summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorNicolás Reynolds <fauno@endefensadelsl.org>2014-02-01 03:35:09 +0000
committerNicolás Reynolds <fauno@endefensadelsl.org>2014-02-01 03:35:09 +0000
commit2d8813df5b3f8a63835a228496f998914755d820 (patch)
tree13ff3124b8fcf9e0b34581dfb93555b6c5b7d741 /core
parente7daa750c892363d7624ed0951bbb89ad71a3247 (diff)
Sat Feb 1 03:33:52 UTC 2014
Diffstat (limited to 'core')
-rw-r--r--core/libgcrypt/PKGBUILD26
-rw-r--r--core/libgcrypt/fix_avx_detection.patch159
-rw-r--r--core/libgcrypt/fix_slow_PBKDF2.patch75
3 files changed, 8 insertions, 252 deletions
diff --git a/core/libgcrypt/PKGBUILD b/core/libgcrypt/PKGBUILD
index b7cbad492..4ebc86309 100644
--- a/core/libgcrypt/PKGBUILD
+++ b/core/libgcrypt/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 204471 2014-01-20 16:59:28Z andyrtr $
+# $Id: PKGBUILD 204931 2014-01-31 15:34:43Z andyrtr $
# Maintainer: Andreas Radke <andyrtr@archlinux.org>
# after a .so bump first rebuild dirmngr
@@ -6,8 +6,8 @@
# then cp /usr/lib/libgcrypt.so.11 /var/lib/archbuild/staging-x86_64/root/usr/lib/ and do staging-x86_64-build
pkgname=libgcrypt
-pkgver=1.6.0
-pkgrel=2
+pkgver=1.6.1
+pkgrel=1
pkgdesc="General purpose cryptographic library based on the code from GnuPG"
arch=(i686 x86_64)
url="http://www.gnupg.org"
@@ -15,22 +15,12 @@ license=('LGPL')
depends=('libgpg-error>=1.10-2')
options=('!emptydirs')
install=$pkgname.install
-source=(ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2
- fix_avx_detection.patch
- fix_slow_PBKDF2.patch)
-sha1sums=('43283c0b41c41e3d3bc13c2d8f937dfe2aaa1a77'
- '5219ee3d6e08155149f0fa410b07736d4f502d17'
- 'a27baab3f4bda7ff6fb493115f6bdd1c990184f1')
+source=(ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2)
+sha1sums=('f03d9b63ac3b17a6972fc11150d136925b702f02')
-prepare() {
- cd ${pkgname}-${pkgver}
-
- # fix AVX/AVX2 detextion
- patch -Np1 -i ${srcdir}/fix_avx_detection.patch
-
- # fix slow PBKDF2
- patch -Np1 -i ${srcdir}/fix_slow_PBKDF2.patch
-}
+#prepare() {
+# cd ${pkgname}-${pkgver}
+#}
build() {
cd ${pkgname}-${pkgver}
diff --git a/core/libgcrypt/fix_avx_detection.patch b/core/libgcrypt/fix_avx_detection.patch
deleted file mode 100644
index 5d21c4232..000000000
--- a/core/libgcrypt/fix_avx_detection.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
-Date: Sun, 12 Jan 2014 09:31:20 +0000 (+0200)
-Subject: Fix buggy/incomplete detection of AVX/AVX2 support
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=8302d66d140d5c78c5e808fa1555ed7a8ee27921
-
-Fix buggy/incomplete detection of AVX/AVX2 support
-
-* configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2
-inline assembly checks.
-* src/hwf-x86.c [__i386__] (get_xgetbv): New function.
-[__x86_64__] (get_xgetbv): New function.
-[HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for
-XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are
-supported by OS.
---
-
-This patch is based on original patch and bug report by Panagiotis Christopoulos:
-
- Adding better detection of AVX/AVX2 support
-
- After upgrading libgcrypt from 1.5.3 to 1.6.0 on a remote XEN system (linode) my
- gpg2 stopped working properly, throwing SIGILL signals when doing sha512
- operations etc. I managed to debug this with the help of Doublas Freed
- (dwfreed at mtu.edu) and it seems that the current AVX detection just checks for
- bit 28 on cpuid but the check still works on systems that have disabled the avx/avx2
- instructions for some reason (eg. performance/unstability) resulting in SIGILLs
- (eg. when trying _gcry_sha512_transform_amd64_avx() ).
- From Intel resources[1][2], I found additional checks for better AVX
- detection and applied them in the following patch. Please review/change
- accordingly and commit some better AVX detection mechanism. The AVX part is
- tested but could not test the AVX2 one, because I lack proper hardware. I can
- provide additional information upon request. Use the patch only as a guideline,
- as it's not thoroughly tested.
-
- [1] http://software.intel.com/en-us/blogs/2011/04/14/is-avx-enabled
- [2] http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf (sections 14.3
-and 14.7.1)
-
-Reported-by: Panagiotis Christopoulos (pchrist) <pchrist@gentoo.org>
-Cc: Doublas Freed <dwfreed@mtu.edu>
-Cc: Tim Harder <radhermit@gentoo.org>
-Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
-(cherry picked from commit bbcb12187afb1756cb27296166b57fa19ee45d4d)
----
-
-diff --git a/configure.ac b/configure.ac
-index a47e13e..3387b9a 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1035,7 +1035,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports AVX instructions],
- [gcry_cv_gcc_inline_asm_avx=no
- AC_COMPILE_IFELSE([AC_LANG_SOURCE(
- [[void a(void) {
-- __asm__("vaesdeclast (%[mem]),%%xmm0,%%xmm7\n\t"::[mem]"r"(0):);
-+ __asm__("xgetbv; vaesdeclast (%[mem]),%%xmm0,%%xmm7\n\t"::[mem]"r"(0):);
- }]])],
- [gcry_cv_gcc_inline_asm_avx=yes])])
- if test "$gcry_cv_gcc_inline_asm_avx" = "yes" ; then
-@@ -1052,7 +1052,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports AVX2 instructions],
- [gcry_cv_gcc_inline_asm_avx2=no
- AC_COMPILE_IFELSE([AC_LANG_SOURCE(
- [[void a(void) {
-- __asm__("vpbroadcastb %%xmm7,%%ymm1\n\t":::"cc");
-+ __asm__("xgetbv; vpbroadcastb %%xmm7,%%ymm1\n\t":::"cc");
- }]])],
- [gcry_cv_gcc_inline_asm_avx2=yes])])
- if test "$gcry_cv_gcc_inline_asm_avx2" = "yes" ; then
-diff --git a/src/hwf-x86.c b/src/hwf-x86.c
-index 4e82558..0591b4f 100644
---- a/src/hwf-x86.c
-+++ b/src/hwf-x86.c
-@@ -95,6 +95,21 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
- if (edx)
- *edx = regs[3];
- }
-+
-+static unsigned int
-+get_xgetbv(void)
-+{
-+ unsigned int t_eax;
-+
-+ asm volatile
-+ ("xgetbv\n\t"
-+ : "=a" (t_eax)
-+ : "c" (0)
-+ );
-+
-+ return t_eax;
-+}
-+
- #endif /* i386 && GNUC */
-
-
-@@ -129,6 +144,21 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
- if (edx)
- *edx = regs[3];
- }
-+
-+static unsigned int
-+get_xgetbv(void)
-+{
-+ unsigned int t_eax;
-+
-+ asm volatile
-+ ("xgetbv\n\t"
-+ : "=a" (t_eax)
-+ : "c" (0)
-+ );
-+
-+ return t_eax;
-+}
-+
- #endif /* x86-64 && GNUC */
-
-
-@@ -138,9 +168,12 @@ detect_x86_gnuc (void)
- {
- char vendor_id[12+1];
- unsigned int features;
-+ unsigned int os_supports_avx_avx2_registers = 0;
- unsigned int max_cpuid_level;
- unsigned int result = 0;
-
-+ (void)os_supports_avx_avx2_registers;
-+
- if (!is_cpuid_available())
- return 0;
-
-@@ -215,10 +248,20 @@ detect_x86_gnuc (void)
- if (features & 0x02000000)
- result |= HWF_INTEL_AESNI;
- #endif /*ENABLE_AESNI_SUPPORT*/
-+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
-+ /* Test bit 27 for OSXSAVE (required for AVX/AVX2). */
-+ if (features & 0x08000000)
-+ {
-+ /* Check that OS has enabled both XMM and YMM state support. */
-+ if ((get_xgetbv() & 0x6) == 0x6)
-+ os_supports_avx_avx2_registers = 1;
-+ }
-+#endif
- #ifdef ENABLE_AVX_SUPPORT
- /* Test bit 28 for AVX. */
- if (features & 0x10000000)
-- result |= HWF_INTEL_AVX;
-+ if (os_supports_avx_avx2_registers)
-+ result |= HWF_INTEL_AVX;
- #endif /*ENABLE_AVX_SUPPORT*/
- #ifdef ENABLE_DRNG_SUPPORT
- /* Test bit 30 for RDRAND. */
-@@ -242,6 +285,7 @@ detect_x86_gnuc (void)
- #ifdef ENABLE_AVX2_SUPPORT
- /* Test bit 5 for AVX2. */
- if (features & 0x00000020)
-+ if (os_supports_avx_avx2_registers)
- result |= HWF_INTEL_AVX2;
- #endif /*ENABLE_AVX_SUPPORT*/
- }
-
diff --git a/core/libgcrypt/fix_slow_PBKDF2.patch b/core/libgcrypt/fix_slow_PBKDF2.patch
deleted file mode 100644
index ee1eafd52..000000000
--- a/core/libgcrypt/fix_slow_PBKDF2.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From: Milan Broz <gmazyland@gmail.com>
-Date: Mon, 13 Jan 2014 20:30:42 +0000 (+0100)
-Subject: PBKDF2: Use gcry_md_reset to speed up calculation.
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=ead3a097a9ee5908e562e6ec683707c38191acf3
-
-PBKDF2: Use gcry_md_reset to speed up calculation.
-
-* cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset
-to speed up calculation.
---
-
-Current PBKDF2 implementation uses gcry_md_set_key in every iteration
-which is extremely slow (even in comparison with other implementations).
-
-Use gcry_md_reset instead and set key only once.
-
-With this test program:
-
- char input[32000], salt[8], key[16];
- gcry_kdf_derive(input, sizeof(input), GCRY_KDF_PBKDF2,
- gcry_md_map_name("sha1"),
- salt, sizeof(salt), 100000, sizeof(key), key);
-
-running time without patch:
- real 0m11.165s
- user 0m11.136s
- sys 0m0.000s
-
-and with patch applied
- real 0m0.230s
- user 0m0.184s
- sys 0m0.024s
-
-(The problem was found when cryptsetup started to use gcrypt internal PBKDF2
-and for very long keyfiles unlocking time increased drastically.
-See https://bugzilla.redhat.com/show_bug.cgi?id=1051733)
-
-Signed-off-by: Milan Broz <gmazyland@gmail.com>
-(cherry picked from commit 04cda6b7cc16f3f52c12d9d3e46c56701003496e)
----
-
-diff --git a/cipher/kdf.c b/cipher/kdf.c
-index 503f068..af0dc48 100644
---- a/cipher/kdf.c
-+++ b/cipher/kdf.c
-@@ -175,19 +175,21 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
- return ec;
- }
-
-+ ec = _gcry_md_setkey (md, passphrase, passphraselen);
-+ if (ec)
-+ {
-+ _gcry_md_close (md);
-+ xfree (sbuf);
-+ return ec;
-+ }
-+
- /* Step 3 and 4. */
- memcpy (sbuf, salt, saltlen);
- for (lidx = 1; lidx <= l; lidx++)
- {
- for (iter = 0; iter < iterations; iter++)
- {
-- ec = _gcry_md_setkey (md, passphrase, passphraselen);
-- if (ec)
-- {
-- _gcry_md_close (md);
-- xfree (sbuf);
-- return ec;
-- }
-+ _gcry_md_reset (md);
- if (!iter) /* Compute U_1: */
- {
- sbuf[saltlen] = (lidx >> 24);
-