diff options
Diffstat (limited to 'comm/third_party/libgcrypt/ChangeLog')
-rw-r--r-- | comm/third_party/libgcrypt/ChangeLog | 13947 |
1 files changed, 13947 insertions, 0 deletions
diff --git a/comm/third_party/libgcrypt/ChangeLog b/comm/third_party/libgcrypt/ChangeLog new file mode 100644 index 0000000000..72ea034caf --- /dev/null +++ b/comm/third_party/libgcrypt/ChangeLog @@ -0,0 +1,13947 @@ +2021-02-17 Werner Koch <wk@gnupg.org> + + Release 1.9.2. + + commit 24bd7e8215f7982b0c8db46fd87b47b370a52ec6 + + +2021-02-12 NIIBE Yutaka <gniibe@fsij.org> + + random: Fix build for macOS. + + commit d78cdf42854b17e2216890e7b78f9e7e05c0b1f8 + * random/rndlinux.c [__APPLE__] (HAVE_GETENTROPY): Valid only when the + macro __MAC_10_11 is available. + +2021-02-08 Werner Koch <wk@gnupg.org> + + tests: Fix minor glitches. + + commit 82395f11b444651f544f5e51c62fc6b65c04f9ef + * tests/basic.c (ALWAYS_INLINE): Make sure it is defined. + * tests/version.c (main): Print the config info to stdout. + + New test Makefile target xtestsuite. + + commit ebc4d5670a1ada54ad907a4836eb8f6f573c2c38 + * tests/Makefile.am (xtestsuite, xcheck): New targets. + + New test driver to allow for standalone regression tests. + + commit b142da4c88deef4798ef96061dac399df3ddd73d + * tests/testdrv.c: New. + +2021-02-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + sha256-avx2: fix reading beyond end of input buffer. + + commit 24af2a55d862d45fe3aef6b5626a52d9bb0fb17e + * cipher/sha256-avx2-bmi2-amd64.S + (_gcry_sha256_transform_amd64_avx2): Use 'last block' code path if + input length is only one block. + * tests/basic.c (check_one_md_final): Use dynamic allocated buffer + so that in future similar access errors get detected by + tests/basic + valgrind. + + ecc-ecdh: fix memory leak. + + commit 289543544e41cd5fe90352c5c7548ac09da533cc + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Free 'ec' at function exit. + + tests: allow running 'make check' with ASAN. + + commit f46a6bd9b3d7ef7d1a72c5b6da5cf34ace2ff156 + * tests/t-secmem.c (main): Skip test if environment variable + GCRYPT_IN_ASAN_TEST is defined. + * tests/t-sexp.c (main): Do not initialize secmem if environment + variable GCRYPT_IN_ASAN_TEST is defined. + + global: make sure that bulk config string is null-terminated. + + commit 8716e4b2ada21456802aee67c2bc8edfec78f820 + * src/global.c (_gcry_get_config): Append null-terminator to output + in the 'what == NULL' case. + + Add handling for -Og with O-flag munging. + + commit a71b7de32b0c7c41359335a488cfe4dd70c65121 + * cipher/Makefile.am (o_flag_munging): Add handling for '-Og'. + * random/Makefile.am (o_flag_munging): Add handling for '-Og'. + + jent: silence ubsan warning about signed overflow. + + commit 6fc11291282a668839040c72a1d558a6ebbd4972 + * random/jitterentropy-base.c (jent_stuck): Cast 'delta2' values to + 'uint64_t' for calculation. + + Fix ubsan warnings for i386 build. + + commit 364e9e9d10503b36f98fbb1b489e00026f22c9d7 + * mpi/mpicoder.c (_gcry_mpi_set_buffer) [BYTES_PER_MPI_LIMB == 4]: Cast + "*p--" values to mpi_limb_t before left shifting. + * tests/t-lock.c (main): Cast 'time(NULL)' to unsigned type. + + Fix building with --disable-asm on x86. + + commit af23ab5c5482d625ff52e60606cf044e2b0106c8 + * cipher/keccak.c (USE_64BIT_BMI2, USE_64BIT_SHLD) + (USE_32BIT_BMI2): Depend also on HAVE_CPU_ARCH_X86. + * random/rndjent.c [__i386__ || __x86_64__] (USE_JENT): Depend + also on HAVE_CPU_ARCH_X86. + + md: clear bctx.count at final function. + + commit cb95fc53003e9f34ff80fc33627ceda605de223c + * cipher/md4.c (md4_final): Set bctx.count zero after + finalizing. + * cipher/md5.c (md5_final): Ditto. + * cipher/rmd160.c (rmd160_final): Ditto. + * cipher/sha1.c (sha1_final): Ditto. + * cipher/sha256.c (sha256_final): Ditto. + * cipher/sha512.c (sha512_final): Ditto. + * cipher/sm3.c (sm3_final): Ditto. + * cipher/stribog.c (stribog_final): Ditto. + * cipher/tiger.c (tiger_final): Ditto. + +2021-02-02 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add checking key for ECDSA. + + commit 598d0f3e0294a487e01b88cc714a8cd0a47329bb + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): Validate public key. + * cipher/ecc-gost.c (_gcry_ecc_gost_verify): Likewise. + * cipher/ecc-sm2.c (_gcry_ecc_sm2_verify): Likewise. + +2021-01-29 Werner Koch <wk@gnupg.org> + + Release 1.9.1. + + commit 466299b1ceb82ec7c4dd0ca376de50399a896adf + * configure.ac: Bump LT version to C23/A3/R1. + +2021-01-29 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + hash-common: fix heap overflow when writing more data after final. + + commit 512c0c75276949f13b6373b5c04f7065af750b08 + * tests/basic.c (check_one_md): Test writing to digest after read. + * cipher/hash-common.c (_gcry_md_block_write): Reset 'hd->count' if + greater than blocksize. + +2021-01-28 Werner Koch <wk@gnupg.org> + + Add a compliance keyword to gcry_get_config. + + commit aa3f595341eb263980210776c7fe377b2ed24c5e + * src/global.c (print_config): New config line. + +2021-01-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + asm-common-aarch64: add MacOS support for GET_DATA_POINTER. + + commit 014fed5153647641376b9131ea1d87dc5e88cf42 + * cipher/asm-common-aarch64.h [__APPLE__] (GET_DATA_POINTER): Add MacOS + variant of macro. + +2021-01-27 NIIBE Yutaka <gniibe@fsij.org> + + random: Use getentropy on macOS when available. + + commit 6cb0faf6ceec5b2e799e6fb5f04b85d135a7da9b + * random/rndlinux.c [__APPLE__ && __MACH__] (getentropy): Declare. + (_gcry_rndlinux_gather_random): Check the symbol and use getentropy. + + mpi: Fix _gcry_mpih_mod implementation. + + commit f06ff4e31c8e162f4a59986241c7ab43d5085927 + * mpi/mpih-const-time.c (_gcry_mpih_mod): Handle the overflow. + + build: Check spawn.h for MacOS X Tiger. + + commit fc901e978a0c18a3524cad5d1ef3451ed11b9347 + * configure.ac: Add check for spawn.h. + * tests/random.c: Only use posix_spawn if available. + +2021-01-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + global: fix compile error at pragma GCC diagnostic. + + commit 3d095206c30d772d5fc68bf69bfc384e43f766e9 + * src/global.c (_gcry_vcontrol): Move "pragma GCC diagnostics" outside + function. + + cipher-proto: remove forward typedef of cipher_bulk_ops_t. + + commit 17aad639d29c7c835a7effb89181c7c99b16cb6a + * cipher/cipher-proto (cipher_bulk_ops_t): Remove typedef, leave + forward declaration of 'struct cipher_bulk_ops'. + (gcry_cipher_setkey_t): Change 'bulk_ops' to + 'struct cipher_bulk_ops *'. + * cipher/arcfour.c: Include 'cipher-internal.h'. + * cipher/gost28147.c: Ditto. + * cipher/idea.c: Ditto. + * cipher/rfc2268.c: Ditto. + * cipher/salsa20.c: Ditto. + * cipher/seed.c: Ditto. + * cipher/mac-internal.h (CTX_MAGIC_NORMAL): Rename to... + (CTX_MAC_MAGIC_NORMAL): ... this. + (CTX_MAGIC_SECURE): Rename to... + (CTX_MAC_MAGIC_SECURE): ... this. + * cipher/mac-cmac.c (cmac_open): Use CTX_MAC_MAGIC_SECURE. + * cipher/mac-gmac.c (gmac_open): Ditto. + * cipher/mac-hmac.c (hmac_open): Ditto. + * cipher/mac-poly1305.c (poly1305mac_open): Ditto. + * cipher/mac.c (mac_open): Use CTX_MAC_MAGIC_SECURE and + CTX_MAC_MAGIC_NORMAL. + +2021-01-26 David Michael <fedora.dm0@gmail.com> + + cipher/sha512: Fix non-NEON ARM assembly implementation. + + commit 1e72c50f864ae1c77ba80c191224b9ef1d22a2e2 + * cipher/sha512.c (do_transform_generic) + [USE_ARM_ASM]: Switch to the non-NEON assembly implementation. + +2021-01-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + blake2: fix RIP register access for AVX/AVX2 implementations. + + commit b2f78ae034b8d4aa3d4cc7bf85262317832f6e0a + * cipher/blake2b-amd64-avx2.S: Use rRIP instead of (RIP). + * cipher/blake2s-amd64-avx.S: Use rRIP instead of (RIP). + + sha512/sha256: remove assembler macros from AMD64 implementations. + + commit 9f49e806f9506533236fd44b17f17b85961b20f1 + * configure.ac (gcry_cv_gcc_platform_as_ok_for_intel_syntax): Remove + assembler macro check from Intel syntax assembly support check. + * cipher/sha256-avx-amd64.S: Replace assembler macros with C + preprocessor counterparts. + * cipher/sha256-avx2-bmi2-amd64.S: Ditto. + * cipher/sha256-ssse3-amd64.S: Ditto. + * cipher/sha512-avx-amd64.S: Ditto. + * cipher/sha512-avx2-bmi2-amd64.S: Ditto. + * cipher/sha512-ssse3-amd64.S: Ditto. + + configure.ac: run assembler checks through linker for better LTO support + + commit 393bd6c3d1aa2b2a1b05be0e2d7fb2514e6c5ad0 + * configure.ac (gcry_cv_gcc_arm_platform_as_ok) + (gcry_cv_gcc_aarch64_platform_as_ok) + (gcry_cv_gcc_inline_asm_ssse3, gcry_cv_gcc_inline_asm_pclmul) + (gcry_cv_gcc_inline_asm_shaext, gcry_cv_gcc_inline_asm_sse41) + (gcry_cv_gcc_inline_asm_avx, gcry_cv_gcc_inline_asm_avx2) + (gcry_cv_gcc_inline_asm_bmi2, gcry_cv_gcc_as_const_division_ok) + (gcry_cv_gcc_as_const_division_with_wadivide_ok) + (gcry_cv_gcc_amd64_platform_as_ok, gcry_cv_gcc_win64_platform_as_ok) + (gcry_cv_gcc_platform_as_ok_for_intel_syntax) + (gcry_cv_gcc_inline_asm_neon, gcry_cv_gcc_inline_asm_aarch32_crypto) + (gcry_cv_gcc_inline_asm_aarch64_neon) + (gcry_cv_gcc_inline_asm_aarch64_crypto) + (gcry_cv_gcc_inline_asm_ppc_altivec) + (gcry_cv_gcc_inline_asm_ppc_arch_3_00) + (gcry_cv_gcc_inline_asm_s390x, gcry_cv_gcc_inline_asm_s390x): Use + AC_LINK_IFELSE check instead of AC_COMPILE_IFELSE. + + rijndael: remove unused use_xxx flags. + + commit a14447f8169aff30a49f5c2ab06bd5bbd1cc3531 + * cipher/rijndael-internal.h (RIJNDAEL_context_s): Remove unused + 'use_padlock', 'use_aesni', 'use_ssse3', 'use_arm_ce', 'use_ppc_crypto' + and 'use_ppc9le_crypto'. + * cipher/rijndael.c (do_setkey): Do not setup 'use_padlock', + 'use_aesni', 'use_ssse3', 'use_arm_ce', 'use_ppc_crypto' and + 'use_ppc9le_crypto'. + + Define HW-feature flags per architecture. + + commit 8d404a629167d67ed56e45de3e65d1e0b7cdeb24 + * random/rand-internal.h (_gcry_rndhw_poll_slow): Add requested length + parameter. + * random/rndhw.c (_gcry_rndhw_poll_slow): Limit accounted bytes to 50% + (or 25% for RDRAND) - this code is moved from caller side. + * random/rndlinux.c (_gcry_rndlinux_gather_random): Move + HWF_INTEL_RDRAND check to _gcry_rndhw_poll_slow. + * src/g10lib.h (HWF_PADLOCK_*, HWF_INTEL_*): Define only if + HAVE_CPU_ARCH_X86. + (HWF_ARM_*): Define only if HAVE_CPU_ARCH_ARM. + (HWF_PPC_*): Define only if HAVE_CPU_ARCH_PPC. + (HWF_S390X_*): Define only if HAVE_CPU_ARCH_S390X. + + Add configure option to force enable 'soft' HW feature bits. + + commit 3b34bd6e178614d6021ee7d1140646f7c8ed7519 + * configure.ac (force_soft_hwfeatures) + (ENABLE_FORCE_SOFT_HWFEATURES): New. + * src/hwf-x86.c (detect_x86_gnuc): Enable HWF_INTEL_FAST_SHLD + and HWF_INTEL_FAST_VPGATHER if ENABLE_FORCE_SOFT_HWFEATURES enabled. + +2021-01-26 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix Ed25519 private key handling for preceding ZEROs. + + commit 1b74f633bd3e358fb07a856a70597019980651d2 + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fill-up or remove + preceding ZEROs correctly, fixing the third argument of mpi_set_opaque. + + ecc: Fix initialization of CTX for sign and verify. + + commit 652b102697cbfe2d7bc642fc7374cb21a9cf03e6 + * cipher/ecc.c (ecc_sign, ecc_verify): Call + _gcry_pk_util_init_encoding_ctx at first. + +2021-01-21 NIIBE Yutaka <gniibe@fsij.org> + + build: Fix build of tests with non-default installation. + + commit fa3420b011c105ca21894489e62c7e882a3ac4dd + * tests/Makefile.am: Add forgotten @LDADD_FOR_TESTS_KLUDGE@. + +2021-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Split inline assembly blocks with many memory operands. + + commit 00df9f27181d77166ceb55f319329400bf2e6a48 + * cipher/rijndael-aesni.c (aesni_ocb_checksum, aesni_ocb_enc) + (aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Split assembly blocks + with more than 4 memory operands to smaller blocks. + * cipher/sha512-ssse3-i386.c (W2): Split big assembly block to + three smaller blocks. + + tests/basic: fix build on ARM32 when NEON disabled. + + commit 81354e911bfa3e135d3e07f6a8d9e98033cd921a + * tests/basic.c (CLUTTER_VECTOR_REGISTER_NEON) + (CLUTTER_VECTOR_REGISTER_AARCH64): Remove check for __ARM_FEATURE_SIMD32. + + kdf: make self-test test-vector array read-only. + + commit 097148bc89ec8c18b9e4795733e0f0b1ae0ecd1d + * cipher/kdf.c (selftest_pbkdf2): Make 'tv[]' constant. + + kdf: add missing null-terminator for self-test test-vector array. + + commit c6425a5537294dfe2beaafc9105f7af4ceac677f + * cipher/kdf.c (selftest_pbkdf2): Add null-terminator to TV array. + + cipher/bithelp: use __builtin_ctzl when available. + + commit 807827cda3bacf5f475167ee6d34657713111838 + * cipher/bithelp.h (_gcry_ctz64): Use __builtin_ctzl if available. + + mpi/longlong: make use of compiler provided __builtin_ctz/__builtin_clz. + + commit 477355047e5c75ad2b2238a8716e4646b861184c + * configure.ac (gcry_cv_have_builtin_ctzl, gcry_cv_have_builtin_clz) + (gcry_cv_have_builtin_clzl): New checks. + * mpi/longlong.h (count_leading_zeros, count_trailing_zeros): Use + __buildin_clz[l]/__builtin_ctz[l] if available and bit counting + macros not yet provided by inline assembly. + +2021-01-19 Werner Koch <wk@gnupg.org> + + Release 1.9.0. + + commit 0dc49af9b5371c5e2f766b70c3bede2b10db9f7e + + +2021-01-19 NIIBE Yutaka <gniibe@fsij.org> + + Fix DSA for FIPS 186-3. + + commit 30ed9593f632c728d918598037358deaeccd1968 + * cipher/dsa.c (generate_fips186): Supply INITIAL_SEED to + _gcry_generate_fips186_3_prime. + * tests/fips186-dsa.c (check_dsa_gen_186_2): Add where tv comes from. + (check_dsa_gen_186_3): Implement tests. + * tests/pubkey.c (get_dsa_key_fips186_with_seed_new): Use the qbits + and seed of tests/fips186-dsa.c. + +2021-01-19 NIIBE Yutaka <gniibe@fsij.org> + Tomáš Mráz <tm@t8m.info> + + Check if FIPS is operational and error return if not. + + commit ebeae53222648c637907f4b358888fc0e7123dc9 + * src/visibility.c (gcry_kdf_derive): Add the check. + (gcry_prime_generate, gcry_prime_group_generator): Likewise. + (gcry_mpi_randomize): Likewise, but no return. + +2021-01-18 Werner Koch <wk@gnupg.org> + + ecc: Change an error code of gcry_ecc_mul_point. + + commit ca5a90bf70598247589078478d237287ca524453 + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Return + GPG_ERR_UNKNOWN_CURVE. + +2021-01-15 NIIBE Yutaka <gniibe@fsij.org> + Tomáš Mráz <tm@t8m.info> + + kdf: Add selftest. + + commit 7a0da24925361a3109474d0e433511467a9e35d1 + * src/cipher-proto.h (_gcry_kdf_selftest): New. + * cipher/kdf.c (check_one, selftest_pbkdf2): New. + (_gcry_kdf_selftest): New. + * src/fips.c (run_kdf_selftests): New. + (_gcry_fips_run_selftests): Call run_kdf_selftests. + +2021-01-13 NIIBE Yutaka <gniibe@fsij.org> + Tomáš Mráz <tm@t8m.info> + + cmac: Add selftest. + + commit 385a89e35b0b95f15b4c6e4d5482b1fc6906f7c5 + * cipher/mac-cmac.c (check_one, selftests_cmac_3des): New. + (selftests_cmac_aes, cmac_selftest): New. + (cmac_ops): Add cmac_selftest. + * src/fips.c (run_mac_selftests): Add CMAC selftests. + +2021-01-13 NIIBE Yutaka <gniibe@fsij.org> + + sexp: Raise an error when an integer is negative with USG. + + commit 00d7c1c632019066a4884930d413ccc044d81af5 + * src/sexp.c (do_vsexp_sscan): Return GPG_ERR_INV_ARG if negative. + +2021-01-08 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add backward compatibility support for Ed25519 key in SEXP. + + commit 4768baf74be03d8973d004725f796aef329c45bf + * cipher/ecc-curves.c (_gcry_ecc_get_curve): Support Ed25519 keys with + parameter {p,a,b,g,n}. + + ecc: Minor implementation change for _gcry_ecc_get_curve. + + commit 3fe7036d05f283df9441d42242f0047b6ea11a32 + * cipher/ecc-curves.c (_gcry_ecc_get_curve): Flatten. + +2020-12-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add s390x/zSeries implementation of Poly1305. + + commit 1f75681cbba895ea2f7ea0637900721f4522e729 + * cipher/Makefile.am: Add 'poly1305-s390x.S' and + 'asm-poly1305-s390x.h'. + * cipher/asm-poly1305-s390x.h: New + * cipher/chacha20-s390x.S (_gcry_chacha20_poly1305_s390x_vx_blocks8) + (_gcry_chacha20_poly1305_s390x_vx_blocks4_2_1): New, stitched + chacha20-poly1305 implementation. + * cipher/chacha20.c (USE_S390X_VX_POLY1305): New. + (_gcry_chacha20_poly1305_s390x_vx_blocks8) + (_gcry_chacha20_poly1305_s390x_vx_blocks4_2_1): New prototypes. + (_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt): Add + s390x/VX stitched chacha20-poly1305 code-path. + * cipher/poly1305-s390x.S: New. + * cipher/poly1305.c (USE_S390X_ASM, HAVE_ASM_POLY1305_BLOCKS): New. + [USE_S390X_ASM] (_gcry_poly1305_s390x_blocks1, poly1305_blocks): New. + * configure.ac (gcry_cv_gcc_inline_asm_s390x): Check for 'risbgn' and + 'algrk' instructions. + * tests/basic.c (_check_poly1305_cipher): Add large chacha20-poly1305 + test vector. + + Add s390x/zSeries implementation of ChaCha20. + + commit 6a0bb9ab7f886087d7edb0725c90485086a1c0b4 + * cipher/Makefile.am: Add 'asm-common-s390x.h' and 'chacha20-s390x.S'. + * cipher/asm-common-s390x.h: New. + * cipher/chacha20-s390x.S: New. + * cipher/chacha20.c (USE_S390X_VX): New. + (CHACHA20_context_t): Change 'use_*' bit-field to unsigned type; Add + 'use_s390x'. + (_gcry_chacha20_s390x_vx_blocks8) + (_gcry_chacha20_s390x_vx_blocks4_2_1): New. + (chacha20_do_setkey): Add HW feature detect for s390x/VX. + (chacha20_blocks, do_chacha20_encrypt_stream_tail): Add s390x/VX + code-path. + * configure.ac: Add 'chacha20-s390x.lo'. + + hwf-s390x: add VX vector instruction set detection. + + commit 1d13794780e3d052cd5ed6f900bf5900cf44b377 + * configure.ac (gcry_cv_gcc_inline_asm_s390x_vx): New check. + * src/g10lib.h (HWF_S390X_VX): New. + * src/hwf-s390x.c (HWCAP_S390_VXRS): New. + (s390x_features) [HAVE_GCC_INLINE_ASM_S390X_VX]: Add VX feature check. + * src/hwfeatures.c (hwlist): Add "s390x-vx". + + mpi/longlong: add s390x/zSeries macros. + + commit 0252cc9b62dfe20c77211f093b4fda54786177d3 + * mpi/longlong.h [__s390x__] (add_ssaaaa, sub_ddmmss, UTItype) + (umul_ppmm, udiv_qrnnd): New. + +2020-12-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32. + + commit 6b6bfd57d0a6b2b4577c084db35078cd9fadafa5 + * src/hwf-arm.c (HWCAP2_SHA1, HWCAP2_SHA2): Change from bit indexes to + flags. + + Add missing prototype for _gcry_mac_selftest. + + commit e47f04b4a28947c90db70ccaf93e149cfd5213c9 + * src/cipher-proto.h (_gcry_hmac_selftest): Rename to... + (_gcry_mac_selftest): ... this. + +2020-12-21 NIIBE Yutaka <gniibe@fsij.org> + + Merge hmac-tests.c into mac-hmac.c. + + commit 2ab14b23afc092fd25395954c2a94db932ca4d95 + * cipher/Makefile.am (EXTRA_DIST): Remove hmac-tests.c. + * cipher/hmac-tests.c: Remove, merge into... + * cipher/mac-hmac.c: ... here. + +2020-12-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add s390x/zSeries acceleration for SHA3. + + commit 7532e27cacb74c92fd561524a0897163b0fcd7f4 + * cipher/asm-inline-s390x.h (KLMD_PADDING_STATE): New. + (kimd_execute): Change 'reg0' from read-only to read/write. + (klmd_shake_execute): New. + * cipher/keccak.c (USE_S390X_CRYPTO): New. + (KECCAK_CONTEXT) [USE_S390X_CRYPTO]: New members. + [USE_S390X_CRYPTO] (keccak_bwrite_s390x, keccak_final_s390x) + (keccak_bextract_s390x, keccak_write_s390x, keccak_extract_s390x): New. + (keccak_write) [USE_S390X_CRYPTO]: Use accelerated function if enabled. + (keccak_final) [USE_S390X_CRYPTO]: Likewise. + (keccak_extract) [USE_S390X_CRYPTO]: Likewise. + (keccak_init) [USE_S390X_CRYPTO]: Detect and setup zSeries + acceleration. + + Add s390x/zSeries acceleration for SHA512. + + commit 45f0ec0c4e3b08627cbf7e65f5f110c321710d01 + * cipher/sha512.c (USE_S390X_CRYPTO): New. + (SHA512_CONTEXT) [USE_S390X_CRYPTO]: New members. + (do_sha512_transform_s390x, do_sha512_final_s390x): New. + (sha512_init_common) [USE_S390X_CRYPTO]: Detect and setup s390x/zSeries + acceleration. + (sha512_final) [USE_S390X_CRYPTO]: Use accelerated final function. + + Add s390x/zSeries acceleration for SHA256. + + commit 0b555c3cc7c2b80ec2628685946a6139a1996911 + * cipher/sha256.c (USE_S390X_CRYPTO): New. + (SHA256_CONTEXT) [USE_S390X_CRYPTO]: New members. + (do_sha256_transform_s390x, do_sha256_final_s390x): New. + (sha256_common_init) [USE_S390X_CRYPTO]: Detect and setup s390x/zSeries + acceleration. + (sha256_final) [USE_S390X_CRYPTO]: Use accelerated final function. + + Add s390x/zSeries acceleration for SHA1. + + commit 88570515b4ca92a44c4e40c31f877c11cc00ab68 + * cipher/asm-inline-s390x.h (ALWAYS_INLINE): New. + (klmd_query): New. + (km_function_to_mask, kimd_execute, klmd_execute): Mark as always + inline. + * cipher/rijndael-s390x.c (ALWAYS_INLINE): Remove. + * cipher/sha1.c (do_sha1_transform_s390x, do_sha1_final_s390x): New. + (sha1_init) [SHA1_USE_S390X_CRYPTO]: Detect and setup s390x/zSeries + acceleration. + (sha1_final) [SHA1_USE_S390X_CRYPTO]: Use accelerated final function. + * cipher/sha1.h (SHA1_USE_S390X_CRYPTO): New. + (SHA1_CONTEXT) [SHA1_USE_S390X_CRYPTO]: New. + + Add bulk AES-GCM acceleration for s390x/zSeries. + + commit 5aeb091f911398217b2e9facb9bdeb05c63d7844 + * cipher/Makefile.am: Add 'asm-inline-s390x.h'. + * cipher/asm-inline-s390x.h: New. + * cipher/cipher-gcm.c [GCM_USE_S390X_CRYPTO] (ghash_s390x_kimd): New. + (setupM) [GCM_USE_S390X_CRYPTO]: Add setup for s390x GHASH function. + * cipher/cipher-internal.h (GCM_USE_S390X_CRYPTO): New. + * cipher/rijndael-s390x.c (u128_t, km_functions_e): Move to + 'asm-inline-s390x.h'. + (aes_s390x_gcm_crypt): New. + (_gcry_aes_s390x_setup_acceleration): Use 'km_function_to_mask'; Add + setup for GCM bulk function. + + Add bulk function interface for GCM mode. + + commit f4e63e92dc0b79633f48b11d292dd7bdf2752ede + * cipher/cipher-gcm.c (do_ghash_buf): Proper handling for the case + where 'unused' gets filled to full blocksize. + (gcm_crypt_inner): New. + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Use + 'gcm_crypt_inner'. + * cipher/cipher-internal.h (cipher_bulk_ops_t): Add 'gcm_crypt'. + + Add s390x/zSeries acceleration for AES. + + commit 9219d9d1b60c01a4c7dbde05ee6b5b52e0d7d072 + * configure.ac: Add 'rijndael-s390x.lo'. + * cipher/Makefile.am: Add 'rijndael-s390x.c'. + * cipher/rijndael-internal.c (USE_S390X_CRYPTO): New. + (RIJNDAEL_context_s) [USE_S390X_CRYPTO]: New 'km*_func' members. + * cipher/rijndael-s390x.c: New. + * cipher/rijndael.c (_gcry_aes_s390x_setup_acceleration) + (_gcry_aes_s390x_setup_setkey) + (_gcry_aes_s390x_setup_prepare_decryption, _gcry_aes_s390x_encrypt) + (_gcry_aes_s390x_decrypt): New. + (do_setkey) [USE_S390X_CRYPTO]: Add s390x acceleration setup. + + Add bulk function interface for OFB mode. + + commit f12b6788f2297391265af93a7794bfbc503de6d7 + * cipher/cipher-internal.h (cipher_bulk_ops): Add 'ofb_enc'. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Use bulk encryption + function if defined. + * cipher/basic.c (check_bulk_cipher_modes): Add OFB-AES test vectors. + + hwf: add detection of s390x/zSeries hardware features. + + commit 128054767d5f864798a39d432997f7d38c4bf729 + * configure.ac (gcry_cv_gcc_inline_asm_s390x) + (HAVE_CPU_ARCH_S390X): Add s390x detection support. + * mpi/config.links: Add setup for s390x links. + * src/Makefile.am: Add 'hwf-s390x.c'. + * src/g10lib.h (HWF_S390X_MSA, HWF_S390X_MSA_4, HWF_S390X_8): New. + * src/hwf_common.h (_gcry_hwf_detect_s390x): New. + * src/hwf-s390x.c: New. + * src/hwfeatures.c: Add "s390x-msa", "s390x-msa-4" and "s390x-msa-8". + + tests/bench-slope: use same benchmarking for XTS as for other modes. + + commit 0e37bb32e215feb4716341f7053c4f54806645cb + * tests/bench-slope.c (bench_xts_encrypt_init): Use same buffer + sizes as other tests. + (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench): Remove. + (xts_encrypt_ops): Use 'bench_encrypt_do_bench'. + (xts_decrypt_ops): Use 'bench_decrypt_do_bench'. + + aarch64: mpi/longlong.h: fix operand size mismatch. + + commit c59b5b03a063ebc73935dbb10bc4f568faddbedf + * mpi/longlong.h [__aarch64__] (count_leading_zeros): Use correctly + sized temporary variable for asm output. + + aarch64: use configure check for assembly ELF directives support. + + commit 8352b0ece5237e3f86f1525b072e8f690ad0fa94 + * configure.ac (gcry_cv_gcc_asm_elf_directives): New check. + (HAVE_GCC_ASM_ELF_DIRECTIVES): New 'config.h' macro. + * cipher/asm-common-aarch64.h (ELF): Change feature macro check from + __ELF__ to HAVE_GCC_ASM_ELF_DIRECTIVES. + +2020-12-18 NIIBE Yutaka <gniibe@fsij.org> + + Reorganize self-tests for HMAC. + + commit c90fb0d8fb7a84bbcc8d6832de6a554405591850 + * cipher/Makefile.am: Prepare merge of hmac-test.c into mac-hmac.c. + * cipher/hmac-tests.c: Ifdef-out run_selftests and _gcry_hmac_selftest. + * cipher/mac-internal.h: Include cipher-proto.h for selftest. + (gcry_mac_spec_ops): Add selftest field. + * cipher/mac-hmac.c: Include hmac-tests.c for migration. + (hmac_selftest) New. + (hmac_ops): Add hmac_selftest. + * cipher/gost28147.c, cipher/mac-cmac.c: Add new field for selftest. + * cipher/mac-gmac.c, cipher/mac-poly1305.c: Likewise.. + * cipher/mac.c (_gcry_mac_selftest): New. + * src/fips.c (run_mac_selftests): Rename from run_hmac_selftests. + Use GCRY_MAC_HMAC_*, and call _gcry_mac_selftest. + (_gcry_fips_run_selftests): Use run_mac_selftests. + +2020-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Prevent link-time optimization from inlining __gcry_burn_stack. + + commit 1a83df98b198902ee6d71549231a3af37088d452 + * src/g10lib.h (NOINLINE_FUNC): New attribute macro. + * src/misc.c (__gcry_burn_stack): Add NOINLINE_FUNC attribute. + + tests/basic: check 32-bit and 64-bit overflow for CTR and ChaCha20. + + commit 2065720b5b0642cc1a0e08086a434244ebb1abf2 + * tests/basic.c (check_one_cipher_ctr_reset) + (check_one_cipher_ctr_overflow): New. + (check_one_cipher): Add counter overflow tests for ChaCha20 and CTR + mode. + + chacha20-ppc: fix 32-bit counter overflow handling. + + commit ed45eac3b721c1313902b977379fbd4886ccca7b + * cipher/chacha20-ppc.c (vec_add_ctr_u64, ADD_U64): New. + (_gcry_chacha20_ppc8_blocks1, _gcry_chacha20_ppc8_blocks4) + (_gcry_chacha20_poly1305_ppc8_blocks4): Use ADD_U64 when incrementing + counter. + +2020-12-03 NIIBE Yutaka <gniibe@fsij.org> + + tests: Put a work around to tests/random for macOS. + + commit 9769b40b54cf010a0c41c4ab05a7a88e17d70613 + * configure.ac [*-apple-darwin*] (USE_POSIX_SPAWN_FOR_TESTS): New. + * tests/random.c [USE_POSIX_SPAWN_FOR_TESTS] (run_all_rng_tests): New. + +2020-11-18 NIIBE Yutaka <gniibe@fsij.org> + + build: Update to newer autoconf constructs. + + commit 9485ca7b5bf11194cff59edbfa6a0fba3bf6162a + * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Use AS_MESSAGE_LOG_FD + instead of AC_FD_CC. + (GNUPG_CHECK_MLOCK): Use AC_LINK_IFELSE instead of AC_TRY_LINK. + Use AC_RUN_IFELSE instead of AC_TRY_RUN. + * configure.ac (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS. + Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE. + Use AS_HELP_STRING instead of AC_HELP_STRING. + (AC_TYPE_SIGNAL): Remove. + (AC_DECL_SYS_SIGLIST): Remove. + * m4/Makefile.am (EXTRA_DIST): Update. + * m4/onceonly.m4: Remove. + * m4/socklen.m4: Update from gnulib. + * m4/libtool.m4: Update from libgpg-error. + * m4/gpg-error.m4: Update from libgpg-error. + * m4/noexecstack.m4: Use AS_HELP_STRING instead of AC_HELP_STRING. + + build: Use modern Autoconf check for type. + + commit 425bf499185d78aa8fcad6a30b8771e7865d449d + * configure.ac (byte, ushort, us6, u32, u64): Use AC_CHECK_TYPES. + * cipher/poly1305.c: Use HAVE_TYPE_U64. + * src/hmac256.c: HAVE_TYPE_U32. + * src/types.h: Use HAVE_TYPE_BYTE, HAVE_TYPE_USHORT, HAVE_TYPE_U16, + HAVE_TYPE_U32, and HAVE_TYPE_U64. + + m4: Update with newer autoconf constructs. + + commit 908e347fb68b28e180ac816b5050406358e81a0f + * src/libgcrypt.m4: Replace AC_HELP_STRING to AS_HELP_STRING. + +2020-10-30 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Handle removed zeros at the beginning for Ed25519. + + commit 361a0588489cf4a539da8debd1771024a1faa218 + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Accept private + key with removed zeros. + +2020-10-23 Werner Koch <wk@gnupg.org> + + random: Allow for a Unicode random seed file on Windows. + + commit 24341f58f0d38bd62c45d285bcf8472f82b56135 + * random/random-csprng.c (utf8_to_wchar) [W32]: New. + (any8bitchar) [W32]: New. + (my_open): New. Replace all calls to open with this. + +2020-10-01 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> + + tests: Fix typo in comment. + + commit 4a50c6b88d6d8d843e50add851a8a5e691349097 + * tests/basic.c: Fix typo in comment. + +2020-09-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: clean-up prepare_decryption function. + + commit 2051d5bd6f732a36e5a536cba734531a9e2e915f + * cipher/rijndael-internal.h (rijndael_prepare_decfn_t): New. + (RIJNDAEL_context_s): New member 'prepare_decryption'. + * cipher/rijndael-padlock.c (_gcry_aes_padlock_prepare_decryption): New. + * cipher/rijndael.c (_gcry_aes_padlock_prepare_decryption): New. + (do_setkey): Setup 'ctx->prepare_decryption' for each acceleration type. + (prepare_decryption): Remove calls to other prepare decryption functions. + (check_decryption_preparation): Call 'ctx->prepare_decryption' instead + of 'prepare_decryption'. + + rijndael: clean-up generic bulk functions. + + commit 7679c918ade9d334bc80cb8c10916bbc847ff382 + * cipher/rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec) + (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Remove + calls to hardware accelerated AES bulk functions. + + cipher: setup bulk functions at each algorithms key setup. + + commit 51271eb86bcb0eb89e55a2add9607c503f182c89 + * cipher/cipher-internal.h (cipher_mode_ops_t, cipher_bulk_ops_t): New. + (gcry_cipher_handle): Define members 'mode_ops' and 'bulk' using new + types. + * cipher/cipher.c (_gcry_cipher_open_internal): Remove bulk function + setup. + (cipher_setkey): Pass context bulk function pointer to algorithm setkey + function. + * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc) + (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk + function parameter; Use bulk function returned by setkey function. + * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc) + (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk + function parameter. + * cipher/arcfour.c (arcfour_setkey): Change 'hd' parameter to + 'bulk_ops'. + * cipher/blowfish.c (bf_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) + (_gcry_blowfish_cfb_dec): Make static. + (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function + to selftest helper. + (selftest): Pass 'bulk_ops' to setkey function. + * cipher/camellia.c (camellia_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (_gcry_camellia_ctr_enc, _gcry_camellia_cbc_dec) + (_gcry_camellia_cfb_dec, _gcry_camellia_ocb_crypt) + (_gcry_camellia_ocb_auth): Make static. + (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function + to selftest helper. + (selftest): Pass 'bulk_ops' to setkey function. + * cipher/cast5.c (cast_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec): Make + static. + (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function + to selftest helper. + (selftest): Pass 'bulk_ops' to setkey function. + * cipher/chacha20.c (chacha20_setkey): Change 'hd' parameter to + 'bulk_ops'. + * cipher/cast5.c (do_tripledes_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec): Make + static. + (bulk_selftest_setkey): Change 'hd' parameter to 'bulk_ops'. + (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function + to selftest helper. + (do_des_setkey): Change 'hd' parameter to 'bulk_ops'. + * cipher/gost28147.c (gost_setkey): Change 'hd' parameter to + 'bulk_ops'. + * cipher/idea.c (idea_setkey): Change 'hd' parameter to 'bulk_ops'. + * cipher/rfc2268.c (do_setkey): Change 'hd' parameter to 'bulk_ops'. + * cipher/rijndael.c (do_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (rijndael_setkey): Change 'hd' parameter to 'bulk_ops'. + (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_enc) + (_gcry_aes_cbc_dec, _gcry_aes_ctr_enc, _gcry_aes_ocb_crypt) + (_gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Make static. + (selftest_basic_128, selftest_basic_192, selftest_basic_256): Pass + 'bulk_ops' to setkey function. + (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function + to selftest helper. + * cipher/salsa20.c (salsa20_setkey): Change 'hd' parameter to + 'bulk_ops'. + * cipher/seed.c (seed_setkey): Change 'hd' parameter to 'bulk_ops'. + * cipher/serpent.c (serpent_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec, _gcry_serpent_cfb_dec) + (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Make static. + (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass + bulk function to selftest helper. + * cipher/sm4.c (sm4_setkey): Change 'hd' parameter to 'bulk_ops'; Setup + 'bulk_ops' with bulk acceleration functions. + (_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec) + (_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): Make static. + (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass + bulk function to selftest helper. + * cipher/twofish.c (twofish_setkey): Change 'hd' parameter to + 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions. + (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) + (_gcry_twofish_cfb_dec, _gcry_twofish_ocb_crypt) + (_gcry_twofish_ocb_auth): Make static. + (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function + to selftest helper. + (selftest, main): Pass 'bulk_ops' to setkey function. + * src/cipher-proto.h: Forward declare 'cipher_bulk_ops_t'. + (gcry_cipher_setkey_t): Replace 'hd' with 'bulk_ops'. + * src/cipher.h: Remove bulk acceleration function prototypes for + 'aes', 'blowfish', 'cast5', 'camellia', '3des', 'serpent', 'sm4' and + 'twofish'. + +2020-09-21 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: tidy do_setkey little bit. + + commit e0829ae648d9d9da67cd8a8fae7aa05774a0d0f7 + * cipher/rijndael.c (do_setkey): Reduce number of ifdefs by using + function pointer for accelerated key-setup. + +2020-09-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-aesni: tweak x86_64 AES-NI for better performance on AMD Zen2. + + commit f96989f0e9085fa58b475131d29b37f68ba564ec + * cipher/rijndael-aesni.c (do_aesni_enc_vec8, do_aesni_dec_vec8): Move + first round key xoring and last round out to caller. + (do_aesni_ctr_4): Change low 8-bit counter overflow check to 8-bit + addition to low-bits and detect overflow from carry flag; Adjust + slow path to restore counter. + (do_aesni_ctr_8): Same as above; Interleave first round key xoring and + first round with CTR generation on fast path; Interleave last round + with output xoring. + (_gcry_aes_aesni_cfb_dec, _gcry_aes_aesni_cbc_dec): Add first round + key xoring; Change order of last round xoring and output xoring + (shorten the dependency path). + (_gcry_aes_aesni_ocb_auth): Add first round key xoring and last round + handling. + +2020-08-26 Werner Koch <wk@gnupg.org> + + build: Allow customization of the signing key. + + commit 9cd92ebae21900e54cc3d8b607c8ed1afbf2eb9b + * Makefile.am (sign-release): Read variabales from user configuration. + +2020-08-21 NIIBE Yutaka <gniibe@fsij.org> + + tests: Fix basic.c. + + commit fd51bc523d095168ee9367fe3f18d18f7a88ad90 + * tests/basic.c (check_one_hmac): Fix error paths. + (check_pubkey_crypt): Fix wrong call of gcry_sexp_new. + + ecc: Fix an error path. + + commit 65a2cd139e21250e6581a4f610015937e7b91451 + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Avoid null dereference on + error. + +2020-07-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + chacha20-aarch64: improve performance through higher SIMD interleaving. + + commit 8d7b1d0a52bde173646e5b42b31d23593eabecf2 + * cipher/chacha20-aarch64.S (ROTATE2, ROTATE2_8, ROTATE2_16) + (QUARTERROUND2): Replace with... + (ROTATE4, ROTATE4_8, ROTATE4_16, QUARTERROUND4): ...these. + (_gcry_chacha20_aarch64_blocks4) + (_gcry_chacha20_poly1305_aarch64_blocks4): Adjust to use QUARTERROUND4. + + tests/bench-slope: improve CPU frequency auto-detection. + + commit f1c3db3bf40e07cfd1a6a92209865ee7a98129ca + * configure.ac (gcry_cv_have_asm_volatile_memory): Check also if + assembly memory barrier with input/output register is supported. + * tests/bench-slope.c (auto_ghz_bench): Change to use base operation + that takes two CPU cycles and unroll loop by 1024 operations. + + Enable jitter entropy also on non-x86 architectures. + + commit 886120f33bd3f10e6e6a09920eca1f9ed81044e7 + * configure.ac: Do not force jentsupport to "n/a" on non-x86 + architectures. + + random/jitterentropy: fix USE_JENT == JENT_USES_GETTIME code path. + + commit 4ed9b949485448816a70d86260d572f08ae34621 + * random/jitterentropy-base-user.h (jent_get_nstime): Use 'tv' variable + instead of non-existing 'time'. + + Camellia AES-NI/AVX/AVX2 size optimization. + + commit 4c0e244fc53e0f7b927bfe4cf54695b5d282fd27 + * cipher/camellia-aesni-avx-amd64.S: Use loop for handling repeating + '(enc|dec)_rounds16/fls16' portions of encryption/decryption. + * cipher/camellia-aesni-avx2-amd64.S: Use loop for handling repeating + '(enc|dec)_rounds32/fls32' portions of encryption/decryption. + +2020-07-14 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Support reading EC point in compressed format for good curves. + + commit e0dabf74bf276500257f15b85ded9cf24ccc8334 + * cipher/ecc-curves.c (gcry_ecc_get_curve): Handle G, differently. + * cipher/ecc-misc.c (_gcry_ecc_sec_decodepoint): Support compressed + representation of EC point. Rename from _gcry_ecc_os2ec. + * cipher/ecc-sm2.c (_gcry_ecc_sm2_decrypt) Follow the change. + * cipher/ecc.c (ecc_decrypt_raw): Likewise. + * mpi/ec.c (_gcry_mpi_ec_set_point): Likewise. + * src/ec-context.h: API change _gcry_ecc_sec_decodepoint from + _gcry_ecc_os2ec. + * tests/basic.c (check_pubkey): Use compressed representation + for two public keys of NIST P192 and NIST P256. + +2020-07-06 Werner Koch <wk@gnupg.org> + + mpi: Consider +0 and -0 the same in mpi_cmp. + + commit 1f3a92e103d4a8e019d8d022647a2b9fb2681327 + * mpi/mpi-cmp.c (do_mpi_cmp): Check size of U an V. + +2020-06-23 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix length computation. + + commit 1db1dc7945b111b6e20a8420ad38a358316681ab + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add one only for + Edwards case. + +2020-06-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add SM4 x86-64/AES-NI/AVX2 implementation. + + commit 35a78eb248d6bacd2a58477a122a0020d796ce63 + * cipher/Makefile.am: Add 'sm4-aesni-avx2-amd64.S'. + * cipher/sm4-aesni-avx2-amd64.S: New. + * cipher/sm4.c (USE_AESNI_AVX2): New. + (SM4_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'. + [USE_AESNI_AVX2] (_gcry_sm4_aesni_avx2_ctr_enc) + (_gcry_sm4_aesni_avx2_cbc_dec, _gcry_sm4_aesni_avx2_cfb_dec) + (_gcry_sm4_aesni_avx2_ocb_enc, _gcry_sm4_aesni_avx2_ocb_dec) + (_gcry_sm4_aesni_avx_ocb_auth): New. + (sm4_setkey): Enable AES-NI/AVX2 if supported by HW. + (_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec) + (_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth) [USE_AESNI_AVX2]: Add + AES-NI/AVX2 bulk functions. + * configure.ac: Add ''sm4-aesni-avx2-amd64.lo'. + + Add SM4 x86-64/AES-NI/AVX implementation. + + commit c9a3f1bb91e63033e3bf3e06bdd6075622626d0d + * cipher/Makefile.am: Add 'sm4-aesni-avx-amd64.S'. + * cipher/sm4-aesni-avx-amd64.S: New. + * cipher/sm4.c (USE_AESNI_AVX, ASM_FUNC_ABI): New. + (SM4_context) [USE_AESNI_AVX]: Add 'use_aesni_avx'. + [USE_AESNI_AVX] (_gcry_sm4_aesni_avx_expand_key) + (_gcry_sm4_aesni_avx_crypt_blk1_8, _gcry_sm4_aesni_avx_ctr_enc) + (_gcry_sm4_aesni_avx_cbc_dec, _gcry_sm4_aesni_avx_cfb_dec) + (_gcry_sm4_aesni_avx_ocb_enc, _gcry_sm4_aesni_avx_ocb_dec) + (_gcry_sm4_aesni_avx_ocb_auth, sm4_aesni_avx_crypt_blk1_8): New. + (sm4_expand_key) [USE_AESNI_AVX]: Use AES-NI/AVX key setup. + (sm4_setkey): Enable AES-NI/AVX if supported by HW. + (_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec) + (_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth) [USE_AESNI_AVX]: Add + AES-NI/AVX bulk functions. + * configure.ac: Add ''sm4-aesni-avx-amd64.lo'. + + Optimizations for SM4 cipher. + + commit 81fee26bbbae820a311a3ce3ac55e304655c2acd + * cipher/cipher.c (_gcry_cipher_open_internal): Add SM4 bulk + functions. + * cipher/sm4.c (ATTR_ALIGNED_64): New. + (sbox): Convert to ... + (sbox_table): ... this structure for sbox hardening as is done + for AES and GCM. + (prefetch_sbox_table): New. + (sm4_t_non_lin_sub): Make inline; Optimize sbox access pattern. + (sm4_key_lin_sub): Make inline; Tune slightly. + (sm4_key_sub, sm4_enc_sub): Make inline. + (sm4_round): Make inline; Take 'x' as separate parameters instead + of array. + (sm4_expand_key): Return void; Drop keylen; Unroll loops by 4; + Wipe sensitive variables at end; Move key-length check to + 'sm4_setkey'. + (sm4_setkey): Add initial self-test step; Add key-length check; + Remove burn stack (as variables wiped in 'sm4_expand_key'). + (sm4_do_crypt): Return burn stack depth; Unroll loops by 4. + (sm4_encrypt, sm4_decrypt): Prefetch sbox table; Return burn + stack from 'sm4_do_crypt', as allows tail-call optimization + by compiler. + (sm4_do_crypt_blks2): New two parallel block function for greater + instruction level parallelism. + (sm4_crypt_blocks, _gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec) + (_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New + bulk processing functions. + (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): New + bulk processing self-tests. + (sm4_selftest): Clear SM4 context before use; Use 'sm4_expand_key' + instead of 'sm4_setkey'; Call bulk processing self-tests. + * src/cipher.h (_gcry_sm4_ctr_enc, _gcry_sm4_ctr_dec) + (_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New. + * tests/basic.c (check_ocb_cipher): Add SM4-OCB test vector. + +2020-06-18 NIIBE Yutaka <gniibe@fsij.org> + + ecc: For Ed448, it's only for EdDSA. + + commit a6177e1bc948a7af052d62bcd62aa6b5825bfaff + * cipher/ecc.c (ecc_sign): Ed448 is only for EdDSA. + Hash algo is determined by the curve. + (ecc_verify): Likewise. + * tests/t-ed448.c (one_test): Don't specify (flags eddsa). + Don't specify hash-algo. + + ecc: Fix the condition for EdDSA data handling. + + commit f2847d56cce2afdd993f797812a673495a41c234 + * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): It may be + the encoding context which determines EdDSA. Hash-algo can be + omitted. Flags are OR-ed. + + ecc: Support EdDSA with context and enabling PH(M). + + commit ba78ad8f19674b94edfdf4998f40feee081481bc + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Simplify. + (DOM4_0_NONE, DOM4_0_NONE_LEN): Remove. + (DOM25519, DOM25519_LEN): New. + (DOM448, DOM448_LEN): New. + (_gcry_ecc_eddsa_sign): Support EdDSA with context and PH. + (_gcry_ecc_eddsa_verify): Likewise. + * tests/t-ed448.c: Add tests with context and PH=1. + * tests/t-ed448.inp: Add test data. + + ecc: Change EdDSA internal API. + + commit 2856ac14ae3e4c9e6288e1f0d8bc1945bb874081 + * cipher/ecc-common.h (_gcry_ecc_eddsa_sign): Last arg is CTX. + (_gcry_ecc_eddsa_verify): Ditto. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Get hash algo from CTX. + (_gcry_ecc_eddsa_verify): Ditto. + * cipher/ecc.c (ecc_sign, ecc_verify): Follow the change. + +2020-06-17 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Support "label" for EdDSA context in data. + + commit 1cf49754694611620fd383327cf127e91f6883df + * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Handle ctx->label. + + ecc: Initialize key before handling data. + + commit d51a9c259d49c63121fab48bce48d826e9b57733 + * cipher/ecc.c (ecc_sign): Initialize key at first. + (ecc_verify): Likewise. + + ecc: Add new flag "prehash". + + commit 9a640eba6dd7504c90a65151cdaf1e4093a8b475 + * src/cipher.h (PUBKEY_FLAG_PREHASH): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse it. + + ecc: No (flags eddsa) required for Ed448. + + commit b1721f9b291a4c226caa2bfbe4fefe8fde5216e0 + * cipher/ecc.c (check_secret_key): Ed448 means EdDSA. + (ecc_generate): Likewise. + * tests/t-ed448.c (one_test): Remove the flag in key. + + ecc: Support Ed448 by _gcry_ecc_compute_public. + + commit 5585ee4947082f932ee01d93dfe295c769e96671 + * cipher/ecc-misc.c (_gcry_ecc_compute_public): Handle Ed448. + +2020-06-16 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> + + tests: Add basic test-vectors for SM4. + + commit c1535d0b8797e9b3bbfb5193b6ab23bf788ffd36 + * tests/basic.c (check_ciphers): Add SM4 check and test-vectors. + + Add SM4 symmetric cipher algorithm. + + commit ddcce166ab8bc6f51f5b509bcbea13a8746384ec + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm4.c. + * cipher/cipher.c (cipher_list, cipher_list_algo301): Add + _gcry_cipher_spec_sm4. + * cipher/mac-cmac.c (map_mac_algo_to_cipher): Add cmac SM4. + (_gcry_mac_type_spec_cmac_sm4): Add cmac SM4. + * cipher/mac-internal.h: Declare spec_cmac_sm4. + * cipher/mac.c (mac_list, mac_list_algo201): Add cmac SM4. + * cipher/sm4.c: New. + * configure.ac (available_ciphers): Add sm4. + * doc/gcrypt.texi: Add SM4 document. + * src/cipher.h: Add declarations for SM4 and cmac SM4. + * src/gcrypt.h.in (gcry_cipher_algos): Add algorithm ID for SM4. + +2020-06-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + doc: add GCRY_MD_SM3, GCRY_MAC_HMAC_SM3 and GCRY_MAC_GOST28147_IMIT. + + commit 6c571bfda6409d7d668f5d44cea0c6c31e2688be + * doc/gcrypt.texi: add GCRY_MD_SM3, GCRY_MAC_HMAC_SM3 and + GCRY_MAC_GOST28147_IMIT. + +2020-06-16 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix Ed448 key generation. + + commit c15cc1a38199cf0d758579eb01d0e88c99cd4b80 + * cipher/ecc.c (ecc_generate): Fix point representation for Ed448. + + ecc,test: Add testing Ed448. + + commit c7779e499e9051ee79ed720f576dbf40d90cdfb1 + + + ecc: Support Ed448 for verify. + + commit d1baad35c65030e41fcba69854c57032eee0d111 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Support Ed448. + + ecc: Support Ed448 signing. + + commit 951b37c5038667b461692454397bb058b5e1e184 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Support Ed448. + + ecc: Use SHAKE256 in EdDSA with Ed448. + + commit 32d6d73d44d372dd1ec0b08ba03f1b7b085c09d9 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Fix for SHAKE256. + + ecc: Support shake128 and shake256 for message digest. + + commit f6815a96e51be44a361ddcd3a20a5b969b1dab1b + * cipher/pubkey-util.c (get_hash_algo): Add shake128 and shake256. + + ecc: Support Ed448 for key generation. + + commit e25446ecc04442b399302ce72db6d5ea2e9e85e8 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Support Ed448. + (_gcry_ecc_eddsa_genkey): Support Ed448, using + _gcry_ecc_eddsa_compute_h_d. + + ecc: Support Ed448 in decoding point. + + commit bd22b029bbf50737f90535c506fba4f812bcf040 + * cipher/ecc-eddsa.c (ecc_ed448_recover_x): New. + (_gcry_ecc_eddsa_recover_x): Support Ed448. + (_gcry_ecc_eddsa_decodepoint): Support Ed448. + * mpi/ec.c (_gcry_mpi_ec_decode_point): For Ed448, use + _gcry_ecc_eddsa_decodepoint. + + ecc: Add new curve: Ed448. + + commit 339b03acf0971a31997901dd674fb75c4dde31d0 + * cipher/ecc-curves.c (curve_aliases): Add Ed448. + (domain_parms): Add domain parameters for Ed448. + * tests/curves.c (N_CURVES): Increment. + + ecc: Fix EdDSA encoding for Ed448. + + commit 3386aaf84d4d89b6ff931533df2ff82ed3f7c7f9 + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fix point/scalar + length condition. + * cipher/ecc-eddsa.c (eddsa_encodempi): The second argument is NBITS. + (eddsa_encode_x_y): Likewise. + (_gcry_ecc_eddsa_encodepoint): Follow the change. + (_gcry_ecc_eddsa_ensure_compact): Likewise. + (_gcry_ecc_eddsa_decodepoint): Likewise. + (_gcry_ecc_eddsa_sign): Likewise. Remove restriction of 256 bits. + +2020-06-12 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix NBITS in domain_parms. + + commit db7b2c591004868abedbc2c19d3bb2efebf8529d + * cipher/ecc-curves.c (cipher/ecc-curves.c): It's NBITS of 'p'. + +2020-06-08 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: fix UBSAN warning on left shift by 24 places with type 'int' + + commit 6cdd7268fe19b066ddb373e2f3c0b7ebf9b938dd + * cipher/rijndael.c (do_encrypt_fn, do_decrypt_fn): Cast final + sbox/inv_sbox look-ups to 'u32' type. + + Disable all assembly modules with --disable-asm. + + commit 3060aadec396802af13f08c4b2dd1b28f2a68c5d + * configure.ac (try_asm_modules): Update description, + "MPI" => "MPI and cipher". + (gcry_cv_gcc_arm_platform_as_ok, gcry_cv_gcc_aarch64_platform_as_ok) + (gcry_cv_gcc_inline_asm_ssse3, gcry_cv_gcc_inline_asm_pclmul) + (gcry_cv_gcc_inline_asm_shaext, gcry_cv_gcc_inline_asm_sse41) + (gcry_cv_gcc_inline_asm_avx, gcry_cv_gcc_inline_asm_avx2) + (gcry_cv_gcc_inline_asm_bmi2, gcry_cv_gcc_amd64_platform_as_ok) + (gcry_cv_gcc_platform_as_ok_for_intel_syntax) + (gcry_cv_cc_arm_arch_is_v6, gcry_cv_gcc_inline_asm_neon) + (gcry_cv_gcc_inline_asm_aarch32_crypto) + (gcry_cv_gcc_inline_asm_aarch64_neon) + (gcry_cv_gcc_inline_asm_aarch64_crypto) + (gcry_cv_cc_ppc_altivec, gcry_cv_gcc_inline_asm_ppc_altivec) + (gcry_cv_gcc_inline_asm_ppc_arch_3_00): Check for "try_asm_modules". + * mpi/config.links: Set "mpi_cpu_arch" to "disabled" + with --disable-asm. + +2020-06-05 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + mpicalc: fix typo. + + commit 2dd3e27fc53cf408f799d2e7b379c1441e0d62c8 + * src/mpicalc.c (print_help): fix typo in commands description. + +2020-06-04 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Fix flags in mpi_copy for opaque MPI. + + commit 78a5a1aa7627afaa24e2ea1eb9b08f1cfdd71561 + * mpi/mpiutil.c (_gcry_mpi_copy): Copy flags. + +2020-06-03 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Use opaque MPI for 'd' of Ed25519/EdDSA. + + commit 0d8346f84a1f5865da3375ce92420d92fb5ae652 + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add FLAGS. + Use opaque MPI for Ed25519/EdDSA, too. + (_gcry_mpi_ec_internal_new): Follow the change. + (_gcry_mpi_ec_new): Likewise. + +2020-06-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + cipher-ocb: fix out-of-array stack memory access. + + commit 8cfaeae42522778052c36fceccab504826a30cbf + * cipher/cipher-ocb.c (bit_copy): Do not access memory beyond + 's' array when bitoff > 8. + +2020-06-01 NIIBE Yutaka <gniibe@fsij.org> + + mpi: More fix of off-by-one mistake mpi_invm_pow2. + + commit 6a2cd0fe78a9cdc78911694a84b08762dd8658b4 + * mpi/mpi-inv.c (mpi_invm_pow2): Avoid out-of-band read/write. + + ecc: Consistently handle parameters as unsigned value. + + commit 6f8b1d4cb798375e6d830fd6b73c71da93ee5f3f + * cipher/ecc-curves.c (_gcry_ecc_get_curve): Parse as unsigned value. + +2020-05-27 NIIBE Yutaka <gniibe@fsij.org> + + sexp: Fix coding of line break. + + commit 33c972b6a6fe79aacb0a732d1df9a9deacafca29 + * src/sexp.c (_gcry_sexp_vextract_param): Add missing newline. + +2020-05-14 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Make sure it's the fixed size bytes. + + commit eb2288f3b1f338a9aec11d559ec84bdb201960e1 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Checking the size + of EC point representation, return GPG_ERR_INV_OBJ if not valid. + +2020-05-13 Werner Koch <wk@gnupg.org> + + ecc: Detect the use of a Montgomery curve earlier in ecc_verify. + + commit d0f995afe2e0228d3b9e30b0fc7091631d7d0090 + * cipher/ecc.c (ecc_verify): Do not allow a Montgomery curve. + +2020-05-13 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Fix off-by-one mistake mpi_invm_pow2. + + commit 69b55f87053ce2494cd4b38dc600f867bc4355be + * mpi/mpi-inv.c (mpi_invm_pow2): Avoid out-of-band read/write. + +2020-05-12 Werner Koch <wk@gnupg.org> + + ecc: Initialize a dummy parameter. + + commit 75a7b17878e02c3882070d6c86e0d2efbc3d680a + * cipher/ecc.c (ecc_verify): Rename flags to dummy_flags and + initialize. + +2020-05-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + tests/benchmark.c: fix error message for invalid MAC algo. + + commit 79e196a610b1b734a1f573288b148d62787f5281 + + +2020-04-27 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> + + ecc: Fix typo error in ecc-gost. + + commit fe688ce7e14f14d7d3a7e16aa0304d24b5b1a179 + * cipher/ecc-gost.c (_gcry_ecc_gost_verify): Fix typo in comment. + +2020-04-27 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Fix the return value of mpi_invm_generic. + + commit f10eb240a30ac115cfeb63848c67a936e1059ab9 + * mpi/mpi-inv.c (mpi_invm_generic): Return correct value. + +2020-04-24 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Fix return value of mpi_invm_generic. + + commit bc3b6a6a45cf9fa6cc0556da870628c53570f52f + * mpi/mpi-inv.c (mpi_invm_generic): Return 0 if inverse does not exist. + + mpi: More use of mpih API for _gcry_mpi_invm. + + commit 559ba9b36c9cdf4762d28beb3b4c59665c671818 + * mpi/mpi-inv.c (mpi_invm_pow2): Remove. + (_gcry_mpi_invm): Use mpih_invm_pow2 instead. + + mpi: Use mpih interface internally for mpi-inv. + + commit beefbb90d71d7fbd0b4429472b7d4b39670ff64b + * mpi/mpi-inv.c (mpih_invm_pow2): Converted from mpi_invm_pow2. + (mpi_invm_pow2): Use mpih_invm_pow2. + + mpi: Fix size of A in mpi_invm_pow2. + + commit efa5151ea1c2a2c049b2651581e71b6becba4e16 + * mpi/mpi-inv.c (mpi_invm_pow2): Fix size of A. + +2020-04-23 NIIBE Yutaka <gniibe@fsij.org> + + mpi: More fix for _gcry_mpi_invm. + + commit f81a1dd7317513000e5bc4d1bfffd6d2bfb8c2a2 + * mpi/mpi-inv.c (_gcry_mpi_invm): Fix comments and use of CRT path. + +2020-04-22 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Fix off-by-one mistake mpi_invm_pow2. + + commit 3bb9f74764b3626ed1116fc7e517921232d6be54 + * mpi/mpi-inv.c (mpi_invm_pow2): Fix computation of iterations. + +2020-04-21 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Use mpi_invm_pow2 for mpi_invm. + + commit bac01a6cfb3d645ff8439cbd3b310d255735d792 + * mpi/mpi-inv.c (_gcry_mpi_invm): Use mpi_invm_pow2. + + mpi: Fix mpi_invm_pow2. + + commit 2a3c58a0b4db01c17da0bf8c035fb1def2af114c + * mpi/mpi-inv.c (mpi_invm_pow2): Fix the algo implementation. + +2020-04-19 Dmitry Baryshkov <dbaryshkov@gmail.com> + + gost28147: implement special MAC mode called imitovstavka (IMIT) + + commit 45f21f871982753716d4a7676d948e8c7d644db5 + * src/gcrypt.h.in (GCRY_MAC_GOST28147_IMIT): New. + * cipher/gost28147.c (gost_imit_open, gost_imit_close) + (gost_imit_setkey, gost_imit_setiv, gost_imit_reset, _gost_imit_block) + (gost_imit_block, gost_imit_write, gost_imit_finish, gost_imit_read) + (gost_imit_verify, gost_imit_get_maclen, gost_imit_get_keylen) + (gost_imit_set_extra_info): New functions implementing GOST 28147-89 + MAC (imitovstavka, IMIT) mode. + * cipher/gost28147.c (gost_imit_ops) + (_gcry_mac_type_spec_gost28147_imit): declare GOST 28147-89 IMIT + handler. + * cipher/mac-internal.h (gcry_mac_handle): add fields to support GOST + 28147-89 IMIT mode. + * cipher/mac.c (mac_list): add _gcry_mac_type_spec_gost28147_imit. + (spec_from_algo): handle GCRY_MAC_GOST28147_IMIT. + * tests/basic.c (check_mac): add GOST28147-89 IMIT test vector. + + mac: add support for gcry_mac_ctl(GCRYCTL_SET_SBOX) + + commit d7fa70ed9ddc6e0189a8b59016b1f17717a26865 + * cipher/mac-internal.h (gcry_mac_spec_ops_t): add set_extra_info field + for providing additional settings. + * cipher/mac.c (_gcry_mac_ctl): support GCRYCTL_SET_SBOX call. + * cipher/mac-cmac.c (cmac_ops): set set_extra_info to NULL. + * cipher/mac-gmac.c (gmac_ops): the same. + * cipher/mac-hmac.c (hmac_ops): the same. + * cipher/mac-poly1305.c (poly1305mac_ops): the same. + +2020-04-17 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Use mpi_invm_pow2 for N=2^k. + + commit 469e2fefb64e3a4bd80995935f82caf416e3a4ae + * mpi/mpi-inv.c (mpi_invm_pow2): Fix. + (_gcry_mpi_invm): Use mpi_invm_pow2. + + mpi: Rewrite mpi_invm_odd into mpih_invm_odd. + + commit 05ceac8e2f6f28f97428c005d0a318d71d7cf9d9 + * mpi/mpi-inv.c (mpih_invm_odd): Use mpi_ptr_t API. + (_gcry_mpi_invm): Use _gcry_mpih_mod and mpih_invm_odd. + + mpi: Add _gcry_mpih_cmp_ui. + + commit 128045a12139fe2e4be877df59da10c7d4857d9a + * mpi/mpih-const-time.c (_gcry_mpih_cmp_ui): New. + + mpi: Add internal functipn mpi_invm_pow2. + + commit 515bd6e9fae448e966f71e23635503716201158d + * mpi/mpi-inv.c (mpi_invm_pow2): New. + +2020-04-16 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Add mpi_set_bit_cond. + + commit a91bd0211c4e5f0ce575b3a63a36049dd9edbf90 + * mpi/mpiutil.c (_gcry_mpi_set_bit_cond): New. + * src/mpi.h (mpi_set_bit_cond): New macro. + (_gcry_mpi_set_bit_cond): New. + + mpi: Add _gcry_mpih_mod. + + commit 95bdfd9ce9e114f447f3639e551e8f4f63d024fe + * mpi/mpi-internal.h (mpih_mod, _gcry_mpih_mod): New. + * mpi/mpih-const-time.c (_gcry_mpih_mod): New. + + mpih: Expose const-time MPI helper functions. + + commit 9b7e0d89006fce0641da05d8ef2696b1fb73145b + * mpi/Makefile.am (libmpi_la_SOURCES): Add mpih-const-time.c. + * mpi/ec.c (mpih_set_cond): Move to mpih-const-time.c. + * mpi/mpi-internal.h: Add macros and declarations. + * mpi/mpi-inv.c (mpih_add_n_cond): Likewise. + (mpih_sub_n_cond, mpih_swap_cond, mpih_abs_cond): Likewise. + * mpi/mpih-const-time.c: New. + +2020-04-14 Werner Koch <wk@gnupg.org> + + sexp: Extend gcry_sexp_extract_param with a multi-string extractor. + + commit 32b08e38628b3ed409054db05a7f73b1ab86464a + * src/sexp.c (_gcry_sexp_vextract_param): Implement "%#s" control + sequence. + +2020-04-14 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Remove hard-coded value for ECC_DIALECT_ED25519. + + commit 0ff36e04f7cdef961610e7bc674a9c9ef0fd4853 + * mpi/ec.c (ec_p_init): Remove special handling for Ed25519. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_encodepoint): Fix assumption + ec->nbits is 256 for EdDSA. + (_gcry_ecc_eddsa_decodepoint): Likewise. + (_gcry_ecc_eddsa_verify): Likewise. + +2020-04-09 Werner Koch <wk@gnupg.org> + + sexp: Extend gcry_sexp_extract_param with new format specifiers. + + commit 60c179b59e538aebb3a5f7621d92eee60b90c785 + * src/sexp.c (_gcry_sexp_vextract_param): Add new conversion methods. + * tests/t-sexp.c (check_extract_param): Add corresponding tests. + +2020-04-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + ppc: avoid using vec_vsx_ld/vec_vsx_st for 2x64-bit vectors. + + commit 1250a9cd859d99f487ca8d76a98d70d464324bbe + * cipher/crc-ppc.c (CRC_VEC_U64_LOAD, CRC_VEC_U64_LOAD_LE) + (CRC_VEC_U64_LOAD_BE): Remove vec_vsx_ld usage. + (asm_vec_u64_load, asm_vec_u64_load_le): New. + * cipher/sha512-ppc.c (vec_vshasigma_u64): Use '__asm__' instead of + 'asm' for assembly block. + (vec_u64_load, vec_u64_store): New. + (_gcry_sha512_transform_ppc8): Use vec_u64_load/store instead of + vec_vsx_ld/vec_vsx_st. + * configure.ac (gcy_cv_cc_ppc_altivec) + (gcy_cv_cc_ppc_altivec_cflags): Add check for vec_vsx_ld with + 'unsigned int *' pointer type. + +2020-04-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + asm-poly1305-aarch64: fix building with clang. + + commit 89b3ded8df969fe5fb31313c60419dd34d36b605 + * cipher/asm-poly1305-aarch64.h (POLY1305_BLOCK_PART25): Use correct + instruction format for right-shifting. + +2020-03-31 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + libgcrypt.m4: Fix spelling. + + commit 6a5743469a4366b1e238d378e427442f04400950 + + + libgcrypt.m4: Fix spelling. + + commit e16e7e619183f36720d17855419860d1dc6fe3a5 + + +2020-03-20 Dmitry Baryshkov <dbaryshkov@gmail.com> + + tests/basic: add GOST 28147 keymeshing testcase from LibreSSL testsuite. + + commit 3441f4c94c49a589c5e323b1526d2d6b5974cf2f + * tests/basic.c (check_cfb_cipher): add check for GOST 28147 CFB with + KeyMeshing enabled. + + gost28147: add support for CryptoPro key meshing per RFC 4357. + + commit dcee00adbd1c0a2cde1aeed1bb94421e81d0de3b + * cipher/gost28147.c (gost_do_set_sbox, cryptopro_key_meshing, + CryptoProMeshingKey, gost_encrypt_block_mesh): New. + (_gcry_cipher_spec_gost28147_mesh): New cipher with keymeshing, + (_gcry_cipher_spec_gost28147): Remove OIDs for this cipher should not + be selected using these OIDs (they are for CFB with keymeshing). + + * cipher/cipher.c (cipher_list, cipher_list_algo301): add + _gcry_cipher_spec_gost28147_mesh. + + * src/gcrypt.h.in (GCRY_CIPHER_GOST28147_MESH): New cipher with + keymeshing. + + * doc/gcrypt.texi (GCRY_CIPHER_GOST28147_MESH): Add definition. + + * tests/basic.c (check_gost28147_cipher, check_gost28147_cipher_basic): + Run basic tests on GCRY_CIPHER_GOST28147_MESH. + + gost: add keymeshing support per RFC 4357. + + commit 18cd3f0c473ae909cdaa5a820faef50d7670fcbb + * cipher/gost-s-box.c (gost_sbox): define if keymeshing should be + enabled or not. + (main): output whether we should enable or disable keymeshing for a + particular parameters set. + +2020-03-18 NIIBE Yutaka <gniibe@fsij.org> + + DSA,ECDSA: Fix use of mpi_invm. + + commit ada758e3019c2585213a132960613b1ac48502b8 + * cipher/dsa.c (sign): Call mpi_invm before _gcry_dsa_modify_k. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. + + mpi: Constant time mpi_inv with some conditions. + + commit 20082ca965eab5665af60956c4ed72709836b1ed + * mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond) + (mpih_abs_cond): New. + (mpi_invm_odd): New. + (mpi_invm_generic): Rename from _gcry_mpi_invm. + (_gcry_mpi_invm): Use mpi_invm_odd for usual odd cases. + +2020-03-11 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Support opaque MPI with gcry_mpi_print. + + commit b4b04ae6c2e55bc2b24efc663d1eeaa0b3613f4c + * mpi/mpicoder.c (_gcry_mpi_get_buffer): Return the bytes as-is. + +2020-03-09 Werner Koch <wk@gnupg.org> + + mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr. + + commit afbab896fa04d9481dbb9f4d01f607b12e31dcbf + * mpi/mpi-div.c (_gcry_mpi_tdiv_qr): Error out on division by zero. + +2020-02-25 NIIBE Yutaka <gniibe@fsij.org> + + build: More accurate dependency to -lgpg-error. + + commit 9b8ac13761f0407bd701e43b0a65fbada204958f + * configure.ac (LIBGCRYPT_CONFIG_LIBS): Remove DL_LIBS. + * src/libgcrypt.c.in: Distinguish static link use case. + * tests/Makefile.am: Fix use of -lgpg-error. + + build: Fix linking -ldl. + + commit c21e5d72e24e62752559f92b1825287298ae2f03 + * src/Makefile.am (libgcrypt_la_LIBADD): Add DL_LIBS. + (mpicalc_LDADD): Remove DL_LIBS. + * tests/Makefile.am (standard_ldadd): Remove DL_LIBS. + +2020-02-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + crc-ppc: fix bad register used for vector load/store assembly. + + commit b64b029318e7d0b66123015146614118f466a7a9 + * cipher/crc-ppc.c (CRC_VEC_U64_LOAD_BE): Move implementation to... + (asm_vec_u64_load_be): ...here; Add "r0" to clobber list for load + instruction when offset is not zero; Add zero offset path. + + rinjdael-aes: use zero offset vector load/store when possible. + + commit 89776d45c824032409f581e5fd1db6bf149df57f + * cipher/rijndael-ppc-common.h (asm_aligned_ld, asm_aligned_st): Use + zero offset instruction variant when input offset is constant zero. + * cipher/rijndael-ppc.c (asm_load_be_noswap) + (asm_store_be_noswap): Likewise. + + Add POWER9 little-endian variant of PPC AES implementation. + + commit 114bbc45e9717f9ad9641f64d8df8690db8da434 + * configure.ac: Add 'rijndael-ppc9le.lo'. + * cipher/Makefile.am: Add 'rijndael-ppc9le.c', 'rijndael-ppc-common.h' + and 'rijndael-ppc-functions.h'. + * cipher/rijndael-internal.h (USE_PPC_CRYPTO_WITH_PPC9LE): New. + (RIJNDAEL_context_s): Add 'use_ppc9le_crypto'. + * cipher/rijndael.c (_gcry_aes_ppc9le_encrypt) + (_gcry_aes_ppc9le_decrypt, _gcry_aes_ppc9le_cfb_enc) + (_gcry_aes_ppc9le_cfb_dec, _gcry_aes_ppc9le_ctr_enc) + (_gcry_aes_ppc9le_cbc_enc, _gcry_aes_ppc9le_cbc_dec) + (_gcry_aes_ppc9le_ocb_crypt, _gcry_aes_ppc9le_ocb_auth) + (_gcry_aes_ppc9le_xts_crypt): New. + (do_setkey, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec) + (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt) + [USE_PPC_CRYPTO_WITH_PPC9LE]: New. + * cipher/rijndael-ppc.c: Split common code to headers + 'rijndael-ppc-common.h' and 'rijndael-ppc-functions.h'. + * cipher/rijndael-ppc-common.h: Split from 'rijndael-ppc.c'. + (asm_add_uint64, asm_sra_int64, asm_swap_uint64_halfs): New. + * cipher/rijndael-ppc-functions.h: Split from 'rijndael-ppc.c'. + (CFB_ENC_FUNC, CBC_ENC_FUNC): Unroll loop by 2. + (XTS_CRYPT_FUNC, GEN_TWEAK): Tweak generation without vperm + instruction. + * cipher/rijndael-ppc9le.c: New. + + Add gcry_cipher_ctl command to allow weak keys in testing use-cases. + + commit 5beadf201312d0c649971b0c1d4c3827b434a0b5 + * cipher/cipher-internal.h (gcry_cipher_handle): Add + 'marks.allow_weak_key' flag. + * cipher/cipher.c (cipher_setkey): Do not handle weak key as error when + weak keys are allowed. + (cipher_reset): Preserve 'marks.allow_weak_key' flag on object reset. + (_gcry_cipher_ctl): Add handling for GCRYCTL_SET_ALLOW_WEAK_KEY. + * src/gcrypt.h.in (gcry_ctl_cmds): Add GCRYCTL_SET_ALLOW_WEAK_KEY. + * tests/basic.c (check_ecb_cipher): Add tests for weak key errors and + for GCRYCTL_SET_ALLOW_WEAK_KEY. + +2020-01-23 NIIBE Yutaka <gniibe@fsij.org> + + random: Fix include of config.h. + + commit e0898d0628789414da23e0526c87df1885c8b3ae + * random/random-drbg.c: Include config.h earlier. + +2020-01-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + sexp: fix cast from 'int' pointer to 'size_t' pointer. + + commit 8b31091da092e22dba78b2402c2f436bbffc1c73 + * src/sexp.c (do_vsexp_sscan): Change 'datalen' from 'int' to + 'size_t'; Remove &datalen pointer cast to 'size_t *' type. + + mpi/i386: fix DWARF CFI for _gcry_mpih_sub_n and _gcry_mpih_add_n. + + commit 5f098f7e6ceb899ac27a0a30ee036de5f1be4e3d + * mpi/i386/mpih-add1.S (_gcry_mpih_add_n) [PIC]: Adjust CFI CFA offset + when making call and restoring stack pointer. + * mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n) [PIC]: Ditto. + +2020-01-22 H.J. Lu <hjl.tools@gmail.com> + + i386: Add _CET_ENDBR to indirect jump targets. + + commit cb9f0a2df8225eed071ae0a56265e38e9f6ff184 + * mpi/i386/mpih-add1.S (_gcry_mpih_add_n): Save and restore + %ebx if IBT is enabed. Add _CET_ENDBR to indirect jump targets + and adjust jump destination for _CET_ENDBR. + * mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n): Likewise. + + amd64: Always include <config.h> in cipher assembly codes. + + commit 22e577071790834f07753c42a191a568c9f2644d + * cipher/camellia-aesni-avx-amd64.S: Always include <config.h>. + * cipher/camellia-aesni-avx2-amd64.S: Likewise. + * cipher/serpent-avx2-amd64.S: Likewise. + + mpi: Add .note.gnu.property section for Intel CET. + + commit 24b4d5c10a97aaf82ac7402cc3a5b429d580cd66 + * mpi/config.links: Include <cet.h> in <asm-syntax.h>. + + x86: Add .note.gnu.property section for Intel CET. + + commit 4c88c2bd2a418435506325cd53246acaaa52750c + * configure.ac: Include <cet.h> in <config.h> for assembly + codes. + +2020-01-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests/basic: add vector cluttering to detect implementation bugs. + + commit 4aa8ff904262f331abbb8c988069a7029ca13502 + * src/global.c (_gcry_check_version): Fix missing newline. + * src/basic.c (ALWAYS_INLINE, CLUTTER_REGISTER_*, prepare_vector_data) + (clutter_vector_registers): New. + (progress_handler): Make static function. + (check_bulk_cipher_modes, check_one_cipher_core_reset) + (check_one_cipher_core, check_one_md, check_one_md_multi) + (check_one_md_final, check_one_mac): Clutter vector registers before + gcry_* calls to cipher/md/mac algorithms. + +2020-01-22 Marvin W <git@larma.de> + + Set vZZ.16b register to zero before use in armv8 gcm implementation. + + commit 79ed620ec46adbb08f5cea6a4865a95a436e4109 + * cipher/cipher-gcm-armv8-aarch64-ce.S + (_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero. + +2020-01-21 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> + + tests: Add basic test cases for sm2. + + commit aa9c78afa1d867bb7b9b3c695cf31a832c9419e5 + * tests/basic.c (check_pubkey): Add test cases for ecc-sm2. + + Add elliptic curve SM2 implementation. + + commit 6b55246c77089dd372eb1807808111660fd789c7 + * configure.ac (enabled_pubkey_ciphers): Add ecc-sm2. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc-sm2.c. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist, + _gcry_pk_util_preparse_sigval): Add sm2 flags. + * cipher/ecc.c: Support ecc-sm2. + * cipher/ecc-common.h: Add declarations for ecc-sm2. + * cipher/ecc-sm2.c: New. + * src/cipher.h: Define PUBKEY_FLAG_SM2. + + ecc: Simplify signature code. + + commit 8d9958910e54f3fecbab6e133c3971843f6ef310 + * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Use implemented function. + * cipher/ecc.c (ecc_verify): Remove redundant code. + +2020-01-21 NIIBE Yutaka <gniibe@fsij.org> + NIIBE Yutaka <gniibe@fsij.org> + + tests: Fix check_pubkey. + + commit 95e9cee802419adf6f4b01b29d7874793004fa8d + * tests/basic.c (check_pubkey): Fix constants of pubkeys. + +2020-01-21 NIIBE Yutaka <gniibe@fsij.org> + + Avoid use of ulong in internal code. + + commit 4997139b3e83761c9af0246cec829305c3d7d13b + * configure.ac (HAVE_ULONG_TYPEDEF): Remove. + * mpi/mpi-div.c (_gcry_mpi_fdiv_r_ui): Use unsigned long. + (_gcry_mpi_divisible_ui): Likewise. + * random/rndunix.c (_gcry_rndunix_gather_random): Likewise. + * random/rndw32.c (_gcry_rndw32_gather_random_fast): Likewise. + (ADDINT): Likewise. + * random/rndw32ce.c (_gcry_rndw32ce_gather_random_fast): Likewise. + * src/mpi.h: Follow the change. + * src/types.h (HAVE_ULONG_TYPEDEF): Remove. + +2020-01-19 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + gcrypt.texi: fix GCRYCTL_GET_ALGO_NENCR typo. + + commit 5ebb2f0671c902863eee91cbcfc85a72be506410 + * doc/gcrypt.texi: Fix GCRYCTL_GET_ALGO_NENC to GCRYCTL_GET_ALGO_NENCR. + +2020-01-19 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> + + mpi: Fix error that point not uninitialized. + + commit 7e3aac7ba49b3b6e6c5ebe7c880b5b323c423ef7 + * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Initialize E->G poing + + ecc: Wrong flag and elements_enc fix. + + commit 43cfc1632dd3a9579a906f31cd3b6c88d242d1a5 + * cipher/ecc.c (ecc_generate): Fix wrong flag and elements_enc. + + Update .gitignore. + + commit 176a5f162acd0cfebc5517d061205681bc3658d0 + + +2020-01-16 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> + + Add new curve named sm2p256v1. + + commit d154c1e9e11019980253f0a65758932cd0656470 + * cipher/ecc-curves.c (domain_parms): Add sm2p256v1 for SM2. + * tests/curves.c (N_CURVES): Update N_CURVES for SM2. + +2019-12-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-ppc: performance improvements. + + commit 110077505acacae62cec3d09b32a084b9cee0368 + * cipher/rijndael-ppc.c (ALIGNED_LOAD, ALIGNED_STORE, VEC_LOAD_BE) + (VEC_STORE_BE): Rewrite. + (VEC_BE_SWAP, VEC_LOAD_BE_NOSWAP, VEC_STORE_BE_NOSWAP): New. + (PRELOAD_ROUND_KEYS, AES_ENCRYPT, AES_DECRYPT): Adjust to new + input parameters for vector load macros. + (ROUND_KEY_VARIABLES_ALL, PRELOAD_ROUND_KEYS_ALL) + (AES_ENCRYPT_ALL): New. + (vec_bswap32_const_neg): New. + (vec_aligned_ld, vec_aligned_st, vec_load_be_const): Rename to... + (asm_aligned_ls, asm_aligned_st, asm_load_be_const): ...these. + (asm_be_swap, asm_vperm1, asm_load_be_noswap) + (asm_store_be_noswap): New. + (vec_add_uint128): Rename to... + (asm_add_uint128): ...this. + (asm_xor, asm_cipher_be, asm_cipherlast_be, asm_ncipher_be) + (asm_ncipherlast_be): New inline assembly functions with volatile + keyword to allow manual instruction ordering. + (_gcry_aes_ppc8_setkey, aes_ppc8_prepare_decryption) + (_gcry_aes_ppc8_encrypt, _gcry_aes_ppc8_decrypt) + (_gcry_aes_ppc8_cfb_enc, _gcry_aes_ppc8_cbc_enc) + (_gcry_aes_ppc8_ocb_auth): Update to use new&rewritten helper macros. + (_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_dec) + (_gcry_aes_ppc8_ctr_enc, _gcry_aes_ppc8_ocb_crypt) + (_gcry_aes_ppc8_xts_crypt): Update to use new&rewritten helper + macros; Tune 8-block parallel paths with manual instruction ordering. + + rijndael-ppc: fix bad register used for vector load/store assembly. + + commit 0837d7e6be3e604c1f7b86d18c582d8aa7ed858c + * cipher/rijndael-ppc.c (vec_aligned_ld, vec_load_be, vec_aligned_st) + (vec_store_be): Add "r0" to clobber list for load/store instructions. + +2019-12-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + cipher: fix typo in error log. + + commit 5b9ea3df0dc355d77b9f061f63064614a97b8b67 + * cipher/cipher.c (_gcry_cipher_encrypt): Fix log "cipher_decrypt: ..." + to "cipher_encrypt: ...". + +2019-11-21 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + gost28147: inline gost_val function to speed up code. + + commit e5c4cf0efb8fd297963e6b4392ab98c41dbad536 + * cipher/gost28147.c (gost_val): mark function as inline + + gost28147: do not use GOST28147_CONTEXT outside of GOST 28147 calculation + + commit f9894240bed36eab17fabf5aa482799b148618e2 + * cipher/gost28147.c (_gcry_gost_enc_data): remove unused context + argument + * cipher/gostr3411-94.c (GOSTR3411_CONTEXT, gostr3411_init, + do_hash_step): remove unused GOST 28147-89 context. + + gost28147: simplify internal code. + + commit d164a8e7f6829163f1279517f07b61805311f8f2 + * cipher/gost28147.c (gost_val, _gost_encrypt_data): don't use gost + context internally + * cipher/gost28147.c (gost_encrypt_block, gost_decrypt_block, + _gcry_gost_enc_data): adapt to internal changes. + + gostr3411-94: small speedup. + + commit 8f573a67d12e6d9026f1676a6dae7813105bc490 + * cipher/gostr3411-94.c (do_p): unroll loop for a small spedup + +2019-11-18 Paul Wolneykien <manowar@altlinux.org> + + ecc: update GOST2012 curves. + + commit a3a866f63e7a527fe3c053758b84d70c142f8283 + * cipher/ecc-curves.c (domain_parms): rename GOST 2012 curves to contain + curve bit size + (curve_aliases): rename curves, provide backwards-compatible + aliases, add new OIDs and two new curves. + * cipher/ecc-curves.c (curve_aliases): add new OIDs and aliases for + * tests/basic.c (check_pubkey): use new name for GOST2012 512-bit test + curve. + * tests/benchmark.c (ecc_bench): use new name for GOST2012 512-bit test + curve. + +2019-11-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + ec: fix left shift overflows on WIN64 build. + + commit bdbd032d1626dbb34e1840e5f5393524dd546a1d + * mpi/ec.c (ec_mulm_448): Cast constants to (mpi_limb_t) before + shifting left by 32. + + mpi/amd64: use SSE2 for shifting instead of MMX. + + commit 1322c6a5d1e9aa0c69a2b259aa5ec7bcf5cb5653 + * mpi/amd64/mpih-lshift.S: Convert to SSE2. + * mpi/amd64/mpih-rshift.S: Ditto. + + Add i386/SSSE3 implementation of SHA512. + + commit b52dde860963c794b12d14b0a9c5848bca7ba51e + * LICENSES: Add 'sha512-ssse3-i386.c'. + * configure.ac: Add 'sha512-ssse3-i386.lo'. + * cipher/Makefile.am: Add 'sha512-ssse3-i386.c'. + * cipher/sha512-ssse3-i386.c: New. + * cipher/sha512.c (USE_SSSE3_I386, _gcry_sha512_transform_i386_ssse3) + (do_sha512_transform_i386_ssse3): New. + (_gcry_sha512_transform_arm) [USE_SSSE3_I386]: Use i386/SSSE3 transform + function if supported by CPU. + +2019-10-28 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add Curve for X448 with ECC_DIALECT_SAFECURVE. + + commit d9c418305e1053decebefbd5a98a95f845404a09 + * cipher/ecc-curves.c (domain_parms): Add X448. + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Support X448. + * mpi/ec.c (ec_addm_448, ec_subm_448, ec_mulm_448): New. + (ec_mul2_448, ec_pow2_448): New. + (field_table): Add for X448. + (curve448_bad_points): New. + (bad_points_table): New. + (ec_p_init): Use bad_points_table. + * tests/Makefile.am (t-x448): Add. + * tests/curves.c (N_CURVES): Update. + * tests/t-x448.c: New. + +2019-10-25 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Introduce new dialect: ECC_DIALECT_SAFECURVE. + + commit 498ab6d9f2f8b0775da41553be7868e59cf4cc2e + * src/mpi.h (ECC_DIALECT_SAFECURVE): New. + * cipher/ecc-misc.c (_gcry_ecc_dialect2str): Support the new dialect. + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Support opaque + MPI handling of secret 'd' for ECC_DIALECT_SAFECURVE. + * cipher/ecc.c (nist_generate_key): Support opaque secret for + ECC_DIALECT_SAFECURVE. + (test_ecdh_only_keys): Likewise. + (ecc_generate): Support native point representation for + ECC_DIALECT_SAFECURVE. + (ecc_encrypt_raw): Support opaque MPI handling of secret and + native point representation for ECC_DIALECT_SAFECURVE. + (ecc_decrypt_raw): Support native point representation for + ECC_DIALECT_SAFECURVE. + (_gcry_pk_ecc_get_sexp): Likewise. + + ecc: Make _gcry_mpi_ec_mul_point friendly to X25519 computation. + + commit 2dfedafe08ac57a87e6892d1af4d72cbb398fe40 + * mpi/ec.c (_gcry_mpi_ec_mul_point): Support scalar input as an opaque + MPI in little-endian native format. + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Use an opaque scalar. + + pubkey: Support a method to get data as an opaque MPI. + + commit 050e0b4accfae6a49dda6b1bac52749edec5ce22 + * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support an + opaque MPI in old style. + +2019-10-24 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Support an opaque MPI handling in mpi_from_keyparam. + + commit 05a7d2f262bc5c2d108dcfa6e3d907dd895a4074 + * cipher/ecc-curves.c (mpi_from_keyparam): Add OPAQUE argument. + + ecc: Fix handling of point representation in EdDSA. + + commit 3d5a05767b84e0f781ed5dfe434adb4d4e9d2aa5 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): Use + GCRYMPI_FMT_USG, since integer is defined as unsigned in SEC1. + (_gcry_ecc_eddsa_decodepoint): Likewise. + + ecc: Return an opaque MPI by _gcry_ecc_ec2os. + + commit 8fce1027c2531127dd52a8b883f34333ffd3763b + * cipher/ecc-misc.c (_gcry_ecc_ec2os): Use mpi_set_opaque instead of + _gcry_mpi_scan to make an opaque MPI. + + ecc: String constant fix. + + commit 35c1faaea2b0aee9b127d02d93158826d17eb107 + * cipher/ecc-curves.c (domain_parms): Same string length for NIST + P-521. + + ecc: Simplify _gcry_ecc_compute_public. + + commit ad8927f40169364003f72fc188ea60b295ef5e59 + * cipher/ecc-misc.c (_gcry_ecc_compute_public): Don't need G and d. + Use ec->G and ec->d. + * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Follow the change. + (_gcry_ecc_get_point): Likewise. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Don't need d, + but use ec->d. + (_gcry_ecc_eddsa_sign): Follow the change. + +2019-10-23 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Use opaque MPI for _gcry_ecc_mul_point. + + commit c5a7191c1bd18292a34ad4da45d743dfac035f9a + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Use opaque MPI for U. + + ecc: Fix _gcry_ecc_mont_decodepoint for data by old implementation. + + commit bbe15758c893dbf546416c1a6bccdad1ab000ad7 + * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Support data by old + implementation by opaque public key. + Fix confusion of endian, in the handling of data by normal MPI key. + + ecc: ECDH clean up for use of ec->nbits. + + commit 27e848666b4a03939b0c8db15aa6e6f79bc7db30 + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Use ec->nbits. + * cipher/ecc.c (test_ecdh_only_keys): Likewise. + (ecc_encrypt_raw): Likewise. + (ecc_generate): Fix debug output format. + +2019-10-22 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix key generation for ECDH. + + commit 82441bbb82903c21cd2b9b4e2d50202b14fdc24c + * cipher/ecc.c (test_ecdh_only_keys): Don't free EC here. + + ecc: Fix debug output. + + commit 6d93812aa312a92d4de2dc034bdf87c276a24b8a + * cipher/ecc-curves.c (_gcry_mpi_ec_internal_new): Fix debug output. + + ecc: Simplify using mpi_ec_t directly. + + commit 6a30a9a2cc48d2343c3e9815567dbd4bf9eec058 + * cipher/ecc-common.h (ECC_public_key, ECC_secret_key): Remove. + (_gcry_ecc_ecdsa_sign, _gcry_ecc_ecdsa_verify): Use mpi_ec_t. + (_gcry_ecc_eddsa_genkey, gcry_ecc_eddsa_sign): Likewise. + (_gcry_ecc_eddsa_verify): Likewise. + (_gcry_ecc_gost_sign, _gcry_ecc_gost_verify): Likewise. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Use mpi_ec_t directly. + (_gcry_ecc_ecdsa_verify): Likewise. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise. + (_gcry_ecc_eddsa_sign, _gcry_ecc_eddsa_verify): Likewise. + * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise. + (_gcry_ecc_gost_verify): Likewise. + + ecc: Fix for NBITS support. + + commit 975de38796917392e83152447c6575648a5a5ee3 + * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Fill curve + parameters by NBITS. + (_gcry_mpi_ec_internal_new): Show "EdDSA". + + ecc: Add NAME member to struct mpi_ec_ctx_s. + + commit e921ad5b3ad093304312aca90a3c971de05cbf03 + * src/ec-context.h (struct mpi_ec_ctx_s): Add NAME. + * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Initialize NAME. + + ecc: Add key generation support to mpi_ec_get_elliptic_curve. + + commit 488704be6e044e23770d95344511c5a347b533c5 + * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Handle params for + key generation. + (_gcry_mpi_ec_internal_new): Remove duplication for handling of flags. + + ecc: Consolidate with _gcry_mpi_ec_internal_new. + + commit 5415bc578080018e1cd36aa44cf5c0a9995cbafc + * cipher/ecc-ecdh.c (prepare_ec): Use _gcry_mpi_ec_internal_new. + (_gcry_ecc_mul_point): Don't need to have E of elliptic_curve_t. + * cipher/ecc.c (ecc_encrypt_raw): Use _gcry_mpi_ec_internal_new. + (ecc_decrypt_raw): Likewise. + + ecc: Support flags and debug print in _gcry_mpi_ec_internal_new. + + commit c2aa333dd88b4cd337329128a2018dd3b00f5114 + * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Don't set *r_flags. + (_gcry_mpi_ec_internal_new): Add r_flags argument. + Parse the flag list. + Output to debug channel when DBG_CIPHER. + +2019-10-21 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add new function _gcry_mpi_ec_internal_new. + + commit c7b97ac9bdf96f5a89ae553cac12954043ab174d + * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve) + (mpi_ec_setup_elliptic_curve): Factor out from _gcry_mpi_ec_new. + (_gcry_mpi_ec_internal_new): New. + (_gcry_mpi_ec_new): Rewrite using mpi_ec_get_elliptic_curve and + mpi_ec_setup_elliptic_curve. + + ecc: Simplify ecc_encrypt_raw and ecc_decrypt_raw. + + commit 10b8cc280a535f14b017106c87f2b26bb68d9489 + * cipher/ecc.c (ecc_encrypt_raw): Use elliptic_curve_t directly. + (ecc_decrypt_raw): Likewise. + + ecc: More fixes for cofactor with PUBKEY_FLAG_PARAM. + + commit 61a0518282537ad52367354c96986c3d1b698d6f + * cipher/ecc.c (ecc_check_secret_key): Support "h" in KEYPARMS. + (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Likewise. + + ecc: Simply use unsigned int for cofactor, not MPI. + + commit a258ae728de62607b3ef4eca940cfbcf9965fa5f + * cipher/ecc-common.h (elliptic_curve_t): Use unsigned int for H. + * src/ec-context.h (struct mpi_ec_ctx_s): Ditto. + * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. + (domain_parms): Update for the cofactors. + (_gcry_ecc_fill_in_curve): H is no longer MPI, but unsigned int. + (_gcry_ecc_get_curve): Remove handling for H. + (_gcry_mpi_ec_new): In KEYPARM, cofactor is still MPI. + (_gcry_ecc_get_param_sexp): H is no longer MPI, but unsigned int. + (_gcry_ecc_get_mpi): Keep the API, returning MPI for "h". + (_gcry_ecc_set_mpi): Likewise. + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Fix for unsigned int. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise. + * cipher/ecc-misc.c (_gcry_ecc_curve_free): Likewise. + * cipher/ecc.c (nist_generate_key, test_ecdh_only_keys): Likewise. + (test_ecdh_only_keys, ecc_generate, ecc_check_secret_key): Likewise. + (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Likewise. + (_gcry_pk_ecc_get_sexp): Likewise. + * mpi/ec.c (ec_deinit): Likewise. + +2019-10-18 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Simplify compute_keygrip. + + commit 579d5d6017d63b5eabec588b24d1a22566455bac + * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Remove H. + * cipher/ecc.c (compute_keygrip): Don't get H, since it's not + used in the computation. + + ecc: Clean up key generation code. + + commit 95cc9b8f4483fd7edfc7555199f6a05cfa68a236 + * cipher/ecc.c (test_ecdh_only_keys): No need to make PK by SK. + +2019-10-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix building t-lock for WIN32. + + commit 7e1383cfd43fdc2b6f743e6a1304f0f0b2142847 + * tests/t-lock.c (external_lock_test_init, external_lock_test_lock) + (externel_lock_test_unlock, external_lock_test_destroy) + (nonce_thread, get_rand, pick_account, pick_value, revision_thread) + (accountant_thread): Build also if _WIN32 defined in addition to + HAVE_PTHREAD. + + hash-common: avoid integer division to reduce call overhead. + + commit f9d8b5a0369cc94e125d36d9c8864d5cd2eaa1d2 + * cipher/hash-common.h (gcry_md_block_ctx): Replace 'blocksize' with + 'blocksize_shift'. + * cipher/hash-common.c (_gcry_md_block_write): Use bit-level operations + instead of division to get number of blocks. + * cipher/gostr2411-94.c (gost3411_init): Initialize 'blocksize_shift' + instead of 'blocksize'. + * cipher/md2.c (md2_init): Ditto. + * cipher/md4.c (md4_init): Ditto. + * cipher/md5.c (md5_init): Ditto. + * cipher/rmd160.c (rmd160_init): Ditto. + * cipher/sha1.c (sha1_init): Ditto. + * cipher/sha256.c (sha256_common_init): Ditto. + * cipher/sha512.c (sha512_init_common): Ditto. + * cipher/sm3.c (sm3_init): Ditto. + * cipher/stribog.c (stribog_init_512): Ditto. + * cipher/tiger.c (do_init): Ditto. + * cipher/whirlpool.c (whirlpool_init): Ditto. + +2019-10-11 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Handle ephemeral key as opaque octets. + + commit ff0f1782560eb45458d9a8dd97088dabeddb34e7 + * cipher/ecc.c (ecc_decrypt_raw): Extract an ephemeral key + as opaque octets. + +2019-10-10 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Consolidate encoding a point for Montgomery curve. + + commit 80cf289905ace9f174eb06d7f55f38980f7e4dbd + * cipher/ecc-common.h (_gcry_ecc_mont_encodepoint): New. + * cipher/ecc-misc.c (_gcry_ecc_mont_encodepoint): New. + * cipher/ecc.c (ecc_generate): Use _gcry_ecc_mont_encodepoint. + (ecc_encrypt_raw, ecc_decrypt_raw, _gcry_pk_ecc_get_sexp): Likewise. + +2019-10-09 NIIBE Yutaka <gniibe@fsij.org> + + ecc: More clean-up for Ed25519 and Curve25519. + + commit ba0b31f2636632b1b39ebd2202de3ba5d60588b8 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): Fix calc for + bytes. + * cipher/ecc.c (ecc_encrypt_raw): Use public key as opaque byte-string + with "/q" for both cases, since it is always fixed size with a prefix. + (compute_keygrip): Likewise. + Fix hard-coded value of 256 for Ed25519. + Handle Curve25519 differently. + +2019-10-08 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix hard-coded value for 25519 to allow other modern curves. + + commit d66a4856eb0c39823bf3414b3ca4cf6322f32aef + * cipher/ecc.c (nist_generate_key): Support other modern curves. + (test_ecdh_only_keys): Likewise. + (check_secret_key): Don't use ECC_DIALECT_ED25519 for the check. + (_gcry_pk_ecc_get_sexp): Support Montgomery curve. + + ecc: Clean up for decoding point. + + commit 254c5279058f0aea2d3568d6e756002242e82f8f + * cipher/ecc-curves.c (point_from_keyparam): Possibly supporting + Montgomery curve, use _gcry_mpi_ec_decode_point. + (_gcry_ecc_set_mpi): Likewise. + * cipher/ecc.c (ecc_check_secret_key): Likewise. + + random: Clean up unused old internal API. + + commit 6e57242c61bca38b3cc8fdf424b5667ab953e4cd + * random/random.h (_gcry_get_random_bits): Remove. + +2019-10-02 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix regression in keygrip computation for cv25519 (2). + + commit 1cfe2329b91cc7be30f7c3a14fc634ec89a1be96 + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Recover g_y + for Curve25519. + +2019-09-28 Werner Koch <wk@gnupg.org> + + ecc: Fix regression in keygrip computation for cv25519. + + commit f67b6492e0b0a2a661cd53a08b20f23e6e3f9f89 + * cipher/ecc-curves.c (domain_parms): Revert g_y for cv25519. + * tests/keygrip.c: Add test case for cv25519. + +2019-09-24 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add stitched ChaCha20-Poly1305 ARMv8/AArch64 implementation. + + commit 4bebafb7bae8343f543728937caf7d3453c88b7c + * cipher/Makefile.am: Add 'asm-poly1305-aarch64.h'. + * cipher/asm-poly1305-aarch64.h: New. + * cipher/chacha20-aarch64.S (ROT8, _, ROTATE2_8): New. + (ROTATE2): Add interleave operator. + (QUARTERROUND2): Add interleave operators; Use ROTATE2_8. + (chacha20_data): Rename to... + (_gcry_chacha20_aarch64_blocks4_data_inc_counter): ...to this. + (_gcry_chacha20_aarch64_blocks4_data_rot8): New. + (_gcry_chacha20_aarch64_blocks4): Preload ROT8; Fill empty parameters + for QUARTERROUND2 interleave operators. + (_gcry_chacha20_poly1305_aarch64_blocks4): New. + * cipher/chacha20.c + [USE_AARCH64_SIMD] (_gcry_chacha20_poly1305_aarch64_blocks4): New. + (_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt) + [USE_AARCH64_SIMD]: Use stitched implementation if ctr->use_neon is + set. + +2019-09-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Small tweak for PowerPC Chacha20-Poly1305 round loop. + + commit 96b91e164160dfbd913aefe258f472d386f5b642 + * cipher/chacha20-ppc.c (_gcry_chacha20_poly1305_ppc8_block4): Use + inner/outer round loop structure instead of two separate loops for + stitched and non-stitched parts. + + Reduce size of x86-64 stitched Chacha20-Poly1305 implementations. + + commit 664370ea02df883d16db1ffdd9ada023335b0f63 + * cipher/chacha20-amd64-avx2.c + (_gcry_chacha20_poly1305_amd64_avx2_blocks8): De-unroll round loop. + * cipher/chacha20-amd64-ssse3.c + (_gcry_chacha20_poly1305_amd64_ssse3_blocks4): + (_gcry_chacha20_poly1305_amd64_ssse3_blocks1): Ditto. + +2019-09-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add PowerPC extra CFLAGS also for chacha20-ppc and crc-ppc. + + commit 5516072451d46be8827455afff840eb6d49155fb + * cipher/Makefile.am: Add 'ppc_vcrypto_cflags' for chacha20-ppc.o/.lo + and crc-ppc.o/.lo. + +2019-09-15 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add PowerPC vpmsum implementation of CRC. + + commit 0486b85bd1fb65013e77f858cae9ea4530f868df + * cipher/Makefile.am: Add 'crc-ppc.c'. + * cipher/crc-armv8-ce.c: Remove 'USE_INTEL_PCLMUL' comment. + * cipher/crc-ppc.c: New. + * cipher/crc.c (USE_PPC_VPMSUM): New. + (CRC_CONTEXT): Add 'use_vpmsum'. + (_gcry_crc32_ppc8_vpmsum, _gcry_crc24rfc2440_ppc8_vpmsum): New. + (crc32_init, crc24rfc2440_init): Add HWF check for 'use_vpmsum'. + (crc32_write, crc24rfc2440_write): Add 'use_vpmsum' code-path. + * configure.ac: Add 'vpmsumd' instruction to PowerPC VSX inline + assembly check; Add 'crc-ppc.lo'. + + Add PowerPC vector implementation of ChaCha20. + + commit 557702f0d53a7ad1cf2ce0333c9df799a8abad59 + * cipher/Makefile.am: Add 'chacha20-ppc.c'. + * cipher/chacha20-ppc.c: New. + * cipher/chacha20.c (USE_PPC_VEC, _gcry_chacha20_ppc8_blocks4) + (_gcry_chacha20_ppc8_blocks1, USE_PPC_VEC_POLY1305) + (_gcry_chacha20_poly1305_ppc8_blocks4): New. + (CHACHA20_context_t): Add 'use_ppc'. + (chacha20_blocks, chacha20_keysetup) + (do_chacha20_encrypt_stream_tail): Add USE_PPC_VEC code. + (_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt): Add + USE_PPC_VEC_POLY1305 code. + * configure.ac: Add 'chacha20-ppc.lo'. + * src/g10lib.h (HWF_PPC_ARCH_2_07): New. + * src/hwf-ppc.c (PPC_FEATURE2_ARCH_2_07): New. + (ppc_features): Add HWF_PPC_ARCH_2_07. + * src/hwfeatures.c (hwflist): Add 'ppc-arch_2_07'. + +2019-09-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + poly1305: add fast addition macro for ppc64. + + commit 0564757b934d24c7fef10df8594099985fbbc0ac + * cipher/poly1305.c [USE_MPI_64BIT && __powerpc__] (ADD_1305_64): New. + +2019-09-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add SHA-512 implementations for POWER8 and POWER9. + + commit 93632f1adf57f142e5d9e9653c405f2ca8c601c0 + * cipher/Makefile.am: Add 'sha512-ppc.c'; Add extra CFLAG handling for + 'sha512-ppc.c'. + * cipher/sha512-ppc.c: New. + * cipher/sha512.c (USE_PPC_CRYPTO, _gcry_sha512_transform_ppc8) + (_gcry_sha512_transform_ppc9, do_sha512_transform_ppc8) + (do_sha512_transform_ppc9): New. + (sha512_init_common): Add PowerPC HW feature detection and + implementation selection. + * configure.ac: Add 'vshasigmad' instruction to PowerPC assembly + support check; Add 'sha512-ppc.lo'. + +2019-08-31 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add SHA-256 implementations for POWER8 and POWER9. + + commit e19dc973bc8e2a0ce92dd87515df3ee338265a8d + * cipher/Makefile.am: Add 'sha256-ppc.c'; Add extra CFLAG handling for + 'sha256-ppc.c'. + * cipher/sha256-ppc.c: New. + * cipher/sha256.c (USE_PPC_CRYPTO, _gcry_sha256_transform_ppc8) + (_gcry_sha256_transform_ppc9, do_sha256_transform_ppc8) + (do_sha256_transform_ppc9): New. + (sha256_init, sha224_init): Split common part to new function named... + (sha256_common_init): ...this; Add PowerPC HW feature detection and + implementation selection. + * configure.ac: Add 'vshasigmaw' instruction to PowerPC assembly + support check; Add 'sha256-ppc.lo'. + +2019-08-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + hwf-ppc: add detection for PowerISA 3.00. + + commit 418179593080f3028426657c4ef1941cdad85513 + * src/g10lib.h (HWF_PPC_ARCH_3_00): New. + * src/hwf-ppc.c (feature_map_s): Remove unused 'feature_match'. + (PPC_FEATURE2_ARCH_3_00): New. + (ppc_features, get_hwcap): Add PowerISA 3.00. + * src/hwfeatures.c (hwflist): Rename "ppc-crypto" to "ppc-vcrypto"; Add + "ppc-arch_3_00". + + rijndael-ppc: add bulk modes for CBC, CFB, CTR and XTS. + + commit 81d555d3473016eb9382fb1df153ba1effbbe32e + * cipher/rijndael-ppc.c (vec_add_uint128, _gcry_aes_ppc8_cfb_enc) + (_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_enc) + (_gcry_aes_ppc8_cbc_dec, _gcry_aes_ppc8_ctr_enc) + (_gcry_aes_ppc8_xts_crypt): New. + * cipher/rijndael.c [USE_PPC_CRYPTO] (_gcry_aes_ppc8_cfb_enc) + (_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_enc) + (_gcry_aes_ppc8_cbc_dec, _gcry_aes_ppc8_ctr_enc) + (_gcry_aes_ppc8_xts_crypt): New. + (do_setkey, _gcry_aes_cfb_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_enc) + (_gcry_aes_cbc_dec, _gcry_aes_ctr_enc) + (_gcry_aes_xts_crypto) [USE_PPC_CRYPTO]: Enable PowerPC AES + CFB/CBC/CTR/XTS bulk implementations. + * configure.ac (gcry_cv_gcc_inline_asm_ppc_altivec): Add 'vadduwm' + instruction. + + rijndael-ppc: add bulk mode for ocb_auth. + + commit bd1367bb607846d582ad09ded6c4ce4be4e52778 + * cipher/rijndael-ppc.c (_gcry_aes_ppc8_ocb_auth): New. + * cipher/rijndael.c [USE_PPC_CRYPTO] (_gcry_aes_ppc8_ocb_auth): New + prototype. + (do_setkey, _gcry_aes_ocb_auth) [USE_PPC_CRYPTO]: Add PowerPC AES + ocb_auth. + + rijndael-ppc: enable PowerPC AES-OCB implemention. + + commit 821602c60c7d144c978c335f91ae1641cf668df5 + * cipher/rijndael-ppc.c (ROUND_KEY_VARIABLES, PRELOAD_ROUND_KEYS) + (AES_ENCRYPT, AES_DECRYPT): New. + (_gcry_aes_ppc8_prepare_decryption): Rename to... + (aes_ppc8_prepare_decryption): ... this. + (_gcry_aes_ppc8_prepare_decryption): New. + (aes_ppc8_encrypt_altivec, aes_ppc8_decrypt_altivec): Remove. + (_gcry_aes_ppc8_encrypt): Use AES_ENCRYPT macro. + (_gcry_aes_ppc8_decrypt): Use AES_DECRYPT macro. + (_gcry_aes_ppc8_ocb_crypt): Uncomment; Optimizations for OCB offset + calculations, etc; Use new load/store and encryption/decryption macros. + * cipher/rijndaelc [USE_PPC_CRYPTO] (_gcry_aes_ppc8_ocb_crypt): New + prototype. + (do_setkey, _gcry_aes_ocb_crypt) [USE_PPC_CRYPTO]: Add PowerPC AES OCB + encryption/decryption. + + rijndael-ppc: add key setup and enable single block PowerPC AES. + + commit 9dca65ef71b4bdbd89a087f41f4dbba71e6d2822 + * cipher/Makefile.am: Add 'rijndael-ppc.c'. + * cipher/rijndael-internal.h (USE_PPC_CRYPTO): New. + (RIJNDAEL_context): Add 'use_ppc_crypto'. + * cipher/rijndael-ppc.c (backwards, swap_if_le): Remove. + (u128_t, ALWAYS_INLINE, NO_INLINE, NO_INSTRUMENT_FUNCTION) + (ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE, ASM_FUNC_ATTR_NOINLINE) + (ALIGNED_LOAD, ALIGNED_STORE, VEC_LOAD_BE, VEC_STORE_BE) + (vec_bswap32_const, vec_aligned_ld, vec_load_be_const) + (vec_load_be, vec_aligned_st, vec_store_be, _gcry_aes_sbox4_ppc8) + (_gcry_aes_ppc8_setkey, _gcry_aes_ppc8_prepare_decryption) + (aes_ppc8_encrypt_altivec, aes_ppc8_decrypt_altivec): New. + (_gcry_aes_ppc8_encrypt, _gcry_aes_ppc8_decrypt): Rewrite. + (_gcry_aes_ppc8_ocb_crypt): Comment out. + * cipher/rijndael.c [USE_PPC_CRYPTO] (_gcry_aes_ppc8_setkey) + (_gcry_aes_ppc8_prepare_decryption, _gcry_aes_ppc8_encrypt) + (_gcry_aes_ppc8_decrypt): New prototypes. + (do_setkey) [USE_PPC_CRYPTO]: Add setup for PowerPC AES. + (prepare_decryption) [USE_PPC_CRYPTO]: Ditto. + * configure.ac: Add 'rijndael-ppc.lo'. + (gcry_cv_ppc_altivec, gcry_cv_cc_ppc_altivec_cflags) + (gcry_cv_gcc_inline_asm_ppc_altivec) + (gcry_cv_gcc_inline_asm_ppc_arch_3_00): New checks. + +2019-08-26 Shawn Landden <shawn@git.icu> + + rijndael/ppc: implement single-block mode, and implement OCB block cipher + + commit 92f38a619b1cf759057e9cd532ae7c1d0331100f + * cipher/rijndael-ppc.c: New implementation of single-block mode, and + implementation of OCB mode. + + hwf: add detection of PowerPC hardware features. + + commit b4a3c76fabfa07c10fd18b90230f60b806ad9620 + * src/Makefile.am: PowerPC hardware detection. + * src/g10lib.h: Likewise. + * src/hwf-common.h: Likewise. + * src/hwf-ppc.c: Likewise. + * src/hwfeatures.c: Likewise. + * configure.ac: Likewise. + +2019-08-20 NIIBE Yutaka <gniibe@fsij.org> + + pkgconfig: Fix libgcrypt.pc. + + commit 761d12f140b77b907087590646651d9578b68a54 + * src/libgcrypt.pc.in (Cflags, Libs): Have flags. + +2019-08-16 NIIBE Yutaka <gniibe@fsij.org> + + build: Fix build with !HAVE_PTHREAD. + + commit 900647d96cb7806cd9b2de343e4a4bd66c073fba + * tests/t-lock.c [!HAVE_PTHREAD]: Buildable now. + + ecdsa: Fix unblinding too early. + + commit cdaeb86f067b94d9dff4235ade20dde6479d9bb8 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until + the last step. + +2019-08-12 NIIBE Yutaka <gniibe@fsij.org> + + build: Fix testapi.c to be buildable. + + commit 376124f86097414cf1f9cbbc17af935d30064c82 + * tests/testapi.c: Fix for xgcry_control. + +2019-08-08 NIIBE Yutaka <gniibe@fsij.org> + + dsa,ecdsa: Fix use of nonce, use larger one. + + commit 7c2943309d14407b51c8166c4dcecb56a3628567 + * cipher/dsa-common.c (_gcry_dsa_modify_k): New. + * cipher/pubkey-internal.h (_gcry_dsa_modify_k): New. + * cipher/dsa.c (sign): Use _gcry_dsa_modify_k. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. + * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise. + +2019-08-07 NIIBE Yutaka <gniibe@fsij.org> + Ján Jančár <johny@neuromancer.sk> + + ecc: Add mitigation against timing attack. + + commit b9577f7c89b4327edc09f2231bc8b31521102c79 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K. + * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger. + +2019-08-07 NIIBE Yutaka <gniibe@fsij.org> + + dsa,ecdsa: Allocate secure memory for RFC6979 generation. + + commit 75c2fbc43d2f2cf5f4c60cb28001fda7324185c2 + * cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use secure memory + just like _gcry_dsa_gen_k does. + +2019-07-22 NIIBE Yutaka <gniibe@fsij.org> + + build: Fix previous commit. + + commit 6126fc2f180a9b61064cea5c838d2ff7e0b7774a + + + build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs. + + commit 6d80f3f12dc2ff04b0eaa3ba29ee8725b6fb4f69 + * configure.ac (CC_FOR_BUILD): Use AX_CC_FOR_BUILD. + * cipher/Makefile.am (gost-s-box): Add + {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD. + * doc/Makefile.am (yat2m): Likewise. + * m4/ax_cc_for_build.m4: New. + +2019-07-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix use of AVX instruction in SHA1/SSSE3 assembly. + + commit 320ed47963032aab7aadd8aefa054b9a7725c9f7 + * cipher/sha1-ssse3-amd64.S: Replace 'vmovdqa' with 'movdqa' + instruction. + +2019-07-15 Werner Koch <wk@gnupg.org> + + sexp: Improve argument checking of sexp parser. + + commit 1c2cecbb35e1a0760121d76c327651fe7b2b791a + * src/sexp.c (do_vsexp_sscan): Check for bad length in '%b'. + +2019-07-15 NIIBE Yutaka <gniibe@fsij.org> + + tests: t-mpi-point: Remove implementation dependent checks. + + commit 8a0bde8c211c70756a2d8aa46e1bcf1f6f89e55d + * tests/t-mpi-point.c (basic_ec_math): Remove comparing X and Y, + only comparison of Z is relevant, mathematically. + Remove useless check, where different values in equivalence class + exist. + (basic_ec_math_simplified): Likewise. + +2019-06-25 NIIBE Yutaka <gniibe@fsij.org> + + sexp: Support reading base64. + + commit ab57613f10ad57d2fec648017c18d7abb189863b + * configure.ac (NEED_GPG_ERROR_VERSION): Require libgpg-error >= 1.27. + * src/sexp.c (do_vsexp_sscan): Support data in base64 format. + * tests/t-sexp.c (check_extract_param): Add a test case. + +2019-06-24 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Correctly return an error. + + commit b4a1114dc77617f0e772ddc4faf8820399b4354a + * cipher/ecc-ecdh.c (_gcry_ecc_get_algo_keylen): Return 0 for + unknow algorithm. + (_gcry_ecc_mul_point): Return GPG_ERR_UNSUPPORTED_ALGORITHM for + GCRY_ECC_CURVE448 for now. + Return GPG_ERR_UNKNOWN_ALGORITHM, otherwise. + +2019-06-21 NIIBE Yutaka <gniibe@fsij.org> + + tests: Fix the Curve25519 test. + + commit 6934711d572e13e9e78fb2c53bb119034b088c5a + * tests/t-cv25519.c (test_cv_x25519): Initialize SCALAR. + + ecc: Improve new ECDH API. + + commit a658c9ccc2c741f40b0b5cdbcd184cfb9a841d17 + * cipher/ecc-ecdh.c (_gcry_ecc_get_algo_keylen): New. + (_gcry_ecc_mul_point): Fill into the RESULT buffer, instead of + allocating new buffer. + * src/gcrypt-int.h: Change the API. + * src/gcrypt.h.in: Likewise. + * src/libgcrypt.def (gcry_ecc_get_algo_keylen): New. + * src/libgcrypt.vers (gcry_ecc_get_algo_keylen): New. + * src/visibility.c (gcry_ecc_get_algo_keylen): New. + * src/visibility.h (gcry_ecc_get_algo_keylen): New. + * tests/t-cv25519.c: Fix the use case. + +2019-06-20 NIIBE Yutaka <gniibe@fsij.org> + + ecc: X25519 API change to allow NULL for POINT. + + commit 6d77c2054ea0358fb4c6f59b4c91c673c0a83b03 + * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Allow NULL for point, + meaning G. + + ecc: Add an API for X25519 function as gcry_ecc_mul_point. + + commit ec8c2cdf977aa8d9ca5af0a9bd25aeb9190570b3 + * configure.ac: Add ecc-ecdh.lo. + * cipher/Makefile.am: Add ecc-ecdh.c. + * cipher/ecc-common.h (reverse_buffer): Expose. + * cipher/ecc-eddsa.c (reverse_buffer): Expose. + * cipher/ecc-curves.c (domain_parms): Fix as the errata of RFC. + * cipher/ecc-ecdh.c: New. + * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix for other curves + than Curve25519. + * src/gcrypt-int.h (_gcry_ecc_mul_point): New. + * src/gcrypt.h.in (enum gcry_ecc_curves): New. + (gcry_ecc_mul_point): new. + * src/libgcrypt.def (gcry_ecc_mul_point): New. + * src/libgcrypt.vers (gcry_ecc_mul_point): New. + * src/visibility.h (gcry_ecc_mul_point): New. + * src/visibility.c (gcry_ecc_mul_point): New. + * tests/t-cv25519.c (test_cv_hl): Rename from test_cv. + (test_cv_x25519): New. + (test_cv): Call both of test_cv_hl and test_cv_x25519. + +2019-06-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests/basic: add CTR mode carry overflow test vectors. + + commit 971d372f512ff6805d5b8b54e9ac1446f3f66643 + * tests/basic.c (check_ctr_cipher): Change tv structure 'plaintext' + and 'out' to pointers; Add counter carry overflow test vectors; Make + temporary buffer large enough for new test vectors. + + GCM: move look-up table to .data section and unshare between processes. + + commit a4c561aab1014c3630bc88faf6f5246fee16b020 + * cipher/cipher-gcm.c (ATTR_ALIGNED_64): New. + (gcmR): Move to 'gcm_table' structure. + (gcm_table): New structure for look-up table with counters before and + after. + (gcmR): New macro. + (prefetch_table): Handle input with length not multiple of 256. + (do_prefetch_tables): Modify pre- and post-table counters to unshare + look-up table pages between processes. + + AES: move look-up tables to .data section and unshare between processes. + + commit daedbbb5541cd8ecda1459d3b843ea4d92788762 + * cipher/rijndael-internal.h (ATTR_ALIGNED_64): New. + * cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure. + (enc_tables): New structure for encryption table with counters before + and after. + (encT): New macro. + (dec_tables): Add counters before and after encryption table; Move + from .rodata to .data section. + (do_encrypt): Change 'encT' to 'enc_tables.T'. + (do_decrypt): Change '&dec_tables' to 'dec_tables.T'. + * cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input + with length not multiple of 256. + (prefetch_enc, prefetch_dec): Modify pre- and post-table counters + to unshare look-up table pages between processes. + +2019-05-19 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + cipher/Makefile.am: add '-fcoverage-*' to instrumentation munging. + + commit c6ffa216976d80a13486b13f64d6776cdb8b6ccf + * cipher/Makefile.am: Remove '-fcoverage-*' flag for mixed asm/C + i386+amd64 implementations. + +2019-05-15 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + md: fix UBSAN warning. + + commit dad94696d9c48c18b59576776c7caa95123dfa1b + * cipher/md.c (gcry_md_list): Define 'context' as array of + PROPERLY_ALIGNED_TYPE. + (md_enable, _gcry_md_reset, _gcry_md_close, md_final, md_set_key) + (prepare_macpads, md_read, md_extract): Access md context through + 'gcry_md_list->context' pointer instead of 'gcry_md_list->context.c'. + + Disable instrumentation on mixed Intel SSE C/assembly implementations. + + commit d24dae4538dbbda9e6c72a34fae69682cfb2fef0 + * cipher/Makefile.am: Make 'tiger.o' and 'tiger.lo' depend on Makefile; + Add instrumentation option munging. + * cipher/cipher-gcm-intel-pcmul.c (ALWAYS_INLINE) + (NO_INSTRUMENT_FUNCTION, ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE): New. + (reduction, gfmul_pclmul, gfmul_pclmul_aggr4, gfmul_pclmul_aggr8) + (gcm_lsh): Define with 'ASM_FUNC_ATTR_INLINE' instead of 'inline'. + (_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): Define with + 'ASM_FUNC_ATTR'. + * cipher/crc-intel-pcmul.c (ALWAYS_INLINE, NO_INSTRUMENT_FUNCTION) + (ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE): New. + (crc32_reflected_bulk, crc32_reflected_less_than_16, crc32_bulk) + (crc32_less_than_16): Define with 'ASM_FUNC_ATTR_INLINE' instead of + 'inline'. + (_gcry_crc32_intel_pclmul, _gcry_crc24rfc2440_intel_pclmul): Define + with 'ASM_FUNC_ATTR'. + * cipher/rijndael-aesni.c (NO_INSTRUMENT_FUNCTION, ASM_FUNC_ATTR) + (ASM_FUNC_ATTR_INLINE, ASM_FUNC_ATTR_NOINLINE): New. + (aes_ocb_get_l, do_aesni_prepare_decryption, do_aesni_enc) + (do_aesni_dec, do_aesni_enc_vec4, do_aesni_dec_vec4, do_aesni_enc_vec8) + (do_aesni_dec_vec8, aesni_ocb_checksum): Define with + 'ASM_FUNC_ATTR_INLINE' instead of 'inline'. + (do_aesni_ctr, do_aesni_ctr_4, do_aesni_ctr_8): Define wtih + 'ASM_FUNC_ATTR_INLINE'. + (aesni_ocb_enc, aesni_ocb_dec): Define with 'ASM_FUNC_ATTR_NOINLINE' + instead of 'NO_INLINE'. + (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_prepare_decryption) + (_gcry_aes_aesni_encrypt, _gcry_aes_aesni_cfg_enc) + (_gcry_aes_aesni_cbc_enc, _gcry_aes_aesni_ctr_enc) + (_gcry_aes_aesni_decrypt, _gcry_aes_aesni_cfb_dec) + (_gcry_aes_aesni_cbc_dec, _gcry_aes_aesni_ocb_crypt) + (_gcry_aes_aesni_ocb_auth, _gcry_aes_aesni_xts_enc) + (_gcry_aes_aesni_xts_dec, _gcry_aes_aesni_xts_crypt): Define with + 'ASM_FUNC_ATTR'. + * cipher/rijndael-ssse3-amd64.c (ALWAYS_INLINE, NO_INSTRUMENT_FUNCTION) + (ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE): New. + (aes_ocb_get_l, do_ssse3_prepare_decryption, do_vpaes_ssse3_enc) + (do_vpaes_ssse3_dec): Define with 'ASM_FUNC_ATTR_INLINE' instead of + 'inline'. + (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) + (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc) + (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc) + (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec) + (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec) + (_gcry_aes_ssse3_ocb_crypt, _gcry_aes_ssse3_ocb_auth): Define with + 'ASM_FUNC_ATTR'. + * cipher/sha1-intel-shaext.c (NO_INSTRUMENT_FUNCTION) + (ASM_FUNC_ATTR): New. + (_gcry_sha1_transform_intel_shaext): Define with 'ASM_FUNC_ATTR'. + * cipher/sha256-intel-shaext.c (NO_INSTRUMENT_FUNCTION) + (ASM_FUNC_ATTR): New. + (_gcry_sha256_transform_intel_shaext): Define with 'ASM_FUNC_ATTR'. + * configure.ac (ENABLE_INSTRUMENTATION_MUNGING): New. + + tests/basic: fix signed interger overflow. + + commit 3c7ff6bd1c40d5216d6c12b6b28f77fd1a57baa7 + * tests/basic.c (check_ocb_cipher_largebuf_split): Cast to unsigned + when generating buffer values. + +2019-05-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests: do not use GCC variadic macro extension for xgcry_control. + + commit be567cb5dd629e9aa22d81b29d4326e5aa97efa7 + * tests/t-common.h (xgcry_control): Use doubly nested parenthesis for + passing arguments for gcry_control instead of GCC specific variadic + macro extension. + * tests/aeswrap.c: Change xgcry_control to use doubly nested + parenthesis. + * tests/basic.c: Ditto. + * tests/bench-slope.c: Ditto. + * tests/benchmark.c: Ditto. + * tests/curves.c: Ditto. + * tests/dsa-rfc6979.c: Ditto. + * tests/fips186-dsa: Ditto. + * tests/fipsdrv.c: Ditto. + * tests/fipsrngdrv.c: Ditto. + * tests/gchash.c: Ditto. + * tests/hashtest.c: Ditto. + * tests/hmac.c: Ditto. + * tests/keygen.c: Ditto. + * tests/keygrip.c: Ditto. + * tests/mpitests.c: Ditto. + * tests/pkbench.c: Ditto. + * tests/pkcs1v2.c: Ditto. + * tests/prime.c: Ditto. + * tests/pubkey.c: Ditto. + * tests/random.c: Ditto. + * tests/rsacvt.c: Ditto. + * tests/t-convert.c: Ditto. + * tests/t-cv25519.c: Ditto. + * tests/t-ed25519.c: Ditto. + * tests/t-kdf.c: Ditto. + * tests/t-lock.c: Ditto. + * tests/t-mpi-bit.c: Ditto. + * tests/t-mpi-point.c: Ditto. + * tests/t-secmem.c: Ditto. + * tests/t-sexp.c: Ditto. + * tests/version.c: Ditto. + +2019-05-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests/basic: mark CFB and CFB8 as stream block cipher modes. + + commit 34e9306a66b47785ddbab6594ae4c23581d35b5a + * tests/basic.c (get_algo_mode_blklen): Return '1' for CFB and CFB8. + +2019-05-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix message digest final function for MD4, MD5 and RMD160. + + commit 15592cd52f543aadb2fab8f6c112c68075309ad6 + * cipher/md4.c (md4_final): Use buffer offset '64 + 56' for bit count + on 'need one extra block' path. + * cipher/md5.c (md5_final): Ditto. + * cipher/rmd160.c (rmd160_final): Ditto. + * tests/basic.c (check_one_md_final): New. + (check_digest): Add new '*' test vectors and handle them with + check_one_md_final. + +2019-05-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Fix carry overflow in Stribog in 512-bit addition. + + commit da6cd4fea30f79cf9d8f9b2f1c6daf3aea39fa9c + * cipher/stribog.c (transform_bits): properly calculate carry flag + * tests/basic.c (check_digests): add two more test cases + +2019-04-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add support for explicit_memset. + + commit 71b0eb3fb75d2e6bbd86df055dc667b2debab0c1 + * configure.ac: Add function check for 'explicit_memset'. + * src/misc.c (_gcry_fast_wipememory, _gcry_fast_wipememory2): Use + explicit_memset if available. + + Fix CFI_PUSH/CFI_POP redefine build warning with AMD64 MPI. + + commit 78b1047eded8d5f8a13162d13160fce1809f6ee4 + * mpi/amd64/func_abi.h: Move CFI macros into [__x86_64__] block. + * mpi/i386/syntax.h: Move CFI macros into [__i386__] block. + + Enable four block aggregated GCM Intel PCLMUL implementation on i386. + + commit a6e7c411e5f67a9473675ca8d49017a4d13a8d3e + * cipher/cipher-gcm-intel-pclmul.c (reduction): Change "%%xmm7" to + "%%xmm5". + (gfmul_pclmul_aggr4): Move outside [__x86_64__] block; Remove usage of + XMM8-XMM15 registers; Do not preload H-values and be_mask to reduce + register usage for i386. + (_gcry_ghash_setup_intel_pclmul): Enable calculation of H2, H3 and H4 + on i386. + (_gcry_ghash_intel_pclmul): Adjust to above gfmul_pclmul_aggr4 + changes; Move 'aggr4' code path outside [__x86_64__] block. + + Prefetch GCM look-up tables. + + commit 1374254c2904ab5b18ba4a890856824a102d4705 + * cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables) + (prefetch_tables): New. + (ghash_internal): Call prefetch_tables. + + Optimizations for generic table-based GCM implementations. + + commit ecd02cdd61e8c690f48637656f0e1e08b750fe30 + * cipher/cipher-gcm.c [GCM_TABLES_USE_U64] (do_fillM): Precalculate + M[32..63] values. + [GCM_TABLES_USE_U64] (do_ghash): Split processing of two 64-bit halfs + of the input to two separate loops; Use precalculated M[] values. + [GCM_USE_TABLES && !GCM_TABLES_USE_U64] (do_fillM): Precalculate + M[64..127] values. + [GCM_USE_TABLES && !GCM_TABLES_USE_U64] (do_ghash): Use precalculated + M[] values. + [GCM_USE_TABLES] (bshift): Avoid conditional execution for mask + calculation. + * cipher/cipher-internal.h (gcry_cipher_handle): Double gcm_table size. + +2019-04-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Optimizations for GCM Intel/PCLMUL implementation. + + commit af5f3fb08674608acf6617ea622ed0b9a2ee77a5 + * cipher/cipher-gcm-intel-pclmul.c (reduction): New. + (glmul_pclmul): Include shifting to left into pclmul operations; Use + 'reduction' helper function. + [__x86_64__] (gfmul_pclmul_aggr4): Reorder instructions and adjust + register usage to free up registers; Use 'reduction' helper function; + Include shifting to left into pclmul operations; Moving load H values + and input from caller into this function. + [__x86_64__] (gfmul_pclmul_aggr8): New. + (gcm_lsh): New. + (_gcry_ghash_setup_intel_pclmul): Left shift H values to left by + one; Preserve XMM6-XMM15 registers on WIN64. + (_gcry_ghash_intel_pclmul) [__x86_64__]: Use 8 block aggregated + reduction function. + + Move data pointer macro for 64-bit ARM assembly to common header. + + commit b9be297bb8eba7a09fa8413261de1587adcfd381 + * cipher/asm-common-aarch64.h (GET_DATA_POINTER): New. + * cipher/chacha20-aarch64.S (GET_DATA_POINTER): Remove. + * cipher/cipher-gcm-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove. + * cipher/crc-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove. + * cipher/rijndael-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove. + * cipher/sha1-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove. + * cipher/sha256-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove. + + Add CFI unwind assembly directives for 64-bit ARM assembly. + + commit 5a2a96a63517838e04f9fc0fb2d932fac5124b8a + * cipher/asm-common-aarch64.h (CFI_STARTPROC, CFI_ENDPROC) + (CFI_REMEMBER_STATE, CFI_RESTORE_STATE, CFI_ADJUST_CFA_OFFSET) + (CFI_REL_OFFSET, CFI_DEF_CFA_REGISTER, CFI_REGISTER, CFI_RESTORE) + (DW_REGNO_SP, DW_SLEB128_7BIT, DW_SLEB128_28BIT, CFI_CFA_ON_STACK) + (CFI_REG_ON_STACK): New. + * cipher/camellia-aarch64.S: Add CFI directives. + * cipher/chacha20-aarch64.S: Add CFI directives. + * cipher/cipher-gcm-armv8-aarch64-ce.S: Add CFI directives. + * cipher/crc-armv8-aarch64-ce.S: Add CFI directives. + * cipher/rijndael-aarch64.S: Add CFI directives. + * cipher/rijndael-armv8-aarch64-ce.S: Add CFI directives. + * cipher/sha1-armv8-aarch64-ce.S: Add CFI directives. + * cipher/sha256-armv8-aarch64-ce.S: Add CFI directives. + * cipher/twofish-aarch64.S: Add CFI directives. + * mpi/aarch64/mpih-add1.S: Add CFI directives. + * mpi/aarch64/mpih-mul1.S: Add CFI directives. + * mpi/aarch64/mpih-mul2.S: Add CFI directives. + * mpi/aarch64/mpih-mul3.S: Add CFI directives. + * mpi/aarch64/mpih-sub1.S: Add CFI directives. + * mpi/asm-common-aarch64.h: Include "../cipher/asm-common-aarch64.h". + (ELF): Remove. + + Add 64-bit ARMv8/CE PMULL implementation of CRC. + + commit 14c8a593ede42f51f567ed7ba77b53124151aa38 + * cipher/Makefile.am: Add 'crc-armv8-ce.c' and + 'crc-armv8-aarch64-ce.S'. + * cipher/asm-common-aarch64.h [HAVE_GCC_ASM_CFI_DIRECTIVES]: Add CFI + helper macros. + * cipher/crc-armv8-aarch64-ce.S: New. + * cipher/crc-armv8-ce.c: New. + * cipher/crc.c (USE_ARM_PMULL): New. + (CRC_CONTEXT) [USE_ARM_PMULL]: Add 'use_pmull'. + [USE_ARM_PMULL] (_gcry_crc32_armv8_ce_pmull) + (_gcry_crc24rfc2440_armv8_ce_pmull): New prototypes. + (crc32_init, crc32rfc1510_init, crc24rfc2440_init): Enable ARM PMULL + implementations if supported by HW features. + (crc32_write, crc24rfc2440_write) [USE_ARM_PMULL]: Use ARM PMULL + implementations if enabled. + * configure.ac: Add 'crc-armv8-ce.lo' and 'crc-armv8-aarch64-ce.lo'. + +2019-04-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + mpi: make stack unwinding work at i386 mpi functions. + + commit b878a986f3ab2c35aff89c7f66f137a91542ed5b + * mpi/i386/syntax.h: Include 'config.h'. + (CFI_STARTPROC, CFI_ENDPROC, CFI_ADJUST_CFA_OFFSET, CFI_REL_OFFSET) + (CFI_RESTORE, CFI_PUSH, CFI_POP): New. + * mpi/i386/mpih-add1.S: Add CFI directives. + * mpi/i386/mpih-lshift.S: Add CFI directives. + * mpi/i386/mpih-mul1.S: Add CFI directives. + * mpi/i386/mpih-mul2.S: Add CFI directives. + * mpi/i386/mpih-mul3.S: Add CFI directives. + * mpi/i386/mpih-rshift.S: Add CFI directives. + * mpi/i386/mpih-sub1.S: Add CFI directives. + + hwf-x86: make stack unwinding work at i386 cpuid functions. + + commit 0bd18e8bf7d67072f8c77352140b4ed4cfde3c6c + * src/hwf-x86.c (FORCE_FUNC_FRAME_POINTER): New. + [__i386__] (is_cpuid_available): Force use of stack frame pointer as + inline assembly modifies stack register; Add 'memory' constraint for + inline assembly. + [__i386__] (get_cpuid): Avoid push/pop instruction when preserving + %ebx register over cpuid. + + Limit and document Blowfish key lengths to 8-576 bits. + + commit 3546599e5578f89f9e77b08bf599f9c44b23da5f + * cipher/blowfish.c (BLOWFISH_KEY_MIN_BITS) + (BLOWFISH_KEY_MAX_BITS): New. + (do_bf_setkey): Check input key length to MIN_BITS and MAX_BITS. + * doc/gcrypt.texi: Update supported Blowfish key lengths. + * tests/basic.c (check_ecb_cipher): New, with Blowfish test vectors + for different key lengths. + (check_cipher_modes): Call 'check_ecb_cipher'. + +2019-04-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add CFI unwind assembly directives for AMD64 assembly. + + commit d11ae95d05dc39ec6b825d1109afadd964589880 + * configure.ac (gcry_cv_gcc_asm_cfi_directives): New. + * cipher/asm-common-amd64.h (ADD_RIP, CFI_STARTPROC, CFI_ENDPROC) + (CFI_REMEMBER_STATE, CFI_RESTORE_STATE, CFI_ADJUST_CFA_OFFSET) + (CFI_REL_OFFSET, CFI_DEF_CFA_REGISTER, CFI_REGISTER, CFI_RESTORE) + (CFI_PUSH, CFI_POP, CFI_POP_TMP_REG, CFI_LEAVE, DW_REGNO) + (DW_SLEB128_7BIT, DW_SLEB128_28BIT, CFI_CFA_ON_STACK) + (CFI_REG_ON_STACK): New. + (ENTER_SYSV_FUNCPARAMS_0_4, EXIT_SYSV_FUNC): Add CFI directives. + * cipher/arcfour-amd64.S: Add CFI directives. + * cipher/blake2b-amd64-avx2.S: Add CFI directives. + * cipher/blake2s-amd64-avx.S: Add CFI directives. + * cipher/blowfish-amd64.S: Add CFI directives. + * cipher/camellia-aesni-avx-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/camellia-aesni-avx2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/cast5-amd64.S: Add CFI directives. + * cipher/chacha20-amd64-avx2.S: Add CFI directives. + * cipher/chacha20-amd64-ssse3.S: Add CFI directives. + * cipher/des-amd64.S: Add CFI directives. + * cipher/rijndael-amd64.S: Add CFI directives. + * cipher/rijndael-ssse3-amd64-asm.S: Add CFI directives. + * cipher/salsa20-amd64.S: Add CFI directives; Use 'asm-common-amd64.h'. + * cipher/serpent-avx2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/serpent-sse2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha1-avx-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha1-avx-bmi2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha1-avx2-bmi2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha1-ssse3-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha256-avx-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha256-avx2-bmi2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha256-ssse3-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha512-avx-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha512-avx2-bmi2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/sha512-ssse3-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/twofish-amd64.S: Add CFI directives. + * cipher/twofish-avx2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * cipher/whirlpool-sse2-amd64.S: Add CFI directives; Use + 'asm-common-amd64.h'. + * mpi/amd64/func_abi.h: Include 'config.h'. + (CFI_STARTPROC, CFI_ENDPROC, CFI_ADJUST_CFA_OFFSET, CFI_REL_OFFSET) + (CFI_RESTORE, CFI_PUSH, CFI_POP): New. + (FUNC_ENTRY, FUNC_EXIT): Add CFI directives. + +2019-04-15 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + twofish-amd64: do not use xchg instruction. + + commit 0903b215ef5a18332b740a24e6e2bfbed9e1d97b + * cipher/twofish-amd64.S (g1g2_3): Swap ab and cd registers using + 'movq' instructions instead of 'xchgq'. + +2019-04-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Use FreeBSD's elf_aux_info for detecting ARM HW features. + + commit 2ffc689d4757f31f1e2c4961b94b0b0c8dc302b7 + * configure.ac: Add function check for 'elf_aux_info'. + * src/hwf-arm.c [HAVE_ELF_AUX_INFO]: Include 'sys/auxv.h'. + [HAVE_ELF_AUX_INFO && !HAVE_GETAUXVAL] (HAVE_GETAUXVAL) + (getauxval): New. + +2019-04-08 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Use getauxval system function for detecting ARM HW features. + + commit 6812a2c5bd2d9129bfdf34f3daf89cd8543ed8e5 + * configure.ac: Add header check for 'sys/auxv.h'; Add function check + for 'getauxval'. + * src/hwf-arm.c [HAVE_SYS_AUXV_H && HAVE_GETAUXVAL]: Include + 'sys/auxv.h'. + (HAS_SYS_AT_HWCAP): Enable AT_HWCAP if have 'getauxval' in addition of + __linux__. + (AT_HWCAP, AT_HWCAP2, HWCAP_NEON, HWCAP2_AES, HWCAP2_PMULL) + (HWCAP2_SHA1, HWCAP2_SHA2, HWCAP_ASIMD, HWCAP_AES) + (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2): Define these macros only if not + already defined. + (get_hwcap) [HAVE_SYS_AUXV_H && HAVE_GETAUXVAL]: Use 'getauxval' to + fetch HW capability flags. + + Disable SM3 in FIPS mode. + + commit 04a6c3c7482dd1ecb5113a049b1765b0d5f212fb + * cipher/sm3.h (_gcry_digest_spec_sm3): Set flags.fips to zero. + +2019-04-07 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Tune SHA-512/AVX2 and SHA-256/AVX2 implementations. + + commit 478581c5107ae75281c54e56cdcef5165f3155ca + * cipher/sha256-avx2-bmi2-amd64.S (ONE_ROUND_PART1, ONE_ROUND_PART2) + (ONE_ROUND): New round function. + (FOUR_ROUNDS_AND_SCHED, FOUR_ROUNDS): Use new round function. + (_gcry_sha256_transform_amd64_avx2): Exit early if number of blocks is + zero; Writing XFER to stack earlier and handle XREF writing in + FOUR_ROUNDS_AND_SCHED. + * cipher/sha512-avx2-bmi2-amd64.S (MASK_YMM_LO, MASK_YMM_LOx): New. + (ONE_ROUND_PART1, ONE_ROUND_PART2, ONE_ROUND): New round function. + (FOUR_ROUNDS_AND_SCHED, FOUR_ROUNDS): Use new round function. + (_gcry_sha512_transform_amd64_avx2): Writing XFER to stack earlier and + handle XREF writing in FOUR_ROUNDS_AND_SCHED. + +2019-04-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add SHA512/224 and SHA512/256 algorithms. + + commit a3683b6f623189a4b65bb584bb9e65e3ad7b3139 + * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping for SHA512/224 + and SHA512/256. + (_gcry_mac_type_spec_hmac_sha512_256) + (_gcry_mac_type_spec_hmac_sha512_224): New. + * cipher/mac-internal.h (_gcry_mac_type_spec_hmac_sha512_256) + (_gcry_mac_type_spec_hmac_sha512_224): New. + * cipher/mac.c (mac_list, mac_list_algo101): Add SHA512/224 and + SHA512/256. + * cipher/md.c (digest_list, digest_list_algo301) + (prepare_macpads): Ditto. + * cipher/sha512.c (run_selftests): Ditto. + (sha512_init_common): Move common initialization here. + (sha512_init, sha384_init): Use common initialization function. + (sha512_224_init, sha512_256_init, _gcry_sha512_224_hash_buffer) + (_gcry_sha512_224_hash_buffers, _gcry_sha512_256_hash_buffer) + (_gcry_sha512_256_hash_buffers, selftests_sha512_224) + (selftests_sha512_256, sha512_224_asn, oid_spec_sha512_224) + (_gcry_digest_spec_sha512_224, sha512_256_asn, oid_spec_sha512_256) + (_gcry_digest_spec_sha512_256): New. + * doc/gcrypt.texi: Add SHA512/224 and SHA512/256; Add missing + HMAC-BLAKE2s and HMAC-BLAKE2b. + * src/cipher.h (_gcry_digest_spec_sha512_224) + (_gcry_digest_spec_sha512_256): New. + * src/gcrypt.h.in (GCRY_MD_SHA512_256, GCRY_MD_SHA512_224): New. + (GCRY_MAC_HMAC_SHA512_256, GCRY_MAC_HMAC_SHA512_224): New. + * tests/basic.c (check_digests): Add SHA512/224 and SHA512/256 + test vectors. + + Remove extra buffer flush at begining of digest final functions. + + commit c6055aaccac86e1ca8a9d35c980d7abbacf2a9ff + * cipher/md2.c (md2_final): Remove _gcry_md_block_write flush call + from entry. + * cipher/md4.c (md4_final): Ditto. + * cipher/md5.c (md5_final): Ditto. + * cipher/rmd160.c (rmd160_final): Ditto. + * cipher/sha1.c (sha1_final): Ditto. + * cipher/sha256.c (sha256_final): Ditto. + * cipher/sha512.c (sha512_final): Ditto. + * cipher/sm3.c (sm3_final): Ditto. + * cipher/stribog.c (stribog_final): Ditto. + * cipher/tiger.c (tiger_final): Ditto. + + Optimizations for digest final functions. + + commit e76cd0e2b1f6025c1319576a5848815d1d231aeb + * cipher/md4.c (md4_final): Avoid byte-by-byte buffer setting when + padding; Merge extra and last block processing. + * cipher/md5.c (md5_final): Ditto. + * cipher/rmd160.c (rmd160_final): Ditto. + * cipher/sha1.c (sha1_final): Ditto. + * cipher/sha256.c (sha256_final): Ditto. + * cipher/sm3.c (sm3_final): Ditto. + * cipher/tiger.c (tiger_final): Ditto. + * cipher/sha512.c (sha512_final): Avoid byte-by-byte buffer setting + when padding. + * cipher/stribog.c (stribog_final): Ditto. + * cipher/whirlpool.c (whirlpool_final): Ditto. + + tests/basic: add hash test for small block sizes. + + commit c54b1c96c644c941f3eb3d2a09432b82f25b6ff1 + * tests/basic.c (check_one_md): Compare hashing buffers sizes from 1 to + 129 as full buffer input and byte-by-byte input. + + Burn stack in transform functions for SHA2 AMD64 implementations. + + commit 74ef3ecbf94e704975e238a99c0e0480cebf46ac + * cipher/sha256-avx-amd64.S: Burn stack inside transform functions. + * cipher/sha256-avx2-bmi2-amd64.S: Ditto. + * cipher/sha256-ssse3-amd64.S: Ditto. + * cipher/sha512-avx-amd64.S: Ditto. + * cipher/sha512-avx2-bmi2-amd64.S: Ditto. + * cipher/sha512-ssse3-amd64.S: Ditto. + + Burn stack in transform functions for SHA1 AMD64 implementations. + + commit f3d4bd90662faaedd37ce0dae1f9e7f91748e91e + * cipher/sha1-avx-amd64.S: Burn stack inside transform functions. + * cipher/sha1-avx-bmi2-amd64.S: Ditto. + * cipher/sha1-avx2-bmi2-amd64.S: Ditto. + * cipher/sha1-ssse3-amd64.S: Ditto. + + Add AVX2/BMI2 implementation of SHA1. + + commit b982900bfe6403e95a157271d8d811c9c573af9e + * cipher/Makefile.am: Add 'sha1-avx2-bmi2-amd64.S'. + * cipher/hash-common.h (MD_BLOCK_CTX_BUFFER_SIZE): New. + (gcry_md_block_ctx): Change buffer length to MD_BLOCK_CTX_BUFFER_SIZE. + * cipher/sha1-avx-amd64.S: Add missing .size for transform function. + * cipher/sha1-ssse3-amd64.S: Add missing .size for transform function. + * cipher/sha1-avx-bmi2-amd64.S: Add missing .size for transform + function; Tweak implementation for small ~1% speed increase. + * cipher/sha1-avx2-bmi2-amd64.S: New. + * cipher/sha1.c (USE_AVX2, _gcry_sha1_transform_amd64_avx2_bmi2) + (do_sha1_transform_amd64_avx2_bmi2): New. + (sha1_init) [USE_AVX2]: Enable AVX2 implementation if supported by + HW features. + (sha1_final): Merge processing of two last blocks when extra block is + needed. + +2019-03-31 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + blowfish: add three rounds parallel handling to generic C implementation + + commit ced7508c857c0cc37da2299a393e5b167dd28e54 + * cipher/blowfish.c (BLOWFISH_ROUNDS): Remove. + [BLOWFISH_ROUNDS != 16] (function_F): Remove. + (F): Replace big-endian and little-endian version with single + endian-neutral version. + (R3, do_encrypt_3, do_decrypt_3): New. + (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) + (_gcry_blowfish_cfb_dec): Use new three block functions. + + cast5: add three rounds parallel handling to generic C implementation. + + commit 4ec566b3689eff4a712eacfcbb4161eb243bb1df + * cipher/cast5.c (do_encrypt_block_3, do_decrypt_block_3): New. + (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec): Use + new three block functions. + + cast5: read Kr four blocks at time and shift for current round. + + commit 8a0e68be1020d0c359bf8191159ac1ebe32a5aa0 + * cipher/cast5.c (do_encrypt_block, do_decrypt_block): Read Kr as + 32-bit words instead of bytes and shift value for each round. + + Add helper function for adding value to cipher block. + + commit 0fe918fa897cca9e01cbdb80d14106cfe5af680e + * cipher/cipher-internal.h (cipher_block_add): New. + * cipher/blowfish.c (_gcry_blowfish_ctr_enc): Use new helper function + for CTR block increment. + * cipher/camellia-glue.c (_gcry_camellia_ctr_enc): Ditto. + * cipher/cast5.c (_gcry_cast5_ctr_enc): Ditto. + * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. + * cipher/des.c (_gcry_3des_ctr_enc): Ditto. + * cipher/rijndael.c (_gcry_aes_ctr_enc): Ditto. + * cipher/serpent.c (_gcry_serpent_ctr_enc): Ditto. + * cipher/twofish.c (_gcry_twofish_ctr_enc): Ditto. + +2019-03-28 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Optimize OCB set_key and set_nonce. + + commit efd700e31dc8e1e386d367d1b682000977e0c810 + * cipher/cipher-ocb.c (double_block): Change to input/output + host-endian block instead of big-endian buffer. + (double_block_cpy): Remove. + (bit_copy): Use fixed length copy and 'u64' for calculations. + (ocb_get_L_big): Handle block endian conversions for double_block. + (_gcry_cipher_ocb_setkey): Handle block endian conversions for + double_block. + (_gcry_cipher_ocb_set_nonce): Set full length of 'ktop' to zero; Drop + length parameter for bit_copy. + + AES-NI/OCB: Optimize last and first key XORing. + + commit eacbd59b1333b95858886999c8049e04bf72ad74 + * cipher/rijndael-aesni.c (aesni_ocb_enc, aesni_ocb_dec) + [__x86_64__]: Reorder and mix first and last key XORing with OCB offset + XOR operations. + + AES-NI/OCB: Perform checksumming inline with encryption. + + commit e924ce456d5728a81c148de4a6eb23373cb70ca0 + * cipher/rijndael-aesni.c (aesni_ocb_enc): Remove call to + 'aesni_ocb_checksum', instead perform checksumming inline with offset + calculations. + +2019-03-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + AES-NI/OCB: Use stack for temporary storage. + + commit b82dbbedf027327e0b4444a01edb045f51c4152b + * cipher/rijndael-aesni.c (aesni_ocb_enc, aesni_ocb_dec): Use stack + allocated 'tmpbuf' instead of output buffer as temporary storage. + +2019-03-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests/basic: add large buffer testing for ciphers. + + commit cabeebfc1179c8f5982834a8cbce02c55b3468e2 + * tests/basic.c (check_one_cipher_core): Allocate buffers from heap. + (check_one_cipher): Add testing with large buffer (~65 KiB) in addition + to medium size buffer (~2 KiB). + + chacha20-poly1305: fix wrong en/decryption on large input buffers. + + commit 049376470b31832d3331fc0037d273b4147e9d38 + * cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt) + (_gcry_chacha20_poly1305_decrypt): Correctly use 'currlen' for chacha20 + on the non-stitched code path. + +2019-03-24 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + doc: add mention about aligning data to cachelines for best performance. + + commit bb03edcbba95e06686188957a65c1967ee07cd6a + * doc/gcrypt.text: Add mention about aligning data to cachelines for + best performance. + + random-drbg: do not use calloc for zero ctr. + + commit 5a20151213c2e496513c541c36e4ebd086b20be9 + * random/random-drbg.c (DRBG_CTR_NULL_LEN): Move to 'constants' + section. + (drbg_state_s): Remove 'ctr_null' member. + (drbg_ctr_generate): Add 'drbg_ctr_null'. + (drbg_sym_fini, drbg_sym_init): Remove 'drbg->ctr_null' usage. + +2019-03-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add ARMv7/NEON accelerated GCM implementation. + + commit 2445cf7431fab921f6c1870da7084ee698992064 + * cipher/Makefile.am: Add 'cipher-gcm-armv7-neon.S'. + * cipher/cipher-gcm-armv7-neon.S: New. + * cipher/cipher-gcm.c [GCM_USE_ARM_NEON] (_gcry_ghash_setup_armv7_neon) + (_gcry_ghash_armv7_neon, ghash_setup_armv7_neon) + (ghash_armv7_neon): New. + (setupM) [GCM_USE_ARM_NEON]: Use armv7/neon implementation if have + HWF_ARM_NEON. + * cipher/cipher-internal.h (GCM_USE_ARM_NEON): New. + + Use memset instead of setting buffers byte by byte. + + commit 6f2391d2df029b0e1a4e5dde17c3d97cc594a1c7 + * cipher/cipher-ccm.c (do_cbc_mac): Replace buffer setting loop with memset call. + * cipher/cipher-gcm.c (do_ghash_buf): Ditto. + * cipher/poly1305.c (poly1305_final): Ditto. + + Use buf_cpy instead of copying buffers byte by byte. + + commit 4db6d8796c0d95ab89e9ad69336509b604b957cd + * cipher/bufhelp.h (buf_cpy): Skip memcpy if length is zero. + * cipher/cipher-ccm.c (do_cbc_mac): Replace buffer copy loops with buf_cpy call. + * cipher/cipher-cmac.c (_gcry_cmac_write): Ditto. + * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate): Ditto. + + Reduce overhead on generic hash write function. + + commit e76617cbab018dd8f41fd6b4ec6740b5303f7e13 + * cipher/hash-common.c (_gcry_md_block_write): Remove recursive + function call; Use buf_cpy for copying buffers; Burn stack only once. + + sha1-avx: use vmovdqa instead of movdqa. + + commit f8d14df1abd645c3279b14da43b4a7983d87f89f + * cipher/sha1-avx-amd64.S: Replace 'movdqa' with 'vmovdqa'. + * cipher/sha1-avx-bmi2-amd64.S: Replace 'movdqa' with 'vmovdqa'. + + doc/gcrypt.texi: update HW feature list. + + commit 7abf65da84c7106250a5ed2de78b05610cf251f4 + * doc/gcrypt.texi: Update FW feature list. + +2019-03-20 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + ecc: Adjust debugging output. + + commit 54db6a4b44124ed7e95897174f32262482b4b0cb + * cipher/ecc.c (ecc_check_secret_key): Adjust debugging output to use + full column titles. + +2019-02-25 NIIBE Yutaka <gniibe@fsij.org> + + fips: Only test check_binary_integrity when fips_mode is enabled. + + commit ad133fc79757236359252e92244fe16e9adb45a3 + * src/fips.c (_gcry_fips_run_selftests): Check the status of fips_mode + before calling check_binary_integrity. + +2019-02-07 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add 2-way path for SSSE3 version of ChaCha20. + + commit d455068988e5779b0200c51415ddab6b51e12dc4 + * cipher/chacha20-amd64-ssse3.S (_gcry_chacha20_amd64_ssse3_blocks1) + (_gcry_chacha20_poly1305_amd64_ssse3_blocks1): Add 2-way code paths. + * cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt): Add + preprosessing of 2 blocks with SSSE3. + +2019-01-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Do not precalculate OCB offset L0+L1+L0. + + commit afab94d222425ecb838eb56cb0723bdaf3e5de36 + * cipher/cipher-internal.h (gcry_cipher_handle): Remove OCB L0L1L0. + * cipher/cipher-ocb.c (_gcry_cipher_ocb_setkey): Ditto. + * cipher/rijndael-aesni.c (aesni_ocb_enc, aesni_ocb_dec) + (_gcry_aes_aesni_ocb_auth): Replace L0L1L0 use with L1. + + Calculate OCB L-tables when setting key instead of when setting nonce. + + commit c15409c49993166ab1325d45360b3a8fe72a5556 + * cipher/cipher-internal.h (gcry_cipher_handle): Mark areas of + u_mode.ocb that are and are not cleared by gcry_cipher_reset. + (_gcry_cipher_ocb_setkey): New. + * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Split + L-table generation to ... + (_gcry_cipher_ocb_setkey): ... this new function. + * cipher/cipher.c (cipher_setkey): Add handling for OCB mode. + (cipher_reset): Do not clear L-values for OCB mode. + + chacha20-amd64-avx2: optimize output xoring. + + commit 08e0650c21984bb9ddf5a1dabb1cc890fabf63ab + * cipher/chacha20-amd64-avx2.S (STACK_TMP2): Remove. + (transpose_16byte_2x2, xor_src_dst): New. + (BUF_XOR_256_TO_128): Remove. + (_gcry_chaha20_amd64_avx2_blocks8) + (_gcry_chacha20_poly1305_amd64_avx2_blocks8): Replace + BUF_XOR_256_TO_128 with transpose_16byte_2x2/xor_src_dst; Reduce stack + usage; Better interleave chacha20 state merging and output xoring. + + tests/bench-slope: prevent auto-mhz detection getting stuck. + + commit 28614a77a28190ab902a2b98039de2cd0635c7c7 + * cipher/bench-slope.c (bench_ghz, bench_ghz_diff): New static + variables. + (AUTO_GHZ_TARGET_DIFF): New macro. + (do_slope_benchmark): Reduce target auto-mhz accuracy after + repeated failures. + (bench_print_result_csv, bench_print_result_std): Print auto-ghz + different if 1 Mhz or more. + (do_slope_benchmark, bench_print_result_csv, bench_print_result_std) + (bench_print_result): Remove 'bench_ghz' parameter. + (cipher_bench_one, hash_bench_one, mac_bench_one) + (kdf_bench_one): Remove 'bench_ghz' variable. + + tests/bench-slope: add missing cipher context reset. + + commit 546f13ae08918726791600cdd0d0be56cc52c790 + * tests/bench-slope.c (bench_encrypt_do_bench) + (bench_decrypt_do_bench): Add call to 'gcry_cipher_reset'. + + Add stitched ChaCha20-Poly1305 SSSE3 and AVX2 implementations. + + commit d6330dfb4b0e9fb3f8eef65ea13146060b804a97 + * cipher/asm-poly1305-amd64.h: New. + * cipher/Makefile.am: Add 'asm-poly1305-amd64.h'. + * cipher/chacha20-amd64-avx2.S (QUATERROUND2): Add interleave + operators. + (_gcry_chacha20_poly1305_amd64_avx2_blocks8): New. + * cipher/chacha20-amd64-ssse3.S (QUATERROUND2): Add interleave + operators. + (_gcry_chacha20_poly1305_amd64_ssse3_blocks4) + (_gcry_chacha20_poly1305_amd64_ssse3_blocks1): New. + * cipher/chacha20.c (_gcry_chacha20_poly1305_amd64_ssse3_blocks4) + (_gcry_chacha20_poly1305_amd64_ssse3_blocks1) + (_gcry_chacha20_poly1305_amd64_avx2_blocks8): New prototypes. + (chacha20_encrypt_stream): Split tail to... + (do_chacha20_encrypt_stream_tail): ... new function. + (_gcry_chacha20_poly1305_encrypt) + (_gcry_chacha20_poly1305_decrypt): New. + * cipher/cipher-internal.h (_gcry_chacha20_poly1305_encrypt) + (_gcry_chacha20_poly1305_decrypt): New prototypes. + * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_encrypt): Call + '_gcry_chacha20_poly1305_encrypt' if cipher is ChaCha20. + (_gcry_cipher_poly1305_decrypt): Call + '_gcry_chacha20_poly1305_decrypt' if cipher is ChaCha20. + * cipher/poly1305-internal.h (_gcry_cipher_poly1305_update_burn): New + prototype. + * cipher/poly1305.c (poly1305_blocks): Make static. + (_gcry_poly1305_update): Split main function body to ... + (_gcry_poly1305_update_burn): ... new function. + + Add SSSE3 optimized non-parallel ChaCha20 function. + + commit 7d9b2f114f3edf4d13640616cf34c79364234781 + * cipher/chacha20-amd64-ssse3.S (ROTATE_SHUF, ROTATE, WORD_SHUF) + (QUARTERROUND4, _gcry_chacha20_amd64_ssse3_blocks1): New. + * cipher/chacha20.c (_gcry_chacha20_amd64_ssse3_blocks1): New + prototype. + (chacha20_blocks): Rename to ... + (do_chacha20_blocks): ... this. + (chacha20_blocks): New. + (chacha20_encrypt_stream): Adjust for new chacha20_blocks function. + + tests/basic: increase buffer size for check_one_cipher. + + commit 88e482d16ee80de41b6f133e77f0d15423fcd266 + * tests/basic.c (check_one_cipher_core) + (check_one_cipher): Increase buffer from 1040 to 1904 bytes. + + tests/basic: check AEAD tags in check_one_cipher test. + + commit eee1f152a5b3040f6723d287d1b01fb939be67b7 + * tests/basic.c (get_algo_mode_taglen): New. + (check_one_cipher_core_reset): Check that tags are same with + AEAD modes. + +2019-01-15 NIIBE Yutaka <gniibe@fsij.org> + + build: With LD_LIBRARY_PATH defined, use --disable-new-dtags. + + commit e5c2f8a2cd2b89d90ea30de2dedb0e92498a5f70 + * configure.ac (LDADD_FOR_TESTS_KLUDGE): New for --disable-new-dtags. + * tests/Makefile.am (LDADD, t_lock_LDADD): Use LDADD_FOR_TESTS_KLUDGE. + + random: Fix previous commit for getentropy function. + + commit 17f246c7044ab9ed236f6ec73fc126654257f0f9 + * random/rndlinux.c [__NR_getrandom] (_gcry_rndlinux_gather_random): + Check return value only for use of syscall. + + random: Use getentropy when available for not GNU/Linux. + + commit 2677d7d482bf2d078c1dce64854747c5b148924b + * configure.ac: Detect getentropy. + * random/rndlinux.c [__linux__] (getentropy): Macro defined. + [HAVE_GETENTROPY] (_gcry_rndlinux_gather_random): Use getentropy. + +2019-01-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + camellia-aarch64: do not export look-up table globally. + + commit 09c27280cc09798d15369b3a143036b7ab5ddd69 + * cipher/camellia-aarch64.S (_gcry_camellia_arm_tables): Remove + '.globl' export. + +2019-01-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Process CCM/EAX/GCM/Poly1305 AEAD cipher modes input in 24 KiB chucks. + + commit 3ee6588de8311b461ef8707c70ff86d2b252966d + * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt) + (_gcry_cipher_ccm_decrypt): Process data in 24 KiB chunks. + * cipher/cipher-eax.c (_gcry_cipher_eax_encrypt) + (_gcry_cipher_eax_decrypt): Ditto. + * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) + (_gcry_cipher_gcm_decrypt): Ditto. + * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_encrypt) + (_gcry_cipher_poly1305_decrypt): Ditto. + + tests/benchmark: add Chacha20-Poly1305 benchmarking. + + commit 4871f11745f33c5c5051bfe6f325ac1c10764b04 + * tests/benchmark.c (cipher_bench): Add Chacha20-Poly1305. + + tests/benchmark: add --huge-buffers option for cipher tests. + + commit edde61f325e4b345f17c47369f3b6b1400656f04 + * tests/benchmark.c (huge_buffers, cipher_encrypt, cipher_decrypt): New. + (cipher_bench): Add 'max_inlen' to modes structure; add huge buffers + mode selection. + (main): Add '--huge-buffers'. + +2018-12-19 NIIBE Yutaka <gniibe@fsij.org> + + random: Add finalizer for rndjent. + + commit 3028a221d39c1b593ea0c1bcbfccd33959769692 + * random/rand-internal.h (_gcry_rndjent_fini): New. + * random/rndjent.c (_gcry_rndjent_fini): New. + * random/rndlinux.c (_gcry_rndlinux_gather_random): Call the finalizer + when GCRYCTL_CLOSE_RANDOM_DEVICE. + +2018-12-12 Werner Koch <wk@gnupg.org> + + secmem: Prepare for easier debugging. + + commit 876f7280e8604bc99ddda0526339ec5ec6b23c4b + * src/secmem.c (_gcry_secmem_dump_stats): Factor code out to ... + (secmem_dump_stats_internal): new. + +2018-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-aesni: interleave last CTR encryption round with xoring. + + commit 66d2b7fc17258f1424f4ca4adb1096e48b818bd0 + * cipher/rijndael-aesni.c (do_aesni_ctr_8): Interleave aesenclast + with input xoring. + +2018-11-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Use explicit_bzero for wipememory. + + commit 168668228c7c49e70612cb4d602d6d603a2add2c + * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'. + * src/g10lib.h (wipememory2): Use _gcry_fast_wipememory if _SET is + zero. + (_gcry_fast_wipememory): New. + (_gcry_wipememory2): Rename to... + (_gcry_fast_wipememory2): ...this. + * src/misc.c (_gcry_wipememory): New. + (_gcry_wipememory2): Rename to... + (_gcry_fast_wipememory2): ...this. + (_gcry_fast_wipememory2) [HAVE_EXPLICIT_BZERO]: Use explicit_bzero if + SET is zero. + (_gcry_burn_stack): Use _gcry_fast_wipememory. + + Add clang target pragma for mixed C/assembly x86-64 implementations. + + commit 9d9c4fd18b445ff414d11678285d54af3afdb222 + * cipher/cipher-gcm-intel-pclmul.c: Add target 'no-sse' attribute + pragma for clang. + * cipher/crc-intel-pclmul.c: Ditto. + * cipher/rijndael-aesni.c: Ditto. + * cipher/rijndael-ssse3-amd64.c: Ditto. + * cipher/sha1-intel-shaext.c: Ditto. + * cipher/sha256-intel-shaext.c: Ditto. + + Optimizations for AES-NI OCB. + + commit b42de67f34871a2520cfe370af513f2aab6e4f75 + * cipher/cipher-internal.h (gcry_cipher_handle): New pre-computed OCB + values L0L1 and L0L1L0; Swap dimensions for OCB L table. + * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Setup L0L1 and + L0L1L0 values. + (ocb_crypt): Process input in 24KiB chunks for better cache locality + for checksumming. + * cipher/rijndael-aesni.c (ALWAYS_INLINE): New macro for always + inlining functions, change all functions with 'inline' to use + ALWAYS_INLINE. + (NO_INLINE): New macro. + (aesni_prepare_2_6_variable, aesni_prepare_7_15_variable): Rename to... + (aesni_prepare_2_7_variable, aesni_prepare_8_15_variable): ...these and + adjust accordingly (xmm7 moved from *_7_15 to *_2_7). + (aesni_prepare_2_6, aesni_prepare_7_15): Rename to... + (aesni_prepare_2_7, aesni_prepare_8_15): ...these and adjust + accordingly. + (aesni_cleanup_2_6, aesni_cleanup_7_15): Rename to... + (aesni_cleanup_2_7, aesni_cleanup_8_15): ...these and adjust + accordingly. + (aesni_ocb_checksum): New. + (aesni_ocb_enc, aesni_ocb_dec): Calculate OCB offsets in parallel + with help of pre-computed offsets L0+L1 ja L0+L1+L0; Do checksum + calculation as separate pass instead of inline; Use NO_INLINE. + (_gcry_aes_aesni_ocb_auth): Calculate OCB offsets in parallel + with help of pre-computed offsets L0+L1 ja L0+L1+L0. + * cipher/rijndael-internal.h (RIJNDAEL_context_s) [USE_AESNI]: Add + 'use_avx2' and 'use_avx'. + * cipher/rijndael.c (do_setkey) [USE_AESNI]: Set 'use_avx2' if + Intel AVX2 HW feature is available and 'use_avx' if Intel AVX HW + feature is available. + * tests/basic.c (do_check_ocb_cipher): New test vector; increase + size of temporary buffers for new test vector. + (check_ocb_cipher_largebuf_split): Make test plaintext non-uniform + for better checksum testing. + (check_ocb_cipher_checksum): New. + (check_ocb_cipher_largebuf): Call check_ocb_cipher_checksum. + (check_ocb_cipher): New expected tags for check_ocb_cipher_largebuf + test runs. + +2018-11-19 Andreas Metzler <ametzler@bebt.de> + + doc: Fix library initialization examples. + + commit af0bbdb9019e0b4a72e87e8b1b4a55506d349834 + + +2018-11-14 Werner Koch <wk@gnupg.org> + + random: Initialize variable as requested by valgrind. + + commit aa686dfc9b563ff79c01d2f8560b88f69c42ecba + random/jitterentropy-base.c: Init. + +2018-11-13 NIIBE Yutaka <gniibe@fsij.org> + + libgcrypt.m4: Prefer gpgrt-config to SYSROOT support. + + commit 852245390ef7fd8ca9e36010886a4cf42cf710bf + * libgcrypt.m4: Move SYSROOT support after check of GPGRT_CONFIG. + + build: Update autogen.rc. + + commit bea193446351c24b10a4342466978d57bd53f599 + * autogen.rc: Remove obsolete --with-gpg-error-prefix option. + +2018-11-07 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix 'variable may be used uninitialized' warning for CTR mode. + + commit 3f76319803a4abcd33fa29a0ac39f8ed9d646226 + * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Set N to BLOCKSIZE + before counter loop. + +2018-11-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix inlining of ocb_get_l for x86 AES implementations. + + commit 9d6431604b5ee21572c1c2cfa8376e6d81162cbb + * cipher/rijndael-aesni.c (aes_ocb_get_l): New. + (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Use + 'aes_ocb_get_l'. + * cipher/rijndael-ssse3-amd4.c (aes_ocb_get_l): New. + (ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Use + 'aes_ocb_get_l'. + +2018-11-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + stdmem: free: only call _gcry_secmem_free if needed. + + commit 23f56d3359ca7d152aa87874ddd6305171a91408 + * src/stdmem.c (_gcry_private_free): Check if memory is secure before + calling _gcry_secmem_free to avoid unnecessarily taking secmem lock. + + secmem: fix potential memory visibility issue. + + commit d6c6680ca31c05bafbb8becda56da051346eceb3 + * configure.ac (gcry_cv_have_sync_synchronize): New check. + * src/secmem.c (pooldesc_s): Make next pointer volatile. + (memory_barrier): New. + (_gcry_secmem_malloc_internal): Insert memory barrier between + pool->next and mainpool.next assigments. + (_gcry_private_is_secure): Update comments. + + wipememory: use memset for non-constant length or large buffer wipes. + + commit 4faeaa1cbd235a2560fa04a8ac3766a07029acd8 + * src/g10lib.h (CONSTANT_P): New. + (_gcry_wipememory2): New prototype. + (wipememory2): Use _gcry_wipememory2 if _len not constant expression or + lenght is larger than 64 bytes. + (FASTWIPE_T, FASTWIPE_MULT, fast_wipememory2_unaligned_head): Remove. + (fast_wipememory2): Always handle buffer as unaligned. + * src/misc.c (__gcry_burn_stack): Move memset_ptr variable to... + (memset_ptr): ... here. New. + (_gcry_wipememory2): New. + + Change buf_cpy and buf_xor* functions to use buf_put/buf_get helpers. + + commit 0068d41d9304ebcdb2caba1fa8848925e2bfaac7 + * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS) + (bufhelp_int_s, buf_xor_1): Remove. + (buf_cpy, buf_xor, buf_xor_2dst, buf_xor_n_copy_2): Use + buf_put/buf_get helpers to handle unaligned memory accesses. + + rijndael: fix unused parameter warning. + + commit 30e783ec487466132324673f197d36b85a91b060 + * cipher/rijndael.c (do_setkey): Silence unused 