From wk at gnupg.org Mon Aug 3 11:35:03 2020 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Aug 2020 11:35:03 +0200 Subject: [PATCH] Fix build of jitterentropy-base.c with clang v2 In-Reply-To: <20200727200019.5761-1-tstellar@redhat.com> (Tom Stellard via Gcrypt-devel's message of "Mon, 27 Jul 2020 20:00:19 +0000") References: <20200727190946.14768-1-tstellar@redhat.com> <20200727200019.5761-1-tstellar@redhat.com> Message-ID: <87mu3cul6g.fsf@wheatstone.g10code.de> Hi! Thanbks for the patch. However the problem is that it is too easy to build with optimization - there really should be an #error in case optimization is accidently enabled (broken pragma etc.). Do you know a macro or other mechanism in Clang so that we can check that optimization has been disabled? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From tom.mharres at gmail.com Thu Aug 13 18:52:22 2020 From: tom.mharres at gmail.com (Antonio Harres) Date: Thu, 13 Aug 2020 13:52:22 -0300 Subject: Pull Request (patch libgcrypt) Message-ID: >From fd982bd34338d4824bf69c07b6776d75d1d88877 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ant=C3=B4nio=20Martos=20Harres?= Date: Thu, 13 Aug 2020 00:20:47 -0300 Subject: [PATCH] Fix libgcrypt returning errno 2 (file not found) I was coding with libcurl and decided to debug my code with a watchpoint on errno, to my unpleasent surprise, I found that libgcrypt was returning error, despite that I was doing everything okay and libgcrypt wasn't really having a decent reason to return error. So I found the reason why, apparently it was trying to open a file that doesn't exist, now fips_enabled doesn't actually *need* to exist by design, so libgcrypt should not set errno if it doesn't exist --- src/fips.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/fips.c b/src/fips.c index 1ac7f477..9ff5e578 100644 --- a/src/fips.c +++ b/src/fips.c @@ -137,9 +137,11 @@ _gcry_initialize_fips_mode (int force) { static const char procfname[] = "/proc/sys/crypto/fips_enabled"; FILE *fp; - int saved_errno; - + int saved_errno = errno; + /* since procfname may not exist and that's okay, we should ignore + any changes that fopen does to errno. */ fp = fopen (procfname, "r"); + errno = saved_errno; if (fp) { char line[256]; @@ -197,9 +199,11 @@ _gcry_initialize_fips_mode (int force) } + int saved_errno = errno; /* since FIPS_FORCE_FILE may not exist, we ignore any error set by fopen */ /* If the FIPS force files exists, is readable and has a number != 0 on its first line, we enable the enforced fips mode. */ fp = fopen (FIPS_FORCE_FILE, "r"); + errno = saved_errno; if (fp) { char line[256]; -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Wed Aug 19 19:28:17 2020 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Aug 2020 19:28:17 +0200 Subject: Pull Request (patch libgcrypt) In-Reply-To: (Antonio Harres via Gcrypt-devel's message of "Thu, 13 Aug 2020 13:52:22 -0300") References: Message-ID: <87blj6a6ku.fsf@wheatstone.g10code.de> Hi! > I was coding with libcurl and decided to debug my code with a > watchpoint on errno, to my unpleasent surprise, I found that libgcrypt > was returning error, despite that I was doing everything okay and > libgcrypt wasn't really having a decent reason to return error. Can you please describe the problem you are trying to address? May I assume that you are under the impression that Libgcrypt may not change ERRNO while you call an arbitrary function of it? That is not the case. Maybe you should take another path to debuggng that watchpointing ERRNO. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From tom.mharres at gmail.com Fri Aug 21 00:57:51 2020 From: tom.mharres at gmail.com (Antonio Harres) Date: Thu, 20 Aug 2020 19:57:51 -0300 Subject: Pull Request (patch libgcrypt) In-Reply-To: <87blj6a6ku.fsf@wheatstone.g10code.de> References: <87blj6a6ku.fsf@wheatstone.g10code.de> Message-ID: Hello, I will be as descriptive as possible about the issue here: In order to probe if fips_mode is enabled in the operating system, libgcrypt will try to fopen "/proc/sys/crypto/fips_enabled", now according to libgcrypt documentation, this file may not exist... If it doesn't, then libgcrypt fallsback to "/etc/gcrypt/fips_enabled", it will again try to fopen it. This procedure is described here: https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html The key point here is that the relevant portion of code is using fopen to probe for the existence of the file, this may return all sorts of errors, but commonly it's ENOENT. which is then returned into any code that is initializing libgcrypt. But, I'm getting errno at something that is not an error, rather, a configuration detail, the fact that the file doesn't exist just means that libgcrypt should disable fips mode internally. While describing the problem here, I understood a flaw in my patch, allow me to send a new patch that will ignore errno only in case it's ENOENT. Em qua., 19 de ago. de 2020 ?s 14:29, Werner Koch escreveu: > Hi! > > > I was coding with libcurl and decided to debug my code with a > > watchpoint on errno, to my unpleasent surprise, I found that libgcrypt > > was returning error, despite that I was doing everything okay and > > libgcrypt wasn't really having a decent reason to return error. > > Can you please describe the problem you are trying to address? > > May I assume that you are under the impression that Libgcrypt may not > change ERRNO while you call an arbitrary function of it? That is not > the case. Maybe you should take another path to debuggng that > watchpointing ERRNO. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom.mharres at gmail.com Fri Aug 21 01:45:54 2020 From: tom.mharres at gmail.com (Antonio Harres) Date: Thu, 20 Aug 2020 20:45:54 -0300 Subject: Pull Request (patch libgcrypt) In-Reply-To: References: <87blj6a6ku.fsf@wheatstone.g10code.de> Message-ID: diff --git a/src/fips.c b/src/fips.c index 1ac7f477..c28efaef 100644 --- a/src/fips.c +++ b/src/fips.c @@ -138,8 +138,17 @@ _gcry_initialize_fips_mode (int force) static const char procfname[] = "/proc/sys/crypto/fips_enabled"; FILE *fp; int saved_errno; - + saved_errno = errno; + /* since procfname may not exist and that's okay, we should ignore + if fopen sets errno to ENOENT (no such file) */ fp = fopen (procfname, "r"); + /* if file doesn't exist, which is a condition described here: + https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html */ + if (errno == ENOENT) + { + /* restore errno's value before fopen call */ + errno = saved_errno; + } if (fp) { char line[256]; @@ -178,6 +187,7 @@ _gcry_initialize_fips_mode (int force) { /* Yes, we are in FIPS mode. */ FILE *fp; + int saved_errno; /* Intitialize the lock to protect the FSM. */ err = gpgrt_lock_init (&fsm_lock); @@ -197,9 +207,16 @@ _gcry_initialize_fips_mode (int force) } + saved_errno = errno; /* If the FIPS force files exists, is readable and has a number != 0 on its first line, we enable the enforced fips mode. */ fp = fopen (FIPS_FORCE_FILE, "r"); + if (errno == ENOENT) + { + /* since FIPS_FORCE_FILE may not exist, we ignore if fopen + returns ENOENT (file not found) */ + errno = saved_errno; + } if (fp) { char line[256]; Em qui., 20 de ago. de 2020 ?s 19:57, Antonio Harres escreveu: > Hello, I will be as descriptive as possible about the issue here: > In order to probe if fips_mode is enabled in the operating system, > libgcrypt will try to fopen "/proc/sys/crypto/fips_enabled", now according > to libgcrypt documentation, this file may not exist... > If it doesn't, then libgcrypt fallsback to "/etc/gcrypt/fips_enabled", it > will