by Werner Koch | 21 May 16:58 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-229-g2bddd94

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  2bddd947fd1c11b4ec461576db65a5e34fea1b07 (commit)
       via  102d68b3bd77813a3ff989526855bb1e283bf9d7 (commit)
       via  8124e357b732a719696bfd5271def4e528f2a1e1 (commit)
      from  9b0c6c8141ae9bd056392a3f6b5704b505fc8501 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07
Author: Werner Koch <wk <at> gnupg.org>
Date:   Thu May 21 16:24:36 2015 +0200

    ecc: Add key generation flag "no-keytest".

    * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
    * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
    "no-keytest".  Return an error for invalid flags of length 10.

    * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
    set random level depending on flags.
    * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
    * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
    remove var random_level.
(Continue reading)

Christian Grothoff | 19 May 13:56 2015

Re: triple DH

Hi!

Bart just prompted me to look over libgcrypt's key generation for EdDSA
vs. ECDHE (again).
I noticed a two odd things.  First, in 'ecc.c::nist_generate_key' you do
(for EdDSA):

      rndbuf = _gcry_random_bytes_secure (32, random_level);
      rndbuf[0] &= 0x7f;  /* Clear bit 255. */
      rndbuf[0] |= 0x40;  /* Set bit 254.   */
      rndbuf[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0  */
      _gcry_mpi_set_buffer (sk->d, rndbuf, 32, 0);

The bit operations may seem to be to follow the EdDSA spec, but that's
actually false. Those
bit operations must be done AFTER the hashing, and you do those there as
well, in ecc-edsa.c::508:

 reverse_buffer (hash_d, 32);  /* Only the first half of the hash.  */
  hash_d[0] = (hash_d[0] & 0x7f) | 0x40;
  hash_d[31] &= 0xf8;
  _gcry_mpi_set_buffer (a, hash_d, 32, 0);

So in ecc:c::nist_generate_key() they seem to be misplaced and just
draining a bit of
entropy from the key generation process (effectively reducing key size
from 256 bits
of entropy to 251).

Now, what I was actually tring to do was establish why ECDHE key
(Continue reading)

by Jussi Kivilinna | 17 May 15:17 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-226-g9b0c6c8

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  9b0c6c8141ae9bd056392a3f6b5704b505fc8501 (commit)
       via  eb0ed576893b6c7990dbcb568510f831d246cea6 (commit)
       via  12bc93ca8187b8061c2e705427ef22f5a71d29b0 (commit)
       via  8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f (commit)
       via  b65e9e71d5ee992db5c96793c6af999545daad28 (commit)
       via  9597cfddf03c467825da152be5ca0d12a8c30d88 (commit)
       via  6a6646df80386204675d8b149ab60e74d7ca124c (commit)
       via  9a4fb3709864bf3e3918800d44ff576590cd4e92 (commit)
       via  e05682093ffb003b589a697428d918d755ac631d (commit)
       via  c46b015bedba7ce0db68929bd33a86a54ab3d919 (commit)
       via  ee8fc4edcb3466b03246c8720b90731bf274ff1d (commit)
      from  bac42c68b069f17abcca810a21439c7233815747 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501
Author: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
Date:   Thu May 14 13:07:34 2015 +0300

    Enable AMD64 Twofish implementation on WIN64
    
    * cipher/twofish-amd64.S: Enable when
(Continue reading)

Jussi Kivilinna | 14 May 13:11 2015
Picon
Picon

[PATCH 01/10] Enable AMD64 arcfour implementation on WIN64

* cipher/arcfour-amd64.S: Enable when
HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
(ELF): New macro to mask lines with ELF specific commands.
* cipher/arcfour.c (USE_AMD64_ASM): Enable when
HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
(do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use
assembly block to call AMD64 assembly function.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
---
 cipher/arcfour-amd64.S |   13 ++++++++++---
 cipher/arcfour.c       |   17 ++++++++++++++++-
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/cipher/arcfour-amd64.S b/cipher/arcfour-amd64.S
index 8b8031a..2e52ea0 100644
--- a/cipher/arcfour-amd64.S
+++ b/cipher/arcfour-amd64.S
 <at>  <at>  -15,12 +15,19  <at>  <at> 

 #ifdef __x86_64__
 #include <config.h>
-#if defined(USE_ARCFOUR) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS)
+#if defined(USE_ARCFOUR) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
+    defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
+
+#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+# define ELF(...) __VA_ARGS__
+#else
(Continue reading)

Jussi Kivilinna | 14 May 09:18 2015
Picon
Picon

[PATCH] Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539

* cipher/cipher-poly1305.c: Add RFC-7539 to header.
* doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of
RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
---
 cipher/cipher-poly1305.c |    2 +-
 doc/gcrypt.texi          |    9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c
index f283333..965a7b6 100644
--- a/cipher/cipher-poly1305.c
+++ b/cipher/cipher-poly1305.c
 <at>  <at>  -1,4 +1,4  <at>  <at> 
-/* cipher-pol1305.c  -  Poly1305 based AEAD cipher mode
+/* cipher-poly1305.c  -  Poly1305 based AEAD cipher mode, RFC-7539
  * Copyright (C) 2014 Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
  *
  * This file is part of Libgcrypt.
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 8683ca8..ab4f685 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
 <at>  <at>  -1643,9 +1643,10  <at>  <at>  Associated Data (AEAD) block cipher mode, which is specified in
 'NIST Special Publication 800-38D'.

