is now
+available. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html][{more}]]
+
+** GPA 0.95 released
+
+GPA is the GNU Privacy Assistant, a frontend to GnuPG. This new
+release has support for ECC keys and improves on the UI server
+feature. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000356.html][{more}]]
+
+** GnuPG 2.0.26 released (2014-08-12)
+
+GnuPG 2.0.26 is now available. This is a maintenance release. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000353.html][{more}]]
+
+** Libgcrypt 1.5.4 security fix release :important:
+
+Using any Libgcrypt version less than 1.5.4 with GnuPG 2.0.x and
+Elgamal encryption keys is vulnerable to the /Get Your Hands Off My
+Laptop/ attack. Please update to the newly released Libgcrypt 1.5.4
+or a 1.6 version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html][{more}]]
+
+** Get Your Hands Off My Laptop (2014-08-07)
+
+Daniel Genkin, Itamar Pipman, and Eran Tromer latest side channel
+attack targets an /older version/ of GnuPG. If your GnuPG and
+Libgcrypt versions are up-to-date you are safe. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000349.html][{more}]]
+
+** GPGME 1.5.1 and 1.4.4 released (2014-08-07) :important:
+
+A security fix release for the GPGME library is available. It is
+suggested to update to one of these version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000350.html][{more}]]
+
+** GnuPG 2.0.25 and 1.4.18 released (2014-06-30)
+
+To fix a minor regression in the previous releases we released today
+new versions of GnuPG-1 and GnuPG-2: [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]]
+
+** GnuPG 2.0.24 released (2014-06-24) :important:
+
+GnuPG 2.0.24 is now available. This GnuPG-2 release features a fix
+for a denial of service attack and a few other changes. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html][{more}]]
+
+
+** GnuPG 1.4.17 released (2014-06-23) :important:
+
+GnuPG 1.4.17 is now available. This GnuPG-1 release features a fix
+for a denial of service attack and a few other minor changes. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]]
+
+
+** GnuPG 2.0.23 released (2014-06-03)
+
+We are pleased to announce the availability of GnuPG 2.0.23. This is
+a maintenance release with a few new features. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html][{more}]]
+
+
+** Goteo campaign: preliminary results (2014-05-12)
+
+The blog has a report on the current status of the campaign including
+an overview of the financial results. [[https://www.gnupg.org/blog/20140512-rewards-sent.html][{read here}]]
+
+** Mission complete: campaign ends, closing stats (2014-02-06)
+
+After 50 days of crowdfunding, the GnuPG campaign for new website and
+infrastructure will close tomorrow. That means rewards for backers can
+now be ordered and preparations for dispatch can begin. Here are the
+results so far. [[https://www.gnupg.org/blog/20140206-crowdfunding-complete.html][{more}]]
+
+
+** 16 Years of protecting privacy (2013-12-20)
+
+Today marks 16 years since the first release of GnuPG. In that time
+the project has grown from being a hacker?s hobby into one of the
+world?s most critical anti-surveillance tools. Today GnuPG stands at
+the front line of the battle between invasive surveillance and civil
+liberties. [[https://www.gnupg.org/blog/20131220-gnupg-turned-0x10.html][{more}]]
+
+** GnuPG launches crowdfunding campaign (2013-12-19)
+
+Today GNU Privacy Guard (GnuPG) has launched its first
+[[http://goteo.org/project/gnupg-new-website-and-infrastructure][crowdfunding campaign]] with the aim of building a new website and long term
+infrastructure. [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000338.html][{more}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.de.html][{deutsch}]] [[https://www.gnupg.org/blog/20131219-gnupg-launches-crowfunding.fr.html][{francaise}]]
+
+** GnuPG 1.4.16 released (2013-12-18) :important:
+
+Along with the publication of an interesting new [[http://www.cs.tau.ac.il/~tromer/acoustic/][side channel attack]]
+by Genkin, Shamir, and Tromer we announce the availability of a new
+stable GnuPG release to relieve this bug: Version 1.4.16 ... [[http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html][{more}]]
+
** Blog: Getting Goteo crowdfunding approval (2013-12-18)
The targets are set, the rewards are prepared, the press release has
commit 39278e9e7f25faf22a466749e663a4af2175298f
Author: Werner Koch
Date: Fri Jan 2 20:01:06 2015 +0100
web: URL fix for EGD.
diff --git a/web/related_software/swlist.org b/web/related_software/swlist.org
index 7568a41..8082bdf 100644
--- a/web/related_software/swlist.org
+++ b/web/related_software/swlist.org
@@ -34,7 +34,7 @@ Cryptophane is an easy-to-use application for MS Windows. It allows
users to encrypt, sign, decrypt, and perform key maintenance without
having to deal with GnuPG's command-line interface.
-** [[http://www.lothar.com/tech/crypto/][EGD]] [Unix] MISC
+** [[http://egd.sourceforge.org][EGD]] [Unix] MISC
:PROPERTIES:
:CUSTOM_ID: egd
:END:
commit 187e982d9b7d088a8f0508dc84cca3baf2b7b15d
Author: Werner Koch
Date: Fri Jan 2 20:00:44 2015 +0100
web: Add a donors list for 2015.
diff --git a/web/donate/kudos-2015.org b/web/donate/kudos-2015.org
new file mode 100644
index 0000000..2f50c45
--- /dev/null
+++ b/web/donate/kudos-2015.org
@@ -0,0 +1,13 @@
+#+TITLE: GnuPG - List of Donors - 2015
+#+STARTUP: showall
+#+SETUPFILE: "../share/setup.inc"
+
+* People who donated money to GnuPG in 2015
+
+#+HTML:
+#+HTML:
+#+HTML:
[please reload in a few minutes while the list is being updated]
+#+HTML:
+#+HTML:
+
+ Thank you.
diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index e7cdeea..f6ad46c 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -13,6 +13,7 @@
Thank you.
+ - All donors to GnuPG in [[file:kudos-2015.org][2015]]
- All donors to GnuPG in [[file:kudos-2014.org][2014]]
- All donors to GnuPG in [[file:kudos-2013.org][2013]]
- All donors to GnuPG in [[file:kudos-2012.org][2012]]
@@ -50,8 +51,9 @@ Donations for the previous years:
| 2011 | 21 | 553 | 465 |
| 2012 | 53 | 5991 | 4963 |
| 2013 | 148 | 5041 | 4145 |
+| 2014 | 801 | 34700 | |
|------+-----+-------+----------|
-| | | 11585 | 9573 |
+| | | 46285 | |
#+TBLFM: $LR3=vsum(@I.. at II)::$LR4=vsum(@I.. at II)
# In 2014 without the 32641.27 (27429.64) from the Goteo campaign
commit 71de861ee508ad2472d38abb8574fdb709dbc2f5
Author: Werner Koch
Date: Fri Jan 2 19:59:35 2015 +0100
tools: Remove trailing dot from mail addresses.
sendmail does not grok them.
diff --git a/tools/append-to-donors.sh b/tools/append-to-donors.sh
index 492ab32..60ca80c 100755
--- a/tools/append-to-donors.sh
+++ b/tools/append-to-donors.sh
@@ -136,7 +136,7 @@ find $journal_dir -type f -name 'journal-????????.log' -print \
xmail amount currency euro rest; do
name=$(echo "$name" | tr \`\$: ...)
message=$(echo "$message" | tr \`\$ ..)
- xmail=$(echo "$xmail" | tr \`\$ ..)
+ xmail=$(echo "$xmail" | tr \`\$ .. | sed 's/\.$//')
# Note that we removed colons from $name
echo "$jyear:$datestr:$name::$lnr:" >> "$donors.tmp"
touch "$donors".stamp
commit 8401a50feb2eddbd905530a9b9256fee78927fe5
Author: Werner Koch
Date: Fri Jan 2 19:58:29 2015 +0100
tools: Small fix for the funding campaign results.
diff --git a/tools/mkkudos.sh b/tools/mkkudos.sh
index ee786f1..3dbcab8 100755
--- a/tools/mkkudos.sh
+++ b/tools/mkkudos.sh
@@ -77,10 +77,11 @@ monyear=$(echo "$tmp" | awk -F: 'BEGIN { m[1] = "January";
{printf "%s %d", m[$2] , $1}')
euromo=$(echo "$tmp" | awk -F: '{printf "%d €", int($8 + 0.5)}')
euroyr=$(echo "$tmp" | awk -F: '{printf "%d €", int($10 + 0.5)}')
-euroyr_campaign=$(echo "$tmp" | awk -F: '{printf "%d", int($10 + 0.5)}')
n=$(echo "$tmp" | awk -F: '{printf "%d", $7}')
nyr=$(echo "$tmp" | awk -F: '{printf "%d", $9}')
+euroyr_campaign=$(echo "$tmp" | awk -F: '$1=="2014"{printf "0"; next};{printf "%d", int($10 + 0.5)}')
+
# Campaign data
goal="120000"
tmp=$(grep '^2014:12:' "$donations")
-----------------------------------------------------------------------
Summary of changes:
tools/append-to-donors.sh | 2 +-
tools/mkkudos.sh | 3 +-
web/donate/{kudos-2011.org => kudos-2015.org} | 4 +-
web/donate/kudos.org | 4 +-
web/index.org | 92 +------------------------
web/news.org | 90 ++++++++++++++++++++++++
web/related_software/swlist.org | 2 +-
7 files changed, 100 insertions(+), 97 deletions(-)
copy web/donate/{kudos-2011.org => kudos-2015.org} (73%)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Jan 4 14:58:46 2015
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Sun, 04 Jan 2015 14:58:46 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-146-gd7c7453
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via d7c7453cf5e6b8f3c6b522a30e680f844a28c9de (commit)
from 8eabecc883332156adffc1df42d27f614c157e06 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de
Author: Jussi Kivilinna
Date: Fri Jan 2 19:07:24 2015 +0200
rmd160: restore native-endian store in _gcry_rmd160_mixblock
* cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in
native-endianess.
--
Commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 unintendedly changed this
native-endian store to little-endian.
Reported-by: Yuriy Kaminskiy
Signed-off-by: Jussi Kivilinna
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
index 2b1f321..2695db2 100644
--- a/cipher/rmd160.c
+++ b/cipher/rmd160.c
@@ -403,15 +403,16 @@ transform ( void *c, const unsigned char *data, size_t nblks )
* Apply the rmd160 transform function on the buffer which must have
* a length 64 bytes. Do not use this function together with the
* other functions, use rmd160_init to initialize internal variables.
- * Returns: 16 bytes in buffer with the mixed contentes of buffer.
+ * Buffer must be 32-bit aligned.
+ * Returns: 20 bytes in buffer with the mixed contents of buffer.
*/
void
_gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte )
{
- char *p = blockof64byte;
+ u32 *p = blockof64byte;
transform ( hd, blockof64byte, 1 );
-#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0)
+#define X(a) do { p[a] = hd->h##a; } while(0)
X(0);
X(1);
X(2);
-----------------------------------------------------------------------
Summary of changes:
cipher/rmd160.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Jan 4 17:19:57 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 04 Jan 2015 17:19:57 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-20-gac2cb47
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via ac2cb47fc5c0be539aaa07fd141acdbc0934800f (commit)
via cf88337f8a4f8c98aca4b1da5921d18567b4f474 (commit)
from d2d8481e3866124c143cac165dea8453001e2905 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ac2cb47fc5c0be539aaa07fd141acdbc0934800f
Author: Werner Koch
Date: Sun Jan 4 17:19:06 2015 +0100
agent: Make --allow-loopback-pinentry gpgconf changeable.
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 918c72b..fe310f4 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -205,7 +205,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
/* */ N_("allow presetting passphrase")),
ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry",
- N_("allow presetting passphrase")),
+ N_("allow caller to override the pinentry")),
ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
#ifdef HAVE_W32_SYSTEM
@@ -1060,6 +1060,8 @@ main (int argc, char **argv )
#else
es_printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE);
#endif
+ es_printf ("allow-loopback-pinentry:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
agent_exit (0);
}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 61faa1d..86e67eb 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -542,6 +542,9 @@ static gc_option_t gc_options_gpg_agent[] =
{ "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg", "allow caller to override the pinentry",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", "do not grab keyboard and mouse",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
commit cf88337f8a4f8c98aca4b1da5921d18567b4f474
Author: Joshua Rogers
Date: Tue Dec 23 00:47:50 2014 +1100
tools: Free variable before return
* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
upon error.
--
Signed-off-by: Joshua Rogers
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 8c47b2e..61faa1d 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -2508,7 +2508,10 @@ change_options_file (gc_component_t component, gc_backend_t backend,
res = link (dest_filename, orig_filename);
#endif
if (res < 0 && errno != ENOENT)
- return -1;
+ {
+ xfree (dest_filename);
+ return -1;
+ }
if (res < 0)
{
xfree (orig_filename);
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 4 +++-
tools/gpgconf-comp.c | 8 +++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jan 5 15:17:46 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Jan 2015 15:17:46 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-24-g9bf4084
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9bf40849a9f86204e113712c4cc285f1ac16127a (commit)
via 616e511f278bf9af04dc66bbb8b05b37bf541f37 (commit)
via 56e688823345bbcfef220b13eb418854f8798b16 (commit)
via 445bb17d5fe6b53db078082fb033dbc67eea8307 (commit)
from ac2cb47fc5c0be539aaa07fd141acdbc0934800f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9bf40849a9f86204e113712c4cc285f1ac16127a
Author: Werner Koch
Date: Mon Jan 5 15:10:03 2015 +0100
sm,g13: Init local vars to avoid compiler warnings.
* sm/misc.c (transform_sigval): Init RSA_S_LEN.
* g13/mount.c (read_keyblob): Init HEADERLEN.
--
Not a bug but the compiler (gcc 4.9.1) can't detect that it is not
used uninitialized.
Signed-off-by: Werner Koch
diff --git a/g13/mount.c b/g13/mount.c
index fc640e0..a9203d1 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -139,7 +139,8 @@ read_keyblob (const char *filename,
{
gpg_error_t err;
estream_t fp = NULL;
- size_t headerlen, msglen;
+ size_t headerlen = 0;
+ size_t msglen;
void *msg = NULL;
*r_enckeyblob = NULL;
diff --git a/sm/misc.c b/sm/misc.c
index ec9f97e..39897f4 100644
--- a/sm/misc.c
+++ b/sm/misc.c
@@ -112,7 +112,7 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
int depth, last_depth1, last_depth2;
int is_pubkey = 0;
const unsigned char *rsa_s = NULL;
- size_t rsa_s_len;
+ size_t rsa_s_len = 0;
const char *oid;
gcry_sexp_t sexp;
commit 616e511f278bf9af04dc66bbb8b05b37bf541f37
Author: Werner Koch
Date: Mon Jan 5 15:07:23 2015 +0100
gpg: Remove unused args from a function.
* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno. Change all callers.
Signed-off-by: Werner Koch
diff --git a/g10/card-util.c b/g10/card-util.c
index b030fad..4b584bf 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -754,7 +754,7 @@ fetch_url (ctrl_t ctrl)
gpg_strerror(rc));
else if (info.pubkey_url && *info.pubkey_url)
{
- spec=parse_keyserver_uri(info.pubkey_url,1,NULL,0);
+ spec = parse_keyserver_uri (info.pubkey_url, 1);
if(spec && info.fpr1valid)
{
/* This is not perfectly right. Currently, all card
diff --git a/g10/getkey.c b/g10/getkey.c
index 4a4dd55..f8cb869 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2938,7 +2938,7 @@ parse_auto_key_locate (char *options)
else if (ascii_strcasecmp (tok, "pka") == 0)
akl->type = AKL_PKA;
#endif
- else if ((akl->spec = parse_keyserver_uri (tok, 1, NULL, 0)))
+ else if ((akl->spec = parse_keyserver_uri (tok, 1)))
akl->type = AKL_SPEC;
else
{
diff --git a/g10/gpg.c b/g10/gpg.c
index 12fe7b2..73de511 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2800,8 +2800,7 @@ main (int argc, char **argv)
case oKeyServer:
{
keyserver_spec_t keyserver;
- keyserver = parse_keyserver_uri (pargs.r.ret_str,0,
- configname,configlineno);
+ keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
if (!keyserver)
log_error (_("could not parse keyserver URL\n"));
else
@@ -2990,8 +2989,7 @@ main (int argc, char **argv)
case oDefaultKeyserverURL:
{
keyserver_spec_t keyserver;
- keyserver = parse_keyserver_uri (pargs.r.ret_str,1,
- configname,configlineno);
+ keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
if (!keyserver)
log_error (_("could not parse keyserver URL\n"));
else
diff --git a/g10/keyedit.c b/g10/keyedit.c
index a8e6f5d..e2da61b 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -4165,7 +4165,7 @@ menu_set_keyserver_url (const char *url, KBNODE pub_keyblock)
{
struct keyserver_spec *keyserver = NULL;
/* Sanity check the format */
- keyserver = parse_keyserver_uri (answer, 1, NULL, 0);
+ keyserver = parse_keyserver_uri (answer, 1);
xfree (answer);
if (!keyserver)
{
diff --git a/g10/keygen.c b/g10/keygen.c
index c25caad..fa466a8 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3106,7 +3106,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
{
struct keyserver_spec *spec;
- spec=parse_keyserver_uri(s1,1,NULL,0);
+ spec = parse_keyserver_uri (s1, 1);
if(spec)
{
free_keyserver_spec(spec);
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 2b1b64e..a955fc7 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -28,10 +28,8 @@
int parse_keyserver_options(char *options);
void free_keyserver_spec(struct keyserver_spec *keyserver);
struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
-struct keyserver_spec *parse_keyserver_uri(const char *string,
- int require_scheme,
- const char *configname,
- unsigned int configlineno);
+struct keyserver_spec *parse_keyserver_uri (const char *string,
+ int require_scheme);
struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
int keyserver_export (ctrl_t ctrl, strlist_t users);
int keyserver_import (ctrl_t ctrl, strlist_t users);
diff --git a/g10/keyserver.c b/g10/keyserver.c
index a92544c..7d80756 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -258,8 +258,7 @@ keyserver_match(struct keyserver_spec *spec)
keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
keyserver_spec_t
-parse_keyserver_uri (const char *string,int require_scheme,
- const char *configname,unsigned int configlineno)
+parse_keyserver_uri (const char *string,int require_scheme)
{
int assume_hkp=0;
struct keyserver_spec *keyserver;
@@ -481,7 +480,7 @@ parse_preferred_keyserver(PKT_signature *sig)
memcpy(dupe,p,plen);
dupe[plen]='\0';
- spec=parse_keyserver_uri(dupe,1,NULL,0);
+ spec = parse_keyserver_uri (dupe, 1);
xfree(dupe);
}
@@ -1931,7 +1930,7 @@ keyserver_import_cert (ctrl_t ctrl,
{
struct keyserver_spec *spec;
- spec=parse_keyserver_uri(url,1,NULL,0);
+ spec = parse_keyserver_uri (url, 1);
if(spec)
{
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec);
@@ -1977,7 +1976,7 @@ keyserver_import_pka (ctrl_t ctrl,
{
/* An URI is available. Lookup the key. */
struct keyserver_spec *spec;
- spec = parse_keyserver_uri (uri, 1, NULL, 0);
+ spec = parse_keyserver_uri (uri, 1);
if (spec)
{
rc = keyserver_import_fprint (ctrl, *fpr, 20, spec);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 03a13c5..a66a99d 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1739,7 +1739,7 @@ check_sig_and_print (CTX c, kbnode_t node)
int res;
struct keyserver_spec *spec;
- spec = parse_keyserver_uri (uri, 1, NULL, 0);
+ spec = parse_keyserver_uri (uri, 1);
if (spec)
{
glo_ctrl.in_auto_key_retrieve++;
commit 56e688823345bbcfef220b13eb418854f8798b16
Author: Werner Koch
Date: Mon Jan 5 15:03:12 2015 +0100
gpg: Clear a possible rest of the KDF secret buffer.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--
That bug has been here since the beginning. The entire function needs
a review or be be moved to Libgcrypt.
Signed-off-by: Werner Koch
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 0b06239..07f3983 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -250,7 +250,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
/* We could have allocated more, so clean the tail before returning. */
- memset( secret_x+secret_x_size, old_size-secret_x_size, 0 );
+ memset (secret_x+secret_x_size, 0, old_size - secret_x_size);
if (DBG_CIPHER)
log_printhex ("ecdh KEK is:", secret_x, secret_x_size );
}
commit 445bb17d5fe6b53db078082fb033dbc67eea8307
Author: Werner Koch
Date: Mon Jan 5 14:55:36 2015 +0100
build: Require automake 1.14.
* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
diff --git a/README.GIT b/README.GIT
index ee2c638..57dab7a 100644
--- a/README.GIT
+++ b/README.GIT
@@ -17,8 +17,8 @@ variables to override the default tool names:
AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake
package. For example
- AUTOMAKE_SUFFIX="-1.7" ./autogen.sh
- uses "automake-1.7" and "aclocal-1.7.
+ AUTOMAKE_SUFFIX="-1.14" ./autogen.sh
+ uses "automake-1.14" and "aclocal-1.14.
AUTOMAKE_PREFIX is used as a prefix for all tools from the automake
page and may be combined with AUTOMAKE_SUFFIX. e.g.:
AUTOMAKE_PREFIX=/usr/foo/bin ./autogen.sh
diff --git a/configure.ac b/configure.ac
index 16843f4..30a639e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-min_automake_version="1.10"
+min_automake_version="1.14"
# To build a release you need to create a tag with the version number
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
@@ -78,9 +78,7 @@ VERSION=$PACKAGE_VERSION
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_SRCDIR([sm/gpgsm.c])
AC_CONFIG_HEADER([config.h])
-# Note: For automake 1.13 add the option
-# serial-tests
-AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip])
+AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip])
AC_CANONICAL_HOST
AB_INIT
-----------------------------------------------------------------------
Summary of changes:
README.GIT | 4 ++--
configure.ac | 6 ++----
g10/card-util.c | 2 +-
g10/ecdh.c | 2 +-
g10/getkey.c | 2 +-
g10/gpg.c | 6 ++----
g10/keyedit.c | 2 +-
g10/keygen.c | 2 +-
g10/keyserver-internal.h | 6 ++----
g10/keyserver.c | 9 ++++-----
g10/mainproc.c | 2 +-
g13/mount.c | 3 ++-
sm/misc.c | 2 +-
13 files changed, 21 insertions(+), 27 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jan 5 17:53:43 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Jan 2015 17:53:43 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-152-gdd5df19
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via dd5df198727ea5d8f6b04288e14fd732051453c8 (commit)
via f65276970a6dcd6d9bca94cecc49b68acdcc9492 (commit)
via 95a751d9cef2c6dfcd7358154bcdbbdf35e31a2e (commit)
via 1a6d65ac0aab335541726d02f2046d883a768ec3 (commit)
via c420c0fff5e3b5bdd9ef1a6a4a9b2e1da8301416 (commit)
via 943ce27e6a13057c988c35c913dc6a3f56149591 (commit)
from d7c7453cf5e6b8f3c6b522a30e680f844a28c9de (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dd5df198727ea5d8f6b04288e14fd732051453c8
Author: Werner Koch
Date: Mon Jan 5 17:47:26 2015 +0100
doc: Update yat2m to current upstream version (GnuPG).
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 2ac4390..86c3c70 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -87,6 +87,10 @@
detects the number of white spaces in front of an @item and remove
this number of spaces from all following lines until a new @item
is found or there are less spaces than for the last @item.
+
+ Note that @* does only work correctly if used at the end of an
+ input line.
+
*/
#include
@@ -136,6 +140,9 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of variables set by @set. */
+static macro_t variablelist;
+
/* List of global macro names. The value part is not used. */
static macro_t predefinedmacrolist;
@@ -375,8 +382,44 @@ set_macro (const char *macroname, char *macrovalue)
}
-/* Return true if the macro NAME is set, i.e. not the empty string and
- not evaluating to 0. */
+/* Create or update a variable with name and value given in NAMEANDVALUE. */
+static void
+set_variable (char *nameandvalue)
+{
+ macro_t m;
+ const char *value;
+ char *p;
+
+ for (p = nameandvalue; *p && *p != ' ' && *p != '\t'; p++)
+ ;
+ if (!*p)
+ value = "";
+ else
+ {
+ *p++ = 0;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ value = p;
+ }
+
+ for (m=variablelist; m; m = m->next)
+ if (!strcmp (m->name, nameandvalue))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (nameandvalue));
+ strcpy (m->name, nameandvalue);
+ m->next = variablelist;
+ variablelist = m;
+ }
+ m->value = xstrdup (value);
+}
+
+
+/* Return true if the macro or variable NAME is set, i.e. not the
+ empty string and not evaluating to 0. */
static int
macro_set_p (const char *name)
{
@@ -385,6 +428,10 @@ macro_set_p (const char *name)
for (m = macrolist; m ; m = m->next)
if (!strcmp (m->name, name))
break;
+ if (!m)
+ for (m = variablelist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
if (!m || !m->value || !*m->value)
return 0;
if ((*m->value & 0x80) || !isdigit (*m->value))
@@ -609,6 +656,7 @@ write_th (FILE *fp)
*p++ = 0;
fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
name, p, isodatestring (), opt_release, opt_source);
+ free (name);
return 0;
}
@@ -664,8 +712,11 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
{ "table", 3 },
{ "itemize", 3 },
{ "bullet", 0, "* " },
+ { "*", 0, "\n.br"},
+ { "/", 0 },
{ "end", 4 },
{ "quotation",1, ".RS\n\\fB" },
+ { "value", 8 },
{ NULL }
};
size_t n;
@@ -741,11 +792,46 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
case 7:
ignore_args = 1;
break;
+ case 8:
+ ignore_args = 1;
+ if (*rest != '{')
+ {
+ err ("opening brace for command '%s' missing", command);
+ return len;
+ }
+ else
+ {
+ /* Find closing brace. */
+ for (s=rest+1, n=1; *s && n < len; s++, n++)
+ if (*s == '}')
+ break;
+ if (*s != '}')
+ {
+ err ("closing brace for command '%s' not found", command);
+ return len;
+ }
+ else
+ {
+ size_t len = s - (rest + 1);
+ macro_t m;
+
+ for (m = variablelist; m; m = m->next)
+ if (strlen (m->name) == len
+ &&!strncmp (m->name, rest+1, len))
+ break;
+ if (m)
+ fputs (m->value, fp);
+ else
+ inf ("texinfo variable '%.*s' is not set",
+ (int)len, rest+1);
+ }
+ }
+ break;
default:
break;
}
}
- else
+ else /* macro */
{
macro_t m;
@@ -1215,6 +1301,10 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
macrovalue = xmalloc ((macrovaluesize = 1024));
macrovalueused = 0;
}
+ else if (n == 4 && !memcmp (line, "@set", 4))
+ {
+ set_variable (p);
+ }
else if (n == 8 && !memcmp (line, "@manpage", 8))
{
free (*section_name);
@@ -1325,6 +1415,13 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ while (variablelist)
+ {
+ macro_t next = variablelist->next;
+ free (variablelist->value);
+ free (variablelist);
+ variablelist = next;
+ }
for (m=predefinedmacrolist; m; m = m->next)
set_macro (m->name, xstrdup ("1"));
cond_is_active = 1;
commit f65276970a6dcd6d9bca94cecc49b68acdcc9492
Author: Werner Koch
Date: Mon Jan 5 17:46:05 2015 +0100
build: Require automake 1.14.
* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
Signed-off-by: Werner Koch
diff --git a/configure.ac b/configure.ac
index 71c50c0..161571a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,7 +21,7 @@
# (Process this file with autoconf to produce a configure script.)
AC_REVISION($Revision$)
AC_PREREQ(2.60)
-min_automake_version="1.10"
+min_automake_version="1.14"
# To build a release you need to create a tag with the version number
# (git tag -s libgcrypt-n.m.k) and run "./autogen.sh --force". Please
@@ -75,7 +75,7 @@ VERSION=$PACKAGE_VERSION
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_SRCDIR([src/libgcrypt.vers])
-AM_INIT_AUTOMAKE([dist-bzip2])
+AM_INIT_AUTOMAKE([serial-tests dist-bzip2])
AC_CONFIG_HEADER(config.h)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_LIBOBJ_DIR([compat])
commit 95a751d9cef2c6dfcd7358154bcdbbdf35e31a2e
Author: Werner Koch
Date: Mon Jan 5 17:16:04 2015 +0100
cipher: Add the original PD notice to rijndael-ssse3-amd64.c
--
diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c
index 112ab22..d72ec31 100644
--- a/cipher/rijndael-ssse3-amd64.c
+++ b/cipher/rijndael-ssse3-amd64.c
@@ -15,6 +15,23 @@
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
+ *
+ *
+ * The code is based on the public domain library libvpaes version 0.5
+ * available at http://crypto.stanford.edu/vpaes/ and which carries
+ * this notice:
+ *
+ * libvpaes: constant-time SSSE3 AES encryption and decryption.
+ * version 0.5
+ *
+ * By Mike Hamburg, Stanford University, 2009. Public domain.
+ * I wrote essentially all of this code. I did not write the test
+ * vectors; they are the NIST known answer tests. I hereby release all
+ * the code and documentation here that I wrote into the public domain.
+ *
+ * This is an implementation of AES following my paper,
+ * "Accelerating AES with Vector Permute Instructions"
+ * CHES 2009; http://shiftleft.org/papers/vector_aes/
*/
#include
@@ -36,7 +53,7 @@
/* Two macros to be called prior and after the use of SSSE3
instructions. There should be no external function calls between
the use of these macros. There purpose is to make sure that the
- SSE regsiters are cleared and won't reveal any information about
+ SSE registers are cleared and won't reveal any information about
the key or the data. */
#define vpaes_ssse3_prepare_enc(const_ptr) \
asm volatile ("lea .Laes_consts(%%rip), %q0 \n\t" \
commit 1a6d65ac0aab335541726d02f2046d883a768ec3
Author: Werner Koch
Date: Mon Jan 5 17:04:10 2015 +0100
Replace camel case of internal scrypt functions.
* cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change
callers.
(_scryptBlockMix): Rename to scrypt_block_mix. Change callers.
(_scryptROMix): Rename to scrypt_ro_mix. Change callers.
--
Signed-off-by: Werner Koch
diff --git a/cipher/scrypt.c b/cipher/scrypt.c
index aca903d..3c21c2a 100644
--- a/cipher/scrypt.c
+++ b/cipher/scrypt.c
@@ -76,7 +76,7 @@
static void
-_salsa20_core(u32 *dst, const u32 *src, unsigned rounds)
+salsa20_core (u32 *dst, const u32 *src, unsigned int rounds)
{
u32 x[SALSA20_INPUT_LENGTH];
unsigned i;
@@ -108,7 +108,7 @@ _salsa20_core(u32 *dst, const u32 *src, unsigned rounds)
static void
-_scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2)
+scrypt_block_mix (u32 r, unsigned char *B, unsigned char *tmp2)
{
u64 i;
unsigned char *X = tmp2;
@@ -142,7 +142,7 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2)
buf_xor(X, X, &B[i * 64], 64);
/* X = Salsa (T) */
- _salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8);
+ salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8);
/* Y[i] = X */
memcpy (&Y[i * 64], X, 64);
@@ -173,8 +173,9 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2)
#endif
}
+
static void
-_scryptROMix (u32 r, unsigned char *B, u64 N,
+scrypt_ro_mix (u32 r, unsigned char *B, u64 N,
unsigned char *tmp1, unsigned char *tmp2)
{
unsigned char *X = B, *T = B;
@@ -201,7 +202,7 @@ _scryptROMix (u32 r, unsigned char *B, u64 N,
memcpy (&tmp1[i * 128 * r], X, 128 * r);
/* X = ScryptBlockMix (X) */
- _scryptBlockMix (r, X, tmp2);
+ scrypt_block_mix (r, X, tmp2);
}
/* for i = 0 to N - 1 do */
@@ -216,7 +217,7 @@ _scryptROMix (u32 r, unsigned char *B, u64 N,
buf_xor (T, T, &tmp1[j * 128 * r], 128 * r);
/* X = scryptBlockMix (T) */
- _scryptBlockMix (r, T, tmp2);
+ scrypt_block_mix (r, T, tmp2);
}
#if 0
@@ -234,7 +235,9 @@ _scryptROMix (u32 r, unsigned char *B, u64 N,
#endif
}
-/**
+
+/*
+ *
*/
gcry_err_code_t
_gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
@@ -306,7 +309,7 @@ _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
1 /* iterations */, p * r128, B);
for (i = 0; !ec && i < p; i++)
- _scryptROMix (r, &B[i * r128], N, tmp1, tmp2);
+ scrypt_ro_mix (r, &B[i * r128], N, tmp1, tmp2);
for (i = 0; !ec && i < p; i++)
ec = _gcry_kdf_pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, B, p * r128,
commit c420c0fff5e3b5bdd9ef1a6a4a9b2e1da8301416
Author: Werner Koch
Date: Sun Dec 28 14:26:48 2014 +0100
doc: State that gcry_md_write et al may be used after md_read.
--
diff --git a/cipher/hash-common.c b/cipher/hash-common.c
index ed63a0b..9a007e1 100644
--- a/cipher/hash-common.c
+++ b/cipher/hash-common.c
@@ -95,7 +95,10 @@ _gcry_hash_selftest_check_one (int algo,
/* Common function to write a chunk of data to the transform function
of a hash algorithm. Note that the use of the term "block" does
- not imply a fixed size block. */
+ not imply a fixed size block. Note that we explicitly allow to use
+ this function after the context has been finalized; the result does
+ not have any meaning but writing after finalize is sometimes
+ helpful to mitigate timing attacks. */
void
_gcry_md_block_write (void *context, const void *inbuf_arg, size_t inlen)
{
diff --git a/cipher/md.c b/cipher/md.c
index f9414de..9fef555 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -642,6 +642,9 @@ md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen)
}
+/* Note that this function may be used after finalize and read to keep
+ on writing to the transform function so to mitigate timing
+ attacks. */
void
_gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
{
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index be5f805..30acd2f 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3233,7 +3233,11 @@ by just one character. Both methods can be used on the same hash context.
Pass @var{length} bytes of the data in @var{buffer} to the digest object
with handle @var{h} to update the digest values. This
-function should be used for large blocks of data.
+function should be used for large blocks of data. If this function is
+used after the context has been finalized, it will keep on pushing
+the data through the algorithm specific transform function and change
+the context; however the results are not meaningful and this feature
+is only available to mitigate timing attacks.
@end deftypefun
@deftypefun void gcry_md_putc (gcry_md_hd_t @var{h}, int @var{c})
@@ -3253,7 +3257,9 @@ message digest or some padding.
Finalize the message digest calculation. This is not really needed
because @code{gcry_md_read} does this implicitly. After this has been
done no further updates (by means of @code{gcry_md_write} or
- at code{gcry_md_putc} are allowed. Only the first call to this function
+ at code{gcry_md_putc} should be done; However, to mitigate timing
+attacks it is sometimes useful to keep on updating the context after
+having stored away the actual digest. Only the first call to this function
has an effect. It is implemented as a macro.
@end deftypefun
@@ -3266,8 +3272,9 @@ function:
calculation. This function may be used as often as required but it will
always return the same value for one handle. The returned message digest
is allocated within the message context and therefore valid until the
-handle is released or reseted (using @code{gcry_md_close} or
- at code{gcry_md_reset}. @var{algo} may be given as 0 to return the only
+handle is released or reset-ed (using @code{gcry_md_close} or
+ at code{gcry_md_reset} or it has been updated as a mitigation measure
+against timing attacks. @var{algo} may be given as 0 to return the only
enabled message digest or it may specify one of the enabled algorithms.
The function does return @code{NULL} if the requested algorithm has not
been enabled.
@@ -3680,10 +3687,13 @@ see how it is actually done.
@deftypefun gcry_error_t gcry_mac_write (gcry_mac_hd_t @var{h}, const void *@var{buffer}, size_t @var{length})
Pass @var{length} bytes of the data in @var{buffer} to the MAC object
-with handle @var{h} to update the MAC values.
+with handle @var{h} to update the MAC values. If this function is
+used after the context has been finalized, it will keep on pushing the
+data through the algorithm specific transform function and thereby
+change the context; however the results are not meaningful and this
+feature is only available to mitigate timing attacks.
@end deftypefun
-
The way to read out the calculated MAC is by using the function:
@deftypefun gcry_error_t gcry_mac_read (gcry_mac_hd_t @var{h}, void *@var{buffer}, size_t *@var{length})
@@ -3694,7 +3704,6 @@ Function copies the resulting MAC value to @var{buffer} of the length
then length of MAC is returned through @var{length}.
@end deftypefun
-
To compare existing MAC value with recalculated MAC, one is to use the function:
@deftypefun gcry_error_t gcry_mac_verify (gcry_mac_hd_t @var{h}, void *@var{buffer}, size_t @var{length})
commit 943ce27e6a13057c988c35c913dc6a3f56149591
Author: Werner Koch
Date: Fri Dec 19 09:11:08 2014 +0100
doc: typo fix
--
GnuPG-bug-id: 1589
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 108d53a..be5f805 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3414,7 +3414,7 @@ hashed can be written to files on request.
@deftypefun void gcry_md_debug (gcry_md_hd_t @var{h}, const char *@var{suffix})
Enable debugging for the digest object with handle @var{h}. This
-creates create files named @file{dbgmd-.} while doing the
+creates files named @file{dbgmd-.} while doing the
actual hashing. @var{suffix} is the string part in the filename. The
number is a counter incremented for each new hashing. The data in the
file is the raw data as passed to @code{gcry_md_write} or
-----------------------------------------------------------------------
Summary of changes:
cipher/hash-common.c | 5 +-
cipher/md.c | 3 ++
cipher/rijndael-ssse3-amd64.c | 19 +++++++-
cipher/scrypt.c | 19 ++++----
configure.ac | 4 +-
doc/gcrypt.texi | 25 ++++++----
doc/yat2m.c | 103 +++++++++++++++++++++++++++++++++++++++--
7 files changed, 155 insertions(+), 23 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jan 5 18:59:03 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Jan 2015 18:59:03 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-153-g8c5eee5
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 (commit)
from dd5df198727ea5d8f6b04288e14fd732051453c8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83
Author: Werner Koch
Date: Mon Jan 5 18:58:39 2015 +0100
primegen: Fix memory leak for invalid call sequences.
* cipher/primegen.c (prime_generate_internal): Refactor generator code
to not leak memory for non-implemented feature.
(_gcry_prime_group_generator): Refactor to not leak memory for invalid
args. Also make sure that R_G is set as soon as possible.
--
GnuPG-bug-id: 1705
Signed-off-by: Werner Koch
diff --git a/cipher/primegen.c b/cipher/primegen.c
index ce6db8d..2a702a7 100644
--- a/cipher/primegen.c
+++ b/cipher/primegen.c
@@ -622,47 +622,44 @@ prime_generate_internal (int need_q_factor,
}
}
- if (g)
+ if (g && need_q_factor)
+ err = GPG_ERR_NOT_IMPLEMENTED;
+ else if (g)
{
/* Create a generator (start with 3). */
gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));
gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));
gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));
- if (need_q_factor)
- err = GPG_ERR_NOT_IMPLEMENTED;
- else
+ factors[n] = q;
+ factors[n + 1] = mpi_alloc_set_ui (2);
+ mpi_sub_ui (pmin1, prime, 1);
+ mpi_set_ui (g, 2);
+ do
{
- factors[n] = q;
- factors[n + 1] = mpi_alloc_set_ui (2);
- mpi_sub_ui (pmin1, prime, 1);
- mpi_set_ui (g, 2);
- do
+ mpi_add_ui (g, g, 1);
+ if (DBG_CIPHER)
+ log_printmpi ("checking g", g);
+ else
+ progress('^');
+ for (i = 0; i < n + 2; i++)
{
- mpi_add_ui (g, g, 1);
- if (DBG_CIPHER)
- log_printmpi ("checking g", g);
- else
- progress('^');
- for (i = 0; i < n + 2; i++)
- {
- mpi_fdiv_q (tmp, pmin1, factors[i]);
- /* No mpi_pow(), but it is okay to use this with mod
- prime. */
- mpi_powm (b, g, tmp, prime);
- if (! mpi_cmp_ui (b, 1))
- break;
- }
- if (DBG_CIPHER)
- progress('\n');
+ mpi_fdiv_q (tmp, pmin1, factors[i]);
+ /* No mpi_pow(), but it is okay to use this with mod
+ prime. */
+ mpi_powm (b, g, tmp, prime);
+ if (! mpi_cmp_ui (b, 1))
+ break;
}
- while (i < n + 2);
-
- mpi_free (factors[n+1]);
- mpi_free (tmp);
- mpi_free (b);
- mpi_free (pmin1);
+ if (DBG_CIPHER)
+ progress('\n');
}
+ while (i < n + 2);
+
+ mpi_free (factors[n+1]);
+ mpi_free (tmp);
+ mpi_free (b);
+ mpi_free (pmin1);
}
if (! DBG_CIPHER)
@@ -1194,22 +1191,25 @@ _gcry_prime_group_generator (gcry_mpi_t *r_g,
gcry_mpi_t prime, gcry_mpi_t *factors,
gcry_mpi_t start_g)
{
- gcry_mpi_t tmp = mpi_new (0);
- gcry_mpi_t b = mpi_new (0);
- gcry_mpi_t pmin1 = mpi_new (0);
- gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
- int first = 1;
- int i, n;
-
- if (!factors || !r_g || !prime)
+ gcry_mpi_t tmp, b, pmin1, g;
+ int first, i, n;
+
+ if (!r_g)
return GPG_ERR_INV_ARG;
*r_g = NULL;
+ if (!factors || !prime)
+ return GPG_ERR_INV_ARG;
for (n=0; factors[n]; n++)
;
if (n < 2)
return GPG_ERR_INV_ARG;
+ tmp = mpi_new (0);
+ b = mpi_new (0);
+ pmin1 = mpi_new (0);
+ g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
+
/* Extra sanity check - usually disabled. */
/* mpi_set (tmp, factors[0]); */
/* for(i = 1; i < n; i++) */
@@ -1219,6 +1219,7 @@ _gcry_prime_group_generator (gcry_mpi_t *r_g,
/* return gpg_error (GPG_ERR_INV_ARG); */
mpi_sub_ui (pmin1, prime, 1);
+ first = 1;
do
{
if (first)
-----------------------------------------------------------------------
Summary of changes:
cipher/primegen.c | 79 +++++++++++++++++++++++++++--------------------------
1 file changed, 40 insertions(+), 39 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jan 5 19:39:01 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Jan 2015 19:39:01 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-154-g8174723
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 817472358a093438e802380caecf7139406400cf (commit)
from 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 817472358a093438e802380caecf7139406400cf
Author: Werner Koch
Date: Mon Jan 5 19:38:29 2015 +0100
random: Silent warning under NetBSD using rndunix
* random/rndunix.c (STDERR_FILENO): Define if needed.
(start_gatherer): Re-open standard descriptors. Fix an
unsigned/signed pointer warning.
--
GnuPG-bug-id: 1702
diff --git a/configure.ac b/configure.ac
index 161571a..4cfebe7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2184,11 +2184,10 @@ cat < sizeof(msg.data)? sizeof(msg.data) : nbytes;
memcpy( msg.data, p, msg.ndata );
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 7 +++----
random/rndunix.c | 19 ++++++++++++++++++-
2 files changed, 21 insertions(+), 5 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 6 14:51:45 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Jan 2015 14:51:45 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-155-ge6996fe
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via e6996fe55685f8042a846b465e0d0c097d615086 (commit)
from 817472358a093438e802380caecf7139406400cf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e6996fe55685f8042a846b465e0d0c097d615086
Author: Werner Koch
Date: Tue Jan 6 14:51:39 2015 +0100
build: Add a commit-msg git-hook script.
--
This is the same script as used by GnuPG. It makes sure that lines
are not too long and checks some other basic things. ./autogen.sh
installs it.
diff --git a/build-aux/git-hooks/commit-msg b/build-aux/git-hooks/commit-msg
new file mode 100755
index 0000000..5a697c7
--- /dev/null
+++ b/build-aux/git-hooks/commit-msg
@@ -0,0 +1,127 @@
+eval '(exit $?0)' && eval 'exec perl -w "$0" ${1+"$@"}'
+ & eval 'exec perl -w "$0" $argv:q'
+ if 0;
+
+# An hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message. The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit. The hook is allowed to edit the commit message file.
+#
+# To enable this hook, copy it to "~/.git/hooks/commit-msg".
+#
+# This script is based on the one from GNU coreutils.
+
+use strict;
+use warnings;
+(my $ME = $0) =~ s|.*/||;
+
+my $editor = $ENV{EDITOR} || 'vi';
+$ENV{PATH} = '/bin:/usr/bin';
+
+# Rewrite the $LOG_FILE (old contents in @$LINE_REF) with an additional
+# commented diagnostic "# $ERR" line at the top.
+sub rewrite($$$)
+{
+ my ($log_file, $err, $line_ref) = @_;
+ local *LOG;
+ open LOG, '>', $log_file
+ or die "$ME: $log_file: failed to open for writing: $!";
+ print LOG "# $err";
+ print LOG @$line_ref;
+ close LOG
+ or die "$ME: $log_file: failed to rewrite: $!\n";
+}
+
+sub re_edit($)
+{
+ my ($log_file) = @_;
+
+ warn "Interrupt (Ctrl-C) to abort...\n";
+
+ system 'sh', '-c', "$editor $log_file";
+ ($? & 127) || ($? >> 8)
+ and die "$ME: $log_file: the editor ($editor) failed, aborting\n";
+}
+
+# Given a $LOG_FILE name and a \@LINE buffer,
+# read the contents of the file into the buffer and analyze it.
+# If the log message passes muster, return the empty string.
+# If not, return a diagnostic.
+sub check_msg($$)
+{
+ my ($log_file, $line_ref) = @_;
+
+ local *LOG;
+ open LOG, '<', $log_file
+ or return "failed to open for reading: $!";
+ @$line_ref = ;
+ close LOG;
+
+ my @line = @$line_ref;
+ chomp @line;
+
+ # Don't filter out blank or comment lines; git does that already,
+ # and if we were to ignore them here, it could lead to committing
+ # with lines that start with "#" in the log.
+
+ # Filter out leading blank and comment lines.
+ # while (@line && $line[0] =~ /^(?:#.*|[ \t]*)$/) { shift @line; }
+
+ # Filter out blank and comment lines at EOF.
+ # while (@line && $line[$#line] =~ /^(?:#.*|[ \t]*)$/) { pop @line; }
+
+ @line == 0
+ and return 'no log message';
+
+ # The first line should not be too short
+ 8 < length $line[0] || return 'summary line too short';
+
+ # The first line should not start with an asterisk or a hash sign.
+ # An asterisk might indicate that a change entry was started right
+ # at the first line.
+ $line[0] =~ /^[*#]/ && return "summary line starts with an * or #";
+
+ # Second line should be blank or not present.
+ 2 <= @line && length $line[1]
+ and return 'second line must be empty';
+
+ # Limit line length to allow for the ChangeLog's leading TAB.
+ foreach my $line (@line)
+ {
+ 72 < length $line && $line =~ /^[^#]/
+ and return 'line longer than 72 characters';
+ }
+
+ return '';
+}
+
+{
+ @ARGV == 1
+ or die;
+
+ my $log_file = $ARGV[0];
+
+ while (1)
+ {
+ my @line;
+ my $err = check_msg $log_file, \@line;
+ $err eq ''
+ and last;
+ $err = "$ME: $err\n";
+ warn $err;
+ exit 1;
+
+ # Insert the diagnostic as a comment on the first line of $log_file.
+ #rewrite $log_file, $err, \@line;
+ #re_edit $log_file;
+ #
+ ## Stop if our parent is killed.
+ #getppid() == 1
+ # and last;
+ }
+}
+
+# Local Variables:
+# mode: perl
+# End:
-----------------------------------------------------------------------
Summary of changes:
build-aux/git-hooks/commit-msg | 127 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 127 insertions(+)
create mode 100755 build-aux/git-hooks/commit-msg
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 6 15:04:33 2015
From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov)
Date: Tue, 06 Jan 2015 15:04:33 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-157-ge4de523
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via e4de52378a85cf383994ded8edf0d5cf98dcb10c (commit)
via 05dc5bcd234909ae9c9366b653346076b9a834ed (commit)
from e6996fe55685f8042a846b465e0d0c097d615086 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e4de52378a85cf383994ded8edf0d5cf98dcb10c
Author: Dmitry Eremin-Solenikov
Date: Sun Dec 28 12:15:33 2014 +0300
stribog: Reduce table size to the needed one.
* cipher/stribog.c (C16): Avoid allocating superfluous space.
--
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/stribog.c b/cipher/stribog.c
index 942bbf4..de167a7 100644
--- a/cipher/stribog.c
+++ b/cipher/stribog.c
@@ -1080,7 +1080,7 @@ static const u64 stribog_table[8][256] =
U64_C(0x72d14d3493b2e388), U64_C(0xd6a30f258c153427) },
};
-static const u64 C16[13][16] =
+static const u64 C16[12][8] =
{
{ U64_C(0xdd806559f2a64507), U64_C(0x05767436cc744d23),
U64_C(0xa2422a08a460d315), U64_C(0x4b7ce09192676901),
commit 05dc5bcd234909ae9c9366b653346076b9a834ed
Author: Dmitry Eremin-Solenikov
Date: Sun Dec 28 12:05:43 2014 +0300
gostr3411-94: Fix the iteration count for length filling loop.
* cipher/gostr3411-94.c (gost3411_final): Fix loop
--
The maximum iteration count for filling the l (bit length) array was
incrrectly set to 32 (missed that in u8->u32 refactoring). This was
not resulting in stack corruption, since nblocks variable would be
exausted earlier compared to 8 32-bit values (the size of the array).
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c
index 91e5b4c..7b16e61 100644
--- a/cipher/gostr3411-94.c
+++ b/cipher/gostr3411-94.c
@@ -307,7 +307,7 @@ gost3411_final (void *context)
l[0] |= nblocks << 8;
nblocks >>= 24;
- for (i = 1; i < 32 && nblocks != 0; i++)
+ for (i = 1; i < 8 && nblocks != 0; i++)
{
l[i] = nblocks;
nblocks >>= 24;
-----------------------------------------------------------------------
Summary of changes:
cipher/gostr3411-94.c | 2 +-
cipher/stribog.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 6 20:32:52 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Jan 2015 20:32:52 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-159-g4f7dcdc
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 4f7dcdc25af269b12275126edeef30b262fb891d (commit)
via c33277d2da321df04db1988ed6758a1350025634 (commit)
from e4de52378a85cf383994ded8edf0d5cf98dcb10c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4f7dcdc25af269b12275126edeef30b262fb891d
Author: Werner Koch
Date: Tue Jan 6 20:30:37 2015 +0100
Make make distcheck work again.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers.
* cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h.
diff --git a/Makefile.am b/Makefile.am
index 2d7ca43..4c2c509 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -18,8 +18,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \
- --enable-ciphers=arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia
+DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc
# (A suitable gitlog-to-changelog script can be found in GnuPG master.)
GITLOG_TO_CHANGELOG=gitlog-to-changelog
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index e59bafc..ceb95f1 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -26,6 +26,8 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS)
AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
+DISTCLEANFILES = gost-sb.h
+
noinst_LTLIBRARIES = libcipher.la
commit c33277d2da321df04db1988ed6758a1350025634
Author: Werner Koch
Date: Tue Jan 6 18:54:24 2015 +0100
Remove the old Manifest files
--
The Manifest file have been part of an experiment a long time ago to
implement source level integrity. I is not maintained for more than a
decade and with the advent of git this is superfluous anyway.
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 7dd626c..e59bafc 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -19,8 +19,6 @@
# Process this file with automake to produce Makefile.in
-EXTRA_DIST = Manifest
-
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
diff --git a/cipher/Manifest b/cipher/Manifest
deleted file mode 100644
index 0cd64f7..0000000
--- a/cipher/Manifest
+++ /dev/null
@@ -1,73 +0,0 @@
-# Manifest - checksums of the cipher directory
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-# Checksums for all source files in this directory. Format is
-# filename, blanks, base-64 part of an OpenPGP detached signature
-# without the header lines. Blank lines and lines beginning with a
-# hash mark are ignored. A tool to process this file is available by
-# cvs -d :pserver:anoncvs at cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool
-#
-# The special entry "$names$" holds a signature over all sorted
-# filenames excluding itself.
