diff --git a/AUTHORS b/AUTHORS index ab7a525..ee336b2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -21,7 +21,7 @@ year that would otherwise be listed individually. List of Copyright holders ========================= - Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. + Copyright (C) 1989,1991-2019 Free Software Foundation, Inc. Copyright (C) 1994 X Consortium Copyright (C) 1996 L. Peter Deutsch Copyright (C) 1997 Werner Koch @@ -30,7 +30,7 @@ List of Copyright holders Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett Copyright (C) 2003 Nikos Mavroyanopoulos Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) - Copyright (C) 2012-2018 g10 Code GmbH + Copyright (C) 2012-2019 g10 Code GmbH Copyright (C) 2012 Simon Josefsson, Niels Möller Copyright (c) 2012 Intel Corporation Copyright (C) 2013 Christian Grothoff diff --git a/ChangeLog b/ChangeLog index cd73661..808b0fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,143 @@ +2019-08-29 Werner Koch + + Release 1.8.5. + + commit 56606331bc2a80536db9fc11ad53695126007298 + + +2019-08-16 NIIBE Yutaka + + ecdsa: Fix unblinding too early. + + commit 1862f402d363dce946c3169d4f4f48c5eee052f1 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until + the last step. + +2019-08-09 NIIBE Yutaka + + dsa,ecdsa: Fix use of nonce, use larger one. + + commit db4e9976cc31b314aafad6626b2894e86ee44d60 + * cipher/dsa-common.c (_gcry_dsa_modify_k): New. + * cipher/pubkey-internal.h (_gcry_dsa_modify_k): New. + * cipher/dsa.c (sign): Use _gcry_dsa_modify_k. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. + * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise. + +2019-08-07 NIIBE Yutaka + Ján Jančár + + ecc: Add mitigation against timing attack. + + commit d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K. + * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger. + +2019-08-07 NIIBE Yutaka + + dsa,ecdsa: Allocate secure memory for RFC6979 generation. + + commit 5ad654a330859b140ffb69502c99e269f2cca9f3 + * cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use secure memory + just like _gcry_dsa_gen_k does. + +2019-07-15 NIIBE Yutaka + + tests: t-mpi-point: Remove implementation dependent checks. + + commit 0147a5e69e497fa0433e61faef77aa6ddf071aea + * tests/t-mpi-point.c (basic_ec_math): Remove comparing X and Y, + only comparison of Z is relevant, mathematically. + Remove useless check, where different values in equivalence class + exist. + (basic_ec_math_simplified): Likewise. + +2018-11-19 Andreas Metzler + + doc: Fix library initialization examples. + + commit 6faeca72b455541ed6da45c5e71c8eb7b10b8c0b + + +2018-11-14 Werner Koch + + random: Initialize variable as requested by valgrind. + + commit 35e002d4b842f25e3fcb6036c21bdafc5214317e + random/jitterentropy-base.c: Init. + +2018-11-13 NIIBE Yutaka + + libgcrypt.m4: Update from master. + + commit 4141caabe76ad092f3487b4516ee481fba837adb + * src/libgcrypt.m4: Update from master. + +2018-10-30 NIIBE Yutaka + + libgcrypt.m4: Update from master. + + commit 0216418ab23a690662764098a17002754202a2c2 + * src/libgcrypt.m4: Update. + + libgrypt.pc: Provide pkg-config file. + + commit 813b002eaf3052586f25b36d0b72668cfad3e0ee + * configure.ac: Generate src/libgcrypt.pc. + * src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New. + (EXTRA_DIST): Add libgcrypt.pc.in. + * src/libgcrypt.pc.in: New. + +2018-10-26 Werner Koch + + Release 1.8.4. + + commit 93775172713c00c363187b5d6a88895b04ac7c8e + + +2018-10-26 Daniel Kahn Gillmor + + random: use getrandom() on Linux where available. + + commit 0973c3f9ee7a9ad7c97b77849ed33ecd6789c787 + * random/rndlinux.c (_gcry_rndlinux_gather_random): use the + getrandom() syscall on Linux if it exists, regardless of what kind of + entropy was requested. + +2018-10-26 Werner Koch + + random: Make sure to re-open /dev/random after a fork. + + commit 60885655756dd0427872b8f01c06da14eab5af70 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Detect fork and + re-open devices. + + primes: Avoid leaking bits of the prime test to pageable memory. + + commit 5b1d022293c5779b1150a7653cce4e3bf494a07c + * cipher/primegen.c (gen_prime): Allocate MODS in secure memory. + +2018-10-24 Werner Koch + + build: Add release make target. + + commit 99a5babfd1e759310db8ab8b11d182f2e139dfb1 + * Makefile.am (release, sign-release): New targets. + + (cherry picked from commit 03bb25ee7ed6f1076bf788ab981ca68672880daa) + + Fix memory leak in secmem in out of core conditions. + + commit abd267bf239345ceae5c0de239d1530b427a53a1 + * src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor + if the pool could not be allocated. + + ecc: Fix memory leak in the error case of ecc_encrypt_raw. + + commit 60224352f4de1189e0076c6172886dc787a1e6e6 + * cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main + block. + + ecc: Fix possible memory leakage in parameter check of eddsa. + + commit 347987d4cf29b6a611b7fafa14fddeb50c0651d2 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak. + + ecc: Fix potential unintended freeing of an internal param. + + commit be68b3ee4fd1f85edc95eaad11c8fd52ccd27ccd + * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error + + sexp: Fix uninitialized use of a var in the error case. + + commit 8cc7cac82ec2087c3e1ece56dbd12855a383f090 + * src/sexp.c (_gcry_sexp_vextract_param): Initialize L1. + +2018-06-19 Will Dietz + + random: Fix hang of _gcry_rndjent_get_version. + + commit 20c034865f2dd15ce2871385b6e29c15d1570539 + * random/rndjent.c (_gcry_rndjent_get_version): Move locking. + 2018-06-13 Werner Koch Release 1.8.3. diff --git a/Makefile.am b/Makefile.am index f97af7f..5b43ca2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,8 +14,17 @@ # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# License along with this program; if not, see . +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Location of the released tarball archives. Note that this is an +# internal archive and before uploading this to the public server, +# manual tests should be run and the git release tagged and pushed. +# Adjust as needed. +RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgcrypt/v1.8/ +# The key used to sign the released sources. Adjust as needed. +RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 + ACLOCAL_AMFLAGS = -I m4 DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \ @@ -92,3 +101,50 @@ gen-ChangeLog: stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libgcrypt + +# Macro to help the release target. +RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION) + +release: + +(set -e;\ + if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \ + echo "error: build directory must not be the source directory" >&2;\ + exit 2;\ + fi ;\ + echo "/* Build started at $$(date -uIseconds) */" ;\ + cd $(top_srcdir); \ + ./autogen.sh --force; \ + cd $(abs_top_builddir); \ + rm -rf dist; mkdir dist ; cd dist ; \ + $(abs_top_srcdir)/configure --enable-maintainer-mode; \ + $(MAKE) distcheck; \ + echo "/* Build finished at $$(date -uIseconds) */" ;\ + echo "/*" ;\ + echo " * Please run the final step interactivly:" ;\ + echo " * make sign-release" ;\ + echo " */" ;\ + ) 2>&1 | tee "$(RELEASE_NAME).buildlog" + +sign-release: + +(set -e; \ + cd dist; \ + files1="$(RELEASE_NAME).tar.bz2 \ + $(RELEASE_NAME).tar.gz" ; \ + files2="$(RELEASE_NAME).tar.bz2.sig \ + $(RELEASE_NAME).tar.gz.sig \ + $(RELEASE_NAME).swdb \ + $(RELEASE_NAME).buildlog" ;\ + echo "/* Signing the source tarball ..." ;\ + gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\ + gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.gz ;\ + cat $(RELEASE_NAME).swdb >swdb.snippet;\ + echo >>swdb.snippet ;\ + sha1sum $${files1} >>swdb.snippet ;\ + cat "../$(RELEASE_NAME).buildlog" swdb.snippet \ + | gzip >$(RELEASE_NAME).buildlog ;\ + echo "Copying to local archive ..." ;\ + scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\ + echo '/*' ;\ + echo ' * All done; for checksums see dist/swdb.snippet' ;\ + echo ' */' ;\ + ) diff --git a/Makefile.in b/Makefile.in index c8edfa4..75653a2 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -29,10 +29,20 @@ # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# License along with this program; if not, see . +# SPDX-License-Identifier: LGPL-2.1-or-later VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -96,20 +106,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . -DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \ - $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) \ - $(srcdir)/config.h.in COPYING COPYING.LIB THANKS TODO \ - build-aux/compile build-aux/config.guess \ - build-aux/config.rpath build-aux/config.sub build-aux/depcomp \ - build-aux/install-sh build-aux/mdate-sh build-aux/missing \ - mkinstalldirs build-aux/texinfo.tex build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/compile \ - $(top_srcdir)/build-aux/config.guess \ - $(top_srcdir)/build-aux/config.sub \ - $(top_srcdir)/build-aux/install-sh \ - $(top_srcdir)/build-aux/ltmain.sh \ - $(top_srcdir)/build-aux/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -120,6 +116,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -182,6 +180,18 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags CSCOPE = cscope +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/build-aux/compile \ + $(top_srcdir)/build-aux/config.guess \ + $(top_srcdir)/build-aux/config.sub \ + $(top_srcdir)/build-aux/install-sh \ + $(top_srcdir)/build-aux/ltmain.sh \ + $(top_srcdir)/build-aux/missing AUTHORS COPYING COPYING.LIB \ + ChangeLog INSTALL NEWS README THANKS TODO build-aux/compile \ + build-aux/config.guess build-aux/config.rpath \ + build-aux/config.sub build-aux/depcomp build-aux/install-sh \ + build-aux/ltmain.sh build-aux/mdate-sh build-aux/missing \ + build-aux/texinfo.tex mkinstalldirs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -385,6 +395,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ + +# Location of the released tarball archives. Note that this is an +# internal archive and before uploading this to the public server, +# manual tests should be run and the git release tagged and pushed. +# Adjust as needed. +RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgcrypt/v1.8/ +# The key used to sign the released sources. Adjust as needed. +RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 ACLOCAL_AMFLAGS = -I m4 DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \ --enable-random=auto @@ -404,6 +422,9 @@ EXTRA_DIST = autogen.sh autogen.rc README.GIT LICENSES \ DISTCLEANFILES = gen_start_date = 2011-12-01T14:00:00 + +# Macro to help the release target. +RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION) all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -423,7 +444,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -656,15 +676,15 @@ dist-xz: distdir $(am__post_remove_distdir) dist-tarZ: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) @@ -700,18 +720,18 @@ distcheck: dist esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && $(MAKE) $(AM_MAKEFLAGS) distcheck-hook \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=.. --prefix="$$dc_install_base" \ + --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -889,6 +909,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Add all the files listed in "distfiles" files to the distribution, # apply version number s to some files and create a VERSION file which @@ -934,6 +956,50 @@ gen-ChangeLog: stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libgcrypt +release: + +(set -e;\ + if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \ + echo "error: build directory must not be the source directory" >&2;\ + exit 2;\ + fi ;\ + echo "/* Build started at $$(date -uIseconds) */" ;\ + cd $(top_srcdir); \ + ./autogen.sh --force; \ + cd $(abs_top_builddir); \ + rm -rf dist; mkdir dist ; cd dist ; \ + $(abs_top_srcdir)/configure --enable-maintainer-mode; \ + $(MAKE) distcheck; \ + echo "/* Build finished at $$(date -uIseconds) */" ;\ + echo "/*" ;\ + echo " * Please run the final step interactivly:" ;\ + echo " * make sign-release" ;\ + echo " */" ;\ + ) 2>&1 | tee "$(RELEASE_NAME).buildlog" + +sign-release: + +(set -e; \ + cd dist; \ + files1="$(RELEASE_NAME).tar.bz2 \ + $(RELEASE_NAME).tar.gz" ; \ + files2="$(RELEASE_NAME).tar.bz2.sig \ + $(RELEASE_NAME).tar.gz.sig \ + $(RELEASE_NAME).swdb \ + $(RELEASE_NAME).buildlog" ;\ + echo "/* Signing the source tarball ..." ;\ + gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\ + gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.gz ;\ + cat $(RELEASE_NAME).swdb >swdb.snippet;\ + echo >>swdb.snippet ;\ + sha1sum $${files1} >>swdb.snippet ;\ + cat "../$(RELEASE_NAME).buildlog" swdb.snippet \ + | gzip >$(RELEASE_NAME).buildlog ;\ + echo "Copying to local archive ..." ;\ + scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\ + echo '/*' ;\ + echo ' * All done; for checksums see dist/swdb.snippet' ;\ + echo ' */' ;\ + ) + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/NEWS b/NEWS index b77980c..794de20 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,43 @@ +Noteworthy changes in version 1.8.5 (2019-08-29) [C22/A2/R5] +------------------------------------------------ + + * Bug fixes: + + - Add mitigation against an ECDSA timing attack. + [#4626,CVE-2019-13627] + + - Improve ECDSA unblinding. + + * Other features: + + - Provide a pkg-config file for libgcrypt. + + Release-info: https://dev.gnupg.org/T4683 + + +Noteworthy changes in version 1.8.4 (2018-10-26) [C22/A2/R4] +------------------------------------------------ + + * Bug fixes: + + - Fix infinite loop due to applications using fork the wrong + way. [#3491] + + - Fix possible leak of a few bits of secret primes to pageable + memory. [#3848] + + - Fix possible hang in the RNG (1.8.3 only). [#4034] + + - Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212] + + * Performance: + + - On Linux always make use of getrandom if possible and then use + its /dev/urandom behaviour. [#3894] + + Release-info: https://dev.gnupg.org/T4234 + + Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3] ------------------------------------------------ @@ -16,6 +56,8 @@ Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3] - Fix rare assertion failure in gcry_prime_check. + Release-info: https://dev.gnupg.org/T4016 + Noteworthy changes in version 1.8.2 (2017-12-13) [C22/A2/R2] ------------------------------------------------ diff --git a/README b/README index 7ac8e4a..e73c8d0 100644 --- a/README +++ b/README @@ -26,14 +26,10 @@ The download canonical location for libgcrypt is: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/ - or https://gnupg.org/ftp/gcrypt/libgcrypt/ To build libgcrypt you need libgpg-error: - ftp://ftp.gnupg.org/gcrypt/libgpg-error/ - or https://gnupg.org/ftp/gcrypt/libgpg-error/ You should get the latest versions of course. @@ -193,6 +189,9 @@ Build Problems -------------- + If you have a problem with a certain release, please first check + the Release-info URL given in the NEWS file. + We can't check all assembler files, so if you have problems assembling them (or the program crashes) use --disable-asm with ./configure. If you opt to delete individual replacement files in diff --git a/VERSION b/VERSION index a7ee35a..8decb92 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.8.3 +1.8.5 diff --git a/aclocal.m4 b/aclocal.m4 index 73804e9..01bccfe 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.15 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +# Copyright (C) 2002-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.]) # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.14' +[am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.14.1], [], +m4_if([$1], [1.15], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.14.1])dnl +[AM_AUTOMAKE_VERSION([1.15])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # Figure out how to run the assembler. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -78,7 +78,7 @@ _AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -130,7 +130,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -161,7 +161,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -352,7 +352,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -428,7 +428,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -518,8 +518,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -593,6 +593,9 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not @@ -622,7 +625,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -633,7 +636,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -643,7 +646,7 @@ if test x"${install_sh}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -665,7 +668,7 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -700,7 +703,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -750,7 +753,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -789,7 +792,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -818,7 +821,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -865,7 +868,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -884,7 +887,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -965,7 +968,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2009-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1025,7 +1028,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1053,7 +1056,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1072,7 +1075,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/cipher/Makefile.in b/cipher/Makefile.in index 7c91bb9..0da37f0 100644 --- a/cipher/Makefile.in +++ b/cipher/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -36,7 +36,17 @@ # Process this file with automake to produce Makefile.in VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -100,8 +110,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = cipher -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -112,6 +120,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,6 +211,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -465,7 +476,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu cipher/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu cipher/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -882,6 +892,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + gost28147.lo: gost-sb.h gost-sb.h: gost-s-box diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c index 6f2c2f9..fe49248 100644 --- a/cipher/dsa-common.c +++ b/cipher/dsa-common.c @@ -30,6 +30,30 @@ /* + * Modify K, so that computation time difference can be small, + * by making K large enough. + * + * Originally, (EC)DSA computation requires k where 0 < k < q. Here, + * we add q (the order), to keep k in a range: q < k < 2*q (or, + * addming more q, to keep k in a range: 2*q < k < 3*q), so that + * timing difference of the EC multiply (or exponentiation) operation + * can be small. The result of (EC)DSA computation is same. + */ +void +_gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits) +{ + gcry_mpi_t k1 = mpi_new (qbits+2); + + mpi_resize (k, (qbits+2+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB); + k->nlimbs = k->alloced; + mpi_add (k, k, q); + mpi_add (k1, k, q); + mpi_set_cond (k, k1, !mpi_test_bit (k, qbits)); + + mpi_free (k1); +} + +/* * Generate a random secret exponent K less than Q. * Note that ECDSA uses this code also to generate D. */ @@ -265,7 +289,7 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, memcpy (V, _gcry_md_read (hd, 0), hlen); /* Step h. */ - t = xtrymalloc ((qbits+7)/8+hlen); + t = xtrymalloc_secure ((qbits+7)/8+hlen); if (!t) { rc = gpg_err_code_from_syserror (); diff --git a/cipher/dsa.c b/cipher/dsa.c index 22d8d78..24a5352 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -635,6 +635,8 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey, k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM); } + _gcry_dsa_modify_k (k, skey->q, qbits); + /* r = (a^k mod p) mod q */ mpi_powm( r, skey->g, k, skey->p ); mpi_fdiv_r( r, r, skey->q ); diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c index 140e8c0..20e5cfb 100644 --- a/cipher/ecc-ecdsa.c +++ b/cipher/ecc-ecdsa.c @@ -114,6 +114,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, else k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM); + _gcry_dsa_modify_k (k, skey->E.n, qbits); + _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx); if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx)) { @@ -126,13 +128,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } while (!mpi_cmp_ui (r, 0)); + /* Computation of dr, sum, and s are blinded with b. */ mpi_mulm (dr, b, skey->d, skey->E.n); - mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */ + mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n */ mpi_mulm (sum, b, hash, skey->E.n); - mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */ - mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */ + mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n */ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */ + /* Undo blinding by b^-1 */ + mpi_mulm (s, bi, s, skey->E.n); } while (!mpi_cmp_ui (s, 0)); diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 813e030..89b708a 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -760,7 +760,10 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey, pkey->E.p, pkey->E.a, pkey->E.b); b = ctx->nbits/8; if (b != 256/8) - return GPG_ERR_INTERNAL; /* We only support 256 bit. */ + { + rc = GPG_ERR_INTERNAL; /* We only support 256 bit. */ + goto leave; + } /* Decode and check the public key. */ rc = _gcry_ecc_eddsa_decodepoint (pk, ctx, &Q, &encpk, &encpklen); diff --git a/cipher/ecc-gost.c b/cipher/ecc-gost.c index a34fa08..0362a6c 100644 --- a/cipher/ecc-gost.c +++ b/cipher/ecc-gost.c @@ -94,6 +94,8 @@ _gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey, mpi_free (k); k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM); + _gcry_dsa_modify_k (k, skey->E.n, qbits); + _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx); if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx)) { diff --git a/cipher/ecc.c b/cipher/ecc.c index 4e3e5b1..3f221a2 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1392,6 +1392,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) unsigned char *rawmpi; unsigned int rawmpilen; + rc = 0; x = mpi_new (0); if (ec->model == MPI_EC_MONTGOMERY) y = NULL; @@ -1418,7 +1419,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) if (!(flags & PUBKEY_FLAG_DJB_TWEAK)) { /* It's not for X25519, then, the input data was simply wrong. */ rc = GPG_ERR_INV_DATA; - goto leave; + goto leave_main; } } if (y) @@ -1443,7 +1444,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) { rc = GPG_ERR_INV_DATA; - goto leave; + goto leave_main; } if (y) mpi_e = _gcry_ecc_ec2os (x, y, pk.E.p); @@ -1461,11 +1462,12 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } } - + leave_main: mpi_free (x); mpi_free (y); - point_free (&R); + if (rc) + goto leave; } if (!rc) diff --git a/cipher/primegen.c b/cipher/primegen.c index ce5ad3c..e24de4d 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -758,7 +758,8 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, if (nbits < 16) log_fatal ("can't generate a prime with less than %d bits\n", 16); - mods = xmalloc (no_of_small_prime_numbers * sizeof *mods); + mods = (secret? xmalloc_secure (no_of_small_prime_numbers * sizeof *mods) + /* */ : xmalloc (no_of_small_prime_numbers * sizeof *mods)); /* Make nbits fit into gcry_mpi_t implementation. */ val_2 = mpi_alloc_set_ui( 2 ); val_3 = mpi_alloc_set_ui( 3); diff --git a/cipher/pubkey-internal.h b/cipher/pubkey-internal.h index b8167c7..d31e26f 100644 --- a/cipher/pubkey-internal.h +++ b/cipher/pubkey-internal.h @@ -84,6 +84,7 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded, /*-- dsa-common.c --*/ +void _gcry_dsa_modify_k (gcry_mpi_t k, gcry_mpi_t q, int qbits); gcry_mpi_t _gcry_dsa_gen_k (gcry_mpi_t q, int security_level); gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, gcry_mpi_t dsa_q, gcry_mpi_t dsa_x, diff --git a/compat/Makefile.in b/compat/Makefile.in index 3a2d403..a114124 100644 --- a/compat/Makefile.in +++ b/compat/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -47,7 +47,17 @@ # if -- disable-static was used. VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -111,8 +121,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = compat -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am clock.c \ - getpid.c $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -123,6 +131,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -194,6 +203,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp clock.c getpid.c DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -383,7 +394,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu compat/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu compat/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -656,6 +666,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # AC_LIBOBJ files are: # getpid.c diff --git a/compat/compat.c b/compat/compat.c index 8b001de..1feb5f9 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -30,8 +30,8 @@ _gcry_compat_identification (void) static const char blurb[] = "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" - "Copyright (C) 2000-2018 Free Software Foundation, Inc.\n" - "Copyright (C) 2012-2018 g10 Code GmbH\n" + "Copyright (C) 2000-2019 Free Software Foundation, Inc.\n" + "Copyright (C) 2012-2019 g10 Code GmbH\n" "Copyright (C) 2013-2018 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" diff --git a/configure b/configure index 017ce48..53c3e04 100755 --- a/configure +++ b/configure @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.3. +# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.5. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libgcrypt' PACKAGE_TARNAME='libgcrypt' -PACKAGE_VERSION='1.8.3' -PACKAGE_STRING='libgcrypt 1.8.3' +PACKAGE_VERSION='1.8.5' +PACKAGE_STRING='libgcrypt 1.8.5' PACKAGE_BUGREPORT='http://bugs.gnupg.org' PACKAGE_URL='' @@ -1453,7 +1453,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libgcrypt 1.8.3 to adapt to many kinds of systems. +\`configure' configures libgcrypt 1.8.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1523,7 +1523,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libgcrypt 1.8.3:";; + short | recursive ) echo "Configuration of libgcrypt 1.8.5:";; esac cat <<\_ACEOF @@ -1692,7 +1692,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libgcrypt configure 1.8.3 +libgcrypt configure 1.8.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2344,7 +2344,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libgcrypt $as_me 1.8.3, which was +It was created by libgcrypt $as_me 1.8.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2693,13 +2693,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -# LT Version numbers, remember to change them just *before* a release. +# LT Version numbers: In this branch we only change the revision. # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=22 LIBGCRYPT_LT_AGE=2 -LIBGCRYPT_LT_REVISION=3 +LIBGCRYPT_LT_REVISION=5 # If the API is changed in an incompatible way: increment the next counter. @@ -2745,7 +2745,7 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. -am__api_version='1.14' +am__api_version='1.15' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -2937,7 +2937,7 @@ else $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -3231,7 +3231,7 @@ fi # Define the identity of the package. PACKAGE='libgcrypt' - VERSION='1.8.3' + VERSION='1.8.5' cat >>confdefs.h <<_ACEOF @@ -3265,8 +3265,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -3486,7 +3486,7 @@ cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF -VERSION_NUMBER=0x010803 +VERSION_NUMBER=0x010805 @@ -18826,7 +18826,7 @@ fi # # Provide information about the build. # -BUILD_REVISION="5600d2d" +BUILD_REVISION="56606331" cat >>confdefs.h <<_ACEOF @@ -18835,7 +18835,7 @@ _ACEOF BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` -BUILD_FILEVERSION="${BUILD_FILEVERSION}22016" +BUILD_FILEVERSION="${BUILD_FILEVERSION}22112" # Check whether --enable-build-timestamp was given. @@ -18858,7 +18858,7 @@ _ACEOF # And create the files. -ac_config_files="$ac_config_files Makefile m4/Makefile compat/Makefile mpi/Makefile cipher/Makefile random/Makefile doc/Makefile src/Makefile src/gcrypt.h src/libgcrypt-config src/versioninfo.rc tests/Makefile" +ac_config_files="$ac_config_files Makefile m4/Makefile compat/Makefile mpi/Makefile cipher/Makefile random/Makefile doc/Makefile src/Makefile src/gcrypt.h src/libgcrypt-config src/libgcrypt.pc src/versioninfo.rc tests/Makefile" ac_config_files="$ac_config_files tests/hashtest-256g" @@ -19503,7 +19503,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libgcrypt $as_me 1.8.3, which was +This file was extended by libgcrypt $as_me 1.8.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19573,7 +19573,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libgcrypt config.status 1.8.3 +libgcrypt config.status 1.8.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -20077,6 +20077,7 @@ do "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/gcrypt.h") CONFIG_FILES="$CONFIG_FILES src/gcrypt.h" ;; "src/libgcrypt-config") CONFIG_FILES="$CONFIG_FILES src/libgcrypt-config" ;; + "src/libgcrypt.pc") CONFIG_FILES="$CONFIG_FILES src/libgcrypt.pc" ;; "src/versioninfo.rc") CONFIG_FILES="$CONFIG_FILES src/versioninfo.rc" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; "tests/hashtest-256g") CONFIG_FILES="$CONFIG_FILES tests/hashtest-256g" ;; diff --git a/configure.ac b/configure.ac index dfcd4ef..97ab209 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [8]) -m4_define(mym4_version_micro, [3]) +m4_define(mym4_version_micro, [5]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -50,13 +50,13 @@ m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) -# LT Version numbers, remember to change them just *before* a release. +# LT Version numbers: In this branch we only change the revision. # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=22 LIBGCRYPT_LT_AGE=2 -LIBGCRYPT_LT_REVISION=3 +LIBGCRYPT_LT_REVISION=5 # If the API is changed in an incompatible way: increment the next counter. @@ -2613,6 +2613,7 @@ doc/Makefile src/Makefile src/gcrypt.h src/libgcrypt-config +src/libgcrypt.pc src/versioninfo.rc tests/Makefile ]) diff --git a/doc/Makefile.in b/doc/Makefile.in index 89c3b30..377eb7e 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,7 +32,17 @@ # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -96,10 +106,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(gcrypt_TEXINFOS) $(top_srcdir)/build-aux/mdate-sh \ - $(srcdir)/version.texi $(srcdir)/stamp-vti \ - $(top_srcdir)/build-aux/texinfo.tex ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -110,6 +116,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/version.texi \ + $(srcdir)/stamp-vti $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,6 +214,9 @@ man1dir = $(mandir)/man1 NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(gcrypt_TEXINFOS) $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/mdate-sh \ + $(top_srcdir)/build-aux/texinfo.tex DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -405,7 +416,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -484,15 +494,16 @@ $(srcdir)/stamp-vti: gcrypt.texi $(top_srcdir)/configure echo "@set UPDATED $$1 $$2 $$3"; \ echo "@set UPDATED-MONTH $$2 $$3"; \ echo "@set EDITION $(VERSION)"; \ - echo "@set VERSION $(VERSION)") > vti.tmp - @cmp -s vti.tmp $(srcdir)/version.texi \ - || (echo "Updating $(srcdir)/version.texi"; \ - cp vti.tmp $(srcdir)/version.texi) - -@rm -f vti.tmp + echo "@set VERSION $(VERSION)") > vti.tmp$$$$ && \ + (cmp -s vti.tmp$$$$ $(srcdir)/version.texi \ + || (echo "Updating $(srcdir)/version.texi" && \ + cp vti.tmp$$$$ $(srcdir)/version.texi.tmp$$$$ && \ + mv $(srcdir)/version.texi.tmp$$$$ $(srcdir)/version.texi)) && \ + rm -f vti.tmp$$$$ $(srcdir)/version.texi.$$$$ @cp $(srcdir)/version.texi $@ mostlyclean-vti: - -rm -f vti.tmp + -rm -f vti.tmp* $(srcdir)/version.texi.tmp* maintainer-clean-vti: @MAINTAINER_MODE_TRUE@ -rm -f $(srcdir)/stamp-vti $(srcdir)/version.texi @@ -894,6 +905,8 @@ uninstall-man: uninstall-man1 uninstall-dvi-am uninstall-html-am uninstall-info-am \ uninstall-man uninstall-man1 uninstall-pdf-am uninstall-ps-am +.PRECIOUS: Makefile + yat2m: yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c diff --git a/doc/fips-fsm.eps b/doc/fips-fsm.eps index e36c08c..61873b0 100644 --- a/doc/fips-fsm.eps +++ b/doc/fips-fsm.eps @@ -1,7 +1,7 @@ %!PS-Adobe-3.0 EPSF-3.0 %%Title: /home/wk/s/libgcrypt-1.8/doc/fips-fsm.fig %%Creator: fig2dev Version 3.2 Patchlevel 5e -%%CreationDate: Thu Nov 23 19:46:17 2017 +%%CreationDate: Thu Aug 29 15:12:05 2019 %%BoundingBox: 0 0 497 579 %Magnification: 1.0000 %%EndComments diff --git a/doc/fips-fsm.pdf b/doc/fips-fsm.pdf index 5a50439..8896579 100644 Binary files a/doc/fips-fsm.pdf and b/doc/fips-fsm.pdf differ diff --git a/doc/gcrypt.info b/doc/gcrypt.info index a8be43d..881130a 100644 --- a/doc/gcrypt.info +++ b/doc/gcrypt.info @@ -1,6 +1,6 @@ -This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi. +This is gcrypt.info, produced by makeinfo version 6.5 from gcrypt.texi. -This manual is for Libgcrypt (version 1.8.3, 13 June 2018), which is +This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -20,114 +20,114 @@ END-INFO-DIR-ENTRY  Indirect: -gcrypt.info-1: 835 -gcrypt.info-2: 300845 +gcrypt.info-1: 839 +gcrypt.info-2: 301225  Tag Table: (Indirect) -Node: Top835 -Node: Introduction3361 -Node: Getting Started3733 -Node: Features4613 -Node: Overview5397 -Node: Preparation6020 -Node: Header6943 -Node: Building sources8014 -Node: Building sources using Automake9931 -Node: Initializing the library11859 -Ref: sample-use-suspend-secmem14927 -Ref: sample-use-resume-secmem15770 -Node: Multi-Threading16673 -Ref: Multi-Threading-Footnote-117852 -Node: Enabling FIPS mode18261 -Ref: enabling fips mode18442 -Node: Hardware features20254 -Ref: hardware features20421 -Ref: Hardware features-Footnote-121502 -Node: Generalities21663 -Node: Controlling the library21922 -Node: Error Handling40093 -Node: Error Values42632 -Node: Error Sources47572 -Node: Error Codes49840 -Node: Error Strings53316 -Node: Handler Functions54500 -Node: Progress handler55059 -Node: Allocation handler57208 -Node: Error handler58754 -Node: Logging handler60320 -Node: Symmetric cryptography60912 -Node: Available ciphers61652 -Node: Available cipher modes64333 -Node: Working with cipher handles68186 -Node: General cipher functions79690 -Node: Public Key cryptography83216 -Node: Available algorithms83982 -Node: Used S-expressions84331 -Node: RSA key parameters85448 -Node: DSA key parameters86723 -Node: ECC key parameters87377 -Ref: ecc_keyparam87528 -Node: Cryptographic Functions89399 -Node: General public-key related Functions101246 -Node: Hashing114915 -Node: Available hash algorithms115648 -Node: Working with hash algorithms121611 -Node: Message Authentication Codes135743 -Node: Available MAC algorithms136411 -Node: Working with MAC algorithms141573 -Node: Key Derivation147561 -Node: Random Numbers149963 -Node: Quality of random numbers150246 -Node: Retrieving random numbers150929 -Node: S-expressions152418 -Node: Data types for S-expressions153063 -Node: Working with S-expressions153389 -Node: MPI library167054 -Node: Data types168076 -Node: Basic functions168385 -Node: MPI formats170849 -Node: Calculations174373 -Node: Comparisons176642 -Node: Bit manipulations177645 -Node: EC functions178967 -Ref: gcry_mpi_ec_new181916 -Node: Miscellaneous187475 -Node: Prime numbers191619 -Node: Generation191889 -Node: Checking193176 -Node: Utilities193586 -Node: Memory allocation193963 -Node: Context management195319 -Ref: gcry_ctx_release195757 -Node: Buffer description195918 -Node: Config reporting196705 -Node: Tools197655 -Node: hmac256197822 -Node: Configuration198828 -Node: Architecture201881 -Ref: fig:subsystems203405 -Ref: Architecture-Footnote-1204491 -Ref: Architecture-Footnote-2204553 -Node: Public-Key Subsystem Architecture204637 -Node: Symmetric Encryption Subsystem Architecture206915 -Node: Hashing and MACing Subsystem Architecture208361 -Node: Multi-Precision-Integer Subsystem Architecture210284 -Node: Prime-Number-Generator Subsystem Architecture211722 -Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1213653 -Node: Random-Number Subsystem Architecture213945 -Node: CSPRNG Description216894 -Ref: CSPRNG Description-Footnote-1218450 -Node: FIPS PRNG Description218573 -Node: Self-Tests220707 -Node: FIPS Mode232166 -Ref: fig:fips-fsm235992 -Ref: tbl:fips-states236095 -Ref: tbl:fips-state-transitions237347 -Node: Library Copying240968 -Node: Copying269074 -Node: Figures and Tables288250 -Node: Concept Index288675 -Node: Function and Data Index300845 +Node: Top839 +Node: Introduction3369 +Node: Getting Started3741 +Node: Features4621 +Node: Overview5405 +Node: Preparation6028 +Node: Header6951 +Node: Building sources8022 +Node: Building sources using Automake9939 +Node: Initializing the library11867 +Ref: sample-use-suspend-secmem15259 +Ref: sample-use-resume-secmem16102 +Node: Multi-Threading17005 +Ref: Multi-Threading-Footnote-118184 +Node: Enabling FIPS mode18593 +Ref: enabling fips mode18774 +Node: Hardware features20586 +Ref: hardware features20753 +Ref: Hardware features-Footnote-121834 +Node: Generalities21995 +Node: Controlling the library22254 +Node: Error Handling40425 +Node: Error Values42964 +Node: Error Sources47904 +Node: Error Codes50172 +Node: Error Strings53648 +Node: Handler Functions54832 +Node: Progress handler55391 +Node: Allocation handler57540 +Node: Error handler59086 +Node: Logging handler60652 +Node: Symmetric cryptography61244 +Node: Available ciphers61984 +Node: Available cipher modes64665 +Node: Working with cipher handles68518 +Node: General cipher functions80022 +Node: Public Key cryptography83548 +Node: Available algorithms84314 +Node: Used S-expressions84663 +Node: RSA key parameters85780 +Node: DSA key parameters87055 +Node: ECC key parameters87709 +Ref: ecc_keyparam87860 +Node: Cryptographic Functions89731 +Node: General public-key related Functions101578 +Node: Hashing115247 +Node: Available hash algorithms115980 +Node: Working with hash algorithms121943 +Node: Message Authentication Codes136075 +Node: Available MAC algorithms136743 +Node: Working with MAC algorithms141905 +Node: Key Derivation147893 +Node: Random Numbers150295 +Node: Quality of random numbers150578 +Node: Retrieving random numbers151261 +Node: S-expressions152750 +Node: Data types for S-expressions153395 +Node: Working with S-expressions153721 +Node: MPI library167431 +Node: Data types168453 +Node: Basic functions168762 +Node: MPI formats171226 +Node: Calculations174750 +Node: Comparisons177019 +Node: Bit manipulations178022 +Node: EC functions179344 +Ref: gcry_mpi_ec_new182293 +Node: Miscellaneous187852 +Node: Prime numbers191996 +Node: Generation192266 +Node: Checking193553 +Node: Utilities193963 +Node: Memory allocation194340 +Node: Context management195696 +Ref: gcry_ctx_release196134 +Node: Buffer description196295 +Node: Config reporting197082 +Node: Tools198032 +Node: hmac256198199 +Node: Configuration199205 +Node: Architecture202258 +Ref: fig:subsystems203782 +Ref: Architecture-Footnote-1204868 +Ref: Architecture-Footnote-2204930 +Node: Public-Key Subsystem Architecture205014 +Node: Symmetric Encryption Subsystem Architecture207292 +Node: Hashing and MACing Subsystem Architecture208738 +Node: Multi-Precision-Integer Subsystem Architecture210661 +Node: Prime-Number-Generator Subsystem Architecture212099 +Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1214030 +Node: Random-Number Subsystem Architecture214321 +Node: CSPRNG Description217270 +Ref: CSPRNG Description-Footnote-1218826 +Node: FIPS PRNG Description218949 +Node: Self-Tests221083 +Node: FIPS Mode232542 +Ref: fig:fips-fsm236368 +Ref: tbl:fips-states236471 +Ref: tbl:fips-state-transitions237723 +Node: Library Copying241344 +Node: Copying269450 +Node: Figures and Tables288626 +Node: Concept Index289051 +Node: Function and Data Index301225  End Tag Table diff --git a/doc/gcrypt.info-1 b/doc/gcrypt.info-1 index e7d247a..aee5203 100644 --- a/doc/gcrypt.info-1 +++ b/doc/gcrypt.info-1 @@ -1,6 +1,6 @@ -This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi. +This is gcrypt.info, produced by makeinfo version 6.5 from gcrypt.texi. -This manual is for Libgcrypt (version 1.8.3, 13 June 2018), which is +This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -24,7 +24,7 @@ File: gcrypt.info, Node: Top, Next: Introduction, Up: (dir) The Libgcrypt Library ********************* -This manual is for Libgcrypt (version 1.8.3, 13 June 2018), which is +This manual is for Libgcrypt (version 1.8.5, 19 November 2018), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -320,10 +320,12 @@ runs in a controlled environment where key material floating around in memory is not a problem, you should initialize Libgcrypt this way: /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) { - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); } @@ -340,10 +342,12 @@ against being swapped out to disk and to enable an automatic overwrite of used and freed memory, you need to initialize Libgcrypt this way: /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) { - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); } @@ -4016,13 +4020,13 @@ There are functions to parse S-expressions and retrieve elements: prior to invoking this function, and finally a 'NULL' is expected. For example - _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'", - &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL) + gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'", + &mpi_n, &mpi_x, &mpi_e, &mpi_d, &mpi_foo, NULL) stores the parameter 'n' from KEY as an unsigned MPI into MPI_N, - the parameter 'x' as an opaque MPI into MPI_X, the parameter 'e' - again as an unsigned MPI into MPI_E, and the parameter 'foo' as a - signed MPI. + the parameter 'x' as an opaque MPI into MPI_X, the parameters 'e' + and 'd' again as an unsigned MPI into MPI_E and MPI_D and finally + the parameter 'foo' as a signed MPI into MPI_FOO. PATH is an optional string used to locate a token. The exclamation mark separated tokens are used via 'gcry_sexp_find_token' to find a @@ -5241,9 +5245,9 @@ available through the public API. (1) Chae Hoon Lim and Pil Joong Lee. A key recovery attack on discrete log-based schemes using a prime order subgroup. In Burton S. -Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages 249­-263, -Berlin / Heidelberg / New York, 1997. Springer-Verlag. Described on -page 260. +Kaliski Jr., editor, Advances in Cryptology: Crypto '97, pages +249­-263, Berlin / Heidelberg / New York, 1997. Springer-Verlag. +Described on page 260.  