Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2015-09-19 06:53:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2015-07-02 22:45:57.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2015-09-19 06:53:19.000000000 +0200
@@ -1,0 +2,14 @@
+Tue Sep 8 08:03:19 UTC 2015 - vcizek@suse.com
+
+- update to 1.6.4
+- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
+ * Speed up the random number generator by requiring less extra
+ seeding.
+ * New flag "no-keytest" for ECC key generation. Due to a bug in the
+ parser that flag will also be accepted but ignored by older version
+ of Libgcrypt.
+ * Always verify a created RSA signature to avoid private key leaks
+ due to hardware failures.
+ * Other minor bug fixes.
+
+-------------------------------------------------------------------
Old:
----
libgcrypt-1.6.3.tar.bz2
libgcrypt-1.6.3.tar.bz2.sig
New:
----
libgcrypt-1.6.4.tar.bz2
libgcrypt-1.6.4.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.zRrPzT/_old 2015-09-19 06:53:21.000000000 +0200
+++ /var/tmp/diff_new_pack.zRrPzT/_new 2015-09-19 06:53:21.000000000 +0200
@@ -22,7 +22,7 @@
%define sosuffix 20.0.3
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
-Version: 1.6.3
+Version: 1.6.4
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
++++++ libgcrypt-1.6.3.tar.bz2 -> libgcrypt-1.6.4.tar.bz2 ++++++
++++ 1714 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/ChangeLog new/libgcrypt-1.6.4/ChangeLog
--- old/libgcrypt-1.6.3/ChangeLog 2015-02-27 11:23:37.000000000 +0100
+++ new/libgcrypt-1.6.4/ChangeLog 2015-09-08 08:33:24.000000000 +0200
@@ -1,3 +1,98 @@
+2015-09-08 Werner Koch
+
+ Release 1.6.4.
+ * configure.ac: Change LT version to C20/A0/R4.
+
+ w32: Avoid a few compiler warnings.
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
+ (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable
+ as unused.
+ * random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch
+ warning.
+ * src/secmem.c (init_pool): Avoid unused variable warning.
+ * tests/random.c (writen, readn): Include on if needed.
+
+2015-09-08 Jussi Kivilinna
+
+ Prepare random/win32.c fast poll for 64-bit Windows.
+ * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to
+ ADDINT.
+ (_gcry_rndw32_gather_random_fast): Add ADDPTR.
+ (_gcry_rndw32_gather_random_fast): Disable entropy gathering from
+ GetQueueStatus(QS_ALLEVENTS).
+ (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and
+ maximumWorkingSetSize to SIZE_T from DWORD.
+ (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of
+ minimumWorkingSetSize and maximumWorkingSetSize to random poll.
+ (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly
+ using intrinsic.
+
+2015-09-07 Werner Koch
+
+ random: Silent warning under NetBSD using rndunix.
+ * random/rndunix.c (STDERR_FILENO): Define if needed.
+ (start_gatherer): Re-open standard descriptors. Fix an
+ unsigned/signed pointer warning.
+
+2015-09-07 Peter Wu
+
+ sexp: Fix invalid deallocation in error path.
+ * src/sexp.c: Fix wrong condition.
+
+2015-09-07 Werner Koch
+
+ Fix gcc portability on Solaris 9 SPARC boxes.
+ * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
+
+ Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls.
+ * src/secmem.c (lock_pool, secmem_init): Do not call any cap_
+ functions if NO_PRIV_DROP is set.
+
+2015-09-04 Werner Koch
+
+ rsa: Add verify after sign to avoid Lenstra's CRT attack.
+ * cipher/rsa.c (rsa_sign): Check the CRT.
+
+ w32: Fix alignment problem with AESNI on Windows >= 8.
+ * cipher/cipher-selftest.c (_gcry_cipher_selftest_alloc_ctx): New.
+ * cipher/rijndael.c (selftest_basic_128, selftest_basic_192)
+ (selftest_basic_256): Allocate context on the heap.
+
+2015-06-11 NIIBE Yutaka
+
+ mpi: Support FreeBSD 10 or later.
+ * mpi/config.links: Include FreeBSD 10 to 29.
+
+2015-05-21 Werner Koch
+
+ ecc: Add key generation flag "no-keytest".
+ * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
+ "no-keytest".
+
+ * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
+ set random level depending on flags.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
+ * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
+ remove var random_level.
+ (nist_generate_key): Implement "no-keytest" flag.
+
+ * tests/keygen.c (check_ecc_keys): Add tests for transient-key and
+ no-keytest.
+
+ ecc: Avoid double conversion to affine coordinates in keygen.
+ * cipher/ecc.c (nist_generate_key): Add args r_x and r_y.
+ (ecc_generate): Rename vars. Convert to affine coordinates only if
+ not returned by the lower level generation function.
+
+ random: Change initial extra seeding from 2400 bits to 128 bits.
+ * random/random-csprng.c (read_pool): Reduce initial seeding.
+
+2015-04-13 Werner Koch
+
+ mpi: Fix gcry_mpi_copy for NULL opaque data.
+ * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed.
+
2015-02-27 Werner Koch
Release 1.6.3.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/NEWS new/libgcrypt-1.6.4/NEWS
--- old/libgcrypt-1.6.3/NEWS 2015-02-27 11:21:37.000000000 +0100
+++ new/libgcrypt-1.6.4/NEWS 2015-09-08 08:28:52.000000000 +0200
@@ -1,3 +1,23 @@
+Noteworthy changes in version 1.6.4 (2015-09-08) [C20/A0/R4]
+------------------------------------------------
+
+ * Speed up the random number generator by requiring less extra
+ seeding.
+
+ * New flag "no-keytest" for ECC key generation. Due to a bug in the
+ parser that flag will also be accepted but ignored by older version
+ of Libgcrypt.
+
+ * Always verify a created RSA signature to avoid private key leaks
+ due to hardware failures.
+
+ * Fix alignment bug in the AESNI code on Windows > 7.
+
+ * Support FreeBSD 10 and later.
+
+ * Other minor bug fixes.