-
-
-# Algorithm API
-cipher.c iQCVAwUAQDzrVjEAnp832S/7AQIPDgP+OVJ/YNWY5m7c09EBbPAzL/WsGoj6wrBNMmkRlMOqTHeh+OOtjuFHt1f9uhfM2Nzl7sJ5+h4ryZKLEZmQPRMTZTnAqkvGdsrJWJnigUA9QwYdV0ONqC9C63gpuG465gO9TZVOqlQu/FTxSRuTQYUulkaBNG71n8nZEOusBVwV2YA==58xH
-pubkey.c iQCVAwUAP9XQ3jEAnp832S/7AQJ5UgQAyHfEBvPVJ8wTRg8c7ixS2GiVmIgwIo5tvQaiQJTPWASevvYrB+2Z2qa9cATyu50ACjLzbaquGBgPzjJV3dU/qttT1gCqRuN/LCNvXFe5qnIZezejc3RAadFNTw/pOTHq0wxD1Keg66ruei9R36Nba59pEQIWIBXTfubRft2hMYk==E09t
-ac.c iQCVAwUAQDzsOzEAnp832S/7AQJCBQP/WI6EV/dsR4rmha6RVhvkjZo17kQ8z6pIl5J3cXOvqEkIFeD2HYu3HHrWST5l7yXlffhpDkVHkfMih4ruK76q6Fm0dxZ98pO4C/dVtgimlvvcy/wOQjpzsE0fYAe1BYdg81LJ09X33vW5x6C29lunfKROO2tPlV5i8ffeoFvmMF8==j26g
-md.c iQCVAwUAP+NFGjEAnp832S/7AQJs8wP/Qdk0EAKsyr3O1/pmOSN8AG4rPKbd6KDTzvoBPAN4upFwKYY4hWwvy12Q3YU9DmECrzZkRCXHR7mljVQKs6B7CRZJKjFKmOELpcJDtKvu40vTs1bOH4k9iJYZpGgRA83nkQ+ELAcphAbCA+KIpVr2K4mCJAB0FhpC2uOQ50JHAko==BeF6
-primegen.c iQCVAwUAQDzsoDEAnp832S/7AQKYRwP/TqAQBm1rHTnF0HYE05PqXfWlOqa6EosqVpaOcs/OIW6PaqX0xH1UlrukK7jNOjK3xC4o1qNQ1UKzz2dvQaq1bMvNNizeavxAh10SJZc0hIc/ofc83IbjLh8SZVWQ67JxjsUd3DOXmSmhPZ+Pqd7cUIiw8fDoF+I9EZqy3COu1wY==1ebT
-
-# Algorithm implementations
-arcfour.c iQCVAwUAP9XR/TEAnp832S/7AQJcRwP6AlvYEx++fpT4mIYo0xRDqKEQeqMQvbaRhIg2eV74JxItpHa3q5YsYIl+n1yUz5g35JRWWXSWmAZBwO5wLKsHii4kRUhgrKWnSoQZoPpl49L5+N3R58ON3S0ru5lsBiEJEze3xplf2vqwrH9v1QHVD+gU7UTlfNqrIJoOUXN+1O4==Tq+x
-blowfish.c iQCVAwUAP9XTETEAnp832S/7AQJaEgQAgiqqfuO+zQtscgTB0rvOzVymIKjRKjYhFuLjVuc79G4z1RCAffvIn/YM2d7kt+Z/QF7zjcTAOgETCQL1XokpX2zz9HPAMi2tlDY5zsDufTNqj0n4WBL9nM7w6XAvsiwP1B3bqCTv9SjJV4KbxJ58vw1yQE+sqW74R/QIHFvC7mU==wZnX
-cast5.c iQCVAwUAP9XT6DEAnp832S/7AQJ3xgP/ehLjEN3GELGudbqeo91Xd+PqitHrkuBbtRIYX7Udd/fyXLN+h8rMJVyIQX2m+mpxbBxudVU3x8/DNT8B0ZHAwK6qqJmEBLLhEYPgIuF76i9LMrP1KqUPhAwRZ2OppjIIugBQ+rP74aD4eLyd/aKQHNuXML8QGWR6KwQShohXM5I==/BRh
-crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D
-des.c iQCVAwUAQCN2oDEAnp832S/7AQL/jwP6Auoq6nZCDBjpgc9tDzuIRwa9DqyuM3gX94uvgEpUwdHszb2bG43dz03kVmcYxtj1MzXbyCeCZOwox0b2SKmLgxIbrNP6yGbzVdTj6592gDYuf/ZXmc1ZNJ1DDldcPQ0n9fXUipUPwyPaNWo3mSZaNcMKSWWzdK0J6ciG6nk7SWI==9k/t
-dsa.c iQCVAwUAP9XZHDEAnp832S/7AQLBRgP/XrBzTEYx5ccMj1MMb6sg37liEHdIyyy49zjvt6jUqxj4RuwVEN8S6v3u4q/QyJkHAi1E0EkREgENlyHW6PKWhYbcrd0vPIAN15yjnl2yqtrCrJImexUCoqJJewK0E4JOicGbabTil8MZjk+mbhEPnjJBqOkyP1w0i31pEDgE/8M==pC8s
-elgamal.c iQCVAwUAP9XbYzEAnp832S/7AQLXagQA3HrvspZfbTGgmUH0IqLQTJ0exUPxJv5DET2TvoIy62trDmMN6lTAj5P+a7jQ8udcu0w+mR2vXUHcxUpNA2PxLaMwGzNSY4zRDNe9r3SFTDrFm6m4y9Ko2e8XtEA+WF6P/XLpck4Jn7vMEDmVGPwkNd22kXFFE8dBGwG6i5Hk1Mk==oBUs
-md4.c iQCVAwUAP9h50DEAnp832S/7AQJhHgQAzNA/B6MWFDlCtPkIVaW8RpP1Eg0ZNMsy0s7SJkopOCBlu6CwXUOKe+8ppcSxhjYKh4i4uQr/QtfipYlBjzKJGnrafoF/NugXNCOHSTGT11TvK7mCiBuUMVgvZGAlOJImk6eTTfUjRrMfaXM/SWl8bdJ4ZpzdjEyVh89r7I5JrGk==x2UD
-md5.c iQCVAwUAP9h7LzEAnp832S/7AQJUGQP/c0cbf6WZXCzmjufHxiE9FAQBzTsA0WtaNqdFcHl7fhmikGtknlaED8n5a7eYd/C481UQW6Wgq/oZdsvgoPWPhG3fOCy2CFP9cZVXITuMSf0ucyZTFUJNO15fnZ+nDfsUv+JPdv1aSeRinAUtfAcSKfkSyR9BCPZvkx+tgU6cphU==Zv+h
-rijndael.c iQCVAwUAP9h9cTEAnp832S/7AQKF1AP+P2L/tPqDJRDg+/fwbOk8Ts0MNxnvvYEm3gE73TKuLt1S+B2+jkrZcKNvM5VGPnVMJbnS0lmIK04nmedHCOftGTOwhGulZAHHIaKGystT3Jql4iPws/JMgAjE7Fyxh5WZMtB9yEljKBpJ5XNqhrMvvxcHpnyP3+YzIXNwzk34V+c==dJ5k
-rmd160.c iQCVAwUAP9h+bTEAnp832S/7AQK1OgP+PNKF6Nzi6X93easVlksdLqKEsArCAw2QjGWDGyxTnbiJM55qAl9JxR1mn3V+oOL7izLLwTt6EYK9evhzfcxY5N5Mni85RAcsLPsuAfQDEzjI6GUWHtQUKPbM+BaorzfhQjYFSZyvum/dZYJ/WfiwwwhqqIKyVU2ZFSqA38YGC/c==9jdA
-rsa.c iQCVAwUAP9iHIzEAnp832S/7AQKAYwQAuWtnMte54QHN+Hij9t4sGuypXogajOb1vQQwGgS0fKsaBZsuSP2amze4o5diIvsQTsFQ4CzjvqoCVuBDoHM3xkSD8wGDizgvtCamAxkdbF7wmzldKFn8SpJqlVwWQMP6kk1IjXHEuYb4IDWGTbVMhfEu+eOlU8+PSK4IhZqNvt4==/3hp
-serpent.c iQCVAwUAP9h/VzEAnp832S/7AQLyCwP/d1zbmb7l/PriZNa9/Z7mo01XFe5MnAqCfIwhl9GjeaMszcoS37jECNq5nLvrTTFIIJpm3rvBePwiCG4Wwx1I18HCxaP198pcSaR+BLOJ3Aj52EZPrxtqlDKuFr38ZOP5giyUqUYVYGVdrz4kRMNWAZQK53GeJnGhXCnhxojLEgA==ck46
-sha1.c iQCVAwUAP9iATTEAnp832S/7AQKcSwQAwAs/HnNqho3lU1ZUgCPNt5P2/Brm6W21+wWWGKJkSrra/c4NYVKJGDDwlsFE0b9ln1uZt7bHReFkKXK3JnrKTmNVcx/Cy64iCMRNMhaM72Mqy7wWx5yHBAmMBxzFGnNQKbmeY52zeGih5HsNLSibc2pPuOViWo2JPJ5Ci/wIwl8==/wtO
-sha256.c iQCVAwUAP9iAtzEAnp832S/7AQJD2QP/UqvL0hhjG1wEFbGrdkV9tba1sMDXdnnK6X7HdLuRpVAgNiQiFf8JDmntd/dZ2Q71p4Uae2ctqve4WoEijPUZPjACnpuZfx0SEQL0lQBkwxzJp7lz9ujVtwQ2cM/aYexJkXcWgGcloJNLM3JbWPGIJnuYbr/IwJ6RQF9vgj0357o==UWO1
-sha512.c iQCVAwUAP9iBTDEAnp832S/7AQIPBAQA28CJSUQLiW0s2x9u8/OH2eKnxPjA4sZmb50WP7920Lem66P31C3BrOqwfBot4RLhjL+zh/+Uc4s3HPwApZuj9E4BxNMlqLv+Tqk++DAbdaOeYT4jeUt+mlhQQ6mH/RDsy32rZsNsGQ2bUGxazZmfG++PL3JyhawqCy00SUDr/o0==H+0X
-tiger.c iQCVAwUAP9iCfjEAnp832S/7AQKufwP/fryv3MqSOYY+90325DH7X3/CtekxeooN0scGsHX0fxBakWSMecTNrj33KPddLS46gU/S89zIc2N/Bw/7EVIAXVFA3/3Ip+OrFOuIMO4Py1sCdB8o2Y+5ygv8iXLcsXIq1O0av79i9g774V3uaXa2qN9ZnXe0AEhcy8FHJ2i/wro==5XVB
-twofish.c iQCVAwUAP9iD6TEAnp832S/7AQKUnQP/Rq8FaYeHTG7HbZuqAs9pbPitzjDbkdZddmInWR7NmevBkKvhsJALjVooc0KGQfo2lAAmy3Xi/4QQN8VPn51DVjDIgf7x+DQh/9TFJHMccxI9asUgi4+TNnmMqLU1k3N8S2PjyZ1sjeC8B79fKPpwCzj72WkqPkzZw3l2jArr+dU==NdJT
-rfc2268.c iQCVAwUAQCN+3jEAnp832S/7AQLv1gQA1hJh29hAjKi4uLSGxXvJ6cyYmPdmevdKrbLnuHZWtHe4xvCgy/nTdEojEpxgLp/hL/ogasuWRC1W16Wiz9ryxf7YR0uhZWayO/bQNagpfU5MIkJTLuKqqgpwYumCSQfOugXVAqcgEzj+13eeyJaFVrzwrNa67sh84nmbjOjNjvE==0zBq
-
-# Random number related
-random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419
-random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU
-rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE
-rndlinux.c iQCVAwUAP9iPYTEAnp832S/7AQL6/AP/ZDrbOkVuB9qJ7sKeX1MImZEsz3mi0xPovJzaBtBU7a0idcUKrWYOvQFWRlLUeq0iCT6+h2l5bniP7q7hepzlKa+VPY9VWaQthqeJm2l5LN6QQ5PyMfBq04QuBncw9BJnCGmEyTLt3RxIXBAPdxmiVxtcRIFUqCBtQvoUXGLvemw==t37k
-rndegd.c iQCVAwUAP9iPRDEAnp832S/7AQImBQP/WHKg+hKXcm1pQvilzML0jZpwK5PAMM4uBnnPJNIXWOYBO6I/Xg9d/tPLg8NlmmtyQCo2Eu0ybDSt+8mu+dWveAys+0LTi0MIqeP9BMzCKz8dnWH6+S8huLXwTF3m0IrqM0JLb6b71GK9SOq6sWQ22yW5vf61hXP8kH9dhIaoMZs==FaHV
-rndunix.c iQCVAwUAP9iQlzEAnp832S/7AQL/KgQA29GnvcD4Xb5qjDMBgW9THEE4+4lfex/6k+Fh0IT61OLJsWVLJ7bJpRntburw4uQm4Tf7CO8vaiDFDYhKKrzXeOF1fmdpcL8hA+fNp9I/MUOc4e9kN9+YJ9wikVa0SZj1OBfhzgcFLd1xOtulkr3ii52HLF9vhrxzkgVwvD10Bi8==2cML
-rndw32.c iQCVAwUAP9iRKDEAnp832S/7AQIuaAQA3AJr3WqnxNDsWCIdvehf8Suotthj+laX8nJsvDfFhXPKcXDpsg0wTTXSnnKgyED53+uYiMDnVRsxeWAyhKwvx1MjjlaSMMjzbH6isWTH8FaWpLgrxEkXoPeNqYf5FXpdUkcUxGX2RkQeuX/cIfiHLNE9CV0usaF2jysjBX2iERY==EEnO
-
-# Helper
-bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN
-rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN
-
-# Configuration
-Makefile.am iQCVAwUAQCN33TEAnp832S/7AQKFJAQAz7BDkC814q+QiuE/jnutJHR5qlgbrm3ikGbQwdRzYUscst4bCCWy3uKL/sIPGLg+JQXtF5FnsQy3s4D9BOYhp72cA9ktYK65hhi4pNm/JQ0lXkZMNfk8Go5lNzKezlWwHvkMwRXR0Fep0wPdyeaKW5BfaW2ABvgep6Bp+hHEbyg==zSyi
-$names$ iQCVAwUAQCN3EDEAnp832S/7AQJXLAP8DvHTpm5DkTF35EmzeKpi9ie59AZcZanD19ir/e/7+PaQxr2riuLHDGwFKTju+dcvvBsqrygXOC378GXVWzIF2OZwS4EdDcJ+pgojo9UpsqpKsJHouY4Ugx5cQialxba462kUn8hcihSBnMyc4LzbJ5WQ4puQuqy544d2x94+2ms==G4Ls
diff --git a/mpi/Makefile.am b/mpi/Makefile.am
index c41b1ea..8f39ee7 100644
--- a/mpi/Makefile.am
+++ b/mpi/Makefile.am
@@ -29,7 +29,7 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS)
AM_ASFLAGS = $(MPI_SFLAGS)
AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
-EXTRA_DIST = Manifest config.links
+EXTRA_DIST = config.links
DISTCLEANFILES = mpi-asm-defs.h \
mpih-add1-asm.S mpih-mul1-asm.S mpih-mul2-asm.S mpih-mul3-asm.S \
mpih-lshift-asm.S mpih-rshift-asm.S mpih-sub1-asm.S asm-syntax.h \
diff --git a/mpi/Manifest b/mpi/Manifest
deleted file mode 100644
index 3b0d673..0000000
--- a/mpi/Manifest
+++ /dev/null
@@ -1,41 +0,0 @@
-# Manifest - checksums of the mpi directory
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-Makefile.am
-config.links
-longlong.h
-mpi-add.c
-mpi-bit.c
-mpi-cmp.c
-mpi-div.c
-mpi-gcd.c
-mpi-inline.c
-mpi-inline.h
-mpi-internal.h
-mpi-inv.c
-mpi-mpow.c
-mpi-mul.c
-mpi-pow.c
-mpi-scan.c
-mpicoder.c
-mpih-div.c
-mpih-mul.c
-mpiutil.c
-$names$ iQCVAwUAP+LmfDEAnp832S/7AQKZJQQAkR/gQITUM+6Ygy9WAOAO17btyKAlCtGTXp5XSZ+J3X0o/rYneRdSCW89IJvwFRJjAOcFJd52MXs6ZVFF/RQBC8MvJzuQChbEzvihK8o2VgK34YWjU+6XH9sFgRMIgzkHs/51ZZxeQUOPy1XF7TyKB0WE7YBUVisFiRaqB1qGIOs==Z3qB
-
diff --git a/mpi/generic/Manifest b/mpi/generic/Manifest
deleted file mode 100644
index c429fde..0000000
--- a/mpi/generic/Manifest
+++ /dev/null
@@ -1,29 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-add1.c iQCVAwUAP+Lj2DEAnp832S/7AQKn/AQAwQLWggl6zNQ5EZ+lE+jKV8W3FsogW3/6tp9T5rrSR5JnlWyoHQ9/Pu4knOcLjS6nIfVOiAEifu3nuIysQr9jDSSSJA2LylSUBSXKLKDamPsOCwXOLxiZODslJT3CCGAUtLvXJrWDbTZQrkEuwnLnjQFDzuA7iY9JLrG9kAoXD6Q==WoWm
-mpih-mul1.c iQCVAwUAP+LkCTEAnp832S/7AQKFVQP+MhBNjcY73JtnsHZfnaVZq3TiKwN151cWV51nDc1RnTaMhSIFeuNlj3vNML2W0Gn8n+GnyiWE2XXdQEaik6BL02eekUn9aq7I/rdpnTHuOjQPK1uwjuNl8RuJ9YrERBAxq4oB71f+iwMab8dsMSUlVC+NdeAocRqLLgnR/efkdLc==2Tkb
-mpih-mul2.c iQCVAwUAP+LkMjEAnp832S/7AQLPeAQAqmRzxFe/mDqTdZr/pTXT8RVyB1vKB0Ei2THV05BxmI4OPv39uysfFpLMt/INsX7AGqdOlj4jOZ/qNaFXR1ceMrlSXvo8u/epk6rCXFp82kM7Qs983LjoP//PrMCkYkXwblaVrgUGiBUCbuPMliWTK6qKkxxXtEfqZ7nVbEWdBx8==Kwhl
-mpih-mul3.c iQCVAwUAP+LkVDEAnp832S/7AQL91gP/Qd5iZWxRiN5DdEIVHAedoNvl23NPrT2UUdXvnSK49DpplTxkLiMBj0WqCayG/YIET2NpMRCeLvAZNcSt6lOm0bSZDYo1Hv/N+UoqD3V1McjY16REBv/nnPaMWMZcx7rl5yKTVZiX2PgV6oQOL7Yfrt5ZIOlrHBRs9S2/zcCaVz0==9BQe
-mpih-lshift.c iQCVAwUAP+LlATEAnp832S/7AQIACAQAhMrpx0SRXE/LN1NkjMO9n74nMrvmzYJyru0gw2O4BYrUPvD/LWGju2FZaggKV0IBjmi0cDoCrNeK9EGjKOO1lfgODbX2IZ1LUhr9jDuMj0QRqj6T9YkAFYTNUk4GfpwIf7T6Ybo7c78Jx93PidCJt7d39eMMEalooC7LZ4IU3NM==nZ4k
-mpih-rshift.c iQCVAwUAP+LlIjEAnp832S/7AQKiuAP/eYC2ZScd+taBx/kNzRvGjA0eAXvORMkMLV6Ot+OXVzVUi04eoP2yXdxSNFKwUj12p8GWXkdoMG3aOGBKg2a7bY5Q5RUho3hUWb9UsVYVUfXLf7IOTt/3a6MLh2CmV5dFPWJmSlbCyQRcn6n/fLDeJ3A2bWTS/BhqGfpOXUIU1ws==jCf8
-mpih-sub1.c iQCVAwUAP+LlZzEAnp832S/7AQIEPgP/dLHTDRbPrYJhsLp9SjGstU1M8/IC5XytcDtO3NQeu4mx6vaXjpujtsTvKIbX4QL5IahNntVVKv1xFLEm2yFg7L2ns0uD/mfwGgOhCG1j2o/SaTAWP5KxP7ae5UDcZl2w6NWvEuMj9t32zmziAZjP8W73A37FUspeRDYiL9sQzkI==QQzk
-udiv-w-sdiv.c iQCVAwUAP+Lk0TEAnp832S/7AQICXAQAsxe1SQD4+xZaZTqBC0V9Cyuo0mrdccnRFzthOtm0ARwKFXU2cuLW/ZBOkmeWOVmOFhBp22/I8dEGYnMA3gcfmOMCpNu9i9zk/XHfptdunA1MnOe3GsoWgfHL0rhpAyPhp/X043ICB41NElnnuxADuQQlD4Z1fca5ygYxMr2crJg==EI/6
-mpi-asm-defs.h iQCVAwUAP+LkgDEAnp832S/7AQK0FgQAxJZ7xvXhoZa33GWe23LRb3asrno/loZSyAIXrntqtVH8M3pEsCY0OyW4ry4hX2RnxpuhRCM/PdRNLG3xXyMSVIhkHU8WVRLqzF2LLjEkyU3cAmHnnTQ9aO/XpUWtJGTZ8q2bv7ZsAEi4aPl0p6KhPXcPgM9vQ2XcyOPn3Dl0d6Q==xpjI
-$names$ iQCVAwUAP+LmNDEAnp832S/7AQJa+gP+KQNJpbNOgc+s2UX+Ya2gDaOFcAROImIllhg3ej8EaBF8xxdHmWT1zaKwTwi3moEEleykMR104YAGWyQeMbFYiuPPBW+ohrT6KxRBVJpIA9auOOqqJMyglZyoR3Hv7gduVYUW1h/DebnqiKXKEfzQDFqYuT0ayuteoOR4B5NICbE==nLSh
diff --git a/mpi/generic/distfiles b/mpi/generic/distfiles
index 9810eef..649e829 100644
--- a/mpi/generic/distfiles
+++ b/mpi/generic/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-add1.c
mpih-mul1.c
mpih-mul2.c
diff --git a/mpi/i386/Manifest b/mpi/i386/Manifest
deleted file mode 100644
index 812bc8a..0000000
--- a/mpi/i386/Manifest
+++ /dev/null
@@ -1,28 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-add1.S
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-mpih-lshift.S
-mpih-rshift.S
-mpih-sub1.S
-syntax.h
-$names$ iQCVAwUAP+LmOTEAnp832S/7AQJZmgQA1+GIl7rXiEY00y5xD2kG5Lm2QD6c9aBME8hTl812OEcj0ul/QSpdv8E2NEKooifr4SiLVhEVfLNaLqAgN3cIsttn3rRX3/pMC5JwSKHDJPsUbpN9tzb5dr2YC9GG9m8xngAQrN11IQPnGfvFLJK+oDnEMIAeHDpOnX9NeQPDAQA==bnOy
diff --git a/mpi/i386/distfiles b/mpi/i386/distfiles
index 22b9979..88d2a30 100644
--- a/mpi/i386/distfiles
+++ b/mpi/i386/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-add1.S
mpih-mul1.S
mpih-mul2.S
diff --git a/mpi/i586/Manifest b/mpi/i586/Manifest
deleted file mode 100644
index 6d1d7f8..0000000
--- a/mpi/i586/Manifest
+++ /dev/null
@@ -1,27 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-add1.S
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-mpih-lshift.S
-mpih-rshift.S
-mpih-sub1.S
-$names$ iQCVAwUAP+LmQDEAnp832S/7AQKCmgQAhG+E7X0KB4qdVf3sMb6Qr+Iv5Jlehzoub/5vxTRgePKzRuOHidCnTzSSoyzA++UcHrOjHQQDMsXnO6PqpS1d/TKkxjnGN7rE8mvMYlFAT8RsawTozSfh14mCzI0HTDbaKL9Z8pcMJtadB3XqAuqWJNO8kyECJFwurt3DRWXSWS8==Rug5
diff --git a/mpi/i586/distfiles b/mpi/i586/distfiles
index 546f777..8f821fb 100644
--- a/mpi/i586/distfiles
+++ b/mpi/i586/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-add1.S
mpih-mul1.S
mpih-mul2.S
diff --git a/mpi/m68k/Manifest b/mpi/m68k/Manifest
deleted file mode 100644
index 8e0538a..0000000
--- a/mpi/m68k/Manifest
+++ /dev/null
@@ -1,25 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-syntax.h
-mpih-lshift.S
-mpih-rshift.S
-mpih-add1.S
-mpih-sub1.S
-$names$ iQCVAwUAP+LmTDEAnp832S/7AQJHUAP/dxfq2U0pDc5ZLoEizoqgjjcnHIyb9EjMG3YjvgK6jQ62yoAOCuo/jFYlJS+Mdve6bgfdTzYMrnKV7BG2SEcwb263pVnIntS7ZhKQPiMCbFgXWR2VjN3+a1v8yjQDZtgqEgm8OlQ+u7jKBY13Oryiuq5nPNxsXZqJpelG6Zkdg9M==PIee
diff --git a/mpi/m68k/distfiles b/mpi/m68k/distfiles
index 1e2e36f..4c0967b 100644
--- a/mpi/m68k/distfiles
+++ b/mpi/m68k/distfiles
@@ -1,4 +1,3 @@
-Manifest
syntax.h
mpih-lshift.S
mpih-rshift.S
diff --git a/mpi/m68k/mc68020/Manifest b/mpi/m68k/mc68020/Manifest
deleted file mode 100644
index bcb2768..0000000
--- a/mpi/m68k/mc68020/Manifest
+++ /dev/null
@@ -1,23 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-$names$ iQCVAwUAP+LmRTEAnp832S/7AQK3rwP/TyGBbii5HCrjDiLCVJHiDNeOdENx6AicRXnu4vuJmMmPZ0y+i7MPusDaeTbIUA0w6RaJx+Ep41nIvthmNDnFePY5Mw0pIUJcpI7AJR4vYqpwNQA6nlEdn/m1jg6sPLKZXUXNUkhroEzcHzoU+12BPS+nvSXlwSksg6rXEGOJ+Ms==XCXP
diff --git a/mpi/m68k/mc68020/distfiles b/mpi/m68k/mc68020/distfiles
index 6b96433..fc7df9f 100644
--- a/mpi/m68k/mc68020/distfiles
+++ b/mpi/m68k/mc68020/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-mul1.S
mpih-mul2.S
mpih-mul3.S
diff --git a/mpi/mips3/Manifest b/mpi/mips3/Manifest
deleted file mode 100644
index e191184..0000000
--- a/mpi/mips3/Manifest
+++ /dev/null
@@ -1,28 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-add1.S
-mpih-sub1.S
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-mpih-lshift.S
-mpih-rshift.S
-mpi-asm-defs.h
-$names$ iQCVAwUAP+LmUTEAnp832S/7AQLm/gP/RHR2aLMwHPxsq0mGO5H0kneVn8a9l9yDNEZBefkYcOJMb7MZGKxbGspyENiU04Mc2TFnA1wS9gjNHlRWtUYxxn/wyuV6BIRgfstXt2nXGgEQrK07GIz8ETFcYqcxu7JKiICIuXZgnIgdwBJswbBV1zaMUDXeg5B8vkkEeRWj8hQ==IQVO
diff --git a/mpi/mips3/distfiles b/mpi/mips3/distfiles
index ef9b6fe..85260fc 100644
--- a/mpi/mips3/distfiles
+++ b/mpi/mips3/distfiles
@@ -1,4 +1,3 @@
-Manifest
README
mpih-add1.S
mpih-sub1.S
diff --git a/mpi/pa7100/Manifest b/mpi/pa7100/Manifest
deleted file mode 100644
index f075ab0..0000000
--- a/mpi/pa7100/Manifest
+++ /dev/null
@@ -1,22 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-lshift.S
-mpih-rshift.S
-$names$ iQCVAwUAP+LmVjEAnp832S/7AQKlEQQAv2+x/d+Z0t8FwwHlxKpIKOJDr9e+Y2i8y8orcIEa3dnwU5LMOH3EzFoNSD9crc31FMokgm/X5xeLjqRTdcmGHyJJQJDPJVJyuaOm6qHJaFzzfJjrfMW66nJxfNSXIiIm4DgpP20NmumaorLCkiIZ5Z81KGAc8FiRggbRVYx+wxo==Vjh9
diff --git a/mpi/pa7100/distfiles b/mpi/pa7100/distfiles
index e1cde4d..fece943 100644
--- a/mpi/pa7100/distfiles
+++ b/mpi/pa7100/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-lshift.S
mpih-rshift.S
diff --git a/mpi/power/Manifest b/mpi/power/Manifest
deleted file mode 100644
index c60fc23..0000000
--- a/mpi/power/Manifest
+++ /dev/null
@@ -1,27 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-add1.S
-mpih-lshift.S
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-mpih-rshift.S
-mpih-sub1.S
-$names$ iQCVAwUAP+LmXTEAnp832S/7AQJ+ngP/XYr5Fvl/8WGVHcIKaehxvnKcSD2ILTWZNGubgnWp8ebIxVijjQCxYneTTy+zO0sNaB002neyscyiwaJj/JQIwZXfr06uGweIqlSpwpj9ndkoJc8E4/FZu+5NTO+E3RaBDAD+Tpo+MTfbC1s18p5i+an93VrSTgNck5PPYQrUcPA==sl3t
diff --git a/mpi/power/distfiles b/mpi/power/distfiles
index e1bc008..e664c8d 100644
--- a/mpi/power/distfiles
+++ b/mpi/power/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-add1.S
mpih-lshift.S
mpih-mul1.S
diff --git a/mpi/powerpc32/Manifest b/mpi/powerpc32/Manifest
deleted file mode 100644
index 26ab6ea..0000000
--- a/mpi/powerpc32/Manifest
+++ /dev/null
@@ -1,28 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-add1.S
-mpih-sub1.S
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-mpih-lshift.S
-mpih-rshift.S
-syntax.h
-$names$ iQCVAwUAP+LmYzEAnp832S/7AQI/cQP+Mcg9rF/c/bJTY48PE1/ARt7vCMtpIlv9alZSSSrU3WHzCtv9nVczFmwHU3DdKFawigY2DljQcK92dZ5ZlOfpFNMz4PKlVMWaKDk+jKlqm2dxvlHuqEvXPpjFAE2gHrhq5qLXS5ZHeMLJIEK84GYC6fjfLUMdZU3altXTUBvoXhA==Yax+
diff --git a/mpi/powerpc32/distfiles b/mpi/powerpc32/distfiles
index a086614..af10d79 100644
--- a/mpi/powerpc32/distfiles
+++ b/mpi/powerpc32/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-add1.S
mpih-sub1.S
mpih-mul1.S
diff --git a/mpi/sparc32/Manifest b/mpi/sparc32/Manifest
deleted file mode 100644
index d279229..0000000
--- a/mpi/sparc32/Manifest
+++ /dev/null
@@ -1,24 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-lshift.S
-mpih-rshift.S
-mpih-add1.S
-udiv.S
-$names$ iQCVAwUAP+LmaDEAnp832S/7AQISHgP/Z5orU+CPKBeRFCogSQDm4p7J2VpDovU6mtfMTdjhqWuZG0U6y8WqH0aj3USfziOhtc8YjQHQ+97g3+EnIWZgLjKacWC6pScY/QbATEpF1D0Wrcea5rk3qR1t7isdBVVOrxedZ5vuj5Op2zx/0OlPI+wt6fTtW88BdG/a6w/ZU/8==Py6h
diff --git a/mpi/sparc32/distfiles b/mpi/sparc32/distfiles
index a20f18e..51329db 100644
--- a/mpi/sparc32/distfiles
+++ b/mpi/sparc32/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-lshift.S
mpih-rshift.S
mpih-add1.S
diff --git a/mpi/sparc32v8/Manifest b/mpi/sparc32v8/Manifest
deleted file mode 100644
index dc1ce6a..0000000
--- a/mpi/sparc32v8/Manifest
+++ /dev/null
@@ -1,23 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-mpih-mul1.S
-mpih-mul2.S
-mpih-mul3.S
-$names$ iQCVAwUAP+LmbjEAnp832S/7AQKQ2gQAotpCpY9rOJUCdZHbDLXXB9i1UUMraRKbVWimtKq493Y2d2wcqXCK2WaGs1AePK3K6Qk6msxZ0PL5Ho7KgHMkzsZ+wG0EUziiuX0yZRTWNm0r3TYerP6SdWH5GOVdSXn7ckkppk2sVOokfQTy+Tmrnah3+dlYJoujan+fmXWN6Us==DolM
diff --git a/mpi/sparc32v8/distfiles b/mpi/sparc32v8/distfiles
index 6e9a530..2fcb0d1 100644
--- a/mpi/sparc32v8/distfiles
+++ b/mpi/sparc32v8/distfiles
@@ -1,4 +1,3 @@
-Manifest
mpih-mul1.S
mpih-mul2.S
mpih-mul3.S
diff --git a/mpi/supersparc/Manifest b/mpi/supersparc/Manifest
deleted file mode 100644
index 869b97b..0000000
--- a/mpi/supersparc/Manifest
+++ /dev/null
@@ -1,21 +0,0 @@
-# Manifest - checksums
-# Copyright 2003 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-udiv.S
-$names$ iQCVAwUAP+LmdjEAnp832S/7AQIrUgQA3YmurZhK7r20DqRvg0gwNe9jMDcFfUY4ZPhW5HkGzMbmrxXtj5Dx50RIPteum72bXE+IhcngljQb/cskiN5Hi9oc2a2CPhyTqVFEeGyF+kJ170GI1pVfFOfzbVG0F4nEwm5lGHgv/nvFsvrjmmAXVW1v/yk5N35wbiLviOFrLOQ==byFc
diff --git a/mpi/supersparc/distfiles b/mpi/supersparc/distfiles
index ef7c0a5..550601c 100644
--- a/mpi/supersparc/distfiles
+++ b/mpi/supersparc/distfiles
@@ -1,3 +1,2 @@
-Manifest
udiv.S
diff --git a/src/Makefile.am b/src/Makefile.am
index b764852..cbb08af 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -20,7 +20,7 @@
## Process this file with automake to produce Makefile.in
-EXTRA_DIST = Manifest libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
+EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
gcrypt.h.in libgcrypt.def
bin_SCRIPTS = libgcrypt-config
diff --git a/src/Manifest b/src/Manifest
deleted file mode 100644
index 2d003d8..0000000
--- a/src/Manifest
+++ /dev/null
@@ -1,58 +0,0 @@
-# Manifest - checksums of the src directory
-# Copyright 2004 Free Software Foundation, Inc.
-#
-# This file is part of Libgcrypt.
-#
-# Libgcrypt is free software; you can redistribute it and/or modify
-# it under the terms of the GNU Lesser general Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# Libgcrypt is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-
-# Checksums for all source files in this directory. Format is
-# filename, blanks, base-64 part of an OpenPGP detached signature
-# without the header lines. Blank lines and lines beginning with a
-# hash mark are ignored. A tool to process this file is available by
-# cvs -d :pserver:anoncvs at cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool
-#
-# The special entry "$names$" holds a signature over all sorted
-# filenames excluding itself.
