| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--
The implementation (*.h, *.c) says:
License: see LICENSE file in root directory
I think that user may look the LICENSES file, instead.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
Unicode characters are replaced or removed (quotation mark, minus, and
BOM). Inconsistent Tab is replaced to spaces.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* mpi/mpiutil.c (_gcry_mpi_copy): Support zero length.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (safe_div): New.
(get_slope): Make static; Skip if number of points is too small; Use
safe_div.
(do_slope_benchmark): Retry benchmark if result does not make sense;
Limit retries to 4 for non-auto-ghz and 1000 for auto-ghz.
(get_auto_ghz, do_slope_benchmark, bench_print_result_csv)
(bench_print_result_std): Use safe_div.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (md_open): Initialize ctx with wipememory2 instead
of memset.
--
GCC 11 gives warning on use of memset:
warning: '__builtin_memset' offset [0, 19] is out of the bounds [0, 0] [-Warray-bounds]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/sha512.c (SHA512_STATESHA256_CONTEXT): Replace h0-h7 with h[8].
(do_sha512_transform_i386_ssse3, do_sha512_transform_ppc8)
(do_sha512_transform_ppc9, do_sha512_transform_s390x)
(do_sha512_final_s390x, sha512_init, sha384_init, sha512_256_init)
(sha512_224_init, do_transform_generic, sha512_final): Convert use
of h0-h7 to h[0]-h[7].
--
GCC-11 gives following warning on sha512.c:
warning: 'func' accessing 64 bytes in a region of size 8
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/poly1305.c [HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS]
(ADD_1305_32): Reduce number of register operands.
--
Ubuntu 21.10 arm-linux-gnueabihf-gcc gave following error with -O3:
poly1305.c: In function '_gcry_poly1305_update_burn':
cipher/poly1305.c:425:7: error: 'asm' operand has impossible constraints
425 | ADD_1305_32(h4, h3, h2, h1, h0, m4, m3, m2, m1, m0);
| ^
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_sign_md): Reject SHA-1 when FIPS.
(_gcry_pk_verify_md): Likewise.
--
GnuPG-bug-id: 5665
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (run_digest_selftests): Skip SHA256 selftest if they were
already executed as part of the integrity check.
(run_mac_selftests): Skip HMAC-SHA256 selftest if they were already
executed as part of the integrity check.
(run_hmac_sha256_selftests): Run SHA256 selftest too.
(_gcry_fips_run_selftests): Run the sha256 selftests regardless of the
fips mode status.
--
Prevent running the SHA256 tests twice and runs the SHA256 test
before the HMAC-SHA256 also from when manually invoked.
GnuPG-bug-id: 5617
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (run_hmac_sha256_selftests): New function.
(_gcry_fips_run_selftests): Move integrity check earlier and run
HMAC-SHA256 tests before that.
--
GnuPG-bug-id: 5617
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (generate_fips): Allow any larger key than 2k in FIPS
mode.
--
The NIST.SP.800-131Ar2, Table 2 explicitly mentions the approved RSA
sizes to be:
len(n) ≥ 2048 to be
On the other hand, older standard NIST.FIPS.186-4, section 5.1 describes
only 1024, 2048 and 3072 bits sizes and Federal government shall used
one of these.
But the NIST.FIPS.186-5 draft already clarified that
> This standard specifies the use of a modulus whose bit length is an
> even integer and greater than or equal to 2048 bits.
GnuPG-bug-id: 5645
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (DEF_HMAC_BINARY_CHECK): New SUBSTITUTION.
(DL_LIBS): Fix the condition.
* src/Makefile.am (libgcrypt_la_CFLAGS): Use DEF_HMAC_BINARY_CHECK.
(hmac256_CFLAGS): Likewise.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* src/fips.c (KEY_FOR_BINARY_CHECK): Allow supplying externally.
* src/hmac256.c: Use KEY_FOR_BINARY_CHECK macro.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/sha256.c (SHA256_CONTEXT): Replace h0-h7 with h[8].
(do_sha256_transform_amd64_ssse3, do_sha256_transform_amd64_avx)
(do_sha256_transform_amd64_avx2, do_sha256_transform_intel_shaext)
(do_sha256_transform_armv8_ce, do_sha256_transform_ppc8)
(do_sha256_transform_ppc9, do_sha256_transform_s390x)
(do_sha256_final_s390x, sha256_init, sha224_init)
(do_transform_generic, sha256_final): Convert use of h0-h7 to h[0]-h[7].
--
GCC-11 gives following warning on sha256.c:
warning: 'func' accessing 32 bytes in a region of size 4
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_sign_md, _gcry_pk_verify_md): New.
(_gcry_pk_random_override_new): New.
(_gcry_pk_get_random_override): New.
* src/gcrypt-int.h: Add those routines.
* src/context.h (CONTEXT_TYPE_RANDOM_OVERRIDE): New.
* src/context.c (_gcry_ctx_alloc, _gcry_ctx_release): Handle
CONTEXT_TYPE_RANDOM_OVERRIDE.
* src/gcrypt.h.in (gcry_error_t gcry_pk_hash_sign): New.
(gcry_error_t gcry_pk_hash_verify): New.
(gcry_pk_random_override_new): New.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.c (gcry_pk_hash_sign, gcry_pk_hash_verify): New.
(gcry_pk_random_override_new): New.
* src/visibility.h: Add those routines.
--
GnuPG-bug-id: 4894
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/dsa.c (sign): Add an argument K for DSA.
(test_keys, dsa_sign): Follow the change.
* cipher/ecc-common.h (_gcry_ecc_ecdsa_sign): Likewise for ECDSA.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise for ECDSA.
* cipher/ecc.c (test_keys, ecc_sign): Follow the change.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support "label"
for K.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* random/random-csprng.c [HAVE_W32_SYSTEM]: Include <windows.h>.
* tests/bench-slope.c [_WIN32]: Include <windows.h>.
--
Removal of <winsock2.h> include from 'gcrypt.h' broke building
random-csprng.c and bench-slope.c on x86_64-w64-mingw32 target.
GnuPG-bug-id: 5637
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (FALLBACK_SOCKLEN_T): Remove.
* src/gcrypt.h.in: Remove FALLBACK_SOCKLEN_T.
--
GnuPG-bug-id: 5637
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (INSERT_SYS_SELECT_H): Remove.
Remove checking sys/select.h.
* src/gcrypt.h.in: Remove INSERT_SYS_SELECT_H.
--
It has been no use any more.
GnuPG-bug-id: 5637
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/rndlinux.c (open_device): Use poll.
(_gcry_rndlinux_gather_random): Use poll.
--
Merging a patch for Fedora/RedHat for _gcry_rndlinux_gather_random.
Also change open_device for completeness. Use of sleep(3) would be OK
here, but it may use SIGALRM on some systems, which is not good as a
library.
GnuPG-bug-id: 5637
Co-authored-by: Tomáš Mráz <tm@t8m.info>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 5581
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* tests/cavs_driver.pl: Remove.
* tests/cavs_tests.sh: Remove
* tests/Makefile.am: (EXTRA_DIST): Remove them.
--
GnuPG-bug-id: 5540
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* m4/libtool.m4: Not setting 10.0 to MACOSX_DEPLOYMENT_TARGET when not
defined. Only specify -flat_namespace to linker for specific
(older) versions and hosts.
--
Original patch was by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
in
https://lists.gnu.org/archive/html/libtool-patches/
2020-06/msg00001.html
Reported-by: Aleix Conchillo Flaque
GnuPG-bug-id: 5610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* src/Makefile.am (hmac256_SOURCES): Add hmac256.h.