  <at> item  GCRY_CIPHER_MODE_POLY1305
- <at> cindex Poly1305 based AEAD mode
(Continue reading)

by Jussi Kivilinna | 14 May 09:02 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-215-gbac42c6

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  bac42c68b069f17abcca810a21439c7233815747 (commit)
       via  e15beb584a5ebdfc363e1ff15f87102508652d71 (commit)
      from  5a7d55eed3316f40ca61acbee032bfc285e28803 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bac42c68b069f17abcca810a21439c7233815747
Author: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
Date:   Fri May 8 18:07:51 2015 +0300

    hwf-x86: use edi for passing value to ebx for i386 cpuid

    * src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead
    of '=r'.
    --

    On Win32, %ebx can be assigned for '=r' (regs[1]). This results invalid
    assembly:
    	pushl %ebx
    	movl %ebx, %ebx
    	cpuid
    	movl %ebx, %ebx
(Continue reading)

Eugene Zelenko | 11 May 19:52 2015
Picon

Problem with building libgcrypt 1.6.3 on AIX 6.1 with IBM compiler

Hi!

I got next errors when tried to build building libgcrypt 1.6.3 on AIX
6.1 with IBM compiler:

"../src/mpi.h", line 295.16: 1506-343 (S) Redeclaration of
_gcry_mpi_ec_set_mpi differs from previous declaration on line 423 of
"../src/gcrypt-int.h".
"../src/mpi.h", line 297.16: 1506-343 (S) Redeclaration of
_gcry_mpi_ec_set_point differs from previous declaration on line 425
of "../src/gcrypt-int.h".
"../src/mpi.h", line 302.16: 1506-343 (S) Redeclaration of
_gcry_mpi_ec_new differs from previous declaration on line 418 of
"../src/gcrypt-int.h".

It seems that functions in question in mpi.h should return pgp_error_t
as do their implementation in visibility.c.

With best regards,
Eugene.
Jussi Kivilinna | 8 May 17:12 2015
Picon
Picon

[PATCH] hwf-x86: use edi for passing value to ebx for i386 cpuid

* src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead
of '=r'.
--

On Win32, %ebx can be assigned for '=r' (regs[1]). This results invalid
assembly:
	pushl %ebx
	movl %ebx, %ebx
	cpuid
	movl %ebx, %ebx
	popl %ebx

So use '=D' (%esi) for regs[1] instead.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
---
 src/hwf-x86.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hwf-x86.c b/src/hwf-x86.c
index baef2df..399952c 100644
--- a/src/hwf-x86.c
+++ b/src/hwf-x86.c
 <at>  <at>  -81,7 +81,7  <at>  <at>  get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
      "cpuid\n\t"
      "movl %%ebx, %1\n\t"
      "popl %%ebx\n\t"            /* Restore GOT register. */
-     : "=a" (regs[0]), "=r" (regs[1]), "=c" (regs[2]), "=d" (regs[3])
+     : "=a" (regs[0]), "=D" (regs[1]), "=c" (regs[2]), "=d" (regs[3])
      : "0" (in), "1" (0), "2" (0), "3" (0)
(Continue reading)

Filippo Valsorda | 5 May 22:21 2015

[PATCH] Fix OOB read in do_vsexp_sscan when newline+EOF is found in escape sequence

The check for the available bytes performed before doing the look-ahead
was
off by one, causing a out of bound read.  Example input: 22 5c 0a |"\.|

Found with afl-fuzz and ASAN.

Signed-off-by: Filippo Valsorda <hi <at> filippo.io>
---
 src/sexp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sexp.c b/src/sexp.c
index 9bc13ca..3d8fcf3 100644
--- a/src/sexp.c
+++ b/src/sexp.c
 <at>  <at>  -1239,7 +1239,7  <at>  <at>  do_vsexp_sscan (gcry_sexp_t *retsexp, size_t
*erroff,

 		case '\r':
 		  /* ignore CR[,LF] */
-                 if (n && (p[1] == '\n'))
+                 if ((n > 1) && (p[1] == '\n'))
 		    {
 		      p++;
 		      n--;
 <at>  <at>  -1249,7 +1249,7  <at>  <at>  do_vsexp_sscan (gcry_sexp_t *retsexp, size_t
*erroff,

 		case '\n':
 		  /* ignore LF[,CR] */
(Continue reading)

Jussi Kivilinna | 5 May 18:49 2015
Picon
Picon

[PATCH] hwf-x86: add EDX as output register for xgetbv asm block

* src/hwf-x86.c (get_xgetbv): Add EDX as output.
--

XGETBV instruction modifies EAX:EDX register pair, so we need to mark
EDX as output to let compiler know that contents in this register are
lost.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
---
 src/hwf-x86.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/hwf-x86.c b/src/hwf-x86.c
index 7ee246d..baef2df 100644
--- a/src/hwf-x86.c
+++ b/src/hwf-x86.c
 <at>  <at>  -100,11 +100,11  <at>  <at>  get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
 static unsigned int
 get_xgetbv(void)
 {
-  unsigned int t_eax;
+  unsigned int t_eax, t_edx;

   asm volatile
     ("xgetbv\n\t"
-     : "=a" (t_eax)
+     : "=a" (t_eax), "=d" (t_edx)
      : "c" (0)
     );

(Continue reading)

Jan Svensson | 5 May 11:07 2015

Libgcrypt license

Hi,

I'm planning to develop some software that is using Libgcrypt and am thinking about the license. On
https://www.gnupg.org/documentation/manuals/gcrypt/Library-Copying.html#Library-Copying it
says LGPL v2.1 and on https://www.gnupg.org/documentation/manuals/gcrypt/Copying.html#Copying
it says GPL v2.

Is it a mistake that those two web pages are pointing at LGPL v2.1 and GPL v2, i.e. should it be updated to LGPL
v3 and GPL v3?

Best regards, Jan

Gmane