From collin.funk1 at gmail.com Fri May 2 07:20:58 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Thu, 1 May 2025 22:20:58 -0700 Subject: [PATCH libgcrypt 2/2] tests: Fix link errors for t-thread-local. In-Reply-To: <20250502052113.350052-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: <20250502052113.350052-2-collin.funk1@gmail.com> On platforms where pthread_create is not in libc t-thread-local fails to link. Issue found on NetBSD 10.0. * tests/Makefile.am (t_thread_local_LDADD): Add $(standard_ldadd), $(GPG_ERROR_MT_LIBS), and @LDADD_FOR_TESTS_KLUDGE at . (t_thread_local_CFLAGS): Add $(GPG_ERROR_MT_CFLAGS). -- GnuPG-bug-id: 7634 Signed-off-by: Collin Funk --- tests/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 3170a58e..cef9b700 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -94,6 +94,8 @@ t_secmem_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@ testapi_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@ t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@ t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS) +t_thread_local_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@ +t_thread_local_CFLAGS = $(GPG_ERROR_MT_CFLAGS) testdrv_LDADD = $(LDADD_FOR_TESTS_KLUDGE) # Build a version of the test driver for the build platform. -- 2.49.0 From collin.funk1 at gmail.com Fri May 2 07:20:57 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Thu, 1 May 2025 22:20:57 -0700 Subject: [PATCH libgcrypt 1/2] cipher:aria: Fix compiler error on NetBSD. Message-ID: <20250502052113.350052-1-collin.funk1@gmail.com> * cipher/aria.c (bswap32) [__NetBSD__]: Define internal function to something else to avoid possible system definitions. -- GnuPG-bug-id: 7633 Signed-off-by: Collin Funk --- cipher/aria.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cipher/aria.c b/cipher/aria.c index bc2d4384..cabae4a6 100644 --- a/cipher/aria.c +++ b/cipher/aria.c @@ -641,6 +641,11 @@ u32 rotr32(u32 v, u32 r) return ror(v, r); } +/* Avoid a compiler error due to the definition of bswap32 on NetBSD. */ +#if defined (__NetBSD__) +#undef bswap32 +#define bswap32 _aria_bswap32 +#endif static ALWAYS_INLINE u32 bswap32(u32 v) { -- 2.49.0 From collin.funk1 at gmail.com Fri May 2 07:25:57 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Thu, 01 May 2025 22:25:57 -0700 Subject: DCO for Collin Funk Message-ID: <87h623y462.fsf@gmail.com> Libgcrypt Developer's Certificate of Origin. Version 1.0 ========================================================= By making a contribution to the Libgcrypt project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Collin Funk -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From jussi.kivilinna at iki.fi Fri May 2 11:42:48 2025 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Fri, 2 May 2025 12:42:48 +0300 Subject: [PATCH libgcrypt 1/2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: <20250502052113.350052-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: Hello, On 02/05/2025 08:20, Collin Funk via Gcrypt-devel wrote: > * cipher/aria.c (bswap32) [__NetBSD__]: Define internal function to > something else to avoid possible system definitions. > > -- > > GnuPG-bug-id: 7633 > Signed-off-by: Collin Funk > --- > cipher/aria.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/cipher/aria.c b/cipher/aria.c > index bc2d4384..cabae4a6 100644 > --- a/cipher/aria.c > +++ b/cipher/aria.c > @@ -641,6 +641,11 @@ u32 rotr32(u32 v, u32 r) > return ror(v, r); > } > > +/* Avoid a compiler error due to the definition of bswap32 on NetBSD. */ > +#if defined (__NetBSD__) > +#undef bswap32 > +#define bswap32 _aria_bswap32 > +#endif > static ALWAYS_INLINE > u32 bswap32(u32 v) > { I think it would be better to just remove this bswap32 wrapper function and change aria_diff_byte() to use _gcry_bswap32 directly. -Jussi From collin.funk1 at gmail.com Fri May 2 19:51:09 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Fri, 02 May 2025 10:51:09 -0700 Subject: [PATCH libgcrypt 1/2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: <878qne3nqq.fsf@gmail.com> Jussi Kivilinna writes: > I think it would be better to just remove this bswap32 wrapper function > and change aria_diff_byte() to use _gcry_bswap32 directly. Yes, you are right. That is much simpler... Collin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From collin.funk1 at gmail.com Fri May 2 19:53:49 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Fri, 2 May 2025 10:53:49 -0700 Subject: [PATCH libgcrypt v2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: <20250502052113.350052-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> Message-ID: <20250502175358.33416-1-collin.funk1@gmail.com> * cipher/aria.c (bswap32): Remove function that conflicts with system definitions on NetBSD. (aria_diff_byte): Use _gcry_bswap32. -- GnuPG-bug-id: 7633 Signed-off-by: Collin Funk --- cipher/aria.