summaryrefslogtreecommitdiffstats
path: root/comm/third_party/libgcrypt/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'comm/third_party/libgcrypt/ChangeLog')
-rw-r--r--comm/third_party/libgcrypt/ChangeLog13947
1 files changed, 13947 insertions, 0 deletions
diff --git a/comm/third_party/libgcrypt/ChangeLog b/comm/third_party/libgcrypt/ChangeLog
new file mode 100644
index 0000000000..72ea034caf
--- /dev/null
+++ b/comm/third_party/libgcrypt/ChangeLog
@@ -0,0 +1,13947 @@
+2021-02-17 Werner Koch <wk@gnupg.org>
+
+ Release 1.9.2.
+ + commit 24bd7e8215f7982b0c8db46fd87b47b370a52ec6
+
+
+2021-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ random: Fix build for macOS.
+ + commit d78cdf42854b17e2216890e7b78f9e7e05c0b1f8
+ * random/rndlinux.c [__APPLE__] (HAVE_GETENTROPY): Valid only when the
+ macro __MAC_10_11 is available.
+
+2021-02-08 Werner Koch <wk@gnupg.org>
+
+ tests: Fix minor glitches.
+ + commit 82395f11b444651f544f5e51c62fc6b65c04f9ef
+ * tests/basic.c (ALWAYS_INLINE): Make sure it is defined.
+ * tests/version.c (main): Print the config info to stdout.
+
+ New test Makefile target xtestsuite.
+ + commit ebc4d5670a1ada54ad907a4836eb8f6f573c2c38
+ * tests/Makefile.am (xtestsuite, xcheck): New targets.
+
+ New test driver to allow for standalone regression tests.
+ + commit b142da4c88deef4798ef96061dac399df3ddd73d
+ * tests/testdrv.c: New.
+
+2021-02-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ sha256-avx2: fix reading beyond end of input buffer.
+ + commit 24af2a55d862d45fe3aef6b5626a52d9bb0fb17e
+ * cipher/sha256-avx2-bmi2-amd64.S
+ (_gcry_sha256_transform_amd64_avx2): Use 'last block' code path if
+ input length is only one block.
+ * tests/basic.c (check_one_md_final): Use dynamic allocated buffer
+ so that in future similar access errors get detected by
+ tests/basic + valgrind.
+
+ ecc-ecdh: fix memory leak.
+ + commit 289543544e41cd5fe90352c5c7548ac09da533cc
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Free 'ec' at function exit.
+
+ tests: allow running 'make check' with ASAN.
+ + commit f46a6bd9b3d7ef7d1a72c5b6da5cf34ace2ff156
+ * tests/t-secmem.c (main): Skip test if environment variable
+ GCRYPT_IN_ASAN_TEST is defined.
+ * tests/t-sexp.c (main): Do not initialize secmem if environment
+ variable GCRYPT_IN_ASAN_TEST is defined.
+
+ global: make sure that bulk config string is null-terminated.
+ + commit 8716e4b2ada21456802aee67c2bc8edfec78f820
+ * src/global.c (_gcry_get_config): Append null-terminator to output
+ in the 'what == NULL' case.
+
+ Add handling for -Og with O-flag munging.
+ + commit a71b7de32b0c7c41359335a488cfe4dd70c65121
+ * cipher/Makefile.am (o_flag_munging): Add handling for '-Og'.
+ * random/Makefile.am (o_flag_munging): Add handling for '-Og'.
+
+ jent: silence ubsan warning about signed overflow.
+ + commit 6fc11291282a668839040c72a1d558a6ebbd4972
+ * random/jitterentropy-base.c (jent_stuck): Cast 'delta2' values to
+ 'uint64_t' for calculation.
+
+ Fix ubsan warnings for i386 build.
+ + commit 364e9e9d10503b36f98fbb1b489e00026f22c9d7
+ * mpi/mpicoder.c (_gcry_mpi_set_buffer) [BYTES_PER_MPI_LIMB == 4]: Cast
+ "*p--" values to mpi_limb_t before left shifting.
+ * tests/t-lock.c (main): Cast 'time(NULL)' to unsigned type.
+
+ Fix building with --disable-asm on x86.
+ + commit af23ab5c5482d625ff52e60606cf044e2b0106c8
+ * cipher/keccak.c (USE_64BIT_BMI2, USE_64BIT_SHLD)
+ (USE_32BIT_BMI2): Depend also on HAVE_CPU_ARCH_X86.
+ * random/rndjent.c [__i386__ || __x86_64__] (USE_JENT): Depend
+ also on HAVE_CPU_ARCH_X86.
+
+ md: clear bctx.count at final function.
+ + commit cb95fc53003e9f34ff80fc33627ceda605de223c
+ * cipher/md4.c (md4_final): Set bctx.count zero after
+ finalizing.
+ * cipher/md5.c (md5_final): Ditto.
+ * cipher/rmd160.c (rmd160_final): Ditto.
+ * cipher/sha1.c (sha1_final): Ditto.
+ * cipher/sha256.c (sha256_final): Ditto.
+ * cipher/sha512.c (sha512_final): Ditto.
+ * cipher/sm3.c (sm3_final): Ditto.
+ * cipher/stribog.c (stribog_final): Ditto.
+ * cipher/tiger.c (tiger_final): Ditto.
+
+2021-02-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add checking key for ECDSA.
+ + commit 598d0f3e0294a487e01b88cc714a8cd0a47329bb
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): Validate public key.
+ * cipher/ecc-gost.c (_gcry_ecc_gost_verify): Likewise.
+ * cipher/ecc-sm2.c (_gcry_ecc_sm2_verify): Likewise.
+
+2021-01-29 Werner Koch <wk@gnupg.org>
+
+ Release 1.9.1.
+ + commit 466299b1ceb82ec7c4dd0ca376de50399a896adf
+ * configure.ac: Bump LT version to C23/A3/R1.
+
+2021-01-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ hash-common: fix heap overflow when writing more data after final.
+ + commit 512c0c75276949f13b6373b5c04f7065af750b08
+ * tests/basic.c (check_one_md): Test writing to digest after read.
+ * cipher/hash-common.c (_gcry_md_block_write): Reset 'hd->count' if
+ greater than blocksize.
+
+2021-01-28 Werner Koch <wk@gnupg.org>
+
+ Add a compliance keyword to gcry_get_config.
+ + commit aa3f595341eb263980210776c7fe377b2ed24c5e
+ * src/global.c (print_config): New config line.
+
+2021-01-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ asm-common-aarch64: add MacOS support for GET_DATA_POINTER.
+ + commit 014fed5153647641376b9131ea1d87dc5e88cf42
+ * cipher/asm-common-aarch64.h [__APPLE__] (GET_DATA_POINTER): Add MacOS
+ variant of macro.
+
+2021-01-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ random: Use getentropy on macOS when available.
+ + commit 6cb0faf6ceec5b2e799e6fb5f04b85d135a7da9b
+ * random/rndlinux.c [__APPLE__ && __MACH__] (getentropy): Declare.
+ (_gcry_rndlinux_gather_random): Check the symbol and use getentropy.
+
+ mpi: Fix _gcry_mpih_mod implementation.
+ + commit f06ff4e31c8e162f4a59986241c7ab43d5085927
+ * mpi/mpih-const-time.c (_gcry_mpih_mod): Handle the overflow.
+
+ build: Check spawn.h for MacOS X Tiger.
+ + commit fc901e978a0c18a3524cad5d1ef3451ed11b9347
+ * configure.ac: Add check for spawn.h.
+ * tests/random.c: Only use posix_spawn if available.
+
+2021-01-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ global: fix compile error at pragma GCC diagnostic.
+ + commit 3d095206c30d772d5fc68bf69bfc384e43f766e9
+ * src/global.c (_gcry_vcontrol): Move "pragma GCC diagnostics" outside
+ function.
+
+ cipher-proto: remove forward typedef of cipher_bulk_ops_t.
+ + commit 17aad639d29c7c835a7effb89181c7c99b16cb6a
+ * cipher/cipher-proto (cipher_bulk_ops_t): Remove typedef, leave
+ forward declaration of 'struct cipher_bulk_ops'.
+ (gcry_cipher_setkey_t): Change 'bulk_ops' to
+ 'struct cipher_bulk_ops *'.
+ * cipher/arcfour.c: Include 'cipher-internal.h'.
+ * cipher/gost28147.c: Ditto.
+ * cipher/idea.c: Ditto.
+ * cipher/rfc2268.c: Ditto.
+ * cipher/salsa20.c: Ditto.
+ * cipher/seed.c: Ditto.
+ * cipher/mac-internal.h (CTX_MAGIC_NORMAL): Rename to...
+ (CTX_MAC_MAGIC_NORMAL): ... this.
+ (CTX_MAGIC_SECURE): Rename to...
+ (CTX_MAC_MAGIC_SECURE): ... this.
+ * cipher/mac-cmac.c (cmac_open): Use CTX_MAC_MAGIC_SECURE.
+ * cipher/mac-gmac.c (gmac_open): Ditto.
+ * cipher/mac-hmac.c (hmac_open): Ditto.
+ * cipher/mac-poly1305.c (poly1305mac_open): Ditto.
+ * cipher/mac.c (mac_open): Use CTX_MAC_MAGIC_SECURE and
+ CTX_MAC_MAGIC_NORMAL.
+
+2021-01-26 David Michael <fedora.dm0@gmail.com>
+
+ cipher/sha512: Fix non-NEON ARM assembly implementation.
+ + commit 1e72c50f864ae1c77ba80c191224b9ef1d22a2e2
+ * cipher/sha512.c (do_transform_generic)
+ [USE_ARM_ASM]: Switch to the non-NEON assembly implementation.
+
+2021-01-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ blake2: fix RIP register access for AVX/AVX2 implementations.
+ + commit b2f78ae034b8d4aa3d4cc7bf85262317832f6e0a
+ * cipher/blake2b-amd64-avx2.S: Use rRIP instead of (RIP).
+ * cipher/blake2s-amd64-avx.S: Use rRIP instead of (RIP).
+
+ sha512/sha256: remove assembler macros from AMD64 implementations.
+ + commit 9f49e806f9506533236fd44b17f17b85961b20f1
+ * configure.ac (gcry_cv_gcc_platform_as_ok_for_intel_syntax): Remove
+ assembler macro check from Intel syntax assembly support check.
+ * cipher/sha256-avx-amd64.S: Replace assembler macros with C
+ preprocessor counterparts.
+ * cipher/sha256-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha256-ssse3-amd64.S: Ditto.
+ * cipher/sha512-avx-amd64.S: Ditto.
+ * cipher/sha512-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha512-ssse3-amd64.S: Ditto.
+
+ configure.ac: run assembler checks through linker for better LTO support
+ + commit 393bd6c3d1aa2b2a1b05be0e2d7fb2514e6c5ad0
+ * configure.ac (gcry_cv_gcc_arm_platform_as_ok)
+ (gcry_cv_gcc_aarch64_platform_as_ok)
+ (gcry_cv_gcc_inline_asm_ssse3, gcry_cv_gcc_inline_asm_pclmul)
+ (gcry_cv_gcc_inline_asm_shaext, gcry_cv_gcc_inline_asm_sse41)
+ (gcry_cv_gcc_inline_asm_avx, gcry_cv_gcc_inline_asm_avx2)
+ (gcry_cv_gcc_inline_asm_bmi2, gcry_cv_gcc_as_const_division_ok)
+ (gcry_cv_gcc_as_const_division_with_wadivide_ok)
+ (gcry_cv_gcc_amd64_platform_as_ok, gcry_cv_gcc_win64_platform_as_ok)
+ (gcry_cv_gcc_platform_as_ok_for_intel_syntax)
+ (gcry_cv_gcc_inline_asm_neon, gcry_cv_gcc_inline_asm_aarch32_crypto)
+ (gcry_cv_gcc_inline_asm_aarch64_neon)
+ (gcry_cv_gcc_inline_asm_aarch64_crypto)
+ (gcry_cv_gcc_inline_asm_ppc_altivec)
+ (gcry_cv_gcc_inline_asm_ppc_arch_3_00)
+ (gcry_cv_gcc_inline_asm_s390x, gcry_cv_gcc_inline_asm_s390x): Use
+ AC_LINK_IFELSE check instead of AC_COMPILE_IFELSE.
+
+ rijndael: remove unused use_xxx flags.
+ + commit a14447f8169aff30a49f5c2ab06bd5bbd1cc3531
+ * cipher/rijndael-internal.h (RIJNDAEL_context_s): Remove unused
+ 'use_padlock', 'use_aesni', 'use_ssse3', 'use_arm_ce', 'use_ppc_crypto'
+ and 'use_ppc9le_crypto'.
+ * cipher/rijndael.c (do_setkey): Do not setup 'use_padlock',
+ 'use_aesni', 'use_ssse3', 'use_arm_ce', 'use_ppc_crypto' and
+ 'use_ppc9le_crypto'.
+
+ Define HW-feature flags per architecture.
+ + commit 8d404a629167d67ed56e45de3e65d1e0b7cdeb24
+ * random/rand-internal.h (_gcry_rndhw_poll_slow): Add requested length
+ parameter.
+ * random/rndhw.c (_gcry_rndhw_poll_slow): Limit accounted bytes to 50%
+ (or 25% for RDRAND) - this code is moved from caller side.
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Move
+ HWF_INTEL_RDRAND check to _gcry_rndhw_poll_slow.
+ * src/g10lib.h (HWF_PADLOCK_*, HWF_INTEL_*): Define only if
+ HAVE_CPU_ARCH_X86.
+ (HWF_ARM_*): Define only if HAVE_CPU_ARCH_ARM.
+ (HWF_PPC_*): Define only if HAVE_CPU_ARCH_PPC.
+ (HWF_S390X_*): Define only if HAVE_CPU_ARCH_S390X.
+
+ Add configure option to force enable 'soft' HW feature bits.
+ + commit 3b34bd6e178614d6021ee7d1140646f7c8ed7519
+ * configure.ac (force_soft_hwfeatures)
+ (ENABLE_FORCE_SOFT_HWFEATURES): New.
+ * src/hwf-x86.c (detect_x86_gnuc): Enable HWF_INTEL_FAST_SHLD
+ and HWF_INTEL_FAST_VPGATHER if ENABLE_FORCE_SOFT_HWFEATURES enabled.
+
+2021-01-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix Ed25519 private key handling for preceding ZEROs.
+ + commit 1b74f633bd3e358fb07a856a70597019980651d2
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fill-up or remove
+ preceding ZEROs correctly, fixing the third argument of mpi_set_opaque.
+
+ ecc: Fix initialization of CTX for sign and verify.
+ + commit 652b102697cbfe2d7bc642fc7374cb21a9cf03e6
+ * cipher/ecc.c (ecc_sign, ecc_verify): Call
+ _gcry_pk_util_init_encoding_ctx at first.
+
+2021-01-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Fix build of tests with non-default installation.
+ + commit fa3420b011c105ca21894489e62c7e882a3ac4dd
+ * tests/Makefile.am: Add forgotten @LDADD_FOR_TESTS_KLUDGE@.
+
+2021-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Split inline assembly blocks with many memory operands.
+ + commit 00df9f27181d77166ceb55f319329400bf2e6a48
+ * cipher/rijndael-aesni.c (aesni_ocb_checksum, aesni_ocb_enc)
+ (aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Split assembly blocks
+ with more than 4 memory operands to smaller blocks.
+ * cipher/sha512-ssse3-i386.c (W2): Split big assembly block to
+ three smaller blocks.
+
+ tests/basic: fix build on ARM32 when NEON disabled.
+ + commit 81354e911bfa3e135d3e07f6a8d9e98033cd921a
+ * tests/basic.c (CLUTTER_VECTOR_REGISTER_NEON)
+ (CLUTTER_VECTOR_REGISTER_AARCH64): Remove check for __ARM_FEATURE_SIMD32.
+
+ kdf: make self-test test-vector array read-only.
+ + commit 097148bc89ec8c18b9e4795733e0f0b1ae0ecd1d
+ * cipher/kdf.c (selftest_pbkdf2): Make 'tv[]' constant.
+
+ kdf: add missing null-terminator for self-test test-vector array.
+ + commit c6425a5537294dfe2beaafc9105f7af4ceac677f
+ * cipher/kdf.c (selftest_pbkdf2): Add null-terminator to TV array.
+
+ cipher/bithelp: use __builtin_ctzl when available.
+ + commit 807827cda3bacf5f475167ee6d34657713111838
+ * cipher/bithelp.h (_gcry_ctz64): Use __builtin_ctzl if available.
+
+ mpi/longlong: make use of compiler provided __builtin_ctz/__builtin_clz.
+ + commit 477355047e5c75ad2b2238a8716e4646b861184c
+ * configure.ac (gcry_cv_have_builtin_ctzl, gcry_cv_have_builtin_clz)
+ (gcry_cv_have_builtin_clzl): New checks.
+ * mpi/longlong.h (count_leading_zeros, count_trailing_zeros): Use
+ __buildin_clz[l]/__builtin_ctz[l] if available and bit counting
+ macros not yet provided by inline assembly.
+
+2021-01-19 Werner Koch <wk@gnupg.org>
+
+ Release 1.9.0.
+ + commit 0dc49af9b5371c5e2f766b70c3bede2b10db9f7e
+
+
+2021-01-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix DSA for FIPS 186-3.
+ + commit 30ed9593f632c728d918598037358deaeccd1968
+ * cipher/dsa.c (generate_fips186): Supply INITIAL_SEED to
+ _gcry_generate_fips186_3_prime.
+ * tests/fips186-dsa.c (check_dsa_gen_186_2): Add where tv comes from.
+ (check_dsa_gen_186_3): Implement tests.
+ * tests/pubkey.c (get_dsa_key_fips186_with_seed_new): Use the qbits
+ and seed of tests/fips186-dsa.c.
+
+2021-01-19 NIIBE Yutaka <gniibe@fsij.org>
+ Tomáš Mráz <tm@t8m.info>
+
+ Check if FIPS is operational and error return if not.
+ + commit ebeae53222648c637907f4b358888fc0e7123dc9
+ * src/visibility.c (gcry_kdf_derive): Add the check.
+ (gcry_prime_generate, gcry_prime_group_generator): Likewise.
+ (gcry_mpi_randomize): Likewise, but no return.
+
+2021-01-18 Werner Koch <wk@gnupg.org>
+
+ ecc: Change an error code of gcry_ecc_mul_point.
+ + commit ca5a90bf70598247589078478d237287ca524453
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Return
+ GPG_ERR_UNKNOWN_CURVE.
+
+2021-01-15 NIIBE Yutaka <gniibe@fsij.org>
+ Tomáš Mráz <tm@t8m.info>
+
+ kdf: Add selftest.
+ + commit 7a0da24925361a3109474d0e433511467a9e35d1
+ * src/cipher-proto.h (_gcry_kdf_selftest): New.
+ * cipher/kdf.c (check_one, selftest_pbkdf2): New.
+ (_gcry_kdf_selftest): New.
+ * src/fips.c (run_kdf_selftests): New.
+ (_gcry_fips_run_selftests): Call run_kdf_selftests.
+
+2021-01-13 NIIBE Yutaka <gniibe@fsij.org>
+ Tomáš Mráz <tm@t8m.info>
+
+ cmac: Add selftest.
+ + commit 385a89e35b0b95f15b4c6e4d5482b1fc6906f7c5
+ * cipher/mac-cmac.c (check_one, selftests_cmac_3des): New.
+ (selftests_cmac_aes, cmac_selftest): New.
+ (cmac_ops): Add cmac_selftest.
+ * src/fips.c (run_mac_selftests): Add CMAC selftests.
+
+2021-01-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ sexp: Raise an error when an integer is negative with USG.
+ + commit 00d7c1c632019066a4884930d413ccc044d81af5
+ * src/sexp.c (do_vsexp_sscan): Return GPG_ERR_INV_ARG if negative.
+
+2021-01-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add backward compatibility support for Ed25519 key in SEXP.
+ + commit 4768baf74be03d8973d004725f796aef329c45bf
+ * cipher/ecc-curves.c (_gcry_ecc_get_curve): Support Ed25519 keys with
+ parameter {p,a,b,g,n}.
+
+ ecc: Minor implementation change for _gcry_ecc_get_curve.
+ + commit 3fe7036d05f283df9441d42242f0047b6ea11a32
+ * cipher/ecc-curves.c (_gcry_ecc_get_curve): Flatten.
+
+2020-12-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add s390x/zSeries implementation of Poly1305.
+ + commit 1f75681cbba895ea2f7ea0637900721f4522e729
+ * cipher/Makefile.am: Add 'poly1305-s390x.S' and
+ 'asm-poly1305-s390x.h'.
+ * cipher/asm-poly1305-s390x.h: New
+ * cipher/chacha20-s390x.S (_gcry_chacha20_poly1305_s390x_vx_blocks8)
+ (_gcry_chacha20_poly1305_s390x_vx_blocks4_2_1): New, stitched
+ chacha20-poly1305 implementation.
+ * cipher/chacha20.c (USE_S390X_VX_POLY1305): New.
+ (_gcry_chacha20_poly1305_s390x_vx_blocks8)
+ (_gcry_chacha20_poly1305_s390x_vx_blocks4_2_1): New prototypes.
+ (_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt): Add
+ s390x/VX stitched chacha20-poly1305 code-path.
+ * cipher/poly1305-s390x.S: New.
+ * cipher/poly1305.c (USE_S390X_ASM, HAVE_ASM_POLY1305_BLOCKS): New.
+ [USE_S390X_ASM] (_gcry_poly1305_s390x_blocks1, poly1305_blocks): New.
+ * configure.ac (gcry_cv_gcc_inline_asm_s390x): Check for 'risbgn' and
+ 'algrk' instructions.
+ * tests/basic.c (_check_poly1305_cipher): Add large chacha20-poly1305
+ test vector.
+
+ Add s390x/zSeries implementation of ChaCha20.
+ + commit 6a0bb9ab7f886087d7edb0725c90485086a1c0b4
+ * cipher/Makefile.am: Add 'asm-common-s390x.h' and 'chacha20-s390x.S'.
+ * cipher/asm-common-s390x.h: New.
+ * cipher/chacha20-s390x.S: New.
+ * cipher/chacha20.c (USE_S390X_VX): New.
+ (CHACHA20_context_t): Change 'use_*' bit-field to unsigned type; Add
+ 'use_s390x'.
+ (_gcry_chacha20_s390x_vx_blocks8)
+ (_gcry_chacha20_s390x_vx_blocks4_2_1): New.
+ (chacha20_do_setkey): Add HW feature detect for s390x/VX.
+ (chacha20_blocks, do_chacha20_encrypt_stream_tail): Add s390x/VX
+ code-path.
+ * configure.ac: Add 'chacha20-s390x.lo'.
+
+ hwf-s390x: add VX vector instruction set detection.
+ + commit 1d13794780e3d052cd5ed6f900bf5900cf44b377
+ * configure.ac (gcry_cv_gcc_inline_asm_s390x_vx): New check.
+ * src/g10lib.h (HWF_S390X_VX): New.
+ * src/hwf-s390x.c (HWCAP_S390_VXRS): New.
+ (s390x_features) [HAVE_GCC_INLINE_ASM_S390X_VX]: Add VX feature check.
+ * src/hwfeatures.c (hwlist): Add "s390x-vx".
+
+ mpi/longlong: add s390x/zSeries macros.
+ + commit 0252cc9b62dfe20c77211f093b4fda54786177d3
+ * mpi/longlong.h [__s390x__] (add_ssaaaa, sub_ddmmss, UTItype)
+ (umul_ppmm, udiv_qrnnd): New.
+
+2020-12-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32.
+ + commit 6b6bfd57d0a6b2b4577c084db35078cd9fadafa5
+ * src/hwf-arm.c (HWCAP2_SHA1, HWCAP2_SHA2): Change from bit indexes to
+ flags.
+
+ Add missing prototype for _gcry_mac_selftest.
+ + commit e47f04b4a28947c90db70ccaf93e149cfd5213c9
+ * src/cipher-proto.h (_gcry_hmac_selftest): Rename to...
+ (_gcry_mac_selftest): ... this.
+
+2020-12-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ Merge hmac-tests.c into mac-hmac.c.
+ + commit 2ab14b23afc092fd25395954c2a94db932ca4d95
+ * cipher/Makefile.am (EXTRA_DIST): Remove hmac-tests.c.
+ * cipher/hmac-tests.c: Remove, merge into...
+ * cipher/mac-hmac.c: ... here.
+
+2020-12-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add s390x/zSeries acceleration for SHA3.
+ + commit 7532e27cacb74c92fd561524a0897163b0fcd7f4
+ * cipher/asm-inline-s390x.h (KLMD_PADDING_STATE): New.
+ (kimd_execute): Change 'reg0' from read-only to read/write.
+ (klmd_shake_execute): New.
+ * cipher/keccak.c (USE_S390X_CRYPTO): New.
+ (KECCAK_CONTEXT) [USE_S390X_CRYPTO]: New members.
+ [USE_S390X_CRYPTO] (keccak_bwrite_s390x, keccak_final_s390x)
+ (keccak_bextract_s390x, keccak_write_s390x, keccak_extract_s390x): New.
+ (keccak_write) [USE_S390X_CRYPTO]: Use accelerated function if enabled.
+ (keccak_final) [USE_S390X_CRYPTO]: Likewise.
+ (keccak_extract) [USE_S390X_CRYPTO]: Likewise.
+ (keccak_init) [USE_S390X_CRYPTO]: Detect and setup zSeries
+ acceleration.
+
+ Add s390x/zSeries acceleration for SHA512.
+ + commit 45f0ec0c4e3b08627cbf7e65f5f110c321710d01
+ * cipher/sha512.c (USE_S390X_CRYPTO): New.
+ (SHA512_CONTEXT) [USE_S390X_CRYPTO]: New members.
+ (do_sha512_transform_s390x, do_sha512_final_s390x): New.
+ (sha512_init_common) [USE_S390X_CRYPTO]: Detect and setup s390x/zSeries
+ acceleration.
+ (sha512_final) [USE_S390X_CRYPTO]: Use accelerated final function.
+
+ Add s390x/zSeries acceleration for SHA256.
+ + commit 0b555c3cc7c2b80ec2628685946a6139a1996911
+ * cipher/sha256.c (USE_S390X_CRYPTO): New.
+ (SHA256_CONTEXT) [USE_S390X_CRYPTO]: New members.
+ (do_sha256_transform_s390x, do_sha256_final_s390x): New.
+ (sha256_common_init) [USE_S390X_CRYPTO]: Detect and setup s390x/zSeries
+ acceleration.
+ (sha256_final) [USE_S390X_CRYPTO]: Use accelerated final function.
+
+ Add s390x/zSeries acceleration for SHA1.
+ + commit 88570515b4ca92a44c4e40c31f877c11cc00ab68
+ * cipher/asm-inline-s390x.h (ALWAYS_INLINE): New.
+ (klmd_query): New.
+ (km_function_to_mask, kimd_execute, klmd_execute): Mark as always
+ inline.
+ * cipher/rijndael-s390x.c (ALWAYS_INLINE): Remove.
+ * cipher/sha1.c (do_sha1_transform_s390x, do_sha1_final_s390x): New.
+ (sha1_init) [SHA1_USE_S390X_CRYPTO]: Detect and setup s390x/zSeries
+ acceleration.
+ (sha1_final) [SHA1_USE_S390X_CRYPTO]: Use accelerated final function.
+ * cipher/sha1.h (SHA1_USE_S390X_CRYPTO): New.
+ (SHA1_CONTEXT) [SHA1_USE_S390X_CRYPTO]: New.
+
+ Add bulk AES-GCM acceleration for s390x/zSeries.
+ + commit 5aeb091f911398217b2e9facb9bdeb05c63d7844
+ * cipher/Makefile.am: Add 'asm-inline-s390x.h'.
+ * cipher/asm-inline-s390x.h: New.
+ * cipher/cipher-gcm.c [GCM_USE_S390X_CRYPTO] (ghash_s390x_kimd): New.
+ (setupM) [GCM_USE_S390X_CRYPTO]: Add setup for s390x GHASH function.
+ * cipher/cipher-internal.h (GCM_USE_S390X_CRYPTO): New.
+ * cipher/rijndael-s390x.c (u128_t, km_functions_e): Move to
+ 'asm-inline-s390x.h'.
+ (aes_s390x_gcm_crypt): New.
+ (_gcry_aes_s390x_setup_acceleration): Use 'km_function_to_mask'; Add
+ setup for GCM bulk function.
+
+ Add bulk function interface for GCM mode.
+ + commit f4e63e92dc0b79633f48b11d292dd7bdf2752ede
+ * cipher/cipher-gcm.c (do_ghash_buf): Proper handling for the case
+ where 'unused' gets filled to full blocksize.
+ (gcm_crypt_inner): New.
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Use
+ 'gcm_crypt_inner'.
+ * cipher/cipher-internal.h (cipher_bulk_ops_t): Add 'gcm_crypt'.
+
+ Add s390x/zSeries acceleration for AES.
+ + commit 9219d9d1b60c01a4c7dbde05ee6b5b52e0d7d072
+ * configure.ac: Add 'rijndael-s390x.lo'.
+ * cipher/Makefile.am: Add 'rijndael-s390x.c'.
+ * cipher/rijndael-internal.c (USE_S390X_CRYPTO): New.
+ (RIJNDAEL_context_s) [USE_S390X_CRYPTO]: New 'km*_func' members.
+ * cipher/rijndael-s390x.c: New.
+ * cipher/rijndael.c (_gcry_aes_s390x_setup_acceleration)
+ (_gcry_aes_s390x_setup_setkey)
+ (_gcry_aes_s390x_setup_prepare_decryption, _gcry_aes_s390x_encrypt)
+ (_gcry_aes_s390x_decrypt): New.
+ (do_setkey) [USE_S390X_CRYPTO]: Add s390x acceleration setup.
+
+ Add bulk function interface for OFB mode.
+ + commit f12b6788f2297391265af93a7794bfbc503de6d7
+ * cipher/cipher-internal.h (cipher_bulk_ops): Add 'ofb_enc'.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Use bulk encryption
+ function if defined.
+ * cipher/basic.c (check_bulk_cipher_modes): Add OFB-AES test vectors.
+
+ hwf: add detection of s390x/zSeries hardware features.
+ + commit 128054767d5f864798a39d432997f7d38c4bf729
+ * configure.ac (gcry_cv_gcc_inline_asm_s390x)
+ (HAVE_CPU_ARCH_S390X): Add s390x detection support.
+ * mpi/config.links: Add setup for s390x links.
+ * src/Makefile.am: Add 'hwf-s390x.c'.
+ * src/g10lib.h (HWF_S390X_MSA, HWF_S390X_MSA_4, HWF_S390X_8): New.
+ * src/hwf_common.h (_gcry_hwf_detect_s390x): New.
+ * src/hwf-s390x.c: New.
+ * src/hwfeatures.c: Add "s390x-msa", "s390x-msa-4" and "s390x-msa-8".
+
+ tests/bench-slope: use same benchmarking for XTS as for other modes.
+ + commit 0e37bb32e215feb4716341f7053c4f54806645cb
+ * tests/bench-slope.c (bench_xts_encrypt_init): Use same buffer
+ sizes as other tests.
+ (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench): Remove.
+ (xts_encrypt_ops): Use 'bench_encrypt_do_bench'.
+ (xts_decrypt_ops): Use 'bench_decrypt_do_bench'.
+
+ aarch64: mpi/longlong.h: fix operand size mismatch.
+ + commit c59b5b03a063ebc73935dbb10bc4f568faddbedf
+ * mpi/longlong.h [__aarch64__] (count_leading_zeros): Use correctly
+ sized temporary variable for asm output.
+
+ aarch64: use configure check for assembly ELF directives support.
+ + commit 8352b0ece5237e3f86f1525b072e8f690ad0fa94
+ * configure.ac (gcry_cv_gcc_asm_elf_directives): New check.
+ (HAVE_GCC_ASM_ELF_DIRECTIVES): New 'config.h' macro.
+ * cipher/asm-common-aarch64.h (ELF): Change feature macro check from
+ __ELF__ to HAVE_GCC_ASM_ELF_DIRECTIVES.
+
+2020-12-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ Reorganize self-tests for HMAC.
+ + commit c90fb0d8fb7a84bbcc8d6832de6a554405591850
+ * cipher/Makefile.am: Prepare merge of hmac-test.c into mac-hmac.c.
+ * cipher/hmac-tests.c: Ifdef-out run_selftests and _gcry_hmac_selftest.
+ * cipher/mac-internal.h: Include cipher-proto.h for selftest.
+ (gcry_mac_spec_ops): Add selftest field.
+ * cipher/mac-hmac.c: Include hmac-tests.c for migration.
+ (hmac_selftest) New.
+ (hmac_ops): Add hmac_selftest.
+ * cipher/gost28147.c, cipher/mac-cmac.c: Add new field for selftest.
+ * cipher/mac-gmac.c, cipher/mac-poly1305.c: Likewise..
+ * cipher/mac.c (_gcry_mac_selftest): New.
+ * src/fips.c (run_mac_selftests): Rename from run_hmac_selftests.
+ Use GCRY_MAC_HMAC_*, and call _gcry_mac_selftest.
+ (_gcry_fips_run_selftests): Use run_mac_selftests.
+
+2020-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Prevent link-time optimization from inlining __gcry_burn_stack.
+ + commit 1a83df98b198902ee6d71549231a3af37088d452
+ * src/g10lib.h (NOINLINE_FUNC): New attribute macro.
+ * src/misc.c (__gcry_burn_stack): Add NOINLINE_FUNC attribute.
+
+ tests/basic: check 32-bit and 64-bit overflow for CTR and ChaCha20.
+ + commit 2065720b5b0642cc1a0e08086a434244ebb1abf2
+ * tests/basic.c (check_one_cipher_ctr_reset)
+ (check_one_cipher_ctr_overflow): New.
+ (check_one_cipher): Add counter overflow tests for ChaCha20 and CTR
+ mode.
+
+ chacha20-ppc: fix 32-bit counter overflow handling.
+ + commit ed45eac3b721c1313902b977379fbd4886ccca7b
+ * cipher/chacha20-ppc.c (vec_add_ctr_u64, ADD_U64): New.
+ (_gcry_chacha20_ppc8_blocks1, _gcry_chacha20_ppc8_blocks4)
+ (_gcry_chacha20_poly1305_ppc8_blocks4): Use ADD_U64 when incrementing
+ counter.
+
+2020-12-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Put a work around to tests/random for macOS.
+ + commit 9769b40b54cf010a0c41c4ab05a7a88e17d70613
+ * configure.ac [*-apple-darwin*] (USE_POSIX_SPAWN_FOR_TESTS): New.
+ * tests/random.c [USE_POSIX_SPAWN_FOR_TESTS] (run_all_rng_tests): New.
+
+2020-11-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update to newer autoconf constructs.
+ + commit 9485ca7b5bf11194cff59edbfa6a0fba3bf6162a
+ * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Use AS_MESSAGE_LOG_FD
+ instead of AC_FD_CC.
+ (GNUPG_CHECK_MLOCK): Use AC_LINK_IFELSE instead of AC_TRY_LINK.
+ Use AC_RUN_IFELSE instead of AC_TRY_RUN.
+ * configure.ac (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
+ Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
+ Use AS_HELP_STRING instead of AC_HELP_STRING.
+ (AC_TYPE_SIGNAL): Remove.
+ (AC_DECL_SYS_SIGLIST): Remove.
+ * m4/Makefile.am (EXTRA_DIST): Update.
+ * m4/onceonly.m4: Remove.
+ * m4/socklen.m4: Update from gnulib.
+ * m4/libtool.m4: Update from libgpg-error.
+ * m4/gpg-error.m4: Update from libgpg-error.
+ * m4/noexecstack.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
+
+ build: Use modern Autoconf check for type.
+ + commit 425bf499185d78aa8fcad6a30b8771e7865d449d
+ * configure.ac (byte, ushort, us6, u32, u64): Use AC_CHECK_TYPES.
+ * cipher/poly1305.c: Use HAVE_TYPE_U64.
+ * src/hmac256.c: HAVE_TYPE_U32.
+ * src/types.h: Use HAVE_TYPE_BYTE, HAVE_TYPE_USHORT, HAVE_TYPE_U16,
+ HAVE_TYPE_U32, and HAVE_TYPE_U64.
+
+ m4: Update with newer autoconf constructs.
+ + commit 908e347fb68b28e180ac816b5050406358e81a0f
+ * src/libgcrypt.m4: Replace AC_HELP_STRING to AS_HELP_STRING.
+
+2020-10-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Handle removed zeros at the beginning for Ed25519.
+ + commit 361a0588489cf4a539da8debd1771024a1faa218
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Accept private
+ key with removed zeros.
+
+2020-10-23 Werner Koch <wk@gnupg.org>
+
+ random: Allow for a Unicode random seed file on Windows.
+ + commit 24341f58f0d38bd62c45d285bcf8472f82b56135
+ * random/random-csprng.c (utf8_to_wchar) [W32]: New.
+ (any8bitchar) [W32]: New.
+ (my_open): New. Replace all calls to open with this.
+
+2020-10-01 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+ tests: Fix typo in comment.
+ + commit 4a50c6b88d6d8d843e50add851a8a5e691349097
+ * tests/basic.c: Fix typo in comment.
+
+2020-09-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: clean-up prepare_decryption function.
+ + commit 2051d5bd6f732a36e5a536cba734531a9e2e915f
+ * cipher/rijndael-internal.h (rijndael_prepare_decfn_t): New.
+ (RIJNDAEL_context_s): New member 'prepare_decryption'.
+ * cipher/rijndael-padlock.c (_gcry_aes_padlock_prepare_decryption): New.
+ * cipher/rijndael.c (_gcry_aes_padlock_prepare_decryption): New.
+ (do_setkey): Setup 'ctx->prepare_decryption' for each acceleration type.
+ (prepare_decryption): Remove calls to other prepare decryption functions.
+ (check_decryption_preparation): Call 'ctx->prepare_decryption' instead
+ of 'prepare_decryption'.
+
+ rijndael: clean-up generic bulk functions.
+ + commit 7679c918ade9d334bc80cb8c10916bbc847ff382
+ * cipher/rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
+ (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Remove
+ calls to hardware accelerated AES bulk functions.
+
+ cipher: setup bulk functions at each algorithms key setup.
+ + commit 51271eb86bcb0eb89e55a2add9607c503f182c89
+ * cipher/cipher-internal.h (cipher_mode_ops_t, cipher_bulk_ops_t): New.
+ (gcry_cipher_handle): Define members 'mode_ops' and 'bulk' using new
+ types.
+ * cipher/cipher.c (_gcry_cipher_open_internal): Remove bulk function
+ setup.
+ (cipher_setkey): Pass context bulk function pointer to algorithm setkey
+ function.
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
+ (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk
+ function parameter; Use bulk function returned by setkey function.
+ * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc)
+ (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk
+ function parameter.
+ * cipher/arcfour.c (arcfour_setkey): Change 'hd' parameter to
+ 'bulk_ops'.
+ * cipher/blowfish.c (bf_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
+ (_gcry_blowfish_cfb_dec): Make static.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
+ to selftest helper.
+ (selftest): Pass 'bulk_ops' to setkey function.
+ * cipher/camellia.c (camellia_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (_gcry_camellia_ctr_enc, _gcry_camellia_cbc_dec)
+ (_gcry_camellia_cfb_dec, _gcry_camellia_ocb_crypt)
+ (_gcry_camellia_ocb_auth): Make static.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
+ to selftest helper.
+ (selftest): Pass 'bulk_ops' to setkey function.
+ * cipher/cast5.c (cast_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec): Make
+ static.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
+ to selftest helper.
+ (selftest): Pass 'bulk_ops' to setkey function.
+ * cipher/chacha20.c (chacha20_setkey): Change 'hd' parameter to
+ 'bulk_ops'.
+ * cipher/cast5.c (do_tripledes_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec): Make
+ static.
+ (bulk_selftest_setkey): Change 'hd' parameter to 'bulk_ops'.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
+ to selftest helper.
+ (do_des_setkey): Change 'hd' parameter to 'bulk_ops'.
+ * cipher/gost28147.c (gost_setkey): Change 'hd' parameter to
+ 'bulk_ops'.
+ * cipher/idea.c (idea_setkey): Change 'hd' parameter to 'bulk_ops'.
+ * cipher/rfc2268.c (do_setkey): Change 'hd' parameter to 'bulk_ops'.
+ * cipher/rijndael.c (do_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (rijndael_setkey): Change 'hd' parameter to 'bulk_ops'.
+ (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_enc)
+ (_gcry_aes_cbc_dec, _gcry_aes_ctr_enc, _gcry_aes_ocb_crypt)
+ (_gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Make static.
+ (selftest_basic_128, selftest_basic_192, selftest_basic_256): Pass
+ 'bulk_ops' to setkey function.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
+ to selftest helper.
+ * cipher/salsa20.c (salsa20_setkey): Change 'hd' parameter to
+ 'bulk_ops'.
+ * cipher/seed.c (seed_setkey): Change 'hd' parameter to 'bulk_ops'.
+ * cipher/serpent.c (serpent_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec, _gcry_serpent_cfb_dec)
+ (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Make static.
+ (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass
+ bulk function to selftest helper.
+ * cipher/sm4.c (sm4_setkey): Change 'hd' parameter to 'bulk_ops'; Setup
+ 'bulk_ops' with bulk acceleration functions.
+ (_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
+ (_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): Make static.
+ (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass
+ bulk function to selftest helper.
+ * cipher/twofish.c (twofish_setkey): Change 'hd' parameter to
+ 'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
+ (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
+ (_gcry_twofish_cfb_dec, _gcry_twofish_ocb_crypt)
+ (_gcry_twofish_ocb_auth): Make static.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
+ to selftest helper.
+ (selftest, main): Pass 'bulk_ops' to setkey function.
+ * src/cipher-proto.h: Forward declare 'cipher_bulk_ops_t'.
+ (gcry_cipher_setkey_t): Replace 'hd' with 'bulk_ops'.
+ * src/cipher.h: Remove bulk acceleration function prototypes for
+ 'aes', 'blowfish', 'cast5', 'camellia', '3des', 'serpent', 'sm4' and
+ 'twofish'.
+
+2020-09-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: tidy do_setkey little bit.
+ + commit e0829ae648d9d9da67cd8a8fae7aa05774a0d0f7
+ * cipher/rijndael.c (do_setkey): Reduce number of ifdefs by using
+ function pointer for accelerated key-setup.
+
+2020-09-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-aesni: tweak x86_64 AES-NI for better performance on AMD Zen2.
+ + commit f96989f0e9085fa58b475131d29b37f68ba564ec
+ * cipher/rijndael-aesni.c (do_aesni_enc_vec8, do_aesni_dec_vec8): Move
+ first round key xoring and last round out to caller.
+ (do_aesni_ctr_4): Change low 8-bit counter overflow check to 8-bit
+ addition to low-bits and detect overflow from carry flag; Adjust
+ slow path to restore counter.
+ (do_aesni_ctr_8): Same as above; Interleave first round key xoring and
+ first round with CTR generation on fast path; Interleave last round
+ with output xoring.
+ (_gcry_aes_aesni_cfb_dec, _gcry_aes_aesni_cbc_dec): Add first round
+ key xoring; Change order of last round xoring and output xoring
+ (shorten the dependency path).
+ (_gcry_aes_aesni_ocb_auth): Add first round key xoring and last round
+ handling.
+
+2020-08-26 Werner Koch <wk@gnupg.org>
+
+ build: Allow customization of the signing key.
+ + commit 9cd92ebae21900e54cc3d8b607c8ed1afbf2eb9b
+ * Makefile.am (sign-release): Read variabales from user configuration.
+
+2020-08-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix basic.c.
+ + commit fd51bc523d095168ee9367fe3f18d18f7a88ad90
+ * tests/basic.c (check_one_hmac): Fix error paths.
+ (check_pubkey_crypt): Fix wrong call of gcry_sexp_new.
+
+ ecc: Fix an error path.
+ + commit 65a2cd139e21250e6581a4f610015937e7b91451
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Avoid null dereference on
+ error.
+
+2020-07-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ chacha20-aarch64: improve performance through higher SIMD interleaving.
+ + commit 8d7b1d0a52bde173646e5b42b31d23593eabecf2
+ * cipher/chacha20-aarch64.S (ROTATE2, ROTATE2_8, ROTATE2_16)
+ (QUARTERROUND2): Replace with...
+ (ROTATE4, ROTATE4_8, ROTATE4_16, QUARTERROUND4): ...these.
+ (_gcry_chacha20_aarch64_blocks4)
+ (_gcry_chacha20_poly1305_aarch64_blocks4): Adjust to use QUARTERROUND4.
+
+ tests/bench-slope: improve CPU frequency auto-detection.
+ + commit f1c3db3bf40e07cfd1a6a92209865ee7a98129ca
+ * configure.ac (gcry_cv_have_asm_volatile_memory): Check also if
+ assembly memory barrier with input/output register is supported.
+ * tests/bench-slope.c (auto_ghz_bench): Change to use base operation
+ that takes two CPU cycles and unroll loop by 1024 operations.
+
+ Enable jitter entropy also on non-x86 architectures.
+ + commit 886120f33bd3f10e6e6a09920eca1f9ed81044e7
+ * configure.ac: Do not force jentsupport to "n/a" on non-x86
+ architectures.
+
+ random/jitterentropy: fix USE_JENT == JENT_USES_GETTIME code path.
+ + commit 4ed9b949485448816a70d86260d572f08ae34621
+ * random/jitterentropy-base-user.h (jent_get_nstime): Use 'tv' variable
+ instead of non-existing 'time'.
+
+ Camellia AES-NI/AVX/AVX2 size optimization.
+ + commit 4c0e244fc53e0f7b927bfe4cf54695b5d282fd27
+ * cipher/camellia-aesni-avx-amd64.S: Use loop for handling repeating
+ '(enc|dec)_rounds16/fls16' portions of encryption/decryption.
+ * cipher/camellia-aesni-avx2-amd64.S: Use loop for handling repeating
+ '(enc|dec)_rounds32/fls32' portions of encryption/decryption.
+
+2020-07-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Support reading EC point in compressed format for good curves.
+ + commit e0dabf74bf276500257f15b85ded9cf24ccc8334
+ * cipher/ecc-curves.c (gcry_ecc_get_curve): Handle G, differently.
+ * cipher/ecc-misc.c (_gcry_ecc_sec_decodepoint): Support compressed
+ representation of EC point. Rename from _gcry_ecc_os2ec.
+ * cipher/ecc-sm2.c (_gcry_ecc_sm2_decrypt) Follow the change.
+ * cipher/ecc.c (ecc_decrypt_raw): Likewise.
+ * mpi/ec.c (_gcry_mpi_ec_set_point): Likewise.
+ * src/ec-context.h: API change _gcry_ecc_sec_decodepoint from
+ _gcry_ecc_os2ec.
+ * tests/basic.c (check_pubkey): Use compressed representation
+ for two public keys of NIST P192 and NIST P256.
+
+2020-07-06 Werner Koch <wk@gnupg.org>
+
+ mpi: Consider +0 and -0 the same in mpi_cmp.
+ + commit 1f3a92e103d4a8e019d8d022647a2b9fb2681327
+ * mpi/mpi-cmp.c (do_mpi_cmp): Check size of U an V.
+
+2020-06-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix length computation.
+ + commit 1db1dc7945b111b6e20a8420ad38a358316681ab
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add one only for
+ Edwards case.
+
+2020-06-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add SM4 x86-64/AES-NI/AVX2 implementation.
+ + commit 35a78eb248d6bacd2a58477a122a0020d796ce63
+ * cipher/Makefile.am: Add 'sm4-aesni-avx2-amd64.S'.
+ * cipher/sm4-aesni-avx2-amd64.S: New.
+ * cipher/sm4.c (USE_AESNI_AVX2): New.
+ (SM4_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'.
+ [USE_AESNI_AVX2] (_gcry_sm4_aesni_avx2_ctr_enc)
+ (_gcry_sm4_aesni_avx2_cbc_dec, _gcry_sm4_aesni_avx2_cfb_dec)
+ (_gcry_sm4_aesni_avx2_ocb_enc, _gcry_sm4_aesni_avx2_ocb_dec)
+ (_gcry_sm4_aesni_avx_ocb_auth): New.
+ (sm4_setkey): Enable AES-NI/AVX2 if supported by HW.
+ (_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
+ (_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth) [USE_AESNI_AVX2]: Add
+ AES-NI/AVX2 bulk functions.
+ * configure.ac: Add ''sm4-aesni-avx2-amd64.lo'.
+
+ Add SM4 x86-64/AES-NI/AVX implementation.
+ + commit c9a3f1bb91e63033e3bf3e06bdd6075622626d0d
+ * cipher/Makefile.am: Add 'sm4-aesni-avx-amd64.S'.
+ * cipher/sm4-aesni-avx-amd64.S: New.
+ * cipher/sm4.c (USE_AESNI_AVX, ASM_FUNC_ABI): New.
+ (SM4_context) [USE_AESNI_AVX]: Add 'use_aesni_avx'.
+ [USE_AESNI_AVX] (_gcry_sm4_aesni_avx_expand_key)
+ (_gcry_sm4_aesni_avx_crypt_blk1_8, _gcry_sm4_aesni_avx_ctr_enc)
+ (_gcry_sm4_aesni_avx_cbc_dec, _gcry_sm4_aesni_avx_cfb_dec)
+ (_gcry_sm4_aesni_avx_ocb_enc, _gcry_sm4_aesni_avx_ocb_dec)
+ (_gcry_sm4_aesni_avx_ocb_auth, sm4_aesni_avx_crypt_blk1_8): New.
+ (sm4_expand_key) [USE_AESNI_AVX]: Use AES-NI/AVX key setup.
+ (sm4_setkey): Enable AES-NI/AVX if supported by HW.
+ (_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
+ (_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth) [USE_AESNI_AVX]: Add
+ AES-NI/AVX bulk functions.
+ * configure.ac: Add ''sm4-aesni-avx-amd64.lo'.
+
+ Optimizations for SM4 cipher.
+ + commit 81fee26bbbae820a311a3ce3ac55e304655c2acd
+ * cipher/cipher.c (_gcry_cipher_open_internal): Add SM4 bulk
+ functions.
+ * cipher/sm4.c (ATTR_ALIGNED_64): New.
+ (sbox): Convert to ...
+ (sbox_table): ... this structure for sbox hardening as is done
+ for AES and GCM.
+ (prefetch_sbox_table): New.
+ (sm4_t_non_lin_sub): Make inline; Optimize sbox access pattern.
+ (sm4_key_lin_sub): Make inline; Tune slightly.
+ (sm4_key_sub, sm4_enc_sub): Make inline.
+ (sm4_round): Make inline; Take 'x' as separate parameters instead
+ of array.
+ (sm4_expand_key): Return void; Drop keylen; Unroll loops by 4;
+ Wipe sensitive variables at end; Move key-length check to
+ 'sm4_setkey'.
+ (sm4_setkey): Add initial self-test step; Add key-length check;
+ Remove burn stack (as variables wiped in 'sm4_expand_key').
+ (sm4_do_crypt): Return burn stack depth; Unroll loops by 4.
+ (sm4_encrypt, sm4_decrypt): Prefetch sbox table; Return burn
+ stack from 'sm4_do_crypt', as allows tail-call optimization
+ by compiler.
+ (sm4_do_crypt_blks2): New two parallel block function for greater
+ instruction level parallelism.
+ (sm4_crypt_blocks, _gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec)
+ (_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New
+ bulk processing functions.
+ (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): New
+ bulk processing self-tests.
+ (sm4_selftest): Clear SM4 context before use; Use 'sm4_expand_key'
+ instead of 'sm4_setkey'; Call bulk processing self-tests.
+ * src/cipher.h (_gcry_sm4_ctr_enc, _gcry_sm4_ctr_dec)
+ (_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New.
+ * tests/basic.c (check_ocb_cipher): Add SM4-OCB test vector.
+
+2020-06-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: For Ed448, it's only for EdDSA.
+ + commit a6177e1bc948a7af052d62bcd62aa6b5825bfaff
+ * cipher/ecc.c (ecc_sign): Ed448 is only for EdDSA.
+ Hash algo is determined by the curve.
+ (ecc_verify): Likewise.
+ * tests/t-ed448.c (one_test): Don't specify (flags eddsa).
+ Don't specify hash-algo.
+
+ ecc: Fix the condition for EdDSA data handling.
+ + commit f2847d56cce2afdd993f797812a673495a41c234
+ * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): It may be
+ the encoding context which determines EdDSA. Hash-algo can be
+ omitted. Flags are OR-ed.
+
+ ecc: Support EdDSA with context and enabling PH(M).
+ + commit ba78ad8f19674b94edfdf4998f40feee081481bc
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Simplify.
+ (DOM4_0_NONE, DOM4_0_NONE_LEN): Remove.
+ (DOM25519, DOM25519_LEN): New.
+ (DOM448, DOM448_LEN): New.
+ (_gcry_ecc_eddsa_sign): Support EdDSA with context and PH.
+ (_gcry_ecc_eddsa_verify): Likewise.
+ * tests/t-ed448.c: Add tests with context and PH=1.
+ * tests/t-ed448.inp: Add test data.
+
+ ecc: Change EdDSA internal API.
+ + commit 2856ac14ae3e4c9e6288e1f0d8bc1945bb874081
+ * cipher/ecc-common.h (_gcry_ecc_eddsa_sign): Last arg is CTX.
+ (_gcry_ecc_eddsa_verify): Ditto.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Get hash algo from CTX.
+ (_gcry_ecc_eddsa_verify): Ditto.
+ * cipher/ecc.c (ecc_sign, ecc_verify): Follow the change.
+
+2020-06-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Support "label" for EdDSA context in data.
+ + commit 1cf49754694611620fd383327cf127e91f6883df
+ * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Handle ctx->label.
+
+ ecc: Initialize key before handling data.
+ + commit d51a9c259d49c63121fab48bce48d826e9b57733
+ * cipher/ecc.c (ecc_sign): Initialize key at first.
+ (ecc_verify): Likewise.
+
+ ecc: Add new flag "prehash".
+ + commit 9a640eba6dd7504c90a65151cdaf1e4093a8b475
+ * src/cipher.h (PUBKEY_FLAG_PREHASH): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse it.
+
+ ecc: No (flags eddsa) required for Ed448.
+ + commit b1721f9b291a4c226caa2bfbe4fefe8fde5216e0
+ * cipher/ecc.c (check_secret_key): Ed448 means EdDSA.
+ (ecc_generate): Likewise.
+ * tests/t-ed448.c (one_test): Remove the flag in key.
+
+ ecc: Support Ed448 by _gcry_ecc_compute_public.
+ + commit 5585ee4947082f932ee01d93dfe295c769e96671
+ * cipher/ecc-misc.c (_gcry_ecc_compute_public): Handle Ed448.
+
+2020-06-16 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+ tests: Add basic test-vectors for SM4.
+ + commit c1535d0b8797e9b3bbfb5193b6ab23bf788ffd36
+ * tests/basic.c (check_ciphers): Add SM4 check and test-vectors.
+
+ Add SM4 symmetric cipher algorithm.
+ + commit ddcce166ab8bc6f51f5b509bcbea13a8746384ec
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm4.c.
+ * cipher/cipher.c (cipher_list, cipher_list_algo301): Add
+ _gcry_cipher_spec_sm4.
+ * cipher/mac-cmac.c (map_mac_algo_to_cipher): Add cmac SM4.
+ (_gcry_mac_type_spec_cmac_sm4): Add cmac SM4.
+ * cipher/mac-internal.h: Declare spec_cmac_sm4.
+ * cipher/mac.c (mac_list, mac_list_algo201): Add cmac SM4.
+ * cipher/sm4.c: New.
+ * configure.ac (available_ciphers): Add sm4.
+ * doc/gcrypt.texi: Add SM4 document.
+ * src/cipher.h: Add declarations for SM4 and cmac SM4.
+ * src/gcrypt.h.in (gcry_cipher_algos): Add algorithm ID for SM4.
+
+2020-06-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ doc: add GCRY_MD_SM3, GCRY_MAC_HMAC_SM3 and GCRY_MAC_GOST28147_IMIT.
+ + commit 6c571bfda6409d7d668f5d44cea0c6c31e2688be
+ * doc/gcrypt.texi: add GCRY_MD_SM3, GCRY_MAC_HMAC_SM3 and
+ GCRY_MAC_GOST28147_IMIT.
+
+2020-06-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix Ed448 key generation.
+ + commit c15cc1a38199cf0d758579eb01d0e88c99cd4b80
+ * cipher/ecc.c (ecc_generate): Fix point representation for Ed448.
+
+ ecc,test: Add testing Ed448.
+ + commit c7779e499e9051ee79ed720f576dbf40d90cdfb1
+
+
+ ecc: Support Ed448 for verify.
+ + commit d1baad35c65030e41fcba69854c57032eee0d111
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Support Ed448.
+
+ ecc: Support Ed448 signing.
+ + commit 951b37c5038667b461692454397bb058b5e1e184
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Support Ed448.
+
+ ecc: Use SHAKE256 in EdDSA with Ed448.
+ + commit 32d6d73d44d372dd1ec0b08ba03f1b7b085c09d9
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Fix for SHAKE256.
+
+ ecc: Support shake128 and shake256 for message digest.
+ + commit f6815a96e51be44a361ddcd3a20a5b969b1dab1b
+ * cipher/pubkey-util.c (get_hash_algo): Add shake128 and shake256.
+
+ ecc: Support Ed448 for key generation.
+ + commit e25446ecc04442b399302ce72db6d5ea2e9e85e8
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Support Ed448.
+ (_gcry_ecc_eddsa_genkey): Support Ed448, using
+ _gcry_ecc_eddsa_compute_h_d.
+
+ ecc: Support Ed448 in decoding point.
+ + commit bd22b029bbf50737f90535c506fba4f812bcf040
+ * cipher/ecc-eddsa.c (ecc_ed448_recover_x): New.
+ (_gcry_ecc_eddsa_recover_x): Support Ed448.
+ (_gcry_ecc_eddsa_decodepoint): Support Ed448.
+ * mpi/ec.c (_gcry_mpi_ec_decode_point): For Ed448, use
+ _gcry_ecc_eddsa_decodepoint.
+
+ ecc: Add new curve: Ed448.
+ + commit 339b03acf0971a31997901dd674fb75c4dde31d0
+ * cipher/ecc-curves.c (curve_aliases): Add Ed448.
+ (domain_parms): Add domain parameters for Ed448.
+ * tests/curves.c (N_CURVES): Increment.
+
+ ecc: Fix EdDSA encoding for Ed448.
+ + commit 3386aaf84d4d89b6ff931533df2ff82ed3f7c7f9
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fix point/scalar
+ length condition.
+ * cipher/ecc-eddsa.c (eddsa_encodempi): The second argument is NBITS.
+ (eddsa_encode_x_y): Likewise.
+ (_gcry_ecc_eddsa_encodepoint): Follow the change.
+ (_gcry_ecc_eddsa_ensure_compact): Likewise.
+ (_gcry_ecc_eddsa_decodepoint): Likewise.
+ (_gcry_ecc_eddsa_sign): Likewise. Remove restriction of 256 bits.
+
+2020-06-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix NBITS in domain_parms.
+ + commit db7b2c591004868abedbc2c19d3bb2efebf8529d
+ * cipher/ecc-curves.c (cipher/ecc-curves.c): It's NBITS of 'p'.
+
+2020-06-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: fix UBSAN warning on left shift by 24 places with type 'int'
+ + commit 6cdd7268fe19b066ddb373e2f3c0b7ebf9b938dd
+ * cipher/rijndael.c (do_encrypt_fn, do_decrypt_fn): Cast final
+ sbox/inv_sbox look-ups to 'u32' type.
+
+ Disable all assembly modules with --disable-asm.
+ + commit 3060aadec396802af13f08c4b2dd1b28f2a68c5d
+ * configure.ac (try_asm_modules): Update description,
+ "MPI" => "MPI and cipher".
+ (gcry_cv_gcc_arm_platform_as_ok, gcry_cv_gcc_aarch64_platform_as_ok)
+ (gcry_cv_gcc_inline_asm_ssse3, gcry_cv_gcc_inline_asm_pclmul)
+ (gcry_cv_gcc_inline_asm_shaext, gcry_cv_gcc_inline_asm_sse41)
+ (gcry_cv_gcc_inline_asm_avx, gcry_cv_gcc_inline_asm_avx2)
+ (gcry_cv_gcc_inline_asm_bmi2, gcry_cv_gcc_amd64_platform_as_ok)
+ (gcry_cv_gcc_platform_as_ok_for_intel_syntax)
+ (gcry_cv_cc_arm_arch_is_v6, gcry_cv_gcc_inline_asm_neon)
+ (gcry_cv_gcc_inline_asm_aarch32_crypto)
+ (gcry_cv_gcc_inline_asm_aarch64_neon)
+ (gcry_cv_gcc_inline_asm_aarch64_crypto)
+ (gcry_cv_cc_ppc_altivec, gcry_cv_gcc_inline_asm_ppc_altivec)
+ (gcry_cv_gcc_inline_asm_ppc_arch_3_00): Check for "try_asm_modules".
+ * mpi/config.links: Set "mpi_cpu_arch" to "disabled"
+ with --disable-asm.
+
+2020-06-05 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ mpicalc: fix typo.
+ + commit 2dd3e27fc53cf408f799d2e7b379c1441e0d62c8
+ * src/mpicalc.c (print_help): fix typo in commands description.
+
+2020-06-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Fix flags in mpi_copy for opaque MPI.
+ + commit 78a5a1aa7627afaa24e2ea1eb9b08f1cfdd71561
+ * mpi/mpiutil.c (_gcry_mpi_copy): Copy flags.
+
+2020-06-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Use opaque MPI for 'd' of Ed25519/EdDSA.
+ + commit 0d8346f84a1f5865da3375ce92420d92fb5ae652
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add FLAGS.
+ Use opaque MPI for Ed25519/EdDSA, too.
+ (_gcry_mpi_ec_internal_new): Follow the change.
+ (_gcry_mpi_ec_new): Likewise.
+
+2020-06-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ cipher-ocb: fix out-of-array stack memory access.
+ + commit 8cfaeae42522778052c36fceccab504826a30cbf
+ * cipher/cipher-ocb.c (bit_copy): Do not access memory beyond
+ 's' array when bitoff > 8.
+
+2020-06-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: More fix of off-by-one mistake mpi_invm_pow2.
+ + commit 6a2cd0fe78a9cdc78911694a84b08762dd8658b4
+ * mpi/mpi-inv.c (mpi_invm_pow2): Avoid out-of-band read/write.
+
+ ecc: Consistently handle parameters as unsigned value.
+ + commit 6f8b1d4cb798375e6d830fd6b73c71da93ee5f3f
+ * cipher/ecc-curves.c (_gcry_ecc_get_curve): Parse as unsigned value.
+
+2020-05-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ sexp: Fix coding of line break.
+ + commit 33c972b6a6fe79aacb0a732d1df9a9deacafca29
+ * src/sexp.c (_gcry_sexp_vextract_param): Add missing newline.
+
+2020-05-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Make sure it's the fixed size bytes.
+ + commit eb2288f3b1f338a9aec11d559ec84bdb201960e1
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Checking the size
+ of EC point representation, return GPG_ERR_INV_OBJ if not valid.
+
+2020-05-13 Werner Koch <wk@gnupg.org>
+
+ ecc: Detect the use of a Montgomery curve earlier in ecc_verify.
+ + commit d0f995afe2e0228d3b9e30b0fc7091631d7d0090
+ * cipher/ecc.c (ecc_verify): Do not allow a Montgomery curve.
+
+2020-05-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Fix off-by-one mistake mpi_invm_pow2.
+ + commit 69b55f87053ce2494cd4b38dc600f867bc4355be
+ * mpi/mpi-inv.c (mpi_invm_pow2): Avoid out-of-band read/write.
+
+2020-05-12 Werner Koch <wk@gnupg.org>
+
+ ecc: Initialize a dummy parameter.
+ + commit 75a7b17878e02c3882070d6c86e0d2efbc3d680a
+ * cipher/ecc.c (ecc_verify): Rename flags to dummy_flags and
+ initialize.
+
+2020-05-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ tests/benchmark.c: fix error message for invalid MAC algo.
+ + commit 79e196a610b1b734a1f573288b148d62787f5281
+
+
+2020-04-27 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+ ecc: Fix typo error in ecc-gost.
+ + commit fe688ce7e14f14d7d3a7e16aa0304d24b5b1a179
+ * cipher/ecc-gost.c (_gcry_ecc_gost_verify): Fix typo in comment.
+
+2020-04-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Fix the return value of mpi_invm_generic.
+ + commit f10eb240a30ac115cfeb63848c67a936e1059ab9
+ * mpi/mpi-inv.c (mpi_invm_generic): Return correct value.
+
+2020-04-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Fix return value of mpi_invm_generic.
+ + commit bc3b6a6a45cf9fa6cc0556da870628c53570f52f
+ * mpi/mpi-inv.c (mpi_invm_generic): Return 0 if inverse does not exist.
+
+ mpi: More use of mpih API for _gcry_mpi_invm.
+ + commit 559ba9b36c9cdf4762d28beb3b4c59665c671818
+ * mpi/mpi-inv.c (mpi_invm_pow2): Remove.
+ (_gcry_mpi_invm): Use mpih_invm_pow2 instead.
+
+ mpi: Use mpih interface internally for mpi-inv.
+ + commit beefbb90d71d7fbd0b4429472b7d4b39670ff64b
+ * mpi/mpi-inv.c (mpih_invm_pow2): Converted from mpi_invm_pow2.
+ (mpi_invm_pow2): Use mpih_invm_pow2.
+
+ mpi: Fix size of A in mpi_invm_pow2.
+ + commit efa5151ea1c2a2c049b2651581e71b6becba4e16
+ * mpi/mpi-inv.c (mpi_invm_pow2): Fix size of A.
+
+2020-04-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: More fix for _gcry_mpi_invm.
+ + commit f81a1dd7317513000e5bc4d1bfffd6d2bfb8c2a2
+ * mpi/mpi-inv.c (_gcry_mpi_invm): Fix comments and use of CRT path.
+
+2020-04-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Fix off-by-one mistake mpi_invm_pow2.
+ + commit 3bb9f74764b3626ed1116fc7e517921232d6be54
+ * mpi/mpi-inv.c (mpi_invm_pow2): Fix computation of iterations.
+
+2020-04-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Use mpi_invm_pow2 for mpi_invm.
+ + commit bac01a6cfb3d645ff8439cbd3b310d255735d792
+ * mpi/mpi-inv.c (_gcry_mpi_invm): Use mpi_invm_pow2.
+
+ mpi: Fix mpi_invm_pow2.
+ + commit 2a3c58a0b4db01c17da0bf8c035fb1def2af114c
+ * mpi/mpi-inv.c (mpi_invm_pow2): Fix the algo implementation.
+
+2020-04-19 Dmitry Baryshkov <dbaryshkov@gmail.com>
+
+ gost28147: implement special MAC mode called imitovstavka (IMIT)
+ + commit 45f21f871982753716d4a7676d948e8c7d644db5
+ * src/gcrypt.h.in (GCRY_MAC_GOST28147_IMIT): New.
+ * cipher/gost28147.c (gost_imit_open, gost_imit_close)
+ (gost_imit_setkey, gost_imit_setiv, gost_imit_reset, _gost_imit_block)
+ (gost_imit_block, gost_imit_write, gost_imit_finish, gost_imit_read)
+ (gost_imit_verify, gost_imit_get_maclen, gost_imit_get_keylen)
+ (gost_imit_set_extra_info): New functions implementing GOST 28147-89
+ MAC (imitovstavka, IMIT) mode.
+ * cipher/gost28147.c (gost_imit_ops)
+ (_gcry_mac_type_spec_gost28147_imit): declare GOST 28147-89 IMIT
+ handler.
+ * cipher/mac-internal.h (gcry_mac_handle): add fields to support GOST
+ 28147-89 IMIT mode.
+ * cipher/mac.c (mac_list): add _gcry_mac_type_spec_gost28147_imit.
+ (spec_from_algo): handle GCRY_MAC_GOST28147_IMIT.
+ * tests/basic.c (check_mac): add GOST28147-89 IMIT test vector.
+
+ mac: add support for gcry_mac_ctl(GCRYCTL_SET_SBOX)
+ + commit d7fa70ed9ddc6e0189a8b59016b1f17717a26865
+ * cipher/mac-internal.h (gcry_mac_spec_ops_t): add set_extra_info field
+ for providing additional settings.
+ * cipher/mac.c (_gcry_mac_ctl): support GCRYCTL_SET_SBOX call.
+ * cipher/mac-cmac.c (cmac_ops): set set_extra_info to NULL.
+ * cipher/mac-gmac.c (gmac_ops): the same.
+ * cipher/mac-hmac.c (hmac_ops): the same.
+ * cipher/mac-poly1305.c (poly1305mac_ops): the same.
+
+2020-04-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Use mpi_invm_pow2 for N=2^k.
+ + commit 469e2fefb64e3a4bd80995935f82caf416e3a4ae
+ * mpi/mpi-inv.c (mpi_invm_pow2): Fix.
+ (_gcry_mpi_invm): Use mpi_invm_pow2.
+
+ mpi: Rewrite mpi_invm_odd into mpih_invm_odd.
+ + commit 05ceac8e2f6f28f97428c005d0a318d71d7cf9d9
+ * mpi/mpi-inv.c (mpih_invm_odd): Use mpi_ptr_t API.
+ (_gcry_mpi_invm): Use _gcry_mpih_mod and mpih_invm_odd.
+
+ mpi: Add _gcry_mpih_cmp_ui.
+ + commit 128045a12139fe2e4be877df59da10c7d4857d9a
+ * mpi/mpih-const-time.c (_gcry_mpih_cmp_ui): New.
+
+ mpi: Add internal functipn mpi_invm_pow2.
+ + commit 515bd6e9fae448e966f71e23635503716201158d
+ * mpi/mpi-inv.c (mpi_invm_pow2): New.
+
+2020-04-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Add mpi_set_bit_cond.
+ + commit a91bd0211c4e5f0ce575b3a63a36049dd9edbf90
+ * mpi/mpiutil.c (_gcry_mpi_set_bit_cond): New.
+ * src/mpi.h (mpi_set_bit_cond): New macro.
+ (_gcry_mpi_set_bit_cond): New.
+
+ mpi: Add _gcry_mpih_mod.
+ + commit 95bdfd9ce9e114f447f3639e551e8f4f63d024fe
+ * mpi/mpi-internal.h (mpih_mod, _gcry_mpih_mod): New.
+ * mpi/mpih-const-time.c (_gcry_mpih_mod): New.
+
+ mpih: Expose const-time MPI helper functions.
+ + commit 9b7e0d89006fce0641da05d8ef2696b1fb73145b
+ * mpi/Makefile.am (libmpi_la_SOURCES): Add mpih-const-time.c.
+ * mpi/ec.c (mpih_set_cond): Move to mpih-const-time.c.
+ * mpi/mpi-internal.h: Add macros and declarations.
+ * mpi/mpi-inv.c (mpih_add_n_cond): Likewise.
+ (mpih_sub_n_cond, mpih_swap_cond, mpih_abs_cond): Likewise.
+ * mpi/mpih-const-time.c: New.
+
+2020-04-14 Werner Koch <wk@gnupg.org>
+
+ sexp: Extend gcry_sexp_extract_param with a multi-string extractor.
+ + commit 32b08e38628b3ed409054db05a7f73b1ab86464a
+ * src/sexp.c (_gcry_sexp_vextract_param): Implement "%#s" control
+ sequence.
+
+2020-04-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Remove hard-coded value for ECC_DIALECT_ED25519.
+ + commit 0ff36e04f7cdef961610e7bc674a9c9ef0fd4853
+ * mpi/ec.c (ec_p_init): Remove special handling for Ed25519.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_encodepoint): Fix assumption
+ ec->nbits is 256 for EdDSA.
+ (_gcry_ecc_eddsa_decodepoint): Likewise.
+ (_gcry_ecc_eddsa_verify): Likewise.
+
+2020-04-09 Werner Koch <wk@gnupg.org>
+
+ sexp: Extend gcry_sexp_extract_param with new format specifiers.
+ + commit 60c179b59e538aebb3a5f7621d92eee60b90c785
+ * src/sexp.c (_gcry_sexp_vextract_param): Add new conversion methods.
+ * tests/t-sexp.c (check_extract_param): Add corresponding tests.
+
+2020-04-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ ppc: avoid using vec_vsx_ld/vec_vsx_st for 2x64-bit vectors.
+ + commit 1250a9cd859d99f487ca8d76a98d70d464324bbe
+ * cipher/crc-ppc.c (CRC_VEC_U64_LOAD, CRC_VEC_U64_LOAD_LE)
+ (CRC_VEC_U64_LOAD_BE): Remove vec_vsx_ld usage.
+ (asm_vec_u64_load, asm_vec_u64_load_le): New.
+ * cipher/sha512-ppc.c (vec_vshasigma_u64): Use '__asm__' instead of
+ 'asm' for assembly block.
+ (vec_u64_load, vec_u64_store): New.
+ (_gcry_sha512_transform_ppc8): Use vec_u64_load/store instead of
+ vec_vsx_ld/vec_vsx_st.
+ * configure.ac (gcy_cv_cc_ppc_altivec)
+ (gcy_cv_cc_ppc_altivec_cflags): Add check for vec_vsx_ld with
+ 'unsigned int *' pointer type.
+
+2020-04-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ asm-poly1305-aarch64: fix building with clang.
+ + commit 89b3ded8df969fe5fb31313c60419dd34d36b605
+ * cipher/asm-poly1305-aarch64.h (POLY1305_BLOCK_PART25): Use correct
+ instruction format for right-shifting.
+
+2020-03-31 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ libgcrypt.m4: Fix spelling.
+ + commit 6a5743469a4366b1e238d378e427442f04400950
+
+
+ libgcrypt.m4: Fix spelling.
+ + commit e16e7e619183f36720d17855419860d1dc6fe3a5
+
+
+2020-03-20 Dmitry Baryshkov <dbaryshkov@gmail.com>
+
+ tests/basic: add GOST 28147 keymeshing testcase from LibreSSL testsuite.
+ + commit 3441f4c94c49a589c5e323b1526d2d6b5974cf2f
+ * tests/basic.c (check_cfb_cipher): add check for GOST 28147 CFB with
+ KeyMeshing enabled.
+
+ gost28147: add support for CryptoPro key meshing per RFC 4357.
+ + commit dcee00adbd1c0a2cde1aeed1bb94421e81d0de3b
+ * cipher/gost28147.c (gost_do_set_sbox, cryptopro_key_meshing,
+ CryptoProMeshingKey, gost_encrypt_block_mesh): New.
+ (_gcry_cipher_spec_gost28147_mesh): New cipher with keymeshing,
+ (_gcry_cipher_spec_gost28147): Remove OIDs for this cipher should not
+ be selected using these OIDs (they are for CFB with keymeshing).
+
+ * cipher/cipher.c (cipher_list, cipher_list_algo301): add
+ _gcry_cipher_spec_gost28147_mesh.
+
+ * src/gcrypt.h.in (GCRY_CIPHER_GOST28147_MESH): New cipher with
+ keymeshing.
+
+ * doc/gcrypt.texi (GCRY_CIPHER_GOST28147_MESH): Add definition.
+
+ * tests/basic.c (check_gost28147_cipher, check_gost28147_cipher_basic):
+ Run basic tests on GCRY_CIPHER_GOST28147_MESH.
+
+ gost: add keymeshing support per RFC 4357.
+ + commit 18cd3f0c473ae909cdaa5a820faef50d7670fcbb
+ * cipher/gost-s-box.c (gost_sbox): define if keymeshing should be
+ enabled or not.
+ (main): output whether we should enable or disable keymeshing for a
+ particular parameters set.
+
+2020-03-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ DSA,ECDSA: Fix use of mpi_invm.
+ + commit ada758e3019c2585213a132960613b1ac48502b8
+ * cipher/dsa.c (sign): Call mpi_invm before _gcry_dsa_modify_k.
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
+
+ mpi: Constant time mpi_inv with some conditions.
+ + commit 20082ca965eab5665af60956c4ed72709836b1ed
+ * mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
+ (mpih_abs_cond): New.
+ (mpi_invm_odd): New.
+ (mpi_invm_generic): Rename from _gcry_mpi_invm.
+ (_gcry_mpi_invm): Use mpi_invm_odd for usual odd cases.
+
+2020-03-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Support opaque MPI with gcry_mpi_print.
+ + commit b4b04ae6c2e55bc2b24efc663d1eeaa0b3613f4c
+ * mpi/mpicoder.c (_gcry_mpi_get_buffer): Return the bytes as-is.
+
+2020-03-09 Werner Koch <wk@gnupg.org>
+
+ mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr.
+ + commit afbab896fa04d9481dbb9f4d01f607b12e31dcbf
+ * mpi/mpi-div.c (_gcry_mpi_tdiv_qr): Error out on division by zero.
+
+2020-02-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: More accurate dependency to -lgpg-error.
+ + commit 9b8ac13761f0407bd701e43b0a65fbada204958f
+ * configure.ac (LIBGCRYPT_CONFIG_LIBS): Remove DL_LIBS.
+ * src/libgcrypt.c.in: Distinguish static link use case.
+ * tests/Makefile.am: Fix use of -lgpg-error.
+
+ build: Fix linking -ldl.
+ + commit c21e5d72e24e62752559f92b1825287298ae2f03
+ * src/Makefile.am (libgcrypt_la_LIBADD): Add DL_LIBS.
+ (mpicalc_LDADD): Remove DL_LIBS.
+ * tests/Makefile.am (standard_ldadd): Remove DL_LIBS.
+
+2020-02-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ crc-ppc: fix bad register used for vector load/store assembly.
+ + commit b64b029318e7d0b66123015146614118f466a7a9
+ * cipher/crc-ppc.c (CRC_VEC_U64_LOAD_BE): Move implementation to...
+ (asm_vec_u64_load_be): ...here; Add "r0" to clobber list for load
+ instruction when offset is not zero; Add zero offset path.
+
+ rinjdael-aes: use zero offset vector load/store when possible.
+ + commit 89776d45c824032409f581e5fd1db6bf149df57f
+ * cipher/rijndael-ppc-common.h (asm_aligned_ld, asm_aligned_st): Use
+ zero offset instruction variant when input offset is constant zero.
+ * cipher/rijndael-ppc.c (asm_load_be_noswap)
+ (asm_store_be_noswap): Likewise.
+
+ Add POWER9 little-endian variant of PPC AES implementation.
+ + commit 114bbc45e9717f9ad9641f64d8df8690db8da434
+ * configure.ac: Add 'rijndael-ppc9le.lo'.
+ * cipher/Makefile.am: Add 'rijndael-ppc9le.c', 'rijndael-ppc-common.h'
+ and 'rijndael-ppc-functions.h'.
+ * cipher/rijndael-internal.h (USE_PPC_CRYPTO_WITH_PPC9LE): New.
+ (RIJNDAEL_context_s): Add 'use_ppc9le_crypto'.
+ * cipher/rijndael.c (_gcry_aes_ppc9le_encrypt)
+ (_gcry_aes_ppc9le_decrypt, _gcry_aes_ppc9le_cfb_enc)
+ (_gcry_aes_ppc9le_cfb_dec, _gcry_aes_ppc9le_ctr_enc)
+ (_gcry_aes_ppc9le_cbc_enc, _gcry_aes_ppc9le_cbc_dec)
+ (_gcry_aes_ppc9le_ocb_crypt, _gcry_aes_ppc9le_ocb_auth)
+ (_gcry_aes_ppc9le_xts_crypt): New.
+ (do_setkey, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
+ (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt)
+ [USE_PPC_CRYPTO_WITH_PPC9LE]: New.
+ * cipher/rijndael-ppc.c: Split common code to headers
+ 'rijndael-ppc-common.h' and 'rijndael-ppc-functions.h'.
+ * cipher/rijndael-ppc-common.h: Split from 'rijndael-ppc.c'.
+ (asm_add_uint64, asm_sra_int64, asm_swap_uint64_halfs): New.
+ * cipher/rijndael-ppc-functions.h: Split from 'rijndael-ppc.c'.
+ (CFB_ENC_FUNC, CBC_ENC_FUNC): Unroll loop by 2.
+ (XTS_CRYPT_FUNC, GEN_TWEAK): Tweak generation without vperm
+ instruction.
+ * cipher/rijndael-ppc9le.c: New.
+
+ Add gcry_cipher_ctl command to allow weak keys in testing use-cases.
+ + commit 5beadf201312d0c649971b0c1d4c3827b434a0b5
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add
+ 'marks.allow_weak_key' flag.
+ * cipher/cipher.c (cipher_setkey): Do not handle weak key as error when
+ weak keys are allowed.
+ (cipher_reset): Preserve 'marks.allow_weak_key' flag on object reset.
+ (_gcry_cipher_ctl): Add handling for GCRYCTL_SET_ALLOW_WEAK_KEY.
+ * src/gcrypt.h.in (gcry_ctl_cmds): Add GCRYCTL_SET_ALLOW_WEAK_KEY.
+ * tests/basic.c (check_ecb_cipher): Add tests for weak key errors and
+ for GCRYCTL_SET_ALLOW_WEAK_KEY.
+
+2020-01-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ random: Fix include of config.h.
+ + commit e0898d0628789414da23e0526c87df1885c8b3ae
+ * random/random-drbg.c: Include config.h earlier.
+
+2020-01-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ sexp: fix cast from 'int' pointer to 'size_t' pointer.
+ + commit 8b31091da092e22dba78b2402c2f436bbffc1c73
+ * src/sexp.c (do_vsexp_sscan): Change 'datalen' from 'int' to
+ 'size_t'; Remove &datalen pointer cast to 'size_t *' type.
+
+ mpi/i386: fix DWARF CFI for _gcry_mpih_sub_n and _gcry_mpih_add_n.
+ + commit 5f098f7e6ceb899ac27a0a30ee036de5f1be4e3d
+ * mpi/i386/mpih-add1.S (_gcry_mpih_add_n) [PIC]: Adjust CFI CFA offset
+ when making call and restoring stack pointer.
+ * mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n) [PIC]: Ditto.
+
+2020-01-22 H.J. Lu <hjl.tools@gmail.com>
+
+ i386: Add _CET_ENDBR to indirect jump targets.
+ + commit cb9f0a2df8225eed071ae0a56265e38e9f6ff184
+ * mpi/i386/mpih-add1.S (_gcry_mpih_add_n): Save and restore
+ %ebx if IBT is enabed. Add _CET_ENDBR to indirect jump targets
+ and adjust jump destination for _CET_ENDBR.
+ * mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n): Likewise.
+
+ amd64: Always include <config.h> in cipher assembly codes.
+ + commit 22e577071790834f07753c42a191a568c9f2644d
+ * cipher/camellia-aesni-avx-amd64.S: Always include <config.h>.
+ * cipher/camellia-aesni-avx2-amd64.S: Likewise.
+ * cipher/serpent-avx2-amd64.S: Likewise.
+
+ mpi: Add .note.gnu.property section for Intel CET.
+ + commit 24b4d5c10a97aaf82ac7402cc3a5b429d580cd66
+ * mpi/config.links: Include <cet.h> in <asm-syntax.h>.
+
+ x86: Add .note.gnu.property section for Intel CET.
+ + commit 4c88c2bd2a418435506325cd53246acaaa52750c
+ * configure.ac: Include <cet.h> in <config.h> for assembly
+ codes.
+
+2020-01-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests/basic: add vector cluttering to detect implementation bugs.
+ + commit 4aa8ff904262f331abbb8c988069a7029ca13502
+ * src/global.c (_gcry_check_version): Fix missing newline.
+ * src/basic.c (ALWAYS_INLINE, CLUTTER_REGISTER_*, prepare_vector_data)
+ (clutter_vector_registers): New.
+ (progress_handler): Make static function.
+ (check_bulk_cipher_modes, check_one_cipher_core_reset)
+ (check_one_cipher_core, check_one_md, check_one_md_multi)
+ (check_one_md_final, check_one_mac): Clutter vector registers before
+ gcry_* calls to cipher/md/mac algorithms.
+
+2020-01-22 Marvin W <git@larma.de>
+
+ Set vZZ.16b register to zero before use in armv8 gcm implementation.
+ + commit 79ed620ec46adbb08f5cea6a4865a95a436e4109
+ * cipher/cipher-gcm-armv8-aarch64-ce.S
+ (_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero.
+
+2020-01-21 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+ tests: Add basic test cases for sm2.
+ + commit aa9c78afa1d867bb7b9b3c695cf31a832c9419e5
+ * tests/basic.c (check_pubkey): Add test cases for ecc-sm2.
+
+ Add elliptic curve SM2 implementation.
+ + commit 6b55246c77089dd372eb1807808111660fd789c7
+ * configure.ac (enabled_pubkey_ciphers): Add ecc-sm2.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc-sm2.c.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
+ _gcry_pk_util_preparse_sigval): Add sm2 flags.
+ * cipher/ecc.c: Support ecc-sm2.
+ * cipher/ecc-common.h: Add declarations for ecc-sm2.
+ * cipher/ecc-sm2.c: New.
+ * src/cipher.h: Define PUBKEY_FLAG_SM2.
+
+ ecc: Simplify signature code.
+ + commit 8d9958910e54f3fecbab6e133c3971843f6ef310
+ * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Use implemented function.
+ * cipher/ecc.c (ecc_verify): Remove redundant code.
+
+2020-01-21 NIIBE Yutaka <gniibe@fsij.org>
+ NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix check_pubkey.
+ + commit 95e9cee802419adf6f4b01b29d7874793004fa8d
+ * tests/basic.c (check_pubkey): Fix constants of pubkeys.
+
+2020-01-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ Avoid use of ulong in internal code.
+ + commit 4997139b3e83761c9af0246cec829305c3d7d13b
+ * configure.ac (HAVE_ULONG_TYPEDEF): Remove.
+ * mpi/mpi-div.c (_gcry_mpi_fdiv_r_ui): Use unsigned long.
+ (_gcry_mpi_divisible_ui): Likewise.
+ * random/rndunix.c (_gcry_rndunix_gather_random): Likewise.
+ * random/rndw32.c (_gcry_rndw32_gather_random_fast): Likewise.
+ (ADDINT): Likewise.
+ * random/rndw32ce.c (_gcry_rndw32ce_gather_random_fast): Likewise.
+ * src/mpi.h: Follow the change.
+ * src/types.h (HAVE_ULONG_TYPEDEF): Remove.
+
+2020-01-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ gcrypt.texi: fix GCRYCTL_GET_ALGO_NENCR typo.
+ + commit 5ebb2f0671c902863eee91cbcfc85a72be506410
+ * doc/gcrypt.texi: Fix GCRYCTL_GET_ALGO_NENC to GCRYCTL_GET_ALGO_NENCR.
+
+2020-01-19 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+ mpi: Fix error that point not uninitialized.
+ + commit 7e3aac7ba49b3b6e6c5ebe7c880b5b323c423ef7
+ * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Initialize E->G poing
+
+ ecc: Wrong flag and elements_enc fix.
+ + commit 43cfc1632dd3a9579a906f31cd3b6c88d242d1a5
+ * cipher/ecc.c (ecc_generate): Fix wrong flag and elements_enc.
+
+ Update .gitignore.
+ + commit 176a5f162acd0cfebc5517d061205681bc3658d0
+
+
+2020-01-16 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+ Add new curve named sm2p256v1.
+ + commit d154c1e9e11019980253f0a65758932cd0656470
+ * cipher/ecc-curves.c (domain_parms): Add sm2p256v1 for SM2.
+ * tests/curves.c (N_CURVES): Update N_CURVES for SM2.
+
+2019-12-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-ppc: performance improvements.
+ + commit 110077505acacae62cec3d09b32a084b9cee0368
+ * cipher/rijndael-ppc.c (ALIGNED_LOAD, ALIGNED_STORE, VEC_LOAD_BE)
+ (VEC_STORE_BE): Rewrite.
+ (VEC_BE_SWAP, VEC_LOAD_BE_NOSWAP, VEC_STORE_BE_NOSWAP): New.
+ (PRELOAD_ROUND_KEYS, AES_ENCRYPT, AES_DECRYPT): Adjust to new
+ input parameters for vector load macros.
+ (ROUND_KEY_VARIABLES_ALL, PRELOAD_ROUND_KEYS_ALL)
+ (AES_ENCRYPT_ALL): New.
+ (vec_bswap32_const_neg): New.
+ (vec_aligned_ld, vec_aligned_st, vec_load_be_const): Rename to...
+ (asm_aligned_ls, asm_aligned_st, asm_load_be_const): ...these.
+ (asm_be_swap, asm_vperm1, asm_load_be_noswap)
+ (asm_store_be_noswap): New.
+ (vec_add_uint128): Rename to...
+ (asm_add_uint128): ...this.
+ (asm_xor, asm_cipher_be, asm_cipherlast_be, asm_ncipher_be)
+ (asm_ncipherlast_be): New inline assembly functions with volatile
+ keyword to allow manual instruction ordering.
+ (_gcry_aes_ppc8_setkey, aes_ppc8_prepare_decryption)
+ (_gcry_aes_ppc8_encrypt, _gcry_aes_ppc8_decrypt)
+ (_gcry_aes_ppc8_cfb_enc, _gcry_aes_ppc8_cbc_enc)
+ (_gcry_aes_ppc8_ocb_auth): Update to use new&rewritten helper macros.
+ (_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_dec)
+ (_gcry_aes_ppc8_ctr_enc, _gcry_aes_ppc8_ocb_crypt)
+ (_gcry_aes_ppc8_xts_crypt): Update to use new&rewritten helper
+ macros; Tune 8-block parallel paths with manual instruction ordering.
+
+ rijndael-ppc: fix bad register used for vector load/store assembly.
+ + commit 0837d7e6be3e604c1f7b86d18c582d8aa7ed858c
+ * cipher/rijndael-ppc.c (vec_aligned_ld, vec_load_be, vec_aligned_st)
+ (vec_store_be): Add "r0" to clobber list for load/store instructions.
+
+2019-12-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ cipher: fix typo in error log.
+ + commit 5b9ea3df0dc355d77b9f061f63064614a97b8b67
+ * cipher/cipher.c (_gcry_cipher_encrypt): Fix log "cipher_decrypt: ..."
+ to "cipher_encrypt: ...".
+
+2019-11-21 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ gost28147: inline gost_val function to speed up code.
+ + commit e5c4cf0efb8fd297963e6b4392ab98c41dbad536
+ * cipher/gost28147.c (gost_val): mark function as inline
+
+ gost28147: do not use GOST28147_CONTEXT outside of GOST 28147 calculation
+ + commit f9894240bed36eab17fabf5aa482799b148618e2
+ * cipher/gost28147.c (_gcry_gost_enc_data): remove unused context
+ argument
+ * cipher/gostr3411-94.c (GOSTR3411_CONTEXT, gostr3411_init,
+ do_hash_step): remove unused GOST 28147-89 context.
+
+ gost28147: simplify internal code.
+ + commit d164a8e7f6829163f1279517f07b61805311f8f2
+ * cipher/gost28147.c (gost_val, _gost_encrypt_data): don't use gost
+ context internally
+ * cipher/gost28147.c (gost_encrypt_block, gost_decrypt_block,
+ _gcry_gost_enc_data): adapt to internal changes.
+
+ gostr3411-94: small speedup.
+ + commit 8f573a67d12e6d9026f1676a6dae7813105bc490
+ * cipher/gostr3411-94.c (do_p): unroll loop for a small spedup
+
+2019-11-18 Paul Wolneykien <manowar@altlinux.org>
+
+ ecc: update GOST2012 curves.
+ + commit a3a866f63e7a527fe3c053758b84d70c142f8283
+ * cipher/ecc-curves.c (domain_parms): rename GOST 2012 curves to contain
+ curve bit size
+ (curve_aliases): rename curves, provide backwards-compatible
+ aliases, add new OIDs and two new curves.
+ * cipher/ecc-curves.c (curve_aliases): add new OIDs and aliases for
+ * tests/basic.c (check_pubkey): use new name for GOST2012 512-bit test
+ curve.
+ * tests/benchmark.c (ecc_bench): use new name for GOST2012 512-bit test
+ curve.
+
+2019-11-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ ec: fix left shift overflows on WIN64 build.
+ + commit bdbd032d1626dbb34e1840e5f5393524dd546a1d
+ * mpi/ec.c (ec_mulm_448): Cast constants to (mpi_limb_t) before
+ shifting left by 32.
+
+ mpi/amd64: use SSE2 for shifting instead of MMX.
+ + commit 1322c6a5d1e9aa0c69a2b259aa5ec7bcf5cb5653
+ * mpi/amd64/mpih-lshift.S: Convert to SSE2.
+ * mpi/amd64/mpih-rshift.S: Ditto.
+
+ Add i386/SSSE3 implementation of SHA512.
+ + commit b52dde860963c794b12d14b0a9c5848bca7ba51e
+ * LICENSES: Add 'sha512-ssse3-i386.c'.
+ * configure.ac: Add 'sha512-ssse3-i386.lo'.
+ * cipher/Makefile.am: Add 'sha512-ssse3-i386.c'.
+ * cipher/sha512-ssse3-i386.c: New.
+ * cipher/sha512.c (USE_SSSE3_I386, _gcry_sha512_transform_i386_ssse3)
+ (do_sha512_transform_i386_ssse3): New.
+ (_gcry_sha512_transform_arm) [USE_SSSE3_I386]: Use i386/SSSE3 transform
+ function if supported by CPU.
+
+2019-10-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add Curve for X448 with ECC_DIALECT_SAFECURVE.
+ + commit d9c418305e1053decebefbd5a98a95f845404a09
+ * cipher/ecc-curves.c (domain_parms): Add X448.
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Support X448.
+ * mpi/ec.c (ec_addm_448, ec_subm_448, ec_mulm_448): New.
+ (ec_mul2_448, ec_pow2_448): New.
+ (field_table): Add for X448.
+ (curve448_bad_points): New.
+ (bad_points_table): New.
+ (ec_p_init): Use bad_points_table.
+ * tests/Makefile.am (t-x448): Add.
+ * tests/curves.c (N_CURVES): Update.
+ * tests/t-x448.c: New.
+
+2019-10-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Introduce new dialect: ECC_DIALECT_SAFECURVE.
+ + commit 498ab6d9f2f8b0775da41553be7868e59cf4cc2e
+ * src/mpi.h (ECC_DIALECT_SAFECURVE): New.
+ * cipher/ecc-misc.c (_gcry_ecc_dialect2str): Support the new dialect.
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Support opaque
+ MPI handling of secret 'd' for ECC_DIALECT_SAFECURVE.
+ * cipher/ecc.c (nist_generate_key): Support opaque secret for
+ ECC_DIALECT_SAFECURVE.
+ (test_ecdh_only_keys): Likewise.
+ (ecc_generate): Support native point representation for
+ ECC_DIALECT_SAFECURVE.
+ (ecc_encrypt_raw): Support opaque MPI handling of secret and
+ native point representation for ECC_DIALECT_SAFECURVE.
+ (ecc_decrypt_raw): Support native point representation for
+ ECC_DIALECT_SAFECURVE.
+ (_gcry_pk_ecc_get_sexp): Likewise.
+
+ ecc: Make _gcry_mpi_ec_mul_point friendly to X25519 computation.
+ + commit 2dfedafe08ac57a87e6892d1af4d72cbb398fe40
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Support scalar input as an opaque
+ MPI in little-endian native format.
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Use an opaque scalar.
+
+ pubkey: Support a method to get data as an opaque MPI.
+ + commit 050e0b4accfae6a49dda6b1bac52749edec5ce22
+ * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support an
+ opaque MPI in old style.
+
+2019-10-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Support an opaque MPI handling in mpi_from_keyparam.
+ + commit 05a7d2f262bc5c2d108dcfa6e3d907dd895a4074
+ * cipher/ecc-curves.c (mpi_from_keyparam): Add OPAQUE argument.
+
+ ecc: Fix handling of point representation in EdDSA.
+ + commit 3d5a05767b84e0f781ed5dfe434adb4d4e9d2aa5
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): Use
+ GCRYMPI_FMT_USG, since integer is defined as unsigned in SEC1.
+ (_gcry_ecc_eddsa_decodepoint): Likewise.
+
+ ecc: Return an opaque MPI by _gcry_ecc_ec2os.
+ + commit 8fce1027c2531127dd52a8b883f34333ffd3763b
+ * cipher/ecc-misc.c (_gcry_ecc_ec2os): Use mpi_set_opaque instead of
+ _gcry_mpi_scan to make an opaque MPI.
+
+ ecc: String constant fix.
+ + commit 35c1faaea2b0aee9b127d02d93158826d17eb107
+ * cipher/ecc-curves.c (domain_parms): Same string length for NIST
+ P-521.
+
+ ecc: Simplify _gcry_ecc_compute_public.
+ + commit ad8927f40169364003f72fc188ea60b295ef5e59
+ * cipher/ecc-misc.c (_gcry_ecc_compute_public): Don't need G and d.
+ Use ec->G and ec->d.
+ * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Follow the change.
+ (_gcry_ecc_get_point): Likewise.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Don't need d,
+ but use ec->d.
+ (_gcry_ecc_eddsa_sign): Follow the change.
+
+2019-10-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Use opaque MPI for _gcry_ecc_mul_point.
+ + commit c5a7191c1bd18292a34ad4da45d743dfac035f9a
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Use opaque MPI for U.
+
+ ecc: Fix _gcry_ecc_mont_decodepoint for data by old implementation.
+ + commit bbe15758c893dbf546416c1a6bccdad1ab000ad7
+ * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Support data by old
+ implementation by opaque public key.
+ Fix confusion of endian, in the handling of data by normal MPI key.
+
+ ecc: ECDH clean up for use of ec->nbits.
+ + commit 27e848666b4a03939b0c8db15aa6e6f79bc7db30
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Use ec->nbits.
+ * cipher/ecc.c (test_ecdh_only_keys): Likewise.
+ (ecc_encrypt_raw): Likewise.
+ (ecc_generate): Fix debug output format.
+
+2019-10-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix key generation for ECDH.
+ + commit 82441bbb82903c21cd2b9b4e2d50202b14fdc24c
+ * cipher/ecc.c (test_ecdh_only_keys): Don't free EC here.
+
+ ecc: Fix debug output.
+ + commit 6d93812aa312a92d4de2dc034bdf87c276a24b8a
+ * cipher/ecc-curves.c (_gcry_mpi_ec_internal_new): Fix debug output.
+
+ ecc: Simplify using mpi_ec_t directly.
+ + commit 6a30a9a2cc48d2343c3e9815567dbd4bf9eec058
+ * cipher/ecc-common.h (ECC_public_key, ECC_secret_key): Remove.
+ (_gcry_ecc_ecdsa_sign, _gcry_ecc_ecdsa_verify): Use mpi_ec_t.
+ (_gcry_ecc_eddsa_genkey, gcry_ecc_eddsa_sign): Likewise.
+ (_gcry_ecc_eddsa_verify): Likewise.
+ (_gcry_ecc_gost_sign, _gcry_ecc_gost_verify): Likewise.
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Use mpi_ec_t directly.
+ (_gcry_ecc_ecdsa_verify): Likewise.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
+ (_gcry_ecc_eddsa_sign, _gcry_ecc_eddsa_verify): Likewise.
+ * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise.
+ (_gcry_ecc_gost_verify): Likewise.
+
+ ecc: Fix for NBITS support.
+ + commit 975de38796917392e83152447c6575648a5a5ee3
+ * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Fill curve
+ parameters by NBITS.
+ (_gcry_mpi_ec_internal_new): Show "EdDSA".
+
+ ecc: Add NAME member to struct mpi_ec_ctx_s.
+ + commit e921ad5b3ad093304312aca90a3c971de05cbf03
+ * src/ec-context.h (struct mpi_ec_ctx_s): Add NAME.
+ * cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Initialize NAME.
+
+ ecc: Add key generation support to mpi_ec_get_elliptic_curve.
+ + commit 488704be6e044e23770d95344511c5a347b533c5
+ * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Handle params for
+ key generation.
+ (_gcry_mpi_ec_internal_new): Remove duplication for handling of flags.
+
+ ecc: Consolidate with _gcry_mpi_ec_internal_new.
+ + commit 5415bc578080018e1cd36aa44cf5c0a9995cbafc
+ * cipher/ecc-ecdh.c (prepare_ec): Use _gcry_mpi_ec_internal_new.
+ (_gcry_ecc_mul_point): Don't need to have E of elliptic_curve_t.
+ * cipher/ecc.c (ecc_encrypt_raw): Use _gcry_mpi_ec_internal_new.
+ (ecc_decrypt_raw): Likewise.
+
+ ecc: Support flags and debug print in _gcry_mpi_ec_internal_new.
+ + commit c2aa333dd88b4cd337329128a2018dd3b00f5114
+ * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Don't set *r_flags.
+ (_gcry_mpi_ec_internal_new): Add r_flags argument.
+ Parse the flag list.
+ Output to debug channel when DBG_CIPHER.
+
+2019-10-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add new function _gcry_mpi_ec_internal_new.
+ + commit c7b97ac9bdf96f5a89ae553cac12954043ab174d
+ * cipher/ecc-curves.c (mpi_ec_get_elliptic_curve)
+ (mpi_ec_setup_elliptic_curve): Factor out from _gcry_mpi_ec_new.
+ (_gcry_mpi_ec_internal_new): New.
+ (_gcry_mpi_ec_new): Rewrite using mpi_ec_get_elliptic_curve and
+ mpi_ec_setup_elliptic_curve.
+
+ ecc: Simplify ecc_encrypt_raw and ecc_decrypt_raw.
+ + commit 10b8cc280a535f14b017106c87f2b26bb68d9489
+ * cipher/ecc.c (ecc_encrypt_raw): Use elliptic_curve_t directly.
+ (ecc_decrypt_raw): Likewise.
+
+ ecc: More fixes for cofactor with PUBKEY_FLAG_PARAM.
+ + commit 61a0518282537ad52367354c96986c3d1b698d6f
+ * cipher/ecc.c (ecc_check_secret_key): Support "h" in KEYPARMS.
+ (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Likewise.
+
+ ecc: Simply use unsigned int for cofactor, not MPI.
+ + commit a258ae728de62607b3ef4eca940cfbcf9965fa5f
+ * cipher/ecc-common.h (elliptic_curve_t): Use unsigned int for H.
+ * src/ec-context.h (struct mpi_ec_ctx_s): Ditto.
+ * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
+ (domain_parms): Update for the cofactors.
+ (_gcry_ecc_fill_in_curve): H is no longer MPI, but unsigned int.
+ (_gcry_ecc_get_curve): Remove handling for H.
+ (_gcry_mpi_ec_new): In KEYPARM, cofactor is still MPI.
+ (_gcry_ecc_get_param_sexp): H is no longer MPI, but unsigned int.
+ (_gcry_ecc_get_mpi): Keep the API, returning MPI for "h".
+ (_gcry_ecc_set_mpi): Likewise.
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Fix for unsigned int.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
+ * cipher/ecc-misc.c (_gcry_ecc_curve_free): Likewise.
+ * cipher/ecc.c (nist_generate_key, test_ecdh_only_keys): Likewise.
+ (test_ecdh_only_keys, ecc_generate, ecc_check_secret_key): Likewise.
+ (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Likewise.
+ (_gcry_pk_ecc_get_sexp): Likewise.
+ * mpi/ec.c (ec_deinit): Likewise.
+
+2019-10-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Simplify compute_keygrip.
+ + commit 579d5d6017d63b5eabec588b24d1a22566455bac
+ * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Remove H.
+ * cipher/ecc.c (compute_keygrip): Don't get H, since it's not
+ used in the computation.
+
+ ecc: Clean up key generation code.
+ + commit 95cc9b8f4483fd7edfc7555199f6a05cfa68a236
+ * cipher/ecc.c (test_ecdh_only_keys): No need to make PK by SK.
+
+2019-10-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix building t-lock for WIN32.
+ + commit 7e1383cfd43fdc2b6f743e6a1304f0f0b2142847
+ * tests/t-lock.c (external_lock_test_init, external_lock_test_lock)
+ (externel_lock_test_unlock, external_lock_test_destroy)
+ (nonce_thread, get_rand, pick_account, pick_value, revision_thread)
+ (accountant_thread): Build also if _WIN32 defined in addition to
+ HAVE_PTHREAD.
+
+ hash-common: avoid integer division to reduce call overhead.
+ + commit f9d8b5a0369cc94e125d36d9c8864d5cd2eaa1d2
+ * cipher/hash-common.h (gcry_md_block_ctx): Replace 'blocksize' with
+ 'blocksize_shift'.
+ * cipher/hash-common.c (_gcry_md_block_write): Use bit-level operations
+ instead of division to get number of blocks.
+ * cipher/gostr2411-94.c (gost3411_init): Initialize 'blocksize_shift'
+ instead of 'blocksize'.
+ * cipher/md2.c (md2_init): Ditto.
+ * cipher/md4.c (md4_init): Ditto.
+ * cipher/md5.c (md5_init): Ditto.
+ * cipher/rmd160.c (rmd160_init): Ditto.
+ * cipher/sha1.c (sha1_init): Ditto.
+ * cipher/sha256.c (sha256_common_init): Ditto.
+ * cipher/sha512.c (sha512_init_common): Ditto.
+ * cipher/sm3.c (sm3_init): Ditto.
+ * cipher/stribog.c (stribog_init_512): Ditto.
+ * cipher/tiger.c (do_init): Ditto.
+ * cipher/whirlpool.c (whirlpool_init): Ditto.
+
+2019-10-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Handle ephemeral key as opaque octets.
+ + commit ff0f1782560eb45458d9a8dd97088dabeddb34e7
+ * cipher/ecc.c (ecc_decrypt_raw): Extract an ephemeral key
+ as opaque octets.
+
+2019-10-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Consolidate encoding a point for Montgomery curve.
+ + commit 80cf289905ace9f174eb06d7f55f38980f7e4dbd
+ * cipher/ecc-common.h (_gcry_ecc_mont_encodepoint): New.
+ * cipher/ecc-misc.c (_gcry_ecc_mont_encodepoint): New.
+ * cipher/ecc.c (ecc_generate): Use _gcry_ecc_mont_encodepoint.
+ (ecc_encrypt_raw, ecc_decrypt_raw, _gcry_pk_ecc_get_sexp): Likewise.
+
+2019-10-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: More clean-up for Ed25519 and Curve25519.
+ + commit ba0b31f2636632b1b39ebd2202de3ba5d60588b8
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): Fix calc for
+ bytes.
+ * cipher/ecc.c (ecc_encrypt_raw): Use public key as opaque byte-string
+ with "/q" for both cases, since it is always fixed size with a prefix.
+ (compute_keygrip): Likewise.
+ Fix hard-coded value of 256 for Ed25519.
+ Handle Curve25519 differently.
+
+2019-10-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix hard-coded value for 25519 to allow other modern curves.
+ + commit d66a4856eb0c39823bf3414b3ca4cf6322f32aef
+ * cipher/ecc.c (nist_generate_key): Support other modern curves.
+ (test_ecdh_only_keys): Likewise.
+ (check_secret_key): Don't use ECC_DIALECT_ED25519 for the check.
+ (_gcry_pk_ecc_get_sexp): Support Montgomery curve.
+
+ ecc: Clean up for decoding point.
+ + commit 254c5279058f0aea2d3568d6e756002242e82f8f
+ * cipher/ecc-curves.c (point_from_keyparam): Possibly supporting
+ Montgomery curve, use _gcry_mpi_ec_decode_point.
+ (_gcry_ecc_set_mpi): Likewise.
+ * cipher/ecc.c (ecc_check_secret_key): Likewise.
+
+ random: Clean up unused old internal API.
+ + commit 6e57242c61bca38b3cc8fdf424b5667ab953e4cd
+ * random/random.h (_gcry_get_random_bits): Remove.
+
+2019-10-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix regression in keygrip computation for cv25519 (2).
+ + commit 1cfe2329b91cc7be30f7c3a14fc634ec89a1be96
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Recover g_y
+ for Curve25519.
+
+2019-09-28 Werner Koch <wk@gnupg.org>
+
+ ecc: Fix regression in keygrip computation for cv25519.
+ + commit f67b6492e0b0a2a661cd53a08b20f23e6e3f9f89
+ * cipher/ecc-curves.c (domain_parms): Revert g_y for cv25519.
+ * tests/keygrip.c: Add test case for cv25519.
+
+2019-09-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add stitched ChaCha20-Poly1305 ARMv8/AArch64 implementation.
+ + commit 4bebafb7bae8343f543728937caf7d3453c88b7c
+ * cipher/Makefile.am: Add 'asm-poly1305-aarch64.h'.
+ * cipher/asm-poly1305-aarch64.h: New.
+ * cipher/chacha20-aarch64.S (ROT8, _, ROTATE2_8): New.
+ (ROTATE2): Add interleave operator.
+ (QUARTERROUND2): Add interleave operators; Use ROTATE2_8.
+ (chacha20_data): Rename to...
+ (_gcry_chacha20_aarch64_blocks4_data_inc_counter): ...to this.
+ (_gcry_chacha20_aarch64_blocks4_data_rot8): New.
+ (_gcry_chacha20_aarch64_blocks4): Preload ROT8; Fill empty parameters
+ for QUARTERROUND2 interleave operators.
+ (_gcry_chacha20_poly1305_aarch64_blocks4): New.
+ * cipher/chacha20.c
+ [USE_AARCH64_SIMD] (_gcry_chacha20_poly1305_aarch64_blocks4): New.
+ (_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt)
+ [USE_AARCH64_SIMD]: Use stitched implementation if ctr->use_neon is
+ set.
+
+2019-09-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Small tweak for PowerPC Chacha20-Poly1305 round loop.
+ + commit 96b91e164160dfbd913aefe258f472d386f5b642
+ * cipher/chacha20-ppc.c (_gcry_chacha20_poly1305_ppc8_block4): Use
+ inner/outer round loop structure instead of two separate loops for
+ stitched and non-stitched parts.
+
+ Reduce size of x86-64 stitched Chacha20-Poly1305 implementations.
+ + commit 664370ea02df883d16db1ffdd9ada023335b0f63
+ * cipher/chacha20-amd64-avx2.c
+ (_gcry_chacha20_poly1305_amd64_avx2_blocks8): De-unroll round loop.
+ * cipher/chacha20-amd64-ssse3.c
+ (_gcry_chacha20_poly1305_amd64_ssse3_blocks4):
+ (_gcry_chacha20_poly1305_amd64_ssse3_blocks1): Ditto.
+
+2019-09-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add PowerPC extra CFLAGS also for chacha20-ppc and crc-ppc.
+ + commit 5516072451d46be8827455afff840eb6d49155fb
+ * cipher/Makefile.am: Add 'ppc_vcrypto_cflags' for chacha20-ppc.o/.lo
+ and crc-ppc.o/.lo.
+
+2019-09-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add PowerPC vpmsum implementation of CRC.
+ + commit 0486b85bd1fb65013e77f858cae9ea4530f868df
+ * cipher/Makefile.am: Add 'crc-ppc.c'.
+ * cipher/crc-armv8-ce.c: Remove 'USE_INTEL_PCLMUL' comment.
+ * cipher/crc-ppc.c: New.
+ * cipher/crc.c (USE_PPC_VPMSUM): New.
+ (CRC_CONTEXT): Add 'use_vpmsum'.
+ (_gcry_crc32_ppc8_vpmsum, _gcry_crc24rfc2440_ppc8_vpmsum): New.
+ (crc32_init, crc24rfc2440_init): Add HWF check for 'use_vpmsum'.
+ (crc32_write, crc24rfc2440_write): Add 'use_vpmsum' code-path.
+ * configure.ac: Add 'vpmsumd' instruction to PowerPC VSX inline
+ assembly check; Add 'crc-ppc.lo'.
+
+ Add PowerPC vector implementation of ChaCha20.
+ + commit 557702f0d53a7ad1cf2ce0333c9df799a8abad59
+ * cipher/Makefile.am: Add 'chacha20-ppc.c'.
+ * cipher/chacha20-ppc.c: New.
+ * cipher/chacha20.c (USE_PPC_VEC, _gcry_chacha20_ppc8_blocks4)
+ (_gcry_chacha20_ppc8_blocks1, USE_PPC_VEC_POLY1305)
+ (_gcry_chacha20_poly1305_ppc8_blocks4): New.
+ (CHACHA20_context_t): Add 'use_ppc'.
+ (chacha20_blocks, chacha20_keysetup)
+ (do_chacha20_encrypt_stream_tail): Add USE_PPC_VEC code.
+ (_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt): Add
+ USE_PPC_VEC_POLY1305 code.
+ * configure.ac: Add 'chacha20-ppc.lo'.
+ * src/g10lib.h (HWF_PPC_ARCH_2_07): New.
+ * src/hwf-ppc.c (PPC_FEATURE2_ARCH_2_07): New.
+ (ppc_features): Add HWF_PPC_ARCH_2_07.
+ * src/hwfeatures.c (hwflist): Add 'ppc-arch_2_07'.
+
+2019-09-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ poly1305: add fast addition macro for ppc64.
+ + commit 0564757b934d24c7fef10df8594099985fbbc0ac
+ * cipher/poly1305.c [USE_MPI_64BIT && __powerpc__] (ADD_1305_64): New.
+
+2019-09-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add SHA-512 implementations for POWER8 and POWER9.
+ + commit 93632f1adf57f142e5d9e9653c405f2ca8c601c0
+ * cipher/Makefile.am: Add 'sha512-ppc.c'; Add extra CFLAG handling for
+ 'sha512-ppc.c'.
+ * cipher/sha512-ppc.c: New.
+ * cipher/sha512.c (USE_PPC_CRYPTO, _gcry_sha512_transform_ppc8)
+ (_gcry_sha512_transform_ppc9, do_sha512_transform_ppc8)
+ (do_sha512_transform_ppc9): New.
+ (sha512_init_common): Add PowerPC HW feature detection and
+ implementation selection.
+ * configure.ac: Add 'vshasigmad' instruction to PowerPC assembly
+ support check; Add 'sha512-ppc.lo'.
+
+2019-08-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add SHA-256 implementations for POWER8 and POWER9.
+ + commit e19dc973bc8e2a0ce92dd87515df3ee338265a8d
+ * cipher/Makefile.am: Add 'sha256-ppc.c'; Add extra CFLAG handling for
+ 'sha256-ppc.c'.
+ * cipher/sha256-ppc.c: New.
+ * cipher/sha256.c (USE_PPC_CRYPTO, _gcry_sha256_transform_ppc8)
+ (_gcry_sha256_transform_ppc9, do_sha256_transform_ppc8)
+ (do_sha256_transform_ppc9): New.
+ (sha256_init, sha224_init): Split common part to new function named...
+ (sha256_common_init): ...this; Add PowerPC HW feature detection and
+ implementation selection.
+ * configure.ac: Add 'vshasigmaw' instruction to PowerPC assembly
+ support check; Add 'sha256-ppc.lo'.
+
+2019-08-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ hwf-ppc: add detection for PowerISA 3.00.
+ + commit 418179593080f3028426657c4ef1941cdad85513
+ * src/g10lib.h (HWF_PPC_ARCH_3_00): New.
+ * src/hwf-ppc.c (feature_map_s): Remove unused 'feature_match'.
+ (PPC_FEATURE2_ARCH_3_00): New.
+ (ppc_features, get_hwcap): Add PowerISA 3.00.
+ * src/hwfeatures.c (hwflist): Rename "ppc-crypto" to "ppc-vcrypto"; Add
+ "ppc-arch_3_00".
+
+ rijndael-ppc: add bulk modes for CBC, CFB, CTR and XTS.
+ + commit 81d555d3473016eb9382fb1df153ba1effbbe32e
+ * cipher/rijndael-ppc.c (vec_add_uint128, _gcry_aes_ppc8_cfb_enc)
+ (_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_enc)
+ (_gcry_aes_ppc8_cbc_dec, _gcry_aes_ppc8_ctr_enc)
+ (_gcry_aes_ppc8_xts_crypt): New.
+ * cipher/rijndael.c [USE_PPC_CRYPTO] (_gcry_aes_ppc8_cfb_enc)
+ (_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_enc)
+ (_gcry_aes_ppc8_cbc_dec, _gcry_aes_ppc8_ctr_enc)
+ (_gcry_aes_ppc8_xts_crypt): New.
+ (do_setkey, _gcry_aes_cfb_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_enc)
+ (_gcry_aes_cbc_dec, _gcry_aes_ctr_enc)
+ (_gcry_aes_xts_crypto) [USE_PPC_CRYPTO]: Enable PowerPC AES
+ CFB/CBC/CTR/XTS bulk implementations.
+ * configure.ac (gcry_cv_gcc_inline_asm_ppc_altivec): Add 'vadduwm'
+ instruction.
+
+ rijndael-ppc: add bulk mode for ocb_auth.
+ + commit bd1367bb607846d582ad09ded6c4ce4be4e52778
+ * cipher/rijndael-ppc.c (_gcry_aes_ppc8_ocb_auth): New.
+ * cipher/rijndael.c [USE_PPC_CRYPTO] (_gcry_aes_ppc8_ocb_auth): New
+ prototype.
+ (do_setkey, _gcry_aes_ocb_auth) [USE_PPC_CRYPTO]: Add PowerPC AES
+ ocb_auth.
+
+ rijndael-ppc: enable PowerPC AES-OCB implemention.
+ + commit 821602c60c7d144c978c335f91ae1641cf668df5
+ * cipher/rijndael-ppc.c (ROUND_KEY_VARIABLES, PRELOAD_ROUND_KEYS)
+ (AES_ENCRYPT, AES_DECRYPT): New.
+ (_gcry_aes_ppc8_prepare_decryption): Rename to...
+ (aes_ppc8_prepare_decryption): ... this.
+ (_gcry_aes_ppc8_prepare_decryption): New.
+ (aes_ppc8_encrypt_altivec, aes_ppc8_decrypt_altivec): Remove.
+ (_gcry_aes_ppc8_encrypt): Use AES_ENCRYPT macro.
+ (_gcry_aes_ppc8_decrypt): Use AES_DECRYPT macro.
+ (_gcry_aes_ppc8_ocb_crypt): Uncomment; Optimizations for OCB offset
+ calculations, etc; Use new load/store and encryption/decryption macros.
+ * cipher/rijndaelc [USE_PPC_CRYPTO] (_gcry_aes_ppc8_ocb_crypt): New
+ prototype.
+ (do_setkey, _gcry_aes_ocb_crypt) [USE_PPC_CRYPTO]: Add PowerPC AES OCB
+ encryption/decryption.
+
+ rijndael-ppc: add key setup and enable single block PowerPC AES.
+ + commit 9dca65ef71b4bdbd89a087f41f4dbba71e6d2822
+ * cipher/Makefile.am: Add 'rijndael-ppc.c'.
+ * cipher/rijndael-internal.h (USE_PPC_CRYPTO): New.
+ (RIJNDAEL_context): Add 'use_ppc_crypto'.
+ * cipher/rijndael-ppc.c (backwards, swap_if_le): Remove.
+ (u128_t, ALWAYS_INLINE, NO_INLINE, NO_INSTRUMENT_FUNCTION)
+ (ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE, ASM_FUNC_ATTR_NOINLINE)
+ (ALIGNED_LOAD, ALIGNED_STORE, VEC_LOAD_BE, VEC_STORE_BE)
+ (vec_bswap32_const, vec_aligned_ld, vec_load_be_const)
+ (vec_load_be, vec_aligned_st, vec_store_be, _gcry_aes_sbox4_ppc8)
+ (_gcry_aes_ppc8_setkey, _gcry_aes_ppc8_prepare_decryption)
+ (aes_ppc8_encrypt_altivec, aes_ppc8_decrypt_altivec): New.
+ (_gcry_aes_ppc8_encrypt, _gcry_aes_ppc8_decrypt): Rewrite.
+ (_gcry_aes_ppc8_ocb_crypt): Comment out.
+ * cipher/rijndael.c [USE_PPC_CRYPTO] (_gcry_aes_ppc8_setkey)
+ (_gcry_aes_ppc8_prepare_decryption, _gcry_aes_ppc8_encrypt)
+ (_gcry_aes_ppc8_decrypt): New prototypes.
+ (do_setkey) [USE_PPC_CRYPTO]: Add setup for PowerPC AES.
+ (prepare_decryption) [USE_PPC_CRYPTO]: Ditto.
+ * configure.ac: Add 'rijndael-ppc.lo'.
+ (gcry_cv_ppc_altivec, gcry_cv_cc_ppc_altivec_cflags)
+ (gcry_cv_gcc_inline_asm_ppc_altivec)
+ (gcry_cv_gcc_inline_asm_ppc_arch_3_00): New checks.
+
+2019-08-26 Shawn Landden <shawn@git.icu>
+
+ rijndael/ppc: implement single-block mode, and implement OCB block cipher
+ + commit 92f38a619b1cf759057e9cd532ae7c1d0331100f
+ * cipher/rijndael-ppc.c: New implementation of single-block mode, and
+ implementation of OCB mode.
+
+ hwf: add detection of PowerPC hardware features.
+ + commit b4a3c76fabfa07c10fd18b90230f60b806ad9620
+ * src/Makefile.am: PowerPC hardware detection.
+ * src/g10lib.h: Likewise.
+ * src/hwf-common.h: Likewise.
+ * src/hwf-ppc.c: Likewise.
+ * src/hwfeatures.c: Likewise.
+ * configure.ac: Likewise.
+
+2019-08-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ pkgconfig: Fix libgcrypt.pc.
+ + commit 761d12f140b77b907087590646651d9578b68a54
+ * src/libgcrypt.pc.in (Cflags, Libs): Have flags.
+
+2019-08-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Fix build with !HAVE_PTHREAD.
+ + commit 900647d96cb7806cd9b2de343e4a4bd66c073fba
+ * tests/t-lock.c [!HAVE_PTHREAD]: Buildable now.
+
+ ecdsa: Fix unblinding too early.
+ + commit cdaeb86f067b94d9dff4235ade20dde6479d9bb8
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until
+ the last step.
+
+2019-08-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Fix testapi.c to be buildable.
+ + commit 376124f86097414cf1f9cbbc17af935d30064c82
+ * tests/testapi.c: Fix for xgcry_control.
+
+2019-08-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ dsa,ecdsa: Fix use of nonce, use larger one.
+ + commit 7c2943309d14407b51c8166c4dcecb56a3628567
+ * cipher/dsa-common.c (_gcry_dsa_modify_k): New.
+ * cipher/pubkey-internal.h (_gcry_dsa_modify_k): New.
+ * cipher/dsa.c (sign): Use _gcry_dsa_modify_k.
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
+ * cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise.
+
+2019-08-07 NIIBE Yutaka <gniibe@fsij.org>
+ Ján Jančár <johny@neuromancer.sk>
+
+ ecc: Add mitigation against timing attack.
+ + commit b9577f7c89b4327edc09f2231bc8b31521102c79
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K.
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger.
+
+2019-08-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ dsa,ecdsa: Allocate secure memory for RFC6979 generation.
+ + commit 75c2fbc43d2f2cf5f4c60cb28001fda7324185c2
+ * cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use secure memory
+ just like _gcry_dsa_gen_k does.
+
+2019-07-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Fix previous commit.
+ + commit 6126fc2f180a9b61064cea5c838d2ff7e0b7774a
+
+
+ build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs.
+ + commit 6d80f3f12dc2ff04b0eaa3ba29ee8725b6fb4f69
+ * configure.ac (CC_FOR_BUILD): Use AX_CC_FOR_BUILD.
+ * cipher/Makefile.am (gost-s-box): Add
+ {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD.
+ * doc/Makefile.am (yat2m): Likewise.
+ * m4/ax_cc_for_build.m4: New.
+
+2019-07-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix use of AVX instruction in SHA1/SSSE3 assembly.
+ + commit 320ed47963032aab7aadd8aefa054b9a7725c9f7
+ * cipher/sha1-ssse3-amd64.S: Replace 'vmovdqa' with 'movdqa'
+ instruction.
+
+2019-07-15 Werner Koch <wk@gnupg.org>
+
+ sexp: Improve argument checking of sexp parser.
+ + commit 1c2cecbb35e1a0760121d76c327651fe7b2b791a
+ * src/sexp.c (do_vsexp_sscan): Check for bad length in '%b'.
+
+2019-07-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: t-mpi-point: Remove implementation dependent checks.
+ + commit 8a0bde8c211c70756a2d8aa46e1bcf1f6f89e55d
+ * tests/t-mpi-point.c (basic_ec_math): Remove comparing X and Y,
+ only comparison of Z is relevant, mathematically.
+ Remove useless check, where different values in equivalence class
+ exist.
+ (basic_ec_math_simplified): Likewise.
+
+2019-06-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ sexp: Support reading base64.
+ + commit ab57613f10ad57d2fec648017c18d7abb189863b
+ * configure.ac (NEED_GPG_ERROR_VERSION): Require libgpg-error >= 1.27.
+ * src/sexp.c (do_vsexp_sscan): Support data in base64 format.
+ * tests/t-sexp.c (check_extract_param): Add a test case.
+
+2019-06-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Correctly return an error.
+ + commit b4a1114dc77617f0e772ddc4faf8820399b4354a
+ * cipher/ecc-ecdh.c (_gcry_ecc_get_algo_keylen): Return 0 for
+ unknow algorithm.
+ (_gcry_ecc_mul_point): Return GPG_ERR_UNSUPPORTED_ALGORITHM for
+ GCRY_ECC_CURVE448 for now.
+ Return GPG_ERR_UNKNOWN_ALGORITHM, otherwise.
+
+2019-06-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix the Curve25519 test.
+ + commit 6934711d572e13e9e78fb2c53bb119034b088c5a
+ * tests/t-cv25519.c (test_cv_x25519): Initialize SCALAR.
+
+ ecc: Improve new ECDH API.
+ + commit a658c9ccc2c741f40b0b5cdbcd184cfb9a841d17
+ * cipher/ecc-ecdh.c (_gcry_ecc_get_algo_keylen): New.
+ (_gcry_ecc_mul_point): Fill into the RESULT buffer, instead of
+ allocating new buffer.
+ * src/gcrypt-int.h: Change the API.
+ * src/gcrypt.h.in: Likewise.
+ * src/libgcrypt.def (gcry_ecc_get_algo_keylen): New.
+ * src/libgcrypt.vers (gcry_ecc_get_algo_keylen): New.
+ * src/visibility.c (gcry_ecc_get_algo_keylen): New.
+ * src/visibility.h (gcry_ecc_get_algo_keylen): New.
+ * tests/t-cv25519.c: Fix the use case.
+
+2019-06-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: X25519 API change to allow NULL for POINT.
+ + commit 6d77c2054ea0358fb4c6f59b4c91c673c0a83b03
+ * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Allow NULL for point,
+ meaning G.
+
+ ecc: Add an API for X25519 function as gcry_ecc_mul_point.
+ + commit ec8c2cdf977aa8d9ca5af0a9bd25aeb9190570b3
+ * configure.ac: Add ecc-ecdh.lo.
+ * cipher/Makefile.am: Add ecc-ecdh.c.
+ * cipher/ecc-common.h (reverse_buffer): Expose.
+ * cipher/ecc-eddsa.c (reverse_buffer): Expose.
+ * cipher/ecc-curves.c (domain_parms): Fix as the errata of RFC.
+ * cipher/ecc-ecdh.c: New.
+ * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix for other curves
+ than Curve25519.
+ * src/gcrypt-int.h (_gcry_ecc_mul_point): New.
+ * src/gcrypt.h.in (enum gcry_ecc_curves): New.
+ (gcry_ecc_mul_point): new.
+ * src/libgcrypt.def (gcry_ecc_mul_point): New.
+ * src/libgcrypt.vers (gcry_ecc_mul_point): New.
+ * src/visibility.h (gcry_ecc_mul_point): New.
+ * src/visibility.c (gcry_ecc_mul_point): New.
+ * tests/t-cv25519.c (test_cv_hl): Rename from test_cv.
+ (test_cv_x25519): New.
+ (test_cv): Call both of test_cv_hl and test_cv_x25519.
+
+2019-06-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests/basic: add CTR mode carry overflow test vectors.
+ + commit 971d372f512ff6805d5b8b54e9ac1446f3f66643
+ * tests/basic.c (check_ctr_cipher): Change tv structure 'plaintext'
+ and 'out' to pointers; Add counter carry overflow test vectors; Make
+ temporary buffer large enough for new test vectors.
+
+ GCM: move look-up table to .data section and unshare between processes.
+ + commit a4c561aab1014c3630bc88faf6f5246fee16b020
+ * cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
+ (gcmR): Move to 'gcm_table' structure.
+ (gcm_table): New structure for look-up table with counters before and
+ after.
+ (gcmR): New macro.
+ (prefetch_table): Handle input with length not multiple of 256.
+ (do_prefetch_tables): Modify pre- and post-table counters to unshare
+ look-up table pages between processes.
+
+ AES: move look-up tables to .data section and unshare between processes.
+ + commit daedbbb5541cd8ecda1459d3b843ea4d92788762
+ * cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+ * cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+ (enc_tables): New structure for encryption table with counters before
+ and after.
+ (encT): New macro.
+ (dec_tables): Add counters before and after encryption table; Move
+ from .rodata to .data section.
+ (do_encrypt): Change 'encT' to 'enc_tables.T'.
+ (do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+ * cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+ with length not multiple of 256.
+ (prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+ to unshare look-up table pages between processes.
+
+2019-05-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ cipher/Makefile.am: add '-fcoverage-*' to instrumentation munging.
+ + commit c6ffa216976d80a13486b13f64d6776cdb8b6ccf
+ * cipher/Makefile.am: Remove '-fcoverage-*' flag for mixed asm/C
+ i386+amd64 implementations.
+
+2019-05-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ md: fix UBSAN warning.
+ + commit dad94696d9c48c18b59576776c7caa95123dfa1b
+ * cipher/md.c (gcry_md_list): Define 'context' as array of
+ PROPERLY_ALIGNED_TYPE.
+ (md_enable, _gcry_md_reset, _gcry_md_close, md_final, md_set_key)
+ (prepare_macpads, md_read, md_extract): Access md context through
+ 'gcry_md_list->context' pointer instead of 'gcry_md_list->context.c'.
+
+ Disable instrumentation on mixed Intel SSE C/assembly implementations.
+ + commit d24dae4538dbbda9e6c72a34fae69682cfb2fef0
+ * cipher/Makefile.am: Make 'tiger.o' and 'tiger.lo' depend on Makefile;
+ Add instrumentation option munging.
+ * cipher/cipher-gcm-intel-pcmul.c (ALWAYS_INLINE)
+ (NO_INSTRUMENT_FUNCTION, ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE): New.
+ (reduction, gfmul_pclmul, gfmul_pclmul_aggr4, gfmul_pclmul_aggr8)
+ (gcm_lsh): Define with 'ASM_FUNC_ATTR_INLINE' instead of 'inline'.
+ (_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): Define with
+ 'ASM_FUNC_ATTR'.
+ * cipher/crc-intel-pcmul.c (ALWAYS_INLINE, NO_INSTRUMENT_FUNCTION)
+ (ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE): New.
+ (crc32_reflected_bulk, crc32_reflected_less_than_16, crc32_bulk)
+ (crc32_less_than_16): Define with 'ASM_FUNC_ATTR_INLINE' instead of
+ 'inline'.
+ (_gcry_crc32_intel_pclmul, _gcry_crc24rfc2440_intel_pclmul): Define
+ with 'ASM_FUNC_ATTR'.
+ * cipher/rijndael-aesni.c (NO_INSTRUMENT_FUNCTION, ASM_FUNC_ATTR)
+ (ASM_FUNC_ATTR_INLINE, ASM_FUNC_ATTR_NOINLINE): New.
+ (aes_ocb_get_l, do_aesni_prepare_decryption, do_aesni_enc)
+ (do_aesni_dec, do_aesni_enc_vec4, do_aesni_dec_vec4, do_aesni_enc_vec8)
+ (do_aesni_dec_vec8, aesni_ocb_checksum): Define with
+ 'ASM_FUNC_ATTR_INLINE' instead of 'inline'.
+ (do_aesni_ctr, do_aesni_ctr_4, do_aesni_ctr_8): Define wtih
+ 'ASM_FUNC_ATTR_INLINE'.
+ (aesni_ocb_enc, aesni_ocb_dec): Define with 'ASM_FUNC_ATTR_NOINLINE'
+ instead of 'NO_INLINE'.
+ (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_prepare_decryption)
+ (_gcry_aes_aesni_encrypt, _gcry_aes_aesni_cfg_enc)
+ (_gcry_aes_aesni_cbc_enc, _gcry_aes_aesni_ctr_enc)
+ (_gcry_aes_aesni_decrypt, _gcry_aes_aesni_cfb_dec)
+ (_gcry_aes_aesni_cbc_dec, _gcry_aes_aesni_ocb_crypt)
+ (_gcry_aes_aesni_ocb_auth, _gcry_aes_aesni_xts_enc)
+ (_gcry_aes_aesni_xts_dec, _gcry_aes_aesni_xts_crypt): Define with
+ 'ASM_FUNC_ATTR'.
+ * cipher/rijndael-ssse3-amd64.c (ALWAYS_INLINE, NO_INSTRUMENT_FUNCTION)
+ (ASM_FUNC_ATTR, ASM_FUNC_ATTR_INLINE): New.
+ (aes_ocb_get_l, do_ssse3_prepare_decryption, do_vpaes_ssse3_enc)
+ (do_vpaes_ssse3_dec): Define with 'ASM_FUNC_ATTR_INLINE' instead of
+ 'inline'.
+ (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+ (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc)
+ (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
+ (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec)
+ (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec)
+ (_gcry_aes_ssse3_ocb_crypt, _gcry_aes_ssse3_ocb_auth): Define with
+ 'ASM_FUNC_ATTR'.
+ * cipher/sha1-intel-shaext.c (NO_INSTRUMENT_FUNCTION)
+ (ASM_FUNC_ATTR): New.
+ (_gcry_sha1_transform_intel_shaext): Define with 'ASM_FUNC_ATTR'.
+ * cipher/sha256-intel-shaext.c (NO_INSTRUMENT_FUNCTION)
+ (ASM_FUNC_ATTR): New.
+ (_gcry_sha256_transform_intel_shaext): Define with 'ASM_FUNC_ATTR'.
+ * configure.ac (ENABLE_INSTRUMENTATION_MUNGING): New.
+
+ tests/basic: fix signed interger overflow.
+ + commit 3c7ff6bd1c40d5216d6c12b6b28f77fd1a57baa7
+ * tests/basic.c (check_ocb_cipher_largebuf_split): Cast to unsigned
+ when generating buffer values.
+
+2019-05-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests: do not use GCC variadic macro extension for xgcry_control.
+ + commit be567cb5dd629e9aa22d81b29d4326e5aa97efa7
+ * tests/t-common.h (xgcry_control): Use doubly nested parenthesis for
+ passing arguments for gcry_control instead of GCC specific variadic
+ macro extension.
+ * tests/aeswrap.c: Change xgcry_control to use doubly nested
+ parenthesis.
+ * tests/basic.c: Ditto.
+ * tests/bench-slope.c: Ditto.
+ * tests/benchmark.c: Ditto.
+ * tests/curves.c: Ditto.
+ * tests/dsa-rfc6979.c: Ditto.
+ * tests/fips186-dsa: Ditto.
+ * tests/fipsdrv.c: Ditto.
+ * tests/fipsrngdrv.c: Ditto.
+ * tests/gchash.c: Ditto.
+ * tests/hashtest.c: Ditto.
+ * tests/hmac.c: Ditto.
+ * tests/keygen.c: Ditto.
+ * tests/keygrip.c: Ditto.
+ * tests/mpitests.c: Ditto.
+ * tests/pkbench.c: Ditto.
+ * tests/pkcs1v2.c: Ditto.
+ * tests/prime.c: Ditto.
+ * tests/pubkey.c: Ditto.
+ * tests/random.c: Ditto.
+ * tests/rsacvt.c: Ditto.
+ * tests/t-convert.c: Ditto.
+ * tests/t-cv25519.c: Ditto.
+ * tests/t-ed25519.c: Ditto.
+ * tests/t-kdf.c: Ditto.
+ * tests/t-lock.c: Ditto.
+ * tests/t-mpi-bit.c: Ditto.
+ * tests/t-mpi-point.c: Ditto.
+ * tests/t-secmem.c: Ditto.
+ * tests/t-sexp.c: Ditto.
+ * tests/version.c: Ditto.
+
+2019-05-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests/basic: mark CFB and CFB8 as stream block cipher modes.
+ + commit 34e9306a66b47785ddbab6594ae4c23581d35b5a
+ * tests/basic.c (get_algo_mode_blklen): Return '1' for CFB and CFB8.
+
+2019-05-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix message digest final function for MD4, MD5 and RMD160.
+ + commit 15592cd52f543aadb2fab8f6c112c68075309ad6
+ * cipher/md4.c (md4_final): Use buffer offset '64 + 56' for bit count
+ on 'need one extra block' path.
+ * cipher/md5.c (md5_final): Ditto.
+ * cipher/rmd160.c (rmd160_final): Ditto.
+ * tests/basic.c (check_one_md_final): New.
+ (check_digest): Add new '*' test vectors and handle them with
+ check_one_md_final.
+
+2019-05-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Fix carry overflow in Stribog in 512-bit addition.
+ + commit da6cd4fea30f79cf9d8f9b2f1c6daf3aea39fa9c
+ * cipher/stribog.c (transform_bits): properly calculate carry flag
+ * tests/basic.c (check_digests): add two more test cases
+
+2019-04-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add support for explicit_memset.
+ + commit 71b0eb3fb75d2e6bbd86df055dc667b2debab0c1
+ * configure.ac: Add function check for 'explicit_memset'.
+ * src/misc.c (_gcry_fast_wipememory, _gcry_fast_wipememory2): Use
+ explicit_memset if available.
+
+ Fix CFI_PUSH/CFI_POP redefine build warning with AMD64 MPI.
+ + commit 78b1047eded8d5f8a13162d13160fce1809f6ee4
+ * mpi/amd64/func_abi.h: Move CFI macros into [__x86_64__] block.
+ * mpi/i386/syntax.h: Move CFI macros into [__i386__] block.
+
+ Enable four block aggregated GCM Intel PCLMUL implementation on i386.
+ + commit a6e7c411e5f67a9473675ca8d49017a4d13a8d3e
+ * cipher/cipher-gcm-intel-pclmul.c (reduction): Change "%%xmm7" to
+ "%%xmm5".
+ (gfmul_pclmul_aggr4): Move outside [__x86_64__] block; Remove usage of
+ XMM8-XMM15 registers; Do not preload H-values and be_mask to reduce
+ register usage for i386.
+ (_gcry_ghash_setup_intel_pclmul): Enable calculation of H2, H3 and H4
+ on i386.
+ (_gcry_ghash_intel_pclmul): Adjust to above gfmul_pclmul_aggr4
+ changes; Move 'aggr4' code path outside [__x86_64__] block.
+
+ Prefetch GCM look-up tables.
+ + commit 1374254c2904ab5b18ba4a890856824a102d4705
+ * cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
+ (prefetch_tables): New.
+ (ghash_internal): Call prefetch_tables.
+
+ Optimizations for generic table-based GCM implementations.
+ + commit ecd02cdd61e8c690f48637656f0e1e08b750fe30
+ * cipher/cipher-gcm.c [GCM_TABLES_USE_U64] (do_fillM): Precalculate
+ M[32..63] values.
+ [GCM_TABLES_USE_U64] (do_ghash): Split processing of two 64-bit halfs
+ of the input to two separate loops; Use precalculated M[] values.
+ [GCM_USE_TABLES && !GCM_TABLES_USE_U64] (do_fillM): Precalculate
+ M[64..127] values.
+ [GCM_USE_TABLES && !GCM_TABLES_USE_U64] (do_ghash): Use precalculated
+ M[] values.
+ [GCM_USE_TABLES] (bshift): Avoid conditional execution for mask
+ calculation.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Double gcm_table size.
+
+2019-04-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Optimizations for GCM Intel/PCLMUL implementation.
+ + commit af5f3fb08674608acf6617ea622ed0b9a2ee77a5
+ * cipher/cipher-gcm-intel-pclmul.c (reduction): New.
+ (glmul_pclmul): Include shifting to left into pclmul operations; Use
+ 'reduction' helper function.
+ [__x86_64__] (gfmul_pclmul_aggr4): Reorder instructions and adjust
+ register usage to free up registers; Use 'reduction' helper function;
+ Include shifting to left into pclmul operations; Moving load H values
+ and input from caller into this function.
+ [__x86_64__] (gfmul_pclmul_aggr8): New.
+ (gcm_lsh): New.
+ (_gcry_ghash_setup_intel_pclmul): Left shift H values to left by
+ one; Preserve XMM6-XMM15 registers on WIN64.
+ (_gcry_ghash_intel_pclmul) [__x86_64__]: Use 8 block aggregated
+ reduction function.
+
+ Move data pointer macro for 64-bit ARM assembly to common header.
+ + commit b9be297bb8eba7a09fa8413261de1587adcfd381
+ * cipher/asm-common-aarch64.h (GET_DATA_POINTER): New.
+ * cipher/chacha20-aarch64.S (GET_DATA_POINTER): Remove.
+ * cipher/cipher-gcm-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove.
+ * cipher/crc-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove.
+ * cipher/rijndael-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove.
+ * cipher/sha1-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove.
+ * cipher/sha256-armv8-aarch64-ce.S (GET_DATA_POINTER): Remove.
+
+ Add CFI unwind assembly directives for 64-bit ARM assembly.
+ + commit 5a2a96a63517838e04f9fc0fb2d932fac5124b8a
+ * cipher/asm-common-aarch64.h (CFI_STARTPROC, CFI_ENDPROC)
+ (CFI_REMEMBER_STATE, CFI_RESTORE_STATE, CFI_ADJUST_CFA_OFFSET)
+ (CFI_REL_OFFSET, CFI_DEF_CFA_REGISTER, CFI_REGISTER, CFI_RESTORE)
+ (DW_REGNO_SP, DW_SLEB128_7BIT, DW_SLEB128_28BIT, CFI_CFA_ON_STACK)
+ (CFI_REG_ON_STACK): New.
+ * cipher/camellia-aarch64.S: Add CFI directives.
+ * cipher/chacha20-aarch64.S: Add CFI directives.
+ * cipher/cipher-gcm-armv8-aarch64-ce.S: Add CFI directives.
+ * cipher/crc-armv8-aarch64-ce.S: Add CFI directives.
+ * cipher/rijndael-aarch64.S: Add CFI directives.
+ * cipher/rijndael-armv8-aarch64-ce.S: Add CFI directives.
+ * cipher/sha1-armv8-aarch64-ce.S: Add CFI directives.
+ * cipher/sha256-armv8-aarch64-ce.S: Add CFI directives.
+ * cipher/twofish-aarch64.S: Add CFI directives.
+ * mpi/aarch64/mpih-add1.S: Add CFI directives.
+ * mpi/aarch64/mpih-mul1.S: Add CFI directives.
+ * mpi/aarch64/mpih-mul2.S: Add CFI directives.
+ * mpi/aarch64/mpih-mul3.S: Add CFI directives.
+ * mpi/aarch64/mpih-sub1.S: Add CFI directives.
+ * mpi/asm-common-aarch64.h: Include "../cipher/asm-common-aarch64.h".
+ (ELF): Remove.
+
+ Add 64-bit ARMv8/CE PMULL implementation of CRC.
+ + commit 14c8a593ede42f51f567ed7ba77b53124151aa38
+ * cipher/Makefile.am: Add 'crc-armv8-ce.c' and
+ 'crc-armv8-aarch64-ce.S'.
+ * cipher/asm-common-aarch64.h [HAVE_GCC_ASM_CFI_DIRECTIVES]: Add CFI
+ helper macros.
+ * cipher/crc-armv8-aarch64-ce.S: New.
+ * cipher/crc-armv8-ce.c: New.
+ * cipher/crc.c (USE_ARM_PMULL): New.
+ (CRC_CONTEXT) [USE_ARM_PMULL]: Add 'use_pmull'.
+ [USE_ARM_PMULL] (_gcry_crc32_armv8_ce_pmull)
+ (_gcry_crc24rfc2440_armv8_ce_pmull): New prototypes.
+ (crc32_init, crc32rfc1510_init, crc24rfc2440_init): Enable ARM PMULL
+ implementations if supported by HW features.
+ (crc32_write, crc24rfc2440_write) [USE_ARM_PMULL]: Use ARM PMULL
+ implementations if enabled.
+ * configure.ac: Add 'crc-armv8-ce.lo' and 'crc-armv8-aarch64-ce.lo'.
+
+2019-04-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ mpi: make stack unwinding work at i386 mpi functions.
+ + commit b878a986f3ab2c35aff89c7f66f137a91542ed5b
+ * mpi/i386/syntax.h: Include 'config.h'.
+ (CFI_STARTPROC, CFI_ENDPROC, CFI_ADJUST_CFA_OFFSET, CFI_REL_OFFSET)
+ (CFI_RESTORE, CFI_PUSH, CFI_POP): New.
+ * mpi/i386/mpih-add1.S: Add CFI directives.
+ * mpi/i386/mpih-lshift.S: Add CFI directives.
+ * mpi/i386/mpih-mul1.S: Add CFI directives.
+ * mpi/i386/mpih-mul2.S: Add CFI directives.
+ * mpi/i386/mpih-mul3.S: Add CFI directives.
+ * mpi/i386/mpih-rshift.S: Add CFI directives.
+ * mpi/i386/mpih-sub1.S: Add CFI directives.
+
+ hwf-x86: make stack unwinding work at i386 cpuid functions.
+ + commit 0bd18e8bf7d67072f8c77352140b4ed4cfde3c6c
+ * src/hwf-x86.c (FORCE_FUNC_FRAME_POINTER): New.
+ [__i386__] (is_cpuid_available): Force use of stack frame pointer as
+ inline assembly modifies stack register; Add 'memory' constraint for
+ inline assembly.
+ [__i386__] (get_cpuid): Avoid push/pop instruction when preserving
+ %ebx register over cpuid.
+
+ Limit and document Blowfish key lengths to 8-576 bits.
+ + commit 3546599e5578f89f9e77b08bf599f9c44b23da5f
+ * cipher/blowfish.c (BLOWFISH_KEY_MIN_BITS)
+ (BLOWFISH_KEY_MAX_BITS): New.
+ (do_bf_setkey): Check input key length to MIN_BITS and MAX_BITS.
+ * doc/gcrypt.texi: Update supported Blowfish key lengths.
+ * tests/basic.c (check_ecb_cipher): New, with Blowfish test vectors
+ for different key lengths.
+ (check_cipher_modes): Call 'check_ecb_cipher'.
+
+2019-04-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add CFI unwind assembly directives for AMD64 assembly.
+ + commit d11ae95d05dc39ec6b825d1109afadd964589880
+ * configure.ac (gcry_cv_gcc_asm_cfi_directives): New.
+ * cipher/asm-common-amd64.h (ADD_RIP, CFI_STARTPROC, CFI_ENDPROC)
+ (CFI_REMEMBER_STATE, CFI_RESTORE_STATE, CFI_ADJUST_CFA_OFFSET)
+ (CFI_REL_OFFSET, CFI_DEF_CFA_REGISTER, CFI_REGISTER, CFI_RESTORE)
+ (CFI_PUSH, CFI_POP, CFI_POP_TMP_REG, CFI_LEAVE, DW_REGNO)
+ (DW_SLEB128_7BIT, DW_SLEB128_28BIT, CFI_CFA_ON_STACK)
+ (CFI_REG_ON_STACK): New.
+ (ENTER_SYSV_FUNCPARAMS_0_4, EXIT_SYSV_FUNC): Add CFI directives.
+ * cipher/arcfour-amd64.S: Add CFI directives.
+ * cipher/blake2b-amd64-avx2.S: Add CFI directives.
+ * cipher/blake2s-amd64-avx.S: Add CFI directives.
+ * cipher/blowfish-amd64.S: Add CFI directives.
+ * cipher/camellia-aesni-avx-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/camellia-aesni-avx2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/cast5-amd64.S: Add CFI directives.
+ * cipher/chacha20-amd64-avx2.S: Add CFI directives.
+ * cipher/chacha20-amd64-ssse3.S: Add CFI directives.
+ * cipher/des-amd64.S: Add CFI directives.
+ * cipher/rijndael-amd64.S: Add CFI directives.
+ * cipher/rijndael-ssse3-amd64-asm.S: Add CFI directives.
+ * cipher/salsa20-amd64.S: Add CFI directives; Use 'asm-common-amd64.h'.
+ * cipher/serpent-avx2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/serpent-sse2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha1-avx-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha1-avx-bmi2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha1-avx2-bmi2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha1-ssse3-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha256-avx-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha256-avx2-bmi2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha256-ssse3-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha512-avx-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha512-avx2-bmi2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/sha512-ssse3-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/twofish-amd64.S: Add CFI directives.
+ * cipher/twofish-avx2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * cipher/whirlpool-sse2-amd64.S: Add CFI directives; Use
+ 'asm-common-amd64.h'.
+ * mpi/amd64/func_abi.h: Include 'config.h'.
+ (CFI_STARTPROC, CFI_ENDPROC, CFI_ADJUST_CFA_OFFSET, CFI_REL_OFFSET)
+ (CFI_RESTORE, CFI_PUSH, CFI_POP): New.
+ (FUNC_ENTRY, FUNC_EXIT): Add CFI directives.
+
+2019-04-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ twofish-amd64: do not use xchg instruction.
+ + commit 0903b215ef5a18332b740a24e6e2bfbed9e1d97b
+ * cipher/twofish-amd64.S (g1g2_3): Swap ab and cd registers using
+ 'movq' instructions instead of 'xchgq'.
+
+2019-04-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Use FreeBSD's elf_aux_info for detecting ARM HW features.
+ + commit 2ffc689d4757f31f1e2c4961b94b0b0c8dc302b7
+ * configure.ac: Add function check for 'elf_aux_info'.
+ * src/hwf-arm.c [HAVE_ELF_AUX_INFO]: Include 'sys/auxv.h'.
+ [HAVE_ELF_AUX_INFO && !HAVE_GETAUXVAL] (HAVE_GETAUXVAL)
+ (getauxval): New.
+
+2019-04-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Use getauxval system function for detecting ARM HW features.
+ + commit 6812a2c5bd2d9129bfdf34f3daf89cd8543ed8e5
+ * configure.ac: Add header check for 'sys/auxv.h'; Add function check
+ for 'getauxval'.
+ * src/hwf-arm.c [HAVE_SYS_AUXV_H && HAVE_GETAUXVAL]: Include
+ 'sys/auxv.h'.
+ (HAS_SYS_AT_HWCAP): Enable AT_HWCAP if have 'getauxval' in addition of
+ __linux__.
+ (AT_HWCAP, AT_HWCAP2, HWCAP_NEON, HWCAP2_AES, HWCAP2_PMULL)
+ (HWCAP2_SHA1, HWCAP2_SHA2, HWCAP_ASIMD, HWCAP_AES)
+ (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2): Define these macros only if not
+ already defined.
+ (get_hwcap) [HAVE_SYS_AUXV_H && HAVE_GETAUXVAL]: Use 'getauxval' to
+ fetch HW capability flags.
+
+ Disable SM3 in FIPS mode.
+ + commit 04a6c3c7482dd1ecb5113a049b1765b0d5f212fb
+ * cipher/sm3.h (_gcry_digest_spec_sm3): Set flags.fips to zero.
+
+2019-04-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Tune SHA-512/AVX2 and SHA-256/AVX2 implementations.
+ + commit 478581c5107ae75281c54e56cdcef5165f3155ca
+ * cipher/sha256-avx2-bmi2-amd64.S (ONE_ROUND_PART1, ONE_ROUND_PART2)
+ (ONE_ROUND): New round function.
+ (FOUR_ROUNDS_AND_SCHED, FOUR_ROUNDS): Use new round function.
+ (_gcry_sha256_transform_amd64_avx2): Exit early if number of blocks is
+ zero; Writing XFER to stack earlier and handle XREF writing in
+ FOUR_ROUNDS_AND_SCHED.
+ * cipher/sha512-avx2-bmi2-amd64.S (MASK_YMM_LO, MASK_YMM_LOx): New.
+ (ONE_ROUND_PART1, ONE_ROUND_PART2, ONE_ROUND): New round function.
+ (FOUR_ROUNDS_AND_SCHED, FOUR_ROUNDS): Use new round function.
+ (_gcry_sha512_transform_amd64_avx2): Writing XFER to stack earlier and
+ handle XREF writing in FOUR_ROUNDS_AND_SCHED.
+
+2019-04-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add SHA512/224 and SHA512/256 algorithms.
+ + commit a3683b6f623189a4b65bb584bb9e65e3ad7b3139
+ * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping for SHA512/224
+ and SHA512/256.
+ (_gcry_mac_type_spec_hmac_sha512_256)
+ (_gcry_mac_type_spec_hmac_sha512_224): New.
+ * cipher/mac-internal.h (_gcry_mac_type_spec_hmac_sha512_256)
+ (_gcry_mac_type_spec_hmac_sha512_224): New.
+ * cipher/mac.c (mac_list, mac_list_algo101): Add SHA512/224 and
+ SHA512/256.
+ * cipher/md.c (digest_list, digest_list_algo301)
+ (prepare_macpads): Ditto.
+ * cipher/sha512.c (run_selftests): Ditto.
+ (sha512_init_common): Move common initialization here.
+ (sha512_init, sha384_init): Use common initialization function.
+ (sha512_224_init, sha512_256_init, _gcry_sha512_224_hash_buffer)
+ (_gcry_sha512_224_hash_buffers, _gcry_sha512_256_hash_buffer)
+ (_gcry_sha512_256_hash_buffers, selftests_sha512_224)
+ (selftests_sha512_256, sha512_224_asn, oid_spec_sha512_224)
+ (_gcry_digest_spec_sha512_224, sha512_256_asn, oid_spec_sha512_256)
+ (_gcry_digest_spec_sha512_256): New.
+ * doc/gcrypt.texi: Add SHA512/224 and SHA512/256; Add missing
+ HMAC-BLAKE2s and HMAC-BLAKE2b.
+ * src/cipher.h (_gcry_digest_spec_sha512_224)
+ (_gcry_digest_spec_sha512_256): New.
+ * src/gcrypt.h.in (GCRY_MD_SHA512_256, GCRY_MD_SHA512_224): New.
+ (GCRY_MAC_HMAC_SHA512_256, GCRY_MAC_HMAC_SHA512_224): New.
+ * tests/basic.c (check_digests): Add SHA512/224 and SHA512/256
+ test vectors.
+
+ Remove extra buffer flush at begining of digest final functions.
+ + commit c6055aaccac86e1ca8a9d35c980d7abbacf2a9ff
+ * cipher/md2.c (md2_final): Remove _gcry_md_block_write flush call
+ from entry.
+ * cipher/md4.c (md4_final): Ditto.
+ * cipher/md5.c (md5_final): Ditto.
+ * cipher/rmd160.c (rmd160_final): Ditto.
+ * cipher/sha1.c (sha1_final): Ditto.
+ * cipher/sha256.c (sha256_final): Ditto.
+ * cipher/sha512.c (sha512_final): Ditto.
+ * cipher/sm3.c (sm3_final): Ditto.
+ * cipher/stribog.c (stribog_final): Ditto.
+ * cipher/tiger.c (tiger_final): Ditto.
+
+ Optimizations for digest final functions.
+ + commit e76cd0e2b1f6025c1319576a5848815d1d231aeb
+ * cipher/md4.c (md4_final): Avoid byte-by-byte buffer setting when
+ padding; Merge extra and last block processing.
+ * cipher/md5.c (md5_final): Ditto.
+ * cipher/rmd160.c (rmd160_final): Ditto.
+ * cipher/sha1.c (sha1_final): Ditto.
+ * cipher/sha256.c (sha256_final): Ditto.
+ * cipher/sm3.c (sm3_final): Ditto.
+ * cipher/tiger.c (tiger_final): Ditto.
+ * cipher/sha512.c (sha512_final): Avoid byte-by-byte buffer setting
+ when padding.
+ * cipher/stribog.c (stribog_final): Ditto.
+ * cipher/whirlpool.c (whirlpool_final): Ditto.
+
+ tests/basic: add hash test for small block sizes.
+ + commit c54b1c96c644c941f3eb3d2a09432b82f25b6ff1
+ * tests/basic.c (check_one_md): Compare hashing buffers sizes from 1 to
+ 129 as full buffer input and byte-by-byte input.
+
+ Burn stack in transform functions for SHA2 AMD64 implementations.
+ + commit 74ef3ecbf94e704975e238a99c0e0480cebf46ac
+ * cipher/sha256-avx-amd64.S: Burn stack inside transform functions.
+ * cipher/sha256-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha256-ssse3-amd64.S: Ditto.
+ * cipher/sha512-avx-amd64.S: Ditto.
+ * cipher/sha512-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha512-ssse3-amd64.S: Ditto.
+
+ Burn stack in transform functions for SHA1 AMD64 implementations.
+ + commit f3d4bd90662faaedd37ce0dae1f9e7f91748e91e
+ * cipher/sha1-avx-amd64.S: Burn stack inside transform functions.
+ * cipher/sha1-avx-bmi2-amd64.S: Ditto.
+ * cipher/sha1-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha1-ssse3-amd64.S: Ditto.
+
+ Add AVX2/BMI2 implementation of SHA1.
+ + commit b982900bfe6403e95a157271d8d811c9c573af9e
+ * cipher/Makefile.am: Add 'sha1-avx2-bmi2-amd64.S'.
+ * cipher/hash-common.h (MD_BLOCK_CTX_BUFFER_SIZE): New.
+ (gcry_md_block_ctx): Change buffer length to MD_BLOCK_CTX_BUFFER_SIZE.
+ * cipher/sha1-avx-amd64.S: Add missing .size for transform function.
+ * cipher/sha1-ssse3-amd64.S: Add missing .size for transform function.
+ * cipher/sha1-avx-bmi2-amd64.S: Add missing .size for transform
+ function; Tweak implementation for small ~1% speed increase.
+ * cipher/sha1-avx2-bmi2-amd64.S: New.
+ * cipher/sha1.c (USE_AVX2, _gcry_sha1_transform_amd64_avx2_bmi2)
+ (do_sha1_transform_amd64_avx2_bmi2): New.
+ (sha1_init) [USE_AVX2]: Enable AVX2 implementation if supported by
+ HW features.
+ (sha1_final): Merge processing of two last blocks when extra block is
+ needed.
+
+2019-03-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ blowfish: add three rounds parallel handling to generic C implementation
+ + commit ced7508c857c0cc37da2299a393e5b167dd28e54
+ * cipher/blowfish.c (BLOWFISH_ROUNDS): Remove.
+ [BLOWFISH_ROUNDS != 16] (function_F): Remove.
+ (F): Replace big-endian and little-endian version with single
+ endian-neutral version.
+ (R3, do_encrypt_3, do_decrypt_3): New.
+ (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
+ (_gcry_blowfish_cfb_dec): Use new three block functions.
+
+ cast5: add three rounds parallel handling to generic C implementation.
+ + commit 4ec566b3689eff4a712eacfcbb4161eb243bb1df
+ * cipher/cast5.c (do_encrypt_block_3, do_decrypt_block_3): New.
+ (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec): Use
+ new three block functions.
+
+ cast5: read Kr four blocks at time and shift for current round.
+ + commit 8a0e68be1020d0c359bf8191159ac1ebe32a5aa0
+ * cipher/cast5.c (do_encrypt_block, do_decrypt_block): Read Kr as
+ 32-bit words instead of bytes and shift value for each round.
+
+ Add helper function for adding value to cipher block.
+ + commit 0fe918fa897cca9e01cbdb80d14106cfe5af680e
+ * cipher/cipher-internal.h (cipher_block_add): New.
+ * cipher/blowfish.c (_gcry_blowfish_ctr_enc): Use new helper function
+ for CTR block increment.
+ * cipher/camellia-glue.c (_gcry_camellia_ctr_enc): Ditto.
+ * cipher/cast5.c (_gcry_cast5_ctr_enc): Ditto.
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
+ * cipher/des.c (_gcry_3des_ctr_enc): Ditto.
+ * cipher/rijndael.c (_gcry_aes_ctr_enc): Ditto.
+ * cipher/serpent.c (_gcry_serpent_ctr_enc): Ditto.
+ * cipher/twofish.c (_gcry_twofish_ctr_enc): Ditto.
+
+2019-03-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Optimize OCB set_key and set_nonce.
+ + commit efd700e31dc8e1e386d367d1b682000977e0c810
+ * cipher/cipher-ocb.c (double_block): Change to input/output
+ host-endian block instead of big-endian buffer.
+ (double_block_cpy): Remove.
+ (bit_copy): Use fixed length copy and 'u64' for calculations.
+ (ocb_get_L_big): Handle block endian conversions for double_block.
+ (_gcry_cipher_ocb_setkey): Handle block endian conversions for
+ double_block.
+ (_gcry_cipher_ocb_set_nonce): Set full length of 'ktop' to zero; Drop
+ length parameter for bit_copy.
+
+ AES-NI/OCB: Optimize last and first key XORing.
+ + commit eacbd59b1333b95858886999c8049e04bf72ad74
+ * cipher/rijndael-aesni.c (aesni_ocb_enc, aesni_ocb_dec)
+ [__x86_64__]: Reorder and mix first and last key XORing with OCB offset
+ XOR operations.
+
+ AES-NI/OCB: Perform checksumming inline with encryption.
+ + commit e924ce456d5728a81c148de4a6eb23373cb70ca0
+ * cipher/rijndael-aesni.c (aesni_ocb_enc): Remove call to
+ 'aesni_ocb_checksum', instead perform checksumming inline with offset
+ calculations.
+
+2019-03-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ AES-NI/OCB: Use stack for temporary storage.
+ + commit b82dbbedf027327e0b4444a01edb045f51c4152b
+ * cipher/rijndael-aesni.c (aesni_ocb_enc, aesni_ocb_dec): Use stack
+ allocated 'tmpbuf' instead of output buffer as temporary storage.
+
+2019-03-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests/basic: add large buffer testing for ciphers.
+ + commit cabeebfc1179c8f5982834a8cbce02c55b3468e2
+ * tests/basic.c (check_one_cipher_core): Allocate buffers from heap.
+ (check_one_cipher): Add testing with large buffer (~65 KiB) in addition
+ to medium size buffer (~2 KiB).
+
+ chacha20-poly1305: fix wrong en/decryption on large input buffers.
+ + commit 049376470b31832d3331fc0037d273b4147e9d38
+ * cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt)
+ (_gcry_chacha20_poly1305_decrypt): Correctly use 'currlen' for chacha20
+ on the non-stitched code path.
+
+2019-03-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ doc: add mention about aligning data to cachelines for best performance.
+ + commit bb03edcbba95e06686188957a65c1967ee07cd6a
+ * doc/gcrypt.text: Add mention about aligning data to cachelines for
+ best performance.
+
+ random-drbg: do not use calloc for zero ctr.
+ + commit 5a20151213c2e496513c541c36e4ebd086b20be9
+ * random/random-drbg.c (DRBG_CTR_NULL_LEN): Move to 'constants'
+ section.
+ (drbg_state_s): Remove 'ctr_null' member.
+ (drbg_ctr_generate): Add 'drbg_ctr_null'.
+ (drbg_sym_fini, drbg_sym_init): Remove 'drbg->ctr_null' usage.
+
+2019-03-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add ARMv7/NEON accelerated GCM implementation.
+ + commit 2445cf7431fab921f6c1870da7084ee698992064
+ * cipher/Makefile.am: Add 'cipher-gcm-armv7-neon.S'.
+ * cipher/cipher-gcm-armv7-neon.S: New.
+ * cipher/cipher-gcm.c [GCM_USE_ARM_NEON] (_gcry_ghash_setup_armv7_neon)
+ (_gcry_ghash_armv7_neon, ghash_setup_armv7_neon)
+ (ghash_armv7_neon): New.
+ (setupM) [GCM_USE_ARM_NEON]: Use armv7/neon implementation if have
+ HWF_ARM_NEON.
+ * cipher/cipher-internal.h (GCM_USE_ARM_NEON): New.
+
+ Use memset instead of setting buffers byte by byte.
+ + commit 6f2391d2df029b0e1a4e5dde17c3d97cc594a1c7
+ * cipher/cipher-ccm.c (do_cbc_mac): Replace buffer setting loop with memset call.
+ * cipher/cipher-gcm.c (do_ghash_buf): Ditto.
+ * cipher/poly1305.c (poly1305_final): Ditto.
+
+ Use buf_cpy instead of copying buffers byte by byte.
+ + commit 4db6d8796c0d95ab89e9ad69336509b604b957cd
+ * cipher/bufhelp.h (buf_cpy): Skip memcpy if length is zero.
+ * cipher/cipher-ccm.c (do_cbc_mac): Replace buffer copy loops with buf_cpy call.
+ * cipher/cipher-cmac.c (_gcry_cmac_write): Ditto.
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate): Ditto.
+
+ Reduce overhead on generic hash write function.
+ + commit e76617cbab018dd8f41fd6b4ec6740b5303f7e13
+ * cipher/hash-common.c (_gcry_md_block_write): Remove recursive
+ function call; Use buf_cpy for copying buffers; Burn stack only once.
+
+ sha1-avx: use vmovdqa instead of movdqa.
+ + commit f8d14df1abd645c3279b14da43b4a7983d87f89f
+ * cipher/sha1-avx-amd64.S: Replace 'movdqa' with 'vmovdqa'.
+ * cipher/sha1-avx-bmi2-amd64.S: Replace 'movdqa' with 'vmovdqa'.
+
+ doc/gcrypt.texi: update HW feature list.
+ + commit 7abf65da84c7106250a5ed2de78b05610cf251f4
+ * doc/gcrypt.texi: Update FW feature list.
+
+2019-03-20 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ ecc: Adjust debugging output.
+ + commit 54db6a4b44124ed7e95897174f32262482b4b0cb
+ * cipher/ecc.c (ecc_check_secret_key): Adjust debugging output to use
+ full column titles.
+
+2019-02-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ fips: Only test check_binary_integrity when fips_mode is enabled.
+ + commit ad133fc79757236359252e92244fe16e9adb45a3
+ * src/fips.c (_gcry_fips_run_selftests): Check the status of fips_mode
+ before calling check_binary_integrity.
+
+2019-02-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add 2-way path for SSSE3 version of ChaCha20.
+ + commit d455068988e5779b0200c51415ddab6b51e12dc4
+ * cipher/chacha20-amd64-ssse3.S (_gcry_chacha20_amd64_ssse3_blocks1)
+ (_gcry_chacha20_poly1305_amd64_ssse3_blocks1): Add 2-way code paths.
+ * cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt): Add
+ preprosessing of 2 blocks with SSSE3.
+
+2019-01-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Do not precalculate OCB offset L0+L1+L0.
+ + commit afab94d222425ecb838eb56cb0723bdaf3e5de36
+ * cipher/cipher-internal.h (gcry_cipher_handle): Remove OCB L0L1L0.
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_setkey): Ditto.
+ * cipher/rijndael-aesni.c (aesni_ocb_enc, aesni_ocb_dec)
+ (_gcry_aes_aesni_ocb_auth): Replace L0L1L0 use with L1.
+
+ Calculate OCB L-tables when setting key instead of when setting nonce.
+ + commit c15409c49993166ab1325d45360b3a8fe72a5556
+ * cipher/cipher-internal.h (gcry_cipher_handle): Mark areas of
+ u_mode.ocb that are and are not cleared by gcry_cipher_reset.
+ (_gcry_cipher_ocb_setkey): New.
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Split
+ L-table generation to ...
+ (_gcry_cipher_ocb_setkey): ... this new function.
+ * cipher/cipher.c (cipher_setkey): Add handling for OCB mode.
+ (cipher_reset): Do not clear L-values for OCB mode.
+
+ chacha20-amd64-avx2: optimize output xoring.
+ + commit 08e0650c21984bb9ddf5a1dabb1cc890fabf63ab
+ * cipher/chacha20-amd64-avx2.S (STACK_TMP2): Remove.
+ (transpose_16byte_2x2, xor_src_dst): New.
+ (BUF_XOR_256_TO_128): Remove.
+ (_gcry_chaha20_amd64_avx2_blocks8)
+ (_gcry_chacha20_poly1305_amd64_avx2_blocks8): Replace
+ BUF_XOR_256_TO_128 with transpose_16byte_2x2/xor_src_dst; Reduce stack
+ usage; Better interleave chacha20 state merging and output xoring.
+
+ tests/bench-slope: prevent auto-mhz detection getting stuck.
+ + commit 28614a77a28190ab902a2b98039de2cd0635c7c7
+ * cipher/bench-slope.c (bench_ghz, bench_ghz_diff): New static
+ variables.
+ (AUTO_GHZ_TARGET_DIFF): New macro.
+ (do_slope_benchmark): Reduce target auto-mhz accuracy after
+ repeated failures.
+ (bench_print_result_csv, bench_print_result_std): Print auto-ghz
+ different if 1 Mhz or more.
+ (do_slope_benchmark, bench_print_result_csv, bench_print_result_std)
+ (bench_print_result): Remove 'bench_ghz' parameter.
+ (cipher_bench_one, hash_bench_one, mac_bench_one)
+ (kdf_bench_one): Remove 'bench_ghz' variable.
+
+ tests/bench-slope: add missing cipher context reset.
+ + commit 546f13ae08918726791600cdd0d0be56cc52c790
+ * tests/bench-slope.c (bench_encrypt_do_bench)
+ (bench_decrypt_do_bench): Add call to 'gcry_cipher_reset'.
+
+ Add stitched ChaCha20-Poly1305 SSSE3 and AVX2 implementations.
+ + commit d6330dfb4b0e9fb3f8eef65ea13146060b804a97
+ * cipher/asm-poly1305-amd64.h: New.
+ * cipher/Makefile.am: Add 'asm-poly1305-amd64.h'.
+ * cipher/chacha20-amd64-avx2.S (QUATERROUND2): Add interleave
+ operators.
+ (_gcry_chacha20_poly1305_amd64_avx2_blocks8): New.
+ * cipher/chacha20-amd64-ssse3.S (QUATERROUND2): Add interleave
+ operators.
+ (_gcry_chacha20_poly1305_amd64_ssse3_blocks4)
+ (_gcry_chacha20_poly1305_amd64_ssse3_blocks1): New.
+ * cipher/chacha20.c (_gcry_chacha20_poly1305_amd64_ssse3_blocks4)
+ (_gcry_chacha20_poly1305_amd64_ssse3_blocks1)
+ (_gcry_chacha20_poly1305_amd64_avx2_blocks8): New prototypes.
+ (chacha20_encrypt_stream): Split tail to...
+ (do_chacha20_encrypt_stream_tail): ... new function.
+ (_gcry_chacha20_poly1305_encrypt)
+ (_gcry_chacha20_poly1305_decrypt): New.
+ * cipher/cipher-internal.h (_gcry_chacha20_poly1305_encrypt)
+ (_gcry_chacha20_poly1305_decrypt): New prototypes.
+ * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_encrypt): Call
+ '_gcry_chacha20_poly1305_encrypt' if cipher is ChaCha20.
+ (_gcry_cipher_poly1305_decrypt): Call
+ '_gcry_chacha20_poly1305_decrypt' if cipher is ChaCha20.
+ * cipher/poly1305-internal.h (_gcry_cipher_poly1305_update_burn): New
+ prototype.
