[git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-103-g82bc052
by Werner Koch
cvs at cvs.gnupg.org
Fri Jun 16 17:13:24 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 82bc052eda5b3897724c7ad11e54f8203e8e88e9 (commit)
via e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f (commit)
from ee3a74f5539cbc5182ce089994e37c16ce612149 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 16 17:09:20 2017 +0200
random: Make rndjent.c NTG.1 compliant.
* random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/random/rndjent.c b/random/rndjent.c
index 99318b4..86dc88e 100644
--- a/random/rndjent.c
+++ b/random/rndjent.c
@@ -306,7 +306,7 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
if (jent_rng_collector)
{
/* We have a working JENT and it has not been disabled. */
- char buffer[256];
+ char buffer[32];
while (length)
{
@@ -317,10 +317,14 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
rc = jent_read_entropy (jent_rng_collector, buffer, n);
if (rc < 0)
break;
- (*add) (buffer, rc, origin);
- length -= rc;
- nbytes += rc;
- jent_rng_totalbytes += rc;
+ /* We need to hash the output to conform to the BSI
+ * NTG.1 specs. */
+ _gcry_md_hash_buffer (GCRY_MD_SHA256, buffer, buffer, rc);
+ n = rc < 32? rc : 32;
+ (*add) (buffer, n, origin);
+ length -= n;
+ nbytes += n;
+ jent_rng_totalbytes += n;
}
wipememory (buffer, sizeof buffer);
}
commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 16 16:53:33 2017 +0200
md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512.
* cipher/sha256.c (_gcry_sha256_hash_buffer): New.
(_gcry_sha256_hash_buffers): New.
* cipher/sha512.c (_gcry_sha512_hash_buffer): New.
(_gcry_sha512_hash_buffers): New.
* cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
(_gcry_md_hash_buffers): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/cipher/md.c b/cipher/md.c
index 8df54fe..c1f585f 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -1028,10 +1028,24 @@ void
_gcry_md_hash_buffer (int algo, void *digest,
const void *buffer, size_t length)
{
- if (algo == GCRY_MD_SHA1)
+ if (0)
+ ;
+#if USE_SHA256
+ else if (algo == GCRY_MD_SHA256)
+ _gcry_sha256_hash_buffer (digest, buffer, length);
+#endif
+#if USE_SHA512
+ else if (algo == GCRY_MD_SHA512)
+ _gcry_sha512_hash_buffer (digest, buffer, length);
+#endif
+#if USE_SHA1
+ else if (algo == GCRY_MD_SHA1)
_gcry_sha1_hash_buffer (digest, buffer, length);
+#endif
+#if USE_RMD160
else if (algo == GCRY_MD_RMD160 && !fips_mode () )
_gcry_rmd160_hash_buffer (digest, buffer, length);
+#endif
else
{
/* For the others we do not have a fast function, so we use the
@@ -1091,12 +1105,24 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
if (hmac && iovcnt < 1)
return GPG_ERR_INV_ARG;
- if (algo == GCRY_MD_SHA1 && !hmac)
+ if (0)
+ ;
+#if USE_SHA256
+ else if (algo == GCRY_MD_SHA256 && !hmac)
+ _gcry_sha256_hash_buffers (digest, iov, iovcnt);
+#endif
+#if USE_SHA512
+ else if (algo == GCRY_MD_SHA512 && !hmac)
+ _gcry_sha512_hash_buffers (digest, iov, iovcnt);
+#endif
+#if USE_SHA1
+ else if (algo == GCRY_MD_SHA1 && !hmac)
_gcry_sha1_hash_buffers (digest, iov, iovcnt);
+#endif
else
{
/* For the others we do not have a fast function, so we use the
- normal functions. */
+ normal functions. */
gcry_md_hd_t h;
gpg_err_code_t rc;
int dlen;
diff --git a/cipher/sha256.c b/cipher/sha256.c
index b450a12..d174321 100644
--- a/cipher/sha256.c
+++ b/cipher/sha256.c
@@ -509,6 +509,35 @@ sha256_read (void *context)
}
+/* Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 32 bytes. */
+void
+_gcry_sha256_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+ SHA256_CONTEXT hd;
+
+ sha256_init (&hd, 0);
+ _gcry_md_block_write (&hd, buffer, length);
+ sha256_final (&hd);
+ memcpy (outbuf, hd.bctx.buf, 32);
+}
+
+
+/* Variant of the above shortcut function using multiple buffers. */
+void
+_gcry_sha256_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt)
+{
+ SHA256_CONTEXT hd;
+
+ sha256_init (&hd, 0);
+ for (;iovcnt > 0; iov++, iovcnt--)
+ _gcry_md_block_write (&hd,
+ (const char*)iov[0].data + iov[0].off, iov[0].len);
+ sha256_final (&hd);
+ memcpy (outbuf, hd.bctx.buf, 32);
+}
+
+
/*
Self-test section.
diff --git a/cipher/sha512.c b/cipher/sha512.c
index 5b25965..2ddc485 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -739,6 +739,35 @@ sha512_read (void *context)
}
+/* Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 64 bytes. */
+void
+_gcry_sha512_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+ SHA512_CONTEXT hd;
+
+ sha512_init (&hd, 0);
+ _gcry_md_block_write (&hd, buffer, length);
+ sha512_final (&hd);
+ memcpy (outbuf, hd.bctx.buf, 64);
+}
+
+
+/* Variant of the above shortcut function using multiple buffers. */
+void
+_gcry_sha512_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt)
+{
+ SHA512_CONTEXT hd;
+
+ sha512_init (&hd, 0);
+ for (;iovcnt > 0; iov++, iovcnt--)
+ _gcry_md_block_write (&hd,
+ (const char*)iov[0].data + iov[0].off, iov[0].len);
+ sha512_final (&hd);
+ memcpy (outbuf, hd.bctx.buf, 64);
+}
+
+
/*
Self-test section.
diff --git a/src/cipher.h b/src/cipher.h
index 725cc73..f2acb55 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -120,6 +120,19 @@ void _gcry_sha1_hash_buffer (void *outbuf,
const void *buffer, size_t length);
void _gcry_sha1_hash_buffers (void *outbuf,
const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha256.c --*/
+void _gcry_sha256_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sha256_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha512.c --*/
+void _gcry_sha512_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sha512_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
/*-- blake2.c --*/
gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags,
const unsigned char *key,
-----------------------------------------------------------------------
Summary of changes:
cipher/md.c | 32 +++++++++++++++++++++++++++++---
cipher/sha256.c | 29 +++++++++++++++++++++++++++++
cipher/sha512.c | 29 +++++++++++++++++++++++++++++
random/rndjent.c | 14 +++++++++-----
src/cipher.h | 13 +++++++++++++
5 files changed, 109 insertions(+), 8 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list