Age | Commit message (Collapse) | Author | Files | Lines |
|
* cipher/dsa.c: Release memory for MPI and sexp structures.
* cipher/ecc.c: Release memory for sexp structure.
* tests/keygen.c: Likewise.
--
These leaks broke the mpitests, basic and keygen tests when running
under AddressSanitizer.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Minor formatting changes by -wk.
|
|
* mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked.
--
Requires libgpg-error 1.22 (unreleased) for the macros, but since it is
a minor debugging aid, do not bump the minimum required version.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
* src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New.
* cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature.
* tests/basic.c (_check_gcm_cipher): Check that new feature.
(_check_poly1305_cipher): Ditto.
(check_ccm_cipher): Ditto.
(do_check_ocb_cipher): Ditto.
(check_ctr_cipher): Add negative test for new feature.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN
has been initialized.
(_gcry_cipher_gcm_decrypt): Ditto.
(_gcry_cipher_gcm_authenticate): Ditto.
(_gcry_cipher_gcm_initiv): Ditto.
(_gcry_cipher_gcm_tag): Ditto.
--
Avoid a crash if certain functions are used before setkey.
Reported-by: Peter Wu <peter@lekensteyn.nl>
One crash is not fixed, that is the crash when setkey is not invoked
before using the GCM ciphers (introduced in the 1.7.0 cycle). Either
these functions should check that the key is present, or they should
initialize the ghash table earlier. Affected functions:
_gcry_cipher_gcm_encrypt
_gcry_cipher_gcm_decrypt
_gcry_cipher_gcm_authenticate
_gcry_cipher_gcm_initiv
(via _gcry_cipher_gcm_setiv)
_gcry_cipher_gcm_tag
(via _gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag)
Regression-due-to: 4a0795af021305f9240f23626a3796157db46bd7
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the
provided tag length matches the actual tag length.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/cipher-poly1305.c: copy a fixed length instead of the
user-supplied number.
--
The outbuflen is used to check the minimum size, the real tag is always
of fixed length.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
* cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided
tag length matches the actual tag length. Avoid gratuitous return
statements.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
number.
--
The outbuflen is used to check the minimum size, the real tag is always
of fixed length.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Actually this is not a buffer overrun because we copy not more than
has been allocated for OUTBUF. However a too long OUTBUFLEN accesses
data outside of the source buffer. -wk
|
|
(main): Add option --fips.
* tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539
because that is valid in FIPS mode. Check that key generation fails
for too short keys in FIPS mode.
(check_ecc_keys): Check that key generation fails for Ed25519 keys in
FIPS mode.
--
This option allows to test the FIPS mode manually for key generation.
We should eventually expand all tests to allow testing in FIPS mode in
non FIPS enabled boxes.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/primegen.c (_gcry_fips186_4_prime_check): New.
* cipher/rsa.c (generate_fips): New.
(rsa_generate): Use new function in fips mode or with test-parms.
* tests/keygen.c (check_rsa_keys): Add test using e=65539.
--
Signed-off-by: Tomáš Mráz <tmraz@redhat.com>
Tomáš's patch war originally for libgcrypt 1.6.3 and has been ported
to master (1.7) by wk. Further changes:
- ChangeLog entries.
- Some re-indentation
- Use an extra test case instead of changing an existing one.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive
instead of '.thumb'.
--
Fix allows building ARM NEON assembly implementations when compiler
target is ARMv6. This enables NEON implementations on ARMv7+NEON CPUs
running on ARMv6 OS (for example, Raspbian on Raspberry Pi 2/3).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* configure.ac (available_digests_64): Merge with available_digests.
(available_kdfs_64): Merge with available_kdfs.
<64 bit datatype test>: Bail out if no such type is available.
* src/types.h: Emit #error if no u64 can be defined.
(PROPERLY_ALIGNED_TYPE): Always add u64 type.
* cipher/bithelp.h: Remove all code paths which handle the
case of !HAVE_U64_TYPEDEF.
* cipher/bufhelp.h: Ditto.
* cipher/cipher-ccm.c: Ditto.
* cipher/cipher-gcm.c: Ditto.
* cipher/cipher-internal.h: Ditto.
* cipher/cipher.c: Ditto.
* cipher/hash-common.h: Ditto.
* cipher/md.c: Ditto.
* cipher/poly1305.c: Ditto.
* cipher/scrypt.c: Ditto.
* cipher/tiger.c: Ditto.
* src/g10lib.h: Ditto.
* tests/basic.c: Ditto.
* tests/bench-slope.c: Ditto.
* tests/benchmark.c: Ditto.
--
Given that SHA-2 and some other algorithms require a 64 bit type it
does not make anymore sense to conditionally compile some part when
the platform does not provide such a type.
GnuPG-bug-id: 1815.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
* tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
* tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
(check_ecc_keys): Skip Ed25519 in FIPS mode.
* tests/random.c (main): Don't switch DRBG in FIPS mode.
* tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
* tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
* tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
(main): Skip math tests that use P-192 and Ed25519 in FIPS.
--
Fix the testsuite to make it pass after the FIPS adjustmens.
This consists mostly of disabling the tests that use not approved
curves and algorithms as well as increasing the keysizes.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Removed changes already done with commit e40939b. The original
patch had these chnages:
* tests/fips186-dsa.c (main): Merely suggest a future improvement.
* tests/pubkey.c (get_dsa_key_*new): Increase keysizes.
(check_run): Skip tests with small domain in FIPS.
(main): Skip Ed25519 sample key test in FIPS.
Noet that get_dsa_key_fips186_with_seed_new was not changed from
1024 to 3072 but to 2048 bit.
- Return with 77 (skip) from t-ed25519.c in FIPS mode.
- Some code style changes.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length
to 0 for PSS.
--
Add new --pss option to fipsdrv to specify RSA-PSS signature encoding.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Added by wk:
- Help string for --pss
- Check that only --pss or --pkcs1 is given.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for
salt-length token.
--
Add possibility to use a different salt length for RSASSA-PSS
verification instead of the default 20.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Detect overlong salt-length
- Release LIST on error.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/fipsdrv.c (run_rsa_keygen): New.
(main): Support RSA keygen and RSA keygen KAT tests.
--
In fipsdrv implement support for KeyGen_RandomProbablyPrime
and Known Answer Test for probably primes RSA2VS tests.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|
* tests/basic.c (get_keys_new): Generate 2048 bit key.
* tests/benchmark.c (rsa_bench): Skip keys of lengths different
than 2048 and 3072 in FIPS mode.
* tests/keygen.c (check_rsa_keys): Failure if short keys can be
generated in FIPS mode.
(check_dsa_keys): Ditto for DSA keys.
* tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
--
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Remove printing of "FAIL" in fail() because this is reserved for
use by the test driver of the Makefile.
- Move setting of IN_FIPS_MODE after gcry_check_version in keygen.c
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (selftests_rsa): Use 2048 bit keys.
(selftest_encr_1024): Replaced by selftest_encr_2048.
(selftest_sign_1024): Replaced by selftest_sign_2048.
(selftest_encr_2048): Add check against known ciphertext.
(selftest_sign_2048): Add check against known signature.
(selftest_sign_2048): Free SIG_MPI.
* tests/pubkey.c (get_keys_new): Generate 2048 bit keys.
--
Use a 2048 bit keys for RSA selftest.
Check against the known signature/ciphertext after signing/encryption
in the selftests.
Also generate 2k keys in tests/pubkey.
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Reformat some strings and comments.
- Replace a free by xfree.
- Free SIG_MPI.
- Make two strings static.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/cipher.c (_gcry_cipher_init),
* cipher/mac.c (_gcry_mac_init),
* cipher/md.c (_gcry_md_init),
* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
non-allowed ciphers.
* cipher/md5.c: Mark MD5 as not allowed in FIPS.
* src/g10lib.h (_gcry_mac_init): New.
* src/global.c (global_init): Call the new _gcry_mac_init.
* tests/basic.c (check_ciphers): Fix a typo.
--
When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|
* cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long.
--
The previous pacth has no effect because on almost all platformans an
unsigned int is 32 bit and thus the 0xffffffff is anyway the largest
value. This patch changes the variable to an unsigned long so that at
least on common 64 bit Unix systems (but not on 64 bit Windows) there
is an actual check.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen.
--
Add a missing step 1 from PBKDF specification.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|
* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
* cipher/ecc.c: Add ECDSA self test.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
* tests/fipsdrv.c: Add support for ECDSA signatures.
--
Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.
Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Minor source code re-formatting by -wk.
|
|
* cipher/dsa.c (sample_secret_key_1024): Comment out unused constant.
(ogenerate_fips186): Make it work with use-fips183-2 flag.
* cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs
standard comment out format.
* tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion.
(main): Call it.
(main): Compare against current version.
* tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key.
(get_dsa_key_fips186_with_seed_new): Ditto.
(get_dsa_key_fips186_with_domain_new): Comment out.
(check_run): Do not call that function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments.
* cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect
buflen passed to _gcry_mpi_scan.
--
Generate the DSA keypair by testing candidates. (FIPS 186-4 B.1.2)
Use 2048 bit key for the selftest.
Allow only 2048 and 3072 as pbits size.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs
must be set to NULL first, and document how the function behaves in
case of errors.
* src/sexp.c (_gcry_sexp_extract_param): Likewise.
* src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from
'_gcry_sexp_extract_param'.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact
that a curve parameter can be given.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/Makefile.am: Add 'crc-intel-pclmul.c'.
* cipher/crc-intel-pclmul.c: New.
* cipher/crc.c (USE_INTEL_PCLMUL): New macro.
(CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'.
[USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul)
(gcry_crc24rfc2440_intel_pclmul): New.
(crc32_init, crc32rfc1510_init, crc24rfc2440_init)
[USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL
HW features detected.
(crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL
implementation if enabled.
(crc24_init): Document storage format of 24-bit CRC.
(crc24_next4): Use only 'data' for last table look-up.
* configure.ac: Add 'crc-intel-pclmul.lo'.
* src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include
Intel SSE4.1.
* src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection.
* src/hwfeatures.c (hwflist): Add 'intel-sse4.1'.
* tests/basic.c (fillbuf_count): New.
(check_one_md): Add "?" check (million byte data-set with byte pattern
0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?"
checks.
(check_one_md_multi): Skip "?".
(check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256,
SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160,
CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!"
test-vectors for CRC32_RFC1510 and CRC24_RFC2440.
--
Add Intel PCLMUL accelerated implmentations of CRC algorithms.
CRC performance is improved ~11x on x86_64 and i386 on Intel
Haswell, and ~2.7x on Intel Sandy-bridge.
Benchmark on Intel Core i5-4570 (x86_64, 3.2 Ghz):
Before:
| nanosecs/byte mebibytes/sec cycles/byte
CRC32 | 0.865 ns/B 1103.0 MiB/s 2.77 c/B
CRC32RFC1510 | 0.865 ns/B 1102.7 MiB/s 2.77 c/B
CRC24RFC2440 | 0.865 ns/B 1103.0 MiB/s 2.77 c/B
After:
| nanosecs/byte mebibytes/sec cycles/byte
CRC32 | 0.079 ns/B 12051.7 MiB/s 0.253 c/B
CRC32RFC1510 | 0.079 ns/B 12050.6 MiB/s 0.253 c/B
CRC24RFC2440 | 0.079 ns/B 12100.0 MiB/s 0.252 c/B
Benchmark on Intel Core i5-4570 (i386, 3.2 Ghz):
Before:
| nanosecs/byte mebibytes/sec cycles/byte
CRC32 | 0.860 ns/B 1109.0 MiB/s 2.75 c/B
CRC32RFC1510 | 0.861 ns/B 1108.3 MiB/s 2.75 c/B
CRC24RFC2440 | 0.860 ns/B 1108.6 MiB/s 2.75 c/B
After:
| nanosecs/byte mebibytes/sec cycles/byte
CRC32 | 0.078 ns/B 12207.0 MiB/s 0.250 c/B
CRC32RFC1510 | 0.078 ns/B 12207.0 MiB/s 0.250 c/B
CRC24RFC2440 | 0.080 ns/B 11925.6 MiB/s 0.256 c/B
Benchmark on Intel Core i5-2450M (x86_64, 2.5 Ghz):
Before:
| nanosecs/byte mebibytes/sec cycles/byte
CRC32 | 1.25 ns/B 762.3 MiB/s 3.13 c/B
CRC32RFC1510 | 1.26 ns/B 759.1 MiB/s 3.14 c/B
CRC24RFC2440 | 1.25 ns/B 764.9 MiB/s 3.12 c/B
After:
| nanosecs/byte mebibytes/sec cycles/byte
CRC32 | 0.451 ns/B 2114.3 MiB/s 1.13 c/B
CRC32RFC1510 | 0.451 ns/B 2114.6 MiB/s 1.13 c/B
CRC24RFC2440 | 0.457 ns/B 2085.0 MiB/s 1.14 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP.
--
Thanks to Dan Fandrich for the report with a reproducible test case.
GnuPG-bug-id: 2256
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* src/Makefile.am: Move gcrypt.h from include_HEADERS to
nodist_include_HEADERS to prevent inclusion in release tarball.
This could break out-of-tree-builds because the potentially outdated
src/gcrypt.h was not updated but was in the compiler search path.
|
|
* random/random-drbg.c: Remove include for sys/types.h and asm/types.h.
(DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH)
(DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384)
(DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192)
(DRBG_SYM256): Change 'u_int32_t' to 'u32'.
(drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters
'drbg_read_cb' and 'len'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/random.c (main): Run check_drbg_reinit only if the envvar
GCRYPT_IN_REGRESSION_TEST is set.
--
Without a hardware entropy generator (e.g. the moonbase token) running
the regression suite would take too long. We better use a set of test
vectors when run from "make check".
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* doc/Makefile.am (gcrypt.texi): Use the right traget.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random-fips.c: Remove.
--
The ANSI X9.31 DRNG is removed as it is completely replaced with the
SP800-90A DRBG.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
|
* src/global.c (_gcry_vcontrol) <DRBG_REINIT>: Test for FIPS RNG.
* tests/random.c (check_drbg_reinit): New.
(main): Call new test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/random-drbg.c (DRBG_DEFAULT_TYPE): New.
(_drbg_init_internal): Set the default type if no type has been set
before.
(_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default.
--
Without this change we can't call GCRYCTL_DRBG_REINIT before
intialization.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt-testapi.h: New.
* src/Makefile.am (libgcrypt_la_SOURCES): Add new file.
* random/random.h: Include gcrypt-testapi.h.
(struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h.
* src/global.c: Include gcrypt-testapi.h.
(_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61.
* cipher/cipher.c: Include gcrypt-testapi.h.
(_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62.
* tests/fipsdrv.c: Include gcrypt-testapi.h. Remove definition of
PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_
constants.
* tests/t-lock.c: Include gcrypt-testapi.h. Remove
PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants.
* random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ...
(_gcry_rngdrbg_cavs_test): this.
(gcry_rngdrbg_healthcheck_one): Rename to ...
(_gcry_rngdrbg_healthcheck_one): this.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/random.h (struct gcry_drbg_test_vector): Rename "flags" to
"flagstr" and turn it into a string.
* random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of
designated initializers. Use a string for the flags.
(gcry_rngdrbg_cavs_test): Parse the flag string into a flag value.
(drbg_healthcheck_sanity): Ditto.
--
Libgcrypt needs to be build-able on C-90 only systems and thus we
can't use C-99 designated initializers. Because we have removed the
flag macros from the API we should not use them in the CAVS test code
either. Thus they are replaced by the flag string which also tests
the flag string parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/random-drbg.c: Rename all static objects and macros from
"gcry_drbg" to "drbg".
(drbg_string_t): New typedef.
(drbg_gen_t): New typedef.
(drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by
this.
(_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so
that an error if actually returned.
(gcry_rngdrbg_cavs_test): Ditto.
(gcry_drbg_healthcheck_sanity): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/random-drbg.c: Rename global functions from _gcry_drbg_*
to _gcry_rngdrbg_*.
* random/random.c: Adjust for this change.
* src/global.c: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/drbg.c: Rename to ...
* random/random-drbg.c: this.
* random/Makefile.am (librandom_la_SOURCES): Adjust accordingly.
--
We should stick to our name comventions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (struct gcry_drbg_gen): Move to random/drbg.c.
(struct gcry_drbg_string): Ditto.
(gcry_drbg_string_fill): Ditto.
(gcry_randomize_drbg): Remove.
* random/drbg.c (parse_flag_string): New.
(_gcry_drbg_reinit): Change the way the arguments are passed.
* src/global.c (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: Change calling
convention.
--
It does not make sense to extend the API for a somewhat questionable
feature. For GCRYCTL_DRBG_REINIT we change to use a string with flags
and libgcrypt's native buffer data structure.
NB: GCRYCTL_DRBG_REINIT has not been tested!
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/misc.c (_gcry_strtokenize): New.
--
The code has been taken from GnuPG and re-licensed to LPGLv2+ by me as
its original author. Minor changes for use in Libgcrypt.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRY_DRBG_): Remove all new flags to ...
* random/drbg.c: here.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/drbg.c: New.
* random/random.c (_gcry_random_initialize): Replace rngfips init by
drbg init.
(__gcry_random_close_fds): Likewise.
(_gcry_random_dump_stats): Likewise.
(_gcry_random_is_faked): Likewise.
(do_randomize): Likewise.
(_gcry_random_selftest): Likewise.
(_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize.
(_gcry_random_init_external_test): Remove.
(_gcry_random_run_external_test): Remove.
(_gcry_random_deinit_external_test): Remove.
* random/random.h (struct gcry_drbg_test_vector): New.
* src/gcrypt.h.in (struct gcry_drbg_gen): New.
(struct gcry_drbg_string): New.
(gcry_drbg_string_fill): New.
(gcry_randomize_drbg): New.
(GCRY_DRBG_): Lots of new macros.
* src/global.c (_gcry_vcontrol) <Init external random test>: Turn into
a nop.
(_gcry_vcontrol) <Deinit external random test>: Ditto.
(_gcry_vcontrol) <Run external random test>: Change.
(_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: New.
--
This patch set adds the SP800-90A DRBG for AES128, AES192, AES256 with
derivation function, SHA-1 through SHA-512 with derivation function,
HMAC SHA-1 through HMAC SHA-512. All DRBGs are provided with and without
prediction resistance. In addition, all DRBGs allow reseeding by the
caller.
The default DRBG is HMAC SHA-256 without prediction resistance.
The caller may re-initialize the DRBG with the control
GCRYCTL_DRBG_REINIT:
The patch replaces the invocation of the existing ANSI X9.31 DRNG. This
covers the control calls of 58 through 60. Control call 58 and 60 are
simply deactivated. Control 59 is replaced with the DRBG CAVS test
interface.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
ChangeLog entries added by -wk
|
|
* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Disable for
__powerpc__ and __powerpc64__.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
--
Add license and copyright statement for cipher/arcfour-amd64.S (public
domain) and cipher/cipher-ocb.c (OCB license 1)
|
|
* cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory.
* mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|