1 2018-06-13 Werner Koch <wk@gnupg.org>
4 + commit 5600d2d6b23640b0114655214f18959ee81fe58e
7 2018-06-13 NIIBE Yutaka <gniibe@fsij.org>
9 ecc: Add blinding for ECDSA.
10 + commit 9be06c6b2e5c96edf40e566bbf51d44c4d46fb07
11 * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
14 2018-06-11 Werner Koch <wk@gnupg.org>
16 ecc: Improve gcry_mpi_ec_curve_point.
17 + commit 846f8fe8b3be6d235592db184361df1bc2b07a8a
18 * mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates.
19 * tests/t-mpi-point.c (point_on_curve): New.
21 mpi: New internal function _gcry_mpi_cmpabs.
22 + commit 54620a27f4503e703e219e6e11c4be14ce4e3d35
23 * mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ...
24 (do_mpi_cmp): New. Add arg absmode.
25 (_gcry_mpi_cmpabs): New.
26 * src/gcrypt-int.h (mpi_cmpabs): New macro.
28 (cherry picked from commit 6606ae44e0de1069b29dd4215ee9748280940e1b)
30 2018-04-29 Werner Koch <wk@gnupg.org>
32 build: Convince gcc not to delete NULL ptr checks.
33 + commit 1a0289daa408773e1a6cefb2562288245f49651c
34 * configure.ac: Try to use -fno-delete-null-pointer-checks.
36 (cherry picked from commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062)
38 prime: Avoid rare assertion failure in gcry_prime_check.
39 + commit c5bed9df96337b1553cdcd4a85eec10e78b4d14a
40 * cipher/primegen.c (is_prime): Don't fail on the assert X > 1.
42 2018-04-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
44 Make BMI2 inline assembly check more robust.
45 + commit 22db6237de00cafb85c0112073b55d0d750e6b03
46 * configure.ac (gcry_cv_gcc_inline_asm_bmi2): New assembly test.
48 2018-04-17 Stephan Mueller <smueller@chronox.de>
50 AES-KW: fix in-place encryption.
51 + commit bbf88f0e9d481486ceca079e2611e84db8d039c7
52 * cipher/cipher-aeswrap.c: move memmove call before KW IV setting
54 2018-04-17 Werner Koch <wk@gnupg.org>
56 mpi: Fix for buidling for MIPS64 with Clang.
57 + commit a0e016e29409ccd78966a5eb82dea236ad44d9c9
58 * mpi/longlong.h [MIPS64][__clang__]: Use the C version like we
59 already do for 32 bit MIPS.
61 2018-04-17 NIIBE Yutaka <gniibe@fsij.org>
64 + commit 06fdc074eb29faf584ffd13feea4c063936446fb
65 * src/hmac256.c (_gcry_hmac256_new): Use xtrymalloc.
66 (_gcry_hmac256_file): Likewise.
68 random: Protect another use of jent_rng_collector.
69 + commit 0da4a237661cd273303ae6baaaba2d9f6292b990
70 * random/rndjent.c (_gcry_rndjent_get_version): Lock the access.
72 (cherry picked from commit 0de2a22fcf6607d0aecb550feefa414cee3731b2)
74 2018-04-17 Martin Storsjö <martin@martin.st>
76 random: Don't assume that _WIN64 implies x86_64.
77 + commit e1695a8f6ca1135d777450cf9ce64628b0778ccb
78 * random/rndw32.c: Change _WIN64 ifdef into __x86_64__.
80 2018-04-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
82 Improve constant-time buffer compare.
83 + commit 4e11e9d988181cf9cd87c7c86fa8e7a0f643a573
84 * cipher/bufhelp.h (buf_eq_const): Rewrite logic.
86 Fix incorrect counter overflow handling for GCM.
87 + commit 0a391b259adcd7ea734dc03c2048a135e018166d
88 * cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle
89 32-bit CTR increment for GCM.
90 (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use
91 generic CTR implementation directly, use gcm_ctr_encrypt instead.
92 * tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit
94 (check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes'
97 doc: fix double "See" in front of reference.
98 + commit c114ffd6da837e7aace318e37bbcf9325dd985b7
99 * doc/gcrypt.texi: Change @xref to @ref when text already has 'see' in
102 2017-12-13 Werner Koch <wk@gnupg.org>
105 + commit eb84e429950b6a61c00112e70a584940c1d352e4
108 2017-11-24 Werner Koch <wk@gnupg.org>
110 sexp: Avoid a fatal error in case of ENOMEM in called functions.
111 + commit 59df8d6295426d0a9cf7646c381df2ea29fdb8c5
112 * src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error
113 return. Replace sprintf by snprintf.
114 (convert_to_hex): Replace sprintf by snprintf.
115 (convert_to_string): Ditto.
116 (_gcry_sexp_sprint): Ditto.
118 2017-11-23 Werner Koch <wk@gnupg.org>
120 api: Add auto expand secmem feature.
121 + commit f4582f8c429f22b18f8ca8a40660a91d721f5c96
122 * src/global.c (_gcry_vcontrol): Implement control value 78.
123 * src/secmem.c (auto_expand): New var.
124 (_gcry_secmem_set_auto_expand): New.
125 (_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND.
127 2017-11-14 NIIBE Yutaka <gniibe@fsij.org>
129 tests: Add HAVE_MMAP check for MinGW.
130 + commit 334e1a1cfc8f59db765a0bff0ca29090aa11b0f6
131 * tests/t-secmem.c (main): Conditionalize with HAVE_MMAP.
133 2017-11-09 NIIBE Yutaka <gniibe@fsij.org>
135 Fix secmem test for machine with larger page.
136 + commit da127f7505ff7681fc9dbfbf332121d2998e88aa
137 * tests/t-secmem.c (main): Detect page size and setup chunk size.
138 * src/secmem.c (init_pool): Simplify the expression.
140 2017-08-27 Werner Koch <wk@gnupg.org>
143 + commit 80fd8615048c3897b91a315cca22ab139b056ccd
144 * configure.ac: Set LT version to C22/A2/R1.
146 2017-08-27 NIIBE Yutaka <gniibe@fsij.org>
148 ecc: Add input validation for X25519.
149 + commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
150 * cipher/ecc.c (ecc_decrypt_raw): Add input validation.
151 * mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
152 (_gcry_mpi_ec_bad_point): New.
154 2017-08-07 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
156 cipher: Add OID for SHA384WithECDSA.
157 + commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315
158 * cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA.
160 2017-08-02 Werner Koch <wk@gnupg.org>
162 tests: Fix a printf glitch for a Windows test.
163 + commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19
164 * tests/t-convert.c (check_formats): Fix print format glitch on
166 * tests/t-ed25519.c: Typo fix.
168 tests: Add benchmarking option to tests/random.
169 + commit 21d0f068a721c022f955084c28304934fd198c5e
170 * tests/random.c: Always include unistd.h.
171 (prepend_srcdir): New.
172 (run_benchmark): New.
173 (main): Add options --benchmark and --with-seed-file. Print whetehr
175 * tests/t-common.h (split_fields_colon): New. Taken from GnuPG.
176 License of that code changed to LGPLv2.1.
178 random: Add more bytes to the pool in addition to the seed file.
179 + commit eea36574f37830a6a80b4fad884825e815b2912f
180 * random/random-csprng.c (read_seed_file): Read 128 or 32 butes
181 depending on whether we have the Jitter RNG.
183 2017-08-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
185 Add script to run basic tests with all supported HWF combinations.
186 + commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004
187 * tests/basic_all_hwfeature_combinations.sh: New.
188 * tests/Makefile.am: Add basic_all_hwfeature_combinations.sh.
190 2017-07-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
192 Fix return value type for _gcry_md_extract.
193 + commit cf1528e7f2761774d06ace0de48f39c96b52dc4f
194 * src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of
195 gpg_error_t for internal function return type.
197 Fix building AArch32 CE implementations when target is ARMv6 arch.
198 + commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748
199 * cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure.
200 * cipher/rijndael-armv8-aarch32-ce.S: Ditto.
201 * cipher/sha1-armv8-aarch32-ce.S: Ditto.
202 * cipher/sha256-armv8-aarch32-ce.S: Ditto.
203 * configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto.
205 2017-07-25 NIIBE Yutaka <gniibe@fsij.org>
207 sexp: Add fall through annotation.
208 + commit b7cd44335d9cde43be6f693dca6399ed0762649c
209 * src/dumpsexp.c (parse_and_print): It's fall through.
211 2017-07-24 Werner Koch <wk@gnupg.org>
213 random: Fix the command line munging for jitterbase.
214 + commit ac39522ab08fcd2483edc223334c6ab9d19e91f3
215 * random/Makefile.am (o_flag_munging): Make the first sed term also
218 2017-07-19 NIIBE Yutaka <gniibe@fsij.org>
220 Remove byte order mark.
221 + commit 1d8e4c2c3a7d0a4154caf5bd720a9a0b04179390
222 * random/jitterentropy-base.c, random/jitterentropy.h: Remove
225 2017-07-18 Werner Koch <wk@gnupg.org>
228 + commit 850aca744eeda5fd410f478a0778e353045ac962
231 mac: Add selftests for HMAC-SHA3-xxx.
232 + commit 95194c550443e8d5558856633f920daec8a975c4
233 * cipher/hmac-tests.c (check_one): Add arg trunc and change all
234 callers to pass false.
235 (selftests_sha3): New.
236 (run_selftests): Call new selftests.
238 api: New function gcry_mpi_point_copy.
239 + commit ecf73dafb7aafed0d0f339d07235b58c2113f94c
240 * src/gcrypt.h.in (gcry_mpi_point_copy): New.
241 (mpi_point_copy): New macro.
242 * src/visibility.c (gcry_mpi_point_copy): New.
243 * src/libgcrypt.def, src/libgcrypt.vers: Add function.
244 * mpi/ec.c (_gcry_mpi_point_copy): New.
245 * tests/t-mpi-point.c (set_get_point): Add test.
247 2017-07-17 Werner Koch <wk@gnupg.org>
249 random: Minor fix for getting the rndjent version.
250 + commit 9d99c6b973caa7fdf93b53cf764066214f763803
251 * random/rndjent.c (_gcry_rndjent_get_version): Always set R_ACTIVE.
252 * tests/version.c (test_get_config): Check number of fields for
255 2017-07-07 NIIBE Yutaka <gniibe@fsij.org>
257 mpi: Minor fix of mpi_pow.
258 + commit 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b
259 * mpi/mpi-pow.c (_gcry_mpi_powm): Allocate size fix.
261 mpi: Fix mpi_pow alternative implementation.
262 + commit 66ed4d53789892def7b237756d8a0ab28df9d222
264 [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Use
267 Fix mpi_pow alternative implementation.
268 + commit 619ebae9847831f43314a95cc3180f4b329b4d3b
269 * mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm):
272 2017-07-06 Werner Koch <wk@gnupg.org>
274 rsa: Use modern MPI allocation function.
275 + commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887
276 * cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew.
278 2017-07-05 Werner Koch <wk@gnupg.org>
280 build: Minor API fixes to fix build problems on AIX.
281 + commit 85a9a913da9ecc6b2cd6f743e90e49983251d706
282 * src/gcrypt.h.in (gcry_error_from_errno): Fix return type.
283 * src/visibility.c (gcry_md_extract): Change return type to match the
286 tools: Add left shift to mpicalc.
287 + commit 0d30a4a9791d20c8881b5b12bd44611d9f4274cd
288 * src/mpicalc.c (do_lshift): New.
291 2017-07-04 NIIBE Yutaka <gniibe@fsij.org>
293 mpi: Fix mpi_set_secure.
294 + commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2
295 * mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced.
297 2017-06-29 NIIBE Yutaka <gniibe@fsij.org>
298 Werner Koch <wk@gnupg.org>
300 rsa: Add exponent blinding.
301 + commit 8725c99ffa41778f382ca97233183bcd687bb0ce
302 * cipher/rsa.c (secret_core_crt): Blind secret D with randomized
303 nonce R for mpi_powm computation.
305 2017-06-28 NIIBE Yutaka <gniibe@fsij.org>
307 Same computation for square and multiply.
308 + commit 78130828e9a140a9de4dafadbc844dbb64cb709a
309 * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move
310 the assignment to base_u into the loop. Copy content refered by RP to
311 BASE_U except the last of the loop.
313 2017-06-24 Werner Koch <wk@gnupg.org>
315 rsa: Minor refactoring.
316 + commit e6a3dc9900433bbc8ad362a595a3837318c28fa9
317 * cipher/rsa.c (secret): Factor code out to ...
318 (secret_core_std, secret_core_crt): new functions.
320 2017-06-23 Werner Koch <wk@gnupg.org>
322 random: Add missing dependency.
323 + commit d091610377b2c92cf385282b1adfc30fa6cd5c75
324 * random/Makefile.am (EXTRA_librandom_la_SOURCES): Fix file name.
325 (rndjent.o, rndjent.lo): Depend on jitterentropy-base-user.h.
327 random: Update jitterentropy to 2.1.0.
328 + commit 8dfae89ecd3e9ae0967586cb38d12ef9111fc7cd
329 * random/rndjent.c (jent_get_nstime, jent_zfree)
330 (jent_fips_enabled, jent_zalloc): Move functions and macros to ...
331 * random/jitterentropy-base-user.h: this file. That files was not
333 * random/Makefile.am (EXTRA_librandom_la_SOURCES): Add
334 jitterentropy-base-user.
335 * random/jitterentropy-base.c: Update to version 2.1.0.
336 * random/jitterentropy.h: Ditto.
338 2017-06-21 Werner Koch <wk@gnupg.org>
340 api: New function gcry_get_config.
341 + commit 27148e60ba15b0cb73b47a75c688fcb48a1a3444
342 * src/misc.c (_gcry_log_info_with_dummy_fp): Remove.
343 * src/global.c (print_config): New arg WHAT. Remove arg FNC and use
344 gpgrt_fprintf directly.
345 (_gcry_get_config): New.
346 (_gcry_vcontrol) <GCRYCTL_PRINT_CONFIG>: Use _gcry_get_config instead
348 * src/gcrypt.h.in (gcry_get_config): New.
349 * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
350 * src/visibility.c (gcry_get_config): New.
351 * src/visibility.h: Mark new function.
353 * tests/version.c (test_get_config): New.
354 (main): Call new test.
356 random: Allow building rndjent on non-x86.
357 + commit c2319464b03e61aaf34ef6d5f4b59b0c0483a373
358 * random/jitterentropy-base.c (jent_version): Uncomment function.
359 * random/rndjent.c: Include time.h
360 (JENT_USES_RDTSC): New.
361 (JENT_USES_GETTIME): New.
362 (JENT_USES_READ_REAL_TIME): New.
363 (jent_get_nstime): Support clock_gettime and AIX specific
364 function. Taken from Stephan Müller's code.
365 (is_rng_available): New.
366 (_gcry_rndjent_dump_stats): Use that function.
367 (_gcry_rndjent_poll): Use that fucntion. Allow an ADD of NULL for an
369 (_gcry_rndjent_get_version): New.
371 2017-06-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
373 rijndael-padlock: change asm operands from read-only to read/write.
374 + commit 32b4ab209067f6f08b87b27bc78ec27dc497b708
375 * cipher/rijndael-padlock.c (do_padlock): Change ESI/EDI/ECX to use
376 read/write operands as XCRYPT instruction modifies these registers.
378 2017-06-16 Werner Koch <wk@gnupg.org>
380 random: Make rndjent.c NTG.1 compliant.
381 + commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9
382 * random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.
384 md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512.
385 + commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f
386 * cipher/sha256.c (_gcry_sha256_hash_buffer): New.
387 (_gcry_sha256_hash_buffers): New.
388 * cipher/sha512.c (_gcry_sha512_hash_buffer): New.
389 (_gcry_sha512_hash_buffers): New.
390 * cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
391 (_gcry_md_hash_buffers): Ditto.
393 random: Allow building rndjent.c with stats collecting enabled.
394 + commit ee3a74f5539cbc5182ce089994e37c16ce612149
395 * random/rndjent.c: Change license to the one used by jitterentropy.h.
396 (jent_init_statistic): New.
397 (jent_bit_count): New.
398 (jent_statistic_copy_stat): new.
399 (jent_calc_statistic): New.
401 New global config option "only-urandom".
402 + commit 8f6082e95f30c1ba68d2de23da90146f87f0c66c
403 * random/rand-internal.h (RANDOM_CONF_ONLY_URANDOM): New.
404 * random/random.c (_gcry_random_read_conf): Add option "only-urandom".
405 * random/rndlinux.c (_gcry_rndlinux_gather_random): Implement that
407 * tests/keygen.c (main): Add option --no-quick for better manual
410 Implement global config file /etc/gcrypt/random.conf.
411 + commit b05a4abc358b204dba343d9cfbd59fdc828c1686
412 * src/hwfeatures.c (my_isascii): Move macro to ...
413 * src/g10lib.h: here.
414 * tests/random.c (main): Dump random stats.
415 * random/random.c (RANDOM_CONF_FILE): New.
416 (_gcry_random_read_conf): New.
417 (_gcry_random_dump_stats): Call rndjent stats.
418 * random/rndjent.c (jent_rng_totalcalls, jent_rng_totalbytes): New.
419 (_gcry_rndjent_poll): Take care of config option disable-jent. Wipe
420 buffer. Bump counters.
421 (_gcry_rndjent_dump_stats): New.
423 2017-06-14 Werner Koch <wk@gnupg.org>
425 random: Add jitter RND based entropy collector.
426 + commit f5e7763ddca59dcd9ac9f2f4d50cb41b14a34a9e
427 * random/rndjent.c: New.
428 * random/rndlinux.c (_gcry_rndlinux_gather_random): Use rndjent.
429 * random/rndw32.c (_gcry_rndw32_gather_random): Use rndjent.
430 (slow_gatherer): Fix compiler warning.
431 * random/Makefile.am (librandom_la_SOURCES): Add rndjent.c
432 (EXTRA_librandom_la_SOURCES): Add jitterentropy-base.c and
434 (rndjent.o, rndjent.lo): New rules.
435 * configure.ac: New option --disbale-jent-support
436 (ENABLE_JENT_SUPPORT): New ac-define.
438 cipher: New helper function rol64.
439 + commit 6c882fb1fdb6c7cba2215fa7391110d63e24b9dc
440 * cipher/bithelp.h (rol64): New inline functions.
442 New hardware feature flag HWF_INTEL_RDTSC.
443 + commit 06f303a633ea2b992259688bef2b023c3f388f73
444 * src/g10lib.h (HWF_INTEL_RDTSC): New.
445 * src/hwfeatures.c (hwflist): Add "intel-rdtsc".
446 * src/hwf-x86.c (detect_x86_gnuc): Get EDX features and test for TSC.
448 random: Changes to original Jitter RNG implementation.
449 + commit a44c45675f8b631e11048a540bb1fbb7a022ebb4
450 * random/jitterentropy-base.c: Change double underscore symbols and
451 make all functions static.
452 * random/jitterentropy.h: Likewise.
454 2017-06-13 Stephan Mueller <smueller@chronox.de>
456 random: Add original Jitter RNG implementation.
457 + commit f0ae18ecf48fbe2da0b9fb3f354d0dd3173d91d3
458 * random/jitterentropy-base-user.h: New.
459 * random/jitterentropy-base.c: New.
460 * random/jitterentropy.h: New.
462 2017-06-08 Werner Koch <wk@gnupg.org>
464 build: Fix ChangeLog building for builds from other worktrees.
465 + commit cdfd7ea72a44657f037dd0dbba6e5ea0c2b344aa
466 * Makefile.am (gen-ChangeLog): Test for existance of ".git" regardless
467 on whether it is a file or directory.
469 2017-06-02 NIIBE Yutaka <gniibe@fsij.org>
471 secmem: Fix SEGV and stat calculation.
472 + commit e0958debe1a7db1bec1283115cdc6a14bf3b43e5
473 * src/secmem (init_pool): Care about the header size.
474 (_gcry_secmem_malloc_internal): Likewise.
475 (_gcry_secmem_malloc_internal): Use mb->size for stats.
477 2017-06-01 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
479 ecc: Store EdDSA session key in secure memory.
480 + commit 5a22de904a0a366ae79f03ff1e13a1232a89e26b
481 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
484 2017-05-31 Werner Koch <wk@gnupg.org>
486 api: Deprecate gcry_md_info.
487 + commit 45c39340c9926c2c5801dbab7609687c41e9ff1f
490 2017-05-30 Werner Koch <wk@gnupg.org>
492 mpi: Distribute asm files for aarch64 and asm.
493 + commit c65f9558f12ffa2810538ef616e71b4052dacb81
494 * mpi/aarch64/distfiles: New.
495 * mpi/arm/distfiles: New.
497 mpi: Distribute asm definitions for amd64.
498 + commit 87e481137debabb7f989d7fa9b1c21c336e10c98
499 * mpi/amd64/distfiles: Add mpi-asm-defs.h.
501 2017-05-23 Werner Koch <wk@gnupg.org>
503 cipher: Fix compiler warnings.
504 + commit d764c9894013727ff82eb194da6030209c273528
505 * cipher/poly1305.c (poly1305_default_ops): Move to the top. Add
506 prototypes and compile only if USE_SSE2 is not defined.
507 (poly1305_init_ext_ref32): Compile only if USE_SSE2 is not defined.
508 (poly1305_blocks_ref32): Ditto.
509 (poly1305_finish_ext_ref32): Ditto.
512 + commit c1bb3d9fdb6fe5f336af1d5a03fc42bfdc1f8b0b
515 2017-05-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
517 rijndael-ssse3: fix functions calls from assembly blocks.
518 + commit 4cd94994a9abec9b92fa5972869baf089a28fa76
519 * cipher/rijndael-ssse3-amd64.c (PUSH_STACK_PTR, POP_STACK_PTR): New.
520 (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
521 (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
522 (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Use PUSH_STACK_PTR and
525 chacha20-armv7-neon: fix to use fast code path when memory is aligned.
526 + commit 68861ae5d3e007d7a39f14ea27dc3dd8ef13ba02
527 * cipher/chacha20-armv7-neon.S (UNALIGNED_LDMIA4): Uncomment
528 instruction for jump to aligned code path.
530 Move data in AMD64 assembly to text section.
531 + commit 1a094bc5b2aa730833faf593a931d4e5d7f9ab4d
532 * cipher/camellia-aesni-avx-amd64.S: Move data to .text section to
533 ensure that RIP relative addressing of data will work.
534 * cipher/camellia-aesni-avx2-amd64.S: Ditto.
535 * cipher/chacha20-avx2-amd64.S: Ditto.
536 * cipher/chacha20-ssse3-amd64.S: Ditto.
537 * cipher/des-amd64.S: Ditto.
538 * cipher/serpent-avx2-amd64.S: Ditto.
539 * cipher/sha1-avx-amd64.S: Ditto.
540 * cipher/sha1-avx-bmi2-amd64.S: Ditto.
541 * cipher/sha1-ssse3-amd64.S: Ditto.
542 * cipher/sha256-avx-amd64.S: Ditto.
543 * cipher/sha256-avx2-bmi2-amd64.S: Ditto.
544 * cipher/sha256-ssse3-amd64.S: Ditto.
545 * cipher/sha512-avx-amd64.S: Ditto.
546 * cipher/sha512-avx2-bmi2-amd64.S: Ditto.
547 * cipher/sha512-ssse3-amd64.S: Ditto.
549 cast5-amd64: use 64-bit relocation with large PIC memory model.
550 + commit ff02fca39c83bcf30c79368611ac65e273e77f6c
551 * cipher/cast5-amd64.S [__code_model_large__]
552 (GET_EXTERN_POINTER): New.
554 2017-05-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
556 Fix building with x86-64 medium and large memory models.
557 + commit 434d4f2af39033fc626044ba9a060da298522293
558 * cipher/cast5-amd64.S [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
559 (GET_EXTERN_POINTER): Load 64-bit address instead of 32-bit.
560 * cipher/rijndael.c (do_encrypt, do_decrypt)
561 [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Load
562 table pointer through register instead of generic reference.
564 2017-04-04 NIIBE Yutaka <gniibe@fsij.org>
566 mpi: Simplify mpi_powm.
567 + commit 719468e53133d3bdf12156c5bfdea2bf15f9f6f1
568 * mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.
570 2017-03-08 Justus Winter <justus@g10code.com>
572 build: Use macOS' compatibility macros to enable all features.
573 + commit 654024081cfa103c87bb163b117ea3568171d408
574 * configure.ac: On macOS, use the compatibility macros to expose every
575 feature of the libc. This is the equivalent of _GNU_SOURCE on GNU
578 2017-02-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
580 Add BLAKE2b and BLAKE2s hash algorithms (RFC 7693)
581 + commit 5bd530b8a4624f101b8d42e68f1b28bcc13f4f76
582 * cipher/blake2.c: New.
583 * cipher/Makefile.am: Add 'blake2.c'.
584 * cipher/md.c (digest_list, prepare_macpads): Add BLAKE2.
586 (_gcry_md_setkey): Call 'md_setkey' for non-HMAC md.
587 * configure.ac: Add BLAKE2 digest.
588 * doc/gcrypt.texi: Add BLAKE2.
589 * src/cipher.h (_gcry_blake2_init_with_key)
590 (_gcry_digest_spec_blake2b_512, _gcry_digest_spec_blake2b_384)
591 (_gcry_digest_spec_blake2b_256, _gcry_digest_spec_blake2b_160)
592 (_gcry_digest_spec_blake2s_256, _gcry_digest_spec_blake2s_224)
593 (_gcry_digest_spec_blake2s_160, _gcry_digest_spec_blake2s_128): New.
594 * src/gcrypt.h.in (GCRY_MD_BLAKE2B_512, GCRY_MD_BLAKE2B_384)
595 (GCRY_MD_BLAKE2B_256, GCRY_MD_BLAKE2B_160, GCRY_MD_BLAKE2S_256)
596 (GCRY_MD_BLAKE2S_224, GCRY_MD_BLAKE2S_160, GCRY_MD_BLAKE2S_128): New.
597 * tests/basic.c (check_one_md): Add testing for keyed hashes.
598 (check_digests): Add BLAKE2 test vectors; Add testing for keyed hashes.
599 * tests/blake2b.h: New.
600 * tests/blake2s.h: New.
601 * tests/Makefile.am: Add 'blake2b.h' and 'blake2s.h'.
603 Fix building with clang on ARM64/FreeBSD.
604 + commit da213db2c6cda6f57e5853e8c591d69bfa1cfa74
605 * cipher/cipher-gcm-armv8-aarch64-ce.S: Use '.cpu generic+simd+crypto'
606 instead of '.arch armv8-a+crypto'.
607 * cipher/rijndael-armv8-aarch64-ce.S: Ditto.
608 * cipher/sha1-armv8-aarch64-ce.S: Ditto.
609 * cipher/sha256-armv8-aarch64-ce.S: Ditto.
610 * configure.ac (gcry_cv_gcc_inline_asm_aarch64_neon): Ditto.
611 (gcry_cv_gcc_inline_asm_aarch64_crypto): Ditto; and include NEON
612 instructions to crypto instructions check.
614 2017-02-07 Justus Winter <justus@g10code.com>
616 Fix building with a pre C99 compiler.
617 + commit 75d91ffeaf83098ade325bb3b6b2c8a76eb1f6a6
618 * cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt): Move the
619 declaration of 'i' out of the loop.
620 (_gcry_cipher_cfb8_decrypt): Likewise.
622 2017-02-04 Mathias L. Baumann <mathias.baumann_at_sociomantic.com>
624 Implement CFB with 8-bit mode.
625 + commit d1ee9a660571ce4a998c9ab2299d4f2419f99127
626 * cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt)
627 (_gcry_cipher_cfg8_decrypt): Add 8-bit variants of decrypt/encrypt
629 * cipher/cipher-internal.h (_gcry_cipher_cfb8_encrypt)
630 (_gcry_cipher_cfg8_decrypt): Ditto.
631 * cipher/cipher.c: Adjust code flow to work with GCRY_CIPHER_MODE_CFB8.
632 * tests/basic.c: Add tests for cfb8 with AES and 3DES.
634 2017-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
636 rndhw: add missing "memory" clobbers.
637 + commit c67c728478e8f47b6e8296b643fd35d66d4a1052
638 * random/rndhw.c: (poll_padlock, rdrand_long): Add "memory" to asm
641 Add UNLIKELY and LIKELY macros.
642 + commit 4b7451d3e8e7b87d8e407fbbd924ad5b13bd0f00
643 * src/g10lib.h (LIKELY, UNLIKELY): New.
644 (gcry_assert): Use LIKELY for assert check.
645 (fast_wipememory2_unaligned_head): Use UNLIKELY for unaligned
647 * cipher/bufhelp.h (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst)
648 (buf_xor_n_copy_2): Ditto.
650 rndhw: avoid type-punching.
651 + commit 37b537600f33fcf8e1c8dc2c658a142fbba44199
652 * random/rndhw.c (rdrand_long, rdrand_nlong): Add 'volatile' for
654 (poll_drng): Convert buffer to 'unsigned long[]' and make use of DIM
657 2017-01-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
659 hwf-x86: avoid type-punching.
660 + commit 1407317a6112a23d4fec5827a9d74faef4196f66
661 * src/hwf-x86.c (detect_x86_gnuc): Use union for vendor_id.
663 cipher: add explicit blocksize checks to allow better optimization.
664 + commit efa9042f82ffed3d076b8e26ac62d29e00bb756a
665 * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
666 (_gcry_cipher_cbc_decrypt): Add explicit check for cipher blocksize of
668 * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
669 (_gcry_cipher_cfb_decrypt): Ditto.
670 * cipher/cipher-cmac.c (cmac_write, cmac_generate_subkeys)
672 * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
673 * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Ditto.
675 bufhelp: use unaligned dword and qword types for endianess helpers.
676 + commit e7b941c3de9c9b6319298c02f844cc0cadbf8562
677 * cipher/bufhelp.h (BUFHELP_UNALIGNED_ACCESS): New, defined
678 if attributes 'packed', 'aligned' and 'may_alias' are supported.
679 (BUFHELP_FAST_UNALIGNED_ACCESS): Define if have
680 BUFHELP_UNALIGNED_ACCESS.
682 rijndael-aesni: fix u128_t strict-aliasing rule breaking.
683 + commit 92b4a29d2453712192ced2d7226abc49679dcb1e
684 * cipher/rijndael-aesni.c (u128_t): Add attributes to tell GCC and clang
685 that casting from 'char *' to 'u128_t *' is ok.
687 cipher-xts: fix pointer casting to wrong alignment and aliasing.
688 + commit 4f31d816dcc1e95dc647651e92acbdfed53f5c14
689 * cipher/cipher-xts.c (xts_gfmul_byA, xts_inc128): Use buf_get_le64
690 and buf_put_le64 for accessing data; Change parameter pointers to
691 'unsigned char *' type.
692 (_gcry_cipher_xts_crypt): Do not cast buffer pointers to 'u64 *'
693 for helper functions.
695 crc-intel-pclmul: fix undefined behavior with unaligned access.
696 + commit 55cf1b5588705cab5f45e2817c4aa1d204dc0042
697 * cipher/crc-intel-pclmul.c (u16_unaligned_s): New.
698 (crc32_reflected_less_than_16, crc32_less_than_16): Use
699 'u16_unaligned_s' for unaligned memory access.
701 configure.ac: fix attribute checks.
702 + commit b29b1b9f576f501d4b993be0a751567045274a1a
703 * configure.ac: Add -Werror flag for attribute checks.
705 configure.ac: fix may_alias attribute check.
706 + commit 136c8416ea540dd126be3997d94d7063b3aaf577
707 * configure.ac: Test may_alias attribute on type, not on variable.
709 bufhelp: add 'may_alias' attribute for properly aligned 'bufhelp_int_t'
710 + commit d1ae52a0e23308f33b78cffeba56005b687f23c0
711 * cipher/bufhelp.h [!BUFHELP_FAST_UNALIGNED_ACCESS]
712 (bufhelp_int_t): Add 'may_alias' attribute.
714 2017-01-27 Werner Koch <wk@gnupg.org>
716 w32: New envvar GCRYPT_RNDW32_DBG.
717 + commit a351fbde8548ce3f57298c618426f043844fbc78
718 * random/rndw32.c (_gcry_rndw32_gather_random): Use getenv to set
721 2017-01-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
723 rijndael-ssse3-amd64: fix building on x32.
724 + commit 39b9302da5d08bd52688d20befe626fee0b6c41d
725 * cipher/rijndael-ssse3-amd64.c: Use 64-bit call instructions
726 with 64-bit registers.
728 bufhelp: use 'may_alias' attribute unaligned pointer types.
729 + commit bf9e0b79e620ca2324224893b07522462b125412
730 * configure.ac (gcry_cv_gcc_attribute_may_alias)
731 (HAVE_GCC_ATTRIBUTE_MAY_ALIAS): New check for 'may_alias' attribute.
732 * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only if
733 HAVE_GCC_ATTRIBUTE_MAY_ALIAS is defined.
734 [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_int_t, bufhelp_u32_t)
735 (bufhelp_u64_t): Add 'may_alias' attribute.
736 * src/g10lib.h (fast_wipememory_t): Add HAVE_GCC_ATTRIBUTE_MAY_ALIAS
737 defined check; Add 'may_alias' attribute.
739 2017-01-18 Werner Koch <wk@gnupg.org>
741 random: Call getrandom before select and emitting a progress callback.
742 + commit 623aab8a940ea61afe3fef650ad485a755ed9fe7
743 * random/rndlinux.c (_gcry_rndlinux_gather_random): Move the getrandom
744 call before the select.
746 2017-01-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
748 mpi: amd64: fix too large jump alignment in mpih-rshift.
749 + commit ddcfe31e2425e88b280e7cdaf3f0eaaad8ccc023
750 * mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Use 16-byte alignment
751 with 'ALIGN(4)' instead of 256-byte.
753 rijndael-ssse3: move assembly functions to separate source-file.
754 + commit 54c57bc49edb5c00e9ed8103cc4837bb72c5e863
755 * cipher/Makefile.am: Add 'rinjdael-ssse3-amd64-asm.S'.
756 * cipher/rinjdael-ssse3-amd64-asm.S: Moved assembly functions
758 * cipher/rinjdael-ssse3-amd64.c: ... from this file.
759 (_gcry_aes_ssse3_enc_preload, _gcry_aes_ssse3_dec_preload)
760 (_gcry_aes_ssse3_shedule_core, _gcry_aes_ssse3_encrypt_core)
761 (_gcry_aes_ssse3_decrypt_core): New.
762 (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
763 (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
764 (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Update to use external
765 assembly functions; remove 'aes_const_ptr' variable usage.
766 (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_decrypt)
767 (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc)
768 (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec)
769 (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec)
770 (_gcry_aes_ssse3_ocb_auth): Remove 'aes_const_ptr' variable usage.
771 * configure.ac: Add 'rinjdael-ssse3-amd64-asm.lo'.
773 Add AVX2/vpgather bulk implementation of Twofish.
774 + commit c59a8ce51ceb9a80169c44ef86a67e95cf8528c3
775 * cipher/Makefile.am: Add 'twofish-avx2-amd64.S'.
776 * cipher/twofish-avx2-amd64.S: New.
777 * cipher/twofish.c (USE_AVX2): New.
778 (TWOFISH_context) [USE_AVX2]: Add 'use_avx2' member.
780 (twofish_setkey): Add check for AVX2 and fast VPGATHER HW features.
781 (_gcry_twofish_avx2_ctr_enc, _gcry_twofish_avx2_cbc_dec)
782 (_gcry_twofish_avx2_cfb_dec, _gcry_twofish_avx2_ocb_enc)
783 (_gcry_twofish_avx2_ocb_dec, _gcry_twofish_avx2_ocb_auth): New.
784 (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec)
785 (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Add AVX2 bulk
787 (selftest_ctr, selftest_cbc, selftest_cfb): Increase nblocks from
789 * configure.ac: Add 'twofish-avx2-amd64.lo'.
790 * src/g10lib.h (HWF_INTEL_FAST_VPGATHER): New.
791 * src/hwf-x86.c (detect_x86_gnuc): Add detection for
792 HWF_INTEL_FAST_VPGATHER.
793 * src/hwfeatures.c (HWF_INTEL_FAST_VPGATHER): Add
794 "intel-fast-vpgather" for HWF_INTEL_FAST_VPGATHER.
797 + commit 232a129b1f915fc54881506e4b07c89cf84932e6
798 * cipher/Makefile.am: Add 'cipher-xts.c'.
799 * cipher/cipher-internal.h (gcry_cipher_handle): Add 'bulk.xts_crypt'
800 and 'u_mode.xts' members.
801 (_gcry_cipher_xts_crypt): New prototype.
802 * cipher/cipher-xts.c: New.
803 * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
804 (cipher_reset, cipher_encrypt, cipher_decrypt): Add XTS mode handling.
805 * doc/gcrypt.texi: Add XTS mode to documentation.
806 * src/gcrypt.h.in (GCRY_CIPHER_MODE_XTS, GCRY_XTS_BLOCK_LEN): New.
807 * tests/basic.c (do_check_xts_cipher, check_xts_cipher): New.
808 (check_bulk_cipher_modes): Add XTS test-vectors.
809 (check_one_cipher_core, check_one_cipher, check_ciphers): Add XTS
811 (check_cipher_modes): Add XTS test.
812 * tests/bench-slope.c (bench_xts_encrypt_init)
813 (bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench)
814 (xts_encrypt_ops, xts_decrypt_ops): New.
815 (cipher_modes, cipher_bench_one): Add XTS.
816 * tests/benchmark.c (cipher_bench): Add XTS testing.
818 2017-01-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
820 rijndael-ssse3: fix counter operand from read-only to read/write.
821 + commit aada604594fd42224d366d3cb98f67fd3b989cd6
822 * cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_ctr_enc): Change
823 'ctrlow' operand from read-only to read-write.
825 2017-01-03 Werner Koch <wk@gnupg.org>
827 Extend GCRYCTL_PRINT_CONFIG to print compiler version.
828 + commit 98b49695b1ffe3c406ae39a45051b8594f903b9d
829 * src/global.c (print_config): Print version of libgpg-error and used
832 tests: Add option --disable-hwf to the version utility.
833 + commit 3582641469f1c74078f0d758c4d5458cc0ee5649
834 * src/hwfeatures.c (_gcry_disable_hw_feature): Rewrite to allow
835 passing a colon delimited feature set.
836 (parse_hwf_deny_file): Remove unused var I.
837 * tests/version.c (main): Add options --verbose and --disable-hwf.
839 2016-12-15 Werner Koch <wk@gnupg.org>
840 Nicolas Porcel <nicolasporcel06@gmail.com>
842 Fix regression in broken mlock detection.
843 + commit 0a90f87799903a3fb97189ef7cba19e7b3534e1c
844 * acinclude.m4 (GNUPG_CHECK_MLOCK): Fix typo EGAIN->EAGAIN.
846 2016-12-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
848 hwfeatures: add 'all' for disabling all hardware features.
849 + commit c83d0d2a26059cf471d09f5cb8e7fc5d76c4907b
850 * .gitignore: Add 'tests/basic-disable-all-hwf'.
851 * configure.ac: Ditto.
852 * tests/Makefile.am: Ditto.
853 * src/hwfeatures.c (_gcry_disable_hw_feature): Match 'all' for
854 masking all HW features off.
855 (parse_hwf_deny_file): Use '_gcry_disable_hw_feature' for matching.
856 * tests/basic-disable-all-hwf.in: New.
858 tests/hashtest-256g: add missing executable extension for Win32.
859 + commit 2b7b227b8a0bd5ff286258bc187782efac180a7e
860 * tests/hashtest-256g.in: Add @EXEEXT@.
862 OCB ARM CE: Move ocb_get_l handling to assembly part.
863 + commit 5c418e597f0f20a546d953161695e6caf1f57689
864 * cipher/rijndael-armv8-aarch32-ce.S: Add OCB 'L_{ntz(i)}' calculation.
865 * cipher/rijndael-armv8-aarch64-ce.S: Ditto.
866 * cipher/rijndael-armv8-ce.c (_gcry_aes_ocb_enc_armv8_ce)
867 (_gcry_aes_ocb_dec_armv8_ce, _gcry_aes_ocb_auth_armv8_ce)
868 (ocb_cryt_fn_t): Updated arguments.
869 (_gcry_aes_armv8_ce_ocb_crypt, _gcry_aes_armv8_ce_ocb_auth): Remove
870 'ocb_get_l' handling and splitting input to 32 block chunks, instead
871 pass full buffers to assembly.
873 OCB: Move large L handling from bottom to upper level.
874 + commit 2d2e5286d53e1f62fe040dff4c6e01961f00afe2
875 * cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove.
876 (ocb_get_L_big): New.
877 (_gcry_cipher_ocb_authenticate): L-big handling done in upper
878 processing loop, so that lower level never sees the case where
879 'aad_nblocks % 65536 == 0'; Add missing stack burn.
880 (ocb_aad_finalize): Add missing stack burn.
881 (ocb_crypt): L-big handling done in upper processing loop, so that
882 lower level never sees the case where 'data_nblocks % 65536 == 0'.
883 * cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove.
884 (ocb_get_l): Remove 'l_tmp' usage and simplify since input
885 is more limited now, 'N is not multiple of 65536'.
886 * cipher/rijndael-aesni.c (get_l): Remove.
887 (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove
888 l_tmp; Use 'ocb_get_l'.
889 * cipher/rijndael-ssse3-amd64.c (get_l): Remove.
890 (ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove
891 l_tmp; Use 'ocb_get_l'.
892 * cipher/camellia-glue.c: Remove OCB l_tmp usage.
893 * cipher/rijndael-armv8-ce.c: Ditto.
894 * cipher/rijndael.c: Ditto.
895 * cipher/serpent.c: Ditto.
896 * cipher/twofish.c: Ditto.
898 OCB: remove 'int64_t' usage.
899 + commit 161d339f48c03be7fd0f4249d730f7f1767ef8e4
900 * cipher/cipher-ocb.c (double_block): Use alternative way to generate
901 sign-bit mask, without 'int64_t'.
903 random-drbg: use bufhelp function for big-endian store.
904 + commit 0b03b658bebc69a84d87ef13f9b60a27b0c42305
905 * random/random-drbg.c (drbg_cpu_to_be32): Remove.
906 (drbg_ctr_df, drbg_hash_df): Use 'buf_put_be32' instead of
909 2016-12-09 Werner Koch <wk@gnupg.org>
911 Improve handling of mlock error codes.
912 + commit 618b8978f46f4011c11512fd5f30c15e01652e2e
913 * acinclude.m4 (GNUPG_CHECK_MLOCK): Check also for EAGAIN which is a
914 legitimate return code and does not indicate a broken mlock().
915 * src/secmem.c (lock_pool_pages): Test ERR instead of ERRNO which
916 could have been overwritten by cap_from+text et al.
918 2016-12-08 Stephan Mueller <smueller@chronox.de>
920 random: Eliminate unneeded memcpy invocations in the DRBG.
921 + commit 656395ba4cf34f42dda3a120bda3ed1220755a3d
922 * random/random-drbg.c (drbg_hash): Remove arg 'outval' and return a
924 (drbg_instantiate): Reduce size of scratchpad.
925 (drbg_hmac_update): Avoid use of scratch buffers for the hash.
926 (drbg_hmac_generate, drbg_hash_df): Ditto.
927 (drbg_hash_process_addtl): Ditto.
928 (drbg_hash_hashgen): Ditto.
929 (drbg_hash_generate): Ditto.
931 random: Add performance improvements for the DRBG.
932 + commit 20886fdcb841b0bf89bb1d44303d42f1804e38cb
933 * random/random-drbg.c (struct drbg_state_ops_s): New function
934 pointers 'crypto_init' and 'crypto-fini'.
935 (struct drbg_state_s): New fields 'priv_data', 'ctr_handle', and
937 (drbg_hash_init, drbg_hash_fini): New.
938 (drbg_hmac_init, drbg_hmac_setkey): New.
939 (drbg_sym_fini, drbg_sym_init, drbg_sym_setkey): New.
941 (drbg_ctr_bcc): Set the key.
942 (drbg_ctr_df): Ditto.
943 (drbg_hmac_update): Ditto.
944 (drbg_hmac_generate): Replace drgb_hmac by drbg_hash.
945 (drbg_hash_df): Ditto.
946 (drbg_hash_process_addtl): Ditto.
947 (drbg_hash_hashgen): Ditto.
948 (drbg_ctr_update): Rework.
949 (drbg_ctr_generate): Rework.
950 (drbg_ctr_ops): Init new functions pointers.
951 (drbg_uninstantiate): Call fini function.
952 (drbg_instantiate): Call init function.
954 cipher: New function for reading the counter in CTR mode.
955 + commit 227099f179df9dcf083d0ef6be9883c775df0874
956 * cipher/cipher.c (gcry_cipher_getctr): New.
958 2016-12-07 Werner Koch <wk@gnupg.org>
960 Document the overflow pools and add a stupid test case.
961 + commit 95bac312644ad45e486c94c2efd25d0748b9a20b
962 * tests/t-secmem.c (test_secmem_overflow): New func.
963 (main): Disable warning and call new function.
965 Implement overflow secmem pools for xmalloc style allocators.
966 + commit b6870cf25c0b1eb9c127a94af8326c446421a472
967 * src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and
969 (cur_alloced, cur_blocks): Remove vars.
970 (ptr_into_pool_p): Make it inline.
971 (stats_update): Add arg pool and update the new pool specific
973 (_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow
975 (_gcry_secmem_malloc): Pass XHINTS along.
976 (_gcry_secmem_realloc_internal): Ditto.
977 (_gcry_secmem_realloc): Ditto.
978 (_gcry_secmem_free_internal): Take multiple pools in account. Add
979 return value to indicate whether the arg was freed.
980 (_gcry_secmem_free): Add return value to indicate whether the arg was
982 (_gcry_private_is_secure): Take multiple pools in account.
983 (_gcry_secmem_term): Release all pools.
984 (_gcry_secmem_dump_stats): Print stats for all pools.
985 * src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure
986 test with a direct call of _gcry_secmem_free to avoid double checking.
988 Give the secmem allocators a hint when a xmalloc calls them.
989 + commit b7df907dca4d525f8930c533b763ffce44ceed87
990 * src/secmem.c (_gcry_secmem_malloc): New not yet used arg XHINT.
991 (_gcry_secmem_realloc): Ditto.
992 * src/stdmem.c (_gcry_private_malloc_secure): New arg XHINT to be
993 passed to the secmem functions.
994 (_gcry_private_realloc): Ditto.
995 * src/g10lib.h (GCRY_ALLOC_FLAG_XHINT): New.
996 * src/global.c (do_malloc): Pass this flag as XHINT to the private
998 (_gcry_malloc_secure): Factor code out to ...
999 (_gcry_malloc_secure_core): this. Add arg XHINT.
1000 (_gcry_realloc): Factor code out to ...
1001 (_gcry_realloc_core): here. Add arg XHINT.
1002 (_gcry_strdup): Factor code out to ...
1003 (_gcry_strdup_core): here. Add arg XHINT.
1004 (_gcry_xrealloc): Use the core function and pass true for XHINT.
1005 (_gcry_xmalloc_secure): Ditto.
1006 (_gcry_xstrdup): Ditto.
1008 tests: New test t-secmem.
1009 + commit e366c19b34922c770af82cd035fd815680b29dee
1010 * src/secmem.c (_gcry_secmem_dump_stats): Add arg EXTENDED and adjust
1012 * src/gcrypt-testapi.h (PRIV_CTL_DUMP_SECMEM_STATS): New.
1013 * src/global.c (_gcry_vcontrol): Implement that.
1014 * tests/t-secmem.c: New.
1015 * tests/Makefile.am (tests_bin): Add that test.
1017 2016-12-06 Werner Koch <wk@gnupg.org>
1019 Fix compiler warning about possible-NULL-dreference.
1020 + commit 995ce697308320c6a52a307f83dc49eeb8d784b4
1021 * src/mpi.h (mpi_is_const, mpi_is_immutable): Do check arg before
1022 deref-ing. The are only used at places where the arg shall not be NULL.
1024 Fix possible NULL-deref in gcry_log_debugsxp.
1025 + commit 984a97f0750f812f0ad3c343ee6a67560953a504
1026 * src/misc.c (_gcry_log_printsxp): Prevent passing NULL to strlen.
1028 Reorganize code in secmem.c.
1029 + commit 603f479a919311f720a05da738150c2192d5e562
1030 * src/secmem.c (pooldesc_t): New type to collect information about one
1032 (pool_size): Remove. Now a member of pooldesc_t.
1034 (pool_is_mmapped): Ditto.
1035 (pool): Rename variable ...
1036 (mainpool): And change type to pooldesc_t.
1037 (ptr_into_pool_p): Add arg 'pool'.
1038 (mb_get_next): Ditto.
1039 (mb_get_prev): Ditto.
1041 (mb_get_new): Ditto.
1043 (lock_pool): Rename to ...
1044 (look_pool_pages: this.
1045 (secmem_init): Rename to ...
1046 (_gcry_secmem_init_internal): this. Add local var POOL and init with
1047 address of MAINPOOL.
1048 (_gcry_secmem_malloc_internal): Add local var POOL and init with
1049 address of MAINPOOL.
1050 (_gcry_private_is_secure): Ditto.
1051 (_gcry_secmem_term): Ditto.
1052 (_gcry_secmem_dump_stats): Ditto.
1053 (_gcry_secmem_free_internal): Ditto. Remove check for NULL arg.
1054 (_gcry_secmem_free): Add check for NULL arg before taking the lock.
1055 (_gcry_secmem_realloc): Factor most code out to ...
1056 (_gcry_secmem_realloc_internal): this.
1058 2016-11-28 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
1060 tests: Add PBKDF2 tests for Stribog512.
1061 + commit a0580d446fef648a177ca4ab060d0e449780db84
1062 * tests/t-kdf.c (check_pbkdf2): Add Stribog512 test cases from TC26's
1063 additions to PKCS#5.
1065 tests: Add Stribog HMAC tests from TC26ALG.
1066 + commit fe6077e6ee8565bfcc91bad14a73e68f45b3c32b
1067 * tests/basic.c (check_mac): add HMAC test vectors from TC26ALG document
1070 cipher: Add Stribog OIDs from TC26 space.
1071 + commit ccffacaf6c3abe6120a0898db922981d28ab7af2
1072 * cipher/stribog.c (oid_spec_stribog256, oid_spec_stribog512): New.
1074 2016-11-25 Justus Winter <justus@g10code.com>
1076 tests: Fix memory leak.
1077 + commit 5530a8234d703ce9b685f78fb6e951136eb0aeb2
1078 * tests/basic.c (check_gost28147_cipher): Free cipher handles.
1080 2016-11-25 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
1082 Cast oid argument of gcry_cipher_set_sbox to disable compiler warning.
1083 + commit 1a67e3195896704f8b3ba09e3db1214bab834491
1084 * src/gcrypt.h.in (gcry_cipher_set_sbox): Cast oid to (void *).
1086 gost: Rename tc26 s-box from A to Z.
1087 + commit dc8ceb8d2dfef949f3afa14fc75f9de8cd07c7ad
1088 * cipher/gost-s-box.c (gost_sboxes): Rename TC26_A to TC26_Z as it is
1089 the name that ended up in all standards.
1091 tests: Add test to verify GOST 28147-89 against known results.
1092 + commit 4f5c26c73c66daf2e4aff966e43c22b2db7e0138
1093 * tests/basic.c (check_gost28147_cipher): new test function.
1095 2016-11-17 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
1097 cipher/gost28147: Fix CryptoPro-B S-BOX.
1098 + commit 5ca63c92825453fdb369a97bbc19cb95b49b4296
1099 * cipher/gost-s-box.c: CryptoPro_B s-box missed one line, resulting in
1100 incorrect encryption/decryption using that s-box. Add missing data.
1102 2016-11-12 Werner Koch <wk@gnupg.org>
1104 Put blocking calls into Libgpg-error's system call clamp.
1105 + commit b829dfe9f0eeff08c956ba3f3a6b559b9d2199dd
1106 * src/gcrypt.h.in (GCRYCTL_REINIT_SYSCALL_CLAMP): New.
1107 * configure.ac: Require Libgpg-error 1.25. Set version number to
1109 * src/gcrypt-int.h: Remove error code emulation.
1110 * src/global.c (pre_syscall_func, post_syscall_func): New.
1111 (global_init): Call gpgrt_get_syscall_clamp.
1112 (_gcry_vcontrol) <GCRYCTL_REINIT_SYSCALL_CLAMP>: Ditto.
1113 (_gcry_pre_syscall, _gcry_post_syscall): New.
1114 * random/rndlinux.c (_gcry_rndlinux_gather_random): Use the new
1117 2016-11-01 NIIBE Yutaka <gniibe@fsij.org>
1119 cipher: Fix IDEA cipher for clearing memory.
1120 + commit bf6d5b10cb4173826f47ac080506b68bb001acb2
1121 * cipher/idea.c (invert_key): Use wipememory, since this kind of memset
1122 may be removed by compiler optimization.
1124 2016-10-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1126 GCM: Add bulk processing for ARMv8/AArch64 implementation.
1127 + commit bfd732f53a9b5dfe14217a68a0fa289bf6913ec0
1128 * cipher/cipher-gcm-armv8-aarch64-ce.S: Add 6 blocks bulk processing.
1130 GCM: Add bulk processing for ARMv8/AArch32 implementation.
1131 + commit 27747921cb1dfced83c5666cd1c474764724c52b
1132 * cipher/cipher-gcm-armv8-aarch32-ce.S: Add 4 blocks bulk processing.
1133 * tests/basic.c (check_digests): Print correct data length for "?"
1135 (check_one_mac): Add large 1000000 bytes tests, when input is "!" or
1137 (check_mac): Add "?" tests vectors for HMAC, CMAC, GMAC and POLY1305.
1139 2016-09-11 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1141 Add Aarch64 assembly implementation of Twofish.
1142 + commit 5418d9ca4c0e087fd6872ad350a996fe74880d86
1143 * cipher/Makefile.am: Add 'twofish-aarch64.S'.
1144 * cipher/twofish-aarch64.S: New.
1145 * cipher/twofish.c: Enable USE_ARM_ASM if __AARCH64EL__ and
1146 HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
1147 * configure.ac [host=aarch64]: Add 'twofish-aarch64.lo'.
1149 2016-09-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1151 Add Aarch64 assembly implementation of Camellia.
1152 + commit de73a2e7237ba7c34ce48bb5fb671aa3993de832
1153 * cipher/Makefile.am: Add 'camellia-aarch64.S'.
1154 * cipher/camellia-aarch64.S: New.
1155 * cipher/camellia-glue.c [USE_ARM_ASM][__aarch64__]: Set stack burn
1157 * cipher/camellia.h: Enable USE_ARM_ASM if __AARCH64EL__ and
1158 HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
1159 * configure.ac [host=aarch64]: Add 'rijndael-aarch64.lo'.
1161 Add ARMv8/AArch64 Crypto Extension implementation of AES.
1162 + commit 4cd8d40d698564d24ece2af24546e34c58bf2961
1163 * cipher/Makefile.am: Add 'rijndael-armv-aarch64-ce.S'.
1164 * cipher/rijndael-armv8-aarch64-ce.S: New.
1165 * cipher/rijndael-internal.h (USE_ARM_CE): Enable for ARMv8/AArch64.
1166 * configure.ac: Add 'rijndael-armv-aarch64-ce.lo' and
1167 'rijndael-armv8-ce.lo' for ARMv8/AArch64.
1169 Add ARMv8/AArch64 Crypto Extension implementation of GCM.
1170 + commit 0b332c1aef03a735c1fb0df184f74d523deb2f98
1171 * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch64-ce.S'.
1172 * cipher/cipher-gcm-armv8-aarch64-ce.S: New.
1173 * cipher/cipher-internal.h (GCM_USE_ARM_PMULL): Enable on
1176 Add ARMv8/AArch64 Crypto Extension implementation of SHA-256.
1177 + commit 2d4bbc0ad62c54bbdef77799f9db82d344b7219e
1178 * cipher/Makefile.am: Add 'sha256-armv8-aarch64-ce.S'.
1179 * cipher/sha256-armv8-aarch64-ce.S: New.
1180 * cipher/sha256-armv8-aarch32-ce.S: Move round macros to correct
1182 * cipher/sha256.c (USE_ARM_CE): Enable on ARMv8/AArch64.
1183 * configure.ac: Add 'sha256-armv8-aarch64-ce.lo'; Swap places for
1184 'sha512-arm.lo' and 'sha256-armv8-aarch32-ce.lo'.
1186 Add ARMv8/AArch64 Crypto Extension implementation of SHA-1.
1187 + commit e4eb03f56683317c908cb55be727832810dc8c72
1188 * cipher/Makefile.am: Add 'sha1-armv8-aarch64-ce.S'.
1189 * cipher/sha1-armv8-aarch64-ce.S: New.
1190 * cipher/sha1.c (USE_ARM_CE): Enable on ARMv8/AArch64.
1191 * configure.ac: Add 'sha1-armv8-aarch64-ce.lo'.
1193 2016-09-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1195 Add AArch64 assembly implementation of AES.
1196 + commit 595251ad37bf1968261d7e781752513f67525803
1197 * cipher/Makefile.am: Add 'rijndael-aarch64.S'.
1198 * cipher/rijndael-aarch64.S: New.
1199 * cipher/rijndael-internal.h: Enable USE_ARM_ASM if __AARCH64EL__ and
1200 HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
1201 * configure.ac (gcry_cv_gcc_aarch64_platform_as_ok): New check.
1202 [host=aarch64]: Add 'rijndael-aarch64.lo'.
1204 2016-08-17 Werner Koch <wk@gnupg.org>
1207 + commit f8241874971478bdcd2bc2082d901d05db7b256d
1208 * configure.ac: Set LT version to C21/A1/R3.
1210 random: Hash continuous areas in the csprng pool.
1211 + commit 8dd45ad957b54b939c288a68720137386c7f6501
1212 * random/random-csprng.c (mix_pool): Store the first hash at the end
1215 random: Improve the diagram showing the random mixing.
1216 + commit 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513
1217 * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.
1219 2016-07-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1221 crc-intel-pclmul: split assembly block to ease register pressure.
1222 + commit f38199dbc290003898a1799adc367265267784c2
1223 * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
1224 assembly block handling 4 byte input into multiple blocks.
1226 rijndael-aesni: split assembly block to ease register pressure.
1227 + commit a4d1595a2638db63ac4c73e722c8ba95fdd85ff7
1228 * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
1229 constraint for passing 'bige_addb' to assembly block; split
1230 first inline assembly block into two parts.
1232 2016-07-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1234 Add ARMv8/AArch32 Crypto Extension implementation of AES.
1235 + commit 05a4cecae0c02d2b4ee1cadd9c08115beae3a94a
1236 * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
1237 'rijndael-armv-aarch32-ce.S'.
1238 * cipher/rijndael-armv8-aarch32-ce.S: New.
1239 * cipher/rijndael-armv8-ce.c: New.
1240 * cipher/rijndael-internal.h (USE_ARM_CE): New.
1241 (RIJNDAEL_context_s): Add 'use_arm_ce'.
1242 * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
1243 (_gcry_aes_armv8_ce_prepare_decryption)
1244 (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
1245 (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
1246 (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
1247 (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
1248 (_gcry_aes_armv8_ce_ocb_auth): New.
1249 (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
1251 (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
1252 (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
1253 (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
1255 * configure.ac: Add 'rijndael-armv8-ce.lo' and
1256 'rijndael-armv8-aarch32-ce.lo'.
1258 Add ARMv8/AArch32 Crypto Extension implementation of GCM.
1259 + commit 962b15470663db11e5c35b86768f1b5d8e600017
1260 * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
1261 * cipher/cipher-gcm-armv8-aarch32-ce.S: New.
1262 * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
1263 (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
1264 (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
1265 (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
1266 HWF_ARM_PULL HW feature flag is enabled.
1267 * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.
1269 Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
1270 + commit 34c64eb03178fbfd34190148fec5a189df2b8f83
1271 * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
1272 * cipher/sha256-armv8-aarch32-ce.S: New.
1273 * cipher/sha256.c (USE_ARM_CE): New.
1274 (sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
1275 [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
1276 (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
1277 (SHA256_CONTEXT): Add 'use_arm_ce'.
1278 * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.
1280 Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
1281 + commit 3d6334f8d94c2a4df10eed203ae928298a4332ef
1282 * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
1283 * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
1285 * cipher/sha1-armv8-aarch32-ce.S: New.
1286 * cipher/sha1.c (USE_ARM_CE): New.
1287 (sha1_init): Check features for HWF_ARM_SHA1.
1288 [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
1289 (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
1291 * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
1292 * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.
1294 Add HW feature check for ARMv8 AArch64 and crypto extensions.
1295 + commit eee78f6e1fbce7d54c43fb7efc5aa8be9f52755f
1296 * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
1297 module on 64-bit ARM.
1298 (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
1299 (gcry_cv_inline_asm_aarch64_neon)
1300 (gcry_cv_gcc_inline_asm_aarch64_crypto): New.
1301 * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
1302 (HWF_ARM_PMULL): New.
1303 * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
1304 (feature_map_s): New.
1305 [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
1306 (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
1307 [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
1308 (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
1309 (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
1311 (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
1312 (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
1313 (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
1314 * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
1317 2016-07-14 Werner Koch <wk@gnupg.org>
1320 + commit be0bec7d9208b2f2d2ffce9cc2ca6154853e7e59
1321 * configure.ac: Set LT version to C21/A1/R2.
1322 * Makefile.am (distcheck-hook): New.
1324 2016-07-13 Werner Koch <wk@gnupg.org>
1326 build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
1327 + commit e535ea1bdc42309553007d60599d3147b8defe93
1328 * build-aux/config.guess: Update.
1329 * build-aux/config.sub: Update.
1331 2016-07-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1333 Fix unaligned accesses with ldm/stm in ChaCha20 and Poly1305 ARM/NEON.
1334 + commit 1111d311fd6452abd4080d1072c75ddb1b5a3dd1
1335 * cipher/chacha20-armv7-neon.S (UNALIGNED_STMIA8)
1336 (UNALIGNED_LDMIA4): New.
1337 (_gcry_chacha20_armv7_neon_blocks): Use new helper macros instead of
1338 ldm/stm instructions directly.
1339 * cipher/poly1305-armv7-neon.S (UNALIGNED_LDMIA2)
1340 (UNALIGNED_LDMIA4): New.
1341 (_gcry_poly1305_armv7_neon_init_ext, _gcry_poly1305_armv7_neon_blocks)
1342 (_gcry_poly1305_armv7_neon_finish_ext): Use new helper macros instead
1343 of ldm instruction directly.
1345 2016-07-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1347 bench-slope: add unaligned buffer mode.
1348 + commit 496790940753226f96b731a43d950bd268acd97a
1349 * tests/bench-slope.c (unaligned_mode): New.
1350 (do_slope_benchmark): Unalign buffer if in unaligned mode enabled.
1351 (print_help, main): Add '--unaligned' parameter.
1353 2016-07-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1356 + commit cb79630ec567a5f2e03e5f863cda168faa7b8cc8
1357 * tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'.
1359 2016-06-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1361 Disallow encryption/decryption if key is not set.
1362 + commit 07de9858032826f5a7b08c372f6bcc73bbb503eb
1363 * cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not
1364 NONE, make sure that key is set.
1365 * cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear
1366 'marks.key' when reseting state.
1368 Avoid unaligned accesses with ARM ldm/stm instructions.
1369 + commit a6158a01a4d81a5d862e1e0a60bfd6063443311d
1370 * cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always
1371 compile with unaligned load/store code paths.
1372 * cipher/sha512-arm.S: Ditto.
1374 Fix non-PIC reference in PIC for poly1305/ARMv7-NEON.
1375 + commit a09126242a51c4ea4564b0f70b808e4f27fe5a91
1376 * cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New.
1377 (_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER.
1379 Fix wrong CPU feature #ifdef for SHA1/AVX.
1380 + commit 4a983e3bef58b9d056517e25e0ab10b72d12ceba
1381 * cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of
1382 HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2.
1384 2016-06-30 Werner Koch <wk@gnupg.org>
1386 random: Remove debug message about not supported getrandom syscall.
1387 + commit 6965515c73632a088fb126a4a55e95121671fa98
1388 * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug
1389 for getrandom error ENOSYS.
1391 2016-06-27 Werner Koch <wk@gnupg.org>
1393 tests: Do not test SHAKE128 et al with gcry_md_hash_buffer.
1394 + commit 4d634a098742ff425b324e9f2a67b9f62de09744
1395 * tests/benchmark.c (md_bench): Do not test variable lengths algos
1396 with the gcry_md_hash_buffer.
1398 md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer.
1399 + commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c
1400 * cipher/md.c (md_read): Detect missing read function.
1401 (_gcry_md_hash_buffers): Return an error.
1403 2016-06-25 Werner Koch <wk@gnupg.org>
1405 ecc: Fix memory leak.
1406 + commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a
1407 * cipher/ecc.c (ecc_check_secret_key): Do not init point if already
1411 + commit 1feb01940062a74c27230434fc3babdddca8caf4
1412 * doc/yat2m.c: Update from Libgpg-error
1414 tests: Add attributes to helper functions.
1415 + commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9
1416 * tests/t-common.h (die, fail, info): Add attributes.
1417 * tests/random.c (die, inf): Ditto.
1418 * tests/pubkey.c (die, fail, info): Add attributes.
1419 * tests/fipsdrv.c (die): Add attribute.
1420 (main): Take care of missing --key,--iv,--dt options.
1422 Improve robustness and help lint.
1423 + commit 5a5b055b81ee60a22a846bdf2031516b1c24df98
1424 * cipher/rsa.c (rsa_encrypt): Check for !DATA.
1425 * cipher/md.c (search_oid): Check early for !OID.
1426 (md_copy): Use gpg_err_code_from_syserror. Replace chains of if(!err)
1428 * cipher/cipher.c (search_oid): Check early for !OID.
1429 * src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0.
1430 * mpi/mpicoder.c (onecompl): Allow for A==NULL to help static
1433 cipher: Improve fatal error message for bad use of gcry_md_read.
1434 + commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac
1435 * cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG.
1437 2016-06-16 Niibe Yutaka <gniibe@fsij.org>
1439 ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM.
1440 + commit b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d
1441 * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify)
1442 (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default
1443 cofactor as 1, when not specified.
1445 ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM.
1446 + commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7
1447 * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify)
1448 (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default
1449 cofactor as 1, when not specified.
1451 2016-06-15 Werner Koch <wk@gnupg.org>
1454 + commit 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223
1457 doc: Describe envvars.
1458 + commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc
1459 * doc/gcrypt.texi: Add chapter Configuration.
1461 random: Change names of debug envvars.
1462 + commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3
1463 * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to
1464 GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG.
1465 * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to
1466 GCRYPT_RNDW32_NOPERF.
1468 2016-06-14 Werner Koch <wk@gnupg.org>
1470 cipher: Assign OIDs to the Serpent cipher.
1471 + commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e
1472 * cipher/serpent.c (serpent128_oids, serpent192_oids)
1473 (serpent256_oids): New. Add them to the specs blow.
1474 (serpent128_aliases): Add "SERPENT-128".
1475 (serpent256_aliases, serpent192_aliases): New.
1477 cipher: Assign OIDs to the Serpent cipher.
1478 + commit 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4
1479 * cipher/serpent.c (serpent128_oids, serpent192_oids)
1480 (serpent256_oids): New. Add them to the specs blow.
1481 (serpent128_aliases): Add "SERPENT-128".
1482 (serpent256_aliases, serpent192_aliases): New.
1484 2016-06-08 Werner Koch <wk@gnupg.org>
1486 rsa: Implement blinding also for signing.
1487 + commit 1f769e3e8442bae2f1f73c656920bb2df70153c0
1488 * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ...
1489 (secret_blinded): new.
1490 (rsa_sign): Use blinding by default.
1492 random: Remove debug output for getrandom(2) output.
1493 + commit 52cdfb1960808aaad48b5a501bbce0e3141c3961
1494 * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug
1497 Fix gcc portability on Solaris 9 SPARC boxes.
1498 + commit b766ea14ad1c27d6160531b200cc70aaa479c6dc
1499 * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
1501 2016-06-08 Jérémie Courrèges-Anglas <jca@wxcvbn.org>
1503 Check for compiler SSE4.1 support in PCLMUL CRC code.
1504 + commit dc76313308c184c92eb78452b503405b90fc7ebd
1505 * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if
1506 compiler supports PCLMUL *and* SSE4.1
1507 * cipher/crc.c: Ditto
1508 * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New.
1510 2016-06-08 NIIBE Yutaka <gniibe@fsij.org>
1512 ecc: Fix ecc_verify for cofactor support.
1513 + commit bd39eb9fba47dc8500c83769a679cc8b683d6c6e
1514 * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h".
1516 2016-06-08 Werner Koch <wk@gnupg.org>
1518 random: Try to use getrandom() instead of /dev/urandom (Linux only).
1519 + commit c05837211e5221d3f56146865e823bc20b4ff1ab
1520 * configure.ac: Check for syscall.
1521 * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
1522 (_gcry_rndlinux_gather_random): Use getrandom is available.
1524 2016-06-03 Werner Koch <wk@gnupg.org>
1526 rsa: Implement blinding also for signing.
1527 + commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8
1528 * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ...
1529 (secret_blinded): new.
1530 (rsa_sign): Use blinding by default.
1532 random: Remove debug output for getrandom(2) output.
1533 + commit 82df6c63a72fdd969c3923523f10d0cef5713ac7
1534 * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug
1537 2016-06-02 Werner Koch <wk@gnupg.org>
1539 Fix gcc portability on Solaris 9 SPARC boxes.
1540 + commit 4121f15122501d8946f1589b303d1f7949c15e30
1541 * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
1543 2016-05-28 Jérémie Courrèges-Anglas <jca@wxcvbn.org>
1545 Check for compiler SSE4.1 support in PCLMUL CRC code.
1546 + commit 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8
1547 * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if
1548 compiler supports PCLMUL *and* SSE4.1
1549 * cipher/crc.c: Ditto
1550 * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New.
1552 2016-05-06 NIIBE Yutaka <gniibe@fsij.org>
1554 ecc: Fix ecc_verify for cofactor support.
1555 + commit c7430aa752232aa690c5d8f16575a345442ad8d7
1556 * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h".
1558 2016-04-26 Werner Koch <wk@gnupg.org>
1560 random: Try to use getrandom() instead of /dev/urandom (Linux only).
1561 + commit ee5a32226a7ca4ab067864e06623fc11a1768900
1562 * configure.ac: Check for syscall.
1563 * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
1564 (_gcry_rndlinux_gather_random): Use getrandom is available.
1566 2016-04-19 Werner Koch <wk@gnupg.org>
1568 asm fix for older gcc versions.
1569 + commit caa9d14c914bf6116ec3f773a322a94e2be0c0fb
1570 * cipher/crc-intel-pclmul.c: Remove extra trailing colon from
1573 asm fix for older gcc versions.
1574 + commit 4545372c0f8dd35aef2a7abc12b588ed1a4a0363
1575 * cipher/crc-intel-pclmul.c: Remove extra trailing colon from
1578 2016-04-15 Werner Koch <wk@gnupg.org>
1581 + commit 795f9cb090c776658a0e3117996e3fb7e2ebd94a
1584 2016-04-14 Werner Koch <wk@gnupg.org>
1586 tests: Add test vectors for 256 GiB test of SHA3-256.
1587 + commit 1737c546dc7268fa9edcd4a23b7439c56d37ee4f
1588 * tests/hashtest.c: Add new test vectros.
1590 2016-04-14 Justus Winter <justus@g10code.com>
1592 src: Improve S-expression parsing.
1593 + commit 491586bc7f7b9edc6b78331a77e653543983c9e4
1594 * src/sexp.c (do_vsexp_sscan): Return an error if a closing
1595 parenthesis is encountered with no matching opening parenthesis.
1597 2016-04-14 Werner Koch <wk@gnupg.org>
1599 cipher: Add constant for 8 bit CFB mode.
1600 + commit 47c6a1f88eb763e9baa394e34d873b761abcebbe
1601 * src/gcrypt.h.in (GCRY_CIPHER_MODE_CFB8): New.
1602 * tests/basic.c (check_cfb_cipher): Prepare for CFB-8 tests.
1604 tests: Add a new test for S-expressions.
1605 + commit 88c6b98350193abbdcfb227754979b0c097ee09c
1606 * tests/t-sexp.c (compare_to_canon): New.
1607 (back_and_forth_one): Add another test.
1609 2016-04-13 NIIBE Yutaka <gniibe@fsij.org>
1611 ecc: Fix corner cases for X25519.
1612 + commit 8472b71812e71c69d66e2fcc02a6e21b66755f8b
1613 * cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns
1614 GPG_ERR_INV_DATA instead of aborting with log_fatal. For X25519,
1615 it's not an error, thus, let it return 0.
1616 (ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish
1617 X25519, not by the name of the curve.
1618 (ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead
1619 of aborting with log_fatal. For X25519, it's not an error by its
1620 definition, but we deliberately let it return the error to detect
1621 looks-like-encrypted-message.
1622 * tests/t-cv25519.c: Add points to record the issue.
1624 2016-04-12 Werner Koch <wk@gnupg.org>
1626 cipher: Buffer data from gcry_cipher_authenticate in OCB mode.
1627 + commit b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b
1628 * cipher/cipher-internal.h (gcry_cipher_handle): Add fields
1629 aad_leftover and aad_nleftover to u_mode.ocb.
1630 * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Clear
1632 (_gcry_cipher_ocb_authenticate): Add buffering and facor some code out
1634 (ocb_aad_finalize): new.
1635 (compute_tag_if_needed): Call new function.
1636 * tests/basic.c (check_ocb_cipher_splitaad): New.
1637 (check_ocb_cipher): Call new function.
1638 (main): Also call check_cipher_modes with --ciper-modes.
1640 2016-04-12 NIIBE Yutaka <gniibe@fsij.org>
1642 ecc: Fix X25519 computation on Curve25519.
1643 + commit ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5
1644 * cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when
1645 PUBKEY_FLAG_DJB_TWEAK is enabled.
1646 (ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled.
1647 * tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt.
1649 ecc: Fix initialization of EC context.
1650 + commit 7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de
1651 * cipher/ecc.c (test_ecdh_only_keys, ecc_generate)
1652 (ecc_check_secret_key, ecc_encrypt_raw, ecc_decrypt_raw): Initialize
1653 by _gcry_mpi_ec_p_internal_new should carry FLAGS.
1655 2016-04-06 Werner Koch <wk@gnupg.org>
1657 Allow building with configure option --enable-hmac-binary-check.
1658 + commit 65c63144b66392f40b991684789b8b793248e3ba
1659 * src/Makefile.am (mpicalc_LDADD): Add DL_LIBS.
1660 * src/fips.c (check_binary_integrity): Allow use of hmac256 output.
1661 * src/hmac256.c (main): Add option --stdkey
1663 2016-04-06 NIIBE Yutaka <gniibe@fsij.org>
1665 ecc: Positive values in computation.
1666 + commit 6f386ceae86a058e26294f744750f1ed2a95e604
1667 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
1668 coefficients A and B are positive.
1669 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
1670 "P - T" instead of "-T", so that the result will be positive.
1671 (_gcry_ecc_eddsa_verify): Likewise.
1672 * cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
1673 instead of _gcry_ecc_update_curve_param.
1674 * mpi/ec.c (ec_subm): Make sure the result will be positive.
1675 (dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
1676 mpi_sub instead of mpi_neg.
1677 (add_points_edwards): Simply use ec_addm.
1678 * tests/t-mpi-point.c (test_curve): Define curves with positive
1681 2016-04-01 Werner Koch <wk@gnupg.org>
1683 mpi: Explicitly limit the allowed input length for gcry_mpi_scan.
1684 + commit 862cf19a119427dd7ee7959a36c72d905f5ea5ca
1685 * mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New.
1686 (mpi_fromstr): Check against this limit.
1687 (_gcry_mpi_scan): Ditto.
1688 * tests/mpitests.c (test_maxsize): New.
1689 (main): Cal that test.
1691 2016-03-31 Werner Koch <wk@gnupg.org>
1693 cipher: Remove specialized rmd160 functions.
1694 + commit fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27
1695 * cipher/rmd160.c: Replace rmd.h by hash-common.h.
1696 (RMD160_CONTEXT): Move from rmd.h to here.
1697 (_gcry_rmd160_init): Remove.
1698 (_gcry_rmd160_mixblock): Remove.
1699 (_gcry_rmd160_hash_buffer): Use rmd160_init directly.
1700 * cipher/md.c: Remove rmd.h which was not actually used.
1701 * cipher/rmd.h: Remove.
1702 * cipher/Makefile.am (libcipher_la_SOURCES): Remove rmd.h.
1703 * configure.ac (USE_RMD160): Allow to build without RMD160.
1705 random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool.
1706 + commit a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0
1707 * cipher/sha1.c (_gcry_sha1_mixblock_init): New.
1708 (_gcry_sha1_mixblock): New.
1709 * random/random-csprng.c: Include sha1.h instead of rmd.h.
1710 (mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing.
1712 cipher: Move sha1 context definition to a separate file.
1713 + commit 142a479a484cb4e84d0561be9b05b44dac9e6fe2
1714 * cipher/sha1.c: Replace hash-common.h by sha1.h.
1715 (SHA1_CONTEXT): Move to ...
1716 * cipher/sha1.h: new. Always include all flags.
1717 * cipher/Makefile.am (libcipher_la_SOURCES): Add sha1.h.
1719 2016-03-29 Werner Koch <wk@gnupg.org>
1721 tests: Fix buffer overflow in bench-slope.
1722 + commit 48ee918400762281bec5b6fc218a9f0d119aac7c
1723 * tests/bench-slope.c (bench_print_result_std): Remove wrong use of
1726 2016-03-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1728 cipher: GCM: check that length of supplied tag is one of valid lengths.
1729 + commit f2260e3a2e962ac80124ef938e54041bbea08561
1730 * cipher/cipher-gcm.c (is_tag_length_valid): New.
1731 (_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length.
1732 * tests/basic.c (_check_gcm_cipher): Add test-vectors with different
1733 valid tag lengths and negative test vectors with invalid lengths.
1735 2016-03-24 Peter Wu <peter@lekensteyn.nl>
1737 cipher: Fix memleaks in (self)tests.
1738 + commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9
1739 * cipher/dsa.c: Release memory for MPI and sexp structures.
1740 * cipher/ecc.c: Release memory for sexp structure.
1741 * tests/keygen.c: Likewise.
1743 Mark constant MPIs as non-leaked.
1744 + commit 470a30db241a2d567739ef2adb2a2ee64992d8b4
1745 * mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked.
1747 2016-03-23 Werner Koch <wk@gnupg.org>
1749 Add new control GCRYCTL_GET_TAGLEN for use with gcry_cipher_info.
1750 + commit fea5971488e049f902d7912df22a945bc755ad6d
1751 * src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New.
1752 * cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature.
1754 * tests/basic.c (_check_gcm_cipher): Check that new feature.
1755 (_check_poly1305_cipher): Ditto.
1756 (check_ccm_cipher): Ditto.
1757 (do_check_ocb_cipher): Ditto.
1758 (check_ctr_cipher): Add negative test for new feature.
1760 cipher: Avoid NULL-segv in GCM mode if a key has not been set.
1761 + commit e709d86fe596a4bcf235799468947c13ae657d78
1762 * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN
1763 has been initialized.
1764 (_gcry_cipher_gcm_decrypt): Ditto.
1765 (_gcry_cipher_gcm_authenticate): Ditto.
1766 (_gcry_cipher_gcm_initiv): Ditto.
1767 (_gcry_cipher_gcm_tag): Ditto.
1769 cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag.
1770 + commit 7c9c82feecf94a455c66d9c38576f36c9c4b484c
1771 * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the
1772 provided tag length matches the actual tag length.
1774 2016-03-23 Peter Wu <peter@lekensteyn.nl>
1776 Fix buffer overrun in gettag for Poly1305.
1777 + commit 6821e1bd94969106a70e3de17b86f6e6181f4e59
1778 * cipher/cipher-poly1305.c: copy a fixed length instead of the
1779 user-supplied number.
1781 2016-03-23 Werner Koch <wk@gnupg.org>
1783 cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag.
1784 + commit 15785bc9fb1787554bf371945ecb191830c15bfd
1785 * cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided
1786 tag length matches the actual tag length. Avoid gratuitous return
1789 2016-03-23 Peter Wu <peter@lekensteyn.nl>
1791 Fix buffer overrun in gettag for GCM.
1792 + commit d3d7bdf8215275b3b20690dfde3f43dbe25b6f85
1793 * cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
1796 2016-03-22 Werner Koch <wk@gnupg.org>
1798 tests: Add options --fips to keygen for manual tests.
1799 + commit d328095dd4de83b839d9d8c4bdbeec0956971016
1800 (main): Add option --fips.
1801 * tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539
1802 because that is valid in FIPS mode. Check that key generation fails
1803 for too short keys in FIPS mode.
1804 (check_ecc_keys): Check that key generation fails for Ed25519 keys in
1807 2016-03-22 Tomáš Mráz <tmraz@redhat.com>
1809 rsa: Add FIPS 186-4 compliant RSA probable prime key generator.
1810 + commit 5f9b3c2e220ca6d0eaff32324a973ef67933a844
1811 * cipher/primegen.c (_gcry_fips186_4_prime_check): New.
1812 * cipher/rsa.c (generate_fips): New.
1813 (rsa_generate): Use new function in fips mode or with test-parms.
1815 * tests/keygen.c (check_rsa_keys): Add test using e=65539.
1817 2016-03-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1819 Fix ARM NEON support detection on ARMv6 target.
1820 + commit 583919d70763671ed9feeaa14e1f66379aff88cc
1821 * configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive
1822 instead of '.thumb'.
1824 2016-03-18 Werner Koch <wk@gnupg.org>
1826 Always require a 64 bit integer type.
1827 + commit 897ccd21b7221982806b5c024518f4e989152f14
1828 * configure.ac (available_digests_64): Merge with available_digests.
1829 (available_kdfs_64): Merge with available_kdfs.
1830 <64 bit datatype test>: Bail out if no such type is available.
1831 * src/types.h: Emit #error if no u64 can be defined.
1832 (PROPERLY_ALIGNED_TYPE): Always add u64 type.
1833 * cipher/bithelp.h: Remove all code paths which handle the
1834 case of !HAVE_U64_TYPEDEF.
1835 * cipher/bufhelp.h: Ditto.
1836 * cipher/cipher-ccm.c: Ditto.
1837 * cipher/cipher-gcm.c: Ditto.
1838 * cipher/cipher-internal.h: Ditto.
1839 * cipher/cipher.c: Ditto.
1840 * cipher/hash-common.h: Ditto.
1841 * cipher/md.c: Ditto.
1842 * cipher/poly1305.c: Ditto.
1843 * cipher/scrypt.c: Ditto.
1844 * cipher/tiger.c: Ditto.
1845 * src/g10lib.h: Ditto.
1846 * tests/basic.c: Ditto.
1847 * tests/bench-slope.c: Ditto.
1848 * tests/benchmark.c: Ditto.
1850 2016-03-18 Vitezslav Cizek <vcizek@suse.com>
1852 tests: Fix testsuite after the FIPS adjustments.
1853 + commit 9ecc2690181ba0bb44f66451a7dce2fc19965793
1854 * tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
1855 * tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
1856 * tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
1857 (check_ecc_keys): Skip Ed25519 in FIPS mode.
1858 * tests/random.c (main): Don't switch DRBG in FIPS mode.
1859 * tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
1860 * tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
1861 * tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
1862 (main): Skip math tests that use P-192 and Ed25519 in FIPS.
1864 tests: Add new --pss option to fipsdrv.
1865 + commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97
1866 * tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length
1869 cipher: Add option to specify salt length for PSS verification.
1870 + commit 0bd8137e68c201b6c2290710e348aaf57efa2b2e
1871 * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for
1874 tests: Add support for RSA keygen tests to fipsdrv.
1875 + commit 2e139456369a834cf87d983da4f61241fda76efe
1876 * tests/fipsdrv.c (run_rsa_keygen): New.
1877 (main): Support RSA keygen and RSA keygen KAT tests.
1879 tests: Fixes for RSA testsuite in FIPS mode.
1880 + commit c690230af5a66b809f8f6fbab1a6262a5ba078cb
1881 * tests/basic.c (get_keys_new): Generate 2048 bit key.
1882 * tests/benchmark.c (rsa_bench): Skip keys of lengths different
1883 than 2048 and 3072 in FIPS mode.
1884 * tests/keygen.c (check_rsa_keys): Failure if short keys can be
1885 generated in FIPS mode.
1886 (check_dsa_keys): Ditto for DSA keys.
1887 * tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
1889 rsa: Use 2048 bit RSA keys for selftest.
1890 + commit 78cec8b4754fdf774edb2d575000cb3e972e244c
1891 * cipher/rsa.c (selftests_rsa): Use 2048 bit keys.
1892 (selftest_encr_1024): Replaced by selftest_encr_2048.
1893 (selftest_sign_1024): Replaced by selftest_sign_2048.
1894 (selftest_encr_2048): Add check against known ciphertext.
1895 (selftest_sign_2048): Add check against known signature.
1896 (selftest_sign_2048): Free SIG_MPI.
1897 * tests/pubkey.c (get_keys_new): Generate 2048 bit keys.
1899 Disable non-allowed algorithms in FIPS mode.
1900 + commit ce1cbe16992a7340edcf8e6576973e3508267640
1901 * cipher/cipher.c (_gcry_cipher_init),
1902 * cipher/mac.c (_gcry_mac_init),
1903 * cipher/md.c (_gcry_md_init),
1904 * cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
1905 non-allowed ciphers.
1906 * cipher/md5.c: Mark MD5 as not allowed in FIPS.
1907 * src/g10lib.h (_gcry_mac_init): New.
1908 * src/global.c (global_init): Call the new _gcry_mac_init.
1909 * tests/basic.c (check_ciphers): Fix a typo.
1911 2016-03-18 Werner Koch <wk@gnupg.org>
1913 kdf: Make PBKDF2 check work on all platforms.
1914 + commit c478cf175887c84dc071c4f73a7667603b354789
1915 * cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long.
1917 2016-03-18 Vitezslav Cizek <vcizek@suse.com>
1919 kdf: Add upper bound for derived key length in PBKDF2.
1920 + commit 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6
1921 * cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen.
1923 ecc: ECDSA adjustments for FIPS 186-4.
1924 + commit a242e3d9185e6e2dc13902ea9331131755bbba01
1925 * cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
1926 * cipher/ecc.c: Add ECDSA self test.
1927 * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
1929 * tests/fipsdrv.c: Add support for ECDSA signatures.
1931 2016-03-18 Werner Koch <wk@gnupg.org>
1933 dsa: Make regression tests work.
1934 + commit e40939b2141306238cc30a340b867b60fa4dc2a3
1935 * cipher/dsa.c (sample_secret_key_1024): Comment out unused constant.
1936 (ogenerate_fips186): Make it work with use-fips183-2 flag.
1937 * cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs
1938 standard comment out format.
1939 * tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion.
1941 (main): Compare against current version.
1942 * tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key.
1943 (get_dsa_key_fips186_with_seed_new): Ditto.
1944 (get_dsa_key_fips186_with_domain_new): Comment out.
1945 (check_run): Do not call that function.
1947 2016-03-18 Vitezslav Cizek <vcizek@suse.com>
1949 dsa: Adjustments to conform with FIPS 186-4.
1950 + commit 80e9f95e6f419daa765e4876c858e3e36e808897
1951 * cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments.
1952 * cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect
1953 buflen passed to _gcry_mpi_scan.
1955 2016-03-16 Justus Winter <justus@g10code.com>
1957 Update documentation for 'gcry_sexp_extract_param'.
1958 + commit 4051fe7fec6ffdc7a2f5c3856665478866991ee7
1959 * doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs
1960 must be set to NULL first, and document how the function behaves in
1962 * src/sexp.c (_gcry_sexp_extract_param): Likewise.
1963 * src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from
1964 '_gcry_sexp_extract_param'.
1966 cipher: Update comment.
1967 + commit fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2
1968 * cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact
1969 that a curve parameter can be given.
1971 2016-03-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
1973 Add Intel PCLMUL implementations of CRC algorithms.
1974 + commit 5d601dd57fcb41aa2015ab655fd6fc51537da667
1975 * cipher/Makefile.am: Add 'crc-intel-pclmul.c'.
1976 * cipher/crc-intel-pclmul.c: New.
1977 * cipher/crc.c (USE_INTEL_PCLMUL): New macro.
1978 (CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'.
1979 [USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul)
1980 (gcry_crc24rfc2440_intel_pclmul): New.
1981 (crc32_init, crc32rfc1510_init, crc24rfc2440_init)
1982 [USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL
1983 HW features detected.
1984 (crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL
1985 implementation if enabled.
1986 (crc24_init): Document storage format of 24-bit CRC.
1987 (crc24_next4): Use only 'data' for last table look-up.
1988 * configure.ac: Add 'crc-intel-pclmul.lo'.
1989 * src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include
1991 * src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection.
1992 * src/hwfeatures.c (hwflist): Add 'intel-sse4.1'.
1993 * tests/basic.c (fillbuf_count): New.
1994 (check_one_md): Add "?" check (million byte data-set with byte pattern
1995 0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?"
1997 (check_one_md_multi): Skip "?".
1998 (check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256,
1999 SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160,
2000 CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!"
2001 test-vectors for CRC32_RFC1510 and CRC24_RFC2440.
2003 2016-02-25 NIIBE Yutaka <gniibe@fsij.org>
2005 mpi: Normalize EXPO for mpi_powm.
2006 + commit fdfa5bfefdde316688a3c8021bd3528c5273b0f4
2007 * mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP.
2009 2016-02-22 Andreas Metzler <ametzler@bebt.de>
2011 Do not ship generated header file in tarball.
2012 + commit 2b40a16333fa75f1cee85ab901a5aa9cff845a92
2013 * src/Makefile.am: Move gcrypt.h from include_HEADERS to
2014 nodist_include_HEADERS to prevent inclusion in release tarball.
2015 This could break out-of-tree-builds because the potentially outdated
2016 src/gcrypt.h was not updated but was in the compiler search path.
2018 2016-02-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2020 Fix building random-drbg for Win32/64.
2021 + commit 531b25aa94c58f6d2168a9537c8cea6c53d7bbe0
2022 * random/random-drbg.c: Remove include for sys/types.h and asm/types.h.
2023 (DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH)
2024 (DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384)
2025 (DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192)
2026 (DRBG_SYM256): Change 'u_int32_t' to 'u32'.
2027 (drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters
2028 'drbg_read_cb' and 'len'.
2030 2016-02-20 Werner Koch <wk@gnupg.org>
2032 tests: Do not test DRBG_REINIT from "make check"
2033 + commit 839d12c221430b60db5e0d6fbb107f22e0a6837f
2034 * tests/random.c (main): Run check_drbg_reinit only if the envvar
2035 GCRYPT_IN_REGRESSION_TEST is set.
2037 doc: Fix possible dependency problem.
2038 + commit 3b57e5a1ba68e26dcaea38b763287fddba9b6b7c
2039 * doc/Makefile.am (gcrypt.texi): Use the right traget.
2041 2016-02-19 Stephan Mueller <smueller@chronox.de>
2043 random: Remove ANSI X9.31 DRNG.
2044 + commit e9b692d25d1c149b5417b70e18f2ce173bc25b6d
2045 * random-fips.c: Remove.
2047 2016-02-19 Werner Koch <wk@gnupg.org>
2049 random: Add a test case for DRBG_REINIT.
2050 + commit 934ba2ae5a95a96fdbb3b935b51ba43df66f11df
2051 * src/global.c (_gcry_vcontrol) <DRBG_REINIT>: Test for FIPS RNG.
2052 * tests/random.c (check_drbg_reinit): New.
2053 (main): Call new test.
2055 random: Allow DRBG_REINIT before initialization.
2056 + commit 7cdbd6e6a3cf1ee366b981e148d41b1187a6fdcf
2057 * random/random-drbg.c (DRBG_DEFAULT_TYPE): New.
2058 (_drbg_init_internal): Set the default type if no type has been set
2060 (_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default.
2062 Add new private header gcrypt-testapi.h.
2063 + commit 744b030cff61fd25114b0b25394c62782c153343
2064 * src/gcrypt-testapi.h: New.
2065 * src/Makefile.am (libgcrypt_la_SOURCES): Add new file.
2066 * random/random.h: Include gcrypt-testapi.h.
2067 (struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h.
2068 * src/global.c: Include gcrypt-testapi.h.
2069 (_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61.
2070 * cipher/cipher.c: Include gcrypt-testapi.h.
2071 (_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62.
2072 * tests/fipsdrv.c: Include gcrypt-testapi.h. Remove definition of
2073 PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_
2075 * tests/t-lock.c: Include gcrypt-testapi.h. Remove
2076 PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants.
2078 * random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ...
2079 (_gcry_rngdrbg_cavs_test): this.
2080 (gcry_rngdrbg_healthcheck_one): Rename to ...
2081 (_gcry_rngdrbg_healthcheck_one): this.
2083 random: Make the DRBG C-90 clean and use a flag string.
2084 + commit 95f1db3affb9f5b8a2c814c211d4a02b30446c15
2085 * random/random.h (struct gcry_drbg_test_vector): Rename "flags" to
2086 "flagstr" and turn it into a string.
2087 * random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of
2088 designated initializers. Use a string for the flags.
2089 (gcry_rngdrbg_cavs_test): Parse the flag string into a flag value.
2090 (drbg_healthcheck_sanity): Ditto.
2092 random: Symbol name cleanup for random-drbg.c.
2093 + commit 85ed07790552297586258e8fe09b546eee357a8b
2094 * random/random-drbg.c: Rename all static objects and macros from
2095 "gcry_drbg" to "drbg".
2096 (drbg_string_t): New typedef.
2097 (drbg_gen_t): New typedef.
2098 (drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by
2100 (_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so
2101 that an error if actually returned.
2102 (gcry_rngdrbg_cavs_test): Ditto.
2103 (gcry_drbg_healthcheck_sanity): Ditto.
2105 random: Use our symbol name pattern also for drbg functions.
2106 + commit 7cf3c929331133e4381dbceac53d3addd921c929
2107 * random/random-drbg.c: Rename global functions from _gcry_drbg_*
2109 * random/random.c: Adjust for this change.
2110 * src/global.c: Ditto.
2112 random: Rename drbg.c to random-drbg.c.
2113 + commit e49b3f2c10e012509b5930c0df4d6df378d3b9f4
2114 * random/drbg.c: Rename to ...
2115 * random/random-drbg.c: this.
2116 * random/Makefile.am (librandom_la_SOURCES): Adjust accordingly.
2118 random: Remove the new API introduced by the new DRBG.
2119 + commit dfac2b13d0068b2b1b420d77e9771a49964b81c1
2120 * src/gcrypt.h.in (struct gcry_drbg_gen): Move to random/drbg.c.
2121 (struct gcry_drbg_string): Ditto.
2122 (gcry_drbg_string_fill): Ditto.
2123 (gcry_randomize_drbg): Remove.
2124 * random/drbg.c (parse_flag_string): New.
2125 (_gcry_drbg_reinit): Change the way the arguments are passed.
2126 * src/global.c (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: Change calling
2129 Add helper function _gcry_strtokenize.
2130 + commit 4e134b6e77f558730ec1eceb6b816b0bcfd845e9
2131 * src/misc.c (_gcry_strtokenize): New.
2133 2016-02-18 Werner Koch <wk@gnupg.org>
2135 random: Remove DRBG constants from the public API.
2136 + commit fd13372fa9069d3a72947ea59c57e33637c936bf
2137 * src/gcrypt.h.in (GCRY_DRBG_): Remove all new flags to ...
2138 * random/drbg.c: here.
2140 2016-02-18 Stephan Mueller <smueller@chronox.de>
2142 random: Add SP800-90A DRBG.
2143 + commit ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7
2144 * random/drbg.c: New.
2145 * random/random.c (_gcry_random_initialize): Replace rngfips init by
2147 (__gcry_random_close_fds): Likewise.
2148 (_gcry_random_dump_stats): Likewise.
2149 (_gcry_random_is_faked): Likewise.
2150 (do_randomize): Likewise.
2151 (_gcry_random_selftest): Likewise.
2152 (_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize.
2153 (_gcry_random_init_external_test): Remove.
2154 (_gcry_random_run_external_test): Remove.
2155 (_gcry_random_deinit_external_test): Remove.
2156 * random/random.h (struct gcry_drbg_test_vector): New.
2157 * src/gcrypt.h.in (struct gcry_drbg_gen): New.
2158 (struct gcry_drbg_string): New.
2159 (gcry_drbg_string_fill): New.
2160 (gcry_randomize_drbg): New.
2161 (GCRY_DRBG_): Lots of new macros.
2162 * src/global.c (_gcry_vcontrol) <Init external random test>: Turn into
2164 (_gcry_vcontrol) <Deinit external random test>: Ditto.
2165 (_gcry_vcontrol) <Run external random test>: Change.
2166 (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: New.
2168 2016-02-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2170 bufhelp: disable unaligned memory accesses on powerpc.
2171 + commit 1da793d089b65ac8c1ead65dacb6b8699f5b6e69
2172 * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Disable for
2173 __powerpc__ and __powerpc64__.
2175 2016-02-12 NIIBE Yutaka <gniibe@fsij.org>
2177 ecc: Not validate input point for Curve25519.
2178 + commit 7a019bc7ecdbdfdef51094e090ce95e062da9b64
2179 * cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception.
2181 2016-02-10 NIIBE Yutaka <gniibe@fsij.org>
2183 ecc: Fix memory leaks on error.
2184 + commit b12dd550fd6af687ef95c584d0d8366c34965cc8
2185 * cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory.
2186 * mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise.
2188 2016-02-09 NIIBE Yutaka <gniibe@fsij.org>
2190 ecc: input validation on ECDH.
2191 + commit 23b72901f8a5ba9a78485b235c7a917fbc8faae0
2192 * cipher/ecc.c (ecc_decrypt_raw): Validate the point.
2194 2016-02-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2196 Add ARM assembly implementation of SHA-512.
2197 + commit 8353884bc65c820d5bcacaf1ac23cdee72091a09
2198 * cipher/Makefile.am: Add 'sha512-arm.S'.
2199 * cipher/sha512-arm.S: New.
2200 * cipher/sha512.c (USE_ARM_ASM): New.
2201 (_gcry_sha512_transform_arm): New.
2202 (transform) [USE_ARM_ASM]: Use ARM assembly implementation instead of
2204 * configure.ac: Add 'sha512-arm.lo'.
2206 2016-02-03 NIIBE Yutaka <gniibe@fsij.org>
2208 tests: Add a test for Curve25519.
2209 + commit b8b3361504950689ef1e779fb3357cecf8a9f739
2210 * tests/Makefile.am (tests_bin): Add t-cv25519.
2211 * tests/t-cv25519.c: New.
2213 2016-02-02 NIIBE Yutaka <gniibe@fsij.org>
2215 ecc: Fix Curve25519 for data by older implementation.
2216 + commit 6cb6df9dddac6ad246002b83c2ce0aaa0ecf30e5
2217 * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix code path for
2220 ecc: more fix of Curve25519.
2221 + commit 48ba5a50066611ecacea850ced13f5cb66097a81
2222 * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix removing of
2223 prefix. Clear the MSB, according to RFC7748.
2225 ecc: Fix ECDH of Curve25519.
2226 + commit a2f9afcd7fcdafd5951498b07f34957f9766dce9
2227 * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix calc of NBITS
2228 and prefix detection.
2229 * cipher/ecc.c (ecc_generate): Use NBITS instead of CTX->NBITS.
2230 (ecc_encrypt_raw): Use NBITS from curve instead of from P.
2231 Fix rawmpilen calculation.
2232 (ecc_decrypt_raw): Likewise. Add debug output.
2234 2016-01-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2236 Improve performance of generic SHA256 implementation.
2237 + commit f3e51161036382429c3491c7c881f36c0a653c7b
2238 * cipher/sha256.c (R): Let caller do variable shuffling.
2239 (Chro, Maj, Sum0, Sum1): Convert from inline functions to macros.
2241 (transform_blk): Unroll round loop; inline message expansion to rounds
2242 to make message expansion buffer smaller.
2244 2016-01-28 Werner Koch <wk@gnupg.org>
2246 ecc: New API function gcry_mpi_ec_decode_point.
2247 + commit 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897
2248 * mpi/ec.c (_gcry_mpi_ec_decode_point): New.
2249 * cipher/ecc-common.h: Move two prototypes to ...
2250 * src/ec-context.h: here.
2251 * src/gcrypt.h.in (gcry_mpi_ec_decode_point): New.
2252 * src/libgcrypt.def (gcry_mpi_ec_decode_point): New.
2253 * src/libgcrypt.vers (gcry_mpi_ec_decode_point): New.
2254 * src/visibility.c (gcry_mpi_ec_decode_point): New.
2255 * src/visibility.h: Add new function.
2257 2016-01-15 Werner Koch <wk@gnupg.org>
2259 Fix build problem for rndegd.c.
2260 + commit 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1
2261 * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Test all RND modules.
2262 * random/rndegd.c (_gcry_rndegd_connect_socket)
2263 (my_make_filename): Use functions with '_' prefix.
2265 random: Fix possible AIX problem with sysconf in rndunix.
2266 + commit 6303b0e83856ee89374b447e710f0ab2af61caec
2267 * random/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
2268 (start_gatherer): Detect misbehaving sysconf.
2270 2015-12-27 Werner Koch <wk@gnupg.org>
2272 random: Take at max 25% from RDRAND.
2273 + commit 5a78e7f15e0dd96a8bf64e2bb142880bf8ea6965
2274 * random/rndlinux.c (_gcry_rndlinux_gather_random): Change use of
2275 RDRAND from 50% to 25%.
2277 2015-12-07 Justus Winter <justus@g10code.com>
2279 cipher: Improve error handling.
2280 + commit b9c02fbeb7efb7d0593b33485fb30c298291cf80
2281 * cipher/ecc.c (ecc_decrypt_raw): Improve error handling.
2283 cipher: Initialize 'flags'.
2284 + commit ca06cd7f77acb317c2649c58918908f043dfe6bd
2285 * cipher/ecc.c (ecc_encrypt_raw): Initialize 'flags' to 0.
2287 2015-12-05 NIIBE Yutaka <gniibe@fsij.org>
2289 ecc: CHANGE point representation of Curve25519.
2290 + commit dd3d06e7f113cf7608f060ceb043262efd0b0c9d
2291 * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Decode point with
2292 the prefix 0x40, additional 0x00 by MPI handling, and shorter octets
2293 by MPI normalization.
2294 * cipher/ecc.c (ecc_generate, ecc_encrypt_raw, ecc_decrypt_raw):
2295 Always add the prefix 0x40.
2297 2015-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2299 chacha20: fix alignment of self-test context.
2300 + commit 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38
2301 * cipher/chacha20.c (selftest): Ensure 16-byte alignment for chacha20
2304 salsa20: fix alignment of self-test context.
2305 + commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca
2306 * cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20
2309 2015-12-02 Justus Winter <justus@g10code.com>
2311 random: Drop fake entropy gathering function.
2312 + commit d421ac283ec46d0ecaf6278ba4c24843f65fb2fa
2313 * random/random-csprng.c (faked_rng): Drop variable.
2314 (gather_faked): Drop prototype and function.
2315 (initialize): Drop fallback code.
2316 (_gcry_rngcsprng_is_faked): Change accordingly.
2318 random: Fix selection of entropy gathering function.
2319 + commit 468a5796ffb1a7776db4004d534376c1b981d740
2320 * random/random-csprng.c (getfnc_gather_random): Do return NULL if no
2321 usable entropy gathering function is found. The callsite then
2322 installs the fake gather function.
2324 2015-11-26 NIIBE Yutaka <gniibe@fsij.org>
2326 ecc: minor improvement of point multiplication.
2327 + commit 3658afd09c3b03b4398aaa5748387220c93b1a94
2328 * mpi/ec.c (_gcry_mpi_ec_mul_point): Move ec_subm out of the loop.
2330 2015-11-25 NIIBE Yutaka <gniibe@fsij.org>
2332 ecc: Constant-time multiplication for Weierstrass curve.
2333 + commit 88e1358962e902ff1cbec8d53ba3eee46407851a
2334 * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
2335 method for Weierstrass curve when SCALAR is secure.
2337 mpi: fix gcry_mpi_swap_cond.
2338 + commit f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f
2339 * mpi/mpiutil.c (_gcry_mpi_swap_cond): Relax the condition.
2341 mpi: Fix mpi_set_cond and mpi_swap_cond .
2342 + commit 8ad682c412047d3b9196950709dbd7bd14ac8732
2343 * mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use
2344 the operator of !!, but assume SET/SWAP is 0 or 1.
2346 ecc: multiplication of Edwards curve to be constant-time.
2347 + commit 295b1c3540752af4fc5e6f41480e6db215222fba
2348 * mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond.
2350 ecc: Add point_resize and point_swap_cond.
2351 + commit b6015176df6bfae107ac82f9baa29ef2c175c9f9
2352 * mpi/ec.c (point_resize, point_swap_cond): New.
2353 (_gcry_mpi_ec_mul_point): Use point_resize and point_swap_cond.
2355 2015-11-18 Justus Winter <justus@g10code.com>
2357 cipher: Fix error handling.
2358 + commit 940dc8adc034a6c6c38742f6bfd7d837a532d537
2359 * cipher/cipher.c (_gcry_cipher_ctl): Fix error handling.
2361 2015-11-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2363 Tweak Keccak for small speed-up.
2364 + commit 6571a64331839d7d952292163afbf34c8bef62e0
2365 * cipher/keccak_permute_32.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Track
2366 rounds with round constant pointer instead of separate round counter.
2367 * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Ditto.
2368 (KECCAK_F1600_ABSORB_FUNC_NAME): Tweak lanes pointer increment for bulk
2371 Update license information for CRC.
2372 + commit 15ea0acf8bb0aa307eccc23024a0bd7878fb8080
2373 * LICENSES: Remove 'Simple permissive' and 'IETF permissive' licenses
2374 for 'cipher/crc.c' as result of rewrite of CRC implementations.
2376 2015-11-17 Justus Winter <justus@g10code.com>
2378 Fix typos found using codespell.
2379 + commit 0e395944b70c7a92a6437f6bcc14f287c19ce9de
2380 * cipher/cipher-ocb.c: Fix typos.
2381 * cipher/des.c: Likewise.
2382 * cipher/dsa-common.c: Likewise.
2383 * cipher/ecc.c: Likewise.
2384 * cipher/pubkey.c: Likewise.
2385 * cipher/rsa-common.c: Likewise.
2386 * cipher/scrypt.c: Likewise.
2387 * random/random-csprng.c: Likewise.
2388 * random/random-fips.c: Likewise.
2389 * random/rndw32.c: Likewise.
2390 * src/cipher-proto.h: Likewise.
2391 * src/context.c: Likewise.
2392 * src/fips.c: Likewise.
2393 * src/gcrypt.h.in: Likewise.
2394 * src/global.c: Likewise.
2395 * src/sexp.c: Likewise.
2396 * tests/mpitests.c: Likewise.
2397 * tests/t-lock.c: Likewise.
2399 2015-11-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2401 Improve performance of Tiger hash algorithms.
2402 + commit 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0
2403 * cipher/tiger.c (tiger_round, pass, key_schedule): Convert functions
2405 (transform_blk): Pass variable names instead of pointers to 'pass'.
2407 Add ARMv7/NEON implementation of Keccak.
2408 + commit a1cc7bb15473a2419b24ecac765ae0ce5989a13b
2409 * cipher/Makefile.am: Add 'keccak-armv7-neon.S'.
2410 * cipher/keccak-armv7-neon.S: New.
2411 * cipher/keccak.c (USE_64BIT_ARM_NEON): New.
2412 (NEED_COMMON64): Select if USE_64BIT_ARM_NEON.
2413 [NEED_COMMON64] (round_consts_64bit): Rename to...
2414 [NEED_COMMON64] (_gcry_keccak_round_consts_64bit): ...this; Add
2416 [USE_64BIT_ARM_NEON] (_gcry_keccak_permute_armv7_neon)
2417 (_gcry_keccak_absorb_lanes64_armv7_neon, keccak_permute64_armv7_neon)
2418 (keccak_absorb_lanes64_armv7_neon, keccak_armv7_neon_64_ops): New.
2419 (keccak_init) [USE_64BIT_ARM_NEON]: Select ARM/NEON implementation
2421 * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Update
2422 to use new round constant table.
2423 * configure.ac: Add 'keccak-armv7-neon.lo'.
2425 Optimize Keccak 64-bit absorb functions.
2426 + commit 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88
2427 * cipher/keccak.c [USE_64BIT] [__x86_64__] (absorb_lanes64_8)
2428 (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New.
2429 * cipher/keccak.c [USE_64BIT] [!__x86_64__] (absorb_lanes64_8)
2430 (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New.
2431 [USE_64BIT] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
2432 [USE_64BIT] (keccak_absorb_lanes64): Remove.
2433 [USE_64BIT_SHLD] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
2434 [USE_64BIT_SHLD] (keccak_absorb_lanes64_shld): Remove.
2435 [USE_64BIT_BMI2] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
2436 [USE_64BIT_BMI2] (keccak_absorb_lanes64_bmi2): Remove.
2437 * cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): New.
2439 2015-10-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2441 Enable CRC test vectors with zero bytes.
2442 + commit 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2
2443 * tests/basic.c (check_digests): Enable CRC test-vectors with zero
2446 Keccak: Add SHAKE Extendable-Output Functions.
2447 + commit c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29
2448 * src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for
2450 * src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract'
2451 and add 'pos' argument.
2452 (KECCAK_CONTEXT): Add 'suffix'.
2453 (keccak_extract_inplace64): Rename to...
2454 (keccak_extract64): ...this; Add handling for 'pos' argument.
2455 (keccak_extract_inplace32bi): Rename to...
2456 (keccak_extract32bi): ...this; Add handling for 'pos' argument.
2457 (keccak_extract_inplace64): Rename to...
2458 (keccak_extract64): ...this; Add handling for 'pos' argument.
2459 (keccak_extract_inplace32bi_bmi2): Rename to...
2460 (keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument.
2461 (keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256.
2462 (shake128_init, shake256_init): New.
2463 (keccak_final): Do not initial permute for SHAKE output; use correct
2465 (keccak_extract): New.
2466 (keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors.
2467 (run_selftests): Add SHAKE128 & SHAKE256.
2468 (shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256)
2469 (_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New.
2470 * cipher/md.c (digest_list): Add SHAKE128 & SHAKE256.
2471 * doc/gcrypt.texi: Ditto.
2472 * src/cipher.h (_gcry_digest_spec_shake128)
2473 (_gcry_digest_spec_shake256): New.
2474 * src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New.
2475 * tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument.
2476 (check_one_md_multi): Skip if algo is XOF.
2477 (check_digests): Add SHAKE128 & SHAKE256 test vectors.
2478 * tests/bench-slope.c (kdf_bench_one): Skip XOFs.
2480 Few updates to documentation.
2481 + commit 28de6f9e16e386018e81a9cdaee596be7616ccab
2482 * doc/gcrypt.text: Add mention of new 'intel-fast-shld' hw feature
2483 flag; Add mention of x86 RDRAND support in rndhw.
2485 Add HMAC-SHA3 test vectors.
2486 + commit 92ad19873562cfce7bcc4a0b5aed8195d8284cfc
2487 * tests/basic.c (check_mac): Add HMAC_SHA3 test vectors.
2489 2015-10-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2491 md: add variable length output interface.
2492 + commit 577dc2b63ceca6a8a716256d034ea4e7414f65fa
2493 * cipher/crc.c (_gcry_digest_spec_crc32)
2494 (_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set
2496 * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94)
2497 (_gcry_digest_spec_gost3411_cp): Ditto.
2498 * cipher/keccak.c (_gcry_digest_spec_sha3_224)
2499 (_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384)
2500 (_gcry_digest_spec_sha3_512): Ditto.
2501 * cipher/md2.c (_gcry_digest_spec_md2): Ditto.
2502 * cipher/md4.c (_gcry_digest_spec_md4): Ditto.
2503 * cipher/md5.c (_gcry_digest_spec_md5): Ditto.
2504 * cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto.
2505 * cipher/sha1.c (_gcry_digest_spec_sha1): Ditto.
2506 * cipher/sha256.c (_gcry_digest_spec_sha224)
2507 (_gcry_digest_spec_sha256): Ditto.
2508 * cipher/sha512.c (_gcry_digest_spec_sha384)
2509 (_gcry_digest_spec_sha512): Ditto.
2510 * cipher/stribog.c (_gcry_digest_spec_stribog_256)
2511 (_gcry_digest_spec_stribog_512): Ditto.
2512 * cipher/tiger.c (_gcry_digest_spec_tiger)
2513 (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto.
2514 * cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto.
2515 * cipher/md.c (md_enable): Do not allow combination of HMAC and
2516 'expandable-output function'.
2517 (md_final): Check if spec->read is NULL before calling.
2519 (md_extract, _gcry_md_extract): New.
2520 * doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract.
2521 * src/cipher-proto.h (gcry_md_extract_t): New.
2522 (gcry_md_spec_t): Add 'extract'.
2523 * src/gcrypt-int.g (_gcry_md_extract): New.
2524 * src/gcrypt.h.in (gcry_md_extract): New.
2525 * src/libgcrypt.def: Add gcry_md_extract.
2526 * src/libgcrypt.vers: Add gcry_md_extract.
2527 * src/visibility.c (gcry_md_extract): New.
2528 * src/visibility.h (gcry_md_extract): New.
2530 md: check hmac flag in prepare_macpads.
2531 + commit cee2e122ec6c1886957a8d47498eb63a6a921725
2532 * cipher/md.c (prepare_macpads): Check hmac flag.
2534 keccak: rewrite for improved performance.
2535 + commit 74184c28fbe7ff58cf57f0094ef957d94045da7d
2536 * cipher/Makefile.am: Add 'keccak_permute_32.h' and
2537 'keccak_permute_64.h'.
2538 * cipher/hash-common.h [USE_SHA3] (MD_BLOCK_MAX_BLOCKSIZE): Remove.
2539 * cipher/keccak.c (USE_64BIT, USE_32BIT, USE_64BIT_BMI2)
2540 (USE_64BIT_SHLD, USE_32BIT_BMI2, NEED_COMMON64, NEED_COMMON32BI)
2541 (keccak_ops_t): New.
2542 (KECCAK_STATE): Add 'state64' and 'state32bi' members.
2543 (KECCAK_CONTEXT): Remove 'bctx'; add 'blocksize', 'count' and 'ops'.
2544 (rol64, keccak_f1600_state_permute): Remove.
2545 [NEED_COMMON64] (round_consts_64bit, keccak_extract_inplace64): New.
2546 [NEED_COMMON32BI] (round_consts_32bit, keccak_extract_inplace32bi)
2547 (keccak_absorb_lane32bi): New.
2548 [USE_64BIT] (ANDN64, ROL64, keccak_f1600_state_permute64)
2549 (keccak_absorb_lanes64, keccak_generic64_ops): New.
2550 [USE_64BIT_SHLD] (ANDN64, ROL64, keccak_f1600_state_permute64_shld)
2551 (keccak_absorb_lanes64_shld, keccak_shld_64_ops): New.
2552 [USE_64BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute64_bmi2)
2553 (keccak_absorb_lanes64_bmi2, keccak_bmi2_64_ops): New.
2554 [USE_32BIT] (ANDN64, ROL64, keccak_f1600_state_permute32bi)
2555 (keccak_absorb_lanes32bi, keccak_generic32bi_ops): New.
2556 [USE_32BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute32bi_bmi2)
2557 (pext, pdep, keccak_absorb_lane32bi_bmi2, keccak_absorb_lanes32bi_bmi2)
2558 (keccak_extract_inplace32bi_bmi2, keccak_bmi2_32bi_ops): New.
2559 (keccak_write): New.
2560 (keccak_init): Adjust to KECCAK_CONTEXT changes; add implementation
2561 selection based on HWF features.
2562 (keccak_final): Adjust to KECCAK_CONTEXT changes; use selected 'ops'
2563 for state manipulation.
2564 (keccak_read): Adjust to KECCAK_CONTEXT changes.
2565 (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
2566 (_gcry_digest_spec_sha3_348, _gcry_digest_spec_sha3_512): Use
2567 'keccak_write' instead of '_gcry_md_block_write'.
2568 * cipher/keccak_permute_32.h: New.
2569 * cipher/keccak_permute_64.h: New.
2571 hwf-x86: add detection for Intel CPUs with fast SHLD instruction.
2572 + commit 909644ef5883927262366c356eed530e55aba478
2573 * cipher/sha1.c (sha1_init): Use HWF_INTEL_FAST_SHLD instead of
2575 * cipher/sha256.c (sha256_init, sha224_init): Ditto.
2576 * cipher/sha512.c (sha512_init, sha384_init): Ditto.
2577 * src/g10lib.h (HWF_INTEL_FAST_SHLD): New.
2578 (HWF_INTEL_BMI2, HWF_INTEL_SSSE3, HWF_INTEL_PCLMUL, HWF_INTEL_AESNI)
2579 (HWF_INTEL_RDRAND, HWF_INTEL_AVX, HWF_INTEL_AVX2)
2580 (HWF_ARM_NEON): Update.
2581 * src/hwf-x86.c (detect_x86_gnuc): Add detection of Intel Core
2582 CPUs with fast SHLD/SHRD instruction.
2583 * src/hwfeatures.c (hwflist): Add "intel-fast-shld".
2585 Fix OCB amd64 assembly implementations for x32.
2586 + commit 16fd540f4d01eb6dc23d9509ae549353617c7a67
2587 * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
2588 (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
2589 (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
2590 (_gcry_camellia_aesni_avx2_ocb_auth, _gcry_camellia_ocb_crypt)
2591 (_gcry_camellia_ocb_auth): Change 'Ls' from pointer array to u64 array.
2592 * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
2593 (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
2594 (_gcry_serpent_avx2_ocb_enc, _gcry_serpent_avx2_ocb_dec)
2595 (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Ditto.
2596 * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
2597 (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth)
2598 (twofish_amd64_ocb_enc, twofish_amd64_ocb_dec, twofish_amd64_ocb_auth)
2599 (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Ditto.
2601 bench-slope: add KDF/PBKDF2 benchmark.
2602 + commit ae40af427fd2a856b24ec2a41323ec8b80ffc9c0
2603 * tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free)
2604 (bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New.
2605 (print_help): Add 'kdf'.
2606 (main): Add KDF benchmarks.
2608 2015-10-22 NIIBE Yutaka <gniibe@fsij.org>
2610 md: keep contexts for HMAC in GcryDigestEntry.
2611 + commit f7505b550dd591e33d3a3fab9277c43c460f1bad
2612 * cipher/md.c (struct gcry_md_context): Add flags.hmac.
2613 Remove macpads and mcpads_Bsize.
2614 (md_open): Initialize flags.hmac. Remove macpads initialization.
2615 (md_enable): Allocate contexts when flags.hmac is enabled.
2616 (md_copy): Remove macpads copying. Add copying contexts.
2617 (_gcry_md_reset): When flags.hmac is enabled, restore precomputed
2618 context with input pad
2619 (md_close): Remove macpads wiping.
2620 (md_final): When flags.hmac is enabled, compute hmac by precomputed
2621 context with output pad.
2622 (prepare_macpads): Prepare precomputed contexts with input pad and
2623 output pad for each registered digest entry.
2624 (_gcry_md_setkey): Just call prepare_macpads.
2626 2015-10-15 NIIBE Yutaka <gniibe@fsij.org>
2628 Fix double free on error.
2629 + commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982
2630 * src/hmac256.c (_gcry_hmac256_finalize): Don't free HD.
2632 2015-10-14 NIIBE Yutaka <gniibe@fsij.org>
2634 Fix gpg_error_t and gpg_err_code_t confusion.
2635 + commit 813565a07ca575c87e1252c6ed26018653ecd338
2636 * src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change.
2637 * cipher/dsa.c (dsa_check_secret_key): Ditto.
2638 * src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t.
2640 * src/gcrypt-int.h (_gcry_err_make_from_errno)
2641 (_gcry_error_from_errno): Return gpg_error_t.
2642 * cipher/cipher.c (_gcry_cipher_open_internal)
2643 (_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error.
2644 * src/global.c (_gcry_vcontrol): Likewise.
2645 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use
2646 gpg_err_code_from_syserror.
2647 * cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write)
2648 (mac_read, mac_verify): Return gcry_err_code_t.
2649 * cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR.
2650 * src/visibility.c (gcry_error_from_errno): Return gpg_error_t.
2652 2015-10-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2654 Fix compiling AES/AES-NI implementation on linux-i386.
2655 + commit fa94b6111948a614ebdcb67f7942eced8b84c579
2656 * cipher/rijndael-aesni.c (do_aesni_ctr_4): Split assembly block in
2657 two parts to reduce number of register constraints needed.
2659 2015-10-13 NIIBE Yutaka <gniibe@fsij.org>
2661 Fix declaration of return type.
2662 + commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5
2663 * src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t.
2664 * cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param.
2665 * src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t.
2666 * src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch.
2668 2015-09-07 Werner Koch <wk@gnupg.org>
2670 Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls.
2671 + commit 3a3d5410cc83f7069c7cb1ab384905f382292d32
2672 * src/secmem.c (lock_pool, secmem_init): Do not call any cap_
2673 functions if NO_PRIV_DROP is set.
2675 2015-09-04 Werner Koch <wk@gnupg.org>
2677 w32: Avoid a few compiler warnings.
2678 + commit e97c62a4a687b56d00a2d0a63e072a977f8eb81c
2679 * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
2680 (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable
2682 * random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch
2684 * src/secmem.c (init_pool): Avoid unused variable warning.
2685 * tests/random.c (writen, readn): Include on if needed.
2687 w32: Fix alignment problem with AESNI on Windows >= 8.
2688 + commit e2785a2268702312529521df3bd2f4e6b43cea3a
2689 * cipher/cipher-selftest.c (_gcry_cipher_selftest_alloc_ctx): New.
2690 * cipher/rijndael.c (selftest_basic_128, selftest_basic_192)
2691 (selftest_basic_256): Allocate context on the heap.
2693 2015-08-31 Werner Koch <wk@gnupg.org>
2695 rsa: Add verify after sign to avoid Lenstra's CRT attack.
2696 + commit c17f84bd02d7ee93845e92e20f6ddba814961588
2697 * cipher/rsa.c (rsa_sign): Check the CRT.
2699 Add pubkey algo id for EdDSA.
2700 + commit dd87639abd38afc91a6f27af33f0ba17402ad02d
2701 * src/gcrypt.h.in (GCRY_PK_EDDSA): New.
2703 2015-08-25 Werner Koch <wk@gnupg.org>
2705 Add configure option --enable-build-timestamp.
2706 + commit a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e
2707 * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
2709 2015-08-23 Werner Koch <wk@gnupg.org>
2711 tests: Add missing files for the make distcheck target.
2712 + commit fb3cb47b0a29d3e73150297aa4495c20915e4a75
2713 * tests/Makefile.am (EXTRA_DIST): Add sha3-x test vector files.
2715 2015-08-19 Werner Koch <wk@gnupg.org>
2717 Change SHA-3 algorithm ids.
2718 + commit 65639ecaaeba642e40487446c40d045482001285
2719 * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
2720 (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): Change values.
2722 2015-08-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2724 Keccak: Fix array indexes in θ step.
2725 + commit 48822ae0b436bcea0fe92dbf0d88475ba3179320
2726 * cipher/keccak.c (keccak_f1600_state_permute): Fix indexes for D[5].
2728 Simplify OCB offset calculation for parallel implementations.
2729 + commit 24ebf53f1e8a8afa27dcd768339bda70a740bb03
2730 * cipher/camellia-glue.c (_gcry_camellia_ocb_crypt)
2731 (_gcry_camellia_ocb_auth): Precalculate Ls array always, instead of
2732 just if 'blkn % <parallel blocks> == 0'.
2733 * cipher/serpent.c (_gcry_serpent_ocb_crypt)
2734 (_gcry_serpent_ocb_auth): Ditto.
2735 * cipher/rijndael-aesni.c (get_l): Remove low-bit checks.
2736 (aes_ocb_enc, aes_ocb_dec, _gcry_aes_aesni_ocb_auth): Handle leading
2737 blocks until block counter is multiple of 4, so that parallel block
2738 processing loop can use 'c->u_mode.ocb.L' array directly.
2739 * tests/basic.c (check_ocb_cipher_largebuf): Rename to...
2740 (check_ocb_cipher_largebuf_split): ...this and add option to process
2741 large buffer as two split buffers.
2742 (check_ocb_cipher_largebuf): New.
2744 Add carryless 8-bit addition fast-path for AES-NI CTR mode.
2745 + commit e11895da1f4af9782d89e92ba2e6b1a63235b54b
2746 * cipher/rijndael-aesni.c (do_aesni_ctr_4): Do addition using
2747 CTR in big-endian form, if least-significant byte does not overflow.
2749 2015-08-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2751 Add additional SHA3 test-vectors.
2752 + commit 80321eb3a63a20f86734d6eebb3f419c0ec895aa
2753 * tests/basic.c (check_digests): Allow datalen to be specified so that
2754 input data can have byte with value 0x00; Include sha3-*.h header files
2755 to test-vector structure.
2756 * tests/sha3-224.h: New.
2757 * tests/sha3-256.h: New.
2758 * tests/sha3-384.h: New.
2759 * tests/sha3-512.h: New.
2761 Add generic SHA3 implementation.
2762 + commit 434ba17d1d5ad59c70d721ad3ecb376c2403a7e5
2763 * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE): Increase blocksize
2765 * cipher/keccak.c (SHA3_DELIMITED_SUFFIX, SHAKE_DELIMITED_SUFFIX): New.
2766 (KECCAK_STATE): Add proper state.
2767 (KECCAK_CONTEXT): Add 'outlen'.
2768 (rol64, keccak_f1600_state_permute, transform_blk, transform): New.
2769 (keccak_init): Add proper initialization.
2770 (keccak_final): Add proper finalization.
2771 (selftests_keccak): Add selftests.
2772 (oid_spec_sha3_224, oid_spec_sha3_256, oid_spec_sha3_384)
2773 (oid_spec_sha3_512): Add OID.
2774 (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
2775 (_gcry_digest_spec_sha3_384, _gcry_digest_spec_sha3_512): Fix output
2777 * cipher/mac-hmac.c (map_mac_algo_to_md): Fix mapping for SHA3-512.
2778 (hmac_get_keylen): Return proper blocksizes for SHA3 algorithms.
2779 [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224)
2780 (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384)
2781 (_gcry_mac_type_spec_hmac_sha3_512): New.
2782 * cipher/mac-internal [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224)
2783 (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384)
2784 (_gcry_mac_type_spec_hmac_sha3_512): New.
2785 * cipher/mac.c (mac_list) [USE_SHA3]: Add SHA3 algorithms.
2786 * cipher/md.c (md_open): Use proper SHA-3 blocksizes for HMAC macpads.
2787 * tests/basic.c (check_digests): Add SHA3 test vectors.
2789 Optimize OCB offset calculation.
2790 + commit 49f52c67fb42c0656c8f9af655087f444562ca82
2791 * cipher/cipher-internal.h (ocb_get_l): New.
2792 * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
2793 (ocb_crypt): Use 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'.
2794 * cipher/camellia-glue.c (get_l): Remove.
2795 (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Precalculate
2796 offset array when block count matches parallel operation size; Use
2797 'ocb_get_l' instead of 'get_l'.
2798 * cipher/rijndael-aesni.c (get_l): Add fast path for 75% most common
2800 (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Precalculate
2801 offset array when block count matches parallel operation size.
2802 * cipher/rijndael-ssse3-amd64.c (get_l): Add fast path for 75% most
2804 * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Use
2805 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'.
2806 * cipher/serpent.c (get_l): Remove.
2807 (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Precalculate
2808 offset array when block count matches parallel operation size; Use
2809 'ocb_get_l' instead of 'get_l'.
2810 * cipher/twofish.c (get_l): Remove.
2811 (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Use 'ocb_get_l'
2814 2015-08-10 NIIBE Yutaka <gniibe@fsij.org>
2816 ecc: fix Montgomery curve bugs.
2817 + commit ce746936b6c210e602d106cfbf45cf60b408d871
2818 * cipher/ecc.c (check_secret_key): Y1 should not be NULL when check.
2819 (ecc_check_secret_key): Support Montgomery curve.
2820 * mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition.
2822 2015-08-08 Werner Koch <wk@gnupg.org>
2824 Add framework to eventually support SHA3.
2825 + commit 0e17f7a05bba309a87811992aa47a77af9935b99
2826 * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
2827 (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New.
2828 (GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256)
2829 (GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New.
2830 * cipher/keccak.c: New with stub functions.
2831 * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c.
2832 * configure.ac (available_digests): Add sha3.
2834 * src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests.
2835 * cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos.
2836 (md_open): Ditto for hmac processing.
2837 * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping.
2838 * cipher/hmac-tests.c (run_selftests): Prepare for tests.
2839 * cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx".
2841 2015-08-06 Werner Koch <wk@gnupg.org>
2843 tools: Fix memory leak for functions "I" and "G".
2844 + commit 10789e3cdda7b944acb4b59624c34a2ccfaea6e5
2845 * src/mpicalc.c (do_inv, do_gcd): Init A after stack check.
2847 2015-08-06 Ismo Puustinen <ismo.puustinen@intel.com>
2849 ecc: Free memory also when in error branch.
2850 + commit 1d896371fbc94c605fce35eabcde01e24dd22892
2851 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Init DISGEST and goto
2854 2015-08-06 NIIBE Yutaka <gniibe@fsij.org>
2856 Add Curve25519 support.
2857 + commit e93f4c21c59756604440ad8cbf27e67d29c99ffd
2858 * cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519.
2859 * tests/curves.c (N_CURVES): It's 22 now.
2860 * src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New.
2861 * cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New.
2862 * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New.
2863 * cipher/ecc.c (nist_generate_key): Handle the case of
2864 PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
2865 (test_ecdh_only_keys, check_secret_key): Likewise.
2866 (ecc_generate): Support Curve25519 which is Montgomery curve with flag
2867 PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP.
2868 (ecc_encrypt_raw): Get flags from KEYPARMS and handle
2869 PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
2870 (ecc_decrypt_raw): Likewise.
2871 (compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK.
2872 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist):
2873 PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK.
2874 Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
2876 2015-07-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2878 Reduce code size for Twofish key-setup and remove key dependend branch.
2879 + commit b4b1d872ba651bc44761b35d245b1a519a33f515
2880 * cipher/twofish.c (poly_to_exp): Increase size by one, change type
2881 from byte to u16 and insert '492' to index 0.
2882 (exp_to_poly): Increase size by 256, let new cells have zero value.
2883 (CALC_S): Execute unconditionally with help of modified tables.
2884 (do_twofish_setkey): Change type for 'tmp' to 'unsigned int'; Un-unroll
2885 CALC_K256 and CALC_K phases to reduce generated object size.
2887 Reduce amount of duplicated code in OCB bulk implementations.
2888 + commit e950052bc6f5ff11a7c23091ff3f6b5cc431e875
2889 * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
2890 (ocb_crypt): Change bulk function to return number of unprocessed
2892 * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth)
2893 (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth)
2894 (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth)
2895 (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
2897 * cipher/camellia-glue.c (get_l): Only if USE_AESNI_AVX or
2898 USE_AESNI_AVX2 defined.
2899 (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Change return type
2900 to 'size_t' and return remaining blocks; Remove unaccelerated common
2901 code path. Enable remaining common code only if USE_AESNI_AVX or
2902 USE_AESNI_AVX2 defined; Remove unaccelerated common code.
2903 * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Change
2904 return type to 'size_t' and return zero.
2905 * cipher/serpent.c (get_l): Only if USE_SSE2, USE_AVX2 or USE_NEON
2907 (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Change return type
2908 to 'size_t' and return remaining blocks; Remove unaccelerated common
2909 code path. Enable remaining common code only if USE_SSE2, USE_AVX2 or
2910 USE_NEON defined; Remove unaccelerated common code.
2911 * cipher/twofish.c (get_l): Only if USE_AMD64_ASM defined.
2912 (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
2913 to 'size_t' and return remaining blocks; Remove unaccelerated common
2914 code path. Enable remaining common code only if USE_AMD64_ASM defined;
2915 Remove unaccelerated common code.
2917 Add bulk OCB for Serpent SSE2, AVX2 and NEON implementations.
2918 + commit adbdca0d58f9c06dc3850b95e3455e179c1e6960
2919 * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
2920 functions for Serpent.
2921 * cipher/serpent-armv7-neon.S: Add OCB assembly functions.
2922 * cipher/serpent-avx2-amd64.S: Add OCB assembly functions.
2923 * cipher/serpent-sse2-amd64.S: Add OCB assembly functions.
2924 * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
2925 (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
2926 (_gcry_serpent_neon_ocb_enc, _gcry_serpent_neon_ocb_dec)
2927 (_gcry_serpent_neon_ocb_auth, _gcry_serpent_avx2_ocb_enc)
2928 (_gcry_serpent_avx2_ocb_dec, _gcry_serpent_avx2_ocb_auth): New
2930 (get_l, _gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): New.
2931 * src/cipher.h (_gcry_serpent_ocb_crypt)
2932 (_gcry_serpent_ocb_auth): New.
2933 * tests/basic.c (check_ocb_cipher): Add test-vector for serpent.
2935 Add bulk OCB for Twofish AMD64 implementation.
2936 + commit 7f6804c37c4b41d85fb26aa723b1c41e4a3cf278
2937 * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
2938 functions for Twofish.
2939 * cipher/twofish-amd64.S: Add OCB assembly functions.
2940 * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
2941 (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth): New
2943 (call_sysv_fn5, call_sysv_fn6, twofish_amd64_ocb_enc)
2944 (twofish_amd64_ocb_dec, twofish_amd64_ocb_auth, get_l)
2945 (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): New.
2946 * src/cipher.h (_gcry_twofish_ocb_crypt)
2947 (_gcry_twofish_ocb_auth): New.
2948 * tests/basic.c (check_ocb_cipher): Add test-vector for Twofish.
2950 Add bulk OCB for Camellia AES-NI/AVX and AES-NI/AVX2 implementations.
2951 + commit bb088c6b1620504fdc79e89af27c2bf3fb02b4b4
2952 * cipher/camellia-aesni-avx-amd64.S: Add OCB assembly functions.
2953 * cipher/camellia-aesni-avx2-amd64.S: Add OCB assembly functions.
2954 * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
2955 (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
2956 (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
2957 (_gcry_camellia_aesni_avx2_ocb_auth): New prototypes.
2958 (get_l, _gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): New.
2959 * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
2960 functions for Camellia.
2961 * src/cipher.h (_gcry_camellia_ocb_crypt)
2962 (_gcry_camellia_ocb_auth): New.
2963 * tests/basic.c (check_ocb_cipher): Add test-vector for Camellia.
2965 2015-07-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
2967 Add OCB bulk mode for AES SSSE3 implementation.
2968 + commit 620e1e0300c79943a1846a49563b04386dc60546
2969 * cipher/rijndael-ssse3-amd64.c (SSSE3_STATE_SIZE): New.
2970 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): Use
2971 'ssse3_state' for storing current SSSE3 state.
2972 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
2973 (vpaes_ssse3_cleanup): Restore SSSE3 state from 'ssse3_state'.
2974 (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
2975 (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc)
2976 (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
2977 (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec)
2978 (_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_cbc_dec): Add 'ssse3_state'
2980 (get_l, ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_crypt)
2981 (_gcry_aes_ssse3_ocb_auth): New.
2982 * cipher/rijndael.c (_gcry_aes_ssse3_ocb_crypt)
2983 (_gcry_aes_ssse3_ocb_auth): New.
2984 (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_SSSE3]: Use SSSE3
2985 implementation for OCB.
2987 2015-07-26 Peter Wu <peter@lekensteyn.nl>
2989 Fix undefined behavior wrt memcpy.
2990 + commit 46c072669eb81ed610cc5b3c0dc0c75a143afbb4
2991 * cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let
2992 the function continue to add padding as needed though.
2993 * cipher/mac-poly1305.c: If the caller requested to finish the hash
2994 function without a copy of the result, return immediately.
2996 2015-07-23 Peter Wu <peter@lekensteyn.nl>
2998 build: ignore scissor line for the commit-msg hook.
2999 + commit ada0a7d302cca97b327faaacac7a5d0b8043df88
3000 * build-aux/git-hooks/commit-msg: Stop processing more lines when the
3001 scissor line is encountered.
3003 2015-07-16 Peter Wu <peter@lekensteyn.nl>
3005 rsa: Fix error in comments.
3006 + commit 9cd55e8e948f0049cb23495f536decf797d072f7
3007 * cipher/rsa.c: Fix.
3009 2015-07-14 Peter Wu <peter@lekensteyn.nl>
3011 sexp: Fix invalid deallocation in error path.
3012 + commit 0f9532b186c1e0b54d7e7a6d76bce82b6226122b
3013 * src/sexp.c: Fix wrong condition.
3015 2015-07-10 Peter Wu <peter@lekensteyn.nl>
3017 ecc: fix memory leak.
3018 + commit 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c
3019 * cipher/ecc.c (ecc_verify): Release memory which was allocated before
3020 by _gcry_pk_util_preparse_sigval.
3021 (ecc_decrypt_raw): Likewise.
3023 2015-07-06 NIIBE Yutaka <gniibe@fsij.org>
3025 ecc: fix memory leaks.
3026 + commit 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06
3027 cipher/ecc.c (ecc_generate): Fix memory leak on error of
3028 _gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint.
3029 (ecc_check_secret_key): Fix memory leak on error of
3030 _gcry_ecc_update_curve_param.
3031 (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove
3032 unnecessary sexp_release and fix memory leak on error of
3033 _gcry_ecc_fill_in_curve.
3034 (ecc_decrypt_raw): Fix double free of the point kG and memory leak
3035 on error of _gcry_ecc_os2ec.
3037 2015-06-11 NIIBE Yutaka <gniibe@fsij.org>
3039 mpi: Support FreeBSD 10 or later.
3040 + commit a36ee7501f68ad7ebcfe31f9659430b9d2c3ddd1
3041 * mpi/config.links: Include FreeBSD 10 to 29.
3043 2015-05-21 Werner Koch <wk@gnupg.org>
3045 ecc: Add key generation flag "no-keytest".
3046 + commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07
3047 * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
3048 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
3049 "no-keytest". Return an error for invalid flags of length 10.
3051 * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
3052 set random level depending on flags.
3053 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
3054 * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
3055 remove var random_level.
3056 (nist_generate_key): Implement "no-keytest" flag.
3058 * tests/keygen.c (check_ecc_keys): Add tests for transient-key and
3061 ecc: Avoid double conversion to affine coordinates in keygen.
3062 + commit 102d68b3bd77813a3ff989526855bb1e283bf9d7
3063 * cipher/ecc.c (nist_generate_key): Add args r_x and r_y.
3064 (ecc_generate): Rename vars. Convert to affine coordinates only if
3065 not returned by the lower level generation function.
3067 random: Change initial extra seeding from 2400 bits to 128 bits.
3068 + commit 8124e357b732a719696bfd5271def4e528f2a1e1
3069 * random/random-csprng.c (read_pool): Reduce initial seeding.
3071 2015-05-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3073 Enable AMD64 Twofish implementation on WIN64.
3074 + commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501
3075 * cipher/twofish-amd64.S: Enable when
3076 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3077 (ELF): New macro to mask lines with ELF specific commands.
3078 * cipher/twofish.c (USE_AMD64_ASM): Enable when
3079 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3080 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
3081 (twofish_amd64_encrypt_block, twofish_amd64_decrypt_block)
3082 (twofish_amd64_ctr_enc, twofish_amd64_cbc_dec)
3083 (twofish_amd64_cfb_dec): New wrapper functions for AMD64
3086 Enable AMD64 Serpent implementations on WIN64.
3087 + commit eb0ed576893b6c7990dbcb568510f831d246cea6
3088 * cipher/serpent-avx2-amd64.S: Enable when
3089 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3090 (ELF): New macro to mask lines with ELF specific commands.
3091 * cipher/serpent-sse2-amd64.S: Enable when
3092 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3093 (ELF): New macro to mask lines with ELF specific commands.
3094 * cipher/chacha20.c (USE_SSE2, USE_AVX2): Enable when
3095 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3096 [USE_SSE2 || USE_AVX2] (ASM_FUNC_ABI): New.
3097 (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec)
3098 (_gcry_serpent_sse2_cfb_dec, _gcry_serpent_avx2_ctr_enc)
3099 (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Add
3102 Enable AMD64 Salsa20 implementation on WIN64.
3103 + commit 12bc93ca8187b8061c2e705427ef22f5a71d29b0
3104 * cipher/salsa20-amd64.S: Enable when
3105 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3106 (ELF): New macro to mask lines with ELF specific commands.
3107 * cipher/salsa20.c (USE_AMD64): Enable when
3108 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3109 [USE_AMD64] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
3110 (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup)
3111 (_gcry_salsa20_amd64_encrypt_blocks): Add ASM_FUNC_ABI.
3112 [USE_AMD64] (salsa20_core): Add ASM_EXTRA_STACK.
3113 (salsa20_do_encrypt_stream) [USE_AMD64]: Add ASM_EXTRA_STACK.
3115 Enable AMD64 Poly1305 implementations on WIN64.
3116 + commit 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f
3117 * cipher/poly1305-avx2-amd64.S: Enable when
3118 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3119 (ELF): New macro to mask lines with ELF specific commands.
3120 * cipher/poly1305-sse2-amd64.S: Enable when
3121 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3122 (ELF): New macro to mask lines with ELF specific commands.
3123 * cipher/poly1305-internal.h (POLY1305_SYSV_FUNC_ABI): New.
3124 (POLY1305_USE_SSE2, POLY1305_USE_AVX2): Enable when
3125 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3126 (OPS_FUNC_ABI): New.
3127 (poly1305_ops_t): Use OPS_FUNC_ABI.
3128 * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext)
3129 (_gcry_poly1305_amd64_sse2_finish_ext)
3130 (_gcry_poly1305_amd64_sse2_blocks, _gcry_poly1305_amd64_avx2_init_ext)
3131 (_gcry_poly1305_amd64_avx2_finish_ext)
3132 (_gcry_poly1305_amd64_avx2_blocks, _gcry_poly1305_armv7_neon_init_ext)
3133 (_gcry_poly1305_armv7_neon_finish_ext)
3134 (_gcry_poly1305_armv7_neon_blocks, poly1305_init_ext_ref32)
3135 (poly1305_blocks_ref32, poly1305_finish_ext_ref32)
3136 (poly1305_init_ext_ref8, poly1305_blocks_ref8)
3137 (poly1305_finish_ext_ref8): Use OPS_FUNC_ABI.
3139 Enable AMD64 3DES implementation on WIN64.
3140 + commit b65e9e71d5ee992db5c96793c6af999545daad28
3141 * cipher/des-amd64.S: Enable when
3142 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3143 (ELF): New macro to mask lines with ELF specific commands.
3144 * cipher/des.c (USE_AMD64_ASM): Enable when
3145 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3146 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
3147 (tripledes_ecb_crypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call
3148 assembly function through 'call_sysv_fn'.
3149 (tripledes_amd64_ctr_enc, tripledes_amd64_cbc_dec)
3150 (tripledes_amd64_cfb_dec): New wrapper functions for bulk
3153 Enable AMD64 ChaCha20 implementations on WIN64.
3154 + commit 9597cfddf03c467825da152be5ca0d12a8c30d88
3155 * cipher/chacha20-avx2-amd64.S: Enable when
3156 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3157 (ELF): New macro to mask lines with ELF specific commands.
3158 * cipher/chacha20-sse2-amd64.S: Enable when
3159 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3160 (ELF): New macro to mask lines with ELF specific commands.
3161 * cipher/chacha20-ssse3-amd64.S: Enable when
3162 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3163 (ELF): New macro to mask lines with ELF specific commands.
3164 * cipher/chacha20.c (USE_SSE2, USE_SSSE3, USE_AVX2): Enable when
3165 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3166 (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
3167 (chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks)
3168 (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks)
3169 (_gcry_chacha20_armv7_neon_blocks, chacha20_blocks): Add ASM_FUNC_ABI.
3170 (chacha20_core): Add ASM_EXTRA_STACK.
3172 Enable AMD64 CAST5 implementation on WIN64.
3173 + commit 6a6646df80386204675d8b149ab60e74d7ca124c
3174 * cipher/cast5-amd64.S: Enable when
3175 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3177 (GET_EXTERN_POINTER): Use 'leaq' version on WIN64.
3178 (ELF): New macro to mask lines with ELF specific commands.
3179 * cipher/cast5.c (USE_AMD64_ASM): Enable when
3180 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3181 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
3182 (do_encrypt_block, do_decrypt_block)
3183 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly
3184 function through 'call_sysv_fn'.
3185 (cast5_amd64_ctr_enc, cast5_amd64_cbc_dec)
3186 (cast5_amd64_cfb_dec): New wrapper functions for bulk
3189 Enable AMD64 Camellia implementations on WIN64.
3190 + commit 9a4fb3709864bf3e3918800d44ff576590cd4e92
3191 * cipher/camellia-aesni-avx-amd64.S: Enable when
3192 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3193 (ELF): New macro to mask lines with ELF specific commands.
3194 * cipher/camellia-aesni-avx2-amd64.S: Enable when
3195 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3196 (ELF): New macro to mask lines with ELF specific commands.
3197 * cipher/camellia-glue.c (USE_AESNI_AVX, USE_AESNI_AVX2): Enable when
3198 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3199 [USE_AESNI_AVX || USE_AESNI_AVX2] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
3200 (_gcry_camellia_aesni_avx_ctr_enc, _gcry_camellia_aesni_avx_cbc_dec)
3201 (_gcry_camellia_aesni_avx_cfb_dec, _gcry_camellia_aesni_avx_keygen)
3202 (_gcry_camellia_aesni_avx2_ctr_enc, _gcry_camellia_aesni_avx2_cbc_dec)
3203 (_gcry_camellia_aesni_avx2_cfb_dec): Add ASM_FUNC_ABI.
3205 Enable AMD64 Blowfish implementation on WIN64.
3206 + commit e05682093ffb003b589a697428d918d755ac631d
3207 * cipher/blowfish-amd64.S: Enable when
3208 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3209 (ELF): New macro to mask lines with ELF specific commands.
3210 * cipher/blowfish.c (USE_AMD64_ASM): Enable when
3211 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3212 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
3213 (do_encrypt, do_encrypt_block, do_decrypt_block)
3214 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly
3215 function through 'call_sysv_fn'.
3216 (blowfish_amd64_ctr_enc, blowfish_amd64_cbc_dec)
3217 (blowfish_amd64_cfb_dec): New wrapper functions for bulk
3221 Enable AMD64 arcfour implementation on WIN64.
3222 + commit c46b015bedba7ce0db68929bd33a86a54ab3d919
3223 * cipher/arcfour-amd64.S: Enable when
3224 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3225 (ELF): New macro to mask lines with ELF specific commands.
3226 * cipher/arcfour.c (USE_AMD64_ASM): Enable when
3227 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3228 (do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use
3229 assembly block to call AMD64 assembly function.
3231 Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539.
3232 + commit ee8fc4edcb3466b03246c8720b90731bf274ff1d
3233 * cipher/cipher-poly1305.c: Add RFC-7539 to header.
3234 * doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of
3235 RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD.
3237 hwf-x86: use edi for passing value to ebx for i386 cpuid.
3238 + commit bac42c68b069f17abcca810a21439c7233815747
3239 * src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead
3242 hwf-x86: add EDX as output register for xgetbv asm block.
3243 + commit e15beb584a5ebdfc363e1ff15f87102508652d71
3244 * src/hwf-x86.c (get_xgetbv): Add EDX as output.
3246 2015-05-04 Werner Koch <wk@gnupg.org>
3248 build: Update build-aux files.
3249 + commit 5a7d55eed3316f40ca61acbee032bfc285e28803
3252 Fix possible regression on old 32 bit mingw compilers.
3253 + commit 090ca7435156b5f52064357dd59059570d466f46
3254 * acinclude.m4: Add new pattern for mingw32.
3256 build: Add new file.
3257 + commit 4af52b2e72ce004b7d8f99e09c4324e3c2a84379
3258 * mpi/amd64/distfiles: Add func_abi.h.
3260 2015-05-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3262 Fix WIN64 assembly glue for AES.
3263 + commit 24a769a7c7601dbb85332e550f6fbd121b56df5f
3264 * cipher/rinjdael.c (do_encrypt, do_decrypt)
3265 [!HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Change input operands to
3266 input+output to mark volatile nature of the used registers.
3268 Add '1 million a characters' test vectors.
3269 + commit 2f4fefdbc62857b6e2da26ce111ee140a068c471
3270 * tests/basic.c (check_digests): Add "!" test vectors for MD5, SHA-384,
3271 SHA-512, RIPEMD160 and CRC32.
3273 2015-05-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3275 More optimized CRC implementations.
3276 + commit 06e122baa3321483a47bbf82fd2a4540becfa0c9
3277 * cipher/crc.c (crc32_table, crc24_table): Replace with new table
3279 (update_crc32, CRC24_INIT, CRC24_POLY): Remove.
3280 (crc32_next, crc32_next4, crc24_init, crc24_next, crc24_next4)
3282 (crc24rfc2440_init): Use crc24_init.
3283 (crc32_write): Rewrite to use crc32_next & crc32_next4.
3284 (crc24_write): Rewrite to use crc24_next & crc24_next4.
3285 (crc32_final, crc32rfc1510_final): Use buf_put_be32.
3286 (crc24rfc2440_final): Use crc24_final & buf_put_le32.
3287 * tests/basic.c (check_digests): Add CRC "123456789" tests.
3289 Enable AMD64 AES implementation for WIN64.
3290 + commit 66129b3334a5aa54ff8a97981507e4704f759571
3291 * cipher/rijndael-amd64.S: Enable when
3292 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3293 (ELF): New macro to mask lines with ELF specific commands.
3294 * cipher/rijndael-internal.h (USE_AMD64_ASM): Enable when
3295 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3296 (do_encrypt, do_decrypt)
3297 [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Use
3298 assembly block to call AMD64 assembly encrypt/decrypt function.
3300 Enable AMD64 Whirlpool implementation for WIN64.
3301 + commit 8422d5d699265b960bd1ca837044ee052fc5b614
3302 * cipher/whirlpool-sse2-amd64.S: Enable when
3303 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3304 (ELF): New macro to mask lines with ELF specific commands.
3305 * cipher/whirlpool.c (USE_AMD64_ASM): Enable when
3306 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3307 [USE_AMD64_ASM] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
3308 [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64): Add ASM_FUNC_ABI to
3310 [USE_AMD64_ASM] (whirlpool_transform): Add ASM_EXTRA_STACK to stack
3313 Enable AMD64 SHA512 implementations for WIN64.
3314 + commit 1089a13073c26a9a456e43ec38d937e6ee7f4077
3315 * cipher/sha512-avx-amd64.S: Enable when
3316 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3317 (ELF): New macro to mask lines with ELF specific commands.
3318 * cipher/sha512-avx-bmi2-amd64.S: Ditto.
3319 * cipher/sha512-ssse3-amd64.S: Ditto.
3320 * cipher/sha512.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when
3321 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3322 [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI)
3323 (ASM_EXTRA_STACK): New.
3324 (_gcry_sha512_transform_amd64_ssse3, _gcry_sha512_transform_amd64_avx)
3325 (_gcry_sha512_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to
3327 (transform): Add ASM_EXTRA_STACK to stack burn value.
3329 Enable AMD64 SHA256 implementations for WIN64.
3330 + commit 022959099644f64df5f2a83ade21159864f64837
3331 * cipher/sha256-avx-amd64.S: Enable when
3332 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3333 (ELF): New macro to mask lines with ELF specific commands.
3334 * cipher/sha256-avx2-bmi2-amd64.S: Ditto.
3335 * cipher/sha256-ssse3-amd64.S: Ditto.
3336 * cipher/sha256.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when
3337 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3338 [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI)
3339 (ASM_EXTRA_STACK): New.
3340 (_gcry_sha256_transform_amd64_ssse3, _gcry_sha256_transform_amd64_avx)
3341 (_gcry_sha256_transform_amd64_avx2): Add ASM_FUNC_ABI to prototypes.
3342 (transform): Add ASM_EXTRA_STACK to stack burn value.
3344 Enable AMD64 SHA1 implementations for WIN64.
3345 + commit e433676a899fa0d274d40547166b03c7c8bd8e78
3346 * cipher/sha1-avx-amd64.S: Enable when
3347 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3348 (ELF): New macro to mask lines with ELF specific commands.
3349 * cipher/sha1-avx-bmi2-amd64.S: Ditto.
3350 * cipher/sha1-ssse3-amd64.S: Ditto.
3351 * cipher/sha1.c (USE_SSSE3, USE_AVX, USE_BMI2): Enable
3352 when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
3353 [USE_SSSE3 || USE_AVX || USE_BMI2] (ASM_FUNC_ABI)
3354 (ASM_EXTRA_STACK): New.
3355 (_gcry_sha1_transform_amd64_ssse3, _gcry_sha1_transform_amd64_avx)
3356 (_gcry_sha1_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to
3358 (transform): Add ASM_EXTRA_STACK to stack burn value.
3360 2015-05-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3362 Enable AES/AES-NI, AES/SSSE3 and GCM/PCLMUL implementations on WIN64.
3363 + commit 4e09aaa36d151c3312019724a77fc09aa345b82f
3364 * cipher/cipher-gcm-intel-pclmul.c (_gcry_ghash_intel_pclmul)
3365 ( _gcry_ghash_intel_pclmul) [__WIN64__]: Store non-volatile vector
3366 registers before use and restore after.
3367 * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Remove dependency
3368 on !defined(__WIN64__).
3369 * cipher/rijndael-aesni.c [__WIN64__] (aesni_prepare_2_6_variable,
3370 aesni_prepare, aesni_prepare_2_6, aesni_cleanup)
3371 ( aesni_cleanup_2_6): New.
3372 [!__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare_2_6): New.
3373 (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_cbc_enc)
3374 (_gcry_aesni_ctr_enc, _gcry_aesni_cfb_dec, _gcry_aesni_cbc_dec)
3375 (_gcry_aesni_ocb_crypt, _gcry_aesni_ocb_auth): Use
3376 'aesni_prepare_2_6'.
3377 * cipher/rijndael-internal.h (USE_SSSE3): Enable if
3378 HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS or
3379 HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS.
3380 (USE_AESNI): Remove dependency on !defined(__WIN64__)
3381 * cipher/rijndael-ssse3-amd64.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
3382 (vpaes_ssse3_prepare, vpaes_ssse3_cleanup): New.
3383 [!HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): New.
3384 (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec): Use
3385 'vpaes_ssse3_prepare'.
3386 (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption): Use
3387 'vpaes_ssse3_prepare' and 'vpaes_ssse3_cleanup'.
3388 [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (X): Add masking macro to
3389 exclude '.type' and '.size' markers from assembly code, as they are
3390 not support on WIN64/COFF objects.
3391 * configure.ac (gcry_cv_gcc_attribute_ms_abi)
3392 (gcry_cv_gcc_attribute_sysv_abi, gcry_cv_gcc_default_abi_is_ms_abi)
3393 (gcry_cv_gcc_default_abi_is_sysv_abi)
3394 (gcry_cv_gcc_win64_platform_as_ok): New checks.
3396 Add W64 support for mpi amd64 assembly.
3397 + commit 460355f23e770637d29e3af7b998a957a2b5bc88
3398 acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Set
3399 'ac_cv_sys_symbol_underscore=no' on MingW-W64.
3400 mpi/amd64/func_abi.h: New.
3401 mpi/amd64/mpih-add1.S (_gcry_mpih_add_n): Add FUNC_ENTRY and FUNC_EXIT.
3402 mpi/amd64/mpih-lshift.S (_gcry_mpih_lshift): Ditto.
3403 mpi/amd64/mpih-mul1.S (_gcry_mpih_mul_1): Ditto.
3404 mpi/amd64/mpih-mul2.S (_gcry_mpih_addmul_1): Ditto.
3405 mpi/amd64/mpih-mul3.S (_gcry_mpih_submul_1): Ditto.
3406 mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Ditto.
3407 mpi/amd64/mpih-sub1.S (_gcry_mpih_sub_n): Ditto.
3408 mpi/config.links [host=x86_64-*mingw*]: Enable assembly modules.
3409 [host=x86_64-*-*]: Append mpi/amd64/func_abi.h to mpi/asm-syntax.h.
3411 DES: Silence compiler warnings on Windows.
3412 + commit 6c21cf5fed1ad430fa41445eac2350802bc8aaed
3413 * cipher/des.c (working_memcmp): Make pointer arguments 'const void *'.
3415 Cast pointers to integers using uintptr_t instead of long.
3416 + commit 9cf224322007d90193d4910f0da6e0e29ce01d70
3419 Fix rndhw for 64-bit Windows build.
3420 + commit d5a7e00b6b222566a5650639ef29684b047c1909
3421 * configure.ac: Add sizeof check for 'void *'.
3422 * random/rndhw.c (poll_padlock): Check for SIZEOF_VOID_P == 8
3423 instead of defined(__LP64__).
3424 (RDRAND_LONG): Check for SIZEOF_UNSIGNED_LONG == 8 instead of
3427 Prepare random/win32.c fast poll for 64-bit Windows.
3428 + commit 0cdd24456b33defc7f8176fa82ab694fbc284385
3429 * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to
3431 (_gcry_rndw32_gather_random_fast): Add ADDPTR.
3432 (_gcry_rndw32_gather_random_fast): Disable entropy gathering from
3433 GetQueueStatus(QS_ALLEVENTS).
3434 (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and
3435 maximumWorkingSetSize to SIZE_T from DWORD.
3436 (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of
3437 minimumWorkingSetSize and maximumWorkingSetSize to random poll.
3438 (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly
3441 Disable GCM and AES-NI assembly implementations for WIN64.
3442 + commit f701954555340a503f6e52cc18d58b0c515427b7
3443 * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Do not enable when
3445 * cipher/rijndael-internal.h (USE_AESNI): Ditto.
3447 Disable building mpi assembly routines on WIN64.
3448 + commit e78560a4b717f7154f910a8ce4128de152f586da
3449 * mpi/config.links: Disable assembly for host 'x86_64-*mingw32*'.
3451 Fix packed attribute check for Windows targets.
3452 + commit e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe
3453 * configure.ac (gcry_cv_gcc_attribute_packed): Move 'long b' to its
3454 own packed structure.
3456 Fix tail handling in buf_xor_1.
3457 + commit c2dba93e639639bdac139b3a3a456d10ddc61f79
3458 * cipher/bufhelp.h (buf_xor_1): Increment source pointer at tail
3461 Add --disable-hwf for basic tests.
3462 + commit 839a3bbe2bb045139223b32753d656cc6c3d4669
3463 * tests/basic.c (main): Add handling for '--disable-hwf'.
3465 Use more odd chuck sizes for check_one_md.
3466 + commit 9f086ffa43f2507b9d17522a0a2e394cb273baf8
3467 * tests/basic.c (check_one_md): Make chuck size vary oddly, instead
3468 of using fixed length of 1000 bytes.
3470 Enable more modes in basic ciphers test.
3471 + commit e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435
3472 * src/gcrypt.h.in (GCRY_OCB_BLOCK_LEN): New.
3473 * tests/basic.c (check_one_cipher_core_reset): New.
3474 (check_one_cipher_core): Use check_one_cipher_core_reset inplace of
3476 (check_ciphers): Add CCM and OCB modes for block cipher tests.
3478 Fix reseting cipher in OCB mode.
3479 + commit 88842cbc68beb4f73c87fdbcb74182cba818f789
3480 * cipher/cipher.c (cipher_reset): Setup default taglen for OCB after
3483 2015-04-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3485 Fix buggy RC4 AMD64 assembly and add test to notice similar issues.
3486 + commit 124dfce7c5a2d9405fa2b2832e91ac1267943830
3487 * cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of
3489 * tests/basic.c (get_algo_mode_blklen): New.
3490 (check_one_cipher_core): Add new tests for split buffer input on
3491 encryption and decryption.
3493 2015-04-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3495 Disallow compiler from generating SSE instructions in mixed C+asm source
3496 + commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e
3497 * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target
3498 pragma to disable compiler use of SSE.
3499 * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto.
3500 * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto.
3502 2015-04-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3504 Add OCB bulk crypt/auth functions for AES/AES-NI.
3505 + commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac
3506 * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt
3508 (_gcry_cipher_ocb_get_l): New prototype.
3509 * cipher/cipher-ocb.c (get_l): Rename to ...
3510 (_gcry_cipher_ocb_get_l): ... this.
3511 (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when
3513 * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
3515 * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec)
3516 (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New.
3517 * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt)
3518 (_gcry_aes_aesni_ocb_auth): New prototypes.
3519 (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New.
3520 * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New
3522 * tests/basic.c (check_ocb_cipher_largebuf): New.
3523 (check_ocb_cipher): Add large buffer encryption/decryption test.
3525 2015-04-15 Werner Koch <wk@gnupg.org>
3527 tests: Add option to time the S2K function.
3528 + commit fe38d3815b4cd203cd529949e244aca80d32897f
3529 * tests/t-kdf.c: Include stopwatch.h.
3530 (dummy_consumer): new.
3532 (main): Add option parser and option --s2k.
3534 tests: Improve stopwatch.h.
3535 + commit 3b03a3b493233a472da531d8d9582d1be6d376b0
3536 * tests/stopwatch.h (elapsed_time): Add arg divisor.
3538 2015-04-13 Werner Koch <wk@gnupg.org>
3540 mpi: Fix gcry_mpi_copy for NULL opaque data.
3541 + commit 9fca46864e1b5a9c788072113589454adb89fa97
3542 * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed.
3544 2015-03-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3546 wipememory: use one-byte aligned type for unaligned memory accesses.
3547 + commit a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2
3548 * src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned
3549 access only when HAVE_GCC_ATTRIBUTE_PACKED and
3550 HAVE_GCC_ATTRIBUTE_ALIGNED defined.
3551 (fast_wipememory_t): New.
3552 (fast_wipememory2): Use 'fast_wipememory_t'.
3554 bufhelp: use one-byte aligned type for unaligned memory accesses.
3555 + commit 92fa5f16d69707e302c0f85b2e5e80af8dc037f1
3556 * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when
3557 HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined.
3558 (bufhelp_int_t): New type.
3559 (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use
3561 [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_u32_t, bufhelp_u64_t): New.
3562 [BUFHELP_FAST_UNALIGNED_ACCESS] (buf_get_be32, buf_get_le32)
3563 (buf_put_be32, buf_put_le32, buf_get_be64, buf_get_le64)
3564 (buf_put_be64, buf_put_le64): Use 'bufhelp_uXX_t'.
3565 * configure.ac (gcry_cv_gcc_attribute_packed): New.
3567 tests/bench-slope: fix memory-leak and use-after-free bugs.
3568 + commit aa234561d00c3fb15fe501df4bf58f3db7c7c06b
3569 * tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end.
3570 (bench_mac_init): Move 'key' free at end of function.
3572 2015-03-19 Werner Koch <wk@gnupg.org>
3574 Fix two pedantic warnings.
3575 + commit f5832285b0e420d77be1b8da10a1e1d86583b414
3576 * src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
3579 2015-03-16 Werner Koch <wk@gnupg.org>
3581 Use well defined type instead of size_t in secmem.c.
3582 + commit db8ae3616987fa288173446398a107e31e2e28aa
3583 * src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t.
3585 Make uintptr_t global available.
3586 + commit f0f60c1a04d664936bcf52e8f46705bdc63e7ad9
3587 * cipher/bufhelp.h: Move include for uintptr_t to ...
3588 * src/types.h: here. Check that config.h has been included.
3590 mpi: Remove useless condition.
3591 + commit 0a9cdb8ae092d050ca12a7a4f2f50e25b82154ec
3592 * mpi/mpi-pow.c: Remove condition rp==mp.
3594 cipher: Remove useless NULL check.
3595 + commit fbb97dcf763e28e81e01092ad4c934b3eaf88cc8
3596 * cipher/hash-common.c (_gcry_md_block_write): Remove NUL check for
3599 2015-02-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3601 Fix in-place encryption for OCB mode.
3602 + commit 5e66a4f8d5a63f58caeee367433dd8dd32346083
3603 * cipher/cipher-ocb.c (ocb_checksum): New.
3604 (ocb_crypt): Move checksum calculation outside main crypt loop, do
3605 checksum calculation for encryption before inbuf is overwritten.
3606 * tests/basic.c (check_ocb_cipher): Rename to ...
3607 (do_check_ocb_cipher): ... to this and add argument for testing
3608 in-place encryption/decryption.
3609 (check_ocb_cipher): New.
3611 2015-02-27 NIIBE Yutaka <gniibe@fsij.org>
3613 tests: fix t-sexp.c.
3614 + commit 505decf5369970219ddc9e78a20f97c623957b78
3615 * tests/t-sexp.c (bug_1594): Free N and PUBKEY.
3617 mpi: Avoid data-dependent timing variations in mpi_powm.
3618 + commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
3619 * mpi/mpi-pow.c (mpi_powm): Access all data in the table by
3622 mpi: Revise mpi_powm.
3623 + commit 1fa8cdb933505960d4e4b4842b122d4e06953e88
3624 * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP.
3626 2015-02-23 Werner Koch <wk@gnupg.org>
3628 cipher: Use ciphertext blinding for Elgamal decryption.
3629 + commit 410d70bad9a650e3837055e36f157894ae49a57d
3630 * cipher/elgamal.c (USE_BLINDING): New.
3631 (decrypt): Rewrite to use ciphertext blinding.
3633 2015-02-12 NIIBE Yutaka <gniibe@fsij.org>
3635 mpi: Add mpi_set_cond.
3636 + commit 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288
3637 * mpi/mpiutil.c (_gcry_mpi_set_cond): New.
3638 (_gcry_mpi_swap_cond): Fix types.
3639 * src/mpi.h (mpi_set_cond): New.
3641 2015-01-30 Werner Koch <wk@gnupg.org>
3643 w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
3644 + commit 40a7bdf50e19faaf106470897fed72af623adc50
3645 * src/Makefile.am (extra_ltoptions): New.
3646 (libgcrypt_la_LDFLAGS): Use it.
3648 2015-01-28 Werner Koch <wk@gnupg.org>
3650 Fix building of GOST s-boxes when cross-compiling.
3651 + commit 2564d204e408b296425ac0660c6bdc6270575fb6
3652 * cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD.
3653 (noinst_PROGRAMS): Remove.
3657 2015-01-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3659 rijndael: fix wrong ifdef for SSSE3 setkey.
3660 + commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47
3661 * cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI
3662 around SSSE3 setkey selection.
3664 2015-01-16 Werner Koch <wk@gnupg.org>
3666 Add OCB cipher mode.
3667 + commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c
3668 * cipher/cipher-ocb.c: New.
3669 * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
3670 * cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
3671 (gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
3672 * cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
3673 (_gcry_cipher_open_internal): Setup default taglen of OCB.
3674 (cipher_reset): Clear OCB specific data.
3675 (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
3676 (_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
3677 (_gcry_cipher_setiv): Add OCB specific nonce setting.
3678 (_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
3680 * src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
3681 (gcry_cipher_final): New.
3683 * cipher/bufhelp.h (buf_xor_1): New.
3685 * tests/basic.c (hex2buffer): New.
3686 (check_ocb_cipher): New.
3687 (main): Call it here. Add option --cipher-modes.
3688 * tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
3690 (bench_aead_decrypt_do_bench): Ditto.
3691 (bench_aead_authenticate_do_bench): Ditto. Check error code.
3692 (bench_ocb_encrypt_do_bench): New.
3693 (bench_ocb_decrypt_do_bench): New.
3694 (bench_ocb_authenticate_do_bench): New.
3695 (ocb_encrypt_ops): New.
3696 (ocb_decrypt_ops): New.
3697 (ocb_authenticate_ops): New.
3698 (cipher_modes): Add them.
3699 (cipher_bench_one): Skip wrong block length for OCB.
3700 * tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
3703 2015-01-15 Werner Koch <wk@gnupg.org>
3705 Add functions to count trailing zero bits in a word.
3706 + commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda
3707 * cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New.
3708 * configure.ac (HAVE_BUILTIN_CTZ): Add new test.
3710 2015-01-08 Werner Koch <wk@gnupg.org>
3712 cipher: Prepare for OCB mode.
3713 + commit 9d328962660da72f094dc5424d5ef67abbaffdf6
3714 * src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New.
3716 2015-01-06 Werner Koch <wk@gnupg.org>
3718 Make make distcheck work again.
3719 + commit 4f7dcdc25af269b12275126edeef30b262fb891d
3720 * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers.
3721 * cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h.
3723 2015-01-06 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
3725 stribog: Reduce table size to the needed one.
3726 + commit e4de52378a85cf383994ded8edf0d5cf98dcb10c
3727 * cipher/stribog.c (C16): Avoid allocating superfluous space.
3729 gostr3411-94: Fix the iteration count for length filling loop.
3730 + commit 05dc5bcd234909ae9c9366b653346076b9a834ed
3731 * cipher/gostr3411-94.c (gost3411_final): Fix loop
3733 2015-01-05 Werner Koch <wk@gnupg.org>
3735 random: Silent warning under NetBSD using rndunix.
3736 + commit 817472358a093438e802380caecf7139406400cf
3737 * random/rndunix.c (STDERR_FILENO): Define if needed.
3738 (start_gatherer): Re-open standard descriptors. Fix an
3739 unsigned/signed pointer warning.
3741 primegen: Fix memory leak for invalid call sequences.
3742 + commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83
3743 * cipher/primegen.c (prime_generate_internal): Refactor generator code
3744 to not leak memory for non-implemented feature.
3745 (_gcry_prime_group_generator): Refactor to not leak memory for invalid
3746 args. Also make sure that R_G is set as soon as possible.
3748 doc: Update yat2m to current upstream version (GnuPG).
3749 + commit dd5df198727ea5d8f6b04288e14fd732051453c8
3752 build: Require automake 1.14.
3753 + commit f65276970a6dcd6d9bca94cecc49b68acdcc9492
3754 * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
3756 Replace camel case of internal scrypt functions.
3757 + commit 1a6d65ac0aab335541726d02f2046d883a768ec3
3758 * cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change
3760 (_scryptBlockMix): Rename to scrypt_block_mix. Change callers.
3761 (_scryptROMix): Rename to scrypt_ro_mix. Change callers.
3763 2015-01-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3765 rmd160: restore native-endian store in _gcry_rmd160_mixblock.
3766 + commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de
3767 * cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in
3770 2014-12-27 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3772 Add Intel SSSE3 based vector permutation AES implementation.
3773 + commit 8eabecc883332156adffc1df42d27f614c157e06
3774 * cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'.
3775 * cipher/rijndael-internal.h (USE_SSSE3): New.
3776 (RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'.
3777 * cipher/rijndael-ssse3-amd64.c: New.
3778 * cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey)
3779 (_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt)
3780 (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc)
3781 (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
3782 (_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New.
3783 (do_setkey): Add HWF check for SSSE3 and setup for SSSE3
3785 (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
3786 (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add
3787 selection for SSSE3 implementation.
3788 * configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'.
3790 2014-12-25 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3792 random-csprng: fix compiler warnings on ARM.
3793 + commit c2e1f8fea271f3ef8027809547c4a52e0b1e24a2
3794 * random/random-csprng.c (_gcry_rngcsprng_update_seed_file)
3795 (read_pool): Cast keypool and rndpool to 'unsigned long *' through
3798 scrypt: fix compiler warnings on ARM.
3799 + commit 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94
3800 * cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'.
3802 secmem: fix compiler warnings on ARM.
3803 + commit 99faf9cb34f872144313403f29f3379798debfc9
3804 * src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer
3805 from 'char *' to 'memblock_t *' through 'void *'.
3806 (MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'.
3808 hash: fix compiler warning on ARM.
3809 + commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5
3810 * cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through
3812 * cipher/md4.c (md4_final): Use buf_put_* helper instead of
3813 converting 'char *' to 'u32 *'.
3814 * cipher/md5.c (md5_final): Ditto.
3815 * cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto.
3816 * cipher/sha1.c (sha1_final): Ditto.
3817 * cipher/sha256.c (sha256_final): Ditto.
3818 * cipher/sha512.c (sha512_final): Ditto.
3819 * cipher/tiger.c (tiger_final): Ditto.
3821 rijndael: fix compiler warnings on ARM.
3822 + commit cc26106dbebeb84d481661813edc3e5aea9a7d99
3823 * cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of
3824 keyschedule arrays to unions u1 and u2.
3825 (keyschedenc32, keyscheddec32): New.
3826 * cipher/rijndael.c (u32_a_t): Remove.
3827 (do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove
3828 casting byte arrays to u32_a_t.
3829 (prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32
3830 and keyscheddec32; Remove casting byte arrays to u32_a_t.
3832 2014-12-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3834 Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03
3835 + commit 520070e02e2e6ee7228945015573a6e1f4895ec3
3836 * cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
3837 counters for AAD and data in Poly1305.
3838 * cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
3839 (poly1305_fill_bytecounts, poly1305_do_padding): New.
3840 (poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
3842 (_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
3843 (_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
3844 (_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
3845 (_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
3846 AAD and data byte counts; only allow 96-bit IV.
3847 * cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
3849 * tests/basic.c (_check_poly1305_cipher): Update test-vectors.
3850 (check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
3851 * tests/bench-slope.c (cipher_bench_one): Ditto.
3853 chacha20: allow setting counter for stream random access.
3854 + commit 11b8d2d449a7bc664b4371ae14c57caa6704d272
3855 * cipher/chacha20.c (CHACHA20_CTR_SIZE): New.
3856 (chacha20_ivsetup): Add setup for full counter.
3857 (chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE.
3859 gcm: do not pass extra key pointer for setupM/fillM.
3860 + commit c964321c8a1328e89d636d899a45d68802f5ac9f
3861 * cipher/cipher-gcm-intel-pclmul.c
3862 (_gcry_ghash_setup_intel_pclmul): Remove 'h' parameter.
3863 * cipher/cipher-gcm.c (_gcry_ghash_setup_intel_pclmul): Ditto.
3864 (fillM): Get 'h' pointer from 'c'.
3865 (setupM): Remome 'h' parameter.
3866 (_gcry_cipher_gcm_setkey): Only pass 'c' to setupM.
3868 rijndael: use more compact look-up tables and add table prefetching.
3869 + commit 2374753938df64f6fd8015b44613806a326eff1a
3870 * cipher/rijndael-internal.h (rijndael_prefetchfn_t): New.
3871 (RIJNDAEL_context): Add 'prefetch_enc_fn' and 'prefetch_dec_fn'.
3872 * cipher/rijndael-tables.h (S, T1, T2, T3, T4, T5, T6, T7, T8, S5, U1)
3873 (U2, U3, U4): Remove.
3874 (encT, dec_tables, decT, inv_sbox): Add.
3875 * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block)
3876 (_gcry_aes_amd64_decrypt_block, _gcry_aes_arm_encrypt_block)
3877 (_gcry_aes_arm_encrypt_block): Add parameter for passing table pointer
3878 to assembly implementation.
3879 (prefetch_table, prefetch_enc, prefetch_dec): New.
3880 (do_setkey): Setup context prefetch functions depending on selected
3881 rijndael implementation; Use new tables for key setup.
3882 (prepare_decryption): Use new tables for decryption key setup.
3883 (do_encrypt_aligned): Rename to...
3884 (do_encrypt_fn): ... to this, change to use new compact tables,
3885 make handle unaligned input and unroll rounds loop by two.
3886 (do_encrypt): Remove handling of unaligned input/output; pass table
3887 pointer to assembly implementations.
3888 (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
3889 (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec): Prefetch encryption tables
3891 (do_decrypt_aligned): Rename to...
3892 (do_decrypt_fn): ... to this, change to use new compact tables,
3893 make handle unaligned input and unroll rounds loop by two.
3894 (do_decrypt): Remove handling of unaligned input/output; pass table
3895 pointer to assembly implementations.
3896 (rijndael_decrypt, _gcry_aes_cbc_dec): Prefetch decryption tables
3898 * cipher/rijndael-amd64.S: Use 1+1.25 KiB tables for
3899 encryption+decryption; remove tables from assembly file.
3900 * cipher/rijndael-arm.S: Ditto.
3902 2014-12-15 Werner Koch <wk@gnupg.org>
3904 build: Add configure option --disable-doc.
3905 + commit ad50e360ef4851e66e51a03fc420175636336b58
3906 * Makefile.am (AUTOMAKE_OPTIONS): Remove.
3907 (doc) [!BUILD_DOC]: Do not recurse into the dir.
3908 * configure.ac (AM_INIT_AUTOMAKE): Add option formerly in Makefile.am.
3909 (BUILD_DOC): Add new am_conditional.
3911 2014-12-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3913 rijndael: further optimizations for AES-NI accelerated CBC and CFB bulk modes
3914 + commit 4f46374502eb988d701b904f83819e2cf7b1755c
3915 * cipher/rijndael-aesni.c (do_aesni_enc, do_aesni_dec): Pass
3916 input/output through SSE register XMM0.
3917 (do_aesni_cfb): Remove.
3918 (_gcry_aes_aesni_encrypt, _gcry_aes_aesni_decrypt): Add loading/storing
3919 input/output to/from XMM0.
3920 (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc)
3921 (_gcry_aes_aesni_cfb_dec): Update to use renewed 'do_aesni_enc' and
3922 move IV loading/storing outside loop.
3923 (_gcry_aes_aesni_cbc_dec): Update to use renewed 'do_aesni_dec'.
3925 GCM: move Intel PCLMUL accelerated implementation to separate file.
3926 + commit 4a0795af021305f9240f23626a3796157db46bd7
3927 * cipher/Makefile.am: Add 'cipher-gcm-intel-pclmul.c'.
3928 * cipher/cipher-gcm-intel-pclmul.c: New.
3929 * cipher/cipher-gcm.c [GCM_USE_INTEL_PCLMUL]
3930 (_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): New
3932 [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul, gfmul_pclmul_aggr4): Move
3933 to 'cipher-gcm-intel-pclmul.c'.
3934 (ghash): Rename to...
3935 (ghash_internal): ...this and move GCM_USE_INTEL_PCLMUL part to new
3936 function in 'cipher-gcm-intel-pclmul.c'.
3937 (setupM): Move GCM_USE_INTEL_PCLMUL part to new function in
3938 'cipher-gcm-intel-pclmul.c'; Add selection of ghash function based
3939 on available HW acceleration.
3940 (do_ghash_buf): Change use of 'ghash' to 'c->u_mode.gcm.ghash_fn'.
3941 * cipher/internal.h (ghash_fn_t): New.
3942 (gcry_cipher_handle): Remove 'use_intel_pclmul'; Add 'ghash_fn'.
3944 2014-12-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3946 rijndael: split Padlock part to separate file.
3947 + commit cbf4c8cb6bbda15eea61885279f2a6f1d4bcedfd
3948 * cipher/Makefile.am: Add 'rijndael-padlock.c'.
3949 * cipher/rijndael-padlock.c: New.
3950 * cipher/rijndael.c (do_padlock, do_padlock_encrypt)
3951 (do_padlock_decrypt): Move to 'rijndael-padlock.c'.
3952 * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-padlock.lo'.
3954 2014-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
3956 rijndael: refactor to reduce number of #ifdefs and branches.
3957 + commit 3d5b51786e2050c461e9791b59142a731462b66d
3958 * cipher/rijndael-aesni.c (_gcry_aes_aesni_encrypt)
3959 (_gcry_aes_aesni_decrypt): Make return stack burn depth.
3960 * cipher/rijndael-amd64.S (_gcry_aes_amd64_encrypt_block)
3961 (_gcry_aes_amd64_decrypt_block): Ditto.
3962 * cipher/rijndael-arm.S (_gcry_aes_arm_encrypt_block)
3963 (_gcry_aes_arm_decrypt_block): Ditto.
3964 * cipher/rijndael-internal.h (RIJNDAEL_context_s)
3965 (rijndael_cryptfn_t): New.
3966 (RIJNDAEL_context): New members 'encrypt_fn' and 'decrypt_fn'.
3967 * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block)
3968 (_gcry_aes_amd64_decrypt_block, _gcry_aes_aesni_encrypt)
3969 (_gcry_aes_aesni_decrypt, _gcry_aes_arm_encrypt_block)
3970 (_gcry_aes_arm_decrypt_block): Change prototypes.
3971 (do_padlock_encrypt, do_padlock_decrypt): New.
3972 (do_setkey): Separate key-length to rounds conversion from
3973 HW features check; Add selection for ctx->encrypt_fn and
3975 (do_encrypt_aligned, do_decrypt_aligned): Move inside
3976 '[!USE_AMD64_ASM && !USE_ARM_ASM]'; Move USE_AMD64_ASM and
3978 (do_encrypt, do_decrypt): ...here; Return stack depth; Remove second
3979 temporary buffer from non-aligned input/output case.
3980 (do_padlock): Move decrypt_flag to last argument; Return stack depth.
3981 (rijndael_encrypt): Remove #ifdefs, just call ctx->encrypt_fn.
3982 (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc): Remove USE_PADLOCK; Call
3983 ctx->encrypt_fn in place of do_encrypt/do_encrypt_aligned.
3984 (_gcry_aes_ctr_enc): Call ctx->encrypt_fn in place of
3985 do_encrypt_aligned; Make tmp buffer 16-byte aligned and wipe buffer
3987 (rijndael_encrypt): Remove #ifdefs, just call ctx->decrypt_fn.
3988 (_gcry_aes_cfb_dec): Remove USE_PADLOCK; Call ctx->decrypt_fn in place
3989 of do_decrypt/do_decrypt_aligned.
3990 (_gcry_aes_cbc_dec): Ditto; Make savebuf buffer 16-byte aligned.
3992 rijndael: move AES-NI blocks before Padlock.
3993 + commit dbf9e95dd3891f6e6ad370e8ab78fec03595687b
3994 * cipher/rijndael.c (do_setkey, rijndael_encrypt, _gcry_aes_cfb_enc)
3995 (rijndael_decrypt, _gcry_aes_cfb_dec): Move USE_AESNI before
3997 (check_decryption_praparation) [USE_PADLOCK]: Move to...
3998 (prepare_decryption) [USE_PADLOCK]: ...here.
4000 rijndael: split AES-NI functions to separate file.
4001 + commit 67d529630e838daeb8cb9c6d7ef660c01ef34fee
4002 * cipher/Makefile.in: Add 'rijndael-aesni.c'.
4003 * cipher/rijndael-aesni.c: New.
4004 * cipher/rijndael-internal.h: New.
4005 * cipher/rijndael.c (MAXKC, MAXROUNDS, BLOCKSIZE, ATTR_ALIGNED_16)
4006 (USE_AMD64_ASM, USE_ARM_ASM, USE_PADLOCK, USE_AESNI, RIJNDAEL_context)
4007 (keyschenc, keyschdec, padlockkey): Move to 'rijndael-internal.h'.
4008 (u128_s, aesni_prepare, aesni_cleanup, aesni_cleanup_2_6)
4009 (aesni_do_setkey, do_aesni_enc, do_aesni_dec, do_aesni_enc_vec4)
4010 (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Move
4011 to 'rijndael-aesni.c'.
4012 (prepare_decryption, rijndael_encrypt, _gcry_aes_cfb_enc)
4013 (_gcry_aes_cbc_enc, _gcry_aes_ctr_enc, rijndael_decrypt)
4014 (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec) [USE_AESNI]: Move to functions
4015 in 'rijdael-aesni.c'.
4016 * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-aesni.lo'.
4018 2014-11-24 Werner Koch <wk@gnupg.org>
4020 Remove duplicated prototypes.
4021 + commit d53ea84bed37b973f7ce59262c50b33700cd8311
4022 * src/gcrypt-int.h (_gcry_mpi_ec_new, _gcry_mpi_ec_set_mpi)
4023 (gcry_mpi_ec_set_point): Remove.
4025 tests: Add a prime mode to benchmark.
4026 + commit 1b4210c204a5ef5e631187509e011b8468a134ef
4027 * tests/benchmark.c (progress_cb): Add a single char mode.
4029 (main): Add a "prime" mode. Factor with_progress out to file scope.
4031 2014-11-19 NIIBE Yutaka <gniibe@fsij.org>
4033 ecc: Improve Montgomery curve implementation.
4034 + commit e6130034506013d6153465a2bedb6fb08a43f74d
4035 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support
4037 * cipher/ecc.c (test_ecdh_only_keys): New.
4038 (nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY.
4039 (check_secret_key): Handle Montgomery curve of x-coordinate only.
4040 * mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop.
4041 Simplify, using pointers of Q1, Q2, PRD, and SUM.
4043 2014-11-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4045 Disable NEON for CPUs that are known to have broken NEON implementation.
4046 + commit 95eef21583d8e998efc48f22898c1ae31b77cb48
4047 * src/hwf-arm.c (detect_arm_proc_cpuinfo): Add parsing for CPU version
4048 information and check if CPU is known to have broken NEON
4050 (_gcry_hwf_detect_arm): Filter out broken HW features.
4052 Add ARM/NEON implementation of Poly1305.
4053 + commit 0b520128551054d83fb0bb2db8873394f38de498
4054 * cipher/Makefile.am: Add 'poly1305-armv7-neon.S'.
4055 * cipher/poly1305-armv7-neon.S: New.
4056 * cipher/poly1305-internal.h (POLY1305_USE_NEON)
4057 (POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE)
4058 (POLY1305_NEON_ALIGNMENT): New.
4059 * cipher/poly1305.c [POLY1305_USE_NEON]
4060 (_gcry_poly1305_armv7_neon_init_ext)
4061 (_gcry_poly1305_armv7_neon_finish_ext)
4062 (_gcry_poly1305_armv7_neon_blocks, poly1305_armv7_neon_ops): New.
4063 (_gcry_poly1305_init) [POLY1305_USE_NEON]: Select NEON implementation
4064 if HWF_ARM_NEON set.
4065 * configure.ac [neonsupport=yes]: Add 'poly1305-armv7-neon.lo'.
4067 chacha20: add ARMv7/NEON implementation.
4068 + commit c584f44543883346d5a565581ff99a0afce9c5e1
4069 * cipher/Makefile.am: Add 'chacha20-armv7-neon.S'.
4070 * cipher/chacha20-armv7-neon.S: New.
4071 * cipher/chacha20.c (USE_NEON): New.
4072 [USE_NEON] (_gcry_chacha20_armv7_neon_blocks): New.
4073 (chacha20_do_setkey) [USE_NEON]: Use Neon implementation if
4074 HWF_ARM_NEON flag set.
4075 (selftest): Self-test encrypting buffer byte by byte.
4076 * configure.ac [neonsupport=yes]: Add 'chacha20-armv7-neon.lo'.
4078 2014-10-08 Markus Teich <markus.teich@stusta.mhn.de>
4080 mpi: Add gcry_mpi_ec_sub.
4081 + commit 23ecadf309f8056c35cc092e58df801ac0eab862
4082 * NEWS (gcry_mpi_ec_sub): New.
4083 * doc/gcrypt.texi (gcry_mpi_ec_sub): New.
4084 * mpi/ec.c (_gcry_mpi_ec_sub, sub_points_edwards): New.
4085 (sub_points_montgomery, sub_points_weierstrass): New stubs.
4086 * src/gcrypt-int.h (_gcry_mpi_ec_sub): New.
4087 * src/gcrypt.h.in (gcry_mpi_ec_sub): New.
4088 * src/libgcrypt.def (gcry_mpi_ec_sub): New.
4089 * src/libgcrypt.vers (gcry_mpi_ec_sub): New.
4090 * src/mpi.h (_gcry_mpi_ec_sub_points): New.
4091 * src/visibility.c (gcry_mpi_ec_sub): New.
4092 * src/visibility.h (gcry_mpi_ec_sub): New.
4094 2014-10-08 Werner Koch <wk@gnupg.org>
4096 Fix prime test for 2 and lower and add check command to mpicalc.
4097 + commit 5c906e2cdb14e93fb4915fdc69c7353a5fa35709
4098 * cipher/primegen.c (check_prime): Return true for the small primes.
4099 (_gcry_prime_check): Return correct values for 2 and lower numbers.
4101 * src/mpicalc.c (do_primecheck): New.
4102 (main): Add command 'P'.
4103 (main): Allow for larger input data.
4105 2014-10-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4107 Add Whirlpool AMD64/SSE2 assembly implementation.
4108 + commit de0ccd4dce7ec185a678d78878d4538dd609ca0f
4109 * cipher/Makefile.am: Add 'whirlpool-sse2-amd64.S'.
4110 * cipher/whirlpool-sse2-amd64.S: New.
4111 * cipher/whirlpool.c (USE_AMD64_ASM): New.
4112 (whirlpool_tables_s): New.
4113 (rc, C0, C1, C2, C3, C4, C5, C6, C7): Combine these tables into single
4114 structure and replace old tables with macros of same name.
4115 (tab): New structure containing above tables.
4116 [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64)
4117 (whirlpool_transform): New.
4118 * configure.ac [host=x86_64]: Add 'whirlpool-sse2-amd64.lo'.
4120 2014-10-04 Andrei Scherer <andsch@inbox.com>
4122 Improved ripemd160 performance.
4123 + commit 30bd759f398f45b04d0a783b875f59ce9bd1e51d
4124 * cipher/rmd160.c (transform): Interleave the left and right lane
4125 rounds to introduce more instruction level parallelism.
4127 2014-10-02 Werner Koch <wk@gnupg.org>
4129 build: Document SYSROOT.
4130 + commit 0ecd136a6ca02252f63ad229fa5240897bfe6544
4131 * configure.ac: Mark SYSROOT as arg var.
4133 build: Support SYSROOT based config script finding.
4134 + commit 1e8b86494cf8fa045696bd447b16267ffd1797f0
4135 * src/libgcrypt.m4: Add support for SYSROOT and set
4136 gpg_config_script_warn. Use AC_PATH_PROG instead of AC_PATH_TOOL
4137 because the config script is not expected to be installed with a
4139 * configure.ac: Print a library mismatch warning.
4140 * m4/gpg-error.m4: Update from git master.
4142 2014-09-30 Werner Koch <wk@gnupg.org>
4144 mac: Fix gcry_mac_close to allow for a NULL handle.
4145 + commit 51dae8c8c4b63bb5e1685cbd8722e35342524737
4146 * cipher/mac.c (_gcry_mac_close): Check for NULL.
4148 2014-09-03 Werner Koch <wk@gnupg.org>
4150 Add a constant for a forthcoming new RNG.
4151 + commit 8b960a807d168000d2690897a7634bd384ac1346
4152 * src/gcrypt.h.in (GCRYCTL_DRBG_REINIT): New constant.
4154 2014-09-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4156 Add new Poly1305 MAC test vectors.
4157 + commit 8a2a328742012a7c528dd007437185e4584c1e48
4158 * tests/basic.c (check_mac): Add new test vectors for Poly1305 MAC.
4160 2014-09-02 Werner Koch <wk@gnupg.org>
4162 asm: Allow building x86 and amd64 using old compilers.
4163 + commit 5eec04a43e6c562e956353449be931dd43dfe1cc
4164 * src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled.
4166 2014-08-21 Werner Koch <wk@gnupg.org>
4168 sexp: Check args of gcry_sexp_build.
4169 + commit e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c
4170 * src/sexp.c (do_vsexp_sscan): Return error for invalid args.
4172 cipher: Fix a segv in case of calling with wrong parameters.
4173 + commit f850add813d783f31ca6a60459dea25ef71bce7e
4174 * cipher/md.c (_gcry_md_info): Fix arg testing.
4176 cipher: Fix possible NULL deref in call to prime generator.
4177 + commit 18056ace7f466cb8c1eaf08e5dc0400516d83b4c
4178 * cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
4180 * cipher/dsa.c (generate): Take care of new return code.
4181 * cipher/elgamal.c (generate): Change to return an error code. Take
4182 care of _gcry_generate_elg_prime return code.
4183 (generate_using_x): Take care of _gcry_generate_elg_prime return code.
4184 (elg_generate): Propagate return code from generate.
4186 2014-08-12 NIIBE Yutaka <gniibe@fsij.org>
4188 ecc: Support Montgomery curve for gcry_mpi_ec_mul_point.
4189 + commit 34bb55ee36df3aca3ebca88f8b61c786cd0c0701
4190 * mpi/ec.c (_gcry_mpi_ec_get_affine): Support Montgomery curve.
4191 (montgomery_ladder): New.
4192 (_gcry_mpi_ec_mul_point): Implemention using montgomery_ladder.
4193 (_gcry_mpi_ec_curve_point): Check x-coordinate is valid.
4195 2014-08-09 Werner Koch <wk@gnupg.org>
4197 tests: Add a benchmark for Elgamal.
4198 + commit e6d354865bf8f3d4c1bb5e8157a76fdd442cff41
4199 * tests/benchmark.c (sample_public_elg_key_1024): New.
4200 (sample_private_elg_key_1024): New.
4201 (sample_public_elg_key_2048, sample_private_elg_key_2048): New.
4202 (sample_public_elg_key_3072, sample_private_elg_key_3072): New.
4204 (main): Add elg_bench. Add commands "elg" and "public".
4206 2014-08-08 NIIBE Yutaka <gniibe@fsij.org>
4208 ecc: Add cofactor to domain parameters.
4209 + commit 9933b9e5e1a3f5b1019c75f93bd265d4a1ecc270
4210 * src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'.
4211 * cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'.
4212 (_gcry_ecc_update_curve_param): New API adding cofactor.
4214 * cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'.
4215 (ecc_domain_parms_t domain_parms): Add cofactors.
4216 (_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param)
4217 (_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp)
4218 (_gcry_ecc_get_mpi): Handle cofactor.
4219 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
4220 * cipher/ecc-misc.c (_gcry_ecc_curve_free)
4221 (_gcry_ecc_curve_copy): Likewise.
4222 * cipher/ecc.c (nist_generate_key, ecc_generate)
4223 (ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw)
4224 (ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc):
4226 (compute_keygrip): Handle cofactor, but skip it for its computation.
4227 * mpi/ec.c (ec_deinit): Likewise.
4228 * tests/t-mpi-point.c (context_param): Likewise.
4229 (test_curve): Add cofactors.
4230 * tests/curves.c (sample_key_1, sample_key_2): Add cofactors.
4231 * tests/keygrip.c (key_grips): Add cofactors.
4233 2014-08-05 Werner Koch <wk@gnupg.org>
4235 mpi: Fix regression for powerpc-apple-darwin detection.
4236 + commit 4ce77b0a810d3c889c07dfb385127d90fa1ae36a
4237 * mpi/config.links: Add separate entry for powerpc-apple-darwin.
4239 Fix bug inhibiting the use of the sentinel attribute.
4240 + commit d2d28298ccc0d0f3c0b03fd323deb1e8808ef74f
4241 * src/gcrypt.h.in: Fix typo in macro.
4243 mpi: Use BSD syntax for x86_64-apple-darwin.
4244 + commit 71939faa7c54e7b4b28d115e748a85f134876a02
4245 * mpi/config.links: Add case for x86_64-apple-darwin.
4247 2014-08-05 Kristian Fiskerstrand <kf@sumptuouscapital.com>
4249 Fix building for the x32 target without asm modules.
4250 + commit a17c29844b63e9e869f7855d901bc9d859234ead
4251 * mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI.
4253 2014-07-25 Werner Koch <wk@gnupg.org>
4255 ecc: Support the non-standard 0x40 compression flag for EdDSA.
4256 + commit 4556f9b19c024f16bdf542da7173395c0741b91d
4257 * cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA.
4258 * cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX.
4259 (_gcry_ecc_eddsa_encodepoint): Ditto.
4260 (_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix.
4261 (_gcry_ecc_eddsa_decodepoint): Ditto.
4262 * tests/keygrip.c: Check an compresssed with prefix Ed25519 key.
4263 * tests/t-ed25519.inp: Ditto.
4265 mpi: Extend the internal mpi_get_buffer.
4266 + commit 0e10902ad7584277ac966367efc712b183784532
4267 * mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC.
4268 (_gcry_mpi_get_buffer_extra): New.
4270 cipher: Fix compiler warning for chacha20.
4271 + commit 4e0bf1b9190ce08fb23eb3ae0c3be58954ff36ab
4272 * cipher/chacha20.c (chacha20_blocks) [!USE_SSE2]: Do not build.
4274 2014-07-16 NIIBE Yutaka <gniibe@fsij.org>
4276 mpi: Add mpi_swap_cond.
4277 + commit 4846e52728970e3117f3a046ef9010be089a3ae4
4278 * mpi/mpiutil.c (_gcry_mpi_swap_cond): New.
4279 * src/mpi.h (mpi_swap_cond): New.
4281 2014-06-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4283 Speed-up SHA-1 NEON assembly implementation.
4284 + commit 1b9b00bbe41bbed32563f1102049521e703e72bd
4285 * cipher/sha1-armv7-neon.S: Tweak implementation for speed-up.
4287 2014-06-28 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4289 gostr3411_94: rewrite to use u32 mathematic.
4290 + commit 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7
4291 * cipher/gost28147.c (_gcry_gost_enc_data): New.
4292 * cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic
4294 * cipher/gost28147.c (_gcry_gost_enc_one): Remove.
4296 gost28147: use bufhelp helpers.
4297 + commit 7aeba6c449169926076df83b01ddbfa6b41fe411
4298 * cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block):
4299 use buf_get_le32/buf_put_le32 helpers.
4301 Fixup curve name in the GOST2012 test case.
4302 + commit b78d504fa8745b8b04589acbbcf7dd5fe9279d13
4303 * tests/basic.c (check_pubkey): fixup curve name in public key.
4305 Update PBKDF2 tests with GOST R 34.11-94 test cases.
4306 + commit 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7
4307 * tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases.
4309 Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet.
4310 + commit 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9
4311 * src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New.
4312 * src/cipher.h (_gcry_digest_spec_gost3411_cp): New.
4313 * cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between
4314 CryptoPro and Test S-Boxes.
4315 * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp,
4316 gost3411_cp_init): New.
4317 * cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32.
4319 gost28147: support GCRYCTL_SET_SBOX.
4320 + commit 5ee35a04362c94e680ef3633fa83b72e0aee8626
4321 cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New.
4323 Support setting s-box for the ciphers that require it.
4324 + commit fb074d113fcbf66a5c20592625cb19051f3430f5
4325 * src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New.
4326 * cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to
4327 set_extra_info callback.
4329 cipher/gost28147: generate optimized s-boxes from compact ones.
4330 + commit 164738a0292b3f32c7747099ad9cadace58e5eda
4331 * cipher/gost-s-box.c: New. Outputs optimized expanded representation of
4332 s-boxes (4x256) from compact 16x8 representation.
4333 * cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo
4334 * cipher/gost.h: Add sbox to the GOST28147_context structure.
4335 * cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from
4336 GOST R 34.11 (this was the only one S-box before).
4337 * cipher/gost28147.c (gost_val): Use sbox from the context.
4339 gost28147: add OIDs used to define cipher mode.
4340 + commit 34a58010000288515636706811c3837f32957b2e
4341 * cipher/gost28147 (oids_gost28147): Add OID from RFC4357.
4343 GOST R 34.11-94 add OIDs.
4344 + commit 8b221cf5ce233c8c49a4e4ecebb70d523fc37837
4345 * cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357.
4347 2014-05-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4349 tests: add larger test-vectors for hash algorithms.
4350 + commit f14fb5b427b5159fcd9603d2b3cde936889cf430
4351 * tests/basic.c (check_digests): Add large test-vectors for MD5, SHA1,
4352 SHA224, SHA256, SHA384, RMD160, CRC32, TIGER1, WHIRLPOOL and
4355 sha512: fix ARM/NEON implementation.
4356 + commit beb901575f0d6cd6a0a27506ebea9a725754d0cc
4357 * cipher/sha512-armv7-neon.S
4358 (_gcry_sha512_transform_armv7_neon): Byte-swap RW67q and RW1011q
4359 correctly in multi-block loop.
4360 * tests/basic.c (check_digests): Add large test vector for SHA512.
4362 2014-05-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4364 Fix ARM assembly when building __PIC__
4365 + commit 994c758d8f5471c7e9c38c2834742cca2502d35f
4366 * cipher/camellia-arm.S (GET_DATA_POINTER): New.
4367 (_gcry_camellia_arm_encrypt_block): Use GET_DATA_POINTER.
4368 (_gcry_camellia_arm_decrypt_block): Ditto.
4369 * cipher/cast5-arm.S (GET_DATA_POINTER): New.
4370 (_gcry_cast5_arm_encrypt_block, _gcry_cast5_arm_decrypt_block)
4371 (_gcry_cast5_arm_enc_blk2, _gcry_cast5_arm_dec_blk2): Use
4373 * cipher/rijndael-arm.S (GET_DATA_POINTER): New.
4374 (_gcry_aes_arm_encrypt_block, _gcry_aes_arm_decrypt_block): Use
4376 * cipher/sha1-armv7-neon.S (GET_DATA_POINTER): New.
4377 (.LK_VEC): Move from .text to .data section.
4378 (_gcry_sha1_transform_armv7_neon): Use GET_DATA_POINTER.
4380 2014-05-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4382 Add Poly1305 to documentation.
4383 + commit bf4943932dae95a0573b63bf32a9b9acd5a6ddf3
4384 * doc/gcrypt.texi: Add documentation for Poly1305 MACs and AEAD mode.
4386 2014-05-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4388 chacha20: add SSE2/AMD64 optimized implementation.
4389 + commit 323b1eb80ff3396d83fedbe5bba9a4e6c412d192
4390 * cipher/Makefile.am: Add 'chacha20-sse2-amd64.S'.
4391 * cipher/chacha20-sse2-amd64.S: New.
4392 * cipher/chacha20.c (USE_SSE2): New.
4393 [USE_SSE2] (_gcry_chacha20_amd64_sse2_blocks): New.
4394 (chacha20_do_setkey) [USE_SSE2]: Use SSE2 implementation for blocks
4396 * configure.ac [host=x86-64]: Add 'chacha20-sse2-amd64.lo'.
4398 poly1305: add AMD64/AVX2 optimized implementation.
4399 + commit 98f021961ee65669037bc8bb552a69fd78f610fc
4400 * cipher/Makefile.am: Add 'poly1305-avx2-amd64.S'.
4401 * cipher/poly1305-avx2-amd64.S: New.
4402 * cipher/poly1305-internal.h (POLY1305_USE_AVX2)
4403 (POLY1305_AVX2_BLOCKSIZE, POLY1305_AVX2_STATESIZE)
4404 (POLY1305_AVX2_ALIGNMENT): New.
4405 (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE)
4406 (POLY1305_STATE_ALIGNMENT): Use AVX2 versions when needed.
4407 * cipher/poly1305.c [POLY1305_USE_AVX2]
4408 (_gcry_poly1305_amd64_avx2_init_ext)
4409 (_gcry_poly1305_amd64_avx2_finish_ext)
4410 (_gcry_poly1305_amd64_avx2_blocks, poly1305_amd64_avx2_ops): New.
4411 (_gcry_poly1305_init) [POLY1305_USE_AVX2]: Use AVX2 implementation if
4412 AVX2 supported by CPU.
4413 * configure.ac [host=x86_64]: Add 'poly1305-avx2-amd64.lo'.
4415 2014-05-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4417 poly1305: add AMD64/SSE2 optimized implementation.
4418 + commit 297532602ed2d881d8fdc393d1961068a143a891
4419 * cipher/Makefile.am: Add 'poly1305-sse2-amd64.S'.
4420 * cipher/poly1305-internal.h (POLY1305_USE_SSE2)
4421 (POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE)
4422 (POLY1305_SSE2_ALIGNMENT): New.
4423 (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE)
4424 (POLY1305_STATE_ALIGNMENT): Use SSE2 versions when needed.
4425 * cipher/poly1305-sse2-amd64.S: New.
4426 * cipher/poly1305.c [POLY1305_USE_SSE2]
4427 (_gcry_poly1305_amd64_sse2_init_ext)
4428 (_gcry_poly1305_amd64_sse2_finish_ext)
4429 (_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops): New.
4430 (_gcry_polu1305_init) [POLY1305_USE_SSE2]: Use SSE2 version.
4431 * configure.ac [host=x86_64]: Add 'poly1305-sse2-amd64.lo'.
4433 Add Poly1305 based cipher AEAD mode.
4434 + commit e813958419b0ec4439e6caf07d3b2234cffa2bfa
4435 * cipher/Makefile.am: Add 'cipher-poly1305.c'.
4436 * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.poly1305'.
4437 (_gcry_cipher_poly1305_encrypt, _gcry_cipher_poly1305_decrypt)
4438 (_gcry_cipher_poly1305_setiv, _gcry_cipher_poly1305_authenticate)
4439 (_gcry_cipher_poly1305_get_tag, _gcry_cipher_poly1305_check_tag): New.
4440 * cipher/cipher-poly1305.c: New.
4441 * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
4442 (cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv)
4443 (_gcry_cipher_authenticate, _gcry_cipher_gettag)
4444 (_gcry_cipher_checktag): Handle 'GCRY_CIPHER_MODE_POLY1305'.
4445 (cipher_setiv): Move handling of 'GCRY_CIPHER_MODE_GCM' to ...
4446 (_gcry_cipher_setiv): ... here, as with other modes.
4447 * src/gcrypt.h.in: Add 'GCRY_CIPHER_MODE_POLY1305'.
4448 * tests/basic.c (_check_poly1305_cipher, check_poly1305_cipher): New.
4449 (check_ciphers): Add Poly1305 check.
4450 (check_cipher_modes): Call 'check_poly1305_cipher'.
4451 * tests/bench-slope.c (bench_gcm_encrypt_do_bench): Rename to
4452 bench_aead_... and take nonce as argument.
4453 (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench): Ditto.
4454 (bench_gcm_encrypt_do_bench, bench_gcm_decrypt_do_bench)
4455 (bench_gcm_authenticate_do_bench, bench_poly1305_encrypt_do_bench)
4456 (bench_poly1305_decrypt_do_bench)
4457 (bench_poly1305_authenticate_do_bench, poly1305_encrypt_ops)
4458 (poly1305_decrypt_ops, poly1305_authenticate_ops): New.
4459 (cipher_modes): Add Poly1305.
4460 (cipher_bench_one): Add special handling for Poly1305.
4462 Add Poly1305-AES (-Camellia, etc) MACs.
4463 + commit 73b3b75c2221a6e3bed4117e0a206a1193acd2ed
4464 * cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes)
4465 (_gcry_mac_type_spec_poly1305_camellia)
4466 (_gcry_mac_type_spec_poly1305_twofish)
4467 (_gcry_mac_type_spec_poly1305_serpent)
4468 (_gcry_mac_type_spec_poly1305_seed): New.
4469 * cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and
4471 (poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling
4472 for Poly1305-*** MACs.
4473 (poly1305mac_prepare_key, poly1305mac_setiv): New.
4474 (poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling
4476 (poly1305mac_ops): Add 'poly1305mac_setiv'.
4477 (_gcry_mac_type_spec_poly1305_aes)
4478 (_gcry_mac_type_spec_poly1305_camellia)
4479 (_gcry_mac_type_spec_poly1305_twofish)
4480 (_gcry_mac_type_spec_poly1305_serpent)
4481 (_gcry_mac_type_spec_poly1305_seed): New.
4482 * cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish,
4483 Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia.
4484 * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES',
4485 'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH',
4486 'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'.
4487 * tests/basic.c (check_mac): Add Poly1305-AES test vectors.
4488 * tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs.
4489 * tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs.
4492 + commit b8794fed68ebe7567f4617141f0996ad290d9120
4493 * cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and
4494 'poly1305-internal.h'.
4495 * cipher/mac-internal.h (poly1305mac_context_s): New.
4496 (gcry_mac_handle): Add 'u.poly1305mac'.
4497 (_gcry_mac_type_spec_poly1305mac): New.
4498 * cipher/mac-poly1305.c: New.
4499 * cipher/mac.c (mac_list): Add Poly1305.
4500 * cipher/poly1305-internal.h: New.
4501 * cipher/poly1305.c: New.
4502 * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'.
4503 * tests/basic.c (check_mac): Add Poly1035 test vectors; Allow
4504 overriding lengths of data and key buffers.
4505 * tests/bench-slope.c (mac_bench): Increase max algo number from 500 to
4507 * tests/benchmark.c (mac_bench): Ditto.
4509 chacha20/AVX2: clear upper-halfs of YMM registers on entry.
4510 + commit c20daeeb05329bfc6cc2c562cbd4b965291fe0e1
4511 * cipher/chacha20-avx2-amd64.S (_gcry_chacha20_amd64_avx2_blocks): Add
4512 'vzeroupper' at beginning.
4514 chacha20/AVX2: check for ENABLE_AVX2_SUPPORT instead of HAVE_GCC_INLINE_ASM_AVX2
4515 + commit a3062db748f272e0f7346e1ed9e0bf7ed61a4eae
4516 * cipher/chacha20.c (USE_AVX2): Enable depending on
4517 ENABLE_AVX2_SUPPORT, not HAVE_GCC_INLINE_ASM_AVX2.
4518 * cipher/chacha20-avx2-amd64.S: Ditto.
4520 chacha20/SSSE3: clear XMM registers after use.
4521 + commit a7d9eeeba632b7eb4a5b15ff17f6565181642f3c
4522 * cipher/chacha20-ssse3-amd64.S (_gcry_chacha20_amd64_ssse3_blocks): On
4523 return, clear XMM registers.
4525 2014-05-11 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4527 chacha20: add AVX2/AMD64 assembly implementation.
4528 + commit a39ee7555691d18cae97560f130aaf952bfbd278
4529 * cipher/Makefile.am: Add 'chacha20-avx2-amd64.S'.
4530 * cipher/chacha20-avx2-amd64.S: New.
4531 * cipher/chacha20.c (USE_AVX2): New macro.
4532 [USE_AVX2] (_gcry_chacha20_amd64_avx2_blocks): New.
4533 (chacha20_do_setkey): Select AVX2 implementation if there is HW
4535 (selftest): Increase size of buf by 256.
4536 * configure.ac [host=x86-64]: Add 'chacha20-avx2-amd64.lo'.
4538 chacha20: add SSSE3 assembly implementation.
4539 + commit def7d4cad386271c6d4e2f10aabe0cb4abd871e4
4540 * cipher/Makefile.am: Add 'chacha20-ssse3-amd64.S'.
4541 * cipher/chacha20-ssse3-amd64.S: New.
4542 * cipher/chacha20.c (USE_SSSE3): New macro.
4543 [USE_SSSE3] (_gcry_chacha20_amd64_ssse3_blocks): New.
4544 (chacha20_do_setkey): Select SSSE3 implementation if there is HW
4546 * configure.ac [host=x86-64]: Add 'chacha20-ssse3-amd64.lo'.
4548 Add ChaCha20 stream cipher.
4549 + commit 23f33d57c9b6f2295a8ddfc9a8eee5a2c30cf406
4550 * cipher/Makefile.am: Add 'chacha20.c'.
4551 * cipher/chacha20.c: New.
4552 * cipher/cipher.c (cipher_list): Add ChaCha20.
4553 * configure.ac: Add ChaCha20.
4554 * doc/gcrypt.texi: Add ChaCha20.
4555 * src/cipher.h (_gcry_cipher_spec_chacha20): New.
4556 * src/gcrypt.h.in (GCRY_CIPHER_CHACHA20): Add new algo.
4557 * tests/basic.c (MAX_DATA_LEN): Increase to 128 from 100.
4558 (check_stream_cipher): Add ChaCha20 test-vectors.
4559 (check_ciphers): Add ChaCha20.
4561 2014-05-09 Werner Koch <wk@gnupg.org>
4563 mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit.
4564 + commit 246b7aaae1ee459f440260bbc4ec2c01c5dc3362
4565 * mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear
4566 allocated but not used bits before resizing.
4567 * tests/t-mpi-bits.c (set_bit_with_resize): New.
4569 2014-05-07 Werner Koch <wk@gnupg.org>
4572 + commit fc6ff6f73a51bcbbbb3757dc1386da40aa3ae75d
4573 * configure.ac: Bumb LT version to C21/A1/R0.
4575 2014-04-22 Werner Koch <wk@gnupg.org>
4577 random: Small patch for consistency and really burn the stack.
4578 + commit a79c4ad7c56ee4410f17beb73eeb58b0dd36bfc6
4579 * random/rndlinux.c (_gcry_rndlinux_gather_random): s/int/size_t/.
4580 (_gcry_rndlinux_gather_random): Replace memset by wipememory.
4582 2014-04-16 Werner Koch <wk@gnupg.org>
4584 pubkey: Re-map all depreccated RSA algo numbers.
4585 + commit 773e23698218755e9172d2507031a8263c47cc0b
4586 * cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S.
4588 2014-04-15 Werner Koch <wk@gnupg.org>
4590 cipher: Fix possible NULL dereference.
4591 + commit ae1fbce6dacf14747af0126e640bd4e54cb8c680
4592 * cipher/md.c (_gcry_md_selftest): Check for spec being NULL.
4594 2014-03-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4596 3des: add amd64 assembly implementation for 3DES.
4597 + commit b76b632a453b8d100d024e2439b4358454dc286e
4598 * cipher/Makefile.am: Add 'des-amd64.S'.
4599 * cipher/cipher-selftests.c (_gcry_selftest_helper_cbc)
4600 (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Handle failures
4601 from 'setkey' function.
4602 * cipher/cipher.c (_gcry_cipher_open_internal) [USE_DES]: Setup bulk
4604 * cipher/des-amd64.S: New file.
4605 * cipher/des.c (USE_AMD64_ASM, ATTR_ALIGNED_16): New macros.
4606 [USE_AMD64_ASM] (_gcry_3des_amd64_crypt_block)
4607 (_gcry_3des_amd64_ctr_enc), _gcry_3des_amd64_cbc_dec)
4608 (_gcry_3des_amd64_cfb_dec): New prototypes.
4609 [USE_AMD64_ASM] (tripledes_ecb_crypt): New function.
4610 (TRIPLEDES_ECB_BURN_STACK): New macro.
4611 (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec)
4612 (bulk_selftest_setkey, selftest_ctr, selftest_cbc, selftest_cfb): New
4614 (selftest): Add call to CTR, CBC and CFB selftest functions.
4615 (do_tripledes_encrypt, do_tripledes_decrypt): Use
4616 TRIPLEDES_ECB_BURN_STACK.
4617 * configure.ac [host=x86-64]: Add 'des-amd64.lo'.
4618 * src/cipher.h (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec)
4619 (_gcry_3des_cfb_dec): New prototypes.
4621 2014-03-13 Werner Koch <wk@gnupg.org>
4623 tests: Print diagnostics for skipped tests.
