From jussi.kivilinna at iki.fi Mon Apr 2 11:24:24 2018 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Mon, 02 Apr 2018 12:24:24 +0300 Subject: [PATCH 1/3] Add missing BLAKE2, SM3 and GOSTR3411_CP to MAC-HMAC interface Message-ID: <152266106449.24414.8448147875846664456.stgit@localhost.localdomain> * cipher/mac-hmac.c (map_mac_algo_to_md): Add GOSTR3411_CP, BLAKE2 and SM3. (_gcry_mac_type_spec_hmac_gost3411_cp) (_gcry_mac_type_spec_hmac_blake2b_512) (_gcry_mac_type_spec_hmac_blake2b_384) (_gcry_mac_type_spec_hmac_blake2b_256) (_gcry_mac_type_spec_hmac_blake2b_160) (_gcry_mac_type_spec_hmac_blake2s_256) (_gcry_mac_type_spec_hmac_blake2s_224) (_gcry_mac_type_spec_hmac_blake2s_160) (_gcry_mac_type_spec_hmac_blake2s_128) (_gcry_mac_type_spec_hmac_sm3): New. * cipher/mac-internal.h (_gcry_mac_type_spec_hmac_gost3411_cp) (_gcry_mac_type_spec_hmac_blake2b_512) (_gcry_mac_type_spec_hmac_blake2b_384) (_gcry_mac_type_spec_hmac_blake2b_256) (_gcry_mac_type_spec_hmac_blake2b_160) (_gcry_mac_type_spec_hmac_blake2s_256) (_gcry_mac_type_spec_hmac_blake2s_224) (_gcry_mac_type_spec_hmac_blake2s_160) (_gcry_mac_type_spec_hmac_blake2s_128) (_gcry_mac_type_spec_hmac_sm3): New. * cipher/mac.c (mac_list): Add GOSTR3411_CP, BLAKE2 and SM3. * src/gcrypt.h.in (GCRY_MAC_HMAC_GOSTR3411_CP) (GCRY_MAC_HMAC_BLAKE2B_512, GCRY_MAC_HMAC_BLAKE2B_384) (GCRY_MAC_HMAC_BLAKE2B_256, GCRY_MAC_HMAC_BLAKE2B_160) (GCRY_MAC_HMAC_BLAKE2S_256, GCRY_MAC_HMAC_BLAKE2S_224) (GCRY_MAC_HMAC_BLAKE2S_160, GCRY_MAC_HMAC_BLAKE2S_128) (GCRY_MAC_HMAC_SM3): New. -- Signed-off-by: Jussi Kivilinna --- cipher/mac-hmac.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ cipher/mac-internal.h | 14 +++++++++++ cipher/mac.c | 14 +++++++++++ src/gcrypt.h.in | 10 ++++++++ 4 files changed, 102 insertions(+) diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c index 9379f4b65..86281acdf 100644 --- a/cipher/mac-hmac.c +++ b/cipher/mac-hmac.c @@ -67,10 +67,30 @@ map_mac_algo_to_md (int mac_algo) return GCRY_MD_WHIRLPOOL; case GCRY_MAC_HMAC_GOSTR3411_94: return GCRY_MD_GOSTR3411_94; + case GCRY_MAC_HMAC_GOSTR3411_CP: + return GCRY_MD_GOSTR3411_CP; case GCRY_MAC_HMAC_STRIBOG256: return GCRY_MD_STRIBOG256; case GCRY_MAC_HMAC_STRIBOG512: return GCRY_MD_STRIBOG512; + case GCRY_MAC_HMAC_BLAKE2B_512: + return GCRY_MD_BLAKE2B_512; + case GCRY_MAC_HMAC_BLAKE2B_384: + return GCRY_MD_BLAKE2B_384; + case GCRY_MAC_HMAC_BLAKE2B_256: + return GCRY_MD_BLAKE2B_256; + case GCRY_MAC_HMAC_BLAKE2B_160: + return GCRY_MD_BLAKE2B_160; + case GCRY_MAC_HMAC_BLAKE2S_256: + return GCRY_MD_BLAKE2S_256; + case GCRY_MAC_HMAC_BLAKE2S_224: + return GCRY_MD_BLAKE2S_224; + case GCRY_MAC_HMAC_BLAKE2S_160: + return GCRY_MD_BLAKE2S_160; + case GCRY_MAC_HMAC_BLAKE2S_128: + return GCRY_MD_BLAKE2S_128; + case GCRY_MAC_HMAC_SM3: + return GCRY_MD_SM3; } } @@ -267,6 +287,10 @@ gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_94 = { GCRY_MAC_HMAC_GOSTR3411_94, {0, 0}, "HMAC_GOSTR3411_94", &hmac_ops }; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_cp = { + GCRY_MAC_HMAC_GOSTR3411_CP, {0, 0}, "HMAC_GOSTR3411_CP", + &hmac_ops +}; #endif #ifdef USE_GOST_R_3411_12 gcry_mac_spec_t _gcry_mac_type_spec_hmac_stribog256 = { @@ -315,3 +339,43 @@ gcry_mac_spec_t _gcry_mac_type_spec_hmac_md2 = { &hmac_ops }; #endif +#if USE_BLAKE2 +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_512 = { + GCRY_MAC_HMAC_BLAKE2B_512, {0, 0}, "HMAC_BLAKE2B_512", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_384 = { + GCRY_MAC_HMAC_BLAKE2B_384, {0, 0}, "HMAC_BLAKE2B_384", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_256 = { + GCRY_MAC_HMAC_BLAKE2B_256, {0, 0}, "HMAC_BLAKE2B_256", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_160 = { + GCRY_MAC_HMAC_BLAKE2B_160, {0, 0}, "HMAC_BLAKE2B_160", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_256 = { + GCRY_MAC_HMAC_BLAKE2S_256, {0, 0}, "HMAC_BLAKE2S_256", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_224 = { + GCRY_MAC_HMAC_BLAKE2S_224, {0, 0}, "HMAC_BLAKE2S_224", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_160 = { + GCRY_MAC_HMAC_BLAKE2S_160, {0, 0}, "HMAC_BLAKE2S_160", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_128 = { + GCRY_MAC_HMAC_BLAKE2S_128, {0, 0}, "HMAC_BLAKE2S_128", + &hmac_ops +}; +#endif +#if USE_SM3 +gcry_mac_spec_t _gcry_mac_type_spec_hmac_sm3 = { + GCRY_MAC_HMAC_SM3, {0, 0}, "HMAC_SM3", + &hmac_ops +}; +#endif diff --git a/cipher/mac-internal.h b/cipher/mac-internal.h index 2beb28434..eb5467380 100644 --- a/cipher/mac-internal.h +++ b/cipher/mac-internal.h @@ -142,6 +142,7 @@ extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_sha3_512; #endif #ifdef USE_GOST_R_3411_94 extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_94; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_cp; #endif #ifdef USE_GOST_R_3411_12 extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_stribog256; @@ -162,6 +163,19 @@ extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_md5; #if USE_MD4 extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_md4; #endif +#if USE_BLAKE2 +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_512; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_384; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_256; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_160; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_256; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_224; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_160; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_128; +#endif +#if USE_SM3 +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_sm3; +#endif /* * The CMAC algorithm specifications (mac-cmac.c). diff --git a/cipher/mac.c b/cipher/mac.c index 4a7a47df2..e8e7cebdb 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -49,6 +49,7 @@ static gcry_mac_spec_t * const mac_list[] = { #endif #ifdef USE_GOST_R_3411_94 &_gcry_mac_type_spec_hmac_gost3411_94, + &_gcry_mac_type_spec_hmac_gost3411_cp, #endif #ifdef USE_GOST_R_3411_12 &_gcry_mac_type_spec_hmac_stribog256, @@ -69,6 +70,19 @@ static gcry_mac_spec_t * const mac_list[] = { #if USE_MD4 &_gcry_mac_type_spec_hmac_md4, #endif +#if USE_BLAKE2 + &_gcry_mac_type_spec_hmac_blake2b_512, + &_gcry_mac_type_spec_hmac_blake2b_384, + &_gcry_mac_type_spec_hmac_blake2b_256, + &_gcry_mac_type_spec_hmac_blake2b_160, + &_gcry_mac_type_spec_hmac_blake2s_256, + &_gcry_mac_type_spec_hmac_blake2s_224, + &_gcry_mac_type_spec_hmac_blake2s_160, + &_gcry_mac_type_spec_hmac_blake2s_128, +#endif +#if USE_SM3 + &_gcry_mac_type_spec_hmac_sm3, +#endif #if USE_BLOWFISH &_gcry_mac_type_spec_cmac_blowfish, #endif diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 83f94b687..a1cb15a4c 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1433,6 +1433,16 @@ enum gcry_mac_algos GCRY_MAC_HMAC_SHA3_256 = 116, GCRY_MAC_HMAC_SHA3_384 = 117, GCRY_MAC_HMAC_SHA3_512 = 118, + GCRY_MAC_HMAC_GOSTR3411_CP = 119, + GCRY_MAC_HMAC_BLAKE2B_512 = 120, + GCRY_MAC_HMAC_BLAKE2B_384 = 121, + GCRY_MAC_HMAC_BLAKE2B_256 = 122, + GCRY_MAC_HMAC_BLAKE2B_160 = 123, + GCRY_MAC_HMAC_BLAKE2S_256 = 124, + GCRY_MAC_HMAC_BLAKE2S_224 = 125, + GCRY_MAC_HMAC_BLAKE2S_160 = 126, + GCRY_MAC_HMAC_BLAKE2S_128 = 127, + GCRY_MAC_HMAC_SM3 = 128, GCRY_MAC_CMAC_AES = 201, GCRY_MAC_CMAC_3DES = 202, From jussi.kivilinna at iki.fi Mon Apr 2 11:24:29 2018 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Mon, 02 Apr 2018 12:24:29 +0300 Subject: [PATCH 2/3] Fix building with BLAKE2 disabled In-Reply-To: <152266106449.24414.8448147875846664456.stgit@localhost.localdomain> References: <152266106449.24414.8448147875846664456.stgit@localhost.localdomain> Message-ID: <152266106956.24414.8481702810185408261.stgit@localhost.localdomain> * cipher/md.c (md_setkey): Enclose Blake2 part with USE_BLAKE2. -- Signed-off-by: Jussi Kivilinna --- cipher/md.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cipher/md.c b/cipher/md.c index efbffe18e..f6c1954c7 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -703,6 +703,7 @@ md_setkey (gcry_md_hd_t h, const unsigned char *key, size_t keylen) { switch (r->spec->algo) { +#if USE_BLAKE2 /* TODO? add spec->init_with_key? */ case GCRY_MD_BLAKE2B_512: case GCRY_MD_BLAKE2B_384: @@ -719,6 +720,7 @@ md_setkey (gcry_md_hd_t h, const unsigned char *key, size_t keylen) ? GCRY_MD_FLAG_BUGEMU1:0, key, keylen, r->spec->algo); break; +#endif default: rc = GPG_ERR_DIGEST_ALGO; break; From jussi.kivilinna at iki.fi Mon Apr 2 11:24:34 2018 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Mon, 02 Apr 2018 12:24:34 +0300 Subject: [PATCH 3/3] Faster look-up for spec by algo for digests, ciphers and MAC In-Reply-To: <152266106449.24414.8448147875846664456.stgit@localhost.localdomain> References: <152266106449.24414.8448147875846664456.stgit@localhost.localdomain> Message-ID: <152266107458.24414.7067398873482194716.stgit@localhost.localdomain> * cipher/cipher.c (cipher_list_algo0, cipher_list_algo301): New cipher spec lists with same order and spacing as 'gcry_cipher_algos' enumeration. (spec_from_algo): Use new spec lists for faster look-up. * cipher/mac.c (mac_list_algo101, mac_list_algo201, mac_list_algo401) (mac_list_algo501): New MAC spec lists with same order and spacing as 'gcry_mac_algos' enumeration. (spec_from_algo): Use new spec lists