[git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-103-g82bc052

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-103-g82bc052

by Werner Koch
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  82bc052eda5b3897724c7ad11e54f8203e8e88e9 (commit)
       via  e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f (commit)
      from  ee3a74f5539cbc5182ce089994e37c16ce612149 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9
Author: Werner Koch <[hidden email]>
Date:   Fri Jun 16 17:09:20 2017 +0200

    random: Make rndjent.c NTG.1 compliant.
   
    * random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.
   
    Signed-off-by: Werner Koch <[hidden email]>

diff --git a/random/rndjent.c b/random/rndjent.c
index 99318b4..86dc88e 100644
--- a/random/rndjent.c
+++ b/random/rndjent.c
@@ -306,7 +306,7 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
       if (jent_rng_collector)
         {
           /* We have a working JENT and it has not been disabled.  */
-          char buffer[256];
+          char buffer[32];
 
           while (length)
             {
@@ -317,10 +317,14 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
               rc = jent_read_entropy (jent_rng_collector, buffer, n);
               if (rc < 0)
                 break;
-              (*add) (buffer, rc, origin);
-              length -= rc;
-              nbytes += rc;
-              jent_rng_totalbytes += rc;
+              /* We need to hash the output to conform to the BSI
+               * NTG.1 specs.  */
+              _gcry_md_hash_buffer (GCRY_MD_SHA256, buffer, buffer, rc);
+              n = rc < 32? rc : 32;
+              (*add) (buffer, n, origin);
+              length -= n;
+              nbytes += n;
+              jent_rng_totalbytes += n;
             }
           wipememory (buffer, sizeof buffer);
         }

commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f
Author: Werner Koch <[hidden email]>
Date:   Fri Jun 16 16:53:33 2017 +0200

    md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512.
   
    * cipher/sha256.c (_gcry_sha256_hash_buffer): New.
    (_gcry_sha256_hash_buffers): New.
    * cipher/sha512.c (_gcry_sha512_hash_buffer): New.
    (_gcry_sha512_hash_buffers): New.
    * cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
    (_gcry_md_hash_buffers): Ditto.
   
    Signed-off-by: Werner Koch <[hidden email]>

diff --git a/cipher/md.c b/cipher/md.c
index 8df54fe..c1f585f 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -1028,10 +1028,24 @@ void
 _gcry_md_hash_buffer (int algo, void *digest,
                       const void *buffer, size_t length)
 {
-  if (algo == GCRY_MD_SHA1)
+  if (0)
+    ;
+#if USE_SHA256
+  else if (algo == GCRY_MD_SHA256)
+    _gcry_sha256_hash_buffer (digest, buffer, length);
+#endif
+#if USE_SHA512
+  else if (algo == GCRY_MD_SHA512)
+    _gcry_sha512_hash_buffer (digest, buffer, length);
+#endif
+#if USE_SHA1
+  else if (algo == GCRY_MD_SHA1)
     _gcry_sha1_hash_buffer (digest, buffer, length);
+#endif
+#if USE_RMD160
   else if (algo == GCRY_MD_RMD160 && !fips_mode () )
     _gcry_rmd160_hash_buffer (digest, buffer, length);
+#endif
   else
     {
       /* For the others we do not have a fast function, so we use the
@@ -1091,12 +1105,24 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
   if (hmac && iovcnt < 1)
     return GPG_ERR_INV_ARG;
 
-  if (algo == GCRY_MD_SHA1 && !hmac)
+  if (0)
+    ;
+#if USE_SHA256
+  else if (algo == GCRY_MD_SHA256 && !hmac)
+    _gcry_sha256_hash_buffers (digest, iov, iovcnt);
+#endif
+#if USE_SHA512
+  else if (algo == GCRY_MD_SHA512 && !hmac)
+    _gcry_sha512_hash_buffers (digest, iov, iovcnt);
+#endif
+#if USE_SHA1
+  else if (algo == GCRY_MD_SHA1 && !hmac)
     _gcry_sha1_hash_buffers (digest, iov, iovcnt);
+#endif
   else
     {
       /* For the others we do not have a fast function, so we use the
- normal functions. */
+ normal functions.  */
       gcry_md_hd_t h;
       gpg_err_code_t rc;
       int dlen;
diff --git a/cipher/sha256.c b/cipher/sha256.c
index b450a12..d174321 100644
--- a/cipher/sha256.c
+++ b/cipher/sha256.c
@@ -509,6 +509,35 @@ sha256_read (void *context)
 }
 
 
+/* Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 32 bytes.  */
+void
+_gcry_sha256_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+  SHA256_CONTEXT hd;
+
+  sha256_init (&hd, 0);
+  _gcry_md_block_write (&hd, buffer, length);
+  sha256_final (&hd);
+  memcpy (outbuf, hd.bctx.buf, 32);
+}
+
+
+/* Variant of the above shortcut function using multiple buffers.  */
+void
+_gcry_sha256_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt)
+{
+  SHA256_CONTEXT hd;
+
+  sha256_init (&hd, 0);
+  for (;iovcnt > 0; iov++, iovcnt--)
+    _gcry_md_block_write (&hd,
+                          (const char*)iov[0].data + iov[0].off, iov[0].len);
+  sha256_final (&hd);
+  memcpy (outbuf, hd.bctx.buf, 32);
+}
+
+
 
 /*
      Self-test section.
diff --git a/cipher/sha512.c b/cipher/sha512.c
index 5b25965..2ddc485 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -739,6 +739,35 @@ sha512_read (void *context)
 }
 
 
+/* Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 64 bytes.  */
+void
+_gcry_sha512_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+  SHA512_CONTEXT hd;
+
+  sha512_init (&hd, 0);
+  _gcry_md_block_write (&hd, buffer, length);
+  sha512_final (&hd);
+  memcpy (outbuf, hd.bctx.buf, 64);
+}
+
+
+/* Variant of the above shortcut function using multiple buffers.  */
+void
+_gcry_sha512_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt)
+{
+  SHA512_CONTEXT hd;
+
+  sha512_init (&hd, 0);
+  for (;iovcnt > 0; iov++, iovcnt--)
+    _gcry_md_block_write (&hd,
+                          (const char*)iov[0].data + iov[0].off, iov[0].len);
+  sha512_final (&hd);
+  memcpy (outbuf, hd.bctx.buf, 64);
+}
+
+
 
 /*
      Self-test section.
diff --git a/src/cipher.h b/src/cipher.h
index 725cc73..f2acb55 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -120,6 +120,19 @@ void _gcry_sha1_hash_buffer (void *outbuf,
                              const void *buffer, size_t length);
 void _gcry_sha1_hash_buffers (void *outbuf,
                               const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha256.c --*/
+void _gcry_sha256_hash_buffer (void *outbuf,
+                               const void *buffer, size_t length);
+void _gcry_sha256_hash_buffers (void *outbuf,
+                                const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha512.c --*/
+void _gcry_sha512_hash_buffer (void *outbuf,
+                               const void *buffer, size_t length);
+void _gcry_sha512_hash_buffers (void *outbuf,
+                                const gcry_buffer_t *iov, int iovcnt);
+
 /*-- blake2.c --*/
 gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags,
    const unsigned char *key,

-----------------------------------------------------------------------

Summary of changes:
 cipher/md.c      | 32 +++++++++++++++++++++++++++++---
 cipher/sha256.c  | 29 +++++++++++++++++++++++++++++
 cipher/sha512.c  | 29 +++++++++++++++++++++++++++++
 random/rndjent.c | 14 +++++++++-----
 src/cipher.h     | 13 +++++++++++++
 5 files changed, 109 insertions(+), 8 deletions(-)


hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-commits


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Loading...