'hd' warning. + + mpi/longlong.h: enable inline assembly for powerpc64. + + commit ec49013d23d9a7b874c42d77ceb08bd313ba69e1 + * mpi/longlong.h [__powerpc__ && W_TYPE_SIZE == 64]: Remove '#if 0'. + + Change remaining users of _gcry_fips_mode to use fips_mode. + + commit 2aece89d3967e692743541cea857f2e4771b0b62 + * src/fips.c (_gcry_fips_mode): Remove. + (_gcry_enforced_fips_mode, _gcry_inactivate_fips_mode) + (_gcry_is_fips_mode_inactive): Use fips_mode. + * src/g10lib.h (_gcry_fips_mode): Remove. + +2018-11-02 NIIBE Yutaka <gniibe@fsij.org> + + aarch64: mpi: Distribute the header file as a part of source. + + commit a2e0cb1542818ad8a71de34ccbf191adab0a0b86 + * mpi/Makefile.am (EXTRA_libmpi_la_SOURCES): Add asm-common-aarch64.h. + + build: Fix GCRYPT_HWF_MODULES. + + commit f7395338d71d4d82180a11707fd6e77787162e24 + * configure.ac (GCRYPT_HWF_MODULES): Add libgcrypt_la- prefix. + + build: Update gpg-error.m4 and libgcrypt.m4. + + commit f46286851158878d5041ac5381b2807ecec541eb + * m4/gpg-error.m4: Update to 2018-11-02. + * src/libgrypt.m4: Add AC_MSG_NOTICE. + Bump the version date. + +2018-10-29 NIIBE Yutaka <gniibe@fsij.org> + + build: Update gpg-error.m4 and ksba.m4. + + commit 4a4d4a284ca996df874e2534f8529c1611289943 + * m4/gpg-error.m4: Update to 2018-10-29. + * src/libgrypt.m4: Follow the change of gpgrt-config. + Bump the version date. + +2018-10-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix missing global initialization in fips_is_operational. + + commit 6e669e09603e5a98b59dcf35f77f346db6c81eac + * src/g10lib.h (_gcry_global_any_init_done): New extern. + (fips_is_operational): Check for _gcry_global_any_init_done and call + _gcry_global_is_operational. + * src/global.c (any_init_done): Rename to ... + (_gcry_global_any_init_done): ... this and make externally available. + +2018-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + + random: use getrandom() on Linux where available. + + commit 7e662680c170968661ee0105d132813f8281d229 + * random/rndlinux.c (_gcry_rndlinux_gather_random): use the + getrandom() syscall on Linux if it exists, regardless of what kind of + entropy was requested. + +2018-10-26 Werner Koch <wk@gnupg.org> + + random: Make sure to re-open /dev/random after a fork. + + commit 319f55e6e5793c59f1ba4cfe481b562bca42194d + * random/rndlinux.c (_gcry_rndlinux_gather_random): Detect fork and + re-open devices. + + primes: Avoid leaking bits of the prime test to pageable memory. + + commit 2e2e68ad4874a4678cfbe452b70ae987e0402eca + * cipher/primegen.c (gen_prime): Allocate MODS in secure memory. + +2018-10-26 NIIBE Yutaka <gniibe@fsij.org> + + libgcrypt.m4: Better compatibility support. + + commit a755bd0ea09af2ae5a66e3f5aeb8707673c687cf + * src/gpg-error.m4: Update. + * src/libgcrypt.m4: Don't assume libgcrypt-config is newer. + + build: Fix libgcrypt.m4. + + commit 630ece1b7e0a94442bca91d8e96d9b1d4cd3ec66 + * src/libgcrypt.m4: Use AC_PATH_PROG to detect libgcrypt-config. + + build: Relax build requirements. + + commit 8e5641ed65f86783542d5caccdeeee42eeb9457c + * m4/gpg-error.m4: Update from libgpg-error 1.33. + * src/libgcrypt.m4: Don't require AM_PATH_GPG_ERROR. Use GPGRT_CONFIG + instead of libgcrypt-config when it is confirmed that it is available + and working well. + * configure.ac (AM_PATH_GPG_ERROR): No requirement for newer version + (It was because of new gpgrt-config which supports *.pc files). + +2018-10-25 NIIBE Yutaka <gniibe@fsij.org> + + build: Require libgpg-error >= 1.33. + + commit b376dc2abbb208b10bbc76998ff39adb2f301905 + * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.33. + * m4/gpg-error.m4: Update from libgpg-error 1.33. + * src/libgcrypt.m4: Bump version date. + Use --variable option. + +2018-10-24 Werner Koch <wk@gnupg.org> + + build: Add release make target. + + commit 03bb25ee7ed6f1076bf788ab981ca68672880daa + * Makefile.am (release, sign-release): New targets. + + build: Make distcheck work again. + + commit b0ad66e48c46b79af69349606e276cf0a6b9a020 + * cipher/Makefile.am: Prettified source file lists. + EXTRA_libcipher_la_SOURCES): Add missing asm-common-aarch64.h. + + Fix memory leak in secmem in out of core conditions. + + commit f74687fd43f5772a372f54031d5a9527597f4ce4 + * src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor + if the pool could not be allocated. + + ecc: Fix memory leak in the error case of ecc_encrypt_raw. + + commit e57e75ea517f32109b508113f18298fc69fd1192 + * cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main + block. + + ecc: Fix possible memory leakage in parameter check of eddsa. + + commit 149ceb3cae03d0385341d32430aa5ae57de90007 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak. + +2018-10-24 NIIBE Yutaka <gniibe@fsij.org> + + build: Fix libgcrypt.pc. + + commit 0e071372fc0e6fed4a449955ed0789803ba5e709 + * src/libgcrypt.pc.in: Fix typo. + + build: Compatibility to pkg-config. + + commit c60eabb11435665fa84a3a82b2a15f48870cc4d7 + * src/libgcrypt-config.in: Support --variable and --modversion. + + build: Make libgcrypt.m4 use gpg-error-config. + + commit 7da887d69d72ea0ea0d106054c48a8c03e242a18 + * src/libgcrypt.m4: Use gpg-error-config. + + build: Provide libgcrypt.pc, generated by configure. + + commit 97194b422bc89a6137f4e218d4cdee118c63e96e + * configure.ac: Generate src/libgcrypt.pc. + * src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New. + (EXTRA_DIST): Add libgcrypt.pc.in. + * src/libgcrypt-config.in: Use @PACKAGE_VERSION@. + * src/libgcrypt.pc.in: New. + + build: Update gpg-error.m4 from libgpg-error. + + commit 5b1febb5e40d92072bef425bd9e63f7a07edd57e + * m4/gpg-error.m4: Update from libgpg-error 1.33. + + build: Don't default to underscore=yes for cross-build. + + commit 0f4545b441b6fbdd6e9c4e95f5f2a367483e78ad + * acinclude.m4: Don't set ac_cv_sys_symbol_underscore + for cross build. + +2018-10-23 Werner Koch <wk@gnupg.org> + + ecc: Fix potential unintended freeing of an internal param. + + commit e2da4e8dee4b371804f3b2659b53431fb6380d93 + * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error + + sexp: Fix uninitialized use of a var in the error case. + + commit 9f2c7ec4d8b07e82663ad084c90c016d3c3b80c2 + * src/sexp.c (_gcry_sexp_vextract_param): Initialize L1. + +2018-10-16 NIIBE Yutaka <gniibe@fsij.org> + + build: Let configure create the VERSION file. + + commit 0f2c6ce2c9504c6df435463243edaa669e57b109 + * autogen.sh: Update from libgpg-error. + * configure.ac: Use mym4_versoin to create VERSION file. + * Makefile.am (dist-hook): Do not create VERSION file. + (EXTRA_DIST): Add VERSION. + +2018-07-21 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add size optimized cipher block copy and xor functions. + + commit 86e5e06a97ae13b8bbf6923ecc76e02b9c429b46 + * cipher/bufhelp.h (buf_get_he32, buf_put_he32, buf_get_he64) + (buf_put_he64): New. + * cipher/cipher-internal.h (cipher_block_cpy, cipher_block_xor) + (cipher_block_xor_1, cipher_block_xor_2dst, cipher_block_xor_n_copy_2) + (cipher_block_xor_n_copy): New. + * cipher/cipher-gcm-intel-pclmul.c + (_gcry_ghash_setup_intel_pclmul): Use assembly for swapping endianness + instead of buf_get_be64 and buf_cpy. + * cipher/blowfish.c: Use new cipher_block_* functions for cipher block + sized buf_cpy/xor* operations. + * cipher/camellia-glue.c: Ditto. + * cipher/cast5.c: Ditto. + * cipher/cipher-aeswrap.c: Ditto. + * cipher/cipher-cbc.c: Ditto. + * cipher/cipher-ccm.c: Ditto. + * cipher/cipher-cfb.c: Ditto. + * cipher/cipher-cmac.c: Ditto. + * cipher/cipher-ctr.c: Ditto. + * cipher/cipher-eax.c: Ditto. + * cipher/cipher-gcm.c: Ditto. + * cipher/cipher-ocb.c: Ditto. + * cipher/cipher-ofb.c: Ditto. + * cipher/cipher-xts.c: Ditto. + * cipher/des.c: Ditto. + * cipher/rijndael.c: Ditto. + * cipher/serpent.c: Ditto. + * cipher/twofish.c: Ditto. + +2018-07-04 NIIBE Yutaka <gniibe@fsij.org> + + RFC-8439 was published. + + commit 9660c3fafd732b1857bb2697c6f43aed077b9ad6 + * cipher/cipher-poly1305.c: Update RFC reference. + +2018-06-19 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Clean-up implementation selection for SHA1 and SHA2. + + commit 8a44c55d2fb758f726b8b436aa5c0b88a6c6f112 + * cipher/sha1.c (ASM_EXTRA_STACK): Increase by sizeof(void*)*4. + (do_sha1_transform_amd64_ssse3, do_sha1_transform_amd64_avx) + (do_sha1_transform_amd64_avx_bmi2, do_sha1_transform_intel_shaext) + (do_sha1_transform_armv7_neon, do_sha1_transform_armv8_ce): New. + (transform_blk, transform): Merge to ... + (do_transform_generic): ... this and remove calls to assembly + implementations. + (sha1_init): Select hd->bctx.bwrite based on HW features. + (_gcry_sha1_mixblock, sha1_final): Call hd->bctx.bwrite instead of + transform. + * cipher/sha1.h (SHA1_CONTEXT): Remove implementation selection bits. + * cipher/sha256.h (SHA256_CONTEXT): Remove implementation selection + bits. + (ASM_EXTRA_STACK): Increase by sizeof(void*)*4. + (do_sha256_transform_amd64_ssse3, do_sha256_transform_amd64_avx) + (do_sha256_transform_amd64_avx2, do_sha256_transform_intel_shaext) + (do_sha256_transform_armv8_ce): New. + (transform_blk, transform): Merge to ... + (do_transform_generic): ... this and remove calls to assembly + implementations. + (sha256_init, sha224_init): Select hd->bctx.bwrite based on HW + features. + (sha256_final): Call hd->bctx.bwrite instead of transform. + * cipher/sha512-armv7-neon.S + (_gcry_sha512_transform_armv7_neon): Return zero. + * cipher/sha512.h (SHA512_CONTEXT): Remove implementation selection + bits. + (ASM_EXTRA_STACK): Increase by sizeof(void*)*4. + (do_sha512_transform_armv7_neon, do_sha512_transform_amd64_ssse3) + (do_sha512_transform_amd64_avx, do_sha512_transform_amd64_avx2): New. + [USE_ARM_ASM] (do_transform_generic): New. + (transform_blk, transform): Merge to ... + [!USE_ARM_ASM] (do_transform_generic): ... this and remove calls to + assembly implementations. + (sha512_init, sha384_init): Select hd->bctx.bwrite based on HW + features. + (sha512_final): Call hd->bctx.bwrite instead of transform. + + Add hash_buffer and hash_buffers for SHA-224, SHA-385, SHA3 and BLAKE2. + + commit 59c4e344eec61cff45185e1caea6815b3266a0f8 + * cipher/blake2.c (DEFINE_BLAKE2_VARIANT): Add hash_buffer and + hash_buffers functions for BLAKE2 variants. + * cipher/keccak.c (_gcry_sha3_hash_buffer, _gcry_sha3_hash_buffers) + (_gcry_sha3_224_hash_buffer, _gcry_sha3_224_hash_buffers) + (_gcry_sha3_256_hash_buffer, _gcry_sha3_256_hash_buffers) + (_gcry_sha3_384_hash_buffer, _gcry_sha3_384_hash_buffers) + (_gcry_sha3_512_hash_buffer, _gcry_sha3_512_hash_buffers): New. + * cipher/sha256.c (_gcry_sha224_hash_buffer) + (_gcry_sha224_hash_buffers): New. + * cipher/sha512.c (_gcry_sha384_hash_buffer) + (_gcry_sha384_hash_buffers): New. + + Add hash_buffer and hash_buffers pointers to message digest spec. + + commit b136703ea0ddbd9fec6dfd1f8dfda8373653ba39 + * src/cipher-proto.h (gcry_md_hash_buffer_t) + (gcry_md_hash_buffers_t): New. + (gcry_md_spec): Add hash_buffer and hash_buffers. + * cipher/md.c (_gcry_md_hash_buffer, _gcry_md_hash_buffers): Use + hash_buffer/hash_buffers from MD spec instead of hard-coding supported + algorithms. + * cipher/blake2.c: Add NULL to MD spec hash_buffer and hash_buffers + pointers. + * cipher/crc.c: Ditto. + * cipher/gostr3411-94.c: Ditto. + * cipher/keccak.c: Ditto. + * cipher/md2.c: Ditto. + * cipher/md4.c: Ditto. + * cipher/md5.c: Ditto. + * cipher/stribog.c: Ditto. + * cipher/tiger.c: Ditto. + * cipher/whirlpool.c: Ditto. + * cipher/rmd160.c (_gcry_rmd160_hash_buffers): New. + (_gcry_digest_spec_rmd160): Add hash_buffer and hash_buffers functions. + * cipher/sha1.c (_gcry_digest_spec_sha1): Add hash_buffer and + hash_buffers functions. + * cipher/sha256.c (_gcry_digest_spec_sha256): Add hash_buffer and + hash_buffers functions. + (_gcry_digest_spec_sha224): Add NULL pointers for hash_buffer and + hash_buffers. + * cipher/sha512.c (_gcry_digest_spec_sha1): Add hash_buffer and + hash_buffers functions. + (_gcry_digest_spec_sha384): Add NULL pointers for hash_buffer and + hash_buffers. + * cipher/sm3.c (_gcry_digest_spec_sha1): Add hash_buffer and + hash_buffers functions. + + AES: setup cipher object bulk routines with optimized versions. + + commit a15c1def7e0f170f6663635db84fecab1cbfcca7 + * cipher/rijndael-aesni.c + (_gcry_aes_aesni_prepare_decryption): Rename... + (do_aesni_prepare_decryption): .. to this. + (_gcry_aes_aesni_prepare_decryption): New. + (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc) + (_gcry_aes_aesni_ctr_enc, _gcry_aes_aesni_cfb_dec) + (_gcry_aes_aesni_cbc_dec): Reorder parameters to match bulk + operations. + (_gcry_aes_aesni_cbc_dec, aesni_ocb_dec) + (_gcry_aes_aesni_xts_dec): Check and prepare decryption. + (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): Change return + type to size_t. + * cipher/rijndael-armv8-ce.c + (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc) + (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec) + (_gcry_aes_armv8_ce_cbc_dec): Reorder parameters to match bulk + operations. + (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt) + (_gcry_aes_armv8_ce_xts_dec): Check and prepare decryption. + (_gcry_aes_armv8_ce_ocb_crypt, _gcry_aes_armv8_ce_ocb_auth): Change + return type to size_t. + * cipher/rijndael-ssse3-amd64.c + (_gcry_ssse3_prepare_decryption): Rename... + (do_ssse3_prepare_decryption): .. to this. + (_gcry_ssse3_prepare_decryption): New. + (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc) + (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec) + (_gcry_aes_ssse3_cbc_dec): Reorder parameters to match bulk + operations. + (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_dec): Check and prepare decryption. + (_gcry_aes_ssse3_ocb_crypt, _gcry_aes_ssse3_ocb_auth): Change return + type to size_t. + * cipher/rijndael.c + (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc) + (_gcry_aes_aesni_ctr_enc, _gcry_aes_aesni_cfb_dec) + (_gcry_aes_aesni_cbc_dec, _gcry_aes_aesni_ocb_crypt) + (_gcry_aes_aesni_ocb_auth, _gcry_aes_aesni_xts_crypt) + (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc) + (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec) + (_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_ocb_crypt) + (_gcry_aes_ssse3_ocb_auth, _gcry_aes_ssse3_xts_crypt) + (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc) + (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec) + (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt) + (_gcry_aes_armv8_ce_ocb_auth, _gcry_aes_armv8_ce_xts_crypt): Change + prototypes to match bulk operations. + (do_setkey): Setup bulk operations with optimized implementations. + (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc, _gcry_aes_ctr_enc) + (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec, _gcry_aes_ocb_crypt) + (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Update + usage to match new prototypes, avoid prefetch and decryption + preparation on optimized code paths. + + Pass cipher object pointer to setkey functions. + + commit ca21a24808efa5d562ac91f683504ae0d6dfa69f + * cipher/cipher.c (cipher_setkey): Pass cipher object pointer to + cipher's setkey function. + * cipher/arcfour.c: Add gcry_cipher_hd_t parameter for setkey + functions and update selftests to pass NULL pointer. + * cipher/blowfish.c: Ditto. + * cipher/camellia-glue.c: Ditto. + * cipher/cast5.c: Ditto. + * cipher/chacha20.c: Ditto. + * cipher/cipher-selftest.c: Ditto. + * cipher/des.c: Ditto. + * cipher/gost28147.c: Ditto. + * cipher/idea.c: Ditto. + * cipher/rfc2268.c: Ditto. + * cipher/rijndael.c: Ditto. + * cipher/salsa20.c: Ditto. + * cipher/seed.c: Ditto. + * cipher/serpent.c: Ditto. + * cipher/twofish.c: Ditto. + * src/cipher-proto.h: Ditto. + + Add fast path for _gcry_fips_is_operational. + + commit b6e6ace324440f564df664e27f8276ef01f76795 + * src/fips.c (no_fips_mode_required): Rename to... + (_gcry_no_fips_mode_required): ...this and make externally available. + * src/g10lib.h (_gcry_no_fips_mode_required): New extern. + (fips_mode): Inline _gcry_fips_mode to macro, use + _gcry_no_fips_mode_required directly. + (fips_is_operational): Inline fips_mode check from + _gcry_fips_in_operational. + + Access cipher mode routines through routine pointers. + + commit 233e2049a2cc1c1110f541b6a7ef145a737e2c65 + * cipher/cipher-internal.h (gcry_cipher_handle): Add function pointers + for mode operations. + (_gcry_cipher_xts_crypt): Remove. + (_gcry_cipher_xts_encrypt, _gcry_cipher_xts_decrypt): New. + * cipher/cipher-xts.c (_gcry_cipher_xts_encrypt) + (_gcry_cipher_xts_decrypt): New. + * cipher/cipher.c (_gcry_cipher_setup_mode_ops): New. + (_gcry_cipher_open_internal): Setup mode routines. + (cipher_encrypt, cipher_decrypt): Remove. + (do_stream_encrypt, do_stream_decrypt, do_encrypt_none_unknown) + (do_decrypt_none_unknown): New. + (_gcry_cipher_encrypt, _gcry_cipher_decrypt, _gcry_cipher_setiv) + (_gcry_cipher_authenticate, _gcry_cipher_gettag) + (_gcry_cipher_checktag): Adapted to use mode routines through pointers. + + Add separate handlers for CBC-CTS variant. + + commit 87d8caa47e00f1b1cea968fe38cf30c0ccc9749c + * cipher/cipher-cbc.c (cbc_encrypt_inner, cbc_decrypt_inner) + (_gcry_cipher_cbc_cts_encrypt, _gcry_cipher_cbc_cts_decrypt): New. + (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Remove CTS + handling. + * cipher/cipher-internal.h (_gcry_cipher_cbc_cts_encrypt) + (_gcry_cipher_cbc_cts_decrypt): New. + * cipher/cipher.c (cipher_encrypt, cipher_decrypt): Call CBC-CTS + handler if CBC-CTS flag is set. + + Avoid division by spec->blocksize in cipher mode handlers. + + commit f5168091c1930e948af8f25da11cad5dfa62c7ba + * cipher/cipher-internal.h (_gcry_blocksize_shift): New. + * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) + (_gcry_cipherp_cbc_decrypt): Use bit-level operations instead of + division to get number of blocks and check input length against + blocksize. + * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) + (_gcry_cipher_cfb_decrypt): Ditto. + * cipher/cipher-cmac.c (_gcry_cmac_write): Ditto. + * cipher/cipher-ctr.c (_gcry_cipher_ctr_crypt): Ditto. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) + (_gcry_cipher_ofb_decrypt): Ditto. + + Fix CBC-CTS+CBC-MAC flag check. + + commit a69021535b472556651eb2bab65666206c56c24b + * cipher/cipher.c (_gcry_cipher_open_internal): Check flags separately + instead of AND masking two flags to zero. + + tests/basic: silence GCC-8 warning. + + commit 2a94bdfc0538a340a24c1a7b524bb0c5f606457c + * tests/basic.c (check_ofb_cipher, check_stream_cipher): Change + tv[].data[].inlen type from signed to unsigned integer. + +2018-06-19 Will Dietz <w@wdtz.org> + + random: Fix hang of _gcry_rndjent_get_version. + + commit 355f5b7f69075c010fe33aa5b10ac60c08fae0c7 + * random/rndjent.c (_gcry_rndjent_get_version): Move locking. + +2018-06-13 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add blinding for ECDSA. + + commit 9010d1576e278a4274ad3f4aa15776c28f6ba965 + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with + randomized nonce B. + +2018-06-06 Werner Koch <wk@gnupg.org> + + ecc: Improve gcry_mpi_ec_curve_point. + + commit 7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf + * mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates. + * tests/t-mpi-point.c (point_on_curve): New. + +2018-06-05 Werner Koch <wk@gnupg.org> + + mpi: New internal function _gcry_mpi_cmpabs. + + commit 6606ae44e0de1069b29dd4215ee9748280940e1b + * mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ... + (do_mpi_cmp): New. Add arg absmode. + (_gcry_mpi_cmpabs): New. + * src/gcrypt-int.h (mpi_cmpabs): New macro. + +2018-04-29 Werner Koch <wk@gnupg.org> + + build: Convince gcc not to delete NULL ptr checks. + + commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062 + * configure.ac: Try to use -fno-delete-null-pointer-checks. + +2018-04-28 Werner Koch <wk@gnupg.org> + + prime: Avoid rare assertion failure in gcry_prime_check. + + commit f3362f10f6f671246c38115ed12b0047966c200e + * cipher/primegen.c (is_prime): Don't fail on the assert X > 1. + +2018-04-17 Werner Koch <wk@gnupg.org> + + mpi: Fix for buidling for MIPS64 with Clang. + + commit e7ae0ae243c8978a67c802169183187d88557be8 + * mpi/longlong.h [MIPS64][__clang__]: Use the C version like we + already do for 32 bit MIPS. + +2018-04-11 NIIBE Yutaka <gniibe@fsij.org> + + hmac: Use xtrymalloc. + + commit 3e3b520fb32a37c5c23762531a7b3168e112ac36 + * src/hmac256.c (_gcry_hmac256_new): Use xtrymalloc. + (_gcry_hmac256_file): Likewise. + +2018-04-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + basic_all_hwfeature_combinations.sh: use $njobs to limit parallel tasks. + + commit 5e01705ca90830c27a4cbd8bad41243915f4538a + * tests/basic_all_hwfeature_combinations.sh: Use $njobs to limit + parallel tasks instead of fixed number "8". + + Faster look-up for spec by algo for digests, ciphers and MAC. + + commit 634a85412a4073aa1890589ce5e97eac7b0f3ca3 + * cipher/cipher.c (cipher_list_algo0, cipher_list_algo301): New cipher + spec lists with same order and spacing as 'gcry_cipher_algos' + enumeration. + (spec_from_algo): Use new spec lists for faster look-up. + * cipher/mac.c (mac_list_algo101, mac_list_algo201, mac_list_algo401) + (mac_list_algo501): New MAC spec lists with same order and spacing as + 'gcry_mac_algos' enumeration. + (spec_from_algo): Use new spec lists for faster look-up. + * cipher/md.c (digest_list_algo0, digest_list_algo301): New digest + spec lists with same order and spacing as 'gcry_md_algos' + enumeration. + (spec_from_algo): Use new spec lists for faster look-up. + + Fix building with BLAKE2 disabled. + + commit 35b59d0ea52e8a1c30c43554dc4dbca97da4bf87 + * cipher/md.c (md_setkey): Enclose Blake2 part with USE_BLAKE2. + + Add missing BLAKE2, SM3 and GOSTR3411_CP to MAC-HMAC interface. + + commit 52e52eb0e3e5541cfc86e04c5047500db5d538b7 + * cipher/mac-hmac.c (map_mac_algo_to_md): Add GOSTR3411_CP, BLAKE2 and + SM3. + (_gcry_mac_type_spec_hmac_gost3411_cp) + (_gcry_mac_type_spec_hmac_blake2b_512) + (_gcry_mac_type_spec_hmac_blake2b_384) + (_gcry_mac_type_spec_hmac_blake2b_256) + (_gcry_mac_type_spec_hmac_blake2b_160) + (_gcry_mac_type_spec_hmac_blake2s_256) + (_gcry_mac_type_spec_hmac_blake2s_224) + (_gcry_mac_type_spec_hmac_blake2s_160) + (_gcry_mac_type_spec_hmac_blake2s_128) + (_gcry_mac_type_spec_hmac_sm3): New. + * cipher/mac-internal.h (_gcry_mac_type_spec_hmac_gost3411_cp) + (_gcry_mac_type_spec_hmac_blake2b_512) + (_gcry_mac_type_spec_hmac_blake2b_384) + (_gcry_mac_type_spec_hmac_blake2b_256) + (_gcry_mac_type_spec_hmac_blake2b_160) + (_gcry_mac_type_spec_hmac_blake2s_256) + (_gcry_mac_type_spec_hmac_blake2s_224) + (_gcry_mac_type_spec_hmac_blake2s_160) + (_gcry_mac_type_spec_hmac_blake2s_128) + (_gcry_mac_type_spec_hmac_sm3): New. + * cipher/mac.c (mac_list): Add GOSTR3411_CP, BLAKE2 and SM3. + * src/gcrypt.h.in (GCRY_MAC_HMAC_GOSTR3411_CP) + (GCRY_MAC_HMAC_BLAKE2B_512, GCRY_MAC_HMAC_BLAKE2B_384) + (GCRY_MAC_HMAC_BLAKE2B_256, GCRY_MAC_HMAC_BLAKE2B_160) + (GCRY_MAC_HMAC_BLAKE2S_256, GCRY_MAC_HMAC_BLAKE2S_224) + (GCRY_MAC_HMAC_BLAKE2S_160, GCRY_MAC_HMAC_BLAKE2S_128) + (GCRY_MAC_HMAC_SM3): New. + +2018-04-10 NIIBE Yutaka <gniibe@fsij.org> + + random: Protect another use of jent_rng_collector. + + commit 0de2a22fcf6607d0aecb550feefa414cee3731b2 + * random/rndjent.c (_gcry_rndjent_get_version): Lock the access. + +2018-03-28 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + aarch64/assembly: only use the lower 32 bit of an int parameters. + + commit 9b58e4a03ba3aeff7bae3f40da706977870c9649 + * cipher/camellia-aarch64.S (_gcry_camellia_arm_encrypt_block) + (__gcry_camellia_arm_decrypt_block): Make comment section about input + registers match usage. + * cipher/rijndael-armv8-aarch64-ce.S (_gcry_aes_ocb_auth_armv8_ce): Use + 'w12' and 'w7' instead of 'x12' and 'x7'. + (_gcry_aes_xts_enc_armv8_ce, _gcry_aes_xts_dec_armv8_ce): Fix function + prototype in comments. + * mpi/aarch64/mpih-add1.S: Use 32-bit registers for 32-bit mpi_size_t + parameters. + * mpi/aarch64/mpih-mul1.S: Ditto. + * mpi/aarch64/mpih-mul2.S: Ditto. + * mpi/aarch64/mpih-mul3.S: Ditto. + * mpi/aarch64/mpih-sub1.S: Ditto. + + poly1305: silence compiler warning on clang/aarch64. + + commit 8cdb010f04528703a502344e00d52447de12547d + * cipher/poly1305.c (MUL_MOD_1305_64): cast zero constant to 64-bits. + +2018-03-28 Martin Storsjö <martin@martin.st> + + aarch64: Enable building the aarch64 cipher assembly for windows. + + commit 0de2191a07d69ef1fa34ca4c5d5fc4985ff7b4c4 + * cipher/asm-common-aarch64.h: New. + * cipher/camellia-aarch64.S: Use ELF macro, use x19 instead of x18. + * cipher/chacha20-aarch64.S: Use ELF macro, don't use GOT on windows. + * cipher/cipher-gcm-armv8-aarch64-ce.S: Use ELF macro. + * cipher/rijndael-aarch64.S: Use ELF macro. + * cipher/rijndael-armv8-aarch64-ce.S: Use ELF macro. + * cipher/sha1-armv8-aarch64-ce.S: Use ELF macro. + * cipher/sha256-armv8-aarch64-ce.S: Use ELF macro. + * cipher/twofish-aarch64.S: Use ELF macro. + * configure.ac: Don't require .size and .type in aarch64 assembly check. + + aarch64: camellia: Only use the lower 32 bit of an int parameter. + + commit 4e1b628f492643d4e9b830bcdab7b49daaec5854 + * cipher/camellia-aarch64.S: Use 'w3' instead of 'x3'. + + aarch64: Fix assembling chacha20-aarch64.S with clang/llvm. + + commit 36e916fc332eda74963192b1c0bf6860a3e5d67b + * cipher/chacha20-aarch64.S: Remove superfluous lane counts. + + aarch64: mpi: Fix building the mpi aarch64 assembly for windows. + + commit ec0a2f25c0f64a7b65b373508ce9081e10461965 + * mpi/aarch64/mpih-add1.S: Use ELF macro. + * mpi/aarch64/mpih-mul1.S: Use ELF macro. + * mpi/aarch64/mpih-mul2.S: Use ELF macro. + * mpi/aarch64/mpih-mul3.S: Use ELF macro. + * mpi/aarch64/mpih-sub1.S: Use ELF macro. + * mpi/asm-common-aarch64.h: New. + + random: Don't assume that _WIN64 implies x86_64. + + commit ed41d6d6fb4551342b22ef763de1bd60e964e186 + * random/rndw32.c: Change _WIN64 ifdef into __x86_64__. + +2018-03-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests/aeswrap: add in-place encryption/decryption testing. + + commit 885f031fbd17abc1c0fedbb98df22823b647fc11 + * tests/aeswrap.c (check): Rename to... + (check_one): ...this and add in-place testing. + (check): New. + +2018-03-22 Stephan Mueller <smueller@chronox.de> + + AES-KW: fix in-place encryption. + + commit 330ec66e0babdabb658dc7d6db78f37b2a1b996e + * cipher/cipher-aeswrap.c: move memmove call before KW IV setting + +2018-03-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + bench-slope: add CPU frequency auto-detection. + + commit 617f5e746f8295cc36d1002c8c53edc95d04d0f6 + * tests/bench-slope.c (bench_obj): Add 'hd'. + (bench_encrypt_init, bench_encrypt_free, bench_encrypt_do_bench) + (bench_decrypt_do_bench, bench_xts_encrypt_init) + (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench) + (bench_ccm_encrypt_init, bench_ccm_encrypt_do_bench) + (bench_ccm_decrypt_do_bench, bench_aead_encrypt_init) + (bench_aead_encrypt_do_bench, bench_aead_decrypt_do_bench) + (bench_hash_init, bench_hash_free, bench_hash_do_bench) + (bench_mac_init, bench_mac_free, bench_mac_do_bench): Use 'obj->hd' + for storing pointer to crypto context. + (auto_ghz): New. + (do_slope_benchmark): Rename to... + (slope_benchmark): ...this. + (auto_ghz_init, auto_ghz_free, auto_ghz_bench, auto_ghz_detect_ops) + (get_auto_ghz, do_slope_benchmark): New. + (double_to_str): Round number larger than 1000 to integer. + (bench_print_result_csv, bench_print_result_std) + (bench_print_result, bench_print_header, cipher_bench_one) + (hash_bench_one, mac_bench_one, kdf_bench_one, kdf_bench): Add + auto-detected frequency printing. + (print_help): Help for CPU speed auto-detection mode. + (main): Add parsing for "--cpu-mhz auto". + + _gcry_burn_stack: use memset for clearing memory. + + commit 3841b23c0ccb24d555b7570083bba958e3126d26 + * src/misc.c (__gcry_burn_stack) [HAVE_VLA]: Use 'memset' for clearing + stack. + + Improve constant-time buffer compare. + + commit a1127dbbada4302abf09eec90fbaceca87bfcdf0 + * cipher/bufhelp.h (buf_eq_const): Rewrite logic. + +2018-02-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Intel SHA Extensions accelerated SHA256 implementation. + + commit 0b3ec359e2279c3b46b171372b1b7733bba20cd7 + * cipher/Makefile.am: Add 'sha256-intel-shaext.c'. + * cipher/sha256-intel-shaext.c: New. + * cipher/sha256.c (USE_SHAEXT) + (_gcry_sha256_transform_intel_shaext): New. + (SHA256_CONTEXT): Add 'use_shaext'. + (sha256_init, sha224_init) [USE_SHAEXT]: Use shaext if supported. + (transform) [USE_SHAEXT]: Use shaext if enabled. + (transform): Only add ASM_EXTRA_STACK if returned burn length is not + zero. + * configure.ac: Add 'sha256-intel-shaext.lo'. + + Add Intel SHA Extensions accelerated SHA1 implementation. + + commit d02958bd300d2c80bc92b1e072103e95e256b297 + * cipher/Makefile.am: Add 'sha1-intel-shaext.c'. + * cipher/sha1-intel-shaext.c: New. + * cipher/sha1.c (USE_SHAEXT, _gcry_sha1_transform_intel_shaext): New. + (sha1_init) [USE_SHAEXT]: Use shaext implementation is supported. + (transform) [USE_SHAEXT]: Use shaext if enabled. + (transform): Only add ASM_EXTRA_STACK if returned burn length is not + zero. + * cipher/sha1.h (SHA1_CONTEXT): Add 'use_shaext'. + * configure.ac: Add 'sha1-intel-shaext.lo'. + (shaextsupport, gcry_cv_gcc_inline_asm_shaext): New. + * src/g10lib.h: Add HWF_INTEL_SHAEXT and reorder HWF flags. + * src/hwf-x86.c (detect_x86_gnuc): Detect SHA Extensions. + * src/hwfeatures.c (hwflist): Add 'intel-shaext'. + + AVX implementation of BLAKE2s. + + commit da58a62ac1b7a8d97b0895dcb41d15af531e45e5 + * cipher/Makefile.am: Add 'blake2s-amd64-avx.S'. + * cipher/blake2.c (USE_AVX, _gry_blake2s_transform_amd64_avx): New. + (BLAKE2S_CONTEXT) [USE_AVX]: Add 'use_avx'. + (blake2s_transform): Rename to ... + (blake2s_transform_generic): ... this. + (blake2s_transform): New. + (blake2s_final): Pass 'ctx' pointer to transform function instead of + 'S'. + (blake2s_init_ctx): Check HW features and enable AVX implementation + if supported. + * cipher/blake2s-amd64-avx.S: New. + * configure.ac: Add 'blake2s-amd64-avx.lo'. + +2018-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + AVX2 implementation of BLAKE2b. + + commit af7fc732f9a7af7a70276f1e8364d2132db314f1 + * cipher/Makefile.am: Add 'blake2b-amd64-avx2.S'. + * cipher/blake2.c (USE_AVX2, ASM_FUNC_ABI, ASM_EXTRA_STACK) + (_gry_blake2b_transform_amd64_avx2): New. + (BLAKE2B_CONTEXT) [USE_AVX2]: Add 'use_avx2'. + (blake2b_transform): Rename to ... + (blake2b_transform_generic): ... this. + (blake2b_transform): New. + (blake2b_final): Pass 'ctx' pointer to transform function instead of + 'S'. + (blake2b_init_ctx): Check HW features and enable AVX2 implementation + if supported. + * cipher/blake2b-amd64-avx2.S: New. + * configure.ac: Add 'blake2b-amd64-avx2.lo'. + +2018-01-31 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix incorrect counter overflow handling for GCM. + + commit ffdc6f3623a0bcb41324d562340b2cd1c288e387 + * cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle + 32-bit CTR increment for GCM. + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use + generic CTR implementation directly, use gcm_ctr_encrypt instead. + * tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit + CTR overflow. + (check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes' + test-runs. + +2018-01-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix use of AVX instructions in Chaha20 SSSE3 implementation. + + commit 0b55f349a8b8f4b0ac9ed724c2d5b8dcc9f5401c + * cipher/chacha20-amd64-ssse3.S: Replace two 'vmovdqa' instructions + with 'movdqa'. + +2018-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + doc: fix double "See" in front of reference. + + commit bd75f0e89817b5708c57efab49e3eb4e035186e2 + * doc/gcrypt.texi: Change @xref to @ref when text already has 'see' in + the front. + + Add EAX mode. + + commit e8629e535bd0e9711b07904d4501de8ad57aaecd + * cipher/Makefile.am: Add 'cipher-eax.c'. + * cipher/cipher-cmac.c (cmac_write): Rename to ... + (_gcry_cmac_write): ... this; Take CMAC context as new input + parameter; Return error code. + (cmac_generate_subkeys): Rename to ... + (_gcry_cmac_generate_subkeys): ... this; Take CMAC context as new + input parameter; Return error code. + (cmac_final): Rename to ... + (_gcry_cmac_final): ... this; Take CMAC context as new input + parameter; Return error code. + (cmac_tag): Take CMAC context as new input parameter. + (_gcry_cmac_reset): New. + (_gcry_cipher_cmac_authenticate): Remove duplicate tag flag check; + Adapt to changes above. + (_gcry_cipher_cmac_get_tag): Adapt to changes above. + (_gcry_cipher_cmac_check_tag): Ditto. + (_gcry_cipher_cmac_set_subkeys): Ditto. + * cipher-eax.c: New. + * cipher-internal.h (gcry_cmac_context_t): New. + (gcry_cipher_handle): Update u_mode.cmac; Add u_mode.eax. + (_gcry_cmac_write, _gcry_cmac_generate_subkeys, _gcry_cmac_final) + (_gcry_cmac_reset, _gcry_cipher_eax_encrypt, _gcry_cipher_eax_decrypt) + (_gcry_cipher_eax_set_nonce, _gcry_cipher_eax_authenticate) + (_gcry_cipher_eax_get_tag, _gcry_cipher_eax_check_tag) + (_gcry_cipher_eax_setkey): New prototypes. + * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) + (cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv) + (_gcry_cipher_authenticate, _gcry_cipher_gettag, _gcry_cipher_checktag) + (_gcry_cipher_info): Add EAX mode. + * doc/gcrypt.texi: Add EAX mode. + * src/gcrypt.h.in (GCRY_CIPHER_MODE_EAX): New. + * tests/basic.c (_check_gcm_cipher, _check_poly1305_cipher): Constify + test vectors array. + (_check_eax_cipher, check_eax_cipher): New. + (check_ciphers, check_cipher_modes): Add EAX mode. + * tests/bench-slope.c (bench_eax_encrypt_do_bench) + (bench_eax_decrypt_do_bench, bench_eax_authenticate_do_bench) + (eax_encrypt_ops, eax_decrypt_ops, eax_authenticate_ops): New. + (cipher_modes): Add EAX mode. + * tests/benchmark.c (cipher_bench): Add EAX mode. + + cipher: constify spec arrays. + + commit cd7ed2e3546b12dd98df4211949f1cdbf5827013 + * cipher/cipher.c (cipher_list): Constify array. + * cipher/mac.c (mac_list): Constify array. + * cipher/md.c (digest_list): Constify array. + * cipher/pubkey.c (pubkey_list): Constify array. + + Add ARMv8/CE acceleration for AES-XTS. + + commit 93503c127a52c1f6a193750e2bf181a744ba3e6b + * cipher/rijndael-armv8-aarch32-ce.S (_gcry_aes_xts_enc_armv8_ce) + (_gcry_aes_xts_dec_armv8_ce): New. + * cipher/rijndael-armv8-aarch64-ce.S (_gcry_aes_xts_enc_armv8_ce) + (_gcry_aes_xts_dec_armv8_ce): New. + * cipher/rijndael-armv8-ce.c (_gcry_aes_xts_enc_armv8_ce) + (_gcry_aes_xts_dec_armv8_ce, xts_crypt_fn_t) + (_gcry_aes_armv8_ce_xts_crypt): New. + * cipher/rijndael.c (_gcry_aes_armv8_ce_xts_crypt): New. + (_gcry_aes_xts_crypt) [USE_ARM_CE]: New. + +2018-01-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-ssse3: call assembly functions directly. + + commit c3d60acc3ab5c6d60c2258882175bf31351cc998 + * cipher/rijndael-ssse3-amd64-asm.S (_gcry_aes_ssse3_enc_preload) + (_gcry_aes_ssse3_dec_preload, _gcry_aes_ssse3_encrypt_core) + (_gcry_aes_ssse3_decrypt_core, _gcry_aes_schedule_core): Add + ENTER_SYSV_FUNC_PARAMS_* at function entry and EXIT_SYSV_FUNC at exit. + (_gcry_aes_ssse3_encrypt_core, _gcry_aes_ssse3_decrypt_core): Change + to input parameters to RDI and RSI registers. + * cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_encrypt_core) + (_gcry_aes_ssse3_decrypt_core, _gcry_aes_schedule_core): Add parameters + for function prototypes. + (PUSH_STACK_PTR, POP_STACK_PTR): Remove. + (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec) + (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) + (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Remove inline assembly to + call functions, and call directly instead. + + Move AMD64 MS to SysV calling convention conversion to assembly side. + + commit a518b6680ea80a4325731028545a701c1d71fc02 + * cipher/Makefile.am: Add 'asm-common-amd64.h'. + * cipher/asm-common-amd64.h: New. + * cipher/blowfish-amd64.S: Add ENTER_SYSV_FUNC_* and EXIT_SYSV_FUNC for + each global function from 'asm-common-amd64.h'. + * cipher/cast5-amd64.S: Ditto. + * cipher/des-amd64.S: Ditto. + * cipher/rijndael-amd64.S: Ditto. + * cipher/twofish-amd64.S: Ditto. + * cipher/arcfour-amd64.S: Ditto. + * cipher/blowfish.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] + (call_sysv_fn): Remove. + * cipher/cast5.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] + (call_sysv_fn): Remove. + * cipher/twofish.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] + (call_sysv_fn, call_sysv_fn5, call_sysv_fn6): Remove. + * cipher/rijndael.c (do_encrypt, do_decrypt) + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Remove assembly block for + calling SysV ABI function. + * cipher/arcfour.c [USE_AMD64_ASM] (encrypt_stream): Ditto. + + Make BMI2 inline assembly check more robust. + + commit 135250e3060e79be698d4f36a819aa8a880789f8 + * configure.ac (gcry_cv_gcc_inline_asm_bmi2): New assembly test. + + Add AES-NI acceleration for AES-XTS. + + commit a00c5b2988cea256c7823a76ce601febf02c790f + * cipher/cipher-internal.h (gcry_cipher_handle): Change bulk + XTS function to take cipher context. + * cipher/cipher-xts.c (_gcry_cipher_xts_crypt): Ditto. + * cipher/cipher.c (_gcry_cipher_open_internal): Setup AES-NI + XTS bulk function. + * cipher/rijndael-aesni.c (xts_gfmul_const, _gcry_aes_aesni_xts_enc) + (_gcry_aes_aesni_xts_enc, _gcry_aes_aesni_xts_crypt): New. + * cipher/rijndael.c (_gcry_aes_aesni_xts_crypt) + (_gcry_aes_xts_crypt): New. + * src/cipher.h (_gcry_aes_xts_crypt): New. + + AES-NI improvements for AMD64. + + commit c9e9cb2eb6a1c659d3825ca627228b732f2f2152 + * cipher/rijndael-aesni.c [__x86_64__] (aesni_prepare_7_15_variable) + (aesni_prepare_7_15, aesni_cleanup_7_15, do_aesni_enc_vec8) + (do_aesni_dec_vec8, do_aesni_ctr_8): New. + (_gcry_aes_aesni_ctr_enc, _gcry_aes_aesni_cfb_dec) + (_gcry_aes_aesni_cbc_dec, aesni_ocb_enc, aesni_ocb_dec) + (_gcry_aes_aesni_ocb_auth) [__x86_64__]: Add 8 parallel blocks + processing. + + Add ARMv8/AArch64 implementation of chacha20. + + commit b3ec0f752c925cde36f560f0f9309ab6450bbfd9 + * cipher/Makefile.am: Add 'chacha20-aarch64.S'. + * cipher/chacha20-aarch64.S: New. + * cipher/chacha20.c (USE_AARCH64_SIMD): New. + (_gcry_chacha20_aarch_blocks4): New. + (chacha20_do_setkey): Add HWF selection for Aarch64 implementation. + * configure.ac: Add 'chacha20-aarch64.lo'. + + New ChaCha implementations. + + commit 172ad09cbedc893f147180875335f4c525393c0b + * cipher/Makefile.am: Remove 'chacha20-sse2-amd64.S', + 'chacha20-ssse3-amd64.S', 'chacha20-avx2-amd64.S'; Add + 'chacha20-amd64-ssse3.S', 'chacha20-amd64-avx2.S'. + * cipher/chacha20-amd64-avx2.S: New. + * cipher/chacha20-amd64-ssse3.S: New. + * cipher/chacha20-armv7-neon.S: Rewrite. + * cipher/chacha20-avx2-amd64.S: Remove. + * cipher/chacha20-sse2-amd64.S: Remove. + * cipher/chacha20-ssse3-amd64.S: Remove. + * cipher/chacha20.c (CHACHA20_INPUT_LENGTH, USE_SSE2, USE_NEON) + (ASM_EXTRA_STACK, chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks) + (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks) + (_gcry_chacha20_armv7_neon_blocks, QROUND, QOUT, chacha20_core) + (chacha20_do_encrypt_stream): Remove. + (_gcry_chacha20_amd64_ssse3_blocks4, _gcry_chacha20_amd64_avx2_blocks8) + (_gcry_chacha20_armv7_neon_blocks4, ROTATE, XOR, PLUS, PLUSONE) + (QUARTERROUND, BUF_XOR_LE32): New. + (CHACHA20_context_s, chacha20_blocks, chacha20_keysetup) + (chacha20_encrypt_stream): Rewrite. + (chacha20_do_setkey): Adjust for new CHACHA20_context_s. + * configure.ac: Remove 'chacha20-sse2-amd64.lo', + 'chacha20-ssse3-amd64.lo', 'chacha20-avx2-amd64.lo'; Add + 'chacha20-amd64-ssse3.lo', 'chacha20-amd64-avx2.lo'. + + New Poly1305 implementations. + + commit b9a471ccf5f02f89e25c7ccc29898d0e4e486099 + * cipher/Makefile.am: Include '../mpi' for 'longlong.h'; Remove + 'poly1305-sse2-amd64.S', 'poly1305-avx2-amd64.S' and + 'poly1305-armv7-neon.S'. + * cipher/poly1305-armv7-neon.S: Remove. + * cipher/poly1305-avx2-amd64.S: Remove. + * cipher/poly1305-sse2-amd64.S: Remove. + * cipher/poly1305-internal.h (POLY1305_BLOCKSIZE) + (POLY1305_STATE): New. + (POLY1305_SYSV_FUNC_ABI, POLY1305_REF_BLOCKSIZE) + (POLY1305_REF_STATESIZE, POLY1305_REF_ALIGNMENT) + (POLY1305_USE_SSE2, POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE) + (POLY1305_SSE2_ALIGNMENT, POLY1305_USE_AVX2, POLY1305_AVX2_BLOCKSIZE) + (POLY1305_AVX2_STATESIZE, POLY1305_AVX2_ALIGNMENT) + (POLY1305_USE_NEON, POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE) + (POLY1305_NEON_ALIGNMENT, POLY1305_LARGEST_BLOCKSIZE) + (POLY1305_LARGEST_STATESIZE, POLY1305_LARGEST_ALIGNMENT) + (POLY1305_STATE_BLOCKSIZE, POLY1305_STATE_STATESIZE) + (POLY1305_STATE_ALIGNMENT, OPS_FUNC_ABI, poly1305_key_s) + (poly1305_ops_s): Remove. + (poly1305_context_s): Rewrite. + * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext) + (_gcry_poly1305_amd64_sse2_finish_ext) + (_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops) + (poly1305_init_ext_ref32, poly1305_blocks_ref32) + (poly1305_finish_ext_ref32, poly1305_default_ops) + (_gcry_poly1305_amd64_avx2_init_ext) + (_gcry_poly1305_amd64_avx2_finish_ext) + (_gcry_poly1305_amd64_avx2_blocks) + (poly1305_amd64_avx2_ops, poly1305_get_state): Remove. + (poly1305_init): Rewrite. + (USE_MPI_64BIT, USE_MPI_32BIT): New. + [USE_MPI_64BIT] (ADD_1305_64, MUL_MOD_1305_64, poly1305_blocks) + (poly1305_final): New implementation using 64-bit limbs. + [USE_MPI_32BIT] (UMUL_ADD_32, ADD_1305_32, MUL_MOD_1305_32) + (poly1305_blocks): New implementation using 32-bit limbs. + (_gcry_poly1305_update, _gcry_poly1305_finish) + (_gcry_poly1305_init): Adapt to new implementation. + * configure.ac: Remove 'poly1305-sse2-amd64.lo', + 'poly1305-avx2-amd64.lo' and 'poly1305-armv7-neon.lo'. + + mpi/ec: fix when 'unsigned long' is 32-bit but limb size is 64-bit. + + commit d39deb0a41dbeec81174704904d3d29c66d10d7e + * mpi/ec.c (ec_addm_25519, ec_subm_25519, ec_mulm_25519): Cast '1' to + mpi_limb_t before left shift. + +2017-11-24 Werner Koch <wk@gnupg.org> + + sexp: Avoid a fatal error in case of ENOMEM in called functions. + + commit 2ad912d5b7794fb32192fddab1b559c7b86303a2 + * src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error + return. Replace sprintf by snprintf. + (convert_to_hex): Replace sprintf by snprintf. + (convert_to_string): Ditto. + (_gcry_sexp_sprint): Ditto. + + api: Add GCRYCTL_AUTO_EXPAND_SECMEM. + + commit 1f6b2f6099ebcfd785e2d2ae0aeca810394dbbac + * src/gcrypt.h.in (GCRYCTL_AUTO_EXPAND_SECMEM): New enum. + * src/global.c (_gcry_vcontrol): Implement that. + * src/secmem.c (auto_expand): New var. + (_gcry_secmem_set_auto_expand): New. + (_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND. + +2017-11-14 NIIBE Yutaka <gniibe@fsij.org> + + tests: Add HAVE_MMAP check for MinGW. + + commit c594f187bd457b757112adc551ffa4db92962dc1 + * tests/t-secmem.c (main): Conditionalize with HAVE_MMAP. + +2017-11-09 NIIBE Yutaka <gniibe@fsij.org> + + Fix secmem test for machine with larger page. + + commit 621f5c4e837347308a6b06a8cfbfc47ca9fae69e + * tests/t-secmem.c (main): Detect page size and setup chunk size. + * src/secmem.c (init_pool): Simplify the expression. + +2017-10-25 NIIBE Yutaka <gniibe@fsij.org> + + Add OID information for SM3. + + commit 94b84360ca55c407222a3eb8222d8b1816fc617f + * cipher/sm3.c (asn_sm3, oid_spec_sm3): New. + (_gcry_digest_spec_sm3): Add asn_sm3, oid_spec_sm3. + +2017-10-24 Jia Zhang <qianyue.zj@alibaba-inc.com> + + Add crypto hash SM3. + + commit 4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd + * configure.ac (available_digests): Add sm3. + * src/cipher.h: Add declarations for SM3. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm3.c. + * cipher/md.c [USE_SM3] (digest_list): Add _gcry_digest_spec_sm3. + * cipher/pubkey-util.c (hashnames): Add "sm3". + * cipher/sm3.c: New. + * tests/basic.c (check_digests): Add test vectors for SM3. + * tests/hashtest-256g.in (algos): Add SM3. + * tests/hashtest.c (testvectors): Add for SM3. + +2017-10-24 NIIBE Yutaka <gniibe@fsij.org> + + Add new constant GCRY_MD_SM3 for crypto hash SM3. + + commit 5b31e22d9fc542bdccb1586ef2c83d9794a731d3 + * src/gcrypt.h.in (GCRY_MD_SM3): New. + +2017-10-17 Werner Koch <wk@gnupg.org> + + api: New function gcry_mpi_get_ui. + + commit c6e42e7ec3d1046969d783c443c13aad7cb61bb8 + * src/gcrypt.h.in (gcry_mpi_get_ui): New. + (mpi_get_ui): New macro. + * src/libgcrypt.def, src/libgcrypt.vers: Add new function. + * src/visibility.c (gcry_mpi_get_ui): New. + * src/visibility.h: Mark that function. + (gcry_mpi_get_ui): New. + * mpi/mpiutil.c (MY_UINT_MAX): New macro. + (_gcry_mpi_get_ui): Re-implemented. This function existed but was + never imported or used. + * tests/mpitests.c (test_maxsize): Add some test for this function. + +2017-08-29 NIIBE Yutaka <gniibe@fsij.org> + + Tweak GCC version check. + + commit e4dc458b0b7dc9b8417a2177ef17822d9b9064ec + * src/global.c (_gcry_vcontrol): It's GCC 4.2 which started to support + diagnostic pragma. + + random: Fix warnings on Windows. + + commit 8126a6717c80d4fc1766d7f975e872bee2f9f203 + * random/random-csprng.c (lock_seed_file): Vars with no use. + + tests: Fix warnings on Windows. + + commit a848ef44470a524c05624afb54b92cf25595acd2 + * tests/fipsdrv.c (print_dsa_domain_parameters, print_ecdsa_dq): Fix. + + ecc: Fix scratch MPI. + + commit db3a8d6890fb4a6436e082b49378c0bd891563ca + * mpi/ec.c (ec_p_init): Check if scratch MPI is allocated. + + ecc: Fix ec_mulm_25519. + + commit 1d5f726668b9cc32d6bb601f2329987058146c6c + * mpi/ec.c (ec_mulm_25519): Improve reduction to 25519. + + ecc: Use 25519 method also for ed25519. + + commit fab712d654b2ccd24696ed90bc239860a128ad5b + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Don't use mpi_add + since it resizes to have more limbs. + * mpi/ec.c (point_resize): Fix for Edwards curve. + (ec_p_init): Support Edwards curve. + (_gcry_mpi_ec_get_affine): Use the methods. + (dup_point_edwards, add_points_edwards, sub_points_edwards): Ditto. + (_gcry_mpi_ec_mul_point): Resize MPIs of point to fixed size. + (_gcry_mpi_ec_curve_point): Use the methods. + + ecc: Clean up curve specific method support. + + commit 1ac3d3637dd80013b78e03b9b9f582091710d908 + * src/ec-context.h (struct mpi_ec_ctx_s): Remove MOD method. + * mpi/ec.c (ec_mod_25519): Remove. + (ec_p_init): Follow the removal of the MOD method. + + ecc: Relax condition for 25519 computations. + + commit e9be23c4ad9f42c9d3198c706f912b7e27f574bc + * mpi/ec.c (ec_addm_25519, ec_subm_25519, ec_mulm_25519): Check number + of limbs, allocated more is OK. + + ecc: Fix ec_mulm_25519. + + commit 449459a2770d3aecb1f36502bf1903e0cbd2873e + * mpi/ec.c (ec_mulm_25519): Fix the cases of 0 to 18. + + ecc: field specific routines for 25519. + + commit 9ed0fb37bd637d1a2e9498c24097cfeadec682ec + * mpi/ec.c (point_resize): Improve for X25519. + (mpih_set_cond): New. + (ec_mod_25519, ec_addm_25519, ec_subm_25519, ec_mulm_25519) + (ec_mul2_25519, ec_pow2_25519): New. + (ec_p_init): Fill by FIELD_TABLE. + + ecc: Add field specific computation methods. + + commit d4cd381defe5b37dda19bbda0986bdd38065bd31 + * src/ec-context.h (struct mpi_ec_ctx_s): Add methods. + * mpi/ec.c (ec_p_init): Initialize the default methods. + (montgomery_ladder): Use the methods. + +2017-08-27 Werner Koch <wk@gnupg.org> + + Release 1.8.1. + + commit 80fd8615048c3897b91a315cca22ab139b056ccd + * configure.ac: Set LT version to C22/A2/R1. + +2017-08-27 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add input validation for X25519. + + commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9 + * cipher/ecc.c (ecc_decrypt_raw): Add input validation. + * mpi/ec.c (ec_p_init): Use scratch buffer for bad points. + (_gcry_mpi_ec_bad_point): New. + +2017-08-07 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + cipher: Add OID for SHA384WithECDSA. + + commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315 + * cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA. + +2017-08-02 Werner Koch <wk@gnupg.org> + + tests: Fix a printf glitch for a Windows test. + + commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19 + * tests/t-convert.c (check_formats): Fix print format glitch on + Windows. + * tests/t-ed25519.c: Typo fix. + + tests: Add benchmarking option to tests/random. + + commit 21d0f068a721c022f955084c28304934fd198c5e + * tests/random.c: Always include unistd.h. + (prepend_srcdir): New. + (run_benchmark): New. + (main): Add options --benchmark and --with-seed-file. Print whetehr + JENT has been used. + * tests/t-common.h (split_fields_colon): New. Taken from GnuPG. + License of that code changed to LGPLv2.1. + + random: Add more bytes to the pool in addition to the seed file. + + commit eea36574f37830a6a80b4fad884825e815b2912f + * random/random-csprng.c (read_seed_file): Read 128 or 32 butes + depending on whether we have the Jitter RNG. + +2017-08-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add script to run basic tests with all supported HWF combinations. + + commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004 + * tests/basic_all_hwfeature_combinations.sh: New. + * tests/Makefile.am: Add basic_all_hwfeature_combinations.sh. + +2017-07-29 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix return value type for _gcry_md_extract. + + commit cf1528e7f2761774d06ace0de48f39c96b52dc4f + * src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of + gpg_error_t for internal function return type. + + Fix building AArch32 CE implementations when target is ARMv6 arch. + + commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748 + * cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure. + * cipher/rijndael-armv8-aarch32-ce.S: Ditto. + * cipher/sha1-armv8-aarch32-ce.S: Ditto. + * cipher/sha256-armv8-aarch32-ce.S: Ditto. + * configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto. + +2017-07-25 NIIBE Yutaka <gniibe@fsij.org> + + sexp: Add fall through annotation. + + commit b7cd44335d9cde43be6f693dca6399ed0762649c + * src/dumpsexp.c (parse_and_print): It's fall through. + +2017-07-24 Werner Koch <wk@gnupg.org> + + random: Fix the command line munging for jitterbase. + + commit ac39522ab08fcd2483edc223334c6ab9d19e91f3 + * random/Makefile.am (o_flag_munging): Make the first sed term also + global. + +2017-07-19 NIIBE Yutaka <gniibe@fsij.org> + + Remove byte order mark. + + commit 1d8e4c2c3a7d0a4154caf5bd720a9a0b04179390 + * random/jitterentropy-base.c, random/jitterentropy.h: Remove + byte order mark. + +2017-07-18 Werner Koch <wk@gnupg.org> + + Release 1.8.0. + + commit 850aca744eeda5fd410f478a0778e353045ac962 + + + mac: Add selftests for HMAC-SHA3-xxx. + + commit 95194c550443e8d5558856633f920daec8a975c4 + * cipher/hmac-tests.c (check_one): Add arg trunc and change all + callers to pass false. + (selftests_sha3): New. + (run_selftests): Call new selftests. + + api: New function gcry_mpi_point_copy. + + commit ecf73dafb7aafed0d0f339d07235b58c2113f94c + * src/gcrypt.h.in (gcry_mpi_point_copy): New. + (mpi_point_copy): New macro. + * src/visibility.c (gcry_mpi_point_copy): New. + * src/libgcrypt.def, src/libgcrypt.vers: Add function. + * mpi/ec.c (_gcry_mpi_point_copy): New. + * tests/t-mpi-point.c (set_get_point): Add test. + +2017-07-17 Werner Koch <wk@gnupg.org> + + random: Minor fix for getting the rndjent version. + + commit 9d99c6b973caa7fdf93b53cf764066214f763803 + * random/rndjent.c (_gcry_rndjent_get_version): Always set R_ACTIVE. + * tests/version.c (test_get_config): Check number of fields for + rng-type. + +2017-07-07 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Minor fix of mpi_pow. + + commit 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b + * mpi/mpi-pow.c (_gcry_mpi_powm): Allocate size fix. + + mpi: Fix mpi_pow alternative implementation. + + commit 66ed4d53789892def7b237756d8a0ab28df9d222 + * mpi/mpi-pow.c + [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Use + mpi_set_cond. + + Fix mpi_pow alternative implementation. + + commit 619ebae9847831f43314a95cc3180f4b329b4d3b + * mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): + Allocate size fix. + +2017-07-06 Werner Koch <wk@gnupg.org> + + rsa: Use modern MPI allocation function. + + commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887 + * cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew. + +2017-07-05 Werner Koch <wk@gnupg.org> + + build: Minor API fixes to fix build problems on AIX. + + commit 85a9a913da9ecc6b2cd6f743e90e49983251d706 + * src/gcrypt.h.in (gcry_error_from_errno): Fix return type. + * src/visibility.c (gcry_md_extract): Change return type to match the + prototype. + + tools: Add left shift to mpicalc. + + commit 0d30a4a9791d20c8881b5b12bd44611d9f4274cd + * src/mpicalc.c (do_lshift): New. + (main): Handle '<'. + +2017-07-04 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Fix mpi_set_secure. + + commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2 + * mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced. + +2017-06-29 NIIBE Yutaka <gniibe@fsij.org> + Werner Koch <wk@gnupg.org> + + rsa: Add exponent blinding. + + commit 8725c99ffa41778f382ca97233183bcd687bb0ce + * cipher/rsa.c (secret_core_crt): Blind secret D with randomized + nonce R for mpi_powm computation. + +2017-06-28 NIIBE Yutaka <gniibe@fsij.org> + + Same computation for square and multiply. + + commit 78130828e9a140a9de4dafadbc844dbb64cb709a + * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move + the assignment to base_u into the loop. Copy content refered by RP to + BASE_U except the last of the loop. + +2017-06-24 Werner Koch <wk@gnupg.org> + + rsa: Minor refactoring. + + commit e6a3dc9900433bbc8ad362a595a3837318c28fa9 + * cipher/rsa.c (secret): Factor code out to ... + (secret_core_std, secret_core_crt): new functions. + +2017-06-23 Werner Koch <wk@gnupg.org> + + random: Add missing dependency. + + commit d091610377b2c92cf385282b1adfc30fa6cd5c75 + * random/Makefile.am (EXTRA_librandom_la_SOURCES): Fix file name. + (rndjent.o, rndjent.lo): Depend on jitterentropy-base-user.h. + + random: Update jitterentropy to 2.1.0. + + commit 8dfae89ecd3e9ae0967586cb38d12ef9111fc7cd + * random/rndjent.c (jent_get_nstime, jent_zfree) + (jent_fips_enabled, jent_zalloc): Move functions and macros to ... + * random/jitterentropy-base-user.h: this file. That files was not + used before. + * random/Makefile.am (EXTRA_librandom_la_SOURCES): Add + jitterentropy-base-user. + * random/jitterentropy-base.c: Update to version 2.1.0. + * random/jitterentropy.h: Ditto. + +2017-06-21 Werner Koch <wk@gnupg.org> + + api: New function gcry_get_config. + + commit 27148e60ba15b0cb73b47a75c688fcb48a1a3444 + * src/misc.c (_gcry_log_info_with_dummy_fp): Remove. + * src/global.c (print_config): New arg WHAT. Remove arg FNC and use + gpgrt_fprintf directly. + (_gcry_get_config): New. + (_gcry_vcontrol) <GCRYCTL_PRINT_CONFIG>: Use _gcry_get_config instead + of print_config. + * src/gcrypt.h.in (gcry_get_config): New. + * src/libgcrypt.def, src/libgcrypt.vers: Add new function. + * src/visibility.c (gcry_get_config): New. + * src/visibility.h: Mark new function. + + * tests/version.c (test_get_config): New. + (main): Call new test. + + random: Allow building rndjent on non-x86. + + commit c2319464b03e61aaf34ef6d5f4b59b0c0483a373 + * random/jitterentropy-base.c (jent_version): Uncomment function. + * random/rndjent.c: Include time.h + (JENT_USES_RDTSC): New. + (JENT_USES_GETTIME): New. + (JENT_USES_READ_REAL_TIME): New. + (jent_get_nstime): Support clock_gettime and AIX specific + function. Taken from Stephan Müller's code. + (is_rng_available): New. + (_gcry_rndjent_dump_stats): Use that function. + (_gcry_rndjent_poll): Use that fucntion. Allow an ADD of NULL for an + intialize only mode. + (_gcry_rndjent_get_version): New. + +2017-06-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-padlock: change asm operands from read-only to read/write. + + commit 32b4ab209067f6f08b87b27bc78ec27dc497b708 + * cipher/rijndael-padlock.c (do_padlock): Change ESI/EDI/ECX to use + read/write operands as XCRYPT instruction modifies these registers. + +2017-06-16 Werner Koch <wk@gnupg.org> + + random: Make rndjent.c NTG.1 compliant. + + commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9 + * random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter. + + md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512. + + commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f + * cipher/sha256.c (_gcry_sha256_hash_buffer): New. + (_gcry_sha256_hash_buffers): New. + * cipher/sha512.c (_gcry_sha512_hash_buffer): New. + (_gcry_sha512_hash_buffers): New. + * cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512. + (_gcry_md_hash_buffers): Ditto. + + random: Allow building rndjent.c with stats collecting enabled. + + commit ee3a74f5539cbc5182ce089994e37c16ce612149 + * random/rndjent.c: Change license to the one used by jitterentropy.h. + (jent_init_statistic): New. + (jent_bit_count): New. + (jent_statistic_copy_stat): new. + (jent_calc_statistic): New. + + New global config option "only-urandom". + + commit 8f6082e95f30c1ba68d2de23da90146f87f0c66c + * random/rand-internal.h (RANDOM_CONF_ONLY_URANDOM): New. + * random/random.c (_gcry_random_read_conf): Add option "only-urandom". + * random/rndlinux.c (_gcry_rndlinux_gather_random): Implement that + option. + * tests/keygen.c (main): Add option --no-quick for better manual + tests. + + Implement global config file /etc/gcrypt/random.conf. + + commit b05a4abc358b204dba343d9cfbd59fdc828c1686 + * src/hwfeatures.c (my_isascii): Move macro to ... + * src/g10lib.h: here. + * tests/random.c (main): Dump random stats. + * random/random.c (RANDOM_CONF_FILE): New. + (_gcry_random_read_conf): New. + (_gcry_random_dump_stats): Call rndjent stats. + * random/rndjent.c (jent_rng_totalcalls, jent_rng_totalbytes): New. + (_gcry_rndjent_poll): Take care of config option disable-jent. Wipe + buffer. Bump counters. + (_gcry_rndjent_dump_stats): New. + +2017-06-14 Werner Koch <wk@gnupg.org> + + random: Add jitter RND based entropy collector. + + commit f5e7763ddca59dcd9ac9f2f4d50cb41b14a34a9e + * random/rndjent.c: New. + * random/rndlinux.c (_gcry_rndlinux_gather_random): Use rndjent. + * random/rndw32.c (_gcry_rndw32_gather_random): Use rndjent. + (slow_gatherer): Fix compiler warning. + * random/Makefile.am (librandom_la_SOURCES): Add rndjent.c + (EXTRA_librandom_la_SOURCES): Add jitterentropy-base.c and + jitterentropy.h. + (rndjent.o, rndjent.lo): New rules. + * configure.ac: New option --disbale-jent-support + (ENABLE_JENT_SUPPORT): New ac-define. + + cipher: New helper function rol64. + + commit 6c882fb1fdb6c7cba2215fa7391110d63e24b9dc + * cipher/bithelp.h (rol64): New inline functions. + + New hardware feature flag HWF_INTEL_RDTSC. + + commit 06f303a633ea2b992259688bef2b023c3f388f73 + * src/g10lib.h (HWF_INTEL_RDTSC): New. + * src/hwfeatures.c (hwflist): Add "intel-rdtsc". + * src/hwf-x86.c (detect_x86_gnuc): Get EDX features and test for TSC. + + random: Changes to original Jitter RNG implementation. + + commit a44c45675f8b631e11048a540bb1fbb7a022ebb4 + * random/jitterentropy-base.c: Change double underscore symbols and + make all functions static. + * random/jitterentropy.h: Likewise. + +2017-06-13 Stephan Mueller <smueller@chronox.de> + + random: Add original Jitter RNG implementation. + + commit f0ae18ecf48fbe2da0b9fb3f354d0dd3173d91d3 + * random/jitterentropy-base-user.h: New. + * random/jitterentropy-base.c: New. + * random/jitterentropy.h: New. + +2017-06-08 Werner Koch <wk@gnupg.org> + + build: Fix ChangeLog building for builds from other worktrees. + + commit cdfd7ea72a44657f037dd0dbba6e5ea0c2b344aa + * Makefile.am (gen-ChangeLog): Test for existance of ".git" regardless + on whether it is a file or directory. + +2017-06-02 NIIBE Yutaka <gniibe@fsij.org> + + secmem: Fix SEGV and stat calculation. + + commit e0958debe1a7db1bec1283115cdc6a14bf3b43e5 + * src/secmem (init_pool): Care about the header size. + (_gcry_secmem_malloc_internal): Likewise. + (_gcry_secmem_malloc_internal): Use mb->size for stats. + +2017-06-01 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be> + + ecc: Store EdDSA session key in secure memory. + + commit 5a22de904a0a366ae79f03ff1e13a1232a89e26b + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate + session key. + +2017-05-31 Werner Koch <wk@gnupg.org> + + api: Deprecate gcry_md_info. + + commit 45c39340c9926c2c5801dbab7609687c41e9ff1f + + +2017-05-30 Werner Koch <wk@gnupg.org> + + mpi: Distribute asm files for aarch64 and asm. + + commit c65f9558f12ffa2810538ef616e71b4052dacb81 + * mpi/aarch64/distfiles: New. + * mpi/arm/distfiles: New. + + mpi: Distribute asm definitions for amd64. + + commit 87e481137debabb7f989d7fa9b1c21c336e10c98 + * mpi/amd64/distfiles: Add mpi-asm-defs.h. + +2017-05-23 Werner Koch <wk@gnupg.org> + + cipher: Fix compiler warnings. + + commit d764c9894013727ff82eb194da6030209c273528 + * cipher/poly1305.c (poly1305_default_ops): Move to the top. Add + prototypes and compile only if USE_SSE2 is not defined. + (poly1305_init_ext_ref32): Compile only if USE_SSE2 is not defined. + (poly1305_blocks_ref32): Ditto. + (poly1305_finish_ext_ref32): Ditto. + + doc: Comment fixes. + + commit c1bb3d9fdb6fe5f336af1d5a03fc42bfdc1f8b0b + + +2017-05-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-ssse3: fix functions calls from assembly blocks. + + commit 4cd94994a9abec9b92fa5972869baf089a28fa76 + * cipher/rijndael-ssse3-amd64.c (PUSH_STACK_PTR, POP_STACK_PTR): New. + (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec) + (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) + (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Use PUSH_STACK_PTR and + POP_STACK_PTR. + + chacha20-armv7-neon: fix to use fast code path when memory is aligned. + + commit 68861ae5d3e007d7a39f14ea27dc3dd8ef13ba02 + * cipher/chacha20-armv7-neon.S (UNALIGNED_LDMIA4): Uncomment + instruction for jump to aligned code path. + + Move data in AMD64 assembly to text section. + + commit 1a094bc5b2aa730833faf593a931d4e5d7f9ab4d + * cipher/camellia-aesni-avx-amd64.S: Move data to .text section to + ensure that RIP relative addressing of data will work. + * cipher/camellia-aesni-avx2-amd64.S: Ditto. + * cipher/chacha20-avx2-amd64.S: Ditto. + * cipher/chacha20-ssse3-amd64.S: Ditto. + * cipher/des-amd64.S: Ditto. + * cipher/serpent-avx2-amd64.S: Ditto. + * cipher/sha1-avx-amd64.S: Ditto. + * cipher/sha1-avx-bmi2-amd64.S: Ditto. + * cipher/sha1-ssse3-amd64.S: Ditto. + * cipher/sha256-avx-amd64.S: Ditto. + * cipher/sha256-avx2-bmi2-amd64.S: Ditto. + * cipher/sha256-ssse3-amd64.S: Ditto. + * cipher/sha512-avx-amd64.S: Ditto. + * cipher/sha512-avx2-bmi2-amd64.S: Ditto. + * cipher/sha512-ssse3-amd64.S: Ditto. + + cast5-amd64: use 64-bit relocation with large PIC memory model. + + commit ff02fca39c83bcf30c79368611ac65e273e77f6c + * cipher/cast5-amd64.S [__code_model_large__] + (GET_EXTERN_POINTER): New. + +2017-05-13 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix building with x86-64 medium and large memory models. + + commit 434d4f2af39033fc626044ba9a060da298522293 + * cipher/cast5-amd64.S [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] + (GET_EXTERN_POINTER): Load 64-bit address instead of 32-bit. + * cipher/rijndael.c (do_encrypt, do_decrypt) + [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Load + table pointer through register instead of generic reference. + +2017-04-04 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Simplify mpi_powm. + + commit 719468e53133d3bdf12156c5bfdea2bf15f9f6f1 + * mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop. + +2017-03-08 Justus Winter <justus@g10code.com> + + build: Use macOS' compatibility macros to enable all features. + + commit 654024081cfa103c87bb163b117ea3568171d408 + * configure.ac: On macOS, use the compatibility macros to expose every + feature of the libc. This is the equivalent of _GNU_SOURCE on GNU + libc. + +2017-02-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add BLAKE2b and BLAKE2s hash algorithms (RFC 7693) + + commit 5bd530b8a4624f101b8d42e68f1b28bcc13f4f76 + * cipher/blake2.c: New. + * cipher/Makefile.am: Add 'blake2.c'. + * cipher/md.c (digest_list, prepare_macpads): Add BLAKE2. + (md_setkey): New. + (_gcry_md_setkey): Call 'md_setkey' for non-HMAC md. + * configure.ac: Add BLAKE2 digest. + * doc/gcrypt.texi: Add BLAKE2. + * src/cipher.h (_gcry_blake2_init_with_key) + (_gcry_digest_spec_blake2b_512, _gcry_digest_spec_blake2b_384) + (_gcry_digest_spec_blake2b_256, _gcry_digest_spec_blake2b_160) + (_gcry_digest_spec_blake2s_256, _gcry_digest_spec_blake2s_224) + (_gcry_digest_spec_blake2s_160, _gcry_digest_spec_blake2s_128): New. + * src/gcrypt.h.in (GCRY_MD_BLAKE2B_512, GCRY_MD_BLAKE2B_384) + (GCRY_MD_BLAKE2B_256, GCRY_MD_BLAKE2B_160, GCRY_MD_BLAKE2S_256) + (GCRY_MD_BLAKE2S_224, GCRY_MD_BLAKE2S_160, GCRY_MD_BLAKE2S_128): New. + * tests/basic.c (check_one_md): Add testing for keyed hashes. + (check_digests): Add BLAKE2 test vectors; Add testing for keyed hashes. + * tests/blake2b.h: New. + * tests/blake2s.h: New. + * tests/Makefile.am: Add 'blake2b.h' and 'blake2s.h'. + + Fix building with clang on ARM64/FreeBSD. + + commit da213db2c6cda6f57e5853e8c591d69bfa1cfa74 + * cipher/cipher-gcm-armv8-aarch64-ce.S: Use '.cpu generic+simd+crypto' + instead of '.arch armv8-a+crypto'. + * cipher/rijndael-armv8-aarch64-ce.S: Ditto. + * cipher/sha1-armv8-aarch64-ce.S: Ditto. + * cipher/sha256-armv8-aarch64-ce.S: Ditto. + * configure.ac (gcry_cv_gcc_inline_asm_aarch64_neon): Ditto. + (gcry_cv_gcc_inline_asm_aarch64_crypto): Ditto; and include NEON + instructions to crypto instructions check. + +2017-02-07 Justus Winter <justus@g10code.com> + + Fix building with a pre C99 compiler. + + commit 75d91ffeaf83098ade325bb3b6b2c8a76eb1f6a6 + * cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt): Move the + declaration of 'i' out of the loop. + (_gcry_cipher_cfb8_decrypt): Likewise. + +2017-02-04 Mathias L. Baumann <mathias.baumann_at_sociomantic.com> + + Implement CFB with 8-bit mode. + + commit d1ee9a660571ce4a998c9ab2299d4f2419f99127 + * cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt) + (_gcry_cipher_cfg8_decrypt): Add 8-bit variants of decrypt/encrypt + functions. + * cipher/cipher-internal.h (_gcry_cipher_cfb8_encrypt) + (_gcry_cipher_cfg8_decrypt): Ditto. + * cipher/cipher.c: Adjust code flow to work with GCRY_CIPHER_MODE_CFB8. + * tests/basic.c: Add tests for cfb8 with AES and 3DES. + +2017-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rndhw: add missing "memory" clobbers. + + commit c67c728478e8f47b6e8296b643fd35d66d4a1052 + * random/rndhw.c: (poll_padlock, rdrand_long): Add "memory" to asm + clobbers. + + Add UNLIKELY and LIKELY macros. + + commit 4b7451d3e8e7b87d8e407fbbd924ad5b13bd0f00 + * src/g10lib.h (LIKELY, UNLIKELY): New. + (gcry_assert): Use LIKELY for assert check. + (fast_wipememory2_unaligned_head): Use UNLIKELY for unaligned + branching. + * cipher/bufhelp.h (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst) + (buf_xor_n_copy_2): Ditto. + + rndhw: avoid type-punching. + + commit 37b537600f33fcf8e1c8dc2c658a142fbba44199 + * random/rndhw.c (rdrand_long, rdrand_nlong): Add 'volatile' for + pointer. + (poll_drng): Convert buffer to 'unsigned long[]' and make use of DIM + macro. + +2017-01-28 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + hwf-x86: avoid type-punching. + + commit 1407317a6112a23d4fec5827a9d74faef4196f66 + * src/hwf-x86.c (detect_x86_gnuc): Use union for vendor_id. + + cipher: add explicit blocksize checks to allow better optimization. + + commit efa9042f82ffed3d076b8e26ac62d29e00bb756a + * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) + (_gcry_cipher_cbc_decrypt): Add explicit check for cipher blocksize of + 64-bit or 128-bit. + * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) + (_gcry_cipher_cfb_decrypt): Ditto. + * cipher/cipher-cmac.c (cmac_write, cmac_generate_subkeys) + (cmac_final): Ditto. + * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Ditto. + + bufhelp: use unaligned dword and qword types for endianess helpers. + + commit e7b941c3de9c9b6319298c02f844cc0cadbf8562 + * cipher/bufhelp.h (BUFHELP_UNALIGNED_ACCESS): New, defined + if attributes 'packed', 'aligned' and 'may_alias' are supported. + (BUFHELP_FAST_UNALIGNED_ACCESS): Define if have + BUFHELP_UNALIGNED_ACCESS. + + rijndael-aesni: fix u128_t strict-aliasing rule breaking. + + commit 92b4a29d2453712192ced2d7226abc49679dcb1e + * cipher/rijndael-aesni.c (u128_t): Add attributes to tell GCC and clang + that casting from 'char *' to 'u128_t *' is ok. + + cipher-xts: fix pointer casting to wrong alignment and aliasing. + + commit 4f31d816dcc1e95dc647651e92acbdfed53f5c14 + * cipher/cipher-xts.c (xts_gfmul_byA, xts_inc128): Use buf_get_le64 + and buf_put_le64 for accessing data; Change parameter pointers to + 'unsigned char *' type. + (_gcry_cipher_xts_crypt): Do not cast buffer pointers to 'u64 *' + for helper functions. + + crc-intel-pclmul: fix undefined behavior with unaligned access. + + commit 55cf1b5588705cab5f45e2817c4aa1d204dc0042 + * cipher/crc-intel-pclmul.c (u16_unaligned_s): New. + (crc32_reflected_less_than_16, crc32_less_than_16): Use + 'u16_unaligned_s' for unaligned memory access. + + configure.ac: fix attribute checks. + + commit b29b1b9f576f501d4b993be0a751567045274a1a + * configure.ac: Add -Werror flag for attribute checks. + + configure.ac: fix may_alias attribute check. + + commit 136c8416ea540dd126be3997d94d7063b3aaf577 + * configure.ac: Test may_alias attribute on type, not on variable. + + bufhelp: add 'may_alias' attribute for properly aligned 'bufhelp_int_t' + + commit d1ae52a0e23308f33b78cffeba56005b687f23c0 + * cipher/bufhelp.h [!BUFHELP_FAST_UNALIGNED_ACCESS] + (bufhelp_int_t): Add 'may_alias' attribute. + +2017-01-27 Werner Koch <wk@gnupg.org> + + w32: New envvar GCRYPT_RNDW32_DBG. + + commit a351fbde8548ce3f57298c618426f043844fbc78 + * random/rndw32.c (_gcry_rndw32_gather_random): Use getenv to set + DEBUG_ME. + +2017-01-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-ssse3-amd64: fix building on x32. + + commit 39b9302da5d08bd52688d20befe626fee0b6c41d + * cipher/rijndael-ssse3-amd64.c: Use 64-bit call instructions + with 64-bit registers. + + bufhelp: use 'may_alias' attribute unaligned pointer types. + + commit bf9e0b79e620ca2324224893b07522462b125412 + * configure.ac (gcry_cv_gcc_attribute_may_alias) + (HAVE_GCC_ATTRIBUTE_MAY_ALIAS): New check for 'may_alias' attribute. + * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only if + HAVE_GCC_ATTRIBUTE_MAY_ALIAS is defined. + [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_int_t, bufhelp_u32_t) + (bufhelp_u64_t): Add 'may_alias' attribute. + * src/g10lib.h (fast_wipememory_t): Add HAVE_GCC_ATTRIBUTE_MAY_ALIAS + defined check; Add 'may_alias' attribute. + +2017-01-18 Werner Koch <wk@gnupg.org> + + random: Call getrandom before select and emitting a progress callback. + + commit 623aab8a940ea61afe3fef650ad485a755ed9fe7 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Move the getrandom + call before the select. + +2017-01-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + mpi: amd64: fix too large jump alignment in mpih-rshift. + + commit ddcfe31e2425e88b280e7cdaf3f0eaaad8ccc023 + * mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Use 16-byte alignment + with 'ALIGN(4)' instead of 256-byte. + + rijndael-ssse3: move assembly functions to separate source-file. + + commit 54c57bc49edb5c00e9ed8103cc4837bb72c5e863 + * cipher/Makefile.am: Add 'rinjdael-ssse3-amd64-asm.S'. + * cipher/rinjdael-ssse3-amd64-asm.S: Moved assembly functions + here ... + * cipher/rinjdael-ssse3-amd64.c: ... from this file. + (_gcry_aes_ssse3_enc_preload, _gcry_aes_ssse3_dec_preload) + (_gcry_aes_ssse3_shedule_core, _gcry_aes_ssse3_encrypt_core) + (_gcry_aes_ssse3_decrypt_core): New. + (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec) + (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) + (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Update to use external + assembly functions; remove 'aes_const_ptr' variable usage. + (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_decrypt) + (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc) + (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec) + (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec) + (_gcry_aes_ssse3_ocb_auth): Remove 'aes_const_ptr' variable usage. + * configure.ac: Add 'rinjdael-ssse3-amd64-asm.lo'. + + Add AVX2/vpgather bulk implementation of Twofish. + + commit c59a8ce51ceb9a80169c44ef86a67e95cf8528c3 + * cipher/Makefile.am: Add 'twofish-avx2-amd64.S'. + * cipher/twofish-avx2-amd64.S: New. + * cipher/twofish.c (USE_AVX2): New. + (TWOFISH_context) [USE_AVX2]: Add 'use_avx2' member. + (ASM_FUNC_ABI): New. + (twofish_setkey): Add check for AVX2 and fast VPGATHER HW features. + (_gcry_twofish_avx2_ctr_enc, _gcry_twofish_avx2_cbc_dec) + (_gcry_twofish_avx2_cfb_dec, _gcry_twofish_avx2_ocb_enc) + (_gcry_twofish_avx2_ocb_dec, _gcry_twofish_avx2_ocb_auth): New. + (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec) + (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Add AVX2 bulk + handling. + (selftest_ctr, selftest_cbc, selftest_cfb): Increase nblocks from + 3+X to 16+X. + * configure.ac: Add 'twofish-avx2-amd64.lo'. + * src/g10lib.h (HWF_INTEL_FAST_VPGATHER): New. + * src/hwf-x86.c (detect_x86_gnuc): Add detection for + HWF_INTEL_FAST_VPGATHER. + * src/hwfeatures.c (HWF_INTEL_FAST_VPGATHER): Add + "intel-fast-vpgather" for HWF_INTEL_FAST_VPGATHER. + + Add XTS cipher mode. + + commit 232a129b1f915fc54881506e4b07c89cf84932e6 + * cipher/Makefile.am: Add 'cipher-xts.c'. + * cipher/cipher-internal.h (gcry_cipher_handle): Add 'bulk.xts_crypt' + and 'u_mode.xts' members. + (_gcry_cipher_xts_crypt): New prototype. + * cipher/cipher-xts.c: New. + * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) + (cipher_reset, cipher_encrypt, cipher_decrypt): Add