| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.
--
This bug has been with us since the version 0.0.0 of GnuPG.
Fortunately it only affects an optimized code path which is rarely
used in practice: If the shift size matches the size of a
limb (i.e.. 32 or 64); this is is_prime in primegen.c. Over there the
Rabin-Miller test may fail with a probability of 2^-31 (that is if the
to be tested prime - 1 has the low 32 bits cleared). In practice the
probability is even much less because we first do a Fermat test on the
randomly generated candidates which sorts out the majority of
composite numbers.
The bug in MPN_COPY_INCR was found by Sven Bjorn.
Signed-off-by: Werner Koch <[email protected]>
(back ported from Libgcrypt
commit 7f7a5ef59962ae1a819b5060f9b781469bfe27d5)
|
|
* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents
hold in secure memory.
--
The attack is described in a paper to be pusblished at eprint.iacr.org:
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
Flush+Reload is a cache side-channel attack that monitors access to
data in shared pages. In this paper we demonstrate how to use the
attack to extract private encryption keys from GnuPG. The high
resolution and low noise of the Flush+Reload attack enables a spy
program to recover over 98% of the bits of the private key in a
single decryption or signing round. Unlike previous attacks, the
attack targets the last level L3 cache. Consequently, the spy
program and the victim do not need to share the execution core of
the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs
executing in a different VM.
Signed-off-by: Werner Koch <[email protected]>
|
|
* mpi/config.links (m68k*-*-netbsdelf): New.
--
The original patch from NetBSD had this additional code:
if ! test x$M68060 = xYES; then
path="m68k/mc68020 m68k"
fi
However, this bypasses the config system. It would be better to add
proper support for this CPU to config.sub.
|
|
* mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern
inline semantics in gcc.
--
I am not use how this will work out with non-gcc. However, we had no
problems in the past and thus this change is the least invasive for
non-gcc compilers.
|
|
* ChangeLog: New file.
|
|
|
|
|
|
|
|
|
|
Minor doc improvement.
|
|
|
|
|
|
Updated gettext.
|
|
never match. Reported by Alon Bar-Lev for libgcrypt, but relevant
here as well.
|
|
This required some code cleanups and the introduction of
a few accessor ducntions in mpi.
|
|
(was failing unnecessarily).
|
|
|
|
|
|
(agent_scd_writekey, inq_writekey_parms): New.
(agent_openpgp_storekey): Removed.
* cardglue.h: Add a few more error code mappings.
* keygen.c (copy_mpi): Removed.
(save_unprotected_key_to_card): Changed to use agent_scd_writekey.
* app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer
version in gnupg 1.9 CVS.
|
|
* Makefile.am (ASFLAGS): Renamed to AM_CCASFLAGS and added the
variable for non exectubale stack options. Adapted users.
|
|
passphrase still wrong. Roman Pavlik found such a case.
* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
invalid MPI but print a message and return NULL. Use log_info and
not log_error.
|
|
USE_GNUPG_ICONV.
(AC_CANONICAL_TARGET): Replaced by AC_CANONICAL_HOST. Changed all
reference to TARGET to HOST. Made sure that i586-mingw32msvc gets
detected as mingw32.
(UNIT64_C): Don't include inttype.h uncoditional but use a test to
ensure that it gets into conftest.h.
(AH_TOP): New. Prevent double inclusion of config.h.
* config.links: Use HOST instead of TARGET.
|
|
|
|
corrupt) MPI, make sure the number of bytes we read is valid so we can
skip the rest of the bad packet (in hopes the whole stream isn't invalid).
|
|
* mpi-pow.c (mpi_powm): s/exp/exponent/ to shutup a compiler warning.
From Werner on stable branch.
|
|
|
|
for that. Use the portable C MPI code for OpenBSD before 3.4, and remove
the special i386-openbsd assembly directory.
* Makefile.am: Add the portable C links to DISTCLEANFILES. Noted by
Nelson H. F. Beebe.
* mpi-mpow.c (build_index): s/index/idx/ to avoid gcc warning. From Werner
on stable branch.
* longlong.h: Added PowerPC 64 bit code from GPM-4.1.2 but didn't enable
it yet. From Werner on stable branch.
|
|
i386-openbsd assembly directory.
|
|
* Makefile.am: Don't compile g10m.c.
|
|
MPI unsigned.
|
|
K*BSD (GNU userland with BSD kernel).
|
|
either.
|
|
|
|
mpi-internal.h, mpi-scan.c: Edit all preprocessor instructions to remove
whitespace before the '#'. This is not required by C89, but there are
some compilers out there that don't like it.
|
|
again.
|
|
[email protected].
|
|
Successfully tested by Gordon Worley.
|
|
due to non-working modules/as. Suggested by Gordon Worley.
|
|
HP-UX. From David Ellement.
|
|
Checked that all callers behave properly when NBYTES returns 0 as
the length of the allocated buffer.
|
|
is_opaque.
(mpi_get_nbits): Removed the special case for protected MPIs.
* mpicoder.c (do_get_buffer): Likewise.
(mpi_print): Removed the nbit_info printing.
|
|
to a larger type so that 16 bit CPUs don't suffer from an
overflow. Suggested by TOGAWA Satoshi.
|
|
|
|
MPI is marked as protected.
|
|
* mpicoder.c: Add a '\n' to all log_bug functions.
|
|
[email protected].
|
|
i386-openbsd files. OpenBSD (at least until version 3.1) has an older
assembler that won't work with the files in i386.
|
|
version 3.1) has an older assembler that won't work with the files in
i386.
|
|
|
|
the sake of modern compilers. Suggested by Marco Parrone.
|
