6 years agoDo not distribute a copy of gitlog-to-changelog.
Werner Koch [Mon, 5 Nov 2012 18:28:57 +0000 (19:28 +0100)]
Do not distribute a copy of gitlog-to-changelog.

(gen-ChangeLog): Require an installed gitlog-to-changelog.
* scripts/gitlog-to-changelog: Remove.

* README.SVN: Remove.

6 years agoAllow building with w64-mingw32
Werner Koch [Mon, 5 Nov 2012 18:21:51 +0000 (19:21 +0100)]
Allow building with w64-mingw32

* <--build-w32>: Support the w64-mingw32 toolchain.  Also
prepare for 64 bit building.
<git-setup>: Remove option -c from chmod.

6 years agoSwitch to the new automagic beta numbering scheme.
Werner Koch [Mon, 5 Nov 2012 18:17:52 +0000 (19:17 +0100)]
Switch to the new automagic beta numbering scheme.

* Add all the required m4 magic.

6 years agoAvoid dereferencing pointer right after the end
Werner Koch [Mon, 5 Nov 2012 18:01:01 +0000 (19:01 +0100)]
Avoid dereferencing pointer right after the end

* mpi/mpicoder.c (do_get_buffer): Check the length before derefing P.

Christian Grothoff found this bug using Valgrind.

6 years agoMake ancient test program useful again.
Werner Koch [Tue, 23 Oct 2012 15:52:38 +0000 (17:52 +0200)]
Make ancient test program useful again.

* tests/testapi.c (test_sexp): Adjust to current API.  Print the
return code.  Mark unused args.
(test_genkey): Mark unused args.
(main): Do not pass NULL to printf.

6 years agoFixed indentation of sexp.c
Werner Koch [Tue, 23 Oct 2012 15:49:35 +0000 (17:49 +0200)]
Fixed indentation of sexp.c


Some functions used to be intended the old way.  Changed this to GNU

6 years agotests: Add ECC key generation tests.
Werner Koch [Thu, 18 Oct 2012 09:30:20 +0000 (11:30 +0200)]
tests: Add ECC key generation tests.

* tests/keygen.c (check_generated_ecc_key): New.
(check_ecc_keys): New.
(main): Call simple ECC checks.

Although benchmark.c does ECC key generation, it does not call
gcry_pk_testkey.  We do it here.  Note that we should do some more
checks, for example checking that all curve parameters are available
and match the specs.

6 years agoPBKDF2: Allow empty passphrase.
Milan Broz [Mon, 29 Oct 2012 16:18:09 +0000 (17:18 +0100)]
PBKDF2: Allow empty passphrase.

* cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
* tests/t-kdf.c (check_pbkdf2): Add test case for above.

While it is insecure, the PBKDF2 implementations usually
allows to derive key only from salt.

This particular case is used e.g. in cryptsetup when
you use empty file as keyfile for LUKS keyslot.

Test vector is compared with two independent implementations.

Signed-off-by: Milan Broz <>
6 years agoReplace deliberate division by zero with _gcry_divide_by_zero.
Xi Wang [Tue, 14 Aug 2012 22:54:40 +0000 (18:54 -0400)]
Replace deliberate division by zero with _gcry_divide_by_zero.

* mpi/mpi-pow.c: Replace 1 / msize.
* mpi/mpih-div.c: Replace 1 / dsize.
* src/misc.c: Add _gcry_divide_by_zero.

1) Division by zero doesn't "provoke a signal" on architectures
   like PowerPC.

2) C compilers like clang will optimize away these divisions, even
   though the code tries "to make the compiler not remove" them.

This patch redirects these cases to _gcry_divide_by_zero.

6 years agoClear AESNI feature flag for x86_64.
Werner Koch [Thu, 21 Jun 2012 09:10:39 +0000 (11:10 +0200)]
Clear AESNI feature flag for x86_64.

* src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Clear
AESNI feature flag.

6 years agoBeautify last change.
Werner Koch [Thu, 21 Jun 2012 09:09:06 +0000 (11:09 +0200)]
Beautify last change.

* cipher/rijndael.c: Replace C99 feature from last patch.  Keep cpp
lines short.
* random/rndhw.c: Keep cpp lines short.
* src/hwfeatures.c (_gcry_detect_hw_features): Make cpp def chain
better readable.

