libgcrypt.git
5 years agoFix most of memory leaks in tests code
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 23:21:39 +0000 (03:21 +0400)]
Fix most of memory leaks in tests code

* tests/basic.c (check_ccm_cipher): Close cipher after use.
* tests/basic.c (check_one_cipher): Correct length of used buffer.
* tests/benchmark.c (cipher_bench): Use xcalloc to make buffer
  initialized.
* tests/keygen.c (check_ecc_keys): Release generated key.
* tests/t-mpi-point.c (context_param): Release mpi Q.
* tests/t-sexp.c (check_extract_param): Release extracted number.

--
The only remaining reported memory leak is one expected leak from
mpitests.c.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix memory leaks in ecc code
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 23:21:38 +0000 (03:21 +0400)]
Fix memory leaks in ecc code

* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
  values.
* cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
  path.
* cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.

--
==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8
==11657==    at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11657==    by 0x404178F: _gcry_private_malloc (stdmem.c:113)
==11657==    by 0x403CED1: do_malloc.constprop.4 (global.c:768)
==11657==    by 0x403DD01: _gcry_xmalloc (global.c:790)
==11657==    by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84)
==11657==    by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466)
==11657==    by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796)
==11657==    by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327)
==11657==    by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378)
==11657==    by 0x407B895: compute_keygrip (ecc.c:1492)
==11657==    by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674)
==11657==    by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056)

==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7
==16502==    at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==16502==    by 0x404B4DE: _gcry_private_malloc (stdmem.c:113)
==16502==    by 0x404667B: do_malloc (global.c:768)
==16502==    by 0x40466E7: _gcry_malloc (global.c:790)
==16502==    by 0x4046A55: _gcry_xmalloc (global.c:944)
==16502==    by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84)
==16502==    by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548)
==16502==    by 0x40A72B2: scanval (ecc-curves.c:432)
==16502==    by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685)
==16502==    by 0x4058164: _gcry_pk_get_curve (pubkey.c:747)
==16502==    by 0x4043E14: gcry_pk_get_curve (visibility.c:1067)
==16502==    by 0x8048934: check_matching (curves.c:124)

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix number of blocks passed used in _gcry_rmd160_mixblock
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 11:02:14 +0000 (15:02 +0400)]
Fix number of blocks passed used in _gcry_rmd160_mixblock

* cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform

--
Currently _gcry_rmd160_mixblock() passes 64 as nblocks to transform()
function, while passing only one block of data. This causes acess after
the allocated data and tons of errors on each valgrind invokation.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
This fixes commit 50b8c834.

5 years agoSmall Windows build tweaks.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Small Windows build tweaks.

* configure.ac (HAVE_PTHREAD): Do test when building for Windows.

* tests/basic.c: Replace "%zi" by "%z" and a cast to make it work
under Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoUpdate gpg-error autoconf macros to fix threading problems.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Update gpg-error autoconf macros to fix threading problems.

* m4/gpg-error.m4: Update to version 2014-01-24.
* tests/Makefile.am (t_lock_LDADD): Use MT Libs.

5 years agotests: Pass -no-install to libtool
Dmitry Eremin-Solenikov [Fri, 24 Jan 2014 11:02:15 +0000 (15:02 +0400)]
tests: Pass -no-install to libtool

* tests/Makefile.am: add AM_LDFLAGS = -no-install

--
There is little point building tests with support for installation.
Passing -no-install stops libtool from building wrapper scripts,
thus allowing direct gdb/valgrind invocation on programs in tests/
subdirectory.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agotests: Add a test for the internal locking
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
tests: Add a test for the internal locking

* src/global.c (external_lock_test): New.
(_gcry_vcontrol): Call new function with formerly reserved code 61.

* tests/t-common.h: New. Taken from current libgpg-error.
* tests/t-lock.c: New.  Based on t-lock.c from libgpg-error.
* configure.ac (HAVE_PTHREAD): Set macro to 1 if defined.
(AC_CHECK_FUNCS): Check for flockfile.
* tests/Makefile.am (tests_bin): Add t-lock.
(noinst_HEADERS): Add t-common.h
(LDADD): Move value to ...
(default_ldadd): new.
(t_lock_LDADD): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit fa42c61a84996b6a7574c32233dfd8d9f254d93a)

Resolved conflicts:
* src/ath.c: Remove as not anymore used in 1.7.
* tests/Makefile.am: Merge.

Changes:

        * src/global.c (external_lock_test): Use the gpgrt function
          for locking.

        Changed subject because here we are only adding the test case.

5 years agoCheck compiler features only for the relevant platform.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Check compiler features only for the relevant platform.

* mpi/config.links (mpi_cpu_arch): Always set for ARM.  Set for HPPA.
Set to "undefined" for unknown platforms.
(try_asm_modules): Act upon only after having detected the CPU.
* configure.ac: Move the call to config.links before the platform
specific compiler checks.  Check platform specific features only if
the platform is targeted.
--

There is no need to check x86 options if we are targeting ARM and vice
versa.  This may only introduce build problems.  With this patch the
summary output at the end of the compiler also shows more reasonable
messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 04d478d9b0f92d80105ddaf2c011f40ae8260cfb)

5 years agoSupport building using the latest mingw-w64 toolchain.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Support building using the latest mingw-w64 toolchain.

* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.
--

This patch is related to Debian-bug-id 730271 for GnuPG 1.4:

   From: Stephen Kitt <skitt@debian.org>

      All MinGW targets require underscores when linking. This patch fixes
      acinclude.m4 and the resulting configure so they don't limit the use
      of underscores to the old mingw32msvc targets.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agocipher: Fix commit 94030e44
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
cipher: Fix commit 94030e44

* cipher/tiger.c (tiger_init): Add arg FLAGS.
(tiger1_init, tiger2_init): Ditto.

5 years agotests: Rename tsexp.c
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
tests: Rename tsexp.c

* tests/tsexp.c: Rename to t-sexp.c

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agomd: Add Whirlpool bug emulation feature.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
md: Add Whirlpool bug emulation feature.

* src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New.
* src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS.  Change all code
to implement that flag.
* cipher/md.c (gcry_md_context):  Replace SECURE and FINALIZED by bit
field FLAGS.  Add flag BUGEMU1.  Change all users.
(md_open): Replace args SECURE and HMAC by FLAGS.  Init flags.bugemu1.
(_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1.
(md_enable): Pass bugemu1 flag to the hash init function.
(_gcry_md_reset): Ditto.
--

This problem is for example exhibited in the Linux cryptsetup tool.
See https://bbs.archlinux.org/viewtopic.php?id=175737 .  It has be
been tracked down by Milan Broz.

The suggested way of using the flag is:

  if (whirlpool_bug_assumed)
    {
#if GCRYPT_VERSION_NUMBER >= 0x010601
      err = gcry_md_open (&hd, GCRY_MD_WHIRLPOOL, GCRY_MD_FLAG_BUGEMU1)
      if (gpg_err_code (err) == GPG_ERR_INV_ARG)
         error ("Need at least Libggcrypt 1.6.1 for the fix");
      else
         {
            do_hash (hd);
            gcry_md_close (hd);
          }
#endif
    }

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoActually check for uint64_t.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Actually check for uint64_t.

* configure.ac: Check size of uint64_t and the UINT64_C macro.
--

configure.ac used $ac_cv_sizeof_uint64_t but never set this variable.
Due to the availability of long long on all platforms supporting
uint64_t this was not a real problem.  Found while remove the
corresponding test from gnupg.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoReplace ath based mutexes by gpgrt based locks.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Replace ath based mutexes by gpgrt based locks.

* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13.
(gl_LOCK): Remove.
* src/ath.c, src/ath.h: Remove.  Remove from all files.  Replace all
mutexes by gpgrt based statically initialized locks.
* src/global.c (global_init): Remove ath_init.
(_gcry_vcontrol): Make ath install a dummy function.
(print_config): Remove threads info line.

* doc/gcrypt.texi: Simplify the multi-thread related documentation.
--

The current code does only work on ELF systems with weak symbol
support.  In particular no locks were used under Windows.  With the
new gpgrt_lock functions from the soon to be released libgpg-error
1.13 we have a better portable scheme which also allows for static
initialized mutexes.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoecc: Fix _gcry_mpi_ec_p_new to allow secp256k1.
NIIBE Yutaka [Wed, 15 Jan 2014 03:41:37 +0000 (12:41 +0900)]
ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1.

* mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0.
* tests/t-mpi-point.c (context_alloc): Remove two spurious tests.

--

It is no problem when a==0.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoPBKDF2: Use gcry_md_reset to speed up calculation.
Milan Broz [Mon, 13 Jan 2014 20:30:42 +0000 (21:30 +0100)]
PBKDF2: Use gcry_md_reset to speed up calculation.

* cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset
to speed up calculation.
--

Current PBKDF2 implementation uses gcry_md_set_key in every iteration
which is extremely slow (even in comparison with other implementations).

Use gcry_md_reset instead and set key only once.

With this test program:

  char input[32000], salt[8], key[16];
  gcry_kdf_derive(input, sizeof(input), GCRY_KDF_PBKDF2,
                  gcry_md_map_name("sha1"),
                  salt, sizeof(salt), 100000, sizeof(key), key);

running time without patch:
  real    0m11.165s
  user    0m11.136s
  sys     0m0.000s

and with patch applied
  real    0m0.230s
  user    0m0.184s
  sys     0m0.024s

(The problem was found when cryptsetup started to use gcrypt internal PBKDF2
and for very long keyfiles unlocking time increased drastically.
See https://bugzilla.redhat.com/show_bug.cgi?id=1051733)

Signed-off-by: Milan Broz <gmazyland@gmail.com>
5 years agoAdd DCO entry for Milan Broz.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Add DCO entry for Milan Broz.

--

5 years agoFix macro conflict in NetBSD
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Fix macro conflict in NetBSD

* cipher/bithelp.h (bswap32): Rename to _gcry_bswap32.
(bswap64): Rename to _gcry_bswap64.
--

NetBSD provides system macros bswap32 and bswap64 which conflicts with
our macros.  Prefixing them with _gcry_ is easier than to come up with
a proper test.

GnuPG-bug-id: 1600
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 36214bfa8f612cd2faa4de217d1a12a8b5faadbf)

5 years agoUse internal malloc function in fips.c
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Use internal malloc function in fips.c

* src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/.
--

This fixes a build problem with ENABLE_HMAC_BINARY_CHECK.

Reported-by: Michal Vyskocil.
5 years agoUpdate NEWS.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Update NEWS.

--

5 years agoTruncate hash values for ECDSA signature scheme
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:38:37 +0000 (00:38 +0400)]
Truncate hash values for ECDSA signature scheme

* cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque
  mpis as required for DSA and ECDSA signature schemas.
* cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to
  behave like the rest of internal sign/verify functions.
* cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify):
  as required by ECDSA scheme, truncate hash values to bitlength of
  used curve.
* tests/pubkey.c (check_ecc_sample_key): add a testcase for hash
  truncation.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd GOST R 34.10-2012 curves proposed by TC26
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:39:58 +0000 (00:39 +0400)]
Add GOST R 34.10-2012 curves proposed by TC26

* cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves
  proposed/pending to standardization by TC26 (Russian cryptography
  technical comitee).
* cipher/ecc-curves.c (curve_alias): Add OID aliases.
* tests/curves.c: Increase N_CURVES.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd GOST R 34.10-2001 curves per RFC4357
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:39:57 +0000 (00:39 +0400)]
Add GOST R 34.10-2001 curves per RFC4357

* cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357.
* cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST
  curves.
* tests/curves.c (N_CURVES): Update value.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoFix typo in search_oid
Dmitry Eremin-Solenikov [Mon, 30 Dec 2013 20:39:56 +0000 (00:39 +0400)]
Fix typo in search_oid

* cipher/md.c (search_oid): Invert condition on oid comparison.

--
Function stricmp() returns 0 in case strings match, so proper condition
that checks for matching OID strings should be if (!stricmp(...))

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd MD2-HMAC calculation support
Dmitry Eremin-Solenikov [Fri, 27 Dec 2013 08:37:12 +0000 (12:37 +0400)]
Add MD2-HMAC calculation support

* src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New.
* cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoAdd a function to retrieve algorithm used by MAC handler
Dmitry Eremin-Solenikov [Fri, 27 Dec 2013 08:37:11 +0000 (12:37 +0400)]
Add a function to retrieve algorithm used by MAC handler

* cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo.
* src/visibility.c (gcry_mac_get_algo): New wrapper.
* src/visibility.h: Hanlde gcry_mac_get_algo.
* src/gcrypt-int.h (_gcry_mac_get_algo): New.
* src/gcrypt.h.in (gcry_mac_get_algo): New.
* src/libgcrypt.def (gcry_mac_get_algo): New.
* src/libgcrypt.vers (gcry_mac_get_algo): New.
* doc/gcrypt.texi: Document gcry_mac_get_algo.
* tests/basic.c (check_one_mac): Verify gcry_mac_get_algo.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoCorrect formatting of gcry_mac_get_algo_keylen documentation
Dmitry Eremin-Solenikov [Fri, 27 Dec 2013 08:37:10 +0000 (12:37 +0400)]
Correct formatting of gcry_mac_get_algo_keylen documentation

* doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen
  documentation.

Use braces around unsigned int in gcry_mac_get_algo_keylen
documentation, otherwise texinfo breaks that and uses 'int' as a
function definition.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoecc: Make a macro shorter.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
ecc: Make a macro shorter.

* src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS.  CHnage
all users.
* cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
comment.
* mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
(add_points_twistededwards): Rename to add_points_edwards.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix assembly division check
Jussi Kivilinna [Sun, 12 Jan 2014 20:01:28 +0000 (22:01 +0200)]
Fix assembly division check

* configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable
name mismatch at '--Wa,--divide' workaround check.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd secp256k1 curve.
NIIBE Yutaka [Sun, 12 Jan 2014 12:54:57 +0000 (21:54 +0900)]
Add secp256k1 curve.

* cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID.
(domain_parms): Add secp256k1's domain paramerter.

* tests/basic.c (check_pubkey): Add a key of secp256k1.

* tests/curves.c (N_CURVES): Updated.

--

The key in check_pubkey is from "Test vector 1" of following page.
    https://en.bitcoin.it/wiki/BIP_0032_TestVectors

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoFix constant division for AMD64 assembly on Solaris/x86
Jussi Kivilinna [Sun, 12 Jan 2014 08:53:47 +0000 (10:53 +0200)]
Fix constant division for AMD64 assembly on Solaris/x86

* configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for
constant division in assembly and test for "-Wa,--divide" workaround.
(gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division.
--

Appearantly on Solaris/x86 '/' character is treated as begining of line
comment by GNU as. This causes problems when compiling SHA-1 SSSE3
implementation:

On 02.01.2014 16:26, Richard PALO wrote:
>> COLLECT_GCC_OPTIONS='-D' 'HAVE_CONFIG_H' '-I' '.' '-I' '..' '-I' '../src' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include' '-I' '/var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext' '-D' '_REENTRANT' '-O2' '-MT' 'sha1-ssse3-amd64.lo' '-MD' '-MP' '-MF' '.deps/sha1-ssse3-amd64.Tpo' '-c' '-fPIC' '-D' 'PIC' '-o' '.libs/sha1-ssse3-amd64.o' '-v' '-mtune=generic' '-march=x86-64'
>>  /usr/gnu/bin/as -v -I . -I .. -I ../src -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include -I /var/tmp/pkgsrc/security/libgcrypt/work/.buildlink/include/gettext -V -Qy -s --64 -o .libs/sha1-ssse3-amd64.o /var/tmp//ccAxWPXX.s
>> GNU assembler version 2.23.1 (i386-pc-solaris2.11) using BFD version (GNU Binutils) 2.23.1
>> /var/tmp//ccAxWPXX.s: Assembler messages:
>> /var/tmp//ccAxWPXX.s:34: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:38: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:42: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:46: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:54: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:58: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:62: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:66: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:70: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:74: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:78: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:82: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:86: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:90: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:94: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:98: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:102: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:106: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:110: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:114: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:119: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:123: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:127: Error: unbalanced parenthesis in operand 1.
>> /var/tmp//ccAxWPXX.s:132: Error: unbalanced parenthesis in operand 1.
>
>
> apparently the paddd code, such as
>     `paddd (.LK_XMM + ((i)/20)*16) RIP, tmp0;`
> isn't digested well, appended is the generated assembler code.

On 02.01.2014 17:41, Richard PALO wrote:
> Hi again, after finding the following:
> https://sourceware.org/bugzilla/show_bug.cgi?id=4572
>
> I tried using '-Wa,--divide' and that seemed to workaround the problem...
>
> perhaps the code, or at least the Makefile could be adapted accordingly?

Patch adds detection of this feature and attempts to workaround issue with by
adding "-Wa,--divide" to CPPFLAGS. If workaround does not work (old GAS on
Solaris/x86), we'll disable AMD64 assembly.

[v3]:
 - Update CPPFLAGS after testing instead of CFLAGS.

Reported-and-tested-by: Richard PALO <richard.palo@free.fr>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoUse the generic autogen.sh script.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Use the generic autogen.sh script.

* autogen.rc: New.
* Makefile.am (EXTRA_DIST): Add it.
* autogen.sh: Update from current GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoMove all helper scripts to build-aux/
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Move all helper scripts to build-aux/

* scripts/: Rename to build-aux/.
* compile, config.guess, config.rpath, config.sub
* depcomp, doc/mdate-sh, doc/texinfo.tex
* install-sh, ltmain.sh, missing: Move to build-aux/.
* Makefile.am (EXTRA_DIST): Adjust.
* configure.ac (AC_CONFIG_AUX_DIR): New.
(AM_SILENT_RULES): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix another minor typo.
Werner Koch [Wed, 8 Jan 2014 19:03:15 +0000 (20:03 +0100)]
Fix another minor typo.

--

5 years agoTypo fixes.
Werner Koch [Wed, 8 Jan 2014 18:45:13 +0000 (19:45 +0100)]
Typo fixes.

--

5 years agoAdd blowfish/serpent ARM assembly files to Makefile.am
Jussi Kivilinna [Mon, 30 Dec 2013 14:34:29 +0000 (16:34 +0200)]
Add blowfish/serpent ARM assembly files to Makefile.am

* cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'.
--

Fix for bug https://bugs.g10code.com/gnupg/issue1584

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd AMD64 assembly implementation for arcfour
Jussi Kivilinna [Mon, 30 Dec 2013 13:10:13 +0000 (15:10 +0200)]
Add AMD64 assembly implementation for arcfour

* cipher/Makefile.am: Add 'arcfour-amd64.S'.
* cipher/arcfour-amd64.S: New.
* cipher/arcfour.c (USE_AMD64_ASM): New.
[USE_AMD64_ASM] (ARCFOUR_context, _gcry_arcfour_amd64)
(encrypt_stream): New.
* configure.ac [host=x86_64]: Add 'arcfour-amd64.lo'.
--

Patch adds Marc Bevand's public-domain AMD64 assembly implementation of RC4 to
libgcrypt. Original implementation is at:
  http://www.zorinaq.com/papers/rc4-amd64.html

Benchmarks on Intel i5-4570 (3200 Mhz):

New:
 ARCFOUR        |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |      1.29 ns/B     737.7 MiB/s      4.14 c/B
     STREAM dec |      1.31 ns/B     730.6 MiB/s      4.18 c/B

Old (C-language):
 ARCFOUR        |  nanosecs/byte   mebibytes/sec   cycles/byte
     STREAM enc |      2.09 ns/B     457.4 MiB/s      6.67 c/B
     STREAM dec |      2.09 ns/B     457.2 MiB/s      6.68 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoParse /proc/cpuinfo for ARM HW features
Jussi Kivilinna [Mon, 30 Dec 2013 13:10:13 +0000 (15:10 +0200)]
Parse /proc/cpuinfo for ARM HW features

* src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO)
(detect_arm_proc_cpuinfo): New.
(_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for
HW features.
--

Some Linux platforms (read: Android) block read access to '/proc/self/auxv',
which prevents NEON HW detection. Patch adds alternative check which parses
'/proc/cpuinfo' which should be accessable by Android applications.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoFix buggy/incomplete detection of AVX/AVX2 support
Jussi Kivilinna [Mon, 30 Dec 2013 09:57:57 +0000 (11:57 +0200)]
Fix buggy/incomplete detection of AVX/AVX2 support

* configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2
inline assembly checks.
* src/hwf-x86.c [__i386__] (get_xgetbv): New function.
[__x86_64__] (get_xgetbv): New function.
[HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for
XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are
supported by OS.
--

This patch is based on original patch and bug report by Panagiotis Christopoulos:

  Adding better detection of AVX/AVX2 support

  After upgrading libgcrypt from 1.5.3 to 1.6.0 on a remote XEN system (linode) my
  gpg2 stopped working properly, throwing SIGILL signals when doing sha512
  operations etc. I managed to debug this with the help of Doublas Freed
  (dwfreed at mtu.edu) and it seems that the current AVX detection just checks for
  bit 28 on cpuid but the check still works  on systems that have disabled the avx/avx2
  instructions for some reason (eg. performance/unstability) resulting in SIGILLs
  (eg. when trying _gcry_sha512_transform_amd64_avx() ).
  From Intel resources[1][2], I found additional checks for better AVX
  detection and applied them in the following patch. Please review/change
  accordingly and commit some better AVX detection mechanism. The AVX part is
  tested but could not test the AVX2 one, because I lack proper hardware. I can
  provide additional information upon request. Use the patch only as a guideline,
  as it's not thoroughly tested.

  [1] http://software.intel.com/en-us/blogs/2011/04/14/is-avx-enabled
  [2] http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf (sections 14.3 and 14.7.1)

Reported-by: Panagiotis Christopoulos (pchrist) <pchrist@gentoo.org>
Cc: Doublas Freed <dwfreed@mtu.edu>
Cc: Tim Harder <radhermit@gentoo.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoChange utf-8 copyright characters to '(C)'
Jussi Kivilinna [Wed, 18 Dec 2013 15:08:50 +0000 (17:08 +0200)]
Change utf-8 copyright characters to '(C)'

cipher/blowfish-amd64.S: Change utf-8 encoded copyright character to
'(C)'.
cipher/blowfish-arm.S: Ditto.
cipher/bufhelp.h: Ditto.
cipher/camellia-aesni-avx-amd64.S: Ditto.
cipher/camellia-aesni-avx2-amd64.S: Ditto.
cipher/camellia-arm.S: Ditto.
cipher/cast5-amd64.S: Ditto.
cipher/cast5-arm.S: Ditto.
cipher/cipher-ccm.c: Ditto.
cipher/cipher-cmac.c: Ditto.
cipher/cipher-gcm.c: Ditto.
cipher/cipher-selftest.c: Ditto.
cipher/cipher-selftest.h: Ditto.
cipher/mac-cmac.c: Ditto.
cipher/mac-gmac.c: Ditto.
cipher/mac-hmac.c: Ditto.
cipher/mac-internal.h: Ditto.
cipher/mac.c: Ditto.
cipher/rijndael-amd64.S: Ditto.
cipher/rijndael-arm.S: Ditto.
cipher/salsa20-amd64.S: Ditto.
cipher/salsa20-armv7-neon.S: Ditto.
cipher/serpent-armv7-neon.S: Ditto.
cipher/serpent-avx2-amd64.S: Ditto.
cipher/serpent-sse2-amd64.S: Ditto.
--

Avoid use of '©' for easier parsing of source for copyright information.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd ARM/NEON implementation for SHA-1
Jussi Kivilinna [Tue, 17 Dec 2013 13:35:38 +0000 (15:35 +0200)]
Add ARM/NEON implementation for SHA-1

* cipher/Makefile.am: Add 'sha1-armv7-neon.S'.
* cipher/sha1-armv7-neon.S: New.
* cipher/sha1.c (USE_NEON): New.
(SHA1_CONTEXT, sha1_init) [USE_NEON]: Add and initialize 'use_neon'.
[USE_NEON] (_gcry_sha1_transform_armv7_neon): New.
(transform) [USE_NEON]: Use ARM/NEON assembly if enabled.
* configure.ac: Add 'sha1-armv7-neon.lo'.
--

Patch adds ARM/NEON implementation for SHA-1.

