Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The module registration interface is not widely used but complicates
the internal operation of Libgcrypt a lot. It also does not allow for
efficient implementation of new algorithm or cipher modes. Further the
required locking of all access to internal module data or functions
would make it hard to come up with a deadlock free pthread_atfork
implementation. Thus we remove the entire subsystem.
Note that the module system is still used internally but it is now
possible to change it without breaking the ABI.
In case a feature to add more algorithms demanded in the future, we
may add one by dlopening modules at startup time from a dedicated
directory.
|
|
This interface has long been deprecated. It was also initially only
declared as an experimental interface. It added its own kind of
complexity and we found that it does not make applications easier to
read. Modern features of Libgcrypt were not supported and its removal
reduces the SLOC which is a Good Thing from a security POV.
|
|
|
|
|
|
|
|
With these changes the entire new pkcs#1 test suite passes fine.
The leading zero bytes used to appear due to mixed signed/unsigned use
of our internal representation of the values as MPIs. The changed code
also detected another bug in the DSA selftest which used the pkcs1
flag - this was certainly wrong but didn't throw an error. The code
in GnuPG does the right thing thus I believe not too many applications
got it as wrong as we in our own selftest.
|
|
|
|
testing.
|
|
|
|
|
|
This allows us to factor the S2k code from gpg and gpg-agent out to
libgcrypt. Created a bunch of test vectors using a hacked gpg 1.4.
The function also implements PBKDF2; tested against the RFC-6070 test
vectors.
|
|
That really boosts the performance of CTR.
|
|
|
|
The AC functions are deprecated for a long time. How we will even
print a warning if they are used.
The module register interface is now also deprecated and the use of
those functions will yield a warning as well.
|
|
This option is useful to disable detected hardware features. It has
been implemented in benchmark, so that it is now possible to run
tests/benchmark --disable-hwf intel-aesni cipher aes aes192 aes256
to compare the use of AES-NI insns to the pure C code.
|
|
This first naive use of the new Intel AES-NI instructions boosts the
performance of AES on CPUs supporting this by 3 to 5 times.
Results from running
./benchmark --cipher-repetitions 10 --large-buffers cipher aes
on a
cpu family : 6
model : 37
model name : Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
stepping : 2
cpu MHz : 3325.494
cache size : 4096 KB
cpu cores : 2
yields this:
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
130ms 110ms 110ms 100ms 110ms 110ms 160ms 150ms 170ms 170ms
40ms 40ms 20ms 30ms 30ms 20ms 70ms 70ms 80ms 80ms
The first line is with runtime switched off AES-NI instructions (don't
set use_aesni in do_setkey), the second with enabled AES-NI. By
fixing the alignment, I hope to squeeze out a little more even with
this naive implementation.
|
|
Check and install the standard git pre-commit hook.
|
|
Also changed quite some trailing white spaces. I never configured
that in Emacs but git diff annoys me with red lines and thus it seems
better to use nuke-trailing-whitespace autmatically. Sorry for the
extra diff lines. A diff filter should help to not show those
changes.
|
|
|
|
|
|
|
|
Update AUTHORS and NEWS.
|
|
|
|
|
|
Fixed some NEWS entries.
Updated copyright lines.
|
|
|
|
|
|
|
|
|
|
|
|
Doc updates.
Allows the use of the strings AES-128, AES-192, AES-256 to specify AES
algorithms.
|
|
|
|
|
|
Add a method to return the current input block.
Use this in the FIPS driver.
|
|
|
|
Various minor fixes.
Sigbus fixes for AES.
|
|
|
|
Documentation updates.
|
|
Add an external RNG test hook.
|
|
|
|
|
|
|
|
|
|
Documentation cleanups.
Removed FIPS logging unless in double verbose state.
|
|
Reordered some code in mpi-bit.c
|
|
Preparing a release candidate.
|
|
FIPS restricted mode. Also some documentation
improvements and other minor enhancements.
See the ChangeLogs. Stay tuned.
|
|
|
|
|