From vincent.torri at gmail.com Sat Oct 1 07:34:18 2011 From: vincent.torri at gmail.com (Vincent Torri) Date: Sat, 1 Oct 2011 07:34:18 +0200 Subject: libgpg-error : code-from-errno.h not correctly generated when cross-compiling to Windows on Linux In-Reply-To: <87hb3ugjr7.fsf@vigenere.g10code.de> References: <87hb3ugjr7.fsf@vigenere.g10code.de> Message-ID: On Fri, Sep 30, 2011 at 4:58 PM, Werner Koch wrote: > On Fri, 30 Sep 2011 10:02, vincent.torri at gmail.com said: > > > configuration: ./configure --prefix=/opt/efl --host=x86_64-w64-mingw32 > > --disable-nls --disable-static > I actually have the same problem when cross compiling to win32 : configuration : ./configure --prefix=/opt/efl --host=i686-w64-mingw32 --disable-nls --disable-static exactly the same problem Vincent Torri -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Sun Oct 2 11:04:38 2011 From: wk at gnupg.org (Werner Koch) Date: Sun, 02 Oct 2011 11:04:38 +0200 Subject: libgpg-error : code-from-errno.h not correctly generated when cross-compiling to Windows on Linux In-Reply-To: (Vincent Torri's message of "Fri, 30 Sep 2011 20:43:00 +0200") References: <87hb3ugjr7.fsf@vigenere.g10code.de> Message-ID: <878vp3hihl.fsf@vigenere.g10code.de> On Fri, 30 Sep 2011 20:43, vincent.torri at gmail.com said: > Actually, I need libgcrypt for crypto in gnutls. So it means that, > currently, it's useless to try to compile libgcrypt for win64 ? Don't use it. We do not have an RNG for w64. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From vincent.torri at gmail.com Sun Oct 2 23:32:42 2011 From: vincent.torri at gmail.com (Vincent Torri) Date: Sun, 2 Oct 2011 23:32:42 +0200 Subject: libgpg-error : code-from-errno.h not correctly generated when cross-compiling to Windows on Linux In-Reply-To: References: <87hb3ugjr7.fsf@vigenere.g10code.de> Message-ID: On Sat, Oct 1, 2011 at 7:34 AM, Vincent Torri wrote: > > > On Fri, Sep 30, 2011 at 4:58 PM, Werner Koch wrote: > >> On Fri, 30 Sep 2011 10:02, vincent.torri at gmail.com said: >> >> > configuration: ./configure --prefix=/opt/efl --host=x86_64-w64-mingw32 >> > --disable-nls --disable-static >> > > I actually have the same problem when cross compiling to win32 : > > configuration : ./configure --prefix=/opt/efl --host=i686-w64-mingw32 > --disable-nls --disable-static > > exactly the same problem > Just lookin at the output of ./mkerrcodes, I get: -2147168224 GPG_ERR_EPROTO 1 GPG_ERR_EPERM 2 GPG_ERR_ENOENT etc... So it seems that there is a problem with the fact that GPG_ERR_EPROTO is negative (i think). So integer size overflow. I changed mkerrcodes.c so that it displays an unsigned int. The 2 changes lines are: unsigned int i; ... printf ("%u\t%s\n", err_table[i].err, err_table[i].err_sym); and it works now. regards Vincent -------------- next part -------------- An HTML attachment was scrubbed... URL: From vincent.torri at gmail.com Mon Oct 3 05:02:35 2011 From: vincent.torri at gmail.com (Vincent Torri) Date: Mon, 3 Oct 2011 05:02:35 +0200 Subject: libgpg-error : code-from-errno.h not correctly generated when cross-compiling to Windows on Linux In-Reply-To: References: <87hb3ugjr7.fsf@vigenere.g10code.de> Message-ID: On Sun, Oct 2, 2011 at 11:32 PM, Vincent Torri wrote: > > > On Sat, Oct 1, 2011 at 7:34 AM, Vincent Torri wrote: > >> >> >> On Fri, Sep 30, 2011 at 4:58 PM, Werner Koch wrote: >> >>> On