by Jussi Kivilinna | 21 Mar 12:06 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-181-ga06fbc0

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2 (commit)
       via  92fa5f16d69707e302c0f85b2e5e80af8dc037f1 (commit)
       via  aa234561d00c3fb15fe501df4bf58f3db7c7c06b (commit)
      from  f5832285b0e420d77be1b8da10a1e1d86583b414 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2
Author: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
Date:   Sat Mar 21 13:01:38 2015 +0200

    wipememory: use one-byte aligned type for unaligned memory accesses

    * src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned
    access only when HAVE_GCC_ATTRIBUTE_PACKED and
    HAVE_GCC_ATTRIBUTE_ALIGNED defined.
    (fast_wipememory_t): New.
    (fast_wipememory2): Use 'fast_wipememory_t'.
    --

    Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>

(Continue reading)

by Werner Koch | 19 Mar 10:45 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-178-gf583228

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  f5832285b0e420d77be1b8da10a1e1d86583b414 (commit)
      from  db8ae3616987fa288173446398a107e31e2e28aa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f5832285b0e420d77be1b8da10a1e1d86583b414
Author: Werner Koch <wk <at> gnupg.org>
Date:   Thu Mar 19 10:43:55 2015 +0100

    Fix two pedantic warnings.

    * src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
    comma.
    --

    Reported-by: Opal Raava <opalraava <at> hushmail.com>
    Signed-off-by: Werner Koch <wk <at> gnupg.org>

diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 10099e1..cac2b49 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
(Continue reading)

Opal Raava | 19 Mar 05:00 2015

Small diff to remove two commas from gcrypt.h.in which cause warnings with -pedantic

Hi all,

This is my first post to the mailing list, so I hope I'm doing things right. 

I pulled the latest libgcrypt from the git and compiled an example program with it. I used gcc -Wpedantic to
compile it, and I get two warnings. For a header so public as gcrypt.h it would sure be nice if people can
compile it with -Wall -pedantic without complaints from the compiler.

The warnings are about comma's at the end of enumerator lists. Here is the output:

---
In file included from pubkey_example.c:27:0:
/usr/include/gcrypt.h:514:32: warning: comma at end of enumerator list [-Wpedantic]
     GCRYMPI_FLAG_USER4 = 0x0800,/* User flag 4.  */
                                ^
/usr/include/gcrypt.h:1375:29: warning: comma at end of enumerator list [-Wpedantic]
     GCRY_MAC_FLAG_SECURE = 1,  /* Allocate all buffers in "secure" memory.  */
                             ^
---

To remove the commas I made a small git diff that removes them. I hope this humble change in 'gcrypt.h.in'
will make it through:)

Thanks,
--Opal

diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 10099e1..cac2b49 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
(Continue reading)

by Werner Koch | 16 Mar 11:53 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-177-gdb8ae36

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  db8ae3616987fa288173446398a107e31e2e28aa (commit)
       via  f0f60c1a04d664936bcf52e8f46705bdc63e7ad9 (commit)
      from  97db8e1a6400d711da65eff93bb418cf55bba12e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit db8ae3616987fa288173446398a107e31e2e28aa
Author: Werner Koch <wk <at> gnupg.org>
Date:   Mon Mar 16 11:50:23 2015 +0100

    Use well defined type instead of size_t in secmem.c

    * src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t.
    --

    This is more or less cosmetic.

    Signed-off-by: Werner Koch <wk <at> gnupg.org>

diff --git a/src/secmem.c b/src/secmem.c
index df15df0..d75c14c 100644
--- a/src/secmem.c
(Continue reading)

by Werner Koch | 16 Mar 09:51 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-175-g97db8e1

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  97db8e1a6400d711da65eff93bb418cf55bba12e (commit)
       via  0a9cdb8ae092d050ca12a7a4f2f50e25b82154ec (commit)
       via  fbb97dcf763e28e81e01092ad4c934b3eaf88cc8 (commit)
      from  5e66a4f8d5a63f58caeee367433dd8dd32346083 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 97db8e1a6400d711da65eff93bb418cf55bba12e
Author: Werner Koch <wk <at> gnupg.org>
Date:   Mon Mar 16 09:32:44 2015 +0100

    Indentation fix.

    --

diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c
index 652683c..62e79bb 100644
--- a/cipher/cipher-ocb.c
+++ b/cipher/cipher-ocb.c
 <at>  <at>  -300,8 +300,9  <at>  <at>  _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf,

 
(Continue reading)

Jussi Kivilinna | 11 Mar 18:04 2015
Picon
Picon

[PATCH v2 1/2] bufhelp: use one-byte aligned type for unaligned memory accesses

* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when
HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined.
(bufhelp_int_t): New type.
(buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use
'bufhelp_int_t'.
* configure.ac (gcry_cv_gcc_attribute_packed): New.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
---
 cipher/bufhelp.h |  147 +++++++++++++++++++++++++++++++++---------------------
 configure.ac     |   18 +++++++
 2 files changed, 108 insertions(+), 57 deletions(-)

diff --git a/cipher/bufhelp.h b/cipher/bufhelp.h
index a372acb..252d3bc 100644
--- a/cipher/bufhelp.h
+++ b/cipher/bufhelp.h
 <at>  <at>  -33,10 +33,13  <at>  <at> 
 #include "bithelp.h"

