| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/db2any: Update copyright notice.
* cipher/arcfour.c, cipher/blowfish.ccipher/cast5.c: Likewise.
* cipher/crc-armv8-ce.c, cipher/crc-intel-pclmul.c: Likewise.
* cipher/crc-ppc.c, cipher/crc.c, cipher/des.c: Likewise.
* cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
* cipher/primegen.c, cipher/rfc2268.c, cipher/rmd160.c: Likewise.
* cipher/seed.c, cipher/serpent.c, cipher/tiger.c: Likewise.
* cipher/twofish.c: Likewise.
* mpi/alpha/mpih-add1.S, mpi/alpha/mpih-lshift.S: Likewise.
* mpi/alpha/mpih-mul1.S, mpi/alpha/mpih-mul2.S: Likewise.
* mpi/alpha/mpih-mul3.S, mpi/alpha/mpih-rshift.S: Likewise.
* mpi/alpha/mpih-sub1.S, mpi/alpha/udiv-qrnnd.S: Likewise.
* mpi/amd64/mpih-add1.S, mpi/amd64/mpih-lshift.S: Likewise.
* mpi/amd64/mpih-mul1.S, mpi/amd64/mpih-mul2.S: Likewise.
* mpi/amd64/mpih-mul3.S, mpi/amd64/mpih-rshift.S: Likewise.
* mpi/amd64/mpih-sub1.S, mpi/config.links: Likewise.
* mpi/generic/mpih-add1.c, mpi/generic/mpih-lshift.c: Likewise.
* mpi/generic/mpih-mul1.c, mpi/generic/mpih-mul2.c: Likewise.
* mpi/generic/mpih-mul3.c, mpi/generic/mpih-rshift.c: Likewise.
* mpi/generic/mpih-sub1.c, mpi/generic/udiv-w-sdiv.c: Likewise.
* mpi/hppa/mpih-add1.S, mpi/hppa/mpih-lshift.S: Likewise.
* mpi/hppa/mpih-rshift.S, mpi/hppa/mpih-sub1.S: Likewise.
* mpi/hppa/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul1.S: Likewise.
* mpi/hppa1.1/mpih-mul2.S, mpi/hppa1.1/mpih-mul3.S: Likewise.
* mpi/hppa1.1/udiv-qrnnd.S, mpi/i386/mpih-add1.S: Likewise.
* mpi/i386/mpih-lshift.S, mpi/i386/mpih-mul1.S: Likewise.
* mpi/i386/mpih-mul2.S, mpi/i386/mpih-mul3.S: Likewise.
* mpi/i386/mpih-rshift.S, mpi/i386/mpih-sub1.S: Likewise.
* mpi/i386/syntax.h, mpi/longlong.h: Likewise.
* mpi/m68k/mc68020/mpih-mul1.S, mpi/m68k/mc68020/mpih-mul2.S: Likewise.
* mpi/m68k/mc68020/mpih-mul3.S, mpi/m68k/mpih-add1.S: Likewise.
* mpi/m68k/mpih-lshift.S, mpi/m68k/mpih-rshift.S: Likewise.
* mpi/m68k/mpih-sub1.S, mpi/m68k/syntax.h: Likewise.
* mpi/mips3/mpih-add1.S, mpi/mips3/mpih-lshift.S: Likewise.
* mpi/mips3/mpih-mul1.S, mpi/mips3/mpih-mul2.S: Likewise.
* mpi/mips3/mpih-mul3.S, mpi/mips3/mpih-rshift.S: Likewise.
* mpi/mips3/mpih-sub1.S, mpi/mpi-add.c: Likewise.
* mpi/mpi-bit.c, mpi/mpi-cmp.c, mpi/mpi-div.c: Likewise.
* mpi/mpi-gcd.c, mpi/mpi-inline.c, mpi/mpi-inline.h: Likewise.
* mpi/mpi-internal.h, mpi/mpi-mpow.c, mpi/mpi-mul.c: Likewise.
* mpi/mpi-scan.c, mpi/mpih-div.c, mpi/mpih-mul.c: Likewise.
* mpi/pa7100/mpih-lshift.S, mpi/pa7100/mpih-rshift.S: Likewise.
* mpi/power/mpih-add1.S, mpi/power/mpih-lshift.S: Likewise.
* mpi/power/mpih-mul1.S, mpi/power/mpih-mul2.S: Likewise.
* mpi/power/mpih-mul3.S, mpi/power/mpih-rshift.S: Likewise.
* mpi/power/mpih-sub1.S, mpi/powerpc32/mpih-add1.S: Likewise.
* mpi/powerpc32/mpih-lshift.S, mpi/powerpc32/mpih-mul1.S: Likewise.
* mpi/powerpc32/mpih-mul2.S, mpi/powerpc32/mpih-mul3.S: Likewise.
* mpi/powerpc32/mpih-rshift.S, mpi/powerpc32/mpih-sub1.S: Likewise.
* mpi/powerpc32/syntax.h, mpi/sparc32/mpih-add1.S: Likewise.
* mpi/sparc32/mpih-lshift.S, mpi/sparc32/mpih-rshift.S: Likewise.
* mpi/sparc32/udiv.S, mpi/sparc32v8/mpih-mul1.S: Likewise.
* mpi/sparc32v8/mpih-mul2.S, mpi/sparc32v8/mpih-mul3.S: Likewise.
* mpi/supersparc/udiv.S: Likewise.
* random/random.h, random/rndegd.c: Likewise.
* src/cipher.h, src/libgcrypt.def, src/libgcrypt.vers: Likewise.
* src/missing-string.c, src/mpi.h, src/secmem.h: Likewise.
* src/stdmem.h, src/types.h: Likewise.
* tests/aeswrap.c, tests/curves.c, tests/hmac.c: Likewise.
* tests/keygrip.c, tests/prime.c, tests/random.c: Likewise.
* tests/t-kdf.c, tests/testapi.c: Likewise.
--
GnuPG-bug-id: 6271
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_fips_indicator_pk_flags): List more allowed string
in the S-expression.
* doc/gcrypt.texi: Add document for the FIPS service indicator
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS with example.
--
GnuPG-bug-id: 6417
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
| |
* src/fips.c: (_gcry_fips_indicator_function): Mark using random
override non-approved in FIPS mode.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit
FIPS indicator for public key algorithm flags.
* src/g10lib.h (_gcry_fips_indicator_pk_flags): New.
* src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New.
* src/global.c (_gcry_vcontrol): Handle the new option.
* doc/gcrypt.texi: Document new options.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_fips_indicator_mac): New function indicating
non-approved mac algorithms.
(_gcry_fips_indicator_md): new functions indicating non-approved
message digest algorithms.
* src/g10lib.h (_gcry_fips_indicator_mac): New function.
(_gcry_fips_indicator_md): Ditto.
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbols,
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC and
GCRYCTL_FIPS_SERVICE_INDICATOR_MD.
* src/global.c (_gcry_vcontrol): Handle new FIPS indicators.
--
GnuPG-bug-id: 6376
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (get_file_offset): Check return value of ftell to be able
to detect errors.
--
Originally reported by coverity.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/visibility.c (gcry_pk_hash_sign): Check fips status before
calling the operation itself.
(gcry_pk_hash_verify): Ditto.
--
GnuPG-bug-id: 6396
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'aria.c'.
* cipher/aria.c: New.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add ARIA cipher
specs.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_CMAC_ARIA.
(_gcry_mac_type_spec_cmac_aria): New.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_gmac_aria): New.
* cipher/mac-internal.h (_gcry_mac_type_spec_cmac_aria)
(_gcry_mac_type_spec_gmac_aria)
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac.c (mac_list, mac_list_algo201, mac_list_algo401)
(mac_list_algo501): Add ARIA MAC specs.
* configure.ac (available_ciphers): Add 'aria'.
(GCRYPT_CIPHERS): Add 'aria.lo'.
(USE_ARIA): New.
* doc/gcrypt.texi: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192,
GCRY_CIPHER_ARIA256, GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* src/cipher.h (_gcry_cipher_spec_aria128, _gcry_cipher_spec_aria192)
(_gcry_cipher_spec_aria256): New.
* src/gcrypt.h.in (gcry_cipher_algos): Add GCRY_CIPHER_ARIA128,
GCRY_CIPHER_ARIA192 and GCRY_CIPHER_ARIA256.
(gcry_mac_algos): GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* tests/basic.c (check_ecb_cipher, check_ctr_cipher)
(check_cfb_cipher, check_ocb_cipher) [USE_ARIA]: Add ARIA test-vectors.
(check_ciphers) [USE_ARIA]: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192
and GCRY_CIPHER_ARIA256.
(main): Also run 'check_bulk_cipher_modes' for 'cipher_modes_only'-mode.
* tests/bench-slope.c (bench_mac_init): Add GCRY_MAC_POLY1305_ARIA
setiv-handling.
* tests/benchmark.c (mac_bench): Likewise.
--
This patch adds ARIA block cipher for libgcrypt. This implementation
is based on work by Taehee Yoo, with following notable changes:
- Integration to libgcrypt, use of bithelp.h and bufhelp.h helper
functions where possible.
- Added lookup table prefetching as is done in AES, GCM and SM4
implementations.
- Changed `get_u8` to return `u32` as returning `byte` caused
sub-optimal code generation with gcc-12/x86-64 (zero extending
from 8-bit to 32-bit register, followed by extraneous sign
extending from 32-bit to 64-bit register).
- Changed 'aria_crypt' loop structure a bit for tiny performance
increase (~1% seen with gcc-12/x86-64/zen4).
Benchmark on AMD Ryzen 9 7900X (x86-64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 3.99 ns/B 239.1 MiB/s 22.43 c/B 5625
ECB dec | 4.00 ns/B 238.4 MiB/s 22.50 c/B 5625
Benchmark on AMD Ryzen 9 7900X (win32):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 4.57 ns/B 208.7 MiB/s 25.31 c/B 5538
ECB dec | 4.66 ns/B 204.8 MiB/s 25.39 c/B 5453
Benchmark on ARM Cortex-A53 (aarch64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 74.69 ns/B 12.77 MiB/s 48.40 c/B 647.9
ECB dec | 74.99 ns/B 12.72 MiB/s 48.58 c/B 647.9
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (cipher_list_algo301): Remove comma at the end
of last entry.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add SM4.
(_gcry_mac_type_spec_gmac_sm4): New.
* cipher/max-internal.h (_gcry_mac_type_spec_gmac_sm4)
(_gcry_mac_type_spec_poly1305mac_sm4): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add SM4.
(_gcry_mac_type_spec_poly1305mac_sm4): New.
* cipher/mac.c (mac_list, mac_list_algo401, mac_list_algo501): Add
GMAC-SM4 and Poly1304-SM4.
(mac_list_algo101): Remove comma at the end of last entry.
* cipher/md.c (digest_list_algo301): Remove comma at the end of
last entry.
* doc/gcrypt.texi: Add GCRY_MAC_GMAC_SM4 and GCRY_MAC_POLY1305_SM4.
* src/gcrypt.h.in (GCRY_MAC_GMAC_SM4, GCRY_MAC_POLY1305_SM4): New.
* tests/bench-slope.c (bench_mac_init): Setup IV for
GCRY_MAC_POLY1305_SM4.
* tests/benchmark.c (mac_bench): Likewise.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_fips_indicator_cipher): Add key wrapping mode as
approved.
--
GnuPG-bug-id: 5512
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/libgcrypt.m4: Overriding the decision by
--with-libgcrypt-prefix, use gpgrt-config libgcrypt when gpgrt-config
is available.
--
This may offer better migration.
GnuPG-bug-id: 5034
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hwf-x86.c (detect_x86_gnuc): Move model based checks and
forced soft hwfeatures enablement at end; Enable VPGATHER for
AMD CPUs with AVX512.
--
AMD Zen4 is able to benefit from VPGATHER based table-lookup for
Twofish.
Benchmark on Ryzen 9 7900X:
Before:
TWOFISH | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CTR enc | 1.79 ns/B 532.8 MiB/s 10.07 c/B 5625
CTR dec | 1.79 ns/B 532.6 MiB/s 10.07 c/B 5625
After (~10% faster):
TWOFISH | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CTR enc | 1.61 ns/B 593.5 MiB/s 9.05 c/B 5631±2
CTR dec | 1.61 ns/B 590.8 MiB/s 9.08 c/B 5625
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* src/visibility.c (gcry_md_setkey): Add the check here, too.
--
GnuPG-bug-id: 6039
Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_fips_indicator_function): Add
gcry_pk_encrypt/decrypt as non-approved.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_fips_indicator_function): Fix typo in sign/verify
function names.
--
Fixes-commit: 05a9c9d1ba1db6c1cd160fba979e9ddf4700a0c0
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Add static qualifier.
* mpi/ec-ed25519.c: Include ec-internal.h.
* src/secmem.c (MB_WIPE_OUT): Remove extra semicolon.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf-internal.h: Move from here.
* src/cipher.h (blake2b_vl_hash): To here.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/mpi-internal.h: Remove extra semicolon from the macro.
* mpi/mpih-mul.c: Likewise.
* src/cipher-proto.h: Remove duplication for enum pk_encoding.
* mpi/mpi-pow.c (_gcry_mpi_powm): Initialize XSIZE.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
| |
* src/gcrypt-int.h: Use gpg_err_code_to_errno.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* doc/yat2m.c: Use __noreturn__.
* src/g10lib.h: Likewise.
--
GnuPG-bug-id: 4002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* cipher/primegen.c (gen_prime): Fix write only variable.
* src/dumpsexp.c (parse_and_print): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* random/random-csprng.c (random_poll): It's no args.
* src/secmem.c (_gcry_secmem_module_init): Likewise.
(_gcry_secmem_term): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-gcm.c (_gcry_cipher_gcm_setiv_zero): New.
(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
(_gcry_cipher_gcm_authenticate): Use _gcry_cipher_gcm_setiv_zero.
* cipher/cipher-internal.h (struct gcry_cipher_handle): Add aead field.
* cipher/cipher.c (_gcry_cipher_setiv): Check calling setiv to reject
direct invocation in FIPS mode.
(_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New.
* doc/gcrypt.texi: Add explanation for two new functions.
* src/gcrypt-int.h (_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New.
* src/gcrypt.h.in (enum gcry_cipher_geniv_methods): New.
(gcry_cipher_setup_geniv, gcry_cipher_geniv): New.
* src/libgcrypt.def (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add.
* src/libgcrypt.vers: Likewise.
* src/visibility.c (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add.
* src/visibility.h: Likewise.
--
GnuPG-bug-id: 4873
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
| |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/gcrypt.texi: Document the new function-based fips indicator
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION
* src/fips.c (_gcry_fips_indicator_function): New function indicating
non-approved functions.
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbol
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION
* src/global.c (_gcry_vcontrol): Handle new FIPS indicator.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (sve2support, gcry_cv_gcc_inline_asm_aarch64_sve2)
(ENABLE_SVE2_SUPPORT): New.
* doc/gcrypt.texi: Add "sve2, sveaes, svepmull, svesha3, svesm4" to
ARM hardware features list.
* src/g10lib.h (HWF_ARM_SVE2, HWF_ARM_SVEAES, HWF_ARM_SVEPMULL)
(HWF_ARM_SVESHA3, HWF_ARM_SVESM4): New.
* src/hwf-arm.c (arm_features): Add
"sve2, sveaes, svepmull, svesha3, svesm4".
* src/hwfeatures.c (hwflist): Add
"arm-sve2, arm-sveaes, arm-svepmull, arm-svesha3, arm-svesm4".
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (svesupport, gcry_cv_gcc_inline_asm_aarch64_sve)
(ENABLE_SVE_SUPPORT): New.
* doc/gcrypt.texi: Add "arm-sve" to HW features list.
* src/g10lib.h (HWF_ARM_SVE): New.
* src/hwf-arm.c (arm_features): Add "sve".
* src/hwfeatures.c (hwflist): Add "arm-sve".
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
|
|
|
|
|
|
|
|
|
| |
* src/types.h: Use macros defined by configure script.
* src/hmac256.c: Fix for HAVE_U32.
* cipher/poly1305.c: Fix for HAVE_U64.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
| |
* src/visibility.c (gcry_md_extract): Add 'fips_is_operational' check.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
| |
* src/hwf-x86.c (detect_x86_gnuc): Change `(1 << 31)` to `(1U << 31)`
to fix undefined behaviour.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add detection for header 'sys/sysctl.h' and system
function 'sysctlbyname'.
* src/hwf-arm.c (HAS_APPLE_SYSCTLBYNAME)
(detect_arm_apple_sysctlbyname): New.
(detect_arm_hwf_by_toolchain) [__ARM_FEATURE_CRYPTO]: Also check for
ENABLE_ARM_CRYPTO_SUPPORT.
(_gcry_hwf_detect_arm) [HAS_APPLE_SYSCTLBYNAME]: Check HWFs with
'detect_arm_apple_sysctlbyname' function.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_ctl): Add handling for
'PRIV_CIPHERCTL_GET_COUNTER'.
* src/gcrypt-testapi.h (PRIV_CIPHERCTL_GET_COUNTER): New.
* tests/basic.c (cipher_cbc_bulk_test, cipher_cfb_bulk_test): Restore
IV checks by reading current IV from CBC/CFB cipher handle using
PRIV_CIPHERCTL_GET_INPUT_VECTOR.
(cipher_ctr_bulk_test): Restore counter checks by reading current
counter from CTR cipher handle using PRIV_CIPHERCTL_GET_COUNTER.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (run_pubkey_selftests): Do not run selftests for disabled
public key algorithms.
--
Skip running FIPS selftests that are specific for a public key algorithm
if that algorithm was disabled using the --enable-pubkey-ciphers
configure option.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (prepare_macpads): Move the check to...
* src/visibility.c (gcry_mac_setkey): ... here.
* tests/t-kdf.c (check_hkdf): No failure is expected.
--
GnuPG-bug-id: 6039
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_KDF_HKDF): New.
* cipher/kdf.c (hkdf_open, hkdf_compute, hkdf_final, hkdf_close): New.
(_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
Handle GCRY_KDF_HKDF.
* tests/t-kdf.c (check_hkdf): New. Test vectors from RFC5869.
(main): Call check_hkdf.
--
GnuPG-bug-id: 5964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_KDF_ONESTEP_KDF_MAC): New.
* cipher/kdf.c (onestep_kdf_mac_open, onestep_kdf_mac_compute): New.
(onestep_kdf_mac_final, onestep_kdf_mac_close): New.
(_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
Add support for GCRY_KDF_ONESTEP_KDF_MAC.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_KDF_ONESTEP_KDF): New.
* cipher/kdf.c (onestep_kdf_open, onestep_kdf_compute): New.
(onestep_kdf_final): New.
(_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final): Add
GCRY_KDF_ONESTEP_KDF support.
* tests/t-kdf.c (check_onestep_kdf): Add the test.
(main): Call check_onestep_kdf.
--
GnuPG-bug-id: 5964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (struct gcry_thread_cbs): Since it's no use any
more, even internally, use _GCRY_GCC_ATTR_DEPRECATED instead.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
| |
* src/secmem.c [__riscos__]: Remove.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* src/secmem.c (lock_pool_pages): Use ERR only for the return value
from mlock.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/secmem.c (lock_pool_pages): Remove escalation of the capability.
--
With CAP_SETPCAP, it might make sense before Linux 2.6.24 when file
capabilityes were not supported. But not any more.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt-int.h (_gcry_kdf_compute): Return gcry_err_code_t.
--
GnuPG-bug-id: 5980
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (gfnisupport, gcry_cv_gcc_inline_asm_gfni)
(ENABLE_GFNI_SUPPORT): New.
* src/g10lib.h (HWF_INTEL_GFNI): New.
* src/hwf-x86.c (detect_x86_gnuc): Add GFNI detection.
* src/hwfeatures.c (hwflist): Add "intel-gfni".
* doc/gcrypt.texi: Add "intel-gfni" to HW features list.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
| |
* src/secmem.c (_gcry_secmem_realloc_internal): Use offsetof.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
| |
* src/hwf-ppc.c (ppc_features): Add HWF_PPC_ARCH_3_10.
--
GnuPG-bug-id: T5913
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (USE_GPGRT_CONFIG): New.
* src/Makefile.am [USE_GPGRT_CONFIG]: Conditionalize the install
of libgcrypt-config.
--
When system will migrate use of gpgrt-config and removal of
gpg-error-config, libgcrypt-config will not be installed (but use
libgcrypt.pc by gpgrt-config).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (avx512support, gcry_cv_gcc_inline_asm_avx512)
(ENABLE_AVX512_SUPPORT): New.
* src/g10lib.h (HWF_INTEL_AVX512): New.
* src/hwf-x86.c (detect_x86_gnuc): Add AVX512 detection.
* src/hwfeatures.c (hwflist): Add "intel-avx512".
* doc/gcrypt.texi: Add "intel-avx512" to HW features list.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* src/g10lib.h (HWF_ARM_SHA3, HWF_ARM_SM3, HWF_ARM_SM4)
(HWF_ARM_SHA512): New.
* src/hwf-arm.c (arm_features): Add sha3, sm3, sm4, sha512 HW features.
* src/hwfeatures.c (hwflist): Add sha3, sm3, sm4, sha512 HW features.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (get_file_offset): Compute the maximum offset
of segments.
* src/gen-note-integrity.sh: Likewise.
--
The result is same (in current format of ELF program).
Semantics is more clear. It hashes:
- From the start of shared library file,
- fixed up the ELF header to exclude link-time information,
- up to the last segment.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* src/gen-note-integrity.sh: Simplify detecting 32-bit machine
or 64-bit machine.
--
GnuPG-bug-id: 5835
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|