Benchmarks show 1.72x improvement on ARM Cortex-A8, 1008 Mhz:

jussi@cubie:~/libgcrypt$ tests/bench-slope --cpu-mhz 1008 hash sha1
Hash:
                |  nanosecs/byte   mebibytes/sec   cycles/byte
 SHA1           |      7.80 ns/B     122.3 MiB/s      7.86 c/B
                =
jussi@cubie:~/libgcrypt$ tests/bench-slope --disable-hwf arm-neon --cpu-mhz 1008 hash sha1
Hash:
                |  nanosecs/byte   mebibytes/sec   cycles/byte
 SHA1           |     13.41 ns/B     71.10 MiB/s     13.52 c/B
                =

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoImprove performance of SHA-512/ARM/NEON implementation
Jussi Kivilinna [Tue, 17 Dec 2013 13:35:38 +0000 (15:35 +0200)]
Improve performance of SHA-512/ARM/NEON implementation

* cipher/sha512-armv7-neon.S (RT01q, RT23q, RT45q, RT67q): New.
(round_0_63, round_64_79): Remove.
(rounds2_0_63, rounds2_64_79): New.
(_gcry_sha512_transform_armv7_neon): Add 'nblks' input; Handle multiple
input blocks; Use new round macros.
* cipher/sha512.c [USE_ARM_NEON_ASM]
(_gcry_sha512_transform_armv7_neon): Add 'num_blks'.
(transform) [USE_ARM_NEON_ASM]: Pass nblks to assembly.
--

Benchmarks on ARM Cortex-A8:

C-language:     139.1 c/B
Old ARM/NEON:   34.30 c/B
New ARM/NEON:   24.46 c/B

New vs C:       5.68x
New vs Old:     1.40x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd AVX and AVX2/BMI implementations for SHA-256
Jussi Kivilinna [Tue, 17 Dec 2013 13:35:38 +0000 (15:35 +0200)]
Add AVX and AVX2/BMI implementations for SHA-256

* LICENSES: Add 'cipher/sha256-avx-amd64.S' and
'cipher/sha256-avx2-bmi2-amd64.S'.
* cipher/Makefile.am: Add 'sha256-avx-amd64.S' and
'sha256-avx2-bmi2-amd64.S'.
* cipher/sha256-avx-amd64.S: New.
* cipher/sha256-avx2-bmi2-amd64.S: New.
* cipher/sha256-ssse3-amd64.S: Use 'lea' instead of 'add' in few
places for tiny speed improvement.
* cipher/sha256.c (USE_AVX, USE_AVX2): New.
(SHA256_CONTEXT) [USE_AVX, USE_AVX2]: Add 'use_avx' and 'use_avx2'.
(sha256_init, sha224_init) [USE_AVX, USE_AVX2]: Initialize above
new context members.
[USE_AVX] (_gcry_sha256_transform_amd64_avx): New.
[USE_AVX2] (_gcry_sha256_transform_amd64_avx2): New.
(transform) [USE_AVX2]: Use AVX2 assembly if enabled.
(transform) [USE_AVX]: Use AVX assembly if enabled.
* configure.ac: Add 'sha256-avx-amd64.lo' and
'sha256-avx2-bmi2-amd64.lo'.
--

Patch adds fast AVX and AVX2/BMI2 implementations of SHA-256 by Intel
Corporation. The assembly source is licensed under 3-clause BSD license,
thus compatible with LGPL2.1+. Original source can be accessed at:
 http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs

Implementation is described in white paper
 "Fast SHA - 256 Implementations on Intel® Architecture Processors"
 http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/sha-256-implementations-paper.html

Note: AVX implementation uses SHLD instruction to emulate RORQ, since it's
      faster on Intel Sandy-Bridge. However, on non-Intel CPUs SHLD is much
      slower than RORQ, so therefore AVX implementation is (for now) limited
      to Intel CPUs.
Note: AVX2 implementation also uses BMI2 instruction rorx, thus additional
      HWF flag.

Benchmarks:

cpu                C-lang       SSSE3        AVX/AVX2     C vs AVX/AVX2
                                                                   vs SSSE3
Intel i5-4570       13.86 c/B    10.27 c/B     8.70 c/B    1.59x    1.18x
Intel i5-2450M      17.25 c/B    12.36 c/B    10.31 c/B    1.67x    1.19x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd AVX and AVX/BMI2 implementations for SHA-1
Jussi Kivilinna [Tue, 17 Dec 2013 13:35:38 +0000 (15:35 +0200)]
Add AVX and AVX/BMI2 implementations for SHA-1

* cipher/Makefile.am: Add 'sha1-avx-amd64.S' and
'sha1-avx-bmi2-amd64.S'.
* cipher/sha1-avx-amd64.S: New.
* cipher/sha1-avx-bmi2-amd64.S: New.
* cipher/sha1.c (USE_AVX, USE_BMI2): New.
(SHA1_CONTEXT) [USE_AVX]: Add 'use_avx'.
(SHA1_CONTEXT) [USE_BMI2]: Add 'use_bmi2'.
(sha1_init): Initialize 'use_avx' and 'use_bmi2'.
[USE_AVX] (_gcry_sha1_transform_amd64_avx): New.
[USE_BMI2] (_gcry_sha1_transform_amd64_bmi2): New.
(transform) [USE_BMI2]: Use BMI2 assembly if enabled.
(transform) [USE_AVX]: Use AVX assembly if enabled.
* configure.ac: Add 'sha1-avx-amd64.lo' and 'sha1-avx-bmi2-amd64.lo'.
--

Patch adds AVX (for Sandybridge and Ivybridge) and AVX/BMI2 (for Haswell)
optimized implementations of SHA-1.

Note: AVX implementation is currently limited to Intel CPUs due to use
      of SHLD instruction for faster rotations on Sandybrigde.

Benchmarks:

cpu             C-version  SSSE3     AVX/(SHLD|BMI2) New vs C  New vs SSSE3
Intel i5-4570    8.84 c/B   4.61 c/B  3.86 c/B        2.29x     1.19x
Intel i5-2450M   9.45 c/B   5.30 c/B  4.39 c/B        2.15x     1.20x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoSHA-1/SSSE3: Improve performance on large buffers
Jussi Kivilinna [Tue, 17 Dec 2013 13:35:38 +0000 (15:35 +0200)]
SHA-1/SSSE3: Improve performance on large buffers

* cipher/sha1-ssse3-amd64.S (RNBLKS): New.
(_gcry_sha1_transform_amd64_ssse3): Handle multiple input blocks, with
software pipelining of next data block processing.
* cipher/sha1.c [USE_SSSE3] (_gcry_sha1_transform_amd64_ssse3): Add
'nblks'.
(transform) [USE_SSSE3]: Pass nblks to assembly function.
--

Patch gives small improvement for large buffer processing, on Intel i5-4570
speed goes from 4.80 c/B to 4.61 c/B.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd bulk processing for hash transform functions
Jussi Kivilinna [Tue, 17 Dec 2013 13:35:38 +0000 (15:35 +0200)]
Add bulk processing for hash transform functions

* cipher/hash-common.c (_gcry_md_block_write): Preload 'hd->blocksize'
to stack, pass number of blocks to 'hd->bwrite'.
* cipher/hash-common.c (_gcry_md_block_write_t): Add 'nblks'.
* cipher/gostr3411-94.c: Rename 'transform' function to
'transform_blk', add new 'transform' function with 'nblks' as
additional input.
* cipher/md4.c: Ditto.
* cipher/md5.c: Ditto.
* cipher/md4.c: Ditto.
* cipher/rmd160.c: Ditto.
* cipher/sha1.c: Ditto.
* cipher/sha256.c: Ditto.
* cipher/sha512.c: Ditto.
* cipher/stribog.c: Ditto.
* cipher/tiger.c: Ditto.
* cipher/whirlpool.c: Ditto.
--

Pass number of blocks to algorithm for futher optimizations.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoOpen new development branch.
Werner Koch [Mon, 16 Dec 2013 16:58:42 +0000 (17:58 +0100)]
Open new development branch.

--

5 years agoPost release updates.
Werner Koch [Mon, 16 Dec 2013 16:49:56 +0000 (17:49 +0100)]
Post release updates.

--

5 years agoRelease 1.6.0. libgcrypt-1.6.0
Werner Koch [Mon, 16 Dec 2013 16:38:55 +0000 (17:38 +0100)]
Release 1.6.0.

5 years agodoc: Change yat2m to allow arbitrary condition names.
Werner Koch [Mon, 16 Dec 2013 15:54:53 +0000 (16:54 +0100)]
doc: Change yat2m to allow arbitrary condition names.

* doc/yat2m.c (MAX_CONDITION_NESTING): New.
(gpgone_defined): Remove.
(condition_s, condition_stack, condition_stack_idx): New.
(cond_is_active, cond_in_verbatim): New.
(add_predefined_macro, set_macro, macro_set_p): New.
(evaluate_conditions, push_condition, pop_condition): New.
(parse_file): Rewrite to use the condition stack.
(top_parse_file): Set prefined macros.
(main): Change -D to define arbitrary macros.
--

This change allows the use of other conditionals than "gpgone" and
thus make "gpgtwoone" et al. actually work.  It does now also track
conditionals over included files.

Signed-off-by: Werner Koch <wk@gnupg.org>
From GnuPG master commit a15c35f37ed2b58805adc213029998aa3e52f038

5 years agotests: Add SHA-512 to the long hash test.
Werner Koch [Mon, 16 Dec 2013 11:43:50 +0000 (12:43 +0100)]
tests: Add SHA-512 to the long hash test.

* tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512.
* tests/hashtest-256g.in (algos): Add test for SHA-512.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoAdd configure option --enable-large-data-tests.
Werner Koch [Mon, 16 Dec 2013 10:43:22 +0000 (11:43 +0100)]
Add configure option --enable-large-data-tests.

* configure.ac: Add option --enable-large-data-tests.
* tests/hashtest-256g.in: New.
* tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in.
(TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and
tests_sh_last.
(tests_sh_last): Add hashtest-256g
(noinst_PROGRAMS): Add only tests_bin and tests_bin_last.
(bench-slope.log, hashtest-256g.log): New rules to enforce serial run.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agorandom: Call random progress handler more often.
Werner Koch [Mon, 16 Dec 2013 08:45:02 +0000 (09:45 +0100)]
random: Call random progress handler more often.

* random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress
indicator earlier.
--

GnuPG-bug-id: 1531
Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agocipher: Normalize the MPIs used as input to secret key functions.
Werner Koch [Mon, 16 Dec 2013 08:22:10 +0000 (09:22 +0100)]
cipher: Normalize the MPIs used as input to secret key functions.

* cipher/dsa.c (sign): Normalize INPUT.
* cipher/elgamal.c (decrypt): Normalize A and B.
* cipher/rsa.c (secret): Normalize the INPUT.
(rsa_decrypt): Reduce DATA before passing to secret.
--

mpi_normalize is in general not required because extra leading zeroes
do not harm the computation.  However, adding extra all zero limbs or
padding with multiples of N may be useful in side-channel attacks.
This is an extra pre-caution in case RSA blinding has been disabled.

CVE-id: CVE-2013-4576
Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoChange dummy variable in mpih-div.c to mpi_limb_t type
Jussi Kivilinna [Mon, 16 Dec 2013 10:15:37 +0000 (12:15 +0200)]
Change dummy variable in mpih-div.c to mpi_limb_t type

* mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy
variable to 'mpi_limb_t' type from 'int'.
--

Patch attempts to fix problem reported by Matthias Wachs:

 while updating our buildbots I got another compile error:

 On a OS X machine:

 Darwin luke.net.in.tum.de 11.3.0 Darwin Kernel Version 11.3.0: Thu Jan
 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64 x86_64

 /bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
 -I..  -I../src -I../src -I/opt/local/include -I/opt/local/include -g -O2
 -Wall -MT mpih-div.lo -MD -MP -MF .deps/mpih-div.Tpo -c -o mpih-div.lo
 mpih-div.c
 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src
 -I/opt/local/include -I/opt/local/include -g -O2 -Wall -MT mpih-div.lo
 -MD -MP -MF .deps/mpih-div.Tpo -c mpih-div.c  -fno-common -DPIC -o
 .libs/mpih-div.o
 mpih-div.c: In function '_gcry_mpih_mod_1':
 mpih-div.c:183: error: unsupported inline asm: input constraint with a
 matching output constraint of incompatible type!
 make[2]: *** [mpih-div.lo] Error 1
 make[1]: *** [all-recursive] Error 1
 make: *** [all] Error 2

The new x86-64 inline assembly for MPI expects outputs to be limb sized
variables (64-bit), but mpi/mpih-div.c was using 32-bit dummy variable.
Appearently this mismatch between assembly output and variable sizes does not
fail on every platform.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoRemove duplicate gcry_mac_hd_t typedef
Jussi Kivilinna [Mon, 16 Dec 2013 09:54:37 +0000 (11:54 +0200)]
Remove duplicate gcry_mac_hd_t typedef

* cipher/mac-internal.h (gcry_mac_hd_t): Remove.
--

Attempt to fix problem reported by Matthias Wachs:

 On a freebsd 9.1 amd64 and a debian Lenny x86 system:

 In file included from mac.c:27:
 mac-internal.h:22: error: redefinition of typedef 'gcry_mac_hd_t'
 ../src/gcrypt.h:1301: error: previous declaration of 'gcry_mac_hd_t' was
 here
 *** [mac.lo] Error code 1

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoUse u64 for CCM data lengths
Jussi Kivilinna [Sun, 15 Dec 2013 18:07:54 +0000 (20:07 +0200)]
Use u64 for CCM data lengths

* cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF].
[HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for
data lengths.
[!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt)
(_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce)
(_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag)
(_gcry_cipher_ccm_check_tag): Dummy functions returning
GPG_ERROR_NOT_SUPPORTED.
* cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm)
(_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use
u64 instead of size_t for CCM data lengths.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset)
(_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED
for CCM.
(_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for
GCRYCTL_SET_CCM_LENGTHS length parameters.
* tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF.
* tests/bench-slope.c: Ditto.
* tests/benchmark.c: Ditto.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agotests: Prevent rare failure of gcry_pk_decrypt test.
Werner Koch [Sat, 14 Dec 2013 20:40:36 +0000 (21:40 +0100)]
tests: Prevent rare failure of gcry_pk_decrypt test.

* tests/basic.c (check_pubkey_crypt): Add special mode 1.
(main): Add option --loop.

--

This failure has been reported by Jussi Kivilinna.  The new loop
option was needed to track that down.  It took me up to 100 iterations
to trigger the bug.  With the fix applied I am currently at 1000
iteration with no problems.  Command line to evoke the problem was:

  ./basic --pubkey --verbose --loop -1 --die

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoMinor fixes to SHA assembly implementations
Jussi Kivilinna [Sat, 14 Dec 2013 09:23:03 +0000 (11:23 +0200)]
Minor fixes to SHA assembly implementations

* cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'.
* cipher/sha1-ssse3-amd64.S: First line, correct filename.
* cipher/sha256-ssse3-amd64.S: Return correct stack burn depth.
* cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers.
* cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn
depth.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoSHA-1/SSSE3: Do not check for Intel syntax assembly support
Jussi Kivilinna [Fri, 13 Dec 2013 23:11:32 +0000 (01:11 +0200)]
SHA-1/SSSE3: Do not check for Intel syntax assembly support

* cipher/sha1-ssse3-amd64.S: Remove check for
HAVE_INTEL_SYNTAX_PLATFORM_AS.
* cipher/sha1.c [USE_SSSE3]: Ditto.
--

SHA-1 SSSE3 implementation uses AT&T syntax so check for
HAVE_INTEL_SYNTAX_PLATFORM_AS is unnecessary.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoConvert SHA-1 SSSE3 implementation from mixed asm&C to pure asm
Jussi Kivilinna [Fri, 13 Dec 2013 19:07:41 +0000 (21:07 +0200)]
Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm

* cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to
'sha1-ssse3-amd64.S'.
* cipher/sha1-ssse3-amd64.c: Remove.
* cipher/sha1-ssse3-amd64.S: New.
--

Mixed C&asm implementation appears to trigger GCC bugs easily. Therefore
convert SSSE3 implementation to pure assembly for safety.

Benchmark also show smallish speed improvement.

cpu             C&asm     asm
Intel i5-4570   5.22 c/B  5.09 c/B
Intel i5-2450M  7.24 c/B  7.00 c/B

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoSHA-1: Add SSSE3 implementation
Jussi Kivilinna [Fri, 13 Dec 2013 10:47:56 +0000 (12:47 +0200)]
SHA-1: Add SSSE3 implementation

* cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'.
* cipher/sha1-ssse3-amd64.c: New.
* cipher/sha1.c (USE_SSSE3): New.
(SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
(sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'.
(transform): Rename to...
(_transform): this.
(transform): New.
* configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'.
--

Patch adds SSSE3 implementation based on white paper "Improving the Performance
of the Secure Hash Algorithm (SHA-1)" at
 http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1

Benchmarks:

cpu                Old        New        Diff
Intel i5-4570      9.02 c/B   5.22 c/B   1.72x
Intel i5-2450M     12.27 c/B  7.24 c/B   1.69x
Intel Core2 T8100  7.94 c/B   6.76 c/B   1.17x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd missing register clearing in to SHA-256 and SHA-512 assembly
Jussi Kivilinna [Fri, 13 Dec 2013 14:14:05 +0000 (16:14 +0200)]
Add missing register clearing in to SHA-256 and SHA-512 assembly

* cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return.
* cipher/sha512-avx-amd64.S: Ditto.
* cipher/sha512-avx2-bmi2-amd64.S: Ditto.
* cipher/sha512-ssse3-amd64.S: Ditto.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoUpdate license information
Werner Koch [Fri, 13 Dec 2013 13:52:21 +0000 (14:52 +0100)]
Update license information

* LICENSES: New.
* Makefile.am (EXTRA_DIST): Add LICENSES.
* AUTHORS: Add list of copyright holders.
* README: Reference AUTHORS.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agodoc: Minor manual fix.
Werner Koch [Fri, 13 Dec 2013 09:53:26 +0000 (10:53 +0100)]
doc: Minor manual fix.

--

5 years agoFix empty clobber in AVX2 assembly check
Jussi Kivilinna [Thu, 12 Dec 2013 22:00:08 +0000 (00:00 +0200)]
Fix empty clobber in AVX2 assembly check

* configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly
globber.
--

Appearently empty globbers only work in some cases on linux, and fail on
mingw32.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoFix W32 build
Jussi Kivilinna [Thu, 12 Dec 2013 21:53:28 +0000 (23:53 +0200)]
Fix W32 build

* random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to
xmalloc, and gcry_xrealloc to xrealloc.
--

Patch fixes following errors:

../random/.libs/librandom.a(rndw32.o): In function `registry_poll':
.../libgcrypt/random/rndw32.c:434: undefined reference to `__gcry_USE_THE_UNDERSCORED_FUNCTION'
.../libgcrypt/random/rndw32.c:454: undefined reference to `__gcry_USE_THE_UNDERSCORED_FUNCTION'
../random/.libs/librandom.a(rndw32.o): In function `slow_gatherer':
.../random/rndw32.c:658: undefined reference to `__gcry_USE_THE_UNDERSCORED_FUNCTION'

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoSHA-512: Add AVX and AVX2 implementations for x86-64
Jussi Kivilinna [Thu, 12 Dec 2013 11:56:13 +0000 (13:56 +0200)]
SHA-512: Add AVX and AVX2 implementations for x86-64

* cipher/Makefile.am: Add 'sha512-avx-amd64.S' and
'sha512-avx2-bmi2-amd64.S'.
* cipher/sha512-avx-amd64.S: New.
* cipher/sha512-avx2-bmi2-amd64.S: New.
* cipher/sha512.c (USE_AVX, USE_AVX2): New.
(SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'.
(SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'.
(sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'.
(sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'.
[USE_AVX] (_gcry_sha512_transform_amd64_avx): New.
[USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New.
(transform) [USE_AVX2]: Add call for AVX2 implementation.
(transform) [USE_AVX]: Add call for AVX implementation.
* configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check.
(sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'.
* doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'.
* src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New.
* src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2".
* src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and
HWF_INTEL_BMI2.
--

Patch adds fast AVX and AVX2 implementation of SHA-512 by Intel Corporation.
The assembly source is licensed under 3-clause BSD license, thus compatible
with LGPL2.1+. Original source can be accessed at:
 http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs

Implementation is described in white paper
 "Fast SHA512 Implementations on Intel® Architecture Processors"
 http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-sha512-implementat$

Note: AVX implementation uses SHLD instruction to emulate RORQ, since it's
      faster on Intel Sandy-Bridge. However, on non-Intel CPUs SHLD is much
      slower than RORQ, so therefore AVX implementation is (for now) limited
      to Intel CPUs.
Note: AVX2 implementation also uses BMI2 instruction rorx, thus additional
      HWF flag.

Benchmarks:

cpu                 Old         SSSE3       AVX/AVX2   Old vs AVX/AVX2
                                                              vs SSSE3
Intel i5-4570       10.11 c/B    7.56 c/B   6.72 c/B   1.50x  1.12x
Intel i5-2450M      14.11 c/B   10.53 c/B   8.88 c/B   1.58x  1.18x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoSHA-512: Add SSSE3 implementation for x86-64
Jussi Kivilinna [Thu, 12 Dec 2013 10:43:08 +0000 (12:43 +0200)]
SHA-512: Add SSSE3 implementation for x86-64

* cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'.
* cipher/sha512-ssse3-amd64.S: New.
* cipher/sha512.c (USE_SSSE3): New.
(SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
(sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'.
[USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New.
(transform) [USE_SSSE3]: Call SSSE3 implementation.
* configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'.
--

Patch adds fast SSSE3 implementation of SHA-512 by Intel Corporation. The
assembly source is licensed under 3-clause BSD license, thus compatible
with LGPL2.1+. Original source can be accessed at:
 http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs

Implementation is described in white paper
 "Fast SHA512 Implementations on Intel® Architecture Processors"
 http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-sha512-implementations-ia-processors-paper.html

Benchmarks:

cpu                 Old         New         Diff
Intel i5-4570       10.11 c/B    7.56 c/B   1.33x
Intel i5-2450M      14.11 c/B   10.53 c/B   1.33x
Intel Core2 T8100   11.92 c/B   10.22 c/B   1.16x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoSHA-256: Add SSSE3 implementation for x86-64
Jussi Kivilinna [Wed, 11 Dec 2013 17:32:08 +0000 (19:32 +0200)]
SHA-256: Add SSSE3 implementation for x86-64

* cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'.
* cipher/sha256-ssse3-amd64.S: New.
* cipher/sha256.c (USE_SSSE3): New.
(SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
(sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'.
(transform): Rename to...
(_transform): This.
[USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New.
(transform): New.
* configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check.
(sha256): Add 'sha256-ssse3-amd64.lo'.
* doc/gcrypt.texi: Document 'intel-ssse3'.
* src/g10lib.h (HWF_INTEL_SSSE3): New.
* src/hwfeatures.c (hwflist): Add "intel-ssse3".
* src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3.
--

Patch adds fast SSSE3 implementation of SHA-256 by Intel Corporation. The
assembly source is licensed under 3-clause BSD license, thus compatible
with LGPL2.1+. Original source can be accessed at:
 http://www.intel.com/p/en_US/embedded/hwsw/technology/packet-processing#docs

Implementation is described in white paper
 "Fast SHA - 256 Implementations on Intel® Architecture Processors"
 http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/sha-256-implementations-paper.html

Benchmarks:

cpu                 Old         New         Diff
Intel i5-4570       13.99 c/B   10.66 c/B   1.31x
Intel i5-2450M      21.53 c/B   15.79 c/B   1.36x
Intel Core2 T8100   20.84 c/B   15.07 c/B   1.38x

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd a configuration file to disable hardware features.
Werner Koch [Thu, 12 Dec 2013 19:26:56 +0000 (20:26 +0100)]
Add a configuration file to disable hardware features.

* src/hwfeatures.c: Inclyde syslog.h and ctype.h.
(HWF_DENY_FILE): New.
(my_isascii): New.
(parse_hwf_deny_file): New.
(_gcry_detect_hw_features): Call it.

* src/mpicalc.c (main): Correctly initialize Libgcrypt.  Add options
"--print-config" and "--disable-hwf".

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoMove list of hardware features to hwfeatures.c.
Werner Koch [Thu, 12 Dec 2013 17:53:39 +0000 (18:53 +0100)]
Move list of hardware features to hwfeatures.c.

* src/global.c (hwflist, disabled_hw_features): Move to ..
* src/hwfeatures.c: here.
(_gcry_disable_hw_feature): New.
(_gcry_enum_hw_features): New.
(_gcry_detect_hw_features): Remove arg DISABLED_FEATURES.
* src/global.c (print_config, _gcry_vcontrol, global_init): Adjust
accordingly.
--

It is better to keep the hardware feature infor at one place.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoRemove macro hacks for internal vs. external functions. Part 2 and last.
Werner Koch [Thu, 12 Dec 2013 14:13:09 +0000 (15:13 +0100)]
Remove macro hacks for internal vs. external functions.  Part 2 and last.

* src/visibility.h: Remove remaining define/undef hacks for symbol
visibility.  Add macros to detect the use of the public functions.
Change all affected functions by replacing them by the x-macros.
* src/g10lib.h: Add internal prototypes.
(xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure)
(xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure)
(xcalloc_secure, xrealloc, xstrdup, xfree): New macros.

--

The use of xmalloc/xtrymalloc/xfree is a more common pattern than the
gcry_free etc. functions.  Those functions behave like those defined
by C and thus for better readability we  use these macros and not
the underscore prefixed functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agorandom: Add a feature to close device file descriptors.
Werner Koch [Wed, 11 Dec 2013 15:59:41 +0000 (16:59 +0100)]
random: Add a feature to close device file descriptors.

* src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New.
* src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds.
* random/random.c (_gcry_random_close_fds): New.
* random/random-csprng.c (_gcry_rngcsprng_close_fds): New.
* random/random-fips.c (_gcry_rngfips_close_fds): New.
* random/random-system.c (_gcry_rngsystem_close_fds): New.
* random/rndlinux.c (open_device): Add arg retry.
(_gcry_rndlinux_gather_random): Add mode to close open fds.

* tests/random.c (check_close_random_device): New.
(main): Call new test.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix last commit (9a37470c)
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
Fix last commit (9a37470c)

* src/secmem.c (lock_pool): Remove remaining line.  Reported by Ian
Goldberg.

5 years agoFix one-off memory leak when build with Linux capability support.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
Fix one-off memory leak when build with Linux capability support.

* src/secmem.c (lock_pool, secmem_init): Use cap_free.  Reported by
Mike Crowe <mac@mcrowe.com>.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoUpdate libtool to support Android.
David 'Digit' Turner [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
Update libtool to support Android.

* m4/libtool.m4: Add "linux*android*" case.  Taken from the libtool
repository.
--

The patch, which cleanly applies, is

  commit 8eeeb00daef8c4f720c9b79a0cdb89225d9909b6
  Author: David 'Digit' Turner <digit@google.com>
  Date:   Tue Oct 8 14:37:32 2013 -0700

  This patch adds proper Android support to libtool. The main
  issues are the following:

      - Versioned libraries are not supported by the platform and
        its build/packaging tools.

      - The dynamic linker is not GNU ld, there is no support for
        DT_RUNPATH.

      - Similarly, there is no ldconfig.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agotests: Speed up benchmarks in regression test mode.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
tests: Speed up benchmarks in regression test mode.

* tests/tsexp.c (check_extract_param): Fix compiler warning.
* tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST.
* tests/bench-slope.c (main): Speed up if in regression test mode.
* tests/benchmark.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agotests: Add --csv option to bench-slope.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
tests: Add --csv option to bench-slope.

* tests/bench-slope.c (STR, STR2): New.
(cvs_mode): New.
(num_measurement_repetitions): New.  Replace use of
NUM_MEASUREMENT_REPETITIONS by this.
(current_section_name, current_algo_name, current_mode_name): New.
(bench_print_result_csv): New.
(bench_print_result_std): Rename from bench_print_result.
(bench_print_result): New. Divert depending on CSV_MODE.
(bench_print_header, bench_print_footer): take care of CSV_MODE.
(bench_print_algo, bench_print_mode): New.  Use them instead of
explicit printfs.
(main): Add options --csv and --repetitions.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agosexp: Allow long names and white space in gcry_sexp_extract_param.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
sexp: Allow long names and white space in gcry_sexp_extract_param.

* src/sexp.c (_gcry_sexp_vextract_param): Skip white space.  Support
long parameter names.
* tests/tsexp.c (check_extract_param): Add test cases for long parameter
names and white space.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoecc: Merge partly duplicated code.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
ecc: Merge partly duplicated code.

* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ...
(_gcry_ecc_eddsa_compute_h_d): new function.
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function.
(reverse_buffer): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoecc: Remove unused internal function.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
ecc: Remove unused internal function.

* src/cipher-proto.h (gcry_pk_spec): Remove get_param.
* cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from
_gcry_ecc_get_param.
(_gcry_ecc_get_param): Remove.
* cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix building on mingw32
Jussi Kivilinna [Fri, 6 Dec 2013 00:02:06 +0000 (02:02 +0200)]
Fix building on mingw32

* src/gcrypt-int.h: Include <types.h>.
--

'ulong' is not defined on W32, so we need to include "types.h" in
'gcrypt-int.h'.

 In file included from ../src/visibility.h:53:0,
                  from ../src/g10lib.h:39,
                  from compat.c:22:
 ../src/gcrypt-int.h:365:49: error: unknown type name 'ulong'

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoecc: Change OID for Ed25519.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
ecc: Change OID for Ed25519.

* cipher/ecc-curves.c (curve_aliased): Add more suitable OID for
Ed25519.
--

The formerly used OID has been assigned by Peter Gutmann for
Curve25519.  We better keep them distinct and assign a separate one
for Ed25519.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoRemove macro hacks for internal vs. external functions. Part 1.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
Remove macro hacks for internal vs. external functions.  Part 1.

* src/visibility.h: Remove almost all define/undef hacks for symbol
visibility.  Add macros to detect the use of the public functions.
Change all affected functions by prefixing them explicitly with an
underscore and change all internal callers to call the underscore
prefixed versions.  Provide convenience macros from sexp and mpi
functions.
* src/visibility.c: Change all functions to use only gpg_err_code_t
and translate to gpg_error_t only in visibility.c.
--

The use of the macro magic made if hard to follow the function calls
in the source.  It was not easy to see if an internal or external
function (as defined by visibility.c) was called.  The change is quite
large but hopefully makes  Libgcrypt easier to maintain.  Some
function have not yet been fixed; this will be done soon.

Because Libgcrypt does no make use of any other libgpg-error using
libraries it is useless to always translate between gpg_error_t and
gpg_err_code_t (i.e with and w/o error source identifier).  This
translation has no mostly be moved to the function wrappers in
visibility.c.  An additional advantage of using gpg_err_code_t is that
comparison can be done without using gpg_err_code().

I am sorry for that large patch, but a series of patches would
actually be more work to audit.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agompi: add inline assembly for x86-64
Jussi Kivilinna [Wed, 4 Dec 2013 16:17:22 +0000 (18:17 +0200)]
mpi: add inline assembly for x86-64

* mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm)
(udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agompi: fix gcry_mpi_powm for negative base.
NIIBE Yutaka [Wed, 4 Dec 2013 01:03:57 +0000 (10:03 +0900)]
mpi: fix gcry_mpi_powm for negative base.

* mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]:
Fix for the case where BASE is negative.
* tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoAdd build support for ppc64le.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
Add build support for ppc64le.

* config.guess, config.sub: Update to latest version (2013-11-29).
* m4/libtool.m4: Add patches for ppc64le.
--

We don't want to update libtool, thus we use patches supplied by IBM.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agorijndael: fix compiler warning on aarch64
Jussi Kivilinna [Tue, 3 Dec 2013 12:03:09 +0000 (14:03 +0200)]
rijndael: fix compiler warning on aarch64

* cipher/rijndael.c (do_setkey): Use braces for empty if statement
instead of semicolon.
--

Patch fixes following warning:

 rijndael.c: In function 'do_setkey':
 rijndael.c:507:9: warning: suggest braces around empty body in an 'if' statement [-Wempty-body]
          ;
          ^

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd aarch64 (arm64) mpi assembly
Jussi Kivilinna [Tue, 3 Dec 2013 11:57:02 +0000 (13:57 +0200)]
Add aarch64 (arm64) mpi assembly

* mpi/aarch64/mpi-asm-defs.h: New.
* mpi/aarch64/mpih-add1.S: New.
* mpi/aarch64/mpih-mul1.S: New.
* mpi/aarch64/mpih-mul2.S: New.
* mpi/aarch64/mpih-mul3.S: New.
* mpi/aarch64/mpih-sub1.S: New.
* mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64
assembly.
* mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
(count_leading_zeros): New.
--

Add preliminary aarch64 assembly implementations for mpi.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoecc: Use constant time point operation for Twisted Edwards.
Werner Koch [Mon, 2 Dec 2013 16:09:04 +0000 (17:09 +0100)]
ecc: Use constant time point operation for Twisted Edwards.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time
operation if needed.
* tests/benchmark.c (main): Add option --use-secmem.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoecc: Make gcry_pk_testkey work for Ed25519.
Werner Koch [Mon, 2 Dec 2013 15:18:25 +0000 (16:18 +0100)]
ecc: Make gcry_pk_testkey work for Ed25519.

* cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G
and d.  Change all callers.
* cipher/ecc.c (gen_y_2): Remove.
(check_secret_key): Use generic public key compute function.  Adjust
for use with Ed25519 and EdDSA.
(nist_generate_key): Do not use the compliant key thingy for Ed25519.
(ecc_check_secret_key): Make parameter parsing similar to the other
functions.
* cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so
that _gcry_ecc_update_curve_param works correctly.
* tests/keygen.c (check_ecc_keys): Add "param" flag.  Check all
Ed25519 keys.

5 years agoecc: Fix eddsa point decompression.
Werner Koch [Mon, 2 Dec 2013 15:06:40 +0000 (16:06 +0100)]
ecc: Fix eddsa point decompression.

* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative
case.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoecc: Fix gcry_mpi_ec_curve_point for Weierstrass.
Werner Koch [Fri, 29 Nov 2013 16:14:33 +0000 (17:14 +0100)]
ecc: Fix gcry_mpi_ec_curve_point for Weierstrass.

* mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation.
(ec_pow3): New.
(ec_p_init): Always copy B.
--

The code path was obviously never tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agompi: Introduce 4 user flags for gcry_mpi_t.
Werner Koch [Thu, 28 Nov 2013 08:07:15 +0000 (09:07 +0100)]
mpi: Introduce 4 user flags for gcry_mpi_t.

* src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2)
(GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New.
* mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag)
(gcry_mpi_get_flag, _gcry_mpi_free): Implement them.
(gcry_mpi_set_opaque): Keep user flags.
--

The space for the flags in the MPI struct is free and thus we can help
applications to make use of some flags.  This is for example useful to
indicate that an MPI needs special processing before use.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix armv3 compile error
Vladimir 'φ-coder/phcoder' Serbinenko [Fri, 29 Nov 2013 07:56:43 +0000 (08:56 +0100)]
Fix armv3 compile error

* mpi/longlong.h [__arm__ && __ARM_ARCH < 4] (umul_ppmm): Use
__AND_CLOBBER_CC instead of __CLOBBER_CC.
--

ARMv3 code uses __CLOBBER_CC at the end of clobber list while it should have
been __AND_CLOBBER_CC.

[jk: add changelog, rebase on libgcrypt repository]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agolonglong.h on mips with clang
Vladimir 'φ-coder/phcoder' Serbinenko [Fri, 22 Nov 2013 04:24:44 +0000 (05:24 +0100)]
longlong.h on mips with clang

* mpi/longlong.h [__mips__]: Use C-language version with clang.
--
clang doesn't recognise =l / =h assembly operand specifiers but apparently
handles C version well.

[jk: add changelog, rebase on libgcrypt repository, reformat changed line so it
 does not go over 80 characters]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoCamellia: Tweaks for AES-NI implementations
Jussi Kivilinna [Sun, 24 Nov 2013 15:54:15 +0000 (17:54 +0200)]
Camellia: Tweaks for AES-NI implementations

* cipher/camellia-aesni-avx-amd64.S: Align stack to 16 bytes; tweak
key-setup for small speed up.
* cipher/camellia-aesni-avx2-amd64.S: Use vmovdqu even with aligned
stack; reorder vinsert128 instructions; use rbp for stack frame.
--

Use of 'vmovdqa' with ymm registers produces quite interesting scattering in
measurement timings. By using 'vmovdqu' instead, repeated measuments produce
more stable results.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoAdd GMAC to MAC API
Jussi Kivilinna [Thu, 21 Nov 2013 19:34:21 +0000 (21:34 +0200)]
Add GMAC to MAC API

* cipher/Makefile.am: Add 'mac-gmac.c'.
* cipher/mac-gmac.c: New.
* cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'.
(_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish)
(_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed)
(_gcry_mac_type_spec_gmac_camellia): New externs.
* cipher/mac.c (mac_list): Add GMAC specifications.
* doc/gcrypt.texi: Add mention of GMAC.
* src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms.
* tests/basic.c (check_one_mac): Add support for MAC IVs.
(check_mac): Add support for MAC IVs and add GMAC test vectors.
* tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499.
* tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 years agoGCM: Move gcm_table initialization to setkey
Jussi Kivilinna [Wed, 20 Nov 2013 13:44:27 +0000 (15:44 +0200)]
GCM: Move gcm_table initialization to setkey

* cipher/cipher-gcm.c: Change all 'c->u_iv.iv' to
'c->u_mode.gcm.u_ghash_key.key'.
(_gcry_cipher_gcm_setkey): New.
(_gcry_cipher_gcm_initiv): Move ghash initialization to function above.
* cipher/cipher-internal.h (gcry_cipher_handle): Add
'u_mode.gcm.u_ghash_key'; Reorder 'u_mode.gcm' members for partial
clearing in gcry_cipher_reset.
(_gcry_cipher_gcm_setkey): New prototype.
* cipher/cipher.c (cipher_setkey): Add GCM setkey.
(cipher_reset): Clear 'u_mode' only partially for GCM.
--

GHASH tables can be generated at setkey time. No need to regenerate
for every new IV.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>