6 years agoEnable VIA Padlock on x86_64 platforms
Rafaël Carré [Fri, 20 Apr 2012 17:52:01 +0000 (13:52 -0400)]
Enable VIA Padlock on x86_64 platforms

  * cipher/rijndael.c: Duplicate x86 assembly and convert to x86_64.
  * random/rndhw.c: Likewise.
  * src/hwfeatures.c: Likewise.
Changes made to the x86 assembly:
- *l -> *q (long -> quad)
- e** registers -> r** registers (use widest registers available)
- don't mess with ebx GOT register

Tested with make check on VIA Nano X2 L4350

Signed-off-by: Rafaël Carré <>
6 years agoAdd curve aliases from RFC-5656.
Werner Koch [Mon, 14 May 2012 08:26:25 +0000 (10:26 +0200)]
Add curve aliases from RFC-5656.

* cipher/ecc.c (curve_aliases): Add "nistp???" entries.

6 years agoAdd authors with a DCO to AUTHORS.
Werner Koch [Wed, 25 Apr 2012 14:35:10 +0000 (16:35 +0200)]
Add authors with a DCO to AUTHORS.


7 years agoState new contribution rules.
Werner Koch [Mon, 16 Apr 2012 09:24:32 +0000 (11:24 +0200)]
State new contribution rules.

* doc/DCO: New.
* doc/HACKING: Document new rules.

7 years agoAdd GCRYCTL_SET_ENFORCED_FIPS_FLAG command.
Tomas Mraz [Wed, 4 Apr 2012 12:17:09 +0000 (14:17 +0200)]

* doc/gcrypt.texi: Add documentation of the new command.
* src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
only when fips mode is enabled.
(_gcry_set_enforced_fips_mode): New function.
* src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
* src/global.c (_gcry_vcontrol): Handle the new command.

7 years agoRework selftest in idea.c.
Ulrich Müller [Thu, 16 Feb 2012 20:58:52 +0000 (21:58 +0100)]
Rework selftest in idea.c.

* cipher/idea.c (do_setkey): Execute selftest when first called.
(decrypt_block): Remove commented-out code.
(selftest): Execute all selftests. Return NULL on success, or
string in case of error.

7 years agoUpdate NEWS and AUTHORS.
Werner Koch [Thu, 16 Feb 2012 19:57:05 +0000 (20:57 +0100)]
Update NEWS and AUTHORS.


7 years agoFix missing prototype.
Werner Koch [Thu, 16 Feb 2012 19:50:52 +0000 (20:50 +0100)]
Fix missing prototype.

* src/g10lib.h (_gcry_secmem_module_init): Make it a real prototype.

7 years agoAdd support for the IDEA cipher.
Ulrich Müller [Wed, 11 Jan 2012 12:20:48 +0000 (13:20 +0100)]
Add support for the IDEA cipher.

Adapt idea.c to the Libgcrypt framework.
Add IDEA to cipher_table and to the build system.

Patents on IDEA have expired:
  Europe: EP0482154 on 2011-05-16,
  Japan:  JP3225440 on 2011-05-16,
  U.S.:   5,214,703 on 2012-01-07.

* Add idea to the list of available ciphers.
Define USE_IDEA if idea is enabled.
* cipher/cipher.c (cipher_table): Add entry for IDEA.
* cipher/idea.c: Update comment about patents.
Include proper header files and remove redundant declarations.
(expand_key, cipher, do_setkey, encrypt_block, decrypt_block):
Define function arguments as const where appropriate.
(cipher): Test for !WORDS_BIGENDIAN instead of LITTLE_ENDIAN_HOST.
(do_setkey, decrypt_block): Don't call selftest.
(idea_setkey): New function, wrapper for do_setkey.
(idea_encrypt): New function, wrapper for encrypt_block.
(_gcry_cipher_spec_idea): Define.
* cipher/ (EXTRA_libcipher_la_SOURCES): Add idea.c.
* src/cipher.h (_gcry_cipher_spec_idea): Declare.
* tests/basic.c (check_ciphers): Add GCRY_CIPHER_IDEA.

7 years agoInclude an IDEA implementation.
Werner Koch [Mon, 9 Jan 2012 13:11:41 +0000 (14:11 +0100)]
Include an IDEA implementation.

The code is the old IDEA test code, written by me back in 1997 and
distributed on a Danish FTP server.  This commit is only for
reference.  To use the code it has to be adjusted to the Libgcrypt

7 years agoFix pthread locking and remove defunctional support for static lock init.
Marcus Brinkmann [Tue, 3 Jan 2012 21:04:30 +0000 (22:04 +0100)]
Fix pthread locking and remove defunctional support for static lock init.

* src/ath.c: Include assert.h.
(ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK.
* src/g10lib.h (_gcry_secmem_module_init): New declaration.
* src/global.c (global_init): Call _gcry_secmem_module_init.
* src/secmem.c (_gcry_secmem_module_init): New function.

7 years agoAdd alignment tests for the cipher tests.
Werner Koch [Fri, 16 Dec 2011 21:02:18 +0000 (22:02 +0100)]
Add alignment tests for the cipher tests.

* tests/basic.c (check_one_cipher): Factor most code out to
check_one_cipher_core.  Call that core function several times using
different alignment settings.
(check_one_cipher_core): New.  Add extra args to allow alignment

As reported in bug#1384 Serpent fails on a sparc64.  One problem with
the test code is that due to the bus error the error message won't be

7 years agotests/prime: Add option to create a well known private key.
Werner Koch [Wed, 7 Dec 2011 15:52:03 +0000 (16:52 +0100)]
tests/prime: Add option to create a well known private key.

* tests/prime.c (print_mpi, create_42prime): New.
(main): Add option --42.

7 years agoDo not build the random-daemon by make distcheck.
Werner Koch [Thu, 1 Dec 2011 13:36:25 +0000 (14:36 +0100)]
Do not build the random-daemon by make distcheck.

* (DISTCHECK_CONFIGURE_FLAGS): Disable building of the
random daemon

7 years agoGenerate the ChangeLog from commit logs.
Werner Koch [Thu, 1 Dec 2011 13:20:31 +0000 (14:20 +0100)]
Generate the ChangeLog from commit logs.

* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.

7 years agoCompleted switch to a simpler thread model.
Werner Koch [Thu, 1 Dec 2011 12:55:06 +0000 (13:55 +0100)]
Completed switch to a simpler thread model.

This is only a first step.  We will need to either implement
pthread_atfork or - better - make use use POSIX RT semaphores.

7 years agoMake build_revision shorter for W32 use
Werner Koch [Tue, 8 Mar 2011 12:49:04 +0000 (13:49 +0100)]
Make build_revision shorter for W32 use

7 years agoaccept --with-libgpg-error-prefix as well as --with-gpg-error-prefix
Jim Meyering [Mon, 28 Nov 2011 12:46:16 +0000 (13:46 +0100)]
accept --with-libgpg-error-prefix as well as --with-gpg-error-prefix

* m4/gpg-error.m4: Update from git master.

7 years agotests: avoid write-beyond-end-of-heap buffer
Jim Meyering [Fri, 11 Nov 2011 10:38:19 +0000 (11:38 +0100)]
tests: avoid write-beyond-end-of-heap buffer

In libgcrypt's "make check" (latest from git), I was surprised to
see the "basic" test fail.  Here's a patch:

Avoid scary-looking (with MALLOC_CHECK_=3) "make check" test failure:

  *** glibc detected *** /h/j/w/co/libgcrypt/tests/.libs/lt-basic: free(): invalid
  pointer: 0x0000000001f9d080 ***
  ======= Backtrace: =========
  ======= Memory map: ========
  00400000-00411000 r-xp 00000000 08:08 2787510 /w/co/libgcrypt/tests/.libs/lt-basic

>From 722e6d470371bb3d995e0a6a67cd9c2ffd7bb664 Mon Sep 17 00:00:00 2001
From: Jim Meyering <>
Date: Fri, 11 Nov 2011 11:34:45 +0100
Subject: [PATCH] tests: avoid write-beyond-end-of-heap buffer

* basic.c (check_bulk_cipher_modes): Allocate one more byte in
each of the two test buffers.  Otherwise, running
"env -i MALLOC_CHECK_=3 ./basic" would abort.

7 years agoFactor cipher mode code out to separate files.
Werner Koch [Thu, 15 Sep 2011 16:55:28 +0000 (18:55 +0200)]
Factor cipher mode code out to separate files.

Fixed Changelog and Makefile.
Added missing cipher-aeswrap.c file.

7 years agoRemoved deprecated debug macros.
Werner Koch [Thu, 15 Sep 2011 16:24:23 +0000 (18:24 +0200)]
Removed deprecated debug macros.

7 years agoRemoved the module registration interface
Werner Koch [Thu, 15 Sep 2011 16:08:55 +0000 (18:08 +0200)]
Removed the module registration interface

The module registration interface is not widely used but complicates
the internal operation of Libgcrypt a lot.  It also does not allow for
efficient implementation of new algorithm or cipher modes.  Further the
required locking of all access to internal module data or functions
would make it hard to come up with a deadlock free pthread_atfork
implementation.  Thus we remove the entire subsystem.

Note that the module system is still used internally but it is now
possible to change it without breaking the ABI.

In case a feature to add more algorithms demanded in the future, we
may add one by dlopening modules at startup time from a dedicated

7 years agoRemoved the AC interface (gcry_ac_*)
Werner Koch [Thu, 15 Sep 2011 14:54:33 +0000 (16:54 +0200)]
Removed the AC interface (gcry_ac_*)

This interface has long been deprecated.  It was also initially only
declared as an experimental interface.  It added its own kind of
complexity and we found that it does not make applications easier to
read.  Modern features of Libgcrypt were not supported and its removal
reduces the SLOC which is a Good Thing from a security POV.

7 years agoFix an endless loop in hmac256 --binary
Werner Koch [Thu, 15 Sep 2011 09:47:37 +0000 (11:47 +0200)]
Fix an endless loop in hmac256 --binary

7 years agoAdd a man page for hmac256.
Werner Koch [Thu, 15 Sep 2011 09:43:10 +0000 (11:43 +0200)]
Add a man page for hmac256.

We also include the man page in the manual.

7 years agoTypo fix in gcrypt.texi
Werner Koch [Thu, 15 Sep 2011 08:36:43 +0000 (10:36 +0200)]
Typo fix in gcrypt.texi

7 years agoFix a problem with select and high fds.
Werner Koch [Thu, 8 Sep 2011 08:53:12 +0000 (10:53 +0200)]
Fix a problem with select and high fds.

If on systems where the maximum number of fds may be dynamically
configured to a value of FD_MAXSIZE or higher and the RNG is first
used after more than FD_SETSIZE-1 descriptors are in use, we disable
the progress messages from the RNG.  A better solution would be too
use poll but that requires more tests.

The same problem exists in rndunix.c - however this rng is only used
on old Unices and I assume that they don't feature dynamically
configured maximum fd sizes.

7 years agoFactor cipher mode code out to separate files.
Werner Koch [Wed, 3 Aug 2011 19:34:39 +0000 (21:34 +0200)]
Factor cipher mode code out to separate files.

This is a preparation for adding more modes which are more complicated
and thus ask for separate file.  For uniformity we do this for all
modes except ECB.  It has also the advantage that it makes CPU specific
variants of the code more easy to implement (e.g. the XOR operations).

7 years agoAllow building for ARM thumb. Similar to bug#1202.
Werner Koch [Mon, 4 Jul 2011 10:45:44 +0000 (12:45 +0200)]
Allow building for ARM thumb.  Similar to bug#1202.

7 years agoFixed a bug in the gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen
Werner Koch [Wed, 29 Jun 2011 13:26:22 +0000 (15:26 +0200)]
Fixed a bug in the gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen

Contrary to the documentation those functions aborted if an invalid
algorithm was passed.  The same happened for the corresponding
subcommands of gcry_cipher_algo_info.

7 years agoPrepare a new development branch
Werner Koch [Wed, 29 Jun 2011 10:47:26 +0000 (12:47 +0200)]
Prepare a new development branch

7 years agoPost release updates
Werner Koch [Wed, 29 Jun 2011 09:40:39 +0000 (11:40 +0200)]
Post release updates

7 years agoPrepare for the 1.5.0 release. libgcrypt-1.5.0
Werner Koch [Wed, 29 Jun 2011 08:57:04 +0000 (10:57 +0200)]
Prepare for the 1.5.0 release.

7 years agoUpdate config.{sub,guess}
Werner Koch [Wed, 29 Jun 2011 08:56:22 +0000 (10:56 +0200)]
Update config.{sub,guess}

7 years agoImplement the --debug option for the keygrip test.
Werner Koch [Wed, 29 Jun 2011 08:40:57 +0000 (10:40 +0200)]
Implement the --debug option for the keygrip test.

7 years agoSuggest to use GCRYMPI_FMT_USG with gcry_sexp_nth_mpi.
Werner Koch [Mon, 13 Jun 2011 17:15:38 +0000 (19:15 +0200)]
Suggest to use GCRYMPI_FMT_USG with gcry_sexp_nth_mpi.

7 years agoFixed a pkcs#1 v1.5 flaw regarding leading zero bytes
Werner Koch [Mon, 13 Jun 2011 10:33:08 +0000 (12:33 +0200)]
Fixed a pkcs#1 v1.5 flaw regarding leading zero bytes

With these changes the entire new pkcs#1 test suite passes fine.

The leading zero bytes used to appear due to mixed signed/unsigned use
of our internal representation of the values as MPIs.  The changed code
also detected another bug in the DSA selftest which used the pkcs1
flag - this was certainly wrong but didn't throw an error.  The code
in GnuPG does the right thing thus I believe not too many applications
got it as wrong as we in our own selftest.

7 years agoAdd a full set of pkcs#1 v2 test vectors
Werner Koch [Mon, 13 Jun 2011 10:28:03 +0000 (12:28 +0200)]
Add a full set of pkcs#1 v2 test vectors

For v1.5 we use somewhat unofficial test vectors we found on the
rsalabs FTP server.  There is a little awk script which helped us to
convert them.  All the test vectors are in separate files with C
tables to keep the actual test program readable.

We detected a few flaws in our pkcs1 implementation which will be
fixed with the next commit.

7 years agoFixed leading zero problems in PSS and OAEP. ueno-pss
Werner Koch [Fri, 10 Jun 2011 08:52:18 +0000 (10:52 +0200)]
Fixed leading zero problems in PSS and OAEP.

7 years agoAdd the PSS test vectors
Werner Koch [Thu, 9 Jun 2011 18:53:32 +0000 (20:53 +0200)]
Add the PSS test vectors

7 years agoAdd OAEP regression test.
Werner Koch [Thu, 9 Jun 2011 16:54:20 +0000 (18:54 +0200)]
Add OAEP regression test.

7 years agoAdd a small comment.
Werner Koch [Thu, 9 Jun 2011 13:47:15 +0000 (15:47 +0200)]
Add a small comment.

7 years agoUse octet_string_from_mpi in oaep_decode.
Werner Koch [Thu, 9 Jun 2011 12:53:10 +0000 (14:53 +0200)]
Use octet_string_from_mpi in oaep_decode.

This is to remove duplicated code.  I had to move
octet_string_from_mpi more to the top of the file.

7 years agoAdd random-override parameter to the PK functions to allow better regression testing.
Werner Koch [Thu, 9 Jun 2011 12:44:18 +0000 (14:44 +0200)]
Add random-override parameter to the PK functions to allow better regression testing.

7 years agoExpect mHash as input to the PSS functions.
Werner Koch [Thu, 9 Jun 2011 12:00:13 +0000 (14:00 +0200)]
Expect mHash as input to the PSS functions.

The old code did the entire hashing of the message.  The reason we
want the hashed message as input is that a a message might be pretty
long and that the other padding schemes don't allow this either.

7 years agoMerge branch 'master' into ueno-pss
Werner Koch [Thu, 9 Jun 2011 07:05:15 +0000 (09:05 +0200)]
Merge branch 'master' into ueno-pss

Solved conflicts:

7 years agoRestructure pss_verify to match the description in rfc-3447.
Werner Koch [Thu, 9 Jun 2011 06:48:27 +0000 (08:48 +0200)]
Restructure pss_verify to match the description in rfc-3447.

7 years agoRestructure pss_encode to match the description in rfc-3447.
Werner Koch [Wed, 8 Jun 2011 18:18:42 +0000 (20:18 +0200)]
Restructure pss_encode to match the description in rfc-3447.

7 years agoRestructure oaep_decode to match the description in rfc-3447.
Werner Koch [Fri, 3 Jun 2011 15:13:47 +0000 (17:13 +0200)]
Restructure oaep_decode to match the description in rfc-3447.

This also takes the suggestion by Tom Ritter in account to avoid time
attacks.  Ueno's fixes posted to the ML are thus not needed.

7 years agoRestructure oaep_encode to match the description in rfc-3447.
Werner Koch [Tue, 31 May 2011 15:56:13 +0000 (17:56 +0200)]
Restructure oaep_encode to match the description in rfc-3447.

7 years agoAdd comments to the mgf1 function and speed it up.
Werner Koch [Tue, 31 May 2011 13:14:51 +0000 (15:14 +0200)]
Add comments to the mgf1 function and speed it up.

7 years agoAdd option --die to ease debugging
Werner Koch [Fri, 3 Jun 2011 14:38:11 +0000 (16:38 +0200)]
Add option --die to ease debugging

7 years agoLet gcry_pk_decrypt in non-raw mode return a verbatim buffer.
Werner Koch [Tue, 31 May 2011 09:08:12 +0000 (11:08 +0200)]
Let gcry_pk_decrypt in non-raw mode return a verbatim buffer.

The non-raw modes of gcry_pk_decrypt (i.e. pkcs1 or oaep un-padding)
are new and thus we can still change the semantics.

They now return a verbatim buffer and not anything which internally
has been interpreted as a signed integer.  In raw mode we still stick
to the old semantics which is usually fine because it is mostly used
with pkcs#1 padding and that guarantees that the return value may
never be interpreted as a signed MPI or shorted due to block type used
as the second byte.

7 years agoFixed pkcs#1 unpadding
Werner Koch [Mon, 30 May 2011 14:22:23 +0000 (16:22 +0200)]
Fixed pkcs#1 unpadding

Depending on the size of the used key the old code was not able to
cope with the missing leading zero byte of a pkcs#1 frame.  This is
due to the fact that we use MPIs for conveying the data and our MPIs
usually strip leading zero bytes.  The changed code should now behave
identical to the code used by GnuPG.

Also added a few more comments.

7 years agoFix double-free when un-padding invalid data.
Daiki Ueno [Fri, 27 May 2011 01:18:39 +0000 (10:18 +0900)]
Fix double-free when un-padding invalid data.

Also add invalid padding cases to the basic test.

7 years agoSupport PSS.
Daiki Ueno [Mon, 23 May 2011 09:25:16 +0000 (18:25 +0900)]
Support PSS.

7 years agoTell check_pubkey_* which PK algo is used.
Daiki Ueno [Tue, 24 May 2011 06:01:23 +0000 (15:01 +0900)]
Tell check_pubkey_* which PK algo is used.

7 years agoCleanup pk_encoding_ctx code.
Daiki Ueno [Tue, 24 May 2011 05:43:55 +0000 (14:43 +0900)]
Cleanup pk_encoding_ctx code.

Pass around verify function to pk_module->verify as some encodings like PSS
need custom verification logic.

7 years agoSimplify MGF1 by initializing MD handle at once.
Daiki Ueno [Tue, 24 May 2011 03:25:51 +0000 (12:25 +0900)]
Simplify MGF1 by initializing MD handle at once.

7 years agoMerge branch 'master'.
Werner Koch [Mon, 23 May 2011 11:48:30 +0000 (13:48 +0200)]
Merge branch 'master'.

Actually the same fix I did a few hours ago.

7 years agoAdd a few comments to the pkcs#1 code.
Werner Koch [Mon, 23 May 2011 09:19:17 +0000 (11:19 +0200)]
Add a few comments to the pkcs#1 code.

Also fixed a possible memory leak.

7 years agoFix memleak when decoding OAEP/PKCS#1 block type 2.
Daiki Ueno [Mon, 23 May 2011 03:09:01 +0000 (12:09 +0900)]
Fix memleak when decoding OAEP/PKCS#1 block type 2.

