[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-20-g32a7367
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-20-g32a7367 |
|
Date: |
Wed, 02 Dec 2009 20:42:52 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=32a7367601a3fda0aef07f5481c89e38d9c85b4a
The branch, master has been updated
via 32a7367601a3fda0aef07f5481c89e38d9c85b4a (commit)
via 54486afbfcf3398846d5c20d3094bdb7d0a43ff2 (commit)
via b373f5d1aac157916c6b44cb6a2ec505e4b46784 (commit)
via 5e1d605d30cda30004d9821260b9afd7ca547579 (commit)
from f8ba2b625f822e5b545a25e11fbbc5a081248318 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 32a7367601a3fda0aef07f5481c89e38d9c85b4a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Dec 2 22:33:06 2009 +0200
reduced calls to gnutls_hash on encryption/decryption. Only initialize MAC
when needed.
commit 54486afbfcf3398846d5c20d3094bdb7d0a43ff2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Dec 2 21:51:40 2009 +0200
Added plain MD5 hash check and corrected gnutls_hash_fast() usage in
openssl.c
Corrected new hash API bug that prevented usage of plain hash functions.
commit b373f5d1aac157916c6b44cb6a2ec505e4b46784
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Dec 2 21:12:22 2009 +0200
Exported gnutls_cipher_get_block_size() and all hash functions added to
libgnutls.map.
Expanded benchmark with 3DES and ARCFOUR. Corrected test that used
non-existing symbol.
commit 5e1d605d30cda30004d9821260b9afd7ca547579
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Dec 2 20:36:44 2009 +0200
Corrected check for cryptodev. Only enable it if --enable-cryptodev is
specified.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 17 +++++-
doc/gnutls.texi | 15 ++---
lib/Makefile.am | 2 +-
lib/{gnutls_helper.c => compat.c} | 25 ++++---
lib/crypto.c | 6 +-
lib/ext_session_ticket.c | 2 +-
lib/gnutls_algorithms.c | 2 +-
lib/gnutls_algorithms.h | 2 +-
lib/gnutls_cipher.c | 130 +++++++++++++++---------------------
lib/gnutls_hash_int.c | 19 +-----
lib/includes/gnutls/crypto.h | 10 ++--
lib/libgnutls.map | 9 ++-
lib/m4/hooks.m4 | 5 +-
lib/mac-libgcrypt.c | 16 ++---
lib/opencdk/read-packet.c | 2 +-
lib/x509/privkey_pkcs8.c | 4 +-
libextra/gnutls_openssl.c | 4 +-
src/benchmark.c | 50 +++++++++++---
tests/gc.c | 32 +++++++--
19 files changed, 190 insertions(+), 162 deletions(-)
copy lib/{gnutls_helper.c => compat.c} (67%)
diff --git a/NEWS b/NEWS
index cd44a42..4280603 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ See the end for copying conditions.
* Version 2.9.10 (unreleased)
+** libgnutls: Added cryptodev support (/dev/crypto). Tested with
+http://www.logix.cz/michal/devel/cryptodev/. Added benchmark utility
+for AES. Exported API to access encryption and hash algorithms.
+
** certtool: Corrected two issues that affected certificate request generation.
(1) Null padding is added on integers (found thanks to Wilankar Trupti),
(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA
@@ -18,7 +22,18 @@ to verify thus public key will be available). Found thanks
to Boyan Kasarov.
** certtool: New option --no-crq-extensions to avoid extensions in CSRs.
** API and ABI modifications:
-No changes since last version.
+gnutls_cipher_get_block_size: Added
+gnutls_cipher_init: Added
+gnutls_cipher_encrypt: Added
+gnutls_cipher_decrypt: Added
+gnutls_cipher_deinit: Added
+gnutls_hash_init: Added
+gnutls_hash_get_algo_len: Added
+gnutls_hash: Added
+gnutls_hash_fast: Added
+gnutls_hash_deinit: Added
+gnutls_hash_output: Added
+gnutls_hash_reset: Added
* Version 2.9.9 (released 2009-11-09)
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 87e6fe3..12d1365 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -4033,8 +4033,11 @@ is summarized in the following diagram.