for faster look-up. * cipher/md.c (digest_list_algo0, digest_list_algo301): New digest spec lists with same order and spacing as 'gcry_md_algos' enumeration. (spec_from_algo): Use new spec lists for faster look-up. -- Signed-off-by: Jussi Kivilinna --- cipher/cipher.c | 124 ++++++++++++++++++++++++++- cipher/mac.c | 250 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- cipher/md.c | 155 +++++++++++++++++++++++++++++++++- 3 files changed, 510 insertions(+), 19 deletions(-) diff --git a/cipher/cipher.c b/cipher/cipher.c index 1bef766cb..d6cd0b42e 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -90,6 +90,114 @@ static gcry_cipher_spec_t * const cipher_list[] = NULL }; +/* Cipher implementations starting with index 0 (enum gcry_cipher_algos) */ +static gcry_cipher_spec_t * const cipher_list_algo0[] = + { + NULL, /* GCRY_CIPHER_NONE */ +#ifdef USE_IDEA + &_gcry_cipher_spec_idea, +#else + NULL, +#endif +#if USE_DES + &_gcry_cipher_spec_tripledes, +#else + NULL, +#endif +#if USE_CAST5 + &_gcry_cipher_spec_cast5, +#else + NULL, +#endif +#if USE_BLOWFISH + &_gcry_cipher_spec_blowfish, +#else + NULL, +#endif + NULL, /* GCRY_CIPHER_SAFER_SK128 */ + NULL, /* GCRY_CIPHER_DES_SK */ +#if USE_AES + &_gcry_cipher_spec_aes, + &_gcry_cipher_spec_aes192, + &_gcry_cipher_spec_aes256, +#else + NULL, + NULL, + NULL, +#endif +#if USE_TWOFISH + &_gcry_cipher_spec_twofish +#else + NULL +#endif + }; + +/* Cipher implementations starting with index 301 (enum gcry_cipher_algos) */ +static gcry_cipher_spec_t * const cipher_list_algo301[] = + { +#if USE_ARCFOUR + &_gcry_cipher_spec_arcfour, +#else + NULL, +#endif +#if USE_DES + &_gcry_cipher_spec_des, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_cipher_spec_twofish128, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_cipher_spec_serpent128, + &_gcry_cipher_spec_serpent192, + &_gcry_cipher_spec_serpent256, +#else + NULL, + NULL, + NULL, +#endif +#if USE_RFC2268 + &_gcry_cipher_spec_rfc2268_40, + &_gcry_cipher_spec_rfc2268_128, +#else + NULL, + NULL, +#endif +#if USE_SEED + &_gcry_cipher_spec_seed, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_cipher_spec_camellia128, + &_gcry_cipher_spec_camellia192, + &_gcry_cipher_spec_camellia256, +#else + NULL, + NULL, + NULL, +#endif +#if USE_SALSA20 + &_gcry_cipher_spec_salsa20, + &_gcry_cipher_spec_salsa20r12, +#else + NULL, + NULL, +#endif +#if USE_GOST28147 + &_gcry_cipher_spec_gost28147, +#else + NULL, +#endif +#if USE_CHACHA20 + &_gcry_cipher_spec_chacha20 +#else + NULL, +#endif + }; @@ -105,15 +213,19 @@ map_algo (int algo) static gcry_cipher_spec_t * spec_from_algo (int algo) { - int idx; - gcry_cipher_spec_t *spec; + gcry_cipher_spec_t *spec = NULL; algo = map_algo (algo); - for (idx = 0; (spec = cipher_list[idx]); idx++) - if (algo == spec->algo) - return spec; - return NULL; + if (algo >= 0 && algo < DIM(cipher_list_algo0)) + spec = cipher_list_algo0[algo]; + else if (algo >= 301 && algo < 301 + DIM(cipher_list_algo301)) + spec = cipher_list_algo301[algo - 301]; + + if (spec) + gcry_assert (spec->algo == algo); + + return spec; } diff --git a/cipher/mac.c b/cipher/mac.c index e8e7cebdb..1b79bf315 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -130,6 +130,236 @@ static gcry_mac_spec_t * const mac_list[] = { NULL, }; +/* HMAC implementations start with index 101 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo101[] = + { +#if USE_SHA256 + &_gcry_mac_type_spec_hmac_sha256, + &_gcry_mac_type_spec_hmac_sha224, +#else + NULL, + NULL, +#endif +#if USE_SHA512 + &_gcry_mac_type_spec_hmac_sha512, + &_gcry_mac_type_spec_hmac_sha384, +#else + NULL, + NULL, +#endif +#if USE_SHA1 + &_gcry_mac_type_spec_hmac_sha1, +#else + NULL, +#endif +#if USE_MD5 + &_gcry_mac_type_spec_hmac_md5, +#else + NULL, +#endif +#if USE_MD4 + &_gcry_mac_type_spec_hmac_md4, +#else + NULL, +#endif +#if USE_RMD160 + &_gcry_mac_type_spec_hmac_rmd160, +#else + NULL, +#endif +#if USE_TIGER + &_gcry_mac_type_spec_hmac_tiger1, +#else + NULL, +#endif +#if USE_WHIRLPOOL + &_gcry_mac_type_spec_hmac_whirlpool, +#else + NULL, +#endif +#ifdef USE_GOST_R_3411_94 + &_gcry_mac_type_spec_hmac_gost3411_94, +#else + NULL, +#endif +#ifdef USE_GOST_R_3411_12 + &_gcry_mac_type_spec_hmac_stribog256, + &_gcry_mac_type_spec_hmac_stribog512, +#else + NULL, + NULL, +#endif +#if USE_MD2 + &_gcry_mac_type_spec_hmac_md2, +#else + NULL, +#endif +#if USE_SHA3 + &_gcry_mac_type_spec_hmac_sha3_224, + &_gcry_mac_type_spec_hmac_sha3_256, + &_gcry_mac_type_spec_hmac_sha3_384, + &_gcry_mac_type_spec_hmac_sha3_512, +#else + NULL, + NULL, + NULL, + NULL, +#endif +#ifdef USE_GOST_R_3411_94 + &_gcry_mac_type_spec_hmac_gost3411_cp, +#else + NULL, +#endif +#if USE_BLAKE2 + &_gcry_mac_type_spec_hmac_blake2b_512, + &_gcry_mac_type_spec_hmac_blake2b_384, + &_gcry_mac_type_spec_hmac_blake2b_256, + &_gcry_mac_type_spec_hmac_blake2b_160, + &_gcry_mac_type_spec_hmac_blake2s_256, + &_gcry_mac_type_spec_hmac_blake2s_224, + &_gcry_mac_type_spec_hmac_blake2s_160, + &_gcry_mac_type_spec_hmac_blake2s_128, +#else + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#endif +#if USE_SM3 + &_gcry_mac_type_spec_hmac_sm3 +#else + NULL +#endif + }; + +/* CMAC implementations start with index 201 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo201[] = + { +#if USE_AES + &_gcry_mac_type_spec_cmac_aes, +#else + NULL, +#endif +#if USE_DES + &_gcry_mac_type_spec_cmac_tripledes, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_mac_type_spec_cmac_camellia, +#else + NULL, +#endif +#if USE_CAST5 + &_gcry_mac_type_spec_cmac_cast5, +#else + NULL, +#endif +#if USE_BLOWFISH + &_gcry_mac_type_spec_cmac_blowfish, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_mac_type_spec_cmac_twofish, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_mac_type_spec_cmac_serpent, +#else + NULL, +#endif +#if USE_SEED + &_gcry_mac_type_spec_cmac_seed, +#else + NULL, +#endif +#if USE_RFC2268 + &_gcry_mac_type_spec_cmac_rfc2268, +#else + NULL, +#endif +#ifdef USE_IDEA + &_gcry_mac_type_spec_cmac_idea, +#else + NULL, +#endif +#if USE_GOST28147 + &_gcry_mac_type_spec_cmac_gost28147 +#else + NULL +#endif + }; + +/* GMAC implementations start with index 401 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo401[] = + { +#if USE_AES + &_gcry_mac_type_spec_gmac_aes, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_mac_type_spec_gmac_camellia, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_mac_type_spec_gmac_twofish, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_mac_type_spec_gmac_serpent, +#else + NULL, +#endif +#if USE_SEED + &_gcry_mac_type_spec_gmac_seed +#else + NULL +#endif + }; + +/* Poly1305-MAC implementations start with index 501 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo501[] = + { + &_gcry_mac_type_spec_poly1305mac, +#if USE_AES + &_gcry_mac_type_spec_poly1305mac_aes, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_mac_type_spec_poly1305mac_camellia, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_mac_type_spec_poly1305mac_twofish, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_mac_type_spec_poly1305mac_serpent, +#else + NULL, +#endif +#if USE_SEED + &_gcry_mac_type_spec_poly1305mac_seed +#else + NULL +#endif + }; + + + + /* Explicitly initialize this module. */ gcry_err_code_t _gcry_mac_init (void) @@ -154,13 +384,21 @@ _gcry_mac_init (void) static gcry_mac_spec_t * spec_from_algo (int algo) { - gcry_mac_spec_t *spec; - int idx; + gcry_mac_spec_t *spec = NULL; - for (idx = 0; (spec = mac_list[idx]); idx++) - if (algo == spec->algo) - return spec; - return NULL; + if (algo >= 101 && algo < 101 + DIM(mac_list_algo101)) + spec = mac_list_algo101[algo - 101]; + else if (algo >= 201 && algo < 201 + DIM(mac_list_algo201)) + spec = mac_list_algo201[algo - 201]; + else if (algo >= 401 && algo < 401 + DIM(mac_list_algo401)) + spec = mac_list_algo401[algo - 401]; + else if (algo >= 501 && algo < 501 + DIM(mac_list_algo501)) + spec = mac_list_algo501[algo - 501]; + + if (spec) + gcry_assert (spec->algo == algo); + + return spec; } diff --git a/cipher/md.c b/cipher/md.c index f6c1954c7..47c8cecdd 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -101,6 +101,143 @@ static gcry_md_spec_t * const digest_list[] = NULL }; +/* Digest implementations starting with index 0 (enum gcry_md_algos) */ +static gcry_md_spec_t * const digest_list_algo0[] = + { + NULL, /* GCRY_MD_NONE */ +#if USE_MD5 + &_gcry_digest_spec_md5, +#else + NULL, +#endif +#if USE_SHA1 + &_gcry_digest_spec_sha1, +#else + NULL, +#endif +#if USE_RMD160 + &_gcry_digest_spec_rmd160, +#else + NULL, +#endif + NULL, /* Unused index 4 */ +#if USE_MD2 + &_gcry_digest_spec_md2, +#else + NULL, +#endif +#if USE_TIGER + &_gcry_digest_spec_tiger, +#else + NULL, +#endif + NULL, /* GCRY_MD_HAVAL */ +#if USE_SHA256 + &_gcry_digest_spec_sha256, +#else + NULL, +#endif +#if USE_SHA512 + &_gcry_digest_spec_sha384, + &_gcry_digest_spec_sha512, +#else + NULL, + NULL, +#endif +#if USE_SHA256 + &_gcry_digest_spec_sha224 +#else + NULL +#endif + }; + +/* Digest implementations starting with index 301 (enum gcry_md_algos) */ +static gcry_md_spec_t * const digest_list_algo301[] = + { +#if USE_MD4 + &_gcry_digest_spec_md4, +#else + NULL, +#endif +#if USE_CRC + &_gcry_digest_spec_crc32, + &_gcry_digest_spec_crc32_rfc1510, + &_gcry_digest_spec_crc24_rfc2440, +#else + NULL, + NULL, + NULL, +#endif +#if USE_WHIRLPOOL + &_gcry_digest_spec_whirlpool, +#else + NULL, +#endif +#if USE_TIGER + &_gcry_digest_spec_tiger1, + &_gcry_digest_spec_tiger2, +#else + NULL, + NULL, +#endif +#if USE_GOST_R_3411_94 + &_gcry_digest_spec_gost3411_94, +#else + NULL, +#endif +#if USE_GOST_R_3411_12 + &_gcry_digest_spec_stribog_256, + &_gcry_digest_spec_stribog_512, +#else + NULL, + NULL, +#endif +#if USE_GOST_R_3411_94 + &_gcry_digest_spec_gost3411_cp, +#else + NULL, +#endif +#if USE_SHA3 + &_gcry_digest_spec_sha3_224, + &_gcry_digest_spec_sha3_256, + &_gcry_digest_spec_sha3_384, + &_gcry_digest_spec_sha3_512, + &_gcry_digest_spec_shake128, + &_gcry_digest_spec_shake256, +#else + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#endif +#if USE_BLAKE2 + &_gcry_digest_spec_blake2b_512, + &_gcry_digest_spec_blake2b_384, + &_gcry_digest_spec_blake2b_256, + &_gcry_digest_spec_blake2b_160, + &_gcry_digest_spec_blake2s_256, + &_gcry_digest_spec_blake2s_224, + &_gcry_digest_spec_blake2s_160, + &_gcry_digest_spec_blake2s_128, +#else + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#endif +#if USE_SM3 + &_gcry_digest_spec_sm3 +#else + NULL +#endif + }; + typedef struct gcry_md_list { @@ -118,7 +255,7 @@ struct gcry_md_context size_t actual_handle_size; /* Allocated size of this handle. */ FILE *debug; struct { - unsigned int secure: 1; + unsigned int secure:1; unsigned int finalized:1; unsigned int bugemu1:1; unsigned int hmac:1; @@ -153,15 +290,19 @@ map_algo (int algo) static gcry_md_spec_t * spec_from_algo (int algo) { - int idx; - gcry_md_spec_t *spec; + gcry_md_spec_t *spec = NULL; algo = map_algo (algo); - for (idx = 0; (spec = digest_list[idx]); idx++) - if (algo == spec->algo) - return spec; - return NULL; + if (algo >= 0 && algo < DIM(digest_list_algo0)) + spec = digest_list_algo0[algo]; + else if (algo >= 301 && algo < 301 + DIM(digest_list_algo301)) + spec = digest_list_algo301[algo - 301]; + + if (spec) + gcry_assert (spec->algo == algo); + + return spec; } From cvs at cvs.gnupg.org Tue Apr 10 04:03:49 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 10 Apr 2018 04:03:49 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-60-g0de2a22 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0de2a22fcf6607d0aecb550feefa414cee3731b2 (commit) from 9b58e4a03ba3aeff7bae3f40da706977870c9649 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0de2a22fcf6607d0aecb550feefa414cee3731b2 Author: NIIBE Yutaka Date: Tue Apr 10 11:01:57 2018 +0900 random: Protect another use of jent_rng_collector. * random/rndjent.c (_gcry_rndjent_get_version): Lock the access. Signed-off-by: NIIBE Yutaka diff --git a/random/rndjent.c b/random/rndjent.c index 6e56c8a..0c5a820 100644 --- a/random/rndjent.c +++ b/random/rndjent.c @@ -334,11 +334,13 @@ _gcry_rndjent_get_version (int *r_active) { if (r_active) { + lock_rng (); /* Make sure the RNG is initialized. */ _gcry_rndjent_poll (NULL, 0, 0); /* To ease debugging we store 2 for a clock_gettime based * implementation and 1 for a rdtsc based code. */ *r_active = jent_rng_collector? is_rng_available () : 0; + unlock_rng (); } return jent_version (); } ----------------------------------------------------------------------- Summary of changes: random/rndjent.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Tue Apr 10 21:15:29 2018 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 10 Apr 2018 21:15:29 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-64-g5e01705 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5e01705ca90830c27a4cbd8bad41243915f4538a (commit) via 634a85412a4073aa1890589ce5e97eac7b0f3ca3 (commit) via 35b59d0ea52e8a1c30c43554dc4dbca97da4bf87 (commit) via 52e52eb0e3e5541cfc86e04c5047500db5d538b7 (commit) from 0de2a22fcf6607d0aecb550feefa414cee3731b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e01705ca90830c27a4cbd8bad41243915f4538a Author: Jussi Kivilinna Date: Tue Apr 10 22:14:39 2018 +0300 basic_all_hwfeature_combinations.sh: use $njobs to limit parallel tasks * tests/basic_all_hwfeature_combinations.sh: Use $njobs to limit parallel tasks instead of fixed number "8". -- Signed-off-by: Jussi Kivilinna diff --git a/tests/basic_all_hwfeature_combinations.sh b/tests/basic_all_hwfeature_combinations.sh index 8ec97bf..1387190 100755 --- a/tests/basic_all_hwfeature_combinations.sh +++ b/tests/basic_all_hwfeature_combinations.sh @@ -68,7 +68,7 @@ done | sort | ( while read opts; do currn=$nbasic curr_jobs=($(jobs -p)) - while [ "${#curr_jobs[@]}" -ge "8" ]; do + while [ "${#curr_jobs[@]}" -ge "$njobs" ]; do # Wait for one job to complete wait ${retcodes[$nwait]} retval=$? commit 634a85412a4073aa1890589ce5e97eac7b0f3ca3 Author: Jussi Kivilinna Date: Tue Apr 10 22:03:49 2018 +0300 Faster look-up for spec by algo for digests, ciphers and MAC * cipher/cipher.c (cipher_list_algo0, cipher_list_algo301): New cipher spec lists with same order and spacing as 'gcry_cipher_algos' enumeration. (spec_from_algo): Use new spec lists for faster look-up. * cipher/mac.c (mac_list_algo101, mac_list_algo201, mac_list_algo401) (mac_list_algo501): New MAC spec lists with same order and spacing as 'gcry_mac_algos' enumeration. (spec_from_algo): Use new spec lists for faster look-up. * cipher/md.c (digest_list_algo0, digest_list_algo301): New digest spec lists with same order and spacing as 'gcry_md_algos' enumeration. (spec_from_algo): Use new spec lists for faster look-up. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher.c b/cipher/cipher.c index 1bef766..d6cd0b4 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -90,6 +90,114 @@ static gcry_cipher_spec_t * const cipher_list[] = NULL }; +/* Cipher implementations starting with index 0 (enum gcry_cipher_algos) */ +static gcry_cipher_spec_t * const cipher_list_algo0[] = + { + NULL, /* GCRY_CIPHER_NONE */ +#ifdef USE_IDEA + &_gcry_cipher_spec_idea, +#else + NULL, +#endif +#if USE_DES + &_gcry_cipher_spec_tripledes, +#else + NULL, +#endif +#if USE_CAST5 + &_gcry_cipher_spec_cast5, +#else + NULL, +#endif +#if USE_BLOWFISH + &_gcry_cipher_spec_blowfish, +#else + NULL, +#endif + NULL, /* GCRY_CIPHER_SAFER_SK128 */ + NULL, /* GCRY_CIPHER_DES_SK */ +#if USE_AES + &_gcry_cipher_spec_aes, + &_gcry_cipher_spec_aes192, + &_gcry_cipher_spec_aes256, +#else + NULL, + NULL, + NULL, +#endif +#if USE_TWOFISH + &_gcry_cipher_spec_twofish +#else + NULL +#endif + }; + +/* Cipher implementations starting with index 301 (enum gcry_cipher_algos) */ +static gcry_cipher_spec_t * const cipher_list_algo301[] = + { +#if USE_ARCFOUR + &_gcry_cipher_spec_arcfour, +#else + NULL, +#endif +#if USE_DES + &_gcry_cipher_spec_des, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_cipher_spec_twofish128, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_cipher_spec_serpent128, + &_gcry_cipher_spec_serpent192, + &_gcry_cipher_spec_serpent256, +#else + NULL, + NULL, + NULL, +#endif +#if USE_RFC2268 + &_gcry_cipher_spec_rfc2268_40, + &_gcry_cipher_spec_rfc2268_128, +#else + NULL, + NULL, +#endif +#if USE_SEED + &_gcry_cipher_spec_seed, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_cipher_spec_camellia128, + &_gcry_cipher_spec_camellia192, + &_gcry_cipher_spec_camellia256, +#else + NULL, + NULL, + NULL, +#endif +#if USE_SALSA20 + &_gcry_cipher_spec_salsa20, + &_gcry_cipher_spec_salsa20r12, +#else + NULL, + NULL, +#endif +#if USE_GOST28147 + &_gcry_cipher_spec_gost28147, +#else + NULL, +#endif +#if USE_CHACHA20 + &_gcry_cipher_spec_chacha20 +#else + NULL, +#endif + }; @@ -105,15 +213,19 @@ map_algo (int algo) static gcry_cipher_spec_t * spec_from_algo (int algo) { - int idx; - gcry_cipher_spec_t *spec; + gcry_cipher_spec_t *spec = NULL; algo = map_algo (algo); - for (idx = 0; (spec = cipher_list[idx]); idx++) - if (algo == spec->algo) - return spec; - return NULL; + if (algo >= 0 && algo < DIM(cipher_list_algo0)) + spec = cipher_list_algo0[algo]; + else if (algo >= 301 && algo < 301 + DIM(cipher_list_algo301)) + spec = cipher_list_algo301[algo - 301]; + + if (spec) + gcry_assert (spec->algo == algo); + + return spec; } diff --git a/cipher/mac.c b/cipher/mac.c index e8e7ceb..1b79bf3 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -130,6 +130,236 @@ static gcry_mac_spec_t * const mac_list[] = { NULL, }; +/* HMAC implementations start with index 101 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo101[] = + { +#if USE_SHA256 + &_gcry_mac_type_spec_hmac_sha256, + &_gcry_mac_type_spec_hmac_sha224, +#else + NULL, + NULL, +#endif +#if USE_SHA512 + &_gcry_mac_type_spec_hmac_sha512, + &_gcry_mac_type_spec_hmac_sha384, +#else + NULL, + NULL, +#endif +#if USE_SHA1 + &_gcry_mac_type_spec_hmac_sha1, +#else + NULL, +#endif +#if USE_MD5 + &_gcry_mac_type_spec_hmac_md5, +#else + NULL, +#endif +#if USE_MD4 + &_gcry_mac_type_spec_hmac_md4, +#else + NULL, +#endif +#if USE_RMD160 + &_gcry_mac_type_spec_hmac_rmd160, +#else + NULL, +#endif +#if USE_TIGER + &_gcry_mac_type_spec_hmac_tiger1, +#else + NULL, +#endif +#if USE_WHIRLPOOL + &_gcry_mac_type_spec_hmac_whirlpool, +#else + NULL, +#endif +#ifdef USE_GOST_R_3411_94 + &_gcry_mac_type_spec_hmac_gost3411_94, +#else + NULL, +#endif +#ifdef USE_GOST_R_3411_12 + &_gcry_mac_type_spec_hmac_stribog256, + &_gcry_mac_type_spec_hmac_stribog512, +#else + NULL, + NULL, +#endif +#if USE_MD2 + &_gcry_mac_type_spec_hmac_md2, +#else + NULL, +#endif +#if USE_SHA3 + &_gcry_mac_type_spec_hmac_sha3_224, + &_gcry_mac_type_spec_hmac_sha3_256, + &_gcry_mac_type_spec_hmac_sha3_384, + &_gcry_mac_type_spec_hmac_sha3_512, +#else + NULL, + NULL, + NULL, + NULL, +#endif +#ifdef USE_GOST_R_3411_94 + &_gcry_mac_type_spec_hmac_gost3411_cp, +#else + NULL, +#endif +#if USE_BLAKE2 + &_gcry_mac_type_spec_hmac_blake2b_512, + &_gcry_mac_type_spec_hmac_blake2b_384, + &_gcry_mac_type_spec_hmac_blake2b_256, + &_gcry_mac_type_spec_hmac_blake2b_160, + &_gcry_mac_type_spec_hmac_blake2s_256, + &_gcry_mac_type_spec_hmac_blake2s_224, + &_gcry_mac_type_spec_hmac_blake2s_160, + &_gcry_mac_type_spec_hmac_blake2s_128, +#else + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#endif +#if USE_SM3 + &_gcry_mac_type_spec_hmac_sm3 +#else + NULL +#endif + }; + +/* CMAC implementations start with index 201 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo201[] = + { +#if USE_AES + &_gcry_mac_type_spec_cmac_aes, +#else + NULL, +#endif +#if USE_DES + &_gcry_mac_type_spec_cmac_tripledes, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_mac_type_spec_cmac_camellia, +#else + NULL, +#endif +#if USE_CAST5 + &_gcry_mac_type_spec_cmac_cast5, +#else + NULL, +#endif +#if USE_BLOWFISH + &_gcry_mac_type_spec_cmac_blowfish, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_mac_type_spec_cmac_twofish, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_mac_type_spec_cmac_serpent, +#else + NULL, +#endif +#if USE_SEED + &_gcry_mac_type_spec_cmac_seed, +#else + NULL, +#endif +#if USE_RFC2268 + &_gcry_mac_type_spec_cmac_rfc2268, +#else + NULL, +#endif +#ifdef USE_IDEA + &_gcry_mac_type_spec_cmac_idea, +#else + NULL, +#endif +#if USE_GOST28147 + &_gcry_mac_type_spec_cmac_gost28147 +#else + NULL +#endif + }; + +/* GMAC implementations start with index 401 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo401[] = + { +#if USE_AES + &_gcry_mac_type_spec_gmac_aes, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_mac_type_spec_gmac_camellia, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_mac_type_spec_gmac_twofish, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_mac_type_spec_gmac_serpent, +#else + NULL, +#endif +#if USE_SEED + &_gcry_mac_type_spec_gmac_seed +#else + NULL +#endif + }; + +/* Poly1305-MAC implementations start with index 501 (enum gcry_mac_algos) */ +static gcry_mac_spec_t * const mac_list_algo501[] = + { + &_gcry_mac_type_spec_poly1305mac, +#if USE_AES + &_gcry_mac_type_spec_poly1305mac_aes, +#else + NULL, +#endif +#if USE_CAMELLIA + &_gcry_mac_type_spec_poly1305mac_camellia, +#else + NULL, +#endif +#if USE_TWOFISH + &_gcry_mac_type_spec_poly1305mac_twofish, +#else + NULL, +#endif +#if USE_SERPENT + &_gcry_mac_type_spec_poly1305mac_serpent, +#else + NULL, +#endif +#if USE_SEED + &_gcry_mac_type_spec_poly1305mac_seed +#else + NULL +#endif + }; + + + + /* Explicitly initialize this module. */ gcry_err_code_t _gcry_mac_init (void) @@ -154,13 +384,21 @@ _gcry_mac_init (void) static gcry_mac_spec_t * spec_from_algo (int algo) { - gcry_mac_spec_t *spec; - int idx; + gcry_mac_spec_t *spec = NULL; - for (idx = 0; (spec = mac_list[idx]); idx++) - if (algo == spec->algo) - return spec; - return NULL; + if (algo >= 101 && algo < 101 + DIM(mac_list_algo101)) + spec = mac_list_algo101[algo - 101]; + else if (algo >= 201 && algo < 201 + DIM(mac_list_algo201)) + spec = mac_list_algo201[algo - 201]; + else if (algo >= 401 && algo < 401 + DIM(mac_list_algo401)) + spec = mac_list_algo401[algo - 401]; + else if (algo >= 501 && algo < 501 + DIM(mac_list_algo501)) + spec = mac_list_algo501[algo - 501]; + + if (spec) + gcry_assert (spec->algo == algo); + + return spec; } diff --git a/cipher/md.c b/cipher/md.c index f6c1954..47c8cec 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -101,6 +101,143 @@ static gcry_md_spec_t * const digest_list[] = NULL }; +/* Digest implementations starting with index 0 (enum gcry_md_algos) */ +static gcry_md_spec_t * const digest_list_algo0[] = + { + NULL, /* GCRY_MD_NONE */ +#if USE_MD5 + &_gcry_digest_spec_md5, +#else + NULL, +#endif +#if USE_SHA1 + &_gcry_digest_spec_sha1, +#else + NULL, +#endif +#if USE_RMD160 + &_gcry_digest_spec_rmd160, +#else + NULL, +#endif + NULL, /* Unused index 4 */ +#if USE_MD2 + &_gcry_digest_spec_md2, +#else + NULL, +#endif +#if USE_TIGER + &_gcry_digest_spec_tiger, +#else + NULL, +#endif + NULL, /* GCRY_MD_HAVAL */ +#if USE_SHA256 + &_gcry_digest_spec_sha256, +#else + NULL, +#endif +#if USE_SHA512 + &_gcry_digest_spec_sha384, + &_gcry_digest_spec_sha512, +#else + NULL, + NULL, +#endif +#if USE_SHA256 + &_gcry_digest_spec_sha224 +#else + NULL +#endif + }; + +/* Digest implementations starting with index 301 (enum gcry_md_algos) */ +static gcry_md_spec_t * const digest_list_algo301[] = + { +#if USE_MD4 + &_gcry_digest_spec_md4, +#else + NULL, +#endif +#if USE_CRC + &_gcry_digest_spec_crc32, + &_gcry_digest_spec_crc32_rfc1510, + &_gcry_digest_spec_crc24_rfc2440, +#else + NULL, + NULL, + NULL, +#endif +#if USE_WHIRLPOOL + &_gcry_digest_spec_whirlpool, +#else + NULL, +#endif +#if USE_TIGER + &_gcry_digest_spec_tiger1, + &_gcry_digest_spec_tiger2, +#else + NULL, + NULL, +#endif +#if USE_GOST_R_3411_94 + &_gcry_digest_spec_gost3411_94, +#else + NULL, +#endif +#if USE_GOST_R_3411_12 + &_gcry_digest_spec_stribog_256, + &_gcry_digest_spec_stribog_512, +#else + NULL, + NULL, +#endif +#if USE_GOST_R_3411_94 + &_gcry_digest_spec_gost3411_cp, +#else + NULL, +#endif +#if USE_SHA3 + &_gcry_digest_spec_sha3_224, + &_gcry_digest_spec_sha3_256, + &_gcry_digest_spec_sha3_384, + &_gcry_digest_spec_sha3_512, + &_gcry_digest_spec_shake128, + &_gcry_digest_spec_shake256, +#else + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#endif +#if USE_BLAKE2 + &_gcry_digest_spec_blake2b_512, + &_gcry_digest_spec_blake2b_384, + &_gcry_digest_spec_blake2b_256, + &_gcry_digest_spec_blake2b_160, + &_gcry_digest_spec_blake2s_256, + &_gcry_digest_spec_blake2s_224, + &_gcry_digest_spec_blake2s_160, + &_gcry_digest_spec_blake2s_128, +#else + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#endif +#if USE_SM3 + &_gcry_digest_spec_sm3 +#else + NULL +#endif + }; + typedef struct gcry_md_list { @@ -118,7 +255,7 @@ struct gcry_md_context size_t actual_handle_size; /* Allocated size of this handle. */ FILE *debug; struct { - unsigned int secure: 1; + unsigned int secure:1; unsigned int finalized:1; unsigned int bugemu1:1; unsigned int hmac:1; @@ -153,15 +290,19 @@ map_algo (int algo) static gcry_md_spec_t * spec_from_algo (int algo) { - int idx; - gcry_md_spec_t *spec; + gcry_md_spec_t *spec = NULL; algo = map_algo (algo); - for (idx = 0; (spec = digest_list[idx]); idx++) - if (algo == spec->algo) - return spec; - return NULL; + if (algo >= 0 && algo < DIM(digest_list_algo0)) + spec = digest_list_algo0[algo]; + else if (algo >= 301 && algo < 301 + DIM(digest_list_algo301)) + spec = digest_list_algo301[algo - 301]; + + if (spec) + gcry_assert (spec->algo == algo); + + return spec; } commit 35b59d0ea52e8a1c30c43554dc4dbca97da4bf87 Author: Jussi Kivilinna Date: Tue Apr 10 22:03:49 2018 +0300 Fix building with BLAKE2 disabled * cipher/md.c (md_setkey): Enclose Blake2 part with USE_BLAKE2. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/md.c b/cipher/md.c index efbffe1..f6c1954 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -703,6 +703,7 @@ md_setkey (gcry_md_hd_t h, const unsigned char *key, size_t keylen) { switch (r->spec->algo) { +#if USE_BLAKE2 /* TODO? add spec->init_with_key? */ case GCRY_MD_BLAKE2B_512: case GCRY_MD_BLAKE2B_384: @@ -719,6 +720,7 @@ md_setkey (gcry_md_hd_t h, const unsigned char *key, size_t keylen) ? GCRY_MD_FLAG_BUGEMU1:0, key, keylen, r->spec->algo); break; +#endif default: rc = GPG_ERR_DIGEST_ALGO; break; commit 52e52eb0e3e5541cfc86e04c5047500db5d538b7 Author: Jussi Kivilinna Date: Tue Apr 10 22:03:49 2018 +0300 Add missing BLAKE2, SM3 and GOSTR3411_CP to MAC-HMAC interface * cipher/mac-hmac.c (map_mac_algo_to_md): Add GOSTR3411_CP, BLAKE2 and SM3. (_gcry_mac_type_spec_hmac_gost3411_cp) (_gcry_mac_type_spec_hmac_blake2b_512) (_gcry_mac_type_spec_hmac_blake2b_384) (_gcry_mac_type_spec_hmac_blake2b_256) (_gcry_mac_type_spec_hmac_blake2b_160) (_gcry_mac_type_spec_hmac_blake2s_256) (_gcry_mac_type_spec_hmac_blake2s_224) (_gcry_mac_type_spec_hmac_blake2s_160) (_gcry_mac_type_spec_hmac_blake2s_128) (_gcry_mac_type_spec_hmac_sm3): New. * cipher/mac-internal.h (_gcry_mac_type_spec_hmac_gost3411_cp) (_gcry_mac_type_spec_hmac_blake2b_512) (_gcry_mac_type_spec_hmac_blake2b_384) (_gcry_mac_type_spec_hmac_blake2b_256) (_gcry_mac_type_spec_hmac_blake2b_160) (_gcry_mac_type_spec_hmac_blake2s_256) (_gcry_mac_type_spec_hmac_blake2s_224) (_gcry_mac_type_spec_hmac_blake2s_160) (_gcry_mac_type_spec_hmac_blake2s_128) (_gcry_mac_type_spec_hmac_sm3): New. * cipher/mac.c (mac_list): Add GOSTR3411_CP, BLAKE2 and SM3. * src/gcrypt.h.in (GCRY_MAC_HMAC_GOSTR3411_CP) (GCRY_MAC_HMAC_BLAKE2B_512, GCRY_MAC_HMAC_BLAKE2B_384) (GCRY_MAC_HMAC_BLAKE2B_256, GCRY_MAC_HMAC_BLAKE2B_160) (GCRY_MAC_HMAC_BLAKE2S_256, GCRY_MAC_HMAC_BLAKE2S_224) (GCRY_MAC_HMAC_BLAKE2S_160, GCRY_MAC_HMAC_BLAKE2S_128) (GCRY_MAC_HMAC_SM3): New. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c index 9379f4b..86281ac 100644 --- a/cipher/mac-hmac.c +++ b/cipher/mac-hmac.c @@ -67,10 +67,30 @@ map_mac_algo_to_md (int mac_algo) return GCRY_MD_WHIRLPOOL; case GCRY_MAC_HMAC_GOSTR3411_94: return GCRY_MD_GOSTR3411_94; + case GCRY_MAC_HMAC_GOSTR3411_CP: + return GCRY_MD_GOSTR3411_CP; case GCRY_MAC_HMAC_STRIBOG256: return GCRY_MD_STRIBOG256; case GCRY_MAC_HMAC_STRIBOG512: return GCRY_MD_STRIBOG512; + case GCRY_MAC_HMAC_BLAKE2B_512: + return GCRY_MD_BLAKE2B_512; + case GCRY_MAC_HMAC_BLAKE2B_384: + return GCRY_MD_BLAKE2B_384; + case GCRY_MAC_HMAC_BLAKE2B_256: + return GCRY_MD_BLAKE2B_256; + case GCRY_MAC_HMAC_BLAKE2B_160: + return GCRY_MD_BLAKE2B_160; + case GCRY_MAC_HMAC_BLAKE2S_256: + return GCRY_MD_BLAKE2S_256; + case GCRY_MAC_HMAC_BLAKE2S_224: + return GCRY_MD_BLAKE2S_224; + case GCRY_MAC_HMAC_BLAKE2S_160: + return GCRY_MD_BLAKE2S_160; + case GCRY_MAC_HMAC_BLAKE2S_128: + return GCRY_MD_BLAKE2S_128; + case GCRY_MAC_HMAC_SM3: + return GCRY_MD_SM3; } } @@ -267,6 +287,10 @@ gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_94 = { GCRY_MAC_HMAC_GOSTR3411_94, {0, 0}, "HMAC_GOSTR3411_94", &hmac_ops }; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_cp = { + GCRY_MAC_HMAC_GOSTR3411_CP, {0, 0}, "HMAC_GOSTR3411_CP", + &hmac_ops +}; #endif #ifdef USE_GOST_R_3411_12 gcry_mac_spec_t _gcry_mac_type_spec_hmac_stribog256 = { @@ -315,3 +339,43 @@ gcry_mac_spec_t _gcry_mac_type_spec_hmac_md2 = { &hmac_ops }; #endif +#if USE_BLAKE2 +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_512 = { + GCRY_MAC_HMAC_BLAKE2B_512, {0, 0}, "HMAC_BLAKE2B_512", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_384 = { + GCRY_MAC_HMAC_BLAKE2B_384, {0, 0}, "HMAC_BLAKE2B_384", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_256 = { + GCRY_MAC_HMAC_BLAKE2B_256, {0, 0}, "HMAC_BLAKE2B_256", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_160 = { + GCRY_MAC_HMAC_BLAKE2B_160, {0, 0}, "HMAC_BLAKE2B_160", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_256 = { + GCRY_MAC_HMAC_BLAKE2S_256, {0, 0}, "HMAC_BLAKE2S_256", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_224 = { + GCRY_MAC_HMAC_BLAKE2S_224, {0, 0}, "HMAC_BLAKE2S_224", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_160 = { + GCRY_MAC_HMAC_BLAKE2S_160, {0, 0}, "HMAC_BLAKE2S_160", + &hmac_ops +}; +gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_128 = { + GCRY_MAC_HMAC_BLAKE2S_128, {0, 0}, "HMAC_BLAKE2S_128", + &hmac_ops +}; +#endif +#if USE_SM3 +gcry_mac_spec_t _gcry_mac_type_spec_hmac_sm3 = { + GCRY_MAC_HMAC_SM3, {0, 0}, "HMAC_SM3", + &hmac_ops +}; +#endif diff --git a/cipher/mac-internal.h b/cipher/mac-internal.h index 2beb284..eb54673 100644 --- a/cipher/mac-internal.h +++ b/cipher/mac-internal.h @@ -142,6 +142,7 @@ extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_sha3_512; #endif #ifdef USE_GOST_R_3411_94 extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_94; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_gost3411_cp; #endif #ifdef USE_GOST_R_3411_12 extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_stribog256; @@ -162,6 +163,19 @@ extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_md5; #if USE_MD4 extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_md4; #endif +#if USE_BLAKE2 +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_512; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_384; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_256; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2b_160; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_256; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_224; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_160; +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_blake2s_128; +#endif +#if USE_SM3 +extern gcry_mac_spec_t _gcry_mac_type_spec_hmac_sm3; +#endif /* * The CMAC algorithm specifications (mac-cmac.c). diff --git a/cipher/mac.c b/cipher/mac.c index 4a7a47d..e8e7ceb 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -49,6 +49,7 @@ static gcry_mac_spec_t * const mac_list[] = { #endif #ifdef USE_GOST_R_3411_94 &_gcry_mac_type_spec_hmac_gost3411_94, + &_gcry_mac_type_spec_hmac_gost3411_cp, #endif #ifdef USE_GOST_R_3411_12 &_gcry_mac_type_spec_hmac_stribog256, @@ -69,6 +70,19 @@ static gcry_mac_spec_t * const mac_list[] = { #if USE_MD4 &_gcry_mac_type_spec_hmac_md4, #endif +#if USE_BLAKE2 + &_gcry_mac_type_spec_hmac_blake2b_512, + &_gcry_mac_type_spec_hmac_blake2b_384, + &_gcry_mac_type_spec_hmac_blake2b_256, + &_gcry_mac_type_spec_hmac_blake2b_160, + &_gcry_mac_type_spec_hmac_blake2s_256, + &_gcry_mac_type_spec_hmac_blake2s_224, + &_gcry_mac_type_spec_hmac_blake2s_160, + &_gcry_mac_type_spec_hmac_blake2s_128, +#endif +#if USE_SM3 + &_gcry_mac_type_spec_hmac_sm3, +#endif #if USE_BLOWFISH &_gcry_mac_type_spec_cmac_blowfish, #endif diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 83f94b6..a1cb15a 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1433,6 +1433,16 @@ enum gcry_mac_algos GCRY_MAC_HMAC_SHA3_256 = 116, GCRY_MAC_HMAC_SHA3_384 = 117, GCRY_MAC_HMAC_SHA3_512 = 118, + GCRY_MAC_HMAC_GOSTR3411_CP = 119, + GCRY_MAC_HMAC_BLAKE2B_512 = 120, + GCRY_MAC_HMAC_BLAKE2B_384 = 121, + GCRY_MAC_HMAC_BLAKE2B_256 = 122, + GCRY_MAC_HMAC_BLAKE2B_160 = 123, + GCRY_MAC_HMAC_BLAKE2S_256 = 124, + GCRY_MAC_HMAC_BLAKE2S_224 = 125, + GCRY_MAC_HMAC_BLAKE2S_160 = 126, + GCRY_MAC_HMAC_BLAKE2S_128 = 127, + GCRY_MAC_HMAC_SM3 = 128, GCRY_MAC_CMAC_AES = 201, GCRY_MAC_CMAC_3DES = 202, ----------------------------------------------------------------------- Summary of changes: cipher/cipher.c | 124 +++++++++++++- cipher/mac-hmac.c | 64 ++++++++ cipher/mac-internal.h | 14 ++ cipher/mac.c | 264 +++++++++++++++++++++++++++++- cipher/md.c | 157 +++++++++++++++++- src/gcrypt.h.in | 10 ++ tests/basic_all_hwfeature_combinations.sh | 2 +- 7 files changed, 615 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Wed Apr 11 01:52:18 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 11 Apr 2018 01:52:18 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-65-g3e3b520 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 3e3b520fb32a37c5c23762531a7b3168e112ac36 (commit) from 5e01705ca90830c27a4cbd8bad41243915f4538a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e3b520fb32a37c5c23762531a7b3168e112ac36 Author: NIIBE Yutaka Date: Wed Apr 11 08:45:22 2018 +0900 hmac: Use xtrymalloc. * src/hmac256.c (_gcry_hmac256_new): Use xtrymalloc. (_gcry_hmac256_file): Likewise. -- Don't require config.h but stdint.h for STANDALONE. Drop STANDALONE support for WindowsCE. GnuPG-bug-id: 3877 Signed-off-by: NIIBE Yutaka diff --git a/src/hmac256.c b/src/hmac256.c index ca1eb75..2d66079 100644 --- a/src/hmac256.c +++ b/src/hmac256.c @@ -24,8 +24,7 @@ internal consistency checks. It should not be used for sensitive data because no mechanisms to clear the stack etc are used. - This module may be used standalone and requires only a few - standard definitions to be provided in a config.h file. + This module may be used standalone. Types: @@ -46,7 +45,19 @@ for testing this included module. */ +#ifdef STANDALONE +#include +#define HAVE_U32_TYPEDEF 1 +typedef uint32_t u32; +#define VERSION "standalone" +/* For GCC, we can detect endianness. If not GCC, please define manually. */ +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#define WORDS_BIGENDIAN 1 +#endif +#else #include +#endif + #include #include #include @@ -56,13 +67,11 @@ # include /* We need setmode(). */ #endif -/* For a native WindowsCE binary we need to include gpg-error.h to - provide a replacement for strerror. In other cases we need a - replacement macro for gpg_err_set_errno. */ -#ifdef __MINGW32CE__ -# include +#ifdef STANDALONE +#define xtrymalloc(a) malloc((a)) +#define gpg_err_set_errno(a) (errno = (a)) #else -# define gpg_err_set_errno(a) (errno = (a)) +#include "g10lib.h" #endif #include "hmac256.h" @@ -296,7 +305,7 @@ _gcry_hmac256_new (const void *key, size_t keylen) { hmac256_context_t hd; - hd = malloc (sizeof *hd); + hd = xtrymalloc (sizeof *hd); if (!hd) return NULL; @@ -469,7 +478,7 @@ _gcry_hmac256_file (void *result, size_t resultsize, const char *filename, } buffer_size = 32768; - buffer = malloc (buffer_size); + buffer = xtrymalloc (buffer_size); if (!buffer) { fclose (fp); ----------------------------------------------------------------------- Summary of changes: src/hmac256.