Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2017-09-07 22:07:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Thu Sep 7 22:07:50 2017 rev:67 rq:519870 version:1.8.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2017-08-29 11:33:57.849720578 +0200
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2017-09-07 22:07:58.791240652 +0200
@@ -1,0 +2,11 @@
+Mon Aug 28 17:54:24 UTC 2017 - astieger@suse.com
+
+- libgcrypt 1.8.1:
+ * Mitigate a local side-channel attack on Curve25519 dubbed "May
+ the Fourth be With You" CVE-2017-0379 bsc#1055837
+ * Add more extra bytes to the pool after reading a seed file
+ * Add the OID SHA384WithECDSA from RFC-7427 to SHA-384
+ * Fix build problems with the Jitter RNG
+ * Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)
+
+-------------------------------------------------------------------
Old:
----
libgcrypt-1.8.0.tar.bz2
libgcrypt-1.8.0.tar.bz2.sig
New:
----
libgcrypt-1.8.1.tar.bz2
libgcrypt-1.8.1.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.IxEiOI/_old 2017-09-07 22:07:59.763103659 +0200
+++ /var/tmp/diff_new_pack.IxEiOI/_new 2017-09-07 22:07:59.763103659 +0200
@@ -21,7 +21,7 @@
%define libsoname %{name}20
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt
-Version: 1.8.0
+Version: 1.8.1
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ AND LGPL-2.1+ AND GPL-3.0+
++++++ libgcrypt-1.8.0.tar.bz2 -> libgcrypt-1.8.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/ChangeLog new/libgcrypt-1.8.1/ChangeLog
--- old/libgcrypt-1.8.0/ChangeLog 2017-07-18 16:17:14.000000000 +0200
+++ new/libgcrypt-1.8.1/ChangeLog 2017-08-27 09:27:04.000000000 +0200
@@ -1,3 +1,88 @@
+2017-08-27 Werner Koch
+
+ Release 1.8.1.
+ + commit 80fd8615048c3897b91a315cca22ab139b056ccd
+ * configure.ac: Set LT version to C22/A2/R1.
+
+2017-08-27 NIIBE Yutaka
+
+ ecc: Add input validation for X25519.
+ + commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
+ * cipher/ecc.c (ecc_decrypt_raw): Add input validation.
+ * mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
+ (_gcry_mpi_ec_bad_point): New.
+
+2017-08-07 Marcus Brinkmann
+
+ cipher: Add OID for SHA384WithECDSA.
+ + commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315
+ * cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA.
+
+2017-08-02 Werner Koch
+
+ tests: Fix a printf glitch for a Windows test.
+ + commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19
+ * tests/t-convert.c (check_formats): Fix print format glitch on
+ Windows.
+ * tests/t-ed25519.c: Typo fix.
+
+ tests: Add benchmarking option to tests/random.
+ + commit 21d0f068a721c022f955084c28304934fd198c5e
+ * tests/random.c: Always include unistd.h.
+ (prepend_srcdir): New.
+ (run_benchmark): New.
+ (main): Add options --benchmark and --with-seed-file. Print whetehr
+ JENT has been used.
+ * tests/t-common.h (split_fields_colon): New. Taken from GnuPG.
+ License of that code changed to LGPLv2.1.
+
+ random: Add more bytes to the pool in addition to the seed file.
+ + commit eea36574f37830a6a80b4fad884825e815b2912f
+ * random/random-csprng.c (read_seed_file): Read 128 or 32 butes
+ depending on whether we have the Jitter RNG.
+
+2017-08-01 Jussi Kivilinna
+
+ Add script to run basic tests with all supported HWF combinations.
+ + commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004
+ * tests/basic_all_hwfeature_combinations.sh: New.
+ * tests/Makefile.am: Add basic_all_hwfeature_combinations.sh.
+
+2017-07-29 Jussi Kivilinna
+
+ Fix return value type for _gcry_md_extract.
+ + commit cf1528e7f2761774d06ace0de48f39c96b52dc4f
+ * src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of
+ gpg_error_t for internal function return type.
+
+ Fix building AArch32 CE implementations when target is ARMv6 arch.
+ + commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748
+ * cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure.
+ * cipher/rijndael-armv8-aarch32-ce.S: Ditto.
+ * cipher/sha1-armv8-aarch32-ce.S: Ditto.
+ * cipher/sha256-armv8-aarch32-ce.S: Ditto.
+ * configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto.
+
+2017-07-25 NIIBE Yutaka
+
+ sexp: Add fall through annotation.
+ + commit b7cd44335d9cde43be6f693dca6399ed0762649c
+ * src/dumpsexp.c (parse_and_print): It's fall through.
+
+2017-07-24 Werner Koch
+
+ random: Fix the command line munging for jitterbase.
+ + commit ac39522ab08fcd2483edc223334c6ab9d19e91f3
+ * random/Makefile.am (o_flag_munging): Make the first sed term also
+ global.