+ * cipher/poly1305.c (poly1305_blocks): Make static.
+ (_gcry_poly1305_update): Split main function body to ...
+ (_gcry_poly1305_update_burn): ... new function.
+
+ Add SSSE3 optimized non-parallel ChaCha20 function.
+ + commit 7d9b2f114f3edf4d13640616cf34c79364234781
+ * cipher/chacha20-amd64-ssse3.S (ROTATE_SHUF, ROTATE, WORD_SHUF)
+ (QUARTERROUND4, _gcry_chacha20_amd64_ssse3_blocks1): New.
+ * cipher/chacha20.c (_gcry_chacha20_amd64_ssse3_blocks1): New
+ prototype.
+ (chacha20_blocks): Rename to ...
+ (do_chacha20_blocks): ... this.
+ (chacha20_blocks): New.
+ (chacha20_encrypt_stream): Adjust for new chacha20_blocks function.
+
+ tests/basic: increase buffer size for check_one_cipher.
+ + commit 88e482d16ee80de41b6f133e77f0d15423fcd266
+ * tests/basic.c (check_one_cipher_core)
+ (check_one_cipher): Increase buffer from 1040 to 1904 bytes.
+
+ tests/basic: check AEAD tags in check_one_cipher test.
+ + commit eee1f152a5b3040f6723d287d1b01fb939be67b7
+ * tests/basic.c (get_algo_mode_taglen): New.
+ (check_one_cipher_core_reset): Check that tags are same with
+ AEAD modes.
+
+2019-01-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: With LD_LIBRARY_PATH defined, use --disable-new-dtags.
+ + commit e5c2f8a2cd2b89d90ea30de2dedb0e92498a5f70
+ * configure.ac (LDADD_FOR_TESTS_KLUDGE): New for --disable-new-dtags.
+ * tests/Makefile.am (LDADD, t_lock_LDADD): Use LDADD_FOR_TESTS_KLUDGE.
+
+ random: Fix previous commit for getentropy function.
+ + commit 17f246c7044ab9ed236f6ec73fc126654257f0f9
+ * random/rndlinux.c [__NR_getrandom] (_gcry_rndlinux_gather_random):
+ Check return value only for use of syscall.
+
+ random: Use getentropy when available for not GNU/Linux.
+ + commit 2677d7d482bf2d078c1dce64854747c5b148924b
+ * configure.ac: Detect getentropy.
+ * random/rndlinux.c [__linux__] (getentropy): Macro defined.
+ [HAVE_GETENTROPY] (_gcry_rndlinux_gather_random): Use getentropy.
+
+2019-01-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ camellia-aarch64: do not export look-up table globally.
+ + commit 09c27280cc09798d15369b3a143036b7ab5ddd69
+ * cipher/camellia-aarch64.S (_gcry_camellia_arm_tables): Remove
+ '.globl' export.
+
+2019-01-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Process CCM/EAX/GCM/Poly1305 AEAD cipher modes input in 24 KiB chucks.
+ + commit 3ee6588de8311b461ef8707c70ff86d2b252966d
+ * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt)
+ (_gcry_cipher_ccm_decrypt): Process data in 24 KiB chunks.
+ * cipher/cipher-eax.c (_gcry_cipher_eax_encrypt)
+ (_gcry_cipher_eax_decrypt): Ditto.
+ * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
+ (_gcry_cipher_gcm_decrypt): Ditto.
+ * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_encrypt)
+ (_gcry_cipher_poly1305_decrypt): Ditto.
+
+ tests/benchmark: add Chacha20-Poly1305 benchmarking.
+ + commit 4871f11745f33c5c5051bfe6f325ac1c10764b04
+ * tests/benchmark.c (cipher_bench): Add Chacha20-Poly1305.
+
+ tests/benchmark: add --huge-buffers option for cipher tests.
+ + commit edde61f325e4b345f17c47369f3b6b1400656f04
+ * tests/benchmark.c (huge_buffers, cipher_encrypt, cipher_decrypt): New.
+ (cipher_bench): Add 'max_inlen' to modes structure; add huge buffers
+ mode selection.
+ (main): Add '--huge-buffers'.
+
+2018-12-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ random: Add finalizer for rndjent.
+ + commit 3028a221d39c1b593ea0c1bcbfccd33959769692
+ * random/rand-internal.h (_gcry_rndjent_fini): New.
+ * random/rndjent.c (_gcry_rndjent_fini): New.
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Call the finalizer
+ when GCRYCTL_CLOSE_RANDOM_DEVICE.
+
+2018-12-12 Werner Koch <wk@gnupg.org>
+
+ secmem: Prepare for easier debugging.
+ + commit 876f7280e8604bc99ddda0526339ec5ec6b23c4b
+ * src/secmem.c (_gcry_secmem_dump_stats): Factor code out to ...
+ (secmem_dump_stats_internal): new.
+
+2018-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-aesni: interleave last CTR encryption round with xoring.
+ + commit 66d2b7fc17258f1424f4ca4adb1096e48b818bd0
+ * cipher/rijndael-aesni.c (do_aesni_ctr_8): Interleave aesenclast
+ with input xoring.
+
+2018-11-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Use explicit_bzero for wipememory.
+ + commit 168668228c7c49e70612cb4d602d6d603a2add2c
+ * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
+ * src/g10lib.h (wipememory2): Use _gcry_fast_wipememory if _SET is
+ zero.
+ (_gcry_fast_wipememory): New.
+ (_gcry_wipememory2): Rename to...
+ (_gcry_fast_wipememory2): ...this.
+ * src/misc.c (_gcry_wipememory): New.
+ (_gcry_wipememory2): Rename to...
+ (_gcry_fast_wipememory2): ...this.
+ (_gcry_fast_wipememory2) [HAVE_EXPLICIT_BZERO]: Use explicit_bzero if
+ SET is zero.
+ (_gcry_burn_stack): Use _gcry_fast_wipememory.
+
+ Add clang target pragma for mixed C/assembly x86-64 implementations.
+ + commit 9d9c4fd18b445ff414d11678285d54af3afdb222
+ * cipher/cipher-gcm-intel-pclmul.c: Add target 'no-sse' attribute
+ pragma for clang.
+ * cipher/crc-intel-pclmul.c: Ditto.
+ * cipher/rijndael-aesni.c: Ditto.
+ * cipher/rijndael-ssse3-amd64.c: Ditto.
+ * cipher/sha1-intel-shaext.c: Ditto.
+ * cipher/sha256-intel-shaext.c: Ditto.
+
+ Optimizations for AES-NI OCB.
+ + commit b42de67f34871a2520cfe370af513f2aab6e4f75
+ * cipher/cipher-internal.h (gcry_cipher_handle): New pre-computed OCB
+ values L0L1 and L0L1L0; Swap dimensions for OCB L table.
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Setup L0L1 and
+ L0L1L0 values.
+ (ocb_crypt): Process input in 24KiB chunks for better cache locality
+ for checksumming.
+ * cipher/rijndael-aesni.c (ALWAYS_INLINE): New macro for always
+ inlining functions, change all functions with 'inline' to use
+ ALWAYS_INLINE.
+ (NO_INLINE): New macro.
+ (aesni_prepare_2_6_variable, aesni_prepare_7_15_variable): Rename to...
+ (aesni_prepare_2_7_variable, aesni_prepare_8_15_variable): ...these and
+ adjust accordingly (xmm7 moved from *_7_15 to *_2_7).
+ (aesni_prepare_2_6, aesni_prepare_7_15): Rename to...
+ (aesni_prepare_2_7, aesni_prepare_8_15): ...these and adjust
+ accordingly.
+ (aesni_cleanup_2_6, aesni_cleanup_7_15): Rename to...
+ (aesni_cleanup_2_7, aesni_cleanup_8_15): ...these and adjust
+ accordingly.
+ (aesni_ocb_checksum): New.
+ (aesni_ocb_enc, aesni_ocb_dec): Calculate OCB offsets in parallel
+ with help of pre-computed offsets L0+L1 ja L0+L1+L0; Do checksum
+ calculation as separate pass instead of inline; Use NO_INLINE.
+ (_gcry_aes_aesni_ocb_auth): Calculate OCB offsets in parallel
+ with help of pre-computed offsets L0+L1 ja L0+L1+L0.
+ * cipher/rijndael-internal.h (RIJNDAEL_context_s) [USE_AESNI]: Add
+ 'use_avx2' and 'use_avx'.
+ * cipher/rijndael.c (do_setkey) [USE_AESNI]: Set 'use_avx2' if
+ Intel AVX2 HW feature is available and 'use_avx' if Intel AVX HW
+ feature is available.
+ * tests/basic.c (do_check_ocb_cipher): New test vector; increase
+ size of temporary buffers for new test vector.
+ (check_ocb_cipher_largebuf_split): Make test plaintext non-uniform
+ for better checksum testing.
+ (check_ocb_cipher_checksum): New.
+ (check_ocb_cipher_largebuf): Call check_ocb_cipher_checksum.
+ (check_ocb_cipher): New expected tags for check_ocb_cipher_largebuf
+ test runs.
+
+2018-11-19 Andreas Metzler <ametzler@bebt.de>
+
+ doc: Fix library initialization examples.
+ + commit af0bbdb9019e0b4a72e87e8b1b4a55506d349834
+
+
+2018-11-14 Werner Koch <wk@gnupg.org>
+
+ random: Initialize variable as requested by valgrind.
+ + commit aa686dfc9b563ff79c01d2f8560b88f69c42ecba
+ random/jitterentropy-base.c: Init.
+
+2018-11-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ libgcrypt.m4: Prefer gpgrt-config to SYSROOT support.
+ + commit 852245390ef7fd8ca9e36010886a4cf42cf710bf
+ * libgcrypt.m4: Move SYSROOT support after check of GPGRT_CONFIG.
+
+ build: Update autogen.rc.
+ + commit bea193446351c24b10a4342466978d57bd53f599
+ * autogen.rc: Remove obsolete --with-gpg-error-prefix option.
+
+2018-11-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix 'variable may be used uninitialized' warning for CTR mode.
+ + commit 3f76319803a4abcd33fa29a0ac39f8ed9d646226
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Set N to BLOCKSIZE
+ before counter loop.
+
+2018-11-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix inlining of ocb_get_l for x86 AES implementations.
+ + commit 9d6431604b5ee21572c1c2cfa8376e6d81162cbb
+ * cipher/rijndael-aesni.c (aes_ocb_get_l): New.
+ (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Use
+ 'aes_ocb_get_l'.
+ * cipher/rijndael-ssse3-amd4.c (aes_ocb_get_l): New.
+ (ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Use
+ 'aes_ocb_get_l'.
+
+2018-11-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ stdmem: free: only call _gcry_secmem_free if needed.
+ + commit 23f56d3359ca7d152aa87874ddd6305171a91408
+ * src/stdmem.c (_gcry_private_free): Check if memory is secure before
+ calling _gcry_secmem_free to avoid unnecessarily taking secmem lock.
+
+ secmem: fix potential memory visibility issue.
+ + commit d6c6680ca31c05bafbb8becda56da051346eceb3
+ * configure.ac (gcry_cv_have_sync_synchronize): New check.
+ * src/secmem.c (pooldesc_s): Make next pointer volatile.
+ (memory_barrier): New.
+ (_gcry_secmem_malloc_internal): Insert memory barrier between
+ pool->next and mainpool.next assigments.
+ (_gcry_private_is_secure): Update comments.
+
+ wipememory: use memset for non-constant length or large buffer wipes.
+ + commit 4faeaa1cbd235a2560fa04a8ac3766a07029acd8
+ * src/g10lib.h (CONSTANT_P): New.
+ (_gcry_wipememory2): New prototype.
+ (wipememory2): Use _gcry_wipememory2 if _len not constant expression or
+ lenght is larger than 64 bytes.
+ (FASTWIPE_T, FASTWIPE_MULT, fast_wipememory2_unaligned_head): Remove.
+ (fast_wipememory2): Always handle buffer as unaligned.
+ * src/misc.c (__gcry_burn_stack): Move memset_ptr variable to...
+ (memset_ptr): ... here. New.
+ (_gcry_wipememory2): New.
+
+ Change buf_cpy and buf_xor* functions to use buf_put/buf_get helpers.
+ + commit 0068d41d9304ebcdb2caba1fa8848925e2bfaac7
+ * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS)
+ (bufhelp_int_s, buf_xor_1): Remove.
+ (buf_cpy, buf_xor, buf_xor_2dst, buf_xor_n_copy_2): Use
+ buf_put/buf_get helpers to handle unaligned memory accesses.
+
+ rijndael: fix unused parameter warning.
+ + commit 30e783ec487466132324673f197d36b85a91b060
+ * cipher/rijndael.c (do_setkey): Silence unused 'hd' warning.
+
+ mpi/longlong.h: enable inline assembly for powerpc64.
+ + commit ec49013d23d9a7b874c42d77ceb08bd313ba69e1
+ * mpi/longlong.h [__powerpc__ && W_TYPE_SIZE == 64]: Remove '#if 0'.
+
+ Change remaining users of _gcry_fips_mode to use fips_mode.
+ + commit 2aece89d3967e692743541cea857f2e4771b0b62
+ * src/fips.c (_gcry_fips_mode): Remove.
+ (_gcry_enforced_fips_mode, _gcry_inactivate_fips_mode)
+ (_gcry_is_fips_mode_inactive): Use fips_mode.
+ * src/g10lib.h (_gcry_fips_mode): Remove.
+
+2018-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ aarch64: mpi: Distribute the header file as a part of source.
+ + commit a2e0cb1542818ad8a71de34ccbf191adab0a0b86
+ * mpi/Makefile.am (EXTRA_libmpi_la_SOURCES): Add asm-common-aarch64.h.
+
+ build: Fix GCRYPT_HWF_MODULES.
+ + commit f7395338d71d4d82180a11707fd6e77787162e24
+ * configure.ac (GCRYPT_HWF_MODULES): Add libgcrypt_la- prefix.
+
+ build: Update gpg-error.m4 and libgcrypt.m4.
+ + commit f46286851158878d5041ac5381b2807ecec541eb
+ * m4/gpg-error.m4: Update to 2018-11-02.
+ * src/libgrypt.m4: Add AC_MSG_NOTICE.
+ Bump the version date.
+
+2018-10-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update gpg-error.m4 and ksba.m4.
+ + commit 4a4d4a284ca996df874e2534f8529c1611289943
+ * m4/gpg-error.m4: Update to 2018-10-29.
+ * src/libgrypt.m4: Follow the change of gpgrt-config.
+ Bump the version date.
+
+2018-10-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix missing global initialization in fips_is_operational.
+ + commit 6e669e09603e5a98b59dcf35f77f346db6c81eac
+ * src/g10lib.h (_gcry_global_any_init_done): New extern.
+ (fips_is_operational): Check for _gcry_global_any_init_done and call
+ _gcry_global_is_operational.
+ * src/global.c (any_init_done): Rename to ...
+ (_gcry_global_any_init_done): ... this and make externally available.
+
+2018-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ random: use getrandom() on Linux where available.
+ + commit 7e662680c170968661ee0105d132813f8281d229
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): use the
+ getrandom() syscall on Linux if it exists, regardless of what kind of
+ entropy was requested.
+
+2018-10-26 Werner Koch <wk@gnupg.org>
+
+ random: Make sure to re-open /dev/random after a fork.
+ + commit 319f55e6e5793c59f1ba4cfe481b562bca42194d
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Detect fork and
+ re-open devices.
+
+ primes: Avoid leaking bits of the prime test to pageable memory.
+ + commit 2e2e68ad4874a4678cfbe452b70ae987e0402eca
+ * cipher/primegen.c (gen_prime): Allocate MODS in secure memory.
+
+2018-10-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ libgcrypt.m4: Better compatibility support.
+ + commit a755bd0ea09af2ae5a66e3f5aeb8707673c687cf
+ * src/gpg-error.m4: Update.
+ * src/libgcrypt.m4: Don't assume libgcrypt-config is newer.
+
+ build: Fix libgcrypt.m4.
+ + commit 630ece1b7e0a94442bca91d8e96d9b1d4cd3ec66
+ * src/libgcrypt.m4: Use AC_PATH_PROG to detect libgcrypt-config.
+
+ build: Relax build requirements.
+ + commit 8e5641ed65f86783542d5caccdeeee42eeb9457c
+ * m4/gpg-error.m4: Update from libgpg-error 1.33.
+ * src/libgcrypt.m4: Don't require AM_PATH_GPG_ERROR. Use GPGRT_CONFIG
+ instead of libgcrypt-config when it is confirmed that it is available
+ and working well.
+ * configure.ac (AM_PATH_GPG_ERROR): No requirement for newer version
+ (It was because of new gpgrt-config which supports *.pc files).
+
+2018-10-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Require libgpg-error >= 1.33.
+ + commit b376dc2abbb208b10bbc76998ff39adb2f301905
+ * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.33.
+ * m4/gpg-error.m4: Update from libgpg-error 1.33.
+ * src/libgcrypt.m4: Bump version date.
+ Use --variable option.
+
+2018-10-24 Werner Koch <wk@gnupg.org>
+
+ build: Add release make target.
+ + commit 03bb25ee7ed6f1076bf788ab981ca68672880daa
+ * Makefile.am (release, sign-release): New targets.
+
+ build: Make distcheck work again.
+ + commit b0ad66e48c46b79af69349606e276cf0a6b9a020
+ * cipher/Makefile.am: Prettified source file lists.
+ EXTRA_libcipher_la_SOURCES): Add missing asm-common-aarch64.h.
+
+ Fix memory leak in secmem in out of core conditions.
+ + commit f74687fd43f5772a372f54031d5a9527597f4ce4
+ * src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor
+ if the pool could not be allocated.
+
+ ecc: Fix memory leak in the error case of ecc_encrypt_raw.
+ + commit e57e75ea517f32109b508113f18298fc69fd1192
+ * cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main
+ block.
+
+ ecc: Fix possible memory leakage in parameter check of eddsa.
+ + commit 149ceb3cae03d0385341d32430aa5ae57de90007
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak.
+
+2018-10-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Fix libgcrypt.pc.
+ + commit 0e071372fc0e6fed4a449955ed0789803ba5e709
+ * src/libgcrypt.pc.in: Fix typo.
+
+ build: Compatibility to pkg-config.
+ + commit c60eabb11435665fa84a3a82b2a15f48870cc4d7
+ * src/libgcrypt-config.in: Support --variable and --modversion.
+
+ build: Make libgcrypt.m4 use gpg-error-config.
+ + commit 7da887d69d72ea0ea0d106054c48a8c03e242a18
+ * src/libgcrypt.m4: Use gpg-error-config.
+
+ build: Provide libgcrypt.pc, generated by configure.
+ + commit 97194b422bc89a6137f4e218d4cdee118c63e96e
+ * configure.ac: Generate src/libgcrypt.pc.
+ * src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
+ (EXTRA_DIST): Add libgcrypt.pc.in.
+ * src/libgcrypt-config.in: Use @PACKAGE_VERSION@.
+ * src/libgcrypt.pc.in: New.
+
+ build: Update gpg-error.m4 from libgpg-error.
+ + commit 5b1febb5e40d92072bef425bd9e63f7a07edd57e
+ * m4/gpg-error.m4: Update from libgpg-error 1.33.
+
+ build: Don't default to underscore=yes for cross-build.
+ + commit 0f4545b441b6fbdd6e9c4e95f5f2a367483e78ad
+ * acinclude.m4: Don't set ac_cv_sys_symbol_underscore
+ for cross build.
+
+2018-10-23 Werner Koch <wk@gnupg.org>
+
+ ecc: Fix potential unintended freeing of an internal param.
+ + commit e2da4e8dee4b371804f3b2659b53431fb6380d93
+ * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error
+
+ sexp: Fix uninitialized use of a var in the error case.
+ + commit 9f2c7ec4d8b07e82663ad084c90c016d3c3b80c2
+ * src/sexp.c (_gcry_sexp_vextract_param): Initialize L1.
+
+2018-10-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Let configure create the VERSION file.
+ + commit 0f2c6ce2c9504c6df435463243edaa669e57b109
+ * autogen.sh: Update from libgpg-error.
+ * configure.ac: Use mym4_versoin to create VERSION file.
+ * Makefile.am (dist-hook): Do not create VERSION file.
+ (EXTRA_DIST): Add VERSION.
+
+2018-07-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add size optimized cipher block copy and xor functions.
+ + commit 86e5e06a97ae13b8bbf6923ecc76e02b9c429b46
+ * cipher/bufhelp.h (buf_get_he32, buf_put_he32, buf_get_he64)
+ (buf_put_he64): New.
+ * cipher/cipher-internal.h (cipher_block_cpy, cipher_block_xor)
+ (cipher_block_xor_1, cipher_block_xor_2dst, cipher_block_xor_n_copy_2)
+ (cipher_block_xor_n_copy): New.
+ * cipher/cipher-gcm-intel-pclmul.c
+ (_gcry_ghash_setup_intel_pclmul): Use assembly for swapping endianness
+ instead of buf_get_be64 and buf_cpy.
+ * cipher/blowfish.c: Use new cipher_block_* functions for cipher block
+ sized buf_cpy/xor* operations.
+ * cipher/camellia-glue.c: Ditto.
+ * cipher/cast5.c: Ditto.
+ * cipher/cipher-aeswrap.c: Ditto.
+ * cipher/cipher-cbc.c: Ditto.
+ * cipher/cipher-ccm.c: Ditto.
+ * cipher/cipher-cfb.c: Ditto.
+ * cipher/cipher-cmac.c: Ditto.
+ * cipher/cipher-ctr.c: Ditto.
+ * cipher/cipher-eax.c: Ditto.
+ * cipher/cipher-gcm.c: Ditto.
+ * cipher/cipher-ocb.c: Ditto.
+ * cipher/cipher-ofb.c: Ditto.
+ * cipher/cipher-xts.c: Ditto.
+ * cipher/des.c: Ditto.
+ * cipher/rijndael.c: Ditto.
+ * cipher/serpent.c: Ditto.
+ * cipher/twofish.c: Ditto.
+
+2018-07-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ RFC-8439 was published.
+ + commit 9660c3fafd732b1857bb2697c6f43aed077b9ad6
+ * cipher/cipher-poly1305.c: Update RFC reference.
+
+2018-06-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Clean-up implementation selection for SHA1 and SHA2.
+ + commit 8a44c55d2fb758f726b8b436aa5c0b88a6c6f112
+ * cipher/sha1.c (ASM_EXTRA_STACK): Increase by sizeof(void*)*4.
+ (do_sha1_transform_amd64_ssse3, do_sha1_transform_amd64_avx)
+ (do_sha1_transform_amd64_avx_bmi2, do_sha1_transform_intel_shaext)
+ (do_sha1_transform_armv7_neon, do_sha1_transform_armv8_ce): New.
+ (transform_blk, transform): Merge to ...
+ (do_transform_generic): ... this and remove calls to assembly
+ implementations.
+ (sha1_init): Select hd->bctx.bwrite based on HW features.
+ (_gcry_sha1_mixblock, sha1_final): Call hd->bctx.bwrite instead of
+ transform.
+ * cipher/sha1.h (SHA1_CONTEXT): Remove implementation selection bits.
+ * cipher/sha256.h (SHA256_CONTEXT): Remove implementation selection
+ bits.
+ (ASM_EXTRA_STACK): Increase by sizeof(void*)*4.
+ (do_sha256_transform_amd64_ssse3, do_sha256_transform_amd64_avx)
+ (do_sha256_transform_amd64_avx2, do_sha256_transform_intel_shaext)
+ (do_sha256_transform_armv8_ce): New.
+ (transform_blk, transform): Merge to ...
+ (do_transform_generic): ... this and remove calls to assembly
+ implementations.
+ (sha256_init, sha224_init): Select hd->bctx.bwrite based on HW
+ features.
+ (sha256_final): Call hd->bctx.bwrite instead of transform.
+ * cipher/sha512-armv7-neon.S
+ (_gcry_sha512_transform_armv7_neon): Return zero.
+ * cipher/sha512.h (SHA512_CONTEXT): Remove implementation selection
+ bits.
+ (ASM_EXTRA_STACK): Increase by sizeof(void*)*4.
+ (do_sha512_transform_armv7_neon, do_sha512_transform_amd64_ssse3)
+ (do_sha512_transform_amd64_avx, do_sha512_transform_amd64_avx2): New.
+ [USE_ARM_ASM] (do_transform_generic): New.
+ (transform_blk, transform): Merge to ...
+ [!USE_ARM_ASM] (do_transform_generic): ... this and remove calls to
+ assembly implementations.
+ (sha512_init, sha384_init): Select hd->bctx.bwrite based on HW
+ features.
+ (sha512_final): Call hd->bctx.bwrite instead of transform.
+
+ Add hash_buffer and hash_buffers for SHA-224, SHA-385, SHA3 and BLAKE2.
+ + commit 59c4e344eec61cff45185e1caea6815b3266a0f8
+ * cipher/blake2.c (DEFINE_BLAKE2_VARIANT): Add hash_buffer and
+ hash_buffers functions for BLAKE2 variants.
+ * cipher/keccak.c (_gcry_sha3_hash_buffer, _gcry_sha3_hash_buffers)
+ (_gcry_sha3_224_hash_buffer, _gcry_sha3_224_hash_buffers)
+ (_gcry_sha3_256_hash_buffer, _gcry_sha3_256_hash_buffers)
+ (_gcry_sha3_384_hash_buffer, _gcry_sha3_384_hash_buffers)
+ (_gcry_sha3_512_hash_buffer, _gcry_sha3_512_hash_buffers): New.
+ * cipher/sha256.c (_gcry_sha224_hash_buffer)
+ (_gcry_sha224_hash_buffers): New.
+ * cipher/sha512.c (_gcry_sha384_hash_buffer)
+ (_gcry_sha384_hash_buffers): New.
+
+ Add hash_buffer and hash_buffers pointers to message digest spec.
+ + commit b136703ea0ddbd9fec6dfd1f8dfda8373653ba39
+ * src/cipher-proto.h (gcry_md_hash_buffer_t)
+ (gcry_md_hash_buffers_t): New.
+ (gcry_md_spec): Add hash_buffer and hash_buffers.
+ * cipher/md.c (_gcry_md_hash_buffer, _gcry_md_hash_buffers): Use
+ hash_buffer/hash_buffers from MD spec instead of hard-coding supported
+ algorithms.
+ * cipher/blake2.c: Add NULL to MD spec hash_buffer and hash_buffers
+ pointers.
+ * cipher/crc.c: Ditto.
+ * cipher/gostr3411-94.c: Ditto.
+ * cipher/keccak.c: Ditto.
+ * cipher/md2.c: Ditto.
+ * cipher/md4.c: Ditto.
+ * cipher/md5.c: Ditto.
+ * cipher/stribog.c: Ditto.
+ * cipher/tiger.c: Ditto.
+ * cipher/whirlpool.c: Ditto.
+ * cipher/rmd160.c (_gcry_rmd160_hash_buffers): New.
+ (_gcry_digest_spec_rmd160): Add hash_buffer and hash_buffers functions.
+ * cipher/sha1.c (_gcry_digest_spec_sha1): Add hash_buffer and
+ hash_buffers functions.
+ * cipher/sha256.c (_gcry_digest_spec_sha256): Add hash_buffer and
+ hash_buffers functions.
+ (_gcry_digest_spec_sha224): Add NULL pointers for hash_buffer and
+ hash_buffers.
+ * cipher/sha512.c (_gcry_digest_spec_sha1): Add hash_buffer and
+ hash_buffers functions.
+ (_gcry_digest_spec_sha384): Add NULL pointers for hash_buffer and
+ hash_buffers.
+ * cipher/sm3.c (_gcry_digest_spec_sha1): Add hash_buffer and
+ hash_buffers functions.
+
+ AES: setup cipher object bulk routines with optimized versions.
+ + commit a15c1def7e0f170f6663635db84fecab1cbfcca7
+ * cipher/rijndael-aesni.c
+ (_gcry_aes_aesni_prepare_decryption): Rename...
+ (do_aesni_prepare_decryption): .. to this.
+ (_gcry_aes_aesni_prepare_decryption): New.
+ (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc)
+ (_gcry_aes_aesni_ctr_enc, _gcry_aes_aesni_cfb_dec)
+ (_gcry_aes_aesni_cbc_dec): Reorder parameters to match bulk
+ operations.
+ (_gcry_aes_aesni_cbc_dec, aesni_ocb_dec)
+ (_gcry_aes_aesni_xts_dec): Check and prepare decryption.
+ (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): Change return
+ type to size_t.
+ * cipher/rijndael-armv8-ce.c
+ (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
+ (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
+ (_gcry_aes_armv8_ce_cbc_dec): Reorder parameters to match bulk
+ operations.
+ (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
+ (_gcry_aes_armv8_ce_xts_dec): Check and prepare decryption.
+ (_gcry_aes_armv8_ce_ocb_crypt, _gcry_aes_armv8_ce_ocb_auth): Change
+ return type to size_t.
+ * cipher/rijndael-ssse3-amd64.c
+ (_gcry_ssse3_prepare_decryption): Rename...
+ (do_ssse3_prepare_decryption): .. to this.
+ (_gcry_ssse3_prepare_decryption): New.
+ (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc)
+ (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec)
+ (_gcry_aes_ssse3_cbc_dec): Reorder parameters to match bulk
+ operations.
+ (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_dec): Check and prepare decryption.
+ (_gcry_aes_ssse3_ocb_crypt, _gcry_aes_ssse3_ocb_auth): Change return
+ type to size_t.
+ * cipher/rijndael.c
+ (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc)
+ (_gcry_aes_aesni_ctr_enc, _gcry_aes_aesni_cfb_dec)
+ (_gcry_aes_aesni_cbc_dec, _gcry_aes_aesni_ocb_crypt)
+ (_gcry_aes_aesni_ocb_auth, _gcry_aes_aesni_xts_crypt)
+ (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc)
+ (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec)
+ (_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_ocb_crypt)
+ (_gcry_aes_ssse3_ocb_auth, _gcry_aes_ssse3_xts_crypt)
+ (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
+ (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
+ (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
+ (_gcry_aes_armv8_ce_ocb_auth, _gcry_aes_armv8_ce_xts_crypt): Change
+ prototypes to match bulk operations.
+ (do_setkey): Setup bulk operations with optimized implementations.
+ (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc, _gcry_aes_ctr_enc)
+ (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec, _gcry_aes_ocb_crypt)
+ (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Update
+ usage to match new prototypes, avoid prefetch and decryption
+ preparation on optimized code paths.
+
+ Pass cipher object pointer to setkey functions.
+ + commit ca21a24808efa5d562ac91f683504ae0d6dfa69f
+ * cipher/cipher.c (cipher_setkey): Pass cipher object pointer to
+ cipher's setkey function.
+ * cipher/arcfour.c: Add gcry_cipher_hd_t parameter for setkey
+ functions and update selftests to pass NULL pointer.
+ * cipher/blowfish.c: Ditto.
+ * cipher/camellia-glue.c: Ditto.
+ * cipher/cast5.c: Ditto.
+ * cipher/chacha20.c: Ditto.
+ * cipher/cipher-selftest.c: Ditto.
+ * cipher/des.c: Ditto.
+ * cipher/gost28147.c: Ditto.
+ * cipher/idea.c: Ditto.
+ * cipher/rfc2268.c: Ditto.
+ * cipher/rijndael.c: Ditto.
+ * cipher/salsa20.c: Ditto.
+ * cipher/seed.c: Ditto.
+ * cipher/serpent.c: Ditto.
+ * cipher/twofish.c: Ditto.
+ * src/cipher-proto.h: Ditto.
+
+ Add fast path for _gcry_fips_is_operational.
+ + commit b6e6ace324440f564df664e27f8276ef01f76795
+ * src/fips.c (no_fips_mode_required): Rename to...
+ (_gcry_no_fips_mode_required): ...this and make externally available.
+ * src/g10lib.h (_gcry_no_fips_mode_required): New extern.
+ (fips_mode): Inline _gcry_fips_mode to macro, use
+ _gcry_no_fips_mode_required directly.
+ (fips_is_operational): Inline fips_mode check from
+ _gcry_fips_in_operational.
+
+ Access cipher mode routines through routine pointers.
+ + commit 233e2049a2cc1c1110f541b6a7ef145a737e2c65
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add function pointers
+ for mode operations.
+ (_gcry_cipher_xts_crypt): Remove.
+ (_gcry_cipher_xts_encrypt, _gcry_cipher_xts_decrypt): New.
+ * cipher/cipher-xts.c (_gcry_cipher_xts_encrypt)
+ (_gcry_cipher_xts_decrypt): New.
+ * cipher/cipher.c (_gcry_cipher_setup_mode_ops): New.
+ (_gcry_cipher_open_internal): Setup mode routines.
+ (cipher_encrypt, cipher_decrypt): Remove.
+ (do_stream_encrypt, do_stream_decrypt, do_encrypt_none_unknown)
+ (do_decrypt_none_unknown): New.
+ (_gcry_cipher_encrypt, _gcry_cipher_decrypt, _gcry_cipher_setiv)
+ (_gcry_cipher_authenticate, _gcry_cipher_gettag)
+ (_gcry_cipher_checktag): Adapted to use mode routines through pointers.
+
+ Add separate handlers for CBC-CTS variant.
+ + commit 87d8caa47e00f1b1cea968fe38cf30c0ccc9749c
+ * cipher/cipher-cbc.c (cbc_encrypt_inner, cbc_decrypt_inner)
+ (_gcry_cipher_cbc_cts_encrypt, _gcry_cipher_cbc_cts_decrypt): New.
+ (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Remove CTS
+ handling.
+ * cipher/cipher-internal.h (_gcry_cipher_cbc_cts_encrypt)
+ (_gcry_cipher_cbc_cts_decrypt): New.
+ * cipher/cipher.c (cipher_encrypt, cipher_decrypt): Call CBC-CTS
+ handler if CBC-CTS flag is set.
+
+ Avoid division by spec->blocksize in cipher mode handlers.
+ + commit f5168091c1930e948af8f25da11cad5dfa62c7ba
+ * cipher/cipher-internal.h (_gcry_blocksize_shift): New.
+ * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
+ (_gcry_cipherp_cbc_decrypt): Use bit-level operations instead of
+ division to get number of blocks and check input length against
+ blocksize.
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
+ (_gcry_cipher_cfb_decrypt): Ditto.
+ * cipher/cipher-cmac.c (_gcry_cmac_write): Ditto.
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_crypt): Ditto.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
+ (_gcry_cipher_ofb_decrypt): Ditto.
+
+ Fix CBC-CTS+CBC-MAC flag check.
+ + commit a69021535b472556651eb2bab65666206c56c24b
+ * cipher/cipher.c (_gcry_cipher_open_internal): Check flags separately
+ instead of AND masking two flags to zero.
+
+ tests/basic: silence GCC-8 warning.
+ + commit 2a94bdfc0538a340a24c1a7b524bb0c5f606457c
+ * tests/basic.c (check_ofb_cipher, check_stream_cipher): Change
+ tv[].data[].inlen type from signed to unsigned integer.
+
+2018-06-19 Will Dietz <w@wdtz.org>
+
+ random: Fix hang of _gcry_rndjent_get_version.
+ + commit 355f5b7f69075c010fe33aa5b10ac60c08fae0c7
+ * random/rndjent.c (_gcry_rndjent_get_version): Move locking.
+
+2018-06-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add blinding for ECDSA.
+ + commit 9010d1576e278a4274ad3f4aa15776c28f6ba965
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
+ randomized nonce B.
+
+2018-06-06 Werner Koch <wk@gnupg.org>
+
+ ecc: Improve gcry_mpi_ec_curve_point.
+ + commit 7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf
+ * mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates.
+ * tests/t-mpi-point.c (point_on_curve): New.
+
+2018-06-05 Werner Koch <wk@gnupg.org>
+
+ mpi: New internal function _gcry_mpi_cmpabs.
+ + commit 6606ae44e0de1069b29dd4215ee9748280940e1b
+ * mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ...
+ (do_mpi_cmp): New. Add arg absmode.
+ (_gcry_mpi_cmpabs): New.
+ * src/gcrypt-int.h (mpi_cmpabs): New macro.
+
+2018-04-29 Werner Koch <wk@gnupg.org>
+
+ build: Convince gcc not to delete NULL ptr checks.
+ + commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062
+ * configure.ac: Try to use -fno-delete-null-pointer-checks.
+
+2018-04-28 Werner Koch <wk@gnupg.org>
+
+ prime: Avoid rare assertion failure in gcry_prime_check.
+ + commit f3362f10f6f671246c38115ed12b0047966c200e
+ * cipher/primegen.c (is_prime): Don't fail on the assert X > 1.
+
+2018-04-17 Werner Koch <wk@gnupg.org>
+
+ mpi: Fix for buidling for MIPS64 with Clang.
+ + commit e7ae0ae243c8978a67c802169183187d88557be8
+ * mpi/longlong.h [MIPS64][__clang__]: Use the C version like we
+ already do for 32 bit MIPS.
+
+2018-04-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ hmac: Use xtrymalloc.
+ + commit 3e3b520fb32a37c5c23762531a7b3168e112ac36
+ * src/hmac256.c (_gcry_hmac256_new): Use xtrymalloc.
+ (_gcry_hmac256_file): Likewise.
+
+2018-04-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ basic_all_hwfeature_combinations.sh: use $njobs to limit parallel tasks.
+ + commit 5e01705ca90830c27a4cbd8bad41243915f4538a
+ * tests/basic_all_hwfeature_combinations.sh: Use $njobs to limit
+ parallel tasks instead of fixed number "8".
+
+ Faster look-up for spec by algo for digests, ciphers and MAC.
+ + commit 634a85412a4073aa1890589ce5e97eac7b0f3ca3
+ * cipher/cipher.c (cipher_list_algo0, cipher_list_algo301): New cipher
+ spec lists with same order and spacing as 'gcry_cipher_algos'
+ enumeration.
+ (spec_from_algo): Use new spec lists for faster look-up.
+ * cipher/mac.c (mac_list_algo101, mac_list_algo201, mac_list_algo401)
+ (mac_list_algo501): New MAC spec lists with same order and spacing as
+ 'gcry_mac_algos' enumeration.
+ (spec_from_algo): Use new spec lists for faster look-up.
+ * cipher/md.c (digest_list_algo0, digest_list_algo301): New digest
+ spec lists with same order and spacing as 'gcry_md_algos'
+ enumeration.
+ (spec_from_algo): Use new spec lists for faster look-up.
+
+ Fix building with BLAKE2 disabled.
+ + commit 35b59d0ea52e8a1c30c43554dc4dbca97da4bf87
+ * cipher/md.c (md_setkey): Enclose Blake2 part with USE_BLAKE2.
+
+ Add missing BLAKE2, SM3 and GOSTR3411_CP to MAC-HMAC interface.
+ + commit 52e52eb0e3e5541cfc86e04c5047500db5d538b7
+ * cipher/mac-hmac.c (map_mac_algo_to_md): Add GOSTR3411_CP, BLAKE2 and
+ SM3.
+ (_gcry_mac_type_spec_hmac_gost3411_cp)
+ (_gcry_mac_type_spec_hmac_blake2b_512)
+ (_gcry_mac_type_spec_hmac_blake2b_384)
+ (_gcry_mac_type_spec_hmac_blake2b_256)
+ (_gcry_mac_type_spec_hmac_blake2b_160)
+ (_gcry_mac_type_spec_hmac_blake2s_256)
+ (_gcry_mac_type_spec_hmac_blake2s_224)
+ (_gcry_mac_type_spec_hmac_blake2s_160)
+ (_gcry_mac_type_spec_hmac_blake2s_128)
+ (_gcry_mac_type_spec_hmac_sm3): New.
+ * cipher/mac-internal.h (_gcry_mac_type_spec_hmac_gost3411_cp)
+ (_gcry_mac_type_spec_hmac_blake2b_512)
+ (_gcry_mac_type_spec_hmac_blake2b_384)
+ (_gcry_mac_type_spec_hmac_blake2b_256)
+ (_gcry_mac_type_spec_hmac_blake2b_160)
+ (_gcry_mac_type_spec_hmac_blake2s_256)
+ (_gcry_mac_type_spec_hmac_blake2s_224)
+ (_gcry_mac_type_spec_hmac_blake2s_160)
+ (_gcry_mac_type_spec_hmac_blake2s_128)
+ (_gcry_mac_type_spec_hmac_sm3): New.
+ * cipher/mac.c (mac_list): Add GOSTR3411_CP, BLAKE2 and SM3.
+ * src/gcrypt.h.in (GCRY_MAC_HMAC_GOSTR3411_CP)
+ (GCRY_MAC_HMAC_BLAKE2B_512, GCRY_MAC_HMAC_BLAKE2B_384)
+ (GCRY_MAC_HMAC_BLAKE2B_256, GCRY_MAC_HMAC_BLAKE2B_160)
+ (GCRY_MAC_HMAC_BLAKE2S_256, GCRY_MAC_HMAC_BLAKE2S_224)
+ (GCRY_MAC_HMAC_BLAKE2S_160, GCRY_MAC_HMAC_BLAKE2S_128)
+ (GCRY_MAC_HMAC_SM3): New.
+
+2018-04-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ random: Protect another use of jent_rng_collector.
+ + commit 0de2a22fcf6607d0aecb550feefa414cee3731b2
+ * random/rndjent.c (_gcry_rndjent_get_version): Lock the access.
+
+2018-03-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ aarch64/assembly: only use the lower 32 bit of an int parameters.
+ + commit 9b58e4a03ba3aeff7bae3f40da706977870c9649
+ * cipher/camellia-aarch64.S (_gcry_camellia_arm_encrypt_block)
+ (__gcry_camellia_arm_decrypt_block): Make comment section about input
+ registers match usage.
+ * cipher/rijndael-armv8-aarch64-ce.S (_gcry_aes_ocb_auth_armv8_ce): Use
+ 'w12' and 'w7' instead of 'x12' and 'x7'.
+ (_gcry_aes_xts_enc_armv8_ce, _gcry_aes_xts_dec_armv8_ce): Fix function
+ prototype in comments.
+ * mpi/aarch64/mpih-add1.S: Use 32-bit registers for 32-bit mpi_size_t
+ parameters.
+ * mpi/aarch64/mpih-mul1.S: Ditto.
+ * mpi/aarch64/mpih-mul2.S: Ditto.
+ * mpi/aarch64/mpih-mul3.S: Ditto.
+ * mpi/aarch64/mpih-sub1.S: Ditto.
+
+ poly1305: silence compiler warning on clang/aarch64.
+ + commit 8cdb010f04528703a502344e00d52447de12547d
+ * cipher/poly1305.c (MUL_MOD_1305_64): cast zero constant to 64-bits.
+
+2018-03-28 Martin Storsjö <martin@martin.st>
+
+ aarch64: Enable building the aarch64 cipher assembly for windows.
+ + commit 0de2191a07d69ef1fa34ca4c5d5fc4985ff7b4c4
+ * cipher/asm-common-aarch64.h: New.
+ * cipher/camellia-aarch64.S: Use ELF macro, use x19 instead of x18.
+ * cipher/chacha20-aarch64.S: Use ELF macro, don't use GOT on windows.
+ * cipher/cipher-gcm-armv8-aarch64-ce.S: Use ELF macro.
+ * cipher/rijndael-aarch64.S: Use ELF macro.
+ * cipher/rijndael-armv8-aarch64-ce.S: Use ELF macro.
+ * cipher/sha1-armv8-aarch64-ce.S: Use ELF macro.
+ * cipher/sha256-armv8-aarch64-ce.S: Use ELF macro.
+ * cipher/twofish-aarch64.S: Use ELF macro.
+ * configure.ac: Don't require .size and .type in aarch64 assembly check.
+
+ aarch64: camellia: Only use the lower 32 bit of an int parameter.
+ + commit 4e1b628f492643d4e9b830bcdab7b49daaec5854
+ * cipher/camellia-aarch64.S: Use 'w3' instead of 'x3'.
+
+ aarch64: Fix assembling chacha20-aarch64.S with clang/llvm.
+ + commit 36e916fc332eda74963192b1c0bf6860a3e5d67b
+ * cipher/chacha20-aarch64.S: Remove superfluous lane counts.
+
+ aarch64: mpi: Fix building the mpi aarch64 assembly for windows.
+ + commit ec0a2f25c0f64a7b65b373508ce9081e10461965
+ * mpi/aarch64/mpih-add1.S: Use ELF macro.
+ * mpi/aarch64/mpih-mul1.S: Use ELF macro.
+ * mpi/aarch64/mpih-mul2.S: Use ELF macro.
+ * mpi/aarch64/mpih-mul3.S: Use ELF macro.
+ * mpi/aarch64/mpih-sub1.S: Use ELF macro.
+ * mpi/asm-common-aarch64.h: New.
+
+ random: Don't assume that _WIN64 implies x86_64.
+ + commit ed41d6d6fb4551342b22ef763de1bd60e964e186
+ * random/rndw32.c: Change _WIN64 ifdef into __x86_64__.
+
+2018-03-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests/aeswrap: add in-place encryption/decryption testing.
+ + commit 885f031fbd17abc1c0fedbb98df22823b647fc11
+ * tests/aeswrap.c (check): Rename to...
+ (check_one): ...this and add in-place testing.
+ (check): New.
+
+2018-03-22 Stephan Mueller <smueller@chronox.de>
+
+ AES-KW: fix in-place encryption.
+ + commit 330ec66e0babdabb658dc7d6db78f37b2a1b996e
+ * cipher/cipher-aeswrap.c: move memmove call before KW IV setting
+
+2018-03-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ bench-slope: add CPU frequency auto-detection.
+ + commit 617f5e746f8295cc36d1002c8c53edc95d04d0f6
+ * tests/bench-slope.c (bench_obj): Add 'hd'.
+ (bench_encrypt_init, bench_encrypt_free, bench_encrypt_do_bench)
+ (bench_decrypt_do_bench, bench_xts_encrypt_init)
+ (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench)
+ (bench_ccm_encrypt_init, bench_ccm_encrypt_do_bench)
+ (bench_ccm_decrypt_do_bench, bench_aead_encrypt_init)
+ (bench_aead_encrypt_do_bench, bench_aead_decrypt_do_bench)
+ (bench_hash_init, bench_hash_free, bench_hash_do_bench)
+ (bench_mac_init, bench_mac_free, bench_mac_do_bench): Use 'obj->hd'
+ for storing pointer to crypto context.
+ (auto_ghz): New.
+ (do_slope_benchmark): Rename to...
+ (slope_benchmark): ...this.
+ (auto_ghz_init, auto_ghz_free, auto_ghz_bench, auto_ghz_detect_ops)
+ (get_auto_ghz, do_slope_benchmark): New.
+ (double_to_str): Round number larger than 1000 to integer.
+ (bench_print_result_csv, bench_print_result_std)
+ (bench_print_result, bench_print_header, cipher_bench_one)
+ (hash_bench_one, mac_bench_one, kdf_bench_one, kdf_bench): Add
+ auto-detected frequency printing.
+ (print_help): Help for CPU speed auto-detection mode.
+ (main): Add parsing for "--cpu-mhz auto".
+
+ _gcry_burn_stack: use memset for clearing memory.
+ + commit 3841b23c0ccb24d555b7570083bba958e3126d26
+ * src/misc.c (__gcry_burn_stack) [HAVE_VLA]: Use 'memset' for clearing
+ stack.
+
+ Improve constant-time buffer compare.
+ + commit a1127dbbada4302abf09eec90fbaceca87bfcdf0
+ * cipher/bufhelp.h (buf_eq_const): Rewrite logic.
+
+2018-02-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Intel SHA Extensions accelerated SHA256 implementation.
+ + commit 0b3ec359e2279c3b46b171372b1b7733bba20cd7
+ * cipher/Makefile.am: Add 'sha256-intel-shaext.c'.
+ * cipher/sha256-intel-shaext.c: New.
+ * cipher/sha256.c (USE_SHAEXT)
+ (_gcry_sha256_transform_intel_shaext): New.
+ (SHA256_CONTEXT): Add 'use_shaext'.
+ (sha256_init, sha224_init) [USE_SHAEXT]: Use shaext if supported.
+ (transform) [USE_SHAEXT]: Use shaext if enabled.
+ (transform): Only add ASM_EXTRA_STACK if returned burn length is not
+ zero.
+ * configure.ac: Add 'sha256-intel-shaext.lo'.
+
+ Add Intel SHA Extensions accelerated SHA1 implementation.
+ + commit d02958bd300d2c80bc92b1e072103e95e256b297
+ * cipher/Makefile.am: Add 'sha1-intel-shaext.c'.
+ * cipher/sha1-intel-shaext.c: New.
+ * cipher/sha1.c (USE_SHAEXT, _gcry_sha1_transform_intel_shaext): New.
+ (sha1_init) [USE_SHAEXT]: Use shaext implementation is supported.
+ (transform) [USE_SHAEXT]: Use shaext if enabled.
+ (transform): Only add ASM_EXTRA_STACK if returned burn length is not
+ zero.
+ * cipher/sha1.h (SHA1_CONTEXT): Add 'use_shaext'.
+ * configure.ac: Add 'sha1-intel-shaext.lo'.
+ (shaextsupport, gcry_cv_gcc_inline_asm_shaext): New.
+ * src/g10lib.h: Add HWF_INTEL_SHAEXT and reorder HWF flags.
+ * src/hwf-x86.c (detect_x86_gnuc): Detect SHA Extensions.
+ * src/hwfeatures.c (hwflist): Add 'intel-shaext'.
+
+ AVX implementation of BLAKE2s.
+ + commit da58a62ac1b7a8d97b0895dcb41d15af531e45e5
+ * cipher/Makefile.am: Add 'blake2s-amd64-avx.S'.
+ * cipher/blake2.c (USE_AVX, _gry_blake2s_transform_amd64_avx): New.
+ (BLAKE2S_CONTEXT) [USE_AVX]: Add 'use_avx'.
+ (blake2s_transform): Rename to ...
+ (blake2s_transform_generic): ... this.
+ (blake2s_transform): New.
+ (blake2s_final): Pass 'ctx' pointer to transform function instead of
+ 'S'.
+ (blake2s_init_ctx): Check HW features and enable AVX implementation
+ if supported.
+ * cipher/blake2s-amd64-avx.S: New.
+ * configure.ac: Add 'blake2s-amd64-avx.lo'.
+
+2018-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ AVX2 implementation of BLAKE2b.
+ + commit af7fc732f9a7af7a70276f1e8364d2132db314f1
+ * cipher/Makefile.am: Add 'blake2b-amd64-avx2.S'.
+ * cipher/blake2.c (USE_AVX2, ASM_FUNC_ABI, ASM_EXTRA_STACK)
+ (_gry_blake2b_transform_amd64_avx2): New.
+ (BLAKE2B_CONTEXT) [USE_AVX2]: Add 'use_avx2'.
+ (blake2b_transform): Rename to ...
+ (blake2b_transform_generic): ... this.
+ (blake2b_transform): New.
+ (blake2b_final): Pass 'ctx' pointer to transform function instead of
+ 'S'.
+ (blake2b_init_ctx): Check HW features and enable AVX2 implementation
+ if supported.
+ * cipher/blake2b-amd64-avx2.S: New.
+ * configure.ac: Add 'blake2b-amd64-avx2.lo'.
+
+2018-01-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix incorrect counter overflow handling for GCM.
+ + commit ffdc6f3623a0bcb41324d562340b2cd1c288e387
+ * cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle
+ 32-bit CTR increment for GCM.
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use
+ generic CTR implementation directly, use gcm_ctr_encrypt instead.
+ * tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit
+ CTR overflow.
+ (check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes'
+ test-runs.
+
+2018-01-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix use of AVX instructions in Chaha20 SSSE3 implementation.
+ + commit 0b55f349a8b8f4b0ac9ed724c2d5b8dcc9f5401c
+ * cipher/chacha20-amd64-ssse3.S: Replace two 'vmovdqa' instructions
+ with 'movdqa'.
+
+2018-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ doc: fix double "See" in front of reference.
+ + commit bd75f0e89817b5708c57efab49e3eb4e035186e2
+ * doc/gcrypt.texi: Change @xref to @ref when text already has 'see' in
+ the front.
+
+ Add EAX mode.
+ + commit e8629e535bd0e9711b07904d4501de8ad57aaecd
+ * cipher/Makefile.am: Add 'cipher-eax.c'.
+ * cipher/cipher-cmac.c (cmac_write): Rename to ...
+ (_gcry_cmac_write): ... this; Take CMAC context as new input
+ parameter; Return error code.
+ (cmac_generate_subkeys): Rename to ...
+ (_gcry_cmac_generate_subkeys): ... this; Take CMAC context as new
+ input parameter; Return error code.
+ (cmac_final): Rename to ...
+ (_gcry_cmac_final): ... this; Take CMAC context as new input
+ parameter; Return error code.
+ (cmac_tag): Take CMAC context as new input parameter.
+ (_gcry_cmac_reset): New.
+ (_gcry_cipher_cmac_authenticate): Remove duplicate tag flag check;
+ Adapt to changes above.
+ (_gcry_cipher_cmac_get_tag): Adapt to changes above.
+ (_gcry_cipher_cmac_check_tag): Ditto.
+ (_gcry_cipher_cmac_set_subkeys): Ditto.
+ * cipher-eax.c: New.
+ * cipher-internal.h (gcry_cmac_context_t): New.
+ (gcry_cipher_handle): Update u_mode.cmac; Add u_mode.eax.
+ (_gcry_cmac_write, _gcry_cmac_generate_subkeys, _gcry_cmac_final)
+ (_gcry_cmac_reset, _gcry_cipher_eax_encrypt, _gcry_cipher_eax_decrypt)
+ (_gcry_cipher_eax_set_nonce, _gcry_cipher_eax_authenticate)
+ (_gcry_cipher_eax_get_tag, _gcry_cipher_eax_check_tag)
+ (_gcry_cipher_eax_setkey): New prototypes.
+ * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
+ (cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv)
+ (_gcry_cipher_authenticate, _gcry_cipher_gettag, _gcry_cipher_checktag)
+ (_gcry_cipher_info): Add EAX mode.
+ * doc/gcrypt.texi: Add EAX mode.
+ * src/gcrypt.h.in (GCRY_CIPHER_MODE_EAX): New.
+ * tests/basic.c (_check_gcm_cipher, _check_poly1305_cipher): Constify
+ test vectors array.
+ (_check_eax_cipher, check_eax_cipher): New.
+ (check_ciphers, check_cipher_modes): Add EAX mode.
+ * tests/bench-slope.c (bench_eax_encrypt_do_bench)
+ (bench_eax_decrypt_do_bench, bench_eax_authenticate_do_bench)
+ (eax_encrypt_ops, eax_decrypt_ops, eax_authenticate_ops): New.
+ (cipher_modes): Add EAX mode.
+ * tests/benchmark.c (cipher_bench): Add EAX mode.
+
+ cipher: constify spec arrays.
+ + commit cd7ed2e3546b12dd98df4211949f1cdbf5827013
+ * cipher/cipher.c (cipher_list): Constify array.
+ * cipher/mac.c (mac_list): Constify array.
+ * cipher/md.c (digest_list): Constify array.
+ * cipher/pubkey.c (pubkey_list): Constify array.
+
+ Add ARMv8/CE acceleration for AES-XTS.
+ + commit 93503c127a52c1f6a193750e2bf181a744ba3e6b
+ * cipher/rijndael-armv8-aarch32-ce.S (_gcry_aes_xts_enc_armv8_ce)
+ (_gcry_aes_xts_dec_armv8_ce): New.
+ * cipher/rijndael-armv8-aarch64-ce.S (_gcry_aes_xts_enc_armv8_ce)
+ (_gcry_aes_xts_dec_armv8_ce): New.
+ * cipher/rijndael-armv8-ce.c (_gcry_aes_xts_enc_armv8_ce)
+ (_gcry_aes_xts_dec_armv8_ce, xts_crypt_fn_t)
+ (_gcry_aes_armv8_ce_xts_crypt): New.
+ * cipher/rijndael.c (_gcry_aes_armv8_ce_xts_crypt): New.
+ (_gcry_aes_xts_crypt) [USE_ARM_CE]: New.
+
+2018-01-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-ssse3: call assembly functions directly.
+ + commit c3d60acc3ab5c6d60c2258882175bf31351cc998
+ * cipher/rijndael-ssse3-amd64-asm.S (_gcry_aes_ssse3_enc_preload)
+ (_gcry_aes_ssse3_dec_preload, _gcry_aes_ssse3_encrypt_core)
+ (_gcry_aes_ssse3_decrypt_core, _gcry_aes_schedule_core): Add
+ ENTER_SYSV_FUNC_PARAMS_* at function entry and EXIT_SYSV_FUNC at exit.
+ (_gcry_aes_ssse3_encrypt_core, _gcry_aes_ssse3_decrypt_core): Change
+ to input parameters to RDI and RSI registers.
+ * cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_encrypt_core)
+ (_gcry_aes_ssse3_decrypt_core, _gcry_aes_schedule_core): Add parameters
+ for function prototypes.
+ (PUSH_STACK_PTR, POP_STACK_PTR): Remove.
+ (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
+ (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+ (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Remove inline assembly to
+ call functions, and call directly instead.
+
+ Move AMD64 MS to SysV calling convention conversion to assembly side.
+ + commit a518b6680ea80a4325731028545a701c1d71fc02
+ * cipher/Makefile.am: Add 'asm-common-amd64.h'.
+ * cipher/asm-common-amd64.h: New.
+ * cipher/blowfish-amd64.S: Add ENTER_SYSV_FUNC_* and EXIT_SYSV_FUNC for
+ each global function from 'asm-common-amd64.h'.
+ * cipher/cast5-amd64.S: Ditto.
+ * cipher/des-amd64.S: Ditto.
+ * cipher/rijndael-amd64.S: Ditto.
+ * cipher/twofish-amd64.S: Ditto.
+ * cipher/arcfour-amd64.S: Ditto.
+ * cipher/blowfish.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+ (call_sysv_fn): Remove.
+ * cipher/cast5.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+ (call_sysv_fn): Remove.
+ * cipher/twofish.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+ (call_sysv_fn, call_sysv_fn5, call_sysv_fn6): Remove.
+ * cipher/rijndael.c (do_encrypt, do_decrypt)
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Remove assembly block for
+ calling SysV ABI function.
+ * cipher/arcfour.c [USE_AMD64_ASM] (encrypt_stream): Ditto.
+
+ Make BMI2 inline assembly check more robust.
+ + commit 135250e3060e79be698d4f36a819aa8a880789f8
+ * configure.ac (gcry_cv_gcc_inline_asm_bmi2): New assembly test.
+
+ Add AES-NI acceleration for AES-XTS.
+ + commit a00c5b2988cea256c7823a76ce601febf02c790f
+ * cipher/cipher-internal.h (gcry_cipher_handle): Change bulk
+ XTS function to take cipher context.
+ * cipher/cipher-xts.c (_gcry_cipher_xts_crypt): Ditto.
+ * cipher/cipher.c (_gcry_cipher_open_internal): Setup AES-NI
+ XTS bulk function.
+ * cipher/rijndael-aesni.c (xts_gfmul_const, _gcry_aes_aesni_xts_enc)
+ (_gcry_aes_aesni_xts_enc, _gcry_aes_aesni_xts_crypt): New.
+ * cipher/rijndael.c (_gcry_aes_aesni_xts_crypt)
+ (_gcry_aes_xts_crypt): New.
+ * src/cipher.h (_gcry_aes_xts_crypt): New.
+
+ AES-NI improvements for AMD64.
+ + commit c9e9cb2eb6a1c659d3825ca627228b732f2f2152
+ * cipher/rijndael-aesni.c [__x86_64__] (aesni_prepare_7_15_variable)
+ (aesni_prepare_7_15, aesni_cleanup_7_15, do_aesni_enc_vec8)
+ (do_aesni_dec_vec8, do_aesni_ctr_8): New.
+ (_gcry_aes_aesni_ctr_enc, _gcry_aes_aesni_cfb_dec)
+ (_gcry_aes_aesni_cbc_dec, aesni_ocb_enc, aesni_ocb_dec)
+ (_gcry_aes_aesni_ocb_auth) [__x86_64__]: Add 8 parallel blocks
+ processing.
+
+ Add ARMv8/AArch64 implementation of chacha20.
+ + commit b3ec0f752c925cde36f560f0f9309ab6450bbfd9
+ * cipher/Makefile.am: Add 'chacha20-aarch64.S'.
+ * cipher/chacha20-aarch64.S: New.
+ * cipher/chacha20.c (USE_AARCH64_SIMD): New.
+ (_gcry_chacha20_aarch_blocks4): New.
+ (chacha20_do_setkey): Add HWF selection for Aarch64 implementation.
+ * configure.ac: Add 'chacha20-aarch64.lo'.
+
+ New ChaCha implementations.
+ + commit 172ad09cbedc893f147180875335f4c525393c0b
+ * cipher/Makefile.am: Remove 'chacha20-sse2-amd64.S',
+ 'chacha20-ssse3-amd64.S', 'chacha20-avx2-amd64.S'; Add
+ 'chacha20-amd64-ssse3.S', 'chacha20-amd64-avx2.S'.
+ * cipher/chacha20-amd64-avx2.S: New.
+ * cipher/chacha20-amd64-ssse3.S: New.
+ * cipher/chacha20-armv7-neon.S: Rewrite.
+ * cipher/chacha20-avx2-amd64.S: Remove.
+ * cipher/chacha20-sse2-amd64.S: Remove.
+ * cipher/chacha20-ssse3-amd64.S: Remove.
+ * cipher/chacha20.c (CHACHA20_INPUT_LENGTH, USE_SSE2, USE_NEON)
+ (ASM_EXTRA_STACK, chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks)
+ (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks)
+ (_gcry_chacha20_armv7_neon_blocks, QROUND, QOUT, chacha20_core)
+ (chacha20_do_encrypt_stream): Remove.
+ (_gcry_chacha20_amd64_ssse3_blocks4, _gcry_chacha20_amd64_avx2_blocks8)
+ (_gcry_chacha20_armv7_neon_blocks4, ROTATE, XOR, PLUS, PLUSONE)
+ (QUARTERROUND, BUF_XOR_LE32): New.
+ (CHACHA20_context_s, chacha20_blocks, chacha20_keysetup)
+ (chacha20_encrypt_stream): Rewrite.
+ (chacha20_do_setkey): Adjust for new CHACHA20_context_s.
+ * configure.ac: Remove 'chacha20-sse2-amd64.lo',
+ 'chacha20-ssse3-amd64.lo', 'chacha20-avx2-amd64.lo'; Add
+ 'chacha20-amd64-ssse3.lo', 'chacha20-amd64-avx2.lo'.
+
+ New Poly1305 implementations.
+ + commit b9a471ccf5f02f89e25c7ccc29898d0e4e486099
+ * cipher/Makefile.am: Include '../mpi' for 'longlong.h'; Remove
+ 'poly1305-sse2-amd64.S', 'poly1305-avx2-amd64.S' and
+ 'poly1305-armv7-neon.S'.
+ * cipher/poly1305-armv7-neon.S: Remove.
+ * cipher/poly1305-avx2-amd64.S: Remove.
+ * cipher/poly1305-sse2-amd64.S: Remove.
+ * cipher/poly1305-internal.h (POLY1305_BLOCKSIZE)
+ (POLY1305_STATE): New.
+ (POLY1305_SYSV_FUNC_ABI, POLY1305_REF_BLOCKSIZE)
+ (POLY1305_REF_STATESIZE, POLY1305_REF_ALIGNMENT)
+ (POLY1305_USE_SSE2, POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE)
+ (POLY1305_SSE2_ALIGNMENT, POLY1305_USE_AVX2, POLY1305_AVX2_BLOCKSIZE)
+ (POLY1305_AVX2_STATESIZE, POLY1305_AVX2_ALIGNMENT)
+ (POLY1305_USE_NEON, POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE)
+ (POLY1305_NEON_ALIGNMENT, POLY1305_LARGEST_BLOCKSIZE)
+ (POLY1305_LARGEST_STATESIZE, POLY1305_LARGEST_ALIGNMENT)
+ (POLY1305_STATE_BLOCKSIZE, POLY1305_STATE_STATESIZE)
+ (POLY1305_STATE_ALIGNMENT, OPS_FUNC_ABI, poly1305_key_s)
+ (poly1305_ops_s): Remove.
+ (poly1305_context_s): Rewrite.
+ * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext)
+ (_gcry_poly1305_amd64_sse2_finish_ext)
+ (_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops)
+ (poly1305_init_ext_ref32, poly1305_blocks_ref32)
+ (poly1305_finish_ext_ref32, poly1305_default_ops)
+ (_gcry_poly1305_amd64_avx2_init_ext)
+ (_gcry_poly1305_amd64_avx2_finish_ext)
+ (_gcry_poly1305_amd64_avx2_blocks)
+ (poly1305_amd64_avx2_ops, poly1305_get_state): Remove.
+ (poly1305_init): Rewrite.
+ (USE_MPI_64BIT, USE_MPI_32BIT): New.
+ [USE_MPI_64BIT] (ADD_1305_64, MUL_MOD_1305_64, poly1305_blocks)
+ (poly1305_final): New implementation using 64-bit limbs.
+ [USE_MPI_32BIT] (UMUL_ADD_32, ADD_1305_32, MUL_MOD_1305_32)
+ (poly1305_blocks): New implementation using 32-bit limbs.
+ (_gcry_poly1305_update, _gcry_poly1305_finish)
+ (_gcry_poly1305_init): Adapt to new implementation.
+ * configure.ac: Remove 'poly1305-sse2-amd64.lo',
+ 'poly1305-avx2-amd64.lo' and 'poly1305-armv7-neon.lo'.
+
+ mpi/ec: fix when 'unsigned long' is 32-bit but limb size is 64-bit.
+ + commit d39deb0a41dbeec81174704904d3d29c66d10d7e
+ * mpi/ec.c (ec_addm_25519, ec_subm_25519, ec_mulm_25519): Cast '1' to
+ mpi_limb_t before left shift.
+
+2017-11-24 Werner Koch <wk@gnupg.org>
+
+ sexp: Avoid a fatal error in case of ENOMEM in called functions.
+ + commit 2ad912d5b7794fb32192fddab1b559c7b86303a2
+ * src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error
+ return. Replace sprintf by snprintf.
+ (convert_to_hex): Replace sprintf by snprintf.
+ (convert_to_string): Ditto.
+ (_gcry_sexp_sprint): Ditto.
+
+ api: Add GCRYCTL_AUTO_EXPAND_SECMEM.
+ + commit 1f6b2f6099ebcfd785e2d2ae0aeca810394dbbac
+ * src/gcrypt.h.in (GCRYCTL_AUTO_EXPAND_SECMEM): New enum.
+ * src/global.c (_gcry_vcontrol): Implement that.
+ * src/secmem.c (auto_expand): New var.
+ (_gcry_secmem_set_auto_expand): New.
+ (_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND.
+
+2017-11-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Add HAVE_MMAP check for MinGW.
+ + commit c594f187bd457b757112adc551ffa4db92962dc1
+ * tests/t-secmem.c (main): Conditionalize with HAVE_MMAP.
+
+2017-11-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix secmem test for machine with larger page.
+ + commit 621f5c4e837347308a6b06a8cfbfc47ca9fae69e
+ * tests/t-secmem.c (main): Detect page size and setup chunk size.
+ * src/secmem.c (init_pool): Simplify the expression.
+
+2017-10-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ Add OID information for SM3.
+ + commit 94b84360ca55c407222a3eb8222d8b1816fc617f
+ * cipher/sm3.c (asn_sm3, oid_spec_sm3): New.
+ (_gcry_digest_spec_sm3): Add asn_sm3, oid_spec_sm3.
+
+2017-10-24 Jia Zhang <qianyue.zj@alibaba-inc.com>
+
+ Add crypto hash SM3.
+ + commit 4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd
+ * configure.ac (available_digests): Add sm3.
+ * src/cipher.h: Add declarations for SM3.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm3.c.
+ * cipher/md.c [USE_SM3] (digest_list): Add _gcry_digest_spec_sm3.
+ * cipher/pubkey-util.c (hashnames): Add "sm3".
+ * cipher/sm3.c: New.
+ * tests/basic.c (check_digests): Add test vectors for SM3.
+ * tests/hashtest-256g.in (algos): Add SM3.
+ * tests/hashtest.c (testvectors): Add for SM3.
+
+2017-10-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ Add new constant GCRY_MD_SM3 for crypto hash SM3.
+ + commit 5b31e22d9fc542bdccb1586ef2c83d9794a731d3
+ * src/gcrypt.h.in (GCRY_MD_SM3): New.
+
+2017-10-17 Werner Koch <wk@gnupg.org>
+
+ api: New function gcry_mpi_get_ui.
+ + commit c6e42e7ec3d1046969d783c443c13aad7cb61bb8
+ * src/gcrypt.h.in (gcry_mpi_get_ui): New.
+ (mpi_get_ui): New macro.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
+ * src/visibility.c (gcry_mpi_get_ui): New.
+ * src/visibility.h: Mark that function.
+ (gcry_mpi_get_ui): New.
+ * mpi/mpiutil.c (MY_UINT_MAX): New macro.
+ (_gcry_mpi_get_ui): Re-implemented. This function existed but was
+ never imported or used.
+ * tests/mpitests.c (test_maxsize): Add some test for this function.
+
+2017-08-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ Tweak GCC version check.
+ + commit e4dc458b0b7dc9b8417a2177ef17822d9b9064ec
+ * src/global.c (_gcry_vcontrol): It's GCC 4.2 which started to support
+ diagnostic pragma.
+
+ random: Fix warnings on Windows.
+ + commit 8126a6717c80d4fc1766d7f975e872bee2f9f203
+ * random/random-csprng.c (lock_seed_file): Vars with no use.
+
+ tests: Fix warnings on Windows.
+ + commit a848ef44470a524c05624afb54b92cf25595acd2
+ * tests/fipsdrv.c (print_dsa_domain_parameters, print_ecdsa_dq): Fix.
+
+ ecc: Fix scratch MPI.
+ + commit db3a8d6890fb4a6436e082b49378c0bd891563ca
+ * mpi/ec.c (ec_p_init): Check if scratch MPI is allocated.
+
+ ecc: Fix ec_mulm_25519.
+ + commit 1d5f726668b9cc32d6bb601f2329987058146c6c
+ * mpi/ec.c (ec_mulm_25519): Improve reduction to 25519.
+
+ ecc: Use 25519 method also for ed25519.
+ + commit fab712d654b2ccd24696ed90bc239860a128ad5b
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Don't use mpi_add
+ since it resizes to have more limbs.
+ * mpi/ec.c (point_resize): Fix for Edwards curve.
+ (ec_p_init): Support Edwards curve.
+ (_gcry_mpi_ec_get_affine): Use the methods.
+ (dup_point_edwards, add_points_edwards, sub_points_edwards): Ditto.
+ (_gcry_mpi_ec_mul_point): Resize MPIs of point to fixed size.
+ (_gcry_mpi_ec_curve_point): Use the methods.
+
+ ecc: Clean up curve specific method support.
+ + commit 1ac3d3637dd80013b78e03b9b9f582091710d908
+ * src/ec-context.h (struct mpi_ec_ctx_s): Remove MOD method.
+ * mpi/ec.c (ec_mod_25519): Remove.
+ (ec_p_init): Follow the removal of the MOD method.
+
+ ecc: Relax condition for 25519 computations.
+ + commit e9be23c4ad9f42c9d3198c706f912b7e27f574bc
+ * mpi/ec.c (ec_addm_25519, ec_subm_25519, ec_mulm_25519): Check number
+ of limbs, allocated more is OK.
+
+ ecc: Fix ec_mulm_25519.
+ + commit 449459a2770d3aecb1f36502bf1903e0cbd2873e
+ * mpi/ec.c (ec_mulm_25519): Fix the cases of 0 to 18.
+
+ ecc: field specific routines for 25519.
+ + commit 9ed0fb37bd637d1a2e9498c24097cfeadec682ec
+ * mpi/ec.c (point_resize): Improve for X25519.
+ (mpih_set_cond): New.
+ (ec_mod_25519, ec_addm_25519, ec_subm_25519, ec_mulm_25519)
+ (ec_mul2_25519, ec_pow2_25519): New.
+ (ec_p_init): Fill by FIELD_TABLE.
+
+ ecc: Add field specific computation methods.
+ + commit d4cd381defe5b37dda19bbda0986bdd38065bd31
+ * src/ec-context.h (struct mpi_ec_ctx_s): Add methods.
+ * mpi/ec.c (ec_p_init): Initialize the default methods.
+ (montgomery_ladder): Use the methods.
+
+2017-08-27 Werner Koch <wk@gnupg.org>
+
+ Release 1.8.1.
+ + commit 80fd8615048c3897b91a315cca22ab139b056ccd
+ * configure.ac: Set LT version to C22/A2/R1.
+
+2017-08-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add input validation for X25519.
+ + commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
+ * cipher/ecc.c (ecc_decrypt_raw): Add input validation.
+ * mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
+ (_gcry_mpi_ec_bad_point): New.
+
+2017-08-07 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ cipher: Add OID for SHA384WithECDSA.
+ + commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315
+ * cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA.
+
+2017-08-02 Werner Koch <wk@gnupg.org>
+
+ tests: Fix a printf glitch for a Windows test.
+ + commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19
+ * tests/t-convert.c (check_formats): Fix print format glitch on
+ Windows.
+ * tests/t-ed25519.c: Typo fix.
+
+ tests: Add benchmarking option to tests/random.
+ + commit 21d0f068a721c022f955084c28304934fd198c5e
+ * tests/random.c: Always include unistd.h.
+ (prepend_srcdir): New.
+ (run_benchmark): New.
+ (main): Add options --benchmark and --with-seed-file. Print whetehr
+ JENT has been used.
+ * tests/t-common.h (split_fields_colon): New. Taken from GnuPG.
+ License of that code changed to LGPLv2.1.
+
+ random: Add more bytes to the pool in addition to the seed file.
+ + commit eea36574f37830a6a80b4fad884825e815b2912f
+ * random/random-csprng.c (read_seed_file): Read 128 or 32 butes
+ depending on whether we have the Jitter RNG.
+
+2017-08-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add script to run basic tests with all supported HWF combinations.
+ + commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004
+ * tests/basic_all_hwfeature_combinations.sh: New.
+ * tests/Makefile.am: Add basic_all_hwfeature_combinations.sh.
+
+2017-07-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix return value type for _gcry_md_extract.
+ + commit cf1528e7f2761774d06ace0de48f39c96b52dc4f
+ * src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of
+ gpg_error_t for internal function return type.
+
+ Fix building AArch32 CE implementations when target is ARMv6 arch.
+ + commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748
+ * cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure.
+ * cipher/rijndael-armv8-aarch32-ce.S: Ditto.
+ * cipher/sha1-armv8-aarch32-ce.S: Ditto.
+ * cipher/sha256-armv8-aarch32-ce.S: Ditto.
+ * configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto.
+
+2017-07-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ sexp: Add fall through annotation.
+ + commit b7cd44335d9cde43be6f693dca6399ed0762649c
+ * src/dumpsexp.c (parse_and_print): It's fall through.
+
+2017-07-24 Werner Koch <wk@gnupg.org>
+
+ random: Fix the command line munging for jitterbase.
+ + commit ac39522ab08fcd2483edc223334c6ab9d19e91f3
+ * random/Makefile.am (o_flag_munging): Make the first sed term also
+ global.
+
+2017-07-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ Remove byte order mark.
+ + commit 1d8e4c2c3a7d0a4154caf5bd720a9a0b04179390
+ * random/jitterentropy-base.c, random/jitterentropy.h: Remove
+ byte order mark.
+
+2017-07-18 Werner Koch <wk@gnupg.org>
+
+ Release 1.8.0.
+ + commit 850aca744eeda5fd410f478a0778e353045ac962
+
+
+ mac: Add selftests for HMAC-SHA3-xxx.
+ + commit 95194c550443e8d5558856633f920daec8a975c4
+ * cipher/hmac-tests.c (check_one): Add arg trunc and change all
+ callers to pass false.
+ (selftests_sha3): New.
+ (run_selftests): Call new selftests.
+
+ api: New function gcry_mpi_point_copy.
+ + commit ecf73dafb7aafed0d0f339d07235b58c2113f94c
+ * src/gcrypt.h.in (gcry_mpi_point_copy): New.
+ (mpi_point_copy): New macro.
+ * src/visibility.c (gcry_mpi_point_copy): New.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add function.
+ * mpi/ec.c (_gcry_mpi_point_copy): New.
+ * tests/t-mpi-point.c (set_get_point): Add test.
+
+2017-07-17 Werner Koch <wk@gnupg.org>
+
+ random: Minor fix for getting the rndjent version.
+ + commit 9d99c6b973caa7fdf93b53cf764066214f763803
+ * random/rndjent.c (_gcry_rndjent_get_version): Always set R_ACTIVE.
+ * tests/version.c (test_get_config): Check number of fields for
+ rng-type.
+
+2017-07-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Minor fix of mpi_pow.
+ + commit 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b
+ * mpi/mpi-pow.c (_gcry_mpi_powm): Allocate size fix.
+
+ mpi: Fix mpi_pow alternative implementation.
+ + commit 66ed4d53789892def7b237756d8a0ab28df9d222
+ * mpi/mpi-pow.c
+ [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Use
+ mpi_set_cond.
+
+ Fix mpi_pow alternative implementation.
+ + commit 619ebae9847831f43314a95cc3180f4b329b4d3b
+ * mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm):
+ Allocate size fix.
+
+2017-07-06 Werner Koch <wk@gnupg.org>
+
+ rsa: Use modern MPI allocation function.
+ + commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887
+ * cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew.
+
+2017-07-05 Werner Koch <wk@gnupg.org>
+
+ build: Minor API fixes to fix build problems on AIX.
+ + commit 85a9a913da9ecc6b2cd6f743e90e49983251d706
+ * src/gcrypt.h.in (gcry_error_from_errno): Fix return type.
+ * src/visibility.c (gcry_md_extract): Change return type to match the
+ prototype.
+
+ tools: Add left shift to mpicalc.
+ + commit 0d30a4a9791d20c8881b5b12bd44611d9f4274cd
+ * src/mpicalc.c (do_lshift): New.
+ (main): Handle '<'.
+
+2017-07-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Fix mpi_set_secure.
+ + commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2
+ * mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced.
+
+2017-06-29 NIIBE Yutaka <gniibe@fsij.org>
+ Werner Koch <wk@gnupg.org>
+
+ rsa: Add exponent blinding.
+ + commit 8725c99ffa41778f382ca97233183bcd687bb0ce
+ * cipher/rsa.c (secret_core_crt): Blind secret D with randomized
+ nonce R for mpi_powm computation.
+
+2017-06-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ Same computation for square and multiply.
+ + commit 78130828e9a140a9de4dafadbc844dbb64cb709a
+ * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move
+ the assignment to base_u into the loop. Copy content refered by RP to
+ BASE_U except the last of the loop.
+
+2017-06-24 Werner Koch <wk@gnupg.org>
+
+ rsa: Minor refactoring.
+ + commit e6a3dc9900433bbc8ad362a595a3837318c28fa9
+ * cipher/rsa.c (secret): Factor code out to ...
+ (secret_core_std, secret_core_crt): new functions.
+
+2017-06-23 Werner Koch <wk@gnupg.org>
+
+ random: Add missing dependency.
+ + commit d091610377b2c92cf385282b1adfc30fa6cd5c75
+ * random/Makefile.am (EXTRA_librandom_la_SOURCES): Fix file name.
+ (rndjent.o, rndjent.lo): Depend on jitterentropy-base-user.h.
+
+ random: Update jitterentropy to 2.1.0.
+ + commit 8dfae89ecd3e9ae0967586cb38d12ef9111fc7cd
+ * random/rndjent.c (jent_get_nstime, jent_zfree)
+ (jent_fips_enabled, jent_zalloc): Move functions and macros to ...
+ * random/jitterentropy-base-user.h: this file. That files was not
+ used before.
+ * random/Makefile.am (EXTRA_librandom_la_SOURCES): Add
+ jitterentropy-base-user.
+ * random/jitterentropy-base.c: Update to version 2.1.0.
+ * random/jitterentropy.h: Ditto.
+
+2017-06-21 Werner Koch <wk@gnupg.org>
+
+ api: New function gcry_get_config.
+ + commit 27148e60ba15b0cb73b47a75c688fcb48a1a3444
+ * src/misc.c (_gcry_log_info_with_dummy_fp): Remove.
+ * src/global.c (print_config): New arg WHAT. Remove arg FNC and use
+ gpgrt_fprintf directly.
+ (_gcry_get_config): New.
+ (_gcry_vcontrol) <GCRYCTL_PRINT_CONFIG>: Use _gcry_get_config instead
+ of print_config.
+ * src/gcrypt.h.in (gcry_get_config): New.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
+ * src/visibility.c (gcry_get_config): New.
+ * src/visibility.h: Mark new function.
+
+ * tests/version.c (test_get_config): New.
+ (main): Call new test.
+
+ random: Allow building rndjent on non-x86.
+ + commit c2319464b03e61aaf34ef6d5f4b59b0c0483a373
+ * random/jitterentropy-base.c (jent_version): Uncomment function.
+ * random/rndjent.c: Include time.h
+ (JENT_USES_RDTSC): New.
+ (JENT_USES_GETTIME): New.
+ (JENT_USES_READ_REAL_TIME): New.
+ (jent_get_nstime): Support clock_gettime and AIX specific
+ function. Taken from Stephan Müller's code.
+ (is_rng_available): New.
+ (_gcry_rndjent_dump_stats): Use that function.
+ (_gcry_rndjent_poll): Use that fucntion. Allow an ADD of NULL for an
+ intialize only mode.
+ (_gcry_rndjent_get_version): New.
+
+2017-06-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-padlock: change asm operands from read-only to read/write.
+ + commit 32b4ab209067f6f08b87b27bc78ec27dc497b708
+ * cipher/rijndael-padlock.c (do_padlock): Change ESI/EDI/ECX to use
+ read/write operands as XCRYPT instruction modifies these registers.
+
+2017-06-16 Werner Koch <wk@gnupg.org>
+
+ random: Make rndjent.c NTG.1 compliant.
+ + commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9
+ * random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.
+
+ md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512.
+ + commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f
+ * cipher/sha256.c (_gcry_sha256_hash_buffer): New.
+ (_gcry_sha256_hash_buffers): New.
+ * cipher/sha512.c (_gcry_sha512_hash_buffer): New.
+ (_gcry_sha512_hash_buffers): New.
+ * cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
+ (_gcry_md_hash_buffers): Ditto.
+
+ random: Allow building rndjent.c with stats collecting enabled.
+ + commit ee3a74f5539cbc5182ce089994e37c16ce612149
+ * random/rndjent.c: Change license to the one used by jitterentropy.h.
+ (jent_init_statistic): New.
+ (jent_bit_count): New.
+ (jent_statistic_copy_stat): new.
+ (jent_calc_statistic): New.
+
+ New global config option "only-urandom".
+ + commit 8f6082e95f30c1ba68d2de23da90146f87f0c66c
+ * random/rand-internal.h (RANDOM_CONF_ONLY_URANDOM): New.
+ * random/random.c (_gcry_random_read_conf): Add option "only-urandom".
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Implement that
+ option.
+ * tests/keygen.c (main): Add option --no-quick for better manual
+ tests.
+
+ Implement global config file /etc/gcrypt/random.conf.
+ + commit b05a4abc358b204dba343d9cfbd59fdc828c1686
+ * src/hwfeatures.c (my_isascii): Move macro to ...
+ * src/g10lib.h: here.
+ * tests/random.c (main): Dump random stats.
+ * random/random.c (RANDOM_CONF_FILE): New.
+ (_gcry_random_read_conf): New.
+ (_gcry_random_dump_stats): Call rndjent stats.
+ * random/rndjent.c (jent_rng_totalcalls, jent_rng_totalbytes): New.
+ (_gcry_rndjent_poll): Take care of config option disable-jent. Wipe
+ buffer. Bump counters.
+ (_gcry_rndjent_dump_stats): New.
+
+2017-06-14 Werner Koch <wk@gnupg.org>
+
+ random: Add jitter RND based entropy collector.
+ + commit f5e7763ddca59dcd9ac9f2f4d50cb41b14a34a9e
+ * random/rndjent.c: New.
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Use rndjent.
+ * random/rndw32.c (_gcry_rndw32_gather_random): Use rndjent.
+ (slow_gatherer): Fix compiler warning.
+ * random/Makefile.am (librandom_la_SOURCES): Add rndjent.c
+ (EXTRA_librandom_la_SOURCES): Add jitterentropy-base.c and
+ jitterentropy.h.
+ (rndjent.o, rndjent.lo): New rules.
+ * configure.ac: New option --disbale-jent-support
+ (ENABLE_JENT_SUPPORT): New ac-define.
+
+ cipher: New helper function rol64.
+ + commit 6c882fb1fdb6c7cba2215fa7391110d63e24b9dc
+ * cipher/bithelp.h (rol64): New inline functions.
+
+ New hardware feature flag HWF_INTEL_RDTSC.
+ + commit 06f303a633ea2b992259688bef2b023c3f388f73
+ * src/g10lib.h (HWF_INTEL_RDTSC): New.
+ * src/hwfeatures.c (hwflist): Add "intel-rdtsc".
+ * src/hwf-x86.c (detect_x86_gnuc): Get EDX features and test for TSC.
+
+ random: Changes to original Jitter RNG implementation.
+ + commit a44c45675f8b631e11048a540bb1fbb7a022ebb4
+ * random/jitterentropy-base.c: Change double underscore symbols and
+ make all functions static.
+ * random/jitterentropy.h: Likewise.
+
+2017-06-13 Stephan Mueller <smueller@chronox.de>
+
+ random: Add original Jitter RNG implementation.
+ + commit f0ae18ecf48fbe2da0b9fb3f354d0dd3173d91d3
+ * random/jitterentropy-base-user.h: New.
+ * random/jitterentropy-base.c: New.
+ * random/jitterentropy.h: New.
+
+2017-06-08 Werner Koch <wk@gnupg.org>
+
+ build: Fix ChangeLog building for builds from other worktrees.
+ + commit cdfd7ea72a44657f037dd0dbba6e5ea0c2b344aa
+ * Makefile.am (gen-ChangeLog): Test for existance of ".git" regardless
+ on whether it is a file or directory.
+
+2017-06-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ secmem: Fix SEGV and stat calculation.
+ + commit e0958debe1a7db1bec1283115cdc6a14bf3b43e5
+ * src/secmem (init_pool): Care about the header size.
+ (_gcry_secmem_malloc_internal): Likewise.
+ (_gcry_secmem_malloc_internal): Use mb->size for stats.
+
+2017-06-01 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
+
+ ecc: Store EdDSA session key in secure memory.
+ + commit 5a22de904a0a366ae79f03ff1e13a1232a89e26b
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
+ session key.
+
+2017-05-31 Werner Koch <wk@gnupg.org>
+
+ api: Deprecate gcry_md_info.
+ + commit 45c39340c9926c2c5801dbab7609687c41e9ff1f
+
+
+2017-05-30 Werner Koch <wk@gnupg.org>
+
+ mpi: Distribute asm files for aarch64 and asm.
+ + commit c65f9558f12ffa2810538ef616e71b4052dacb81
+ * mpi/aarch64/distfiles: New.
+ * mpi/arm/distfiles: New.
+
+ mpi: Distribute asm definitions for amd64.
+ + commit 87e481137debabb7f989d7fa9b1c21c336e10c98
+ * mpi/amd64/distfiles: Add mpi-asm-defs.h.
+
+2017-05-23 Werner Koch <wk@gnupg.org>
+
+ cipher: Fix compiler warnings.
+ + commit d764c9894013727ff82eb194da6030209c273528
+ * cipher/poly1305.c (poly1305_default_ops): Move to the top. Add
+ prototypes and compile only if USE_SSE2 is not defined.
+ (poly1305_init_ext_ref32): Compile only if USE_SSE2 is not defined.
+ (poly1305_blocks_ref32): Ditto.
+ (poly1305_finish_ext_ref32): Ditto.
+
+ doc: Comment fixes.
+ + commit c1bb3d9fdb6fe5f336af1d5a03fc42bfdc1f8b0b
+
+
+2017-05-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-ssse3: fix functions calls from assembly blocks.
+ + commit 4cd94994a9abec9b92fa5972869baf089a28fa76
+ * cipher/rijndael-ssse3-amd64.c (PUSH_STACK_PTR, POP_STACK_PTR): New.
+ (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
+ (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+ (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Use PUSH_STACK_PTR and
+ POP_STACK_PTR.
+
+ chacha20-armv7-neon: fix to use fast code path when memory is aligned.
+ + commit 68861ae5d3e007d7a39f14ea27dc3dd8ef13ba02
+ * cipher/chacha20-armv7-neon.S (UNALIGNED_LDMIA4): Uncomment
+ instruction for jump to aligned code path.
+
+ Move data in AMD64 assembly to text section.
+ + commit 1a094bc5b2aa730833faf593a931d4e5d7f9ab4d
+ * cipher/camellia-aesni-avx-amd64.S: Move data to .text section to
+ ensure that RIP relative addressing of data will work.
+ * cipher/camellia-aesni-avx2-amd64.S: Ditto.
+ * cipher/chacha20-avx2-amd64.S: Ditto.
+ * cipher/chacha20-ssse3-amd64.S: Ditto.
+ * cipher/des-amd64.S: Ditto.
+ * cipher/serpent-avx2-amd64.S: Ditto.
+ * cipher/sha1-avx-amd64.S: Ditto.
+ * cipher/sha1-avx-bmi2-amd64.S: Ditto.
+ * cipher/sha1-ssse3-amd64.S: Ditto.
+ * cipher/sha256-avx-amd64.S: Ditto.
+ * cipher/sha256-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha256-ssse3-amd64.S: Ditto.
+ * cipher/sha512-avx-amd64.S: Ditto.
+ * cipher/sha512-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha512-ssse3-amd64.S: Ditto.
+
+ cast5-amd64: use 64-bit relocation with large PIC memory model.
+ + commit ff02fca39c83bcf30c79368611ac65e273e77f6c
+ * cipher/cast5-amd64.S [__code_model_large__]
+ (GET_EXTERN_POINTER): New.
+
+2017-05-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix building with x86-64 medium and large memory models.
+ + commit 434d4f2af39033fc626044ba9a060da298522293
+ * cipher/cast5-amd64.S [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+ (GET_EXTERN_POINTER): Load 64-bit address instead of 32-bit.
+ * cipher/rijndael.c (do_encrypt, do_decrypt)
+ [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Load
+ table pointer through register instead of generic reference.
+
+2017-04-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Simplify mpi_powm.
+ + commit 719468e53133d3bdf12156c5bfdea2bf15f9f6f1
+ * mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.
+
+2017-03-08 Justus Winter <justus@g10code.com>
+
+ build: Use macOS' compatibility macros to enable all features.
+ + commit 654024081cfa103c87bb163b117ea3568171d408
+ * configure.ac: On macOS, use the compatibility macros to expose every
+ feature of the libc. This is the equivalent of _GNU_SOURCE on GNU
+ libc.
+
+2017-02-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add BLAKE2b and BLAKE2s hash algorithms (RFC 7693)
+ + commit 5bd530b8a4624f101b8d42e68f1b28bcc13f4f76
+ * cipher/blake2.c: New.
+ * cipher/Makefile.am: Add 'blake2.c'.
+ * cipher/md.c (digest_list, prepare_macpads): Add BLAKE2.
+ (md_setkey): New.
+ (_gcry_md_setkey): Call 'md_setkey' for non-HMAC md.
+ * configure.ac: Add BLAKE2 digest.
+ * doc/gcrypt.texi: Add BLAKE2.
+ * src/cipher.h (_gcry_blake2_init_with_key)
+ (_gcry_digest_spec_blake2b_512, _gcry_digest_spec_blake2b_384)
+ (_gcry_digest_spec_blake2b_256, _gcry_digest_spec_blake2b_160)
+ (_gcry_digest_spec_blake2s_256, _gcry_digest_spec_blake2s_224)
+ (_gcry_digest_spec_blake2s_160, _gcry_digest_spec_blake2s_128): New.
+ * src/gcrypt.h.in (GCRY_MD_BLAKE2B_512, GCRY_MD_BLAKE2B_384)
+ (GCRY_MD_BLAKE2B_256, GCRY_MD_BLAKE2B_160, GCRY_MD_BLAKE2S_256)
+ (GCRY_MD_BLAKE2S_224, GCRY_MD_BLAKE2S_160, GCRY_MD_BLAKE2S_128): New.
+ * tests/basic.c (check_one_md): Add testing for keyed hashes.
+ (check_digests): Add BLAKE2 test vectors; Add testing for keyed hashes.
+ * tests/blake2b.h: New.
+ * tests/blake2s.h: New.
+ * tests/Makefile.am: Add 'blake2b.h' and 'blake2s.h'.
+
+ Fix building with clang on ARM64/FreeBSD.
+ + commit da213db2c6cda6f57e5853e8c591d69bfa1cfa74
+ * cipher/cipher-gcm-armv8-aarch64-ce.S: Use '.cpu generic+simd+crypto'
+ instead of '.arch armv8-a+crypto'.
+ * cipher/rijndael-armv8-aarch64-ce.S: Ditto.
+ * cipher/sha1-armv8-aarch64-ce.S: Ditto.
+ * cipher/sha256-armv8-aarch64-ce.S: Ditto.
+ * configure.ac (gcry_cv_gcc_inline_asm_aarch64_neon): Ditto.
+ (gcry_cv_gcc_inline_asm_aarch64_crypto): Ditto; and include NEON
+ instructions to crypto instructions check.
+
+2017-02-07 Justus Winter <justus@g10code.com>
+
+ Fix building with a pre C99 compiler.
+ + commit 75d91ffeaf83098ade325bb3b6b2c8a76eb1f6a6
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt): Move the
+ declaration of 'i' out of the loop.
+ (_gcry_cipher_cfb8_decrypt): Likewise.
+
+2017-02-04 Mathias L. Baumann <mathias.baumann_at_sociomantic.com>
+
+ Implement CFB with 8-bit mode.
+ + commit d1ee9a660571ce4a998c9ab2299d4f2419f99127
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt)
+ (_gcry_cipher_cfg8_decrypt): Add 8-bit variants of decrypt/encrypt
+ functions.
+ * cipher/cipher-internal.h (_gcry_cipher_cfb8_encrypt)
+ (_gcry_cipher_cfg8_decrypt): Ditto.
+ * cipher/cipher.c: Adjust code flow to work with GCRY_CIPHER_MODE_CFB8.
+ * tests/basic.c: Add tests for cfb8 with AES and 3DES.
+
+2017-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rndhw: add missing "memory" clobbers.
+ + commit c67c728478e8f47b6e8296b643fd35d66d4a1052
+ * random/rndhw.c: (poll_padlock, rdrand_long): Add "memory" to asm
+ clobbers.
+
+ Add UNLIKELY and LIKELY macros.
+ + commit 4b7451d3e8e7b87d8e407fbbd924ad5b13bd0f00
+ * src/g10lib.h (LIKELY, UNLIKELY): New.
+ (gcry_assert): Use LIKELY for assert check.
+ (fast_wipememory2_unaligned_head): Use UNLIKELY for unaligned
+ branching.
+ * cipher/bufhelp.h (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst)
+ (buf_xor_n_copy_2): Ditto.
+
+ rndhw: avoid type-punching.
+ + commit 37b537600f33fcf8e1c8dc2c658a142fbba44199
+ * random/rndhw.c (rdrand_long, rdrand_nlong): Add 'volatile' for
+ pointer.
+ (poll_drng): Convert buffer to 'unsigned long[]' and make use of DIM
+ macro.
+
+2017-01-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ hwf-x86: avoid type-punching.
+ + commit 1407317a6112a23d4fec5827a9d74faef4196f66
+ * src/hwf-x86.c (detect_x86_gnuc): Use union for vendor_id.
+
+ cipher: add explicit blocksize checks to allow better optimization.
+ + commit efa9042f82ffed3d076b8e26ac62d29e00bb756a
+ * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
+ (_gcry_cipher_cbc_decrypt): Add explicit check for cipher blocksize of
+ 64-bit or 128-bit.
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
+ (_gcry_cipher_cfb_decrypt): Ditto.
+ * cipher/cipher-cmac.c (cmac_write, cmac_generate_subkeys)
+ (cmac_final): Ditto.
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Ditto.
+
+ bufhelp: use unaligned dword and qword types for endianess helpers.
+ + commit e7b941c3de9c9b6319298c02f844cc0cadbf8562
+ * cipher/bufhelp.h (BUFHELP_UNALIGNED_ACCESS): New, defined
+ if attributes 'packed', 'aligned' and 'may_alias' are supported.
+ (BUFHELP_FAST_UNALIGNED_ACCESS): Define if have
+ BUFHELP_UNALIGNED_ACCESS.
+
+ rijndael-aesni: fix u128_t strict-aliasing rule breaking.
+ + commit 92b4a29d2453712192ced2d7226abc49679dcb1e
+ * cipher/rijndael-aesni.c (u128_t): Add attributes to tell GCC and clang
+ that casting from 'char *' to 'u128_t *' is ok.
+
+ cipher-xts: fix pointer casting to wrong alignment and aliasing.
+ + commit 4f31d816dcc1e95dc647651e92acbdfed53f5c14
+ * cipher/cipher-xts.c (xts_gfmul_byA, xts_inc128): Use buf_get_le64
+ and buf_put_le64 for accessing data; Change parameter pointers to
+ 'unsigned char *' type.
+ (_gcry_cipher_xts_crypt): Do not cast buffer pointers to 'u64 *'
+ for helper functions.
+
+ crc-intel-pclmul: fix undefined behavior with unaligned access.
+ + commit 55cf1b5588705cab5f45e2817c4aa1d204dc0042
+ * cipher/crc-intel-pclmul.c (u16_unaligned_s): New.
+ (crc32_reflected_less_than_16, crc32_less_than_16): Use
+ 'u16_unaligned_s' for unaligned memory access.
+
+ configure.ac: fix attribute checks.
+ + commit b29b1b9f576f501d4b993be0a751567045274a1a
+ * configure.ac: Add -Werror flag for attribute checks.
+
+ configure.ac: fix may_alias attribute check.
+ + commit 136c8416ea540dd126be3997d94d7063b3aaf577
+ * configure.ac: Test may_alias attribute on type, not on variable.
+
+ bufhelp: add 'may_alias' attribute for properly aligned 'bufhelp_int_t'
+ + commit d1ae52a0e23308f33b78cffeba56005b687f23c0
+ * cipher/bufhelp.h [!BUFHELP_FAST_UNALIGNED_ACCESS]
+ (bufhelp_int_t): Add 'may_alias' attribute.
+
+2017-01-27 Werner Koch <wk@gnupg.org>
+
+ w32: New envvar GCRYPT_RNDW32_DBG.
+ + commit a351fbde8548ce3f57298c618426f043844fbc78
+ * random/rndw32.c (_gcry_rndw32_gather_random): Use getenv to set
+ DEBUG_ME.
+
+2017-01-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-ssse3-amd64: fix building on x32.
+ + commit 39b9302da5d08bd52688d20befe626fee0b6c41d
+ * cipher/rijndael-ssse3-amd64.c: Use 64-bit call instructions
+ with 64-bit registers.
+
+ bufhelp: use 'may_alias' attribute unaligned pointer types.
+ + commit bf9e0b79e620ca2324224893b07522462b125412
+ * configure.ac (gcry_cv_gcc_attribute_may_alias)
+ (HAVE_GCC_ATTRIBUTE_MAY_ALIAS): New check for 'may_alias' attribute.
+ * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only if
+ HAVE_GCC_ATTRIBUTE_MAY_ALIAS is defined.
+ [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_int_t, bufhelp_u32_t)
+ (bufhelp_u64_t): Add 'may_alias' attribute.
+ * src/g10lib.h (fast_wipememory_t): Add HAVE_GCC_ATTRIBUTE_MAY_ALIAS
+ defined check; Add 'may_alias' attribute.
+
+2017-01-18 Werner Koch <wk@gnupg.org>
+
+ random: Call getrandom before select and emitting a progress callback.
+ + commit 623aab8a940ea61afe3fef650ad485a755ed9fe7
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Move the getrandom
+ call before the select.
+
+2017-01-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ mpi: amd64: fix too large jump alignment in mpih-rshift.
+ + commit ddcfe31e2425e88b280e7cdaf3f0eaaad8ccc023
+ * mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Use 16-byte alignment
+ with 'ALIGN(4)' instead of 256-byte.
+
+ rijndael-ssse3: move assembly functions to separate source-file.
+ + commit 54c57bc49edb5c00e9ed8103cc4837bb72c5e863
+ * cipher/Makefile.am: Add 'rinjdael-ssse3-amd64-asm.S'.
+ * cipher/rinjdael-ssse3-amd64-asm.S: Moved assembly functions
+ here ...
+ * cipher/rinjdael-ssse3-amd64.c: ... from this file.
+ (_gcry_aes_ssse3_enc_preload, _gcry_aes_ssse3_dec_preload)
+ (_gcry_aes_ssse3_shedule_core, _gcry_aes_ssse3_encrypt_core)
+ (_gcry_aes_ssse3_decrypt_core): New.
+ (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
+ (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+ (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Update to use external
+ assembly functions; remove 'aes_const_ptr' variable usage.
+ (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_decrypt)
+ (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc)
+ (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec)
+ (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec)
+ (_gcry_aes_ssse3_ocb_auth): Remove 'aes_const_ptr' variable usage.
+ * configure.ac: Add 'rinjdael-ssse3-amd64-asm.lo'.
+
+ Add AVX2/vpgather bulk implementation of Twofish.
+ + commit c59a8ce51ceb9a80169c44ef86a67e95cf8528c3
+ * cipher/Makefile.am: Add 'twofish-avx2-amd64.S'.
+ * cipher/twofish-avx2-amd64.S: New.
+ * cipher/twofish.c (USE_AVX2): New.
+ (TWOFISH_context) [USE_AVX2]: Add 'use_avx2' member.
+ (ASM_FUNC_ABI): New.
+ (twofish_setkey): Add check for AVX2 and fast VPGATHER HW features.
+ (_gcry_twofish_avx2_ctr_enc, _gcry_twofish_avx2_cbc_dec)
+ (_gcry_twofish_avx2_cfb_dec, _gcry_twofish_avx2_ocb_enc)
+ (_gcry_twofish_avx2_ocb_dec, _gcry_twofish_avx2_ocb_auth): New.
+ (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec)
+ (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Add AVX2 bulk
+ handling.
+ (selftest_ctr, selftest_cbc, selftest_cfb): Increase nblocks from
+ 3+X to 16+X.
+ * configure.ac: Add 'twofish-avx2-amd64.lo'.
+ * src/g10lib.h (HWF_INTEL_FAST_VPGATHER): New.
+ * src/hwf-x86.c (detect_x86_gnuc): Add detection for
+ HWF_INTEL_FAST_VPGATHER.
+ * src/hwfeatures.c (HWF_INTEL_FAST_VPGATHER): Add
+ "intel-fast-vpgather" for HWF_INTEL_FAST_VPGATHER.
+
+ Add XTS cipher mode.
+ + commit 232a129b1f915fc54881506e4b07c89cf84932e6
+ * cipher/Makefile.am: Add 'cipher-xts.c'.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add 'bulk.xts_crypt'
+ and 'u_mode.xts' members.
+ (_gcry_cipher_xts_crypt): New prototype.
+ * cipher/cipher-xts.c: New.
+ * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
+ (cipher_reset, cipher_encrypt, cipher_decrypt): Add XTS mode handling.
+ * doc/gcrypt.texi: Add XTS mode to documentation.
+ * src/gcrypt.h.in (GCRY_CIPHER_MODE_XTS, GCRY_XTS_BLOCK_LEN): New.
+ * tests/basic.c (do_check_xts_cipher, check_xts_cipher): New.
+ (check_bulk_cipher_modes): Add XTS test-vectors.
+ (check_one_cipher_core, check_one_cipher, check_ciphers): Add XTS
+ testing support.
+ (check_cipher_modes): Add XTS test.
+ * tests/bench-slope.c (bench_xts_encrypt_init)
+ (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench)
+ (xts_encrypt_ops, xts_decrypt_ops): New.
+ (cipher_modes, cipher_bench_one): Add XTS.
+ * tests/benchmark.c (cipher_bench): Add XTS testing.
+
+2017-01-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael-ssse3: fix counter operand from read-only to read/write.
+ + commit aada604594fd42224d366d3cb98f67fd3b989cd6
+ * cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_ctr_enc): Change
+ 'ctrlow' operand from read-only to read-write.
+
+2017-01-03 Werner Koch <wk@gnupg.org>
+
+ Extend GCRYCTL_PRINT_CONFIG to print compiler version.
+ + commit 98b49695b1ffe3c406ae39a45051b8594f903b9d
+ * src/global.c (print_config): Print version of libgpg-error and used
+ compiler.
+
+ tests: Add option --disable-hwf to the version utility.
+ + commit 3582641469f1c74078f0d758c4d5458cc0ee5649
+ * src/hwfeatures.c (_gcry_disable_hw_feature): Rewrite to allow
+ passing a colon delimited feature set.
+ (parse_hwf_deny_file): Remove unused var I.
+ * tests/version.c (main): Add options --verbose and --disable-hwf.
+
+2016-12-15 Werner Koch <wk@gnupg.org>
+ Nicolas Porcel <nicolasporcel06@gmail.com>
+
+ Fix regression in broken mlock detection.
+ + commit 0a90f87799903a3fb97189ef7cba19e7b3534e1c
+ * acinclude.m4 (GNUPG_CHECK_MLOCK): Fix typo EGAIN->EAGAIN.
+
+2016-12-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ hwfeatures: add 'all' for disabling all hardware features.
+ + commit c83d0d2a26059cf471d09f5cb8e7fc5d76c4907b
+ * .gitignore: Add 'tests/basic-disable-all-hwf'.
+ * configure.ac: Ditto.
+ * tests/Makefile.am: Ditto.
+ * src/hwfeatures.c (_gcry_disable_hw_feature): Match 'all' for
+ masking all HW features off.
+ (parse_hwf_deny_file): Use '_gcry_disable_hw_feature' for matching.
+ * tests/basic-disable-all-hwf.in: New.
+
+ tests/hashtest-256g: add missing executable extension for Win32.
+ + commit 2b7b227b8a0bd5ff286258bc187782efac180a7e
+ * tests/hashtest-256g.in: Add @EXEEXT@.
+
+ OCB ARM CE: Move ocb_get_l handling to assembly part.
+ + commit 5c418e597f0f20a546d953161695e6caf1f57689
+ * cipher/rijndael-armv8-aarch32-ce.S: Add OCB 'L_{ntz(i)}' calculation.
+ * cipher/rijndael-armv8-aarch64-ce.S: Ditto.
+ * cipher/rijndael-armv8-ce.c (_gcry_aes_ocb_enc_armv8_ce)
+ (_gcry_aes_ocb_dec_armv8_ce, _gcry_aes_ocb_auth_armv8_ce)
+ (ocb_cryt_fn_t): Updated arguments.
+ (_gcry_aes_armv8_ce_ocb_crypt, _gcry_aes_armv8_ce_ocb_auth): Remove
+ 'ocb_get_l' handling and splitting input to 32 block chunks, instead
+ pass full buffers to assembly.
+
+ OCB: Move large L handling from bottom to upper level.
+ + commit 2d2e5286d53e1f62fe040dff4c6e01961f00afe2
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove.
+ (ocb_get_L_big): New.
+ (_gcry_cipher_ocb_authenticate): L-big handling done in upper
+ processing loop, so that lower level never sees the case where
+ 'aad_nblocks % 65536 == 0'; Add missing stack burn.
+ (ocb_aad_finalize): Add missing stack burn.
+ (ocb_crypt): L-big handling done in upper processing loop, so that
+ lower level never sees the case where 'data_nblocks % 65536 == 0'.
+ * cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove.
+ (ocb_get_l): Remove 'l_tmp' usage and simplify since input
+ is more limited now, 'N is not multiple of 65536'.
+ * cipher/rijndael-aesni.c (get_l): Remove.
+ (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove
+ l_tmp; Use 'ocb_get_l'.
+ * cipher/rijndael-ssse3-amd64.c (get_l): Remove.
+ (ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove
+ l_tmp; Use 'ocb_get_l'.
+ * cipher/camellia-glue.c: Remove OCB l_tmp usage.
+ * cipher/rijndael-armv8-ce.c: Ditto.
+ * cipher/rijndael.c: Ditto.
+ * cipher/serpent.c: Ditto.
+ * cipher/twofish.c: Ditto.
+
+ OCB: remove 'int64_t' usage.
+ + commit 161d339f48c03be7fd0f4249d730f7f1767ef8e4
+ * cipher/cipher-ocb.c (double_block): Use alternative way to generate
+ sign-bit mask, without 'int64_t'.
+
+ random-drbg: use bufhelp function for big-endian store.
+ + commit 0b03b658bebc69a84d87ef13f9b60a27b0c42305
+ * random/random-drbg.c (drbg_cpu_to_be32): Remove.
+ (drbg_ctr_df, drbg_hash_df): Use 'buf_put_be32' instead of
+ 'drbg_cpu_to_be32'.
+
+2016-12-09 Werner Koch <wk@gnupg.org>
+
+ Improve handling of mlock error codes.
+ + commit 618b8978f46f4011c11512fd5f30c15e01652e2e
+ * acinclude.m4 (GNUPG_CHECK_MLOCK): Check also for EAGAIN which is a
+ legitimate return code and does not indicate a broken mlock().
+ * src/secmem.c (lock_pool_pages): Test ERR instead of ERRNO which
+ could have been overwritten by cap_from+text et al.
+
+2016-12-08 Stephan Mueller <smueller@chronox.de>
+
+ random: Eliminate unneeded memcpy invocations in the DRBG.
+ + commit 656395ba4cf34f42dda3a120bda3ed1220755a3d
+ * random/random-drbg.c (drbg_hash): Remove arg 'outval' and return a
+ pointer instead.
+ (drbg_instantiate): Reduce size of scratchpad.
+ (drbg_hmac_update): Avoid use of scratch buffers for the hash.
+ (drbg_hmac_generate, drbg_hash_df): Ditto.
+ (drbg_hash_process_addtl): Ditto.
+ (drbg_hash_hashgen): Ditto.
+ (drbg_hash_generate): Ditto.
+
+ random: Add performance improvements for the DRBG.
+ + commit 20886fdcb841b0bf89bb1d44303d42f1804e38cb
+ * random/random-drbg.c (struct drbg_state_ops_s): New function
+ pointers 'crypto_init' and 'crypto-fini'.
+ (struct drbg_state_s): New fields 'priv_data', 'ctr_handle', and
+ 'ctr_null'.
+ (drbg_hash_init, drbg_hash_fini): New.
+ (drbg_hmac_init, drbg_hmac_setkey): New.
+ (drbg_sym_fini, drbg_sym_init, drbg_sym_setkey): New.
+ (drbg_sym_ctr): New.
+ (drbg_ctr_bcc): Set the key.
+ (drbg_ctr_df): Ditto.
+ (drbg_hmac_update): Ditto.
+ (drbg_hmac_generate): Replace drgb_hmac by drbg_hash.
+ (drbg_hash_df): Ditto.
+ (drbg_hash_process_addtl): Ditto.
+ (drbg_hash_hashgen): Ditto.
+ (drbg_ctr_update): Rework.
+ (drbg_ctr_generate): Rework.
+ (drbg_ctr_ops): Init new functions pointers.
+ (drbg_uninstantiate): Call fini function.
+ (drbg_instantiate): Call init function.
+
+ cipher: New function for reading the counter in CTR mode.
+ + commit 227099f179df9dcf083d0ef6be9883c775df0874
+ * cipher/cipher.c (gcry_cipher_getctr): New.
+
+2016-12-07 Werner Koch <wk@gnupg.org>
+
+ Document the overflow pools and add a stupid test case.
+ + commit 95bac312644ad45e486c94c2efd25d0748b9a20b
+ * tests/t-secmem.c (test_secmem_overflow): New func.
+ (main): Disable warning and call new function.
+
+ Implement overflow secmem pools for xmalloc style allocators.
+ + commit b6870cf25c0b1eb9c127a94af8326c446421a472
+ * src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and
+ cur_blocks.
+ (cur_alloced, cur_blocks): Remove vars.
+ (ptr_into_pool_p): Make it inline.
+ (stats_update): Add arg pool and update the new pool specific
+ counters.
+ (_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow
+ pools as needed.
+ (_gcry_secmem_malloc): Pass XHINTS along.
+ (_gcry_secmem_realloc_internal): Ditto.
+ (_gcry_secmem_realloc): Ditto.
+ (_gcry_secmem_free_internal): Take multiple pools in account. Add
+ return value to indicate whether the arg was freed.
+ (_gcry_secmem_free): Add return value to indicate whether the arg was
+ freed.
+ (_gcry_private_is_secure): Take multiple pools in account.
+ (_gcry_secmem_term): Release all pools.
+ (_gcry_secmem_dump_stats): Print stats for all pools.
+ * src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure
+ test with a direct call of _gcry_secmem_free to avoid double checking.
+
+ Give the secmem allocators a hint when a xmalloc calls them.
+ + commit b7df907dca4d525f8930c533b763ffce44ceed87
+ * src/secmem.c (_gcry_secmem_malloc): New not yet used arg XHINT.
+ (_gcry_secmem_realloc): Ditto.
+ * src/stdmem.c (_gcry_private_malloc_secure): New arg XHINT to be
+ passed to the secmem functions.
+ (_gcry_private_realloc): Ditto.
+ * src/g10lib.h (GCRY_ALLOC_FLAG_XHINT): New.
+ * src/global.c (do_malloc): Pass this flag as XHINT to the private
+ allocator.
+ (_gcry_malloc_secure): Factor code out to ...
+ (_gcry_malloc_secure_core): this. Add arg XHINT.
+ (_gcry_realloc): Factor code out to ...
+ (_gcry_realloc_core): here. Add arg XHINT.
+ (_gcry_strdup): Factor code out to ...
+ (_gcry_strdup_core): here. Add arg XHINT.
+ (_gcry_xrealloc): Use the core function and pass true for XHINT.
+ (_gcry_xmalloc_secure): Ditto.
+ (_gcry_xstrdup): Ditto.
+
+ tests: New test t-secmem.
+ + commit e366c19b34922c770af82cd035fd815680b29dee
+ * src/secmem.c (_gcry_secmem_dump_stats): Add arg EXTENDED and adjust
+ caller.
+ * src/gcrypt-testapi.h (PRIV_CTL_DUMP_SECMEM_STATS): New.
+ * src/global.c (_gcry_vcontrol): Implement that.
+ * tests/t-secmem.c: New.
+ * tests/Makefile.am (tests_bin): Add that test.
+
+2016-12-06 Werner Koch <wk@gnupg.org>
+
+ Fix compiler warning about possible-NULL-dreference.
+ + commit 995ce697308320c6a52a307f83dc49eeb8d784b4
+ * src/mpi.h (mpi_is_const, mpi_is_immutable): Do check arg before
+ deref-ing. The are only used at places where the arg shall not be NULL.
+
+ Fix possible NULL-deref in gcry_log_debugsxp.
+ + commit 984a97f0750f812f0ad3c343ee6a67560953a504
+ * src/misc.c (_gcry_log_printsxp): Prevent passing NULL to strlen.
+
+ Reorganize code in secmem.c.
+ + commit 603f479a919311f720a05da738150c2192d5e562
+ * src/secmem.c (pooldesc_t): New type to collect information about one
+ pool.
+ (pool_size): Remove. Now a member of pooldesc_t.
+ (pool_okay): Ditto.
+ (pool_is_mmapped): Ditto.
+ (pool): Rename variable ...
+ (mainpool): And change type to pooldesc_t.
+ (ptr_into_pool_p): Add arg 'pool'.
+ (mb_get_next): Ditto.
+ (mb_get_prev): Ditto.
+ (mb_merge): Ditto.
+ (mb_get_new): Ditto.
+ (init_pool): Ditto.
+ (lock_pool): Rename to ...
+ (look_pool_pages: this.
+ (secmem_init): Rename to ...
+ (_gcry_secmem_init_internal): this. Add local var POOL and init with
+ address of MAINPOOL.
+ (_gcry_secmem_malloc_internal): Add local var POOL and init with
+ address of MAINPOOL.
+ (_gcry_private_is_secure): Ditto.
+ (_gcry_secmem_term): Ditto.
+ (_gcry_secmem_dump_stats): Ditto.
+ (_gcry_secmem_free_internal): Ditto. Remove check for NULL arg.
+ (_gcry_secmem_free): Add check for NULL arg before taking the lock.
+ (_gcry_secmem_realloc): Factor most code out to ...
+ (_gcry_secmem_realloc_internal): this.
+
+2016-11-28 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ tests: Add PBKDF2 tests for Stribog512.
+ + commit a0580d446fef648a177ca4ab060d0e449780db84
+ * tests/t-kdf.c (check_pbkdf2): Add Stribog512 test cases from TC26's
+ additions to PKCS#5.
+
+ tests: Add Stribog HMAC tests from TC26ALG.
+ + commit fe6077e6ee8565bfcc91bad14a73e68f45b3c32b
+ * tests/basic.c (check_mac): add HMAC test vectors from TC26ALG document
+ for Stribog.
+
+ cipher: Add Stribog OIDs from TC26 space.
+ + commit ccffacaf6c3abe6120a0898db922981d28ab7af2
+ * cipher/stribog.c (oid_spec_stribog256, oid_spec_stribog512): New.
+
+2016-11-25 Justus Winter <justus@g10code.com>
+
+ tests: Fix memory leak.
+ + commit 5530a8234d703ce9b685f78fb6e951136eb0aeb2
+ * tests/basic.c (check_gost28147_cipher): Free cipher handles.
+
+2016-11-25 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Cast oid argument of gcry_cipher_set_sbox to disable compiler warning.
+ + commit 1a67e3195896704f8b3ba09e3db1214bab834491
+ * src/gcrypt.h.in (gcry_cipher_set_sbox): Cast oid to (void *).
+
+ gost: Rename tc26 s-box from A to Z.
+ + commit dc8ceb8d2dfef949f3afa14fc75f9de8cd07c7ad
+ * cipher/gost-s-box.c (gost_sboxes): Rename TC26_A to TC26_Z as it is
+ the name that ended up in all standards.
+
+ tests: Add test to verify GOST 28147-89 against known results.
+ + commit 4f5c26c73c66daf2e4aff966e43c22b2db7e0138
+ * tests/basic.c (check_gost28147_cipher): new test function.
+
+2016-11-17 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ cipher/gost28147: Fix CryptoPro-B S-BOX.
+ + commit 5ca63c92825453fdb369a97bbc19cb95b49b4296
+ * cipher/gost-s-box.c: CryptoPro_B s-box missed one line, resulting in
+ incorrect encryption/decryption using that s-box. Add missing data.
+
+2016-11-12 Werner Koch <wk@gnupg.org>
+
+ Put blocking calls into Libgpg-error's system call clamp.
+ + commit b829dfe9f0eeff08c956ba3f3a6b559b9d2199dd
+ * src/gcrypt.h.in (GCRYCTL_REINIT_SYSCALL_CLAMP): New.
+ * configure.ac: Require Libgpg-error 1.25. Set version number to
+ 1.8.0.
+ * src/gcrypt-int.h: Remove error code emulation.
+ * src/global.c (pre_syscall_func, post_syscall_func): New.
+ (global_init): Call gpgrt_get_syscall_clamp.
+ (_gcry_vcontrol) <GCRYCTL_REINIT_SYSCALL_CLAMP>: Ditto.
+ (_gcry_pre_syscall, _gcry_post_syscall): New.
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Use the new
+ functions.
+
+2016-11-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ cipher: Fix IDEA cipher for clearing memory.
+ + commit bf6d5b10cb4173826f47ac080506b68bb001acb2
+ * cipher/idea.c (invert_key): Use wipememory, since this kind of memset
+ may be removed by compiler optimization.
+
+2016-10-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ GCM: Add bulk processing for ARMv8/AArch64 implementation.
+ + commit bfd732f53a9b5dfe14217a68a0fa289bf6913ec0
+ * cipher/cipher-gcm-armv8-aarch64-ce.S: Add 6 blocks bulk processing.
+
+ GCM: Add bulk processing for ARMv8/AArch32 implementation.
+ + commit 27747921cb1dfced83c5666cd1c474764724c52b
+ * cipher/cipher-gcm-armv8-aarch32-ce.S: Add 4 blocks bulk processing.
+ * tests/basic.c (check_digests): Print correct data length for "?"
+ tests.
+ (check_one_mac): Add large 1000000 bytes tests, when input is "!" or
+ "?".
+ (check_mac): Add "?" tests vectors for HMAC, CMAC, GMAC and POLY1305.
+
+2016-09-11 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Aarch64 assembly implementation of Twofish.
+ + commit 5418d9ca4c0e087fd6872ad350a996fe74880d86
+ * cipher/Makefile.am: Add 'twofish-aarch64.S'.
+ * cipher/twofish-aarch64.S: New.
+ * cipher/twofish.c: Enable USE_ARM_ASM if __AARCH64EL__ and
+ HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
+ * configure.ac [host=aarch64]: Add 'twofish-aarch64.lo'.
+
+2016-09-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Aarch64 assembly implementation of Camellia.
+ + commit de73a2e7237ba7c34ce48bb5fb671aa3993de832
+ * cipher/Makefile.am: Add 'camellia-aarch64.S'.
+ * cipher/camellia-aarch64.S: New.
+ * cipher/camellia-glue.c [USE_ARM_ASM][__aarch64__]: Set stack burn
+ size to zero.
+ * cipher/camellia.h: Enable USE_ARM_ASM if __AARCH64EL__ and
+ HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
+ * configure.ac [host=aarch64]: Add 'rijndael-aarch64.lo'.
+
+ Add ARMv8/AArch64 Crypto Extension implementation of AES.
+ + commit 4cd8d40d698564d24ece2af24546e34c58bf2961
+ * cipher/Makefile.am: Add 'rijndael-armv-aarch64-ce.S'.
+ * cipher/rijndael-armv8-aarch64-ce.S: New.
+ * cipher/rijndael-internal.h (USE_ARM_CE): Enable for ARMv8/AArch64.
+ * configure.ac: Add 'rijndael-armv-aarch64-ce.lo' and
+ 'rijndael-armv8-ce.lo' for ARMv8/AArch64.
+
+ Add ARMv8/AArch64 Crypto Extension implementation of GCM.
+ + commit 0b332c1aef03a735c1fb0df184f74d523deb2f98
+ * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch64-ce.S'.
+ * cipher/cipher-gcm-armv8-aarch64-ce.S: New.
+ * cipher/cipher-internal.h (GCM_USE_ARM_PMULL): Enable on
+ ARMv8/AArch64.
+
+ Add ARMv8/AArch64 Crypto Extension implementation of SHA-256.
+ + commit 2d4bbc0ad62c54bbdef77799f9db82d344b7219e
+ * cipher/Makefile.am: Add 'sha256-armv8-aarch64-ce.S'.
+ * cipher/sha256-armv8-aarch64-ce.S: New.
+ * cipher/sha256-armv8-aarch32-ce.S: Move round macros to correct
+ section.
+ * cipher/sha256.c (USE_ARM_CE): Enable on ARMv8/AArch64.
+ * configure.ac: Add 'sha256-armv8-aarch64-ce.lo'; Swap places for
+ 'sha512-arm.lo' and 'sha256-armv8-aarch32-ce.lo'.
+
+ Add ARMv8/AArch64 Crypto Extension implementation of SHA-1.
+ + commit e4eb03f56683317c908cb55be727832810dc8c72
+ * cipher/Makefile.am: Add 'sha1-armv8-aarch64-ce.S'.
+ * cipher/sha1-armv8-aarch64-ce.S: New.
+ * cipher/sha1.c (USE_ARM_CE): Enable on ARMv8/AArch64.
+ * configure.ac: Add 'sha1-armv8-aarch64-ce.lo'.
+
+2016-09-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add AArch64 assembly implementation of AES.
+ + commit 595251ad37bf1968261d7e781752513f67525803
+ * cipher/Makefile.am: Add 'rijndael-aarch64.S'.
+ * cipher/rijndael-aarch64.S: New.
+ * cipher/rijndael-internal.h: Enable USE_ARM_ASM if __AARCH64EL__ and
+ HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
+ * configure.ac (gcry_cv_gcc_aarch64_platform_as_ok): New check.
+ [host=aarch64]: Add 'rijndael-aarch64.lo'.
+
+2016-08-17 Werner Koch <wk@gnupg.org>
+
+ Release 1.7.3.
+ + commit f8241874971478bdcd2bc2082d901d05db7b256d
+ * configure.ac: Set LT version to C21/A1/R3.
+
+ random: Hash continuous areas in the csprng pool.
+ + commit 8dd45ad957b54b939c288a68720137386c7f6501
+ * random/random-csprng.c (mix_pool): Store the first hash at the end
+ of the pool.
+
+ random: Improve the diagram showing the random mixing.
+ + commit 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513
+ * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.
+
+2016-07-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ crc-intel-pclmul: split assembly block to ease register pressure.
+ + commit f38199dbc290003898a1799adc367265267784c2
+ * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
+ assembly block handling 4 byte input into multiple blocks.
+
+ rijndael-aesni: split assembly block to ease register pressure.
+ + commit a4d1595a2638db63ac4c73e722c8ba95fdd85ff7
+ * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
+ constraint for passing 'bige_addb' to assembly block; split
+ first inline assembly block into two parts.
+
+2016-07-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add ARMv8/AArch32 Crypto Extension implementation of AES.
+ + commit 05a4cecae0c02d2b4ee1cadd9c08115beae3a94a
+ * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
+ 'rijndael-armv-aarch32-ce.S'.
+ * cipher/rijndael-armv8-aarch32-ce.S: New.
+ * cipher/rijndael-armv8-ce.c: New.
+ * cipher/rijndael-internal.h (USE_ARM_CE): New.
+ (RIJNDAEL_context_s): Add 'use_arm_ce'.
+ * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
+ (_gcry_aes_armv8_ce_prepare_decryption)
+ (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
+ (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
+ (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
+ (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
+ (_gcry_aes_armv8_ce_ocb_auth): New.
+ (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
+ setup for ARM CE.
+ (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
+ (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
+ ARM CE support.
+ * configure.ac: Add 'rijndael-armv8-ce.lo' and
+ 'rijndael-armv8-aarch32-ce.lo'.
+
+ Add ARMv8/AArch32 Crypto Extension implementation of GCM.
+ + commit 962b15470663db11e5c35b86768f1b5d8e600017
+ * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
+ * cipher/cipher-gcm-armv8-aarch32-ce.S: New.
+ * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
+ (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
+ (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
+ (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
+ HWF_ARM_PULL HW feature flag is enabled.
+ * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.
+
+ Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
+ + commit 34c64eb03178fbfd34190148fec5a189df2b8f83
+ * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
+ * cipher/sha256-armv8-aarch32-ce.S: New.
+ * cipher/sha256.c (USE_ARM_CE): New.
+ (sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
+ [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
+ (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
+ (SHA256_CONTEXT): Add 'use_arm_ce'.
+ * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.
+
+ Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
+ + commit 3d6334f8d94c2a4df10eed203ae928298a4332ef
+ * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
+ * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
+ missing size.
+ * cipher/sha1-armv8-aarch32-ce.S: New.
+ * cipher/sha1.c (USE_ARM_CE): New.
+ (sha1_init): Check features for HWF_ARM_SHA1.
+ [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
+ (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
+ it.
+ * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
+ * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.
+
+ Add HW feature check for ARMv8 AArch64 and crypto extensions.
+ + commit eee78f6e1fbce7d54c43fb7efc5aa8be9f52755f
+ * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
+ module on 64-bit ARM.
+ (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
+ (gcry_cv_inline_asm_aarch64_neon)
+ (gcry_cv_gcc_inline_asm_aarch64_crypto): New.
+ * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
+ (HWF_ARM_PMULL): New.
+ * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
+ (feature_map_s): New.
+ [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
+ (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
+ [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
+ (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
+ (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
+ 'unsigned long'.
+ (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
+ (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
+ (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
+ * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
+ and 'arm-pmull'.
+
+2016-07-14 Werner Koch <wk@gnupg.org>
+
+ Release 1.7.2.
+ + commit be0bec7d9208b2f2d2ffce9cc2ca6154853e7e59
+ * configure.ac: Set LT version to C21/A1/R2.
+ * Makefile.am (distcheck-hook): New.
+
+2016-07-13 Werner Koch <wk@gnupg.org>
+
+ build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
+ + commit e535ea1bdc42309553007d60599d3147b8defe93
+ * build-aux/config.guess: Update.
+ * build-aux/config.sub: Update.
+
+2016-07-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix unaligned accesses with ldm/stm in ChaCha20 and Poly1305 ARM/NEON.
+ + commit 1111d311fd6452abd4080d1072c75ddb1b5a3dd1
+ * cipher/chacha20-armv7-neon.S (UNALIGNED_STMIA8)
+ (UNALIGNED_LDMIA4): New.
+ (_gcry_chacha20_armv7_neon_blocks): Use new helper macros instead of
+ ldm/stm instructions directly.
+ * cipher/poly1305-armv7-neon.S (UNALIGNED_LDMIA2)
+ (UNALIGNED_LDMIA4): New.
+ (_gcry_poly1305_armv7_neon_init_ext, _gcry_poly1305_armv7_neon_blocks)
+ (_gcry_poly1305_armv7_neon_finish_ext): Use new helper macros instead
+ of ldm instruction directly.
+
+2016-07-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ bench-slope: add unaligned buffer mode.
+ + commit 496790940753226f96b731a43d950bd268acd97a
+ * tests/bench-slope.c (unaligned_mode): New.
+ (do_slope_benchmark): Unalign buffer if in unaligned mode enabled.
+ (print_help, main): Add '--unaligned' parameter.
+
+2016-07-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix static build.
+ + commit cb79630ec567a5f2e03e5f863cda168faa7b8cc8
+ * tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'.
+
+2016-06-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Disallow encryption/decryption if key is not set.
+ + commit 07de9858032826f5a7b08c372f6bcc73bbb503eb
+ * cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not
+ NONE, make sure that key is set.
+ * cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear
+ 'marks.key' when reseting state.
+
+ Avoid unaligned accesses with ARM ldm/stm instructions.
+ + commit a6158a01a4d81a5d862e1e0a60bfd6063443311d
+ * cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always
+ compile with unaligned load/store code paths.
+ * cipher/sha512-arm.S: Ditto.
+
+ Fix non-PIC reference in PIC for poly1305/ARMv7-NEON.
+ + commit a09126242a51c4ea4564b0f70b808e4f27fe5a91
+ * cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New.
+ (_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER.
+
+ Fix wrong CPU feature #ifdef for SHA1/AVX.
+ + commit 4a983e3bef58b9d056517e25e0ab10b72d12ceba
+ * cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of
+ HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2.
+
+2016-06-30 Werner Koch <wk@gnupg.org>
+
+ random: Remove debug message about not supported getrandom syscall.
+ + commit 6965515c73632a088fb126a4a55e95121671fa98
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug
+ for getrandom error ENOSYS.
+
+2016-06-27 Werner Koch <wk@gnupg.org>
+
+ tests: Do not test SHAKE128 et al with gcry_md_hash_buffer.
+ + commit 4d634a098742ff425b324e9f2a67b9f62de09744
+ * tests/benchmark.c (md_bench): Do not test variable lengths algos
+ with the gcry_md_hash_buffer.
+
+ md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer.
+ + commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c
+ * cipher/md.c (md_read): Detect missing read function.
+ (_gcry_md_hash_buffers): Return an error.
+
+2016-06-25 Werner Koch <wk@gnupg.org>
+
+ ecc: Fix memory leak.
+ + commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a
+ * cipher/ecc.c (ecc_check_secret_key): Do not init point if already
+ set.
+
+ doc: Update yat2m.
+ + commit 1feb01940062a74c27230434fc3babdddca8caf4
+ * doc/yat2m.c: Update from Libgpg-error
+
+ tests: Add attributes to helper functions.
+ + commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9
+ * tests/t-common.h (die, fail, info): Add attributes.
+ * tests/random.c (die, inf): Ditto.
+ * tests/pubkey.c (die, fail, info): Add attributes.
+ * tests/fipsdrv.c (die): Add attribute.
+ (main): Take care of missing --key,--iv,--dt options.
+
+ Improve robustness and help lint.
+ + commit 5a5b055b81ee60a22a846bdf2031516b1c24df98
+ * cipher/rsa.c (rsa_encrypt): Check for !DATA.
+ * cipher/md.c (search_oid): Check early for !OID.
+ (md_copy): Use gpg_err_code_from_syserror. Replace chains of if(!err)
+ tests.
+ * cipher/cipher.c (search_oid): Check early for !OID.
+ * src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0.
+ * mpi/mpicoder.c (onecompl): Allow for A==NULL to help static
+ analyzers.
+
+ cipher: Improve fatal error message for bad use of gcry_md_read.
+ + commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac
+ * cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG.
+
+2016-06-16 Niibe Yutaka <gniibe@fsij.org>
+
+ ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM.
+ + commit b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d
+ * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify)
+ (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default
+ cofactor as 1, when not specified.
+
+ ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM.
+ + commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7
+ * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify)
+ (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default
+ cofactor as 1, when not specified.
+
+2016-06-15 Werner Koch <wk@gnupg.org>
+
+ Release 1.7.1.
+ + commit 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223
+
+
+ doc: Describe envvars.
+ + commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc
+ * doc/gcrypt.texi: Add chapter Configuration.
+
+ random: Change names of debug envvars.
+ + commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3
+ * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to
+ GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG.
+ * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to
+ GCRYPT_RNDW32_NOPERF.
+
+2016-06-14 Werner Koch <wk@gnupg.org>
+
+ cipher: Assign OIDs to the Serpent cipher.
+ + commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e
+ * cipher/serpent.c (serpent128_oids, serpent192_oids)
+ (serpent256_oids): New. Add them to the specs blow.
+ (serpent128_aliases): Add "SERPENT-128".
+ (serpent256_aliases, serpent192_aliases): New.
+
+ cipher: Assign OIDs to the Serpent cipher.
+ + commit 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4
+ * cipher/serpent.c (serpent128_oids, serpent192_oids)
+ (serpent256_oids): New. Add them to the specs blow.
+ (serpent128_aliases): Add "SERPENT-128".
+ (serpent256_aliases, serpent192_aliases): New.
+
+2016-06-08 Werner Koch <wk@gnupg.org>
+
+ rsa: Implement blinding also for signing.
+ + commit 1f769e3e8442bae2f1f73c656920bb2df70153c0
+ * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ...
+ (secret_blinded): new.
+ (rsa_sign): Use blinding by default.
+
+ random: Remove debug output for getrandom(2) output.
+ + commit 52cdfb1960808aaad48b5a501bbce0e3141c3961
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug
+ output.
+
+ Fix gcc portability on Solaris 9 SPARC boxes.
+ + commit b766ea14ad1c27d6160531b200cc70aaa479c6dc
+ * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
+
+2016-06-08 Jérémie Courrèges-Anglas <jca@wxcvbn.org>
+
+ Check for compiler SSE4.1 support in PCLMUL CRC code.
+ + commit dc76313308c184c92eb78452b503405b90fc7ebd
+ * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if
+ compiler supports PCLMUL *and* SSE4.1
+ * cipher/crc.c: Ditto
+ * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New.
+
+2016-06-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix ecc_verify for cofactor support.
+ + commit bd39eb9fba47dc8500c83769a679cc8b683d6c6e
+ * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h".
+
+2016-06-08 Werner Koch <wk@gnupg.org>
+
+ random: Try to use getrandom() instead of /dev/urandom (Linux only).
+ + commit c05837211e5221d3f56146865e823bc20b4ff1ab
+ * configure.ac: Check for syscall.
+ * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
+ (_gcry_rndlinux_gather_random): Use getrandom is available.
+
+2016-06-03 Werner Koch <wk@gnupg.org>
+
+ rsa: Implement blinding also for signing.
+ + commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8
+ * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ...
+ (secret_blinded): new.
+ (rsa_sign): Use blinding by default.
+
+ random: Remove debug output for getrandom(2) output.
+ + commit 82df6c63a72fdd969c3923523f10d0cef5713ac7
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug
+ output.
+
+2016-06-02 Werner Koch <wk@gnupg.org>
+
+ Fix gcc portability on Solaris 9 SPARC boxes.
+ + commit 4121f15122501d8946f1589b303d1f7949c15e30
+ * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
+
+2016-05-28 Jérémie Courrèges-Anglas <jca@wxcvbn.org>
+
+ Check for compiler SSE4.1 support in PCLMUL CRC code.
+ + commit 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8
+ * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if
+ compiler supports PCLMUL *and* SSE4.1
+ * cipher/crc.c: Ditto
+ * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New.
+
+2016-05-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix ecc_verify for cofactor support.
+ + commit c7430aa752232aa690c5d8f16575a345442ad8d7
+ * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h".
+
+2016-04-26 Werner Koch <wk@gnupg.org>
+
+ random: Try to use getrandom() instead of /dev/urandom (Linux only).
+ + commit ee5a32226a7ca4ab067864e06623fc11a1768900
+ * configure.ac: Check for syscall.
+ * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
+ (_gcry_rndlinux_gather_random): Use getrandom is available.
+
+2016-04-19 Werner Koch <wk@gnupg.org>
+
+ asm fix for older gcc versions.
+ + commit caa9d14c914bf6116ec3f773a322a94e2be0c0fb
+ * cipher/crc-intel-pclmul.c: Remove extra trailing colon from
+ asm statements.
+
+ asm fix for older gcc versions.
+ + commit 4545372c0f8dd35aef2a7abc12b588ed1a4a0363
+ * cipher/crc-intel-pclmul.c: Remove extra trailing colon from
+ asm statements.
+
+2016-04-15 Werner Koch <wk@gnupg.org>
+
+ Release 1.7.0.
+ + commit 795f9cb090c776658a0e3117996e3fb7e2ebd94a
+
+
+2016-04-14 Werner Koch <wk@gnupg.org>
+
+ tests: Add test vectors for 256 GiB test of SHA3-256.
+ + commit 1737c546dc7268fa9edcd4a23b7439c56d37ee4f
+ * tests/hashtest.c: Add new test vectros.
+
+2016-04-14 Justus Winter <justus@g10code.com>
+
+ src: Improve S-expression parsing.
+ + commit 491586bc7f7b9edc6b78331a77e653543983c9e4
+ * src/sexp.c (do_vsexp_sscan): Return an error if a closing
+ parenthesis is encountered with no matching opening parenthesis.
+
+2016-04-14 Werner Koch <wk@gnupg.org>
+
+ cipher: Add constant for 8 bit CFB mode.
+ + commit 47c6a1f88eb763e9baa394e34d873b761abcebbe
+ * src/gcrypt.h.in (GCRY_CIPHER_MODE_CFB8): New.
+ * tests/basic.c (check_cfb_cipher): Prepare for CFB-8 tests.
+
+ tests: Add a new test for S-expressions.
+ + commit 88c6b98350193abbdcfb227754979b0c097ee09c
+ * tests/t-sexp.c (compare_to_canon): New.
+ (back_and_forth_one): Add another test.
+
+2016-04-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix corner cases for X25519.
+ + commit 8472b71812e71c69d66e2fcc02a6e21b66755f8b
+ * cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns
+ GPG_ERR_INV_DATA instead of aborting with log_fatal. For X25519,
+ it's not an error, thus, let it return 0.
+ (ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish
+ X25519, not by the name of the curve.
+ (ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead
+ of aborting with log_fatal. For X25519, it's not an error by its
+ definition, but we deliberately let it return the error to detect
+ looks-like-encrypted-message.
+ * tests/t-cv25519.c: Add points to record the issue.
+
+2016-04-12 Werner Koch <wk@gnupg.org>
+
+ cipher: Buffer data from gcry_cipher_authenticate in OCB mode.
+ + commit b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add fields
+ aad_leftover and aad_nleftover to u_mode.ocb.
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Clear
+ aad_nleftover.
+ (_gcry_cipher_ocb_authenticate): Add buffering and facor some code out
+ to ...
+ (ocb_aad_finalize): new.
+ (compute_tag_if_needed): Call new function.
+ * tests/basic.c (check_ocb_cipher_splitaad): New.
+ (check_ocb_cipher): Call new function.
+ (main): Also call check_cipher_modes with --ciper-modes.
+
+2016-04-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix X25519 computation on Curve25519.
+ + commit ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5
+ * cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when
+ PUBKEY_FLAG_DJB_TWEAK is enabled.
+ (ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled.
+ * tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt.
+
+ ecc: Fix initialization of EC context.
+ + commit 7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de
+ * cipher/ecc.c (test_ecdh_only_keys, ecc_generate)
+ (ecc_check_secret_key, ecc_encrypt_raw, ecc_decrypt_raw): Initialize
+ by _gcry_mpi_ec_p_internal_new should carry FLAGS.
+
+2016-04-06 Werner Koch <wk@gnupg.org>
+
+ Allow building with configure option --enable-hmac-binary-check.
+ + commit 65c63144b66392f40b991684789b8b793248e3ba
+ * src/Makefile.am (mpicalc_LDADD): Add DL_LIBS.
+ * src/fips.c (check_binary_integrity): Allow use of hmac256 output.
+ * src/hmac256.c (main): Add option --stdkey
+
+2016-04-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Positive values in computation.
+ + commit 6f386ceae86a058e26294f744750f1ed2a95e604
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
+ coefficients A and B are positive.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
+ "P - T" instead of "-T", so that the result will be positive.
+ (_gcry_ecc_eddsa_verify): Likewise.
+ * cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
+ instead of _gcry_ecc_update_curve_param.
+ * mpi/ec.c (ec_subm): Make sure the result will be positive.
+ (dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
+ mpi_sub instead of mpi_neg.
+ (add_points_edwards): Simply use ec_addm.
+ * tests/t-mpi-point.c (test_curve): Define curves with positive
+ coefficients.
+
+2016-04-01 Werner Koch <wk@gnupg.org>
+
+ mpi: Explicitly limit the allowed input length for gcry_mpi_scan.
+ + commit 862cf19a119427dd7ee7959a36c72d905f5ea5ca
+ * mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New.
+ (mpi_fromstr): Check against this limit.
+ (_gcry_mpi_scan): Ditto.
+ * tests/mpitests.c (test_maxsize): New.
+ (main): Cal that test.
+
+2016-03-31 Werner Koch <wk@gnupg.org>
+
+ cipher: Remove specialized rmd160 functions.
+ + commit fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27
+ * cipher/rmd160.c: Replace rmd.h by hash-common.h.
+ (RMD160_CONTEXT): Move from rmd.h to here.
+ (_gcry_rmd160_init): Remove.
+ (_gcry_rmd160_mixblock): Remove.
+ (_gcry_rmd160_hash_buffer): Use rmd160_init directly.
+ * cipher/md.c: Remove rmd.h which was not actually used.
+ * cipher/rmd.h: Remove.
+ * cipher/Makefile.am (libcipher_la_SOURCES): Remove rmd.h.
+ * configure.ac (USE_RMD160): Allow to build without RMD160.
+
+ random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool.
+ + commit a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0
+ * cipher/sha1.c (_gcry_sha1_mixblock_init): New.
+ (_gcry_sha1_mixblock): New.
+ * random/random-csprng.c: Include sha1.h instead of rmd.h.
+ (mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing.
+
+ cipher: Move sha1 context definition to a separate file.
+ + commit 142a479a484cb4e84d0561be9b05b44dac9e6fe2
+ * cipher/sha1.c: Replace hash-common.h by sha1.h.
+ (SHA1_CONTEXT): Move to ...
+ * cipher/sha1.h: new. Always include all flags.
+ * cipher/Makefile.am (libcipher_la_SOURCES): Add sha1.h.
+
+2016-03-29 Werner Koch <wk@gnupg.org>
+
+ tests: Fix buffer overflow in bench-slope.
+ + commit 48ee918400762281bec5b6fc218a9f0d119aac7c
+ * tests/bench-slope.c (bench_print_result_std): Remove wrong use of
+ strncat.
+
+2016-03-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ cipher: GCM: check that length of supplied tag is one of valid lengths.
+ + commit f2260e3a2e962ac80124ef938e54041bbea08561
+ * cipher/cipher-gcm.c (is_tag_length_valid): New.
+ (_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length.
+ * tests/basic.c (_check_gcm_cipher): Add test-vectors with different
+ valid tag lengths and negative test vectors with invalid lengths.
+
+2016-03-24 Peter Wu <peter@lekensteyn.nl>
+
+ cipher: Fix memleaks in (self)tests.
+ + commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9
+ * cipher/dsa.c: Release memory for MPI and sexp structures.
+ * cipher/ecc.c: Release memory for sexp structure.
+ * tests/keygen.c: Likewise.
+
+ Mark constant MPIs as non-leaked.
+ + commit 470a30db241a2d567739ef2adb2a2ee64992d8b4
+ * mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked.
+
+2016-03-23 Werner Koch <wk@gnupg.org>
+
+ Add new control GCRYCTL_GET_TAGLEN for use with gcry_cipher_info.
+ + commit fea5971488e049f902d7912df22a945bc755ad6d
+ * src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New.
+ * cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature.
+
+ * tests/basic.c (_check_gcm_cipher): Check that new feature.
+ (_check_poly1305_cipher): Ditto.
+ (check_ccm_cipher): Ditto.
+ (do_check_ocb_cipher): Ditto.
+ (check_ctr_cipher): Add negative test for new feature.
+
+ cipher: Avoid NULL-segv in GCM mode if a key has not been set.
+ + commit e709d86fe596a4bcf235799468947c13ae657d78
+ * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN
+ has been initialized.
+ (_gcry_cipher_gcm_decrypt): Ditto.
+ (_gcry_cipher_gcm_authenticate): Ditto.
+ (_gcry_cipher_gcm_initiv): Ditto.
+ (_gcry_cipher_gcm_tag): Ditto.
+
+ cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag.
+ + commit 7c9c82feecf94a455c66d9c38576f36c9c4b484c
+ * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the
+ provided tag length matches the actual tag length.
+
+2016-03-23 Peter Wu <peter@lekensteyn.nl>
+
+ Fix buffer overrun in gettag for Poly1305.
+ + commit 6821e1bd94969106a70e3de17b86f6e6181f4e59
+ * cipher/cipher-poly1305.c: copy a fixed length instead of the
+ user-supplied number.
+
+2016-03-23 Werner Koch <wk@gnupg.org>
+
+ cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag.
+ + commit 15785bc9fb1787554bf371945ecb191830c15bfd
+ * cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided
+ tag length matches the actual tag length. Avoid gratuitous return
+ statements.
+
+2016-03-23 Peter Wu <peter@lekensteyn.nl>
+
+ Fix buffer overrun in gettag for GCM.
+ + commit d3d7bdf8215275b3b20690dfde3f43dbe25b6f85
+ * cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
+ number.
+
+2016-03-22 Werner Koch <wk@gnupg.org>
+
+ tests: Add options --fips to keygen for manual tests.
+ + commit d328095dd4de83b839d9d8c4bdbeec0956971016
+ (main): Add option --fips.
+ * tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539
+ because that is valid in FIPS mode. Check that key generation fails
+ for too short keys in FIPS mode.
+ (check_ecc_keys): Check that key generation fails for Ed25519 keys in
+ FIPS mode.
+
+2016-03-22 Tomáš Mráz <tmraz@redhat.com>
+
+ rsa: Add FIPS 186-4 compliant RSA probable prime key generator.
+ + commit 5f9b3c2e220ca6d0eaff32324a973ef67933a844
+ * cipher/primegen.c (_gcry_fips186_4_prime_check): New.
+ * cipher/rsa.c (generate_fips): New.
+ (rsa_generate): Use new function in fips mode or with test-parms.
+
+ * tests/keygen.c (check_rsa_keys): Add test using e=65539.
+
+2016-03-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix ARM NEON support detection on ARMv6 target.
+ + commit 583919d70763671ed9feeaa14e1f66379aff88cc
+ * configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive
+ instead of '.thumb'.
+
+2016-03-18 Werner Koch <wk@gnupg.org>
+
+ Always require a 64 bit integer type.
+ + commit 897ccd21b7221982806b5c024518f4e989152f14
+ * configure.ac (available_digests_64): Merge with available_digests.
+ (available_kdfs_64): Merge with available_kdfs.
+ <64 bit datatype test>: Bail out if no such type is available.
+ * src/types.h: Emit #error if no u64 can be defined.
+ (PROPERLY_ALIGNED_TYPE): Always add u64 type.
+ * cipher/bithelp.h: Remove all code paths which handle the
+ case of !HAVE_U64_TYPEDEF.
+ * cipher/bufhelp.h: Ditto.
+ * cipher/cipher-ccm.c: Ditto.
+ * cipher/cipher-gcm.c: Ditto.
+ * cipher/cipher-internal.h: Ditto.
+ * cipher/cipher.c: Ditto.
+ * cipher/hash-common.h: Ditto.
+ * cipher/md.c: Ditto.
+ * cipher/poly1305.c: Ditto.
+ * cipher/scrypt.c: Ditto.
+ * cipher/tiger.c: Ditto.
+ * src/g10lib.h: Ditto.
+ * tests/basic.c: Ditto.
+ * tests/bench-slope.c: Ditto.
+ * tests/benchmark.c: Ditto.
+
+2016-03-18 Vitezslav Cizek <vcizek@suse.com>
+
+ tests: Fix testsuite after the FIPS adjustments.
+ + commit 9ecc2690181ba0bb44f66451a7dce2fc19965793
+ * tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
+ * tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
+ * tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
+ (check_ecc_keys): Skip Ed25519 in FIPS mode.
+ * tests/random.c (main): Don't switch DRBG in FIPS mode.
+ * tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
+ * tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
+ * tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
+ (main): Skip math tests that use P-192 and Ed25519 in FIPS.
+
+ tests: Add new --pss option to fipsdrv.
+ + commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97
+ * tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length
+ to 0 for PSS.
+
+ cipher: Add option to specify salt length for PSS verification.
+ + commit 0bd8137e68c201b6c2290710e348aaf57efa2b2e
+ * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for
+ salt-length token.
+
+ tests: Add support for RSA keygen tests to fipsdrv.
+ + commit 2e139456369a834cf87d983da4f61241fda76efe
+ * tests/fipsdrv.c (run_rsa_keygen): New.
+ (main): Support RSA keygen and RSA keygen KAT tests.
+
+ tests: Fixes for RSA testsuite in FIPS mode.
+ + commit c690230af5a66b809f8f6fbab1a6262a5ba078cb
+ * tests/basic.c (get_keys_new): Generate 2048 bit key.
+ * tests/benchmark.c (rsa_bench): Skip keys of lengths different
+ than 2048 and 3072 in FIPS mode.
+ * tests/keygen.c (check_rsa_keys): Failure if short keys can be
+ generated in FIPS mode.
+ (check_dsa_keys): Ditto for DSA keys.
+ * tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
+
+ rsa: Use 2048 bit RSA keys for selftest.
+ + commit 78cec8b4754fdf774edb2d575000cb3e972e244c
+ * cipher/rsa.c (selftests_rsa): Use 2048 bit keys.
+ (selftest_encr_1024): Replaced by selftest_encr_2048.
+ (selftest_sign_1024): Replaced by selftest_sign_2048.
+ (selftest_encr_2048): Add check against known ciphertext.
+ (selftest_sign_2048): Add check against known signature.
+ (selftest_sign_2048): Free SIG_MPI.
+ * tests/pubkey.c (get_keys_new): Generate 2048 bit keys.
+
+ Disable non-allowed algorithms in FIPS mode.
+ + commit ce1cbe16992a7340edcf8e6576973e3508267640
+ * cipher/cipher.c (_gcry_cipher_init),
+ * cipher/mac.c (_gcry_mac_init),
+ * cipher/md.c (_gcry_md_init),
+ * cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
+ non-allowed ciphers.
+ * cipher/md5.c: Mark MD5 as not allowed in FIPS.
+ * src/g10lib.h (_gcry_mac_init): New.
+ * src/global.c (global_init): Call the new _gcry_mac_init.
+ * tests/basic.c (check_ciphers): Fix a typo.
+
+2016-03-18 Werner Koch <wk@gnupg.org>
+
+ kdf: Make PBKDF2 check work on all platforms.
+ + commit c478cf175887c84dc071c4f73a7667603b354789
+ * cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long.
+
+2016-03-18 Vitezslav Cizek <vcizek@suse.com>
+
+ kdf: Add upper bound for derived key length in PBKDF2.
+ + commit 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6
+ * cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen.
+
+ ecc: ECDSA adjustments for FIPS 186-4.
+ + commit a242e3d9185e6e2dc13902ea9331131755bbba01
+ * cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
+ * cipher/ecc.c: Add ECDSA self test.
+ * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
+ in FIPS mode.
+ * tests/fipsdrv.c: Add support for ECDSA signatures.
+
+2016-03-18 Werner Koch <wk@gnupg.org>
+
+ dsa: Make regression tests work.
+ + commit e40939b2141306238cc30a340b867b60fa4dc2a3
+ * cipher/dsa.c (sample_secret_key_1024): Comment out unused constant.
+ (ogenerate_fips186): Make it work with use-fips183-2 flag.
+ * cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs
+ standard comment out format.
+ * tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion.
+ (main): Call it.
+ (main): Compare against current version.
+ * tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key.
+ (get_dsa_key_fips186_with_seed_new): Ditto.
+ (get_dsa_key_fips186_with_domain_new): Comment out.
+ (check_run): Do not call that function.
+
+2016-03-18 Vitezslav Cizek <vcizek@suse.com>
+
+ dsa: Adjustments to conform with FIPS 186-4.
+ + commit 80e9f95e6f419daa765e4876c858e3e36e808897
+ * cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments.
+ * cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect
+ buflen passed to _gcry_mpi_scan.
+
+2016-03-16 Justus Winter <justus@g10code.com>
+
+ Update documentation for 'gcry_sexp_extract_param'.
+ + commit 4051fe7fec6ffdc7a2f5c3856665478866991ee7
+ * doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs
+ must be set to NULL first, and document how the function behaves in
+ case of errors.
+ * src/sexp.c (_gcry_sexp_extract_param): Likewise.
+ * src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from
+ '_gcry_sexp_extract_param'.
+
+ cipher: Update comment.
+ + commit fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2
+ * cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact
+ that a curve parameter can be given.
+
+2016-03-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Intel PCLMUL implementations of CRC algorithms.
+ + commit 5d601dd57fcb41aa2015ab655fd6fc51537da667
+ * cipher/Makefile.am: Add 'crc-intel-pclmul.c'.
+ * cipher/crc-intel-pclmul.c: New.
+ * cipher/crc.c (USE_INTEL_PCLMUL): New macro.
+ (CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'.
+ [USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul)
+ (gcry_crc24rfc2440_intel_pclmul): New.
+ (crc32_init, crc32rfc1510_init, crc24rfc2440_init)
+ [USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL
+ HW features detected.
+ (crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL
+ implementation if enabled.
+ (crc24_init): Document storage format of 24-bit CRC.
+ (crc24_next4): Use only 'data' for last table look-up.
+ * configure.ac: Add 'crc-intel-pclmul.lo'.
+ * src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include
+ Intel SSE4.1.
+ * src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection.
+ * src/hwfeatures.c (hwflist): Add 'intel-sse4.1'.
+ * tests/basic.c (fillbuf_count): New.
+ (check_one_md): Add "?" check (million byte data-set with byte pattern
+ 0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?"
+ checks.
+ (check_one_md_multi): Skip "?".
+ (check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256,
+ SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160,
+ CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!"
+ test-vectors for CRC32_RFC1510 and CRC24_RFC2440.
+
+2016-02-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Normalize EXPO for mpi_powm.
+ + commit fdfa5bfefdde316688a3c8021bd3528c5273b0f4
+ * mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP.
+
+2016-02-22 Andreas Metzler <ametzler@bebt.de>
+
+ Do not ship generated header file in tarball.
+ + commit 2b40a16333fa75f1cee85ab901a5aa9cff845a92
+ * src/Makefile.am: Move gcrypt.h from include_HEADERS to
+ nodist_include_HEADERS to prevent inclusion in release tarball.
+ This could break out-of-tree-builds because the potentially outdated
+ src/gcrypt.h was not updated but was in the compiler search path.
+
+2016-02-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix building random-drbg for Win32/64.
+ + commit 531b25aa94c58f6d2168a9537c8cea6c53d7bbe0
+ * random/random-drbg.c: Remove include for sys/types.h and asm/types.h.
+ (DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH)
+ (DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384)
+ (DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192)
+ (DRBG_SYM256): Change 'u_int32_t' to 'u32'.
+ (drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters
+ 'drbg_read_cb' and 'len'.
+
+2016-02-20 Werner Koch <wk@gnupg.org>
+
+ tests: Do not test DRBG_REINIT from "make check"
+ + commit 839d12c221430b60db5e0d6fbb107f22e0a6837f
+ * tests/random.c (main): Run check_drbg_reinit only if the envvar
+ GCRYPT_IN_REGRESSION_TEST is set.
+
+ doc: Fix possible dependency problem.
+ + commit 3b57e5a1ba68e26dcaea38b763287fddba9b6b7c
+ * doc/Makefile.am (gcrypt.texi): Use the right traget.
+
+2016-02-19 Stephan Mueller <smueller@chronox.de>
+
+ random: Remove ANSI X9.31 DRNG.
+ + commit e9b692d25d1c149b5417b70e18f2ce173bc25b6d
+ * random-fips.c: Remove.
+
+2016-02-19 Werner Koch <wk@gnupg.org>
+
+ random: Add a test case for DRBG_REINIT.
+ + commit 934ba2ae5a95a96fdbb3b935b51ba43df66f11df
+ * src/global.c (_gcry_vcontrol) <DRBG_REINIT>: Test for FIPS RNG.
+ * tests/random.c (check_drbg_reinit): New.
+ (main): Call new test.
+
+ random: Allow DRBG_REINIT before initialization.
+ + commit 7cdbd6e6a3cf1ee366b981e148d41b1187a6fdcf
+ * random/random-drbg.c (DRBG_DEFAULT_TYPE): New.
+ (_drbg_init_internal): Set the default type if no type has been set
+ before.
+ (_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default.
+
+ Add new private header gcrypt-testapi.h.
+ + commit 744b030cff61fd25114b0b25394c62782c153343
+ * src/gcrypt-testapi.h: New.
+ * src/Makefile.am (libgcrypt_la_SOURCES): Add new file.
+ * random/random.h: Include gcrypt-testapi.h.
+ (struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h.
+ * src/global.c: Include gcrypt-testapi.h.
+ (_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61.
+ * cipher/cipher.c: Include gcrypt-testapi.h.
+ (_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62.
+ * tests/fipsdrv.c: Include gcrypt-testapi.h. Remove definition of
+ PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_
+ constants.
+ * tests/t-lock.c: Include gcrypt-testapi.h. Remove
+ PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants.
+
+ * random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ...
+ (_gcry_rngdrbg_cavs_test): this.
+ (gcry_rngdrbg_healthcheck_one): Rename to ...
+ (_gcry_rngdrbg_healthcheck_one): this.
+
+ random: Make the DRBG C-90 clean and use a flag string.
+ + commit 95f1db3affb9f5b8a2c814c211d4a02b30446c15
+ * random/random.h (struct gcry_drbg_test_vector): Rename "flags" to
+ "flagstr" and turn it into a string.
+ * random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of
+ designated initializers. Use a string for the flags.
+ (gcry_rngdrbg_cavs_test): Parse the flag string into a flag value.
+ (drbg_healthcheck_sanity): Ditto.
+
+ random: Symbol name cleanup for random-drbg.c.
+ + commit 85ed07790552297586258e8fe09b546eee357a8b
+ * random/random-drbg.c: Rename all static objects and macros from
+ "gcry_drbg" to "drbg".
+ (drbg_string_t): New typedef.
+ (drbg_gen_t): New typedef.
+ (drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by
+ this.
+ (_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so
+ that an error if actually returned.
+ (gcry_rngdrbg_cavs_test): Ditto.
+ (gcry_drbg_healthcheck_sanity): Ditto.
+
+ random: Use our symbol name pattern also for drbg functions.
+ + commit 7cf3c929331133e4381dbceac53d3addd921c929
+ * random/random-drbg.c: Rename global functions from _gcry_drbg_*
+ to _gcry_rngdrbg_*.
+ * random/random.c: Adjust for this change.
+ * src/global.c: Ditto.
+
+ random: Rename drbg.c to random-drbg.c.
+ + commit e49b3f2c10e012509b5930c0df4d6df378d3b9f4
+ * random/drbg.c: Rename to ...
+ * random/random-drbg.c: this.
+ * random/Makefile.am (librandom_la_SOURCES): Adjust accordingly.
+
+ random: Remove the new API introduced by the new DRBG.
+ + commit dfac2b13d0068b2b1b420d77e9771a49964b81c1
+ * src/gcrypt.h.in (struct gcry_drbg_gen): Move to random/drbg.c.
+ (struct gcry_drbg_string): Ditto.
+ (gcry_drbg_string_fill): Ditto.
+ (gcry_randomize_drbg): Remove.
+ * random/drbg.c (parse_flag_string): New.
+ (_gcry_drbg_reinit): Change the way the arguments are passed.
+ * src/global.c (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: Change calling
+ convention.
+
+ Add helper function _gcry_strtokenize.
+ + commit 4e134b6e77f558730ec1eceb6b816b0bcfd845e9
+ * src/misc.c (_gcry_strtokenize): New.
+
+2016-02-18 Werner Koch <wk@gnupg.org>
+
+ random: Remove DRBG constants from the public API.
+ + commit fd13372fa9069d3a72947ea59c57e33637c936bf
+ * src/gcrypt.h.in (GCRY_DRBG_): Remove all new flags to ...
+ * random/drbg.c: here.
+
+2016-02-18 Stephan Mueller <smueller@chronox.de>
+
+ random: Add SP800-90A DRBG.
+ + commit ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7
+ * random/drbg.c: New.
+ * random/random.c (_gcry_random_initialize): Replace rngfips init by
+ drbg init.
+ (__gcry_random_close_fds): Likewise.
+ (_gcry_random_dump_stats): Likewise.
+ (_gcry_random_is_faked): Likewise.
+ (do_randomize): Likewise.
+ (_gcry_random_selftest): Likewise.
+ (_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize.
+ (_gcry_random_init_external_test): Remove.
+ (_gcry_random_run_external_test): Remove.
+ (_gcry_random_deinit_external_test): Remove.
+ * random/random.h (struct gcry_drbg_test_vector): New.
+ * src/gcrypt.h.in (struct gcry_drbg_gen): New.
+ (struct gcry_drbg_string): New.
+ (gcry_drbg_string_fill): New.
+ (gcry_randomize_drbg): New.
+ (GCRY_DRBG_): Lots of new macros.
+ * src/global.c (_gcry_vcontrol) <Init external random test>: Turn into
+ a nop.
+ (_gcry_vcontrol) <Deinit external random test>: Ditto.
+ (_gcry_vcontrol) <Run external random test>: Change.
+ (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: New.
+
+2016-02-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ bufhelp: disable unaligned memory accesses on powerpc.
+ + commit 1da793d089b65ac8c1ead65dacb6b8699f5b6e69
+ * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Disable for
+ __powerpc__ and __powerpc64__.
+
+2016-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Not validate input point for Curve25519.
+ + commit 7a019bc7ecdbdfdef51094e090ce95e062da9b64
+ * cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception.
+
+2016-02-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix memory leaks on error.
+ + commit b12dd550fd6af687ef95c584d0d8366c34965cc8
+ * cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory.
+ * mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise.
+
+2016-02-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: input validation on ECDH.
+ + commit 23b72901f8a5ba9a78485b235c7a917fbc8faae0
+ * cipher/ecc.c (ecc_decrypt_raw): Validate the point.
+
+2016-02-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add ARM assembly implementation of SHA-512.
+ + commit 8353884bc65c820d5bcacaf1ac23cdee72091a09
+ * cipher/Makefile.am: Add 'sha512-arm.S'.
+ * cipher/sha512-arm.S: New.
+ * cipher/sha512.c (USE_ARM_ASM): New.
+ (_gcry_sha512_transform_arm): New.
+ (transform) [USE_ARM_ASM]: Use ARM assembly implementation instead of
+ generic.
+ * configure.ac: Add 'sha512-arm.lo'.
+
+2016-02-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Add a test for Curve25519.
+ + commit b8b3361504950689ef1e779fb3357cecf8a9f739
+ * tests/Makefile.am (tests_bin): Add t-cv25519.
+ * tests/t-cv25519.c: New.
+
+2016-02-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix Curve25519 for data by older implementation.
+ + commit 6cb6df9dddac6ad246002b83c2ce0aaa0ecf30e5
+ * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix code path for
+ short length data.
+
+ ecc: more fix of Curve25519.
+ + commit 48ba5a50066611ecacea850ced13f5cb66097a81
+ * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix removing of
+ prefix. Clear the MSB, according to RFC7748.
+
+ ecc: Fix ECDH of Curve25519.
+ + commit a2f9afcd7fcdafd5951498b07f34957f9766dce9
+ * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix calc of NBITS
+ and prefix detection.
+ * cipher/ecc.c (ecc_generate): Use NBITS instead of CTX->NBITS.
+ (ecc_encrypt_raw): Use NBITS from curve instead of from P.
+ Fix rawmpilen calculation.
+ (ecc_decrypt_raw): Likewise. Add debug output.
+
+2016-01-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Improve performance of generic SHA256 implementation.
+ + commit f3e51161036382429c3491c7c881f36c0a653c7b
+ * cipher/sha256.c (R): Let caller do variable shuffling.
+ (Chro, Maj, Sum0, Sum1): Convert from inline functions to macros.
+ (W, I): New.
+ (transform_blk): Unroll round loop; inline message expansion to rounds
+ to make message expansion buffer smaller.
+
+2016-01-28 Werner Koch <wk@gnupg.org>
+
+ ecc: New API function gcry_mpi_ec_decode_point.
+ + commit 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897
+ * mpi/ec.c (_gcry_mpi_ec_decode_point): New.
+ * cipher/ecc-common.h: Move two prototypes to ...
+ * src/ec-context.h: here.
+ * src/gcrypt.h.in (gcry_mpi_ec_decode_point): New.
+ * src/libgcrypt.def (gcry_mpi_ec_decode_point): New.
+ * src/libgcrypt.vers (gcry_mpi_ec_decode_point): New.
+ * src/visibility.c (gcry_mpi_ec_decode_point): New.
+ * src/visibility.h: Add new function.
+
+2016-01-15 Werner Koch <wk@gnupg.org>
+
+ Fix build problem for rndegd.c.
+ + commit 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Test all RND modules.
+ * random/rndegd.c (_gcry_rndegd_connect_socket)
+ (my_make_filename): Use functions with '_' prefix.
+
+ random: Fix possible AIX problem with sysconf in rndunix.
+ + commit 6303b0e83856ee89374b447e710f0ab2af61caec
+ * random/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
+ (start_gatherer): Detect misbehaving sysconf.
+
+2015-12-27 Werner Koch <wk@gnupg.org>
+
+ random: Take at max 25% from RDRAND.
+ + commit 5a78e7f15e0dd96a8bf64e2bb142880bf8ea6965
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Change use of
+ RDRAND from 50% to 25%.
+
+2015-12-07 Justus Winter <justus@g10code.com>
+
+ cipher: Improve error handling.
+ + commit b9c02fbeb7efb7d0593b33485fb30c298291cf80
+ * cipher/ecc.c (ecc_decrypt_raw): Improve error handling.
+
+ cipher: Initialize 'flags'.
+ + commit ca06cd7f77acb317c2649c58918908f043dfe6bd
+ * cipher/ecc.c (ecc_encrypt_raw): Initialize 'flags' to 0.
+
+2015-12-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: CHANGE point representation of Curve25519.
+ + commit dd3d06e7f113cf7608f060ceb043262efd0b0c9d
+ * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Decode point with
+ the prefix 0x40, additional 0x00 by MPI handling, and shorter octets
+ by MPI normalization.
+ * cipher/ecc.c (ecc_generate, ecc_encrypt_raw, ecc_decrypt_raw):
+ Always add the prefix 0x40.
+
+2015-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ chacha20: fix alignment of self-test context.
+ + commit 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38
+ * cipher/chacha20.c (selftest): Ensure 16-byte alignment for chacha20
+ context structure.
+
+ salsa20: fix alignment of self-test context.
+ + commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca
+ * cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20
+ context structure.
+
+2015-12-02 Justus Winter <justus@g10code.com>
+
+ random: Drop fake entropy gathering function.
+ + commit d421ac283ec46d0ecaf6278ba4c24843f65fb2fa
+ * random/random-csprng.c (faked_rng): Drop variable.
+ (gather_faked): Drop prototype and function.
+ (initialize): Drop fallback code.
+ (_gcry_rngcsprng_is_faked): Change accordingly.
+
+ random: Fix selection of entropy gathering function.
+ + commit 468a5796ffb1a7776db4004d534376c1b981d740
+ * random/random-csprng.c (getfnc_gather_random): Do return NULL if no
+ usable entropy gathering function is found. The callsite then
+ installs the fake gather function.
+
+2015-11-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: minor improvement of point multiplication.
+ + commit 3658afd09c3b03b4398aaa5748387220c93b1a94
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Move ec_subm out of the loop.
+
+2015-11-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Constant-time multiplication for Weierstrass curve.
+ + commit 88e1358962e902ff1cbec8d53ba3eee46407851a
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
+ method for Weierstrass curve when SCALAR is secure.
+
+ mpi: fix gcry_mpi_swap_cond.
+ + commit f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f
+ * mpi/mpiutil.c (_gcry_mpi_swap_cond): Relax the condition.
+
+ mpi: Fix mpi_set_cond and mpi_swap_cond .
+ + commit 8ad682c412047d3b9196950709dbd7bd14ac8732
+ * mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use
+ the operator of !!, but assume SET/SWAP is 0 or 1.
+
+ ecc: multiplication of Edwards curve to be constant-time.
+ + commit 295b1c3540752af4fc5e6f41480e6db215222fba
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond.
+
+ ecc: Add point_resize and point_swap_cond.
+ + commit b6015176df6bfae107ac82f9baa29ef2c175c9f9
+ * mpi/ec.c (point_resize, point_swap_cond): New.
+ (_gcry_mpi_ec_mul_point): Use point_resize and point_swap_cond.
+
+2015-11-18 Justus Winter <justus@g10code.com>
+
+ cipher: Fix error handling.
+ + commit 940dc8adc034a6c6c38742f6bfd7d837a532d537
+ * cipher/cipher.c (_gcry_cipher_ctl): Fix error handling.
+
+2015-11-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Tweak Keccak for small speed-up.
+ + commit 6571a64331839d7d952292163afbf34c8bef62e0
+ * cipher/keccak_permute_32.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Track
+ rounds with round constant pointer instead of separate round counter.
+ * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Ditto.
+ (KECCAK_F1600_ABSORB_FUNC_NAME): Tweak lanes pointer increment for bulk
+ absorb loops.
+
+ Update license information for CRC.
+ + commit 15ea0acf8bb0aa307eccc23024a0bd7878fb8080
+ * LICENSES: Remove 'Simple permissive' and 'IETF permissive' licenses
+ for 'cipher/crc.c' as result of rewrite of CRC implementations.
+
+2015-11-17 Justus Winter <justus@g10code.com>
+
+ Fix typos found using codespell.