-
-gcrypt.h iQCVAwUAQH5RsTEAnp832S/7AQK7xgP+Kc3NY9lipZkaAMrnHDkQVLdHYwTbZWuGOYdTLp8Xy7Auh9wtWV9hrWVUqs+kxDzT/2iF6XkO3WT3rf/PmQ/Q0TIGfOyjE3c/qvB/jVippaxoGda3tnGpODytdI3XPhfPS0Ss8nDzfCStPBGAEq0OVU7imnExrFzhRXt+Gljr0o0==Yagz
-gcrypt-module.h iQCVAwUAQH5UXzEAnp832S/7AQJMQgQAzumz9aaZelhw+FxTCeVadphBxt1bbNQvMrnddYYblyJv+AcxZ9ZxGz2oPeusN58Qg54DQcaW3lYhTgnWfXultsi+Ruxlz7400OUrzSXOl3At7KssdODAoscFzZIgh94G9lzQxEBr9lTXI9R3LsPFJP6muNG4frcNBAA42yckK7w==BBp5
-
-ath.c iQCVAwUAQH5E+DEAnp832S/7AQKFpgP+KSZHtVcnh9FFggIyHKbALUljW2FXauasZvFyN8Sk/mIMgKxyXFOG1THBAUzWLaKWIEWU+WkYU7uThqBtpnEImM5AenWzbQuJjftPC3gVHO8yjjmBWD4zmJj28htoKDoa/xDsoqumrHxae3FYcaCWtYGVjM/Pbl+OMRMOFAhp0ho==lQZ3
-ath.h iQCVAwUAQH5FODEAnp832S/7AQKiuQQAg4K+KOAn1LWBZN32MAhms4FeZKoce0fAuZW7BpyY4cCxIVgxqrtUC90CDykw8XegFfOyyYrgd0NmaMVdY7HZDncNOvIPxpgFQPCZrycsMOoAtoVwjK704RDeNo3zmeyxTKeDH+3M1J7JmLiafaEdSbOC8flX/W0icaV0Ol4dmBc==Ll6w
-
-cipher.h iQCVAwUAQH5FUzEAnp832S/7AQJKLgP9GSSk9f7EINIRqSQH1XKX+dYzt3phDHdqFTUGIfYNh7YzGdy0drvgFhG4k15nqDouKRuFVM/hKY3ZVY7JccmKXKGAH6+ZYShoG6LMFfIGgDX8zne0dNxc72PLfns3fVxNn/RlHmHBkrQ+ppjR9HnSthFmOqzbQaW1BKmc3Z2x5GU==lIeW
-g10lib.h iQCVAwUAQH5FejEAnp832S/7AQJ75wP/ZjOybwRix5eoXdfVeXPjoPygejzpYJJdMUGN3Y5UtkfBu9mPREsKfvZ6tH+Evjx+3xfeAb4bU/k2mRMp0tiWnk2koToS08vI9uxnioKQr9oulZH6r28S+NLSgMQuEGN1JNUky6RQ9TTNRndeTjKKSrEjZ7V6bv+rb8A1bYCKChs==P5mk
-mpi.h iQCVAwUAQH5FwzEAnp832S/7AQJJ4wP9E3jVkcO9M0YtSBHIbjG3hDWKWXzi86AlUh51qiE8/2XP0FfjA4TosyvmicZs7j48HitAByr9tHOSxnbeo7NBf17ICwAo6Eqty+wKDg+eyLeEGUy7VpVK3RJRQAA4H+kl3S2l3YMTKf3WJlbc7qkWSXZspdy5c9sAxeodCKrAubU==oALf
-
-global.c iQCVAwUAQH5HFzEAnp832S/7AQJc+QQAvi53ZkMCzLnVULHvhI6W+EX537zi9n8cplYguvIJqUhAZrP68yGAIyqyCONbZVDyB7wqeXdUMLzMk7W8fg+xuk5JSDpppAQf2m/bdQyze6XVqJso682eYBM8+b9z/IVEvLaFwhZcOKO1bcXudBlBCcJgVDpupfTtAWgPnewil9Q==Xwy1
-misc.c iQCVAwUAQH5IIjEAnp832S/7AQKNJAQAkEpyY3fCG7tvADJFAW9xA7DEQwLCa8YmiUhHvrEsWOI4YgvS7LUbWWc7VqK+ryORvXLKRAVieznbnHAuy0TKtqdnmA/kUmiurS0ah5SWqR/iuAeJtt0RGsmZaZ6oa2m4PZ2Y2GCHSTZqcclvwsetS9eq5AipxHxYFUltu5wGZNI==twM2
-missing-string.c iQCVAwUAQH5JfjEAnp832S/7AQI3ZQQAg55eEJbGQQHyBEJGxvt/FXpQiXcoDit3ZHzvdaQn/NUgdLjCHiWVzhyCXACGivLWMNModDaSaZk073NXxVkWfPcX9vkF//Wugwzidd5P3Bfu5k35o+Xxz82fsk5KuFGGq1mBUZ07xUYQ8KkKkhADUkr0QiQAuypp079Yq0uUC7Q==zvKn
-module.c iQCVAwUAQH5JvjEAnp832S/7AQKlMgQAjZYTXMpWb5kHxCMXzRi069Ku/4/xnWsD+S0dje1LiKzCnRpwTTxARzc/y10Y8OcygkMuR4unEaWedO+9syjjty3fBCcue/j7YlLitq5EC9UE4o23poWvWCuX9Tadm2DK5qf4p7smMJ22O22cLTYTVCyAoYTQ2xC8ajzBsBRkX80==yRRD
-secmem.c iQCVAwUAQH5LLDEAnp832S/7AQKtFwQAwY2wBr6WJC1cwqp/1DQoKzHx9C3plONxbZMazwR7VMI83NUbBAbv1mcxpeZWXmb2dRrnsR1VBbNPDSbJLN5T6czLQ2nIb6mnq9u8Ip4SAa+GCWfDV4AUtAJ4hN/yvWo8iEKu+KD5iJ6xJh31NdXjt5yk6vnk46SA6R4FkHdIEXc==UKVr
-secmem.h iQCVAwUAQH5LTDEAnp832S/7AQIsJwQAkZUu4hvmh9NXCLNm98+tGZFzWYvZO/NffC2wdPE8Q/OTa/m3g+oBbEhaV1ze3oY4t1F/p7ZHFx5CsIp4zVjyPkxlni8AAVMUOQr/LopyxouHn2OjKO+dVqecWQf01+nPWjklbL2FZ3mQ99k2qeWZlVSkz0nm8u39F3v7z3OTCss==AJqE
-sexp.c iQCVAwUAQH5LojEAnp832S/7AQKCTQQArlrj1KGwR2x93fcyN3M0iXuGkBq5R9KNu+1Bq04G4SLlpZ1RRY0OjV3L9To1BHTd01lXlO8MNz7NpRxWlG1Sw5FohbBlhWZQRcW8GdAawJPcfIY2Y8Ek6Yx8quZKbk9uD3bcBmStmg0P+TIA0nr20bmtfB3uX2KQVHQqWZQT5qU==P8FE
-stdmem.c iQCVAwUAQH5LzjEAnp832S/7AQLOUAP9FU16itXBBrkfRDGmhUjAOeEEKdd+brQ3XdT8xoLvP/IH/6U1Kq3ampP2/xcL4kwVdz2rw6NRzP7jlL/yM3tW722lSS/JPJkH+2+qUkcb0fYNoql/WYPMYp1/Mzu6ttXnjag1cQGlKIyYAD+G6h3FtpLwQy0hEJopnF9+Ovd8U7A==CkiZ
-stdmem.h iQCVAwUAQH5L8jEAnp832S/7AQIH0wP+Lyqh0tj++s2L79Tmf/gqgCK+HLMxTddcewF3XbsYf9T5FmLez1gz6Ggti4Ss9VjozOA3ti3trCiA/YNRmV9AYw4zLUPm+MsjJuveL/AgB9HdoD2v+RfJm0WwgSKiysp+8iyjg3Plopmhba4cGuOP5MJ3CWTqYwPmJVscUKC6g38==02MN
-
-types.h iQCVAwUAQH5MKTEAnp832S/7AQLqTAP6A3mUMD5MMkBkebq4bRY6Bq0KsgdKfZ8TLhc2o87gFay8YD0Uom3YJNG2LF/rAIct2ih4jYJaIb5dRfJ0KJoPi2ETd462J8OFCL4fjq9TaSjB2pXcB+kWoxzPasGNg2Ukk0dQ6lvF1tSYrtt32PVI7q/UaPsjTylgRmzLfX/VxrU==OMu3
-
-
-# Configuration
-Makefile.am iQCVAwUAQH5WVjEAnp832S/7AQLmsQP/bbI8/UWAC5yITVhGcCOCbN/FaMqXVKjxESzo6GTs02jxK1y3RuuaoNU1ssQZGAxpFiMJW8u933V3yTHFMxWpwHemDnEyv/a8YACxJBQ0tQgpgHS716BjMbHOfcuOis2WlCOOm0ErjhAYNa4NQ1q3jwkOvTDLFpdnqaWI2wWn08U==Yjun
-libgcrypt.m4 iQCVAwUAQH5MbTEAnp832S/7AQJ1uAQA1C6xI7qXiKVtUeXawhPytAldosrzcXmqz34xi7JklQqw83d68WtWHFMBEUa7MKfi4WCbuQb7FjGUvMRw5z/T9ez7CoDekHc63+cIIZLQ23weUK8GaA1uQLoD0scmT41J5RkBlJbH7ck1zRd3d04o75rWNEUNit6KBvrQ4Pd8oQ8==uMgB
-libgcrypt-config.in iQCVAwUAQH5UbzEAnp832S/7AQJISgP+Nbd2AQnDM/k8sQLbvz8YZjwX3LigZM+AkF1VAwyAm6YOU3nrXnz5t+cXkQD2dkz4L2F0AAsIkFiJsrgmZgCp2h1L6LeFnH+hoId9RhbYw4NkDaHb+MC9JcalpcfFvvxq6vM/W37bSFimM78P+5RLKypXCytVQNAAaIRgZjVfXY8==IGDS
-libgcrypt.vers iQCVAwUAQH5MjTEAnp832S/7AQKCdQQAotG6Z3zdcePI0V33YY2sh91uYkLBNhQw+PzyE3BRRAVhMGLOBD1nSWJHJvE3eyCVOqFY0ZmvpVex51Fa0D/TwsJOO4RVxf1L9bbAncu9OuEXaGXKytLZp54TliDTAWGDq0lvtx1TvDDgtM8TbbaXvMbjfQ4wXBxdLvaenFCTlR4==kgHq
-
-$names$ iQCVAwUAQH5UhDEAnp832S/7AQK/jwP9H7A3mI99M1NGuhD+16C+2gJIITB8GJeYeUd3vm8kWQ5n76WyMCdeA62qn0JUddIBjAbagtfvTL5aesnD9MlhEGaNlHauU7SINTIJ8njKf87EAAfDZrhS/tGDziC2nakMPweRxXQCLDWHkBPjYfrspSLLohjdegqBvTNyVM76+KE==3p9Z
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 3 +-
cipher/Makefile.am | 4 +--
cipher/Manifest | 73 --------------------------------------------
mpi/Makefile.am | 2 +-
mpi/Manifest | 41 -------------------------
mpi/generic/Manifest | 29 ------------------
mpi/generic/distfiles | 1 -
mpi/i386/Manifest | 28 -----------------
mpi/i386/distfiles | 1 -
mpi/i586/Manifest | 27 ----------------
mpi/i586/distfiles | 1 -
mpi/m68k/Manifest | 25 ---------------
mpi/m68k/distfiles | 1 -
mpi/m68k/mc68020/Manifest | 23 --------------
mpi/m68k/mc68020/distfiles | 1 -
mpi/mips3/Manifest | 28 -----------------
mpi/mips3/distfiles | 1 -
mpi/pa7100/Manifest | 22 -------------
mpi/pa7100/distfiles | 1 -
mpi/power/Manifest | 27 ----------------
mpi/power/distfiles | 1 -
mpi/powerpc32/Manifest | 28 -----------------
mpi/powerpc32/distfiles | 1 -
mpi/sparc32/Manifest | 24 ---------------
mpi/sparc32/distfiles | 1 -
mpi/sparc32v8/Manifest | 23 --------------
mpi/sparc32v8/distfiles | 1 -
mpi/supersparc/Manifest | 21 -------------
mpi/supersparc/distfiles | 1 -
src/Makefile.am | 2 +-
src/Manifest | 58 -----------------------------------
31 files changed, 5 insertions(+), 495 deletions(-)
delete mode 100644 cipher/Manifest
delete mode 100644 mpi/Manifest
delete mode 100644 mpi/generic/Manifest
delete mode 100644 mpi/i386/Manifest
delete mode 100644 mpi/i586/Manifest
delete mode 100644 mpi/m68k/Manifest
delete mode 100644 mpi/m68k/mc68020/Manifest
delete mode 100644 mpi/mips3/Manifest
delete mode 100644 mpi/pa7100/Manifest
delete mode 100644 mpi/power/Manifest
delete mode 100644 mpi/powerpc32/Manifest
delete mode 100644 mpi/sparc32/Manifest
delete mode 100644 mpi/sparc32v8/Manifest
delete mode 100644 mpi/supersparc/Manifest
delete mode 100644 src/Manifest
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jan 7 00:18:19 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 07 Jan 2015 00:18:19 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-25-g602f17b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 602f17b5a775f02e0e33a54d3155929dc00e4f53 (commit)
from 9bf40849a9f86204e113712c4cc285f1ac16127a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 602f17b5a775f02e0e33a54d3155929dc00e4f53
Author: NIIBE Yutaka
Date: Wed Jan 7 08:15:12 2015 +0900
scd: fix merge failure.
* scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by
merge.
--
Thanks to Joshua Rogers for reviewing and reporting.
diff --git a/scd/apdu.c b/scd/apdu.c
index 476723a..4ec6b4d 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -2336,8 +2336,6 @@ pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify, len, result, &resultlen);
xfree (pin_verify);
if (sw || resultlen < 2)
- return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE;
- sw = (result[resultlen-2] << 8) | result[resultlen-1];
{
log_error ("control_pcsc failed: %d\n", sw);
return sw? sw: SW_HOST_INCOMPLETE_CARD_RESPONSE;
-----------------------------------------------------------------------
Summary of changes:
scd/apdu.c | 2 --
1 file changed, 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jan 7 09:06:19 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 07 Jan 2015 09:06:19 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-26-g22b15fc
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 22b15fccffe613f455f9748c048c8e451724a842 (commit)
from 602f17b5a775f02e0e33a54d3155929dc00e4f53 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 22b15fccffe613f455f9748c048c8e451724a842
Author: NIIBE Yutaka
Date: Wed Jan 7 16:56:43 2015 +0900
dirmngr: fix LDAP query PATTERNS limit check.
* dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.
--
Reported-by: Joshua Rogers
Debian-Bug-Id: 773507
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index 478fdfd..00df167 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -588,7 +588,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
strlist_t sl;
char *url;
- if (argc >= sizeof argv -1)
+ if (argc >= DIM (argv) - 1)
{
/* Too many patterns. It does not make sense to allow an
arbitrary number of patters because the length of the
-----------------------------------------------------------------------
Summary of changes:
dirmngr/ldap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jan 8 03:15:14 2015
From: cvs at cvs.gnupg.org (by Joshua Rogers)
Date: Thu, 08 Jan 2015 03:15:14 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-27-g100b322
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 100b322f5da3066bab5a2b0eb234c631c581c0e4 (commit)
from 22b15fccffe613f455f9748c048c8e451724a842 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 100b322f5da3066bab5a2b0eb234c631c581c0e4
Author: Joshua Rogers
Date: Sat Dec 20 11:38:53 2014 +1100
scd: fix get_public_key for OpenPGPcard v1.0.
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
--
Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.
Debian-Bug-Id: 773474
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 475d844..7f1ec43 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1451,7 +1451,7 @@ get_public_key (app_t app, int keyno)
}
err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
- fclose (fp);
+ pclose (fp);
if (err)
{
log_error ("error while retrieving key material through pipe: %s\n",
-----------------------------------------------------------------------
Summary of changes:
scd/app-openpgp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jan 8 03:17:32 2015
From: cvs at cvs.gnupg.org (by Joshua Rogers)
Date: Thu, 08 Jan 2015 03:17:32 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-32-g40f4768
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 40f476867c5874602da921d48e339ae3612a0dcc (commit)
from 4f0d526b7df871318508f8c3d2f57e7069c47e6f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 40f476867c5874602da921d48e339ae3612a0dcc
Author: Joshua Rogers
Date: Sat Dec 20 11:38:53 2014 +1100
scd: fix get_public_key for OpenPGPcard v1.0.
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
--
Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.
Debian-Bug-Id: 773474
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 0d4ce90..bd96ed0 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1320,7 +1320,7 @@ get_public_key (app_t app, int keyno)
}
err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
- fclose (fp);
+ pclose (fp);
if (err)
{
log_error ("error while retrieving key material through pipe: %s\n",
-----------------------------------------------------------------------
Summary of changes:
scd/app-openpgp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jan 8 03:19:13 2015
From: cvs at cvs.gnupg.org (by Joshua Rogers)
Date: Thu, 08 Jan 2015 03:19:13 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.18-21-g3ca1f40
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad (commit)
from da66ad5bba4215b9ddd0cb927a89aa75355632aa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad
Author: Joshua Rogers
Date: Sat Dec 20 11:38:53 2014 +1100
scd: fix get_public_key for OpenPGPcard v1.0.
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
--
Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.
Debian-Bug-Id: 773474
diff --git a/g10/app-openpgp.c b/g10/app-openpgp.c
index a3a977b..b51d418 100644
--- a/g10/app-openpgp.c
+++ b/g10/app-openpgp.c
@@ -1250,7 +1250,7 @@ get_public_key (app_t app, int keyno)
}
err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
- fclose (fp);
+ pclose (fp);
if (err)
{
log_error ("error while retrieving key material through pipe: %s\n",
-----------------------------------------------------------------------
Summary of changes:
g10/app-openpgp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jan 8 04:35:26 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 08 Jan 2015 04:35:26 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-28-g657a26f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 657a26f3af1b3f817d6cde2d091273d332571247 (commit)
from 100b322f5da3066bab5a2b0eb234c631c581c0e4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 657a26f3af1b3f817d6cde2d091273d332571247
Author: NIIBE Yutaka
Date: Thu Jan 8 12:14:13 2015 +0900
dirmngr: Fix error code path of map_host.
* dirmngr/ks-engine-hkp.c (map_host): Fix error return.
--
In ks-engine-hkp.c on line 509 'reftbl' is freed, but it is then
used on line 511. I'm guessing this is a missing return;.
Reported-by: Joshua Rogers
Debian-Bug-Id: 773520
Other fixes on error added too.
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 3c6a003..ea607cb 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -325,6 +325,7 @@ static gpg_error_t
map_host (ctrl_t ctrl, const char *name, int force_reselect,
char **r_host, unsigned int *r_httpflags, char **r_poolname)
{
+ gpg_error_t err = 0;
hostinfo_t hi;
int idx;
@@ -361,8 +362,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
idx = create_new_hostinfo (name);
if (idx == -1)
{
+ err = gpg_error_from_syserror ();
xfree (reftbl);
- return gpg_error_from_syserror ();
+ return err;
}
hi = hosttable[idx];
@@ -504,9 +506,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
hi->pool = xtryrealloc (reftbl, (refidx+1) * sizeof *reftbl);
if (!hi->pool)
{
+ err = gpg_error_from_syserror ();
log_error ("shrinking index table in map_host failed: %s\n",
- strerror (errno));
+ gpg_strerror (err));
xfree (reftbl);
+ return err;
}
qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool);
}
@@ -570,12 +574,13 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
*r_host = xtrystrdup (hi->name);
if (!*r_host)
{
+ err = gpg_error_from_syserror ();
if (r_poolname)
{
xfree (*r_poolname);
*r_poolname = NULL;
}
- return gpg_error_from_syserror ();
+ return err;
}
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
dirmngr/ks-engine-hkp.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jan 8 09:07:38 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 08 Jan 2015 09:07:38 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-160-g9d32896
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 9d328962660da72f094dc5424d5ef67abbaffdf6 (commit)
from 4f7dcdc25af269b12275126edeef30b262fb891d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9d328962660da72f094dc5424d5ef67abbaffdf6
Author: Werner Koch
Date: Thu Jan 8 09:07:09 2015 +0100
cipher: Prepare for OCB mode.
* src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New.
--
This is merely a claim that I am working on OCB mode.
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 30acd2f..7337db9 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1647,6 +1647,11 @@ Associated Data (AEAD) block cipher mode, which is specified in
Poly1305 is an Authenticated Encryption with Associated Data (AEAD)
mode, which can be used with ChaCha20 and Salsa20 stream ciphers.
+ at item GCRY_CIPHER_MODE_OCB
+ at cindex OCB, OCB3
+OCB is an Authenticated Encryption with Associated Data (AEAD) block
+cipher mode, which is specified in RFC-7253.
+
@end table
@node Working with cipher handles
@@ -1675,12 +1680,14 @@ and the according constants. Note that some modes are incompatible
with some algorithms - in particular, stream mode
(@code{GCRY_CIPHER_MODE_STREAM}) only works with stream ciphers.
Poly1305 AEAD mode (@code{GCRY_CIPHER_MODE_POLY1305}) only works with
-ChaCha and Salsa stream ciphers. The block cipher modes (@code{GCRY_CIPHER_MODE_ECB},
- at code{GCRY_CIPHER_MODE_CBC}, @code{GCRY_CIPHER_MODE_CFB},
- at code{GCRY_CIPHER_MODE_OFB} and @code{GCRY_CIPHER_MODE_CTR}) will work
-with any block cipher algorithm. GCM mode (@code{GCRY_CIPHER_MODE_CCM}) and
-CCM mode (@code{GCRY_CIPHER_MODE_GCM}) will only work with block cipher algorithms
-which have the block size of 16 bytes.
+ChaCha and Salsa stream ciphers. The block cipher modes
+(@code{GCRY_CIPHER_MODE_ECB}, @code{GCRY_CIPHER_MODE_CBC},
+ at code{GCRY_CIPHER_MODE_CFB}, @code{GCRY_CIPHER_MODE_OFB} and
+ at code{GCRY_CIPHER_MODE_CTR}) will work with any block cipher
+algorithm. GCM mode (@code{GCRY_CIPHER_MODE_CCM}), CCM mode
+(@code{GCRY_CIPHER_MODE_GCM}), and OCB mode
+(@code{GCRY_CIPHER_MODE_OCB}) will only work with block cipher
+algorithms which have the block size of 16 bytes.
The third argument @var{flags} can either be passed as @code{0} or as
the bit-wise OR of the following constants.
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index f3207c9..85c6753 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -912,6 +912,7 @@ enum gcry_cipher_modes
GCRY_CIPHER_MODE_CCM = 8, /* Counter with CBC-MAC. */
GCRY_CIPHER_MODE_GCM = 9, /* Galois Counter Mode. */
GCRY_CIPHER_MODE_POLY1305 = 10, /* Poly1305 based AEAD mode. */
+ GCRY_CIPHER_MODE_OCB = 11 /* OCB3 mode. */
};
/* Flags used with the open function. */
-----------------------------------------------------------------------
Summary of changes:
doc/gcrypt.texi | 19 +++++++++++++------
src/gcrypt.h.in | 1 +
2 files changed, 14 insertions(+), 6 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jan 9 01:09:18 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 09 Jan 2015 01:09:18 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.18-22-gc83e250
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via c83e250ef36c28a275de74d96e89898e9f99cb1e (commit)
from 3ca1f4098c70d322658cfaaa0d12164e6ac6d5ad (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c83e250ef36c28a275de74d96e89898e9f99cb1e
Author: Werner Koch
Date: Fri Dec 12 20:08:45 2014 +0100
scd: Fix possibly inhibited checkpin of the admin pin.
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.
Signed-off-by: Werner Koch
diff --git a/g10/app-openpgp.c b/g10/app-openpgp.c
index b51d418..c3b4fae 100644
--- a/g10/app-openpgp.c
+++ b/g10/app-openpgp.c
@@ -3497,7 +3497,7 @@ do_check_pin (app_t app, const char *keyidstr,
log_info (_("card is permanently locked!\n"));
return gpg_error (GPG_ERR_BAD_PIN);
}
- else if (value[6] < 3)
+ else if (count < 3)
{
log_info (_("verification of Admin PIN is currently prohibited "
"through this command\n"));
-----------------------------------------------------------------------
Summary of changes:
g10/app-openpgp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jan 9 01:09:31 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 09 Jan 2015 01:09:31 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-33-gd92fe96
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via d92fe965f3290a200d0a578decdd0867817b3b7b (commit)
from 40f476867c5874602da921d48e339ae3612a0dcc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d92fe965f3290a200d0a578decdd0867817b3b7b
Author: Werner Koch
Date: Fri Dec 12 20:08:45 2014 +0100
scd: Fix possibly inhibited checkpin of the admin pin.
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.
Signed-off-by: Werner Koch
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index bd96ed0..fc69fdb 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -3711,7 +3711,7 @@ do_check_pin (app_t app, const char *keyidstr,
log_info (_("card is permanently locked!\n"));
return gpg_error (GPG_ERR_BAD_PIN);
}
- else if (value[6] < 3)
+ else if (count < 3)
{
log_info (_("verification of Admin PIN is currently prohibited "
"through this command\n"));
-----------------------------------------------------------------------
Summary of changes:
scd/app-openpgp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jan 9 12:52:40 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 09 Jan 2015 12:52:40 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-29-g3197f69
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 3197f69fabb54e72d0c8d7fa9dd3743cad390902 (commit)
from 657a26f3af1b3f817d6cde2d091273d332571247 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3197f69fabb54e72d0c8d7fa9dd3743cad390902
Author: Werner Koch
Date: Fri Jan 9 12:52:35 2015 +0100
po: Update the German translation.
--
This also fixes
GnuPG-bug-id: 1808
diff --git a/po/de.po b/po/de.po
index 12b5623..9cd982e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-12-16 15:51+0100\n"
+"PO-Revision-Date: 2015-01-09 12:51+0100\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -348,6 +348,9 @@ msgstr "Verbiete Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren"
msgid "allow presetting passphrase"
msgstr "Erlaube ein \"preset\" von Passphrases"
+msgid "allow caller to override the pinentry"
+msgstr "Aufrufer darf das Pinentry ersetzen"
+
msgid "enable ssh support"
msgstr "SSH Unterst?tzung einschalten"
@@ -1359,7 +1362,7 @@ msgstr ""
"Schl?ssel!\n"
msgid "Continue? (y/N) "
-msgstr "Fortsetzen? (J/n) "
+msgstr "Fortsetzen? (j/N) "
msgid "Really do a factory reset? (enter \"yes\") "
msgstr "M?chten Sie die Karte wirklich komplett l?schen? (\"yes\" eingeben) "
-----------------------------------------------------------------------
Summary of changes:
po/de.po | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 13 02:45:23 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 13 Jan 2015 02:45:23 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-34-gd2b0e61
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via d2b0e613131d52da54c3dbd72f4bfba8f7b71ad3 (commit)
from d92fe965f3290a200d0a578decdd0867817b3b7b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d2b0e613131d52da54c3dbd72f4bfba8f7b71ad3
Author: Werner Koch
Date: Fri Dec 12 10:41:25 2014 +0100
gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--
The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.
This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done. The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen. Nevertheless such a bug needs to be fixed.
Signed-off-by: Werner Koch
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 63b97f0..1048402 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1196,10 +1196,13 @@ can_handle_critical( const byte *buffer, size_t n, int type )
switch( type )
{
case SIGSUBPKT_NOTATION:
- if(n>=8)
- return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]);
- else
- return 0;
+ if (n >= 8)
+ {
+ size_t notation_len = ((buffer[4] << 8) | buffer[5]);
+ if (n - 8 >= notation_len)
+ return can_handle_critical_notation (buffer + 8, notation_len);
+ }
+ return 0;
case SIGSUBPKT_SIGNATURE:
case SIGSUBPKT_SIG_CREATED:
case SIGSUBPKT_SIG_EXPIRE:
-----------------------------------------------------------------------
Summary of changes:
g10/parse-packet.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 13 02:52:47 2015
From: cvs at cvs.gnupg.org (by Joshua Rogers)
Date: Tue, 13 Jan 2015 02:52:47 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-41-g1298b14
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 1298b14f97efebdd88a9390af3848154dbe0d259 (commit)
via ced689e12a5037c6aeca62e9eaebdc098bd9c14e (commit)
via 0fd4cd8503dfe9c3e6a362003bd647b4cd882363 (commit)
via 1fc4dc541af7d4bf4dba6ef37d1d7841498a05c6 (commit)
via f542826b04e35f13a30116564daaf6456440b1d4 (commit)
via 01b364b6da2fbb8850178674e1534d725cd760c8 (commit)
via 907a9a1e986b8c8266f4f01e8ed82acfc636a519 (commit)
from d2b0e613131d52da54c3dbd72f4bfba8f7b71ad3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1298b14f97efebdd88a9390af3848154dbe0d259
Author: Joshua Rogers
Date: Tue Dec 23 00:47:50 2014 +1100
tools: Free variable before return
* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
upon error.
--
Signed-off-by: Joshua Rogers
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index c43e87a..83bc24e 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -2390,7 +2390,10 @@ change_options_file (gc_component_t component, gc_backend_t backend,
res = link (dest_filename, orig_filename);
#endif
if (res < 0 && errno != ENOENT)
- return -1;
+ {
+ xfree (dest_filename);
+ return -1;
+ }
if (res < 0)
{
xfree (orig_filename);
commit ced689e12a5037c6aeca62e9eaebdc098bd9c14e
Author: Daniel Kahn Gillmor
Date: Fri Dec 19 18:53:34 2014 -0500
sm: Avoid double-free on iconv failure
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.
--
Observed by Joshua Rogers , who proposed a
slightly different fix.
Debian-Bug-Id: 773472
Added fix at a second place - wk.
diff --git a/agent/minip12.c b/agent/minip12.c
index 2471717..0bcab5f 100644
--- a/agent/minip12.c
+++ b/agent/minip12.c
@@ -2182,6 +2182,7 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
" requested charset `%s': %s\n",
charset, strerror (errno));
gcry_free (pwbuf);
+ pwbuf = NULL;
goto failure;
}
@@ -2196,6 +2197,7 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
" requested charset `%s': %s\n",
charset, strerror (errno));
gcry_free (pwbuf);
+ pwbuf = NULL;
jnlib_iconv_close (cd);
goto failure;
}
commit 0fd4cd8503dfe9c3e6a362003bd647b4cd882363
Author: Daniel Kahn Gillmor
Date: Fri Dec 19 18:07:55 2014 -0500
scd: Avoid double-free on error condition in scd
* scd/command.c (cmd_readkey): avoid double-free of cert
--
When ksba_cert_new() fails, cert will be double-freed.