+
+2017-07-19 NIIBE Yutaka
+
+ Remove byte order mark.
+ + commit 1d8e4c2c3a7d0a4154caf5bd720a9a0b04179390
+ * random/jitterentropy-base.c, random/jitterentropy.h: Remove
+ byte order mark.
+
2017-07-18 Werner Koch
Release 1.8.0.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/NEWS new/libgcrypt-1.8.1/NEWS
--- old/libgcrypt-1.8.0/NEWS 2017-07-18 16:13:57.000000000 +0200
+++ new/libgcrypt-1.8.1/NEWS 2017-08-27 09:21:06.000000000 +0200
@@ -1,3 +1,20 @@
+Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1]
+------------------------------------------------
+
+ * Bug fixes:
+
+ - Mitigate a local side-channel attack on Curve25519 dubbed "May
+ the Fourth be With You". [CVE-2017-0379] [also in 1.7.9]
+
+ - Add more extra bytes to the pool after reading a seed file.
+
+ - Add the OID SHA384WithECDSA from RFC-7427 to SHA-384.
+
+ - Fix build problems with the Jitter RNG
+
+ - Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE).
+
+
Noteworthy changes in version 1.8.0 (2017-07-18) [C22/A2/R0]
------------------------------------------------
@@ -13,7 +30,7 @@
- GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
- - New gobal configuration file /etc/gcrypt/random.conf.
+ - New global configuration file /etc/gcrypt/random.conf.
* Extended interfaces:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/VERSION new/libgcrypt-1.8.1/VERSION
--- old/libgcrypt-1.8.0/VERSION 2017-07-18 16:17:15.000000000 +0200
+++ new/libgcrypt-1.8.1/VERSION 2017-08-27 09:27:05.000000000 +0200
@@ -1 +1 @@
-1.8.0
+1.8.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/cipher/cipher-gcm-armv8-aarch32-ce.S new/libgcrypt-1.8.1/cipher/cipher-gcm-armv8-aarch32-ce.S
--- old/libgcrypt-1.8.0/cipher/cipher-gcm-armv8-aarch32-ce.S 2016-11-12 11:39:35.000000000 +0100
+++ new/libgcrypt-1.8.1/cipher/cipher-gcm-armv8-aarch32-ce.S 2017-08-02 18:46:55.000000000 +0200
@@ -24,6 +24,7 @@
defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
.syntax unified
+.arch armv8-a
.fpu crypto-neon-fp-armv8
.arm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/cipher/ecc.c new/libgcrypt-1.8.1/cipher/ecc.c
--- old/libgcrypt-1.8.0/cipher/ecc.c 2016-07-14 11:19:17.000000000 +0200
+++ new/libgcrypt-1.8.1/cipher/ecc.c 2017-08-27 09:08:51.000000000 +0200
@@ -1628,9 +1628,22 @@
if (DBG_CIPHER)
log_printpnt ("ecc_decrypt kG", &kG, NULL);
- if (!(flags & PUBKEY_FLAG_DJB_TWEAK)
+ if ((flags & PUBKEY_FLAG_DJB_TWEAK))
+ {
/* For X25519, by its definition, validation should not be done. */
- && !_gcry_mpi_ec_curve_point (&kG, ec))
+ /* (Instead, we do output check.)
+ *
+ * However, to mitigate secret key leak from our implementation,
+ * we also do input validation here. For constant-time
+ * implementation, we can remove this input validation.
+ */
+ if (_gcry_mpi_ec_bad_point (&kG, ec))
+ {
+ rc = GPG_ERR_INV_DATA;
+ goto leave;
+ }
+ }
+ else if (!_gcry_mpi_ec_curve_point (&kG, ec))
{
rc = GPG_ERR_INV_DATA;
goto leave;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/cipher/rijndael-armv8-aarch32-ce.S new/libgcrypt-1.8.1/cipher/rijndael-armv8-aarch32-ce.S
--- old/libgcrypt-1.8.0/cipher/rijndael-armv8-aarch32-ce.S 2017-01-18 15:24:25.000000000 +0100
+++ new/libgcrypt-1.8.1/cipher/rijndael-armv8-aarch32-ce.S 2017-08-02 18:46:55.000000000 +0200
@@ -24,6 +24,7 @@
defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
.syntax unified
+.arch armv8-a
.fpu crypto-neon-fp-armv8
.arm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/cipher/sha1-armv8-aarch32-ce.S new/libgcrypt-1.8.1/cipher/sha1-armv8-aarch32-ce.S
--- old/libgcrypt-1.8.0/cipher/sha1-armv8-aarch32-ce.S 2016-08-19 10:27:55.000000000 +0200
+++ new/libgcrypt-1.8.1/cipher/sha1-armv8-aarch32-ce.S 2017-08-02 18:46:55.000000000 +0200
@@ -24,6 +24,7 @@
defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO) && defined(USE_SHA1)
.syntax unified
+.arch armv8-a
.fpu crypto-neon-fp-armv8
.arm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/cipher/sha256-armv8-aarch32-ce.S new/libgcrypt-1.8.1/cipher/sha256-armv8-aarch32-ce.S
--- old/libgcrypt-1.8.0/cipher/sha256-armv8-aarch32-ce.S 2016-11-12 11:39:35.000000000 +0100
+++ new/libgcrypt-1.8.1/cipher/sha256-armv8-aarch32-ce.S 2017-08-02 18:46:55.000000000 +0200
@@ -24,6 +24,7 @@
defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO) && defined(USE_SHA256)
.syntax unified
+.arch armv8-a
.fpu crypto-neon-fp-armv8
.arm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/cipher/sha512.c new/libgcrypt-1.8.1/cipher/sha512.c
--- old/libgcrypt-1.8.0/cipher/sha512.c 2017-06-24 13:34:29.000000000 +0200
+++ new/libgcrypt-1.8.1/cipher/sha512.c 2017-08-24 11:42:27.000000000 +0200
@@ -943,6 +943,9 @@
/* PKCS#1 sha384WithRSAEncryption */
{ "1.2.840.113549.1.1.12" },
+ /* SHA384WithECDSA: RFC 7427 (A.3.3.) */
+ { "1.2.840.10045.4.3.3" },
+
{ NULL },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/configure new/libgcrypt-1.8.1/configure
--- old/libgcrypt-1.8.0/configure 2017-07-18 16:16:18.000000000 +0200
+++ new/libgcrypt-1.8.1/configure 2017-08-27 09:25:40.000000000 +0200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.0.
+# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.1.
#
# Report bugs to http://bugs.gnupg.org.
#
@@ -591,8 +591,8 @@
# Identity of this package.
PACKAGE_NAME='libgcrypt'
PACKAGE_TARNAME='libgcrypt'
-PACKAGE_VERSION='1.8.0'
-PACKAGE_STRING='libgcrypt 1.8.0'
+PACKAGE_VERSION='1.8.1'
+PACKAGE_STRING='libgcrypt 1.8.1'
PACKAGE_BUGREPORT='http://bugs.gnupg.org'
PACKAGE_URL=''
@@ -1453,7 +1453,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libgcrypt 1.8.0 to adapt to many kinds of systems.
+\`configure' configures libgcrypt 1.8.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1523,7 +1523,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libgcrypt 1.8.0:";;
+ short | recursive ) echo "Configuration of libgcrypt 1.8.1:";;
esac
cat <<\_ACEOF
@@ -1692,7 +1692,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libgcrypt configure 1.8.0
+libgcrypt configure 1.8.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2344,7 +2344,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libgcrypt $as_me 1.8.0, which was
+It was created by libgcrypt $as_me 1.8.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2699,7 +2699,7 @@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=0
+LIBGCRYPT_LT_REVISION=1
# If the API is changed in an incompatible way: increment the next counter.
@@ -3231,7 +3231,7 @@
# Define the identity of the package.
PACKAGE='libgcrypt'
- VERSION='1.8.0'
+ VERSION='1.8.1'
cat >>confdefs.h <<_ACEOF
@@ -3486,7 +3486,7 @@
#define VERSION "$VERSION"
_ACEOF
-VERSION_NUMBER=0x010800
+VERSION_NUMBER=0x010801
@@ -16783,6 +16783,7 @@
/* end confdefs.h. */
__asm__(
".syntax unified\n\t"
+ ".arch armv8-a\n\t"
".arm\n\t"
".fpu crypto-neon-fp-armv8\n\t"
@@ -18802,7 +18803,7 @@
#
# Provide information about the build.
#
-BUILD_REVISION="850aca7"
+BUILD_REVISION="80fd861"
cat >>confdefs.h <<_ACEOF
@@ -18811,7 +18812,7 @@
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
-BUILD_FILEVERSION="${BUILD_FILEVERSION}34058"
+BUILD_FILEVERSION="${BUILD_FILEVERSION}33021"
# Check whether --enable-build-timestamp was given.
@@ -19479,7 +19480,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libgcrypt $as_me 1.8.0, which was
+This file was extended by libgcrypt $as_me 1.8.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -19549,7 +19550,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libgcrypt config.status 1.8.0
+libgcrypt config.status 1.8.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/configure.ac new/libgcrypt-1.8.1/configure.ac
--- old/libgcrypt-1.8.0/configure.ac 2017-07-18 16:13:57.000000000 +0200
+++ new/libgcrypt-1.8.1/configure.ac 2017-08-27 09:21:20.000000000 +0200
@@ -30,7 +30,7 @@
# for the LT versions.
m4_define(mym4_version_major, [1])
m4_define(mym4_version_minor, [8])
-m4_define(mym4_version_micro, [0])
+m4_define(mym4_version_micro, [1])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
@@ -56,7 +56,7 @@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=0
+LIBGCRYPT_LT_REVISION=1
# If the API is changed in an incompatible way: increment the next counter.
@@ -1619,6 +1619,7 @@
AC_COMPILE_IFELSE([AC_LANG_SOURCE(
[[__asm__(
".syntax unified\n\t"
+ ".arch armv8-a\n\t"
".arm\n\t"
".fpu crypto-neon-fp-armv8\n\t"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/doc/gcrypt.info new/libgcrypt-1.8.1/doc/gcrypt.info
--- old/libgcrypt-1.8.0/doc/gcrypt.info 2017-07-18 16:17:13.000000000 +0200
+++ new/libgcrypt-1.8.1/doc/gcrypt.info 2017-08-27 09:27:04.000000000 +0200
@@ -1,6 +1,6 @@
This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.8.0, 18 July 2017), which is
+This manual is for Libgcrypt (version 1.8.1, 18 July 2017), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
@@ -24,7 +24,7 @@
The Libgcrypt Library
*********************
-This manual is for Libgcrypt (version 1.8.0, 18 July 2017), which is
+This manual is for Libgcrypt (version 1.8.1, 18 July 2017), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/doc/stamp-vti new/libgcrypt-1.8.1/doc/stamp-vti
--- old/libgcrypt-1.8.0/doc/stamp-vti 2017-07-18 16:17:12.000000000 +0200
+++ new/libgcrypt-1.8.1/doc/stamp-vti 2017-08-27 09:26:41.000000000 +0200
@@ -1,4 +1,4 @@
@set UPDATED 18 July 2017
@set UPDATED-MONTH July 2017
-@set EDITION 1.8.0
-@set VERSION 1.8.0
+@set EDITION 1.8.1
+@set VERSION 1.8.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/doc/version.texi new/libgcrypt-1.8.1/doc/version.texi
--- old/libgcrypt-1.8.0/doc/version.texi 2017-07-18 16:17:12.000000000 +0200
+++ new/libgcrypt-1.8.1/doc/version.texi 2017-08-27 09:26:41.000000000 +0200
@@ -1,4 +1,4 @@
@set UPDATED 18 July 2017
@set UPDATED-MONTH July 2017
-@set EDITION 1.8.0
-@set VERSION 1.8.0
+@set EDITION 1.8.1
+@set VERSION 1.8.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/mpi/ec.c new/libgcrypt-1.8.1/mpi/ec.c
--- old/libgcrypt-1.8.0/mpi/ec.c 2017-07-18 09:52:59.000000000 +0200
+++ new/libgcrypt-1.8.1/mpi/ec.c 2017-08-27 09:08:51.000000000 +0200
@@ -396,6 +396,29 @@
}
+static const char *curve25519_bad_points[] = {
+ "0x0000000000000000000000000000000000000000000000000000000000000000",
+ "0x0000000000000000000000000000000000000000000000000000000000000001",
+ "0x00b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0",
+ "0x57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f",
+ "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec",
+ "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed",
+ "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee",
+ NULL
+};
+
+static gcry_mpi_t
+scanval (const char *string)
+{
+ gpg_err_code_t rc;
+ gcry_mpi_t val;
+
+ rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+ if (rc)
+ log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc));
+ return val;
+}
+
/* This function initialized a context for elliptic curve based on the
field GF(p). P is the prime specifying this field, A is the first
@@ -434,9 +457,17 @@
_gcry_mpi_ec_get_reset (ctx);
- /* Allocate scratch variables. */
- for (i=0; i< DIM(ctx->t.scratch); i++)
- ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
+ if (model == MPI_EC_MONTGOMERY)
+ {
+ for (i=0; i< DIM(ctx->t.scratch) && curve25519_bad_points[i]; i++)
+ ctx->t.scratch[i] = scanval (curve25519_bad_points[i]);
+ }
+ else
+ {
+ /* Allocate scratch variables. */
+ for (i=0; i< DIM(ctx->t.scratch); i++)
+ ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
+ }
/* Prepare for fast reduction. */
/* FIXME: need a test for NIST values. However it does not gain us
@@ -1572,3 +1603,17 @@
return res;
}
+
+
+int
+_gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx)
+{
+ int i;
+ gcry_mpi_t x_bad;
+
+ for (i = 0; (x_bad = ctx->t.scratch[i]); i++)
+ if (!mpi_cmp (point->x, x_bad))
+ return 1;
+
+ return 0;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/random/Makefile.am new/libgcrypt-1.8.1/random/Makefile.am
--- old/libgcrypt-1.8.0/random/Makefile.am 2017-06-24 13:34:29.000000000 +0200
+++ new/libgcrypt-1.8.1/random/Makefile.am 2017-07-24 09:33:03.000000000 +0200
@@ -55,7 +55,7 @@
# The rndjent module needs to be compiled without optimization. */
if ENABLE_O_FLAG_MUNGING
-o_flag_munging = sed -e 's/-O\([1-9s][1-9s]*\)/-O0/' -e 's/-Ofast/-O0/g'
+o_flag_munging = sed -e 's/-O\([1-9s][1-9s]*\)/-O0/g' -e 's/-Ofast/-O0/g'
else
o_flag_munging = cat
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/random/Makefile.in new/libgcrypt-1.8.1/random/Makefile.in
--- old/libgcrypt-1.8.0/random/Makefile.in 2017-07-18 16:16:17.000000000 +0200
+++ new/libgcrypt-1.8.1/random/Makefile.in 2017-08-27 09:25:39.000000000 +0200
@@ -375,7 +375,7 @@
@ENABLE_O_FLAG_MUNGING_FALSE@o_flag_munging = cat
# The rndjent module needs to be compiled without optimization. */
-@ENABLE_O_FLAG_MUNGING_TRUE@o_flag_munging = sed -e 's/-O\([1-9s][1-9s]*\)/-O0/' -e 's/-Ofast/-O0/g'
+@ENABLE_O_FLAG_MUNGING_TRUE@o_flag_munging = sed -e 's/-O\([1-9s][1-9s]*\)/-O0/g' -e 's/-Ofast/-O0/g'
all: all-am
.SUFFIXES:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/random/jitterentropy-base.c new/libgcrypt-1.8.1/random/jitterentropy-base.c
--- old/libgcrypt-1.8.0/random/jitterentropy-base.c 2017-06-24 13:34:29.000000000 +0200
+++ new/libgcrypt-1.8.1/random/jitterentropy-base.c 2017-07-20 10:48:01.000000000 +0200
@@ -1,4 +1,4 @@
-/*
+/*
* Non-physical true random number generator based on timing jitter.
*
* Copyright Stephan Mueller , 2014 - 2017
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/random/jitterentropy.h new/libgcrypt-1.8.1/random/jitterentropy.h
--- old/libgcrypt-1.8.0/random/jitterentropy.h 2017-06-24 13:34:29.000000000 +0200
+++ new/libgcrypt-1.8.1/random/jitterentropy.h 2017-07-20 10:48:01.000000000 +0200
@@ -1,4 +1,4 @@
-/*
+/*
* Non-physical true random number generator based on timing jitter.
*
* Copyright Stephan Mueller , 2014
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/random/random-csprng.c new/libgcrypt-1.8.1/random/random-csprng.c
--- old/libgcrypt-1.8.0/random/random-csprng.c 2017-06-13 20:41:14.000000000 +0200
+++ new/libgcrypt-1.8.1/random/random-csprng.c 2017-08-27 09:05:36.000000000 +0200
@@ -115,7 +115,7 @@
static size_t pool_readpos;
/* This flag is set to true as soon as the pool has been completely
- filled the first time. This may happen either by rereading a seed
+ filled the first time. This may happen either by reading a seed
file or by adding enough entropy. */
static int pool_filled;
@@ -717,12 +717,12 @@
out the same pool and then race for updating it (the last update
overwrites earlier updates). They will differentiate only by the
weak entropy that is added in read_seed_file based on the PID and
- clock, and up to 16 bytes of weak random non-blockingly. The
+ clock, and up to 32 bytes from a non-blocking entropy source. The
consequence is that the output of these different instances is
correlated to some extent. In the perfect scenario, the attacker
can control (or at least guess) the PID and clock of the
application, and drain the system's entropy pool to reduce the "up
- to 16 bytes" above to 0. Then the dependencies of the initial
+ to 32 bytes" above to 0. Then the dependencies of the initial
states of the pools are completely known. */
static int
read_seed_file (void)
@@ -814,12 +814,16 @@
add_randomness( &x, sizeof(x), RANDOM_ORIGIN_INIT );
}
- /* And read a few bytes from our entropy source. By using a level
- * of 0 this will not block and might not return anything with some
- * entropy drivers, however the rndlinux driver will use
- * /dev/urandom and return some stuff - Do not read too much as we
- * want to be friendly to the scare system entropy resource. */
- read_random_source ( RANDOM_ORIGIN_INIT, 16, GCRY_WEAK_RANDOM );
+ /* And read a few bytes from our entropy source. If we have the
+ * Jitter RNG we can fast get a lot of entropy. Thus we read 1024
+ * bits from that source.
+ *
+ * Without the Jitter RNG we keep the old method of reading only a
+ * few bytes usually from /dev/urandom which won't block. */
+ if (_gcry_rndjent_get_version (NULL))
+ read_random_source (RANDOM_ORIGIN_INIT, 128, GCRY_STRONG_RANDOM);
+ else
+ read_random_source (RANDOM_ORIGIN_INIT, 32, GCRY_STRONG_RANDOM);
allow_seed_file_update = 1;
return 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/src/dumpsexp.c new/libgcrypt-1.8.1/src/dumpsexp.c
--- old/libgcrypt-1.8.0/src/dumpsexp.c 2013-12-12 15:15:04.000000000 +0100
+++ new/libgcrypt-1.8.1/src/dumpsexp.c 2017-08-02 18:46:55.000000000 +0200
@@ -546,6 +546,7 @@
state = IN_DATA;
printctl ("begindata");
init_data ();
+ /* fall through */
case IN_DATA:
if (datalen)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/src/gcrypt-int.h new/libgcrypt-1.8.1/src/gcrypt-int.h
--- old/libgcrypt-1.8.0/src/gcrypt-int.h 2017-07-18 10:08:04.000000000 +0200
+++ new/libgcrypt-1.8.1/src/gcrypt-int.h 2017-08-02 18:46:55.000000000 +0200
@@ -39,7 +39,7 @@
/* Underscore prefixed internal versions of the public functions.
- They return gpg_err_code and not gpg_error_t. Some macros also
+ They return gpg_err_code_t and not gpg_error_t. Some macros also
need an underscore prefixed internal version.
Note that the memory allocation functions and macros (xmalloc etc.)
@@ -120,8 +120,8 @@
void *buffer, size_t buflen);
void _gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
unsigned char *_gcry_md_read (gcry_md_hd_t hd, int algo);
-gpg_error_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
- size_t length);
+gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
+ size_t length);
void _gcry_md_hash_buffer (int algo, void *digest,
const void *buffer, size_t length);
gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/src/mpi.h new/libgcrypt-1.8.1/src/mpi.h
--- old/libgcrypt-1.8.0/src/mpi.h 2017-06-29 08:35:15.000000000 +0200
+++ new/libgcrypt-1.8.1/src/mpi.h 2017-08-27 09:08:51.000000000 +0200
@@ -296,6 +296,7 @@
gcry_mpi_t scalar, mpi_point_t point,
mpi_ec_t ctx);
int _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx);
gcry_mpi_t _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/tests/Makefile.am new/libgcrypt-1.8.1/tests/Makefile.am
--- old/libgcrypt-1.8.0/tests/Makefile.am 2017-05-23 17:30:34.000000000 +0200
+++ new/libgcrypt-1.8.1/tests/Makefile.am 2017-08-02 18:46:55.000000000 +0200
@@ -60,7 +60,7 @@
t-ed25519.inp stopwatch.h hashtest-256g.in \
sha3-224.h sha3-256.h sha3-384.h sha3-512.h \
blake2b.h blake2s.h \
- basic-disable-all-hwf.in
+ basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS)
t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/tests/Makefile.in new/libgcrypt-1.8.1/tests/Makefile.in
--- old/libgcrypt-1.8.0/tests/Makefile.in 2017-07-18 16:16:17.000000000 +0200
+++ new/libgcrypt-1.8.1/tests/Makefile.in 2017-08-27 09:25:39.000000000 +0200
@@ -547,7 +547,7 @@
t-ed25519.inp stopwatch.h hashtest-256g.in \
sha3-224.h sha3-256.h sha3-384.h sha3-512.h \
blake2b.h blake2s.h \
- basic-disable-all-hwf.in
+ basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS)
t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/tests/basic_all_hwfeature_combinations.sh new/libgcrypt-1.8.1/tests/basic_all_hwfeature_combinations.sh
--- old/libgcrypt-1.8.0/tests/basic_all_hwfeature_combinations.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/libgcrypt-1.8.1/tests/basic_all_hwfeature_combinations.sh 2017-08-02 18:46:55.000000000 +0200
@@ -0,0 +1,111 @@
+#!/bin/bash
+# Run basic tests with all HW feature combinations
+# Copyright 2017 Jussi Kivilinna
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+
+# Use BINEXT to set executable extension
+# For example for Windows executables: BINEXT=.exe
+if [ "x$BINEXT" != "x" ] && [ -e "tests/version$BINEXT" ]; then
+ binext="$BINEXT"
+else
+ binext=""
+fi
+
+# Use BINPRE to set executable prefix
+# For example to run Windows executable with WINE: BINPRE="wine "
+if [ "x$BINPRE" != "x" ]; then
+ binpre="$BINPRE"
+else
+ binpre=""
+fi
+
+# Use NJOBS to define number of parallel tasks
+if [ "x$NJOBS" != "x" ]; then
+ njobs="$NJOBS"
+else
+ # default to cpu count
+ ncpus=$(nproc --all)
+ if [ "x@cpus" != "x" ]; then
+ njobs=$ncpus
+ else
+ # could not get cpu count, use 4 parallel tasks instead
+ njobs=4
+ fi
+fi
+
+get_supported_hwfeatures() {
+ $binpre "tests/version$binext" 2>&1 | \
+ grep "hwflist" | \
+ sed -e 's/hwflist://' -e 's/:/ /g' -e 's/\x0d/\x0a/g'
+}
+
+hwfs=($(get_supported_hwfeatures))
+retcodes=()
+optslist=()
+echo "Total HW-feature combinations: $((1<<${#hwfs[@]}))"
+for ((cbits=0; cbits < (1<<${#hwfs[@]}); cbits++)); do
+ for ((mask=0; mask < ${#hwfs[@]}; mask++)); do
+ match=$(((1<
#include
#include
+#include
#ifndef HAVE_W32_SYSTEM
# include
-# include
# include
#endif
+#include "stopwatch.h"
+
+
#define PGM "random"
+#define NEED_EXTRA_TEST_SUPPORT 1
#include "t-common.h"
static int with_progress;
+/* Prepend FNAME with the srcdir environment variable's value and
+ * return an allocated filename. */
+static char *
+prepend_srcdir (const char *fname)
+{
+ static const char *srcdir;
+ char *result;
+
+ if (!srcdir && !(srcdir = getenv ("srcdir")))
+ srcdir = ".";
+
+ result = xmalloc (strlen (srcdir) + 1 + strlen (fname) + 1);
+ strcpy (result, srcdir);
+ strcat (result, "/");
+ strcat (result, fname);
+ return result;
+}
+
+
static void
print_hex (const char *text, const void *buf, size_t n)
{
@@ -537,12 +560,43 @@
free (cmdline);
}
+
+static void
+run_benchmark (void)
+{
+ char rndbuf[32];
+ int i, j;
+
+ if (verbose)
+ info ("benchmarking GCRY_STRONG_RANDOM (/dev/urandom)\n");
+
+ start_timer ();
+ gcry_randomize (rndbuf, sizeof rndbuf, GCRY_STRONG_RANDOM);
+ stop_timer ();
+
+ info ("getting first 256 bits: %s", elapsed_time (1));
+
+ for (j=0; j < 5; j++)
+ {
+ start_timer ();
+ for (i=0; i < 100; i++)
+ gcry_randomize (rndbuf, sizeof rndbuf, GCRY_STRONG_RANDOM);
+ stop_timer ();
+
+ info ("100 calls of 256 bits each: %s", elapsed_time (100));
+ }
+
+}
+
+
int
main (int argc, char **argv)
{
int last_argc = -1;
int early_rng = 0;
int in_recursion = 0;
+ int benchmark = 0;
+ int with_seed_file = 0;
const char *program = NULL;
if (argc)
@@ -586,16 +640,27 @@
in_recursion = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--benchmark"))
+ {
+ benchmark = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--early-rng-check"))
{
early_rng = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--with-seed-file"))
+ {
+ with_seed_file = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--prefer-standard-rng"))
{
/* This is anyway the default, but we may want to use it for
debugging. */
- xgcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_STANDARD);
+ xgcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE,
+ GCRY_RNG_TYPE_STANDARD);
argc--; argv++;
}
else if (!strcmp (*argv, "--prefer-fips-rng"))
@@ -608,12 +673,27 @@
xgcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM);
argc--; argv++;
}
+ else if (!strcmp (*argv, "--disable-hwf"))
+ {
+ argc--;
+ argv++;
+ if (argc)
+ {
+ if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
+ die ("unknown hardware feature `%s'\n", *argv);
+ argc--;
+ argv++;
+ }
+ }
}
#ifndef HAVE_W32_SYSTEM
signal (SIGPIPE, SIG_IGN);
#endif
+ if (benchmark && !verbose)
+ verbose = 1;
+
if (early_rng)
{
/* Don't switch RNG in fips mode. */
@@ -628,11 +708,25 @@
if (with_progress)
gcry_set_progress_handler (progress_cb, NULL);
+ if (with_seed_file)
+ {
+ char *fname = prepend_srcdir ("random.seed");
+
+ if (access (fname, F_OK))
+ info ("random seed file '%s' not found\n", fname);
+ gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, fname);
+ xfree (fname);
+ }
+
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
if (debug)
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
- if (!in_recursion)
+ if (benchmark)
+ {
+ run_benchmark ();
+ }
+ else if (!in_recursion)
{
check_forking ();
check_nonce_forking ();
@@ -640,16 +734,31 @@
}
/* For now we do not run the drgb_reinit check from "make check" due
to its high requirement for entropy. */
- if (!getenv ("GCRYPT_IN_REGRESSION_TEST"))
+ if (!benchmark && !getenv ("GCRYPT_IN_REGRESSION_TEST"))
check_drbg_reinit ();
/* Don't switch RNG in fips mode. */
- if (!gcry_fips_mode_active())
+ if (!benchmark && !gcry_fips_mode_active())
check_rng_type_switching ();
- if (!in_recursion)
+ if (!in_recursion && !benchmark)
run_all_rng_tests (program);
+ /* Print this info last so that it does not influence the
+ * initialization and thus the benchmarking. */
+ if (!in_recursion && verbose)
+ {
+ char *buf;
+ char *fields[5];
+
+ buf = gcry_get_config (0, "rng-type");
+ if (buf
+ && split_fields_colon (buf, fields, DIM (fields)) >= 5
+ && atoi (fields[4]) > 0)
+ info ("The JENT RNG was active\n");
+ gcry_free (buf);
+ }
+
if (debug)
xgcry_control (GCRYCTL_DUMP_RANDOM_STATS);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/tests/t-common.h new/libgcrypt-1.8.1/tests/t-common.h
--- old/libgcrypt-1.8.0/tests/t-common.h 2017-01-18 15:24:25.000000000 +0100
+++ new/libgcrypt-1.8.1/tests/t-common.h 2017-08-02 18:46:55.000000000 +0200
@@ -158,3 +158,41 @@
die ("line %d: gcry_control (%s) failed: %s", \
__LINE__, #cmd, gcry_strerror (err__)); \
} while (0)
+
+
+/* Split a string into colon delimited fields A pointer to each field
+ * is stored in ARRAY. Stop splitting at ARRAYSIZE fields. The
+ * function modifies STRING. The number of parsed fields is returned.
+ * Note that leading and trailing spaces are not removed from the fields.
+ * Example:
+ *
+ * char *fields[2];
+ * if (split_fields (string, fields, DIM (fields)) < 2)
+ * return // Not enough args.
+ * foo (fields[0]);
+ * foo (fields[1]);
+ */
+#ifdef NEED_EXTRA_TEST_SUPPORT
+static int
+split_fields_colon (char *string, char **array, int arraysize)
+{
+ int n = 0;
+ char *p, *pend;
+
+ p = string;
+ do
+ {
+ if (n == arraysize)
+ break;
+ array[n++] = p;
+ pend = strchr (p, ':');
+ if (!pend)
+ break;
+ *pend++ = 0;
+ p = pend;
+ }
+ while (*p);
+
+ return n;
+}
+#endif /*NEED_EXTRA_TEST_SUPPORT*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/tests/t-convert.c new/libgcrypt-1.8.1/tests/t-convert.c
--- old/libgcrypt-1.8.0/tests/t-convert.c 2017-01-18 15:24:25.000000000 +0100
+++ new/libgcrypt-1.8.1/tests/t-convert.c 2017-08-02 18:46:55.000000000 +0200
@@ -435,7 +435,8 @@
if (gcry_mpi_cmp (a, b) || data[idx].a.stdlen != buflen)
{
fail ("error scanning value %d from %s: %s (%lu)\n",
- data[idx].value, "STD", "wrong result", buflen);
+ data[idx].value, "STD", "wrong result",
+ (long unsigned int)buflen);
showmpi ("expected:", a);
showmpi (" got:", b);
}
@@ -452,7 +453,8 @@
if (gcry_mpi_cmp (a, b) || data[idx].a.sshlen != buflen)
{
fail ("error scanning value %d from %s: %s (%lu)\n",
- data[idx].value, "SSH", "wrong result", buflen);
+ data[idx].value, "SSH", "wrong result",
+ (long unsigned int)buflen);
showmpi ("expected:", a);
showmpi (" got:", b);
}
@@ -471,7 +473,8 @@
if (gcry_mpi_cmp (a, b) || data[idx].a.usglen != buflen)
{
fail ("error scanning value %d from %s: %s (%lu)\n",
- data[idx].value, "USG", "wrong result", buflen);
+ data[idx].value, "USG", "wrong result",
+ (long unsigned int)buflen);
showmpi ("expected:", a);
showmpi (" got:", b);
}
@@ -492,7 +495,8 @@
if (gcry_mpi_cmp (a, b) || data[idx].a.pgplen != buflen)
{
fail ("error scanning value %d from %s: %s (%lu)\n",
- data[idx].value, "PGP", "wrong result", buflen);
+ data[idx].value, "PGP", "wrong result",
+ (long unsigned int)buflen);
showmpi ("expected:", a);
showmpi (" got:", b);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libgcrypt-1.8.0/tests/t-ed25519.c new/libgcrypt-1.8.1/tests/t-ed25519.c
--- old/libgcrypt-1.8.0/tests/t-ed25519.c 2017-01-18 15:24:25.000000000 +0100
+++ new/libgcrypt-1.8.1/tests/t-ed25519.c 2017-08-02 18:46:55.000000000 +0200
@@ -74,7 +74,7 @@
/* Prepend FNAME with the srcdir environment variable's value and
- retrun an allocated filename. */
+ * return an allocated filename. */
char *
prepend_srcdir (const char *fname)
{