@section Cryptographic Backend
Several new systems provide hardware assisted cryptographic algorithm
implementations that offer implementations some orders of magnitude
-faster than the software. For this reason in current releases of
-GnuTLS it is possible to override parts of the crypto backend or the
+faster than the software. For this reason GnuTLS supports by default
+the /dev/crypto device usually found in FreeBSD and OpenBSD system, to
+take advantage of installed hardware.
+
+In addition it is possible to override parts of the crypto backend or the
whole. It is possible to override them both at runtime and compile
time, however here we will discuss the runtime possibility. The API
available for this functionality is in @code{gnutls/crypto.h} header
@@ -4050,11 +4053,8 @@ following functions can be used to register those
algorithms.
@item @ref{gnutls_crypto_single_cipher_register2}
To register a cipher algorithm.
address@hidden @ref{gnutls_crypto_single_mac_register2}
-To register a MAC algorithm.
-
@ref{gnutls_crypto_single_digest_register2}
-To register a digest (hash) algorithm.
+To register a hash (digest) or MAC algorithm.
@end itemize
@@ -4071,9 +4071,6 @@ them. For this reason the following functions are
provided.
@item @ref{gnutls_crypto_cipher_register2}
To override the cryptographic algorithms backend.
address@hidden @ref{gnutls_crypto_mac_register2}
-To override the MAC algorithms backend.
-
@item @ref{gnutls_crypto_digest_register2}
To override the digest algorithms backend.
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 54a91b7..8ebfd7b 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -81,7 +81,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c
gnutls_cipher.c \
auth_dh_common.c gnutls_helper.c gnutls_supplemental.c \
crypto.c random.c pk-libgcrypt.c mpi-libgcrypt.c cryptodev.c \
rnd-libgcrypt.c cipher-libgcrypt.c mac-libgcrypt.c ext_signature.c \
- crypto-api.c
+ crypto-api.c compat.c
if ENABLE_OPRFI
COBJECTS += $(OPRFI_COBJECTS)
diff --git a/lib/gnutls_helper.c b/lib/compat.c
similarity index 67%
copy from lib/gnutls_helper.c
copy to lib/compat.c
index 68bae1b..0a01b72 100644
--- a/lib/gnutls_helper.c
+++ b/lib/compat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2008 Free Software Foundation
+ * Copyright (C) 2009 Free Software Foundation
*
* Author: Nikos Mavrogiannopoulos
*
@@ -22,18 +22,23 @@
*
*/
+#include <gnutls_errors.h>
#include <gnutls_int.h>
-#include <gnutls_helper.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
+#include <gnutls_mpi.h>
+#include <gnutls_pk.h>
+#include <random.h>
+#include <gnutls_cipher_int.h>
int
-_gnutls_file_exists (const char *file)
+gnutls_crypto_single_mac_register2 (int priority, ...)
{
- FILE *fd;
-
- fd = fopen (file, "r");
- if (fd == NULL)
- return -1;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+}
- fclose (fd);
- return 0;
+int gnutls_crypto_mac_register2 (int priority, ...)
+{
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
+
diff --git a/lib/crypto.c b/lib/crypto.c
index 94fab51..a2db9e0 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -395,7 +395,7 @@ gnutls_crypto_cipher_register2 (int priority, int version,
}
/**
- * gnutls_crypto_mac_register2 - register a mac interface
+ * gnutls_crypto_digest_register2 - register a mac interface
* @priority: is the priority of the mac interface
* @version: should be set to %GNUTLS_CRYPTO_API_VERSION
* @s: is a structure holding new interface's data
@@ -409,14 +409,14 @@ gnutls_crypto_cipher_register2 (int priority, int version,
* This function should be called before gnutls_global_init().
*
* For simplicity you can use the convenience
- * gnutls_crypto_mac_register() macro.
+ * gnutls_crypto_digest_register() macro.