Debian-Bug-Id: 773471
Original patch changed by wk to do the free only at leave.
diff --git a/scd/command.c b/scd/command.c
index fc1f5a2..b26bd68 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -777,10 +777,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
rc = ksba_cert_new (&kc);
if (rc)
- {
- xfree (cert);
- goto leave;
- }
+ goto leave;
+
rc = ksba_cert_init_from_mem (kc, cert, ncert);
if (rc)
{
commit 1fc4dc541af7d4bf4dba6ef37d1d7841498a05c6
Author: Daniel Kahn Gillmor
Date: Fri Dec 19 17:53:36 2014 -0500
avoid future chance of using uninitialized memory
* common/iobuf.c: (iobuf_open): initialize len
--
In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.
With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.
However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.
Debian-Bug-Id: 773469
diff --git a/common/iobuf.c b/common/iobuf.c
index ae9bfa9..4c6d5b5 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -1303,7 +1303,7 @@ iobuf_open (const char *fname)
iobuf_t a;
fp_or_fd_t fp;
file_filter_ctx_t *fcx;
- size_t len;
+ size_t len = 0;
int print_only = 0;
int fd;
commit f542826b04e35f13a30116564daaf6456440b1d4
Author: Daniel Kahn Gillmor
Date: Fri Dec 19 17:12:05 2014 -0500
gpgkey2ssh: clean up varargs
* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
--
stdarg(3) says:
Each invocation of va_start() must be matched by a
corresponding invocation of va_end() in the same function.
Observed by Joshua Rogers
Debian-Bug-Id: 773415
diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
index 903fb5b..d22c5ac 100644
--- a/tools/gpgkey2ssh.c
+++ b/tools/gpgkey2ssh.c
@@ -224,6 +224,8 @@ key_to_blob (unsigned char **blob, size_t *blob_n, const char *identifier, ...)
assert (ret == 1);
}
+ va_end (ap);
+
blob_new_n = ftell (stream);
rewind (stream);
commit 01b364b6da2fbb8850178674e1534d725cd760c8
Author: Werner Koch
Date: Mon Dec 22 12:44:13 2014 +0100
doc: Fix memory leak in yat2m.
* doc/yat2m.c (write_th): Free NAME.
--
Reported-by: Joshua Rogers
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 2ac4390..fc932d9 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -609,6 +609,7 @@ write_th (FILE *fp)
*p++ = 0;
fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
name, p, isodatestring (), opt_release, opt_source);
+ free (name);
return 0;
}
commit 907a9a1e986b8c8266f4f01e8ed82acfc636a519
Author: Werner Koch
Date: Mon Dec 22 12:16:46 2014 +0100
gpgsm: Return NULL on fail
* sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.
--
Cherry-pick of abd5f6752d693b7f313c19604f0723ecec4d39a6.
Reported-by: Joshua Rogers
"If something inside the ldapserver_parse_one function failed,
'server' would be freed, then returned, leading to a
use-after-free. This code is likely copied from sm/gpgsm.c, which
was also susceptible to this bug."
Signed-off-by: Werner Koch
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 97ec4bb..855de83 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -840,6 +840,7 @@ parse_keyserver_line (char *line,
{
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
keyserver_list_free (server);
+ server = NULL;
}
return server;
-----------------------------------------------------------------------
Summary of changes:
agent/minip12.c | 2 ++
common/iobuf.c | 2 +-
doc/yat2m.c | 1 +
scd/command.c | 6 ++----
sm/gpgsm.c | 1 +
tools/gpgconf-comp.c | 5 ++++-
tools/gpgkey2ssh.c | 2 ++
7 files changed, 13 insertions(+), 6 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 13 03:33:20 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 13 Jan 2015 03:33:20 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.18-26-ged6287d
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via ed6287d2e1546ee0f4064675270da003f51e1b39 (commit)
via e7cbce8fb2b7417fd1048f916b3e3281f5b9dd7b (commit)
via e2e822d22526c1545e095bc24173b732137f5737 (commit)
via aab282855ada8dddee99c777c91829344e91f31a (commit)
from c83e250ef36c28a275de74d96e89898e9f99cb1e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ed6287d2e1546ee0f4064675270da003f51e1b39
Author: Werner Koch
Date: Thu Apr 18 14:40:43 2013 +0200
doc: Formatting fixes.
* doc/gpl.texi: Fix enumerate and re-indent examples.
--
Cherry-pick a part of ff6115227a1ced14e2fb3d160a12181b9dfbc502.
Reported-by: Ian Abbott
Signed-off-by: Werner Koch
diff --git a/doc/gpl.texi b/doc/gpl.texi
index 7f9a48a..0b802bc 100644
--- a/doc/gpl.texi
+++ b/doc/gpl.texi
@@ -659,12 +659,15 @@ an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
+ at end enumerate
+
@iftex
@heading END OF TERMS AND CONDITIONS
@end iftex
@ifinfo
@center END OF TERMS AND CONDITIONS
@end ifinfo
+
@unnumberedsec How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
@@ -675,9 +678,11 @@ terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
-the ``copyright'' line and a pointer to where the full notice is found.
- at smallexample
- at var{one line to give the program's name and a brief idea of what it does.}
+the ``copyright'' line and a pointer to where the full notice is
+found.
+
+ at example
+ at var{one line to give the program's name and a brief idea of what it does.}
Copyright (C) @var{year} @var{name of author}
This program is free software: you can redistribute it and/or modify
@@ -692,17 +697,21 @@ General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see @url{http://www.gnu.org/licenses/}.
- at end smallexample
+ at end example
+ at noindent
Also add information on how to contact you by electronic and paper mail.
+ at noindent
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
@smallexample
- at var{program} Copyright (C) @var{year} @var{name of author}
-This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}.
-This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details.
+ at var{program} Copyright (C) @var{year} @var{name of author}
+This program comes with ABSOLUTELY NO WARRANTY; for details
+type @samp{show w}. This is free software, and you are
+welcome to redistribute it under certain conditions;
+type @samp{show c} for details.
@end smallexample
The hypothetical commands @samp{show w} and @samp{show c} should show
@@ -721,5 +730,3 @@ library, you may consider it more useful to permit linking proprietary
applications with the library. If this is what you want to do, use
the GNU Lesser General Public License instead of this License. But
first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}.
-
- at end enumerate
commit e7cbce8fb2b7417fd1048f916b3e3281f5b9dd7b
Author: Daniel Kahn Gillmor
Date: Fri Dec 19 17:53:36 2014 -0500
avoid future chance of using uninitialized memory
* util/iobuf.c: (iobuf_open): initialize len
--
Cherry-pick 367b073ab5f439ccf0750461d10c69f36998bd62.
In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.
With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.
However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.
Debian-Bug-Id: 773469
diff --git a/util/iobuf.c b/util/iobuf.c
index 35de020..a330460 100644
--- a/util/iobuf.c
+++ b/util/iobuf.c
@@ -1107,7 +1107,7 @@ iobuf_open( const char *fname )
IOBUF a;
FILEP_OR_FD fp;
file_filter_ctx_t *fcx;
- size_t len;
+ size_t len = 0;
int print_only = 0;
int fd;
commit e2e822d22526c1545e095bc24173b732137f5737
Author: Werner Koch
Date: Mon Dec 22 12:44:13 2014 +0100
doc: Fix memory leak in yat2m.
* doc/yat2m.c (write_th): Free NAME.
--
Reported-by: Joshua Rogers
diff --git a/doc/yat2m.c b/doc/yat2m.c
index f780952..86c3c70 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -656,6 +656,7 @@ write_th (FILE *fp)
*p++ = 0;
fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
name, p, isodatestring (), opt_release, opt_source);
+ free (name);
return 0;
}
commit aab282855ada8dddee99c777c91829344e91f31a
Author: Werner Koch
Date: Fri Dec 12 10:41:25 2014 +0100
gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--
The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.
This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done. The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen. Nevertheless such a bug needs to be fixed.
Signed-off-by: Werner Koch
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 01600e4..e4e524c 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1123,10 +1123,13 @@ can_handle_critical( const byte *buffer, size_t n, int type )
switch( type )
{
case SIGSUBPKT_NOTATION:
- if(n>=8)
- return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]);
- else
- return 0;
+ if (n >= 8)
+ {
+ size_t notation_len = ((buffer[4] << 8) | buffer[5]);
+ if (n - 8 >= notation_len)
+ return can_handle_critical_notation (buffer + 8, notation_len);
+ }
+ return 0;
case SIGSUBPKT_SIGNATURE:
case SIGSUBPKT_SIG_CREATED:
case SIGSUBPKT_SIG_EXPIRE:
-----------------------------------------------------------------------
Summary of changes:
doc/gpl.texi | 25 ++++++++++++++++---------
doc/yat2m.c | 1 +
g10/parse-packet.c | 11 +++++++----
util/iobuf.c | 2 +-
4 files changed, 25 insertions(+), 14 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 13 04:24:23 2015
From: cvs at cvs.gnupg.org (by Andreas Schwier)
Date: Tue, 13 Jan 2015 04:24:23 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-30-g16a1330
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 16a1330fa16f6b23e2661c0175c431ab40da45ff (commit)
from 3197f69fabb54e72d0c8d7fa9dd3743cad390902 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 16a1330fa16f6b23e2661c0175c431ab40da45ff
Author: Andreas Schwier
Date: Fri Jul 18 18:22:26 2014 +0200
scd: Allow for certificates > 1024 with PC/SC.
* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
allow for larger certificates.
--
Cherry-pick from 5798673156a66f4c39e1d34e358b03539194d57c.
Forward ported from 2.0.
diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c
index b3060e1..843603a 100644
--- a/scd/pcsc-wrapper.c
+++ b/scd/pcsc-wrapper.c
@@ -715,7 +715,7 @@ handle_transmit (unsigned char *argbuf, size_t arglen)
long err;
struct pcsc_io_request_s send_pci;
pcsc_dword_t recv_len;
- unsigned char buffer[1024];
+ unsigned char buffer[4096];
/* The apdu should at least be one byte. */
if (!arglen)
-----------------------------------------------------------------------
Summary of changes:
scd/pcsc-wrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jan 15 10:38:11 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 15 Jan 2015 10:38:11 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-162-g9d2a22c
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 9d2a22c94ae99f9301321082c4fb8d73f4085fda (commit)
via 27a91a93d101ef080f71e5d7e50c3cbf3dbb2e39 (commit)
from 9d328962660da72f094dc5424d5ef67abbaffdf6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda
Author: Werner Koch
Date: Thu Jan 15 10:04:43 2015 +0100
Add functions to count trailing zero bits in a word.
* cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New.
* configure.ac (HAVE_BUILTIN_CTZ): Add new test.
--
Note that these functions return the number of bits in the word when
passing 0.
Signed-off-by: Werner Koch
diff --git a/cipher/bithelp.h b/cipher/bithelp.h
index 6e59c53..2220bc8 100644
--- a/cipher/bithelp.h
+++ b/cipher/bithelp.h
@@ -77,4 +77,49 @@ _gcry_bswap64(u64 x)
# endif
#endif
+
+/* Count trailing zero bits in an unsigend int. We return an int
+ because that is what gcc's builtin does. Returns the number of
+ bits in X if X is 0. */
+static inline int
+_gcry_ctz (unsigned int x)
+{
+#if defined (HAVE_BUILTIN_CTZ)
+ return x? __builtin_ctz (x) : 8 * sizeof (x);
+#else
+ /* See
+ * http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightModLookup
+ */
+ static const unsigned char mod37[] =
+ {
+ sizeof (unsigned int)*8,
+ 0, 1, 26, 2, 23, 27, 0, 3, 16, 24, 30, 28, 11, 0, 13,
+ 4, 7, 17, 0, 25, 22, 31, 15, 29, 10, 12, 6, 0, 21, 14, 9,
+ 5, 20, 8, 19, 18
+ };
+ return (int)mod37[(-x & x) % 37];
+#endif
+}
+
+
+/* Count trailing zero bits in an u64. We return an int because that
+ is what gcc's builtin does. Returns the number of bits in X if X
+ is 0. */
+#ifdef HAVE_U64_TYPEDEF
+static inline int
+_gcry_ctz64(u64 x)
+{
+#if defined (HAVE_BUILTIN_CTZ) && SIZEOF_UNSIGNED_INT >= 8
+#warning hello
+ return x? __builtin_ctz (x) : 8 * sizeof (x);
+#else
+ if ((x & 0xffffffff))
+ return _gcry_ctz (x);
+ else
+ return 32 + _gcry_ctz (x >> 32);
+#endif
+}
+#endif /*HAVE_U64_TYPEDEF*/
+
+
#endif /*G10_BITHELP_H*/
diff --git a/configure.ac b/configure.ac
index 4cfebe7..4bbd686 100644
--- a/configure.ac
+++ b/configure.ac
@@ -827,6 +827,21 @@ fi
#
+# Check for __builtin_ctz intrinsic.
+#
+AC_CACHE_CHECK(for __builtin_ctz,
+ [gcry_cv_have_builtin_ctz],
+ [gcry_cv_have_builtin_ctz=no
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],
+ [unsigned int x = 0; int y = __builtin_ctz(x); return y;])],
+ [gcry_cv_have_builtin_ctz=yes])])
+if test "$gcry_cv_have_builtin_ctz" = "yes" ; then
+ AC_DEFINE(HAVE_BUILTIN_CTZ, 1,
+ [Defined if compiler has '__builtin_ctz' intrinsic])
+fi
+
+
+#
# Check for VLA support (variable length arrays).
#
AC_CACHE_CHECK(whether the variable length arrays are supported,
commit 27a91a93d101ef080f71e5d7e50c3cbf3dbb2e39
Author: Werner Koch
Date: Thu Jan 15 10:02:28 2015 +0100
Re-indent types.h for easier reading.
--
diff --git a/src/types.h b/src/types.h
index ee0a62b..561b74d 100644
--- a/src/types.h
+++ b/src/types.h
@@ -25,16 +25,16 @@
/* The AC_CHECK_SIZEOF() in configure fails for some machines.
* we provide some fallback values here */
#if !SIZEOF_UNSIGNED_SHORT
-#undef SIZEOF_UNSIGNED_SHORT
-#define SIZEOF_UNSIGNED_SHORT 2
+# undef SIZEOF_UNSIGNED_SHORT
+# define SIZEOF_UNSIGNED_SHORT 2
#endif
#if !SIZEOF_UNSIGNED_INT
-#undef SIZEOF_UNSIGNED_INT
-#define SIZEOF_UNSIGNED_INT 4
+# undef SIZEOF_UNSIGNED_INT
+# define SIZEOF_UNSIGNED_INT 4
#endif
#if !SIZEOF_UNSIGNED_LONG
-#undef SIZEOF_UNSIGNED_LONG
-#define SIZEOF_UNSIGNED_LONG 4
+# undef SIZEOF_UNSIGNED_LONG
+# define SIZEOF_UNSIGNED_LONG 4
#endif
@@ -42,87 +42,88 @@
#ifndef HAVE_BYTE_TYPEDEF
-#undef byte /* maybe there is a macro with this name */
-/* Windows typedefs byte in the rpc headers. Avoid warning about
- double definition. */
-#if !(defined(_WIN32) && defined(cbNDRContext))
- typedef unsigned char byte;
-#endif
-#define HAVE_BYTE_TYPEDEF
+# undef byte /* In case there is a macro with that name. */
+# if !(defined(_WIN32) && defined(cbNDRContext))
+ /* Windows typedefs byte in the rpc headers. Avoid warning about
+ double definition. */
+ typedef unsigned char byte;
+# endif
+# define HAVE_BYTE_TYPEDEF
#endif
#ifndef HAVE_USHORT_TYPEDEF
-#undef ushort /* maybe there is a macro with this name */
+# undef ushort /* In case there is a macro with that name. */
typedef unsigned short ushort;
-#define HAVE_USHORT_TYPEDEF
+# define HAVE_USHORT_TYPEDEF
#endif
#ifndef HAVE_ULONG_TYPEDEF
-#undef ulong /* maybe there is a macro with this name */
+# undef ulong /* In case there is a macro with that name. */
typedef unsigned long ulong;
-#define HAVE_ULONG_TYPEDEF
+# define HAVE_ULONG_TYPEDEF
#endif
#ifndef HAVE_U16_TYPEDEF
-#undef u16 /* maybe there is a macro with this name */
-#if SIZEOF_UNSIGNED_INT == 2
- typedef unsigned int u16;
-#elif SIZEOF_UNSIGNED_SHORT == 2
- typedef unsigned short u16;
-#else
-#error no typedef for u16
-#endif
-#define HAVE_U16_TYPEDEF
+# undef u16 /* In case there is a macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 2
+ typedef unsigned int u16;
+# elif SIZEOF_UNSIGNED_SHORT == 2
+ typedef unsigned short u16;
+# else
+# error no typedef for u16
+# endif
+# define HAVE_U16_TYPEDEF
#endif
#ifndef HAVE_U32_TYPEDEF
-#undef u32 /* maybe there is a macro with this name */
-#if SIZEOF_UNSIGNED_INT == 4
- typedef unsigned int u32;
-#elif SIZEOF_UNSIGNED_LONG == 4
- typedef unsigned long u32;
-#else
-#error no typedef for u32
-#endif
-#define HAVE_U32_TYPEDEF
+# undef u32 /* In case there is a macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 4
+ typedef unsigned int u32;
+# elif SIZEOF_UNSIGNED_LONG == 4
+ typedef unsigned long u32;
+# else
+# error no typedef for u32
+# endif
+# define HAVE_U32_TYPEDEF
#endif
-/****************
+/*
* Warning: Some systems segfault when this u64 typedef and
* the dummy code in cipher/md.c is not available. Examples are
* Solaris and IRIX.
*/
#ifndef HAVE_U64_TYPEDEF
-#undef u64 /* maybe there is a macro with this name */
-#if SIZEOF_UNSIGNED_INT == 8
- typedef unsigned int u64;
-#define U64_C(c) (c ## U)
-#define HAVE_U64_TYPEDEF
-#elif SIZEOF_UNSIGNED_LONG == 8
- typedef unsigned long u64;
-#define U64_C(c) (c ## UL)
-#define HAVE_U64_TYPEDEF
-#elif SIZEOF_UNSIGNED_LONG_LONG == 8
- typedef unsigned long long u64;
-#define U64_C(c) (c ## ULL)
-#define HAVE_U64_TYPEDEF
-#elif SIZEOF_UINT64_T == 8
- typedef uint64_t u64;
-#define U64_C(c) (UINT64_C(c))
-#define HAVE_U64_TYPEDEF
-#endif
+# undef u64 /* In case there is a macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 8
+ typedef unsigned int u64;
+# define U64_C(c) (c ## U)
+# define HAVE_U64_TYPEDEF
+# elif SIZEOF_UNSIGNED_LONG == 8
+ typedef unsigned long u64;
+# define U64_C(c) (c ## UL)
+# define HAVE_U64_TYPEDEF
+# elif SIZEOF_UNSIGNED_LONG_LONG == 8
+ typedef unsigned long long u64;
+# define U64_C(c) (c ## ULL)
+# define HAVE_U64_TYPEDEF
+# elif SIZEOF_UINT64_T == 8
+ typedef uint64_t u64;
+# define U64_C(c) (UINT64_C(c))
+# define HAVE_U64_TYPEDEF
+# endif
#endif
-typedef union {
- int a;
- short b;
- char c[1];
- long d;
+typedef union
+{
+ int a;
+ short b;
+ char c[1];
+ long d;
#ifdef HAVE_U64_TYPEDEF
- u64 e;
+ u64 e;
#endif
- float f;
- double g;
+ float f;
+ double g;
} PROPERLY_ALIGNED_TYPE;
#endif /*GCRYPT_TYPES_H*/
-----------------------------------------------------------------------
Summary of changes:
cipher/bithelp.h | 45 ++++++++++++++++++++
configure.ac | 15 +++++++
src/types.h | 125 ++++++++++++++++++++++++++++---------------------------
3 files changed, 123 insertions(+), 62 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jan 16 14:57:30 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 16 Jan 2015 14:57:30 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-163-g067d7d8
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c (commit)
from 9d2a22c94ae99f9301321082c4fb8d73f4085fda (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c
Author: Werner Koch
Date: Fri Jan 16 14:55:03 2015 +0100
Add OCB cipher mode
* cipher/cipher-ocb.c: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
* cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
(gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
* cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
(_gcry_cipher_open_internal): Setup default taglen of OCB.
(cipher_reset): Clear OCB specific data.
(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
(_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
(_gcry_cipher_setiv): Add OCB specific nonce setting.
(_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
* src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
(gcry_cipher_final): New.
* cipher/bufhelp.h (buf_xor_1): New.
* tests/basic.c (hex2buffer): New.
(check_ocb_cipher): New.
(main): Call it here. Add option --cipher-modes.
* tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
gcry_cipher_final.
(bench_aead_decrypt_do_bench): Ditto.
(bench_aead_authenticate_do_bench): Ditto. Check error code.
(bench_ocb_encrypt_do_bench): New.
(bench_ocb_decrypt_do_bench): New.
(bench_ocb_authenticate_do_bench): New.
(ocb_encrypt_ops): New.
(ocb_decrypt_ops): New.
(ocb_authenticate_ops): New.
(cipher_modes): Add them.
(cipher_bench_one): Skip wrong block length for OCB.
* tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
OCB support.
--
See the comments on top of cipher/cipher-ocb.c for the patent status
of the OCB mode.
The implementation has not yet been optimized and as such is not faster
that the other AEAD modes. A first candidate for optimization is the
double_block function. Large improvements can be expected by writing
an AES ECB function to work on multiple blocks.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index 0150fdd..4c74533 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ Noteworthy changes in version 1.7.0 (unreleased)
* Fixed some asm build problems and feature detection bugs.
+ * Added OCB mode.
+
* Interface changes relative to the 1.6.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_mac_get_algo NEW.
@@ -30,6 +32,9 @@ Noteworthy changes in version 1.7.0 (unreleased)
gcry_cipher_set_sbox NEW macro.
GCRY_MD_GOSTR3411_CP NEW.
gcry_mpi_ec_sub NEW.
+ GCRY_CIPHER_MODE_OCB NEW.
+ GCRYCTL_SET_TAGLEN NEW.
+ gcry_cipher_final NEW macro.
Noteworthy changes in version 1.6.0 (2013-12-16)
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index ceb95f1..4a9c86d 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -41,7 +41,8 @@ libcipher_la_SOURCES = \
cipher.c cipher-internal.h \
cipher-cbc.c cipher-cfb.c cipher-ofb.c cipher-ctr.c cipher-aeswrap.c \
cipher-ccm.c cipher-cmac.c cipher-gcm.c cipher-gcm-intel-pclmul.c \
-cipher-poly1305.c cipher-selftest.c cipher-selftest.h \
+cipher-poly1305.c cipher-ocb.c \
+cipher-selftest.c cipher-selftest.h \
pubkey.c pubkey-internal.h pubkey-util.c \
md.c \
mac.c mac-internal.h \
diff --git a/cipher/bufhelp.h b/cipher/bufhelp.h
index 464b141..a372acb 100644
--- a/cipher/bufhelp.h
+++ b/cipher/bufhelp.h
@@ -120,6 +120,40 @@ do_bytes:
}
+/* Optimized function for in-place buffer xoring. */
+static inline void
+buf_xor_1(void *_dst, const void *_src, size_t len)
+{
+ byte *dst = _dst;
+ const byte *src = _src;
+ uintptr_t *ldst;
+ const uintptr_t *lsrc;
+#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
+ const unsigned int longmask = sizeof(uintptr_t) - 1;
+
+ /* Skip fast processing if buffers are unaligned. */
+ if (((uintptr_t)dst | (uintptr_t)src) & longmask)
+ goto do_bytes;
+#endif
+
+ ldst = (uintptr_t *)(void *)dst;
+ lsrc = (const uintptr_t *)(const void *)src;
+
+ for (; len >= sizeof(uintptr_t); len -= sizeof(uintptr_t))
+ *ldst++ ^= *lsrc++;
+
+ dst = (byte *)ldst;
+ src = (const byte *)lsrc;
+
+#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
+do_bytes:
+#endif
+ /* Handle tail. */
+ for (; len; len--)
+ *dst++ ^= *src;
+}
+
+
/* Optimized function for buffer xoring with two destination buffers. Used
mainly by CFB mode encryption. */
static inline void
diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h
index 650d813..50b0324 100644
--- a/cipher/cipher-internal.h
+++ b/cipher/cipher-internal.h
@@ -26,6 +26,25 @@
/* The maximum supported size of a block in bytes. */
#define MAX_BLOCKSIZE 16
+/* The length for an OCB block. Although OCB supports any block
+ length it does not make sense to use a 64 bit blocklen (and cipher)
+ because this reduces the security margin to an unacceptable state.
+ Thus we require a cipher with 128 bit blocklength. */
+#define OCB_BLOCK_LEN (128/8)
+
+/* The size of the pre-computed L table for OCB. This takes the same
+ size as the table used for GCM and thus we don't save anything by
+ not using such a table. */
+#define OCB_L_TABLE_SIZE 16
+
+
+/* Check the above constants. */
+#if OCB_BLOCK_LEN > MAX_BLOCKSIZE
+# error OCB_BLOCKLEN > MAX_BLOCKSIZE
+#endif
+
+
+
/* Magic values for the context structure. */
#define CTX_MAGIC_NORMAL 0x24091964
#define CTX_MAGIC_SECURE 0x46919042
@@ -119,19 +138,22 @@ struct gcry_cipher_handle
unsigned int key:1; /* Set to 1 if a key has been set. */
unsigned int iv:1; /* Set to 1 if a IV has been set. */
unsigned int tag:1; /* Set to 1 if a tag is finalized. */
+ unsigned int finalize:1; /* Next encrypt/decrypt has the final data. */
} marks;
/* The initialization vector. For best performance we make sure
that it is properly aligned. In particular some implementations
of bulk operations expect an 16 byte aligned IV. IV is also used
- to store CBC-MAC in CCM mode; counter IV is stored in U_CTR. */
+ to store CBC-MAC in CCM mode; counter IV is stored in U_CTR. For
+ OCB mode it is used for the offset value. */
union {
cipher_context_alignment_t iv_align;
unsigned char iv[MAX_BLOCKSIZE];
} u_iv;
/* The counter for CTR mode. This field is also used by AESWRAP and
- thus we can't use the U_IV union. */
+ thus we can't use the U_IV union. For OCB mode it is used for
+ the checksum. */
union {
cipher_context_alignment_t iv_align;
unsigned char ctr[MAX_BLOCKSIZE];
@@ -232,6 +254,40 @@ struct gcry_cipher_handle
#endif
#endif
} gcm;
+
+ /* Mode specific storage for OCB mode. */
+ struct {
+ /* Helper variables and pre-computed table of L values. */
+ unsigned char L_star[OCB_BLOCK_LEN];
+ unsigned char L_dollar[OCB_BLOCK_LEN];
+ unsigned char L[OCB_BLOCK_LEN][OCB_L_TABLE_SIZE];
+
+ /* The tag is valid if marks.tag has been set. */
+ unsigned char tag[OCB_BLOCK_LEN];
+
+ /* A buffer to hold the offset for the AAD processing. */
+ unsigned char aad_offset[OCB_BLOCK_LEN];
+
+ /* A buffer to hold the current sum of AAD processing. We can't
+ use tag here because tag may already hold the preprocessed
+ checksum of the data. */
+ unsigned char aad_sum[OCB_BLOCK_LEN];
+
+ /* Number of data/aad blocks processed so far. */
+ u64 data_nblocks;
+ u64 aad_nblocks;
+
+ /* Length of the tag. Fixed for now but may eventually be
+ specified using a set of gcry_cipher_flags. */
+ unsigned char taglen;
+
+ /* Flags indicating that the final data/aad block has been
+ processed. */
+ unsigned int data_finalized:1;
+ unsigned int aad_finalized:1;
+
+ } ocb;
+
} u_mode;
/* What follows are two contexts of the cipher in use. The first
@@ -363,4 +419,27 @@ gcry_err_code_t _gcry_cipher_poly1305_check_tag
void _gcry_cipher_poly1305_setkey
/* */ (gcry_cipher_hd_t c);
+
+/*-- cipher-ocb.c --*/
+gcry_err_code_t _gcry_cipher_ocb_encrypt
+/* */ (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen);
+gcry_err_code_t _gcry_cipher_ocb_decrypt
+/* */ (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen);
+gcry_err_code_t _gcry_cipher_ocb_set_nonce
+/* */ (gcry_cipher_hd_t c, const unsigned char *nonce,
+ size_t noncelen);
+gcry_err_code_t _gcry_cipher_ocb_authenticate
+/* */ (gcry_cipher_hd_t c, const unsigned char *abuf, size_t abuflen);
+gcry_err_code_t _gcry_cipher_ocb_get_tag
+/* */ (gcry_cipher_hd_t c,
+ unsigned char *outtag, size_t taglen);
+gcry_err_code_t _gcry_cipher_ocb_check_tag
+/* */ (gcry_cipher_hd_t c,
+ const unsigned char *intag, size_t taglen);
+
+
#endif /*G10_CIPHER_INTERNAL_H*/
diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c
new file mode 100644
index 0000000..25466f0
--- /dev/null
+++ b/cipher/cipher-ocb.c
@@ -0,0 +1,495 @@
+/* cipher-ocb.c - OCB cipher mode
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see .
+ *
+ *
+ * OCB is covered by several patents but may be used freely by most
+ * software. See http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm .
+ * In particular license 1 is suitable for Libgcrypt: See
+ * http://web.cs.ucdavis.edu/~rogaway/ocb/license1.pdf for the full
+ * license document; it basically says:
+ *
+ * License 1 ? License for Open-Source Software Implementations of OCB
+ * (Jan 9, 2013)
+ *
+ * Under this license, you are authorized to make, use, and
+ * distribute open-source software implementations of OCB. This
+ * license terminates for you if you sue someone over their
+ * open-source software implementation of OCB claiming that you have
+ * a patent covering their implementation.
+ */
+
+
+#include
+#include
+#include
+#include
+#include
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "bufhelp.h"
+#include "./cipher-internal.h"
+
+
+/* Double the OCB_BLOCK_LEN sized block B in-place. */
+static inline void
+double_block (unsigned char *b)
+{
+#if OCB_BLOCK_LEN != 16
+ unsigned char b_0 = b[0];
+ int i;
+
+ for (i=0; i < OCB_BLOCK_LEN - 1; i++)
+ b[i] = (b[i] << 1) | (b[i+1] >> 7);
+
+ b[OCB_BLOCK_LEN-1] = (b[OCB_BLOCK_LEN-1] << 1) ^ ((b_0 >> 7) * 135);
+#else
+ /* This is the generic code for 16 byte blocks. However it is not
+ faster than the straight byte by byte implementation. */
+ u64 l_0, l, r;
+
+ l = buf_get_be64 (b);
+ r = buf_get_be64 (b + 8);
+
+ l_0 = (int64_t)l >> 63;
+ l = (l + l) ^ (r >> 63);
+ r = (r + r) ^ (l_0 & 135);
+
+ buf_put_be64 (b, l);
+ buf_put_be64 (b+8, r);
+#endif
+}
+
+
+/* Double the OCB_BLOCK_LEN sized block S and store it at D. S and D
+ may point to the same memory location but they may not overlap. */
+static void
+double_block_cpy (unsigned char *d, const unsigned char *s)
+{
+ if (d != s)
+ buf_cpy (d, s, OCB_BLOCK_LEN);
+ double_block (d);
+}
+
+
+/* Copy NBYTES from buffer S starting at bit offset BITOFF to buffer D. */
+static void
+bit_copy (unsigned char *d, const unsigned char *s,
+ unsigned int bitoff, unsigned int nbytes)
+{
+ unsigned int shift;
+
+ s += bitoff / 8;
+ shift = bitoff % 8;
+ if (shift)
+ {
+ for (; nbytes; nbytes--, d++, s++)
+ *d = (s[0] << shift) | (s[1] >> (8 - shift));
+ }
+ else
+ {
+ for (; nbytes; nbytes--, d++, s++)
+ *d = *s;
+ }
+}
+
+
+/* Return the L-value for block N. In most cases we use the table;
+ only if the lower OCB_L_TABLE_SIZE bits of N are zero we need to
+ compute it. With a table size of 16 we need to this this only
+ every 65536-th block. L_TMP is a helper buffer of size
+ OCB_BLOCK_LEN which is used to hold the computation if not taken
+ from the table. */
+static const unsigned char *
+get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n)
+{
+ int ntz = _gcry_ctz64 (n);
+
+ if (ntz < OCB_L_TABLE_SIZE)
+ return c->u_mode.ocb.L[ntz];
+
+ double_block_cpy (l_tmp, c->u_mode.ocb.L[OCB_L_TABLE_SIZE - 1]);
+ for (ntz -= OCB_L_TABLE_SIZE; ntz; ntz--)
+ double_block (l_tmp);
+
+ return l_tmp;
+}
+
+
+/* Set the nonce for OCB. This requires that the key has been set.
+ Using it again resets start a new encryption cycle using the same
+ key. */
+gcry_err_code_t
+_gcry_cipher_ocb_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce,
+ size_t noncelen)
+{
+ unsigned char ktop[OCB_BLOCK_LEN];
+ unsigned char stretch[OCB_BLOCK_LEN + 8];
+ unsigned int bottom;
+ int i;
+ unsigned int burn = 0;
+ unsigned int nburn;
+
+ /* Check args. */
+ if (!c->marks.key)
+ return GPG_ERR_INV_STATE; /* Key must have been set first. */
+ switch (c->u_mode.ocb.taglen)
+ {
+ case 8:
+ case 12:
+ case 16:
+ break;
+ default:
+ return GPG_ERR_BUG; /* Invalid tag length. */
+ }
+
+ if (c->spec->blocksize != OCB_BLOCK_LEN)
+ return GPG_ERR_CIPHER_ALGO;
+ if (!nonce)
+ return GPG_ERR_INV_ARG;
+ /* 120 bit is the allowed maximum. In addition we impose a minimum
+ of 64 bit. */
+ if (noncelen > (120/8) || noncelen < (64/8) || noncelen >= OCB_BLOCK_LEN)
+ return GPG_ERR_INV_LENGTH;
+
+ /* Set up the L table. */
+ /* L_star = E(zero_128) */
+ memset (ktop, 0, OCB_BLOCK_LEN);
+ nburn = c->spec->encrypt (&c->context.c, c->u_mode.ocb.L_star, ktop);
+ burn = nburn > burn ? nburn : burn;
+ /* L_dollar = double(L_star) */
+ double_block_cpy (c->u_mode.ocb.L_dollar, c->u_mode.ocb.L_star);
+ /* L_0 = double(L_dollar), ... */
+ double_block_cpy (c->u_mode.ocb.L[0], c->u_mode.ocb.L_dollar);
+ for (i = 1; i < OCB_L_TABLE_SIZE; i++)
+ double_block_cpy (c->u_mode.ocb.L[i], c->u_mode.ocb.L[i-1]);
+
+ /* Prepare the nonce. */
+ memset (ktop, 0, (OCB_BLOCK_LEN - noncelen));
+ buf_cpy (ktop + (OCB_BLOCK_LEN - noncelen), nonce, noncelen);
+ ktop[0] = ((c->u_mode.ocb.taglen * 8) % 128) << 1;
+ ktop[OCB_BLOCK_LEN - noncelen - 1] |= 1;
+ bottom = ktop[OCB_BLOCK_LEN - 1] & 0x3f;
+ ktop[OCB_BLOCK_LEN - 1] &= 0xc0; /* Zero the bottom bits. */
+ nburn = c->spec->encrypt (&c->context.c, ktop, ktop);
+ burn = nburn > burn ? nburn : burn;
+ /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+ buf_cpy (stretch, ktop, OCB_BLOCK_LEN);
+ buf_xor (stretch + OCB_BLOCK_LEN, ktop, ktop + 1, 8);
+ /* Offset_0 = Stretch[1+bottom..128+bottom]
+ (We use the IV field to store the offset) */
+ bit_copy (c->u_iv.iv, stretch, bottom, OCB_BLOCK_LEN);
+ c->marks.iv = 1;
+
+ /* Checksum_0 = zeros(128)
+ (We use the CTR field to store the checksum) */
+ memset (c->u_ctr.ctr, 0, OCB_BLOCK_LEN);
+
+ /* Clear AAD buffer. */
+ memset (c->u_mode.ocb.aad_offset, 0, OCB_BLOCK_LEN);
+ memset (c->u_mode.ocb.aad_sum, 0, OCB_BLOCK_LEN);
+
+ /* Setup other values. */
+ memset (c->lastiv, 0, sizeof(c->lastiv));
+ c->unused = 0;
+ c->marks.tag = 0;
+ c->marks.finalize = 0;
+ c->u_mode.ocb.data_nblocks = 0;
+ c->u_mode.ocb.aad_nblocks = 0;
+ c->u_mode.ocb.data_finalized = 0;
+ c->u_mode.ocb.aad_finalized = 0;
+
+ /* log_printhex ("L_* ", c->u_mode.ocb.L_star, OCB_BLOCK_LEN); */
+ /* log_printhex ("L_$ ", c->u_mode.ocb.L_dollar, OCB_BLOCK_LEN); */
+ /* log_printhex ("L_0 ", c->u_mode.ocb.L[0], OCB_BLOCK_LEN); */
+ /* log_printhex ("L_1 ", c->u_mode.ocb.L[1], OCB_BLOCK_LEN); */
+ /* log_debug ( "bottom : %u (decimal)\n", bottom); */
+ /* log_printhex ("Ktop ", ktop, OCB_BLOCK_LEN); */
+ /* log_printhex ("Stretch ", stretch, sizeof stretch); */
+ /* log_printhex ("Offset_0 ", c->u_iv.iv, OCB_BLOCK_LEN); */
+
+ /* Cleanup */
+ wipememory (ktop, sizeof ktop);
+ wipememory (stretch, sizeof stretch);
+ if (burn > 0)
+ _gcry_burn_stack (burn + 4*sizeof(void*));
+
+ return 0;
+}
+
+
+/* Process additional authentication data. This implementation allows
+ to add additional authentication data at any time before the final
+ gcry_cipher_gettag. The size of the data provided in
+ (ABUF,ABUFLEN) must be a multiple of the blocksize. If a
+ non-multiple of the blocksize is used no further data may be passed
+ to this function. */
+gcry_err_code_t
+_gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf,
+ size_t abuflen)
+{
+ unsigned char l_tmp[OCB_BLOCK_LEN];
+
+ /* Check that a nonce and thus a key has been set and that we have
+ not yet computed the tag. We also return an error if the aad has
+ been finalized (i.e. a short block has been processed). */
+ if (!c->marks.iv || c->marks.tag || c->u_mode.ocb.aad_finalized)
+ return GPG_ERR_INV_STATE;
+
+ /* Check correct usage and arguments. */
+ if (c->spec->blocksize != OCB_BLOCK_LEN)
+ return GPG_ERR_CIPHER_ALGO;
+ if (!abuflen)
+ return 0;
+
+ /* Hash all full blocks. */
+ while (abuflen >= OCB_BLOCK_LEN)
+ {
+ c->u_mode.ocb.aad_nblocks++;
+
+ /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+ buf_xor_1 (c->u_mode.ocb.aad_offset,
+ get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), OCB_BLOCK_LEN);
+ /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+ buf_xor (l_tmp, c->u_mode.ocb.aad_offset, abuf, OCB_BLOCK_LEN);
+ c->spec->encrypt (&c->context.c, l_tmp, l_tmp);
+ buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN);
+
+ abuf += OCB_BLOCK_LEN;
+ abuflen -= OCB_BLOCK_LEN;
+ }
+
+ /* Hash final partial block. Note that we expect ABUFLEN to be
+ shorter than OCB_BLOCK_LEN. */
+ if (abuflen)
+ {
+ /* Offset_* = Offset_m xor L_* */
+ buf_xor_1 (c->u_mode.ocb.aad_offset,
+ c->u_mode.ocb.L_star, OCB_BLOCK_LEN);
+ /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
+ buf_cpy (l_tmp, abuf, abuflen);
+ memset (l_tmp + abuflen, 0, OCB_BLOCK_LEN - abuflen);
+ l_tmp[abuflen] = 0x80;
+ buf_xor_1 (l_tmp, c->u_mode.ocb.aad_offset, OCB_BLOCK_LEN);
+ /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
+ c->spec->encrypt (&c->context.c, l_tmp, l_tmp);
+ buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN);
+
+ /* Mark AAD as finalized to avoid accidently calling this
+ function again after a non-full block has been processed. */
+ c->u_mode.ocb.aad_finalized = 1;
+ }
+
+ return 0;
+}
+
+
+/* Common code for encrypt and decrypt. */
+static gcry_err_code_t
+ocb_crypt (gcry_cipher_hd_t c, int encrypt,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen)
+{
+ unsigned char l_tmp[OCB_BLOCK_LEN];
+ unsigned int burn = 0;
+ unsigned int nburn;
+
+ /* Check that a nonce and thus a key has been set and that we are
+ not yet in end of data state. */
+ if (!c->marks.iv || c->u_mode.ocb.data_finalized)
+ return GPG_ERR_INV_STATE;
+
+ /* Check correct usage and arguments. */
+ if (c->spec->blocksize != OCB_BLOCK_LEN)
+ return GPG_ERR_CIPHER_ALGO;
+ if (outbuflen < inbuflen)
+ return GPG_ERR_BUFFER_TOO_SHORT;
+ if (c->marks.finalize)
+ ; /* Allow arbitarty length. */
+ else if ((inbuflen % OCB_BLOCK_LEN))
+ return GPG_ERR_INV_LENGTH; /* We support only full blocks for now. */
+
+ /* Encrypt all full blocks. */
+ while (inbuflen >= OCB_BLOCK_LEN)
+ {
+ c->u_mode.ocb.data_nblocks++;
+
+ /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+ buf_xor_1 (c->u_iv.iv,
+ get_l (c, l_tmp, c->u_mode.ocb.data_nblocks), OCB_BLOCK_LEN);
+ /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
+ buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN);
+ if (encrypt)
+ nburn = c->spec->encrypt (&c->context.c, outbuf, outbuf);
+ else
+ nburn = c->spec->decrypt (&c->context.c, outbuf, outbuf);
+ burn = nburn > burn ? nburn : burn;
+ buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN);
+
+ /* Checksum_i = Checksum_{i-1} xor P_i */
+ buf_xor_1 (c->u_ctr.ctr, encrypt? inbuf : outbuf, OCB_BLOCK_LEN);
+
+ inbuf += OCB_BLOCK_LEN;
+ inbuflen -= OCB_BLOCK_LEN;
+ outbuf += OCB_BLOCK_LEN;
+ outbuflen =- OCB_BLOCK_LEN;
+ }
+
+ /* Encrypt final partial block. Note that we expect INBUFLEN to be
+ shorter than OCB_BLOCK_LEN (see above). */
+ if (inbuflen)
+ {
+ unsigned char pad[OCB_BLOCK_LEN];
+
+ /* Offset_* = Offset_m xor L_* */
+ buf_xor_1 (c->u_iv.iv, c->u_mode.ocb.L_star, OCB_BLOCK_LEN);
+ /* Pad = ENCIPHER(K, Offset_*) */
+ nburn = c->spec->encrypt (&c->context.c, pad, c->u_iv.iv);
+ burn = nburn > burn ? nburn : burn;
+
+ if (encrypt)
+ {
+ /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+ /* Note that INBUFLEN is less than OCB_BLOCK_LEN. */
+ buf_cpy (l_tmp, inbuf, inbuflen);
+ memset (l_tmp + inbuflen, 0, OCB_BLOCK_LEN - inbuflen);
+ l_tmp[inbuflen] = 0x80;
+ buf_xor_1 (c->u_ctr.ctr, l_tmp, OCB_BLOCK_LEN);
+ /* C_* = P_* xor Pad[1..bitlen(P_*)] */
+ buf_xor (outbuf, inbuf, pad, inbuflen);
+ }
+ else
+ {
+ /* P_* = C_* xor Pad[1..bitlen(C_*)] */
+ /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+ buf_cpy (l_tmp, pad, OCB_BLOCK_LEN);
+ buf_cpy (l_tmp, inbuf, inbuflen);
+ buf_xor_1 (l_tmp, pad, OCB_BLOCK_LEN);
+ l_tmp[inbuflen] = 0x80;
+ buf_cpy (outbuf, l_tmp, inbuflen);
+
+ buf_xor_1 (c->u_ctr.ctr, l_tmp, OCB_BLOCK_LEN);
+ }
+ }
+
+ /* Compute the tag if the finalize flag has been set. */
+ if (c->marks.finalize)
+ {
+ /* Tag = ENCIPHER(K, Checksum xor Offset xor L_$) xor HASH(K,A) */
+ buf_xor (c->u_mode.ocb.tag, c->u_ctr.ctr, c->u_iv.iv, OCB_BLOCK_LEN);
+ buf_xor_1 (c->u_mode.ocb.tag, c->u_mode.ocb.L_dollar, OCB_BLOCK_LEN);
+ nburn = c->spec->encrypt (&c->context.c,
+ c->u_mode.ocb.tag, c->u_mode.ocb.tag);
+ burn = nburn > burn ? nburn : burn;
+
+ c->u_mode.ocb.data_finalized = 1;
+ /* Note that the the final part of the tag computation is done
+ by _gcry_cipher_ocb_get_tag. */
+ }
+
+ if (burn > 0)
+ _gcry_burn_stack (burn + 4*sizeof(void*));
+
+ return 0;
+}
+
+
+/* Encrypt (INBUF,INBUFLEN) in OCB mode to OUTBUF. OUTBUFLEN gives
+ the allocated size of OUTBUF. This function accepts only multiples
+ of a full block unless gcry_cipher_final has been called in which
+ case the next block may have any length. */
+gcry_err_code_t
+_gcry_cipher_ocb_encrypt (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen)
+
+{
+ return ocb_crypt (c, 1, outbuf, outbuflen, inbuf, inbuflen);
+}
+
+
+/* Decrypt (INBUF,INBUFLEN) in OCB mode to OUTBUF. OUTBUFLEN gives
+ the allocated size of OUTBUF. This function accepts only multiples
+ of a full block unless gcry_cipher_final has been called in which
+ case the next block may have any length. */
+gcry_err_code_t
+_gcry_cipher_ocb_decrypt (gcry_cipher_hd_t c,
+ unsigned char *outbuf, size_t outbuflen,
+ const unsigned char *inbuf, size_t inbuflen)
+{
+ return ocb_crypt (c, 0, outbuf, outbuflen, inbuf, inbuflen);
+}
+
+
+/* Compute the tag. The last data operation has already done some
+ part of it. To allow adding AAD even after having done all data,
+ we finish the tag computation only here. */
+static void
+compute_tag_if_needed (gcry_cipher_hd_t c)
+{
+ if (!c->marks.tag)
+ {
+ buf_xor_1 (c->u_mode.ocb.tag, c->u_mode.ocb.aad_sum, OCB_BLOCK_LEN);
+ c->marks.tag = 1;
+ }
+}
+
+
+/* Copy the already computed tag to OUTTAG. OUTTAGSIZE is the
+ allocated size of OUTTAG; the function returns an error if that is
+ too short to hold the tag. */
+gcry_err_code_t
+_gcry_cipher_ocb_get_tag (gcry_cipher_hd_t c,
+ unsigned char *outtag, size_t outtagsize)
+{
+ if (c->u_mode.ocb.taglen > outtagsize)
+ return GPG_ERR_BUFFER_TOO_SHORT;
+ if (!c->u_mode.ocb.data_finalized)
+ return GPG_ERR_INV_STATE; /* Data has not yet been finalized. */
+
+ compute_tag_if_needed (c);
+
+ memcpy (outtag, c->u_mode.ocb.tag, c->u_mode.ocb.taglen);
+
+ return 0;
+}
+
+
+/* Check that the tag (INTAG,TAGLEN) matches the computed tag for the
+ handle C. */
+gcry_err_code_t
+_gcry_cipher_ocb_check_tag (gcry_cipher_hd_t c, const unsigned char *intag,
+ size_t taglen)
+{
+ size_t n;
+
+ if (!c->u_mode.ocb.data_finalized)
+ return GPG_ERR_INV_STATE; /* Data has not yet been finalized. */
+
+ compute_tag_if_needed (c);
+
+ n = c->u_mode.ocb.taglen;
+ if (taglen < n)
+ n = taglen;
+
+ if (!buf_eq_const (intag, c->u_mode.ocb.tag, n)
+ || c->u_mode.ocb.taglen != taglen)
+ return GPG_ERR_CHECKSUM;
+
+ return 0;
+}
diff --git a/cipher/cipher.c b/cipher/cipher.c
index 78cad21..0a13fe6 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -425,6 +425,17 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
err = GPG_ERR_INV_CIPHER_MODE;
break;
+ case GCRY_CIPHER_MODE_OCB:
+ /* Note that our implementation allows only for 128 bit block
+ length algorithms. Lower block lengths would be possible
+ but we do not implement them because they limit the
+ security too much. */
+ if (!spec->encrypt || !spec->decrypt)
+ err = GPG_ERR_INV_CIPHER_MODE;
+ else if (spec->blocksize != (128/8))
+ err = GPG_ERR_INV_CIPHER_MODE;
+ break;
+
case GCRY_CIPHER_MODE_STREAM:
if (!spec->stencrypt || !spec->stdecrypt)
err = GPG_ERR_INV_CIPHER_MODE;
@@ -445,7 +456,8 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
/* Perform selftest here and mark this with a flag in cipher_table?
No, we should not do this as it takes too long. Further it does
not make sense to exclude algorithms with failing selftests at
- runtime: If a selftest fails there is something seriously wrong with the system and thus we better die immediately. */
+ runtime: If a selftest fails there is something seriously wrong
+ with the system and thus we better die immediately. */
if (! err)
{
@@ -551,6 +563,18 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
default:
break;
}
+
+ /* Setup defaults depending on the mode. */
+ switch (mode)
+ {
+ case GCRY_CIPHER_MODE_OCB:
+ h->u_mode.ocb.taglen = 16; /* Bytes. */
+ break;
+
+ default:
+ break;
+ }
+
}
}
@@ -716,6 +740,10 @@ cipher_reset (gcry_cipher_hd_t c)
break;
#endif
+ case GCRY_CIPHER_MODE_OCB:
+ memset (&c->u_mode.ocb, 0, sizeof c->u_mode.ocb);
+ break;
+
default:
break; /* u_mode unused by other modes. */
}
@@ -827,6 +855,10 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
inbuf, inbuflen);
break;
+ case GCRY_CIPHER_MODE_OCB:
+ rc = _gcry_cipher_ocb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen);
+ break;
+
case GCRY_CIPHER_MODE_STREAM:
c->spec->stencrypt (&c->context.c,
outbuf, (byte*)/*arggg*/inbuf, inbuflen);
@@ -940,6 +972,10 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen,
inbuf, inbuflen);
break;
+ case GCRY_CIPHER_MODE_OCB:
+ rc = _gcry_cipher_ocb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen);
+ break;
+
case GCRY_CIPHER_MODE_STREAM:
c->spec->stdecrypt (&c->context.c,
outbuf, (byte*)/*arggg*/inbuf, inbuflen);
@@ -1029,6 +1065,10 @@ _gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen)
rc = _gcry_cipher_poly1305_setiv (hd, iv, ivlen);
break;
+ case GCRY_CIPHER_MODE_OCB:
+ rc = _gcry_cipher_ocb_set_nonce (hd, iv, ivlen);
+ break;
+
default:
rc = cipher_setiv (hd, iv, ivlen);
break;
@@ -1083,6 +1123,10 @@ _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf,
rc = _gcry_cipher_poly1305_authenticate (hd, abuf, abuflen);
break;
+ case GCRY_CIPHER_MODE_OCB:
+ rc = _gcry_cipher_ocb_authenticate (hd, abuf, abuflen);
+ break;
+
default:
log_error ("gcry_cipher_authenticate: invalid mode %d\n", hd->mode);
rc = GPG_ERR_INV_CIPHER_MODE;
@@ -1116,6 +1160,10 @@ _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen)
rc = _gcry_cipher_poly1305_get_tag (hd, outtag, taglen);
break;
+ case GCRY_CIPHER_MODE_OCB:
+ rc = _gcry_cipher_ocb_get_tag (hd, outtag, taglen);
+ break;
+
default:
log_error ("gcry_cipher_gettag: invalid mode %d\n", hd->mode);
rc = GPG_ERR_INV_CIPHER_MODE;
@@ -1149,6 +1197,10 @@ _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen)
rc = _gcry_cipher_poly1305_check_tag (hd, intag, taglen);
break;
+ case GCRY_CIPHER_MODE_OCB:
+ rc = _gcry_cipher_ocb_check_tag (hd, intag, taglen);
+ break;
+
default:
log_error ("gcry_cipher_checktag: invalid mode %d\n", hd->mode);
rc = GPG_ERR_INV_CIPHER_MODE;
@@ -1170,6 +1222,12 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
cipher_reset (h);
break;
+ case GCRYCTL_FINALIZE:
+ if (!h || buffer || buflen)
+ return GPG_ERR_INV_ARG;
+ h->marks.finalize = 1;
+ break;
+
case GCRYCTL_CFB_SYNC:
cipher_sync( h );
break;
@@ -1222,6 +1280,29 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
#endif
break;
+ case GCRYCTL_SET_TAGLEN:
+ if (!h || !buffer || buflen != sizeof(int) )
+ return GPG_ERR_INV_ARG;
+ switch (h->mode)
+ {
+ case GCRY_CIPHER_MODE_OCB:
+ switch (*(int*)buffer)
+ {
+ case 8: case 12: case 16:
+ h->u_mode.ocb.taglen = *(int*)buffer;
+ break;
+ default:
+ rc = GPG_ERR_INV_LENGTH; /* Invalid tag length. */
+ break;
+ }
+ break;
+
+ default:
+ rc =GPG_ERR_INV_CIPHER_MODE;
+ break;
+ }
+ break;
+
case GCRYCTL_DISABLE_ALGO:
/* This command expects NULL for H and BUFFER to point to an
integer with the algo number. */
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 7337db9..8683ca8 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1650,7 +1650,14 @@ mode, which can be used with ChaCha20 and Salsa20 stream ciphers.
@item GCRY_CIPHER_MODE_OCB
@cindex OCB, OCB3
OCB is an Authenticated Encryption with Associated Data (AEAD) block
-cipher mode, which is specified in RFC-7253.
+cipher mode, which is specified in RFC-7253. Supported tag lengths
+are 128, 96, and 64 bit with the default being 128 bit. To switch to
+a different tag length @code{gcry_cipher_ctl} using the command
+ at code{GCRYCTL_SET_TAGLEN} and the address of an @code{int} variable
+set to 12 (for 96 bit) or 8 (for 64 bit) provided for the
+ at code{buffer} argument and @code{sizeof(int)} for @code{buflen}.
+
+Note that the use of @code{gcry_cipher_final} is required.
@end table
@@ -1750,12 +1757,9 @@ vector is passed as the buffer @var{K} of length @var{l} bytes and
copied to internal data structures. The function checks that the IV
matches the requirement of the selected algorithm and mode.
-This function is also used with Salsa20 and ChaCha20 stream ciphers
-to set or update the required nonce. In this case it needs to be
-called after setting the key.
-
-This function is also used with the AEAD cipher modes to set or
-update the required nonce.
+This function is also used by AEAD modes and with Salsa20 and ChaCha20
+stream ciphers to set or update the required nonce. In these cases it
+needs to be called after setting the key.
@end deftypefun
@@ -1827,6 +1831,9 @@ is sufficient space. Note that overlapping buffers are not allowed.
Depending on the selected algorithms and encryption mode, the length of
the buffers must be a multiple of the block size.
+Some encryption modes require that @code{gcry_cipher_final} is used
+before the final data chunk is passed to this function.
+
The function returns @code{0} on success or an error code.
@end deftypefun
@@ -1847,11 +1854,27 @@ is sufficient space. Note that overlapping buffers are not allowed.
Depending on the selected algorithms and encryption mode, the length of
the buffers must be a multiple of the block size.
+Some encryption modes require that @code{gcry_cipher_final} is used
+before the final data chunk is passed to this function.
+
The function returns @code{0} on success or an error code.
@end deftypefun
-OpenPGP (as defined in RFC-2440) requires a special sync operation in
+The OCB mode features integrated padding and must thus be told about
+the end of the input data. This is done with:
+
+ at deftypefun gcry_error_t gcry_cipher_final (gcry_cipher_hd_t @var{h})
+
+Set a flag in the context to tell the encrypt and decrypt functions
+that their next call will provide the last chunk of data. Only the
+first call to this function has an effect and only for modes which
+support it. Checking the error in in general not necessary. This is
+implemented as a macro.
+ at end deftypefun
+
+
+OpenPGP (as defined in RFC-4880) requires a special sync operation in
some places. The following function is used for this:
@deftypefun gcry_error_t gcry_cipher_sync (gcry_cipher_hd_t @var{h})
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 85c6753..10099e1 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -331,7 +331,8 @@ enum gcry_ctl_cmds
GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
GCRYCTL_SET_SBOX = 73,
- GCRYCTL_DRBG_REINIT = 74
+ GCRYCTL_DRBG_REINIT = 74,
+ GCRYCTL_SET_TAGLEN = 75
};
/* Perform various operations defined by CMD. */
@@ -1012,6 +1013,11 @@ gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
#define gcry_cipher_set_sbox(h,oid) gcry_cipher_ctl( (h), GCRYCTL_SET_SBOX, \
(oid), 0);
+/* Indicate to the encrypt and decrypt functions that the next call
+ provides the final data. Only used with some modes. e */
+#define gcry_cipher_final(a) \
+ gcry_cipher_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of
block size length, or (NULL,0) to set the CTR to the all-zero block. */
gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd,
diff --git a/tests/basic.c b/tests/basic.c
index ef8260f..869b381 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -61,6 +61,22 @@ static int error_count;
static int in_fips_mode;
static int die_on_error;
+#define MAX_DATA_LEN 128
+
+#define digitp(p) (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a) \
+ || (*(a) >= 'A' && *(a) <= 'F') \
+ || (*(a) >= 'a' && *(a) <= 'f'))
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+#define xmalloc(a) gcry_xmalloc ((a))
+#define xcalloc(a,b) gcry_xcalloc ((a),(b))
+#define xstrdup(a) gcry_xstrdup ((a))
+#define xfree(a) gcry_free ((a))
+
+
+
static void
fail (const char *format, ...)
{
@@ -74,6 +90,7 @@ fail (const char *format, ...)
exit (1);
}
+
static void
mismatch (const void *expected, size_t expectedlen,
const void *computed, size_t computedlen)
@@ -102,6 +119,30 @@ die (const char *format, ...)