Fri, 30 Sep 2011 10:02, vincent.torri at gmail.com said: >>> >>> > configuration: ./configure --prefix=/opt/efl --host=x86_64-w64-mingw32 >>> > --disable-nls --disable-static >>> >> >> I actually have the same problem when cross compiling to win32 : >> >> configuration : ./configure --prefix=/opt/efl --host=i686-w64-mingw32 >> --disable-nls --disable-static >> >> exactly the same problem >> > > Just lookin at the output of ./mkerrcodes, I get: > > -2147168224 GPG_ERR_EPROTO > 1 GPG_ERR_EPERM > 2 GPG_ERR_ENOENT > etc... > > So it seems that there is a problem with the fact that GPG_ERR_EPROTO is > negative (i think). So integer size overflow. > > I changed mkerrcodes.c so that it displays an unsigned int. The 2 changes > lines are: > > unsigned int i; > that change is not necessary, of course, but as i >= 0 anyway... Vincent Torri > ... > printf ("%u\t%s\n", err_table[i].err, err_table[i].err_sym); > > and it works now. > > regards > > Vincent > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cmouse at youzen.ext.b2.fi Sun Oct 2 15:39:06 2011 From: cmouse at youzen.ext.b2.fi (Aki Tuomi) Date: Sun, 2 Oct 2011 16:39:06 +0300 Subject: libgpg-error : code-from-errno.h not correctly generated when cross-compiling to Windows on Linux In-Reply-To: <878vp3hihl.fsf@vigenere.g10code.de> References: <87hb3ugjr7.fsf@vigenere.g10code.de> <878vp3hihl.fsf@vigenere.g10code.de> Message-ID: <20111002133906.GA12006@pi.ip.fi> On Sun, Oct 02, 2011 at 11:04:38AM +0200, Werner Koch wrote: > On Fri, 30 Sep 2011 20:43, vincent.torri at gmail.com said: > > Actually, I need libgcrypt for crypto in gnutls. So it means that, > > currently, it's useless to try to compile libgcrypt for win64 ? > > Don't use it. We do not have an RNG for w64. > > > Shalom-Salam, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > I thought windows has a PRNG suited for cryptography bundled. Why can't you use that? Aki Tuomi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From wk at gnupg.org Fri Oct 7 10:35:50 2011 From: wk at gnupg.org (Werner Koch) Date: Fri, 07 Oct 2011 10:35:50 +0200 Subject: make check errors In-Reply-To: <1CCAF9A3-64DD-416F-965F-B32F4A885174@1fehr.ch> (Markus Fehr's message of "Fri, 30 Sep 2011 00:36:24 +0200") References: <1CCAF9A3-64DD-416F-965F-B32F4A885174@1fehr.ch> Message-ID: <874nzlb3mh.fsf@vigenere.g10code.de> On Fri, 30 Sep 2011 00:36, mailnov at 1fehr.ch said: > After I compiled netatalk 2.2, I noticed an error message "symbol > gcry_cipher_setkey, version GCRYPT_1.2 not defined in file > libgcrypt.so.11 with link time reference". I then ran make check and > found errors as well. The output looks as fo netatalk tries to pick up a a version of Libgcrypt older than 1.4.2 - check with ldd which libraries are loaded at runtime. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ametzler at downhill.at.eu.org Sun Oct 9 16:23:14 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 9 Oct 2011 16:23:14 +0200 Subject: libgcrypt11 1.5.0 version segfaults with NSS/PAM LDAP (AES-NI) Message-ID: <20111009142314.GB7633@downhill.g.la> Hello, this is http://bugs.debian.org/643336 reported by Marc Dequ?nes, the crash was not easily reproducible with gnutls-cli. The respective system features AES-NI support. cu andreas -------------------------------------------- Package: libgcrypt11 Version: 1.5.0-3 Severity: important Coin, I'm using: - libgnutls26 2.12.10-2 - libldap-2.4-2 2.4.25-3 - libnss-ldap 264-2.2 After an upgrade a mere "id " lead to the following segfault: #0 0xb72011cd in do_aesni_enc_aligned ( a=0xb723a1b8 "\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362?x\253\t\245\021\275]\036\362\r\316?