XTS mode handling. + * doc/gcrypt.texi: Add XTS mode to documentation. + * src/gcrypt.h.in (GCRY_CIPHER_MODE_XTS, GCRY_XTS_BLOCK_LEN): New. + * tests/basic.c (do_check_xts_cipher, check_xts_cipher): New. + (check_bulk_cipher_modes): Add XTS test-vectors. + (check_one_cipher_core, check_one_cipher, check_ciphers): Add XTS + testing support. + (check_cipher_modes): Add XTS test. + * tests/bench-slope.c (bench_xts_encrypt_init) + (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench) + (xts_encrypt_ops, xts_decrypt_ops): New. + (cipher_modes, cipher_bench_one): Add XTS. + * tests/benchmark.c (cipher_bench): Add XTS testing. + +2017-01-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael-ssse3: fix counter operand from read-only to read/write. + + commit aada604594fd42224d366d3cb98f67fd3b989cd6 + * cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_ctr_enc): Change + 'ctrlow' operand from read-only to read-write. + +2017-01-03 Werner Koch <wk@gnupg.org> + + Extend GCRYCTL_PRINT_CONFIG to print compiler version. + + commit 98b49695b1ffe3c406ae39a45051b8594f903b9d + * src/global.c (print_config): Print version of libgpg-error and used + compiler. + + tests: Add option --disable-hwf to the version utility. + + commit 3582641469f1c74078f0d758c4d5458cc0ee5649 + * src/hwfeatures.c (_gcry_disable_hw_feature): Rewrite to allow + passing a colon delimited feature set. + (parse_hwf_deny_file): Remove unused var I. + * tests/version.c (main): Add options --verbose and --disable-hwf. + +2016-12-15 Werner Koch <wk@gnupg.org> + Nicolas Porcel <nicolasporcel06@gmail.com> + + Fix regression in broken mlock detection. + + commit 0a90f87799903a3fb97189ef7cba19e7b3534e1c + * acinclude.m4 (GNUPG_CHECK_MLOCK): Fix typo EGAIN->EAGAIN. + +2016-12-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + hwfeatures: add 'all' for disabling all hardware features. + + commit c83d0d2a26059cf471d09f5cb8e7fc5d76c4907b + * .gitignore: Add 'tests/basic-disable-all-hwf'. + * configure.ac: Ditto. + * tests/Makefile.am: Ditto. + * src/hwfeatures.c (_gcry_disable_hw_feature): Match 'all' for + masking all HW features off. + (parse_hwf_deny_file): Use '_gcry_disable_hw_feature' for matching. + * tests/basic-disable-all-hwf.in: New. + + tests/hashtest-256g: add missing executable extension for Win32. + + commit 2b7b227b8a0bd5ff286258bc187782efac180a7e + * tests/hashtest-256g.in: Add @EXEEXT@. + + OCB ARM CE: Move ocb_get_l handling to assembly part. + + commit 5c418e597f0f20a546d953161695e6caf1f57689 + * cipher/rijndael-armv8-aarch32-ce.S: Add OCB 'L_{ntz(i)}' calculation. + * cipher/rijndael-armv8-aarch64-ce.S: Ditto. + * cipher/rijndael-armv8-ce.c (_gcry_aes_ocb_enc_armv8_ce) + (_gcry_aes_ocb_dec_armv8_ce, _gcry_aes_ocb_auth_armv8_ce) + (ocb_cryt_fn_t): Updated arguments. + (_gcry_aes_armv8_ce_ocb_crypt, _gcry_aes_armv8_ce_ocb_auth): Remove + 'ocb_get_l' handling and splitting input to 32 block chunks, instead + pass full buffers to assembly. + + OCB: Move large L handling from bottom to upper level. + + commit 2d2e5286d53e1f62fe040dff4c6e01961f00afe2 + * cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove. + (ocb_get_L_big): New. + (_gcry_cipher_ocb_authenticate): L-big handling done in upper + processing loop, so that lower level never sees the case where + 'aad_nblocks % 65536 == 0'; Add missing stack burn. + (ocb_aad_finalize): Add missing stack burn. + (ocb_crypt): L-big handling done in upper processing loop, so that + lower level never sees the case where 'data_nblocks % 65536 == 0'. + * cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove. + (ocb_get_l): Remove 'l_tmp' usage and simplify since input + is more limited now, 'N is not multiple of 65536'. + * cipher/rijndael-aesni.c (get_l): Remove. + (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove + l_tmp; Use 'ocb_get_l'. + * cipher/rijndael-ssse3-amd64.c (get_l): Remove. + (ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove + l_tmp; Use 'ocb_get_l'. + * cipher/camellia-glue.c: Remove OCB l_tmp usage. + * cipher/rijndael-armv8-ce.c: Ditto. + * cipher/rijndael.c: Ditto. + * cipher/serpent.c: Ditto. + * cipher/twofish.c: Ditto. + + OCB: remove 'int64_t' usage. + + commit 161d339f48c03be7fd0f4249d730f7f1767ef8e4 + * cipher/cipher-ocb.c (double_block): Use alternative way to generate + sign-bit mask, without 'int64_t'. + + random-drbg: use bufhelp function for big-endian store. + + commit 0b03b658bebc69a84d87ef13f9b60a27b0c42305 + * random/random-drbg.c (drbg_cpu_to_be32): Remove. + (drbg_ctr_df, drbg_hash_df): Use 'buf_put_be32' instead of + 'drbg_cpu_to_be32'. + +2016-12-09 Werner Koch <wk@gnupg.org> + + Improve handling of mlock error codes. + + commit 618b8978f46f4011c11512fd5f30c15e01652e2e + * acinclude.m4 (GNUPG_CHECK_MLOCK): Check also for EAGAIN which is a + legitimate return code and does not indicate a broken mlock(). + * src/secmem.c (lock_pool_pages): Test ERR instead of ERRNO which + could have been overwritten by cap_from+text et al. + +2016-12-08 Stephan Mueller <smueller@chronox.de> + + random: Eliminate unneeded memcpy invocations in the DRBG. + + commit 656395ba4cf34f42dda3a120bda3ed1220755a3d + * random/random-drbg.c (drbg_hash): Remove arg 'outval' and return a + pointer instead. + (drbg_instantiate): Reduce size of scratchpad. + (drbg_hmac_update): Avoid use of scratch buffers for the hash. + (drbg_hmac_generate, drbg_hash_df): Ditto. + (drbg_hash_process_addtl): Ditto. + (drbg_hash_hashgen): Ditto. + (drbg_hash_generate): Ditto. + + random: Add performance improvements for the DRBG. + + commit 20886fdcb841b0bf89bb1d44303d42f1804e38cb + * random/random-drbg.c (struct drbg_state_ops_s): New function + pointers 'crypto_init' and 'crypto-fini'. + (struct drbg_state_s): New fields 'priv_data', 'ctr_handle', and + 'ctr_null'. + (drbg_hash_init, drbg_hash_fini): New. + (drbg_hmac_init, drbg_hmac_setkey): New. + (drbg_sym_fini, drbg_sym_init, drbg_sym_setkey): New. + (drbg_sym_ctr): New. + (drbg_ctr_bcc): Set the key. + (drbg_ctr_df): Ditto. + (drbg_hmac_update): Ditto. + (drbg_hmac_generate): Replace drgb_hmac by drbg_hash. + (drbg_hash_df): Ditto. + (drbg_hash_process_addtl): Ditto. + (drbg_hash_hashgen): Ditto. + (drbg_ctr_update): Rework. + (drbg_ctr_generate): Rework. + (drbg_ctr_ops): Init new functions pointers. + (drbg_uninstantiate): Call fini function. + (drbg_instantiate): Call init function. + + cipher: New function for reading the counter in CTR mode. + + commit 227099f179df9dcf083d0ef6be9883c775df0874 + * cipher/cipher.c (gcry_cipher_getctr): New. + +2016-12-07 Werner Koch <wk@gnupg.org> + + Document the overflow pools and add a stupid test case. + + commit 95bac312644ad45e486c94c2efd25d0748b9a20b + * tests/t-secmem.c (test_secmem_overflow): New func. + (main): Disable warning and call new function. + + Implement overflow secmem pools for xmalloc style allocators. + + commit b6870cf25c0b1eb9c127a94af8326c446421a472 + * src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and + cur_blocks. + (cur_alloced, cur_blocks): Remove vars. + (ptr_into_pool_p): Make it inline. + (stats_update): Add arg pool and update the new pool specific + counters. + (_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow + pools as needed. + (_gcry_secmem_malloc): Pass XHINTS along. + (_gcry_secmem_realloc_internal): Ditto. + (_gcry_secmem_realloc): Ditto. + (_gcry_secmem_free_internal): Take multiple pools in account. Add + return value to indicate whether the arg was freed. + (_gcry_secmem_free): Add return value to indicate whether the arg was + freed. + (_gcry_private_is_secure): Take multiple pools in account. + (_gcry_secmem_term): Release all pools. + (_gcry_secmem_dump_stats): Print stats for all pools. + * src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure + test with a direct call of _gcry_secmem_free to avoid double checking. + + Give the secmem allocators a hint when a xmalloc calls them. + + commit b7df907dca4d525f8930c533b763ffce44ceed87 + * src/secmem.c (_gcry_secmem_malloc): New not yet used arg XHINT. + (_gcry_secmem_realloc): Ditto. + * src/stdmem.c (_gcry_private_malloc_secure): New arg XHINT to be + passed to the secmem functions. + (_gcry_private_realloc): Ditto. + * src/g10lib.h (GCRY_ALLOC_FLAG_XHINT): New. + * src/global.c (do_malloc): Pass this flag as XHINT to the private + allocator. + (_gcry_malloc_secure): Factor code out to ... + (_gcry_malloc_secure_core): this. Add arg XHINT. + (_gcry_realloc): Factor code out to ... + (_gcry_realloc_core): here. Add arg XHINT. + (_gcry_strdup): Factor code out to ... + (_gcry_strdup_core): here. Add arg XHINT. + (_gcry_xrealloc): Use the core function and pass true for XHINT. + (_gcry_xmalloc_secure): Ditto. + (_gcry_xstrdup): Ditto. + + tests: New test t-secmem. + + commit e366c19b34922c770af82cd035fd815680b29dee + * src/secmem.c (_gcry_secmem_dump_stats): Add arg EXTENDED and adjust + caller. + * src/gcrypt-testapi.h (PRIV_CTL_DUMP_SECMEM_STATS): New. + * src/global.c (_gcry_vcontrol): Implement that. + * tests/t-secmem.c: New. + * tests/Makefile.am (tests_bin): Add that test. + +2016-12-06 Werner Koch <wk@gnupg.org> + + Fix compiler warning about possible-NULL-dreference. + + commit 995ce697308320c6a52a307f83dc49eeb8d784b4 + * src/mpi.h (mpi_is_const, mpi_is_immutable): Do check arg before + deref-ing. The are only used at places where the arg shall not be NULL. + + Fix possible NULL-deref in gcry_log_debugsxp. + + commit 984a97f0750f812f0ad3c343ee6a67560953a504 + * src/misc.c (_gcry_log_printsxp): Prevent passing NULL to strlen. + + Reorganize code in secmem.c. + + commit 603f479a919311f720a05da738150c2192d5e562 + * src/secmem.c (pooldesc_t): New type to collect information about one + pool. + (pool_size): Remove. Now a member of pooldesc_t. + (pool_okay): Ditto. + (pool_is_mmapped): Ditto. + (pool): Rename variable ... + (mainpool): And change type to pooldesc_t. + (ptr_into_pool_p): Add arg 'pool'. + (mb_get_next): Ditto. + (mb_get_prev): Ditto. + (mb_merge): Ditto. + (mb_get_new): Ditto. + (init_pool): Ditto. + (lock_pool): Rename to ... + (look_pool_pages: this. + (secmem_init): Rename to ... + (_gcry_secmem_init_internal): this. Add local var POOL and init with + address of MAINPOOL. + (_gcry_secmem_malloc_internal): Add local var POOL and init with + address of MAINPOOL. + (_gcry_private_is_secure): Ditto. + (_gcry_secmem_term): Ditto. + (_gcry_secmem_dump_stats): Ditto. + (_gcry_secmem_free_internal): Ditto. Remove check for NULL arg. + (_gcry_secmem_free): Add check for NULL arg before taking the lock. + (_gcry_secmem_realloc): Factor most code out to ... + (_gcry_secmem_realloc_internal): this. + +2016-11-28 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + tests: Add PBKDF2 tests for Stribog512. + + commit a0580d446fef648a177ca4ab060d0e449780db84 + * tests/t-kdf.c (check_pbkdf2): Add Stribog512 test cases from TC26's + additions to PKCS#5. + + tests: Add Stribog HMAC tests from TC26ALG. + + commit fe6077e6ee8565bfcc91bad14a73e68f45b3c32b + * tests/basic.c (check_mac): add HMAC test vectors from TC26ALG document + for Stribog. + + cipher: Add Stribog OIDs from TC26 space. + + commit ccffacaf6c3abe6120a0898db922981d28ab7af2 + * cipher/stribog.c (oid_spec_stribog256, oid_spec_stribog512): New. + +2016-11-25 Justus Winter <justus@g10code.com> + + tests: Fix memory leak. + + commit 5530a8234d703ce9b685f78fb6e951136eb0aeb2 + * tests/basic.c (check_gost28147_cipher): Free cipher handles. + +2016-11-25 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Cast oid argument of gcry_cipher_set_sbox to disable compiler warning. + + commit 1a67e3195896704f8b3ba09e3db1214bab834491 + * src/gcrypt.h.in (gcry_cipher_set_sbox): Cast oid to (void *). + + gost: Rename tc26 s-box from A to Z. + + commit dc8ceb8d2dfef949f3afa14fc75f9de8cd07c7ad + * cipher/gost-s-box.c (gost_sboxes): Rename TC26_A to TC26_Z as it is + the name that ended up in all standards. + + tests: Add test to verify GOST 28147-89 against known results. + + commit 4f5c26c73c66daf2e4aff966e43c22b2db7e0138 + * tests/basic.c (check_gost28147_cipher): new test function. + +2016-11-17 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + cipher/gost28147: Fix CryptoPro-B S-BOX. + + commit 5ca63c92825453fdb369a97bbc19cb95b49b4296 + * cipher/gost-s-box.c: CryptoPro_B s-box missed one line, resulting in + incorrect encryption/decryption using that s-box. Add missing data. + +2016-11-12 Werner Koch <wk@gnupg.org> + + Put blocking calls into Libgpg-error's system call clamp. + + commit b829dfe9f0eeff08c956ba3f3a6b559b9d2199dd + * src/gcrypt.h.in (GCRYCTL_REINIT_SYSCALL_CLAMP): New. + * configure.ac: Require Libgpg-error 1.25. Set version number to + 1.8.0. + * src/gcrypt-int.h: Remove error code emulation. + * src/global.c (pre_syscall_func, post_syscall_func): New. + (global_init): Call gpgrt_get_syscall_clamp. + (_gcry_vcontrol) <GCRYCTL_REINIT_SYSCALL_CLAMP>: Ditto. + (_gcry_pre_syscall, _gcry_post_syscall): New. + * random/rndlinux.c (_gcry_rndlinux_gather_random): Use the new + functions. + +2016-11-01 NIIBE Yutaka <gniibe@fsij.org> + + cipher: Fix IDEA cipher for clearing memory. + + commit bf6d5b10cb4173826f47ac080506b68bb001acb2 + * cipher/idea.c (invert_key): Use wipememory, since this kind of memset + may be removed by compiler optimization. + +2016-10-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + GCM: Add bulk processing for ARMv8/AArch64 implementation. + + commit bfd732f53a9b5dfe14217a68a0fa289bf6913ec0 + * cipher/cipher-gcm-armv8-aarch64-ce.S: Add 6 blocks bulk processing. + + GCM: Add bulk processing for ARMv8/AArch32 implementation. + + commit 27747921cb1dfced83c5666cd1c474764724c52b + * cipher/cipher-gcm-armv8-aarch32-ce.S: Add 4 blocks bulk processing. + * tests/basic.c (check_digests): Print correct data length for "?" + tests. + (check_one_mac): Add large 1000000 bytes tests, when input is "!" or + "?". + (check_mac): Add "?" tests vectors for HMAC, CMAC, GMAC and POLY1305. + +2016-09-11 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Aarch64 assembly implementation of Twofish. + + commit 5418d9ca4c0e087fd6872ad350a996fe74880d86 + * cipher/Makefile.am: Add 'twofish-aarch64.S'. + * cipher/twofish-aarch64.S: New. + * cipher/twofish.c: Enable USE_ARM_ASM if __AARCH64EL__ and + HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. + * configure.ac [host=aarch64]: Add 'twofish-aarch64.lo'. + +2016-09-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Aarch64 assembly implementation of Camellia. + + commit de73a2e7237ba7c34ce48bb5fb671aa3993de832 + * cipher/Makefile.am: Add 'camellia-aarch64.S'. + * cipher/camellia-aarch64.S: New. + * cipher/camellia-glue.c [USE_ARM_ASM][__aarch64__]: Set stack burn + size to zero. + * cipher/camellia.h: Enable USE_ARM_ASM if __AARCH64EL__ and + HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. + * configure.ac [host=aarch64]: Add 'rijndael-aarch64.lo'. + + Add ARMv8/AArch64 Crypto Extension implementation of AES. + + commit 4cd8d40d698564d24ece2af24546e34c58bf2961 + * cipher/Makefile.am: Add 'rijndael-armv-aarch64-ce.S'. + * cipher/rijndael-armv8-aarch64-ce.S: New. + * cipher/rijndael-internal.h (USE_ARM_CE): Enable for ARMv8/AArch64. + * configure.ac: Add 'rijndael-armv-aarch64-ce.lo' and + 'rijndael-armv8-ce.lo' for ARMv8/AArch64. + + Add ARMv8/AArch64 Crypto Extension implementation of GCM. + + commit 0b332c1aef03a735c1fb0df184f74d523deb2f98 + * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch64-ce.S'. + * cipher/cipher-gcm-armv8-aarch64-ce.S: New. + * cipher/cipher-internal.h (GCM_USE_ARM_PMULL): Enable on + ARMv8/AArch64. + + Add ARMv8/AArch64 Crypto Extension implementation of SHA-256. + + commit 2d4bbc0ad62c54bbdef77799f9db82d344b7219e + * cipher/Makefile.am: Add 'sha256-armv8-aarch64-ce.S'. + * cipher/sha256-armv8-aarch64-ce.S: New. + * cipher/sha256-armv8-aarch32-ce.S: Move round macros to correct + section. + * cipher/sha256.c (USE_ARM_CE): Enable on ARMv8/AArch64. + * configure.ac: Add 'sha256-armv8-aarch64-ce.lo'; Swap places for + 'sha512-arm.lo' and 'sha256-armv8-aarch32-ce.lo'. + + Add ARMv8/AArch64 Crypto Extension implementation of SHA-1. + + commit e4eb03f56683317c908cb55be727832810dc8c72 + * cipher/Makefile.am: Add 'sha1-armv8-aarch64-ce.S'. + * cipher/sha1-armv8-aarch64-ce.S: New. + * cipher/sha1.c (USE_ARM_CE): Enable on ARMv8/AArch64. + * configure.ac: Add 'sha1-armv8-aarch64-ce.lo'. + +2016-09-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add AArch64 assembly implementation of AES. + + commit 595251ad37bf1968261d7e781752513f67525803 + * cipher/Makefile.am: Add 'rijndael-aarch64.S'. + * cipher/rijndael-aarch64.S: New. + * cipher/rijndael-internal.h: Enable USE_ARM_ASM if __AARCH64EL__ and + HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. + * configure.ac (gcry_cv_gcc_aarch64_platform_as_ok): New check. + [host=aarch64]: Add 'rijndael-aarch64.lo'. + +2016-08-17 Werner Koch <wk@gnupg.org> + + Release 1.7.3. + + commit f8241874971478bdcd2bc2082d901d05db7b256d + * configure.ac: Set LT version to C21/A1/R3. + + random: Hash continuous areas in the csprng pool. + + commit 8dd45ad957b54b939c288a68720137386c7f6501 + * random/random-csprng.c (mix_pool): Store the first hash at the end + of the pool. + + random: Improve the diagram showing the random mixing. + + commit 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 + * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20. + +2016-07-19 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + crc-intel-pclmul: split assembly block to ease register pressure. + + commit f38199dbc290003898a1799adc367265267784c2 + * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline + assembly block handling 4 byte input into multiple blocks. + + rijndael-aesni: split assembly block to ease register pressure. + + commit a4d1595a2638db63ac4c73e722c8ba95fdd85ff7 + * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register + constraint for passing 'bige_addb' to assembly block; split + first inline assembly block into two parts. + +2016-07-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add ARMv8/AArch32 Crypto Extension implementation of AES. + + commit 05a4cecae0c02d2b4ee1cadd9c08115beae3a94a + * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and + 'rijndael-armv-aarch32-ce.S'. + * cipher/rijndael-armv8-aarch32-ce.S: New. + * cipher/rijndael-armv8-ce.c: New. + * cipher/rijndael-internal.h (USE_ARM_CE): New. + (RIJNDAEL_context_s): Add 'use_arm_ce'. + * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey) + (_gcry_aes_armv8_ce_prepare_decryption) + (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt) + (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc) + (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec) + (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt) + (_gcry_aes_armv8_ce_ocb_auth): New. + (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key + setup for ARM CE. + (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec) + (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add + ARM CE support. + * configure.ac: Add 'rijndael-armv8-ce.lo' and + 'rijndael-armv8-aarch32-ce.lo'. + + Add ARMv8/AArch32 Crypto Extension implementation of GCM. + + commit 962b15470663db11e5c35b86768f1b5d8e600017 + * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'. + * cipher/cipher-gcm-armv8-aarch32-ce.S: New. + * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL] + (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull) + (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New. + (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if + HWF_ARM_PULL HW feature flag is enabled. + * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New. + + Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256. + + commit 34c64eb03178fbfd34190148fec5a189df2b8f83 + * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'. + * cipher/sha256-armv8-aarch32-ce.S: New. + * cipher/sha256.c (USE_ARM_CE): New. + (sha256_init, sha224_init): Check features for HWF_ARM_SHA1. + [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New. + (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports. + (SHA256_CONTEXT): Add 'use_arm_ce'. + * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'. + + Add ARMv8/AArch32 Crypto Extension implementation of SHA-1. + + commit 3d6334f8d94c2a4df10eed203ae928298a4332ef + * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'. + * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add + missing size. + * cipher/sha1-armv8-aarch32-ce.S: New. + * cipher/sha1.c (USE_ARM_CE): New. + (sha1_init): Check features for HWF_ARM_SHA1. + [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New. + (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports + it. + * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'. + * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'. + + Add HW feature check for ARMv8 AArch64 and crypto extensions. + + commit eee78f6e1fbce7d54c43fb7efc5aa8be9f52755f + * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm + module on 64-bit ARM. + (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto) + (gcry_cv_inline_asm_aarch64_neon) + (gcry_cv_gcc_inline_asm_aarch64_crypto): New. + * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2) + (HWF_ARM_PMULL): New. + * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode. + (feature_map_s): New. + [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL) + (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New. + [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES) + (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New. + (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use + 'unsigned long'. + (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags. + (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags. + (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__. + * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2' + and 'arm-pmull'. + +2016-07-14 Werner Koch <wk@gnupg.org> + + Release 1.7.2. + + commit be0bec7d9208b2f2d2ffce9cc2ca6154853e7e59 + * configure.ac: Set LT version to C21/A1/R2. + * Makefile.am (distcheck-hook): New. + +2016-07-13 Werner Koch <wk@gnupg.org> + + build: Update config.{guess,sub} to {2016-05-15,2016-06-20}. + + commit e535ea1bdc42309553007d60599d3147b8defe93 + * build-aux/config.guess: Update. + * build-aux/config.sub: Update. + +2016-07-08 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix unaligned accesses with ldm/stm in ChaCha20 and Poly1305 ARM/NEON. + + commit 1111d311fd6452abd4080d1072c75ddb1b5a3dd1 + * cipher/chacha20-armv7-neon.S (UNALIGNED_STMIA8) + (UNALIGNED_LDMIA4): New. + (_gcry_chacha20_armv7_neon_blocks): Use new helper macros instead of + ldm/stm instructions directly. + * cipher/poly1305-armv7-neon.S (UNALIGNED_LDMIA2) + (UNALIGNED_LDMIA4): New. + (_gcry_poly1305_armv7_neon_init_ext, _gcry_poly1305_armv7_neon_blocks) + (_gcry_poly1305_armv7_neon_finish_ext): Use new helper macros instead + of ldm instruction directly. + +2016-07-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + bench-slope: add unaligned buffer mode. + + commit 496790940753226f96b731a43d950bd268acd97a + * tests/bench-slope.c (unaligned_mode): New. + (do_slope_benchmark): Unalign buffer if in unaligned mode enabled. + (print_help, main): Add '--unaligned' parameter. + +2016-07-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix static build. + + commit cb79630ec567a5f2e03e5f863cda168faa7b8cc8 + * tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'. + +2016-06-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Disallow encryption/decryption if key is not set. + + commit 07de9858032826f5a7b08c372f6bcc73bbb503eb + * cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not + NONE, make sure that key is set. + * cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear + 'marks.key' when reseting state. + + Avoid unaligned accesses with ARM ldm/stm instructions. + + commit a6158a01a4d81a5d862e1e0a60bfd6063443311d + * cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always + compile with unaligned load/store code paths. + * cipher/sha512-arm.S: Ditto. + + Fix non-PIC reference in PIC for poly1305/ARMv7-NEON. + + commit a09126242a51c4ea4564b0f70b808e4f27fe5a91 + * cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New. + (_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER. + + Fix wrong CPU feature #ifdef for SHA1/AVX. + + commit 4a983e3bef58b9d056517e25e0ab10b72d12ceba + * cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of + HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2. + +2016-06-30 Werner Koch <wk@gnupg.org> + + random: Remove debug message about not supported getrandom syscall. + + commit 6965515c73632a088fb126a4a55e95121671fa98 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug + for getrandom error ENOSYS. + +2016-06-27 Werner Koch <wk@gnupg.org> + + tests: Do not test SHAKE128 et al with gcry_md_hash_buffer. + + commit 4d634a098742ff425b324e9f2a67b9f62de09744 + * tests/benchmark.c (md_bench): Do not test variable lengths algos + with the gcry_md_hash_buffer. + + md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer. + + commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c + * cipher/md.c (md_read): Detect missing read function. + (_gcry_md_hash_buffers): Return an error. + +2016-06-25 Werner Koch <wk@gnupg.org> + + ecc: Fix memory leak. + + commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a + * cipher/ecc.c (ecc_check_secret_key): Do not init point if already + set. + + doc: Update yat2m. + + commit 1feb01940062a74c27230434fc3babdddca8caf4 + * doc/yat2m.c: Update from Libgpg-error + + tests: Add attributes to helper functions. + + commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9 + * tests/t-common.h (die, fail, info): Add attributes. + * tests/random.c (die, inf): Ditto. + * tests/pubkey.c (die, fail, info): Add attributes. + * tests/fipsdrv.c (die): Add attribute. + (main): Take care of missing --key,--iv,--dt options. + + Improve robustness and help lint. + + commit 5a5b055b81ee60a22a846bdf2031516b1c24df98 + * cipher/rsa.c (rsa_encrypt): Check for !DATA. + * cipher/md.c (search_oid): Check early for !OID. + (md_copy): Use gpg_err_code_from_syserror. Replace chains of if(!err) + tests. + * cipher/cipher.c (search_oid): Check early for !OID. + * src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0. + * mpi/mpicoder.c (onecompl): Allow for A==NULL to help static + analyzers. + + cipher: Improve fatal error message for bad use of gcry_md_read. + + commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac + * cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG. + +2016-06-16 Niibe Yutaka <gniibe@fsij.org> + + ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. + + commit b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d + * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) + (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default + cofactor as 1, when not specified. + + ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. + + commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 + * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) + (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default + cofactor as 1, when not specified. + +2016-06-15 Werner Koch <wk@gnupg.org> + + Release 1.7.1. + + commit 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223 + + + doc: Describe envvars. + + commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc + * doc/gcrypt.texi: Add chapter Configuration. + + random: Change names of debug envvars. + + commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3 + * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to + GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG. + * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to + GCRYPT_RNDW32_NOPERF. + +2016-06-14 Werner Koch <wk@gnupg.org> + + cipher: Assign OIDs to the Serpent cipher. + + commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e + * cipher/serpent.c (serpent128_oids, serpent192_oids) + (serpent256_oids): New. Add them to the specs blow. + (serpent128_aliases): Add "SERPENT-128". + (serpent256_aliases, serpent192_aliases): New. + + cipher: Assign OIDs to the Serpent cipher. + + commit 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 + * cipher/serpent.c (serpent128_oids, serpent192_oids) + (serpent256_oids): New. Add them to the specs blow. + (serpent128_aliases): Add "SERPENT-128". + (serpent256_aliases, serpent192_aliases): New. + +2016-06-08 Werner Koch <wk@gnupg.org> + + rsa: Implement blinding also for signing. + + commit 1f769e3e8442bae2f1f73c656920bb2df70153c0 + * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... + (secret_blinded): new. + (rsa_sign): Use blinding by default. + + random: Remove debug output for getrandom(2) output. + + commit 52cdfb1960808aaad48b5a501bbce0e3141c3961 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug + output. + + Fix gcc portability on Solaris 9 SPARC boxes. + + commit b766ea14ad1c27d6160531b200cc70aaa479c6dc + * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. + +2016-06-08 Jérémie Courrèges-Anglas <jca@wxcvbn.org> + + Check for compiler SSE4.1 support in PCLMUL CRC code. + + commit dc76313308c184c92eb78452b503405b90fc7ebd + * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if + compiler supports PCLMUL *and* SSE4.1 + * cipher/crc.c: Ditto + * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New. + +2016-06-08 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix ecc_verify for cofactor support. + + commit bd39eb9fba47dc8500c83769a679cc8b683d6c6e + * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h". + +2016-06-08 Werner Koch <wk@gnupg.org> + + random: Try to use getrandom() instead of /dev/urandom (Linux only). + + commit c05837211e5221d3f56146865e823bc20b4ff1ab + * configure.ac: Check for syscall. + * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h. + (_gcry_rndlinux_gather_random): Use getrandom is available. + +2016-06-03 Werner Koch <wk@gnupg.org> + + rsa: Implement blinding also for signing. + + commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 + * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... + (secret_blinded): new. + (rsa_sign): Use blinding by default. + + random: Remove debug output for getrandom(2) output. + + commit 82df6c63a72fdd969c3923523f10d0cef5713ac7 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug + output. + +2016-06-02 Werner Koch <wk@gnupg.org> + + Fix gcc portability on Solaris 9 SPARC boxes. + + commit 4121f15122501d8946f1589b303d1f7949c15e30 + * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. + +2016-05-28 Jérémie Courrèges-Anglas <jca@wxcvbn.org> + + Check for compiler SSE4.1 support in PCLMUL CRC code. + + commit 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8 + * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if + compiler supports PCLMUL *and* SSE4.1 + * cipher/crc.c: Ditto + * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New. + +2016-05-06 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix ecc_verify for cofactor support. + + commit c7430aa752232aa690c5d8f16575a345442ad8d7 + * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h". + +2016-04-26 Werner Koch <wk@gnupg.org> + + random: Try to use getrandom() instead of /dev/urandom (Linux only). + + commit ee5a32226a7ca4ab067864e06623fc11a1768900 + * configure.ac: Check for syscall. + * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h. + (_gcry_rndlinux_gather_random): Use getrandom is available. + +2016-04-19 Werner Koch <wk@gnupg.org> + + asm fix for older gcc versions. + + commit caa9d14c914bf6116ec3f773a322a94e2be0c0fb + * cipher/crc-intel-pclmul.c: Remove extra trailing colon from + asm statements. + + asm fix for older gcc versions. + + commit 4545372c0f8dd35aef2a7abc12b588ed1a4a0363 + * cipher/crc-intel-pclmul.c: Remove extra trailing colon from + asm statements. + +2016-04-15 Werner Koch <wk@gnupg.org> + + Release 1.7.0. + + commit 795f9cb090c776658a0e3117996e3fb7e2ebd94a + + +2016-04-14 Werner Koch <wk@gnupg.org> + + tests: Add test vectors for 256 GiB test of SHA3-256. + + commit 1737c546dc7268fa9edcd4a23b7439c56d37ee4f + * tests/hashtest.c: Add new test vectros. + +2016-04-14 Justus Winter <justus@g10code.com> + + src: Improve S-expression parsing. + + commit 491586bc7f7b9edc6b78331a77e653543983c9e4 + * src/sexp.c (do_vsexp_sscan): Return an error if a closing + parenthesis is encountered with no matching opening parenthesis. + +2016-04-14 Werner Koch <wk@gnupg.org> + + cipher: Add constant for 8 bit CFB mode. + + commit 47c6a1f88eb763e9baa394e34d873b761abcebbe + * src/gcrypt.h.in (GCRY_CIPHER_MODE_CFB8): New. + * tests/basic.c (check_cfb_cipher): Prepare for CFB-8 tests. + + tests: Add a new test for S-expressions. + + commit 88c6b98350193abbdcfb227754979b0c097ee09c + * tests/t-sexp.c (compare_to_canon): New. + (back_and_forth_one): Add another test. + +2016-04-13 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix corner cases for X25519. + + commit 8472b71812e71c69d66e2fcc02a6e21b66755f8b + * cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns + GPG_ERR_INV_DATA instead of aborting with log_fatal. For X25519, + it's not an error, thus, let it return 0. + (ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish + X25519, not by the name of the curve. + (ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead + of aborting with log_fatal. For X25519, it's not an error by its + definition, but we deliberately let it return the error to detect + looks-like-encrypted-message. + * tests/t-cv25519.c: Add points to record the issue. + +2016-04-12 Werner Koch <wk@gnupg.org> + + cipher: Buffer data from gcry_cipher_authenticate in OCB mode. + + commit b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b + * cipher/cipher-internal.h (gcry_cipher_handle): Add fields + aad_leftover and aad_nleftover to u_mode.ocb. + * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Clear + aad_nleftover. + (_gcry_cipher_ocb_authenticate): Add buffering and facor some code out + to ... + (ocb_aad_finalize): new. + (compute_tag_if_needed): Call new function. + * tests/basic.c (check_ocb_cipher_splitaad): New. + (check_ocb_cipher): Call new function. + (main): Also call check_cipher_modes with --ciper-modes. + +2016-04-12 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix X25519 computation on Curve25519. + + commit ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5 + * cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when + PUBKEY_FLAG_DJB_TWEAK is enabled. + (ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled. + * tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt. + + ecc: Fix initialization of EC context. + + commit 7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de + * cipher/ecc.c (test_ecdh_only_keys, ecc_generate) + (ecc_check_secret_key, ecc_encrypt_raw, ecc_decrypt_raw): Initialize + by _gcry_mpi_ec_p_internal_new should carry FLAGS. + +2016-04-06 Werner Koch <wk@gnupg.org> + + Allow building with configure option --enable-hmac-binary-check. + + commit 65c63144b66392f40b991684789b8b793248e3ba + * src/Makefile.am (mpicalc_LDADD): Add DL_LIBS. + * src/fips.c (check_binary_integrity): Allow use of hmac256 output. + * src/hmac256.c (main): Add option --stdkey + +2016-04-06 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Positive values in computation. + + commit 6f386ceae86a058e26294f744750f1ed2a95e604 + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure + coefficients A and B are positive. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do + "P - T" instead of "-T", so that the result will be positive. + (_gcry_ecc_eddsa_verify): Likewise. + * cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve + instead of _gcry_ecc_update_curve_param. + * mpi/ec.c (ec_subm): Make sure the result will be positive. + (dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use + mpi_sub instead of mpi_neg. + (add_points_edwards): Simply use ec_addm. + * tests/t-mpi-point.c (test_curve): Define curves with positive + coefficients. + +2016-04-01 Werner Koch <wk@gnupg.org> + + mpi: Explicitly limit the allowed input length for gcry_mpi_scan. + + commit 862cf19a119427dd7ee7959a36c72d905f5ea5ca + * mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New. + (mpi_fromstr): Check against this limit. + (_gcry_mpi_scan): Ditto. + * tests/mpitests.c (test_maxsize): New. + (main): Cal that test. + +2016-03-31 Werner Koch <wk@gnupg.org> + + cipher: Remove specialized rmd160 functions. + + commit fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27 + * cipher/rmd160.c: Replace rmd.h by hash-common.h. + (RMD160_CONTEXT): Move from rmd.h to here. + (_gcry_rmd160_init): Remove. + (_gcry_rmd160_mixblock): Remove. + (_gcry_rmd160_hash_buffer): Use rmd160_init directly. + * cipher/md.c: Remove rmd.h which was not actually used. + * cipher/rmd.h: Remove. + * cipher/Makefile.am (libcipher_la_SOURCES): Remove rmd.h. + * configure.ac (USE_RMD160): Allow to build without RMD160. + + random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool. + + commit a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0 + * cipher/sha1.c (_gcry_sha1_mixblock_init): New. + (_gcry_sha1_mixblock): New. + * random/random-csprng.c: Include sha1.h instead of rmd.h. + (mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing. + + cipher: Move sha1 context definition to a separate file. + + commit 142a479a484cb4e84d0561be9b05b44dac9e6fe2 + * cipher/sha1.c: Replace hash-common.h by sha1.h. + (SHA1_CONTEXT): Move to ... + * cipher/sha1.h: new. Always include all flags. + * cipher/Makefile.am (libcipher_la_SOURCES): Add sha1.h. + +2016-03-29 Werner Koch <wk@gnupg.org> + + tests: Fix buffer overflow in bench-slope. + + commit 48ee918400762281bec5b6fc218a9f0d119aac7c + * tests/bench-slope.c (bench_print_result_std): Remove wrong use of + strncat. + +2016-03-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + cipher: GCM: check that length of supplied tag is one of valid lengths. + + commit f2260e3a2e962ac80124ef938e54041bbea08561 + * cipher/cipher-gcm.c (is_tag_length_valid): New. + (_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length. + * tests/basic.c (_check_gcm_cipher): Add test-vectors with different + valid tag lengths and negative test vectors with invalid lengths. + +2016-03-24 Peter Wu <peter@lekensteyn.nl> + + cipher: Fix memleaks in (self)tests. + + commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9 + * cipher/dsa.c: Release memory for MPI and sexp structures. + * cipher/ecc.c: Release memory for sexp structure. + * tests/keygen.c: Likewise. + + Mark constant MPIs as non-leaked. + + commit 470a30db241a2d567739ef2adb2a2ee64992d8b4 + * mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked. + +2016-03-23 Werner Koch <wk@gnupg.org> + + Add new control GCRYCTL_GET_TAGLEN for use with gcry_cipher_info. + + commit fea5971488e049f902d7912df22a945bc755ad6d + * src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New. + * cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature. + + * tests/basic.c (_check_gcm_cipher): Check that new feature. + (_check_poly1305_cipher): Ditto. + (check_ccm_cipher): Ditto. + (do_check_ocb_cipher): Ditto. + (check_ctr_cipher): Add negative test for new feature. + + cipher: Avoid NULL-segv in GCM mode if a key has not been set. + + commit e709d86fe596a4bcf235799468947c13ae657d78 + * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN + has been initialized. + (_gcry_cipher_gcm_decrypt): Ditto. + (_gcry_cipher_gcm_authenticate): Ditto. + (_gcry_cipher_gcm_initiv): Ditto. + (_gcry_cipher_gcm_tag): Ditto. + + cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag. + + commit 7c9c82feecf94a455c66d9c38576f36c9c4b484c + * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the + provided tag length matches the actual tag length. + +2016-03-23 Peter Wu <peter@lekensteyn.nl> + + Fix buffer overrun in gettag for Poly1305. + + commit 6821e1bd94969106a70e3de17b86f6e6181f4e59 + * cipher/cipher-poly1305.c: copy a fixed length instead of the + user-supplied number. + +2016-03-23 Werner Koch <wk@gnupg.org> + + cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag. + + commit 15785bc9fb1787554bf371945ecb191830c15bfd + * cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided + tag length matches the actual tag length. Avoid gratuitous return + statements. + +2016-03-23 Peter Wu <peter@lekensteyn.nl> + + Fix buffer overrun in gettag for GCM. + + commit d3d7bdf8215275b3b20690dfde3f43dbe25b6f85 + * cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied + number. + +2016-03-22 Werner Koch <wk@gnupg.org> + + tests: Add options --fips to keygen for manual tests. + + commit d328095dd4de83b839d9d8c4bdbeec0956971016 + (main): Add option --fips. + * tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539 + because that is valid in FIPS mode. Check that key generation fails + for too short keys in FIPS mode. + (check_ecc_keys): Check that key generation fails for Ed25519 keys in + FIPS mode. + +2016-03-22 Tomáš Mráz <tmraz@redhat.com> + + rsa: Add FIPS 186-4 compliant RSA probable prime key generator. + + commit 5f9b3c2e220ca6d0eaff32324a973ef67933a844 + * cipher/primegen.c (_gcry_fips186_4_prime_check): New. + * cipher/rsa.c (generate_fips): New. + (rsa_generate): Use new function in fips mode or with test-parms. + + * tests/keygen.c (check_rsa_keys): Add test using e=65539. + +2016-03-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix ARM NEON support detection on ARMv6 target. + + commit 583919d70763671ed9feeaa14e1f66379aff88cc + * configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive + instead of '.thumb'. + +2016-03-18 Werner Koch <wk@gnupg.org> + + Always require a 64 bit integer type. + + commit 897ccd21b7221982806b5c024518f4e989152f14 + * configure.ac (available_digests_64): Merge with available_digests. + (available_kdfs_64): Merge with available_kdfs. + <64 bit datatype test>: Bail out if no such type is available. + * src/types.h: Emit #error if no u64 can be defined. + (PROPERLY_ALIGNED_TYPE): Always add u64 type. + * cipher/bithelp.h: Remove all code paths which handle the + case of !HAVE_U64_TYPEDEF. + * cipher/bufhelp.h: Ditto. + * cipher/cipher-ccm.c: Ditto. + * cipher/cipher-gcm.c: Ditto. + * cipher/cipher-internal.h: Ditto. + * cipher/cipher.c: Ditto. + * cipher/hash-common.h: Ditto. + * cipher/md.c: Ditto. + * cipher/poly1305.c: Ditto. + * cipher/scrypt.c: Ditto. + * cipher/tiger.c: Ditto. + * src/g10lib.h: Ditto. + * tests/basic.c: Ditto. + * tests/bench-slope.c: Ditto. + * tests/benchmark.c: Ditto. + +2016-03-18 Vitezslav Cizek <vcizek@suse.com> + + tests: Fix testsuite after the FIPS adjustments. + + commit 9ecc2690181ba0bb44f66451a7dce2fc19965793 + * tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS. + * tests/curves.c (check_get_params): Skip Brainpool curves in FIPS. + * tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys. + (check_ecc_keys): Skip Ed25519 in FIPS mode. + * tests/random.c (main): Don't switch DRBG in FIPS mode. + * tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode. + * tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS. + * tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS. + (main): Skip math tests that use P-192 and Ed25519 in FIPS. + + tests: Add new --pss option to fipsdrv. + + commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97 + * tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length + to 0 for PSS. + + cipher: Add option to specify salt length for PSS verification. + + commit 0bd8137e68c201b6c2290710e348aaf57efa2b2e + * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for + salt-length token. + + tests: Add support for RSA keygen tests to fipsdrv. + + commit 2e139456369a834cf87d983da4f61241fda76efe + * tests/fipsdrv.c (run_rsa_keygen): New. + (main): Support RSA keygen and RSA keygen KAT tests. + + tests: Fixes for RSA testsuite in FIPS mode. + + commit c690230af5a66b809f8f6fbab1a6262a5ba078cb + * tests/basic.c (get_keys_new): Generate 2048 bit key. + * tests/benchmark.c (rsa_bench): Skip keys of lengths different + than 2048 and 3072 in FIPS mode. + * tests/keygen.c (check_rsa_keys): Failure if short keys can be + generated in FIPS mode. + (check_dsa_keys): Ditto for DSA keys. + * tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS. + + rsa: Use 2048 bit RSA keys for selftest. + + commit 78cec8b4754fdf774edb2d575000cb3e972e244c + * cipher/rsa.c (selftests_rsa): Use 2048 bit keys. + (selftest_encr_1024): Replaced by selftest_encr_2048. + (selftest_sign_1024): Replaced by selftest_sign_2048. + (selftest_encr_2048): Add check against known ciphertext. + (selftest_sign_2048): Add check against known signature. + (selftest_sign_2048): Free SIG_MPI. + * tests/pubkey.c (get_keys_new): Generate 2048 bit keys. + + Disable non-allowed algorithms in FIPS mode. + + commit ce1cbe16992a7340edcf8e6576973e3508267640 + * cipher/cipher.c (_gcry_cipher_init), + * cipher/mac.c (_gcry_mac_init), + * cipher/md.c (_gcry_md_init), + * cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the + non-allowed ciphers. + * cipher/md5.c: Mark MD5 as not allowed in FIPS. + * src/g10lib.h (_gcry_mac_init): New. + * src/global.c (global_init): Call the new _gcry_mac_init. + * tests/basic.c (check_ciphers): Fix a typo. + +2016-03-18 Werner Koch <wk@gnupg.org> + + kdf: Make PBKDF2 check work on all platforms. + + commit c478cf175887c84dc071c4f73a7667603b354789 + * cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long. + +2016-03-18 Vitezslav Cizek <vcizek@suse.com> + + kdf: Add upper bound for derived key length in PBKDF2. + + commit 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6 + * cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen. + + ecc: ECDSA adjustments for FIPS 186-4. + + commit a242e3d9185e6e2dc13902ea9331131755bbba01 + * cipher/ecc-curves.c: Unmark curve P-192 for FIPS. + * cipher/ecc.c: Add ECDSA self test. + * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2 + in FIPS mode. + * tests/fipsdrv.c: Add support for ECDSA signatures. + +2016-03-18 Werner Koch <wk@gnupg.org> + + dsa: Make regression tests work. + + commit e40939b2141306238cc30a340b867b60fa4dc2a3 + * cipher/dsa.c (sample_secret_key_1024): Comment out unused constant. + (ogenerate_fips186): Make it work with use-fips183-2 flag. + * cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs + standard comment out format. + * tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion. + (main): Call it. + (main): Compare against current version. + * tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key. + (get_dsa_key_fips186_with_seed_new): Ditto. + (get_dsa_key_fips186_with_domain_new): Comment out. + (check_run): Do not call that function. + +2016-03-18 Vitezslav Cizek <vcizek@suse.com> + + dsa: Adjustments to conform with FIPS 186-4. + + commit 80e9f95e6f419daa765e4876c858e3e36e808897 + * cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments. + * cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect + buflen passed to _gcry_mpi_scan. + +2016-03-16 Justus Winter <justus@g10code.com> + + Update documentation for 'gcry_sexp_extract_param'. + + commit 4051fe7fec6ffdc7a2f5c3856665478866991ee7 + * doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs + must be set to NULL first, and document how the function behaves in + case of errors. + * src/sexp.c (_gcry_sexp_extract_param): Likewise. + * src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from + '_gcry_sexp_extract_param'. + + cipher: Update comment. + + commit fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2 + * cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact + that a curve parameter can be given. + +2016-03-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Intel PCLMUL implementations of CRC algorithms. + + commit 5d601dd57fcb41aa2015ab655fd6fc51537da667 + * cipher/Makefile.am: Add 'crc-intel-pclmul.c'. + * cipher/crc-intel-pclmul.c: New. + * cipher/crc.c (USE_INTEL_PCLMUL): New macro. + (CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'. + [USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul) + (gcry_crc24rfc2440_intel_pclmul): New. + (crc32_init, crc32rfc1510_init, crc24rfc2440_init) + [USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL + HW features detected. + (crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL + implementation if enabled. + (crc24_init): Document storage format of 24-bit CRC. + (crc24_next4): Use only 'data' for last table look-up. + * configure.ac: Add 'crc-intel-pclmul.lo'. + * src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include + Intel SSE4.1. + * src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection. + * src/hwfeatures.c (hwflist): Add 'intel-sse4.1'. + * tests/basic.c (fillbuf_count): New. + (check_one_md): Add "?" check (million byte data-set with byte pattern + 0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?" + checks. + (check_one_md_multi): Skip "?". + (check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256, + SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160, + CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!" + test-vectors for CRC32_RFC1510 and CRC24_RFC2440. + +2016-02-25 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Normalize EXPO for mpi_powm. + + commit fdfa5bfefdde316688a3c8021bd3528c5273b0f4 + * mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP. + +2016-02-22 Andreas Metzler <ametzler@bebt.de> + + Do not ship generated header file in tarball. + + commit 2b40a16333fa75f1cee85ab901a5aa9cff845a92 + * src/Makefile.am: Move gcrypt.h from include_HEADERS to + nodist_include_HEADERS to prevent inclusion in release tarball. + This could break out-of-tree-builds because the potentially outdated + src/gcrypt.h was not updated but was in the compiler search path. + +2016-02-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix building random-drbg for Win32/64. + + commit 531b25aa94c58f6d2168a9537c8cea6c53d7bbe0 + * random/random-drbg.c: Remove include for sys/types.h and asm/types.h. + (DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH) + (DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384) + (DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192) + (DRBG_SYM256): Change 'u_int32_t' to 'u32'. + (drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters + 'drbg_read_cb' and 'len'. + +2016-02-20 Werner Koch <wk@gnupg.org> + + tests: Do not test DRBG_REINIT from "make check" + + commit 839d12c221430b60db5e0d6fbb107f22e0a6837f + * tests/random.c (main): Run check_drbg_reinit only if the envvar + GCRYPT_IN_REGRESSION_TEST is set. + + doc: Fix possible dependency problem. + + commit 3b57e5a1ba68e26dcaea38b763287fddba9b6b7c + * doc/Makefile.am (gcrypt.texi): Use the right traget. + +2016-02-19 Stephan Mueller <smueller@chronox.de> + + random: Remove ANSI X9.31 DRNG. + + commit e9b692d25d1c149b5417b70e18f2ce173bc25b6d + * random-fips.c: Remove. + +2016-02-19 Werner Koch <wk@gnupg.org> + + random: Add a test case for DRBG_REINIT. + + commit 934ba2ae5a95a96fdbb3b935b51ba43df66f11df + * src/global.c (_gcry_vcontrol) <DRBG_REINIT>: Test for FIPS RNG. + * tests/random.c (check_drbg_reinit): New. + (main): Call new test. + + random: Allow DRBG_REINIT before initialization. + + commit 7cdbd6e6a3cf1ee366b981e148d41b1187a6fdcf + * random/random-drbg.c (DRBG_DEFAULT_TYPE): New. + (_drbg_init_internal): Set the default type if no type has been set + before. + (_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default. + + Add new private header gcrypt-testapi.h. + + commit 744b030cff61fd25114b0b25394c62782c153343 + * src/gcrypt-testapi.h: New. + * src/Makefile.am (libgcrypt_la_SOURCES): Add new file. + * random/random.h: Include gcrypt-testapi.h. + (struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h. + * src/global.c: Include gcrypt-testapi.h. + (_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61. + * cipher/cipher.c: Include gcrypt-testapi.h. + (_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62. + * tests/fipsdrv.c: Include gcrypt-testapi.h. Remove definition of + PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_ + constants. + * tests/t-lock.c: Include gcrypt-testapi.h. Remove + PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants. + + * random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ... + (_gcry_rngdrbg_cavs_test): this. + (gcry_rngdrbg_healthcheck_one): Rename to ... + (_gcry_rngdrbg_healthcheck_one): this. + + random: Make the DRBG C-90 clean and use a flag string. + + commit 95f1db3affb9f5b8a2c814c211d4a02b30446c15 + * random/random.h (struct gcry_drbg_test_vector): Rename "flags" to + "flagstr" and turn it into a string. + * random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of + designated initializers. Use a string for the flags. + (gcry_rngdrbg_cavs_test): Parse the flag string into a flag value. + (drbg_healthcheck_sanity): Ditto. + + random: Symbol name cleanup for random-drbg.c. + + commit 85ed07790552297586258e8fe09b546eee357a8b + * random/random-drbg.c: Rename all static objects and macros from + "gcry_drbg" to "drbg". + (drbg_string_t): New typedef. + (drbg_gen_t): New typedef. + (drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by + this. + (_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so + that an error if actually returned. + (gcry_rngdrbg_cavs_test): Ditto. + (gcry_drbg_healthcheck_sanity): Ditto. + + random: Use our symbol name pattern also for drbg functions. + + commit 7cf3c929331133e4381dbceac53d3addd921c929 + * random/random-drbg.c: Rename global functions from _gcry_drbg_* + to _gcry_rngdrbg_*. + * random/random.c: Adjust for this change. + * src/global.c: Ditto. + + random: Rename drbg.c to random-drbg.c. + + commit e49b3f2c10e012509b5930c0df4d6df378d3b9f4 + * random/drbg.c: Rename to ... + * random/random-drbg.c: this. + * random/Makefile.am (librandom_la_SOURCES): Adjust accordingly. + + random: Remove the new API introduced by the new DRBG. + + commit dfac2b13d0068b2b1b420d77e9771a49964b81c1 + * src/gcrypt.h.in (struct gcry_drbg_gen): Move to random/drbg.c. + (struct gcry_drbg_string): Ditto. + (gcry_drbg_string_fill): Ditto. + (gcry_randomize_drbg): Remove. + * random/drbg.c (parse_flag_string): New. + (_gcry_drbg_reinit): Change the way the arguments are passed. + * src/global.c (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: Change calling + convention. + + Add helper function _gcry_strtokenize. + + commit 4e134b6e77f558730ec1eceb6b816b0bcfd845e9 + * src/misc.c (_gcry_strtokenize): New. + +2016-02-18 Werner Koch <wk@gnupg.org> + + random: Remove DRBG constants from the public API. + + commit fd13372fa9069d3a72947ea59c57e33637c936bf + * src/gcrypt.h.in (GCRY_DRBG_): Remove all new flags to ... + * random/drbg.c: here. + +2016-02-18 Stephan Mueller <smueller@chronox.de> + + random: Add SP800-90A DRBG. + + commit ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7 + * random/drbg.c: New. + * random/random.c (_gcry_random_initialize): Replace rngfips init by + drbg init. + (__gcry_random_close_fds): Likewise. + (_gcry_random_dump_stats): Likewise. + (_gcry_random_is_faked): Likewise. + (do_randomize): Likewise. + (_gcry_random_selftest): Likewise. + (_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize. + (_gcry_random_init_external_test): Remove. + (_gcry_random_run_external_test): Remove. + (_gcry_random_deinit_external_test): Remove. + * random/random.h (struct gcry_drbg_test_vector): New. + * src/gcrypt.h.in (struct gcry_drbg_gen): New. + (struct gcry_drbg_string): New. + (gcry_drbg_string_fill): New. + (gcry_randomize_drbg): New. + (GCRY_DRBG_): Lots of new macros. + * src/global.c (_gcry_vcontrol) <Init external random test>: Turn into + a nop. + (_gcry_vcontrol) <Deinit external random test>: Ditto. + (_gcry_vcontrol) <Run external random test>: Change. + (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: New. + +2016-02-13 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + bufhelp: disable unaligned memory accesses on powerpc. + + commit 1da793d089b65ac8c1ead65dacb6b8699f5b6e69 + * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Disable for + __powerpc__ and __powerpc64__. + +2016-02-12 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Not validate input point for Curve25519. + + commit 7a019bc7ecdbdfdef51094e090ce95e062da9b64 + * cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception. + +2016-02-10 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix memory leaks on error. + + commit b12dd550fd6af687ef95c584d0d8366c34965cc8 + * cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory. + * mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise. + +2016-02-09 NIIBE Yutaka <gniibe@fsij.org> + + ecc: input validation on ECDH. + + commit 23b72901f8a5ba9a78485b235c7a917fbc8faae0 + * cipher/ecc.c (ecc_decrypt_raw): Validate the point. + +2016-02-08 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add ARM assembly implementation of SHA-512. + + commit 8353884bc65c820d5bcacaf1ac23cdee72091a09 + * cipher/Makefile.am: Add 'sha512-arm.S'. + * cipher/sha512-arm.S: New. + * cipher/sha512.c (USE_ARM_ASM): New. + (_gcry_sha512_transform_arm): New. + (transform) [USE_ARM_ASM]: Use ARM assembly implementation instead of + generic. + * configure.ac: Add 'sha512-arm.lo'. + +2016-02-03 NIIBE Yutaka <gniibe@fsij.org> + + tests: Add a test for Curve25519. + + commit b8b3361504950689ef1e779fb3357cecf8a9f739 + * tests/Makefile.am (tests_bin): Add t-cv25519. + * tests/t-cv25519.c: New. + +2016-02-02 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix Curve25519 for data by older implementation. + + commit 6cb6df9dddac6ad246002b83c2ce0aaa0ecf30e5 + * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix code path for + short length data. + + ecc: more fix of Curve25519. + + commit 48ba5a50066611ecacea850ced13f5cb66097a81 + * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix removing of + prefix. Clear the MSB, according to RFC7748. + + ecc: Fix ECDH of Curve25519. + + commit a2f9afcd7fcdafd5951498b07f34957f9766dce9 + * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix calc of NBITS + and prefix detection. + * cipher/ecc.c (ecc_generate): Use NBITS instead of CTX->NBITS. + (ecc_encrypt_raw): Use NBITS from curve instead of from P. + Fix rawmpilen calculation. + (ecc_decrypt_raw): Likewise. Add debug output. + +2016-01-29 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Improve performance of generic SHA256 implementation. + + commit f3e51161036382429c3491c7c881f36c0a653c7b + * cipher/sha256.c (R): Let caller do variable shuffling. + (Chro, Maj, Sum0, Sum1): Convert from inline functions to macros. + (W, I): New. + (transform_blk): Unroll round loop; inline message expansion to rounds + to make message expansion buffer smaller. + +2016-01-28 Werner Koch <wk@gnupg.org> + + ecc: New API function gcry_mpi_ec_decode_point. + + commit 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897 + * mpi/ec.c (_gcry_mpi_ec_decode_point): New. + * cipher/ecc-common.h: Move two prototypes to ... + * src/ec-context.h: here. + * src/gcrypt.h.in (gcry_mpi_ec_decode_point): New. + * src/libgcrypt.def (gcry_mpi_ec_decode_point): New. + * src/libgcrypt.vers (gcry_mpi_ec_decode_point): New. + * src/visibility.c (gcry_mpi_ec_decode_point): New. + * src/visibility.h: Add new function. + +2016-01-15 Werner Koch <wk@gnupg.org> + + Fix build problem for rndegd.c. + + commit 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1 + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Test all RND modules. + * random/rndegd.c (_gcry_rndegd_connect_socket) + (my_make_filename): Use functions with '_' prefix. + + random: Fix possible AIX problem with sysconf in rndunix. + + commit 6303b0e83856ee89374b447e710f0ab2af61caec + * random/rndunix.c [HAVE_STDINT_H]: Include stdint.h. + (start_gatherer): Detect misbehaving sysconf. + +2015-12-27 Werner Koch <wk@gnupg.org> + + random: Take at max 25% from RDRAND. + + commit 5a78e7f15e0dd96a8bf64e2bb142880bf8ea6965 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Change use of + RDRAND from 50% to 25%. + +2015-12-07 Justus Winter <justus@g10code.com> + + cipher: Improve error handling. + + commit b9c02fbeb7efb7d0593b33485fb30c298291cf80 + * cipher/ecc.c (ecc_decrypt_raw): Improve error handling. + + cipher: Initialize 'flags'. + + commit ca06cd7f77acb317c2649c58918908f043dfe6bd + * cipher/ecc.c (ecc_encrypt_raw): Initialize 'flags' to 0. + +2015-12-05 NIIBE Yutaka <gniibe@fsij.org> + + ecc: CHANGE point representation of Curve25519. + + commit dd3d06e7f113cf7608f060ceb043262efd0b0c9d + * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Decode point with + the prefix 0x40, additional 0x00 by MPI handling, and shorter octets + by MPI normalization. + * cipher/ecc.c (ecc_generate, ecc_encrypt_raw, ecc_decrypt_raw): + Always add the prefix 0x40. + +2015-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + chacha20: fix alignment of self-test context. + + commit 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38 + * cipher/chacha20.c (selftest): Ensure 16-byte alignment for chacha20 + context structure. + + salsa20: fix alignment of self-test context. + + commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca + * cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20 + context structure. + +2015-12-02 Justus Winter <justus@g10code.com> + + random: Drop fake entropy gathering function. + + commit d421ac283ec46d0ecaf6278ba4c24843f65fb2fa + * random/random-csprng.c (faked_rng): Drop variable. + (gather_faked): Drop prototype and function. + (initialize): Drop fallback code. + (_gcry_rngcsprng_is_faked): Change accordingly. + + random: Fix selection of entropy gathering function. + + commit 468a5796ffb1a7776db4004d534376c1b981d740 + * random/random-csprng.c (getfnc_gather_random): Do return NULL if no + usable entropy gathering function is found. The callsite then + installs the fake gather function. + +2015-11-26 NIIBE Yutaka <gniibe@fsij.org> + + ecc: minor improvement of point multiplication. + + commit 3658afd09c3b03b4398aaa5748387220c93b1a94 + * mpi/ec.c (_gcry_mpi_ec_mul_point): Move ec_subm out of the loop. + +2015-11-25 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Constant-time multiplication for Weierstrass curve. + + commit 88e1358962e902ff1cbec8d53ba3eee46407851a + * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary + method for Weierstrass curve when SCALAR is secure. + + mpi: fix gcry_mpi_swap_cond. + + commit f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f + * mpi/mpiutil.c (_gcry_mpi_swap_cond): Relax the condition. + + mpi: Fix mpi_set_cond and mpi_swap_cond . + + commit 8ad682c412047d3b9196950709dbd7bd14ac8732 + * mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use + the operator of !!, but assume SET/SWAP is 0 or 1. + + ecc: multiplication of Edwards curve to be constant-time. + + commit 295b1c3540752af4fc5e6f41480e6db215222fba + * mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond. + + ecc: Add point_resize and point_swap_cond. + + commit b6015176df6bfae107ac82f9baa29ef2c175c9f9 + * mpi/ec.c (point_resize, point_swap_cond): New. + (_gcry_mpi_ec_mul_point): Use point_resize and point_swap_cond. + +2015-11-18 Justus Winter <justus@g10code.com> + + cipher: Fix error handling. + + commit 940dc8adc034a6c6c38742f6bfd7d837a532d537 + * cipher/cipher.c (_gcry_cipher_ctl): Fix error handling. + +2015-11-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Tweak Keccak for small speed-up. + + commit 6571a64331839d7d952292163afbf34c8bef62e0 + * cipher/keccak_permute_32.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Track + rounds with round constant pointer instead of separate round counter. + * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Ditto. + (KECCAK_F1600_ABSORB_FUNC_NAME): Tweak lanes pointer increment for bulk + absorb loops. + + Update license information for CRC. + + commit 15ea0acf8bb0aa307eccc23024a0bd7878fb8080 + * LICENSES: Remove 'Simple permissive' and 'IETF permissive' licenses + for 'cipher/crc.c' as result of rewrite of CRC implementations. + +2015-11-17 Justus Winter <justus@g10code.com> + + Fix typos found using codespell. + + commit 0e395944b70c7a92a6437f6bcc14f287c19ce9de + * cipher/cipher-ocb.c: Fix typos. + * cipher/des.c: Likewise. + * cipher/dsa-common.c: Likewise. + * cipher/ecc.c: Likewise. + * cipher/pubkey.c: Likewise. + * cipher/rsa-common.c: Likewise. + * cipher/scrypt.c: Likewise. + * random/random-csprng.c: Likewise. + * random/random-fips.c: Likewise. + * random/rndw32.c: Likewise. + * src/cipher-proto.h: Likewise. + * src/context.c: Likewise. + * src/fips.c: Likewise. + * src/gcrypt.h.in: Likewise. + * src/global.c: Likewise. + * src/sexp.c: Likewise. + * tests/mpitests.c: Likewise. + * tests/t-lock.c: Likewise. + +2015-11-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Improve performance of Tiger hash algorithms. + + commit 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0 + * cipher/tiger.c (tiger_round, pass, key_schedule): Convert functions + to macros. + (transform_blk): Pass variable names instead of pointers to 'pass'. + + Add ARMv7/NEON implementation of Keccak. + + commit a1cc7bb15473a2419b24ecac765ae0ce5989a13b + * cipher/Makefile.am: Add 'keccak-armv7-neon.S'. + * cipher/keccak-armv7-neon.S: New. + * cipher/keccak.c (USE_64BIT_ARM_NEON): New. + (NEED_COMMON64): Select if USE_64BIT_ARM_NEON. + [NEED_COMMON64] (round_consts_64bit): Rename to... + [NEED_COMMON64] (_gcry_keccak_round_consts_64bit): ...this; Add + terminator at end. + [USE_64BIT_ARM_NEON] (_gcry_keccak_permute_armv7_neon) + (_gcry_keccak_absorb_lanes64_armv7_neon, keccak_permute64_armv7_neon) + (keccak_absorb_lanes64_armv7_neon, keccak_armv7_neon_64_ops): New. + (keccak_init) [USE_64BIT_ARM_NEON]: Select ARM/NEON implementation + if supported by HW. + * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Update + to use new round constant table. + * configure.ac: Add 'keccak-armv7-neon.lo'. + + Optimize Keccak 64-bit absorb functions. + + commit 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88 + * cipher/keccak.c [USE_64BIT] [__x86_64__] (absorb_lanes64_8) + (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New. + * cipher/keccak.c [USE_64BIT] [!__x86_64__] (absorb_lanes64_8) + (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New. + [USE_64BIT] (KECCAK_F1600_ABSORB_FUNC_NAME): New. + [USE_64BIT] (keccak_absorb_lanes64): Remove. + [USE_64BIT_SHLD] (KECCAK_F1600_ABSORB_FUNC_NAME): New. + [USE_64BIT_SHLD] (keccak_absorb_lanes64_shld): Remove. + [USE_64BIT_BMI2] (KECCAK_F1600_ABSORB_FUNC_NAME): New. + [USE_64BIT_BMI2] (keccak_absorb_lanes64_bmi2): Remove. + * cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): New. + +2015-10-31 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Enable CRC test vectors with zero bytes. + + commit 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2 + * tests/basic.c (check_digests): Enable CRC test-vectors with zero + bytes. + + Keccak: Add SHAKE Extendable-Output Functions. + + commit c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29 + * src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for + XOFs. + * src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract' + and add 'pos' argument. + (KECCAK_CONTEXT): Add 'suffix'. + (keccak_extract_inplace64): Rename to... + (keccak_extract64): ...this; Add handling for 'pos' argument. + (keccak_extract_inplace32bi): Rename to... + (keccak_extract32bi): ...this; Add handling for 'pos' argument. + (keccak_extract_inplace64): Rename to... + (keccak_extract64): ...this; Add handling for 'pos' argument. + (keccak_extract_inplace32bi_bmi2): Rename to... + (keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument. + (keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256. + (shake128_init, shake256_init): New. + (keccak_final): Do not initial permute for SHAKE output; use correct + suffix for SHAKE. + (keccak_extract): New. + (keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors. + (run_selftests): Add SHAKE128 & SHAKE256. + (shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256) + (_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New. + * cipher/md.c (digest_list): Add SHAKE128 & SHAKE256. + * doc/gcrypt.texi: Ditto. + * src/cipher.h (_gcry_digest_spec_shake128) + (_gcry_digest_spec_shake256): New. + * src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New. + * tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument. + (check_one_md_multi): Skip if algo is XOF. + (check_digests): Add SHAKE128 & SHAKE256 test vectors. + * tests/bench-slope.c (kdf_bench_one): Skip XOFs. + + Few updates to documentation. + + commit 28de6f9e16e386018e81a9cdaee596be7616ccab + * doc/gcrypt.text: Add mention of new 'intel-fast-shld' hw feature + flag; Add mention of x86 RDRAND support in rndhw. + + Add HMAC-SHA3 test vectors. + + commit 92ad19873562cfce7bcc4a0b5aed8195d8284cfc + * tests/basic.c (check_mac): Add HMAC_SHA3 test vectors. + +2015-10-28 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + md: add variable length output interface. + + commit 577dc2b63ceca6a8a716256d034ea4e7414f65fa + * cipher/crc.c (_gcry_digest_spec_crc32) + (_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set + 'extract' NULL. + * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94) + (_gcry_digest_spec_gost3411_cp): Ditto. + * cipher/keccak.c (_gcry_digest_spec_sha3_224) + (_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384) + (_gcry_digest_spec_sha3_512): Ditto. + * cipher/md2.c (_gcry_digest_spec_md2): Ditto. + * cipher/md4.c (_gcry_digest_spec_md4): Ditto. + * cipher/md5.c (_gcry_digest_spec_md5): Ditto. + * cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto. + * cipher/sha1.c (_gcry_digest_spec_sha1): Ditto. + * cipher/sha256.c (_gcry_digest_spec_sha224) + (_gcry_digest_spec_sha256): Ditto. + * cipher/sha512.c (_gcry_digest_spec_sha384) + (_gcry_digest_spec_sha512): Ditto. + * cipher/stribog.c (_gcry_digest_spec_stribog_256) + (_gcry_digest_spec_stribog_512): Ditto. + * cipher/tiger.c (_gcry_digest_spec_tiger) + (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto. + * cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto. + * cipher/md.c (md_enable): Do not allow combination of HMAC and + 'expandable-output function'. + (md_final): Check if spec->read is NULL before calling. + (md_read): Ditto. + (md_extract, _gcry_md_extract): New. + * doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract. + * src/cipher-proto.h (gcry_md_extract_t): New. + (gcry_md_spec_t): Add 'extract'. + * src/gcrypt-int.g (_gcry_md_extract): New. + * src/gcrypt.h.in (gcry_md_extract): New. + * src/libgcrypt.def: Add gcry_md_extract. + * src/libgcrypt.vers: Add gcry_md_extract. + * src/visibility.c (gcry_md_extract): New. + * src/visibility.h (gcry_md_extract): New. + + md: check hmac flag in prepare_macpads. + + commit cee2e122ec6c1886957a8d47498eb63a6a921725 + * cipher/md.c (prepare_macpads): Check hmac flag. + + keccak: rewrite for improved performance. + + commit 74184c28fbe7ff58cf57f0094ef957d94045da7d + * cipher/Makefile.am: Add 'keccak_permute_32.h' and + 'keccak_permute_64.h'. + * cipher/hash-common.h [USE_SHA3] (MD_BLOCK_MAX_BLOCKSIZE): Remove. + * cipher/keccak.c (USE_64BIT, USE_32BIT, USE_64BIT_BMI2) + (USE_64BIT_SHLD, USE_32BIT_BMI2, NEED_COMMON64, NEED_COMMON32BI) + (keccak_ops_t): New. + (KECCAK_STATE): Add 'state64' and 'state32bi' members. + (KECCAK_CONTEXT): Remove 'bctx'; add 'blocksize', 'count' and 'ops'. + (rol64, keccak_f1600_state_permute): Remove. + [NEED_COMMON64] (round_consts_64bit, keccak_extract_inplace64): New. + [NEED_COMMON32BI] (round_consts_32bit, keccak_extract_inplace32bi) + (keccak_absorb_lane32bi): New. + [USE_64BIT] (ANDN64, ROL64, keccak_f1600_state_permute64) + (keccak_absorb_lanes64, keccak_generic64_ops): New. + [USE_64BIT_SHLD] (ANDN64, ROL64, keccak_f1600_state_permute64_shld) + (keccak_absorb_lanes64_shld, keccak_shld_64_ops): New. + [USE_64BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute64_bmi2) + (keccak_absorb_lanes64_bmi2, keccak_bmi2_64_ops): New. + [USE_32BIT] (ANDN64, ROL64, keccak_f1600_state_permute32bi) + (keccak_absorb_lanes32bi, keccak_generic32bi_ops): New. + [USE_32BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute32bi_bmi2) + (pext, pdep, keccak_absorb_lane32bi_bmi2, keccak_absorb_lanes32bi_bmi2) + (keccak_extract_inplace32bi_bmi2, keccak_bmi2_32bi_ops): New. + (keccak_write): New. + (keccak_init): Adjust to KECCAK_CONTEXT changes; add implementation + selection based on HWF features. + (keccak_final): Adjust to KECCAK_CONTEXT changes; use selected 'ops' + for state manipulation. + (keccak_read): Adjust to KECCAK_CONTEXT changes. + (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256) + (_gcry_digest_spec_sha3_348, _gcry_digest_spec_sha3_512): Use + 'keccak_write' instead of '_gcry_md_block_write'. + * cipher/keccak_permute_32.h: New. + * cipher/keccak_permute_64.h: New. + + hwf-x86: add detection for Intel CPUs with fast SHLD instruction. + + commit 909644ef5883927262366c356eed530e55aba478 + * cipher/sha1.c (sha1_init): Use HWF_INTEL_FAST_SHLD instead of + HWF_INTEL_CPU. + * cipher/sha256.c (sha256_init, sha224_init): Ditto. + * cipher/sha512.c (sha512_init, sha384_init): Ditto. + * src/g10lib.h (HWF_INTEL_FAST_SHLD): New. + (HWF_INTEL_BMI2, HWF_INTEL_SSSE3, HWF_INTEL_PCLMUL, HWF_INTEL_AESNI) + (HWF_INTEL_RDRAND, HWF_INTEL_AVX, HWF_INTEL_AVX2) + (HWF_ARM_NEON): Update. + * src/hwf-x86.c (detect_x86_gnuc): Add detection of Intel Core + CPUs with fast SHLD/SHRD instruction. + * src/hwfeatures.c (hwflist): Add "intel-fast-shld". + + Fix OCB amd64 assembly implementations for x32. + + commit 16fd540f4d01eb6dc23d9509ae549353617c7a67 + * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc) + (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth) + (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec) + (_gcry_camellia_aesni_avx2_ocb_auth, _gcry_camellia_ocb_crypt) + (_gcry_camellia_ocb_auth): Change 'Ls' from pointer array to u64 array. + * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc) + (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth) + (_gcry_serpent_avx2_ocb_enc, _gcry_serpent_avx2_ocb_dec) + (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Ditto. + * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc) + (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth) + (twofish_amd64_ocb_enc, twofish_amd64_ocb_dec, twofish_amd64_ocb_auth) + (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Ditto. + + bench-slope: add KDF/PBKDF2 benchmark. + + commit ae40af427fd2a856b24ec2a41323ec8b80ffc9c0 + * tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free) + (bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New. + (print_help): Add 'kdf'. + (main): Add KDF benchmarks. + +2015-10-22 NIIBE Yutaka <gniibe@fsij.org> + + md: keep contexts for HMAC in GcryDigestEntry. + + commit f7505b550dd591e33d3a3fab9277c43c460f1bad + * cipher/md.c (struct gcry_md_context): Add flags.hmac. + Remove macpads and mcpads_Bsize. + (md_open): Initialize flags.hmac. Remove macpads initialization. + (md_enable): Allocate contexts when flags.hmac is enabled. + (md_copy): Remove macpads copying. Add copying contexts. + (_gcry_md_reset): When flags.hmac is enabled, restore precomputed + context with input pad + (md_close): Remove macpads wiping. + (md_final): When flags.hmac is enabled, compute hmac by precomputed + context with output pad. + (prepare_macpads): Prepare precomputed contexts with input pad and + output pad for each registered digest entry. + (_gcry_md_setkey): Just call prepare_macpads. + +2015-10-15 NIIBE Yutaka <gniibe@fsij.org> + + Fix double free on error. + + commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982 + * src/hmac256.c (_gcry_hmac256_finalize): Don't free HD. + +2015-10-14 NIIBE Yutaka <gniibe@fsij.org> + + Fix gpg_error_t and gpg_err_code_t confusion. + + commit 813565a07ca575c87e1252c6ed26018653ecd338 + * src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change. + * cipher/dsa.c (dsa_check_secret_key): Ditto. + * src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t. + + * src/gcrypt-int.h (_gcry_err_make_from_errno) + (_gcry_error_from_errno): Return gpg_error_t. + * cipher/cipher.c (_gcry_cipher_open_internal) + (_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error. + * src/global.c (_gcry_vcontrol): Likewise. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use + gpg_err_code_from_syserror. + * cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write) + (mac_read, mac_verify): Return gcry_err_code_t. + * cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR. + * src/visibility.c (gcry_error_from_errno): Return gpg_error_t. + +2015-10-13 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix compiling AES/AES-NI implementation on linux-i386. + + commit fa94b6111948a614ebdcb67f7942eced8b84c579 + * cipher/rijndael-aesni.c (do_aesni_ctr_4): Split assembly block in + two parts to reduce number of register constraints needed. + +2015-10-13 NIIBE Yutaka <gniibe@fsij.org> + + Fix declaration of return type. + + commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5 + * src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t. + * cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param. + * src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t. + * src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch. + +2015-09-07 Werner Koch <wk@gnupg.org> + + Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls. + + commit 3a3d5410cc83f7069c7cb1ab384905f382292d32 + * src/secmem.c (lock_pool, secmem_init): Do not call any cap_ + functions if NO_PRIV_DROP is set. + +2015-09-04 Werner Koch <wk@gnupg.org> + + w32: Avoid a few compiler warnings. + + commit e97c62a4a687b56d00a2d0a63e072a977f8eb81c + * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc) + (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable + as unused. + * random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch + warning. + * src/secmem.c (init_pool): Avoid unused variable warning. + * tests/random.c (writen, readn): Include on if needed. + + w32: Fix alignment problem with AESNI on Windows >= 8. + + commit e2785a2268702312529521df3bd2f4e6b43cea3a + * cipher/cipher-selftest.c (_gcry_cipher_selftest_alloc_ctx): New. + * cipher/rijndael.c (selftest_basic_128, selftest_basic_192) + (selftest_basic_256): Allocate context on the heap. + +2015-08-31 Werner Koch <wk@gnupg.org> + + rsa: Add verify after sign to avoid Lenstra's CRT attack. + + commit c17f84bd02d7ee93845e92e20f6ddba814961588 + * cipher/rsa.c (rsa_sign): Check the CRT. + + Add pubkey algo id for EdDSA. + + commit dd87639abd38afc91a6f27af33f0ba17402ad02d + * src/gcrypt.h.in (GCRY_PK_EDDSA): New. + +2015-08-25 Werner Koch <wk@gnupg.org> + + Add configure option --enable-build-timestamp. + + commit a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e + * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default. + +2015-08-23 Werner Koch <wk@gnupg.org> + + tests: Add missing files for the make distcheck target. + + commit fb3cb47b0a29d3e73150297aa4495c20915e4a75 + * tests/Makefile.am (EXTRA_DIST): Add sha3-x test vector files. + +2015-08-19 Werner Koch <wk@gnupg.org> + + Change SHA-3 algorithm ids. + + commit 65639ecaaeba642e40487446c40d045482001285 + * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256) + (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): Change values. + +2015-08-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Keccak: Fix array indexes in θ step. + + commit 48822ae0b436bcea0fe92dbf0d88475ba3179320 + * cipher/keccak.c (keccak_f1600_state_permute): Fix indexes for D[5]. + + Simplify OCB offset calculation for parallel implementations. + + commit 24ebf53f1e8a8afa27dcd768339bda70a740bb03 + * cipher/camellia-glue.c (_gcry_camellia_ocb_crypt) + (_gcry_camellia_ocb_auth): Precalculate Ls array always, instead of + just if 'blkn % <parallel blocks> == 0'. + * cipher/serpent.c (_gcry_serpent_ocb_crypt) + (_gcry_serpent_ocb_auth): Ditto. + * cipher/rijndael-aesni.c (get_l): Remove low-bit checks. + (aes_ocb_enc, aes_ocb_dec, _gcry_aes_aesni_ocb_auth): Handle leading + blocks until block counter is multiple of 4, so that parallel block + processing loop can use 'c->u_mode.ocb.L' array directly. + * tests/basic.c (check_ocb_cipher_largebuf): Rename to... + (check_ocb_cipher_largebuf_split): ...this and add option to process + large buffer as two split buffers. + (check_ocb_cipher_largebuf): New. + + Add carryless 8-bit addition fast-path for AES-NI CTR mode. + + commit e11895da1f4af9782d89e92ba2e6b1a63235b54b + * cipher/rijndael-aesni.c (do_aesni_ctr_4): Do addition using + CTR in big-endian form, if least-significant byte does not overflow. + +2015-08-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add additional SHA3 test-vectors. + + commit 80321eb3a63a20f86734d6eebb3f419c0ec895aa + * tests/basic.c (check_digests): Allow datalen to be specified so that + input data can have byte with value 0x00; Include sha3-*.h header files + to test-vector structure. + * tests/sha3-224.h: New. + * tests/sha3-256.h: New. + * tests/sha3-384.h: New. + * tests/sha3-512.h: New. + + Add generic SHA3 implementation. + + commit 434ba17d1d5ad59c70d721ad3ecb376c2403a7e5 + * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE): Increase blocksize + USE_SHA3 enabled. + * cipher/keccak.c (SHA3_DELIMITED_SUFFIX, SHAKE_DELIMITED_SUFFIX): New. + (KECCAK_STATE): Add proper state. + (KECCAK_CONTEXT): Add 'outlen'. + (rol64, keccak_f1600_state_permute, transform_blk, transform): New. + (keccak_init): Add proper initialization. + (keccak_final): Add proper finalization. + (selftests_keccak): Add selftests. + (oid_spec_sha3_224, oid_spec_sha3_256, oid_spec_sha3_384) + (oid_spec_sha3_512): Add OID. + (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256) + (_gcry_digest_spec_sha3_384, _gcry_digest_spec_sha3_512): Fix output + length. + * cipher/mac-hmac.c (map_mac_algo_to_md): Fix mapping for SHA3-512. + (hmac_get_keylen): Return proper blocksizes for SHA3 algorithms. + [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224) + (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384) + (_gcry_mac_type_spec_hmac_sha3_512): New. + * cipher/mac-internal [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224) + (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384) + (_gcry_mac_type_spec_hmac_sha3_512): New. + * cipher/mac.c (mac_list) [USE_SHA3]: Add SHA3 algorithms. + * cipher/md.c (md_open): Use proper SHA-3 blocksizes for HMAC macpads. + * tests/basic.c (check_digests): Add SHA3 test vectors. + + Optimize OCB offset calculation. + + commit 49f52c67fb42c0656c8f9af655087f444562ca82 + * cipher/cipher-internal.h (ocb_get_l): New. + * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate) + (ocb_crypt): Use 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'. + * cipher/camellia-glue.c (get_l): Remove. + (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Precalculate + offset array when block count matches parallel operation size; Use + 'ocb_get_l' instead of 'get_l'. + * cipher/rijndael-aesni.c (get_l): Add fast path for 75% most common + offsets. + (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Precalculate + offset array when block count matches parallel operation size. + * cipher/rijndael-ssse3-amd64.c (get_l): Add fast path for 75% most + common offsets. + * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Use + 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'. + * cipher/serpent.c (get_l): Remove. + (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Precalculate + offset array when block count matches parallel operation size; Use + 'ocb_get_l' instead of 'get_l'. + * cipher/twofish.c (get_l): Remove. + (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Use 'ocb_get_l' + instead of 'get_l'. + +2015-08-10 NIIBE Yutaka <gniibe@fsij.org> + + ecc: fix Montgomery curve bugs. + + commit ce746936b6c210e602d106cfbf45cf60b408d871 + * cipher/ecc.c (check_secret_key): Y1 should not be NULL when check. + (ecc_check_secret_key): Support Montgomery curve. + * mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition. + +2015-08-08 Werner Koch <wk@gnupg.org> + + Add framework to eventually support SHA3. + + commit 0e17f7a05bba309a87811992aa47a77af9935b99 + * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256) + (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New. + (GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256) + (GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New. + * cipher/keccak.c: New with stub functions. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c. + * configure.ac (available_digests): Add sha3. + (USE_SHA3): New. + * src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests. + * cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos. + (md_open): Ditto for hmac processing. + * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping. + * cipher/hmac-tests.c (run_selftests): Prepare for tests. + * cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx". + +2015-08-06 Werner Koch <wk@gnupg.org> + + tools: Fix memory leak for functions "I" and "G". + + commit 10789e3cdda7b944acb4b59624c34a2ccfaea6e5 + * src/mpicalc.c (do_inv, do_gcd): Init A after stack check. + +2015-08-06 Ismo Puustinen <ismo.puustinen@intel.com> + + ecc: Free memory also when in error branch. + + commit 1d896371fbc94c605fce35eabcde01e24dd22892 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Init DISGEST and goto + leave on error. + +2015-08-06 NIIBE Yutaka <gniibe@fsij.org> + + Add Curve25519 support. + + commit e93f4c21c59756604440ad8cbf27e67d29c99ffd + * cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519. + * tests/curves.c (N_CURVES): It's 22 now. + * src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New. + * cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New. + * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New. + * cipher/ecc.c (nist_generate_key): Handle the case of + PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. + (test_ecdh_only_keys, check_secret_key): Likewise. + (ecc_generate): Support Curve25519 which is Montgomery curve with flag + PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP. + (ecc_encrypt_raw): Get flags from KEYPARMS and handle + PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. + (ecc_decrypt_raw): Likewise. + (compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): + PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK. + Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK. + +2015-07-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Reduce code size for Twofish key-setup and remove key dependend branch. + + commit b4b1d872ba651bc44761b35d245b1a519a33f515 + * cipher/twofish.c (poly_to_exp): Increase size by one, change type + from byte to u16 and insert '492' to index 0. + (exp_to_poly): Increase size by 256, let new cells have zero value. + (CALC_S): Execute unconditionally with help of modified tables. + (do_twofish_setkey): Change type for 'tmp' to 'unsigned int'; Un-unroll + CALC_K256 and CALC_K phases to reduce generated object size. + + Reduce amount of duplicated code in OCB bulk implementations. + + commit e950052bc6f5ff11a7c23091ff3f6b5cc431e875 + * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate) + (ocb_crypt): Change bulk function to return number of unprocessed + blocks. + * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) + (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth) + (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth) + (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type + to 'size_t'. + * cipher/camellia-glue.c (get_l): Only if USE_AESNI_AVX or + USE_AESNI_AVX2 defined. + (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Change return type + to 'size_t' and return remaining blocks; Remove unaccelerated common + code path. Enable remaining common code only if USE_AESNI_AVX or + USE_AESNI_AVX2 defined; Remove unaccelerated common code. + * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Change + return type to 'size_t' and return zero. + * cipher/serpent.c (get_l): Only if USE_SSE2, USE_AVX2 or USE_NEON + defined. + (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Change return type + to 'size_t' and return remaining blocks; Remove unaccelerated common + code path. Enable remaining common code only if USE_SSE2, USE_AVX2 or + USE_NEON defined; Remove unaccelerated common code. + * cipher/twofish.c (get_l): Only if USE_AMD64_ASM defined. + (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type + to 'size_t' and return remaining blocks; Remove unaccelerated common + code path. Enable remaining common code only if USE_AMD64_ASM defined; + Remove unaccelerated common code. + + Add bulk OCB for Serpent SSE2, AVX2 and NEON implementations. + + commit adbdca0d58f9c06dc3850b95e3455e179c1e6960 + * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk + functions for Serpent. + * cipher/serpent-armv7-neon.S: Add OCB assembly functions. + * cipher/serpent-avx2-amd64.S: Add OCB assembly functions. + * cipher/serpent-sse2-amd64.S: Add OCB assembly functions. + * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc) + (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth) + (_gcry_serpent_neon_ocb_enc, _gcry_serpent_neon_ocb_dec) + (_gcry_serpent_neon_ocb_auth, _gcry_serpent_avx2_ocb_enc) + (_gcry_serpent_avx2_ocb_dec, _gcry_serpent_avx2_ocb_auth): New + prototypes. + (get_l, _gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): New. + * src/cipher.h (_gcry_serpent_ocb_crypt) + (_gcry_serpent_ocb_auth): New. + * tests/basic.c (check_ocb_cipher): Add test-vector for serpent. + + Add bulk OCB for Twofish AMD64 implementation. + + commit 7f6804c37c4b41d85fb26aa723b1c41e4a3cf278 + * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk + functions for Twofish. + * cipher/twofish-amd64.S: Add OCB assembly functions. + * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc) + (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth): New + prototypes. + (call_sysv_fn5, call_sysv_fn6, twofish_amd64_ocb_enc) + (twofish_amd64_ocb_dec, twofish_amd64_ocb_auth, get_l) + (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): New. + * src/cipher.h (_gcry_twofish_ocb_crypt) + (_gcry_twofish_ocb_auth): New. + * tests/basic.c (check_ocb_cipher): Add test-vector for Twofish. + + Add bulk OCB for Camellia AES-NI/AVX and AES-NI/AVX2 implementations. + + commit bb088c6b1620504fdc79e89af27c2bf3fb02b4b4 + * cipher/camellia-aesni-avx-amd64.S: Add OCB assembly functions. + * cipher/camellia-aesni-avx2-amd64.S: Add OCB assembly functions. + * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc) + (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth) + (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec) + (_gcry_camellia_aesni_avx2_ocb_auth): New prototypes. + (get_l, _gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): New. + * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk + functions for Camellia. + * src/cipher.h (_gcry_camellia_ocb_crypt) + (_gcry_camellia_ocb_auth): New. + * tests/basic.c (check_ocb_cipher): Add test-vector for Camellia. + +2015-07-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add OCB bulk mode for AES SSSE3 implementation. + + commit 620e1e0300c79943a1846a49563b04386dc60546 + * cipher/rijndael-ssse3-amd64.c (SSSE3_STATE_SIZE): New. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): Use + 'ssse3_state' for storing current SSSE3 state. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] + (vpaes_ssse3_cleanup): Restore SSSE3 state from 'ssse3_state'. + (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) + (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc) + (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc) + (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec) + (_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_cbc_dec): Add 'ssse3_state' + array. + (get_l, ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_crypt) + (_gcry_aes_ssse3_ocb_auth): New. + * cipher/rijndael.c (_gcry_aes_ssse3_ocb_crypt) + (_gcry_aes_ssse3_ocb_auth): New. + (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_SSSE3]: Use SSSE3 + implementation for OCB. + +2015-07-26 Peter Wu <peter@lekensteyn.nl> + + Fix undefined behavior wrt memcpy. + + commit 46c072669eb81ed610cc5b3c0dc0c75a143afbb4 + * cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let + the function continue to add padding as needed though. + * cipher/mac-poly1305.c: If the caller requested to finish the hash + function without a copy of the result, return immediately. + +2015-07-23 Peter Wu <peter@lekensteyn.nl> + + build: ignore scissor line for the commit-msg hook. + + commit ada0a7d302cca97b327faaacac7a5d0b8043df88 + * build-aux/git-hooks/commit-msg: Stop processing more lines when the + scissor line is encountered. + +2015-07-16 Peter Wu <peter@lekensteyn.nl> + + rsa: Fix error in comments. + + commit 9cd55e8e948f0049cb23495f536decf797d072f7 + * cipher/rsa.c: Fix. + +2015-07-14 Peter Wu <peter@lekensteyn.nl> + + sexp: Fix invalid deallocation in error path. + + commit 0f9532b186c1e0b54d7e7a6d76bce82b6226122b + * src/sexp.c: Fix wrong condition. + +2015-07-10 Peter Wu <peter@lekensteyn.nl> + + ecc: fix memory leak. + + commit 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c + * cipher/ecc.c (ecc_verify): Release memory which was allocated before + by _gcry_pk_util_preparse_sigval. + (ecc_decrypt_raw): Likewise. + +2015-07-06 NIIBE Yutaka <gniibe@fsij.org> + + ecc: fix memory leaks. + + commit 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06 + cipher/ecc.c (ecc_generate): Fix memory leak on error of + _gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint. + (ecc_check_secret_key): Fix memory leak on error of + _gcry_ecc_update_curve_param. + (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove + unnecessary sexp_release and fix memory leak on error of + _gcry_ecc_fill_in_curve. + (ecc_decrypt_raw): Fix double free of the point kG and memory leak + on error of _gcry_ecc_os2ec. + +2015-06-11 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Support FreeBSD 10 or later. + + commit a36ee7501f68ad7ebcfe31f9659430b9d2c3ddd1 + * mpi/config.links: Include FreeBSD 10 to 29. + +2015-05-21 Werner Koch <wk@gnupg.org> + + ecc: Add key generation flag "no-keytest". + + commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07 + * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag + "no-keytest". Return an error for invalid flags of length 10. + + * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags + set random level depending on flags. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. + * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and + remove var random_level. + (nist_generate_key): Implement "no-keytest" flag. + + * tests/keygen.c (check_ecc_keys): Add tests for transient-key and + no-keytest. + + ecc: Avoid double conversion to affine coordinates in keygen. + + commit 102d68b3bd77813a3ff989526855bb1e283bf9d7 + * cipher/ecc.c (nist_generate_key): Add args r_x and r_y. + (ecc_generate): Rename vars. Convert to affine coordinates only if + not returned by the lower level generation function. + + random: Change initial extra seeding from 2400 bits to 128 bits. + + commit 8124e357b732a719696bfd5271def4e528f2a1e1 + * random/random-csprng.c (read_pool): Reduce initial seeding. + +2015-05-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Enable AMD64 Twofish implementation on WIN64. + + commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501 + * cipher/twofish-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/twofish.c (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. + (twofish_amd64_encrypt_block, twofish_amd64_decrypt_block) + (twofish_amd64_ctr_enc, twofish_amd64_cbc_dec) + (twofish_amd64_cfb_dec): New wrapper functions for AMD64 + assembly functions. + + Enable AMD64 Serpent implementations on WIN64. + + commit eb0ed576893b6c7990dbcb568510f831d246cea6 + * cipher/serpent-avx2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/serpent-sse2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/chacha20.c (USE_SSE2, USE_AVX2): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_SSE2 || USE_AVX2] (ASM_FUNC_ABI): New. + (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec) + (_gcry_serpent_sse2_cfb_dec, _gcry_serpent_avx2_ctr_enc) + (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Add + ASM_FUNC_ABI. + + Enable AMD64 Salsa20 implementation on WIN64. + + commit 12bc93ca8187b8061c2e705427ef22f5a71d29b0 + * cipher/salsa20-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/salsa20.c (USE_AMD64): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_AMD64] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. + (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup) + (_gcry_salsa20_amd64_encrypt_blocks): Add ASM_FUNC_ABI. + [USE_AMD64] (salsa20_core): Add ASM_EXTRA_STACK. + (salsa20_do_encrypt_stream) [USE_AMD64]: Add ASM_EXTRA_STACK. + + Enable AMD64 Poly1305 implementations on WIN64. + + commit 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f + * cipher/poly1305-avx2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/poly1305-sse2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/poly1305-internal.h (POLY1305_SYSV_FUNC_ABI): New. + (POLY1305_USE_SSE2, POLY1305_USE_AVX2): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (OPS_FUNC_ABI): New. + (poly1305_ops_t): Use OPS_FUNC_ABI. + * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext) + (_gcry_poly1305_amd64_sse2_finish_ext) + (_gcry_poly1305_amd64_sse2_blocks, _gcry_poly1305_amd64_avx2_init_ext) + (_gcry_poly1305_amd64_avx2_finish_ext) + (_gcry_poly1305_amd64_avx2_blocks, _gcry_poly1305_armv7_neon_init_ext) + (_gcry_poly1305_armv7_neon_finish_ext) + (_gcry_poly1305_armv7_neon_blocks, poly1305_init_ext_ref32) + (poly1305_blocks_ref32, poly1305_finish_ext_ref32) + (poly1305_init_ext_ref8, poly1305_blocks_ref8) + (poly1305_finish_ext_ref8): Use OPS_FUNC_ABI. + + Enable AMD64 3DES implementation on WIN64. + + commit b65e9e71d5ee992db5c96793c6af999545daad28 + * cipher/des-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/des.c (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. + (tripledes_ecb_crypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call + assembly function through 'call_sysv_fn'. + (tripledes_amd64_ctr_enc, tripledes_amd64_cbc_dec) + (tripledes_amd64_cfb_dec): New wrapper functions for bulk + assembly functions. + + Enable AMD64 ChaCha20 implementations on WIN64. + + commit 9597cfddf03c467825da152be5ca0d12a8c30d88 + * cipher/chacha20-avx2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/chacha20-sse2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/chacha20-ssse3-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/chacha20.c (USE_SSE2, USE_SSSE3, USE_AVX2): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. + (chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks) + (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks) + (_gcry_chacha20_armv7_neon_blocks, chacha20_blocks): Add ASM_FUNC_ABI. + (chacha20_core): Add ASM_EXTRA_STACK. + + Enable AMD64 CAST5 implementation on WIN64. + + commit 6a6646df80386204675d8b149ab60e74d7ca124c + * cipher/cast5-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (RIP): Remove. + (GET_EXTERN_POINTER): Use 'leaq' version on WIN64. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/cast5.c (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. + (do_encrypt_block, do_decrypt_block) + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly + function through 'call_sysv_fn'. + (cast5_amd64_ctr_enc, cast5_amd64_cbc_dec) + (cast5_amd64_cfb_dec): New wrapper functions for bulk + assembly functions. + + Enable AMD64 Camellia implementations on WIN64. + + commit 9a4fb3709864bf3e3918800d44ff576590cd4e92 + * cipher/camellia-aesni-avx-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/camellia-aesni-avx2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/camellia-glue.c (USE_AESNI_AVX, USE_AESNI_AVX2): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_AESNI_AVX || USE_AESNI_AVX2] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. + (_gcry_camellia_aesni_avx_ctr_enc, _gcry_camellia_aesni_avx_cbc_dec) + (_gcry_camellia_aesni_avx_cfb_dec, _gcry_camellia_aesni_avx_keygen) + (_gcry_camellia_aesni_avx2_ctr_enc, _gcry_camellia_aesni_avx2_cbc_dec) + (_gcry_camellia_aesni_avx2_cfb_dec): Add ASM_FUNC_ABI. + + Enable AMD64 Blowfish implementation on WIN64. + + commit e05682093ffb003b589a697428d918d755ac631d + * cipher/blowfish-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/blowfish.c (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. + (do_encrypt, do_encrypt_block, do_decrypt_block) + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly + function through 'call_sysv_fn'. + (blowfish_amd64_ctr_enc, blowfish_amd64_cbc_dec) + (blowfish_amd64_cfb_dec): New wrapper functions for bulk + assembly functions. + .. + + Enable AMD64 arcfour implementation on WIN64. + + commit c46b015bedba7ce0db68929bd33a86a54ab3d919 + * cipher/arcfour-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/arcfour.c (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use + assembly block to call AMD64 assembly function. + + Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539. + + commit ee8fc4edcb3466b03246c8720b90731bf274ff1d + * cipher/cipher-poly1305.c: Add RFC-7539 to header. + * doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of + RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD. + + hwf-x86: use edi for passing value to ebx for i386 cpuid. + + commit bac42c68b069f17abcca810a21439c7233815747 + * src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead + of '=r'. + + hwf-x86: add EDX as output register for xgetbv asm block. + + commit e15beb584a5ebdfc363e1ff15f87102508652d71 + * src/hwf-x86.c (get_xgetbv): Add EDX as output. + +2015-05-04 Werner Koch <wk@gnupg.org> + + build: Update build-aux files. + + commit 5a7d55eed3316f40ca61acbee032bfc285e28803 + + + Fix possible regression on old 32 bit mingw compilers. + + commit 090ca7435156b5f52064357dd59059570d466f46 + * acinclude.m4: Add new pattern for mingw32. + + build: Add new file. + + commit 4af52b2e72ce004b7d8f99e09c4324e3c2a84379 + * mpi/amd64/distfiles: Add func_abi.h. + +2015-05-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix WIN64 assembly glue for AES. + + commit 24a769a7c7601dbb85332e550f6fbd121b56df5f + * cipher/rinjdael.c (do_encrypt, do_decrypt) + [!HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Change input operands to + input+output to mark volatile nature of the used registers. + + Add '1 million a characters' test vectors. + + commit 2f4fefdbc62857b6e2da26ce111ee140a068c471 + * tests/basic.c (check_digests): Add "!" test vectors for MD5, SHA-384, + SHA-512, RIPEMD160 and CRC32. + +2015-05-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + More optimized CRC implementations. + + commit 06e122baa3321483a47bbf82fd2a4540becfa0c9 + * cipher/crc.c (crc32_table, crc24_table): Replace with new table + contents. + (update_crc32, CRC24_INIT, CRC24_POLY): Remove. + (crc32_next, crc32_next4, crc24_init, crc24_next, crc24_next4) + (crc24_final): New. + (crc24rfc2440_init): Use crc24_init. + (crc32_write): Rewrite to use crc32_next & crc32_next4. + (crc24_write): Rewrite to use crc24_next & crc24_next4. + (crc32_final, crc32rfc1510_final): Use buf_put_be32. + (crc24rfc2440_final): Use crc24_final & buf_put_le32. + * tests/basic.c (check_digests): Add CRC "123456789" tests. + + Enable AMD64 AES implementation for WIN64. + + commit 66129b3334a5aa54ff8a97981507e4704f759571 + * cipher/rijndael-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/rijndael-internal.h (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (do_encrypt, do_decrypt) + [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Use + assembly block to call AMD64 assembly encrypt/decrypt function. + + Enable AMD64 Whirlpool implementation for WIN64. + + commit 8422d5d699265b960bd1ca837044ee052fc5b614 + * cipher/whirlpool-sse2-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/whirlpool.c (USE_AMD64_ASM): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_AMD64_ASM] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. + [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64): Add ASM_FUNC_ABI to + prototype. + [USE_AMD64_ASM] (whirlpool_transform): Add ASM_EXTRA_STACK to stack + burn value. + + Enable AMD64 SHA512 implementations for WIN64. + + commit 1089a13073c26a9a456e43ec38d937e6ee7f4077 + * cipher/sha512-avx-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/sha512-avx-bmi2-amd64.S: Ditto. + * cipher/sha512-ssse3-amd64.S: Ditto. + * cipher/sha512.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI) + (ASM_EXTRA_STACK): New. + (_gcry_sha512_transform_amd64_ssse3, _gcry_sha512_transform_amd64_avx) + (_gcry_sha512_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to + prototypes. + (transform): Add ASM_EXTRA_STACK to stack burn value. + + Enable AMD64 SHA256 implementations for WIN64. + + commit 022959099644f64df5f2a83ade21159864f64837 + * cipher/sha256-avx-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/sha256-avx2-bmi2-amd64.S: Ditto. + * cipher/sha256-ssse3-amd64.S: Ditto. + * cipher/sha256.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI) + (ASM_EXTRA_STACK): New. + (_gcry_sha256_transform_amd64_ssse3, _gcry_sha256_transform_amd64_avx) + (_gcry_sha256_transform_amd64_avx2): Add ASM_FUNC_ABI to prototypes. + (transform): Add ASM_EXTRA_STACK to stack burn value. + + Enable AMD64 SHA1 implementations for WIN64. + + commit e433676a899fa0d274d40547166b03c7c8bd8e78 + * cipher/sha1-avx-amd64.S: Enable when + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + (ELF): New macro to mask lines with ELF specific commands. + * cipher/sha1-avx-bmi2-amd64.S: Ditto. + * cipher/sha1-ssse3-amd64.S: Ditto. + * cipher/sha1.c (USE_SSSE3, USE_AVX, USE_BMI2): Enable + when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. + [USE_SSSE3 || USE_AVX || USE_BMI2] (ASM_FUNC_ABI) + (ASM_EXTRA_STACK): New. + (_gcry_sha1_transform_amd64_ssse3, _gcry_sha1_transform_amd64_avx) + (_gcry_sha1_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to + prototypes. + (transform): Add ASM_EXTRA_STACK to stack burn value. + +2015-05-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Enable AES/AES-NI, AES/SSSE3 and GCM/PCLMUL implementations on WIN64. + + commit 4e09aaa36d151c3312019724a77fc09aa345b82f + * cipher/cipher-gcm-intel-pclmul.c (_gcry_ghash_intel_pclmul) + ( _gcry_ghash_intel_pclmul) [__WIN64__]: Store non-volatile vector + registers before use and restore after. + * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Remove dependency + on !defined(__WIN64__). + * cipher/rijndael-aesni.c [__WIN64__] (aesni_prepare_2_6_variable, + aesni_prepare, aesni_prepare_2_6, aesni_cleanup) + ( aesni_cleanup_2_6): New. + [!__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare_2_6): New. + (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_cbc_enc) + (_gcry_aesni_ctr_enc, _gcry_aesni_cfb_dec, _gcry_aesni_cbc_dec) + (_gcry_aesni_ocb_crypt, _gcry_aesni_ocb_auth): Use + 'aesni_prepare_2_6'. + * cipher/rijndael-internal.h (USE_SSSE3): Enable if + HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS or + HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS. + (USE_AESNI): Remove dependency on !defined(__WIN64__) + * cipher/rijndael-ssse3-amd64.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] + (vpaes_ssse3_prepare, vpaes_ssse3_cleanup): New. + [!HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): New. + (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec): Use + 'vpaes_ssse3_prepare'. + (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption): Use + 'vpaes_ssse3_prepare' and 'vpaes_ssse3_cleanup'. + [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (X): Add masking macro to + exclude '.type' and '.size' markers from assembly code, as they are + not support on WIN64/COFF objects. + * configure.ac (gcry_cv_gcc_attribute_ms_abi) + (gcry_cv_gcc_attribute_sysv_abi, gcry_cv_gcc_default_abi_is_ms_abi) + (gcry_cv_gcc_default_abi_is_sysv_abi) + (gcry_cv_gcc_win64_platform_as_ok): New checks. + + Add W64 support for mpi amd64 assembly. + + commit 460355f23e770637d29e3af7b998a957a2b5bc88 + acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Set + 'ac_cv_sys_symbol_underscore=no' on MingW-W64. + mpi/amd64/func_abi.h: New. + mpi/amd64/mpih-add1.S (_gcry_mpih_add_n): Add FUNC_ENTRY and FUNC_EXIT. + mpi/amd64/mpih-lshift.S (_gcry_mpih_lshift): Ditto. + mpi/amd64/mpih-mul1.S (_gcry_mpih_mul_1): Ditto. + mpi/amd64/mpih-mul2.S (_gcry_mpih_addmul_1): Ditto. + mpi/amd64/mpih-mul3.S (_gcry_mpih_submul_1): Ditto. + mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Ditto. + mpi/amd64/mpih-sub1.S (_gcry_mpih_sub_n): Ditto. + mpi/config.links [host=x86_64-*mingw*]: Enable assembly modules. + [host=x86_64-*-*]: Append mpi/amd64/func_abi.h to mpi/asm-syntax.h. + + DES: Silence compiler warnings on Windows. + + commit 6c21cf5fed1ad430fa41445eac2350802bc8aaed + * cipher/des.c (working_memcmp): Make pointer arguments 'const void *'. + + Cast pointers to integers using uintptr_t instead of long. + + commit 9cf224322007d90193d4910f0da6e0e29ce01d70 + + + Fix rndhw for 64-bit Windows build. + + commit d5a7e00b6b222566a5650639ef29684b047c1909 + * configure.ac: Add sizeof check for 'void *'. + * random/rndhw.c (poll_padlock): Check for SIZEOF_VOID_P == 8 + instead of defined(__LP64__). + (RDRAND_LONG): Check for SIZEOF_UNSIGNED_LONG == 8 instead of + defined(__LP64__). + + Prepare random/win32.c fast poll for 64-bit Windows. + + commit 0cdd24456b33defc7f8176fa82ab694fbc284385 + * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to + ADDINT. + (_gcry_rndw32_gather_random_fast): Add ADDPTR. + (_gcry_rndw32_gather_random_fast): Disable entropy gathering from + GetQueueStatus(QS_ALLEVENTS). + (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and + maximumWorkingSetSize to SIZE_T from DWORD. + (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of + minimumWorkingSetSize and maximumWorkingSetSize to random poll. + (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly + using intrinsic. + + Disable GCM and AES-NI assembly implementations for WIN64. + + commit f701954555340a503f6e52cc18d58b0c515427b7 + * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Do not enable when + __WIN64__ defined. + * cipher/rijndael-internal.h (USE_AESNI): Ditto. + + Disable building mpi assembly routines on WIN64. + + commit e78560a4b717f7154f910a8ce4128de152f586da + * mpi/config.links: Disable assembly for host 'x86_64-*mingw32*'. + + Fix packed attribute check for Windows targets. + + commit e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe + * configure.ac (gcry_cv_gcc_attribute_packed): Move 'long b' to its + own packed structure. + + Fix tail handling in buf_xor_1. + + commit c2dba93e639639bdac139b3a3a456d10ddc61f79 + * cipher/bufhelp.h (buf_xor_1): Increment source pointer at tail + handling. + + Add --disable-hwf for basic tests. + + commit 839a3bbe2bb045139223b32753d656cc6c3d4669 + * tests/basic.c (main): Add handling for '--disable-hwf'. + + Use more odd chuck sizes for check_one_md. + + commit 9f086ffa43f2507b9d17522a0a2e394cb273baf8 + * tests/basic.c (check_one_md): Make chuck size vary oddly, instead + of using fixed length of 1000 bytes. + + Enable more modes in basic ciphers test. + + commit e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435 + * src/gcrypt.h.in (GCRY_OCB_BLOCK_LEN): New. + * tests/basic.c (check_one_cipher_core_reset): New. + (check_one_cipher_core): Use check_one_cipher_core_reset inplace of + gcry_cipher_reset. + (check_ciphers): Add CCM and OCB modes for block cipher tests. + + Fix reseting cipher in OCB mode. + + commit 88842cbc68beb4f73c87fdbcb74182cba818f789 + * cipher/cipher.c (cipher_reset): Setup default taglen for OCB after + clearing state. + +2015-04-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix buggy RC4 AMD64 assembly and add test to notice similar issues. + + commit 124dfce7c5a2d9405fa2b2832e91ac1267943830 + * cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of + 'x' and 'y'. + * tests/basic.c (get_algo_mode_blklen): New. + (check_one_cipher_core): Add new tests for split buffer input on + encryption and decryption. + +2015-04-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Disallow compiler from generating SSE instructions in mixed C+asm source + + commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e + * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target + pragma to disable compiler use of SSE. + * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto. + * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto. + +2015-04-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add OCB bulk crypt/auth functions for AES/AES-NI. + + commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac + * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt + and bulk.ocb_auth. + (_gcry_cipher_ocb_get_l): New prototype. + * cipher/cipher-ocb.c (get_l): Rename to ... + (_gcry_cipher_ocb_get_l): ... this. + (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when + available. + * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk + functions for AES. + * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec) + (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New. + * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt) + (_gcry_aes_aesni_ocb_auth): New prototypes. + (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New. + * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New + prototypes. + * tests/basic.c (check_ocb_cipher_largebuf): New. + (check_ocb_cipher): Add large buffer encryption/decryption test. + +2015-04-15 Werner Koch <wk@gnupg.org> + + tests: Add option to time the S2K function. + + commit fe38d3815b4cd203cd529949e244aca80d32897f + * tests/t-kdf.c: Include stopwatch.h. + (dummy_consumer): new. + (bench_s2k): New. + (main): Add option parser and option --s2k. + + tests: Improve stopwatch.h. + + commit 3b03a3b493233a472da531d8d9582d1be6d376b0 + * tests/stopwatch.h (elapsed_time): Add arg divisor. + +2015-04-13 Werner Koch <wk@gnupg.org> + + mpi: Fix gcry_mpi_copy for NULL opaque data. + + commit 9fca46864e1b5a9c788072113589454adb89fa97 + * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed. + +2015-03-21 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + wipememory: use one-byte aligned type for unaligned memory accesses. + + commit a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2 + * src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned + access only when HAVE_GCC_ATTRIBUTE_PACKED and + HAVE_GCC_ATTRIBUTE_ALIGNED defined. + (fast_wipememory_t): New. + (fast_wipememory2): Use 'fast_wipememory_t'. + + bufhelp: use one-byte aligned type for unaligned memory accesses. + + commit 92fa5f16d69707e302c0f85b2e5e80af8dc037f1 + * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when + HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined. + (bufhelp_int_t): New type. + (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use + 'bufhelp_int_t'. + [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_u32_t, bufhelp_u64_t): New. + [BUFHELP_FAST_UNALIGNED_ACCESS] (buf_get_be32, buf_get_le32) + (buf_put_be32, buf_put_le32, buf_get_be64, buf_get_le64) + (buf_put_be64, buf_put_le64): Use 'bufhelp_uXX_t'. + * configure.ac (gcry_cv_gcc_attribute_packed): New. + + tests/bench-slope: fix memory-leak and use-after-free bugs. + + commit aa234561d00c3fb15fe501df4bf58f3db7c7c06b + * tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end. + (bench_mac_init): Move 'key' free at end of function. + +2015-03-19 Werner Koch <wk@gnupg.org> + + Fix two pedantic warnings. + + commit f5832285b0e420d77be1b8da10a1e1d86583b414 + * src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing + comma. + +2015-03-16 Werner Koch <wk@gnupg.org> + + Use well defined type instead of size_t in secmem.c. + + commit db8ae3616987fa288173446398a107e31e2e28aa + * src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t. + + Make uintptr_t global available. + + commit f0f60c1a04d664936bcf52e8f46705bdc63e7ad9 + * cipher/bufhelp.h: Move include for uintptr_t to ... + * src/types.h: here. Check that config.h has been included. + + mpi: Remove useless condition. + + commit 0a9cdb8ae092d050ca12a7a4f2f50e25b82154ec + * mpi/mpi-pow.c: Remove condition rp==mp. + + cipher: Remove useless NULL check. + + commit fbb97dcf763e28e81e01092ad4c934b3eaf88cc8 + * cipher/hash-common.c (_gcry_md_block_write): Remove NUL check for + hd->buf. + +2015-02-28 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix in-place encryption for OCB mode. + + commit 5e66a4f8d5a63f58caeee367433dd8dd32346083 + * cipher/cipher-ocb.c (ocb_checksum): New. + (ocb_crypt): Move checksum calculation outside main crypt loop, do + checksum calculation for encryption before inbuf is overwritten. + * tests/basic.c (check_ocb_cipher): Rename to ... + (do_check_ocb_cipher): ... to this and add argument for testing + in-place encryption/decryption. + (check_ocb_cipher): New. + +2015-02-27 NIIBE Yutaka <gniibe@fsij.org> + + tests: fix t-sexp.c. + + commit 505decf5369970219ddc9e78a20f97c623957b78 + * tests/t-sexp.c (bug_1594): Free N and PUBKEY. + + mpi: Avoid data-dependent timing variations in mpi_powm. + + commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82 + * mpi/mpi-pow.c (mpi_powm): Access all data in the table by + mpi_set_cond. + + mpi: Revise mpi_powm. + + commit 1fa8cdb933505960d4e4b4842b122d4e06953e88 + * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP. + +2015-02-23 Werner Koch <wk@gnupg.org> + + cipher: Use ciphertext blinding for Elgamal decryption. + + commit 410d70bad9a650e3837055e36f157894ae49a57d + * cipher/elgamal.c (USE_BLINDING): New. + (decrypt): Rewrite to use ciphertext blinding. + +2015-02-12 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Add mpi_set_cond. + + commit 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288 + * mpi/mpiutil.c (_gcry_mpi_set_cond): New. + (_gcry_mpi_swap_cond): Fix types. + * src/mpi.h (mpi_set_cond): New. + +2015-01-30 Werner Koch <wk@gnupg.org> + + w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll. + + commit 40a7bdf50e19faaf106470897fed72af623adc50 + * src/Makefile.am (extra_ltoptions): New. + (libgcrypt_la_LDFLAGS): Use it. + +2015-01-28 Werner Koch <wk@gnupg.org> + + Fix building of GOST s-boxes when cross-compiling. + + commit 2564d204e408b296425ac0660c6bdc6270575fb6 + * cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD. + (noinst_PROGRAMS): Remove. + (EXTRA_DIST): New. + (CLEANFILES): New. + +2015-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: fix wrong ifdef for SSSE3 setkey. + + commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47 + * cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI + around SSSE3 setkey selection. + +2015-01-16 Werner Koch <wk@gnupg.org> + + Add OCB cipher mode. + + commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c + * cipher/cipher-ocb.c: New. + * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c + * cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New. + (gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb. + * cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode. + (_gcry_cipher_open_internal): Setup default taglen of OCB. + (cipher_reset): Clear OCB specific data. + (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) + (_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions. + (_gcry_cipher_setiv): Add OCB specific nonce setting. + (_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN + + * src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New. + (gcry_cipher_final): New. + + * cipher/bufhelp.h (buf_xor_1): New. + + * tests/basic.c (hex2buffer): New. + (check_ocb_cipher): New. + (main): Call it here. Add option --cipher-modes. + * tests/bench-slope.c (bench_aead_encrypt_do_bench): Call + gcry_cipher_final. + (bench_aead_decrypt_do_bench): Ditto. + (bench_aead_authenticate_do_bench): Ditto. Check error code. + (bench_ocb_encrypt_do_bench): New. + (bench_ocb_decrypt_do_bench): New. + (bench_ocb_authenticate_do_bench): New. + (ocb_encrypt_ops): New. + (ocb_decrypt_ops): New. + (ocb_authenticate_ops): New. + (cipher_modes): Add them. + (cipher_bench_one): Skip wrong block length for OCB. + * tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add + OCB support. + +2015-01-15 Werner Koch <wk@gnupg.org> + + Add functions to count trailing zero bits in a word. + + commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda + * cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New. + * configure.ac (HAVE_BUILTIN_CTZ): Add new test. + +2015-01-08 Werner Koch <wk@gnupg.org> + + cipher: Prepare for OCB mode. + + commit 9d328962660da72f094dc5424d5ef67abbaffdf6 + * src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New. + +2015-01-06 Werner Koch <wk@gnupg.org> + + Make make distcheck work again. + + commit 4f7dcdc25af269b12275126edeef30b262fb891d + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers. + * cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h. + +2015-01-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + stribog: Reduce table size to the needed one. + + commit e4de52378a85cf383994ded8edf0d5cf98dcb10c + * cipher/stribog.c (C16): Avoid allocating superfluous space. + + gostr3411-94: Fix the iteration count for length filling loop. + + commit 05dc5bcd234909ae9c9366b653346076b9a834ed + * cipher/gostr3411-94.c (gost3411_final): Fix loop + +2015-01-05 Werner Koch <wk@gnupg.org> + + random: Silent warning under NetBSD using rndunix. + + commit 817472358a093438e802380caecf7139406400cf + * random/rndunix.c (STDERR_FILENO): Define if needed. + (start_gatherer): Re-open standard descriptors. Fix an + unsigned/signed pointer warning. + + primegen: Fix memory leak for invalid call sequences. + + commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 + * cipher/primegen.c (prime_generate_internal): Refactor generator code + to not leak memory for non-implemented feature. + (_gcry_prime_group_generator): Refactor to not leak memory for invalid + args. Also make sure that R_G is set as soon as possible. + + doc: Update yat2m to current upstream version (GnuPG). + + commit dd5df198727ea5d8f6b04288e14fd732051453c8 + + + build: Require automake 1.14. + + commit f65276970a6dcd6d9bca94cecc49b68acdcc9492 + * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests. + + Replace camel case of internal scrypt functions. + + commit 1a6d65ac0aab335541726d02f2046d883a768ec3 + * cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change + callers. + (_scryptBlockMix): Rename to scrypt_block_mix. Change callers. + (_scryptROMix): Rename to scrypt_ro_mix. Change callers. + +2015-01-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rmd160: restore native-endian store in _gcry_rmd160_mixblock. + + commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de + * cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in + native-endianess. + +2014-12-27 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Intel SSSE3 based vector permutation AES implementation. + + commit 8eabecc883332156adffc1df42d27f614c157e06 + * cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'. + * cipher/rijndael-internal.h (USE_SSSE3): New. + (RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'. + * cipher/rijndael-ssse3-amd64.c: New. + * cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey) + (_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt) + (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc) + (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc) + (_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New. + (do_setkey): Add HWF check for SSSE3 and setup for SSSE3 + implementation. + (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add + selection for SSSE3 implementation. + * configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'. + +2014-12-25 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + random-csprng: fix compiler warnings on ARM. + + commit c2e1f8fea271f3ef8027809547c4a52e0b1e24a2 + * random/random-csprng.c (_gcry_rngcsprng_update_seed_file) + (read_pool): Cast keypool and rndpool to 'unsigned long *' through + 'void *'. + + scrypt: fix compiler warnings on ARM. + + commit 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94 + * cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'. + + secmem: fix compiler warnings on ARM. + + commit 99faf9cb34f872144313403f29f3379798debfc9 + * src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer + from 'char *' to 'memblock_t *' through 'void *'. + (MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'. + + hash: fix compiler warning on ARM. + + commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 + * cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through + 'void *'. + * cipher/md4.c (md4_final): Use buf_put_* helper instead of + converting 'char *' to 'u32 *'. + * cipher/md5.c (md5_final): Ditto. + * cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto. + * cipher/sha1.c (sha1_final): Ditto. + * cipher/sha256.c (sha256_final): Ditto. + * cipher/sha512.c (sha512_final): Ditto. + * cipher/tiger.c (tiger_final): Ditto. + + rijndael: fix compiler warnings on ARM. + + commit cc26106dbebeb84d481661813edc3e5aea9a7d99 + * cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of + keyschedule arrays to unions u1 and u2. + (keyschedenc32, keyscheddec32): New. + * cipher/rijndael.c (u32_a_t): Remove. + (do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove + casting byte arrays to u32_a_t. + (prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32 + and keyscheddec32; Remove casting byte arrays to u32_a_t. + +2014-12-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03 + + commit 520070e02e2e6ee7228945015573a6e1f4895ec3 + * cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte + counters for AAD and data in Poly1305. + * cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove. + (poly1305_fill_bytecounts, poly1305_do_padding): New. + (poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD + length. + (_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt) + (_gcry_cipher_poly1305_decrypt): Update AAD and data length separately. + (_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305. + (_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset + AAD and data byte counts; only allow 96-bit IV. + * cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to + ChaCha20 cipher. + * tests/basic.c (_check_poly1305_cipher): Update test-vectors. + (check_ciphers): Limit Poly1305-AEAD checks to ChaCha20. + * tests/bench-slope.c (cipher_bench_one): Ditto. + + chacha20: allow setting counter for stream random access. + + commit 11b8d2d449a7bc664b4371ae14c57caa6704d272 + * cipher/chacha20.c (CHACHA20_CTR_SIZE): New. + (chacha20_ivsetup): Add setup for full counter. + (chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE. + + gcm: do not pass extra key pointer for setupM/fillM. + + commit c964321c8a1328e89d636d899a45d68802f5ac9f + * cipher/cipher-gcm-intel-pclmul.c + (_gcry_ghash_setup_intel_pclmul): Remove 'h' parameter. + * cipher/cipher-gcm.c (_gcry_ghash_setup_intel_pclmul): Ditto. + (fillM): Get 'h' pointer from 'c'. + (setupM): Remome 'h' parameter. + (_gcry_cipher_gcm_setkey): Only pass 'c' to setupM. + + rijndael: use more compact look-up tables and add table prefetching. + + commit 2374753938df64f6fd8015b44613806a326eff1a + * cipher/rijndael-internal.h (rijndael_prefetchfn_t): New. + (RIJNDAEL_context): Add 'prefetch_enc_fn' and 'prefetch_dec_fn'. + * cipher/rijndael-tables.h (S, T1, T2, T3, T4, T5, T6, T7, T8, S5, U1) + (U2, U3, U4): Remove. + (encT, dec_tables, decT, inv_sbox): Add. + * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block) + (_gcry_aes_amd64_decrypt_block, _gcry_aes_arm_encrypt_block) + (_gcry_aes_arm_encrypt_block): Add parameter for passing table pointer + to assembly implementation. + (prefetch_table, prefetch_enc, prefetch_dec): New. + (do_setkey): Setup context prefetch functions depending on selected + rijndael implementation; Use new tables for key setup. + (prepare_decryption): Use new tables for decryption key setup. + (do_encrypt_aligned): Rename to... + (do_encrypt_fn): ... to this, change to use new compact tables, + make handle unaligned input and unroll rounds loop by two. + (do_encrypt): Remove handling of unaligned input/output; pass table + pointer to assembly implementations. + (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec): Prefetch encryption tables + before encryption. + (do_decrypt_aligned): Rename to... + (do_decrypt_fn): ... to this, change to use new compact tables, + make handle unaligned input and unroll rounds loop by two. + (do_decrypt): Remove handling of unaligned input/output; pass table + pointer to assembly implementations. + (rijndael_decrypt, _gcry_aes_cbc_dec): Prefetch decryption tables + before decryption. + * cipher/rijndael-amd64.S: Use 1+1.25 KiB tables for + encryption+decryption; remove tables from assembly file. + * cipher/rijndael-arm.S: Ditto. + +2014-12-15 Werner Koch <wk@gnupg.org> + + build: Add configure option --disable-doc. + + commit ad50e360ef4851e66e51a03fc420175636336b58 + * Makefile.am (AUTOMAKE_OPTIONS): Remove. + (doc) [!BUILD_DOC]: Do not recurse into the dir. + * configure.ac (AM_INIT_AUTOMAKE): Add option formerly in Makefile.am. + (BUILD_DOC): Add new am_conditional. + +2014-12-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: further optimizations for AES-NI accelerated CBC and CFB bulk modes + + commit 4f46374502eb988d701b904f83819e2cf7b1755c + * cipher/rijndael-aesni.c (do_aesni_enc, do_aesni_dec): Pass + input/output through SSE register XMM0. + (do_aesni_cfb): Remove. + (_gcry_aes_aesni_encrypt, _gcry_aes_aesni_decrypt): Add loading/storing + input/output to/from XMM0. + (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc) + (_gcry_aes_aesni_cfb_dec): Update to use renewed 'do_aesni_enc' and + move IV loading/storing outside loop. + (_gcry_aes_aesni_cbc_dec): Update to use renewed 'do_aesni_dec'. + + GCM: move Intel PCLMUL accelerated implementation to separate file. + + commit 4a0795af021305f9240f23626a3796157db46bd7 + * cipher/Makefile.am: Add 'cipher-gcm-intel-pclmul.c'. + * cipher/cipher-gcm-intel-pclmul.c: New. + * cipher/cipher-gcm.c [GCM_USE_INTEL_PCLMUL] + (_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): New + prototypes. + [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul, gfmul_pclmul_aggr4): Move + to 'cipher-gcm-intel-pclmul.c'. + (ghash): Rename to... + (ghash_internal): ...this and move GCM_USE_INTEL_PCLMUL part to new + function in 'cipher-gcm-intel-pclmul.c'. + (setupM): Move GCM_USE_INTEL_PCLMUL part to new function in + 'cipher-gcm-intel-pclmul.c'; Add selection of ghash function based + on available HW acceleration. + (do_ghash_buf): Change use of 'ghash' to 'c->u_mode.gcm.ghash_fn'. + * cipher/internal.h (ghash_fn_t): New. + (gcry_cipher_handle): Remove 'use_intel_pclmul'; Add 'ghash_fn'. + +2014-12-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: split Padlock part to separate file. + + commit cbf4c8cb6bbda15eea61885279f2a6f1d4bcedfd + * cipher/Makefile.am: Add 'rijndael-padlock.c'. + * cipher/rijndael-padlock.c: New. + * cipher/rijndael.c (do_padlock, do_padlock_encrypt) + (do_padlock_decrypt): Move to 'rijndael-padlock.c'. + * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-padlock.lo'. + +2014-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: refactor to reduce number of #ifdefs and branches. + + commit 3d5b51786e2050c461e9791b59142a731462b66d + * cipher/rijndael-aesni.c (_gcry_aes_aesni_encrypt) + (_gcry_aes_aesni_decrypt): Make return stack burn depth. + * cipher/rijndael-amd64.S (_gcry_aes_amd64_encrypt_block) + (_gcry_aes_amd64_decrypt_block): Ditto. + * cipher/rijndael-arm.S (_gcry_aes_arm_encrypt_block) + (_gcry_aes_arm_decrypt_block): Ditto. + * cipher/rijndael-internal.h (RIJNDAEL_context_s) + (rijndael_cryptfn_t): New. + (RIJNDAEL_context): New members 'encrypt_fn' and 'decrypt_fn'. + * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block) + (_gcry_aes_amd64_decrypt_block, _gcry_aes_aesni_encrypt) + (_gcry_aes_aesni_decrypt, _gcry_aes_arm_encrypt_block) + (_gcry_aes_arm_decrypt_block): Change prototypes. + (do_padlock_encrypt, do_padlock_decrypt): New. + (do_setkey): Separate key-length to rounds conversion from + HW features check; Add selection for ctx->encrypt_fn and + ctx->decrypt_fn. + (do_encrypt_aligned, do_decrypt_aligned): Move inside + '[!USE_AMD64_ASM && !USE_ARM_ASM]'; Move USE_AMD64_ASM and + USE_ARM_ASM to... + (do_encrypt, do_decrypt): ...here; Return stack depth; Remove second + temporary buffer from non-aligned input/output case. + (do_padlock): Move decrypt_flag to last argument; Return stack depth. + (rijndael_encrypt): Remove #ifdefs, just call ctx->encrypt_fn. + (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc): Remove USE_PADLOCK; Call + ctx->encrypt_fn in place of do_encrypt/do_encrypt_aligned. + (_gcry_aes_ctr_enc): Call ctx->encrypt_fn in place of + do_encrypt_aligned; Make tmp buffer 16-byte aligned and wipe buffer + after use. + (rijndael_encrypt): Remove #ifdefs, just call ctx->decrypt_fn. + (_gcry_aes_cfb_dec): Remove USE_PADLOCK; Call ctx->decrypt_fn in place + of do_decrypt/do_decrypt_aligned. + (_gcry_aes_cbc_dec): Ditto; Make savebuf buffer 16-byte aligned. + + rijndael: move AES-NI blocks before Padlock. + + commit dbf9e95dd3891f6e6ad370e8ab78fec03595687b + * cipher/rijndael.c (do_setkey, rijndael_encrypt, _gcry_aes_cfb_enc) + (rijndael_decrypt, _gcry_aes_cfb_dec): Move USE_AESNI before + USE_PADLOCK. + (check_decryption_praparation) [USE_PADLOCK]: Move to... + (prepare_decryption) [USE_PADLOCK]: ...here. + + rijndael: split AES-NI functions to separate file. + + commit 67d529630e838daeb8cb9c6d7ef660c01ef34fee + * cipher/Makefile.in: Add 'rijndael-aesni.c'. + * cipher/rijndael-aesni.c: New. + * cipher/rijndael-internal.h: New. + * cipher/rijndael.c (MAXKC, MAXROUNDS, BLOCKSIZE, ATTR_ALIGNED_16) + (USE_AMD64_ASM, USE_ARM_ASM, USE_PADLOCK, USE_AESNI, RIJNDAEL_context) + (keyschenc, keyschdec, padlockkey): Move to 'rijndael-internal.h'. + (u128_s, aesni_prepare, aesni_cleanup, aesni_cleanup_2_6) + (aesni_do_setkey, do_aesni_enc, do_aesni_dec, do_aesni_enc_vec4) + (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Move + to 'rijndael-aesni.c'. + (prepare_decryption, rijndael_encrypt, _gcry_aes_cfb_enc) + (_gcry_aes_cbc_enc, _gcry_aes_ctr_enc, rijndael_decrypt) + (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec) [USE_AESNI]: Move to functions + in 'rijdael-aesni.c'. + * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-aesni.lo'. + +2014-11-24 Werner Koch <wk@gnupg.org> + + Remove duplicated prototypes. + + commit d53ea84bed37b973f7ce59262c50b33700cd8311 + * src/gcrypt-int.h (_gcry_mpi_ec_new, _gcry_mpi_ec_set_mpi) + (gcry_mpi_ec_set_point): Remove. + + tests: Add a prime mode to benchmark. + + commit 1b4210c204a5ef5e631187509e011b8468a134ef + * tests/benchmark.c (progress_cb): Add a single char mode. + (prime_bench): New. + (main): Add a "prime" mode. Factor with_progress out to file scope. + +2014-11-19 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Improve Montgomery curve implementation. + + commit e6130034506013d6153465a2bedb6fb08a43f74d + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support + MPI_EC_MONTGOMERY. + * cipher/ecc.c (test_ecdh_only_keys): New. + (nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY. + (check_secret_key): Handle Montgomery curve of x-coordinate only. + * mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop. + Simplify, using pointers of Q1, Q2, PRD, and SUM. + +2014-11-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Disable NEON for CPUs that are known to have broken NEON implementation. + + commit 95eef21583d8e998efc48f22898c1ae31b77cb48 + * src/hwf-arm.c (detect_arm_proc_cpuinfo): Add parsing for CPU version + information and check if CPU is known to have broken NEON + implementation. + (_gcry_hwf_detect_arm): Filter out broken HW features. + + Add ARM/NEON implementation of Poly1305. + + commit 0b520128551054d83fb0bb2db8873394f38de498 + * cipher/Makefile.am: Add 'poly1305-armv7-neon.S'. + * cipher/poly1305-armv7-neon.S: New. + * cipher/poly1305-internal.h (POLY1305_USE_NEON) + (POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE) + (POLY1305_NEON_ALIGNMENT): New. + * cipher/poly1305.c [POLY1305_USE_NEON] + (_gcry_poly1305_armv7_neon_init_ext) + (_gcry_poly1305_armv7_neon_finish_ext) + (_gcry_poly1305_armv7_neon_blocks, poly1305_armv7_neon_ops): New. + (_gcry_poly1305_init) [POLY1305_USE_NEON]: Select NEON implementation + if HWF_ARM_NEON set. + * configure.ac [neonsupport=yes]: Add 'poly1305-armv7-neon.lo'. + + chacha20: add ARMv7/NEON implementation. + + commit c584f44543883346d5a565581ff99a0afce9c5e1 + * cipher/Makefile.am: Add 'chacha20-armv7-neon.S'. + * cipher/chacha20-armv7-neon.S: New. + * cipher/chacha20.c (USE_NEON): New. + [USE_NEON] (_gcry_chacha20_armv7_neon_blocks): New. + (chacha20_do_setkey) [USE_NEON]: Use Neon implementation if + HWF_ARM_NEON flag set. + (selftest): Self-test encrypting buffer byte by byte. + * configure.ac [neonsupport=yes]: Add 'chacha20-armv7-neon.lo'. + +2014-10-08 Markus Teich <markus.teich@stusta.mhn.de> + + mpi: Add gcry_mpi_ec_sub. + + commit 23ecadf309f8056c35cc092e58df801ac0eab862 + * NEWS (gcry_mpi_ec_sub): New. + * doc/gcrypt.texi (gcry_mpi_ec_sub): New. + * mpi/ec.c (_gcry_mpi_ec_sub, sub_points_edwards): New. + (sub_points_montgomery, sub_points_weierstrass): New stubs. + * src/gcrypt-int.h (_gcry_mpi_ec_sub): New. + * src/gcrypt.h.in (gcry_mpi_ec_sub): New. + * src/libgcrypt.def (gcry_mpi_ec_sub): New. + * src/libgcrypt.vers (gcry_mpi_ec_sub): New. + * src/mpi.h (_gcry_mpi_ec_sub_points): New. + * src/visibility.c (gcry_mpi_ec_sub): New. + * src/visibility.h (gcry_mpi_ec_sub): New. + +2014-10-08 Werner Koch <wk@gnupg.org> + + Fix prime test for 2 and lower and add check command to mpicalc. + + commit 5c906e2cdb14e93fb4915fdc69c7353a5fa35709 + * cipher/primegen.c (check_prime): Return true for the small primes. + (_gcry_prime_check): Return correct values for 2 and lower numbers. + + * src/mpicalc.c (do_primecheck): New. + (main): Add command 'P'. + (main): Allow for larger input data. + +2014-10-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Whirlpool AMD64/SSE2 assembly implementation. + + commit de0ccd4dce7ec185a678d78878d4538dd609ca0f + * cipher/Makefile.am: Add 'whirlpool-sse2-amd64.S'. + * cipher/whirlpool-sse2-amd64.S: New. + * cipher/whirlpool.c (USE_AMD64_ASM): New. + (whirlpool_tables_s): New. + (rc, C0, C1, C2, C3, C4, C5, C6, C7): Combine these tables into single + structure and replace old tables with macros of same name. + (tab): New structure containing above tables. + [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64) + (whirlpool_transform): New. + * configure.ac [host=x86_64]: Add 'whirlpool-sse2-amd64.lo'. + +2014-10-04 Andrei Scherer <andsch@inbox.com> + + Improved ripemd160 performance. + + commit 30bd759f398f45b04d0a783b875f59ce9bd1e51d + * cipher/rmd160.c (transform): Interleave the left and right lane + rounds to introduce more instruction level parallelism. + +2014-10-02 Werner Koch <wk@gnupg.org> + + build: Document SYSROOT. + + commit 0ecd136a6ca02252f63ad229fa5240897bfe6544 + * configure.ac: Mark SYSROOT as arg var. + + build: Support SYSROOT based config script finding. + + commit 1e8b86494cf8fa045696bd447b16267ffd1797f0 + * src/libgcrypt.m4: Add support for SYSROOT and set + gpg_config_script_warn. Use AC_PATH_PROG instead of AC_PATH_TOOL + because the config script is not expected to be installed with a + prefix for its name + * configure.ac: Print a library mismatch warning. + * m4/gpg-error.m4: Update from git master. + +2014-09-30 Werner Koch <wk@gnupg.org> + + mac: Fix gcry_mac_close to allow for a NULL handle. + + commit 51dae8c8c4b63bb5e1685cbd8722e35342524737 + * cipher/mac.c (_gcry_mac_close): Check for NULL. + +2014-09-03 Werner Koch <wk@gnupg.org> + + Add a constant for a forthcoming new RNG. + + commit 8b960a807d168000d2690897a7634bd384ac1346 + * src/gcrypt.h.in (GCRYCTL_DRBG_REINIT): New constant. + +2014-09-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add new Poly1305 MAC test vectors. + + commit 8a2a328742012a7c528dd007437185e4584c1e48 + * tests/basic.c (check_mac): Add new test vectors for Poly1305 MAC. + +2014-09-02 Werner Koch <wk@gnupg.org> + + asm: Allow building x86 and amd64 using old compilers. + + commit 5eec04a43e6c562e956353449be931dd43dfe1cc + * src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled. + +2014-08-21 Werner Koch <wk@gnupg.org> + + sexp: Check args of gcry_sexp_build. + + commit e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c + * src/sexp.c (do_vsexp_sscan): Return error for invalid args. + + cipher: Fix a segv in case of calling with wrong parameters. + + commit f850add813d783f31ca6a60459dea25ef71bce7e + * cipher/md.c (_gcry_md_info): Fix arg testing. + + cipher: Fix possible NULL deref in call to prime generator. + + commit 18056ace7f466cb8c1eaf08e5dc0400516d83b4c + * cipher/primegen.c (_gcry_generate_elg_prime): Change to return an + error code. + * cipher/dsa.c (generate): Take care of new return code. + * cipher/elgamal.c (generate): Change to return an error code. Take + care of _gcry_generate_elg_prime return code. + (generate_using_x): Take care of _gcry_generate_elg_prime return code. + (elg_generate): Propagate return code from generate. + +2014-08-12 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Support Montgomery curve for gcry_mpi_ec_mul_point. + + commit 34bb55ee36df3aca3ebca88f8b61c786cd0c0701 + * mpi/ec.c (_gcry_mpi_ec_get_affine): Support Montgomery curve. + (montgomery_ladder): New. + (_gcry_mpi_ec_mul_point): Implemention using montgomery_ladder. + (_gcry_mpi_ec_curve_point): Check x-coordinate is valid. + +2014-08-09 Werner Koch <wk@gnupg.org> + + tests: Add a benchmark for Elgamal. + + commit e6d354865bf8f3d4c1bb5e8157a76fdd442cff41 + * tests/benchmark.c (sample_public_elg_key_1024): New. + (sample_private_elg_key_1024): New. + (sample_public_elg_key_2048, sample_private_elg_key_2048): New. + (sample_public_elg_key_3072, sample_private_elg_key_3072): New. + (elg_bench): New. + (main): Add elg_bench. Add commands "elg" and "public". + +2014-08-08 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Add cofactor to domain parameters. + + commit 9933b9e5e1a3f5b1019c75f93bd265d4a1ecc270 + * src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'. + * cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'. + (_gcry_ecc_update_curve_param): New API adding cofactor. + + * cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'. + (ecc_domain_parms_t domain_parms): Add cofactors. + (_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param) + (_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp) + (_gcry_ecc_get_mpi): Handle cofactor. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise. + * cipher/ecc-misc.c (_gcry_ecc_curve_free) + (_gcry_ecc_curve_copy): Likewise. + * cipher/ecc.c (nist_generate_key, ecc_generate) + (ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw) + (ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc): + Likewise. + (compute_keygrip): Handle cofactor, but skip it for its computation. + * mpi/ec.c (ec_deinit): Likewise. + * tests/t-mpi-point.c (context_param): Likewise. + (test_curve): Add cofactors. + * tests/curves.c (sample_key_1, sample_key_2): Add cofactors. + * tests/keygrip.c (key_grips): Add cofactors. + +2014-08-05 Werner Koch <wk@gnupg.org> + + mpi: Fix regression for powerpc-apple-darwin detection. + + commit 4ce77b0a810d3c889c07dfb385127d90fa1ae36a + * mpi/config.links: Add separate entry for powerpc-apple-darwin. + + Fix bug inhibiting the use of the sentinel attribute. + + commit d2d28298ccc0d0f3c0b03fd323deb1e8808ef74f + * src/gcrypt.h.in: Fix typo in macro. + + mpi: Use BSD syntax for x86_64-apple-darwin. + + commit 71939faa7c54e7b4b28d115e748a85f134876a02 + * mpi/config.links: Add case for x86_64-apple-darwin. + +2014-08-05 Kristian Fiskerstrand <kf@sumptuouscapital.com> + + Fix building for the x32 target without asm modules. + + commit a17c29844b63e9e869f7855d901bc9d859234ead + * mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI. + +2014-07-25 Werner Koch <wk@gnupg.org> + + ecc: Support the non-standard 0x40 compression flag for EdDSA. + + commit 4556f9b19c024f16bdf542da7173395c0741b91d + * cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA. + * cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX. + (_gcry_ecc_eddsa_encodepoint): Ditto. + (_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix. + (_gcry_ecc_eddsa_decodepoint): Ditto. + * tests/keygrip.c: Check an compresssed with prefix Ed25519 key. + * tests/t-ed25519.inp: Ditto. + + mpi: Extend the internal mpi_get_buffer. + + commit 0e10902ad7584277ac966367efc712b183784532 + * mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC. + (_gcry_mpi_get_buffer_extra): New. + + cipher: Fix compiler warning for chacha20. + + commit 4e0bf1b9190ce08fb23eb3ae0c3be58954ff36ab + * cipher/chacha20.c (chacha20_blocks) [!USE_SSE2]: Do not build. + +2014-07-16 NIIBE Yutaka <gniibe@fsij.org> + + mpi: Add mpi_swap_cond. + + commit 4846e52728970e3117f3a046ef9010be089a3ae4 + * mpi/mpiutil.c (_gcry_mpi_swap_cond): New. + * src/mpi.h (mpi_swap_cond): New. + +2014-06-29 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Speed-up SHA-1 NEON assembly implementation. + + commit 1b9b00bbe41bbed32563f1102049521e703e72bd + * cipher/sha1-armv7-neon.S: Tweak implementation for speed-up. + +2014-06-28 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + gostr3411_94: rewrite to use u32 mathematic. + + commit 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 + * cipher/gost28147.c (_gcry_gost_enc_data): New. + * cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic + internally. + * cipher/gost28147.c (_gcry_gost_enc_one): Remove. + + gost28147: use bufhelp helpers. + + commit 7aeba6c449169926076df83b01ddbfa6b41fe411 + * cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block): + use buf_get_le32/buf_put_le32 helpers. + + Fixup curve name in the GOST2012 test case. + + commit b78d504fa8745b8b04589acbbcf7dd5fe9279d13 + * tests/basic.c (check_pubkey): fixup curve name in public key. + + Update PBKDF2 tests with GOST R 34.11-94 test cases. + + commit 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7 + * tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases. + + Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet. + + commit 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9 + * src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New. + * src/cipher.h (_gcry_digest_spec_gost3411_cp): New. + * cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between + CryptoPro and Test S-Boxes. + * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp, + gost3411_cp_init): New. + * cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32. + + gost28147: support GCRYCTL_SET_SBOX. + + commit 5ee35a04362c94e680ef3633fa83b72e0aee8626 + cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New. + + Support setting s-box for the ciphers that require it. + + commit fb074d113fcbf66a5c20592625cb19051f3430f5 + * src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New. + * cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to + set_extra_info callback. + + cipher/gost28147: generate optimized s-boxes from compact ones. + + commit 164738a0292b3f32c7747099ad9cadace58e5eda + * cipher/gost-s-box.c: New. Outputs optimized expanded representation of + s-boxes (4x256) from compact 16x8 representation. + * cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo + * cipher/gost.h: Add sbox to the GOST28147_context structure. + * cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from + GOST R 34.11 (this was the only one S-box before). + * cipher/gost28147.c (gost_val): Use sbox from the context. + + gost28147: add OIDs used to define cipher mode. + + commit 34a58010000288515636706811c3837f32957b2e + * cipher/gost28147 (oids_gost28147): Add OID from RFC4357. + + GOST R 34.11-94 add OIDs. + + commit 8b221cf5ce233c8c49a4e4ecebb70d523fc37837 + * cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357. + +2014-05-21 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + tests: add larger test-vectors for hash algorithms. + + commit f14fb5b427b5159fcd9603d2b3cde936889cf430 + * tests/basic.c (check_digests): Add large test-vectors for MD5, SHA1, + SHA224, SHA256, SHA384, RMD160, CRC32, TIGER1, WHIRLPOOL and + GOSTR3411_94. + + sha512: fix ARM/NEON implementation. + + commit beb901575f0d6cd6a0a27506ebea9a725754d0cc + * cipher/sha512-armv7-neon.S + (_gcry_sha512_transform_armv7_neon): Byte-swap RW67q and RW1011q + correctly in multi-block loop. + * tests/basic.c (check_digests): Add large test vector for SHA512. + +2014-05-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix ARM assembly when building __PIC__ + + commit 994c758d8f5471c7e9c38c2834742cca2502d35f + * cipher/camellia-arm.S (GET_DATA_POINTER): New. + (_gcry_camellia_arm_encrypt_block): Use GET_DATA_POINTER. + (_gcry_camellia_arm_decrypt_block): Ditto. + * cipher/cast5-arm.S (GET_DATA_POINTER): New. + (_gcry_cast5_arm_encrypt_block, _gcry_cast5_arm_decrypt_block) + (_gcry_cast5_arm_enc_blk2, _gcry_cast5_arm_dec_blk2): Use + GET_DATA_POINTER. + * cipher/rijndael-arm.S (GET_DATA_POINTER): New. + (_gcry_aes_arm_encrypt_block, _gcry_aes_arm_decrypt_block): Use + GET_DATA_POINTER. + * cipher/sha1-armv7-neon.S (GET_DATA_POINTER): New. + (.LK_VEC): Move from .text to .data section. + (_gcry_sha1_transform_armv7_neon): Use GET_DATA_POINTER. + +2014-05-17 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add Poly1305 to documentation. + + commit bf4943932dae95a0573b63bf32a9b9acd5a6ddf3 + * doc/gcrypt.texi: Add documentation for Poly1305 MACs and AEAD mode. + +2014-05-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + chacha20: add SSE2/AMD64 optimized implementation. + + commit 323b1eb80ff3396d83fedbe5bba9a4e6c412d192 + * cipher/Makefile.am: Add 'chacha20-sse2-amd64.S'. + * cipher/chacha20-sse2-amd64.S: New. + * cipher/chacha20.c (USE_SSE2): New. + [USE_SSE2] (_gcry_chacha20_amd64_sse2_blocks): New. + (chacha20_do_setkey) [USE_SSE2]: Use SSE2 implementation for blocks + function. + * configure.ac [host=x86-64]: Add 'chacha20-sse2-amd64.lo'. + + poly1305: add AMD64/AVX2 optimized implementation. + + commit 98f021961ee65669037bc8bb552a69fd78f610fc + * cipher/Makefile.am: Add 'poly1305-avx2-amd64.S'. + * cipher/poly1305-avx2-amd64.S: New. + * cipher/poly1305-internal.h (POLY1305_USE_AVX2) + (POLY1305_AVX2_BLOCKSIZE, POLY1305_AVX2_STATESIZE) + (POLY1305_AVX2_ALIGNMENT): New. + (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE) + (POLY1305_STATE_ALIGNMENT): Use AVX2 versions when needed. + * cipher/poly1305.c [POLY1305_USE_AVX2] + (_gcry_poly1305_amd64_avx2_init_ext) + (_gcry_poly1305_amd64_avx2_finish_ext) + (_gcry_poly1305_amd64_avx2_blocks, poly1305_amd64_avx2_ops): New. + (_gcry_poly1305_init) [POLY1305_USE_AVX2]: Use AVX2 implementation if + AVX2 supported by CPU. + * configure.ac [host=x86_64]: Add 'poly1305-avx2-amd64.lo'. + +2014-05-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + poly1305: add AMD64/SSE2 optimized implementation. + + commit 297532602ed2d881d8fdc393d1961068a143a891 + * cipher/Makefile.am: Add 'poly1305-sse2-amd64.S'. + * cipher/poly1305-internal.h (POLY1305_USE_SSE2) + (POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE) + (POLY1305_SSE2_ALIGNMENT): New. + (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE) + (POLY1305_STATE_ALIGNMENT): Use SSE2 versions when needed. + * cipher/poly1305-sse2-amd64.S: New. + * cipher/poly1305.c [POLY1305_USE_SSE2] + (_gcry_poly1305_amd64_sse2_init_ext) + (_gcry_poly1305_amd64_sse2_finish_ext) + (_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops): New. + (_gcry_polu1305_init) [POLY1305_USE_SSE2]: Use SSE2 version. + * configure.ac [host=x86_64]: Add 'poly1305-sse2-amd64.lo'. + + Add Poly1305 based cipher AEAD mode. + + commit e813958419b0ec4439e6caf07d3b2234cffa2bfa + * cipher/Makefile.am: Add 'cipher-poly1305.c'. + * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.poly1305'. + (_gcry_cipher_poly1305_encrypt, _gcry_cipher_poly1305_decrypt) + (_gcry_cipher_poly1305_setiv, _gcry_cipher_poly1305_authenticate) + (_gcry_cipher_poly1305_get_tag, _gcry_cipher_poly1305_check_tag): New. + * cipher/cipher-poly1305.c: New. + * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) + (cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv) + (_gcry_cipher_authenticate, _gcry_cipher_gettag) + (_gcry_cipher_checktag): Handle 'GCRY_CIPHER_MODE_POLY1305'. + (cipher_setiv): Move handling of 'GCRY_CIPHER_MODE_GCM' to ... + (_gcry_cipher_setiv): ... here, as with other modes. + * src/gcrypt.h.in: Add 'GCRY_CIPHER_MODE_POLY1305'. + * tests/basic.c (_check_poly1305_cipher, check_poly1305_cipher): New. + (check_ciphers): Add Poly1305 check. + (check_cipher_modes): Call 'check_poly1305_cipher'. + * tests/bench-slope.c (bench_gcm_encrypt_do_bench): Rename to + bench_aead_... and take nonce as argument. + (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench): Ditto. + (bench_gcm_encrypt_do_bench, bench_gcm_decrypt_do_bench) + (bench_gcm_authenticate_do_bench, bench_poly1305_encrypt_do_bench) + (bench_poly1305_decrypt_do_bench) + (bench_poly1305_authenticate_do_bench, poly1305_encrypt_ops) + (poly1305_decrypt_ops, poly1305_authenticate_ops): New. + (cipher_modes): Add Poly1305. + (cipher_bench_one): Add special handling for Poly1305. + + Add Poly1305-AES (-Camellia, etc) MACs. + + commit 73b3b75c2221a6e3bed4117e0a206a1193acd2ed + * cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes) + (_gcry_mac_type_spec_poly1305_camellia) + (_gcry_mac_type_spec_poly1305_twofish) + (_gcry_mac_type_spec_poly1305_serpent) + (_gcry_mac_type_spec_poly1305_seed): New. + * cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and + 'nonce_set'. + (poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling + for Poly1305-*** MACs. + (poly1305mac_prepare_key, poly1305mac_setiv): New. + (poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling + for 'nonce_set'. + (poly1305mac_ops): Add 'poly1305mac_setiv'. + (_gcry_mac_type_spec_poly1305_aes) + (_gcry_mac_type_spec_poly1305_camellia) + (_gcry_mac_type_spec_poly1305_twofish) + (_gcry_mac_type_spec_poly1305_serpent) + (_gcry_mac_type_spec_poly1305_seed): New. + * cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish, + Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia. + * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES', + 'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH', + 'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'. + * tests/basic.c (check_mac): Add Poly1305-AES test vectors. + * tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs. + * tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs. + + Add Poly1305 MAC. + + commit b8794fed68ebe7567f4617141f0996ad290d9120 + * cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and + 'poly1305-internal.h'. + * cipher/mac-internal.h (poly1305mac_context_s): New. + (gcry_mac_handle): Add 'u.poly1305mac'. + (_gcry_mac_type_spec_poly1305mac): New. + * cipher/mac-poly1305.c: New. + * cipher/mac.c (mac_list): Add Poly1305. + * cipher/poly1305-internal.h: New. + * cipher/poly1305.c: New. + * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'. + * tests/basic.c (check_mac): Add Poly1035 test vectors; Allow + overriding lengths of data and key buffers. + * tests/bench-slope.c (mac_bench): Increase max algo number from 500 to + 600. + * tests/benchmark.c (mac_bench): Ditto. + + chacha20/AVX2: clear upper-halfs of YMM registers on entry. + + commit c20daeeb05329bfc6cc2c562cbd4b965291fe0e1 + * cipher/chacha20-avx2-amd64.S (_gcry_chacha20_amd64_avx2_blocks): Add + 'vzeroupper' at beginning. + + chacha20/AVX2: check for ENABLE_AVX2_SUPPORT instead of HAVE_GCC_INLINE_ASM_AVX2 + + commit a3062db748f272e0f7346e1ed9e0bf7ed61a4eae + * cipher/chacha20.c (USE_AVX2): Enable depending on + ENABLE_AVX2_SUPPORT, not HAVE_GCC_INLINE_ASM_AVX2. + * cipher/chacha20-avx2-amd64.S: Ditto. + + chacha20/SSSE3: clear XMM registers after use. + + commit a7d9eeeba632b7eb4a5b15ff17f6565181642f3c + * cipher/chacha20-ssse3-amd64.S (_gcry_chacha20_amd64_ssse3_blocks): On + return, clear XMM registers. + +2014-05-11 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + chacha20: add AVX2/AMD64 assembly implementation. + + commit a39ee7555691d18cae97560f130aaf952bfbd278 + * cipher/Makefile.am: Add 'chacha20-avx2-amd64.S'. + * cipher/chacha20-avx2-amd64.S: New. + * cipher/chacha20.c (USE_AVX2): New macro. + [USE_AVX2] (_gcry_chacha20_amd64_avx2_blocks): New. + (chacha20_do_setkey): Select AVX2 implementation if there is HW + support. + (selftest): Increase size of buf by 256. + * configure.ac [host=x86-64]: Add 'chacha20-avx2-amd64.lo'. + + chacha20: add SSSE3 assembly implementation. + + commit def7d4cad386271c6d4e2f10aabe0cb4abd871e4 + * cipher/Makefile.am: Add 'chacha20-ssse3-amd64.S'. + * cipher/chacha20-ssse3-amd64.S: New. + * cipher/chacha20.c (USE_SSSE3): New macro. + [USE_SSSE3] (_gcry_chacha20_amd64_ssse3_blocks): New. + (chacha20_do_setkey): Select SSSE3 implementation if there is HW + support. + * configure.ac [host=x86-64]: Add 'chacha20-ssse3-amd64.lo'. + + Add ChaCha20 stream cipher. + + commit 23f33d57c9b6f2295a8ddfc9a8eee5a2c30cf406 + * cipher/Makefile.am: Add 'chacha20.c'. + * cipher/chacha20.c: New. + * cipher/cipher.c (cipher_list): Add ChaCha20. + * configure.ac: Add ChaCha20. + * doc/gcrypt.texi: Add ChaCha20. + * src/cipher.h (_gcry_cipher_spec_chacha20): New. + * src/gcrypt.h.in (GCRY_CIPHER_CHACHA20): Add new algo. + * tests/basic.c (MAX_DATA_LEN): Increase to 128 from 100. + (check_stream_cipher): Add ChaCha20 test-vectors. + (check_ciphers): Add ChaCha20. + +2014-05-09 Werner Koch <wk@gnupg.org> + + mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit. + + commit 246b7aaae1ee459f440260bbc4ec2c01c5dc3362 + * mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear + allocated but not used bits before resizing. + * tests/t-mpi-bits.c (set_bit_with_resize): New. + +2014-05-07 Werner Koch <wk@gnupg.org> + + Bump LT version. + + commit fc6ff6f73a51bcbbbb3757dc1386da40aa3ae75d + * configure.ac: Bumb LT version to C21/A1/R0. + +2014-04-22 Werner Koch <wk@gnupg.org> + + random: Small patch for consistency and really burn the stack. + + commit a79c4ad7c56ee4410f17beb73eeb58b0dd36bfc6 + * random/rndlinux.c (_gcry_rndlinux_gather_random): s/int/size_t/. + (_gcry_rndlinux_gather_random): Replace memset by wipememory. + +2014-04-16 Werner Koch <wk@gnupg.org> + + pubkey: Re-map all depreccated RSA algo numbers. + + commit 773e23698218755e9172d2507031a8263c47cc0b + * cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S. + +2014-04-15 Werner Koch <wk@gnupg.org> + + cipher: Fix possible NULL dereference. + + commit ae1fbce6dacf14747af0126e640bd4e54cb8c680 + * cipher/md.c (_gcry_md_selftest): Check for spec being NULL. + +2014-03-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + 3des: add amd64 assembly implementation for 3DES. + + commit b76b632a453b8d100d024e2439b4358454dc286e + * cipher/Makefile.am: Add 'des-amd64.S'. + * cipher/cipher-selftests.c (_gcry_selftest_helper_cbc) + (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Handle failures + from 'setkey' function. + * cipher/cipher.c (_gcry_cipher_open_internal) [USE_DES]: Setup bulk + functions for 3DES. + * cipher/des-amd64.S: New file. + * cipher/des.c (USE_AMD64_ASM, ATTR_ALIGNED_16): New macros. + [USE_AMD64_ASM] (_gcry_3des_amd64_crypt_block) + (_gcry_3des_amd64_ctr_enc), _gcry_3des_amd64_cbc_dec) + (_gcry_3des_amd64_cfb_dec): New prototypes. + [USE_AMD64_ASM] (tripledes_ecb_crypt): New function. + (TRIPLEDES_ECB_BURN_STACK): New macro. + (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec) + (bulk_selftest_setkey, selftest_ctr, selftest_cbc, selftest_cfb): New + functions. + (selftest): Add call to CTR, CBC and CFB selftest functions. + (do_tripledes_encrypt, do_tripledes_decrypt): Use + TRIPLEDES_ECB_BURN_STACK. + * configure.ac [host=x86-64]: Add 'des-amd64.lo'. + * src/cipher.h (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec) + (_gcry_3des_cfb_dec): New prototypes. + +2014-03-13 Werner Koch <wk@gnupg.org> + + tests: Print diagnostics for skipped tests. + + commit 50aeee51a0b1a09dd9fff2bb71749a816fe7a791 + * tests/basic.c (show_note): New. + (show_md_not_available): + (show_old_hmac_not_available): + (show_mac_not_available): + (check_digests): Remove USE_foo cpp tests from the test table. Call + show_md_not_available if algo is not available. + (check_hmac): Likewise. + (check_mac): Likewise. + +2014-03-11 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Add MD2 message digest implementation. + + commit 5a8e1504bf8a2ffbc018be576dea77b685200444 + * cipher/md2.c: New. + * cipher/md.c (digest_list): add _gcry_digest_spec_md2. + * tests/basic.c (check_digests): add MD2 test vectors. + * configure.ac (default_digests): disable md2 by default. + +2014-03-04 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Add an utility to calculate hashes over a set of files. + + commit 2b5403c408dfbd71be24c7635f5fa0b61ab4c9bb + * tests/gchash.c: New. + + Add a simple (raw) PKCS#1 padding mode. + + commit ea8d597726305274214224757b32730644e12bd8 + * src/cipher.h (PUBKEY_ENC_PKCS1_RAW): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Handle pkcs1-raw + flag. + * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): + Handle s-exp like (data (flags pkcs1-raw) (value xxxxx)) + * cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig): + PKCS#1-encode data with embedded hash OID for signature verification. + * tests/basic.c (check_pubkey_sign): Add tests for s-exps with pkcs1-raw + flag. + +2014-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix ARMv6 detection when CFLAGS modify target CPU architecture. + + commit 6be3032048ee2466511d2384fcf2d28b856219b2 + * configure.ac (gcry_cv_cc_arm_arch_is_v6): Use compiler test instead + of preprocessor test. + +2014-01-29 Werner Koch <wk@gnupg.org> + + Reserve control code for FIPS extensions. + + commit aea96a64fbc58a0b6f9f435e97e93294c6eb1052 + * src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New. + (GCRYCTL_REACTIVATE_FIPS_FLAG): New. + * src/global.c (_gcry_vcontrol): Add them but return not_implemented. + +2014-01-29 NIIBE Yutaka <gniibe@fsij.org> + + Fix RSA Blinding. + + commit 121a90d8931944974054f7d94f63b7f89df87fa5 + * cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse. + +2014-01-28 Werner Koch <wk@gnupg.org> + + cipher: Take care of ENABLE_NEON_SUPPORT. + + commit 52f7c48c901a3de51bd690a218f3de2f71e8d790 + * cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if + ENABLE_NEON_SUPPORT is defined. + * cipher/serpent.c (USE_NEON): Ditto. + * cipher/sha1.c (USE_NEON): Ditto. + * cipher/sha512.c (USE_ARM_NEON_ASM): Ditto. + + sexp: Fix broken gcry_sexp_nth. + + commit cbdc355415f83ed62da4f3618767eba54d7e6d37 + * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data + element. + (NODE): Remove unused typedef. + (ST_HINT): Comment unused macro. + + * tests/t-sexp.c (bug_1594): New. + (main): Run new test. + +2014-01-27 Werner Koch <wk@gnupg.org> + + tests: Improve t-common.h. + + commit 7460e9243b3cc050631c37ed4f2713ae7bcb6762 + * tests/t-common.h: Add couple of macros. Check that config.h has + been included. + (show): Rename to info. + * tests/t-lock.c, tests/t-sexp.c: Adjust for changes. + + mpi: Minor fix for Atari-mint. + + commit 3caa0f1319dc4779e0d6eee4460c1af2a12b2c3c + * mpi/config.links [m68k-atari-mint]: Do not assume 68020. Suggested + by Alan Hourihane. + + (cherry picked from commit 420f42a5752e90a8b27d58ffa1ddfe6e4ab341e8) + +2014-01-27 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Fix most of memory leaks in tests code. + + commit 5c150ece094bf0a504a111ce6c7b72e8d0b0457a + * tests/basic.c (check_ccm_cipher): Close cipher after use. + * tests/basic.c (check_one_cipher): Correct length of used buffer. + * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer + initialized. + * tests/keygen.c (check_ecc_keys): Release generated key. + * tests/t-mpi-point.c (context_param): Release mpi Q. + * tests/t-sexp.c (check_extract_param): Release extracted number. + + Fix memory leaks in ecc code. + + commit 6d87e6abdfb7552323a95401f14e6367398a3e5a + * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi + values. + * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error + path. + * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi. + + Fix number of blocks passed used in _gcry_rmd160_mixblock. + + commit 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41 + * cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform + +2014-01-27 Werner Koch <wk@gnupg.org> + + Small Windows build tweaks. + + commit f7df906171854b6b6506b82d4fee2c2ebb0327ea + * configure.ac (HAVE_PTHREAD): Do test when building for Windows. + + * tests/basic.c: Replace "%zi" by "%z" and a cast to make it work + under Windows. + + Update gpg-error autoconf macros to fix threading problems. + + commit 79da0358fd555361e1ce4202f55494a8918eb8ae + * m4/gpg-error.m4: Update to version 2014-01-24. + * tests/Makefile.am (t_lock_LDADD): Use MT Libs. + +2014-01-24 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + tests: Pass -no-install to libtool. + + commit bf34bfa5c458ee5ece91f25e3b4194d768498ab6 + * tests/Makefile.am: add AM_LDFLAGS = -no-install + +2014-01-24 Werner Koch <wk@gnupg.org> + + tests: Add a test for the internal locking. + + commit ff91ec934ed52294cddcd7dcfacc04721a0487bf + * src/global.c (external_lock_test): New. + (_gcry_vcontrol): Call new function with formerly reserved code 61. + + * tests/t-common.h: New. Taken from current libgpg-error. + * tests/t-lock.c: New. Based on t-lock.c from libgpg-error. + * configure.ac (HAVE_PTHREAD): Set macro to 1 if defined. + (AC_CHECK_FUNCS): Check for flockfile. + * tests/Makefile.am (tests_bin): Add t-lock. + (noinst_HEADERS): Add t-common.h + (LDADD): Move value to ... + (default_ldadd): new. + (t_lock_LDADD): New. + + Check compiler features only for the relevant platform. + + commit 24e65d715812cea28732397870cb1585b8435521 + * mpi/config.links (mpi_cpu_arch): Always set for ARM. Set for HPPA. + Set to "undefined" for unknown platforms. + (try_asm_modules): Act upon only after having detected the CPU. + * configure.ac: Move the call to config.links before the platform + specific compiler checks. Check platform specific features only if + the platform is targeted. + +2014-01-23 Werner Koch <wk@gnupg.org> + + Support building using the latest mingw-w64 toolchain. + + commit 4ad3417acab5021db1f722c314314ce4b781833a + * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection. + +2014-01-20 Werner Koch <wk@gnupg.org> + + cipher: Fix commit 94030e44. + + commit dad06e4d1b835bac778b87090b1d3894b7535b14 + * cipher/tiger.c (tiger_init): Add arg FLAGS. + (tiger1_init, tiger2_init): Ditto. + + tests: Rename tsexp.c. + + commit 192e77d123fdb04c459c998b9eb1731618a833fa + * tests/tsexp.c: Rename to t-sexp.c + +2014-01-19 Werner Koch <wk@gnupg.org> + + md: Add Whirlpool bug emulation feature. + + commit 94030e44aaff805d754e368507f16dd51a531b72 + * src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New. + * src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS. Change all code + to implement that flag. + * cipher/md.c (gcry_md_context): Replace SECURE and FINALIZED by bit + field FLAGS. Add flag BUGEMU1. Change all users. + (md_open): Replace args SECURE and HMAC by FLAGS. Init flags.bugemu1. + (_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1. + (md_enable): Pass bugemu1 flag to the hash init function. + (_gcry_md_reset): Ditto. + +2014-01-17 Werner Koch <wk@gnupg.org> + + Actually check for uint64_t. + + commit c3b30bae7d1e157f8b65e32ba1b3a516f2bbf58b + * configure.ac: Check size of uint64_t and the UINT64_C macro. + +2014-01-16 Werner Koch <wk@gnupg.org> + + Replace ath based mutexes by gpgrt based locks. + + commit cfc151ba637200e4fc05d9481a8df2071b2f9a47 + * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13. + (gl_LOCK): Remove. + * src/ath.c, src/ath.h: Remove. Remove from all files. Replace all + mutexes by gpgrt based statically initialized locks. + * src/global.c (global_init): Remove ath_init. + (_gcry_vcontrol): Make ath install a dummy function. + (print_config): Remove threads info line. + + * doc/gcrypt.texi: Simplify the multi-thread related documentation. + +2014-01-15 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1. + + commit 49edeebb43174865cf4fa2c170a42a8e4274c4f0 + * mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0. + * tests/t-mpi-point.c (context_alloc): Remove two spurious tests. + +2014-01-14 Milan Broz <gmazyland@gmail.com> + + PBKDF2: Use gcry_md_reset to speed up calculation. + + commit 04cda6b7cc16f3f52c12d9d3e46c56701003496e + * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset + to speed up calculation. + +2014-01-13 Werner Koch <wk@gnupg.org> + + Fix macro conflict in NetBSD. + + commit 5f2af6c26bc04975c0b518881532871d7387d7ce + * cipher/bithelp.h (bswap32): Rename to _gcry_bswap32. + (bswap64): Rename to _gcry_bswap64. + + Use internal malloc function in fips.c. + + commit 518ae274a1845ce626b2b4223a9b3805cbbab1a7 + * src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/. + +2014-01-13 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Truncate hash values for ECDSA signature scheme. + + commit 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225 + * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque + mpis as required for DSA and ECDSA signature schemas. + * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to + behave like the rest of internal sign/verify functions. + * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation. + * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): + as required by ECDSA scheme, truncate hash values to bitlength of + used curve. + * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash + truncation. + + Add GOST R 34.10-2012 curves proposed by TC26. + + commit 2c5ec803100ed8261e51442fb93b75367b7725ea + * cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves + proposed/pending to standardization by TC26 (Russian cryptography + technical comitee). + * cipher/ecc-curves.c (curve_alias): Add OID aliases. + * tests/curves.c: Increase N_CURVES. + + Add GOST R 34.10-2001 curves per RFC4357. + + commit 9bedc5c3b646dfe481678ca58f5466ac46decaf7 + * cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357. + * cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST + curves. + * tests/curves.c (N_CURVES): Update value. + + Fix typo in search_oid. + + commit 7edcb574d8d6dffb6e234c2ba1996a9a04923859 + * cipher/md.c (search_oid): Invert condition on oid comparison. + + Add MD2-HMAC calculation support. + + commit 653b58cb5e85511b6c04c3f85ef3e372c2e9f74f + * src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New. + * cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2. + + Add a function to retrieve algorithm used by MAC handler. + + commit 8439a379c86ef1088465ea70ac10840759a1638e + * cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo. + * src/visibility.c (gcry_mac_get_algo): New wrapper. + * src/visibility.h: Hanlde gcry_mac_get_algo. + * src/gcrypt-int.h (_gcry_mac_get_algo): New. + * src/gcrypt.h.in (gcry_mac_get_algo): New. + * src/libgcrypt.def (gcry_mac_get_algo): New. + * src/libgcrypt.vers (gcry_mac_get_algo): New. + * doc/gcrypt.texi: Document gcry_mac_get_algo. + * tests/basic.c (check_one_mac): Verify gcry_mac_get_algo. + + Correct formatting of gcry_mac_get_algo_keylen documentation. + + commit 36c9e0e4eb4f935da90df1c8df484d1940bda5eb + * doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen + documentation. + + Use braces around unsigned int in gcry_mac_get_algo_keylen + documentation, otherwise texinfo breaks that and uses 'int' as a + function definition. + +2014-01-13 Werner Koch <wk@gnupg.org> + + ecc: Make a macro shorter. + + commit 2ef48ba59c32bfa1a9265d5eea8ab225a658903a + * src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage + all users. + * cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as + comment. + * mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards. + (add_points_twistededwards): Rename to add_points_edwards. + +2014-01-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix assembly division check. + + commit ef3e66e168c4b9b86bfc4903001631e53a7125d8 + * configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable + name mismatch at '--Wa,--divide' workaround check. + +2014-01-12 NIIBE Yutaka <gniibe@fsij.org> + + Add secp256k1 curve. + + commit 019e0e9e8c77a2edf283745e05e9301673ea6a0a + * cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID. + (domain_parms): Add secp256k1's domain paramerter. + + * tests/basic.c (check_pubkey): Add a key of secp256k1. + + * tests/curves.c (N_CURVES): Updated. + +2014-01-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix constant division for AMD64 assembly on Solaris/x86. + + commit 43376891c01f4aff1fbfb23beafebb5adfd0868c + * configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for + constant division in assembly and test for "-Wa,--divide" workaround. + (gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division. + +2014-01-10 Werner Koch <wk@gnupg.org> + + Use the generic autogen.sh script. + + commit b0ac1f9b143aa15855914ba93fef900288d45c9c + * autogen.rc: New. + * Makefile.am (EXTRA_DIST): Add it. + * autogen.sh: Update from current GnuPG. + + Move all helper scripts to build-aux/ + + commit df9b4eabf52faee6f289a4bc62219684442ae383 + * scripts/: Rename to build-aux/. + * compile, config.guess, config.rpath, config.sub + * depcomp, doc/mdate-sh, doc/texinfo.tex + * install-sh, ltmain.sh, missing: Move to build-aux/. + * Makefile.am (EXTRA_DIST): Adjust. + * configure.ac (AC_CONFIG_AUX_DIR): New. + (AM_SILENT_RULES): New. + +2013-12-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add blowfish/serpent ARM assembly files to Makefile.am. + + commit 7fef7f481c0a1542be34d1dc831f58d41846ac29 + * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'. + + Add AMD64 assembly implementation for arcfour. + + commit 7547898109c72a97e3102b2a045ee4fdb2aa40bf + * cipher/Makefile.am: Add 'arcfour-amd64.S'. + * cipher/arcfour-amd64.S: New. + * cipher/arcfour.c (USE_AMD64_ASM): New. + [USE_AMD64_ASM] (ARCFOUR_context, _gcry_arcfour_amd64) + (encrypt_stream): New. + * configure.ac [host=x86_64]: Add 'arcfour-amd64.lo'. + + Parse /proc/cpuinfo for ARM HW features. + + commit a05be441d8cd89b90d8d58e3a343a436dae377d0 + * src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO) + (detect_arm_proc_cpuinfo): New. + (_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for + HW features. + + Fix buggy/incomplete detection of AVX/AVX2 support. + + commit bbcb12187afb1756cb27296166b57fa19ee45d4d + * configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2 + inline assembly checks. + * src/hwf-x86.c [__i386__] (get_xgetbv): New function. + [__x86_64__] (get_xgetbv): New function. + [HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for + XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are + supported by OS. + +2013-12-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Change utf-8 copyright characters to '(C)' + + commit b7e814f93ee40fcfe17a187a8989c07fde2ba0cd + cipher/blowfish-amd64.S: Change utf-8 encoded copyright character to + '(C)'. + cipher/blowfish-arm.S: Ditto. + cipher/bufhelp.h: Ditto. + cipher/camellia-aesni-avx-amd64.S: Ditto. + cipher/camellia-aesni-avx2-amd64.S: Ditto. + cipher/camellia-arm.S: Ditto. + cipher/cast5-amd64.S: Ditto. + cipher/cast5-arm.S: Ditto. + cipher/cipher-ccm.c: Ditto. + cipher/cipher-cmac.c: Ditto. + cipher/cipher-gcm.c: Ditto. + cipher/cipher-selftest.c: Ditto. + cipher/cipher-selftest.h: Ditto. + cipher/mac-cmac.c: Ditto. + cipher/mac-gmac.c: Ditto. + cipher/mac-hmac.c: Ditto. + cipher/mac-internal.h: Ditto. + cipher/mac.c: Ditto. + cipher/rijndael-amd64.S: Ditto. + cipher/rijndael-arm.S: Ditto. + cipher/salsa20-amd64.S: Ditto. + cipher/salsa20-armv7-neon.S: Ditto. + cipher/serpent-armv7-neon.S: Ditto. + cipher/serpent-avx2-amd64.S: Ditto. + cipher/serpent-sse2-amd64.S: Ditto. + + Add ARM/NEON implementation for SHA-1. + + commit fc7dcf616937afaf73cfda1bf7bd79566a96b130 + * cipher/Makefile.am: Add 'sha1-armv7-neon.S'. + * cipher/sha1-armv7-neon.S: New. + * cipher/sha1.c (USE_NEON): New. + (SHA1_CONTEXT, sha1_init) [USE_NEON]: Add and initialize 'use_neon'. + [USE_NEON] (_gcry_sha1_transform_armv7_neon): New. + (transform) [USE_NEON]: Use ARM/NEON assembly if enabled. + * configure.ac: Add 'sha1-armv7-neon.lo'. + + Improve performance of SHA-512/ARM/NEON implementation. + + commit df629ba53a662427ebd3ddca90c3fe9ddd6511d3 + * cipher/sha512-armv7-neon.S (RT01q, RT23q, RT45q, RT67q): New. + (round_0_63, round_64_79): Remove. + (rounds2_0_63, rounds2_64_79): New. + (_gcry_sha512_transform_armv7_neon): Add 'nblks' input; Handle multiple + input blocks; Use new round macros. + * cipher/sha512.c [USE_ARM_NEON_ASM] + (_gcry_sha512_transform_armv7_neon): Add 'num_blks'. + (transform) [USE_ARM_NEON_ASM]: Pass nblks to assembly. + + Add AVX and AVX2/BMI implementations for SHA-256. + + commit a5c2bbfe0db515d739ab683297903c77b1eec124 + * LICENSES: Add 'cipher/sha256-avx-amd64.S' and + 'cipher/sha256-avx2-bmi2-amd64.S'. + * cipher/Makefile.am: Add 'sha256-avx-amd64.S' and + 'sha256-avx2-bmi2-amd64.S'. + * cipher/sha256-avx-amd64.S: New. + * cipher/sha256-avx2-bmi2-amd64.S: New. + * cipher/sha256-ssse3-amd64.S: Use 'lea' instead of 'add' in few + places for tiny speed improvement. + * cipher/sha256.c (USE_AVX, USE_AVX2): New. + (SHA256_CONTEXT) [USE_AVX, USE_AVX2]: Add 'use_avx' and 'use_avx2'. + (sha256_init, sha224_init) [USE_AVX, USE_AVX2]: Initialize above + new context members. + [USE_AVX] (_gcry_sha256_transform_amd64_avx): New. + [USE_AVX2] (_gcry_sha256_transform_amd64_avx2): New. + (transform) [USE_AVX2]: Use AVX2 assembly if enabled. + (transform) [USE_AVX]: Use AVX assembly if enabled. + * configure.ac: Add 'sha256-avx-amd64.lo' and + 'sha256-avx2-bmi2-amd64.lo'. + +2013-12-17 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add AVX and AVX/BMI2 implementations for SHA-1. + + commit e4e458465b124e25b6aec7a60174bf1ca32dc5fd + * cipher/Makefile.am: Add 'sha1-avx-amd64.S' and + 'sha1-avx-bmi2-amd64.S'. + * cipher/sha1-avx-amd64.S: New. + * cipher/sha1-avx-bmi2-amd64.S: New. + * cipher/sha1.c (USE_AVX, USE_BMI2): New. + (SHA1_CONTEXT) [USE_AVX]: Add 'use_avx'. + (SHA1_CONTEXT) [USE_BMI2]: Add 'use_bmi2'. + (sha1_init): Initialize 'use_avx' and 'use_bmi2'. + [USE_AVX] (_gcry_sha1_transform_amd64_avx): New. + [USE_BMI2] (_gcry_sha1_transform_amd64_bmi2): New. + (transform) [USE_BMI2]: Use BMI2 assembly if enabled. + (transform) [USE_AVX]: Use AVX assembly if enabled. + * configure.ac: Add 'sha1-avx-amd64.lo' and 'sha1-avx-bmi2-amd64.lo'. + + SHA-1/SSSE3: Improve performance on large buffers. + + commit 6fd0dd2a5f1362f91e2861cd9d300341a43842a5 + * cipher/sha1-ssse3-amd64.S (RNBLKS): New. + (_gcry_sha1_transform_amd64_ssse3): Handle multiple input blocks, with + software pipelining of next data block processing. + * cipher/sha1.c [USE_SSSE3] (_gcry_sha1_transform_amd64_ssse3): Add + 'nblks'. + (transform) [USE_SSSE3]: Pass nblks to assembly function. + + Add bulk processing for hash transform functions. + + commit 50b8c8342d023038a4b528af83153293dd2756ea + * cipher/hash-common.c (_gcry_md_block_write): Preload 'hd->blocksize' + to stack, pass number of blocks to 'hd->bwrite'. + * cipher/hash-common.c (_gcry_md_block_write_t): Add 'nblks'. + * cipher/gostr3411-94.c: Rename 'transform' function to + 'transform_blk', add new 'transform' function with 'nblks' as + additional input. + * cipher/md4.c: Ditto. + * cipher/md5.c: Ditto. + * cipher/md4.c: Ditto. + * cipher/rmd160.c: Ditto. + * cipher/sha1.c: Ditto. + * cipher/sha256.c: Ditto. + * cipher/sha512.c: Ditto. + * cipher/stribog.c: Ditto. + * cipher/tiger.c: Ditto. + * cipher/whirlpool.c: Ditto. + +2013-12-16 Werner Koch <wk@gnupg.org> + + Release 1.6.0. + + commit 0ea9731e1c93a962f6266004ab0e7418c19d6277 + + + doc: Change yat2m to allow arbitrary condition names. + + commit 9a912f8c4f366c53f1cdb94513b67b937e87178b + * doc/yat2m.c (MAX_CONDITION_NESTING): New. + (gpgone_defined): Remove. + (condition_s, condition_stack, condition_stack_idx): New. + (cond_is_active, cond_in_verbatim): New. + (add_predefined_macro, set_macro, macro_set_p): New. + (evaluate_conditions, push_condition, pop_condition): New. + (parse_file): Rewrite to use the condition stack. + (top_parse_file): Set prefined macros. + (main): Change -D to define arbitrary macros. + + tests: Add SHA-512 to the long hash test. + + commit 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020 + * tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512. + * tests/hashtest-256g.in (algos): Add test for SHA-512. + + Add configure option --enable-large-data-tests. + + commit a6b9304a889397ac98e1c2c4ac3e178669d94492 + * configure.ac: Add option --enable-large-data-tests. + * tests/hashtest-256g.in: New. + * tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in. + (TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and + tests_sh_last. + (tests_sh_last): Add hashtest-256g + (noinst_PROGRAMS): Add only tests_bin and tests_bin_last. + (bench-slope.log, hashtest-256g.log): New rules to enforce serial run. + + random: Call random progress handler more often. + + commit 5a7ce59396fe56f0d681df314bfbdb5f7732d4b1 + * random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress + indicator earlier. + + cipher: Normalize the MPIs used as input to secret key functions. + + commit dec048b2ec79271a2f4405be5b87b1e768b3f1a9 + * cipher/dsa.c (sign): Normalize INPUT. + * cipher/elgamal.c (decrypt): Normalize A and B. + * cipher/rsa.c (secret): Normalize the INPUT. + (rsa_decrypt): Reduce DATA before passing to secret. + +2013-12-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Change dummy variable in mpih-div.c to mpi_limb_t type. + + commit 953535a7de68cf62b5b1ad6f96ea3a9edd83762c + * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy + variable to 'mpi_limb_t' type from 'int'. + + Remove duplicate gcry_mac_hd_t typedef. + + commit 5c31990214b58c4e17edb01fbbe6d9f573975a22 + * cipher/mac-internal.h (gcry_mac_hd_t): Remove. + +2013-12-15 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Use u64 for CCM data lengths. + + commit 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d + * cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF]. + [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for + data lengths. + [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt) + (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce) + (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag) + (_gcry_cipher_ccm_check_tag): Dummy functions returning + GPG_ERROR_NOT_SUPPORTED. + * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm) + (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use + u64 instead of size_t for CCM data lengths. + * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset) + (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED + for CCM. + (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for + GCRYCTL_SET_CCM_LENGTHS length parameters. + * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF. + * tests/bench-slope.c: Ditto. + * tests/benchmark.c: Ditto. + +2013-12-14 Werner Koch <wk@gnupg.org> + + tests: Prevent rare failure of gcry_pk_decrypt test. + + commit bfb43a17d8db571fca4ed433ee8be5c366745844 + * tests/basic.c (check_pubkey_crypt): Add special mode 1. + (main): Add option --loop. + +2013-12-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Minor fixes to SHA assembly implementations. + + commit ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995 + * cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'. + * cipher/sha1-ssse3-amd64.S: First line, correct filename. + * cipher/sha256-ssse3-amd64.S: Return correct stack burn depth. + * cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers. + * cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn + depth. + + SHA-1/SSSE3: Do not check for Intel syntax assembly support. + + commit c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9 + * cipher/sha1-ssse3-amd64.S: Remove check for + HAVE_INTEL_SYNTAX_PLATFORM_AS. + * cipher/sha1.c [USE_SSSE3]: Ditto. + +2013-12-13 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm. + + commit d2b853246c2ed056a92096d89c3ca057e45c9c92 + * cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to + 'sha1-ssse3-amd64.S'. + * cipher/sha1-ssse3-amd64.c: Remove. + * cipher/sha1-ssse3-amd64.S: New. + + SHA-1: Add SSSE3 implementation. + + commit be2238f68abcc6f2b4e8c38ad9141376ce622a22 + * cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'. + * cipher/sha1-ssse3-amd64.c: New. + * cipher/sha1.c (USE_SSSE3): New. + (SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. + (sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'. + (transform): Rename to... + (_transform): this. + (transform): New. + * configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'. + + Add missing register clearing in to SHA-256 and SHA-512 assembly. + + commit 04615cc6803cdede25fa92e3ff697e252a23cd7a + * cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return. + * cipher/sha512-avx-amd64.S: Ditto. + * cipher/sha512-avx2-bmi2-amd64.S: Ditto. + * cipher/sha512-ssse3-amd64.S: Ditto. + +2013-12-13 Werner Koch <wk@gnupg.org> + + Update license information. + + commit 764643a3d5634bcbc47790bd8505f6a1a5280d9c + * LICENSES: New. + * Makefile.am (EXTRA_DIST): Add LICENSES. + * AUTHORS: Add list of copyright holders. + * README: Reference AUTHORS. + +2013-12-13 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix empty clobber in AVX2 assembly check. + + commit e41d605ee41469e8a33cdc4d38f742cfb931f835 + * configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly + globber. + + Fix W32 build. + + commit a71b810ddd67ca3a1773d8f929d162551abb58eb + * random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to + xmalloc, and gcry_xrealloc to xrealloc. + +2013-12-12 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + SHA-512: Add AVX and AVX2 implementations for x86-64. + + commit 2e4253dc8eb512cd0e807360926dc6ba912c95b4 + * cipher/Makefile.am: Add 'sha512-avx-amd64.S' and + 'sha512-avx2-bmi2-amd64.S'. + * cipher/sha512-avx-amd64.S: New. + * cipher/sha512-avx2-bmi2-amd64.S: New. + * cipher/sha512.c (USE_AVX, USE_AVX2): New. + (SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'. + (SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'. + (sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'. + (sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'. + [USE_AVX] (_gcry_sha512_transform_amd64_avx): New. + [USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New. + (transform) [USE_AVX2]: Add call for AVX2 implementation. + (transform) [USE_AVX]: Add call for AVX implementation. + * configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check. + (sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'. + * doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'. + * src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New. + * src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2". + * src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and + HWF_INTEL_BMI2. + + SHA-512: Add SSSE3 implementation for x86-64. + + commit 69a6d0f9562fcd26112a589318c13de66ce1700e + * cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'. + * cipher/sha512-ssse3-amd64.S: New. + * cipher/sha512.c (USE_SSSE3): New. + (SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. + (sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'. + [USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New. + (transform) [USE_SSSE3]: Call SSSE3 implementation. + * configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'. + + SHA-256: Add SSSE3 implementation for x86-64. + + commit e1a3931263e67aacec3c0bfcaa86c7d1441d5c6a + * cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'. + * cipher/sha256-ssse3-amd64.S: New. + * cipher/sha256.c (USE_SSSE3): New. + (SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. + (sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'. + (transform): Rename to... + (_transform): This. + [USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New. + (transform): New. + * configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check. + (sha256): Add 'sha256-ssse3-amd64.lo'. + * doc/gcrypt.texi: Document 'intel-ssse3'. + * src/g10lib.h (HWF_INTEL_SSSE3): New. + * src/hwfeatures.c (hwflist): Add "intel-ssse3". + * src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3. + +2013-12-12 Werner Koch <wk@gnupg.org> + + Add a configuration file to disable hardware features. + + commit 5e1239b1e2948211ff2675f45cce2b28c3379cfb + * src/hwfeatures.c: Inclyde syslog.h and ctype.h. + (HWF_DENY_FILE): New. + (my_isascii): New. + (parse_hwf_deny_file): New. + (_gcry_detect_hw_features): Call it. + + * src/mpicalc.c (main): Correctly initialize Libgcrypt. Add options + "--print-config" and "--disable-hwf". + + Move list of hardware features to hwfeatures.c. + + commit 4ae77322b681a13da62d01274bcab25be2af12d0 + * src/global.c (hwflist, disabled_hw_features): Move to .. + * src/hwfeatures.c: here. + (_gcry_disable_hw_feature): New. + (_gcry_enum_hw_features): New. + (_gcry_detect_hw_features): Remove arg DISABLED_FEATURES. + * src/global.c (print_config, _gcry_vcontrol, global_init): Adjust + accordingly. + + Remove macro hacks for internal vs. external functions. Part 2 and last. + + commit 3b30e9840d4b351c4de73b126e561154cb7df4cc + * src/visibility.h: Remove remaining define/undef hacks for symbol + visibility. Add macros to detect the use of the public functions. + Change all affected functions by replacing them by the x-macros. + * src/g10lib.h: Add internal prototypes. + (xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure) + (xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure) + (xcalloc_secure, xrealloc, xstrdup, xfree): New macros. + +2013-12-11 Werner Koch <wk@gnupg.org> + + random: Add a feature to close device file descriptors. + + commit cd548ba2dc777b8b27d8d33182ba733c20222120 + * src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New. + * src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds. + * random/random.c (_gcry_random_close_fds): New. + * random/random-csprng.c (_gcry_rngcsprng_close_fds): New. + * random/random-fips.c (_gcry_rngfips_close_fds): New. + * random/random-system.c (_gcry_rngsystem_close_fds): New. + * random/rndlinux.c (open_device): Add arg retry. + (_gcry_rndlinux_gather_random): Add mode to close open fds. + + * tests/random.c (check_close_random_device): New. + (main): Call new test. + +2013-12-10 Werner Koch <wk@gnupg.org> + + Fix last commit (9a37470c) + + commit eae1e7712e1b687bd77eb37d0eb505fc9d46d93c + * src/secmem.c (lock_pool): Remove remaining line. Reported by Ian + Goldberg. + +2013-12-09 Werner Koch <wk@gnupg.org> + + Fix one-off memory leak when build with Linux capability support. + + commit 9a37470c50ee9966cb2652617a404ddd54a9c096 + * src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by + Mike Crowe <mac@mcrowe.com>. + +2013-12-09 David 'Digit' Turner <digit@google.com> + + Update libtool to support Android. + + commit 2516f0b660b1a7181ad38c44310c627f4f498595 + * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool + repository. + +2013-12-09 Werner Koch <wk@gnupg.org> + + tests: Speed up benchmarks in regression test mode. + + commit 2e5354fe8db5288939733d0fb63ad4c87bc20105 + * tests/tsexp.c (check_extract_param): Fix compiler warning. + * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST. + * tests/bench-slope.c (main): Speed up if in regression test mode. + * tests/benchmark.c (main): Ditto. + + tests: Add --csv option to bench-slope. + + commit 8072e9fa4b42ae8e65e266aa158fd903f1bb0927 + * tests/bench-slope.c (STR, STR2): New. + (cvs_mode): New. + (num_measurement_repetitions): New. Replace use of + NUM_MEASUREMENT_REPETITIONS by this. + (current_section_name, current_algo_name, current_mode_name): New. + (bench_print_result_csv): New. + (bench_print_result_std): Rename from bench_print_result. + (bench_print_result): New. Divert depending on CSV_MODE. + (bench_print_header, bench_print_footer): take care of CSV_MODE. + (bench_print_algo, bench_print_mode): New. Use them instead of + explicit printfs. + (main): Add options --csv and --repetitions. + +2013-12-07 Werner Koch <wk@gnupg.org> + + sexp: Allow long names and white space in gcry_sexp_extract_param. + + commit d4555433b6e422fa69a85cae99961f513e55d82b + * src/sexp.c (_gcry_sexp_vextract_param): Skip white space. Support + long parameter names. + * tests/tsexp.c (check_extract_param): Add test cases for long parameter + names and white space. + +2013-12-06 Werner Koch <wk@gnupg.org> + + ecc: Merge partly duplicated code. + + commit 405021cb6d4e470337302c65dec5bc91491a89c1 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ... + (_gcry_ecc_eddsa_compute_h_d): new function. + * cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function. + (reverse_buffer): Remove. + + ecc: Remove unused internal function. + + commit 4cf2c65fe15173c8d68a141a01b34fc1fb9080b7 + * src/cipher-proto.h (gcry_pk_spec): Remove get_param. + * cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from + _gcry_ecc_get_param. + (_gcry_ecc_get_param): Remove. + * cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param. + +2013-12-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix building on mingw32. + + commit 5917ce34e3b3eac4c15f62577e4723974024f818 + * src/gcrypt-int.h: Include <types.h>. + +2013-12-05 Werner Koch <wk@gnupg.org> + + ecc: Change OID for Ed25519. + + commit 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f + * cipher/ecc-curves.c (curve_aliased): Add more suitable OID for + Ed25519. + + Remove macro hacks for internal vs. external functions. Part 1. + + commit 7bacf1812b55fa78db63abaa1f5a9220e9c6cccc + * src/visibility.h: Remove almost all define/undef hacks for symbol + visibility. Add macros to detect the use of the public functions. + Change all affected functions by prefixing them explicitly with an + underscore and change all internal callers to call the underscore + prefixed versions. Provide convenience macros from sexp and mpi + functions. + * src/visibility.c: Change all functions to use only gpg_err_code_t + and translate to gpg_error_t only in visibility.c. + +2013-12-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + mpi: add inline assembly for x86-64. + + commit 85bb0a98ea5add0296cbcc415d557eaa1f6bd294 + * mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm) + (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New. + +2013-12-04 NIIBE Yutaka <gniibe@fsij.org> + + mpi: fix gcry_mpi_powm for negative base. + + commit c56080c26186d25dec05f01831494c77d8d07e13 + * mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]: + Fix for the case where BASE is negative. + * tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19. + +2013-12-03 Werner Koch <wk@gnupg.org> + + Add build support for ppc64le. + + commit 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51 + * config.guess, config.sub: Update to latest version (2013-11-29). + * m4/libtool.m4: Add patches for ppc64le. + +2013-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: fix compiler warning on aarch64. + + commit 59b1a1b7ee2923e1bf091071ae716d180c6c6006 + * cipher/rijndael.c (do_setkey): Use braces for empty if statement + instead of semicolon. + + Add aarch64 (arm64) mpi assembly. + + commit 80896bc8f5e6ed9a627374e34f040ad5f3617584 + * mpi/aarch64/mpi-asm-defs.h: New. + * mpi/aarch64/mpih-add1.S: New. + * mpi/aarch64/mpih-mul1.S: New. + * mpi/aarch64/mpih-mul2.S: New. + * mpi/aarch64/mpih-mul3.S: New. + * mpi/aarch64/mpih-sub1.S: New. + * mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64 + assembly. + * mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm) + (count_leading_zeros): New. + +2013-12-02 Werner Koch <wk@gnupg.org> + + ecc: Use constant time point operation for Twisted Edwards. + + commit d4ce0cfe0d35d7ec69c115456848b5b735c928ea + * mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time + operation if needed. + * tests/benchmark.c (main): Add option --use-secmem. + + ecc: Make gcry_pk_testkey work for Ed25519. + + commit 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2 + * cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G + and d. Change all callers. + * cipher/ecc.c (gen_y_2): Remove. + (check_secret_key): Use generic public key compute function. Adjust + for use with Ed25519 and EdDSA. + (nist_generate_key): Do not use the compliant key thingy for Ed25519. + (ecc_check_secret_key): Make parameter parsing similar to the other + functions. + * cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so + that _gcry_ecc_update_curve_param works correctly. + * tests/keygen.c (check_ecc_keys): Add "param" flag. Check all + Ed25519 keys. + + ecc: Fix eddsa point decompression. + + commit 485f35124b1a74af0bad321ed70be3a79d8d11d7 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative + case. + + ecc: Fix gcry_mpi_ec_curve_point for Weierstrass. + + commit ecb90f8e7c6f2516080d27ed7da6a25f2314da3c + * mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation. + (ec_pow3): New. + (ec_p_init): Always copy B. + + mpi: Introduce 4 user flags for gcry_mpi_t. + + commit 29eddc2558d4cf39995f66d5fccd62f584d5b203 + * src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2) + (GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New. + * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) + (gcry_mpi_get_flag, _gcry_mpi_free): Implement them. + (gcry_mpi_set_opaque): Keep user flags. + +2013-11-29 Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com> + + Fix armv3 compile error. + + commit 3b1cc9e6c357574f54160298d731c18f3d717b6c + * mpi/longlong.h [__arm__ && __ARM_ARCH < 4] (umul_ppmm): Use + __AND_CLOBBER_CC instead of __CLOBBER_CC. + + longlong.h on mips with clang. + + commit 1ecbd0bca31d462719a2a6590c1d03244e76ef89 + * mpi/longlong.h [__mips__]: Use C-language version with clang. + +2013-11-24 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Camellia: Tweaks for AES-NI implementations. + + commit 3ef21e7e1b8003db9792155044db95f9d9ced184 + * cipher/camellia-aesni-avx-amd64.S: Align stack to 16 bytes; tweak + key-setup for small speed up. + * cipher/camellia-aesni-avx2-amd64.S: Use vmovdqu even with aligned + stack; reorder vinsert128 instructions; use rbp for stack frame. + +2013-11-21 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add GMAC to MAC API. + + commit a34448c929b13bfb7b66d69169c89e7319a18b31 + * cipher/Makefile.am: Add 'mac-gmac.c'. + * cipher/mac-gmac.c: New. + * cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'. + (_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish) + (_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed) + (_gcry_mac_type_spec_gmac_camellia): New externs. + * cipher/mac.c (mac_list): Add GMAC specifications. + * doc/gcrypt.texi: Add mention of GMAC. + * src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms. + * tests/basic.c (check_one_mac): Add support for MAC IVs. + (check_mac): Add support for MAC IVs and add GMAC test vectors. + * tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499. + * tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499. + + GCM: Move gcm_table initialization to setkey. + + commit dbfa651618693da7ea73b4d2d00d4efd411bfb46 + * cipher/cipher-gcm.c: Change all 'c->u_iv.iv' to + 'c->u_mode.gcm.u_ghash_key.key'. + (_gcry_cipher_gcm_setkey): New. + (_gcry_cipher_gcm_initiv): Move ghash initialization to function above. + * cipher/cipher-internal.h (gcry_cipher_handle): Add + 'u_mode.gcm.u_ghash_key'; Reorder 'u_mode.gcm' members for partial + clearing in gcry_cipher_reset. + (_gcry_cipher_gcm_setkey): New prototype. + * cipher/cipher.c (cipher_setkey): Add GCM setkey. + (cipher_reset): Clear 'u_mode' only partially for GCM. + +2013-11-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + GCM: Add support for split data buffers and online operation. + + commit fb1e52e3fe231671de546eacd6becd31c26c4f7b + * cipher/cipher-gcm.c (do_ghash_buf): Add buffering for less than + blocksize length input and padding handling. + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Add handling + for AAD padding and check if data has already being padded. + (_gcry_cipher_gcm_authenticate): Check that AAD or data has not being + padded yet. + (_gcry_cipher_gcm_initiv): Clear padding marks. + (_gcry_cipher_gcm_tag): Add finalization and padding; Clear sensitive + data from cipher handle, since they are not used after generating tag. + * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.macbuf', + 'u_mode.gcm.mac_unused', 'u_mode.gcm.ghash_data_finalized' and + 'u_mode.gcm.ghash_aad_finalized'. + * tests/basic.c (check_gcm_cipher): Rename to... + (_check_gcm_cipher): ...this and add handling for different buffer step + lengths; Enable per byte buffer testing. + (check_gcm_cipher): Call _check_gcm_cipher with different buffer step + sizes. + + GCM: Use size_t for buffer sizes. + + commit 2d870a9142e8c8b3f008e1ad8e83e4bdf7a8e4e7 + * cipher/cipher-gcm.c (ghash, gcm_bytecounter_add, do_ghash_buf) + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) + (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_geniv) + (_gcry_cipher_gcm_tag): Use size_t for buffer lengths. + * cipher/cipher-internal.h (_gcry_cipher_gcm_encrypt) + (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Use size_t + for buffer lengths. + + GCM: add FIPS mode restrictions. + + commit 56d352d6bdcf7abaa33c3399741f5063e2ddc32a + * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) + (_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv + was invocated directly. + (_gcry_cipher_gcm_setiv): Rename to... + (_gcry_cipher_gcm_initiv): ...this. + (_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode. + [TODO] (_gcry_cipher_gcm_getiv): New. + * cipher/cipher-internal.h (gcry_cipher_handle): Add + 'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'. + + GCM: Add clearing and checking of marks.tag. + + commit 32a2da9abc91394b23cf565c1c833fa964394083 + * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) + (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Make sure + that tag has not been finalized yet. + (_gcry_cipher_gcm_setiv): Clear 'marks.tag'. + + GCM: Add stack burning. + + commit 018f08354b1b116672e82f9ce942884b288aaf9e + * cipher/cipher-gcm.c (do_ghash, ghash): Return stack burn depth. + (setupM): Wipe 'tmp' buffer. + (do_ghash_buf): Wipe 'tmp' buffer and add stack burning. + + Add aggregated bulk processing for GCM on x86-64. + + commit c9537fbf8ff0af919cff2bebadc4c6e7caea8076 + * cipher/cipher-gcm.c [__x86_64__] (gfmul_pclmul_aggr4): New. + (ghash) [GCM_USE_INTEL_PCLMUL]: Add aggregated bulk processing + for __x86_64__. + (setupM) [__x86_64__]: Add initialization for aggregated bulk + processing. + + GCM: Tweak Intel PCLMUL ghash loop for small speed-up. + + commit 9b6764944284fed733c2f88619b3d9eb5d5c259a + * cipher/cipher-gcm.c (do_ghash): Mark 'inline'. + [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): Rename to... + [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul): ..this and make inline function. + (ghash) [GCM_USE_INTEL_PCLMUL]: Preload data before ghash-pclmul loop. + + GCM: Use counter mode code for speed-up. + + commit bd4bd23a2511a4bce63c3217cca0d4ecf0c79532 + * cipher/cipher-gcm.c (ghash): Add process for multiple blocks. + (gcm_bytecounter_add, gcm_add32_be128, gcm_check_datalen) + (gcm_check_aadlen_or_ivlen, do_ghash_buf): New functions. + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) + (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_set_iv) + (_gcry_cipher_gcm_tag): Adjust to use above new functions and + counter mode functions for encryption/decryption. + * cipher/cipher-internal.h (gcry_cipher_handle): Remove 'length'; Add + 'u_mode.gcm.(addlen|datalen|tagiv|datalen_over_limits)'. + (_gcry_cipher_gcm_setiv): Return gcry_err_code_t. + * cipher/cipher.c (cipher_setiv): Return error code. + (_gcry_cipher_setiv): Handle error code from 'cipher_setiv'. + + Add Intel PCLMUL acceleration for GCM. + + commit 5a65ffabadd50f174ab7375faad7a726cce49e61 + * cipher/cipher-gcm.c (fillM): Rename... + (do_fillM): ...to this. + (ghash): Remove. + (fillM): New macro. + (GHASH): Use 'do_ghash' instead of 'ghash'. + [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): New. + (ghash): New. + (setupM): New. + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) + (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_setiv) + (_gcry_cipher_gcm_tag): Use 'ghash' instead of 'GHASH' and + 'c->u_mode.gcm.u_tag.tag' instead of 'c->u_tag.tag'. + * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): New. + (gcry_cipher_handle): Move 'u_tag' and 'gcm_table' under + 'u_mode.gcm'. + * configure.ac (pclmulsupport, gcry_cv_gcc_inline_asm_pclmul): New. + * src/g10lib.h (HWF_INTEL_PCLMUL): New. + * src/global.c: Add "intel-pclmul". + * src/hwf-x86.c (detect_x86_gnuc): Add check for Intel PCLMUL. + + GCM: GHASH optimizations. + + commit 0e9e7d72f3c9eb7ac832746c3034855faaf8d02c + * cipher/cipher-gcm.c [GCM_USE_TABLES] (gcmR, ghash): Replace with new. + [GCM_USE_TABLES] [GCM_TABLES_USE_U64] (bshift, fillM, do_ghash): New. + [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (bshift, fillM): Replace with + new. + [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (do_ghash): New. + (_gcry_cipher_gcm_tag): Remove extra memcpy to outbuf and use + buf_eq_const for comparing authentication tag. + * cipher/cipher-internal.h (gcry_cipher_handle): Different 'gcm_table' + for 32-bit and 64-bit platforms. + + Add some documentation for GCM mode. + + commit 332da0ed7c8fab6c2bee841c94d8364c2ab4e30d + * doc/gcrypt.texi: Add mention of GCM mode. + +2013-11-19 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Initial implementation of GCM. + + commit 90cce18b9eced4f412ceeec5bcae18c4493322df + * cipher/Makefile.am: Add 'cipher-gcm.c'. + * cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths) + (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag) + (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change + 'c->u_mode.ccm.tag' to 'c->marks.tag'. + * cipher/cipher-gcm.c: New. + * cipher/cipher-internal.h (GCM_USE_TABLES): New. + (gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and + 'gcm_table'; Remove 'u_mode.ccm.tag'. + (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) + (_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate) + (_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New. + * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) + (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) + (_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling. + * src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM. + (GCRY_GCM_BLOCK_LEN): New. + * tests/basic.c (check_gcm_cipher): New. + (check_ciphers): Add GCM check. + (check_cipher_modes): Call 'check_gcm_cipher'. + * tests/bench-slope.c (bench_gcm_encrypt_do_bench) + (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench) + (gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New. + (cipher_modes): Add GCM enc/dec/auth. + (cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size. + * tests/benchmark.c (cipher_bench): Add GCM. + +2013-11-19 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Camellia: fix compiler warning. + + commit 9816ae9d9931b75e4fdc9a5be10e6af447132313 + * cipher/camellia-glue.c (camellia_setkey): Use braces around empty if + statement. + + Tweak Camellia-AVX key-setup for small speed-up. + + commit 77922a82c3f2e30eca04511fa5a355208349c657 + * cipher/camellia-aesni-avx-amd64.S (camellia_f): Merge S-function output + rotation with P-function. + + Add CMAC (Cipher-based MAC) to MAC API. + + commit b49cd64aaaff2e5488a84665362ef7150683226c + * cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'. + * cipher/cipher-cmac.c: New. + * cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'. + * cipher/cipher.c (gcry_cipher_open): Rename to... + (_gcry_cipher_open_internal): ...this and add CMAC. + (gcry_cipher_open): New wrapper that disallows use of internal + modes (CMAC) from outside. + (cipher_setkey, cipher_encrypt, cipher_decrypt) + (_gcry_cipher_authenticate, _gcry_cipher_gettag) + (_gcry_cipher_checktag): Add handling for CMAC mode. + (cipher_reset): Do not reset 'marks.key' and do not clear subkeys in + 'u_mode' in CMAC mode. + * cipher/mac-cmac.c: New. + * cipher/mac-internal.h: Add CMAC support and algorithms. + * cipher/mac.c: Add CMAC algorithms. + * doc/gcrypt.texi: Add documentation for CMAC. + * src/cipher.h (gcry_cipher_internal_modes): New. + (_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate) + (_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag) + (_gcry_cipher_cmac_set_subkeys): New prototypes. + * src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms. + * tests/basic.c (check_mac): Add CMAC test vectors. + +2013-11-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add new MAC API, initially with HMAC. + + commit fcd6da37d55f248d3558ee0ff385b41b866e7ded + * cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'. + * cipher/bufhelp.h (buf_eq_const): New. + * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for + constant-time compare. + * cipher/mac-hmac.c: New. + * cipher/mac-internal.h: New. + * cipher/mac.c: New. + * doc/gcrypt.texi: Add documentation for MAC API. + * src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13] + (GPG_ERR_MAC_ALGO): New. + * src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos) + (gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl) + (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) + (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) + (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name) + (gcry_mac_reset, gcry_mac_test_algo): New. + * src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) + (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) + (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) + (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. + * src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) + (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) + (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) + (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. + * src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) + (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) + (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) + (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. + * src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) + (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) + (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) + (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. + * tests/basic.c (check_one_mac, check_mac): New. + (main): Call 'check_mac'. + * tests/bench-slope.c (bench_print_header, bench_print_footer): Allow + variable algorithm name width. + (_cipher_bench, hash_bench): Update to above change. + (bench_hash_do_bench): Add 'gcry_md_reset'. + (bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench) + (mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New. + (main): Add 'mac' benchmark options. + * tests/benchmark.c (mac_repetitions, mac_bench): New. + (main): Add 'mac' benchmark options. + + Use correct blocksize of 32 bytes for GOSTR3411-94 HMAC. + + commit b95a557a43aeed68ea5e5ce02aca42ee97bfdb3b + * cipher/md.c (md_open): Set macpads_Bsize to 32 for + GCRY_MD_GOST24311_94. + +2013-11-15 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + cipher: use size_t for internal buffer lengths. + + commit b787657a9d2c1d8e19f9fcb0b21e31cb062630cf + * cipher/arcfour.c (do_encrypt_stream, encrypt_stream): Use 'size_t' + for buffer lengths. + * cipher/blowfish.c (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) + (_gcry_blowfish_cfb_dec): Ditto. + * cipher/camellia-glue.c (_gcry_camellia_ctr_enc) + (_gcry_camellia_cbc_dec, _gcry_blowfish_cfb_dec): Ditto. + * cipher/cast5.c (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec) + (_gcry_cast5_cfb_dec): Ditto. + * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) + (_gcry_cipher_aeswrap_decrypt): Ditto. + * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) + (_gcry_cipher_cbc_decrypt): Ditto. + * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt) + (_gcry_cipher_ccm_decrypt): Ditto. + * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) + (_gcry_cipher_cfb_decrypt): Ditto. + * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. + * cipher/cipher-internal.h (gcry_cipher_handle->bulk) + (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt) + (_gcry_cipher_cfb_encrypt, _gcry_cipher_cfb_decrypt) + (_gcry_cipher_ofb_encrypt, _gcry_cipher_ctr_encrypt) + (_gcry_cipher_aeswrap_encrypt, _gcry_cipher_aeswrap_decrypt) + (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Ditto. + * cipher/cipher-ofb.c (_gcry_cipher_cbc_encrypt): Ditto. + * cipher/cipher-selftest.h (gcry_cipher_bulk_cbc_dec_t) + (gcry_cipher_bulk_cfb_dec_t, gcry_cipher_bulk_ctr_enc_t): Ditto. + * cipher/cipher.c (cipher_setkey, cipher_setiv, do_ecb_crypt) + (do_ecb_encrypt, do_ecb_decrypt, cipher_encrypt) + (cipher_decrypt): Ditto. + * cipher/rijndael.c (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) + (_gcry_aes_cfb_dec, _gcry_aes_cbc_enc, _gcry_aes_cfb_enc): Ditto. + * cipher/salsa20.c (salsa20_setiv, salsa20_do_encrypt_stream) + (salsa20_encrypt_stream, salsa20r12_encrypt_stream): Ditto. + * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) + (_gcry_serpent_cfb_dec): Ditto. + * cipher/twofish.c (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) + (_gcry_twofish_cfb_dec): Ditto. + * src/cipher-proto.h (gcry_cipher_stencrypt_t) + (gcry_cipher_stdecrypt_t, cipher_setiv_fuct_t): Ditto. + * src/cipher.h (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec) + (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec, _gcry_aes_ctr_enc) + (_gcry_blowfish_cfb_dec, _gcry_blowfish_cbc_dec) + (_gcry_blowfish_ctr_enc, _gcry_cast5_cfb_dec, _gcry_cast5_cbc_dec) + (_gcry_cast5_ctr_enc, _gcry_camellia_cfb_dec, _gcry_camellia_cbc_dec) + (_gcry_camellia_ctr_enc, _gcry_serpent_cfb_dec, _gcry_serpent_cbc_dec) + (_gcry_serpent_ctr_enc, _gcry_twofish_cfb_dec, _gcry_twofish_cbc_dec) + (_gcry_twofish_ctr_enc): Ditto. + + Camellia: Add AVX/AES-NI key setup. + + commit ef9f52cbb39e46918c96200b09c21e931eff174f + * cipher/camellia-aesni-avx-amd64.S (key_bitlength, key_table): New + order of fields in ctx. + (camellia_f, vec_rol128, vec_ror128): New macros. + (__camellia_avx_setup128, __camellia_avx_setup256) + (_gcry_camellia_aesni_avx_keygen): New functions. + * cipher/camellia-aesni-avx2-amd64.S (key_bitlength, key_table): New + order of fields in ctx. + * cipher/camellia-arm.S (CAMELLIA_TABLE_BYTE_LEN, key_length): Remove + unused macros. + * cipher/camellia-glue.c (CAMELLIA_context): Move keytable to head for + better alignment; Make 'use_aesni_avx' and 'use_aesni_avx2' bitfield + members. + [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_keygen): New prototype. + (camellia_setkey) [USE_AESNI_AVX || USE_AESNI_AVX2]: Read hw features + to variable 'hwf' and match features from it. + (camellia_setkey) [USE_AESNI_AVX]: Use AES-NI/AVX key setup if + available. + + Avoid unneeded stack burning with AES-NI and reduce number of 'decryption_prepared' checks + + commit c8ad83fb605fdbf6dc0b0dbcc8aedfbd477640da + * cipher/rijndael.c (RIJNDAEL_context): Make 'decryption_prepared', + 'use_padlock' and 'use_aesni' 1-bit members in bitfield. + (do_setkey): Move 'hwfeatures' inside [USE_AESNI || USE_PADLOCK]. + (do_aesni_enc_aligned): Rename to... + (do_aesni_enc): ...this, as function does not require aligned input. + (do_aesni_dec_aligned): Rename to... + (do_aesni_dec): ...this, as function does not require aligned input. + (do_aesni): Remove. + (rijndael_encrypt): Call 'do_aesni_enc' instead of 'do_aesni'. + (rijndael_decrypt): Call 'do_aesni_dec' instead of 'do_aesni'. + (check_decryption_preparation): New. + (do_decrypt): Remove 'decryption_prepared' check. + (rijndael_decrypt): Ditto and call 'check_decryption_preparation'. + (_gcry_aes_cbc_dec): Ditto. + (_gcry_aes_cfb_enc): Add 'burn_depth' and burn stack only when needed. + (_gcry_aes_cbc_enc): Ditto. + (_gcry_aes_ctr_enc): Ditto. + (_gcry_aes_cfb_dec): Ditto. + (_gcry_aes_cbc_dec): Ditto and correct clearing of 'savebuf'. + +2013-11-14 Werner Koch <wk@gnupg.org> + + md: Fix hashing for data >= 256 GB. + + commit c43a8c0d81a711161f7a81b24ef7c33a1353eee0 + * cipher/hash-common.h (gcry_md_block_ctx): Add "nblocks_high". + * cipher/hash-common.c (_gcry_md_block_write): Bump NBLOCKS_HIGH. + * cipher/md4.c (md4_init, md4_final): Take care of NBLOCKS_HIGH. + * cipher/md5.c (md5_init, md5_final): Ditto. + * cipher/rmd160.c (_gcry_rmd160_init, rmd160_final): Ditto. + * cipher/sha1.c (sha1_init, sha1_final): Ditto. + * cipher/sha256.c (sha256_init, sha224_init, sha256_final): Ditto. + * cipher/sha512.c (sha512_init, sha384_init, sha512_final): Ditto. + * cipher/tiger.c (do_init, tiger_final): Ditto. + * cipher/whirlpool.c (whirlpool_final): Ditto. + + * cipher/md.c (gcry_md_algo_info): Add GCRYCTL_SELFTEST. + (_gcry_md_selftest): Return "not implemented" as required. + * tests/hashtest.c: New. + * tests/genhashdata.c: New. + * tests/Makefile.am (TESTS): Add hashtest. + (noinst_PROGRAMS): Add genhashdata + +2013-11-13 Christian Grothoff <christian@grothoff.org> + + ecc: Fix key generation for a plain Ed25519 key. + + commit 7d91e99bcd30a463dd4faed014b8521a663d8316 + * cipher/ecc.c (nist_generate_key): Use custom code for ED25519. + + ecc: Fix some memory leaks. + + commit c4f9af49f228df59c218381a25fa3c0f93ccbeae + * cipher/ecc-curves.c (_gcry_mpi_ec_new): Free ec->b before assigning. + * cipher/ecc.c (nist_generate_key): Release Q. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. + +2013-11-11 Werner Koch <wk@gnupg.org> + + ecc: Change keygrip computation for Ed25519+EdDSA. + + commit 4fb3c8e5a7fc6a1568f54bcc0be17fecf75e0742 + * cipher/ecc.c (compute_keygrip): Rework. + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): New. + * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): New. + * tests/keygrip.c (key_grips): Add flag param and test cases for + Ed25519. + + mpi: Add special format GCRYMPI_FMT_OPAQUE. + + commit 8b3eecee2d89179297e43de7d650f74759c61a58 + * src/gcrypt.h.in (GCRYMPI_FMT_OPAQUE): New. + (_gcry_sexp_nth_opaque_mpi): Remove. + * src/sexp.c (gcry_sexp_nth_mpi): Add support for GCRYMPI_FMT_OPAQUE. + (_gcry_sexp_vextract_param): Replace removed function by + GCRYMPI_FMT_OPAQUE. + +2013-11-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix error output in CTR selftest. + + commit 7b26586e35a6d407ca31b41528b0810b1408fd4b + * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Change + fprintf(stderr,...) to syslog(); Correct error output for bulk + IV check, plaintext mismatch => ciphertext mismatch. + +2013-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix Serpent-AVX2 and Camellia-AVX2 counter modes. + + commit df29831d008e32faf74091d080a415731418d158 + * cipher/camellia-aesni-avx2-amd64.S + (_gcry_camellia_aesni_avx2_ctr_enc): Byte-swap before checking for + overflow handling. + * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128) + (selftest_cbc_128): Add 16 to nblocks. + * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Add test with + non-overflowing IV and modify overflow IV to detect broken endianness + handling. + * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc): Byte-swap + before checking for overflow handling; Fix crazy-mixed-endian IV + construction to big-endian. + * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128) + (selftest_cbc_128): Add 8 to nblocks. + +2013-11-09 Sergey V <sftp.mtuci@gmail.com> + + cipher/gost28147: optimization: use precomputed S-box tables. + + commit 51501b638546665163bbb85a14308fdb99211a28 + * cipher/gost.h (GOST28147_context): Remove unneeded subst and + subst_set members. + * cipher/gost28147.c (max): Remove unneeded macro. + (test_sbox): Replace with new precomputed tables. + (gost_set_subst): Remove function. + (gost_val): Use new S-box tables. + (gost_encrypt_block, gost_decrypt_block): Tweak to use new ctx and + S-box tables. + +2013-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix tail handling for AES-NI counter mode. + + commit 60ed0abbbc7cb15812f1e713143c72555acea69e + * cipher/rijndael.c (do_aesni_ctr): Fix outputting of updated + counter-IV. + +2013-11-08 Werner Koch <wk@gnupg.org> + + ecc: Improve gcry_pk_get_curve. + + commit 03aed1acec611362285db5156a6b92c91604fba4 + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Factor some code out + to .. + (find_domain_parms_idx): new. + (_gcry_ecc_get_curve): Find by curve name on error. + + cipher: Avoid signed divisions in idea.c. + + commit e241dde1420475459e32608137829e52748d0212 + * cipher/idea.c (mul_inv): Use unsigned division. + + ecc: Implement the "nocomp" flag for key generation. + + commit 9f63c0f7a3b2c15c7e258cd17395cabd0a8f00cc + * cipher/ecc.c (ecc_generate): Support the "nocomp" flag. + * tests/keygen.c (check_ecc_keys): Add a test for it. + + ecc: Make "noparam" the default and replace by "param". + + commit ed45fd2e60c88e2f005282e6eadd018b59dcf65b + * src/cipher.h (PUBKEY_FLAG_NOCOMP): New. + (PUBKEY_FLAG_NOPARAM): Remove. + (PUBKEY_FLAG_PARAM): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new + flags and ignore the obsolete "noparam" flag. + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name + also for curves selected by NBITS. + (_gcry_mpi_ec_new): Support the "param" flag. + * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto. + * tests/keygen.c (check_ecc_keys): Remove the "noparam" flag. + +2013-11-07 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix decryption function size in AES AMD64 assembly. + + commit bfe4f6523b80bae0040328ef324b9000ee5b38a4 + * cipher/rijndael-amd64.S (_gcry_aes_amd64_decrypt_block): Set '.size' + for '_gcry_aes_amd64_decrypt_block', not '..._encrypt_block'. + + Change 64-bit shift to 32-bit in AES AMD64 assembly. + + commit 57b296ea3a5204cd3711b7bf57c8fb14d8542402 + * cipher/rijndael-amd64.S (do16bit_shr): Change 'shrq' to 'shrl'. + +2013-11-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Speed-up AES-NI key setup. + + commit f702d62d888b30e24c19f203566a1473098b2b31 + * cipher/rijndael.c [USE_AESNI] (m128i_t): Remove. + [USE_AESNI] (u128_t): New. + [USE_AESNI] (aesni_do_setkey): New. + (do_setkey) [USE_AESNI]: Move AES-NI accelerated key setup to + 'aesni_do_setkey'. + (do_setkey): Call _gcry_get_hw_features only once. Clear stack after + use in generic key setup part. + (rijndael_setkey): Remove stack burning. + (prepare_decryption) [USE_AESNI]: Use 'u128_t' instead of 'm128i_t' to + avoid compiler generated SSE2 instructions and XMM register usage, + unroll 'aesimc' setup loop + (prepare_decryption): Clear stack after use. + [USE_AESNI] (do_aesni_enc_aligned): Update comment about alignment. + (do_decrypt): Do not burning stack after prepare_decryption. + + Avoid burn stack in Arcfour setkey. + + commit a50a6ba3540f49fc7dcdb32e691327d5942e3509 + * cipher/arcfour.c (arcfour_setkey): Remove stack burning. + + Avoid burn_stack in CAST5 setkey. + + commit 5797ebc268b4e953cedd0c729c5cdb1f8fd764e4 + * cipher/cast5.c (do_cast_setkey): Use wipememory instead of memset. + (cast_setkey): Remove stack burning. + + Improve Serpent key setup speed. + + commit 9897ccb381503455edc490679b2e9251a09ac5cb + * cipher/serpent.c (SBOX, SBOX_INVERSE): Remove index argument. + (serpent_subkeys_generate): Use smaller temporary arrays for subkey + generation and perform stack clearing locally. + (serpent_setkey_internal): Use wipememory to clear stack and remove + _gcry_burn_stack. + (serpent_setkey): Remove unneeded _gcry_burn_stack. + + Modify encrypt/decrypt arguments for in-place. + + commit b8515aa70b00baba3fba8121ed305edcd029c8c7 + * cipher/cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Modify + local arguments if in-place operation. + + Speed up Stribog. + + commit a48d07ccadee4cb8b666a9a4ba2f00129bad5b2f + * cipher/stribog.c (STRIBOG_TABLES): Remove. + (Pi): Remove. + [!STRIBOG_TABLES] (A, strido): Remove. + (stribog_table): New table pre-reordered with Pi values. + (strido): Rewrite for new table. + (LPSX): Rewrite for new table. + (xor): Remove. + (g): Small tweaks. + + Tweak AES-NI bulk CTR mode slightly. + + commit 3b5058b58a183fa23ecf3ef819e2ae6ac64c0216 + * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_2_5): Rename to... + (aesni_cleanup_2_6): ...this and clear also 'xmm6'. + [USE_AESNI && __i386__] (do_aesni_ctr, do_aesni_ctr_4): Prevent + inlining only on i386, allow on AMD64. + [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Use counter block from + 'xmm5' and byte-swap mask from 'xmm6'. + (_gcry_aes_ctr_enc) [USE_AESNI]: Preload counter block to 'xmm5' and + byte-swap mask to 'xmm6'. + (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use + 'aesni_cleanup_2_6'. + + Tweak bench-slope parameters. + + commit 7e98eecc1a955bc253765f92a166b6560f085b8c + * tests/bench-slope.c (BUF_STEP_SIZE): Half step size to 64. + (NUM_MEASUREMENT_REPETITIONS): Double repetitions to 64. + + Optimize Blowfish weak key check. + + commit 8e1c0f9b894c39b6554c544208dc000682f520c7 + * cipher/blowfish.c (hashset_elem, val_to_hidx, add_val): New. + (do_bf_setkey): Use faster algorithm for detecting weak keys. + (bf_setkey): Move stack burning to do_bf_setkey. + + Fix __builtin_bswap32/64 checks. + + commit 2590a5df6f5fc884614c8c379324027d2d61b9b5 + * configure.ac (gcry_cv_have_builtin_bswap32) + (gcry_cv_have_builtin_bswap64): Change compile checks to link checks. + + Fix 'u32' build error with Camellia. + + commit 84bcb400e7db7268abfc29b5ab1513b0c063b293 + * cipher/camellia.c: Add include for <config.h> and "types.h". + (u32): Remove. + (u8): Typedef as 'byte'. + +2013-11-06 Werner Koch <wk@gnupg.org> + + pubkey: Add forward compatibility feature. + + commit 6d169b654c7ff04c10f73afe80b2c70cefa410c1 + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add + "igninvflag". + +2013-11-05 Werner Koch <wk@gnupg.org> + + ecc: Require "eddsa" flag for curve Ed25519. + + commit b9fd3988b54b50109f4e7179e7fe0739bb1d97c5 + * src/cipher.h (PUBKEY_FLAG_ECDSA): Remove. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa". + * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag. + * cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag. + * tests/benchmark.c, tests/keygen.c, tests/pubkey.c + * tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags. + + ecc: Fully implement Ed25519 compression in ECDSA mode. + + commit f09ffe8a4802af65a116e79eceeb1cb4ed4fa2f4 + * src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS. + * mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it. + * cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as + opaque mpi and use eddsa decoding depending on the flag. + (_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the + curve. + + mpi: Add function gcry_mpi_set_opaque_copy. + + commit 630aca794ddf057fb7265b7dc346374743036af4 + * src/gcrypt.h.in (gcry_mpi_set_opaque_copy): New. + * src/visibility.c (gcry_mpi_set_opaque_copy): New. + * src/visibility.h (gcry_mpi_set_opaque_copy): Mark visible. + * src/libgcrypt.def, src/libgcrypt.vers: Add new API. + * tests/mpitests.c (test_opaque): Add test. + +2013-11-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Make test vectors 'static const' + + commit d50a88d1e29124d038196fec6082fd093e922604 + * cipher/arcfour.c (selftest): Change test vectors to 'static const'. + * cipher/blowfish.c (selftest): Ditto. + * cipher/camellia-glue.c (selftest): Ditto. + * cipher/cast5.c (selftest): Ditto. + * cipher/des.c (selftest): Ditto. + * cipher/rijndael.c (selftest): Ditto. + * tests/basic.c (cipher_cbc_mac_cipher, check_aes128_cbc_cts_cipher) + (check_ctr_cipher, check_cfb_cipher, check_ofb_cipher) + (check_ccm_cipher, check_stream_cipher) + (check_stream_cipher_large_block, check_bulk_cipher_modes) + (check_ciphers, check_digests, check_hmac, check_pubkey_sign) + (check_pubkey_sign_ecdsa, check_pubkey_crypt, check_pubkey): Ditto. + +2013-11-03 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Make jump labels local in Salsa20 assembly. + + commit d4697862266f3c96b6946dc92139dd8f3e81e5f6 + * cipher/salsa20-amd64.S: Rename '._labels' to '.L_labels'. + * cipher/salsa20-armv7-neon.S: Ditto. + +2013-10-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + bithelp: fix undefined behaviour with rol and ror. + + commit d1cadd145199040299538891ab2ccd1208f7776e + * cipher/bithelp.h (rol, ror): Mask shift with 31. + +2013-10-29 Werner Koch <wk@gnupg.org> + + tests: Add feature to skip benchmarks. + + commit ba6bffafd17bea11985afc500022d66da261d59a + * tests/benchmark.c (main): Add feature to skip the test. + * tests/bench-slope.c (main): Ditto. + (get_slope): Repace C++ style comment. + (double_cmp, cipher_bench, _hash_bench): Repalce system reserved + symbols. + + ecc: Finish Ed25519/ECDSA hack. + + commit c284f15db99e9cb135612de710199abb23baafd3 + * cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case. + (ecc_verify): Implement ED25519/ECDSA uncompression. + + ecc: Add flags "noparam" and "comp". + + commit ba892a0a874c8b2a83dbf0940608cd7e2911ce01 + * src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags + and change code for possible faster parsing. + * cipher/ecc.c (ecc_generate): Implement the "noparam" flag. + (ecc_sign): Ditto. + (ecc_verify): Ditto. + * tests/keygen.c (check_ecc_keys): Use the "noparam" flag. + + * cipher/ecc.c (ecc_generate): Fix parsing of the deprecated + transient-flag parameter. + (ecc_verify): Do not make Q optional in the extract-param call. + +2013-10-28 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix typos in documentation. + + commit 1faa61845f180bd47e037e400dde2d864ee83c89 + * doc/gcrypt.texi: Fix some typos. + + Add ARM NEON assembly implementation of Serpent. + + commit 2cb6e1f323d24359b1c5b113be5c2f79a2a4cded + * cipher/Makefile.am: Add 'serpent-armv7-neon.S'. + * cipher/serpent-armv7-neon.S: New. + * cipher/serpent.c (USE_NEON): New macro. + (serpent_context_t) [USE_NEON]: Add 'use_neon'. + [USE_NEON] (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec) + (_gcry_serpent_neon_cbc_dec): New prototypes. + (serpent_setkey_internal) [USE_NEON]: Detect NEON support. + (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec) + (_gcry_serpent_neon_cbc_dec) [USE_NEON]: Use NEON implementations + to process eight blocks in parallel. + * configure.ac [neonsupport]: Add 'serpent-armv7-neon.lo'. + + Add ARM NEON assembly implementation of Salsa20. + + commit 3ff9d2571c18cd7a34359f9c60a10d3b0f932b23 + * cipher/Makefile.am: Add 'salsa20-armv7-neon.S'. + * cipher/salsa20-armv7-neon.S: New. + * cipher/salsa20.c [USE_ARM_NEON_ASM]: New macro. + (struct SALSA20_context_s, salsa20_core_t, salsa20_keysetup_t) + (salsa20_ivsetup_t): New. + (SALSA20_context_t) [USE_ARM_NEON_ASM]: Add 'use_neon'. + (SALSA20_context_t): Add 'keysetup', 'ivsetup' and 'core'. + (salsa20_core): Change 'src' argument to 'ctx'. + [USE_ARM_NEON_ASM] (_gcry_arm_neon_salsa20_encrypt): New prototype. + [USE_ARM_NEON_ASM] (salsa20_core_neon, salsa20_keysetup_neon) + (salsa20_ivsetup_neon): New. + (salsa20_do_setkey): Setup keysetup, ivsetup and core with default + functions. + (salsa20_do_setkey) [USE_ARM_NEON_ASM]: When NEON support detect, + set keysetup, ivsetup and core with ARM NEON functions. + (salsa20_do_setkey): Call 'ctx->keysetup'. + (salsa20_setiv): Call 'ctx->ivsetup'. + (salsa20_do_encrypt_stream) [USE_ARM_NEON_ASM]: Process large buffers + in ARM NEON implementation. + (salsa20_do_encrypt_stream): Call 'ctx->core' instead of directly + calling 'salsa20_core'. + (selftest): Add test to check large buffer processing and block counter + updating. + * configure.ac [neonsupport]: 'Add salsa20-armv7-neon.lo'. + + Add AMD64 assembly implementation of Salsa20. + + commit 5a3d43485efdc09912be0967ee0a3ce345b3b15a + * cipher/Makefile.am: Add 'salsa20-amd64.S'. + * cipher/salsa20-amd64.S: New. + * cipher/salsa20.c (USE_AMD64): New macro. + [USE_AMD64] (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup) + (_gcry_salsa20_amd64_encrypt_blocks): New prototypes. + [USE_AMD64] (salsa20_keysetup, salsa20_ivsetup, salsa20_core): New. + [!USE_AMD64] (salsa20_core): Change 'src' to non-constant, update block + counter in 'salsa20_core' and return burn stack depth. + [!USE_AMD64] (salsa20_keysetup, salsa20_ivsetup): New. + (salsa20_do_setkey): Move generic key setup to 'salsa20_keysetup'. + (salsa20_setkey): Fix burn stack depth. + (salsa20_setiv): Move generic IV setup to 'salsa20_ivsetup'. + (salsa20_do_encrypt_stream) [USE_AMD64]: Process large buffers in AMD64 + implementation. + (salsa20_do_encrypt_stream): Move stack burning to this function... + (salsa20_encrypt_stream, salsa20r12_encrypt_stream): ...from these + functions. + * configure.ac [x86-64]: Add 'salsa20-amd64.lo'. + + Add new benchmarking utility, bench-slope. + + commit e214e8392671dd30e9c33260717b5e756debf3bf + * tests/Makefile.am (TESTS): Add 'bench-slope'. + * tests/bench-slope.c: New. + + Change .global to .globl in assembly files. + + commit ebc8abfcb09d6106fcfce40f240a513e276f46e9 + * cipher/blowfish-arm.S: Change '.global' to '.globl'. + * cipher/camellia-aesni-avx-amd64.S: Ditto. + * cipher/camellia-aesni-avx2-amd64.S: Ditto. + * cipher/camellia-arm.S: Ditto. + * cipher/cast5-amd64.S: Ditto. + * cipher/rijndael-amd64.S: Ditto. + * cipher/rijndael-arm.S: Ditto. + * cipher/serpent-avx2-amd64.S: Ditto. + * cipher/serpent-sse2-amd64.S: Ditto. + * cipher/twofish-amd64.S: Ditto. + * cipher/twofish-arm.S: Ditto. + +2013-10-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Deduplicate code for ECB encryption and decryption. + + commit 51f1beab3d1e879942a95f58b08de7dbcce75dce + * cipher/cipher.c (do_ecb_crypt): New, based on old 'do_ecb_encrypt'. + (do_ecb_encrypt): Use 'do_ecb_crypt', pass encryption function. + (do_ecb_decrypt): Use 'do_ecb_crypt', pass decryption function. + +2013-10-26 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Drop _gcry_cipher_ofb_decrypt as it duplicates _gcry_cipher_ofb_encrypt. + + commit d9431725952e40f201c7eda000d3c8511ebd5b33 + * cipher/cipher.c (cipher_decrypt): Use _gcry_cipher_ofb_encrypt for OFB + decryption. + * cipher/cipher-internal.h: Remove _gcry_cipher_ofb_decrypt declaration. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_decrypt): Remove. + (_gcry_cipher_ofb_encrypt): remove copying of IV to lastiv, it's + unused there. + +2013-10-25 Werner Koch <wk@gnupg.org> + + tests: Add tests for mpi_cmp. + + commit 6c6d4810927de7310ae7bac61b4ff5467d7cb485 + * tests/mpitests.c (die): Modernize. + (fail): New. + (test_opaque, test_add, test_sub, test_mul): Use gcry_log_xx + (main): Return error count. + (test_cmp): New. + +2013-10-24 Werner Koch <wk@gnupg.org> + + ecc: Change algorithm for Ed25519 x recovery. + + commit c630fd71b336eb9209e914d24dc1e26a34521882 + * cipher/ecc-eddsa.c (scanval): Add as temporary hack. + (_gcry_ecc_eddsa_recover_x): Use the algorithm from page 15 of the + paper. Return an error code. + (_gcry_ecc_eddsa_decodepoint): Take care of the error code. + * mpi/mpi-mul.c (gcry_mpi_mulm): Use truncated division. + + ecc: Refactor _gcry_ecc_eddsa_decodepoint. + + commit 1cf5699b6febab1ef9d300531acc2ee33a7df739 + * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Factor some code + out to .. + (_gcry_ecc_eddsa_recover_x): new. + +2013-10-24 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + ecc-gost: Add missing include. + + commit 9ce54e5b512418ddf45ce18f2cbd48cdced779f5 + * ecc-gost.c: Include "pubkey-internal.h". + +2013-10-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Replace architecture specific fast_wipememory2 with generic. + + commit 54df6fcd806f8c150cffe6cc09925bb8b638bb5b + * src/g10lib.h (fast_wipememory2): Remove architecture specific + implementations and add generic implementation. + + Improve the speed of the cipher mode code. + + commit 293e93672fdabc829e35cc624c397276342bafe4 + * cipher/bufhelp.h (buf_cpy): New. + (buf_xor, buf_xor_2dst): If buffers unaligned, always jump to per-byte + processing. + (buf_xor_n_copy_2): New. + (buf_xor_n_copy): Use 'buf_xor_n_copy_2'. + * cipher/blowfish.c (_gcry_blowfish_cbc_dec): Avoid extra memory copy + and use new 'buf_xor_n_copy_2'. + * cipher/camellia-glue.c (_gcry_camellia_cbc_dec): Ditto. + * cipher/cast5.c (_gcry_cast_cbc_dec): Ditto. + * cipher/serpent.c (_gcry_serpent_cbc_dec): Ditto. + * cipher/twofish.c (_gcry_twofish_cbc_dec): Ditto. + * cipher/rijndael.c (_gcry_aes_cbc_dec): Ditto. + (do_encrypt, do_decrypt): Use 'buf_cpy' instead of 'memcpy'. + (_gcry_aes_cbc_enc): Avoid copying IV, use 'last_iv' pointer instead. + * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt): Avoid copying IV, + update pointer to IV instead. + (_gcry_cipher_cbc_decrypt): Avoid extra memory copy and use new + 'buf_xor_n_copy_2'. + (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Avoid extra + accesses to c->spec, use 'buf_cpy' instead of memcpy. + * cipher/cipher-ccm.c (do_cbc_mac): Ditto. + * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) + (_gcry_cipher_cfb_decrypt): Ditto. + * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) + (_gcry_cipher_ofb_decrypt): Ditto. + * cipher/cipher.c (do_ecb_encrypt, do_ecb_decrypt): Ditto. + + bufhelp: enable unaligned memory accesses for AArch64 (64-bit ARM) + + commit 2901a10dbf1264707debc8402546c07eeac60932 + * cipher/bufhelp.h [__aarch64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set + macro on AArch64. + +2013-10-23 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Enable assembler optimizations on earlier ARM cores. + + commit 2fd83faa876d0be91ab7884b1a9eaa7793559eb9 + * cipher/blowfish-armv6.S => cipher/blowfish-arm.S: adapt to pre-armv6 CPUs. + * cipher/blowfish.c: enable assembly on armv4/armv5 little-endian CPUs. + * cipher/camellia-armv6.S => cipher/camellia-arm.S: adapt to pre-armv6 CPUs. + * cipher/camellia.c, cipher-camellia-glue.c: enable assembly on armv4/armv5 + little-endian CPUs. + * cipher/cast5-armv6.S => cipher/cast5-arm.S: adapt to pre-armv6 CPUs. + * cipher/cast5.c: enable assembly on armv4/armv5 little-endian CPUs. + * cipher/rijndael-armv6.S => cipher/rijndael-arm.S: adapt to pre-armv6 CPUs. + * cipher/rijndael.c: enable assembly on armv4/armv5 little-endian CPUs. + * cipher/twofish-armv6.S => cipher/twofish-arm.S: adapt to pre-armv6 CPUs. + * cipher/twofish.c: enable assembly on armv4/armv5 little-endian CPUs. + + mpi: enable assembler on all arm architectures. + + commit 0b39fce7e3ce6761d6bd5195d093ec6857edb7c2 + * mpi/config.links: remove check for arm >= v6 + * mpi/armv6 => mpi/arm: rename directory to reflect that is is generic + enough + + Correct ASM assembly test in configure.ac. + + commit 10bf6a7e16ed193f90d2749970a420f00d1d3320 + * configure.ac: correct HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS test to + require neither ARMv6, nor thumb mode. Our assembly code works + perfectly even on ARMv4 now. + +2013-10-23 Werner Koch <wk@gnupg.org> + + ecc: Refactor ecc.c. + + commit 164eb8c85d773ef4f0939115ec45f5e4b47c1700 + * cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. + * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files. + * cipher/ecc.c (point_init, point_free): Move to ecc-common.h. + (sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign. + (verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify. + (sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign. + (verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify. + (sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign. + (verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify. + (eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey. + (reverse_buffer): Move to ecc-eddsa.c. + (eddsa_encodempi, eddsa_encode_x_y): Ditto. + (_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto. + + mpi: Fix scanning of negative SSH formats and add more tests. + + commit 45f6e6268bfdc4b608beaba6b7086b2286e33c71 + * mpi/mpicoder.c (gcry_mpi_scan): Fix sign setting for SSH format. + * tests/t-convert.c (negative_zero): Test all formats. + (check_formats): Add tests for PGP and scan tests for SSH and USG. + + * src/gcrypt.h.in (mpi_is_neg): Fix macro. + + * mpi/mpi-scan.c (_gcry_mpi_getbyte, _gcry_mpi_putbyte): Comment out + these unused functions. + +2013-10-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + twofish: add ARMv6 assembly implementation. + + commit 98674fdaa30ab22a3ac86ca05d688b5b6112895d + * cipher/Makefile.am: Add 'twofish-armv6.S'. + * cipher/twofish-armv6.S: New. + * cipher/twofish.c (USE_ARMV6_ASM): New macro. + [USE_ARMV6_ASM] (_gcry_twofish_armv6_encrypt_block) + (_gcry_twofish_armv6_decrypt_block): New prototypes. + [USE_AMDV6_ASM] (twofish_encrypt, twofish_decrypt): Add. + [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt): Remove. + (_gcry_twofish_ctr_enc, _gcry_twofish_cfb_dec): Use 'twofish_encrypt' + instead of 'do_twofish_encrypt'. + (_gcry_twofish_cbc_dec): Use 'twofish_decrypt' instead of + 'do_twofish_decrypt'. + * configure.ac [arm]: Add 'twofish-armv6.lo'. + + mpi: allow building with clang on ARM. + + commit e67c67321ce240c93dd0fa2b21c649c0a8e233f7 + * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss, umul_ppmm) + (count_leading_zeros): Do not cast assembly output arguments. + [__arm__] (umul_ppmm): Remove the extra '%' ahead of assembly comment. + [_ARM_ARCH >= 4] (umul_ppmm): Use correct inputs and outputs instead of + registers. + + serpent-amd64: do not use GAS macros. + + commit c7efaa5fe0ee92e321a7b49d56752cc12eb75fe0 + * cipher/serpent-avx2-amd64.S: Remove use of GAS macros. + * cipher/serpent-sse2-amd64.S: Ditto. + * configure.ac [HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Do not check + for GAS macros. + + Add Counter with CBC-MAC mode (CCM) + + commit 335d9bf7b035815750b63a3a8334d6ce44dc4449 + * cipher/Makefile.am: Add 'cipher-ccm.c'. + * cipher/cipher-ccm.c: New. + * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'. + (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt) + (_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate) + (_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag) + (_gcry_cipher_ccm_set_lengths): New prototypes. + * cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt) + (_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag) + (_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode. + * doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM. + * src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'. + (gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'. + (GCRY_CCM_BLOCK_LEN): New. + * tests/basic.c (check_ccm_cipher): New. + (check_cipher_modes): Call 'check_ccm_cipher'. + * tests/benchmark.c (ccm_aead_init): New. + (cipher_bench): Add handling for AEAD modes and add CCM benchmarking. + + Add API to support AEAD cipher modes. + + commit 95654041f2aa62f71aac4d8614dafe8433d10f95 + * cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag) + (_gcry_cipher_gettag): New. + * doc/gcrypt.texi: Add documentation for new API functions. + * src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag) + (gcry_cipher_gettag): New. + * src/gcrypt.h.in, src/visibility.h: add declarations of these + functions. + * src/libgcrypt.defs, src/libgcrypt.vers: export functions. + +2013-10-22 NIIBE Yutaka <gniibe@fsij.org> + + ecc: Correct compliant key generation for Edwards curves. + + commit a5a277a9016ccb34f1858a65e0ed1791b2fc3db3 + * cipher/ecc.c: Add case for Edwards curves. + +2013-10-17 Werner Koch <wk@gnupg.org> + + tests: Add test options to keygen. + + commit f7711e6eb5f02d03c74911f6f037ab28075e7c0d + * tests/keygen.c (usage): New. + (main): Print usage info. Allow running just one algo. + + mpi: Do not clear the sign of the mpi_mod result. + + commit 91e007606f1f6f8e1416c403fe809d47fddf9b1f + * mpi/mpi-mod.c (_gcry_mpi_mod): Remove sign setting. + + ecc: Put the curve name again into the output of gcry_pk_genkey. + + commit 4776dcd394ce59fa50d959921857b3427c5a63c8 + * cipher/ecc.c (ecc_generate): Use the correct var. Release + CURVE_FLAGS. + + ecc: Support Weierstrass curves in gcry_mpi_ec_curve_point. + + commit b22417158c50ec3a0b2ff55b4ade063b42a87e8f + * mpi/ec.c (_gcry_mpi_ec_curve_point): Support MPI_EC_WEIERSTRASS. + +2013-10-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + arcfour: more optimized version for non-i386 architectures. + + commit f9371c026aad09ff48746d22c8333746c886e773 + * cipher/arcfour.c (ARCFOUR_context): Reorder members. + (do_encrypt_stream) [!__i386__]: Faster implementation for non-i386. + (do_arcfour_setkey): Avoid modulo operations. + + Avoid void* pointer arithmetic. + + commit c89ab921ccfaefe6c4f6a724d01e0df41a1a381f + * tests/tsexp.c (check_extract_param): Cast void* pointers to char* + before doing arithmetics. + +2013-10-16 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + ecc: Add support for GOST R 34.10-2001/-2012 signatures. + + commit 83902f1f1dbc8263a0c3f61be59cd2eb95293c97 + * src/cipher.h: define PUBKEY_FLAG_GOST + * cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves + defined in standards. Typical applications would use either those + curves, or curves defined in RFC 4357 (will be added later). + * cipher/ecc.c (sign_gost, verify_gost): New. + (ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST + is set. + (ecc_names): add "gost" for gost signatures. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist, + _gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag + is present in s-exp. + * tests/benchmark.c (ecc_bench): also benchmark GOST signatures. + * tests/basic.c (check_pubkey): add two public keys from + GOST R 34.10-2012 standard. + (check_pubkey_sign_ecdsa): add two data sets to check gost signatures. + * tests/curves.c: correct N_CURVES as we now have 2 more curves. + + + Removed some comments from the new curve definitions in ecc-curves.c + to avoid line wrapping. Eventually we will develop a precompiler to + avoid parsing those hex strings. -wk + + Fix 256-bit ecdsa test key definition. + + commit 187b2bb541b985255aee262d181434a7cb4ae2e7 + * tests/basic.c (check_pubkey): fix nistp256 testing key declaration - + add missing comma. + +2013-10-16 Werner Koch <wk@gnupg.org> + + sexp: Add function gcry_sexp_extract_param. + + commit a329b6abf00c990faf1986f9fbad7b4d71c13bcb + * src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New. + (gcry_sexp_extract_param): New. + * src/visibility.c (gcry_sexp_extract_param): New. + * src/visibility.h (gcry_sexp_extract_param): Add hack to detect + internal use. + * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split + into ... + * src/sexp.c (_gcry_sexp_vextract_param) + (_gcry_sexp_extract_param): this. Change all callers. Add support for buffer + descriptors and a path option/ + + * tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New. + (cmp_mpihex, cmp_bufhex): New. + (check_extract_param): New. + +2013-10-16 NIIBE Yutaka <gniibe@fsij.org> + + mpi: mpi-pow improvement. + + commit 45aa6131e93fac89d46733b3436d960f35fb99b2 + * mpi/mpi-pow.c (gcry_mpi_powm): New implementation of left-to-right + k-ary exponentiation. + +2013-10-15 Werner Koch <wk@gnupg.org> + + ecc: Support use of Ed25519 with ECDSA. + + commit 537969fbbb1104b8305a7edb331b7666d54eff2c + * src/cipher.h (PUBKEY_FLAG_ECDSA): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa". + * cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output. + (ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA. + * tests/keygen.c (check_ecc_keys): Create such a test key. + * tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New. + Take from dsa-6979.c + (check_ed25519ecdsa_sample_key): new. + (main): Call new test. + +2013-10-14 Werner Koch <wk@gnupg.org> + + pubkey: Support flags list in gcry_pk_genkey. + + commit d3a605d7827b8a73ef844e9e5183590bd6b1389a + * src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New. + (PUBKEY_FLAG_USE_X931): New. + (PUBKEY_FLAG_USE_FIPS186): New. + (PUBKEY_FLAG_USE_FIPS186_2): New. + * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from + parse_flags_list. Parse new flags. + * cipher/dsa.c (dsa_generate): Support flag list. + * cipher/ecc.c (ecc_generate): Ditto. + * cipher/rsa.c (rsa_generate): Ditto. + + pubkey: Remove duplicated flag parsing code. + + commit 5be2345ddec4147e535d5b039ee74f84bcacf9e4 + * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval) + (_gcry_pk_util_data_to_mpi): Factor flag parsing code out to .. + (parse_flag_list): New. + * src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New. + + mpicalc: Accept lowercase hex digits. + + commit 0cd551faa775ad5309a40629ae30bf86b75fca09 + * src/mpicalc.c (main): Test for lowercase hex digits. + +2013-10-11 Werner Koch <wk@gnupg.org> + + pubkey: Move sexp parsing of remaining fucntions to the modules. + + commit a951c061523e1c13f1358c9760fc3a9d787ab2d4 + * cipher/pubkey.c (release_mpi_array): Remove. + (pubkey_check_secret_key): Remove. + (sexp_elements_extract): Remove. + (sexp_elements_extract_ecc): Remove. + (sexp_to_key): Remove. + (get_hash_algo): Remove. + (gcry_pk_testkey): Revamp. + (gcry_pk_get_curve): Revamp. + * cipher/rsa.c (rsa_check_secret_key): Revamp. + * cipher/elgamal.c (elg_check_secret_key): Revamp. + * cipher/dsa.c (dsa_check_secret_key): Revamp. + * cipher/ecc.c (ecc_check_secret_key): Revamp. + * cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h + (_gcry_ecc_get_curve): Revamp. + + * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and + used parameters on error to NULL. + + pubkey: Move sexp parsing for gcry_pk_decrypt to the modules. + + commit 07950c865a901afc48acb46f0695040cadfd5068 + * cipher/rsa.c (rsa_decrypt): Revamp. + * cipher/elgamal.c (elg_decrypt): Revamp. + * cipher/ecc.c (ecc_decrypt_raw): Revamp. + * cipher/pubkey.c (gcry_pk_decrypt): Simplify. + (sexp_to_enc): Remove. + * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New. + + pubkey: Move sexp parsing for gcry_pk_encrypt to the modules. + + commit 6bd5d18c45a4a3ce8f0f66f56c83b80594877f53 + * cipher/rsa.c (rsa_encrypt): Revamp. + * cipher/elgamal.c (elg_encrypt): Revamp. + * cipher/ecc.c (ecc_encrypt_raw): Revamp. + * cipher/pubkey.c (gcry_pk_encrypt): Simplify. + + * tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so + that they are initialized even after an encrypt failure. + + pubkey: Move sexp parsing for gcry_pk_sign to the modules. + + commit d0ae6635e4e6ae273c3a137c513d518f28f6eab3 + * cipher/rsa.c (rsa_sign): Revamp. + * cipher/dsa.c (dsa_sign): Revamp. + * cipher/elgamal.c (elg_sign): Revamp. + * cipher/ecc.c (ecc_sign): Revamp. + * cipher/pubkey.c (gcry_pk_sign): Simplify. + +2013-10-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Prevent tail call optimization with _gcry_burn_stack. + + commit 150c0313f971bcea62d2802f0389c883e11ebb31 + * configure.ac: New check, HAVE_GCC_ASM_VOLATILE_MEMORY. + * src/g10lib.h (_gcry_burn_stack): Rename to __gcry_burn_stack. + (__gcry_burn_stack_dummy): New. + (_gcry_burn_stack): New macro. + * src/misc.c (_gcry_burn_stack): Rename to __gcry_burn_stack. + (__gcry_burn_stack_dummy): New. + +2013-10-09 Werner Koch <wk@gnupg.org> + + pubkey: Move sexp parsing for gcry_pk_verify to the modules. + + commit 94b652ecb006c29fa2ffb1badc9f02b758581737 + * cipher/rsa.c (rsa_verify): Revamp. + * cipher/dsa.c (dsa_verify): Revamp. + * cipher/elgamal.c (elg_verify): Revamp. + * cipher/ecc.c (ecc_verify): Revamp. + * cipher/pubkey.c (sexp_to_sig): Remove. + (pss_verify_cmp): Move to pubkey-util.c + (sexp_data_to_mpi): Ditto. + (init_encoding_ctx): Ditto. + (gcry_pk_verify): Simplify. + * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take + from pubkey.c + (get_hash_algo): Ditto. + (_gcry_pk_util_data_to_mpi): Ditto. + (pss_verify_cmp): Ditto. + (_gcry_pk_util_extract_mpis): New. + (_gcry_pk_util_preparse_sigval): New. + (_gcry_pk_util_free_encoding_ctx): New. + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init + optional. + + * src/g10lib.h (GCC_ATTR_SENTINEL): New. + + * tests/basic.c (check_pubkey_sign): Print the algo name. + (main): Add option --pubkey. + +2013-10-08 Werner Koch <wk@gnupg.org> + + pubkey: Move sexp parsing for gcry_pk_get_nbits to the modules. + + commit 4645f3728bb0900591b0aef85831fdee52c59e3c + * cipher/pubkey.c (spec_from_sexp): New. + (gcry_pk_get_nbits): Simplify. + * cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp + parsing here. + * cipher/dsa.c (dsa_get_nbits): Ditto. + * cipher/elgamal.c (elg_get_nbits): Ditto. + * cipher/ecc.c (ecc_get_nbits): Ditto. + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg + CURVE. + + pubkey: Move sexp parsing for gcry_pk_getkey to the modules. + + commit 3816e46ce211e63adf46dbc775510aa137572248 + * cipher/pubkey-util.c: New. + (_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey. + (_gcry_pk_util_get_rsa_use_e): Ditto. + * cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass. + * cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE. + Call new fucntions to get these values. + * cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE. + Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms. + * cipher/elgamal.c (elg_generate): Ditto. + * cipher/ecc.c (ecc_generate): Ditto. + + cipher: Deprecate GCRY_PK_ELG_E. + + commit f79d3e13d3229115c47cbe5007647cb44105fe3f + * cipher/elgamal.c (_gcry_pubkey_spec_elg_e): Remove. + * cipher/pubkey.c (pubkey_list): Remove double included + _gcry_pubkey_spec_elg. + (map_algo): MAke ELG_E to ELG. + +2013-10-02 Werner Koch <wk@gnupg.org> + + Provide Pth compatiblity for use with GnuPG 2.0. + + commit 2f767f6a17f7e99da4075882f7fe3ca597b31bdb + * src/ath.c (ath_install): Call ath_init and declare Pth as + compatible. + +2013-10-02 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + sha512: fix building on ARM. + + commit 6410152338a2b2ac1216e70c153cd16f9199c94e + * cipher/sha512.c (transform) [USE_ARM_NEON_ASM]: Fix 'hd' to 'ctx'. + +2013-10-02 Werner Koch <wk@gnupg.org> + + Remove deprecated control codes. + + commit f04a1db22d982627ba87da4e5df52df9b994c779 + * src/gcrypt.h.in (GCRYCTL_SET_KEY): Remove. + (GCRYCTL_SET_IV): Remove. + (GCRYCTL_SET_CTR): Remove. + * cipher/md.c (gcry_md_ctl): Remove deprecated GCRYCTL_SET_KEY. + * cipher/cipher.c (gcry_cipher_ctl): Remove deprecated + GCRYCTL_SET_KEY, GCRYCTL_SET_IV, GCRYCTL_SET_CTR. + +2013-10-02 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Fix errors when building with Clang on PPC. + + commit 33757c1e03f1d885920633edf543cd1c77999455 + * mpi/longlong.h (add_ssaaaa, sub_ddmmss, count_leading_zeros, + umul_ppmm): Do not cast asm output to USItype. + +2013-10-02 Werner Koch <wk@gnupg.org> + + Remove last remains of the former module system. + + commit 628ed5ba0ef4b1f04b5a77e29e4bc49a1fe13c07 + * src/gcrypt-module.h, src/module.c: Remove. + * src/visibility.h: Do not include gcrypt-module.h. + * src/g10lib.h: Remove all prototypes from module.c + (gcry_module): Remove. + * cipher/cipher-internal.h (gcry_cipher_handle): Remove unused field. + + Fix missing prototype warning in visibility.c. + + commit 52783d483293d48cd468143ae6ae2cccbfe17200 + * src/ec-context.h (_gcry_mpi_ec_new): Move prototype to mpi.h. + + md: Simplify the message digest dispatcher md.c. + + commit 0d39997932617ba20656f8bcc230ba744b76c87e + * src/gcrypt-module.h (gcry_md_spec_t): Move to ... + * src/cipher-proto.h: here. Merge with md_extra_spec_t. Add fields + ALGO and FLAGS. Set these fields in all digest modules. + * cipher/md.c: Change most code to replace the former module + system by a simpler system to gain information about the algorithms. + +2013-10-01 Werner Koch <wk@gnupg.org> + + cipher: Simplify the cipher dispatcher cipher.c. + + commit 3ca180b25e8df252fc16f802cfdc27496e307830 + * src/gcrypt-module.h (gcry_cipher_spec_t): Move to ... + * src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with + cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in + all cipher modules. + * cipher/cipher.c: Change most code to replace the former module + system by a simpler system to gain information about the algorithms. + (disable_pubkey_algo): Simplified. Not anymore thread-safe, though. + + * cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real + problem because both define the same function as their first field. + + * cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag. + + mpi: Fix gcry_mpi_neg. + + commit 4153fa859816e799e506055321a22e6450aacdcc + * mpi/mpiutil.c (_gcry_mpi_neg): Copy U to W. + +2013-10-01 Peter Wu <lekensteyn@gmail.com> + + cipher: Add support for 128-bit keys in RC2. + + commit 738177ec0eae05069ec61bc4f724a69d4e052e42 + * cipher/rfc2268.c (oids_rfc2268_128): New + (_gcry_cipher_spec_rfc2268_128): New. + * cipher/cipher.c (cipher_table_entry): Add GCRY_CIPHER_RFC2268_128. + +2013-09-30 Werner Koch <wk@gnupg.org> + + ecc: Use faster b parameter for Ed25519. + + commit 1d85452412b65e7976bc94969fc513ff6b880ed8 + * cipher/ecc-curves.c (domain_parms): Replace b. + * tests/t-mpi-point.c (test_curve): Ditto. + + ecc: Prepare for future Ed25519 optimization. + + commit a2618c822e666d4121cba29bee3fd50bf70c9743 + * mpi/ec-ed25519.c: New but empty file. + * mpi/ec-internal.h: New. + * mpi/ec.c: Include ec-internal.h. + (ec_mod): New. + (ec_addm): Use ec_mod. + (ec_mulm): Remove commented code. Use ec_mod. + (ec_subm): Call simple sub. + (ec_pow2): Use ec_mulm. + (ec_mul2): New. + (dup_point_weierstrass): Use ec_mul2. + (dup_point_twistededwards): Add special case for a == -1. Use + ec_mul2. + (add_points_weierstrass): Use ec_mul2. + (add_points_twistededwards): Add special case for a == -1. + (_gcry_mpi_ec_curve_point): Ditto. + (ec_p_init): Add hack to test Barrett functions. + * src/ec-context.h (mpi_ec_ctx_s): Add P_BARRETT. + + * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Fix sign problem. + + ecc: Fix recomputing of Q for Ed25519. + + commit c325adb8f5092b80a626bd3bb5e49cf7f3a29fc8 + * cipher/ecc-misc.c (reverse_buffer): New. + (_gcry_ecc_compute_public): Add ED255519 specific code. + * cipher/ecc.c (sign_eddsa): Allocate DIGEST in secure memory. Get + rid of HASH_D. + * tests/t-mpi-point.c (context_param): Test recomputing of Q for + Ed25519. + + log: Try to print s-expressions in a more compact format. + + commit d69a13d3d1c14ad6a6aa7cd349d6d2dfb152d422 + * src/misc.c (count_closing_parens): New. + (_gcry_log_printsxp): Use new function. + * mpi/ec.c (_gcry_mpi_point_log): Take care of a NULL point. + +2013-09-30 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Make Whirlpool use the _gcry_md_block_write helper. + + commit 68cefd0f1d60ac33b58031df9b1d165cb1bf0f14 + * cipher/whirlpool.c (whirlpool_context_t): Add 'bctx', remove + 'buffer', 'count' and 'nblocks'. + (whirlpool_init): Initialize 'bctx'. + (whirlpool_transform): Adjust context argument type and burn stack + depth. + (whirlpool_add): Remove. + (whirlpool_write): Use _gcry_md_block_write. + (whirlpool_final, whirlpool_read): Adjust for 'bctx' usage. + + whirlpool: add stack burning after transform. + + commit a96d622e1a36d40d1504b7ada567e90ec9957443 + * cipher/whirlpool.c (whirlpool_transform): Return burn stack depth. + (whirlpool_add): Do burn_stack. + + whirlpool: do bitcount calculation in finalization part. + + commit 10d7351411f19bb2c03d2e24ca5a38dabe45023b + * cipher/whirlpool.c (whirlpool_context_t): Remove 'length', add + 'nblocks'. + (whirlpool_add): Update 'nblocks' instead of 'length', and add early + return at one spot. + (whirlpool_write): Check for 'nblocks' overflow. + (whirlpool_final): Convert 'nblocks' to bit-counter, and use + whirlpool_write instead of whirlpool_add. + +2013-09-30 Werner Koch <wk@gnupg.org> + + Add logging functions to the API. + + commit d2076f27bb7c5d505abf25fc622d21794c4a5df3 + * src/gcrypt.h.in (_GCRY_GCC_ATTR_PRINTF): New. + (gcry_log_debug, gcry_log_debughex, gcry_log_debugmpi): New. + (gcry_log_debugpnt, gcry_log_debugsxp): New. + * src/visibility.c (gcry_log_debug): New. + (gcry_log_debughex, gcry_log_debugmpi, gcry_log_debugpnt): New. + (gcry_log_debugsxp): New. + * src/libgcrypt.def, src/libgcrypt.vers: Add new functions. + * src/misc.c (_gcry_logv): Make public. + (_gcry_log_printsxp): New. + * src/g10lib.h (log_printsxp): New macro. + +2013-09-26 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Make libgcrypt build with Clang on i386. + + commit db60d828137c4f3682ca4ca2a54fe3d96d3db5f9 + * cipher/longlong.h [__i386__] (add_ssaaaa, sub_ddmmss) + (umul_ppmm, udiv_qrnnd): Do not cast asm output to USItype. + +2013-09-25 Werner Koch <wk@gnupg.org> + + mpi: Change not yet used _gcry_mpi_set_opaque_copy. + + commit 1c6660debdbf1e4c3e80074c846a3e3097f214bb + * mpi/mpiutil.c (_gcry_mpi_set_opaque_copy): Change prototype. + (_gcry_mpi_get_opaque_copy): Take care of gcry_malloc failure. + + sexp: Improve printing of data with a leading zero. + + commit 9b7c49971588edf6acfc74bfb797eb79d19cb350 + * src/sexp.c (suitable_encoding): Detect leading zero byte. + + ecc: Allow the name "q@eddsa" to get/set the public key. + + commit d6683d2a6065986a9198d2d2eaa02c005b68cea4 + * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Support "q@eddsa". + (_gcry_ecc_set_mpi): Support "q". + * cipher/ecc.c (eddsa_encodepoint): Rename to ... + (_gcry_ecc_eddsa_encodepoint): this and make global. Remove arg + MINLEN and take from context. + (eddsa_decodepoint): Rename to + (_gcry_ecc_eddsa_decodepoint): this and make global. Remove arg LEN + and take from context. + (sign_eddsa, verify_eddsa): Take B from context. + (ecc_sign, ecc_verify): Add hack to set DIALECT. + (_gcry_pk_ecc_get_sexp): Use _gcry_ecc_compute_public. Handle EdDSA. + * src/ec-context.h (mpi_ec_ctx_s): Add field NBITS. + * mpi/ec.c (ec_p_init): Init NBITS. + * tests/t-mpi-point.c (test_curve): Add Ed25519. + (sample_ed25519_q): New. + (context_param): Check new sample key. + (hex2buffer, hex2mpiopa): New. + (cmp_mpihex): Take care of opaque MPIs. + + mpicalc: Add statement to compute the number of bits. + + commit 9a4447ccd1b90bcd701941e80a7f484a1825fcea + * src/mpicalc.c (do_nbits): New. + (main): Add statement 'b'. + + ecc: Refactor low-level access functions. + + commit 64a7d347847d606eb5f4c156e24ba060271b8f6b + * mpi/ec.c (point_copy): Move to cipher/ecc-curves.c. + (ec_get_reset): Rename to _gcry_mpi_ec_get_reset and make global. + (_gcry_mpi_ec_get_mpi): Factor most code out to _gcry_ecc_get_mpi. + (_gcry_mpi_ec_get_point): Factor most code out to _gcry_ecc_get_point. + (_gcry_mpi_ec_set_mpi): Factor most code out to _gcry_ecc_set_mpi. + (_gcry_mpi_ec_set_point): Factor most code out to _gcry_ecc_set_point. + * cipher/ecc-curves.c (_gcry_ecc_get_mpi): New. + (_gcry_ecc_get_point, _gcry_ecc_set_mpi, _gcry_ecc_set_point): New. + * cipher/ecc-misc.c (_gcry_ecc_compute_public): New. + + ecc: Fix highly unlikely endless loop in sign_ecdsa. + + commit 1f5f4452e5bca105ec2197a4facbf9778e7dc31e + * cipher/ecc.c (sign_ecdsa): Turn while-do into do-while loops. + +2013-09-24 Werner Koch <wk@gnupg.org> + + ecc: Allow the use of an uncompressed public key. + + commit df013c9820709421ef9550158ac5df0060d73379 + * cipher/ecc.c (eddsa_encodepoint): Factor most code out to ... + (eddsa_encode_x_y): new fucntion. + (eddsa_decodepoint): Allow use of an uncompressed public key. + * tests/t-ed25519.c (N_TESTS): Adjust. + * tests/t-ed25519.inp: Add test 1025. + +2013-09-23 Werner Koch <wk@gnupg.org> + + pk: Add algo id GCRY_PK_ECC and deprecate ECDSA and ECDH. + + commit d5f91466695c5736f441c9bf1998436184a4bf61 + * src/gcrypt.h.in (GCRY_PK_ECC): New. + * cipher/pubkey.c (map_algo): New. + (spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it. + * cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC. + (run_selftests): Simplify. + (ecdh_names, ecdsa_names): Merge into a new ecc_names. + (_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new + _gcry_pubkey_spec_ecc. + + ec: Use mpi_mulm instead of mpi_powm. + + commit 4552437bb3c5ff96a889fd31e4bc504b2a12fac7 + * mpi/ec.c (ec_pow2): New. + (ec_powm): Remove call to mpi_abs. + (dup_point_weierstrass, dup_point_twistededwards) + (add_points_weierstrass, add_points_twistededwards) + (_gcry_mpi_ec_curve_point): Use ec_pow2. + +2013-09-21 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + bufhelp: enable fast unaligned memory accesses on powerpc. + + commit 925d4fb3e8f2df3c5566ec6b5df7620a3d3504e5 + * cipher/bufhelp.h [__powerpc__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set + macro enabled. + [__powerpc64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Ditto. + + Remove i386 inline assembly version of rotation functions. + + commit cfea5c28a3822e1e7e401e5107ebe07ba7fdcf37 + * cipher/bithelp.h (rol, ror): Remove i386 version, change + macros to inline functions. + * src/hmac256.c (ror): Ditto. + + Optimize and cleanup 32-bit and 64-bit endianess transforms. + + commit 9337e03824a5bdd3bbbcb8382cabefe6d6c32e1e + * cipher/bithelp.h (bswap32, bswap64, le_bswap32, be_bswap32) + (le_bswap64, be_bswap64): New. + * cipher/bufhelp.h (buf_get_be32, buf_get_le32, buf_put_le32) + (buf_put_be32, buf_get_be64, buf_get_le64, buf_put_be64) + (buf_put_le64): New. + * cipher/blowfish.c (do_encrypt_block, do_decrypt_block): Use new + endian conversion helpers. + (do_bf_setkey): Turn endian specific code to generic. + * cipher/camellia.c (GETU32, PUTU32): Use new endian conversion + helpers. + * cipher/cast5.c (rol): Remove, use rol from bithelp. + (F1, F2, F3): Fix to use rol from bithelp. + (do_encrypt_block, do_decrypt_block, do_cast_setkey): Use new endian + conversion helpers. + * cipher/des.c (READ_64BIT_DATA, WRITE_64BIT_DATA): Ditto. + * cipher/md4.c (transform, md4_final): Ditto. + * cipher/md5.c (transform, md5_final): Ditto. + * cipher/rmd160.c (transform, rmd160_final): Ditto. + * cipher/salsa20.c (LE_SWAP32, LE_READ_UINT32): Ditto. + * cipher/scrypt.c (READ_UINT64, LE_READ_UINT64, LE_SWAP32): Ditto. + * cipher/seed.c (GETU32, PUTU32): Ditto. + * cipher/serpent.c (byte_swap_32): Remove. + (serpent_key_prepare, serpent_encrypt_internal) + (serpent_decrypt_internal): Use new endian conversion helpers. + * cipher/sha1.c (transform, sha1_final): Ditto. + * cipher/sha256.c (transform, sha256_final): Ditto. + * cipher/sha512.c (__transform, sha512_final): Ditto. + * cipher/stribog.c (transform, stribog_final): Ditto. + * cipher/tiger.c (transform, tiger_final): Ditto. + * cipher/twofish.c (INPACK, OUTUNPACK): Ditto. + * cipher/whirlpool.c (buffer_to_block, block_to_buffer): Ditto. + * configure.ac (gcry_cv_have_builtin_bswap32): Check for compiler + provided __builtin_bswap32. + (gcry_cv_have_builtin_bswap64): Check for compiler provided + __builtin_bswap64. + + gostr3411_94: set better burn stack depth estimate. + + commit 7409de7bc28ff8847c9d71d8c3e35e1968d59d60 + * cipher/gost28147.c (_gcry_gost_enc_one): Account function stack to + burn stack depth. + * cipher/gostr3411-94.c (max): New macro. + (do_hash_step, transform): Return stack burn depth. + + Use hash transform function return type for passing burn stack depth. + + commit 592c2ab3deeeccbb6d3b078ed7bf0e6627c8e1fb + * cipher/gostr4311-94.c (transform): Return stack burn depth. + * cipher/hash-common.c (_gcry_md_block_write): Use stack burn depth + returned by 'hd->bwrite'. + * cipher/hash-common.h (_gcry_md_block_write_t): Change return type to + 'unsigned int'. + (gry_md_block_ctx_t): Remove 'stack_burn'. + * cipher/md4.c (transform): Return stack burn depth. + (md4_final): Use stack burn depth from transform. + * cipher/md5.c (transform): Return stack burn depth. + (md5_final): Use stack burn depth from transform. + * cipher/rmd160.c (transform): Return stack burn depth. + (rmd160_final): Use stack burn depth from transform. + * cipher/sha1.c (transform): Return stack burn depth. + (sha1_final): Use stack burn depth from transform. + * cipher/sha256.c (transform): Return stack burn depth. + (sha256_final): Use stack burn depth from transform. + * cipher/sha512.c (__transform, transform): Return stack burn depth. + (sha512_final): Use stack burn depth from transform. + * cipher/stribog.c (transform64): Return stack burn depth. + * cipher/tiger.c (transform): Return stack burn depth. + (tiger_final): Use stack burn depth from transform. + + Make STRIBOG use the new _gcry_md_block_write helper. + + commit 902ea6052c11108bd19333c31b03e084bed1fb86 + * cipher/stribog.c (STRIBOG_STRUCT): Add 'bctx' and remove 'buf' and + 'count'. + (stribog_init_512): Initialize 'bctx'. + (transform64): New function. + (stribog_write): Remove. + (stribog_final): Use _gcry_md_block_write and bctx. + (_gcry_digest_spec_stribog_256, _gcry_digest_spec_stribog_512): Use + _gcry_md_block_write. + + Make SHA-512 use the new _gcry_md_block_write helper. + + commit cce7449efe471b076c5a97929ac8907162011394 + * cipher/hash-common.c (_gcry_md_block_write): Check that hd->buf is + large enough. + * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE, MD_NBLOCKS_TYPE): New + macros. + (gcry_md_block_ctx_t): Use above macros for 'nblocks' and 'buf'. + * cipher/sha512.c (SHA512_STATE): New struct. + (SHA512_CONTEXT): Add 'bctx' and 'state'. + (sha512_init, sha384_init): Initialize 'bctx'. + (__transform, _gcry_sha512_transform_armv7_neon): Use SHA512_STATE for + 'hd'. + (transform): For now, do not return burn stack. + (sha512_write): Remove. + (sha512_final): Use _gcry_md_block_write and bctx. + (_gcry_digest_spec_sha512, _gcry_digest_spec_sha384): Use + _gcry_md_block_write. + +2013-09-20 Werner Koch <wk@gnupg.org> + + sexp: Change internal versions to always use gpg_err_code_t. + + commit 3e5cfa20acfeccb9df2c3fae2730344b40b36104 + * src/sexp.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_build) + (gcry_sexp_build_array, gcry_sexp_canon_len): Change error return type + from gpg_error_t to gpg_err_code_t. Remove all calls to gpg_error. + * src/visibility.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_sscan) + (gcry_sexp_build, gcry_sexp_build_array, gcry_sexp_canon_len): Map + error codes via gpg_error. + * cipher/dsa.c, cipher/ecc.c, cipher/elgamal.c, cipher/rsa.c: Remove + use gpg_err_code wrappers. + + pk: Move s-exp creation for gcry_pk_decrypt to the modules. + + commit 722bfc1e5f2268453db62f38cc46b5ec6ef3adee + * cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it + into FLAGS. + (gcry_pk_decrypt): Move result s-exp building into the modules. + * src/cipher-proto.h (gcry_pk_decrypt_t): Add some args. + * cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp. + * cipher/elgamal.c (elg_decrypt): Ditto. + * cipher/rsa.c (rsa_decrypt): Ditto. + (rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several + extra MPI allocations. + + pk: Remove unused function. + + commit 64cd7ab93da7c95cc8aa320c61c6e29f9e2399c4 + * cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove + +2013-09-19 Werner Koch <wk@gnupg.org> + + Beautify debug output of the prime generator. + + commit 6576f0a7684292cb5691bfcabad0acca4c06c014 + * cipher/primegen.c: Adjust output of log_mpidump to recently changed + log_mpidump code changes. + + pk: Move s-expr creation for genkey to the modules. + + commit 1bf08850bf9343146c938bc03917417e16393e9a + * cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey + (gcry_pk_genkey): Move result s-exp creation into the modules. + * cipher/dsa.c (dsa_generate): Create result as s-exp. + * cipher/elgamal.c (elg_generate): Ditto. + * cipher/rsa.c (rsa_generate): Ditto. + * cipher/ecc.c (ecc_generate): Ditto. + * src/cipher-proto.h (pk_ext_generate_t): Remove type + (gcry_pk_spec): and remove from struct. + + tests: Beautify some diagnostics. + + commit 2fe084873333c4d67bcfba0b527d63cd3cff6c47 + * tests/benchmark.c (ecc_bench): Print the key sexp in very verbose + mode. + (main): Add option --pk-count. + * tests/keygen.c: Add Elgamal generation and improved diagnostics. + * tests/t-ed25519.c (check_ed25519): Print running number of tests + done. + + sexp: Improve printing data representing a negative number. + + commit b3f3d47d347c14ed41d755cee580f000309b9c03 + * src/sexp.c (suitable_encoding): Detect a negative number. + + pk: Move RSA encoding functions to a new file. + + commit 071f70b9a766187fc70f6abc6a69d50752449285 + * cipher/rsa-common: New. + * cipher/pubkey.c (pkcs1_encode_for_encryption): Move to rsa-common.c + and rename to _gcry_rsa_pkcs1_encode_for_enc. + (pkcs1_decode_for_encryption): Move to rsa-common.c and rename to + _gcry_rsa_pkcs1_decode_for_enc. + (pkcs1_encode_for_signature): Move to rsa-common.c and rename to + _gcry_rsa_pkcs1_encode_for_sig. + (oaep_encode): Move to rsa-common.c and rename to + _gcry_rsa_oaep_encode. + (oaep_decode): Move to rsa-common.c and rename to + _gcry_rsa_oaep_decode. + (pss_encode): Move to rsa-common.c and rename to _gcry_rsa_pss_encode. + (pss_verify): Move to rsa-common.c and rename to _gcry_rsa_pss_decode. + (octet_string_from_mpi, mgf1): Move to rsa-common.c. + + pk: Move s-expr creation for sign and encrypt to the modules. + + commit eca9e2e50ddd4c9020fe1d4a9a3c77d20ebb90f6 + * cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt. + (pubkey_decrypt): Fold into gcry_pk_decrypt. + (pubkey_sign): Fold into gcry_pk_sign. + (pubkey_verify): Fold into gcry_pk_verify. + (octet_string_from_mpi): Make it a wrapper and factor code out to ... + * mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function. + + * src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New. + * cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings. + (gcry_pk_encrypt): Simply by moving the s-expr generation to the modules. + (gcry_pk_sign): Ditto. + * cipher/dsa.c (dsa_sign): Create s-expr. + * cipher/elgamal.c (elg_encrypt, elg_sign): Ditto. + * cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto. + * cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto. + (ecdsa_names): Add "eddsa". + * tests/t-ed25519.c (one_test): Expect "eddsa" token. + +2013-09-19 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Fix Stribog digest on bigendian platforms. + + commit d399faf5db71d429bfd6fa4a9cfc82e2a55055f0 + * cipher/stribog.c (stribog_final): swap bytes in the result of digest + calculations. + +2013-09-18 Werner Koch <wk@gnupg.org> + + pk: Simplify the public key dispatcher pubkey.c. + + commit 85722afb379f7a392a8117b895de273fd88c4ebc + * src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS. + * cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields. + * cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto. + (_gcry_pubkey_spec_ecdh): Ditto. + * cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto. + * cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto + (_gcry_pubkey_spec_elg_e): New. + * cipher/pubkey.c: Change most code to replace the former module + system by a simpler system to gain information about the algorithms. + (disable_pubkey_algo): SImplified. Not anymore thread-safe, though. + + pk: Merge extraspecs struct with standard specs struct. + + commit 89103ce00e862cc709e80fa41f2ee13d54093ec5 + * src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the + corresponding function typedefs to ... + * src/cipher-proto.h: here. + (pk_extra_spec_t): Remove typedef and merge fields into + gcry_pk_spec_t. + * cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto. + * cipher/pubkey.c: Change accordingly. + * src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove. + (_gcry_pubkey_extraspec_dsa): Remove. + (_gcry_pubkey_extraspec_elg): Remove. + (_gcry_pubkey_extraspec_ecdsa): Remove. + +2013-09-18 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix encryption/decryption return type for GOST28147. + + commit 2ad7ea9cb388fd31e4b0852b68d77f599ef4adce + * cipher/gost.h (_gcry_gost_enc_one): Change return type to + 'unsigned int'. + * cipher/gost28147.c (max): New macro. + (gost_encrypt_block, gost_decrypt_block): Return burn stack depth. + (_gcry_gost_enc_one): Return burn stack depth from gost_encrypt_block. + +2013-09-18 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + doc: fix building of ps and pdf documentation. + + commit bd33fa21c9afc6c81e0da24016fc13001e9c7390 + * doc/gcrypt.texi, doc/gpl.texi, doc/lgpl.texi: fix texinfo errors. + + Add GOST R 34.11-2012 implementation (Stribog) + + commit c22064bdd773a807801e300aa9214b2fdcafcf20 + * src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256) + (GCRY_MD_GOSTR3411_12_512): New. + * cipher/stribog.c: New. + * configure.ac (available_digests_64): Add stribog. + * src/cipher.h: Declare Stribog declarations. + * cipher/md.c: Register Stribog digest. + * tests/basic.c (check_digests) Add 4 testcases for Stribog from + standard. + * doc/gcrypt.texi: Document new constants. + + Add basic implementation of GOST R 34.11-94 message digest. + + commit b0579baaa04fb91eabbbdc295bcabea04cf84056 + * src/gcrypt.h.in (GCRY_MD_GOSTR3411_94): New. + * cipher/gostr3411-94.c: New. + * configure.ac (available_digests): Add gostr3411-94. + * src/cipher.h: Add gostr3411-94 definitions. + * cipher/md.c: Register GOST R 34.11-94. + * tests/basic.c (check_digests): Add 4 tests for GOST R 34.11-94 + hash algo. Two are defined in the standard itself, two other are + more or less common tests - an empty string an exclamation mark. + * doc/gcrypt.texi: Add an entry describing GOST R 34.11-94 to the MD + algorithms table. + + Separate common md block code. + + commit ecde77ad98690540abb21db08e5531297ed72bd0 + * cipher/hash-common.c (_gcry_md_block_write): New function to handle + block md operations. The current implementation is limited to 64 byte + buffer and u32 block counter. + + * cipher/md4.c, cipher/md5.c, cipher/rmd.h, cipher/rmd160.c + *cipher/sha1.c, cipher/sha256.c, cipher/tiger.c: Convert to use + _gcry_md_block_write. + + Add limited implementation of GOST 28147-89 cipher. + + commit 56b5949f71f501744998f5ebc12488ebf6f1c0b5 + * src/gcrypt.h.in (GCRY_CIPHER_GOST28147): New. + * cipher/gost.h, cipher/gost28147.c: New. + * configure.ac (available_ciphers): Add gost28147. + * src/cipher.h: Add gost28147 definitions. + * cipher/cipher.c: Register gost28147. + * tests/basic.c (check_ciphers): Enable simple test for gost28147. + * doc/gcrypt.texi: document GCRY_CIPHER_GOST28147. + +2013-09-18 Werner Koch <wk@gnupg.org> + + ecc: Add Ed25519 key generation and prepare for optimizations. + + commit 63cd3474425cb5a7ec4d1a56be15b248ecda4680 + * src/mpi.h (enum ecc_dialects): New. + * src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT. + * cipher/ecc-common.h (elliptic_curve_t): Ditto. + * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. + (domain_parms): Add dialect values. + (_gcry_ecc_fill_in_curve): Set dialect. + (_gcry_ecc_get_curve): Ditto. + (_gcry_mpi_ec_new): Ditto. + (_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now. + * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect. + (_gcry_ecc_dialect2str): New. + * mpi/ec.c (ec_p_init): Add arg DIALECT. + (_gcry_mpi_ec_p_internal_new): Ditto. + (_gcry_mpi_ec_p_new): Ditto. + + * mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag. + (_gcry_mpi_set_opaque_copy): New. + + * cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI. + * cipher/ecc.c (eddsa_generate_key): New. + (generate_key): Rename to nist_generate_key and factor some code out + to ... + (ecc_generate_ext): here. Divert to eddsa_generate_key if desired. + (eddsa_decodepoint): Take care of an opaque MPI. + (ecc_check_secret_key): Ditto. + (ecc_sign): Ditto. + * cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret + key as opaque MPIs. + (gcry_pk_genkey): Add the curve_name also to the private key part of + the result. + + * tests/benchmark.c (ecc_bench): Support Ed25519. + (main): Add option --debug. + * tests/curves.c (sample_key_2): Make sure that P and N are positive. + * tests/keygen.c (show): New. + (check_ecc_keys): Support Ed25519. + +2013-09-17 Werner Koch <wk@gnupg.org> + + mpi: Support printing of negative numbers. + + commit 89fe2173649a72019d75e059e6c6938efd10421f + * mpi/mpicoder.c (twocompl, onecompl): New. + (gcry_mpi_print): Use it for STD and SSH. + (gcry_mpi_scan): Use it for STD and SSH. Always set NSCANNED. + (gcry_mpi_aprint): Clear the extra allocated byte. + * tests/t-convert.c (showhex, showmpi): New. + (mpi2bitstr_nlz): New. + (check_formats): New. + (main): Call new test. + +2013-09-16 Werner Koch <wk@gnupg.org> + + Fix bug in _gcry_mpi_tdiv_q_2exp. + + commit a7a9cdcaaf3979baa18dad51e722882581349f45 + * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work. + + ecc: Implement Curve Ed25519 signing and verification. + + commit bc5199a02abe428ad377443280b3eda60141a1d6 + * cipher/ecc-curves.c (domain_parms): Add curve "Ed25519". + * cipher/ecc.c (reverse_buffer): New. + (eddsa_encodempi): New. + (eddsa_encodepoint): New. + (eddsa_decodepoint): New. + (sign_eddsa): Implement. + (verify_eddsa): Implement. + (ecc_sign): Init unused Q. Pass public key to sign_eddsa. + (ecc_verify): Init pk.Q if not used. Pass public key verbatim to + verify_eddsa. + * cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all + callers to pass 0. + (sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract. + (sexp_data_to_mpi): Allow for a zero length "value". + (gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as + required. + * mpi/ec.c (ec_invm): Print a warning if the inverse does not exist. + (_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve + model. + (dup_point_twistededwards): Implement. + (add_points_twistededwards): Implement. + (_gcry_mpi_ec_mul_point): Support Twisted Edwards. + + * mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE. + (_gcry_mpi_get_buffer): Ditto. Change all callers. + (_gcry_mpi_get_secure_buffer): Ditto. + + * src/sexp.c (_gcry_sexp_nth_opaque_mpi): New. + + * tests/t-ed25519.c: New. + * tests/t-ed25519.inp: New. + * tests/t-mpi-point.c (basic_ec_math_simplified): Print some output + only in debug mode. + (twistededwards_math): New test. + (main): Call new test. + + mpi: Add internal convenience function. + + commit 44a2c34e90ed7de149952398787906d8823b636b + * mpi/mpiutil.c (_gcry_mpi_get_opaque_copy): New. + + mpi: Add debug function to print a point. + + commit 8ebc94d11a1eb93f2365c93f555e958700fdfbd4 + * mpi/ec.c (_gcry_mpi_point_log): New. + * src/mpi.h (log_printpnt): new macro. + + tests: Factor time measurement code out. + + commit 58eaf0c4332ac2f645ede28c4d18337389dfa753 + * tests/benchmark.c (started_at, stopped_at, start_timer, stop_timer) + (elapsed time): Factor out to .. + * tests/stopwatch.h: new file. + +2013-09-12 Werner Koch <wk@gnupg.org> + + Fix _gcry_log_printmpi to print 00 instead of a sole sign. + + commit 1c76349c69c70a62b516a4f837c6287def640807 + * src/misc.c: Special case an mpi length of 0. + +2013-09-11 Werner Koch <wk@gnupg.org> + + Streamline the use of the internal mpi and hex debug functions. + + commit e35ed615acc624a8b6c07576ea0650aac2bdb0db + * mpi/mpicoder.c (gcry_mpi_dump): Remove. + (_gcry_log_mpidump): Remove. + * src/misc.c (_gcry_log_printhex): Factor all code out to ... + (do_printhex): new. Add line wrapping a and compact printing. + (_gcry_log_printmpi): New. + * src/mpi.h (log_mpidump): Remove macro. + * src/g10lib.h (log_mpidump): Add compatibility macro. + (log_printmpi): New macro + * src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi. + * cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump + by log_printmpi. + (gcry_prime_group_generator): Ditto. + * cipher/pubkey.c: Remove extra colons from log_mpidump call. + * cipher/rsa.c (stronger_key_check): Use log_printmpi. + +2013-09-10 Werner Koch <wk@gnupg.org> + + md: Add function gcry_md_hash_buffers. + + commit f3bca0c77c4979504f95fdbc618f7458e61e3e45 + * src/gcrypt.h.in (gcry_buffer_t): new. + (gcry_md_hash_buffers): New. + * src/visibility.c, src/visibility.h: Add wrapper for new function. + * src/libgcrypt.def, src/libgcrypt.vers: Export new function. + * cipher/md.c (gcry_md_hash_buffers): New. + * cipher/sha1.c (_gcry_sha1_hash_buffers): New. + * tests/basic.c (check_one_md_multi): New. + (check_digests): Run that test. + * tests/hmac.c (check_hmac_multi): New. + (main): Run that test. + + md: Fix Whirlpool flaw. + + commit 0a28b2d2c9181a536fc894e24626714832619923 + * cipher/whirlpool.c (whirlpool_add): Remove shortcut return so that + byte counter is always properly updated. + +2013-09-07 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix static build on AMD64. + + commit 90fdf25f0dcc5feac7195ede55bd15948a11363e + * cipher/rijndael-amd64.S: Correct 'RIP' macro for non-PIC build. + + scrypt: fix for big-endian systems. + + commit 38a038a135d82231eff9d84f1ae3c4a25c6a5e75 + * cipher/scrypt.c (_salsa20_core): Fix endianess issues. + +2013-09-07 Werner Koch <wk@gnupg.org> + + Use gcc "unused" attribute only with gcc >= 3.5. + + commit f7135e299e659d78906aac3dfdf30f380b5cf9c6 + * src/g10lib.h (GCC_ATTR_UNUSED): Fix gcc version detection. + +2013-09-07 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Add support for Salsa20/12 - 12 round version of Salsa20. + + commit ae6f6c47d2e0c536f3eab0823b5f23d26956cda2 + * src/gcrypt.h.in (GCRY_CIPHER_SALSA20R12): New. + * src/salsa20.c (salsa20_core, salsa20_do_encrypt_stream): Add support + for reduced round versions. + (salsa20r12_encrypt_stream, _gcry_cipher_spec_salsa20r12): Implement + Salsa20/12 - a 12 round version of Salsa20 selected by eStream. + * src/cipher.h: Declsare Salsa20/12 definition. + * cipher/cipher.c: Register Salsa20/12 + * tests/basic.c: (check_stream_cipher, check_stream_cipher_large_block): + Populate Salsa20/12 tests with test vectors from ecrypt + (check_ciphers): Add simple test for Salsa20/12 + +2013-09-07 Werner Koch <wk@gnupg.org> + + Add configure option --disable-amd64-as-feature-detection. + + commit 49d5b9dcd622cdc87fb02a211bd51e3d46345bf2 + * configure.ac: Implement new disable flag. + + mpi: Improve support for non-Weierstrass support. + + commit 4d8c8c7aa88cddb1624301957e6245405f46d027 + * mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers. + (_gcry_mpi_ec_p_internal_new): Ditto. + (_gcry_mpi_ec_p_new): Ditto. + * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return + GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model. + * cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto. + * cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking. + + mpi: Add gcry_mpi_ec_curve_point. + + commit ddfefe429660cc5d798f3517208936449247ae5c + * mpi/ec.c (_gcry_mpi_ec_curve_point): New. + (ec_powm): Return the absolute value. + * src/visibility.c, src/visibility.c: Add wrappers. + * src/libgcrypt.def, src/libgcrypt.vers: Export them. + + mpi: Add functions to manipulate the sign. + + commit 1bd2c67aa55b40589654d3fa5dea05cf1ed7dc5f + * src/gcrypt.h.in (gcry_mpi_is_neg): New. + (gcry_mpi_neg, gcry_mpi_abs): New. + * mpi/mpiutil.c (_gcry_mpi_is_neg): New. + (_gcry_mpi_neg, _gcry_mpi_abs): New. + * src/visibility.c, src/visibility.h: Add wrappers. + * src/libgcrypt.def, src/libgcrypt.vers: Export them. + * src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign. + * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign. + * mpi/mpi-mpow.c (calc_barrett): Ditto. + * cipher/primegen.c (_gcry_derive_x931_prime): Ditto + * cipher/rsa.c (secret): Ditto. + +2013-09-06 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Tune armv6 mpi assembly. + + commit 4e4440153258e2f0dfdcaa8443820af06984ecb1 + * mpi/armv6/mpih-mul1.S: Tune assembly for Cortex-A8. + * mpi/armv6/mpih-mul2.S: Ditto. + * mpi/armv6/mpih-mul3.S: Ditto. + +2013-09-05 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Change _gcry_burn_stack take burn depth as unsigned integer. + + commit e0ae31fcce3bd57b24751ff3c82cba820e493c3a + * src/misc.c (_gcry_burn_stack): Change to handle 'unsigned int' bytes. + + mpicalc: fix building on linux and win32. + + commit 50ec983666f0ca9d50c84aa1afad0d7bd5810779 + * src/Makefile.am (mpicalc): Adjust CFLAGS and LDADD. + +2013-09-04 Werner Koch <wk@gnupg.org> + + Change mpicalc to use Libgcrypt and install it. + + commit 1d23040b659661b4086c079cb9fd5f37189a7020 + * src/mpicalc.c: Make use of gcry_ functions. + (MPICALC_VERSION): New. Set to 2.0. + (strusage): Remove. + (scan_mpi): New. Replaces mpi_fromstr. + (print_mpi): New. Replaces mpi_print. + (my_getc): New. + (print_help): New. + (main): Use simple option parser and print version info. + * src/Makefile.am (bin_PROGRAMS): Add mpicalc. + (mpicalc_SOURCES, mpicalc_CFLAGS, mpicalc_LDADD): New. + + Add mpicalc.c to help with testing. + + commit a70c46e29c480fa0f56ab4814666a5b115f84fd7 + * src/mpicalc.c: Take from GnuPG 1.4 + + Prepare support for EdDSA. + + commit c47d4001033f68212d2847b3074a0bdda990342e + * src/cipher.h (PUBKEY_FLAG_EDDSA): New. + * cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by + CTX. Pass flags and hash algo to the verify function. Change all + verify functions to accept these args. + (sexp_data_to_mpi): Implement new flag "eddsa". + (gcry_pk_verify): Pass CTX instead of the compare function to + pubkey_verify. + * cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers. + (verify): Rename to verify_ecdsa. Change all callers. + (sign_eddsa, verify_eddsa): New stub functions. + (ecc_sign): Divert to sign_ecdsa or sign_eddsa. + (ecc_verify): Divert to verify_ecdsa or verify_eddsa. + + Prepare support for non-Weierstrass EC equations. + + commit c26be7a337d0bf98193bc58e043209e46d0769bb + * src/mpi.h (gcry_mpi_ec_models): New. + * src/ec-context.h (mpi_ec_ctx_s): Add MODEL. + * cipher/ecc-common.h (elliptic_curve_t): Ditto. + * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. + (domain_parms): Mark als as Weierstrass. + (_gcry_ecc_fill_in_curve): Check model. + (_gcry_ecc_get_curve): Set model to Weierstrass. + * cipher/ecc-misc.c (_gcry_ecc_model2str): New. + * cipher/ecc.c (generate_key, ecc_generate_ext): Print model in the + debug output. + + * mpi/ec.c (_gcry_mpi_ec_dup_point): Switch depending on model. + Factor code out to ... + (dup_point_weierstrass): new. + (dup_point_montgomery, dup_point_twistededwards): New stub functions. + (_gcry_mpi_ec_add_points): Switch depending on model. Factor code out + to ... + (add_points_weierstrass): new. + (add_points_montgomery, add_points_twistededwards): New stub + functions. + + * tests/Makefile.am (TESTS): Reorder tests. + + mpi: Suppress newer gcc warnings. + + commit 8698530b2f9ef95542f1dd550961de7af86cc256 + * src/g10lib.h (GCC_ATTR_UNUSED): Define for gcc >= 3.5. + * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Mark dummy + as unused. + * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused. + + Do not check with cpp for typedefed constants. + + commit b28b1f732e1b4f9c62a9de87c22c6bb0d3f8fdb8 + * src/gcrypt-int.h: Include error code replacements depeding on the + version of libgpg-error. + +2013-09-04 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Make _gcry_burn_stack use variable length array. + + commit 4b0edf53440239d3bcc95941980c062a0801a149 + * configure.ac (HAVE_VLA): Add check. + * src/misc.c (_gcry_burn_stack) [HAVE_VLA]: Add VLA code. + + Move stack burning from block ciphers to cipher modes. + + commit a3aaa6ad03388ea3eaa24304b604cb864633332f + * src/gcrypt-module.h (gcry_cipher_encrypt_t) + (gcry_cipher_decrypt_t): Return 'unsigned int'. + * cipher/cipher.c (dummy_encrypt_block, dummy_decrypt_block): Return + zero. + (do_ecb_encrypt, do_ecb_decrypt): Get largest stack burn depth from + block cipher crypt function and burn stack at end. + * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) + (_gcry_cipher_aeswrap_decrypt): Ditto. + * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) + (_gcry_cipher_cbc_decrypt): Ditto. + * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) + (_gcry_cipher_cfb_decrypt): Ditto. + * cipher/cipher-ctr.c (_gcry_cipher_cbc_encrypt): Ditto. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) + (_gcry_cipher_ofb_decrypt): Ditto. + * cipher/blowfish.c (encrypt_block, decrypt_block): Return burn stack + depth. + * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Ditto. + * cipher/cast5.c (encrypt_block, decrypt_block): Ditto. + * cipher/des.c (do_tripledes_encrypt, do_tripledes_decrypt) + (do_des_encrypt, do_des_decrypt): Ditto. + * cipher/idea.c (idea_encrypt, idea_decrypt): Ditto. + * cipher/rijndael.c (rijndael_encrypt, rijndael_decrypt): Ditto. + * cipher/seed.c (seed_encrypt, seed_decrypt): Ditto. + * cipher/serpent.c (serpent_encrypt, serpent_decrypt): Ditto. + * cipher/twofish.c (twofish_encrypt, twofish_decrypt): Ditto. + * cipher/rfc2268.c (encrypt_block, decrypt_block): New. + (_gcry_cipher_spec_rfc2268_40): Use encrypt_block and decrypt_block. + +2013-09-01 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + camellia-aesni-avx2-amd64: Move register clearing to assembly functions. + + commit f3515240de9513ead975985c9f8ab714022cac8e + * cipher/camellia-aesni-avx2-amd64.S + (_gcry_camellia_aesni_avx2_ctr_enc): Add 'vzeroall'. + (_gcry_camellia_aesni_avx2_cbc_dec) + (_gcry_camellia_aesni_avx2_cfb_dec): Add 'vzeroupper' at head and + 'vzeroall' at tail. + * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) + (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX2]: Remove register + clearing. + + camellia-aesni-avx-amd64: Move register clearing to assembly functions. + + commit 8b735cb563dff7aafbf8a970972522b5621e665c + * cipher/camellia-aesni-avx-amd64.S (_gcry_camellia_aesni_avx_ctr_enc) + (_gcry_camellia_aesni_avx_cbc_dec) + (_gcry_camellia_aesni_avx_cfb_dec): Add 'vzeroupper' at head and + 'vzeroall' at tail. + * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) + (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX]: Remove register clearing. + + serpent-avx2-amd64: Move register clearing to assembly. + + commit d12828cd821a4b4428eae19de5aee02cf536e536 + * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc) + (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Change last + 'vzeroupper' to 'vzeroall'. + * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) + (_gcry_serpent_avx2_cfb_dec) [USE_AVX2]: Remove register clearing with + 'vzeroall'. + + Fix building for x32 target. + + commit fd6721c235a5bdcb332c8eb708fbd4f96e52e824 + * mpi/amd64/mpi-asm-defs.h: New file. + * random/rndhw.c (poll_padlock) [__x86_64__]: Also check if __LP64__ is + defined. + [USE_DRNG, __x86_64__]: Also check if __LP64__ is defined. + +2013-08-31 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + sha512: add ARM/NEON assembly version of transform function. + + commit 99d15543b8d94a8f1ef66c6ccb862b0ce82c514d + * cipher/Makefile.am: Add 'sha512-armv7-neon.S'. + * cipher/sha512-armv7-neon.S: New file. + * cipher/sha512.c (USE_ARM_NEON_ASM): New macro. + (SHA512_CONTEXT) [USE_ARM_NEON_ASM]: Add 'use_neon'. + (sha512_init, sha384_init) [USE_ARM_NEON_ASM]: Enable 'use_neon' if + CPU support NEON instructions. + (k): Round constant array moved outside of 'transform' function. + (__transform): Renamed from 'tranform' function. + [USE_ARM_NEON_ASM] (_gcry_sha512_transform_armv7_neon): New prototype. + (transform): New wrapper function for different transform versions. + (sha512_write, sha512_final): Burn stack by the amount returned by + transform function. + * configure.ac (sha512) [neonsupport]: Add 'sha512-armv7-neon.lo'. + + sha512: reduce stack use in transform function by 512 bytes. + + commit 03da7f8ba3ec24d4639a2bcebbc0d9d831734c08 + * cipher/sha512.c (transform): Change 'u64 w[80]' to 'u64 w[16]' and + inline input expansion to first 64 rounds. + (sha512_write, sha512_final): Reduce burn_stack depth by 512 bytes. + + Add ARM HW feature detection module and add NEON detection. + + commit 9c95be105f518d18407115c2c06893857c24b116 + * configure.ac: Add option --disable-neon-support. + (HAVE_GCC_INLINE_ASM_NEON): New. + (ENABLE_NEON_SUPPORT): New. + [arm]: Add 'hwf-arm.lo' as HW feature module. + * src/Makefile.am: Add 'hwf-arm.c'. + * src/g10lib.h (HWF_ARM_NEON): New macro. + * src/global.c (hwflist): Add HWF_ARM_NEON entry. + * src/hwf-arm.c: New file. + * src/hwf-common.h (_gcry_hwf_detect_arm): New prototype. + * src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add + call to _gcry_hwf_detect_arm. + + Correct mpi_cpu_arch for ARMv6. + + commit 7b0ebe69fe35f2ee13e1e1beb2766a1eaadb7f0c + * mpi/config.links [armv6]: Set mpi_cpu_arch to "arm", instead of + "armv6". + +2013-08-30 Werner Koch <wk@gnupg.org> + + mpi: Make gcry_mpi_print work with negative zeroes. + + commit e9b711e6ddb480a71d2996465074e436c752c005 + * mpi/mpicoder.c (gcry_mpi_print): Take care of negative zero. + (gcry_mpi_aprint): Allocate at least 1 byte. + * tests/t-convert.c: New. + * tests/Makefile.am (TESTS): Add t-convert. + + Refactor the ECC code into 3 files. + + commit 800d4e01376d52a94a157b53978c7c3f957fc476 + * cipher/ecc-common.h, cipher/ecc-curves.c, cipher/ecc-misc.c: New. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. + * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new .c files. + * cipher/ecc.c (curve_aliases, ecc_domain_parms_t, domain_parms) + (scanval): Move to ecc-curves.c. + (fill_in_curve): Move to ecc-curve.c as _gcry_ecc_fill_in_curve. + (ecc_get_curve): Move to ecc-curve.c as _gcry_ecc_get_curve. + (_gcry_mpi_ec_ec2os): Move to ecc-misc.c. + (ec2os): Move to ecc-misc.c as _gcry_ecc_ec2os. + (os2ec): Move to ecc-misc.c as _gcry_ecc_os2ec. + (point_set): Move as inline function to ecc-common.h. + (_gcry_ecc_curve_free): Move to ecc-misc.c as _gcry_ecc_curve_free. + (_gcry_ecc_curve_copy): Move to ecc-misc.c as _gcry_ecc_curve_copy. + (mpi_from_keyparam, point_from_keyparam): Move to ecc-curves.c. + (_gcry_mpi_ec_new): Move to ecc-curves.c. + (ecc_get_param): Move to ecc-curves.c as _gcry_ecc_get_param. + (ecc_get_param_sexp): Move to ecc-curves.c as _gcry_ecc_get_param_sexp. + +2013-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + serpent-sse2-amd64: Move register clearing to assembly functions. + + commit 040aa7688296e93659cb32ca31e9a001a6ab1edd + cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_ctr_enc) + (_gcry_serpent_sse2_cbc_dec, _gcry_serpent_sse2_cfb_dec): Clear used + XMM registers. + cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) + ( _gcry_serpent_cfb_dec) [USE_SSE2]: Remove XMM register clearing from + bulk functions. + + twofish-amd64: do not make __twofish_dec_blk3 global. + + commit 82db04a6a0058cf870485459abe7c1659b138ec5 + * cipher/twofish-amd64.S (__twofish_dec_blk3): Do not export symbol as + global. + (__twofish_dec_blk3): Mark symbol as function. + +2013-08-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + mpi: add ARMv6 assembly. + + commit da327aef3fe24fdf98fffbc8aea69de42ed12456 + * mpi/armv6/mpi-asm-defs.h: New. + * mpi/armv6/mpih-add1.S: New. + * mpi/armv6/mpih-mul1.S: New. + * mpi/armv6/mpih-mul2.S: New. + * mpi/armv6/mpih-mul3.S: New. + * mpi/armv6/mpih-sub1.S: New. + * mpi/config.links [arm]: Enable ARMv6 assembly. + + Move ARMv6 detection to configure.ac. + + commit 151f1e518be2d16bed748ba832384b0472ddcf9b + * cipher/blowfish-armv6.S: Replace __ARM_ARCH >= 6 checks with + HAVE_ARM_ARCH_V6. + * cipher/blowfish.c: Ditto. + * cipher/camellia-armv6.S: Ditto. + * cipher/camellia.h: Ditto. + * cipher/cast5-armv6.S: Ditto. + * cipher/cast5.c: Ditto. + * cipher/rijndael-armv6.S: Ditto. + * cipher/rijndael.c: Ditto. + * configure.ac: Add HAVE_ARM_ARCH_V6 check. + +2013-08-19 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add optimized wipememory for ARM. + + commit c030e33533fb819afe195eff5f89ec39863b1fbc + src/g10lib.h [__arm__] (fast_wipememory2_unaligned_head) + (fast_wipememory2): New macros. + + cipher: bufhelp: allow unaligned memory accesses on ARM. + + commit 796dda37b957b20dba391343937c6325a8c8b288 + * cipher/bufhelp.h [__arm__ && __ARM_FEATURE_UNALIGNED]: Enable + BUFHELP_FAST_UNALIGNED_ACCESS. + +2013-08-17 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Remove burn_stack optimization. + + commit 79895b9459b9bf8c60cb7abf09d5bf16ed0cf6e3 + * src/misc.c (_gcry_burn_stack): Remove SIZEOF_UNSIGNED_LONG == 4 or 8 + optimization. + +2013-08-16 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + camellia: add ARMv6 assembly implementation. + + commit cafadc1e4fb97581262b0081ba251e05613d4394 + * cipher/Makefile.am: Add 'camellia-armv6.S'. + * cipher/camellia-armv6.S: New file. + * cipher/camellia-glue.c [USE_ARMV6_ASM] + (_gcry_camellia_armv6_encrypt_block) + (_gcry_camellia_armv6_decrypt_block): New prototypes. + [USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock) + (camellia_encrypt, camellia_decrypt): New functions. + * cipher/camellia.c [!USE_ARMV6_ASM]: Compile encryption and decryption + routines if USE_ARMV6_ASM macro is _not_ defined. + * cipher/camellia.h (USE_ARMV6_ASM): New macro. + [!USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock): If + USE_ARMV6_ASM is defined, disable these function prototypes. + (camellia) [arm]: Add 'camellia-armv6.lo'. + + blowfish: add ARMv6 assembly implementation. + + commit 31e4b1a96a07e9a3698fcb7be0643a136ebb8e5c + * cipher/Makefile.am: Add 'blowfish-armv6.S'. + * cipher/blowfish-armv6.S: New file. + * cipher/blowfish.c (USE_ARMV6_ASM): New macro. + [USE_ARMV6_ASM] (_gcry_blowfish_armv6_do_encrypt) + (_gcry_blowfish_armv6_encrypt_block) + (_gcry_blowfish_armv6_decrypt_block, _gcry_blowfish_armv6_ctr_enc) + (_gcry_blowfish_armv6_cbc_dec, _gcry_blowfish_armv6_cfb_dec): New + prototypes. + [USE_ARMV6_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block) + (encrypt_block, decrypt_block): New functions. + (_gcry_blowfish_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (_gcry_blowfish_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (_gcry_blowfish_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + * configure.ac (blowfish) [arm]: Add 'blowfish-armv6.lo'. + + cast5: add ARMv6 assembly implementation. + + commit 8d1faf56714598301580ce370e0bfa6d65e73644 + * cipher/Makefile.am: Add 'cast5-armv6.S'. + * cipher/cast5-armv6.S: New file. + * cipher/cast5.c (USE_ARMV6_ASM): New macro. + (CAST5_context) [USE_ARMV6_ASM]: New members 'Kr_arm_enc' and + 'Kr_arm_dec'. + [USE_ARMV6_ASM] (_gcry_cast5_armv6_encrypt_block) + (_gcry_cast5_armv6_decrypt_block, _gcry_cast5_armv6_ctr_enc) + (_gcry_cast5_armv6_cbc_dec, _gcry_cast5_armv6_cfb_dec): New prototypes. + [USE_ARMV6_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block) + (decrypt_block): New functions. + (_gcry_cast5_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (_gcry_cast5_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (_gcry_cast5_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (do_cast_setkey) [USE_ARMV6_ASM]: Initialize 'Kr_arm_enc' and + 'Kr_arm_dec'. + * configure.ac (cast5) [arm]: Add 'cast5-armv6.lo'. + +2013-08-14 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rijndael: add ARMv6 assembly implementation. + + commit f365961422f1c8b3d89b8bcd9c99828f38c1f158 + * cipher/Makefile.am: Add 'rijndael-armv6.S'. + * cipher/rijndael-armv6.S: New file. + * cipher/rijndael.c (USE_ARMV6_ASM): New macro. + [USE_ARMV6_ASM] (_gcry_aes_armv6_encrypt_block) + (_gcry_aes_armv6_decrypt_block): New prototypes. + (do_encrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (do_encrypt): Disable input/output alignment when USE_ARMV6_ASM. + (do_decrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function. + (do_decrypt): Disable input/output alignment when USE_ARMV6_ASM. + * configure.ac (HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS): New check for + gcc/as compatibility with ARM assembly implementations. + (aes) [arm]: Add 'rijndael-armv6.lo'. + +2013-08-09 NIIBE Yutaka <gniibe@fsij.org> + + cipher: fix memory leak. + + commit 2b5bbe264fcd61e5e458e5f71a6507ba0271c729 + * cipher/pubkey.c (gcry_pk_sign): Handle the specific case of ECC, + where there is NULL whichi is not the sentinel. + +2013-08-08 Werner Koch <wk@gnupg.org> + + mpi: Clear immutable flag on the result of gcry_mpi_set. + + commit 426cbc9feca0c8f46208fb3670adab95f9e46087 + * mpi/mpiutil.c (gcry_mpi_set): Reset immutable and const flags. + * tests/mpitests.c (test_const_and_immutable): Add a test for this. + +2013-08-07 NIIBE Yutaka <gniibe@fsij.org> + + tests: fix memory leaks. + + commit cc082642c1b0f2a3e9ca78e1ffd3f64417c204bd + * tests/benchmark.c (dsa_bench): Release SIG. + + * tests/mpitests.c (test_powm): Release BASE, EXP, MOD, and RES. + + * tests/prime.c (check_primes): Release PRIME. + + * tests/tsexp.c (basic): Use intermediate variable M for constant. + Release S1, S2 and A. + +2013-08-07 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix building on W32 (cannot export symbol 'gcry_sexp_get_buffer') + + commit 065d446478bf68553339fc77a89b8369bd110a18 + * src/libgcrypt.def: Change 'gcry_sexp_get_buffer' to + 'gcry_sexp_nth_buffer'. + +2013-08-06 NIIBE Yutaka <gniibe@fsij.org> + + cipher: fix another memory leak. + + commit 9a421813123a2f5db0a91eaee4a45138efc9ad34 + * cipher/ecc.c (ecc_get_curve): Free TMP. + + tests: fix memory leaks. + + commit 87eddc31ccba6decbddd1761dd42a208666cd311 + * tests/pubkey.c (check_keys_crypt): Release L, X0, and X1. + (check_keys): Release X. + + cipher: fix memory leaks. + + commit ae6ffd9af38cbcac57c220960f683aab91db85cb + * cipher/elgamal.c (elg_generate_ext): Free XVALUE. + + * cipher/pubkey.c (sexp_elements_extract): Don't use IDX for loop. + Call mpi_free. + (sexp_elements_extract_ecc): Call mpi_free. + +2013-08-05 Werner Koch <wk@gnupg.org> + + mpi: Improve gcry_mpi_invm to detect bad input. + + commit d8e99a04dba6a606e879464cd11deee760d1e000 + * mpi/mpi-inv.c (gcry_mpi_invm): Return 0 for bad input. + +2013-07-31 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Correct checks for ecc secret key. + + commit 10dfa41b43a906031bc674ea41cd3073701011f3 + * cipher/ecc.c (check_secret_key): replace wrong comparison of Q and + sk->Q points with correct one. + +2013-07-29 Werner Koch <wk@gnupg.org> + + sexp: Allow white space anywhere in a hex format. + + commit 43320961a8751ee28dc95cdb0ae01ea8a7ff7f91 + * src/sexp.c (hextobyte): Remove. + (hextonibble): New. + (vsexp_sscan): Skip whtespace between hex nibbles. + + Implement deterministic ECDSA as specified by rfc-6979. + + commit 6e0a9786637d649b48aae0e611a12e12beef9b3b + * cipher/ecc.c (sign): Add args FLAGS and HASHALGO. Convert an opaque + MPI as INPUT. Implement rfc-6979. + (ecc_sign): Remove the opaque MPI code and pass FLAGS to sign. + (verify): Do not allocate and compute Y; it is not used. + (ecc_verify): Truncate the hash value if needed. + * tests/dsa-rfc6979.c (check_dsa_rfc6979): Add ECDSA test cases. + +2013-07-26 Werner Koch <wk@gnupg.org> + + Implement deterministic DSA as specified by rfc-6979. + + commit 1cfa79aabc5d0fd8d124901054475e90ab7d9cde + * cipher/dsa.c (dsa_sign): Move opaque mpi extraction to sign. + (sign): Add args FLAGS and HASHALGO. Implement deterministic DSA. + Add code path for R==0 to comply with the standard. + (dsa_verify): Left fill opaque mpi based hash values. + * cipher/dsa-common.c (int2octets, bits2octets): New. + (_gcry_dsa_gen_rfc6979_k): New. + * tests/dsa-rfc6979.c: New. + * tests/Makefile.am (TESTS): Add dsa-rfc6979. + + Allow the use of a private-key s-expression with gcry_pk_verify. + + commit b72d312ad11887fc416aa821786f6bdb663c0f4a + * cipher/pubkey.c (sexp_to_key): Fallback to private key. + +2013-07-25 Werner Koch <wk@gnupg.org> + + Mitigate a flush+reload cache attack on RSA secret exponents. + + commit 287bf0e543f244d784cf8b58340bf0ab3c6aba97 + * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for + exponents in secure memory. + +2013-07-19 Werner Koch <wk@gnupg.org> + + pk: Allow the use of a hash element for DSA sign and verify. + + commit 37d0a1ebdc2dc74df4fb6bf0621045018122a68f + * cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign + module. + (gcry_pk_sign): Pass CTX to pubkey_sign. + (sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA + * cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque + MPI is given for DATA/HASH. + * cipher/elgamal.c (elg_sign, elg_verify): Ditto. + * cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI. + * cipher/ecc.c (ecc_sign, ecc_verify): Ditto. + * tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash + element with DSA. + + sexp: Add function gcry_sexp_nth_buffer. + + commit 2d3e8d4d9562d666420aadd9ffa8ac0456a1cd91 + * src/sexp.c (gcry_sexp_nth_buffer): New. + * src/visibility.c, src/visibility.h: Add function wrapper. + * src/libgcrypt.vers, src/libgcrypt.def: Add to API. + * src/gcrypt.h.in: Add prototype. + +2013-07-18 Werner Koch <wk@gnupg.org> + + Add support for Salsa20. + + commit c4885092088431e7928e4459fda20cc0e8ceb201 + * src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New. + * cipher/salsa20.c: New. + * configure.ac (available_ciphers): Add Salsa20. + * cipher/cipher.c: Register Salsa20. + (cipher_setiv): Allow to divert an IV to a cipher module. + * src/cipher-proto.h (cipher_setiv_func_t): New. + (cipher_extra_spec): Add field setiv. + * src/cipher.h: Declare Salsa20 definitions. + * tests/basic.c (check_stream_cipher): New. + (check_stream_cipher_large_block): New. + (check_cipher_modes): Run new test functions. + (check_ciphers): Add simple test for Salsa20. + +2013-07-17 Werner Koch <wk@gnupg.org> + + Allow gcry_mpi_dump to print opaque MPIs. + + commit 364d019e3ffedfcb434576702f73e767cb9389ef + * mpi/mpicoder.c (gcry_mpi_dump): Detect abd print opaque MPIs. + * tests/mpitests.c (test_opaque): New. + (main): Call new test. + + cipher: Prepare to pass extra info to the sign functions. + + commit 5940e66cbefea3de5924f494f18aed69bb694bff + * src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo. + * cipher/rsa.c (rsa_sign): Add parms and mark them as unused. + * cipher/dsa.c (dsa_sign): Ditto. + * cipher/elgamal.c (elg_sign): Ditto. + * cipher/pubkey.c (dummy_sign): Ditto. + (pubkey_sign): Pass 0 for the new args. + + Fix a special case bug in mpi_powm for e==0. + + commit 6e1adb05d290aeeb1c230c763970695f4a538526 + * mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that + the result has been allocated. + +2013-07-15 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + + Fix memory leak in t-mpi-point test. + + commit a7b80e9fba6b1b095f7c53469747967b40ebfbfd + * tests/t-mpi-point.c (basic_ec_math, basic_ec_math_simplified): add + calls to gcry_ctx_release() to free contexts after they become unused. + +2013-07-10 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Fix 'Please include winsock2.h before windows.h' warnings with mingw32. + + commit d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104 + * random/rndw32.c: include winsock2.h before windows.h. + * src/ath.h [_WIN32]: Ditto. + * tests/benchmark.c [_WIN32]: Ditto. + + Remove duplicate header from mpi/amd64/mpih-mul2.S. + + commit c64a0dcbefc5b0055954e37a3c86b32ff7a1b1da + * mpi/amd64/mpih-mul2.S: remove duplicated header. + + Fix i386/amd64 inline assembly "cc" clobbers. + + commit ed0a598172208ec67234a4edd73189bf6808fd04 + * cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber + for inline assembly. + * cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto. + * random/rndhw.c [USE_DRNG] (rdrand_long): Ditto. + * src/hmac256.c [__GNUC__, __i386__] (ror): Ditto. + * mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm) + (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto. + + bufhelp: Suppress 'cast increases required alignment' warning. + + commit c3902a6b5cea9acef2e15fbee24eb601eeb25168 + * cipher/bufhelp.h (buf_xor, buf_xor_2dst, buf_xor_n_copy): Cast + to larger element pointer through (void *) to suppress -Wcast-error. + + mpi: Add __ARM_ARCH for older GCC. + + commit 97f392f43cf2e4da1297cbecacbfbff33a869478 + * mpi/longlong.h [__arm__]: Construct __ARM_ARCH if not provided by + compiler. + + mpi: add missing "cc" clobber for ARM assembly. + + commit 8aa4f2161cf643ce36d87d2e2786b546736f8232 + * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC. + [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Ditto. + + Tweak ARM inline assembly for mpi. + + commit 71dda4507053379433dc8b0fc6462c15de7299df + mpi/longlong.h [__arm__]: Enable inline assembly if __thumb2__ is + defined. + [__arm__]: Use __ARCH_ARM when defined. + [__arm__] [__ARM_ARCH >= 5] (count_leading_zeros): New. + +2013-06-26 Werner Koch <wk@gnupg.org> + + Make gpg-error replacement defines more robust. + + commit 6540b84a6e9113813e7e49e3ad2024d4a0073300 + * configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ... + * src/gcrypt-int.h: new file. + * src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h. + * tests/: Ditto for all test files. + +2013-06-20 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Check if assembler is compatible with AMD64 assembly implementations. + + commit 3544fa8aa63bef9a35abf236e9376191b5ec206b + * cipher/blowfish-amd64.S: Enable only if + HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined. + * cipher/camellia-aesni-avx-amd64.S: Ditto. + * cipher/camellia-aesni-avx2-amd64.S: Ditto. + * cipher/cast5-amd64.S: Ditto. + * cipher/rinjdael-amd64.S: Ditto. + * cipher/serpent-avx2-amd64.S: Ditto. + * cipher/serpent-sse2-amd64.S: Ditto. + * cipher/twofish-amd64.S: Ditto. + * cipher/blowfish.c: Use AMD64 assembly implementation only if + HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined + * cipher/camellia-glue.c: Ditto. + * cipher/cast5.c: Ditto. + * cipher/rijndael.c: Ditto. + * cipher/serpent.c: Ditto. + * cipher/twofish.c: Ditto. + * configure.ac: Check gcc/as compatibility with AMD64 assembly + implementations. + +2013-06-09 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Optimize _gcry_burn_stack for 32-bit and 64-bit architectures. + + commit ec2f8de409a93c80efa658134df22074a9bca5a4 + * src/misc.c (_gcry_burn_stack): Add optimization for 32-bit and 64-bit + architectures. + + Add Camellia AES-NI/AVX2 implementation. + + commit d94ec5f5f8a5d40a7d344025aa466f276f9718df + * cipher/Makefile.am: Add 'camellia-aesni-avx2-amd64.S'. + * cipher/camellia-aesni-avx2-amd64.S: New file. + * cipher/camellia-glue.c (USE_AESNI_AVX2): New macro. + (CAMELLIA_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'. + [USE_AESNI_AVX2] (_gcry_camellia_aesni_avx2_ctr_enc) + (_gcry_camellia_aesni_avx2_cbc_dec) + (_gcry_camellia_aesni_avx2_cfb_dec): New prototypes. + (camellia_setkey) [USE_AESNI_AVX2]: Check AVX2+AES-NI capable hardware + and set 'ctx->use_aesni_avx2'. + (_gcry_camellia_ctr_enc) [USE_AESNI_AVX2]: Add AVX2 accelerated code. + (_gcry_camellia_cbc_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code. + (_gcry_camellia_cfb_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code. + (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks' + so that AVX2 codepaths get tested. + * configure.ac (camellia) [avx2support, aesnisupport]: Add + 'camellia-aesni-avx2-amd64.lo'. + + Add Serpent AVX2 implementation. + + commit e7ab4e1a7396f4609b9033207015b239ab4a5140 + * cipher/Makefile.am: Add 'serpent-avx2-amd64.S'. + * cipher/serpent-avx2-amd64.S: New file. + * cipher/serpent.c (USE_AVX2): New macro. + (serpent_context_t) [USE_AVX2]: Add 'use_avx2'. + [USE_AVX2] (_gcry_serpent_avx2_ctr_enc, _gcry_serpent_avx2_cbc_dec) + (_gcry_serpent_avx2_cfb_dec): New prototypes. + (serpent_setkey_internal) [USE_AVX2]: Check for AVX2 capable hardware + and set 'use_avx2'. + (_gcry_serpent_ctr_enc) [USE_AVX2]: Use AVX2 accelerated functions. + (_gcry_serpent_cbc_dec) [USE_AVX2]: Use AVX2 accelerated functions. + (_gcry_serpent_cfb_dec) [USE_AVX2]: Use AVX2 accelerated functions. + (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks' + so that AVX2 codepaths are tested. + * configure.ac (serpent) [avx2support]: Add 'serpent-avx2-amd64.lo'. + + Add detection for Intel AVX2 instruction set. + + commit 3289bca708bdd02c69a331095ac6ca9a1efd74cc + * configure.ac: Add option --disable-avx2-support. + (HAVE_GCC_INLINE_ASM_AVX2): New. + (ENABLE_AVX2_SUPPORT): New. + * src/g10lib.h (HWF_INTEL_AVX2): New. + * src/global.c (hwflist): Add HWF_INTEL_AVX2. + * src/hwf-x86.c [__i386__] (get_cpuid): Initialize registers to zero + before cpuid. + [__x86_64__] (get_cpuid): Initialize registers to zero before cpuid. + (detect_x86_gnuc): Store maximum cpuid level. + (detect_x86_gnuc) [ENABLE_AVX2_SUPPORT]: Add detection for AVX2. + + twofish: add amd64 assembly implementation. + + commit d325ab5d86e6107a46007a4d0131122bbd719f8c + * cipher/Makefile.am: Add 'twofish-amd64.S'. + * cipher/twofish-amd64.S: New file. + * cipher/twofish.c (USE_AMD64_ASM): New macro. + [USE_AMD64_ASM] (_gcry_twofish_amd64_encrypt_block) + (_gcry_twofish_amd64_decrypt_block, _gcry_twofish_amd64_ctr_enc) + (_gcry_twofish_amd64_cbc_dec, _gcry_twofish_amd64_cfb_dec): New + prototypes. + [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt) + (twofish_encrypt, twofish_decrypt): New functions. + (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec) + (selftest_ctr, selftest_cbc, selftest_cfb): New functions. + (selftest): Call new bulk selftests. + * cipher/cipher.c (gcry_cipher_open) [USE_TWOFISH]: Register Twofish + bulk functions for ctr-enc, cbc-dec and cfb-dec. + * configure.ac (twofish) [x86_64]: Add 'twofish-amd64.lo'. + * src/cipher.h (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) + (gcry_twofish_cfb_dec): New prototypes. + +2013-05-29 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + rinjdael: add amd64 assembly implementation. + + commit 7317fcfadf00789df140e51c0d16b60f6b144b59 + * cipher/Makefile.am: Add 'rijndael-amd64.S'. + * cipher/rijndael-amd64.S: New file. + * cipher/rijndael.c (USE_AMD64_ASM): New macro. + [USE_AMD64_ASM] (_gcry_aes_amd64_encrypt_block) + (_gcry_aes_amd64_decrypt_block): New prototypes. + (do_encrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function. + (do_encrypt): Disable input/output alignment when USE_AMD64_ASM is set. + (do_decrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function. + (do_decrypt): Disable input/output alignment when USE_AMD64_AES is set. + * configure.ac (aes) [x86-64]: Add 'rijndael-amd64.lo'. + + blowfish: add amd64 assembly implementation. + + commit 9a61edd1f00cefe8ffa3ad54a53eed163883053c + * cipher/Makefile.am: Add 'blowfish-amd64.S'. + * cipher/blowfish-amd64.S: New file. + * cipher/blowfish.c (USE_AMD64_ASM): New macro. + [USE_AMD64_ASM] (_gcry_blowfish_amd64_do_encrypt) + (_gcry_blowfish_amd64_encrypt_block) + (_gcry_blowfish_amd64_decrypt_block, _gcry_blowfish_amd64_ctr_enc) + (_gcry_blowfish_amd64_cbc_dec, _gcry_blowfish_amd64_cfb_dec): New + prototypes. + [USE_AMD64_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block) + (encrypt_block, decrypt_block): New functions. + (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) + (_gcry_blowfish_cfb_dec, selftest_ctr, selftest_cbc, selftest_cfb): New + functions. + (selftest): Call new bulk selftests. + * cipher/cipher.c (gcry_cipher_open) [USE_BLOWFISH]: Register Blowfish + bulk functions for ctr-enc, cbc-dec and cfb-dec. + * configure.ac (blowfish) [x86_64]: Add 'blowfish-amd64.lo'. + * src/cipher.h (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) + (gcry_blowfish_cfb_dec): New prototypes. + +2013-05-24 Werner Koch <wk@gnupg.org> + + ecc: Simplify the compliant point generation. + + commit 99b18aa536703ef90c9a1f5c8f40bc68b2064593 + * cipher/ecc.c (generate_key): Use point_snatch_set, replaces unneeded + variable copies, etc. + + ecc: Fix a minor flaw in the generation of K. + + commit 9711384f75564a71979e3fb971b5f4cadcf1afef + * cipher/dsa.c (gen_k): Factor code out to .. + * cipher/dsa-common.c (_gcry_dsa_gen_k): new file and function. Add + arg security_level and re-indent a bit. + * cipher/ecc.c (gen_k): Remove and change callers to _gcry_dsa_gen_k. + * cipher/dsa.c: Include pubkey-internal. + * cipher/Makefile.am (libcipher_la_SOURCES): Add dsa-common.c + +2013-05-24 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + cast5: add amd64 assembly implementation. + + commit 0bdf26eea8cdbffefe7e37578f8f896c4f5f5275 + * cipher/Makefile.am: Add 'cast5-amd64.S'. + * cipher/cast5-amd64.S: New file. + * cipher/cast5.c (USE_AMD64_ASM): New macro. + (_gcry_cast5_s1tos4): Merge arrays s1, s2, s3, s4 to single array to + simplify access from assembly implementation. + (s1, s2, s3, s4): New macros pointing to subarrays in + _gcry_cast5_s1tos4. + [USE_AMD64_ASM] (_gcry_cast5_amd64_encrypt_block) + (_gcry_cast5_amd64_decrypt_block, _gcry_cast5_amd64_ctr_enc) + (_gcry_cast5_amd64_cbc_dec, _gcry_cast5_amd64_cfb_dec): New prototypes. + [USE_AMD64_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block) + (decrypt_block): New functions. + (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec) + (selftest_ctr, selftest_cbc, selftest_cfb): New functions. + (selftest): Call new bulk selftests. + * cipher/cipher.c (gcry_cipher_open) [USE_CAST5]: Register CAST5 bulk + functions for ctr-enc, cbc-dec and cfb-dec. + * configure.ac (cast5) [x86_64]: Add 'cast5-amd64.lo'. + * src/cipher.h (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec) + (gcry_cast5_cfb_dec): New prototypes. + + cipher-selftest: make selftest work with any block-size. + + commit ab8fc70b5f0c396a5bc941267f59166e860b8c5d + * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128) + (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed + functions from '<name>_128' to '<name>'. + (_gcry_selftest_helper_cbc, _gcry_selftest_helper_cfb) + (_gcry_selftest_helper_ctr): Make work with different block sizes. + * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc_128) + (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed + prototypes from '<name>_128' to '<name>'. + * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128) + (selftest_ctr_128): Change to use new function names. + * cipher/rijndael.c (selftest_ctr_128, selftest_cfb_128) + (selftest_ctr_128): Change to use new function names. + * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128) + (selftest_ctr_128): Change to use new function names. + +2013-05-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + serpent: add parallel processing for CFB decryption. + + commit 6deb0ccdf718a0670f80e6762a3842caf76437d6 + * cipher/cipher.c (gcry_cipher_open): Add bulf CFB decryption function + for Serpent. + * cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_cfb_dec): New + function. + * cipher/serpent.c (_gcry_serpent_sse2_cfb_dec): New prototype. + (_gcry_serpent_cfb_dec) New function. + (selftest_cfb_128) New function. + (selftest) Call selftest_cfb_128. + * src/cipher.h (_gcry_serpent_cfb_dec): New prototype. + + camellia: add parallel processing for CFB decryption. + + commit b60f06f70227c1e69e1010da8b47ea51ade48145 + * cipher/camellia-aesni-avx-amd64.S + (_gcry_camellia_aesni_avx_cfb_dec): New function. + * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_cfb_dec): New + prototype. + (_gcry_camellia_cfb_dec): New function. + (selftest_cfb_128): New function. + (selftest): Call selftest_cfb_128. + * cipher/cipher.c (gry_cipher_open): Add bulk CFB decryption function + for Camellia. + * src/cipher.h (_gcry_camellia_cfb_dec): New prototype. + + rinjdael: add parallel processing for CFB decryption with AES-NI. + + commit 319ee14f2aab8db56a830fd7ac8926f91b4f738a + * cipher/cipher-selftest.c (_gcry_selftest_helper_cfb_128): New + function for CFB selftests. + * cipher/cipher-selftest.h (_gcry_selftest_helper_cfb_128): New + prototype. + * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_vec4): New function. + (_gcry_aes_cfb_dec) [USE_AESNI]: Add parallelized CFB decryption. + (selftest_cfb_128): New function. + (selftest): Call selftest_cfb_128. + +2013-05-23 Werner Koch <wk@gnupg.org> + + Avoid compiler warning due to the global symbol setkey. + + commit b402de8b9c4a9f269faf03ca952b1eb68a1f33c8 + * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128) + (_gcry_selftest_helper_ctr_128): Rename setkey to setkey_func. + +2013-05-23 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + serpent: add SSE2 accelerated amd64 implementation. + + commit 2fd06e207dcea1d8a7f0e7e92f3359615a99421b + * configure.ac (serpent): Add 'serpent-sse2-amd64.lo'. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add + 'serpent-sse2-amd64.S'. + * cipher/cipher.c (gcry_cipher_open) [USE_SERPENT]: Register bulk + functions for CBC-decryption and CTR-mode. + * cipher/serpent.c (USE_SSE2): New macro. + [USE_SSE2] (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec): + New prototypes to assembler functions. + (serpent_setkey): Set 'serpent_init_done' before calling serpent_test. + (_gcry_serpent_ctr_enc): New function. + (_gcry_serpent_cbc_dec): New function. + (selftest_ctr_128): New function. + (selftest_cbc_128): New function. + (selftest): Call selftest_ctr_128 and selftest_cbc_128. + * cipher/serpent-sse2-amd64.S: New file. + * src/cipher.h (_gcry_serpent_ctr_enc): New prototype. + (_gcry_serpent_cbc_dec): New prototype. + + Serpent: faster S-box implementation. + + commit c85501af8222913f0a1e20e77fceb88e93417925 + * cipher/serpent.c (SBOX0, SBOX1, SBOX2, SBOX3, SBOX4, SBOX5, SBOX6) + (SBOX7, SBOX0_INVERSE, SBOX1_INVERSE, SBOX2_INVERSE, SBOX3_INVERSE) + (SBOX4_INVERSE, SBOX5_INVERSE, SBOX6_INVERSE, SBOX7_INVERSE): Replace + with new definitions. + +2013-05-22 Werner Koch <wk@gnupg.org> + + w32: Fix installing of .def file. + + commit 4e46d8bc78008ba06f106b368cefb0dddf15fe38 + * src/Makefile.am (install-def-file): Create libdir first. + + Add control commands to disable mlock and setuid dropping. + + commit 2b8014af202c9e0f7619f7a4377f5eb752235220 + * src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New. + (GCRYCTL_DISABLE_PRIV_DROP): New. + * src/global.c (_gcry_vcontrol): Implement them. + * src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New. + (GCRY_SECMEM_FLAG_NO_PRIV_DROP): New. + * src/secmem.c (no_mlock, no_priv_drop): New. + (_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them. + (lock_pool): Handle no_mlock and no_priv_drop. + + Fix libtool 2.4.2 to correctly detect .def files. + + commit 05b3e2dda61d3d532a7f1ffd2487a85ed1c4f3ab + * ltmain.sh (sed_uncomment_deffile): New. + (orig_export_symbols): Uncomment def file before testing for EXPORTS. + * m4/libtool.m4: Do the same for the generated code. + +2013-05-22 Jussi Kivilinna <jussi.kivilinna@iki.fi> + + Add AES bulk CBC decryption selftest. + + commit b65281a1b76d7898eb7607932246b78277d8570b + * cipher/rinjdael.c (selftest_cbc_128): New. + (selftest): Call selftest_cbc_128. + + Change AES bulk CTR encryption selftest use new selftest helper function + + commit 3637bdbb5f30a5e06745d448a6a8ad00e5cdd740 + * cipher/rinjdael.c: (selftest_ctr_128): Change to use new selftest + helper function. + + Convert bulk CTR and CBC selftest functions in Camellia to generic selftest helper functions + + commit eed4042fa028b3f73bad6a768f5b0a82f642e545 + * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-selftest files. + * cipher/camellia-glue.c (selftest_ctr_128, selftest_cbc_128): Change + to use the new selftest helper functions. + * cipher/cipher-selftest.c: New. + * cipher/cipher-selftest.h: New. + + camellia: add bulk CBC decryption selftest. + + commit f2986f03d1ae59f973bae56ce4333e5457003de5 + * cipher/camellia-glue.c: (selftest_cbc_128): New selftest function for + bulk CBC decryption. + (selftest): Add call to selftest_cbc_128. + + camellia: Rename camellia_aesni_avx_x86-64.S to camellia-aesni-avx-amd64.S + + commit 194ae35da7830a76b96e9b21121a2e1248762d3f + * cipher/camellia_aesni_avx_x86-64.S: Remove. + * cipher/camellia-aesni-avx-amd64.S: New. + * cipher/Makefile.am: Use the new filename. + * configure.ac: Use the new filename. + +2013-05-21 Werner Koch <wk@gnupg.org> + + Fix indentation and save on string space. + + commit 2ac3a7c2b7154379738d17cfde8cd9017dc142f0 + * cipher/ecc.c (generate_key): Use the same string for both fatal + messages. + +2013-05-20 Andrey <andrey@brainhub.org> + + cipher: Fix segv in last ECC change. + + commit eb4937914db3fb7317502e97e4f0e40c1857f59d + * cipher/ecc.c (generate_key): Make sure R is initialized. + +2013-05-09 Andrey <andrey@brainhub.org> + + cipher: Generate compliant ECC keys. + + commit 296f38a2bd2e25788643a42e4881faed00884a40 + * cipher/ecc.c (generate_key): Make sure a key is compliant for + using the compact representation. + +2013-04-18 Werner Koch <wk@gnupg.org> + + cipher: Fix regression in Padlock support. + + commit 6c942ec4d63032539f1fc56c3b970cfec2369e2b + * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case + and use the standard one. + + mpi: Yet another fix to get option flag munging right. + + commit 03557687a09b9c8878c77cbfdd0f5049940c72da + * cipher/Makefile.am (o_flag_munging): Yet another fix. + + mpi: Make using gcc's -Ofast easier. + + commit 1ab26bc304c559b0a8d29823d656f7ad8d10a59d + * cipher/Makefile.am (o_flag_munging): Take -Ofast in account. + + Fix alignment problem in idea.c. + + commit 3271b0dfda67e26c381d7ed667737f08f865ee40 + * cipher/idea.c (cipher): Rework parameter use to fix alignment + problems. + + * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. + + Fix alignment problem in idea.c. + + * cipher/idea.c (cipher): Rework parameter use to fix alignment + problems. + + * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. + + + (cherry picked from 4cd279556777e02eda79973f68efaa4b741f9175) + +2013-04-18 Vladimir Serbinenko <phcoder@gmail.com> + + Add some const attributes. + + commit ff0b94c22b36600fff1db9f1d48f9de61f9038f7 + * cipher/md4.c (transform): Add const attribute. + * cipher/md5.c (transform): Ditto. + * cipher/rmd160.c (transform): Ditto. + + Fix alignment problem in serpent.c. + + commit 86e72b490a5790a9c23341067c7e4d3e38be1634 + * cipher/serpent.c (serpent_key_prepare): Fix misaligned access. + (serpent_setkey): Likewise. + (serpent_encrypt_internal): Likewise. + (serpent_decrypt_internal): Likewise. + (serpent_encrypt): Don't put an alignment-increasing cast. + (serpent_decrypt): Likewise. + (serpent_test): Likewise. + +2013-04-16 Werner Koch <wk@wheatstone.g10code.de> + + Fix multiply by zero in gcry_mpi_ec_mul. + + commit 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 + * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0. + * tests/t-mpi-point.c (basic_ec_math): Add a test case for this. + +2013-04-15 Werner Koch <wk@gnupg.org> + + Add macros to return pre-defined MPIs. + + commit bd3afc27459a44df8cf501a7e1ae37bb849a8b0e + * src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO) + (GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New. + (_gcry_mpi_get_const): New private function. + * src/visibility.c (_gcry_mpi_get_const): New. + * src/visibility.h: Mark it visible. + + Fix addition of EC points. + + commit 71b25a5562f68aad81eae52cc1bab9ca7731a7e9 + * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine + coordinates. + +2013-04-12 Werner Koch <wk@gnupg.org> + + Add hack to allow using an "ecc" key for "ecdsa" or "ecdh". + + commit af8a79aea80217a0c85a592db1fa001792a6bf0f + * cipher/pubkey.c (sexp_to_key): Add optional arg USE. + (gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign. + (gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt. + * tests/basic.c (show_sexp): New. + (check_pubkey_sign): Print test number and add cases for ecc. + (check_pubkey_sign_ecdsa): New. + (do_check_one_pubkey): Divert to new function. + +2013-04-11 Werner Koch <wk@gnupg.org> + + Add gcry_pubkey_get_sexp. + + commit 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c + * src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New. + (GCRY_PK_GET_SECKEY): New. + (gcry_pubkey_get_sexp): New. + * src/visibility.c (gcry_pubkey_get_sexp): New. + * src/visibility.h (gcry_pubkey_get_sexp): Mark visible. + * src/libgcrypt.def, src/libgcrypt.vers: Add new function. + * cipher/pubkey-internal.h: New. + * cipher/Makefile.am (libcipher_la_SOURCES): Add new file. + * cipher/ecc.c: Include pubkey-internal.h + (_gcry_pk_ecc_get_sexp): New. + * cipher/pubkey.c: Include pubkey-internal.h and context.h. + (_gcry_pubkey_get_sexp): New. + * src/context.c (_gcry_ctx_find_pointer): New. + * src/cipher-proto.h: Add _gcry_pubkey_get_sexp. + * tests/t-mpi-point.c (print_sexp): New. + (context_param, basic_ec_math_simplified): Add tests for the new + function. + + * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11. + (AH_BOTTOM) Add error codes from gpg-error 1.12 + * src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL. + + * mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q. + (_gcry_mpi_ec_get_point): Ditto. + + Remove unused code. + + commit 7524da2ba83d83a766c22d704006380c893e1c49 + * cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release) + (_gcry_pk_get_elements): Remove. + +2013-04-05 Werner Koch <wk@gnupg.org> + + Make the Q parameter optional for ECC signing. + + commit fe91a642c7c257aca095b96406fbcace88fa3df4 + * cipher/ecc.c (ecc_sign): Remove the need for Q. + * cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a + private key. + (sexp_to_key): Add optional arg R_IS_ECC. + (gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys. + * tests/pubkey.c (die): Make sure to print a LF. + (check_ecc_sample_key): New. + (main): Call new test. + + Add test case for SCRYPT and rework the code. + + commit f23a068bcb6ec9788710698578d8be0a2a006dbc + * tests/t-kdf.c (check_scrypt): New. + (main): Call new test. + + * configure.ac: Support disabling of the scrypt algorithm. Make KDF + enabling similar to the other algorithm classes. Disable scrypt if we + don't have a 64 bit type. + * cipher/memxor.c, cipher/memxor.h: Remove. + * cipher/scrypt.h: Remove. + * cipher/kdf-internal.h: New. + * cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to + EXTRA_libcipher_la_SOURCES. + (GCRYPT_MODULES): Add GCRYPT_KDFS. + * src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value. + * cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2. + (_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0. + (gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check + for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt. + (gcry_kdf_derive) [!USE_SCRYPT]: Return an error. + * cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by + kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined. + Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types. + (_SALSA20_INPUT_LENGTH): Remove underscore from identifier. + (_scryptBlockMix): Replace memxor by buf_xor. + (_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer + overflow. Add hack to support blocksize of 1 for tests. Return + errors from calls to _gcry_kdf_pkdf2. + + * cipher/kdf.c (openpgp_s2k): Make static. + +2013-04-04 Christian Grothoff <christian@grothoff.org> + + Add the SCRYPT KDF function. + + commit 855b1a8f81b5a3b5b31d0c3c303675425f58a5af + * scrypt.c, scrypt.h: New files. + * memxor.c, memxor.h: New files. + * cipher/Makefile.am: Add new files. + * cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT. + * src/gcrypt.h.in (GCRY_KDF_SCRYPT): New. + +2013-03-22 Werner Koch <wk@gnupg.org> + + Replace deprecated AM_CONFIG_HEADER macro. + + commit d0c8fda5af45354ac32928c9a01e688d6893599d + * configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADER/ + + Disable AES-NI support if as does not support SSSE3. + + commit 9f4df1612ae21a5ce70d98930cb194e5193f5e2d + * configure.ac (HAVE_GCC_INLINE_ASM_SSSE3): New test. + (ENABLE_AESNI_SUPPORT): Do not define without SSSE3 support. + (HAVE_GCC_INLINE_ASM_SSSE3, ENABLE_AVX_SUPPORT): Split up detection + and definition. + +2013-03-21 Werner Koch <wk@gnupg.org> + + Fix make dependency regression. + + commit 2a1e03c5a481689c43d197dd8034a1d73de0a1a4 + * src/Makefile.am (libgcrypt_la_DEPENDENCIES): Add missing backslash. + Reported by LRN. + +2013-03-20 Werner Koch <wk@gnupg.org> + + Use finer grained on-the-fly helper computations for EC. + + commit 5fb3501aa0cf5f2b2a9012706bb9ad2b1c4bfd7d + * src/ec-context.h (mpi_ec_ctx_s): Replace NEED_SYNC by a bitfield. + * mpi/ec.c (ec_p_sync): Remove. + (ec_get_reset, ec_get_a_is_pminus3, ec_get_two_inv_p): New. + (ec_p_init): Use ec_get_reset. + (_gcry_mpi_ec_set_mpi, _gcry_mpi_ec_dup_point) + (_gcry_mpi_ec_add_points): Replace ec_p_sync by the ec_get_ accessors. + + Allow building with w64-mingw32. + + commit b402e550041782b770a6ae267c7c28ca8324a12e + * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also + prepare for 64 bit building. + + Provide GCRYPT_VERSION_NUMBER macro, add build info to the binary. + + commit 1eaad0a8c4cab227685a6a8768e539df2f1f4dac + * src/gcrypt.h.in (GCRYPT_VERSION_NUMBER): New. + * configure.ac (VERSION_NUMBER): New ac_subst. + * src/global.c (_gcry_vcontrol): Move call to above function ... + (gcry_check_version): .. here. + + * configure.ac (BUILD_REVISION, BUILD_FILEVERSION) + (BUILD_TIMESTAMP): Define on all platforms. + * compat/compat.c (_gcry_compat_identification): Include revision and + timestamp. + + Fix a memory leak in the new EC code. + + commit de07974d807b703a2554d6ba885ea249e648bd44 + * cipher/ecc.c (point_from_keyparam): Always call mpi_free on A. + +2013-03-19 Werner Koch <wk@gnupg.org> + + Extend the new EC interface and fix two bugs. + + commit 931e409e877d1e444edd53dead327ec8e64daf9a + * src/ec-context.h (mpi_ec_ctx_s): Add field NEED_SYNC. + * mpi/ec.c (ec_p_sync): New. + (ec_p_init): Only set NEED_SYNC. + (_gcry_mpi_ec_set_mpi): Set NEED_SYNC for 'p' and 'a'. + (_gcry_mpi_ec_dup_point, _gcry_mpi_ec_add_points) + (_gcry_mpi_ec_mul_point): Call ec_p_sync. + (_gcry_mpi_ec_get_point): Recompute 'q' is needed. + (_gcry_mpi_ec_get_mpi): Ditto. Also allow for names 'q', 'q.x', + 'q.y', and 'g'. + * cipher/ecc.c (_gcry_mpi_ec_ec2os): New. + + * cipher/ecc.c (_gcry_mpi_ec_new): Fix init from parameters 'Q'->'q', + 'G'->'q'. + +2013-03-15 Werner Koch <wk@gnupg.org> + + mpi: Add functions to manipulate an EC context. + + commit 229f3219f80c9369ed9624242c0436ae6d293201 + * src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove. + (gcry_mpi_ec_new): New. + (gcry_mpi_ec_get_mpi): New. + (gcry_mpi_ec_get_point): New. + (gcry_mpi_ec_set_mpi): New. + (gcry_mpi_ec_set_point): New. + * src/visibility.c (gcry_mpi_ec_p_new): Remove. + * mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and + change to return an error code. + (_gcry_mpi_ec_get_mpi): New. + (_gcry_mpi_ec_get_point): New. + (_gcry_mpi_ec_set_mpi): New. + (_gcry_mpi_ec_set_point): New. + * src/mpi.h: Add new prototypes. + * src/ec-context.h: New. + * mpi/ec.c: Include that header. + (mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some + fields into an inner struct. + (point_copy): New. + * cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS. + (mpi_from_keyparam, point_from_keyparam): New. + (_gcry_mpi_ec_new): New. + + * tests/t-mpi-point.c (test-curve): New. + (ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new. + (get_and_cmp_mpi, get_and_cmp_point): New. + (context_param): New test. + (basic_ec_math_simplified): New test. + (main): Call new tests. + + * src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX. + +2013-03-13 Werner Koch <wk@gnupg.org> + + Add GCRYMPI_FLAG_CONST and make use constants. + + commit e005629bd7bebb3e13945645c6e1230b44ab16a2 + * src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New. + * src/mpi.h (mpi_is_const, mpi_const): New. + (enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New. + * mpi/mpiutil.c (_gcry_mpi_init): New. + (constants): New. + (_gcry_mpi_free): Do not release a constant flagged MPI. + (gcry_mpi_copy): Clear the const and immutable flags. + (gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support + GCRYMPI_FLAG_CONST. + (_gcry_mpi_const): New. + * src/global.c (global_init): Call _gcry_mpi_init. + * mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and + eight. Change all users to call mpi_const() instead. + + * src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag. + + Add GCRYMPI_FLAG_IMMUTABLE to help debugging. + + commit 1fecae98ee7e0fa49b29f98efa6817ca121ed98a + * src/gcrypt.h.in (GCRYMPI_FLAG_IMMUTABLE): New. + * src/mpi.h (mpi_is_immutable): New macro. + * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) + (gcry_mpi_get_flag): Implement new flag + (_gcry_mpi_immutable_failed): New. + + * mpi/mpiutil.c (_gcry_mpi_clear, _gcry_mpi_free, gcry_mpi_snatch) + (gcry_mpi_set, gcry_mpi_randomize): Act upon the immutable flag. + * mpi/mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit) + (gcry_mpi_clear_highbit, gcry_mpi_clear_bit) + (_gcry_mpi_rshift_limbs, gcry_mpi_lshift): Ditto. + * mpi/mpicoder.c (_gcry_mpi_set_buffer): Ditto. + +2013-03-08 Werner Koch <wk@gnupg.org> + + mpi: Add an API for EC math. + + commit 8ac9e756d3ca545a9b97e61ad3d42fc2e877d788 + * src/context.c, src/context.h: New. + * src/Makefile.am (libgcrypt_la_SOURCES): Add new files. + * src/gcrypt.h.in (struct gcry_context, gcry_ctx_t): New types. + (gcry_ctx_release): New prototype. + (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup) + (gcry_mpi_ec_add, gcry_mpi_ec_mul): New prototypes. + * mpi/ec.c: Include errno.h and context.h. + (_gcry_mpi_ec_init): Rename to .. + (ec_p_init): this, make static, remove allocation and add arg CTX. + (_gcry_mpi_ec_p_internal_new): New; to replace _gcry_mpi_ec_init. + Change all callers to use this func. + (_gcry_mpi_ec_free): Factor code out to .. + (ec_deinit): New func. + (gcry_mpi_ec_p_new): New. + * src/visibility.c: Include context.h and mpi.h. + (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup) + (gcry_mpi_ec_add, gcry_mpi_ec_mul) + (gcry_ctx_release): New wrapper functions. + * src/visibility.h: Mark new wrapper functions visible. + * src/libgcrypt.def, src/libgcrypt.vers: Add new symbols. + * tests/t-mpi-point.c (print_mpi, hex2mpi, cmp_mpihex): New. + (context_alloc): New. + (make_point, basic_ec_math): New. + + mpi: Add an API for EC point operations. + + commit 7cce620acddac2df024ca421ed3abc32a88f3738 + * mpi/ec.c (gcry_mpi_point_new, gcry_mpi_point_release): New. + (gcry_mpi_point_get, gcry_mpi_point_snatch_get): New. + (gcry_mpi_point_set, gcry_mpi_point_snatch_set): New. + * src/visibility.h, src/visibility.c: Add corresponding macros and + wrappers. + * src/gcrypt.h.in (struct gcry_mpi_point, gcry_mpi_point_t): New. + (gcry_mpi_point_new, gcry_mpi_point_release, gcry_mpi_point_get) + (gcry_mpi_point_snatch_get, gcry_mpi_point_set) + (gcry_mpi_point_snatch_set): New prototypes. + (mpi_point_new, mpi_point_release, mpi_point_get, mpi_point_snatch_get) + (mpi_point_set, mpi_point_snatch_set): New macros. + * src/libgcrypt.vers (gcry_mpi_point_new, gcry_mpi_point_release) + (gcry_mpi_point_get, gcry_mpi_point_snatch_get, gcry_mpi_point_set) + (gcry_mpi_point_snatch_set): New symbols. + * src/libgcrypt.def: Ditto. + * tests/t-mpi-point.c: New. + * tests/Makefile.am (TESTS): Add t-mpi-point + +2013-03-07 Werner Koch <wk@gnupg.org> + + mpi: Add mpi_snatch and change an internal typedef. + + commit 6c4767637c512127a4362732b3ec51068554d328 + * src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point. + (mpi_point_struct): New typedef. + (mpi_point_t): Change typedef to a pointer. Replace all occurrences + to use mpi_point_struct. + * mpi/ec.c (_gcry_mpi_ec_point_init): Rename to .. + (_gcry_mpi_point_init): this. Change all callers. + (_gcry_mpi_ec_point_free): Rename to .. + (_gcry_mpi_point_free_parts): this. Change all callers. + + * mpi/mpiutil.c (gcry_mpi_snatch): New function. + * src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and + macro. + * src/visibility.c (gcry_mpi_snatch): Add wrapper. + * src/visibility.h (gcry_mpi_snatch): Add macro magic. + * src/libgcrypt.def, src/libgcrypt.vers: Add new function. + + Pretty print the configure feedback. + + commit c620099e4ab2f35e0196b395a805bb655c984ac2 + * acinclude.m4 (GNUPG_MSG_PRINT): Remove. + (GCRY_MSG_SHOW, GCRY_MSG_WRAP): New. + * configure.ac: Use new macros for the feedback. + +2013-02-20 Werner Koch <wk@gnupg.org> + + Fix building of hwf-x86.c. + + commit 70dcac663de06b012417015c175973d64e6980df + * src/Makefile.am (AM_CFLAGS): Set to GPG_ERROR_CFLAGS + (AM_CCASFLAGS): Set NOEXECSTACK_FLAGS. + + Remove build hacks for FreeBSD. + + commit fb48ebf7081400a24ee48f8a9894a361e8834b6e + * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and + LDFLAGS. + +2013-02-19 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni. + + commit 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa + * cipher/rijndael.c (_gcry_aes_cbc_enc): Check if AES-NI is enabled before + calling aesni_prepare() and aesni_cleanup(). + + Add AES-NI/AVX accelerated Camellia implementation. + + commit 63ac3ba07dba82fde040d31b90b4eff627bd92b9 + * configure.ac: Add option --disable-avx-support. + (HAVE_GCC_INLINE_ASM_AVX): New. + (ENABLE_AVX_SUPPORT): New. + (camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add + camellia_aesni_avx_x86-64.lo. + * cipher/Makefile.am (AM_CCASFLAGS): Add. + (EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S + * cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT] + [__x86_64__] (USE_AESNI_AVX): Add macro. + (struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx. + [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc) + (_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly + functions. + (camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware + support both. + (_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code. + (_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code. + * cipher/camellia_aesni_avx_x86-64.S: New. + * src/g10lib.h (HWF_INTEL_AVX): New. + * src/global.c (hwflist): Add HWF_INTEL_AVX. + * src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection + for AVX. + + camellia.c: Prepare for AES-NI/AVX implementation. + + commit 4de62d80644228fc5db2a9f9c94a7eb633d8de2e + * cipher/camellia-glue.c (CAMELLIA_encrypt_stack_burn_size) + (CAMELLIA_decrypt_stack_burn_size): Increase stack burn size. + * cipher/camellia.c (CAMELLIA_ROUNDSM): Move key-material mixing in + the front. + (camellia_setup128, camellia_setup256): Remove now unneeded + key-material mangling. + (camellia_encrypt128, camellia_decrypt128, amellia_encrypt256) + (camellia_decrypt256): Copy block to stack, so that compiler can + optimize it for register usage. + + Camellia, prepare glue code for AES-NI/AVX implementation. + + commit 537f12ce072d568f9fa344c447d32b2e0efffbe8 + * cipher/camellia-glue.c (ATTR_ALIGNED_16): Add macro. + (CAMELLIA_encrypt_stack_burn_size): Add macro. + (camellia_encrypt): Use macro above for stack burn size. + (CAMELLIA_decrypt_stack_burn_size): Add macro. + (camellia_decrypt): Use macro above for stack burn size. + (_gcry_camellia_ctr_enc): New function. + (_gcry_camellia_cbc_dec): New function. + (selftest_ctr_128): New function. + (selftest): Call function above. + * cipher/cipher.c (gcry_cipher_open) [USE_CAMELLIA]: Register bulk + functions for CBC-decryption and CTR-mode. + * src/cipher.h (_gcry_camellia_ctr_enc): New prototype. + (_gcry_camellia_cbc_dec): New prototype. + +2012-12-21 Werner Koch <wk@gnupg.org> + + Prepare for hardware feature detection on other platforms. + + commit 09ac5d87d11aa0b1fa0e0a4184ab03b3671a73e2 + * configure.ac (GCRYPT_HWF_MODULES): New. + (HAVE_CPU_ARCH_X86, HAVE_CPU_ARCH_ALPHA, HAVE_CPU_ARCH_SPARC) + (HAVE_CPU_ARCH_MIPS, HAVE_CPU_ARCH_M68K, HAVE_CPU_ARCH_PPC) + (HAVE_CPU_ARCH_ARM): New AC_DEFINEs. + * mpi/config.links (mpi_cpu_arch): New. + * src/global.c (print_config): Print new tag "cpu-arch". + * src/Makefile.am (libgcrypt_la_SOURCES): Add hwf-common.h + (EXTRA_libgcrypt_la_SOURCES): New. + (gcrypt_hwf_modules): New. + (libgcrypt_la_DEPENDENCIES, libgcrypt_la_LIBADD): Add that one. + * src/hwfeatures.c: Factor most code out to ... + * src/hwf-x86.c: New file. + (detect_x86_gnuc): Return the feature vector. + (_gcry_hwf_detect_x86): New. + * src/hwf-common.h: New. + * src/hwfeatures.c (_gcry_detect_hw_features): Dispatch using + HAVE_CPU_ARCH_ macros. + +2012-12-21 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Clean up i386/x86-64 cpuid usage in hwfeatures.c. + + commit d842eea55e22c05da3959a7a4422b5fcd7884f60 + * src/hwfeatures.c [__i386__ && __GNUC__] (detect_ia32_gnuc): Remove. + [__x86_64__ && __GNUC__] (detect_x86_64_gnuc): Remove. + [__i386__ && __GNUC__] (is_cpuid_available, get_cpuid) + (HAS_X86_CPUID): New. + [__x86_64__ && __GNUC__] (is_cpuid_available, get_cpuid) + (HAS_X86_CPUID): New. + [HAS_X86_CPUID] (detect_x86_gnuc): New. + (_gcry_detect_hw_features) [__i386__ && GNUC]: Remove detect_ia32_gnuc + call. + (_gcry_detect_hw_features) [__x86_64__ && GNUC]: Remove + detect_x86_64_gnuc call. + (_gcry_detect_hw_features) [HAS_X86_CPUID]: Add detect_x86_gnuc call. + +2012-12-18 Dmitry Kasatkin <dmitry.kasatkin@intel.com> + + Add support for using DRNG random number generator. + + commit efd7002188e6d50013e4d9a920a8b9afa9d210e5 + * configure.ac: Add option --disable-drng-support. + (ENABLE_DRNG_SUPPORT): New. + * random/rndhw.c (USE_DRNG): New. + (rdrand_long, rdrand_nlong, poll_drng): New. + (_gcry_rndhw_poll_fast, _gcry_rndhw_poll_slow): Call poll function. + * src/g10lib.h (HWF_INTEL_RDRAND): New. + * src/global.c (hwflist): Add "intel-rdrand". + * src/hwfeatures.c (detect_x86_64_gnuc) [ENABLE_DRNG_SUPPORT]: Detect + RDRAND. + (detect_ia32_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND. + +2012-12-03 Werner Koch <wk@gnupg.org> + + random: Add a RNG selection interface and system RNG wrapper. + + commit 7607ab81504ce44060ed0b331d309606f5da1e75 + * random/random-system.c: New. + * random/Makefile.am (librandom_la_SOURCES): Add new module. + * random/random.c (struct rng_types): New. + (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New. + (_gcry_random_initialize, gcry_random_add_bytes, do_randomize) + (_gcry_set_random_seed_file, _gcry_update_random_seed_file) + (_gcry_fast_random_poll): Dispatch to the actual RNG. + * src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New. + GCRYCTL_GET_CURRENT_RNG_TYPE): New. + (gcry_rng_types): New. + * src/global.c (print_config): Print the TNG type. + (global_init, _gcry_vcontrol): Implement the new control codes. + * doc/gcrypt.texi (Controlling the library): Document the new control + codes. + + * tests/benchmark.c (main): Add options to test the RNG types. + * tests/random.c (main): Add new options. + (print_hex): Print to stderr. + (progress_cb, rng_type): New. + (check_rng_type_switching, check_early_rng_type_switching): New. + (run_all_rng_tests): New. + + tests: Allow use of random.c under Windows. + + commit 76c622e24a07f7c826812be173aa173b4334776b + * tests/Makefile.am (TESTS): Always include random.c + * tests/random.c [!W32]: Include sys/wait.h. + (inf): New. + (check_forking, check_nonce_forking): Print a notice what will be done. + (main) [W32]: Do not call signal. + + Make random-fips.c work multi-threaded. + + commit 75760021b511ba438606af746431223357e7a155 + * random/random-fips.c (basic_initialization): Fix reversed logic. + + Move nonce creation from csprng backend to random main module. + + commit c324644aa14e54fc7051983b38222db32b8ab227 + * random/random-csprng.c (_gcry_rngcsprng_create_nonce): Remove. + (nonce_buffer_lock): Remove. + (initialize_basics): Remove init of nonce_buffer_lock. + * random/random.c: Add a few header files. + (nonce_buffer_lock): New. + (_gcry_random_initialize): Init nonce_buffer_lock. + (gcry_create_nonce): Add code from _gcry_rngcsprng_create_nonce. + + * random/random-daemon.c (_gcry_daemon_create_nonce): Remove. + +2012-12-03 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Fix building with CC="gcc -std=c90". + + commit f851b9a932ee64fa5a06000d1ac763ba4349f07d + * configure.ac: Add check for missing 'asm' keyword in C90 mode and + replacement with '__asm__'. + +2012-12-03 Werner Koch <wk@gnupg.org> + + Try to use inttypes.h if stdint.h is not available. + + commit d9ec7aec1301b13a89e5c9c54d7ad52e1a29b846 + * cipher/bufhelp.h [HAVE_INTTYPES_H]: Include inttypes.h + +2012-12-03 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Optimize buffer xoring. + + commit 162791bc08f4fc9b3882671e68ecdfd9e130ae59 + * cipher/Makefile.am (libcipher_la_SOURCES): Add 'bufhelp.h'. + * cipher/bufhelp.h: New. + * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) + (_gcry_cipher_aeswrap_decrypt): Use 'buf_xor' for buffer xoring. + * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) + (_gcry_cipher_cbc_decrypt): Use 'buf_xor' for buffer xoring and remove + resulting unused variables. + * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) Use 'buf_xor_2dst' + for buffer xoring and remove resulting unused variables. + (_gcry_cipher_cfb_decrypt): Use 'buf_xor_n_copy' for buffer xoring and + remove resulting unused variables. + * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Use 'buf_xor' for + buffer xoring and remove resulting unused variables. + * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) + (_gcry_cipher_ofb_decrypt): Use 'buf_xor' for buffer xoring and remove + resulting used variables. + * cipher/rijndael.c (_gry_aes_cfb_enc): Use 'buf_xor_2dst' for buffer + xoring and remove resulting unused variables. + (_gry_aes_cfb_dev): Use 'buf_xor_n_copy' for buffer xoring and remove + resulting unused variables. + (_gry_aes_cbc_enc, _gry_aes_ctr_enc, _gry_aes_cbc_dec): Use 'buf_xor' + for buffer xoring and remove resulting unused variables. + +2012-11-29 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Optimize AES-NI CTR mode. + + commit 9ee9e25f519696d509b1a5c1cc04ab0121e98a51 + * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Make + handling of 64-bit overflow and carry conditional. Avoid generic to + vector register passing of value '1'. Generate and use '-1' instead. + +2012-11-28 Werner Koch <wk@gnupg.org> + + Make a cpp conditional in rijndael.c better readable. + + commit 6765e0a8618000d3dc7bda035163e0708c43791b + * cipher/rijndael.c (USE_AESNI): Modify cpp conditionals for better + readability. + +2012-11-28 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Fix building with Clang on x86-64 and i386. + + commit 99e272d938fe23efec25af409bdb91dae0e659e5 + * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_aligned) + (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Add + explicit suffix to 'cmp' instructions. + +2012-11-26 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Optimize wipememory2 for i386 and x86-64. + + commit faec12e23f03c7cd1614594bfdd51f1302cadb42 + * src/g10lib.h (wipememory2): Add call to fast_wipememory2. + (fast_wipememory2): New macros for i386 and x86-64 architectures. + Empty macro provided for other architectures. + + Fix missing 64bit carry handling in AES-NI CTR mode. + + commit fc37e805c6394c2e635d1a033670be961f36a6d2 + * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Add + carry handling to 64-bit addition. + (selftest_ctr_128): New function for testing IV handling in bulk CTR + function. + (selftest): Add call to selftest_ctr_128. + + Add parallelized AES-NI CBC decryption. + + commit 35aff0cd43885b5f5c076432ec614698abeb63d8 + * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_5): New macro. + [USE_AESNI] (do_aesni_dec_vec4): New function. + (_gcry_aes_cbc_dec) [USE_AESNI]: Add parallelized CBC loop. + (_gcry_aes_cbc_dec) [USE_AESNI]: Change IV storage register from xmm3 + to xmm5. + + Clear xmm5 after use in AES-NI CTR mode. + + commit 5acd0e5ae2a58dda51c2b56c879b80a1a6d2c42f + * cipher/rijndael.c [USE_AESNI]: Rename aesni_cleanup_2_4 to + aesni_cleanup_2_5. + [USE_AESNI] (aesni_cleanup_2_5): Clear xmm5 register. + (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) [USE_AESNI]: Use + aesni_cleanup_2_5 instead of aesni_cleanup_2_4. + + Optimize AES-NI CBC encryption. + + commit be3768994ad362dfc849a8cd0146b4c9bb287d20 + * cipher/rijndeal.c (_gcry_aes_cbc_enc) [USE_AESNI]: Add AES-NI + spesific loop and use SSE2 assembler for xoring and copying of + blocks. + + Improve parallelizability of CBC decryption for AES-NI. + + commit 3369d960158ab4231b83926a0f982e2a8819f173 + * cipher/rijndael.c (_gcry_aes_cbc_dec) [USE_AESNI]: Add AES-NI + specific CBC mode loop with temporary block and IV stored in free SSE + registers. + + Extend test of chained modes for 128bit ciphers. + + commit 55b96be08531664ed3f4230acebe0f45954bbc33 + * tests/basic.c (check_one_cipher_core, check_one_cipher): Increase + input and output buffer sizes from 16 bytes to 1024+16=1040 bytes. + (check_one_cipher_core): Add asserts to verify sizes of temporary + buffers. + +2012-11-21 Werner Koch <wk@gnupg.org> + + Fix for strict aliasing rules. + + commit dfb4673da8ee52d95e0a62c9f49ca8599943f22e + * cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t for + casting. + + Do not detect AES-NI support if disabled by configure. + + commit 3047795794eb238aa684bd0729acf64c82a19e09 + * src/hwfeatures.c (detect_ia32_gnuc): Detect AESNI support only if + that support has been enabled. + +2012-11-21 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> + + Fix too large burn_stack in camellia-glue.c. + + commit 8afabc2813948778a3db52d9dee9a041a3dd50d4 + * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Do not + take full array size of KEY_TABLE_TYPE, but argument size instead. + + Add x86_64 support for AES-NI. + + commit d8bdfa42ed582655c180e7db9b16d4e756a12a6e + * cipher/rijndael.c [ENABLE_AESNI_SUPPORT]: Enable USE_AESNI on x86-64. + (do_setkey) [USE_AESNI_is_disabled_here]: Use %[key] and %[ksch] + directly as registers instead of using temporary register %%esi. + [USE_AESNI] (do_aesni_enc_aligned, do_aesni_dec_aligned, do_aesni_cfb, + do_aesni_ctr, do_aesni_ctr_4): Use %[key] directly as register instead + of using temporary register %%esi. + [USE_AESNI] (do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Change %[key] + from generic "g" type to register "r". + * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Do not + clear AES-NI feature flag. + + Fix cpuid vendor-id check for i386 and x86-64. + + commit 9e1552517f68459a165ddebbba85e7cf37ff4f0c + * src/hwfeatures.c (detect_x86_64_gnuc, detect_ia32_gnuc): Allow + Intel features be detect from CPU by other vendors too. + + Fix hwdetect assembler clobbers. + + commit 19b9efd1f47a5de9c450ce8212dfa3174a029c7a + * src/hwfeatures.c (detect_x86_64_gnuc): Add missing %ebx assembler + clobbers. + (detect_x86_64_gnuc, detect_ia32_gnuc) [ENABLE_PADLOCK_SUPPORT]: Add + missing %ecx assembler clobbers. + +2012-11-21 Werner Koch <wk@gnupg.org> + + Use configure test for aligned attribute. + + commit 6368ed542150956ff4ba8170a15bbc534143675c + * configure.ac (HAVE_GCC_ATTRIBUTE_ALIGNED): New test and ac_define. + * cipher/cipher-internal.h, cipher/rijndael.c, random/rndhw.c: Use new + macro instead of a fixed test for __GNUC__. + + Fix segv with AES-NI on some platforms. + + commit a96974de734beb51a733a89b3283bcf7b433b54c + * cipher/rijndael.c (RIJNDAEL_context): Align on 16 bytes. + +2012-11-16 Werner Koch <wk@gnupg.org> + + Improve parsing of the GIT revision number. + + commit 4b18e530f417d4af401a3fd721ad2a07e5310e3e + * configure.ac (mmm4_revision): Use git rev-parse. + +2012-11-08 Werner Koch <wk@gnupg.org> + + Fix extern inline use for gcc > 4.3 in c99 mode. + + commit 5abc06114e91beca0177331e1c79815f5fb6d7be + * mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern + inline semantics in gcc. + +2012-11-07 Werner Koch <wk@gnupg.org> + + Fix memory leak in gcry_pk_testkey for ECC. + + commit 8cbbad5f94f6e0429fffe66d689aea20f7e35957 + * cipher/ecc.c (check_secret_key): Restructure for easier allocation + tracking. Fix memory leak. + +2012-11-05 Werner Koch <wk@gnupg.org> + + Prepare for a backported interface in 1.5.1. + + commit 7af98ef78d45e813f47ae4e180a02757a379953f + * configure.ac: Bump LT version at C20/A0/R0 to adjust for a planned + API update in 1.5.1. + + Adjust for stricter autoconf requirements. + + commit 1241fbbc896e9bbad68f1007a17b20493f6cd1af + * configure.ac: Fix usage of AC_LANG_PROGRAM. + + Update build helper scripts. + + commit a5c4d45e8d12737cd21b095c81da5c18e2afc39e + * config.guess, config.sub: Update to version 2012-07-31. + * ltmain.sh: Update to version 2.4.2. + * install-sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4 + * m4/lt~obsolete.m4: Update to autoconf 2.69 versions. + + Do not distribute a copy of gitlog-to-changelog. + + commit 40976d7da5420453bf93a9c99f0cc4c7044d0774 + * Makefile.am (GITLOG_TO_CHANGELOG): New. + (gen-ChangeLog): Require an installed gitlog-to-changelog. + * scripts/gitlog-to-changelog: Remove. + + * README.SVN: Remove. + * REMOVE.GIT: New. + + Allow building with w64-mingw32. + + commit 4f6fb150558d0ed250bfbd50352c258a4456ba50 + * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also + prepare for 64 bit building. + <git-setup>: Remove option -c from chmod. + + Switch to the new automagic beta numbering scheme. + + commit 7d5195be76d9dd4adc28976ad153e8f7761c5855 + * configure.ac: Add all the required m4 magic. + + Avoid dereferencing pointer right after the end. + + commit 79502e2c1982047dcf2b776f52826f38bbd9b1fe + * mpi/mpicoder.c (do_get_buffer): Check the length before derefing P. + +2012-10-30 Werner Koch <wk@gnupg.org> + + Make ancient test program useful again. + + commit 66adf76e634423bb72ce1f0b5ed78f4e4798f190 + * tests/testapi.c (test_sexp): Adjust to current API. Print the + return code. Mark unused args. + (test_genkey): Mark unused args. + (main): Do not pass NULL to printf. + + tests: Add ECC key generation tests. + + commit c13164884ade6b1e945cddacce2d244fd881de6b + * tests/keygen.c (check_generated_ecc_key): New. + (check_ecc_keys): New. + (main): Call simple ECC checks. + +2012-10-30 Milan Broz <mbroz@redhat.com> + + PBKDF2: Allow empty passphrase. + + commit 8528f1ba40e587dc17e02822e529fbd7ac69a189 + * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2. + * tests/t-kdf.c (check_pbkdf2): Add test case for above. + +2012-08-16 Xi Wang <xi.wang@gmail.com> + + Replace deliberate division by zero with _gcry_divide_by_zero. + + commit 2c54c4da19d3a79e9f749740828026dd41f0521a + * mpi/mpi-pow.c: Replace 1 / msize. + * mpi/mpih-div.c: Replace 1 / dsize. + * src/misc.c: Add _gcry_divide_by_zero. + +2012-06-21 Werner Koch <wk@gnupg.org> + + Clear AESNI feature flag for x86_64. + + commit 2196728e2252917849c1be94417258076767021b + * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Clear + AESNI feature flag. + + Beautify last change. + + commit 20e423212c9710ee663e12dd0f62580ceb245a6f + * cipher/rijndael.c: Replace C99 feature from last patch. Keep cpp + lines short. + * random/rndhw.c: Keep cpp lines short. + * src/hwfeatures.c (_gcry_detect_hw_features): Make cpp def chain + better readable. + +2012-06-21 Rafaël Carré <funman@videolan.org> + + Enable VIA Padlock on x86_64 platforms. + + commit baf0dc7e9c26167ab43ba2adebcf2f1abc9d9b3b + * cipher/rijndael.c: Duplicate x86 assembly and convert to x86_64. + * random/rndhw.c: Likewise. + * src/hwfeatures.c: Likewise. + +2012-05-14 Werner Koch <wk@gnupg.org> + + Add curve aliases from RFC-5656. + + commit 39c123b729a472ace039f8536d07f8b9a5f4675a + * cipher/ecc.c (curve_aliases): Add "nistp???" entries. + +2012-04-16 Werner Koch <wk@gnupg.org> + + State new contribution rules. + + commit 3bb858551cd5d84e43b800edfa2b07d1529718a9 + * doc/DCO: New. + * doc/HACKING: Document new rules. + +2012-04-04 Tomas Mraz <tmraz@fedoraproject.org> + + Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command. + + commit 90e49a11733bfba9c3c505ac487282d35757f682 + * doc/gcrypt.texi: Add documentation of the new command. + * src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode + only when fips mode is enabled. + (_gcry_set_enforced_fips_mode): New function. + * src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype. + * src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG. + * src/global.c (_gcry_vcontrol): Handle the new command. + +2012-02-17 Ulrich Müller <ulm@gentoo.org> + + Rework selftest in idea.c. + + commit 70cca617ed75ea292e1fed769114dda5cc1d76f1 + * cipher/idea.c (do_setkey): Execute selftest when first called. + (decrypt_block): Remove commented-out code. + (selftest): Execute all selftests. Return NULL on success, or + string in case of error. + +2012-02-16 Werner Koch <wk@gnupg.org> + + Fix missing prototype. + + commit 46035d28c9b413851d43a4008fdc8e4cdf5d686b + * src/g10lib.h (_gcry_secmem_module_init): Make it a real prototype. + +2012-02-16 Ulrich Müller <ulm@gentoo.org> + + Add support for the IDEA cipher. + + commit 318fd85f377c060908d371f792d41e599b3b7483 + Adapt idea.c to the Libgcrypt framework. + Add IDEA to cipher_table and to the build system. + + Patents on IDEA have expired: + Europe: EP0482154 on 2011-05-16, + Japan: JP3225440 on 2011-05-16, + U.S.: 5,214,703 on 2012-01-07. + + * configure.ac: Add idea to the list of available ciphers. + Define USE_IDEA if idea is enabled. + * cipher/cipher.c (cipher_table): Add entry for IDEA. + * cipher/idea.c: Update comment about patents. + Include proper header files and remove redundant declarations. + (expand_key, cipher, do_setkey, encrypt_block, decrypt_block): + Define function arguments as const where appropriate. + (cipher): Test for !WORDS_BIGENDIAN instead of LITTLE_ENDIAN_HOST. + (do_setkey, decrypt_block): Don't call selftest. + (idea_setkey): New function, wrapper for do_setkey. + (idea_encrypt): New function, wrapper for encrypt_block. + (_gcry_cipher_spec_idea): Define. + * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add idea.c. + * src/cipher.h (_gcry_cipher_spec_idea): Declare. + * tests/basic.c (check_ciphers): Add GCRY_CIPHER_IDEA. + +2012-01-09 Werner Koch <wk@gnupg.org> + + Include an IDEA implementation. + + commit 6078b05f5340d886e0b9e6cee1d9b5043e0cb210 + The code is the old IDEA test code, written by me back in 1997 and + distributed on a Danish FTP server. This commit is only for + reference. To use the code it has to be adjusted to the Libgcrypt + framework. + +2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> + + Fix pthread locking and remove defunctional support for static lock init. + + commit 38fcd59ce774eaa3d65f2f7534c989afd860eb56 + * src/ath.c: Include assert.h. + (ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK. + * src/g10lib.h (_gcry_secmem_module_init): New declaration. + * src/global.c (global_init): Call _gcry_secmem_module_init. + * src/secmem.c (_gcry_secmem_module_init): New function. + +2011-12-16 Werner Koch <wk@gnupg.org> + + Add alignment tests for the cipher tests. + + commit 14cf1f7e338fedb8edaff5631441746605152bd6 + * tests/basic.c (check_one_cipher): Factor most code out to + check_one_cipher_core. Call that core function several times using + different alignment settings. + (check_one_cipher_core): New. Add extra args to allow alignment + testing. + +2011-12-07 Werner Koch <wk@gnupg.org> + + tests/prime: Add option to create a well known private key. + + commit 16f5654643d584e3bc739b636752d779176b2191 + * tests/prime.c (print_mpi, create_42prime): New. + (main): Add option --42. + +2011-12-01 Werner Koch <wk@gnupg.org> + + Do not build the random-daemon by make distcheck. + + commit ea1fb538d99f1ec093f2fef86f4f29176ec27826 + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Disable building of the + random daemon + + Generate the ChangeLog from commit logs. + + commit 137d73191c904926ba529376144ee8239af4ca02 + * scripts/gitlog-to-changelog: New script. Taken from gnulib. + * scripts/git-log-fix: New file. + * scripts/git-log-footer: New file. + * doc/HACKING: Describe the ChangeLog policy + * ChangeLog: New file. + * Makefile.am (EXTRA_DIST): Add new files. + (gen-ChangeLog): New. + (dist-hook): Run gen-ChangeLog. + + Rename all ChangeLog files to ChangeLog-2011. + +2011-12-01 Werner Koch <wk@gnupg.org> + + NB: Changes done before December 1st, 2011 are described in + per directory files named ChangeLog-2011. See doc/HACKING for + details. + + ----- + Copyright (C) 2011 Free Software Foundation, Inc. + + Copying and distribution of this file and/or the original GIT + commit log messages, with or without modification, are + permitted provided the copyright notice and this notice are + preserved. |