| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (global): Remove unused SHA384-based defines.
(drbg_cores): Remove SHA384 configurations.
(drbg_sec_strength): Remove unused SHA384.
--
These are no longer allowed by FIPS and it looks like they were never
usable as they do not have any conversion from the string flags.
GnuPG-bug-id: 6393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (drbg_instance): New at BSS.
(_drbg_init_internal): Don't allocate at secure memory.
(_gcry_rngdrbg_close_fds): Follow the change.
--
GnuPG-bug-id: 5933
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (_gcry_rngdrbg_randomize): Update change of PID
detection.
--
In a child process, it calls to drbg_reseed again and again, without
this change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (USE_RNDOLDLINUX): Rename from USE_RNDLINUX.
(GCRYPT_RANDOM): Use rndoldlinux.lo.
* doc/gcrypt.texi: Update.
* random/Makefile.am (EXTRA_librandom_la_SOURCES): Update.
* random/rndoldlinux.c: Rename from rndlinux.c. Rename the function.
* random/rand-internal.h: Update the function name.
* random/random-csprng.c: Update the calls to the function.
* random/random-drbg.c: Likewise.
* random/random-system.c: Likewise.
* src/global.c: Use USE_RNDOLDLINUX.
--
GnuPG-bug-id: 5759
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (_gcry_rngdrbg_close_fds): Release DRBG_STATE.
--
Fixes-commit: 204be8a385ae6140175e3b495989a261410c34d0
GnuPG-bug-id: 5636
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* random/random-csprng.c (_gcry_rngcsprng_close_fds): Add
de-initialization.
* random/random-drbg.c (_gcry_rngdrbg_close_fds): Likewise.
--
GnuPG-bug-id: 5636
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Call
_gcry_rndjent_poll for GCRY_VERY_STRONG_RANDOM.
--
GnuPG-bug-id: 5692
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/rand-internal.h (_gcry_rndgetentropy_gather_random): Add.
* random/random-csprng.c [USE_RNDLINUX] (_gcry_rngcsprng_close_fds)
(getfnc_gather_random): Support getentropy random module.
* random/random-drbg.c: Likewise.
* random/random-fips.c: Likewise.
* random/random-system.c: Likewise.
* src/global.c [USE_RNDLINUX] (print_config): Show getentropy.
--
GnuPG-bug-id: 5636
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c: Include config.h earlier.
--
GnuPG-bug-id: 4818
Reported-by: Bruno Haible
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (DRBG_CTR_NULL_LEN): Move to 'constants'
section.
(drbg_state_s): Remove 'ctr_null' member.
(drbg_ctr_generate): Add 'drbg_ctr_null'.
(drbg_sym_fini, drbg_sym_init): Remove 'drbg->ctr_null' usage.
--
GnuPG-bug-id: 3878
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
--
GnuPG-bug-id: 3120
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* random/random-drbg.c (drbg_cpu_to_be32): Remove.
(drbg_ctr_df, drbg_hash_df): Use 'buf_put_be32' instead of
'drbg_cpu_to_be32'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (drbg_hash): Remove arg 'outval' and return a
pointer instead.
(drbg_instantiate): Reduce size of scratchpad.
(drbg_hmac_update): Avoid use of scratch buffers for the hash.
(drbg_hmac_generate, drbg_hash_df): Ditto.
(drbg_hash_process_addtl): Ditto.
(drbg_hash_hashgen): Ditto.
(drbg_hash_generate): Ditto.
--
The gcry_md_read returns a pointer to the hash which can be directly
used instead of copying it into a scratch buffer. This eliminates a
number of memcpy invocations for HMAC and Hash DRBG and reduces the
memory footprint of the Hash DRBG by the block size of the used hash.
The performance increase is between 1 and 3 MB/s depending on the output
buffer size.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
ChangeLog entries above written by -wk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (struct drbg_state_ops_s): New function
pointers 'crypto_init' and 'crypto-fini'.
(struct drbg_state_s): New fields 'priv_data', 'ctr_handle', and
'ctr_null'.
(drbg_hash_init, drbg_hash_fini): New.
(drbg_hmac_init, drbg_hmac_setkey): New.
(drbg_sym_fini, drbg_sym_init, drbg_sym_setkey): New.
(drbg_sym_ctr): New.
(drbg_ctr_bcc): Set the key.
(drbg_ctr_df): Ditto.
(drbg_hmac_update): Ditto.
(drbg_hmac_generate): Replace drgb_hmac by drbg_hash.
(drbg_hash_df): Ditto.
(drbg_hash_process_addtl): Ditto.
(drbg_hash_hashgen): Ditto.
(drbg_ctr_update): Rework.
(drbg_ctr_generate): Rework.
(drbg_ctr_ops): Init new functions pointers.
(drbg_uninstantiate): Call fini function.
(drbg_instantiate): Call init function.
--
The performance improvements can be categorized as follows:
* Initialize the cipher handle of the backend ciphers once and re-use
them for subsequent cipher invocations.
* Limit the invocation of setkey to the cases when the key is newly
created.
* Use the AES CTR mode and rip out the counter maintenance in the DRBG
code. This allows the use of accelerated CTR AES implementations. To
use the CTR AES mode, a NULL buffer is created that is used as the
"plaintext" to the CTR mode, because the DRBG CTR AES operation is the
result of the encryption of the CTR (i.e. the NULL buffer makes the
final XOR of the CTR AES mode a noop).
The following timing measurements are made. The measurement do not use a
precise timing operation and should rather serve as a general hint to
the performance improvements.
On a Broadwell i7 CPU:
block size 4096 1024 128 32 16
aes256 old 28MB/s 27MB/s 19MB/s 11MB/s 6MB/s
aes128 old 29MB/s 32MB/s 23MB/s 15MB/s 9MB/s
sha256 old 48MB/s 48MB/s 33MB/s 16MB/s 8MB/s
hmac sha256 old 15MB/s 15MB/s 10MB/s 5MB/s 2MB/s
aes256 new 180MB/s 169MB/s 93MB/s 37MB/s 20MB/s
aes128 new 240MB/s 221MB/s 125MB/s 51MB/s 27MB/s
sha256 new 75MB/s 69MB/s 48MB/s 23MB/s 11MB/s
hmac sha256 new 37MB/s 34MB/s 21MB/s 8MB/s 4MB/s
Signed-off-by: Stephan Mueller <smueller@chronox.de>
ChnageLog entries above written by -wk
|
| |
|
|
|
| |
--
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c: Remove include for sys/types.h and asm/types.h.
(DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH)
(DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384)
(DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192)
(DRBG_SYM256): Change 'u_int32_t' to 'u32'.
(drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters
'drbg_read_cb' and 'len'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c (DRBG_DEFAULT_TYPE): New.
(_drbg_init_internal): Set the default type if no type has been set
before.
(_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default.
--
Without this change we can't call GCRYCTL_DRBG_REINIT before
intialization.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt-testapi.h: New.
* src/Makefile.am (libgcrypt_la_SOURCES): Add new file.
* random/random.h: Include gcrypt-testapi.h.
(struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h.
* src/global.c: Include gcrypt-testapi.h.
(_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61.
* cipher/cipher.c: Include gcrypt-testapi.h.
(_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62.
* tests/fipsdrv.c: Include gcrypt-testapi.h. Remove definition of
PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_
constants.
* tests/t-lock.c: Include gcrypt-testapi.h. Remove
PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants.
* random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ...
(_gcry_rngdrbg_cavs_test): this.
(gcry_rngdrbg_healthcheck_one): Rename to ...
(_gcry_rngdrbg_healthcheck_one): this.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random.h (struct gcry_drbg_test_vector): Rename "flags" to
"flagstr" and turn it into a string.
* random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of
designated initializers. Use a string for the flags.
(gcry_rngdrbg_cavs_test): Parse the flag string into a flag value.
(drbg_healthcheck_sanity): Ditto.
--
Libgcrypt needs to be build-able on C-90 only systems and thus we
can't use C-99 designated initializers. Because we have removed the
flag macros from the API we should not use them in the CAVS test code
either. Thus they are replaced by the flag string which also tests
the flag string parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c: Rename all static objects and macros from
"gcry_drbg" to "drbg".
(drbg_string_t): New typedef.
(drbg_gen_t): New typedef.
(drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by
this.
(_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so
that an error if actually returned.
(gcry_rngdrbg_cavs_test): Ditto.
(gcry_drbg_healthcheck_sanity): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
| |
* random/random-drbg.c: Rename global functions from _gcry_drbg_*
to _gcry_rngdrbg_*.
* random/random.c: Adjust for this change.
* src/global.c: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
* random/drbg.c: Rename to ...
* random/random-drbg.c: this.
* random/Makefile.am (librandom_la_SOURCES): Adjust accordingly.
--
We should stick to our name comventions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