\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004", , b=0xbfb28ad8 "(\335%\267p\213\262\277\004{\343\t", ctx=0xbfb288e8) at rijndael.c:710 #1 do_aesni (ctx=0xbfb288e8, decrypt_flag=0, bx=0xbfb28ad8 "(\335%\267p\213\262\277\004{\343\t", ax=0xb723a1b8 "\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362?x\253\t\245\021\275]\036\362\r\316?\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004", ) at rijndael.c:1132 #2 0xb72014c6 in rijndael_encrypt (context=0xbfb288e8, b=0xbfb28ad8 "(\335%\267p\213\262\277\004{\343\t", a=0xb723a1b8 "\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362?x\253\t\245\021\275]\036\362\r\316?\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004", ) at rijndael.c:1155 #3 0xb7201aa8 in selftest_basic_128 () at rijndael.c:1660 #4 0xb7201657 in selftest () at rijndael.c:1749 #5 do_setkey (keylen=16, key=0x9ff3fa8 "\035\224, keylen=16) at cipher.c:896 #8 0xb71dbe04 in gcry_cipher_setkey (hd=0xa001e10, key=0x9ff3fa8, keylen=16) at visibility.c:521 #9 0xb72faceb in wrap_gcry_cipher_setkey (ctx=0xa001e10, key=0x9ff3fa8, keysize=16) at cipher.c:115 #10 0xb727ea92 in _gnutls_cipher_init (handle=0x9ff485c, cipher=GNUTLS_CIPHER_AES_128_CBC, key=0x9ff4854, iv=0x9ff484c) at gnutls_cipher_int.c:71 #11 0xb7289d05 in _gnutls_init_record_state (read=1, state=0x9ff4844, params=) at gnutls_constate.c:299 #12 0xb728a2c1 in _gnutls_epoch_set_keys (session=0x9ff70c0, epoch=1) at gnutls_constate.c:431 #13 0xb728a997 in _gnutls_write_connection_state_init (session=0x9ff70c0) at gnutls_constate.c:602 #14 0xb7272fdd in _gnutls_send_handshake_final (session=0x9ff70c0, init=1) at gnutls_handshake.c:2888 #15 0xb72765e0 in _gnutls_handshake_common (session=0x9ff70c0) at gnutls_handshake.c:3121 #16 0xb7277fad in gnutls_handshake (session=0x9ff70c0) at gnutls_handshake.c:2690 #17 0xb74bfdac in tlsg_session_accept (session=0x9ff70a8) at tls_g.c:472 #18 0xb74bcd39 in ldap_int_tls_connect (ld=0x9e3ca30, conn=) at tls2.c:358 #19 0xb74bd917 in ldap_int_tls_start (ld=0x9e3ca30, conn=0x9e3c980, srv=0x0) at tls2.c:825 #20 0xb74bdc79 in ldap_install_tls (ld=0x9e3ca30) at tls2.c:897 #21 0xb74dbc1d in ?? () from /lib/libnss_ldap.so.2 #22 0xb74dc251 in ?? () from /lib/libnss_ldap.so.2 #23 0xb74dcaa5 in ?? () from /lib/libnss_ldap.so.2 #24 0xb74dcdf1 in ?? () from /lib/libnss_ldap.so.2 #25 0xb74dd570 in _nss_ldap_getpwnam_r () from /lib/libnss_ldap.so.2 #26 0xb773e495 in getpwnam_r () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #27 0xb773deff in getpwnam () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #28 0x08049594 in ?? () #29 0xb76bee46 in __libc_start_main () from /lib/i386-linux-gnu/i686/cmov/libc.so.6 #30 0x08049b49 in ?? () Backtrace stopped: Not enough registers or memory available to unwind further Reverting to 1.4.6-9 fixed the problem. Regards. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.0.0-1-686-pae (SMP w/8 CPU cores) -------------------------------------------- From mailnov at 1fehr.ch Sun Oct 9 21:30:21 2011 From: mailnov at 1fehr.ch (Markus Fehr) Date: Sun, 9 Oct 2011 21:30:21 +0200 Subject: make check errors In-Reply-To: <874nzlb3mh.fsf@vigenere.g10code.de> References: <1CCAF9A3-64DD-416F-965F-B32F4A885174@1fehr.ch> <874nzlb3mh.fsf@vigenere.g10code.de> Message-ID: <106CACD2-4D11-466E-8F0E-961051706909@1fehr.ch> Perfect! Problem solved: ldd pointed out that it used runtime libraries located in /lib while libgpg-error and libgcrypt were installed to /usr/local/lib Thanks, Markus On 7. Oct 2011, at 10:35, Werner Koch wrote: > On Fri, 30 Sep 2011 00:36, mailnov at 1fehr.ch said: > >> After I compiled netatalk 2.2, I noticed an error message "symbol >> gcry_cipher_setkey, version GCRYPT_1.2 not defined in file >> libgcrypt.so.11 with link time reference". I then ran make check and >> found errors as well. The output looks as fo > > netatalk tries to pick up a a version of Libgcrypt older than 1.4.2 - > check with ldd which libraries are loaded at runtime. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > From wk at gnupg.org Tue Oct 11 10:01:22 2011 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Oct 2011 10:01:22 +0200 Subject: libgcrypt11 1.5.0 version segfaults with NSS/PAM LDAP (AES-NI) In-Reply-To: <20111009142314.GB7633@downhill.g.la> (Andreas Metzler's message of "Sun, 9 Oct 2011 16:23:14 +0200") References: <20111009142314.GB7633@downhill.g.la> Message-ID: <87k48c7y99.fsf@vigenere.g10code.de> On Sun, 9 Oct 2011 16:23, ametzler at downhill.at.eu.org said: > this is http://bugs.debian.org/643336 reported by Marc Dequ?nes, the > crash was not easily reproducible with gnutls-cli. The respective > system features AES-NI support. Please try to break this down to a little test program without LDAP and without GNUTLS. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From kurt.w.heberlein at hp.com Fri Oct 21 18:57:05 2011 From: kurt.w.heberlein at hp.com (Heberlein, Kurt William) Date: Fri, 21 Oct 2011 17:57:05 +0100 Subject: FIPS-186 CAVP verification tests Message-ID: Hi, Does anyone have a good set of tests for running against the RSAVS test vectors? I have been successful writing my own to do the Key Generation tests (validating the result against the openssl tests against the same vectors). The signature generation test, likewise seems to function ok, but I cannot seem to get the signature verification tests to succeed. The verification always fails, even when I know it should succeed. Thanks in advance. Kurt Heberlein Senior Staff Software Engineer 3PAR R&D HP Storage Works Division www.hp.com (510) 668 9441 kurt dot w dot heberlein at-sign hp dot com [cid:image001.png at 01CC8FE8.8D433B80] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 11657 bytes Desc: image001.png URL: From wk at gnupg.org Sat Oct 22 07:05:21 2011 From: wk at gnupg.org (Werner Koch) Date: Sat, 22 Oct 2011 07:05:21 +0200 Subject: FIPS-186 CAVP verification tests In-Reply-To: (Kurt William Heberlein's message of "Fri, 21 Oct 2011 17:57:05 +0100") References: Message-ID: <87zkgtvcoe.fsf@vigenere.g10code.de> On Fri, 21 Oct 2011 18:57, kurt.w.heberlein at hp.com said: > Does anyone have a good set of tests for running against the RSAVS > test vectors? I have been successful writing my own to do the Key Libgcrypt comes with support for the CAVS tests; see tests/cavs_tests.sh . AFAIK the test vectors are not redistributable. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.