| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c [ENABLE_HMAC_BINARY_CHECK] (hmac256_check): Use ELF headers
to locate the file offset for the HMAC in addition to information from
the loader
--
The previous method of locating the offset of the .rodata1 section in
the ELF file on disk used information obtained from the loader. This
computed the address of the value in memory at runtime, but the offset
in the file can be different. Specifically, the old code computed
a value relative to ElfW(Phdr).p_vaddr, but the offset in the file is
relative to ElfW(Phdr).p_offset. These values can differ, so the
computed address at runtime must be translated into a file offset
relative to p_offset.
This is largely cosmetic, since the text section that should contain the
HMAC usually has both p_vaddr and p_offset set to 0.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (--enable-m-guard): Remove.
* src/global.c (_gcry_vcontrol): Return GPG_ERR_NOT_SUPPORTED for
GCRYCTL_ENABLE_M_GUARD.
* src/stdmem.c (use_m_guard, _gcry_private_enable_m_guard): Remove.
(_gcry_private_malloc): Remove the code path with use_m_guard==1.
(_gcry_private_malloc_secure): Likewise.
(_gcry_private_realloc, _gcry_private_free): Likewise.
(_gcry_private_check_heap): Remove.
* src/stdmem.h: Remove declarations for memory guard functions.
--
GnuPG-bug-id: T5822
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
| |
--
GnuPG-bug-id: 5581
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* README: Document new --with-fips-module-version=version switch
* configure.ac: Implementation of the --with-fips-module-version
* src/global.c (print_config): Print FIPS module version from above
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Moved the module version to a 3rd field to keep the semantics of that
line.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 1600
|
| |
|
|
|
|
| |
--
|
|
|
|
| |
--
|
|
|
|
| |
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
| |
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add option --enable-large-data-tests.
* tests/hashtest-256g.in: New.
* tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in.
(TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and
tests_sh_last.
(tests_sh_last): Add hashtest-256g
(noinst_PROGRAMS): Add only tests_bin and tests_bin_last.
(bench-slope.log, hashtest-256g.log): New rules to enforce serial run.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
| |
* LICENSES: New.
* Makefile.am (EXTRA_DIST): Add LICENSES.
* AUTHORS: Add list of copyright holders.
* README: Reference AUTHORS.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
| |
--
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This first naive use of the new Intel AES-NI instructions boosts the
performance of AES on CPUs supporting this by 3 to 5 times.
Results from running
./benchmark --cipher-repetitions 10 --large-buffers cipher aes
on a
cpu family : 6
model : 37
model name : Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
stepping : 2
cpu MHz : 3325.494
cache size : 4096 KB
cpu cores : 2
yields this:
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
130ms 110ms 110ms 100ms 110ms 110ms 160ms 150ms 170ms 170ms
40ms 40ms 20ms 30ms 30ms 20ms 70ms 70ms 80ms 80ms
The first line is with runtime switched off AES-NI instructions (don't
set use_aesni in do_setkey), the second with enabled AES-NI. By
fixing the alignment, I hope to squeeze out a little more even with
this naive implementation.
|
|
|
|
| |
Check and install the standard git pre-commit hook.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added framework for running RNG tests.
Added an experimental option --enable-hmac-binary-check to configure.
--This line, and those below, will be ignored--
M src/fips.c
M src/cipher-proto.h
M src/global.c
M src/hmac256.c
M src/ChangeLog
M src/hmac256.h
M src/Makefile.am
M tests/Makefile.am
M configure.ac
M doc/gcrypt.texi
M random/random-fips.c
M random/random.c
M random/rand-internal.h
M random/random.h
M random/ChangeLog
M ChangeLog
M README
|
|
|
|
|
| |
Preparing a release candidate.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Typo fixes.
|
| |
|
|
|
|
|
| |
Allow colons as delimiters for --enable-mpi-path.
|
|
|
|
|
| |
Put Camellia symbols into our namespace.
|
| |
|
|
|
|
|
| |
Ported some changes from 1.2 to here.
|
| |
|
| |
|
|
|
|
|
|
| |
example we need to know whether gcc is used before testing for it.
Reported by Ralf Fassel.
|
| |
|
| |
|
|
|
|
|
|
| |
* libgcrypt-config.in (Options): Ignore the obsolete --threads
option for now.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (have_ld_version_script): Set the default in
a separate test.
(PRINTABLE_OS_NAME): Don't handle the Hurd extra, this leads to
conflicts with BSD based GNU systems. The Hurd has now a working
uname.
|
| |
|
|
|
|
|
| |
unfinished....
|
|
|
|
|
| |
* README: Few changes, mention libgpg-error.
|