+2018-10-26 Werner Koch <wk@gnupg.org>
+
+ Release 1.8.4.
+ + commit 93775172713c00c363187b5d6a88895b04ac7c8e
+
+
+2018-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ random: use getrandom() on Linux where available.
+ + commit 0973c3f9ee7a9ad7c97b77849ed33ecd6789c787
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): use the
+ getrandom() syscall on Linux if it exists, regardless of what kind of
+ entropy was requested.
+
+2018-10-26 Werner Koch <wk@gnupg.org>
+
+ random: Make sure to re-open /dev/random after a fork.
+ + commit 60885655756dd0427872b8f01c06da14eab5af70
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Detect fork and
+ re-open devices.
+
+ primes: Avoid leaking bits of the prime test to pageable memory.
+ + commit 5b1d022293c5779b1150a7653cce4e3bf494a07c
+ * cipher/primegen.c (gen_prime): Allocate MODS in secure memory.
+
+2018-10-24 Werner Koch <wk@gnupg.org>
+
+ build: Add release make target.
+ + commit 99a5babfd1e759310db8ab8b11d182f2e139dfb1
+ * Makefile.am (release, sign-release): New targets.
+
+ (cherry picked from commit 03bb25ee7ed6f1076bf788ab981ca68672880daa)
+
+ Fix memory leak in secmem in out of core conditions.
+ + commit abd267bf239345ceae5c0de239d1530b427a53a1
+ * src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor
+ if the pool could not be allocated.
+
+ ecc: Fix memory leak in the error case of ecc_encrypt_raw.
+ + commit 60224352f4de1189e0076c6172886dc787a1e6e6
+ * cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main
+ block.
+
+ ecc: Fix possible memory leakage in parameter check of eddsa.
+ + commit 347987d4cf29b6a611b7fafa14fddeb50c0651d2
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak.
+
+ ecc: Fix potential unintended freeing of an internal param.
+ + commit be68b3ee4fd1f85edc95eaad11c8fd52ccd27ccd
+ * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error
+
+ sexp: Fix uninitialized use of a var in the error case.
+ + commit 8cc7cac82ec2087c3e1ece56dbd12855a383f090
+ * src/sexp.c (_gcry_sexp_vextract_param): Initialize L1.
+
+2018-06-19 Will Dietz <w@wdtz.org>
+
+ random: Fix hang of _gcry_rndjent_get_version.
+ + commit 20c034865f2dd15ce2871385b6e29c15d1570539
+ * random/rndjent.c (_gcry_rndjent_get_version): Move locking.
+
2018-06-13 Werner Koch <wk@gnupg.org>
Release 1.8.3.
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Location of the released tarball archives. Note that this is an
+# internal archive and before uploading this to the public server,
+# manual tests should be run and the git release tagged and pushed.
+# Adjust as needed.
+RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgpg-error/
+# The key used to sign the released sources. Adjust as needed.
+RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+
ACLOCAL_AMFLAGS = -I m4
DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \
stowinstall:
$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libgcrypt
+
+# Macro to help the release target.
+RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION)
+
+release:
+ +(set -e;\
+ if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \
+ echo "error: build directory must not be the source directory" >&2;\
+ exit 2;\
+ fi ;\
+ echo "/* Build started at $$(date -uIseconds) */" ;\
+ cd $(top_srcdir); \
+ ./autogen.sh --force; \
+ cd $(abs_top_builddir); \
+ rm -rf dist; mkdir dist ; cd dist ; \
+ $(abs_top_srcdir)/configure --enable-maintainer-mode; \
+ $(MAKE) distcheck; \
+ echo "/* Build finished at $$(date -uIseconds) */" ;\
+ echo "/*" ;\
+ echo " * Please run the final step interactivly:" ;\
+ echo " * make sign-release" ;\
+ echo " */" ;\
+ ) 2>&1 | tee "$(RELEASE_NAME).buildlog"
+
+sign-release:
+ +(set -e; \
+ cd dist; \
+ files1="$(RELEASE_NAME).tar.bz2 \
+ $(RELEASE_NAME).tar.gz" ; \
+ files2="$(RELEASE_NAME).tar.bz2.sig \
+ $(RELEASE_NAME).tar.gz.sig \
+ $(RELEASE_NAME).swdb \
+ $(RELEASE_NAME).buildlog" ;\
+ echo "/* Signing the source tarball ..." ;\
+ gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\
+ gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.gz ;\
+ cat $(RELEASE_NAME).swdb >swdb.snippet;\
+ echo >>swdb.snippet ;\
+ sha1sum $${files1} >>swdb.snippet ;\
+ cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
+ | gzip >$(RELEASE_NAME).buildlog ;\
+ echo "Copying to local archive ..." ;\
+ scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\
+ echo '/*' ;\
+ echo ' * All done; for checksums see dist/swdb.snippet' ;\
+ echo ' */' ;\
+ )
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+# SPDX-License-Identifier: LGPL-2.1-or-later
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+
+# Location of the released tarball archives. Note that this is an
+# internal archive and before uploading this to the public server,
+# manual tests should be run and the git release tagged and pushed.