+
+
Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3]
------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/VERSION new/libgcrypt-1.6.4/VERSION
--- old/libgcrypt-1.6.3/VERSION 2015-02-27 11:23:38.000000000 +0100
+++ new/libgcrypt-1.6.4/VERSION 2015-09-08 08:33:25.000000000 +0200
@@ -1 +1 @@
-1.6.3
+1.6.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/cipher-selftest.c new/libgcrypt-1.6.4/cipher/cipher-selftest.c
--- old/libgcrypt-1.6.3/cipher/cipher-selftest.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/cipher-selftest.c 2015-09-08 08:17:06.000000000 +0200
@@ -44,6 +44,29 @@
#endif
+/* Return an allocated buffers of size CONTEXT_SIZE with an alignment
+ of 16. The caller must free that buffer using the address returned
+ at R_MEM. Returns NULL and sets ERRNO on failure. */
+void *
+_gcry_cipher_selftest_alloc_ctx (const int context_size, unsigned char **r_mem)
+{
+ int offs;
+ unsigned int ctx_aligned_size, memsize;
+
+ ctx_aligned_size = context_size + 15;
+ ctx_aligned_size -= ctx_aligned_size & 0xf;
+
+ memsize = ctx_aligned_size + 16;
+
+ *r_mem = xtrycalloc (1, memsize);
+ if (!*r_mem)
+ return NULL;
+
+ offs = (16 - ((uintptr_t)*r_mem & 15)) & 15;
+ return (void*)(*r_mem + offs);
+}
+
+
/* Run the self-tests for <block cipher>-CBC-<block size>, tests bulk CBC
decryption. Returns NULL on success. */
const char *
@@ -104,6 +127,8 @@
syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
"%s-CBC-%d test failed (plaintext mismatch)", cipher,
blocksize * 8);
+#else
+ (void)cipher; /* Not used. */
#endif
return "selftest for CBC failed - see syslog for details";
}
@@ -220,6 +245,8 @@
syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
"%s-CFB-%d test failed (plaintext mismatch)", cipher,
blocksize * 8);
+#else
+ (void)cipher; /* Not used. */
#endif
return "selftest for CFB failed - see syslog for details";
}
@@ -344,6 +371,8 @@
syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
"%s-CTR-%d test failed (plaintext mismatch)", cipher,
blocksize * 8);
+#else
+ (void)cipher; /* Not used. */
#endif
return "selftest for CTR failed - see syslog for details";
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/cipher-selftest.h new/libgcrypt-1.6.4/cipher/cipher-selftest.h
--- old/libgcrypt-1.6.3/cipher/cipher-selftest.h 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/cipher-selftest.h 2015-09-07 14:05:57.000000000 +0200
@@ -40,6 +40,11 @@
const void *inbuf_arg,
size_t nblocks);
+/* Helper function to allocate an aligned context for selftests. */
+void *_gcry_cipher_selftest_alloc_ctx (const int context_size,
+ unsigned char **r_mem);
+
+
/* Helper function for bulk CBC decryption selftest */
const char *
_gcry_selftest_helper_cbc (const char *cipher, gcry_cipher_setkey_t setkey,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/ecc-common.h new/libgcrypt-1.6.4/cipher/ecc-common.h
--- old/libgcrypt-1.6.3/cipher/ecc-common.h 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/ecc-common.h 2015-09-07 14:05:57.000000000 +0200
@@ -122,7 +122,7 @@
gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk,
elliptic_curve_t *E,
mpi_ec_t ctx,
- gcry_random_level_t random_level);
+ int flags);
gpg_err_code_t _gcry_ecc_eddsa_sign (gcry_mpi_t input,
ECC_secret_key *sk,
gcry_mpi_t r_r, gcry_mpi_t s,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/ecc-eddsa.c new/libgcrypt-1.6.4/cipher/ecc-eddsa.c
--- old/libgcrypt-1.6.3/cipher/ecc-eddsa.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/ecc-eddsa.c 2015-09-07 14:05:57.000000000 +0200
@@ -465,15 +465,28 @@
}
-/* Ed25519 version of the key generation. */
+/**
+ * _gcry_ecc_eddsa_genkey - EdDSA version of the key generation.
+ *
+ * @sk: A struct to receive the secret key.
+ * @E: Parameters of the curve.
+ * @ctx: Elliptic curve computation context.
+ * @flags: Flags controlling aspects of the creation.
+ *
+ * Return: An error code.
+ *
+ * The only @flags bit used by this function is %PUBKEY_FLAG_TRANSIENT
+ * to use a faster RNG.
+ */
gpg_err_code_t
_gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx,
- gcry_random_level_t random_level)
+ int flags)
{
gpg_err_code_t rc;
int b = 256/8; /* The only size we currently support. */
gcry_mpi_t a, x, y;
mpi_point_struct Q;
+ gcry_random_level_t random_level;
char *dbuf;
size_t dlen;
gcry_buffer_t hvec[1];
@@ -482,6 +495,11 @@
point_init (&Q);
memset (hvec, 0, sizeof hvec);
+ if ((flags & PUBKEY_FLAG_TRANSIENT_KEY))
+ random_level = GCRY_STRONG_RANDOM;
+ else
+ random_level = GCRY_VERY_STRONG_RANDOM;
+
a = mpi_snew (0);
x = mpi_new (0);
y = mpi_new (0);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/ecc.c new/libgcrypt-1.6.4/cipher/ecc.c
--- old/libgcrypt-1.6.3/cipher/ecc.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/ecc.c 2015-09-07 14:05:57.000000000 +0200
@@ -1,6 +1,6 @@
/* ecc.c - Elliptic Curve Cryptography
* Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2013 g10 Code GmbH
+ * Copyright (C) 2013, 2015 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -104,15 +104,42 @@
-/* Standard version of the key generation. */
+/**
+ * nist_generate_key - Standard version of the ECC key generation.
+ * @sk: A struct to receive the secret key.
+ * @E: Parameters of the curve.
+ * @ctx: Elliptic curve computation context.
+ * @flags: Flags controlling aspects of the creation.
+ * @nbits: Only for testing
+ * @r_x: On success this receives an allocated MPI with the affine
+ * x-coordinate of the poblic key. On error NULL is stored.
+ * @r_y: Ditto for the y-coordinate.
+ *
+ * Return: An error code.
+ *
+ * The @flags bits used by this function are %PUBKEY_FLAG_TRANSIENT to
+ * use a faster RNG, and %PUBKEY_FLAG_NO_KEYTEST to skip the assertion
+ * that the key works as expected.
+ *
+ * FIXME: Check whether N is needed.
+ */
static gpg_err_code_t
nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx,
- gcry_random_level_t random_level, unsigned int nbits)
+ int flags, unsigned int nbits,
+ gcry_mpi_t *r_x, gcry_mpi_t *r_y)
{
mpi_point_struct Q;
+ gcry_random_level_t random_level;
+ gcry_mpi_t x, y;
+ const unsigned int pbits = mpi_get_nbits (E->p);
point_init (&Q);
+ if ((flags & PUBKEY_FLAG_TRANSIENT_KEY))
+ random_level = GCRY_STRONG_RANDOM;
+ else
+ random_level = GCRY_VERY_STRONG_RANDOM;
+
/* Generate a secret. */
if (ctx->dialect == ECC_DIALECT_ED25519)
{
@@ -144,6 +171,11 @@
sk->E.n = mpi_copy (E->n);
point_init (&sk->Q);
+ x = mpi_new (pbits);
+ y = mpi_new (pbits);
+ if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx))
+ log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q");
+
/* We want the Q=(x,y) be a "compliant key" in terms of the
* http://tools.ietf.org/html/draft-jivsov-ecc-compact, which simply
* means that we choose either Q=(x,y) or -Q=(x,p-y) such that we
@@ -157,16 +189,10 @@
point_set (&sk->Q, &Q);
else
{
- gcry_mpi_t x, y, negative;
- const unsigned int pbits = mpi_get_nbits (E->p);
+ gcry_mpi_t negative;
- x = mpi_new (pbits);
- y = mpi_new (pbits);
negative = mpi_new (pbits);
- if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx))
- log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q");
-
if (E->model == MPI_EC_WEIERSTRASS)
mpi_sub (negative, E->p, y); /* negative = p - y */
else
@@ -176,12 +202,18 @@
{
/* We need to end up with -Q; this assures that new Q's y is
the smallest one */
- mpi_sub (sk->d, E->n, sk->d); /* d = order - d */
if (E->model == MPI_EC_WEIERSTRASS)
- mpi_point_snatch_set (&sk->Q, x, negative,
- mpi_alloc_set_ui (1));
+ {
+ mpi_free (y);
+ y = negative;
+ }
else
- mpi_point_snatch_set (&sk->Q, negative, y, mpi_alloc_set_ui (1));
+ {
+ mpi_free (x);
+ x = negative;
+ }
+ mpi_sub (sk->d, E->n, sk->d); /* d = order - d */
+ mpi_point_set (&sk->Q, x, y, mpi_const (MPI_C_ONE));
if (DBG_CIPHER)
log_debug ("ecgen converted Q to a compliant point\n");
@@ -189,26 +221,22 @@
else /* p - y >= p */
{
/* No change is needed exactly 50% of the time: just copy. */
+ mpi_free (negative);
point_set (&sk->Q, &Q);
if (DBG_CIPHER)
log_debug ("ecgen didn't need to convert Q to a compliant point\n");
-
- mpi_free (negative);
- if (E->model == MPI_EC_WEIERSTRASS)
- mpi_free (x);
- else
- mpi_free (y);
}
-
- if (E->model == MPI_EC_WEIERSTRASS)
- mpi_free (y);
- else
- mpi_free (x);
}
+ *r_x = x;
+ *r_y = y;
+
point_free (&Q);
/* Now we can test our keys (this should never fail!). */
- test_keys (sk, nbits - 64);
+ if ((flags & PUBKEY_FLAG_NO_KEYTEST))
+ ; /* User requested to skip the test. */
+ else
+ test_keys (sk, nbits - 64);
return 0;
}
@@ -388,11 +416,12 @@
unsigned int nbits;
elliptic_curve_t E;
ECC_secret_key sk;
- gcry_mpi_t x = NULL;
- gcry_mpi_t y = NULL;
+ gcry_mpi_t Gx = NULL;
+ gcry_mpi_t Gy = NULL;
+ gcry_mpi_t Qx = NULL;
+ gcry_mpi_t Qy = NULL;
char *curve_name = NULL;
gcry_sexp_t l1;
- gcry_random_level_t random_level;
mpi_ec_t ctx = NULL;
gcry_sexp_t curve_info = NULL;
gcry_sexp_t curve_flags = NULL;
@@ -459,32 +488,28 @@
log_printpnt ("ecgen curve G", &E.G, NULL);
}
- if ((flags & PUBKEY_FLAG_TRANSIENT_KEY))
- random_level = GCRY_STRONG_RANDOM;
- else
- random_level = GCRY_VERY_STRONG_RANDOM;
-
ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b);
- x = mpi_new (0);
- y = mpi_new (0);
if ((flags & PUBKEY_FLAG_EDDSA))
- rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, random_level);
+ rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, flags);
else
- rc = nist_generate_key (&sk, &E, ctx, random_level, nbits);
+ rc = nist_generate_key (&sk, &E, ctx, flags, nbits, &Qx, &Qy);
if (rc)
goto leave;
/* Copy data to the result. */
- if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx))
+ Gx = mpi_new (0);
+ Gy = mpi_new (0);
+ if (_gcry_mpi_ec_get_affine (Gx, Gy, &sk.E.G, ctx))
log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G");
- base = _gcry_ecc_ec2os (x, y, sk.E.p);
+ base = _gcry_ecc_ec2os (Gx, Gy, sk.E.p);
if (sk.E.dialect == ECC_DIALECT_ED25519 && !(flags & PUBKEY_FLAG_NOCOMP))
{
unsigned char *encpk;
unsigned int encpklen;
- rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, x, y,
+ /* (Gx and Gy are used as scratch variables) */
+ rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, Gx, Gy,
!!(flags & PUBKEY_FLAG_COMP),
&encpk, &encpklen);
if (rc)
@@ -495,9 +520,16 @@
}
else
{
- if (_gcry_mpi_ec_get_affine (x, y, &sk.Q, ctx))
- log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q");
- public = _gcry_ecc_ec2os (x, y, sk.E.p);
+ if (!Qx)
+ {
+ /* This is the case for a key from _gcry_ecc_eddsa_generate
+ with no compression. */
+ Qx = mpi_new (0);
+ Qy = mpi_new (0);
+ if (_gcry_mpi_ec_get_affine (Qx, Qy, &sk.Q, ctx))
+ log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q");
+ }
+ public = _gcry_ecc_ec2os (Qx, Qy, sk.E.p);
}
secret = sk.d; sk.d = NULL;
if (E.name)
@@ -570,8 +602,10 @@
mpi_free (sk.d);
}
_gcry_ecc_curve_free (&E);
- mpi_free (x);
- mpi_free (y);
+ mpi_free (Gx);
+ mpi_free (Gy);
+ mpi_free (Qx);
+ mpi_free (Qy);
_gcry_mpi_ec_free (ctx);
sexp_release (curve_flags);
sexp_release (curve_info);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/pubkey-util.c new/libgcrypt-1.6.4/cipher/pubkey-util.c
--- old/libgcrypt-1.6.3/cipher/pubkey-util.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/pubkey-util.c 2015-09-07 14:05:57.000000000 +0200
@@ -1,7 +1,7 @@
/* pubkey-util.c - Supporting functions for all pubkey modules.
* Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005,
* 2007, 2008, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2013 g10 Code GmbH
+ * Copyright (C) 2013, 2015 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -145,6 +145,10 @@
case 10:
if (!memcmp (s, "igninvflag", 10))
igninvflag = 1;
+ else if (!memcmp (s, "no-keytest", 10))
+ flags |= PUBKEY_FLAG_NO_KEYTEST;
+ /* In 1.7.0 we will return an INV_FLAG on error but we
+ do not fix that bug here in 1.6.4 */
break;
case 11:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/rijndael.c new/libgcrypt-1.6.4/cipher/rijndael.c
--- old/libgcrypt-1.6.3/cipher/rijndael.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/rijndael.c 2015-09-07 14:05:57.000000000 +0200
@@ -2338,7 +2338,8 @@
static const char*
selftest_basic_128 (void)
{
- RIJNDAEL_context ctx;
+ RIJNDAEL_context *ctx;
+ unsigned char *ctxmem;
unsigned char scratch[16];
/* The test vectors are from the AES supplied ones; more or less
@@ -2381,11 +2382,21 @@
};
#endif
- rijndael_setkey (&ctx, key_128, sizeof (key_128));
- rijndael_encrypt (&ctx, scratch, plaintext_128);
+ /* Because gcc/ld can only align the CTX struct on 8 bytes on the
+ stack, we need to allocate that context on the heap. */
+ ctx = _gcry_cipher_selftest_alloc_ctx (sizeof *ctx, &ctxmem);
+ if (!ctx)
+ return "failed to allocate memory";
+
+ rijndael_setkey (ctx, key_128, sizeof (key_128));
+ rijndael_encrypt (ctx, scratch, plaintext_128);
if (memcmp (scratch, ciphertext_128, sizeof (ciphertext_128)))
- return "AES-128 test encryption failed.";
- rijndael_decrypt (&ctx, scratch, scratch);
+ {
+ xfree (ctxmem);
+ return "AES-128 test encryption failed.";
+ }
+ rijndael_decrypt (ctx, scratch, scratch);
+ xfree (ctxmem);
if (memcmp (scratch, plaintext_128, sizeof (plaintext_128)))
return "AES-128 test decryption failed.";
@@ -2396,7 +2407,8 @@
static const char*
selftest_basic_192 (void)
{
- RIJNDAEL_context ctx;
+ RIJNDAEL_context *ctx;
+ unsigned char *ctxmem;
unsigned char scratch[16];
static unsigned char plaintext_192[16] =
@@ -2416,11 +2428,18 @@
0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
};
- rijndael_setkey (&ctx, key_192, sizeof(key_192));
- rijndael_encrypt (&ctx, scratch, plaintext_192);
+ ctx = _gcry_cipher_selftest_alloc_ctx (sizeof *ctx, &ctxmem);
+ if (!ctx)
+ return "failed to allocate memory";
+ rijndael_setkey (ctx, key_192, sizeof(key_192));
+ rijndael_encrypt (ctx, scratch, plaintext_192);
if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
- return "AES-192 test encryption failed.";
- rijndael_decrypt (&ctx, scratch, scratch);
+ {
+ xfree (ctxmem);
+ return "AES-192 test encryption failed.";
+ }
+ rijndael_decrypt (ctx, scratch, scratch);
+ xfree (ctxmem);
if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
return "AES-192 test decryption failed.";
@@ -2432,7 +2451,8 @@
static const char*
selftest_basic_256 (void)
{
- RIJNDAEL_context ctx;
+ RIJNDAEL_context *ctx;
+ unsigned char *ctxmem;
unsigned char scratch[16];
static unsigned char plaintext_256[16] =
@@ -2453,11 +2473,18 @@
0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
};
- rijndael_setkey (&ctx, key_256, sizeof(key_256));
- rijndael_encrypt (&ctx, scratch, plaintext_256);
+ ctx = _gcry_cipher_selftest_alloc_ctx (sizeof *ctx, &ctxmem);
+ if (!ctx)
+ return "failed to allocate memory";
+ rijndael_setkey (ctx, key_256, sizeof(key_256));
+ rijndael_encrypt (ctx, scratch, plaintext_256);
if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
- return "AES-256 test encryption failed.";
- rijndael_decrypt (&ctx, scratch, scratch);
+ {
+ xfree (ctxmem);
+ return "AES-256 test encryption failed.";
+ }
+ rijndael_decrypt (ctx, scratch, scratch);
+ xfree (ctxmem);
if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
return "AES-256 test decryption failed.";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/cipher/rsa.c new/libgcrypt-1.6.4/cipher/rsa.c
--- old/libgcrypt-1.6.3/cipher/rsa.c 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/cipher/rsa.c 2015-09-07 14:05:57.000000000 +0200
@@ -1112,7 +1112,9 @@
struct pk_encoding_ctx ctx;
gcry_mpi_t data = NULL;
RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL};
+ RSA_public_key pk;
gcry_mpi_t sig = NULL;
+ gcry_mpi_t result = NULL;
_gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN,
rsa_get_nbits (keyparms));
@@ -1148,11 +1150,25 @@
}
}
- /* Do RSA computation and build the result. */
+ /* Do RSA computation. */
sig = mpi_new (0);
secret (sig, data, &sk);
if (DBG_CIPHER)
log_printmpi ("rsa_sign res", sig);
+
+ /* Check that the created signature is good. This detects a failure
+ of the CRT algorithm (Lenstra's attack on RSA's use of the CRT). */
+ result = mpi_new (0);
+ pk.n = sk.n;
+ pk.e = sk.e;
+ public (result, sig, &pk);
+ if (mpi_cmp (result, data))
+ {
+ rc = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+
+ /* Convert the result. */
if ((ctx.flags & PUBKEY_FLAG_FIXEDLEN))
{
/* We need to make sure to return the correct length to avoid
@@ -1172,6 +1188,7 @@
leave:
+ _gcry_mpi_release (result);
_gcry_mpi_release (sig);
_gcry_mpi_release (sk.n);
_gcry_mpi_release (sk.e);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/configure.ac new/libgcrypt-1.6.4/configure.ac
--- old/libgcrypt-1.6.3/configure.ac 2015-02-27 11:21:37.000000000 +0100
+++ new/libgcrypt-1.6.4/configure.ac 2015-09-08 08:27:26.000000000 +0200
@@ -30,7 +30,7 @@
# for the LT versions.
m4_define(mym4_version_major, [1])
m4_define(mym4_version_minor, [6])
-m4_define(mym4_version_micro, [3])
+m4_define(mym4_version_micro, [4])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
@@ -56,7 +56,7 @@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=20
LIBGCRYPT_LT_AGE=0
-LIBGCRYPT_LT_REVISION=3
+LIBGCRYPT_LT_REVISION=4
# If the API is changed in an incompatible way: increment the next counter.
@@ -2053,11 +2053,10 @@
Entropy Gathering Daemon (EGD)
which provides a entropy source for the whole system. It is written
- in Perl and available at the GnuPG FTP servers. To enable EGD you
- should rerun configure with the option "--enable-static-rnd=egd".
- For more information consult the GnuPG webpages:
+ in Perl and available at the GnuPG FTP servers. For more information
+ consult the GnuPG site:
- http://www.gnupg.org/download.html#egd
+ https://gnupg.org/related_software/swlist.html#egd
G10EOF
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/doc/Makefile.am new/libgcrypt-1.6.4/doc/Makefile.am
--- old/libgcrypt-1.6.3/doc/Makefile.am 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/doc/Makefile.am 2015-09-07 14:05:57.000000000 +0200
@@ -92,7 +92,7 @@
cp libgcrypt-modules.png gcrypt.html/; \
cp fips-fsm.png gcrypt.html/; \
user=werner ; dashdevel="" ; \
- if echo "@PACKAGE_VERSION@" | grep -- "-svn" >/dev/null; then \
+ if echo "@PACKAGE_VERSION@" | grep "beta" >/dev/null; then \
dashdevel="-devel" ; \
cp gcrypt.pdf gcrypt.html/; \
cp gcrypt.info gcrypt.html/; \
@@ -101,5 +101,5 @@
$${user}@trithemius.gnupg.org:webspace/manuals/ ; \
fi ; \
cd gcrypt.html ; \
- rsync -vr --exclude='.svn' . \
+ rsync -vr --exclude='.git' . \
$${user}@trithemius.gnupg.org:webspace/manuals/gcrypt$${dashdevel}/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/doc/gcrypt.info new/libgcrypt-1.6.4/doc/gcrypt.info
--- old/libgcrypt-1.6.3/doc/gcrypt.info 2015-02-27 11:23:37.000000000 +0100
+++ new/libgcrypt-1.6.4/doc/gcrypt.info 2015-09-08 08:33:24.000000000 +0200
@@ -1,6 +1,6 @@
This is gcrypt.info, produced by makeinfo version 5.2 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.6.3, 27 February 2015), which is
+This manual is for Libgcrypt (version 1.6.4, 7 September 2015), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -24,7 +24,7 @@
The Libgcrypt Library
*********************
-This manual is for Libgcrypt (version 1.6.3, 27 February 2015), which is
+This manual is for Libgcrypt (version 1.6.4, 7 September 2015), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -2168,6 +2168,12 @@
which are only used for a short time or per-message and do not
require full cryptographic strength.
+'no-keytest'
+ This flag skips internal failsafe tests to assert that a generated
+ key is properly working. It currently has an effect only for
+ standard ECC key generation. It is mostly useful along with
+ transient-key to achieve fastest ECC key generation.
+
'use-x931'
Force the use of the ANSI X9.31 key generation algorithm instead of
the default algorithm. This flag is only meaningful for RSA key
@@ -6584,11 +6590,11 @@
* error values, printing of: Error Strings. (line 6)
* FIPS 140: Enabling FIPS mode. (line 6)
* FIPS 186: Cryptographic Functions.
- (line 66)
+ (line 72)
* FIPS 186 <1>: Public-Key Subsystem Architecture.
(line 50)
* FIPS 186-2: Cryptographic Functions.
- (line 74)
+ (line 80)
* FIPS mode: Enabling FIPS mode. (line 6)
* GCM, Galois/Counter Mode: Available cipher modes.
(line 50)
@@ -6621,6 +6627,8 @@
(line 6)
* no-blinding: Cryptographic Functions.
(line 41)
+* no-keytest: Cryptographic Functions.
+ (line 59)
* nocomp: Cryptographic Functions.
(line 13)
* OAEP: Cryptographic Functions.
@@ -6660,7 +6668,7 @@
* Whirlpool: Available hash algorithms.
(line 6)
* X9.31: Cryptographic Functions.
- (line 59)
+ (line 65)
* X9.31 <1>: Public-Key Subsystem Architecture.
(line 50)
@@ -6891,9 +6899,9 @@
* gcry_pk_ctl: General public-key related Functions.
(line 100)
* gcry_pk_decrypt: Cryptographic Functions.
- (line 143)
+ (line 149)
* gcry_pk_encrypt: Cryptographic Functions.
- (line 85)
+ (line 91)
* gcry_pk_genkey: General public-key related Functions.
(line 117)
* gcry_pk_get_keygrip: General public-key related Functions.
@@ -6903,13 +6911,13 @@
* gcry_pk_map_name: General public-key related Functions.
(line 16)
* gcry_pk_sign: Cryptographic Functions.
- (line 183)
+ (line 189)
* gcry_pk_testkey: General public-key related Functions.
(line 43)
* gcry_pk_test_algo: General public-key related Functions.
(line 21)
* gcry_pk_verify: Cryptographic Functions.
- (line 275)
+ (line 281)
* gcry_prime_check: Checking. (line 6)
* gcry_prime_generate: Generation. (line 6)
* gcry_prime_group_generator: Generation. (line 18)
@@ -7016,63 +7024,63 @@
Node: ECC key parameters85074
Ref: ecc_keyparam85225
Node: Cryptographic Functions87096
-Node: General public-key related Functions98638
-Node: Hashing112158
-Node: Available hash algorithms112891
-Node: Working with hash algorithms116778
-Node: Message Authentication Codes129407
-Node: Available MAC algorithms130075
-Node: Working with MAC algorithms133997
-Node: Key Derivation139381
-Node: Random Numbers141783
-Node: Quality of random numbers142066
-Node: Retrieving random numbers142749
-Node: S-expressions144238
-Node: Data types for S-expressions144883
-Node: Working with S-expressions145209
-Node: MPI library158618
-Node: Data types159640
-Node: Basic functions159949
-Node: MPI formats162413
-Node: Calculations165800
-Node: Comparisons168069
-Node: Bit manipulations169072
-Node: EC functions170394
-Ref: gcry_mpi_ec_new173099
-Node: Miscellaneous177872
-Node: Prime numbers182016
-Node: Generation182286
-Node: Checking183573
-Node: Utilities183983
-Node: Memory allocation184295
-Node: Context management185651
-Ref: gcry_ctx_release186089
-Node: Buffer description186250
-Node: Tools187012
-Node: hmac256187178
-Node: Architecture188184
-Ref: fig:subsystems189700
-Ref: Architecture-Footnote-1190786
-Ref: Architecture-Footnote-2190848
-Node: Public-Key Subsystem Architecture190932
-Node: Symmetric Encryption Subsystem Architecture193210
-Node: Hashing and MACing Subsystem Architecture194656
-Node: Multi-Precision-Integer Subsystem Architecture196579
-Node: Prime-Number-Generator Subsystem Architecture198017
-Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1199948
-Node: Random-Number Subsystem Architecture200239
-Node: CSPRNG Description202727
-Ref: CSPRNG Description-Footnote-1204288
-Node: FIPS PRNG Description204411
-Node: Self-Tests206545
-Node: FIPS Mode218004
-Ref: fig:fips-fsm221830
-Ref: tbl:fips-states221933
-Ref: tbl:fips-state-transitions223185
-Node: Library Copying226806
-Node: Copying254912
-Node: Figures and Tables274088
-Node: Concept Index274513
-Node: Function and Data Index283568
+Node: General public-key related Functions98915
+Node: Hashing112435
+Node: Available hash algorithms113168
+Node: Working with hash algorithms117055
+Node: Message Authentication Codes129684
+Node: Available MAC algorithms130352
+Node: Working with MAC algorithms134274
+Node: Key Derivation139658
+Node: Random Numbers142060
+Node: Quality of random numbers142343
+Node: Retrieving random numbers143026
+Node: S-expressions144515
+Node: Data types for S-expressions145160
+Node: Working with S-expressions145486
+Node: MPI library158895
+Node: Data types159917
+Node: Basic functions160226
+Node: MPI formats162690
+Node: Calculations166077
+Node: Comparisons168346
+Node: Bit manipulations169349
+Node: EC functions170671
+Ref: gcry_mpi_ec_new173376
+Node: Miscellaneous178149
+Node: Prime numbers182293
+Node: Generation182563
+Node: Checking183850
+Node: Utilities184260
+Node: Memory allocation184572
+Node: Context management185928
+Ref: gcry_ctx_release186366
+Node: Buffer description186527
+Node: Tools187289
+Node: hmac256187455
+Node: Architecture188461
+Ref: fig:subsystems189977
+Ref: Architecture-Footnote-1191063
+Ref: Architecture-Footnote-2191125
+Node: Public-Key Subsystem Architecture191209
+Node: Symmetric Encryption Subsystem Architecture193487
+Node: Hashing and MACing Subsystem Architecture194933
+Node: Multi-Precision-Integer Subsystem Architecture196856
+Node: Prime-Number-Generator Subsystem Architecture198294
+Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1200225
+Node: Random-Number Subsystem Architecture200516
+Node: CSPRNG Description203004
+Ref: CSPRNG Description-Footnote-1204565
+Node: FIPS PRNG Description204688
+Node: Self-Tests206822
+Node: FIPS Mode218281
+Ref: fig:fips-fsm222107
+Ref: tbl:fips-states222210
+Ref: tbl:fips-state-transitions223462
+Node: Library Copying227083
+Node: Copying255189
+Node: Figures and Tables274365
+Node: Concept Index274790
+Node: Function and Data Index283984
End Tag Table
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/doc/gcrypt.texi new/libgcrypt-1.6.4/doc/gcrypt.texi
--- old/libgcrypt-1.6.3/doc/gcrypt.texi 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/doc/gcrypt.texi 2015-09-07 14:05:57.000000000 +0200
@@ -2356,6 +2356,13 @@
only used for a short time or per-message and do not require full
cryptographic strength.
+@item no-keytest
+@cindex no-keytest
+This flag skips internal failsafe tests to assert that a generated key
+is properly working. It currently has an effect only for standard ECC
+key generation. It is mostly useful along with transient-key to
+achieve fastest ECC key generation.