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From dkg at fifthhorseman.net Fri Apr 13 21:20:40 2018 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 13 Apr 2018 15:20:40 -0400 Subject: potential changes to random number generation for libgcrypt Message-ID: <87d0z2ud4n.fsf@fifthhorseman.net> Hey libgcrypt developers, and debian libgcrypt maintainers-- I've just opened a discussion about random number generation: https://dev.gnupg.org/T3894 I'd appreciate any review, as i'm aware that RNGs are very delicate things, and we want to be conservative and careful with them. If the proposal i'm making in this bug report is problematic, i'd like to know! I think it actually solves problems for users of modern systems, and acts as an incentive against sketchy behavior that might otherwise bypass the kernel's own concept of whether it has received sufficent entropy to start a PRNG. Feedback very much welcome, either to me privately, on-list here, or on the ticket. All the best, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From wk at gnupg.org Sat Apr 14 11:09:54 2018 From: wk at gnupg.org (Werner Koch) Date: Sat, 14 Apr 2018 11:09:54 +0200 Subject: potential changes to random number generation for libgcrypt In-Reply-To: <87d0z2ud4n.fsf@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 13 Apr 2018 15:20:40 -0400") References: <87d0z2ud4n.fsf@fifthhorseman.net> Message-ID: <87k1tam9wd.fsf@wheatstone.g10code.de> On Fri, 13 Apr 2018 21:20, dkg at fifthhorseman.net said: > I think it actually solves problems for users of modern systems, and > acts as an incentive against sketchy behavior that might otherwise > bypass the kernel's own concept of whether it has received sufficent The problem I see with this proposal is that it is Linux specific. /dev/random is not a Linux specific device but fortunately implemented by many OSes. The exact properties differ slightly and that is why we need to be very cautious on assumptions on its properties. Right, the getrandom syscall is currently Linux specific but it might be implemented by other OS too (iirc OpenBSD has a getrandom call even longer). Further there is no guarantee that Libgcrypt or gpg are only used on modern Linux kernels. In fact old Linux versions are still in widespread use. As portable software Libgcrypt and GnuPG can't assume that everything is Linux and thus I consider it a distribution thing to tweak the installation. In particular adding "only-urandom" to /etc/gcrypt/random.con can easily be done by the distribution as the distro maintainers known which Linux version they install. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From cvs at cvs.gnupg.org Tue Apr 17 17:25:19 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 17 Apr 2018 17:25:19 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-66-ge7ae0ae Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e7ae0ae243c8978a67c802169183187d88557be8 (commit) from 3e3b520fb32a37c5c23762531a7b3168e112ac36 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e7ae0ae243c8978a67c802169183187d88557be8 Author: Werner Koch Date: Tue Apr 17 17:15:30 2018 +0200 mpi: Fix for buidling for MIPS64 with Clang * mpi/longlong.h [MIPS64][__clang__]: Use the C version like we already do for 32 bit MIPS. -- GnuPG-bug-id: 3915 Signed-off-by: Werner Koch diff --git a/mpi/longlong.h b/mpi/longlong.h index 0a5acb6..d6958f3 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -890,7 +890,8 @@ extern USItype __udiv_qrnnd (); ************** MIPS/64 ************** ***************************************/ #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64 -# if (__GNUC__ >= 5) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4) +# if defined (__clang__) || (__GNUC__ >= 5) || (__GNUC__ == 4 && \ + __GNUC_MINOR__ >= 4) typedef unsigned int UTItype __attribute__ ((mode (TI))); # define umul_ppmm(w1, w0, u, v) \ do { \ ----------------------------------------------------------------------- Summary of changes: mpi/longlong.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From dkg at fifthhorseman.net Tue Apr 17 21:59:19 2018 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 17 Apr 2018 12:59:19 -0700 Subject: potential changes to random number generation for libgcrypt In-Reply-To: <87k1tam9wd.fsf@wheatstone.g10code.de> References: <87d0z2ud4n.fsf@fifthhorseman.net> <87k1tam9wd.fsf@wheatstone.g10code.de> Message-ID: <87a7u1ppt4.fsf@fifthhorseman.net> On Sat 2018-04-14 11:09:54 +0200, Werner Koch wrote: > On Fri, 13 Apr 2018 21:20, dkg at fifthhorseman.net said: > >> I think it actually solves problems for users of modern systems, and >> acts as an incentive against sketchy behavior that might otherwise >> bypass the kernel's own concept of whether it has received sufficent > > The problem I see with this proposal is that it is Linux specific. > /dev/random is not a Linux specific device but fortunately implemented > by many OSes. The exact properties differ slightly and that is why we > need to be very cautious on assumptions on its properties. Right, the > getrandom syscall is currently Linux specific but it might be > implemented by other OS too (iirc OpenBSD has a getrandom call even > longer). Yes, this proposal is Linux-specific. The proposed patch has *no* effect on non-Linux systems. Why is this a problem? This is an important platform that it is worthwhile to optimize for. > Further there is no guarantee that Libgcrypt or gpg are only used on > modern Linux kernels. In fact old Linux versions are still in > widespread use. right, that's why the libgcrypt code already propose falls through at runtime if the kernel doesn't support getrandom(). My proposed patch doesn't change that either. If the running kernel doesn't support getrandom(), then the gcrypt code will fall back to reading from the underlying character devices. > As portable software Libgcrypt and GnuPG can't assume that everything is > Linux and thus I consider it a distribution thing to tweak the > installation. In particular adding "only-urandom" to > /etc/gcrypt/random.con can easily be done by the distribution as the > distro maintainers known which Linux version they install. This proposed solution is problematic. As you say above, it's possible that gcrypt is run on a system whose kernel does not support getrandom(). If the decision is made at distribution time to set "only-urandom", but then the kernel changes underneath the distribution (e.g. booting from a hardware-vendor-supplied kernel), then the "only-urandom" setting could cause the code to read from /dev/urandom, which is capable of providing pseudorandom data before the kernel's entropy pool is initialized. This can lead to generation of predictable long-term secrets (e.g. RSA public keys that are breakable by internet-wide gcd factorization), which is a super bad outcome. Rather than recommending that distributions make a compile- or packaging-time decision about whether to assume that the kernel has getrandom() available, the better choice is for gcrypt to make that decision at runtime, based on the current kernel. I believe that's what my proposal does, while leaving untouched the semantics and behavior of gcrypt on other platforms (and on Linux kernels that do not support getrandom()). If you think that's not the effect of the proposed patch, i'd be grateful for any corrections. --dkg From nmav at gnutls.org Wed Apr 18 10:37:01 2018 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 18 Apr 2018 10:37:01 +0200 Subject: potential changes to random number generation for libgcrypt In-Reply-To: <87a7u1ppt4.fsf@fifthhorseman.net> References: <87d0z2ud4n.fsf@fifthhorseman.net> <87k1tam9wd.fsf@wheatstone.g10code.de> <87a7u1ppt4.fsf@fifthhorseman.net> Message-ID: On Tue, Apr 17, 2018 at 9:59 PM, Daniel Kahn Gillmor wrote: > On Sat 2018-04-14 11:09:54 +0200, Werner Koch wrote: >> On Fri, 13 Apr 2018 21:20, dkg at fifthhorseman.net said: >> >>> I think it actually solves problems for users of modern systems, and >>> acts as an incentive against sketchy behavior that might otherwise >>> bypass the kernel's own concept of whether it has received sufficent >> >> The problem I see with this proposal is that it is Linux specific. >> /dev/random is not a Linux specific device but fortunately implemented >> by many OSes. The exact properties differ slightly and that is why we >> need to be very cautious on assumptions on its properties. Right, the >> getrandom syscall is currently Linux specific but it might be >> implemented by other OS too (iirc OpenBSD has a getrandom call even >> longer). > > Yes, this proposal is Linux-specific. The proposed patch has *no* > effect on non-Linux systems. Why is this a problem? This is an > important platform that it is worthwhile to optimize for. > >> Further there is no guarantee that Libgcrypt or gpg are only used on >> modern Linux kernels. In fact old Linux versions are still in >> widespread use. > > right, that's why the libgcrypt code already propose falls through at > runtime if the kernel doesn't support getrandom(). My proposed patch > doesn't change that either. If the running kernel doesn't support > getrandom(), then the gcrypt code will fall back to reading from the > underlying character devices. > >> As portable software Libgcrypt and GnuPG can't assume that everything is >> Linux and thus I consider it a distribution thing to tweak the >> installation. In particular adding "only-urandom" to >> /etc/gcrypt/random.con can easily be done by the distribution as the >> distro maintainers known which Linux version they install. > > This proposed solution is problematic. As you say above, it's possible > that gcrypt is run on a system whose kernel does not support > getrandom(). If the decision is made at distribution time to set > "only-urandom", but then the kernel changes underneath the distribution > (e.g. booting from a hardware-vendor-supplied kernel), then the > "only-urandom" setting could cause the code to read from /dev/urandom, > which is capable of providing pseudorandom data before the kernel's > entropy pool is initialized. I concur in that. The distributor has often only knowledge of the default kernel available for this distribution. Whether the administrator downgrades/upgrades the kernel that is outside the distributor's control. Even worse you can have full distributions running inside containers, having for example ubuntu running on centos (i.e., with centos kernel). That means that if the bucket passes to distributions, distributions will pass it to administrator. The administrator him/herself it is very unlikely that he knows anything about getrandom/urandom or whether the application he relies on uses libgcrypt. As such, if you'd like to address that issue, the only way seems to be detecting the kernel capabilities on run-time. regards, Nikos From jussi.kivilinna at iki.fi Fri Apr 20 17:53:21 2018 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 20 Apr 2018 18:53:21 +0300 Subject: cross compile libgcrypt for dm500 In-Reply-To: References: Message-ID: <19fd3c57-0c5d-756e-5cbb-dd7bafa8c869@iki.fi> Hello, On 19.04.2018 12:15, disit wrote: > Hi Jussi, > I am trying to cross compile libgcrypt for my STB receiver Dreambox 500s > (PowerPc CPU). > I am using the official toolchain for this STB, which features a very old > gcc compiler indeed (3.4.4), but I am forced to do so for compatibility > issues. > > This is the configure I am using > > CC=/opt/cross/dm500/cdk/bin/powerpc-tuxbox-linux-gnu-gcc CFLAGS="-Wall > -mcpu=405 -msoft-float -mmultiple -mstring -meabi -pipe -O2 -ggdb3 > -DHAVE_DREAMBOX_HARDWARE" ./configure --host=powerpc-unknown-linux-gnu > --enable-static --with-libgpg-error-prefix=/opt/cross/gnupg/libgpg-error/ > --prefix=/opt/cross/gnupg/libgcrypt --disable-asm > > Though, I am getting an error and don't know how to solve: > > libtool: link: /opt/cross/dm500/cdk/bin/powerpc-tuxbox-linux-gnu-gcc > -I/opt/cross/gnupg/libgpg-error/include -Wall -mcpu=405 -msoft-float > -mmultiple -mstring -meabi -pipe -O2 -ggdb3 -DHAVE_DREAMBOX_HARDWARE -Wall > -o basic basic.o ../src/.libs/libgcrypt.so ../compat/.libs/libcompat.a > -L/opt/cross/gnupg/libgpg-error/lib > /opt/cross/gnupg/libgpg-error/lib/libgpg-error.so > -Wl,-rpath -Wl,/opt/gnupg/libgcrypt-1.8.2/src/.libs -Wl,-rpath > -Wl,/opt/cross/gnupg/libgpg-error/lib -Wl,-rpath > -Wl,/opt/cross/gnupg/libgcrypt/lib > -Wl,-rpath -Wl,/opt/cross/gnupg/libgpg-error/lib > basic.o(.rodata+0xa01cc): undefined reference to `.LC3075' > collect2: ld returned 1 exit status > Makefile:608: recipe for target 'basic' failed > make[2]: *** [basic] Error 1 > make[2]: Leaving directory '/opt/gnupg/libgcrypt-1.8.2/tests' > Makefile:477: recipe for target 'all-recursive' failed > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory '/opt/gnupg/libgcrypt-1.8.2' > Makefile:408: recipe for target 'all' failed > make: *** [all] Error 2 > > Do you have idea how to solve? This might be compiler bug. 'basic' test ends up being quite large, so maybe generated code hits some internal limit in gcc-3.4.4. Have you tried different optimization levels, -O0, -O1, -Os, etc? -Jussi From dirk.eibach at gdsys.cc Wed Apr 25 14:09:06 2018 From: dirk.eibach at gdsys.cc (dirk.eibach at gdsys.cc) Date: Wed, 25 Apr 2018 14:09:06 +0200 Subject: [PATCH] mpi: Fix powerpc32 build Message-ID: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> From: Dirk Eibach The ENTRY macro is called with C format parameter. Adding a second underscore breaks the build. Signed-off-by: Dirk Eibach --- mpi/powerpc32/syntax.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/mpi/powerpc32/syntax.h b/mpi/powerpc32/syntax.h index 5d4af9f0..fa69b64b 100644 --- a/mpi/powerpc32/syntax.h +++ b/mpi/powerpc32/syntax.h @@ -45,10 +45,10 @@ #define CALL_MCOUNT /* no profiling */ #define ENTRY(name) \ - ASM_GLOBAL_DIRECTIVE C_SYMBOL_NAME(name); \ - ASM_TYPE_DIRECTIVE (C_SYMBOL_NAME(name), at function) \ + ASM_GLOBAL_DIRECTIVE name; \ + ASM_TYPE_DIRECTIVE (name, at function) \ .align ALIGNARG(2); \ - C_LABEL(name) \ + name: \ CALL_MCOUNT #define EALIGN_W_0 /* No words to insert. */ @@ -63,11 +63,11 @@ /* EALIGN is like ENTRY, but does alignment to 'words'*4 bytes past a 2^align boundary. */ #define EALIGN(name, alignt, words) \ - ASM_GLOBAL_DIRECTIVE C_SYMBOL_NAME(name); \ - ASM_TYPE_DIRECTIVE (C_SYMBOL_NAME(name), at function) \ + ASM_GLOBAL_DIRECTIVE name; \ + ASM_TYPE_DIRECTIVE (name, at function) \ .align ALIGNARG(alignt); \ EALIGN_W_##words; \ - C_LABEL(name) + name: #undef END #define END(name) \ -- 2.16.3 From andre at amorim.me Wed Apr 25 15:37:07 2018 From: andre at amorim.me (Andre Amorim) Date: Wed, 25 Apr 2018 14:37:07 +0100 Subject: [PATCH] mpi: Fix powerpc32 build In-Reply-To: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> References: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> Message-ID: I do understand 4 bit maths On 25 April 2018 at 13:09, wrote: > From: Dirk Eibach > > The ENTRY macro is called with C format parameter. > Adding a second underscore breaks the build. > > Signed-off-by: Dirk Eibach > --- > mpi/powerpc32/syntax.h | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/mpi/powerpc32/syntax.h b/mpi/powerpc32/syntax.h > index 5d4af9f0..fa69b64b 100644 > --- a/mpi/powerpc32/syntax.h > +++ b/mpi/powerpc32/syntax.h > @@ -45,10 +45,10 @@ > #define CALL_MCOUNT /* no profiling */ > > #define ENTRY(name) \ > - ASM_GLOBAL_DIRECTIVE C_SYMBOL_NAME(name); \ > - ASM_TYPE_DIRECTIVE (C_SYMBOL_NAME(name), at function) \ > + ASM_GLOBAL_DIRECTIVE name; \ > + ASM_TYPE_DIRECTIVE (name, at function) \ > .align ALIGNARG(2); \ > - C_LABEL(name) \ > + name: \ > CALL_MCOUNT > > #define EALIGN_W_0 /* No words to insert. */ > @@ -63,11 +63,11 @@ > /* EALIGN is like ENTRY, but does alignment to 'words'*4 bytes > past a 2^align boundary. */ > #define EALIGN(name, alignt, words) \ > - ASM_GLOBAL_DIRECTIVE C_SYMBOL_NAME(name); \ > - ASM_TYPE_DIRECTIVE (C_SYMBOL_NAME(name), at function) \ > + ASM_GLOBAL_DIRECTIVE name; \ > + ASM_TYPE_DIRECTIVE (name, at function) \ > .align ALIGNARG(alignt); \ > EALIGN_W_##words; \ > - C_LABEL(name) > + name: > > #undef END > #define END(name) \ > -- > 2.16.3 > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Wed Apr 25 17:54:01 2018 From: wk at gnupg.org (Werner Koch) Date: Wed, 25 Apr 2018 17:54:01 +0200 Subject: [PATCH] mpi: Fix powerpc32 build In-Reply-To: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> (dirk eibach's message of "Wed, 25 Apr 2018 14:09:06 +0200") References: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> Message-ID: <874ljzcmee.fsf@wheatstone.g10code.de> On Wed, 25 Apr 2018 14:09, dirk.eibach at gdsys.cc said: > The ENTRY macro is called with C format parameter. > Adding a second underscore breaks the build. This code has not been changed for ages. Thus I am wondering why you see a build problem only now. Well, I can't remember that I ever used a powerpc32 box and this leads to the question why you start to use powerpc32 now. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From dirk.eibach at googlemail.com Wed Apr 25 18:33:36 2018 From: dirk.eibach at googlemail.com (Dirk Eibach) Date: Wed, 25 Apr 2018 16:33:36 +0000 Subject: [PATCH] mpi: Fix powerpc32 build In-Reply-To: <874ljzcmee.fsf@wheatstone.g10code.de> References: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> <874ljzcmee.fsf@wheatstone.g10code.de> Message-ID: Hi Werner, Werner Koch schrieb am Mi., 25. Apr. 2018, 17:54: > On Wed, 25 Apr 2018 14:09, dirk.eibach at gdsys.cc said: > > > The ENTRY macro is called with C format parameter. > > Adding a second underscore breaks the build. > > This code has not been changed for ages. Thus I am wondering why you > see a build problem only now. Well, I can't remember that I ever used a > powerpc32 box and this leads to the question why you start to use > powerpc32 now. > We are using ppc32 for ages but require gcrypt just now. I saw that the code has not been changed for ages. But if you have a look at the assembler code it is pretty obvious that it cannot work this way: EALIGN(_gcry_mpih_add_n,3,0) and END(_gcry_mpih_add_n) both start the parameter with an underscore. EALIGN adds another underscore while END does not. Cheers Dirk -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk.eibach at gdsys.cc Thu Apr 26 08:39:31 2018 From: dirk.eibach at gdsys.cc (Dirk Eibach) Date: Thu, 26 Apr 2018 08:39:31 +0200 Subject: [PATCH] mpi: Fix powerpc32 build In-Reply-To: <874ljzcmee.fsf@wheatstone.g10code.de> References: <1524658146-19509-1-git-send-email-dirk.eibach@gdsys.cc> <874ljzcmee.fsf@wheatstone.g10code.de> Message-ID: Hi Werner, sorry my last try to reply got HTML encoded and had the wrong sender address. Using android for sending emails is probably not a wise choice m( 2018-04-25 17:54 GMT+02:00 Werner Koch : > On Wed, 25 Apr 2018 14:09, dirk.eibach at gdsys.cc said: > >> The ENTRY macro is called with C format parameter. >> Adding a second underscore breaks the build. > > This code has not been changed for ages. Thus I am wondering why you > see a build problem only now. Well, I can't remember that I ever used a > powerpc32 box and this leads to the question why you start to use > powerpc32 now. We are using ppc32 in our products for ages. This is simply the first time we need libgcrypt. I saw that the code has not been changed for ages. But if you have a look at syntax.h, it is pretty obvious that it cannot work this way. EALIGN adds another underscore while END does not. But they are called (e.g. inmpih-add1.S) with EALIGN(_gcry_mpih_add_n,3,0) and END(_gcry_mpih_add_n). Both start the parameter with an underscore. After passing the preprocessor this results in: .globl __gcry_mpih_add_n; .type __gcry_mpih_add_n, at function; .align 3; ; __gcry_mpih_add_n: ... .size _gcry_mpih_add_n,.