| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (gfnisupport, gcry_cv_gcc_inline_asm_gfni)
(ENABLE_GFNI_SUPPORT): New.
* src/g10lib.h (HWF_INTEL_GFNI): New.
* src/hwf-x86.c (detect_x86_gnuc): Add GFNI detection.
* src/hwfeatures.c (hwflist): Add "intel-gfni".
* doc/gcrypt.texi: Add "intel-gfni" to HW features list.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
| |
* doc/gcrypt.texi: Add sha3/sm3/sm4/sha512 to ARM hardware features.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* doc/yat2m.c: Update.
--
Stderr output of "writing '<THE PAGE NAME>'" will be suppressed
unless --verbose is specified.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Use EXEEXT_FOR_BUILD.
* doc/Makefile.am: Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
--
GnuPG-bug-id: 5596
Contributed-by: Mikhail Ryazanov
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (avx512support, gcry_cv_gcc_inline_asm_avx512)
(ENABLE_AVX512_SUPPORT): New.
* src/g10lib.h (HWF_INTEL_AVX512): New.
* src/hwf-x86.c (detect_x86_gnuc): Add AVX512 detection.
* src/hwfeatures.c (hwflist): Add "intel-avx512".
* doc/gcrypt.texi: Add "intel-avx512" to HW features list.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (--enable-m-guard): Remove.
* src/global.c (_gcry_vcontrol): Return GPG_ERR_NOT_SUPPORTED for
GCRYCTL_ENABLE_M_GUARD.
* src/stdmem.c (use_m_guard, _gcry_private_enable_m_guard): Remove.
(_gcry_private_malloc): Remove the code path with use_m_guard==1.
(_gcry_private_malloc_secure): Likewise.
(_gcry_private_realloc, _gcry_private_free): Likewise.
(_gcry_private_check_heap): Remove.
* src/stdmem.h: Remove declarations for memory guard functions.
--
GnuPG-bug-id: T5822
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi: List implemented GOST curves.
Update location of the HMAC selftests and add SHA3 ones.
Add information about ECC selftests.
Add information about KDF selftests.
Update information about additional MAC selftests.
Update ifnromation about FIPS allowed algorithms.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (enum gcry_ctl_cmds): Remove
GCRYCTL_FIPS_SERVICE_INDICATOR.
* src/fips.c (_gcry_fips_indicator_cipher): Use gcry_kdf_algos.
* tests/basic.c: Use GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER.
--
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (selftest_encr_2048): Fix error message
* doc/gcrypt.texi: Add missing hwfeatures
Add description of the service indicator API
Fix typo in tampered word
Add some missing curves
Remove algoriths no longer used in FIPS mode and update claims given
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (USE_RNDOLDLINUX): Rename from USE_RNDLINUX.
(GCRYPT_RANDOM): Use rndoldlinux.lo.
* doc/gcrypt.texi: Update.
* random/Makefile.am (EXTRA_librandom_la_SOURCES): Update.
* random/rndoldlinux.c: Rename from rndlinux.c. Rename the function.
* random/rand-internal.h: Update the function name.
* random/random-csprng.c: Update the calls to the function.
* random/random-drbg.c: Likewise.
* random/random-system.c: Likewise.
* src/global.c: Use USE_RNDOLDLINUX.
--
GnuPG-bug-id: 5759
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi (Disabling FIPS mode): Add.
* src/gcrypt.h.in (GCRYCTL_NO_FIPS_MODE): New.
* src/global.c (_gcry_vcontrol): Support GCRYCTL_NO_FIPS_MODE.
* tests/t-ed25519.c: Add --no-fips option to test non-FIPS mode.
--
GnuPG-bug-id: 5747
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi: Address rndgetentropy module. Remove X9.31 RPNG
documentation, as the implementation has been removed already.
--
GnuPG-bug-id: 5692
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add a space.
* doc/Makefile.am: Ditto.
--
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/Makefile.am (librandom_la_SOURCES): Remove random-daemon.c.
* random/random-daemon.c: Remove.
* random/rand-internal.h: Remove declarations.
* random/random-csprng.c (_gcry_rngcsprng_set_daemon_socket)
(_gcry_rngcsprng_use_daemon): Remove.
[USE_RANDOM_DAEMON] (_gcry_rngcsprng_randomize): Don't call
_gcry_daemon_randomize.
* random/random.c (_gcry_set_random_daemon_socket)
(_gcry_use_random_daemon): Remove.
* src/global.c (_gcry_vcontrol): Return GPG_ERR_NOT_SUPPORTED.
* tests/benchmark.c (main): Remove support of use_random_daemon.
--
GnuPG-bug-id: 5706
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* doc/gcrypt.texi: Replace -2 with -3
* cipher/ecc-curves.c: Replace -2 with -3
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (generate_fips): Drop reference to enforced fips mode and
use normal FIPS mode check
* doc/gcrypt.texi: Drop references to enforced FIPS mode
* src/fips.c (enforced_fips_mode): Removed
(_gcry_initialize_fips_mode): Remove reading of the FIPS_FORCE_FILE
to enforce FIPS mode
(_gcry_enforced_fips_mode): Remove
(_gcry_set_enforced_fips_mode): Remove
* src/g10lib.h (_gcry_enforced_fips_mode): Remove declaration
(_gcry_set_enforced_fips_mode): Remova declaration
* src/global.c (print_config): Remove the forced fips flag
(_gcry_vcontrol): Deprecate GCRYCTL_SET_ENFORCED_FIPS_FLAG
(get_no_secure_memory): Ignore the option in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(_gcry_vcontrol): Simply ignore GCRYCTL_SET_ENFORCED_FIPS_FLAG.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5244
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'cipher-gcm-siv.c'.
* cipher/cipher-gcm-siv.c: New.
* cipher/cipher-gcm.c (_gcry_cipher_gcm_setupM): New.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'siv_keylen'.
(_gcry_cipher_gcm_setupM, _gcry_cipher_gcm_siv_encrypt)
(_gcry_cipher_gcm_siv_decrypt, _gcry_cipher_gcm_siv_set_nonce)
(_gcry_cipher_gcm_siv_authenticate)
(_gcry_cipher_gcm_siv_set_decryption_tag)
(_gcry_cipher_gcm_siv_get_tag, _gcry_cipher_gcm_siv_check_tag)
(_gcry_cipher_gcm_siv_setkey): New prototypes.
(cipher_block_bswap): New helper function.
* cipher/cipher.c (_gcry_cipher_open_internal): Add
'GCRY_CIPHER_MODE_GCM_SIV'; Refactor mode requirement checks for
better size optimization (check pointers & blocksize in same order
for all).
(cipher_setkey, cipher_reset, _gcry_cipher_setup_mode_ops)
(_gcry_cipher_setup_mode_ops, _gcry_cipher_info): Add GCM-SIV.
(_gcry_cipher_ctl): Handle 'set decryption tag' for GCM-SIV.
* doc/gcrypt.texi: Add GCM-SIV.
* src/gcrypt.h.in (GCRY_CIPHER_MODE_GCM_SIV): New.
(GCRY_SIV_BLOCK_LEN, gcry_cipher_set_decryption_tag): Add to comment
that these are also for GCM-SIV in addition to SIV mode.
* tests/basic.c (check_gcm_siv_cipher): New.
(check_cipher_modes): Check for GCM-SIV.
* tests/bench-slope.c (bench_gcm_siv_encrypt_do_bench)
(bench_gcm_siv_decrypt_do_bench, bench_gcm_siv_authenticate_do_bench)
(gcm_siv_encrypt_ops, gcm_siv_decrypt_ops)
(gcm_siv_authenticate_ops): New.
(cipher_modes): Add GCM-SIV.
(cipher_bench_one): Check key length requirement for GCM-SIV.
--
GnuPG-bug-id: T4485
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'cipher-siv.c'.
* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Rename to
_gcry_cipher_ctr_encrypt_ctx and add algo context parameter.
(_gcry_cipher_ctr_encrypt): New using _gcry_cipher_ctr_encrypt_ctx.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.siv'.
(_gcry_cipher_ctr_encrypt_ctx, _gcry_cipher_siv_encrypt)
(_gcry_cipher_siv_decrypt, _gcry_cipher_siv_set_nonce)
(_gcry_cipher_siv_authenticate, _gcry_cipher_siv_set_decryption_tag)
(_gcry_cipher_siv_get_tag, _gcry_cipher_siv_check_tag)
(_gcry_cipher_siv_setkey): New.
* cipher/cipher-siv.c: New.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
(cipher_reset, _gcry_cipher_setup_mode_ops, _gcry_cipher_info): Add
GCRY_CIPHER_MODE_SIV handling.
(_gcry_cipher_ctl): Add GCRYCTL_SET_DECRYPTION_TAG handling.
* doc/gcrypt.texi: Add documentation for SIV mode.
* src/gcrypt.h.in (GCRYCTL_SET_DECRYPTION_TAG): New.
(GCRY_CIPHER_MODE_SIV): New.
(gcry_cipher_set_decryption_tag): New.
* tests/basic.c (check_siv_cipher): New.
(check_cipher_modes): Add call for 'check_siv_cipher'.
* tests/bench-slope.c (bench_encrypt_init): Use double size key for
SIV mode.
(bench_aead_encrypt_do_bench, bench_aead_decrypt_do_bench)
(bench_aead_authenticate_do_bench): Reset cipher context on each run.
(bench_aead_authenticate_do_bench): Support nonce-less operation.
(bench_siv_encrypt_do_bench, bench_siv_decrypt_do_bench)
(bench_siv_authenticate_do_bench, siv_encrypt_ops)
(siv_decrypt_ops, siv_authenticate_ops): New.
(cipher_modes): Add SIV mode benchmarks.
(cipher_bench_one): Restrict SIV mode testing to 16 byte block-size.
--
GnuPG-bug-id: T4486
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* Makefile.am (AM_DISTCHECK_DVI_TARGET): Specify 'pdf'.
* doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Remove .eps files.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
--
The .fig format is vector graphics format. It is not good
to convert it to raster format to be included by TeX.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/Makefile.am (EXTRA_DIST): Remove PDF files.
(BUILT_SOURCES): Likewise.
--
When texi2pdf is invoked, etex is invoked. And it's actually pdftex
these days, which can process PNG files directly. So, no need to
prepare PDF files.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi: Add HW features 'intel-vaes-vpclmul', 'ppc-vcrypto',
'ppc-arch_3_00', 'ppc-arch_2_07', 's390x-msa', 's390x-msa-4',
's390x-msa-8' and 's390x-vx'.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
[jk: fixed "pc-" and "390x-" typos to "ppc-" and "s390x-" ]
GnuPG-bug-id: 5337
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
| |
--
GnuPG-bug-id: 5306
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Return
GPG_ERR_UNKNOWN_CURVE.
--
Unknown_curve is more specific than unknown_algorithm.
This patch also adds documentation and renames rthe parameter from
'algo' to 'curveid'.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
| |
--
Also add brainpool curves.
GnuPG-bug-id: 3220
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm4.c.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add
_gcry_cipher_spec_sm4.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add cmac SM4.
(_gcry_mac_type_spec_cmac_sm4): Add cmac SM4.
* cipher/mac-internal.h: Declare spec_cmac_sm4.
* cipher/mac.c (mac_list, mac_list_algo201): Add cmac SM4.
* cipher/sm4.c: New.
* configure.ac (available_ciphers): Add sm4.
* doc/gcrypt.texi: Add SM4 document.
* src/cipher.h: Add declarations for SM4 and cmac SM4.
* src/gcrypt.h.in (gcry_cipher_algos): Add algorithm ID for SM4.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[jk: add missing mapping in mac-cmac.c:map_mac_algo_to_cipher]
[jk: add GCRY_MAC_CMAC_SM4 to gcrypt.texi]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* doc/gcrypt.texi: add GCRY_MD_SM3, GCRY_MAC_HMAC_SM3 and
GCRY_MAC_GOST28147_IMIT.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
--
Fixes-commit: c750b784d2bee0a32be72bcfb818e0a7683fa914
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* src/sexp.c (_gcry_sexp_vextract_param): Implement "%#s" control
sequence.
--
This comes handy to extract a list of flags.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
| |
* src/sexp.c (_gcry_sexp_vextract_param): Add new conversion methods.
* tests/t-sexp.c (check_extract_param): Add corresponding tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/gost28147.c (gost_do_set_sbox, cryptopro_key_meshing,
CryptoProMeshingKey, gost_encrypt_block_mesh): New.
(_gcry_cipher_spec_gost28147_mesh): New cipher with keymeshing,
(_gcry_cipher_spec_gost28147): Remove OIDs for this cipher should not
be selected using these OIDs (they are for CFB with keymeshing).
* cipher/cipher.c (cipher_list, cipher_list_algo301): add
_gcry_cipher_spec_gost28147_mesh.
* src/gcrypt.h.in (GCRY_CIPHER_GOST28147_MESH): New cipher with
keymeshing.
* doc/gcrypt.texi (GCRY_CIPHER_GOST28147_MESH): Add definition.
* tests/basic.c (check_gost28147_cipher, check_gost28147_cipher_basic):
Run basic tests on GCRY_CIPHER_GOST28147_MESH.
--
Add actual cipher implementing CryptoPro KeyMeshing. This has been
requested by AltLinux team to properly support CFB-encrypted CMS files.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* doc/gcrypt.texi: Fix GCRYCTL_GET_ALGO_NENC to GCRYCTL_GET_ALGO_NENCR.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (CC_FOR_BUILD): Use AX_CC_FOR_BUILD.
* cipher/Makefile.am (gost-s-box): Add
{CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD.
* doc/Makefile.am (yat2m): Likewise.
* m4/ax_cc_for_build.m4: New.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/blowfish.c (BLOWFISH_KEY_MIN_BITS)
(BLOWFISH_KEY_MAX_BITS): New.
(do_bf_setkey): Check input key length to MIN_BITS and MAX_BITS.
* doc/gcrypt.texi: Update supported Blowfish key lengths.
* tests/basic.c (check_ecb_cipher): New, with Blowfish test vectors
for different key lengths.
(check_cipher_modes): Call 'check_ecb_cipher'.
--
As noted by Peter Wu, Blowfish cipher implementation already supports key
lengths 8 to 576 bits [1]. This change updates documentation to reflect
that and adds new test vectors to check handling of different key lengths.
[1] https://lists.gnupg.org/pipermail/gcrypt-devel/2019-April/004680.html
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping for SHA512/224
and SHA512/256.
(_gcry_mac_type_spec_hmac_sha512_256)
(_gcry_mac_type_spec_hmac_sha512_224): New.
* cipher/mac-internal.h (_gcry_mac_type_spec_hmac_sha512_256)
(_gcry_mac_type_spec_hmac_sha512_224): New.
* cipher/mac.c (mac_list, mac_list_algo101): Add SHA512/224 and
SHA512/256.
* cipher/md.c (digest_list, digest_list_algo301)
(prepare_macpads): Ditto.
* cipher/sha512.c (run_selftests): Ditto.
(sha512_init_common): Move common initialization here.
(sha512_init, sha384_init): Use common initialization function.
(sha512_224_init, sha512_256_init, _gcry_sha512_224_hash_buffer)
(_gcry_sha512_224_hash_buffers, _gcry_sha512_256_hash_buffer)
(_gcry_sha512_256_hash_buffers, selftests_sha512_224)
(selftests_sha512_256, sha512_224_asn, oid_spec_sha512_224)
(_gcry_digest_spec_sha512_224, sha512_256_asn, oid_spec_sha512_256)
(_gcry_digest_spec_sha512_256): New.
* doc/gcrypt.texi: Add SHA512/224 and SHA512/256; Add missing
HMAC-BLAKE2s and HMAC-BLAKE2b.
* src/cipher.h (_gcry_digest_spec_sha512_224)
(_gcry_digest_spec_sha512_256): New.
* src/gcrypt.h.in (GCRY_MD_SHA512_256, GCRY_MD_SHA512_224): New.
(GCRY_MAC_HMAC_SHA512_256, GCRY_MAC_HMAC_SHA512_224): New.
* tests/basic.c (check_digests): Add SHA512/224 and SHA512/256
test vectors.
--
This change adds truncated SHA512/224 and SHA512/256 algorithms
specified in FIPS 180-4.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
* doc/gcrypt.text: Add mention about aligning data to cachelines for
best performance.
--
GnuPG-bug-id: 2388
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
| |
* doc/gcrypt.texi: Update FW feature list.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
| |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 4102
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* cipher/cipher-poly1305.c: Update RFC reference.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