again try to fopen it. > This procedure is described here: > https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html > The key point here is that the relevant portion of code is using fopen to > probe for the existence of the file, this may return all sorts of errors, > but commonly it's ENOENT. which is then returned into any code that is > initializing libgcrypt. But, I'm getting errno at something that is not an > error, rather, a configuration detail, the fact that the file doesn't exist > just means that libgcrypt should disable fips mode internally. > While describing the problem here, I understood a flaw in my patch, allow > me to send a new patch that will ignore errno only in case it's ENOENT. > > Em qua., 19 de ago. de 2020 ?s 14:29, Werner Koch escreveu: > >> Hi! >> >> > I was coding with libcurl and decided to debug my code with a >> > watchpoint on errno, to my unpleasent surprise, I found that libgcrypt >> > was returning error, despite that I was doing everything okay and >> > libgcrypt wasn't really having a decent reason to return error. >> >> Can you please describe the problem you are trying to address? >> >> May I assume that you are under the impression that Libgcrypt may not >> change ERRNO while you call an arbitrary function of it? That is not >> the case. Maybe you should take another path to debuggng that >> watchpointing ERRNO. >> >> >> Shalom-Salam, >> >> Werner >> >> -- >> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom.mharres at gmail.com Fri Aug 21 02:05:37 2020 From: tom.mharres at gmail.com (Antonio Harres) Date: Thu, 20 Aug 2020 21:05:37 -0300 Subject: Pull Request (patch libgcrypt) In-Reply-To: References: <87blj6a6ku.fsf@wheatstone.g10code.de> Message-ID: I will also attach gdb's output, here my program is called tool.c. When it attempts to initialize libcurl, it changes errno to ENOENT because of /etc/gcrypt/fips_enabled, this also changes errno attached to libcurl, which, in turn, makes my program exit with an "FIle/ directory not found message". I almost forgot, answering your previous question: No, I am not under the impression that libgcrypt may not change errno when I call any arbitrary function, but that this specific circumstance differs from the documented behaviour by not considering /etc/gcrypt/fips_enabled *may* not exist. Also, my setup doesn't have neither files that gcrypt tries to open to check fips mode, which is the debian default configuration. Breakpoint 2, main (argc=1, argv=0x7fffffffe128) at tool.c:656 656 if ( curl_global_init(CURL_GLOBAL_ALL) != 0 ) { // init libcurl (gdb) watch *errno_p Hardware watchpoint 3: *errno_p (gdb) c Continuing. Hardware watchpoint 3: *errno_p Old value = 0 New value = 2 0x00007ffff7e0171c in __access (file=0x7ffff76c335b "/etc/gcrypt/fips_enabled", type=0) at ../sysdeps/unix/sysv/linux/access.c:27 27 ../sysdeps/unix/sysv/linux/access.c: No such file or directory. (gdb) bt #0 0x00007ffff7e0171c in __access (file=0x7ffff76c335b "/etc/gcrypt/fips_enabled", type=0) at ../sysdeps/unix/sysv/linux/access.c:27 #1 0x00007ffff760024e in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20 #2 0x00007ffff75f88ea in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20 #3 0x00007ffff75f9a5f in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20 #4 0x00007ffff75f5789 in gcry_control () from /lib/x86_64-linux-gnu/libgcrypt.so.20 #5 0x00007ffff7c76794 in libssh2_init () from /lib/x86_64-linux-gnu/libssh2.so.1 #6 0x00007ffff7f428fb in ?? () from /lib/x86_64-linux-gnu/libcurl-gnutls.so.4 #7 0x00007ffff7f032d7 in ?? () from /lib/x86_64-linux-gnu/libcurl-gnutls.so.4 #8 0x0000555555556110 in main (argc=1, argv=0x7fffffffe128) at tool.c:656 (gdb) -------------- next part -------------- An HTML attachment was scrubbed... URL: From tom.mharres at