From mann.ern.kang at gmail.com Tue May 15 09:55:15 2012 From: mann.ern.kang at gmail.com (Mann Ern Kang) Date: Tue, 15 May 2012 15:55:15 +0800 Subject: Bug: Error using GetProcessWorkingSetSize Message-ID: Hi, The out parameters for the Win32 API call GetProcessWorkingSetSize are defined incorrectly in random/rndw32.c. The parameters minimumWorkingSetSize and maximumWorkingSetSize should be declared to be of type SIZE_T, not DWORD. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms683226%28v=vs.85%29.aspx. On Windows x64, SIZE_T is 64 bits wide, so the call can end up erroneously overwriting part of the stack, causing a crash. Cheers, Mann Ern -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue May 15 13:23:16 2012 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 May 2012 13:23:16 +0200 Subject: Bug: Error using GetProcessWorkingSetSize In-Reply-To: (Mann Ern Kang's message of "Tue, 15 May 2012 15:55:15 +0800") References: Message-ID: <87havhwuvv.fsf@vigenere.g10code.de> On Tue, 15 May 2012 09:55, mann.ern.kang at gmail.com said: > On Windows x64, SIZE_T is 64 bits wide, so the call can end up > erroneously overwriting part of the stack, causing a crash. Again: You may not use Libgcrypt for 64 bit - the RNG is not up to that. Changing the types of certain variables is not a solution. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From mann.ern.kang at gmail.com Tue May 15 14:58:06 2012 From: mann.ern.kang at gmail.com (Mann Ern Kang) Date: Tue, 15 May 2012 20:58:06 +0800 Subject: Bug: Error using GetProcessWorkingSetSize In-Reply-To: <87havhwuvv.fsf@vigenere.g10code.de> References: <87havhwuvv.fsf@vigenere.g10code.de> Message-ID: Ah, my apologies, was not aware of this limitation. Should have checked the mailing list archives first. Thanks for the clarification. Cheers, Mann Ern On Tue, May 15, 2012 at 7:23 PM, Werner Koch wrote: > On Tue, 15 May 2012 09:55, mann.ern.kang at gmail.com said: > > > On Windows x64, SIZE_T is 64 bits wide, so the call can end up > > erroneously overwriting part of the stack, causing a crash. > > Again: You may not use Libgcrypt for 64 bit - the RNG is not up to that. > Changing the types of certain variables is not a solution. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ariga at khaotic.net Thu May 17 07:41:29 2012 From: ariga at khaotic.net (Seiji Ariga) Date: Thu, 17 May 2012 01:41:29 -0400 Subject: SHAxxxWithECDSA Message-ID: libgcrypt does not support, say, SHA384WithECDSA (*1) ? (OID is 1.2.840.10045.4.3.3) I noticed following error message when I ran "gpgsm --import ca-bundle(*2)". ---- gpgsm: unknown hash algorithm `1.2.840.10045.4.3.3' gpgsm: self-signed certificate has a BAD signature: General error gpgsm: basic certificate checks failed - not imported ---- // Seiji Ariga (*1) e.g. "VeriSign Class 3 Public Primary Certification Authority - G4" uses "ecdsaWithSHA384" http://www.verisign.com/support/roots.html (*2) http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 From wk at gnupg.org Thu May 17 10:26:20 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 17 May 2012 10:26:20 +0200 Subject: SHAxxxWithECDSA In-Reply-To: (Seiji Ariga's message of "Thu, 17 May 2012 01:41:29 -0400") References: Message-ID: <87ehqjusb7.fsf@vigenere.g10code.de> On Thu, 17 May 2012 07:41, ariga at khaotic.net said: > libgcrypt does not support, say, SHA384WithECDSA (*1) ? (OID is > 1.2.840.10045.4.3.3) Please try adding this OID to libgcrypt/cipher/sha512.c, oid_spec_sha384. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ariga at khaotic.net Thu May 17 15:40:47 2012 From: ariga at khaotic.net (Seiji Ariga) Date: Thu, 17 May 2012 09:40:47 -0400 (EDT) Subject: gpgsm with elliptic curve algo (Re: SHAxxxWithECDSA) In-Reply-To: <87ehqjusb7.fsf@vigenere.g10code.de> References: <87ehqjusb7.fsf@vigenere.g10code.de> Message-ID: <20120517.094047.69871798809804774.ariga@khaotic.net> Hi. On Thu, 17 May 2012 10:26:20 +0200, Werner Koch wrote, > > libgcrypt does not support, say, SHA384WithECDSA (*1) ? (OID is > > 1.2.840.10045.4.3.3) > Please try adding this OID to libgcrypt/cipher/sha512.c, > oid_spec_sha384. gpgpsm stopped showing "unknown hash algorithm". :-) Now it's producing different error. ---- $ gpgsm --debug-level guru --status-fd 1 --import cert.pem gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing assuan gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 35 3A 65 63 64 73 61 28 31 3A 72 34 38 3A 66 21 0C 18 26 60 5A 38 7B 56 42 E0 A7 FC 36 84 51 91 20 2C 76 4D 43 3D C4 1D 84 23 D0 AC D6 7C 35 06 CE CD 69 BD 90 0D DB 6C 48 42 1D 0E AA 42 29 28 31 3A 73 34 39 3A 00 9C 3D 48 39 23 39 58 1A 15 12 59 6A 9E EF D5 59 B2 1D 52 2C 99 71 CD C7 29 DF 1B 2A 61 7B 71 D1 DE F3 C0 E5 0D 3A 4A AA 2D A7 D8 86 2A DD 2E 10 29 29 28 34 3A 68 61 73 68 36 3A 73 68 61 33 38 34 29 29 gpgsm: DBG: encoded hash: 28 AC 5A D9 30 27 8C BD 27 6E ED 75 21 4D BA 04 EC 8B 1E 19 E6 3E 30 32 4F A1 BD A0 E9 E8 3B F8 E0 78 6E B8 79 2B E4 A7 5B 20 A6 93 B9 F6 21 EF gpgsm: DBG: gcry_pk_verify: Conflicting use gpgsm: self-signed certificate has a BAD signature: Conflicting use gpgsm: DBG: BEGIN Certificate `self-signing cert': gpgsm: DBG: serial: 2F80FE238C0E220F486712289187ACB3 gpgsm: DBG: notBefore: 2007-11-05 00:00:00 gpgsm: DBG: notAfter: 2038-01-18 23:59:59 gpgsm: DBG: issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU=(c) 2007 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US gpgsm: DBG: subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU=(c) 2007 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US gpgsm: DBG: hash algo: 1.2.840.10045.4.3.3 gpgsm: DBG: SHA1 Fingerprint: 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A gpgsm: DBG: END Certificate gpgsm: basic certificate checks failed - not imported [GNUPG:] IMPORT_PROBLEM 1 22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A gpgsm: total number processed: 1 gpgsm: not imported: 1 [GNUPG:] IMPORT_RES 1 0 0 0 0 0 0 0 0 0 0 0 0 1 random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 0/16384 bytes in 0 blocks ---- I guess this is because gcry_pk_verify() fails due to "pubkey algo ECDH != signature algo ECDSA" in gpgsm_check_cert_sig(). src/gcrypt.h ---- enum gcry_pk_algos { [...] GCRY_PK_ECDSA = 301, GCRY_PK_ECDH = 302 }; ---- // Seiji Ariga From komh78 at gmail.com Thu May 31 08:47:08 2012 From: komh78 at gmail.com (KO Myung-Hun) Date: Thu, 31 May 2012 15:47:08 +0900 Subject: [PATCH] Add OS/2 entropy gatherer In-Reply-To: <87fwcjfrgs.fsf@vigenere.g10code.de> References: <1331298485-37379-1-git-send-email-komh@chollian.net> <87vclwy7oq.fsf@vigenere.g10code.de> <4F6BFED7.4020400@gmail.com> <87r4wjyah3.fsf@vigenere.g10code.de> <4F6C4749.2050605@gmail.com> <878vimvcth.fsf@vigenere.g10code.de> <4F799FD8.8040904@chollian.net> <87fwcjfrgs.fsf@vigenere.g10code.de> Message-ID: <4FC713EC.40607@chollian.net> Hi/2. Werner Koch wrote: > On Mon, 2 Apr 2012 14:47, komh78 at gmail.com said: > >> I attach the patch whose commit log message is modified in according to >> doc/HACKING. > > Well, too late: it has already been committed. > > FWIW, The correct format would have been: > > * configure.ac: Add OS/2 entropy gatherer support. > * doc/Makefile.am: Append $(EXEEXT) to the executable. > * random/rand-internal.h (_gcry_rndos2_gather_random): New. > * random/random-csprng.c (getfnc_gather_random): Add OS/2 entropy > gatherer function, _gcry_rndos2_gather_random. > * random/rndos2.c: New file. Implementation of OS/2 entropy gatherer. > * src/hmac256.c: Include io.h > (main): Set stdout to binary mode if needed. > * test/fipsdrv.c: Include io.h and fcntl.h. > > The asterisks are required by the ChnageLog format. If you use Emacs > and Magit, a 'C' in the diff listing inserts a template with filename > etc. > Did you push this ? -- KO Myung-Hun Using Mozilla SeaMonkey 2.0.14 Under OS/2 Warp 4 for Korean with FixPak #15 On Intel Core i5-2520M 2.50GHz with 4GB RAM Korean OS/2 User Community : http://www.ecomstation.co.kr From wk at gnupg.org Thu May 31 09:27:12 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 May 2012 09:27:12 +0200 Subject: [PATCH] Add OS/2 entropy gatherer In-Reply-To: <4FC713EC.40607@chollian.net> (KO Myung-Hun's message of "Thu, 31 May 2012 15:47:08 +0900") References: <1331298485-37379-1-git-send-email-komh@chollian.net> <87vclwy7oq.fsf@vigenere.g10code.de> <4F6BFED7.4020400@gmail.com> <87r4wjyah3.fsf@vigenere.g10code.de> <4F6C4749.2050605@gmail.com> <878vimvcth.fsf@vigenere.g10code.de> <4F799FD8.8040904@chollian.net> <87fwcjfrgs.fsf@vigenere.g10code.de> <4FC713EC.40607@chollian.net> Message-ID: <87pq9kdd4f.fsf@vigenere.g10code.de> On Thu, 31 May 2012 08:47, komh78 at gmail.com said: > Did you push this ? Right now. Thanks for the reminder. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu May 31 14:54:53 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 May 2012 14:54:53 +0200 Subject: [PATCH] Add OS/2 entropy gatherer In-Reply-To: <4FC75C8E.4040109@gmail.com> (KO Myung-Hun's message of "Thu, 31 May 2012 20:57:02 +0900") References: <1331298485-37379-1-git-send-email-komh@chollian.net> <87vclwy7oq.fsf@vigenere.g10code.de> <4F6BFED7.4020400@gmail.com> <87r4wjyah3.fsf@vigenere.g10code.de> <4F6C4749.2050605@gmail.com> <878vimvcth.fsf@vigenere.g10code.de> <4F799FD8.8040904@chollian.net> <87fwcjfrgs.fsf@vigenere.g10code.de> <4FC713EC.40607@chollian.net> <87pq9kdd4f.fsf@vigenere.g10code.de> <4FC75C8E.4040109@gmail.com> Message-ID: <87396gcxya.fsf@vigenere.g10code.de> On Thu, 31 May 2012 13:57, komh78 at gmail.com said: > And I attach other fixes. Pushed > Is it ok to send merge patches to this list ? Sure. They should not be too long, though. 10k is definitely okay; the list?s limit is IIRC 40k. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From komh78 at gmail.com Thu May 31 13:57:02 2012 From: komh78 at gmail.com (KO Myung-Hun) Date: Thu, 31 May 2012 20:57:02 +0900 Subject: [PATCH] Add OS/2 entropy gatherer In-Reply-To: <87pq9kdd4f.fsf@vigenere.g10code.de> References: <1331298485-37379-1-git-send-email-komh@chollian.net> <87vclwy7oq.fsf@vigenere.g10code.de> <4F6BFED7.4020400@gmail.com> <87r4wjyah3.fsf@vigenere.g10code.de> <4F6C4749.2050605@gmail.com> <878vimvcth.fsf@vigenere.g10code.de> <4F799FD8.8040904@chollian.net> <87fwcjfrgs.fsf@vigenere.g10code.de> <4FC713EC.40607@chollian.net> <87pq9kdd4f.fsf@vigenere.g10code.de> Message-ID: <4FC75C8E.4040109@gmail.com> Hi/2. Werner Koch wrote: > On Thu, 31 May 2012 08:47, komh78 at gmail.com said: > >> Did you push this ? > > Right now. Thanks for the reminder. > Thanks. And I attach other fixes. Finally, I have a question. Is it ok to send merge patches to this list ? -- KO Myung-Hun Using Mozilla SeaMonkey 2.0.14 Under OS/2 Warp 4 for Korean with FixPak #15 On Intel Core i5-2520M 2.50GHz with 4GB RAM Korean OS/2 User Community : http://www.ecomstation.co.kr -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Fix-a-potential-crash.patch URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0002-Remove-a-dependency-on-APIs-specific-to-some-OS-2-ve.patch URL: