Page MenuHome GnuPG

jukivili (Jussi Kivilinna)
User

Projects

User Details

User Since
Mar 27 2017, 4:48 PM (403 w, 6 d)
Availability
Available

Recent Activity

Nov 9 2024

jukivili committed rC022f44b6d894: Add vector register clearing for PowerPC implementations (authored by jukivili).
Add vector register clearing for PowerPC implementations
Nov 9 2024, 6:09 AM
jukivili committed rC52bd6fc0c038: rijndael-ppc: fix 'may be used uninitialized' warnings (authored by jukivili).
rijndael-ppc: fix 'may be used uninitialized' warnings
Nov 9 2024, 6:09 AM
jukivili committed rC6a128b2380a4: salsa20-amd64: clear vectors registers (authored by jukivili).
salsa20-amd64: clear vectors registers
Nov 9 2024, 6:09 AM
jukivili committed rCc479b9dd5a38: whirlpool-sse2-amd64: clear vectors registers (authored by jukivili).
whirlpool-sse2-amd64: clear vectors registers
Nov 9 2024, 6:09 AM
jukivili committed rC762ccf64429d: camellia-aarch64-ce: clear volatile vectors registers (authored by jukivili).
camellia-aarch64-ce: clear volatile vectors registers
Nov 9 2024, 6:09 AM
jukivili committed rCaf84aa32427d: sm3-aarch64-ce: clear volatile vector registers (authored by jukivili).
sm3-aarch64-ce: clear volatile vector registers
Nov 9 2024, 6:09 AM
jukivili committed rC3d3e346cc3f5: gcm-aarch64-ce: clear volatile vector registers at setup function (authored by jukivili).
gcm-aarch64-ce: clear volatile vector registers at setup function
Nov 9 2024, 6:09 AM
jukivili committed rC42495ad3a80e: sm4-aarch64-ce: clear volatile vector registers (authored by jukivili).
sm4-aarch64-ce: clear volatile vector registers
Nov 9 2024, 6:09 AM
jukivili committed rCfb78bc85dfe1: sm4-aarch64-sve: clear volatile vectors registers (authored by jukivili).
sm4-aarch64-sve: clear volatile vectors registers
Nov 9 2024, 6:09 AM
jukivili committed rCf6cebb330d87: sm4-aarch64: clear volatile vectors registers (authored by jukivili).
sm4-aarch64: clear volatile vectors registers
Nov 9 2024, 6:09 AM
jukivili committed rC341945ae9651: sm4-aarch64-sve: add missing .text section (authored by jukivili).
sm4-aarch64-sve: add missing .text section
Nov 9 2024, 6:09 AM
jukivili committed rC94a63aedbbd2: Add AES Vector Permute intrinsics implementation for AArch64 (authored by jukivili).
Add AES Vector Permute intrinsics implementation for AArch64
Nov 9 2024, 6:09 AM
jukivili committed rCfec871fd18c7: Add GHASH AArch64/SIMD intrinsics implementation (authored by jukivili).
Add GHASH AArch64/SIMD intrinsics implementation
Nov 9 2024, 6:09 AM

Aug 28 2024

jukivili closed T7264: libgcrypt `tests/pkcs1v2` test fails in FIPS mode as Resolved.
Aug 28 2024, 6:04 PM · libgcrypt, Bug Report
jukivili added a comment to T7264: libgcrypt `tests/pkcs1v2` test fails in FIPS mode.

Thanks. Test works in my nightly builds now.

Aug 28 2024, 6:04 PM · libgcrypt, Bug Report

Aug 22 2024

jukivili created T7264: libgcrypt `tests/pkcs1v2` test fails in FIPS mode.
Aug 22 2024, 6:41 AM · libgcrypt, Bug Report

Aug 8 2024

jukivili committed rCb73f54fed2c4: camellia-aarch64: do not store/load link register to/from stack (authored by jukivili).
camellia-aarch64: do not store/load link register to/from stack
Aug 8 2024, 8:16 PM
jukivili committed rC55e2e23401c6: Add PAC/BTI support for AArch64 assembly (authored by jukivili).
Add PAC/BTI support for AArch64 assembly
Aug 8 2024, 8:16 PM
jukivili committed rC93aad101d579: Do not build 32-bit ARM assembly on Aarch64 (authored by jukivili).
Do not build 32-bit ARM assembly on Aarch64
Aug 8 2024, 8:16 PM

Aug 7 2024

jukivili committed rC9c93b4607adc: mpi/ec-inline: reduce register pressure on 32-bit ARM (authored by jukivili).
mpi/ec-inline: reduce register pressure on 32-bit ARM
Aug 7 2024, 9:01 AM
jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

Do you have any way to test PAC/BTI on actual HW that support these extensions?