gmail.com Fri Aug 21 02:58:31 2020 From: tom.mharres at gmail.com (Antonio Harres) Date: Thu, 20 Aug 2020 21:58:31 -0300 Subject: Pull Request (patch libgcrypt) In-Reply-To: References: <87blj6a6ku.fsf@wheatstone.g10code.de> Message-ID: In this latest patch, I'm also verifying if access returns ENOENT (which originally was raising errno for me). diff --git a/src/fips.c b/src/fips.c index 1ac7f477..43f70c75 100644 --- a/src/fips.c +++ b/src/fips.c @@ -101,6 +101,7 @@ _gcry_initialize_fips_mode (int force) { static int done; gpg_error_t err; + int saved_errno; /* Make sure we are not accidentally called twice. */ if (done) @@ -127,8 +128,14 @@ _gcry_initialize_fips_mode (int force) file. The filename is hardwired so that there won't be any confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is actually used. The file itself may be empty. */ + saved_errno = errno; if ( !access (FIPS_FORCE_FILE, F_OK) ) { + /* don't set errno for access if FIPS_FORCE_FILE doesn't exist */ + if (errno == ENOENT) + { + errno = saved_errno; + } gcry_assert (!_gcry_no_fips_mode_required); goto leave; } @@ -137,9 +144,17 @@ _gcry_initialize_fips_mode (int force) { static const char procfname[] = "/proc/sys/crypto/fips_enabled"; FILE *fp; - int saved_errno; - + saved_errno = errno; + /* since procfname may not exist and that's okay, we should ignore + if fopen sets errno to ENOENT (no such file) */ fp = fopen (procfname, "r"); + /* if file doesn't exist, which is a condition described here: + https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html */ + if (errno == ENOENT) + { + /* restore errno's value before fopen call */ + errno = saved_errno; + } if (fp) { char line[256]; @@ -197,9 +212,16 @@ _gcry_initialize_fips_mode (int force) } + saved_errno = errno; /* If the FIPS force files exists, is readable and has a number != 0 on its first line, we enable the enforced fips mode. */ fp = fopen (FIPS_FORCE_FILE, "r"); + if (errno == ENOENT) + { + /* since FIPS_FORCE_FILE may not exist, we ignore if fopen + returns ENOENT (file not found) */ + errno = saved_errno; + } if (fp) { char line[256]; Em qui., 20 de ago. de 2020 ?s 21:05, Antonio Harres escreveu: > I will also attach gdb's output, here my program is called tool.c. When it > attempts to initialize libcurl, it changes errno to ENOENT because of > /etc/gcrypt/fips_enabled, this also changes errno attached to libcurl, > which, in turn, makes my program exit with an "FIle/ directory not found > message". > I almost forgot, answering your previous question: > No, I am not under the impression that libgcrypt may not change errno when > I call any arbitrary function, but that this specific circumstance differs > from the documented behaviour by not considering /etc/gcrypt/fips_enabled > *may* not exist. > Also, my setup doesn't have neither files that gcrypt tries to open to > check fips mode, which is the debian default configuration. > > Breakpoint 2, main (argc=1, argv=0x7fffffffe128) at tool.c:656 > 656 if ( curl_global_init(CURL_GLOBAL_ALL) != 0 ) { // init > libcurl > (gdb) watch *errno_p > Hardware watchpoint 3: *errno_p > (gdb) c > Continuing. > > Hardware watchpoint 3: *errno_p > > Old value = 0 > New value = 2 > 0x00007ffff7e0171c in __access (file=0x7ffff76c335b > "/etc/gcrypt/fips_enabled", type=0) at > ../sysdeps/unix/sysv/linux/access.c:27 > 27 ../sysdeps/unix/sysv/linux/access.c: No such file or directory. > (gdb) bt > #0 0x00007ffff7e0171c in __access (file=0x7ffff76c335b > "/etc/gcrypt/fips_enabled", type=0) > at ../sysdeps/unix/sysv/linux/access.c:27 > #1 0x00007ffff760024e in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20 > #2 0x00007ffff75f88ea in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20 > #3 0x00007ffff75f9a5f in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20 > #4 0x00007ffff75f5789 in gcry_control () from > /lib/x86_64-linux-gnu/libgcrypt.so.20 > #5 0x00007ffff7c76794 in libssh2_init () from > /lib/x86_64-linux-gnu/libssh2.so.1 > #6 0x00007ffff7f428fb in ?? () from > /lib/x86_64-linux-gnu/libcurl-gnutls.so.4 > #7 0x00007ffff7f032d7 in ?? () from > /lib/x86_64-linux-gnu/libcurl-gnutls.so.4 > #8 0x0000555555556110 in main (argc=1, argv=0x7fffffffe128) at tool.c:656 > (gdb) > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Aug 21 10:27:14 2020 From: wk at gnupg.org (Werner Koch) Date: Fri, 21 Aug 2020 10:27:14 +0200 Subject: Pull Request (patch libgcrypt) In-Reply-To: (Antonio Harres via Gcrypt-devel's message of "Thu, 20 Aug 2020 19:57:51 -0300") References: <87blj6a6ku.fsf@wheatstone.g10code.de> Message-ID: <877dts8kv1.fsf@wheatstone.g10code.de> On Thu, 20 Aug 2020 19:57, Antonio Harres said: > The key point here is that the relevant portion of code is using fopen to > probe for the existence of the file, this may return all sorts of errors, > but commonly it's ENOENT. which is then returned into any code that is > initializing libgcrypt. But, I'm getting errno at something that is not an Sorry, that is not correct. Here is the function's prototype: void _gcry_initialize_fips_mode (int force) as you can see that function _cannot_ return any error code. I already explained that you can't assume that an arbitrary library like Libgcrypt makes any guarantee not to change the ERRNO of the thread. In fact there is no guarantee for that for many libc function's either. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From qub14 at psu.edu Sun Aug 23 22:13:27 2020 From: qub14 at psu.edu (Qinkun Bao) Date: Sun, 23 Aug 2020 16:13:27 -0400 Subject: Report side-channel leakages Message-ID: Hello, We found some secret-dependent control-flows in the latest version of libgcrypt (1.8.6). Those leakage sites may lead to potential side-channel attacks. I was wondering if you are interested in fixing those leakages? If so, could you please share us with the way to report those side-channel leakages? Thanks, Qinkun Bao -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawn at git.icu Mon Aug 24 16:43:09 2020 From: shawn at git.icu (Shawn Landden) Date: Mon, 24 Aug 2020 09:43:09 -0500 Subject: Report side-channel leakages In-Reply-To: References: Message-ID: <2538521598279951@myt2-b899cd0385f4.qloud-c.yandex.net> An HTML attachment was scrubbed... URL: From wk at gnupg.org Mon Aug 24 20:47:29 2020 From: wk at gnupg.org (Werner Koch) Date: Mon, 24 Aug 2020 20:47:29 +0200 Subject: Report side-channel leakages In-Reply-To: <2538521598279951@myt2-b899cd0385f4.qloud-c.yandex.net> (Shawn Landden's message of "Mon, 24 Aug 2020 09:43:09 -0500") References: <2538521598279951@myt2-b899cd0385f4.qloud-c.yandex.net> Message-ID: <874kor7uf2.fsf@wheatstone.g10code.de> On Mon, 24 Aug 2020 09:43, Shawn Landden said: > When I reported some side-channel vulnerabilities Werner Koch got angry, > taking it as a loss of face, and started making it difficult to get my patches > accepted, by raising copyright arguments that are both incorrect and I am not sure which side-channel vulnerabilities you mean here. Can you please explain and point me to the respective mail? I recall a debate around July 2019 on whether to include code from an OpenSSL related project called Crytograms. I replied that the license is not compatible with the LGPL and Jussi was kind to implement PowerPC vector Crypto for AES on top of your pacth but without Cryptograms. Anyway, to report security bugs, we have instructions at gnupg.org->Documentation->Security Should be easy enough to find. The security address as stated in each project'ss AUTHORS file is also monitored by the core developers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: