1 2013-05-28 Niels Möller <nisse@lysator.liu.se>
3 * Released nettle-2.7.1.
5 2013-05-21 Niels Möller <nisse@lysator.liu.se>
7 From master (2013-05-20):
8 * arm/v6/sha1-compress.asm: Moved into v6 directory, since it uses
9 the v6 instruction uadd8, sel and rev.
10 * arm/v6/sha256-compress.asm: Likewise.
12 From master (2013-05-15):
13 * configure.ac (asm_path): Handle armv6 and armv7 differently from
14 older ARMs. Add the arm/v6 directory to asm_path when appropriate.
16 * arm/v6/aes-encrypt-internal.asm: Moved into v6 directory. Uses
17 the uxtb instruction which is not available for older ARMs.
18 * arm/v6/aes-decrypt-internal.asm: Likewise.
20 2013-05-21 Niels Möller <nisse@lysator.liu.se>
22 * configure.ac: Changed version number to 2.7.1.
23 (LIBHOGWEED_MINOR): Bumped library version, to 4.7.
24 (LIBHOGWEED_MINOR): And to 2.5.
26 2013-05-17 Niels Möller <nisse@lysator.liu.se>
29 * ecc-j-to-a.c (ecc_j_to_a): Fixed ecc_modp_mul call, to avoid
30 invalid overlap of arguments to mpn_mul_n. Problem tracked down by
33 2013-04-24 Niels Möller <nisse@lysator.liu.se>
35 * Released nettle-2.7.
37 2013-04-23 Niels Möller <nisse@lysator.liu.se>
40 * x86_64/sha256-compress.asm: Add forgotten W64_EXIT.
41 * x86_64/sha512-compress.asm: Likewise.
42 * x86_64/salsa20-crypt.asm (Lpartial): Don't return via W64_EXIT
43 within this subfunction.
44 * x86_64/machine.m4 (W64_ENTRY): Use movdqu instead of movdqa for
45 saving xmm registers, since the stack is not guaranteed to be
46 16-byte aligned on win64. Take pushed xmm registers into account
47 when reading the fifth parameter from the stack.
49 * Makefile.in: Consistently use EXEEXT_FOR_BUILD.
51 2013-04-21 Niels Möller <nisse@lysator.liu.se>
53 * Makefile.in (DISTFILES): Added mini-gmp.c and mini-gmp.h.
54 (distdir): Use find, for identifying assembly files to copy.
56 2013-04-18 Niels Möller <nisse@lysator.liu.se>
58 * configure.ac: Recognize cpu type "arm*", not just "armv7*'.
60 * arm/aes-encrypt-internal.asm: Updated include of aes.m4.
61 * arm/aes-decrypt-internal.asm: Likewise.
63 * Makefile.in (distdir): Updated for ARM reorganization.
65 * configure.ac (asm_path): Generalized, can now be a list of
66 directories. On ARM, check for neon instructions, and add arm/neon
67 if appropriate. New command line options
68 --enable-arm-neon/--disable-arm-neon, for overriding the default.
70 arm/neon: New subdirectory, for assembly files making use of neon
73 arm: Renamed directory, from...
76 * aclocal.m4 (NETTLE_CHECK_ARM_NEON): New macro.
78 * nettle.texinfo (Keyed hash functions): Document UMAC.
80 * umac.h (UMAC32_DIGEST_SIZE, UMAC64_DIGEST_SIZE)
81 (UMAC96_DIGEST_SIZE, UMAC128_DIGEST_SIZE): New constants.
82 (UMAC_DATA_SIZE): New name, for consistency with hash functions.
84 (UMAC_BLOCK_SIZE): ... old name.
86 2013-04-17 Niels Möller <nisse@lysator.liu.se>
88 * examples/nettle-benchmark.c (main): Benchmark salsa20r12.
90 * nettle-internal.c (nettle_salsa20r12): Cipher struct for
92 * nettle-internal.h (nettle_salsa20): Declare it.
94 * Makefile.in (eccdata): Depend on mini-gmp files. Drop -lgmp.
96 * eccdata.c: Use mini-gmp, to avoid gmp dependency and associated
97 configure tests for the *build* system. Replaced mpz_submul_ui by
98 mpz_mul_ui + mpz_sub, and gmp_printf and gmp_fprintf by calls to
101 * mini-gmp.h, mini-gmp.c: New files, copied from gmp-5.1.1.
103 2013-04-16 Niels Möller <nisse@lysator.liu.se>
105 * umac-set-key.c (BE_SWAP32_N): Fixed dummy definition used for
108 * Makefile.in (TARGETS): Deleted eccdata, it should be build only
109 when public key support is enabled.
110 (clean-here): Exlicitly list it here.
112 * asm.m4 (m4_log2): New macro, similar to the one in gmp.
113 (ALIGN): Changed to take alignment in bytes. Updated all callers,
114 currently used only in x86 and x86_64 files.
116 * umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
117 block count an uint64_t. Reorder some elements to put short values
119 * umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
120 (_umac_l2): Deleted redundant memcpy.
121 (_umac_l2, _umac_l2_final): Store input buffer at end of the
122 poly64/poly128 state. Deleted l1_out from corresponding context
123 structs, and updated all callers.
125 * configure.ac: Changed version number to 2.7.
126 (LIBNETTLE_MINOR): Bumped library version, to 4.6.
127 (LIBHOGWEED_MINOR): And to 2.4.
129 * Makefile.in (distdir): Include files from armv7 subdirectory.
131 * x86_64/umac-nh-n.asm: New file, 3.5 time speedup.
133 * umac32.c (umac32_digest): Fix nonce caching.
134 * umac64.c (umac64_digest): Likewise.
136 * testsuite/umac-test.c (test_incr): New function.
137 (test_main): Test nonce increment.
139 * misc/umac/umac.py: UMAC reference implementation.
140 * misc/umac/rijndael.py: AES implementation used by umac.py.
141 * misc/umac/mkvectors: Script to generate UMAC test vectors.
142 * misc/umac/vectors.out: Generated test vectors.
144 * umac32.c (umac32_digest): Fix nonce increment, use INCREMENT
146 * umac64.c (umac64_digest): Likewise.
147 * umac96.c (umac96_digest): Likewise.
148 * umac128.c (umac128_digest): Likewise.
150 * macros.h (INCREMENT): Allow size == 1.
152 2013-04-15 Niels Möller <nisse@lysator.liu.se>
154 * x86_64/umac-nh.asm: New file. 4.4 time speedup.
156 * armv7/umac-nh-n.asm: New file. 2.0-2.3 time speedup.
158 * testsuite/umac-test.c (test_align): Fixed memory leak.
160 2013-04-12 Niels Möller <nisse@lysator.liu.se>
162 * armv7/umac-nh.asm: New file. 2.4 time speedup.
164 * armv7/machine.m4 (D0REG, D1REG): New macros.
166 * configure.ac (asm_replace_list): Added umac-nh.asm and
169 * testsuite/umac-test.c: Test different alignments for the
172 2013-04-11 Niels Möller <nisse@lysator.liu.se>
174 * umac-nh-n.c (_umac_nh_n): Rewrote as a single pass over the
177 * examples/nettle-benchmark.c (time_umac): New function.
180 * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
181 can be xored directly to the pad in native byteorder.
182 * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
183 xor. Updated all callers.
184 * umac32.c (umac32_digest): Adapt to l3 changes.
185 * umac64.c (umac64_digest): Likewise.
186 * umac96.c (umac96_digest): Likewise.
187 * umac128.c (umac128_digest): Likewise.
189 Initial implementation of umac.
191 * umac-nh.c: New file.
192 * umac-nh-n.c: New file.
193 * umac-poly64.c: New file.
194 * umac-poly128.c: New file.
195 * umac-l2.c: New file.
196 * umac-l3.c: New file.
197 * Makefile.in (nettle_SOURCES): Added umac source files.
198 (HEADERS): Added umac.h.
199 * testsuite/umac-test.c: New file.
200 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added umac-test.c.
202 * ecc-mul-a.c (ecc_mul_a): Avoid using mp_bitcnt_t, for
203 compatibility with older GMP versions.
204 * ecc-mul-g.c (ecc_mul_g): Likewise.
205 * eccdata.c (ecc_mul_binary): Likewise.
206 * sec-modinv.c (sec_modinv): Likewise.
208 * x86_64/sha3-permute.asm: Go via memory for moves between general
209 registers and xmm registers.
211 2013-04-06 Niels Möller <nisse@lysator.liu.se>
213 From Edgar E. Iglesias:
214 * sha3.c (_sha3_update): Fix condition for when the block buffer
217 2013-04-04 Niels Möller <nisse@lysator.liu.se>
219 * ecc-point.c (ecc_point_get): Allow NULL x or y, ignore
220 corresponding coordinate.
222 * nettle.texinfo (Elliptic curves): Document high-level ECDSA
225 From Martin Storsjö. Fallback functions for older GMP releases.
226 * gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): New functions.
227 * gmp-glue.h: Declare them.
228 (mpn_sqr): Fallback macro.
230 * gmp-glue.h (cnd_add_n, cnd_sub_n): Moved here, define in terms
231 of mpn_cnd_add_n and mpn_sub_n if available, otherwise in terms of
232 mpn_addmul_1 and mpn_submul_1. This seems to be an improvement for
233 subtraction, but more questionable for addition.
235 * ecc-internal.h: Include gmp-glue.h. Deleted corresponding
236 include in all files using ecc-internal.h.
237 (cnd_add_n, cnd_sub_n): Moved from here.
239 2013-04-03 Niels Möller <nisse@lysator.liu.se>
241 * ecc-point-mul-g.c (ecc_point_mul_g): New file and function.
242 * ecc-point-mul.c (ecc_point_mul): New file and function.
243 * ecc.h: Updated declarations and name mangling.
244 * Makefile.in (hogweed_SOURCES): Added ecc-point-mul.c and
247 * testsuite/salsa20-test.c (test_main): Tests for salsa20r12,
248 contributed by Nikos Mavrogiannopoulos.
250 2013-03-26 Niels Möller <nisse@lysator.liu.se>
252 * armv7/salsa20-core-internal.asm: New file. 45% speedup.
254 2013-03-25 Niels Möller <nisse@lysator.liu.se>
257 * examples/timing.c: New file, extracted from nettle-benchmark.c.
258 * examples/timing.h: New file.
259 * examples/Makefile.in (SOURCES): Added timing.c.
260 (DISTFILES): Added timing.h.
261 (BENCH_OBJS, ECC_BENCH_OBJS, HOGWEED_BENCH_OBJS): Added timing.o.
262 * examples/nettle-benchmark.c: Use timing.h.
263 * examples/hogweed-benchmark.c: Likewise.
264 * examples/ecc-benchmark.c: Likewise.
266 From Nikos Mavrogiannopoulos:
267 * salsa20r12-crypt.c (salsa20r12_crypt): New file and function.
268 * salsa20.h (salsa20r12_crypt): Declare.
269 * Makefile.in (nettle_SOURCES): Added salsa20r12-crypt.c.
272 * examples/hogweed-benchmark.c: Include local headers.
273 * testsuite/ecdsa-keygen-test.c: Likewise.
274 * x86_64/sha3-permute.asm: Workaround for Apple's assembler; write
275 movq instructions as movd.
277 * Makefile.in (hogweed_PURE_OBJS): Don't include OPT_ASM_SOURCES
280 2013-03-15 Niels Möller <nisse@lysator.liu.se>
282 * armv7/sha3-permute.asm: New file. 4.5 time speedup.
284 * armv7/machine.m4 (QREG): New macro.
286 2013-03-14 Niels Möller <nisse@lysator.liu.se>
288 * configure.ac (asm_replace_list): Added sha3-permute.asm,
289 revering 2012-12-30 change. 34% speedup on intel i5, from 2190
290 cycles for the C implementation down to 1630.
292 * armv7/sha512-compress.asm: Optimized. Keep expanded data in
293 registers, exploit parallelism. Another 70% speedup.
295 * testsuite/sha512-test.c (test_main): Additional test vectors,
296 including some longer than 128 bytes.
298 2013-03-13 Niels Möller <nisse@lysator.liu.se>
300 * armv7/sha512-compress.asm: New file, using neon instructions.
303 * configure.ac (asm_replace_list): Added sha512-compress.asm.
304 * x86_64/machine.m4 (OFFSET64): New macro.
305 * x86_64/sha512-compress.asm: New file, 20% speedup.
307 * sha512-compress.c (ROUND): Eliminated a temporary, analogous to
310 * x86_64/sha256-compress.asm: New file, 16% speedup (benchmarked
313 2013-03-11 Niels Möller <nisse@lysator.liu.se>
315 * armv7/sha256-compress.asm: New file, 25% speedup.
317 * configure.ac (asm_replace_list): Added sha256-compress.asm.
319 * sha256-compress.c (ROUND): Eliminated a temporary.
321 * armv7/sha1-compress.asm: New file, 9% speedup.
323 * testsuite/testutils.c (test_hash): Test different alignments for
326 2013-03-08 Niels Möller <nisse@lysator.liu.se>
328 * armv7/aes-decrypt-internal.asm: New file, 15% speedup.
329 * armv7/aes-encrypt-internal.asm: New file, 25% speedup.
330 * armv7/aes.m4: New file.
332 2013-03-07 Niels Möller <nisse@lysator.liu.se>
334 * gmp-glue.c (mpz_limbs_cmp): Don't use PTR and SIZ macros.
336 * Makefile.in (aesdata, desdata, twofishdata, shadata, gcmdata)
337 (eccdata): Arrange for compiling these programs for running on the
338 build system, also when cross compiling everything else.
340 * config.make.in (CC_FOR_BUILD, EXEEXT_FOR_BUILD): New variables.
342 * configure.ac: Use GMP_PROG_CC_FOR_BUILD and
343 GMP_PROG_EXEEXT_FOR_BUILD.
345 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD, GMP_PROG_CC_FOR_BUILD_WORKS)
346 (GMP_PROG_EXEEXT_FOR_BUILD): New macros, based on GMP's.
348 * aesdata.c: Deleted includes of config.h and nettle-types.h. Use
349 unsigned char and unsigned long instead of stdint.h types.
351 * desdata.c: Deleted includes of config.h and desCode.h.
352 (main): Return 1 on invalid argument. Don't use ROR macro. Use
353 unsigned long instead of uint32_t, and make it work if unsigned
354 long is larger than 32 bits.
356 * gcmdata.c: Deleted include of config.h and use UNUSED macro.
357 * shadata.c: Likewise.
359 * twofishdata.c: Deleted include of nettle-types.h. Use unsigned
360 char instead of stdint.h types.
362 * x86_64/ecc-521-modp.asm: New file. 2.4 time speedup.
364 2013-03-06 Niels Möller <nisse@lysator.liu.se>
366 * x86_64/ecc-384-modp.asm: New file, 3 time speedup.
367 * x86_64/ecc-256-redc.asm: New file, 2.5 time speedup.
368 * x86_64/ecc-224-modp.asm: New file, 5 time speedup over C
371 2013-03-05 Niels Möller <nisse@lysator.liu.se>
373 * configure.ac (asm_optional_list): Added ecc-521-modp.asm.
374 * ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
375 version if available.
376 * armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
378 2013-03-04 Niels Möller <nisse@lysator.liu.se>
380 * configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
381 bogus reference to $asm_search_list.
382 * ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
383 version if available.
384 * armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
386 2013-03-03 Niels Möller <nisse@lysator.liu.se>
388 * ecc-256.c: Fixed definition of USE_REDC.
390 2013-03-01 Niels Möller <nisse@lysator.liu.se>
392 * ecc-256.c: Check HAVE_NATIVE_ecc_256_redc, and use native
393 version if available.
394 * armv7/ecc-256-redc.asm: New file, 4 time speedup over C version.
396 * testsuite/ecc-redc-test.c: Increased test count.
398 * ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
399 version if available.
400 * armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
403 * configure.ac (asm_optional_list): Added ecc-224-modp.asm.
404 (OPT_ASM_SOURCES): Fixed assignment.
406 2013-02-28 Niels Möller <nisse@lysator.liu.se>
408 * x86_64/ecc-192-modp.asm: Reorganized to reduce number of
409 additions. Use setc instruction.
411 * examples/Makefile.in: Let $(HOGWEED_TARGETS) depend on
414 * armv7/ecc-192-modp.asm: New file. 2.5 time speedup over C
417 2013-02-27 Niels Möller <nisse@lysator.liu.se>
419 * ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
420 version if available.
421 (ecc_192_modp): Fixed carry handling bug in 32-bit version.
423 * x86_64/ecc-192-modp.asm: New file. 3.8 times speedup over C
426 * configure.ac (OPT_ASM_SOURCES): New substituted variable.
427 (asm_replace_list, asm_optional_list): New variables. For files in
428 asm_optional_list, also add them to OPT_ASM_SOURCES and define
429 appropriate HAVE_NATIVE_* symbols found.
431 * Makefile.in (OPT_ASM_SOURCES): New variable. Used for setting
432 hogweed_OBJS and hogweed_PURE_OBJS.
434 * testsuite/ecc-mod-test.c: Increased test count.
436 * ecc-384.c (ecc_384_modp): Fixed typo which broke carry handling
437 in the 64-bit version.
439 * examples/ecc-benchmark.c (bench_add_jjj): Typo fix, benchmark
442 * gmp-glue.h: Check if GMP provides mpz_limbs_read (expected in
444 * gmp-glue.c: Use GMP's mpz_limbs_read and friends if available.
445 Renamed all functions for consistency with GMP. Updated all
448 2013-02-20 Niels Möller <nisse@lysator.liu.se>
450 * examples/Makefile.in (HOGWEED_TARGETS): Added
451 hogweed-benchmark$(EXEEXT).
452 (SOURCES): Added hogweed-benchmark.c.
453 (hogweed-benchmark$(EXEEXT)): New target.
455 * examples/hogweed-benchmark.c: New file.
457 * ecdsa-keygen.c (ecdsa_generate_keypair): New file and function.
458 * Makefile.in (hogweed_SOURCES): Added ecdsa-keygen.c.
459 * testsuite/ecdsa-keygen-test.c: New testcase.
460 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
463 * nettle-internal.h (TMP_ALLOC): Added missing parentheses.
465 2013-02-18 Niels Möller <nisse@lysator.liu.se>
467 * testsuite/ecdsa-verify-test.c: New testcase.
468 * testsuite/ecdsa-sign-test.c: New testcase.
469 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
470 ecdsa-sign-test.c and ecdsa-verify-test.c.
471 * testsuite/testutils.h: Include ecdsa.h.
472 (SHEX): Deleted const cast.
474 * ecc-point.c: New file, struct ecc_point abstraction.
475 * ecc-scalar.c: New file, struct ecc_scalar abstraction.
476 * ecc-random.c (ecc_modq_random, ecc_scalar_random): New file, new
478 * ecc-hash.c (ecc_hash): New file and function.
479 * ecc-ecdsa-sign.c: New file, low-level signing interface.
480 * ecc-ecdsa-verify.c: New file, low-level ecdsa verify.
481 * ecdsa-sign.c: (ecdsa_sign): New file and function.
482 * ecdsa-verify.c (ecdsa_verify): New file and function.
483 * ecdsa.h: New header file.
484 * ecc.h: Declare ecc_point and ecc_scalar functions.
485 * ecc-internal.h: Added declarations.
486 * Makefile.in (hogweed_SOURCES): Added new source files.
487 (HEADERS): Added ecdsa.h.
489 * gmp-glue.c (_mpz_set_mpn): New convenience function.
490 (_mpn_set_base256): New function.
491 (_gmp_alloc_limbs): New function.
492 (_gmp_free_limbs): New function.
493 * gmp-glue.h: Corresponding declarations. Include nettle-stdinh.h.
495 * examples/Makefile.in (HOGWEED_TARGETS): Renamed, was
496 RSA_TARGETS. Added ecc-benchmark$(EXEEXT).
497 (SOURCES): Added ecc-benchmark.c.
498 (ecc-benchmark$(EXEEXT)): New target.
500 * examples/ecc-benchmark.c: New file, benchmarking ecc primitives.
502 2013-02-15 Niels Möller <nisse@lysator.liu.se>
505 * ecc-a-to-j.c: New file.
506 * ecc-add-jjj.c: New file.
507 * ecc-mul-a.c: New file.
508 * Makefile.in (hogweed_SOURCES): Added new files.
509 * testsuite/ecc-mul-a-test.c: New file.
510 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
513 * testsuite/testutils.c: Removed redundant includes.
518 * ecc-j-to-a.c: New file.
519 * ecc-size.c: New file.
520 * ecc-add-jja.c: New file.
521 * ecc-dup-jj.c: New file.
522 * ecc-mul-g.c: New file.
523 * sec-tabselect.c: New file.
524 * Makefile.in (hogweed_SOURCES): Added new files.
525 (HEADERS): Added ecc.h
526 * testsuite/ecc-mul-g-test.c: New file.
527 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
529 * testsuite/testutils.c (xalloc_limbs): New function.
530 (test_mpn): New function.
531 (test_ecc_point): New function.
532 (test_ecc_mul_a): New function.
533 (test_ecc_mul_j): New function.
534 * testsuite/testutils.h: Corresponding declarations.
536 Integrate ECC internals.
537 * ecc-curve.h: New file.
538 * ecc-internal.h: New file.
539 * cnd-copy.c: New file.
540 * ecc-192.c: New file.
541 * ecc-224.c: New file.
542 * ecc-256.c: New file.
543 * ecc-384.c: New file.
544 * ecc-521.c: New file.
545 * ecc-generic-modp.c: New file.
546 * ecc-generic-modq.c: New file.
547 * ecc-generic-redc.c: New file.
548 * ecc-mod.c: New file.
549 * ecc-modp.c: New file.
550 * ecc-modq.c: New file.
551 * sec-add-1.c: New file.
552 * sec-modinv.c: New file.
553 * sec-sub-1.c: New file.
554 * Makefile.in (hogweed_SOURCES): Added new files.
555 (HEADERS): Added ecc-curve.h.
556 (DISTFILES): Added ecc-internal.h.
557 * testsuite/ecc-mod-test.c: New file.
558 * testsuite/ecc-modinv-test.c: New file.
559 * testsuite/ecc-redc-test.c: New file.
560 * testsuite/testutils.c (ecc_curves): New constant array.
561 * testsuite/testutils.h: Include ecc-related headers. Declare
563 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-mod-test.c
564 ecc-modinv-test.c ecc-redc-test.c.
566 * gmp-glue.c: New file, mpn <-> mpz conversions.
567 * gmp-glue.h: New file.
568 * Makefile.in: Added to hogweed_SOURCES and DISTFILES, respectively.
570 * eccdata.c: New program, for generating ECC-related tables.
571 * Makefile.in (ecc-192.h, ecc-224.h, ecc-256.h, ecc-384.h)
572 (ecc-512.h): New generated files.
574 2013-02-19 Niels Möller <nisse@lysator.liu.se>
576 * armv7/memxor.asm (memxor): Software pipelining for the aligned
577 case. Runs at 6 cycles (0.5 cycles per byte). Delayed push of
578 registers until we know how many registers we need.
579 (memxor3): Use 3-way unrolling also for aligned memxor3.
580 Runs at 8 cycles (0.67 cycles per byte)
582 2013-02-14 Niels Möller <nisse@lysator.liu.se>
584 * configure.ac: Find GMP's GMP_NUMB_BITS. Substitute in Makefile.
585 * config.make.in (GMP_NUMB_BITS): New variable.
587 * examples/rsa-keygen.c (uint_arg): New function.
588 (main): New options -s and -e, to specify key size and public
589 exponent. Increased default key size to 2048.
591 2013-02-12 Niels Möller <nisse@lysator.liu.se>
593 * armv7/memxor.asm (memxor): Optimized aligned case, using 3-way
596 2013-02-06 Niels Möller <nisse@lysator.liu.se>
598 * armv7/memxor.asm (memxor, memxor3): Optimized aligned case, now
599 runs at 0.75 cycles/byte.
601 * armv7/README: New file.
602 * armv7/machine.m4: New (empty) file.
603 * armv7/memxor.asm: Initial assembly implementation.
605 * config.m4.in: Substitute ASM_TYPE_PROGBITS as TYPE_PROGBITS.
607 * config.make.in: Added .s to the suffix list.
609 * Makefile.in (.asm.s): Use a separate make target for .asm
610 preprocessing. Include asm.d, which the corresponding
613 * configure.ac (asm_file_list): Collect assembly files into this
615 (asm.d): Make config.status write dependencies for .s files into
617 (ASM_ALIGN_LOG): Set to "no" when appropriate.
618 (ASM_TYPE_FUNCTION): Default to "@function".
619 (ASM_TYPE_PROGBITS): New substituted variable, set in the same way
620 as ASM_TYPE_FUNCTION.
621 (ASM_MARK_NOEXEC_STACK): Use TYPE_PROGBITS.
622 (asm_path): Set up asm_path for armv7.
624 * asm.m4: Use changecom to disable m4 quoting. Use divert to
627 2013-02-05 Niels Möller <nisse@lysator.liu.se>
629 * testsuite/rsa-keygen-test.c (test_main): Updated expected
630 signatures, after the nettle_mpz_random change below.
631 * testsuite/dsa-test.c (test_main): Likewise. Also fixed the
632 dsa256 test to actually use the expected signature.
634 2013-01-31 Niels Möller <nisse@lysator.liu.se>
636 * bignum-random.c (nettle_mpz_random): Increased number of extra
637 bits to 64, following FIPS 186-3.
639 2013-01-16 Niels Möller <nisse@lysator.liu.se>
641 * Released nettle-2.6.
643 2013-01-12 Niels Möller <nisse@lysator.liu.se>
645 * configure.ac: Use AC_LANG_SOURCE.
647 2013-01-02 Niels Möller <nisse@lysator.liu.se>
649 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.5.
650 (LIBHOGWEED_MINOR): And to 2.3.
652 * examples/Makefile.in: Explicit rules for building objects in
654 * tools/Makefile.in: Likewise.
655 * testsuite/Makefile.in: Likewise.
657 2013-01-01 Niels Möller <nisse@lysator.liu.se>
659 * nettle.texinfo (Recommended hash functions): Document additional
662 * examples/nettle-benchmark.c (main): Benchmark additional sha3
665 2012-12-30 Niels Möller <nisse@lysator.liu.se>
667 * sha3-224.c, sha3-224-meta.c: New files.
668 * sha3-384.c, sha3-384-meta.c: New files.
669 * sha3-512.c, sha3-512-meta.c: New files.
670 * sha3.h: Prototypes for sha3 with sizes 224, 384 and 512.
671 * nettle-meta.h: Declare nettle_sha3_224, nettle_sha3_384 and
673 * Makefile.in (nettle_SOURCES): Added new sha3 files.
675 * testsuite/sha3-224-test.c: New file.
676 * testsuite/sha3-384-test.c: New file.
677 * testsuite/sha3-512-test.c: New file.
678 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new sha3 test files.
680 * configure.ac: Disabled use of sha3-permute.asm.
682 2012-12-20 Niels Möller <nisse@lysator.liu.se>
685 * testsuite/des-compat-test.c (pt): Use proper prototype, use
687 * testsuite/testutils.c (test_dsa_key): Deleted spurious
690 2012-12-15 Niels Möller <nisse@lysator.liu.se>
692 Based on a patch from Alon Bar-Lev:
693 * Makefile.in (LIBTARGETS, SHLIBTARGET): Define as empty if static
694 or shared libraries, respectively, are disabled.
695 (TARGETS): Deleted @IF_SHARED@ conditional, now in the definition
699 * configure.ac: Check for ar program. New option --disable-static.
700 * config.make.in (AR): Use configured value.
702 2012-12-13 Niels Möller <nisse@lysator.liu.se>
704 * x86_64/sha3-permute.asm: Rewrote, to keep all state in
705 registers. 2400 cycles on x86_64, only slightly faster than the
708 2012-12-09 Niels Möller <nisse@lysator.liu.se>
710 * sha3-permute.c (sha3_permute): Rewrote to do permutation in
711 place. 80% speedup on x86_64, 2500 cycles.
713 2012-12-04 Niels Möller <nisse@lysator.liu.se>
715 * ctr.c (ctr_crypt): Fix bug reported by Tim Kosse. Don't
716 increment the counter when length is zero (was broken for the
719 * testsuite/ctr-test.c (test_main): Added test with zero-length
721 * testsuite/testutils.c (test_cipher_ctr): Check the ctr value
722 after encrypt and decrypt.
724 2012-12-03 Niels Möller <nisse@lysator.liu.se>
726 * sha3-permute.c (sha3_permute): Optimized, to reduce number of
727 passes over the data. 20% speedup on x86_64, 4700 cycles.
729 * configure.ac: Added sha3-permute.asm.
731 * x86_64/sha3-permute.asm: New file. 30% speedup over current C
734 * nettle.texinfo (Hash functions): Split into several sections,
735 separating recommended hash functions and legacy hash functions.
738 2012-12-02 Niels Möller <nisse@lysator.liu.se>
740 Split sha.h into new files sha1.h and sha2.h. Replaced all
741 internal usage of sha.h in all files.
742 * sha.h: Kept for compatibility, just includes both new files.
745 * Makefile.in (HEADERS): Added sha1.h and sha2.h.
747 2012-11-28 Niels Möller <nisse@lysator.liu.se>
750 * testsuite/pbkdf2-test.c (test_main): Add PBKDF2-HMAC-SHA512 test
753 2012-11-15 Niels Möller <nisse@lysator.liu.se>
755 * sha3-permute.c (sha3_permute): Use ULL suffix on round
756 constants. Avoid passing shift count 0 to ROTL64.
758 * sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
760 * macros.h (LE_READ_UINT64): New macro.
762 2012-11-13 Niels Möller <nisse@lysator.liu.se>
764 * sha3-permute.c (sha3_permute): Micro optimizations. Partial
765 unrolling. Use lookup table for the permutation. On an x86_64,
766 execution time reduced from appr. 13000 cycles to appr. 6000.
768 * examples/nettle-benchmark.c (TIME_CYCLES): New macro.
769 (bench_sha1_compress, bench_salsa20_core): Use it.
770 (bench_sha3_permute): New function.
771 (main): Call bench_sha3_permute.
773 2012-11-12 Niels Möller <nisse@lysator.liu.se>
775 * examples/nettle-benchmark.c (main): Benchmark sha3_256.
777 * sha3-permute.c: New file. Permutation function for sha3, aka
779 * sha3.h: New header file.
780 * sha3.c: New file, absorption and padding for sha3.
781 * sha3-256.c: New file.
782 * sha3-256-meta.c: New file.
783 * nettle-meta.h (nettle_sha3_256): Declare.
784 * Makefile.in (nettle_SOURCES): Added sha3 files.
785 (HEADERS): Added sha3.h.
786 * testsuite/sha3.awk: New file. Script to extract test vectors.
787 * testsuite/sha3-256-test.c: New file.
788 * testsuite/sha3-permute-test.c: New file.
789 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
790 sha3-permute-test.c and sha3-256-test.c.
791 (DISTFILES): Added sha3.awk.
792 * testsuite/.test-rules.make: Added sha3 targets.
794 * macros.h (LE_WRITE_UINT64): New macro.
795 * write-le64.c (_nettle_write_le64): New file and function.
796 * nettle-write.h (_nettle_write_le64): Declare. Also deleted
797 declaration of non-existent _nettle_write_be64.
798 * Makefile.in (nettle_SOURCES): Added write-le64.c.
800 * macros.h (ROTL64): New macro, moved from...
801 * sha512-compress.c (ROTL64): ... old location, deleted.
803 * serpent-internal.h [HAVE_NATIVE_64_BIT] (DROTL32): Renamed from...
804 (ROTL64): ... old name.
805 (DRSHIFT32): Renamed from ...
806 (RSHIFT64): ... old name.
807 * serpent-encrypt.c (LINEAR_TRANSFORMATION64): Updated for above
809 * serpent-decrypt.c (LINEAR_TRANSFORMATION64_INVERSE): Likewise.
811 2012-11-11 Niels Möller <nisse@lysator.liu.se>
813 From Nikos Mavrogiannopoulos:
814 * nettle.texinfo (Hash functions): Added documentation for
816 * examples/nettle-benchmark.c (main): Benchmark gosthash94.
818 2012-11-10 Niels Möller <nisse@lysator.liu.se>
820 * nettle.texinfo (nettle_hashes, nettle_ciphers): Use deftypevr,
821 not deftypevrx. Spotted by Nikos Mavrogiannopoulos.
823 2012-11-08 Niels Möller <nisse@lysator.liu.se>
825 Gost hash function, ported from Aleksey Kravchenko's rhash library
826 by Nikos Mavrogiannopoulos.
827 * gosthash94.c: New file.
828 * gosthash94.h: New file.
829 * gosthash94-meta.c: New file.
830 * nettle-meta.h (nettle_gosthash94): Declare.
831 * Makefile.in (nettle_SOURCES): Added gosthash94.c and
833 (HEADERS): Added gosthash94.h.
834 * testsuite/gosthash94-test.c: New file.
835 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
838 2012-10-29 Niels Möller <nisse@lysator.liu.se>
841 * configure.ac (dummy-dep-files): Avoid non-posix \|-operator in
844 2012-10-29 Niels Möller <nisse@lysator.liu.se>
846 * x86_64/salsa20-core-internal.asm: New file.
847 * configure.ac: Added salsa20-core-internal.asm.
848 * examples/nettle-benchmark.c (bench_salsa20_core): New function.
850 2012-10-27 Niels Möller <nisse@lysator.liu.se>
852 * testsuite/Makefile.in (TS_SOURCES, CXX_SOURCES): Include sources
854 (TS_CXX): Moved @IF_CXX@ conditional here.
855 (DISTFILES): Use $(SOURCES), which now includes all C source
856 files. testutils.c was lost in a the 2012-09-20 change.
858 * x86_64/salsa20-crypt.asm: Include x86_64/salsa20.m4.
859 Make all exits go via .Lend and W64_EXIT.
861 * x86_64/salsa20.m4: New file, extracted from
862 x86_64/salsa20-crypt.asm.
864 2012-10-26 Niels Möller <nisse@lysator.liu.se>
866 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LIBS): Add $(CFLAGS) on
867 the link command line. Reported by Dennis Clarke.
869 2012-10-03 Niels Möller <nisse@lysator.liu.se>
871 From: Nikos Mavrogiannopoulos:
872 * testsuite/testutils.c (test_hash): On failure, print the
873 expected and returned hash values.
875 2012-09-23 Niels Möller <nisse@lysator.liu.se>
877 * Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
879 * salsa20-core-internal.c (_salsa20_core): New file and function,
880 extracted from salsa20_crypt.
881 * salsa20.h (_salsa20_core): Declare it.
882 * salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
884 2012-09-21 Niels Möller <nisse@lysator.liu.se>
886 * pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized
889 * nettle.texinfo (Cipher functions): Stress that the salsa20 hash
890 function is not suitable as a general hash function.
892 2012-09-20 Simon Josefsson <simon@josefsson.org>
894 * pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
895 * pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
896 * Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
897 pbkdf2-hmac-sha256.c.
898 * nettle.texinfo (Key derivation functions): Improve.
899 * testsuite/pbkdf2-test.c (test_main): Test new functions.
901 2012-09-20 Niels Möller <nisse@lysator.liu.se>
903 * pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
904 * pbkdf2.h (PBKDF2): Analogous reordering.
905 * testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
907 * nettle.texinfo (Key derivation functions): Updated documented
910 * testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
913 * configure.ac: New substitution IF_CXX, replacing CXX_TESTS.
914 (dummy-dep-files): Handle .cxx files.
916 * testsuite/Makefile.in: Use IF_CXX. Include dependency file for
919 2012-09-19 Niels Möller <nisse@lysator.liu.se>
922 * examples/rsa-encrypt.c (main): Added missing mpz_clear.
923 * examples/rsa-keygen.c (main): Added missing deallocation.
925 * testsuite/meta-hash-test.c (test_main): Validate
926 NETTLE_MAX_HASH_DIGEST_SIZE.
928 * pbkdf2.h (PBKDF2): New macro.
929 * testsuite/pbkdf2-test.c: Use it.
931 2012-09-12 Simon Josefsson <simon@josefsson.org>
933 * NEWS: Mention addition of PBKDF2.
934 * pbkdf2.c (pbkdf2): New file and function.
935 * pbkdf2.h: Declare it.
936 * Makefile.in (nettle_SOURCES): Add pbkdf2.c.
937 (HEADERS): Add pbkdf2.h.
938 * nettle.texinfo (Key derivation functions): New section.
939 * testsuite/pbkdf2-test.c: New test case.
940 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
941 * testsuite/.test-rules.make (pbkdf2-test): New target.
943 2012-09-16 Niels Möller <nisse@lysator.liu.se>
945 * testsuite/: Overhaul of testsuite, affecting almost all files.
946 + Use struct tstring for allocated strings, and deallocate before
948 + Changed most test functions to take struct tstring as arguments.
949 + Made all test_main return on success.
951 * testsuite/testutils.h (struct tstring): New struct type.
952 (H2, HL, MEMEQH, SUCCESS): Deleted macros.
953 (SHEX, SDATA): New macros.
954 (H): Redefined to track storage.
956 * testsuite/testutils.c (tstring_alloc): New function.
957 (tstring_clear): New function.
958 (tstring_data): New function.
959 (tstring_hex): New function.
960 (tstring_print_hex): New function.
961 (decode_hex_length): Made static.
962 (decode_hex): Made static. No return value, abort on error.
963 (main): Expect test_main to return, and call tstring_clear before
965 (test_dsa_key): Added missing mpz_clear.
966 (test_mac): Deleted unused function.
968 * testsuite/rsa2sexp-test.c (test_main): Added missing
971 * testsuite/yarrow-test.c (open_file): Don't leak filename.
972 (test_main): fclose input file properly.
974 * testsuite/sexp-format-test.c (test_main): Added missing calls to
975 nettle_buffer_clear and mpz_clear.
977 * testsuite/serpent-test.c (tstring_hex_reverse): New function,
979 (decode_hex_reverse): ... deleted function.
980 (RHEX): New macro, replacing...
981 (RH, RHL): ... deleted macros.
983 * testsuite/rsa2sexp-test.c (test_main): Added missing
986 * testsuite/random-prime-test.c (test_main): Added missing
989 * realloc.c (nettle_realloc): Only call libc realloc if length >
990 0, otherwise call free. Fixes a small memory leak.
991 (nettle_xrealloc): Likewise.
993 * run-tests (test_program): Don't quote $EMULATOR; allow it to
994 expand to program and arguments (e.g., valgrind).
996 * tools/pkcs1-conv.c (convert_public_key): Added missing calls to
997 dsa_public_key_clear and rsa_public_key_clear.
998 (main): Added missing nettle_buffer_clear.
1000 2012-09-10 Niels Möller <nisse@lysator.liu.se>
1002 * examples/eratosthenes.c (main): Explicitly deallocate storage
1005 * examples/io.c (read_file): Explicitly treat an empty file as an
1006 error. Rearrange loop, check for short fread return value.
1008 * desdata.c: Don't declare printf, include <stdio.h> instead. Also
1009 deleted casts of printf return value.
1012 * examples/nettle-benchmark.c (die): Use PRINTF_STYLE attribute.
1013 * pgp-encode.c (pgp_put_rsa_sha1_signature): Deleted unused variable.
1014 * rsa2openpgp.c (rsa_keypair_to_openpgp): Likewise.
1015 * examples/base16enc.c (main): Deleted useless allocations.
1017 2012-09-07 Niels Möller <nisse@lysator.liu.se>
1019 * examples/nettle-benchmark.c (die): Add NORETURN attribute. Patch
1021 * tools/misc.h (die, werror): Use PRINTF_STYLE and NORETURN macros
1022 for attributes. Patch from Tim Rühsen.
1024 * examples/io.h (werror): Use PRINTF_STYLE macro.
1026 2012-08-22 Niels Möller <nisse@lysator.liu.se>
1028 From Sam Thursfield <sam.thursfield@codethink.co.uk>:
1029 * configure.ac: Make documentation optional, to avoid requiring
1030 TeX. New option --disable-documentation, and Makefile substitution
1032 * Makefile.in: Use IF_DOCUMENTATION.
1034 2012-07-12 Niels Möller <nisse@lysator.liu.se>
1036 * asm.m4 (ALIGN): Use << operator rather than **, with m4 eval.
1037 The latter is not supported by BSD m4.
1039 2012-07-07 Niels Möller <nisse@lysator.liu.se>
1041 Copyright headers: Updated FSF address. Patch from David Woodhouse.
1043 * examples/Makefile.in (BENCH_LIBS): Added -lm, needed for the
1044 ldexp function. Reported by Anthony G. Basile.
1046 * configure.ac: Changed version number to 2.6.
1048 * Released nettle-2.5.
1050 2012-07-05 Niels Möller <nisse@lysator.liu.se>
1052 * x86_64/salsa20-crypt.asm (salsa20_crypt): Write the 64-bit movq
1053 instructions as "movd", since that makes the osx assembler
1054 happier. Assembles to the same machine code on gnu/linux.
1056 2012-07-03 Niels Möller <nisse@lysator.liu.se>
1058 * aclocal.m4 (LSH_FUNC_ALLOCA): In the config.h boilerplate,
1059 include malloc.h if it exists, also when compiling with gcc.
1060 Needed for cross-compiling with --host=i586-mingw32msvc.
1062 * examples/base16dec.c: Don't #include files using <nettle/...>,
1063 we don't want to pick up installed versions. On windows, include
1064 <fcntl.h>, needed for _setmode.
1065 * examples/base16enc.c: Likewise.
1066 * examples/base64dec.c: Likewise.
1067 * examples/base64enc.c: Likewise
1069 * nettle.texinfo (Cipher functions): Document Salsa20.
1071 2012-06-25 Niels Möller <nisse@lysator.liu.se>
1073 * pkcs1.c (_pkcs1_signature_prefix): Renamed function, adding a
1074 leading underscore. Updated all callers.
1076 * bignum-next-prime.c (nettle_next_prime): Consistently use the
1077 type nettle_random_func * (rather then just nettle_random_func)
1078 when passing the function pointer as argument. Similar change for
1079 nettle_progress_func. Should have been done for the 2.0 release,
1080 but a few arguments were overlooked.
1081 * bignum-random-prime.c (_nettle_generate_pocklington_prime)
1082 (nettle_random_prime): Likewise.
1083 * bignum-random.c (nettle_mpz_random_size, nettle_mpz_random):
1085 * dsa-keygen.c (dsa_generate_keypair): Likewise.
1086 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise.
1087 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
1089 * dsa-sign.c (_dsa_sign): Likewise.
1090 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
1091 * rsa-blind.c (_rsa_blind): Likewise.
1092 * rsa-decrypt-tr.c (rsa_decrypt_tr): Likewise.
1093 * rsa-encrypt.c (rsa_encrypt): Likewise.
1094 * rsa-keygen.c (rsa_generate_keypair): Likewise.
1095 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Likewise.
1097 * cbc.c (cbc_encrypt, cbc_decrypt): Similarly, use the type
1098 nettle_crypt_func * rather than just nettle_crypt_func.
1099 * ctr.c (ctr_crypt): Likewise.
1100 * gcm.c (gcm_set_key): Likewise.
1102 * testsuite/des-compat-test.c (test_main): Disable declarations of
1103 disabled functions and variables, to avoid warnings. No verbose
1104 output unless verbose flag is set.
1106 2012-06-09 Niels Möller <nisse@lysator.liu.se>
1108 * examples/Makefile.in (SOURCES): Added base16dec.c, forgotten
1111 General pkcs1 signatures, with a "DigestInfo" input. Suggested by
1112 Nikos Mavrogiannopoulos.
1113 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
1114 rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
1116 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
1118 * pkcs1.h: Declare it.
1120 * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
1121 * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
1122 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
1123 contributed by Nikos Mavrogiannopoulos.
1124 * rsa.h: Declare new functions.
1126 * rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
1127 * rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
1128 separate file, renamed and made non-static. Moved from...
1129 * rsa-decrypt-tr.c: ... here.
1131 2012-06-03 Niels Möller <nisse@lysator.liu.se>
1133 * testsuite/pkcs1-test.c (test_main): Include leading zero in
1136 * pkcs1.c (pkcs1_signature_prefix): Return pointer to where the
1137 digest should be written. Let the size input be the key size in
1138 octets, rather then key size - 1.
1139 * pkcs1-rsa-*.c: Updated for above.
1140 * rsa-*-sign.c, rsa-*-verify.c: Pass key->size, not key->size - 1.
1142 2012-05-18 Niels Möller <nisse@lysator.liu.se>
1144 * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
1145 * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
1147 2012-05-09 Niels Möller <nisse@lysator.liu.se>
1149 * rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
1150 spotted by Nikos Mavrogiannopoulos.
1152 2012-05-07 Niels Möller <nisse@lysator.liu.se>
1154 * nettle-types.h (_STDINT_HAVE_INT_FAST32_T): Define here, to
1155 force nettle-stdint.h to not try to define the int_fast*_t types.
1156 Avoids compilation problems with gnutls on SunOS-5.8, where the
1157 definitions here collide with gnulib's.
1159 2012-04-23 Niels Möller <nisse@lysator.liu.se>
1161 * nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
1162 on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
1163 NETTLE_MAX_BIGNUM_BITS.
1165 2012-04-19 Niels Möller <nisse@lysator.liu.se>
1167 * list-obj-sizes.awk: Use decimal rather than hexadecimal output.
1168 (hex2int): Use local variables.
1170 2012-04-18 Niels Möller <nisse@lysator.liu.se>
1172 * x86_64/salsa20-crypt.asm: New file.
1174 2012-04-17 Niels Möller <nisse@lysator.liu.se>
1176 * testsuite/salsa20-test.c (test_salsa20_stream): Check that
1177 salsa20_crypt doesn't write beyond the given destination area.
1178 (test_salsa20): Likewise.
1180 * salsa20-crypt.c: Renamed file, from...
1181 * salsa20.c: ... old name.
1183 * x86_64/machine.m4 (WREG): New macro.
1185 * salsa20.c (salsa20_hash): Deleted function, inlined into
1187 (salsa20_set_key, salsa20_set_iv): Moved, to...
1188 * salsa20-set-key.c: ...new file.
1190 2012-04-15 Niels Möller <nisse@lysator.liu.se>
1192 * testsuite/salsa20-test.c (test_salsa20_stream): New function.
1193 (test_main): Tests for encrypting more than one block at a time.
1195 2012-04-14 Niels Möller <nisse@lysator.liu.se>
1197 * examples/io.c (write_file): Use write_string.
1199 * examples/Makefile.in (base64enc): New targets. Also
1200 added missing io.o dependency to several other targets.
1201 (base64dec, base16enc, base16dec): Likewise.
1203 * examples/base64enc.c: New file, based on example code
1204 contributed by Jeronimo Pellegrini.
1205 * examples/base64dec.c: Likewise.
1206 * examples/base16enc.c: Likewise.
1207 * examples/base16dec.c: Likewise.
1209 * examples/rsa-encrypt.c (process_file): Reorganized fread loop.
1210 (usage): New function.
1211 (main): Implemented --help option.
1213 * examples/rsa-decrypt.c (process_file): Improved error message
1214 for too short input file.
1216 * aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
1217 (mult, inv_mix_column): Deleted functions.
1218 (mtable): New table.
1219 (MIX_COLUMN): New macro.
1220 (aes_invert_key): Use MIX_COLUMN and mtable.
1222 * aesdata.c (compute_mtable): New table, for the inv mix column
1223 operation in aes_invert_key.
1225 2012-04-13 Niels Möller <nisse@lysator.liu.se>
1227 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.
1228 Tabulate the needed "round constants".
1229 (xtime): Deleted function.
1231 * aes-internal.h (SUBBYTE): Cast to uint32_t. Use B0, ..., B3
1234 2012-04-09 Niels Möller <nisse@lysator.liu.se>
1236 Timing resistant RSA decryption, based on RSA blinding code
1237 contributed by Nikos Mavrogiannopoulos.
1238 * rsa-decrypt-tr.c (rsa_decrypt_tr): New function.
1239 (rsa_blind): Helper function.
1240 (rsa_unblind): Helper function.
1241 * rsa.h: Declare rsa_decrypt_tr. Some cleanups, no longer include
1242 nettle-meta.h, more consistent declarations of function pointer
1244 * testsuite/rsa-encrypt-test.c (test_main): Test rsa_decrypt_tr.
1245 Check for writes past the end of the message area.
1247 * Makefile.in (hogweed_SOURCES): Added pkcs1-decrypt.c.
1248 * rsa-decrypt.c (rsa_decrypt): Use pkcs1_decrypt.
1249 * pkcs1-decrypt.c (pkcs1_decrypt): New file and function,
1250 extracted from rsa_decrypt.
1252 2012-04-01 Niels Möller <nisse@lysator.liu.se>
1254 * salsa20.c (LE_SWAP32): Typo fix for big-endian case.
1255 (QROUND): New macro.
1256 (salsa20_hash): Use it.
1258 2012-03-31 Niels Möller <nisse@lysator.liu.se>
1260 * salsa20.c: (salsa20_set_iv): Deleted size argument, only one
1262 (U8TO32_LITTLE): Deleted macro. Use LE_READ_UINT32 instead, which
1263 avoids unaligned reads.
1264 (salsa20_set_key): Rearranged slightly, to avoid unnecessary
1265 byte-to-word conversions.
1267 (LE_SWAP32): Renamed macro from...
1268 (U32TO32_LITTLE): ... old name.
1269 (U32TO8_LITTLE): Deleted macro.
1270 (salsa20_wordtobyte): Renamed function to...
1271 (salsa20_hash): ... new name. Changed output argument from byte
1272 array to word array. Use memxor3, which brings a considerable
1275 * nettle-internal.c (salsa20_set_key_hack): Updated salsa20_set_iv
1277 * testsuite/salsa20-test.c (test_salsa20): Deleted iv_length
1278 argument, updated all calls.
1280 * salsa20.h (SALSA20_BLOCK_SIZE): New constant.
1281 (_SALSA20_INPUT_LENGTH): New constant.
1282 * salsa20.c: Use these constants.
1284 * salsa20.c (ROTL32): Deleted macro, use the one from macros.h
1285 instead, with reversed order of arguments.
1286 (ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
1287 builtin operators directly.
1289 Unification of rotation macros.
1290 * macros.h (ROTL32): New macro, to replace (almost) all other
1293 * aes-set-encrypt-key.c: Include macros.h.
1294 (aes_set_encrypt_key): Use ROTL32.
1295 * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
1297 * camellia-internal.h (ROL32): Deleted macro.
1298 (ROTL128): Renamed for consistency, from...
1299 (ROL128): ... old name.
1300 * camellia-crypt-internal.c: Updated for renamed rotation macros.
1301 * camellia-set-encrypt-key.c: Likewise.
1302 * cast128.c (ROL): Deleted macro.
1303 (F1, F2, F3): Updated to use ROTL32 (reversed order of arguments).
1304 Also added proper do { ... } while (0) wrappers.
1306 * ripemd160-compress.c (ROL32): Deleted macro.
1307 (R): Updated to use ROTL32 (reversed order of arguments).
1309 * serpent-internal.h (ROL32): Deleted macro.
1310 (ROTL64): Renamed (from ROL64) and reorderd arguments, for
1312 (RSHIFT64): Reordered arguments, for consistency.
1313 * serpent-decrypt.c: Updated for renamed rotation macros, with
1314 reversed argument order.
1315 * serpent-encrypt.c: Likewise.
1316 * serpent-set-key.c: Likewise.
1318 * sha1-compress.c (ROTL): Deleted macro, use ROTL32 instead.
1320 * sha256-compress.c (ROTR): Deleted macro. Replaced by ROTL32,
1321 with complemented shift count.
1322 (SHR): Deleted macro, use plain shift operator instead.
1324 * sha512-compress.c (ROTR): Deleted macro, replaced by...
1325 (ROTL64): ...new macro, with complemented shift count
1326 (SHR): Deleted macro, use plain shift operator instead.
1327 (S0, S1, s0, s1): Updated accordingly.
1329 2012-03-30 Niels Möller <nisse@lysator.liu.se>
1331 * nettle-internal.c (nettle_salsa20): Cipher struct for
1332 benchmarking only. Sets a fix zero IV, and ignores block size.
1333 * nettle-internal.h (nettle_salsa20): Declare it.
1335 * examples/nettle-benchmark.c (block_cipher_p): New function.
1336 (time_cipher): Use block_cipher_p.
1337 (main): Include salsa20 in benchmark.
1339 * Makefile.in (soname link): Fixed logic.
1340 (nettle_SOURCES): Removed nettle-internal.c, so that it's not
1341 part of the library...
1342 (internal_SOURCES): ...and put it here.
1343 * testsuite/Makefile.in (TEST_OBJS): Added ../nettle-internal.o.
1344 * examples/Makefile.in (BENCH_OBJS): New variable, to simplify the
1345 nettle-benchmark rule. Also link with ../nettle-internal.o.
1347 2012-03-29 Niels Möller <nisse@lysator.liu.se>
1349 Implementation of Salsa20, contributed by Simon Josefsson.
1350 * salsa20.h: New file.
1351 * salsa20.c: New file.
1352 * Makefile.in (nettle_SOURCES): Added salsa20.c
1353 (HEADERS): Added salsa20.h.
1354 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added salsa20-test.c.
1355 * testsuite/salsa20-test.c: New test case.
1357 * Makefile.in (soname links): Adding missing space before ].
1359 2012-03-23 Niels Möller <nisse@lysator.liu.se>
1361 * arcfour.h (arcfour_stream): Deleted obsolete prototype.
1363 2012-03-05 Niels Möller <nisse@lysator.liu.se>
1365 * configure.ac (enable_shared): Build shared libraries by default.
1367 2012-03-04 Niels Möller <nisse@lysator.liu.se>
1369 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.4.
1370 (LIBHOGWEED_MINOR): And to 2.2.
1372 2012-02-27 Niels Möller <nisse@lysator.liu.se>
1374 * list-obj-sizes.awk: Recognize elf64 objects.
1376 * Makefile.in (.texinfo.dvi): Pass -b option to texi2dvi.
1378 * Makefile.in (TARGETS): Added twofishdata.
1379 (SOURCES): Added twofishdata.c.
1380 (twofishdata): New rule.
1382 * twofish.c (q0, q1): Made const, and reformatted to match the
1383 twofishdata program.
1385 * twofishdata.c: Resurrected old file. Used to be called
1386 generate_q.c, when the twofish code was contributed back in 1999.
1388 * nettle.texinfo: Documentation for base16 and base64 encoding.
1389 Text contributed by Jeronimo Pellegrini
1390 <pellegrini@mpcnet.com.br>, back in April 2006.
1392 2012-02-18 Niels Möller <nisse@lysator.liu.se>
1394 * run-tests, getopt.c, getopt1.c, getopt.h: These files were moved
1395 to the top-level in the conversion to an independent git
1396 repository. They used to be symlinks to lsh files, from the
1397 subdirectories which use them.
1399 * Makefile.in: Build and distribute getopt files. Distribute
1401 * examples/Makefile.in: Adapt to getopt files and the run-tests
1402 script now located in the parent directory.
1403 * testsuite/Makefile.in: Likewise.
1404 * tools/Makefile.in: Likewise.
1406 * index.html: Converted to xhtml (from lsh repository, change
1407 dated 2012-02-03). Updated git instructions.
1409 * nettle.texinfo: Updated charset declaration.
1410 * misc/plan.html: Likewise.
1412 2012-01-17 Niels Möller <nisse@lysator.liu.se>
1414 * testsuite/Makefile.in (DISTFILES): Added setup-env.
1416 * examples/rsa-decrypt.c (main): Use _setmode rather than setmode,
1417 suggested by Eli Zaretskii. Affects windows builds only.
1418 * examples/rsa-encrypt.c: Likewise.
1420 * Makefile.in ($(LIBNETTLE_FORLINK)): Always create a .lib symlink
1421 to the library file. Use LN_S.
1422 ($(LIBHOGWEED_FORLINK)): Likewise.
1424 (install-shared-nettle): Use LN_S.
1425 (install-shared-hogweed): Likewise.
1427 * configure.ac: Use AC_PROG_LN_S.
1428 * config.make.in (LN_S): New substitution.
1430 * testsuite/setup-env: New file. Wine workaround. Can't get
1431 ../.lib into wine's dll search path, so create additional
1433 * testsuite/teardown-env: ...and delete them here. Also delete
1435 * examples/setup-env: Similar links setup here.
1436 * examples/teardown-env: ... and deleted.
1438 2012-01-07 Niels Möller <nisse@lysator.liu.se>
1440 * examples/Makefile.in (check): Add ../.lib to PATH, like in
1441 testsuite/Makefile. Needed for w*ndows. Reported by Eli Zaretskii.
1443 2011-11-25 Niels Möller <nisse@lysator.liu.se>
1445 From Martin Storsjö:
1446 * x86_64/machine.m4 (W64_ENTRY, W64_EXIT): New macros for
1448 * x86_64: Updated all assembly files to use them.
1450 * configure.ac (W64_ABI): New variable, set when compiling for
1451 W64 ABI (64-bit M$ windows).
1452 * config.m4.in (W64_ABI): Define, from configure substitution.
1454 2011-11-24 Niels Möller <nisse@lysator.liu.se>
1456 From Martin Storsjö:
1457 * examples/Makefile.in (check): Pass $(EMULATOR) and $(EXEEXT) in
1458 the environment of run-tests.
1459 * examples/rsa-encrypt-test: Use $EXEEXT and $EMULATOR.
1460 * examples/rsa-sign-test: Likewise.
1461 * examples/rsa-verify-test: Likewise.
1462 * examples/setup-env: Likewise.
1464 * testsuite/Makefile.in (check): Pass $(EXEEXT) in the environment of
1466 * testsuite/pkcs1-conv-test: Use $EXEEXT and $EMULATOR. Ignore \r
1469 * examples/rsa-decrypt.c (main) [WIN32]: Set stdout/stdin to
1471 * examples/rsa-encrypt.c (main): Likewise.
1473 2011-11-24 Niels Möller <nisse@lysator.liu.se>
1475 * configure.ac (HAVE_NATIVE_64_BIT): Workaround to get it set to 1
1478 * serpent-internal.h (ROL64): Use (uint64_t) 1 rather than 1L, for
1480 (RSHIFT64): Likewise. Also added a missing parenthesis.
1482 2011-11-24 Niels Möller <nisse@lysator.liu.se>
1484 From Martin Storsjö:
1485 * testsuite/symbols-test: Use $NM, falling back to nm if undefined.
1486 * testsuite/Makefile.in (check): Pass $(NM) in the environment of
1488 * config.make.in (NM): Set NM.
1490 * testsuite/sexp-conv-test: Use $EMULATOR when running test
1491 programs. Also ignore \r for output in the non-canonical output
1493 * testsuite/Makefile.in (check): Pass $(EMULATOR) in the
1494 environment of run-tests.
1495 * configure.ac (EMULATOR): New substituted variable. Set to wine
1496 or wine64 when cross compiling for windows, otherwise empty.
1497 * config.make.in (EMULATOR): Set from autoconf value.
1499 2011-11-20 Niels Möller <nisse@lysator.liu.se>
1501 * x86/camellia-crypt-internal.asm: Take ALIGNOF_UINT64_T into
1502 account when getting the offset for the subkeys. Differs between
1503 w32 and other systems. w32 problem identified by Martin Storsjö.
1505 * config.m4.in: Define ALIGNOF_UINT64_T (from configure).
1507 * configure.ac: Check alignment of uint64_t, and also use AC_SUBST
1508 for use in config.m4.in.
1510 2011-11-19 Niels Möller <nisse@lysator.liu.se>
1512 Cygwin/mingw32 improvements contributed by Martin Storsjö:
1513 * Makefile.in (IMPLICIT_TARGETS): New variable for DLL link
1515 (clean-here): Delete the DLL import libraries.
1517 * configure.ac: Setup installation of DLL files in $bindir.
1518 (IF_DLL, LIBNETTLE_FILE_SRC, LIBHOGWEED_FILE_SRC): New
1521 * config.make.in (LIBNETTLE_FILE_SRC): Substitute new autoconf
1523 (LIBHOGWEED_FILE_SRC): Likewise.
1525 * Makefile.in (install-dll-nettle, uninstall-dll-nettle): New
1526 target for installing the DLL file in $bindir.
1527 (install-shared-nettle): Conditionally
1528 depend on install-dll-nettle. Use LIBNETTLE_FILE_SRC.
1529 (uninstall-shared-nettle): Conditionally depend on
1531 (various hogweed targets): Analogous changes.
1533 * configure.ac: Unify shared lib setup for cygwin and mingw.
1535 2011-10-31 Niels Möller <nisse@lysator.liu.se>
1537 * configure.ac (LIBHOGWEED_LIBS): Typo fix for the darwin case.
1538 Spotted by Martin Storsjö.
1540 2011-10-25 Niels Möller <nisse@lysator.liu.se>
1542 * configure.ac (LIBHOGWEED_LIBS): cygwin fix, added
1543 libnettle.dll.a. Reported by Volker Zell.
1545 2011-10-18 Niels Möller <nisse@lysator.liu.se>
1547 * configure.ac: Improved setup för darwin shared libraries.
1548 Patch contributed by Ryan Schmidt.
1550 2011-10-03 Niels Möller <nisse@lysator.liu.se>
1552 * x86_64/memxor.asm: Implemented sse2-loop. Configured at compile
1553 time, and currently disabled.
1555 * testsuite/testutils.h (ASSERT): Write message to stderr.
1557 * testsuite/memxor-test.c: Use 16-byte alignment for "fully
1560 2011-09-03 Niels Möller <nisse@lysator.liu.se>
1562 * x86/camellia-crypt-internal.asm: Use "l"-suffix on instructions
1563 more consistently. Reportedly, freebsd and netbsd systems with
1564 clang are more picky about this.
1566 * configure.ac: Changed version number to 2.5.
1568 * Released nettle-2.4.
1570 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.3.
1572 * gcm-aes.c: Include config.h.
1573 * tools/nettle-lfib-stream.c: Likewise.
1575 * ripemd160-compress.c: Added missing include of config.h. Needed
1576 for correct operation on big-endian systems.
1578 2011-09-02 Niels Möller <nisse@amfibolit.hack.org>
1580 * configure.ac: Changed version number to 2.4.
1582 * Released nettle-2.3.
1584 2011-08-30 Niels Möller <nisse@lysator.liu.se>
1586 * testsuite/hmac-test.c: Added tests for hmac-ripemd160.
1588 * hmac.h: Declare hmac-ripemd160 related functions.
1590 * Makefile.in (nettle_SOURCES): Added hmac-ripemd160.c.
1592 2011-08-30 Niels Möller <nisse@amfibolit.hack.org>
1594 * nettle.texinfo (Hash functions): Document ripemd-160.
1596 * hmac-ripemd160.c: New file.
1598 * hmac.h: Declare hmac-ripemd160 functions.
1600 2011-08-29 Niels Möller <nisse@lysator.liu.se>
1602 * sha256.c (sha256_update): Updated MD_UPDATE call for new
1604 (sha256_write_digest): Use MD_PAD rather than MD_FINAL, and insert
1605 the length manually.
1606 * sha512.c: Analogous changes.
1608 * sha1.c (COMPRESS): New macro.
1609 (sha1_update): Updated MD_UPDATE call for new conventions.
1610 (sha1_digest): Use MD_PAD rather than MD_FINAL, and insert the
1613 * ripemd160.c (ripemd160_init): Use memcpy for initializing the
1615 (COMPRESS): New macro.
1616 (ripemd160_update): Use MD_UPDATE.
1617 (ripemd160_digest): Inline ripemd160_final processing. Use MD_PAD
1618 and _nettle_write_le32.
1619 (ripemd160_final): Deleted function.
1621 * ripemd160.h (struct ripemd160_ctx): Use a 64-bit block count.
1622 Renamed digest to state.
1624 * md5.c (md5_init): Use memcpy for initializing the state vector.
1625 (COMPRESS): New macro, wrapping _nettle_md5_compress.
1626 (md5_update): Use MD_UPDATE.
1627 (md5_digest): Inline md5_final processing. Use MD_PAD and
1629 (md5_final): Deleted.
1631 * md5.h (struct md5_ctx): Renamed some fields, for consistency.
1633 * md4.h (struct md4_ctx): Renamed some fields, for consistency.
1635 * md4.c (md4_init): Use memcpy for initializing the state vector.
1636 (md4_update): Use MD_UPDATE.
1637 (md4_digest): Inline md4_final processing, using MD_PAD. Use
1639 (md4_block): Renamed, to...
1640 (md4_compress): ... new name. Take ctx pinter as argument.
1641 (md4_final): Deleted function.
1643 * md2.c (md2_update): Use MD_UPDATE.
1645 * macros.h (MD_UPDATE): Added incr argument. Invoke compression
1646 function with ctx pointer as argument, rather than ctx->state.
1647 (MD_FINAL): Just pad, don't store length field. Renamed to MD_PAD.
1648 (MD_PAD): Analogous change of compression invocations.
1650 * sha512.c: (COMPRESS): New macro wrapping _nettle_sha512_compress.
1651 (sha512_update): Use MD_UPDATE.
1652 (sha512_final): Deleted function.
1653 (sha512_write_digest): Use MD_FINAL.
1655 * sha256.c (COMPRESS): New macro wrapping _nettle_sha256_compress.
1656 (SHA256_INCR): Deleted macro.
1657 (sha256_update): Use MD_UPDATE.
1658 (sha256_final): Deleted function.
1659 (sha256_write_digest): New function, replacing sha256_final, and
1661 (sha256_digest): Use sha256_write_digest.
1662 (sha224_digest): Likewise.
1664 * tools/nettle-hash.c (list_algorithms): Fixed typo in header.
1666 * sha1.c (SHA1_DATA_LENGTH): Deleted unused macro.
1667 (sha1_init): Use memcpy to initialize the state vector.
1668 (SHA1_INCR): Deleted macro.
1669 (sha1_update): Use MD_UPDATE macro, to reduce code duplication.
1670 (sha1_digest): Use MD_FINAL macro.
1671 (sha1_final): Deleted function.
1673 * sha.h (struct sha1_ctx): Renamed attribute digest to state.
1675 * macros.h (MD_UPDATE): New macro.
1676 (MD_FINAL): New macro.
1678 2011-08-28 Niels Möller <nisse@lysator.liu.se>
1680 * ripemd160.c (ripemd160_final): Use LE_WRITE_UINT32. Deleted byte
1681 swapping at the end, leaving it to ripemd160_digest.
1682 (ripemd160_digest): Use _nettle_write_le32.
1684 * Makefile.in (nettle_SOURCES): Added write-le32.c.
1686 * md5.c (md5_digest): Use _nettle_write_le32.
1688 * write-le32.c (_nettle_write_le32): New file and function.
1690 * ripemd160-compress.c (ROL32): Renamed macro (was "rol"). Deleted
1691 x86 version using inline assembly; at least gcc-4.4.5 recognizes
1692 shift-and-or expressions which are in fact rotations.
1693 (_nettle_ripemd160_compress): Use LE_READ_UINT32.
1695 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.2.
1697 * testsuite/meta-hash-test.c: Updated for the addition of
1700 * testsuite/.test-rules.make: Added rule for ripemd160-test.
1702 * examples/nettle-benchmark.c (main): Benchmark ripemd-160.
1704 2011-08-28 Niels Möller <nisse@lysator.liu.se>
1706 RIPEMD-160 hash function. Ported from libgcrypt by Andres Mejia.
1707 * testsuite/ripemd160-test.c: New file.
1708 * ripemd160.h: New file.
1709 * nettle-meta.h: Declare nettle_ripemd160.
1710 * ripemd160.c: New file, ported from libgcrypt.
1711 * ripemd160-compress.c: Likewise.
1712 * ripemd160-meta.c: New file.
1713 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
1715 * nettle-meta-hashes.c (nettle_hashes): Added nettle_ripemd160.
1716 * Makefile.in (nettle_SOURCES): Added ripemd160.c,
1717 ripemd160-compress.c, and ripemd160-meta.c.
1718 (HEADERS): Added ripemd160.h.
1720 2011-08-10 Niels Möller <nisse@amfibolit.hack.org>
1722 * nettle.texinfo: Fixed mis-placed const in various prototypes.
1723 Spotted by Tatsuhiro Tsujikawa.
1725 2011-07-24 Niels Möller <nisse@lysator.liu.se>
1727 * Makefile.in (PKGCONFIG_FILES, pkgconfigdir): New variables.
1728 (DISTFILES): Added nettle.pc.in and hogweed.pc.in.
1729 (nettle.pc, hogweed.pc): New targets (invoking config.status).
1730 (install-pkgconfig, uninstall-pkgconfig): New targets.
1731 (install-here): Depend on install-pkgconfig.
1732 (uninstall-here): Depend on uninstall-pkgconfig.
1733 (distclean-here): Delete nettle.pc and hogweed.pc.
1735 2011-07-20 Niels Möller <nisse@lysator.liu.se>
1737 * configure.ac: Generate nettle.pc and hogweed.pc.
1739 * nettle.pc.in, hogweed.pc.in: New files.
1741 2011-07-17 Niels Möller <nisse@lysator.liu.se>
1743 * nettle-internal.h: Added missing extern declarations.
1745 2011-07-11 Niels Möller <nisse@lysator.liu.se>
1747 * configure.ac: Changed version number to 2.3.
1749 * Released nettle-2.2.
1751 * Makefile.in (DISTFILES): Distribute COPYING.LIB, not COPYING,
1753 2011-07-07 Niels Möller <nisse@lysator.liu.se>
1755 * tools/misc.h (werror): Removed incorrect noreturn attribute from
1758 * examples/io.c (read_file): Bug fix, in dependence of initial
1761 2011-07-01 Niels Möller <nisse@lysator.liu.se>
1763 * cbc.c (CBC_BUFFER_LIMIT): Reduced to 512 bytes.
1764 (cbc_decrypt): For in-place operation, use overlapping memxor3 and
1767 * ctr.c (ctr_crypt): Reorganized to call the encryption function
1768 with several blocks at a time. Handle the case of a single block
1771 * x86_64/memxor.asm: Added ALIGN for shifting loop. Deleted
1774 2011-06-30 Niels Möller <nisse@lysator.liu.se>
1776 * configure.ac: Link in serpent-decrypt.asm, if found.
1778 * x86_64/serpent-decrypt.asm: Added an SSE2 loop, doing four
1779 blocks at a time in parallel.
1781 * x86_64/serpent-encrypt.asm: Include serpent.m4. Deleted a
1784 * x86_64/serpent.m4: New file, with serpent-related macros.
1786 2011-06-29 Niels Möller <nisse@lysator.liu.se>
1788 * x86_64/serpent-decrypt.asm: Wrote main (32-bit) loop.
1789 (SBOX0I, SBOX1I, SBOX7I): Fixed bugs.
1791 * nettle.texinfo (Copyright): Updated for license change to
1792 LGPLv2+. Updated copyriight info on serpent.
1794 * NEWS: Updated information for nettle-2.2.
1796 * x86_64/serpent-decrypt.asm: New file.
1798 * x86_64/serpent-encrypt.asm: Fixed .file pseudo op.
1800 * testsuite/testutils.c (test_cipher_ctr): Display more info on
1803 * examples/nettle-benchmark.c (bench_ctr): New function.
1804 (time_cipher): Also benchmark CTR mode.
1806 * configure.ac (LIBNETTLE_MINOR): Updated library version number
1808 (LIBHOGWEED_MINOR): And to 2.1.
1810 2011-06-22 Niels Möller <nisse@lysator.liu.se>
1812 * configure.ac: Use pwd -P when examining lib directories.
1813 Link in serpent-encrypt.asm, if found.
1815 2011-06-21 Niels Möller <nisse@lysator.liu.se>
1817 * serpent-decrypt.c (SBOX3_INVERSE): Eliminated temporaries.
1818 (SBOX4_INVERSE): Likewise.
1819 (SBOX5_INVERSE): Likewise.
1820 (SBOX6_INVERSE): Likewise.
1821 (SBOX7_INVERSE): Likewise.
1822 (All SBOX_INVERSE-macros): Deleted type argument, and updated users.
1824 2011-06-20 Niels Möller <nisse@lysator.liu.se>
1826 * serpent-decrypt.c: Renamed arguments in sbox macros.
1827 (SBOX0_INVERSE): Eliminated temporaries.
1828 (SBOX1_INVERSE): Likewise.
1829 (SBOX2_INVERSE): Likewise.
1831 * x86_64/serpent-encrypt.asm: Added an SSE2 loop, doing four
1832 blocks at a time in parallel.
1834 * testsuite/serpent-test.c (test_main): Added some more multiple
1837 2011-06-15 Niels Möller <nisse@lysator.liu.se>
1839 * configure.ac (libdir): On 64-bit Linux, we used to assume that
1840 libraries are installed according to the FHS. Since at least
1841 Fedora and Gentoo follow the FHS convention, while at least Debian
1842 doesn't, we have to try to figure out which convention is used.
1844 2011-06-14 Niels Möller <nisse@lysator.liu.se>
1846 * x86_64/serpent-encrypt.asm: Slight simplification of loop logic.
1848 * x86_64/serpent-encrypt.asm: New file.
1850 2011-06-12 Niels Möller <nisse@lysator.liu.se>
1852 * testsuite/serpent-test.c (test_main): Added tests with multiple
1855 * serpent-encrypt.c (SBOX6): Renamed arguments. Eliminated
1858 (All SBOX-macros): Deleted type argument, and updated users.
1860 * configure.ac: Display summary at the end of configure..
1861 (asm_path): Set only if enable_assember is yes.
1863 2011-06-10 Niels Möller <nisse@lysator.liu.se>
1865 * serpent-encrypt.c (SBOX5): Renamed arguments. Eliminated
1868 2011-06-09 Niels Möller <nisse@lysator.liu.se>
1870 * serpent-encrypt.c (SBOX4): Renamed arguments. Eliminated
1873 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LINK): Cygwin fix, from
1876 2011-06-08 Niels Möller <nisse@lysator.liu.se>
1878 * examples/eratosthenes.c (find_first_one): Fixed c99-style
1879 declaration. Reported by Sebastian Reitenbach.
1880 (find_first_one): Declare the lookup table as static const, and
1881 use unsigned char rather than unsigned..
1883 2011-06-07 Niels Möller <nisse@lysator.liu.se>
1885 * serpent-encrypt.c (SBOX0): Renamed arguments. Eliminated
1891 2011-06-06 Niels Möller <nisse@lysator.liu.se>
1893 * Makefile.in (DISTFILES): Added serpent-internal.h.
1894 (nettle_SOURCES): Replaced serpent.c by serpent-set-key.c,
1895 serpent-encrypt.c, and serpent-decrypt.c.
1897 * serpent.c: Replaced by several new files.
1898 * serpent-set-key.c: New file.
1899 * serpent-encrypt.c: New file.
1900 * serpent-decrypt.c: New file.
1901 * serpent-internal.h: New file.
1903 * serpent.c [HAVE_NATIVE_64_BIT]: Process two blocks at a time in
1904 parallel. Measured speedup of 10%--25% (higher for encryption) on
1907 2011-06-01 Niels Möller <nisse@lysator.liu.se>
1909 * serpent.c (ROUNDS): Deleted macro.
1910 (serpent_block_t): Deleted array typedef.
1911 (KEYXOR): New macro, replacing BLOCK_XOR.
1912 (BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
1913 (LINEAR_TRANSFORMATION): Use four separate arguments.
1914 (LINEAR_TRANSFORMATION_INVERSE): Likewise.
1915 (ROUND): Take separate arguments for all input and output words.
1916 (ROUND_INVERSE): Likewise.
1917 (ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
1918 (serpent_set_key): Moved loop termination test.
1919 (serpent_encrypt): Rewrote with unrolling of just eight rounds,
1920 and without serpent_block_t.
1921 (serpent_decrypt): Likewise.
1923 * serpent.c: Added do { ... } while (0) around block macros.
1924 (serpent_key_t): Deleted array typedef.
1925 (ROL32, ROR32): Renamed macros, were rol and ror.
1926 (KS_RECURRENCE, KS): New macros.
1927 (serpent_key_pad): Renamed, from...
1928 (serpent_key_prepare): ...old name.
1929 (serpent_subkeys_generate): Deleted function.
1930 (serpent_set_key): Rewrote the generation of subkeys. Reduced both
1931 temporary storage and code size (less unrolling)
1933 2011-05-31 Niels Möller <nisse@lysator.liu.se>
1935 * testsuite/serpent-test.c (test_main): Enabled test with short,
1938 * serpent.c (byte_swap_32): Deleted macro.
1939 (serpent_key_prepare): Use LE_READ_UINT32. Don't require aligned
1940 input, and support arbitrary key sizes.
1942 2011-05-30 Simon Josefsson <simon@josefsson.org>
1944 * serpent.c: Rewrite, based on libgcrypt code. License changed
1946 * serpent_sboxes.h: Removed.
1947 * Makefile.in: Drop serpent_sboxes.h.
1949 2011-05-31 Niels Möller <nisse@lysator.liu.se>
1951 * testsuite/serpent-test.c (test_main): Added some tests for
1952 padding of keys of length which is not a multiple of four bytes.
1954 2011-05-30 Simon Josefsson <simon@josefsson.org>
1956 * testsuite/serpent-test.c (test_main): Add test vectors from
1959 2011-05-21 Niels Möller <nisse@lysator.liu.se>
1961 * dsa-keygen.c (dsa_generate_keypair): Avoid double init of mpz
1962 variable. Spotted by Nikos Mavrogiannopoulos.
1964 2011-05-06 Niels Möller <nisse@lysator.liu.se>
1966 * configure.ac: Fix link flags for shared libraries on Solaris,
1967 which needs -h to set the soname. Patch contributed by Dagobert
1970 2011-05-06 Niels Möller <nisse@lysator.liu.se>
1972 * configure.ac: New configure option --enable-gcov.
1974 * arcfour.h (arcfour_stream): Deleted obsolete define.
1976 2011-04-27 Niels Möller <nisse@lysator.liu.se>
1978 * tools/nettle-hash.c (find_algorithm): Require exact match.
1980 2011-04-15 Niels Möller <nisse@lysator.liu.se>
1982 Reverted broken byte-order change from 2001-06-17:
1983 * serpent.c (serpent_set_key): Use correct byteorder.
1984 (serpent_encrypt): Likewise.
1985 (serpent_decrypt): Likewise.
1987 * testsuite/serpent-test.c (decode_hex_reverse): New function.
1988 (RH, RHL): New macros.
1989 (test_main): Byte reverse inputs and outputs for the testvectors
1990 taken from the serpent submission package. Enable test vectors
1991 from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
1993 2011-03-23 Niels Möller <nisse@lysator.liu.se>
1995 * tools/sexp-conv.c (xalloc): Deleted function, now it's in misc.c
1998 * configure.ac: Use LSH_FUNC_STRERROR.
2000 * tools/Makefile.in (TARGETS): Added nettle-hash, and related
2002 (SOURCES): Added nettle-hash.c.
2004 * tools/misc.c (xalloc): New function.
2006 * tools/pkcs1-conv.c (main): Made the OPT_* constants local, and
2007 fixed numerical values to start with non-ASCII 0x300.
2009 * tools/nettle-hash.c: New file.
2011 2011-03-23 Niels Möller <nisse@lysator.liu.se>
2013 Contributed by Daniel Kahn Gillmor:
2014 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
2015 meta-hash-test.c, meta-cipher-test.c, and meta-armor-test.c.
2017 * testsuite/meta-hash-test.c: New file.
2018 * testsuite/meta-cipher-test.c: New file.
2019 * testsuite/meta-armor-test.c: New file.
2021 * nettle.texinfo: Document nettle_hashes and nettle_ciphers.
2023 * nettle-meta.h: Declare algorithm lists nettle_ciphers,
2024 nettle_hashes, nettle_armors.
2026 * Makefile.in (nettle_SOURCES): Added nettle-meta-hashes.c,
2027 nettle-meta-ciphers.c, and nettle-meta-armors.c.
2029 * nettle-meta-armors.c: New file.
2030 * nettle-meta-ciphers.c: New file.
2031 * nettle-meta-hashes.c: New file.
2033 2011-02-18 Niels Möller <nisse@lysator.liu.se>
2035 * arcfour.c (arcfour_stream): Deleted function. It's not very
2036 useful, and neither documented nor tested.
2038 2011-02-16 Niels Möller <nisse@lysator.liu.se>
2040 * cbc.h (CBC_ENCRYPT): Avoid using NULL; we don't ensure that it
2042 (CBC_DECRYPT): Likewise.
2044 * gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
2045 (gcm_aes_set_key): Deleted cast.
2046 (gcm_aes_encrypt): Likewise.
2047 (gcm_aes_decrypt): Likewise.
2048 (gcm_aes_digest): Likewise.
2049 (gcm_aes_update): One less argument to GCM_UPDATE.
2051 * gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
2052 compiler type checking despite this cast.
2053 (GCM_ENCRYPT): Likewise.
2054 (GCM_DECRYPT): Likewise.
2055 (GCM_DIGEST): Likewise.
2056 (GCM_SET_IV): New macro, for completeness.
2057 (GCM_UPDATE): Deleted unused argument encrypt.
2059 2011-02-14 Niels Möller <nisse@lysator.liu.se>
2061 * nettle.texinfo: Split node on cipher modes, and started on
2062 the GCM documentation.
2064 * testsuite/gcm-test.c (test_gcm_aes): Deleted function, replaced
2066 (test_main): Use test_aead.
2068 * testsuite/testutils.c (test_aead): New function, replacing
2069 test_gcm_aes and before that test_cipher_gcm.
2071 * nettle-internal.c (nettle_gcm_aes128): New const struct.
2072 (nettle_gcm_aes192): Likewise.
2073 (nettle_gcm_aes256): Likewise.
2075 * nettle-internal.h (struct nettle_aead): Tentative interface for
2076 authenticated encryption with associated data.
2078 * examples/nettle-benchmark.c (time_gcm): Renamed. Updated for
2079 gcm_aes_auth to gcm_aes_update renaming. Benchmark both encryption
2081 (time_gmac): ...old name.
2083 * nettle-internal.c (des_set_key_hack): Don't touch the bits
2084 parity, since thay are now ignored.
2085 (des3_set_key_hack): Likewise.
2087 * cast128-meta.c (nettle_cast128): Don't pass keysize.
2088 * nettle-meta.h (_NETTLE_CIPHER_FIX): Deleted keysize parameter
2089 derived from the appropriate constant instead.
2091 * testsuite/gcm-test.c (test_gcm_aes): Updated for gcm_aes_auth to
2092 gcm_aes_update renaming.
2094 2011-02-13 Niels Möller <nisse@lysator.liu.se>
2096 * gcm.h (GCM_UPDATE): Renamed, from...
2097 (GCM_AUTH): ...old name.
2099 * gcm-aes.c (gcm_aes_update): Renamed, from...
2100 (gcm_aes_auth): ...old name.
2102 * gcm.c (gcm_update): Renamed, and fixed an assert. From...
2103 (gcm_auth): ...old name.
2105 * gcm.h (GCM_TABLE_BITS): Increase table size to 8 bits,
2106 corresponding to 4 KByte of key-dependent tables.
2108 2011-02-10 Niels Möller <nisse@lysator.liu.se>
2110 * x86_64/memxor.asm: New file. Improves performance by 22% for the
2111 unaligned01 case and 35% for the unaligned12 case, benchmarked on
2114 * examples/nettle-benchmark.c (cgt_works_p): New function.
2115 (cgt_time_start): Likewise.
2116 (cgt_time_end): Likewise.
2117 (clock_time_start): Likewise.
2118 (clock_time_end): Likewise.
2119 (time_function): Read clock via function pointers time_start and
2120 time_end, so we can select method at runtime.
2121 (xalloc): Use die function.
2122 (main): Choose timing function. If available, try clock_gettime,
2123 and fall back to clock if it doesn't exist.
2125 * examples/nettle-benchmark.c (die): New function.
2126 (TIME_END, TIME_START): Check return value from clock_gettime.
2128 * gcm.h (union gcm_block): Use correct length for w array.
2130 * testsuite/gcm-test.c (test_main): Added the rest of the
2131 testcases from the spec.
2133 2011-02-09 Niels Möller <nisse@lysator.liu.se>
2135 * testsuite/gcm-test.c (test_main): Enabled testcases 5 and 6,
2136 with different IV lengths.
2138 * gcm-aes.c (gcm_aes_set_iv): Updated for gcm_set_iv change.
2140 * gcm.c (gcm_hash_sizes): New function.
2141 (gcm_set_iv): Added support for IVs of arbitrary size. Needed
2142 another argument, for the hash subkey.
2143 (gcm_digest): Use gcm_hash_sizes.
2145 * examples/nettle-benchmark.c (time_gmac): Use gcm_aes interface.
2147 * testsuite/gcm-test.c (test_gcm_aes): New function, replacing
2148 test_cipher_gcm and using the new gcm_aes interface.
2149 (test_main): Updated to use test_gcm_aes.
2150 * testsuite/testutils.c (test_cipher_gcm): Deleted function.
2152 * Makefile.in (nettle_SOURCES): Added gcm-aes.c.
2154 * gcm.c (gcm_set_key): Replaced context argument by a struct
2156 (gcm_hash): Replaced context argument by a struct gcm_key * and a
2157 pointer to the hashing state block.
2158 (gcm_auth): Added struct gcm_key * argument.
2159 (gcm_encrypt): Likewise.
2160 (gcm_decrypt): Likewise.
2161 (gcm_digest): Likewise.
2163 * gcm-aes.c: New file.
2164 (gcm_aes_set_key): New function.
2165 (gcm_aes_set_iv): Likewise.
2166 (gcm_aes_auth): Likewise.
2167 (gcm_aes_encrypt): Likewise.
2168 (gcm_aes_decrypt): Likewise.
2169 (gcm_aes_digest): Likewise.
2171 * gcm.h (struct gcm_key): Moved the key-dependent and
2172 message-independent state to its own struct.
2173 (struct gcm_ctx): ... and removed it here.
2174 (GCM_CTX): New macro.
2175 (GCM_SET_KEY): Likewise.
2176 (GCM_AUTH): Likewise.
2177 (GCM_ENCRYPT): Likewise.
2178 (GCM_DECRYPT): Likewise.
2179 (GCM_DIGEST): Likewise.
2180 (struct gcm_aes_ctx): New struct.
2182 2011-02-08 Niels Möller <nisse@lysator.liu.se>
2184 * gcm.h (struct gcm_ctx): The hash key is now always an array,
2185 named h, with array size depending on GCM_TABLE_BITS.
2186 * gcm.c (gcm_gf_shift): Added a separate result argument.
2187 (gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
2188 0. Simplified interface with just two arguments pointing to
2190 (gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
2191 (gcm_gf_shift_chunk): ... old name.
2192 (gcm_gf_mul): Renamed both table-based versions and made the
2193 argument types compatible with the bitwise gcm_gf_mul.
2194 (gcm_gf_mul_chunk): ... the old name.
2195 (gcm_set_key): Initialize the table using adds and shifts only.
2196 When GCM_TABLE_BITS > 0, this eliminates the only use of the
2197 bitwise multiplication.
2198 (gcm_hash): Simplified, now that we have the same interface for
2199 gcm_gf_mul, regardless of table size.
2201 * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
2202 (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
2203 e.g., sparc64. For both 4-bit and 8-bit tables.
2205 * gcm.c: Use the new union gcm_block for all gf operations.
2207 * gcm.h (union gcm_block): New union, used to enforce alignment.
2209 2011-02-07 Niels Möller <nisse@lysator.liu.se>
2211 * gcm.c (gcm_gf_shift_chunk) : Bug fix for little-endian 8-bit
2214 * gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
2215 (gcm_gf_add): New function, a special case of memxor. Use it for
2216 all memxor calls with word-aligned 16 byte blocks. Improves
2217 performance to 152 cycles/byte with no tables, 28 cycles per byte
2218 with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
2220 Introduced 8-bit tables. If enabled, gives gmac performance of 19
2221 cycles per byte (still on intel x86_64).
2222 * gcm.c (gcm_gf_shift_chunk): New implementation for 8-bit tables.
2223 (gcm_gf_mul_chunk): Likewise.
2224 (gcm_set_key): Generate 8-bit tables.
2226 * Makefile.in (SOURCES): Added gcmdata.c.
2228 * gcm.h (GCM_TABLE_BITS): Set to 4.
2230 2011-02-06 Niels Möller <nisse@lysator.liu.se>
2232 * Makefile.in (TARGETS): Added gcmdata.
2233 (gcmdata): New rule.
2235 Introduced 4-bit tables. Gives gmac performance of 45 cycles per
2236 byte (still on intel x86_64).
2237 * gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
2238 (gcm_rightshift): ... old name.
2239 (gcm_gf_mul): New argument for the output. Added length argument
2240 for one of the inputs (implicitly padding with zeros).
2241 (shift_table): New table (in 4-bit and 8-bit versions), generated
2243 (gcm_gf_shift_chunk): New function shifting 4 bits at
2245 (gcm_gf_mul_chunk): New function processing 4 bits at a time.
2246 (gcm_set_key): Generation of 4-bit key table.
2247 (gcm_hash): Use tables, when available.
2249 * gcmdata.c (main): New file.
2251 * gcm.c (gcm_rightshift): Moved the reduction of the shifted out
2253 (gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
2254 performance to 181 cycles/byte.
2256 * gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
2257 specification, but with separate byte and bit loops. Improves gmac
2258 performance a bit further, to 227 cycles/byte.
2260 * gcm.c (gcm_rightshift): Complete rewrite, to use word rather
2261 than byte operations. Improves gmac performance from 830 cycles /
2262 byte to (still poor) 268 cycles per byte on intel x86_64.
2264 2011-02-05 Niels Möller <nisse@lysator.liu.se>
2266 * examples/nettle-benchmark.c (time_gmac): New function.
2267 (main): Call time_gmac.
2269 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
2271 * testsuite/testutils.c (test_cipher_gcm): New function,
2272 contributed by Nikos Mavrogiannopoulos.
2274 * testsuite/gcm-test.c: New file, contributed by Nikos
2277 * Makefile.in (nettle_SOURCES): Added gcm.c.
2278 (HEADERS): Added gcm.h.
2280 * gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
2281 * gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
2283 * macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
2285 * ctr.c: Use INCREMENT macro from macros.h, deleted local version.
2287 2011-01-07 Niels Möller <nisse@lysator.liu.se>
2289 * testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
2290 where w*ndows looks for dlls.
2292 * testsuite/testutils.c (test_cipher_stream): More debug output on
2295 2010-12-14 Niels Möller <nisse@lysator.liu.se>
2297 * nettle-types.h: Deleted some unnecessary parenthesis from
2299 (nettle_realloc_func): Moved typedef here...
2300 * realloc.h: ...from here.
2302 * buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
2303 for realloc argument.
2305 2010-12-07 Niels Möller <nisse@lysator.liu.se>
2307 * nettle.texinfo (Copyright): Updated info on blowfish.
2309 2010-11-26 Niels Möller <nisse@lysator.liu.se>
2311 Reapplied optimizations (150% speedup on x86_32) and other fixes,
2312 relicensing them as LGPL.
2313 * blowfish.c (do_encrypt): Renamed, to...
2314 (encrypt): ...new name.
2315 (F): Added context argument. Shift input explicitly, instead of
2316 reading individual bytes via memory.
2317 (R): Added context argument.
2318 (encrypt): Deleted a bunch of local variables. Using the context
2319 pointer for everything should consume less registers.
2320 (decrypt): Likewise.
2321 (initial_ctx): Arrange constants into a struct, to simplify key
2323 (blowfish_set_key): Some simplification.
2325 2010-11-26 Simon Josefsson <simon@josefsson.org>
2327 * blowfish.c: New version ported from libgcrypt. License changed
2330 2010-11-25 Niels Möller <nisse@lysator.liu.se>
2332 * Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
2333 clears the execute permission bits.
2334 (install-shared-hogweed): Likewise.
2336 2010-11-16 Niels Möller <nisse@lysator.liu.se>
2338 * configure.ac: Updated gmp url.
2340 2010-11-01 Niels Möller <nisse@lysator.liu.se>
2342 * tools/misc.c (werror): Don't call exit (copy&paste-error).
2344 2010-10-26 Niels Möller <nisse@lysator.liu.se>
2346 * examples/rsa-encrypt.c (main): No extra message for bad options.
2348 * examples/rsa-keygen.c (main): Added long options. Deleted -?,
2349 and fixed handling of bad options.
2351 * examples/next-prime.c (main): Deleted -?, and fixed handling of
2353 * examples/random-prime.c (main): Likewise.
2355 2010-10-22 Niels Möller <nisse@lysator.liu.se>
2357 * examples/nettle-benchmark.c (main): Added long options. Deleted -?,
2358 and fixed handling of bad options.
2360 * examples/eratosthenes.c (main): Added long options. Deleted -?,
2361 and fixed handling of bad options. Renamed -s to -q (long option
2364 * tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
2365 and fixed handling of bad options.
2366 * tools/sexp-conv.c (parse_options): Likewise.
2368 2010-10-06 Niels Möller <nisse@lysator.liu.se>
2370 * memxor.c (memxor3): Optimized.
2371 (memxor3_common_alignment): New function.
2372 (memxor3_different_alignment_b): New function.
2373 (memxor3_different_alignment_ab): New function.
2374 (memxor3_different_alignment_all): New function.
2376 * examples/nettle-benchmark.c (time_function): Reorganized, to
2378 (time_memxor): Also benchmark memxor3.
2380 * x86_64/memxor.asm: New file.
2382 * examples/nettle-benchmark.c (overhead): New global variable.
2383 (time_function): Compensate for call overhead.
2384 (bench_nothing, time_overhead): New functions.
2385 (time_memxor): Tweaked src size, making it an integral number of
2387 (main): Call time_overhead.
2389 2010-10-01 Niels Möller <nisse@lysator.liu.se>
2391 * x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
2394 * testsuite/memxor-test.c: Also test memxor3.
2396 2010-09-30 Niels Möller <nisse@lysator.liu.se>
2398 * configure.ac: Link in memxor.asm, if found.
2400 * testsuite/testutils.c (test_cipher_cbc): Print more info when
2403 * testsuite/memxor-test.c (test_xor): Added verbose printout.
2405 * examples/nettle-benchmark.c (time_memxor): Count size of
2406 unsigned long as "block size" for memxor.
2408 2010-09-24 Niels Möller <nisse@lysator.liu.se>
2410 * testsuite/.test-rules.make: Added rule for memxor-test.
2411 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
2412 * testsuite/memxor-test.c: New file.
2414 * memxor.c (memxor_common_alignment): New function.
2415 (memxor_different_alignment): New function.
2416 (memxor): Optimized to do word-operations rather than byte
2419 * configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
2421 Partial revert of 2010-09-20 changes.
2422 * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
2423 Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
2424 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
2425 differing in where addition of the key is done.
2426 * x86/camellia-crypt-internal.asm: Moved addition of key.
2428 2010-09-22 Niels Möller <nisse@lysator.liu.se>
2430 * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
2432 (time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
2433 if available. This gives better accuracy, at least on recent
2435 (BENCH_INTERVAL): Reduced to 0.1 s.
2436 (struct bench_memxor_info): New struct.
2437 (bench_memxor): New function.
2438 (time_memxor): New function.
2439 (main): Use time_memxor. Added optional argument used to limit the
2440 algorithms being benchmarked.
2441 (GET_CYCLE_COUNTER): Define also for x86_64.
2442 (time_memxor): Improved display.
2444 * examples/Makefile.in (nettle-benchmark): Link using
2445 $(BENCH_LIBS) rather than $(LIBS).
2447 * configure.ac: Check for clock_gettime, and add -lrt to
2448 BENCH_LIBS if needed.
2450 2010-09-20 Niels Möller <nisse@lysator.liu.se>
2452 * configure.ac: Less quoting when invoking $CC, to allow CC="gcc
2455 * x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
2456 convention, moving key xor to the end.
2458 * camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
2459 (camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
2460 operations intended for moving the key xor into the middle of the
2463 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
2464 key to the end, to use a 64-bit xor operation.
2466 * x86_64/camellia-crypt-internal.asm: New file.
2468 * x86_64/machine.m4 (LREG, HREG, XREG): New macros.
2470 2010-09-17 Niels Möller <nisse@lysator.liu.se>
2472 * configure.ac: Support shared libraries (dlls) with mingw32.
2473 Contributed by David Hoyt.
2475 2010-07-25 Niels Möller <nisse@lysator.liu.se>
2477 * configure.ac: Changed version number to nettle-2.2.
2479 * Released nettle-2.1.
2481 * configure.ac: Use camellia-crypt-internal.asm, if available.
2482 Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
2485 * x86/machine.m4 (LREG, HREG): Moved macros here, from...
2486 * x86/aes.m4: ...here.
2488 * x86/camellia-crypt-internal.asm: New file.
2490 * nettle.texinfo: Updated and expanded section on DSA.
2491 Document aes_invert_key, and camellia. Added missing functions
2492 rsa_sha512_verify and rsa_sha512_verify_digest.
2494 * camellia.h (struct camellia_ctx): Eliminate the two unused
2495 subkeys, and renumber the remaining ones.
2496 * camellia-crypt-internal.c (_camellia_crypt): Updated for
2498 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
2499 * camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
2501 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
2502 the expansion of camellia_setup128 and camellia_setup256, keeping
2503 the unexpanded key in scalar variables.
2504 (camellia_setup128): Deleted.
2505 (camellia_setup256): Deleted.
2507 2010-07-24 Niels Möller <nisse@lysator.liu.se>
2509 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
2510 code size, no complete loop unroll. Use one loop for each phase of
2511 the post-processing.
2513 * testsuite/camellia-test.c: New tests for camellia_invert_key.
2514 * testsuite/aes-test.c: New tests for aes_invert_key.
2516 * aes.h (aes_invert_key): Declare it.
2518 * aes-set-decrypt-key.c (aes_invert_key): New function, key
2519 inversion code extracted from aes_set_decrypt_key.
2520 (aes_set_decrypt_key): Use aes_invert_key.
2522 * camellia-set-encrypt-key.c (camellia_setup128): Generate
2523 unmodified subkeys according to the spec. Moved clever combination
2524 of subkeys to camellia_set_encrypt_key.
2525 (camellia_setup256): Likewise.
2526 (camellia_set_encrypt_key): Moved subkey post-processing code
2527 here, and reduce code duplication between 128-bit keys and larger
2530 * camellia.c: Deleted file, split into several new files...
2531 * camellia-table.c (_camellia_table): New file with the constant
2533 * camellia-set-encrypt-key.c: New file.
2534 (camellia_setup128): Generate unmodified subkeys according to the
2535 spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
2536 (camellia_setup256): Likewise.
2538 * camellia-set-decrypt-key.c: New file.
2539 (camellia_invert_key): Key inversion function.
2540 (camellia_set_decrypt_key): New key setup function.
2541 * camellia-internal.h: New file.
2542 * camellia-crypt.c (camellia_crypt): New file, new wrapper
2543 function passing the sbox table to _camellia_crypt.
2544 * camellia-crypt-internal.c (_camellia_crypt): New file, with main
2545 encrypt/decrypt function.
2546 * Makefile.in (nettle_SOURCES): Updated list of camellia source files.
2547 (DISTFILES): Added camellia-internal.h.
2549 2010-07-20 Niels Möller <nisse@lysator.liu.se>
2551 * camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
2553 * camellia.h (struct camellia_ctx): Replaced flag camellia128 by
2554 expanded key length nkeys.
2556 * camellia.c (camellia_set_encrypt_key): Renamed, from...
2557 (camellia_set_key): ... old name.
2558 (camellia_invert_key): New function.
2559 (camellia_set_decrypt_key): New function, using
2560 camellia_invert_key.
2561 (camellia_crypt): Renamed, from...
2562 (camellia_encrypt): ... old name.
2563 (camellia_decrypt): Deleted, no longer needed. camellia_crypt used
2564 for both encryption and decryption.
2566 * nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
2568 * dsa-keygen.c: Removed unnecessary include of memxor.h.
2570 * camellia.c: Rewrote to use 64-bit type for subkeys and use
2571 64-bit operations throughout. Performance on x86_32, when compiled
2572 with gcc-4.4.4, is reduced by roughly 15%, this should be fixed
2575 * camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
2577 2010-07-07 Niels Möller <nisse@lysator.liu.se>
2579 * aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
2580 Also updated implementation.
2581 * blowfish.h (blowfish_encrypt, blowfish_decrypt): Likewise.
2582 * cast128.h (cast128_encrypt, cast128_decrypt): Likewise.
2583 * serpent.h (serpent_encrypt, serpent_decrypt): Likewise.
2584 * twofish.h (twofish_encrypt, twofish_decrypt): Likewise.
2586 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
2589 * examples/nettle-benchmark.c: Added camellia ciphers.
2591 * Makefile.in (nettle_SOURCES): Added camellia.c and
2593 (HEADERS): Added camellia.h.
2595 * nettle-meta.h (nettle_camellia128): Declare.
2596 (nettle_camellia192): Likewise.
2597 (nettle_camellia256): Likewise.
2599 * camellia-meta.c: New file.
2601 * camellia.h: Rewrote interface to match nettle conventions.
2603 * camellia.c: Converted to nettle conventions.
2604 (camellia_encrypt128, camellia_encrypt256): Unified to new
2606 (camellia_encrypt): ...New function, with a loop doing 6
2607 regular rounds, one FL round and one FLINV round per iteration,
2608 with iteration count depending on the key size.
2610 (camellia_decrypt128, camellia_decrypt256): Similarly unified
2612 (camellia_decrypt): ...New function, analogous to
2615 2010-07-06 Niels Möller <nisse@lysator.liu.se>
2617 * camellia.c, camellia.h: New files, copied from
2618 http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
2620 * testsuite/camellia-test.c: New file.
2622 2010-07-05 Niels Möller <nisse@lysator.liu.se>
2624 * nettle.texinfo: Document new conventions for weak key and des
2625 parity checks. Document des_check_parity.
2627 * testsuite/des-test.c (test_weak): Don't check the deleted status
2630 * des-compat.c (des_key_sched): Rewrote error checking logic for
2631 the case of non-zero des_check_key.
2633 * des3.c (des3_set_key): Changed weak key detection logic.
2634 Complete key setup also for weak keys, and don't set the status
2637 * des.c (des_set_key): New iteration logic, to keep key pointer
2638 unchanged. Moved weak key check to the end, and don't set the
2640 (des_encrypt): Ignore status attribute.
2641 (des_decrypt): Likewise.
2643 * des.h (enum des_error): Deleted.
2644 (struct des_ctx): Deleted status attribute.
2645 (struct des3_ctx): Likewise.
2647 * blowfish.c (initial_ctx): Deleted status value.
2648 (blowfish_encrypt): Ignore status attribute.
2649 (blowfish_decrypt): Likewise.
2650 (blowfish_set_key): Return result from weak key check, without
2651 setting the status attribute.
2653 * blowfish.h (enum blowfish_error): Deleted.
2654 (struct blowfish_ctx): Deleted status attribute.
2656 * Makefile.in (des_headers): Deleted parity.h.
2658 2010-06-30 Niels Möller <nisse@lysator.liu.se>
2660 * testsuite/des-test.c (test_des): New function.
2661 (test_weak): New function.
2662 (test_main): Use test_des and test_weak. Added tests for all the
2663 weak keys. Added some tests with invalid (to be ignored) parity
2666 * des.c (parity_16): New smaller parity table.
2667 (des_check_parity): New function.
2668 (des_fix_parity): Use parity_16.
2669 (des_weak_p): New weak-key detection. Ignores parity bits, and
2671 (des_set_key): Deleted parity checking code. Replaced old weak-key
2672 detection code by a call to des_weak_p.
2674 2010-06-04 Niels Möller <nisse@lysator.liu.se>
2676 * testsuite/testutils.c (test_dsa_key): Updated for new name
2677 DSA_SHA1_MIN_P_BITS.
2679 * dsa-keygen.c (dsa_generate_keypair): Use DSA_SHA1_MIN_P_BITS and
2680 DSA_SHA256_MIN_P_BITS.
2682 * dsa.h (DSA_MIN_P_BITS, DSA_Q_OCTETS, DSA_Q_BITS): Renamed to...
2683 (DSA_SHA1_MIN_P_BITS, DSA_SHA1_Q_OCTETS, DSA_SHA1_Q_BITS): New
2686 * sexp2dsa.c (dsa_keypair_from_sexp_alist): New argument q_bits.
2687 Renamed parameter limit to p_max_bits.
2688 (dsa_sha1_keypair_from_sexp): Renamed, was dsa_keypair_from_sexp.
2689 Updated to call dsa_keypair_from_sexp_alist with the new argument.
2690 (dsa_sha256_keypair_from_sexp): New function.
2691 (dsa_signature_from_sexp): New argument q_bits.
2693 * der2dsa.c (dsa_params_from_der_iterator): Enforce 160-bit limit
2694 on q. Renamed parameter limit to p_max_bits.
2695 (dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
2696 on q and x. Renamed parameter limit to p_max_bits.
2698 2010-06-03 Niels Möller <nisse@lysator.liu.se>
2700 * testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
2702 2010-06-02 Niels Möller <nisse@lysator.liu.se>
2704 * testsuite/dsa-test.c (test_main): Provide expected value of the
2707 * testsuite/testutils.c (test_dsa160): Added argument for expected
2709 (test_dsa256): Likewise.
2711 2010-06-01 Niels Möller <nisse@lysator.liu.se>
2713 * testsuite/rsa-keygen-test.c (test_main): Updated expected
2716 * examples/random-prime.c (main): Updated for nettle_random_prime
2718 * testsuite/random-prime-test.c (test_main): Likewise.
2720 * rsa-keygen.c (bignum_random_prime): Deleted function.
2721 (rsa_generate_keypair): Use new nettle_random_prime. Generate
2722 secret factors p and q with the two most significant bits set.
2724 * dsa-keygen.c (dsa_generate_keypair): Updated for changes in
2725 nettle_random_prime and _nettle_generate_pocklington_prime. Invoke
2728 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
2729 argument top_bits_set, to optionally generate primes with the two
2730 most significant bits set. Reordered argument list.
2731 (nettle_random_prime): Likewise, added top_bits_set argument.
2732 Invoke progress callback when a prime is generated.
2734 2010-05-26 Niels Möller <nisse@lysator.liu.se>
2736 * dsa-keygen.c (dsa_generate_keypair): Use
2737 _nettle_generate_pocklington_prime. Deleted old key generation
2740 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Also
2741 return the used r. Updated caller.
2743 * examples/random-prime.c (main): Allow sizes down to 3 bits.
2745 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
2746 function. Rely on mpz_probab_prime_p (for lack of a trial division
2747 function) for trial division.
2748 (nettle_random_prime): Rewritten. Uses the prime table for the
2749 smallest sizes, then trial division using a new set of tables, and
2750 then Maurer's algorithm, calling the new
2751 _nettle_generate_pocklington_prime for the final search.
2753 2010-05-25 Niels Möller <nisse@lysator.liu.se>
2755 * testsuite/dsa-test.c (test_main): Updated for dsa testing
2758 * testsuite/dsa-keygen-test.c (test_main): Test dsa256.
2760 * testsuite/testutils.h (struct nettle_mac): New struct, currently
2763 * testsuite/testutils.c (test_mac): New function (currently not
2765 (test_dsa): Replaced by two new functions...
2766 (test_dsa160): New function.
2767 (test_dsa256): New function.
2768 (test_dsa_key): New argument q_size.
2769 (DSA_VERIFY): Generalized.
2771 * dsa-keygen.c (dsa_generate_keypair): Rewritten, now generating
2772 primes using Pocklington's theorem. Takes both p_size and q_size
2775 2010-05-20 Niels Möller <nisse@lysator.liu.se>
2777 * bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
2778 logic when Miller-rabin succeeds early.
2780 2010-04-09 Niels Möller <nisse@lysator.liu.se>
2782 * bignum-next-prime.c: Include stdlib.h, needed for alloca on
2786 * examples/Makefile.in (SOURCES): Added random-prime.c.
2788 * examples/random-prime.c: New program.
2790 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved
2791 knuth-lfib-test.c, cbc-test.c, ctr-test.c, hmac-test.c here, from
2793 (TS_HOGWEED_SOURCES): Added random-prime-test.c.
2795 * testsuite/random-prime-test.c: New test case.
2797 * examples/next-prime.c (main): With no command line arguments.
2798 exit after dislaying usage message.
2800 * examples/io.c (simple_random): Free buffer when done.
2802 * configure.ac: Changed message, say CC is the recommended
2803 way to configure the ABI.
2805 * bignum-random.c: Deleted test of HAVE_LIBGMP.
2806 * bignum.c: Likewise.
2807 * sexp2bignum.c: Likewise.
2809 * Makefile.in (hogweed_SOURCES): Added bignum-random-prime.c.
2811 * bignum-random-prime.c (nettle_random_prime): New file, new
2814 2010-03-31 Niels Möller <nisse@lysator.liu.se>
2816 * examples/nettle-benchmark.c (main): Benchmark sha224.
2818 2010-03-30 Niels Möller <nisse@lysator.liu.se>
2820 * testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
2822 (test_dsa): Check return value from dsa_sha1_sign.
2824 * Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
2825 dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
2827 * dsa.h: Updated and added dsa declarations.
2829 * dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
2831 (dsa_sha256_verify): New function.
2832 * dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
2834 (dsa_sha256_sign): New function.
2836 * dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
2837 renamed function, from dsa_verify_digest, rewrote to use
2839 (dsa_sha1_verify): Analogous change, renamed from dsa_verify.
2840 * dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
2841 renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
2842 and added return value.
2843 (dsa_sha1_sign): Analogous change, renamed from dsa_sign.
2845 * dsa-verify.c (_dsa_verify): New general verification function,
2847 * dsa-sign.c (_dsa_sign): New general signing function, for any
2848 hash. Returns success code, like the rsa signture functions.
2850 2010-03-29 Niels Möller <nisse@lysator.liu.se>
2852 * configure.ac (ABI): Attempt to use a better, ABI-dependant,
2853 default value for libdir.
2855 * x86/md5-compress.asm: Fixed function name in epilogue.
2857 * asm.m4 (EPILOGUE): Use . to refer to current address.
2859 * configure.ac (ABI): Detect which ABI the compiler is using.
2860 On x86_64, also check for __arch64__.
2862 2010-03-28 Niels Möller <nisse@lysator.liu.se>
2864 * configure.ac (asm_path): For x86_64, check if compiler is
2865 generating 32-bit code.
2867 2010-03-27 Niels Möller <nisse@lysator.liu.se>
2869 * testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
2870 HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
2873 * Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
2876 * hmac.h: Added declarations of hmac-sha224 and hmac-sha384.
2878 * hmac-sha224.c: New file.
2880 2010-03-26 Niels Möller <nisse@lysator.liu.se>
2882 * testsuite/hmac-test.c (HMAC_TEST): New macro.
2883 (test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
2884 test vectors from Daniel Kahn Gillmor.
2886 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.
2888 * Makefile.in (nettle_SOURCES): Added sha224-meta.c and
2890 (DISTFILES): Added nettle-write.h.
2892 * sha.h: Added declarations for sha224. Some are aliases for the
2893 corresponding sha256 definition.
2895 * sha256.c (sha256_digest): Use _nettle_write_be32.
2896 (sha224_init): New function.
2897 (sha224_digest): New function.
2899 * sha1.c (sha1_digest): Use _nettle_write_be32.
2901 * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
2902 (NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
2905 * nettle-write.h: New file.
2907 * write-be32.c (_nettle_write_be32): New file, new function.
2909 * sha224-meta.c: New file.
2911 2010-03-25 Niels Möller <nisse@lysator.liu.se>
2913 * hmac-sha384.c: New file.
2915 * testsuite/sha224-test.c: New file.
2917 * testsuite/md4-test.c (test_main): More test vectors, provided by
2918 Daniel Kahn Gillmor.
2919 * testsuite/md5-test.c (test_main): Likewise.
2920 * testsuite/sha1-test.c (test_main): Likewise.
2921 * testsuite/sha256-test.c (test_main): Likewise.
2922 * testsuite/sha384-test.c (test_main): Likewise.
2923 * testsuite/sha512-test.c (test_main): Likewise.
2925 * configure.ac: Bumped version numbers. Package version
2926 nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.
2928 * examples/nettle-benchmark.c (main): Benchmark sha384.
2930 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.
2932 * testsuite/sha384-test.c: New file.
2934 * Makefile.in (nettle_SOURCES): Added sha384-meta.c.
2936 * sha384-meta.c: New file.
2938 * sha.h: Added declarations for sha384. Some are aliases for the
2939 corresponding sha512 definition.
2941 * sha512.c (sha512_write_digest): New function.
2942 (sha512_digest): Use it.
2943 (sha384_init): New function.
2944 (sha384_digest): New function.
2946 2010-03-24 Niels Möller <nisse@lysator.liu.se>
2948 * sha512.c: (sha512_digest): Simplified handling of any final
2949 partial word of the digest.
2951 * sha512.c: Reorganized to use _nettle_sha512_compress.
2953 * sha512-compress.c (_nettle_sha512_compress): Compression
2954 function extracted from sha512.c to a new file.
2956 * Makefile.in (nettle_SOURCES): Added sha256-compress.c and
2959 * sha256.c: Reorganized to use _nettle_sha256_compress.
2961 * sha256-compress.c (_nettle_sha256_compress): Compression
2962 function extracted from sha256.c to a new file.
2964 * examples/nettle-benchmark.c (main): Benchmark sha512.
2966 * rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
2967 is less than bit size of n, and check for the unlikely case p = q.
2969 * rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
2970 correspond to pkcs#1 encryption of single byte messagees.
2972 * pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
2974 * rsa-compat.c (R_SignFinal): Likewise.
2976 * rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
2977 from pkcs1_rsa_md5_encode.
2978 (rsa_md5_sign_digest): Check and propagate return value from
2979 pkcs1_rsa_md5_encode_digest.
2980 * rsa-md5-verify.c (rsa_md5_verify): Check return value from
2981 pkcs1_rsa_md5_encode.
2982 (rsa_md5_verify_digest): Check return value from
2983 pkcs1_rsa_md5_encode_digest.
2984 * rsa-sha1-sign.c: Analogous changes.
2985 * rsa-sha1-verify.c: Analogous changes.
2986 * rsa-sha256-sign.c: Analogous changes.
2987 * rsa-sha256-verify.c: Analogous changes.
2988 * rsa-sha512-sign.c: Analogous changes.
2989 * rsa-sha512-verify.c: Analogous changes.
2991 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
2992 (pkcs1_rsa_md5_encode_digest): Added return value. Check and
2993 propagate return value from pkcs1_signature_prefix.
2994 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
2995 (pkcs1_rsa_sha256_encode_digest): Likewise.
2996 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
2997 (pkcs1_rsa_sha1_encode_digest): Likewise.
2998 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
2999 (pkcs1_rsa_sha512_encode_digest): Likewise.
3001 * pkcs1.c (pkcs1_signature_prefix): Interface change, take both
3002 the total size and digest size as arguments, and return a status
3003 code to say if the size was large enough.
3005 * testsuite/Makefile.in: Added hogweed dependency for the test
3008 2010-03-23 Niels Möller <nisse@lysator.liu.se>
3010 * testsuite/rsa-test.c (test_main): Test signing with sha512.
3012 * testsuite/testutils.c (test_rsa_sha512): New function.
3014 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
3015 rsa-sha512-sign.c and rsa-sha512-verify.c.
3017 * rsa.h: Added prototypes for sha512-related functions.
3018 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
3019 * pkcs1.h: Added prototypes for sha512-related functions.
3021 * rsa-sha512-verify.c: New file.
3022 * rsa-sha512-sign.c: New file.
3023 * pkcs1-rsa-sha512.c: New file.
3025 2010-03-22 Niels Möller <nisse@lysator.liu.se>
3027 * Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
3029 * testsuite/hmac-test.c (test_main): Added test cases for
3032 * hmac.h: Declare functions sha512-related functions.
3033 * hmac-sha512.c (hmac_sha512_set_key): New file.
3035 Basic sha512 support.
3036 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
3037 * testsuite/sha512-test.c: New file.
3039 * macros.h (READ_UINT64, WRITE_UINT64): New macros.
3041 * Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
3042 * sha.h: Added sha512-related declarations.
3043 * nettle-meta.h: Likewise.
3044 * sha512-meta.c: New file.
3045 * sha512.c: New file.
3047 2010-03-06 Niels Möller <nisse@lysator.liu.se>
3049 * Makefile.in (distdir): Include x86_64 assembler files.
3051 2010-01-20 Niels Möller <nisse@lysator.liu.se>
3053 * configure.ac: Check for mpz_powm_sec.
3055 2010-01-13 Niels Möller <nisse@lysator.liu.se>
3057 * Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
3058 $(LIBNETTLE_FORLINK).
3060 * configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
3061 default case. Follows debian, and also makes dlopen of
3062 libhogweed.so work, without having to use RTLD_GLOBAL.
3063 (LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
3065 2009-10-21 Niels Möller <nisse@lysator.liu.se>
3067 * tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
3070 2009-10-19 Niels Möller <nisse@lysator.liu.se>
3072 * tools/pkcs1-conv.c: Updated for dsa/der interface change.
3074 * der2dsa.c (dsa_public_key_from_der_iterators): Split into two
3076 (dsa_params_from_der_iterator): New function.
3077 (dsa_public_key_from_der_iterator): New function.
3078 (dsa_openssl_private_key_from_der_iterator): Renamed, was
3079 dsa_private_key_from_der_iterator.
3080 (dsa_openssl_private_key_from_der): Likewise.
3081 * dsa.h: Corresponding changees to prototypes and #defines.
3083 2009-10-12 Niels Möller <nisse@lysator.liu.se>
3085 * sexp-format.c: Removed conditioning on HAVE_LIBGMP.
3087 * tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
3090 * Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.
3092 * der2dsa.c: New file, contributed by Magnus Holmgren.
3093 * dsa2sexp.c: Likewise.
3094 * dsa.h: Added prototypes.
3096 * configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
3097 version, now it's 1.1.
3099 * testsuite/rsa2sexp-test.c (test_main): Updated testcase for
3102 2009-10-11 Niels Möller <nisse@lysator.liu.se>
3104 * rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
3107 2009-09-20 Niels Möller <nisse@lysator.liu.se>
3109 * x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
3110 by letting loopmix scramble the instruction order.
3112 2009-09-15 Niels Möller <nisse@lysator.liu.se>
3114 * x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
3115 improvement to ROUND_F1_NOEXP. Slight reduction of
3118 2009-08-25 Niels Möller <nisse@lysator.liu.se>
3120 * x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
3122 * examples/nettle-benchmark.c (bench_sha1_compress): New function,
3123 for precise benchmarking of the compression function.
3125 2009-06-08 Niels Möller <nisse@lysator.liu.se>
3127 * Released nettle-2.0.
3129 2009-06-04 Niels Möller <nisse@lysator.liu.se>
3131 * configure.ac: Set version to 2.0
3133 2009-05-30 Niels Möller <nisse@lysator.liu.se>
3135 * Makefile.in (.texinfo.info): Don't use a temporary output file
3136 $@T, trust makeinfo to remove output file on errors.
3138 2009-05-19 Niels Möller <nisse@lysator.liu.se>
3140 * nettle.texinfo: Changed license to public domain.
3142 2009-05-11 Niels Möller <nisse@lysator.liu.se>
3144 * nettle.texinfo: Fixes from Karl Berry. Added some more index
3147 2009-03-06 Niels Möller <nisse@lysator.liu.se>
3149 * x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
3151 * x86_64/aes-decrypt-internal.asm: Likewise.
3153 * x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
3154 (AES_STORE): Reduced offsets.
3155 (AES_ROUND): Use HREG directly, not MOVE_HREG.
3157 * x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
3158 Put SA--SD in %eax--%edx, so the second byte can be accessed as
3159 %ah-%dh. TD is not needed, SD can be reused. Use the register that
3160 is saved for the outer loop counter, getting it off the stack.
3161 * x86_64/aes-encrypt-internal.asm: Likewise.
3163 * x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
3164 (XREG): Fixed bug in handling of %r8 and %r9.
3165 (AES_ROUND): Use MOVE_HREG.
3167 2009-02-10 Niels Möller <nisse@lysator.liu.se>
3169 * base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
3172 * testsuite/sexp-conv-test: Updated testcases for improved
3173 handling of comments.
3175 * tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
3176 to terminate comments, and modify indentation for the case that a
3177 list starts with a comment.
3179 * tools/output.c (sexp_output_init): Initialize soft_newline.
3180 (sexp_put_raw_char): Clear soft_newline.
3181 (sexp_put_newline): Check and reset soft_newline.
3182 (sexp_put_soft_newline): New function.
3184 * tools/output.h (struct sexp_output): Removed union with single
3185 element, and updated all users. New attribute soft_newline.
3187 2008-12-22 Niels Möller <nisse@lysator.liu.se>
3189 * Makefile.in ($(des_headers)): Create files in $(srcdir).
3191 2008-11-28 Niels Möller <nisse@lysator.liu.se>
3193 * testsuite/cxx-test.cxx: Include <cstdio>.
3195 2008-11-22 Niels Möller <nisse@lysator.liu.se>
3197 * yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
3198 that it is set if and only if the aes context has been initialized
3199 with aes_set_encrypt_key.
3200 (yarrow256_seed): No need to set ctx->seeded here.
3201 (yarrow256_update): Likewise.
3203 2008-11-04 Niels Möller <nisse@lysator.liu.se>
3205 * examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
3206 compatible with gmp-3.1.
3208 2008-11-01 Niels Möller <nisse@lysator.liu.se>
3210 * nettle.texinfo: Updated for 2.0. New section on linking.
3212 * nettle-types.h, nettle-meta.h: Moved all typedefs for function
3213 types to nettle-types.h. Use non-pointer types, so that the types
3214 can be used to declare functions. Updated all users.
3216 2008-10-31 Niels Möller <nisse@lysator.liu.se>
3218 * testsuite/yarrow-test.c (test_main): Updated for seed file
3221 * sha-example.c (display_hex): Use %02x, not %2x.
3223 2008-10-30 Niels Möller <nisse@lysator.liu.se>
3225 * tools/sexp-conv.c (main): Fixed file locking.
3227 2008-10-25 Niels Möller <nisse@lysator.liu.se>
3229 * configure.ac: Set version to 2.0rc1.
3231 * examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
3234 2008-10-24 Niels Möller <nisse@lysator.liu.se>
3236 * sha256.c (ROUND): Simplified macro.
3238 * yarrow256.c (yarrow256_fast_reseed): Renamed (was
3239 yarrow_fast_reseed) and made non-static. Don't generate seed file
3240 here, let the application use yarrow256_random instead.
3241 (yarrow256_slow_reseed): Renamed (was yarrow_slow_reseed) and made
3243 (yarrow256_force_reseed): Deleted function, use
3244 yarrow256_slow_reseed instead. For backwards compatibility,
3245 yarrow.h defines yarrow256_force_reseed as an alias for that
3248 * yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.
3250 2008-09-17 Niels Möller <nisse@lysator.liu.se>
3252 * x86/arcfour-crypt.asm: Improved loop logic, and unrolled
3253 loop twice. Gave a modest speedup.
3255 2008-09-15 Niels Möller <nisse@lysator.liu.se>
3257 * yarrow256.c (yarrow256_seed): Disallow length == 0.
3259 * base64-decode.c (decode_table): Added vertical tab (VT) and form
3260 feed (FF) as white space characters.
3262 * x86_64/aes-decrypt-internal.asm: New file.
3264 2008-09-13 Niels Möller <nisse@lysator.liu.se>
3266 * x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
3267 loop with movl. Eliminated redundant movl.
3268 * x86/aes-decrypt-internal.asm: Likewise.
3270 * x86_64/aes.m4: New file.
3272 * x86/aes-encrypt-internal.asm: Updated for AES_FINAL_ROUND. Only
3273 three times through the substitution loop.
3274 * x86/aes-decrypt-internal.asm: Likewise.
3275 * x86_64/aes-encrypt-internal.asm: Likewise.
3277 * x86/aes.m4 (AES_FINAL_ROUND): Do the substitution on the least
3278 significant byte here.
3280 * x86/aes-encrypt-internal.asm: Updated use of AES_SUBST_BYTE. USe
3281 decl for outer loop.
3282 * x86/aes-decrypt-internal.asm: Likewise.
3284 * x86/aes.m4 (LREG, HREG): New macros.
3285 (AES_SUBST_BYTE): Take state registers as argument. Use LREG to
3286 get the corresponding byte register.
3287 (AES_ROUND): Use movzbl together with LREG and HREG.
3288 (AES_SUBST_BYTE): Likewise.
3290 2008-09-10 Niels Möller <nisse@lysator.liu.se>
3292 * x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
3293 which must be preserved.
3295 2008-09-08 Niels Möller <nisse@lysator.liu.se>
3297 * Makefile.in (stamp-h.in): Use $(AUTOHEADER).
3299 * x86_64/sha1-compress.asm: New x86_64 assembler, based on the x86
3302 * configure.ac (asm_path): Set up asm_path for x86_64.
3304 * x86_64/machine.m4: New file, new directory.
3306 2008-08-28 Niels Möller <nisse@lysator.liu.se>
3308 * examples/eratosthenes.c (main): Rewrote block-wise sieving to
3309 use less memory. New options -s and -v.
3311 2008-08-27 Niels Möller <nisse@lysator.liu.se>
3313 * testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
3314 Updated testcases with comments; comments are now preserved.
3316 * tools/sexp-conv.c (sexp_convert_item): Keep comments in advanced
3318 (parse_options): New --lock option.
3319 (main): Optionally lock output file.
3321 * tools/parse.c (sexp_check_token): Removed check for "any" token.
3322 All callers specify the token they expect.
3323 (sexp_parse): Pass on comment tokens.
3325 * tools/output.c (sexp_put_data): Made non-static.
3327 * tools/input.c (sexp_get_comment): New function.
3328 (sexp_get_token): Use sexp_get_comment.
3330 * tools/misc.h (enum sexp_token): Start enumeration with zero, zero
3331 is no longer used to mean any type. New type SEXP_COMMENT.
3333 * configure.ac: Check for fcntl file locking.
3335 2008-08-26 Niels Möller <nisse@lysator.liu.se>
3337 * Makefile.in (tags-here): Put TAGS file in the source directory.
3338 * examples/Makefile.in (tags): Likewise.
3339 * testsuite/Makefile.in (tags): Likewise.
3340 * tools/Makefile.in (tags): Likewise.
3342 2008-02-29 Niels Möller <nisse@lysator.liu.se>
3344 * examples/Makefile.in (SOURCES): Added next-prime.c.
3346 2008-01-05 Niels Möller <nisse@lysator.liu.se>
3348 * examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
3349 (next-prime, eratosthenes): New rules.
3350 (nettle-benchmark): Don't rely on $@.
3352 * examples/eratosthenes.c (find_first_one): Optimized, using
3353 slightly larger table.
3354 (main): Use atol, rather than atoi.
3356 * testsuite/symbols-test: Check symbols also in libhogweed.
3358 * examples/next-prime.c: New file.
3359 Deleted code for detailed timing.
3361 * Makefile.in (hogweed_SOURCES): Added bignum-next-prime.c.
3362 (DISTFILES): Added prime-list.h.
3363 (hogweed_OBJS): Removed $(LIBOBJS).
3365 * bignum-next-prime.c (nettle_next_prime): Renamed function, for
3366 name space reasons. Was bignum_next_prime. Updated call in
3368 (primes): Use prime-list.h.
3369 (nettle_next_prime): Skip Fermat test. Use mpz_millerrabin
3370 directly, rather than mpz_probab_prime_p, when the former is
3373 * bignum.h (nettle_next_prime): New prototype.
3375 * rsa-keygen.c (bignum_next_prime): Deleted, moved to
3376 bignum-next-prime.c. Call with a larger prime limit, this improves
3377 the running time of lsh-keygen by roughly 25%.
3379 * prime-list.h: List of odd primes < 2^16.
3381 * configure.ac: Check for sizeof(long).
3383 2008-01-03 Niels Möller <nisse@lysator.liu.se>
3385 * examples/nettle-benchmark.c (main): Removed incorrect UNUSED
3388 * bignum-next-prime.c: Moved the bignum_next_prime function to a
3391 2007-09-08 Niels Möller <nisse@lysator.liu.se>
3393 * sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
3394 include file was renamed from "sparc" to "sparc32". Updated include.
3395 * sparc64/aes-decrypt-internal.asm: Likewise.
3396 * sparc32/aes-encrypt-internal.asm: Likewise.
3397 * sparc32/aes-decrypt-internal.asm: Likewise.
3399 2007-09-07 Niels Möller <nisse@lysator.liu.se>
3401 * examples/read_rsa_key.c: Include stdlib.h.
3403 2007-06-02 Niels Möller <nisse@lysator.liu.se>
3405 * Makefile.in: Typo fixes to install targets, spotted by Magnus
3408 2007-05-14 Niels Möller <niels@s3.kth.se>
3410 * configure.ac: Fixed copy-and-paste errors in shared library
3413 * config.make.in (LIBNETTLE_SONAME, LIBHOGWEED_SONAME): Define.
3415 * Makefile.in (libnettle.so, libhogweed.so): Fixed rules.
3417 * Makefile.in: Split nettle library into two files, libnettle.a
3418 and libhogweed.a, and similarly for the shared libraries.
3420 * configure.ac: Bumped nettle so-versions to 3.0. Set hogweed
3421 so-versions to 1.0. New makefile conditionals IF_SHARED and
3422 IF_HOGWEED. Renamed WITH_PUBLIC_KEY to WITH_HOGWEED. Deleted
3423 SHLIBTARGET, SHLIBINSTALL, RSA_EXAMPLES and RSA_TOOLS.
3425 * config.make.in: Updated for hogweed split.
3427 * C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
3428 Makefile sorts out which files should be compiled.
3430 * pgp.h: Include bignum.h, don't pretend to work without bignums.
3432 * pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
3433 (pgp_put_rsa_sha1_signature): Define unconditionally. Removed the
3434 checking of HAVE_LIBGMP and WITH_PUBLIC_KEY.
3436 * examples/io.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
3437 * examples/io.c (read_rsa_key): Deleted, moved to...
3438 * examples/read_rsa_key.c: New file, extracted from io.c.
3440 * examples/Makefile.in: Use IF_HOGWEED instead of RSA_EXAMPLES.
3441 Link appropriate programs with -lhogweed.
3442 (SOURCES): Added read_rsa_key.c.
3444 * tools/Makefile.in (pkcs1-conv): Use IF_HOGWEED, not @RSA_TOOLS@,
3445 for configuration. Link with -lhogweed.
3447 * testsuite/testutils.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
3448 * testsuite/testutils.c: Likewise.
3450 * testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
3451 Separate test cases using nettle and those also using hogweed.
3453 2007-04-05 Niels Möller <nisse@lysator.liu.se>
3455 * Moved in CVS tree. Also renamed directory sparc to sparc32.
3457 2007-02-24 Niels Möller <nisse@lysator.liu.se>
3459 * Makefile.in (clean-here): Remove .lib directory.
3460 (distclean-here): Remove machine.m4.
3462 2006-12-05 Niels Möller <nisse@lysator.liu.se>
3464 * configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.
3466 * config.make.in (datarootdir): New directory variable (for
3469 2006-11-28 Niels Möller <nisse@lysator.liu.se>
3471 * configure.ac: Bumped version to 1.16.
3473 * Released nettle-1.15.
3475 2006-11-27 Niels Möller <nisse@lysator.liu.se>
3477 * NEWS: New entry for nettle-1.15.
3479 * configure.ac (SHLIBMINOR): Bumped version. Library name is now
3482 * sha256.c: Changed copyright notice to use the LGPL.
3484 * Makefile.in (DISTFILES): Added COPYING.LIB.
3486 * COPYING.LIB: New file (previously only the plain GPL was
3487 included in the distribution).
3489 * nettle.texinfo: Updated vor nettle-1.15.
3491 * testsuite/rsa-test.c (test_main): Use test_rsa_sha256.
3492 * testsuite/testutils.c (test_rsa_sha256): New function.
3494 * testsuite/Makefile.in (DISTFILES): Replaces rfc1750.txt by
3497 * rsa.h (rsa_sha256_sign, rsa_sha256_verify)
3498 (rsa_sha256_sign_digest, rsa_sha256_verify_digest): New declarations.
3499 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased to
3500 62 octets and 489 bits, respectively, for supporting sha256.
3502 * pkcs1.h (pkcs1_rsa_sha256_encode)
3503 (pkcs1_rsa_sha256_encode_digest): New declarations and name
3506 * Makefile.in (nettle_SOURCES): Added pkcs1-rsa-sha256.c,
3507 rsa-sha256-sign.c, rsa-sha256-verify.c.
3509 * pkcs1-rsa-sha256.c, rsa-sha256-sign.c, rsa-sha256-verify.c: New
3512 * COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
3515 2006-11-27 Niels Möller <niels@s3.kth.se>
3517 * tools/Makefile.in (install): Use MKDIR_P to create installation
3518 directory. Install only one file at a time.
3520 * Makefile.in (MKDIR_P): Use MKDIR_P for creating installation
3523 * configure.ac: Use AC_PROG_MKDIR_P.
3525 2006-11-24 Niels Möller <nisse@lysator.liu.se>
3527 * testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
3528 file, instead of rfc1750.txt.
3530 * testsuite/gold-bug.txt: New test input file for yarrow-test.
3531 The copyright on this short story by Edgar Allan Poe has expired.
3533 * testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
3534 non-free, and it was expired anyway. Replaced by gold-bug.txt.
3536 2006-11-24 Niels Möller <niels@s3.kth.se>
3538 * Almost all header files: Added C++ guards.
3540 * configure.ac: Test if the system has any C++ compiler.
3542 * config.make.in (CXX, CXXFLAGS, COMPILE_CXX, LINK_CXX): New variables.
3544 * testsuite/Makefile.in: New variables TS_C and TS_CXX. Setup for
3545 compiling the C++ file cxx-test.cxx.
3547 * testsuite/cxx-test.cxx: New testcase, trying to use nettle from
3550 2006-08-28 Niels Möller <niels@s3.kth.se>
3552 * index.html: Added section on language bindings.
3554 2006-06-10 Niels Möller <niels@s3.kth.se>
3556 * configure.ac: Darwin shared library support, from Grant
3559 2006-05-18 Niels Möller <nisse@lysator.liu.se>
3561 * src/nettle/x86/aes.asm: Deleted unused file.
3563 * aes-decrypt.c (_aes_decrypt_table): Deleted the indexing array,
3564 previously commented out.
3565 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
3567 * Makefile.in (.texinfo.info, .dvi.ps): Use more quotes with
3569 (install-here, install-shared, install-info, install-headers): Use
3570 plain mkdir, not $(INSTALL) -d.
3572 2006-05-16 Niels Möller <niels@s3.kth.se>
3573 Merged from the lsh experimental branch.
3575 2006-04-26 Niels Möller <nisse@lysator.liu.se>
3577 * examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
3578 * examples/nettle-benchmark.c: Include "getopt.h".
3580 * examples/Makefile.in (GETOPT_OBJS): New variable.
3581 (rsa-keygen, rsa-encrypt, nettle-benchmark): Depend on and link
3582 with $(GETOPT_OBJS).
3584 * x86/aes-decrypt-internal.asm: Use ALIGN.
3585 * x86/aes-encrypt-internal.asm: Likewise.
3586 * x86/arcfour-crypt.asm: Likewise.
3587 * x86/md5-compress.asm: Likewise.
3588 * x86/sha1-compress.asm: Likewise.
3590 * config.m4.in (ASM_ALIGN_LOG): Substitute.
3591 * configure.ac (ASM_ALIGN_LOG): Check if .align directive is
3593 * asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
3594 expands to a .align directive.
3596 2006-04-21 Niels Möller <nisse@lysator.liu.se>
3598 * nettle.texinfo (Public-key algorithms): Say that the public key
3599 operations are undocumented, not unsupported. Reported by Jeronimo
3602 2006-04-08 Niels Möller <nisse@lysator.liu.se>
3604 * tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
3605 Reported by Henrik Grubbström.
3607 2006-01-31 Niels Möller <niels@s3.kth.se>
3609 * examples/rsa-verify.c: Fixed typo in usage message.
3611 2005-12-05 Niels Möller <nisse@lysator.liu.se>
3613 * configure.ac: Bumped version to 1.15,
3615 * Released nettle-1.14.
3617 * NEWS: Updated for 1.14.
3619 * configure.ac (SHLIBMINOR): Increased minor number. Library
3620 version is now libnettle.so.2.5, soname still libnettle.so.2.
3622 2005-11-28 Niels Möller <nisse@lysator.liu.se>
3624 * config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
3625 and friends here, to get a correct a relative filename for
3626 install-sh when used in tools/Makefile.
3628 * tools/Makefile.in (INSTALL): Substitute INSTALL, INSTALL_DATA
3630 * Makefile.in (INSTALL): Likewise.
3632 2005-11-27 Niels Möller <nisse@lysator.liu.se>
3634 * Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
3635 intermediate .dvi and .ps files.
3637 * testsuite/Makefile.in (clean): Delete sha1-huge-test.
3639 * Makefile.in (install-info, install-headers): Don't use $< and
3640 $?; Solaris make doesn't support them in explicit rules.
3642 2005-11-26 Niels Möller <nisse@lysator.liu.se>
3644 * testsuite/Makefile.in: Include .test-rules.make, which contains
3645 the rules for all the test executables.
3646 (test-rules): New rule, to update this file.
3647 (DISTFILES): Added $(EXTRA_SOURCES).
3649 * testsuite/.test-rules.make: Automatically generated file for
3650 building the test programs.
3652 2005-11-25 Niels Möller <nisse@lysator.liu.se>
3654 * configure.ac: Disable assembler when compiling with rntcl.
3656 * tools/Makefile.in (pkcs1_conv_SOURCES): New variable.
3657 (pkcs1-conv): Link with getopt.o and getopt1.o.
3659 * Makefile.in (aesdata, desdata, shadata): Use explicit rules for
3662 * testsuite/Makefile.in: Use %-rules for building the -test
3663 executables, in addition to the suffix rules. Hopefully, this
3664 should make all of GNU make, BSD make and Solaris make happy.
3665 Use $(EXEEXT) and $(OBJEXT) more consistently.
3667 * examples/Makefile.in: Use explicit rules for all executable
3668 targets. Use $(EXEEXT) and $(OBJEXT) more consistently.
3670 2005-11-25 Niels Möller <niels@s3.kth.se>
3672 * testsuite/Makefile.in: Avoid using single-suffix rule to build
3675 2005-11-24 Niels Möller <niels@s3.kth.se>
3677 * Makefile.in (distdir): Use [ -f, not [ -e, since the latter
3678 is less portable, and not supported by Solaris /bin/sh.
3680 2005-11-23 Niels Möller <niels@s3.kth.se>
3682 * testsuite/Makefile.in (DISTFILES): Added teardown-env.
3683 * testsuite/teardown-env: New file. Delete files created by the
3686 2005-11-21 Niels Möller <nisse@lysator.liu.se>
3688 * testsuite/testutils.c (main): Fixed check for -v option. Spotted
3691 2005-11-21 Niels Möller <niels@s3.kth.se>
3693 * ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.
3695 2005-11-20 Niels Möller <nisse@lysator.liu.se>
3697 * Makefile.in (nettle_SOURCES): Added der2rsa.c.
3699 * testsuite/Makefile.in (TS_SH): Added pkcs1-conv-test.
3701 * tools/Makefile.in (TARGETS): Added @RSA_TOOLS@.
3702 (SOURCES): Added pkcs1-conv.c.
3703 (pkcs1-conv): New rule.
3705 * tools/pkcs1-conv.c: New program.
3707 * testsuite/pkcs1-conv-test: New file.
3709 * examples/rsa-verify-test: Use rsa-sign to create signature.
3711 * examples/io.c (read_file): Fixed spelling in error message.
3713 * rsa.h (rsa_public_key_from_der_iterator)
3714 (rsa_private_key_from_der_iterator, rsa_keypair_from_der): Declare
3717 * der2rsa.c: New file.
3719 * der-iterator.c (asn1_der_iterator_init): Initialize length and
3721 (asn1_der_iterator_next): Support for lengths >= 0x80.
3722 (asn1_der_decode_constructed_last, asn1_der_decode_bitstring)
3723 (asn1_der_decode_bitstring_last): New functions.
3724 (asn1_der_get_bignum): Check for non-mininal encodings.
3726 * configure.ac (RSA_TOOLS): New substituted variable. Includes
3727 pkcs1-conv, when public-key support is enabled.
3729 * bignum.h (nettle_asn1_der_get_bignum): Include nettle_-prefix in
3732 * asn1.h: Added name mangling defines, and a few new declarations.
3734 2005-11-13 Niels Möller <nisse@lysator.liu.se>
3736 * Makefile.in (nettle_SOURCES): Added der-iterator.c.
3737 (HEADERS): Added asn1.h.
3739 * bignum.h (asn1_der_get_bignum): Declare function.
3741 * der-iterator.c: New file.
3744 2005-11-07 Niels Möller <nisse@lysator.liu.se>
3746 * examples/nettle-benchmark.c: Check HAVE_UNISTD_H.
3748 * examples/Makefile.in (TARGETS): Use $(EXEEXT).
3749 * tools/Makefile.in (TARGETS, sexp-conv, nettle-lfib-stream): Likewise.
3751 * configure.ac: Use $host_cpu, not $host, when setting up the
3752 assembler path. Use $host_os, not uname, when setting up shared
3755 * Makefile.in (des.$(OBJEXT)): Use OBJEXT.
3757 * config.guess, config.sub: In the CVS tree, moved files to the
3758 lsh top-level directory.
3760 2005-10-23 Niels Möller <nisse@lysator.liu.se>
3762 * sparc64/arcfour-crypt.asm: New file, almost the same as
3763 sparc/arcfour-crypt.asm.
3765 * examples/nettle-benchmark.c (display): Use two decimal places.
3767 * sparc/arcfour-crypt.asm: Reorganized. Main loop unrolled four
3768 times. Uses aligned 32-bit write accesses at DST. Still uses 8-bit
3769 read accesses at SRC; could be improved int he case that SRC and
3770 DST have compatible alignment.
3772 2005-10-19 Niels Möller <niels@s3.kth.se>
3774 * testsuite/arcfour-test.c (test_main): New testcase with 512
3777 2005-10-19 Niels Möller <nisse@lysator.liu.se>
3779 * sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
3780 must order the store at [CTX+I] before the load of [CTX+SI+SJ].
3782 2005-10-18 Niels Möller <nisse@lysator.liu.se>
3784 * sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
3785 have compatible alignment. Improves performance by 20%, but I'm
3786 not sure it's worth the extra complexity.
3788 * bignum.c (nettle_mpz_from_octets): Removed sign argument. If
3789 mpz_import is available, define nettle_mpz_from_octets as a macro
3791 (nettle_mpz_from_octets): Start by setting x to zero; callers no
3792 longer need to do that.
3793 (nettle_mpz_set_str_256_s): New logic for the handling of negative
3794 numbers. Convert in the same way as for positive numbers, and then
3795 subtract the appropriate power of two.
3797 2005-10-17 Niels Möller <nisse@lysator.liu.se>
3799 * bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
3800 digit temporary (suggested by Torbjörn Granlund).
3802 * sparc/arcfour-crypt.asm: Improved instruction scheduling.
3804 * sparc/arcfour-crypt.asm: Bugfix, use lduh and stuh.
3806 * sparc/arcfour-crypt.asm: New file.
3808 * sparc64/aes.asm: Deleted unused file.
3810 * x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
3811 * asm.m4 (ARCFOUR): New struct.
3813 2005-10-17 Niels Möller <niels@s3.kth.se>
3815 * aes-internal.h (struct aes_table): Deleted idx and sparc_idx
3817 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
3818 * aes-decrypt.c (_aes_decrypt_table): Likewise.
3819 * asm.m4 (AES): Likewise
3821 2005-10-16 Niels Möller <nisse@lysator.liu.se>
3823 * tools/input.c (sexp_get_char): Use unsigned for the done flag.
3825 * sparc64/aes-encrypt-internal.asm: Include sparc/aes.m4.
3826 * sparc64/aes-decrypt-internal.asm: Likewise.
3828 * sparc64/machine.m4: Use .register pseudo op to say that we use
3829 %g2 and %g3 as scratch registers.
3831 * sparc/aes-encrypt-internal.asm: Explicitly include sparc/aes.m4.
3832 * sparc/aes-decrypt-internal.asm: Likewise.
3834 * sparc/aes.m4: New file. Moved aes-related macros here...
3835 * sparc/machine.m4: ... removed aes macros.
3837 * x86/aes-encrypt-internal.asm: Explicitly include x86/aes.m4.
3838 * x86/aes-decrypt-internal.asm: Likewise.
3840 * x86/aes.m4: New file. Moved aes-related macros here, from...
3841 * x86/machine.m4: ... removed aes macros.
3843 * sparc64/aes-encrypt-internal.asm: New file.
3844 * sparc64/aes-decrypt-internal.asm: New file.
3846 * sparc64/machine.m4: Include the same aes macros used for
3848 (BIAS): Define magic stack bias constant.
3850 * sparc/aes-encrypt-internal.asm, sparc/aes-decrypt-internal.asm:
3851 Reduced frame size to 104 bytes, since we no longer need wtxt and
3854 * sparc/aes.asm: Deleted old aes implementation.
3856 * sparc/aes-decrypt-internal.asm: New file.
3858 * sparc/machine.m4: Don't use m4 eval, instead rely on the
3859 assembler's arithmetic.
3861 * sparc/machine.m4 (AES_FINAL_ROUND): Better scheduling, by
3862 interleaving independent operations.
3864 * sparc/machine.m4 (TMP3): A third temporary register.
3865 (AES_FINAL_ROUND): Prepared for scheduling.
3867 * sparc/machine.m4 (AES_ROUND): Deleted unused argument T. Updated
3868 all calls in aes-encrypt-internal.asm.
3870 * sparc/machine.m4 (AES_ROUND): New loop invariants T0-T3, to
3871 avoid the additions of the AES_TABLEx constants in the inner loop.
3873 * sparc/machine.m4 (AES_ROUND): Better scheduling, by
3874 interleaving independent operations.
3876 * sparc/machine.m4 (AES_ROUND): Alternate between using TMP1 and
3877 TMP2, to prepare for scheduling.
3879 * sparc/aes-encrypt-internal.asm: Renamed Ti -> Xi.
3881 * sparc/aes-encrypt-internal.asm: Fixed bugs. Now passes the
3884 * sparc/machine.m4 (AES_ROUND, AES_FINAL_ROUND): Bugfixes. Put
3885 NOPs in the load dely slots.
3887 * sparc/aes-encrypt-internal.asm: Implemented. Not yet working,
3890 * sparc/machine.m4: Use TMP1 and TMP2, so we don't need to pass
3892 (AES_FINAL_ROUND): New macro.
3894 2005-10-15 Niels Möller <nisse@lysator.liu.se>
3896 * configure.ac (OBJDUMP): Substitute the program false if objdump
3899 * asm.m4 (PROLOGUE): Use TYPE_FUNCTION.
3901 * config.m4.in: Substitute ASM_TYPE_FUNCTION as TYPE_FUNCTION.
3903 * configure.ac (ASM_ELF_STYLE): Check for %function and #function,
3904 but not for @function.
3905 (ASM_TYPE_FUNCTION): New substituted variable.
3907 * configure.ac (ASM_ELF_STYLE): Fixed .type foo,@function statement
3908 used when checking for pseudo operations.
3910 * sparc/machine.m4 (AES_LOAD, AES_ROUND): Started writing new AES
3913 * sparc/aes-encrypt-internal.asm: New file.
3915 2005-10-14 Niels Möller <nisse@lysator.liu.se>
3917 * x86/aes-decrypt.asm, x86/aes-encrypt.asm: Deleted files.
3919 * x86/aes-decrypt-internal.asm: New file.
3921 * x86/machine.m4: Changed AES macros, to handle a table register.
3922 Also take more of the used registers as argument.
3924 * x86/aes-encrypt-internal.asm: Rewritten to match new interface,
3925 with the table pointer as an argument. Unlike the old code, this
3926 should really be position independent.
3928 * configure.ac: When looking for assembler files, link in
3929 aes-encrypt-internal.asm and aes-decrypt-internal.asm. Don't look
3930 for aes.asm, aes-encrypt.asm and aes-decrypt.asm.
3932 * configure.ac (OBJDUMP): Use AC_CHECK_TOOL to check for objdump.
3933 (ASM_MARK_NOEXEC_STACK): Use $OBJDUMP when examining the object file.
3935 * Makefile.in (nettle_SOURCES): Removed aes.c,
3936 aes-decrypt-table.c. Added aes-decrypt-internal.c and aes-encrypt-internal.c.
3938 * aes.c, aes-decrypt-table.c: Deleted files.
3940 * aes-decrypt.c (_aes_decrypt_table): Moved table here, and made
3943 * aes-internal.h (_aes_decrypt_table): Don't declare, it's no
3944 longer globally visible.
3946 * aes-decrypt-internal.c (_nettle_aes_decrypt): New AES decryption
3947 function, analogous to _nettle_aes_encrypt.
3949 2005-10-14 Niels Möller <niels@s3.kth.se>
3951 * aes-internal.h (AES_ROUND, AES_FINAL_ROUND): New macros.
3953 * aes-encrypt-internal.c (_nettle_aes_encrypt): New AES encryption
3954 function, avoiding the table-based indexing.
3956 * sha1-compress.c: Added debugging code.
3957 * md5-compress.c: Likewise.
3959 2005-10-13 Niels Möller <niels@s3.kth.se>
3961 * config.m4.in (ASM_MARK_NOEXEC_STACK): Use a diversion, to
3962 substitute the value of ASM_MARK_NOEXEC_STACK at the end of each
3965 * configure.ac (ASM_MARK_NOEXEC_STACK): Check if the C compiler
3966 generates a .note.GNU-stack section. If so, we should do the same
3967 in our assembler files.
3969 * sparc64/aes.asm: New file. Copy of sparc/aes.asm, with minor
3970 changes to the stack frame layout. Patch contributed by Henrik
3971 Grubbström. Not yet tested.
3973 * x86/md5-compress.asm: Skip copying of input to the stack, and
3974 don't allocate space for it.
3977 * testsuite/md5-test.c: Document intermediate values for first
3980 * configure.ac (asm_path): Check for sparc64, and use sparc64
3981 subdirectory. Link in md5-compress.asm, if it exists.
3983 2005-10-13 Niels Möller <nisse@lysator.liu.se>
3985 * x86/md5-compress.asm (REF): Fixed calculation of offset.
3987 2005-10-12 Niels Möller <nisse@lysator.liu.se>
3989 * x86/machine.m4 (OFFSET): Moved macro, used to be in...
3990 * x86/sha1-compress.asm (OFFSET): ... removed macro.
3992 * x86/md5-compress.asm: New file, with first attempt at md5
3993 assembler. Not yet working.
3995 2005-10-11 Niels Möller <nisse@lysator.liu.se>
3997 * Makefile.in (nettle_SOURCES): Added md5-compress.c.
3999 * md5.c: Reorganized to use _nettle_md5_compress, in analogy with
4002 * md5-compress.c (_nettle_md5_compress): New file and new function.
4004 2005-10-10 Niels Möller <niels@s3.kth.se>
4006 * testsuite/Makefile.in (EXTRA_SOURCES, EXTRA_TARGETS): New
4007 variables, for test cases that are not run by default.
4009 * testsuite/sha1-huge-test.c (test_main): New test case, with a
4010 very large sha1 input.
4012 * testsuite/testutils.c (test_hash_large): New function.
4014 * sha1.c (sha1_block): Deleted function; inlined where used.
4015 (SHA1_INCR): New macro for incrementing the block count.
4017 2005-10-06 Niels Möller <nisse@lysator.liu.se>
4019 * configure.ac: Bumped version to 1.14.
4021 * Released nettle-1.13.
4023 * configure.ac: Check for openssl/aes.h.
4025 * Makefile.in (distdir): Use a loop to pick up the contents of
4026 $(DISTFILES) from source and build directories. For some reason,
4027 $? failed to find stamp-h.in in the source directory.
4029 2005-10-05 Niels Möller <nisse@lysator.liu.se>
4031 * x86/aes-decrypt.asm: Use C_NAME(_nettle_aes_decrypt_table) when
4032 using the AES_SUBST_BYTE macro. Use PROLOGUE and EPILOGUE.
4033 * x86/sha1-compress.asm: Use PROLOGUE and EPILOGUE.
4034 * x86/arcfour-crypt.asm: Likewise.
4035 * x86/aes-encrypt.asm: Likewise.
4037 * config.m4.in (ELF_STYLE): Substitute configure's ASM_ELF_STYLE.
4039 * asm.m4 (PROLOGUE, EPILOGUE): New macros, checking the value of
4040 ELF_STYLE. So far, used and tested only for the x86 assembler
4041 files, and needed to make the assembler happy both with ELF
4042 (linux, solaris) and COFF (windows).
4044 * configure.ac (NM): Use AC_CHECK_TOOL to check for nm.
4045 (ASM_SYMBOL_PREFIX): Use $NM when examining the object file.
4046 (ASM_ELF_STYLE): New variable. Set to 'yes' if assembling a file
4047 with ELF-style .type and .size pseudo ops works.
4049 * Makefile.in (TARGETS, DISTFILES): Added nettle.pdf.
4050 (.texinfo.dvi, .dvi.ps, .ps.pdf): New targets, to build nettle.pdf.
4051 (DOCTARGETS): New variable with targets that shouldn't be deleted
4053 (maintainer-clean-here): New target. Deletes generated
4054 documentation files.
4056 * nettle.texinfo: Define AUTHOR with accents, when running in TeX
4057 mode, which doesn't handle latin-1 properly. Set UPDATED-FOR to
4058 1.13. Updated copyright years, and introduced a COPYRIGHT-YEARS
4059 symbol. Updated copyright section, to mention assembler
4061 (Cipher modes): Transformed the Cipher Block Chaining to a section
4062 Cipher modes, describing both CBC and the new CTR mode.
4064 * src/nettle/x86/aes_tables.asm: Deleted unused file.
4066 * x86/aes.asm: Deleted contents. This file is needed just to
4067 override aes.c, which isn't needed for the x86 implementation.
4069 * configure.ac (SHLIBMINOR): Increased minor number. Library
4070 version is now libnettle.so.2.4, soname still libnettle.so.2.
4072 * examples/nettle-benchmark.c (main): Reordered hash benchmarks.
4074 * x86/sha1-compress.asm (EXPAND): Use % 16 instead of & 15 to
4075 compute offsets mod 16, since m4 on FreeBSD 49.RELEASE and NetBSD
4076 doesn't implement & correctly in eval.
4078 2005-10-03 Niels Möller <nisse@lysator.liu.se>
4080 * x86/sha1-compress.asm (OFFSET): New macro.
4081 (F3): Eliminated a movl.
4082 (ROUND): New argument, for k. When using F3, it's TMP3, on the
4083 stack, otherwise, it is kept in TMP2, a register.
4085 2005-10-03 Niels Möller <niels@s3.kth.se>
4087 * examples/nettle-openssl.c: Use correct block sizes for openssl
4090 * examples/nettle-benchmark.c: Also display cycles per block.
4092 2005-10-02 Niels Möller <nisse@lysator.liu.se>
4094 * sha1-compress.c (_nettle_sha1_compress): Updated to new
4095 interface. Now responsible for byte conversion.
4097 * x86/sha1-compress.asm (_nettle_sha1_compress): Do byte order
4098 conversion, and store the input data on the stack. This leaves one
4099 more register free for other uses.
4101 * examples/nettle-benchmark.c: Now display cycles/byte, if the -f
4102 option is used to say what the clock frequency is.
4104 * sha1.c (sha1_block): Don't convert data from uint8_t to
4105 uint32_t, that's now the responsibility of _nettle_sha1_compress.
4107 * sha.h (_nettle_sha1_compress): Changed interface. Second
4108 argument is now a pointer to the input data in unaligned,
4111 2005-09-28 Niels Möller <niels@s3.kth.se>
4113 * sha1.c (sha1_final): Call sha1_block, don't call the compression
4114 function _nettle_sha1_compress directly.
4116 * nettle-internal.h (nettle_openssl_md5)
4117 (nettle_openssl_sha1): Declare.
4119 * examples/nettle-benchmark.c (main): Benchmark openssl md5 and
4122 * examples/nettle-openssl.c (nettle_openssl_md5)
4123 (nettle_openssl_sha1): Added glue for openssl hash functions.
4125 * nettle-internal.h (nettle_openssl_aes128, nettle_openssl_aes192)
4126 (nettle_openssl_aes256, nettle_openssl_arcfour128): Declare.
4128 * examples/nettle-benchmark.c: Check WITH_OPENSSL, not
4129 HAVE_LIBCRYPTO. Benchmark openssl's aes and arcfour code.
4131 * examples/nettle-openssl.c: Updated openssl des glue to use the
4132 new openssl des interface. Added glue for arcfour and aes.
4134 2005-09-27 Niels Möller <nisse@lysator.liu.se>
4136 * nettle.texinfo (RSA): Improved text about the RSA patent.
4137 Use @documentencoding ISO-8859-1.
4139 2005-09-07 Niels Möller <niels@s3.kth.se>
4141 * tools/sexp-conv.c (parse_options): New option --raw-hash, for
4142 compatibility with lsh-1.x. Equivalent to --hash.
4144 2005-09-06 Niels Möller <niels@s3.kth.se>
4146 * tools/sexp-conv.c (main): With --hash, output a newline after
4149 2005-07-02 Niels Möller <nisse@lysator.liu.se>
4151 * testsuite/Makefile.in (TS_SOURCES): Added ctr-test.c.
4153 * testsuite/testutils.c (test_cipher_ctr): New function.
4155 * testsuite/ctr-test.c: New file.
4157 * testsuite/cbc-test.c (test_main): Use static const for msg.
4159 * Makefile.in (nettle_SOURCES): Added ctr.c.
4160 (HEADERS): Added ctr.h.
4161 (HEADERS): Added nettle-types.h.
4162 (INSTALL_HEADERS): Install nettle-stdint.h.
4163 (distclean-here): Delete nettle-stdint.h, not nettle-types.h.
4165 * ctr.c (ctr_crypt): New file, new function.
4167 * memxor.c (memxor3): New function, suggested by Adam Langley.
4169 * nettle-internal.h (NETTLE_MAX_CIPHER_BLOCK_SIZE): New constant.
4171 * nettle.texinfo (Cipher functions): Fixed typo in prototype for
4172 arctwo_encrypt (noticed by Adam Langley).
4174 * nettle-meta.h: No longer needs to include cbc.h.
4176 * cbc.h (nettle_crypt_func): Moved typedef to nettle-types.h.
4177 (CBC_ENCRYPT, CBC_DECRYPT): Deleted older #if:ed out versions.
4179 * configure.ac (AX_CREATE_STDINT_H): Use the file name
4180 nettle-stdint.h, not nettle-types.h.
4182 * nettle-types.h: New file. Automatically generated declarations
4183 are now in nettle-stdint.h.
4185 2005-03-17 Niels Möller <niels@s3.kth.se>
4187 * config.guess: Support Solaris on x86_64. Fix by Henrik
4190 2005-01-03 Niels Möller <niels@s3.kth.se>
4192 * examples/io.h: Include RSA declarations only when public key
4193 algorithms are enabled. Problem reported by Meilof Veeningen
4196 2004-12-07 Niels Möller <nisse@lysator.liu.se>
4198 * Makefile.in: Install directories, using $(INSTALL) -d, only if
4199 they don't exist already.
4201 2004-12-05 Niels Möller <nisse@lysator.liu.se>
4203 * config.make.in (.PRECIOUS): Reverted earlier change. We need
4204 .PRECIOUS to stop GNU make from deleting object files for the test
4207 2004-12-02 Niels Möller <nisse@lysator.liu.se>
4209 * Makefile.in (.SUFFIXES): Moved from Makefile.in to...
4210 * config.make.in (.SUFFIXES): ... here. This helps compilation
4212 * testsuite/Makefile.in (.SUFFIXES): Deleted target.
4214 * config.make.in (.c): Disable default rule for BSD-make.
4216 * Makefile.in (all check install uninstall)
4217 (clean distclean mostlyclean maintainer-clean): Don't use the -C
4218 flag when invoking make, for compatibility with Solaris make.
4220 2004-12-02 Niels Möller <niels@s3.kth.se>
4222 * Makefile.in (aesdata, desdata): Commented out the explicit
4224 (shadata): Avoid using $< in non-pattern rule.
4226 2004-12-01 Niels Möller <nisse@lysator.liu.se>
4228 * config.make.in: Added a default target.
4230 2004-11-29 Niels Möller <nisse@lysator.liu.se>
4232 * testsuite/Makefile.in: Use .$(OBJEXT). Explicitly set .SUFFIXES.
4234 * Makefile.in: Use .$(OBJEXT).
4236 2004-11-28 Niels Möller <nisse@lysator.liu.se>
4238 * tools/Makefile.in (nettle-lfib-stream): Avoid using $< in
4241 * Makefile.in (distdir): Handle absolute $distdir.
4242 Avoid using the GNU extension $^.
4244 * examples/Makefile.in: Avoid using the GNU extension $^.
4245 * tools/Makefile.in: Likewise.
4246 * testsuite/Makefile.in: Likewise.
4248 2004-11-24 Niels Möller <niels@s3.kth.se>
4250 * configure.ac: Fixed typo, preventing the creation of dependency
4253 2004-11-23 Niels Möller <nisse@lysator.liu.se>
4255 * Makefile.in: Use DEP_INCLUDE.
4256 * tools/Makefile.in: Likewise.
4257 * testsuite/Makefile.in: Likewise.
4258 * examples/Makefile.in: Likewise.
4260 * configure.ac (dummy-dep-files): Generate only of dependency
4261 tracking is enabled.
4263 2004-11-18 Niels Möller <nisse@lysator.liu.se>
4265 * Makefile.in (clean-here): The clean target should not delete the
4266 dependency files. Moved to the distclean target.
4267 * examples/Makefile.in: Likewise.
4268 * testsuite/Makefile.in: Likewise.
4269 * tools/Makefile.in: Likewise.
4271 * configure.ac (ASM_SYMBOL_PREFIX): Fixed test.
4272 (dummy-dep-files): Added quotes to sed command.
4274 2004-11-17 Niels Möller <nisse@lysator.liu.se>
4276 * testsuite/symbols-test: Try plain nm if nm -g doesn't work.
4278 * x86/sha1-compress.asm: Use C_NAME for global symbols.
4279 * x86/aes-encrypt.asm: Likewise.
4280 * x86/aes-decrypt.asm: Likewise.
4281 * x86/arcfour-crypt.asm: Likewise.
4283 * Makefile.in (config.m4): New rule.
4285 * config.m4.in (C_NAME): New macro.
4287 * configure.ac (ASM_SYMBOL_PREFIX): Check if global symbols have a
4290 2004-11-16 Niels Möller <nisse@lysator.liu.se>
4292 * Deleted getopt.c, getopt.h and getopt1.c from the CVS tree. Link
4293 them from shared copies in lsh/misc instead.
4295 2004-11-14 Niels Möller <nisse@lysator.liu.se>
4297 * Makefile.in (DEP_FILES): Try include with only one macro
4298 argument to be expanted.
4300 * configure.ac (dummy-dep-files): Create dummy dependency files,
4301 so that they can be included by the makefiles.
4303 2004-11-13 Niels Möller <nisse@lysator.liu.se>
4305 * Makefile.in: Don't use -include, as it's GNU make specific.
4306 * examples/Makefile.in, tools/Makefile.in, testsuite/Makefile.in:
4309 * examples/nettle-openssl.c: Check WITH_OPENSSL, not HAVE_LIBCRYPTO.
4311 * configure.ac: Check for individual openssl headers blowfish.h,
4312 cast.h, des.h. Renamed symbol HAVE_LIBCRYPTO to WITH_OPENSSL. New
4313 configure option --disable-openssl.
4315 2004-11-04 Niels Möller <nisse@lysator.liu.se>
4317 * configure.ac: Bumped version to 1.13.
4319 * Released nettle-1.12.
4321 2004-11-04 Niels Möller <niels@s3.kth.se>
4323 * nettle.texinfo (UPDATED-FOR): Bumped to 1.12.
4325 2004-11-02 Niels Möller <nisse@lysator.liu.se>
4327 * nettle.texinfo (Cipher functions): Updated AES documentation,
4328 for aes_set_encrypt_key and aes_set_decrypt_key.
4329 (UPDATED-FOR): Set to 1.11. I think the manual should be updated
4330 with all user-visible changes.
4332 * aclocal.m4 (LSH_DEPENDENCY_TRACKING): Need extra quoting in case
4333 pattern. (This file really lives in the lsh tree, as
4334 lsh/acinclude.m4. For a complete ChangeLog, see lsh/Changelog).
4336 2004-10-26 Niels Möller <nisse@lysator.liu.se>
4338 * configure.ac: Bumped version to 1.12.
4340 * Released nettle-1.11.
4342 * Makefile.in (clean-here): Delete *.s files.
4343 (PRE_CPPFLAGS): Use this variable, not INCLUDES. Removed
4346 * x86/arcfour-crypt.asm: Use movzbl when extending %cl to 32 bits.
4348 2004-10-24 Niels Möller <nisse@lysator.liu.se>
4350 * x86/arcfour-crypt.asm: Reverted the latest two changes; update
4351 bost src and dst pointers in the loop, and use plain addb when
4352 updating j. These two previous changes slowed the code down on AMD
4355 2004-10-21 Niels Möller <nisse@lysator.liu.se>
4357 * Makefile.in (install-shared): Use $(INSTALL_PROGRAM).
4359 * configure.ac (SHLIBMINOR): Updated, shared library version is
4360 now libnettle.so.2.3, soname still libnettle.so.2.
4362 * Makefile.in (DISTFILES): Added asm.m4.
4364 2004-10-21 Niels Möller <niels@s3.kth.se>
4366 * examples/Makefile.in: Deleted all configure-related rules,
4367 except the one rebuilding this Makefile. One should run make at
4368 top level if other configure related files change.
4369 * tools/Makefile.in: Likewise.
4370 * testsuite/Makefile.in: Likewise.
4372 * configure.ac: Replaced AC_OUTPUT(list...) with an AC_OUTPUT
4373 without arguments, and AC_CONFIG_FILES listing the files.
4375 * Makefile.in: Changed the assembler rules as suffix rules.
4376 Rewrote the configure-related rules, mostly based on the example
4377 in the autoconf manual.
4379 2004-10-20 Niels Möller <nisse@lysator.liu.se>
4381 * examples/nettle-openssl.c (NCOMPAT): Disable openssl backwards
4384 * config.make.in: Insert $(PRE_CPPFLAGS) and $(PRE_LDFLAGS) before
4385 $(CPPFLAGS) and $(LDFLAGS). This mechanism replaces $(INCLUDES).
4387 * examples/Makefile.in (PRE_CPPFLAGS, PRE_LDFLAGS): Use these
4388 flags to get -I.. and -L.. early on the command line.
4389 * testsuite/Makefile.in: Likewise
4390 * tools/Makefile.in: Likewise.
4392 2004-10-20 Niels Möller <niels@s3.kth.se>
4394 * Makefile.in: In the assembler rules, there's no need to look in
4395 $(srcdir) for the input file.
4397 * x86/arcfour-crypt.asm: Reduced inner loop by one instruction, by
4398 precomputing the offset between src and dst.
4400 * tools/Makefile.in (.c.$(OBJEXT)): Removed redundant -I.. flag.
4402 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replaced addb ->
4403 addl + andl $0xff, improving speed on PPro by another 15%.
4405 2004-10-20 Niels Möller <nisse@lysator.liu.se>
4407 * tools/Makefile.in (install): Support DESTDIR.
4408 (uninstall): New target.
4410 * testsuite/Makefile.in (uninstall): New dummy target.
4412 * config.sub: Copied from automake-1.8.5.
4414 * examples/Makefile.in (SOURCES): Added rsa-sign.c and rsa-verify.c.
4415 (DISTFILES): Added getopt.h.
4416 (install uninstall): New dummy targets.
4418 * config.make.in (.PHONY): Added more targets.
4420 * Makefile.in (.texinfo.info, .texinfo.html): New targets. Added
4421 support for uninstall and DESTDIR. Various fixes to install and
4424 * examples/Makefile.in (INCLUDES): Added -I flags.
4425 (distdir): Use $^ to refer to the files.
4426 (distclean): New target.
4427 * testsuite/Makefile.in: Likewise.
4428 * tools/Makefile.in: Likewise.
4430 * Makefile.in (INCLUDES): Need -I flags for VPATH build.
4431 (clean distclean mostlyclean maintainer-clean): Clean
4432 subdirectories first.
4433 (DISTFILES): Added a bunch of files.
4434 (des_headers): Added desCore rules.
4435 (install-here): Split off target install-headers, which uses $^ to
4437 (distdir): Use $^ to refer to the files.
4440 * config.make.in (COMPILE): Add $(INCLUDE) to the line.
4442 2004-10-19 Niels Möller <nisse@lysator.liu.se>
4444 Stop using automake. Replaced each Makefile.am with a hand-written
4446 * configure.ac: New output variable CCPIC_MAYBE. New output file
4447 config.make. Replaced automake constructions.
4448 * .bootstrap: Don't run aclocal and automake.
4449 * config.make.in: New file, with shared Makefile variables and rules.
4451 2004-10-18 Niels Möller <nisse@lysator.liu.se>
4453 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replace incb ->
4454 incl + andl, to improve speed on PPro and PII. Suggested by
4457 2004-10-08 Niels Möller <niels@s3.kth.se>
4459 * examples/rsa-encrypt-test: Avoid reading and executing a file at
4461 * examples/setup-env: Likewise.
4463 2004-10-06 Niels Möller <niels@s3.kth.se>
4465 * testsuite/symbols-test: Ignore __i686.get_pc_thunk.bx and
4468 2004-10-05 Niels Möller <nisse@lysator.liu.se>
4470 * twofish.c (q_table): Use a const pointer array.
4472 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Use a const pointer
4473 array for the keywords.
4474 (dsa_signature_from_sexp): Likewise.
4475 * sexp2rsa.c (rsa_keypair_from_sexp_alist): Likewise.
4476 (rsa_keypair_from_sexp): Likewise.
4478 * sexp.c (sexp_iterator_check_types): Use an argument of type
4479 "const uint8_t * const *" for the types list.
4480 (sexp_iterator_assoc): Likewise, for the keys list.
4482 * list-obj-sizes.awk: Fixes to handle multiple .data and .rodata
4483 sections. Also fixed to handle the last file correctly.
4485 2004-09-23 Niels Möller <nisse@lysator.liu.se>
4487 * configure.ac (SHLIBLINK, SHLIBLIBS): On cygwin, linking needs
4488 -Wl,--whole-archive $(OBJECTS) -Wl,--no-whole-archive $(LIBS).
4490 2004-09-22 Niels Möller <niels@s3.kth.se>
4492 * configure.ac: Setup SHLIBFORLINK and friends for cygwin.
4494 * list-obj-sizes.awk: Strip *_a-prefix from all file names.
4496 * Makefile.am (libnettle_a_SOURCES): List only .c files. Headers
4497 moved to noinst_HEADERS.
4498 (SHLIBOBJECTS): Substitute from libnettle_a_SOURCES, not
4499 am_libnettle_a_OBJECTS, since the latter includes
4500 libnettle_a-prefixes with some automake versions.
4501 (SHLIBSONAME): Check if this name is empty, which is the case on
4502 cygwin, before using it.
4504 2004-08-31 Niels Möller <nisse@lysator.liu.se>
4506 * configure.ac: New command line option --disable-pic. Use
4509 * Makefile.am (libnettle_a_CFLAGS): Added $(CCPIC), to attempt to
4510 build also the static library as position independent code.
4512 2004-08-24 Niels Möller <nisse@lysator.liu.se>
4514 * des-compat.c (des_cbc_cksum): Pad input with NUL's, if it's not
4515 an integral number of blocks.
4517 2004-08-24 Niels Möller <niels@s3.kth.se>
4519 * testsuite/arctwo-test.c, arctwo.h, arctwo.c
4520 (arctwo_set_key_ekb): Fixed typo; it should be "ekb", not "ebk".
4522 Integrated arctwo patch from Simon Josefsson.
4523 * testsuite/Makefile.am (noinst_PROGRAMS): Added arctwo-test.
4525 * Makefile.am (libnettleinclude_HEADERS): Added arctwo.h.
4526 (libnettle_a_SOURCES): Added arctwo.c, arctwo.h and arctwo-meta.c.
4528 * nettle-meta.h (nettle_arctwo40, nettle_arctwo64)
4529 (nettle_arctwo64, nettle_arctwo_gutmann128): Declare ciphers.
4531 * arctwo-meta.c, arctwo.c, arctwo.h, testsuite/arctwo-test.c: New
4534 * macros.h (LE_READ_UINT16, LE_WRITE_UINT16): New macros.
4536 2004-08-23 Niels Möller <nisse@lysator.liu.se>
4538 * testsuite/md5-test.c (test_main): Added collision, found in 2004.
4539 (test_main): Added second collision.
4541 2004-08-23 Niels Möller <niels@s3.kth.se>
4543 * testsuite/md5-test.c (test_main): Added first half of a
4544 collision test case.
4546 * des-compat.c (des_cbc_cksum): Changed input argument to be of
4547 type const uint8_t * (was const des_cblock *).
4549 * des-compat.h (const_des_cblock): New bogus type. Disabled use of
4550 const, for compatibility with openssl.
4552 2004-06-08 Niels Möller <niels@s3.kth.se>
4554 * aesdata.c: Renamed log and ilog to gf2_log and gf2_exp.
4556 2004-04-07 Niels Möller <nisse@lysator.liu.se>
4558 * aes-set-encrypt-key.c (log, ilog): Deleted unused tables.
4560 * aes-set-decrypt-key.c (gf2_log, gf2_exp, mult): Renamed tables,
4563 2004-03-20 Niels Möller <nisse@lysator.liu.se>
4565 * configure.ac: Use AC_CONFIG_AUX_DIR([.]).
4567 2004-03-18 Niels Möller <niels@s3.kth.se>
4569 * examples/io.c (read_file): Display a message if fopen fails.
4571 2004-03-05 Niels Möller <nisse@lysator.liu.se>
4573 * Released nettle-1.10.
4575 * configure.ac (SHLIBMINOR): Shared library version is now 2.2.
4577 2004-03-04 Niels Möller <nisse@lysator.liu.se>
4579 * testsuite/symbols-test: Pass -g flag to nm.
4581 2004-03-02 Niels Möller <nisse@lysator.liu.se>
4583 * configure.ac: Fixed EXEEXT workaround.
4585 2004-03-02 Niels Möller <niels@s3.kth.se>
4587 * configure.ac: Added workaround to get the correct $(EXEEXT)=''
4588 when compiling with rntcl.
4590 2004-03-02 Niels Möller <nisse@lysator.liu.se>
4592 * testsuite/Makefile.am (noinst_PROGRAMS): Put test program list
4593 here, to let automake add $(EXEEXT).
4595 * configure.ac (RSA_EXAMPLES): Append $(EXEEXT) to the filenames.
4597 2004-03-01 Niels Möller <nisse@lysator.liu.se>
4599 * examples/rsa-keygen.c, examples/rsa-encrypt.c,
4600 examples/rsa-decrypt.c: Include "getopt.h" instead of <unistd.h>.
4602 * examples/Makefile.am (rsa_encrypt_SOURCES, rsa_decrypt_SOURCES)
4603 (rsa_keygen_SOURCES): Added getopt.h, getopt.c and getopt1.c.
4605 * examples/getopt.h, examples/getopt.c, examples/getopt1.c: New
4608 * testsuite/des-compat-test.c: Don't include <unistd.h>.
4610 * testsuite/testutils.c (main): Don't use getopt. Then we don't
4611 need to include <unistd.h>.
4613 2004-03-01 Niels Möller <niels@s3.kth.se>
4615 * config.guess: Copied from automake-1.8.2. Hacked to recognize
4616 Windows_NT (and Windows_95 and Windows_98) running on "x86" and
4619 * install-sh: Removed from CVS repository. Let automake supply it.
4621 2004-02-26 Niels Möller <nisse@lysator.liu.se>
4623 * nettle-meta.h (nettle_crypt_func): Typedef moved to cbc.h.
4624 Include cbc.h instead.
4626 * des-compat.c: Reverted const change, now all the des_key_sched
4627 arguments are not const. This is also what openssl's interface
4629 (cbc_crypt_func): Deleted typedef, use nettle_crypt_func instead.
4631 * cbc.h (nettle_crypt_func): Moved typedef here.
4632 * cbc.c (cbc_encrypt, cbc_decrypt_internal, cbc_decrypt): Use it
4633 for typing the f argument. Reverted the const change, for
4634 compatibility with nettle_crypt_func.
4636 2004-02-25 Niels Möller <nisse@lysator.liu.se>
4638 * testsuite/des-compat-test.c: Use des_cblock for typing more of
4639 the variables. Use const. Got rid of most of the explicit casts.
4640 Disabled the input/output alignment tests.
4642 * des.c (des_encrypt, des_decrypt): Use a const context pointer.
4643 * des3.c (des3_encrypt, des3_decrypt): Likewise.
4645 * cbc.c (cbc_encrypt, cbc_decrypt): Use a _const_ void *ctx argument.
4647 * des-compat.c: Use const for all unchanged arguments.
4648 (des_key_sched): Use a copy of the key if we need to fix the
4651 * testsuite/des-compat-test.c (C_Block, Key_schedule): Deleted
4652 defines. Deleted some of the explicit casts.
4654 * des-compat.c (des_cbc_cksum): Dereference DST pointer.
4656 2004-02-25 Niels Möller <niels@s3.kth.se>
4658 * pgp.h: Include nettle-types.h.
4660 2004-02-24 Niels Möller <nisse@lysator.liu.se>
4662 * testsuite/symbols-test: Allow symbols starting with double
4663 underscores, like on darwin.
4665 2004-02-17 Niels Möller <niels@s3.kth.se>
4667 * Makefile.am: Protected %-rules used for building pure objects,
4668 and for assembler files, by automake conditionals. Needed for
4669 makes such as tru64's, which tries to understand %-patterns, but
4670 doesn't get it right.
4671 (SUFFIXES): Added .html.
4672 (.texinfo.html): Rewrote rule to use a traditional suffix target.
4674 * configure.ac (enable_assembler): Explicitly set
4675 enable_assembler=no, on architectures where we have no assembler
4677 (ENABLE_ASSEMBLER, ENABLE_SHARED): New automake conditionals.
4679 * testsuite/testutils.c (xalloc): xalloc(0) should work also on
4680 systems where malloc(0) returns NULL.
4682 2004-02-16 Niels Möller <niels@s3.kth.se>
4684 * Makefile.am (%.o: %.asm): Added comment about OSF1 make problem.
4686 2004-02-15 Niels Möller <nisse@lysator.liu.se>
4688 * testsuite/testutils.h: #include nettle-types.h instead of
4691 2004-02-12 Niels Möller <nisse@lysator.liu.se>
4693 * examples/rsa-encrypt-test: Use -r option when invoking
4694 rsa-encrypt. Needed for the test to work on systems with no
4697 2004-02-12 Niels Möller <niels@s3.kth.se>
4699 * configure.ac (CPPFLAGS, LDFLAGS): No spaces after -I and -L, as
4700 some C compilers, in particular True64 cc, don't like that.
4702 2004-02-08 Niels Möller <nisse@lysator.liu.se>
4704 * configure.ac: Bumped version number to 1.10.
4706 2004-02-07 Niels Möller <nisse@lysator.liu.se>
4708 * Released nettle-1.9.
4710 * configure.ac (SHLIBMINOR): Bumped, library version is now 2.1.
4712 * testsuite/sexp-format-test.c: Include bignum.h only if HAVE_LIBGMP.
4713 * testsuite/rsa-encrypt-test.c: Include rsa.h only if WITH_PUBLIC_KEY.
4714 * testsuite/pkcs1-test.c: Include pkcs1.h only if WITH_PUBLIC_KEY.
4716 * pgp-encode.c [!HAVE_LIBGMP]: Kludge around the pgp.h's
4717 dependency on gmp.h.
4718 (pgp_put_mpi): Condition on HAVE_LIBGMP.
4720 * pgp.h: Don't include bignum.h, to make it possible to compile
4721 the non-bignum parts of pgp-encode.c without bignum support. Needs
4722 to be fixed properly before the pgp interface is advertised.
4724 * tools/sexp-conv.c (xalloc): New function.
4727 * tools/output.c (sexp_put_digest): Use TMP_DECL instead of alloca.
4729 * testsuite/testutils.c (xalloc): New function. Made all other
4730 functions use xalloc instead of alloca.
4732 * examples/rsa-keygen.c (main): Use xalloc for allocation.
4733 * examples/rsa-encrypt.c (write_bignum): Likewise.
4734 * examples/rsa-decrypt.c (read_bignum): Likewise.
4735 * testsuite/yarrow-test.c (open_file): Likewise.
4736 * testsuite/rsa-encrypt-test.c (test_main): Likewise.
4737 * testsuite/bignum-test.c (test_bignum): Likewise.
4739 * examples/nettle-openssl.c: When calling des_key_sched and
4740 des_ecb_encrypt, cst arguments to (void *). Openssl's typedefs
4741 des_cblock and const_des_cblock are too broken.
4743 * examples/nettle-benchmark.c (xalloc): New function. Use instead
4744 of alloca, for better portability.
4746 * examples/io.c (xalloc): New function.
4748 * Makefile.am (nodist_libnettleinclude_HEADERS): nettle-types.h
4749 should not be distributed.
4751 2004-02-06 Niels Möller <niels@s3.kth.se>
4753 * x86/sha1-compress.asm: Rename round -> ROUND.
4755 * x86/sha1-compress.asm: Store the magic constants on stack.
4756 Accessing them via %esp should be a little faster than using large
4759 * Makefile.am (EXTRA_DIST, DISTCLEANFILES): Handle
4762 * configure.ac: Use assembler file sha1-compress.asm if available.
4764 * x86/sha1-compress.asm (EXPAND): Fixed the rotation part of the
4767 2004-02-06 Niels Möller <nisse@lysator.liu.se>
4769 * x86/sha1-compress.asm: Assembler implementation of
4770 sha1_compress. (Not yet working).
4772 * Makefile.am (libnettle_a_SOURCES): Added sha1-compress.c.
4774 * sha1.c (sha1_transform): Function renamed to sha1_compress, and
4776 * sha1-compress.c: ... New file.
4778 2004-02-05 Niels Möller <nisse@lysator.liu.se>
4780 * examples/rsa-encrypt.c (process_file): Copy the leftover to the
4781 start of the buffer, when preparing for the final processing.
4783 * examples/nettle-benchmark.c (bench_hash, time_hash): New functions.
4784 (main): Benchmark hash functions too.
4785 (BENCH_BLOCK): Increased 10K.
4786 (BENCH_INTERVAL): Decreased to 0.25s.
4788 * examples/nettle-benchmark.c (time_function): Loop around calling
4789 f, until 1s has elapsed. Returns seconds per call. Updated bench
4790 functions to not loop themselves.
4791 (display): Updated MB/s calculation.
4793 * testsuite/arcfour-test.c (test_main): Use test_cipher_stream.
4795 * testsuite/testutils.c (test_cipher_stream): New function, that
4796 tries dividing the input into varying size blocks before
4799 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Bug fix, half of
4800 the S array swap was forgotten.
4801 * arcfour.c (arcfour_stream): Likewise.
4802 * arcfour-crypt.c (arcfour_crypt): Likewise.
4804 2004-02-05 Niels Möller <niels@s3.kth.se>
4806 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Must store the new
4807 i, j at the end of the loop.
4809 * Makefile.am (EXTRA_DIST): Make sure x86 assembler files are
4811 (DISTCLEANFILES): And that the symlinks and .s files are deleted.
4813 * x86/aes-encrypt.asm, x86/aes-decrypt.asm, x86/arcfour-crypt.asm:
4814 Fixed debug information.
4816 * x86/arcfour-crypt.asm: New file. About three times faster than
4817 the optimized C code.
4819 * configure.ac: Use assembler file arcfour-crypt.asm if available.
4821 * arcfour.c (arcfour_crypt): Moved function too...
4822 * arcfour-crypt.c (arcfour_crypt): New file.
4824 * arcfour.c (arcfour_crypt): Optimization suggested by Jonas
4825 Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
4826 probably on other architectures as well.
4828 2004-01-31 Niels Möller <nisse@lysator.liu.se>
4830 * configure.ac (AX_CREATE_STDINT_H): Also look for uint32_t and
4831 friends in sys/types.h.
4833 2004-01-11 Niels Möller <nisse@harpo.hack.org>
4835 * Makefile.am (libnettleinclude_HEADERS): Added bignum.h,
4836 memxor.h, pkcs1.h and rsa-compat.h.
4838 * configure.ac: Bumped version to 1.9.
4840 2004-01-10 Niels Möller <nisse@harpo.hack.org>
4842 * Released nettle-1.8.
4844 * examples/teardown-env: Delete more test files.
4846 * nettle.texinfo (Hash functions): Documented md2 and md4.
4848 * configure.ac (SHLIBMAJOR): Bumped to 2.
4850 2004-01-09 Niels Möller <nisse@harpo.hack.org>
4852 * examples/rsa-encrypt-test: New testcase.
4854 * examples/rsa-encrypt.c, examples/rsa-session.h: Expanded the
4855 comment describing the file format, and moved to rsa-session.h.
4857 * examples/rsa-decrypt.c (process_file): Finished this function.
4858 (main): Initialize x. Check the size of the session key after rsa
4861 * examples/io.c (write_string): Treat short item count as an error.
4863 2004-01-08 Niels Möller <niels@s3.kth.se>
4865 * index.html: Added instructions for CVS access.
4867 * dsa-keygen.c (dsa_nist_gen): Fixed declaration/statement order.
4869 * rsa-keygen.c (bignum_next_prime): Fixed off-by-one error when
4870 comparing input to the largest listed prime. General cleanup, as
4871 prime_limit > 0 always. Use TMP_DECL and TMP_ALLOC.
4873 * nettle-internal.h (TMP_DECL, TMP_ALLOC): New macros. When alloca
4874 is unavailable, they work by allocating a fix amount of stack and
4875 imposing a hard limit on what can be allocated. Updated all users
4878 2004-01-07 Niels Möller <nisse@harpo.hack.org>
4880 * nettle-types.h: New (generated) file, to be used instead of
4881 including <inttypes.h> directly. Updated all users of inttypes.h.
4883 * Makefile.am (DISTCLEANFILES, libnettleinclude_HEADERS): Added
4886 * configure.ac (AX_CREATE_STDINT_H): Create nettle-types.h.
4888 2003-11-16 Niels Möller <nisse@harpo.hack.org>
4890 * yarrow256.c (yarrow256_seed): Use const for the seed_file input.
4892 2003-11-12 Niels Möller <niels@s3.kth.se>
4894 * list-obj-sizes.awk: New function for decoding hex values, with a
4895 new function hex2int. Also implemented calculation of total
4896 storage, removed the dependence on the .comment section, and use
4897 the $FILTER environment variable as a regexp for restricting the
4898 object files that are considered.
4900 2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
4902 * testsuite/rsa-encrypt-test.c (test_main): Don't use gmp_printf,
4903 as it seems it's only available with the newer gmp. Use
4904 mpz_out_str instead.
4906 2003-09-19 Niels Möller <niels@s3.kth.se>
4908 * examples/Makefile.am (EXTRA_DIST): Added rsa-session.h.
4910 * tools/nettle-lfib-stream.c: New tool, which outputs a sequence
4911 of pseudorandom (non-cryptographic) bytes, using Knuth's lagged
4912 fibonacci generator.
4914 * examples/rsa-decrypt.c: Fixes to get the file to compile. It
4917 * examples/Makefile.am (EXTRA_PROGRAMS): Added rsa-encrypt and
4920 * examples/io.c (write_file): New function.
4921 (write_string): Simplified error check, it's no real point in
4922 calling ferror unless we also call fflush.
4924 * examples/rsa-keygen.c (main): Check return value from
4927 * examples/rsa-decrypt.c, examples/rsa-encrypt.c,
4928 examples/rsa-session.h: New files, demonstrating rsa encryption
4931 * configure.ac (RSA_EXAMPLES): Added rsa-encrypt and rsa-decrypt.
4933 2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
4935 * testsuite/testutils.c (print_hex): Use const.
4937 2003-08-30 Niels Möller <niels@s3.kth.se>
4939 * md2.c, md2.h: Added reference to RFC 1319.
4940 * md4.c, md4.h: Added reference to RFC 1320
4942 2003-08-26 Niels Möller <niels@s3.kth.se>
4944 * Makefile.am: Added md2 and md5 files. Deleted the print-path
4947 * configure.ac: Bumped version to 1.8.
4949 * testsuite/testutils.c (test_rsa_set_key_1): New function.
4950 * testsuite/rsa-test.c (test_main): Use it.
4952 * testsuite/dsa-keygen-test.c: Deleted definition of UNUSED, it's
4954 * testsuite/rsa-keygen-test.c: Likewise.
4956 * testsuite/Makefile.am (TS_PROGS): Added rsa-encrypt-test,
4957 md4-test, and md2-test.
4959 * testsuite/rsa-encrypt-test.c, testsuite/md4-test.c,
4960 testsuite/md2-test.c: New test cases.
4962 * nettle-meta.h: Declare nettle_md2 and nettle_md4.
4964 * md5.c: Reorderd functions, putting md5_final at the end.
4966 * md2.c, md2.h, md2-meta.c: New files, implemented md2.
4967 * md4.c, md4.h, md4-meta.c: New files, implemented md4.
4969 2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
4971 * desCode.h (des_keymap, des_bigmap): Deleted extern declarations,
4972 they conficted with the static definition in des.c. Reported by
4975 * des.c (DesSmallFipsEncrypt, DesSmallFipsDecrypt): Moved
4976 definitions after the definition of the des_kemap array.
4978 2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
4980 * rsa-encrypt.c (rsa_encrypt): Bugfix contributed by
4983 2003-06-10 Niels Möller <niels@s3.kth.se>
4985 * Makefile.am (EXTRA_DIST): Distribute sha-example.c.
4987 2003-06-05 Niels Möller <nisse@lysator.liu.se>
4989 * Makefile.am (DISTCLEANFILES): Delete .s files.
4991 2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
4993 * testsuite/symbols-test: And allow symbols that start at the
4994 beginning of the line, as output by AIX nm.
4996 2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
4998 * testsuite/symbols-test: Allow symbols to start with a dot.
5000 2003-05-14 Niels Möller <niels@s3.kth.se>
5002 * pgp.h (enum pgp_subpacket_tag): Copied values from RFC 2440.
5003 Renamed PGP_SUBPACKET_ISSUER to PGP_SUBPACKET_ISSUER_KEY_ID.
5005 2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
5007 * pgp.h: Do proper namemangling for pgp_put_public_rsa_key and
5008 pgp_put_rsa_sha1_signature.
5010 * pgp-encode.c (pgp_put_mpi): Fixed nettle_mpz_get_str_256 call.
5012 2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
5014 * rsa2openpgp.c (rsa_keypair_to_openpgp): Some bugfixes.
5016 * pgp.h (enum pgp_subpacket_tag): New enum. Definition is bogus
5017 and needs to be fixed.
5018 Added forward declarations of structs, and prototypes for
5019 pgp_put_public_rsa_key and pgp_put_rsa_sha1_signature.
5021 * pgp-encode.c (pgp_put_mpi): Take a const mpz_t argument. Gugfix,
5022 use nettle_mpz_get_str_256.
5023 (pgp_put_public_rsa_key, pgp_put_rsa_sha1_signature):
5024 Constification. Some bugfixes.
5026 * Use "config.h", not <config.h>.
5028 * Reordered includes in most or all .c-files. All should now
5031 2003-05-12 Niels Möller <niels@s3.kth.se>
5033 * configure.ac: Use LSH_FUNC_ALLOCA.
5035 2003-04-25 Niels Möller <niels@s3.kth.se>
5037 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha256.c.
5039 * testsuite/hmac-test.c (test_main): Added tests for hmac-sha256,
5040 from draft-ietf-ipsec-ciph-sha-256-01.txt.
5042 * hmac-sha256.c (hmac_sha256_digest): New file.
5044 2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
5046 * sha-example.c (display_hex): Simplified by using printf better.
5048 * nettle.texinfo (Example): Use @verbatiminclude to include the
5051 * sha-example.c: Example program, for inclusion in the manual.
5052 Fixed bugs reported by Mark Arking.
5054 2003-04-14 Niels Möller <niels@s3.kth.se>
5056 * x86/aes-encrypt.asm (nettle_aes_encrypt): Fixed references to
5057 _nettle_aes_encrypt_table.
5058 * x86/aes-decrypt.asm (nettle_aes_decrypt): Fixed references to
5059 _nettle_aes_decrypt_table.
5061 2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
5063 * testsuite/Makefile.am (TS_SH): New test case symbols-test.
5064 (EXTRA_PROGRAMS): Added testutils, as a kludge to
5065 get automake to track dependencies for testutils.o.
5067 * x86/aes-encrypt.asm (nettle_aes_encrypt): Renamed function to
5068 use the nettle_ prefix.
5069 * x86/aes-decrypt.asm (nettle_aes_decrypt): Likewise.
5070 * sparc/aes.asm (_nettle_aes_crypt): Likewise.
5072 * examples/Makefile.am (EXTRA_PROGRAMS): Add "io", as a kludge to
5073 get automake to track dependencies for io.o.
5074 (LDADD): Added ../libnettle.a, for the dependency.
5076 * des-compat.c: Use names with the nettle_ prefix when using
5077 Nettle's des functions.
5079 * base16-meta.c (base16_encode_update): Need to undef before
5082 * New name mangling, to reduce the risk of link collisions. All
5083 functions (except memxor) now use a nettle_ or _nettle prefix when
5084 seen by the linker. For most functions, the header file that
5085 declares a function also use #define to provide a shorter more
5086 readable name without the prefix.
5088 2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
5090 * Released nettle-1.7.
5092 * configure.ac: Bumped version to 1.7.
5094 * nettle.texinfo (DSA): New section.
5095 (RSA): Updated documentation.
5097 2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
5099 * examples/nettle-benchmark.c (time_cipher): Don't use GNU C
5100 non-constant initializers.
5102 2003-02-23 Niels Moller <nisse@carduelis>
5104 * configure.ac: Use LSH_GCC_ATTRIBUTES.
5106 2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
5108 * acinclude.m4: Deleted file from cvs, use a link to lsh's
5109 acinclude.m4 instead.
5111 2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
5113 * Makefile.am (libnettleinclude_HEADERS): Added macros.h.
5115 * tools/Makefile.am (EXTRA_DIST): Added getopt.h.
5117 2003-02-14 Niels Möller <niels@s3.kth.se>
5119 * Makefile.am (print_path): Added target to print the used PATH,
5121 (print-path): Moved dependency to all-local.
5123 2003-02-11 Niels Möller <niels@s3.kth.se>
5125 * buffer.c (nettle_buffer_copy): Bug fix, it didn't return any
5128 2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
5130 * testsuite/sexp-format-test.c (test_main): Added test for %( and
5133 * sexp-format.c (sexp_vformat): Handle %( and %).
5135 * realloc.c (nettle_xrealloc): Fixed out-of-memory check.
5137 * configure.ac (SHLIBMAJOR): Bumped version number to 1.
5139 * buffer.c (nettle_buffer_init_realloc): New function.
5140 * buffer-init.c (nettle_buffer_init): Use nettle_buffer_init_realloc.
5142 2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
5144 * testsuite/sexp-format-test.c (test_main): New test with tokens
5145 in the format string.
5146 (test_main): Test space-searated literals too.
5148 * rsa2sexp.c (rsa_keypair_to_sexp): New argument ALGORITHM_NAME.
5149 * examples/rsa-keygen.c (main): Updated call to rsa_keypair_to_sexp.
5150 * testsuite/rsa2sexp-test.c (test_main): Likewise.
5152 * sexp-format.c (sexp_vformat): Allow whitespace in format string.
5154 * rsa2sexp.c (rsa_keypair_to_sexp): Use literals with sexp_format.
5156 * sexp-format.c (format_string): New function.
5157 (sexp_vformat): Implemented support for literals in the format
5160 2003-02-06 Niels Möller <nisse@lysator.liu.se>
5162 * testsuite/sexp-conv-test (print_raw, print_nl): New functions.
5163 The testfunctions use these instead of using echo directly.
5164 Use the test input '3:"\x' instead of '2:"\', to be friendlier to
5167 2003-02-05 Niels Möller <nisse@lysator.liu.se>
5169 * des-compat.h (des_set_key): Different name mangling, if this
5170 file is included, des_set_key should refer to a function that
5171 behaves like openssl's.
5173 * des-compat.c (des_key_sched, des_is_weak_key): Use the name
5174 nettle_des_set_key for referring to Nettle's function.
5176 * des.h (des_set_key): Name mangling, linker symbols should use a
5177 "nettle_" prefix, and this one collided with openssl. Perhaps all
5178 symbols should be mangled in a similar way, but that's for later.
5180 * configure.ac (LDFLAGS): --with-lib-path should add to LDFLAGS,
5183 2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
5185 * tools/output.c (sexp_put_string): Fixed handling of escapable
5186 characters. The code generated random escape sequences for
5187 characters in the 0x10-0x1f range.
5189 * testsuite/sexp-conv-test: More tests for hex and base64 input
5192 2003-01-30 Niels Möller <niels@s3.kth.se>
5194 * sexp2bignum.c (nettle_mpz_set_sexp): Call sexp_iterator_next on
5195 success. That means the iterator argument can't be const.
5197 2003-01-29 Niels Möller <niels@s3.kth.se>
5199 * tools/Makefile.am (LDADD): Add libnettle.a, for the dependency.
5201 2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
5203 * sexp2dsa.c (dsa_signature_from_sexp): New function.
5205 RSA renaming. Updated all callers.
5206 * rsa-sign.c (rsa_private_key_init, rsa_private_key_clear)
5207 (rsa_private_key_prepare): Renamed functions.
5208 * rsa.c (rsa_public_key_init, rsa_public_key_clear)
5209 (rsa_public_key_prepare): Renamed functions.
5211 2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
5213 * Makefile.am (libnettle_a_SOURCES): Added new rsa and pkcs1
5214 files. Removed old rsa_md5.c and rsa_sha1.c.
5216 * testsuite/Makefile.am (TS_PROGS): Added pkcs1-test.
5218 * dsa-verify.c (dsa_verify_digest): New function.
5219 (dsa_verify): Most of the code moved to dsa_verify_digest, which
5221 * dsa-sign.c (dsa_sign_digest): New function.
5222 (dsa_sign): Most of the code moved to dsa_sign_digest, which is
5224 * dsa.c (_dsa_hash): Deleted function.
5226 * rsa_md5.c, rsa_sha1.c: Deleted files, contents spread over
5227 several files for signing and verification.
5228 * rsa-sign.c, rsa-sha1-verify.c, rsa-sha1-sign.c,
5229 rsa-md5-verify.c, rsa-md5-sign.c: New files.
5231 * rsa-sha1-verify.c (rsa_sha1_verify_digest): New function.
5232 * rsa-sha1-sign.c (rsa_sha1_sign_digest): New function.
5233 * rsa-md5-verify.c (rsa_md5_verify_digest): New function.
5234 * rsa-md5-sign.c (rsa_md5_sign_digest): New function.
5235 * rsa-verify.c (_rsa_verify): New file, new function.
5237 * rsa.c (_rsa_check_size): Renamed from rsa_check_size, and made
5238 non-static. Private key functions moved to rsa-sign.c.
5240 * pkcs1.c, pkcs1.h, pkcs1-rsa-md5.c, pkcs1-rsa-sha1.c: New files.
5241 (pkcs1_signature_prefix): New function.
5243 * testsuite/pkcs1-test.c: New test.
5245 2003-01-22 Niels Möller <niels@s3.kth.se>
5247 * examples/Makefile.am (nettle_benchmark_LDADD): Use
5250 * configure.ac (OPENSSL_LIBFLAGS): If libcrypto is found, add
5251 -lcrypto to OPENSSL_LIBFLAGS, not the plain LDFLAGS.
5253 2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
5255 * testsuite/Makefile.am (CLEANFILES): Delete test.in, test1.out
5258 2003-01-17 Niels Möller <niels@s3.kth.se>
5260 * examples/Makefile.am (AM_CPPFLAGS): Use AM_CPPFLAGS instead of
5262 * testsuite/Makefile.am (AM_CPPFLAGS): Likewise.
5264 2003-01-16 Niels Möller <niels@s3.kth.se>
5266 * testsuite/Makefile.am (check): Can't use quotes around
5269 2003-01-14 Niels Möller <nisse@lysator.liu.se>
5271 * testsuite/Makefile.am (check): Don't use "run-tests" as a
5272 target, as it's confused with the file with the same name.
5274 * .bootstrap: Added missing #! /bin/sh.
5276 2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
5278 * buffer.c (nettle_buffer_reset): New function.
5279 (nettle_buffer_copy): New function.
5281 * tools/input.c, tools/input.h, tools/output.c, tools/output.h,
5282 tools/parse.c, tools/parse.h, tools/misc.c, tools/misc.h: Moved
5283 parts ov sexp-conv.c to separate files
5285 * tools/sexp-conv.c (sexp_convert_list): Inlined into
5288 * tools/sexp-conv.c (struct sexp_input): Deleted string attribute.
5289 Changed all related functions to take a struct nettle_buffer *
5291 (struct sexp_compound_token): New struct.
5292 (sexp_compound_token_init, sexp_compound_token_clear): New
5294 (struct sexp_parser): Added a struct sexp_compound_token
5295 attribute, as a temporary measure.
5296 (sexp_parse): Take a struct sexp_compound_token * as argument.
5297 Updated all callers. Simplified handling of display types and
5300 * tools/sexp-conv.c (struct sexp_parser): Renamed struct (was
5301 struct sexp_parse_state). Added input pointer. Updated users to
5302 not pass around both parser and input.
5303 (sexp_check_token): handle token == 0.
5304 (sexp_parse): Simplified a little by calling sexp_check_token
5307 * tools/sexp-conv.c (sexp_convert_string): Deleted function.
5308 (sexp_skip_token): Likewise.
5310 * tools/sexp-conv.c (enum sexp_token): New constant SEXP_DISPLAY.
5311 Start constants from 1, to keep 0 free for special uses.
5312 (struct sexp_parse_state): New struct for keeping track of parser
5314 (sexp_parse_init): New function.
5315 (sexp_check_token): New function, replacing sexp_skip_token.
5316 (sexp_parse): New function.
5317 (sexp_convert_item): Simplified by using sexp_parse.
5318 (sexp_convert_list): Use sexp_parse.
5321 2003-01-08 Niels Möller <niels@s3.kth.se>
5323 * tools/sexp-conv.c (parse_options): Initialize prefer_hex.
5325 2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
5327 * Makefile.am (des_headers): Refer to the desdata binary using
5330 2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
5332 * testsuite/sexp-conv-test: New tests for hex and base64 literal
5335 * tools/sexp-conv.c (sexp_put_string): Print binary strings using
5336 either hex or base 64 (in advanced mode).
5337 (parse_options): Implemented -s hex, for output using hex rather
5340 2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
5342 * testsuite/rsa2sexp-test.c: Don't include rsa.h (done by
5343 testutils.h, if enabled).
5344 * testsuite/sexp2rsa-test.c: Likewise.
5346 * rsa-decrypt.c: Make compilation conditional on WITH_PUBLIC_KEY.
5347 * rsa-encrypt.c: Likewise.
5348 * rsa-compat.c: Likewise.
5350 2002-12-04 Niels Möller <niels@s3.kth.se>
5352 * testsuite/Makefile.am (LDADD): Added path to ../libnettle.a,
5353 which is redundant except for the dependency.
5355 2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
5357 * testsuite/sexp-format-test.c (test_main): Use %0s instead of %z.
5360 * sexp-format.c (format_length_string): Deleted function.
5361 (format_string): Deleted function.
5362 (sexp_vformat): New %t specifier, formatting an optional display
5363 type. Deleted %z specifier. Instead, introduced a new modifier "0"
5364 that can be used with %s, %l and %t, which says that the data is
5367 * rsa2sexp.c (rsa_keypair_to_sexp): Use %0s rather than %z, when
5368 formatting s-expressions.
5370 * buffer.c (nettle_buffer_grow): Fixed assertion.
5372 2002-11-22 Niels Möller <niels@s3.kth.se>
5374 * buffer.c: Include assert.h.
5376 2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
5378 * testsuite/testutils.c (print_hex): Add line breaks.
5380 * Makefile.am (libnettleinclude_HEADERS): Added realloc.h.
5381 (libnettle_a_SOURCES): Added buffer-init.c and realloc.c.
5383 * sexp.c (sexp_iterator_exit_lists): New function, #if:ed out for
5386 * desdata.c: Include config.h, to get definition of UNUSED.
5387 * shadata.c: Likewise.
5389 * buffer.c (nettle_buffer_grow): New function, replacing
5391 (nettle_buffer_clear): Rewritten to use buffer->realloc.
5393 * buffer.h (struct nettle_buffer): Replaced the GROW function
5394 pointer with a nettle_realloc_func pointer and a
5396 (NETTLE_BUFFER_GROW): Deleted macro, use function instead.
5398 * buffer-init.c (nettle_buffer_init): Moved to a separate file.
5400 * realloc.c (nettle_realloc): New function.
5401 (nettle_xrealloc): New function.
5403 * realloc.h (nettle_realloc_func): New typedef.
5405 * configure.ac: Check for gcc:s __attribute__.
5407 2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
5409 * sexp2dsa.c, sexp2rsa.c: (macro GET): Check sign of parsed
5412 * sexp2bignum.c (nettle_mpz_set_sexp): In the first check against
5413 limit, added some margin to allow for sign octets.
5415 2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
5417 * testsuite/testutils.h (LDATA): Use sizeof instead of strlen. Now
5418 handles strings including NUL-characters. But works only with
5419 literals and character arrays, no char pointers.
5420 (LLENGTH): New macro, computing length the same way as LDATA.
5422 * testsuite/sexp-test.c (test_main): Test sexp_iterator_get_uint32.
5424 * testsuite/sexp-format-test.c (test_main): Check that %i and %b
5425 generate leading zeroes when needed. Check that %b handles
5428 * testsuite/rsa2sexp-test.c (test_main): Updated test, one leading
5429 zero is needed in the private key expression. In verbose mode,
5430 print the generated keys.
5432 * testsuite/sexp2rsa-test.c (test_main): Added a leading zero in
5433 the private key expression.
5435 * testsuite/bignum-test.c (test_bignum): Use
5436 nettle_mpz_init_set_str_256_s.
5437 (test_size): New function.
5438 (test_main): Test size computation and formatting of negative
5441 * sexp2bignum.c (nettle_mpz_set_sexp): Use
5442 nettle_mpz_set_str_256_s, to handle negative numbers correctly.
5444 * sexp-format.c (sexp_vformat): For %i, output a leading zero when
5445 needed to get a correct, positive, sign. For %b, use
5446 nettle_mpz_sizeinbase_256_s, to handle negative numbers properly.
5448 * bignum.c (nettle_mpz_sizeinbase_256_s): New function.
5449 (nettle_mpz_sizeinbase_256_u): New name, was
5450 nettle_mpz_sizeinbase_256. Updated all callers.
5451 (nettle_mpz_to_octets): New function.
5452 (nettle_mpz_get_str_256): Handle negative numbers.
5453 (nettle_mpz_from_octets): New function.
5454 (nettle_mpz_set_str_256_u): New name, was nettle_mpz_set_str_256.
5455 (nettle_mpz_init_set_str_256_u): New name, was
5456 nettle_mpz_init_set_str_256.
5457 (nettle_mpz_set_str_256_s): New function, handling negative two's
5459 (nettle_mpz_init_set_str_256_s): And an init variant.
5461 * sexp.c (sexp_iterator_get_uint32): New function.
5463 2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
5465 * testsuite/sexp-conv-test: Use input files without any trailing
5466 newline character, in order to stress the end of file handling.
5468 * tools/sexp-conv.c (sexp_get_token_string): Fixed end of file
5470 (sexp_get_string): Fixed end of encoding/end of file handling.
5471 (parse_options): Check for negative width and complain.
5473 * tools/sexp-conv.c: Use supplied getopt.
5474 (werror): New function.
5475 (sexp_output_hash_init): New function.
5476 (sexp_put_char): Made base64 linebreaking configurable.
5477 Implemented hashing.
5478 (sexp_put_code_start, sexp_put_code_end): Don't output any
5480 (sexp_put_string): Output base64 delimiters.
5481 (sexp_put_digest): New function.
5482 (sexp_convert_item): Output transport delimiters.
5483 (sexp_convert_file): Deleted function, folded with main.
5484 (parse_options): New function.
5485 (main): Implemented --hash and --once, needed by lsh-authorize.
5487 * sexp.h (struct sexp_iterator): New field start.
5489 * sexp.c (sexp_iterator_subexpr): New function.
5490 (sexp_iterator_parse): Initialize ITERATOR->start.
5492 * sexp-format.c (sexp_vformat): Abort if format string contains
5493 unhandled characters.
5495 2002-11-08 Niels Möller <niels@s3.kth.se>
5497 * des-compat.c (des_ecb3_encrypt): Don't use struct initialization
5498 (c89 doesn't allow non-constant initializers). Reported by James
5500 (des_ede3_cbc_encrypt): Likewise.
5502 * examples/nettle-openssl.c: Moved from the top-level directory.
5503 Should *not* be included in the nettle library.
5505 2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
5507 * testsuite/testutils.c (test_dsa_key): Bugfix for renamed DSA
5508 constant (noted by James Ralston).
5510 2002-11-07 Niels Möller <niels@s3.kth.se>
5512 * testsuite/run-tests: Copied new version rom lsh/src/testsuite.
5513 This version handles test scripts located in $srcdir.
5515 * examples/Makefile.am (AM_CFLAGS): We need -I$(top_srcdir).
5516 * tools/Makefile.am (AM_CFLAGS): Likewise.
5517 * testsuite/Makefile.am (AM_CFLAGS): Likewise.
5519 2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
5521 * Makefile.am (SUBDIRS): Added tools.
5522 (libnettle_a_SOURCES): Added sexp-transport-format.c,
5523 sexp2bignum.c, sexp2dsa.c.
5525 * sexp2dsa.c (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp):
5526 New file, new functions.
5528 * rsa2sexp.c (rsa_keypair_to_sexp): %s -> %z renaming.
5530 * sexp-transport.c (sexp_transport_iterator_first): Fixed bug,
5531 length was mishandled.
5533 * sexp-transport-format.c (sexp_transport_format,
5534 sexp_transport_vformat): New file, new functions.
5536 * sexp-format.c (sexp_format): Return length of output. Allow
5537 buffer == NULL, and only compute the needed length in this case.
5538 Renamed %s to %z. New format specifiers %s, %i, and %l.
5539 (sexp_vformat): New function.
5540 (format_prefix): Rewrote to not use snprintf.
5542 * sexp2rsa.c (rsa_keypair_from_sexp): New limit argument. Use
5543 nettle_mpz_set_sexp.
5545 * dsa-keygen.c (dsa_generate_keypair): Added some newlines to
5546 progress display. Use DSA_P_MIN_BITS.
5548 * dsa.h (DSA_MIN_P_BITS): New constant (was DSA_MINIMUM_BITS).
5549 (DSA_Q_OCTETS, DSA_Q_BITS): New constants.
5550 (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp): New
5553 * configure.ac: Output tools/Makefile.
5555 * sexp2bignum.c (nettle_mpz_set_sexp): New file, and new function.
5556 Moved from sexp2rsa.c:get_value.
5558 * examples/io.c (read_rsa_key): New limit argument in
5559 call of rsa_keypair_from_sexp_alist.
5561 * examples/Makefile.am (noinst_PROGRAMS): Removed sexp-conv.
5563 * tools/sexp-conv.c: Moved file from examples directory.
5565 * testsuite/Makefile.am (TS_SH): New variable. Added
5568 * testsuite/testutils.h (LDUP): New macro.
5570 * testsuite/sexp2rsa-test.c (test_main): New limit argument in
5571 call of rsa_keypair_from_sexp_alist.
5573 * testsuite/sexp-test.c (test_main): Added test for lengths with
5574 more than one digit. Added tests for transport mode decoding.
5576 * testsuite/sexp-format-test.c (test_main): Added tests for %i and
5579 * testsuite/sexp-conv-test: Moved test from examples directory.
5580 Updated path to sexp-conv, now in ../tools/sexp-conv.
5582 2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
5584 * sexp-format.c, sexp_format.c: Renamed sexp_format.c to
5586 * Makefile.am (libnettle_a_SOURCES): Renamed sexp_format.c to
5589 * examples/Makefile.am: Don't set CFLAGS or CPPFLAGS explicitly,
5590 let automake handle that.
5591 * testsuite/Makefile.am: Likewise.
5593 * sexp2rsa.c (rsa_keypair_from_sexp_alist): New function.
5594 (rsa_keypair_from_sexp): Use it.
5596 2002-11-01 Niels Möller <niels@s3.kth.se>
5598 * examples/Makefile.am (LDADD): Use -lnettle, instead of an
5599 explicit filename libnettle.a, so that we will use the shared
5600 library, if it exists.
5601 (AM_LDFLAGS): Added -L.., so we can find -lnettle.
5602 (run-tests): Set LD_LIBRARY_PATH to ../.lib, when running the
5604 * testsuite/Makefile.am: Similar changes.
5606 * Makefile.am (LIBOBJS): Put @LIBOBJS@ into the make variable
5608 (CLEANFILES): Delete libnettle.so.
5609 (clean-local): Delete the .lib linkfarm.
5610 ($(SHLIBFORLINK)): When building libnettle.so, create a link from
5611 .lib/$SHLIBSONAME. Needed at runtime, for the testsuite.
5613 2002-11-01 Niels Möller <nisse@lysator.liu.se>
5615 * configure.ac: Fixed definitions using SHLIBMAJOR and SHLIBMINOR.
5616 Also AC_SUBST SHLIBMAJOR and SHLIBMINOR. Reported by James
5619 2002-10-31 Niels Möller <niels@s3.kth.se>
5621 * examples/sexp-conv.c(sexp_put_list_start): Deleted function.
5622 (sexp_put_list_end): Likewise.
5623 (sexp_put_display_start): Likewise.
5624 (sexp_put_display_end): Likewise.
5625 (sexp_puts): Likewise.
5627 * examples/sexp-conv.c (sexp_get_quoted_string): Deleted function.
5628 Merged with sexp_get_String.
5629 (sexp_get_hex_string): Likewise.
5630 (sexp_get_base64_string): Likewise.
5631 (sexp_get_string): Do hex and base64 decoding.
5633 * examples/sexp-conv.c (enum sexp_char_type): New enum, for end
5634 markers in the input strem.
5635 (struct sexp_input): Deleted LEVEL attribute. Deleted all usage of
5637 (sexp_get_raw_char): Use INPUT->c and INPUT->ctype to store
5638 results. Deleted OUT argument.
5639 (sexp_get_char): Likewise. Also removed the
5640 INPUT->coding->decode_final call, for symmetry.
5641 (sexp_input_end_coding): Call INPUT->coding->decode_final.
5642 (sexp_next_char): New function.
5643 (sexp_push_char): New function.
5644 (sexp_get_token_char): Deleted function.
5645 (sexp_get_quoted_char): Simplified. Deleted output argument.
5646 (sexp_get_quoted_string): Simplified.
5647 (sexp_get_base64_string): Likewise.
5648 (sexp_get_token_string): Likewise.
5649 (sexp_get_string_length): Skip the character that terminates the
5651 (sexp_get_token): Cleared upp calling conventions. Always consume
5652 the final character of the token.
5653 (sexp_convert_list): Take responsibility for converting the start
5654 and end of the list.
5655 (sexp_convert_file): Call sexp_get_char first, to get the token
5657 (sexp_convert_item): Cleared up calling conventions. Should be
5658 called with INPUT->token being the first token of the expression,
5659 and returns with INPUT->token being the final token of the
5660 expression. Return value changed to void..
5662 * examples/sexp-conv-test: Added test for transport mode input.
5664 * examples/sexp-conv.c (sexp_get_char): Use the nettle_armor
5665 interface for decoding.
5666 (sexp_input_start_coding): New function.
5667 (sexp_input_end_coding): New function.
5668 (sexp_get_base64_string): Rewrote to use sexp_input_start_coding
5669 and sexp_input_end_coding.
5670 (sexp_get_token): Generate SEXP_TRANSPORT_START tokens.
5671 (sexp_convert_list): Lists are ended only by SEXP_LIST_END.
5672 (sexp_convert_item): Implemented transport mode, using
5673 sexp_input_start_coding and sexp_input_end_coding.
5675 2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
5677 * Makefile.am: Added base16 files.
5679 * examples/sexp-conv-test: New tests for transport output.
5681 * examples/sexp-conv.c: Deleted hex functions, moved to Nettle's
5683 (struct sexp_output): Represent the current encoding as a
5684 nettle_armor pointer and a state struct.
5685 (sexp_output_init): Deleted MODE argument. Now passed to functions
5687 (sexp_get_char): Updated to new base64 conventions.
5688 (sexp_get_base64_string): Likewise.
5689 (sexp_put_raw_char): New function.
5690 (sexp_put_newline): Use sexp_put_raw_char.
5691 (sexp_put_char): Use nettle_armor interface for encoding data.
5692 Use OUTPUT->coding_indent for line breaking, so the INDENT
5693 argument was deleted.
5694 (sexp_put_code_start): New function, replacing sexp_put_base64_start.
5695 (sexp_put_code_end): New function, replacing sexp_put_base64_end.
5696 (sexp_put_data): Deleted argument INDENT.
5697 (sexp_puts): Likewise.
5698 (sexp_put_length): Likewise.
5699 (sexp_put_list_start): Likewise.
5700 (sexp_put_list_end): Likewise.
5701 (sexp_put_display_start): Likewise.
5702 (sexp_put_display_end): Likewise.
5703 (sexp_put_string): Likewise. Also changed base64 handling.
5704 (sexp_convert_string): Deleted argument INDENT. New argument
5706 (sexp_convert_list): New argument MODE_OUT.
5707 (sexp_convert_file): Likewise.
5708 (sexp_convert_item): Likewise. Also handle output in transport
5710 (match_argument): Simple string comparison.
5711 (main): Adapted to above changes.
5713 * testsuite/testutils.c (test_armor): Allocate a larger buffer
5714 CHECK, to make decode_update happy. Updated to new base64
5717 * testsuite/base64-test.c (test_main): Fixed overlap test to not
5718 change the base64 before decoding. Updated to new base64
5721 * testsuite/Makefile.am (TS_PROGS): Added base16-test.
5723 * testsuite/base16-test.c: New test.
5725 * sexp-transport.c (sexp_transport_iterator_first): Updated to new
5726 conventions for base64_decode_update and base64_decode_final.
5728 * nettle-meta.h: Updated ascii armor declarations. New declaration
5731 * base64-decode.c (base64_decode_single): Return -1 on error.
5732 Also keep track of the number of padding characters ('=') seen.
5733 (base64_decode_update): New argument dst_length. Return -1 on error.
5734 (base64_decode_status): Renamed function...
5735 (base64_decode_final): ... to this.
5737 * base64.h (struct base64_decode_ctx): Deleted STATUS attribute.
5738 Added PADDING attribute.
5740 * base16.h, base16-encode.c, base16-decode.c, base16-meta.c: New
5743 2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
5745 * examples/sexp-conv.c (struct hex_decode_ctx): New hex decoding
5747 (sexp_get_raw_char): New function.
5748 (sexp_get_char): Use sexp_get_raw_char.
5750 2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
5752 * examples/sexp-conv.c (sexp_put_length): Bugfix, don't output any
5754 (main): Implemented -s option.
5756 * examples/sexp-conv-test: Test for echo -n vs echo '\c'. Added a
5757 few tests for canonical output.
5759 2002-10-25 Niels Möller <niels@s3.kth.se>
5761 * examples/sexp-conv.c (struct sexp_input): Deleted the mode from
5762 the state, that should be passed as argument to relevant
5763 functions. Instead, introduces enum sexp_coding, to say if base64
5764 coding is in effect.
5765 (struct sexp_output): Added coding attribute.
5766 (sexp_put_char): Use output->coding.
5767 (sexp_put_base64_start): Likewise.
5768 (sexp_put_base64_end): Likewise.
5770 * base64-decode.c (base64_decode_single): Simplified, got rid of
5773 2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
5775 * examples/sexp-conv.c (sexp_put_newline): Return void, die on
5777 (sexp_put_char, sexp_put_data, sexp_puts, sexp_put_length,
5778 sexp_put_base64_start, sexp_put_base64_end, sexp_put_string,
5779 sexp_put_list_start, sexp_put_list_end, sexp_put_display_start,
5780 sexp_put_display_end, sexp_convert_string, sexp_convert_list,
5781 sexp_skip_token): Likewise.
5782 (sexp_convert_item): Die on error.
5784 2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
5786 * examples/sexp-conv-test: Doesn't need echo -n anymore.
5788 * examples/sexp-conv.c (die): New function.
5789 (struct sexp_input): Deleted field ITEM.
5790 (sexp_get_char): Die on failure, never return -1.
5791 (sexp_get_quoted_char): Likewise.
5792 (sexp_get_quoted_string): Die on failure, no returned value.
5793 (sexp_get_base64_string): Likewise.
5794 (sexp_get_token_string): Likewise.
5795 (sexp_get_string): Likewise.
5796 (sexp_get_string_length): Likewise.
5797 (sexp_get_token): Likewise.
5798 (sexp_convert_string): Adapted to sexp_get_token.
5799 (sexp_convert_list): Likewise.
5800 (sexp_convert_file): New function.
5801 (main): Use sexp_convert_file.
5803 2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
5805 * examples/Makefile.am (TS_PROGS): Added sexp-conv-test.
5807 * examples/sexp-conv.c (sexp_input_init): Initialize input->string
5809 (sexp_get_char): Fixed non-transport case.
5810 (sexp_get_quoted_char): Fixed default case.
5811 (sexp_get_token): Loop over sexp_get_char (needed for handling of
5812 white space). Don't modify input->level. Fixed the code that skips
5814 (sexp_put_char): Fixed off-by-one bug in assertion.
5815 (sexp_put_string): Fixed escape handling for output of quoted
5817 (sexp_convert_list): Prettier output, hanging indent after the
5819 (sexp_skip_token): New function.
5820 (sexp_convert_item): Use sexp_skip_token to skip the end of a
5823 2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
5825 * examples/sexp-conv-test: New test program.
5827 * examples/Makefile.am (noinst_PROGRAMS): Added sexp-conv.
5829 * examples/sexp-conv.c (sexp_convert_list): New function.
5830 (sexp_convert_item): New function.
5831 (main): New function. Compiles and runs now, but doesn't work.
5833 * base64-decode.c (base64_decode_single): New function.
5834 (base64_decode_update): Use base64_decode_single.
5836 * examples/sexp-conv.c: Added output functions.
5838 2002-10-21 Pontus Sköld <pont@soua.net>
5840 * base64-encode.c (base64_encode_raw): Fixed null statement
5841 amongst variable declarations, broke compilation for non C99
5844 2002-10-21 Niels Möller <nisse@lysator.liu.se>
5846 * examples/sexp-conv.c: New sexp conversion program.
5848 2002-10-21 Niels Möller <niels@s3.kth.se>
5850 * Makefile.am (libnettle_a_SOURCES): Added
5851 sexp-format-transport.c.
5853 * sexp-transport.c (sexp_transport_iterator_first): New file and
5855 * sexp.h (sexp_transport_iterator_first): Added protoype.
5857 * sexp.c (sexp_iterator_next): Abort if iterator type is boogus.
5859 2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
5861 * testsuite/testutils.c (test_armor): Updated to new armor
5864 * testsuite/base64-test.c (test_main): Test BASE64_ENCODE_LENGTH
5865 and BASE64_DECODE_LENGTH. Updated test of base64_encode_raw (used
5866 to be base64_encode).
5868 * base64.h (BASE64_ENCODE_LENGTH, BASE64_DECODE_LENGTH): Fixed and
5871 * base64-meta.c (base64_encode_length, base64_decode_length): New
5872 functions, corresponding to the macros with the same name.
5874 * Makefile.am (libnettle_a_SOURCES): base64.c replaced by
5875 base64-encode.c and base64-decode.c.
5877 * pgp-encode.c (pgp_armor): Use new base64 conventions.
5879 * nettle-meta.h: Updated nettle_armor definitions.
5881 * base64.h: Major reorganization.
5883 * base64.c: Deleted file, contents moved to base64-encode.c or
5886 * base64-encode.c: New file. New supporting both encode-at-once
5887 and streamed operation.
5889 * base64-decode.c: New file.
5891 2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
5893 * testsuite/Makefile.am (TS_PROGS): Added dsa-keygen-test.
5895 * dsa-keygen.c: Call the progress callback only if it's non-NULL.
5897 * Makefile.am (libnettle_a_SOURCES): Added bignum-random.c and
5900 * testsuite/testutils.c (test_dsa_key): New function to sanity
5901 check a dsa keypair.
5903 * testsuite/dsa-test.c (test_main): Call dsa_test_key.
5905 * testsuite/dsa-keygen-test.c: New test case.
5907 * dsa.h (DSA_MINIMUM_BITS): New constant.
5909 * bignum.h (nettle_mpz_random, nettle_mpz_random_size): Added
5912 * dsa-keygen.c: New file.
5914 * bignum-random.c: New file.
5915 (nettle_mpz_random): New function, moved from...
5916 * dsa-sign.c (nettle_mpz_random): ... here. Also changed argument
5917 ordering and updated callers.
5919 * bignum-random.c: (nettle_mpz_random_size): New function, renamed
5920 and moved here from...
5921 * rsa-keygen.c (bignum_random_size): ... here. Updated all
5924 * testsuite/testutils.c (test_dsa): Needs both public and private
5927 * testsuite/dsa-test.c (test_main): Updated to changes of the
5930 * testsuite/Makefile.am (TS_PROGS): Added dsa-test.
5932 * rsa-decrypt.c (rsa_decrypt): Constification.
5933 * rsa-encrypt.c (rsa_encrypt): Likewise.
5934 * rsa.c (rsa_compute_root): Likewise.
5935 * rsa_md5.c (rsa_md5_sign): Likewise.
5936 (rsa_md5_verify): Likewise.
5937 * rsa_sha1.c (rsa_sha1_sign): Likewise.
5938 (rsa_sha1_verify): Likewise.
5940 * dsa-verify.c (dsa_verify): Use const for the public key
5943 * dsa-sign.c (dsa_sign): Needs the public key as argument, in
5944 addition to the private key. Use const.
5946 * dsa.h (struct dsa_private_key): Don't include the public
5948 * dsa.c (dsa_private_key_init, dsa_private_key_clear): Updated to
5949 new struct dsa_private_key.
5951 * dsa-sign.c (dsa_sign): Bugfix, added missing mpz_init call.
5953 * Makefile.am (libnettle_a_SOURCES): Added dsa files.
5954 (libnettleinclude_HEADERS): Added dsa.h.
5956 * testsuite/testutils.c (test_dsa): New function.
5958 * testsuite/dsa-test.c: New test.
5960 * dsa.h, dsa.c, dsa-sign.c, dsa-verify.c: New files.
5962 * nettle-meta.h: Moved the nettle_random_func and
5963 nettle_progress_func typedefs here...
5964 * rsa.h: ... from here.
5966 2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
5968 * sexp.h (enum sexp_type): Deleted SEXP_START.
5970 * sexp.c (sexp_iterator_parse): New function, similar to the old
5971 sexp_iterator_next, but independent of the previous value of the
5973 (sexp_iterator_first): Use sexp_iterator_parse.
5974 (sexp_iterator_next): Likewise.
5975 (sexp_iterator_enter_list): Use sexp_iterator_parse. SEXP_START
5977 (sexp_iterator_exit_list): Likewise.
5979 2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
5981 * sexp2rsa.c (get_value): No need to call sexp_iterator_next
5984 * sexp.c (sexp_iterator_assoc): Advance the iterator to the
5985 element after a matching tag, before recording it.
5986 * testsuite/sexp-test.c (test_main): Updated test.
5988 * testsuite/sexp-test.c (test_main): No need to call
5989 sexp_iterator_next after sexp_iterator_exit_list.
5991 * sexp2rsa.c (rsa_keypair_from_sexp): No need to call
5992 sexp_iterator_next anymore.
5994 * sexp.c (sexp_iterator_next): Updated to new sexp_iterator_exit_list.
5995 (sexp_iterator_exit_list): Return with iterator pointing to the
5996 element after the list.
5997 (sexp_iterator_check_type): Call sexp_iterator_next before
5999 (sexp_iterator_check_types): Likewise.
6000 (sexp_iterator_assoc): Rearranged calls of sexp_iterator_next.
6002 * sexp.c (sexp_iterator_enter_list): Call sexp_iterator_next to
6003 get to the first element of the list. Updated callers.
6005 * base64.c (base64_encode_group): New function, used by openpgp
6008 * Makefile.am: Added openpgp files.
6010 * sexp2rsa.c (rsa_keypair_from_sexp): Use sexp_iterator_first.
6011 * testsuite/sexp-test.c (test_main): Likewise.
6013 * sexp.c (sexp_iterator_init): Made this function static.
6014 (sexp_iterator_first): New, friendlier, initialization function.
6016 * pgp-encode.c: New file. Functions for writing openpgp data
6019 * pgp.h: New file, with pgp related declarations.
6021 * rsa2openpgp.c (rsa_keypair_to_openpgp): New file, new function.
6023 2002-10-04 Niels Möller <niels@s3.kth.se>
6025 * examples/rsa-keygen.c: Use malloc, instead of asprintf.
6027 2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
6029 * Released nettle-1.6.
6031 * NEWS: Note the aes api change.
6033 * examples/Makefile.am (EXTRA_DIST): Distribute setup-env and
6036 2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
6038 * examples/rsa-keygen.c (main): Comment on the lax security of the
6041 * index.html: Added link to mailing list.
6043 2002-10-02 Niels Möller <niels@s3.kth.se>
6045 * Makefile.am: Fixed assembler rules, and shared libraries.
6047 * configure.ac: Fixed the enable-shared option.
6049 2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
6051 * configure.ac: New option --enable-shared, and a first attempt at
6052 building a shared library (*without* using libtool).
6054 * Makefile.am: A first attempt at rules for building a shared
6057 2002-10-01 Niels Möller <niels@s3.kth.se>
6059 * examples/run-tests (test_program): Use basename.
6061 * examples/teardown-env: Delete some more files.
6063 * examples/run-tests (test_program): Strip directory part of
6066 * examples/Makefile.am (TS_PROGS): New variable. Run tests.
6068 * examples/io.c (read_file): Bug fix, used to overwrite pointer.
6070 * examples/rsa-keygen.c (main): Bug fix, private key wasn't
6073 * testsuite/Makefile.am: Some cleanup of make check.
6075 * examples/setup-env, examples/teardown-env: Test environment scripts.
6076 * examples/rsa-verify-test, examples/rsa-sign-test: New test cases.
6078 * examples/run-tests: New file (copied from lsh testsuite).
6080 * examples/Makefile.am: Use EXTRA_PROGRAMS and @RSA_EXAMPLES@.
6082 * examples/rsa-sign.c: No need to include config.h. Use werror
6084 * examples/rsa-verify.c: Likewise.
6085 * examples/rsa-keygen.c: Likewise.
6087 * examples/io.h: Forward declare struct rsa_public_key and struct
6088 rsa_private_key, to avoid dependences on config.h.
6090 * configure.ac (RSA_EXAMPLES): New substituted variable,
6091 controlling which example programs to build.
6093 * examples/rsa-verify.c: New example program.
6095 * examples/rsa-keygen.c: Use functions from io.c.
6096 * examples/rsa-sign.c: Likewise.
6098 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-verify.
6099 (LDADD): Added io.o.
6101 * configure.ac: New define WITH_PUBLIC_KEY, and new configure flag
6102 --disable-public-key. Updated rsa-files to check for that, rather
6103 than for HAVE_LIBGMP.
6105 * examples/io.c, examples/io.c: New files. Miscellaneous functions
6106 used by the example programs.
6108 * base64.h (BASE64_DECODE_LENGTH): Comment fix.
6110 2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
6112 * sexp2rsa.c (rsa_keypair_from_sexp): Bugfix: Call
6113 rsa_prepare_public_key and rsa_prepare_private_key.
6115 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-sign.
6117 * examples/rsa-sign.c: New example program.
6119 * testsuite/base64-test.c (test_main): Test encoding and decoding
6122 * base64.c (base64_encode): Encode from the end of the data
6123 towards the start, in order to support overlapping areas.
6124 (base64_encode): Broke out some common code from the switch..
6126 2002-09-30 Niels Möller <niels@s3.kth.se>
6128 * sexp_format.c (sexp_format): Don't mix code and declarations.
6130 2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
6132 * testsuite/Makefile.am (TS_PROGS): Added buffer-test
6133 sexp-format-test rsa2sexp-test sexp2rsa-test.
6136 * testsuite/sexp-test.c (test_main): Updated calls to
6137 sexp_iterator_assoc.
6139 * testsuite/testutils.h (MEMEQH): New macro.
6141 * testsuite/sexp2rsa-test.c: New test.
6142 * testsuite/sexp-format-test.c: New test.
6143 * testsuite/rsa2sexp-test.c: New test.
6144 * testsuite/buffer-test.c: New test.
6146 * testsuite/testutils.c (test_rsa_key): Copied this function
6148 testsuite/rsa-keygen-test.c: ... here.
6150 * examples/rsa-keygen.c: New file.
6152 * Makefile.am: Added new source files and headers buffer.h,
6153 buffer.c, sexp_format.c, sexp2rsa.c, rsa2sexp.c.
6155 * rsa.h (rsa_keypair_to_sexp, rsa_keypair_from_sexp): New
6158 * rsa2sexp.c, sexp2rsa.c: New files.
6160 * sexp.c (sexp_iterator_assoc): Don't enter the list, associate
6161 keys within the current list. Still exit the list when done.
6162 (sexp_iterator_assoc): Represent keys as plain NUL-terminated
6164 (sexp_iterator_check_type, sexp_iterator_check_types): New
6167 * sexp_format.c: New file, implementing an sexp canonical syntax
6170 * buffer.c, buffer.h: New files, implementing a bare-bones string
6173 * bignum.c (nettle_mpz_sizeinbase_256): New function.
6175 2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
6177 * sexp.c (sexp_iterator_assoc): Return 0 for missing or duplicate
6178 keys. Now passes all the tests.
6180 * sexp.c (sexp_iterator_simple): Bugfixes. Check earlier that
6181 length doesn't grow too large.
6182 (sexp_iterator_next): Skip the current list only if type is
6183 SEXP_LIST. Handle ')'.
6184 (sexp_iterator_enter_list): Set type to SEXP_START.
6185 (sexp_iterator_exit_list): Likewise. Don't skip the ')' here.
6186 (sexp_iterator_assoc): Bug fix.
6188 * testsuite/sexp-test.c (test_main): Reordered sexp_iterator_assoc
6191 * nettle.texinfo (Randomness): Documented that yarrow256_init can
6192 be called with a zero number of sources.
6194 * testsuite/testutils.h (ASSERT): New macro.
6196 * testsuite/sexp-test.c: Test sexp parser.
6198 * Makefile.am (SUBDIRS): Added sexp files.
6200 * sexp.c, sexp.h: New files, implementing an sexp-parser.
6202 2002-08-27 Niels Möller <niels@s3.kth.se>
6204 * Makefile.am (DISTCLEANFILES): make distclean should delete the
6205 assembler-related symlinks.
6207 2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
6209 * Makefile.am (%.o: %.asm): Create an empty (and unused)
6210 dependency file, to make the make/automake dependency tracking
6213 2002-07-18 Niels Möller <niels@s3.kth.se>
6215 * examples/nettle-benchmark.c (main): Try openssl's ciphers as
6218 * Makefile.am (libnettle_a_SOURCES): Added nettle-openssl.c.
6220 * nettle-openssl.c: New file.
6222 * nettle-internal.h: Declare openssl glue ciphers.
6224 * des-compat.h: Extra name-mangling, to avoid collisions in case a
6225 program links with both nettle and libcrypto (the nettle-benchmark
6228 * configure.ac: Don't use -ggdb3 with gcc-2.96.
6229 Check for openssl's libcrypto (for benchmarking).
6231 2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
6233 * sparc/aes.asm: Deleted registers i and t3.
6234 (_aes_crypt): Moved some registers around. We now use input
6235 registers only for arguments, local registers for loop invariants,
6236 output registers for temporaries and loop variables, and no global
6239 * sparc/aes.asm (AES_FINAL_ROUND): New macro.
6240 (_aes_crypt): Use AES_FINAL_ROUND for the first word of the final
6242 (_aes_crypt): And for the rest of the final round.
6243 (AES_FINAL_ROUND): Don't update dst, just access it offseted by i.
6244 (_aes_crypt): Add 16 to dst at the end of the final round.
6245 (AES_ROUND): Use ldub, not ld + and, to get the third byte
6247 (AES_ROUND): Use ldub, not lduh + and, to get the second
6249 (AES_ROUND): Reordered instructions, so that we can save one
6251 (AES_ROUND): Eliminated use of t3.
6252 (AES_FINAL_ROUND): Eliminated ands.
6253 (AES_FINAL_ROUND): Reordered, so that we can save one register.
6254 (AES_FINAL_ROUND): Eliminated t3.
6255 (AES_LOAD): New macro.
6256 (_aes_crypt): Unrolled source loop.
6257 (_aes_crypt): Use AES_LOAD macro.
6258 (_aes_crypt): Deleted cruft from the old source loop.
6259 (AES_LOAD): Eliminated t3.
6261 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
6263 * sparc/aes.asm (AES_ROUND): New macro.
6264 (_aes_crypt): Use AES_ROUND for first word of the
6266 (_aes_crypt): And for the rest of the round function.
6268 * sparc/aes.asm (_aes_crypt): Deleted a bunch of additions,
6269 after accessing IDX1.
6271 * aes-internal.h (struct aes_table): sparc_idx[0] should now
6272 contain index values shifted by the size of a word, and with 2
6273 added. This saves some additions in the sparc assembler code.
6274 Updates aes-encrypt-table.c and aes-decrypt-table.c.
6276 * sparc/aes.asm (_aes_crypt): Unrolled final loop, preparing for
6278 (_aes_crypt): Eliminated i from forst copy of the loop. Some
6280 (_aes_crypt): And from second copy.
6281 (_aes_crypt): And from third.
6282 (_aes_crypt): And fourth.
6283 (_aes_crypt): Eliminated updates of i from the loop.
6284 (_aes_crypt): Access IDX1 and IDX3 through the T pointer, saving
6287 * aes-internal.h (struct aes_table): Renamed the shift_idx field
6288 to sparc_idx, as it will be tweaked to improve the sparc code.
6289 Also reduced its size to [2][4].
6290 (IDX_FACTOR): Deleted constant.
6291 * aes-encrypt-table.c (_aes_encrypt_table): Adapted initializer of
6293 * aes-decrypt-table.c (_aes_decrypt_table): Likewise.
6294 * asm.m4: Deleted AES_SIDX2, to match struct aes_table.
6296 * sparc/aes.asm (_aes_crypt): Unrolled the inner loop, preparing
6297 for optimizations suggested by Marcus Comstedt.
6298 (_aes_crypt): Eliminated i from the first copy of the inner loop.
6299 (_aes_crypt): And from the second copy.
6300 (_aes_crypt): And from the third copy.
6301 (_aes_crypt): And from the fourth copy.
6302 (_aes_crypt): Renamed .Linner_loop to .Lround_loop.
6303 (_aes_crypt): Eliminated the loop variable i from the unrolled
6305 (_aes_crypt): Deleted moves of constants into t2.
6307 2002-05-15 Niels Möller <niels@s3.kth.se>
6309 * x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
6310 * x86/aes-decrypt.asm (aes_decrypt): Likewise.
6311 (aes_decrypt): Use AES_STORE.
6312 (aes_decrypt): Deleted first xchgl instruction into, permuting the
6313 AES_ROUND calls instead.
6314 (aes_decrypt): Likewise for the final round.
6315 (aes_decrypt): Got rid if the xchgl instruction after the final
6316 round, folding it into the final round.
6318 * x86/machine.m4: Renamed AES_LAST_ROUND to AES_FINAL_ROUND.
6321 * x86/aes-decrypt.asm (aes_decrypt): Use the AES_LOAD macro.
6322 (aes_decrypt): Start using AES_ROUND.
6323 (aes_decrypt): Use AES_LAST_ROUND.
6325 * x86/aes-decrypt.asm (aes_decrypt): Moved function to a separate
6327 * x86/aes.asm: ... from here.
6329 * x86/aes.asm (aes_decrypt): Use _aes_decrypt_table instead of
6330 itbl1-4. Commented out the inclusion of aes_tables.asm.
6331 (aes_decrypt): Use _aes_decrypt_table instead of isbox.
6334 * x86/aes-decrypt.asm: New file, empty at the start.
6336 * Makefile.am (libnettle_a_SOURCES): Added aes-decrypt-table.c.
6338 * aes-decrypt.c (_aes_decrypt_table): Moved from this file...
6339 * aes-decrypt-table.c (_aes_decrypt_table): ... to a new file.
6341 * testsuite/aes-test.out: New file, with the output of
6342 testsuite/aes-test, when aes.c has been compiled with debugging
6343 printouts of intermediate state.
6345 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
6347 * sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
6348 make %fp available for other uses.
6350 * sparc/aes.asm: The frame setup was broken. Tried to fix it.
6351 Reverted to revision 1.70 + minor changes from the head revision.
6353 * x86/aes-encrypt.asm (aes_encrypt): Use test instead of cmpl $0,.
6355 * x86/machine.m4 (AES_SUBST_BYTE): New macro.
6357 * sparc/aes.asm: wtxt needs no register of it's own, as its
6358 pointed to by %sp. %g5 moved to %l0, the register previously
6359 allocated for wtxt, so that we stay clean of the reserved %g
6362 2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
6364 * sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
6365 operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
6366 (_aes_crypt): Allocate only 32 bytes local storage on the stack.
6367 Calculate wtxt and tmp using offsets from %sp, not %fp.
6369 2002-05-14 Niels Möller <niels@s3.kth.se>
6371 * x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
6372 round function with an invocation of AES_ROUND.
6373 (aes_encrypt): Similarly for the second column.
6374 (aes_encrypt): Similarly for the rest of the round function.
6376 * x86/machine.m4 (AES_ROUND): New macro.
6378 * x86/aes-encrypt.asm (aes_encrypt): Use AES_LOAD macro.
6380 * x86/machine.m4 (AES_LOAD): New macro.
6382 * x86/aes-encrypt.asm (aes_encrypt): Use AES_STORE.
6384 * x86/machine.m4 (AES_STORE): New macro.
6386 * x86/aes-encrypt.asm (aes_encrypt): Use the AES_LAST_ROUND macro
6387 for the first column of the final round.
6388 (aes_encrypt): Similarly for the second column.
6389 (aes_encrypt): Similarly for the third and fourth column.
6391 (aes_encrypt): Deleted xchgl instruction in final round, by
6392 reordering the second and fourth round.
6394 * x86/machine.m4 (AES_LAST_ROUND): New macro.
6396 * x86/aes-encrypt.asm (aes_encrypt): Move code here...
6397 * x86/aes.asm: ...from here.
6399 * x86/aes.asm: Use addl and subl, not add and sub. Replaced
6400 references to dtbl1-4 with references to _aes_encrypt_table.
6402 * configure.ac (asm_path): Enable x86 assembler.
6404 * x86/aes.asm (aes_decrypt): Adapted to the current interface.
6405 Notably, the order of the subkeys was reversed. Single block
6406 encrypt/decrypt works now.
6407 (aes_encrypt, aes_decrypt): Added an outer loop, so that we can
6408 encrypt more than one block at a time.
6410 2002-05-07 Niels Möller <niels@s3.kth.se>
6412 * configure.ac: Generate config.m4.
6414 * x86/aes.asm: Use C for comments, include the tables using
6415 include_src, and commented out the key setup functions.
6416 Fixed the processing of the first handling of the round function.
6417 Now, encryption of a single block works! Multiple blocks, and
6418 decryption, is still broken.
6420 * x86/machine.m4: New file (empty).
6422 * x86/aes-encrypt.asm: New file, empty for now.
6424 * Makefile.am (%.asm): Added asm.m4, machine.m4 and config.m4 to
6425 the m4 command line.
6426 (libnettle_a_SOURCES): Added aes-encrypt-table.c.
6428 * sparc/aes.asm: No need to include asm.m4, that is taken care of
6431 * config.m4.in: New file, configuration for asm.m4.
6433 * asm.m4 (C, include_src): New macros.
6435 * aes-encrypt-table.c: New file, table moved out from
6438 2002-05-06 Niels Möller <niels@s3.kth.se>
6440 * configure.ac (CFLAGS): Don't enable -Waggregate-return.
6442 2002-05-05 Niels Möller <nisse@lysator.liu.se>
6444 * configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
6446 2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
6448 * configure.ac: Update for automake-1.6.
6450 * configure.ac: Renamed file, used to be configure.in.
6452 2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
6454 * testsuite/run-tests (test_program): Added missing single quote.
6456 2002-03-20 Niels Möller <nisse@lysator.liu.se>
6458 * testsuite/run-tests (test_program): Test the exit status of the
6461 2002-03-19 Pontus Sköld <pont@it.uu.se>
6463 * testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
6465 2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
6467 * rsa-keygen.c (rsa_generate_keypair): Output a newline after a
6468 non-empty line of 'e':s (bad e was chosen, try again).
6470 2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
6472 * configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
6475 2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
6477 * sparc/aes.asm, x86/aes.asm: Added copyright notice.
6479 * Makefile.am (libnettle_a_SOURCES): Added aes-internal.h.
6480 (EXTRA_DIST): Added assembler files.
6482 * configure.in (asm_path): Use $srcdir when looking for the files.
6483 * configure.in (asm_path): For now, disable x86 assembler code.
6484 Bumped version to 1.6.
6486 2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
6488 * sparc/aes.asm (_aes_crypt): Moved increment of src into the
6489 source_loop. Also fixed stop condition, the loop was run 5 times,
6490 not 4, as it should.
6491 (_aes_crypt): Use src directly when accessing the source data,
6493 (_aes_crypt): Renamed variables in source_loop.
6494 (_aes_crypt): Changed stop condition in source_loop to not depend
6495 on i. Finally reduced the source_loop to 16 instructions. Also
6496 increased the alignment of the code to 16.
6497 (_aes_crypt): In final_loop, use preshifted indices.
6498 (_aes_crypt): In final_loop, construct the result in t0. Use t0-t3
6499 for intermediate values.
6500 (_aes_crypt): In final_loop, use the register idx.
6501 (_aes_crypt): In final_loop, keep i multiplied by 4. Use key to
6502 get to the current roundkey.
6503 (_aes_crypt): In final_loop, use i for indexing.
6504 (_aes_crypt): Update dst in the output loop. This yields a delay
6505 slot that isn't filled yet.
6506 (_aes_crypt): Decrement round when looping, saving yet some
6508 (_aes_crypt): Reformatted code as blocks of four instructions
6510 (_aes_crypt): Copy the addresses of the indexing tables into
6511 registers at the start. No more need for the idx register.
6512 (_aes_crypt): Deleted idx register.
6513 (_aes_crypt): Some peep hole optimizations, duplicating some
6514 instructions to fill nop:s, and put branch instructions on even
6517 2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
6519 * sparc/aes.asm (_aes_crypt): Moved some more additions out of the
6520 inner loop, using additional registers.
6521 (_aes_crypt): Deleted one more addition from the inner loop, by
6522 using the subkey pointer.
6524 2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
6526 * configure.in (asm_path): Renamed "path" to "asm_path". Also look
6529 2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
6531 * sparc/aes.asm: Use that IDX2(j) == j ^ 2
6533 * Makefile.am (libnettle_a_SOURCES): Reordered aes-decrypt.c and
6534 aes-encrypt.c. For some strange reason it makes the benchmark go
6537 * sparc/aes.asm (_aes_crypt): Use double-buffering, and no
6538 separate loop for adding the round key.
6539 (round): Keep round index muliplied by 16, so it can be used
6540 directly for indexing the subkeys.
6541 (_aes_crypt): In the final loop, use ctx+round to access the
6542 subkeys, no need for an extra register.
6544 2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
6546 * sparc/aes.asm (_aes_crypt): Renaming variables, allocating
6547 locals starting from %l0.
6548 (_aes_crypt): Consistently use %l4, aka i, as the variable for the
6550 (_aes_crypt): Moved reading of ctx->nrounds out of the loop.
6551 (_aes_crypt): In final_loop, deleted a redundant mov, and use i as
6553 (_aes_crypt): Started renumbering registers in the inner loop. The
6554 computation for the table[j] sub-expression should be kept in
6556 (_aes_crypt): Renamed more variables in the inner loop. Now the
6557 primary variables are t0, t1, t2, t3.
6559 * sparc/aes.asm (_aes_crypt): Swapped register %i0 and %o5, %i1
6560 and %o0, %i2 and %o4, %i3 and %o3, %i4 and %o2.
6561 (_aes_crypt): wtxt was stored in both %l1 and %l2 for the entire
6562 function. Freed %l2 for other uses.
6563 (_aes_crypt): Likewise for tmp, freeing register %o1.
6565 * sparc/machine.m4: New file, for sparc-specific macros.
6567 * sparc/aes.asm (_aes_crypt): Hacked the source_loop, to get rid
6568 of yet another redundant loop variable, and one instruction.
6569 (_aes_crypt): Strength reduce loop variable in the
6570 inner loop, getting rid of one register.
6571 (_aes_crypt): Use pre-shifted indices (aes_table.idx_shift), to
6572 avoid some shifts in the inner loop.
6573 (_aes_crypt): Don't check for nrounds==0 at the start of the loop.
6575 * asm.m4: Define and use structure-defining macros.
6577 * Makefile.am (%.asm): Use a GNU pattern rule, to make %.o depend
6578 on both %.asm and asm.m4.
6580 * aes-internal.h (struct aes_table): New subtable idx_shift.
6581 Updated tables in aes_encrypt.c and aes_decrypt.c.
6583 * asm.m4: Use eval to compute values.
6585 * sparc/aes.asm (_aes_crypt): Deleted commented out old version of
6588 * asm.m4: Added constants for individual rows of the aes table.
6590 * aes.c (IDX0, IDX1, IDX2, IDX3): New macros, encapsualting the
6591 structure of the idx table.
6593 * asm.m4: Define various aes struct offsets.
6595 * testsuite/cbc-test.c (test_cbc_bulk): Use aes_set_encrypt_key
6596 and aes_set_decrypt_key.
6598 * sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
6601 2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
6603 * sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
6605 * aesdata.c: New program for generating AES-related tables.
6607 * testsuite/testutils.c (print_hex): New function (moved from
6610 * testsuite/rsa-keygen-test.c (progress): Declare the ctx argument
6613 * testsuite/cbc-test.c (test_cbc_bulk): New function, testing CBC
6616 * yarrow256.c: Replaced uses of aes_set_key with
6617 aes_set_encrypt_key.
6619 * nettle-meta.h (_NETTLE_CIPHER_SEP): New macro, useful for
6620 algorithms with separate encyption and decryption key setup.
6622 * aes-internal.h (struct aes_table): New structure, including all
6623 constant tables needed by the unified encryption or decryption
6624 function _aes_crypt.
6626 * aes.c (_aes_crypt): New function, which unifies encryption and
6629 AES key setup now uses two separate functions for setting
6630 encryption and decryption keys. Applications that don't do
6631 decryption need no inverted subkeys and no code to generate them.
6632 Similarly, the tables (about 4K each for encryption and
6633 decryption), are put into separate files.
6635 * aes.h (struct aes_ctx): Deleted space for inverse subkeys. For
6636 decryption, the inverse subkeys replace the normal subkeys, and
6637 they are stored _in the order they are used_.
6639 * aes-set-key.c (aes_set_key): Deleted file, code moved...
6640 * aes-set-decrypt-key.c, aes-set-encrypt-key.c: New files,
6641 separated normal and inverse key setup.
6643 * aes-tables.c: Deleted, tables moved elsewhere...
6644 * aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
6645 decryption funktions, and needed tables, into separate files.
6647 2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
6649 * aes.c (aes_encrypt): Don't unroll the innerloop.
6650 (aes_encrypt): Don't unroll the loop for the final round.
6651 (aes_decrypt): Likewise, no loop unrolling.
6653 * aes-set-key.c (aes_set_key): Reversed the order of the inverted
6654 subkeys. They are now stored in the same order as they are used.
6656 * aes-tables.c (itable): New bigger table, generated by aesdata.c.
6658 * aes.c (aes_decrypt): Rewrote to use the bigger tables.
6660 2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
6662 * aes.c (aes_encrypt): Interleave computation and output in the
6665 * aes-internal.h (AES_SMALL): New macro.
6667 * aes.c (aes_encrypt): Optionally use smaller rotating inner loop.
6669 * aes-tables.c (dtbl): Replaced with table generated by aesdata.
6671 * aes.c (aes_encrypt): Rewrite, now uses larger tables in order to
6674 * sparc/aes.asm (aes_encrypt): Strength reduced on j, getting rid
6675 of one register and one instruction in the inner loop.
6677 * sparc/aes.asm (idx, aes_encrypt): Multiplied tabled values by 4,
6678 making it possible to get rid of some shifts in the inner loop.
6680 * configure.in: Fixed spelling of --enable-assembler. Commented
6683 * asm.m4: New file. For now, only doing changequote and changecom.
6685 * sparc/aes.asm (aes_encrypt): Added comments.
6686 (aes_encrypt): Cut off redundant instruction per block, also
6687 saving one redundant register pointing to idx.
6688 (idx_row): New macro. Include asm.m4.
6690 2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
6692 * sparc/aes.asm (key_addition_8to32): Cleaned up.
6693 Deleted gcc-generated debugging information.
6695 * sparc/aes.asm (key_addition32): First attempt at optimization.
6698 * sparc/aes.asm (key_addition32): Unrolled loop, gained 4%
6699 speed, payed four instructions compared to gcc
6702 * Makefile.am (.asm.o): New rule for assembling via m4.
6703 (libnettle_a_SOURCES): Added new rsa and aes files.
6705 * configure.in: New command line option --enable-assembler.
6706 Selects assembler code depending on the host system.
6708 * rsa-decrypt.c, rsa-encrypt.c: New files for rsa pkcs#1
6711 * aes-set-key.c, aes-tables.c: New files, split off from aes.c.
6712 Tables are now not static, but use a _aes_ prefix on their names.
6714 * aes-internal.h: New file.
6716 * cast128-meta.c (_NETTLE_CIPHER_FIX): Use _NETTLE_CIPHER_FIX.
6718 * cbc.c (cbc_decrypt_internal): New function, doing the real CBC
6719 procesing and requiring that src != dst.
6720 (cbc_decrypt): Use cbc_decrypt_internal. If src == dst, use a
6721 buffer of limited size to copy the ciphertext.
6723 * nettle-internal.c (nettle_blowfish128): Fixed definition, with
6726 * nettle-meta.h (_NETTLE_CIPHER_FIX): New macro, suitable for
6727 ciphers with a fixed key size.
6729 * examples/nettle-benchmark.c (display): New function for
6730 displaying the results, including MB/s figures.
6732 * sparc/aes.asm: New file. Not yet tuned in any way (it's just the
6733 code generated by gcc).
6735 2002-02-11 Niels Möller <nisse@lysator.liu.se>
6737 * x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
6740 2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
6742 Applied patch from Dan Egnor improving the base64 code.
6743 * base64.h (BASE64_ENCODE_LENGTH): New macro.
6744 (struct base64_ctx): New context struct, for decoding.
6745 (BASE64_DECODE_LENGTH): New macro.
6746 * base64.c (base64_decode_init): New function.
6747 (base64_decode_update): New function, replacing base64_decode.
6748 Takes a struct base64_ctx argument.
6749 * nettle-meta.h: Updated nettle_armor, and related typedefs and
6751 * testsuite/testutils.c (test_armor): Updated.
6752 * configure.in: Use AC_PREREQ(2.50).
6754 2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
6756 * Released nettle-1.5.
6758 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
6760 * acinclude.m4: Commented out gmp-related macros, they're probably
6763 2002-01-31 Niels Möller <nisse@lysator.liu.se>
6765 * configure.in: Added command line options --with-lib-path and
6766 --with-include-path. Use the RPATH-macros to get correct flags for
6767 linking the test programs with gmp.
6769 * acinclude.m4: New file.
6771 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
6773 * nettle.texinfo (Randomness): New subsection on Yarrow.
6775 2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
6777 * nettle.texinfo (Randomness): New chapter.
6778 Spell checking and ispell configuration.
6780 * md5.c: Added reference to RFC 1321.
6782 2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
6784 * nettle.texinfo (Public-key algorithms): Minor fixes.
6786 2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
6788 * nettle.texinfo (Nettle soup): New chapter.
6789 (Hash functions): New subsection on struct nettle_hash.
6790 (Hash functions): New subsection on struct nettle_cipher.
6791 (Keyed hash functions): New section, describing MAC:s and HMAC.
6792 (Public-key algorithms): New chapter.
6794 * testsuite/testutils.c (test_armor): New function.
6796 * testsuite/base64-test.c: New testcase.
6798 * testsuite/Makefile.am (TS_PROGS): Added base64-test.
6800 * nettle-meta.h (struct nettle_armor): New struct.
6802 * configure.in: Bumped version to 1.5.
6804 * Makefile.am (libnettle_a_SOURCES): Added base64 files, and some
6805 missing header files.
6807 * base64.c, base64.h, base64-meta.c: New files, hacked by Dan
6810 2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
6812 * testsuite/yarrow-test.c: Deleted ran_array code, use
6813 knuth-lfib.h instead.
6815 * testsuite/testutils.c (test_rsa_md5, test_rsa_sha1): Moved
6817 * testsuite/rsa-test.c: ...from here.
6819 * testsuite/rsa-keygen-test.c: New file.
6821 * testsuite/knuth-lfib-test.c: New file.
6823 * Makefile.am (libnettle_a_SOURCES): Added knuth-lfib.c and
6826 * rsa-keygen.c: New file.
6828 * rsa.h (RSA_MINIMUM_N_OCTETS): New constant.
6829 (RSA_MINIMUM_N_BITS): New constant.
6830 (nettle_random_func, nettle_progress_func): New typedefs. Perhaps
6831 they don't really belong in this file.
6832 (rsa_generate_keypair): Added progress-callback argument.
6834 * macros.h (READ_UINT24, WRITE_UINT24, READ_UINT16, WRITE_UINT16):
6837 * knuth-lfib.c, knuth-lfib.h: New files, implementing a
6838 non-cryptographic prng.
6840 2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
6842 * hmac-sha1.c: New file.
6844 2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
6846 * configure.in: Bumped version to 1.1.
6848 * testsuite/hmac-test.c (test_main): Added hmac-sha1 test cases.
6850 * rsa.c (rsa_init_private_key, rsa_clear_private_key): Handle d.
6852 * rsa.h (struct rsa_private_key): Reintroduced d attribute, to be
6853 used only for key generation output.
6854 (rsa_generate_keypair): Wrote a prototype.
6856 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha1.c and
6859 * des.c: Use static const for all tables.
6860 (des_set_key): Use a new const * variable for the parity
6861 procesing, for constness reasons.
6863 * list-obj-sizes.awk: New file.
6865 * nettle-internal.c, nettle-internal.h: New files.
6867 * testsuite/Makefile.am (TS_PROGS): Added hmac-test. Deleted old
6870 * testsuite/testutils.h (LDATA): Moved this macro here,...
6871 * testsuite/rsa-test.c: ... from here.
6873 * testsuite/hmac-test.c: New file.
6875 * hmac.h: General cleanup. Added declarations of hmac-md5,
6876 hmac-sha1 and hmac-sha256.
6878 * hmac.c: Bug fixes.
6880 * hmac-md5.c: First working version.
6882 * Makefile.am (libnettle_a_SOURCES): Added hmac.c and hmac-md5.c.
6883 (libnettleinclude_HEADERS): Added hmac.h.
6885 * testsuite/rsa-test.c: Also test a 777-bit key.
6887 * rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated
6889 (rsa_prepare_private_key): Compute the size of the key by
6890 computing n = p * q.
6892 * rsa-compat.c: Adapted to new private key struct.
6893 * rsa_md5.c: Likesize.
6894 * rsa_sha1.c: Likesize.
6896 * rsa.c (rsa_check_size): New function, for computing and checking
6897 the size of the modulo in octets.
6898 (rsa_prepare_public_key): Usa rsa_check_size.
6899 (rsa_init_private_key): Removed code handling n, e and d.
6900 (rsa_clear_private_key): Likewise.
6901 (rsa_compute_root): Always use CRT.
6903 * rsa.h (struct rsa_private_key): Deleted public key and d from
6904 the struct, as they are not needed. Added size attribute.
6906 2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
6908 * Makefile.am: Added *-meta files.
6910 * rsa.c (rsa_init_public_key): New function.
6911 (rsa_clear_public_key): Likewise.
6912 (rsa_init_private_key): Likewise.
6913 (rsa_clear_private_key): Likewise.
6915 * aes-meta.c: New file.
6916 * arcfour-meta.c: New file.
6917 * cast128-meta.c: New file.
6918 * serpent-meta.c: New file.
6919 * twofish-meta.c: New file.
6921 * examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
6923 2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
6925 Don't use m4 for generating test programs, it's way overkill. Use
6926 the C preprocessor instead.
6927 * testsuite/*-test.c: New file.
6929 * hmac.c, hmac.h, hmac-md5.c: New files.
6931 Defined structures describing the algoriths. Useful for code that
6932 wants to treat an algorithm as a black box.
6933 * nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
6936 2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
6938 * rsa-compat.c: Updated for new md5 and rsa conventions.
6940 * rsa_md5.c: Represent a signature as an mpz_t, not a string.
6941 Updated calls of md5 functions.
6942 * rsa_sha1.c: Likewise.
6944 * rsa.c (rsa_prepare_public_key): Renamed function, was
6945 rsa_init_public_key.
6946 (rsa_prepare_private_key): Renamed function, was
6947 rsa_init_private_key.
6949 * nettle.texinfo (Hash functions): Update for the changed
6950 interface without *_final. Document sha256.
6952 * testsuite/md5-test.m4, testsuite/sha1-test.m4,
6953 testsuite/sha256-test.m4, testsuite/yarrow-test.c: Updated for new
6954 hash function interface.
6956 * yarrow256.c: Removed calls of sha256_final and and some calls of
6959 * md5-compat.c (MD5Final): Call only md5_digest.
6961 * md5.c (md5_digest): Call md5_final and md5_init.
6962 (md5_final): Declared static.
6963 sha1.c, sha256.c: Analogous changes.
6965 * bignum.c (nettle_mpz_get_str_256): Declare the input argument
6968 2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
6970 * Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
6971 dependencies for $(des_headers) to depend only on the source file
6972 desdata.c, not on the executable.
6974 2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
6976 * testsuite/yarrow-test.c (main): Updated testcase to match fixed
6977 generator. Send verbose output to stdout, not stderr.
6979 * yarrow256.c (yarrow_slow_reseed): Bug fix, update the fast pool
6980 with the digest of the slow pool.
6981 (yarrow256_init): Initialize seed_file and counter to zero, to
6984 2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
6986 * bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
6989 2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
6991 * testsuite/yarrow-test.c (main): Updated test to match the fixed
6992 key event estimator.
6994 * yarrow_key_event.c (yarrow_key_event_estimate): Fixed handling
6997 * nettle.texinfo (Copyright): Say that under certain
6998 circumstances, Nettle can be used as if under the LGPL.
7000 * README: Added a paragraph on copyright.
7002 2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
7004 * yarrow256.c (yarrow256_force_reseed): New function.
7006 2001-11-14 Niels Möller <nisse@ehand.com>
7008 * testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
7010 * yarrow256.c (yarrow256_needed_sources): New function.
7011 (yarrow256_is_seeded): New function.
7012 (yarrow256_update): Use yarrow256_needed_sources.
7014 2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
7016 * testsuite/yarrow-test.out: Updated, to match the seed-file aware
7019 * testsuite/yarrow-test.c: Updated expected_output. Check the seed
7020 file contents at the end.
7022 * yarrow256.c (yarrow256_seed): New function.
7023 (yarrow_fast_reseed): Create new seed file contents.
7025 2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
7027 * yarrow.h: Deleted yarrow160 declarations.
7029 2001-11-02 Niels Möller <nisse@ehand.com>
7031 * yarrow256.c (yarrow256_init): Fixed order of code and
7034 2001-10-30 Niels Möller <nisse@ehand.com>
7036 * rsa-compat.h: Added real prototypes and declarations.
7038 * Makefile.am (libnettle_a_SOURCES): Added rsa-compat.h and
7041 * rsa-compat.c: New file, implementing RSA ref signature and
7042 verification functions.
7044 * configure.in: Check for libgmp. Deleted tests for SIZEOF_INT and
7047 * rsa_sha1.c: New file, PKCS#1 rsa-sha1 signatures.
7048 * rsa_md5.c: New file, PKCS#1 rsa-md5 signatures.
7050 * rsa.c: New file with general rsa functions.
7052 * Makefile.am (libnettle_a_SOURCES): Added rsa and bignum files.
7054 * bignum.c, bignum.h: New file, with base256 functions missing in
7057 * testsuite/Makefile.am: Added bignum-test.
7059 * testsuite/run-tests (test_program): Check the exit code more
7060 carefully, and treat 77 as skip. This convention was borrowed from
7063 * testsuite/macros.m4: New macro SKIP which exits with code 77.
7065 * testsuite/bignum-test.m4: New file.
7067 2001-10-15 Niels Möller <nisse@ehand.com>
7069 * testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
7072 2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
7074 * testsuite/des-test.m4: Added testcase taken from applied
7077 * testsuite/yarrow-test.c: Use sha256 instead of sha1 for checking
7078 input and output. Updated the expected values.
7080 * yarrow256.c (YARROW_RESEED_ITERATIONS): New constant.
7081 (yarrow_iterate): New function.
7082 (yarrow_fast_reseed): Call yarrow_iterate.
7084 * testsuite/yarrow-test.c: Added verbose flag, disabled by
7087 2001-10-12 Niels Möller <nisse@ehand.com>
7089 * examples/nettle-benchmark.c: Added more ciphers.
7091 * Makefile.am (SUBDIRS): Added the examples subdir.
7093 * configure.in: Output examples/Makefile.
7095 2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
7097 * examples/nettle-benchmark.c: New benchmarking program.
7099 2001-10-10 Niels Möller <nisse@ehand.com>
7101 * testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
7102 output, and compare to expected values.
7104 * testsuite/Makefile.am (CFLAGS): Don't disable optimization.
7105 (run-tests): Set srcdir in the environment when running run-tests.
7107 * testsuite/rfc1750.txt: Added this rfc as test input for yarrow.
7109 * yarrow_key_event.c (yarrow_key_event_estimate): Check if
7111 (yarrow_key_event_init): Initialize previous to zero.
7113 * yarrow256.c: Added debug some output.
7115 * testsuite/yarrow-test.c (main): Better output of entropy
7116 estimates at the end.
7118 2001-10-09 Niels Möller <nisse@ehand.com>
7120 * testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
7122 * testsuite/yarrow-test.c: New file.
7124 * yarrow256.c (yarrow256_init): Initialize the sources.
7125 (yarrow256_random): Fixed loop condition.
7127 * yarrow.h (YARROW_KEY_EVENT_BUFFER): New constant.
7129 * yarrow_key_event.c: New file.
7131 * Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
7133 2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
7135 * yarrow.h (struct yarrow_key_event_ctx): New struct.
7137 * yarrow256.c (yarrow_fast_reseed): Generate two block of output
7138 using the old key and feed into the pool.
7140 * yarrow.h (struct yarrow256_ctx): Deleted buffer, index and
7143 * yarrow256.c (yarrow_fast_reseed): New function.
7144 (yarrow_slow_reseed): New function.
7145 (yarrow256_update): Check seed/reseed thresholds.
7146 (yarrow_gate): New function, extracted from
7147 yarrow_generate_block_with_gate which was deleted.
7148 (yarrow_generate_block_with_gate): Deleted function.
7149 (yarrow256_random): Don't buffer any output, instead gate after
7151 (YARROW_GATE_THRESHOLD): Deleted constant.
7153 2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
7155 * Makefile.am: Added yarrow files.
7157 * yarrow256.c: New file, implementing Yarrow. Work in progress.
7159 * sha256.c: New file, implementing sha256.
7161 * testsuite/Makefile.am (CFLAGS): Added sha256-test.
7163 * testsuite/sha256-test.m4: New testcases for sha256.
7165 * shadata.c: New file, for generating sha256 constants.
7167 * sha.h: Renamed sha1.h to sha.h, and added declarations for
7170 2001-10-05 Niels Möller <nisse@ehand.com>
7172 * testsuite/aes-test.m4: Added a comment with NIST test vectors.
7174 2001-10-04 Niels Möller <nisse@ehand.com>
7176 * rsa.h, rsa-compat.h, yarrow.h: New files.
7178 2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
7180 * Released version 1.0.
7182 2001-09-25 Niels Möller <nisse@ehand.com>
7184 * sha1.c: Include stdlib.h, for abort.
7186 * md5.c: Include string.h, for memcpy.
7188 * testsuite/Makefile.am (M4_FILES): New variable. Explicitly list
7189 those C source files that should be generated by m4.
7191 * configure.in: Changed package name from "libnettle" to "nettle".
7193 * Makefile.am (EXTRA_DIST): Added .bootstrap.
7195 * AUTHORS: Added a reference to the manual.
7197 2001-09-25 Niels Möller <nisse@lysator.liu.se>
7199 * des-compat.c (des_cbc_cksum): Bug fix, local variable was
7200 declared in the middle of a block.
7202 2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
7204 * nettle.texinfo (Compatibility functions): New section,
7205 mentioning md5-compat.h and des-compat.h.
7207 2001-09-18 Niels Möller <nisse@ehand.com>
7209 * index.html: New file.
7211 2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
7213 * nettle.texinfo: Added description of des3. Minor fixes.
7215 * testsuite/des-compat-test.c (cbc_data): Shorten to 32 bytes (4
7216 blocks), the last block of zeroes wasn't used anyway.
7218 * des-compat.c (des_compat_des3_decrypt): Decrypt in the right
7220 (des_ncbc_encrypt): Bug fixed.
7221 (des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
7223 2001-09-14 Niels Möller <nisse@ehand.com>
7225 * testsuite/des-compat-test.c: New file, copied from libdes
7226 (freeswan). All implemented functions but des_cbc_cksum seems to
7229 * testsuite/Makefile.am (TS_PROGS): Added des-compat-test.
7231 * des-compat.c: Added libdes typedef:s. Had to remove all use of
7232 const in the process.
7233 (des_check_key): New global variable, checked by des_set_key.
7235 * des.c (des_set_key): Go on and expand the key even if it is
7238 * des-compat.c (des_cbc_cksum): Implemented.
7239 (des_key_sched): Fixed return values.
7241 2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
7243 * Makefile.am: Added des-compat.c and des-compat.h
7245 * des-compat.c: Bugfixes, more functions implemented.
7247 * des-compat.h: Define DES_ENCRYPT and DES_DECRYPT. Bugfixes.
7249 2001-09-10 Niels Möller <nisse@ehand.com>
7251 * nettle.texinfo (Copyright): Added copyright information for
7253 (Miscellaneous functions): Started writing documentation on the CBC
7255 (Cipher Block Chaining): This section more or less complete now.
7257 2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
7259 * testsuite/cbc-test.m4: Record intermediate values in a comment.
7260 * testsuite/des3-test.m4: Likewise.
7262 * testsuite/aes-test.m4: Added test case that appeared broken in
7265 * cbc.c (cbc_encrypt): Bug fix, encrypt block *after* XOR:ing the
7268 * Makefile.am (libnettleinclude_HEADERS): Added cbc.h. Deleted
7270 (libnettle_a_SOURCES): Added des3.c.
7272 * testsuite/Makefile.am (TS_PROGS): Added des3-test and cbc-test.
7274 * testsuite/cbc-test.m4: New testcase.
7276 * testsuite/des3-test.m4: New testcase.
7278 * cbc.h (CBC_CTX): New macro.
7279 (CBC_ENCRYPT): New macro.
7280 (CBC_DECRYPT): New macro.
7282 * des.c (des_fix_parity): New function.
7284 * des3.c: New file, implementing triple des.
7286 2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
7288 * cbc.c, cbc.h: New files, for general CBC encryption.
7290 * des-compat.h: Added some prototypes.
7292 2001-09-05 Niels Möller <nisse@ehand.com>
7294 * testsuite/Makefile.am (TS_PROGS): Added md5-compat-test.
7296 * README: Copied introduction from the manual.
7298 * configure.in: Bumped version to 1.0.
7300 * Makefile.am (libnettleinclude_HEADERS): Added missing includes.
7301 (libnettle_a_SOURCES): Added md5-compat.c and md5-compat.h.
7303 * md5-compat.c, md5-compat.h: New files, implementing an RFC
7304 1321-style interface.
7306 2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
7308 * twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
7309 Spotted by Jean-Pierre.
7310 (twofish_encrypt): Likewise.
7312 2001-07-03 Niels Möller <nisse@ehand.com>
7314 * testsuite/testutils.c: Include string.h.
7316 * twofish.c: Include string.h.
7318 2001-06-17 Niels Möller <nisse@lysator.liu.se>
7320 * Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
7321 seems to break with GNU make 3.79.1.
7323 * testsuite/testutils.c, testsuite/testutils.h: Use <inttypes.h>,
7327 2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
7329 * Use <inttypes.h>, not <stdint.h>.
7331 * blowfish.h (BLOWFISH_MAX_KEY_SIZE): Fixed, should be 56.
7333 * Fixed copyright notices.
7335 * Makefile.am (libnettle_a_SOURCES): Added desinfo.h and
7337 (info_TEXINFOS): Added manual.
7338 (EXTRA_DIST): Added nettle.html.
7339 (%.html): Added rule for building nettle.html.
7341 * nettle.texinfo: New manual.
7343 * configure.in: Bumped version to 0.2.
7345 * testsuite/Makefile.am (TS_PROGS): Added cast128 test.
7349 * testsuite/serpent-test.m4: Added a few rudimentary tests
7350 extracted from the serpent package.
7352 * twofish.c: Adapted to nettle. Made constant tables const.
7353 Deleted bytes_to_word and word_to_bytes; use LE_READ_UINT32 and
7354 LE_WRITE_UINT32 instead.
7355 (twofish_selftest): Deleted. Moved the tests to the external
7357 (twofish_set_key): Don't silently truncate too large keys.
7359 * sha1.c (sha1_update): Use unsigned for length.
7361 * serpent.c (serpent_set_key): Read the key backwards. Fixed
7362 padding (but there are no test vectors for key_size not a multiple
7364 (serpent_encrypt): Read and write data in the strange order used
7365 by the reference implementation.
7366 (serpent_decrypt): Likewise.
7368 * macros.h (FOR_BLOCKS): New macro, taken from lsh.
7370 * blowfish.h (struct blowfish_ctx): Use a two-dimensional array
7373 * blowfish.c (initial_ctx): Arrange constants into a struct, to
7375 (F): Deleted all but one definitions of the F function/macro.
7376 Added a context argument, and use that to find the subkeys.
7377 (R): Added context argument, and use that to find the subkeys.
7378 (blowfish_set_key): Some simplification.
7380 (encrypt): Deleted code for non-standard number of rounds. Deleted
7381 a bunch of local variables. Using the context pointer for
7382 everything should consume less registers.
7383 (decrypt): Likewise.
7385 * Makefile.am (libnettle_a_SOURCES): Added twofish.
7387 2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
7389 * testsuite/blowfish-test.m4: Fixed test.
7391 * Added twofish implementation.
7393 * blowfish.h (struct blowfish_ctx): Use the correct size for the p
7396 2001-06-15 Niels Möller <nisse@ehand.com>
7398 * testsuite/blowfish-test.m4: Fixed testcase, use correct key
7401 * Makefile.am (libnettle_a_SOURCES): Added blowfish files.
7402 ($(des_headers)): Strip directory part when passing file name to
7405 * testsuite/blowfish-test.m4: Added one test, from GNUPG.
7407 * Created blowfish.c and blowfish.h (from GNUPG via LSH). Needs
7410 * aes.h: Fixed copyright notice to not mention GNU MP. XXX: Review
7411 all nettle copyrights.
7413 * testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
7416 2001-06-13 Niels Möller <nisse@ehand.com>
7418 * Makefile.am (libnettle_a_SOURCES): Added serpent files.
7420 2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
7422 * des.c (des_encrypt, des_decrypt): Assert that the key setup was
7425 * testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
7427 * testsuite/sha1-test.m4: New file.
7429 * testsuite/des-test.m4: New file.
7433 * Added desCore files.
7435 * Makefile.am: Added desCore and sha1.
7437 2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
7439 * install-sh: Copied the standard install script.
7441 * testsuite/Makefile.am (CFLAGS): Disable optimization. Add
7442 $(top_srcdir) to the include path.
7443 (EXTRA_DIST): Added testutils.h, testutils.c and run-tests.
7444 (run-tests): Fixed path to run-tests.
7446 * Makefile.am (EXTRA_DIST): Added memxor.h.
7447 (libnettleinclude_HEADERS): Install headers in
7448 $(libnettleincludedir).
7450 2001-04-13 Niels Möller <nisse@cuckoo.hack.org>
projects / platform / upstream / nettle.git / blob