summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright notices to use URL.NIIBE Yutaka2023-04-278-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * build-aux/db2any: Update copyright notice. * cipher/arcfour.c, cipher/blowfish.ccipher/cast5.c: Likewise. * cipher/crc-armv8-ce.c, cipher/crc-intel-pclmul.c: Likewise. * cipher/crc-ppc.c, cipher/crc.c, cipher/des.c: Likewise. * cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise. * cipher/primegen.c, cipher/rfc2268.c, cipher/rmd160.c: Likewise. * cipher/seed.c, cipher/serpent.c, cipher/tiger.c: Likewise. * cipher/twofish.c: Likewise. * mpi/alpha/mpih-add1.S, mpi/alpha/mpih-lshift.S: Likewise. * mpi/alpha/mpih-mul1.S, mpi/alpha/mpih-mul2.S: Likewise. * mpi/alpha/mpih-mul3.S, mpi/alpha/mpih-rshift.S: Likewise. * mpi/alpha/mpih-sub1.S, mpi/alpha/udiv-qrnnd.S: Likewise. * mpi/amd64/mpih-add1.S, mpi/amd64/mpih-lshift.S: Likewise. * mpi/amd64/mpih-mul1.S, mpi/amd64/mpih-mul2.S: Likewise. * mpi/amd64/mpih-mul3.S, mpi/amd64/mpih-rshift.S: Likewise. * mpi/amd64/mpih-sub1.S, mpi/config.links: Likewise. * mpi/generic/mpih-add1.c, mpi/generic/mpih-lshift.c: Likewise. * mpi/generic/mpih-mul1.c, mpi/generic/mpih-mul2.c: Likewise. * mpi/generic/mpih-mul3.c, mpi/generic/mpih-rshift.c: Likewise. * mpi/generic/mpih-sub1.c, mpi/generic/udiv-w-sdiv.c: Likewise. * mpi/hppa/mpih-add1.S, mpi/hppa/mpih-lshift.S: Likewise. * mpi/hppa/mpih-rshift.S, mpi/hppa/mpih-sub1.S: Likewise. * mpi/hppa/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul1.S: Likewise. * mpi/hppa1.1/mpih-mul2.S, mpi/hppa1.1/mpih-mul3.S: Likewise. * mpi/hppa1.1/udiv-qrnnd.S, mpi/i386/mpih-add1.S: Likewise. * mpi/i386/mpih-lshift.S, mpi/i386/mpih-mul1.S: Likewise. * mpi/i386/mpih-mul2.S, mpi/i386/mpih-mul3.S: Likewise. * mpi/i386/mpih-rshift.S, mpi/i386/mpih-sub1.S: Likewise. * mpi/i386/syntax.h, mpi/longlong.h: Likewise. * mpi/m68k/mc68020/mpih-mul1.S, mpi/m68k/mc68020/mpih-mul2.S: Likewise. * mpi/m68k/mc68020/mpih-mul3.S, mpi/m68k/mpih-add1.S: Likewise. * mpi/m68k/mpih-lshift.S, mpi/m68k/mpih-rshift.S: Likewise. * mpi/m68k/mpih-sub1.S, mpi/m68k/syntax.h: Likewise. * mpi/mips3/mpih-add1.S, mpi/mips3/mpih-lshift.S: Likewise. * mpi/mips3/mpih-mul1.S, mpi/mips3/mpih-mul2.S: Likewise. * mpi/mips3/mpih-mul3.S, mpi/mips3/mpih-rshift.S: Likewise. * mpi/mips3/mpih-sub1.S, mpi/mpi-add.c: Likewise. * mpi/mpi-bit.c, mpi/mpi-cmp.c, mpi/mpi-div.c: Likewise. * mpi/mpi-gcd.c, mpi/mpi-inline.c, mpi/mpi-inline.h: Likewise. * mpi/mpi-internal.h, mpi/mpi-mpow.c, mpi/mpi-mul.c: Likewise. * mpi/mpi-scan.c, mpi/mpih-div.c, mpi/mpih-mul.c: Likewise. * mpi/pa7100/mpih-lshift.S, mpi/pa7100/mpih-rshift.S: Likewise. * mpi/power/mpih-add1.S, mpi/power/mpih-lshift.S: Likewise. * mpi/power/mpih-mul1.S, mpi/power/mpih-mul2.S: Likewise. * mpi/power/mpih-mul3.S, mpi/power/mpih-rshift.S: Likewise. * mpi/power/mpih-sub1.S, mpi/powerpc32/mpih-add1.S: Likewise. * mpi/powerpc32/mpih-lshift.S, mpi/powerpc32/mpih-mul1.S: Likewise. * mpi/powerpc32/mpih-mul2.S, mpi/powerpc32/mpih-mul3.S: Likewise. * mpi/powerpc32/mpih-rshift.S, mpi/powerpc32/mpih-sub1.S: Likewise. * mpi/powerpc32/syntax.h, mpi/sparc32/mpih-add1.S: Likewise. * mpi/sparc32/mpih-lshift.S, mpi/sparc32/mpih-rshift.S: Likewise. * mpi/sparc32/udiv.S, mpi/sparc32v8/mpih-mul1.S: Likewise. * mpi/sparc32v8/mpih-mul2.S, mpi/sparc32v8/mpih-mul3.S: Likewise. * mpi/supersparc/udiv.S: Likewise. * random/random.h, random/rndegd.c: Likewise. * src/cipher.h, src/libgcrypt.def, src/libgcrypt.vers: Likewise. * src/missing-string.c, src/mpi.h, src/secmem.h: Likewise. * src/stdmem.h, src/types.h: Likewise. * tests/aeswrap.c, tests/curves.c, tests/hmac.c: Likewise. * tests/keygrip.c, tests/prime.c, tests/random.c: Likewise. * tests/t-kdf.c, tests/testapi.c: Likewise. -- GnuPG-bug-id: 6271 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* fips: More elaborate way of getting FIPS pk flags indicators.NIIBE Yutaka2023-03-241-4/+37
| | | | | | | | | | | | | * src/fips.c (_gcry_fips_indicator_pk_flags): List more allowed string in the S-expression. * doc/gcrypt.texi: Add document for the FIPS service indicator GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS with example. -- GnuPG-bug-id: 6417 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* fips: Explicitly disable overriding random in FIPS mode.Jakub Jelen2023-03-141-1/+2
| | | | | | | | * src/fips.c: (_gcry_fips_indicator_function): Mark using random override non-approved in FIPS mode. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* fips: Explicitly allow only some PK flags.Jakub Jelen2023-03-144-1/+25
| | | | | | | | | | | | * src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit FIPS indicator for public key algorithm flags. * src/g10lib.h (_gcry_fips_indicator_pk_flags): New. * src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New. * src/global.c (_gcry_vcontrol): Handle the new option. * doc/gcrypt.texi: Document new options. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* fips: Add explicit indicators for md and mac algorithms.Tobias Heider2023-03-084-1/+70
| | | | | | | | | | | | | | | | | | * src/fips.c (_gcry_fips_indicator_mac): New function indicating non-approved mac algorithms. (_gcry_fips_indicator_md): new functions indicating non-approved message digest algorithms. * src/g10lib.h (_gcry_fips_indicator_mac): New function. (_gcry_fips_indicator_md): Ditto. * src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols, GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and GCRYCTL_FIPS_SERVICE_INDICATOR_MD. * src/global.c (_gcry_vcontrol): Handle new FIPS indicators. -- GnuPG-bug-id: 6376 Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
* fips: Check return value from ftellJakub Jelen2023-03-071-0/+2
| | | | | | | | | | * src/fips.c (get_file_offset): Check return value of ftell to be able to detect errors. -- Originally reported by coverity. Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* visibility: Check FIPS operational status for MD+Sign operation.Jakub Jelen2023-03-071-0/+7
| | | | | | | | | | | * src/visibility.c (gcry_pk_hash_sign): Check fips status before calling the operation itself. (gcry_pk_hash_verify): Ditto. -- GnuPG-bug-id: 6396 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* Add ARIA block cipherJussi Kivilinna2023-01-062-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * cipher/Makefile.am: Add 'aria.c'. * cipher/aria.c: New. * cipher/cipher.c (cipher_list, cipher_list_algo301): Add ARIA cipher specs. * cipher/mac-cmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_CMAC_ARIA. (_gcry_mac_type_spec_cmac_aria): New. * cipher/mac-gmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_GMAC_ARIA. (_gcry_mac_type_spec_gmac_aria): New. * cipher/mac-internal.h (_gcry_mac_type_spec_cmac_aria) (_gcry_mac_type_spec_gmac_aria) (_gcry_mac_type_spec_poly1305mac_aria): New. * cipher/mac-poly1305.c (poly1305mac_open): Add GCRY_MAC_GMAC_ARIA. (_gcry_mac_type_spec_poly1305mac_aria): New. * cipher/mac.c (mac_list, mac_list_algo201, mac_list_algo401) (mac_list_algo501): Add ARIA MAC specs. * configure.ac (available_ciphers): Add 'aria'. (GCRYPT_CIPHERS): Add 'aria.lo'. (USE_ARIA): New. * doc/gcrypt.texi: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192, GCRY_CIPHER_ARIA256, GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and GCRY_MAC_POLY1305_ARIA. * src/cipher.h (_gcry_cipher_spec_aria128, _gcry_cipher_spec_aria192) (_gcry_cipher_spec_aria256): New. * src/gcrypt.h.in (gcry_cipher_algos): Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192 and GCRY_CIPHER_ARIA256. (gcry_mac_algos): GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and GCRY_MAC_POLY1305_ARIA. * tests/basic.c (check_ecb_cipher, check_ctr_cipher) (check_cfb_cipher, check_ocb_cipher) [USE_ARIA]: Add ARIA test-vectors. (check_ciphers) [USE_ARIA]: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192 and GCRY_CIPHER_ARIA256. (main): Also run 'check_bulk_cipher_modes' for 'cipher_modes_only'-mode. * tests/bench-slope.c (bench_mac_init): Add GCRY_MAC_POLY1305_ARIA setiv-handling. * tests/benchmark.c (mac_bench): Likewise. -- This patch adds ARIA block cipher for libgcrypt. This implementation is based on work by Taehee Yoo, with following notable changes: - Integration to libgcrypt, use of bithelp.h and bufhelp.h helper functions where possible. - Added lookup table prefetching as is done in AES, GCM and SM4 implementations. - Changed `get_u8` to return `u32` as returning `byte` caused sub-optimal code generation with gcc-12/x86-64 (zero extending from 8-bit to 32-bit register, followed by extraneous sign extending from 32-bit to 64-bit register). - Changed 'aria_crypt' loop structure a bit for tiny performance increase (~1% seen with gcc-12/x86-64/zen4). Benchmark on AMD Ryzen 9 7900X (x86-64): ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz ECB enc | 3.99 ns/B 239.1 MiB/s 22.43 c/B 5625 ECB dec | 4.00 ns/B 238.4 MiB/s 22.50 c/B 5625 Benchmark on AMD Ryzen 9 7900X (win32): ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz ECB enc | 4.57 ns/B 208.7 MiB/s 25.31 c/B 5538 ECB dec | 4.66 ns/B 204.8 MiB/s 25.39 c/B 5453 Benchmark on ARM Cortex-A53 (aarch64): ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz ECB enc | 74.69 ns/B 12.77 MiB/s 48.40 c/B 647.9 ECB dec | 74.99 ns/B 12.72 MiB/s 48.58 c/B 647.9 Cc: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* Add GMAC-SM4 and Poly1305-SM4Jussi Kivilinna2023-01-041-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | * cipher/cipher.c (cipher_list_algo301): Remove comma at the end of last entry. * cipher/mac-gmac.c (map_mac_algo_to_cipher): Add SM4. (_gcry_mac_type_spec_gmac_sm4): New. * cipher/max-internal.h (_gcry_mac_type_spec_gmac_sm4) (_gcry_mac_type_spec_poly1305mac_sm4): New. * cipher/mac-poly1305.c (poly1305mac_open): Add SM4. (_gcry_mac_type_spec_poly1305mac_sm4): New. * cipher/mac.c (mac_list, mac_list_algo401, mac_list_algo501): Add GMAC-SM4 and Poly1304-SM4. (mac_list_algo101): Remove comma at the end of last entry. * cipher/md.c (digest_list_algo301): Remove comma at the end of last entry. * doc/gcrypt.texi: Add GCRY_MAC_GMAC_SM4 and GCRY_MAC_POLY1305_SM4. * src/gcrypt.h.in (GCRY_MAC_GMAC_SM4, GCRY_MAC_POLY1305_SM4): New. * tests/bench-slope.c (bench_mac_init): Setup IV for GCRY_MAC_POLY1305_SM4. * tests/benchmark.c (mac_bench): Likewise. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* fips: Mark AES key wrapping as approved.Jakub Jelen2022-11-181-0/+1
| | | | | | | | | | * src/fips.c (_gcry_fips_indicator_cipher): Add key wrapping mode as approved. -- GnuPG-bug-id: 5512 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* build: Prefer gpgrt-config when available.NIIBE Yutaka2022-11-011-2/+2
| | | | | | | | | | | | | * src/libgcrypt.m4: Overriding the decision by --with-libgcrypt-prefix, use gpgrt-config libgcrypt when gpgrt-config is available. -- This may offer better migration. GnuPG-bug-id: 5034 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* hwf-x86: enable VPGATHER usage for AMD CPUs with AVX512Jussi Kivilinna2022-10-261-74/+83
| | | | | | | | | | | | | | | | | | | | | | | | * src/hwf-x86.c (detect_x86_gnuc): Move model based checks and forced soft hwfeatures enablement at end; Enable VPGATHER for AMD CPUs with AVX512. -- AMD Zen4 is able to benefit from VPGATHER based table-lookup for Twofish. Benchmark on Ryzen 9 7900X: Before: TWOFISH | nanosecs/byte mebibytes/sec cycles/byte auto Mhz CTR enc | 1.79 ns/B 532.8 MiB/s 10.07 c/B 5625 CTR dec | 1.79 ns/B 532.6 MiB/s 10.07 c/B 5625 After (~10% faster): TWOFISH | nanosecs/byte mebibytes/sec cycles/byte auto Mhz CTR enc | 1.61 ns/B 593.5 MiB/s 9.05 c/B 5631±2 CTR dec | 1.61 ns/B 590.8 MiB/s 9.08 c/B 5625 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* hmac,hkdf: Check the HMAC key length in FIPS mode.Jakub Jelen2022-10-261-0/+4
| | | | | | | | | | * src/visibility.c (gcry_md_setkey): Add the check here, too. -- GnuPG-bug-id: 6039 Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* fips: Mark gcry_pk_encrypt/decrypt function non-approved.Jakub Jelen2022-10-191-1/+3
| | | | | | | | | * src/fips.c (_gcry_fips_indicator_function): Add gcry_pk_encrypt/decrypt as non-approved. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* fips: Fix fips indicator function.Jakub Jelen2022-10-191-2/+2
| | | | | | | | | | * src/fips.c (_gcry_fips_indicator_function): Fix typo in sign/verify function names. -- Fixes-commit: 05a9c9d1ba1db6c1cd160fba979e9ddf4700a0c0 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* More clean up.NIIBE Yutaka2022-09-161-1/+1
| | | | | | | | | | * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Add static qualifier. * mpi/ec-ed25519.c: Include ec-internal.h. * src/secmem.c (MB_WIPE_OUT): Remove extra semicolon. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Move function prototype to cipher.h.NIIBE Yutaka2022-09-161-0/+2
| | | | | | | | | * cipher/kdf-internal.h: Move from here. * src/cipher.h (blake2b_vl_hash): To here. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Minor clean up.NIIBE Yutaka2022-09-161-3/+0
| | | | | | | | | | | * mpi/mpi-internal.h: Remove extra semicolon from the macro. * mpi/mpih-mul.c: Likewise. * src/cipher-proto.h: Remove duplication for enum pk_encoding. * mpi/mpi-pow.c (_gcry_mpi_powm): Initialize XSIZE. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Fix _gcry_err_code_to_errno.NIIBE Yutaka2022-09-161-1/+1
| | | | | | | | * src/gcrypt-int.h: Use gpg_err_code_to_errno. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Fix use of noreturn.NIIBE Yutaka2022-09-161-2/+2
| | | | | | | | | | * doc/yat2m.c: Use __noreturn__. * src/g10lib.h: Likewise. -- GnuPG-bug-id: 4002 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Silence compiler warnings for unused internal value.NIIBE Yutaka2022-09-081-0/+1
| | | | | | | | | * cipher/primegen.c (gen_prime): Fix write only variable. * src/dumpsexp.c (parse_and_print): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Fix function prototypes.NIIBE Yutaka2022-09-081-2/+2
| | | | | | | | | | * random/random-csprng.c (random_poll): It's no args. * src/secmem.c (_gcry_secmem_module_init): Likewise. (_gcry_secmem_term): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* cipher: Support internal generation of IV for AEAD cipher mode.NIIBE Yutaka2022-08-256-0/+48
| | | | | | | | | | | | | | | | | | | | | | | * cipher/cipher-gcm.c (_gcry_cipher_gcm_setiv_zero): New. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) (_gcry_cipher_gcm_authenticate): Use _gcry_cipher_gcm_setiv_zero. * cipher/cipher-internal.h (struct gcry_cipher_handle): Add aead field. * cipher/cipher.c (_gcry_cipher_setiv): Check calling setiv to reject direct invocation in FIPS mode. (_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New. * doc/gcrypt.texi: Add explanation for two new functions. * src/gcrypt-int.h (_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New. * src/gcrypt.h.in (enum gcry_cipher_geniv_methods): New. (gcry_cipher_setup_geniv, gcry_cipher_geniv): New. * src/libgcrypt.def (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add. * src/libgcrypt.vers: Likewise. * src/visibility.c (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add. * src/visibility.h: Likewise. -- GnuPG-bug-id: 4873 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gcrypt.h: Fix function name in comment.Jakub Jelen2022-08-231-1/+2
| | | | Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* fips: Add function-name based FIPS indicator.Jakub Jelen2022-08-234-1/+22
| | | | | | | | | | | | | * doc/gcrypt.texi: Document the new function-based fips indicator GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION * src/fips.c (_gcry_fips_indicator_function): New function indicating non-approved functions. * src/gcrypt.h.in (enum gcry_ctl_cmds): New symbol GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION * src/global.c (_gcry_vcontrol): Handle new FIPS indicator. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* Add ARMv9 SVE2 and optional Crypto Extension HW featuresTianjia Zhang2022-07-213-0/+31
| | | | | | | | | | | | | | | | * configure.ac (sve2support, gcry_cv_gcc_inline_asm_aarch64_sve2) (ENABLE_SVE2_SUPPORT): New. * doc/gcrypt.texi: Add "sve2, sveaes, svepmull, svesha3, svesm4" to ARM hardware features list. * src/g10lib.h (HWF_ARM_SVE2, HWF_ARM_SVEAES, HWF_ARM_SVEPMULL) (HWF_ARM_SVESHA3, HWF_ARM_SVESM4): New. * src/hwf-arm.c (arm_features): Add "sve2, sveaes, svepmull, svesha3, svesm4". * src/hwfeatures.c (hwflist): Add "arm-sve2, arm-sveaes, arm-svepmull, arm-svesha3, arm-svesm4". -- Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
* Add detection for HW feature "ARMv8 SVE"Tianjia Zhang2022-07-213-0/+8
| | | | | | | | | | | | * configure.ac (svesupport, gcry_cv_gcc_inline_asm_aarch64_sve) (ENABLE_SVE_SUPPORT): New. * doc/gcrypt.texi: Add "arm-sve" to HW features list. * src/g10lib.h (HWF_ARM_SVE): New. * src/hwf-arm.c (arm_features): Add "sve". * src/hwfeatures.c (hwflist): Add "arm-sve". -- Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
* Cleanup for type definitions of byte, ushort, u32, and u64.NIIBE Yutaka2022-07-212-17/+17
| | | | | | | | | | * src/types.h: Use macros defined by configure script. * src/hmac256.c: Fix for HAVE_U32. * cipher/poly1305.c: Fix for HAVE_U64. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* visibility: add missing fips_is_operational check for gcry_md_extractJussi Kivilinna2022-07-201-1/+3
| | | | | | | * src/visibility.c (gcry_md_extract): Add 'fips_is_operational' check. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* hwf-x86: fix UBSAN warningJussi Kivilinna2022-07-201-1/+1
| | | | | | | | * src/hwf-x86.c (detect_x86_gnuc): Change `(1 << 31)` to `(1U << 31)` to fix undefined behaviour. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* hwf-arm: add ARM HW feature detection support for MacOSJussi Kivilinna2022-07-201-2/+67
| | | | | | | | | | | | | | * configure.ac: Add detection for header 'sys/sysctl.h' and system function 'sysctlbyname'. * src/hwf-arm.c (HAS_APPLE_SYSCTLBYNAME) (detect_arm_apple_sysctlbyname): New. (detect_arm_hwf_by_toolchain) [__ARM_FEATURE_CRYPTO]: Also check for ENABLE_ARM_CRYPTO_SUPPORT. (_gcry_hwf_detect_arm) [HAS_APPLE_SYSCTLBYNAME]: Check HWFs with 'detect_arm_apple_sysctlbyname' function. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* tests/basic: enable IV checks for CBC/CFB/CTR bulk testsJussi Kivilinna2022-07-061-0/+1
| | | | | | | | | | | | | | * cipher/cipher.c (_gcry_cipher_ctl): Add handling for 'PRIV_CIPHERCTL_GET_COUNTER'. * src/gcrypt-testapi.h (PRIV_CIPHERCTL_GET_COUNTER): New. * tests/basic.c (cipher_cbc_bulk_test, cipher_cfb_bulk_test): Restore IV checks by reading current IV from CBC/CFB cipher handle using PRIV_CIPHERCTL_GET_INPUT_VECTOR. (cipher_ctr_bulk_test): Restore counter checks by reading current counter from CTR cipher handle using PRIV_CIPHERCTL_GET_COUNTER. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* fips: Skip selftests of unsupported PK algosClemens Lang2022-07-011-0/+4
| | | | | | | | | | | | | | * src/fips.c (run_pubkey_selftests): Do not run selftests for disabled public key algorithms. -- Skip running FIPS selftests that are specific for a public key algorithm if that algorithm was disabled using the --enable-pubkey-ciphers configure option. GnuPG-bug-id: 6048 Signed-off-by: Clemens Lang <cllang@redhat.com>
* hmac,hkdf: Allow use of shorter salt for HKDF.NIIBE Yutaka2022-06-241-0/+3
| | | | | | | | | | | | * cipher/md.c (prepare_macpads): Move the check to... * src/visibility.c (gcry_mac_setkey): ... here. * tests/t-kdf.c (check_hkdf): No failure is expected. -- GnuPG-bug-id: 6039 Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kdf: Add HKDF of RFC5869.NIIBE Yutaka2022-06-161-0/+1
| | | | | | | | | | | | | | * src/gcrypt.h.in (GCRY_KDF_HKDF): New. * cipher/kdf.c (hkdf_open, hkdf_compute, hkdf_final, hkdf_close): New. (_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close): Handle GCRY_KDF_HKDF. * tests/t-kdf.c (check_hkdf): New. Test vectors from RFC5869. (main): Call check_hkdf. -- GnuPG-bug-id: 5964 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kdf: Add support for One-Step KDF with MAC.NIIBE Yutaka2022-06-081-2/+1
| | | | | | | | | | | | * src/gcrypt.h.in (GCRY_KDF_ONESTEP_KDF_MAC): New. * cipher/kdf.c (onestep_kdf_mac_open, onestep_kdf_mac_compute): New. (onestep_kdf_mac_final, onestep_kdf_mac_close): New. (_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close): Add support for GCRY_KDF_ONESTEP_KDF_MAC. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kdf: Add One-Step KDF with hash.NIIBE Yutaka2022-06-071-1/+14
| | | | | | | | | | | | | | | * src/gcrypt.h.in (GCRY_KDF_ONESTEP_KDF): New. * cipher/kdf.c (onestep_kdf_open, onestep_kdf_compute): New. (onestep_kdf_final): New. (_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final): Add GCRY_KDF_ONESTEP_KDF support. * tests/t-kdf.c (check_onestep_kdf): Add the test. (main): Call check_onestep_kdf. -- GnuPG-bug-id: 5964 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Fix for struct gcry_thread_cbs.NIIBE Yutaka2022-06-071-1/+1
| | | | | | | | | * src/gcrypt.h.in (struct gcry_thread_cbs): Since it's no use any more, even internally, use _GCRY_GCC_ATTR_DEPRECATED instead. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* secmem: Remove RISC OS support.NIIBE Yutaka2022-06-011-6/+0
| | | | | | | | * src/secmem.c [__riscos__]: Remove. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* secmem: Clean up ERRNO handling.NIIBE Yutaka2022-06-011-10/+6
| | | | | | | | | * src/secmem.c (lock_pool_pages): Use ERR only for the return value from mlock. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* secmem: Remove getting cap_ipc_lock by capabilities support.NIIBE Yutaka2022-06-011-42/+1
| | | | | | | | | | | * src/secmem.c (lock_pool_pages): Remove escalation of the capability. -- With CAP_SETPCAP, it might make sense before Linux 2.6.24 when file capabilityes were not supported. But not any more. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Fix internal declaration of _gcry_kdf_compute.NIIBE Yutaka2022-05-171-2/+2
| | | | | | | | | * src/gcrypt-int.h (_gcry_kdf_compute): Return gcry_err_code_t. -- GnuPG-bug-id: 5980 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Add detection for HW feature "intel-gfni"Jussi Kivilinna2022-04-243-1/+8
| | | | | | | | | | | | * configure.ac (gfnisupport, gcry_cv_gcc_inline_asm_gfni) (ENABLE_GFNI_SUPPORT): New. * src/g10lib.h (HWF_INTEL_GFNI): New. * src/hwf-x86.c (detect_x86_gnuc): Add GFNI detection. * src/hwfeatures.c (hwflist): Add "intel-gfni". * doc/gcrypt.texi: Add "intel-gfni" to HW features list. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* Use offsetof instead of null ptr calculation.NIIBE Yutaka2022-04-191-1/+1
| | | | | | | | * src/secmem.c (_gcry_secmem_realloc_internal): Use offsetof. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW featureJussi Kivilinna2022-04-011-0/+1
| | | | | | | | * src/hwf-ppc.c (ppc_features): Add HWF_PPC_ARCH_3_10. -- GnuPG-bug-id: T5913 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* build: When no gpg-error-config, not install libgcrypt-config.NIIBE Yutaka2022-03-311-0/+4
| | | | | | | | | | | | | | * configure.ac (USE_GPGRT_CONFIG): New. * src/Makefile.am [USE_GPGRT_CONFIG]: Conditionalize the install of libgcrypt-config. -- When system will migrate use of gpgrt-config and removal of gpg-error-config, libgcrypt-config will not be installed (but use libgcrypt.pc by gpgrt-config). Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Add detection for HW feature "intel-avx512"Jussi Kivilinna2022-03-073-3/+48
| | | | | | | | | | | | * configure.ac (avx512support, gcry_cv_gcc_inline_asm_avx512) (ENABLE_AVX512_SUPPORT): New. * src/g10lib.h (HWF_INTEL_AVX512): New. * src/hwf-x86.c (detect_x86_gnuc): Add AVX512 detection. * src/hwfeatures.c (hwflist): Add "intel-avx512". * doc/gcrypt.texi: Add "intel-avx512" to HW features list. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* hwf-arm: add ARMv8.2 optional crypto extension HW featuresTianjia Zhang2022-03-023-0/+24
| | | | | | | | | | * src/g10lib.h (HWF_ARM_SHA3, HWF_ARM_SM3, HWF_ARM_SM4) (HWF_ARM_SHA512): New. * src/hwf-arm.c (arm_features): Add sha3, sm3, sm4, sha512 HW features. * src/hwfeatures.c (hwflist): Add sha3, sm3, sm4, sha512 HW features. -- Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
* fips: Clarify what to be hashed for the integrity check.NIIBE Yutaka2022-02-172-17/+23
| | | | | | | | | | | | | | | | | * src/fips.c (get_file_offset): Compute the maximum offset of segments. * src/gen-note-integrity.sh: Likewise. -- The result is same (in current format of ELF program). Semantics is more clear. It hashes: - From the start of shared library file, - fixed up the ELF header to exclude link-time information, - up to the last segment. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* fips: Fix gen-note-integrity.sh script not to use cmp utility.NIIBE Yutaka2022-02-171-4/+4
| | | | | | | | | | * src/gen-note-integrity.sh: Simplify detecting 32-bit machine or 64-bit machine. -- GnuPG-bug-id: 5835 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
View Lorry Controller Status