 
-#if defined(__i386__) || defined(__x86_64__) || \
-    defined(__powerpc__) || defined(__powerpc64__) || \
-    (defined(__arm__) && defined(__ARM_FEATURE_UNALIGNED)) || \
-    defined(__aarch64__)
+#undef BUFHELP_FAST_UNALIGNED_ACCESS
+#if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \
+    defined(HAVE_GCC_ATTRIBUTE_ALIGNED) && \
+    (defined(__i386__) || defined(__x86_64__) || \
(Continue reading)

Jussi Kivilinna | 10 Mar 17:57 2015
Picon
Picon

[PATCH 1/3] tests/bench-slope: fix memory-leak and use-after-free bugs

* tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end.
(bench_mac_init): Move 'key' free at end of function.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
---
 tests/bench-slope.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/bench-slope.c b/tests/bench-slope.c
index c309b7e..394d7fc 100644
--- a/tests/bench-slope.c
+++ b/tests/bench-slope.c
 <at>  <at>  -442,6 +442,7  <at>  <at>  do_slope_benchmark (struct bench_obj *obj)
 	       &overhead);

   free (measurement_raw);
+  free (measurements);
   free (real_buffer);
   obj->ops->finalize (obj);

 <at>  <at>  -1450,11 +1451,11  <at>  <at>  bench_mac_init (struct bench_obj *obj)
     }

   err = gcry_mac_setkey (hd, key, keylen);
-  free (key);
   if (err)
     {
       fprintf (stderr, PGM ": error setting key for mac `%s'\n",
 	       gcry_mac_algo_name (mode->algo));
(Continue reading)

by Jussi Kivilinna | 28 Feb 18:25 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-172-g5e66a4f

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  5e66a4f8d5a63f58caeee367433dd8dd32346083 (commit)
      from  505decf5369970219ddc9e78a20f97c623957b78 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5e66a4f8d5a63f58caeee367433dd8dd32346083
Author: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
Date:   Sat Feb 28 18:04:34 2015 +0200

    Fix in-place encryption for OCB mode

    * cipher/cipher-ocb.c (ocb_checksum): New.
    (ocb_crypt): Move checksum calculation outside main crypt loop, do
    checksum calculation for encryption before inbuf is overwritten.
    * tests/basic.c (check_ocb_cipher): Rename to ...
    (do_check_ocb_cipher): ... to this and add argument for testing
    in-place encryption/decryption.
    (check_ocb_cipher): New.
    --

    Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>

(Continue reading)

Werner Koch | 27 Feb 21:39 2015
Picon

Libgcrypt 1.6.3 released (with SCA fix)

Hello!

The GNU project is pleased to announce the availability of Libgcrypt
version 1.6.3.  This is a security fix release to mitigate two new side
channel attacks.

Libgcrypt is a general purpose library of cryptographic building blocks.
It does not provide any implementation of OpenPGP or other protocols.
Thorough understanding of applied cryptography is required for proper
use Libgcrypt.

Noteworthy changes in version 1.6.3 
===================================

 * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
   See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

 * Fixed data-dependent timing variations in modular exponentiation
   [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical].

 * Improved asm support for older toolchains.

Download
========

Source code is hosted at the GnuPG FTP server and its mirrors as listed
at http://www.gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

(Continue reading)

NIIBE Yutaka | 27 Feb 09:29 2015

mpi_powm changes and t-sexp.c change of mine

Hello,

I pushed three changes to master.  Two are forward port from 1.6
branch, and the last one is the one I found by running test program
with valgrind.

commit 505decf5369970219ddc9e78a20f97c623957b78
Author: NIIBE Yutaka <gniibe <at> fsij.org>
Date:   Fri Feb 27 17:24:49 2015 +0900

    tests: fix t-sexp.c.

    * tests/t-sexp.c (bug_1594): Free N and PUBKEY.

commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
Author: NIIBE Yutaka <gniibe <at> fsij.org>
Date:   Thu Feb 26 21:07:01 2015 +0900

    mpi: Avoid data-dependent timing variations in mpi_powm.

    * mpi/mpi-pow.c (mpi_powm): Access all data in the table by
    mpi_set_cond.

    --

    Access to the precomputed table was indexed by a portion of EXPO,
    which could be mounted by a side channel attack.  This change fixes
    this particular data-dependent access pattern.

    Cherry-picked from commit  5e72b6c76ebee720f69b8a5c212f52d38eb50287
(Continue reading)

by NIIBE Yutaka | 27 Feb 09:26 2015
Picon

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-171-g505decf

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  505decf5369970219ddc9e78a20f97c623957b78 (commit)
      from  6636c4fd0c6ceab9f79827bf96967d1e112c0b82 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 505decf5369970219ddc9e78a20f97c623957b78
Author: NIIBE Yutaka <gniibe <at> fsij.org>
Date:   Fri Feb 27 17:24:49 2015 +0900

    tests: fix t-sexp.c.

    * tests/t-sexp.c (bug_1594): Free N and PUBKEY.

diff --git a/tests/t-sexp.c b/tests/t-sexp.c
index 1051723..4785b17 100644
--- a/tests/t-sexp.c
+++ b/tests/t-sexp.c
 <at>  <at>  -1045,6 +1045,8  <at>  <at>  static char thing[] =
   if (gcry_sexp_nth (n_val, 1))
     fail ("extracting 1-th of car of 'n' list did not fail");
   gcry_sexp_release (n_val);
+  gcry_sexp_release (n);
(Continue reading)


Gmane