}
+/* Convert STRING consisting of hex characters into its binary
+ representation and return it as an allocated buffer. The valid
+ length of the buffer is returned at R_LENGTH. The string is
+ delimited by end of string. The function terminates on error. */
+static void *
+hex2buffer (const char *string, size_t *r_length)
+{
+ const char *s;
+ unsigned char *buffer;
+ size_t length;
+
+ buffer = xmalloc (strlen(string)/2+1);
+ length = 0;
+ for (s=string; *s; s +=2 )
+ {
+ if (!hexdigitp (s) || !hexdigitp (s+1))
+ die ("invalid hex digits in \"%s\"\n", string);
+ ((unsigned char*)buffer)[length++] = xtoi_2 (s);
+ }
+ *r_length = length;
+ return buffer;
+}
+
+
static void
show_sexp (const char *prefix, gcry_sexp_t a)
{
@@ -195,8 +236,6 @@ show_mac_not_available (int algo)
-#define MAX_DATA_LEN 128
-
void
progress_handler (void *cb_data, const char *what, int printchar,
int current, int total)
@@ -2742,6 +2781,355 @@ check_ccm_cipher (void)
static void
+check_ocb_cipher (void)
+{
+ /* Note that we use hex strings and not binary strings in TV. That
+ makes it easier to maintain the test vectors. */
+ static const struct
+ {
+ int algo;
+ int taglen; /* 16, 12, or 8 bytes */
+ const char *key; /* NULL means "000102030405060708090A0B0C0D0E0F" */
+ const char *nonce;
+ const char *aad;
+ const char *plain;
+ const char *ciph;
+ } tv[] = {
+ /* The RFC-7253 test vectos*/
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221100",
+ "",
+ "",
+ "785407BFFFC8AD9EDCC5520AC9111EE6"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221101",
+ "0001020304050607",
+ "0001020304050607",
+ "6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221102",
+ "0001020304050607",
+ "",
+ "81017F8203F081277152FADE694A0A00"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221103",
+ "",
+ "0001020304050607",
+ "45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221104",
+ "000102030405060708090A0B0C0D0E0F",
+ "000102030405060708090A0B0C0D0E0F",
+ "571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5"
+ "701C1CCEC8FC3358"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221105",
+ "000102030405060708090A0B0C0D0E0F",
+ "",
+ "8CF761B6902EF764462AD86498CA6B97"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221106",
+ "",
+ "000102030405060708090A0B0C0D0E0F",
+ "5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436B"
+ "DF06D8FA1ECA343D"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221107",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "1CA2207308C87C010756104D8840CE1952F09673A448A122"
+ "C92C62241051F57356D7F3C90BB0E07F"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221108",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "",
+ "6DC225A071FC1B9F7C69F93B0F1E10DE"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA99887766554433221109",
+ "",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3C"
+ "E725F32494B9F914D85C0B1EB38357FF"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA9988776655443322110A",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F",
+ "BD6F6C496201C69296C11EFD138A467ABD3C707924B964DE"
+ "AFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA9988776655443322110B",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F",
+ "",
+ "FE80690BEE8A485D11F32965BC9D2A32"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA9988776655443322110C",
+ "",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F",
+ "2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF4"
+ "6040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA9988776655443322110D",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627",
+ "D5CA91748410C1751FF8A2F618255B68A0A12E093FF45460"
+ "6E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483"
+ "A7035490C5769E60"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA9988776655443322110E",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627",
+ "",
+ "C5CD9D1850C141E358649994EE701B68"
+ },
+ { GCRY_CIPHER_AES, 16, NULL,
+ "BBAA9988776655443322110F",
+ "",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627",
+ "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15"
+ "A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95"
+ "A98CA5F3000B1479"
+ },
+ { GCRY_CIPHER_AES, 12, "0F0E0D0C0B0A09080706050403020100",
+ "BBAA9988776655443322110D",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627",
+ "000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627",
+ "1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1"
+ "A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FD"
+ "AC4F02AA"
+ }
+ };
+ gpg_error_t err = 0;
+ gcry_cipher_hd_t hde, hdd;
+ unsigned char out[MAX_DATA_LEN];
+ unsigned char tag[16];
+ int tidx;
+
+ if (verbose)
+ fprintf (stderr, " Starting OCB checks.\n");
+
+ for (tidx = 0; tidx < DIM (tv); tidx++)
+ {
+ char *key, *nonce, *aad, *ciph, *plain;
+ size_t keylen, noncelen, aadlen, ciphlen, plainlen;
+ int taglen;
+
+ if (verbose)
+ fprintf (stderr, " checking OCB mode for %s [%i] (tv %d)\n",
+ gcry_cipher_algo_name (tv[tidx].algo), tv[tidx].algo, tidx);
+
+ /* Convert to hex strings to binary. */
+ key = hex2buffer (tv[tidx].key? tv[tidx].key
+ /* */: "000102030405060708090A0B0C0D0E0F",
+ &keylen);
+ nonce = hex2buffer (tv[tidx].nonce, &noncelen);
+ aad = hex2buffer (tv[tidx].aad, &aadlen);
+ plain = hex2buffer (tv[tidx].plain, &plainlen);
+ ciph = hex2buffer (tv[tidx].ciph, &ciphlen);
+
+ /* Check that our test vectors are sane. */
+ assert (plainlen <= sizeof out);
+ assert (tv[tidx].taglen <= ciphlen);
+ assert (tv[tidx].taglen <= sizeof tag);
+
+ err = gcry_cipher_open (&hde, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0);
+ if (!err)
+ err = gcry_cipher_open (&hdd, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_open failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ return;
+ }
+
+ /* Set the taglen. For the first handle we do this only for a
+ non-default taglen. For the second handle we check that we
+ can also set to the default taglen. */
+ taglen = tv[tidx].taglen;
+ if (taglen != 16)
+ {
+ err = gcry_cipher_ctl (hde, GCRYCTL_SET_TAGLEN,
+ &taglen, sizeof taglen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcryctl_set_taglen failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+ }
+ err = gcry_cipher_ctl (hdd, GCRYCTL_SET_TAGLEN,
+ &taglen, sizeof taglen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcryctl_set_taglen failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ err = gcry_cipher_setkey (hde, key, keylen);
+ if (!err)
+ err = gcry_cipher_setkey (hdd, key, keylen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_setkey failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ err = gcry_cipher_setiv (hde, nonce, noncelen);
+ if (!err)
+ err = gcry_cipher_setiv (hdd, nonce, noncelen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_setiv failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ err = gcry_cipher_authenticate (hde, aad, aadlen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_authenticate failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ err = gcry_cipher_final (hde);
+ if (!err)
+ err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, plain, plainlen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_encrypt failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ /* Check that the encrypt output matches the expected cipher
+ text without the tag (i.e. at the length of plaintext). */
+ if (memcmp (ciph, out, plainlen))
+ {
+ mismatch (ciph, plainlen, out, plainlen);
+ fail ("cipher-ocb, encrypt data mismatch (tv %d)\n", tidx);
+ }
+
+ /* Check that the tag matches TAGLEN bytes from the end of the
+ expected ciphertext. */
+ err = gcry_cipher_gettag (hde, tag, tv[tidx].taglen);
+ if (err)
+ {
+ fail ("cipher_ocb, gcry_cipher_gettag failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ }
+ if (memcmp (ciph + ciphlen - tv[tidx].taglen, tag, tv[tidx].taglen))
+ {
+ mismatch (ciph + ciphlen - tv[tidx].taglen, tv[tidx].taglen,
+ tag, tv[tidx].taglen);
+ fail ("cipher-ocb, encrypt tag mismatch (tv %d)\n", tidx);
+ }
+
+
+ err = gcry_cipher_authenticate (hdd, aad, aadlen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_authenticate failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ /* Now for the decryption. */
+ err = gcry_cipher_final (hdd);
+ if (!err)
+ err = gcry_cipher_decrypt (hdd, out, plainlen, NULL, 0);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_decrypt (tv %d) failed: %s\n",
+ tidx, gpg_strerror (err));
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ return;
+ }
+
+ /* We still have TAG from the encryption. */
+ err = gcry_cipher_checktag (hdd, tag, tv[tidx].taglen);
+ if (err)
+ {
+ fail ("cipher-ocb, gcry_cipher_checktag failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ }
+
+ /* Check that the decrypt output matches the original plaintext. */
+ if (memcmp (plain, out, plainlen))
+ {
+ mismatch (plain, plainlen, out, plainlen);
+ fail ("cipher-ocb, decrypt data mismatch (tv %d)\n", tidx);
+ }
+
+ /* Check that gettag also works for decryption. */
+ err = gcry_cipher_gettag (hdd, tag, tv[tidx].taglen);
+ if (err)
+ {
+ fail ("cipher_ocb, decrypt gettag failed (tv %d): %s\n",
+ tidx, gpg_strerror (err));
+ }
+ if (memcmp (ciph + ciphlen - tv[tidx].taglen, tag, tv[tidx].taglen))
+ {
+ mismatch (ciph + ciphlen - tv[tidx].taglen, tv[tidx].taglen,
+ tag, tv[tidx].taglen);
+ fail ("cipher-ocb, decrypt tag mismatch (tv %d)\n", tidx);
+ }
+
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+
+ xfree (nonce);
+ xfree (aad);
+ xfree (ciph);
+ xfree (plain);
+ xfree (key);
+ }
+
+ if (verbose)
+ fprintf (stderr, " Completed OCB checks.\n");
+}
+
+
+static void
check_stream_cipher (void)
{
static const struct tv
@@ -4391,6 +4779,7 @@ check_cipher_modes(void)
check_ccm_cipher ();
check_gcm_cipher ();
check_poly1305_cipher ();
+ check_ocb_cipher ();
check_stream_cipher ();
check_stream_cipher_large_block ();
@@ -7143,6 +7532,7 @@ main (int argc, char **argv)
int use_fips = 0;
int selftest_only = 0;
int pubkey_only = 0;
+ int cipher_modes_only = 0;
int loop = 0;
unsigned int loopcount = 0;
@@ -7183,6 +7573,11 @@ main (int argc, char **argv)
pubkey_only = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--cipher-modes"))
+ {
+ cipher_modes_only = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--die"))
{
die_on_error = 1;
@@ -7228,6 +7623,8 @@ main (int argc, char **argv)
{
if (pubkey_only)
check_pubkey ();
+ else if (cipher_modes_only)
+ check_ciphers ();
else if (!selftest_only)
{
check_ciphers ();
diff --git a/tests/bench-slope.c b/tests/bench-slope.c
index ebf672e..c309b7e 100644
--- a/tests/bench-slope.c
+++ b/tests/bench-slope.c
@@ -916,6 +916,7 @@ bench_aead_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen,
gcry_cipher_setiv (hd, nonce, noncelen);
+ gcry_cipher_final (hd);
err = gcry_cipher_encrypt (hd, buf, buflen, buf, buflen);
if (err)
{
@@ -945,6 +946,7 @@ bench_aead_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen,
gcry_cipher_setiv (hd, nonce, noncelen);
+ gcry_cipher_final (hd);
err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen);
if (err)
{
@@ -976,7 +978,14 @@ bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf,
char tag[16] = { 0, };
char data = 0xff;
- gcry_cipher_setiv (hd, nonce, noncelen);
+ err = gcry_cipher_setiv (hd, nonce, noncelen);
+ if (err)
+ {
+ fprintf (stderr, PGM ": gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ gcry_cipher_close (hd);
+ exit (1);
+ }
err = gcry_cipher_authenticate (hd, buf, buflen);
if (err)
@@ -987,6 +996,7 @@ bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf,
exit (1);
}
+ gcry_cipher_final (hd);
err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data));
if (err)
{
@@ -1012,7 +1022,7 @@ bench_gcm_encrypt_do_bench (struct bench_obj *obj, void *buf,
size_t buflen)
{
char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
- 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, };
+ 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 };
bench_aead_encrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce));
}
@@ -1021,7 +1031,7 @@ bench_gcm_decrypt_do_bench (struct bench_obj *obj, void *buf,
size_t buflen)
{
char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
- 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, };
+ 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 };
bench_aead_decrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce));
}
@@ -1030,7 +1040,7 @@ bench_gcm_authenticate_do_bench (struct bench_obj *obj, void *buf,
size_t buflen)
{
char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
- 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, };
+ 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 };
bench_aead_authenticate_do_bench (obj, buf, buflen, nonce, sizeof(nonce));
}
@@ -1054,6 +1064,55 @@ static struct bench_ops gcm_authenticate_ops = {
static void
+bench_ocb_encrypt_do_bench (struct bench_obj *obj, void *buf,
+ size_t buflen)
+{
+ char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
+ 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88,
+ 0x00, 0x00, 0x01 };
+ bench_aead_encrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce));
+}
+
+static void
+bench_ocb_decrypt_do_bench (struct bench_obj *obj, void *buf,
+ size_t buflen)
+{
+ char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
+ 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88,
+ 0x00, 0x00, 0x01 };
+ bench_aead_decrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce));
+}
+
+static void
+bench_ocb_authenticate_do_bench (struct bench_obj *obj, void *buf,
+ size_t buflen)
+{
+ char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
+ 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88,
+ 0x00, 0x00, 0x01 };
+ bench_aead_authenticate_do_bench (obj, buf, buflen, nonce, sizeof(nonce));
+}
+
+static struct bench_ops ocb_encrypt_ops = {
+ &bench_encrypt_init,
+ &bench_encrypt_free,
+ &bench_ocb_encrypt_do_bench
+};
+
+static struct bench_ops ocb_decrypt_ops = {
+ &bench_encrypt_init,
+ &bench_encrypt_free,
+ &bench_ocb_decrypt_do_bench
+};
+
+static struct bench_ops ocb_authenticate_ops = {
+ &bench_encrypt_init,
+ &bench_encrypt_free,
+ &bench_ocb_authenticate_do_bench
+};
+
+
+static void
bench_poly1305_encrypt_do_bench (struct bench_obj *obj, void *buf,
size_t buflen)
{
@@ -1115,6 +1174,9 @@ static struct bench_cipher_mode cipher_modes[] = {
{GCRY_CIPHER_MODE_GCM, "GCM enc", &gcm_encrypt_ops},
{GCRY_CIPHER_MODE_GCM, "GCM dec", &gcm_decrypt_ops},
{GCRY_CIPHER_MODE_GCM, "GCM auth", &gcm_authenticate_ops},
+ {GCRY_CIPHER_MODE_OCB, "OCB enc", &ocb_encrypt_ops},
+ {GCRY_CIPHER_MODE_OCB, "OCB dec", &ocb_decrypt_ops},
+ {GCRY_CIPHER_MODE_OCB, "OCB auth", &ocb_authenticate_ops},
{GCRY_CIPHER_MODE_POLY1305, "POLY1305 enc", &poly1305_encrypt_ops},
{GCRY_CIPHER_MODE_POLY1305, "POLY1305 dec", &poly1305_decrypt_ops},
{GCRY_CIPHER_MODE_POLY1305, "POLY1305 auth", &poly1305_authenticate_ops},
@@ -1155,10 +1217,14 @@ cipher_bench_one (int algo, struct bench_cipher_mode *pmode)
if (mode.mode == GCRY_CIPHER_MODE_CCM && blklen != GCRY_CCM_BLOCK_LEN)
return;
- /* CCM has restrictions for block-size */
+ /* GCM has restrictions for block-size */
if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
return;
+ /* Our OCB implementaion has restrictions for block-size. */
+ if (mode.mode == GCRY_CIPHER_MODE_OCB && blklen != 16)
+ return;
+
bench_print_mode (14, mode.name);
obj.ops = mode.ops;
@@ -1197,17 +1263,17 @@ cipher_bench (char **argv, int argc)
if (argv && argc)
{
for (i = 0; i < argc; i++)
- {
- algo = gcry_cipher_map_name (argv[i]);
- if (algo)
- _cipher_bench (algo);
- }
+ {
+ algo = gcry_cipher_map_name (argv[i]);
+ if (algo)
+ _cipher_bench (algo);
+ }
}
else
{
for (i = 1; i < 400; i++)
- if (!gcry_cipher_test_algo (i))
- _cipher_bench (i);
+ if (!gcry_cipher_test_algo (i))
+ _cipher_bench (i);
}
}
diff --git a/tests/benchmark.c b/tests/benchmark.c
index 5bf92da..6be9509 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -779,6 +779,7 @@ cipher_bench ( const char *algoname )
void (* const aead_init)(gcry_cipher_hd_t hd, size_t buflen, int authlen);
int req_blocksize;
int authlen;
+ int noncelen;
} modes[] = {
{ GCRY_CIPHER_MODE_ECB, " ECB/Stream", 1 },
{ GCRY_CIPHER_MODE_CBC, " CBC", 1 },
@@ -791,6 +792,8 @@ cipher_bench ( const char *algoname )
#endif
{ GCRY_CIPHER_MODE_GCM, " GCM", 0,
NULL, GCRY_GCM_BLOCK_LEN, GCRY_GCM_BLOCK_LEN },
+ { GCRY_CIPHER_MODE_OCB, " OCB", 1,
+ NULL, 16, 16, 15 },
{ GCRY_CIPHER_MODE_STREAM, "", 0 },
{0}
};
@@ -929,9 +932,30 @@ cipher_bench ( const char *algoname )
exit (1);
}
}
+
+ if (modes[modeidx].noncelen)
+ {
+ char nonce[100];
+ size_t noncelen;
+
+ noncelen = modes[modeidx].noncelen;
+ if (noncelen > sizeof nonce)
+ noncelen = sizeof nonce;
+ memset (nonce, 42, noncelen);
+ err = gcry_cipher_setiv (hd, nonce, noncelen);
+ if (err)
+ {
+ fprintf (stderr, "gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ gcry_cipher_close (hd);
+ exit (1);
+ }
+ }
+
if (modes[modeidx].aead_init)
{
(*modes[modeidx].aead_init) (hd, buflen, modes[modeidx].authlen);
+ gcry_cipher_final (hd);
err = gcry_cipher_encrypt (hd, outbuf, buflen, buf, buflen);
if (err)
break;
@@ -987,18 +1011,42 @@ cipher_bench ( const char *algoname )
exit (1);
}
}
+
+ if (modes[modeidx].noncelen)
+ {
+ char nonce[100];
+ size_t noncelen;
+
+ noncelen = modes[modeidx].noncelen;
+ if (noncelen > sizeof nonce)
+ noncelen = sizeof nonce;
+ memset (nonce, 42, noncelen);
+ err = gcry_cipher_setiv (hd, nonce, noncelen);
+ if (err)
+ {
+ fprintf (stderr, "gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ gcry_cipher_close (hd);
+ exit (1);
+ }
+ }
+
if (modes[modeidx].aead_init)
{
(*modes[modeidx].aead_init) (hd, buflen, modes[modeidx].authlen);
+ gcry_cipher_final (hd);
err = gcry_cipher_decrypt (hd, outbuf, buflen, buf, buflen);
if (err)
break;
err = gcry_cipher_checktag (hd, outbuf, modes[modeidx].authlen);
if (gpg_err_code (err) == GPG_ERR_CHECKSUM)
- err = gpg_error (GPG_ERR_NO_ERROR);
+ err = 0;
}
else
- err = gcry_cipher_decrypt (hd, outbuf, buflen, buf, buflen);
+ {
+ gcry_cipher_final (hd);
+ err = gcry_cipher_decrypt (hd, outbuf, buflen, buf, buflen);
+ }
}
stop_timer ();
printf (" %s", elapsed_time ());
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +
cipher/Makefile.am | 3 +-
cipher/bufhelp.h | 34 ++++
cipher/cipher-internal.h | 83 +++++++-
cipher/cipher-ocb.c | 495 +++++++++++++++++++++++++++++++++++++++++++++++
cipher/cipher.c | 83 +++++++-
doc/gcrypt.texi | 39 +++-
src/gcrypt.h.in | 8 +-
tests/basic.c | 401 +++++++++++++++++++++++++++++++++++++-
tests/bench-slope.c | 90 +++++++--
tests/benchmark.c | 52 ++++-
11 files changed, 1264 insertions(+), 29 deletions(-)
create mode 100644 cipher/cipher-ocb.c
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jan 19 15:47:34 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 19 Jan 2015 15:47:34 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-33-g7be1b7d
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 7be1b7d8017cb7ebf1a3855edec0ef5e342cc9c5 (commit)
via c5956592c171e6fe988e74161aa99636b7f12e4b (commit)
via 3da53e70b1bbde6b5956e2e5a7a2b0c28ffbe61c (commit)
from 16a1330fa16f6b23e2661c0175c431ab40da45ff (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7be1b7d8017cb7ebf1a3855edec0ef5e342cc9c5
Author: Werner Koch
Date: Mon Jan 19 14:58:06 2015 +0100
kbx: Minor cleanup for the previous fix.
* kbx/keybox-search.c (blob_get_keyid): Rename to
blob_get_first_keyid. Check number of keys and remove blob type check.
--
There is no need to check the blob type. We already know that it is a
key blob type and keyids are used for X.509 and OpenPGP. Also added
check for number of keys because the other parser functions do it as
well.
Signed-off-by: Werner Koch
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 2126ece..0a3ed43 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -79,21 +79,21 @@ blob_get_blob_flags (KEYBOXBLOB blob)
}
+/* Return the first keyid from the blob. Returns true if
+ available. */
static int
-blob_get_keyid (KEYBOXBLOB blob, u32 *kid)
+blob_get_first_keyid (KEYBOXBLOB blob, u32 *kid)
{
const unsigned char *buffer;
- size_t length, keyinfolen;
+ size_t length, nkeys, keyinfolen;
buffer = _keybox_get_blob_image (blob, &length);
if (length < 48)
return 0; /* blob too short */
- if (buffer[4] != KEYBOX_BLOBTYPE_PGP)
- return 0; /* don't know what to do with X.509 blobs */
-
+ nkeys = get16 (buffer + 16);
keyinfolen = get16 (buffer + 18);
- if (keyinfolen < 28)
+ if (!nkeys || keyinfolen < 28)
return 0; /* invalid blob */
kid[0] = get32 (buffer + 32);
@@ -994,7 +994,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
u32 kid[2];
if (desc[n].skipfnc
- && blob_get_keyid (blob, kid)
+ && blob_get_first_keyid (blob, kid)
&& desc[n].skipfnc (desc[n].skipfncvalue, kid, NULL))
break;
}
commit c5956592c171e6fe988e74161aa99636b7f12e4b
Author: Damien Goutte-Gattat
Date: Fri Jan 16 16:56:35 2015 +0100
kbx: Call skipfnc callback to filter out keys
* kbx/keybox-search.c (blob_get_keyid): New.
(keybox-search): Call skipfnc callback function.
--
This patch (tentatively) fixes
GnuPG-bug-id: 1794
The keybox_search function in kbx/keybox-search.c currently ignores
the skipfnc callback, but the validate_key_list function in
g10/trustdb.c uses such a callback to exclude ultimately trusted keys.
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 6e72d0b..2126ece 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -79,6 +79,30 @@ blob_get_blob_flags (KEYBOXBLOB blob)
}
+static int
+blob_get_keyid (KEYBOXBLOB blob, u32 *kid)
+{
+ const unsigned char *buffer;
+ size_t length, keyinfolen;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 48)
+ return 0; /* blob too short */
+
+ if (buffer[4] != KEYBOX_BLOBTYPE_PGP)
+ return 0; /* don't know what to do with X.509 blobs */
+
+ keyinfolen = get16 (buffer + 18);
+ if (keyinfolen < 28)
+ return 0; /* invalid blob */
+
+ kid[0] = get32 (buffer + 32);
+ kid[1] = get32 (buffer + 36);
+
+ return 1;
+}
+
+
/* Return information on the flag WHAT within the blob BUFFER,LENGTH.
Return the offset and the length (in bytes) of the flag in
FLAGOFF,FLAG_SIZE. */
@@ -967,9 +991,12 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
*r_descindex = n;
for (n=any_skip?0:ndesc; n < ndesc; n++)
{
-/* if (desc[n].skipfnc */
-/* && desc[n].skipfnc (desc[n].skipfncvalue, aki, NULL)) */
-/* break; */
+ u32 kid[2];
+
+ if (desc[n].skipfnc
+ && blob_get_keyid (blob, kid)
+ && desc[n].skipfnc (desc[n].skipfncvalue, kid, NULL))
+ break;
}
if (n == ndesc)
break; /* got it */
commit 3da53e70b1bbde6b5956e2e5a7a2b0c28ffbe61c
Author: Werner Koch
Date: Mon Jan 19 11:06:59 2015 +0100
Register DCO for Damien Goutte-Gattat.
--
diff --git a/AUTHORS b/AUTHORS
index 554c10a..58cfdb8 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -170,6 +170,9 @@ Andreas Schwier
Christian Aistleitner
2013-05-26:20130626112332.GA2228 at quelltextlich.at:
+Damien Goutte-Gattat
+2015-01-17:54BA49AA.2040708 at incenp.org:
+
Daniel Kahn Gillmor
2014-09-24:87oau6w9q7.fsf at alice.fifthhorseman.net:
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 3 +++
kbx/keybox-search.c | 33 ++++++++++++++++++++++++++++++---
2 files changed, 33 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jan 19 16:56:33 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 19 Jan 2015 16:56:33 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.18-27-g8adb5ff
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 8adb5ff26062f717619aa816de8b27aa7d40d6c8 (commit)
from ed6287d2e1546ee0f4064675270da003f51e1b39 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8adb5ff26062f717619aa816de8b27aa7d40d6c8
Author: Werner Koch
Date: Mon Jan 19 16:46:05 2015 +0100
Fix a problem with select and high fds.
* cipher/rndlinux.c (rndlinux_gather_random): Check fd before using
FD_SET.
--
If on systems where the maximum number of fds may be dynamically
configured to a value of FD_MAXSIZE or higher and the RNG is first
used after more than FD_SETSIZE-1 descriptors are in use, we disable
the progress messages from the RNG. A better solution would be too
use poll but that requires more tests.
The same problem exists in rndunix.c - however this rng is only used
on old Unices and I assume that they don't feature dynamically
configured maximum fd sizes.
(from Libgcrypt commit 9487099071af4478d2882e633a0ade805801d6fa)
This may fix
GnuPG-bug-id: 1818
diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c
index 9d40f47..709a7ad 100644
--- a/cipher/rndlinux.c
+++ b/cipher/rndlinux.c
@@ -117,28 +117,33 @@ rndlinux_gather_random( void (*add)(const void*, size_t, int), int requester,
#endif
#endif
while( length ) {
+#ifdef FD_SETSIZE
fd_set rfds;
struct timeval tv;
- int rc;
+ int rc;
FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
tv.tv_sec = 3;
tv.tv_usec = 0;
- if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) {
- if( !warn )
+ if (fd < FD_SETSIZE)
+ {
+ FD_SET(fd, &rfds);
+ if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) {
+ if( !warn )
tty_printf(
_("\n"
"Not enough random bytes available. Please do some other work to give\n"
"the OS a chance to collect more entropy! (Need %d more bytes)\n"), (int)length );
- warn = 1;
- continue;
- }
- else if( rc == -1 ) {
- tty_printf(
- "select() error: %s\n", strerror(errno));
- continue;
- }
+ warn = 1;
+ continue;
+ }
+ else if( rc == -1 ) {
+ tty_printf(
+ "select() error: %s\n", strerror(errno));
+ continue;
+ }
+ }
+#endif /*FD_SETSIZE*/
do {
int nbytes = length < sizeof(buffer)? length : sizeof(buffer);
diff --git a/cipher/rndunix.c b/cipher/rndunix.c
index 75cf22e..72905e6 100644
--- a/cipher/rndunix.c
+++ b/cipher/rndunix.c
@@ -290,10 +290,10 @@ static struct RI {
/* This is a complex and screwball program. Some systems have things
* like rX_dmn, x = integer, for RAID systems, but the statistics are
* pretty dodgy */
-#ifdef __QNXNTO__
+#ifdef __QNXNTO__
{ "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3),
NULL, 0, 0, 0, 0 },
-#endif
+#endif
#if 0
/* The following aren't enabled since they're somewhat slow and not very
* unpredictable, however they give an indication of the sort of sources
@@ -625,6 +625,8 @@ slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes )
FD_ZERO(&fds);
for (i = 0; dataSources[i].path != NULL; i++) {
if (dataSources[i].pipe != NULL) {
+ /* FIXME: We need to make sure that PIPEFD is less
+ than FD_SETSIZE. */
FD_SET(dataSources[i].pipeFD, &fds);
moreSources = 1;
}
@@ -707,7 +709,7 @@ start_gatherer( int pipefd )
#else
nmax = 20; /* assume a reasonable value */
#endif
- {
+ {
int fd;
if ((fd = open ("/dev/null", O_RDWR)) != -1) {
dup2 (fd, STDIN_FILENO);
-----------------------------------------------------------------------
Summary of changes:
cipher/rndlinux.c | 29 +++++++++++++++++------------
cipher/rndunix.c | 8 +++++---
2 files changed, 22 insertions(+), 15 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 20 17:07:43 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 20 Jan 2015 17:07:43 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-34-g2a8fe04
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 2a8fe0448d418a54540a2af834647df6254f682a (commit)
from 7be1b7d8017cb7ebf1a3855edec0ef5e342cc9c5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2a8fe0448d418a54540a2af834647df6254f682a
Author: Werner Koch
Date: Tue Jan 20 17:06:50 2015 +0100
artwork: Crop and rename the commonly used logo.
--
diff --git a/artwork/README b/artwork/README
index 5e60ab9..13b8653 100644
--- a/artwork/README
+++ b/artwork/README
@@ -6,8 +6,10 @@ gnupg-logo-new.svg Is the new logo from the logo context.
We actually use the upper right one; the
other elements may still be useful.
+gnupg-logo.svg This is the cropped off version of the above logo.
+
gnupg-logo-new.eps Other versions.