-_gcry_mpih_add_n This leads to Error: .size expression for _gcry_mpih_add_n does not evaluate to a constant Cheers Dirk From HeikoStamer at gmx.net Fri Apr 27 18:38:09 2018 From: HeikoStamer at gmx.net (Heiko Stamer) Date: Fri, 27 Apr 2018 18:38:09 +0200 Subject: Bug in internal function is_prime() from cipher/primegen.c Message-ID: <5bc1f442-1797-1899-8d99-f25cb2133030@gmx.net> Hey libgcrypt developers, during my regular tests on Distributed Privacy Guard [1] I've spotted a bug in the internal function is_prime() from cipher/primegen.c: my program dkg-keycheck [2] calls gcry_prime_check(mpi, 0), which, in some rare cases, triggers an assertion that kills the application: Ohhhh jeeee: Assertion `_gcry_mpi_cmp( (x), (nminus1) ) < 0 && _gcry_mpi_cmp_ui( (x), (1) ) > 0' failed ([redacted]/libgcrypt-1.7.8/cipher/primegen.c:951:is_prime) First, let's have a look at the following lines of libgcrypt: { _gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM ); /* Make sure that the number is smaller than the prime and keep the randomness of the high bit. */ if ( mpi_test_bit ( x, nbits-2) ) { mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */ } else { mpi_set_highbit( x, nbits-2 ); mpi_clear_bit( x, nbits-2 ); } gcry_assert (mpi_cmp (x, nminus1) < 0 && mpi_cmp_ui (x, 1) > 0); } I guess the second part of the assertion is triggered, because the internal function _gcry_mpi_randomize() and the following lines does not prevent that x is 0 or 1. Right? If the checked mpi is a small number (say 65537), then it is more likely that this happens. I am not sure whether this bug has any serious security implications (e.g. DoS attacks), however, it should be fixed anyway. Regards, Heiko. [1] https://www.nongnu.org/dkgpg/ [2] http://git.savannah.nongnu.org/cgit/dkgpg.git/tree/src/dkg-keycheck.cc From dkg at fifthhorseman.net Sat Apr 28 00:13:29 2018 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 27 Apr 2018 18:13:29 -0400 Subject: potential changes to random number generation for libgcrypt In-Reply-To: <87a7u1ppt4.fsf@fifthhorseman.net> References: <87d0z2ud4n.fsf@fifthhorseman.net> <87k1tam9wd.fsf@wheatstone.g10code.de> <87a7u1ppt4.fsf@fifthhorseman.net> Message-ID: <87k1ssfgc6.fsf@fifthhorseman.net> On Tue 2018-04-17 12:59:19 -0700, Daniel Kahn Gillmor wrote: > Rather than recommending that distributions make a compile- or > packaging-time decision about whether to assume that the kernel has > getrandom() available, the better choice is for gcrypt to make that > decision at runtime, based on the current kernel. > > I believe that's what my proposal does, while leaving untouched the > semantics and behavior of gcrypt on other platforms (and on Linux > kernels that do not support getrandom()). Can i get some feedback on the proposed patch? Is there missing analysis, or faulty reasoning in the rationale for it? If it's acceptable, i'd like to try to get it merged. If it's not acceptable, i'd like to understand what's wrong with it. thanks for taking the time to think this through, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From wk at gnupg.org Sat Apr 28 18:37:43 2018 From: wk at gnupg.org (Werner Koch) Date: Sat, 28 Apr 2018 18:37:43 +0200 Subject: Bug in internal function is_prime() from cipher/primegen.c In-Reply-To: <5bc1f442-1797-1899-8d99-f25cb2133030@gmx.net> (Heiko Stamer's message of "Fri, 27 Apr 2018 18:38:09 +0200") References: <5bc1f442-1797-1899-8d99-f25cb2133030@gmx.net> Message-ID: <87bme3b82w.fsf@wheatstone.g10code.de> Hi! On Fri, 27 Apr 2018 18:38, HeikoStamer at gmx.net said: > I guess the second part of the assertion is triggered, because the > internal function _gcry_mpi_randomize() and the following lines does not > prevent that x is 0 or 1. Right? Ack. > If the checked mpi is a small number (say 65537), then it is more likely > that this happens. I am not sure whether this bug has any serious > security implications (e.g. DoS attacks), however, it should be fixed I don't think that this is a security problem. In fact an assert is there to prevent this ;-). What do you think of the attached fix? Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-prime-Avoid-rare-assertion-failure-in-gcry_prime_che.patch Type: text/x-diff Size: 2282 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From HeikoStamer at gmx.net Sun Apr 29 09:50:11 2018 From: HeikoStamer at gmx.net (Heiko Stamer) Date: Sun, 29 Apr 2018 09:50:11 +0200 Subject: Bug in internal function is_prime() from cipher/primegen.c In-Reply-To: <87bme3b82w.fsf@wheatstone.g10code.de> References: <5bc1f442-1797-1899-8d99-f25cb2133030@gmx.net> <87bme3b82w.fsf@wheatstone.g10code.de> Message-ID: <1c8da64d-4f00-36b8-7f32-a32e19ebb8fd@gmx.net> Hi Werner, first, thank you for the quick response. Am 28.04.2018 um 18:37 schrieb Werner Koch: >> If the checked mpi is a small number (say 65537), then it is more likely >> that this happens. I am not sure whether this bug has any serious >> security implications (e.g. DoS attacks), however, it should be fixed > > I don't think that this is a security problem. In fact an assert is > there to prevent this ;-). When I was writing this I thought of a client-server protocol, where the server checks the input of the client using gcry_prime_check(). Then a malicious client could force the server to abort irregularly. > What do you think of the attached fix? I think it should work. However, I was not able to test this yet. Bests, Heiko. From cvs at cvs.gnupg.org Sun Apr 29 18:09:24 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 29 Apr 2018 18:09:24 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-68-g61dbb7c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062 (commit) via f3362f10f6f671246c38115ed12b0047966c200e (commit) from e7ae0ae243c8978a67c802169183187d88557be8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062 Author: Werner Koch Date: Sun Apr 29 18:01:24 2018 +0200 build: Convince gcc not to delete NULL ptr checks. * configure.ac: Try to use -fno-delete-null-pointer-checks. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 330485f..3cb0b35 100644 --- a/configure.ac +++ b/configure.ac @@ -1885,8 +1885,19 @@ AC_ARG_ENABLE(optimization, CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'` fi]) +AC_MSG_NOTICE([checking for cc features]) # CFLAGS mangling when using gcc. if test "$GCC" = yes; then + AC_MSG_CHECKING([if gcc supports -fno-delete-null-pointer-checks]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-fno-delete-null-pointer-checks" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -fno-delete-null-pointer-checks" + fi + CFLAGS="$CFLAGS -Wall" if test "$USE_MAINTAINER_MODE" = "yes"; then CFLAGS="$CFLAGS -Wcast-align -Wshadow -Wstrict-prototypes" @@ -1918,7 +1929,6 @@ if test "$GCC" = yes; then CFLAGS="$CFLAGS -Wpointer-arith" fi fi - fi # Check whether as(1) supports a noeexecstack feature. This test commit f3362f10f6f671246c38115ed12b0047966c200e Author: Werner Koch Date: Sat Apr 28 18:30:53 2018 +0200 prime: Avoid rare assertion failure in gcry_prime_check. * cipher/primegen.c (is_prime): Don't fail on the assert X > 1. -- When using gcry_prime_check the function is_prime can be called with quite small candidates so there is a real chance that the random X values is indeed 0 or 1. This would trigger the assert. To avoid this we now retry in this case. Reported-by: Heiko Stamer Signed-off-by: Werner Koch diff --git a/cipher/primegen.c b/cipher/primegen.c index c7977d1..ce5ad3c 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -935,20 +935,25 @@ is_prime (gcry_mpi_t n, int steps, unsigned int *count) } else { - _gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM ); - - /* Make sure that the number is smaller than the prime and - keep the randomness of the high bit. */ - if ( mpi_test_bit ( x, nbits-2) ) + /* We need to loop to avoid an X with value 0 or 1. */ + do { - mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */ - } - else - { - mpi_set_highbit( x, nbits-2 ); - mpi_clear_bit( x, nbits-2 ); + _gcry_mpi_randomize (x, nbits, GCRY_WEAK_RANDOM); + + /* Make sure that the number is smaller than the prime + * and keep the randomness of the high bit. */ + if (mpi_test_bit (x, nbits-2)) + { + mpi_set_highbit (x, nbits-2); /* Clear all higher bits. */ + } + else + { + mpi_set_highbit (x, nbits-2); + mpi_clear_bit (x, nbits-2); + } } - gcry_assert (mpi_cmp (x, nminus1) < 0 && mpi_cmp_ui (x, 1) > 0); + while (mpi_cmp_ui (x, 1) <= 0); + gcry_assert (mpi_cmp (x, nminus1) < 0); } mpi_powm ( y, x, q, n); if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) ) ----------------------------------------------------------------------- Summary of changes: cipher/primegen.c | 29 +++++++++++++++++------------ configure.ac | 12 +++++++++++- 2 files changed, 28 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits