1 2016-01-28 Niels Möller <nisse@lysator.liu.se>
5 2016-01-26 Niels Möller <nisse@lysator.liu.se>
7 * tools/nettle-pbkdf2.c (main): Fix handling of unrecognized
8 options. Bug reported by Dongsheng Zhang. Display usage message
9 and exit non-zero. Also added "Usage: "-prefix to the message.
10 * tools/nettle-hash.c (usage): New function, extracted from main.
11 (main): Analogous fix for unrecognized options.
13 2016-01-23 Niels Möller <nisse@lysator.liu.se>
15 * nettle.texinfo: Set UPDATED-FOR to 3.2.
17 2016-01-21 Niels Möller <nisse@lysator.liu.se>
19 * .gitlab-ci.yml: New file. Configuration for gitlab's continuous
22 2016-01-20 Niels Möller <nisse@lysator.liu.se>
24 * testsuite/dlopen-test.c (main): Mark arguments as UNUSED.
26 * testsuite/Makefile.in (clean): Delete dlopen-test.
28 * configure.ac: Bump package version, to nettle-3.2.
29 (LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
30 libnettle.so.6.2 and and libhogweed.so.4.2.
32 2016-01-10 Niels Möller <nisse@lysator.liu.se>
34 * base64-encode.c (encode_raw): Use const uint8_t * for the
37 * nettle.texinfo (RSA): Document the rsa_pkcs1_verify and
38 rsa_pkcs1_sign functions, and the new rsa_*_tr functions.
40 2015-12-18 Niels Möller <nisse@lysator.liu.se>
42 * testsuite/testutils.h: Fix include order, system headers before
43 nettle headers. Always include version.h, needed by
44 version-test.c. It was included indirectly via bignum.h, but only
45 if configured with publickey support.
47 * configure.ac (IF_DLOPEN_TEST): Fixed shell conditional.
49 * testsuite/ecc-mod-test.c (test_main): Handle random seeding if
50 NETTLE_TEST_SEED is set in the environment.
52 2015-12-15 Niels Möller <nisse@lysator.liu.se>
54 * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
55 reported by Hanno Böck. Simplified the folding to always use
56 non-negative carry, the old code attempted to add in a carry which
57 could be either positive or negative, but didn't get that case
60 2015-12-10 Niels Möller <nisse@lysator.liu.se>
62 * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
63 reported by Hanno Böck.
64 (ecc_256_modq): Fixed another carry propagation bug.
66 2015-11-23 Niels Möller <nisse@lysator.liu.se>
68 * nettle.texinfo: Document rsa_encrypt, rsa_decrypt and
69 rsa_decrypt_tr. Text contributed by Andy Lawrence.
71 2015-11-15 Niels Möller <nisse@lysator.liu.se>
73 * rsa.h (_rsa_blind, _rsa_unblind): Mark as deprecated.
75 2015-09-17 Niels Möller <nisse@lysator.liu.se>
77 * rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
79 * rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
81 * rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
82 (rsa_sha256_sign_digest_tr): Likewise.
83 * rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
84 (rsa_sha512_sign_digest_tr): Likewise.
85 * rsa.h: Added corresponding prototypes.
86 * Makefile.in (hogweed_SOURCES): Added new files.
88 * testsuite/testutils.c (SIGN): Extend macro to test new
89 functions, and the rsa_*_sign_digest functions. Updated callers.
91 2015-09-14 Niels Möller <nisse@lysator.liu.se>
93 * rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
94 Mainly for simplicity and consistency, I'm not aware of any CRT
95 fault attacks on RSA decryption.
97 * testsuite/rsa-encrypt-test.c (test_main): Added test with
100 * rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
102 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
103 (rsa_verify_res): Deleted, replaced by rsa_compute_root_tr.
104 * testsuite/rsa-sign-tr-test.c (test_rsa_sign_tr): Check that
105 signature argument is unchanged on failure.
106 * Makefile.in (hogweed_SOURCES): Added rsa-sign-tr.c.
108 2015-09-07 Niels Möller <nisse@lysator.liu.se>
110 * testsuite/rsa-sign-tr-test.c: Drop include of nettle-internal.h.
111 (test_main): Fix incorrect use of sizeof, and use LDATA macro.
113 From Nikos Mavrogiannopoulos.
114 * rsa-pkcs1-sign-tr.c (rsa_verify_res): New function.
115 (rsa_pkcs1_sign_tr): Check result of private key operation, to
116 protect against hardware or software errors leaking the private
118 * testsuite/rsa-sign-tr-test.c: New testcase.
120 2015-09-06 Niels Möller <nisse@lysator.liu.se>
122 * nettle.texinfo: Updated SHA3 documentation.
124 2015-09-02 Niels Möller <nisse@lysator.liu.se>
126 * testsuite/dlopen-test.c: New test program, exposing the problem
127 with ifunc and RTLD_NOW.
129 * testsuite/Makefile.in (TS_ALL): Conditionally add dlopen-test.
130 (SOURCES): Added dlopen-test.c.
131 (dlopen-test): New target, unlike other test programs, *not*
132 linked with -lnettle.
134 * configure.ac: Check for dlfcn.h and the dlopen function.
135 (IF_DLOPEN_TEST): New substituted variable, true if dlopen is
136 available and we are building a shared library.
138 * fat-setup.h: Disable use of ifunc, since it breaks dlopen with
141 2015-08-25 Niels Möller <nisse@lysator.liu.se>
143 * NEWS: Started on entries for Nettle-3.2.
145 * sha3.h (NETTLE_SHA3_FIPS202): New preprocessor constant.
147 2015-08-24 Niels Möller <nisse@lysator.liu.se>
149 * testsuite/sha3.awk: Document origin of test vectors.
151 From Nikos Mavrogiannopoulos.
152 * sha3.c (_sha3_pad): Update for NIST version.
153 * testsuite/sha3-224-test.c: Updated test vectors.
154 * testsuite/sha3-256-test.c: Likewise.
155 * testsuite/sha3-384-test.c: Likewise.
156 * testsuite/sha3-512-test.c: Likewise.
158 2015-06-03 Niels Möller <nisse@lysator.liu.se>
160 * arm/neon/chacha-core-internal.asm: New file. 55% speedup over C
161 version on Cortex-A9.
163 2015-05-19 Niels Möller <nisse@lysator.liu.se>
165 * configure.ac: ABI detection (n32 or n64) on Irix, and
166 appropriate default for libdir. Patch from Klaus Ziegler.
168 2015-05-12 Niels Möller <nisse@lysator.liu.se>
170 * version.c (nettle_version_major, nettle_version_minor): New
171 file. New functions, returning the value of the corresponding
172 preprocessor constant.
173 * Makefile.in (nettle_SOURCES): Added version.c.
174 * testsuite/version-test.c: New testcase.
175 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added version-test.c.
177 2015-04-29 Niels Möller <nisse@lysator.liu.se>
179 * arm/v6/sha256-compress.asm: Fix syntax error in offset
180 addressing. Spotted by Jukka Ukkonen.
181 * arm/v6/aes-decrypt-internal.asm: Drop %-prefix on r12 register.
182 * arm/v6/aes-encrypt-internal.asm: Likewise.
184 2015-04-24 Niels Möller <nisse@lysator.liu.se>
186 * Released nettle-3.1.1.
188 * configure.ac: Bump package version, to nettle-3.1.1.
189 (LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
190 libnettle.so.6.1 and and libhogweed.so.4.1.
192 2015-04-22 Niels Möller <nisse@lysator.liu.se>
194 * x86_64/gcm-hash8.asm: Use ".value" instead of ".short", since
195 the latter is not supported by the Sun/Oracle assembler.
197 2015-04-13 Niels Möller <nisse@lysator.liu.se>
199 * configure.ac: Fix shell quoting in test of GMP_NUMB_BITS asm
200 compatibility. Reported by Edward Sheldrake.
202 2015-04-07 Niels Möller <nisse@lysator.liu.se>
204 * Released nettle-3.1.
206 2015-03-31 Niels Möller <nisse@lysator.liu.se>
208 * x86_64/ecc-224-modp.asm: Require that GMP_NUMB_BITS == 64.
209 * x86_64/ecc-521-modp.asm: Likewise. Note that the other
210 ecc-*-modp.asm files happen to work fine on x86_64, with either 32
213 * asm.m4 (GMP_NUMB_BITS): New macro, expanding to nothing.
215 * configure.ac: Move tests for compiler characteristics,
216 libraries, and GMP_NUMB_BITS, before assembler-related tests.
217 For files in $asm_hogweed_optional_list, check if they declare
218 a GMP_NUMB_BITS requirement, and skip files which are incompatible
219 with the configuration. Needed for --enable-mini-gmp om w64.
221 * Makefile.in (clean-here): Unconditionally delete *.a (including
222 stub libraries like *.dll.a).
224 2015-03-30 Niels Möller <nisse@lysator.liu.se>
226 * version.h.in (GMP_NUMB_BITS) [NETTLE_USE_MINI_GMP]: Move
227 definition here (uses configure substitution).
228 * bignum.h (GMP_NUMB_BITS): ...old location.
230 * nettle.texinfo: Updated version number.
231 (Installation): Document some more configure options.
233 * testsuite/symbols-test: Look for NETTLE_USE_MINI_GMP in
234 version.h, not bignum.h. Allow leading underscore on mini-gmp
237 2015-03-26 Niels Möller <nisse@lysator.liu.se>
239 * Makefile.in (PRE_CPPFLAGS): Drop -I$(srcdir), no longer needed.
240 (HEADERS): Added bignum.h. Removed version.h.
241 (INSTALL_HEADERS): Added version.h.
242 (DISTFILES): Removed bignum.h.in.
243 (bignum.h): Deleted make target.
244 (distclean-here): Don't delete bignum.h.
246 * configure.ac: No longer generate bignum.h.
248 * bignum.h: Renamed. Removed substitution of NETTLE_USE_MINI_GMP,
249 and include version.h instead.
250 * bignum.h.in: ... old name.
252 * version.h.in (NETTLE_USE_MINI_GMP): Substitute here.
254 2015-03-25 Niels Möller <nisse@lysator.liu.se>
256 * configure.ac (MAJOR_VERSION, MINOR_VERSION): Tweak sed
257 expressions, to tolerate version suffixes.
259 * Makefile.in (distdir): Include assembly files from the new
260 x86_64/aesni, x86_64/fat, and arm/fat directories.
262 * ed25519-sha512-pubkey.c: Fix stack overwrite. The digest array
263 must have room for a complete sha512 digest.
265 2015-03-19 Niels Möller <nisse@lysator.liu.se>
267 * Makefile.in (OPT_HOGWEED_SOURCES): Deleted make variable.
268 (nettle_SOURCES, hogweed_SOURCES): Don't include optional sources
270 (OPT_SOURCES): New variable.
271 (SOURCES): Include OPT_SOURCES.
272 (DISTFILES): Drop mini-gmp.c here, included via OPT_SOURCES.
273 (nettle_OBJS, hogweed_OBJS): Add the object files corresponding to
274 the optional source files included in the build.
276 * ecc-curve.h (nettle_curve25519): Removed public declaration.
277 * ecc-internal.h (_nettle_curve25519): New location, new name.
280 * nettle.texinfo: Updated EdDSA documentation.
282 * Makefile.in (DISTFILES): Added version.h.in, libnettle.map.in,
283 and libhogweed.map.in (latter two patch by Nikos).
284 (version.h): New make target.
285 (distclean-here): Added version.h, libnettle.map, and
288 From Nikos Mavrogiannopoulos.
289 * configure.ac (MAJOR_VERSION, MINOR_VERSION): New substituted
291 * version.h.in: New file, defining version numbers.
293 2015-03-18 Niels Möller <nisse@lysator.liu.se>
295 EdDSA interface change, use plain strings to represent keys.
296 * eddsa.h (_ED25519_LIMB_SIZE): Deleted constant.
297 (struct ed25519_private_key, ed25519_public_key): Deleted.
298 * eddsa-expand.c (_eddsa_expand_key): Don't compute the public
300 (_eddsa_expand_key_itch): Deleted function.
301 * eddsa-pubkey.c (_eddsa_public_key, _eddsa_public_key_itch): New
303 * ed25519-sha512-pubkey.c (ed25519_sha512_public_key): New file
305 * ed25519-sha512-verify.c (ed25519_sha512_set_public_key): Deleted
307 (ed25519_sha512_verify): Use a string to represent the public key.
308 * ed25519-sha512-sign.c (ed25519_sha512_set_private_key): Deleted
310 (ed25519_sha512_sign): Use strings for the input key pair.
311 * Makefile.in (hogweed_SOURCES): Added eddsa-pubkey.c and
312 ed25519-sha512-pubkey.c.
313 * testsuite/eddsa-sign-test.c (test_eddsa_sign): Adapt to
314 _eddsa_expand_key changes, and use _eddsa_public_key.
315 * testsuite/ed25519-test.c (test_one): Test
316 ed25519_sha512_public_key, and adapt to new ed25519 interface.
318 2015-03-14 Niels Möller <nisse@lysator.liu.se>
320 * ccm.c (memeql_sec): New function, more side-channel silent than
322 (ccm_decrypt_message): Use it.
324 2015-03-12 Niels Möller <nisse@lysator.liu.se>
326 * base64.h (struct base64_encode_ctx): Micro optimization of
327 struct layout, saving a few bytes.
328 (struct base64_decode_ctx): Likewise.
329 * base16.h (struct base16_decode_ctx): Likewise.
331 * nettle.texinfo (ASCII encoding): Document base64url functions.
333 2015-03-10 Niels Möller <nisse@lysator.liu.se>
335 * nettle.texinfo: Update documentation of curve25519_mul. Say that
336 the output is undefined for points belonging to the twist rather
337 than the proper curve.
339 * curve25519-mul.c (curve25519_mul): Changed return type to void.
340 * curve25519.h (curve25519_mul): Updated prototype.
341 * examples/hogweed-benchmark.c (bench_curve25519_mul): Drop check
342 of curve25519_mul return value.
343 * testsuite/curve25519-dh-test.c (test_a): Likewise.
345 2015-02-26 Niels Möller <nisse@lysator.liu.se>
347 * nettle.texinfo: Document curve25519 and eddsa.
349 2015-02-10 Niels Möller <nisse@lysator.liu.se>
351 * base64url-meta.c (nettle_base64url): New file.
352 * nettle-meta.h (nettle_base64url): Declare it.
353 * nettle-meta-armors.c (nettle_armors): Added nettle_base64url.
354 * testsuite/meta-armor-test.c: Updated testcase.
355 * testsuite/base64-test.c (test_main): Additional tests, using
357 * Makefile.in (nettle_SOURCES): Added base64url-meta.c.
359 Base-64 generalization to support RFC4648 URL safe alphabet,
360 contributed by Amos Jeffries.
361 * base64url-decode.c (base64url_decode_init): New file and
363 * base64url-encode.c (base64url_encode_init): New file and
365 * Makefile.in (nettle_SOURCES): Added base64url-encode.c and
367 * base64.h: Declare new functions.
368 * testsuite/base64-test.c (test_fuzz): Test base64url encoding and
371 * base64.h (struct base64_encode_ctx): Added pointer to alphabet.
372 (struct base64_decode_ctx): Added pointer to decoding table.
373 * base64-decode.c (base64_decode_init): Initialize table pointer.
374 Moved definition of table to local scope.
375 (base64_decode_single): Use the context's decoding table.
376 * base64-encode.c (ENCODE): Added alphabet argument. Updated all
378 (encode_raw): New static function, like base64_encode_raw
379 but with an alphabet argument.
380 (base64_encode_raw): Call encode_raw.
381 (base64_encode_init): Initialize alphabet pointer.
382 (base64_encode_single, base64_encode_update, base64_encode_final):
383 Use the context's alphabet.
385 2015-02-09 Niels Möller <nisse@lysator.liu.se>
387 * base64-encode.c (base64_encode): Deleted old #if:ed out
390 * testsuite/base64-test.c (test_fuzz_once, test_fuzz): Additional
391 tests, based on contribution by Amos Jeffries.
393 2015-02-05 Niels Möller <nisse@lysator.liu.se>
395 * configure.ac (LIBHOGWEED_MAJOR): Undo latest bump, 4 should be
396 enough (previous release, nettle-3.0, used 3).
398 2015-01-30 Niels Möller <nisse@lysator.liu.se>
400 Update chacha-poly1305 for draft-irtf-cfrg-chacha20-poly1305-08.
401 * chacha-poly1305.h (CHACHA_POLY1305_NONCE_SIZE): Increase to 12
402 bytes, i.e., CHACHA_NONCE96_SIZE.
403 * chacha-poly1305.c (chacha_poly1305_set_nonce): Use
405 (poly1305_pad): New function.
406 (chacha_poly1305_encrypt): Use poly1305_pad.
407 (chacha_poly1305_digest): Call poly1305_pad, and format length
408 fields as a single poly1305 block.
410 * chacha-set-nonce.c (chacha_set_nonce96): New function.
411 * chacha.h (CHACHA_NONCE96_SIZE): New constant.
412 * testsuite/chacha-test.c: Add test for chacha with 96-bit nonce.
414 2015-01-27 Niels Möller <nisse@lysator.liu.se>
416 * ecc.h: Deleted declarations of unused itch functions. Moved
417 declarations of internal functions to...
418 * ecc-internal.h: ...new location. Also added a leading under
419 score on the symbols.
420 (ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja)
421 (ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g)
422 (ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions.
424 2015-01-26 Niels Möller <nisse@lysator.liu.se>
426 * ecc-add-eh.c (ecc_add_eh_itch): Deleted.
427 * ecc-add-ehh.c (ecc_add_ehh_itch): Deleted.
428 * ecc-add-jja.c (ecc_add_jja_itch): Deleted.
429 * ecc-add-jjj.c (ecc_add_jjj_itch): Deleted.
430 * ecc-dup-eh.c (ecc_dup_eh_itch): Deleted.
431 * ecc-dup-jj.c (ecc_dup_jj_itch): Deleted.
432 * ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted.
433 * ecc-j-to-a.c (ecc_j_to_a_itch): Deleted.
434 * ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted.
435 * ecc-mul-a.c (ecc_mul_a_itch): Deleted.
436 * ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted.
437 * ecc-mul-g.c (ecc_mul_g_itch): Deleted.
439 2015-01-25 Niels Möller <nisse@lysator.liu.se>
441 * arm/fat/sha1-compress-2.asm: New file.
442 * arm/fat/sha256-compress-2.asm: Likewise.
443 * fat-arm.c (fat_init): Setup for use of additional v6 assembly
446 * sha1-compress.c: Prepare for fat build with C and assembly
448 * sha256-compress.c: Likewise.
450 * fat-setup.h (sha1_compress_func, sha256_compress_func): New typedefs.
452 * configure.ac (asm_nettle_optional_list): Added
453 sha1-compress-2.asm and sha256-compress-2.asm, and corresponding
457 * arm: Add .arch directives for armv6. This allows building these
458 files as part of a fat build, even if the assembler by default
459 targets a lower architecture version.
461 2015-01-23 Niels Möller <nisse@lysator.liu.se>
463 * fat-setup.h (DEFINE_FAT_FUNC): Check value of function pointer,
464 before calling fat_init. Should be correct even without memory
466 * fat-x86_64.c (fat_init): Deleted static variable initialized.
467 The checks of the relevant pointer in DEFINE_FAT_FUNC is more
469 * fat-arm.c (fat_init): Likewise.
471 2015-01-21 Niels Möller <nisse@lysator.liu.se>
473 * fat-arm.c (fat_init): Setup for use of neon assembly functions.
475 * arm/fat/salsa20-core-internal-2.asm: New file.
476 * arm/fat/sha3-permute-2.asm: New file.
477 * arm/fat/sha512-compress-2.asm: New file.
478 * arm/fat/umac-nh-2.asm: New file.
479 * arm/fat/umac-nh-n-2.asm: New file.
481 * salsa20-core-internal.c: Prepare for fat build with C and
482 assembly implementations.
483 * sha512-compress.c: Likewise.
484 * sha3-permute.c: Likewise.
485 * umac-nh.c: Likewise.
486 * umac-nh-n.c: Likewise.
488 * configure.ac (asm_nettle_optional_list): Added more *-2.asm
489 files, and corresponding HAVE_NATIVE_* defines. Recognize PROLOGUE
490 macro in asm files, also when not at the start of the line.
492 2015-01-20 Niels Möller <nisse@lysator.liu.se>
494 * fat-arm.c (get_arm_features): Check NETTLE_FAT_OVERRIDE
495 environment variable.
497 * fat-x86_64.c (get_x86_features): New function. Check
498 NETTLE_FAT_OVERRIDE environment variable.
501 * fat-setup.h (secure_getenv) [!HAVE_SECURE_GETENV]: Dummy
502 definition, returning NULL.
503 (ENV_OVERRIDE): New constant.
505 * configure.ac: Check for secure_getenv function.
507 2015-01-19 Niels Möller <nisse@lysator.liu.se>
509 * configure.ac: Fat library setup for arm.
510 * fat-arm.c: New file.
511 * arm/fat/aes-encrypt-internal.asm: New files.
512 * arm/fat/aes-encrypt-internal-2.asm: New file.
513 * arm/fat/aes-decrypt-internal.asm: New file.
514 * arm/fat/aes-decrypt-internal-2.asm: New file.
516 * Makefile.in (DISTFILES): Added fat-setup.h.
518 * fat-setup.h: New file, declarations moved from...
519 * fat-x86_64.c: ... old location
521 2015-01-17 Niels Möller <nisse@lysator.liu.se>
523 * fat-x86_64.c (DECLARE_FAT_FUNC, DEFINE_FAT_FUNC)
524 (DECLARE_FAT_FUNC_VAR): New macros, to define needed resolver and
527 * config.m4.in (SYMBOL_PREFIX): Define from from autoconf
529 (C_NAMS): move definition to...
530 * asm.m4 (C_NAME): Define here, also take fat_transform.
531 (fat_suffix): Replaced by...
532 (fat_transform): New macro, taking symbol name as argument.
533 Updated all uses of fat_suffix.
534 * fat-x86_64.c: Updated for internal "_nettle" prefix on
535 cpu-specific memxor functions.
537 * fat-x86_64.c: Set up for sse2 vs non-sse2 memxor. Patch by Nikos
539 * configure.ac (asm_nettle_optional_list): Added memxor-2.asm.
540 * x86_64/fat/memxor-2.asm: New file.
541 * x86_64/fat/memxor.asm: New file.
543 * x86_64/memxor.asm: Use ifdef, not ifelse, for testing USE_SSE2.
545 2015-01-16 Niels Möller <nisse@lysator.liu.se>
547 * configure.ac (OPT_NETTLE_SOURCES): New substituted variable.
548 (asm_path): Fixed x86_64 fat setup. Include only x86_64 and
549 x86_64/fat in the asm_path. Put fat-x86_64.c in
550 OPT_NETTLE_SOURCES, with no symlinking.
552 * fat-x86_64.c: Renamed,...
553 * x86_64/fat/fat.c: ... from old name.
555 2015-01-13 Niels Möller <nisse@lysator.liu.se>
557 * x86_64/fat/fat.c: For constructor hack, check
558 HAVE_GCC_ATTRIBUTE, not __GNUC__. Also support sun compilers, as
559 suggested by Nikos Mavrogiannopoulos, and attch the constructor
560 attribute directly to fat_init.
561 (fat_constructor): Deleted wrapper function.
563 * x86_64/fat/fat.c: New file, initialization for x86_64 fat
566 * x86_64/fat/cpuid.asm (_nettle_cpuid): New file and function.
568 * x86_64/fat/aes-encrypt-internal.asm: New file, including
569 x86_64/aes-encrypt-internal.asm, after setting fat_suffix to
571 * x86_64/fat/aes-decrypt-internal.asm: New file, analogous setup.
572 * x86_64/fat/aes-encrypt-internal-2.asm: New file, including
573 x86_64/aesni/aes-encrypt-internal.asm, after setting fat_suffix to
575 * x86_64/fat/aes-decrypt-internal.asm-2: New file, analogous
578 * configure.ac: New command line option --enable-fat.
579 (asm_nettle_optional_list): Added cpuid.asm, fat.c,
580 aes-encrypt-internal-2.asm, and aes-decrypt-internal-2.asm.
582 * asm.m4 (fat_suffix): New suffix added to symbol names.
584 * x86_64/aesni/aes-encrypt-internal.asm: Use explicit .byte
585 sequences for aes instructions, don't rely on assembler support.
586 * x86_64/aesni/aes-decrypt-internal.asm: Likewise.
588 * aclocal.m4 (NETTLE_CHECK_IFUNC): New macro, checking for ifunc
589 and settting HAVE_LINK_IFUNC if working.
590 * configure.ac: Use it.
592 2015-01-12 Niels Möller <nisse@lysator.liu.se>
594 * asm.m4 (DECLARE_FUNC): New macro, extracted from PROLOGUE.
597 * configure.ac (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Renamed
598 substituted variables, and list the object files rather than
600 (OPT_ASM_NETTLE_SOURCES, OPT_ASM_HOGWEED_SOURCES): ...Old names.
601 * Makefile.in (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Use new
604 2015-01-11 Niels Möller <nisse@lysator.liu.se>
606 * x86_64/aesni/aes-decrypt-internal.asm: New file.
607 * x86_64/aesni/aes-encrypt-internal.asm: New file.
608 * configure.ac: New configure flag --enable-x86-aesni.
610 * aclocal.m4 (LSH_RPATH_INIT): Handle freebsd, in the same way as
611 gnu/linux, with -Wl,-rpath,.
613 Merged memxor-reorg changes, starting at 2014-10-23.
615 2015-01-10 Niels Möller <nisse@lysator.liu.se>
617 * arm/memxor.asm (memxor3): Moved to new file.
618 * arm/memxor3.asm: New file.
620 2014-11-24 Niels Möller <nisse@lysator.liu.se>
622 * x86_64/memxor3.asm (memxor3): New file, code moved from old
624 * x86_64/memxor.asm (memxor): Rewritten, no longer jumps into
627 * configure.ac (asm_replace_list): Added memxor.asm and
630 2014-10-23 Niels Möller <nisse@lysator.liu.se>
632 * configure.ac (IF_ASM): New substituted variable.
633 * testsuite/Makefile.in (VALGRIND): Allow partial loads only when
634 build includes assembly files.
636 * memxor-internal.h (READ_PARTIAL): New macro.
637 * memxor.c (memxor_different_alignment): Avoid out-of-bounds
638 reads, corresponding to valgrind's --partial-loads-ok. Use
640 * memxor3.c: Analogous changes for unaligned operations.
642 * configure.ac (asm_replace_list): Deleted memxor.asm, now
643 incompatible with the memxor/memxor3 split.
645 * memxor3.c: New file, split off from memxor.c.
646 * memxor-internal.h: New file, declarations shared by memxor.c and
648 * memxor.c: memxor3 functions moved out from this file.
649 * Makefile.in (nettle_SOURCES): Added memxor3.c.
650 (DISTFILES): Added memxor-internal.h.
652 * memxor.c (memxor_common_alignment, memxor_different_alignment)
653 (memxor): Change loop order, iterate from the end.
654 (memxor3_common_alignment): Unroll twice.
655 (word_t): On x86_64, unconditionally define as uint64_t, to get 64
656 bits also in M$ windows. Replaced all uses of SIZEOF_LONG.
658 2014-12-12 Niels Möller <nisse@lysator.liu.se>
660 * cbc.h (CBC_ENCRYPT, CBC_DECRYPT): Make type-checking hack
661 stricter, warn if type of length argument is smaller than size_t.
662 * ctr.h (CTR_CRYPT): Likewise.
663 * eax.h (EAX_SET_KEY, EAX_SET_NONCE, EAX_UPDATE, EAX_ENCRYPT)
664 (EAX_DECRYPT, EAX_DIGEST): Likewise.
665 * gcm.h (GCM_SET_KEY, GCM_ENCRYPT, GCM_DECRYPT, GCM_DIGEST):
668 2014-12-08 Niels Möller <nisse@lysator.liu.se>
670 * aclocal.m4 (LD_VERSION_SCRIPT): Linker scripts no longer located
673 * configure.ac (LIBNETTLE_MAJOR): Bump major number, now 6.
674 (LIBHOGWEED_MAJOR): Bump major number, now 5.
676 From Nikos Mavrogiannopoulos. Support for versioned symbols.
677 * aclocal.m4 (LD_VERSION_SCRIPT): New macro. Substitute
678 EXTRA_LINKER_FLAGS and EXTRA_HOGWEED_LINKER_FLAGS.
679 * configure.ac: Use LD_VERSION_SCRIPT. Generate libnettle.map
681 (HOGWEED_EXTRA_SYMBOLS): New substituted variable.
682 * libnettle.map.in: New file, libnettle.so linker script
683 * libhogweed.map.in: New file, libhogweed.so linker script.
684 * Makefile.in ($(LIBNETTLE_FORLINK)): Use EXTRA_LINKER_FLAGS.
685 ($(LIBHOGWEED_FORLINK)): Use EXTRA_HOGWEED_LINKER_FLAGS.
687 2014-11-24 Niels Möller <nisse@lysator.liu.se>
689 * gcm.h (GCM_SET_KEY): Rename macro argument KEY to avoid
690 collision with a struct tag. Spotted by Nikos Mavrogiannopoulos.
692 * testsuite/eddsa-verify-test.c (test_eddsa): Fixed test case bug,
693 showing up as use of uninitialized data with valgrind.
695 2014-10-23 Niels Möller <nisse@lysator.liu.se>
697 * examples/nettle-benchmark.c (time_memxor): Allocate buffers as
698 arrays of unsigned long, for more reliable alignment.
700 2014-10-22 Niels Möller <nisse@lysator.liu.se>
702 * configure.ac: Check for getline function.
703 * testsuite/ed25519-test.c (getline) [!HAVE_GETLINE]: Fallback
706 * Makefile.in (clean-here): Unconditionally delete .so and .dll
708 (IMPLICIT_TARGETS): Deleted variable.
710 2014-10-21 Niels Möller <nisse@lysator.liu.se>
712 * testsuite/ed25519-test.c: New test case. Optionally reads the
713 file pointed to by $ED25519_SIGN_INPUT.
715 * testsuite/testutils.c (tstring_hex): Rewrite, using Nettle's
717 (decode_hex, decode_hex_length): Deleted functions.
719 2014-10-20 Niels Möller <nisse@lysator.liu.se>
721 * eddsa.h (ED25519_KEY_SIZE): New constant.
722 (ED25519_SIGNATURE_SIZE): New constant.
723 (struct ed25519_private_key): New struct.
724 (struct ed25519_public_key): New struct.
726 * ed25519-sha512-sign.c (ed25519_sha512_set_private_key)
727 (ed25519_sha512_sign): New file and functions.
728 * ed25519-sha512-verify.c (ed25519_sha512_set_public_key)
729 (ed25519_sha512_verify): New file and functions.
730 * Makefile.in (hogweed_SOURCES): Added ed25519-sha512-sign.c and
731 ed25519-sha512-verify.c.
734 2014-10-18 Niels Möller <nisse@lysator.liu.se>
736 * eddsa-verify.c (_eddsa_verify): Change argument order, putting A
738 * eddsa.h: Updated prototype.
739 * testsuite/eddsa-verify-test.c (test_eddsa): Updated
742 2014-10-14 Niels Möller <nisse@lysator.liu.se>
744 * eddsa-verify.c (equal_h): New function.
745 (_eddsa_verify): Use it for a proper point compare, replacing an
748 * testsuite/eddsa-verify-test.c: New testcase.
749 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
752 * eddsa-verify.c (_eddsa_verify, eddsa_verify_itch): New file, new
754 * eddsa.h: Declare new functions.
755 * Makefile.in (hogweed_SOURCES): Added eddsa-verify.c.
757 2014-10-08 Niels Möller <nisse@lysator.liu.se>
759 * testsuite/eddsa-sign-test.c (test_eddsa_sign): Use
760 _eddsa_expand_key, and check its public key output.
762 * eddsa-expand.c (_eddsa_expand_key): New file, new function.
763 * eddsa.h (_eddsa_expand_key): Declare it.
764 * Makefile.in (hogweed_SOURCES): Added eddsa-expand.c.
766 * eddsa-sign.c: Drop unneeded include of nettle-internal.h.
768 2014-10-04 Niels Möller <nisse@lysator.liu.se>
770 * testsuite/eddsa-sign-test.c: New testcase.
771 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
774 * eddsa-sign.c (_eddsa_sign, _eddsa_sign_itch): New file, new
776 * eddsa-hash.c (_eddsa_hash): New file and function.
777 * eddsa.h: Declare new functions.
778 * Makefile.in (hogweed_SOURCES): Added eddsa-hash.c and
781 2014-10-03 Niels Möller <nisse@lysator.liu.se>
783 * testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Enable test.
784 (test_main): Replace gmp_fprintf calls.
785 * testsuite/ecc-mul-a-test.c: Likewise.
786 * testsuite/ecc-mul-g-test.c: Likewise.
788 * testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Enable test.
789 (ref_modinv): Use mpz_gcdext, instead of mpn_gcdext.
790 (test_modulo): Replace gmp_fprintf calls.
792 * testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Enable test.
793 (ref_mod): Use mpz_mod and mpz_limbs_copy, instead of mpn_tdiv_qr.
794 (test_modulo): Replace gmp_fprintf calls by plain fprintf and
797 * testsuite/testutils.c (mpn_out_str): New function, needed to
798 replace uses of gmp_fprintf.
800 * testsuite/ecc-sqrt-test.c (mpz_ui_kronecker)
801 [NETTLE_USE_MINI_GMP]: New fallback definition when building with
803 * testsuite/testutils.c (gmp_randinit_default)
804 [NETTLE_USE_MINI_GMP]: Likewise.
805 (mpz_urandomb): Likewise.
806 * testsuite/testutils.h (gmp_randstate_t) [NETTLE_USE_MINI_GMP]:
807 Fallback typedef, using knuth_lfib_ctx.
809 2014-10-02 Niels Möller <nisse@lysator.liu.se>
811 * testsuite/eddsa-compress-test.c: New testcase.
812 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
813 eddsa-compress-test.c.
815 * eddsa-decompress.c (_eddsa_decompress): New file, new function.
816 * eddsa-compress.c (_eddsa_compress): New file, new function.
818 * Makefile.in (HEADERS): Added eddsa.h.
819 (hogweed_SOURCES): Added eddsa-compress.c and eddsa-decompress.c.
821 * testsuite/ecc-sqrt-test.c: New test case.
822 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
825 * ecc-25519.c (PHIGH_BITS): Always define this constant.
826 (ecc_25519_zero_p): New function.
827 (ecc_25519_sqrt): Take a ratio u/v as input. Added scratch
828 argument. Made static.
829 * ecc-internal.h (ecc_mod_sqrt_func): New typedef.
830 (struct ecc_modulo): Added sqrt_itch and sqrt function pointer.
831 Updated all instances.
832 (ecc_25519_sqrt): Deleted declaration, function now static.
834 2014-09-24 Niels Möller <nisse@lysator.liu.se>
836 * curve25519.h [__cplusplus]: Fixed extern "C" block.
838 2014-09-23 Niels Möller <nisse@lysator.liu.se>
840 * ecc-hash.c (ecc_hash): Changed argument type from struct
841 ecc_curve to struct ecc_modulo. Updated callers.
842 * testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
843 signature s. Changed since the hash value is truncated a few bits
844 more, to match the size of q.
845 * testsuite/ecdsa-verify-test.c (test_main): Likewise.
847 * testsuite/ecc-modinv-test.c (zero_p): New function, checking for
849 (test_modulo): Use zero_p. Switch to dynamic allocation. Updated
850 for larger modinv result area, and use invert_itch.
852 * ecc-25519.c (ecc_mod_pow_2kp1): Renamed, and take a struct
853 ecc_modulo * as argument.
854 (ecc_modp_powm_2kp1): ... old name.
855 (ecc_mod_pow_252m3): New function, extracted from ecc_25519_sqrt.
856 (ecc_25519_inv): New modp invert function, about 5.5 times faster
858 (ecc_25519_sqrt): Use ecc_mod_pow_252m3.
859 (nettle_curve25519): Point to ecc_25519_inv. Updated p.invert_itch
862 * ecc-internal.h (struct ecc_modulo): New field invert_itch.
863 Updated all implementations.
864 (ECC_EH_TO_A_ITCH): Updated, and take invert itch as an argument.
865 * ecc-eh-to-a.c (ecc_eh_to_a_itch): Take invert scratch into account.
867 * testsuite/testutils.c (test_ecc_mul_h): Use ecc->h_to_a_itch.
869 * ecc-mod-inv.c (ecc_mod_inv): Interface change, make ap input
870 const, and require 2n limbs at rp. Preparing for powm-based
871 alternative implementations. Drop #if:ed out code and dp
872 temporary. Updated all callers, more complicated cases described
874 * ecc-internal.h (typedef ecc_mod_inv_func): Added const to input
876 (ECC_MOD_INV_ITCH): Renamed, was ECC_MODINV_ITCH, and reduced to
878 * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Overhauled allocation,
879 putting mod_inv scratch at the end.
881 2014-09-22 Niels Möller <nisse@lysator.liu.se>
883 * ecc-random.c (ecc_mod_random): Renamed, and take a const struct
884 ecc_modulo * as argument. Updated callers.
885 (ecc_modq_random): ... old name.
887 * ecc-mod-arith.c: New file, replacing ecc-modp.c and ecc-modq.c.
888 All functions take a struct ecc_modulo as argument.
889 (ecc_mod_add, ecc_mod_sub, ecc_mod_mul_1, ecc_mod_addmul_1)
890 (ecc_mod_submul_1, ecc_mod_mul, ecc_mod_sqr): New functions,
891 replacing the corresponding ecc_modp_* functions. For convenience,
892 old names are defined as macros wrapping the new functions.
893 * ecc-modp.c: Deleted file.
894 * ecc-modq.c: Deleted file.
895 * Makefile.in (hogweed_SOURCES): Updated accordingly.
897 * testsuite/ecc-redc-test.c (test_main): Relaxed tests for which
900 * testsuite/ecc-modinv-test.c (test_modulo): New function, same
901 organization as in ecc-mod-test.c below.
903 * testsuite/ecc-mod-test.c (test_modulo): New function, testing
904 one modulo. Replacing...
905 (test_curve): ... old function.
906 (test_main): Invoke test_modulo for p and q of each curve.
908 * ecc-internal.h (ecc_mod_inv_func): New typedef.
909 (struct ecc_modulo): Added mp1h constant and invert function
910 pointer. Updated all callers.
911 * ecc-modp.c (ecc_modp_inv): Deleted wrapper function.
912 * ecc-modq.c (ecc_modq_inv): Deleted wrapper function.
914 * ecc-mod-inv.c (ecc_mod_inv): Renamed file and function. Also
915 take a struct ecc_modulo * as argument.
916 * sec-modinv.c (sec_modinv): ... the old names. Deleted.
917 * Makefile.in (hogweed_SOURCES): Updated accordingly.
919 * examples/ecc-benchmark.c (bench_modinv_powm, bench_curve):
920 Updated benchmarking of mpn_sec_powm.
922 * ecc-internal.h (struct ecc_curve): Deleted redc function
923 pointer. Use only reduce pointer, which is redc or modp as
924 applicable. Updated all users.
925 (struct ecc_modulo): Moved mod and reduce function pointers to
928 * ecc-generic-modp.c (ecc_generic_modp): Deleted file and
929 function. We no longer need a wrapper around ecc_mod.
930 * ecc-generic-modq.c (ecc_generic_modq): Likewise deleted.
931 * Makefile.in (hogweed_SOURCES): Removed ecc-generic-modp.c and
934 * ecc-internal.h (typedef ecc_mod_func): Take a const struct
935 ecc_modulo * argument, not const struct ecc_curve *. Updated all
936 implementations and all callers.
938 * ecc-mod.c (ecc_mod): Use struct ecc_modulo to specify the
939 modulo. Drop input size argument, always reduce from 2*size to
942 * ecc-internal.h (struct ecc_modulo): New struct, collecting
943 constants needed for modulo arithmetic.
944 (struct ecc_curve): Use struct ecc_modulo for p and q arithmetic.
945 Updated all ecc-related files.
947 2014-09-17 Niels Möller <nisse@lysator.liu.se>
949 * gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn
950 counter, making the function clear some bytes beyond the end of
951 the output buffer. The bug triggered a make check failure on ARM.
953 * testsuite/testutils.c (ecc_curves): Include curve25519 in list.
954 (test_ecc_mul_a): Include reference points for curve25519 (with
955 Edwards coordinates). Allow n == 0 and n == 1, comparing to zero
956 and the generator, respectively.
957 * testsuite/ecc-add-test.c (point_zero_p): Deleted function.
958 (test_main): Replace calls to point_zero_p by calls to
959 test_ecc_mul_h with n == 0.
960 * testsuite/ecc-dup-test.c: Likewise.
962 * testsuite/ecc-modinv-test.c (mpn_zero_p): Moved function, to...
963 * testsuite/testutils.c (mpn_zero_p): New location. Also make
966 * testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add special case
969 * testsuite/ecc-mul-a-test.c (test_main): Fix point negation to
971 * testsuite/ecc-mul-g-test.c (test_main): Likewise.
973 * ecc-a-to-eh.c (ecc_a_to_eh_itch, ecc_a_to_eh): Deleted file and
975 * ecc.h: Deleted corresponding declarations.
976 * ecc-internal.h (ECC_A_TO_EH_ITCH): Deleted macro.
977 * Makefile.in (hogweed_SOURCES): Removed ecc-a-to-eh.c.
979 * testsuite/ecdh-test.c (test_main): Update curve25519 test to use
981 * testsuite/ecdsa-sign-test.c (test_main): Likewise.
982 * testsuite/ecdsa-verify-test.c (test_main): Likewise.
984 * ecc-point.c (ecc_point_set): Use Edwards rather than Montgomery
987 * ecc-mul-a-eh.c (ecc_mul_a_eh, table_init): Take an Edwards point
988 as input, not a Montgomery point. Hence, use ecc_a_to_j, not
991 * ecc-eh-to-a.c (ecc_eh_to_a): Just convert to affine coordinates,
992 don't transform from Edwards to Montgomery form. Also reduces
993 scratch need slightly.
994 * ecc-internal.h (ECC_EH_TO_A_ITCH): Reduced.
996 * ecdsa-keygen.c (ecdsa_generate_keypair): Use struct ecc_curve
999 * testsuite/curve25519-dup-test.c: Deleted file. In the way for
1000 conversion to Edwards coordinate convention, and in the end
1001 the tests will be done by ecc-dup-test.c.
1002 * testsuite/curve25519-add-test.c: Similarly deleted.
1003 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Removed
1004 curve25519-dup-test.c and curve25519-add-test.c.
1006 2014-09-16 Niels Möller <nisse@lysator.liu.se>
1008 * testsuite/ecc-add-test.c: New generalized testcase, to replace
1009 curve25519-add-test.c.
1010 * testsuite/ecc-dup-test.c: New generalized testcase, to replace
1011 curve25519-dup-test.c.
1012 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-add-test.c
1015 2014-09-14 Niels Möller <nisse@lysator.liu.se>
1017 * testsuite/ecc-mul-a-test.c (test_main): Use struct ecc_curve
1019 * testsuite/ecc-mul-g-test.c (test_main): Likewise.
1021 2014-09-09 Niels Möller <nisse@lysator.liu.se>
1023 * curve25519-mul.c (curve25519_mul): Switch to use Montgomery
1024 ladder. About 20% faster than current Edwards curve operations.
1025 Difference is expected to shrink when Edwards operations are
1026 optimized to take advantage of the twist, but it seems unlikely to
1027 get significantly faster than the Montgomery ladder.
1029 * gmp-glue.c (cnd_swap): Moved function here, made non-static.
1030 Changed cnd type to mp_limb_t, for consistency with GMP
1032 * sec-modinv.c (cnd_swap): ... old location.
1033 * gmp-glue.h (cnd_swap): Declare function.
1035 2014-09-06 Niels Möller <nisse@lysator.liu.se>
1037 * examples/hogweed-benchmark.c (bench_curve25519_mul_g)
1038 (bench_curve25519_mul, bench_curve25519): New functions.
1039 (main): Added benchmarking of curve25519 functions.
1041 2014-09-03 Niels Möller <nisse@lysator.liu.se>
1043 * Makefile.in: Revert 2013-02-06 Makefile changes: use a single
1044 rule for transforming .asm to .o, and drop include of asm.d.
1045 Possible now since we generate a single object file from each asm
1046 file. This change also helps Solaris' make recognize .asm files.
1047 * config.make.in (.SUFFIXES): Drop .s from list.
1048 * configure.ac: Delete code to generate asm.d.
1050 * Makefile.in: Delete all uses of *.po files, use the same object
1051 files for both shared and static libraries.
1052 * configure.ac (dummy-dep-files): Don't create any .po.d files.
1054 * aclocal.m4 (LSH_CCPIC): Don't substitute CCPIC here, let
1055 configure.ac do that if needed.
1057 * configure.ac (CCPIC_MAYBE, SHLIBCFLAGS): Deleted substituted
1058 variables. Instead, use CCPIC directly when compiling all library
1060 (CCPIC): Set to empty, if --disable-pic is used.
1062 * config.make.in (SHLIBCFLAGS, CCPIC_MAYBE): Deleted.
1063 (COMPILE, COMPILE_CXX): Drop CCPIC. New variable EXTRA_CFLAGS,
1064 which can be set by individual Makefiles.
1066 * Makefile.in (EXTRA_CFLAGS): Set using CCPIC.
1067 Also delete all uses of CCPIC_MAYBE and SHLIBCFLAGS.
1069 2014-09-02 Niels Möller <nisse@lysator.liu.se>
1071 * curve25519-eh-to-x.c (curve25519_eh_to_x): New file, new
1072 function. The curve25519 transform currently done by ecc_eh_to_a,
1073 but which should eventually be eliminted from that function.
1074 * Makefile.in (hogweed_SOURCES): Added curve25519-eh-to-x.c.
1075 * ecc-internal.h (curve25519_eh_to_x): Declare it.
1077 * curve25519-mul.c (curve25519_mul): Use it.
1078 * curve25519-mul-g.c (curve25519_mul_g): Likewise. Also introduce
1079 local variable ecc, and use ecc->mul_g_itch.
1081 2014-08-29 Niels Möller <nisse@lysator.liu.se>
1083 * testsuite/testutils.c (test_ecc_mul_j): Renamed, to ...
1084 (test_ecc_mul_h): ... new name. Use ecc->h_to_a function pointer.
1087 * examples/ecc-benchmark.c (bench_add_jjj): Renamed, to ...
1088 (bench_add_hhh): ... new name. Use ecc->add_hhh function pointer.
1089 (bench_add_ehh): Deleted.
1090 (bench_curve): Use bench_add_hhh for all curves. Use ecc->mul_itch
1093 Switch the curve25519 implementation to use the isomorphism to the
1094 twisted Edwards curve which is used for Ed25519 signatures.
1095 * eccdata.c (ecc_curve_init): Tweaked the transformation constant
1096 for the isomorphism between curve25519 and the twisted Edwards
1098 * ecc-add-ehh.c (ecc_add_ehh): Updated formulas for the twist curve.
1099 * ecc-add-eh.c (ecc_add_eh): Likewise.
1100 * ecc-dup-eh.c (ecc_dup_eh): Likewise.
1102 2014-08-28 Niels Möller <nisse@lysator.liu.se>
1104 * ecdsa-verify.c (ecdsa_verify): Drop include of ecc-internal.h,
1105 use ecc_size function instead.
1107 * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use the struct ecc_curve
1108 function pointers: mul, mul_g, add_hhh, h_to_a.
1110 * ecc-internal.h (ECC_ECDSA_VERIFY_ITCH): Deleted macro. Needed
1111 scratch depends on curve type, not just size.
1112 (ecc_add_func): New typedef.
1113 (struct ecc_curve): New function pointer add_hhh, and constant
1114 add_hhh_itch. Updated all instances.
1116 * ecdsa-verify.c (ecdsa_verify): Use the ecc_ecdsa_verify_itch
1117 function, not the corresponding macro.
1118 * ecc-ecdsa-verify.c (ecc_ecdsa_verify_itch): Take ecc->mul_itch
1119 into account. Also reduce to 5*ecc->size + ecc->mul_itch.
1121 * testsuite/ecdsa-sign-test.c (test_main): Added test for the
1122 obscure case of ecdsa using curve25519.
1123 * testsuite/ecdsa-verify-test.c (test_main): Likewise (depends on
1126 * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Use mul_g and h_to_a function
1127 pointers. Implies (obscure) support for curve25519.
1129 * ecc-25519.c (ecc_25519_modq): Access q via the ecc struct.
1131 * ecc-eh-to-a.c (ecc_eh_to_a): Analogous change as for ecc_j_to_a.
1132 The modulo q case (op == 2) is hardcoded for curve25519.
1134 * ecc-j-to-a.c (ecc_j_to_a): For curves using redc, always convert
1135 back from redc form. When producing x coordinate only, optionally
1136 reduce it modulo q. Completely changes the meaning of the "flags"
1137 argument, and renames it to "op". Update all users of this
1138 function or ecc->h_to_a.
1140 * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Use new ecc_j_to_a modulo q
1142 * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Likewise.
1144 * testsuite/symbols-test: Regexp fixes, to better filter out
1145 get_pc_thunk functions.
1147 * ecc-generic-redc.c (ecc_generic_redc): Deleted file and
1148 function. Split into...
1149 * ecc-pp1-redc.c (ecc_pp1_redc): New file and function.
1150 * ecc-pm1-redc.c (ecc_pm1_redc): New file and function.
1151 * ecc-internal.h: Updated declarations.
1152 * Makefile.in (hogweed_SOURCES): Replace ecc-generic-redc.c by
1153 ecc-pp1-redc.c and ecc-pm1-redc.c.
1154 * ecc-192.c: Use ecc_pp1_redc (benchmarking only).
1155 * ecc-224.c: Use ecc_pm1_redc when applicable.
1156 * ecc-256.c: Use ecc_pp1_redc when applicable.
1157 * ecc-384.c: Use ecc_pp1_redc (benchmarking only).
1158 * ecc-521.c: Use ecc_pp1_redc (benchmarking only).
1159 * testsuite/ecc-redc-test.c (test_main): Replace use of
1160 ecc_generic_redc by ecc_pp1_redc and ecc_pm1_redc.
1162 * eccdata.c (output_curve): Don't output ecc_redc_g.
1163 * ecc-internal.h (struct ecc_curve): Deleted unused field redc_g.
1164 Updated all instances.
1166 2014-08-27 Niels Möller <nisse@lysator.liu.se>
1168 * ecc-modq.c (ecc_modq_inv): Use q_bit_size.
1170 * ecc-internal.h (struct ecc_curve): New field q_bit_size. Updated
1173 * configure.ac: Bumped package version number to 3.1.
1174 (LIBHOGWEED_MAJOR): Bumped library version to 4.0.
1176 Merged curve25519 changes (starting at 2014-07-04).
1177 * Makefile.in (clean-here): Added ecc-25519.h.
1179 2014-08-26 Niels Möller <nisse@lysator.liu.se>
1181 * examples/ecc-benchmark.c (bench_mul_g, bench_mul_a): Use struct
1182 ecc_curve function pointers.
1183 (bench_mul_g_eh, bench_mul_a_eh): Deleted.
1184 (bench_curve): Make modq benchmark unconditional. Use bench_mul_g
1185 and bench_mul_a also for curve25519.
1187 * testsuite/ecc-mod-test.c (test_curve): Make modq test
1188 unconditional, partially reverting 2014-07-04 change.
1190 * ecc-25519.c (ecc_25519_modq): New function.
1192 * eccdata.c (output_curve): Precomputation for curve25519 mod q.
1194 * mini-gmp.c (mpz_abs_sub_bit): Do full normalization, needed in
1195 case the most significant bit is cleared.
1197 2014-08-25 Niels Möller <nisse@lysator.liu.se>
1199 * testsuite/ecdh-test.c (set_point): Check return value of
1201 (test_main): Enable curve25519 test.
1203 * ecc-point-mul-g.c (ecc_point_mul_g): Use ecc->mul_g and
1204 ecc->h_to_a function pointers.
1205 * ecc-point-mul.c (ecc_point_mul): Use the ecc->mul and
1206 ecc->h_to_a function pointers.
1208 * ecc-internal.h (ecc_mul_g_func, ecc_mul_func, ecc_h_to_a_func):
1210 (struct ecc_curve): New function pointers mul, mul_g, h_to_a, and
1211 constans for their scratch requirements. Updated all instances.
1213 * ecc-point.c (ecc_point_set): Handle curve25519 as a special
1214 case, when checking if the point is on the curve.
1216 2014-08-24 Niels Möller <nisse@lysator.liu.se>
1218 * testsuite/ecdh-test.c: Test ecc_point_mul and ecc_point_mul_g,
1219 using test data generated by ecc-ref.gp. Tests for all curves
1220 except curve25519, which doesn't yet work with the general
1221 ecc_point interface.
1223 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecdh-test.c.
1225 * misc/ecc-ref.gp: Script to generate ECDH test data.
1227 2014-08-23 Niels Möller <nisse@lysator.liu.se>
1229 * ecc-a-to-j.c (ecc_a_to_j): Deleted INITIAL argument.
1230 * ecc.h (ecc_a_to_j): Updated prototype.
1231 * ecc-mul-a.c (ecc_mul_a, table_init): Updated calls to ecc_a_to_j.
1233 * ecc-mul-a.c (ecc_mul_a): Deleted INITIAL argument, all callers,
1234 except the tests, pass 1. Updated all callers.
1235 (table_init): Likewise deleted INITIAL.
1236 * ecc.h (ecc_mul_a): Updated prototype.
1237 * testsuite/ecc-mul-a-test.c (test_main): Deleted tests for
1238 ecc_mul_a with INITIAL == 0.
1240 * ecc-internal.h (struct ecc_curve): Reordered struct, moved
1241 function pointers before pointers to bignum constants.
1243 * sec-modinv.c (sec_modinv): Document that for a == 0 (mod m), we
1244 should produce the "inverse" 0.
1246 * testsuite/ecc-modinv-test.c (test_main): Check that ecc_modp_inv
1247 produces 0 if a == 0 or a == p.
1249 2014-08-22 Niels Möller <nisse@lysator.liu.se>
1251 * x86_64/ecc-25519-modp.asm: New file. Assembly implementation,
1252 initial version yields 30% speedup of ecc_25519_modp. Early
1253 folding eliminates one pass of carry propagation, and yields
1254 almost 20% additional speedup.
1256 * ecc-25519.c [HAVE_NATIVE_ecc_25519_modp]: Use assembly version
1259 * configure.ac (asm_hogweed_optional_list): Added ecc-25519-modp.asm.
1260 Also add HAVE_NATIVE_ecc_25519_modp to config.h.in.
1262 2014-08-19 Niels Möller <nisse@lysator.liu.se>
1264 * examples/ecc-benchmark.c (bench_curve): Support benchmarking of
1265 curve25519, for now handled as a special case.
1266 (curves): Added nettle_curve25519.
1267 (bench_dup_eh, bench_add_eh, bench_add_ehh, bench_mul_g_eh): New
1270 2014-08-18 Niels Möller <nisse@lysator.liu.se>
1272 * testsuite/curve25519-dh-test.c (test_a): Use curve25519_mul.
1273 (test_main): Use little-endian inputs for test_a.
1274 (curve25519_sqrt, curve_25519): Deleted static helper functions,
1277 * curve25519-mul.c (curve25519_mul): New file and function.
1278 * curve25519.h (curve25519_mul): Declare it.
1279 * Makefile.in (hogweed_SOURCES): Added curve25519-mul.c.
1281 * curve25519-mul-g.c (curve25519_mul_g): Renamed file and
1282 function, updated callers.
1283 * curve25519-base.c (curve25519_base): ... old names.
1284 * Makefile.in (hogweed_SOURCES): Updated for rename.
1286 * eccdata.c (output_curve): Compute constants needed for
1288 * ecc-25519.c (ecc_modp_powm_2kp1, ecc_25519_sqrt): New functions.
1289 * ecc-internal.h (ecc_25519_sqrt): Declare it.
1291 2014-08-06 Niels Möller <nisse@lysator.liu.se>
1293 * testsuite/curve25519-dh-test.c (test_g): Use curve25519_base.
1294 (test_main): Use little-endian inputs for test_g.
1296 * curve25519-base.c (curve25519_base): New file, new function.
1297 Analogous to NaCl's crypto_scalarmult_base.
1298 * curve25519.h: New file.
1299 * Makefile.in (hogweed_SOURCES): Added curve25519-base.c.
1300 (HEADERS): Added curve25519.h.
1302 * gmp-glue.c (mpn_set_base256_le, mpn_get_base256_le): New functions.
1303 * gmp-glue.h: Declare them.
1305 2014-08-02 Niels Möller <nisse@lysator.liu.se>
1307 * testsuite/curve25519-dh-test.c (curve25519_sqrt): Fixed memory
1308 leak, a mpz_clear call was missing.
1310 * ecc-internal.h (ECC_MUL_A_EH_WBITS): Set to 4, to enable
1311 window-based scalar multiplication.
1313 * ecc-mul-a-eh.c (table_init) [ECC_MUL_A_EH_WBITS > 0]: Fixed
1314 initialization of TABLE(1).
1316 2014-07-29 Niels Möller <nisse@lysator.liu.se>
1318 * ecc-internal.h (ECC_MUL_A_EH_WBITS): New constant.
1319 (ECC_A_TO_EH_ITCH, ECC_MUL_A_EH_ITCH): New macros.
1320 * ecc-a-to-eh.c (ecc_a_to_eh, ecc_a_to_eh_itch): New file, new
1322 * ecc-mul-a-eh.c: New file.
1323 (ecc_mul_a_eh): New function. The case [ECC_MUL_A_EH_WBITS > 0]
1325 (ecc_mul_a_eh_itch): New function.
1326 * ecc.h: Declare new functions.
1327 * Makefile.in (hogweed_SOURCES): Added ecc-a-to-eh.c and
1330 * testsuite/curve25519-dh-test.c (curve25519_sqrt): New function.
1331 (curve_25519): Use ecc_mul_a_eh.
1332 (test_a): New function.
1333 (test_main): Test construction of shared secret, using scalar
1334 multiplication with points other than the fix generator.
1336 2014-07-26 Niels Möller <nisse@lysator.liu.se>
1338 * ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
1339 * ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
1341 2014-07-23 Niels Möller <nisse@lysator.liu.se>
1343 * testsuite/curve25519-dh-test.c: New test case, based on
1344 draft-josefsson-tls-curve25519-05 test vectors.
1345 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added curve25519-dh-test.c.
1347 2014-07-18 Niels Möller <nisse@lysator.liu.se>
1349 * ecc-mul-g-eh.c (ecc_mul_g_eh, ecc_mul_g_eh_itch): New file and
1350 functions. Untested.
1351 * ecc.h (ecc_mul_g_eh_itch): Declare new functions.
1352 * ecc-internal.h (ECC_MUL_G_EH_ITCH): New macro.
1353 * Makefile.in (hogweed_SOURCES): Added ecc-mul-g-eh.c.
1355 2014-07-17 Niels Möller <nisse@lysator.liu.se>
1357 * ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
1358 * ecc-internal.h (ECC_ADD_EH_ITCH): Reduced to 6*size.
1360 * testsuite/curve25519-dup-test.c (test_main): Free allocated
1363 2014-07-15 Niels Möller <nisse@lysator.liu.se>
1365 * ecc-add-eh.c (ecc_add_eh, ecc_add_eh_itch): New file, new
1367 * ecc.h: Declare new functions.
1368 * ecc-internal.h (ECC_ADD_EH_ITCH): New macro.
1369 * Makefile.in (hogweed_SOURCES): Added ecc-add-eh.c.
1370 * testsuite/curve25519-add-test.c (test_main): Test ecc_add_eh.
1371 Additional test for g2+g2. Free allocated storage.
1373 2014-07-14 Niels Möller <nisse@lysator.liu.se>
1375 * testsuite/curve25519-add-test.c: New test case.
1376 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
1377 curve25519-add-test.c.
1379 * ecc-add-ehh.c (ecc_add_ehh, ecc_add_ehh_itch): New file, new
1381 * ecc.h (ecc_add_ehh, ecc_add_ehh_itch): Declare them.
1382 * ecc-internal.h (ECC_ADD_EHH_ITCH): New macro.
1383 * Makefile.in (hogweed_SOURCES): Added ecc-add-ehh.c.
1385 * ecc-25519.c (nettle_curve25519): Use ecc_d instead of ecc_b.
1387 * eccdata.c: For curve25519, output the Edwards curve constant,
1388 ecc_d = (121665/121666) mod p.
1390 * testsuite/curve25519-dup-test.c (test_main): Add test for 4g.
1391 Delete some left-over debug output.
1393 2014-07-11 Niels Möller <nisse@lysator.liu.se>
1395 * misc/ecc-formulas.tex: Some ECC notes.
1397 * testsuite/curve25519-dup-test.c: New testcase.
1398 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
1399 curve25519-dup-test.c.
1401 * testsuite/testutils.c (test_ecc_point): Made non-static.
1402 * testsuite/testutils.h (struct ecc_ref_point): Moved here, from
1404 (test_ecc_point): Declare it.
1406 * ecc-dup-eh.c (ecc_dup_eh, ecc_dup_eh_itch): New file, new functions.
1407 * ecc-eh-to-a.c (ecc_eh_to_a, ecc_eh_to_a_itch): New file, new
1409 * ecc.h: Declare new functions.
1410 * ecc-internal.h (ECC_EH_TO_A_ITCH, ECC_DUP_EH_ITCH): New macros.
1411 * Makefile.in (hogweed_SOURCES): Added ecc-dup-eh.c and
1414 * ecc-internal.h (struct ecc_curve): New constant edwards_root.
1415 * ecc-192.c (nettle_secp_192r1): Updated accordingly, additional
1417 * ecc-224.c (nettle_secp_224r1): Likewise.
1418 * ecc-256.c (nettle_secp_256r1): Likewise.
1419 * ecc-384.c (nettle_secp_384r1): Likewise.
1420 * ecc-521.c (nettle_secp_521r1): Likewise.
1421 * ecc-25519.c (nettle_curve25519): Initialize new constant.
1423 * eccdata.c (ecc_curve_init): For curve 25519, use correct
1424 constant for edwards coordinate transform, and output the constant
1427 2014-07-06 Niels Möller <nisse@lysator.liu.se>
1429 * eccdata.c: Use separate is_zero flag to represent the neutral
1431 (output_point, output_point_redc): Unified to a single function,
1432 with a use_redc flag argument. Also support conversion to Edwards
1434 (ecc_curve_init_str): New argument for Edwards curve conversion
1437 2014-07-04 Niels Möller <nisse@lysator.liu.se>
1439 Started curve25519 branch.
1440 * ecc-25519.c: New file.
1441 (ecc_25519_modp): New function.
1442 (nettle_curve25519): New curve.
1444 * ecc-curve.h (nettle_curve25519): Declare it.
1446 * Makefile.in (hogweed_SOURCES): Added ecc-25519.c.
1447 (ecc-25519.h): New generated file. Add as explicit dependency for
1450 * testsuite/ecc-mod-test.c (test_curve): New function, extracted
1451 from test_main. Tolerate NULL modq function pointer.
1452 (test_main): Use test_curve, iterate over supported curves, and
1453 also test curve_25519 for the new modp function.
1455 2014-08-23 Niels Möller <nisse@lysator.liu.se>
1457 * ecc-modp.c (ecc_modp_sub_1): Deleted unused function.
1458 * ecc-internal.h: Deleted corresponding declaration.
1460 * examples/nettle-benchmark.c (time_cipher): Fixed memset calls,
1461 amending the totally broken change from 2014-02-06.
1463 2014-07-02 Niels Möller <nisse@lysator.liu.se>
1465 * eccdata.c (ecc_dup): Use mpz_submul_ui, now available in
1467 (ecc_type): New enum, for Weierstrass and Montgomery curves
1468 (ecc_curve): New field type.
1469 (ecc_dup): Support montgomery curves.
1470 (ecc_add): Likewise.
1471 (ecc_curve_init_str): New argument, for the curve type.
1472 (ecc_curve_init): Pass curve type to all ecc_curve_init_str calls.
1473 Recognize curve25519, for bit_size 255.
1474 (output_modulo): Deleted assert, which isn't true for curve25519.
1476 2014-06-30 Niels Möller <nisse@lysator.liu.se>
1478 * camellia-absorb.c: Include <limits.h>, needed for correct use of
1479 HAVE_NATIVE_64_BIT. Reported and debugged by Magnus Holmgren.
1480 Fixes debian build failure on s390x.
1482 2014-06-26 Niels Möller <nisse@lysator.liu.se>
1484 From Martin Storsjö:
1485 * configure.ac (IF_NOT_SHARED): New substituted variable.
1486 * hogweed.pc.in: Use @LIBS@, instead of hardcoding -lgmp. When
1487 shared libraries are disabled, move needed libraries from
1488 Requires.private: to Requires: and from Libs.private: to Libs:.
1490 From Nikos Mavrogiannopoulos.
1491 * examples/hogweed-benchmark.c (bench_alg): Tolerate alg->init
1493 (bench_openssl_ecdsa_init): Return NULL if
1494 EC_KEY_new_by_curve_name fails, indicating the curve is not
1497 2014-06-25 Niels Möller <nisse@lysator.liu.se>
1499 Support for building with mini-gmp instead of the real GMP. Loosely
1500 based on work by Nikos Mavrogiannopoulos.
1501 * configure.ac: New command line option --enable-mini-gmp. Also
1502 disable all libgmp-related checks when enabled.
1503 (NETTLE_USE_MINI_GMP): New substituted variable.
1504 (LIBHOGWEED_LIBS): Use $(LIBS) instead of -lgmp.
1505 (IF_MINI_GMP): New Makefile conditional.
1506 (GMP_NUMB_BITS): Alternative test for the mini-gmp case.
1507 Substituted also in bignum.h.
1508 (HAVE_MPZ_POWM_SEC): Drop this unused check.
1510 * bignum.h: Renamed, to...
1511 * bignum.h.in: New name.
1512 (NETTLE_USE_MINI_GMP): Substituted by configure.
1513 (GMP_NUMB_BITS): Substituted by configure, for the mini-gmp case.
1515 * Makefile.in (OPT_HOGWEED_SOURCES): New variable, value
1516 conditional on @IF_MINI_GMP@.
1517 (hogweed_SOURCES): Add $(OPT_HOGWEED_SOURCES).
1518 (PRE_CPPFLAGS): Add -I$(srcdir).
1519 (HEADERS): Delete bignum.h.
1520 (INSTALL_HEADERS): Add bignum.h. Also add mini-gmp.h, if mini-gmp
1522 (DISTFILES): Added bignum.h.in.
1523 (bignum.h): New target.
1524 (distclean-here): Delete bignum.h.
1526 * examples/ecc-benchmark.c (modinv_gcd) [NETTLE_USE_MINI_GMP]:
1527 Disable this benchmark.
1528 (mpn_random) [NETTLE_USE_MINI_GMP]: Provide a simple implementation.
1530 * testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Skip test, it
1531 depends on gmp_randstate_t.
1532 * testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Likewise.
1533 * testsuite/ecc-mul-a-test.c [NETTLE_USE_MINI_GMP]: Likewise.
1534 * testsuite/ecc-mul-g-test.c [NETTLE_USE_MINI_GMP]: Likewise.
1535 * testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Likewise.
1537 Various preparations for mini-gmp support.
1538 * testsuite/bignum-test.c: Use WITH_HOGWEED instead of HAVE_LIBGMP
1539 for preprocessor conditionals.
1540 * testsuite/testutils.h: Likewise.
1541 * testsuite/sexp-format-test.c: Likewise.
1543 * testsuite/ecdsa-keygen-test.c (test_main): Use printf,
1544 mpz_out_str and write_mpn instead of gmp_fprintf.
1545 * testsuite/ecdsa-sign-test.c (test_ecdsa): Likewise.
1546 * testsuite/ecdsa-verify-test.c (test_ecdsa): Likewise.
1548 * dsa.h: Include bignum.h instead of gmp.h.
1549 * ecc-internal.h: Likewise.
1551 * gmp-glue.h: Likewise.
1552 * pkcs1.h: Likewise.
1555 * testsuite/testutils.c (die): Use plain vfprintf, not
1557 (write_mpn): New function.
1558 (test_ecc_point): Use it, replacing gmp_fprintf.
1559 * testsuite/testutils.h (write_mpn): Declare it.
1561 * der-iterator.c: Deleted HAVE_LIBGMP conditionals.
1563 2014-06-07 Niels Möller <nisse@lysator.liu.se>
1565 * Released nettle-3.0.
1567 2014-06-04 Niels Möller <nisse@lysator.liu.se>
1569 * NEWS: List des-compat.h as a candidate for removal in the next
1572 * testsuite/des-compat-test.c (test_main): Fixed out of bounds
1573 memory read, reported by Nikos Mavrogiannopoulos.
1575 * nettle-write.h: Include <stddef.h>, fixing compilation on
1578 * aclocal.m4 (ac_stdint): Fixed "unsinged" typo, spotted by Andy
1581 2014-06-01 Niels Möller <nisse@lysator.liu.se>
1583 * x86_64/gcm-hash8.asm: Pass correct argument count to W64_EXIT.
1584 * x86_64/camellia-crypt-internal.asm: Pass correct argument count
1585 to W64_ENTRY and W64_EXIT.
1587 * x86_64/machine.m4 [W64_ABI]: Fix for the case of 6 function
1588 arguments. Also push %rdi unconditionally, and use aligned
1589 accesses for save and restore %xmm registers (movdqa).
1591 2014-05-31 Niels Möller <nisse@lysator.liu.se>
1593 * configure.ac: Check for COFF type directives.
1594 (ASM_COFF_STYLE): New substituted variable.
1595 * config.m4.in: Set COFF_STYLE from configure.
1596 * asm.m4 (PROLOGUE): Use COFF type directive, if enabled by
1597 configure. Fixes problem with windows dll linking.
1599 * asm.m4: Deleted unused offsets for struct aes_ctx.
1601 2014-05-28 Niels Möller <nisse@lysator.liu.se>
1603 * testsuite/nettle-pbkdf2-test: Delete carriage return characters
1606 * configure.ac (LIBHOGWEED_LIBS): Be explicit and link
1607 libhogweed.so with libnettle.so, not -lnettle.
1608 (LIBHOGWEED_LINK): Drop -L. flag, no longer needed, and previously
1609 not at the correct position in the link command line.
1611 2014-05-27 Niels Möller <nisse@lysator.liu.se>
1613 * examples/ecc-benchmark.c: If mpn_sec_powm is available,
1614 benchmark it, for modinv.
1615 (bench_modinv_powm): New function.
1616 (bench_curve): Use it.
1618 2014-05-22 Niels Möller <nisse@lysator.liu.se>
1621 * Makefile.in ($(des_headers)): Use the EXEEXT_FOR_BUILD.
1623 2014-05-15 Niels Möller <nisse@lysator.liu.se>
1625 * NEWS: Updated with library version numbers.
1627 * configure.ac (dummy-dep-files): Use simpler and more portable
1628 sed expression. Problem reported by Peter Eriksson.
1629 (LIBHOGWEED_MAJOR): Bumped shared library version to 3.0.
1630 (LIBHOGWEED_MINOR): Reset to zero. Also increased the package
1631 version number to 3.0.
1633 * getopt.c: Don't use gettext.
1635 2014-05-14 Niels Möller <nisse@lysator.liu.se>
1637 * testsuite/nettle-pbkdf2-test: Avoid the bash construction
1640 * getopt.c: Copied from glibc tree, tag glibc-2.19.
1641 * getopt.h: Likewise.
1642 * getopt1.c: Likewise.
1643 * getopt_int.h: New file, also copied from glibc.
1644 * Makefile.in (DISTFILES): Added getopt_int.h.
1646 2014-05-09 Niels Möller <nisse@lysator.liu.se>
1648 * mini-gmp.c: Updated, use version from gmp-6.0.0.
1649 * mini-gmp.h: Likewise.
1651 * testsuite/Makefile.in (all): Drop dependency on $(TARGETS), to
1652 delay building of test programs until make check.
1654 2014-05-08 Niels Möller <nisse@lysator.liu.se>
1656 * nettle.texinfo (nettle_aead abstraction): Document nettle_aead.
1658 * Makefile.in (nettle_SOURCES): Added nettle-meta-aeads.c.
1659 * nettle-meta.h (nettle_aeads): Declare array.
1660 * nettle-meta-aeads.c (nettle_aeads): New file, new array.
1661 * testsuite/meta-aead-test.c: New test case.
1662 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
1665 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD): If CC_FOR_BUILD is gcc, add
1666 -O option. This makes eccdata twice as fast.
1668 2014-05-06 Niels Möller <nisse@lysator.liu.se>
1670 * nettle.texinfo: Document SHA3 and ChaCha-Poly1305 as
1673 2014-05-05 Niels Möller <nisse@lysator.liu.se>
1675 * nettle.texinfo (POLY1305): Document poly1305-aes.
1676 (Authenticated encryption): Move AEAD algorithms to their own
1678 (RSA, DSA, ECDSA): Change some subsections to subsubsections.
1679 (ChaCha-Poly1305): Document ChaCha-Poly1305.
1681 2014-05-04 Niels Möller <nisse@lysator.liu.se>
1683 * nettle.texinfo (DSA): Document new DSA interface.
1684 (Salsa20): Update salsa20 docs.
1685 (ChaCha): Document ChaCha.
1687 2014-05-03 Niels Möller <nisse@lysator.liu.se>
1689 * configure.ac: Check for SIZEOF_SIZE_T.
1690 * ccm.c (ccm_set_nonce): Skip code for 64-bit encoding when size_t
1693 * nettle.texinfo (CCM): Document new ccm macros and constants.
1694 Describe ccm restrictions.
1696 * ccm.h (CCM_DIGEST_SIZE): New constant.
1698 2014-04-30 Niels Möller <nisse@lysator.liu.se>
1700 * ccm.c (CCM_IV_MAX_SIZE, CCM_IV_MIN_SIZE): Deleted, replaced by
1701 public constants CCM_MIN_NONCE_SIZE and CCM_MAX_NONCE_SIZE.
1702 (ccm_build_iv): Updated for above rename.
1703 (CCM_L_MAX_SIZE): Deleted, no longer used.
1705 * ccm.h (CCM_MIN_NONCE_SIZE, CCM_MAX_NONCE_SIZE): New constants.
1706 (CCM_MAX_MSG_SIZE): New macro.
1708 2014-04-27 Niels Möller <nisse@lysator.liu.se>
1710 * nettle.texinfo (Cipher modes): Subsection on AEAD constructions.
1711 (GCM): Update GCM documentation, including functions for
1712 gcm_aes128, gcm_camellia128, ...
1714 2014-04-26 Niels Möller <nisse@lysator.liu.se>
1716 * nettle.texinfo: Update for introduction of nettle_cipher_func.
1717 (GCM): Document GCM_DIGEST_SIZE.
1718 (UMAC): Document new UMAC constants.
1719 (Keyed hash functions): Make HMAC and UMAC their own info nodes.
1720 (EAX): Document EAX.
1722 * umac.h (UMAC_MIN_NONCE_SIZE, UMAC_MAX_NONCE_SIZE): New
1725 2014-04-25 Niels Möller <nisse@lysator.liu.se>
1727 * All hash-related files: Renamed all _DATA_SIZE constants to
1728 _BLOCK_SIZE, for consistency. Old names kept for backwards
1731 * nettle.texinfo (CCM): Documentation for CCM mode, contributed by
1734 * testsuite/ccm-test.c (test_cipher_ccm): And tests.
1736 * ccm.c (ccm_decrypt_message): Change length argument, should now
1737 be clear text (dst) length.
1738 * ccm-aes128.c (ccm_aes128_decrypt_message): Likewise.
1739 * ccm-aes192.c (ccm_aes192_decrypt_message): Likewise.
1740 * ccm-aes256.c (ccm_aes256_decrypt_message): Likewise.
1741 * ccm.h: Updated prototypes.
1743 2014-04-22 Niels Möller <nisse@lysator.liu.se>
1745 * nettle.texinfo (Recommended hash functions): Document additional
1748 * sha2.h (sha512_224_ctx, sha512_256_ctx): New aliases for the
1749 sha512_ctx struct tag.
1751 2014-04-17 Niels Möller <nisse@lysator.liu.se>
1753 * examples/Makefile.in (SOURCES): Deleted next-prime.c (forgotten
1754 in 2014-04-13 change).
1756 2014-04-16 Niels Möller <nisse@lysator.liu.se>
1758 * testsuite/ccm-test.c (test_cipher_ccm): Deleted check for NULL
1761 * sha3-224.c (sha3_224_init): Pass pointer to context struct, not
1762 pointer to first element, to memset.
1763 * sha3-256.c (sha3_256_init): Likewise.
1764 * sha3-384.c (sha3_384_init): Likewise.
1765 * sha3-512.c (sha3_512_init): Likewise.
1767 * examples/eratosthenes.c (vector_alloc): Use sizeof(*vector)
1768 instead of explicit type in malloc call.
1769 (vector_init): Make constant explicitly unsigned long.
1771 * tools/input.c (sexp_get_quoted_char): Deleted useless for loop.
1773 2014-04-13 Niels Möller <nisse@lysator.liu.se>
1775 * rsa-compat.c: Deleted file.
1776 * rsa-compat.h: Deleted file.
1777 * Makefile.in (hogweed_SOURCES): Deleted rsa-compat.c.
1778 (HEADERS): Deleted rsa-compat.h.
1780 * examples/next-prime.c: Deleted file.
1781 * bignum-next-prime.c (nettle_next_prime): Deleted file and
1783 * prime-list.h: Deleted file.
1784 * bignum.h (nettle_next_prime): Deleted prototype.
1785 * Makefile.in (hogweed_SOURCES): Deleted bignum-next-prime.c.
1786 (DISTFILES): Deleted prime-list.h.
1787 * examples/Makefile.in (HOGWEED_TARGETS): Deleted next-prime, and
1788 corresponding make target.
1790 2014-04-12 Niels Möller <nisse@lysator.liu.se>
1792 * nettle.texinfo (Copyright): Updated licensing info.
1795 * Makefile.in (DISTFILES): Distribute new COPYING* files.
1797 * COPYING.LESSERv3: New file.
1798 * COPYINGv3: New file.
1799 * COPYING.LIB: Deleted.
1800 * COPYINGv2: New name for GPL version 2 file.
1801 * COPYING: Old name, deleted.
1803 * Update license headers for LGPL3+ and GPL2+ dual licensing.
1805 2014-04-11 Niels Möller <nisse@lysator.liu.se>
1807 * testsuite/testutils.c (test_aead): Use aead->digest_size.
1809 * configure.ac: Skip GMP tests if public key support is disabled.
1811 * eax.c (block16_xor): Fixed bug effecting 32-bit platforms.
1813 * Makefile.in (DISTFILES): Deleted memxor.c, already included via
1815 * tools/Makefile.in (SOURCES): Add nettle-pbkdf2.c.
1817 2014-04-10 Niels Möller <nisse@lysator.liu.se>
1819 From Nikos Mavrogiannopoulos:
1820 * examples/hogweed-benchmark.c (bench_openssl_ecdsa_init): Support
1821 for secp192r1 and secp256r1.
1822 (alg_list): Add them.
1824 2014-04-09 Niels Möller <nisse@lysator.liu.se>
1826 * examples/nettle-benchmark.c (main): Benchmark sha512_224 and
1829 * testsuite/sha512-224-test.c: New file.
1830 * testsuite/sha512-256-test.c: New file.
1831 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new files.
1833 * nettle-meta.h (nettle_sha512_224, nettle_sha512_256): Declare.
1834 * sha512-224-meta.c (nettle_sha512_224): New file, new nettle_hash.
1835 * sha512-256-meta.c (nettle_sha512_256): New file, new nettle_hash.
1837 * sha2.h (SHA512_224_DIGEST_SIZE, SHA512_224_DATA_SIZE)
1838 (SHA512_256_DIGEST_SIZE, SHA512_256_DATA_SIZE): New constants.
1840 * sha512.c (sha512_256_digest): Typo fix, call sha512_256_init.
1842 * testsuite/testutils.c (test_hash): Removed redundant init call.
1843 Tests that digest implies init.
1845 2014-03-28 Niels Möller <nisse@lysator.liu.se>
1847 * testsuite/dsa-keygen-test.c (test_main): Explicitly use
1848 dsa_compat_generate_keypair.
1849 (test_main): Test dsa_generate_params and dsa_generate_keypair
1850 with a large q; p_bits = 1024, q_bits = 768.
1852 * testsuite/testutils.h: Undo dsa-compat.h name mangling.
1854 * dsa-keygen.c (dsa_generate_keypair): New interface, generating
1855 only a keypair, and no new parameters.
1856 * dsa-compat-keygen.c (dsa_compat_generate_keypair): New file.
1857 Moved old key generation function here. Use dsa_generate_keypair.
1859 2014-03-27 Niels Möller <nisse@lysator.liu.se>
1861 * dsa-compat.c (dsa_public_key_init, dsa_public_key_clear)
1862 (dsa_private_key_init, dsa_private_key_clear): : Move deprecated
1863 DSA functions to a separate file...
1864 * dsa.c: ...from here.
1865 * dsa-compat.h: New file, declaring deprecated DSA interface.
1866 Include in corresponding C files.
1867 * Makefile.in (hogweed_SOURCES): Add dsa-compat.c.
1868 (HEADERS): Add dsa-compat.h.
1870 * dsa-gen-params.c (dsa_generate_params): New file and function,
1871 extracted from DSA key generation.
1872 * dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
1874 2014-03-26 Niels Möller <nisse@lysator.liu.se>
1876 * der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA
1877 interface. Allow q_size == 0, meaning any q < p is allowed.
1878 Additional validity checks.
1879 (dsa_public_key_from_der_iterator): Converted to new DSA
1880 interface. Also check that the public value is in the correct
1882 (dsa_openssl_private_key_from_der_iterator): Converted
1883 to new DSA interface. Additional validity checks.
1884 (dsa_openssl_private_key_from_der): Converted to new DSA
1886 * tools/pkcs1-conv.c (convert_dsa_private_key): Update to use
1887 struct dsa_params, and adapt to the der decoding changes.
1888 (convert_public_key): Likewise.
1890 * examples/hogweed-benchmark.c: Update dsa benchmarking to use new
1893 * dsa.c (dsa_params_init, dsa_params_clear): New functions.
1894 (dsa_public_key_init): Use dsa_params_init.
1895 (dsa_public_key_clear): Use dsa_params_clear.
1897 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Converted to new DSA
1898 interface. Allow q_size == 0, meaning any q < p is allowed.
1899 Additional validity checks.
1900 (dsa_sha1_keypair_from_sexp, dsa_sha256_keypair_from_sexp):
1901 Converted to new DSA interface.
1903 * dsa2sexp.c (dsa_keypair_to_sexp): Converted to new DSA
1905 * tools/pkcs1-conv.c: Updated uses of dsa_keypair_to_sexp.
1907 * dsa.h (struct dsa_params): New struct.
1909 * dsa-sign.c (dsa_sign): Use struct dsa_params, with key as a
1911 * dsa-verify.c (dsa_verify): Likewise.
1912 * dsa-sha1-verify.c (dsa_sha1_verify_digest, dsa_sha1_verify): Use
1913 dsa_verify, cast the struct dsa_public_key * input to a struct
1915 * dsa-sha256-verify.c (dsa_sha256_verify_digest)
1916 (dsa_sha256_verify): Likewise.
1917 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise
1918 use dsa_sign, with a cast from struct dsa_public_key * to struct
1920 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
1923 * testsuite/testutils.c (test_dsa_verify): Use struct dsa_params.
1924 (test_dsa_key): Likewise.
1925 * testsuite/dsa-test.c (test_main): Adapt to test_dsa_key and
1926 test_dsa_verify changes.
1927 * testsuite/dsa-keygen-test.c (test_main): Adapt to
1928 test_dsa_key change.
1930 * testsuite/testutils.c (test_dsa_sign): #if out, currently
1933 2014-03-23 Niels Möller <nisse@lysator.liu.se>
1938 * ccm-aes128.c: New file.
1939 * ccm-aes192.c: New file.
1940 * ccm-aes256.c: New file.
1941 * Makefile.in (nettle_SOURCES): Added ccm source files.
1942 (HEADERS): Added ccm.h.
1943 * testsuite/ccm-test.c: New file.
1944 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added ccm-test.c.
1946 2014-03-20 Niels Möller <nisse@lysator.liu.se>
1948 From Joachim Strömbergson:
1949 * sha512.c (K): Indentation fix.
1950 (sha512_224_init, sha512_224_digest, sha512_256_init)
1951 (sha512_256_digest): New functions.
1952 * sha2.h: Add prototypes.
1953 (sha512_224_update, sha512_256_update): New aliases for
1956 2014-03-18 Niels Möller <nisse@lysator.liu.se>
1958 * examples/nettle-benchmark.c (main): Add benchmarking of arcfour,
1959 salsa20 and chacha, via time_aead.
1961 * nettle-internal.c (nettle_arcfour128): Define, as a struct
1962 nettle_aead (with NULL set_nonce, update, and digest methods).
1963 * examples/nettle-openssl.c (nettle_openssl_arcfour128): Likewise.
1964 * nettle-internal.h (nettle_arcfour128)
1965 (nettle_openssl_arcfour128): Declare.
1967 * nettle-types.h (nettle_cipher_func): New typedef, similar to
1968 nettle_crypt_func, but with a const context, intended for block
1970 * nettle-meta.h (struct nettle_cipher): Use the nettle_cipher_func
1972 * Many other files affected: aes*-meta.c, camellia*-meta.c,
1973 cast128-meta.c, serpent-meta.c, twofish-meta.c, cbc.[ch],
1974 ctr.[ch], ctr.[ch], des-compat.c, eax.[ch], gcm*.[ch],
1975 nettle-internal.*, testsuite/aes-test.c,
1976 examples/nettle-benchmark.c, examples/nettle-openssl.c.
1978 2014-03-16 Niels Möller <nisse@lysator.liu.se>
1980 * chacha-set-key.c: Include string.h.
1982 * arcfour-meta.c: Deleted file.
1983 * nettle-meta.h (nettle_arcfour128): Deleted declaration.
1984 * nettle-meta-ciphers.c (nettle_ciphers): Deleted
1985 nettle_arcfour128 from list.
1986 * Makefile.in (nettle_SOURCES): Deleted arcfour-meta.c.
1987 * examples/nettle-openssl.c (nettle_openssl_arcfour128): Deleted.
1988 * testsuite/meta-cipher-test.c: Adjust test for removal of
1991 2014-03-15 Niels Möller <nisse@lysator.liu.se>
1993 * examples/nettle-benchmark.c (struct bench_aead_info): New
1995 (bench_aead_crypt, bench_aead_update, init_nonce, time_aead): New
1996 functions, for benchmarking aead algorithms.
1997 (time_gcm, time_eax): Deleted functions.
1998 (main): Use time_aead to benchmark gcm, eax and chacha-poly1305.
2000 * salsa20.h (SALSA20_NONCE_SIZE): Renamed constant, old name
2001 SALSA20_IV_SIZE kept as an alias.
2002 (salsa20_set_nonce): Update prototype for the 2014-01-20 rename.
2004 * Makefile.in (.asm.s): Add dependencies.
2005 (.s.o, .s.po): Empty any dependency .d file.
2007 2014-03-04 Niels Möller <nisse@lysator.liu.se>
2009 * testsuite/chacha-test.c (test_main): Additional test cases, for
2012 * Makefile.in (nettle_SOURCES): Deleted chacha128-set-key.c and
2013 chacha256-set-key.c.
2015 * chacha.h (CHACHA256_KEY_SIZE): Deleted.
2016 (chacha_set_key): Updated prototype.
2017 * chacha256-set-key.c (chacha256_set_key): Deleted file and
2018 function, moved to...
2019 * chacha-set-key.c (chacha_set_key): Do 256-bit keys only. Deleted
2020 length argument. Updated all callers.
2022 * chacha128-set-key.c (chacha128_set_key): Deleted file and
2023 function. Support for 128-bit chacha keys may be reintroduced
2024 later, if really needed.
2025 * chacha.h: Deleted chacha128-related declarations.
2026 * chacha-set-key.c (chacha_set_key): Drop support for 128-bit
2028 * testsuite/chacha-test.c (test_main): #if:ed out all tests with
2031 2014-02-16 Niels Möller <nisse@lysator.liu.se>
2033 * gcm.h: Declarations for gcm-camellia256.
2034 * gcm-camellia256.c: New file.
2035 * gcm-camellia256-meta.c: New file.
2036 * nettle-meta.h (nettle_gcm_camellia256): Declare.
2037 * Makefile.in (nettle_SOURCES): Added gcm-camellia256.c and
2038 gcm-camellia256-meta.c.
2039 * testsuite/gcm-test.c (test_main): Test cases for
2040 nettle_gcm_camellia256.
2042 * gcm.h: Include camellia.h. Declarations for gcm-camellia128.
2043 * gcm-camellia128.c: New file.
2044 * gcm-camellia128-meta.c: New file.
2045 * nettle-meta.h (nettle_gcm_camellia128): Declare.
2046 * Makefile.in (nettle_SOURCES): Added gcm-camellia128.c and
2047 gcm-camellia128-meta.c.
2048 * testsuite/gcm-test.c (test_main): Test cases for
2049 nettle_gcm_camellia128. From Nikos Mavrogiannopoulos.
2051 2014-02-13 Niels Möller <nisse@lysator.liu.se>
2053 * Makefile.in (nettle_SOURCES): Added eax-aes128.c
2055 * examples/nettle-benchmark.c: Include eax.h.
2056 * nettle-meta.h (nettle_eax_aes128): Declare, moved from
2058 * eax.h: Declare eax_aes128_ctx and related functions. Moved from
2060 (EAX_IV_SIZE): New constant.
2061 * eax-aes128-meta.c (nettle_eax_aes128): Moved definition to new
2063 * eax-aes128.c (eax_aes128_set_key, eax_aes128_set_nonce)
2064 (eax_aes128_update, eax_aes128_encrypt, eax_aes128_decrypt)
2065 (eax_aes128_digest): Moved functions to a new file.
2066 * nettle-internal.c: ... from old location.
2067 * nettle-internal.h: Moved eax declarations elsewhere.
2069 * tools/nettle-pbkdf2.c (main): Added missing deallocation.
2071 2014-02-12 Niels Möller <nisse@lysator.liu.se>
2073 * chacha-poly1305.h: New file.
2074 * chacha-poly1305.c: New file.
2075 * chacha-poly1305-meta.c (nettle_chacha_poly1305): New file, new
2077 * nettle-meta.h (nettle_chacha_poly1305): Declare.
2079 * Makefile.in (nettle_SOURCES): Added chacha-poly1305.c and
2080 chacha-poly1305-meta.c.
2081 (HEADERS): Added chacha-poly1305.h.
2083 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
2084 chacha-poly1305-test.c.
2085 * testsuite/chacha-poly1305-test.c: New file.
2087 * nettle-meta.h (struct nettle_aead): New generalized version
2089 (nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256)
2090 (nettle_eax_aes128): Declare, moved from nettle-internal.h.
2091 * nettle-internal.h (struct nettle_aead): Deleted struct, moved to
2092 nettle-meta.h. Deleted declarations of unused instances.
2093 (_NETTLE_AEAD): Deleted macro.
2094 * nettle-internal.c (nettle_eax_aes128): Updated for new
2096 (nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256):
2097 Deleted, moved to new files.
2098 * gcm-aes128-meta.c (nettle_gcm_aes128): Moved to new file,
2099 updated for new nettle_aead struct.
2100 * gcm-aes192-meta.c (nettle_gcm_aes192): Likewise.
2101 * gcm-aes256-meta.c (nettle_gcm_aes256): Likewise.
2102 * testsuite/testutils.c (test_aead): Take alternative set_nonce
2103 function as argument, and use it when nonce size differs from
2105 * testsuite/testutils.h (test_aead): Updated prototype.
2106 * testsuite/gcm-test.c (nettle_gcm_unified_aes128): Updated for
2107 new nettle_aead struct.
2108 (test_main): Pass additional argument to test_aead.
2109 * testsuite/eax-test.c (test_main): Pass additional NULL argument
2112 * eax.h (EAX_DIGEST_SIZE): New constant.
2113 * gcm.h (GCM_DIGEST_SIZE): Likewise.
2115 2014-02-10 Niels Möller <nisse@lysator.liu.se>
2117 * chacha-set-nonce.c (chacha_set_nonce): Renamed file and
2118 function, updated callers and Makefile.in.
2119 * chacha-set-iv.c (chacha_set_iv): ... from old names.
2121 2014-02-08 Niels Möller <nisse@lysator.liu.se>
2123 * testsuite/chacha-test.c (test_chacha): For 20 rounds, use
2124 chacha_crypt, and test varying the message length.
2125 (test_main): Add second key stream block, for all testcases with
2128 * chacha-crypt.c (chacha_crypt): Fixed block counter update.
2130 2014-02-07 Niels Möller <nisse@lysator.liu.se>
2132 * nettle.texinfo (ASCII encoding): Document that
2133 base16_encode_update and base64_encode_update now uses dst_length
2136 * testsuite/base64-test.c (test_main): Updated
2137 base64_decode_update test case.
2139 * sexp-transport.c (sexp_transport_iterator_first): For
2140 base64_decode_update, omit initialization of coded_length.
2141 * examples/base64dec.c (main): Likewise.
2142 * examples/base16dec.c (main): Likewise, for base16_decode_update.
2144 * base64-decode.c (base64_decode_update): Use *dst_length for
2145 output only. Don't require callers to pass a sane value.
2146 * base16-decode.c (base16_decode_update): Likewise.
2148 2014-02-06 Niels Möller <nisse@lysator.liu.se>
2150 * NEWS: List _set_key incompatibilities.
2152 * nettle-meta.h (_NETTLE_CIPHER_SEP, _NETTLE_CIPHER_SEP_SET_KEY)
2153 (_NETTLE_CIPHER_FIX, _NETTLE_CIPHER): Deleted unused macros.
2155 * nettle-internal.c (nettle_blowfish128): Deleted only use of
2158 * blowfish.c (blowfish128_set_key): New function.
2159 * blowfish.h (BLOWFISH128_KEY_SIZE): New constant.
2161 * cast128-meta.c (nettle_cast128): Deleted only use of
2164 * examples/nettle-benchmark.c (time_cipher): Fixed memset calls.
2166 2014-01-30 Niels Möller <nisse@lysator.liu.se>
2168 * Makefile.in (nettle_SOURCES): Arrange in alphabetic order.
2170 * nettle.texinfo: Updated, document size_t for length arguments.
2171 Document new AES and Camellia interfaces.
2173 * ecc-size.c (ecc_bit_size): New function.
2174 * ecc.h (ecc_bit_size): Declare it.
2176 2014-01-29 Niels Möller <nisse@lysator.liu.se>
2178 * nettle-types.h (typedef nettle_set_key_func): Deleted length
2181 * arctwo.c (arctwo40_set_key, arctwo64_set_key)
2182 (arctwo128_set_key, arctwo128_set_key_gutmann): New functions.
2183 * arctwo.h: Declare them.
2184 * arctwo-meta.c (ARCTWO): New macro.
2185 (nettle_arctwo40, nettle_arctwo64, nettle_arctwo128)
2186 (nettle_arctwo_gutmann128): Use new _set_key functions.
2188 * arcfour.h (ARCFOUR128_KEY_SIZE): New constant.
2189 * arcfour.c (arcfour128_set_key): New function.
2190 * arcfour-meta.c (nettle_arcfour128): Use arcfour128_set_key and
2191 ARCFOUR128_KEY_SIZE.
2193 * cast128.c (cast5_set_key): Renamed, was cast128_set_key.
2194 (cast128_set_key): New definition, with fixed key size.
2195 * cast128.h (CAST128_MIN_KEY_SIZE, CAST128_MAX_KEY_SIZE): Renamed
2197 (CAST5_MIN_KEY_SIZE, CAST5_MAX_KEY_SIZE): ... new names.
2199 * eax.h (EAX_SET_KEY): Deleted length argument.
2201 * aes128-meta.c: Deleted _set_key wrappers.
2202 * aes192-meta.c: Likewise.
2203 * aes256-meta.c: Likewise.
2204 * camellia128-meta.c: Likewise.
2205 * camellia192-meta.c: Likewise.
2206 * camellia256-meta.c: Likewise.
2208 * gcm-aes128.c (gcm_aes128_set_key): Deleted length argument.
2209 * gcm-aes192.c (gcm_aes192_set_key): Likewise.
2210 * gcm-aes256.c (gcm_aes256_set_key): Likewise.
2211 * gcm.h: Updated prototypes.
2213 * serpent-set-key.c (serpent128_set_key, serpent192_set_key)
2214 (serpent256_set_key): New functions.
2215 * serpent.h: Declare new functions.
2216 (SERPENT128_KEY_SIZE, SERPENT192_KEY_SIZE)
2217 (SERPENT256_KEY_SIZE): New constants.
2218 * serpent-meta.c (SERPENT): New macro.
2219 (nettle_serpent128, nettle_serpent192, nettle_serpent256): Use new
2222 * twofish-set-key.c (twofish128_set_key, twofish192_set_key)
2223 (twofish256_set_key): New functions.
2224 * twofish.h: Declare new functions.
2225 (TWOFISH128_KEY_SIZE, TWOFISH192_KEY_SIZE)
2226 (TWOFISH256_KEY_SIZE): New constants.
2227 * twofish-meta.c (TWOFISH): New macro.
2228 (nettle_twofish128, nettle_twofish192, nettle_twofish256): Use new
2231 * nettle-internal.h (struct nettle_aead): Use
2232 nettle_hash_update_func for the set_iv function pointer.
2234 * nettle-internal.c (des_set_key_hack, des3_set_key_hack): Deleted
2236 (chacha_set_key_hack): Deleted length argument. Use
2238 (salsa20_set_key_hack): Deleted length argument. Use
2239 salsa20_256_set_key.
2240 (nettle_unified_aes128, nettle_unified_aes192)
2241 (nettle_unified_aes256): Deleted, moved to test program.
2242 (eax_aes128_set_key): Deleted length argument. Use EAX_SET_KEY.
2244 * examples/nettle-benchmark.c: Updated for _set_key changes.
2245 * examples/nettle-openssl.c: Likewise.
2246 * testsuite/testutils.c: Likewise.
2247 * testsuite/gcm-test.c: Likewise.
2249 * testsuite/aes-test.c (UNIFIED_AES): New macro. Moved glue for
2250 testing the old aes interface (struct aes_ctx) here.
2252 * testsuite/arcfour-test.c (test_arcfour): New function, for key
2254 (test_main): Use it.
2256 * testsuite/blowfish-test.c (test_blowfish): New function.
2257 (test_main): Use it. Also deleted old #if:ed out code.
2259 * testsuite/cast128-test.c (test_cast5): New function.
2260 (test_main): Use it, for 40-bit and 80-bit tests.
2262 * testsuite/serpent-test.c (test_serpent): New function.
2263 (test_main): Use it.
2265 2014-01-27 Niels Möller <nisse@lysator.liu.se>
2267 * eax.h (struct eax_key, struct eax_ctx): Use union
2268 nettle_block16, for alignment.
2269 * eax.c: Updated everything to use nettle_block16.
2270 (block16_xor): New function.
2272 * examples/nettle-benchmark.c (time_eax): New function.
2275 * x86_64/chacha-core-internal.asm: Use pshufhw + pshuflw for the
2278 * configure.ac (asm_replace_list): Added chacha-core-internal.asm.
2279 * x86_64/chacha-core-internal.asm: New file.
2281 * examples/nettle-benchmark.c (main): Add benchmarking of chacha.
2282 * nettle-internal.c (nettle_chacha): New const struct, for the
2285 Chacha implementation, based on contribution by Joachim
2287 * chacha.h: New file.
2288 * chacha256-set-key.c (chacha256_set_key): New file and function.
2289 * chacha128-set-key.c (chacha128_set_key): New file and function.
2290 * chacha-set-key.c (chacha_set_key): New file and function.
2291 * chacha-set-iv.c (chacha_set_iv): New file and function.
2292 * chacha-core-internal.c (_chacha_core): New file and function.
2293 * chacha-crypt.c (chacha_crypt): New file and function.
2294 * Makefile.in (nettle_SOURCES): Added chacha files.
2295 (HEADERS): Added chacha.h.
2296 * testsuite/chacha-test.c: New file.
2297 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added chacha-test.c.
2299 2014-01-26 Niels Möller <nisse@lysator.liu.se>
2301 * nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to...
2302 (_NETTLE_AEAD): ... new name, and deleted old definition. Also use
2303 _set_nonce instead of _set_iv.
2304 * nettle-internal.c (nettle_gcm_aes128, nettle_gcm_aes192)
2305 (nettle_gcm_aes256): Define in terms of new interface.
2306 (nettle_eax_aes128): Updated for _NETTLE_AEAD changes.
2308 * testsuite/gcm-test.c (test_gcm_hash): Likewise use struct
2310 (test_main): Added a testcase using the old interface based on
2313 * examples/nettle-benchmark.c (time_gcm): Update to use new struct
2314 gcm_aes128_ctx. Also use name "gcm-aes128" in output.
2316 * gcm.h: New interface for gcm_aes128, gcm_aes192, gcm_aes256,
2317 using the new AES interface.
2318 (GCM_CTX): Reorder fields, putting the cipher context
2321 * Makefile.in (nettle_SOURCES): Added gcm-aes128.c, gcm-aes192.c,
2324 * gcm-aes128.c: New file.
2325 * gcm-aes192.c: New file
2326 * gcm-aes256.c: New file.
2328 2014-01-25 Niels Möller <nisse@lysator.liu.se>
2330 * gcm.h (GCM_SET_KEY): Deleted length argument.
2331 * gcm-aes.c (gcm_aes_set_key): Use aes_set_encrypt_key and
2332 gcm_set_key, can no longer use GCM_SET_KEY macro.
2334 2014-01-23 Niels Möller <nisse@lysator.liu.se>
2336 * testsuite/gcm-test.c (test_main): Use the correct
2337 nettle_gcm_aes128/192/256 object.
2339 2014-01-21 Niels Möller <nisse@lysator.liu.se>
2341 Merged camellia-reorg changes (starting at 2013-10-07).
2343 2013-10-10 Niels Möller <nisse@lysator.liu.se>
2345 * Makefile.in (nettle_SOURCES): Updated list of camellia files.
2347 * testsuite/camellia-test.c (test_invert): Updated for new
2350 * camellia.h: Reorganized camellia interface, with distinct
2351 context structs and functions for camellia128 and camellia256.
2353 * camellia-meta.c: Deleted file.
2354 * camellia256-meta.c: New file.
2355 * camellia192-meta.c: New file.
2356 * camellia128-meta.c: New file.
2358 * camellia-set-decrypt-key.c: Deleted file, code moved to:
2359 * camellia128-set-decrypt-key.c: New file.
2360 (camellia128_invert_key, camellia128_set_decrypt_key): New
2362 * camellia256-set-decrypt-key.c: New file.
2363 (camellia256_invert_key, camellia256_set_decrypt_key)
2364 (camellia192_set_decrypt_key): New functions.
2365 * camellia-invert-key.c (_camellia_invert_key): New file and
2368 * camellia-set-encrypt-key.c: Deleted file, code moved to:
2369 * camellia128-set-encrypt-key.c: New file.
2370 (camellia128_set_encrypt_key): New function.
2371 * camellia256-set-encrypt-key.c: New file.
2372 (_camellia256_set_encrypt_key, camellia256_set_encrypt_key)
2373 (camellia192_set_encrypt_key): New functions.
2374 * camellia-absorb.c (_camellia_absorb): New file and function.
2375 * camellia-internal.h: Moved key schedule macros here.
2377 * camellia-crypt.c: Deleted file, code moved to:
2378 * camellia128-crypt.c (camellia128_crypt): New file and function.
2379 * camellia256-crypt.c (camellia256_crypt): New file and function.
2381 2013-10-07 Niels Möller <nisse@lysator.liu.se>
2383 * configure.ac: Delete check for ALIGNOF_UINT64_T, no longer
2385 * config.m4.in: Likewise delete ALIGNOF_UINT64_T.
2387 * camellia-crypt.c (camellia_crypt): Updated call to
2389 * camellia-internal.h (_camellia_crypt): Updated prototype.
2390 * camellia-crypt-internal.c (_camellia_crypt): Take separate
2391 arguments for rounds and subkey array.
2392 * x86_64/camellia-crypt-internal.asm: Likewise. Also corrected
2394 * x86/camellia-crypt-internal.asm: Likewise.
2396 2014-01-20 Niels Möller <nisse@lysator.liu.se>
2398 * poly1305-internal.c (poly1305_digest): Use union nettle_block16
2400 * poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
2403 Merged poly1305 changes (starting at 2013-11-08).
2404 * x86_64/poly1305-internal.asm: Update to new interface.
2405 poly1305_digest much simplified.
2407 * poly1305.h (struct poly1305_ctx): Moved block and index
2409 (struct poly1305_aes_ctx): ... to here.
2410 * asm.m4: Delete also from the assembly definition of struct
2413 * poly1305-internal.c (poly1305_digest): Don't do final padding
2414 here, leave that to caller. Add digest to the provided nonce s,
2415 and deleted length and dst arguments. Also reset h0-h4 to zero
2417 (_poly1305_block): Renamed, from...
2418 (poly1305_block): ...old name.
2420 * poly1305-aes.c (poly1305_aes_update): New function.
2421 (poly1305_aes_digest): Update for poly1305_digest changes, do
2424 * poly1305.c (poly1305_update): Deleted file and function. Moved
2426 * Makefile.in (nettle_SOURCES): Deleted poly1305.c.
2428 2014-01-17 Niels Möller <nisse@lysator.liu.se>
2430 * poly1305-internal.c (poly1305_block): Additional argument with
2432 (poly1305_block_internal): Deleted function, code moved into the
2434 (poly1305_digest): Simplified padding code, call poly1305_block
2436 * poly1305.h (poly1305_block): Update prototype.
2437 * poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
2438 * x86_64/poly1305-internal.asm (poly1305_block): Handle new
2441 * poly1305.h (struct poly1305_ctx): Moved nonce field from here...
2442 (struct poly1305_aes_ctx): ... to here.
2443 * poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
2445 * poly1305.c (poly1305_set_nonce): Deleted function.
2446 * asm.m4: Delete nonce also from the assembly definition of struct
2449 2014-01-16 Niels Möller <nisse@lysator.liu.se>
2451 * poly1305-aes.c: Include poly1305.h. Rewrite functions without
2452 using the POLY1305_* macros.
2454 * Makefile.in (HEADERS): Deleted poly1305-aes.h.
2456 * poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE)
2457 (POLY1305_DIGEST): Deleted macros. Only implemented variant is
2459 (POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE):
2461 (POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here,
2462 from poly1305-aes.h.
2463 (struct poly1305_aes_ctx): Likewise.
2464 (poly1305_aes_set_key, poly1305_aes_set_nonce)
2465 (poly1305_aes_update, poly1305_aes_digest): Likewise.
2466 * poly1305-aes.h: Deleted file, declarations moved to poly1305.h.
2469 * poly1305-internal.c (s2, s3, s4): Fixed macros.
2471 * poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx
2472 by struct aes128_ctx.
2473 * poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest):
2474 Update to use aes128_* functions.
2475 * poly1305.h (POLY1305_SET_KEY): Drop key size argument when
2478 2013-12-19 Niels Möller <nisse@lysator.liu.se>
2480 * poly1305-aes.h (poly1305_aes_update): Define as an alias for
2481 poly1305_update, using preprocessor and a type cast.
2483 * poly1305-aes.c (poly1305_aes_update): Deleted function.
2485 * poly1305.h (poly1305_update): Declare.
2486 (_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros.
2488 * poly1305.c (poly1305_update): New function.
2490 2013-11-21 Niels Möller <nisse@lysator.liu.se>
2492 * x86_64/poly1305-internal.asm: New file. Almost a factor of two
2495 * configure.ac (asm_replace_list): Added poly1305-internal.asm.
2497 * asm.m4: Define struct offsets for 64-bit poly1305_ctx.
2499 * poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
2500 additional argument to poly1305_digest.
2501 (struct poly1305_ctx): Introduce unions, to support either 26-bit
2502 or 64-bit implementation.
2504 * poly1305-internal.c (poly1305_digest): Added s argument.
2506 * poly1305.c (poly1305_set_s): Deleted function.
2508 2013-11-12 Niels Möller <nisse@lysator.liu.se>
2510 * poly1305-internal.c: New file, for poly1305 functions depending
2511 on the internal mod (2^130 - 5) representation.
2512 (poly1305_block_internal): New helper function.
2513 (poly1305_block, poly1305_digest): Use it.
2515 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2517 * poly1305.h: New file.
2518 * poly1305.c: New file.
2519 * poly1305-aes.h: New file.
2520 * poly1305-aes.c: New file.
2521 * Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
2522 (HEADERS): Added poly1305-aes.h and poly1305.h.
2524 * testsuite/poly1305-test.c: New file.
2525 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
2527 * examples/nettle-benchmark.c (time_poly1305_aes): New function.
2528 (main): Benchmark poly1305.
2530 2014-01-20 Niels Möller <nisse@lysator.liu.se>
2532 * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
2533 salsa20-128-set-key.c, and salsa20-256-set-key.c.
2535 * salsa20.h: Declare new functions.
2536 (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
2537 (salsa20_set_iv): Define as an alias for salsa20_set_nonce.
2539 * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
2540 salsa20_256_set_key.
2541 (salsa20_set_iv): Renamed and moved...
2542 * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
2544 * salsa20-256-set-key.c (salsa20_256_set_key): New file and
2546 * salsa20-128-set-key.c (salsa20_128_set_key): New file and
2549 2014-01-13 Niels Möller <nisse@lysator.liu.se>
2551 * nettle-types.h (union nettle_block16): New type, replacing union
2553 * gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
2554 * gcm.c: Replaced all use of gcm_block by nettle_block16.
2556 2014-01-04 Niels Möller <nisse@lysator.liu.se>
2558 * config.guess: Updated to 2014-01-01 version, from
2559 git://git.sv.gnu.org/config.git.
2560 * config.sub: Likewise.
2562 * testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark):
2564 (test_memxor, test_memxor3): Use test_mark to tell valgrind the
2565 start and end of src and destination areas.
2567 * configure.ac: Check for valgrind/memcheck.h.
2569 * testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes,
2570 needed for the way unaligned data is handled in, e.g., memxor.
2572 2014-01-03 Niels Möller <nisse@lysator.liu.se>
2574 * shadata.c (main): Zero-pad output values to 8 hex digits.
2575 * sha256.c (K): Updated table.
2577 2013-12-17 Niels Möller <nisse@lysator.liu.se>
2579 * configure.ac (ASM_RODATA): New substituted variable. Needed for
2580 portability to darwin.
2581 * config.m4.in: Define RODATA, using configure variable ASM_RODATA
2582 * x86_64/gcm-hash8.asm: Use RODATA macro.
2584 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Use
2585 stronger variants of Pocklington's theorem, to allow p0 of size
2588 2013-12-15 Niels Möller <nisse@lysator.liu.se>
2590 * nettle-internal.h (NETTLE_MAX_BIGNUM_BITS)
2591 (NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits.
2593 2013-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
2595 Introduced TMP_GMP_ALLOC macro for temporary allocations of
2596 potentially large data, e.g, sized as an RSA key.
2597 * gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New
2599 * gmp-glue.c (gmp_alloc, gmp_free): New functions.
2600 * bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC.
2601 * bignum-random.c (nettle_mpz_random_size): Likewise.
2602 * pkcs1-decrypt.c (pkcs1_decrypt): Likewise.
2603 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
2604 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise.
2605 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
2606 (pkcs1_rsa_sha512_encode_digest): Likewise.
2607 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
2608 (pkcs1_rsa_sha256_encode_digest): Likewise.
2609 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
2610 (pkcs1_rsa_sha1_encode_digest): Likewise.
2611 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
2612 (pkcs1_rsa_md5_encode_digest): Likewise.
2614 2013-12-14 Niels Möller <nisse@lysator.liu.se>
2616 * x86_64/gcm-hash8.asm: Use .short rather than .hword, for
2617 compatibility with apple's assembler.
2619 2013-12-03 Niels Möller <nisse@lysator.liu.se>
2621 * x86_64/sha1-compress.asm: Reorganized, to get closer to the x86
2622 version. No difference in running time.
2624 * configure.ac (dummy-dep-files): Don't overwrite any existing
2627 * x86_64/md5-compress.asm: New file, similar to the x86 version.
2628 35% speedup on AMD, 15% speedup on Intel.
2630 2013-11-25 Niels Möller <nisse@lysator.liu.se>
2632 * testsuite/dsa-test.c (test_main): Additional tests from NIST
2635 * testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New
2636 functions, supporting arbitrary digest size.
2638 * testsuite/testutils.h (ASSERT): Improved failure message.
2640 * dsa-verify.c (dsa_verify): Renamed, from _dsa_verify.
2641 * dsa-sign.c (dsa_sign): Renamed, from _dsa_sign.
2643 2013-11-24 Niels Möller <nisse@lysator.liu.se>
2645 * testsuite/dsa-keygen-test.c (test_main): Test generating a
2648 * dsa-verify.c (_dsa_verify): Use _dsa_hash.
2650 * dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in
2651 error case, spotted by Nikos.
2653 * dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224.
2655 * dsa-hash.c (_dsa_hash): New file and function. Allows digest
2656 sizes not matching the bitsize of q.
2657 * dsa.h (_dsa_hash): Declare it.
2658 * Makefile.in (hogweed_SOURCES): Added dsa-hash.c.
2660 2013-11-23 Niels Möller <nisse@lysator.liu.se>
2662 * configure.ac: Check also for openssl/ecdsa.h.
2664 2013-10-05 Niels Möller <nisse@lysator.liu.se>
2666 * Makefile.in (nettle_SOURCES): Added eax.c.
2667 (HEADERS): Added eax.h.
2669 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added eax-test.c.
2671 * testsuite/eax-test.c: New file.
2673 * nettle-internal.c (nettle_eax_aes128): New aead algorithm.
2674 (eax_aes128_set_key, eax_aes128_set_nonce, eax_aes128_update)
2675 (eax_aes128_encrypt, eax_aes128_decrypt, eax_aes128_digest): New
2681 * aes.h: Fixed typo in name mangling for new aes functions.
2683 2013-09-28 Niels Möller <nisse@lysator.liu.se>
2685 * Merge aes-reorg branch. Changes below,
2686 dated 2013-05-17 - 2013-08-13.
2688 2013-08-13 Niels Möller <nisse@lysator.liu.se>
2690 * yarrow.h (struct yarrow256_ctx): Use aes256_ctx, not aes_ctx.
2691 * yarrow256.c: Adapted to use new aes256 interface.
2693 2013-08-07 Niels Möller <nisse@lysator.liu.se>
2695 * umac.h (_UMAC_STATE): Use struct aes128_ctx, not aes_ctx.
2696 * umac-set-key.c (umac_kdf, _umac_set_key): Use aes128 interface.
2697 * umac32.c (umac32_digest): Likewise.
2698 * umac64.c (umac64_digest): Likewise.
2699 * umac96.c (umac96_digest): Likewise.
2700 * umac128.c (umac128_digest): Likewise.
2702 2013-06-25 Niels Möller <nisse@lysator.liu.se>
2704 * aes-meta.c: Deleted file.
2706 Analogous changes for new aes192 and aes256 interface.
2708 * aes.h (struct aes128_ctx): New aes128 declarations.
2709 * aes-decrypt.c (aes128_decrypt): New function.
2710 * aes-encrypt.c (aes128_encrypt): New function.
2711 * aes128-meta.c: New file.
2712 * aes128-set-encrypt-key.c (aes128_set_encrypt_key): New file and
2714 * aes128-set-decrypt-key.c (aes128_set_decrypt_key)
2715 (aes128_invert_key): New file and functions.
2716 * Makefile.in (nettle_SOURCES): Added aes128-set-encrypt-key.c,
2717 aes128-set-decrypt-key.c and aes128-meta.c.
2719 * nettle-internal.c (nettle_unified_aes128): For testing the old
2721 * testsuite/aes-test.c (test_cipher2): New function.
2722 (test_main): Test both nettle_aes128 and nettle_unified_aes128.
2724 2013-05-22 Niels Möller <nisse@lysator.liu.se>
2726 * Makefile.in (nettle_SOURCES): Added aes-invert-internal.c and
2727 aes-set-key-internal.c.
2729 * aes.h (AES128_KEY_SIZE, _AES128_ROUNDS): New constants.
2730 Similarly also for aes192 and aes256.
2732 * aes-internal.h: Declare new functions.
2734 * aes-set-key-internal.c (_aes_set_key): New file and funxtion
2735 extracted from aes_set_encrypt_key.
2736 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use _aes_set_key.
2738 * aes-invert-internal.c (_aes_invert): New file and function,
2739 extracted from aes_invert_key.
2740 * aes-set-decrypt-key.c (aes_invert_key): Use _aes_invert.
2742 * arm/v6/aes-encrypt-internal.asm: Adapted to new interface.
2743 Unfortunately, 4% slowdown on Cortex-A9, for unknown reason.
2744 * arm/v6/aes-decrypt-internal.asm: Likewise.
2745 * arm/aes-encrypt-internal.asm: Adapted to new interface.
2746 * arm/aes-decrypt-internal.asm: Likewise.
2748 2013-05-21 Niels Möller <nisse@lysator.liu.se>
2750 * sparc32/aes-encrypt-internal.asm: Adapted to new interface.
2751 * sparc32/aes-decrypt-internal.asm: Likewise.
2752 * sparc64/aes-encrypt-internal.asm: Likewise.
2753 * sparc64/aes-decrypt-internal.asm: Likewise.
2755 * x86/aes-encrypt-internal.asm: Adapted to new interface.
2756 * x86/aes-decrypt-internal.asm: Likewise.
2758 2013-05-20 Niels Möller <nisse@lysator.liu.se>
2760 * x86_64/aes-encrypt-internal.asm: Adapted to new interface.
2761 * x86_64/aes-decrypt-internal.asm: Likewise.
2763 2013-05-17 Niels Möller <nisse@lysator.liu.se>
2765 * aes.h (struct aes_ctx): Renamed nrounds to rounds, and moved
2766 first in the structure.
2767 * aes-set-encrypt-key.c (aes_set_encrypt_key): Updated for renaming.
2768 * aes-set-decrypt-key.c (aes_invert_key): Likewise.
2770 * aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
2771 subkeys as separate arguments, not a struct aes_ctx *. Updated
2773 * aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
2774 * aes-internal.h: Updated prototypes.
2776 * Start of aes-reorg changes.
2778 2013-09-28 Niels Möller <nisse@lysator.liu.se>
2780 * md4.h (struct md4_ctx): Use single uint64_t variable for block
2782 * md4.c: Use new block count variable.
2783 * md5.c, md5.h (struct md5_ctx): Likewise.
2784 * ripemd160.c, ripemd160.h (struct ripemd160_ctx): Likewise.
2785 * sha1.c, sha1.h (struct sha1_ctx): Likewise.
2786 * sha256.c, sha2.h (struct sha256_ctx): Likewise.
2788 * testsuite/testutils.c (test_hash_large): Added simple progress
2791 * macros.h (MD_PAD): Use size argument, don't depend on
2792 sizeof of the count field(s).
2794 2013-09-22 Niels Möller <nisse@lysator.liu.se>
2796 * x86_64/gcm-hash8.asm: New file.
2797 * x86_64/gcm-gf-mul-8.asm: Deleted.
2799 * configure.ac (asm_nettle_optional_list): Look for gcm-hash8.asm,
2800 not gcm-gf-mul-8.asm.
2801 * gcm.c [HAVE_NATIVE_gcm_hash8]: Make use of (optional) assembly
2804 2013-09-21 Niels Möller <nisse@lysator.liu.se>
2806 * Makefile.in (des.po): Add same dependencies as for des.o.
2807 Reported by Vincent Torri.
2809 2013-09-20 Niels Möller <nisse@lysator.liu.se>
2811 * testsuite/gcm-test.c: Added tests with associated data of
2814 * testsuite/testutils.c (tstring_alloc): Add NUL-termination.
2816 2013-09-18 Niels Möller <nisse@lysator.liu.se>
2818 * Makefile.in: New stampfiles, libnettle.stamp and
2819 libhogweed.stamp, updated when both static and shared libraries
2820 are rebuilt. Used as link dependencies in subdirectories.
2821 * examples/Makefile.in: Make executable targets depend on
2822 ../libnettle.stamp and libhogweed.stamp, not directly on the
2823 static library files.
2824 * testsuite/Makefile.in: Likewise.
2825 * tools/Makefile.in: Likewise.
2827 2013-09-09 Niels Möller <nisse@lysator.liu.se>
2829 * gcm.c [HAVE_NATIVE_gcm_gf_mul_8]: Make use of (optional)
2830 assembly implementation.
2832 * configure.ac: Support optional assembly files for both nettle
2833 and hogweed. Replaced OPT_ASM_SOURCES with OPT_ASM_NETTLE_SOURCES,
2834 OPT_ASM_HOGWEED_SOURCES, and asm_optional_list with
2835 asm_nettle_optional_list and asm_hogweed_optional_list.
2836 (asm_nettle_optional_list): Added gcm-gf-mul-8.asm.
2838 2013-06-25 Niels Möller <nisse@lysator.liu.se>
2840 * testsuite/gcm-test.c: Deleted redundant include of aes.h.
2842 * testsuite/testutils.c (test_aead): Allow digest size smaller
2843 than the block size.
2845 * tools/nettle-pbkdf2.c: New command line tool.
2846 * tools/Makefile.in (TARGETS): Added nettle-pbkdf2.
2847 (nettle-pbkdf2$(EXEEXT)): New target.
2848 * testsuite/nettle-pbkdf2-test: New test case.
2849 * testsuite/Makefile.in (TS_SH): Added nettle-pbkdf2-test.
2851 * tools/nettle-hash.c (digest_file): Use stack allocation for the
2852 small hex output buffer.
2854 * examples/io.c (MIN): Deleted unused macro.
2856 2013-05-21 Niels Möller <nisse@lysator.liu.se>
2858 From nettle-2.7-fixes branch:
2859 * Makefile.in (distdir): Distribute files in arm/v6 subdirectory.
2861 2013-05-20 Niels Möller <nisse@lysator.liu.se>
2863 * arm/v6/sha1-compress.asm: Moved into v6 directory, since it uses
2864 the v6 instruction uadd8, sel and rev.
2865 * arm/v6/sha256-compress.asm: Likewise.
2867 * nettle-types.h: Include <stddef.h>, for size_t.
2869 2013-05-17 Niels Möller <nisse@lysator.liu.se>
2871 * macros.h (ROTL32, ROTL64): Avoid undefined behaviour for zero
2872 rotation count. Unfortunately makes CAST128 a bit slower with
2875 * ecc-j-to-a.c (ecc_j_to_a): Fixed ecc_modp_mul call, to avoid
2876 invalid overlap of arguments to mpn_mul_n. Problem tracked down by
2879 2013-05-16 Niels Möller <nisse@lysator.liu.se>
2881 * arm/aes-encrypt-internal.asm: New file, for pre-v6 processors.
2882 * arm/aes-decrypt-internal.asm: New file, likewise.
2884 * arm/aes.m4 (AES_FINAL_ROUND_V5): Variant without using uxtb.
2885 (AES_FINAL_ROUND_V6): New name, updated callers.
2886 (AES_FINAL_ROUND): ... old name. Also eliminated one uxtb
2888 (AES_ENCRYPT_ROUND, AES_DECRYPT): Moved macros to the
2891 * arm/v6/aes-encrypt-internal.asm: Use ALIGN macro. Use 16-byte
2892 alignment for loops.
2893 * arm/v6/aes-decrypt-internal.asm: Likewise. Also added a nop
2894 which mysteriously improves benchmark performance on Cortex-A9.
2896 2013-05-15 Niels Möller <nisse@lysator.liu.se>
2898 * configure.ac (asm_path): Handle armv6 and armv7 differently from
2899 older ARMs. Add the arm/v6 directory to asm_path when appropriate.
2901 * arm/v6/aes-encrypt-internal.asm: Moved into v6 directory. Uses
2902 the uxtb instruction which is not available for older ARMs.
2903 * arm/v6/aes-decrypt-internal.asm: Likewise.
2905 2013-05-03 Niels Möller <nisse@lysator.liu.se>
2907 * cast128.c: Adapt to new struct cast128_ctx.
2908 (cast128_set_key): Rewrite, eliminating lots of conditions and
2909 some false warnings.
2911 * cast128.h (struct cast128_ctx): Separate the small 5-bit
2912 rotation subkeys and the larger 32-bit masking subkeys.
2914 2013-05-02 Niels Möller <nisse@lysator.liu.se>
2916 * testsuite/testutils.c (mpz_combit): Renamed. Define only if not
2917 provided GMP. Updated all uses.
2918 (mpz_togglebit): ... old name.
2920 * sexp-format.c (sexp_vformat): Use type mpz_srcptr rather
2921 than the old MP_INT *.
2923 2013-04-26 Niels Möller <nisse@lysator.liu.se>
2925 * Many files: Use size_t rather than unsigned for data sizes.
2926 * x86_64/aes-encrypt-internal.asm: Accept 64-bit length.
2927 * x86_64/aes-decrypt-internal.asm: Likewise.
2929 2013-04-25 Niels Möller <nisse@lysator.liu.se>
2931 * configure.ac: Changed version number, to 2.8.
2932 (LIBNETTLE_MAJOR): Bumped major number, following
2933 nettle_memxor ABI break.
2934 (LIBNETTLE_MINOR): Reset to zero.
2936 * examples/hogweed-benchmark.c: Add benchmarking of OpenSSL's RSA
2938 (all functions): Deleted unneeded casts.
2940 2013-04-24 Niels Möller <nisse@lysator.liu.se>
2942 * nettle.texinfo (Miscellaneous functions): Updated memxor
2943 prototype. Document memxor3.
2945 * salsa20-crypt.c (salsa20_crypt): Deleted cast of memxor
2946 argument, no longer needed.
2947 * salsa20r12-crypt.c (salsa20r12_crypt): Likewise.
2948 * sha3.c (sha3_absorb): Likewise.
2950 * memxor.h: Updated prototypes. Drop include of nettle-types.h.
2952 * memxor.c: Include nettle-types.h, for uintptr_t. Replace all
2953 internal uses of uint8_t by plain char.
2954 (memxor): Use void * rather than uint8_t * for
2956 (memxor3): Likewise.
2958 * x86_64/memxor.asm: Added nettle_ prefix to symbols.
2959 * arm/memxor.asm: Likewise.
2961 * testsuite/symbols-test: Don't allow memxor functions without
2964 * memxor.h (memxor3): Added name mangling to add "nettle_" prefix
2965 to memxor and memxor3 symbols.
2967 * Makefile.in (nettle_OBJS): Deleted $(LIBOBJS), and also deleted
2968 LIBOBJS substitution.
2969 (nettle_SOURCES): Added memxor.c, to include it in the library
2972 * configure.ac: Deleted AC_REPLACE_FUNCS for memxor.
2974 * Released nettle-2.7.
2976 2013-04-23 Niels Möller <nisse@lysator.liu.se>
2978 From Martin Storsjö:
2979 * x86_64/sha256-compress.asm: Add forgotten W64_EXIT.
2980 * x86_64/sha512-compress.asm: Likewise.
2981 * x86_64/salsa20-crypt.asm (Lpartial): Don't return via W64_EXIT
2982 within this subfunction.
2983 * x86_64/machine.m4 (W64_ENTRY): Use movdqu instead of movdqa for
2984 saving xmm registers, since the stack is not guaranteed to be
2985 16-byte aligned on win64. Take pushed xmm registers into account
2986 when reading the fifth parameter from the stack.
2988 * Makefile.in: Consistently use EXEEXT_FOR_BUILD.
2990 2013-04-21 Niels Möller <nisse@lysator.liu.se>
2992 * Makefile.in (DISTFILES): Added mini-gmp.c and mini-gmp.h.
2993 (distdir): Use find, for identifying assembly files to copy.
2995 2013-04-18 Niels Möller <nisse@lysator.liu.se>
2997 * configure.ac: Recognize cpu type "arm*", not just "armv7*'.
2999 * arm/aes-encrypt-internal.asm: Updated include of aes.m4.
3000 * arm/aes-decrypt-internal.asm: Likewise.
3002 * Makefile.in (distdir): Updated for ARM reorganization.
3004 * configure.ac (asm_path): Generalized, can now be a list of
3005 directories. On ARM, check for neon instructions, and add arm/neon
3006 if appropriate. New command line options
3007 --enable-arm-neon/--disable-arm-neon, for overriding the default.
3009 arm/neon: New subdirectory, for assembly files making use of neon
3012 arm: Renamed directory, from...
3015 * aclocal.m4 (NETTLE_CHECK_ARM_NEON): New macro.
3017 * nettle.texinfo (Keyed hash functions): Document UMAC.
3019 * umac.h (UMAC32_DIGEST_SIZE, UMAC64_DIGEST_SIZE)
3020 (UMAC96_DIGEST_SIZE, UMAC128_DIGEST_SIZE): New constants.
3021 (UMAC_DATA_SIZE): New name, for consistency with hash functions.
3023 (UMAC_BLOCK_SIZE): ... old name.
3025 2013-04-17 Niels Möller <nisse@lysator.liu.se>
3027 * examples/nettle-benchmark.c (main): Benchmark salsa20r12.
3029 * nettle-internal.c (nettle_salsa20r12): Cipher struct for
3031 * nettle-internal.h (nettle_salsa20): Declare it.
3033 * Makefile.in (eccdata): Depend on mini-gmp files. Drop -lgmp.
3035 * eccdata.c: Use mini-gmp, to avoid gmp dependency and associated
3036 configure tests for the *build* system. Replaced mpz_submul_ui by
3037 mpz_mul_ui + mpz_sub, and gmp_printf and gmp_fprintf by calls to
3040 * mini-gmp.h, mini-gmp.c: New files, copied from gmp-5.1.1.
3042 2013-04-16 Niels Möller <nisse@lysator.liu.se>
3044 * umac-set-key.c (BE_SWAP32_N): Fixed dummy definition used for
3047 * Makefile.in (TARGETS): Deleted eccdata, it should be build only
3048 when public key support is enabled.
3049 (clean-here): Exlicitly list it here.
3051 * asm.m4 (m4_log2): New macro, similar to the one in gmp.
3052 (ALIGN): Changed to take alignment in bytes. Updated all callers,
3053 currently used only in x86 and x86_64 files.
3055 * umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
3056 block count an uint64_t. Reorder some elements to put short values
3058 * umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
3059 (_umac_l2): Deleted redundant memcpy.
3060 (_umac_l2, _umac_l2_final): Store input buffer at end of the
3061 poly64/poly128 state. Deleted l1_out from corresponding context
3062 structs, and updated all callers.
3064 * configure.ac: Changed version number to 2.7.
3065 (LIBNETTLE_MINOR): Bumped library version, to 4.6.
3066 (LIBHOGWEED_MINOR): And to 2.4.
3068 * Makefile.in (distdir): Include files from armv7 subdirectory.
3070 * x86_64/umac-nh-n.asm: New file, 3.5 time speedup.
3072 * umac32.c (umac32_digest): Fix nonce caching.
3073 * umac64.c (umac64_digest): Likewise.
3075 * testsuite/umac-test.c (test_incr): New function.
3076 (test_main): Test nonce increment.
3078 * misc/umac/umac.py: UMAC reference implementation.
3079 * misc/umac/rijndael.py: AES implementation used by umac.py.
3080 * misc/umac/mkvectors: Script to generate UMAC test vectors.
3081 * misc/umac/vectors.out: Generated test vectors.
3083 * umac32.c (umac32_digest): Fix nonce increment, use INCREMENT
3085 * umac64.c (umac64_digest): Likewise.
3086 * umac96.c (umac96_digest): Likewise.
3087 * umac128.c (umac128_digest): Likewise.
3089 * macros.h (INCREMENT): Allow size == 1.
3091 2013-04-15 Niels Möller <nisse@lysator.liu.se>
3093 * x86_64/umac-nh.asm: New file. 4.4 time speedup.
3095 * armv7/umac-nh-n.asm: New file. 2.0-2.3 time speedup.
3097 * testsuite/umac-test.c (test_align): Fixed memory leak.
3099 2013-04-12 Niels Möller <nisse@lysator.liu.se>
3101 * armv7/umac-nh.asm: New file. 2.4 time speedup.
3103 * armv7/machine.m4 (D0REG, D1REG): New macros.
3105 * configure.ac (asm_replace_list): Added umac-nh.asm and
3108 * testsuite/umac-test.c: Test different alignments for the
3111 2013-04-11 Niels Möller <nisse@lysator.liu.se>
3113 * umac-nh-n.c (_umac_nh_n): Rewrote as a single pass over the
3116 * examples/nettle-benchmark.c (time_umac): New function.
3119 * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
3120 can be xored directly to the pad in native byteorder.
3121 * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
3122 xor. Updated all callers.
3123 * umac32.c (umac32_digest): Adapt to l3 changes.
3124 * umac64.c (umac64_digest): Likewise.
3125 * umac96.c (umac96_digest): Likewise.
3126 * umac128.c (umac128_digest): Likewise.
3128 Initial implementation of umac.
3130 * umac-nh.c: New file.
3131 * umac-nh-n.c: New file.
3132 * umac-poly64.c: New file.
3133 * umac-poly128.c: New file.
3134 * umac-l2.c: New file.
3135 * umac-l3.c: New file.
3136 * Makefile.in (nettle_SOURCES): Added umac source files.
3137 (HEADERS): Added umac.h.
3138 * testsuite/umac-test.c: New file.
3139 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added umac-test.c.
3141 * ecc-mul-a.c (ecc_mul_a): Avoid using mp_bitcnt_t, for
3142 compatibility with older GMP versions.
3143 * ecc-mul-g.c (ecc_mul_g): Likewise.
3144 * eccdata.c (ecc_mul_binary): Likewise.
3145 * sec-modinv.c (sec_modinv): Likewise.
3147 * x86_64/sha3-permute.asm: Go via memory for moves between general
3148 registers and xmm registers.
3150 2013-04-06 Niels Möller <nisse@lysator.liu.se>
3152 From Edgar E. Iglesias:
3153 * sha3.c (_sha3_update): Fix condition for when the block buffer
3156 2013-04-04 Niels Möller <nisse@lysator.liu.se>
3158 * ecc-point.c (ecc_point_get): Allow NULL x or y, ignore
3159 corresponding coordinate.
3161 * nettle.texinfo (Elliptic curves): Document high-level ECDSA
3164 From Martin Storsjö. Fallback functions for older GMP releases.
3165 * gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): New functions.
3166 * gmp-glue.h: Declare them.
3167 (mpn_sqr): Fallback macro.
3169 * gmp-glue.h (cnd_add_n, cnd_sub_n): Moved here, define in terms
3170 of mpn_cnd_add_n and mpn_sub_n if available, otherwise in terms of
3171 mpn_addmul_1 and mpn_submul_1. This seems to be an improvement for
3172 subtraction, but more questionable for addition.
3174 * ecc-internal.h: Include gmp-glue.h. Deleted corresponding
3175 include in all files using ecc-internal.h.
3176 (cnd_add_n, cnd_sub_n): Moved from here.
3178 2013-04-03 Niels Möller <nisse@lysator.liu.se>
3180 * ecc-point-mul-g.c (ecc_point_mul_g): New file and function.
3181 * ecc-point-mul.c (ecc_point_mul): New file and function.
3182 * ecc.h: Updated declarations and name mangling.
3183 * Makefile.in (hogweed_SOURCES): Added ecc-point-mul.c and
3186 * testsuite/salsa20-test.c (test_main): Tests for salsa20r12,
3187 contributed by Nikos Mavrogiannopoulos.
3189 2013-03-26 Niels Möller <nisse@lysator.liu.se>
3191 * armv7/salsa20-core-internal.asm: New file. 45% speedup.
3193 2013-03-25 Niels Möller <nisse@lysator.liu.se>
3195 From Martin Storsjö:
3196 * examples/timing.c: New file, extracted from nettle-benchmark.c.
3197 * examples/timing.h: New file.
3198 * examples/Makefile.in (SOURCES): Added timing.c.
3199 (DISTFILES): Added timing.h.
3200 (BENCH_OBJS, ECC_BENCH_OBJS, HOGWEED_BENCH_OBJS): Added timing.o.
3201 * examples/nettle-benchmark.c: Use timing.h.
3202 * examples/hogweed-benchmark.c: Likewise.
3203 * examples/ecc-benchmark.c: Likewise.
3205 From Nikos Mavrogiannopoulos:
3206 * salsa20r12-crypt.c (salsa20r12_crypt): New file and function.
3207 * salsa20.h (salsa20r12_crypt): Declare.
3208 * Makefile.in (nettle_SOURCES): Added salsa20r12-crypt.c.
3210 From Martin Storsjö:
3211 * examples/hogweed-benchmark.c: Include local headers.
3212 * testsuite/ecdsa-keygen-test.c: Likewise.
3213 * x86_64/sha3-permute.asm: Workaround for Apple's assembler; write
3214 movq instructions as movd.
3216 * Makefile.in (hogweed_PURE_OBJS): Don't include OPT_ASM_SOURCES
3219 2013-03-15 Niels Möller <nisse@lysator.liu.se>
3221 * armv7/sha3-permute.asm: New file. 4.5 time speedup.
3223 * armv7/machine.m4 (QREG): New macro.
3225 2013-03-14 Niels Möller <nisse@lysator.liu.se>
3227 * configure.ac (asm_replace_list): Added sha3-permute.asm,
3228 revering 2012-12-30 change. 34% speedup on intel i5, from 2190
3229 cycles for the C implementation down to 1630.
3231 * armv7/sha512-compress.asm: Optimized. Keep expanded data in
3232 registers, exploit parallelism. Another 70% speedup.
3234 * testsuite/sha512-test.c (test_main): Additional test vectors,
3235 including some longer than 128 bytes.
3237 2013-03-13 Niels Möller <nisse@lysator.liu.se>
3239 * armv7/sha512-compress.asm: New file, using neon instructions.
3242 * configure.ac (asm_replace_list): Added sha512-compress.asm.
3243 * x86_64/machine.m4 (OFFSET64): New macro.
3244 * x86_64/sha512-compress.asm: New file, 20% speedup.
3246 * sha512-compress.c (ROUND): Eliminated a temporary, analogous to
3247 sha256 change below.
3249 * x86_64/sha256-compress.asm: New file, 16% speedup (benchmarked
3252 2013-03-11 Niels Möller <nisse@lysator.liu.se>
3254 * armv7/sha256-compress.asm: New file, 25% speedup.
3256 * configure.ac (asm_replace_list): Added sha256-compress.asm.
3258 * sha256-compress.c (ROUND): Eliminated a temporary.
3260 * armv7/sha1-compress.asm: New file, 9% speedup.
3262 * testsuite/testutils.c (test_hash): Test different alignments for
3265 2013-03-08 Niels Möller <nisse@lysator.liu.se>
3267 * armv7/aes-decrypt-internal.asm: New file, 15% speedup.
3268 * armv7/aes-encrypt-internal.asm: New file, 25% speedup.
3269 * armv7/aes.m4: New file.
3271 2013-03-07 Niels Möller <nisse@lysator.liu.se>
3273 * gmp-glue.c (mpz_limbs_cmp): Don't use PTR and SIZ macros.
3275 * Makefile.in (aesdata, desdata, twofishdata, shadata, gcmdata)
3276 (eccdata): Arrange for compiling these programs for running on the
3277 build system, also when cross compiling everything else.
3279 * config.make.in (CC_FOR_BUILD, EXEEXT_FOR_BUILD): New variables.
3281 * configure.ac: Use GMP_PROG_CC_FOR_BUILD and
3282 GMP_PROG_EXEEXT_FOR_BUILD.
3284 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD, GMP_PROG_CC_FOR_BUILD_WORKS)
3285 (GMP_PROG_EXEEXT_FOR_BUILD): New macros, based on GMP's.
3287 * aesdata.c: Deleted includes of config.h and nettle-types.h. Use
3288 unsigned char and unsigned long instead of stdint.h types.
3290 * desdata.c: Deleted includes of config.h and desCode.h.
3291 (main): Return 1 on invalid argument. Don't use ROR macro. Use
3292 unsigned long instead of uint32_t, and make it work if unsigned
3293 long is larger than 32 bits.
3295 * gcmdata.c: Deleted include of config.h and use UNUSED macro.
3296 * shadata.c: Likewise.
3298 * twofishdata.c: Deleted include of nettle-types.h. Use unsigned
3299 char instead of stdint.h types.
3301 * x86_64/ecc-521-modp.asm: New file. 2.4 time speedup.
3303 2013-03-06 Niels Möller <nisse@lysator.liu.se>
3305 * x86_64/ecc-384-modp.asm: New file, 3 time speedup.
3306 * x86_64/ecc-256-redc.asm: New file, 2.5 time speedup.
3307 * x86_64/ecc-224-modp.asm: New file, 5 time speedup over C
3310 2013-03-05 Niels Möller <nisse@lysator.liu.se>
3312 * configure.ac (asm_optional_list): Added ecc-521-modp.asm.
3313 * ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
3314 version if available.
3315 * armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
3317 2013-03-04 Niels Möller <nisse@lysator.liu.se>
3319 * configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
3320 bogus reference to $asm_search_list.
3321 * ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
3322 version if available.
3323 * armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
3325 2013-03-03 Niels Möller <nisse@lysator.liu.se>
3327 * ecc-256.c: Fixed definition of USE_REDC.
3329 2013-03-01 Niels Möller <nisse@lysator.liu.se>
3331 * ecc-256.c: Check HAVE_NATIVE_ecc_256_redc, and use native
3332 version if available.
3333 * armv7/ecc-256-redc.asm: New file, 4 time speedup over C version.
3335 * testsuite/ecc-redc-test.c: Increased test count.
3337 * ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
3338 version if available.
3339 * armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
3342 * configure.ac (asm_optional_list): Added ecc-224-modp.asm.
3343 (OPT_ASM_SOURCES): Fixed assignment.
3345 2013-02-28 Niels Möller <nisse@lysator.liu.se>
3347 * x86_64/ecc-192-modp.asm: Reorganized to reduce number of
3348 additions. Use setc instruction.
3350 * examples/Makefile.in: Let $(HOGWEED_TARGETS) depend on
3353 * armv7/ecc-192-modp.asm: New file. 2.5 time speedup over C
3356 2013-02-27 Niels Möller <nisse@lysator.liu.se>
3358 * ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
3359 version if available.
3360 (ecc_192_modp): Fixed carry handling bug in 32-bit version.
3362 * x86_64/ecc-192-modp.asm: New file. 3.8 times speedup over C
3365 * configure.ac (OPT_ASM_SOURCES): New substituted variable.
3366 (asm_replace_list, asm_optional_list): New variables. For files in
3367 asm_optional_list, also add them to OPT_ASM_SOURCES and define
3368 appropriate HAVE_NATIVE_* symbols found.
3370 * Makefile.in (OPT_ASM_SOURCES): New variable. Used for setting
3371 hogweed_OBJS and hogweed_PURE_OBJS.
3373 * testsuite/ecc-mod-test.c: Increased test count.
3375 * ecc-384.c (ecc_384_modp): Fixed typo which broke carry handling
3376 in the 64-bit version.
3378 * examples/ecc-benchmark.c (bench_add_jjj): Typo fix, benchmark
3381 * gmp-glue.h: Check if GMP provides mpz_limbs_read (expected in
3383 * gmp-glue.c: Use GMP's mpz_limbs_read and friends if available.
3384 Renamed all functions for consistency with GMP. Updated all
3387 2013-02-20 Niels Möller <nisse@lysator.liu.se>
3389 * examples/Makefile.in (HOGWEED_TARGETS): Added
3390 hogweed-benchmark$(EXEEXT).
3391 (SOURCES): Added hogweed-benchmark.c.
3392 (hogweed-benchmark$(EXEEXT)): New target.
3394 * examples/hogweed-benchmark.c: New file.
3396 * ecdsa-keygen.c (ecdsa_generate_keypair): New file and function.
3397 * Makefile.in (hogweed_SOURCES): Added ecdsa-keygen.c.
3398 * testsuite/ecdsa-keygen-test.c: New testcase.
3399 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
3400 ecdsa-keygen-test.c.
3402 * nettle-internal.h (TMP_ALLOC): Added missing parentheses.
3404 2013-02-18 Niels Möller <nisse@lysator.liu.se>
3406 * testsuite/ecdsa-verify-test.c: New testcase.
3407 * testsuite/ecdsa-sign-test.c: New testcase.
3408 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
3409 ecdsa-sign-test.c and ecdsa-verify-test.c.
3410 * testsuite/testutils.h: Include ecdsa.h.
3411 (SHEX): Deleted const cast.
3413 * ecc-point.c: New file, struct ecc_point abstraction.
3414 * ecc-scalar.c: New file, struct ecc_scalar abstraction.
3415 * ecc-random.c (ecc_modq_random, ecc_scalar_random): New file, new
3417 * ecc-hash.c (ecc_hash): New file and function.
3418 * ecc-ecdsa-sign.c: New file, low-level signing interface.
3419 * ecc-ecdsa-verify.c: New file, low-level ecdsa verify.
3420 * ecdsa-sign.c: (ecdsa_sign): New file and function.
3421 * ecdsa-verify.c (ecdsa_verify): New file and function.
3422 * ecdsa.h: New header file.
3423 * ecc.h: Declare ecc_point and ecc_scalar functions.
3424 * ecc-internal.h: Added declarations.
3425 * Makefile.in (hogweed_SOURCES): Added new source files.
3426 (HEADERS): Added ecdsa.h.
3428 * gmp-glue.c (_mpz_set_mpn): New convenience function.
3429 (_mpn_set_base256): New function.
3430 (_gmp_alloc_limbs): New function.
3431 (_gmp_free_limbs): New function.
3432 * gmp-glue.h: Corresponding declarations. Include nettle-stdinh.h.
3434 * examples/Makefile.in (HOGWEED_TARGETS): Renamed, was
3435 RSA_TARGETS. Added ecc-benchmark$(EXEEXT).
3436 (SOURCES): Added ecc-benchmark.c.
3437 (ecc-benchmark$(EXEEXT)): New target.
3439 * examples/ecc-benchmark.c: New file, benchmarking ecc primitives.
3441 2013-02-15 Niels Möller <nisse@lysator.liu.se>
3443 Integrate ecc_mul_a.
3444 * ecc-a-to-j.c: New file.
3445 * ecc-add-jjj.c: New file.
3446 * ecc-mul-a.c: New file.
3447 * Makefile.in (hogweed_SOURCES): Added new files.
3448 * testsuite/ecc-mul-a-test.c: New file.
3449 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
3452 * testsuite/testutils.c: Removed redundant includes.
3453 (die): New function.
3455 Integrate ecc_mul_g.
3457 * ecc-j-to-a.c: New file.
3458 * ecc-size.c: New file.
3459 * ecc-add-jja.c: New file.
3460 * ecc-dup-jj.c: New file.
3461 * ecc-mul-g.c: New file.
3462 * sec-tabselect.c: New file.
3463 * Makefile.in (hogweed_SOURCES): Added new files.
3464 (HEADERS): Added ecc.h
3465 * testsuite/ecc-mul-g-test.c: New file.
3466 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
3468 * testsuite/testutils.c (xalloc_limbs): New function.
3469 (test_mpn): New function.
3470 (test_ecc_point): New function.
3471 (test_ecc_mul_a): New function.
3472 (test_ecc_mul_j): New function.
3473 * testsuite/testutils.h: Corresponding declarations.
3475 Integrate ECC internals.
3476 * ecc-curve.h: New file.
3477 * ecc-internal.h: New file.
3478 * cnd-copy.c: New file.
3479 * ecc-192.c: New file.
3480 * ecc-224.c: New file.
3481 * ecc-256.c: New file.
3482 * ecc-384.c: New file.
3483 * ecc-521.c: New file.
3484 * ecc-generic-modp.c: New file.
3485 * ecc-generic-modq.c: New file.
3486 * ecc-generic-redc.c: New file.
3487 * ecc-mod.c: New file.
3488 * ecc-modp.c: New file.
3489 * ecc-modq.c: New file.
3490 * sec-add-1.c: New file.
3491 * sec-modinv.c: New file.
3492 * sec-sub-1.c: New file.
3493 * Makefile.in (hogweed_SOURCES): Added new files.
3494 (HEADERS): Added ecc-curve.h.
3495 (DISTFILES): Added ecc-internal.h.
3496 * testsuite/ecc-mod-test.c: New file.
3497 * testsuite/ecc-modinv-test.c: New file.
3498 * testsuite/ecc-redc-test.c: New file.
3499 * testsuite/testutils.c (ecc_curves): New constant array.
3500 * testsuite/testutils.h: Include ecc-related headers. Declare
3502 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-mod-test.c
3503 ecc-modinv-test.c ecc-redc-test.c.
3505 * gmp-glue.c: New file, mpn <-> mpz conversions.
3506 * gmp-glue.h: New file.
3507 * Makefile.in: Added to hogweed_SOURCES and DISTFILES, respectively.
3509 * eccdata.c: New program, for generating ECC-related tables.
3510 * Makefile.in (ecc-192.h, ecc-224.h, ecc-256.h, ecc-384.h)
3511 (ecc-512.h): New generated files.
3513 2013-02-19 Niels Möller <nisse@lysator.liu.se>
3515 * armv7/memxor.asm (memxor): Software pipelining for the aligned
3516 case. Runs at 6 cycles (0.5 cycles per byte). Delayed push of
3517 registers until we know how many registers we need.
3518 (memxor3): Use 3-way unrolling also for aligned memxor3.
3519 Runs at 8 cycles (0.67 cycles per byte)
3521 2013-02-14 Niels Möller <nisse@lysator.liu.se>
3523 * configure.ac: Find GMP's GMP_NUMB_BITS. Substitute in Makefile.
3524 * config.make.in (GMP_NUMB_BITS): New variable.
3526 * examples/rsa-keygen.c (uint_arg): New function.
3527 (main): New options -s and -e, to specify key size and public
3528 exponent. Increased default key size to 2048.
3530 2013-02-12 Niels Möller <nisse@lysator.liu.se>
3532 * armv7/memxor.asm (memxor): Optimized aligned case, using 3-way
3535 2013-02-06 Niels Möller <nisse@lysator.liu.se>
3537 * armv7/memxor.asm (memxor, memxor3): Optimized aligned case, now
3538 runs at 0.75 cycles/byte.
3540 * armv7/README: New file.
3541 * armv7/machine.m4: New (empty) file.
3542 * armv7/memxor.asm: Initial assembly implementation.
3544 * config.m4.in: Substitute ASM_TYPE_PROGBITS as TYPE_PROGBITS.
3546 * config.make.in: Added .s to the suffix list.
3548 * Makefile.in (.asm.s): Use a separate make target for .asm
3549 preprocessing. Include asm.d, which the corresponding
3552 * configure.ac (asm_file_list): Collect assembly files into this
3554 (asm.d): Make config.status write dependencies for .s files into
3556 (ASM_ALIGN_LOG): Set to "no" when appropriate.
3557 (ASM_TYPE_FUNCTION): Default to "@function".
3558 (ASM_TYPE_PROGBITS): New substituted variable, set in the same way
3559 as ASM_TYPE_FUNCTION.
3560 (ASM_MARK_NOEXEC_STACK): Use TYPE_PROGBITS.
3561 (asm_path): Set up asm_path for armv7.
3563 * asm.m4: Use changecom to disable m4 quoting. Use divert to
3566 2013-02-05 Niels Möller <nisse@lysator.liu.se>
3568 * testsuite/rsa-keygen-test.c (test_main): Updated expected
3569 signatures, after the nettle_mpz_random change below.
3570 * testsuite/dsa-test.c (test_main): Likewise. Also fixed the
3571 dsa256 test to actually use the expected signature.
3573 2013-01-31 Niels Möller <nisse@lysator.liu.se>
3575 * bignum-random.c (nettle_mpz_random): Increased number of extra
3576 bits to 64, following FIPS 186-3.
3578 2013-01-16 Niels Möller <nisse@lysator.liu.se>
3580 * Released nettle-2.6.
3582 2013-01-12 Niels Möller <nisse@lysator.liu.se>
3584 * configure.ac: Use AC_LANG_SOURCE.
3586 2013-01-02 Niels Möller <nisse@lysator.liu.se>
3588 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.5.
3589 (LIBHOGWEED_MINOR): And to 2.3.
3591 * examples/Makefile.in: Explicit rules for building objects in
3593 * tools/Makefile.in: Likewise.
3594 * testsuite/Makefile.in: Likewise.
3596 2013-01-01 Niels Möller <nisse@lysator.liu.se>
3598 * nettle.texinfo (Recommended hash functions): Document additional
3601 * examples/nettle-benchmark.c (main): Benchmark additional sha3
3604 2012-12-30 Niels Möller <nisse@lysator.liu.se>
3606 * sha3-224.c, sha3-224-meta.c: New files.
3607 * sha3-384.c, sha3-384-meta.c: New files.
3608 * sha3-512.c, sha3-512-meta.c: New files.
3609 * sha3.h: Prototypes for sha3 with sizes 224, 384 and 512.
3610 * nettle-meta.h: Declare nettle_sha3_224, nettle_sha3_384 and
3612 * Makefile.in (nettle_SOURCES): Added new sha3 files.
3614 * testsuite/sha3-224-test.c: New file.
3615 * testsuite/sha3-384-test.c: New file.
3616 * testsuite/sha3-512-test.c: New file.
3617 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new sha3 test files.
3619 * configure.ac: Disabled use of sha3-permute.asm.
3621 2012-12-20 Niels Möller <nisse@lysator.liu.se>
3624 * testsuite/des-compat-test.c (pt): Use proper prototype, use
3626 * testsuite/testutils.c (test_dsa_key): Deleted spurious
3629 2012-12-15 Niels Möller <nisse@lysator.liu.se>
3631 Based on a patch from Alon Bar-Lev:
3632 * Makefile.in (LIBTARGETS, SHLIBTARGET): Define as empty if static
3633 or shared libraries, respectively, are disabled.
3634 (TARGETS): Deleted @IF_SHARED@ conditional, now in the definition
3638 * configure.ac: Check for ar program. New option --disable-static.
3639 * config.make.in (AR): Use configured value.
3641 2012-12-13 Niels Möller <nisse@lysator.liu.se>
3643 * x86_64/sha3-permute.asm: Rewrote, to keep all state in
3644 registers. 2400 cycles on x86_64, only slightly faster than the
3647 2012-12-09 Niels Möller <nisse@lysator.liu.se>
3649 * sha3-permute.c (sha3_permute): Rewrote to do permutation in
3650 place. 80% speedup on x86_64, 2500 cycles.
3652 2012-12-04 Niels Möller <nisse@lysator.liu.se>
3654 * ctr.c (ctr_crypt): Fix bug reported by Tim Kosse. Don't
3655 increment the counter when length is zero (was broken for the
3658 * testsuite/ctr-test.c (test_main): Added test with zero-length
3660 * testsuite/testutils.c (test_cipher_ctr): Check the ctr value
3661 after encrypt and decrypt.
3663 2012-12-03 Niels Möller <nisse@lysator.liu.se>
3665 * sha3-permute.c (sha3_permute): Optimized, to reduce number of
3666 passes over the data. 20% speedup on x86_64, 4700 cycles.
3668 * configure.ac: Added sha3-permute.asm.
3670 * x86_64/sha3-permute.asm: New file. 30% speedup over current C
3673 * nettle.texinfo (Hash functions): Split into several sections,
3674 separating recommended hash functions and legacy hash functions.
3677 2012-12-02 Niels Möller <nisse@lysator.liu.se>
3679 Split sha.h into new files sha1.h and sha2.h. Replaced all
3680 internal usage of sha.h in all files.
3681 * sha.h: Kept for compatibility, just includes both new files.
3684 * Makefile.in (HEADERS): Added sha1.h and sha2.h.
3686 2012-11-28 Niels Möller <nisse@lysator.liu.se>
3688 From Fredrik Thulin:
3689 * testsuite/pbkdf2-test.c (test_main): Add PBKDF2-HMAC-SHA512 test
3692 2012-11-15 Niels Möller <nisse@lysator.liu.se>
3694 * sha3-permute.c (sha3_permute): Use ULL suffix on round
3695 constants. Avoid passing shift count 0 to ROTL64.
3697 * sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
3699 * macros.h (LE_READ_UINT64): New macro.
3701 2012-11-13 Niels Möller <nisse@lysator.liu.se>
3703 * sha3-permute.c (sha3_permute): Micro optimizations. Partial
3704 unrolling. Use lookup table for the permutation. On an x86_64,
3705 execution time reduced from appr. 13000 cycles to appr. 6000.
3707 * examples/nettle-benchmark.c (TIME_CYCLES): New macro.
3708 (bench_sha1_compress, bench_salsa20_core): Use it.
3709 (bench_sha3_permute): New function.
3710 (main): Call bench_sha3_permute.
3712 2012-11-12 Niels Möller <nisse@lysator.liu.se>
3714 * examples/nettle-benchmark.c (main): Benchmark sha3_256.
3716 * sha3-permute.c: New file. Permutation function for sha3, aka
3718 * sha3.h: New header file.
3719 * sha3.c: New file, absorption and padding for sha3.
3720 * sha3-256.c: New file.
3721 * sha3-256-meta.c: New file.
3722 * nettle-meta.h (nettle_sha3_256): Declare.
3723 * Makefile.in (nettle_SOURCES): Added sha3 files.
3724 (HEADERS): Added sha3.h.
3725 * testsuite/sha3.awk: New file. Script to extract test vectors.
3726 * testsuite/sha3-256-test.c: New file.
3727 * testsuite/sha3-permute-test.c: New file.
3728 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
3729 sha3-permute-test.c and sha3-256-test.c.
3730 (DISTFILES): Added sha3.awk.
3731 * testsuite/.test-rules.make: Added sha3 targets.
3733 * macros.h (LE_WRITE_UINT64): New macro.
3734 * write-le64.c (_nettle_write_le64): New file and function.
3735 * nettle-write.h (_nettle_write_le64): Declare. Also deleted
3736 declaration of non-existent _nettle_write_be64.
3737 * Makefile.in (nettle_SOURCES): Added write-le64.c.
3739 * macros.h (ROTL64): New macro, moved from...
3740 * sha512-compress.c (ROTL64): ... old location, deleted.
3742 * serpent-internal.h [HAVE_NATIVE_64_BIT] (DROTL32): Renamed from...
3743 (ROTL64): ... old name.
3744 (DRSHIFT32): Renamed from ...
3745 (RSHIFT64): ... old name.
3746 * serpent-encrypt.c (LINEAR_TRANSFORMATION64): Updated for above
3748 * serpent-decrypt.c (LINEAR_TRANSFORMATION64_INVERSE): Likewise.
3750 2012-11-11 Niels Möller <nisse@lysator.liu.se>
3752 From Nikos Mavrogiannopoulos:
3753 * nettle.texinfo (Hash functions): Added documentation for
3755 * examples/nettle-benchmark.c (main): Benchmark gosthash94.
3757 2012-11-10 Niels Möller <nisse@lysator.liu.se>
3759 * nettle.texinfo (nettle_hashes, nettle_ciphers): Use deftypevr,
3760 not deftypevrx. Spotted by Nikos Mavrogiannopoulos.
3762 2012-11-08 Niels Möller <nisse@lysator.liu.se>
3764 Gost hash function, ported from Aleksey Kravchenko's rhash library
3765 by Nikos Mavrogiannopoulos.
3766 * gosthash94.c: New file.
3767 * gosthash94.h: New file.
3768 * gosthash94-meta.c: New file.
3769 * nettle-meta.h (nettle_gosthash94): Declare.
3770 * Makefile.in (nettle_SOURCES): Added gosthash94.c and
3772 (HEADERS): Added gosthash94.h.
3773 * testsuite/gosthash94-test.c: New file.
3774 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
3777 2012-10-29 Niels Möller <nisse@lysator.liu.se>
3779 From Martin Storsjö:
3780 * configure.ac (dummy-dep-files): Avoid non-posix \|-operator in
3783 2012-10-29 Niels Möller <nisse@lysator.liu.se>
3785 * x86_64/salsa20-core-internal.asm: New file.
3786 * configure.ac: Added salsa20-core-internal.asm.
3787 * examples/nettle-benchmark.c (bench_salsa20_core): New function.
3789 2012-10-27 Niels Möller <nisse@lysator.liu.se>
3791 * testsuite/Makefile.in (TS_SOURCES, CXX_SOURCES): Include sources
3793 (TS_CXX): Moved @IF_CXX@ conditional here.
3794 (DISTFILES): Use $(SOURCES), which now includes all C source
3795 files. testutils.c was lost in a the 2012-09-20 change.
3797 * x86_64/salsa20-crypt.asm: Include x86_64/salsa20.m4.
3798 Make all exits go via .Lend and W64_EXIT.
3800 * x86_64/salsa20.m4: New file, extracted from
3801 x86_64/salsa20-crypt.asm.
3803 2012-10-26 Niels Möller <nisse@lysator.liu.se>
3805 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LIBS): Add $(CFLAGS) on
3806 the link command line. Reported by Dennis Clarke.
3808 2012-10-03 Niels Möller <nisse@lysator.liu.se>
3810 From: Nikos Mavrogiannopoulos:
3811 * testsuite/testutils.c (test_hash): On failure, print the
3812 expected and returned hash values.
3814 2012-09-23 Niels Möller <nisse@lysator.liu.se>
3816 * Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
3818 * salsa20-core-internal.c (_salsa20_core): New file and function,
3819 extracted from salsa20_crypt.
3820 * salsa20.h (_salsa20_core): Declare it.
3821 * salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
3823 2012-09-21 Niels Möller <nisse@lysator.liu.se>
3825 * pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized
3828 * nettle.texinfo (Cipher functions): Stress that the salsa20 hash
3829 function is not suitable as a general hash function.
3831 2012-09-20 Simon Josefsson <simon@josefsson.org>
3833 * pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
3834 * pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
3835 * Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
3836 pbkdf2-hmac-sha256.c.
3837 * nettle.texinfo (Key derivation functions): Improve.
3838 * testsuite/pbkdf2-test.c (test_main): Test new functions.
3840 2012-09-20 Niels Möller <nisse@lysator.liu.se>
3842 * pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
3843 * pbkdf2.h (PBKDF2): Analogous reordering.
3844 * testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
3846 * nettle.texinfo (Key derivation functions): Updated documented
3849 * testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
3852 * configure.ac: New substitution IF_CXX, replacing CXX_TESTS.
3853 (dummy-dep-files): Handle .cxx files.
3855 * testsuite/Makefile.in: Use IF_CXX. Include dependency file for
3858 2012-09-19 Niels Möller <nisse@lysator.liu.se>
3861 * examples/rsa-encrypt.c (main): Added missing mpz_clear.
3862 * examples/rsa-keygen.c (main): Added missing deallocation.
3864 * testsuite/meta-hash-test.c (test_main): Validate
3865 NETTLE_MAX_HASH_DIGEST_SIZE.
3867 * pbkdf2.h (PBKDF2): New macro.
3868 * testsuite/pbkdf2-test.c: Use it.
3870 2012-09-12 Simon Josefsson <simon@josefsson.org>
3872 * NEWS: Mention addition of PBKDF2.
3873 * pbkdf2.c (pbkdf2): New file and function.
3874 * pbkdf2.h: Declare it.
3875 * Makefile.in (nettle_SOURCES): Add pbkdf2.c.
3876 (HEADERS): Add pbkdf2.h.
3877 * nettle.texinfo (Key derivation functions): New section.
3878 * testsuite/pbkdf2-test.c: New test case.
3879 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
3880 * testsuite/.test-rules.make (pbkdf2-test): New target.
3882 2012-09-16 Niels Möller <nisse@lysator.liu.se>
3884 * testsuite/: Overhaul of testsuite, affecting almost all files.
3885 + Use struct tstring for allocated strings, and deallocate before
3887 + Changed most test functions to take struct tstring as arguments.
3888 + Made all test_main return on success.
3890 * testsuite/testutils.h (struct tstring): New struct type.
3891 (H2, HL, MEMEQH, SUCCESS): Deleted macros.
3892 (SHEX, SDATA): New macros.
3893 (H): Redefined to track storage.
3895 * testsuite/testutils.c (tstring_alloc): New function.
3896 (tstring_clear): New function.
3897 (tstring_data): New function.
3898 (tstring_hex): New function.
3899 (tstring_print_hex): New function.
3900 (decode_hex_length): Made static.
3901 (decode_hex): Made static. No return value, abort on error.
3902 (main): Expect test_main to return, and call tstring_clear before
3904 (test_dsa_key): Added missing mpz_clear.
3905 (test_mac): Deleted unused function.
3907 * testsuite/rsa2sexp-test.c (test_main): Added missing
3908 nettle_buffer_clear.
3910 * testsuite/yarrow-test.c (open_file): Don't leak filename.
3911 (test_main): fclose input file properly.
3913 * testsuite/sexp-format-test.c (test_main): Added missing calls to
3914 nettle_buffer_clear and mpz_clear.
3916 * testsuite/serpent-test.c (tstring_hex_reverse): New function,
3918 (decode_hex_reverse): ... deleted function.
3919 (RHEX): New macro, replacing...
3920 (RH, RHL): ... deleted macros.
3922 * testsuite/rsa2sexp-test.c (test_main): Added missing
3923 nettle_buffer_clear.
3925 * testsuite/random-prime-test.c (test_main): Added missing
3928 * realloc.c (nettle_realloc): Only call libc realloc if length >
3929 0, otherwise call free. Fixes a small memory leak.
3930 (nettle_xrealloc): Likewise.
3932 * run-tests (test_program): Don't quote $EMULATOR; allow it to
3933 expand to program and arguments (e.g., valgrind).
3935 * tools/pkcs1-conv.c (convert_public_key): Added missing calls to
3936 dsa_public_key_clear and rsa_public_key_clear.
3937 (main): Added missing nettle_buffer_clear.
3939 2012-09-10 Niels Möller <nisse@lysator.liu.se>
3941 * examples/eratosthenes.c (main): Explicitly deallocate storage
3944 * examples/io.c (read_file): Explicitly treat an empty file as an
3945 error. Rearrange loop, check for short fread return value.
3947 * desdata.c: Don't declare printf, include <stdio.h> instead. Also
3948 deleted casts of printf return value.
3951 * examples/nettle-benchmark.c (die): Use PRINTF_STYLE attribute.
3952 * pgp-encode.c (pgp_put_rsa_sha1_signature): Deleted unused variable.
3953 * rsa2openpgp.c (rsa_keypair_to_openpgp): Likewise.
3954 * examples/base16enc.c (main): Deleted useless allocations.
3956 2012-09-07 Niels Möller <nisse@lysator.liu.se>
3958 * examples/nettle-benchmark.c (die): Add NORETURN attribute. Patch
3960 * tools/misc.h (die, werror): Use PRINTF_STYLE and NORETURN macros
3961 for attributes. Patch from Tim Rühsen.
3963 * examples/io.h (werror): Use PRINTF_STYLE macro.
3965 2012-08-22 Niels Möller <nisse@lysator.liu.se>
3967 From Sam Thursfield <sam.thursfield@codethink.co.uk>:
3968 * configure.ac: Make documentation optional, to avoid requiring
3969 TeX. New option --disable-documentation, and Makefile substitution
3971 * Makefile.in: Use IF_DOCUMENTATION.
3973 2012-07-12 Niels Möller <nisse@lysator.liu.se>
3975 * asm.m4 (ALIGN): Use << operator rather than **, with m4 eval.
3976 The latter is not supported by BSD m4.
3978 2012-07-07 Niels Möller <nisse@lysator.liu.se>
3980 Copyright headers: Updated FSF address. Patch from David Woodhouse.
3982 * examples/Makefile.in (BENCH_LIBS): Added -lm, needed for the
3983 ldexp function. Reported by Anthony G. Basile.
3985 * configure.ac: Changed version number to 2.6.
3987 * Released nettle-2.5.
3989 2012-07-05 Niels Möller <nisse@lysator.liu.se>
3991 * x86_64/salsa20-crypt.asm (salsa20_crypt): Write the 64-bit movq
3992 instructions as "movd", since that makes the osx assembler
3993 happier. Assembles to the same machine code on gnu/linux.
3995 2012-07-03 Niels Möller <nisse@lysator.liu.se>
3997 * aclocal.m4 (LSH_FUNC_ALLOCA): In the config.h boilerplate,
3998 include malloc.h if it exists, also when compiling with gcc.
3999 Needed for cross-compiling with --host=i586-mingw32msvc.
4001 * examples/base16dec.c: Don't #include files using <nettle/...>,
4002 we don't want to pick up installed versions. On windows, include
4003 <fcntl.h>, needed for _setmode.
4004 * examples/base16enc.c: Likewise.
4005 * examples/base64dec.c: Likewise.
4006 * examples/base64enc.c: Likewise
4008 * nettle.texinfo (Cipher functions): Document Salsa20.
4010 2012-06-25 Niels Möller <nisse@lysator.liu.se>
4012 * pkcs1.c (_pkcs1_signature_prefix): Renamed function, adding a
4013 leading underscore. Updated all callers.
4015 * bignum-next-prime.c (nettle_next_prime): Consistently use the
4016 type nettle_random_func * (rather then just nettle_random_func)
4017 when passing the function pointer as argument. Similar change for
4018 nettle_progress_func. Should have been done for the 2.0 release,
4019 but a few arguments were overlooked.
4020 * bignum-random-prime.c (_nettle_generate_pocklington_prime)
4021 (nettle_random_prime): Likewise.
4022 * bignum-random.c (nettle_mpz_random_size, nettle_mpz_random):
4024 * dsa-keygen.c (dsa_generate_keypair): Likewise.
4025 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise.
4026 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
4028 * dsa-sign.c (_dsa_sign): Likewise.
4029 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
4030 * rsa-blind.c (_rsa_blind): Likewise.
4031 * rsa-decrypt-tr.c (rsa_decrypt_tr): Likewise.
4032 * rsa-encrypt.c (rsa_encrypt): Likewise.
4033 * rsa-keygen.c (rsa_generate_keypair): Likewise.
4034 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Likewise.
4036 * cbc.c (cbc_encrypt, cbc_decrypt): Similarly, use the type
4037 nettle_crypt_func * rather than just nettle_crypt_func.
4038 * ctr.c (ctr_crypt): Likewise.
4039 * gcm.c (gcm_set_key): Likewise.
4041 * testsuite/des-compat-test.c (test_main): Disable declarations of
4042 disabled functions and variables, to avoid warnings. No verbose
4043 output unless verbose flag is set.
4045 2012-06-09 Niels Möller <nisse@lysator.liu.se>
4047 * examples/Makefile.in (SOURCES): Added base16dec.c, forgotten
4050 General pkcs1 signatures, with a "DigestInfo" input. Suggested by
4051 Nikos Mavrogiannopoulos.
4052 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
4053 rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
4055 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
4057 * pkcs1.h: Declare it.
4059 * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
4060 * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
4061 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
4062 contributed by Nikos Mavrogiannopoulos.
4063 * rsa.h: Declare new functions.
4065 * rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
4066 * rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
4067 separate file, renamed and made non-static. Moved from...
4068 * rsa-decrypt-tr.c: ... here.
4070 2012-06-03 Niels Möller <nisse@lysator.liu.se>
4072 * testsuite/pkcs1-test.c (test_main): Include leading zero in
4075 * pkcs1.c (pkcs1_signature_prefix): Return pointer to where the
4076 digest should be written. Let the size input be the key size in
4077 octets, rather then key size - 1.
4078 * pkcs1-rsa-*.c: Updated for above.
4079 * rsa-*-sign.c, rsa-*-verify.c: Pass key->size, not key->size - 1.
4081 2012-05-18 Niels Möller <nisse@lysator.liu.se>
4083 * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
4084 * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
4086 2012-05-09 Niels Möller <nisse@lysator.liu.se>
4088 * rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
4089 spotted by Nikos Mavrogiannopoulos.
4091 2012-05-07 Niels Möller <nisse@lysator.liu.se>
4093 * nettle-types.h (_STDINT_HAVE_INT_FAST32_T): Define here, to
4094 force nettle-stdint.h to not try to define the int_fast*_t types.
4095 Avoids compilation problems with gnutls on SunOS-5.8, where the
4096 definitions here collide with gnulib's.
4098 2012-04-23 Niels Möller <nisse@lysator.liu.se>
4100 * nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
4101 on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
4102 NETTLE_MAX_BIGNUM_BITS.
4104 2012-04-19 Niels Möller <nisse@lysator.liu.se>
4106 * list-obj-sizes.awk: Use decimal rather than hexadecimal output.
4107 (hex2int): Use local variables.
4109 2012-04-18 Niels Möller <nisse@lysator.liu.se>
4111 * x86_64/salsa20-crypt.asm: New file.
4113 2012-04-17 Niels Möller <nisse@lysator.liu.se>
4115 * testsuite/salsa20-test.c (test_salsa20_stream): Check that
4116 salsa20_crypt doesn't write beyond the given destination area.
4117 (test_salsa20): Likewise.
4119 * salsa20-crypt.c: Renamed file, from...
4120 * salsa20.c: ... old name.
4122 * x86_64/machine.m4 (WREG): New macro.
4124 * salsa20.c (salsa20_hash): Deleted function, inlined into
4126 (salsa20_set_key, salsa20_set_iv): Moved, to...
4127 * salsa20-set-key.c: ...new file.
4129 2012-04-15 Niels Möller <nisse@lysator.liu.se>
4131 * testsuite/salsa20-test.c (test_salsa20_stream): New function.
4132 (test_main): Tests for encrypting more than one block at a time.
4134 2012-04-14 Niels Möller <nisse@lysator.liu.se>
4136 * examples/io.c (write_file): Use write_string.
4138 * examples/Makefile.in (base64enc): New targets. Also
4139 added missing io.o dependency to several other targets.
4140 (base64dec, base16enc, base16dec): Likewise.
4142 * examples/base64enc.c: New file, based on example code
4143 contributed by Jeronimo Pellegrini.
4144 * examples/base64dec.c: Likewise.
4145 * examples/base16enc.c: Likewise.
4146 * examples/base16dec.c: Likewise.
4148 * examples/rsa-encrypt.c (process_file): Reorganized fread loop.
4149 (usage): New function.
4150 (main): Implemented --help option.
4152 * examples/rsa-decrypt.c (process_file): Improved error message
4153 for too short input file.
4155 * aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
4156 (mult, inv_mix_column): Deleted functions.
4157 (mtable): New table.
4158 (MIX_COLUMN): New macro.
4159 (aes_invert_key): Use MIX_COLUMN and mtable.
4161 * aesdata.c (compute_mtable): New table, for the inv mix column
4162 operation in aes_invert_key.
4164 2012-04-13 Niels Möller <nisse@lysator.liu.se>
4166 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.
4167 Tabulate the needed "round constants".
4168 (xtime): Deleted function.
4170 * aes-internal.h (SUBBYTE): Cast to uint32_t. Use B0, ..., B3
4173 2012-04-09 Niels Möller <nisse@lysator.liu.se>
4175 Timing resistant RSA decryption, based on RSA blinding code
4176 contributed by Nikos Mavrogiannopoulos.
4177 * rsa-decrypt-tr.c (rsa_decrypt_tr): New function.
4178 (rsa_blind): Helper function.
4179 (rsa_unblind): Helper function.
4180 * rsa.h: Declare rsa_decrypt_tr. Some cleanups, no longer include
4181 nettle-meta.h, more consistent declarations of function pointer
4183 * testsuite/rsa-encrypt-test.c (test_main): Test rsa_decrypt_tr.
4184 Check for writes past the end of the message area.
4186 * Makefile.in (hogweed_SOURCES): Added pkcs1-decrypt.c.
4187 * rsa-decrypt.c (rsa_decrypt): Use pkcs1_decrypt.
4188 * pkcs1-decrypt.c (pkcs1_decrypt): New file and function,
4189 extracted from rsa_decrypt.
4191 2012-04-01 Niels Möller <nisse@lysator.liu.se>
4193 * salsa20.c (LE_SWAP32): Typo fix for big-endian case.
4194 (QROUND): New macro.
4195 (salsa20_hash): Use it.
4197 2012-03-31 Niels Möller <nisse@lysator.liu.se>
4199 * salsa20.c: (salsa20_set_iv): Deleted size argument, only one
4201 (U8TO32_LITTLE): Deleted macro. Use LE_READ_UINT32 instead, which
4202 avoids unaligned reads.
4203 (salsa20_set_key): Rearranged slightly, to avoid unnecessary
4204 byte-to-word conversions.
4206 (LE_SWAP32): Renamed macro from...
4207 (U32TO32_LITTLE): ... old name.
4208 (U32TO8_LITTLE): Deleted macro.
4209 (salsa20_wordtobyte): Renamed function to...
4210 (salsa20_hash): ... new name. Changed output argument from byte
4211 array to word array. Use memxor3, which brings a considerable
4214 * nettle-internal.c (salsa20_set_key_hack): Updated salsa20_set_iv
4216 * testsuite/salsa20-test.c (test_salsa20): Deleted iv_length
4217 argument, updated all calls.
4219 * salsa20.h (SALSA20_BLOCK_SIZE): New constant.
4220 (_SALSA20_INPUT_LENGTH): New constant.
4221 * salsa20.c: Use these constants.
4223 * salsa20.c (ROTL32): Deleted macro, use the one from macros.h
4224 instead, with reversed order of arguments.
4225 (ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
4226 builtin operators directly.
4228 Unification of rotation macros.
4229 * macros.h (ROTL32): New macro, to replace (almost) all other
4232 * aes-set-encrypt-key.c: Include macros.h.
4233 (aes_set_encrypt_key): Use ROTL32.
4234 * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
4236 * camellia-internal.h (ROL32): Deleted macro.
4237 (ROTL128): Renamed for consistency, from...
4238 (ROL128): ... old name.
4239 * camellia-crypt-internal.c: Updated for renamed rotation macros.
4240 * camellia-set-encrypt-key.c: Likewise.
4241 * cast128.c (ROL): Deleted macro.
4242 (F1, F2, F3): Updated to use ROTL32 (reversed order of arguments).
4243 Also added proper do { ... } while (0) wrappers.
4245 * ripemd160-compress.c (ROL32): Deleted macro.
4246 (R): Updated to use ROTL32 (reversed order of arguments).
4248 * serpent-internal.h (ROL32): Deleted macro.
4249 (ROTL64): Renamed (from ROL64) and reorderd arguments, for
4251 (RSHIFT64): Reordered arguments, for consistency.
4252 * serpent-decrypt.c: Updated for renamed rotation macros, with
4253 reversed argument order.
4254 * serpent-encrypt.c: Likewise.
4255 * serpent-set-key.c: Likewise.
4257 * sha1-compress.c (ROTL): Deleted macro, use ROTL32 instead.
4259 * sha256-compress.c (ROTR): Deleted macro. Replaced by ROTL32,
4260 with complemented shift count.
4261 (SHR): Deleted macro, use plain shift operator instead.
4263 * sha512-compress.c (ROTR): Deleted macro, replaced by...
4264 (ROTL64): ...new macro, with complemented shift count
4265 (SHR): Deleted macro, use plain shift operator instead.
4266 (S0, S1, s0, s1): Updated accordingly.
4268 2012-03-30 Niels Möller <nisse@lysator.liu.se>
4270 * nettle-internal.c (nettle_salsa20): Cipher struct for
4271 benchmarking only. Sets a fix zero IV, and ignores block size.
4272 * nettle-internal.h (nettle_salsa20): Declare it.
4274 * examples/nettle-benchmark.c (block_cipher_p): New function.
4275 (time_cipher): Use block_cipher_p.
4276 (main): Include salsa20 in benchmark.
4278 * Makefile.in (soname link): Fixed logic.
4279 (nettle_SOURCES): Removed nettle-internal.c, so that it's not
4280 part of the library...
4281 (internal_SOURCES): ...and put it here.
4282 * testsuite/Makefile.in (TEST_OBJS): Added ../nettle-internal.o.
4283 * examples/Makefile.in (BENCH_OBJS): New variable, to simplify the
4284 nettle-benchmark rule. Also link with ../nettle-internal.o.
4286 2012-03-29 Niels Möller <nisse@lysator.liu.se>
4288 Implementation of Salsa20, contributed by Simon Josefsson.
4289 * salsa20.h: New file.
4290 * salsa20.c: New file.
4291 * Makefile.in (nettle_SOURCES): Added salsa20.c
4292 (HEADERS): Added salsa20.h.
4293 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added salsa20-test.c.
4294 * testsuite/salsa20-test.c: New test case.
4296 * Makefile.in (soname links): Adding missing space before ].
4298 2012-03-23 Niels Möller <nisse@lysator.liu.se>
4300 * arcfour.h (arcfour_stream): Deleted obsolete prototype.
4302 2012-03-05 Niels Möller <nisse@lysator.liu.se>
4304 * configure.ac (enable_shared): Build shared libraries by default.
4306 2012-03-04 Niels Möller <nisse@lysator.liu.se>
4308 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.4.
4309 (LIBHOGWEED_MINOR): And to 2.2.
4311 2012-02-27 Niels Möller <nisse@lysator.liu.se>
4313 * list-obj-sizes.awk: Recognize elf64 objects.
4315 * Makefile.in (.texinfo.dvi): Pass -b option to texi2dvi.
4317 * Makefile.in (TARGETS): Added twofishdata.
4318 (SOURCES): Added twofishdata.c.
4319 (twofishdata): New rule.
4321 * twofish.c (q0, q1): Made const, and reformatted to match the
4322 twofishdata program.
4324 * twofishdata.c: Resurrected old file. Used to be called
4325 generate_q.c, when the twofish code was contributed back in 1999.
4327 * nettle.texinfo: Documentation for base16 and base64 encoding.
4328 Text contributed by Jeronimo Pellegrini
4329 <pellegrini@mpcnet.com.br>, back in April 2006.
4331 2012-02-18 Niels Möller <nisse@lysator.liu.se>
4333 * run-tests, getopt.c, getopt1.c, getopt.h: These files were moved
4334 to the top-level in the conversion to an independent git
4335 repository. They used to be symlinks to lsh files, from the
4336 subdirectories which use them.
4338 * Makefile.in: Build and distribute getopt files. Distribute
4340 * examples/Makefile.in: Adapt to getopt files and the run-tests
4341 script now located in the parent directory.
4342 * testsuite/Makefile.in: Likewise.
4343 * tools/Makefile.in: Likewise.
4345 * index.html: Converted to xhtml (from lsh repository, change
4346 dated 2012-02-03). Updated git instructions.
4348 * nettle.texinfo: Updated charset declaration.
4349 * misc/plan.html: Likewise.
4351 2012-01-17 Niels Möller <nisse@lysator.liu.se>
4353 * testsuite/Makefile.in (DISTFILES): Added setup-env.
4355 * examples/rsa-decrypt.c (main): Use _setmode rather than setmode,
4356 suggested by Eli Zaretskii. Affects windows builds only.
4357 * examples/rsa-encrypt.c: Likewise.
4359 * Makefile.in ($(LIBNETTLE_FORLINK)): Always create a .lib symlink
4360 to the library file. Use LN_S.
4361 ($(LIBHOGWEED_FORLINK)): Likewise.
4363 (install-shared-nettle): Use LN_S.
4364 (install-shared-hogweed): Likewise.
4366 * configure.ac: Use AC_PROG_LN_S.
4367 * config.make.in (LN_S): New substitution.
4369 * testsuite/setup-env: New file. Wine workaround. Can't get
4370 ../.lib into wine's dll search path, so create additional
4372 * testsuite/teardown-env: ...and delete them here. Also delete
4374 * examples/setup-env: Similar links setup here.
4375 * examples/teardown-env: ... and deleted.
4377 2012-01-07 Niels Möller <nisse@lysator.liu.se>
4379 * examples/Makefile.in (check): Add ../.lib to PATH, like in
4380 testsuite/Makefile. Needed for w*ndows. Reported by Eli Zaretskii.
4382 2011-11-25 Niels Möller <nisse@lysator.liu.se>
4384 From Martin Storsjö:
4385 * x86_64/machine.m4 (W64_ENTRY, W64_EXIT): New macros for
4387 * x86_64: Updated all assembly files to use them.
4389 * configure.ac (W64_ABI): New variable, set when compiling for
4390 W64 ABI (64-bit M$ windows).
4391 * config.m4.in (W64_ABI): Define, from configure substitution.
4393 2011-11-24 Niels Möller <nisse@lysator.liu.se>
4395 From Martin Storsjö:
4396 * examples/Makefile.in (check): Pass $(EMULATOR) and $(EXEEXT) in
4397 the environment of run-tests.
4398 * examples/rsa-encrypt-test: Use $EXEEXT and $EMULATOR.
4399 * examples/rsa-sign-test: Likewise.
4400 * examples/rsa-verify-test: Likewise.
4401 * examples/setup-env: Likewise.
4403 * testsuite/Makefile.in (check): Pass $(EXEEXT) in the environment of
4405 * testsuite/pkcs1-conv-test: Use $EXEEXT and $EMULATOR. Ignore \r
4408 * examples/rsa-decrypt.c (main) [WIN32]: Set stdout/stdin to
4410 * examples/rsa-encrypt.c (main): Likewise.
4412 2011-11-24 Niels Möller <nisse@lysator.liu.se>
4414 * configure.ac (HAVE_NATIVE_64_BIT): Workaround to get it set to 1
4417 * serpent-internal.h (ROL64): Use (uint64_t) 1 rather than 1L, for
4419 (RSHIFT64): Likewise. Also added a missing parenthesis.
4421 2011-11-24 Niels Möller <nisse@lysator.liu.se>
4423 From Martin Storsjö:
4424 * testsuite/symbols-test: Use $NM, falling back to nm if undefined.
4425 * testsuite/Makefile.in (check): Pass $(NM) in the environment of
4427 * config.make.in (NM): Set NM.
4429 * testsuite/sexp-conv-test: Use $EMULATOR when running test
4430 programs. Also ignore \r for output in the non-canonical output
4432 * testsuite/Makefile.in (check): Pass $(EMULATOR) in the
4433 environment of run-tests.
4434 * configure.ac (EMULATOR): New substituted variable. Set to wine
4435 or wine64 when cross compiling for windows, otherwise empty.
4436 * config.make.in (EMULATOR): Set from autoconf value.
4438 2011-11-20 Niels Möller <nisse@lysator.liu.se>
4440 * x86/camellia-crypt-internal.asm: Take ALIGNOF_UINT64_T into
4441 account when getting the offset for the subkeys. Differs between
4442 w32 and other systems. w32 problem identified by Martin Storsjö.
4444 * config.m4.in: Define ALIGNOF_UINT64_T (from configure).
4446 * configure.ac: Check alignment of uint64_t, and also use AC_SUBST
4447 for use in config.m4.in.
4449 2011-11-19 Niels Möller <nisse@lysator.liu.se>
4451 Cygwin/mingw32 improvements contributed by Martin Storsjö:
4452 * Makefile.in (IMPLICIT_TARGETS): New variable for DLL link
4454 (clean-here): Delete the DLL import libraries.
4456 * configure.ac: Setup installation of DLL files in $bindir.
4457 (IF_DLL, LIBNETTLE_FILE_SRC, LIBHOGWEED_FILE_SRC): New
4460 * config.make.in (LIBNETTLE_FILE_SRC): Substitute new autoconf
4462 (LIBHOGWEED_FILE_SRC): Likewise.
4464 * Makefile.in (install-dll-nettle, uninstall-dll-nettle): New
4465 target for installing the DLL file in $bindir.
4466 (install-shared-nettle): Conditionally
4467 depend on install-dll-nettle. Use LIBNETTLE_FILE_SRC.
4468 (uninstall-shared-nettle): Conditionally depend on
4470 (various hogweed targets): Analogous changes.
4472 * configure.ac: Unify shared lib setup for cygwin and mingw.
4474 2011-10-31 Niels Möller <nisse@lysator.liu.se>
4476 * configure.ac (LIBHOGWEED_LIBS): Typo fix for the darwin case.
4477 Spotted by Martin Storsjö.
4479 2011-10-25 Niels Möller <nisse@lysator.liu.se>
4481 * configure.ac (LIBHOGWEED_LIBS): cygwin fix, added
4482 libnettle.dll.a. Reported by Volker Zell.
4484 2011-10-18 Niels Möller <nisse@lysator.liu.se>
4486 * configure.ac: Improved setup för darwin shared libraries.
4487 Patch contributed by Ryan Schmidt.
4489 2011-10-03 Niels Möller <nisse@lysator.liu.se>
4491 * x86_64/memxor.asm: Implemented sse2-loop. Configured at compile
4492 time, and currently disabled.
4494 * testsuite/testutils.h (ASSERT): Write message to stderr.
4496 * testsuite/memxor-test.c: Use 16-byte alignment for "fully
4499 2011-09-03 Niels Möller <nisse@lysator.liu.se>
4501 * x86/camellia-crypt-internal.asm: Use "l"-suffix on instructions
4502 more consistently. Reportedly, freebsd and netbsd systems with
4503 clang are more picky about this.
4505 * configure.ac: Changed version number to 2.5.
4507 * Released nettle-2.4.
4509 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.3.
4511 * gcm-aes.c: Include config.h.
4512 * tools/nettle-lfib-stream.c: Likewise.
4514 * ripemd160-compress.c: Added missing include of config.h. Needed
4515 for correct operation on big-endian systems.
4517 2011-09-02 Niels Möller <nisse@amfibolit.hack.org>
4519 * configure.ac: Changed version number to 2.4.
4521 * Released nettle-2.3.
4523 2011-08-30 Niels Möller <nisse@lysator.liu.se>
4525 * testsuite/hmac-test.c: Added tests for hmac-ripemd160.
4527 * hmac.h: Declare hmac-ripemd160 related functions.
4529 * Makefile.in (nettle_SOURCES): Added hmac-ripemd160.c.
4531 2011-08-30 Niels Möller <nisse@amfibolit.hack.org>
4533 * nettle.texinfo (Hash functions): Document ripemd-160.
4535 * hmac-ripemd160.c: New file.
4537 * hmac.h: Declare hmac-ripemd160 functions.
4539 2011-08-29 Niels Möller <nisse@lysator.liu.se>
4541 * sha256.c (sha256_update): Updated MD_UPDATE call for new
4543 (sha256_write_digest): Use MD_PAD rather than MD_FINAL, and insert
4544 the length manually.
4545 * sha512.c: Analogous changes.
4547 * sha1.c (COMPRESS): New macro.
4548 (sha1_update): Updated MD_UPDATE call for new conventions.
4549 (sha1_digest): Use MD_PAD rather than MD_FINAL, and insert the
4552 * ripemd160.c (ripemd160_init): Use memcpy for initializing the
4554 (COMPRESS): New macro.
4555 (ripemd160_update): Use MD_UPDATE.
4556 (ripemd160_digest): Inline ripemd160_final processing. Use MD_PAD
4557 and _nettle_write_le32.
4558 (ripemd160_final): Deleted function.
4560 * ripemd160.h (struct ripemd160_ctx): Use a 64-bit block count.
4561 Renamed digest to state.
4563 * md5.c (md5_init): Use memcpy for initializing the state vector.
4564 (COMPRESS): New macro, wrapping _nettle_md5_compress.
4565 (md5_update): Use MD_UPDATE.
4566 (md5_digest): Inline md5_final processing. Use MD_PAD and
4568 (md5_final): Deleted.
4570 * md5.h (struct md5_ctx): Renamed some fields, for consistency.
4572 * md4.h (struct md4_ctx): Renamed some fields, for consistency.
4574 * md4.c (md4_init): Use memcpy for initializing the state vector.
4575 (md4_update): Use MD_UPDATE.
4576 (md4_digest): Inline md4_final processing, using MD_PAD. Use
4578 (md4_block): Renamed, to...
4579 (md4_compress): ... new name. Take ctx pinter as argument.
4580 (md4_final): Deleted function.
4582 * md2.c (md2_update): Use MD_UPDATE.
4584 * macros.h (MD_UPDATE): Added incr argument. Invoke compression
4585 function with ctx pointer as argument, rather than ctx->state.
4586 (MD_FINAL): Just pad, don't store length field. Renamed to MD_PAD.
4587 (MD_PAD): Analogous change of compression invocations.
4589 * sha512.c: (COMPRESS): New macro wrapping _nettle_sha512_compress.
4590 (sha512_update): Use MD_UPDATE.
4591 (sha512_final): Deleted function.
4592 (sha512_write_digest): Use MD_FINAL.
4594 * sha256.c (COMPRESS): New macro wrapping _nettle_sha256_compress.
4595 (SHA256_INCR): Deleted macro.
4596 (sha256_update): Use MD_UPDATE.
4597 (sha256_final): Deleted function.
4598 (sha256_write_digest): New function, replacing sha256_final, and
4600 (sha256_digest): Use sha256_write_digest.
4601 (sha224_digest): Likewise.
4603 * tools/nettle-hash.c (list_algorithms): Fixed typo in header.
4605 * sha1.c (SHA1_DATA_LENGTH): Deleted unused macro.
4606 (sha1_init): Use memcpy to initialize the state vector.
4607 (SHA1_INCR): Deleted macro.
4608 (sha1_update): Use MD_UPDATE macro, to reduce code duplication.
4609 (sha1_digest): Use MD_FINAL macro.
4610 (sha1_final): Deleted function.
4612 * sha.h (struct sha1_ctx): Renamed attribute digest to state.
4614 * macros.h (MD_UPDATE): New macro.
4615 (MD_FINAL): New macro.
4617 2011-08-28 Niels Möller <nisse@lysator.liu.se>
4619 * ripemd160.c (ripemd160_final): Use LE_WRITE_UINT32. Deleted byte
4620 swapping at the end, leaving it to ripemd160_digest.
4621 (ripemd160_digest): Use _nettle_write_le32.
4623 * Makefile.in (nettle_SOURCES): Added write-le32.c.
4625 * md5.c (md5_digest): Use _nettle_write_le32.
4627 * write-le32.c (_nettle_write_le32): New file and function.
4629 * ripemd160-compress.c (ROL32): Renamed macro (was "rol"). Deleted
4630 x86 version using inline assembly; at least gcc-4.4.5 recognizes
4631 shift-and-or expressions which are in fact rotations.
4632 (_nettle_ripemd160_compress): Use LE_READ_UINT32.
4634 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.2.
4636 * testsuite/meta-hash-test.c: Updated for the addition of
4639 * testsuite/.test-rules.make: Added rule for ripemd160-test.
4641 * examples/nettle-benchmark.c (main): Benchmark ripemd-160.
4643 2011-08-28 Niels Möller <nisse@lysator.liu.se>
4645 RIPEMD-160 hash function. Ported from libgcrypt by Andres Mejia.
4646 * testsuite/ripemd160-test.c: New file.
4647 * ripemd160.h: New file.
4648 * nettle-meta.h: Declare nettle_ripemd160.
4649 * ripemd160.c: New file, ported from libgcrypt.
4650 * ripemd160-compress.c: Likewise.
4651 * ripemd160-meta.c: New file.
4652 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
4654 * nettle-meta-hashes.c (nettle_hashes): Added nettle_ripemd160.
4655 * Makefile.in (nettle_SOURCES): Added ripemd160.c,
4656 ripemd160-compress.c, and ripemd160-meta.c.
4657 (HEADERS): Added ripemd160.h.
4659 2011-08-10 Niels Möller <nisse@amfibolit.hack.org>
4661 * nettle.texinfo: Fixed mis-placed const in various prototypes.
4662 Spotted by Tatsuhiro Tsujikawa.
4664 2011-07-24 Niels Möller <nisse@lysator.liu.se>
4666 * Makefile.in (PKGCONFIG_FILES, pkgconfigdir): New variables.
4667 (DISTFILES): Added nettle.pc.in and hogweed.pc.in.
4668 (nettle.pc, hogweed.pc): New targets (invoking config.status).
4669 (install-pkgconfig, uninstall-pkgconfig): New targets.
4670 (install-here): Depend on install-pkgconfig.
4671 (uninstall-here): Depend on uninstall-pkgconfig.
4672 (distclean-here): Delete nettle.pc and hogweed.pc.
4674 2011-07-20 Niels Möller <nisse@lysator.liu.se>
4676 * configure.ac: Generate nettle.pc and hogweed.pc.
4678 * nettle.pc.in, hogweed.pc.in: New files.
4680 2011-07-17 Niels Möller <nisse@lysator.liu.se>
4682 * nettle-internal.h: Added missing extern declarations.
4684 2011-07-11 Niels Möller <nisse@lysator.liu.se>
4686 * configure.ac: Changed version number to 2.3.
4688 * Released nettle-2.2.
4690 * Makefile.in (DISTFILES): Distribute COPYING.LIB, not COPYING,
4692 2011-07-07 Niels Möller <nisse@lysator.liu.se>
4694 * tools/misc.h (werror): Removed incorrect noreturn attribute from
4697 * examples/io.c (read_file): Bug fix, in dependence of initial
4700 2011-07-01 Niels Möller <nisse@lysator.liu.se>
4702 * cbc.c (CBC_BUFFER_LIMIT): Reduced to 512 bytes.
4703 (cbc_decrypt): For in-place operation, use overlapping memxor3 and
4706 * ctr.c (ctr_crypt): Reorganized to call the encryption function
4707 with several blocks at a time. Handle the case of a single block
4710 * x86_64/memxor.asm: Added ALIGN for shifting loop. Deleted
4713 2011-06-30 Niels Möller <nisse@lysator.liu.se>
4715 * configure.ac: Link in serpent-decrypt.asm, if found.
4717 * x86_64/serpent-decrypt.asm: Added an SSE2 loop, doing four
4718 blocks at a time in parallel.
4720 * x86_64/serpent-encrypt.asm: Include serpent.m4. Deleted a
4723 * x86_64/serpent.m4: New file, with serpent-related macros.
4725 2011-06-29 Niels Möller <nisse@lysator.liu.se>
4727 * x86_64/serpent-decrypt.asm: Wrote main (32-bit) loop.
4728 (SBOX0I, SBOX1I, SBOX7I): Fixed bugs.
4730 * nettle.texinfo (Copyright): Updated for license change to
4731 LGPLv2+. Updated copyright info on serpent.
4733 * NEWS: Updated information for nettle-2.2.
4735 * x86_64/serpent-decrypt.asm: New file.
4737 * x86_64/serpent-encrypt.asm: Fixed .file pseudo op.
4739 * testsuite/testutils.c (test_cipher_ctr): Display more info on
4742 * examples/nettle-benchmark.c (bench_ctr): New function.
4743 (time_cipher): Also benchmark CTR mode.
4745 * configure.ac (LIBNETTLE_MINOR): Updated library version number
4747 (LIBHOGWEED_MINOR): And to 2.1.
4749 2011-06-22 Niels Möller <nisse@lysator.liu.se>
4751 * configure.ac: Use pwd -P when examining lib directories.
4752 Link in serpent-encrypt.asm, if found.
4754 2011-06-21 Niels Möller <nisse@lysator.liu.se>
4756 * serpent-decrypt.c (SBOX3_INVERSE): Eliminated temporaries.
4757 (SBOX4_INVERSE): Likewise.
4758 (SBOX5_INVERSE): Likewise.
4759 (SBOX6_INVERSE): Likewise.
4760 (SBOX7_INVERSE): Likewise.
4761 (All SBOX_INVERSE-macros): Deleted type argument, and updated users.
4763 2011-06-20 Niels Möller <nisse@lysator.liu.se>
4765 * serpent-decrypt.c: Renamed arguments in sbox macros.
4766 (SBOX0_INVERSE): Eliminated temporaries.
4767 (SBOX1_INVERSE): Likewise.
4768 (SBOX2_INVERSE): Likewise.
4770 * x86_64/serpent-encrypt.asm: Added an SSE2 loop, doing four
4771 blocks at a time in parallel.
4773 * testsuite/serpent-test.c (test_main): Added some more multiple
4776 2011-06-15 Niels Möller <nisse@lysator.liu.se>
4778 * configure.ac (libdir): On 64-bit Linux, we used to assume that
4779 libraries are installed according to the FHS. Since at least
4780 Fedora and Gentoo follow the FHS convention, while at least Debian
4781 doesn't, we have to try to figure out which convention is used.
4783 2011-06-14 Niels Möller <nisse@lysator.liu.se>
4785 * x86_64/serpent-encrypt.asm: Slight simplification of loop logic.
4787 * x86_64/serpent-encrypt.asm: New file.
4789 2011-06-12 Niels Möller <nisse@lysator.liu.se>
4791 * testsuite/serpent-test.c (test_main): Added tests with multiple
4794 * serpent-encrypt.c (SBOX6): Renamed arguments. Eliminated
4797 (All SBOX-macros): Deleted type argument, and updated users.
4799 * configure.ac: Display summary at the end of configure..
4800 (asm_path): Set only if enable_assember is yes.
4802 2011-06-10 Niels Möller <nisse@lysator.liu.se>
4804 * serpent-encrypt.c (SBOX5): Renamed arguments. Eliminated
4807 2011-06-09 Niels Möller <nisse@lysator.liu.se>
4809 * serpent-encrypt.c (SBOX4): Renamed arguments. Eliminated
4812 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LINK): Cygwin fix, from
4815 2011-06-08 Niels Möller <nisse@lysator.liu.se>
4817 * examples/eratosthenes.c (find_first_one): Fixed c99-style
4818 declaration. Reported by Sebastian Reitenbach.
4819 (find_first_one): Declare the lookup table as static const, and
4820 use unsigned char rather than unsigned..
4822 2011-06-07 Niels Möller <nisse@lysator.liu.se>
4824 * serpent-encrypt.c (SBOX0): Renamed arguments. Eliminated
4830 2011-06-06 Niels Möller <nisse@lysator.liu.se>
4832 * Makefile.in (DISTFILES): Added serpent-internal.h.
4833 (nettle_SOURCES): Replaced serpent.c by serpent-set-key.c,
4834 serpent-encrypt.c, and serpent-decrypt.c.
4836 * serpent.c: Replaced by several new files.
4837 * serpent-set-key.c: New file.
4838 * serpent-encrypt.c: New file.
4839 * serpent-decrypt.c: New file.
4840 * serpent-internal.h: New file.
4842 * serpent.c [HAVE_NATIVE_64_BIT]: Process two blocks at a time in
4843 parallel. Measured speedup of 10%--25% (higher for encryption) on
4846 2011-06-01 Niels Möller <nisse@lysator.liu.se>
4848 * serpent.c (ROUNDS): Deleted macro.
4849 (serpent_block_t): Deleted array typedef.
4850 (KEYXOR): New macro, replacing BLOCK_XOR.
4851 (BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
4852 (LINEAR_TRANSFORMATION): Use four separate arguments.
4853 (LINEAR_TRANSFORMATION_INVERSE): Likewise.
4854 (ROUND): Take separate arguments for all input and output words.
4855 (ROUND_INVERSE): Likewise.
4856 (ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
4857 (serpent_set_key): Moved loop termination test.
4858 (serpent_encrypt): Rewrote with unrolling of just eight rounds,
4859 and without serpent_block_t.
4860 (serpent_decrypt): Likewise.
4862 * serpent.c: Added do { ... } while (0) around block macros.
4863 (serpent_key_t): Deleted array typedef.
4864 (ROL32, ROR32): Renamed macros, were rol and ror.
4865 (KS_RECURRENCE, KS): New macros.
4866 (serpent_key_pad): Renamed, from...
4867 (serpent_key_prepare): ...old name.
4868 (serpent_subkeys_generate): Deleted function.
4869 (serpent_set_key): Rewrote the generation of subkeys. Reduced both
4870 temporary storage and code size (less unrolling)
4872 2011-05-31 Niels Möller <nisse@lysator.liu.se>
4874 * testsuite/serpent-test.c (test_main): Enabled test with short,
4877 * serpent.c (byte_swap_32): Deleted macro.
4878 (serpent_key_prepare): Use LE_READ_UINT32. Don't require aligned
4879 input, and support arbitrary key sizes.
4881 2011-05-30 Simon Josefsson <simon@josefsson.org>
4883 * serpent.c: Rewrite, based on libgcrypt code. License changed
4885 * serpent_sboxes.h: Removed.
4886 * Makefile.in: Drop serpent_sboxes.h.
4888 2011-05-31 Niels Möller <nisse@lysator.liu.se>
4890 * testsuite/serpent-test.c (test_main): Added some tests for
4891 padding of keys of length which is not a multiple of four bytes.
4893 2011-05-30 Simon Josefsson <simon@josefsson.org>
4895 * testsuite/serpent-test.c (test_main): Add test vectors from
4898 2011-05-21 Niels Möller <nisse@lysator.liu.se>
4900 * dsa-keygen.c (dsa_generate_keypair): Avoid double init of mpz
4901 variable. Spotted by Nikos Mavrogiannopoulos.
4903 2011-05-06 Niels Möller <nisse@lysator.liu.se>
4905 * configure.ac: Fix link flags for shared libraries on Solaris,
4906 which needs -h to set the soname. Patch contributed by Dagobert
4909 2011-05-06 Niels Möller <nisse@lysator.liu.se>
4911 * configure.ac: New configure option --enable-gcov.
4913 * arcfour.h (arcfour_stream): Deleted obsolete define.
4915 2011-04-27 Niels Möller <nisse@lysator.liu.se>
4917 * tools/nettle-hash.c (find_algorithm): Require exact match.
4919 2011-04-15 Niels Möller <nisse@lysator.liu.se>
4921 Reverted broken byte-order change from 2001-06-17:
4922 * serpent.c (serpent_set_key): Use correct byteorder.
4923 (serpent_encrypt): Likewise.
4924 (serpent_decrypt): Likewise.
4926 * testsuite/serpent-test.c (decode_hex_reverse): New function.
4927 (RH, RHL): New macros.
4928 (test_main): Byte reverse inputs and outputs for the testvectors
4929 taken from the serpent submission package. Enable test vectors
4930 from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
4932 2011-03-23 Niels Möller <nisse@lysator.liu.se>
4934 * tools/sexp-conv.c (xalloc): Deleted function, now it's in misc.c
4937 * configure.ac: Use LSH_FUNC_STRERROR.
4939 * tools/Makefile.in (TARGETS): Added nettle-hash, and related
4941 (SOURCES): Added nettle-hash.c.
4943 * tools/misc.c (xalloc): New function.
4945 * tools/pkcs1-conv.c (main): Made the OPT_* constants local, and
4946 fixed numerical values to start with non-ASCII 0x300.
4948 * tools/nettle-hash.c: New file.
4950 2011-03-23 Niels Möller <nisse@lysator.liu.se>
4952 Contributed by Daniel Kahn Gillmor:
4953 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
4954 meta-hash-test.c, meta-cipher-test.c, and meta-armor-test.c.
4956 * testsuite/meta-hash-test.c: New file.
4957 * testsuite/meta-cipher-test.c: New file.
4958 * testsuite/meta-armor-test.c: New file.
4960 * nettle.texinfo: Document nettle_hashes and nettle_ciphers.
4962 * nettle-meta.h: Declare algorithm lists nettle_ciphers,
4963 nettle_hashes, nettle_armors.
4965 * Makefile.in (nettle_SOURCES): Added nettle-meta-hashes.c,
4966 nettle-meta-ciphers.c, and nettle-meta-armors.c.
4968 * nettle-meta-armors.c: New file.
4969 * nettle-meta-ciphers.c: New file.
4970 * nettle-meta-hashes.c: New file.
4972 2011-02-18 Niels Möller <nisse@lysator.liu.se>
4974 * arcfour.c (arcfour_stream): Deleted function. It's not very
4975 useful, and neither documented nor tested.
4977 2011-02-16 Niels Möller <nisse@lysator.liu.se>
4979 * cbc.h (CBC_ENCRYPT): Avoid using NULL; we don't ensure that it
4981 (CBC_DECRYPT): Likewise.
4983 * gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
4984 (gcm_aes_set_key): Deleted cast.
4985 (gcm_aes_encrypt): Likewise.
4986 (gcm_aes_decrypt): Likewise.
4987 (gcm_aes_digest): Likewise.
4988 (gcm_aes_update): One less argument to GCM_UPDATE.
4990 * gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
4991 compiler type checking despite this cast.
4992 (GCM_ENCRYPT): Likewise.
4993 (GCM_DECRYPT): Likewise.
4994 (GCM_DIGEST): Likewise.
4995 (GCM_SET_IV): New macro, for completeness.
4996 (GCM_UPDATE): Deleted unused argument encrypt.
4998 2011-02-14 Niels Möller <nisse@lysator.liu.se>
5000 * nettle.texinfo: Split node on cipher modes, and started on
5001 the GCM documentation.
5003 * testsuite/gcm-test.c (test_gcm_aes): Deleted function, replaced
5005 (test_main): Use test_aead.
5007 * testsuite/testutils.c (test_aead): New function, replacing
5008 test_gcm_aes and before that test_cipher_gcm.
5010 * nettle-internal.c (nettle_gcm_aes128): New const struct.
5011 (nettle_gcm_aes192): Likewise.
5012 (nettle_gcm_aes256): Likewise.
5014 * nettle-internal.h (struct nettle_aead): Tentative interface for
5015 authenticated encryption with associated data.
5017 * examples/nettle-benchmark.c (time_gcm): Renamed. Updated for
5018 gcm_aes_auth to gcm_aes_update renaming. Benchmark both encryption
5020 (time_gmac): ...old name.
5022 * nettle-internal.c (des_set_key_hack): Don't touch the bits
5023 parity, since thay are now ignored.
5024 (des3_set_key_hack): Likewise.
5026 * cast128-meta.c (nettle_cast128): Don't pass keysize.
5027 * nettle-meta.h (_NETTLE_CIPHER_FIX): Deleted keysize parameter
5028 derived from the appropriate constant instead.
5030 * testsuite/gcm-test.c (test_gcm_aes): Updated for gcm_aes_auth to
5031 gcm_aes_update renaming.
5033 2011-02-13 Niels Möller <nisse@lysator.liu.se>
5035 * gcm.h (GCM_UPDATE): Renamed, from...
5036 (GCM_AUTH): ...old name.
5038 * gcm-aes.c (gcm_aes_update): Renamed, from...
5039 (gcm_aes_auth): ...old name.
5041 * gcm.c (gcm_update): Renamed, and fixed an assert. From...
5042 (gcm_auth): ...old name.
5044 * gcm.h (GCM_TABLE_BITS): Increase table size to 8 bits,
5045 corresponding to 4 KByte of key-dependent tables.
5047 2011-02-10 Niels Möller <nisse@lysator.liu.se>
5049 * x86_64/memxor.asm: New file. Improves performance by 22% for the
5050 unaligned01 case and 35% for the unaligned12 case, benchmarked on
5053 * examples/nettle-benchmark.c (cgt_works_p): New function.
5054 (cgt_time_start): Likewise.
5055 (cgt_time_end): Likewise.
5056 (clock_time_start): Likewise.
5057 (clock_time_end): Likewise.
5058 (time_function): Read clock via function pointers time_start and
5059 time_end, so we can select method at runtime.
5060 (xalloc): Use die function.
5061 (main): Choose timing function. If available, try clock_gettime,
5062 and fall back to clock if it doesn't exist.
5064 * examples/nettle-benchmark.c (die): New function.
5065 (TIME_END, TIME_START): Check return value from clock_gettime.
5067 * gcm.h (union gcm_block): Use correct length for w array.
5069 * testsuite/gcm-test.c (test_main): Added the rest of the
5070 testcases from the spec.
5072 2011-02-09 Niels Möller <nisse@lysator.liu.se>
5074 * testsuite/gcm-test.c (test_main): Enabled testcases 5 and 6,
5075 with different IV lengths.
5077 * gcm-aes.c (gcm_aes_set_iv): Updated for gcm_set_iv change.
5079 * gcm.c (gcm_hash_sizes): New function.
5080 (gcm_set_iv): Added support for IVs of arbitrary size. Needed
5081 another argument, for the hash subkey.
5082 (gcm_digest): Use gcm_hash_sizes.
5084 * examples/nettle-benchmark.c (time_gmac): Use gcm_aes interface.
5086 * testsuite/gcm-test.c (test_gcm_aes): New function, replacing
5087 test_cipher_gcm and using the new gcm_aes interface.
5088 (test_main): Updated to use test_gcm_aes.
5089 * testsuite/testutils.c (test_cipher_gcm): Deleted function.
5091 * Makefile.in (nettle_SOURCES): Added gcm-aes.c.
5093 * gcm.c (gcm_set_key): Replaced context argument by a struct
5095 (gcm_hash): Replaced context argument by a struct gcm_key * and a
5096 pointer to the hashing state block.
5097 (gcm_auth): Added struct gcm_key * argument.
5098 (gcm_encrypt): Likewise.
5099 (gcm_decrypt): Likewise.
5100 (gcm_digest): Likewise.
5102 * gcm-aes.c: New file.
5103 (gcm_aes_set_key): New function.
5104 (gcm_aes_set_iv): Likewise.
5105 (gcm_aes_auth): Likewise.
5106 (gcm_aes_encrypt): Likewise.
5107 (gcm_aes_decrypt): Likewise.
5108 (gcm_aes_digest): Likewise.
5110 * gcm.h (struct gcm_key): Moved the key-dependent and
5111 message-independent state to its own struct.
5112 (struct gcm_ctx): ... and removed it here.
5113 (GCM_CTX): New macro.
5114 (GCM_SET_KEY): Likewise.
5115 (GCM_AUTH): Likewise.
5116 (GCM_ENCRYPT): Likewise.
5117 (GCM_DECRYPT): Likewise.
5118 (GCM_DIGEST): Likewise.
5119 (struct gcm_aes_ctx): New struct.
5121 2011-02-08 Niels Möller <nisse@lysator.liu.se>
5123 * gcm.h (struct gcm_ctx): The hash key is now always an array,
5124 named h, with array size depending on GCM_TABLE_BITS.
5125 * gcm.c (gcm_gf_shift): Added a separate result argument.
5126 (gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
5127 0. Simplified interface with just two arguments pointing to
5129 (gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
5130 (gcm_gf_shift_chunk): ... old name.
5131 (gcm_gf_mul): Renamed both table-based versions and made the
5132 argument types compatible with the bitwise gcm_gf_mul.
5133 (gcm_gf_mul_chunk): ... the old name.
5134 (gcm_set_key): Initialize the table using adds and shifts only.
5135 When GCM_TABLE_BITS > 0, this eliminates the only use of the
5136 bitwise multiplication.
5137 (gcm_hash): Simplified, now that we have the same interface for
5138 gcm_gf_mul, regardless of table size.
5140 * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
5141 (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
5142 e.g., sparc64. For both 4-bit and 8-bit tables.
5144 * gcm.c: Use the new union gcm_block for all gf operations.
5146 * gcm.h (union gcm_block): New union, used to enforce alignment.
5148 2011-02-07 Niels Möller <nisse@lysator.liu.se>
5150 * gcm.c (gcm_gf_shift_chunk) : Bug fix for little-endian 8-bit
5153 * gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
5154 (gcm_gf_add): New function, a special case of memxor. Use it for
5155 all memxor calls with word-aligned 16 byte blocks. Improves
5156 performance to 152 cycles/byte with no tables, 28 cycles per byte
5157 with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
5159 Introduced 8-bit tables. If enabled, gives gmac performance of 19
5160 cycles per byte (still on intel x86_64).
5161 * gcm.c (gcm_gf_shift_chunk): New implementation for 8-bit tables.
5162 (gcm_gf_mul_chunk): Likewise.
5163 (gcm_set_key): Generate 8-bit tables.
5165 * Makefile.in (SOURCES): Added gcmdata.c.
5167 * gcm.h (GCM_TABLE_BITS): Set to 4.
5169 2011-02-06 Niels Möller <nisse@lysator.liu.se>
5171 * Makefile.in (TARGETS): Added gcmdata.
5172 (gcmdata): New rule.
5174 Introduced 4-bit tables. Gives gmac performance of 45 cycles per
5175 byte (still on intel x86_64).
5176 * gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
5177 (gcm_rightshift): ... old name.
5178 (gcm_gf_mul): New argument for the output. Added length argument
5179 for one of the inputs (implicitly padding with zeros).
5180 (shift_table): New table (in 4-bit and 8-bit versions), generated
5182 (gcm_gf_shift_chunk): New function shifting 4 bits at
5184 (gcm_gf_mul_chunk): New function processing 4 bits at a time.
5185 (gcm_set_key): Generation of 4-bit key table.
5186 (gcm_hash): Use tables, when available.
5188 * gcmdata.c (main): New file.
5190 * gcm.c (gcm_rightshift): Moved the reduction of the shifted out
5192 (gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
5193 performance to 181 cycles/byte.
5195 * gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
5196 specification, but with separate byte and bit loops. Improves gmac
5197 performance a bit further, to 227 cycles/byte.
5199 * gcm.c (gcm_rightshift): Complete rewrite, to use word rather
5200 than byte operations. Improves gmac performance from 830 cycles /
5201 byte to (still poor) 268 cycles per byte on intel x86_64.
5203 2011-02-05 Niels Möller <nisse@lysator.liu.se>
5205 * examples/nettle-benchmark.c (time_gmac): New function.
5206 (main): Call time_gmac.
5208 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
5210 * testsuite/testutils.c (test_cipher_gcm): New function,
5211 contributed by Nikos Mavrogiannopoulos.
5213 * testsuite/gcm-test.c: New file, contributed by Nikos
5216 * Makefile.in (nettle_SOURCES): Added gcm.c.
5217 (HEADERS): Added gcm.h.
5219 * gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
5220 * gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
5222 * macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
5224 * ctr.c: Use INCREMENT macro from macros.h, deleted local version.
5226 2011-01-07 Niels Möller <nisse@lysator.liu.se>
5228 * testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
5229 where w*ndows looks for dlls.
5231 * testsuite/testutils.c (test_cipher_stream): More debug output on
5234 2010-12-14 Niels Möller <nisse@lysator.liu.se>
5236 * nettle-types.h: Deleted some unnecessary parenthesis from
5238 (nettle_realloc_func): Moved typedef here...
5239 * realloc.h: ...from here.
5241 * buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
5242 for realloc argument.
5244 2010-12-07 Niels Möller <nisse@lysator.liu.se>
5246 * nettle.texinfo (Copyright): Updated info on blowfish.
5248 2010-11-26 Niels Möller <nisse@lysator.liu.se>
5250 Reapplied optimizations (150% speedup on x86_32) and other fixes,
5251 relicensing them as LGPL.
5252 * blowfish.c (do_encrypt): Renamed, to...
5253 (encrypt): ...new name.
5254 (F): Added context argument. Shift input explicitly, instead of
5255 reading individual bytes via memory.
5256 (R): Added context argument.
5257 (encrypt): Deleted a bunch of local variables. Using the context
5258 pointer for everything should consume less registers.
5259 (decrypt): Likewise.
5260 (initial_ctx): Arrange constants into a struct, to simplify key
5262 (blowfish_set_key): Some simplification.
5264 2010-11-26 Simon Josefsson <simon@josefsson.org>
5266 * blowfish.c: New version ported from libgcrypt. License changed
5269 2010-11-25 Niels Möller <nisse@lysator.liu.se>
5271 * Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
5272 clears the execute permission bits.
5273 (install-shared-hogweed): Likewise.
5275 2010-11-16 Niels Möller <nisse@lysator.liu.se>
5277 * configure.ac: Updated gmp url.
5279 2010-11-01 Niels Möller <nisse@lysator.liu.se>
5281 * tools/misc.c (werror): Don't call exit (copy&paste-error).
5283 2010-10-26 Niels Möller <nisse@lysator.liu.se>
5285 * examples/rsa-encrypt.c (main): No extra message for bad options.
5287 * examples/rsa-keygen.c (main): Added long options. Deleted -?,
5288 and fixed handling of bad options.
5290 * examples/next-prime.c (main): Deleted -?, and fixed handling of
5292 * examples/random-prime.c (main): Likewise.
5294 2010-10-22 Niels Möller <nisse@lysator.liu.se>
5296 * examples/nettle-benchmark.c (main): Added long options. Deleted -?,
5297 and fixed handling of bad options.
5299 * examples/eratosthenes.c (main): Added long options. Deleted -?,
5300 and fixed handling of bad options. Renamed -s to -q (long option
5303 * tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
5304 and fixed handling of bad options.
5305 * tools/sexp-conv.c (parse_options): Likewise.
5307 2010-10-06 Niels Möller <nisse@lysator.liu.se>
5309 * memxor.c (memxor3): Optimized.
5310 (memxor3_common_alignment): New function.
5311 (memxor3_different_alignment_b): New function.
5312 (memxor3_different_alignment_ab): New function.
5313 (memxor3_different_alignment_all): New function.
5315 * examples/nettle-benchmark.c (time_function): Reorganized, to
5317 (time_memxor): Also benchmark memxor3.
5319 * x86_64/memxor.asm: New file.
5321 * examples/nettle-benchmark.c (overhead): New global variable.
5322 (time_function): Compensate for call overhead.
5323 (bench_nothing, time_overhead): New functions.
5324 (time_memxor): Tweaked src size, making it an integral number of
5326 (main): Call time_overhead.
5328 2010-10-01 Niels Möller <nisse@lysator.liu.se>
5330 * x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
5333 * testsuite/memxor-test.c: Also test memxor3.
5335 2010-09-30 Niels Möller <nisse@lysator.liu.se>
5337 * configure.ac: Link in memxor.asm, if found.
5339 * testsuite/testutils.c (test_cipher_cbc): Print more info when
5342 * testsuite/memxor-test.c (test_xor): Added verbose printout.
5344 * examples/nettle-benchmark.c (time_memxor): Count size of
5345 unsigned long as "block size" for memxor.
5347 2010-09-24 Niels Möller <nisse@lysator.liu.se>
5349 * testsuite/.test-rules.make: Added rule for memxor-test.
5350 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
5351 * testsuite/memxor-test.c: New file.
5353 * memxor.c (memxor_common_alignment): New function.
5354 (memxor_different_alignment): New function.
5355 (memxor): Optimized to do word-operations rather than byte
5358 * configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
5360 Partial revert of 2010-09-20 changes.
5361 * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
5362 Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
5363 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
5364 differing in where addition of the key is done.
5365 * x86/camellia-crypt-internal.asm: Moved addition of key.
5367 2010-09-22 Niels Möller <nisse@lysator.liu.se>
5369 * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
5371 (time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
5372 if available. This gives better accuracy, at least on recent
5374 (BENCH_INTERVAL): Reduced to 0.1 s.
5375 (struct bench_memxor_info): New struct.
5376 (bench_memxor): New function.
5377 (time_memxor): New function.
5378 (main): Use time_memxor. Added optional argument used to limit the
5379 algorithms being benchmarked.
5380 (GET_CYCLE_COUNTER): Define also for x86_64.
5381 (time_memxor): Improved display.
5383 * examples/Makefile.in (nettle-benchmark): Link using
5384 $(BENCH_LIBS) rather than $(LIBS).
5386 * configure.ac: Check for clock_gettime, and add -lrt to
5387 BENCH_LIBS if needed.
5389 2010-09-20 Niels Möller <nisse@lysator.liu.se>
5391 * configure.ac: Less quoting when invoking $CC, to allow CC="gcc
5394 * x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
5395 convention, moving key xor to the end.
5397 * camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
5398 (camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
5399 operations intended for moving the key xor into the middle of the
5402 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
5403 key to the end, to use a 64-bit xor operation.
5405 * x86_64/camellia-crypt-internal.asm: New file.
5407 * x86_64/machine.m4 (LREG, HREG, XREG): New macros.
5409 2010-09-17 Niels Möller <nisse@lysator.liu.se>
5411 * configure.ac: Support shared libraries (dlls) with mingw32.
5412 Contributed by David Hoyt.
5414 2010-07-25 Niels Möller <nisse@lysator.liu.se>
5416 * configure.ac: Changed version number to nettle-2.2.
5418 * Released nettle-2.1.
5420 * configure.ac: Use camellia-crypt-internal.asm, if available.
5421 Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
5424 * x86/machine.m4 (LREG, HREG): Moved macros here, from...
5425 * x86/aes.m4: ...here.
5427 * x86/camellia-crypt-internal.asm: New file.
5429 * nettle.texinfo: Updated and expanded section on DSA.
5430 Document aes_invert_key, and camellia. Added missing functions
5431 rsa_sha512_verify and rsa_sha512_verify_digest.
5433 * camellia.h (struct camellia_ctx): Eliminate the two unused
5434 subkeys, and renumber the remaining ones.
5435 * camellia-crypt-internal.c (_camellia_crypt): Updated for
5437 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
5438 * camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
5440 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
5441 the expansion of camellia_setup128 and camellia_setup256, keeping
5442 the unexpanded key in scalar variables.
5443 (camellia_setup128): Deleted.
5444 (camellia_setup256): Deleted.
5446 2010-07-24 Niels Möller <nisse@lysator.liu.se>
5448 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
5449 code size, no complete loop unroll. Use one loop for each phase of
5450 the post-processing.
5452 * testsuite/camellia-test.c: New tests for camellia_invert_key.
5453 * testsuite/aes-test.c: New tests for aes_invert_key.
5455 * aes.h (aes_invert_key): Declare it.
5457 * aes-set-decrypt-key.c (aes_invert_key): New function, key
5458 inversion code extracted from aes_set_decrypt_key.
5459 (aes_set_decrypt_key): Use aes_invert_key.
5461 * camellia-set-encrypt-key.c (camellia_setup128): Generate
5462 unmodified subkeys according to the spec. Moved clever combination
5463 of subkeys to camellia_set_encrypt_key.
5464 (camellia_setup256): Likewise.
5465 (camellia_set_encrypt_key): Moved subkey post-processing code
5466 here, and reduce code duplication between 128-bit keys and larger
5469 * camellia.c: Deleted file, split into several new files...
5470 * camellia-table.c (_camellia_table): New file with the constant
5472 * camellia-set-encrypt-key.c: New file.
5473 (camellia_setup128): Generate unmodified subkeys according to the
5474 spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
5475 (camellia_setup256): Likewise.
5477 * camellia-set-decrypt-key.c: New file.
5478 (camellia_invert_key): Key inversion function.
5479 (camellia_set_decrypt_key): New key setup function.
5480 * camellia-internal.h: New file.
5481 * camellia-crypt.c (camellia_crypt): New file, new wrapper
5482 function passing the sbox table to _camellia_crypt.
5483 * camellia-crypt-internal.c (_camellia_crypt): New file, with main
5484 encrypt/decrypt function.
5485 * Makefile.in (nettle_SOURCES): Updated list of camellia source files.
5486 (DISTFILES): Added camellia-internal.h.
5488 2010-07-20 Niels Möller <nisse@lysator.liu.se>
5490 * camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
5492 * camellia.h (struct camellia_ctx): Replaced flag camellia128 by
5493 expanded key length nkeys.
5495 * camellia.c (camellia_set_encrypt_key): Renamed, from...
5496 (camellia_set_key): ... old name.
5497 (camellia_invert_key): New function.
5498 (camellia_set_decrypt_key): New function, using
5499 camellia_invert_key.
5500 (camellia_crypt): Renamed, from...
5501 (camellia_encrypt): ... old name.
5502 (camellia_decrypt): Deleted, no longer needed. camellia_crypt used
5503 for both encryption and decryption.
5505 * nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
5507 * dsa-keygen.c: Removed unnecessary include of memxor.h.
5509 * camellia.c: Rewrote to use 64-bit type for subkeys and use
5510 64-bit operations throughout. Performance on x86_32, when compiled
5511 with gcc-4.4.4, is reduced by roughly 15%, this should be fixed
5514 * camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
5516 2010-07-07 Niels Möller <nisse@lysator.liu.se>
5518 * aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
5519 Also updated implementation.
5520 * blowfish.h (blowfish_encrypt, blowfish_decrypt): Likewise.
5521 * cast128.h (cast128_encrypt, cast128_decrypt): Likewise.
5522 * serpent.h (serpent_encrypt, serpent_decrypt): Likewise.
5523 * twofish.h (twofish_encrypt, twofish_decrypt): Likewise.
5525 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
5528 * examples/nettle-benchmark.c: Added camellia ciphers.
5530 * Makefile.in (nettle_SOURCES): Added camellia.c and
5532 (HEADERS): Added camellia.h.
5534 * nettle-meta.h (nettle_camellia128): Declare.
5535 (nettle_camellia192): Likewise.
5536 (nettle_camellia256): Likewise.
5538 * camellia-meta.c: New file.
5540 * camellia.h: Rewrote interface to match nettle conventions.
5542 * camellia.c: Converted to nettle conventions.
5543 (camellia_encrypt128, camellia_encrypt256): Unified to new
5545 (camellia_encrypt): ...New function, with a loop doing 6
5546 regular rounds, one FL round and one FLINV round per iteration,
5547 with iteration count depending on the key size.
5549 (camellia_decrypt128, camellia_decrypt256): Similarly unified
5551 (camellia_decrypt): ...New function, analogous to
5554 2010-07-06 Niels Möller <nisse@lysator.liu.se>
5556 * camellia.c, camellia.h: New files, copied from
5557 http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
5559 * testsuite/camellia-test.c: New file.
5561 2010-07-05 Niels Möller <nisse@lysator.liu.se>
5563 * nettle.texinfo: Document new conventions for weak key and des
5564 parity checks. Document des_check_parity.
5566 * testsuite/des-test.c (test_weak): Don't check the deleted status
5569 * des-compat.c (des_key_sched): Rewrote error checking logic for
5570 the case of non-zero des_check_key.
5572 * des3.c (des3_set_key): Changed weak key detection logic.
5573 Complete key setup also for weak keys, and don't set the status
5576 * des.c (des_set_key): New iteration logic, to keep key pointer
5577 unchanged. Moved weak key check to the end, and don't set the
5579 (des_encrypt): Ignore status attribute.
5580 (des_decrypt): Likewise.
5582 * des.h (enum des_error): Deleted.
5583 (struct des_ctx): Deleted status attribute.
5584 (struct des3_ctx): Likewise.
5586 * blowfish.c (initial_ctx): Deleted status value.
5587 (blowfish_encrypt): Ignore status attribute.
5588 (blowfish_decrypt): Likewise.
5589 (blowfish_set_key): Return result from weak key check, without
5590 setting the status attribute.
5592 * blowfish.h (enum blowfish_error): Deleted.
5593 (struct blowfish_ctx): Deleted status attribute.
5595 * Makefile.in (des_headers): Deleted parity.h.
5597 2010-06-30 Niels Möller <nisse@lysator.liu.se>
5599 * testsuite/des-test.c (test_des): New function.
5600 (test_weak): New function.
5601 (test_main): Use test_des and test_weak. Added tests for all the
5602 weak keys. Added some tests with invalid (to be ignored) parity
5605 * des.c (parity_16): New smaller parity table.
5606 (des_check_parity): New function.
5607 (des_fix_parity): Use parity_16.
5608 (des_weak_p): New weak-key detection. Ignores parity bits, and
5610 (des_set_key): Deleted parity checking code. Replaced old weak-key
5611 detection code by a call to des_weak_p.
5613 2010-06-04 Niels Möller <nisse@lysator.liu.se>
5615 * testsuite/testutils.c (test_dsa_key): Updated for new name
5616 DSA_SHA1_MIN_P_BITS.
5618 * dsa-keygen.c (dsa_generate_keypair): Use DSA_SHA1_MIN_P_BITS and
5619 DSA_SHA256_MIN_P_BITS.
5621 * dsa.h (DSA_MIN_P_BITS, DSA_Q_OCTETS, DSA_Q_BITS): Renamed to...
5622 (DSA_SHA1_MIN_P_BITS, DSA_SHA1_Q_OCTETS, DSA_SHA1_Q_BITS): New
5625 * sexp2dsa.c (dsa_keypair_from_sexp_alist): New argument q_bits.
5626 Renamed parameter limit to p_max_bits.
5627 (dsa_sha1_keypair_from_sexp): Renamed, was dsa_keypair_from_sexp.
5628 Updated to call dsa_keypair_from_sexp_alist with the new argument.
5629 (dsa_sha256_keypair_from_sexp): New function.
5630 (dsa_signature_from_sexp): New argument q_bits.
5632 * der2dsa.c (dsa_params_from_der_iterator): Enforce 160-bit limit
5633 on q. Renamed parameter limit to p_max_bits.
5634 (dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
5635 on q and x. Renamed parameter limit to p_max_bits.
5637 2010-06-03 Niels Möller <nisse@lysator.liu.se>
5639 * testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
5641 2010-06-02 Niels Möller <nisse@lysator.liu.se>
5643 * testsuite/dsa-test.c (test_main): Provide expected value of the
5646 * testsuite/testutils.c (test_dsa160): Added argument for expected
5648 (test_dsa256): Likewise.
5650 2010-06-01 Niels Möller <nisse@lysator.liu.se>
5652 * testsuite/rsa-keygen-test.c (test_main): Updated expected
5655 * examples/random-prime.c (main): Updated for nettle_random_prime
5657 * testsuite/random-prime-test.c (test_main): Likewise.
5659 * rsa-keygen.c (bignum_random_prime): Deleted function.
5660 (rsa_generate_keypair): Use new nettle_random_prime. Generate
5661 secret factors p and q with the two most significant bits set.
5663 * dsa-keygen.c (dsa_generate_keypair): Updated for changes in
5664 nettle_random_prime and _nettle_generate_pocklington_prime. Invoke
5667 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
5668 argument top_bits_set, to optionally generate primes with the two
5669 most significant bits set. Reordered argument list.
5670 (nettle_random_prime): Likewise, added top_bits_set argument.
5671 Invoke progress callback when a prime is generated.
5673 2010-05-26 Niels Möller <nisse@lysator.liu.se>
5675 * dsa-keygen.c (dsa_generate_keypair): Use
5676 _nettle_generate_pocklington_prime. Deleted old key generation
5679 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Also
5680 return the used r. Updated caller.
5682 * examples/random-prime.c (main): Allow sizes down to 3 bits.
5684 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
5685 function. Rely on mpz_probab_prime_p (for lack of a trial division
5686 function) for trial division.
5687 (nettle_random_prime): Rewritten. Uses the prime table for the
5688 smallest sizes, then trial division using a new set of tables, and
5689 then Maurer's algorithm, calling the new
5690 _nettle_generate_pocklington_prime for the final search.
5692 2010-05-25 Niels Möller <nisse@lysator.liu.se>
5694 * testsuite/dsa-test.c (test_main): Updated for dsa testing
5697 * testsuite/dsa-keygen-test.c (test_main): Test dsa256.
5699 * testsuite/testutils.h (struct nettle_mac): New struct, currently
5702 * testsuite/testutils.c (test_mac): New function (currently not
5704 (test_dsa): Replaced by two new functions...
5705 (test_dsa160): New function.
5706 (test_dsa256): New function.
5707 (test_dsa_key): New argument q_size.
5708 (DSA_VERIFY): Generalized.
5710 * dsa-keygen.c (dsa_generate_keypair): Rewritten, now generating
5711 primes using Pocklington's theorem. Takes both p_size and q_size
5714 2010-05-20 Niels Möller <nisse@lysator.liu.se>
5716 * bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
5717 logic when Miller-rabin succeeds early.
5719 2010-04-09 Niels Möller <nisse@lysator.liu.se>
5721 * bignum-next-prime.c: Include stdlib.h, needed for alloca on
5725 * examples/Makefile.in (SOURCES): Added random-prime.c.
5727 * examples/random-prime.c: New program.
5729 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved
5730 knuth-lfib-test.c, cbc-test.c, ctr-test.c, hmac-test.c here, from
5732 (TS_HOGWEED_SOURCES): Added random-prime-test.c.
5734 * testsuite/random-prime-test.c: New test case.
5736 * examples/next-prime.c (main): With no command line arguments.
5737 exit after dislaying usage message.
5739 * examples/io.c (simple_random): Free buffer when done.
5741 * configure.ac: Changed message, say CC is the recommended
5742 way to configure the ABI.
5744 * bignum-random.c: Deleted test of HAVE_LIBGMP.
5745 * bignum.c: Likewise.
5746 * sexp2bignum.c: Likewise.
5748 * Makefile.in (hogweed_SOURCES): Added bignum-random-prime.c.
5750 * bignum-random-prime.c (nettle_random_prime): New file, new
5753 2010-03-31 Niels Möller <nisse@lysator.liu.se>
5755 * examples/nettle-benchmark.c (main): Benchmark sha224.
5757 2010-03-30 Niels Möller <nisse@lysator.liu.se>
5759 * testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
5761 (test_dsa): Check return value from dsa_sha1_sign.
5763 * Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
5764 dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
5766 * dsa.h: Updated and added dsa declarations.
5768 * dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
5770 (dsa_sha256_verify): New function.
5771 * dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
5773 (dsa_sha256_sign): New function.
5775 * dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
5776 renamed function, from dsa_verify_digest, rewrote to use
5778 (dsa_sha1_verify): Analogous change, renamed from dsa_verify.
5779 * dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
5780 renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
5781 and added return value.
5782 (dsa_sha1_sign): Analogous change, renamed from dsa_sign.
5784 * dsa-verify.c (_dsa_verify): New general verification function,
5786 * dsa-sign.c (_dsa_sign): New general signing function, for any
5787 hash. Returns success code, like the rsa signture functions.
5789 2010-03-29 Niels Möller <nisse@lysator.liu.se>
5791 * configure.ac (ABI): Attempt to use a better, ABI-dependant,
5792 default value for libdir.
5794 * x86/md5-compress.asm: Fixed function name in epilogue.
5796 * asm.m4 (EPILOGUE): Use . to refer to current address.
5798 * configure.ac (ABI): Detect which ABI the compiler is using.
5799 On x86_64, also check for __arch64__.
5801 2010-03-28 Niels Möller <nisse@lysator.liu.se>
5803 * configure.ac (asm_path): For x86_64, check if compiler is
5804 generating 32-bit code.
5806 2010-03-27 Niels Möller <nisse@lysator.liu.se>
5808 * testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
5809 HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
5812 * Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
5815 * hmac.h: Added declarations of hmac-sha224 and hmac-sha384.
5817 * hmac-sha224.c: New file.
5819 2010-03-26 Niels Möller <nisse@lysator.liu.se>
5821 * testsuite/hmac-test.c (HMAC_TEST): New macro.
5822 (test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
5823 test vectors from Daniel Kahn Gillmor.
5825 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.
5827 * Makefile.in (nettle_SOURCES): Added sha224-meta.c and
5829 (DISTFILES): Added nettle-write.h.
5831 * sha.h: Added declarations for sha224. Some are aliases for the
5832 corresponding sha256 definition.
5834 * sha256.c (sha256_digest): Use _nettle_write_be32.
5835 (sha224_init): New function.
5836 (sha224_digest): New function.
5838 * sha1.c (sha1_digest): Use _nettle_write_be32.
5840 * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
5841 (NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
5844 * nettle-write.h: New file.
5846 * write-be32.c (_nettle_write_be32): New file, new function.
5848 * sha224-meta.c: New file.
5850 2010-03-25 Niels Möller <nisse@lysator.liu.se>
5852 * hmac-sha384.c: New file.
5854 * testsuite/sha224-test.c: New file.
5856 * testsuite/md4-test.c (test_main): More test vectors, provided by
5857 Daniel Kahn Gillmor.
5858 * testsuite/md5-test.c (test_main): Likewise.
5859 * testsuite/sha1-test.c (test_main): Likewise.
5860 * testsuite/sha256-test.c (test_main): Likewise.
5861 * testsuite/sha384-test.c (test_main): Likewise.
5862 * testsuite/sha512-test.c (test_main): Likewise.
5864 * configure.ac: Bumped version numbers. Package version
5865 nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.
5867 * examples/nettle-benchmark.c (main): Benchmark sha384.
5869 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.
5871 * testsuite/sha384-test.c: New file.
5873 * Makefile.in (nettle_SOURCES): Added sha384-meta.c.
5875 * sha384-meta.c: New file.
5877 * sha.h: Added declarations for sha384. Some are aliases for the
5878 corresponding sha512 definition.
5880 * sha512.c (sha512_write_digest): New function.
5881 (sha512_digest): Use it.
5882 (sha384_init): New function.
5883 (sha384_digest): New function.
5885 2010-03-24 Niels Möller <nisse@lysator.liu.se>
5887 * sha512.c: (sha512_digest): Simplified handling of any final
5888 partial word of the digest.
5890 * sha512.c: Reorganized to use _nettle_sha512_compress.
5892 * sha512-compress.c (_nettle_sha512_compress): Compression
5893 function extracted from sha512.c to a new file.
5895 * Makefile.in (nettle_SOURCES): Added sha256-compress.c and
5898 * sha256.c: Reorganized to use _nettle_sha256_compress.
5900 * sha256-compress.c (_nettle_sha256_compress): Compression
5901 function extracted from sha256.c to a new file.
5903 * examples/nettle-benchmark.c (main): Benchmark sha512.
5905 * rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
5906 is less than bit size of n, and check for the unlikely case p = q.
5908 * rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
5909 correspond to pkcs#1 encryption of single byte messagees.
5911 * pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
5913 * rsa-compat.c (R_SignFinal): Likewise.
5915 * rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
5916 from pkcs1_rsa_md5_encode.
5917 (rsa_md5_sign_digest): Check and propagate return value from
5918 pkcs1_rsa_md5_encode_digest.
5919 * rsa-md5-verify.c (rsa_md5_verify): Check return value from
5920 pkcs1_rsa_md5_encode.
5921 (rsa_md5_verify_digest): Check return value from
5922 pkcs1_rsa_md5_encode_digest.
5923 * rsa-sha1-sign.c: Analogous changes.
5924 * rsa-sha1-verify.c: Analogous changes.
5925 * rsa-sha256-sign.c: Analogous changes.
5926 * rsa-sha256-verify.c: Analogous changes.
5927 * rsa-sha512-sign.c: Analogous changes.
5928 * rsa-sha512-verify.c: Analogous changes.
5930 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
5931 (pkcs1_rsa_md5_encode_digest): Added return value. Check and
5932 propagate return value from pkcs1_signature_prefix.
5933 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
5934 (pkcs1_rsa_sha256_encode_digest): Likewise.
5935 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
5936 (pkcs1_rsa_sha1_encode_digest): Likewise.
5937 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
5938 (pkcs1_rsa_sha512_encode_digest): Likewise.
5940 * pkcs1.c (pkcs1_signature_prefix): Interface change, take both
5941 the total size and digest size as arguments, and return a status
5942 code to say if the size was large enough.
5944 * testsuite/Makefile.in: Added hogweed dependency for the test
5947 2010-03-23 Niels Möller <nisse@lysator.liu.se>
5949 * testsuite/rsa-test.c (test_main): Test signing with sha512.
5951 * testsuite/testutils.c (test_rsa_sha512): New function.
5953 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
5954 rsa-sha512-sign.c and rsa-sha512-verify.c.
5956 * rsa.h: Added prototypes for sha512-related functions.
5957 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
5958 * pkcs1.h: Added prototypes for sha512-related functions.
5960 * rsa-sha512-verify.c: New file.
5961 * rsa-sha512-sign.c: New file.
5962 * pkcs1-rsa-sha512.c: New file.
5964 2010-03-22 Niels Möller <nisse@lysator.liu.se>
5966 * Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
5968 * testsuite/hmac-test.c (test_main): Added test cases for
5971 * hmac.h: Declare functions sha512-related functions.
5972 * hmac-sha512.c (hmac_sha512_set_key): New file.
5974 Basic sha512 support.
5975 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
5976 * testsuite/sha512-test.c: New file.
5978 * macros.h (READ_UINT64, WRITE_UINT64): New macros.
5980 * Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
5981 * sha.h: Added sha512-related declarations.
5982 * nettle-meta.h: Likewise.
5983 * sha512-meta.c: New file.
5984 * sha512.c: New file.
5986 2010-03-06 Niels Möller <nisse@lysator.liu.se>
5988 * Makefile.in (distdir): Include x86_64 assembler files.
5990 2010-01-20 Niels Möller <nisse@lysator.liu.se>
5992 * configure.ac: Check for mpz_powm_sec.
5994 2010-01-13 Niels Möller <nisse@lysator.liu.se>
5996 * Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
5997 $(LIBNETTLE_FORLINK).
5999 * configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
6000 default case. Follows debian, and also makes dlopen of
6001 libhogweed.so work, without having to use RTLD_GLOBAL.
6002 (LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
6004 2009-10-21 Niels Möller <nisse@lysator.liu.se>
6006 * tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
6009 2009-10-19 Niels Möller <nisse@lysator.liu.se>
6011 * tools/pkcs1-conv.c: Updated for dsa/der interface change.
6013 * der2dsa.c (dsa_public_key_from_der_iterators): Split into two
6015 (dsa_params_from_der_iterator): New function.
6016 (dsa_public_key_from_der_iterator): New function.
6017 (dsa_openssl_private_key_from_der_iterator): Renamed, was
6018 dsa_private_key_from_der_iterator.
6019 (dsa_openssl_private_key_from_der): Likewise.
6020 * dsa.h: Corresponding changees to prototypes and #defines.
6022 2009-10-12 Niels Möller <nisse@lysator.liu.se>
6024 * sexp-format.c: Removed conditioning on HAVE_LIBGMP.
6026 * tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
6029 * Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.
6031 * der2dsa.c: New file, contributed by Magnus Holmgren.
6032 * dsa2sexp.c: Likewise.
6033 * dsa.h: Added prototypes.
6035 * configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
6036 version, now it's 1.1.
6038 * testsuite/rsa2sexp-test.c (test_main): Updated testcase for
6041 2009-10-11 Niels Möller <nisse@lysator.liu.se>
6043 * rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
6046 2009-09-20 Niels Möller <nisse@lysator.liu.se>
6048 * x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
6049 by letting loopmix scramble the instruction order.
6051 2009-09-15 Niels Möller <nisse@lysator.liu.se>
6053 * x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
6054 improvement to ROUND_F1_NOEXP. Slight reduction of
6057 2009-08-25 Niels Möller <nisse@lysator.liu.se>
6059 * x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
6061 * examples/nettle-benchmark.c (bench_sha1_compress): New function,
6062 for precise benchmarking of the compression function.
6064 2009-06-08 Niels Möller <nisse@lysator.liu.se>
6066 * Released nettle-2.0.
6068 2009-06-04 Niels Möller <nisse@lysator.liu.se>
6070 * configure.ac: Set version to 2.0
6072 2009-05-30 Niels Möller <nisse@lysator.liu.se>
6074 * Makefile.in (.texinfo.info): Don't use a temporary output file
6075 $@T, trust makeinfo to remove output file on errors.
6077 2009-05-19 Niels Möller <nisse@lysator.liu.se>
6079 * nettle.texinfo: Changed license to public domain.
6081 2009-05-11 Niels Möller <nisse@lysator.liu.se>
6083 * nettle.texinfo: Fixes from Karl Berry. Added some more index
6086 2009-03-06 Niels Möller <nisse@lysator.liu.se>
6088 * x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
6090 * x86_64/aes-decrypt-internal.asm: Likewise.
6092 * x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
6093 (AES_STORE): Reduced offsets.
6094 (AES_ROUND): Use HREG directly, not MOVE_HREG.
6096 * x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
6097 Put SA--SD in %eax--%edx, so the second byte can be accessed as
6098 %ah-%dh. TD is not needed, SD can be reused. Use the register that
6099 is saved for the outer loop counter, getting it off the stack.
6100 * x86_64/aes-encrypt-internal.asm: Likewise.
6102 * x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
6103 (XREG): Fixed bug in handling of %r8 and %r9.
6104 (AES_ROUND): Use MOVE_HREG.
6106 2009-02-10 Niels Möller <nisse@lysator.liu.se>
6108 * base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
6111 * testsuite/sexp-conv-test: Updated testcases for improved
6112 handling of comments.
6114 * tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
6115 to terminate comments, and modify indentation for the case that a
6116 list starts with a comment.
6118 * tools/output.c (sexp_output_init): Initialize soft_newline.
6119 (sexp_put_raw_char): Clear soft_newline.
6120 (sexp_put_newline): Check and reset soft_newline.
6121 (sexp_put_soft_newline): New function.
6123 * tools/output.h (struct sexp_output): Removed union with single
6124 element, and updated all users. New attribute soft_newline.
6126 2008-12-22 Niels Möller <nisse@lysator.liu.se>
6128 * Makefile.in ($(des_headers)): Create files in $(srcdir).
6130 2008-11-28 Niels Möller <nisse@lysator.liu.se>
6132 * testsuite/cxx-test.cxx: Include <cstdio>.
6134 2008-11-22 Niels Möller <nisse@lysator.liu.se>
6136 * yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
6137 that it is set if and only if the aes context has been initialized
6138 with aes_set_encrypt_key.
6139 (yarrow256_seed): No need to set ctx->seeded here.
6140 (yarrow256_update): Likewise.
6142 2008-11-04 Niels Möller <nisse@lysator.liu.se>
6144 * examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
6145 compatible with gmp-3.1.
6147 2008-11-01 Niels Möller <nisse@lysator.liu.se>
6149 * nettle.texinfo: Updated for 2.0. New section on linking.
6151 * nettle-types.h, nettle-meta.h: Moved all typedefs for function
6152 types to nettle-types.h. Use non-pointer types, so that the types
6153 can be used to declare functions. Updated all users.
6155 2008-10-31 Niels Möller <nisse@lysator.liu.se>
6157 * testsuite/yarrow-test.c (test_main): Updated for seed file
6160 * sha-example.c (display_hex): Use %02x, not %2x.
6162 2008-10-30 Niels Möller <nisse@lysator.liu.se>
6164 * tools/sexp-conv.c (main): Fixed file locking.
6166 2008-10-25 Niels Möller <nisse@lysator.liu.se>
6168 * configure.ac: Set version to 2.0rc1.
6170 * examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
6173 2008-10-24 Niels Möller <nisse@lysator.liu.se>
6175 * sha256.c (ROUND): Simplified macro.
6177 * yarrow256.c (yarrow256_fast_reseed): Renamed (was
6178 yarrow_fast_reseed) and made non-static. Don't generate seed file
6179 here, let the application use yarrow256_random instead.
6180 (yarrow256_slow_reseed): Renamed (was yarrow_slow_reseed) and made
6182 (yarrow256_force_reseed): Deleted function, use
6183 yarrow256_slow_reseed instead. For backwards compatibility,
6184 yarrow.h defines yarrow256_force_reseed as an alias for that
6187 * yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.
6189 2008-09-17 Niels Möller <nisse@lysator.liu.se>
6191 * x86/arcfour-crypt.asm: Improved loop logic, and unrolled
6192 loop twice. Gave a modest speedup.
6194 2008-09-15 Niels Möller <nisse@lysator.liu.se>
6196 * yarrow256.c (yarrow256_seed): Disallow length == 0.
6198 * base64-decode.c (decode_table): Added vertical tab (VT) and form
6199 feed (FF) as white space characters.
6201 * x86_64/aes-decrypt-internal.asm: New file.
6203 2008-09-13 Niels Möller <nisse@lysator.liu.se>
6205 * x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
6206 loop with movl. Eliminated redundant movl.
6207 * x86/aes-decrypt-internal.asm: Likewise.
6209 * x86_64/aes.m4: New file.
6211 * x86/aes-encrypt-internal.asm: Updated for AES_FINAL_ROUND. Only
6212 three times through the substitution loop.
6213 * x86/aes-decrypt-internal.asm: Likewise.
6214 * x86_64/aes-encrypt-internal.asm: Likewise.
6216 * x86/aes.m4 (AES_FINAL_ROUND): Do the substitution on the least
6217 significant byte here.
6219 * x86/aes-encrypt-internal.asm: Updated use of AES_SUBST_BYTE. USe
6220 decl for outer loop.
6221 * x86/aes-decrypt-internal.asm: Likewise.
6223 * x86/aes.m4 (LREG, HREG): New macros.
6224 (AES_SUBST_BYTE): Take state registers as argument. Use LREG to
6225 get the corresponding byte register.
6226 (AES_ROUND): Use movzbl together with LREG and HREG.
6227 (AES_SUBST_BYTE): Likewise.
6229 2008-09-10 Niels Möller <nisse@lysator.liu.se>
6231 * x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
6232 which must be preserved.
6234 2008-09-08 Niels Möller <nisse@lysator.liu.se>
6236 * Makefile.in (stamp-h.in): Use $(AUTOHEADER).
6238 * x86_64/sha1-compress.asm: New x86_64 assembler, based on the x86
6241 * configure.ac (asm_path): Set up asm_path for x86_64.
6243 * x86_64/machine.m4: New file, new directory.
6245 2008-08-28 Niels Möller <nisse@lysator.liu.se>
6247 * examples/eratosthenes.c (main): Rewrote block-wise sieving to
6248 use less memory. New options -s and -v.
6250 2008-08-27 Niels Möller <nisse@lysator.liu.se>
6252 * testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
6253 Updated testcases with comments; comments are now preserved.
6255 * tools/sexp-conv.c (sexp_convert_item): Keep comments in advanced
6257 (parse_options): New --lock option.
6258 (main): Optionally lock output file.
6260 * tools/parse.c (sexp_check_token): Removed check for "any" token.
6261 All callers specify the token they expect.
6262 (sexp_parse): Pass on comment tokens.
6264 * tools/output.c (sexp_put_data): Made non-static.
6266 * tools/input.c (sexp_get_comment): New function.
6267 (sexp_get_token): Use sexp_get_comment.
6269 * tools/misc.h (enum sexp_token): Start enumeration with zero, zero
6270 is no longer used to mean any type. New type SEXP_COMMENT.
6272 * configure.ac: Check for fcntl file locking.
6274 2008-08-26 Niels Möller <nisse@lysator.liu.se>
6276 * Makefile.in (tags-here): Put TAGS file in the source directory.
6277 * examples/Makefile.in (tags): Likewise.
6278 * testsuite/Makefile.in (tags): Likewise.
6279 * tools/Makefile.in (tags): Likewise.
6281 2008-02-29 Niels Möller <nisse@lysator.liu.se>
6283 * examples/Makefile.in (SOURCES): Added next-prime.c.
6285 2008-01-05 Niels Möller <nisse@lysator.liu.se>
6287 * examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
6288 (next-prime, eratosthenes): New rules.
6289 (nettle-benchmark): Don't rely on $@.
6291 * examples/eratosthenes.c (find_first_one): Optimized, using
6292 slightly larger table.
6293 (main): Use atol, rather than atoi.
6295 * testsuite/symbols-test: Check symbols also in libhogweed.
6297 * examples/next-prime.c: New file.
6298 Deleted code for detailed timing.
6300 * Makefile.in (hogweed_SOURCES): Added bignum-next-prime.c.
6301 (DISTFILES): Added prime-list.h.
6302 (hogweed_OBJS): Removed $(LIBOBJS).
6304 * bignum-next-prime.c (nettle_next_prime): Renamed function, for
6305 name space reasons. Was bignum_next_prime. Updated call in
6307 (primes): Use prime-list.h.
6308 (nettle_next_prime): Skip Fermat test. Use mpz_millerrabin
6309 directly, rather than mpz_probab_prime_p, when the former is
6312 * bignum.h (nettle_next_prime): New prototype.
6314 * rsa-keygen.c (bignum_next_prime): Deleted, moved to
6315 bignum-next-prime.c. Call with a larger prime limit, this improves
6316 the running time of lsh-keygen by roughly 25%.
6318 * prime-list.h: List of odd primes < 2^16.
6320 * configure.ac: Check for sizeof(long).
6322 2008-01-03 Niels Möller <nisse@lysator.liu.se>
6324 * examples/nettle-benchmark.c (main): Removed incorrect UNUSED
6327 * bignum-next-prime.c: Moved the bignum_next_prime function to a
6330 2007-09-08 Niels Möller <nisse@lysator.liu.se>
6332 * sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
6333 include file was renamed from "sparc" to "sparc32". Updated include.
6334 * sparc64/aes-decrypt-internal.asm: Likewise.
6335 * sparc32/aes-encrypt-internal.asm: Likewise.
6336 * sparc32/aes-decrypt-internal.asm: Likewise.
6338 2007-09-07 Niels Möller <nisse@lysator.liu.se>
6340 * examples/read_rsa_key.c: Include stdlib.h.
6342 2007-06-02 Niels Möller <nisse@lysator.liu.se>
6344 * Makefile.in: Typo fixes to install targets, spotted by Magnus
6347 2007-05-14 Niels Möller <niels@s3.kth.se>
6349 * configure.ac: Fixed copy-and-paste errors in shared library
6352 * config.make.in (LIBNETTLE_SONAME, LIBHOGWEED_SONAME): Define.
6354 * Makefile.in (libnettle.so, libhogweed.so): Fixed rules.
6356 * Makefile.in: Split nettle library into two files, libnettle.a
6357 and libhogweed.a, and similarly for the shared libraries.
6359 * configure.ac: Bumped nettle so-versions to 3.0. Set hogweed
6360 so-versions to 1.0. New makefile conditionals IF_SHARED and
6361 IF_HOGWEED. Renamed WITH_PUBLIC_KEY to WITH_HOGWEED. Deleted
6362 SHLIBTARGET, SHLIBINSTALL, RSA_EXAMPLES and RSA_TOOLS.
6364 * config.make.in: Updated for hogweed split.
6366 * C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
6367 Makefile sorts out which files should be compiled.
6369 * pgp.h: Include bignum.h, don't pretend to work without bignums.
6371 * pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
6372 (pgp_put_rsa_sha1_signature): Define unconditionally. Removed the
6373 checking of HAVE_LIBGMP and WITH_PUBLIC_KEY.
6375 * examples/io.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
6376 * examples/io.c (read_rsa_key): Deleted, moved to...
6377 * examples/read_rsa_key.c: New file, extracted from io.c.
6379 * examples/Makefile.in: Use IF_HOGWEED instead of RSA_EXAMPLES.
6380 Link appropriate programs with -lhogweed.
6381 (SOURCES): Added read_rsa_key.c.
6383 * tools/Makefile.in (pkcs1-conv): Use IF_HOGWEED, not @RSA_TOOLS@,
6384 for configuration. Link with -lhogweed.
6386 * testsuite/testutils.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
6387 * testsuite/testutils.c: Likewise.
6389 * testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
6390 Separate test cases using nettle and those also using hogweed.
6392 2007-04-05 Niels Möller <nisse@lysator.liu.se>
6394 * Moved in CVS tree. Also renamed directory sparc to sparc32.
6396 2007-02-24 Niels Möller <nisse@lysator.liu.se>
6398 * Makefile.in (clean-here): Remove .lib directory.
6399 (distclean-here): Remove machine.m4.
6401 2006-12-05 Niels Möller <nisse@lysator.liu.se>
6403 * configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.
6405 * config.make.in (datarootdir): New directory variable (for
6408 2006-11-28 Niels Möller <nisse@lysator.liu.se>
6410 * configure.ac: Bumped version to 1.16.
6412 * Released nettle-1.15.
6414 2006-11-27 Niels Möller <nisse@lysator.liu.se>
6416 * NEWS: New entry for nettle-1.15.
6418 * configure.ac (SHLIBMINOR): Bumped version. Library name is now
6421 * sha256.c: Changed copyright notice to use the LGPL.
6423 * Makefile.in (DISTFILES): Added COPYING.LIB.
6425 * COPYING.LIB: New file (previously only the plain GPL was
6426 included in the distribution).
6428 * nettle.texinfo: Updated vor nettle-1.15.
6430 * testsuite/rsa-test.c (test_main): Use test_rsa_sha256.
6431 * testsuite/testutils.c (test_rsa_sha256): New function.
6433 * testsuite/Makefile.in (DISTFILES): Replaces rfc1750.txt by
6436 * rsa.h (rsa_sha256_sign, rsa_sha256_verify)
6437 (rsa_sha256_sign_digest, rsa_sha256_verify_digest): New declarations.
6438 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased to
6439 62 octets and 489 bits, respectively, for supporting sha256.
6441 * pkcs1.h (pkcs1_rsa_sha256_encode)
6442 (pkcs1_rsa_sha256_encode_digest): New declarations and name
6445 * Makefile.in (nettle_SOURCES): Added pkcs1-rsa-sha256.c,
6446 rsa-sha256-sign.c, rsa-sha256-verify.c.
6448 * pkcs1-rsa-sha256.c, rsa-sha256-sign.c, rsa-sha256-verify.c: New
6451 * COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
6454 2006-11-27 Niels Möller <niels@s3.kth.se>
6456 * tools/Makefile.in (install): Use MKDIR_P to create installation
6457 directory. Install only one file at a time.
6459 * Makefile.in (MKDIR_P): Use MKDIR_P for creating installation
6462 * configure.ac: Use AC_PROG_MKDIR_P.
6464 2006-11-24 Niels Möller <nisse@lysator.liu.se>
6466 * testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
6467 file, instead of rfc1750.txt.
6469 * testsuite/gold-bug.txt: New test input file for yarrow-test.
6470 The copyright on this short story by Edgar Allan Poe has expired.
6472 * testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
6473 non-free, and it was expired anyway. Replaced by gold-bug.txt.
6475 2006-11-24 Niels Möller <niels@s3.kth.se>
6477 * Almost all header files: Added C++ guards.
6479 * configure.ac: Test if the system has any C++ compiler.
6481 * config.make.in (CXX, CXXFLAGS, COMPILE_CXX, LINK_CXX): New variables.
6483 * testsuite/Makefile.in: New variables TS_C and TS_CXX. Setup for
6484 compiling the C++ file cxx-test.cxx.
6486 * testsuite/cxx-test.cxx: New testcase, trying to use nettle from
6489 2006-08-28 Niels Möller <niels@s3.kth.se>
6491 * index.html: Added section on language bindings.
6493 2006-06-10 Niels Möller <niels@s3.kth.se>
6495 * configure.ac: Darwin shared library support, from Grant
6498 2006-05-18 Niels Möller <nisse@lysator.liu.se>
6500 * src/nettle/x86/aes.asm: Deleted unused file.
6502 * aes-decrypt.c (_aes_decrypt_table): Deleted the indexing array,
6503 previously commented out.
6504 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
6506 * Makefile.in (.texinfo.info, .dvi.ps): Use more quotes with
6508 (install-here, install-shared, install-info, install-headers): Use
6509 plain mkdir, not $(INSTALL) -d.
6511 2006-05-16 Niels Möller <niels@s3.kth.se>
6512 Merged from the lsh experimental branch.
6514 2006-04-26 Niels Möller <nisse@lysator.liu.se>
6516 * examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
6517 * examples/nettle-benchmark.c: Include "getopt.h".
6519 * examples/Makefile.in (GETOPT_OBJS): New variable.
6520 (rsa-keygen, rsa-encrypt, nettle-benchmark): Depend on and link
6521 with $(GETOPT_OBJS).
6523 * x86/aes-decrypt-internal.asm: Use ALIGN.
6524 * x86/aes-encrypt-internal.asm: Likewise.
6525 * x86/arcfour-crypt.asm: Likewise.
6526 * x86/md5-compress.asm: Likewise.
6527 * x86/sha1-compress.asm: Likewise.
6529 * config.m4.in (ASM_ALIGN_LOG): Substitute.
6530 * configure.ac (ASM_ALIGN_LOG): Check if .align directive is
6532 * asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
6533 expands to a .align directive.
6535 2006-04-21 Niels Möller <nisse@lysator.liu.se>
6537 * nettle.texinfo (Public-key algorithms): Say that the public key
6538 operations are undocumented, not unsupported. Reported by Jeronimo
6541 2006-04-08 Niels Möller <nisse@lysator.liu.se>
6543 * tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
6544 Reported by Henrik Grubbström.
6546 2006-01-31 Niels Möller <niels@s3.kth.se>
6548 * examples/rsa-verify.c: Fixed typo in usage message.
6550 2005-12-05 Niels Möller <nisse@lysator.liu.se>
6552 * configure.ac: Bumped version to 1.15,
6554 * Released nettle-1.14.
6556 * NEWS: Updated for 1.14.
6558 * configure.ac (SHLIBMINOR): Increased minor number. Library
6559 version is now libnettle.so.2.5, soname still libnettle.so.2.
6561 2005-11-28 Niels Möller <nisse@lysator.liu.se>
6563 * config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
6564 and friends here, to get a correct a relative filename for
6565 install-sh when used in tools/Makefile.
6567 * tools/Makefile.in (INSTALL): Substitute INSTALL, INSTALL_DATA
6569 * Makefile.in (INSTALL): Likewise.
6571 2005-11-27 Niels Möller <nisse@lysator.liu.se>
6573 * Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
6574 intermediate .dvi and .ps files.
6576 * testsuite/Makefile.in (clean): Delete sha1-huge-test.
6578 * Makefile.in (install-info, install-headers): Don't use $< and
6579 $?; Solaris make doesn't support them in explicit rules.
6581 2005-11-26 Niels Möller <nisse@lysator.liu.se>
6583 * testsuite/Makefile.in: Include .test-rules.make, which contains
6584 the rules for all the test executables.
6585 (test-rules): New rule, to update this file.
6586 (DISTFILES): Added $(EXTRA_SOURCES).
6588 * testsuite/.test-rules.make: Automatically generated file for
6589 building the test programs.
6591 2005-11-25 Niels Möller <nisse@lysator.liu.se>
6593 * configure.ac: Disable assembler when compiling with rntcl.
6595 * tools/Makefile.in (pkcs1_conv_SOURCES): New variable.
6596 (pkcs1-conv): Link with getopt.o and getopt1.o.
6598 * Makefile.in (aesdata, desdata, shadata): Use explicit rules for
6601 * testsuite/Makefile.in: Use %-rules for building the -test
6602 executables, in addition to the suffix rules. Hopefully, this
6603 should make all of GNU make, BSD make and Solaris make happy.
6604 Use $(EXEEXT) and $(OBJEXT) more consistently.
6606 * examples/Makefile.in: Use explicit rules for all executable
6607 targets. Use $(EXEEXT) and $(OBJEXT) more consistently.
6609 2005-11-25 Niels Möller <niels@s3.kth.se>
6611 * testsuite/Makefile.in: Avoid using single-suffix rule to build
6614 2005-11-24 Niels Möller <niels@s3.kth.se>
6616 * Makefile.in (distdir): Use [ -f, not [ -e, since the latter
6617 is less portable, and not supported by Solaris /bin/sh.
6619 2005-11-23 Niels Möller <niels@s3.kth.se>
6621 * testsuite/Makefile.in (DISTFILES): Added teardown-env.
6622 * testsuite/teardown-env: New file. Delete files created by the
6625 2005-11-21 Niels Möller <nisse@lysator.liu.se>
6627 * testsuite/testutils.c (main): Fixed check for -v option. Spotted
6630 2005-11-21 Niels Möller <niels@s3.kth.se>
6632 * ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.
6634 2005-11-20 Niels Möller <nisse@lysator.liu.se>
6636 * Makefile.in (nettle_SOURCES): Added der2rsa.c.
6638 * testsuite/Makefile.in (TS_SH): Added pkcs1-conv-test.
6640 * tools/Makefile.in (TARGETS): Added @RSA_TOOLS@.
6641 (SOURCES): Added pkcs1-conv.c.
6642 (pkcs1-conv): New rule.
6644 * tools/pkcs1-conv.c: New program.
6646 * testsuite/pkcs1-conv-test: New file.
6648 * examples/rsa-verify-test: Use rsa-sign to create signature.
6650 * examples/io.c (read_file): Fixed spelling in error message.
6652 * rsa.h (rsa_public_key_from_der_iterator)
6653 (rsa_private_key_from_der_iterator, rsa_keypair_from_der): Declare
6656 * der2rsa.c: New file.
6658 * der-iterator.c (asn1_der_iterator_init): Initialize length and
6660 (asn1_der_iterator_next): Support for lengths >= 0x80.
6661 (asn1_der_decode_constructed_last, asn1_der_decode_bitstring)
6662 (asn1_der_decode_bitstring_last): New functions.
6663 (asn1_der_get_bignum): Check for non-mininal encodings.
6665 * configure.ac (RSA_TOOLS): New substituted variable. Includes
6666 pkcs1-conv, when public-key support is enabled.
6668 * bignum.h (nettle_asn1_der_get_bignum): Include nettle_-prefix in
6671 * asn1.h: Added name mangling defines, and a few new declarations.
6673 2005-11-13 Niels Möller <nisse@lysator.liu.se>
6675 * Makefile.in (nettle_SOURCES): Added der-iterator.c.
6676 (HEADERS): Added asn1.h.
6678 * bignum.h (asn1_der_get_bignum): Declare function.
6680 * der-iterator.c: New file.
6683 2005-11-07 Niels Möller <nisse@lysator.liu.se>
6685 * examples/nettle-benchmark.c: Check HAVE_UNISTD_H.
6687 * examples/Makefile.in (TARGETS): Use $(EXEEXT).
6688 * tools/Makefile.in (TARGETS, sexp-conv, nettle-lfib-stream): Likewise.
6690 * configure.ac: Use $host_cpu, not $host, when setting up the
6691 assembler path. Use $host_os, not uname, when setting up shared
6694 * Makefile.in (des.$(OBJEXT)): Use OBJEXT.
6696 * config.guess, config.sub: In the CVS tree, moved files to the
6697 lsh top-level directory.
6699 2005-10-23 Niels Möller <nisse@lysator.liu.se>
6701 * sparc64/arcfour-crypt.asm: New file, almost the same as
6702 sparc/arcfour-crypt.asm.
6704 * examples/nettle-benchmark.c (display): Use two decimal places.
6706 * sparc/arcfour-crypt.asm: Reorganized. Main loop unrolled four
6707 times. Uses aligned 32-bit write accesses at DST. Still uses 8-bit
6708 read accesses at SRC; could be improved int he case that SRC and
6709 DST have compatible alignment.
6711 2005-10-19 Niels Möller <niels@s3.kth.se>
6713 * testsuite/arcfour-test.c (test_main): New testcase with 512
6716 2005-10-19 Niels Möller <nisse@lysator.liu.se>
6718 * sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
6719 must order the store at [CTX+I] before the load of [CTX+SI+SJ].
6721 2005-10-18 Niels Möller <nisse@lysator.liu.se>
6723 * sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
6724 have compatible alignment. Improves performance by 20%, but I'm
6725 not sure it's worth the extra complexity.
6727 * bignum.c (nettle_mpz_from_octets): Removed sign argument. If
6728 mpz_import is available, define nettle_mpz_from_octets as a macro
6730 (nettle_mpz_from_octets): Start by setting x to zero; callers no
6731 longer need to do that.
6732 (nettle_mpz_set_str_256_s): New logic for the handling of negative
6733 numbers. Convert in the same way as for positive numbers, and then
6734 subtract the appropriate power of two.
6736 2005-10-17 Niels Möller <nisse@lysator.liu.se>
6738 * bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
6739 digit temporary (suggested by Torbjörn Granlund).
6741 * sparc/arcfour-crypt.asm: Improved instruction scheduling.
6743 * sparc/arcfour-crypt.asm: Bugfix, use lduh and stuh.
6745 * sparc/arcfour-crypt.asm: New file.
6747 * sparc64/aes.asm: Deleted unused file.
6749 * x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
6750 * asm.m4 (ARCFOUR): New struct.
6752 2005-10-17 Niels Möller <niels@s3.kth.se>
6754 * aes-internal.h (struct aes_table): Deleted idx and sparc_idx
6756 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
6757 * aes-decrypt.c (_aes_decrypt_table): Likewise.
6758 * asm.m4 (AES): Likewise
6760 2005-10-16 Niels Möller <nisse@lysator.liu.se>
6762 * tools/input.c (sexp_get_char): Use unsigned for the done flag.
6764 * sparc64/aes-encrypt-internal.asm: Include sparc/aes.m4.
6765 * sparc64/aes-decrypt-internal.asm: Likewise.
6767 * sparc64/machine.m4: Use .register pseudo op to say that we use
6768 %g2 and %g3 as scratch registers.
6770 * sparc/aes-encrypt-internal.asm: Explicitly include sparc/aes.m4.
6771 * sparc/aes-decrypt-internal.asm: Likewise.
6773 * sparc/aes.m4: New file. Moved aes-related macros here...
6774 * sparc/machine.m4: ... removed aes macros.
6776 * x86/aes-encrypt-internal.asm: Explicitly include x86/aes.m4.
6777 * x86/aes-decrypt-internal.asm: Likewise.
6779 * x86/aes.m4: New file. Moved aes-related macros here, from...
6780 * x86/machine.m4: ... removed aes macros.
6782 * sparc64/aes-encrypt-internal.asm: New file.
6783 * sparc64/aes-decrypt-internal.asm: New file.
6785 * sparc64/machine.m4: Include the same aes macros used for
6787 (BIAS): Define magic stack bias constant.
6789 * sparc/aes-encrypt-internal.asm, sparc/aes-decrypt-internal.asm:
6790 Reduced frame size to 104 bytes, since we no longer need wtxt and
6793 * sparc/aes.asm: Deleted old aes implementation.
6795 * sparc/aes-decrypt-internal.asm: New file.
6797 * sparc/machine.m4: Don't use m4 eval, instead rely on the
6798 assembler's arithmetic.
6800 * sparc/machine.m4 (AES_FINAL_ROUND): Better scheduling, by
6801 interleaving independent operations.
6803 * sparc/machine.m4 (TMP3): A third temporary register.
6804 (AES_FINAL_ROUND): Prepared for scheduling.
6806 * sparc/machine.m4 (AES_ROUND): Deleted unused argument T. Updated
6807 all calls in aes-encrypt-internal.asm.
6809 * sparc/machine.m4 (AES_ROUND): New loop invariants T0-T3, to
6810 avoid the additions of the AES_TABLEx constants in the inner loop.
6812 * sparc/machine.m4 (AES_ROUND): Better scheduling, by
6813 interleaving independent operations.
6815 * sparc/machine.m4 (AES_ROUND): Alternate between using TMP1 and
6816 TMP2, to prepare for scheduling.
6818 * sparc/aes-encrypt-internal.asm: Renamed Ti -> Xi.
6820 * sparc/aes-encrypt-internal.asm: Fixed bugs. Now passes the
6823 * sparc/machine.m4 (AES_ROUND, AES_FINAL_ROUND): Bugfixes. Put
6824 NOPs in the load dely slots.
6826 * sparc/aes-encrypt-internal.asm: Implemented. Not yet working,
6829 * sparc/machine.m4: Use TMP1 and TMP2, so we don't need to pass
6831 (AES_FINAL_ROUND): New macro.
6833 2005-10-15 Niels Möller <nisse@lysator.liu.se>
6835 * configure.ac (OBJDUMP): Substitute the program false if objdump
6838 * asm.m4 (PROLOGUE): Use TYPE_FUNCTION.
6840 * config.m4.in: Substitute ASM_TYPE_FUNCTION as TYPE_FUNCTION.
6842 * configure.ac (ASM_ELF_STYLE): Check for %function and #function,
6843 but not for @function.
6844 (ASM_TYPE_FUNCTION): New substituted variable.
6846 * configure.ac (ASM_ELF_STYLE): Fixed .type foo,@function statement
6847 used when checking for pseudo operations.
6849 * sparc/machine.m4 (AES_LOAD, AES_ROUND): Started writing new AES
6852 * sparc/aes-encrypt-internal.asm: New file.
6854 2005-10-14 Niels Möller <nisse@lysator.liu.se>
6856 * x86/aes-decrypt.asm, x86/aes-encrypt.asm: Deleted files.
6858 * x86/aes-decrypt-internal.asm: New file.
6860 * x86/machine.m4: Changed AES macros, to handle a table register.
6861 Also take more of the used registers as argument.
6863 * x86/aes-encrypt-internal.asm: Rewritten to match new interface,
6864 with the table pointer as an argument. Unlike the old code, this
6865 should really be position independent.
6867 * configure.ac: When looking for assembler files, link in
6868 aes-encrypt-internal.asm and aes-decrypt-internal.asm. Don't look
6869 for aes.asm, aes-encrypt.asm and aes-decrypt.asm.
6871 * configure.ac (OBJDUMP): Use AC_CHECK_TOOL to check for objdump.
6872 (ASM_MARK_NOEXEC_STACK): Use $OBJDUMP when examining the object file.
6874 * Makefile.in (nettle_SOURCES): Removed aes.c,
6875 aes-decrypt-table.c. Added aes-decrypt-internal.c and aes-encrypt-internal.c.
6877 * aes.c, aes-decrypt-table.c: Deleted files.
6879 * aes-decrypt.c (_aes_decrypt_table): Moved table here, and made
6882 * aes-internal.h (_aes_decrypt_table): Don't declare, it's no
6883 longer globally visible.
6885 * aes-decrypt-internal.c (_nettle_aes_decrypt): New AES decryption
6886 function, analogous to _nettle_aes_encrypt.
6888 2005-10-14 Niels Möller <niels@s3.kth.se>
6890 * aes-internal.h (AES_ROUND, AES_FINAL_ROUND): New macros.
6892 * aes-encrypt-internal.c (_nettle_aes_encrypt): New AES encryption
6893 function, avoiding the table-based indexing.
6895 * sha1-compress.c: Added debugging code.
6896 * md5-compress.c: Likewise.
6898 2005-10-13 Niels Möller <niels@s3.kth.se>
6900 * config.m4.in (ASM_MARK_NOEXEC_STACK): Use a diversion, to
6901 substitute the value of ASM_MARK_NOEXEC_STACK at the end of each
6904 * configure.ac (ASM_MARK_NOEXEC_STACK): Check if the C compiler
6905 generates a .note.GNU-stack section. If so, we should do the same
6906 in our assembler files.
6908 * sparc64/aes.asm: New file. Copy of sparc/aes.asm, with minor
6909 changes to the stack frame layout. Patch contributed by Henrik
6910 Grubbström. Not yet tested.
6912 * x86/md5-compress.asm: Skip copying of input to the stack, and
6913 don't allocate space for it.
6916 * testsuite/md5-test.c: Document intermediate values for first
6919 * configure.ac (asm_path): Check for sparc64, and use sparc64
6920 subdirectory. Link in md5-compress.asm, if it exists.
6922 2005-10-13 Niels Möller <nisse@lysator.liu.se>
6924 * x86/md5-compress.asm (REF): Fixed calculation of offset.
6926 2005-10-12 Niels Möller <nisse@lysator.liu.se>
6928 * x86/machine.m4 (OFFSET): Moved macro, used to be in...
6929 * x86/sha1-compress.asm (OFFSET): ... removed macro.
6931 * x86/md5-compress.asm: New file, with first attempt at md5
6932 assembler. Not yet working.
6934 2005-10-11 Niels Möller <nisse@lysator.liu.se>
6936 * Makefile.in (nettle_SOURCES): Added md5-compress.c.
6938 * md5.c: Reorganized to use _nettle_md5_compress, in analogy with
6941 * md5-compress.c (_nettle_md5_compress): New file and new function.
6943 2005-10-10 Niels Möller <niels@s3.kth.se>
6945 * testsuite/Makefile.in (EXTRA_SOURCES, EXTRA_TARGETS): New
6946 variables, for test cases that are not run by default.
6948 * testsuite/sha1-huge-test.c (test_main): New test case, with a
6949 very large sha1 input.
6951 * testsuite/testutils.c (test_hash_large): New function.
6953 * sha1.c (sha1_block): Deleted function; inlined where used.
6954 (SHA1_INCR): New macro for incrementing the block count.
6956 2005-10-06 Niels Möller <nisse@lysator.liu.se>
6958 * configure.ac: Bumped version to 1.14.
6960 * Released nettle-1.13.
6962 * configure.ac: Check for openssl/aes.h.
6964 * Makefile.in (distdir): Use a loop to pick up the contents of
6965 $(DISTFILES) from source and build directories. For some reason,
6966 $? failed to find stamp-h.in in the source directory.
6968 2005-10-05 Niels Möller <nisse@lysator.liu.se>
6970 * x86/aes-decrypt.asm: Use C_NAME(_nettle_aes_decrypt_table) when
6971 using the AES_SUBST_BYTE macro. Use PROLOGUE and EPILOGUE.
6972 * x86/sha1-compress.asm: Use PROLOGUE and EPILOGUE.
6973 * x86/arcfour-crypt.asm: Likewise.
6974 * x86/aes-encrypt.asm: Likewise.
6976 * config.m4.in (ELF_STYLE): Substitute configure's ASM_ELF_STYLE.
6978 * asm.m4 (PROLOGUE, EPILOGUE): New macros, checking the value of
6979 ELF_STYLE. So far, used and tested only for the x86 assembler
6980 files, and needed to make the assembler happy both with ELF
6981 (linux, solaris) and COFF (windows).
6983 * configure.ac (NM): Use AC_CHECK_TOOL to check for nm.
6984 (ASM_SYMBOL_PREFIX): Use $NM when examining the object file.
6985 (ASM_ELF_STYLE): New variable. Set to 'yes' if assembling a file
6986 with ELF-style .type and .size pseudo ops works.
6988 * Makefile.in (TARGETS, DISTFILES): Added nettle.pdf.
6989 (.texinfo.dvi, .dvi.ps, .ps.pdf): New targets, to build nettle.pdf.
6990 (DOCTARGETS): New variable with targets that shouldn't be deleted
6992 (maintainer-clean-here): New target. Deletes generated
6993 documentation files.
6995 * nettle.texinfo: Define AUTHOR with accents, when running in TeX
6996 mode, which doesn't handle latin-1 properly. Set UPDATED-FOR to
6997 1.13. Updated copyright years, and introduced a COPYRIGHT-YEARS
6998 symbol. Updated copyright section, to mention assembler
7000 (Cipher modes): Transformed the Cipher Block Chaining to a section
7001 Cipher modes, describing both CBC and the new CTR mode.
7003 * src/nettle/x86/aes_tables.asm: Deleted unused file.
7005 * x86/aes.asm: Deleted contents. This file is needed just to
7006 override aes.c, which isn't needed for the x86 implementation.
7008 * configure.ac (SHLIBMINOR): Increased minor number. Library
7009 version is now libnettle.so.2.4, soname still libnettle.so.2.
7011 * examples/nettle-benchmark.c (main): Reordered hash benchmarks.
7013 * x86/sha1-compress.asm (EXPAND): Use % 16 instead of & 15 to
7014 compute offsets mod 16, since m4 on FreeBSD 49.RELEASE and NetBSD
7015 doesn't implement & correctly in eval.
7017 2005-10-03 Niels Möller <nisse@lysator.liu.se>
7019 * x86/sha1-compress.asm (OFFSET): New macro.
7020 (F3): Eliminated a movl.
7021 (ROUND): New argument, for k. When using F3, it's TMP3, on the
7022 stack, otherwise, it is kept in TMP2, a register.
7024 2005-10-03 Niels Möller <niels@s3.kth.se>
7026 * examples/nettle-openssl.c: Use correct block sizes for openssl
7029 * examples/nettle-benchmark.c: Also display cycles per block.
7031 2005-10-02 Niels Möller <nisse@lysator.liu.se>
7033 * sha1-compress.c (_nettle_sha1_compress): Updated to new
7034 interface. Now responsible for byte conversion.
7036 * x86/sha1-compress.asm (_nettle_sha1_compress): Do byte order
7037 conversion, and store the input data on the stack. This leaves one
7038 more register free for other uses.
7040 * examples/nettle-benchmark.c: Now display cycles/byte, if the -f
7041 option is used to say what the clock frequency is.
7043 * sha1.c (sha1_block): Don't convert data from uint8_t to
7044 uint32_t, that's now the responsibility of _nettle_sha1_compress.
7046 * sha.h (_nettle_sha1_compress): Changed interface. Second
7047 argument is now a pointer to the input data in unaligned,
7050 2005-09-28 Niels Möller <niels@s3.kth.se>
7052 * sha1.c (sha1_final): Call sha1_block, don't call the compression
7053 function _nettle_sha1_compress directly.
7055 * nettle-internal.h (nettle_openssl_md5)
7056 (nettle_openssl_sha1): Declare.
7058 * examples/nettle-benchmark.c (main): Benchmark openssl md5 and
7061 * examples/nettle-openssl.c (nettle_openssl_md5)
7062 (nettle_openssl_sha1): Added glue for openssl hash functions.
7064 * nettle-internal.h (nettle_openssl_aes128, nettle_openssl_aes192)
7065 (nettle_openssl_aes256, nettle_openssl_arcfour128): Declare.
7067 * examples/nettle-benchmark.c: Check WITH_OPENSSL, not
7068 HAVE_LIBCRYPTO. Benchmark openssl's aes and arcfour code.
7070 * examples/nettle-openssl.c: Updated openssl des glue to use the
7071 new openssl des interface. Added glue for arcfour and aes.
7073 2005-09-27 Niels Möller <nisse@lysator.liu.se>
7075 * nettle.texinfo (RSA): Improved text about the RSA patent.
7076 Use @documentencoding ISO-8859-1.
7078 2005-09-07 Niels Möller <niels@s3.kth.se>
7080 * tools/sexp-conv.c (parse_options): New option --raw-hash, for
7081 compatibility with lsh-1.x. Equivalent to --hash.
7083 2005-09-06 Niels Möller <niels@s3.kth.se>
7085 * tools/sexp-conv.c (main): With --hash, output a newline after
7088 2005-07-02 Niels Möller <nisse@lysator.liu.se>
7090 * testsuite/Makefile.in (TS_SOURCES): Added ctr-test.c.
7092 * testsuite/testutils.c (test_cipher_ctr): New function.
7094 * testsuite/ctr-test.c: New file.
7096 * testsuite/cbc-test.c (test_main): Use static const for msg.
7098 * Makefile.in (nettle_SOURCES): Added ctr.c.
7099 (HEADERS): Added ctr.h.
7100 (HEADERS): Added nettle-types.h.
7101 (INSTALL_HEADERS): Install nettle-stdint.h.
7102 (distclean-here): Delete nettle-stdint.h, not nettle-types.h.
7104 * ctr.c (ctr_crypt): New file, new function.
7106 * memxor.c (memxor3): New function, suggested by Adam Langley.
7108 * nettle-internal.h (NETTLE_MAX_CIPHER_BLOCK_SIZE): New constant.
7110 * nettle.texinfo (Cipher functions): Fixed typo in prototype for
7111 arctwo_encrypt (noticed by Adam Langley).
7113 * nettle-meta.h: No longer needs to include cbc.h.
7115 * cbc.h (nettle_crypt_func): Moved typedef to nettle-types.h.
7116 (CBC_ENCRYPT, CBC_DECRYPT): Deleted older #if:ed out versions.
7118 * configure.ac (AX_CREATE_STDINT_H): Use the file name
7119 nettle-stdint.h, not nettle-types.h.
7121 * nettle-types.h: New file. Automatically generated declarations
7122 are now in nettle-stdint.h.
7124 2005-03-17 Niels Möller <niels@s3.kth.se>
7126 * config.guess: Support Solaris on x86_64. Fix by Henrik
7129 2005-01-03 Niels Möller <niels@s3.kth.se>
7131 * examples/io.h: Include RSA declarations only when public key
7132 algorithms are enabled. Problem reported by Meilof Veeningen
7135 2004-12-07 Niels Möller <nisse@lysator.liu.se>
7137 * Makefile.in: Install directories, using $(INSTALL) -d, only if
7138 they don't exist already.
7140 2004-12-05 Niels Möller <nisse@lysator.liu.se>
7142 * config.make.in (.PRECIOUS): Reverted earlier change. We need
7143 .PRECIOUS to stop GNU make from deleting object files for the test
7146 2004-12-02 Niels Möller <nisse@lysator.liu.se>
7148 * Makefile.in (.SUFFIXES): Moved from Makefile.in to...
7149 * config.make.in (.SUFFIXES): ... here. This helps compilation
7151 * testsuite/Makefile.in (.SUFFIXES): Deleted target.
7153 * config.make.in (.c): Disable default rule for BSD-make.
7155 * Makefile.in (all check install uninstall)
7156 (clean distclean mostlyclean maintainer-clean): Don't use the -C
7157 flag when invoking make, for compatibility with Solaris make.
7159 2004-12-02 Niels Möller <niels@s3.kth.se>
7161 * Makefile.in (aesdata, desdata): Commented out the explicit
7163 (shadata): Avoid using $< in non-pattern rule.
7165 2004-12-01 Niels Möller <nisse@lysator.liu.se>
7167 * config.make.in: Added a default target.
7169 2004-11-29 Niels Möller <nisse@lysator.liu.se>
7171 * testsuite/Makefile.in: Use .$(OBJEXT). Explicitly set .SUFFIXES.
7173 * Makefile.in: Use .$(OBJEXT).
7175 2004-11-28 Niels Möller <nisse@lysator.liu.se>
7177 * tools/Makefile.in (nettle-lfib-stream): Avoid using $< in
7180 * Makefile.in (distdir): Handle absolute $distdir.
7181 Avoid using the GNU extension $^.
7183 * examples/Makefile.in: Avoid using the GNU extension $^.
7184 * tools/Makefile.in: Likewise.
7185 * testsuite/Makefile.in: Likewise.
7187 2004-11-24 Niels Möller <niels@s3.kth.se>
7189 * configure.ac: Fixed typo, preventing the creation of dependency
7192 2004-11-23 Niels Möller <nisse@lysator.liu.se>
7194 * Makefile.in: Use DEP_INCLUDE.
7195 * tools/Makefile.in: Likewise.
7196 * testsuite/Makefile.in: Likewise.
7197 * examples/Makefile.in: Likewise.
7199 * configure.ac (dummy-dep-files): Generate only of dependency
7200 tracking is enabled.
7202 2004-11-18 Niels Möller <nisse@lysator.liu.se>
7204 * Makefile.in (clean-here): The clean target should not delete the
7205 dependency files. Moved to the distclean target.
7206 * examples/Makefile.in: Likewise.
7207 * testsuite/Makefile.in: Likewise.
7208 * tools/Makefile.in: Likewise.
7210 * configure.ac (ASM_SYMBOL_PREFIX): Fixed test.
7211 (dummy-dep-files): Added quotes to sed command.
7213 2004-11-17 Niels Möller <nisse@lysator.liu.se>
7215 * testsuite/symbols-test: Try plain nm if nm -g doesn't work.
7217 * x86/sha1-compress.asm: Use C_NAME for global symbols.
7218 * x86/aes-encrypt.asm: Likewise.
7219 * x86/aes-decrypt.asm: Likewise.
7220 * x86/arcfour-crypt.asm: Likewise.
7222 * Makefile.in (config.m4): New rule.
7224 * config.m4.in (C_NAME): New macro.
7226 * configure.ac (ASM_SYMBOL_PREFIX): Check if global symbols have a
7229 2004-11-16 Niels Möller <nisse@lysator.liu.se>
7231 * Deleted getopt.c, getopt.h and getopt1.c from the CVS tree. Link
7232 them from shared copies in lsh/misc instead.
7234 2004-11-14 Niels Möller <nisse@lysator.liu.se>
7236 * Makefile.in (DEP_FILES): Try include with only one macro
7237 argument to be expanted.
7239 * configure.ac (dummy-dep-files): Create dummy dependency files,
7240 so that they can be included by the makefiles.
7242 2004-11-13 Niels Möller <nisse@lysator.liu.se>
7244 * Makefile.in: Don't use -include, as it's GNU make specific.
7245 * examples/Makefile.in, tools/Makefile.in, testsuite/Makefile.in:
7248 * examples/nettle-openssl.c: Check WITH_OPENSSL, not HAVE_LIBCRYPTO.
7250 * configure.ac: Check for individual openssl headers blowfish.h,
7251 cast.h, des.h. Renamed symbol HAVE_LIBCRYPTO to WITH_OPENSSL. New
7252 configure option --disable-openssl.
7254 2004-11-04 Niels Möller <nisse@lysator.liu.se>
7256 * configure.ac: Bumped version to 1.13.
7258 * Released nettle-1.12.
7260 2004-11-04 Niels Möller <niels@s3.kth.se>
7262 * nettle.texinfo (UPDATED-FOR): Bumped to 1.12.
7264 2004-11-02 Niels Möller <nisse@lysator.liu.se>
7266 * nettle.texinfo (Cipher functions): Updated AES documentation,
7267 for aes_set_encrypt_key and aes_set_decrypt_key.
7268 (UPDATED-FOR): Set to 1.11. I think the manual should be updated
7269 with all user-visible changes.
7271 * aclocal.m4 (LSH_DEPENDENCY_TRACKING): Need extra quoting in case
7272 pattern. (This file really lives in the lsh tree, as
7273 lsh/acinclude.m4. For a complete ChangeLog, see lsh/Changelog).
7275 2004-10-26 Niels Möller <nisse@lysator.liu.se>
7277 * configure.ac: Bumped version to 1.12.
7279 * Released nettle-1.11.
7281 * Makefile.in (clean-here): Delete *.s files.
7282 (PRE_CPPFLAGS): Use this variable, not INCLUDES. Removed
7285 * x86/arcfour-crypt.asm: Use movzbl when extending %cl to 32 bits.
7287 2004-10-24 Niels Möller <nisse@lysator.liu.se>
7289 * x86/arcfour-crypt.asm: Reverted the latest two changes; update
7290 bost src and dst pointers in the loop, and use plain addb when
7291 updating j. These two previous changes slowed the code down on AMD
7294 2004-10-21 Niels Möller <nisse@lysator.liu.se>
7296 * Makefile.in (install-shared): Use $(INSTALL_PROGRAM).
7298 * configure.ac (SHLIBMINOR): Updated, shared library version is
7299 now libnettle.so.2.3, soname still libnettle.so.2.
7301 * Makefile.in (DISTFILES): Added asm.m4.
7303 2004-10-21 Niels Möller <niels@s3.kth.se>
7305 * examples/Makefile.in: Deleted all configure-related rules,
7306 except the one rebuilding this Makefile. One should run make at
7307 top level if other configure related files change.
7308 * tools/Makefile.in: Likewise.
7309 * testsuite/Makefile.in: Likewise.
7311 * configure.ac: Replaced AC_OUTPUT(list...) with an AC_OUTPUT
7312 without arguments, and AC_CONFIG_FILES listing the files.
7314 * Makefile.in: Changed the assembler rules as suffix rules.
7315 Rewrote the configure-related rules, mostly based on the example
7316 in the autoconf manual.
7318 2004-10-20 Niels Möller <nisse@lysator.liu.se>
7320 * examples/nettle-openssl.c (NCOMPAT): Disable openssl backwards
7323 * config.make.in: Insert $(PRE_CPPFLAGS) and $(PRE_LDFLAGS) before
7324 $(CPPFLAGS) and $(LDFLAGS). This mechanism replaces $(INCLUDES).
7326 * examples/Makefile.in (PRE_CPPFLAGS, PRE_LDFLAGS): Use these
7327 flags to get -I.. and -L.. early on the command line.
7328 * testsuite/Makefile.in: Likewise
7329 * tools/Makefile.in: Likewise.
7331 2004-10-20 Niels Möller <niels@s3.kth.se>
7333 * Makefile.in: In the assembler rules, there's no need to look in
7334 $(srcdir) for the input file.
7336 * x86/arcfour-crypt.asm: Reduced inner loop by one instruction, by
7337 precomputing the offset between src and dst.
7339 * tools/Makefile.in (.c.$(OBJEXT)): Removed redundant -I.. flag.
7341 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replaced addb ->
7342 addl + andl $0xff, improving speed on PPro by another 15%.
7344 2004-10-20 Niels Möller <nisse@lysator.liu.se>
7346 * tools/Makefile.in (install): Support DESTDIR.
7347 (uninstall): New target.
7349 * testsuite/Makefile.in (uninstall): New dummy target.
7351 * config.sub: Copied from automake-1.8.5.
7353 * examples/Makefile.in (SOURCES): Added rsa-sign.c and rsa-verify.c.
7354 (DISTFILES): Added getopt.h.
7355 (install uninstall): New dummy targets.
7357 * config.make.in (.PHONY): Added more targets.
7359 * Makefile.in (.texinfo.info, .texinfo.html): New targets. Added
7360 support for uninstall and DESTDIR. Various fixes to install and
7363 * examples/Makefile.in (INCLUDES): Added -I flags.
7364 (distdir): Use $^ to refer to the files.
7365 (distclean): New target.
7366 * testsuite/Makefile.in: Likewise.
7367 * tools/Makefile.in: Likewise.
7369 * Makefile.in (INCLUDES): Need -I flags for VPATH build.
7370 (clean distclean mostlyclean maintainer-clean): Clean
7371 subdirectories first.
7372 (DISTFILES): Added a bunch of files.
7373 (des_headers): Added desCore rules.
7374 (install-here): Split off target install-headers, which uses $^ to
7376 (distdir): Use $^ to refer to the files.
7379 * config.make.in (COMPILE): Add $(INCLUDE) to the line.
7381 2004-10-19 Niels Möller <nisse@lysator.liu.se>
7383 Stop using automake. Replaced each Makefile.am with a hand-written
7385 * configure.ac: New output variable CCPIC_MAYBE. New output file
7386 config.make. Replaced automake constructions.
7387 * .bootstrap: Don't run aclocal and automake.
7388 * config.make.in: New file, with shared Makefile variables and rules.
7390 2004-10-18 Niels Möller <nisse@lysator.liu.se>
7392 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replace incb ->
7393 incl + andl, to improve speed on PPro and PII. Suggested by
7396 2004-10-08 Niels Möller <niels@s3.kth.se>
7398 * examples/rsa-encrypt-test: Avoid reading and executing a file at
7400 * examples/setup-env: Likewise.
7402 2004-10-06 Niels Möller <niels@s3.kth.se>
7404 * testsuite/symbols-test: Ignore __i686.get_pc_thunk.bx and
7407 2004-10-05 Niels Möller <nisse@lysator.liu.se>
7409 * twofish.c (q_table): Use a const pointer array.
7411 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Use a const pointer
7412 array for the keywords.
7413 (dsa_signature_from_sexp): Likewise.
7414 * sexp2rsa.c (rsa_keypair_from_sexp_alist): Likewise.
7415 (rsa_keypair_from_sexp): Likewise.
7417 * sexp.c (sexp_iterator_check_types): Use an argument of type
7418 "const uint8_t * const *" for the types list.
7419 (sexp_iterator_assoc): Likewise, for the keys list.
7421 * list-obj-sizes.awk: Fixes to handle multiple .data and .rodata
7422 sections. Also fixed to handle the last file correctly.
7424 2004-09-23 Niels Möller <nisse@lysator.liu.se>
7426 * configure.ac (SHLIBLINK, SHLIBLIBS): On cygwin, linking needs
7427 -Wl,--whole-archive $(OBJECTS) -Wl,--no-whole-archive $(LIBS).
7429 2004-09-22 Niels Möller <niels@s3.kth.se>
7431 * configure.ac: Setup SHLIBFORLINK and friends for cygwin.
7433 * list-obj-sizes.awk: Strip *_a-prefix from all file names.
7435 * Makefile.am (libnettle_a_SOURCES): List only .c files. Headers
7436 moved to noinst_HEADERS.
7437 (SHLIBOBJECTS): Substitute from libnettle_a_SOURCES, not
7438 am_libnettle_a_OBJECTS, since the latter includes
7439 libnettle_a-prefixes with some automake versions.
7440 (SHLIBSONAME): Check if this name is empty, which is the case on
7441 cygwin, before using it.
7443 2004-08-31 Niels Möller <nisse@lysator.liu.se>
7445 * configure.ac: New command line option --disable-pic. Use
7448 * Makefile.am (libnettle_a_CFLAGS): Added $(CCPIC), to attempt to
7449 build also the static library as position independent code.
7451 2004-08-24 Niels Möller <nisse@lysator.liu.se>
7453 * des-compat.c (des_cbc_cksum): Pad input with NUL's, if it's not
7454 an integral number of blocks.
7456 2004-08-24 Niels Möller <niels@s3.kth.se>
7458 * testsuite/arctwo-test.c, arctwo.h, arctwo.c
7459 (arctwo_set_key_ekb): Fixed typo; it should be "ekb", not "ebk".
7461 Integrated arctwo patch from Simon Josefsson.
7462 * testsuite/Makefile.am (noinst_PROGRAMS): Added arctwo-test.
7464 * Makefile.am (libnettleinclude_HEADERS): Added arctwo.h.
7465 (libnettle_a_SOURCES): Added arctwo.c, arctwo.h and arctwo-meta.c.
7467 * nettle-meta.h (nettle_arctwo40, nettle_arctwo64)
7468 (nettle_arctwo64, nettle_arctwo_gutmann128): Declare ciphers.
7470 * arctwo-meta.c, arctwo.c, arctwo.h, testsuite/arctwo-test.c: New
7473 * macros.h (LE_READ_UINT16, LE_WRITE_UINT16): New macros.
7475 2004-08-23 Niels Möller <nisse@lysator.liu.se>
7477 * testsuite/md5-test.c (test_main): Added collision, found in 2004.
7478 (test_main): Added second collision.
7480 2004-08-23 Niels Möller <niels@s3.kth.se>
7482 * testsuite/md5-test.c (test_main): Added first half of a
7483 collision test case.
7485 * des-compat.c (des_cbc_cksum): Changed input argument to be of
7486 type const uint8_t * (was const des_cblock *).
7488 * des-compat.h (const_des_cblock): New bogus type. Disabled use of
7489 const, for compatibility with openssl.
7491 2004-06-08 Niels Möller <niels@s3.kth.se>
7493 * aesdata.c: Renamed log and ilog to gf2_log and gf2_exp.
7495 2004-04-07 Niels Möller <nisse@lysator.liu.se>
7497 * aes-set-encrypt-key.c (log, ilog): Deleted unused tables.
7499 * aes-set-decrypt-key.c (gf2_log, gf2_exp, mult): Renamed tables,
7502 2004-03-20 Niels Möller <nisse@lysator.liu.se>
7504 * configure.ac: Use AC_CONFIG_AUX_DIR([.]).
7506 2004-03-18 Niels Möller <niels@s3.kth.se>
7508 * examples/io.c (read_file): Display a message if fopen fails.
7510 2004-03-05 Niels Möller <nisse@lysator.liu.se>
7512 * Released nettle-1.10.
7514 * configure.ac (SHLIBMINOR): Shared library version is now 2.2.
7516 2004-03-04 Niels Möller <nisse@lysator.liu.se>
7518 * testsuite/symbols-test: Pass -g flag to nm.
7520 2004-03-02 Niels Möller <nisse@lysator.liu.se>
7522 * configure.ac: Fixed EXEEXT workaround.
7524 2004-03-02 Niels Möller <niels@s3.kth.se>
7526 * configure.ac: Added workaround to get the correct $(EXEEXT)=''
7527 when compiling with rntcl.
7529 2004-03-02 Niels Möller <nisse@lysator.liu.se>
7531 * testsuite/Makefile.am (noinst_PROGRAMS): Put test program list
7532 here, to let automake add $(EXEEXT).
7534 * configure.ac (RSA_EXAMPLES): Append $(EXEEXT) to the filenames.
7536 2004-03-01 Niels Möller <nisse@lysator.liu.se>
7538 * examples/rsa-keygen.c, examples/rsa-encrypt.c,
7539 examples/rsa-decrypt.c: Include "getopt.h" instead of <unistd.h>.
7541 * examples/Makefile.am (rsa_encrypt_SOURCES, rsa_decrypt_SOURCES)
7542 (rsa_keygen_SOURCES): Added getopt.h, getopt.c and getopt1.c.
7544 * examples/getopt.h, examples/getopt.c, examples/getopt1.c: New
7547 * testsuite/des-compat-test.c: Don't include <unistd.h>.
7549 * testsuite/testutils.c (main): Don't use getopt. Then we don't
7550 need to include <unistd.h>.
7552 2004-03-01 Niels Möller <niels@s3.kth.se>
7554 * config.guess: Copied from automake-1.8.2. Hacked to recognize
7555 Windows_NT (and Windows_95 and Windows_98) running on "x86" and
7558 * install-sh: Removed from CVS repository. Let automake supply it.
7560 2004-02-26 Niels Möller <nisse@lysator.liu.se>
7562 * nettle-meta.h (nettle_crypt_func): Typedef moved to cbc.h.
7563 Include cbc.h instead.
7565 * des-compat.c: Reverted const change, now all the des_key_sched
7566 arguments are not const. This is also what openssl's interface
7568 (cbc_crypt_func): Deleted typedef, use nettle_crypt_func instead.
7570 * cbc.h (nettle_crypt_func): Moved typedef here.
7571 * cbc.c (cbc_encrypt, cbc_decrypt_internal, cbc_decrypt): Use it
7572 for typing the f argument. Reverted the const change, for
7573 compatibility with nettle_crypt_func.
7575 2004-02-25 Niels Möller <nisse@lysator.liu.se>
7577 * testsuite/des-compat-test.c: Use des_cblock for typing more of
7578 the variables. Use const. Got rid of most of the explicit casts.
7579 Disabled the input/output alignment tests.
7581 * des.c (des_encrypt, des_decrypt): Use a const context pointer.
7582 * des3.c (des3_encrypt, des3_decrypt): Likewise.
7584 * cbc.c (cbc_encrypt, cbc_decrypt): Use a _const_ void *ctx argument.
7586 * des-compat.c: Use const for all unchanged arguments.
7587 (des_key_sched): Use a copy of the key if we need to fix the
7590 * testsuite/des-compat-test.c (C_Block, Key_schedule): Deleted
7591 defines. Deleted some of the explicit casts.
7593 * des-compat.c (des_cbc_cksum): Dereference DST pointer.
7595 2004-02-25 Niels Möller <niels@s3.kth.se>
7597 * pgp.h: Include nettle-types.h.
7599 2004-02-24 Niels Möller <nisse@lysator.liu.se>
7601 * testsuite/symbols-test: Allow symbols starting with double
7602 underscores, like on darwin.
7604 2004-02-17 Niels Möller <niels@s3.kth.se>
7606 * Makefile.am: Protected %-rules used for building pure objects,
7607 and for assembler files, by automake conditionals. Needed for
7608 makes such as tru64's, which tries to understand %-patterns, but
7609 doesn't get it right.
7610 (SUFFIXES): Added .html.
7611 (.texinfo.html): Rewrote rule to use a traditional suffix target.
7613 * configure.ac (enable_assembler): Explicitly set
7614 enable_assembler=no, on architectures where we have no assembler
7616 (ENABLE_ASSEMBLER, ENABLE_SHARED): New automake conditionals.
7618 * testsuite/testutils.c (xalloc): xalloc(0) should work also on
7619 systems where malloc(0) returns NULL.
7621 2004-02-16 Niels Möller <niels@s3.kth.se>
7623 * Makefile.am (%.o: %.asm): Added comment about OSF1 make problem.
7625 2004-02-15 Niels Möller <nisse@lysator.liu.se>
7627 * testsuite/testutils.h: #include nettle-types.h instead of
7630 2004-02-12 Niels Möller <nisse@lysator.liu.se>
7632 * examples/rsa-encrypt-test: Use -r option when invoking
7633 rsa-encrypt. Needed for the test to work on systems with no
7636 2004-02-12 Niels Möller <niels@s3.kth.se>
7638 * configure.ac (CPPFLAGS, LDFLAGS): No spaces after -I and -L, as
7639 some C compilers, in particular True64 cc, don't like that.
7641 2004-02-08 Niels Möller <nisse@lysator.liu.se>
7643 * configure.ac: Bumped version number to 1.10.
7645 2004-02-07 Niels Möller <nisse@lysator.liu.se>
7647 * Released nettle-1.9.
7649 * configure.ac (SHLIBMINOR): Bumped, library version is now 2.1.
7651 * testsuite/sexp-format-test.c: Include bignum.h only if HAVE_LIBGMP.
7652 * testsuite/rsa-encrypt-test.c: Include rsa.h only if WITH_PUBLIC_KEY.
7653 * testsuite/pkcs1-test.c: Include pkcs1.h only if WITH_PUBLIC_KEY.
7655 * pgp-encode.c [!HAVE_LIBGMP]: Kludge around the pgp.h's
7656 dependency on gmp.h.
7657 (pgp_put_mpi): Condition on HAVE_LIBGMP.
7659 * pgp.h: Don't include bignum.h, to make it possible to compile
7660 the non-bignum parts of pgp-encode.c without bignum support. Needs
7661 to be fixed properly before the pgp interface is advertised.
7663 * tools/sexp-conv.c (xalloc): New function.
7666 * tools/output.c (sexp_put_digest): Use TMP_DECL instead of alloca.
7668 * testsuite/testutils.c (xalloc): New function. Made all other
7669 functions use xalloc instead of alloca.
7671 * examples/rsa-keygen.c (main): Use xalloc for allocation.
7672 * examples/rsa-encrypt.c (write_bignum): Likewise.
7673 * examples/rsa-decrypt.c (read_bignum): Likewise.
7674 * testsuite/yarrow-test.c (open_file): Likewise.
7675 * testsuite/rsa-encrypt-test.c (test_main): Likewise.
7676 * testsuite/bignum-test.c (test_bignum): Likewise.
7678 * examples/nettle-openssl.c: When calling des_key_sched and
7679 des_ecb_encrypt, cst arguments to (void *). Openssl's typedefs
7680 des_cblock and const_des_cblock are too broken.
7682 * examples/nettle-benchmark.c (xalloc): New function. Use instead
7683 of alloca, for better portability.
7685 * examples/io.c (xalloc): New function.
7687 * Makefile.am (nodist_libnettleinclude_HEADERS): nettle-types.h
7688 should not be distributed.
7690 2004-02-06 Niels Möller <niels@s3.kth.se>
7692 * x86/sha1-compress.asm: Rename round -> ROUND.
7694 * x86/sha1-compress.asm: Store the magic constants on stack.
7695 Accessing them via %esp should be a little faster than using large
7698 * Makefile.am (EXTRA_DIST, DISTCLEANFILES): Handle
7701 * configure.ac: Use assembler file sha1-compress.asm if available.
7703 * x86/sha1-compress.asm (EXPAND): Fixed the rotation part of the
7706 2004-02-06 Niels Möller <nisse@lysator.liu.se>
7708 * x86/sha1-compress.asm: Assembler implementation of
7709 sha1_compress. (Not yet working).
7711 * Makefile.am (libnettle_a_SOURCES): Added sha1-compress.c.
7713 * sha1.c (sha1_transform): Function renamed to sha1_compress, and
7715 * sha1-compress.c: ... New file.
7717 2004-02-05 Niels Möller <nisse@lysator.liu.se>
7719 * examples/rsa-encrypt.c (process_file): Copy the leftover to the
7720 start of the buffer, when preparing for the final processing.
7722 * examples/nettle-benchmark.c (bench_hash, time_hash): New functions.
7723 (main): Benchmark hash functions too.
7724 (BENCH_BLOCK): Increased 10K.
7725 (BENCH_INTERVAL): Decreased to 0.25s.
7727 * examples/nettle-benchmark.c (time_function): Loop around calling
7728 f, until 1s has elapsed. Returns seconds per call. Updated bench
7729 functions to not loop themselves.
7730 (display): Updated MB/s calculation.
7732 * testsuite/arcfour-test.c (test_main): Use test_cipher_stream.
7734 * testsuite/testutils.c (test_cipher_stream): New function, that
7735 tries dividing the input into varying size blocks before
7738 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Bug fix, half of
7739 the S array swap was forgotten.
7740 * arcfour.c (arcfour_stream): Likewise.
7741 * arcfour-crypt.c (arcfour_crypt): Likewise.
7743 2004-02-05 Niels Möller <niels@s3.kth.se>
7745 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Must store the new
7746 i, j at the end of the loop.
7748 * Makefile.am (EXTRA_DIST): Make sure x86 assembler files are
7750 (DISTCLEANFILES): And that the symlinks and .s files are deleted.
7752 * x86/aes-encrypt.asm, x86/aes-decrypt.asm, x86/arcfour-crypt.asm:
7753 Fixed debug information.
7755 * x86/arcfour-crypt.asm: New file. About three times faster than
7756 the optimized C code.
7758 * configure.ac: Use assembler file arcfour-crypt.asm if available.
7760 * arcfour.c (arcfour_crypt): Moved function too...
7761 * arcfour-crypt.c (arcfour_crypt): New file.
7763 * arcfour.c (arcfour_crypt): Optimization suggested by Jonas
7764 Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
7765 probably on other architectures as well.
7767 2004-01-31 Niels Möller <nisse@lysator.liu.se>
7769 * configure.ac (AX_CREATE_STDINT_H): Also look for uint32_t and
7770 friends in sys/types.h.
7772 2004-01-11 Niels Möller <nisse@harpo.hack.org>
7774 * Makefile.am (libnettleinclude_HEADERS): Added bignum.h,
7775 memxor.h, pkcs1.h and rsa-compat.h.
7777 * configure.ac: Bumped version to 1.9.
7779 2004-01-10 Niels Möller <nisse@harpo.hack.org>
7781 * Released nettle-1.8.
7783 * examples/teardown-env: Delete more test files.
7785 * nettle.texinfo (Hash functions): Documented md2 and md4.
7787 * configure.ac (SHLIBMAJOR): Bumped to 2.
7789 2004-01-09 Niels Möller <nisse@harpo.hack.org>
7791 * examples/rsa-encrypt-test: New testcase.
7793 * examples/rsa-encrypt.c, examples/rsa-session.h: Expanded the
7794 comment describing the file format, and moved to rsa-session.h.
7796 * examples/rsa-decrypt.c (process_file): Finished this function.
7797 (main): Initialize x. Check the size of the session key after rsa
7800 * examples/io.c (write_string): Treat short item count as an error.
7802 2004-01-08 Niels Möller <niels@s3.kth.se>
7804 * index.html: Added instructions for CVS access.
7806 * dsa-keygen.c (dsa_nist_gen): Fixed declaration/statement order.
7808 * rsa-keygen.c (bignum_next_prime): Fixed off-by-one error when
7809 comparing input to the largest listed prime. General cleanup, as
7810 prime_limit > 0 always. Use TMP_DECL and TMP_ALLOC.
7812 * nettle-internal.h (TMP_DECL, TMP_ALLOC): New macros. When alloca
7813 is unavailable, they work by allocating a fix amount of stack and
7814 imposing a hard limit on what can be allocated. Updated all users
7817 2004-01-07 Niels Möller <nisse@harpo.hack.org>
7819 * nettle-types.h: New (generated) file, to be used instead of
7820 including <inttypes.h> directly. Updated all users of inttypes.h.
7822 * Makefile.am (DISTCLEANFILES, libnettleinclude_HEADERS): Added
7825 * configure.ac (AX_CREATE_STDINT_H): Create nettle-types.h.
7827 2003-11-16 Niels Möller <nisse@harpo.hack.org>
7829 * yarrow256.c (yarrow256_seed): Use const for the seed_file input.
7831 2003-11-12 Niels Möller <niels@s3.kth.se>
7833 * list-obj-sizes.awk: New function for decoding hex values, with a
7834 new function hex2int. Also implemented calculation of total
7835 storage, removed the dependence on the .comment section, and use
7836 the $FILTER environment variable as a regexp for restricting the
7837 object files that are considered.
7839 2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
7841 * testsuite/rsa-encrypt-test.c (test_main): Don't use gmp_printf,
7842 as it seems it's only available with the newer gmp. Use
7843 mpz_out_str instead.
7845 2003-09-19 Niels Möller <niels@s3.kth.se>
7847 * examples/Makefile.am (EXTRA_DIST): Added rsa-session.h.
7849 * tools/nettle-lfib-stream.c: New tool, which outputs a sequence
7850 of pseudorandom (non-cryptographic) bytes, using Knuth's lagged
7851 fibonacci generator.
7853 * examples/rsa-decrypt.c: Fixes to get the file to compile. It
7856 * examples/Makefile.am (EXTRA_PROGRAMS): Added rsa-encrypt and
7859 * examples/io.c (write_file): New function.
7860 (write_string): Simplified error check, it's no real point in
7861 calling ferror unless we also call fflush.
7863 * examples/rsa-keygen.c (main): Check return value from
7866 * examples/rsa-decrypt.c, examples/rsa-encrypt.c,
7867 examples/rsa-session.h: New files, demonstrating rsa encryption
7870 * configure.ac (RSA_EXAMPLES): Added rsa-encrypt and rsa-decrypt.
7872 2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
7874 * testsuite/testutils.c (print_hex): Use const.
7876 2003-08-30 Niels Möller <niels@s3.kth.se>
7878 * md2.c, md2.h: Added reference to RFC 1319.
7879 * md4.c, md4.h: Added reference to RFC 1320
7881 2003-08-26 Niels Möller <niels@s3.kth.se>
7883 * Makefile.am: Added md2 and md5 files. Deleted the print-path
7886 * configure.ac: Bumped version to 1.8.
7888 * testsuite/testutils.c (test_rsa_set_key_1): New function.
7889 * testsuite/rsa-test.c (test_main): Use it.
7891 * testsuite/dsa-keygen-test.c: Deleted definition of UNUSED, it's
7893 * testsuite/rsa-keygen-test.c: Likewise.
7895 * testsuite/Makefile.am (TS_PROGS): Added rsa-encrypt-test,
7896 md4-test, and md2-test.
7898 * testsuite/rsa-encrypt-test.c, testsuite/md4-test.c,
7899 testsuite/md2-test.c: New test cases.
7901 * nettle-meta.h: Declare nettle_md2 and nettle_md4.
7903 * md5.c: Reorderd functions, putting md5_final at the end.
7905 * md2.c, md2.h, md2-meta.c: New files, implemented md2.
7906 * md4.c, md4.h, md4-meta.c: New files, implemented md4.
7908 2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
7910 * desCode.h (des_keymap, des_bigmap): Deleted extern declarations,
7911 they conficted with the static definition in des.c. Reported by
7914 * des.c (DesSmallFipsEncrypt, DesSmallFipsDecrypt): Moved
7915 definitions after the definition of the des_kemap array.
7917 2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
7919 * rsa-encrypt.c (rsa_encrypt): Bugfix contributed by
7922 2003-06-10 Niels Möller <niels@s3.kth.se>
7924 * Makefile.am (EXTRA_DIST): Distribute sha-example.c.
7926 2003-06-05 Niels Möller <nisse@lysator.liu.se>
7928 * Makefile.am (DISTCLEANFILES): Delete .s files.
7930 2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
7932 * testsuite/symbols-test: And allow symbols that start at the
7933 beginning of the line, as output by AIX nm.
7935 2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
7937 * testsuite/symbols-test: Allow symbols to start with a dot.
7939 2003-05-14 Niels Möller <niels@s3.kth.se>
7941 * pgp.h (enum pgp_subpacket_tag): Copied values from RFC 2440.
7942 Renamed PGP_SUBPACKET_ISSUER to PGP_SUBPACKET_ISSUER_KEY_ID.
7944 2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
7946 * pgp.h: Do proper namemangling for pgp_put_public_rsa_key and
7947 pgp_put_rsa_sha1_signature.
7949 * pgp-encode.c (pgp_put_mpi): Fixed nettle_mpz_get_str_256 call.
7951 2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
7953 * rsa2openpgp.c (rsa_keypair_to_openpgp): Some bugfixes.
7955 * pgp.h (enum pgp_subpacket_tag): New enum. Definition is bogus
7956 and needs to be fixed.
7957 Added forward declarations of structs, and prototypes for
7958 pgp_put_public_rsa_key and pgp_put_rsa_sha1_signature.
7960 * pgp-encode.c (pgp_put_mpi): Take a const mpz_t argument. Gugfix,
7961 use nettle_mpz_get_str_256.
7962 (pgp_put_public_rsa_key, pgp_put_rsa_sha1_signature):
7963 Constification. Some bugfixes.
7965 * Use "config.h", not <config.h>.
7967 * Reordered includes in most or all .c-files. All should now
7970 2003-05-12 Niels Möller <niels@s3.kth.se>
7972 * configure.ac: Use LSH_FUNC_ALLOCA.
7974 2003-04-25 Niels Möller <niels@s3.kth.se>
7976 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha256.c.
7978 * testsuite/hmac-test.c (test_main): Added tests for hmac-sha256,
7979 from draft-ietf-ipsec-ciph-sha-256-01.txt.
7981 * hmac-sha256.c (hmac_sha256_digest): New file.
7983 2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
7985 * sha-example.c (display_hex): Simplified by using printf better.
7987 * nettle.texinfo (Example): Use @verbatiminclude to include the
7990 * sha-example.c: Example program, for inclusion in the manual.
7991 Fixed bugs reported by Mark Arking.
7993 2003-04-14 Niels Möller <niels@s3.kth.se>
7995 * x86/aes-encrypt.asm (nettle_aes_encrypt): Fixed references to
7996 _nettle_aes_encrypt_table.
7997 * x86/aes-decrypt.asm (nettle_aes_decrypt): Fixed references to
7998 _nettle_aes_decrypt_table.
8000 2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
8002 * testsuite/Makefile.am (TS_SH): New test case symbols-test.
8003 (EXTRA_PROGRAMS): Added testutils, as a kludge to
8004 get automake to track dependencies for testutils.o.
8006 * x86/aes-encrypt.asm (nettle_aes_encrypt): Renamed function to
8007 use the nettle_ prefix.
8008 * x86/aes-decrypt.asm (nettle_aes_decrypt): Likewise.
8009 * sparc/aes.asm (_nettle_aes_crypt): Likewise.
8011 * examples/Makefile.am (EXTRA_PROGRAMS): Add "io", as a kludge to
8012 get automake to track dependencies for io.o.
8013 (LDADD): Added ../libnettle.a, for the dependency.
8015 * des-compat.c: Use names with the nettle_ prefix when using
8016 Nettle's des functions.
8018 * base16-meta.c (base16_encode_update): Need to undef before
8021 * New name mangling, to reduce the risk of link collisions. All
8022 functions (except memxor) now use a nettle_ or _nettle prefix when
8023 seen by the linker. For most functions, the header file that
8024 declares a function also use #define to provide a shorter more
8025 readable name without the prefix.
8027 2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
8029 * Released nettle-1.7.
8031 * configure.ac: Bumped version to 1.7.
8033 * nettle.texinfo (DSA): New section.
8034 (RSA): Updated documentation.
8036 2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
8038 * examples/nettle-benchmark.c (time_cipher): Don't use GNU C
8039 non-constant initializers.
8041 2003-02-23 Niels Moller <nisse@carduelis>
8043 * configure.ac: Use LSH_GCC_ATTRIBUTES.
8045 2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
8047 * acinclude.m4: Deleted file from cvs, use a link to lsh's
8048 acinclude.m4 instead.
8050 2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
8052 * Makefile.am (libnettleinclude_HEADERS): Added macros.h.
8054 * tools/Makefile.am (EXTRA_DIST): Added getopt.h.
8056 2003-02-14 Niels Möller <niels@s3.kth.se>
8058 * Makefile.am (print_path): Added target to print the used PATH,
8060 (print-path): Moved dependency to all-local.
8062 2003-02-11 Niels Möller <niels@s3.kth.se>
8064 * buffer.c (nettle_buffer_copy): Bug fix, it didn't return any
8067 2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
8069 * testsuite/sexp-format-test.c (test_main): Added test for %( and
8072 * sexp-format.c (sexp_vformat): Handle %( and %).
8074 * realloc.c (nettle_xrealloc): Fixed out-of-memory check.
8076 * configure.ac (SHLIBMAJOR): Bumped version number to 1.
8078 * buffer.c (nettle_buffer_init_realloc): New function.
8079 * buffer-init.c (nettle_buffer_init): Use nettle_buffer_init_realloc.
8081 2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
8083 * testsuite/sexp-format-test.c (test_main): New test with tokens
8084 in the format string.
8085 (test_main): Test space-searated literals too.
8087 * rsa2sexp.c (rsa_keypair_to_sexp): New argument ALGORITHM_NAME.
8088 * examples/rsa-keygen.c (main): Updated call to rsa_keypair_to_sexp.
8089 * testsuite/rsa2sexp-test.c (test_main): Likewise.
8091 * sexp-format.c (sexp_vformat): Allow whitespace in format string.
8093 * rsa2sexp.c (rsa_keypair_to_sexp): Use literals with sexp_format.
8095 * sexp-format.c (format_string): New function.
8096 (sexp_vformat): Implemented support for literals in the format
8099 2003-02-06 Niels Möller <nisse@lysator.liu.se>
8101 * testsuite/sexp-conv-test (print_raw, print_nl): New functions.
8102 The testfunctions use these instead of using echo directly.
8103 Use the test input '3:"\x' instead of '2:"\', to be friendlier to
8106 2003-02-05 Niels Möller <nisse@lysator.liu.se>
8108 * des-compat.h (des_set_key): Different name mangling, if this
8109 file is included, des_set_key should refer to a function that
8110 behaves like openssl's.
8112 * des-compat.c (des_key_sched, des_is_weak_key): Use the name
8113 nettle_des_set_key for referring to Nettle's function.
8115 * des.h (des_set_key): Name mangling, linker symbols should use a
8116 "nettle_" prefix, and this one collided with openssl. Perhaps all
8117 symbols should be mangled in a similar way, but that's for later.
8119 * configure.ac (LDFLAGS): --with-lib-path should add to LDFLAGS,
8122 2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
8124 * tools/output.c (sexp_put_string): Fixed handling of escapable
8125 characters. The code generated random escape sequences for
8126 characters in the 0x10-0x1f range.
8128 * testsuite/sexp-conv-test: More tests for hex and base64 input
8131 2003-01-30 Niels Möller <niels@s3.kth.se>
8133 * sexp2bignum.c (nettle_mpz_set_sexp): Call sexp_iterator_next on
8134 success. That means the iterator argument can't be const.
8136 2003-01-29 Niels Möller <niels@s3.kth.se>
8138 * tools/Makefile.am (LDADD): Add libnettle.a, for the dependency.
8140 2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
8142 * sexp2dsa.c (dsa_signature_from_sexp): New function.
8144 RSA renaming. Updated all callers.
8145 * rsa-sign.c (rsa_private_key_init, rsa_private_key_clear)
8146 (rsa_private_key_prepare): Renamed functions.
8147 * rsa.c (rsa_public_key_init, rsa_public_key_clear)
8148 (rsa_public_key_prepare): Renamed functions.
8150 2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
8152 * Makefile.am (libnettle_a_SOURCES): Added new rsa and pkcs1
8153 files. Removed old rsa_md5.c and rsa_sha1.c.
8155 * testsuite/Makefile.am (TS_PROGS): Added pkcs1-test.
8157 * dsa-verify.c (dsa_verify_digest): New function.
8158 (dsa_verify): Most of the code moved to dsa_verify_digest, which
8160 * dsa-sign.c (dsa_sign_digest): New function.
8161 (dsa_sign): Most of the code moved to dsa_sign_digest, which is
8163 * dsa.c (_dsa_hash): Deleted function.
8165 * rsa_md5.c, rsa_sha1.c: Deleted files, contents spread over
8166 several files for signing and verification.
8167 * rsa-sign.c, rsa-sha1-verify.c, rsa-sha1-sign.c,
8168 rsa-md5-verify.c, rsa-md5-sign.c: New files.
8170 * rsa-sha1-verify.c (rsa_sha1_verify_digest): New function.
8171 * rsa-sha1-sign.c (rsa_sha1_sign_digest): New function.
8172 * rsa-md5-verify.c (rsa_md5_verify_digest): New function.
8173 * rsa-md5-sign.c (rsa_md5_sign_digest): New function.
8174 * rsa-verify.c (_rsa_verify): New file, new function.
8176 * rsa.c (_rsa_check_size): Renamed from rsa_check_size, and made
8177 non-static. Private key functions moved to rsa-sign.c.
8179 * pkcs1.c, pkcs1.h, pkcs1-rsa-md5.c, pkcs1-rsa-sha1.c: New files.
8180 (pkcs1_signature_prefix): New function.
8182 * testsuite/pkcs1-test.c: New test.
8184 2003-01-22 Niels Möller <niels@s3.kth.se>
8186 * examples/Makefile.am (nettle_benchmark_LDADD): Use
8189 * configure.ac (OPENSSL_LIBFLAGS): If libcrypto is found, add
8190 -lcrypto to OPENSSL_LIBFLAGS, not the plain LDFLAGS.
8192 2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
8194 * testsuite/Makefile.am (CLEANFILES): Delete test.in, test1.out
8197 2003-01-17 Niels Möller <niels@s3.kth.se>
8199 * examples/Makefile.am (AM_CPPFLAGS): Use AM_CPPFLAGS instead of
8201 * testsuite/Makefile.am (AM_CPPFLAGS): Likewise.
8203 2003-01-16 Niels Möller <niels@s3.kth.se>
8205 * testsuite/Makefile.am (check): Can't use quotes around
8208 2003-01-14 Niels Möller <nisse@lysator.liu.se>
8210 * testsuite/Makefile.am (check): Don't use "run-tests" as a
8211 target, as it's confused with the file with the same name.
8213 * .bootstrap: Added missing #! /bin/sh.
8215 2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
8217 * buffer.c (nettle_buffer_reset): New function.
8218 (nettle_buffer_copy): New function.
8220 * tools/input.c, tools/input.h, tools/output.c, tools/output.h,
8221 tools/parse.c, tools/parse.h, tools/misc.c, tools/misc.h: Moved
8222 parts ov sexp-conv.c to separate files
8224 * tools/sexp-conv.c (sexp_convert_list): Inlined into
8227 * tools/sexp-conv.c (struct sexp_input): Deleted string attribute.
8228 Changed all related functions to take a struct nettle_buffer *
8230 (struct sexp_compound_token): New struct.
8231 (sexp_compound_token_init, sexp_compound_token_clear): New
8233 (struct sexp_parser): Added a struct sexp_compound_token
8234 attribute, as a temporary measure.
8235 (sexp_parse): Take a struct sexp_compound_token * as argument.
8236 Updated all callers. Simplified handling of display types and
8239 * tools/sexp-conv.c (struct sexp_parser): Renamed struct (was
8240 struct sexp_parse_state). Added input pointer. Updated users to
8241 not pass around both parser and input.
8242 (sexp_check_token): handle token == 0.
8243 (sexp_parse): Simplified a little by calling sexp_check_token
8246 * tools/sexp-conv.c (sexp_convert_string): Deleted function.
8247 (sexp_skip_token): Likewise.
8249 * tools/sexp-conv.c (enum sexp_token): New constant SEXP_DISPLAY.
8250 Start constants from 1, to keep 0 free for special uses.
8251 (struct sexp_parse_state): New struct for keeping track of parser
8253 (sexp_parse_init): New function.
8254 (sexp_check_token): New function, replacing sexp_skip_token.
8255 (sexp_parse): New function.
8256 (sexp_convert_item): Simplified by using sexp_parse.
8257 (sexp_convert_list): Use sexp_parse.
8260 2003-01-08 Niels Möller <niels@s3.kth.se>
8262 * tools/sexp-conv.c (parse_options): Initialize prefer_hex.
8264 2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
8266 * Makefile.am (des_headers): Refer to the desdata binary using
8269 2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
8271 * testsuite/sexp-conv-test: New tests for hex and base64 literal
8274 * tools/sexp-conv.c (sexp_put_string): Print binary strings using
8275 either hex or base 64 (in advanced mode).
8276 (parse_options): Implemented -s hex, for output using hex rather
8279 2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
8281 * testsuite/rsa2sexp-test.c: Don't include rsa.h (done by
8282 testutils.h, if enabled).
8283 * testsuite/sexp2rsa-test.c: Likewise.
8285 * rsa-decrypt.c: Make compilation conditional on WITH_PUBLIC_KEY.
8286 * rsa-encrypt.c: Likewise.
8287 * rsa-compat.c: Likewise.
8289 2002-12-04 Niels Möller <niels@s3.kth.se>
8291 * testsuite/Makefile.am (LDADD): Added path to ../libnettle.a,
8292 which is redundant except for the dependency.
8294 2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
8296 * testsuite/sexp-format-test.c (test_main): Use %0s instead of %z.
8299 * sexp-format.c (format_length_string): Deleted function.
8300 (format_string): Deleted function.
8301 (sexp_vformat): New %t specifier, formatting an optional display
8302 type. Deleted %z specifier. Instead, introduced a new modifier "0"
8303 that can be used with %s, %l and %t, which says that the data is
8306 * rsa2sexp.c (rsa_keypair_to_sexp): Use %0s rather than %z, when
8307 formatting s-expressions.
8309 * buffer.c (nettle_buffer_grow): Fixed assertion.
8311 2002-11-22 Niels Möller <niels@s3.kth.se>
8313 * buffer.c: Include assert.h.
8315 2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
8317 * testsuite/testutils.c (print_hex): Add line breaks.
8319 * Makefile.am (libnettleinclude_HEADERS): Added realloc.h.
8320 (libnettle_a_SOURCES): Added buffer-init.c and realloc.c.
8322 * sexp.c (sexp_iterator_exit_lists): New function, #if:ed out for
8325 * desdata.c: Include config.h, to get definition of UNUSED.
8326 * shadata.c: Likewise.
8328 * buffer.c (nettle_buffer_grow): New function, replacing
8330 (nettle_buffer_clear): Rewritten to use buffer->realloc.
8332 * buffer.h (struct nettle_buffer): Replaced the GROW function
8333 pointer with a nettle_realloc_func pointer and a
8335 (NETTLE_BUFFER_GROW): Deleted macro, use function instead.
8337 * buffer-init.c (nettle_buffer_init): Moved to a separate file.
8339 * realloc.c (nettle_realloc): New function.
8340 (nettle_xrealloc): New function.
8342 * realloc.h (nettle_realloc_func): New typedef.
8344 * configure.ac: Check for gcc:s __attribute__.
8346 2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
8348 * sexp2dsa.c, sexp2rsa.c: (macro GET): Check sign of parsed
8351 * sexp2bignum.c (nettle_mpz_set_sexp): In the first check against
8352 limit, added some margin to allow for sign octets.
8354 2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
8356 * testsuite/testutils.h (LDATA): Use sizeof instead of strlen. Now
8357 handles strings including NUL-characters. But works only with
8358 literals and character arrays, no char pointers.
8359 (LLENGTH): New macro, computing length the same way as LDATA.
8361 * testsuite/sexp-test.c (test_main): Test sexp_iterator_get_uint32.
8363 * testsuite/sexp-format-test.c (test_main): Check that %i and %b
8364 generate leading zeroes when needed. Check that %b handles
8367 * testsuite/rsa2sexp-test.c (test_main): Updated test, one leading
8368 zero is needed in the private key expression. In verbose mode,
8369 print the generated keys.
8371 * testsuite/sexp2rsa-test.c (test_main): Added a leading zero in
8372 the private key expression.
8374 * testsuite/bignum-test.c (test_bignum): Use
8375 nettle_mpz_init_set_str_256_s.
8376 (test_size): New function.
8377 (test_main): Test size computation and formatting of negative
8380 * sexp2bignum.c (nettle_mpz_set_sexp): Use
8381 nettle_mpz_set_str_256_s, to handle negative numbers correctly.
8383 * sexp-format.c (sexp_vformat): For %i, output a leading zero when
8384 needed to get a correct, positive, sign. For %b, use
8385 nettle_mpz_sizeinbase_256_s, to handle negative numbers properly.
8387 * bignum.c (nettle_mpz_sizeinbase_256_s): New function.
8388 (nettle_mpz_sizeinbase_256_u): New name, was
8389 nettle_mpz_sizeinbase_256. Updated all callers.
8390 (nettle_mpz_to_octets): New function.
8391 (nettle_mpz_get_str_256): Handle negative numbers.
8392 (nettle_mpz_from_octets): New function.
8393 (nettle_mpz_set_str_256_u): New name, was nettle_mpz_set_str_256.
8394 (nettle_mpz_init_set_str_256_u): New name, was
8395 nettle_mpz_init_set_str_256.
8396 (nettle_mpz_set_str_256_s): New function, handling negative two's
8398 (nettle_mpz_init_set_str_256_s): And an init variant.
8400 * sexp.c (sexp_iterator_get_uint32): New function.
8402 2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
8404 * testsuite/sexp-conv-test: Use input files without any trailing
8405 newline character, in order to stress the end of file handling.
8407 * tools/sexp-conv.c (sexp_get_token_string): Fixed end of file
8409 (sexp_get_string): Fixed end of encoding/end of file handling.
8410 (parse_options): Check for negative width and complain.
8412 * tools/sexp-conv.c: Use supplied getopt.
8413 (werror): New function.
8414 (sexp_output_hash_init): New function.
8415 (sexp_put_char): Made base64 linebreaking configurable.
8416 Implemented hashing.
8417 (sexp_put_code_start, sexp_put_code_end): Don't output any
8419 (sexp_put_string): Output base64 delimiters.
8420 (sexp_put_digest): New function.
8421 (sexp_convert_item): Output transport delimiters.
8422 (sexp_convert_file): Deleted function, folded with main.
8423 (parse_options): New function.
8424 (main): Implemented --hash and --once, needed by lsh-authorize.
8426 * sexp.h (struct sexp_iterator): New field start.
8428 * sexp.c (sexp_iterator_subexpr): New function.
8429 (sexp_iterator_parse): Initialize ITERATOR->start.
8431 * sexp-format.c (sexp_vformat): Abort if format string contains
8432 unhandled characters.
8434 2002-11-08 Niels Möller <niels@s3.kth.se>
8436 * des-compat.c (des_ecb3_encrypt): Don't use struct initialization
8437 (c89 doesn't allow non-constant initializers). Reported by James
8439 (des_ede3_cbc_encrypt): Likewise.
8441 * examples/nettle-openssl.c: Moved from the top-level directory.
8442 Should *not* be included in the nettle library.
8444 2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
8446 * testsuite/testutils.c (test_dsa_key): Bugfix for renamed DSA
8447 constant (noted by James Ralston).
8449 2002-11-07 Niels Möller <niels@s3.kth.se>
8451 * testsuite/run-tests: Copied new version rom lsh/src/testsuite.
8452 This version handles test scripts located in $srcdir.
8454 * examples/Makefile.am (AM_CFLAGS): We need -I$(top_srcdir).
8455 * tools/Makefile.am (AM_CFLAGS): Likewise.
8456 * testsuite/Makefile.am (AM_CFLAGS): Likewise.
8458 2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
8460 * Makefile.am (SUBDIRS): Added tools.
8461 (libnettle_a_SOURCES): Added sexp-transport-format.c,
8462 sexp2bignum.c, sexp2dsa.c.
8464 * sexp2dsa.c (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp):
8465 New file, new functions.
8467 * rsa2sexp.c (rsa_keypair_to_sexp): %s -> %z renaming.
8469 * sexp-transport.c (sexp_transport_iterator_first): Fixed bug,
8470 length was mishandled.
8472 * sexp-transport-format.c (sexp_transport_format,
8473 sexp_transport_vformat): New file, new functions.
8475 * sexp-format.c (sexp_format): Return length of output. Allow
8476 buffer == NULL, and only compute the needed length in this case.
8477 Renamed %s to %z. New format specifiers %s, %i, and %l.
8478 (sexp_vformat): New function.
8479 (format_prefix): Rewrote to not use snprintf.
8481 * sexp2rsa.c (rsa_keypair_from_sexp): New limit argument. Use
8482 nettle_mpz_set_sexp.
8484 * dsa-keygen.c (dsa_generate_keypair): Added some newlines to
8485 progress display. Use DSA_P_MIN_BITS.
8487 * dsa.h (DSA_MIN_P_BITS): New constant (was DSA_MINIMUM_BITS).
8488 (DSA_Q_OCTETS, DSA_Q_BITS): New constants.
8489 (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp): New
8492 * configure.ac: Output tools/Makefile.
8494 * sexp2bignum.c (nettle_mpz_set_sexp): New file, and new function.
8495 Moved from sexp2rsa.c:get_value.
8497 * examples/io.c (read_rsa_key): New limit argument in
8498 call of rsa_keypair_from_sexp_alist.
8500 * examples/Makefile.am (noinst_PROGRAMS): Removed sexp-conv.
8502 * tools/sexp-conv.c: Moved file from examples directory.
8504 * testsuite/Makefile.am (TS_SH): New variable. Added
8507 * testsuite/testutils.h (LDUP): New macro.
8509 * testsuite/sexp2rsa-test.c (test_main): New limit argument in
8510 call of rsa_keypair_from_sexp_alist.
8512 * testsuite/sexp-test.c (test_main): Added test for lengths with
8513 more than one digit. Added tests for transport mode decoding.
8515 * testsuite/sexp-format-test.c (test_main): Added tests for %i and
8518 * testsuite/sexp-conv-test: Moved test from examples directory.
8519 Updated path to sexp-conv, now in ../tools/sexp-conv.
8521 2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
8523 * sexp-format.c, sexp_format.c: Renamed sexp_format.c to
8525 * Makefile.am (libnettle_a_SOURCES): Renamed sexp_format.c to
8528 * examples/Makefile.am: Don't set CFLAGS or CPPFLAGS explicitly,
8529 let automake handle that.
8530 * testsuite/Makefile.am: Likewise.
8532 * sexp2rsa.c (rsa_keypair_from_sexp_alist): New function.
8533 (rsa_keypair_from_sexp): Use it.
8535 2002-11-01 Niels Möller <niels@s3.kth.se>
8537 * examples/Makefile.am (LDADD): Use -lnettle, instead of an
8538 explicit filename libnettle.a, so that we will use the shared
8539 library, if it exists.
8540 (AM_LDFLAGS): Added -L.., so we can find -lnettle.
8541 (run-tests): Set LD_LIBRARY_PATH to ../.lib, when running the
8543 * testsuite/Makefile.am: Similar changes.
8545 * Makefile.am (LIBOBJS): Put @LIBOBJS@ into the make variable
8547 (CLEANFILES): Delete libnettle.so.
8548 (clean-local): Delete the .lib linkfarm.
8549 ($(SHLIBFORLINK)): When building libnettle.so, create a link from
8550 .lib/$SHLIBSONAME. Needed at runtime, for the testsuite.
8552 2002-11-01 Niels Möller <nisse@lysator.liu.se>
8554 * configure.ac: Fixed definitions using SHLIBMAJOR and SHLIBMINOR.
8555 Also AC_SUBST SHLIBMAJOR and SHLIBMINOR. Reported by James
8558 2002-10-31 Niels Möller <niels@s3.kth.se>
8560 * examples/sexp-conv.c(sexp_put_list_start): Deleted function.
8561 (sexp_put_list_end): Likewise.
8562 (sexp_put_display_start): Likewise.
8563 (sexp_put_display_end): Likewise.
8564 (sexp_puts): Likewise.
8566 * examples/sexp-conv.c (sexp_get_quoted_string): Deleted function.
8567 Merged with sexp_get_String.
8568 (sexp_get_hex_string): Likewise.
8569 (sexp_get_base64_string): Likewise.
8570 (sexp_get_string): Do hex and base64 decoding.
8572 * examples/sexp-conv.c (enum sexp_char_type): New enum, for end
8573 markers in the input strem.
8574 (struct sexp_input): Deleted LEVEL attribute. Deleted all usage of
8576 (sexp_get_raw_char): Use INPUT->c and INPUT->ctype to store
8577 results. Deleted OUT argument.
8578 (sexp_get_char): Likewise. Also removed the
8579 INPUT->coding->decode_final call, for symmetry.
8580 (sexp_input_end_coding): Call INPUT->coding->decode_final.
8581 (sexp_next_char): New function.
8582 (sexp_push_char): New function.
8583 (sexp_get_token_char): Deleted function.
8584 (sexp_get_quoted_char): Simplified. Deleted output argument.
8585 (sexp_get_quoted_string): Simplified.
8586 (sexp_get_base64_string): Likewise.
8587 (sexp_get_token_string): Likewise.
8588 (sexp_get_string_length): Skip the character that terminates the
8590 (sexp_get_token): Cleared upp calling conventions. Always consume
8591 the final character of the token.
8592 (sexp_convert_list): Take responsibility for converting the start
8593 and end of the list.
8594 (sexp_convert_file): Call sexp_get_char first, to get the token
8596 (sexp_convert_item): Cleared up calling conventions. Should be
8597 called with INPUT->token being the first token of the expression,
8598 and returns with INPUT->token being the final token of the
8599 expression. Return value changed to void..
8601 * examples/sexp-conv-test: Added test for transport mode input.
8603 * examples/sexp-conv.c (sexp_get_char): Use the nettle_armor
8604 interface for decoding.
8605 (sexp_input_start_coding): New function.
8606 (sexp_input_end_coding): New function.
8607 (sexp_get_base64_string): Rewrote to use sexp_input_start_coding
8608 and sexp_input_end_coding.
8609 (sexp_get_token): Generate SEXP_TRANSPORT_START tokens.
8610 (sexp_convert_list): Lists are ended only by SEXP_LIST_END.
8611 (sexp_convert_item): Implemented transport mode, using
8612 sexp_input_start_coding and sexp_input_end_coding.
8614 2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
8616 * Makefile.am: Added base16 files.
8618 * examples/sexp-conv-test: New tests for transport output.
8620 * examples/sexp-conv.c: Deleted hex functions, moved to Nettle's
8622 (struct sexp_output): Represent the current encoding as a
8623 nettle_armor pointer and a state struct.
8624 (sexp_output_init): Deleted MODE argument. Now passed to functions
8626 (sexp_get_char): Updated to new base64 conventions.
8627 (sexp_get_base64_string): Likewise.
8628 (sexp_put_raw_char): New function.
8629 (sexp_put_newline): Use sexp_put_raw_char.
8630 (sexp_put_char): Use nettle_armor interface for encoding data.
8631 Use OUTPUT->coding_indent for line breaking, so the INDENT
8632 argument was deleted.
8633 (sexp_put_code_start): New function, replacing sexp_put_base64_start.
8634 (sexp_put_code_end): New function, replacing sexp_put_base64_end.
8635 (sexp_put_data): Deleted argument INDENT.
8636 (sexp_puts): Likewise.
8637 (sexp_put_length): Likewise.
8638 (sexp_put_list_start): Likewise.
8639 (sexp_put_list_end): Likewise.
8640 (sexp_put_display_start): Likewise.
8641 (sexp_put_display_end): Likewise.
8642 (sexp_put_string): Likewise. Also changed base64 handling.
8643 (sexp_convert_string): Deleted argument INDENT. New argument
8645 (sexp_convert_list): New argument MODE_OUT.
8646 (sexp_convert_file): Likewise.
8647 (sexp_convert_item): Likewise. Also handle output in transport
8649 (match_argument): Simple string comparison.
8650 (main): Adapted to above changes.
8652 * testsuite/testutils.c (test_armor): Allocate a larger buffer
8653 CHECK, to make decode_update happy. Updated to new base64
8656 * testsuite/base64-test.c (test_main): Fixed overlap test to not
8657 change the base64 before decoding. Updated to new base64
8660 * testsuite/Makefile.am (TS_PROGS): Added base16-test.
8662 * testsuite/base16-test.c: New test.
8664 * sexp-transport.c (sexp_transport_iterator_first): Updated to new
8665 conventions for base64_decode_update and base64_decode_final.
8667 * nettle-meta.h: Updated ascii armor declarations. New declaration
8670 * base64-decode.c (base64_decode_single): Return -1 on error.
8671 Also keep track of the number of padding characters ('=') seen.
8672 (base64_decode_update): New argument dst_length. Return -1 on error.
8673 (base64_decode_status): Renamed function...
8674 (base64_decode_final): ... to this.
8676 * base64.h (struct base64_decode_ctx): Deleted STATUS attribute.
8677 Added PADDING attribute.
8679 * base16.h, base16-encode.c, base16-decode.c, base16-meta.c: New
8682 2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
8684 * examples/sexp-conv.c (struct hex_decode_ctx): New hex decoding
8686 (sexp_get_raw_char): New function.
8687 (sexp_get_char): Use sexp_get_raw_char.
8689 2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
8691 * examples/sexp-conv.c (sexp_put_length): Bugfix, don't output any
8693 (main): Implemented -s option.
8695 * examples/sexp-conv-test: Test for echo -n vs echo '\c'. Added a
8696 few tests for canonical output.
8698 2002-10-25 Niels Möller <niels@s3.kth.se>
8700 * examples/sexp-conv.c (struct sexp_input): Deleted the mode from
8701 the state, that should be passed as argument to relevant
8702 functions. Instead, introduces enum sexp_coding, to say if base64
8703 coding is in effect.
8704 (struct sexp_output): Added coding attribute.
8705 (sexp_put_char): Use output->coding.
8706 (sexp_put_base64_start): Likewise.
8707 (sexp_put_base64_end): Likewise.
8709 * base64-decode.c (base64_decode_single): Simplified, got rid of
8712 2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
8714 * examples/sexp-conv.c (sexp_put_newline): Return void, die on
8716 (sexp_put_char, sexp_put_data, sexp_puts, sexp_put_length,
8717 sexp_put_base64_start, sexp_put_base64_end, sexp_put_string,
8718 sexp_put_list_start, sexp_put_list_end, sexp_put_display_start,
8719 sexp_put_display_end, sexp_convert_string, sexp_convert_list,
8720 sexp_skip_token): Likewise.
8721 (sexp_convert_item): Die on error.
8723 2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
8725 * examples/sexp-conv-test: Doesn't need echo -n anymore.
8727 * examples/sexp-conv.c (die): New function.
8728 (struct sexp_input): Deleted field ITEM.
8729 (sexp_get_char): Die on failure, never return -1.
8730 (sexp_get_quoted_char): Likewise.
8731 (sexp_get_quoted_string): Die on failure, no returned value.
8732 (sexp_get_base64_string): Likewise.
8733 (sexp_get_token_string): Likewise.
8734 (sexp_get_string): Likewise.
8735 (sexp_get_string_length): Likewise.
8736 (sexp_get_token): Likewise.
8737 (sexp_convert_string): Adapted to sexp_get_token.
8738 (sexp_convert_list): Likewise.
8739 (sexp_convert_file): New function.
8740 (main): Use sexp_convert_file.
8742 2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
8744 * examples/Makefile.am (TS_PROGS): Added sexp-conv-test.
8746 * examples/sexp-conv.c (sexp_input_init): Initialize input->string
8748 (sexp_get_char): Fixed non-transport case.
8749 (sexp_get_quoted_char): Fixed default case.
8750 (sexp_get_token): Loop over sexp_get_char (needed for handling of
8751 white space). Don't modify input->level. Fixed the code that skips
8753 (sexp_put_char): Fixed off-by-one bug in assertion.
8754 (sexp_put_string): Fixed escape handling for output of quoted
8756 (sexp_convert_list): Prettier output, hanging indent after the
8758 (sexp_skip_token): New function.
8759 (sexp_convert_item): Use sexp_skip_token to skip the end of a
8762 2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
8764 * examples/sexp-conv-test: New test program.
8766 * examples/Makefile.am (noinst_PROGRAMS): Added sexp-conv.
8768 * examples/sexp-conv.c (sexp_convert_list): New function.
8769 (sexp_convert_item): New function.
8770 (main): New function. Compiles and runs now, but doesn't work.
8772 * base64-decode.c (base64_decode_single): New function.
8773 (base64_decode_update): Use base64_decode_single.
8775 * examples/sexp-conv.c: Added output functions.
8777 2002-10-21 Pontus Sköld <pont@soua.net>
8779 * base64-encode.c (base64_encode_raw): Fixed null statement
8780 amongst variable declarations, broke compilation for non C99
8783 2002-10-21 Niels Möller <nisse@lysator.liu.se>
8785 * examples/sexp-conv.c: New sexp conversion program.
8787 2002-10-21 Niels Möller <niels@s3.kth.se>
8789 * Makefile.am (libnettle_a_SOURCES): Added
8790 sexp-format-transport.c.
8792 * sexp-transport.c (sexp_transport_iterator_first): New file and
8794 * sexp.h (sexp_transport_iterator_first): Added protoype.
8796 * sexp.c (sexp_iterator_next): Abort if iterator type is boogus.
8798 2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
8800 * testsuite/testutils.c (test_armor): Updated to new armor
8803 * testsuite/base64-test.c (test_main): Test BASE64_ENCODE_LENGTH
8804 and BASE64_DECODE_LENGTH. Updated test of base64_encode_raw (used
8805 to be base64_encode).
8807 * base64.h (BASE64_ENCODE_LENGTH, BASE64_DECODE_LENGTH): Fixed and
8810 * base64-meta.c (base64_encode_length, base64_decode_length): New
8811 functions, corresponding to the macros with the same name.
8813 * Makefile.am (libnettle_a_SOURCES): base64.c replaced by
8814 base64-encode.c and base64-decode.c.
8816 * pgp-encode.c (pgp_armor): Use new base64 conventions.
8818 * nettle-meta.h: Updated nettle_armor definitions.
8820 * base64.h: Major reorganization.
8822 * base64.c: Deleted file, contents moved to base64-encode.c or
8825 * base64-encode.c: New file. New supporting both encode-at-once
8826 and streamed operation.
8828 * base64-decode.c: New file.
8830 2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
8832 * testsuite/Makefile.am (TS_PROGS): Added dsa-keygen-test.
8834 * dsa-keygen.c: Call the progress callback only if it's non-NULL.
8836 * Makefile.am (libnettle_a_SOURCES): Added bignum-random.c and
8839 * testsuite/testutils.c (test_dsa_key): New function to sanity
8840 check a dsa keypair.
8842 * testsuite/dsa-test.c (test_main): Call dsa_test_key.
8844 * testsuite/dsa-keygen-test.c: New test case.
8846 * dsa.h (DSA_MINIMUM_BITS): New constant.
8848 * bignum.h (nettle_mpz_random, nettle_mpz_random_size): Added
8851 * dsa-keygen.c: New file.
8853 * bignum-random.c: New file.
8854 (nettle_mpz_random): New function, moved from...
8855 * dsa-sign.c (nettle_mpz_random): ... here. Also changed argument
8856 ordering and updated callers.
8858 * bignum-random.c: (nettle_mpz_random_size): New function, renamed
8859 and moved here from...
8860 * rsa-keygen.c (bignum_random_size): ... here. Updated all
8863 * testsuite/testutils.c (test_dsa): Needs both public and private
8866 * testsuite/dsa-test.c (test_main): Updated to changes of the
8869 * testsuite/Makefile.am (TS_PROGS): Added dsa-test.
8871 * rsa-decrypt.c (rsa_decrypt): Constification.
8872 * rsa-encrypt.c (rsa_encrypt): Likewise.
8873 * rsa.c (rsa_compute_root): Likewise.
8874 * rsa_md5.c (rsa_md5_sign): Likewise.
8875 (rsa_md5_verify): Likewise.
8876 * rsa_sha1.c (rsa_sha1_sign): Likewise.
8877 (rsa_sha1_verify): Likewise.
8879 * dsa-verify.c (dsa_verify): Use const for the public key
8882 * dsa-sign.c (dsa_sign): Needs the public key as argument, in
8883 addition to the private key. Use const.
8885 * dsa.h (struct dsa_private_key): Don't include the public
8887 * dsa.c (dsa_private_key_init, dsa_private_key_clear): Updated to
8888 new struct dsa_private_key.
8890 * dsa-sign.c (dsa_sign): Bugfix, added missing mpz_init call.
8892 * Makefile.am (libnettle_a_SOURCES): Added dsa files.
8893 (libnettleinclude_HEADERS): Added dsa.h.
8895 * testsuite/testutils.c (test_dsa): New function.
8897 * testsuite/dsa-test.c: New test.
8899 * dsa.h, dsa.c, dsa-sign.c, dsa-verify.c: New files.
8901 * nettle-meta.h: Moved the nettle_random_func and
8902 nettle_progress_func typedefs here...
8903 * rsa.h: ... from here.
8905 2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
8907 * sexp.h (enum sexp_type): Deleted SEXP_START.
8909 * sexp.c (sexp_iterator_parse): New function, similar to the old
8910 sexp_iterator_next, but independent of the previous value of the
8912 (sexp_iterator_first): Use sexp_iterator_parse.
8913 (sexp_iterator_next): Likewise.
8914 (sexp_iterator_enter_list): Use sexp_iterator_parse. SEXP_START
8916 (sexp_iterator_exit_list): Likewise.
8918 2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
8920 * sexp2rsa.c (get_value): No need to call sexp_iterator_next
8923 * sexp.c (sexp_iterator_assoc): Advance the iterator to the
8924 element after a matching tag, before recording it.
8925 * testsuite/sexp-test.c (test_main): Updated test.
8927 * testsuite/sexp-test.c (test_main): No need to call
8928 sexp_iterator_next after sexp_iterator_exit_list.
8930 * sexp2rsa.c (rsa_keypair_from_sexp): No need to call
8931 sexp_iterator_next anymore.
8933 * sexp.c (sexp_iterator_next): Updated to new sexp_iterator_exit_list.
8934 (sexp_iterator_exit_list): Return with iterator pointing to the
8935 element after the list.
8936 (sexp_iterator_check_type): Call sexp_iterator_next before
8938 (sexp_iterator_check_types): Likewise.
8939 (sexp_iterator_assoc): Rearranged calls of sexp_iterator_next.
8941 * sexp.c (sexp_iterator_enter_list): Call sexp_iterator_next to
8942 get to the first element of the list. Updated callers.
8944 * base64.c (base64_encode_group): New function, used by openpgp
8947 * Makefile.am: Added openpgp files.
8949 * sexp2rsa.c (rsa_keypair_from_sexp): Use sexp_iterator_first.
8950 * testsuite/sexp-test.c (test_main): Likewise.
8952 * sexp.c (sexp_iterator_init): Made this function static.
8953 (sexp_iterator_first): New, friendlier, initialization function.
8955 * pgp-encode.c: New file. Functions for writing openpgp data
8958 * pgp.h: New file, with pgp related declarations.
8960 * rsa2openpgp.c (rsa_keypair_to_openpgp): New file, new function.
8962 2002-10-04 Niels Möller <niels@s3.kth.se>
8964 * examples/rsa-keygen.c: Use malloc, instead of asprintf.
8966 2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
8968 * Released nettle-1.6.
8970 * NEWS: Note the aes api change.
8972 * examples/Makefile.am (EXTRA_DIST): Distribute setup-env and
8975 2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
8977 * examples/rsa-keygen.c (main): Comment on the lax security of the
8980 * index.html: Added link to mailing list.
8982 2002-10-02 Niels Möller <niels@s3.kth.se>
8984 * Makefile.am: Fixed assembler rules, and shared libraries.
8986 * configure.ac: Fixed the enable-shared option.
8988 2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
8990 * configure.ac: New option --enable-shared, and a first attempt at
8991 building a shared library (*without* using libtool).
8993 * Makefile.am: A first attempt at rules for building a shared
8996 2002-10-01 Niels Möller <niels@s3.kth.se>
8998 * examples/run-tests (test_program): Use basename.
9000 * examples/teardown-env: Delete some more files.
9002 * examples/run-tests (test_program): Strip directory part of
9005 * examples/Makefile.am (TS_PROGS): New variable. Run tests.
9007 * examples/io.c (read_file): Bug fix, used to overwrite pointer.
9009 * examples/rsa-keygen.c (main): Bug fix, private key wasn't
9012 * testsuite/Makefile.am: Some cleanup of make check.
9014 * examples/setup-env, examples/teardown-env: Test environment scripts.
9015 * examples/rsa-verify-test, examples/rsa-sign-test: New test cases.
9017 * examples/run-tests: New file (copied from lsh testsuite).
9019 * examples/Makefile.am: Use EXTRA_PROGRAMS and @RSA_EXAMPLES@.
9021 * examples/rsa-sign.c: No need to include config.h. Use werror
9023 * examples/rsa-verify.c: Likewise.
9024 * examples/rsa-keygen.c: Likewise.
9026 * examples/io.h: Forward declare struct rsa_public_key and struct
9027 rsa_private_key, to avoid dependences on config.h.
9029 * configure.ac (RSA_EXAMPLES): New substituted variable,
9030 controlling which example programs to build.
9032 * examples/rsa-verify.c: New example program.
9034 * examples/rsa-keygen.c: Use functions from io.c.
9035 * examples/rsa-sign.c: Likewise.
9037 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-verify.
9038 (LDADD): Added io.o.
9040 * configure.ac: New define WITH_PUBLIC_KEY, and new configure flag
9041 --disable-public-key. Updated rsa-files to check for that, rather
9042 than for HAVE_LIBGMP.
9044 * examples/io.c, examples/io.c: New files. Miscellaneous functions
9045 used by the example programs.
9047 * base64.h (BASE64_DECODE_LENGTH): Comment fix.
9049 2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
9051 * sexp2rsa.c (rsa_keypair_from_sexp): Bugfix: Call
9052 rsa_prepare_public_key and rsa_prepare_private_key.
9054 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-sign.
9056 * examples/rsa-sign.c: New example program.
9058 * testsuite/base64-test.c (test_main): Test encoding and decoding
9061 * base64.c (base64_encode): Encode from the end of the data
9062 towards the start, in order to support overlapping areas.
9063 (base64_encode): Broke out some common code from the switch..
9065 2002-09-30 Niels Möller <niels@s3.kth.se>
9067 * sexp_format.c (sexp_format): Don't mix code and declarations.
9069 2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
9071 * testsuite/Makefile.am (TS_PROGS): Added buffer-test
9072 sexp-format-test rsa2sexp-test sexp2rsa-test.
9075 * testsuite/sexp-test.c (test_main): Updated calls to
9076 sexp_iterator_assoc.
9078 * testsuite/testutils.h (MEMEQH): New macro.
9080 * testsuite/sexp2rsa-test.c: New test.
9081 * testsuite/sexp-format-test.c: New test.
9082 * testsuite/rsa2sexp-test.c: New test.
9083 * testsuite/buffer-test.c: New test.
9085 * testsuite/testutils.c (test_rsa_key): Copied this function
9087 testsuite/rsa-keygen-test.c: ... here.
9089 * examples/rsa-keygen.c: New file.
9091 * Makefile.am: Added new source files and headers buffer.h,
9092 buffer.c, sexp_format.c, sexp2rsa.c, rsa2sexp.c.
9094 * rsa.h (rsa_keypair_to_sexp, rsa_keypair_from_sexp): New
9097 * rsa2sexp.c, sexp2rsa.c: New files.
9099 * sexp.c (sexp_iterator_assoc): Don't enter the list, associate
9100 keys within the current list. Still exit the list when done.
9101 (sexp_iterator_assoc): Represent keys as plain NUL-terminated
9103 (sexp_iterator_check_type, sexp_iterator_check_types): New
9106 * sexp_format.c: New file, implementing an sexp canonical syntax
9109 * buffer.c, buffer.h: New files, implementing a bare-bones string
9112 * bignum.c (nettle_mpz_sizeinbase_256): New function.
9114 2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
9116 * sexp.c (sexp_iterator_assoc): Return 0 for missing or duplicate
9117 keys. Now passes all the tests.
9119 * sexp.c (sexp_iterator_simple): Bugfixes. Check earlier that
9120 length doesn't grow too large.
9121 (sexp_iterator_next): Skip the current list only if type is
9122 SEXP_LIST. Handle ')'.
9123 (sexp_iterator_enter_list): Set type to SEXP_START.
9124 (sexp_iterator_exit_list): Likewise. Don't skip the ')' here.
9125 (sexp_iterator_assoc): Bug fix.
9127 * testsuite/sexp-test.c (test_main): Reordered sexp_iterator_assoc
9130 * nettle.texinfo (Randomness): Documented that yarrow256_init can
9131 be called with a zero number of sources.
9133 * testsuite/testutils.h (ASSERT): New macro.
9135 * testsuite/sexp-test.c: Test sexp parser.
9137 * Makefile.am (SUBDIRS): Added sexp files.
9139 * sexp.c, sexp.h: New files, implementing an sexp-parser.
9141 2002-08-27 Niels Möller <niels@s3.kth.se>
9143 * Makefile.am (DISTCLEANFILES): make distclean should delete the
9144 assembler-related symlinks.
9146 2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
9148 * Makefile.am (%.o: %.asm): Create an empty (and unused)
9149 dependency file, to make the make/automake dependency tracking
9152 2002-07-18 Niels Möller <niels@s3.kth.se>
9154 * examples/nettle-benchmark.c (main): Try openssl's ciphers as
9157 * Makefile.am (libnettle_a_SOURCES): Added nettle-openssl.c.
9159 * nettle-openssl.c: New file.
9161 * nettle-internal.h: Declare openssl glue ciphers.
9163 * des-compat.h: Extra name-mangling, to avoid collisions in case a
9164 program links with both nettle and libcrypto (the nettle-benchmark
9167 * configure.ac: Don't use -ggdb3 with gcc-2.96.
9168 Check for openssl's libcrypto (for benchmarking).
9170 2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
9172 * sparc/aes.asm: Deleted registers i and t3.
9173 (_aes_crypt): Moved some registers around. We now use input
9174 registers only for arguments, local registers for loop invariants,
9175 output registers for temporaries and loop variables, and no global
9178 * sparc/aes.asm (AES_FINAL_ROUND): New macro.
9179 (_aes_crypt): Use AES_FINAL_ROUND for the first word of the final
9181 (_aes_crypt): And for the rest of the final round.
9182 (AES_FINAL_ROUND): Don't update dst, just access it offseted by i.
9183 (_aes_crypt): Add 16 to dst at the end of the final round.
9184 (AES_ROUND): Use ldub, not ld + and, to get the third byte
9186 (AES_ROUND): Use ldub, not lduh + and, to get the second
9188 (AES_ROUND): Reordered instructions, so that we can save one
9190 (AES_ROUND): Eliminated use of t3.
9191 (AES_FINAL_ROUND): Eliminated ands.
9192 (AES_FINAL_ROUND): Reordered, so that we can save one register.
9193 (AES_FINAL_ROUND): Eliminated t3.
9194 (AES_LOAD): New macro.
9195 (_aes_crypt): Unrolled source loop.
9196 (_aes_crypt): Use AES_LOAD macro.
9197 (_aes_crypt): Deleted cruft from the old source loop.
9198 (AES_LOAD): Eliminated t3.
9200 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
9202 * sparc/aes.asm (AES_ROUND): New macro.
9203 (_aes_crypt): Use AES_ROUND for first word of the
9205 (_aes_crypt): And for the rest of the round function.
9207 * sparc/aes.asm (_aes_crypt): Deleted a bunch of additions,
9208 after accessing IDX1.
9210 * aes-internal.h (struct aes_table): sparc_idx[0] should now
9211 contain index values shifted by the size of a word, and with 2
9212 added. This saves some additions in the sparc assembler code.
9213 Updates aes-encrypt-table.c and aes-decrypt-table.c.
9215 * sparc/aes.asm (_aes_crypt): Unrolled final loop, preparing for
9217 (_aes_crypt): Eliminated i from forst copy of the loop. Some
9219 (_aes_crypt): And from second copy.
9220 (_aes_crypt): And from third.
9221 (_aes_crypt): And fourth.
9222 (_aes_crypt): Eliminated updates of i from the loop.
9223 (_aes_crypt): Access IDX1 and IDX3 through the T pointer, saving
9226 * aes-internal.h (struct aes_table): Renamed the shift_idx field
9227 to sparc_idx, as it will be tweaked to improve the sparc code.
9228 Also reduced its size to [2][4].
9229 (IDX_FACTOR): Deleted constant.
9230 * aes-encrypt-table.c (_aes_encrypt_table): Adapted initializer of
9232 * aes-decrypt-table.c (_aes_decrypt_table): Likewise.
9233 * asm.m4: Deleted AES_SIDX2, to match struct aes_table.
9235 * sparc/aes.asm (_aes_crypt): Unrolled the inner loop, preparing
9236 for optimizations suggested by Marcus Comstedt.
9237 (_aes_crypt): Eliminated i from the first copy of the inner loop.
9238 (_aes_crypt): And from the second copy.
9239 (_aes_crypt): And from the third copy.
9240 (_aes_crypt): And from the fourth copy.
9241 (_aes_crypt): Renamed .Linner_loop to .Lround_loop.
9242 (_aes_crypt): Eliminated the loop variable i from the unrolled
9244 (_aes_crypt): Deleted moves of constants into t2.
9246 2002-05-15 Niels Möller <niels@s3.kth.se>
9248 * x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
9249 * x86/aes-decrypt.asm (aes_decrypt): Likewise.
9250 (aes_decrypt): Use AES_STORE.
9251 (aes_decrypt): Deleted first xchgl instruction into, permuting the
9252 AES_ROUND calls instead.
9253 (aes_decrypt): Likewise for the final round.
9254 (aes_decrypt): Got rid if the xchgl instruction after the final
9255 round, folding it into the final round.
9257 * x86/machine.m4: Renamed AES_LAST_ROUND to AES_FINAL_ROUND.
9260 * x86/aes-decrypt.asm (aes_decrypt): Use the AES_LOAD macro.
9261 (aes_decrypt): Start using AES_ROUND.
9262 (aes_decrypt): Use AES_LAST_ROUND.
9264 * x86/aes-decrypt.asm (aes_decrypt): Moved function to a separate
9266 * x86/aes.asm: ... from here.
9268 * x86/aes.asm (aes_decrypt): Use _aes_decrypt_table instead of
9269 itbl1-4. Commented out the inclusion of aes_tables.asm.
9270 (aes_decrypt): Use _aes_decrypt_table instead of isbox.
9273 * x86/aes-decrypt.asm: New file, empty at the start.
9275 * Makefile.am (libnettle_a_SOURCES): Added aes-decrypt-table.c.
9277 * aes-decrypt.c (_aes_decrypt_table): Moved from this file...
9278 * aes-decrypt-table.c (_aes_decrypt_table): ... to a new file.
9280 * testsuite/aes-test.out: New file, with the output of
9281 testsuite/aes-test, when aes.c has been compiled with debugging
9282 printouts of intermediate state.
9284 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
9286 * sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
9287 make %fp available for other uses.
9289 * sparc/aes.asm: The frame setup was broken. Tried to fix it.
9290 Reverted to revision 1.70 + minor changes from the head revision.
9292 * x86/aes-encrypt.asm (aes_encrypt): Use test instead of cmpl $0,.
9294 * x86/machine.m4 (AES_SUBST_BYTE): New macro.
9296 * sparc/aes.asm: wtxt needs no register of it's own, as its
9297 pointed to by %sp. %g5 moved to %l0, the register previously
9298 allocated for wtxt, so that we stay clean of the reserved %g
9301 2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
9303 * sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
9304 operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
9305 (_aes_crypt): Allocate only 32 bytes local storage on the stack.
9306 Calculate wtxt and tmp using offsets from %sp, not %fp.
9308 2002-05-14 Niels Möller <niels@s3.kth.se>
9310 * x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
9311 round function with an invocation of AES_ROUND.
9312 (aes_encrypt): Similarly for the second column.
9313 (aes_encrypt): Similarly for the rest of the round function.
9315 * x86/machine.m4 (AES_ROUND): New macro.
9317 * x86/aes-encrypt.asm (aes_encrypt): Use AES_LOAD macro.
9319 * x86/machine.m4 (AES_LOAD): New macro.
9321 * x86/aes-encrypt.asm (aes_encrypt): Use AES_STORE.
9323 * x86/machine.m4 (AES_STORE): New macro.
9325 * x86/aes-encrypt.asm (aes_encrypt): Use the AES_LAST_ROUND macro
9326 for the first column of the final round.
9327 (aes_encrypt): Similarly for the second column.
9328 (aes_encrypt): Similarly for the third and fourth column.
9330 (aes_encrypt): Deleted xchgl instruction in final round, by
9331 reordering the second and fourth round.
9333 * x86/machine.m4 (AES_LAST_ROUND): New macro.
9335 * x86/aes-encrypt.asm (aes_encrypt): Move code here...
9336 * x86/aes.asm: ...from here.
9338 * x86/aes.asm: Use addl and subl, not add and sub. Replaced
9339 references to dtbl1-4 with references to _aes_encrypt_table.
9341 * configure.ac (asm_path): Enable x86 assembler.
9343 * x86/aes.asm (aes_decrypt): Adapted to the current interface.
9344 Notably, the order of the subkeys was reversed. Single block
9345 encrypt/decrypt works now.
9346 (aes_encrypt, aes_decrypt): Added an outer loop, so that we can
9347 encrypt more than one block at a time.
9349 2002-05-07 Niels Möller <niels@s3.kth.se>
9351 * configure.ac: Generate config.m4.
9353 * x86/aes.asm: Use C for comments, include the tables using
9354 include_src, and commented out the key setup functions.
9355 Fixed the processing of the first handling of the round function.
9356 Now, encryption of a single block works! Multiple blocks, and
9357 decryption, is still broken.
9359 * x86/machine.m4: New file (empty).
9361 * x86/aes-encrypt.asm: New file, empty for now.
9363 * Makefile.am (%.asm): Added asm.m4, machine.m4 and config.m4 to
9364 the m4 command line.
9365 (libnettle_a_SOURCES): Added aes-encrypt-table.c.
9367 * sparc/aes.asm: No need to include asm.m4, that is taken care of
9370 * config.m4.in: New file, configuration for asm.m4.
9372 * asm.m4 (C, include_src): New macros.
9374 * aes-encrypt-table.c: New file, table moved out from
9377 2002-05-06 Niels Möller <niels@s3.kth.se>
9379 * configure.ac (CFLAGS): Don't enable -Waggregate-return.
9381 2002-05-05 Niels Möller <nisse@lysator.liu.se>
9383 * configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
9385 2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
9387 * configure.ac: Update for automake-1.6.
9389 * configure.ac: Renamed file, used to be configure.in.
9391 2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
9393 * testsuite/run-tests (test_program): Added missing single quote.
9395 2002-03-20 Niels Möller <nisse@lysator.liu.se>
9397 * testsuite/run-tests (test_program): Test the exit status of the
9400 2002-03-19 Pontus Sköld <pont@it.uu.se>
9402 * testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
9404 2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
9406 * rsa-keygen.c (rsa_generate_keypair): Output a newline after a
9407 non-empty line of 'e':s (bad e was chosen, try again).
9409 2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
9411 * configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
9414 2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
9416 * sparc/aes.asm, x86/aes.asm: Added copyright notice.
9418 * Makefile.am (libnettle_a_SOURCES): Added aes-internal.h.
9419 (EXTRA_DIST): Added assembler files.
9421 * configure.in (asm_path): Use $srcdir when looking for the files.
9422 * configure.in (asm_path): For now, disable x86 assembler code.
9423 Bumped version to 1.6.
9425 2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
9427 * sparc/aes.asm (_aes_crypt): Moved increment of src into the
9428 source_loop. Also fixed stop condition, the loop was run 5 times,
9429 not 4, as it should.
9430 (_aes_crypt): Use src directly when accessing the source data,
9432 (_aes_crypt): Renamed variables in source_loop.
9433 (_aes_crypt): Changed stop condition in source_loop to not depend
9434 on i. Finally reduced the source_loop to 16 instructions. Also
9435 increased the alignment of the code to 16.
9436 (_aes_crypt): In final_loop, use preshifted indices.
9437 (_aes_crypt): In final_loop, construct the result in t0. Use t0-t3
9438 for intermediate values.
9439 (_aes_crypt): In final_loop, use the register idx.
9440 (_aes_crypt): In final_loop, keep i multiplied by 4. Use key to
9441 get to the current roundkey.
9442 (_aes_crypt): In final_loop, use i for indexing.
9443 (_aes_crypt): Update dst in the output loop. This yields a delay
9444 slot that isn't filled yet.
9445 (_aes_crypt): Decrement round when looping, saving yet some
9447 (_aes_crypt): Reformatted code as blocks of four instructions
9449 (_aes_crypt): Copy the addresses of the indexing tables into
9450 registers at the start. No more need for the idx register.
9451 (_aes_crypt): Deleted idx register.
9452 (_aes_crypt): Some peep hole optimizations, duplicating some
9453 instructions to fill nop:s, and put branch instructions on even
9456 2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
9458 * sparc/aes.asm (_aes_crypt): Moved some more additions out of the
9459 inner loop, using additional registers.
9460 (_aes_crypt): Deleted one more addition from the inner loop, by
9461 using the subkey pointer.
9463 2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
9465 * configure.in (asm_path): Renamed "path" to "asm_path". Also look
9468 2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
9470 * sparc/aes.asm: Use that IDX2(j) == j ^ 2
9472 * Makefile.am (libnettle_a_SOURCES): Reordered aes-decrypt.c and
9473 aes-encrypt.c. For some strange reason it makes the benchmark go
9476 * sparc/aes.asm (_aes_crypt): Use double-buffering, and no
9477 separate loop for adding the round key.
9478 (round): Keep round index muliplied by 16, so it can be used
9479 directly for indexing the subkeys.
9480 (_aes_crypt): In the final loop, use ctx+round to access the
9481 subkeys, no need for an extra register.
9483 2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
9485 * sparc/aes.asm (_aes_crypt): Renaming variables, allocating
9486 locals starting from %l0.
9487 (_aes_crypt): Consistently use %l4, aka i, as the variable for the
9489 (_aes_crypt): Moved reading of ctx->nrounds out of the loop.
9490 (_aes_crypt): In final_loop, deleted a redundant mov, and use i as
9492 (_aes_crypt): Started renumbering registers in the inner loop. The
9493 computation for the table[j] sub-expression should be kept in
9495 (_aes_crypt): Renamed more variables in the inner loop. Now the
9496 primary variables are t0, t1, t2, t3.
9498 * sparc/aes.asm (_aes_crypt): Swapped register %i0 and %o5, %i1
9499 and %o0, %i2 and %o4, %i3 and %o3, %i4 and %o2.
9500 (_aes_crypt): wtxt was stored in both %l1 and %l2 for the entire
9501 function. Freed %l2 for other uses.
9502 (_aes_crypt): Likewise for tmp, freeing register %o1.
9504 * sparc/machine.m4: New file, for sparc-specific macros.
9506 * sparc/aes.asm (_aes_crypt): Hacked the source_loop, to get rid
9507 of yet another redundant loop variable, and one instruction.
9508 (_aes_crypt): Strength reduce loop variable in the
9509 inner loop, getting rid of one register.
9510 (_aes_crypt): Use pre-shifted indices (aes_table.idx_shift), to
9511 avoid some shifts in the inner loop.
9512 (_aes_crypt): Don't check for nrounds==0 at the start of the loop.
9514 * asm.m4: Define and use structure-defining macros.
9516 * Makefile.am (%.asm): Use a GNU pattern rule, to make %.o depend
9517 on both %.asm and asm.m4.
9519 * aes-internal.h (struct aes_table): New subtable idx_shift.
9520 Updated tables in aes_encrypt.c and aes_decrypt.c.
9522 * asm.m4: Use eval to compute values.
9524 * sparc/aes.asm (_aes_crypt): Deleted commented out old version of
9527 * asm.m4: Added constants for individual rows of the aes table.
9529 * aes.c (IDX0, IDX1, IDX2, IDX3): New macros, encapsualting the
9530 structure of the idx table.
9532 * asm.m4: Define various aes struct offsets.
9534 * testsuite/cbc-test.c (test_cbc_bulk): Use aes_set_encrypt_key
9535 and aes_set_decrypt_key.
9537 * sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
9540 2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
9542 * sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
9544 * aesdata.c: New program for generating AES-related tables.
9546 * testsuite/testutils.c (print_hex): New function (moved from
9549 * testsuite/rsa-keygen-test.c (progress): Declare the ctx argument
9552 * testsuite/cbc-test.c (test_cbc_bulk): New function, testing CBC
9555 * yarrow256.c: Replaced uses of aes_set_key with
9556 aes_set_encrypt_key.
9558 * nettle-meta.h (_NETTLE_CIPHER_SEP): New macro, useful for
9559 algorithms with separate encyption and decryption key setup.
9561 * aes-internal.h (struct aes_table): New structure, including all
9562 constant tables needed by the unified encryption or decryption
9563 function _aes_crypt.
9565 * aes.c (_aes_crypt): New function, which unifies encryption and
9568 AES key setup now uses two separate functions for setting
9569 encryption and decryption keys. Applications that don't do
9570 decryption need no inverted subkeys and no code to generate them.
9571 Similarly, the tables (about 4K each for encryption and
9572 decryption), are put into separate files.
9574 * aes.h (struct aes_ctx): Deleted space for inverse subkeys. For
9575 decryption, the inverse subkeys replace the normal subkeys, and
9576 they are stored _in the order they are used_.
9578 * aes-set-key.c (aes_set_key): Deleted file, code moved...
9579 * aes-set-decrypt-key.c, aes-set-encrypt-key.c: New files,
9580 separated normal and inverse key setup.
9582 * aes-tables.c: Deleted, tables moved elsewhere...
9583 * aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
9584 decryption funktions, and needed tables, into separate files.
9586 2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
9588 * aes.c (aes_encrypt): Don't unroll the innerloop.
9589 (aes_encrypt): Don't unroll the loop for the final round.
9590 (aes_decrypt): Likewise, no loop unrolling.
9592 * aes-set-key.c (aes_set_key): Reversed the order of the inverted
9593 subkeys. They are now stored in the same order as they are used.
9595 * aes-tables.c (itable): New bigger table, generated by aesdata.c.
9597 * aes.c (aes_decrypt): Rewrote to use the bigger tables.
9599 2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
9601 * aes.c (aes_encrypt): Interleave computation and output in the
9604 * aes-internal.h (AES_SMALL): New macro.
9606 * aes.c (aes_encrypt): Optionally use smaller rotating inner loop.
9608 * aes-tables.c (dtbl): Replaced with table generated by aesdata.
9610 * aes.c (aes_encrypt): Rewrite, now uses larger tables in order to
9613 * sparc/aes.asm (aes_encrypt): Strength reduced on j, getting rid
9614 of one register and one instruction in the inner loop.
9616 * sparc/aes.asm (idx, aes_encrypt): Multiplied tabled values by 4,
9617 making it possible to get rid of some shifts in the inner loop.
9619 * configure.in: Fixed spelling of --enable-assembler. Commented
9622 * asm.m4: New file. For now, only doing changequote and changecom.
9624 * sparc/aes.asm (aes_encrypt): Added comments.
9625 (aes_encrypt): Cut off redundant instruction per block, also
9626 saving one redundant register pointing to idx.
9627 (idx_row): New macro. Include asm.m4.
9629 2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
9631 * sparc/aes.asm (key_addition_8to32): Cleaned up.
9632 Deleted gcc-generated debugging information.
9634 * sparc/aes.asm (key_addition32): First attempt at optimization.
9637 * sparc/aes.asm (key_addition32): Unrolled loop, gained 4%
9638 speed, payed four instructions compared to gcc
9641 * Makefile.am (.asm.o): New rule for assembling via m4.
9642 (libnettle_a_SOURCES): Added new rsa and aes files.
9644 * configure.in: New command line option --enable-assembler.
9645 Selects assembler code depending on the host system.
9647 * rsa-decrypt.c, rsa-encrypt.c: New files for rsa pkcs#1
9650 * aes-set-key.c, aes-tables.c: New files, split off from aes.c.
9651 Tables are now not static, but use a _aes_ prefix on their names.
9653 * aes-internal.h: New file.
9655 * cast128-meta.c (_NETTLE_CIPHER_FIX): Use _NETTLE_CIPHER_FIX.
9657 * cbc.c (cbc_decrypt_internal): New function, doing the real CBC
9658 procesing and requiring that src != dst.
9659 (cbc_decrypt): Use cbc_decrypt_internal. If src == dst, use a
9660 buffer of limited size to copy the ciphertext.
9662 * nettle-internal.c (nettle_blowfish128): Fixed definition, with
9665 * nettle-meta.h (_NETTLE_CIPHER_FIX): New macro, suitable for
9666 ciphers with a fixed key size.
9668 * examples/nettle-benchmark.c (display): New function for
9669 displaying the results, including MB/s figures.
9671 * sparc/aes.asm: New file. Not yet tuned in any way (it's just the
9672 code generated by gcc).
9674 2002-02-11 Niels Möller <nisse@lysator.liu.se>
9676 * x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
9679 2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
9681 Applied patch from Dan Egnor improving the base64 code.
9682 * base64.h (BASE64_ENCODE_LENGTH): New macro.
9683 (struct base64_ctx): New context struct, for decoding.
9684 (BASE64_DECODE_LENGTH): New macro.
9685 * base64.c (base64_decode_init): New function.
9686 (base64_decode_update): New function, replacing base64_decode.
9687 Takes a struct base64_ctx argument.
9688 * nettle-meta.h: Updated nettle_armor, and related typedefs and
9690 * testsuite/testutils.c (test_armor): Updated.
9691 * configure.in: Use AC_PREREQ(2.50).
9693 2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
9695 * Released nettle-1.5.
9697 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
9699 * acinclude.m4: Commented out gmp-related macros, they're probably
9702 2002-01-31 Niels Möller <nisse@lysator.liu.se>
9704 * configure.in: Added command line options --with-lib-path and
9705 --with-include-path. Use the RPATH-macros to get correct flags for
9706 linking the test programs with gmp.
9708 * acinclude.m4: New file.
9710 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
9712 * nettle.texinfo (Randomness): New subsection on Yarrow.
9714 2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
9716 * nettle.texinfo (Randomness): New chapter.
9717 Spell checking and ispell configuration.
9719 * md5.c: Added reference to RFC 1321.
9721 2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
9723 * nettle.texinfo (Public-key algorithms): Minor fixes.
9725 2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
9727 * nettle.texinfo (Nettle soup): New chapter.
9728 (Hash functions): New subsection on struct nettle_hash.
9729 (Hash functions): New subsection on struct nettle_cipher.
9730 (Keyed hash functions): New section, describing MAC:s and HMAC.
9731 (Public-key algorithms): New chapter.
9733 * testsuite/testutils.c (test_armor): New function.
9735 * testsuite/base64-test.c: New testcase.
9737 * testsuite/Makefile.am (TS_PROGS): Added base64-test.
9739 * nettle-meta.h (struct nettle_armor): New struct.
9741 * configure.in: Bumped version to 1.5.
9743 * Makefile.am (libnettle_a_SOURCES): Added base64 files, and some
9744 missing header files.
9746 * base64.c, base64.h, base64-meta.c: New files, hacked by Dan
9749 2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
9751 * testsuite/yarrow-test.c: Deleted ran_array code, use
9752 knuth-lfib.h instead.
9754 * testsuite/testutils.c (test_rsa_md5, test_rsa_sha1): Moved
9756 * testsuite/rsa-test.c: ...from here.
9758 * testsuite/rsa-keygen-test.c: New file.
9760 * testsuite/knuth-lfib-test.c: New file.
9762 * Makefile.am (libnettle_a_SOURCES): Added knuth-lfib.c and
9765 * rsa-keygen.c: New file.
9767 * rsa.h (RSA_MINIMUM_N_OCTETS): New constant.
9768 (RSA_MINIMUM_N_BITS): New constant.
9769 (nettle_random_func, nettle_progress_func): New typedefs. Perhaps
9770 they don't really belong in this file.
9771 (rsa_generate_keypair): Added progress-callback argument.
9773 * macros.h (READ_UINT24, WRITE_UINT24, READ_UINT16, WRITE_UINT16):
9776 * knuth-lfib.c, knuth-lfib.h: New files, implementing a
9777 non-cryptographic prng.
9779 2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
9781 * hmac-sha1.c: New file.
9783 2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
9785 * configure.in: Bumped version to 1.1.
9787 * testsuite/hmac-test.c (test_main): Added hmac-sha1 test cases.
9789 * rsa.c (rsa_init_private_key, rsa_clear_private_key): Handle d.
9791 * rsa.h (struct rsa_private_key): Reintroduced d attribute, to be
9792 used only for key generation output.
9793 (rsa_generate_keypair): Wrote a prototype.
9795 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha1.c and
9798 * des.c: Use static const for all tables.
9799 (des_set_key): Use a new const * variable for the parity
9800 procesing, for constness reasons.
9802 * list-obj-sizes.awk: New file.
9804 * nettle-internal.c, nettle-internal.h: New files.
9806 * testsuite/Makefile.am (TS_PROGS): Added hmac-test. Deleted old
9809 * testsuite/testutils.h (LDATA): Moved this macro here,...
9810 * testsuite/rsa-test.c: ... from here.
9812 * testsuite/hmac-test.c: New file.
9814 * hmac.h: General cleanup. Added declarations of hmac-md5,
9815 hmac-sha1 and hmac-sha256.
9817 * hmac.c: Bug fixes.
9819 * hmac-md5.c: First working version.
9821 * Makefile.am (libnettle_a_SOURCES): Added hmac.c and hmac-md5.c.
9822 (libnettleinclude_HEADERS): Added hmac.h.
9824 * testsuite/rsa-test.c: Also test a 777-bit key.
9826 * rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated
9828 (rsa_prepare_private_key): Compute the size of the key by
9829 computing n = p * q.
9831 * rsa-compat.c: Adapted to new private key struct.
9832 * rsa_md5.c: Likewise.
9833 * rsa_sha1.c: Likewise.
9835 * rsa.c (rsa_check_size): New function, for computing and checking
9836 the size of the modulo in octets.
9837 (rsa_prepare_public_key): Usa rsa_check_size.
9838 (rsa_init_private_key): Removed code handling n, e and d.
9839 (rsa_clear_private_key): Likewise.
9840 (rsa_compute_root): Always use CRT.
9842 * rsa.h (struct rsa_private_key): Deleted public key and d from
9843 the struct, as they are not needed. Added size attribute.
9845 2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
9847 * Makefile.am: Added *-meta files.
9849 * rsa.c (rsa_init_public_key): New function.
9850 (rsa_clear_public_key): Likewise.
9851 (rsa_init_private_key): Likewise.
9852 (rsa_clear_private_key): Likewise.
9854 * aes-meta.c: New file.
9855 * arcfour-meta.c: New file.
9856 * cast128-meta.c: New file.
9857 * serpent-meta.c: New file.
9858 * twofish-meta.c: New file.
9860 * examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
9862 2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
9864 Don't use m4 for generating test programs, it's way overkill. Use
9865 the C preprocessor instead.
9866 * testsuite/*-test.c: New file.
9868 * hmac.c, hmac.h, hmac-md5.c: New files.
9870 Defined structures describing the algoriths. Useful for code that
9871 wants to treat an algorithm as a black box.
9872 * nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
9875 2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
9877 * rsa-compat.c: Updated for new md5 and rsa conventions.
9879 * rsa_md5.c: Represent a signature as an mpz_t, not a string.
9880 Updated calls of md5 functions.
9881 * rsa_sha1.c: Likewise.
9883 * rsa.c (rsa_prepare_public_key): Renamed function, was
9884 rsa_init_public_key.
9885 (rsa_prepare_private_key): Renamed function, was
9886 rsa_init_private_key.
9888 * nettle.texinfo (Hash functions): Update for the changed
9889 interface without *_final. Document sha256.
9891 * testsuite/md5-test.m4, testsuite/sha1-test.m4,
9892 testsuite/sha256-test.m4, testsuite/yarrow-test.c: Updated for new
9893 hash function interface.
9895 * yarrow256.c: Removed calls of sha256_final and and some calls of
9898 * md5-compat.c (MD5Final): Call only md5_digest.
9900 * md5.c (md5_digest): Call md5_final and md5_init.
9901 (md5_final): Declared static.
9902 sha1.c, sha256.c: Analogous changes.
9904 * bignum.c (nettle_mpz_get_str_256): Declare the input argument
9907 2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
9909 * Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
9910 dependencies for $(des_headers) to depend only on the source file
9911 desdata.c, not on the executable.
9913 2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
9915 * testsuite/yarrow-test.c (main): Updated testcase to match fixed
9916 generator. Send verbose output to stdout, not stderr.
9918 * yarrow256.c (yarrow_slow_reseed): Bug fix, update the fast pool
9919 with the digest of the slow pool.
9920 (yarrow256_init): Initialize seed_file and counter to zero, to
9923 2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
9925 * bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
9928 2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
9930 * testsuite/yarrow-test.c (main): Updated test to match the fixed
9931 key event estimator.
9933 * yarrow_key_event.c (yarrow_key_event_estimate): Fixed handling
9936 * nettle.texinfo (Copyright): Say that under certain
9937 circumstances, Nettle can be used as if under the LGPL.
9939 * README: Added a paragraph on copyright.
9941 2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
9943 * yarrow256.c (yarrow256_force_reseed): New function.
9945 2001-11-14 Niels Möller <nisse@ehand.com>
9947 * testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
9949 * yarrow256.c (yarrow256_needed_sources): New function.
9950 (yarrow256_is_seeded): New function.
9951 (yarrow256_update): Use yarrow256_needed_sources.
9953 2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
9955 * testsuite/yarrow-test.out: Updated, to match the seed-file aware
9958 * testsuite/yarrow-test.c: Updated expected_output. Check the seed
9959 file contents at the end.
9961 * yarrow256.c (yarrow256_seed): New function.
9962 (yarrow_fast_reseed): Create new seed file contents.
9964 2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
9966 * yarrow.h: Deleted yarrow160 declarations.
9968 2001-11-02 Niels Möller <nisse@ehand.com>
9970 * yarrow256.c (yarrow256_init): Fixed order of code and
9973 2001-10-30 Niels Möller <nisse@ehand.com>
9975 * rsa-compat.h: Added real prototypes and declarations.
9977 * Makefile.am (libnettle_a_SOURCES): Added rsa-compat.h and
9980 * rsa-compat.c: New file, implementing RSA ref signature and
9981 verification functions.
9983 * configure.in: Check for libgmp. Deleted tests for SIZEOF_INT and
9986 * rsa_sha1.c: New file, PKCS#1 rsa-sha1 signatures.
9987 * rsa_md5.c: New file, PKCS#1 rsa-md5 signatures.
9989 * rsa.c: New file with general rsa functions.
9991 * Makefile.am (libnettle_a_SOURCES): Added rsa and bignum files.
9993 * bignum.c, bignum.h: New file, with base256 functions missing in
9996 * testsuite/Makefile.am: Added bignum-test.
9998 * testsuite/run-tests (test_program): Check the exit code more
9999 carefully, and treat 77 as skip. This convention was borrowed from
10002 * testsuite/macros.m4: New macro SKIP which exits with code 77.
10004 * testsuite/bignum-test.m4: New file.
10006 2001-10-15 Niels Möller <nisse@ehand.com>
10008 * testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
10011 2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
10013 * testsuite/des-test.m4: Added testcase taken from applied
10016 * testsuite/yarrow-test.c: Use sha256 instead of sha1 for checking
10017 input and output. Updated the expected values.
10019 * yarrow256.c (YARROW_RESEED_ITERATIONS): New constant.
10020 (yarrow_iterate): New function.
10021 (yarrow_fast_reseed): Call yarrow_iterate.
10023 * testsuite/yarrow-test.c: Added verbose flag, disabled by
10026 2001-10-12 Niels Möller <nisse@ehand.com>
10028 * examples/nettle-benchmark.c: Added more ciphers.
10030 * Makefile.am (SUBDIRS): Added the examples subdir.
10032 * configure.in: Output examples/Makefile.
10034 2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
10036 * examples/nettle-benchmark.c: New benchmarking program.
10038 2001-10-10 Niels Möller <nisse@ehand.com>
10040 * testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
10041 output, and compare to expected values.
10043 * testsuite/Makefile.am (CFLAGS): Don't disable optimization.
10044 (run-tests): Set srcdir in the environment when running run-tests.
10046 * testsuite/rfc1750.txt: Added this rfc as test input for yarrow.
10048 * yarrow_key_event.c (yarrow_key_event_estimate): Check if
10050 (yarrow_key_event_init): Initialize previous to zero.
10052 * yarrow256.c: Added debug some output.
10054 * testsuite/yarrow-test.c (main): Better output of entropy
10055 estimates at the end.
10057 2001-10-09 Niels Möller <nisse@ehand.com>
10059 * testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
10061 * testsuite/yarrow-test.c: New file.
10063 * yarrow256.c (yarrow256_init): Initialize the sources.
10064 (yarrow256_random): Fixed loop condition.
10066 * yarrow.h (YARROW_KEY_EVENT_BUFFER): New constant.
10068 * yarrow_key_event.c: New file.
10070 * Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
10072 2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
10074 * yarrow.h (struct yarrow_key_event_ctx): New struct.
10076 * yarrow256.c (yarrow_fast_reseed): Generate two block of output
10077 using the old key and feed into the pool.
10079 * yarrow.h (struct yarrow256_ctx): Deleted buffer, index and
10082 * yarrow256.c (yarrow_fast_reseed): New function.
10083 (yarrow_slow_reseed): New function.
10084 (yarrow256_update): Check seed/reseed thresholds.
10085 (yarrow_gate): New function, extracted from
10086 yarrow_generate_block_with_gate which was deleted.
10087 (yarrow_generate_block_with_gate): Deleted function.
10088 (yarrow256_random): Don't buffer any output, instead gate after
10090 (YARROW_GATE_THRESHOLD): Deleted constant.
10092 2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
10094 * Makefile.am: Added yarrow files.
10096 * yarrow256.c: New file, implementing Yarrow. Work in progress.
10098 * sha256.c: New file, implementing sha256.
10100 * testsuite/Makefile.am (CFLAGS): Added sha256-test.
10102 * testsuite/sha256-test.m4: New testcases for sha256.
10104 * shadata.c: New file, for generating sha256 constants.
10106 * sha.h: Renamed sha1.h to sha.h, and added declarations for
10109 2001-10-05 Niels Möller <nisse@ehand.com>
10111 * testsuite/aes-test.m4: Added a comment with NIST test vectors.
10113 2001-10-04 Niels Möller <nisse@ehand.com>
10115 * rsa.h, rsa-compat.h, yarrow.h: New files.
10117 2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
10119 * Released version 1.0.
10121 2001-09-25 Niels Möller <nisse@ehand.com>
10123 * sha1.c: Include stdlib.h, for abort.
10125 * md5.c: Include string.h, for memcpy.
10127 * testsuite/Makefile.am (M4_FILES): New variable. Explicitly list
10128 those C source files that should be generated by m4.
10130 * configure.in: Changed package name from "libnettle" to "nettle".
10132 * Makefile.am (EXTRA_DIST): Added .bootstrap.
10134 * AUTHORS: Added a reference to the manual.
10136 2001-09-25 Niels Möller <nisse@lysator.liu.se>
10138 * des-compat.c (des_cbc_cksum): Bug fix, local variable was
10139 declared in the middle of a block.
10141 2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
10143 * nettle.texinfo (Compatibility functions): New section,
10144 mentioning md5-compat.h and des-compat.h.
10146 2001-09-18 Niels Möller <nisse@ehand.com>
10148 * index.html: New file.
10150 2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
10152 * nettle.texinfo: Added description of des3. Minor fixes.
10154 * testsuite/des-compat-test.c (cbc_data): Shorten to 32 bytes (4
10155 blocks), the last block of zeroes wasn't used anyway.
10157 * des-compat.c (des_compat_des3_decrypt): Decrypt in the right
10159 (des_ncbc_encrypt): Bug fixed.
10160 (des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
10162 2001-09-14 Niels Möller <nisse@ehand.com>
10164 * testsuite/des-compat-test.c: New file, copied from libdes
10165 (freeswan). All implemented functions but des_cbc_cksum seems to
10168 * testsuite/Makefile.am (TS_PROGS): Added des-compat-test.
10170 * des-compat.c: Added libdes typedef:s. Had to remove all use of
10171 const in the process.
10172 (des_check_key): New global variable, checked by des_set_key.
10174 * des.c (des_set_key): Go on and expand the key even if it is
10177 * des-compat.c (des_cbc_cksum): Implemented.
10178 (des_key_sched): Fixed return values.
10180 2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
10182 * Makefile.am: Added des-compat.c and des-compat.h
10184 * des-compat.c: Bugfixes, more functions implemented.
10186 * des-compat.h: Define DES_ENCRYPT and DES_DECRYPT. Bugfixes.
10188 2001-09-10 Niels Möller <nisse@ehand.com>
10190 * nettle.texinfo (Copyright): Added copyright information for
10192 (Miscellaneous functions): Started writing documentation on the CBC
10194 (Cipher Block Chaining): This section more or less complete now.
10196 2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
10198 * testsuite/cbc-test.m4: Record intermediate values in a comment.
10199 * testsuite/des3-test.m4: Likewise.
10201 * testsuite/aes-test.m4: Added test case that appeared broken in
10204 * cbc.c (cbc_encrypt): Bug fix, encrypt block *after* XOR:ing the
10207 * Makefile.am (libnettleinclude_HEADERS): Added cbc.h. Deleted
10209 (libnettle_a_SOURCES): Added des3.c.
10211 * testsuite/Makefile.am (TS_PROGS): Added des3-test and cbc-test.
10213 * testsuite/cbc-test.m4: New testcase.
10215 * testsuite/des3-test.m4: New testcase.
10217 * cbc.h (CBC_CTX): New macro.
10218 (CBC_ENCRYPT): New macro.
10219 (CBC_DECRYPT): New macro.
10221 * des.c (des_fix_parity): New function.
10223 * des3.c: New file, implementing triple des.
10225 2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
10227 * cbc.c, cbc.h: New files, for general CBC encryption.
10229 * des-compat.h: Added some prototypes.
10231 2001-09-05 Niels Möller <nisse@ehand.com>
10233 * testsuite/Makefile.am (TS_PROGS): Added md5-compat-test.
10235 * README: Copied introduction from the manual.
10237 * configure.in: Bumped version to 1.0.
10239 * Makefile.am (libnettleinclude_HEADERS): Added missing includes.
10240 (libnettle_a_SOURCES): Added md5-compat.c and md5-compat.h.
10242 * md5-compat.c, md5-compat.h: New files, implementing an RFC
10243 1321-style interface.
10245 2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
10247 * twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
10248 Spotted by Jean-Pierre.
10249 (twofish_encrypt): Likewise.
10251 2001-07-03 Niels Möller <nisse@ehand.com>
10253 * testsuite/testutils.c: Include string.h.
10255 * twofish.c: Include string.h.
10257 2001-06-17 Niels Möller <nisse@lysator.liu.se>
10259 * Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
10260 seems to break with GNU make 3.79.1.
10262 * testsuite/testutils.c, testsuite/testutils.h: Use <inttypes.h>,
10264 Include <stdlib.h>.
10266 2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
10268 * Use <inttypes.h>, not <stdint.h>.
10270 * blowfish.h (BLOWFISH_MAX_KEY_SIZE): Fixed, should be 56.
10272 * Fixed copyright notices.
10274 * Makefile.am (libnettle_a_SOURCES): Added desinfo.h and
10276 (info_TEXINFOS): Added manual.
10277 (EXTRA_DIST): Added nettle.html.
10278 (%.html): Added rule for building nettle.html.
10280 * nettle.texinfo: New manual.
10282 * configure.in: Bumped version to 0.2.
10284 * testsuite/Makefile.am (TS_PROGS): Added cast128 test.
10288 * testsuite/serpent-test.m4: Added a few rudimentary tests
10289 extracted from the serpent package.
10291 * twofish.c: Adapted to nettle. Made constant tables const.
10292 Deleted bytes_to_word and word_to_bytes; use LE_READ_UINT32 and
10293 LE_WRITE_UINT32 instead.
10294 (twofish_selftest): Deleted. Moved the tests to the external
10296 (twofish_set_key): Don't silently truncate too large keys.
10298 * sha1.c (sha1_update): Use unsigned for length.
10300 * serpent.c (serpent_set_key): Read the key backwards. Fixed
10301 padding (but there are no test vectors for key_size not a multiple
10303 (serpent_encrypt): Read and write data in the strange order used
10304 by the reference implementation.
10305 (serpent_decrypt): Likewise.
10307 * macros.h (FOR_BLOCKS): New macro, taken from lsh.
10309 * blowfish.h (struct blowfish_ctx): Use a two-dimensional array
10312 * blowfish.c (initial_ctx): Arrange constants into a struct, to
10313 simplify key setup.
10314 (F): Deleted all but one definitions of the F function/macro.
10315 Added a context argument, and use that to find the subkeys.
10316 (R): Added context argument, and use that to find the subkeys.
10317 (blowfish_set_key): Some simplification.
10319 (encrypt): Deleted code for non-standard number of rounds. Deleted
10320 a bunch of local variables. Using the context pointer for
10321 everything should consume less registers.
10322 (decrypt): Likewise.
10324 * Makefile.am (libnettle_a_SOURCES): Added twofish.
10326 2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
10328 * testsuite/blowfish-test.m4: Fixed test.
10330 * Added twofish implementation.
10332 * blowfish.h (struct blowfish_ctx): Use the correct size for the p
10335 2001-06-15 Niels Möller <nisse@ehand.com>
10337 * testsuite/blowfish-test.m4: Fixed testcase, use correct key
10340 * Makefile.am (libnettle_a_SOURCES): Added blowfish files.
10341 ($(des_headers)): Strip directory part when passing file name to
10344 * testsuite/blowfish-test.m4: Added one test, from GNUPG.
10346 * Created blowfish.c and blowfish.h (from GNUPG via LSH). Needs
10349 * aes.h: Fixed copyright notice to not mention GNU MP. XXX: Review
10350 all nettle copyrights.
10352 * testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
10355 2001-06-13 Niels Möller <nisse@ehand.com>
10357 * Makefile.am (libnettle_a_SOURCES): Added serpent files.
10359 2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
10361 * des.c (des_encrypt, des_decrypt): Assert that the key setup was
10364 * testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
10366 * testsuite/sha1-test.m4: New file.
10368 * testsuite/des-test.m4: New file.
10370 * Added sha1 files.
10372 * Added desCore files.
10374 * Makefile.am: Added desCore and sha1.
10376 2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
10378 * install-sh: Copied the standard install script.
10380 * testsuite/Makefile.am (CFLAGS): Disable optimization. Add
10381 $(top_srcdir) to the include path.
10382 (EXTRA_DIST): Added testutils.h, testutils.c and run-tests.
10383 (run-tests): Fixed path to run-tests.
10385 * Makefile.am (EXTRA_DIST): Added memxor.h.
10386 (libnettleinclude_HEADERS): Install headers in
10387 $(libnettleincludedir).
10389 2001-04-13 Niels Möller <nisse@cuckoo.hack.org>