+# Adjust as needed.
+RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/libgpg-error/
+# The key used to sign the released sources. Adjust as needed.
+RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
ACLOCAL_AMFLAGS = -I m4
DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \
--enable-random=auto
DISTCLEANFILES =
gen_start_date = 2011-12-01T14:00:00
+
+# Macro to help the release target.
+RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION)
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
stowinstall:
$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libgcrypt
+release:
+ +(set -e;\
+ if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \
+ echo "error: build directory must not be the source directory" >&2;\
+ exit 2;\
+ fi ;\
+ echo "/* Build started at $$(date -uIseconds) */" ;\
+ cd $(top_srcdir); \
+ ./autogen.sh --force; \
+ cd $(abs_top_builddir); \
+ rm -rf dist; mkdir dist ; cd dist ; \
+ $(abs_top_srcdir)/configure --enable-maintainer-mode; \
+ $(MAKE) distcheck; \
+ echo "/* Build finished at $$(date -uIseconds) */" ;\
+ echo "/*" ;\
+ echo " * Please run the final step interactivly:" ;\
+ echo " * make sign-release" ;\
+ echo " */" ;\
+ ) 2>&1 | tee "$(RELEASE_NAME).buildlog"
+
+sign-release:
+ +(set -e; \
+ cd dist; \
+ files1="$(RELEASE_NAME).tar.bz2 \
+ $(RELEASE_NAME).tar.gz" ; \
+ files2="$(RELEASE_NAME).tar.bz2.sig \
+ $(RELEASE_NAME).tar.gz.sig \
+ $(RELEASE_NAME).swdb \
+ $(RELEASE_NAME).buildlog" ;\
+ echo "/* Signing the source tarball ..." ;\
+ gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\
+ gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.gz ;\
+ cat $(RELEASE_NAME).swdb >swdb.snippet;\
+ echo >>swdb.snippet ;\
+ sha1sum $${files1} >>swdb.snippet ;\
+ cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
+ | gzip >$(RELEASE_NAME).buildlog ;\
+ echo "Copying to local archive ..." ;\
+ scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\
+ echo '/*' ;\
+ echo ' * All done; for checksums see dist/swdb.snippet' ;\
+ echo ' */' ;\
+ )
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
+Noteworthy changes in version 1.8.4 (2018-10-26) [C22/A2/R4]
+------------------------------------------------
+
+ * Bug fixes:
+
+ - Fix infinite loop due to applications using fork the wrong
+ way. [#3491]
+
+ - Fix possible leak of a few bits of secret primes to pageable
+ memory. [#3848]
+
+ - Fix possible hang in the RNG (1.8.3 only). [#4034]
+
+ - Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212]
+
+ * Performance:
+
+ - On Linux always make use of getrandom if possible and then use
+ its /dev/urandom behaviour. [#3894]
+
+ Release-info: https://dev.gnupg.org/T4234
+
+
Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3]
------------------------------------------------
- Fix rare assertion failure in gcry_prime_check.
+ Release-info: https://dev.gnupg.org/T4016
+
Noteworthy changes in version 1.8.2 (2017-12-13) [C22/A2/R2]
------------------------------------------------
The download canonical location for libgcrypt is:
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/
- or
https://gnupg.org/ftp/gcrypt/libgcrypt/
To build libgcrypt you need libgpg-error:
- ftp://ftp.gnupg.org/gcrypt/libgpg-error/
- or
https://gnupg.org/ftp/gcrypt/libgpg-error/
You should get the latest versions of course.
Build Problems
--------------
+ If you have a problem with a a certain release, please first check
+ the Release-info URL given in the NEWS file.
+
We can't check all assembler files, so if you have problems
assembling them (or the program crashes) use --disable-asm with
./configure. If you opt to delete individual replacement files in
if (!strcmp (name, "q.x") && ec->Q && ec->Q->x)
return mpi_is_const (ec->Q->x) && !copy? ec->Q->x : mpi_copy (ec->Q->x);
if (!strcmp (name, "q.y") && ec->Q && ec->Q->y)
- return mpi_is_const (ec->G->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
+ return mpi_is_const (ec->Q->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
/* If the base point has been requested, return it in standard
encoding. */
pkey->E.p, pkey->E.a, pkey->E.b);
b = ctx->nbits/8;
if (b != 256/8)
- return GPG_ERR_INTERNAL; /* We only support 256 bit. */
+ {
+ rc = GPG_ERR_INTERNAL; /* We only support 256 bit. */
+ goto leave;
+ }
/* Decode and check the public key. */
rc = _gcry_ecc_eddsa_decodepoint (pk, ctx, &Q, &encpk, &encpklen);
unsigned char *rawmpi;
unsigned int rawmpilen;
+ rc = 0;
x = mpi_new (0);
if (ec->model == MPI_EC_MONTGOMERY)
y = NULL;
if (!(flags & PUBKEY_FLAG_DJB_TWEAK))
{ /* It's not for X25519, then, the input data was simply wrong. */
rc = GPG_ERR_INV_DATA;
- goto leave;
+ goto leave_main;
}
}
if (y)
if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
{
rc = GPG_ERR_INV_DATA;
- goto leave;
+ goto leave_main;
}
if (y)
mpi_e = _gcry_ecc_ec2os (x, y, pk.E.p);
}
}
-
+ leave_main:
mpi_free (x);
mpi_free (y);
-
point_free (&R);
+ if (rc)
+ goto leave;
}
if (!rc)
if (nbits < 16)
log_fatal ("can't generate a prime with less than %d bits\n", 16);
- mods = xmalloc (no_of_small_prime_numbers * sizeof *mods);
+ mods = (secret? xmalloc_secure (no_of_small_prime_numbers * sizeof *mods)
+ /* */ : xmalloc (no_of_small_prime_numbers * sizeof *mods));
/* Make nbits fit into gcry_mpi_t implementation. */
val_2 = mpi_alloc_set_ui( 2 );
val_3 = mpi_alloc_set_ui( 3);
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.3.
+# Generated by GNU Autoconf 2.69 for libgcrypt 1.8.4.
#
# Report bugs to <http://bugs.gnupg.org>.
#
# Identity of this package.
PACKAGE_NAME='libgcrypt'
PACKAGE_TARNAME='libgcrypt'
-PACKAGE_VERSION='1.8.3'
-PACKAGE_STRING='libgcrypt 1.8.3'
+PACKAGE_VERSION='1.8.4'
+PACKAGE_STRING='libgcrypt 1.8.4'
PACKAGE_BUGREPORT='http://bugs.gnupg.org'
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libgcrypt 1.8.3 to adapt to many kinds of systems.
+\`configure' configures libgcrypt 1.8.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libgcrypt 1.8.3:";;
+ short | recursive ) echo "Configuration of libgcrypt 1.8.4:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libgcrypt configure 1.8.3
+libgcrypt configure 1.8.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libgcrypt $as_me 1.8.3, which was
+It was created by libgcrypt $as_me 1.8.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=3
+LIBGCRYPT_LT_REVISION=4
# If the API is changed in an incompatible way: increment the next counter.
# Define the identity of the package.
PACKAGE='libgcrypt'
- VERSION='1.8.3'
+ VERSION='1.8.4'
cat >>confdefs.h <<_ACEOF
#define VERSION "$VERSION"
_ACEOF
-VERSION_NUMBER=0x010803
+VERSION_NUMBER=0x010804
#
# Provide information about the build.
#
-BUILD_REVISION="5600d2d"
+BUILD_REVISION="93775172"
cat >>confdefs.h <<_ACEOF
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
-BUILD_FILEVERSION="${BUILD_FILEVERSION}22016"
+BUILD_FILEVERSION="${BUILD_FILEVERSION}37751"
# Check whether --enable-build-timestamp was given.
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libgcrypt $as_me 1.8.3, which was
+This file was extended by libgcrypt $as_me 1.8.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libgcrypt config.status 1.8.3
+libgcrypt config.status 1.8.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
# for the LT versions.
m4_define(mym4_version_major, [1])
m4_define(mym4_version_minor, [8])
-m4_define(mym4_version_micro, [3])
+m4_define(mym4_version_micro, [4])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=22
LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=3
+LIBGCRYPT_LT_REVISION=4
# If the API is changed in an incompatible way: increment the next counter.
%!PS-Adobe-3.0 EPSF-3.0
%%Title: /home/wk/s/libgcrypt-1.8/doc/fips-fsm.fig
%%Creator: fig2dev Version 3.2 Patchlevel 5e
-%%CreationDate: Thu Nov 23 19:46:17 2017
+%%CreationDate: Fri Oct 26 19:32:26 2018
%%BoundingBox: 0 0 497 579
%Magnification: 1.0000
%%EndComments
This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.8.3, 13 June 2018), which is
+This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
\1f
Indirect:
-gcrypt.info-1: 835
-gcrypt.info-2: 300845
+gcrypt.info-1: 838
+gcrypt.info-2: 300899
\1f
Tag Table:
(Indirect)
-Node: Top\7f835
-Node: Introduction\7f3361
-Node: Getting Started\7f3733
-Node: Features\7f4613
-Node: Overview\7f5397
-Node: Preparation\7f6020
-Node: Header\7f6943
-Node: Building sources\7f8014
-Node: Building sources using Automake\7f9931
-Node: Initializing the library\7f11859
-Ref: sample-use-suspend-secmem\7f14927
-Ref: sample-use-resume-secmem\7f15770
-Node: Multi-Threading\7f16673
-Ref: Multi-Threading-Footnote-1\7f17852
-Node: Enabling FIPS mode\7f18261
-Ref: enabling fips mode\7f18442
-Node: Hardware features\7f20254
-Ref: hardware features\7f20421
-Ref: Hardware features-Footnote-1\7f21502
-Node: Generalities\7f21663
-Node: Controlling the library\7f21922
-Node: Error Handling\7f40093
-Node: Error Values\7f42632
-Node: Error Sources\7f47572
-Node: Error Codes\7f49840
-Node: Error Strings\7f53316
-Node: Handler Functions\7f54500
-Node: Progress handler\7f55059
-Node: Allocation handler\7f57208
-Node: Error handler\7f58754
-Node: Logging handler\7f60320
-Node: Symmetric cryptography\7f60912
-Node: Available ciphers\7f61652
-Node: Available cipher modes\7f64333
-Node: Working with cipher handles\7f68186
-Node: General cipher functions\7f79690
-Node: Public Key cryptography\7f83216
-Node: Available algorithms\7f83982
-Node: Used S-expressions\7f84331
-Node: RSA key parameters\7f85448
-Node: DSA key parameters\7f86723
-Node: ECC key parameters\7f87377
-Ref: ecc_keyparam\7f87528
-Node: Cryptographic Functions\7f89399
-Node: General public-key related Functions\7f101246
-Node: Hashing\7f114915
-Node: Available hash algorithms\7f115648
-Node: Working with hash algorithms\7f121611
-Node: Message Authentication Codes\7f135743
-Node: Available MAC algorithms\7f136411
-Node: Working with MAC algorithms\7f141573
-Node: Key Derivation\7f147561
-Node: Random Numbers\7f149963
-Node: Quality of random numbers\7f150246
-Node: Retrieving random numbers\7f150929
-Node: S-expressions\7f152418
-Node: Data types for S-expressions\7f153063
-Node: Working with S-expressions\7f153389
-Node: MPI library\7f167054
-Node: Data types\7f168076
-Node: Basic functions\7f168385
-Node: MPI formats\7f170849
-Node: Calculations\7f174373
-Node: Comparisons\7f176642
-Node: Bit manipulations\7f177645
-Node: EC functions\7f178967
-Ref: gcry_mpi_ec_new\7f181916
-Node: Miscellaneous\7f187475
-Node: Prime numbers\7f191619
-Node: Generation\7f191889
-Node: Checking\7f193176
-Node: Utilities\7f193586
-Node: Memory allocation\7f193963
-Node: Context management\7f195319
-Ref: gcry_ctx_release\7f195757
-Node: Buffer description\7f195918
-Node: Config reporting\7f196705
-Node: Tools\7f197655
-Node: hmac256\7f197822
-Node: Configuration\7f198828
-Node: Architecture\7f201881
-Ref: fig:subsystems\7f203405
-Ref: Architecture-Footnote-1\7f204491
-Ref: Architecture-Footnote-2\7f204553
-Node: Public-Key Subsystem Architecture\7f204637
-Node: Symmetric Encryption Subsystem Architecture\7f206915
-Node: Hashing and MACing Subsystem Architecture\7f208361
-Node: Multi-Precision-Integer Subsystem Architecture\7f210284
-Node: Prime-Number-Generator Subsystem Architecture\7f211722
-Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1\7f213653
-Node: Random-Number Subsystem Architecture\7f213945
-Node: CSPRNG Description\7f216894
-Ref: CSPRNG Description-Footnote-1\7f218450
-Node: FIPS PRNG Description\7f218573
-Node: Self-Tests\7f220707
-Node: FIPS Mode\7f232166
-Ref: fig:fips-fsm\7f235992
-Ref: tbl:fips-states\7f236095
-Ref: tbl:fips-state-transitions\7f237347
-Node: Library Copying\7f240968
-Node: Copying\7f269074
-Node: Figures and Tables\7f288250
-Node: Concept Index\7f288675
-Node: Function and Data Index\7f300845
+Node: Top\7f838
+Node: Introduction\7f3367
+Node: Getting Started\7f3739
+Node: Features\7f4619
+Node: Overview\7f5403
+Node: Preparation\7f6026
+Node: Header\7f6949
+Node: Building sources\7f8020
+Node: Building sources using Automake\7f9937
+Node: Initializing the library\7f11865
+Ref: sample-use-suspend-secmem\7f14933
+Ref: sample-use-resume-secmem\7f15776
+Node: Multi-Threading\7f16679
+Ref: Multi-Threading-Footnote-1\7f17858
+Node: Enabling FIPS mode\7f18267
+Ref: enabling fips mode\7f18448
+Node: Hardware features\7f20260
+Ref: hardware features\7f20427
+Ref: Hardware features-Footnote-1\7f21508
+Node: Generalities\7f21669
+Node: Controlling the library\7f21928
+Node: Error Handling\7f40099
+Node: Error Values\7f42638
+Node: Error Sources\7f47578
+Node: Error Codes\7f49846
+Node: Error Strings\7f53322
+Node: Handler Functions\7f54506
+Node: Progress handler\7f55065
+Node: Allocation handler\7f57214
+Node: Error handler\7f58760
+Node: Logging handler\7f60326
+Node: Symmetric cryptography\7f60918
+Node: Available ciphers\7f61658
+Node: Available cipher modes\7f64339
+Node: Working with cipher handles\7f68192
+Node: General cipher functions\7f79696
+Node: Public Key cryptography\7f83222
+Node: Available algorithms\7f83988
+Node: Used S-expressions\7f84337
+Node: RSA key parameters\7f85454
+Node: DSA key parameters\7f86729
+Node: ECC key parameters\7f87383
+Ref: ecc_keyparam\7f87534
+Node: Cryptographic Functions\7f89405
+Node: General public-key related Functions\7f101252
+Node: Hashing\7f114921
+Node: Available hash algorithms\7f115654
+Node: Working with hash algorithms\7f121617
+Node: Message Authentication Codes\7f135749
+Node: Available MAC algorithms\7f136417
+Node: Working with MAC algorithms\7f141579
+Node: Key Derivation\7f147567
+Node: Random Numbers\7f149969
+Node: Quality of random numbers\7f150252
+Node: Retrieving random numbers\7f150935
+Node: S-expressions\7f152424
+Node: Data types for S-expressions\7f153069
+Node: Working with S-expressions\7f153395
+Node: MPI library\7f167105
+Node: Data types\7f168127
+Node: Basic functions\7f168436
+Node: MPI formats\7f170900
+Node: Calculations\7f174424
+Node: Comparisons\7f176693
+Node: Bit manipulations\7f177696
+Node: EC functions\7f179018
+Ref: gcry_mpi_ec_new\7f181967
+Node: Miscellaneous\7f187526
+Node: Prime numbers\7f191670
+Node: Generation\7f191940
+Node: Checking\7f193227
+Node: Utilities\7f193637
+Node: Memory allocation\7f194014
+Node: Context management\7f195370
+Ref: gcry_ctx_release\7f195808
+Node: Buffer description\7f195969
+Node: Config reporting\7f196756
+Node: Tools\7f197706
+Node: hmac256\7f197873
+Node: Configuration\7f198879
+Node: Architecture\7f201932
+Ref: fig:subsystems\7f203456
+Ref: Architecture-Footnote-1\7f204542
+Ref: Architecture-Footnote-2\7f204604
+Node: Public-Key Subsystem Architecture\7f204688
+Node: Symmetric Encryption Subsystem Architecture\7f206966
+Node: Hashing and MACing Subsystem Architecture\7f208412
+Node: Multi-Precision-Integer Subsystem Architecture\7f210335
+Node: Prime-Number-Generator Subsystem Architecture\7f211773
+Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1\7f213704
+Node: Random-Number Subsystem Architecture\7f213996
+Node: CSPRNG Description\7f216945
+Ref: CSPRNG Description-Footnote-1\7f218501
+Node: FIPS PRNG Description\7f218624
+Node: Self-Tests\7f220758
+Node: FIPS Mode\7f232217
+Ref: fig:fips-fsm\7f236043
+Ref: tbl:fips-states\7f236146
+Ref: tbl:fips-state-transitions\7f237398
+Node: Library Copying\7f241019
+Node: Copying\7f269125
+Node: Figures and Tables\7f288301
+Node: Concept Index\7f288726
+Node: Function and Data Index\7f300899
\1f
End Tag Table
This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi.
-This manual is for Libgcrypt (version 1.8.3, 13 June 2018), which is
+This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
The Libgcrypt Library
*********************
-This manual is for Libgcrypt (version 1.8.3, 13 June 2018), which is
+This manual is for Libgcrypt (version 1.8.4, 24 October 2018), which is
GNU's library of cryptographic building blocks.
Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012
prior to invoking this function, and finally a 'NULL' is expected.
For example
- _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'",
- &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL)
+ gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'",
+ &mpi_n, &mpi_x, &mpi_e, &mpi_d, &mpi_foo, NULL)
stores the parameter 'n' from KEY as an unsigned MPI into MPI_N,
- the parameter 'x' as an opaque MPI into MPI_X, the parameter 'e'
- again as an unsigned MPI into MPI_E, and the parameter 'foo' as a
- signed MPI.
+ the parameter 'x' as an opaque MPI into MPI_X, the parameters 'e'
+ and 'd' again as an unsigned MPI into MPI_E and MPI_D and finally
+ the parameter 'foo' as a signed MPI into MPI_FOO.
PATH is an optional string used to locate a token. The exclamation
mark separated tokens are used via 'gcry_sexp_find_token' to find a
is expected. For example
@example
- _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'",
- &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL)
+ gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'",
+ &mpi_n, &mpi_x, &mpi_e, &mpi_d, &mpi_foo, NULL)
@end example
stores the parameter 'n' from @var{key} as an unsigned MPI into
@var{mpi_n}, the parameter 'x' as an opaque MPI into @var{mpi_x}, the
-parameter 'e' again as an unsigned MPI into @var{mpi_e}, and the
-parameter 'foo' as a signed MPI.
+parameters 'e' and 'd' again as an unsigned MPI into @var{mpi_e} and
+@var{mpi_d} and finally the parameter 'foo' as a signed MPI into
+@var{mpi_foo}.
@var{path} is an optional string used to locate a token. The
exclamation mark separated tokens are used via
%!PS-Adobe-3.0 EPSF-3.0
%%Title: /home/wk/s/libgcrypt-1.8/doc/libgcrypt-modules.fig
%%Creator: fig2dev Version 3.2 Patchlevel 5e
-%%CreationDate: Thu Nov 23 19:46:17 2017
+%%CreationDate: Fri Oct 26 19:32:26 2018
%%BoundingBox: 0 0 488 300
%Magnification: 1.0000
%%EndComments
-@set UPDATED 13 June 2018
-@set UPDATED-MONTH June 2018
-@set EDITION 1.8.3
-@set VERSION 1.8.3
+@set UPDATED 24 October 2018
+@set UPDATED-MONTH October 2018
+@set EDITION 1.8.4
+@set VERSION 1.8.4
-@set UPDATED 13 June 2018
-@set UPDATED-MONTH June 2018
-@set EDITION 1.8.3
-@set VERSION 1.8.3
+@set UPDATED 24 October 2018
+@set UPDATED-MONTH October 2018
+@set EDITION 1.8.4
+@set VERSION 1.8.4
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH
+ * Copyright (C) 2005, 2013, 2015, 2016, 2017 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
#define PGM "yat2m"
-#define VERSION "1.0"
+#ifdef PACKAGE_VERSION
+# define VERSION PACKAGE_VERSION
+#else
+# define VERSION "1.0"
+#endif
/* The maximum length of a line including the linefeed and one extra
character. */
const char *
isodatestring (void)
{
- static char buffer[11+5];
+ static char buffer[36];
struct tm *tp;
time_t atime;
{
int i;
+ (void)fname;
+ (void)lnr;
+
/* for (i=0; i < condition_stack_idx; i++) */
/* inf ("%s:%d: stack[%d] %s %s %c", */
/* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
{ "asis", 7 },
{ "anchor", 7 },
{ "cartouche", 1 },
- { "xref", 0, "see: [", "]" },
+ { "ref", 0, "[", "]" },
+ { "xref", 0, "See: [", "]" },
{ "pxref", 0, "see: [", "]" },
{ "uref", 0, "(\\fB", "\\fR)" },
{ "footnote",0, " ([", "])" },
{ "subsection", 6, "\n.SS " },
{ "chapheading", 0},
{ "item", 2, ".TP\n.B " },
- { "itemx", 2, ".TP\n.B " },
+ { "itemx", 2, ".TQ\n.B " },
{ "table", 3 },
{ "itemize", 3 },
{ "bullet", 0, "* " },
{
if ((*table_level)-- > 1)
fputs (".RE\n", fp);
+ else
+ fputs (".P\n", fp);
}
else if (n >= 7 && !memcmp (s, "example", 7)
&& (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n'))
}
else
{
- size_t len = s - (rest + 1);
+ size_t rlen = s - (rest + 1);
macro_t m;
for (m = variablelist; m; m = m->next)
- if (strlen (m->name) == len
- &&!strncmp (m->name, rest+1, len))
- break;
+ {
+ if (strlen (m->name) == rlen
+ && !strncmp (m->name, rest+1, rlen))
+ break;
+ }
if (m)
fputs (m->value, fp);
else
inf ("texinfo variable '%.*s' is not set",
- (int)len, rest+1);
+ (int)rlen, rest+1);
}
}
break;
main (int argc, char **argv)
{
int last_argc = -1;
+ const char *s;
opt_source = "GNU";
opt_release = "";
" -I DIR also search in include DIR\n"
" -D gpgone the only usable define\n\n"
"With no FILE, or when FILE is -, read standard input.\n\n"
- "Report bugs to <bugs@g10code.com>.");
+ "Report bugs to <https://bugs.gnupg.org>.");
exit (0);
}
else if (!strcmp (*argv, "--version"))
{
puts (PGM " " VERSION "\n"
- "Copyright (C) 2005 g10 Code GmbH\n"
+ "Copyright (C) 2005, 2017 g10 Code GmbH\n"
"This program comes with ABSOLUTELY NO WARRANTY.\n"
"This is free software, and you are welcome to redistribute it\n"
"under certain conditions. See the file COPYING for details.");
if (argc > 1)
die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+ /* Take care of supplied timestamp for reproducible builds. See
+ * https://reproducible-builds.org/specs/source-date-epoch/ */
+ if (!opt_date && (s = getenv ("SOURCE_DATE_EPOCH")) && *s)
+ opt_date = s;
+
/* Start processing. */
if (argc && strcmp (*argv, "-"))
{
{
if (r_active)
{
- lock_rng ();
/* Make sure the RNG is initialized. */
_gcry_rndjent_poll (NULL, 0, 0);
+
+ lock_rng ();
/* To ease debugging we store 2 for a clock_gettime based
* implementation and 1 for a rdtsc based code. */
*r_active = jent_rng_collector? is_rng_available () : 0;
/* Note that the caller needs to make sure that this function is only
- called by one thread at a time. The function returns 0 on success
- or true on failure (in which case the caller will signal a fatal
- error). */
+ * called by one thread at a time. The function returns 0 on success
+ * or true on failure (in which case the caller will signal a fatal
+ * error). This function should be entered only by one thread at a
+ * time. */
int
_gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
enum random_origins),
static int fd_random = -1;
static int only_urandom = -1;
static unsigned char ever_opened;
+ static volatile pid_t my_pid; /* The volatile is there to make sure
+ * the compiler does not optimize the
+ * code away in case the getpid
+ * function is badly attributed. */
+ volatile pid_t apid;
int fd;
int n;
byte buffer[768];
* use only urandom. */
if (only_urandom == -1)
{
+ my_pid = getpid ();
if ((_gcry_random_read_conf () & RANDOM_CONF_ONLY_URANDOM))
only_urandom = 1;
else
only_urandom = 0;
}
-
if (!add)
{
/* Special mode to close the descriptors. */
return 0;
}
+ /* Detect a fork and close the devices so that we don't use the old
+ * file descriptors. Note that open_device will be called in retry
+ * mode if the devices was opened by the parent process. */
+ apid = getpid ();
+ if (my_pid != apid)
+ {
+ if (fd_random != -1)
+ {
+ close (fd_random);
+ fd_random = -1;
+ }
+ if (fd_urandom != -1)
+ {
+ close (fd_urandom);
+ fd_urandom = -1;
+ }
+ my_pid = apid;
+ }
+
/* First read from a hardware source. However let it account only
for up to 50% (or 25% for RDRAND) of the requested bytes. */
struct timeval tv;
int rc;
- /* If we have a modern Linux kernel and we want to read from the
- * the non-blocking /dev/urandom, we first try to use the new
+ /* If we have a modern Linux kernel, we first try to use the new
* getrandom syscall. That call guarantees that the kernel's
* RNG has been properly seeded before returning any data. This
* is different from /dev/urandom which may, due to its
* non-blocking semantics, return data even if the kernel has
- * not been properly seeded. Unfortunately we need to use a
+ * not been properly seeded. And it differs from /dev/random by never
+ * blocking once the kernel is seeded. Unfortunately we need to use a
* syscall and not a new device and thus we are not able to use
* select(2) to have a timeout. */
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
- if (fd == fd_urandom)
{
long ret;
size_t nbytes;
}
while (ret == -1 && errno == EINTR);
if (ret == -1 && errno == ENOSYS)
- ; /* The syscall is not supported - fallback to /dev/urandom. */
+ ; /* The syscall is not supported - fallback to pulling from fd. */
else
{ /* The syscall is supported. Some sanity checks. */
if (ret == -1)
size_t length);
/* Convenience function to calculate the hash from the data in BUFFER
- of size LENGTH using the algorithm ALGO avoiding the creating of a
+ of size LENGTH using the algorithm ALGO avoiding the creation of a
hash object. The hash is returned in the caller provided buffer
DIGEST which must be large enough to hold the digest of the given
algorithm. */
pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE;
pool->mem = malloc (pool->size);
if (!pool->mem)
- return NULL; /* Not enough memory available for a new pool. */
+ {
+ free (pool);
+ return NULL; /* Not enough memory available for a new pool. */
+ }
/* Initialize first memory block. */
mb = (memblock_t *) pool->mem;
mb->size = pool->size - BLOCK_HEAD_SIZE;
gcry_mpi_t *array[20];
char arrayisdesc[20];
int idx;
- gcry_sexp_t l1;
+ gcry_sexp_t l1 = NULL;
int mode = '+'; /* Default to GCRYMPI_FMT_USG. */
gcry_sexp_t freethis = NULL;