- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jun 1 2022
I take this ticket. The way to go is removing all such cases.
May 31 2022
Reference to a CVE for old MinGW-W64: https://nvd.nist.gov/vuln/detail/CVE-2018-1000101
https://sourceforge.net/p/mingw-w64/bugs/709/
At least old Windows versions did not add a nul in the truncation case. Thus I used to make that sure. I don't think we need it anymore.
Also applied to 1.10.
Applied and pushed.
I learned that it's now called "OneStep KDF" in SP 800-56Cr2.
It's "SSKDF" in OpenSSL (Single Step KDF, perhaps).
May 30 2022
AFAIK the above case has a lot of wiggle room to fit one PID and the surrounded string into 400 bytes and even if it would need to truncate, it would write terminating character, at least on Linux:
--- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -351,7 +351,6 @@ get_pid_name_for_uid (unsigned long pid, int uid) char *uidstr;
@aheinecke I think this task can be closed.
May 29 2022
Related problem exists with the modern ESIGN application. I think I fixed that but the whole Telesec eIDAS QES case needs more work.
May 28 2022
Problem is that new assembly is using VSX registers vs14-vs31 which overlap with floating-point registers f14-f31. f14-f31 are ABI callee saved, so those need to be stored and restored.
Tested patch with small change so that HWF_PPC_ARCH_3_00 is used instead of HWF_PPC_ARCH_3_10. Building bench-slope with "-O3 -flto" makes bug in new implementation visible. Without new implementations bench-slope is ok (testing with QEMU):
$ tests/bench-slope --disable-hwf ppc-arch_3_00 cipher chacha20 Cipher: CHACHA20 | nanosecs/byte mebibytes/sec cycles/byte STREAM enc | 2.35 ns/B 405.0 MiB/s - c/B STREAM dec | 2.32 ns/B 410.7 MiB/s - c/B POLY1305 enc | 2.46 ns/B 388.0 MiB/s - c/B POLY1305 dec | 2.34 ns/B 408.1 MiB/s - c/B POLY1305 auth | 0.238 ns/B 4003 MiB/s - c/B
May 27 2022
The changes have been applied with Werner's suggested improvement with revision rG35b17550706c: gpg: Look up user ID to revoke by UID hash
-O2 problem with bench-slope seems strange. Does problem appear after this patch is applied?