[git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-133-g66d2b7f
by Jussi Kivilinna
cvs at cvs.gnupg.org
Sat Dec 1 13:01:32 CET 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 66d2b7fc17258f1424f4ca4adb1096e48b818bd0 (commit)
via 168668228c7c49e70612cb4d602d6d603a2add2c (commit)
from 9d9c4fd18b445ff414d11678285d54af3afdb222 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 66d2b7fc17258f1424f4ca4adb1096e48b818bd0
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date: Sat Dec 1 12:21:14 2018 +0200
rijndael-aesni: interleave last CTR encryption round with xoring
* cipher/rijndael-aesni.c (do_aesni_ctr_8): Interleave aesenclast
with input xoring.
--
Structure of 'aesenclast' instruction allows reordering last
encryption round and xoring of input block for small ~0.5%
improvement in performance.
Intel i7-4790K @ 4.0 Ghz:
AES | nanosecs/byte mebibytes/sec cycles/byte
CTR enc | 0.159 ns/B 6002 MiB/s 0.636 c/B
CTR dec | 0.159 ns/B 6001 MiB/s 0.636 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c
index 483387c..ec9f4d4 100644
--- a/cipher/rijndael-aesni.c
+++ b/cipher/rijndael-aesni.c
@@ -1657,14 +1657,6 @@ do_aesni_ctr_8 (const RIJNDAEL_context *ctx,
"movdqa 0xe0(%[key]), %%xmm1\n"
".Lenclast%=:\n\t"
- "aesenclast %%xmm1, %%xmm0\n\t"
- "aesenclast %%xmm1, %%xmm2\n\t"
- "aesenclast %%xmm1, %%xmm3\n\t"
- "aesenclast %%xmm1, %%xmm4\n\t"
- "aesenclast %%xmm1, %%xmm8\n\t"
- "aesenclast %%xmm1, %%xmm9\n\t"
- "aesenclast %%xmm1, %%xmm10\n\t"
- "aesenclast %%xmm1, %%xmm11\n\t"
:
: [key] "r" (ctx->keyschenc),
[rounds] "r" (ctx->rounds)
@@ -1674,22 +1666,30 @@ do_aesni_ctr_8 (const RIJNDAEL_context *ctx,
"movdqu 1*16(%[src]), %%xmm13\n\t" /* Get block 2. */
"movdqu 2*16(%[src]), %%xmm14\n\t" /* Get block 3. */
"movdqu 3*16(%[src]), %%xmm15\n\t" /* Get block 4. */
- "movdqu 4*16(%[src]), %%xmm1\n\t" /* Get block 5. */
- "pxor %%xmm12, %%xmm0\n\t" /* EncCTR-1 ^= input */
+ "movdqu 4*16(%[src]), %%xmm7\n\t" /* Get block 5. */
+ "pxor %%xmm1, %%xmm12\n\t" /* block1 ^= lastkey */
+ "aesenclast %%xmm12, %%xmm0\n\t"
"movdqu 5*16(%[src]), %%xmm12\n\t" /* Get block 6. */
- "pxor %%xmm13, %%xmm2\n\t" /* EncCTR-2 ^= input */
+ "pxor %%xmm1, %%xmm13\n\t" /* block2 ^= lastkey */
+ "aesenclast %%xmm13, %%xmm2\n\t"
"movdqu 6*16(%[src]), %%xmm13\n\t" /* Get block 7. */
- "pxor %%xmm14, %%xmm3\n\t" /* EncCTR-3 ^= input */
+ "pxor %%xmm1, %%xmm14\n\t" /* block3 ^= lastkey */
+ "aesenclast %%xmm14, %%xmm3\n\t"
"movdqu 7*16(%[src]), %%xmm14\n\t" /* Get block 8. */
- "pxor %%xmm15, %%xmm4\n\t" /* EncCTR-4 ^= input */
+ "pxor %%xmm1, %%xmm15\n\t" /* block4 ^= lastkey */
+ "aesenclast %%xmm15, %%xmm4\n\t"
"movdqu %%xmm0, 0*16(%[dst])\n\t" /* Store block 1 */
- "pxor %%xmm1, %%xmm8\n\t" /* EncCTR-5 ^= input */
+ "pxor %%xmm1, %%xmm7\n\t" /* block5 ^= lastkey */
+ "aesenclast %%xmm7, %%xmm8\n\t"
"movdqu %%xmm0, 0*16(%[dst])\n\t" /* Store block 1 */
- "pxor %%xmm12, %%xmm9\n\t" /* EncCTR-6 ^= input */
+ "pxor %%xmm1, %%xmm12\n\t" /* block6 ^= lastkey */
+ "aesenclast %%xmm12, %%xmm9\n\t"
"movdqu %%xmm2, 1*16(%[dst])\n\t" /* Store block 2. */
- "pxor %%xmm13, %%xmm10\n\t" /* EncCTR-7 ^= input */
+ "pxor %%xmm1, %%xmm13\n\t" /* block7 ^= lastkey */
+ "aesenclast %%xmm13, %%xmm10\n\t"
"movdqu %%xmm3, 2*16(%[dst])\n\t" /* Store block 3. */
- "pxor %%xmm14, %%xmm11\n\t" /* EncCTR-8 ^= input */
+ "pxor %%xmm1, %%xmm14\n\t" /* block8 ^= lastkey */
+ "aesenclast %%xmm14, %%xmm11\n\t"
"movdqu %%xmm4, 3*16(%[dst])\n\t" /* Store block 4. */
"movdqu %%xmm8, 4*16(%[dst])\n\t" /* Store block 8. */
"movdqu %%xmm9, 5*16(%[dst])\n\t" /* Store block 9. */
commit 168668228c7c49e70612cb4d602d6d603a2add2c
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date: Tue Nov 13 22:08:50 2018 +0200
Use explicit_bzero for wipememory
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
* src/g10lib.h (wipememory2): Use _gcry_fast_wipememory if _SET is
zero.
(_gcry_fast_wipememory): New.
(_gcry_wipememory2): Rename to...
(_gcry_fast_wipememory2): ...this.
* src/misc.c (_gcry_wipememory): New.
(_gcry_wipememory2): Rename to...
(_gcry_fast_wipememory2): ...this.
(_gcry_fast_wipememory2) [HAVE_EXPLICIT_BZERO]: Use explicit_bzero if
SET is zero.
(_gcry_burn_stack): Use _gcry_fast_wipememory.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
diff --git a/configure.ac b/configure.ac
index 9803d51..5843884 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1772,6 +1772,7 @@ AC_CHECK_FUNCS(strtoul memmove stricmp atexit raise)
AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4)
AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog)
AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile)
+AC_CHECK_FUNCS(explicit_bzero)
GNUPG_CHECK_MLOCK
diff --git a/src/g10lib.h b/src/g10lib.h
index 9b21478..694c2d8 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -334,15 +334,16 @@ void __gcry_burn_stack (unsigned int bytes);
do { __gcry_burn_stack (bytes); \
__gcry_burn_stack_dummy (); } while(0)
-
/* To avoid that a compiler optimizes certain memset calls away, these
macros may be used instead. For small constant length buffers,
memory wiping is inlined. For non-constant or large length buffers,
- memory is wiped with memset through _gcry_wipememory. */
-void _gcry_wipememory2(void *ptr, int set, size_t len);
+ memory is wiped with memset through _gcry_fast_wipememory. */
#define wipememory2(_ptr,_set,_len) do { \
if (!CONSTANT_P(_len) || _len > 64) { \
- _gcry_wipememory2((void *)_ptr, _set, _len); \
+ if (CONSTANT_P(_set) && (_set) == 0) \
+ _gcry_fast_wipememory((void *)_ptr, _len); \
+ else \
+ _gcry_fast_wipememory2((void *)_ptr, _set, _len); \
} else {\
volatile char *_vptr = (volatile char *)(_ptr); \
size_t _vlen = (_len); \
@@ -353,6 +354,9 @@ void _gcry_wipememory2(void *ptr, int set, size_t len);
} while(0)
#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+void _gcry_fast_wipememory(void *ptr, size_t len);
+void _gcry_fast_wipememory2(void *ptr, int set, size_t len);
+
#if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \
defined(HAVE_GCC_ATTRIBUTE_ALIGNED) && \
defined(HAVE_GCC_ATTRIBUTE_MAY_ALIAS)
diff --git a/src/misc.c b/src/misc.c
index 420ce74..bb39e1c 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -32,6 +32,8 @@
static int verbosity_level = 0;
+/* Prevent compiler from optimizing away the call to memset by accessing
+ memset through volatile pointer. */
static void *(*volatile memset_ptr)(void *, int, size_t) = (void *)memset;
static void (*fatal_error_handler)(void*,int, const char*) = NULL;
@@ -500,8 +502,37 @@ _gcry_strtokenize (const char *string, const char *delim)
void
-_gcry_wipememory2 (void *ptr, int set, size_t len)
+_gcry_fast_wipememory (void *ptr, size_t len)
{
+ /* Note: This function is called from wipememory/wipememory2 only if LEN
+ is large or unknown at compile time. New wipe function alternatives
+ need to be checked before adding to this function. New implementations
+ need to be faster than wipememory/wipememory2 macros in 'misc.h'.
+
+ Following implementations were found to have suboptimal performance:
+
+ - [_WIN32/mingw32] SecureZeroMemory; Inline function, equivalent to
+ volatile byte buffer set: while(buflen--) (volatile char *)(buf++)=set;
+ */
+#ifdef HAVE_EXPLICIT_BZERO
+ explicit_bzero (ptr, len);
+#else
+ memset_ptr (ptr, 0, len);
+#endif
+}
+
+
+void
+_gcry_fast_wipememory2 (void *ptr, int set, size_t len)
+{
+#ifdef HAVE_EXPLICIT_BZERO
+ if (set == 0)
+ {
+ explicit_bzero (ptr, len);
+ return;
+ }
+#endif
+
memset_ptr (ptr, set, len);
}
@@ -514,11 +545,11 @@ __gcry_burn_stack (unsigned int bytes)
unsigned int buflen = ((!bytes + bytes) + 63) & ~63;
char buf[buflen];
- memset_ptr (buf, 0, buflen);
+ _gcry_fast_wipememory (buf, buflen);
#else
volatile char buf[64];
- wipememory (buf, sizeof buf);
+ _gcry_fast_wipememory (buf, sizeof buf);
if (bytes > sizeof buf)
_gcry_burn_stack (bytes - sizeof buf);
-----------------------------------------------------------------------
Summary of changes:
cipher/rijndael-aesni.c | 34 +++++++++++++++++-----------------
configure.ac | 1 +
src/g10lib.h | 12 ++++++++----
src/misc.c | 37 ++++++++++++++++++++++++++++++++++---
4 files changed, 60 insertions(+), 24 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list