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
*
* Since: 2.6.0
**/
int
-gnutls_crypto_mac_register2 (int priority, int version,
+gnutls_crypto_digest_register2 (int priority, int version,
const gnutls_crypto_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index d9cf760..42ffadd 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -162,7 +162,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket
*ticket)
gnutls_assert ();
return ret;
}
- blocksize = _gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC);
+ blocksize = gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC);
encrypted_state.size =
((state.size + blocksize - 1) / blocksize) * blocksize;
encrypted_state.data = gnutls_malloc (encrypted_state.size);
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index e7b28f5..d9a0d83 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -806,7 +806,7 @@ _gnutls_mac_is_ok (gnutls_digest_algorithm_t algorithm)
/* CIPHER functions */
int
-_gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
+gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
{
size_t ret = 0;
GNUTLS_ALG_LOOP (ret = p->blocksize);
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index dea0731..edc9d16 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -70,7 +70,7 @@ cipher_suite_st _gnutls_cipher_suite_get_suite_name
(cipher_suite_st *
algorithm);
/* Functions for ciphers. */
-int _gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
+int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm);
int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm);
int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index bdfdbaa..746a58b 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -287,6 +287,26 @@ calc_enc_length (gnutls_session_t session, int data_size,
return length;
}
+#define PREAMBLE_SIZE 16
+static inline int make_preamble(opaque* uint64_data, opaque type, uint16_t
c_length, opaque ver, opaque* preamble)
+{
+ opaque minor = _gnutls_version_get_minor (ver);
+ opaque major = _gnutls_version_get_major (ver);
+ opaque *p = preamble;
+
+ memcpy(p, uint64_data, 8);
+ p+=8;
+ *p=type; p++;
+ if (_gnutls_version_has_variable_padding (ver))
+ { /* TLS 1.0 or higher */
+ *p = major; p++;
+ *p = minor; p++;
+ }
+ memcpy(p, &c_length, 2);
+ p+=2;
+ return p-preamble;
+}
+
/* This is the actual encryption
* Encrypts the given compressed datum, and puts the result to cipher_data,
* which has cipher_size size.
@@ -302,54 +322,41 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
uint16_t c_length;
uint8_t pad;
int length, ret;
- hash_hd_st td;
uint8_t type = _type;
- uint8_t major, minor;
+ opaque preamble[PREAMBLE_SIZE];
+ int preamble_size;
int hash_size =
_gnutls_hash_get_algo_len (session->security_parameters.
write_mac_algorithm);
- gnutls_protocol_t ver;
int blocksize =
- _gnutls_cipher_get_block_size (session->security_parameters.
+ gnutls_cipher_get_block_size (session->security_parameters.
write_bulk_cipher_algorithm);
cipher_type_t block_algo =
_gnutls_cipher_is_block (session->security_parameters.
write_bulk_cipher_algorithm);
opaque *data_ptr;
-
-
- ver = gnutls_protocol_get_version (session);
- minor = _gnutls_version_get_minor (ver);
- major = _gnutls_version_get_major (ver);
+ int ver = gnutls_protocol_get_version (session);
/* Initialize MAC */
- ret = mac_init (&td, session->security_parameters.write_mac_algorithm,
- session->connection_state.write_mac_secret.data,
- session->connection_state.write_mac_secret.size, ver);
-
- if (ret < 0
- && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
- {
- gnutls_assert ();
- return ret;
- }
c_length = _gnutls_conv_uint16 (compressed.size);
if (session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
{ /* actually when the algorithm in not the NULL
one */
- _gnutls_hash (&td,
- UINT64DATA (session->connection_state.
- write_sequence_number), 8);
-
- _gnutls_hash (&td, &type, 1);
- if (_gnutls_version_has_variable_padding (ver))
- { /* TLS 1.0 or higher */
- _gnutls_hash (&td, &major, 1);
- _gnutls_hash (&td, &minor, 1);
- }
- _gnutls_hash (&td, &c_length, 2);
+ hash_hd_st td;
+
+ ret = mac_init (&td, session->security_parameters.write_mac_algorithm,
+ session->connection_state.write_mac_secret.data,
+ session->connection_state.write_mac_secret.size, ver);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ preamble_size = make_preamble( UINT64DATA
(session->connection_state.write_sequence_number), type, c_length, ver,
preamble);
+ _gnutls_hash (&td, preamble, preamble_size);
_gnutls_hash (&td, compressed.data, compressed.size);
mac_deinit (&td, MAC, ver);
}
@@ -418,10 +425,6 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
return length;
}
-#define DEINIT_MAC(td, ver, algo) \
- if (algo != GNUTLS_MAC_NULL) \
- mac_deinit (&td, NULL, ver);
-
/* Deciphers the ciphertext packet, and puts the result to compress_data, of
compress_size.
* Returns the actual compressed packet size.
*/
@@ -435,35 +438,19 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
uint16_t c_length;
uint8_t pad;
int length;
- hash_hd_st td;
uint16_t blocksize;
int ret, i, pad_failed = 0;
- uint8_t major, minor;
- gnutls_protocol_t ver;
+ opaque preamble[PREAMBLE_SIZE];
+ int preamble_size;
+ int ver = gnutls_protocol_get_version (session);
int hash_size =
_gnutls_hash_get_algo_len (session->security_parameters.
read_mac_algorithm);
- ver = gnutls_protocol_get_version (session);
- minor = _gnutls_version_get_minor (ver);
- major = _gnutls_version_get_major (ver);
-
blocksize =
- _gnutls_cipher_get_block_size (session->security_parameters.
+ gnutls_cipher_get_block_size (session->security_parameters.
read_bulk_cipher_algorithm);
- /* initialize MAC
- */
- ret = mac_init (&td, session->security_parameters.read_mac_algorithm,
- session->connection_state.read_mac_secret.data,
- session->connection_state.read_mac_secret.size, ver);
-
- if (ret < 0
- && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
/* actual decryption (inplace)
*/
@@ -477,10 +464,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
ciphertext.size)) < 0)
{
gnutls_assert ();
- DEINIT_MAC (td, ver,
- session->security_parameters.write_mac_algorithm);
-
-
return ret;
}
@@ -491,8 +474,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0))
{
gnutls_assert ();
- DEINIT_MAC (td, ver,
- session->security_parameters.write_mac_algorithm);
return GNUTLS_E_DECRYPTION_FAILED;
}
@@ -502,8 +483,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
ciphertext.size)) < 0)
{
gnutls_assert ();
- DEINIT_MAC (td, ver,
- session->security_parameters.write_mac_algorithm);
return ret;
}
@@ -518,8 +497,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
if (ciphertext.size == 0)
{
gnutls_assert ();
- DEINIT_MAC (td, ver,
- session->security_parameters.write_mac_algorithm);
return GNUTLS_E_DECRYPTION_FAILED;
}
}
@@ -552,7 +529,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
break;
default:
gnutls_assert ();
- DEINIT_MAC (td, ver, session->security_parameters.write_mac_algorithm);
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -565,18 +541,20 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
*/
if (session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
{
- _gnutls_hash (&td,
- UINT64DATA (session->connection_state.
- read_sequence_number), 8);
-
- _gnutls_hash (&td, &type, 1);
- if (_gnutls_version_has_variable_padding (ver))
- { /* TLS 1.x */
- _gnutls_hash (&td, &major, 1);
- _gnutls_hash (&td, &minor, 1);
- }
- _gnutls_hash (&td, &c_length, 2);
+ hash_hd_st td;
+
+ ret = mac_init (&td, session->security_parameters.read_mac_algorithm,
+ session->connection_state.read_mac_secret.data,
+ session->connection_state.read_mac_secret.size, ver);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ preamble_size = make_preamble( UINT64DATA
(session->connection_state.read_sequence_number), type, c_length, ver,
preamble);
+ _gnutls_hash (&td, preamble, preamble_size);
if (length > 0)
_gnutls_hash (&td, ciphertext.data, length);
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index c70fa8f..682cb23 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -110,40 +110,25 @@ _gnutls_hash_init (hash_hd_st * dig,
gnutls_digest_algorithm_t algorithm,
dig->registered = 1;
dig->hd.rh.cc = cc;
- if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
+ if (cc->init (algorithm, &dig->hd.rh.ctx, key, keylen) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
}