+
@item use-x931
@cindex X9.31
Force the use of the ANSI X9.31 key generation algorithm instead of
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/doc/stamp-vti new/libgcrypt-1.6.4/doc/stamp-vti
--- old/libgcrypt-1.6.3/doc/stamp-vti 2015-02-27 11:23:32.000000000 +0100
+++ new/libgcrypt-1.6.4/doc/stamp-vti 2015-09-08 08:32:51.000000000 +0200
@@ -1,4 +1,4 @@
-@set UPDATED 27 February 2015
-@set UPDATED-MONTH February 2015
-@set EDITION 1.6.3
-@set VERSION 1.6.3
+@set UPDATED 7 September 2015
+@set UPDATED-MONTH September 2015
+@set EDITION 1.6.4
+@set VERSION 1.6.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/doc/version.texi new/libgcrypt-1.6.4/doc/version.texi
--- old/libgcrypt-1.6.3/doc/version.texi 2015-02-27 11:23:32.000000000 +0100
+++ new/libgcrypt-1.6.4/doc/version.texi 2015-09-08 08:32:51.000000000 +0200
@@ -1,4 +1,4 @@
-@set UPDATED 27 February 2015
-@set UPDATED-MONTH February 2015
-@set EDITION 1.6.3
-@set VERSION 1.6.3
+@set UPDATED 7 September 2015
+@set UPDATED-MONTH September 2015
+@set EDITION 1.6.4
+@set VERSION 1.6.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/mpi/config.links new/libgcrypt-1.6.4/mpi/config.links
--- old/libgcrypt-1.6.3/mpi/config.links 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/mpi/config.links 2015-09-07 14:05:57.000000000 +0200
@@ -50,11 +50,12 @@
path=""
mpi_cpu_arch="x86"
;;
- i[3467]86*-*-openbsd* | \
- i[3467]86*-*-freebsd*-elf | \
- i[3467]86*-*-freebsd[3-9]* | \
- i[3467]86*-*-freebsdelf* | \
- i[3467]86*-*-netbsd* | \
+ i[3467]86*-*-openbsd* | \
+ i[3467]86*-*-freebsd*-elf | \
+ i[3467]86*-*-freebsd[3-9]* | \
+ i[3467]86*-*-freebsd[12][0-9]*| \
+ i[3467]86*-*-freebsdelf* | \
+ i[3467]86*-*-netbsd* | \
i[3467]86*-*-k*bsd*)
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h
@@ -64,6 +65,7 @@
i586*-*-openbsd* | \
i586*-*-freebsd*-elf | \
i586*-*-freebsd[3-9]* | \
+ i586*-*-freebsd[12][0-9]*| \
i586*-*-freebsdelf* | \
i586*-*-netbsd* | \
i586*-*-k*bsd* | \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/mpi/longlong.h new/libgcrypt-1.6.4/mpi/longlong.h
--- old/libgcrypt-1.6.3/mpi/longlong.h 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/mpi/longlong.h 2015-09-07 15:33:48.000000000 +0200
@@ -1287,7 +1287,7 @@
"rJ" ((USItype)(al)), \
"rI" ((USItype)(bl)) \
__CLOBBER_CC)
-#if defined (__sparc_v8__)
+#if defined (__sparc_v8__) || defined(__sparcv8)
/* Don't match immediate range because, 1) it is not often useful,
2) the 'I' flag thinks of the range as a 13 bit signed interval,
while we want to match a 13 bit interval, sign extended to 32 bits,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/mpi/mpiutil.c new/libgcrypt-1.6.4/mpi/mpiutil.c
--- old/libgcrypt-1.6.3/mpi/mpiutil.c 2015-02-27 10:54:09.000000000 +0100
+++ new/libgcrypt-1.6.4/mpi/mpiutil.c 2015-09-07 14:05:57.000000000 +0200
@@ -343,7 +343,8 @@
if( a && (a->flags & 4) ) {
void *p = _gcry_is_secure(a->d)? xmalloc_secure ((a->sign+7)/8)
: xmalloc ((a->sign+7)/8);
- memcpy( p, a->d, (a->sign+7)/8 );
+ if (a->d)
+ memcpy( p, a->d, (a->sign+7)/8 );
b = mpi_set_opaque( NULL, p, a->sign );
b->flags &= ~(16|32); /* Reset the immutable and constant flags. */
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/random/random-csprng.c new/libgcrypt-1.6.4/random/random-csprng.c
--- old/libgcrypt-1.6.3/random/random-csprng.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/random/random-csprng.c 2015-09-07 14:05:57.000000000 +0200
@@ -978,8 +978,8 @@
pool_balance = 0;
needed = length - pool_balance;
- if (needed < POOLSIZE/2)
- needed = POOLSIZE/2;
+ if (needed < 16) /* At least 128 bits. */
+ needed = 16;
else if( needed > POOLSIZE )
BUG ();
read_random_source (RANDOM_ORIGIN_EXTRAPOLL, needed,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/random/rndunix.c new/libgcrypt-1.6.4/random/rndunix.c
--- old/libgcrypt-1.6.3/random/rndunix.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/random/rndunix.c 2015-09-07 18:02:19.000000000 +0200
@@ -144,6 +144,9 @@
#ifndef STDOUT_FILENO
#define STDOUT_FILENO 1
#endif
+#ifndef STDERR_FILENO
+#define STDERR_FILENO 2
+#endif
#define GATHER_BUFSIZE 49152 /* Usually about 25K are filled */
@@ -766,13 +769,27 @@
fclose(stderr); /* Arrghh!! It's Stuart code!! */
+ /* Mary goes to Berkeley: NetBSD emits warnings if the standard
+ descriptors are not open when running setuid program. Thus we
+ connect them to the bitbucket if they are not already open. */
+ {
+ struct stat statbuf;
+
+ if (fstat (STDIN_FILENO, &statbuf) == -1 && errno == EBADF)
+ open ("/dev/null",O_RDONLY);
+ if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF)
+ open ("/dev/null",O_WRONLY);
+ if (fstat (STDERR_FILENO, &statbuf) == -1 && errno == EBADF)
+ open ("/dev/null",O_WRONLY);
+ }
+
for(;;) {
GATHER_MSG msg;
size_t nbytes;
const char *p;
msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes );
- p = gather_buffer;
+ p = (const char*)gather_buffer;
while( nbytes ) {
msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes;
memcpy( msg.data, p, msg.ndata );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/random/rndw32.c new/libgcrypt-1.6.4/random/rndw32.c
--- old/libgcrypt-1.6.3/random/rndw32.c 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/random/rndw32.c 2015-09-08 08:17:06.000000000 +0200
@@ -513,7 +513,7 @@
status = RegQueryValueEx (hKey, "ProductType", 0, NULL,
szValue, &dwSize);
- if (status == ERROR_SUCCESS && stricmp (szValue, "WinNT"))
+ if (status == ERROR_SUCCESS && stricmp ((char*)szValue, "WinNT"))
{
/* Note: There are (at least) three cases for ProductType:
WinNT = NT Workstation, ServerNT = NT Server, LanmanNT =
@@ -826,39 +826,47 @@
cursor position for last message, 1 ms time for last message,
handle of window with clipboard open, handle of process heap,
handle of procs window station, types of events in input queue,
- and milliseconds since Windows was started. */
+ and milliseconds since Windows was started. On 64-bit platform
+ some of these return values are pointers and thus 64-bit wide.
+ We discard the upper 32-bit of those values. */
{
byte buffer[20*sizeof(ulong)], *bufptr;
bufptr = buffer;
-#define ADD(f) do { ulong along = (ulong)(f); \
- memcpy (bufptr, &along, sizeof (along) ); \
- bufptr += sizeof (along); \
- } while (0)
-
- ADD ( GetActiveWindow ());
- ADD ( GetCapture ());
- ADD ( GetClipboardOwner ());
- ADD ( GetClipboardViewer ());
- ADD ( GetCurrentProcess ());
- ADD ( GetCurrentProcessId ());
- ADD ( GetCurrentThread ());
- ADD ( GetCurrentThreadId ());
- ADD ( GetDesktopWindow ());
- ADD ( GetFocus ());
- ADD ( GetInputState ());
- ADD ( GetMessagePos ());
- ADD ( GetMessageTime ());
- ADD ( GetOpenClipboardWindow ());
- ADD ( GetProcessHeap ());
- ADD ( GetProcessWindowStation ());
- ADD ( GetQueueStatus (QS_ALLEVENTS));
- ADD ( GetTickCount ());
+#define ADDINT(f) do { ulong along = (ulong)(f); \
+ memcpy (bufptr, &along, sizeof (along) ); \
+ bufptr += sizeof (along); \
+ } while (0)
+#define ADDPTR(f) do { void *aptr = (f); \
+ ADDINT((SIZE_T)aptr); \
+ } while (0)
+
+ ADDPTR ( GetActiveWindow ());
+ ADDPTR ( GetCapture ());
+ ADDPTR ( GetClipboardOwner ());
+ ADDPTR ( GetClipboardViewer ());
+ ADDPTR ( GetCurrentProcess ());
+ ADDINT ( GetCurrentProcessId ());
+ ADDPTR ( GetCurrentThread ());
+ ADDINT ( GetCurrentThreadId ());
+ ADDPTR ( GetDesktopWindow ());
+ ADDPTR ( GetFocus ());
+ ADDINT ( GetInputState ());
+ ADDINT ( GetMessagePos ());
+ ADDINT ( GetMessageTime ());
+ ADDPTR ( GetOpenClipboardWindow ());
+ ADDPTR ( GetProcessHeap ());
+ ADDPTR ( GetProcessWindowStation ());
+ /* Following function in some cases stops returning events, and cannot
+ be used as an entropy source. */
+ /*ADDINT ( GetQueueStatus (QS_ALLEVENTS));*/
+ ADDINT ( GetTickCount ());
gcry_assert ( bufptr-buffer < sizeof (buffer) );
(*add) ( buffer, bufptr-buffer, origin );
-#undef ADD
+#undef ADDINT
+#undef ADDPTR
}
/* Get multiword system information: Current caret position, current
@@ -888,7 +896,7 @@
{
HANDLE handle;
FILETIME creationTime, exitTime, kernelTime, userTime;
- DWORD minimumWorkingSetSize, maximumWorkingSetSize;
+ SIZE_T minimumWorkingSetSize, maximumWorkingSetSize;
handle = GetCurrentThread ();
GetThreadTimes (handle, &creationTime, &exitTime,
@@ -910,10 +918,9 @@
process. */
GetProcessWorkingSetSize (handle, &minimumWorkingSetSize,
&maximumWorkingSetSize);
- (*add) ( &minimumWorkingSetSize,
- sizeof (minimumWorkingSetSize), origin );
- (*add) ( &maximumWorkingSetSize,
- sizeof (maximumWorkingSetSize), origin );
+ /* On 64-bit system, discard the high 32-bits. */
+ (*add) ( &minimumWorkingSetSize, sizeof (int), origin );
+ (*add) ( &maximumWorkingSetSize, sizeof (int), origin );
}
@@ -961,7 +968,20 @@
To make things unambiguous, we detect a CPU new enough to call RDTSC
directly by checking for CPUID capabilities, and fall back to QPC if
- this isn't present. */
+ this isn't present.
+
+ On AMD64, TSC is always available and intrinsic is provided for accessing
+ it. */
+#ifdef __WIN64__
+ {
+ unsigned __int64 aint64;
+
+ /* Note: cryptlib does not discard upper 32 bits of TSC on WIN64, but does
+ * on WIN32. Is this correct? */
+ aint64 = __rdtsc();
+ (*add) (&aint64, sizeof(aint64), origin);
+ }
+#else
#ifdef __GNUC__
/* FIXME: We would need to implement the CPU feature tests first. */
/* if (cpu_has_feature_rdtsc) */
@@ -990,6 +1010,7 @@
(*add) (&aword, sizeof (aword), origin );
}
}
+#endif /*__WIN64__*/
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/src/cipher.h new/libgcrypt-1.6.4/src/cipher.h
--- old/libgcrypt-1.6.3/src/cipher.h 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/src/cipher.h 2015-09-07 14:05:57.000000000 +0200
@@ -40,6 +40,7 @@
#define PUBKEY_FLAG_NOCOMP (1 << 11)
#define PUBKEY_FLAG_EDDSA (1 << 12)
#define PUBKEY_FLAG_GOST (1 << 13)
+#define PUBKEY_FLAG_NO_KEYTEST (1 << 14)
enum pk_operation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/src/gcrypt.h new/libgcrypt-1.6.4/src/gcrypt.h
--- old/libgcrypt-1.6.3/src/gcrypt.h 2015-02-27 11:23:21.000000000 +0100
+++ new/libgcrypt-1.6.4/src/gcrypt.h 2015-09-08 08:32:28.000000000 +0200
@@ -62,11 +62,11 @@
return the same version. The purpose of this macro is to let
autoconf (using the AM_PATH_GCRYPT macro) check that this header
matches the installed library. */
-#define GCRYPT_VERSION "1.6.3"
+#define GCRYPT_VERSION "1.6.4"
/* The version number of this header. It may be used to handle minor
API incompatibilities. */
-#define GCRYPT_VERSION_NUMBER 0x010603
+#define GCRYPT_VERSION_NUMBER 0x010604
/* Internal: We can't use the convenience macros for the multi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/src/secmem.c new/libgcrypt-1.6.4/src/secmem.c
--- old/libgcrypt-1.6.3/src/secmem.c 2015-02-27 10:54:03.000000000 +0100
+++ new/libgcrypt-1.6.4/src/secmem.c 2015-09-08 08:17:06.000000000 +0200
@@ -246,15 +246,21 @@
{
cap_t cap;
- cap = cap_from_text ("cap_ipc_lock+ep");
- cap_set_proc (cap);
- cap_free (cap);
+ if (!no_priv_drop)
+ {
+ cap = cap_from_text ("cap_ipc_lock+ep");
+ cap_set_proc (cap);
+ cap_free (cap);
+ }
err = no_mlock? 0 : mlock (p, n);
if (err && errno)
err = errno;
- cap = cap_from_text ("cap_ipc_lock+p");
- cap_set_proc (cap);
- cap_free(cap);
+ if (!no_priv_drop)
+ {
+ cap = cap_from_text ("cap_ipc_lock+p");
+ cap_set_proc (cap);
+ cap_free(cap);
+ }
}
if (err)
@@ -364,8 +370,6 @@
static void
init_pool (size_t n)
{
- size_t pgsize;
- long int pgsize_val;
memblock_t *mb;
pool_size = n;
@@ -373,48 +377,54 @@
if (disable_secmem)
log_bug ("secure memory is disabled");
-#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
- pgsize_val = sysconf (_SC_PAGESIZE);
-#elif defined(HAVE_GETPAGESIZE)
- pgsize_val = getpagesize ();
-#else
- pgsize_val = -1;
-#endif
- pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE;
-
#if HAVE_MMAP
- pool_size = (pool_size + pgsize - 1) & ~(pgsize - 1);
-#ifdef MAP_ANONYMOUS
- pool = mmap (0, pool_size, PROT_READ | PROT_WRITE,
- MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-#else /* map /dev/zero instead */
{
- int fd;
+ size_t pgsize;
+ long int pgsize_val;
- fd = open ("/dev/zero", O_RDWR);
- if (fd == -1)
- {
- log_error ("can't open /dev/zero: %s\n", strerror (errno));
- pool = (void *) -1;
- }