7 years agoAdd $(GPG_ERROR_LIBS) to gcryptrnd_LDADD for gpg_strerror.
Daiki Ueno [Thu, 19 May 2011 02:44:01 +0000 (11:44 +0900)]
Add $(GPG_ERROR_LIBS) to gcryptrnd_LDADD for gpg_strerror.

This avoids implicit DSO linking issue in Fedora.

7 years agoSupport PKCS#1 un-padding.
Daiki Ueno [Tue, 17 May 2011 08:47:30 +0000 (17:47 +0900)]
Support PKCS#1 un-padding.

Support PKCS#1 un-padding for encryption (not for signature).  This patch
also removes "unpad" flag (introduced by OAEP patch) since we can now
do un-padding implicitly when `pkcs1' or `oaep' is given.

7 years agoMinor updates to the OAEP code.
Werner Koch [Wed, 11 May 2011 09:11:16 +0000 (11:11 +0200)]
Minor updates to the OAEP code.

We now check that only one encoding method may be given.  In the error
case we make sure that a released OAEP label variable is set to NULL.
As a failsafe feature we use gpg_err_code_from_syserror all over in
pubkey.c; this has the advantage that a misbehaving gcry_free function
which does not set ERRNO now returns an error code in all cases.

7 years agoAdd missing ChangeLogs
Werner Koch [Wed, 11 May 2011 08:57:33 +0000 (10:57 +0200)]
Add missing ChangeLogs

7 years agoSupport RSA-OAEP padding for encryption.
Daiki Ueno [Fri, 6 May 2011 06:56:58 +0000 (15:56 +0900)]
Support RSA-OAEP padding for encryption.

8 years agoMake sure to return correct error codes for secmem failures.
Werner Koch [Tue, 19 Apr 2011 14:22:48 +0000 (16:22 +0200)]
Make sure to return correct error codes for secmem failures.

ERRNO was not always set and thus it could happen that a misleading
error code was returned form a malloc functions.  Fix was to set

At one place we also switched to the newer gpg_err_code_from_syserror
which makes sure to return a special error code in case ERRNO is not
set at all.

8 years agoFix double free in gcry_pk_get_keygrip.
Werner Koch [Mon, 11 Apr 2011 19:39:55 +0000 (21:39 +0200)]
Fix double free in gcry_pk_get_keygrip.

This was introduced by the previous memleak change.

8 years agoCTR mode may now be used with arbitrary long data chunks.
Werner Koch [Mon, 11 Apr 2011 19:36:48 +0000 (21:36 +0200)]
CTR mode may now be used with arbitrary long data chunks.

8 years agoAllow for truncation in CTR mode.
Werner Koch [Mon, 11 Apr 2011 17:21:47 +0000 (19:21 +0200)]
Allow for truncation in CTR mode.

This re-enables the behaviour of Libgcrypt 1.4.  Such truncation is
used by libotr and the current error-ed out here.  The bug was
introduced due to a rewrite of the function and the undocumented
feature of truncating OTR data.

8 years agoAdd a few comments to explain the generation of k.
Werner Koch [Fri, 8 Apr 2011 12:59:25 +0000 (14:59 +0200)]
Add a few comments to explain the generation of k.

8 years agoMove an AC_SUBST to avoid an Emacs warning
Werner Koch [Wed, 6 Apr 2011 08:17:48 +0000 (10:17 +0200)]
Move an AC_SUBST to avoid an Emacs warning

Recent versions of Emacs seem to have a not so strict check for local
buffer variables and thus detect our emacs_local_vars subs as improper
local variables.  Moving them more to the top of the file helps.
Another solution would have been to use m4 tricks.

8 years agoFix a small memory leak in gcry_pk_get_keygrip.
Werner Koch [Mon, 4 Apr 2011 14:27:36 +0000 (16:27 +0200)]
Fix a small memory leak in gcry_pk_get_keygrip.

These are two memory leaks, one in the generic code and one ECC
specific.  For an RSA key the first one accounted for 10 bytes, which
is not that small if applied on a large key database.