File: gcrypt.info, Node: Random-Number Subsystem Architecture, Prev: Prime-Number-Generator Subsystem Architecture, Up: Architecture diff --git a/doc/gcrypt.info-2 b/doc/gcrypt.info-2 index d9a5ab4..0095098 100644 Binary files a/doc/gcrypt.info-2 and b/doc/gcrypt.info-2 differ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index c18b498..be87d2c 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -382,10 +382,12 @@ memory is not a problem, you should initialize Libgcrypt this way: @example /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) @{ - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); @} @@ -405,10 +407,12 @@ and freed memory, you need to initialize Libgcrypt this way: @example /* Version check should be the very first call because it - makes sure that important subsystems are initialized. */ - if (!gcry_check_version (GCRYPT_VERSION)) + makes sure that important subsystems are initialized. + #define NEED_LIBGCRYPT_VERSION to the minimum required version. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) @{ - fputs ("libgcrypt version mismatch\n", stderr); + fprintf (stderr, "libgcrypt is too old (need %s, have %s)\n", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL)); exit (2); @} @@ -4454,14 +4458,15 @@ an @code{gcry_mpi_t} variable is expected that must be set to is expected. For example @example - _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'", - &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL) + gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'", + &mpi_n, &mpi_x, &mpi_e, &mpi_d, &mpi_foo, NULL) @end example stores the parameter 'n' from @var{key} as an unsigned MPI into @var{mpi_n}, the parameter 'x' as an opaque MPI into @var{mpi_x}, the -parameter 'e' again as an unsigned MPI into @var{mpi_e}, and the -parameter 'foo' as a signed MPI. +parameters 'e' and 'd' again as an unsigned MPI into @var{mpi_e} and +@var{mpi_d} and finally the parameter 'foo' as a signed MPI into +@var{mpi_foo}. @var{path} is an optional string used to locate a token. The exclamation mark separated tokens are used via diff --git a/doc/libgcrypt-modules.eps b/doc/libgcrypt-modules.eps index 832f492..d667107 100644 --- a/doc/libgcrypt-modules.eps +++ b/doc/libgcrypt-modules.eps @@ -1,7 +1,7 @@ %!PS-Adobe-3.0 EPSF-3.0 %%Title: /home/wk/s/libgcrypt-1.8/doc/libgcrypt-modules.fig %%Creator: fig2dev Version 3.2 Patchlevel 5e -%%CreationDate: Thu Nov 23 19:46:17 2017 +%%CreationDate: Thu Aug 29 15:12:05 2019 %%BoundingBox: 0 0 488 300 %Magnification: 1.0000 %%EndComments diff --git a/doc/libgcrypt-modules.pdf b/doc/libgcrypt-modules.pdf index 27308bf..da5eae8 100644 Binary files a/doc/libgcrypt-modules.pdf and b/doc/libgcrypt-modules.pdf differ diff --git a/doc/stamp-vti b/doc/stamp-vti index 3d08533..4eb9663 100644 --- a/doc/stamp-vti +++ b/doc/stamp-vti @@ -1,4 +1,4 @@ -@set UPDATED 13 June 2018 -@set UPDATED-MONTH June 2018 -@set EDITION 1.8.3 -@set VERSION 1.8.3 +@set UPDATED 19 November 2018 +@set UPDATED-MONTH November 2018 +@set EDITION 1.8.5 +@set VERSION 1.8.5 diff --git a/doc/version.texi b/doc/version.texi index 3d08533..4eb9663 100644 --- a/doc/version.texi +++ b/doc/version.texi @@ -1,4 +1,4 @@ -@set UPDATED 13 June 2018 -@set UPDATED-MONTH June 2018 -@set EDITION 1.8.3 -@set VERSION 1.8.3 +@set UPDATED 19 November 2018 +@set UPDATED-MONTH November 2018 +@set EDITION 1.8.5 +@set VERSION 1.8.5 diff --git a/doc/yat2m.c b/doc/yat2m.c index 7599081..3c7b363 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016, 2017 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -128,7 +128,11 @@ #define PGM "yat2m" -#define VERSION "1.0" +#ifdef PACKAGE_VERSION +# define VERSION PACKAGE_VERSION +#else +# define VERSION "1.0" +#endif /* The maximum length of a line including the linefeed and one extra character. */ @@ -353,7 +357,7 @@ ascii_strupr (char *string) const char * isodatestring (void) { - static char buffer[11+5]; + static char buffer[36]; struct tm *tp; time_t atime; @@ -482,6 +486,9 @@ evaluate_conditions (const char *fname, int lnr) { int i; + (void)fname; + (void)lnr; + /* for (i=0; i < condition_stack_idx; i++) */ /* inf ("%s:%d: stack[%d] %s %s %c", */ /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */ @@ -729,7 +736,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "asis", 7 }, { "anchor", 7 }, { "cartouche", 1 }, - { "xref", 0, "see: [", "]" }, + { "ref", 0, "[", "]" }, + { "xref", 0, "See: [", "]" }, { "pxref", 0, "see: [", "]" }, { "uref", 0, "(\\fB", "\\fR)" }, { "footnote",0, " ([", "])" }, @@ -746,7 +754,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "subsection", 6, "\n.SS " }, { "chapheading", 0}, { "item", 2, ".TP\n.B " }, - { "itemx", 2, ".TP\n.B " }, + { "itemx", 2, ".TQ\n.B " }, { "table", 3 }, { "itemize", 3 }, { "bullet", 0, "* " }, @@ -793,6 +801,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { if ((*table_level)-- > 1) fputs (".RE\n", fp); + else + fputs (".P\n", fp); } else if (n >= 7 && !memcmp (s, "example", 7) && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n')) @@ -850,18 +860,20 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } else { - size_t len = s - (rest + 1); + size_t rlen = s - (rest + 1); macro_t m; for (m = variablelist; m; m = m->next) - if (strlen (m->name) == len - &&!strncmp (m->name, rest+1, len)) - break; + { + if (strlen (m->name) == rlen + && !strncmp (m->name, rest+1, rlen)) + break; + } if (m) fputs (m->value, fp); else inf ("texinfo variable '%.*s' is not set", - (int)len, rest+1); + (int)rlen, rest+1); } } break; @@ -1475,6 +1487,7 @@ int main (int argc, char **argv) { int last_argc = -1; + const char *s; opt_source = "GNU"; opt_release = ""; @@ -1513,13 +1526,13 @@ main (int argc, char **argv) " -I DIR also search in include DIR\n" " -D gpgone the only usable define\n\n" "With no FILE, or when FILE is -, read standard input.\n\n" - "Report bugs to ."); + "Report bugs to ."); exit (0); } else if (!strcmp (*argv, "--version")) { puts (PGM " " VERSION "\n" - "Copyright (C) 2005 g10 Code GmbH\n" + "Copyright (C) 2005, 2017 g10 Code GmbH\n" "This program comes with ABSOLUTELY NO WARRANTY.\n" "This is free software, and you are welcome to redistribute it\n" "under certain conditions. See the file COPYING for details."); @@ -1608,6 +1621,11 @@ main (int argc, char **argv) if (argc > 1) die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n"); + /* Take care of supplied timestamp for reproducible builds. See + * https://reproducible-builds.org/specs/source-date-epoch/ */ + if (!opt_date && (s = getenv ("SOURCE_DATE_EPOCH")) && *s) + opt_date = s; + /* Start processing. */ if (argc && strcmp (*argv, "-")) { diff --git a/m4/Makefile.in b/m4/Makefile.in index 08fe8f1..89a773b 100644 --- a/m4/Makefile.in +++ b/m4/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = m4 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -89,6 +98,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -113,6 +123,7 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -292,7 +303,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu m4/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu m4/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -467,6 +477,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/mpi/Makefile.in b/mpi/Makefile.in index 3102b5c..eed50f3 100644 --- a/mpi/Makefile.in +++ b/mpi/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -37,7 +37,17 @@ # not anymore required: AUTOMAKE_OPTIONS = 1.6 VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -101,8 +111,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = mpi -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -113,6 +121,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -224,6 +233,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -494,7 +505,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu mpi/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu mpi/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -822,6 +832,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/mpi/ec.c b/mpi/ec.c index 89077cd..adb0260 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1309,7 +1309,11 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, unsigned int nbits; int j; - nbits = mpi_get_nbits (scalar); + if (mpi_cmp (scalar, ctx->p) >= 0) + nbits = mpi_get_nbits (scalar); + else + nbits = mpi_get_nbits (ctx->p); + if (ctx->model == MPI_EC_WEIERSTRASS) { mpi_set_ui (result->x, 1); diff --git a/random/Makefile.in b/random/Makefile.in index c23bb2e..9029b65 100644 --- a/random/Makefile.in +++ b/random/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -35,7 +35,17 @@ # Process this file with automake to produce Makefile.in VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -100,8 +110,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_RANDOM_DAEMON_TRUE@am__append_1 = random-daemon.c subdir = random -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -112,6 +120,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -190,6 +199,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -392,7 +403,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu random/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu random/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -675,6 +685,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + rndjent.o: $(srcdir)/rndjent.c jitterentropy-base-user.h \ $(srcdir)/jitterentropy-base.c $(srcdir)/jitterentropy.h diff --git a/random/jitterentropy-base.c b/random/jitterentropy-base.c index dc907b2..32fdea4 100644 --- a/random/jitterentropy-base.c +++ b/random/jitterentropy-base.c @@ -642,6 +642,8 @@ int jent_entropy_init(void) int count_stuck = 0; struct rand_data ec; + memset(&ec, 0, sizeof(ec)); + /* We could perform statistical tests here, but the problem is * that we only have a few loop counts to do testing. These * loop counts may show some slight skew and we produce diff --git a/random/rndjent.c b/random/rndjent.c index 0c5a820..3740ddd 100644 --- a/random/rndjent.c +++ b/random/rndjent.c @@ -334,9 +334,10 @@ _gcry_rndjent_get_version (int *r_active) { if (r_active) { - lock_rng (); /* Make sure the RNG is initialized. */ _gcry_rndjent_poll (NULL, 0, 0); + + lock_rng (); /* To ease debugging we store 2 for a clock_gettime based * implementation and 1 for a rdtsc based code. */ *r_active = jent_rng_collector? is_rng_available () : 0; diff --git a/random/rndlinux.c b/random/rndlinux.c index 1bb7c76..fefc3c3 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -104,9 +104,10 @@ open_device (const char *name, int retry) /* Note that the caller needs to make sure that this function is only - called by one thread at a time. The function returns 0 on success - or true on failure (in which case the caller will signal a fatal - error). */ + * called by one thread at a time. The function returns 0 on success + * or true on failure (in which case the caller will signal a fatal + * error). This function should be entered only by one thread at a + * time. */ int _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, enum random_origins), @@ -117,6 +118,11 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, static int fd_random = -1; static int only_urandom = -1; static unsigned char ever_opened; + static volatile pid_t my_pid; /* The volatile is there to make sure + * the compiler does not optimize the + * code away in case the getpid + * function is badly attributed. */ + volatile pid_t apid; int fd; int n; byte buffer[768]; @@ -130,13 +136,13 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, * use only urandom. */ if (only_urandom == -1) { + my_pid = getpid (); if ((_gcry_random_read_conf () & RANDOM_CONF_ONLY_URANDOM)) only_urandom = 1; else only_urandom = 0; } - if (!add) { /* Special mode to close the descriptors. */ @@ -153,6 +159,25 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, return 0; } + /* Detect a fork and close the devices so that we don't use the old + * file descriptors. Note that open_device will be called in retry + * mode if the devices was opened by the parent process. */ + apid = getpid (); + if (my_pid != apid) + { + if (fd_random != -1) + { + close (fd_random); + fd_random = -1; + } + if (fd_urandom != -1) + { + close (fd_urandom); + fd_urandom = -1; + } + my_pid = apid; + } + /* First read from a hardware source. However let it account only for up to 50% (or 25% for RDRAND) of the requested bytes. */ @@ -220,17 +245,16 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, struct timeval tv; int rc; - /* If we have a modern Linux kernel and we want to read from the - * the non-blocking /dev/urandom, we first try to use the new + /* If we have a modern Linux kernel, we first try to use the new * getrandom syscall. That call guarantees that the kernel's * RNG has been properly seeded before returning any data. This * is different from /dev/urandom which may, due to its * non-blocking semantics, return data even if the kernel has - * not been properly seeded. Unfortunately we need to use a + * not been properly seeded. And it differs from /dev/random by never + * blocking once the kernel is seeded. Unfortunately we need to use a * syscall and not a new device and thus we are not able to use * select(2) to have a timeout. */ #if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom) - if (fd == fd_urandom) { long ret; size_t nbytes; @@ -247,7 +271,7 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, } while (ret == -1 && errno == EINTR); if (ret == -1 && errno == ENOSYS) - ; /* The syscall is not supported - fallback to /dev/urandom. */ + ; /* The syscall is not supported - fallback to pulling from fd. */ else { /* The syscall is supported. Some sanity checks. */ if (ret == -1) diff --git a/src/Makefile.am b/src/Makefile.am index 3cc4a55..82d6e8a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,8 +20,11 @@ ## Process this file with automake to produce Makefile.in +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libgcrypt.pc + EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ - gcrypt.h.in libgcrypt.def + gcrypt.h.in libgcrypt.def libgcrypt.pc.in bin_SCRIPTS = libgcrypt-config m4datadir = $(datadir)/aclocal diff --git a/src/Makefile.in b/src/Makefile.in index d020ea6..019ac74 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -38,7 +38,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -106,9 +116,6 @@ bin_PROGRAMS = dumpsexp$(EXEEXT) hmac256$(EXEEXT) mpicalc$(EXEEXT) \ @USE_RANDOM_DAEMON_TRUE@sbin_PROGRAMS = gcryptrnd$(EXEEXT) @USE_RANDOM_DAEMON_TRUE@am__append_1 = getrandom subdir = src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/gcrypt.h.in $(srcdir)/libgcrypt-config.in \ - $(srcdir)/versioninfo.rc.in $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -119,9 +126,11 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = gcrypt.h libgcrypt-config versioninfo.rc +CONFIG_CLEAN_FILES = gcrypt.h libgcrypt-config libgcrypt.pc \ + versioninfo.rc CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ @@ -152,7 +161,8 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(bindir)" \ - "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(includedir)" + "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)" \ + "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) @HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_1 = versioninfo.lo am__DEPENDENCIES_2 = @@ -253,7 +263,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -DATA = $(m4data_DATA) +DATA = $(m4data_DATA) $(pkgconfig_DATA) HEADERS = $(nodist_include_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, @@ -274,6 +284,9 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/gcrypt.h.in \ + $(srcdir)/libgcrypt-config.in $(srcdir)/libgcrypt.pc.in \ + $(srcdir)/versioninfo.rc.in $(top_srcdir)/build-aux/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -436,8 +449,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libgcrypt.pc EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ - gcrypt.h.in libgcrypt.def + gcrypt.h.in libgcrypt.def libgcrypt.pc.in bin_SCRIPTS = libgcrypt-config m4datadir = $(datadir)/aclocal @@ -530,7 +545,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -552,6 +566,8 @@ gcrypt.h: $(top_builddir)/config.status $(srcdir)/gcrypt.h.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ libgcrypt-config: $(top_builddir)/config.status $(srcdir)/libgcrypt-config.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +libgcrypt.pc: $(top_builddir)/config.status $(srcdir)/libgcrypt.pc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ versioninfo.rc: $(top_builddir)/config.status $(srcdir)/versioninfo.rc.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ @@ -965,6 +981,27 @@ uninstall-m4dataDATA: @list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(m4datadir)'; $(am__uninstall_files_from_dir) +install-pkgconfigDATA: $(pkgconfig_DATA) + @$(NORMAL_INSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ + done + +uninstall-pkgconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ @@ -1076,7 +1113,7 @@ all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) \ install-binPROGRAMS: install-libLTLIBRARIES installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(includedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -1133,7 +1170,7 @@ info: info-am info-am: install-data-am: install-data-local install-m4dataDATA \ - install-nodist_includeHEADERS + install-nodist_includeHEADERS install-pkgconfigDATA install-dvi: install-dvi-am @@ -1182,7 +1219,8 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ uninstall-libLTLIBRARIES uninstall-local uninstall-m4dataDATA \ - uninstall-nodist_includeHEADERS uninstall-sbinPROGRAMS + uninstall-nodist_includeHEADERS uninstall-pkgconfigDATA \ + uninstall-sbinPROGRAMS .MAKE: install-am install-strip @@ -1197,14 +1235,17 @@ uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ install-exec-am install-html install-html-am install-info \ install-info-am install-libLTLIBRARIES install-m4dataDATA \ install-man install-nodist_includeHEADERS install-pdf \ - install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-binSCRIPTS \ - uninstall-libLTLIBRARIES uninstall-local uninstall-m4dataDATA \ - uninstall-nodist_includeHEADERS uninstall-sbinPROGRAMS + install-pdf-am install-pkgconfigDATA install-ps install-ps-am \ + install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-binSCRIPTS uninstall-libLTLIBRARIES uninstall-local \ + uninstall-m4dataDATA uninstall-nodist_includeHEADERS \ + uninstall-pkgconfigDATA uninstall-sbinPROGRAMS + +.PRECIOUS: Makefile @HAVE_W32_SYSTEM_TRUE@.rc.lo: diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 89b1303..75c49a0 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1311,7 +1311,7 @@ gpg_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length); /* Convenience function to calculate the hash from the data in BUFFER - of size LENGTH using the algorithm ALGO avoiding the creating of a + of size LENGTH using the algorithm ALGO avoiding the creation of a hash object. The hash is returned in the caller provided buffer DIGEST which must be large enough to hold the digest of the given algorithm. */ diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4 index c67cfec..37dfbea 100644 --- a/src/libgcrypt.m4 +++ b/src/libgcrypt.m4 @@ -1,5 +1,5 @@ # libgcrypt.m4 - Autoconf macros to detect libgcrypt -# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH +# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -9,7 +9,7 @@ # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # -# Last-changed: 2014-10-02 +# Last-changed: 2018-11-13 dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, @@ -36,8 +36,20 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], if test x"${LIBGCRYPT_CONFIG}" = x ; then if test x"${libgcrypt_config_prefix}" != x ; then LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" - else - case "${SYSROOT}" in + fi + fi + + use_gpgrt_config="" + if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then + if $GPGRT_CONFIG libgcrypt --exists; then + LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" + AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config]) + use_gpgrt_config=yes + fi + fi + if test -z "$use_gpgrt_config"; then + if test x"${LIBGCRYPT_CONFIG}" = x ; then + case "${SYSROOT}" in /*) if test -x "${SYSROOT}/bin/libgcrypt-config" ; then LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" @@ -48,11 +60,11 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], *) AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) ;; - esac - fi + esac + fi + AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) fi - AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` @@ -71,7 +83,11 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` req_micro=`echo $min_libgcrypt_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + else + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` + fi major=`echo $libgcrypt_config_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` minor=`echo $libgcrypt_config_version | \ @@ -103,7 +119,11 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], # If we have a recent libgcrypt, we should also check that the # API is compatible if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + if test -z "$use_gpgrt_config"; then + tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + else + tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` + fi if test "$tmp" -gt 0 ; then AC_MSG_CHECKING([LIBGCRYPT API version]) if test "$req_libgcrypt_api" -eq "$tmp" ; then @@ -119,12 +139,16 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) - libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi if test x"$libgcrypt_config_host" != xnone ; then if test x"$libgcrypt_config_host" != x"$host" ; then AC_MSG_WARN([[ *** -*** The config script $LIBGCRYPT_CONFIG was +*** The config script "$LIBGCRYPT_CONFIG" was *** built for $libgcrypt_config_host and thus may not match the *** used host $host. *** You may want to use the configure option --with-libgcrypt-prefix diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in new file mode 100644 index 0000000..ec68fa2 --- /dev/null +++ b/src/libgcrypt.pc.in @@ -0,0 +1,17 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +includedir=@includedir@ +libdir=@libdir@ +host=@LIBGCRYPT_CONFIG_HOST@ +api_version=@LIBGCRYPT_CONFIG_API_VERSION@ +symmetric_ciphers="@LIBGCRYPT_CIPHERS@" +asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@" +digests="@LIBGCRYPT_DIGESTS@" + +Name: libgcrypt +Description: General purpose cryptographic library +Requires: gpg-error +Version: @PACKAGE_VERSION@ +Cflags: @LIBGCRYPT_CONFIG_CFLAGS@ +Libs: @LIBGCRYPT_CONFIG_LIBS@ +URL: https://www.gnupg.org/software/libgcrypt/index.html diff --git a/src/secmem.c b/src/secmem.c index 79c135f..3e091d8 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -658,7 +658,10 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE; pool->mem = malloc (pool->size); if (!pool->mem) - return NULL; /* Not enough memory available for a new pool. */ + { + free (pool); + return NULL; /* Not enough memory available for a new pool. */ + } /* Initialize first memory block. */ mb = (memblock_t *) pool->mem; mb->size = pool->size - BLOCK_HEAD_SIZE; diff --git a/src/sexp.c b/src/sexp.c index 9d89268..f2a164c 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -2232,7 +2232,7 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, gcry_mpi_t *array[20]; char arrayisdesc[20]; int idx; - gcry_sexp_t l1; + gcry_sexp_t l1 = NULL; int mode = '+'; /* Default to GCRYMPI_FMT_USG. */ gcry_sexp_t freethis = NULL; diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index ea06612..2899a6a 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0" VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0" VALUE "InternalName", "libgcrypt\0" - VALUE "LegalCopyright", "Copyright � 2018 Free Software Foundation, Inc.\0" + VALUE "LegalCopyright", "Copyright � 2019 Free Software Foundation, Inc.\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgcrypt.dll\0" VALUE "PrivateBuild", "\0" diff --git a/tests/Makefile.in b/tests/Makefile.in index 9dc0244..c1ffc9d 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -34,7 +34,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -102,9 +112,6 @@ EXTRA_PROGRAMS = testapi$(EXEEXT) pkbench$(EXEEXT) noinst_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2) fipsdrv$(EXEEXT) \ rsacvt$(EXEEXT) genhashdata$(EXEEXT) gchash$(EXEEXT) subdir = tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/hashtest-256g.in $(srcdir)/basic-disable-all-hwf.in \ - $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ @@ -115,6 +122,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = hashtest-256g basic-disable-all-hwf @@ -359,6 +368,9 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(srcdir)/basic-disable-all-hwf.in $(srcdir)/hashtest-256g.in \ + $(top_srcdir)/build-aux/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -568,7 +580,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1105,6 +1116,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Force sequential run of some tests. bench-slope.log: benchmark.log