+ + commit 0e395944b70c7a92a6437f6bcc14f287c19ce9de
+ * cipher/cipher-ocb.c: Fix typos.
+ * cipher/des.c: Likewise.
+ * cipher/dsa-common.c: Likewise.
+ * cipher/ecc.c: Likewise.
+ * cipher/pubkey.c: Likewise.
+ * cipher/rsa-common.c: Likewise.
+ * cipher/scrypt.c: Likewise.
+ * random/random-csprng.c: Likewise.
+ * random/random-fips.c: Likewise.
+ * random/rndw32.c: Likewise.
+ * src/cipher-proto.h: Likewise.
+ * src/context.c: Likewise.
+ * src/fips.c: Likewise.
+ * src/gcrypt.h.in: Likewise.
+ * src/global.c: Likewise.
+ * src/sexp.c: Likewise.
+ * tests/mpitests.c: Likewise.
+ * tests/t-lock.c: Likewise.
+
+2015-11-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Improve performance of Tiger hash algorithms.
+ + commit 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0
+ * cipher/tiger.c (tiger_round, pass, key_schedule): Convert functions
+ to macros.
+ (transform_blk): Pass variable names instead of pointers to 'pass'.
+
+ Add ARMv7/NEON implementation of Keccak.
+ + commit a1cc7bb15473a2419b24ecac765ae0ce5989a13b
+ * cipher/Makefile.am: Add 'keccak-armv7-neon.S'.
+ * cipher/keccak-armv7-neon.S: New.
+ * cipher/keccak.c (USE_64BIT_ARM_NEON): New.
+ (NEED_COMMON64): Select if USE_64BIT_ARM_NEON.
+ [NEED_COMMON64] (round_consts_64bit): Rename to...
+ [NEED_COMMON64] (_gcry_keccak_round_consts_64bit): ...this; Add
+ terminator at end.
+ [USE_64BIT_ARM_NEON] (_gcry_keccak_permute_armv7_neon)
+ (_gcry_keccak_absorb_lanes64_armv7_neon, keccak_permute64_armv7_neon)
+ (keccak_absorb_lanes64_armv7_neon, keccak_armv7_neon_64_ops): New.
+ (keccak_init) [USE_64BIT_ARM_NEON]: Select ARM/NEON implementation
+ if supported by HW.
+ * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Update
+ to use new round constant table.
+ * configure.ac: Add 'keccak-armv7-neon.lo'.
+
+ Optimize Keccak 64-bit absorb functions.
+ + commit 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88
+ * cipher/keccak.c [USE_64BIT] [__x86_64__] (absorb_lanes64_8)
+ (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New.
+ * cipher/keccak.c [USE_64BIT] [!__x86_64__] (absorb_lanes64_8)
+ (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New.
+ [USE_64BIT] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+ [USE_64BIT] (keccak_absorb_lanes64): Remove.
+ [USE_64BIT_SHLD] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+ [USE_64BIT_SHLD] (keccak_absorb_lanes64_shld): Remove.
+ [USE_64BIT_BMI2] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+ [USE_64BIT_BMI2] (keccak_absorb_lanes64_bmi2): Remove.
+ * cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+
+2015-10-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Enable CRC test vectors with zero bytes.
+ + commit 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2
+ * tests/basic.c (check_digests): Enable CRC test-vectors with zero
+ bytes.
+
+ Keccak: Add SHAKE Extendable-Output Functions.
+ + commit c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29
+ * src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for
+ XOFs.
+ * src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract'
+ and add 'pos' argument.
+ (KECCAK_CONTEXT): Add 'suffix'.
+ (keccak_extract_inplace64): Rename to...
+ (keccak_extract64): ...this; Add handling for 'pos' argument.
+ (keccak_extract_inplace32bi): Rename to...
+ (keccak_extract32bi): ...this; Add handling for 'pos' argument.
+ (keccak_extract_inplace64): Rename to...
+ (keccak_extract64): ...this; Add handling for 'pos' argument.
+ (keccak_extract_inplace32bi_bmi2): Rename to...
+ (keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument.
+ (keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256.
+ (shake128_init, shake256_init): New.
+ (keccak_final): Do not initial permute for SHAKE output; use correct
+ suffix for SHAKE.
+ (keccak_extract): New.
+ (keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors.
+ (run_selftests): Add SHAKE128 & SHAKE256.
+ (shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256)
+ (_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New.
+ * cipher/md.c (digest_list): Add SHAKE128 & SHAKE256.
+ * doc/gcrypt.texi: Ditto.
+ * src/cipher.h (_gcry_digest_spec_shake128)
+ (_gcry_digest_spec_shake256): New.
+ * src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New.
+ * tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument.
+ (check_one_md_multi): Skip if algo is XOF.
+ (check_digests): Add SHAKE128 & SHAKE256 test vectors.
+ * tests/bench-slope.c (kdf_bench_one): Skip XOFs.
+
+ Few updates to documentation.
+ + commit 28de6f9e16e386018e81a9cdaee596be7616ccab
+ * doc/gcrypt.text: Add mention of new 'intel-fast-shld' hw feature
+ flag; Add mention of x86 RDRAND support in rndhw.
+
+ Add HMAC-SHA3 test vectors.
+ + commit 92ad19873562cfce7bcc4a0b5aed8195d8284cfc
+ * tests/basic.c (check_mac): Add HMAC_SHA3 test vectors.
+
+2015-10-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ md: add variable length output interface.
+ + commit 577dc2b63ceca6a8a716256d034ea4e7414f65fa
+ * cipher/crc.c (_gcry_digest_spec_crc32)
+ (_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set
+ 'extract' NULL.
+ * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94)
+ (_gcry_digest_spec_gost3411_cp): Ditto.
+ * cipher/keccak.c (_gcry_digest_spec_sha3_224)
+ (_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384)
+ (_gcry_digest_spec_sha3_512): Ditto.
+ * cipher/md2.c (_gcry_digest_spec_md2): Ditto.
+ * cipher/md4.c (_gcry_digest_spec_md4): Ditto.
+ * cipher/md5.c (_gcry_digest_spec_md5): Ditto.
+ * cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto.
+ * cipher/sha1.c (_gcry_digest_spec_sha1): Ditto.
+ * cipher/sha256.c (_gcry_digest_spec_sha224)
+ (_gcry_digest_spec_sha256): Ditto.
+ * cipher/sha512.c (_gcry_digest_spec_sha384)
+ (_gcry_digest_spec_sha512): Ditto.
+ * cipher/stribog.c (_gcry_digest_spec_stribog_256)
+ (_gcry_digest_spec_stribog_512): Ditto.
+ * cipher/tiger.c (_gcry_digest_spec_tiger)
+ (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto.
+ * cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto.
+ * cipher/md.c (md_enable): Do not allow combination of HMAC and
+ 'expandable-output function'.
+ (md_final): Check if spec->read is NULL before calling.
+ (md_read): Ditto.
+ (md_extract, _gcry_md_extract): New.
+ * doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract.
+ * src/cipher-proto.h (gcry_md_extract_t): New.
+ (gcry_md_spec_t): Add 'extract'.
+ * src/gcrypt-int.g (_gcry_md_extract): New.
+ * src/gcrypt.h.in (gcry_md_extract): New.
+ * src/libgcrypt.def: Add gcry_md_extract.
+ * src/libgcrypt.vers: Add gcry_md_extract.
+ * src/visibility.c (gcry_md_extract): New.
+ * src/visibility.h (gcry_md_extract): New.
+
+ md: check hmac flag in prepare_macpads.
+ + commit cee2e122ec6c1886957a8d47498eb63a6a921725
+ * cipher/md.c (prepare_macpads): Check hmac flag.
+
+ keccak: rewrite for improved performance.
+ + commit 74184c28fbe7ff58cf57f0094ef957d94045da7d
+ * cipher/Makefile.am: Add 'keccak_permute_32.h' and
+ 'keccak_permute_64.h'.
+ * cipher/hash-common.h [USE_SHA3] (MD_BLOCK_MAX_BLOCKSIZE): Remove.
+ * cipher/keccak.c (USE_64BIT, USE_32BIT, USE_64BIT_BMI2)
+ (USE_64BIT_SHLD, USE_32BIT_BMI2, NEED_COMMON64, NEED_COMMON32BI)
+ (keccak_ops_t): New.
+ (KECCAK_STATE): Add 'state64' and 'state32bi' members.
+ (KECCAK_CONTEXT): Remove 'bctx'; add 'blocksize', 'count' and 'ops'.
+ (rol64, keccak_f1600_state_permute): Remove.
+ [NEED_COMMON64] (round_consts_64bit, keccak_extract_inplace64): New.
+ [NEED_COMMON32BI] (round_consts_32bit, keccak_extract_inplace32bi)
+ (keccak_absorb_lane32bi): New.
+ [USE_64BIT] (ANDN64, ROL64, keccak_f1600_state_permute64)
+ (keccak_absorb_lanes64, keccak_generic64_ops): New.
+ [USE_64BIT_SHLD] (ANDN64, ROL64, keccak_f1600_state_permute64_shld)
+ (keccak_absorb_lanes64_shld, keccak_shld_64_ops): New.
+ [USE_64BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute64_bmi2)
+ (keccak_absorb_lanes64_bmi2, keccak_bmi2_64_ops): New.
+ [USE_32BIT] (ANDN64, ROL64, keccak_f1600_state_permute32bi)
+ (keccak_absorb_lanes32bi, keccak_generic32bi_ops): New.
+ [USE_32BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute32bi_bmi2)
+ (pext, pdep, keccak_absorb_lane32bi_bmi2, keccak_absorb_lanes32bi_bmi2)
+ (keccak_extract_inplace32bi_bmi2, keccak_bmi2_32bi_ops): New.
+ (keccak_write): New.
+ (keccak_init): Adjust to KECCAK_CONTEXT changes; add implementation
+ selection based on HWF features.
+ (keccak_final): Adjust to KECCAK_CONTEXT changes; use selected 'ops'
+ for state manipulation.
+ (keccak_read): Adjust to KECCAK_CONTEXT changes.
+ (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
+ (_gcry_digest_spec_sha3_348, _gcry_digest_spec_sha3_512): Use
+ 'keccak_write' instead of '_gcry_md_block_write'.
+ * cipher/keccak_permute_32.h: New.
+ * cipher/keccak_permute_64.h: New.
+
+ hwf-x86: add detection for Intel CPUs with fast SHLD instruction.
+ + commit 909644ef5883927262366c356eed530e55aba478
+ * cipher/sha1.c (sha1_init): Use HWF_INTEL_FAST_SHLD instead of
+ HWF_INTEL_CPU.
+ * cipher/sha256.c (sha256_init, sha224_init): Ditto.
+ * cipher/sha512.c (sha512_init, sha384_init): Ditto.
+ * src/g10lib.h (HWF_INTEL_FAST_SHLD): New.
+ (HWF_INTEL_BMI2, HWF_INTEL_SSSE3, HWF_INTEL_PCLMUL, HWF_INTEL_AESNI)
+ (HWF_INTEL_RDRAND, HWF_INTEL_AVX, HWF_INTEL_AVX2)
+ (HWF_ARM_NEON): Update.
+ * src/hwf-x86.c (detect_x86_gnuc): Add detection of Intel Core
+ CPUs with fast SHLD/SHRD instruction.
+ * src/hwfeatures.c (hwflist): Add "intel-fast-shld".
+
+ Fix OCB amd64 assembly implementations for x32.
+ + commit 16fd540f4d01eb6dc23d9509ae549353617c7a67
+ * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
+ (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
+ (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
+ (_gcry_camellia_aesni_avx2_ocb_auth, _gcry_camellia_ocb_crypt)
+ (_gcry_camellia_ocb_auth): Change 'Ls' from pointer array to u64 array.
+ * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
+ (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
+ (_gcry_serpent_avx2_ocb_enc, _gcry_serpent_avx2_ocb_dec)
+ (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Ditto.
+ * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
+ (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth)
+ (twofish_amd64_ocb_enc, twofish_amd64_ocb_dec, twofish_amd64_ocb_auth)
+ (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Ditto.
+
+ bench-slope: add KDF/PBKDF2 benchmark.
+ + commit ae40af427fd2a856b24ec2a41323ec8b80ffc9c0
+ * tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free)
+ (bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New.
+ (print_help): Add 'kdf'.
+ (main): Add KDF benchmarks.
+
+2015-10-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ md: keep contexts for HMAC in GcryDigestEntry.
+ + commit f7505b550dd591e33d3a3fab9277c43c460f1bad
+ * cipher/md.c (struct gcry_md_context): Add flags.hmac.
+ Remove macpads and mcpads_Bsize.
+ (md_open): Initialize flags.hmac. Remove macpads initialization.
+ (md_enable): Allocate contexts when flags.hmac is enabled.
+ (md_copy): Remove macpads copying. Add copying contexts.
+ (_gcry_md_reset): When flags.hmac is enabled, restore precomputed
+ context with input pad
+ (md_close): Remove macpads wiping.
+ (md_final): When flags.hmac is enabled, compute hmac by precomputed
+ context with output pad.
+ (prepare_macpads): Prepare precomputed contexts with input pad and
+ output pad for each registered digest entry.
+ (_gcry_md_setkey): Just call prepare_macpads.
+
+2015-10-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix double free on error.
+ + commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982
+ * src/hmac256.c (_gcry_hmac256_finalize): Don't free HD.
+
+2015-10-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix gpg_error_t and gpg_err_code_t confusion.
+ + commit 813565a07ca575c87e1252c6ed26018653ecd338
+ * src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change.
+ * cipher/dsa.c (dsa_check_secret_key): Ditto.
+ * src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t.
+
+ * src/gcrypt-int.h (_gcry_err_make_from_errno)
+ (_gcry_error_from_errno): Return gpg_error_t.
+ * cipher/cipher.c (_gcry_cipher_open_internal)
+ (_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error.
+ * src/global.c (_gcry_vcontrol): Likewise.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use
+ gpg_err_code_from_syserror.
+ * cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write)
+ (mac_read, mac_verify): Return gcry_err_code_t.
+ * cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR.
+ * src/visibility.c (gcry_error_from_errno): Return gpg_error_t.
+
+2015-10-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix compiling AES/AES-NI implementation on linux-i386.
+ + commit fa94b6111948a614ebdcb67f7942eced8b84c579
+ * cipher/rijndael-aesni.c (do_aesni_ctr_4): Split assembly block in
+ two parts to reduce number of register constraints needed.
+
+2015-10-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix declaration of return type.
+ + commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5
+ * src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t.
+ * cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param.
+ * src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t.
+ * src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch.
+
+2015-09-07 Werner Koch <wk@gnupg.org>
+
+ Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls.
+ + commit 3a3d5410cc83f7069c7cb1ab384905f382292d32
+ * src/secmem.c (lock_pool, secmem_init): Do not call any cap_
+ functions if NO_PRIV_DROP is set.
+
+2015-09-04 Werner Koch <wk@gnupg.org>
+
+ w32: Avoid a few compiler warnings.
+ + commit e97c62a4a687b56d00a2d0a63e072a977f8eb81c
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
+ (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable
+ as unused.
+ * random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch
+ warning.
+ * src/secmem.c (init_pool): Avoid unused variable warning.
+ * tests/random.c (writen, readn): Include on if needed.
+
+ w32: Fix alignment problem with AESNI on Windows >= 8.
+ + commit e2785a2268702312529521df3bd2f4e6b43cea3a
+ * cipher/cipher-selftest.c (_gcry_cipher_selftest_alloc_ctx): New.
+ * cipher/rijndael.c (selftest_basic_128, selftest_basic_192)
+ (selftest_basic_256): Allocate context on the heap.
+
+2015-08-31 Werner Koch <wk@gnupg.org>
+
+ rsa: Add verify after sign to avoid Lenstra's CRT attack.
+ + commit c17f84bd02d7ee93845e92e20f6ddba814961588
+ * cipher/rsa.c (rsa_sign): Check the CRT.
+
+ Add pubkey algo id for EdDSA.
+ + commit dd87639abd38afc91a6f27af33f0ba17402ad02d
+ * src/gcrypt.h.in (GCRY_PK_EDDSA): New.
+
+2015-08-25 Werner Koch <wk@gnupg.org>
+
+ Add configure option --enable-build-timestamp.
+ + commit a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e
+ * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
+
+2015-08-23 Werner Koch <wk@gnupg.org>
+
+ tests: Add missing files for the make distcheck target.
+ + commit fb3cb47b0a29d3e73150297aa4495c20915e4a75
+ * tests/Makefile.am (EXTRA_DIST): Add sha3-x test vector files.
+
+2015-08-19 Werner Koch <wk@gnupg.org>
+
+ Change SHA-3 algorithm ids.
+ + commit 65639ecaaeba642e40487446c40d045482001285
+ * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
+ (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): Change values.
+
+2015-08-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Keccak: Fix array indexes in θ step.
+ + commit 48822ae0b436bcea0fe92dbf0d88475ba3179320
+ * cipher/keccak.c (keccak_f1600_state_permute): Fix indexes for D[5].
+
+ Simplify OCB offset calculation for parallel implementations.
+ + commit 24ebf53f1e8a8afa27dcd768339bda70a740bb03
+ * cipher/camellia-glue.c (_gcry_camellia_ocb_crypt)
+ (_gcry_camellia_ocb_auth): Precalculate Ls array always, instead of
+ just if 'blkn % <parallel blocks> == 0'.
+ * cipher/serpent.c (_gcry_serpent_ocb_crypt)
+ (_gcry_serpent_ocb_auth): Ditto.
+ * cipher/rijndael-aesni.c (get_l): Remove low-bit checks.
+ (aes_ocb_enc, aes_ocb_dec, _gcry_aes_aesni_ocb_auth): Handle leading
+ blocks until block counter is multiple of 4, so that parallel block
+ processing loop can use 'c->u_mode.ocb.L' array directly.
+ * tests/basic.c (check_ocb_cipher_largebuf): Rename to...
+ (check_ocb_cipher_largebuf_split): ...this and add option to process
+ large buffer as two split buffers.
+ (check_ocb_cipher_largebuf): New.
+
+ Add carryless 8-bit addition fast-path for AES-NI CTR mode.
+ + commit e11895da1f4af9782d89e92ba2e6b1a63235b54b
+ * cipher/rijndael-aesni.c (do_aesni_ctr_4): Do addition using
+ CTR in big-endian form, if least-significant byte does not overflow.
+
+2015-08-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add additional SHA3 test-vectors.
+ + commit 80321eb3a63a20f86734d6eebb3f419c0ec895aa
+ * tests/basic.c (check_digests): Allow datalen to be specified so that
+ input data can have byte with value 0x00; Include sha3-*.h header files
+ to test-vector structure.
+ * tests/sha3-224.h: New.
+ * tests/sha3-256.h: New.
+ * tests/sha3-384.h: New.
+ * tests/sha3-512.h: New.
+
+ Add generic SHA3 implementation.
+ + commit 434ba17d1d5ad59c70d721ad3ecb376c2403a7e5
+ * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE): Increase blocksize
+ USE_SHA3 enabled.
+ * cipher/keccak.c (SHA3_DELIMITED_SUFFIX, SHAKE_DELIMITED_SUFFIX): New.
+ (KECCAK_STATE): Add proper state.
+ (KECCAK_CONTEXT): Add 'outlen'.
+ (rol64, keccak_f1600_state_permute, transform_blk, transform): New.
+ (keccak_init): Add proper initialization.
+ (keccak_final): Add proper finalization.
+ (selftests_keccak): Add selftests.
+ (oid_spec_sha3_224, oid_spec_sha3_256, oid_spec_sha3_384)
+ (oid_spec_sha3_512): Add OID.
+ (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
+ (_gcry_digest_spec_sha3_384, _gcry_digest_spec_sha3_512): Fix output
+ length.
+ * cipher/mac-hmac.c (map_mac_algo_to_md): Fix mapping for SHA3-512.
+ (hmac_get_keylen): Return proper blocksizes for SHA3 algorithms.
+ [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224)
+ (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384)
+ (_gcry_mac_type_spec_hmac_sha3_512): New.
+ * cipher/mac-internal [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224)
+ (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384)
+ (_gcry_mac_type_spec_hmac_sha3_512): New.
+ * cipher/mac.c (mac_list) [USE_SHA3]: Add SHA3 algorithms.
+ * cipher/md.c (md_open): Use proper SHA-3 blocksizes for HMAC macpads.
+ * tests/basic.c (check_digests): Add SHA3 test vectors.
+
+ Optimize OCB offset calculation.
+ + commit 49f52c67fb42c0656c8f9af655087f444562ca82
+ * cipher/cipher-internal.h (ocb_get_l): New.
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
+ (ocb_crypt): Use 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'.
+ * cipher/camellia-glue.c (get_l): Remove.
+ (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Precalculate
+ offset array when block count matches parallel operation size; Use
+ 'ocb_get_l' instead of 'get_l'.
+ * cipher/rijndael-aesni.c (get_l): Add fast path for 75% most common
+ offsets.
+ (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Precalculate
+ offset array when block count matches parallel operation size.
+ * cipher/rijndael-ssse3-amd64.c (get_l): Add fast path for 75% most
+ common offsets.
+ * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Use
+ 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'.
+ * cipher/serpent.c (get_l): Remove.
+ (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Precalculate
+ offset array when block count matches parallel operation size; Use
+ 'ocb_get_l' instead of 'get_l'.
+ * cipher/twofish.c (get_l): Remove.
+ (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Use 'ocb_get_l'
+ instead of 'get_l'.
+
+2015-08-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: fix Montgomery curve bugs.
+ + commit ce746936b6c210e602d106cfbf45cf60b408d871
+ * cipher/ecc.c (check_secret_key): Y1 should not be NULL when check.
+ (ecc_check_secret_key): Support Montgomery curve.
+ * mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition.
+
+2015-08-08 Werner Koch <wk@gnupg.org>
+
+ Add framework to eventually support SHA3.
+ + commit 0e17f7a05bba309a87811992aa47a77af9935b99
+ * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
+ (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New.
+ (GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256)
+ (GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New.
+ * cipher/keccak.c: New with stub functions.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c.
+ * configure.ac (available_digests): Add sha3.
+ (USE_SHA3): New.
+ * src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests.
+ * cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos.
+ (md_open): Ditto for hmac processing.
+ * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping.
+ * cipher/hmac-tests.c (run_selftests): Prepare for tests.
+ * cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx".
+
+2015-08-06 Werner Koch <wk@gnupg.org>
+
+ tools: Fix memory leak for functions "I" and "G".
+ + commit 10789e3cdda7b944acb4b59624c34a2ccfaea6e5
+ * src/mpicalc.c (do_inv, do_gcd): Init A after stack check.
+
+2015-08-06 Ismo Puustinen <ismo.puustinen@intel.com>
+
+ ecc: Free memory also when in error branch.
+ + commit 1d896371fbc94c605fce35eabcde01e24dd22892
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Init DISGEST and goto
+ leave on error.
+
+2015-08-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ Add Curve25519 support.
+ + commit e93f4c21c59756604440ad8cbf27e67d29c99ffd
+ * cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519.
+ * tests/curves.c (N_CURVES): It's 22 now.
+ * src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New.
+ * cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New.
+ * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New.
+ * cipher/ecc.c (nist_generate_key): Handle the case of
+ PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
+ (test_ecdh_only_keys, check_secret_key): Likewise.
+ (ecc_generate): Support Curve25519 which is Montgomery curve with flag
+ PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP.
+ (ecc_encrypt_raw): Get flags from KEYPARMS and handle
+ PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
+ (ecc_decrypt_raw): Likewise.
+ (compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist):
+ PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK.
+ Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
+
+2015-07-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Reduce code size for Twofish key-setup and remove key dependend branch.
+ + commit b4b1d872ba651bc44761b35d245b1a519a33f515
+ * cipher/twofish.c (poly_to_exp): Increase size by one, change type
+ from byte to u16 and insert '492' to index 0.
+ (exp_to_poly): Increase size by 256, let new cells have zero value.
+ (CALC_S): Execute unconditionally with help of modified tables.
+ (do_twofish_setkey): Change type for 'tmp' to 'unsigned int'; Un-unroll
+ CALC_K256 and CALC_K phases to reduce generated object size.
+
+ Reduce amount of duplicated code in OCB bulk implementations.
+ + commit e950052bc6f5ff11a7c23091ff3f6b5cc431e875
+ * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
+ (ocb_crypt): Change bulk function to return number of unprocessed
+ blocks.
+ * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth)
+ (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth)
+ (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth)
+ (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
+ to 'size_t'.
+ * cipher/camellia-glue.c (get_l): Only if USE_AESNI_AVX or
+ USE_AESNI_AVX2 defined.
+ (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Change return type
+ to 'size_t' and return remaining blocks; Remove unaccelerated common
+ code path. Enable remaining common code only if USE_AESNI_AVX or
+ USE_AESNI_AVX2 defined; Remove unaccelerated common code.
+ * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Change
+ return type to 'size_t' and return zero.
+ * cipher/serpent.c (get_l): Only if USE_SSE2, USE_AVX2 or USE_NEON
+ defined.
+ (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Change return type
+ to 'size_t' and return remaining blocks; Remove unaccelerated common
+ code path. Enable remaining common code only if USE_SSE2, USE_AVX2 or
+ USE_NEON defined; Remove unaccelerated common code.
+ * cipher/twofish.c (get_l): Only if USE_AMD64_ASM defined.
+ (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
+ to 'size_t' and return remaining blocks; Remove unaccelerated common
+ code path. Enable remaining common code only if USE_AMD64_ASM defined;
+ Remove unaccelerated common code.
+
+ Add bulk OCB for Serpent SSE2, AVX2 and NEON implementations.
+ + commit adbdca0d58f9c06dc3850b95e3455e179c1e6960
+ * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+ functions for Serpent.
+ * cipher/serpent-armv7-neon.S: Add OCB assembly functions.
+ * cipher/serpent-avx2-amd64.S: Add OCB assembly functions.
+ * cipher/serpent-sse2-amd64.S: Add OCB assembly functions.
+ * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
+ (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
+ (_gcry_serpent_neon_ocb_enc, _gcry_serpent_neon_ocb_dec)
+ (_gcry_serpent_neon_ocb_auth, _gcry_serpent_avx2_ocb_enc)
+ (_gcry_serpent_avx2_ocb_dec, _gcry_serpent_avx2_ocb_auth): New
+ prototypes.
+ (get_l, _gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): New.
+ * src/cipher.h (_gcry_serpent_ocb_crypt)
+ (_gcry_serpent_ocb_auth): New.
+ * tests/basic.c (check_ocb_cipher): Add test-vector for serpent.
+
+ Add bulk OCB for Twofish AMD64 implementation.
+ + commit 7f6804c37c4b41d85fb26aa723b1c41e4a3cf278
+ * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+ functions for Twofish.
+ * cipher/twofish-amd64.S: Add OCB assembly functions.
+ * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
+ (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth): New
+ prototypes.
+ (call_sysv_fn5, call_sysv_fn6, twofish_amd64_ocb_enc)
+ (twofish_amd64_ocb_dec, twofish_amd64_ocb_auth, get_l)
+ (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): New.
+ * src/cipher.h (_gcry_twofish_ocb_crypt)
+ (_gcry_twofish_ocb_auth): New.
+ * tests/basic.c (check_ocb_cipher): Add test-vector for Twofish.
+
+ Add bulk OCB for Camellia AES-NI/AVX and AES-NI/AVX2 implementations.
+ + commit bb088c6b1620504fdc79e89af27c2bf3fb02b4b4
+ * cipher/camellia-aesni-avx-amd64.S: Add OCB assembly functions.
+ * cipher/camellia-aesni-avx2-amd64.S: Add OCB assembly functions.
+ * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
+ (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
+ (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
+ (_gcry_camellia_aesni_avx2_ocb_auth): New prototypes.
+ (get_l, _gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): New.
+ * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+ functions for Camellia.
+ * src/cipher.h (_gcry_camellia_ocb_crypt)
+ (_gcry_camellia_ocb_auth): New.
+ * tests/basic.c (check_ocb_cipher): Add test-vector for Camellia.
+
+2015-07-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add OCB bulk mode for AES SSSE3 implementation.
+ + commit 620e1e0300c79943a1846a49563b04386dc60546
+ * cipher/rijndael-ssse3-amd64.c (SSSE3_STATE_SIZE): New.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): Use
+ 'ssse3_state' for storing current SSSE3 state.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+ (vpaes_ssse3_cleanup): Restore SSSE3 state from 'ssse3_state'.
+ (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+ (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc)
+ (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
+ (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec)
+ (_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_cbc_dec): Add 'ssse3_state'
+ array.
+ (get_l, ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_crypt)
+ (_gcry_aes_ssse3_ocb_auth): New.
+ * cipher/rijndael.c (_gcry_aes_ssse3_ocb_crypt)
+ (_gcry_aes_ssse3_ocb_auth): New.
+ (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_SSSE3]: Use SSSE3
+ implementation for OCB.
+
+2015-07-26 Peter Wu <peter@lekensteyn.nl>
+
+ Fix undefined behavior wrt memcpy.
+ + commit 46c072669eb81ed610cc5b3c0dc0c75a143afbb4
+ * cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let
+ the function continue to add padding as needed though.
+ * cipher/mac-poly1305.c: If the caller requested to finish the hash
+ function without a copy of the result, return immediately.
+
+2015-07-23 Peter Wu <peter@lekensteyn.nl>
+
+ build: ignore scissor line for the commit-msg hook.
+ + commit ada0a7d302cca97b327faaacac7a5d0b8043df88
+ * build-aux/git-hooks/commit-msg: Stop processing more lines when the
+ scissor line is encountered.
+
+2015-07-16 Peter Wu <peter@lekensteyn.nl>
+
+ rsa: Fix error in comments.
+ + commit 9cd55e8e948f0049cb23495f536decf797d072f7
+ * cipher/rsa.c: Fix.
+
+2015-07-14 Peter Wu <peter@lekensteyn.nl>
+
+ sexp: Fix invalid deallocation in error path.
+ + commit 0f9532b186c1e0b54d7e7a6d76bce82b6226122b
+ * src/sexp.c: Fix wrong condition.
+
+2015-07-10 Peter Wu <peter@lekensteyn.nl>
+
+ ecc: fix memory leak.
+ + commit 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c
+ * cipher/ecc.c (ecc_verify): Release memory which was allocated before
+ by _gcry_pk_util_preparse_sigval.
+ (ecc_decrypt_raw): Likewise.
+
+2015-07-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: fix memory leaks.
+ + commit 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06
+ cipher/ecc.c (ecc_generate): Fix memory leak on error of
+ _gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint.
+ (ecc_check_secret_key): Fix memory leak on error of
+ _gcry_ecc_update_curve_param.
+ (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove
+ unnecessary sexp_release and fix memory leak on error of
+ _gcry_ecc_fill_in_curve.
+ (ecc_decrypt_raw): Fix double free of the point kG and memory leak
+ on error of _gcry_ecc_os2ec.
+
+2015-06-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Support FreeBSD 10 or later.
+ + commit a36ee7501f68ad7ebcfe31f9659430b9d2c3ddd1
+ * mpi/config.links: Include FreeBSD 10 to 29.
+
+2015-05-21 Werner Koch <wk@gnupg.org>
+
+ ecc: Add key generation flag "no-keytest".
+ + commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07
+ * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
+ "no-keytest". Return an error for invalid flags of length 10.
+
+ * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
+ set random level depending on flags.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
+ * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
+ remove var random_level.
+ (nist_generate_key): Implement "no-keytest" flag.
+
+ * tests/keygen.c (check_ecc_keys): Add tests for transient-key and
+ no-keytest.
+
+ ecc: Avoid double conversion to affine coordinates in keygen.
+ + commit 102d68b3bd77813a3ff989526855bb1e283bf9d7
+ * cipher/ecc.c (nist_generate_key): Add args r_x and r_y.
+ (ecc_generate): Rename vars. Convert to affine coordinates only if
+ not returned by the lower level generation function.
+
+ random: Change initial extra seeding from 2400 bits to 128 bits.
+ + commit 8124e357b732a719696bfd5271def4e528f2a1e1
+ * random/random-csprng.c (read_pool): Reduce initial seeding.
+
+2015-05-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Enable AMD64 Twofish implementation on WIN64.
+ + commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501
+ * cipher/twofish-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/twofish.c (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+ (twofish_amd64_encrypt_block, twofish_amd64_decrypt_block)
+ (twofish_amd64_ctr_enc, twofish_amd64_cbc_dec)
+ (twofish_amd64_cfb_dec): New wrapper functions for AMD64
+ assembly functions.
+
+ Enable AMD64 Serpent implementations on WIN64.
+ + commit eb0ed576893b6c7990dbcb568510f831d246cea6
+ * cipher/serpent-avx2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/serpent-sse2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/chacha20.c (USE_SSE2, USE_AVX2): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_SSE2 || USE_AVX2] (ASM_FUNC_ABI): New.
+ (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec)
+ (_gcry_serpent_sse2_cfb_dec, _gcry_serpent_avx2_ctr_enc)
+ (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Add
+ ASM_FUNC_ABI.
+
+ Enable AMD64 Salsa20 implementation on WIN64.
+ + commit 12bc93ca8187b8061c2e705427ef22f5a71d29b0
+ * cipher/salsa20-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/salsa20.c (USE_AMD64): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_AMD64] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+ (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup)
+ (_gcry_salsa20_amd64_encrypt_blocks): Add ASM_FUNC_ABI.
+ [USE_AMD64] (salsa20_core): Add ASM_EXTRA_STACK.
+ (salsa20_do_encrypt_stream) [USE_AMD64]: Add ASM_EXTRA_STACK.
+
+ Enable AMD64 Poly1305 implementations on WIN64.
+ + commit 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f
+ * cipher/poly1305-avx2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/poly1305-sse2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/poly1305-internal.h (POLY1305_SYSV_FUNC_ABI): New.
+ (POLY1305_USE_SSE2, POLY1305_USE_AVX2): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (OPS_FUNC_ABI): New.
+ (poly1305_ops_t): Use OPS_FUNC_ABI.
+ * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext)
+ (_gcry_poly1305_amd64_sse2_finish_ext)
+ (_gcry_poly1305_amd64_sse2_blocks, _gcry_poly1305_amd64_avx2_init_ext)
+ (_gcry_poly1305_amd64_avx2_finish_ext)
+ (_gcry_poly1305_amd64_avx2_blocks, _gcry_poly1305_armv7_neon_init_ext)
+ (_gcry_poly1305_armv7_neon_finish_ext)
+ (_gcry_poly1305_armv7_neon_blocks, poly1305_init_ext_ref32)
+ (poly1305_blocks_ref32, poly1305_finish_ext_ref32)
+ (poly1305_init_ext_ref8, poly1305_blocks_ref8)
+ (poly1305_finish_ext_ref8): Use OPS_FUNC_ABI.
+
+ Enable AMD64 3DES implementation on WIN64.
+ + commit b65e9e71d5ee992db5c96793c6af999545daad28
+ * cipher/des-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/des.c (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+ (tripledes_ecb_crypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call
+ assembly function through 'call_sysv_fn'.
+ (tripledes_amd64_ctr_enc, tripledes_amd64_cbc_dec)
+ (tripledes_amd64_cfb_dec): New wrapper functions for bulk
+ assembly functions.
+
+ Enable AMD64 ChaCha20 implementations on WIN64.
+ + commit 9597cfddf03c467825da152be5ca0d12a8c30d88
+ * cipher/chacha20-avx2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/chacha20-sse2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/chacha20-ssse3-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/chacha20.c (USE_SSE2, USE_SSSE3, USE_AVX2): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+ (chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks)
+ (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks)
+ (_gcry_chacha20_armv7_neon_blocks, chacha20_blocks): Add ASM_FUNC_ABI.
+ (chacha20_core): Add ASM_EXTRA_STACK.
+
+ Enable AMD64 CAST5 implementation on WIN64.
+ + commit 6a6646df80386204675d8b149ab60e74d7ca124c
+ * cipher/cast5-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (RIP): Remove.
+ (GET_EXTERN_POINTER): Use 'leaq' version on WIN64.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/cast5.c (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+ (do_encrypt_block, do_decrypt_block)
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly
+ function through 'call_sysv_fn'.
+ (cast5_amd64_ctr_enc, cast5_amd64_cbc_dec)
+ (cast5_amd64_cfb_dec): New wrapper functions for bulk
+ assembly functions.
+
+ Enable AMD64 Camellia implementations on WIN64.
+ + commit 9a4fb3709864bf3e3918800d44ff576590cd4e92
+ * cipher/camellia-aesni-avx-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/camellia-aesni-avx2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/camellia-glue.c (USE_AESNI_AVX, USE_AESNI_AVX2): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_AESNI_AVX || USE_AESNI_AVX2] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+ (_gcry_camellia_aesni_avx_ctr_enc, _gcry_camellia_aesni_avx_cbc_dec)
+ (_gcry_camellia_aesni_avx_cfb_dec, _gcry_camellia_aesni_avx_keygen)
+ (_gcry_camellia_aesni_avx2_ctr_enc, _gcry_camellia_aesni_avx2_cbc_dec)
+ (_gcry_camellia_aesni_avx2_cfb_dec): Add ASM_FUNC_ABI.
+
+ Enable AMD64 Blowfish implementation on WIN64.
+ + commit e05682093ffb003b589a697428d918d755ac631d
+ * cipher/blowfish-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/blowfish.c (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+ (do_encrypt, do_encrypt_block, do_decrypt_block)
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly
+ function through 'call_sysv_fn'.
+ (blowfish_amd64_ctr_enc, blowfish_amd64_cbc_dec)
+ (blowfish_amd64_cfb_dec): New wrapper functions for bulk
+ assembly functions.
+ ..
+
+ Enable AMD64 arcfour implementation on WIN64.
+ + commit c46b015bedba7ce0db68929bd33a86a54ab3d919
+ * cipher/arcfour-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/arcfour.c (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use
+ assembly block to call AMD64 assembly function.
+
+ Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539.
+ + commit ee8fc4edcb3466b03246c8720b90731bf274ff1d
+ * cipher/cipher-poly1305.c: Add RFC-7539 to header.
+ * doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of
+ RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD.
+
+ hwf-x86: use edi for passing value to ebx for i386 cpuid.
+ + commit bac42c68b069f17abcca810a21439c7233815747
+ * src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead
+ of '=r'.
+
+ hwf-x86: add EDX as output register for xgetbv asm block.
+ + commit e15beb584a5ebdfc363e1ff15f87102508652d71
+ * src/hwf-x86.c (get_xgetbv): Add EDX as output.
+
+2015-05-04 Werner Koch <wk@gnupg.org>
+
+ build: Update build-aux files.
+ + commit 5a7d55eed3316f40ca61acbee032bfc285e28803
+
+
+ Fix possible regression on old 32 bit mingw compilers.
+ + commit 090ca7435156b5f52064357dd59059570d466f46
+ * acinclude.m4: Add new pattern for mingw32.
+
+ build: Add new file.
+ + commit 4af52b2e72ce004b7d8f99e09c4324e3c2a84379
+ * mpi/amd64/distfiles: Add func_abi.h.
+
+2015-05-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix WIN64 assembly glue for AES.
+ + commit 24a769a7c7601dbb85332e550f6fbd121b56df5f
+ * cipher/rinjdael.c (do_encrypt, do_decrypt)
+ [!HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Change input operands to
+ input+output to mark volatile nature of the used registers.
+
+ Add '1 million a characters' test vectors.
+ + commit 2f4fefdbc62857b6e2da26ce111ee140a068c471
+ * tests/basic.c (check_digests): Add "!" test vectors for MD5, SHA-384,
+ SHA-512, RIPEMD160 and CRC32.
+
+2015-05-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ More optimized CRC implementations.
+ + commit 06e122baa3321483a47bbf82fd2a4540becfa0c9
+ * cipher/crc.c (crc32_table, crc24_table): Replace with new table
+ contents.
+ (update_crc32, CRC24_INIT, CRC24_POLY): Remove.
+ (crc32_next, crc32_next4, crc24_init, crc24_next, crc24_next4)
+ (crc24_final): New.
+ (crc24rfc2440_init): Use crc24_init.
+ (crc32_write): Rewrite to use crc32_next & crc32_next4.
+ (crc24_write): Rewrite to use crc24_next & crc24_next4.
+ (crc32_final, crc32rfc1510_final): Use buf_put_be32.
+ (crc24rfc2440_final): Use crc24_final & buf_put_le32.
+ * tests/basic.c (check_digests): Add CRC "123456789" tests.
+
+ Enable AMD64 AES implementation for WIN64.
+ + commit 66129b3334a5aa54ff8a97981507e4704f759571
+ * cipher/rijndael-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/rijndael-internal.h (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (do_encrypt, do_decrypt)
+ [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Use
+ assembly block to call AMD64 assembly encrypt/decrypt function.
+
+ Enable AMD64 Whirlpool implementation for WIN64.
+ + commit 8422d5d699265b960bd1ca837044ee052fc5b614
+ * cipher/whirlpool-sse2-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/whirlpool.c (USE_AMD64_ASM): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_AMD64_ASM] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+ [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64): Add ASM_FUNC_ABI to
+ prototype.
+ [USE_AMD64_ASM] (whirlpool_transform): Add ASM_EXTRA_STACK to stack
+ burn value.
+
+ Enable AMD64 SHA512 implementations for WIN64.
+ + commit 1089a13073c26a9a456e43ec38d937e6ee7f4077
+ * cipher/sha512-avx-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/sha512-avx-bmi2-amd64.S: Ditto.
+ * cipher/sha512-ssse3-amd64.S: Ditto.
+ * cipher/sha512.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI)
+ (ASM_EXTRA_STACK): New.
+ (_gcry_sha512_transform_amd64_ssse3, _gcry_sha512_transform_amd64_avx)
+ (_gcry_sha512_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to
+ prototypes.
+ (transform): Add ASM_EXTRA_STACK to stack burn value.
+
+ Enable AMD64 SHA256 implementations for WIN64.
+ + commit 022959099644f64df5f2a83ade21159864f64837
+ * cipher/sha256-avx-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/sha256-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha256-ssse3-amd64.S: Ditto.
+ * cipher/sha256.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI)
+ (ASM_EXTRA_STACK): New.
+ (_gcry_sha256_transform_amd64_ssse3, _gcry_sha256_transform_amd64_avx)
+ (_gcry_sha256_transform_amd64_avx2): Add ASM_FUNC_ABI to prototypes.
+ (transform): Add ASM_EXTRA_STACK to stack burn value.
+
+ Enable AMD64 SHA1 implementations for WIN64.
+ + commit e433676a899fa0d274d40547166b03c7c8bd8e78
+ * cipher/sha1-avx-amd64.S: Enable when
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ (ELF): New macro to mask lines with ELF specific commands.
+ * cipher/sha1-avx-bmi2-amd64.S: Ditto.
+ * cipher/sha1-ssse3-amd64.S: Ditto.
+ * cipher/sha1.c (USE_SSSE3, USE_AVX, USE_BMI2): Enable
+ when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+ [USE_SSSE3 || USE_AVX || USE_BMI2] (ASM_FUNC_ABI)
+ (ASM_EXTRA_STACK): New.
+ (_gcry_sha1_transform_amd64_ssse3, _gcry_sha1_transform_amd64_avx)
+ (_gcry_sha1_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to
+ prototypes.
+ (transform): Add ASM_EXTRA_STACK to stack burn value.
+
+2015-05-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Enable AES/AES-NI, AES/SSSE3 and GCM/PCLMUL implementations on WIN64.
+ + commit 4e09aaa36d151c3312019724a77fc09aa345b82f
+ * cipher/cipher-gcm-intel-pclmul.c (_gcry_ghash_intel_pclmul)
+ ( _gcry_ghash_intel_pclmul) [__WIN64__]: Store non-volatile vector
+ registers before use and restore after.
+ * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Remove dependency
+ on !defined(__WIN64__).
+ * cipher/rijndael-aesni.c [__WIN64__] (aesni_prepare_2_6_variable,
+ aesni_prepare, aesni_prepare_2_6, aesni_cleanup)
+ ( aesni_cleanup_2_6): New.
+ [!__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare_2_6): New.
+ (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_cbc_enc)
+ (_gcry_aesni_ctr_enc, _gcry_aesni_cfb_dec, _gcry_aesni_cbc_dec)
+ (_gcry_aesni_ocb_crypt, _gcry_aesni_ocb_auth): Use
+ 'aesni_prepare_2_6'.
+ * cipher/rijndael-internal.h (USE_SSSE3): Enable if
+ HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS or
+ HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS.
+ (USE_AESNI): Remove dependency on !defined(__WIN64__)
+ * cipher/rijndael-ssse3-amd64.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+ (vpaes_ssse3_prepare, vpaes_ssse3_cleanup): New.
+ [!HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): New.
+ (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec): Use
+ 'vpaes_ssse3_prepare'.
+ (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption): Use
+ 'vpaes_ssse3_prepare' and 'vpaes_ssse3_cleanup'.
+ [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (X): Add masking macro to
+ exclude '.type' and '.size' markers from assembly code, as they are
+ not support on WIN64/COFF objects.
+ * configure.ac (gcry_cv_gcc_attribute_ms_abi)
+ (gcry_cv_gcc_attribute_sysv_abi, gcry_cv_gcc_default_abi_is_ms_abi)
+ (gcry_cv_gcc_default_abi_is_sysv_abi)
+ (gcry_cv_gcc_win64_platform_as_ok): New checks.
+
+ Add W64 support for mpi amd64 assembly.
+ + commit 460355f23e770637d29e3af7b998a957a2b5bc88
+ acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Set
+ 'ac_cv_sys_symbol_underscore=no' on MingW-W64.
+ mpi/amd64/func_abi.h: New.
+ mpi/amd64/mpih-add1.S (_gcry_mpih_add_n): Add FUNC_ENTRY and FUNC_EXIT.
+ mpi/amd64/mpih-lshift.S (_gcry_mpih_lshift): Ditto.
+ mpi/amd64/mpih-mul1.S (_gcry_mpih_mul_1): Ditto.
+ mpi/amd64/mpih-mul2.S (_gcry_mpih_addmul_1): Ditto.
+ mpi/amd64/mpih-mul3.S (_gcry_mpih_submul_1): Ditto.
+ mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Ditto.
+ mpi/amd64/mpih-sub1.S (_gcry_mpih_sub_n): Ditto.
+ mpi/config.links [host=x86_64-*mingw*]: Enable assembly modules.
+ [host=x86_64-*-*]: Append mpi/amd64/func_abi.h to mpi/asm-syntax.h.
+
+ DES: Silence compiler warnings on Windows.
+ + commit 6c21cf5fed1ad430fa41445eac2350802bc8aaed
+ * cipher/des.c (working_memcmp): Make pointer arguments 'const void *'.
+
+ Cast pointers to integers using uintptr_t instead of long.
+ + commit 9cf224322007d90193d4910f0da6e0e29ce01d70
+
+
+ Fix rndhw for 64-bit Windows build.
+ + commit d5a7e00b6b222566a5650639ef29684b047c1909
+ * configure.ac: Add sizeof check for 'void *'.
+ * random/rndhw.c (poll_padlock): Check for SIZEOF_VOID_P == 8
+ instead of defined(__LP64__).
+ (RDRAND_LONG): Check for SIZEOF_UNSIGNED_LONG == 8 instead of
+ defined(__LP64__).
+
+ Prepare random/win32.c fast poll for 64-bit Windows.
+ + commit 0cdd24456b33defc7f8176fa82ab694fbc284385
+ * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to
+ ADDINT.
+ (_gcry_rndw32_gather_random_fast): Add ADDPTR.
+ (_gcry_rndw32_gather_random_fast): Disable entropy gathering from
+ GetQueueStatus(QS_ALLEVENTS).
+ (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and
+ maximumWorkingSetSize to SIZE_T from DWORD.
+ (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of
+ minimumWorkingSetSize and maximumWorkingSetSize to random poll.
+ (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly
+ using intrinsic.
+
+ Disable GCM and AES-NI assembly implementations for WIN64.
+ + commit f701954555340a503f6e52cc18d58b0c515427b7
+ * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Do not enable when
+ __WIN64__ defined.
+ * cipher/rijndael-internal.h (USE_AESNI): Ditto.
+
+ Disable building mpi assembly routines on WIN64.
+ + commit e78560a4b717f7154f910a8ce4128de152f586da
+ * mpi/config.links: Disable assembly for host 'x86_64-*mingw32*'.
+
+ Fix packed attribute check for Windows targets.
+ + commit e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe
+ * configure.ac (gcry_cv_gcc_attribute_packed): Move 'long b' to its
+ own packed structure.
+
+ Fix tail handling in buf_xor_1.
+ + commit c2dba93e639639bdac139b3a3a456d10ddc61f79
+ * cipher/bufhelp.h (buf_xor_1): Increment source pointer at tail
+ handling.
+
+ Add --disable-hwf for basic tests.
+ + commit 839a3bbe2bb045139223b32753d656cc6c3d4669
+ * tests/basic.c (main): Add handling for '--disable-hwf'.
+
+ Use more odd chuck sizes for check_one_md.
+ + commit 9f086ffa43f2507b9d17522a0a2e394cb273baf8
+ * tests/basic.c (check_one_md): Make chuck size vary oddly, instead
+ of using fixed length of 1000 bytes.
+
+ Enable more modes in basic ciphers test.
+ + commit e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435
+ * src/gcrypt.h.in (GCRY_OCB_BLOCK_LEN): New.
+ * tests/basic.c (check_one_cipher_core_reset): New.
+ (check_one_cipher_core): Use check_one_cipher_core_reset inplace of
+ gcry_cipher_reset.
+ (check_ciphers): Add CCM and OCB modes for block cipher tests.
+
+ Fix reseting cipher in OCB mode.
+ + commit 88842cbc68beb4f73c87fdbcb74182cba818f789
+ * cipher/cipher.c (cipher_reset): Setup default taglen for OCB after
+ clearing state.
+
+2015-04-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix buggy RC4 AMD64 assembly and add test to notice similar issues.
+ + commit 124dfce7c5a2d9405fa2b2832e91ac1267943830
+ * cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of
+ 'x' and 'y'.
+ * tests/basic.c (get_algo_mode_blklen): New.
+ (check_one_cipher_core): Add new tests for split buffer input on
+ encryption and decryption.
+
+2015-04-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Disallow compiler from generating SSE instructions in mixed C+asm source
+ + commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e
+ * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target
+ pragma to disable compiler use of SSE.
+ * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto.
+ * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto.
+
+2015-04-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add OCB bulk crypt/auth functions for AES/AES-NI.
+ + commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt
+ and bulk.ocb_auth.
+ (_gcry_cipher_ocb_get_l): New prototype.
+ * cipher/cipher-ocb.c (get_l): Rename to ...
+ (_gcry_cipher_ocb_get_l): ... this.
+ (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when
+ available.
+ * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+ functions for AES.
+ * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec)
+ (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New.
+ * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt)
+ (_gcry_aes_aesni_ocb_auth): New prototypes.
+ (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New.
+ * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New
+ prototypes.
+ * tests/basic.c (check_ocb_cipher_largebuf): New.
+ (check_ocb_cipher): Add large buffer encryption/decryption test.
+
+2015-04-15 Werner Koch <wk@gnupg.org>
+
+ tests: Add option to time the S2K function.
+ + commit fe38d3815b4cd203cd529949e244aca80d32897f
+ * tests/t-kdf.c: Include stopwatch.h.
+ (dummy_consumer): new.
+ (bench_s2k): New.
+ (main): Add option parser and option --s2k.
+
+ tests: Improve stopwatch.h.
+ + commit 3b03a3b493233a472da531d8d9582d1be6d376b0
+ * tests/stopwatch.h (elapsed_time): Add arg divisor.
+
+2015-04-13 Werner Koch <wk@gnupg.org>
+
+ mpi: Fix gcry_mpi_copy for NULL opaque data.
+ + commit 9fca46864e1b5a9c788072113589454adb89fa97
+ * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed.
+
+2015-03-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ wipememory: use one-byte aligned type for unaligned memory accesses.
+ + commit a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2
+ * src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned
+ access only when HAVE_GCC_ATTRIBUTE_PACKED and
+ HAVE_GCC_ATTRIBUTE_ALIGNED defined.
+ (fast_wipememory_t): New.
+ (fast_wipememory2): Use 'fast_wipememory_t'.
+
+ bufhelp: use one-byte aligned type for unaligned memory accesses.
+ + commit 92fa5f16d69707e302c0f85b2e5e80af8dc037f1
+ * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when
+ HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined.
+ (bufhelp_int_t): New type.
+ (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use
+ 'bufhelp_int_t'.
+ [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_u32_t, bufhelp_u64_t): New.
+ [BUFHELP_FAST_UNALIGNED_ACCESS] (buf_get_be32, buf_get_le32)
+ (buf_put_be32, buf_put_le32, buf_get_be64, buf_get_le64)
+ (buf_put_be64, buf_put_le64): Use 'bufhelp_uXX_t'.
+ * configure.ac (gcry_cv_gcc_attribute_packed): New.
+
+ tests/bench-slope: fix memory-leak and use-after-free bugs.
+ + commit aa234561d00c3fb15fe501df4bf58f3db7c7c06b
+ * tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end.
+ (bench_mac_init): Move 'key' free at end of function.
+
+2015-03-19 Werner Koch <wk@gnupg.org>
+
+ Fix two pedantic warnings.
+ + commit f5832285b0e420d77be1b8da10a1e1d86583b414
+ * src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
+ comma.
+
+2015-03-16 Werner Koch <wk@gnupg.org>
+
+ Use well defined type instead of size_t in secmem.c.
+ + commit db8ae3616987fa288173446398a107e31e2e28aa
+ * src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t.
+
+ Make uintptr_t global available.
+ + commit f0f60c1a04d664936bcf52e8f46705bdc63e7ad9
+ * cipher/bufhelp.h: Move include for uintptr_t to ...
+ * src/types.h: here. Check that config.h has been included.
+
+ mpi: Remove useless condition.
+ + commit 0a9cdb8ae092d050ca12a7a4f2f50e25b82154ec
+ * mpi/mpi-pow.c: Remove condition rp==mp.
+
+ cipher: Remove useless NULL check.
+ + commit fbb97dcf763e28e81e01092ad4c934b3eaf88cc8
+ * cipher/hash-common.c (_gcry_md_block_write): Remove NUL check for
+ hd->buf.
+
+2015-02-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix in-place encryption for OCB mode.
+ + commit 5e66a4f8d5a63f58caeee367433dd8dd32346083
+ * cipher/cipher-ocb.c (ocb_checksum): New.
+ (ocb_crypt): Move checksum calculation outside main crypt loop, do
+ checksum calculation for encryption before inbuf is overwritten.
+ * tests/basic.c (check_ocb_cipher): Rename to ...
+ (do_check_ocb_cipher): ... to this and add argument for testing
+ in-place encryption/decryption.
+ (check_ocb_cipher): New.
+
+2015-02-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: fix t-sexp.c.
+ + commit 505decf5369970219ddc9e78a20f97c623957b78
+ * tests/t-sexp.c (bug_1594): Free N and PUBKEY.
+
+ mpi: Avoid data-dependent timing variations in mpi_powm.
+ + commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
+ * mpi/mpi-pow.c (mpi_powm): Access all data in the table by
+ mpi_set_cond.
+
+ mpi: Revise mpi_powm.
+ + commit 1fa8cdb933505960d4e4b4842b122d4e06953e88
+ * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP.
+
+2015-02-23 Werner Koch <wk@gnupg.org>
+
+ cipher: Use ciphertext blinding for Elgamal decryption.
+ + commit 410d70bad9a650e3837055e36f157894ae49a57d
+ * cipher/elgamal.c (USE_BLINDING): New.
+ (decrypt): Rewrite to use ciphertext blinding.
+
+2015-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Add mpi_set_cond.
+ + commit 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288
+ * mpi/mpiutil.c (_gcry_mpi_set_cond): New.
+ (_gcry_mpi_swap_cond): Fix types.
+ * src/mpi.h (mpi_set_cond): New.
+
+2015-01-30 Werner Koch <wk@gnupg.org>
+
+ w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
+ + commit 40a7bdf50e19faaf106470897fed72af623adc50
+ * src/Makefile.am (extra_ltoptions): New.
+ (libgcrypt_la_LDFLAGS): Use it.
+
+2015-01-28 Werner Koch <wk@gnupg.org>
+
+ Fix building of GOST s-boxes when cross-compiling.
+ + commit 2564d204e408b296425ac0660c6bdc6270575fb6
+ * cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD.
+ (noinst_PROGRAMS): Remove.
+ (EXTRA_DIST): New.
+ (CLEANFILES): New.
+
+2015-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: fix wrong ifdef for SSSE3 setkey.
+ + commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47
+ * cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI
+ around SSSE3 setkey selection.
+
+2015-01-16 Werner Koch <wk@gnupg.org>
+
+ Add OCB cipher mode.
+ + commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c
+ * cipher/cipher-ocb.c: New.
+ * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
+ * cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
+ (gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
+ * cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
+ (_gcry_cipher_open_internal): Setup default taglen of OCB.
+ (cipher_reset): Clear OCB specific data.
+ (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
+ (_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
+ (_gcry_cipher_setiv): Add OCB specific nonce setting.
+ (_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
+
+ * src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
+ (gcry_cipher_final): New.
+
+ * cipher/bufhelp.h (buf_xor_1): New.
+
+ * tests/basic.c (hex2buffer): New.
+ (check_ocb_cipher): New.
+ (main): Call it here. Add option --cipher-modes.
+ * tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
+ gcry_cipher_final.
+ (bench_aead_decrypt_do_bench): Ditto.
+ (bench_aead_authenticate_do_bench): Ditto. Check error code.
+ (bench_ocb_encrypt_do_bench): New.
+ (bench_ocb_decrypt_do_bench): New.
+ (bench_ocb_authenticate_do_bench): New.
+ (ocb_encrypt_ops): New.
+ (ocb_decrypt_ops): New.
+ (ocb_authenticate_ops): New.
+ (cipher_modes): Add them.
+ (cipher_bench_one): Skip wrong block length for OCB.
+ * tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
+ OCB support.
+
+2015-01-15 Werner Koch <wk@gnupg.org>
+
+ Add functions to count trailing zero bits in a word.
+ + commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda
+ * cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New.
+ * configure.ac (HAVE_BUILTIN_CTZ): Add new test.
+
+2015-01-08 Werner Koch <wk@gnupg.org>
+
+ cipher: Prepare for OCB mode.
+ + commit 9d328962660da72f094dc5424d5ef67abbaffdf6
+ * src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New.
+
+2015-01-06 Werner Koch <wk@gnupg.org>
+
+ Make make distcheck work again.
+ + commit 4f7dcdc25af269b12275126edeef30b262fb891d
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers.
+ * cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h.
+
+2015-01-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ stribog: Reduce table size to the needed one.
+ + commit e4de52378a85cf383994ded8edf0d5cf98dcb10c
+ * cipher/stribog.c (C16): Avoid allocating superfluous space.
+
+ gostr3411-94: Fix the iteration count for length filling loop.
+ + commit 05dc5bcd234909ae9c9366b653346076b9a834ed
+ * cipher/gostr3411-94.c (gost3411_final): Fix loop
+
+2015-01-05 Werner Koch <wk@gnupg.org>
+
+ random: Silent warning under NetBSD using rndunix.
+ + commit 817472358a093438e802380caecf7139406400cf
+ * random/rndunix.c (STDERR_FILENO): Define if needed.
+ (start_gatherer): Re-open standard descriptors. Fix an
+ unsigned/signed pointer warning.
+
+ primegen: Fix memory leak for invalid call sequences.
+ + commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83
+ * cipher/primegen.c (prime_generate_internal): Refactor generator code
+ to not leak memory for non-implemented feature.
+ (_gcry_prime_group_generator): Refactor to not leak memory for invalid
+ args. Also make sure that R_G is set as soon as possible.
+
+ doc: Update yat2m to current upstream version (GnuPG).
+ + commit dd5df198727ea5d8f6b04288e14fd732051453c8
+
+
+ build: Require automake 1.14.
+ + commit f65276970a6dcd6d9bca94cecc49b68acdcc9492
+ * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
+
+ Replace camel case of internal scrypt functions.
+ + commit 1a6d65ac0aab335541726d02f2046d883a768ec3
+ * cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change
+ callers.
+ (_scryptBlockMix): Rename to scrypt_block_mix. Change callers.
+ (_scryptROMix): Rename to scrypt_ro_mix. Change callers.
+
+2015-01-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rmd160: restore native-endian store in _gcry_rmd160_mixblock.
+ + commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de
+ * cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in
+ native-endianess.
+
+2014-12-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Intel SSSE3 based vector permutation AES implementation.
+ + commit 8eabecc883332156adffc1df42d27f614c157e06
+ * cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'.
+ * cipher/rijndael-internal.h (USE_SSSE3): New.
+ (RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'.
+ * cipher/rijndael-ssse3-amd64.c: New.
+ * cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey)
+ (_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt)
+ (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc)
+ (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
+ (_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New.
+ (do_setkey): Add HWF check for SSSE3 and setup for SSSE3
+ implementation.
+ (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add
+ selection for SSSE3 implementation.
+ * configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'.
+
+2014-12-25 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ random-csprng: fix compiler warnings on ARM.
+ + commit c2e1f8fea271f3ef8027809547c4a52e0b1e24a2
+ * random/random-csprng.c (_gcry_rngcsprng_update_seed_file)
+ (read_pool): Cast keypool and rndpool to 'unsigned long *' through
+ 'void *'.
+
+ scrypt: fix compiler warnings on ARM.
+ + commit 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94
+ * cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'.
+
+ secmem: fix compiler warnings on ARM.
+ + commit 99faf9cb34f872144313403f29f3379798debfc9
+ * src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer
+ from 'char *' to 'memblock_t *' through 'void *'.
+ (MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'.
+
+ hash: fix compiler warning on ARM.
+ + commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5
+ * cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through
+ 'void *'.
+ * cipher/md4.c (md4_final): Use buf_put_* helper instead of
+ converting 'char *' to 'u32 *'.
+ * cipher/md5.c (md5_final): Ditto.
+ * cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto.
+ * cipher/sha1.c (sha1_final): Ditto.
+ * cipher/sha256.c (sha256_final): Ditto.
+ * cipher/sha512.c (sha512_final): Ditto.
+ * cipher/tiger.c (tiger_final): Ditto.
+
+ rijndael: fix compiler warnings on ARM.
+ + commit cc26106dbebeb84d481661813edc3e5aea9a7d99
+ * cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of
+ keyschedule arrays to unions u1 and u2.
+ (keyschedenc32, keyscheddec32): New.
+ * cipher/rijndael.c (u32_a_t): Remove.
+ (do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove
+ casting byte arrays to u32_a_t.
+ (prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32
+ and keyscheddec32; Remove casting byte arrays to u32_a_t.
+
+2014-12-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03
+ + commit 520070e02e2e6ee7228945015573a6e1f4895ec3
+ * cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
+ counters for AAD and data in Poly1305.
+ * cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
+ (poly1305_fill_bytecounts, poly1305_do_padding): New.
+ (poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
+ length.
+ (_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
+ (_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
+ (_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
+ (_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
+ AAD and data byte counts; only allow 96-bit IV.
+ * cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
+ ChaCha20 cipher.
+ * tests/basic.c (_check_poly1305_cipher): Update test-vectors.
+ (check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
+ * tests/bench-slope.c (cipher_bench_one): Ditto.
+
+ chacha20: allow setting counter for stream random access.
+ + commit 11b8d2d449a7bc664b4371ae14c57caa6704d272
+ * cipher/chacha20.c (CHACHA20_CTR_SIZE): New.
+ (chacha20_ivsetup): Add setup for full counter.
+ (chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE.
+
+ gcm: do not pass extra key pointer for setupM/fillM.
+ + commit c964321c8a1328e89d636d899a45d68802f5ac9f
+ * cipher/cipher-gcm-intel-pclmul.c
+ (_gcry_ghash_setup_intel_pclmul): Remove 'h' parameter.
+ * cipher/cipher-gcm.c (_gcry_ghash_setup_intel_pclmul): Ditto.
+ (fillM): Get 'h' pointer from 'c'.
+ (setupM): Remome 'h' parameter.
+ (_gcry_cipher_gcm_setkey): Only pass 'c' to setupM.
+
+ rijndael: use more compact look-up tables and add table prefetching.
+ + commit 2374753938df64f6fd8015b44613806a326eff1a
+ * cipher/rijndael-internal.h (rijndael_prefetchfn_t): New.
+ (RIJNDAEL_context): Add 'prefetch_enc_fn' and 'prefetch_dec_fn'.
+ * cipher/rijndael-tables.h (S, T1, T2, T3, T4, T5, T6, T7, T8, S5, U1)
+ (U2, U3, U4): Remove.
+ (encT, dec_tables, decT, inv_sbox): Add.
+ * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block)
+ (_gcry_aes_amd64_decrypt_block, _gcry_aes_arm_encrypt_block)
+ (_gcry_aes_arm_encrypt_block): Add parameter for passing table pointer
+ to assembly implementation.
+ (prefetch_table, prefetch_enc, prefetch_dec): New.
+ (do_setkey): Setup context prefetch functions depending on selected
+ rijndael implementation; Use new tables for key setup.
+ (prepare_decryption): Use new tables for decryption key setup.
+ (do_encrypt_aligned): Rename to...
+ (do_encrypt_fn): ... to this, change to use new compact tables,
+ make handle unaligned input and unroll rounds loop by two.
+ (do_encrypt): Remove handling of unaligned input/output; pass table
+ pointer to assembly implementations.
+ (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec): Prefetch encryption tables
+ before encryption.
+ (do_decrypt_aligned): Rename to...
+ (do_decrypt_fn): ... to this, change to use new compact tables,
+ make handle unaligned input and unroll rounds loop by two.
+ (do_decrypt): Remove handling of unaligned input/output; pass table
+ pointer to assembly implementations.
+ (rijndael_decrypt, _gcry_aes_cbc_dec): Prefetch decryption tables
+ before decryption.
+ * cipher/rijndael-amd64.S: Use 1+1.25 KiB tables for
+ encryption+decryption; remove tables from assembly file.
+ * cipher/rijndael-arm.S: Ditto.
+
+2014-12-15 Werner Koch <wk@gnupg.org>
+
+ build: Add configure option --disable-doc.
+ + commit ad50e360ef4851e66e51a03fc420175636336b58
+ * Makefile.am (AUTOMAKE_OPTIONS): Remove.
+ (doc) [!BUILD_DOC]: Do not recurse into the dir.
+ * configure.ac (AM_INIT_AUTOMAKE): Add option formerly in Makefile.am.
+ (BUILD_DOC): Add new am_conditional.
+
+2014-12-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: further optimizations for AES-NI accelerated CBC and CFB bulk modes
+ + commit 4f46374502eb988d701b904f83819e2cf7b1755c
+ * cipher/rijndael-aesni.c (do_aesni_enc, do_aesni_dec): Pass
+ input/output through SSE register XMM0.
+ (do_aesni_cfb): Remove.
+ (_gcry_aes_aesni_encrypt, _gcry_aes_aesni_decrypt): Add loading/storing
+ input/output to/from XMM0.
+ (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc)
+ (_gcry_aes_aesni_cfb_dec): Update to use renewed 'do_aesni_enc' and
+ move IV loading/storing outside loop.
+ (_gcry_aes_aesni_cbc_dec): Update to use renewed 'do_aesni_dec'.
+
+ GCM: move Intel PCLMUL accelerated implementation to separate file.
+ + commit 4a0795af021305f9240f23626a3796157db46bd7
+ * cipher/Makefile.am: Add 'cipher-gcm-intel-pclmul.c'.
+ * cipher/cipher-gcm-intel-pclmul.c: New.
+ * cipher/cipher-gcm.c [GCM_USE_INTEL_PCLMUL]
+ (_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): New
+ prototypes.
+ [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul, gfmul_pclmul_aggr4): Move
+ to 'cipher-gcm-intel-pclmul.c'.
+ (ghash): Rename to...
+ (ghash_internal): ...this and move GCM_USE_INTEL_PCLMUL part to new
+ function in 'cipher-gcm-intel-pclmul.c'.
+ (setupM): Move GCM_USE_INTEL_PCLMUL part to new function in
+ 'cipher-gcm-intel-pclmul.c'; Add selection of ghash function based
+ on available HW acceleration.
+ (do_ghash_buf): Change use of 'ghash' to 'c->u_mode.gcm.ghash_fn'.
+ * cipher/internal.h (ghash_fn_t): New.
+ (gcry_cipher_handle): Remove 'use_intel_pclmul'; Add 'ghash_fn'.
+
+2014-12-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: split Padlock part to separate file.
+ + commit cbf4c8cb6bbda15eea61885279f2a6f1d4bcedfd
+ * cipher/Makefile.am: Add 'rijndael-padlock.c'.
+ * cipher/rijndael-padlock.c: New.
+ * cipher/rijndael.c (do_padlock, do_padlock_encrypt)
+ (do_padlock_decrypt): Move to 'rijndael-padlock.c'.
+ * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-padlock.lo'.
+
+2014-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: refactor to reduce number of #ifdefs and branches.
+ + commit 3d5b51786e2050c461e9791b59142a731462b66d
+ * cipher/rijndael-aesni.c (_gcry_aes_aesni_encrypt)
+ (_gcry_aes_aesni_decrypt): Make return stack burn depth.
+ * cipher/rijndael-amd64.S (_gcry_aes_amd64_encrypt_block)
+ (_gcry_aes_amd64_decrypt_block): Ditto.
+ * cipher/rijndael-arm.S (_gcry_aes_arm_encrypt_block)
+ (_gcry_aes_arm_decrypt_block): Ditto.
+ * cipher/rijndael-internal.h (RIJNDAEL_context_s)
+ (rijndael_cryptfn_t): New.
+ (RIJNDAEL_context): New members 'encrypt_fn' and 'decrypt_fn'.
+ * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block)
+ (_gcry_aes_amd64_decrypt_block, _gcry_aes_aesni_encrypt)
+ (_gcry_aes_aesni_decrypt, _gcry_aes_arm_encrypt_block)
+ (_gcry_aes_arm_decrypt_block): Change prototypes.
+ (do_padlock_encrypt, do_padlock_decrypt): New.
+ (do_setkey): Separate key-length to rounds conversion from
+ HW features check; Add selection for ctx->encrypt_fn and
+ ctx->decrypt_fn.
+ (do_encrypt_aligned, do_decrypt_aligned): Move inside
+ '[!USE_AMD64_ASM && !USE_ARM_ASM]'; Move USE_AMD64_ASM and
+ USE_ARM_ASM to...
+ (do_encrypt, do_decrypt): ...here; Return stack depth; Remove second
+ temporary buffer from non-aligned input/output case.
+ (do_padlock): Move decrypt_flag to last argument; Return stack depth.
+ (rijndael_encrypt): Remove #ifdefs, just call ctx->encrypt_fn.
+ (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc): Remove USE_PADLOCK; Call
+ ctx->encrypt_fn in place of do_encrypt/do_encrypt_aligned.
+ (_gcry_aes_ctr_enc): Call ctx->encrypt_fn in place of
+ do_encrypt_aligned; Make tmp buffer 16-byte aligned and wipe buffer
+ after use.
+ (rijndael_encrypt): Remove #ifdefs, just call ctx->decrypt_fn.
+ (_gcry_aes_cfb_dec): Remove USE_PADLOCK; Call ctx->decrypt_fn in place
+ of do_decrypt/do_decrypt_aligned.
+ (_gcry_aes_cbc_dec): Ditto; Make savebuf buffer 16-byte aligned.
+
+ rijndael: move AES-NI blocks before Padlock.
+ + commit dbf9e95dd3891f6e6ad370e8ab78fec03595687b
+ * cipher/rijndael.c (do_setkey, rijndael_encrypt, _gcry_aes_cfb_enc)
+ (rijndael_decrypt, _gcry_aes_cfb_dec): Move USE_AESNI before
+ USE_PADLOCK.
+ (check_decryption_praparation) [USE_PADLOCK]: Move to...
+ (prepare_decryption) [USE_PADLOCK]: ...here.
+
+ rijndael: split AES-NI functions to separate file.
+ + commit 67d529630e838daeb8cb9c6d7ef660c01ef34fee
+ * cipher/Makefile.in: Add 'rijndael-aesni.c'.
+ * cipher/rijndael-aesni.c: New.
+ * cipher/rijndael-internal.h: New.
+ * cipher/rijndael.c (MAXKC, MAXROUNDS, BLOCKSIZE, ATTR_ALIGNED_16)
+ (USE_AMD64_ASM, USE_ARM_ASM, USE_PADLOCK, USE_AESNI, RIJNDAEL_context)
+ (keyschenc, keyschdec, padlockkey): Move to 'rijndael-internal.h'.
+ (u128_s, aesni_prepare, aesni_cleanup, aesni_cleanup_2_6)
+ (aesni_do_setkey, do_aesni_enc, do_aesni_dec, do_aesni_enc_vec4)
+ (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Move
+ to 'rijndael-aesni.c'.
+ (prepare_decryption, rijndael_encrypt, _gcry_aes_cfb_enc)
+ (_gcry_aes_cbc_enc, _gcry_aes_ctr_enc, rijndael_decrypt)
+ (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec) [USE_AESNI]: Move to functions
+ in 'rijdael-aesni.c'.
+ * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-aesni.lo'.
+
+2014-11-24 Werner Koch <wk@gnupg.org>
+
+ Remove duplicated prototypes.
+ + commit d53ea84bed37b973f7ce59262c50b33700cd8311
+ * src/gcrypt-int.h (_gcry_mpi_ec_new, _gcry_mpi_ec_set_mpi)
+ (gcry_mpi_ec_set_point): Remove.
+
+ tests: Add a prime mode to benchmark.
+ + commit 1b4210c204a5ef5e631187509e011b8468a134ef
+ * tests/benchmark.c (progress_cb): Add a single char mode.
+ (prime_bench): New.
+ (main): Add a "prime" mode. Factor with_progress out to file scope.
+
+2014-11-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Improve Montgomery curve implementation.
+ + commit e6130034506013d6153465a2bedb6fb08a43f74d
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support
+ MPI_EC_MONTGOMERY.
+ * cipher/ecc.c (test_ecdh_only_keys): New.
+ (nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY.
+ (check_secret_key): Handle Montgomery curve of x-coordinate only.
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop.
+ Simplify, using pointers of Q1, Q2, PRD, and SUM.
+
+2014-11-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Disable NEON for CPUs that are known to have broken NEON implementation.
+ + commit 95eef21583d8e998efc48f22898c1ae31b77cb48
+ * src/hwf-arm.c (detect_arm_proc_cpuinfo): Add parsing for CPU version
+ information and check if CPU is known to have broken NEON
+ implementation.
+ (_gcry_hwf_detect_arm): Filter out broken HW features.
+
+ Add ARM/NEON implementation of Poly1305.
+ + commit 0b520128551054d83fb0bb2db8873394f38de498
+ * cipher/Makefile.am: Add 'poly1305-armv7-neon.S'.
+ * cipher/poly1305-armv7-neon.S: New.
+ * cipher/poly1305-internal.h (POLY1305_USE_NEON)
+ (POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE)
+ (POLY1305_NEON_ALIGNMENT): New.
+ * cipher/poly1305.c [POLY1305_USE_NEON]
+ (_gcry_poly1305_armv7_neon_init_ext)
+ (_gcry_poly1305_armv7_neon_finish_ext)
+ (_gcry_poly1305_armv7_neon_blocks, poly1305_armv7_neon_ops): New.
+ (_gcry_poly1305_init) [POLY1305_USE_NEON]: Select NEON implementation
+ if HWF_ARM_NEON set.
+ * configure.ac [neonsupport=yes]: Add 'poly1305-armv7-neon.lo'.
+
+ chacha20: add ARMv7/NEON implementation.
+ + commit c584f44543883346d5a565581ff99a0afce9c5e1
+ * cipher/Makefile.am: Add 'chacha20-armv7-neon.S'.
+ * cipher/chacha20-armv7-neon.S: New.
+ * cipher/chacha20.c (USE_NEON): New.
+ [USE_NEON] (_gcry_chacha20_armv7_neon_blocks): New.
+ (chacha20_do_setkey) [USE_NEON]: Use Neon implementation if
+ HWF_ARM_NEON flag set.
+ (selftest): Self-test encrypting buffer byte by byte.
+ * configure.ac [neonsupport=yes]: Add 'chacha20-armv7-neon.lo'.
+
+2014-10-08 Markus Teich <markus.teich@stusta.mhn.de>
+
+ mpi: Add gcry_mpi_ec_sub.
+ + commit 23ecadf309f8056c35cc092e58df801ac0eab862
+ * NEWS (gcry_mpi_ec_sub): New.
+ * doc/gcrypt.texi (gcry_mpi_ec_sub): New.
+ * mpi/ec.c (_gcry_mpi_ec_sub, sub_points_edwards): New.
+ (sub_points_montgomery, sub_points_weierstrass): New stubs.
+ * src/gcrypt-int.h (_gcry_mpi_ec_sub): New.
+ * src/gcrypt.h.in (gcry_mpi_ec_sub): New.
+ * src/libgcrypt.def (gcry_mpi_ec_sub): New.
+ * src/libgcrypt.vers (gcry_mpi_ec_sub): New.
+ * src/mpi.h (_gcry_mpi_ec_sub_points): New.
+ * src/visibility.c (gcry_mpi_ec_sub): New.
+ * src/visibility.h (gcry_mpi_ec_sub): New.
+
+2014-10-08 Werner Koch <wk@gnupg.org>
+
+ Fix prime test for 2 and lower and add check command to mpicalc.
+ + commit 5c906e2cdb14e93fb4915fdc69c7353a5fa35709
+ * cipher/primegen.c (check_prime): Return true for the small primes.
+ (_gcry_prime_check): Return correct values for 2 and lower numbers.
+
+ * src/mpicalc.c (do_primecheck): New.
+ (main): Add command 'P'.
+ (main): Allow for larger input data.
+
+2014-10-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Whirlpool AMD64/SSE2 assembly implementation.
+ + commit de0ccd4dce7ec185a678d78878d4538dd609ca0f
+ * cipher/Makefile.am: Add 'whirlpool-sse2-amd64.S'.
+ * cipher/whirlpool-sse2-amd64.S: New.
+ * cipher/whirlpool.c (USE_AMD64_ASM): New.
+ (whirlpool_tables_s): New.
+ (rc, C0, C1, C2, C3, C4, C5, C6, C7): Combine these tables into single
+ structure and replace old tables with macros of same name.
+ (tab): New structure containing above tables.
+ [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64)
+ (whirlpool_transform): New.
+ * configure.ac [host=x86_64]: Add 'whirlpool-sse2-amd64.lo'.
+
+2014-10-04 Andrei Scherer <andsch@inbox.com>
+
+ Improved ripemd160 performance.
+ + commit 30bd759f398f45b04d0a783b875f59ce9bd1e51d
+ * cipher/rmd160.c (transform): Interleave the left and right lane
+ rounds to introduce more instruction level parallelism.
+
+2014-10-02 Werner Koch <wk@gnupg.org>
+
+ build: Document SYSROOT.
+ + commit 0ecd136a6ca02252f63ad229fa5240897bfe6544
+ * configure.ac: Mark SYSROOT as arg var.
+
+ build: Support SYSROOT based config script finding.
+ + commit 1e8b86494cf8fa045696bd447b16267ffd1797f0
+ * src/libgcrypt.m4: Add support for SYSROOT and set
+ gpg_config_script_warn. Use AC_PATH_PROG instead of AC_PATH_TOOL
+ because the config script is not expected to be installed with a
+ prefix for its name
+ * configure.ac: Print a library mismatch warning.
+ * m4/gpg-error.m4: Update from git master.
+
+2014-09-30 Werner Koch <wk@gnupg.org>
+
+ mac: Fix gcry_mac_close to allow for a NULL handle.
+ + commit 51dae8c8c4b63bb5e1685cbd8722e35342524737
+ * cipher/mac.c (_gcry_mac_close): Check for NULL.
+
+2014-09-03 Werner Koch <wk@gnupg.org>
+
+ Add a constant for a forthcoming new RNG.
+ + commit 8b960a807d168000d2690897a7634bd384ac1346
+ * src/gcrypt.h.in (GCRYCTL_DRBG_REINIT): New constant.
+
+2014-09-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add new Poly1305 MAC test vectors.
+ + commit 8a2a328742012a7c528dd007437185e4584c1e48
+ * tests/basic.c (check_mac): Add new test vectors for Poly1305 MAC.
+
+2014-09-02 Werner Koch <wk@gnupg.org>
+
+ asm: Allow building x86 and amd64 using old compilers.
+ + commit 5eec04a43e6c562e956353449be931dd43dfe1cc
+ * src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled.
+
+2014-08-21 Werner Koch <wk@gnupg.org>
+
+ sexp: Check args of gcry_sexp_build.
+ + commit e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c
+ * src/sexp.c (do_vsexp_sscan): Return error for invalid args.
+
+ cipher: Fix a segv in case of calling with wrong parameters.
+ + commit f850add813d783f31ca6a60459dea25ef71bce7e
+ * cipher/md.c (_gcry_md_info): Fix arg testing.
+
+ cipher: Fix possible NULL deref in call to prime generator.
+ + commit 18056ace7f466cb8c1eaf08e5dc0400516d83b4c
+ * cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
+ error code.
+ * cipher/dsa.c (generate): Take care of new return code.
+ * cipher/elgamal.c (generate): Change to return an error code. Take
+ care of _gcry_generate_elg_prime return code.
+ (generate_using_x): Take care of _gcry_generate_elg_prime return code.
+ (elg_generate): Propagate return code from generate.
+
+2014-08-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Support Montgomery curve for gcry_mpi_ec_mul_point.
+ + commit 34bb55ee36df3aca3ebca88f8b61c786cd0c0701
+ * mpi/ec.c (_gcry_mpi_ec_get_affine): Support Montgomery curve.
+ (montgomery_ladder): New.
+ (_gcry_mpi_ec_mul_point): Implemention using montgomery_ladder.
+ (_gcry_mpi_ec_curve_point): Check x-coordinate is valid.
+
+2014-08-09 Werner Koch <wk@gnupg.org>
+
+ tests: Add a benchmark for Elgamal.
+ + commit e6d354865bf8f3d4c1bb5e8157a76fdd442cff41
+ * tests/benchmark.c (sample_public_elg_key_1024): New.
+ (sample_private_elg_key_1024): New.
+ (sample_public_elg_key_2048, sample_private_elg_key_2048): New.
+ (sample_public_elg_key_3072, sample_private_elg_key_3072): New.
+ (elg_bench): New.
+ (main): Add elg_bench. Add commands "elg" and "public".
+
+2014-08-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Add cofactor to domain parameters.
+ + commit 9933b9e5e1a3f5b1019c75f93bd265d4a1ecc270
+ * src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'.
+ * cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'.
+ (_gcry_ecc_update_curve_param): New API adding cofactor.
+
+ * cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'.
+ (ecc_domain_parms_t domain_parms): Add cofactors.
+ (_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param)
+ (_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp)
+ (_gcry_ecc_get_mpi): Handle cofactor.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
+ * cipher/ecc-misc.c (_gcry_ecc_curve_free)
+ (_gcry_ecc_curve_copy): Likewise.
+ * cipher/ecc.c (nist_generate_key, ecc_generate)
+ (ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw)
+ (ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc):
+ Likewise.
+ (compute_keygrip): Handle cofactor, but skip it for its computation.
+ * mpi/ec.c (ec_deinit): Likewise.
+ * tests/t-mpi-point.c (context_param): Likewise.
+ (test_curve): Add cofactors.
+ * tests/curves.c (sample_key_1, sample_key_2): Add cofactors.
+ * tests/keygrip.c (key_grips): Add cofactors.
+
+2014-08-05 Werner Koch <wk@gnupg.org>
+
+ mpi: Fix regression for powerpc-apple-darwin detection.
+ + commit 4ce77b0a810d3c889c07dfb385127d90fa1ae36a
+ * mpi/config.links: Add separate entry for powerpc-apple-darwin.
+
+ Fix bug inhibiting the use of the sentinel attribute.
+ + commit d2d28298ccc0d0f3c0b03fd323deb1e8808ef74f
+ * src/gcrypt.h.in: Fix typo in macro.
+
+ mpi: Use BSD syntax for x86_64-apple-darwin.
+ + commit 71939faa7c54e7b4b28d115e748a85f134876a02
+ * mpi/config.links: Add case for x86_64-apple-darwin.
+
+2014-08-05 Kristian Fiskerstrand <kf@sumptuouscapital.com>
+
+ Fix building for the x32 target without asm modules.
+ + commit a17c29844b63e9e869f7855d901bc9d859234ead
+ * mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI.
+
+2014-07-25 Werner Koch <wk@gnupg.org>
+
+ ecc: Support the non-standard 0x40 compression flag for EdDSA.
+ + commit 4556f9b19c024f16bdf542da7173395c0741b91d
+ * cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA.
+ * cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX.
+ (_gcry_ecc_eddsa_encodepoint): Ditto.
+ (_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix.
+ (_gcry_ecc_eddsa_decodepoint): Ditto.
+ * tests/keygrip.c: Check an compresssed with prefix Ed25519 key.
+ * tests/t-ed25519.inp: Ditto.
+
+ mpi: Extend the internal mpi_get_buffer.
+ + commit 0e10902ad7584277ac966367efc712b183784532
+ * mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC.
+ (_gcry_mpi_get_buffer_extra): New.
+
+ cipher: Fix compiler warning for chacha20.
+ + commit 4e0bf1b9190ce08fb23eb3ae0c3be58954ff36ab
+ * cipher/chacha20.c (chacha20_blocks) [!USE_SSE2]: Do not build.
+
+2014-07-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: Add mpi_swap_cond.
+ + commit 4846e52728970e3117f3a046ef9010be089a3ae4
+ * mpi/mpiutil.c (_gcry_mpi_swap_cond): New.
+ * src/mpi.h (mpi_swap_cond): New.
+
+2014-06-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Speed-up SHA-1 NEON assembly implementation.
+ + commit 1b9b00bbe41bbed32563f1102049521e703e72bd
+ * cipher/sha1-armv7-neon.S: Tweak implementation for speed-up.
+
+2014-06-28 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ gostr3411_94: rewrite to use u32 mathematic.
+ + commit 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7
+ * cipher/gost28147.c (_gcry_gost_enc_data): New.
+ * cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic
+ internally.
+ * cipher/gost28147.c (_gcry_gost_enc_one): Remove.
+
+ gost28147: use bufhelp helpers.
+ + commit 7aeba6c449169926076df83b01ddbfa6b41fe411
+ * cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block):
+ use buf_get_le32/buf_put_le32 helpers.
+
+ Fixup curve name in the GOST2012 test case.
+ + commit b78d504fa8745b8b04589acbbcf7dd5fe9279d13
+ * tests/basic.c (check_pubkey): fixup curve name in public key.
+
+ Update PBKDF2 tests with GOST R 34.11-94 test cases.
+ + commit 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7
+ * tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases.
+
+ Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet.
+ + commit 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9
+ * src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New.
+ * src/cipher.h (_gcry_digest_spec_gost3411_cp): New.
+ * cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between
+ CryptoPro and Test S-Boxes.
+ * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp,
+ gost3411_cp_init): New.
+ * cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32.
+
+ gost28147: support GCRYCTL_SET_SBOX.
+ + commit 5ee35a04362c94e680ef3633fa83b72e0aee8626
+ cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New.
+
+ Support setting s-box for the ciphers that require it.
+ + commit fb074d113fcbf66a5c20592625cb19051f3430f5
+ * src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New.
+ * cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to
+ set_extra_info callback.
+
+ cipher/gost28147: generate optimized s-boxes from compact ones.
+ + commit 164738a0292b3f32c7747099ad9cadace58e5eda
+ * cipher/gost-s-box.c: New. Outputs optimized expanded representation of
+ s-boxes (4x256) from compact 16x8 representation.
+ * cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo
+ * cipher/gost.h: Add sbox to the GOST28147_context structure.
+ * cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from
+ GOST R 34.11 (this was the only one S-box before).
+ * cipher/gost28147.c (gost_val): Use sbox from the context.
+
+ gost28147: add OIDs used to define cipher mode.
+ + commit 34a58010000288515636706811c3837f32957b2e
+ * cipher/gost28147 (oids_gost28147): Add OID from RFC4357.
+
+ GOST R 34.11-94 add OIDs.
+ + commit 8b221cf5ce233c8c49a4e4ecebb70d523fc37837
+ * cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357.
+
+2014-05-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ tests: add larger test-vectors for hash algorithms.
+ + commit f14fb5b427b5159fcd9603d2b3cde936889cf430
+ * tests/basic.c (check_digests): Add large test-vectors for MD5, SHA1,
+ SHA224, SHA256, SHA384, RMD160, CRC32, TIGER1, WHIRLPOOL and
+ GOSTR3411_94.
+
+ sha512: fix ARM/NEON implementation.
+ + commit beb901575f0d6cd6a0a27506ebea9a725754d0cc
+ * cipher/sha512-armv7-neon.S
+ (_gcry_sha512_transform_armv7_neon): Byte-swap RW67q and RW1011q
+ correctly in multi-block loop.
+ * tests/basic.c (check_digests): Add large test vector for SHA512.
+
+2014-05-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix ARM assembly when building __PIC__
+ + commit 994c758d8f5471c7e9c38c2834742cca2502d35f
+ * cipher/camellia-arm.S (GET_DATA_POINTER): New.
+ (_gcry_camellia_arm_encrypt_block): Use GET_DATA_POINTER.
+ (_gcry_camellia_arm_decrypt_block): Ditto.
+ * cipher/cast5-arm.S (GET_DATA_POINTER): New.
+ (_gcry_cast5_arm_encrypt_block, _gcry_cast5_arm_decrypt_block)
+ (_gcry_cast5_arm_enc_blk2, _gcry_cast5_arm_dec_blk2): Use
+ GET_DATA_POINTER.
+ * cipher/rijndael-arm.S (GET_DATA_POINTER): New.
+ (_gcry_aes_arm_encrypt_block, _gcry_aes_arm_decrypt_block): Use
+ GET_DATA_POINTER.
+ * cipher/sha1-armv7-neon.S (GET_DATA_POINTER): New.
+ (.LK_VEC): Move from .text to .data section.
+ (_gcry_sha1_transform_armv7_neon): Use GET_DATA_POINTER.
+
+2014-05-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add Poly1305 to documentation.
+ + commit bf4943932dae95a0573b63bf32a9b9acd5a6ddf3
+ * doc/gcrypt.texi: Add documentation for Poly1305 MACs and AEAD mode.
+
+2014-05-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ chacha20: add SSE2/AMD64 optimized implementation.
+ + commit 323b1eb80ff3396d83fedbe5bba9a4e6c412d192
+ * cipher/Makefile.am: Add 'chacha20-sse2-amd64.S'.
+ * cipher/chacha20-sse2-amd64.S: New.
+ * cipher/chacha20.c (USE_SSE2): New.
+ [USE_SSE2] (_gcry_chacha20_amd64_sse2_blocks): New.
+ (chacha20_do_setkey) [USE_SSE2]: Use SSE2 implementation for blocks
+ function.
+ * configure.ac [host=x86-64]: Add 'chacha20-sse2-amd64.lo'.
+
+ poly1305: add AMD64/AVX2 optimized implementation.
+ + commit 98f021961ee65669037bc8bb552a69fd78f610fc
+ * cipher/Makefile.am: Add 'poly1305-avx2-amd64.S'.
+ * cipher/poly1305-avx2-amd64.S: New.
+ * cipher/poly1305-internal.h (POLY1305_USE_AVX2)
+ (POLY1305_AVX2_BLOCKSIZE, POLY1305_AVX2_STATESIZE)
+ (POLY1305_AVX2_ALIGNMENT): New.
+ (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE)
+ (POLY1305_STATE_ALIGNMENT): Use AVX2 versions when needed.
+ * cipher/poly1305.c [POLY1305_USE_AVX2]
+ (_gcry_poly1305_amd64_avx2_init_ext)
+ (_gcry_poly1305_amd64_avx2_finish_ext)
+ (_gcry_poly1305_amd64_avx2_blocks, poly1305_amd64_avx2_ops): New.
+ (_gcry_poly1305_init) [POLY1305_USE_AVX2]: Use AVX2 implementation if
+ AVX2 supported by CPU.
+ * configure.ac [host=x86_64]: Add 'poly1305-avx2-amd64.lo'.
+
+2014-05-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ poly1305: add AMD64/SSE2 optimized implementation.
+ + commit 297532602ed2d881d8fdc393d1961068a143a891
+ * cipher/Makefile.am: Add 'poly1305-sse2-amd64.S'.
+ * cipher/poly1305-internal.h (POLY1305_USE_SSE2)
+ (POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE)
+ (POLY1305_SSE2_ALIGNMENT): New.
+ (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE)
+ (POLY1305_STATE_ALIGNMENT): Use SSE2 versions when needed.
+ * cipher/poly1305-sse2-amd64.S: New.
+ * cipher/poly1305.c [POLY1305_USE_SSE2]
+ (_gcry_poly1305_amd64_sse2_init_ext)
+ (_gcry_poly1305_amd64_sse2_finish_ext)
+ (_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops): New.
+ (_gcry_polu1305_init) [POLY1305_USE_SSE2]: Use SSE2 version.
+ * configure.ac [host=x86_64]: Add 'poly1305-sse2-amd64.lo'.
+
+ Add Poly1305 based cipher AEAD mode.
+ + commit e813958419b0ec4439e6caf07d3b2234cffa2bfa
+ * cipher/Makefile.am: Add 'cipher-poly1305.c'.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.poly1305'.
+ (_gcry_cipher_poly1305_encrypt, _gcry_cipher_poly1305_decrypt)
+ (_gcry_cipher_poly1305_setiv, _gcry_cipher_poly1305_authenticate)
+ (_gcry_cipher_poly1305_get_tag, _gcry_cipher_poly1305_check_tag): New.
+ * cipher/cipher-poly1305.c: New.
+ * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
+ (cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv)
+ (_gcry_cipher_authenticate, _gcry_cipher_gettag)
+ (_gcry_cipher_checktag): Handle 'GCRY_CIPHER_MODE_POLY1305'.
+ (cipher_setiv): Move handling of 'GCRY_CIPHER_MODE_GCM' to ...
+ (_gcry_cipher_setiv): ... here, as with other modes.
+ * src/gcrypt.h.in: Add 'GCRY_CIPHER_MODE_POLY1305'.
+ * tests/basic.c (_check_poly1305_cipher, check_poly1305_cipher): New.
+ (check_ciphers): Add Poly1305 check.
+ (check_cipher_modes): Call 'check_poly1305_cipher'.
+ * tests/bench-slope.c (bench_gcm_encrypt_do_bench): Rename to
+ bench_aead_... and take nonce as argument.
+ (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench): Ditto.
+ (bench_gcm_encrypt_do_bench, bench_gcm_decrypt_do_bench)
+ (bench_gcm_authenticate_do_bench, bench_poly1305_encrypt_do_bench)
+ (bench_poly1305_decrypt_do_bench)
+ (bench_poly1305_authenticate_do_bench, poly1305_encrypt_ops)
+ (poly1305_decrypt_ops, poly1305_authenticate_ops): New.
+ (cipher_modes): Add Poly1305.
+ (cipher_bench_one): Add special handling for Poly1305.
+
+ Add Poly1305-AES (-Camellia, etc) MACs.
+ + commit 73b3b75c2221a6e3bed4117e0a206a1193acd2ed
+ * cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes)
+ (_gcry_mac_type_spec_poly1305_camellia)
+ (_gcry_mac_type_spec_poly1305_twofish)
+ (_gcry_mac_type_spec_poly1305_serpent)
+ (_gcry_mac_type_spec_poly1305_seed): New.
+ * cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and
+ 'nonce_set'.
+ (poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling
+ for Poly1305-*** MACs.
+ (poly1305mac_prepare_key, poly1305mac_setiv): New.
+ (poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling
+ for 'nonce_set'.
+ (poly1305mac_ops): Add 'poly1305mac_setiv'.
+ (_gcry_mac_type_spec_poly1305_aes)
+ (_gcry_mac_type_spec_poly1305_camellia)
+ (_gcry_mac_type_spec_poly1305_twofish)
+ (_gcry_mac_type_spec_poly1305_serpent)
+ (_gcry_mac_type_spec_poly1305_seed): New.
+ * cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish,
+ Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia.
+ * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES',
+ 'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH',
+ 'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'.
+ * tests/basic.c (check_mac): Add Poly1305-AES test vectors.
+ * tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs.
+ * tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs.
+
+ Add Poly1305 MAC.
+ + commit b8794fed68ebe7567f4617141f0996ad290d9120
+ * cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and
+ 'poly1305-internal.h'.
+ * cipher/mac-internal.h (poly1305mac_context_s): New.
+ (gcry_mac_handle): Add 'u.poly1305mac'.
+ (_gcry_mac_type_spec_poly1305mac): New.
+ * cipher/mac-poly1305.c: New.
+ * cipher/mac.c (mac_list): Add Poly1305.
+ * cipher/poly1305-internal.h: New.
+ * cipher/poly1305.c: New.
+ * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'.
+ * tests/basic.c (check_mac): Add Poly1035 test vectors; Allow
+ overriding lengths of data and key buffers.
+ * tests/bench-slope.c (mac_bench): Increase max algo number from 500 to
+ 600.
+ * tests/benchmark.c (mac_bench): Ditto.
+
+ chacha20/AVX2: clear upper-halfs of YMM registers on entry.
+ + commit c20daeeb05329bfc6cc2c562cbd4b965291fe0e1
+ * cipher/chacha20-avx2-amd64.S (_gcry_chacha20_amd64_avx2_blocks): Add
+ 'vzeroupper' at beginning.
+
+ chacha20/AVX2: check for ENABLE_AVX2_SUPPORT instead of HAVE_GCC_INLINE_ASM_AVX2
+ + commit a3062db748f272e0f7346e1ed9e0bf7ed61a4eae
+ * cipher/chacha20.c (USE_AVX2): Enable depending on
+ ENABLE_AVX2_SUPPORT, not HAVE_GCC_INLINE_ASM_AVX2.
+ * cipher/chacha20-avx2-amd64.S: Ditto.
+
+ chacha20/SSSE3: clear XMM registers after use.
+ + commit a7d9eeeba632b7eb4a5b15ff17f6565181642f3c
+ * cipher/chacha20-ssse3-amd64.S (_gcry_chacha20_amd64_ssse3_blocks): On
+ return, clear XMM registers.
+
+2014-05-11 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ chacha20: add AVX2/AMD64 assembly implementation.
+ + commit a39ee7555691d18cae97560f130aaf952bfbd278
+ * cipher/Makefile.am: Add 'chacha20-avx2-amd64.S'.
+ * cipher/chacha20-avx2-amd64.S: New.
+ * cipher/chacha20.c (USE_AVX2): New macro.
+ [USE_AVX2] (_gcry_chacha20_amd64_avx2_blocks): New.
+ (chacha20_do_setkey): Select AVX2 implementation if there is HW
+ support.
+ (selftest): Increase size of buf by 256.
+ * configure.ac [host=x86-64]: Add 'chacha20-avx2-amd64.lo'.
+
+ chacha20: add SSSE3 assembly implementation.
+ + commit def7d4cad386271c6d4e2f10aabe0cb4abd871e4
+ * cipher/Makefile.am: Add 'chacha20-ssse3-amd64.S'.
+ * cipher/chacha20-ssse3-amd64.S: New.
+ * cipher/chacha20.c (USE_SSSE3): New macro.
+ [USE_SSSE3] (_gcry_chacha20_amd64_ssse3_blocks): New.
+ (chacha20_do_setkey): Select SSSE3 implementation if there is HW
+ support.
+ * configure.ac [host=x86-64]: Add 'chacha20-ssse3-amd64.lo'.
+
+ Add ChaCha20 stream cipher.
+ + commit 23f33d57c9b6f2295a8ddfc9a8eee5a2c30cf406
+ * cipher/Makefile.am: Add 'chacha20.c'.
+ * cipher/chacha20.c: New.
+ * cipher/cipher.c (cipher_list): Add ChaCha20.
+ * configure.ac: Add ChaCha20.
+ * doc/gcrypt.texi: Add ChaCha20.
+ * src/cipher.h (_gcry_cipher_spec_chacha20): New.
+ * src/gcrypt.h.in (GCRY_CIPHER_CHACHA20): Add new algo.
+ * tests/basic.c (MAX_DATA_LEN): Increase to 128 from 100.
+ (check_stream_cipher): Add ChaCha20 test-vectors.
+ (check_ciphers): Add ChaCha20.
+
+2014-05-09 Werner Koch <wk@gnupg.org>
+
+ mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit.
+ + commit 246b7aaae1ee459f440260bbc4ec2c01c5dc3362
+ * mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear
+ allocated but not used bits before resizing.
+ * tests/t-mpi-bits.c (set_bit_with_resize): New.
+
+2014-05-07 Werner Koch <wk@gnupg.org>
+
+ Bump LT version.
+ + commit fc6ff6f73a51bcbbbb3757dc1386da40aa3ae75d
+ * configure.ac: Bumb LT version to C21/A1/R0.
+
+2014-04-22 Werner Koch <wk@gnupg.org>
+
+ random: Small patch for consistency and really burn the stack.
+ + commit a79c4ad7c56ee4410f17beb73eeb58b0dd36bfc6
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): s/int/size_t/.
+ (_gcry_rndlinux_gather_random): Replace memset by wipememory.
+
+2014-04-16 Werner Koch <wk@gnupg.org>
+
+ pubkey: Re-map all depreccated RSA algo numbers.
+ + commit 773e23698218755e9172d2507031a8263c47cc0b
+ * cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S.
+
+2014-04-15 Werner Koch <wk@gnupg.org>
+
+ cipher: Fix possible NULL dereference.
+ + commit ae1fbce6dacf14747af0126e640bd4e54cb8c680
+ * cipher/md.c (_gcry_md_selftest): Check for spec being NULL.
+
+2014-03-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ 3des: add amd64 assembly implementation for 3DES.
+ + commit b76b632a453b8d100d024e2439b4358454dc286e
+ * cipher/Makefile.am: Add 'des-amd64.S'.
+ * cipher/cipher-selftests.c (_gcry_selftest_helper_cbc)
+ (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Handle failures
+ from 'setkey' function.
+ * cipher/cipher.c (_gcry_cipher_open_internal) [USE_DES]: Setup bulk
+ functions for 3DES.
+ * cipher/des-amd64.S: New file.
+ * cipher/des.c (USE_AMD64_ASM, ATTR_ALIGNED_16): New macros.
+ [USE_AMD64_ASM] (_gcry_3des_amd64_crypt_block)
+ (_gcry_3des_amd64_ctr_enc), _gcry_3des_amd64_cbc_dec)
+ (_gcry_3des_amd64_cfb_dec): New prototypes.
+ [USE_AMD64_ASM] (tripledes_ecb_crypt): New function.
+ (TRIPLEDES_ECB_BURN_STACK): New macro.
+ (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec)
+ (bulk_selftest_setkey, selftest_ctr, selftest_cbc, selftest_cfb): New
+ functions.
+ (selftest): Add call to CTR, CBC and CFB selftest functions.
+ (do_tripledes_encrypt, do_tripledes_decrypt): Use
+ TRIPLEDES_ECB_BURN_STACK.
+ * configure.ac [host=x86-64]: Add 'des-amd64.lo'.
+ * src/cipher.h (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec)
+ (_gcry_3des_cfb_dec): New prototypes.
+
+2014-03-13 Werner Koch <wk@gnupg.org>
+
+ tests: Print diagnostics for skipped tests.
+ + commit 50aeee51a0b1a09dd9fff2bb71749a816fe7a791
+ * tests/basic.c (show_note): New.
+ (show_md_not_available):
+ (show_old_hmac_not_available):
+ (show_mac_not_available):
+ (check_digests): Remove USE_foo cpp tests from the test table. Call
+ show_md_not_available if algo is not available.
+ (check_hmac): Likewise.
+ (check_mac): Likewise.
+
+2014-03-11 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Add MD2 message digest implementation.
+ + commit 5a8e1504bf8a2ffbc018be576dea77b685200444
+ * cipher/md2.c: New.
+ * cipher/md.c (digest_list): add _gcry_digest_spec_md2.
+ * tests/basic.c (check_digests): add MD2 test vectors.
+ * configure.ac (default_digests): disable md2 by default.
+
+2014-03-04 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Add an utility to calculate hashes over a set of files.
+ + commit 2b5403c408dfbd71be24c7635f5fa0b61ab4c9bb
+ * tests/gchash.c: New.
+
+ Add a simple (raw) PKCS#1 padding mode.
+ + commit ea8d597726305274214224757b32730644e12bd8
+ * src/cipher.h (PUBKEY_ENC_PKCS1_RAW): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Handle pkcs1-raw
+ flag.
+ * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi):
+ Handle s-exp like (data (flags pkcs1-raw) (value xxxxx))
+ * cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig):
+ PKCS#1-encode data with embedded hash OID for signature verification.
+ * tests/basic.c (check_pubkey_sign): Add tests for s-exps with pkcs1-raw
+ flag.
+
+2014-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix ARMv6 detection when CFLAGS modify target CPU architecture.
+ + commit 6be3032048ee2466511d2384fcf2d28b856219b2
+ * configure.ac (gcry_cv_cc_arm_arch_is_v6): Use compiler test instead
+ of preprocessor test.
+
+2014-01-29 Werner Koch <wk@gnupg.org>
+
+ Reserve control code for FIPS extensions.
+ + commit aea96a64fbc58a0b6f9f435e97e93294c6eb1052
+ * src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New.
+ (GCRYCTL_REACTIVATE_FIPS_FLAG): New.
+ * src/global.c (_gcry_vcontrol): Add them but return not_implemented.
+
+2014-01-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix RSA Blinding.
+ + commit 121a90d8931944974054f7d94f63b7f89df87fa5
+ * cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse.
+
+2014-01-28 Werner Koch <wk@gnupg.org>
+
+ cipher: Take care of ENABLE_NEON_SUPPORT.
+ + commit 52f7c48c901a3de51bd690a218f3de2f71e8d790
+ * cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if
+ ENABLE_NEON_SUPPORT is defined.
+ * cipher/serpent.c (USE_NEON): Ditto.
+ * cipher/sha1.c (USE_NEON): Ditto.
+ * cipher/sha512.c (USE_ARM_NEON_ASM): Ditto.
+
+ sexp: Fix broken gcry_sexp_nth.
+ + commit cbdc355415f83ed62da4f3618767eba54d7e6d37
+ * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data
+ element.
+ (NODE): Remove unused typedef.
+ (ST_HINT): Comment unused macro.
+
+ * tests/t-sexp.c (bug_1594): New.
+ (main): Run new test.
+
+2014-01-27 Werner Koch <wk@gnupg.org>
+
+ tests: Improve t-common.h.
+ + commit 7460e9243b3cc050631c37ed4f2713ae7bcb6762
+ * tests/t-common.h: Add couple of macros. Check that config.h has
+ been included.
+ (show): Rename to info.
+ * tests/t-lock.c, tests/t-sexp.c: Adjust for changes.
+
+ mpi: Minor fix for Atari-mint.
+ + commit 3caa0f1319dc4779e0d6eee4460c1af2a12b2c3c
+ * mpi/config.links [m68k-atari-mint]: Do not assume 68020. Suggested
+ by Alan Hourihane.
+
+ (cherry picked from commit 420f42a5752e90a8b27d58ffa1ddfe6e4ab341e8)
+
+2014-01-27 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Fix most of memory leaks in tests code.
+ + commit 5c150ece094bf0a504a111ce6c7b72e8d0b0457a
+ * tests/basic.c (check_ccm_cipher): Close cipher after use.
+ * tests/basic.c (check_one_cipher): Correct length of used buffer.
+ * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer
+ initialized.
+ * tests/keygen.c (check_ecc_keys): Release generated key.
+ * tests/t-mpi-point.c (context_param): Release mpi Q.
+ * tests/t-sexp.c (check_extract_param): Release extracted number.
+
+ Fix memory leaks in ecc code.
+ + commit 6d87e6abdfb7552323a95401f14e6367398a3e5a
+ * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
+ values.
+ * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
+ path.
+ * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.
+
+ Fix number of blocks passed used in _gcry_rmd160_mixblock.
+ + commit 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41
+ * cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform
+
+2014-01-27 Werner Koch <wk@gnupg.org>
+
+ Small Windows build tweaks.
+ + commit f7df906171854b6b6506b82d4fee2c2ebb0327ea
+ * configure.ac (HAVE_PTHREAD): Do test when building for Windows.
+
+ * tests/basic.c: Replace "%zi" by "%z" and a cast to make it work
+ under Windows.
+
+ Update gpg-error autoconf macros to fix threading problems.
+ + commit 79da0358fd555361e1ce4202f55494a8918eb8ae
+ * m4/gpg-error.m4: Update to version 2014-01-24.
+ * tests/Makefile.am (t_lock_LDADD): Use MT Libs.
+
+2014-01-24 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ tests: Pass -no-install to libtool.
+ + commit bf34bfa5c458ee5ece91f25e3b4194d768498ab6
+ * tests/Makefile.am: add AM_LDFLAGS = -no-install
+
+2014-01-24 Werner Koch <wk@gnupg.org>
+
+ tests: Add a test for the internal locking.
+ + commit ff91ec934ed52294cddcd7dcfacc04721a0487bf
+ * src/global.c (external_lock_test): New.
+ (_gcry_vcontrol): Call new function with formerly reserved code 61.
+
+ * tests/t-common.h: New. Taken from current libgpg-error.
+ * tests/t-lock.c: New. Based on t-lock.c from libgpg-error.
+ * configure.ac (HAVE_PTHREAD): Set macro to 1 if defined.
+ (AC_CHECK_FUNCS): Check for flockfile.
+ * tests/Makefile.am (tests_bin): Add t-lock.
+ (noinst_HEADERS): Add t-common.h
+ (LDADD): Move value to ...
+ (default_ldadd): new.
+ (t_lock_LDADD): New.
+
+ Check compiler features only for the relevant platform.
+ + commit 24e65d715812cea28732397870cb1585b8435521
+ * mpi/config.links (mpi_cpu_arch): Always set for ARM. Set for HPPA.
+ Set to "undefined" for unknown platforms.
+ (try_asm_modules): Act upon only after having detected the CPU.
+ * configure.ac: Move the call to config.links before the platform
+ specific compiler checks. Check platform specific features only if
+ the platform is targeted.
+
+2014-01-23 Werner Koch <wk@gnupg.org>
+
+ Support building using the latest mingw-w64 toolchain.
+ + commit 4ad3417acab5021db1f722c314314ce4b781833a
+ * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.
+
+2014-01-20 Werner Koch <wk@gnupg.org>
+
+ cipher: Fix commit 94030e44.
+ + commit dad06e4d1b835bac778b87090b1d3894b7535b14
+ * cipher/tiger.c (tiger_init): Add arg FLAGS.
+ (tiger1_init, tiger2_init): Ditto.
+
+ tests: Rename tsexp.c.
+ + commit 192e77d123fdb04c459c998b9eb1731618a833fa
+ * tests/tsexp.c: Rename to t-sexp.c
+
+2014-01-19 Werner Koch <wk@gnupg.org>
+
+ md: Add Whirlpool bug emulation feature.
+ + commit 94030e44aaff805d754e368507f16dd51a531b72
+ * src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New.
+ * src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS. Change all code
+ to implement that flag.
+ * cipher/md.c (gcry_md_context): Replace SECURE and FINALIZED by bit
+ field FLAGS. Add flag BUGEMU1. Change all users.
+ (md_open): Replace args SECURE and HMAC by FLAGS. Init flags.bugemu1.
+ (_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1.
+ (md_enable): Pass bugemu1 flag to the hash init function.
+ (_gcry_md_reset): Ditto.
+
+2014-01-17 Werner Koch <wk@gnupg.org>
+
+ Actually check for uint64_t.
+ + commit c3b30bae7d1e157f8b65e32ba1b3a516f2bbf58b
+ * configure.ac: Check size of uint64_t and the UINT64_C macro.
+
+2014-01-16 Werner Koch <wk@gnupg.org>
+
+ Replace ath based mutexes by gpgrt based locks.
+ + commit cfc151ba637200e4fc05d9481a8df2071b2f9a47
+ * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13.
+ (gl_LOCK): Remove.
+ * src/ath.c, src/ath.h: Remove. Remove from all files. Replace all
+ mutexes by gpgrt based statically initialized locks.
+ * src/global.c (global_init): Remove ath_init.
+ (_gcry_vcontrol): Make ath install a dummy function.
+ (print_config): Remove threads info line.
+
+ * doc/gcrypt.texi: Simplify the multi-thread related documentation.
+
+2014-01-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1.
+ + commit 49edeebb43174865cf4fa2c170a42a8e4274c4f0
+ * mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0.
+ * tests/t-mpi-point.c (context_alloc): Remove two spurious tests.
+
+2014-01-14 Milan Broz <gmazyland@gmail.com>
+
+ PBKDF2: Use gcry_md_reset to speed up calculation.
+ + commit 04cda6b7cc16f3f52c12d9d3e46c56701003496e
+ * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset
+ to speed up calculation.
+
+2014-01-13 Werner Koch <wk@gnupg.org>
+
+ Fix macro conflict in NetBSD.
+ + commit 5f2af6c26bc04975c0b518881532871d7387d7ce
+ * cipher/bithelp.h (bswap32): Rename to _gcry_bswap32.
+ (bswap64): Rename to _gcry_bswap64.
+
+ Use internal malloc function in fips.c.
+ + commit 518ae274a1845ce626b2b4223a9b3805cbbab1a7
+ * src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/.
+
+2014-01-13 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Truncate hash values for ECDSA signature scheme.
+ + commit 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225
+ * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque
+ mpis as required for DSA and ECDSA signature schemas.
+ * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to
+ behave like the rest of internal sign/verify functions.
+ * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation.
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation.
+ * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify):
+ as required by ECDSA scheme, truncate hash values to bitlength of
+ used curve.
+ * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash
+ truncation.
+
+ Add GOST R 34.10-2012 curves proposed by TC26.
+ + commit 2c5ec803100ed8261e51442fb93b75367b7725ea
+ * cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves
+ proposed/pending to standardization by TC26 (Russian cryptography
+ technical comitee).
+ * cipher/ecc-curves.c (curve_alias): Add OID aliases.
+ * tests/curves.c: Increase N_CURVES.
+
+ Add GOST R 34.10-2001 curves per RFC4357.
+ + commit 9bedc5c3b646dfe481678ca58f5466ac46decaf7
+ * cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357.
+ * cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST
+ curves.
+ * tests/curves.c (N_CURVES): Update value.
+
+ Fix typo in search_oid.
+ + commit 7edcb574d8d6dffb6e234c2ba1996a9a04923859
+ * cipher/md.c (search_oid): Invert condition on oid comparison.
+
+ Add MD2-HMAC calculation support.
+ + commit 653b58cb5e85511b6c04c3f85ef3e372c2e9f74f
+ * src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New.
+ * cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2.
+
+ Add a function to retrieve algorithm used by MAC handler.
+ + commit 8439a379c86ef1088465ea70ac10840759a1638e
+ * cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo.
+ * src/visibility.c (gcry_mac_get_algo): New wrapper.
+ * src/visibility.h: Hanlde gcry_mac_get_algo.
+ * src/gcrypt-int.h (_gcry_mac_get_algo): New.
+ * src/gcrypt.h.in (gcry_mac_get_algo): New.
+ * src/libgcrypt.def (gcry_mac_get_algo): New.
+ * src/libgcrypt.vers (gcry_mac_get_algo): New.
+ * doc/gcrypt.texi: Document gcry_mac_get_algo.
+ * tests/basic.c (check_one_mac): Verify gcry_mac_get_algo.
+
+ Correct formatting of gcry_mac_get_algo_keylen documentation.
+ + commit 36c9e0e4eb4f935da90df1c8df484d1940bda5eb
+ * doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen
+ documentation.
+
+ Use braces around unsigned int in gcry_mac_get_algo_keylen
+ documentation, otherwise texinfo breaks that and uses 'int' as a
+ function definition.
+
+2014-01-13 Werner Koch <wk@gnupg.org>
+
+ ecc: Make a macro shorter.
+ + commit 2ef48ba59c32bfa1a9265d5eea8ab225a658903a
+ * src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage
+ all users.
+ * cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
+ comment.
+ * mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
+ (add_points_twistededwards): Rename to add_points_edwards.
+
+2014-01-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix assembly division check.
+ + commit ef3e66e168c4b9b86bfc4903001631e53a7125d8
+ * configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable
+ name mismatch at '--Wa,--divide' workaround check.
+
+2014-01-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ Add secp256k1 curve.
+ + commit 019e0e9e8c77a2edf283745e05e9301673ea6a0a
+ * cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID.
+ (domain_parms): Add secp256k1's domain paramerter.
+
+ * tests/basic.c (check_pubkey): Add a key of secp256k1.
+
+ * tests/curves.c (N_CURVES): Updated.
+
+2014-01-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix constant division for AMD64 assembly on Solaris/x86.
+ + commit 43376891c01f4aff1fbfb23beafebb5adfd0868c
+ * configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for
+ constant division in assembly and test for "-Wa,--divide" workaround.
+ (gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division.
+
+2014-01-10 Werner Koch <wk@gnupg.org>
+
+ Use the generic autogen.sh script.
+ + commit b0ac1f9b143aa15855914ba93fef900288d45c9c
+ * autogen.rc: New.
+ * Makefile.am (EXTRA_DIST): Add it.
+ * autogen.sh: Update from current GnuPG.
+
+ Move all helper scripts to build-aux/
+ + commit df9b4eabf52faee6f289a4bc62219684442ae383
+ * scripts/: Rename to build-aux/.
+ * compile, config.guess, config.rpath, config.sub
+ * depcomp, doc/mdate-sh, doc/texinfo.tex
+ * install-sh, ltmain.sh, missing: Move to build-aux/.
+ * Makefile.am (EXTRA_DIST): Adjust.
+ * configure.ac (AC_CONFIG_AUX_DIR): New.
+ (AM_SILENT_RULES): New.
+
+2013-12-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add blowfish/serpent ARM assembly files to Makefile.am.
+ + commit 7fef7f481c0a1542be34d1dc831f58d41846ac29
+ * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'.
+
+ Add AMD64 assembly implementation for arcfour.
+ + commit 7547898109c72a97e3102b2a045ee4fdb2aa40bf
+ * cipher/Makefile.am: Add 'arcfour-amd64.S'.
+ * cipher/arcfour-amd64.S: New.
+ * cipher/arcfour.c (USE_AMD64_ASM): New.
+ [USE_AMD64_ASM] (ARCFOUR_context, _gcry_arcfour_amd64)
+ (encrypt_stream): New.
+ * configure.ac [host=x86_64]: Add 'arcfour-amd64.lo'.
+
+ Parse /proc/cpuinfo for ARM HW features.
+ + commit a05be441d8cd89b90d8d58e3a343a436dae377d0
+ * src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO)
+ (detect_arm_proc_cpuinfo): New.
+ (_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for
+ HW features.
+
+ Fix buggy/incomplete detection of AVX/AVX2 support.
+ + commit bbcb12187afb1756cb27296166b57fa19ee45d4d
+ * configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2
+ inline assembly checks.
+ * src/hwf-x86.c [__i386__] (get_xgetbv): New function.
+ [__x86_64__] (get_xgetbv): New function.
+ [HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for
+ XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are
+ supported by OS.
+
+2013-12-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Change utf-8 copyright characters to '(C)'
+ + commit b7e814f93ee40fcfe17a187a8989c07fde2ba0cd
+ cipher/blowfish-amd64.S: Change utf-8 encoded copyright character to
+ '(C)'.
+ cipher/blowfish-arm.S: Ditto.
+ cipher/bufhelp.h: Ditto.
+ cipher/camellia-aesni-avx-amd64.S: Ditto.
+ cipher/camellia-aesni-avx2-amd64.S: Ditto.
+ cipher/camellia-arm.S: Ditto.
+ cipher/cast5-amd64.S: Ditto.
+ cipher/cast5-arm.S: Ditto.
+ cipher/cipher-ccm.c: Ditto.
+ cipher/cipher-cmac.c: Ditto.
+ cipher/cipher-gcm.c: Ditto.
+ cipher/cipher-selftest.c: Ditto.
+ cipher/cipher-selftest.h: Ditto.
+ cipher/mac-cmac.c: Ditto.
+ cipher/mac-gmac.c: Ditto.
+ cipher/mac-hmac.c: Ditto.
+ cipher/mac-internal.h: Ditto.
+ cipher/mac.c: Ditto.
+ cipher/rijndael-amd64.S: Ditto.
+ cipher/rijndael-arm.S: Ditto.
+ cipher/salsa20-amd64.S: Ditto.
+ cipher/salsa20-armv7-neon.S: Ditto.
+ cipher/serpent-armv7-neon.S: Ditto.
+ cipher/serpent-avx2-amd64.S: Ditto.
+ cipher/serpent-sse2-amd64.S: Ditto.
+
+ Add ARM/NEON implementation for SHA-1.
+ + commit fc7dcf616937afaf73cfda1bf7bd79566a96b130
+ * cipher/Makefile.am: Add 'sha1-armv7-neon.S'.
+ * cipher/sha1-armv7-neon.S: New.
+ * cipher/sha1.c (USE_NEON): New.
+ (SHA1_CONTEXT, sha1_init) [USE_NEON]: Add and initialize 'use_neon'.
+ [USE_NEON] (_gcry_sha1_transform_armv7_neon): New.
+ (transform) [USE_NEON]: Use ARM/NEON assembly if enabled.
+ * configure.ac: Add 'sha1-armv7-neon.lo'.
+
+ Improve performance of SHA-512/ARM/NEON implementation.
+ + commit df629ba53a662427ebd3ddca90c3fe9ddd6511d3
+ * cipher/sha512-armv7-neon.S (RT01q, RT23q, RT45q, RT67q): New.
+ (round_0_63, round_64_79): Remove.
+ (rounds2_0_63, rounds2_64_79): New.
+ (_gcry_sha512_transform_armv7_neon): Add 'nblks' input; Handle multiple
+ input blocks; Use new round macros.
+ * cipher/sha512.c [USE_ARM_NEON_ASM]
+ (_gcry_sha512_transform_armv7_neon): Add 'num_blks'.
+ (transform) [USE_ARM_NEON_ASM]: Pass nblks to assembly.
+
+ Add AVX and AVX2/BMI implementations for SHA-256.
+ + commit a5c2bbfe0db515d739ab683297903c77b1eec124
+ * LICENSES: Add 'cipher/sha256-avx-amd64.S' and
+ 'cipher/sha256-avx2-bmi2-amd64.S'.
+ * cipher/Makefile.am: Add 'sha256-avx-amd64.S' and
+ 'sha256-avx2-bmi2-amd64.S'.
+ * cipher/sha256-avx-amd64.S: New.
+ * cipher/sha256-avx2-bmi2-amd64.S: New.
+ * cipher/sha256-ssse3-amd64.S: Use 'lea' instead of 'add' in few
+ places for tiny speed improvement.
+ * cipher/sha256.c (USE_AVX, USE_AVX2): New.
+ (SHA256_CONTEXT) [USE_AVX, USE_AVX2]: Add 'use_avx' and 'use_avx2'.
+ (sha256_init, sha224_init) [USE_AVX, USE_AVX2]: Initialize above
+ new context members.
+ [USE_AVX] (_gcry_sha256_transform_amd64_avx): New.
+ [USE_AVX2] (_gcry_sha256_transform_amd64_avx2): New.
+ (transform) [USE_AVX2]: Use AVX2 assembly if enabled.
+ (transform) [USE_AVX]: Use AVX assembly if enabled.
+ * configure.ac: Add 'sha256-avx-amd64.lo' and
+ 'sha256-avx2-bmi2-amd64.lo'.
+
+2013-12-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add AVX and AVX/BMI2 implementations for SHA-1.
+ + commit e4e458465b124e25b6aec7a60174bf1ca32dc5fd
+ * cipher/Makefile.am: Add 'sha1-avx-amd64.S' and
+ 'sha1-avx-bmi2-amd64.S'.
+ * cipher/sha1-avx-amd64.S: New.
+ * cipher/sha1-avx-bmi2-amd64.S: New.
+ * cipher/sha1.c (USE_AVX, USE_BMI2): New.
+ (SHA1_CONTEXT) [USE_AVX]: Add 'use_avx'.
+ (SHA1_CONTEXT) [USE_BMI2]: Add 'use_bmi2'.
+ (sha1_init): Initialize 'use_avx' and 'use_bmi2'.
+ [USE_AVX] (_gcry_sha1_transform_amd64_avx): New.
+ [USE_BMI2] (_gcry_sha1_transform_amd64_bmi2): New.
+ (transform) [USE_BMI2]: Use BMI2 assembly if enabled.
+ (transform) [USE_AVX]: Use AVX assembly if enabled.
+ * configure.ac: Add 'sha1-avx-amd64.lo' and 'sha1-avx-bmi2-amd64.lo'.
+
+ SHA-1/SSSE3: Improve performance on large buffers.
+ + commit 6fd0dd2a5f1362f91e2861cd9d300341a43842a5
+ * cipher/sha1-ssse3-amd64.S (RNBLKS): New.
+ (_gcry_sha1_transform_amd64_ssse3): Handle multiple input blocks, with
+ software pipelining of next data block processing.
+ * cipher/sha1.c [USE_SSSE3] (_gcry_sha1_transform_amd64_ssse3): Add
+ 'nblks'.
+ (transform) [USE_SSSE3]: Pass nblks to assembly function.
+
+ Add bulk processing for hash transform functions.
+ + commit 50b8c8342d023038a4b528af83153293dd2756ea
+ * cipher/hash-common.c (_gcry_md_block_write): Preload 'hd->blocksize'
+ to stack, pass number of blocks to 'hd->bwrite'.
+ * cipher/hash-common.c (_gcry_md_block_write_t): Add 'nblks'.
+ * cipher/gostr3411-94.c: Rename 'transform' function to
+ 'transform_blk', add new 'transform' function with 'nblks' as
+ additional input.
+ * cipher/md4.c: Ditto.
+ * cipher/md5.c: Ditto.
+ * cipher/md4.c: Ditto.
+ * cipher/rmd160.c: Ditto.
+ * cipher/sha1.c: Ditto.
+ * cipher/sha256.c: Ditto.
+ * cipher/sha512.c: Ditto.
+ * cipher/stribog.c: Ditto.
+ * cipher/tiger.c: Ditto.
+ * cipher/whirlpool.c: Ditto.
+
+2013-12-16 Werner Koch <wk@gnupg.org>
+
+ Release 1.6.0.
+ + commit 0ea9731e1c93a962f6266004ab0e7418c19d6277
+
+
+ doc: Change yat2m to allow arbitrary condition names.
+ + commit 9a912f8c4f366c53f1cdb94513b67b937e87178b
+ * doc/yat2m.c (MAX_CONDITION_NESTING): New.
+ (gpgone_defined): Remove.
+ (condition_s, condition_stack, condition_stack_idx): New.
+ (cond_is_active, cond_in_verbatim): New.
+ (add_predefined_macro, set_macro, macro_set_p): New.
+ (evaluate_conditions, push_condition, pop_condition): New.
+ (parse_file): Rewrite to use the condition stack.
+ (top_parse_file): Set prefined macros.
+ (main): Change -D to define arbitrary macros.
+
+ tests: Add SHA-512 to the long hash test.
+ + commit 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020
+ * tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512.
+ * tests/hashtest-256g.in (algos): Add test for SHA-512.
+
+ Add configure option --enable-large-data-tests.
+ + commit a6b9304a889397ac98e1c2c4ac3e178669d94492
+ * configure.ac: Add option --enable-large-data-tests.
+ * tests/hashtest-256g.in: New.
+ * tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in.
+ (TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and
+ tests_sh_last.
+ (tests_sh_last): Add hashtest-256g
+ (noinst_PROGRAMS): Add only tests_bin and tests_bin_last.
+ (bench-slope.log, hashtest-256g.log): New rules to enforce serial run.
+
+ random: Call random progress handler more often.
+ + commit 5a7ce59396fe56f0d681df314bfbdb5f7732d4b1
+ * random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress
+ indicator earlier.
+
+ cipher: Normalize the MPIs used as input to secret key functions.
+ + commit dec048b2ec79271a2f4405be5b87b1e768b3f1a9
+ * cipher/dsa.c (sign): Normalize INPUT.
+ * cipher/elgamal.c (decrypt): Normalize A and B.
+ * cipher/rsa.c (secret): Normalize the INPUT.
+ (rsa_decrypt): Reduce DATA before passing to secret.
+
+2013-12-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Change dummy variable in mpih-div.c to mpi_limb_t type.
+ + commit 953535a7de68cf62b5b1ad6f96ea3a9edd83762c
+ * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy
+ variable to 'mpi_limb_t' type from 'int'.
+
+ Remove duplicate gcry_mac_hd_t typedef.
+ + commit 5c31990214b58c4e17edb01fbbe6d9f573975a22
+ * cipher/mac-internal.h (gcry_mac_hd_t): Remove.
+
+2013-12-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Use u64 for CCM data lengths.
+ + commit 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d
+ * cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF].
+ [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for
+ data lengths.
+ [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt)
+ (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce)
+ (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag)
+ (_gcry_cipher_ccm_check_tag): Dummy functions returning
+ GPG_ERROR_NOT_SUPPORTED.
+ * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm)
+ (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use
+ u64 instead of size_t for CCM data lengths.
+ * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset)
+ (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED
+ for CCM.
+ (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for
+ GCRYCTL_SET_CCM_LENGTHS length parameters.
+ * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF.
+ * tests/bench-slope.c: Ditto.
+ * tests/benchmark.c: Ditto.
+
+2013-12-14 Werner Koch <wk@gnupg.org>
+
+ tests: Prevent rare failure of gcry_pk_decrypt test.
+ + commit bfb43a17d8db571fca4ed433ee8be5c366745844
+ * tests/basic.c (check_pubkey_crypt): Add special mode 1.
+ (main): Add option --loop.
+
+2013-12-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Minor fixes to SHA assembly implementations.
+ + commit ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995
+ * cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'.
+ * cipher/sha1-ssse3-amd64.S: First line, correct filename.
+ * cipher/sha256-ssse3-amd64.S: Return correct stack burn depth.
+ * cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers.
+ * cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn
+ depth.
+
+ SHA-1/SSSE3: Do not check for Intel syntax assembly support.
+ + commit c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9
+ * cipher/sha1-ssse3-amd64.S: Remove check for
+ HAVE_INTEL_SYNTAX_PLATFORM_AS.
+ * cipher/sha1.c [USE_SSSE3]: Ditto.
+
+2013-12-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm.
+ + commit d2b853246c2ed056a92096d89c3ca057e45c9c92
+ * cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to
+ 'sha1-ssse3-amd64.S'.
+ * cipher/sha1-ssse3-amd64.c: Remove.
+ * cipher/sha1-ssse3-amd64.S: New.
+
+ SHA-1: Add SSSE3 implementation.
+ + commit be2238f68abcc6f2b4e8c38ad9141376ce622a22
+ * cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'.
+ * cipher/sha1-ssse3-amd64.c: New.
+ * cipher/sha1.c (USE_SSSE3): New.
+ (SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
+ (sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'.
+ (transform): Rename to...
+ (_transform): this.
+ (transform): New.
+ * configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'.
+
+ Add missing register clearing in to SHA-256 and SHA-512 assembly.
+ + commit 04615cc6803cdede25fa92e3ff697e252a23cd7a
+ * cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return.
+ * cipher/sha512-avx-amd64.S: Ditto.
+ * cipher/sha512-avx2-bmi2-amd64.S: Ditto.
+ * cipher/sha512-ssse3-amd64.S: Ditto.
+
+2013-12-13 Werner Koch <wk@gnupg.org>
+
+ Update license information.
+ + commit 764643a3d5634bcbc47790bd8505f6a1a5280d9c
+ * LICENSES: New.
+ * Makefile.am (EXTRA_DIST): Add LICENSES.
+ * AUTHORS: Add list of copyright holders.
+ * README: Reference AUTHORS.
+
+2013-12-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix empty clobber in AVX2 assembly check.
+ + commit e41d605ee41469e8a33cdc4d38f742cfb931f835
+ * configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly
+ globber.
+
+ Fix W32 build.
+ + commit a71b810ddd67ca3a1773d8f929d162551abb58eb
+ * random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to
+ xmalloc, and gcry_xrealloc to xrealloc.
+
+2013-12-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ SHA-512: Add AVX and AVX2 implementations for x86-64.
+ + commit 2e4253dc8eb512cd0e807360926dc6ba912c95b4
+ * cipher/Makefile.am: Add 'sha512-avx-amd64.S' and
+ 'sha512-avx2-bmi2-amd64.S'.
+ * cipher/sha512-avx-amd64.S: New.
+ * cipher/sha512-avx2-bmi2-amd64.S: New.
+ * cipher/sha512.c (USE_AVX, USE_AVX2): New.
+ (SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'.
+ (SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'.
+ (sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'.
+ (sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'.
+ [USE_AVX] (_gcry_sha512_transform_amd64_avx): New.
+ [USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New.
+ (transform) [USE_AVX2]: Add call for AVX2 implementation.
+ (transform) [USE_AVX]: Add call for AVX implementation.
+ * configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check.
+ (sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'.
+ * doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'.
+ * src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New.
+ * src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2".
+ * src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and
+ HWF_INTEL_BMI2.
+
+ SHA-512: Add SSSE3 implementation for x86-64.
+ + commit 69a6d0f9562fcd26112a589318c13de66ce1700e
+ * cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'.
+ * cipher/sha512-ssse3-amd64.S: New.
+ * cipher/sha512.c (USE_SSSE3): New.
+ (SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
+ (sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'.
+ [USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New.
+ (transform) [USE_SSSE3]: Call SSSE3 implementation.
+ * configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'.
+
+ SHA-256: Add SSSE3 implementation for x86-64.
+ + commit e1a3931263e67aacec3c0bfcaa86c7d1441d5c6a
+ * cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'.
+ * cipher/sha256-ssse3-amd64.S: New.
+ * cipher/sha256.c (USE_SSSE3): New.
+ (SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
+ (sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'.
+ (transform): Rename to...
+ (_transform): This.
+ [USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New.
+ (transform): New.
+ * configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check.
+ (sha256): Add 'sha256-ssse3-amd64.lo'.
+ * doc/gcrypt.texi: Document 'intel-ssse3'.
+ * src/g10lib.h (HWF_INTEL_SSSE3): New.
+ * src/hwfeatures.c (hwflist): Add "intel-ssse3".
+ * src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3.
+
+2013-12-12 Werner Koch <wk@gnupg.org>
+
+ Add a configuration file to disable hardware features.
+ + commit 5e1239b1e2948211ff2675f45cce2b28c3379cfb
+ * src/hwfeatures.c: Inclyde syslog.h and ctype.h.
+ (HWF_DENY_FILE): New.
+ (my_isascii): New.
+ (parse_hwf_deny_file): New.
+ (_gcry_detect_hw_features): Call it.
+
+ * src/mpicalc.c (main): Correctly initialize Libgcrypt. Add options
+ "--print-config" and "--disable-hwf".
+
+ Move list of hardware features to hwfeatures.c.
+ + commit 4ae77322b681a13da62d01274bcab25be2af12d0
+ * src/global.c (hwflist, disabled_hw_features): Move to ..
+ * src/hwfeatures.c: here.
+ (_gcry_disable_hw_feature): New.
+ (_gcry_enum_hw_features): New.
+ (_gcry_detect_hw_features): Remove arg DISABLED_FEATURES.
+ * src/global.c (print_config, _gcry_vcontrol, global_init): Adjust
+ accordingly.
+
+ Remove macro hacks for internal vs. external functions. Part 2 and last.
+ + commit 3b30e9840d4b351c4de73b126e561154cb7df4cc
+ * src/visibility.h: Remove remaining define/undef hacks for symbol
+ visibility. Add macros to detect the use of the public functions.
+ Change all affected functions by replacing them by the x-macros.
+ * src/g10lib.h: Add internal prototypes.
+ (xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure)
+ (xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure)
+ (xcalloc_secure, xrealloc, xstrdup, xfree): New macros.
+
+2013-12-11 Werner Koch <wk@gnupg.org>
+
+ random: Add a feature to close device file descriptors.
+ + commit cd548ba2dc777b8b27d8d33182ba733c20222120
+ * src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New.
+ * src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds.
+ * random/random.c (_gcry_random_close_fds): New.
+ * random/random-csprng.c (_gcry_rngcsprng_close_fds): New.
+ * random/random-fips.c (_gcry_rngfips_close_fds): New.
+ * random/random-system.c (_gcry_rngsystem_close_fds): New.
+ * random/rndlinux.c (open_device): Add arg retry.
+ (_gcry_rndlinux_gather_random): Add mode to close open fds.
+
+ * tests/random.c (check_close_random_device): New.
+ (main): Call new test.
+
+2013-12-10 Werner Koch <wk@gnupg.org>
+
+ Fix last commit (9a37470c)
+ + commit eae1e7712e1b687bd77eb37d0eb505fc9d46d93c
+ * src/secmem.c (lock_pool): Remove remaining line. Reported by Ian
+ Goldberg.
+
+2013-12-09 Werner Koch <wk@gnupg.org>
+
+ Fix one-off memory leak when build with Linux capability support.
+ + commit 9a37470c50ee9966cb2652617a404ddd54a9c096
+ * src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by
+ Mike Crowe <mac@mcrowe.com>.
+
+2013-12-09 David 'Digit' Turner <digit@google.com>
+
+ Update libtool to support Android.
+ + commit 2516f0b660b1a7181ad38c44310c627f4f498595
+ * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool
+ repository.
+
+2013-12-09 Werner Koch <wk@gnupg.org>
+
+ tests: Speed up benchmarks in regression test mode.
+ + commit 2e5354fe8db5288939733d0fb63ad4c87bc20105
+ * tests/tsexp.c (check_extract_param): Fix compiler warning.
+ * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST.
+ * tests/bench-slope.c (main): Speed up if in regression test mode.
+ * tests/benchmark.c (main): Ditto.
+
+ tests: Add --csv option to bench-slope.
+ + commit 8072e9fa4b42ae8e65e266aa158fd903f1bb0927
+ * tests/bench-slope.c (STR, STR2): New.
+ (cvs_mode): New.
+ (num_measurement_repetitions): New. Replace use of
+ NUM_MEASUREMENT_REPETITIONS by this.
+ (current_section_name, current_algo_name, current_mode_name): New.
+ (bench_print_result_csv): New.
+ (bench_print_result_std): Rename from bench_print_result.
+ (bench_print_result): New. Divert depending on CSV_MODE.
+ (bench_print_header, bench_print_footer): take care of CSV_MODE.
+ (bench_print_algo, bench_print_mode): New. Use them instead of
+ explicit printfs.
+ (main): Add options --csv and --repetitions.
+
+2013-12-07 Werner Koch <wk@gnupg.org>
+
+ sexp: Allow long names and white space in gcry_sexp_extract_param.
+ + commit d4555433b6e422fa69a85cae99961f513e55d82b
+ * src/sexp.c (_gcry_sexp_vextract_param): Skip white space. Support
+ long parameter names.
+ * tests/tsexp.c (check_extract_param): Add test cases for long parameter
+ names and white space.
+
+2013-12-06 Werner Koch <wk@gnupg.org>
+
+ ecc: Merge partly duplicated code.
+ + commit 405021cb6d4e470337302c65dec5bc91491a89c1
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ...
+ (_gcry_ecc_eddsa_compute_h_d): new function.
+ * cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function.
+ (reverse_buffer): Remove.
+
+ ecc: Remove unused internal function.
+ + commit 4cf2c65fe15173c8d68a141a01b34fc1fb9080b7
+ * src/cipher-proto.h (gcry_pk_spec): Remove get_param.
+ * cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from
+ _gcry_ecc_get_param.
+ (_gcry_ecc_get_param): Remove.
+ * cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param.
+
+2013-12-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix building on mingw32.
+ + commit 5917ce34e3b3eac4c15f62577e4723974024f818
+ * src/gcrypt-int.h: Include <types.h>.
+
+2013-12-05 Werner Koch <wk@gnupg.org>
+
+ ecc: Change OID for Ed25519.
+ + commit 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f
+ * cipher/ecc-curves.c (curve_aliased): Add more suitable OID for
+ Ed25519.
+
+ Remove macro hacks for internal vs. external functions. Part 1.
+ + commit 7bacf1812b55fa78db63abaa1f5a9220e9c6cccc
+ * src/visibility.h: Remove almost all define/undef hacks for symbol
+ visibility. Add macros to detect the use of the public functions.
+ Change all affected functions by prefixing them explicitly with an
+ underscore and change all internal callers to call the underscore
+ prefixed versions. Provide convenience macros from sexp and mpi
+ functions.
+ * src/visibility.c: Change all functions to use only gpg_err_code_t
+ and translate to gpg_error_t only in visibility.c.
+
+2013-12-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ mpi: add inline assembly for x86-64.
+ + commit 85bb0a98ea5add0296cbcc415d557eaa1f6bd294
+ * mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm)
+ (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New.
+
+2013-12-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: fix gcry_mpi_powm for negative base.
+ + commit c56080c26186d25dec05f01831494c77d8d07e13
+ * mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]:
+ Fix for the case where BASE is negative.
+ * tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19.
+
+2013-12-03 Werner Koch <wk@gnupg.org>
+
+ Add build support for ppc64le.
+ + commit 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51
+ * config.guess, config.sub: Update to latest version (2013-11-29).
+ * m4/libtool.m4: Add patches for ppc64le.
+
+2013-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: fix compiler warning on aarch64.
+ + commit 59b1a1b7ee2923e1bf091071ae716d180c6c6006
+ * cipher/rijndael.c (do_setkey): Use braces for empty if statement
+ instead of semicolon.
+
+ Add aarch64 (arm64) mpi assembly.
+ + commit 80896bc8f5e6ed9a627374e34f040ad5f3617584
+ * mpi/aarch64/mpi-asm-defs.h: New.
+ * mpi/aarch64/mpih-add1.S: New.
+ * mpi/aarch64/mpih-mul1.S: New.
+ * mpi/aarch64/mpih-mul2.S: New.
+ * mpi/aarch64/mpih-mul3.S: New.
+ * mpi/aarch64/mpih-sub1.S: New.
+ * mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64
+ assembly.
+ * mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
+ (count_leading_zeros): New.
+
+2013-12-02 Werner Koch <wk@gnupg.org>
+
+ ecc: Use constant time point operation for Twisted Edwards.
+ + commit d4ce0cfe0d35d7ec69c115456848b5b735c928ea
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time
+ operation if needed.
+ * tests/benchmark.c (main): Add option --use-secmem.
+
+ ecc: Make gcry_pk_testkey work for Ed25519.
+ + commit 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2
+ * cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G
+ and d. Change all callers.
+ * cipher/ecc.c (gen_y_2): Remove.
+ (check_secret_key): Use generic public key compute function. Adjust
+ for use with Ed25519 and EdDSA.
+ (nist_generate_key): Do not use the compliant key thingy for Ed25519.
+ (ecc_check_secret_key): Make parameter parsing similar to the other
+ functions.
+ * cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so
+ that _gcry_ecc_update_curve_param works correctly.
+ * tests/keygen.c (check_ecc_keys): Add "param" flag. Check all
+ Ed25519 keys.
+
+ ecc: Fix eddsa point decompression.
+ + commit 485f35124b1a74af0bad321ed70be3a79d8d11d7
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative
+ case.
+
+ ecc: Fix gcry_mpi_ec_curve_point for Weierstrass.
+ + commit ecb90f8e7c6f2516080d27ed7da6a25f2314da3c
+ * mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation.
+ (ec_pow3): New.
+ (ec_p_init): Always copy B.
+
+ mpi: Introduce 4 user flags for gcry_mpi_t.
+ + commit 29eddc2558d4cf39995f66d5fccd62f584d5b203
+ * src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2)
+ (GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New.
+ * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag)
+ (gcry_mpi_get_flag, _gcry_mpi_free): Implement them.
+ (gcry_mpi_set_opaque): Keep user flags.
+
+2013-11-29 Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com>
+
+ Fix armv3 compile error.
+ + commit 3b1cc9e6c357574f54160298d731c18f3d717b6c
+ * mpi/longlong.h [__arm__ && __ARM_ARCH < 4] (umul_ppmm): Use
+ __AND_CLOBBER_CC instead of __CLOBBER_CC.
+
+ longlong.h on mips with clang.
+ + commit 1ecbd0bca31d462719a2a6590c1d03244e76ef89
+ * mpi/longlong.h [__mips__]: Use C-language version with clang.
+
+2013-11-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Camellia: Tweaks for AES-NI implementations.
+ + commit 3ef21e7e1b8003db9792155044db95f9d9ced184
+ * cipher/camellia-aesni-avx-amd64.S: Align stack to 16 bytes; tweak
+ key-setup for small speed up.
+ * cipher/camellia-aesni-avx2-amd64.S: Use vmovdqu even with aligned
+ stack; reorder vinsert128 instructions; use rbp for stack frame.
+
+2013-11-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add GMAC to MAC API.
+ + commit a34448c929b13bfb7b66d69169c89e7319a18b31
+ * cipher/Makefile.am: Add 'mac-gmac.c'.
+ * cipher/mac-gmac.c: New.
+ * cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'.
+ (_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish)
+ (_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed)
+ (_gcry_mac_type_spec_gmac_camellia): New externs.
+ * cipher/mac.c (mac_list): Add GMAC specifications.
+ * doc/gcrypt.texi: Add mention of GMAC.
+ * src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms.
+ * tests/basic.c (check_one_mac): Add support for MAC IVs.
+ (check_mac): Add support for MAC IVs and add GMAC test vectors.
+ * tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499.
+ * tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499.
+
+ GCM: Move gcm_table initialization to setkey.
+ + commit dbfa651618693da7ea73b4d2d00d4efd411bfb46
+ * cipher/cipher-gcm.c: Change all 'c->u_iv.iv' to
+ 'c->u_mode.gcm.u_ghash_key.key'.
+ (_gcry_cipher_gcm_setkey): New.
+ (_gcry_cipher_gcm_initiv): Move ghash initialization to function above.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add
+ 'u_mode.gcm.u_ghash_key'; Reorder 'u_mode.gcm' members for partial
+ clearing in gcry_cipher_reset.
+ (_gcry_cipher_gcm_setkey): New prototype.
+ * cipher/cipher.c (cipher_setkey): Add GCM setkey.
+ (cipher_reset): Clear 'u_mode' only partially for GCM.
+
+2013-11-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ GCM: Add support for split data buffers and online operation.
+ + commit fb1e52e3fe231671de546eacd6becd31c26c4f7b
+ * cipher/cipher-gcm.c (do_ghash_buf): Add buffering for less than
+ blocksize length input and padding handling.
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Add handling
+ for AAD padding and check if data has already being padded.
+ (_gcry_cipher_gcm_authenticate): Check that AAD or data has not being
+ padded yet.
+ (_gcry_cipher_gcm_initiv): Clear padding marks.
+ (_gcry_cipher_gcm_tag): Add finalization and padding; Clear sensitive
+ data from cipher handle, since they are not used after generating tag.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.macbuf',
+ 'u_mode.gcm.mac_unused', 'u_mode.gcm.ghash_data_finalized' and
+ 'u_mode.gcm.ghash_aad_finalized'.
+ * tests/basic.c (check_gcm_cipher): Rename to...
+ (_check_gcm_cipher): ...this and add handling for different buffer step
+ lengths; Enable per byte buffer testing.
+ (check_gcm_cipher): Call _check_gcm_cipher with different buffer step
+ sizes.
+
+ GCM: Use size_t for buffer sizes.
+ + commit 2d870a9142e8c8b3f008e1ad8e83e4bdf7a8e4e7
+ * cipher/cipher-gcm.c (ghash, gcm_bytecounter_add, do_ghash_buf)
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
+ (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_geniv)
+ (_gcry_cipher_gcm_tag): Use size_t for buffer lengths.
+ * cipher/cipher-internal.h (_gcry_cipher_gcm_encrypt)
+ (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Use size_t
+ for buffer lengths.
+
+ GCM: add FIPS mode restrictions.
+ + commit 56d352d6bdcf7abaa33c3399741f5063e2ddc32a
+ * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
+ (_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv
+ was invocated directly.
+ (_gcry_cipher_gcm_setiv): Rename to...
+ (_gcry_cipher_gcm_initiv): ...this.
+ (_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode.
+ [TODO] (_gcry_cipher_gcm_getiv): New.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add
+ 'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'.
+
+ GCM: Add clearing and checking of marks.tag.
+ + commit 32a2da9abc91394b23cf565c1c833fa964394083
+ * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
+ (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Make sure
+ that tag has not been finalized yet.
+ (_gcry_cipher_gcm_setiv): Clear 'marks.tag'.
+
+ GCM: Add stack burning.
+ + commit 018f08354b1b116672e82f9ce942884b288aaf9e
+ * cipher/cipher-gcm.c (do_ghash, ghash): Return stack burn depth.
+ (setupM): Wipe 'tmp' buffer.
+ (do_ghash_buf): Wipe 'tmp' buffer and add stack burning.
+
+ Add aggregated bulk processing for GCM on x86-64.
+ + commit c9537fbf8ff0af919cff2bebadc4c6e7caea8076
+ * cipher/cipher-gcm.c [__x86_64__] (gfmul_pclmul_aggr4): New.
+ (ghash) [GCM_USE_INTEL_PCLMUL]: Add aggregated bulk processing
+ for __x86_64__.
+ (setupM) [__x86_64__]: Add initialization for aggregated bulk
+ processing.
+
+ GCM: Tweak Intel PCLMUL ghash loop for small speed-up.
+ + commit 9b6764944284fed733c2f88619b3d9eb5d5c259a
+ * cipher/cipher-gcm.c (do_ghash): Mark 'inline'.
+ [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): Rename to...
+ [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul): ..this and make inline function.
+ (ghash) [GCM_USE_INTEL_PCLMUL]: Preload data before ghash-pclmul loop.
+
+ GCM: Use counter mode code for speed-up.
+ + commit bd4bd23a2511a4bce63c3217cca0d4ecf0c79532
+ * cipher/cipher-gcm.c (ghash): Add process for multiple blocks.
+ (gcm_bytecounter_add, gcm_add32_be128, gcm_check_datalen)
+ (gcm_check_aadlen_or_ivlen, do_ghash_buf): New functions.
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
+ (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_set_iv)
+ (_gcry_cipher_gcm_tag): Adjust to use above new functions and
+ counter mode functions for encryption/decryption.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Remove 'length'; Add
+ 'u_mode.gcm.(addlen|datalen|tagiv|datalen_over_limits)'.
+ (_gcry_cipher_gcm_setiv): Return gcry_err_code_t.
+ * cipher/cipher.c (cipher_setiv): Return error code.
+ (_gcry_cipher_setiv): Handle error code from 'cipher_setiv'.
+
+ Add Intel PCLMUL acceleration for GCM.
+ + commit 5a65ffabadd50f174ab7375faad7a726cce49e61
+ * cipher/cipher-gcm.c (fillM): Rename...
+ (do_fillM): ...to this.
+ (ghash): Remove.
+ (fillM): New macro.
+ (GHASH): Use 'do_ghash' instead of 'ghash'.
+ [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): New.
+ (ghash): New.
+ (setupM): New.
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
+ (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_setiv)
+ (_gcry_cipher_gcm_tag): Use 'ghash' instead of 'GHASH' and
+ 'c->u_mode.gcm.u_tag.tag' instead of 'c->u_tag.tag'.
+ * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): New.
+ (gcry_cipher_handle): Move 'u_tag' and 'gcm_table' under
+ 'u_mode.gcm'.
+ * configure.ac (pclmulsupport, gcry_cv_gcc_inline_asm_pclmul): New.
+ * src/g10lib.h (HWF_INTEL_PCLMUL): New.
+ * src/global.c: Add "intel-pclmul".
+ * src/hwf-x86.c (detect_x86_gnuc): Add check for Intel PCLMUL.
+
+ GCM: GHASH optimizations.
+ + commit 0e9e7d72f3c9eb7ac832746c3034855faaf8d02c
+ * cipher/cipher-gcm.c [GCM_USE_TABLES] (gcmR, ghash): Replace with new.
+ [GCM_USE_TABLES] [GCM_TABLES_USE_U64] (bshift, fillM, do_ghash): New.
+ [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (bshift, fillM): Replace with
+ new.
+ [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (do_ghash): New.
+ (_gcry_cipher_gcm_tag): Remove extra memcpy to outbuf and use
+ buf_eq_const for comparing authentication tag.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Different 'gcm_table'
+ for 32-bit and 64-bit platforms.
+
+ Add some documentation for GCM mode.
+ + commit 332da0ed7c8fab6c2bee841c94d8364c2ab4e30d
+ * doc/gcrypt.texi: Add mention of GCM mode.
+
+2013-11-19 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Initial implementation of GCM.
+ + commit 90cce18b9eced4f412ceeec5bcae18c4493322df
+ * cipher/Makefile.am: Add 'cipher-gcm.c'.
+ * cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths)
+ (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag)
+ (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change
+ 'c->u_mode.ccm.tag' to 'c->marks.tag'.
+ * cipher/cipher-gcm.c: New.
+ * cipher/cipher-internal.h (GCM_USE_TABLES): New.
+ (gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and
+ 'gcm_table'; Remove 'u_mode.ccm.tag'.
+ (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
+ (_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate)
+ (_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New.
+ * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
+ (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
+ (_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling.
+ * src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM.
+ (GCRY_GCM_BLOCK_LEN): New.
+ * tests/basic.c (check_gcm_cipher): New.
+ (check_ciphers): Add GCM check.
+ (check_cipher_modes): Call 'check_gcm_cipher'.
+ * tests/bench-slope.c (bench_gcm_encrypt_do_bench)
+ (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench)
+ (gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New.
+ (cipher_modes): Add GCM enc/dec/auth.
+ (cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size.
+ * tests/benchmark.c (cipher_bench): Add GCM.
+
+2013-11-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Camellia: fix compiler warning.
+ + commit 9816ae9d9931b75e4fdc9a5be10e6af447132313
+ * cipher/camellia-glue.c (camellia_setkey): Use braces around empty if
+ statement.
+
+ Tweak Camellia-AVX key-setup for small speed-up.
+ + commit 77922a82c3f2e30eca04511fa5a355208349c657
+ * cipher/camellia-aesni-avx-amd64.S (camellia_f): Merge S-function output
+ rotation with P-function.
+
+ Add CMAC (Cipher-based MAC) to MAC API.
+ + commit b49cd64aaaff2e5488a84665362ef7150683226c
+ * cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'.
+ * cipher/cipher-cmac.c: New.
+ * cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'.
+ * cipher/cipher.c (gcry_cipher_open): Rename to...
+ (_gcry_cipher_open_internal): ...this and add CMAC.
+ (gcry_cipher_open): New wrapper that disallows use of internal
+ modes (CMAC) from outside.
+ (cipher_setkey, cipher_encrypt, cipher_decrypt)
+ (_gcry_cipher_authenticate, _gcry_cipher_gettag)
+ (_gcry_cipher_checktag): Add handling for CMAC mode.
+ (cipher_reset): Do not reset 'marks.key' and do not clear subkeys in
+ 'u_mode' in CMAC mode.
+ * cipher/mac-cmac.c: New.
+ * cipher/mac-internal.h: Add CMAC support and algorithms.
+ * cipher/mac.c: Add CMAC algorithms.
+ * doc/gcrypt.texi: Add documentation for CMAC.
+ * src/cipher.h (gcry_cipher_internal_modes): New.
+ (_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate)
+ (_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag)
+ (_gcry_cipher_cmac_set_subkeys): New prototypes.
+ * src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms.
+ * tests/basic.c (check_mac): Add CMAC test vectors.
+
+2013-11-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add new MAC API, initially with HMAC.
+ + commit fcd6da37d55f248d3558ee0ff385b41b866e7ded
+ * cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'.
+ * cipher/bufhelp.h (buf_eq_const): New.
+ * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for
+ constant-time compare.
+ * cipher/mac-hmac.c: New.
+ * cipher/mac-internal.h: New.
+ * cipher/mac.c: New.
+ * doc/gcrypt.texi: Add documentation for MAC API.
+ * src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13]
+ (GPG_ERR_MAC_ALGO): New.
+ * src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos)
+ (gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
+ (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
+ (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
+ (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name)
+ (gcry_mac_reset, gcry_mac_test_algo): New.
+ * src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
+ (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
+ (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
+ (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
+ * src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
+ (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
+ (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
+ (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
+ * src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
+ (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
+ (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
+ (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
+ * src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
+ (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
+ (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
+ (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
+ * tests/basic.c (check_one_mac, check_mac): New.
+ (main): Call 'check_mac'.
+ * tests/bench-slope.c (bench_print_header, bench_print_footer): Allow
+ variable algorithm name width.
+ (_cipher_bench, hash_bench): Update to above change.
+ (bench_hash_do_bench): Add 'gcry_md_reset'.
+ (bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench)
+ (mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New.
+ (main): Add 'mac' benchmark options.
+ * tests/benchmark.c (mac_repetitions, mac_bench): New.
+ (main): Add 'mac' benchmark options.
+
+ Use correct blocksize of 32 bytes for GOSTR3411-94 HMAC.
+ + commit b95a557a43aeed68ea5e5ce02aca42ee97bfdb3b
+ * cipher/md.c (md_open): Set macpads_Bsize to 32 for
+ GCRY_MD_GOST24311_94.
+
+2013-11-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ cipher: use size_t for internal buffer lengths.
+ + commit b787657a9d2c1d8e19f9fcb0b21e31cb062630cf
+ * cipher/arcfour.c (do_encrypt_stream, encrypt_stream): Use 'size_t'
+ for buffer lengths.
+ * cipher/blowfish.c (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
+ (_gcry_blowfish_cfb_dec): Ditto.
+ * cipher/camellia-glue.c (_gcry_camellia_ctr_enc)
+ (_gcry_camellia_cbc_dec, _gcry_blowfish_cfb_dec): Ditto.
+ * cipher/cast5.c (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec)
+ (_gcry_cast5_cfb_dec): Ditto.
+ * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
+ (_gcry_cipher_aeswrap_decrypt): Ditto.
+ * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
+ (_gcry_cipher_cbc_decrypt): Ditto.
+ * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt)
+ (_gcry_cipher_ccm_decrypt): Ditto.
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
+ (_gcry_cipher_cfb_decrypt): Ditto.
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
+ * cipher/cipher-internal.h (gcry_cipher_handle->bulk)
+ (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt)
+ (_gcry_cipher_cfb_encrypt, _gcry_cipher_cfb_decrypt)
+ (_gcry_cipher_ofb_encrypt, _gcry_cipher_ctr_encrypt)
+ (_gcry_cipher_aeswrap_encrypt, _gcry_cipher_aeswrap_decrypt)
+ (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Ditto.
+ * cipher/cipher-ofb.c (_gcry_cipher_cbc_encrypt): Ditto.
+ * cipher/cipher-selftest.h (gcry_cipher_bulk_cbc_dec_t)
+ (gcry_cipher_bulk_cfb_dec_t, gcry_cipher_bulk_ctr_enc_t): Ditto.
+ * cipher/cipher.c (cipher_setkey, cipher_setiv, do_ecb_crypt)
+ (do_ecb_encrypt, do_ecb_decrypt, cipher_encrypt)
+ (cipher_decrypt): Ditto.
+ * cipher/rijndael.c (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec)
+ (_gcry_aes_cfb_dec, _gcry_aes_cbc_enc, _gcry_aes_cfb_enc): Ditto.
+ * cipher/salsa20.c (salsa20_setiv, salsa20_do_encrypt_stream)
+ (salsa20_encrypt_stream, salsa20r12_encrypt_stream): Ditto.
+ * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
+ (_gcry_serpent_cfb_dec): Ditto.
+ * cipher/twofish.c (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
+ (_gcry_twofish_cfb_dec): Ditto.
+ * src/cipher-proto.h (gcry_cipher_stencrypt_t)
+ (gcry_cipher_stdecrypt_t, cipher_setiv_fuct_t): Ditto.
+ * src/cipher.h (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec)
+ (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec, _gcry_aes_ctr_enc)
+ (_gcry_blowfish_cfb_dec, _gcry_blowfish_cbc_dec)
+ (_gcry_blowfish_ctr_enc, _gcry_cast5_cfb_dec, _gcry_cast5_cbc_dec)
+ (_gcry_cast5_ctr_enc, _gcry_camellia_cfb_dec, _gcry_camellia_cbc_dec)
+ (_gcry_camellia_ctr_enc, _gcry_serpent_cfb_dec, _gcry_serpent_cbc_dec)
+ (_gcry_serpent_ctr_enc, _gcry_twofish_cfb_dec, _gcry_twofish_cbc_dec)
+ (_gcry_twofish_ctr_enc): Ditto.
+
+ Camellia: Add AVX/AES-NI key setup.
+ + commit ef9f52cbb39e46918c96200b09c21e931eff174f
+ * cipher/camellia-aesni-avx-amd64.S (key_bitlength, key_table): New
+ order of fields in ctx.
+ (camellia_f, vec_rol128, vec_ror128): New macros.
+ (__camellia_avx_setup128, __camellia_avx_setup256)
+ (_gcry_camellia_aesni_avx_keygen): New functions.
+ * cipher/camellia-aesni-avx2-amd64.S (key_bitlength, key_table): New
+ order of fields in ctx.
+ * cipher/camellia-arm.S (CAMELLIA_TABLE_BYTE_LEN, key_length): Remove
+ unused macros.
+ * cipher/camellia-glue.c (CAMELLIA_context): Move keytable to head for
+ better alignment; Make 'use_aesni_avx' and 'use_aesni_avx2' bitfield
+ members.
+ [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_keygen): New prototype.
+ (camellia_setkey) [USE_AESNI_AVX || USE_AESNI_AVX2]: Read hw features
+ to variable 'hwf' and match features from it.
+ (camellia_setkey) [USE_AESNI_AVX]: Use AES-NI/AVX key setup if
+ available.
+
+ Avoid unneeded stack burning with AES-NI and reduce number of 'decryption_prepared' checks
+ + commit c8ad83fb605fdbf6dc0b0dbcc8aedfbd477640da
+ * cipher/rijndael.c (RIJNDAEL_context): Make 'decryption_prepared',
+ 'use_padlock' and 'use_aesni' 1-bit members in bitfield.
+ (do_setkey): Move 'hwfeatures' inside [USE_AESNI || USE_PADLOCK].
+ (do_aesni_enc_aligned): Rename to...
+ (do_aesni_enc): ...this, as function does not require aligned input.
+ (do_aesni_dec_aligned): Rename to...
+ (do_aesni_dec): ...this, as function does not require aligned input.
+ (do_aesni): Remove.
+ (rijndael_encrypt): Call 'do_aesni_enc' instead of 'do_aesni'.
+ (rijndael_decrypt): Call 'do_aesni_dec' instead of 'do_aesni'.
+ (check_decryption_preparation): New.
+ (do_decrypt): Remove 'decryption_prepared' check.
+ (rijndael_decrypt): Ditto and call 'check_decryption_preparation'.
+ (_gcry_aes_cbc_dec): Ditto.
+ (_gcry_aes_cfb_enc): Add 'burn_depth' and burn stack only when needed.
+ (_gcry_aes_cbc_enc): Ditto.
+ (_gcry_aes_ctr_enc): Ditto.
+ (_gcry_aes_cfb_dec): Ditto.
+ (_gcry_aes_cbc_dec): Ditto and correct clearing of 'savebuf'.
+
+2013-11-14 Werner Koch <wk@gnupg.org>
+
+ md: Fix hashing for data >= 256 GB.
+ + commit c43a8c0d81a711161f7a81b24ef7c33a1353eee0
+ * cipher/hash-common.h (gcry_md_block_ctx): Add "nblocks_high".
+ * cipher/hash-common.c (_gcry_md_block_write): Bump NBLOCKS_HIGH.
+ * cipher/md4.c (md4_init, md4_final): Take care of NBLOCKS_HIGH.
+ * cipher/md5.c (md5_init, md5_final): Ditto.
+ * cipher/rmd160.c (_gcry_rmd160_init, rmd160_final): Ditto.
+ * cipher/sha1.c (sha1_init, sha1_final): Ditto.
+ * cipher/sha256.c (sha256_init, sha224_init, sha256_final): Ditto.
+ * cipher/sha512.c (sha512_init, sha384_init, sha512_final): Ditto.
+ * cipher/tiger.c (do_init, tiger_final): Ditto.
+ * cipher/whirlpool.c (whirlpool_final): Ditto.
+
+ * cipher/md.c (gcry_md_algo_info): Add GCRYCTL_SELFTEST.
+ (_gcry_md_selftest): Return "not implemented" as required.
+ * tests/hashtest.c: New.
+ * tests/genhashdata.c: New.
+ * tests/Makefile.am (TESTS): Add hashtest.
+ (noinst_PROGRAMS): Add genhashdata
+
+2013-11-13 Christian Grothoff <christian@grothoff.org>
+
+ ecc: Fix key generation for a plain Ed25519 key.
+ + commit 7d91e99bcd30a463dd4faed014b8521a663d8316
+ * cipher/ecc.c (nist_generate_key): Use custom code for ED25519.
+
+ ecc: Fix some memory leaks.
+ + commit c4f9af49f228df59c218381a25fa3c0f93ccbeae
+ * cipher/ecc-curves.c (_gcry_mpi_ec_new): Free ec->b before assigning.
+ * cipher/ecc.c (nist_generate_key): Release Q.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
+
+2013-11-11 Werner Koch <wk@gnupg.org>
+
+ ecc: Change keygrip computation for Ed25519+EdDSA.
+ + commit 4fb3c8e5a7fc6a1568f54bcc0be17fecf75e0742
+ * cipher/ecc.c (compute_keygrip): Rework.
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): New.
+ * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): New.
+ * tests/keygrip.c (key_grips): Add flag param and test cases for
+ Ed25519.
+
+ mpi: Add special format GCRYMPI_FMT_OPAQUE.
+ + commit 8b3eecee2d89179297e43de7d650f74759c61a58
+ * src/gcrypt.h.in (GCRYMPI_FMT_OPAQUE): New.
+ (_gcry_sexp_nth_opaque_mpi): Remove.
+ * src/sexp.c (gcry_sexp_nth_mpi): Add support for GCRYMPI_FMT_OPAQUE.
+ (_gcry_sexp_vextract_param): Replace removed function by
+ GCRYMPI_FMT_OPAQUE.
+
+2013-11-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix error output in CTR selftest.
+ + commit 7b26586e35a6d407ca31b41528b0810b1408fd4b
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Change
+ fprintf(stderr,...) to syslog(); Correct error output for bulk
+ IV check, plaintext mismatch => ciphertext mismatch.
+
+2013-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix Serpent-AVX2 and Camellia-AVX2 counter modes.
+ + commit df29831d008e32faf74091d080a415731418d158
+ * cipher/camellia-aesni-avx2-amd64.S
+ (_gcry_camellia_aesni_avx2_ctr_enc): Byte-swap before checking for
+ overflow handling.
+ * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128)
+ (selftest_cbc_128): Add 16 to nblocks.
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Add test with
+ non-overflowing IV and modify overflow IV to detect broken endianness
+ handling.
+ * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc): Byte-swap
+ before checking for overflow handling; Fix crazy-mixed-endian IV
+ construction to big-endian.
+ * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128)
+ (selftest_cbc_128): Add 8 to nblocks.
+
+2013-11-09 Sergey V <sftp.mtuci@gmail.com>
+
+ cipher/gost28147: optimization: use precomputed S-box tables.
+ + commit 51501b638546665163bbb85a14308fdb99211a28
+ * cipher/gost.h (GOST28147_context): Remove unneeded subst and
+ subst_set members.
+ * cipher/gost28147.c (max): Remove unneeded macro.
+ (test_sbox): Replace with new precomputed tables.
+ (gost_set_subst): Remove function.
+ (gost_val): Use new S-box tables.
+ (gost_encrypt_block, gost_decrypt_block): Tweak to use new ctx and
+ S-box tables.
+
+2013-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix tail handling for AES-NI counter mode.
+ + commit 60ed0abbbc7cb15812f1e713143c72555acea69e
+ * cipher/rijndael.c (do_aesni_ctr): Fix outputting of updated
+ counter-IV.
+
+2013-11-08 Werner Koch <wk@gnupg.org>
+
+ ecc: Improve gcry_pk_get_curve.
+ + commit 03aed1acec611362285db5156a6b92c91604fba4
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Factor some code out
+ to ..
+ (find_domain_parms_idx): new.
+ (_gcry_ecc_get_curve): Find by curve name on error.
+
+ cipher: Avoid signed divisions in idea.c.
+ + commit e241dde1420475459e32608137829e52748d0212
+ * cipher/idea.c (mul_inv): Use unsigned division.
+
+ ecc: Implement the "nocomp" flag for key generation.
+ + commit 9f63c0f7a3b2c15c7e258cd17395cabd0a8f00cc
+ * cipher/ecc.c (ecc_generate): Support the "nocomp" flag.
+ * tests/keygen.c (check_ecc_keys): Add a test for it.
+
+ ecc: Make "noparam" the default and replace by "param".
+ + commit ed45fd2e60c88e2f005282e6eadd018b59dcf65b
+ * src/cipher.h (PUBKEY_FLAG_NOCOMP): New.
+ (PUBKEY_FLAG_NOPARAM): Remove.
+ (PUBKEY_FLAG_PARAM): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new
+ flags and ignore the obsolete "noparam" flag.
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name
+ also for curves selected by NBITS.
+ (_gcry_mpi_ec_new): Support the "param" flag.
+ * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto.
+ * tests/keygen.c (check_ecc_keys): Remove the "noparam" flag.
+
+2013-11-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix decryption function size in AES AMD64 assembly.
+ + commit bfe4f6523b80bae0040328ef324b9000ee5b38a4
+ * cipher/rijndael-amd64.S (_gcry_aes_amd64_decrypt_block): Set '.size'
+ for '_gcry_aes_amd64_decrypt_block', not '..._encrypt_block'.
+
+ Change 64-bit shift to 32-bit in AES AMD64 assembly.
+ + commit 57b296ea3a5204cd3711b7bf57c8fb14d8542402
+ * cipher/rijndael-amd64.S (do16bit_shr): Change 'shrq' to 'shrl'.
+
+2013-11-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Speed-up AES-NI key setup.
+ + commit f702d62d888b30e24c19f203566a1473098b2b31
+ * cipher/rijndael.c [USE_AESNI] (m128i_t): Remove.
+ [USE_AESNI] (u128_t): New.
+ [USE_AESNI] (aesni_do_setkey): New.
+ (do_setkey) [USE_AESNI]: Move AES-NI accelerated key setup to
+ 'aesni_do_setkey'.
+ (do_setkey): Call _gcry_get_hw_features only once. Clear stack after
+ use in generic key setup part.
+ (rijndael_setkey): Remove stack burning.
+ (prepare_decryption) [USE_AESNI]: Use 'u128_t' instead of 'm128i_t' to
+ avoid compiler generated SSE2 instructions and XMM register usage,
+ unroll 'aesimc' setup loop
+ (prepare_decryption): Clear stack after use.
+ [USE_AESNI] (do_aesni_enc_aligned): Update comment about alignment.
+ (do_decrypt): Do not burning stack after prepare_decryption.
+
+ Avoid burn stack in Arcfour setkey.
+ + commit a50a6ba3540f49fc7dcdb32e691327d5942e3509
+ * cipher/arcfour.c (arcfour_setkey): Remove stack burning.
+
+ Avoid burn_stack in CAST5 setkey.
+ + commit 5797ebc268b4e953cedd0c729c5cdb1f8fd764e4
+ * cipher/cast5.c (do_cast_setkey): Use wipememory instead of memset.
+ (cast_setkey): Remove stack burning.
+
+ Improve Serpent key setup speed.
+ + commit 9897ccb381503455edc490679b2e9251a09ac5cb
+ * cipher/serpent.c (SBOX, SBOX_INVERSE): Remove index argument.
+ (serpent_subkeys_generate): Use smaller temporary arrays for subkey
+ generation and perform stack clearing locally.
+ (serpent_setkey_internal): Use wipememory to clear stack and remove
+ _gcry_burn_stack.
+ (serpent_setkey): Remove unneeded _gcry_burn_stack.
+
+ Modify encrypt/decrypt arguments for in-place.
+ + commit b8515aa70b00baba3fba8121ed305edcd029c8c7
+ * cipher/cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Modify
+ local arguments if in-place operation.
+
+ Speed up Stribog.
+ + commit a48d07ccadee4cb8b666a9a4ba2f00129bad5b2f
+ * cipher/stribog.c (STRIBOG_TABLES): Remove.
+ (Pi): Remove.
+ [!STRIBOG_TABLES] (A, strido): Remove.
+ (stribog_table): New table pre-reordered with Pi values.
+ (strido): Rewrite for new table.
+ (LPSX): Rewrite for new table.
+ (xor): Remove.
+ (g): Small tweaks.
+
+ Tweak AES-NI bulk CTR mode slightly.
+ + commit 3b5058b58a183fa23ecf3ef819e2ae6ac64c0216
+ * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_2_5): Rename to...
+ (aesni_cleanup_2_6): ...this and clear also 'xmm6'.
+ [USE_AESNI && __i386__] (do_aesni_ctr, do_aesni_ctr_4): Prevent
+ inlining only on i386, allow on AMD64.
+ [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Use counter block from
+ 'xmm5' and byte-swap mask from 'xmm6'.
+ (_gcry_aes_ctr_enc) [USE_AESNI]: Preload counter block to 'xmm5' and
+ byte-swap mask to 'xmm6'.
+ (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use
+ 'aesni_cleanup_2_6'.
+
+ Tweak bench-slope parameters.
+ + commit 7e98eecc1a955bc253765f92a166b6560f085b8c
+ * tests/bench-slope.c (BUF_STEP_SIZE): Half step size to 64.
+ (NUM_MEASUREMENT_REPETITIONS): Double repetitions to 64.
+
+ Optimize Blowfish weak key check.
+ + commit 8e1c0f9b894c39b6554c544208dc000682f520c7
+ * cipher/blowfish.c (hashset_elem, val_to_hidx, add_val): New.
+ (do_bf_setkey): Use faster algorithm for detecting weak keys.
+ (bf_setkey): Move stack burning to do_bf_setkey.
+
+ Fix __builtin_bswap32/64 checks.
+ + commit 2590a5df6f5fc884614c8c379324027d2d61b9b5
+ * configure.ac (gcry_cv_have_builtin_bswap32)
+ (gcry_cv_have_builtin_bswap64): Change compile checks to link checks.
+
+ Fix 'u32' build error with Camellia.
+ + commit 84bcb400e7db7268abfc29b5ab1513b0c063b293
+ * cipher/camellia.c: Add include for <config.h> and "types.h".
+ (u32): Remove.
+ (u8): Typedef as 'byte'.
+
+2013-11-06 Werner Koch <wk@gnupg.org>
+
+ pubkey: Add forward compatibility feature.
+ + commit 6d169b654c7ff04c10f73afe80b2c70cefa410c1
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add
+ "igninvflag".
+
+2013-11-05 Werner Koch <wk@gnupg.org>
+
+ ecc: Require "eddsa" flag for curve Ed25519.
+ + commit b9fd3988b54b50109f4e7179e7fe0739bb1d97c5
+ * src/cipher.h (PUBKEY_FLAG_ECDSA): Remove.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa".
+ * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag.
+ * cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag.
+ * tests/benchmark.c, tests/keygen.c, tests/pubkey.c
+ * tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags.
+
+ ecc: Fully implement Ed25519 compression in ECDSA mode.
+ + commit f09ffe8a4802af65a116e79eceeb1cb4ed4fa2f4
+ * src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS.
+ * mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it.
+ * cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as
+ opaque mpi and use eddsa decoding depending on the flag.
+ (_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the
+ curve.
+
+ mpi: Add function gcry_mpi_set_opaque_copy.
+ + commit 630aca794ddf057fb7265b7dc346374743036af4
+ * src/gcrypt.h.in (gcry_mpi_set_opaque_copy): New.
+ * src/visibility.c (gcry_mpi_set_opaque_copy): New.
+ * src/visibility.h (gcry_mpi_set_opaque_copy): Mark visible.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new API.
+ * tests/mpitests.c (test_opaque): Add test.
+
+2013-11-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Make test vectors 'static const'
+ + commit d50a88d1e29124d038196fec6082fd093e922604
+ * cipher/arcfour.c (selftest): Change test vectors to 'static const'.
+ * cipher/blowfish.c (selftest): Ditto.
+ * cipher/camellia-glue.c (selftest): Ditto.
+ * cipher/cast5.c (selftest): Ditto.
+ * cipher/des.c (selftest): Ditto.
+ * cipher/rijndael.c (selftest): Ditto.
+ * tests/basic.c (cipher_cbc_mac_cipher, check_aes128_cbc_cts_cipher)
+ (check_ctr_cipher, check_cfb_cipher, check_ofb_cipher)
+ (check_ccm_cipher, check_stream_cipher)
+ (check_stream_cipher_large_block, check_bulk_cipher_modes)
+ (check_ciphers, check_digests, check_hmac, check_pubkey_sign)
+ (check_pubkey_sign_ecdsa, check_pubkey_crypt, check_pubkey): Ditto.
+
+2013-11-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Make jump labels local in Salsa20 assembly.
+ + commit d4697862266f3c96b6946dc92139dd8f3e81e5f6
+ * cipher/salsa20-amd64.S: Rename '._labels' to '.L_labels'.
+ * cipher/salsa20-armv7-neon.S: Ditto.
+
+2013-10-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ bithelp: fix undefined behaviour with rol and ror.
+ + commit d1cadd145199040299538891ab2ccd1208f7776e
+ * cipher/bithelp.h (rol, ror): Mask shift with 31.
+
+2013-10-29 Werner Koch <wk@gnupg.org>
+
+ tests: Add feature to skip benchmarks.
+ + commit ba6bffafd17bea11985afc500022d66da261d59a
+ * tests/benchmark.c (main): Add feature to skip the test.
+ * tests/bench-slope.c (main): Ditto.
+ (get_slope): Repace C++ style comment.
+ (double_cmp, cipher_bench, _hash_bench): Repalce system reserved
+ symbols.
+
+ ecc: Finish Ed25519/ECDSA hack.
+ + commit c284f15db99e9cb135612de710199abb23baafd3
+ * cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case.
+ (ecc_verify): Implement ED25519/ECDSA uncompression.
+
+ ecc: Add flags "noparam" and "comp".
+ + commit ba892a0a874c8b2a83dbf0940608cd7e2911ce01
+ * src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags
+ and change code for possible faster parsing.
+ * cipher/ecc.c (ecc_generate): Implement the "noparam" flag.
+ (ecc_sign): Ditto.
+ (ecc_verify): Ditto.
+ * tests/keygen.c (check_ecc_keys): Use the "noparam" flag.
+
+ * cipher/ecc.c (ecc_generate): Fix parsing of the deprecated
+ transient-flag parameter.
+ (ecc_verify): Do not make Q optional in the extract-param call.
+
+2013-10-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix typos in documentation.
+ + commit 1faa61845f180bd47e037e400dde2d864ee83c89
+ * doc/gcrypt.texi: Fix some typos.
+
+ Add ARM NEON assembly implementation of Serpent.
+ + commit 2cb6e1f323d24359b1c5b113be5c2f79a2a4cded
+ * cipher/Makefile.am: Add 'serpent-armv7-neon.S'.
+ * cipher/serpent-armv7-neon.S: New.
+ * cipher/serpent.c (USE_NEON): New macro.
+ (serpent_context_t) [USE_NEON]: Add 'use_neon'.
+ [USE_NEON] (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec)
+ (_gcry_serpent_neon_cbc_dec): New prototypes.
+ (serpent_setkey_internal) [USE_NEON]: Detect NEON support.
+ (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec)
+ (_gcry_serpent_neon_cbc_dec) [USE_NEON]: Use NEON implementations
+ to process eight blocks in parallel.
+ * configure.ac [neonsupport]: Add 'serpent-armv7-neon.lo'.
+
+ Add ARM NEON assembly implementation of Salsa20.
+ + commit 3ff9d2571c18cd7a34359f9c60a10d3b0f932b23
+ * cipher/Makefile.am: Add 'salsa20-armv7-neon.S'.
+ * cipher/salsa20-armv7-neon.S: New.
+ * cipher/salsa20.c [USE_ARM_NEON_ASM]: New macro.
+ (struct SALSA20_context_s, salsa20_core_t, salsa20_keysetup_t)
+ (salsa20_ivsetup_t): New.
+ (SALSA20_context_t) [USE_ARM_NEON_ASM]: Add 'use_neon'.
+ (SALSA20_context_t): Add 'keysetup', 'ivsetup' and 'core'.
+ (salsa20_core): Change 'src' argument to 'ctx'.
+ [USE_ARM_NEON_ASM] (_gcry_arm_neon_salsa20_encrypt): New prototype.
+ [USE_ARM_NEON_ASM] (salsa20_core_neon, salsa20_keysetup_neon)
+ (salsa20_ivsetup_neon): New.
+ (salsa20_do_setkey): Setup keysetup, ivsetup and core with default
+ functions.
+ (salsa20_do_setkey) [USE_ARM_NEON_ASM]: When NEON support detect,
+ set keysetup, ivsetup and core with ARM NEON functions.
+ (salsa20_do_setkey): Call 'ctx->keysetup'.
+ (salsa20_setiv): Call 'ctx->ivsetup'.
+ (salsa20_do_encrypt_stream) [USE_ARM_NEON_ASM]: Process large buffers
+ in ARM NEON implementation.
+ (salsa20_do_encrypt_stream): Call 'ctx->core' instead of directly
+ calling 'salsa20_core'.
+ (selftest): Add test to check large buffer processing and block counter
+ updating.
+ * configure.ac [neonsupport]: 'Add salsa20-armv7-neon.lo'.
+
+ Add AMD64 assembly implementation of Salsa20.
+ + commit 5a3d43485efdc09912be0967ee0a3ce345b3b15a
+ * cipher/Makefile.am: Add 'salsa20-amd64.S'.
+ * cipher/salsa20-amd64.S: New.
+ * cipher/salsa20.c (USE_AMD64): New macro.
+ [USE_AMD64] (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup)
+ (_gcry_salsa20_amd64_encrypt_blocks): New prototypes.
+ [USE_AMD64] (salsa20_keysetup, salsa20_ivsetup, salsa20_core): New.
+ [!USE_AMD64] (salsa20_core): Change 'src' to non-constant, update block
+ counter in 'salsa20_core' and return burn stack depth.
+ [!USE_AMD64] (salsa20_keysetup, salsa20_ivsetup): New.
+ (salsa20_do_setkey): Move generic key setup to 'salsa20_keysetup'.
+ (salsa20_setkey): Fix burn stack depth.
+ (salsa20_setiv): Move generic IV setup to 'salsa20_ivsetup'.
+ (salsa20_do_encrypt_stream) [USE_AMD64]: Process large buffers in AMD64
+ implementation.
+ (salsa20_do_encrypt_stream): Move stack burning to this function...
+ (salsa20_encrypt_stream, salsa20r12_encrypt_stream): ...from these
+ functions.
+ * configure.ac [x86-64]: Add 'salsa20-amd64.lo'.
+
+ Add new benchmarking utility, bench-slope.
+ + commit e214e8392671dd30e9c33260717b5e756debf3bf
+ * tests/Makefile.am (TESTS): Add 'bench-slope'.
+ * tests/bench-slope.c: New.
+
+ Change .global to .globl in assembly files.
+ + commit ebc8abfcb09d6106fcfce40f240a513e276f46e9
+ * cipher/blowfish-arm.S: Change '.global' to '.globl'.
+ * cipher/camellia-aesni-avx-amd64.S: Ditto.
+ * cipher/camellia-aesni-avx2-amd64.S: Ditto.
+ * cipher/camellia-arm.S: Ditto.
+ * cipher/cast5-amd64.S: Ditto.
+ * cipher/rijndael-amd64.S: Ditto.
+ * cipher/rijndael-arm.S: Ditto.
+ * cipher/serpent-avx2-amd64.S: Ditto.
+ * cipher/serpent-sse2-amd64.S: Ditto.
+ * cipher/twofish-amd64.S: Ditto.
+ * cipher/twofish-arm.S: Ditto.
+
+2013-10-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Deduplicate code for ECB encryption and decryption.
+ + commit 51f1beab3d1e879942a95f58b08de7dbcce75dce
+ * cipher/cipher.c (do_ecb_crypt): New, based on old 'do_ecb_encrypt'.
+ (do_ecb_encrypt): Use 'do_ecb_crypt', pass encryption function.
+ (do_ecb_decrypt): Use 'do_ecb_crypt', pass decryption function.
+
+2013-10-26 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Drop _gcry_cipher_ofb_decrypt as it duplicates _gcry_cipher_ofb_encrypt.
+ + commit d9431725952e40f201c7eda000d3c8511ebd5b33
+ * cipher/cipher.c (cipher_decrypt): Use _gcry_cipher_ofb_encrypt for OFB
+ decryption.
+ * cipher/cipher-internal.h: Remove _gcry_cipher_ofb_decrypt declaration.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_decrypt): Remove.
+ (_gcry_cipher_ofb_encrypt): remove copying of IV to lastiv, it's
+ unused there.
+
+2013-10-25 Werner Koch <wk@gnupg.org>
+
+ tests: Add tests for mpi_cmp.
+ + commit 6c6d4810927de7310ae7bac61b4ff5467d7cb485
+ * tests/mpitests.c (die): Modernize.
+ (fail): New.
+ (test_opaque, test_add, test_sub, test_mul): Use gcry_log_xx
+ (main): Return error count.
+ (test_cmp): New.
+
+2013-10-24 Werner Koch <wk@gnupg.org>
+
+ ecc: Change algorithm for Ed25519 x recovery.
+ + commit c630fd71b336eb9209e914d24dc1e26a34521882
+ * cipher/ecc-eddsa.c (scanval): Add as temporary hack.
+ (_gcry_ecc_eddsa_recover_x): Use the algorithm from page 15 of the
+ paper. Return an error code.
+ (_gcry_ecc_eddsa_decodepoint): Take care of the error code.
+ * mpi/mpi-mul.c (gcry_mpi_mulm): Use truncated division.
+
+ ecc: Refactor _gcry_ecc_eddsa_decodepoint.
+ + commit 1cf5699b6febab1ef9d300531acc2ee33a7df739
+ * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Factor some code
+ out to ..
+ (_gcry_ecc_eddsa_recover_x): new.
+
+2013-10-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ ecc-gost: Add missing include.
+ + commit 9ce54e5b512418ddf45ce18f2cbd48cdced779f5
+ * ecc-gost.c: Include "pubkey-internal.h".
+
+2013-10-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Replace architecture specific fast_wipememory2 with generic.
+ + commit 54df6fcd806f8c150cffe6cc09925bb8b638bb5b
+ * src/g10lib.h (fast_wipememory2): Remove architecture specific
+ implementations and add generic implementation.
+
+ Improve the speed of the cipher mode code.
+ + commit 293e93672fdabc829e35cc624c397276342bafe4
+ * cipher/bufhelp.h (buf_cpy): New.
+ (buf_xor, buf_xor_2dst): If buffers unaligned, always jump to per-byte
+ processing.
+ (buf_xor_n_copy_2): New.
+ (buf_xor_n_copy): Use 'buf_xor_n_copy_2'.
+ * cipher/blowfish.c (_gcry_blowfish_cbc_dec): Avoid extra memory copy
+ and use new 'buf_xor_n_copy_2'.
+ * cipher/camellia-glue.c (_gcry_camellia_cbc_dec): Ditto.
+ * cipher/cast5.c (_gcry_cast_cbc_dec): Ditto.
+ * cipher/serpent.c (_gcry_serpent_cbc_dec): Ditto.
+ * cipher/twofish.c (_gcry_twofish_cbc_dec): Ditto.
+ * cipher/rijndael.c (_gcry_aes_cbc_dec): Ditto.
+ (do_encrypt, do_decrypt): Use 'buf_cpy' instead of 'memcpy'.
+ (_gcry_aes_cbc_enc): Avoid copying IV, use 'last_iv' pointer instead.
+ * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt): Avoid copying IV,
+ update pointer to IV instead.
+ (_gcry_cipher_cbc_decrypt): Avoid extra memory copy and use new
+ 'buf_xor_n_copy_2'.
+ (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Avoid extra
+ accesses to c->spec, use 'buf_cpy' instead of memcpy.
+ * cipher/cipher-ccm.c (do_cbc_mac): Ditto.
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
+ (_gcry_cipher_cfb_decrypt): Ditto.
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
+ (_gcry_cipher_ofb_decrypt): Ditto.
+ * cipher/cipher.c (do_ecb_encrypt, do_ecb_decrypt): Ditto.
+
+ bufhelp: enable unaligned memory accesses for AArch64 (64-bit ARM)
+ + commit 2901a10dbf1264707debc8402546c07eeac60932
+ * cipher/bufhelp.h [__aarch64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set
+ macro on AArch64.
+
+2013-10-23 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Enable assembler optimizations on earlier ARM cores.
+ + commit 2fd83faa876d0be91ab7884b1a9eaa7793559eb9
+ * cipher/blowfish-armv6.S => cipher/blowfish-arm.S: adapt to pre-armv6 CPUs.
+ * cipher/blowfish.c: enable assembly on armv4/armv5 little-endian CPUs.
+ * cipher/camellia-armv6.S => cipher/camellia-arm.S: adapt to pre-armv6 CPUs.
+ * cipher/camellia.c, cipher-camellia-glue.c: enable assembly on armv4/armv5
+ little-endian CPUs.
+ * cipher/cast5-armv6.S => cipher/cast5-arm.S: adapt to pre-armv6 CPUs.
+ * cipher/cast5.c: enable assembly on armv4/armv5 little-endian CPUs.
+ * cipher/rijndael-armv6.S => cipher/rijndael-arm.S: adapt to pre-armv6 CPUs.
+ * cipher/rijndael.c: enable assembly on armv4/armv5 little-endian CPUs.
+ * cipher/twofish-armv6.S => cipher/twofish-arm.S: adapt to pre-armv6 CPUs.
+ * cipher/twofish.c: enable assembly on armv4/armv5 little-endian CPUs.
+
+ mpi: enable assembler on all arm architectures.
+ + commit 0b39fce7e3ce6761d6bd5195d093ec6857edb7c2
+ * mpi/config.links: remove check for arm >= v6
+ * mpi/armv6 => mpi/arm: rename directory to reflect that is is generic
+ enough
+
+ Correct ASM assembly test in configure.ac.
+ + commit 10bf6a7e16ed193f90d2749970a420f00d1d3320
+ * configure.ac: correct HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS test to
+ require neither ARMv6, nor thumb mode. Our assembly code works
+ perfectly even on ARMv4 now.
+
+2013-10-23 Werner Koch <wk@gnupg.org>
+
+ ecc: Refactor ecc.c.
+ + commit 164eb8c85d773ef4f0939115ec45f5e4b47c1700
+ * cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files.
+ * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files.
+ * cipher/ecc.c (point_init, point_free): Move to ecc-common.h.
+ (sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign.
+ (verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify.
+ (sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign.
+ (verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify.
+ (sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign.
+ (verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify.
+ (eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey.
+ (reverse_buffer): Move to ecc-eddsa.c.
+ (eddsa_encodempi, eddsa_encode_x_y): Ditto.
+ (_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto.
+
+ mpi: Fix scanning of negative SSH formats and add more tests.
+ + commit 45f6e6268bfdc4b608beaba6b7086b2286e33c71
+ * mpi/mpicoder.c (gcry_mpi_scan): Fix sign setting for SSH format.
+ * tests/t-convert.c (negative_zero): Test all formats.
+ (check_formats): Add tests for PGP and scan tests for SSH and USG.
+
+ * src/gcrypt.h.in (mpi_is_neg): Fix macro.
+
+ * mpi/mpi-scan.c (_gcry_mpi_getbyte, _gcry_mpi_putbyte): Comment out
+ these unused functions.
+
+2013-10-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ twofish: add ARMv6 assembly implementation.
+ + commit 98674fdaa30ab22a3ac86ca05d688b5b6112895d
+ * cipher/Makefile.am: Add 'twofish-armv6.S'.
+ * cipher/twofish-armv6.S: New.
+ * cipher/twofish.c (USE_ARMV6_ASM): New macro.
+ [USE_ARMV6_ASM] (_gcry_twofish_armv6_encrypt_block)
+ (_gcry_twofish_armv6_decrypt_block): New prototypes.
+ [USE_AMDV6_ASM] (twofish_encrypt, twofish_decrypt): Add.
+ [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt): Remove.
+ (_gcry_twofish_ctr_enc, _gcry_twofish_cfb_dec): Use 'twofish_encrypt'
+ instead of 'do_twofish_encrypt'.
+ (_gcry_twofish_cbc_dec): Use 'twofish_decrypt' instead of
+ 'do_twofish_decrypt'.
+ * configure.ac [arm]: Add 'twofish-armv6.lo'.
+
+ mpi: allow building with clang on ARM.
+ + commit e67c67321ce240c93dd0fa2b21c649c0a8e233f7
+ * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
+ (count_leading_zeros): Do not cast assembly output arguments.
+ [__arm__] (umul_ppmm): Remove the extra '%' ahead of assembly comment.
+ [_ARM_ARCH >= 4] (umul_ppmm): Use correct inputs and outputs instead of
+ registers.
+
+ serpent-amd64: do not use GAS macros.
+ + commit c7efaa5fe0ee92e321a7b49d56752cc12eb75fe0
+ * cipher/serpent-avx2-amd64.S: Remove use of GAS macros.
+ * cipher/serpent-sse2-amd64.S: Ditto.
+ * configure.ac [HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Do not check
+ for GAS macros.
+
+ Add Counter with CBC-MAC mode (CCM)
+ + commit 335d9bf7b035815750b63a3a8334d6ce44dc4449
+ * cipher/Makefile.am: Add 'cipher-ccm.c'.
+ * cipher/cipher-ccm.c: New.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'.
+ (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt)
+ (_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate)
+ (_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag)
+ (_gcry_cipher_ccm_set_lengths): New prototypes.
+ * cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt)
+ (_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag)
+ (_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode.
+ * doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM.
+ * src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'.
+ (gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'.
+ (GCRY_CCM_BLOCK_LEN): New.
+ * tests/basic.c (check_ccm_cipher): New.
+ (check_cipher_modes): Call 'check_ccm_cipher'.
+ * tests/benchmark.c (ccm_aead_init): New.
+ (cipher_bench): Add handling for AEAD modes and add CCM benchmarking.
+
+ Add API to support AEAD cipher modes.
+ + commit 95654041f2aa62f71aac4d8614dafe8433d10f95
+ * cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag)
+ (_gcry_cipher_gettag): New.
+ * doc/gcrypt.texi: Add documentation for new API functions.
+ * src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag)
+ (gcry_cipher_gettag): New.
+ * src/gcrypt.h.in, src/visibility.h: add declarations of these
+ functions.
+ * src/libgcrypt.defs, src/libgcrypt.vers: export functions.
+
+2013-10-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Correct compliant key generation for Edwards curves.
+ + commit a5a277a9016ccb34f1858a65e0ed1791b2fc3db3
+ * cipher/ecc.c: Add case for Edwards curves.
+
+2013-10-17 Werner Koch <wk@gnupg.org>
+
+ tests: Add test options to keygen.
+ + commit f7711e6eb5f02d03c74911f6f037ab28075e7c0d
+ * tests/keygen.c (usage): New.
+ (main): Print usage info. Allow running just one algo.
+
+ mpi: Do not clear the sign of the mpi_mod result.
+ + commit 91e007606f1f6f8e1416c403fe809d47fddf9b1f
+ * mpi/mpi-mod.c (_gcry_mpi_mod): Remove sign setting.
+
+ ecc: Put the curve name again into the output of gcry_pk_genkey.
+ + commit 4776dcd394ce59fa50d959921857b3427c5a63c8
+ * cipher/ecc.c (ecc_generate): Use the correct var. Release
+ CURVE_FLAGS.
+
+ ecc: Support Weierstrass curves in gcry_mpi_ec_curve_point.
+ + commit b22417158c50ec3a0b2ff55b4ade063b42a87e8f
+ * mpi/ec.c (_gcry_mpi_ec_curve_point): Support MPI_EC_WEIERSTRASS.
+
+2013-10-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ arcfour: more optimized version for non-i386 architectures.
+ + commit f9371c026aad09ff48746d22c8333746c886e773
+ * cipher/arcfour.c (ARCFOUR_context): Reorder members.
+ (do_encrypt_stream) [!__i386__]: Faster implementation for non-i386.
+ (do_arcfour_setkey): Avoid modulo operations.
+
+ Avoid void* pointer arithmetic.
+ + commit c89ab921ccfaefe6c4f6a724d01e0df41a1a381f
+ * tests/tsexp.c (check_extract_param): Cast void* pointers to char*
+ before doing arithmetics.
+
+2013-10-16 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ ecc: Add support for GOST R 34.10-2001/-2012 signatures.
+ + commit 83902f1f1dbc8263a0c3f61be59cd2eb95293c97
+ * src/cipher.h: define PUBKEY_FLAG_GOST
+ * cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves
+ defined in standards. Typical applications would use either those
+ curves, or curves defined in RFC 4357 (will be added later).
+ * cipher/ecc.c (sign_gost, verify_gost): New.
+ (ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST
+ is set.
+ (ecc_names): add "gost" for gost signatures.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
+ _gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag
+ is present in s-exp.
+ * tests/benchmark.c (ecc_bench): also benchmark GOST signatures.
+ * tests/basic.c (check_pubkey): add two public keys from
+ GOST R 34.10-2012 standard.
+ (check_pubkey_sign_ecdsa): add two data sets to check gost signatures.
+ * tests/curves.c: correct N_CURVES as we now have 2 more curves.
+
+
+ Removed some comments from the new curve definitions in ecc-curves.c
+ to avoid line wrapping. Eventually we will develop a precompiler to
+ avoid parsing those hex strings. -wk
+
+ Fix 256-bit ecdsa test key definition.
+ + commit 187b2bb541b985255aee262d181434a7cb4ae2e7
+ * tests/basic.c (check_pubkey): fix nistp256 testing key declaration -
+ add missing comma.
+
+2013-10-16 Werner Koch <wk@gnupg.org>
+
+ sexp: Add function gcry_sexp_extract_param.
+ + commit a329b6abf00c990faf1986f9fbad7b4d71c13bcb
+ * src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New.
+ (gcry_sexp_extract_param): New.
+ * src/visibility.c (gcry_sexp_extract_param): New.
+ * src/visibility.h (gcry_sexp_extract_param): Add hack to detect
+ internal use.
+ * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split
+ into ...
+ * src/sexp.c (_gcry_sexp_vextract_param)
+ (_gcry_sexp_extract_param): this. Change all callers. Add support for buffer
+ descriptors and a path option/
+
+ * tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New.
+ (cmp_mpihex, cmp_bufhex): New.
+ (check_extract_param): New.
+
+2013-10-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ mpi: mpi-pow improvement.
+ + commit 45aa6131e93fac89d46733b3436d960f35fb99b2
+ * mpi/mpi-pow.c (gcry_mpi_powm): New implementation of left-to-right
+ k-ary exponentiation.
+
+2013-10-15 Werner Koch <wk@gnupg.org>
+
+ ecc: Support use of Ed25519 with ECDSA.
+ + commit 537969fbbb1104b8305a7edb331b7666d54eff2c
+ * src/cipher.h (PUBKEY_FLAG_ECDSA): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa".
+ * cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output.
+ (ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA.
+ * tests/keygen.c (check_ecc_keys): Create such a test key.
+ * tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New.
+ Take from dsa-6979.c
+ (check_ed25519ecdsa_sample_key): new.
+ (main): Call new test.
+
+2013-10-14 Werner Koch <wk@gnupg.org>
+
+ pubkey: Support flags list in gcry_pk_genkey.
+ + commit d3a605d7827b8a73ef844e9e5183590bd6b1389a
+ * src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
+ (PUBKEY_FLAG_USE_X931): New.
+ (PUBKEY_FLAG_USE_FIPS186): New.
+ (PUBKEY_FLAG_USE_FIPS186_2): New.
+ * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from
+ parse_flags_list. Parse new flags.
+ * cipher/dsa.c (dsa_generate): Support flag list.
+ * cipher/ecc.c (ecc_generate): Ditto.
+ * cipher/rsa.c (rsa_generate): Ditto.
+
+ pubkey: Remove duplicated flag parsing code.
+ + commit 5be2345ddec4147e535d5b039ee74f84bcacf9e4
+ * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval)
+ (_gcry_pk_util_data_to_mpi): Factor flag parsing code out to ..
+ (parse_flag_list): New.
+ * src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New.
+
+ mpicalc: Accept lowercase hex digits.
+ + commit 0cd551faa775ad5309a40629ae30bf86b75fca09
+ * src/mpicalc.c (main): Test for lowercase hex digits.
+
+2013-10-11 Werner Koch <wk@gnupg.org>
+
+ pubkey: Move sexp parsing of remaining fucntions to the modules.
+ + commit a951c061523e1c13f1358c9760fc3a9d787ab2d4
+ * cipher/pubkey.c (release_mpi_array): Remove.
+ (pubkey_check_secret_key): Remove.
+ (sexp_elements_extract): Remove.
+ (sexp_elements_extract_ecc): Remove.
+ (sexp_to_key): Remove.
+ (get_hash_algo): Remove.
+ (gcry_pk_testkey): Revamp.
+ (gcry_pk_get_curve): Revamp.
+ * cipher/rsa.c (rsa_check_secret_key): Revamp.
+ * cipher/elgamal.c (elg_check_secret_key): Revamp.
+ * cipher/dsa.c (dsa_check_secret_key): Revamp.
+ * cipher/ecc.c (ecc_check_secret_key): Revamp.
+ * cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h
+ (_gcry_ecc_get_curve): Revamp.
+
+ * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and
+ used parameters on error to NULL.
+
+ pubkey: Move sexp parsing for gcry_pk_decrypt to the modules.
+ + commit 07950c865a901afc48acb46f0695040cadfd5068
+ * cipher/rsa.c (rsa_decrypt): Revamp.
+ * cipher/elgamal.c (elg_decrypt): Revamp.
+ * cipher/ecc.c (ecc_decrypt_raw): Revamp.
+ * cipher/pubkey.c (gcry_pk_decrypt): Simplify.
+ (sexp_to_enc): Remove.
+ * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New.
+
+ pubkey: Move sexp parsing for gcry_pk_encrypt to the modules.
+ + commit 6bd5d18c45a4a3ce8f0f66f56c83b80594877f53
+ * cipher/rsa.c (rsa_encrypt): Revamp.
+ * cipher/elgamal.c (elg_encrypt): Revamp.
+ * cipher/ecc.c (ecc_encrypt_raw): Revamp.
+ * cipher/pubkey.c (gcry_pk_encrypt): Simplify.
+
+ * tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so
+ that they are initialized even after an encrypt failure.
+
+ pubkey: Move sexp parsing for gcry_pk_sign to the modules.
+ + commit d0ae6635e4e6ae273c3a137c513d518f28f6eab3
+ * cipher/rsa.c (rsa_sign): Revamp.
+ * cipher/dsa.c (dsa_sign): Revamp.
+ * cipher/elgamal.c (elg_sign): Revamp.
+ * cipher/ecc.c (ecc_sign): Revamp.
+ * cipher/pubkey.c (gcry_pk_sign): Simplify.
+
+2013-10-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Prevent tail call optimization with _gcry_burn_stack.
+ + commit 150c0313f971bcea62d2802f0389c883e11ebb31
+ * configure.ac: New check, HAVE_GCC_ASM_VOLATILE_MEMORY.
+ * src/g10lib.h (_gcry_burn_stack): Rename to __gcry_burn_stack.
+ (__gcry_burn_stack_dummy): New.
+ (_gcry_burn_stack): New macro.
+ * src/misc.c (_gcry_burn_stack): Rename to __gcry_burn_stack.
+ (__gcry_burn_stack_dummy): New.
+
+2013-10-09 Werner Koch <wk@gnupg.org>
+
+ pubkey: Move sexp parsing for gcry_pk_verify to the modules.
+ + commit 94b652ecb006c29fa2ffb1badc9f02b758581737
+ * cipher/rsa.c (rsa_verify): Revamp.
+ * cipher/dsa.c (dsa_verify): Revamp.
+ * cipher/elgamal.c (elg_verify): Revamp.
+ * cipher/ecc.c (ecc_verify): Revamp.
+ * cipher/pubkey.c (sexp_to_sig): Remove.
+ (pss_verify_cmp): Move to pubkey-util.c
+ (sexp_data_to_mpi): Ditto.
+ (init_encoding_ctx): Ditto.
+ (gcry_pk_verify): Simplify.
+ * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take
+ from pubkey.c
+ (get_hash_algo): Ditto.
+ (_gcry_pk_util_data_to_mpi): Ditto.
+ (pss_verify_cmp): Ditto.
+ (_gcry_pk_util_extract_mpis): New.
+ (_gcry_pk_util_preparse_sigval): New.
+ (_gcry_pk_util_free_encoding_ctx): New.
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init
+ optional.
+
+ * src/g10lib.h (GCC_ATTR_SENTINEL): New.
+
+ * tests/basic.c (check_pubkey_sign): Print the algo name.
+ (main): Add option --pubkey.
+
+2013-10-08 Werner Koch <wk@gnupg.org>
+
+ pubkey: Move sexp parsing for gcry_pk_get_nbits to the modules.
+ + commit 4645f3728bb0900591b0aef85831fdee52c59e3c
+ * cipher/pubkey.c (spec_from_sexp): New.
+ (gcry_pk_get_nbits): Simplify.
+ * cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp
+ parsing here.
+ * cipher/dsa.c (dsa_get_nbits): Ditto.
+ * cipher/elgamal.c (elg_get_nbits): Ditto.
+ * cipher/ecc.c (ecc_get_nbits): Ditto.
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg
+ CURVE.
+
+ pubkey: Move sexp parsing for gcry_pk_getkey to the modules.
+ + commit 3816e46ce211e63adf46dbc775510aa137572248
+ * cipher/pubkey-util.c: New.
+ (_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey.
+ (_gcry_pk_util_get_rsa_use_e): Ditto.
+ * cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass.
+ * cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE.
+ Call new fucntions to get these values.
+ * cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE.
+ Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms.
+ * cipher/elgamal.c (elg_generate): Ditto.
+ * cipher/ecc.c (ecc_generate): Ditto.
+
+ cipher: Deprecate GCRY_PK_ELG_E.
+ + commit f79d3e13d3229115c47cbe5007647cb44105fe3f
+ * cipher/elgamal.c (_gcry_pubkey_spec_elg_e): Remove.
+ * cipher/pubkey.c (pubkey_list): Remove double included
+ _gcry_pubkey_spec_elg.
+ (map_algo): MAke ELG_E to ELG.
+
+2013-10-02 Werner Koch <wk@gnupg.org>
+
+ Provide Pth compatiblity for use with GnuPG 2.0.
+ + commit 2f767f6a17f7e99da4075882f7fe3ca597b31bdb
+ * src/ath.c (ath_install): Call ath_init and declare Pth as
+ compatible.
+
+2013-10-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ sha512: fix building on ARM.
+ + commit 6410152338a2b2ac1216e70c153cd16f9199c94e
+ * cipher/sha512.c (transform) [USE_ARM_NEON_ASM]: Fix 'hd' to 'ctx'.
+
+2013-10-02 Werner Koch <wk@gnupg.org>
+
+ Remove deprecated control codes.
+ + commit f04a1db22d982627ba87da4e5df52df9b994c779
+ * src/gcrypt.h.in (GCRYCTL_SET_KEY): Remove.
+ (GCRYCTL_SET_IV): Remove.
+ (GCRYCTL_SET_CTR): Remove.
+ * cipher/md.c (gcry_md_ctl): Remove deprecated GCRYCTL_SET_KEY.
+ * cipher/cipher.c (gcry_cipher_ctl): Remove deprecated
+ GCRYCTL_SET_KEY, GCRYCTL_SET_IV, GCRYCTL_SET_CTR.
+
+2013-10-02 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Fix errors when building with Clang on PPC.
+ + commit 33757c1e03f1d885920633edf543cd1c77999455
+ * mpi/longlong.h (add_ssaaaa, sub_ddmmss, count_leading_zeros,
+ umul_ppmm): Do not cast asm output to USItype.
+
+2013-10-02 Werner Koch <wk@gnupg.org>
+
+ Remove last remains of the former module system.
+ + commit 628ed5ba0ef4b1f04b5a77e29e4bc49a1fe13c07
+ * src/gcrypt-module.h, src/module.c: Remove.
+ * src/visibility.h: Do not include gcrypt-module.h.
+ * src/g10lib.h: Remove all prototypes from module.c
+ (gcry_module): Remove.
+ * cipher/cipher-internal.h (gcry_cipher_handle): Remove unused field.
+
+ Fix missing prototype warning in visibility.c.
+ + commit 52783d483293d48cd468143ae6ae2cccbfe17200
+ * src/ec-context.h (_gcry_mpi_ec_new): Move prototype to mpi.h.
+
+ md: Simplify the message digest dispatcher md.c.
+ + commit 0d39997932617ba20656f8bcc230ba744b76c87e
+ * src/gcrypt-module.h (gcry_md_spec_t): Move to ...
+ * src/cipher-proto.h: here. Merge with md_extra_spec_t. Add fields
+ ALGO and FLAGS. Set these fields in all digest modules.
+ * cipher/md.c: Change most code to replace the former module
+ system by a simpler system to gain information about the algorithms.
+
+2013-10-01 Werner Koch <wk@gnupg.org>
+
+ cipher: Simplify the cipher dispatcher cipher.c.
+ + commit 3ca180b25e8df252fc16f802cfdc27496e307830
+ * src/gcrypt-module.h (gcry_cipher_spec_t): Move to ...
+ * src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with
+ cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in
+ all cipher modules.
+ * cipher/cipher.c: Change most code to replace the former module
+ system by a simpler system to gain information about the algorithms.
+ (disable_pubkey_algo): Simplified. Not anymore thread-safe, though.
+
+ * cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real
+ problem because both define the same function as their first field.
+
+ * cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag.
+
+ mpi: Fix gcry_mpi_neg.
+ + commit 4153fa859816e799e506055321a22e6450aacdcc
+ * mpi/mpiutil.c (_gcry_mpi_neg): Copy U to W.
+
+2013-10-01 Peter Wu <lekensteyn@gmail.com>
+
+ cipher: Add support for 128-bit keys in RC2.
+ + commit 738177ec0eae05069ec61bc4f724a69d4e052e42
+ * cipher/rfc2268.c (oids_rfc2268_128): New
+ (_gcry_cipher_spec_rfc2268_128): New.
+ * cipher/cipher.c (cipher_table_entry): Add GCRY_CIPHER_RFC2268_128.
+
+2013-09-30 Werner Koch <wk@gnupg.org>
+
+ ecc: Use faster b parameter for Ed25519.
+ + commit 1d85452412b65e7976bc94969fc513ff6b880ed8
+ * cipher/ecc-curves.c (domain_parms): Replace b.
+ * tests/t-mpi-point.c (test_curve): Ditto.
+
+ ecc: Prepare for future Ed25519 optimization.
+ + commit a2618c822e666d4121cba29bee3fd50bf70c9743
+ * mpi/ec-ed25519.c: New but empty file.
+ * mpi/ec-internal.h: New.
+ * mpi/ec.c: Include ec-internal.h.
+ (ec_mod): New.
+ (ec_addm): Use ec_mod.
+ (ec_mulm): Remove commented code. Use ec_mod.
+ (ec_subm): Call simple sub.
+ (ec_pow2): Use ec_mulm.
+ (ec_mul2): New.
+ (dup_point_weierstrass): Use ec_mul2.
+ (dup_point_twistededwards): Add special case for a == -1. Use
+ ec_mul2.
+ (add_points_weierstrass): Use ec_mul2.
+ (add_points_twistededwards): Add special case for a == -1.
+ (_gcry_mpi_ec_curve_point): Ditto.
+ (ec_p_init): Add hack to test Barrett functions.
+ * src/ec-context.h (mpi_ec_ctx_s): Add P_BARRETT.
+
+ * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Fix sign problem.
+
+ ecc: Fix recomputing of Q for Ed25519.
+ + commit c325adb8f5092b80a626bd3bb5e49cf7f3a29fc8
+ * cipher/ecc-misc.c (reverse_buffer): New.
+ (_gcry_ecc_compute_public): Add ED255519 specific code.
+ * cipher/ecc.c (sign_eddsa): Allocate DIGEST in secure memory. Get
+ rid of HASH_D.
+ * tests/t-mpi-point.c (context_param): Test recomputing of Q for
+ Ed25519.
+
+ log: Try to print s-expressions in a more compact format.
+ + commit d69a13d3d1c14ad6a6aa7cd349d6d2dfb152d422
+ * src/misc.c (count_closing_parens): New.
+ (_gcry_log_printsxp): Use new function.
+ * mpi/ec.c (_gcry_mpi_point_log): Take care of a NULL point.
+
+2013-09-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Make Whirlpool use the _gcry_md_block_write helper.
+ + commit 68cefd0f1d60ac33b58031df9b1d165cb1bf0f14
+ * cipher/whirlpool.c (whirlpool_context_t): Add 'bctx', remove
+ 'buffer', 'count' and 'nblocks'.
+ (whirlpool_init): Initialize 'bctx'.
+ (whirlpool_transform): Adjust context argument type and burn stack
+ depth.
+ (whirlpool_add): Remove.
+ (whirlpool_write): Use _gcry_md_block_write.
+ (whirlpool_final, whirlpool_read): Adjust for 'bctx' usage.
+
+ whirlpool: add stack burning after transform.
+ + commit a96d622e1a36d40d1504b7ada567e90ec9957443
+ * cipher/whirlpool.c (whirlpool_transform): Return burn stack depth.
+ (whirlpool_add): Do burn_stack.
+
+ whirlpool: do bitcount calculation in finalization part.
+ + commit 10d7351411f19bb2c03d2e24ca5a38dabe45023b
+ * cipher/whirlpool.c (whirlpool_context_t): Remove 'length', add
+ 'nblocks'.
+ (whirlpool_add): Update 'nblocks' instead of 'length', and add early
+ return at one spot.
+ (whirlpool_write): Check for 'nblocks' overflow.
+ (whirlpool_final): Convert 'nblocks' to bit-counter, and use
+ whirlpool_write instead of whirlpool_add.
+
+2013-09-30 Werner Koch <wk@gnupg.org>
+
+ Add logging functions to the API.
+ + commit d2076f27bb7c5d505abf25fc622d21794c4a5df3
+ * src/gcrypt.h.in (_GCRY_GCC_ATTR_PRINTF): New.
+ (gcry_log_debug, gcry_log_debughex, gcry_log_debugmpi): New.
+ (gcry_log_debugpnt, gcry_log_debugsxp): New.
+ * src/visibility.c (gcry_log_debug): New.
+ (gcry_log_debughex, gcry_log_debugmpi, gcry_log_debugpnt): New.
+ (gcry_log_debugsxp): New.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new functions.
+ * src/misc.c (_gcry_logv): Make public.
+ (_gcry_log_printsxp): New.
+ * src/g10lib.h (log_printsxp): New macro.
+
+2013-09-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Make libgcrypt build with Clang on i386.
+ + commit db60d828137c4f3682ca4ca2a54fe3d96d3db5f9
+ * cipher/longlong.h [__i386__] (add_ssaaaa, sub_ddmmss)
+ (umul_ppmm, udiv_qrnnd): Do not cast asm output to USItype.
+
+2013-09-25 Werner Koch <wk@gnupg.org>
+
+ mpi: Change not yet used _gcry_mpi_set_opaque_copy.
+ + commit 1c6660debdbf1e4c3e80074c846a3e3097f214bb
+ * mpi/mpiutil.c (_gcry_mpi_set_opaque_copy): Change prototype.
+ (_gcry_mpi_get_opaque_copy): Take care of gcry_malloc failure.
+
+ sexp: Improve printing of data with a leading zero.
+ + commit 9b7c49971588edf6acfc74bfb797eb79d19cb350
+ * src/sexp.c (suitable_encoding): Detect leading zero byte.
+
+ ecc: Allow the name "q@eddsa" to get/set the public key.
+ + commit d6683d2a6065986a9198d2d2eaa02c005b68cea4
+ * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Support "q@eddsa".
+ (_gcry_ecc_set_mpi): Support "q".
+ * cipher/ecc.c (eddsa_encodepoint): Rename to ...
+ (_gcry_ecc_eddsa_encodepoint): this and make global. Remove arg
+ MINLEN and take from context.
+ (eddsa_decodepoint): Rename to
+ (_gcry_ecc_eddsa_decodepoint): this and make global. Remove arg LEN
+ and take from context.
+ (sign_eddsa, verify_eddsa): Take B from context.
+ (ecc_sign, ecc_verify): Add hack to set DIALECT.
+ (_gcry_pk_ecc_get_sexp): Use _gcry_ecc_compute_public. Handle EdDSA.
+ * src/ec-context.h (mpi_ec_ctx_s): Add field NBITS.
+ * mpi/ec.c (ec_p_init): Init NBITS.
+ * tests/t-mpi-point.c (test_curve): Add Ed25519.
+ (sample_ed25519_q): New.
+ (context_param): Check new sample key.
+ (hex2buffer, hex2mpiopa): New.
+ (cmp_mpihex): Take care of opaque MPIs.
+
+ mpicalc: Add statement to compute the number of bits.
+ + commit 9a4447ccd1b90bcd701941e80a7f484a1825fcea
+ * src/mpicalc.c (do_nbits): New.
+ (main): Add statement 'b'.
+
+ ecc: Refactor low-level access functions.
+ + commit 64a7d347847d606eb5f4c156e24ba060271b8f6b
+ * mpi/ec.c (point_copy): Move to cipher/ecc-curves.c.
+ (ec_get_reset): Rename to _gcry_mpi_ec_get_reset and make global.
+ (_gcry_mpi_ec_get_mpi): Factor most code out to _gcry_ecc_get_mpi.
+ (_gcry_mpi_ec_get_point): Factor most code out to _gcry_ecc_get_point.
+ (_gcry_mpi_ec_set_mpi): Factor most code out to _gcry_ecc_set_mpi.
+ (_gcry_mpi_ec_set_point): Factor most code out to _gcry_ecc_set_point.
+ * cipher/ecc-curves.c (_gcry_ecc_get_mpi): New.
+ (_gcry_ecc_get_point, _gcry_ecc_set_mpi, _gcry_ecc_set_point): New.
+ * cipher/ecc-misc.c (_gcry_ecc_compute_public): New.
+
+ ecc: Fix highly unlikely endless loop in sign_ecdsa.
+ + commit 1f5f4452e5bca105ec2197a4facbf9778e7dc31e
+ * cipher/ecc.c (sign_ecdsa): Turn while-do into do-while loops.
+
+2013-09-24 Werner Koch <wk@gnupg.org>
+
+ ecc: Allow the use of an uncompressed public key.
+ + commit df013c9820709421ef9550158ac5df0060d73379
+ * cipher/ecc.c (eddsa_encodepoint): Factor most code out to ...
+ (eddsa_encode_x_y): new fucntion.
+ (eddsa_decodepoint): Allow use of an uncompressed public key.
+ * tests/t-ed25519.c (N_TESTS): Adjust.
+ * tests/t-ed25519.inp: Add test 1025.
+
+2013-09-23 Werner Koch <wk@gnupg.org>
+
+ pk: Add algo id GCRY_PK_ECC and deprecate ECDSA and ECDH.
+ + commit d5f91466695c5736f441c9bf1998436184a4bf61
+ * src/gcrypt.h.in (GCRY_PK_ECC): New.
+ * cipher/pubkey.c (map_algo): New.
+ (spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it.
+ * cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC.
+ (run_selftests): Simplify.
+ (ecdh_names, ecdsa_names): Merge into a new ecc_names.
+ (_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new
+ _gcry_pubkey_spec_ecc.
+
+ ec: Use mpi_mulm instead of mpi_powm.
+ + commit 4552437bb3c5ff96a889fd31e4bc504b2a12fac7
+ * mpi/ec.c (ec_pow2): New.
+ (ec_powm): Remove call to mpi_abs.
+ (dup_point_weierstrass, dup_point_twistededwards)
+ (add_points_weierstrass, add_points_twistededwards)
+ (_gcry_mpi_ec_curve_point): Use ec_pow2.
+
+2013-09-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ bufhelp: enable fast unaligned memory accesses on powerpc.
+ + commit 925d4fb3e8f2df3c5566ec6b5df7620a3d3504e5
+ * cipher/bufhelp.h [__powerpc__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set
+ macro enabled.
+ [__powerpc64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Ditto.
+
+ Remove i386 inline assembly version of rotation functions.
+ + commit cfea5c28a3822e1e7e401e5107ebe07ba7fdcf37
+ * cipher/bithelp.h (rol, ror): Remove i386 version, change
+ macros to inline functions.
+ * src/hmac256.c (ror): Ditto.
+
+ Optimize and cleanup 32-bit and 64-bit endianess transforms.
+ + commit 9337e03824a5bdd3bbbcb8382cabefe6d6c32e1e
+ * cipher/bithelp.h (bswap32, bswap64, le_bswap32, be_bswap32)
+ (le_bswap64, be_bswap64): New.
+ * cipher/bufhelp.h (buf_get_be32, buf_get_le32, buf_put_le32)
+ (buf_put_be32, buf_get_be64, buf_get_le64, buf_put_be64)
+ (buf_put_le64): New.
+ * cipher/blowfish.c (do_encrypt_block, do_decrypt_block): Use new
+ endian conversion helpers.
+ (do_bf_setkey): Turn endian specific code to generic.
+ * cipher/camellia.c (GETU32, PUTU32): Use new endian conversion
+ helpers.
+ * cipher/cast5.c (rol): Remove, use rol from bithelp.
+ (F1, F2, F3): Fix to use rol from bithelp.
+ (do_encrypt_block, do_decrypt_block, do_cast_setkey): Use new endian
+ conversion helpers.
+ * cipher/des.c (READ_64BIT_DATA, WRITE_64BIT_DATA): Ditto.
+ * cipher/md4.c (transform, md4_final): Ditto.
+ * cipher/md5.c (transform, md5_final): Ditto.
+ * cipher/rmd160.c (transform, rmd160_final): Ditto.
+ * cipher/salsa20.c (LE_SWAP32, LE_READ_UINT32): Ditto.
+ * cipher/scrypt.c (READ_UINT64, LE_READ_UINT64, LE_SWAP32): Ditto.
+ * cipher/seed.c (GETU32, PUTU32): Ditto.
+ * cipher/serpent.c (byte_swap_32): Remove.
+ (serpent_key_prepare, serpent_encrypt_internal)
+ (serpent_decrypt_internal): Use new endian conversion helpers.
+ * cipher/sha1.c (transform, sha1_final): Ditto.
+ * cipher/sha256.c (transform, sha256_final): Ditto.
+ * cipher/sha512.c (__transform, sha512_final): Ditto.
+ * cipher/stribog.c (transform, stribog_final): Ditto.
+ * cipher/tiger.c (transform, tiger_final): Ditto.
+ * cipher/twofish.c (INPACK, OUTUNPACK): Ditto.
+ * cipher/whirlpool.c (buffer_to_block, block_to_buffer): Ditto.
+ * configure.ac (gcry_cv_have_builtin_bswap32): Check for compiler
+ provided __builtin_bswap32.
+ (gcry_cv_have_builtin_bswap64): Check for compiler provided
+ __builtin_bswap64.
+
+ gostr3411_94: set better burn stack depth estimate.
+ + commit 7409de7bc28ff8847c9d71d8c3e35e1968d59d60
+ * cipher/gost28147.c (_gcry_gost_enc_one): Account function stack to
+ burn stack depth.
+ * cipher/gostr3411-94.c (max): New macro.
+ (do_hash_step, transform): Return stack burn depth.
+
+ Use hash transform function return type for passing burn stack depth.
+ + commit 592c2ab3deeeccbb6d3b078ed7bf0e6627c8e1fb
+ * cipher/gostr4311-94.c (transform): Return stack burn depth.
+ * cipher/hash-common.c (_gcry_md_block_write): Use stack burn depth
+ returned by 'hd->bwrite'.
+ * cipher/hash-common.h (_gcry_md_block_write_t): Change return type to
+ 'unsigned int'.
+ (gry_md_block_ctx_t): Remove 'stack_burn'.
+ * cipher/md4.c (transform): Return stack burn depth.
+ (md4_final): Use stack burn depth from transform.
+ * cipher/md5.c (transform): Return stack burn depth.
+ (md5_final): Use stack burn depth from transform.
+ * cipher/rmd160.c (transform): Return stack burn depth.
+ (rmd160_final): Use stack burn depth from transform.
+ * cipher/sha1.c (transform): Return stack burn depth.
+ (sha1_final): Use stack burn depth from transform.
+ * cipher/sha256.c (transform): Return stack burn depth.
+ (sha256_final): Use stack burn depth from transform.
+ * cipher/sha512.c (__transform, transform): Return stack burn depth.
+ (sha512_final): Use stack burn depth from transform.
+ * cipher/stribog.c (transform64): Return stack burn depth.
+ * cipher/tiger.c (transform): Return stack burn depth.
+ (tiger_final): Use stack burn depth from transform.
+
+ Make STRIBOG use the new _gcry_md_block_write helper.
+ + commit 902ea6052c11108bd19333c31b03e084bed1fb86
+ * cipher/stribog.c (STRIBOG_STRUCT): Add 'bctx' and remove 'buf' and
+ 'count'.
+ (stribog_init_512): Initialize 'bctx'.
+ (transform64): New function.
+ (stribog_write): Remove.
+ (stribog_final): Use _gcry_md_block_write and bctx.
+ (_gcry_digest_spec_stribog_256, _gcry_digest_spec_stribog_512): Use
+ _gcry_md_block_write.
+
+ Make SHA-512 use the new _gcry_md_block_write helper.
+ + commit cce7449efe471b076c5a97929ac8907162011394
+ * cipher/hash-common.c (_gcry_md_block_write): Check that hd->buf is
+ large enough.
+ * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE, MD_NBLOCKS_TYPE): New
+ macros.
+ (gcry_md_block_ctx_t): Use above macros for 'nblocks' and 'buf'.
+ * cipher/sha512.c (SHA512_STATE): New struct.
+ (SHA512_CONTEXT): Add 'bctx' and 'state'.
+ (sha512_init, sha384_init): Initialize 'bctx'.
+ (__transform, _gcry_sha512_transform_armv7_neon): Use SHA512_STATE for
+ 'hd'.
+ (transform): For now, do not return burn stack.
+ (sha512_write): Remove.
+ (sha512_final): Use _gcry_md_block_write and bctx.
+ (_gcry_digest_spec_sha512, _gcry_digest_spec_sha384): Use
+ _gcry_md_block_write.
+
+2013-09-20 Werner Koch <wk@gnupg.org>
+
+ sexp: Change internal versions to always use gpg_err_code_t.
+ + commit 3e5cfa20acfeccb9df2c3fae2730344b40b36104
+ * src/sexp.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_build)
+ (gcry_sexp_build_array, gcry_sexp_canon_len): Change error return type
+ from gpg_error_t to gpg_err_code_t. Remove all calls to gpg_error.
+ * src/visibility.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_sscan)
+ (gcry_sexp_build, gcry_sexp_build_array, gcry_sexp_canon_len): Map
+ error codes via gpg_error.
+ * cipher/dsa.c, cipher/ecc.c, cipher/elgamal.c, cipher/rsa.c: Remove
+ use gpg_err_code wrappers.
+
+ pk: Move s-exp creation for gcry_pk_decrypt to the modules.
+ + commit 722bfc1e5f2268453db62f38cc46b5ec6ef3adee
+ * cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it
+ into FLAGS.
+ (gcry_pk_decrypt): Move result s-exp building into the modules.
+ * src/cipher-proto.h (gcry_pk_decrypt_t): Add some args.
+ * cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp.
+ * cipher/elgamal.c (elg_decrypt): Ditto.
+ * cipher/rsa.c (rsa_decrypt): Ditto.
+ (rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several
+ extra MPI allocations.
+
+ pk: Remove unused function.
+ + commit 64cd7ab93da7c95cc8aa320c61c6e29f9e2399c4
+ * cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove
+
+2013-09-19 Werner Koch <wk@gnupg.org>
+
+ Beautify debug output of the prime generator.
+ + commit 6576f0a7684292cb5691bfcabad0acca4c06c014
+ * cipher/primegen.c: Adjust output of log_mpidump to recently changed
+ log_mpidump code changes.
+
+ pk: Move s-expr creation for genkey to the modules.
+ + commit 1bf08850bf9343146c938bc03917417e16393e9a
+ * cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey
+ (gcry_pk_genkey): Move result s-exp creation into the modules.
+ * cipher/dsa.c (dsa_generate): Create result as s-exp.
+ * cipher/elgamal.c (elg_generate): Ditto.
+ * cipher/rsa.c (rsa_generate): Ditto.
+ * cipher/ecc.c (ecc_generate): Ditto.
+ * src/cipher-proto.h (pk_ext_generate_t): Remove type
+ (gcry_pk_spec): and remove from struct.
+
+ tests: Beautify some diagnostics.
+ + commit 2fe084873333c4d67bcfba0b527d63cd3cff6c47
+ * tests/benchmark.c (ecc_bench): Print the key sexp in very verbose
+ mode.
+ (main): Add option --pk-count.
+ * tests/keygen.c: Add Elgamal generation and improved diagnostics.
+ * tests/t-ed25519.c (check_ed25519): Print running number of tests
+ done.
+
+ sexp: Improve printing data representing a negative number.
+ + commit b3f3d47d347c14ed41d755cee580f000309b9c03
+ * src/sexp.c (suitable_encoding): Detect a negative number.
+
+ pk: Move RSA encoding functions to a new file.
+ + commit 071f70b9a766187fc70f6abc6a69d50752449285
+ * cipher/rsa-common: New.
+ * cipher/pubkey.c (pkcs1_encode_for_encryption): Move to rsa-common.c
+ and rename to _gcry_rsa_pkcs1_encode_for_enc.
+ (pkcs1_decode_for_encryption): Move to rsa-common.c and rename to
+ _gcry_rsa_pkcs1_decode_for_enc.
+ (pkcs1_encode_for_signature): Move to rsa-common.c and rename to
+ _gcry_rsa_pkcs1_encode_for_sig.
+ (oaep_encode): Move to rsa-common.c and rename to
+ _gcry_rsa_oaep_encode.
+ (oaep_decode): Move to rsa-common.c and rename to
+ _gcry_rsa_oaep_decode.
+ (pss_encode): Move to rsa-common.c and rename to _gcry_rsa_pss_encode.
+ (pss_verify): Move to rsa-common.c and rename to _gcry_rsa_pss_decode.
+ (octet_string_from_mpi, mgf1): Move to rsa-common.c.
+
+ pk: Move s-expr creation for sign and encrypt to the modules.
+ + commit eca9e2e50ddd4c9020fe1d4a9a3c77d20ebb90f6
+ * cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt.
+ (pubkey_decrypt): Fold into gcry_pk_decrypt.
+ (pubkey_sign): Fold into gcry_pk_sign.
+ (pubkey_verify): Fold into gcry_pk_verify.
+ (octet_string_from_mpi): Make it a wrapper and factor code out to ...
+ * mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function.
+
+ * src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New.
+ * cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings.
+ (gcry_pk_encrypt): Simply by moving the s-expr generation to the modules.
+ (gcry_pk_sign): Ditto.
+ * cipher/dsa.c (dsa_sign): Create s-expr.
+ * cipher/elgamal.c (elg_encrypt, elg_sign): Ditto.
+ * cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto.
+ * cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto.
+ (ecdsa_names): Add "eddsa".
+ * tests/t-ed25519.c (one_test): Expect "eddsa" token.
+
+2013-09-19 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Fix Stribog digest on bigendian platforms.
+ + commit d399faf5db71d429bfd6fa4a9cfc82e2a55055f0
+ * cipher/stribog.c (stribog_final): swap bytes in the result of digest
+ calculations.
+
+2013-09-18 Werner Koch <wk@gnupg.org>
+
+ pk: Simplify the public key dispatcher pubkey.c.
+ + commit 85722afb379f7a392a8117b895de273fd88c4ebc
+ * src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS.
+ * cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields.
+ * cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto.
+ (_gcry_pubkey_spec_ecdh): Ditto.
+ * cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto.
+ * cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto
+ (_gcry_pubkey_spec_elg_e): New.
+ * cipher/pubkey.c: Change most code to replace the former module
+ system by a simpler system to gain information about the algorithms.
+ (disable_pubkey_algo): SImplified. Not anymore thread-safe, though.
+
+ pk: Merge extraspecs struct with standard specs struct.
+ + commit 89103ce00e862cc709e80fa41f2ee13d54093ec5
+ * src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the
+ corresponding function typedefs to ...
+ * src/cipher-proto.h: here.
+ (pk_extra_spec_t): Remove typedef and merge fields into
+ gcry_pk_spec_t.
+ * cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto.
+ * cipher/pubkey.c: Change accordingly.
+ * src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove.
+ (_gcry_pubkey_extraspec_dsa): Remove.
+ (_gcry_pubkey_extraspec_elg): Remove.
+ (_gcry_pubkey_extraspec_ecdsa): Remove.
+
+2013-09-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix encryption/decryption return type for GOST28147.
+ + commit 2ad7ea9cb388fd31e4b0852b68d77f599ef4adce
+ * cipher/gost.h (_gcry_gost_enc_one): Change return type to
+ 'unsigned int'.
+ * cipher/gost28147.c (max): New macro.
+ (gost_encrypt_block, gost_decrypt_block): Return burn stack depth.
+ (_gcry_gost_enc_one): Return burn stack depth from gost_encrypt_block.
+
+2013-09-18 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ doc: fix building of ps and pdf documentation.
+ + commit bd33fa21c9afc6c81e0da24016fc13001e9c7390
+ * doc/gcrypt.texi, doc/gpl.texi, doc/lgpl.texi: fix texinfo errors.
+
+ Add GOST R 34.11-2012 implementation (Stribog)
+ + commit c22064bdd773a807801e300aa9214b2fdcafcf20
+ * src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256)
+ (GCRY_MD_GOSTR3411_12_512): New.
+ * cipher/stribog.c: New.
+ * configure.ac (available_digests_64): Add stribog.
+ * src/cipher.h: Declare Stribog declarations.
+ * cipher/md.c: Register Stribog digest.
+ * tests/basic.c (check_digests) Add 4 testcases for Stribog from
+ standard.
+ * doc/gcrypt.texi: Document new constants.
+
+ Add basic implementation of GOST R 34.11-94 message digest.
+ + commit b0579baaa04fb91eabbbdc295bcabea04cf84056
+ * src/gcrypt.h.in (GCRY_MD_GOSTR3411_94): New.
+ * cipher/gostr3411-94.c: New.
+ * configure.ac (available_digests): Add gostr3411-94.
+ * src/cipher.h: Add gostr3411-94 definitions.
+ * cipher/md.c: Register GOST R 34.11-94.
+ * tests/basic.c (check_digests): Add 4 tests for GOST R 34.11-94
+ hash algo. Two are defined in the standard itself, two other are
+ more or less common tests - an empty string an exclamation mark.
+ * doc/gcrypt.texi: Add an entry describing GOST R 34.11-94 to the MD
+ algorithms table.
+
+ Separate common md block code.
+ + commit ecde77ad98690540abb21db08e5531297ed72bd0
+ * cipher/hash-common.c (_gcry_md_block_write): New function to handle
+ block md operations. The current implementation is limited to 64 byte
+ buffer and u32 block counter.
+
+ * cipher/md4.c, cipher/md5.c, cipher/rmd.h, cipher/rmd160.c
+ *cipher/sha1.c, cipher/sha256.c, cipher/tiger.c: Convert to use
+ _gcry_md_block_write.
+
+ Add limited implementation of GOST 28147-89 cipher.
+ + commit 56b5949f71f501744998f5ebc12488ebf6f1c0b5
+ * src/gcrypt.h.in (GCRY_CIPHER_GOST28147): New.
+ * cipher/gost.h, cipher/gost28147.c: New.
+ * configure.ac (available_ciphers): Add gost28147.
+ * src/cipher.h: Add gost28147 definitions.
+ * cipher/cipher.c: Register gost28147.
+ * tests/basic.c (check_ciphers): Enable simple test for gost28147.
+ * doc/gcrypt.texi: document GCRY_CIPHER_GOST28147.
+
+2013-09-18 Werner Koch <wk@gnupg.org>
+
+ ecc: Add Ed25519 key generation and prepare for optimizations.
+ + commit 63cd3474425cb5a7ec4d1a56be15b248ecda4680
+ * src/mpi.h (enum ecc_dialects): New.
+ * src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT.
+ * cipher/ecc-common.h (elliptic_curve_t): Ditto.
+ * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
+ (domain_parms): Add dialect values.
+ (_gcry_ecc_fill_in_curve): Set dialect.
+ (_gcry_ecc_get_curve): Ditto.
+ (_gcry_mpi_ec_new): Ditto.
+ (_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now.
+ * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect.
+ (_gcry_ecc_dialect2str): New.
+ * mpi/ec.c (ec_p_init): Add arg DIALECT.
+ (_gcry_mpi_ec_p_internal_new): Ditto.
+ (_gcry_mpi_ec_p_new): Ditto.
+
+ * mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag.
+ (_gcry_mpi_set_opaque_copy): New.
+
+ * cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI.
+ * cipher/ecc.c (eddsa_generate_key): New.
+ (generate_key): Rename to nist_generate_key and factor some code out
+ to ...
+ (ecc_generate_ext): here. Divert to eddsa_generate_key if desired.
+ (eddsa_decodepoint): Take care of an opaque MPI.
+ (ecc_check_secret_key): Ditto.
+ (ecc_sign): Ditto.
+ * cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret
+ key as opaque MPIs.
+ (gcry_pk_genkey): Add the curve_name also to the private key part of
+ the result.
+
+ * tests/benchmark.c (ecc_bench): Support Ed25519.
+ (main): Add option --debug.
+ * tests/curves.c (sample_key_2): Make sure that P and N are positive.
+ * tests/keygen.c (show): New.
+ (check_ecc_keys): Support Ed25519.
+
+2013-09-17 Werner Koch <wk@gnupg.org>
+
+ mpi: Support printing of negative numbers.
+ + commit 89fe2173649a72019d75e059e6c6938efd10421f
+ * mpi/mpicoder.c (twocompl, onecompl): New.
+ (gcry_mpi_print): Use it for STD and SSH.
+ (gcry_mpi_scan): Use it for STD and SSH. Always set NSCANNED.
+ (gcry_mpi_aprint): Clear the extra allocated byte.
+ * tests/t-convert.c (showhex, showmpi): New.
+ (mpi2bitstr_nlz): New.
+ (check_formats): New.
+ (main): Call new test.
+
+2013-09-16 Werner Koch <wk@gnupg.org>
+
+ Fix bug in _gcry_mpi_tdiv_q_2exp.
+ + commit a7a9cdcaaf3979baa18dad51e722882581349f45
+ * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.
+
+ ecc: Implement Curve Ed25519 signing and verification.
+ + commit bc5199a02abe428ad377443280b3eda60141a1d6
+ * cipher/ecc-curves.c (domain_parms): Add curve "Ed25519".
+ * cipher/ecc.c (reverse_buffer): New.
+ (eddsa_encodempi): New.
+ (eddsa_encodepoint): New.
+ (eddsa_decodepoint): New.
+ (sign_eddsa): Implement.
+ (verify_eddsa): Implement.
+ (ecc_sign): Init unused Q. Pass public key to sign_eddsa.
+ (ecc_verify): Init pk.Q if not used. Pass public key verbatim to
+ verify_eddsa.
+ * cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all
+ callers to pass 0.
+ (sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract.
+ (sexp_data_to_mpi): Allow for a zero length "value".
+ (gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as
+ required.
+ * mpi/ec.c (ec_invm): Print a warning if the inverse does not exist.
+ (_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve
+ model.
+ (dup_point_twistededwards): Implement.
+ (add_points_twistededwards): Implement.
+ (_gcry_mpi_ec_mul_point): Support Twisted Edwards.
+
+ * mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE.
+ (_gcry_mpi_get_buffer): Ditto. Change all callers.
+ (_gcry_mpi_get_secure_buffer): Ditto.
+
+ * src/sexp.c (_gcry_sexp_nth_opaque_mpi): New.
+
+ * tests/t-ed25519.c: New.
+ * tests/t-ed25519.inp: New.
+ * tests/t-mpi-point.c (basic_ec_math_simplified): Print some output
+ only in debug mode.
+ (twistededwards_math): New test.
+ (main): Call new test.
+
+ mpi: Add internal convenience function.
+ + commit 44a2c34e90ed7de149952398787906d8823b636b
+ * mpi/mpiutil.c (_gcry_mpi_get_opaque_copy): New.
+
+ mpi: Add debug function to print a point.
+ + commit 8ebc94d11a1eb93f2365c93f555e958700fdfbd4
+ * mpi/ec.c (_gcry_mpi_point_log): New.
+ * src/mpi.h (log_printpnt): new macro.
+
+ tests: Factor time measurement code out.
+ + commit 58eaf0c4332ac2f645ede28c4d18337389dfa753
+ * tests/benchmark.c (started_at, stopped_at, start_timer, stop_timer)
+ (elapsed time): Factor out to ..
+ * tests/stopwatch.h: new file.
+
+2013-09-12 Werner Koch <wk@gnupg.org>
+
+ Fix _gcry_log_printmpi to print 00 instead of a sole sign.
+ + commit 1c76349c69c70a62b516a4f837c6287def640807
+ * src/misc.c: Special case an mpi length of 0.
+
+2013-09-11 Werner Koch <wk@gnupg.org>
+
+ Streamline the use of the internal mpi and hex debug functions.
+ + commit e35ed615acc624a8b6c07576ea0650aac2bdb0db
+ * mpi/mpicoder.c (gcry_mpi_dump): Remove.
+ (_gcry_log_mpidump): Remove.
+ * src/misc.c (_gcry_log_printhex): Factor all code out to ...
+ (do_printhex): new. Add line wrapping a and compact printing.
+ (_gcry_log_printmpi): New.
+ * src/mpi.h (log_mpidump): Remove macro.
+ * src/g10lib.h (log_mpidump): Add compatibility macro.
+ (log_printmpi): New macro
+ * src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi.
+ * cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump
+ by log_printmpi.
+ (gcry_prime_group_generator): Ditto.
+ * cipher/pubkey.c: Remove extra colons from log_mpidump call.
+ * cipher/rsa.c (stronger_key_check): Use log_printmpi.
+
+2013-09-10 Werner Koch <wk@gnupg.org>
+
+ md: Add function gcry_md_hash_buffers.
+ + commit f3bca0c77c4979504f95fdbc618f7458e61e3e45
+ * src/gcrypt.h.in (gcry_buffer_t): new.
+ (gcry_md_hash_buffers): New.
+ * src/visibility.c, src/visibility.h: Add wrapper for new function.
+ * src/libgcrypt.def, src/libgcrypt.vers: Export new function.
+ * cipher/md.c (gcry_md_hash_buffers): New.
+ * cipher/sha1.c (_gcry_sha1_hash_buffers): New.
+ * tests/basic.c (check_one_md_multi): New.
+ (check_digests): Run that test.
+ * tests/hmac.c (check_hmac_multi): New.
+ (main): Run that test.
+
+ md: Fix Whirlpool flaw.
+ + commit 0a28b2d2c9181a536fc894e24626714832619923
+ * cipher/whirlpool.c (whirlpool_add): Remove shortcut return so that
+ byte counter is always properly updated.
+
+2013-09-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix static build on AMD64.
+ + commit 90fdf25f0dcc5feac7195ede55bd15948a11363e
+ * cipher/rijndael-amd64.S: Correct 'RIP' macro for non-PIC build.
+
+ scrypt: fix for big-endian systems.
+ + commit 38a038a135d82231eff9d84f1ae3c4a25c6a5e75
+ * cipher/scrypt.c (_salsa20_core): Fix endianess issues.
+
+2013-09-07 Werner Koch <wk@gnupg.org>
+
+ Use gcc "unused" attribute only with gcc >= 3.5.
+ + commit f7135e299e659d78906aac3dfdf30f380b5cf9c6
+ * src/g10lib.h (GCC_ATTR_UNUSED): Fix gcc version detection.
+
+2013-09-07 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Add support for Salsa20/12 - 12 round version of Salsa20.
+ + commit ae6f6c47d2e0c536f3eab0823b5f23d26956cda2
+ * src/gcrypt.h.in (GCRY_CIPHER_SALSA20R12): New.
+ * src/salsa20.c (salsa20_core, salsa20_do_encrypt_stream): Add support
+ for reduced round versions.
+ (salsa20r12_encrypt_stream, _gcry_cipher_spec_salsa20r12): Implement
+ Salsa20/12 - a 12 round version of Salsa20 selected by eStream.
+ * src/cipher.h: Declsare Salsa20/12 definition.
+ * cipher/cipher.c: Register Salsa20/12
+ * tests/basic.c: (check_stream_cipher, check_stream_cipher_large_block):
+ Populate Salsa20/12 tests with test vectors from ecrypt
+ (check_ciphers): Add simple test for Salsa20/12
+
+2013-09-07 Werner Koch <wk@gnupg.org>
+
+ Add configure option --disable-amd64-as-feature-detection.
+ + commit 49d5b9dcd622cdc87fb02a211bd51e3d46345bf2
+ * configure.ac: Implement new disable flag.
+
+ mpi: Improve support for non-Weierstrass support.
+ + commit 4d8c8c7aa88cddb1624301957e6245405f46d027
+ * mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers.
+ (_gcry_mpi_ec_p_internal_new): Ditto.
+ (_gcry_mpi_ec_p_new): Ditto.
+ * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return
+ GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model.
+ * cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto.
+ * cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking.
+
+ mpi: Add gcry_mpi_ec_curve_point.
+ + commit ddfefe429660cc5d798f3517208936449247ae5c
+ * mpi/ec.c (_gcry_mpi_ec_curve_point): New.
+ (ec_powm): Return the absolute value.
+ * src/visibility.c, src/visibility.c: Add wrappers.
+ * src/libgcrypt.def, src/libgcrypt.vers: Export them.
+
+ mpi: Add functions to manipulate the sign.
+ + commit 1bd2c67aa55b40589654d3fa5dea05cf1ed7dc5f
+ * src/gcrypt.h.in (gcry_mpi_is_neg): New.
+ (gcry_mpi_neg, gcry_mpi_abs): New.
+ * mpi/mpiutil.c (_gcry_mpi_is_neg): New.
+ (_gcry_mpi_neg, _gcry_mpi_abs): New.
+ * src/visibility.c, src/visibility.h: Add wrappers.
+ * src/libgcrypt.def, src/libgcrypt.vers: Export them.
+ * src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign.
+ * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign.
+ * mpi/mpi-mpow.c (calc_barrett): Ditto.
+ * cipher/primegen.c (_gcry_derive_x931_prime): Ditto
+ * cipher/rsa.c (secret): Ditto.
+
+2013-09-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Tune armv6 mpi assembly.
+ + commit 4e4440153258e2f0dfdcaa8443820af06984ecb1
+ * mpi/armv6/mpih-mul1.S: Tune assembly for Cortex-A8.
+ * mpi/armv6/mpih-mul2.S: Ditto.
+ * mpi/armv6/mpih-mul3.S: Ditto.
+
+2013-09-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Change _gcry_burn_stack take burn depth as unsigned integer.
+ + commit e0ae31fcce3bd57b24751ff3c82cba820e493c3a
+ * src/misc.c (_gcry_burn_stack): Change to handle 'unsigned int' bytes.
+
+ mpicalc: fix building on linux and win32.
+ + commit 50ec983666f0ca9d50c84aa1afad0d7bd5810779
+ * src/Makefile.am (mpicalc): Adjust CFLAGS and LDADD.
+
+2013-09-04 Werner Koch <wk@gnupg.org>
+
+ Change mpicalc to use Libgcrypt and install it.
+ + commit 1d23040b659661b4086c079cb9fd5f37189a7020
+ * src/mpicalc.c: Make use of gcry_ functions.
+ (MPICALC_VERSION): New. Set to 2.0.
+ (strusage): Remove.
+ (scan_mpi): New. Replaces mpi_fromstr.
+ (print_mpi): New. Replaces mpi_print.
+ (my_getc): New.
+ (print_help): New.
+ (main): Use simple option parser and print version info.
+ * src/Makefile.am (bin_PROGRAMS): Add mpicalc.
+ (mpicalc_SOURCES, mpicalc_CFLAGS, mpicalc_LDADD): New.
+
+ Add mpicalc.c to help with testing.
+ + commit a70c46e29c480fa0f56ab4814666a5b115f84fd7
+ * src/mpicalc.c: Take from GnuPG 1.4
+
+ Prepare support for EdDSA.
+ + commit c47d4001033f68212d2847b3074a0bdda990342e
+ * src/cipher.h (PUBKEY_FLAG_EDDSA): New.
+ * cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by
+ CTX. Pass flags and hash algo to the verify function. Change all
+ verify functions to accept these args.
+ (sexp_data_to_mpi): Implement new flag "eddsa".
+ (gcry_pk_verify): Pass CTX instead of the compare function to
+ pubkey_verify.
+ * cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers.
+ (verify): Rename to verify_ecdsa. Change all callers.
+ (sign_eddsa, verify_eddsa): New stub functions.
+ (ecc_sign): Divert to sign_ecdsa or sign_eddsa.
+ (ecc_verify): Divert to verify_ecdsa or verify_eddsa.
+
+ Prepare support for non-Weierstrass EC equations.
+ + commit c26be7a337d0bf98193bc58e043209e46d0769bb
+ * src/mpi.h (gcry_mpi_ec_models): New.
+ * src/ec-context.h (mpi_ec_ctx_s): Add MODEL.
+ * cipher/ecc-common.h (elliptic_curve_t): Ditto.
+ * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
+ (domain_parms): Mark als as Weierstrass.
+ (_gcry_ecc_fill_in_curve): Check model.
+ (_gcry_ecc_get_curve): Set model to Weierstrass.
+ * cipher/ecc-misc.c (_gcry_ecc_model2str): New.
+ * cipher/ecc.c (generate_key, ecc_generate_ext): Print model in the
+ debug output.
+
+ * mpi/ec.c (_gcry_mpi_ec_dup_point): Switch depending on model.
+ Factor code out to ...
+ (dup_point_weierstrass): new.
+ (dup_point_montgomery, dup_point_twistededwards): New stub functions.
+ (_gcry_mpi_ec_add_points): Switch depending on model. Factor code out
+ to ...
+ (add_points_weierstrass): new.
+ (add_points_montgomery, add_points_twistededwards): New stub
+ functions.
+
+ * tests/Makefile.am (TESTS): Reorder tests.
+
+ mpi: Suppress newer gcc warnings.
+ + commit 8698530b2f9ef95542f1dd550961de7af86cc256
+ * src/g10lib.h (GCC_ATTR_UNUSED): Define for gcc >= 3.5.
+ * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Mark dummy
+ as unused.
+ * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.
+
+ Do not check with cpp for typedefed constants.
+ + commit b28b1f732e1b4f9c62a9de87c22c6bb0d3f8fdb8
+ * src/gcrypt-int.h: Include error code replacements depeding on the
+ version of libgpg-error.
+
+2013-09-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Make _gcry_burn_stack use variable length array.
+ + commit 4b0edf53440239d3bcc95941980c062a0801a149
+ * configure.ac (HAVE_VLA): Add check.
+ * src/misc.c (_gcry_burn_stack) [HAVE_VLA]: Add VLA code.
+
+ Move stack burning from block ciphers to cipher modes.
+ + commit a3aaa6ad03388ea3eaa24304b604cb864633332f
+ * src/gcrypt-module.h (gcry_cipher_encrypt_t)
+ (gcry_cipher_decrypt_t): Return 'unsigned int'.
+ * cipher/cipher.c (dummy_encrypt_block, dummy_decrypt_block): Return
+ zero.
+ (do_ecb_encrypt, do_ecb_decrypt): Get largest stack burn depth from
+ block cipher crypt function and burn stack at end.
+ * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
+ (_gcry_cipher_aeswrap_decrypt): Ditto.
+ * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
+ (_gcry_cipher_cbc_decrypt): Ditto.
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
+ (_gcry_cipher_cfb_decrypt): Ditto.
+ * cipher/cipher-ctr.c (_gcry_cipher_cbc_encrypt): Ditto.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
+ (_gcry_cipher_ofb_decrypt): Ditto.
+ * cipher/blowfish.c (encrypt_block, decrypt_block): Return burn stack
+ depth.
+ * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Ditto.
+ * cipher/cast5.c (encrypt_block, decrypt_block): Ditto.
+ * cipher/des.c (do_tripledes_encrypt, do_tripledes_decrypt)
+ (do_des_encrypt, do_des_decrypt): Ditto.
+ * cipher/idea.c (idea_encrypt, idea_decrypt): Ditto.
+ * cipher/rijndael.c (rijndael_encrypt, rijndael_decrypt): Ditto.
+ * cipher/seed.c (seed_encrypt, seed_decrypt): Ditto.
+ * cipher/serpent.c (serpent_encrypt, serpent_decrypt): Ditto.
+ * cipher/twofish.c (twofish_encrypt, twofish_decrypt): Ditto.
+ * cipher/rfc2268.c (encrypt_block, decrypt_block): New.
+ (_gcry_cipher_spec_rfc2268_40): Use encrypt_block and decrypt_block.
+
+2013-09-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ camellia-aesni-avx2-amd64: Move register clearing to assembly functions.
+ + commit f3515240de9513ead975985c9f8ab714022cac8e
+ * cipher/camellia-aesni-avx2-amd64.S
+ (_gcry_camellia_aesni_avx2_ctr_enc): Add 'vzeroall'.
+ (_gcry_camellia_aesni_avx2_cbc_dec)
+ (_gcry_camellia_aesni_avx2_cfb_dec): Add 'vzeroupper' at head and
+ 'vzeroall' at tail.
+ * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
+ (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX2]: Remove register
+ clearing.
+
+ camellia-aesni-avx-amd64: Move register clearing to assembly functions.
+ + commit 8b735cb563dff7aafbf8a970972522b5621e665c
+ * cipher/camellia-aesni-avx-amd64.S (_gcry_camellia_aesni_avx_ctr_enc)
+ (_gcry_camellia_aesni_avx_cbc_dec)
+ (_gcry_camellia_aesni_avx_cfb_dec): Add 'vzeroupper' at head and
+ 'vzeroall' at tail.
+ * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
+ (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX]: Remove register clearing.
+
+ serpent-avx2-amd64: Move register clearing to assembly.
+ + commit d12828cd821a4b4428eae19de5aee02cf536e536
+ * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc)
+ (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Change last
+ 'vzeroupper' to 'vzeroall'.
+ * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
+ (_gcry_serpent_avx2_cfb_dec) [USE_AVX2]: Remove register clearing with
+ 'vzeroall'.
+
+ Fix building for x32 target.
+ + commit fd6721c235a5bdcb332c8eb708fbd4f96e52e824
+ * mpi/amd64/mpi-asm-defs.h: New file.
+ * random/rndhw.c (poll_padlock) [__x86_64__]: Also check if __LP64__ is
+ defined.
+ [USE_DRNG, __x86_64__]: Also check if __LP64__ is defined.
+
+2013-08-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ sha512: add ARM/NEON assembly version of transform function.
+ + commit 99d15543b8d94a8f1ef66c6ccb862b0ce82c514d
+ * cipher/Makefile.am: Add 'sha512-armv7-neon.S'.
+ * cipher/sha512-armv7-neon.S: New file.
+ * cipher/sha512.c (USE_ARM_NEON_ASM): New macro.
+ (SHA512_CONTEXT) [USE_ARM_NEON_ASM]: Add 'use_neon'.
+ (sha512_init, sha384_init) [USE_ARM_NEON_ASM]: Enable 'use_neon' if
+ CPU support NEON instructions.
+ (k): Round constant array moved outside of 'transform' function.
+ (__transform): Renamed from 'tranform' function.
+ [USE_ARM_NEON_ASM] (_gcry_sha512_transform_armv7_neon): New prototype.
+ (transform): New wrapper function for different transform versions.
+ (sha512_write, sha512_final): Burn stack by the amount returned by
+ transform function.
+ * configure.ac (sha512) [neonsupport]: Add 'sha512-armv7-neon.lo'.
+
+ sha512: reduce stack use in transform function by 512 bytes.
+ + commit 03da7f8ba3ec24d4639a2bcebbc0d9d831734c08
+ * cipher/sha512.c (transform): Change 'u64 w[80]' to 'u64 w[16]' and
+ inline input expansion to first 64 rounds.
+ (sha512_write, sha512_final): Reduce burn_stack depth by 512 bytes.
+
+ Add ARM HW feature detection module and add NEON detection.
+ + commit 9c95be105f518d18407115c2c06893857c24b116
+ * configure.ac: Add option --disable-neon-support.
+ (HAVE_GCC_INLINE_ASM_NEON): New.
+ (ENABLE_NEON_SUPPORT): New.
+ [arm]: Add 'hwf-arm.lo' as HW feature module.
+ * src/Makefile.am: Add 'hwf-arm.c'.
+ * src/g10lib.h (HWF_ARM_NEON): New macro.
+ * src/global.c (hwflist): Add HWF_ARM_NEON entry.
+ * src/hwf-arm.c: New file.
+ * src/hwf-common.h (_gcry_hwf_detect_arm): New prototype.
+ * src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add
+ call to _gcry_hwf_detect_arm.
+
+ Correct mpi_cpu_arch for ARMv6.
+ + commit 7b0ebe69fe35f2ee13e1e1beb2766a1eaadb7f0c
+ * mpi/config.links [armv6]: Set mpi_cpu_arch to "arm", instead of
+ "armv6".
+
+2013-08-30 Werner Koch <wk@gnupg.org>
+
+ mpi: Make gcry_mpi_print work with negative zeroes.
+ + commit e9b711e6ddb480a71d2996465074e436c752c005
+ * mpi/mpicoder.c (gcry_mpi_print): Take care of negative zero.
+ (gcry_mpi_aprint): Allocate at least 1 byte.
+ * tests/t-convert.c: New.
+ * tests/Makefile.am (TESTS): Add t-convert.
+
+ Refactor the ECC code into 3 files.
+ + commit 800d4e01376d52a94a157b53978c7c3f957fc476
+ * cipher/ecc-common.h, cipher/ecc-curves.c, cipher/ecc-misc.c: New.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files.
+ * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new .c files.
+ * cipher/ecc.c (curve_aliases, ecc_domain_parms_t, domain_parms)
+ (scanval): Move to ecc-curves.c.
+ (fill_in_curve): Move to ecc-curve.c as _gcry_ecc_fill_in_curve.
+ (ecc_get_curve): Move to ecc-curve.c as _gcry_ecc_get_curve.
+ (_gcry_mpi_ec_ec2os): Move to ecc-misc.c.
+ (ec2os): Move to ecc-misc.c as _gcry_ecc_ec2os.
+ (os2ec): Move to ecc-misc.c as _gcry_ecc_os2ec.
+ (point_set): Move as inline function to ecc-common.h.
+ (_gcry_ecc_curve_free): Move to ecc-misc.c as _gcry_ecc_curve_free.
+ (_gcry_ecc_curve_copy): Move to ecc-misc.c as _gcry_ecc_curve_copy.
+ (mpi_from_keyparam, point_from_keyparam): Move to ecc-curves.c.
+ (_gcry_mpi_ec_new): Move to ecc-curves.c.
+ (ecc_get_param): Move to ecc-curves.c as _gcry_ecc_get_param.
+ (ecc_get_param_sexp): Move to ecc-curves.c as _gcry_ecc_get_param_sexp.
+
+2013-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ serpent-sse2-amd64: Move register clearing to assembly functions.
+ + commit 040aa7688296e93659cb32ca31e9a001a6ab1edd
+ cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_ctr_enc)
+ (_gcry_serpent_sse2_cbc_dec, _gcry_serpent_sse2_cfb_dec): Clear used
+ XMM registers.
+ cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
+ ( _gcry_serpent_cfb_dec) [USE_SSE2]: Remove XMM register clearing from
+ bulk functions.
+
+ twofish-amd64: do not make __twofish_dec_blk3 global.
+ + commit 82db04a6a0058cf870485459abe7c1659b138ec5
+ * cipher/twofish-amd64.S (__twofish_dec_blk3): Do not export symbol as
+ global.
+ (__twofish_dec_blk3): Mark symbol as function.
+
+2013-08-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ mpi: add ARMv6 assembly.
+ + commit da327aef3fe24fdf98fffbc8aea69de42ed12456
+ * mpi/armv6/mpi-asm-defs.h: New.
+ * mpi/armv6/mpih-add1.S: New.
+ * mpi/armv6/mpih-mul1.S: New.
+ * mpi/armv6/mpih-mul2.S: New.
+ * mpi/armv6/mpih-mul3.S: New.
+ * mpi/armv6/mpih-sub1.S: New.
+ * mpi/config.links [arm]: Enable ARMv6 assembly.
+
+ Move ARMv6 detection to configure.ac.
+ + commit 151f1e518be2d16bed748ba832384b0472ddcf9b
+ * cipher/blowfish-armv6.S: Replace __ARM_ARCH >= 6 checks with
+ HAVE_ARM_ARCH_V6.
+ * cipher/blowfish.c: Ditto.
+ * cipher/camellia-armv6.S: Ditto.
+ * cipher/camellia.h: Ditto.
+ * cipher/cast5-armv6.S: Ditto.
+ * cipher/cast5.c: Ditto.
+ * cipher/rijndael-armv6.S: Ditto.
+ * cipher/rijndael.c: Ditto.
+ * configure.ac: Add HAVE_ARM_ARCH_V6 check.
+
+2013-08-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add optimized wipememory for ARM.
+ + commit c030e33533fb819afe195eff5f89ec39863b1fbc
+ src/g10lib.h [__arm__] (fast_wipememory2_unaligned_head)
+ (fast_wipememory2): New macros.
+
+ cipher: bufhelp: allow unaligned memory accesses on ARM.
+ + commit 796dda37b957b20dba391343937c6325a8c8b288
+ * cipher/bufhelp.h [__arm__ && __ARM_FEATURE_UNALIGNED]: Enable
+ BUFHELP_FAST_UNALIGNED_ACCESS.
+
+2013-08-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Remove burn_stack optimization.
+ + commit 79895b9459b9bf8c60cb7abf09d5bf16ed0cf6e3
+ * src/misc.c (_gcry_burn_stack): Remove SIZEOF_UNSIGNED_LONG == 4 or 8
+ optimization.
+
+2013-08-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ camellia: add ARMv6 assembly implementation.
+ + commit cafadc1e4fb97581262b0081ba251e05613d4394
+ * cipher/Makefile.am: Add 'camellia-armv6.S'.
+ * cipher/camellia-armv6.S: New file.
+ * cipher/camellia-glue.c [USE_ARMV6_ASM]
+ (_gcry_camellia_armv6_encrypt_block)
+ (_gcry_camellia_armv6_decrypt_block): New prototypes.
+ [USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock)
+ (camellia_encrypt, camellia_decrypt): New functions.
+ * cipher/camellia.c [!USE_ARMV6_ASM]: Compile encryption and decryption
+ routines if USE_ARMV6_ASM macro is _not_ defined.
+ * cipher/camellia.h (USE_ARMV6_ASM): New macro.
+ [!USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock): If
+ USE_ARMV6_ASM is defined, disable these function prototypes.
+ (camellia) [arm]: Add 'camellia-armv6.lo'.
+
+ blowfish: add ARMv6 assembly implementation.
+ + commit 31e4b1a96a07e9a3698fcb7be0643a136ebb8e5c
+ * cipher/Makefile.am: Add 'blowfish-armv6.S'.
+ * cipher/blowfish-armv6.S: New file.
+ * cipher/blowfish.c (USE_ARMV6_ASM): New macro.
+ [USE_ARMV6_ASM] (_gcry_blowfish_armv6_do_encrypt)
+ (_gcry_blowfish_armv6_encrypt_block)
+ (_gcry_blowfish_armv6_decrypt_block, _gcry_blowfish_armv6_ctr_enc)
+ (_gcry_blowfish_armv6_cbc_dec, _gcry_blowfish_armv6_cfb_dec): New
+ prototypes.
+ [USE_ARMV6_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block)
+ (encrypt_block, decrypt_block): New functions.
+ (_gcry_blowfish_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (_gcry_blowfish_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (_gcry_blowfish_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ * configure.ac (blowfish) [arm]: Add 'blowfish-armv6.lo'.
+
+ cast5: add ARMv6 assembly implementation.
+ + commit 8d1faf56714598301580ce370e0bfa6d65e73644
+ * cipher/Makefile.am: Add 'cast5-armv6.S'.
+ * cipher/cast5-armv6.S: New file.
+ * cipher/cast5.c (USE_ARMV6_ASM): New macro.
+ (CAST5_context) [USE_ARMV6_ASM]: New members 'Kr_arm_enc' and
+ 'Kr_arm_dec'.
+ [USE_ARMV6_ASM] (_gcry_cast5_armv6_encrypt_block)
+ (_gcry_cast5_armv6_decrypt_block, _gcry_cast5_armv6_ctr_enc)
+ (_gcry_cast5_armv6_cbc_dec, _gcry_cast5_armv6_cfb_dec): New prototypes.
+ [USE_ARMV6_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block)
+ (decrypt_block): New functions.
+ (_gcry_cast5_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (_gcry_cast5_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (_gcry_cast5_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (do_cast_setkey) [USE_ARMV6_ASM]: Initialize 'Kr_arm_enc' and
+ 'Kr_arm_dec'.
+ * configure.ac (cast5) [arm]: Add 'cast5-armv6.lo'.
+
+2013-08-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rijndael: add ARMv6 assembly implementation.
+ + commit f365961422f1c8b3d89b8bcd9c99828f38c1f158
+ * cipher/Makefile.am: Add 'rijndael-armv6.S'.
+ * cipher/rijndael-armv6.S: New file.
+ * cipher/rijndael.c (USE_ARMV6_ASM): New macro.
+ [USE_ARMV6_ASM] (_gcry_aes_armv6_encrypt_block)
+ (_gcry_aes_armv6_decrypt_block): New prototypes.
+ (do_encrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (do_encrypt): Disable input/output alignment when USE_ARMV6_ASM.
+ (do_decrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
+ (do_decrypt): Disable input/output alignment when USE_ARMV6_ASM.
+ * configure.ac (HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS): New check for
+ gcc/as compatibility with ARM assembly implementations.
+ (aes) [arm]: Add 'rijndael-armv6.lo'.
+
+2013-08-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ cipher: fix memory leak.
+ + commit 2b5bbe264fcd61e5e458e5f71a6507ba0271c729
+ * cipher/pubkey.c (gcry_pk_sign): Handle the specific case of ECC,
+ where there is NULL whichi is not the sentinel.
+
+2013-08-08 Werner Koch <wk@gnupg.org>
+
+ mpi: Clear immutable flag on the result of gcry_mpi_set.
+ + commit 426cbc9feca0c8f46208fb3670adab95f9e46087
+ * mpi/mpiutil.c (gcry_mpi_set): Reset immutable and const flags.
+ * tests/mpitests.c (test_const_and_immutable): Add a test for this.
+
+2013-08-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: fix memory leaks.
+ + commit cc082642c1b0f2a3e9ca78e1ffd3f64417c204bd
+ * tests/benchmark.c (dsa_bench): Release SIG.
+
+ * tests/mpitests.c (test_powm): Release BASE, EXP, MOD, and RES.
+
+ * tests/prime.c (check_primes): Release PRIME.
+
+ * tests/tsexp.c (basic): Use intermediate variable M for constant.
+ Release S1, S2 and A.
+
+2013-08-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix building on W32 (cannot export symbol 'gcry_sexp_get_buffer')
+ + commit 065d446478bf68553339fc77a89b8369bd110a18
+ * src/libgcrypt.def: Change 'gcry_sexp_get_buffer' to
+ 'gcry_sexp_nth_buffer'.
+
+2013-08-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ cipher: fix another memory leak.
+ + commit 9a421813123a2f5db0a91eaee4a45138efc9ad34
+ * cipher/ecc.c (ecc_get_curve): Free TMP.
+
+ tests: fix memory leaks.
+ + commit 87eddc31ccba6decbddd1761dd42a208666cd311
+ * tests/pubkey.c (check_keys_crypt): Release L, X0, and X1.
+ (check_keys): Release X.
+
+ cipher: fix memory leaks.
+ + commit ae6ffd9af38cbcac57c220960f683aab91db85cb
+ * cipher/elgamal.c (elg_generate_ext): Free XVALUE.
+
+ * cipher/pubkey.c (sexp_elements_extract): Don't use IDX for loop.
+ Call mpi_free.
+ (sexp_elements_extract_ecc): Call mpi_free.
+
+2013-08-05 Werner Koch <wk@gnupg.org>
+
+ mpi: Improve gcry_mpi_invm to detect bad input.
+ + commit d8e99a04dba6a606e879464cd11deee760d1e000
+ * mpi/mpi-inv.c (gcry_mpi_invm): Return 0 for bad input.
+
+2013-07-31 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Correct checks for ecc secret key.
+ + commit 10dfa41b43a906031bc674ea41cd3073701011f3
+ * cipher/ecc.c (check_secret_key): replace wrong comparison of Q and
+ sk->Q points with correct one.
+
+2013-07-29 Werner Koch <wk@gnupg.org>
+
+ sexp: Allow white space anywhere in a hex format.
+ + commit 43320961a8751ee28dc95cdb0ae01ea8a7ff7f91
+ * src/sexp.c (hextobyte): Remove.
+ (hextonibble): New.
+ (vsexp_sscan): Skip whtespace between hex nibbles.
+
+ Implement deterministic ECDSA as specified by rfc-6979.
+ + commit 6e0a9786637d649b48aae0e611a12e12beef9b3b
+ * cipher/ecc.c (sign): Add args FLAGS and HASHALGO. Convert an opaque
+ MPI as INPUT. Implement rfc-6979.
+ (ecc_sign): Remove the opaque MPI code and pass FLAGS to sign.
+ (verify): Do not allocate and compute Y; it is not used.
+ (ecc_verify): Truncate the hash value if needed.
+ * tests/dsa-rfc6979.c (check_dsa_rfc6979): Add ECDSA test cases.
+
+2013-07-26 Werner Koch <wk@gnupg.org>
+
+ Implement deterministic DSA as specified by rfc-6979.
+ + commit 1cfa79aabc5d0fd8d124901054475e90ab7d9cde
+ * cipher/dsa.c (dsa_sign): Move opaque mpi extraction to sign.
+ (sign): Add args FLAGS and HASHALGO. Implement deterministic DSA.
+ Add code path for R==0 to comply with the standard.
+ (dsa_verify): Left fill opaque mpi based hash values.
+ * cipher/dsa-common.c (int2octets, bits2octets): New.
+ (_gcry_dsa_gen_rfc6979_k): New.
+ * tests/dsa-rfc6979.c: New.
+ * tests/Makefile.am (TESTS): Add dsa-rfc6979.
+
+ Allow the use of a private-key s-expression with gcry_pk_verify.
+ + commit b72d312ad11887fc416aa821786f6bdb663c0f4a
+ * cipher/pubkey.c (sexp_to_key): Fallback to private key.
+
+2013-07-25 Werner Koch <wk@gnupg.org>
+
+ Mitigate a flush+reload cache attack on RSA secret exponents.
+ + commit 287bf0e543f244d784cf8b58340bf0ab3c6aba97
+ * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
+ exponents in secure memory.
+
+2013-07-19 Werner Koch <wk@gnupg.org>
+
+ pk: Allow the use of a hash element for DSA sign and verify.
+ + commit 37d0a1ebdc2dc74df4fb6bf0621045018122a68f
+ * cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign
+ module.
+ (gcry_pk_sign): Pass CTX to pubkey_sign.
+ (sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA
+ * cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque
+ MPI is given for DATA/HASH.
+ * cipher/elgamal.c (elg_sign, elg_verify): Ditto.
+ * cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI.
+ * cipher/ecc.c (ecc_sign, ecc_verify): Ditto.
+ * tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash
+ element with DSA.
+
+ sexp: Add function gcry_sexp_nth_buffer.
+ + commit 2d3e8d4d9562d666420aadd9ffa8ac0456a1cd91
+ * src/sexp.c (gcry_sexp_nth_buffer): New.
+ * src/visibility.c, src/visibility.h: Add function wrapper.
+ * src/libgcrypt.vers, src/libgcrypt.def: Add to API.
+ * src/gcrypt.h.in: Add prototype.
+
+2013-07-18 Werner Koch <wk@gnupg.org>
+
+ Add support for Salsa20.
+ + commit c4885092088431e7928e4459fda20cc0e8ceb201
+ * src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New.
+ * cipher/salsa20.c: New.
+ * configure.ac (available_ciphers): Add Salsa20.
+ * cipher/cipher.c: Register Salsa20.
+ (cipher_setiv): Allow to divert an IV to a cipher module.
+ * src/cipher-proto.h (cipher_setiv_func_t): New.
+ (cipher_extra_spec): Add field setiv.
+ * src/cipher.h: Declare Salsa20 definitions.
+ * tests/basic.c (check_stream_cipher): New.
+ (check_stream_cipher_large_block): New.
+ (check_cipher_modes): Run new test functions.
+ (check_ciphers): Add simple test for Salsa20.
+
+2013-07-17 Werner Koch <wk@gnupg.org>
+
+ Allow gcry_mpi_dump to print opaque MPIs.
+ + commit 364d019e3ffedfcb434576702f73e767cb9389ef
+ * mpi/mpicoder.c (gcry_mpi_dump): Detect abd print opaque MPIs.
+ * tests/mpitests.c (test_opaque): New.
+ (main): Call new test.
+
+ cipher: Prepare to pass extra info to the sign functions.
+ + commit 5940e66cbefea3de5924f494f18aed69bb694bff
+ * src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo.
+ * cipher/rsa.c (rsa_sign): Add parms and mark them as unused.
+ * cipher/dsa.c (dsa_sign): Ditto.
+ * cipher/elgamal.c (elg_sign): Ditto.
+ * cipher/pubkey.c (dummy_sign): Ditto.
+ (pubkey_sign): Pass 0 for the new args.
+
+ Fix a special case bug in mpi_powm for e==0.
+ + commit 6e1adb05d290aeeb1c230c763970695f4a538526
+ * mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that
+ the result has been allocated.
+
+2013-07-15 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+
+ Fix memory leak in t-mpi-point test.
+ + commit a7b80e9fba6b1b095f7c53469747967b40ebfbfd
+ * tests/t-mpi-point.c (basic_ec_math, basic_ec_math_simplified): add
+ calls to gcry_ctx_release() to free contexts after they become unused.
+
+2013-07-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix 'Please include winsock2.h before windows.h' warnings with mingw32.
+ + commit d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104
+ * random/rndw32.c: include winsock2.h before windows.h.
+ * src/ath.h [_WIN32]: Ditto.
+ * tests/benchmark.c [_WIN32]: Ditto.
+
+ Remove duplicate header from mpi/amd64/mpih-mul2.S.
+ + commit c64a0dcbefc5b0055954e37a3c86b32ff7a1b1da
+ * mpi/amd64/mpih-mul2.S: remove duplicated header.
+
+ Fix i386/amd64 inline assembly "cc" clobbers.
+ + commit ed0a598172208ec67234a4edd73189bf6808fd04
+ * cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber
+ for inline assembly.
+ * cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto.
+ * random/rndhw.c [USE_DRNG] (rdrand_long): Ditto.
+ * src/hmac256.c [__GNUC__, __i386__] (ror): Ditto.
+ * mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
+ (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto.
+
+ bufhelp: Suppress 'cast increases required alignment' warning.
+ + commit c3902a6b5cea9acef2e15fbee24eb601eeb25168
+ * cipher/bufhelp.h (buf_xor, buf_xor_2dst, buf_xor_n_copy): Cast
+ to larger element pointer through (void *) to suppress -Wcast-error.
+
+ mpi: Add __ARM_ARCH for older GCC.
+ + commit 97f392f43cf2e4da1297cbecacbfbff33a869478
+ * mpi/longlong.h [__arm__]: Construct __ARM_ARCH if not provided by
+ compiler.
+
+ mpi: add missing "cc" clobber for ARM assembly.
+ + commit 8aa4f2161cf643ce36d87d2e2786b546736f8232
+ * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
+ [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Ditto.
+
+ Tweak ARM inline assembly for mpi.
+ + commit 71dda4507053379433dc8b0fc6462c15de7299df
+ mpi/longlong.h [__arm__]: Enable inline assembly if __thumb2__ is
+ defined.
+ [__arm__]: Use __ARCH_ARM when defined.
+ [__arm__] [__ARM_ARCH >= 5] (count_leading_zeros): New.
+
+2013-06-26 Werner Koch <wk@gnupg.org>
+
+ Make gpg-error replacement defines more robust.
+ + commit 6540b84a6e9113813e7e49e3ad2024d4a0073300
+ * configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ...
+ * src/gcrypt-int.h: new file.
+ * src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h.
+ * tests/: Ditto for all test files.
+
+2013-06-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Check if assembler is compatible with AMD64 assembly implementations.
+ + commit 3544fa8aa63bef9a35abf236e9376191b5ec206b
+ * cipher/blowfish-amd64.S: Enable only if
+ HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined.
+ * cipher/camellia-aesni-avx-amd64.S: Ditto.
+ * cipher/camellia-aesni-avx2-amd64.S: Ditto.
+ * cipher/cast5-amd64.S: Ditto.
+ * cipher/rinjdael-amd64.S: Ditto.
+ * cipher/serpent-avx2-amd64.S: Ditto.
+ * cipher/serpent-sse2-amd64.S: Ditto.
+ * cipher/twofish-amd64.S: Ditto.
+ * cipher/blowfish.c: Use AMD64 assembly implementation only if
+ HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined
+ * cipher/camellia-glue.c: Ditto.
+ * cipher/cast5.c: Ditto.
+ * cipher/rijndael.c: Ditto.
+ * cipher/serpent.c: Ditto.
+ * cipher/twofish.c: Ditto.
+ * configure.ac: Check gcc/as compatibility with AMD64 assembly
+ implementations.
+
+2013-06-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Optimize _gcry_burn_stack for 32-bit and 64-bit architectures.
+ + commit ec2f8de409a93c80efa658134df22074a9bca5a4
+ * src/misc.c (_gcry_burn_stack): Add optimization for 32-bit and 64-bit
+ architectures.
+
+ Add Camellia AES-NI/AVX2 implementation.
+ + commit d94ec5f5f8a5d40a7d344025aa466f276f9718df
+ * cipher/Makefile.am: Add 'camellia-aesni-avx2-amd64.S'.
+ * cipher/camellia-aesni-avx2-amd64.S: New file.
+ * cipher/camellia-glue.c (USE_AESNI_AVX2): New macro.
+ (CAMELLIA_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'.
+ [USE_AESNI_AVX2] (_gcry_camellia_aesni_avx2_ctr_enc)
+ (_gcry_camellia_aesni_avx2_cbc_dec)
+ (_gcry_camellia_aesni_avx2_cfb_dec): New prototypes.
+ (camellia_setkey) [USE_AESNI_AVX2]: Check AVX2+AES-NI capable hardware
+ and set 'ctx->use_aesni_avx2'.
+ (_gcry_camellia_ctr_enc) [USE_AESNI_AVX2]: Add AVX2 accelerated code.
+ (_gcry_camellia_cbc_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code.
+ (_gcry_camellia_cfb_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code.
+ (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks'
+ so that AVX2 codepaths get tested.
+ * configure.ac (camellia) [avx2support, aesnisupport]: Add
+ 'camellia-aesni-avx2-amd64.lo'.
+
+ Add Serpent AVX2 implementation.
+ + commit e7ab4e1a7396f4609b9033207015b239ab4a5140
+ * cipher/Makefile.am: Add 'serpent-avx2-amd64.S'.
+ * cipher/serpent-avx2-amd64.S: New file.
+ * cipher/serpent.c (USE_AVX2): New macro.
+ (serpent_context_t) [USE_AVX2]: Add 'use_avx2'.
+ [USE_AVX2] (_gcry_serpent_avx2_ctr_enc, _gcry_serpent_avx2_cbc_dec)
+ (_gcry_serpent_avx2_cfb_dec): New prototypes.
+ (serpent_setkey_internal) [USE_AVX2]: Check for AVX2 capable hardware
+ and set 'use_avx2'.
+ (_gcry_serpent_ctr_enc) [USE_AVX2]: Use AVX2 accelerated functions.
+ (_gcry_serpent_cbc_dec) [USE_AVX2]: Use AVX2 accelerated functions.
+ (_gcry_serpent_cfb_dec) [USE_AVX2]: Use AVX2 accelerated functions.
+ (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks'
+ so that AVX2 codepaths are tested.
+ * configure.ac (serpent) [avx2support]: Add 'serpent-avx2-amd64.lo'.
+
+ Add detection for Intel AVX2 instruction set.
+ + commit 3289bca708bdd02c69a331095ac6ca9a1efd74cc
+ * configure.ac: Add option --disable-avx2-support.
+ (HAVE_GCC_INLINE_ASM_AVX2): New.
+ (ENABLE_AVX2_SUPPORT): New.
+ * src/g10lib.h (HWF_INTEL_AVX2): New.
+ * src/global.c (hwflist): Add HWF_INTEL_AVX2.
+ * src/hwf-x86.c [__i386__] (get_cpuid): Initialize registers to zero
+ before cpuid.
+ [__x86_64__] (get_cpuid): Initialize registers to zero before cpuid.
+ (detect_x86_gnuc): Store maximum cpuid level.
+ (detect_x86_gnuc) [ENABLE_AVX2_SUPPORT]: Add detection for AVX2.
+
+ twofish: add amd64 assembly implementation.
+ + commit d325ab5d86e6107a46007a4d0131122bbd719f8c
+ * cipher/Makefile.am: Add 'twofish-amd64.S'.
+ * cipher/twofish-amd64.S: New file.
+ * cipher/twofish.c (USE_AMD64_ASM): New macro.
+ [USE_AMD64_ASM] (_gcry_twofish_amd64_encrypt_block)
+ (_gcry_twofish_amd64_decrypt_block, _gcry_twofish_amd64_ctr_enc)
+ (_gcry_twofish_amd64_cbc_dec, _gcry_twofish_amd64_cfb_dec): New
+ prototypes.
+ [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt)
+ (twofish_encrypt, twofish_decrypt): New functions.
+ (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec)
+ (selftest_ctr, selftest_cbc, selftest_cfb): New functions.
+ (selftest): Call new bulk selftests.
+ * cipher/cipher.c (gcry_cipher_open) [USE_TWOFISH]: Register Twofish
+ bulk functions for ctr-enc, cbc-dec and cfb-dec.
+ * configure.ac (twofish) [x86_64]: Add 'twofish-amd64.lo'.
+ * src/cipher.h (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
+ (gcry_twofish_cfb_dec): New prototypes.
+
+2013-05-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ rinjdael: add amd64 assembly implementation.
+ + commit 7317fcfadf00789df140e51c0d16b60f6b144b59
+ * cipher/Makefile.am: Add 'rijndael-amd64.S'.
+ * cipher/rijndael-amd64.S: New file.
+ * cipher/rijndael.c (USE_AMD64_ASM): New macro.
+ [USE_AMD64_ASM] (_gcry_aes_amd64_encrypt_block)
+ (_gcry_aes_amd64_decrypt_block): New prototypes.
+ (do_encrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function.
+ (do_encrypt): Disable input/output alignment when USE_AMD64_ASM is set.
+ (do_decrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function.
+ (do_decrypt): Disable input/output alignment when USE_AMD64_AES is set.
+ * configure.ac (aes) [x86-64]: Add 'rijndael-amd64.lo'.
+
+ blowfish: add amd64 assembly implementation.
+ + commit 9a61edd1f00cefe8ffa3ad54a53eed163883053c
+ * cipher/Makefile.am: Add 'blowfish-amd64.S'.
+ * cipher/blowfish-amd64.S: New file.
+ * cipher/blowfish.c (USE_AMD64_ASM): New macro.
+ [USE_AMD64_ASM] (_gcry_blowfish_amd64_do_encrypt)
+ (_gcry_blowfish_amd64_encrypt_block)
+ (_gcry_blowfish_amd64_decrypt_block, _gcry_blowfish_amd64_ctr_enc)
+ (_gcry_blowfish_amd64_cbc_dec, _gcry_blowfish_amd64_cfb_dec): New
+ prototypes.
+ [USE_AMD64_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block)
+ (encrypt_block, decrypt_block): New functions.
+ (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
+ (_gcry_blowfish_cfb_dec, selftest_ctr, selftest_cbc, selftest_cfb): New
+ functions.
+ (selftest): Call new bulk selftests.
+ * cipher/cipher.c (gcry_cipher_open) [USE_BLOWFISH]: Register Blowfish
+ bulk functions for ctr-enc, cbc-dec and cfb-dec.
+ * configure.ac (blowfish) [x86_64]: Add 'blowfish-amd64.lo'.
+ * src/cipher.h (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
+ (gcry_blowfish_cfb_dec): New prototypes.
+
+2013-05-24 Werner Koch <wk@gnupg.org>
+
+ ecc: Simplify the compliant point generation.
+ + commit 99b18aa536703ef90c9a1f5c8f40bc68b2064593
+ * cipher/ecc.c (generate_key): Use point_snatch_set, replaces unneeded
+ variable copies, etc.
+
+ ecc: Fix a minor flaw in the generation of K.
+ + commit 9711384f75564a71979e3fb971b5f4cadcf1afef
+ * cipher/dsa.c (gen_k): Factor code out to ..
+ * cipher/dsa-common.c (_gcry_dsa_gen_k): new file and function. Add
+ arg security_level and re-indent a bit.
+ * cipher/ecc.c (gen_k): Remove and change callers to _gcry_dsa_gen_k.
+ * cipher/dsa.c: Include pubkey-internal.
+ * cipher/Makefile.am (libcipher_la_SOURCES): Add dsa-common.c
+
+2013-05-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ cast5: add amd64 assembly implementation.
+ + commit 0bdf26eea8cdbffefe7e37578f8f896c4f5f5275
+ * cipher/Makefile.am: Add 'cast5-amd64.S'.
+ * cipher/cast5-amd64.S: New file.
+ * cipher/cast5.c (USE_AMD64_ASM): New macro.
+ (_gcry_cast5_s1tos4): Merge arrays s1, s2, s3, s4 to single array to
+ simplify access from assembly implementation.
+ (s1, s2, s3, s4): New macros pointing to subarrays in
+ _gcry_cast5_s1tos4.
+ [USE_AMD64_ASM] (_gcry_cast5_amd64_encrypt_block)
+ (_gcry_cast5_amd64_decrypt_block, _gcry_cast5_amd64_ctr_enc)
+ (_gcry_cast5_amd64_cbc_dec, _gcry_cast5_amd64_cfb_dec): New prototypes.
+ [USE_AMD64_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block)
+ (decrypt_block): New functions.
+ (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec)
+ (selftest_ctr, selftest_cbc, selftest_cfb): New functions.
+ (selftest): Call new bulk selftests.
+ * cipher/cipher.c (gcry_cipher_open) [USE_CAST5]: Register CAST5 bulk
+ functions for ctr-enc, cbc-dec and cfb-dec.
+ * configure.ac (cast5) [x86_64]: Add 'cast5-amd64.lo'.
+ * src/cipher.h (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec)
+ (gcry_cast5_cfb_dec): New prototypes.
+
+ cipher-selftest: make selftest work with any block-size.
+ + commit ab8fc70b5f0c396a5bc941267f59166e860b8c5d
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128)
+ (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed
+ functions from '<name>_128' to '<name>'.
+ (_gcry_selftest_helper_cbc, _gcry_selftest_helper_cfb)
+ (_gcry_selftest_helper_ctr): Make work with different block sizes.
+ * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc_128)
+ (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed
+ prototypes from '<name>_128' to '<name>'.
+ * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128)
+ (selftest_ctr_128): Change to use new function names.
+ * cipher/rijndael.c (selftest_ctr_128, selftest_cfb_128)
+ (selftest_ctr_128): Change to use new function names.
+ * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128)
+ (selftest_ctr_128): Change to use new function names.
+
+2013-05-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ serpent: add parallel processing for CFB decryption.
+ + commit 6deb0ccdf718a0670f80e6762a3842caf76437d6
+ * cipher/cipher.c (gcry_cipher_open): Add bulf CFB decryption function
+ for Serpent.
+ * cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_cfb_dec): New
+ function.
+ * cipher/serpent.c (_gcry_serpent_sse2_cfb_dec): New prototype.
+ (_gcry_serpent_cfb_dec) New function.
+ (selftest_cfb_128) New function.
+ (selftest) Call selftest_cfb_128.
+ * src/cipher.h (_gcry_serpent_cfb_dec): New prototype.
+
+ camellia: add parallel processing for CFB decryption.
+ + commit b60f06f70227c1e69e1010da8b47ea51ade48145
+ * cipher/camellia-aesni-avx-amd64.S
+ (_gcry_camellia_aesni_avx_cfb_dec): New function.
+ * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_cfb_dec): New
+ prototype.
+ (_gcry_camellia_cfb_dec): New function.
+ (selftest_cfb_128): New function.
+ (selftest): Call selftest_cfb_128.
+ * cipher/cipher.c (gry_cipher_open): Add bulk CFB decryption function
+ for Camellia.
+ * src/cipher.h (_gcry_camellia_cfb_dec): New prototype.
+
+ rinjdael: add parallel processing for CFB decryption with AES-NI.
+ + commit 319ee14f2aab8db56a830fd7ac8926f91b4f738a
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_cfb_128): New
+ function for CFB selftests.
+ * cipher/cipher-selftest.h (_gcry_selftest_helper_cfb_128): New
+ prototype.
+ * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_vec4): New function.
+ (_gcry_aes_cfb_dec) [USE_AESNI]: Add parallelized CFB decryption.
+ (selftest_cfb_128): New function.
+ (selftest): Call selftest_cfb_128.
+
+2013-05-23 Werner Koch <wk@gnupg.org>
+
+ Avoid compiler warning due to the global symbol setkey.
+ + commit b402de8b9c4a9f269faf03ca952b1eb68a1f33c8
+ * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128)
+ (_gcry_selftest_helper_ctr_128): Rename setkey to setkey_func.
+
+2013-05-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ serpent: add SSE2 accelerated amd64 implementation.
+ + commit 2fd06e207dcea1d8a7f0e7e92f3359615a99421b
+ * configure.ac (serpent): Add 'serpent-sse2-amd64.lo'.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add
+ 'serpent-sse2-amd64.S'.
+ * cipher/cipher.c (gcry_cipher_open) [USE_SERPENT]: Register bulk
+ functions for CBC-decryption and CTR-mode.
+ * cipher/serpent.c (USE_SSE2): New macro.
+ [USE_SSE2] (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec):
+ New prototypes to assembler functions.
+ (serpent_setkey): Set 'serpent_init_done' before calling serpent_test.
+ (_gcry_serpent_ctr_enc): New function.
+ (_gcry_serpent_cbc_dec): New function.
+ (selftest_ctr_128): New function.
+ (selftest_cbc_128): New function.
+ (selftest): Call selftest_ctr_128 and selftest_cbc_128.
+ * cipher/serpent-sse2-amd64.S: New file.
+ * src/cipher.h (_gcry_serpent_ctr_enc): New prototype.
+ (_gcry_serpent_cbc_dec): New prototype.
+
+ Serpent: faster S-box implementation.
+ + commit c85501af8222913f0a1e20e77fceb88e93417925
+ * cipher/serpent.c (SBOX0, SBOX1, SBOX2, SBOX3, SBOX4, SBOX5, SBOX6)
+ (SBOX7, SBOX0_INVERSE, SBOX1_INVERSE, SBOX2_INVERSE, SBOX3_INVERSE)
+ (SBOX4_INVERSE, SBOX5_INVERSE, SBOX6_INVERSE, SBOX7_INVERSE): Replace
+ with new definitions.
+
+2013-05-22 Werner Koch <wk@gnupg.org>
+
+ w32: Fix installing of .def file.
+ + commit 4e46d8bc78008ba06f106b368cefb0dddf15fe38
+ * src/Makefile.am (install-def-file): Create libdir first.
+
+ Add control commands to disable mlock and setuid dropping.
+ + commit 2b8014af202c9e0f7619f7a4377f5eb752235220
+ * src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New.
+ (GCRYCTL_DISABLE_PRIV_DROP): New.
+ * src/global.c (_gcry_vcontrol): Implement them.
+ * src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New.
+ (GCRY_SECMEM_FLAG_NO_PRIV_DROP): New.
+ * src/secmem.c (no_mlock, no_priv_drop): New.
+ (_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them.
+ (lock_pool): Handle no_mlock and no_priv_drop.
+
+ Fix libtool 2.4.2 to correctly detect .def files.
+ + commit 05b3e2dda61d3d532a7f1ffd2487a85ed1c4f3ab
+ * ltmain.sh (sed_uncomment_deffile): New.
+ (orig_export_symbols): Uncomment def file before testing for EXPORTS.
+ * m4/libtool.m4: Do the same for the generated code.
+
+2013-05-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Add AES bulk CBC decryption selftest.
+ + commit b65281a1b76d7898eb7607932246b78277d8570b
+ * cipher/rinjdael.c (selftest_cbc_128): New.
+ (selftest): Call selftest_cbc_128.
+
+ Change AES bulk CTR encryption selftest use new selftest helper function
+ + commit 3637bdbb5f30a5e06745d448a6a8ad00e5cdd740
+ * cipher/rinjdael.c: (selftest_ctr_128): Change to use new selftest
+ helper function.
+
+ Convert bulk CTR and CBC selftest functions in Camellia to generic selftest helper functions
+ + commit eed4042fa028b3f73bad6a768f5b0a82f642e545
+ * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-selftest files.
+ * cipher/camellia-glue.c (selftest_ctr_128, selftest_cbc_128): Change
+ to use the new selftest helper functions.
+ * cipher/cipher-selftest.c: New.
+ * cipher/cipher-selftest.h: New.
+
+ camellia: add bulk CBC decryption selftest.
+ + commit f2986f03d1ae59f973bae56ce4333e5457003de5
+ * cipher/camellia-glue.c: (selftest_cbc_128): New selftest function for
+ bulk CBC decryption.
+ (selftest): Add call to selftest_cbc_128.
+
+ camellia: Rename camellia_aesni_avx_x86-64.S to camellia-aesni-avx-amd64.S
+ + commit 194ae35da7830a76b96e9b21121a2e1248762d3f
+ * cipher/camellia_aesni_avx_x86-64.S: Remove.
+ * cipher/camellia-aesni-avx-amd64.S: New.
+ * cipher/Makefile.am: Use the new filename.
+ * configure.ac: Use the new filename.
+
+2013-05-21 Werner Koch <wk@gnupg.org>
+
+ Fix indentation and save on string space.
+ + commit 2ac3a7c2b7154379738d17cfde8cd9017dc142f0
+ * cipher/ecc.c (generate_key): Use the same string for both fatal
+ messages.
+
+2013-05-20 Andrey <andrey@brainhub.org>
+
+ cipher: Fix segv in last ECC change.
+ + commit eb4937914db3fb7317502e97e4f0e40c1857f59d
+ * cipher/ecc.c (generate_key): Make sure R is initialized.
+
+2013-05-09 Andrey <andrey@brainhub.org>
+
+ cipher: Generate compliant ECC keys.
+ + commit 296f38a2bd2e25788643a42e4881faed00884a40
+ * cipher/ecc.c (generate_key): Make sure a key is compliant for
+ using the compact representation.
+
+2013-04-18 Werner Koch <wk@gnupg.org>
+
+ cipher: Fix regression in Padlock support.
+ + commit 6c942ec4d63032539f1fc56c3b970cfec2369e2b
+ * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case
+ and use the standard one.
+
+ mpi: Yet another fix to get option flag munging right.
+ + commit 03557687a09b9c8878c77cbfdd0f5049940c72da
+ * cipher/Makefile.am (o_flag_munging): Yet another fix.
+
+ mpi: Make using gcc's -Ofast easier.
+ + commit 1ab26bc304c559b0a8d29823d656f7ad8d10a59d
+ * cipher/Makefile.am (o_flag_munging): Take -Ofast in account.
+
+ Fix alignment problem in idea.c.
+ + commit 3271b0dfda67e26c381d7ed667737f08f865ee40
+ * cipher/idea.c (cipher): Rework parameter use to fix alignment
+ problems.
+
+ * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros.
+
+ Fix alignment problem in idea.c.
+
+ * cipher/idea.c (cipher): Rework parameter use to fix alignment
+ problems.
+
+ * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros.
+
+
+ (cherry picked from 4cd279556777e02eda79973f68efaa4b741f9175)
+
+2013-04-18 Vladimir Serbinenko <phcoder@gmail.com>
+
+ Add some const attributes.
+ + commit ff0b94c22b36600fff1db9f1d48f9de61f9038f7
+ * cipher/md4.c (transform): Add const attribute.
+ * cipher/md5.c (transform): Ditto.
+ * cipher/rmd160.c (transform): Ditto.
+
+ Fix alignment problem in serpent.c.
+ + commit 86e72b490a5790a9c23341067c7e4d3e38be1634
+ * cipher/serpent.c (serpent_key_prepare): Fix misaligned access.
+ (serpent_setkey): Likewise.
+ (serpent_encrypt_internal): Likewise.
+ (serpent_decrypt_internal): Likewise.
+ (serpent_encrypt): Don't put an alignment-increasing cast.
+ (serpent_decrypt): Likewise.
+ (serpent_test): Likewise.
+
+2013-04-16 Werner Koch <wk@wheatstone.g10code.de>
+
+ Fix multiply by zero in gcry_mpi_ec_mul.
+ + commit 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4
+ * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0.
+ * tests/t-mpi-point.c (basic_ec_math): Add a test case for this.
+
+2013-04-15 Werner Koch <wk@gnupg.org>
+
+ Add macros to return pre-defined MPIs.
+ + commit bd3afc27459a44df8cf501a7e1ae37bb849a8b0e
+ * src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO)
+ (GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New.
+ (_gcry_mpi_get_const): New private function.
+ * src/visibility.c (_gcry_mpi_get_const): New.
+ * src/visibility.h: Mark it visible.
+
+ Fix addition of EC points.
+ + commit 71b25a5562f68aad81eae52cc1bab9ca7731a7e9
+ * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine
+ coordinates.
+
+2013-04-12 Werner Koch <wk@gnupg.org>
+
+ Add hack to allow using an "ecc" key for "ecdsa" or "ecdh".
+ + commit af8a79aea80217a0c85a592db1fa001792a6bf0f
+ * cipher/pubkey.c (sexp_to_key): Add optional arg USE.
+ (gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign.
+ (gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt.
+ * tests/basic.c (show_sexp): New.
+ (check_pubkey_sign): Print test number and add cases for ecc.
+ (check_pubkey_sign_ecdsa): New.
+ (do_check_one_pubkey): Divert to new function.
+
+2013-04-11 Werner Koch <wk@gnupg.org>
+
+ Add gcry_pubkey_get_sexp.
+ + commit 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c
+ * src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New.
+ (GCRY_PK_GET_SECKEY): New.
+ (gcry_pubkey_get_sexp): New.
+ * src/visibility.c (gcry_pubkey_get_sexp): New.
+ * src/visibility.h (gcry_pubkey_get_sexp): Mark visible.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
+ * cipher/pubkey-internal.h: New.
+ * cipher/Makefile.am (libcipher_la_SOURCES): Add new file.
+ * cipher/ecc.c: Include pubkey-internal.h
+ (_gcry_pk_ecc_get_sexp): New.
+ * cipher/pubkey.c: Include pubkey-internal.h and context.h.
+ (_gcry_pubkey_get_sexp): New.
+ * src/context.c (_gcry_ctx_find_pointer): New.
+ * src/cipher-proto.h: Add _gcry_pubkey_get_sexp.
+ * tests/t-mpi-point.c (print_sexp): New.
+ (context_param, basic_ec_math_simplified): Add tests for the new
+ function.
+
+ * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
+ (AH_BOTTOM) Add error codes from gpg-error 1.12
+ * src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL.
+
+ * mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q.
+ (_gcry_mpi_ec_get_point): Ditto.
+
+ Remove unused code.
+ + commit 7524da2ba83d83a766c22d704006380c893e1c49
+ * cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release)
+ (_gcry_pk_get_elements): Remove.
+
+2013-04-05 Werner Koch <wk@gnupg.org>
+
+ Make the Q parameter optional for ECC signing.
+ + commit fe91a642c7c257aca095b96406fbcace88fa3df4
+ * cipher/ecc.c (ecc_sign): Remove the need for Q.
+ * cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a
+ private key.
+ (sexp_to_key): Add optional arg R_IS_ECC.
+ (gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys.
+ * tests/pubkey.c (die): Make sure to print a LF.
+ (check_ecc_sample_key): New.
+ (main): Call new test.
+
+ Add test case for SCRYPT and rework the code.
+ + commit f23a068bcb6ec9788710698578d8be0a2a006dbc
+ * tests/t-kdf.c (check_scrypt): New.
+ (main): Call new test.
+
+ * configure.ac: Support disabling of the scrypt algorithm. Make KDF
+ enabling similar to the other algorithm classes. Disable scrypt if we
+ don't have a 64 bit type.
+ * cipher/memxor.c, cipher/memxor.h: Remove.
+ * cipher/scrypt.h: Remove.
+ * cipher/kdf-internal.h: New.
+ * cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to
+ EXTRA_libcipher_la_SOURCES.
+ (GCRYPT_MODULES): Add GCRYPT_KDFS.
+ * src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value.
+ * cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2.
+ (_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0.
+ (gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check
+ for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt.
+ (gcry_kdf_derive) [!USE_SCRYPT]: Return an error.
+ * cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by
+ kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined.
+ Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types.
+ (_SALSA20_INPUT_LENGTH): Remove underscore from identifier.
+ (_scryptBlockMix): Replace memxor by buf_xor.
+ (_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer
+ overflow. Add hack to support blocksize of 1 for tests. Return
+ errors from calls to _gcry_kdf_pkdf2.
+
+ * cipher/kdf.c (openpgp_s2k): Make static.
+
+2013-04-04 Christian Grothoff <christian@grothoff.org>
+
+ Add the SCRYPT KDF function.
+ + commit 855b1a8f81b5a3b5b31d0c3c303675425f58a5af
+ * scrypt.c, scrypt.h: New files.
+ * memxor.c, memxor.h: New files.
+ * cipher/Makefile.am: Add new files.
+ * cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT.
+ * src/gcrypt.h.in (GCRY_KDF_SCRYPT): New.
+
+2013-03-22 Werner Koch <wk@gnupg.org>
+
+ Replace deprecated AM_CONFIG_HEADER macro.
+ + commit d0c8fda5af45354ac32928c9a01e688d6893599d
+ * configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADER/
+
+ Disable AES-NI support if as does not support SSSE3.
+ + commit 9f4df1612ae21a5ce70d98930cb194e5193f5e2d
+ * configure.ac (HAVE_GCC_INLINE_ASM_SSSE3): New test.
+ (ENABLE_AESNI_SUPPORT): Do not define without SSSE3 support.
+ (HAVE_GCC_INLINE_ASM_SSSE3, ENABLE_AVX_SUPPORT): Split up detection
+ and definition.
+
+2013-03-21 Werner Koch <wk@gnupg.org>
+
+ Fix make dependency regression.
+ + commit 2a1e03c5a481689c43d197dd8034a1d73de0a1a4
+ * src/Makefile.am (libgcrypt_la_DEPENDENCIES): Add missing backslash.
+ Reported by LRN.
+
+2013-03-20 Werner Koch <wk@gnupg.org>
+
+ Use finer grained on-the-fly helper computations for EC.
+ + commit 5fb3501aa0cf5f2b2a9012706bb9ad2b1c4bfd7d
+ * src/ec-context.h (mpi_ec_ctx_s): Replace NEED_SYNC by a bitfield.
+ * mpi/ec.c (ec_p_sync): Remove.
+ (ec_get_reset, ec_get_a_is_pminus3, ec_get_two_inv_p): New.
+ (ec_p_init): Use ec_get_reset.
+ (_gcry_mpi_ec_set_mpi, _gcry_mpi_ec_dup_point)
+ (_gcry_mpi_ec_add_points): Replace ec_p_sync by the ec_get_ accessors.
+
+ Allow building with w64-mingw32.
+ + commit b402e550041782b770a6ae267c7c28ca8324a12e
+ * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also
+ prepare for 64 bit building.
+
+ Provide GCRYPT_VERSION_NUMBER macro, add build info to the binary.
+ + commit 1eaad0a8c4cab227685a6a8768e539df2f1f4dac
+ * src/gcrypt.h.in (GCRYPT_VERSION_NUMBER): New.
+ * configure.ac (VERSION_NUMBER): New ac_subst.
+ * src/global.c (_gcry_vcontrol): Move call to above function ...
+ (gcry_check_version): .. here.
+
+ * configure.ac (BUILD_REVISION, BUILD_FILEVERSION)
+ (BUILD_TIMESTAMP): Define on all platforms.
+ * compat/compat.c (_gcry_compat_identification): Include revision and
+ timestamp.
+
+ Fix a memory leak in the new EC code.
+ + commit de07974d807b703a2554d6ba885ea249e648bd44
+ * cipher/ecc.c (point_from_keyparam): Always call mpi_free on A.
+
+2013-03-19 Werner Koch <wk@gnupg.org>
+
+ Extend the new EC interface and fix two bugs.
+ + commit 931e409e877d1e444edd53dead327ec8e64daf9a
+ * src/ec-context.h (mpi_ec_ctx_s): Add field NEED_SYNC.
+ * mpi/ec.c (ec_p_sync): New.
+ (ec_p_init): Only set NEED_SYNC.
+ (_gcry_mpi_ec_set_mpi): Set NEED_SYNC for 'p' and 'a'.
+ (_gcry_mpi_ec_dup_point, _gcry_mpi_ec_add_points)
+ (_gcry_mpi_ec_mul_point): Call ec_p_sync.
+ (_gcry_mpi_ec_get_point): Recompute 'q' is needed.
+ (_gcry_mpi_ec_get_mpi): Ditto. Also allow for names 'q', 'q.x',
+ 'q.y', and 'g'.
+ * cipher/ecc.c (_gcry_mpi_ec_ec2os): New.
+
+ * cipher/ecc.c (_gcry_mpi_ec_new): Fix init from parameters 'Q'->'q',
+ 'G'->'q'.
+
+2013-03-15 Werner Koch <wk@gnupg.org>
+
+ mpi: Add functions to manipulate an EC context.
+ + commit 229f3219f80c9369ed9624242c0436ae6d293201
+ * src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove.
+ (gcry_mpi_ec_new): New.
+ (gcry_mpi_ec_get_mpi): New.
+ (gcry_mpi_ec_get_point): New.
+ (gcry_mpi_ec_set_mpi): New.
+ (gcry_mpi_ec_set_point): New.
+ * src/visibility.c (gcry_mpi_ec_p_new): Remove.
+ * mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and
+ change to return an error code.
+ (_gcry_mpi_ec_get_mpi): New.
+ (_gcry_mpi_ec_get_point): New.
+ (_gcry_mpi_ec_set_mpi): New.
+ (_gcry_mpi_ec_set_point): New.
+ * src/mpi.h: Add new prototypes.
+ * src/ec-context.h: New.
+ * mpi/ec.c: Include that header.
+ (mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some
+ fields into an inner struct.
+ (point_copy): New.
+ * cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS.
+ (mpi_from_keyparam, point_from_keyparam): New.
+ (_gcry_mpi_ec_new): New.
+
+ * tests/t-mpi-point.c (test-curve): New.
+ (ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new.
+ (get_and_cmp_mpi, get_and_cmp_point): New.
+ (context_param): New test.
+ (basic_ec_math_simplified): New test.
+ (main): Call new tests.
+
+ * src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX.
+
+2013-03-13 Werner Koch <wk@gnupg.org>
+
+ Add GCRYMPI_FLAG_CONST and make use constants.
+ + commit e005629bd7bebb3e13945645c6e1230b44ab16a2
+ * src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New.
+ * src/mpi.h (mpi_is_const, mpi_const): New.
+ (enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New.
+ * mpi/mpiutil.c (_gcry_mpi_init): New.
+ (constants): New.
+ (_gcry_mpi_free): Do not release a constant flagged MPI.
+ (gcry_mpi_copy): Clear the const and immutable flags.
+ (gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support
+ GCRYMPI_FLAG_CONST.
+ (_gcry_mpi_const): New.
+ * src/global.c (global_init): Call _gcry_mpi_init.
+ * mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and
+ eight. Change all users to call mpi_const() instead.
+
+ * src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag.
+
+ Add GCRYMPI_FLAG_IMMUTABLE to help debugging.
+ + commit 1fecae98ee7e0fa49b29f98efa6817ca121ed98a
+ * src/gcrypt.h.in (GCRYMPI_FLAG_IMMUTABLE): New.
+ * src/mpi.h (mpi_is_immutable): New macro.
+ * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag)
+ (gcry_mpi_get_flag): Implement new flag
+ (_gcry_mpi_immutable_failed): New.
+
+ * mpi/mpiutil.c (_gcry_mpi_clear, _gcry_mpi_free, gcry_mpi_snatch)
+ (gcry_mpi_set, gcry_mpi_randomize): Act upon the immutable flag.
+ * mpi/mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit)
+ (gcry_mpi_clear_highbit, gcry_mpi_clear_bit)
+ (_gcry_mpi_rshift_limbs, gcry_mpi_lshift): Ditto.
+ * mpi/mpicoder.c (_gcry_mpi_set_buffer): Ditto.
+
+2013-03-08 Werner Koch <wk@gnupg.org>
+
+ mpi: Add an API for EC math.
+ + commit 8ac9e756d3ca545a9b97e61ad3d42fc2e877d788
+ * src/context.c, src/context.h: New.
+ * src/Makefile.am (libgcrypt_la_SOURCES): Add new files.
+ * src/gcrypt.h.in (struct gcry_context, gcry_ctx_t): New types.
+ (gcry_ctx_release): New prototype.
+ (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup)
+ (gcry_mpi_ec_add, gcry_mpi_ec_mul): New prototypes.
+ * mpi/ec.c: Include errno.h and context.h.
+ (_gcry_mpi_ec_init): Rename to ..
+ (ec_p_init): this, make static, remove allocation and add arg CTX.
+ (_gcry_mpi_ec_p_internal_new): New; to replace _gcry_mpi_ec_init.
+ Change all callers to use this func.
+ (_gcry_mpi_ec_free): Factor code out to ..
+ (ec_deinit): New func.
+ (gcry_mpi_ec_p_new): New.
+ * src/visibility.c: Include context.h and mpi.h.
+ (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup)
+ (gcry_mpi_ec_add, gcry_mpi_ec_mul)
+ (gcry_ctx_release): New wrapper functions.
+ * src/visibility.h: Mark new wrapper functions visible.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new symbols.
+ * tests/t-mpi-point.c (print_mpi, hex2mpi, cmp_mpihex): New.
+ (context_alloc): New.
+ (make_point, basic_ec_math): New.
+
+ mpi: Add an API for EC point operations.
+ + commit 7cce620acddac2df024ca421ed3abc32a88f3738
+ * mpi/ec.c (gcry_mpi_point_new, gcry_mpi_point_release): New.
+ (gcry_mpi_point_get, gcry_mpi_point_snatch_get): New.
+ (gcry_mpi_point_set, gcry_mpi_point_snatch_set): New.
+ * src/visibility.h, src/visibility.c: Add corresponding macros and
+ wrappers.
+ * src/gcrypt.h.in (struct gcry_mpi_point, gcry_mpi_point_t): New.
+ (gcry_mpi_point_new, gcry_mpi_point_release, gcry_mpi_point_get)
+ (gcry_mpi_point_snatch_get, gcry_mpi_point_set)
+ (gcry_mpi_point_snatch_set): New prototypes.
+ (mpi_point_new, mpi_point_release, mpi_point_get, mpi_point_snatch_get)
+ (mpi_point_set, mpi_point_snatch_set): New macros.
+ * src/libgcrypt.vers (gcry_mpi_point_new, gcry_mpi_point_release)
+ (gcry_mpi_point_get, gcry_mpi_point_snatch_get, gcry_mpi_point_set)
+ (gcry_mpi_point_snatch_set): New symbols.
+ * src/libgcrypt.def: Ditto.
+ * tests/t-mpi-point.c: New.
+ * tests/Makefile.am (TESTS): Add t-mpi-point
+
+2013-03-07 Werner Koch <wk@gnupg.org>
+
+ mpi: Add mpi_snatch and change an internal typedef.
+ + commit 6c4767637c512127a4362732b3ec51068554d328
+ * src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point.
+ (mpi_point_struct): New typedef.
+ (mpi_point_t): Change typedef to a pointer. Replace all occurrences
+ to use mpi_point_struct.
+ * mpi/ec.c (_gcry_mpi_ec_point_init): Rename to ..
+ (_gcry_mpi_point_init): this. Change all callers.
+ (_gcry_mpi_ec_point_free): Rename to ..
+ (_gcry_mpi_point_free_parts): this. Change all callers.
+
+ * mpi/mpiutil.c (gcry_mpi_snatch): New function.
+ * src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and
+ macro.
+ * src/visibility.c (gcry_mpi_snatch): Add wrapper.
+ * src/visibility.h (gcry_mpi_snatch): Add macro magic.
+ * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
+
+ Pretty print the configure feedback.
+ + commit c620099e4ab2f35e0196b395a805bb655c984ac2
+ * acinclude.m4 (GNUPG_MSG_PRINT): Remove.
+ (GCRY_MSG_SHOW, GCRY_MSG_WRAP): New.
+ * configure.ac: Use new macros for the feedback.
+
+2013-02-20 Werner Koch <wk@gnupg.org>
+
+ Fix building of hwf-x86.c.
+ + commit 70dcac663de06b012417015c175973d64e6980df
+ * src/Makefile.am (AM_CFLAGS): Set to GPG_ERROR_CFLAGS
+ (AM_CCASFLAGS): Set NOEXECSTACK_FLAGS.
+
+ Remove build hacks for FreeBSD.
+ + commit fb48ebf7081400a24ee48f8a9894a361e8834b6e
+ * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
+ LDFLAGS.
+
+2013-02-19 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni.
+ + commit 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa
+ * cipher/rijndael.c (_gcry_aes_cbc_enc): Check if AES-NI is enabled before
+ calling aesni_prepare() and aesni_cleanup().
+
+ Add AES-NI/AVX accelerated Camellia implementation.
+ + commit 63ac3ba07dba82fde040d31b90b4eff627bd92b9
+ * configure.ac: Add option --disable-avx-support.
+ (HAVE_GCC_INLINE_ASM_AVX): New.
+ (ENABLE_AVX_SUPPORT): New.
+ (camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add
+ camellia_aesni_avx_x86-64.lo.
+ * cipher/Makefile.am (AM_CCASFLAGS): Add.
+ (EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S
+ * cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT]
+ [__x86_64__] (USE_AESNI_AVX): Add macro.
+ (struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx.
+ [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc)
+ (_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly
+ functions.
+ (camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware
+ support both.
+ (_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code.
+ (_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code.
+ * cipher/camellia_aesni_avx_x86-64.S: New.
+ * src/g10lib.h (HWF_INTEL_AVX): New.
+ * src/global.c (hwflist): Add HWF_INTEL_AVX.
+ * src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection
+ for AVX.
+
+ camellia.c: Prepare for AES-NI/AVX implementation.
+ + commit 4de62d80644228fc5db2a9f9c94a7eb633d8de2e
+ * cipher/camellia-glue.c (CAMELLIA_encrypt_stack_burn_size)
+ (CAMELLIA_decrypt_stack_burn_size): Increase stack burn size.
+ * cipher/camellia.c (CAMELLIA_ROUNDSM): Move key-material mixing in
+ the front.
+ (camellia_setup128, camellia_setup256): Remove now unneeded
+ key-material mangling.
+ (camellia_encrypt128, camellia_decrypt128, amellia_encrypt256)
+ (camellia_decrypt256): Copy block to stack, so that compiler can
+ optimize it for register usage.
+
+ Camellia, prepare glue code for AES-NI/AVX implementation.
+ + commit 537f12ce072d568f9fa344c447d32b2e0efffbe8
+ * cipher/camellia-glue.c (ATTR_ALIGNED_16): Add macro.
+ (CAMELLIA_encrypt_stack_burn_size): Add macro.
+ (camellia_encrypt): Use macro above for stack burn size.
+ (CAMELLIA_decrypt_stack_burn_size): Add macro.
+ (camellia_decrypt): Use macro above for stack burn size.
+ (_gcry_camellia_ctr_enc): New function.
+ (_gcry_camellia_cbc_dec): New function.
+ (selftest_ctr_128): New function.
+ (selftest): Call function above.
+ * cipher/cipher.c (gcry_cipher_open) [USE_CAMELLIA]: Register bulk
+ functions for CBC-decryption and CTR-mode.
+ * src/cipher.h (_gcry_camellia_ctr_enc): New prototype.
+ (_gcry_camellia_cbc_dec): New prototype.
+
+2012-12-21 Werner Koch <wk@gnupg.org>
+
+ Prepare for hardware feature detection on other platforms.
+ + commit 09ac5d87d11aa0b1fa0e0a4184ab03b3671a73e2
+ * configure.ac (GCRYPT_HWF_MODULES): New.
+ (HAVE_CPU_ARCH_X86, HAVE_CPU_ARCH_ALPHA, HAVE_CPU_ARCH_SPARC)
+ (HAVE_CPU_ARCH_MIPS, HAVE_CPU_ARCH_M68K, HAVE_CPU_ARCH_PPC)
+ (HAVE_CPU_ARCH_ARM): New AC_DEFINEs.
+ * mpi/config.links (mpi_cpu_arch): New.
+ * src/global.c (print_config): Print new tag "cpu-arch".
+ * src/Makefile.am (libgcrypt_la_SOURCES): Add hwf-common.h
+ (EXTRA_libgcrypt_la_SOURCES): New.
+ (gcrypt_hwf_modules): New.
+ (libgcrypt_la_DEPENDENCIES, libgcrypt_la_LIBADD): Add that one.
+ * src/hwfeatures.c: Factor most code out to ...
+ * src/hwf-x86.c: New file.
+ (detect_x86_gnuc): Return the feature vector.
+ (_gcry_hwf_detect_x86): New.
+ * src/hwf-common.h: New.
+ * src/hwfeatures.c (_gcry_detect_hw_features): Dispatch using
+ HAVE_CPU_ARCH_ macros.
+
+2012-12-21 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Clean up i386/x86-64 cpuid usage in hwfeatures.c.
+ + commit d842eea55e22c05da3959a7a4422b5fcd7884f60
+ * src/hwfeatures.c [__i386__ && __GNUC__] (detect_ia32_gnuc): Remove.
+ [__x86_64__ && __GNUC__] (detect_x86_64_gnuc): Remove.
+ [__i386__ && __GNUC__] (is_cpuid_available, get_cpuid)
+ (HAS_X86_CPUID): New.
+ [__x86_64__ && __GNUC__] (is_cpuid_available, get_cpuid)
+ (HAS_X86_CPUID): New.
+ [HAS_X86_CPUID] (detect_x86_gnuc): New.
+ (_gcry_detect_hw_features) [__i386__ && GNUC]: Remove detect_ia32_gnuc
+ call.
+ (_gcry_detect_hw_features) [__x86_64__ && GNUC]: Remove
+ detect_x86_64_gnuc call.
+ (_gcry_detect_hw_features) [HAS_X86_CPUID]: Add detect_x86_gnuc call.
+
+2012-12-18 Dmitry Kasatkin <dmitry.kasatkin@intel.com>
+
+ Add support for using DRNG random number generator.
+ + commit efd7002188e6d50013e4d9a920a8b9afa9d210e5
+ * configure.ac: Add option --disable-drng-support.
+ (ENABLE_DRNG_SUPPORT): New.
+ * random/rndhw.c (USE_DRNG): New.
+ (rdrand_long, rdrand_nlong, poll_drng): New.
+ (_gcry_rndhw_poll_fast, _gcry_rndhw_poll_slow): Call poll function.
+ * src/g10lib.h (HWF_INTEL_RDRAND): New.
+ * src/global.c (hwflist): Add "intel-rdrand".
+ * src/hwfeatures.c (detect_x86_64_gnuc) [ENABLE_DRNG_SUPPORT]: Detect
+ RDRAND.
+ (detect_ia32_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND.
+
+2012-12-03 Werner Koch <wk@gnupg.org>
+
+ random: Add a RNG selection interface and system RNG wrapper.
+ + commit 7607ab81504ce44060ed0b331d309606f5da1e75
+ * random/random-system.c: New.
+ * random/Makefile.am (librandom_la_SOURCES): Add new module.
+ * random/random.c (struct rng_types): New.
+ (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New.
+ (_gcry_random_initialize, gcry_random_add_bytes, do_randomize)
+ (_gcry_set_random_seed_file, _gcry_update_random_seed_file)
+ (_gcry_fast_random_poll): Dispatch to the actual RNG.
+ * src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New.
+ GCRYCTL_GET_CURRENT_RNG_TYPE): New.
+ (gcry_rng_types): New.
+ * src/global.c (print_config): Print the TNG type.
+ (global_init, _gcry_vcontrol): Implement the new control codes.
+ * doc/gcrypt.texi (Controlling the library): Document the new control
+ codes.
+
+ * tests/benchmark.c (main): Add options to test the RNG types.
+ * tests/random.c (main): Add new options.
+ (print_hex): Print to stderr.
+ (progress_cb, rng_type): New.
+ (check_rng_type_switching, check_early_rng_type_switching): New.
+ (run_all_rng_tests): New.
+
+ tests: Allow use of random.c under Windows.
+ + commit 76c622e24a07f7c826812be173aa173b4334776b
+ * tests/Makefile.am (TESTS): Always include random.c
+ * tests/random.c [!W32]: Include sys/wait.h.
+ (inf): New.
+ (check_forking, check_nonce_forking): Print a notice what will be done.
+ (main) [W32]: Do not call signal.
+
+ Make random-fips.c work multi-threaded.
+ + commit 75760021b511ba438606af746431223357e7a155
+ * random/random-fips.c (basic_initialization): Fix reversed logic.
+
+ Move nonce creation from csprng backend to random main module.
+ + commit c324644aa14e54fc7051983b38222db32b8ab227
+ * random/random-csprng.c (_gcry_rngcsprng_create_nonce): Remove.
+ (nonce_buffer_lock): Remove.
+ (initialize_basics): Remove init of nonce_buffer_lock.
+ * random/random.c: Add a few header files.
+ (nonce_buffer_lock): New.
+ (_gcry_random_initialize): Init nonce_buffer_lock.
+ (gcry_create_nonce): Add code from _gcry_rngcsprng_create_nonce.
+
+ * random/random-daemon.c (_gcry_daemon_create_nonce): Remove.
+
+2012-12-03 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Fix building with CC="gcc -std=c90".
+ + commit f851b9a932ee64fa5a06000d1ac763ba4349f07d
+ * configure.ac: Add check for missing 'asm' keyword in C90 mode and
+ replacement with '__asm__'.
+
+2012-12-03 Werner Koch <wk@gnupg.org>
+
+ Try to use inttypes.h if stdint.h is not available.
+ + commit d9ec7aec1301b13a89e5c9c54d7ad52e1a29b846
+ * cipher/bufhelp.h [HAVE_INTTYPES_H]: Include inttypes.h
+
+2012-12-03 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Optimize buffer xoring.
+ + commit 162791bc08f4fc9b3882671e68ecdfd9e130ae59
+ * cipher/Makefile.am (libcipher_la_SOURCES): Add 'bufhelp.h'.
+ * cipher/bufhelp.h: New.
+ * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
+ (_gcry_cipher_aeswrap_decrypt): Use 'buf_xor' for buffer xoring.
+ * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
+ (_gcry_cipher_cbc_decrypt): Use 'buf_xor' for buffer xoring and remove
+ resulting unused variables.
+ * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) Use 'buf_xor_2dst'
+ for buffer xoring and remove resulting unused variables.
+ (_gcry_cipher_cfb_decrypt): Use 'buf_xor_n_copy' for buffer xoring and
+ remove resulting unused variables.
+ * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Use 'buf_xor' for
+ buffer xoring and remove resulting unused variables.
+ * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
+ (_gcry_cipher_ofb_decrypt): Use 'buf_xor' for buffer xoring and remove
+ resulting used variables.
+ * cipher/rijndael.c (_gry_aes_cfb_enc): Use 'buf_xor_2dst' for buffer
+ xoring and remove resulting unused variables.
+ (_gry_aes_cfb_dev): Use 'buf_xor_n_copy' for buffer xoring and remove
+ resulting unused variables.
+ (_gry_aes_cbc_enc, _gry_aes_ctr_enc, _gry_aes_cbc_dec): Use 'buf_xor'
+ for buffer xoring and remove resulting unused variables.
+
+2012-11-29 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Optimize AES-NI CTR mode.
+ + commit 9ee9e25f519696d509b1a5c1cc04ab0121e98a51
+ * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Make
+ handling of 64-bit overflow and carry conditional. Avoid generic to
+ vector register passing of value '1'. Generate and use '-1' instead.
+
+2012-11-28 Werner Koch <wk@gnupg.org>
+
+ Make a cpp conditional in rijndael.c better readable.
+ + commit 6765e0a8618000d3dc7bda035163e0708c43791b
+ * cipher/rijndael.c (USE_AESNI): Modify cpp conditionals for better
+ readability.
+
+2012-11-28 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Fix building with Clang on x86-64 and i386.
+ + commit 99e272d938fe23efec25af409bdb91dae0e659e5
+ * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_aligned)
+ (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Add
+ explicit suffix to 'cmp' instructions.
+
+2012-11-26 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Optimize wipememory2 for i386 and x86-64.
+ + commit faec12e23f03c7cd1614594bfdd51f1302cadb42
+ * src/g10lib.h (wipememory2): Add call to fast_wipememory2.
+ (fast_wipememory2): New macros for i386 and x86-64 architectures.
+ Empty macro provided for other architectures.
+
+ Fix missing 64bit carry handling in AES-NI CTR mode.
+ + commit fc37e805c6394c2e635d1a033670be961f36a6d2
+ * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Add
+ carry handling to 64-bit addition.
+ (selftest_ctr_128): New function for testing IV handling in bulk CTR
+ function.
+ (selftest): Add call to selftest_ctr_128.
+
+ Add parallelized AES-NI CBC decryption.
+ + commit 35aff0cd43885b5f5c076432ec614698abeb63d8
+ * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_5): New macro.
+ [USE_AESNI] (do_aesni_dec_vec4): New function.
+ (_gcry_aes_cbc_dec) [USE_AESNI]: Add parallelized CBC loop.
+ (_gcry_aes_cbc_dec) [USE_AESNI]: Change IV storage register from xmm3
+ to xmm5.
+
+ Clear xmm5 after use in AES-NI CTR mode.
+ + commit 5acd0e5ae2a58dda51c2b56c879b80a1a6d2c42f
+ * cipher/rijndael.c [USE_AESNI]: Rename aesni_cleanup_2_4 to
+ aesni_cleanup_2_5.
+ [USE_AESNI] (aesni_cleanup_2_5): Clear xmm5 register.
+ (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) [USE_AESNI]: Use
+ aesni_cleanup_2_5 instead of aesni_cleanup_2_4.
+
+ Optimize AES-NI CBC encryption.
+ + commit be3768994ad362dfc849a8cd0146b4c9bb287d20
+ * cipher/rijndeal.c (_gcry_aes_cbc_enc) [USE_AESNI]: Add AES-NI
+ spesific loop and use SSE2 assembler for xoring and copying of
+ blocks.
+
+ Improve parallelizability of CBC decryption for AES-NI.
+ + commit 3369d960158ab4231b83926a0f982e2a8819f173
+ * cipher/rijndael.c (_gcry_aes_cbc_dec) [USE_AESNI]: Add AES-NI
+ specific CBC mode loop with temporary block and IV stored in free SSE
+ registers.
+
+ Extend test of chained modes for 128bit ciphers.
+ + commit 55b96be08531664ed3f4230acebe0f45954bbc33
+ * tests/basic.c (check_one_cipher_core, check_one_cipher): Increase
+ input and output buffer sizes from 16 bytes to 1024+16=1040 bytes.
+ (check_one_cipher_core): Add asserts to verify sizes of temporary
+ buffers.
+
+2012-11-21 Werner Koch <wk@gnupg.org>
+
+ Fix for strict aliasing rules.
+ + commit dfb4673da8ee52d95e0a62c9f49ca8599943f22e
+ * cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t for
+ casting.
+
+ Do not detect AES-NI support if disabled by configure.
+ + commit 3047795794eb238aa684bd0729acf64c82a19e09
+ * src/hwfeatures.c (detect_ia32_gnuc): Detect AESNI support only if
+ that support has been enabled.
+
+2012-11-21 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+
+ Fix too large burn_stack in camellia-glue.c.
+ + commit 8afabc2813948778a3db52d9dee9a041a3dd50d4
+ * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Do not
+ take full array size of KEY_TABLE_TYPE, but argument size instead.
+
+ Add x86_64 support for AES-NI.
+ + commit d8bdfa42ed582655c180e7db9b16d4e756a12a6e
+ * cipher/rijndael.c [ENABLE_AESNI_SUPPORT]: Enable USE_AESNI on x86-64.
+ (do_setkey) [USE_AESNI_is_disabled_here]: Use %[key] and %[ksch]
+ directly as registers instead of using temporary register %%esi.
+ [USE_AESNI] (do_aesni_enc_aligned, do_aesni_dec_aligned, do_aesni_cfb,
+ do_aesni_ctr, do_aesni_ctr_4): Use %[key] directly as register instead
+ of using temporary register %%esi.
+ [USE_AESNI] (do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Change %[key]
+ from generic "g" type to register "r".
+ * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Do not
+ clear AES-NI feature flag.
+
+ Fix cpuid vendor-id check for i386 and x86-64.
+ + commit 9e1552517f68459a165ddebbba85e7cf37ff4f0c
+ * src/hwfeatures.c (detect_x86_64_gnuc, detect_ia32_gnuc): Allow
+ Intel features be detect from CPU by other vendors too.
+
+ Fix hwdetect assembler clobbers.
+ + commit 19b9efd1f47a5de9c450ce8212dfa3174a029c7a
+ * src/hwfeatures.c (detect_x86_64_gnuc): Add missing %ebx assembler
+ clobbers.
+ (detect_x86_64_gnuc, detect_ia32_gnuc) [ENABLE_PADLOCK_SUPPORT]: Add
+ missing %ecx assembler clobbers.
+
+2012-11-21 Werner Koch <wk@gnupg.org>
+
+ Use configure test for aligned attribute.
+ + commit 6368ed542150956ff4ba8170a15bbc534143675c
+ * configure.ac (HAVE_GCC_ATTRIBUTE_ALIGNED): New test and ac_define.
+ * cipher/cipher-internal.h, cipher/rijndael.c, random/rndhw.c: Use new
+ macro instead of a fixed test for __GNUC__.
+
+ Fix segv with AES-NI on some platforms.
+ + commit a96974de734beb51a733a89b3283bcf7b433b54c
+ * cipher/rijndael.c (RIJNDAEL_context): Align on 16 bytes.
+
+2012-11-16 Werner Koch <wk@gnupg.org>
+
+ Improve parsing of the GIT revision number.
+ + commit 4b18e530f417d4af401a3fd721ad2a07e5310e3e
+ * configure.ac (mmm4_revision): Use git rev-parse.
+
+2012-11-08 Werner Koch <wk@gnupg.org>
+
+ Fix extern inline use for gcc > 4.3 in c99 mode.
+ + commit 5abc06114e91beca0177331e1c79815f5fb6d7be
+ * mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern
+ inline semantics in gcc.
+
+2012-11-07 Werner Koch <wk@gnupg.org>
+
+ Fix memory leak in gcry_pk_testkey for ECC.
+ + commit 8cbbad5f94f6e0429fffe66d689aea20f7e35957
+ * cipher/ecc.c (check_secret_key): Restructure for easier allocation
+ tracking. Fix memory leak.
+
+2012-11-05 Werner Koch <wk@gnupg.org>
+
+ Prepare for a backported interface in 1.5.1.
+ + commit 7af98ef78d45e813f47ae4e180a02757a379953f
+ * configure.ac: Bump LT version at C20/A0/R0 to adjust for a planned
+ API update in 1.5.1.
+
+ Adjust for stricter autoconf requirements.
+ + commit 1241fbbc896e9bbad68f1007a17b20493f6cd1af
+ * configure.ac: Fix usage of AC_LANG_PROGRAM.
+
+ Update build helper scripts.
+ + commit a5c4d45e8d12737cd21b095c81da5c18e2afc39e
+ * config.guess, config.sub: Update to version 2012-07-31.
+ * ltmain.sh: Update to version 2.4.2.
+ * install-sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4
+ * m4/lt~obsolete.m4: Update to autoconf 2.69 versions.
+
+ Do not distribute a copy of gitlog-to-changelog.
+ + commit 40976d7da5420453bf93a9c99f0cc4c7044d0774
+ * Makefile.am (GITLOG_TO_CHANGELOG): New.
+ (gen-ChangeLog): Require an installed gitlog-to-changelog.
+ * scripts/gitlog-to-changelog: Remove.
+
+ * README.SVN: Remove.
+ * REMOVE.GIT: New.
+
+ Allow building with w64-mingw32.
+ + commit 4f6fb150558d0ed250bfbd50352c258a4456ba50
+ * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also
+ prepare for 64 bit building.
+ <git-setup>: Remove option -c from chmod.
+
+ Switch to the new automagic beta numbering scheme.
+ + commit 7d5195be76d9dd4adc28976ad153e8f7761c5855
+ * configure.ac: Add all the required m4 magic.
+
+ Avoid dereferencing pointer right after the end.
+ + commit 79502e2c1982047dcf2b776f52826f38bbd9b1fe
+ * mpi/mpicoder.c (do_get_buffer): Check the length before derefing P.
+
+2012-10-30 Werner Koch <wk@gnupg.org>
+
+ Make ancient test program useful again.
+ + commit 66adf76e634423bb72ce1f0b5ed78f4e4798f190
+ * tests/testapi.c (test_sexp): Adjust to current API. Print the
+ return code. Mark unused args.
+ (test_genkey): Mark unused args.
+ (main): Do not pass NULL to printf.
+
+ tests: Add ECC key generation tests.
+ + commit c13164884ade6b1e945cddacce2d244fd881de6b
+ * tests/keygen.c (check_generated_ecc_key): New.
+ (check_ecc_keys): New.
+ (main): Call simple ECC checks.
+
+2012-10-30 Milan Broz <mbroz@redhat.com>
+
+ PBKDF2: Allow empty passphrase.
+ + commit 8528f1ba40e587dc17e02822e529fbd7ac69a189
+ * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
+ * tests/t-kdf.c (check_pbkdf2): Add test case for above.
+
+2012-08-16 Xi Wang <xi.wang@gmail.com>
+
+ Replace deliberate division by zero with _gcry_divide_by_zero.
+ + commit 2c54c4da19d3a79e9f749740828026dd41f0521a
+ * mpi/mpi-pow.c: Replace 1 / msize.
+ * mpi/mpih-div.c: Replace 1 / dsize.
+ * src/misc.c: Add _gcry_divide_by_zero.
+
+2012-06-21 Werner Koch <wk@gnupg.org>
+
+ Clear AESNI feature flag for x86_64.
+ + commit 2196728e2252917849c1be94417258076767021b
+ * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Clear
+ AESNI feature flag.
+
+ Beautify last change.
+ + commit 20e423212c9710ee663e12dd0f62580ceb245a6f
+ * cipher/rijndael.c: Replace C99 feature from last patch. Keep cpp
+ lines short.
+ * random/rndhw.c: Keep cpp lines short.
+ * src/hwfeatures.c (_gcry_detect_hw_features): Make cpp def chain
+ better readable.
+
+2012-06-21 Rafaël Carré <funman@videolan.org>
+
+ Enable VIA Padlock on x86_64 platforms.
+ + commit baf0dc7e9c26167ab43ba2adebcf2f1abc9d9b3b
+ * cipher/rijndael.c: Duplicate x86 assembly and convert to x86_64.
+ * random/rndhw.c: Likewise.
+ * src/hwfeatures.c: Likewise.
+
+2012-05-14 Werner Koch <wk@gnupg.org>
+
+ Add curve aliases from RFC-5656.
+ + commit 39c123b729a472ace039f8536d07f8b9a5f4675a
+ * cipher/ecc.c (curve_aliases): Add "nistp???" entries.
+
+2012-04-16 Werner Koch <wk@gnupg.org>
+
+ State new contribution rules.
+ + commit 3bb858551cd5d84e43b800edfa2b07d1529718a9
+ * doc/DCO: New.
+ * doc/HACKING: Document new rules.
+
+2012-04-04 Tomas Mraz <tmraz@fedoraproject.org>
+
+ Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command.
+ + commit 90e49a11733bfba9c3c505ac487282d35757f682
+ * doc/gcrypt.texi: Add documentation of the new command.
+ * src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
+ only when fips mode is enabled.
+ (_gcry_set_enforced_fips_mode): New function.
+ * src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
+ * src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG.
+ * src/global.c (_gcry_vcontrol): Handle the new command.
+
+2012-02-17 Ulrich Müller <ulm@gentoo.org>
+
+ Rework selftest in idea.c.
+ + commit 70cca617ed75ea292e1fed769114dda5cc1d76f1
+ * cipher/idea.c (do_setkey): Execute selftest when first called.
+ (decrypt_block): Remove commented-out code.
+ (selftest): Execute all selftests. Return NULL on success, or
+ string in case of error.
+
+2012-02-16 Werner Koch <wk@gnupg.org>
+
+ Fix missing prototype.
+ + commit 46035d28c9b413851d43a4008fdc8e4cdf5d686b
+ * src/g10lib.h (_gcry_secmem_module_init): Make it a real prototype.
+
+2012-02-16 Ulrich Müller <ulm@gentoo.org>
+
+ Add support for the IDEA cipher.
+ + commit 318fd85f377c060908d371f792d41e599b3b7483
+ Adapt idea.c to the Libgcrypt framework.
+ Add IDEA to cipher_table and to the build system.
+
+ Patents on IDEA have expired:
+ Europe: EP0482154 on 2011-05-16,
+ Japan: JP3225440 on 2011-05-16,
+ U.S.: 5,214,703 on 2012-01-07.
+
+ * configure.ac: Add idea to the list of available ciphers.
+ Define USE_IDEA if idea is enabled.
+ * cipher/cipher.c (cipher_table): Add entry for IDEA.
+ * cipher/idea.c: Update comment about patents.
+ Include proper header files and remove redundant declarations.
+ (expand_key, cipher, do_setkey, encrypt_block, decrypt_block):
+ Define function arguments as const where appropriate.
+ (cipher): Test for !WORDS_BIGENDIAN instead of LITTLE_ENDIAN_HOST.
+ (do_setkey, decrypt_block): Don't call selftest.
+ (idea_setkey): New function, wrapper for do_setkey.
+ (idea_encrypt): New function, wrapper for encrypt_block.
+ (_gcry_cipher_spec_idea): Define.
+ * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add idea.c.
+ * src/cipher.h (_gcry_cipher_spec_idea): Declare.
+ * tests/basic.c (check_ciphers): Add GCRY_CIPHER_IDEA.
+
+2012-01-09 Werner Koch <wk@gnupg.org>
+
+ Include an IDEA implementation.
+ + commit 6078b05f5340d886e0b9e6cee1d9b5043e0cb210
+ The code is the old IDEA test code, written by me back in 1997 and
+ distributed on a Danish FTP server. This commit is only for
+ reference. To use the code it has to be adjusted to the Libgcrypt
+ framework.
+
+2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ Fix pthread locking and remove defunctional support for static lock init.
+ + commit 38fcd59ce774eaa3d65f2f7534c989afd860eb56
+ * src/ath.c: Include assert.h.
+ (ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK.
+ * src/g10lib.h (_gcry_secmem_module_init): New declaration.
+ * src/global.c (global_init): Call _gcry_secmem_module_init.
+ * src/secmem.c (_gcry_secmem_module_init): New function.
+
+2011-12-16 Werner Koch <wk@gnupg.org>
+
+ Add alignment tests for the cipher tests.
+ + commit 14cf1f7e338fedb8edaff5631441746605152bd6
+ * tests/basic.c (check_one_cipher): Factor most code out to
+ check_one_cipher_core. Call that core function several times using
+ different alignment settings.
+ (check_one_cipher_core): New. Add extra args to allow alignment
+ testing.
+
+2011-12-07 Werner Koch <wk@gnupg.org>
+
+ tests/prime: Add option to create a well known private key.
+ + commit 16f5654643d584e3bc739b636752d779176b2191
+ * tests/prime.c (print_mpi, create_42prime): New.
+ (main): Add option --42.
+
+2011-12-01 Werner Koch <wk@gnupg.org>
+
+ Do not build the random-daemon by make distcheck.
+ + commit ea1fb538d99f1ec093f2fef86f4f29176ec27826
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Disable building of the
+ random daemon
+
+ Generate the ChangeLog from commit logs.
+ + commit 137d73191c904926ba529376144ee8239af4ca02
+ * scripts/gitlog-to-changelog: New script. Taken from gnulib.
+ * scripts/git-log-fix: New file.
+ * scripts/git-log-footer: New file.
+ * doc/HACKING: Describe the ChangeLog policy
+ * ChangeLog: New file.
+ * Makefile.am (EXTRA_DIST): Add new files.
+ (gen-ChangeLog): New.
+ (dist-hook): Run gen-ChangeLog.
+
+ Rename all ChangeLog files to ChangeLog-2011.
+
+2011-12-01 Werner Koch <wk@gnupg.org>
+
+ NB: Changes done before December 1st, 2011 are described in
+ per directory files named ChangeLog-2011. See doc/HACKING for
+ details.
+
+ -----
+ Copyright (C) 2011 Free Software Foundation, Inc.
+
+ Copying and distribution of this file and/or the original GIT
+ commit log messages, with or without modification, are
+ permitted provided the copyright notice and this notice are
+ preserved.