8 years agoAdd a test option to help finding memory leaks.
Werner Koch [Mon, 4 Apr 2011 14:26:41 +0000 (16:26 +0200)]
Add a test option to help finding memory leaks.

8 years agoMake sure that gcry_realloc (NULL, n) works on all platforms.
Werner Koch [Fri, 1 Apr 2011 08:16:31 +0000 (10:16 +0200)]
Make sure that gcry_realloc (NULL, n) works on all platforms.

realloc (NULL, n) shall behave exactly like malloc (n)
and realloc (p, 0) like free.

Not all platforms implement this correctly thus we now handle this
directly in gcry_realloc.

8 years agoAdd a version string to the binary
Werner Koch [Wed, 30 Mar 2011 09:22:56 +0000 (11:22 +0200)]
Add a version string to the binary

8 years agoFixed a few warnings emitted by gcc 4.6.
Werner Koch [Mon, 28 Mar 2011 12:46:36 +0000 (14:46 +0200)]
Fixed a few warnings emitted by gcc 4.6.

8 years agoNew function gcry_kdf_derive
Werner Koch [Wed, 9 Mar 2011 16:47:44 +0000 (17:47 +0100)]
New function gcry_kdf_derive

This allows us to factor the S2k code from gpg and gpg-agent out to
libgcrypt.  Created a bunch of test vectors using a hacked gpg 1.4.

The function also implements PBKDF2; tested against the RFC-6070 test

8 years agoShorten BUILD_REVISION macro
Werner Koch [Tue, 8 Mar 2011 12:56:49 +0000 (13:56 +0100)]
Shorten BUILD_REVISION macro

8 years agoAdd option host to libgcrypt-config.
Werner Koch [Wed, 23 Feb 2011 15:30:38 +0000 (16:30 +0100)]
Add option host to libgcrypt-config.

Also update libgcrypt.m4 for better user experience when

8 years agoUpdated gpg-error.m4 (bug#1261)
Werner Koch [Wed, 23 Feb 2011 11:48:07 +0000 (12:48 +0100)]
Updated gpg-error.m4 (bug#1261)

8 years agoUse AES-NI insns for CTR mode.
Werner Koch [Tue, 22 Feb 2011 15:08:13 +0000 (16:08 +0100)]
Use AES-NI insns for CTR mode.

That really boosts the performance of CTR.

8 years agoFinal changes for 1.5.0-beta1 libgcrypt-1.5.0-beta1
Werner Koch [Mon, 21 Feb 2011 16:04:46 +0000 (17:04 +0100)]
Final changes for 1.5.0-beta1

8 years agoAllow --alignment option for md_bench
Werner Koch [Mon, 21 Feb 2011 09:00:22 +0000 (10:00 +0100)]
Allow --alignment option for md_bench

8 years agoFix strict-aliasing problems in rijndael.c
Werner Koch [Fri, 18 Feb 2011 13:30:13 +0000 (14:30 +0100)]
Fix strict-aliasing problems in rijndael.c

We used to use -fno-strict-aliasing but only if configured in
maintainer-mode.  Thus with gcc-4.4 we could run into problems.  The
fix is to define a new type with the may_alias attribute and use this
for the casting stuff in do_encrypt_aligned and do_decrypt_aligned.

8 years agoFlag the _ac_ functions as deprecated.
Werner Koch [Thu, 17 Feb 2011 18:44:23 +0000 (19:44 +0100)]
Flag the _ac_ functions as deprecated.

The AC functions are deprecated for a long time.  How we will even
print a warning if they are used.

The module register interface is now also deprecated and the use of
those functions will yield a warning as well.

8 years agoFix AES-NI detection.
Werner Koch [Thu, 17 Feb 2011 10:00:25 +0000 (11:00 +0100)]
Fix AES-NI detection.

Really a kind of bown paper bag bug: Use AND and not SUB for bit
testing.  I should have known that, given that 30 years ago I wrote
almost everything in asm.

Werner Koch [Wed, 16 Feb 2011 17:31:31 +0000 (18:31 +0100)]

This option is useful to disable detected hardware features. It has
been implemented in benchmark, so that it is now possible to run

  tests/benchmark --disable-hwf intel-aesni  cipher aes aes192 aes256

to compare the use of AES-NI insns to the pure C code.