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/cipher/aria.c b/cipher/aria.c index bc2d4384..26546a63 100644 --- a/cipher/aria.c +++ b/cipher/aria.c @@ -641,12 +641,6 @@ u32 rotr32(u32 v, u32 r) return ror(v, r); } -static ALWAYS_INLINE -u32 bswap32(u32 v) -{ - return _gcry_bswap32(v); -} - static ALWAYS_INLINE u32 get_u8(u32 x, u32 y) { @@ -727,7 +721,7 @@ static inline void aria_diff_byte(u32 *t1, u32 *t2, u32 *t3) { *t1 = ((*t1 << 8) & 0xff00ff00) ^ ((*t1 >> 8) & 0x00ff00ff); *t2 = rotr32(*t2, 16); - *t3 = bswap32(*t3); + *t3 = _gcry_bswap32(*t3); } /* Key XOR Layer */ -- 2.49.0 From jussi.kivilinna at iki.fi Sat May 3 10:50:17 2025 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sat, 3 May 2025 11:50:17 +0300 Subject: [PATCH libgcrypt v2] cipher:aria: Fix compiler error on NetBSD. In-Reply-To: <20250502175358.33416-1-collin.funk1@gmail.com> References: <20250502052113.350052-1-collin.funk1@gmail.com> <20250502175358.33416-1-collin.funk1@gmail.com> Message-ID: Hello, On 02/05/2025 20:53, Collin Funk via Gcrypt-devel wrote: > * cipher/aria.c (bswap32): Remove function that conflicts with system > definitions on NetBSD. > (aria_diff_byte): Use _gcry_bswap32. Thanks. Both patches have been applied to master. -Jussi From eggert at cs.ucla.edu Sat May 10 07:45:52 2025 From: eggert at cs.ucla.edu (Paul Eggert) Date: Fri, 9 May 2025 22:45:52 -0700 Subject: libgcrypt "allow to" comment fixes Message-ID: <77e5f775-cabb-4b55-a0c6-4ae4f1890faf@cs.ucla.edu> libgcrypt contains several instances of ungrammatical English phrases like "This allows to keep it uninitialized", where grammatical English would be something like "This allows keeping it uninitialized". I noticed this when correcting some grammar in Emacs and Gnulib comments. Proposed libgcrypt patch attached. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-ungrammatical-use-of-allow-to.patch Type: text/x-patch Size: 22172 bytes Desc: not available URL: From collin.funk1 at gmail.com Mon May 12 00:26:29 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Sun, 11 May 2025 15:26:29 -0700 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. Message-ID: <20250511222648.351275-1-collin.funk1@gmail.com> * COPYING: Update to latest from Gnulib. * COPYING.LIB: Likewise. * doc/gpl.texi: Likewise. * doc/lgpl.texi: Likewise. * cipher/scrypt.c: Link to gnu.org instead of mentioning the old FSF address. Signed-off-by: Collin Funk --- COPYING | 9 ++++----- COPYING.LIB | 9 ++++----- cipher/scrypt.c | 5 ++--- doc/gpl.texi | 17 ++++++++--------- doc/lgpl.texi | 20 +++++++++----------- 5 files changed, 27 insertions(+), 33 deletions(-) diff --git a/COPYING b/COPYING index d159169d..9efa6fbc 100644 --- a/COPYING +++ b/COPYING @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -304,8 +304,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + with this program; if not, see . Also add information on how to contact you by electronic and paper mail. @@ -329,8 +328,8 @@ necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. - , 1 April 1989 - Ty Coon, President of Vice + , 1 April 1989 + Moe Ghoul, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may diff --git a/COPYING.LIB b/COPYING.LIB index 4362b491..f6683e74 100644 --- a/COPYING.LIB +++ b/COPYING.LIB @@ -2,7 +2,7 @@ Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -484,8 +484,7 @@ convey the exclusion of warranty; and each file should have at least the Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + License along with this library; if not, see . Also add information on how to contact you by electronic and paper mail. @@ -496,7 +495,7 @@ necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. - , 1 April 1990 - Ty Coon, President of Vice + , 1 April 1990 + Moe Ghoul, President of Vice That's all there is to it! diff --git a/cipher/scrypt.c b/cipher/scrypt.c index a6d15a84..e0d5df9e 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -35,9 +35,8 @@ * License for more details. * * You should have received a copy of the GNU Lesser General Public License - * along with the nettle library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02111-1301, USA. + * along with the nettle library; see the file COPYING.LIB. If not, see + * . */ #include diff --git a/doc/gpl.texi b/doc/gpl.texi index 38aa9182..27e3ed1e 100644 --- a/doc/gpl.texi +++ b/doc/gpl.texi @@ -6,7 +6,7 @@ @display Copyright @copyright{} 1989, 1991 Free Software Foundation, Inc. -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -292,12 +292,12 @@ @item BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW at . EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE at . THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU at . SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. @@ -344,12 +344,11 @@ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE at . See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +along with this program; if not, see . @end smallexample Also add information on how to contact you by electronic and paper mail. @@ -378,8 +377,8 @@ Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. - at var{signature of Ty Coon}, 1 April 1989 -Ty Coon, President of Vice + at var{signature of Moe Ghoul}, 1 April 1989 +Moe Ghoul, President of Vice @end example This General Public License does not permit incorporating your program into diff --git a/doc/lgpl.texi b/doc/lgpl.texi index ab03d6cc..93663f7a 100644 --- a/doc/lgpl.texi +++ b/doc/lgpl.texi @@ -6,12 +6,12 @@ @display Copyright @copyright{} 1991, 1999 Free Software Foundation, Inc. -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. -[This is the first released version of the Lesser GPL. It also counts +[This is the first released version of the Lesser GPL at . It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] @end display @@ -474,13 +474,13 @@ @item BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW at . EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY ``AS IS'' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +PURPOSE at . THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU at . SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. @item @@ -523,13 +523,11 @@ This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE at . See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public -License along with this library; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, -USA. +License along with this library; if not, see . @end smallexample Also add information on how to contact you by electronic and paper mail. @@ -542,8 +540,8 @@ Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. - at var{signature of Ty Coon}, 1 April 1990 -Ty Coon, President of Vice + at var{signature of Moe Ghoul}, 1 April 1990 +Moe Ghoul, President of Vice @end smallexample That's all there is to it! -- 2.49.0 From wk at gnupg.org Mon May 12 17:49:48 2025 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 May 2025 17:49:48 +0200 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. In-Reply-To: <20250511222648.351275-1-collin.funk1@gmail.com> (Collin Funk via Gcrypt-devel's message of "Sun, 11 May 2025 15:26:29 -0700") References: <20250511222648.351275-1-collin.funk1@gmail.com> Message-ID: <87frh97rs3.fsf@jacob.g10code.de> On Sun, 11 May 2025 15:26, Collin Funk said: > * COPYING: Update to latest from Gnulib. > * COPYING.LIB: Likewise. > * doc/gpl.texi: Likewise. > * doc/lgpl.texi: Likewise. > * cipher/scrypt.c: Link to gnu.org instead of mentioning the old FSF Thanks. Applied to master. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From collin.funk1 at gmail.com Mon May 12 19:19:59 2025 From: collin.funk1 at gmail.com (Collin Funk) Date: Mon, 12 May 2025 10:19:59 -0700 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. In-Reply-To: <87frh97rs3.fsf@jacob.g10code.de> References: <20250511222648.351275-1-collin.funk1@gmail.com> <87frh97rs3.fsf@jacob.g10code.de> Message-ID: <87plgdn3uo.fsf@gmail.com> Werner Koch writes: > Thanks. Applied to master. Thanks! FYI, build-aux/ltmain.sh and m4/libtool.m4 still have the old FSF address, but I expect that to change when all of our systems have a more recent libtool. No need to change it ourselves, I think. Collin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From gniibe at fsij.org Tue May 13 02:28:28 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 13 May 2025 09:28:28 +0900 Subject: [PATCH] mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. Message-ID: * mpi/ec.c (_gcry_mpi_ec_get_affine): Fix for possible leak. -- GnuPG-bug-id: 7519 Signed-off-by: NIIBE Yutaka --- mpi/ec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-mpi-ec-Use-ec_mulm_lli-in-_gcry_mpi_ec_get_affine.patch Type: text/x-patch Size: 951 bytes Desc: not available URL: From wk at gnupg.org Tue May 13 14:37:52 2025 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 May 2025 14:37:52 +0200 Subject: [PATCH libgcrypt] Remove occurrences of old FSF postal address. In-Reply-To: <87plgdn3uo.fsf@gmail.com> (Collin Funk via Gcrypt-devel's message of "Mon, 12 May 2025 10:19:59 -0700") References: <20250511222648.351275-1-collin.funk1@gmail.com> <87frh97rs3.fsf@jacob.g10code.de> <87plgdn3uo.fsf@gmail.com> Message-ID: <87sel865zz.fsf@jacob.g10code.de> On Mon, 12 May 2025 10:19, Collin Funk said: > FSF address, but I expect that to change when all of our systems have a > more recent libtool. No need to change it ourselves, I think. Actually we try not to update libtool due to a not good track record in breaking cross-builds for Windows. IIRC, we still have some custom modifications applied. Most stuff of libtool is actually not required here. I can imagine to have a much simpler version which just gives the correct linker and compiler flags for the supported platforms and does not try to build wrappers for testing and convenience libraries. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From wk at gnupg.org Tue May 13 14:39:06 2025 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 May 2025 14:39:06 +0200 Subject: [PATCH] mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. In-Reply-To: (NIIBE Yutaka via Gcrypt-devel's message of "Tue, 13 May 2025 09:28:28 +0900") References: Message-ID: <87o6vw65xx.fsf@jacob.g10code.de> On Tue, 13 May 2025 09:28, NIIBE Yutaka said: > * mpi/ec.c (_gcry_mpi_ec_get_affine): Fix for possible leak. BTW, Do we have benchmarks for these LLI changes. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From gniibe at fsij.org Wed May 14 04:32:07 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 14 May 2025 11:32:07 +0900 Subject: [PATCH] mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. In-Reply-To: <87o6vw65xx.fsf@jacob.g10code.de> References: <87o6vw65xx.fsf@jacob.g10code.de> Message-ID: <874ixnudlk.fsf@haruna.fsij.org> Werner Koch wrote: > On Tue, 13 May 2025 09:28, NIIBE Yutaka said: >> * mpi/ec.c (_gcry_mpi_ec_get_affine): Fix for possible leak. > > BTW, Do we have benchmarks for these LLI changes. I used standard one of libgcrypt/tests/benchmark. For 64-bit architectures, changes resulted better; This is due to the improvements with the code paths of LLI version (_gcry_mpih_powm_lli uses Montgomery exponentiation, mpi_ec_mul_point_lli has optimization with affine coordinates). The approach taken for those improvements could be applied to existing generic code paths, if done carefully. This... is left as an exercise for the hackers. -- From gniibe at fsij.org Wed May 14 06:35:43 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 14 May 2025 13:35:43 +0900 Subject: [PATCH] mpi:ec: Least leak with k^(-1) for ECDSA. Message-ID: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> * src/mpi.h (_gcry_mpi_assign_limb_space): Add. (_gcry_mpih_mod_lli, _gcry_mpih_mul_lli): Add. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Take care about least leak with k^(-1). -- GnuPG-bug-id: 7519 Signed-off-by: NIIBE Yutaka --- cipher/ecc-ecdsa.c | 20 +++++++++++++++++++- src/mpi.h | 7 +++++++ 2 files changed, 26 insertions(+), 1 deletion(-) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-mpi-ec-Least-leak-with-k-1-for-ECDSA.patch Type: text/x-patch Size: 2579 bytes Desc: not available URL: From jcb62281 at gmail.com Thu May 15 07:29:38 2025 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Thu, 15 May 2025 00:29:38 -0500 Subject: [PATCH] mpi:ec: Least leak with k^(-1) for ECDSA. In-Reply-To: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> References: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> Message-ID: On 5/13/25 23:35, NIIBE Yutaka via Gcrypt-devel wrote: > * src/mpi.h (_gcry_mpi_assign_limb_space): Add. > (_gcry_mpih_mod_lli, _gcry_mpih_mul_lli): Add. > * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Take care > about least leak with k^(-1). > > -- > > GnuPG-bug-id: 7519 > Signed-off-by: NIIBE Yutaka > --- > cipher/ecc-ecdsa.c | 20 +++++++++++++++++++- > src/mpi.h | 7 +++++++ > 2 files changed, 26 insertions(+), 1 deletion(-) I note from the diff context that the next step after the part you are changing is to remove a blinding factor from the result. If the calculation is performed blinded, why is least-leak important enough here to justify the added code complexity? Note that introducing an "mpi_mulm_lli" as an LLI drop-in replacement for "mpi_mulm" would also address my concern.? Also note that using least-leak for the blinding/unblinding steps might be more important than for any of the blinded steps in the middle. -- Jacob From gniibe at fsij.org Fri May 16 02:48:05 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 16 May 2025 09:48:05 +0900 Subject: [PATCH] mpi:ec: Least leak with k^(-1) for ECDSA. In-Reply-To: References: <0bd4c77be6e04f5c8734926234742c3a2bb8fb18.1747197335.git.gniibe@fsij.org> Message-ID: <878qmxs7ne.fsf@haruna.fsij.org> Jacob Bachmeyer wrote: > I note from the diff context that the next step after the part you are > changing is to remove a blinding factor from the result. Could be. Currently, my focus is the leaks of K and K^(-1). Blinding here is for the private key (ec->d). > If the calculation is performed blinded, why is least-leak important > enough here to justify the added code complexity? The patch I sent is for K^(-1). (The code would be looked complex, but actually the execution code path is simpler than the one by mpi_mulm. We don't have mpi_mulm_lli or mpi_mul_lli yet.) --