Commit Graph

24 Commits

Author SHA1 Message Date
Xin LI
66bdf50fac libmd: Always erase context in _Final method, and when doing
it, consistently use explicit_bzero().

Update manual pages to match the behavior.

Reviewed by:	pfg, allanjude, jmg
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D16316
2018-07-20 07:01:28 +00:00
Conrad Meyer
1245c6d1a5 Implement SHA2-224 submode of SHA2-256
Like SHA2-384:SHA2-512, SHA2-224 is simply a truncated SHA2-256 with a
different initial vector.  Add to round out the complete basic SHA2 family.
2018-07-09 07:24:05 +00:00
Alan Somers
8254c3c5d3 Fix C++ includability of crypto headers with static array sizes
C99 allows array function parameters to use the static keyword for their
sizes. This tells the compiler that the parameter will have at least the
specified size, and calling code will fail to compile if that guarantee is
not met. However, this syntax is not legal in C++.

This commit reverts r300824, which worked around the problem for
sys/sys/md5.h only, and introduces a new macro: min_size(). min_size(x) can
be used in headers as a static array size, but will still compile in C++
mode.

Reviewed by:	cem, ed
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D8277
2016-10-18 23:20:49 +00:00
Ed Maste
de13c2427d libmd: introduce functions that operate on an fd instead of filename
Reviewed by:	allanjude, cem
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D8264
2016-10-17 13:47:22 +00:00
Colin Percival
696c3895ae Retune SHA2 code for improved performance on CPUs with more ILP and
a preference for memory load instructions over large code footprints
with embedded immediate variables.

On amd64 CPUs from 2007-2008 there is not a significant change, but
amd64 CPUs from 2009-2010 get roughly 10% more throughput with this
code; amd64 CPUs from 2011-2012 get roughly 15% more throughput; and
AMD64 CPUs from 2013-2015 get 20-25% more throughput.  The Raspberry
Pi 2 increases its throughput by 6-8%.

Sponsored by:	Tarsnap Backup Inc.
Performance tested by:	allanjude
MFC after:	3 weeks
2016-05-29 17:26:40 +00:00
Allan Jude
1780e40715 Implement SHA-512 truncated (224 and 256 bits)
This implements SHA-512/256, which generates a 256 bit hash by
calculating the SHA-512 then truncating the result. A different initial
value is used, making the result different from the first 256 bits of
the SHA-512 of the same input. SHA-512 is ~50% faster than SHA-256 on
64bit platforms, so the result is a faster 256 bit hash.

The main goal of this implementation is to enable support for this
faster hashing algorithm in ZFS. The feature was introduced into ZFS
in r289422, but is disconnected because SHA-512/256 support was missing.
A further commit will enable it in ZFS.

This is the follow on to r292782

Reviewed by:	cem
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D6061
2016-05-28 16:06:07 +00:00
Conrad Meyer
571ebf7685 crypto routines: Hint minimum buffer sizes to the compiler
Use the C99 'static' keyword to hint to the compiler IVs and output digest
sizes.  The keyword informs the compiler of the minimum valid size for a given
array.  Obviously not every pointer can be validated (i.e., the compiler can
produce false negative but not false positive reports).

No functional change.  No ABI change.

Sponsored by:	EMC / Isilon Storage Division
2016-05-26 19:29:29 +00:00
Allan Jude
7a3f5d11fb Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
cperciva's libmd implementation is 5-30% faster

The same was done for SHA256 previously in r263218

cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation

Extend sbin/md5 to create sha384(1)

Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}

Reviewed by:	cperciva, des, delphij
Approved by:	secteam, bapt (mentor)
MFC after:	2 weeks
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3929
2015-12-27 17:33:59 +00:00
John-Mark Gurney
2ff9c4f915 Complete the move that was started w/ r263218.. For some reason I
didn't delete the files, so that means we need to bring the changes in
r282726 to the correct files..

make tinderbox completed with this patch...
2015-07-11 03:12:34 +00:00
John-Mark Gurney
8083f14fc2 replace the kernel's version w/ cperciva's implementation... In all
my tests, it is faster ~20%, even on an old IXP425 533MHz it is ~45%
faster...  This is partly due to loop unrolling, so the code size does
significantly increase...  I do plan on committing a version that
rolls up the loops again for smaller code size for embedded systems
where size is more important than absolute performance (it'll save ~6k
code)...

The kernel implementation is now shared w/ userland's libcrypt and
libmd...

We drop support for sha256 from sha2.c, so now sha2.c only contains
sha384 and sha512...

Reviewed by:	secteam@
2014-03-16 01:43:23 +00:00
John-Mark Gurney
97447ea423 copy these files from lib/libmd in preperation for moving these files
into the kernel...
2014-03-16 00:57:26 +00:00
Xin LI
76a207c2b9 Sync with KAME.
MFC after:	1 month
2013-07-09 22:04:35 +00:00
Robert Millan
f19122edbf Allow assert() to operate correctly when building userland code. 2013-07-09 10:27:26 +00:00
Rebecca Cran
3283511248 Make private functions static.
PR:		kern/43611
Submitted by:	Matt Emmerton <matt at gsicomp.on.ca>
Reviewed by:	kib
MFC after:	3 days
2011-02-21 16:21:43 +00:00
Kevin Lo
4b29020487 Initialize T1 to silent gcc warning.
Approved by: cognet
2006-10-22 02:19:33 +00:00
Alexander Kabaev
bcbd3d69bf GCC 3.4.6 gets confused on this file and produces bogus warning.
Shut it up.
2006-08-26 21:48:00 +00:00
Poul-Henning Kamp
5fdd8d28a3 Correctly bzero the entire context, not just the first sizeof(void *) bytes.
Found by:	Juergen Buchmueller <pullmoll@stop1984.com>
2003-09-08 18:32:33 +00:00
David E. O'Brien
ad39da7821 Use __FBSDID(). 2003-06-10 21:44:29 +00:00
Poul-Henning Kamp
ba459bd472 Make this compilable from userland as well. 2002-11-01 08:56:39 +00:00
Mark Murray
d56fb9ceb0 Fix some really pedantic GCC warnings. 2002-07-15 13:45:15 +00:00
Alfred Perlstein
14e10f9952 Remove __P. 2002-03-20 05:14:42 +00:00
Hajimu UMEMOTO
e8647cfc81 off by one error in Aaron Gifford's code. KAME PR 393.
PR:		kern/34242
Submitted by:	Aaron D. Gifford <agifford@infowest.com>
MFC after:	1 week
2002-02-26 16:58:58 +00:00
Hajimu UMEMOTO
c56df4e782 less warning
warning: cast discards qualifiers from pointer target type
2001-06-16 19:32:37 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00