libgcrypt.git
5 years agoAdd a constant for a forthcoming new RNG.
Werner Koch [Wed, 3 Sep 2014 06:53:43 +0000 (08:53 +0200)]
Add a constant for a forthcoming new RNG.

* src/gcrypt.h.in (GCRYCTL_DRBG_REINIT): New constant.

5 years agoAdd new Poly1305 MAC test vectors
Jussi Kivilinna [Tue, 2 Sep 2014 17:40:07 +0000 (20:40 +0300)]
Add new Poly1305 MAC test vectors

* tests/basic.c (check_mac): Add new test vectors for Poly1305 MAC.
--

Patch adds new test vectors for Poly1305 MAC from Internet Draft
draft-irtf-cfrg-chacha20-poly1305-01.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoasm: Allow building x86 and amd64 using old compilers.
Werner Koch [Tue, 2 Sep 2014 07:25:20 +0000 (09:25 +0200)]
asm: Allow building x86 and amd64 using old compilers.

* src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled.
--

Old as(1) versions do not support the xgetvb instruction.  Thus build
this function only if asm support has been requested.

GnuPG-bug-id: 1708

5 years agoAdd DCO entries for Andrei Scherer and Stefan Mueller.
Werner Koch [Mon, 1 Sep 2014 09:40:31 +0000 (11:40 +0200)]
Add DCO entries for Andrei Scherer and Stefan Mueller.

--

5 years agompi: Re-indent longlong.h.
Werner Koch [Fri, 29 Aug 2014 12:54:11 +0000 (14:54 +0200)]
mpi: Re-indent longlong.h.

--
Indenting the cpp statements should make longlong.h better readable.

5 years agosexp: Check args of gcry_sexp_build.
Werner Koch [Thu, 21 Aug 2014 12:12:55 +0000 (14:12 +0200)]
sexp: Check args of gcry_sexp_build.

* src/sexp.c (do_vsexp_sscan): Return error for invalid args.
--

This helps to avoid usage errors by passing NULL for the return
variable and the format string.

5 years agocipher: Fix a segv in case of calling with wrong parameters.
Werner Koch [Thu, 21 Aug 2014 09:47:16 +0000 (11:47 +0200)]
cipher: Fix a segv in case of calling with wrong parameters.

* cipher/md.c (_gcry_md_info): Fix arg testing.
--

GnuPG-bug-id: 1697

5 years agocipher: Fix possible NULL deref in call to prime generator.
Werner Koch [Thu, 21 Aug 2014 09:39:17 +0000 (11:39 +0200)]
cipher: Fix possible NULL deref in call to prime generator.

* cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
error code.
* cipher/dsa.c (generate): Take care of new return code.
* cipher/elgamal.c (generate): Change to return an error code.  Take
care of _gcry_generate_elg_prime return code.
(generate_using_x): Take care of _gcry_generate_elg_prime return code.
(elg_generate): Propagate return code from generate.
--

GnuPG-bug-id: 1699, 1700
Reported-by: S.K. Gupta
Note that the NULL deref may have only happened on malloc failure.

5 years agoecc: Support Montgomery curve for gcry_mpi_ec_mul_point.
NIIBE Yutaka [Tue, 12 Aug 2014 01:03:39 +0000 (10:03 +0900)]
ecc: Support Montgomery curve for gcry_mpi_ec_mul_point.

* mpi/ec.c (_gcry_mpi_ec_get_affine): Support Montgomery curve.
(montgomery_ladder): New.
(_gcry_mpi_ec_mul_point): Implemention using montgomery_ladder.
(_gcry_mpi_ec_curve_point): Check x-coordinate is valid.
--

Given Montgomery curve: b * y^2 == x^3 + a * x^2 + x
CTX->A has (a-2)/4 and CTX->B has b^-1

Note that _gcry_mpi_ec_add_points is not supported for this curve.

5 years agotests: Add a benchmark for Elgamal.
Werner Koch [Sat, 9 Aug 2014 12:36:59 +0000 (14:36 +0200)]
tests: Add a benchmark for Elgamal.

* tests/benchmark.c (sample_public_elg_key_1024): New.
(sample_private_elg_key_1024): New.
(sample_public_elg_key_2048, sample_private_elg_key_2048): New.
(sample_public_elg_key_3072, sample_private_elg_key_3072): New.
(elg_bench): New.
(main): Add elg_bench.  Add commands "elg" and "public".

5 years agoecc: Add cofactor to domain parameters.
NIIBE Yutaka [Fri, 8 Aug 2014 00:35:31 +0000 (09:35 +0900)]
ecc: Add cofactor to domain parameters.

* src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'.
* cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'.
(_gcry_ecc_update_curve_param): New API adding cofactor.

* cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'.
(ecc_domain_parms_t domain_parms): Add cofactors.
(_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param)
(_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp)
(_gcry_ecc_get_mpi): Handle cofactor.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
* cipher/ecc-misc.c (_gcry_ecc_curve_free)
(_gcry_ecc_curve_copy): Likewise.
* cipher/ecc.c (nist_generate_key, ecc_generate)
(ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw)
(ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc):
Likewise.
(compute_keygrip): Handle cofactor, but skip it for its computation.
* mpi/ec.c (ec_deinit): Likewise.
* tests/t-mpi-point.c (context_param): Likewise.
(test_curve): Add cofactors.
* tests/curves.c (sample_key_1, sample_key_2): Add cofactors.
* tests/keygrip.c (key_grips): Add cofactors.
--

We keep compatibility of compute_keygrip in cipher/ecc.c.

5 years agompi: Fix regression for powerpc-apple-darwin detection.
Werner Koch [Tue, 5 Aug 2014 10:26:36 +0000 (12:26 +0200)]
mpi: Fix regression for powerpc-apple-darwin detection.

* mpi/config.links: Add separate entry for powerpc-apple-darwin.
--

GnuPG-bug-id: 1616

5 years agoFix bug inhibiting the use of the sentinel attribute.
Werner Koch [Tue, 5 Aug 2014 10:15:26 +0000 (12:15 +0200)]
Fix bug inhibiting the use of the sentinel attribute.

* src/gcrypt.h.in: Fix typo in macro.
--

Reported-by: Rafaël Carré <funman@videolan.org>
5 years agompi: Use BSD syntax for x86_64-apple-darwin
Werner Koch [Tue, 5 Aug 2014 10:12:52 +0000 (12:12 +0200)]
mpi: Use BSD syntax for x86_64-apple-darwin

* mpi/config.links: Add case for x86_64-apple-darwin.
--

Suggested by gniibe on 2014-04-24.

5 years agoFix building for the x32 target without asm modules.
Kristian Fiskerstrand [Tue, 29 Jul 2014 17:34:31 +0000 (19:34 +0200)]
Fix building for the x32 target without asm modules.

* mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI.
--

See commit fd6721c235a5bdcb332c8eb708fbd4f96e52e824 for details.

5 years agoecc: Support the non-standard 0x40 compression flag for EdDSA.
Werner Koch [Thu, 24 Jul 2014 10:30:32 +0000 (12:30 +0200)]
ecc: Support the non-standard 0x40 compression flag for EdDSA.

* cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA.
* cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX.
(_gcry_ecc_eddsa_encodepoint): Ditto.
(_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix.
(_gcry_ecc_eddsa_decodepoint): Ditto.
* tests/keygrip.c: Check an compresssed with prefix Ed25519 key.
* tests/t-ed25519.inp: Ditto.

5 years agompi: Extend the internal mpi_get_buffer.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
mpi: Extend the internal mpi_get_buffer.

* mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC.
(_gcry_mpi_get_buffer_extra): New.

5 years agocipher: Fix compiler warning for chacha20.
Werner Koch [Thu, 24 Jul 2014 09:12:37 +0000 (11:12 +0200)]
cipher: Fix compiler warning for chacha20.

* cipher/chacha20.c (chacha20_blocks) [!USE_SSE2]: Do not build.

5 years agompi: Add mpi_swap_cond.
NIIBE Yutaka [Wed, 16 Jul 2014 08:05:55 +0000 (17:05 +0900)]
mpi: Add mpi_swap_cond.

* mpi/mpiutil.c (_gcry_mpi_swap_cond): New.
* src/mpi.h (mpi_swap_cond): New.
--

This is an internal function for now.

5 years agoSpeed-up SHA-1 NEON assembly implementation
Jussi Kivilinna [Sun, 29 Jun 2014 14:36:29 +0000 (17:36 +0300)]
Speed-up SHA-1 NEON assembly implementation

* cipher/sha1-armv7-neon.S: Tweak implementation for speed-up.
--

Benchmark on Cortex-A8 1008Mhz:

New:
                |  nanosecs/byte   mebibytes/sec   cycles/byte
 SHA1           |      7.04 ns/B     135.4 MiB/s      7.10 c/B

Old:
                |  nanosecs/byte   mebibytes/sec   cycles/byte
 SHA1           |      7.79 ns/B     122.4 MiB/s      7.85 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agogostr3411_94: rewrite to use u32 mathematic
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:36 +0000 (22:48 +0400)]
gostr3411_94: rewrite to use u32 mathematic

* cipher/gost28147.c (_gcry_gost_enc_data): New.
* cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic
  internally.
* cipher/gost28147.c (_gcry_gost_enc_one): Remove.

--
On my box (Core2 Duo, i386) this highly improves GOST R 34.11-94 speed.

Before:
 GOSTR3411_94   |     55.04 ns/B     17.33 MiB/s         - c/B

After:
 GOSTR3411_94   |     36.70 ns/B     25.99 MiB/s         - c/B

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agogost28147: use bufhelp helpers
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:35 +0000 (22:48 +0400)]
gost28147: use bufhelp helpers

* cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block):
  use buf_get_le32/buf_put_le32 helpers.

--
On my box this boosts GOST 28147-89 speed from 36 MiB/s up to 44.5 MiB/s.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFixup curve name in the GOST2012 test case
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:34 +0000 (22:48 +0400)]
Fixup curve name in the GOST2012 test case

* tests/basic.c (check_pubkey): fixup curve name in public key.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoUpdate PBKDF2 tests with GOST R 34.11-94 test cases
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:33 +0000 (22:48 +0400)]
Update PBKDF2 tests with GOST R 34.11-94 test cases

* tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases.

--
TC26 (Technical Comitee for standardization "Cryptography and security
mechanisms") published a document with test vectors for PBKDF2 used
with GOST R 34.11-94 message digest function.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:32 +0000 (22:48 +0400)]
Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet

* src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New.
* src/cipher.h (_gcry_digest_spec_gost3411_cp): New.
* cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between
  CryptoPro and Test S-Boxes.
* cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp,
  gost3411_cp_init): New.
* cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32.

--
RFC4357 defines only two S-Boxes that should be used together with
GOST R 34.11-94 - a testing one (from standard itself, for testing only)
and CryptoPro one. Instead of adding a separate gcry_md_ctrl() function
just to switch s-boxes, add a separate MD algorithm using CryptoPro
S-box.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agogost28147: support GCRYCTL_SET_SBOX
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:31 +0000 (22:48 +0400)]
gost28147: support GCRYCTL_SET_SBOX

cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoSupport setting s-box for the ciphers that require it
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:30 +0000 (22:48 +0400)]
Support setting s-box for the ciphers that require it

* src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New.
* cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to
  set_extra_info callback.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agocipher/gost28147: generate optimized s-boxes from compact ones
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:29 +0000 (22:48 +0400)]
cipher/gost28147: generate optimized s-boxes from compact ones

* cipher/gost-s-box.c: New. Outputs optimized expanded representation of
  s-boxes (4x256) from compact 16x8 representation.
* cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo
* cipher/gost.h: Add sbox to the GOST28147_context structure.
* cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from
  GOST R 34.11 (this was the only one S-box before).
* cipher/gost28147.c (gost_val): Use sbox from the context.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agogost28147: add OIDs used to define cipher mode
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:28 +0000 (22:48 +0400)]
gost28147: add OIDs used to define cipher mode

* cipher/gost28147 (oids_gost28147): Add OID from RFC4357.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoGOST R 34.11-94 add OIDs
Dmitry Eremin-Solenikov [Fri, 6 Jun 2014 18:48:26 +0000 (22:48 +0400)]
GOST R 34.11-94 add OIDs

* cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agotests: add larger test-vectors for hash algorithms
Jussi Kivilinna [Wed, 21 May 2014 05:30:30 +0000 (08:30 +0300)]
tests: add larger test-vectors for hash algorithms

* tests/basic.c (check_digests): Add large test-vectors for MD5, SHA1,
SHA224, SHA256, SHA384, RMD160, CRC32, TIGER1, WHIRLPOOL and
GOSTR3411_94.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agosha512: fix ARM/NEON implementation
Jussi Kivilinna [Wed, 21 May 2014 05:30:30 +0000 (08:30 +0300)]
sha512: fix ARM/NEON implementation

* cipher/sha512-armv7-neon.S
(_gcry_sha512_transform_armv7_neon): Byte-swap RW67q and RW1011q
correctly in multi-block loop.
* tests/basic.c (check_digests): Add large test vector for SHA512.
--

Patch fixes bug introduced to multi-block processing by commit df629ba53a6,
"Improve performance of SHA-512/ARM/NEON implementation". Patch also adds
multi-block test vector for SHA-512.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoFix ARM assembly when building __PIC__
Jussi Kivilinna [Tue, 20 May 2014 17:35:51 +0000 (20:35 +0300)]
Fix ARM assembly when building __PIC__

* cipher/camellia-arm.S (GET_DATA_POINTER): New.
(_gcry_camellia_arm_encrypt_block): Use GET_DATA_POINTER.
(_gcry_camellia_arm_decrypt_block): Ditto.
* cipher/cast5-arm.S (GET_DATA_POINTER): New.
(_gcry_cast5_arm_encrypt_block, _gcry_cast5_arm_decrypt_block)
(_gcry_cast5_arm_enc_blk2, _gcry_cast5_arm_dec_blk2): Use
GET_DATA_POINTER.
* cipher/rijndael-arm.S (GET_DATA_POINTER): New.
(_gcry_aes_arm_encrypt_block, _gcry_aes_arm_decrypt_block): Use
GET_DATA_POINTER.
* cipher/sha1-armv7-neon.S (GET_DATA_POINTER): New.
(.LK_VEC): Move from .text to .data section.
(_gcry_sha1_transform_armv7_neon): Use GET_DATA_POINTER.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd Poly1305 to documentation
Jussi Kivilinna [Sat, 17 May 2014 15:30:39 +0000 (18:30 +0300)]
Add Poly1305 to documentation

* doc/gcrypt.texi: Add documentation for Poly1305 MACs and AEAD mode.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agochacha20: add SSE2/AMD64 optimized implementation
Jussi Kivilinna [Fri, 16 May 2014 18:28:26 +0000 (21:28 +0300)]
chacha20: add SSE2/AMD64 optimized implementation

* cipher/Makefile.am: Add 'chacha20-sse2-amd64.S'.
* cipher/chacha20-sse2-amd64.S: New.
* cipher/chacha20.c (USE_SSE2): New.
[USE_SSE2] (_gcry_chacha20_amd64_sse2_blocks): New.
(chacha20_do_setkey) [USE_SSE2]: Use SSE2 implementation for blocks
function.
* configure.ac [host=x86-64]: Add 'chacha20-sse2-amd64.lo'.
--

Add Andrew Moon's public domain SSE2 implementation of ChaCha20. Original
source is available at: https://github.com/floodyberry/chacha-opt

Benchmark on Intel i5-4570 (haswell),
with "--disable-hwf intel-avx2 --disable-hwf intel-ssse3":

Old:
 CHACHA20       |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |      1.97 ns/B     483.8 MiB/s      6.31 c/B
     STREAM dec |      1.97 ns/B     483.6 MiB/s      6.31 c/B

New:
 CHACHA20       |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |     0.931 ns/B    1024.7 MiB/s      2.98 c/B
     STREAM dec |     0.930 ns/B    1025.0 MiB/s      2.98 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agopoly1305: add AMD64/AVX2 optimized implementation
Jussi Kivilinna [Sun, 11 May 2014 17:52:27 +0000 (20:52 +0300)]
poly1305: add AMD64/AVX2 optimized implementation

* cipher/Makefile.am: Add 'poly1305-avx2-amd64.S'.
* cipher/poly1305-avx2-amd64.S: New.
* cipher/poly1305-internal.h (POLY1305_USE_AVX2)
(POLY1305_AVX2_BLOCKSIZE, POLY1305_AVX2_STATESIZE)
(POLY1305_AVX2_ALIGNMENT): New.
(POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE)
(POLY1305_STATE_ALIGNMENT): Use AVX2 versions when needed.
* cipher/poly1305.c [POLY1305_USE_AVX2]
(_gcry_poly1305_amd64_avx2_init_ext)
(_gcry_poly1305_amd64_avx2_finish_ext)
(_gcry_poly1305_amd64_avx2_blocks, poly1305_amd64_avx2_ops): New.
(_gcry_poly1305_init) [POLY1305_USE_AVX2]: Use AVX2 implementation if
AVX2 supported by CPU.
* configure.ac [host=x86_64]: Add 'poly1305-avx2-amd64.lo'.
--

Add Andrew Moon's public domain AVX2 implementation of Poly1305. Original
source is available at: https://github.com/floodyberry/poly1305-opt

Benchmarks on Intel i5-4570 (haswell):

Old:
                    |  nanosecs/byte   mebibytes/sec   cycles/byte
 POLY1305           |     0.448 ns/B    2129.5 MiB/s      1.43 c/B

New:
                    |  nanosecs/byte   mebibytes/sec   cycles/byte
 POLY1305           |     0.205 ns/B    4643.5 MiB/s     0.657 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agopoly1305: add AMD64/SSE2 optimized implementation
Jussi Kivilinna [Sun, 11 May 2014 17:18:49 +0000 (20:18 +0300)]
poly1305: add AMD64/SSE2 optimized implementation

* cipher/Makefile.am: Add 'poly1305-sse2-amd64.S'.
* cipher/poly1305-internal.h (POLY1305_USE_SSE2)
(POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE)
(POLY1305_SSE2_ALIGNMENT): New.
(POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE)
(POLY1305_STATE_ALIGNMENT): Use SSE2 versions when needed.
* cipher/poly1305-sse2-amd64.S: New.
* cipher/poly1305.c [POLY1305_USE_SSE2]
(_gcry_poly1305_amd64_sse2_init_ext)
(_gcry_poly1305_amd64_sse2_finish_ext)
(_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops): New.
(_gcry_polu1305_init) [POLY1305_USE_SSE2]: Use SSE2 version.
* configure.ac [host=x86_64]: Add 'poly1305-sse2-amd64.lo'.
--

Add Andrew Moon's public domain SSE2 implementation of Poly1305. Original
source is available at: https://github.com/floodyberry/poly1305-opt

Benchmarks on Intel i5-4570 (haswell):

Old:
                    |  nanosecs/byte   mebibytes/sec   cycles/byte
 POLY1305           |     0.844 ns/B    1130.2 MiB/s      2.70 c/B

New:
                    |  nanosecs/byte   mebibytes/sec   cycles/byte
 POLY1305           |     0.448 ns/B    2129.5 MiB/s      1.43 c/B

Benchmarks on Intel i5-2450M (sandy-bridge):

Old:
                    |  nanosecs/byte   mebibytes/sec   cycles/byte
 POLY1305           |      1.25 ns/B     763.0 MiB/s      3.12 c/B

New:
                    |  nanosecs/byte   mebibytes/sec   cycles/byte
 POLY1305           |     0.605 ns/B    1575.9 MiB/s      1.51 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd Poly1305 based cipher AEAD mode
Jussi Kivilinna [Sun, 11 May 2014 09:00:19 +0000 (12:00 +0300)]
Add Poly1305 based cipher AEAD mode

* cipher/Makefile.am: Add 'cipher-poly1305.c'.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.poly1305'.
(_gcry_cipher_poly1305_encrypt, _gcry_cipher_poly1305_decrypt)
(_gcry_cipher_poly1305_setiv, _gcry_cipher_poly1305_authenticate)
(_gcry_cipher_poly1305_get_tag, _gcry_cipher_poly1305_check_tag): New.
* cipher/cipher-poly1305.c: New.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
(cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv)
(_gcry_cipher_authenticate, _gcry_cipher_gettag)
(_gcry_cipher_checktag): Handle 'GCRY_CIPHER_MODE_POLY1305'.
(cipher_setiv): Move handling of 'GCRY_CIPHER_MODE_GCM' to ...
(_gcry_cipher_setiv): ... here, as with other modes.
* src/gcrypt.h.in: Add 'GCRY_CIPHER_MODE_POLY1305'.
* tests/basic.c (_check_poly1305_cipher, check_poly1305_cipher): New.
(check_ciphers): Add Poly1305 check.
(check_cipher_modes): Call 'check_poly1305_cipher'.
* tests/bench-slope.c (bench_gcm_encrypt_do_bench): Rename to
bench_aead_... and take nonce as argument.
(bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench): Ditto.
(bench_gcm_encrypt_do_bench, bench_gcm_decrypt_do_bench)
(bench_gcm_authenticate_do_bench, bench_poly1305_encrypt_do_bench)
(bench_poly1305_decrypt_do_bench)
(bench_poly1305_authenticate_do_bench, poly1305_encrypt_ops)
(poly1305_decrypt_ops, poly1305_authenticate_ops): New.
(cipher_modes): Add Poly1305.
(cipher_bench_one): Add special handling for Poly1305.
--

Patch adds Poly1305 based AEAD cipher mode to libgcrypt. ChaCha20 variant
of this mode is proposed for use in TLS and ipsec:
 https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
 http://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-02

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd Poly1305-AES (-Camellia, etc) MACs
Jussi Kivilinna [Sun, 11 May 2014 09:00:19 +0000 (12:00 +0300)]
Add Poly1305-AES (-Camellia, etc) MACs

* cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes)
(_gcry_mac_type_spec_poly1305_camellia)
(_gcry_mac_type_spec_poly1305_twofish)
(_gcry_mac_type_spec_poly1305_serpent)
(_gcry_mac_type_spec_poly1305_seed): New.
* cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and
'nonce_set'.
(poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling
for Poly1305-*** MACs.
(poly1305mac_prepare_key, poly1305mac_setiv): New.
(poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling
for 'nonce_set'.
(poly1305mac_ops): Add 'poly1305mac_setiv'.
(_gcry_mac_type_spec_poly1305_aes)
(_gcry_mac_type_spec_poly1305_camellia)
(_gcry_mac_type_spec_poly1305_twofish)
(_gcry_mac_type_spec_poly1305_serpent)
(_gcry_mac_type_spec_poly1305_seed): New.
* cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish,
Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia.
* src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES',
'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH',
'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'.
* tests/basic.c (check_mac): Add Poly1305-AES test vectors.
* tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs.
* tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs.
--

Patch adds Bernstein's Poly1305-AES message authentication code to libgcrypt
and other variants of Poly1305-<128-bit block cipher>.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd Poly1305 MAC
Jussi Kivilinna [Sun, 11 May 2014 09:00:19 +0000 (12:00 +0300)]
Add Poly1305 MAC

* cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and
'poly1305-internal.h'.
* cipher/mac-internal.h (poly1305mac_context_s): New.
(gcry_mac_handle): Add 'u.poly1305mac'.
(_gcry_mac_type_spec_poly1305mac): New.
* cipher/mac-poly1305.c: New.
* cipher/mac.c (mac_list): Add Poly1305.
* cipher/poly1305-internal.h: New.
* cipher/poly1305.c: New.
* src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'.
* tests/basic.c (check_mac): Add Poly1035 test vectors; Allow
overriding lengths of data and key buffers.
* tests/bench-slope.c (mac_bench): Increase max algo number from 500 to
600.
* tests/benchmark.c (mac_bench): Ditto.
--

Patch adds Bernstein's Poly1305 message authentication code to libgcrypt.
Implementation is based on Andrew Moon's public domain implementation
from: https://github.com/floodyberry/poly1305-opt

The algorithm added by this patch is the plain Poly1305 without AES and
takes 32-bit key that must not be reused.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agochacha20/AVX2: clear upper-halfs of YMM registers on entry
Jussi Kivilinna [Mon, 12 May 2014 17:14:32 +0000 (20:14 +0300)]
chacha20/AVX2: clear upper-halfs of YMM registers on entry

* cipher/chacha20-avx2-amd64.S (_gcry_chacha20_amd64_avx2_blocks): Add
'vzeroupper' at beginning.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agochacha20/AVX2: check for ENABLE_AVX2_SUPPORT instead of HAVE_GCC_INLINE_ASM_AVX2
Jussi Kivilinna [Mon, 12 May 2014 17:11:33 +0000 (20:11 +0300)]
chacha20/AVX2: check for ENABLE_AVX2_SUPPORT instead of HAVE_GCC_INLINE_ASM_AVX2

* cipher/chacha20.c (USE_AVX2): Enable depending on
ENABLE_AVX2_SUPPORT, not HAVE_GCC_INLINE_ASM_AVX2.
* cipher/chacha20-avx2-amd64.S: Ditto.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agochacha20/SSSE3: clear XMM registers after use
Jussi Kivilinna [Mon, 12 May 2014 16:55:35 +0000 (19:55 +0300)]
chacha20/SSSE3: clear XMM registers after use

* cipher/chacha20-ssse3-amd64.S (_gcry_chacha20_amd64_ssse3_blocks): On
return, clear XMM registers.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agochacha20: add AVX2/AMD64 assembly implementation
Jussi Kivilinna [Sun, 11 May 2014 09:00:19 +0000 (12:00 +0300)]
chacha20: add AVX2/AMD64 assembly implementation

* cipher/Makefile.am: Add 'chacha20-avx2-amd64.S'.
* cipher/chacha20-avx2-amd64.S: New.
* cipher/chacha20.c (USE_AVX2): New macro.
[USE_AVX2] (_gcry_chacha20_amd64_avx2_blocks): New.
(chacha20_do_setkey): Select AVX2 implementation if there is HW
support.
(selftest): Increase size of buf by 256.
* configure.ac [host=x86-64]: Add 'chacha20-avx2-amd64.lo'.
--

Add AVX2 optimized implementation for ChaCha20. Based on implementation by
Andrew Moon.

SSSE3 (Intel Haswell):

 CHACHA20       |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |     0.742 ns/B    1284.8 MiB/s      2.38 c/B
     STREAM dec |     0.741 ns/B    1286.5 MiB/s      2.37 c/B

AVX2:

 CHACHA20       |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |     0.393 ns/B    2428.0 MiB/s      1.26 c/B
     STREAM dec |     0.392 ns/B    2433.6 MiB/s      1.25 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agochacha20: add SSSE3 assembly implementation
Jussi Kivilinna [Sun, 11 May 2014 09:00:19 +0000 (12:00 +0300)]
chacha20: add SSSE3 assembly implementation

* cipher/Makefile.am: Add 'chacha20-ssse3-amd64.S'.
* cipher/chacha20-ssse3-amd64.S: New.
* cipher/chacha20.c (USE_SSSE3): New macro.
[USE_SSSE3] (_gcry_chacha20_amd64_ssse3_blocks): New.
(chacha20_do_setkey): Select SSSE3 implementation if there is HW
support.
* configure.ac [host=x86-64]: Add 'chacha20-ssse3-amd64.lo'.
--

Add SSSE3 optimized implementation for ChaCha20. Based on implementation
by Andrew Moon.

Before (Intel Haswell):

 CHACHA20       |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |      1.97 ns/B     483.6 MiB/s      6.31 c/B
     STREAM dec |      1.97 ns/B     484.0 MiB/s      6.31 c/B

After:

 CHACHA20       |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |     0.742 ns/B    1284.8 MiB/s      2.38 c/B
     STREAM dec |     0.741 ns/B    1286.5 MiB/s      2.37 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd ChaCha20 stream cipher
Jussi Kivilinna [Sun, 11 May 2014 09:00:19 +0000 (12:00 +0300)]
Add ChaCha20 stream cipher

* cipher/Makefile.am: Add 'chacha20.c'.
* cipher/chacha20.c: New.
* cipher/cipher.c (cipher_list): Add ChaCha20.
* configure.ac: Add ChaCha20.
* doc/gcrypt.texi: Add ChaCha20.
* src/cipher.h (_gcry_cipher_spec_chacha20): New.
* src/gcrypt.h.in (GCRY_CIPHER_CHACHA20): Add new algo.
* tests/basic.c (MAX_DATA_LEN): Increase to 128 from 100.
(check_stream_cipher): Add ChaCha20 test-vectors.
(check_ciphers): Add ChaCha20.
--

Patch adds Bernstein's ChaCha20 cipher to libgcrypt. Implementation is based
on public domain implementations.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agompi: Fix a subtle bug setting spurious bits with in mpi_set_bit.
Werner Koch [Fri, 9 May 2014 10:35:15 +0000 (12:35 +0200)]
mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit.

* mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear
allocated but not used bits before resizing.
* tests/t-mpi-bits.c (set_bit_with_resize): New.
--

Reported-by: Martin Sewelies.
This bug is probably with us for many years.  Probably due to
different memory allocation patterns, it did first revealed itself
with 1.6.  It could be the reason for other heisenbugs.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoComment typo fix
Werner Koch [Fri, 9 May 2014 10:11:30 +0000 (12:11 +0200)]
Comment typo fix

--

5 years agoBump LT version.
Werner Koch [Wed, 7 May 2014 09:05:36 +0000 (11:05 +0200)]
Bump LT version.

* configure.ac: Bumb LT version to C21/A1/R0.
--

This is to avoid conflicts with the 1.6 series.  Note that if we add a
new interface to 1.6 we would need to bump age again.

5 years agorandom: Small patch for consistency and really burn the stack.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
random: Small patch for consistency and really burn the stack.

* random/rndlinux.c (_gcry_rndlinux_gather_random): s/int/size_t/.
(_gcry_rndlinux_gather_random): Replace memset by wipememory.
--

size_t was suggested by Marcus Meissner <meissner@suse.de>.  While
looking at the code I identified the useless (i.e. likely optimized
away) memset.

5 years agopubkey: Re-map all depreccated RSA algo numbers.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
pubkey: Re-map all depreccated RSA algo numbers.

* cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S.

5 years agocipher: Fix possible NULL dereference.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
cipher: Fix possible NULL dereference.

* cipher/md.c (_gcry_md_selftest): Check for spec being NULL.
--

Also removed left-over code in unused file cipher/test-getrusage.c.

Found by Hans-Christoph Steiner with cppcheck.

5 years ago3des: add amd64 assembly implementation for 3DES
Jussi Kivilinna [Sun, 30 Mar 2014 15:11:09 +0000 (18:11 +0300)]
3des: add amd64 assembly implementation for 3DES

* cipher/Makefile.am: Add 'des-amd64.S'.
* cipher/cipher-selftests.c (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Handle failures
from 'setkey' function.
* cipher/cipher.c (_gcry_cipher_open_internal) [USE_DES]: Setup bulk
functions for 3DES.
* cipher/des-amd64.S: New file.
* cipher/des.c (USE_AMD64_ASM, ATTR_ALIGNED_16): New macros.
[USE_AMD64_ASM] (_gcry_3des_amd64_crypt_block)
(_gcry_3des_amd64_ctr_enc), _gcry_3des_amd64_cbc_dec)
(_gcry_3des_amd64_cfb_dec): New prototypes.
[USE_AMD64_ASM] (tripledes_ecb_crypt): New function.
(TRIPLEDES_ECB_BURN_STACK): New macro.
(_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec)
(bulk_selftest_setkey, selftest_ctr, selftest_cbc, selftest_cfb): New
functions.
(selftest): Add call to CTR, CBC and CFB selftest functions.
(do_tripledes_encrypt, do_tripledes_decrypt): Use
TRIPLEDES_ECB_BURN_STACK.
* configure.ac [host=x86-64]: Add 'des-amd64.lo'.
* src/cipher.h (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec)
(_gcry_3des_cfb_dec): New prototypes.
--

Add non-parallel functions for small speed-up and 3-way parallel functions for
modes of operation that support parallel processing.

Old vs new (Intel Core i5-4570):
================================
        enc    dec
 ECB    1.17x  1.17x
 CBC    1.17x  2.51x
 CFB    1.16x  2.49x
 OFB    1.17x  1.17x
 CTR    2.56x  2.56x

Old vs new (Intel Core i5-2450M):
=================================
        enc    dec
 ECB    1.28x  1.28x
 CBC    1.27x  2.33x
 CFB    1.27x  2.34x
 OFB    1.27x  1.27x
 CTR    2.36x  2.35x

New (Intel Core i5-4570):
=========================
 3DES           |  nanosecs/byte   mebibytes/sec   cycles/byte
        ECB enc |     28.39 ns/B     33.60 MiB/s     90.84 c/B
        ECB dec |     28.27 ns/B     33.74 MiB/s     90.45 c/B
        CBC enc |     29.50 ns/B     32.33 MiB/s     94.40 c/B
        CBC dec |     13.35 ns/B     71.45 MiB/s     42.71 c/B
        CFB enc |     29.59 ns/B     32.23 MiB/s     94.68 c/B
        CFB dec |     13.41 ns/B     71.12 MiB/s     42.91 c/B
        OFB enc |     28.90 ns/B     33.00 MiB/s     92.47 c/B
        OFB dec |     28.90 ns/B     33.00 MiB/s     92.48 c/B
        CTR enc |     13.39 ns/B     71.20 MiB/s     42.86 c/B
        CTR dec |     13.39 ns/B     71.21 MiB/s     42.86 c/B

Old (Intel Core i5-4570):
=========================
 3DES           |  nanosecs/byte   mebibytes/sec   cycles/byte
        ECB enc |     33.24 ns/B     28.69 MiB/s     106.4 c/B
        ECB dec |     33.26 ns/B     28.67 MiB/s     106.4 c/B
        CBC enc |     34.45 ns/B     27.69 MiB/s     110.2 c/B
        CBC dec |     33.45 ns/B     28.51 MiB/s     107.1 c/B
        CFB enc |     34.43 ns/B     27.70 MiB/s     110.2 c/B
        CFB dec |     33.41 ns/B     28.55 MiB/s     106.9 c/B
        OFB enc |     33.79 ns/B     28.22 MiB/s     108.1 c/B
        OFB dec |     33.79 ns/B     28.22 MiB/s     108.1 c/B
        CTR enc |     34.27 ns/B     27.83 MiB/s     109.7 c/B
        CTR dec |     34.27 ns/B     27.83 MiB/s     109.7 c/B

New (Intel Core i5-2450M):
==========================
 3DES           |  nanosecs/byte   mebibytes/sec   cycles/byte
        ECB enc |     42.21 ns/B     22.59 MiB/s     105.5 c/B
        ECB dec |     42.23 ns/B     22.58 MiB/s     105.6 c/B
        CBC enc |     43.70 ns/B     21.82 MiB/s     109.2 c/B
        CBC dec |     23.25 ns/B     41.02 MiB/s     58.12 c/B
        CFB enc |     43.71 ns/B     21.82 MiB/s     109.3 c/B
        CFB dec |     23.23 ns/B     41.05 MiB/s     58.08 c/B
        OFB enc |     42.73 ns/B     22.32 MiB/s     106.8 c/B
        OFB dec |     42.73 ns/B     22.32 MiB/s     106.8 c/B
        CTR enc |     23.31 ns/B     40.92 MiB/s     58.27 c/B
        CTR dec |     23.35 ns/B     40.84 MiB/s     58.38 c/B

Old (Intel Core i5-2450M):
==========================
 3DES           |  nanosecs/byte   mebibytes/sec   cycles/byte
        ECB enc |     53.98 ns/B     17.67 MiB/s     134.9 c/B
        ECB dec |     54.00 ns/B     17.66 MiB/s     135.0 c/B
        CBC enc |     55.43 ns/B     17.20 MiB/s     138.6 c/B
        CBC dec |     54.27 ns/B     17.57 MiB/s     135.7 c/B
        CFB enc |     55.42 ns/B     17.21 MiB/s     138.6 c/B
        CFB dec |     54.35 ns/B     17.55 MiB/s     135.9 c/B
        OFB enc |     54.49 ns/B     17.50 MiB/s     136.2 c/B
        OFB dec |     54.49 ns/B     17.50 MiB/s     136.2 c/B
        CTR enc |     55.02 ns/B     17.33 MiB/s     137.5 c/B
        CTR dec |     55.01 ns/B     17.34 MiB/s     137.5 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agotests: Print diagnostics for skipped tests.
Werner Koch [Thu, 13 Mar 2014 11:06:55 +0000 (12:06 +0100)]
tests: Print diagnostics for skipped tests.

* tests/basic.c (show_note): New.
(show_md_not_available):
(show_old_hmac_not_available):
(show_mac_not_available):
(check_digests): Remove USE_foo cpp tests from the test table.  Call
show_md_not_available if algo is not available.
(check_hmac): Likewise.
(check_mac): Likewise.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoAdd MD2 message digest implementation
Dmitry Eremin-Solenikov [Tue, 11 Mar 2014 17:53:05 +0000 (21:53 +0400)]
Add MD2 message digest implementation

* cipher/md2.c: New.
* cipher/md.c (digest_list): add _gcry_digest_spec_md2.
* tests/basic.c (check_digests): add MD2 test vectors.
* configure.ac (default_digests): disable md2 by default.
--
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Some minor indentation fixes by wk.

5 years agoAdd an utility to calculate hashes over a set of files
Dmitry Eremin-Solenikov [Sun, 22 Dec 2013 13:13:45 +0000 (17:13 +0400)]
Add an utility to calculate hashes over a set of files

* tests/gchash.c: New.

--
An utility like rhash that has the ability to calculate different hashes
over a set of files it usefull. Add gchash utility to calculate hashes
supported by libgcrypt.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd a simple (raw) PKCS#1 padding mode
Dmitry Eremin-Solenikov [Sun, 22 Dec 2013 13:12:28 +0000 (17:12 +0400)]
Add a simple (raw) PKCS#1 padding mode

* src/cipher.h (PUBKEY_ENC_PKCS1_RAW): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Handle pkcs1-raw
  flag.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi):
  Handle s-exp like (data (flags pkcs1-raw) (value xxxxx))
* cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig):
  PKCS#1-encode data with embedded hash OID for signature verification.
* tests/basic.c (check_pubkey_sign): Add tests for s-exps with pkcs1-raw
  flag.

--
Allow user to specify (flags pkcs1-raw) to enable pkcs1 padding of raw
value (no hash algorithm is specified). It is up to the user to verify
that the passed value is properly formatted and includes DER-encoded
ASN OID of the used hash function.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix ARMv6 detection when CFLAGS modify target CPU architecture
Jussi Kivilinna [Tue, 4 Feb 2014 15:50:48 +0000 (17:50 +0200)]
Fix ARMv6 detection when CFLAGS modify target CPU architecture

* configure.ac (gcry_cv_cc_arm_arch_is_v6): Use compiler test instead
of preprocessor test.
--

Old test was using C preprocessor to check ARM version macros and missed fact
that using different CFLAGS affect those macros (CFLAGS are not passed to
preprocessor checks).

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoUpdate NEWS to be aligned with 1.6.1.
Werner Koch [Wed, 29 Jan 2014 14:17:37 +0000 (15:17 +0100)]
Update NEWS to be aligned with 1.6.1.

--

5 years agoReserve control code for FIPS extensions.
Werner Koch [Wed, 29 Jan 2014 09:44:36 +0000 (10:44 +0100)]
Reserve control code for FIPS extensions.

* src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New.
(GCRYCTL_REACTIVATE_FIPS_FLAG): New.
* src/global.c (_gcry_vcontrol): Add them but return not_implemented.

5 years agoFix RSA Blinding.
NIIBE Yutaka [Tue, 28 Jan 2014 23:32:46 +0000 (08:32 +0900)]
Fix RSA Blinding.

* cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agocipher: Take care of ENABLE_NEON_SUPPORT.
Werner Koch [Tue, 28 Jan 2014 16:00:27 +0000 (17:00 +0100)]
cipher: Take care of ENABLE_NEON_SUPPORT.

* cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if
ENABLE_NEON_SUPPORT is defined.
* cipher/serpent.c (USE_NEON): Ditto.
* cipher/sha1.c (USE_NEON): Ditto.
* cipher/sha512.c (USE_ARM_NEON_ASM): Ditto.
--

The generic C source files must only include NEON support if that is
enabled.  The dedicated ASM files are conditionally compiled and thus
do not need to use it.

GnuPG-bug-id: 1603
Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agosexp: Fix broken gcry_sexp_nth.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
sexp: Fix broken gcry_sexp_nth.

* src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data
element.
(NODE): Remove unused typedef.
(ST_HINT): Comment unused macro.

* tests/t-sexp.c (bug_1594): New.
(main): Run new test.
--

Before 1.6.0 gcry_sexp_nth (list, 0) with a LIST of "(a (b 3:pqr) (c
3:456) (d 3:xyz))" returned the entire list.  1.6.0 instead returned
NULL.  However, this is also surprising and the expected value would
be "(a)".  This patch fixes this.

Somewhat related to that gcry_sexp_nth returned a broken list if
requesting index 1 of a list like "(n foo)".  It returned just the
"foo" but not as a list which is required by the S-expression specs.
Due to this patch the returned value is now "(foo)".

Thanks to Ludovic Courtès for pointing out these problems.

GnuPG-bug-id: 1594

5 years agotests: Improve t-common.h.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
tests: Improve t-common.h.

* tests/t-common.h: Add couple of macros.  Check that config.h has
been included.
(show): Rename to info.
* tests/t-lock.c, tests/t-sexp.c: Adjust for changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agompi: Minor fix for Atari-mint.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
mpi: Minor fix for Atari-mint.

* mpi/config.links [m68k-atari-mint]: Do not assume 68020.  Suggested
by Alan Hourihane.

(cherry picked from commit 420f42a5752e90a8b27d58ffa1ddfe6e4ab341e8)

5 years agoFix most of memory leaks in tests code
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 23:21:39 +0000 (03:21 +0400)]
Fix most of memory leaks in tests code

* tests/basic.c (check_ccm_cipher): Close cipher after use.
* tests/basic.c (check_one_cipher): Correct length of used buffer.
* tests/benchmark.c (cipher_bench): Use xcalloc to make buffer
  initialized.
* tests/keygen.c (check_ecc_keys): Release generated key.
* tests/t-mpi-point.c (context_param): Release mpi Q.
* tests/t-sexp.c (check_extract_param): Release extracted number.

--
The only remaining reported memory leak is one expected leak from
mpitests.c.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix memory leaks in ecc code
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 23:21:38 +0000 (03:21 +0400)]
Fix memory leaks in ecc code

* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
  values.
* cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
  path.
* cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.

--
==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8
==11657==    at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11657==    by 0x404178F: _gcry_private_malloc (stdmem.c:113)
==11657==    by 0x403CED1: do_malloc.constprop.4 (global.c:768)
==11657==    by 0x403DD01: _gcry_xmalloc (global.c:790)
==11657==    by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84)
==11657==    by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466)
==11657==    by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796)
==11657==    by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327)
==11657==    by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378)
==11657==    by 0x407B895: compute_keygrip (ecc.c:1492)
==11657==    by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674)
==11657==    by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056)

==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7
==16502==    at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==16502==    by 0x404B4DE: _gcry_private_malloc (stdmem.c:113)
==16502==    by 0x404667B: do_malloc (global.c:768)
==16502==    by 0x40466E7: _gcry_malloc (global.c:790)
==16502==    by 0x4046A55: _gcry_xmalloc (global.c:944)
==16502==    by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84)
==16502==    by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548)
==16502==    by 0x40A72B2: scanval (ecc-curves.c:432)
==16502==    by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685)
==16502==    by 0x4058164: _gcry_pk_get_curve (pubkey.c:747)
==16502==    by 0x4043E14: gcry_pk_get_curve (visibility.c:1067)
==16502==    by 0x8048934: check_matching (curves.c:124)

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix number of blocks passed used in _gcry_rmd160_mixblock
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 11:02:14 +0000 (15:02 +0400)]
Fix number of blocks passed used in _gcry_rmd160_mixblock

* cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform

--
Currently _gcry_rmd160_mixblock() passes 64 as nblocks to transform()
function, while passing only one block of data. This causes acess after
the allocated data and tons of errors on each valgrind invokation.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
This fixes commit 50b8c834.

5 years agoSmall Windows build tweaks.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Small Windows build tweaks.

* configure.ac (HAVE_PTHREAD): Do test when building for Windows.

* tests/basic.c: Replace "%zi" by "%z" and a cast to make it work
under Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoUpdate gpg-error autoconf macros to fix threading problems.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Update gpg-error autoconf macros to fix threading problems.

* m4/gpg-error.m4: Update to version 2014-01-24.
* tests/Makefile.am (t_lock_LDADD): Use MT Libs.

5 years agotests: Pass -no-install to libtool
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 11:02:15 +0000 (15:02 +0400)]
tests: Pass -no-install to libtool

* tests/Makefile.am: add AM_LDFLAGS = -no-install

--
There is little point building tests with support for installation.
Passing -no-install stops libtool from building wrapper scripts,
thus allowing direct gdb/valgrind invocation on programs in tests/
subdirectory.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agotests: Add a test for the internal locking
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
tests: Add a test for the internal locking

* src/global.c (external_lock_test): New.
(_gcry_vcontrol): Call new function with formerly reserved code 61.

* tests/t-common.h: New. Taken from current libgpg-error.
* tests/t-lock.c: New.  Based on t-lock.c from libgpg-error.
* configure.ac (HAVE_PTHREAD): Set macro to 1 if defined.
(AC_CHECK_FUNCS): Check for flockfile.
* tests/Makefile.am (tests_bin): Add t-lock.
(noinst_HEADERS): Add t-common.h
(LDADD): Move value to ...
(default_ldadd): new.
(t_lock_LDADD): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit fa42c61a84996b6a7574c32233dfd8d9f254d93a)

Resolved conflicts:
* src/ath.c: Remove as not anymore used in 1.7.
* tests/Makefile.am: Merge.

Changes:

        * src/global.c (external_lock_test): Use the gpgrt function
          for locking.

        Changed subject because here we are only adding the test case.

5 years agoCheck compiler features only for the relevant platform.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Check compiler features only for the relevant platform.

* mpi/config.links (mpi_cpu_arch): Always set for ARM.  Set for HPPA.
Set to "undefined" for unknown platforms.
(try_asm_modules): Act upon only after having detected the CPU.
* configure.ac: Move the call to config.links before the platform
specific compiler checks.  Check platform specific features only if
the platform is targeted.
--

There is no need to check x86 options if we are targeting ARM and vice
versa.  This may only introduce build problems.  With this patch the
summary output at the end of the compiler also shows more reasonable
messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 04d478d9b0f92d80105ddaf2c011f40ae8260cfb)

5 years agoSupport building using the latest mingw-w64 toolchain.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Support building using the latest mingw-w64 toolchain.

* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.
--

This patch is related to Debian-bug-id 730271 for GnuPG 1.4:

   From: Stephen Kitt <skitt@debian.org>

      All MinGW targets require underscores when linking. This patch fixes
      acinclude.m4 and the resulting configure so they don't limit the use
      of underscores to the old mingw32msvc targets.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agocipher: Fix commit 94030e44
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
cipher: Fix commit 94030e44

* cipher/tiger.c (tiger_init): Add arg FLAGS.
(tiger1_init, tiger2_init): Ditto.

5 years agotests: Rename tsexp.c
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
tests: Rename tsexp.c

* tests/tsexp.c: Rename to t-sexp.c

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agomd: Add Whirlpool bug emulation feature.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
md: Add Whirlpool bug emulation feature.

* src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New.
* src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS.  Change all code
to implement that flag.
* cipher/md.c (gcry_md_context):  Replace SECURE and FINALIZED by bit
field FLAGS.  Add flag BUGEMU1.  Change all users.
(md_open): Replace args SECURE and HMAC by FLAGS.  Init flags.bugemu1.
(_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1.
(md_enable): Pass bugemu1 flag to the hash init function.
(_gcry_md_reset): Ditto.
--

This problem is for example exhibited in the Linux cryptsetup tool.
See https://bbs.archlinux.org/viewtopic.php?id=175737 .  It has be
been tracked down by Milan Broz.

The suggested way of using the flag is:

  if (whirlpool_bug_assumed)
    {
#if GCRYPT_VERSION_NUMBER >= 0x010601
      err = gcry_md_open (&hd, GCRY_MD_WHIRLPOOL, GCRY_MD_FLAG_BUGEMU1)
      if (gpg_err_code (err) == GPG_ERR_INV_ARG)
         error ("Need at least Libggcrypt 1.6.1 for the fix");
      else
         {
            do_hash (hd);
            gcry_md_close (hd);
          }
#endif
    }

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoActually check for uint64_t.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Actually check for uint64_t.

* configure.ac: Check size of uint64_t and the UINT64_C macro.
--

configure.ac used $ac_cv_sizeof_uint64_t but never set this variable.
Due to the availability of long long on all platforms supporting
uint64_t this was not a real problem.  Found while remove the
corresponding test from gnupg.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoReplace ath based mutexes by gpgrt based locks.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Replace ath based mutexes by gpgrt based locks.

* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13.
(gl_LOCK): Remove.
* src/ath.c, src/ath.h: Remove.  Remove from all files.  Replace all
mutexes by gpgrt based statically initialized locks.
* src/global.c (global_init): Remove ath_init.
(_gcry_vcontrol): Make ath install a dummy function.
(print_config): Remove threads info line.

* doc/gcrypt.texi: Simplify the multi-thread related documentation.
--

The current code does only work on ELF systems with weak symbol
support.  In particular no locks were used under Windows.  With the
new gpgrt_lock functions from the soon to be released libgpg-error
1.13 we have a better portable scheme which also allows for static
initialized mutexes.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoecc: Fix _gcry_mpi_ec_p_new to allow secp256k1.
NIIBE Yutaka [Wed, 15 Jan 2014 03:41:37 +0000 (12:41 +0900)]
ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1.

* mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0.
* tests/t-mpi-point.c (context_alloc): Remove two spurious tests.

--

It is no problem when a==0.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoPBKDF2: Use gcry_md_reset to speed up calculation.
Milan Broz [Mon, 13 Jan 2014 20:30:42 +0000 (21:30 +0100)]
PBKDF2: Use gcry_md_reset to speed up calculation.

* cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset
to speed up calculation.
--

Current PBKDF2 implementation uses gcry_md_set_key in every iteration
which is extremely slow (even in comparison with other implementations).

Use gcry_md_reset instead and set key only once.

With this test program:

  char input[32000], salt[8], key[16];
  gcry_kdf_derive(input, sizeof(input), GCRY_KDF_PBKDF2,
                  gcry_md_map_name("sha1"),
                  salt, sizeof(salt), 100000, sizeof(key), key);

running time without patch:
  real    0m11.165s
  user    0m11.136s
  sys     0m0.000s

and with patch applied
  real    0m0.230s
  user    0m0.184s
  sys     0m0.024s

(The problem was found when cryptsetup started to use gcrypt internal PBKDF2
and for very long keyfiles unlocking time increased drastically.
See https://bugzilla.redhat.com/show_bug.cgi?id=1051733)

Signed-off-by: Milan Broz <gmazyland@gmail.com>
5 years agoAdd DCO entry for Milan Broz.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Add DCO entry for Milan Broz.

--

5 years agoFix macro conflict in NetBSD
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Fix macro conflict in NetBSD

* cipher/bithelp.h (bswap32): Rename to _gcry_bswap32.
(bswap64): Rename to _gcry_bswap64.
--

NetBSD provides system macros bswap32 and bswap64 which conflicts with
our macros.  Prefixing them with _gcry_ is easier than to come up with
a proper test.

GnuPG-bug-id: 1600
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 36214bfa8f612cd2faa4de217d1a12a8b5faadbf)

5 years agoUse internal malloc function in fips.c
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Use internal malloc function in fips.c

* src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/.
--

This fixes a build problem with ENABLE_HMAC_BINARY_CHECK.

Reported-by: Michal Vyskocil.
5 years agoUpdate NEWS.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Update NEWS.

--

5 years agoTruncate hash values for ECDSA signature scheme
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:38:37 +0000 (00:38 +0400)]
Truncate hash values for ECDSA signature scheme

* cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque
  mpis as required for DSA and ECDSA signature schemas.
* cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to
  behave like the rest of internal sign/verify functions.
* cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify):
  as required by ECDSA scheme, truncate hash values to bitlength of
  used curve.
* tests/pubkey.c (check_ecc_sample_key): add a testcase for hash
  truncation.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd GOST R 34.10-2012 curves proposed by TC26
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:39:58 +0000 (00:39 +0400)]
Add GOST R 34.10-2012 curves proposed by TC26

* cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves
  proposed/pending to standardization by TC26 (Russian cryptography
  technical comitee).
* cipher/ecc-curves.c (curve_alias): Add OID aliases.
* tests/curves.c: Increase N_CURVES.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd GOST R 34.10-2001 curves per RFC4357
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:39:57 +0000 (00:39 +0400)]
Add GOST R 34.10-2001 curves per RFC4357

* cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357.
* cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST
  curves.
* tests/curves.c (N_CURVES): Update value.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix typo in search_oid
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:39:56 +0000 (00:39 +0400)]
Fix typo in search_oid

* cipher/md.c (search_oid): Invert condition on oid comparison.

--
Function stricmp() returns 0 in case strings match, so proper condition
that checks for matching OID strings should be if (!stricmp(...))

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd MD2-HMAC calculation support
Dmitry Eremin-Solenikov [Fri, 27 Dec 2013 08:37:12 +0000 (12:37 +0400)]
Add MD2-HMAC calculation support

* src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New.
* cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd a function to retrieve algorithm used by MAC handler
Dmitry Eremin-Solenikov [Fri, 27 Dec 2013 08:37:11 +0000 (12:37 +0400)]
Add a function to retrieve algorithm used by MAC handler

* cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo.
* src/visibility.c (gcry_mac_get_algo): New wrapper.
* src/visibility.h: Hanlde gcry_mac_get_algo.
* src/gcrypt-int.h (_gcry_mac_get_algo): New.
* src/gcrypt.h.in (gcry_mac_get_algo): New.
* src/libgcrypt.def (gcry_mac_get_algo): New.
* src/libgcrypt.vers (gcry_mac_get_algo): New.
* doc/gcrypt.texi: Document gcry_mac_get_algo.
* tests/basic.c (check_one_mac): Verify gcry_mac_get_algo.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoCorrect formatting of gcry_mac_get_algo_keylen documentation
Dmitry Eremin-Solenikov [Fri, 27 Dec 2013 08:37:10 +0000 (12:37 +0400)]
Correct formatting of gcry_mac_get_algo_keylen documentation

* doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen
  documentation.

Use braces around unsigned int in gcry_mac_get_algo_keylen
documentation, otherwise texinfo breaks that and uses 'int' as a
function definition.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoecc: Make a macro shorter.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
ecc: Make a macro shorter.

* src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS.  CHnage
all users.
* cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
comment.
* mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
(add_points_twistededwards): Rename to add_points_edwards.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix assembly division check
Jussi Kivilinna [Sun, 12 Jan 2014 20:01:28 +0000 (22:01 +0200)]
Fix assembly division check

* configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable
name mismatch at '--Wa,--divide' workaround check.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd secp256k1 curve.
NIIBE Yutaka [Sun, 12 Jan 2014 12:54:57 +0000 (21:54 +0900)]
Add secp256k1 curve.

* cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID.
(domain_parms): Add secp256k1's domain paramerter.

* tests/basic.c (check_pubkey): Add a key of secp256k1.

* tests/curves.c (N_CURVES): Updated.

--

The key in check_pubkey is from "Test vector 1" of following page.
    https://en.bitcoin.it/wiki/BIP_0032_TestVectors

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoFix constant division for AMD64 assembly on Solaris/x86
Jussi Kivilinna [Sun, 12 Jan 2014 08:53:47 +0000 (10:53 +0200)]
Fix constant division for AMD64 assembly on Solaris/x86

* configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for
constant division in assembly and test for "-Wa,--divide" workaround.
(gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division.
--

Appearantly on Solaris/x86 '/' character is treated as begining of line
comment by GNU as. This causes problems when compiling SHA-1 SSSE3
implementation:

On 02.01.2014 16:26, Richard PALO wrote:
>> COLLECT_GCC_OPTIONS='-D' 'HAVE_CONFIG_H' '-I' '.' '-I' '..' '-I' '../src' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext' '-D' '_REENTRANT' '-O2' '-MT' 'sha1-ssse3-amd64.lo' '-MD' '-MP' '-MF' '.deps/sha1-ssse3-amd64.Tpo' '-c' '-fPIC' '-D' 'PIC' '-o' '.libs/sha1-ssse3-amd64.o' '-v' '-mtune=generic' '-march=x86-64'
>>  /usr/gnu/bin/as -v -I . -I .. -I ../src -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext -V -Qy -s --64 -o .libs/sha1-ssse3-amd64.o /var/tmp//ccAxWPXX.s
>> GNU assembler version 2.23.1 (i386-pc-solaris2.11) using BFD version (GNU Binutils) 2.23.1
>> /var/tmp//ccAxWPXX.s: Assembler messages:
>> /var/tmp//ccAxWPXX.s:34: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:38: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:42: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:46: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:54: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:58: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:62: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:66: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:70: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:74: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:78: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:82: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:86: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:90: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:94: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:98: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:102: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:106: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:110: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:114: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:119: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:123: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:127: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:132: Error: unbalanced parenthesis in operand 1.
>
>
> apparently the paddd code, such as
>     `paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0;`
> isn't digested well, appended is the generated assembler code.

On 02.01.2014 17:41, Richard PALO wrote:
> Hi again, after finding the following:
> https://sourceware.org/bugzilla/show_bug.cgi?id=4572
>
> I tried using '-Wa,--divide' and that seemed to workaround the problem...
>
> perhaps the code, or at least the Makefile could be adapted accordingly?

Patch adds detection of this feature and attempts to workaround issue with by
adding "-Wa,--divide" to CPPFLAGS. If workaround does not work (old GAS on
Solaris/x86), we'll disable AMD64 assembly.

[v3]:
 - Update CPPFLAGS after testing instead of CFLAGS.

Reported-and-tested-by: Richard PALO <richard.palo@free.fr>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoUse the generic autogen.sh script.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Use the generic autogen.sh script.

* autogen.rc: New.
* Makefile.am (EXTRA_DIST): Add it.
* autogen.sh: Update from current GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoMove all helper scripts to build-aux/
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Move all helper scripts to build-aux/

* scripts/: Rename to build-aux/.
* compile, config.guess, config.rpath, config.sub
* depcomp, doc/mdate-sh, doc/texinfo.tex
* install-sh, ltmain.sh, missing: Move to build-aux/.
* Makefile.am (EXTRA_DIST): Adjust.
* configure.ac (AC_CONFIG_AUX_DIR): New.
(AM_SILENT_RULES): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix another minor typo.
Werner Koch [Wed, 8 Jan 2014 19:03:15 +0000 (20:03 +0100)]
Fix another minor typo.

--

5 years agoTypo fixes.
Werner Koch [Wed, 8 Jan 2014 18:45:13 +0000 (19:45 +0100)]
Typo fixes.

--