| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
For some plugin features, such as crypters or AEADs, we have some additional
feature arguments, such as the key size.
|
| |
|
|
|
|
|
|
|
|
| |
By using a derived key r^2 we can improve performance, as we can do loop
unrolling and slightly better utilize SIMD instructions.
Overall ChaCha20-Poly1305 performance increases by ~12%.
Converting integers to/from our 5-word representation in SSE does not seem
to pay off, so we work on individual words.
|
| |
|
|
|
| |
As we don't have to shuffle the state in each ChaCha round, overall performance
for ChaCha20-Poly1305 increases by ~40%.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We always build the driver on x86/x64, but enable it only if SSSE3 support
is detected during runtime.
Poly1305 uses parallel 32-bit multiplication operands yielding a 64-bit result,
for which two can be done in parallel in SSE. This is minimally faster than
multiplication with 64-bit operands, and also works on 32-bit builds not having
a __int128 result type.
On a 32-bit architecture, this is more than twice as fast as the portable
driver, and on 64-bit it is ~30% faster.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As it turns out, getpwnam_r, getgrnam_r, and friends will return
ERANGE if _any_ user or group on the system is larger than will fit
into the scratch buffer you pass to them.
This reworks the resolve_uid and resolve_gid methods plus
init_supplementary_groups to use a variable-size buffer that is grown
until the results fit.
Based on a patch by Evan Broder.
Closes strongswan/strongswan#12.
|
| |
|
|
| |
Was added in bc4748832395 ("Add a return value to prf_t.get_bytes()").
|
| |
|
|
|
| |
The header file was created in the source directory before, where it
wasn't found by the generated C files in the build directory.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use the message ID and fragment number as IV generator. As IKEv2 uses
distinct message ID counters for actively and passively initiated exchanges,
each IV would be used twice. As we explicitly reject such message IDs since
d0ed1079, original-responder initiated exchanges fail with counter mode ciphers.
This commit separates IV space in two halves for sequential IVs, and
automatically assigns once reused sequence numbers to the second half.
Fixes #980.
|
| |
|
|
|
| |
While no algorithm actually uses such short IVs, we add a check here to ensure
we won't return just the lower bits of the counter.
|
| |
|
|
| |
We allow gaps in IVs, but ensure that an IV is never used more than once.
|
| |
|
|
|
|
|
|
| |
This prevented `stroke memusage` from reporting the leaks on the
console. Instead, they were sent to the callbacks set up by libstrongswan.
Fixes a426851f6362 ("leak-detective: Use callback functions to report
leaks and usage information").
|
| |
|
|
|
|
| |
While DES-ECB is not registered by the plugin in this case (so the
function will never actually be called), the compiler still warns
about the implicitly declared function.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Some build bots running make check seem to have longer for the DH testing.
|
| |
|
|
|
|
| |
We don't actually define a vector, but only prototype the test vector
implemented in a different file. GCC uses the correct symbol during testing,
but clang correctly complains about duplicated symbols during linking.
|
| | |
|
| |
|
|
|
|
| |
We see any plugin startup messages during suite configuration, where
initialization is called once to query plugin features. No need to be verbose
and show these messages once again in the first test.
|
| | |
|
| |
|
|
|
|
| |
This allows us to show which transform from which plugin failed. Also, we use
the new cleanup handler functionality that allows proper deinitialization on
failure or timeout.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
If a test fails in a timeout or a test failure, longjmp() is used to restore
the thread context and handle test failure. However, there might be unreleased
resources, namely locks, which prevent the library to clean up properly after
finishing the test.
By using thread cleanup handlers, we can release any test subject internal or
test specific external resources on test failure. We do so by calling all
registered cleanup handlers.
|
| | |
|
| |
|
|
|
| |
This is called only by the thread for its own thread_t, and does not need
synchronization.
|
| |
|
|
|
|
| |
The libgcrypt RNG implementation uses static buffer allocation which it does
not free. There is no symbol we can catch in leak-detective, hence we explicitly
initialize the RNG during the whitelisted gcrypt_plugin_create() function.
|
| |
|
|
|
|
| |
gcry_check_version() does not free statically allocated resources. However,
we can't whitelist it in some versions, as it is not a resolvable symbol name.
Instead, whitelist our own plugin constructor function.
|
| |
|
|
| |
This is often more convenient than specifying plugins in a configuration file.
|
| |
|
|
|
| |
As we test DH calculations this now takes more time. If multiple DH backends
are enabled, we likely hit the default test timeout.
|
| | |
|
| | |
|