- if (key)
- {
- if (cc->setkey == NULL || cc->setkey (dig->hd.rh.ctx, key, keylen) <
0)
- {
- gnutls_assert ();
- cc->deinit (dig->hd.rh.ctx);
- return GNUTLS_E_HASH_FAILED;
- }
- }
-
dig->active = 1;
return 0;
}
dig->registered = 0;
- result = _gnutls_mac_ops.init (algorithm, &dig->hd.gc);
+ result = _gnutls_mac_ops.init (algorithm, &dig->hd.gc, key, keylen);
if (result < 0)
{
gnutls_assert ();
return result;
}
- if (key)
- {
- _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
- }
-
dig->active = 1;
return 0;
}
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 4e82a3b..ac67386 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -34,6 +34,7 @@ int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
void *text, int text
int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, void *ciphertext,
int ciphertextlen);
void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
+int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
/* HMAC */
typedef struct hash_hd_st* gnutls_hash_hd_t;
@@ -69,8 +70,7 @@ typedef struct
typedef struct
{
- int (*init) (gnutls_mac_algorithm_t, void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*init) (gnutls_mac_algorithm_t, void **ctx, const void* key, size_t
keysize);
int (*hash) (void *ctx, const void *text, size_t textsize);
int (*copy) (void **dst_ctx, void *src_ctx);
int (*output) (void *src_ctx, void *digest, size_t digestsize);
@@ -263,12 +263,12 @@ int gnutls_crypto_single_digest_register2
(gnutls_mac_algorithm_t algorithm,
# define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
-# define gnutls_crypto_mac_register(prio, st) \
- gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+# define gnutls_crypto_digest_register(prio, st)
\
+ gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_cipher_register2 (int priority, int version,
const gnutls_crypto_cipher_st * s);
-int gnutls_crypto_mac_register2 (int priority, int version,
+int gnutls_crypto_digest_register2 (int priority, int version,
const gnutls_crypto_digest_st * s);
# define gnutls_crypto_rnd_register(prio, st) \
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index c9d33f4..5e73768 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -584,7 +584,14 @@ GNUTLS_2_10
gnutls_cipher_encrypt;
gnutls_cipher_decrypt;
gnutls_cipher_deinit;
-
+ gnutls_cipher_get_block_size;
+ gnutls_hash_init;
+ gnutls_hash_get_algo_len;
+ gnutls_hash;
+ gnutls_hash_fast;
+ gnutls_hash_deinit;
+ gnutls_hash_output;
+ gnutls_hash_reset;
} GNUTLS_2_8;
GNUTLS_PRIVATE {
diff --git a/lib/m4/hooks.m4 b/lib/m4/hooks.m4
index e51d2db..edc3a3e 100644
--- a/lib/m4/hooks.m4
+++ b/lib/m4/hooks.m4
@@ -229,16 +229,13 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
AM_CONDITIONAL(ENABLE_SESSION_TICKET, test "$ac_enable_session_ticket" !=
"no")
# For cryptodev
- enable_cryptodev=no
AC_MSG_CHECKING([whether to add cryptodev support])
AC_ARG_ENABLE(cryptodev,
AS_HELP_STRING([--enable-cryptodev], [enable cryptodev support]),
- enable_cryptodev=yes)
+ enable_cryptodev=yes,enable_cryptodev=no)
AC_MSG_RESULT($enable_cryptodev)
if test "$enable_cryptodev" = "yes"; then
- AC_CHECK_MEMBER(struct crypt_opv.iovec,
- [AC_DEFINE([ENABLE_CRYPTODEV_IOVEC], 1, [Enable cryptodev iovec
support])],,[[#include <crypto/cryptodev.h>]])
AC_DEFINE([ENABLE_CRYPTODEV], 1, [Enable cryptodev support])
fi
diff --git a/lib/mac-libgcrypt.c b/lib/mac-libgcrypt.c
index acb9deb..75f5fcc 100644
--- a/lib/mac-libgcrypt.c
+++ b/lib/mac-libgcrypt.c
@@ -31,10 +31,12 @@
#include <gcrypt.h>
static int
-wrap_gcry_mac_init (gnutls_digest_algorithm_t algo, void **ctx)
+wrap_gcry_mac_init (gnutls_digest_algorithm_t algo, void **ctx, const void*
key, size_t keylen)
{
int err;
- unsigned int flags = GCRY_MD_FLAG_HMAC;
+ unsigned int flags = 0;
+
+ if (key) flags = GCRY_MD_FLAG_HMAC;
switch (algo)
{
@@ -64,6 +66,9 @@ wrap_gcry_mac_init (gnutls_digest_algorithm_t algo, void
**ctx)
return GNUTLS_E_INVALID_REQUEST;
}
+ if (key)
+ gcry_md_setkey ((gcry_md_hd_t) *ctx, key, keylen);
+
if (err == 0)
return 0;
@@ -72,12 +77,6 @@ wrap_gcry_mac_init (gnutls_digest_algorithm_t algo, void
**ctx)
}
static int
-wrap_gcry_md_setkey (void *ctx, const void *key, size_t keylen)
-{
- return gcry_md_setkey ((gcry_md_hd_t) ctx, key, keylen);
-}
-
-static int
wrap_gcry_md_write (void *ctx, const void *text, size_t textsize)
{
gcry_md_write (ctx, text, textsize);
@@ -119,7 +118,6 @@ int crypto_mac_prio = INT_MAX;
gnutls_crypto_digest_st _gnutls_mac_ops = {
.init = wrap_gcry_mac_init,
- .setkey = wrap_gcry_md_setkey,
.hash = wrap_gcry_md_write,
.copy = wrap_gcry_md_copy,
.output = wrap_gcry_mac_output,
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index a2ab51b..a044a10 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -361,7 +361,7 @@ read_secret_key (cdk_stream_t inp, size_t pktlen,
cdk_pkt_seckey_t sk)
else
{
sk->protect.ivlen =
- _gnutls_cipher_get_block_size (sk->protect.algo);
+ gnutls_cipher_get_block_size (sk->protect.algo);
if (!sk->protect.ivlen)
return CDK_Inv_Packet;
rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 24dce8b..51b940a 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1681,7 +1681,7 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
decrypted_data->data = data;
- if (_gnutls_cipher_get_block_size (enc_params->cipher) != 1)
+ if (gnutls_cipher_get_block_size (enc_params->cipher) != 1)
decrypted_data->size = data_size - data[data_size - 1];
else
decrypted_data->size = data_size;
@@ -2119,7 +2119,7 @@ encrypt_data (const gnutls_datum_t * plain,
int ch_init = 0;
opaque pad, pad_size;
- pad_size = _gnutls_cipher_get_block_size (enc_params->cipher);
+ pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
if (pad_size == 1) /* stream */
pad_size = 0;
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 56aa0db..edec495 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -1034,7 +1034,7 @@ MD5 (const unsigned char *buf, unsigned long len,
unsigned char *md)
if (!md)
return NULL;
- _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, NULL, 0, md);
+ _gnutls_hash_fast (GNUTLS_DIG_MD5, NULL, 0, buf, len, md);
return md;
}
@@ -1067,7 +1067,7 @@ RIPEMD160 (const unsigned char *buf, unsigned long len,
unsigned char *md)
if (!md)
return NULL;
- _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, NULL, 0, md);
+ _gnutls_hash_fast (GNUTLS_DIG_RMD160, NULL, 0, buf, len, md);
return md;
}
diff --git a/src/benchmark.c b/src/benchmark.c
index 83d57f4..1ec5eab 100644
--- a/src/benchmark.c
+++ b/src/benchmark.c
@@ -28,27 +28,45 @@
static unsigned char data[64*1024];
-void cipher_bench(int size)
+void cipher_bench(int algo, int size)
{
int ret, i;
gnutls_cipher_hd_t ctx;
-gnutls_datum_t key = {
"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", 16 };
-gnutls_datum_t iv = {
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", 16 };
+void* _key,*_iv;
+gnutls_datum_t key, iv;
struct timespec start, stop;
double secs;
long data_size = 0;
double dd;
+int blocksize = gnutls_cipher_get_block_size(algo);
+int keysize = gnutls_cipher_get_key_size(algo);
+ _key = malloc(keysize);
+ if (_key == NULL)
+ return;
+ memset(_key, 0xf0, keysize);
+
+ _iv = malloc(blocksize);
+ if (_iv == NULL)
+ return;
+ memset(_iv, 0xf0, blocksize);
+
+ iv.data = _iv;
+ iv.size = blocksize;
+
+ key.data = _key;
+ key.size = keysize;
+
gnutls_global_init();
- printf("Checking AES (%dkb payload)... ", size);
+ printf("Checking %s (%dkb payload)... ", gnutls_cipher_get_name(algo), size);
fflush(stdout);
clock_gettime(CLOCK_MONOTONIC, &start);
- ret = gnutls_cipher_init( &ctx, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
+ ret = gnutls_cipher_init( &ctx, algo, &key, &iv);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- return;
+ goto leave;
}
for (i=0;i<7*1024;i++) {
@@ -63,17 +81,29 @@ double dd;
secs =
(stop.tv_sec*1000+stop.tv_nsec/(1000*1000)-(start.tv_sec*1000+start.tv_nsec/(1000*1000)));
secs /= 1000;
dd = (((double)data_size/(double)secs))/1000;
- printf("Transferred %u kb in %.2f secs: ", data_size/1000, secs);
+ printf("Transferred %ld kb in %.2f secs: ", data_size/1000, secs);
printf("%.2f kbyte/sec\n", dd);
+
+leave:
+ free(_key);
+ free(_iv);
}
int main()
{
- cipher_bench(8);
- cipher_bench(16);
- cipher_bench(32);
+ cipher_bench(GNUTLS_CIPHER_3DES_CBC, 4);
+ cipher_bench(GNUTLS_CIPHER_3DES_CBC, 8);
+ cipher_bench(GNUTLS_CIPHER_3DES_CBC, 16);
+
+ cipher_bench(GNUTLS_CIPHER_AES_128_CBC, 4);
+ cipher_bench(GNUTLS_CIPHER_AES_128_CBC, 8);
+ cipher_bench(GNUTLS_CIPHER_AES_128_CBC, 16);
+
+ cipher_bench(GNUTLS_CIPHER_ARCFOUR, 4);
+ cipher_bench(GNUTLS_CIPHER_ARCFOUR, 8);
+ cipher_bench(GNUTLS_CIPHER_ARCFOUR, 16);
return 0;
}
diff --git a/tests/gc.c b/tests/gc.c
index 70c6180..9330ac2 100644
--- a/tests/gc.c
+++ b/tests/gc.c
@@ -42,36 +42,52 @@ doit (void)
gnutls_global_init ();
err =
- _gnutls_hmac_fast (GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8, digest);
+ _gnutls_hash_fast (GNUTLS_MAC_MD5, NULL, 0, "testtest", 8, digest);
if (err < 0)
- fail ("_gnutls_hmac_fast(MD5) failed: %d\n", err);
+ fail ("_gnutls_hash_fast(MD5) failed: %d\n", err);
+ else
+ {
+ if (memcmp (digest,
"\x05\xa6\x71\xc6\x6a\xef\xea\x12\x4c\xc0\x8b\x76\xea\x6d\x30\xbb", 16) == 0)
+ success ("HASH: _gnutls_hash_fast(MD5) OK\n");
+ else
+ {
+ hexprint (digest, 16);
+ fail ("HASH: _gnutls_hash_fast(MD5) failure\n");
+ }
+ }
+
+
+ err =
+ _gnutls_hash_fast (GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8, digest);
+ if (err < 0)
+ fail ("_gnutls_hash_fast(MD5) failed: %d\n", err);
else
{
if (memcmp (digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0"
"\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0)
- success ("_gnutls_hmac_fast(MD5) OK\n");
+ success ("_gnutls_hash_fast(MD5) OK\n");
else
{
hexprint (digest, 16);
- fail ("_gnutls_hmac_fast(MD5) failure\n");
+ fail ("_gnutls_hash_fast(MD5) failure\n");
}
}
err =
- _gnutls_hmac_fast (GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
+ _gnutls_hash_fast (GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
digest);
if (err < 0)
- fail ("_gnutls_hmac_fast(SHA1) failed: %d\n", err);
+ fail ("_gnutls_hash_fast(SHA1) failed: %d\n", err);
else
{
if (memcmp (digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8"
"\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
20) == 0)
- success ("_gnutls_hmac_fast(SHA1) OK\n");
+ success ("_gnutls_hash_fast(SHA1) OK\n");
else
{
hexprint (digest, 20);
- fail ("_gnutls_hmac_fast(SHA1) failure\n");
+ fail ("_gnutls_hash_fast(SHA1) failure\n");
}
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-20-g32a7367,
Nikos Mavrogiannopoulos <=