--
Fixes-commit: c9acca865ba4abaa4443712f87fb8926fe7ad8b7
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* README: Document new --with-fips-module-version=version switch
* configure.ac: Implementation of the --with-fips-module-version
* src/global.c (print_config): Print FIPS module version from above
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Moved the module version to a 3rd field to keep the semantics of that
line.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 1600
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (generate_fips): Drop reference to enforced fips mode and
use normal FIPS mode check
* doc/gcrypt.texi: Drop references to enforced FIPS mode
* src/fips.c (enforced_fips_mode): Removed
(_gcry_initialize_fips_mode): Remove reading of the FIPS_FORCE_FILE
to enforce FIPS mode
(_gcry_enforced_fips_mode): Remove
(_gcry_set_enforced_fips_mode): Remove
* src/g10lib.h (_gcry_enforced_fips_mode): Remove declaration
(_gcry_set_enforced_fips_mode): Remova declaration
* src/global.c (print_config): Remove the forced fips flag
(_gcry_vcontrol): Deprecate GCRYCTL_SET_ENFORCED_FIPS_FLAG
(get_no_secure_memory): Ignore the option in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(_gcry_vcontrol): Simply ignore GCRYCTL_SET_ENFORCED_FIPS_FLAG.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5244
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (_gcry_md_hash_buffer): Remove inactivation of FIPS mode
when MD5 is used
(_gcry_md_hash_buffers_extract): Ditto.
* src/fips.c (gcry_is_fips_mode_inactive): Removed
(_gcry_inactivate_fips_mode): Removed
(_gcry_is_fips_mode_inactive): Removed
* src/g10lib.h (_gcry_inactivate_fips_mode): Remove declaration
(_gcry_is_fips_mode_inactive): Remove declaration
* global.c (_gcry_vcontrol): Update the GCRYCTL_FIPS_MODE_P
(_gcry_set_allocation_handler): Silently ignore custom alocation
handlers in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/curves.c (check_matching): When FIPS mode enabled, skip a test
with sample_key_2, which uses brainpoolP160r1 curve.
(check_get_params): Replace "error_expected" filed to "flags" to hold
TEST_ERROR_EXPECTED and/or TEST_NOFIPS. Put TEST_NOFIPS flags for
non-FIPS curves. When FIPS mode enabled, don't skip supported curves.
--
(ChangeLog entry and link to tracker are written by gniibe.)
GnuPG-bug-id: 5520
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
| |
* tests/curves.c: Typo in comment
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
| |
* cipher/pubkey-util.c (get_hash_algo): Add.
* cipher/sha512.c (sha512_256_asn, sha512_224_asn): Fill correct values.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support internal
hashing.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_decrypt): Call
wipememory.
--
Note that gcry_cipher_close will do this also but some applications
keep the context for a long time and thus plaintext could be found in
memory during the time the context is open.
GnuPG-bug-id: 5597
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-armv8-aarch32-ce.S
(_gcry_aes_ctr32le_enc_armv8_ce): New.
* cipher/rijndael-armv8-aarch64-ce.S
(_gcry_aes_ctr32le_enc_armv8_ce): New.
* cipher/rijndael-armv8-ce.c
(_gcry_aes_ctr32le_enc_armv8_ce)
(_gcry_aes_armv8_ce_ctr32le_enc): New.
* cipher/rijndael.c
(_gcry_aes_armv8_ce_ctr32le_enc): New prototype.
(do_setkey): Add setup of 'bulk_ops->ctr32le_enc' for ARMv8-CE.
--
Benchmark on Cortex-A53 (aarch64):
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
GCM-SIV enc | 11.77 ns/B 81.03 MiB/s 7.63 c/B 647.9
GCM-SIV dec | 11.92 ns/B 79.98 MiB/s 7.73 c/B 647.9
GCM-SIV auth | 2.99 ns/B 318.9 MiB/s 1.94 c/B 648.0
After (~2.4x faster):
AES | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
GCM-SIV enc | 4.66 ns/B 204.5 MiB/s 3.02 c/B 647.9
GCM-SIV dec | 4.82 ns/B 198.0 MiB/s 3.12 c/B 647.9
GCM-SIV auth | 3.00 ns/B 318.4 MiB/s 1.94 c/B 648.0
GnuPG-bug-id: T4485
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-gcm-siv.c (do_ctr_le32): Use bulk function if
available.
* cipher/cipher-internal.h (cipher_bulk_ops): Add 'ctr32le_enc'.
* cipher/rijndael-aesni.c (_gcry_aes_aesni_ctr32le_enc): New.
* cipher/rijndael-vaes-avx2-amd64.S
(_gcry_vaes_avx2_ctr32le_enc_amd64, .Lle_addd_*): New.
* cipher/rijndael-vaes.c (_gcry_vaes_avx2_ctr32le_enc_amd64)
(_gcry_aes_vaes_ctr32le_enc): New.
* cipher/rijndael.c (_gcry_aes_aesni_ctr32le_enc)
(_gcry_aes_vaes_ctr32le_enc): New prototypes.
(do_setkey): Add setup of 'bulk_ops->ctr32le_enc' for AES-NI and
VAES.
* tests/basic.c (check_gcm_siv_cipher): Add large test-vector for
bulk ops testing.
--
Counter mode in GCM-SIV is little-endian on first 4 bytes of
of counter block, unlike regular CTR mode which works on
big-endian full block.
Benchmark on AMD Ryzen 7 5800X:
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
GCM-SIV enc | 1.00 ns/B 953.2 MiB/s 4.85 c/B 4850
GCM-SIV dec | 1.01 ns/B 940.1 MiB/s 4.92 c/B 4850
GCM-SIV auth | 0.118 ns/B 8051 MiB/s 0.575 c/B 4850
After (~6x faster):
AES | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
GCM-SIV enc | 0.150 ns/B 6367 MiB/s 0.727 c/B 4850
GCM-SIV dec | 0.161 ns/B 5909 MiB/s 0.783 c/B 4850
GCM-SIV auth | 0.118 ns/B 8051 MiB/s 0.574 c/B 4850
GnuPG-bug-id: T4485
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'cipher-gcm-siv.c'.
* cipher/cipher-gcm-siv.c: New.
* cipher/cipher-gcm.c (_gcry_cipher_gcm_setupM): New.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'siv_keylen'.
(_gcry_cipher_gcm_setupM, _gcry_cipher_gcm_siv_encrypt)
(_gcry_cipher_gcm_siv_decrypt, _gcry_cipher_gcm_siv_set_nonce)
(_gcry_cipher_gcm_siv_authenticate)
(_gcry_cipher_gcm_siv_set_decryption_tag)
(_gcry_cipher_gcm_siv_get_tag, _gcry_cipher_gcm_siv_check_tag)
(_gcry_cipher_gcm_siv_setkey): New prototypes.
(cipher_block_bswap): New helper function.
* cipher/cipher.c (_gcry_cipher_open_internal): Add
'GCRY_CIPHER_MODE_GCM_SIV'; Refactor mode requirement checks for
better size optimization (check pointers & blocksize in same order
for all).
(cipher_setkey, cipher_reset, _gcry_cipher_setup_mode_ops)
(_gcry_cipher_setup_mode_ops, _gcry_cipher_info): Add GCM-SIV.
(_gcry_cipher_ctl): Handle 'set decryption tag' for GCM-SIV.
* doc/gcrypt.texi: Add GCM-SIV.
* src/gcrypt.h.in (GCRY_CIPHER_MODE_GCM_SIV): New.
(GCRY_SIV_BLOCK_LEN, gcry_cipher_set_decryption_tag): Add to comment
that these are also for GCM-SIV in addition to SIV mode.
* tests/basic.c (check_gcm_siv_cipher): New.
(check_cipher_modes): Check for GCM-SIV.
* tests/bench-slope.c (bench_gcm_siv_encrypt_do_bench)
(bench_gcm_siv_decrypt_do_bench, bench_gcm_siv_authenticate_do_bench)
(gcm_siv_encrypt_ops, gcm_siv_decrypt_ops)
(gcm_siv_authenticate_ops): New.
(cipher_modes): Add GCM-SIV.
(cipher_bench_one): Check key length requirement for GCM-SIV.
--
GnuPG-bug-id: T4485
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'cipher-siv.c'.
* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Rename to
_gcry_cipher_ctr_encrypt_ctx and add algo context parameter.
(_gcry_cipher_ctr_encrypt): New using _gcry_cipher_ctr_encrypt_ctx.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.siv'.
(_gcry_cipher_ctr_encrypt_ctx, _gcry_cipher_siv_encrypt)
(_gcry_cipher_siv_decrypt, _gcry_cipher_siv_set_nonce)
(_gcry_cipher_siv_authenticate, _gcry_cipher_siv_set_decryption_tag)
(_gcry_cipher_siv_get_tag, _gcry_cipher_siv_check_tag)
(_gcry_cipher_siv_setkey): New.
* cipher/cipher-siv.c: New.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
(cipher_reset, _gcry_cipher_setup_mode_ops, _gcry_cipher_info): Add
GCRY_CIPHER_MODE_SIV handling.
(_gcry_cipher_ctl): Add GCRYCTL_SET_DECRYPTION_TAG handling.
* doc/gcrypt.texi: Add documentation for SIV mode.
* src/gcrypt.h.in (GCRYCTL_SET_DECRYPTION_TAG): New.
(GCRY_CIPHER_MODE_SIV): New.
(gcry_cipher_set_decryption_tag): New.
* tests/basic.c (check_siv_cipher): New.
(check_cipher_modes): Add call for 'check_siv_cipher'.
* tests/bench-slope.c (bench_encrypt_init): Use double size key for
SIV mode.
(bench_aead_encrypt_do_bench, bench_aead_decrypt_do_bench)
(bench_aead_authenticate_do_bench): Reset cipher context on each run.
(bench_aead_authenticate_do_bench): Support nonce-less operation.
(bench_siv_encrypt_do_bench, bench_siv_decrypt_do_bench)
(bench_siv_authenticate_do_bench, siv_encrypt_ops)
(siv_decrypt_ops, siv_authenticate_ops): New.
(cipher_modes): Add SIV mode benchmarks.
(cipher_bench_one): Restrict SIV mode testing to 16 byte block-size.
--
GnuPG-bug-id: T4486
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
* mpi/longlong.h [__mips__ && W_TIPE_SIZE == 32] (umul_ppmm): Rename
temporary variable '_r' to '__r'.
[__mips && W_TIPE_SIZE == 64] (umul_ppmm): Ditto.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (md_open): Allocate exact space for the allocation and
use offsetof for the calculation.
--
Also, use hd->buf to get the pointer for CTX, so that compiler can
detect it's flexible array (for GCC 11).
GnuPG-bug-id: 5556
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* src/Makefile.am (libgcrypt_la_SOURCES): Remove hmac256.
* cipher/mac-hmac.c (selftests_sha256): Remove the tests.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* src/visibility.h [FIPS_FORCE_FILE]: Remove ifdef/endif.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* src/fips.c (hmac256_check): New.
(check_binary_integrity): Use hmac256_check.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/Makefile.am (libgcrypt.la.done): Use the rodata1 section.
* src/fips.c (_gcry_fips_run_selftests): Only enable
check_binary_integrity by ENABLE_HMAC_BINARY_CHECK.
[ENABLE_HMAC_BINARY_CHECK] (hmac_for_the_implementation): New.
[ENABLE_HMAC_BINARY_CHECK] (check_binary_integrity): Use
hmac_for_the_implementation in rodata.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac [ENABLE_HMAC_BINARY_CHECK]: Check objcopy.
(USE_HMAC_BINARY_CHECK): New Automake conditional.
* src/Makefile.am (libgcrypt.la.done): New target.
[USE_HMAC_BINARY_CHECK] (libgcrypt.so.hmac): Compute the hash.
[USE_HMAC_BINARY_CHECK] (libgcrypt.la.done): Add .hmac section.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* src/hmac256.c (main): Fix use of --stdkey.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/md.c (struct gcry_md_context): Fix for better memory usage.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
