Age | Commit message (Collapse) | Author | Files | Lines |
|
* configure.ac: Add option --disable-neon-support.
(HAVE_GCC_INLINE_ASM_NEON): New.
(ENABLE_NEON_SUPPORT): New.
[arm]: Add 'hwf-arm.lo' as HW feature module.
* src/Makefile.am: Add 'hwf-arm.c'.
* src/g10lib.h (HWF_ARM_NEON): New macro.
* src/global.c (hwflist): Add HWF_ARM_NEON entry.
* src/hwf-arm.c: New file.
* src/hwf-common.h (_gcry_hwf_detect_arm): New prototype.
* src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add
call to _gcry_hwf_detect_arm.
--
Add HW detection module for detecting ARM NEON instruction set. ARM does not
have cpuid instruction so we have to rely on OS to pass feature set information
to user-space. For linux, NEON support can be detected by parsing
'/proc/self/auxv' for hardware capabilities information. For other OSes, NEON
can be detected by checking if platform/compiler only supports NEON capable
CPUs (by check if __ARM_NEON__ macro is defined).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* configure.ac: Add option --disable-avx2-support.
(HAVE_GCC_INLINE_ASM_AVX2): New.
(ENABLE_AVX2_SUPPORT): New.
* src/g10lib.h (HWF_INTEL_AVX2): New.
* src/global.c (hwflist): Add HWF_INTEL_AVX2.
* src/hwf-x86.c [__i386__] (get_cpuid): Initialize registers to zero
before cpuid.
[__x86_64__] (get_cpuid): Initialize registers to zero before cpuid.
(detect_x86_gnuc): Store maximum cpuid level.
(detect_x86_gnuc) [ENABLE_AVX2_SUPPORT]: Add detection for AVX2.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New.
(GCRYCTL_DISABLE_PRIV_DROP): New.
* src/global.c (_gcry_vcontrol): Implement them.
* src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New.
(GCRY_SECMEM_FLAG_NO_PRIV_DROP): New.
* src/secmem.c (no_mlock, no_priv_drop): New.
(_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them.
(lock_pool): Handle no_mlock and no_priv_drop.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRYPT_VERSION_NUMBER): New.
* configure.ac (VERSION_NUMBER): New ac_subst.
* src/global.c (_gcry_vcontrol): Move call to above function ...
(gcry_check_version): .. here.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION)
(BUILD_TIMESTAMP): Define on all platforms.
* compat/compat.c (_gcry_compat_identification): Include revision and
timestamp.
|
|
* src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New.
* src/mpi.h (mpi_is_const, mpi_const): New.
(enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New.
* mpi/mpiutil.c (_gcry_mpi_init): New.
(constants): New.
(_gcry_mpi_free): Do not release a constant flagged MPI.
(gcry_mpi_copy): Clear the const and immutable flags.
(gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support
GCRYMPI_FLAG_CONST.
(_gcry_mpi_const): New.
* src/global.c (global_init): Call _gcry_mpi_init.
* mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and
eight. Change all users to call mpi_const() instead.
* src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag.
--
Allocating the trivial constants newly for every EC context is a waste
of memory and cpu cycles. We instead provide a simple mechanism to
internally support such constants. Using a new flag in THE API also
allows to mark an arbitrary MPI as constant. The drawback of the
constants is the their memory will never be deallocated. However,
that is what constants are about.
|
|
* configure.ac: Add option --disable-avx-support.
(HAVE_GCC_INLINE_ASM_AVX): New.
(ENABLE_AVX_SUPPORT): New.
(camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add
camellia_aesni_avx_x86-64.lo.
* cipher/Makefile.am (AM_CCASFLAGS): Add.
(EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S
* cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT]
[__x86_64__] (USE_AESNI_AVX): Add macro.
(struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx.
[USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc)
(_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly
functions.
(camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware
support both.
(_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code.
(_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code.
* cipher/camellia_aesni_avx_x86-64.S: New.
* src/g10lib.h (HWF_INTEL_AVX): New.
* src/global.c (hwflist): Add HWF_INTEL_AVX.
* src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection
for AVX.
--
Before:
Running each test 250 times.
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
CAMELLIA128 2210ms 2200ms 2300ms 2050ms 2240ms 2250ms 2290ms 2270ms 2070ms 2070ms
CAMELLIA256 2810ms 2800ms 2920ms 2670ms 2840ms 2850ms 2910ms 2890ms 2660ms 2640ms
After:
Running each test 250 times.
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
CAMELLIA128 2200ms 2220ms 2290ms 470ms 2240ms 2270ms 2270ms 2290ms 480ms 480ms
CAMELLIA256 2820ms 2820ms 2900ms 600ms 2860ms 2860ms 2900ms 2920ms 620ms 620ms
AES-NI/AVX implementation works by processing 16 parallel blocks (256 bytes).
It's bytesliced implementation that uses AES-NI (Subbyte) for Camellia sboxes,
with help of prefiltering/postfiltering. For smaller data sets generic C
implementation is used.
Speed-up for CBC-decryption and CTR-mode (large data): 4.3x
Tests were run on: Intel Core i5-2450M
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
(license boiler plate update by wk)
|
|
* configure.ac (GCRYPT_HWF_MODULES): New.
(HAVE_CPU_ARCH_X86, HAVE_CPU_ARCH_ALPHA, HAVE_CPU_ARCH_SPARC)
(HAVE_CPU_ARCH_MIPS, HAVE_CPU_ARCH_M68K, HAVE_CPU_ARCH_PPC)
(HAVE_CPU_ARCH_ARM): New AC_DEFINEs.
* mpi/config.links (mpi_cpu_arch): New.
* src/global.c (print_config): Print new tag "cpu-arch".
* src/Makefile.am (libgcrypt_la_SOURCES): Add hwf-common.h
(EXTRA_libgcrypt_la_SOURCES): New.
(gcrypt_hwf_modules): New.
(libgcrypt_la_DEPENDENCIES, libgcrypt_la_LIBADD): Add that one.
* src/hwfeatures.c: Factor most code out to ...
* src/hwf-x86.c: New file.
(detect_x86_gnuc): Return the feature vector.
(_gcry_hwf_detect_x86): New.
* src/hwf-common.h: New.
* src/hwfeatures.c (_gcry_detect_hw_features): Dispatch using
HAVE_CPU_ARCH_ macros.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* configure.ac: Add option --disable-drng-support.
(ENABLE_DRNG_SUPPORT): New.
* random/rndhw.c (USE_DRNG): New.
(rdrand_long, rdrand_nlong, poll_drng): New.
(_gcry_rndhw_poll_fast, _gcry_rndhw_poll_slow): Call poll function.
* src/g10lib.h (HWF_INTEL_RDRAND): New.
* src/global.c (hwflist): Add "intel-rdrand".
* src/hwfeatures.c (detect_x86_64_gnuc) [ENABLE_DRNG_SUPPORT]: Detect
RDRAND.
(detect_ia32_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND.
--
This patch provides support for using Digital Random Number Generator (DRNG)
engine, which is available on the latest Intel's CPUs. DRNG engine is
accesible via new the RDRAND instruction.
This patch adds the following:
- support for disabling using of rdrand instruction
- checking for RDRAND instruction support using cpuid
- RDRAND usage implementation
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
ChangeLog and editorial changes by wk.
|
|
* random/random-system.c: New.
* random/Makefile.am (librandom_la_SOURCES): Add new module.
* random/random.c (struct rng_types): New.
(_gcry_set_preferred_rng_type, _gcry_get_rng_type): New.
(_gcry_random_initialize, gcry_random_add_bytes, do_randomize)
(_gcry_set_random_seed_file, _gcry_update_random_seed_file)
(_gcry_fast_random_poll): Dispatch to the actual RNG.
* src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New.
GCRYCTL_GET_CURRENT_RNG_TYPE): New.
(gcry_rng_types): New.
* src/global.c (print_config): Print the TNG type.
(global_init, _gcry_vcontrol): Implement the new control codes.
* doc/gcrypt.texi (Controlling the library): Document the new control
codes.
* tests/benchmark.c (main): Add options to test the RNG types.
* tests/random.c (main): Add new options.
(print_hex): Print to stderr.
(progress_cb, rng_type): New.
(check_rng_type_switching, check_early_rng_type_switching): New.
(run_all_rng_tests): New.
--
The purpose of this change is to allow applications with moderate
random requirements to use the system's RNG (e.g. /dev/urandom). The
type switching logic makes sure that existing applications won't be
affected by this change. A library is in almost all cases not able to
degrade the quality of the RNG. The definition of "degrade" comes
from our own assertion of the quality/trustworthiness of the RNGs:
The most trustworthy RNG is the CSPRNG which dates back to the early
GnuPG days. It is quite conservative and often requires more seeding
than might be justified. GCRY_RNG_TYPE_STANDARD is the default unless
the process is in FIPS mode.
The second trustworthy RNG is the FIPS recommended X9.81 AES based
implementation. It is seeded by the system's RNG. GCRY_RNG_TYPE_FIPS
is the only available RNG if running in FIPS mode.
The third trustworthy RNG is a mere wrapper around the system's native
RNG. Thus there is no extra step on top of what, for example,
/dev/random provides. GCRY_RNG_TYPE_SYSTEM may be used by
applications which would use /dev/random or /dev/urandom instead.
|
|
* doc/gcrypt.texi: Add documentation of the new command.
* src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
only when fips mode is enabled.
(_gcry_set_enforced_fips_mode): New function.
* src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
* src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG.
* src/global.c (_gcry_vcontrol): Handle the new command.
|
|
* src/ath.c: Include assert.h.
(ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK.
* src/g10lib.h (_gcry_secmem_module_init): New declaration.
* src/global.c (global_init): Call _gcry_secmem_module_init.
* src/secmem.c (_gcry_secmem_module_init): New function.
|
|
This is only a first step. We will need to either implement
pthread_atfork or - better - make use use POSIX RT semaphores.
|
|
This interface has long been deprecated. It was also initially only
declared as an experimental interface. It added its own kind of
complexity and we found that it does not make applications easier to
read. Modern features of Libgcrypt were not supported and its removal
reduces the SLOC which is a Good Thing from a security POV.
|
|
realloc (NULL, n) shall behave exactly like malloc (n)
and realloc (p, 0) like free.
Not all platforms implement this correctly thus we now handle this
directly in gcry_realloc.
|
|
|
|
|
|
This option is useful to disable detected hardware features. It has
been implemented in benchmark, so that it is now possible to run
tests/benchmark --disable-hwf intel-aesni cipher aes aes192 aes256
to compare the use of AES-NI insns to the pure C code.
|
|
|
|
Check and install the standard git pre-commit hook.
|
|
Started some work on dumpsexp.
|
|
|
|
|
|
|
|
Type fix.
Made sure that gcry_free preserves ERRNO.
|
|
Add a method to return the current input block.
Use this in the FIPS driver.
|
|
|
|
|
|
Documentation updates.
|
|
|
|
Add an external RNG test hook.
|
|
Enter error state after a failed key generation tests.
|
|
|
|
FIPS cleanups.
Documentation upodates.
|
|
|
|
Documentation cleanups.
Removed FIPS logging unless in double verbose state.
|
|
Added framework for running RNG tests.
Added an experimental option --enable-hmac-binary-check to configure.
--This line, and those below, will be ignored--
M src/fips.c
M src/cipher-proto.h
M src/global.c
M src/hmac256.c
M src/ChangeLog
M src/hmac256.h
M src/Makefile.am
M tests/Makefile.am
M configure.ac
M doc/gcrypt.texi
M random/random-fips.c
M random/random.c
M random/rand-internal.h
M random/random.h
M random/ChangeLog
M ChangeLog
M README
|
|
|
|
FIPS restricted mode. Also some documentation
improvements and other minor enhancements.
See the ChangeLogs. Stay tuned.
|
|
This can be improved by using fucntion aliases instead
of wrapper functions.
|
|
Put Camellia symbols into our namespace.
|
|
|
|
|
|
* README.apichanges: Move to doc/.
* Makefile.am (EXTRA_DIST): Removed that file.
doc/
* HACKING: New. Two items by Marcus.
* README.apichanges: Move from .. to here.
* Makefile.am (EXTRA_DIST): Add new files.
mpi/
* config.links: Create a file mod-source-info.h.
* Makefile.am (DISTCLEANFILES): Add that file.
* mpiutil.c (_gcry_mpi_get_hw_config): New.
src/
* global.c (gcry_control): New.
* gcrypt.h.in (GCRYCTL_DUMP_CONFIG): New.
tests/
* version.c: New.
* Makefile.am (TESTS): Add version.
|
|
|
|
Ported some changes from 1.2 to here.
|
|
|
|
Support for DSA2.
|
|
Add a way to check whether the RNG is in fake mode.
|
|
|
|
many (but not all) places.
|