aboutsummaryrefslogtreecommitdiffstats
path: root/mpi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* mpi: Minor fix for mpi_pow.NIIBE Yutaka2017-07-071-2/+2
| | | | | | * mpi/mpi-pow.c (mpi_powm): Fix allocation size. Signed-off-by: NIIBE Yutaka <[email protected]>
* mpi: Same computation for square and multiply for mpi_pow.NIIBE Yutaka2017-07-071-34/+38
| | | | | | | | | | | | | * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move the assignment to base_u into the loop. Copy content refered by RP to BASE_U except the last of the loop. -- Signed-off-by: NIIBE Yutaka <[email protected]> (backport commit of libgcrypt master: 78130828e9a140a9de4dafadbc844dbb64cb709a)
* mpi: Simplify mpi_powm.NIIBE Yutaka2017-07-071-73/+30
| | | | | | | | | | | * mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop. -- (backport of libgcrypt master commit: 719468e53133d3bdf12156c5bfdea2bf15f9f6f1) Signed-off-by: NIIBE Yutaka <[email protected]>
* mpi: Fix ARM assembler in longlong.h.Marcus Brinkmann2017-07-041-3/+3
| | | | | | | | | | | * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC. [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC. -- This is a backport of libgcrypt 8aa4f2161 and 3b1cc9e6c. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3182
* g10: fix cmp_public_key and cmp_secret_keys.NIIBE Yutaka2015-04-301-0/+16
| | | | | | | | | | | | * g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque data at the first entry of the array when it's unknown algo. * mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics. -- (backported from 2.0 commit 43429c7869152f301157e4b24790b3801dce0f0a) GnuPG-bug-id: 1962
* mpi: Avoid data-dependent timing variations in mpi_powm.NIIBE Yutaka2015-02-262-40/+81
| | | | | | | | | | | | * include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New. * mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3. (mpi_powm): Access all data in the table and use mpi_set_cond. -- Access to the precomputed table was indexed by a portion of EXPO, which could be mounted by a side channel attack. This change fixes this particular data-dependent access pattern.
* Modernize to automake 1.14.Werner Koch2015-01-191-3/+3
| | | | | | | | | | | | * Makefile.am (AUTOMAKE_OPTIONS): Move to ... * configure.ac (AM_INIT_AUTOMAKE): here and add serial-tests. * keyserver/Makefile.am: Replace INCLUDES by AM_CPPFLAGS. * mpi/Makefile.am: Ditto. * util/Makefile.am: Ditto. * keyserver/Makefile.am: Ditto. Adjusted other things. * m4/intl.m4, m4/po.m4: Use autoconf's AC_PROG_MKDIR_P.
* mpi: Fix compiler warning.Werner Koch2014-10-031-2/+2
| | | | * mpi/mpi-inv.c (mpi_invm): Do not return a value.
* mpi: Improve mpi_invm to detect bad input.Werner Koch2014-09-111-0/+5
| | | | | | | | | | * mpi/mpi-inv.c (mpi_invm): Return 0 for bad input. -- Without this patch the function may enter an endless loop. This is a backport from libgcrypt. GnuPG-bug-id: 1713
* mpi: Suppress set-but-unused-variables warnings.Werner Koch2014-08-202-3/+4
| | | | | | | | | | | | * include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5. * mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as unused. * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused. -- Due to the use of macros and longlong.h, we use variables which are only used by some architectures. At least gcc 4.7.2 prints new warnings about set but not used variables. This patch silences them.
* mpi: mpi-pow improvementsWerner Koch2013-10-181-0/+443
| | | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New. (mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New. (mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation of left-to-right k-ary exponentiation. -- This is a backport from Libgcrypt commit 45aa6131e93fac89d46733b3436d960f35fb99b2 Signed-off-by: NIIBE Yutaka <[email protected]> For the Yarom/Falkner flush+reload cache side-channel attack, we changed the code so that it always calls the multiplication routine (even if we can skip it to get result). This results some performance regression. This change is for recovering performance with efficient algorithm. Signed-off-by: Werner Koch <[email protected]>
* mpi: Fix syntax error for mips64 and gcc < 4.4Werner Koch2013-10-111-1/+1
| | | | | | | * mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error. -- GnuPG-bug-id: 1465
* Fix bug in mpi_tdiv_q_2exp.Werner Koch2013-09-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work. -- This bug has been with us since the version 0.0.0 of GnuPG. Fortunately it only affects an optimized code path which is rarely used in practice: If the shift size matches the size of a limb (i.e.. 32 or 64); this is is_prime in primegen.c. Over there the Rabin-Miller test may fail with a probability of 2^-31 (that is if the to be tested prime - 1 has the low 32 bits cleared). In practice the probability is even much less because we first do a Fermat test on the randomly generated candidates which sorts out the majority of composite numbers. The bug in MPN_COPY_INCR was found by Sven Bjorn. Signed-off-by: Werner Koch <[email protected]> (back ported from Libgcrypt commit 7f7a5ef59962ae1a819b5060f9b781469bfe27d5)
* Mitigate a flush+reload cache attack on RSA secret exponents.Werner Koch2013-07-251-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents hold in secure memory. -- The attack is described in a paper to be pusblished at eprint.iacr.org: Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM. Signed-off-by: Werner Koch <[email protected]>
* Support NetBSD m68K ELF targetsWerner Koch2012-12-131-2/+7
| | | | | | | | | | | | | | | * mpi/config.links (m68k*-*-netbsdelf): New. -- The original patch from NetBSD had this additional code: if ! test x$M68060 = xYES; then path="m68k/mc68020 m68k" fi However, this bypasses the config system. It would be better to add proper support for this CPU to config.sub.
* Fix extern inline use for gcc > 4.3 in c99 modeWerner Koch2012-11-061-1/+8
| | | | | | | | | | * mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern inline semantics in gcc. -- I am not use how this will work out with non-gcc. However, we had no problems in the past and thus this change is the least invasive for non-gcc compilers.
* Rename all ChangeLog files to ChangeLog-2011.Werner Koch2011-12-021-0/+7
| | | | * ChangeLog: New file.
* Removed some set but unused vars.Werner Koch2011-08-093-5/+10
|
* Allow building for ARM thumb. Fixes bug#1202.Werner Koch2011-07-042-7/+10
|
* Revert last two changes and replace by code from libgcrypt 1.4.6.Werner Koch2010-12-232-12/+19
|
* mips fixesWerner Koch2010-10-222-22/+35
|
* Fix bug 1231.Werner Koch2010-06-012-2/+14
| | | | | Minor doc improvement.
* Remove sparc64 asm modulesWerner Koch2009-12-092-12/+15
|
* Powerpc64 fix.Werner Koch2008-03-252-5/+11
|
* Switched to GPLv3.Werner Koch2007-10-23102-559/+231
| | | | | Updated gettext.
* * config.links: powerpc64* needs to come before powerpc* or it willDavid Shaw2007-01-162-5/+11
| | | | | | never match. Reported by Alon Bar-Lev for libgcrypt, but relevant here as well.
* Removed the use of g10defs.h.Werner Koch2006-12-115-6/+87
| | | | | | This required some code cleanups and the introduction of a few accessor ducntions in mpi.
* * mpicoder.c (mpi_read): Fix minor bug in reading a zero-length MPIDavid Shaw2005-09-012-5/+14
| | | | | (was failing unnecessarily).
* Converted all m_free to xfree etc.Werner Koch2005-07-274-22/+22
|
* Updated FSF street address and preparations for a release candidate.Werner Koch2005-05-31101-117/+214
|
* * cardglue.c (send_status_info): Make CTRL optional.Werner Koch2005-05-213-11/+40
| | | | | | | | | | | (agent_scd_writekey, inq_writekey_parms): New. (agent_openpgp_storekey): Removed. * cardglue.h: Add a few more error code mappings. * keygen.c (copy_mpi): Removed. (save_unprotected_key_to_card): Changed to use agent_scd_writekey. * app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer version in gnupg 1.9 CVS.
* * configure.ac: New option --enable-noexecstack.Werner Koch2005-03-112-3/+8
| | | | | | * Makefile.am (ASFLAGS): Renamed to AM_CCASFLAGS and added the variable for non exectubale stack options. Adapted users.
* * seckey-cert.c (do_check): Handle case when checksum was okay butWerner Koch2004-12-202-6/+21
| | | | | | | | | passphrase still wrong. Roman Pavlik found such a case. * mpicoder.c (mpi_read_from_buffer): Don't abort in case of an invalid MPI but print a message and return NULL. Use log_info and not log_error.
* * configure.ac: New option --disable-gnupg-iconv, defineWerner Koch2004-10-262-2/+6
| | | | | | | | | | | | | USE_GNUPG_ICONV. (AC_CANONICAL_TARGET): Replaced by AC_CANONICAL_HOST. Changed all reference to TARGET to HOST. Made sure that i586-mingw32msvc gets detected as mingw32. (UNIT64_C): Don't include inttype.h uncoditional but use a test to ensure that it gets into conftest.h. (AH_TOP): New. Prevent double inclusion of config.h. * config.links: Use HOST instead of TARGET.
* * Makefile.am (.S.o): Include MPI_SFLAGS. This is our bug 145.Werner Koch2004-10-132-1/+5
|
* * mpicoder.c (mpi_read): If we must fail due to a oversize (generallyDavid Shaw2004-09-302-1/+9
| | | | | | corrupt) MPI, make sure the number of bytes we read is valid so we can skip the rest of the bad packet (in hopes the whole stream isn't invalid).
* * longlong.h: Typo.David Shaw2004-05-203-8/+16
| | | | | | * mpi-pow.c (mpi_powm): s/exp/exponent/ to shutup a compiler warning. From Werner on stable branch.
* hppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian.David Shaw2004-01-212-0/+6
|
* * config.links: OpenBSD 3.4 is now ELF, so use the proper assembler codeDavid Shaw2004-01-125-31/+102
| | | | | | | | | | | | | | | for that. Use the portable C MPI code for OpenBSD before 3.4, and remove the special i386-openbsd assembly directory. * Makefile.am: Add the portable C links to DISTCLEANFILES. Noted by Nelson H. F. Beebe. * mpi-mpow.c (build_index): s/index/idx/ to avoid gcc warning. From Werner on stable branch. * longlong.h: Added PowerPC 64 bit code from GPM-4.1.2 but didn't enable it yet. From Werner on stable branch.
* Use the portable C MPI code for OpenBSD before 3.4, and remove the specialDavid Shaw2004-01-1210-774/+0
| | | | | i386-openbsd assembly directory.
* * g10m.c: Dead code. Remove.David Shaw2003-12-303-99/+7
| | | | | * Makefile.am: Don't compile g10m.c.
* * mpiutil.c (mpi_set_opaque, mpi_get_opaque): Make the length of an opaqueDavid Shaw2003-12-172-2/+7
| | | | | MPI unsigned.
* * config.links: Show target in asm-syntax.h file and include targets forDavid Shaw2003-12-052-2/+11
| | | | | K*BSD (GNU userland with BSD kernel).
* * config.links: sparc64 assembler doesn't work on FreeBSD or OpenBSDDavid Shaw2003-11-212-4/+9
| | | | | either.
* * Makefile.am: Make use of AM_CFLAGS. (From wk on stable branch)David Shaw2003-05-262-2/+6
|
* * mpicoder.c, mpi-inline.h, mpi-inv.c, mpiutil.c, mpih-div.c,David Shaw2003-05-248-85/+83
| | | | | | | mpi-internal.h, mpi-scan.c: Edit all preprocessor instructions to remove whitespace before the '#'. This is not required by C89, but there are some compilers out there that don't like it.
* * config.links: Re-disable assembler on Darwin. Darwin 6.5 broke itDavid Shaw2003-04-252-5/+9
| | | | | again.
* * longlong.h (umul_ppmm): Support SH3 and SH4. Thanks toWerner Koch2003-04-152-2/+8
| | | | | [email protected].
* * config.links: Use OpenBSD/NetBSD powerpc assembler code for Darwin.David Shaw2002-11-162-2/+7
| | | | | Successfully tested by Gordon Worley.
* * config.links (powerpc-apple-darwin6.1): Disable assemblerWerner Koch2002-10-182-1/+11
| | | | | due to non-working modules/as. Suggested by Gordon Worley.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 18:13:38 +0000