-gnupg-logo-new.ai
+gnupg-logo-new.ai
gnupg-favicon-1.ico Icons for the website (rectangular)
gnupg-favicon-2.ico (round)
diff --git a/artwork/gnupg-logo-new-single.svg b/artwork/gnupg-logo-new-single.svg
deleted file mode 100644
index 7765948..0000000
--- a/artwork/gnupg-logo-new-single.svg
+++ /dev/null
@@ -1,125 +0,0 @@
-
-
-
\ No newline at end of file
diff --git a/artwork/gnupg-logo.svg b/artwork/gnupg-logo.svg
new file mode 100644
index 0000000..c184436
--- /dev/null
+++ b/artwork/gnupg-logo.svg
@@ -0,0 +1,135 @@
+
+
+
+
\ No newline at end of file
-----------------------------------------------------------------------
Summary of changes:
artwork/README | 4 +-
artwork/gnupg-logo-new-single.svg | 125 -----------------------------------
artwork/gnupg-logo.svg | 135 ++++++++++++++++++++++++++++++++++++++
3 files changed, 138 insertions(+), 126 deletions(-)
delete mode 100644 artwork/gnupg-logo-new-single.svg
create mode 100644 artwork/gnupg-logo.svg
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jan 20 21:17:53 2015
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Tue, 20 Jan 2015 21:17:53 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-164-gceaa97f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47 (commit)
from 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47
Author: Jussi Kivilinna
Date: Tue Jan 20 18:54:13 2015 +0200
rijndael: fix wrong ifdef for SSSE3 setkey
* cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI
around SSSE3 setkey selection.
--
Reported-by: Richard H Lee
Signed-off-by: Jussi Kivilinna
diff --git a/cipher/rijndael.c b/cipher/rijndael.c
index 51c36c7..a481e6f 100644
--- a/cipher/rijndael.c
+++ b/cipher/rijndael.c
@@ -325,7 +325,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
else if (ctx->use_aesni)
_gcry_aes_aesni_do_setkey (ctx, key);
#endif
-#ifdef USE_AESNI
+#ifdef USE_SSSE3
else if (ctx->use_ssse3)
_gcry_aes_ssse3_do_setkey (ctx, key);
#endif
-----------------------------------------------------------------------
Summary of changes:
cipher/rijndael.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jan 21 12:45:49 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Jan 2015 12:45:49 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-36-g4d7c9b0
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 4d7c9b0e9aceedd924d600978bc1b6cae7d5c456 (commit)
via aa99ebde778b7b563f35025f1b48954757f840be (commit)
from 2a8fe0448d418a54540a2af834647df6254f682a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4d7c9b0e9aceedd924d600978bc1b6cae7d5c456
Author: Werner Koch
Date: Wed Jan 21 12:42:14 2015 +0100
gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index 6f171aa..dbeec3d 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ Noteworthy changes in version 2.1.2 (unreleased)
* gpg: The parameter 'Passphrase' for batch key generation works
again.
+ * gpg: Using a passphrase option in batch mode now has the expected
+ effect on --quick-gen-key.
+
Noteworthy changes in version 2.1.1 (2014-12-16)
------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 6921fd9..429cc5b 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -571,6 +571,14 @@ If invoked directly on the console without any special options an
answer to a ``Continue?'' style confirmation prompt is required. In
case the user id already exists in the key ring a second prompt to
force the creation of the key will show up.
+
+If this command is used with @option{--batch},
+ at option{--pinentry-mode} has been set to @code{loopback}, and one of
+the passphrase options (@option{--passphrase},
+ at option{--passphrase-fd}, or @option{passphrase-file}) is used, the
+supplied passphrase is used for the new key and the agent does not ask
+for it. To create a key without any protection @code{--passphrase ''}
+may be used.
@end ifset
@item --gen-key
diff --git a/g10/keygen.c b/g10/keygen.c
index a3dbed8..de45d2f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -42,6 +42,7 @@
#include "keyserver-internal.h"
#include "call-agent.h"
#include "pkglue.h"
+#include "../common/shareddefs.h"
/* The default algorithms. If you change them remember to change them
also in gpg.c:gpgconf_list. You should also check that the value
@@ -2816,6 +2817,18 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
return (r && *r->u.value)? r->u.value : NULL;
}
+
+/* This is similar to get_parameter_value but also returns the empty
+ string. This is required so that quick_generate_keypair can use an
+ empty Passphrase to specify no-protection. */
+static const char *
+get_parameter_passphrase (struct para_data_s *para)
+{
+ struct para_data_s *r = get_parameter (para, pPASSPHRASE);
+ return r->u.value;
+}
+
+
static int
get_parameter_algo( struct para_data_s *para, enum para_name key,
int *r_default)
@@ -3496,6 +3509,21 @@ quick_generate_keypair (const char *uid)
DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
DEFAULT_STD_SUBCURVE);
+ /* If the pinentry loopback mode is not and we have a static
+ passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
+ mode), we use that passphrase for the new key. */
+ if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
+ && have_static_passphrase ())
+ {
+ const char *s = get_static_passphrase ();
+
+ r = xmalloc_clear (sizeof *r + strlen (s));
+ r->key = pPASSPHRASE;
+ strcpy (r->u.value, s);
+ r->next = para;
+ para = r;
+ }
+
proc_parameter_file (para, "[internal]", &outctrl, 0);
leave:
release_parameter_list (para);
@@ -3970,7 +3998,7 @@ do_generate_keypair (struct para_data_s *para,
timestamp,
get_parameter_u32( para, pKEYEXPIRE ), 0,
outctrl->keygen_flags,
- get_parameter_value (para, pPASSPHRASE),
+ get_parameter_passphrase (para),
&cache_nonce);
else
err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
@@ -4024,7 +4052,7 @@ do_generate_keypair (struct para_data_s *para,
timestamp,
get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
outctrl->keygen_flags,
- get_parameter_value (para, pPASSPHRASE),
+ get_parameter_passphrase (para),
&cache_nonce);
/* Get the pointer to the generated public subkey packet. */
if (!err)
commit aa99ebde778b7b563f35025f1b48954757f840be
Author: Werner Koch
Date: Wed Jan 21 11:31:20 2015 +0100
gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index f4a6918..6f171aa 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Noteworthy changes in version 2.1.2 (unreleased)
* agent: When setting --default-cache-ttl the value for
--max-cache-ttl is adjusted to be not lower than the former.
+ * gpg: The parameter 'Passphrase' for batch key generation works
+ again.
+
Noteworthy changes in version 2.1.1 (2014-12-16)
------------------------------------------------
diff --git a/agent/agent.h b/agent/agent.h
index c7c65af..4be5925 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -396,7 +396,8 @@ gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
char **r_passphrase);
int agent_genkey (ctrl_t ctrl, const char *cache_nonce,
const char *keyparam, size_t keyparmlen,
- int no_protection, int preset, membuf_t *outbuf);
+ int no_protection, const char *override_passphrase,
+ int preset, membuf_t *outbuf);
gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
char **passphrase_addr);
diff --git a/agent/command.c b/agent/command.c
index da7e508..d5644cb 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -914,22 +914,23 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
static const char hlp_genkey[] =
- "GENKEY [--no-protection] [--preset] []\n"
+ "GENKEY [--no-protection] [--preset] [--inq-passwd] []\n"
"\n"
"Generate a new key, store the secret part and return the public\n"
"part. Here is an example transaction:\n"
"\n"
" C: GENKEY\n"
" S: INQUIRE KEYPARAM\n"
- " C: D (genkey (rsa (nbits 1024)))\n"
+ " C: D (genkey (rsa (nbits 2048)))\n"
" C: END\n"
" S: D (public-key\n"
" S: D (rsa (n 326487324683264) (e 10001)))\n"
" S: OK key created\n"
"\n"
"When the --preset option is used the passphrase for the generated\n"
- "key will be added to the cache.\n"
- "\n";
+ "key will be added to the cache. When --inq-passwd is used an inquire\n"
+ "with the keyword NEWPASSWD is used to request the passphrase for the\n"
+ "new key.\n";
static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line)
{
@@ -938,16 +939,20 @@ cmd_genkey (assuan_context_t ctx, char *line)
int no_protection;
unsigned char *value;
size_t valuelen;
+ unsigned char *newpasswd = NULL;
membuf_t outbuf;
char *cache_nonce = NULL;
int opt_preset;
+ int opt_inq_passwd;
+ size_t n;
char *p;
if (ctrl->restricted)
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
- opt_preset = has_option (line, "--preset");
no_protection = has_option (line, "--no-protection");
+ opt_preset = has_option (line, "--preset");
+ opt_inq_passwd = has_option (line, "--inq-passwd");
line = skip_options (line);
p = line;
@@ -966,8 +971,37 @@ cmd_genkey (assuan_context_t ctx, char *line)
init_membuf (&outbuf, 512);
+ /* If requested, ask for the password to be used for the key. If
+ this is not used the regular Pinentry mechanism is used. */
+ if (opt_inq_passwd && !no_protection)
+ {
+ /* (N is used as a dummy) */
+ assuan_begin_confidential (ctx);
+ rc = assuan_inquire (ctx, "NEWPASSWD", &newpasswd, &n, 256);
+ assuan_end_confidential (ctx);
+ if (rc)
+ goto leave;
+ if (!*newpasswd)
+ {
+ /* Empty password given - switch to no-protection mode. */
+ xfree (newpasswd);
+ newpasswd = NULL;
+ no_protection = 1;
+ }
+
+ }
+
rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection,
- opt_preset, &outbuf);
+ newpasswd, opt_preset, &outbuf);
+
+ leave:
+ if (newpasswd)
+ {
+ /* Assuan_inquire does not allow us to read into secure memory
+ thus we need to wipe it ourself. */
+ wipememory (newpasswd, strlen (newpasswd));
+ xfree (newpasswd);
+ }
xfree (value);
if (rc)
clear_outbuf (&outbuf);
diff --git a/agent/genkey.c b/agent/genkey.c
index 91917f7..d7b6007 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -410,14 +410,16 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
/* Generate a new keypair according to the parameters given in
KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase
using the cache nonce. If NO_PROTECTION is true the key will not
- be protected by a passphrase. */
+ be protected by a passphrase. If OVERRIDE_PASSPHRASE is true that
+ passphrase will be used for the new key. */
int
agent_genkey (ctrl_t ctrl, const char *cache_nonce,
const char *keyparam, size_t keyparamlen, int no_protection,
- int preset, membuf_t *outbuf)
+ const char *override_passphrase, int preset, membuf_t *outbuf)
{
gcry_sexp_t s_keyparam, s_key, s_private, s_public;
- char *passphrase;
+ char *passphrase_buffer = NULL;
+ const char *passphrase;
int rc;
size_t len;
char *buf;
@@ -430,27 +432,35 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
}
/* Get the passphrase now, cause key generation may take a while. */
- if (no_protection || !cache_nonce)
+ if (override_passphrase)
+ passphrase = override_passphrase;
+ else if (no_protection || !cache_nonce)
passphrase = NULL;
else
- passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
+ {
+ passphrase_buffer = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
+ passphrase = passphrase_buffer;
+ }
if (passphrase || no_protection)
- rc = 0;
+ ;
else
- rc = agent_ask_new_passphrase (ctrl,
- _("Please enter the passphrase to%0A"
- "protect your new key"),
- &passphrase);
- if (rc)
- return rc;
+ {
+ rc = agent_ask_new_passphrase (ctrl,
+ _("Please enter the passphrase to%0A"
+ "protect your new key"),
+ &passphrase_buffer);
+ if (rc)
+ return rc;
+ passphrase = passphrase_buffer;
+ }
rc = gcry_pk_genkey (&s_key, s_keyparam );
gcry_sexp_release (s_keyparam);
if (rc)
{
log_error ("key generation failed: %s\n", gpg_strerror (rc));
- xfree (passphrase);
+ xfree (passphrase_buffer);
return rc;
}
@@ -460,7 +470,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
{
log_error ("key generation failed: invalid return value\n");
gcry_sexp_release (s_key);
- xfree (passphrase);
+ xfree (passphrase_buffer);
return gpg_error (GPG_ERR_INV_DATA);
}
s_public = gcry_sexp_find_token (s_key, "public-key", 0);
@@ -469,7 +479,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
log_error ("key generation failed: invalid return value\n");
gcry_sexp_release (s_private);
gcry_sexp_release (s_key);
- xfree (passphrase);
+ xfree (passphrase_buffer);
return gpg_error (GPG_ERR_INV_DATA);
}
gcry_sexp_release (s_key); s_key = NULL;
@@ -503,7 +513,8 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
}
}
}
- xfree (passphrase);
+ xfree (passphrase_buffer);
+ passphrase_buffer = NULL;
passphrase = NULL;
gcry_sexp_release (s_private);
if (rc)
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 36bd0c2..7ac441f 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -1134,6 +1134,13 @@ The @option{--no-protection} option may be used to prevent prompting for a
passphrase to protect the secret key while leaving the secret key unprotected.
The @option{--preset} option may be used to add the passphrase to the cache
using the default cache parameters.
+
+The @option{--inq-passwd} option may be used to create the key with a
+supplied passphrase. When used the agent does an inquiry with the
+keyword @code{NEWPASSWD} to retrieve that passphrase. This option
+takes precedence over @option{--no-protection}; however if the client
+sends a empty (zero-length) passphrase, this is identical to
+ at option{--no-protection}.
@end ifset
@node Agent IMPORT
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 71ffaf8..6921fd9 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3341,17 +3341,13 @@ ignored and instead the usual passphrase dialog is used. This does
not make sense for batch key generation; however the unattended key
generation feature is also used by GUIs and this feature relinquishes
the GUI from implementing its own passphrase entry code. These are
-global control statements and affect all future key genrations.
+global control statements and affect all future key generations.
@end ifclear
@ifset gpgtwoone
This option is a no-op for GnuPG 2.1 and later.
@end ifset
-
@item %no-protection
-Since GnuPG version 2.1 it is not anymore possible to specify a
-passphrase for unattended key generation. The passphrase command is
-simply ignored and @samp{%ask-passpharse} is thus implicitly enabled.
Using this option allows the creation of keys without any passphrase
protection. This option is mainly intended for regression tests.
@@ -3409,8 +3405,8 @@ by running the command @samp{gpg2 --gpgconf-list}".
Key usage lists for a subkey; similar to @samp{Key-Usage}.
@item Passphrase: @var{string}
-If you want to specify a passphrase for the secret key,
-enter it here. Default is not to use any passphrase.
+If you want to specify a passphrase for the secret key, enter it here.
+Default is to use the Pinentry dialog to ask for a passphrase.
@item Name-Real: @var{name}
@itemx Name-Comment: @var{comment}
diff --git a/g10/call-agent.c b/g10/call-agent.c
index a98a177..dc9d157 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1,7 +1,6 @@
/* call-agent.c - Divert GPG operations to the agent.
- * Copyright (C) 2001, 2002, 2003, 2006, 2007, 2008, 2009,
- * 2010, 2011, 2013 Free Software Foundation, Inc.
- * Copyright (C) 2013, 2014 Werner Koch
+ * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
+ * Copyright (C) 2013-2015 Werner Koch
*
* This file is part of GnuPG.
*
@@ -90,6 +89,7 @@ struct genkey_parm_s
{
struct default_inq_parm_s *dflt;
const char *keyparms;
+ const char *passphrase;
};
struct import_key_parm_s
@@ -1737,6 +1737,11 @@ inq_genkey_parms (void *opaque, const char *line)
err = assuan_send_data (parm->dflt->ctx,
parm->keyparms, strlen (parm->keyparms));
}
+ else if (has_leading_keyword (line, "NEWPASSWD") && parm->passphrase)
+ {
+ err = assuan_send_data (parm->dflt->ctx,
+ parm->passphrase, strlen (parm->passphrase));
+ }
else
err = default_inq_cb (parm->dflt, line);
@@ -1747,10 +1752,13 @@ inq_genkey_parms (void *opaque, const char *line)
/* Call the agent to generate a new key. KEYPARMS is the usual
S-expression giving the parameters of the key. gpg-agent passes it
gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
- to protect the generated key. */
+ to protect the generated key. If NO_PROTECTION is not set and
+ PASSPHRASE is not NULL the agent is requested to protect the key
+ with that passphrase instead of asking for one. */
gpg_error_t
agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
- const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey)
+ const char *keyparms, int no_protection,
+ const char *passphrase, gcry_sexp_t *r_pubkey)
{
gpg_error_t err;
struct genkey_parm_s gk_parm;
@@ -1778,8 +1786,11 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
init_membuf (&data, 1024);
gk_parm.dflt = &dfltparm;
gk_parm.keyparms = keyparms;
+ gk_parm.passphrase = passphrase;
snprintf (line, sizeof line, "GENKEY%s%s%s",
- no_protection? " --no-protection":"",
+ no_protection? " --no-protection" :
+ passphrase ? " --inq-passwd" :
+ /* */ "",
cache_nonce_addr && *cache_nonce_addr? " ":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
cn_parm.cache_nonce_addr = cache_nonce_addr;
diff --git a/g10/call-agent.h b/g10/call-agent.h
index bcb5ae9..9c104e8 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -154,6 +154,7 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
/* Generate a new key. */
gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
const char *keyparms, int no_protection,
+ const char *passphrase,
gcry_sexp_t *r_pubkey);
/* Read a public key. */
diff --git a/g10/keygen.c b/g10/keygen.c
index fa466a8..a3dbed8 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1,7 +1,6 @@
/* keygen.c - generate a key pair
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
- * 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 1998-2007, 2009-2011 Free Software Foundation, Inc.
+ * Copyright (C) 2014, 2015 Werner Koch
*
* This file is part of GnuPG.
*
@@ -1287,7 +1286,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
static int
common_gen (const char *keyparms, int algo, const char *algoelem,
kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
- int keygen_flags, char **cache_nonce_addr)
+ int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
PACKET *pkt;
@@ -1295,7 +1294,9 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
gcry_sexp_t s_key;
err = agent_genkey (NULL, cache_nonce_addr, keyparms,
- !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key);
+ !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION),
+ passphrase,
+ &s_key);
if (err)
{
log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
@@ -1353,7 +1354,7 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
static int
gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey,
- int keygen_flags, char **cache_nonce_addr)
+ int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
char *keyparms;
@@ -1394,7 +1395,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
{
err = common_gen (keyparms, algo, "pgy",
pub_root, timestamp, expireval, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@@ -1408,7 +1409,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
static gpg_error_t
gen_dsa (unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey,
- int keygen_flags, char **cache_nonce_addr)
+ int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
unsigned int qbits;
@@ -1481,7 +1482,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
{
err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy",
pub_root, timestamp, expireval, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@@ -1496,7 +1497,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
static gpg_error_t
gen_ecc (int algo, const char *curve, kbnode_t pub_root,
u32 timestamp, u32 expireval, int is_subkey,
- int keygen_flags, char **cache_nonce_addr)
+ int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
gpg_error_t err;
char *keyparms;
@@ -1531,7 +1532,7 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
{
err = common_gen (keyparms, algo, "",
pub_root, timestamp, expireval, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@@ -1545,7 +1546,7 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
static int
gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey,
- int keygen_flags, char **cache_nonce_addr)
+ int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
int err;
char *keyparms;
@@ -1586,7 +1587,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
{
err = common_gen (keyparms, algo, "ne",
pub_root, timestamp, expireval, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
xfree (keyparms);
}
@@ -2724,7 +2725,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
static int
do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
u32 timestamp, u32 expiredate, int is_subkey,
- int keygen_flags, char **cache_nonce_addr)
+ int keygen_flags, const char *passphrase, char **cache_nonce_addr)
{
gpg_error_t err;
@@ -2739,18 +2740,18 @@ do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
if (algo == PUBKEY_ALGO_ELGAMAL_E)
err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_DSA)
err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_RSA)
err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
- keygen_flags, cache_nonce_addr);
+ keygen_flags, passphrase, cache_nonce_addr);
else
BUG();
@@ -2792,6 +2793,8 @@ release_parameter_list (struct para_data_s *r)
for (; r ; r = r2)
{
r2 = r->next;
+ if (r->key == pPASSPHRASE && *r->u.value)
+ wipememory (r->u.value, strlen (r->u.value));
xfree (r);
}
}
@@ -3966,7 +3969,9 @@ do_generate_keypair (struct para_data_s *para,
pub_root,
timestamp,
get_parameter_u32( para, pKEYEXPIRE ), 0,
- outctrl->keygen_flags, &cache_nonce);
+ outctrl->keygen_flags,
+ get_parameter_value (para, pPASSPHRASE),
+ &cache_nonce);
else
err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
×tamp,
@@ -4018,7 +4023,9 @@ do_generate_keypair (struct para_data_s *para,
pub_root,
timestamp,
get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
- outctrl->keygen_flags, &cache_nonce);
+ outctrl->keygen_flags,
+ get_parameter_value (para, pPASSPHRASE),
+ &cache_nonce);
/* Get the pointer to the generated public subkey packet. */
if (!err)
{
@@ -4241,7 +4248,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock)
keyblock, cur_time, expire, 1);
else
err = do_create (algo, nbits, curve,
- keyblock, cur_time, expire, 1, 0, NULL);
+ keyblock, cur_time, expire, 1, 0, NULL, NULL);
if (err)
goto leave;
-----------------------------------------------------------------------
Summary of changes:
NEWS | 6 +++++
agent/agent.h | 3 ++-
agent/command.c | 46 +++++++++++++++++++++++++++-----
agent/genkey.c | 43 ++++++++++++++++++------------
doc/gpg-agent.texi | 7 +++++
doc/gpg.texi | 18 ++++++++-----
g10/call-agent.c | 23 +++++++++++-----
g10/call-agent.h | 1 +
g10/keygen.c | 77 +++++++++++++++++++++++++++++++++++++++---------------
9 files changed, 167 insertions(+), 57 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jan 21 15:26:30 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Jan 2015 15:26:30 +0100
Subject: [git] gnupg-doc - branch, master,
updated. fe1d06f56ce9d637ed66594541d273236f07c941
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via fe1d06f56ce9d637ed66594541d273236f07c941 (commit)
via 46a23a5b7384c2c2ac2a3ff38772d4ea74add976 (commit)
from 1e69a038458b3374d5a3f7df55b39e256b7b3ff3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fe1d06f56ce9d637ed66594541d273236f07c941
Author: Werner Koch
Date: Wed Jan 21 15:26:13 2015 +0100
web: Add a roadmap page
This is not yet linked from the menu.
diff --git a/web/roadmap.org b/web/roadmap.org
new file mode 100644
index 0000000..28dc5b4
--- /dev/null
+++ b/web/roadmap.org
@@ -0,0 +1,59 @@
+#+TITLE: GnuPG - Roadmap
+#+STARTUP: showall
+#+SETUPFILE: "share/setup.inc"
+
+* GnuPG Roadmap
+ :PROPERTIES:
+ :CUSTOM_ID: gnupg
+ :END:
+
+ This page has information on what we plan to do and what new
+ features will go into which version. This is _not_ a list of
+ guaranteed milestones or with fixed release dates. This page should
+ better be viewed as a scratchpad with notes of GnuPG developers.
+
+ The next GnuPG /modern/ release will be 2.1.2 and is planned for
+ January.
+
+** New features in 2.1
+
+ - gpg: The parameter 'Passphrase' for batch key generation works
+ again.
+
+ - gpg: Using a passphrase option in batch mode now has the expected
+ effect on --quick-gen-key.
+
+
+** All things to do
+
+ - Fix flaws in HKPS support
+
+ - Add LDAP keyserver support
+
+ - +Add unattended key generation with passphrase.+
+
+
+
+* Libgcrypt Roadmap
+ :PROPERTIES:
+ :CUSTOM_ID: gcrypt
+ :END:
+
+ Libgcrypt is used by a lot of other projects and thus deserves its
+ own roadmap
+
+
+** Things to be done for Libgcrypt 1.7
+
+ The next release will be 1.7 with a lot of performance improvements
+ and a few new features. Here are the things we want to have before
+ the 1.7.0 release:
+
+ - +Add OCB mode+
+ - Update of the Windows entropy gatherer (rndw32.c)
+
+
+ The rndw32 update is pretty important because it has not seen any
+ updates for years. We need to compare the code against the latest
+ Cryptlib. Updating rndunix could also be done but it is not very
+ important given that all mainstream OS now feature a /dev/random.
commit 46a23a5b7384c2c2ac2a3ff38772d4ea74add976
Author: Werner Koch
Date: Wed Jan 21 15:25:47 2015 +0100
web: Minor updates.
diff --git a/misc/blog.gnupg.org/20150101-happy-gnu-year.org b/misc/blog.gnupg.org/20150101-happy-gnu-year.org
index 38a0ae8..01728ce 100644
--- a/misc/blog.gnupg.org/20150101-happy-gnu-year.org
+++ b/misc/blog.gnupg.org/20150101-happy-gnu-year.org
@@ -70,7 +70,7 @@ small active user base. For a mass use of it we need to add a few
things or start to deploy an easier method for retrieving keys. This
is essential for making mail encryption the default on the net.
-Although the use or proprietary platforms supports the spook?s
+Although the use of proprietary platforms supports the spook?s
surveillance programs, it is a pipe dream to believe that free
operating systems like Linux or FreeBSD can completely replace
Windows, Mac OS, and Android any time soon. Improving our crypto
@@ -87,8 +87,9 @@ algorithms as soon as the needs arises.
As stated in the press release a second full time developer for GnuPG
is required to avoid relying mostly on me. Keep in mind that even
after having secured enough funds it will take some time to find a
-developer and it will also takes some months until s/he is up to my
-maintenance experience. Thus is at all costs required nevertheless.
+developer and it will also take some months until s/he is up to my
+maintenance experience. Nevertheless, we need to bear these
+additional costs.
In general we need to simplify the the user interfaces of most
frontends and make it easier start with and keep on using encryption.
diff --git a/web/index.org b/web/index.org
index d0e2f61..946afff 100644
--- a/web/index.org
+++ b/web/index.org
@@ -77,7 +77,9 @@ you are in good company; GnuPG is one of the tools that Edward Snowden
used to uncover his secrets about the NSA.
Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site to learn how and why you
-should use GnuPG for your electronic communication.
+should use GnuPG for your electronic communication. If you need
+printed leaflets check out [[https://fsfe.org/contribute/spreadtheword.html#gnupg-leaflet][FSFE?s GnuPG leaflet]].
+
* Latest news
#+index: News
diff --git a/web/related_software/swlist.org b/web/related_software/swlist.org
index 8082bdf..1961714 100644
--- a/web/related_software/swlist.org
+++ b/web/related_software/swlist.org
@@ -19,7 +19,7 @@ the software:
** [[http://www.claws-mail.org/][Claws Mail]] [Unix, Windows] MUA
:PROPERTIES:
- :CUSTOM_ID:
+ :CUSTOM_ID: claws
:END:
Is a very nice GTK+ based MUA with full support for GnuPG. The Windows
-----------------------------------------------------------------------
Summary of changes:
misc/blog.gnupg.org/20150101-happy-gnu-year.org | 7 +--
web/index.org | 4 +-
web/related_software/swlist.org | 2 +-
web/roadmap.org | 59 +++++++++++++++++++++++++
4 files changed, 67 insertions(+), 5 deletions(-)
create mode 100644 web/roadmap.org
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jan 21 15:54:24 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Jan 2015 15:54:24 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-37-g091c35e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 091c35ec726a4fa4691c2665b13adee6a34b5b66 (commit)
from 4d7c9b0e9aceedd924d600978bc1b6cae7d5c456 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 091c35ec726a4fa4691c2665b13adee6a34b5b66
Author: Werner Koch
Date: Wed Jan 21 15:54:06 2015 +0100
dirmngr: Fix TLS build problems.
* dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs.
--
This should fix
GnuPG-bug-id: 1813.
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index eaa02a5..2d8d336 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -31,8 +31,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) \
- $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(NPTH_CFLAGS)
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) \
+ $(GPG_ERROR_CFLAGS) $(NPTH_CFLAGS) $(NTBTLS_CFLAGS) \
+ $(LIBGNUTLS_CFLAGS)
+
BUILT_SOURCES = no-libgcrypt.c
-----------------------------------------------------------------------
Summary of changes:
dirmngr/Makefile.am | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jan 21 18:19:17 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Jan 2015 18:19:17 +0100
Subject: [git] gnupg-doc - branch, master,
updated. 3f1715f771cd1b21b032846d7f1ea1666a14b1c7
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 3f1715f771cd1b21b032846d7f1ea1666a14b1c7 (commit)
from fe1d06f56ce9d637ed66594541d273236f07c941 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3f1715f771cd1b21b032846d7f1ea1666a14b1c7
Author: Werner Koch
Date: Wed Jan 21 17:49:26 2015 +0100
web: Add link to source and change date to all pages.
diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el
index 06c43a0..036cf52 100644
--- a/web/share/gpgweb.el
+++ b/web/share/gpgweb.el
@@ -43,7 +43,7 @@
(defun gpgweb-insert-header (title committed-at)
"Insert the header.
-COMMITED-AT is the commit date string of the source file or nil
+COMMITTED-AT is the commit date string of the source file or nil
if not available."
(goto-char (point-min))
(insert "
@@ -269,36 +269,48 @@ org filenames."
"
\n")))))
-(defun gpgweb-insert-footer ()
- (goto-char (point-max))
- (insert "
+(defun gpgweb-insert-footer (htmlfile committed-at blogmode)
+ "Insert the footer.
+
+HTMLFILE is HTML file name and COMMITTED-AT is the commit date
+string of the source file or nil if not available."
+ (let ((srcfile (concat "https://git.gnupg.org/cgi-bin/gitweb.cgi?"
+ "p=gnupg-doc.git;a=blob;f="
+ (if blogmode "misc/blog.gnupg.org" "web")
+ (file-name-sans-extension htmlfile) ".org"))
+ (changed (if (and committed-at (>= (length committed-at) 10))
+ (substring committed-at 0 10)
+ "[unknown]")))
+ (goto-char (point-max))
+ (insert "