Age | Commit message (Collapse) | Author | Files | Lines |
|
* cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target
pragma to disable compiler use of SSE.
* cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto.
* cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto.
--
These implementations assume that compiler does not use XMM registers
between assembly blocks.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt
and bulk.ocb_auth.
(_gcry_cipher_ocb_get_l): New prototype.
* cipher/cipher-ocb.c (get_l): Rename to ...
(_gcry_cipher_ocb_get_l): ... this.
(_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when
available.
* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
functions for AES.
* cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec)
(_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New.
* cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt)
(_gcry_aes_aesni_ocb_auth): New prototypes.
(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New.
* src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New
prototypes.
* tests/basic.c (check_ocb_cipher_largebuf): New.
(check_ocb_cipher): Add large buffer encryption/decryption test.
--
Patch adds bulk encryption/decryption/authentication code for AES-NI
accelerated AES.
Benchmark on Intel i5-4570 (3200 Mhz, turbo off):
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte
OCB enc | 2.12 ns/B 449.7 MiB/s 6.79 c/B
OCB dec | 2.12 ns/B 449.6 MiB/s 6.79 c/B
OCB auth | 2.07 ns/B 459.9 MiB/s 6.64 c/B
After:
AES | nanosecs/byte mebibytes/sec cycles/byte
OCB enc | 0.292 ns/B 3262.5 MiB/s 0.935 c/B
OCB dec | 0.297 ns/B 3212.2 MiB/s 0.950 c/B
OCB auth | 0.260 ns/B 3666.1 MiB/s 0.832 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/t-kdf.c: Include stopwatch.h.
(dummy_consumer): new.
(bench_s2k): New.
(main): Add option parser and option --s2k.
--
For example:
$ ./t-kdf --s2k 17659904
88.0ms
$ ./t-kdf --s2k 65536
0.3ms
This test is similar to the code done by gpg-agent to calibrate the
S2K count.
|
|
* tests/stopwatch.h (elapsed_time): Add arg divisor.
|
|
* mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed.
--
gcry_mpi_set_opaque allows to store NULL as opaque data. Thus we also
need to take care when copying such data.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned
access only when HAVE_GCC_ATTRIBUTE_PACKED and
HAVE_GCC_ATTRIBUTE_ALIGNED defined.
(fast_wipememory_t): New.
(fast_wipememory2): Use 'fast_wipememory_t'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when
HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined.
(bufhelp_int_t): New type.
(buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use
'bufhelp_int_t'.
[BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_u32_t, bufhelp_u64_t): New.
[BUFHELP_FAST_UNALIGNED_ACCESS] (buf_get_be32, buf_get_le32)
(buf_put_be32, buf_put_le32, buf_get_be64, buf_get_le64)
(buf_put_be64, buf_put_le64): Use 'bufhelp_uXX_t'.
* configure.ac (gcry_cv_gcc_attribute_packed): New.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end.
(bench_mac_init): Move 'key' free at end of function.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
comma.
--
Reported-by: Opal Raava <opalraava@hushmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t.
--
This is more or less cosmetic.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/bufhelp.h: Move include for uintptr_t to ...
* src/types.h: here. Check that config.h has been included.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* mpi/mpi-pow.c: Remove condition rp==mp.
--
MP has already been allocated and thus can't match RP. The followinf
assert would have been triggred anyway due to the prior allocation.
Detected by Stack 0.3.
|
|
* cipher/hash-common.c (_gcry_md_block_write): Remove NUL check for
hd->buf.
--
HD->BUF is not allocated but part of the struct. HD has already be
dereferenced twice thus the check does not make sense. Detected by
Stack 0.3:
bug: anti-simplify
model: |
%cmp4 = icmp eq i8* %arraydecay, null, !dbg !29
--> false
stack:
- /home/wk/s/libgcrypt/cipher/hash-common.c:114:0
ncore: 1
core:
- /home/wk/s/libgcrypt/cipher/hash-common.c:108:0
- null pointer dereference
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/cipher-ocb.c (ocb_checksum): New.
(ocb_crypt): Move checksum calculation outside main crypt loop, do
checksum calculation for encryption before inbuf is overwritten.
* tests/basic.c (check_ocb_cipher): Rename to ...
(do_check_ocb_cipher): ... to this and add argument for testing
in-place encryption/decryption.
(check_ocb_cipher): New.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/t-sexp.c (bug_1594): Free N and PUBKEY.
|
|
* mpi/mpi-pow.c (mpi_powm): Access all data in the table by
mpi_set_cond.
--
Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.
Cherry-picked from commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287
in LIBGCRYPT-1-6-BRANCH.
|
|
* mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP.
--
The name of precomputed table was b_2i3 which stands for BASE^(2*I+3).
But it's too cryptic, so, it's renamed. Besides, we needed to
distinguish the case of I==0, that was not good. Since it's OK to
increase the size of table by one, it's BASE^(2*I+1), now.
|
|
* cipher/elgamal.c (USE_BLINDING): New.
(decrypt): Rewrite to use ciphertext blinding.
--
CVE-id: CVE-2014-3591
As a countermeasure to a new side-channel attacks on sliding windows
exponentiation we blind the ciphertext for Elgamal decryption. This
is similar to what we are doing with RSA. This patch is a backport of
the GnuPG 1.4 commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b.
Unfortunately, the performance impact of Elgamal blinding is quite
noticeable (i5-2410M CPU @ 2.30GHz TP 220):
Algorithm generate 100*priv 100*public
------------------------------------------------
ELG 1024 bit - 100ms 90ms
ELG 2048 bit - 330ms 350ms
ELG 3072 bit - 660ms 790ms
Algorithm generate 100*priv 100*public
------------------------------------------------
ELG 1024 bit - 150ms 90ms
ELG 2048 bit - 520ms 360ms
ELG 3072 bit - 1100ms 800ms
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* mpi/mpiutil.c (_gcry_mpi_set_cond): New.
(_gcry_mpi_swap_cond): Fix types.
* src/mpi.h (mpi_set_cond): New.
|
|
* src/Makefile.am (extra_ltoptions): New.
(libgcrypt_la_LDFLAGS): Use it.
--
Since gcc 4.8 there is a regression in that plain C programs may link
to libgcc_s.a which has a dependency on libgcc_s_sjlj.dll. This is
for example triggered by using long long arithmetic on a 32 bit
Windows (e.g symbol __udivdi3).
As usual the gcc maintainers don't care about backward compatibility
and declare that as some kind of compatibility fix and not as
regression from 4.7 and all earlier versions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD.
(noinst_PROGRAMS): Remove.
(EXTRA_DIST): New.
(CLEANFILES): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI
around SSSE3 setkey selection.
--
Reported-by: Richard H Lee <ricardohenrylee@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/cipher-ocb.c: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
* cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
(gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
* cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
(_gcry_cipher_open_internal): Setup default taglen of OCB.
(cipher_reset): Clear OCB specific data.
(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
(_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
(_gcry_cipher_setiv): Add OCB specific nonce setting.
(_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
* src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
(gcry_cipher_final): New.
* cipher/bufhelp.h (buf_xor_1): New.
* tests/basic.c (hex2buffer): New.
(check_ocb_cipher): New.
(main): Call it here. Add option --cipher-modes.
* tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
gcry_cipher_final.
(bench_aead_decrypt_do_bench): Ditto.
(bench_aead_authenticate_do_bench): Ditto. Check error code.
(bench_ocb_encrypt_do_bench): New.
(bench_ocb_decrypt_do_bench): New.
(bench_ocb_authenticate_do_bench): New.
(ocb_encrypt_ops): New.
(ocb_decrypt_ops): New.
(ocb_authenticate_ops): New.
(cipher_modes): Add them.
(cipher_bench_one): Skip wrong block length for OCB.
* tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
OCB support.
--
See the comments on top of cipher/cipher-ocb.c for the patent status
of the OCB mode.
The implementation has not yet been optimized and as such is not faster
that the other AEAD modes. A first candidate for optimization is the
double_block function. Large improvements can be expected by writing
an AES ECB function to work on multiple blocks.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New.
* configure.ac (HAVE_BUILTIN_CTZ): Add new test.
--
Note that these functions return the number of bits in the word when
passing 0.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New.
--
This is merely a claim that I am working on OCB mode.
|
|
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers.
* cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h.
|
|
--
The Manifest file have been part of an experiment a long time ago to
implement source level integrity. I is not maintained for more than a
decade and with the advent of git this is superfluous anyway.
|
|
* cipher/stribog.c (C16): Avoid allocating superfluous space.
--
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
* cipher/gostr3411-94.c (gost3411_final): Fix loop
--
The maximum iteration count for filling the l (bit length) array was
incrrectly set to 32 (missed that in u8->u32 refactoring). This was
not resulting in stack corruption, since nblocks variable would be
exausted earlier compared to 8 32-bit values (the size of the array).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
--
This is the same script as used by GnuPG. It makes sure that lines
are not too long and checks some other basic things. ./autogen.sh
installs it.
|
|
* random/rndunix.c (STDERR_FILENO): Define if needed.
(start_gatherer): Re-open standard descriptors. Fix an
unsigned/signed pointer warning.
--
GnuPG-bug-id: 1702
|
|
* cipher/primegen.c (prime_generate_internal): Refactor generator code
to not leak memory for non-implemented feature.
(_gcry_prime_group_generator): Refactor to not leak memory for invalid
args. Also make sure that R_G is set as soon as possible.
--
GnuPG-bug-id: 1705
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change
callers.
(_scryptBlockMix): Rename to scrypt_block_mix. Change callers.
(_scryptROMix): Rename to scrypt_ro_mix. Change callers.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
--
GnuPG-bug-id: 1589
|
|
* cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in
native-endianess.
--
Commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 unintendedly changed this
native-endian store to little-endian.
Reported-by: Yuriy Kaminskiy <yumkam@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'.
* cipher/rijndael-internal.h (USE_SSSE3): New.
(RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'.
* cipher/rijndael-ssse3-amd64.c: New.
* cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey)
(_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt)
(_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc)
(_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
(_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New.
(do_setkey): Add HWF check for SSSE3 and setup for SSSE3
implementation.
(prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add
selection for SSSE3 implementation.
* configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'.
--
This patch adds "AES with vector permutations" implementation by
Mike Hamburg. Public-domain source-code is available at:
http://crypto.stanford.edu/vpaes/
Benchmark on Intel Core2 T8100 (2.1Ghz, no turbo):
Old (AMD64 asm):
AES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 8.79 ns/B 108.5 MiB/s 18.46 c/B
ECB dec | 9.07 ns/B 105.1 MiB/s 19.05 c/B
CBC enc | 7.77 ns/B 122.7 MiB/s 16.33 c/B
CBC dec | 7.74 ns/B 123.2 MiB/s 16.26 c/B
CFB enc | 7.88 ns/B 121.0 MiB/s 16.54 c/B
CFB dec | 7.56 ns/B 126.1 MiB/s 15.88 c/B
OFB enc | 9.02 ns/B 105.8 MiB/s 18.94 c/B
OFB dec | 9.07 ns/B 105.1 MiB/s 19.05 c/B
CTR enc | 7.80 ns/B 122.2 MiB/s 16.38 c/B
CTR dec | 7.81 ns/B 122.2 MiB/s 16.39 c/B
New (ssse3):
AES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 5.77 ns/B 165.2 MiB/s 12.13 c/B
ECB dec | 7.13 ns/B 133.7 MiB/s 14.98 c/B
CBC enc | 5.27 ns/B 181.0 MiB/s 11.06 c/B
CBC dec | 6.39 ns/B 149.3 MiB/s 13.42 c/B
CFB enc | 5.27 ns/B 180.9 MiB/s 11.07 c/B
CFB dec | 5.28 ns/B 180.7 MiB/s 11.08 c/B
OFB enc | 6.11 ns/B 156.1 MiB/s 12.83 c/B
OFB dec | 6.13 ns/B 155.5 MiB/s 12.88 c/B
CTR enc | 5.26 ns/B 181.5 MiB/s 11.04 c/B
CTR dec | 5.24 ns/B 182.0 MiB/s 11.00 c/B
Benchmark on Intel i5-2450M (2.5Ghz, no turbo, aes-ni disabled):
Old (AMD64 asm):
AES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 8.06 ns/B 118.3 MiB/s 20.15 c/B
ECB dec | 8.21 ns/B 116.1 MiB/s 20.53 c/B
CBC enc | 7.88 ns/B 121.1 MiB/s 19.69 c/B
CBC dec | 7.57 ns/B 126.0 MiB/s 18.92 c/B
CFB enc | 7.87 ns/B 121.2 MiB/s 19.67 c/B
CFB dec | 7.56 ns/B 126.2 MiB/s 18.89 c/B
OFB enc | 8.27 ns/B 115.3 MiB/s 20.67 c/B
OFB dec | 8.28 ns/B 115.1 MiB/s 20.71 c/B
CTR enc | 8.02 ns/B 119.0 MiB/s 20.04 c/B
CTR dec | 8.02 ns/B 118.9 MiB/s 20.05 c/B
New (ssse3):
AES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 4.03 ns/B 236.6 MiB/s 10.07 c/B
ECB dec | 5.28 ns/B 180.8 MiB/s 13.19 c/B
CBC enc | 3.77 ns/B 252.7 MiB/s 9.43 c/B
CBC dec | 4.69 ns/B 203.3 MiB/s 11.73 c/B
CFB enc | 3.75 ns/B 254.3 MiB/s 9.37 c/B
CFB dec | 3.69 ns/B 258.6 MiB/s 9.22 c/B
OFB enc | 4.17 ns/B 228.7 MiB/s 10.43 c/B
OFB dec | 4.17 ns/B 228.7 MiB/s 10.42 c/B
CTR enc | 3.72 ns/B 256.5 MiB/s 9.30 c/B
CTR dec | 3.72 ns/B 256.1 MiB/s 9.31 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* random/random-csprng.c (_gcry_rngcsprng_update_seed_file)
(read_pool): Cast keypool and rndpool to 'unsigned long *' through
'void *'.
--
Patch fixes 'cast increases required alignment' warnings seen on GCC:
random-csprng.c: In function '_gcry_rngcsprng_update_seed_file':
random-csprng.c:867:15: warning: cast increases required alignment of target type [-Wcast-align]
for (i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool;
^
random-csprng.c:867:43: warning: cast increases required alignment of target type [-Wcast-align]
for (i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool;
^
random-csprng.c: In function 'read_pool':
random-csprng.c:1023:14: warning: cast increases required alignment of target type [-Wcast-align]
for(i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool;
^
random-csprng.c:1023:42: warning: cast increases required alignment of target type [-Wcast-align]
for(i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool;
^
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'.
--
Patch fixes 'cast increases required alignment' warnings seen on GCC:
scrypt.c: In function '_scryptBlockMix':
scrypt.c:145:22: warning: cast increases required alignment of target type [-Wcast-align]
_salsa20_core ((u32*)X, (u32*)X, 8);
^
scrypt.c:145:31: warning: cast increases required alignment of target type [-Wcast-align]
_salsa20_core ((u32*)X, (u32*)X, 8);
^
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer
from 'char *' to 'memblock_t *' through 'void *'.
(MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'.
--
Patch fixes 'cast increases required alignment' warnings seen on GCC:
secmem.c: In function 'mb_get_next':
secmem.c:140:13: warning: cast increases required alignment of target type [-Wcast-align]
mb_next = (memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size);
^
secmem.c: In function 'mb_get_new':
secmem.c:208:17: warning: cast increases required alignment of target type [-Wcast-align]
mb_split = (memblock_t *) (((char *) mb) + BLOCK_HEAD_SIZE + size);
^
secmem.c: In function '_gcry_secmem_free_internal':
secmem.c:101:3: warning: cast increases required alignment of target type [-Wcast-align]
(memblock_t *) ((char *) addr - BLOCK_HEAD_SIZE)
^
secmem.c:603:8: note: in expansion of macro 'ADDR_TO_BLOCK'
mb = ADDR_TO_BLOCK (a);
^
In file included from secmem.c:40:0:
secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align]
wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
^
g10lib.h:309:54: note: in definition of macro 'wipememory2'
volatile char *_vptr=(volatile char *)(_ptr); \
^
secmem.c:611:3: note: in expansion of macro 'MB_WIPE_OUT'
MB_WIPE_OUT (0xff);
^
secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align]
wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
^
g10lib.h:309:54: note: in definition of macro 'wipememory2'
volatile char *_vptr=(volatile char *)(_ptr); \
^
secmem.c:612:3: note: in expansion of macro 'MB_WIPE_OUT'
MB_WIPE_OUT (0xaa);
^
secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align]
wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
^
g10lib.h:309:54: note: in definition of macro 'wipememory2'
volatile char *_vptr=(volatile char *)(_ptr); \
^
secmem.c:613:3: note: in expansion of macro 'MB_WIPE_OUT'
MB_WIPE_OUT (0x55);
^
secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align]
wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
^
g10lib.h:309:54: note: in definition of macro 'wipememory2'
volatile char *_vptr=(volatile char *)(_ptr); \
^
secmem.c:614:3: note: in expansion of macro 'MB_WIPE_OUT'
MB_WIPE_OUT (0x00);
^
secmem.c: In function '_gcry_secmem_realloc':
secmem.c:644:8: warning: cast increases required alignment of target type [-Wcast-align]
mb = (memblock_t *) ((char *) p - ((size_t) &((memblock_t *) 0)->aligned.c));
^
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through
'void *'.
* cipher/md4.c (md4_final): Use buf_put_* helper instead of
converting 'char *' to 'u32 *'.
* cipher/md5.c (md5_final): Ditto.
* cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto.
* cipher/sha1.c (sha1_final): Ditto.
* cipher/sha256.c (sha256_final): Ditto.
* cipher/sha512.c (sha512_final): Ditto.
* cipher/tiger.c (tiger_final): Ditto.
--
Patch fixes 'cast increases required alignment' warnings seen on GCC:
md.c: In function 'md_open':
md.c:318:23: warning: cast increases required alignment of target type [-Wcast-align]
hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n);
^
md.c: In function 'md_copy':
md.c:491:22: warning: cast increases required alignment of target type [-Wcast-align]
bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n);
^
md4.c: In function 'md4_final':
md4.c:258:20: warning: cast increases required alignment of target type [-Wcast-align]
#define X(a) do { *(u32*)p = le_bswap32((*hd).a) ; p += 4; } while(0)
^
md4.c:259:3: note: in expansion of macro 'X'
X(A);
^
md4.c:258:20: warning: cast increases required alignment of target type [-Wcast-align]
#define X(a) do { *(u32*)p = le_bswap32((*hd).a) ; p += 4; } while(0)
^
md4.c:260:3: note: in expansion of macro 'X'
X(B);
^
[removed the rest]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of
keyschedule arrays to unions u1 and u2.
(keyschedenc32, keyscheddec32): New.
* cipher/rijndael.c (u32_a_t): Remove.
(do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove
casting byte arrays to u32_a_t.
(prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32
and keyscheddec32; Remove casting byte arrays to u32_a_t.
--
Patch fixes 'cast increases required alignment' compiler warnings that GCC was showing:
rijndael.c: In function 'do_setkey':
rijndael.c:310:13: warning: cast increases required alignment of target type [-Wcast-align]
*((u32_a_t*)tk[j]) = *((u32_a_t*)k[j]);
^
rijndael.c:310:34: warning: cast increases required alignment of target type [-Wcast-align]
*((u32_a_t*)tk[j]) = *((u32_a_t*)k[j]);
[removed the rest]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
draft-irtf-cfrg-chacha20-poly1305-03
* cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
counters for AAD and data in Poly1305.
* cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
(poly1305_fill_bytecounts, poly1305_do_padding): New.
(poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
length.
(_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
(_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
(_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
(_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
AAD and data byte counts; only allow 96-bit IV.
* cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
ChaCha20 cipher.
* tests/basic.c (_check_poly1305_cipher): Update test-vectors.
(check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
* tests/bench-slope.c (cipher_bench_one): Ditto.
--
Latest Internet-Draft version for "ChaCha20 and Poly1305 for IETF protocols"
has added additional padding to Poly1305-AEAD and limited support IV size to
96-bits:
https://www.ietf.org/rfcdiff?url1=draft-nir-cfrg-chacha20-poly1305-03&difftype=--html&submit=Go!&url2=draft-irtf-cfrg-chacha20-poly1305-03
Patch makes Poly1305-AEAD implementation to match the changes and limits
Poly1305-AEAD to ChaCha20 only.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/chacha20.c (CHACHA20_CTR_SIZE): New.
(chacha20_ivsetup): Add setup for full counter.
(chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|