+# if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+ pgsize_val = sysconf (_SC_PAGESIZE);
+# elif defined(HAVE_GETPAGESIZE)
+ pgsize_val = getpagesize ();
+# else
+ pgsize_val = -1;
+# endif
+ pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE;
+
+ pool_size = (pool_size + pgsize - 1) & ~(pgsize - 1);
+# ifdef MAP_ANONYMOUS
+ pool = mmap (0, pool_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+# else /* map /dev/zero instead */
+ {
+ int fd;
+
+ fd = open ("/dev/zero", O_RDWR);
+ if (fd == -1)
+ {
+ log_error ("can't open /dev/zero: %s\n", strerror (errno));
+ pool = (void *) -1;
+ }
+ else
+ {
+ pool = mmap (0, pool_size,
+ (PROT_READ | PROT_WRITE), MAP_PRIVATE, fd, 0);
+ close (fd);
+ }
+ }
+# endif
+ if (pool == (void *) -1)
+ log_info ("can't mmap pool of %u bytes: %s - using malloc\n",
+ (unsigned) pool_size, strerror (errno));
else
{
- pool = mmap (0, pool_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- close (fd);
+ pool_is_mmapped = 1;
+ pool_okay = 1;
}
}
-#endif
- if (pool == (void *) -1)
- log_info ("can't mmap pool of %u bytes: %s - using malloc\n",
- (unsigned) pool_size, strerror (errno));
- else
- {
- pool_is_mmapped = 1;
- pool_okay = 1;
- }
+#endif /*HAVE_MMAP*/
-#endif
if (!pool_okay)
{
pool = malloc (pool_size);
@@ -482,13 +492,14 @@
{
#ifdef USE_CAPABILITIES
/* drop all capabilities */
- {
- cap_t cap;
+ if (!no_priv_drop)
+ {
+ cap_t cap;
- cap = cap_from_text ("all-eip");
- cap_set_proc (cap);
- cap_free (cap);
- }
+ cap = cap_from_text ("all-eip");
+ cap_set_proc (cap);
+ cap_free (cap);
+ }
#elif !defined(HAVE_DOSISH_SYSTEM)
uid_t uid;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/src/sexp.c new/libgcrypt-1.6.4/src/sexp.c
--- old/libgcrypt-1.6.3/src/sexp.c 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/src/sexp.c 2015-09-07 17:58:22.000000000 +0200
@@ -2405,7 +2405,7 @@
_gcry_mpi_release (*array[idx]);
*array[idx] = NULL;
}
- else if (!arrayisdesc[idx] == 1)
+ else if (arrayisdesc[idx] == 1)
{
/* Caller provided buffer. */
gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/tests/fipsdrv.c new/libgcrypt-1.6.4/tests/fipsdrv.c
--- old/libgcrypt-1.6.3/tests/fipsdrv.c 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/tests/fipsdrv.c 2015-09-08 08:17:06.000000000 +0200
@@ -2358,14 +2358,14 @@
{
if (!(++count % 1000))
fprintf (stderr, PGM ": %lu random bytes so far\n",
- (unsigned long int)count * sizeof buffer);
+ (unsigned long int)(count * sizeof buffer));
}
}
while (loop_mode);
if (progress)
fprintf (stderr, PGM ": %lu random bytes\n",
- (unsigned long int)count * sizeof buffer);
+ (unsigned long int)(count * sizeof buffer));
deinit_external_rng_test (context);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/tests/keygen.c new/libgcrypt-1.6.4/tests/keygen.c
--- old/libgcrypt-1.6.3/tests/keygen.c 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/tests/keygen.c 2015-05-21 17:31:51.000000000 +0200
@@ -1,5 +1,6 @@
/* keygen.c - key generation regression tests
* Copyright (C) 2003, 2005, 2012 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2015 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -14,8 +15,7 @@
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * License along with this program; if not, see http://www.gnu.org/licenses/.
*/
#ifdef HAVE_CONFIG_H
@@ -432,7 +432,43 @@
show_sexp ("ECC key:\n", key);
check_generated_ecc_key (key);
+ gcry_sexp_release (key);
+
+
+ if (verbose)
+ show ("creating ECC key using curve Ed25519 for ECDSA (transient-key)\n");
+ rc = gcry_sexp_build (&keyparm, NULL,
+ "(genkey(ecc(curve Ed25519)(flags transient-key)))");
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating ECC key using curve Ed25519 for ECDSA"
+ " (transient-key): %s\n",
+ gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("ECC key:\n", key);
+ check_generated_ecc_key (key);
+ gcry_sexp_release (key);
+ if (verbose)
+ show ("creating ECC key using curve Ed25519 for ECDSA "
+ "(transient-key no-keytest)\n");
+ rc = gcry_sexp_build (&keyparm, NULL,
+ "(genkey(ecc(curve Ed25519)"
+ "(flags transient-key no-keytest)))");
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating ECC key using curve Ed25519 for ECDSA"
+ " (transient-key no-keytest): %s\n",
+ gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("ECC key:\n", key);
+ check_generated_ecc_key (key);
gcry_sexp_release (key);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgcrypt-1.6.3/tests/random.c new/libgcrypt-1.6.4/tests/random.c
--- old/libgcrypt-1.6.3/tests/random.c 2015-02-23 11:55:58.000000000 +0100
+++ new/libgcrypt-1.6.4/tests/random.c 2015-09-08 08:17:06.000000000 +0200
@@ -87,7 +87,7 @@
}
-
+#ifndef HAVE_W32_SYSTEM
static int
writen (int fd, const void *buf, size_t nbytes)
{
@@ -110,7 +110,10 @@
return 0;
}
+#endif /*!HAVE_W32_SYSTEM*/
+
+#ifndef HAVE_W32_SYSTEM
static int
readn (int fd, void *buf, size_t buflen, size_t *ret_nread)
{
@@ -136,7 +139,7 @@
*ret_nread = buflen - nleft;
return 0;
}
-
+#endif /*!HAVE_W32_SYSTEM*/
/* Check that forking won't return the same random. */
++++++ libgcrypt-sparcv9.diff ++++++
--- /var/tmp/diff_new_pack.zRrPzT/_old 2015-09-19 06:53:22.000000000 +0200
+++ /var/tmp/diff_new_pack.zRrPzT/_new 2015-09-19 06:53:22.000000000 +0200
@@ -8,16 +8,16 @@
mpi/longlong.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: libgcrypt-1.4.4/mpi/longlong.h
+Index: libgcrypt-1.6.4/mpi/longlong.h
===================================================================
---- libgcrypt-1.4.4.orig/mpi/longlong.h
-+++ libgcrypt-1.4.4/mpi/longlong.h
-@@ -1133,7 +1133,7 @@ extern USItype __udiv_qrnnd ();
+--- libgcrypt-1.6.4.orig/mpi/longlong.h 2015-09-07 15:33:48.000000000 +0200
++++ libgcrypt-1.6.4/mpi/longlong.h 2015-09-08 10:36:28.124169828 +0200
+@@ -1287,7 +1287,7 @@ typedef unsigned int UTItype __attribute
"rJ" ((USItype)(al)), \
"rI" ((USItype)(bl)) \
__CLOBBER_CC)
--#if defined (__sparc_v8__)
-+#if defined (__sparc_v8__) || defined(__sparc_v9__)
+-#if defined (__sparc_v8__) || defined(__sparcv8)
++#if defined (__sparc_v8__) || defined(__sparcv8) || defined(__sparc_v9__)
/* Don't match immediate range because, 1) it is not often useful,
2) the 'I' flag thinks of the range as a 13 bit signed interval,
while we want to match a 13 bit interval, sign extended to 32 bits,