Aug 7 2024, 8:16 AM · libgcrypt, Bug Report

Aug 5 2024

jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

This excludes 32-bit ARM assembly from Aarch64 builds:

Aug 5 2024, 7:23 PM · libgcrypt, Bug Report

Aug 4 2024

jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

Here's patch:

Aug 4 2024, 5:58 PM · libgcrypt, Bug Report
jukivili added a comment to T7226: libgcrypt 1.11.0 buid error on armhf with gcc-14.

This patch should fix the issue:

Aug 4 2024, 5:20 PM · FTBFS, arm, libgcrypt, Bug Report
jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

Ok, so aarch64 assembly would need PAC and BTI support. As far as I have understood these, is that PAC instructions are not needed with current assembly as none of those is storing/loading LR register (all aarch64 assembly functions are leaf functions). So only BTI is needed and that is basically same modification as CET on x86.

Aug 4 2024, 4:36 PM · libgcrypt, Bug Report

Jul 29 2024

jukivili committed rC64ec13d11b08: Add CET support for i386 assembly (authored by jukivili).
Add CET support for i386 assembly
Jul 29 2024, 8:57 PM
jukivili committed rCd69e6a29b986: Add CET support for x86-64 assembly (authored by jukivili).
Add CET support for x86-64 assembly
Jul 29 2024, 8:57 PM
jukivili committed rC5797d75e3b91: Do not build amd64 assembly on i386 (authored by jukivili).
Do not build amd64 assembly on i386
Jul 29 2024, 8:57 PM
jukivili committed rCdd42a4e03e06: Do not build i386 assembly on x86-64 (authored by jukivili).
Do not build i386 assembly on x86-64
Jul 29 2024, 8:57 PM
jukivili committed rC7ee2e73495d0: asm-common-amd64: add missing CFI directives for large memory model code (authored by jukivili).
asm-common-amd64: add missing CFI directives for large memory model code
Jul 29 2024, 8:57 PM

Jul 27 2024

jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

"rijndael-vaes-avx2-i386.S" should not be build for x86-64 but until now that has not had any affect as #ifdefs in that source file result empty object file on x86-64.

Jul 27 2024, 7:23 AM · libgcrypt, Bug Report

Jul 26 2024

jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

Here's patches for adding CET support to x86-64 and i386 assembly.

Jul 26 2024, 10:11 AM · libgcrypt, Bug Report
jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

OpenBSD carries libgcrypt patch for CET which adds endbr64 instruction to CFI_STARTPROC() macro in "asm-common-amd64.h". We could do the same and also add endbr32 to i386 too. That would be easiest way to add required endbr instructions. OpenBSD also has patch for arm64 to add similar BTI instructions to aarch64 variant of CFI_STARTPROC.

Jul 26 2024, 10:02 AM · libgcrypt, Bug Report
jukivili added a comment to T7221: Disable -O flag munging when the libgcrypt is not compiled with rndjent.

There is -O flag munging for "tiger.o" in "cipher/Makefile.am", an old workaround for broken compiler I think. IMHO tiger.o case can and should be removed.

Jul 26 2024, 9:33 AM · libgcrypt, Bug Report
jukivili added a comment to T7220: The CF protection not enabled in libgcrypt.

OpenBSD carries libgcrypt patch for CET which adds endbr64 instruction to CFI_STARTPROC() macro in "asm-common-amd64.h". We could do the same and also add endbr32 to i386 too. That would be easiest way to add required endbr instructions. OpenBSD also has patch for arm64 to add similar BTI instructions to aarch64 variant of CFI_STARTPROC.

Jul 26 2024, 9:29 AM · libgcrypt, Bug Report

Jul 7 2024

jukivili updated the task description for T4460: libgcrypt performance TODOs.
Jul 7 2024, 1:36 PM · libgcrypt
jukivili added a project to T7184: Libgcrypt v1.11.0 make fails at cipher/blake2.c:834:6 (has no member named 'use_avx512'): libgcrypt.
Jul 7 2024, 1:23 PM · libgcrypt, Bug Report

Jun 24 2024

jukivili committed rCe96df0c82e08: random:cipher: handle substitution in sed command (authored by simit.ghane).
random:cipher: handle substitution in sed command
Jun 24 2024, 9:05 PM
jukivili closed T7175: libgcrypt 1.11.0 fails to build on 32bit Windows with Clang as Resolved.
Jun 24 2024, 6:40 AM · clang, Windows, libgcrypt, Bug Report

Jun 23 2024

jukivili committed rCd37cdd5bcb1e: mpi/generic: use longlong.h for carry handling (authored by jukivili).
mpi/generic: use longlong.h for carry handling
Jun 23 2024, 4:43 PM
jukivili committed rC414b4251fdb3: chacha20-ppc: fix implicit conversion between vector types warnings (authored by jukivili).
chacha20-ppc: fix implicit conversion between vector types warnings
Jun 23 2024, 4:42 PM
jukivili committed rC1f8a5aa86dad: rijndael-p10le: silence incorrect GCC cast alignment warning (authored by jukivili).
rijndael-p10le: silence incorrect GCC cast alignment warning
Jun 23 2024, 4:42 PM
jukivili committed rCa9f112f36392: chacha20-ppc: silence GCC cast alignment warning (authored by jukivili).
chacha20-ppc: silence GCC cast alignment warning
Jun 23 2024, 4:42 PM
jukivili committed rC26a462925e22: src/hwf-x86: disable inline assembly CFI directivies for WIN32 (authored by jukivili).
src/hwf-x86: disable inline assembly CFI directivies for WIN32
Jun 23 2024, 4:42 PM
jukivili closed T7167: The libgcrypt 1.11.0 tests fail on s390x, a subtask of T7165: Release Libgcrypt 1.11.0, as Resolved.
Jun 23 2024, 4:39 PM · Release Info, libgcrypt
jukivili closed T7167: The libgcrypt 1.11.0 tests fail on s390x as Resolved.
Jun 23 2024, 4:39 PM · libgcrypt, s390, Bug Report

Jun 22 2024

jukivili added a comment to T7175: libgcrypt 1.11.0 fails to build on 32bit Windows with Clang.

I tried to reproduce issue with clang/w32 toolchain from https://github.com/mstorsjo/llvm-mingw but there build worked even with CFI directives.

Jun 22 2024, 3:00 PM · clang, Windows, libgcrypt, Bug Report
jukivili added a comment to T7175: libgcrypt 1.11.0 fails to build on 32bit Windows with Clang.

Hm, CFI directives should not be used on WIN32 target. This patch should solve the issue for now:

Jun 22 2024, 2:57 PM · clang, Windows, libgcrypt, Bug Report
jukivili committed rC2486d9b5ae01: Disable SHA3 s390x acceleration for CSHAKE (authored by jukivili).
Disable SHA3 s390x acceleration for CSHAKE
Jun 22 2024, 2:45 PM
jukivili added a comment to T7167: The libgcrypt 1.11.0 tests fail on s390x.

Thanks for testing. I pushed this fix to libgcrypt master.

Jun 22 2024, 2:35 PM · libgcrypt, s390, Bug Report

Jun 21 2024

jukivili added a comment to T7167: The libgcrypt 1.11.0 tests fail on s390x.

Just to make sure, did you use the updated version of the patch? I edited the message with fix candidate and changed the attachment.

Jun 21 2024, 10:46 AM · libgcrypt, s390, Bug Report

Jun 20 2024

jukivili added a comment to T7167: The libgcrypt 1.11.0 tests fail on s390x.

Here's fix candidate (edit, new try):

Jun 20 2024, 7:12 PM · libgcrypt, s390, Bug Report
jukivili added a comment to T7167: The libgcrypt 1.11.0 tests fail on s390x.

Algo 329 and 330 are the new CSHAKE128 and CSHAKE256 digest algos. Looks that s390x only support accelerating SHA3 and SHAKE, as only SHA3 and SHAKE suffix are supported (see keccak_final_s390x()). So s390x acceleration needs to be disabled for CSHAKE algos.

Jun 20 2024, 6:06 AM · libgcrypt, s390, Bug Report

May 29 2024

jukivili added a comment to T7136: libgcrypt: Implement constant-time RSA decryption (Marvin attack fix).

I left review comments in gitlab. One additional concern is license for mpi-mul-cs.c, original code not having copyright information... "does not have any copyright information, assuming public domain".

May 29 2024, 8:01 AM · libgcrypt, Bug Report

May 9 2024

jukivili committed rC5afadba00891: random: fix o_flag_munging for -O1 (authored by jukivili).
random: fix o_flag_munging for -O1
May 9 2024, 11:21 AM

May 8 2024

jukivili closed T7111: aarch64 assembly code for chacha20 should use local symbols for internal data as Resolved.
May 8 2024, 9:02 PM · asm, arm, libgcrypt, Bug Report
jukivili claimed T7111: aarch64 assembly code for chacha20 should use local symbols for internal data.
May 8 2024, 9:01 PM · asm, arm, libgcrypt, Bug Report
jukivili committed rC3f5989014a1b: chacha20-aarch64: use local symbols for read-only data (authored by jukivili).
chacha20-aarch64: use local symbols for read-only data
May 8 2024, 9:01 PM
jukivili added a comment to T7111: aarch64 assembly code for chacha20 should use local symbols for internal data.

Thanks for report. I've applied this change to master.

May 8 2024, 9:01 PM · asm, arm, libgcrypt, Bug Report

Apr 30 2024

jukivili committed rC5a653a9129d7: serpent-avx512-x86: fix CBC and CFB decryption with clang-18 (authored by jukivili).
serpent-avx512-x86: fix CBC and CFB decryption with clang-18
Apr 30 2024, 9:42 PM

Mar 1 2024

jukivili added a comment to T7022: libgcrypt-1.10.3 regression on hppa.

Looks good to me. __CLOBBER_CC is needed as PA-RISC has carry/borrow bits in status register for add/sub instructions.

Mar 1 2024, 8:02 PM · libgcrypt, Gentoo, hppa, Bug Report

Feb 28 2024

jukivili added a comment to T7022: libgcrypt-1.10.3 regression on hppa.

No, hardware barrier is not needed here. Compiler barrier is used here to prevent optimization removing mask generation and usage in following constant-time code.

Feb 28 2024, 9:34 PM · libgcrypt, Gentoo, hppa, Bug Report

Feb 4 2024

jukivili committed rC0929a9f1ede2: Fix Kyber segfaulting on Win64 (authored by jukivili).
Fix Kyber segfaulting on Win64
Feb 4 2024, 8:48 PM
jukivili committed rC679b07898897: rijndael-s390x: fix AES256-XTS feature mask (authored by jukivili).
rijndael-s390x: fix AES256-XTS feature mask
Feb 4 2024, 8:48 PM

Dec 21 2023

jukivili added a comment to T6892: libgcrypt-1.10.3 build failure on x86 with -Og.

Fix for i386 assembly pushed to master and 1.10 branch.

Dec 21 2023, 8:18 PM · libgcrypt, Bug Report
jukivili committed rCc9cb10f3be22: bench-slope: restore compiler barriers for auto-GHZ check (authored by jukivili).
bench-slope: restore compiler barriers for auto-GHZ check
Dec 21 2023, 6:10 PM
jukivili committed rC956f1ed4ec6e: mpi/ec-inline: refactor i386 assembly to reduce register usage (authored by jukivili).
mpi/ec-inline: refactor i386 assembly to reduce register usage
Dec 21 2023, 6:10 PM

Dec 19 2023

jukivili added a comment to T6892: libgcrypt-1.10.3 build failure on x86 with -Og.

It looks that this is a bit more problematic case than I thought. Now building i386 with "-O2 -fsanitize=undefined" flags fails. I need to think little bit more how to handle this.

Dec 19 2023, 7:00 AM · libgcrypt, Bug Report

Dec 18 2023

jukivili committed rC90097bd2f41c: mpi/ec-nist: fix for -Og build failure on i386 (authored by jukivili).
mpi/ec-nist: fix for -Og build failure on i386
Dec 18 2023, 6:52 PM

Dec 16 2023

jukivili added a project to T6892: libgcrypt-1.10.3 build failure on x86 with -Og: libgcrypt.
Dec 16 2023, 6:57 PM · libgcrypt, Bug Report
jukivili added a comment to T6892: libgcrypt-1.10.3 build failure on x86 with -Og.

Attached patch should workaround the issue:

Dec 16 2023, 6:56 PM · libgcrypt, Bug Report

Nov 4 2023

jukivili committed rC39d5364a9557: mpih_mod: avoid unintentional conditional branch (authored by jukivili).
mpih_mod: avoid unintentional conditional branch
Nov 4 2023, 1:23 PM
jukivili committed rCc419a04d529a: mpih-const-time: use constant-time comparisons conditional add/sub/abs (authored by jukivili).
mpih-const-time: use constant-time comparisons conditional add/sub/abs
Nov 4 2023, 1:23 PM
jukivili committed rCcf757cf90e9a: const-time: add functions for generating masks from 0/1 input (authored by jukivili).
const-time: add functions for generating masks from 0/1 input
Nov 4 2023, 1:23 PM
jukivili committed rC305a65c1ede8: ec: avoid unintentional condition branches for 25519, 448 and 256k1 (authored by jukivili).
ec: avoid unintentional condition branches for 25519, 448 and 256k1
Nov 4 2023, 1:23 PM
jukivili committed rCaab6a42d5f44: mpih_cmp_ui: avoid unintentional conditional branch (authored by jukivili).
mpih_cmp_ui: avoid unintentional conditional branch
Nov 4 2023, 1:23 PM
jukivili committed rC5c5ba1ec2b50: ec-nist: use global vone and vzero (authored by jukivili).
ec-nist: use global vone and vzero
Nov 4 2023, 1:23 PM
jukivili committed rCa9e7aa647e4b: ec-nist: avoid unintentional conditional branch by comparison (authored by jukivili).
ec-nist: avoid unintentional conditional branch by comparison
Nov 4 2023, 1:23 PM
jukivili committed rC4d3e0e30b98b: const-time: ct_memmov_cond: switch to use dual mask approach (authored by jukivili).
const-time: ct_memmov_cond: switch to use dual mask approach
Nov 4 2023, 1:23 PM
jukivili committed rC179df341162c: mpih-const-time: use global vzero/vone variable (authored by jukivili).
mpih-const-time: use global vzero/vone variable
Nov 4 2023, 1:23 PM
jukivili committed rCd4aee9ace9a9: mpiutil: use global vone and vzero (authored by jukivili).
mpiutil: use global vone and vzero
Nov 4 2023, 1:23 PM
jukivili committed rC22dde5150ee2: const-time: prefix global symbols with _gcry_ (authored by jukivili).
const-time: prefix global symbols with _gcry_
Nov 4 2023, 1:22 PM
jukivili committed rC0c6ec6bbe788: mpih_set_cond: restore EM leakage mitigation (authored by jukivili).
mpih_set_cond: restore EM leakage mitigation
Nov 4 2023, 1:22 PM
jukivili committed rC84f934c09afa: rsa, elgamal: avoid logical not operator in constant-time code (authored by jukivili).
rsa, elgamal: avoid logical not operator in constant-time code
Nov 4 2023, 1:22 PM
jukivili committed rC137e35ad47ee: const-time: always avoid comparison operator for byte comparison (authored by jukivili).
const-time: always avoid comparison operator for byte comparison
Nov 4 2023, 1:22 PM
jukivili committed rC1e9ddbd65c46: Use single constant-time memory comparison implementation (authored by jukivili).
Use single constant-time memory comparison implementation
Nov 4 2023, 1:22 PM
jukivili committed rCa047a9c7d108: bench-slope: update auto-GHZ for alderlake-P (authored by jukivili).
bench-slope: update auto-GHZ for alderlake-P
Nov 4 2023, 1:03 PM

Oct 23 2023

jukivili added a comment to T6637: PQC for Libgcrypt.

Yes, int8_t/int16_t/int32_t/uint8_t/uint16_t/uint32_t should not be used. There is size-specific integer types defined in src/types.h which can be used instead (byte/u16/u32). This header does not yet have signed integer types, but those can be added (for example, s8/s16/s32).

Oct 23 2023, 7:00 PM · PQC, libgcrypt
jukivili closed T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY as Resolved.
Oct 23 2023, 6:56 PM · Debian, libgcrypt, Bug Report

Oct 17 2023

jukivili updated the task description for T4460: libgcrypt performance TODOs.
Oct 17 2023, 5:57 PM · libgcrypt

Oct 15 2023

jukivili added a comment to T6637: PQC for Libgcrypt.
  • There's many functions that use buffers on stack. Do those contain secrets? Should those buffers be wiped before returning from function (with wipememory())? For example, "mlkem_check_secret_key" has two buffers "shared_secret_1" and "shared_secret_2" which are not wiped.
  • mlkem.c: mlkem_check_secret_key: "memcmp" is used to compare shared secrets. Should this use constant time comparison instead?
  • mlkem-common.c: _gcry_mlkem_mlkem_shake256_rkprf:
    • _gcry_md_hash_buffers_extract can be used here instead of _gcry_md_open&write&extract&close.
  • mlkem-symmetric.c: _gcry_mlkem_shake256_prf:
    • _gcry_md_hash_buffers_extract can be used here instead of _gcry_md_open&write&extract&close. Temporary buffer usage can be avoided by passing input buffers through two IOV to _gcry_md_hash_buffers_extract.
Oct 15 2023, 5:08 PM · PQC, libgcrypt
jukivili added a comment to T6637: PQC for Libgcrypt.

Few comments on the patches.

Oct 15 2023, 4:38 PM · PQC, libgcrypt

Sep 30 2023

jukivili committed rC325786acd445: blake2-avx512: merge some of the gather loads (authored by jukivili).
blake2-avx512: merge some of the gather loads
Sep 30 2023, 1:30 PM

Sep 15 2023

jukivili added a comment to T6561: OpenPGP benchmarks on Windows OCB vs. CFB + MDC vs. Unsigned vs. Signed on real data..

Just started wondering how much of this slow down is because of MingW libc not having very well optimized memcpy/memmove/memchr/strlen/etc. Is there profiling tools like 'perf' on Linux that could be used for Windows builds?

Sep 15 2023, 6:07 PM · gnupg

Aug 20 2023

jukivili committed rC59f14c1db37e: blake2b-avx512: replace VPGATHER with manual gather (authored by jukivili).
blake2b-avx512: replace VPGATHER with manual gather
Aug 20 2023, 8:59 PM
jukivili committed rCded3a1ec2ec6: twofish-avx2-amd64: replace VPGATHER with manual gather (authored by jukivili).
twofish-avx2-amd64: replace VPGATHER with manual gather
Aug 20 2023, 8:59 PM
jukivili committed rCf2bf9997d465: Avoid VPGATHER usage for most of Intel CPUs (authored by jukivili).
Avoid VPGATHER usage for most of Intel CPUs
Aug 20 2023, 8:59 PM

Jul 17 2023

jukivili committed rCa5f88f30ce61: hwf-x86: use CFI statements for 'is_cpuid_available' (authored by jukivili).
hwf-x86: use CFI statements for 'is_cpuid_available'
Jul 17 2023, 3:43 PM
jukivili committed rC35829d38d61f: configure: fix HAVE_GCC_ASM_CFI_DIRECTIVES check (authored by jukivili).
configure: fix HAVE_GCC_ASM_CFI_DIRECTIVES check
Jul 17 2023, 3:43 PM
jukivili committed rC4a42a042bcf6: Add VAES/AVX2 accelerated i386 implementation for AES (authored by jukivili).
Add VAES/AVX2 accelerated i386 implementation for AES
Jul 17 2023, 3:43 PM