4624 + commit 50aeee51a0b1a09dd9fff2bb71749a816fe7a791
4625 * tests/basic.c (show_note): New.
4626 (show_md_not_available):
4627 (show_old_hmac_not_available):
4628 (show_mac_not_available):
4629 (check_digests): Remove USE_foo cpp tests from the test table. Call
4630 show_md_not_available if algo is not available.
4631 (check_hmac): Likewise.
4632 (check_mac): Likewise.
4634 2014-03-11 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4636 Add MD2 message digest implementation.
4637 + commit 5a8e1504bf8a2ffbc018be576dea77b685200444
4638 * cipher/md2.c: New.
4639 * cipher/md.c (digest_list): add _gcry_digest_spec_md2.
4640 * tests/basic.c (check_digests): add MD2 test vectors.
4641 * configure.ac (default_digests): disable md2 by default.
4643 2014-03-04 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4645 Add an utility to calculate hashes over a set of files.
4646 + commit 2b5403c408dfbd71be24c7635f5fa0b61ab4c9bb
4647 * tests/gchash.c: New.
4649 Add a simple (raw) PKCS#1 padding mode.
4650 + commit ea8d597726305274214224757b32730644e12bd8
4651 * src/cipher.h (PUBKEY_ENC_PKCS1_RAW): New.
4652 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Handle pkcs1-raw
4654 * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi):
4655 Handle s-exp like (data (flags pkcs1-raw) (value xxxxx))
4656 * cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig):
4657 PKCS#1-encode data with embedded hash OID for signature verification.
4658 * tests/basic.c (check_pubkey_sign): Add tests for s-exps with pkcs1-raw
4661 2014-02-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4663 Fix ARMv6 detection when CFLAGS modify target CPU architecture.
4664 + commit 6be3032048ee2466511d2384fcf2d28b856219b2
4665 * configure.ac (gcry_cv_cc_arm_arch_is_v6): Use compiler test instead
4666 of preprocessor test.
4668 2014-01-29 Werner Koch <wk@gnupg.org>
4670 Reserve control code for FIPS extensions.
4671 + commit aea96a64fbc58a0b6f9f435e97e93294c6eb1052
4672 * src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New.
4673 (GCRYCTL_REACTIVATE_FIPS_FLAG): New.
4674 * src/global.c (_gcry_vcontrol): Add them but return not_implemented.
4676 2014-01-29 NIIBE Yutaka <gniibe@fsij.org>
4679 + commit 121a90d8931944974054f7d94f63b7f89df87fa5
4680 * cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse.
4682 2014-01-28 Werner Koch <wk@gnupg.org>
4684 cipher: Take care of ENABLE_NEON_SUPPORT.
4685 + commit 52f7c48c901a3de51bd690a218f3de2f71e8d790
4686 * cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if
4687 ENABLE_NEON_SUPPORT is defined.
4688 * cipher/serpent.c (USE_NEON): Ditto.
4689 * cipher/sha1.c (USE_NEON): Ditto.
4690 * cipher/sha512.c (USE_ARM_NEON_ASM): Ditto.
4692 sexp: Fix broken gcry_sexp_nth.
4693 + commit cbdc355415f83ed62da4f3618767eba54d7e6d37
4694 * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data
4696 (NODE): Remove unused typedef.
4697 (ST_HINT): Comment unused macro.
4699 * tests/t-sexp.c (bug_1594): New.
4700 (main): Run new test.
4702 2014-01-27 Werner Koch <wk@gnupg.org>
4704 tests: Improve t-common.h.
4705 + commit 7460e9243b3cc050631c37ed4f2713ae7bcb6762
4706 * tests/t-common.h: Add couple of macros. Check that config.h has
4708 (show): Rename to info.
4709 * tests/t-lock.c, tests/t-sexp.c: Adjust for changes.
4711 mpi: Minor fix for Atari-mint.
4712 + commit 3caa0f1319dc4779e0d6eee4460c1af2a12b2c3c
4713 * mpi/config.links [m68k-atari-mint]: Do not assume 68020. Suggested
4716 (cherry picked from commit 420f42a5752e90a8b27d58ffa1ddfe6e4ab341e8)
4718 2014-01-27 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4720 Fix most of memory leaks in tests code.
4721 + commit 5c150ece094bf0a504a111ce6c7b72e8d0b0457a
4722 * tests/basic.c (check_ccm_cipher): Close cipher after use.
4723 * tests/basic.c (check_one_cipher): Correct length of used buffer.
4724 * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer
4726 * tests/keygen.c (check_ecc_keys): Release generated key.
4727 * tests/t-mpi-point.c (context_param): Release mpi Q.
4728 * tests/t-sexp.c (check_extract_param): Release extracted number.
4730 Fix memory leaks in ecc code.
4731 + commit 6d87e6abdfb7552323a95401f14e6367398a3e5a
4732 * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
4734 * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
4736 * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.
4738 Fix number of blocks passed used in _gcry_rmd160_mixblock.
4739 + commit 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41
4740 * cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform
4742 2014-01-27 Werner Koch <wk@gnupg.org>
4744 Small Windows build tweaks.
4745 + commit f7df906171854b6b6506b82d4fee2c2ebb0327ea
4746 * configure.ac (HAVE_PTHREAD): Do test when building for Windows.
4748 * tests/basic.c: Replace "%zi" by "%z" and a cast to make it work
4751 Update gpg-error autoconf macros to fix threading problems.
4752 + commit 79da0358fd555361e1ce4202f55494a8918eb8ae
4753 * m4/gpg-error.m4: Update to version 2014-01-24.
4754 * tests/Makefile.am (t_lock_LDADD): Use MT Libs.
4756 2014-01-24 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4758 tests: Pass -no-install to libtool.
4759 + commit bf34bfa5c458ee5ece91f25e3b4194d768498ab6
4760 * tests/Makefile.am: add AM_LDFLAGS = -no-install
4762 2014-01-24 Werner Koch <wk@gnupg.org>
4764 tests: Add a test for the internal locking.
4765 + commit ff91ec934ed52294cddcd7dcfacc04721a0487bf
4766 * src/global.c (external_lock_test): New.
4767 (_gcry_vcontrol): Call new function with formerly reserved code 61.
4769 * tests/t-common.h: New. Taken from current libgpg-error.
4770 * tests/t-lock.c: New. Based on t-lock.c from libgpg-error.
4771 * configure.ac (HAVE_PTHREAD): Set macro to 1 if defined.
4772 (AC_CHECK_FUNCS): Check for flockfile.
4773 * tests/Makefile.am (tests_bin): Add t-lock.
4774 (noinst_HEADERS): Add t-common.h
4775 (LDADD): Move value to ...
4776 (default_ldadd): new.
4777 (t_lock_LDADD): New.
4779 Check compiler features only for the relevant platform.
4780 + commit 24e65d715812cea28732397870cb1585b8435521
4781 * mpi/config.links (mpi_cpu_arch): Always set for ARM. Set for HPPA.
4782 Set to "undefined" for unknown platforms.
4783 (try_asm_modules): Act upon only after having detected the CPU.
4784 * configure.ac: Move the call to config.links before the platform
4785 specific compiler checks. Check platform specific features only if
4786 the platform is targeted.
4788 2014-01-23 Werner Koch <wk@gnupg.org>
4790 Support building using the latest mingw-w64 toolchain.
4791 + commit 4ad3417acab5021db1f722c314314ce4b781833a
4792 * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection.
4794 2014-01-20 Werner Koch <wk@gnupg.org>
4796 cipher: Fix commit 94030e44.
4797 + commit dad06e4d1b835bac778b87090b1d3894b7535b14
4798 * cipher/tiger.c (tiger_init): Add arg FLAGS.
4799 (tiger1_init, tiger2_init): Ditto.
4801 tests: Rename tsexp.c.
4802 + commit 192e77d123fdb04c459c998b9eb1731618a833fa
4803 * tests/tsexp.c: Rename to t-sexp.c
4805 2014-01-19 Werner Koch <wk@gnupg.org>
4807 md: Add Whirlpool bug emulation feature.
4808 + commit 94030e44aaff805d754e368507f16dd51a531b72
4809 * src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New.
4810 * src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS. Change all code
4811 to implement that flag.
4812 * cipher/md.c (gcry_md_context): Replace SECURE and FINALIZED by bit
4813 field FLAGS. Add flag BUGEMU1. Change all users.
4814 (md_open): Replace args SECURE and HMAC by FLAGS. Init flags.bugemu1.
4815 (_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1.
4816 (md_enable): Pass bugemu1 flag to the hash init function.
4817 (_gcry_md_reset): Ditto.
4819 2014-01-17 Werner Koch <wk@gnupg.org>
4821 Actually check for uint64_t.
4822 + commit c3b30bae7d1e157f8b65e32ba1b3a516f2bbf58b
4823 * configure.ac: Check size of uint64_t and the UINT64_C macro.
4825 2014-01-16 Werner Koch <wk@gnupg.org>
4827 Replace ath based mutexes by gpgrt based locks.
4828 + commit cfc151ba637200e4fc05d9481a8df2071b2f9a47
4829 * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13.
4831 * src/ath.c, src/ath.h: Remove. Remove from all files. Replace all
4832 mutexes by gpgrt based statically initialized locks.
4833 * src/global.c (global_init): Remove ath_init.
4834 (_gcry_vcontrol): Make ath install a dummy function.
4835 (print_config): Remove threads info line.
4837 * doc/gcrypt.texi: Simplify the multi-thread related documentation.
4839 2014-01-15 NIIBE Yutaka <gniibe@fsij.org>
4841 ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1.
4842 + commit 49edeebb43174865cf4fa2c170a42a8e4274c4f0
4843 * mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0.
4844 * tests/t-mpi-point.c (context_alloc): Remove two spurious tests.
4846 2014-01-14 Milan Broz <gmazyland@gmail.com>
4848 PBKDF2: Use gcry_md_reset to speed up calculation.
4849 + commit 04cda6b7cc16f3f52c12d9d3e46c56701003496e
4850 * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset
4851 to speed up calculation.
4853 2014-01-13 Werner Koch <wk@gnupg.org>
4855 Fix macro conflict in NetBSD.
4856 + commit 5f2af6c26bc04975c0b518881532871d7387d7ce
4857 * cipher/bithelp.h (bswap32): Rename to _gcry_bswap32.
4858 (bswap64): Rename to _gcry_bswap64.
4860 Use internal malloc function in fips.c.
4861 + commit 518ae274a1845ce626b2b4223a9b3805cbbab1a7
4862 * src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/.
4864 2014-01-13 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4866 Truncate hash values for ECDSA signature scheme.
4867 + commit 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225
4868 * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque
4869 mpis as required for DSA and ECDSA signature schemas.
4870 * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to
4871 behave like the rest of internal sign/verify functions.
4872 * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation.
4873 * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation.
4874 * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify):
4875 as required by ECDSA scheme, truncate hash values to bitlength of
4877 * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash
4880 Add GOST R 34.10-2012 curves proposed by TC26.
4881 + commit 2c5ec803100ed8261e51442fb93b75367b7725ea
4882 * cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves
4883 proposed/pending to standardization by TC26 (Russian cryptography
4885 * cipher/ecc-curves.c (curve_alias): Add OID aliases.
4886 * tests/curves.c: Increase N_CURVES.
4888 Add GOST R 34.10-2001 curves per RFC4357.
4889 + commit 9bedc5c3b646dfe481678ca58f5466ac46decaf7
4890 * cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357.
4891 * cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST
4893 * tests/curves.c (N_CURVES): Update value.
4895 Fix typo in search_oid.
4896 + commit 7edcb574d8d6dffb6e234c2ba1996a9a04923859
4897 * cipher/md.c (search_oid): Invert condition on oid comparison.
4899 Add MD2-HMAC calculation support.
4900 + commit 653b58cb5e85511b6c04c3f85ef3e372c2e9f74f
4901 * src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New.
4902 * cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2.
4904 Add a function to retrieve algorithm used by MAC handler.
4905 + commit 8439a379c86ef1088465ea70ac10840759a1638e
4906 * cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo.
4907 * src/visibility.c (gcry_mac_get_algo): New wrapper.
4908 * src/visibility.h: Hanlde gcry_mac_get_algo.
4909 * src/gcrypt-int.h (_gcry_mac_get_algo): New.
4910 * src/gcrypt.h.in (gcry_mac_get_algo): New.
4911 * src/libgcrypt.def (gcry_mac_get_algo): New.
4912 * src/libgcrypt.vers (gcry_mac_get_algo): New.
4913 * doc/gcrypt.texi: Document gcry_mac_get_algo.
4914 * tests/basic.c (check_one_mac): Verify gcry_mac_get_algo.
4916 Correct formatting of gcry_mac_get_algo_keylen documentation.
4917 + commit 36c9e0e4eb4f935da90df1c8df484d1940bda5eb
4918 * doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen
4921 Use braces around unsigned int in gcry_mac_get_algo_keylen
4922 documentation, otherwise texinfo breaks that and uses 'int' as a
4923 function definition.
4925 2014-01-13 Werner Koch <wk@gnupg.org>
4927 ecc: Make a macro shorter.
4928 + commit 2ef48ba59c32bfa1a9265d5eea8ab225a658903a
4929 * src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage
4931 * cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
4933 * mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
4934 (add_points_twistededwards): Rename to add_points_edwards.
4936 2014-01-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4938 Fix assembly division check.
4939 + commit ef3e66e168c4b9b86bfc4903001631e53a7125d8
4940 * configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable
4941 name mismatch at '--Wa,--divide' workaround check.
4943 2014-01-12 NIIBE Yutaka <gniibe@fsij.org>
4945 Add secp256k1 curve.
4946 + commit 019e0e9e8c77a2edf283745e05e9301673ea6a0a
4947 * cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID.
4948 (domain_parms): Add secp256k1's domain paramerter.
4950 * tests/basic.c (check_pubkey): Add a key of secp256k1.
4952 * tests/curves.c (N_CURVES): Updated.
4954 2014-01-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4956 Fix constant division for AMD64 assembly on Solaris/x86.
4957 + commit 43376891c01f4aff1fbfb23beafebb5adfd0868c
4958 * configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for
4959 constant division in assembly and test for "-Wa,--divide" workaround.
4960 (gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division.
4962 2014-01-10 Werner Koch <wk@gnupg.org>
4964 Use the generic autogen.sh script.
4965 + commit b0ac1f9b143aa15855914ba93fef900288d45c9c
4967 * Makefile.am (EXTRA_DIST): Add it.
4968 * autogen.sh: Update from current GnuPG.
4970 Move all helper scripts to build-aux/
4971 + commit df9b4eabf52faee6f289a4bc62219684442ae383
4972 * scripts/: Rename to build-aux/.
4973 * compile, config.guess, config.rpath, config.sub
4974 * depcomp, doc/mdate-sh, doc/texinfo.tex
4975 * install-sh, ltmain.sh, missing: Move to build-aux/.
4976 * Makefile.am (EXTRA_DIST): Adjust.
4977 * configure.ac (AC_CONFIG_AUX_DIR): New.
4978 (AM_SILENT_RULES): New.
4980 2013-12-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
4982 Add blowfish/serpent ARM assembly files to Makefile.am.
4983 + commit 7fef7f481c0a1542be34d1dc831f58d41846ac29
4984 * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'.
4986 Add AMD64 assembly implementation for arcfour.
4987 + commit 7547898109c72a97e3102b2a045ee4fdb2aa40bf
4988 * cipher/Makefile.am: Add 'arcfour-amd64.S'.
4989 * cipher/arcfour-amd64.S: New.
4990 * cipher/arcfour.c (USE_AMD64_ASM): New.
4991 [USE_AMD64_ASM] (ARCFOUR_context, _gcry_arcfour_amd64)
4992 (encrypt_stream): New.
4993 * configure.ac [host=x86_64]: Add 'arcfour-amd64.lo'.
4995 Parse /proc/cpuinfo for ARM HW features.
4996 + commit a05be441d8cd89b90d8d58e3a343a436dae377d0
4997 * src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO)
4998 (detect_arm_proc_cpuinfo): New.
4999 (_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for
5002 Fix buggy/incomplete detection of AVX/AVX2 support.
5003 + commit bbcb12187afb1756cb27296166b57fa19ee45d4d
5004 * configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2
5005 inline assembly checks.
5006 * src/hwf-x86.c [__i386__] (get_xgetbv): New function.
5007 [__x86_64__] (get_xgetbv): New function.
5008 [HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for
5009 XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are
5012 2013-12-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5014 Change utf-8 copyright characters to '(C)'
5015 + commit b7e814f93ee40fcfe17a187a8989c07fde2ba0cd
5016 cipher/blowfish-amd64.S: Change utf-8 encoded copyright character to
5018 cipher/blowfish-arm.S: Ditto.
5019 cipher/bufhelp.h: Ditto.
5020 cipher/camellia-aesni-avx-amd64.S: Ditto.
5021 cipher/camellia-aesni-avx2-amd64.S: Ditto.
5022 cipher/camellia-arm.S: Ditto.
5023 cipher/cast5-amd64.S: Ditto.
5024 cipher/cast5-arm.S: Ditto.
5025 cipher/cipher-ccm.c: Ditto.
5026 cipher/cipher-cmac.c: Ditto.
5027 cipher/cipher-gcm.c: Ditto.
5028 cipher/cipher-selftest.c: Ditto.
5029 cipher/cipher-selftest.h: Ditto.
5030 cipher/mac-cmac.c: Ditto.
5031 cipher/mac-gmac.c: Ditto.
5032 cipher/mac-hmac.c: Ditto.
5033 cipher/mac-internal.h: Ditto.
5034 cipher/mac.c: Ditto.
5035 cipher/rijndael-amd64.S: Ditto.
5036 cipher/rijndael-arm.S: Ditto.
5037 cipher/salsa20-amd64.S: Ditto.
5038 cipher/salsa20-armv7-neon.S: Ditto.
5039 cipher/serpent-armv7-neon.S: Ditto.
5040 cipher/serpent-avx2-amd64.S: Ditto.
5041 cipher/serpent-sse2-amd64.S: Ditto.
5043 Add ARM/NEON implementation for SHA-1.
5044 + commit fc7dcf616937afaf73cfda1bf7bd79566a96b130
5045 * cipher/Makefile.am: Add 'sha1-armv7-neon.S'.
5046 * cipher/sha1-armv7-neon.S: New.
5047 * cipher/sha1.c (USE_NEON): New.
5048 (SHA1_CONTEXT, sha1_init) [USE_NEON]: Add and initialize 'use_neon'.
5049 [USE_NEON] (_gcry_sha1_transform_armv7_neon): New.
5050 (transform) [USE_NEON]: Use ARM/NEON assembly if enabled.
5051 * configure.ac: Add 'sha1-armv7-neon.lo'.
5053 Improve performance of SHA-512/ARM/NEON implementation.
5054 + commit df629ba53a662427ebd3ddca90c3fe9ddd6511d3
5055 * cipher/sha512-armv7-neon.S (RT01q, RT23q, RT45q, RT67q): New.
5056 (round_0_63, round_64_79): Remove.
5057 (rounds2_0_63, rounds2_64_79): New.
5058 (_gcry_sha512_transform_armv7_neon): Add 'nblks' input; Handle multiple
5059 input blocks; Use new round macros.
5060 * cipher/sha512.c [USE_ARM_NEON_ASM]
5061 (_gcry_sha512_transform_armv7_neon): Add 'num_blks'.
5062 (transform) [USE_ARM_NEON_ASM]: Pass nblks to assembly.
5064 Add AVX and AVX2/BMI implementations for SHA-256.
5065 + commit a5c2bbfe0db515d739ab683297903c77b1eec124
5066 * LICENSES: Add 'cipher/sha256-avx-amd64.S' and
5067 'cipher/sha256-avx2-bmi2-amd64.S'.
5068 * cipher/Makefile.am: Add 'sha256-avx-amd64.S' and
5069 'sha256-avx2-bmi2-amd64.S'.
5070 * cipher/sha256-avx-amd64.S: New.
5071 * cipher/sha256-avx2-bmi2-amd64.S: New.
5072 * cipher/sha256-ssse3-amd64.S: Use 'lea' instead of 'add' in few
5073 places for tiny speed improvement.
5074 * cipher/sha256.c (USE_AVX, USE_AVX2): New.
5075 (SHA256_CONTEXT) [USE_AVX, USE_AVX2]: Add 'use_avx' and 'use_avx2'.
5076 (sha256_init, sha224_init) [USE_AVX, USE_AVX2]: Initialize above
5077 new context members.
5078 [USE_AVX] (_gcry_sha256_transform_amd64_avx): New.
5079 [USE_AVX2] (_gcry_sha256_transform_amd64_avx2): New.
5080 (transform) [USE_AVX2]: Use AVX2 assembly if enabled.
5081 (transform) [USE_AVX]: Use AVX assembly if enabled.
5082 * configure.ac: Add 'sha256-avx-amd64.lo' and
5083 'sha256-avx2-bmi2-amd64.lo'.
5085 2013-12-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5087 Add AVX and AVX/BMI2 implementations for SHA-1.
5088 + commit e4e458465b124e25b6aec7a60174bf1ca32dc5fd
5089 * cipher/Makefile.am: Add 'sha1-avx-amd64.S' and
5090 'sha1-avx-bmi2-amd64.S'.
5091 * cipher/sha1-avx-amd64.S: New.
5092 * cipher/sha1-avx-bmi2-amd64.S: New.
5093 * cipher/sha1.c (USE_AVX, USE_BMI2): New.
5094 (SHA1_CONTEXT) [USE_AVX]: Add 'use_avx'.
5095 (SHA1_CONTEXT) [USE_BMI2]: Add 'use_bmi2'.
5096 (sha1_init): Initialize 'use_avx' and 'use_bmi2'.
5097 [USE_AVX] (_gcry_sha1_transform_amd64_avx): New.
5098 [USE_BMI2] (_gcry_sha1_transform_amd64_bmi2): New.
5099 (transform) [USE_BMI2]: Use BMI2 assembly if enabled.
5100 (transform) [USE_AVX]: Use AVX assembly if enabled.
5101 * configure.ac: Add 'sha1-avx-amd64.lo' and 'sha1-avx-bmi2-amd64.lo'.
5103 SHA-1/SSSE3: Improve performance on large buffers.
5104 + commit 6fd0dd2a5f1362f91e2861cd9d300341a43842a5
5105 * cipher/sha1-ssse3-amd64.S (RNBLKS): New.
5106 (_gcry_sha1_transform_amd64_ssse3): Handle multiple input blocks, with
5107 software pipelining of next data block processing.
5108 * cipher/sha1.c [USE_SSSE3] (_gcry_sha1_transform_amd64_ssse3): Add
5110 (transform) [USE_SSSE3]: Pass nblks to assembly function.
5112 Add bulk processing for hash transform functions.
5113 + commit 50b8c8342d023038a4b528af83153293dd2756ea
5114 * cipher/hash-common.c (_gcry_md_block_write): Preload 'hd->blocksize'
5115 to stack, pass number of blocks to 'hd->bwrite'.
5116 * cipher/hash-common.c (_gcry_md_block_write_t): Add 'nblks'.
5117 * cipher/gostr3411-94.c: Rename 'transform' function to
5118 'transform_blk', add new 'transform' function with 'nblks' as
5120 * cipher/md4.c: Ditto.
5121 * cipher/md5.c: Ditto.
5122 * cipher/md4.c: Ditto.
5123 * cipher/rmd160.c: Ditto.
5124 * cipher/sha1.c: Ditto.
5125 * cipher/sha256.c: Ditto.
5126 * cipher/sha512.c: Ditto.
5127 * cipher/stribog.c: Ditto.
5128 * cipher/tiger.c: Ditto.
5129 * cipher/whirlpool.c: Ditto.
5131 2013-12-16 Werner Koch <wk@gnupg.org>
5134 + commit 0ea9731e1c93a962f6266004ab0e7418c19d6277
5137 doc: Change yat2m to allow arbitrary condition names.
5138 + commit 9a912f8c4f366c53f1cdb94513b67b937e87178b
5139 * doc/yat2m.c (MAX_CONDITION_NESTING): New.
5140 (gpgone_defined): Remove.
5141 (condition_s, condition_stack, condition_stack_idx): New.
5142 (cond_is_active, cond_in_verbatim): New.
5143 (add_predefined_macro, set_macro, macro_set_p): New.
5144 (evaluate_conditions, push_condition, pop_condition): New.
5145 (parse_file): Rewrite to use the condition stack.
5146 (top_parse_file): Set prefined macros.
5147 (main): Change -D to define arbitrary macros.
5149 tests: Add SHA-512 to the long hash test.
5150 + commit 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020
5151 * tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512.
5152 * tests/hashtest-256g.in (algos): Add test for SHA-512.
5154 Add configure option --enable-large-data-tests.
5155 + commit a6b9304a889397ac98e1c2c4ac3e178669d94492
5156 * configure.ac: Add option --enable-large-data-tests.
5157 * tests/hashtest-256g.in: New.
5158 * tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in.
5159 (TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and
5161 (tests_sh_last): Add hashtest-256g
5162 (noinst_PROGRAMS): Add only tests_bin and tests_bin_last.
5163 (bench-slope.log, hashtest-256g.log): New rules to enforce serial run.
5165 random: Call random progress handler more often.
5166 + commit 5a7ce59396fe56f0d681df314bfbdb5f7732d4b1
5167 * random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress
5170 cipher: Normalize the MPIs used as input to secret key functions.
5171 + commit dec048b2ec79271a2f4405be5b87b1e768b3f1a9
5172 * cipher/dsa.c (sign): Normalize INPUT.
5173 * cipher/elgamal.c (decrypt): Normalize A and B.
5174 * cipher/rsa.c (secret): Normalize the INPUT.
5175 (rsa_decrypt): Reduce DATA before passing to secret.
5177 2013-12-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5179 Change dummy variable in mpih-div.c to mpi_limb_t type.
5180 + commit 953535a7de68cf62b5b1ad6f96ea3a9edd83762c
5181 * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy
5182 variable to 'mpi_limb_t' type from 'int'.
5184 Remove duplicate gcry_mac_hd_t typedef.
5185 + commit 5c31990214b58c4e17edb01fbbe6d9f573975a22
5186 * cipher/mac-internal.h (gcry_mac_hd_t): Remove.
5188 2013-12-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5190 Use u64 for CCM data lengths.
5191 + commit 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d
5192 * cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF].
5193 [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for
5195 [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt)
5196 (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce)
5197 (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag)
5198 (_gcry_cipher_ccm_check_tag): Dummy functions returning
5199 GPG_ERROR_NOT_SUPPORTED.
5200 * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm)
5201 (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use
5202 u64 instead of size_t for CCM data lengths.
5203 * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset)
5204 (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED
5206 (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for
5207 GCRYCTL_SET_CCM_LENGTHS length parameters.
5208 * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF.
5209 * tests/bench-slope.c: Ditto.
5210 * tests/benchmark.c: Ditto.
5212 2013-12-14 Werner Koch <wk@gnupg.org>
5214 tests: Prevent rare failure of gcry_pk_decrypt test.
5215 + commit bfb43a17d8db571fca4ed433ee8be5c366745844
5216 * tests/basic.c (check_pubkey_crypt): Add special mode 1.
5217 (main): Add option --loop.
5219 2013-12-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5221 Minor fixes to SHA assembly implementations.
5222 + commit ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995
5223 * cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'.
5224 * cipher/sha1-ssse3-amd64.S: First line, correct filename.
5225 * cipher/sha256-ssse3-amd64.S: Return correct stack burn depth.
5226 * cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers.
5227 * cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn
5230 SHA-1/SSSE3: Do not check for Intel syntax assembly support.
5231 + commit c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9
5232 * cipher/sha1-ssse3-amd64.S: Remove check for
5233 HAVE_INTEL_SYNTAX_PLATFORM_AS.
5234 * cipher/sha1.c [USE_SSSE3]: Ditto.
5236 2013-12-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5238 Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm.
5239 + commit d2b853246c2ed056a92096d89c3ca057e45c9c92
5240 * cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to
5241 'sha1-ssse3-amd64.S'.
5242 * cipher/sha1-ssse3-amd64.c: Remove.
5243 * cipher/sha1-ssse3-amd64.S: New.
5245 SHA-1: Add SSSE3 implementation.
5246 + commit be2238f68abcc6f2b4e8c38ad9141376ce622a22
5247 * cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'.
5248 * cipher/sha1-ssse3-amd64.c: New.
5249 * cipher/sha1.c (USE_SSSE3): New.
5250 (SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
5251 (sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'.
5252 (transform): Rename to...
5255 * configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'.
5257 Add missing register clearing in to SHA-256 and SHA-512 assembly.
5258 + commit 04615cc6803cdede25fa92e3ff697e252a23cd7a
5259 * cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return.
5260 * cipher/sha512-avx-amd64.S: Ditto.
5261 * cipher/sha512-avx2-bmi2-amd64.S: Ditto.
5262 * cipher/sha512-ssse3-amd64.S: Ditto.
5264 2013-12-13 Werner Koch <wk@gnupg.org>
5266 Update license information.
5267 + commit 764643a3d5634bcbc47790bd8505f6a1a5280d9c
5269 * Makefile.am (EXTRA_DIST): Add LICENSES.
5270 * AUTHORS: Add list of copyright holders.
5271 * README: Reference AUTHORS.
5273 2013-12-13 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5275 Fix empty clobber in AVX2 assembly check.
5276 + commit e41d605ee41469e8a33cdc4d38f742cfb931f835
5277 * configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly
5281 + commit a71b810ddd67ca3a1773d8f929d162551abb58eb
5282 * random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to
5283 xmalloc, and gcry_xrealloc to xrealloc.
5285 2013-12-12 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5287 SHA-512: Add AVX and AVX2 implementations for x86-64.
5288 + commit 2e4253dc8eb512cd0e807360926dc6ba912c95b4
5289 * cipher/Makefile.am: Add 'sha512-avx-amd64.S' and
5290 'sha512-avx2-bmi2-amd64.S'.
5291 * cipher/sha512-avx-amd64.S: New.
5292 * cipher/sha512-avx2-bmi2-amd64.S: New.
5293 * cipher/sha512.c (USE_AVX, USE_AVX2): New.
5294 (SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'.
5295 (SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'.
5296 (sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'.
5297 (sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'.
5298 [USE_AVX] (_gcry_sha512_transform_amd64_avx): New.
5299 [USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New.
5300 (transform) [USE_AVX2]: Add call for AVX2 implementation.
5301 (transform) [USE_AVX]: Add call for AVX implementation.
5302 * configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check.
5303 (sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'.
5304 * doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'.
5305 * src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New.
5306 * src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2".
5307 * src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and
5310 SHA-512: Add SSSE3 implementation for x86-64.
5311 + commit 69a6d0f9562fcd26112a589318c13de66ce1700e
5312 * cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'.
5313 * cipher/sha512-ssse3-amd64.S: New.
5314 * cipher/sha512.c (USE_SSSE3): New.
5315 (SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
5316 (sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'.
5317 [USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New.
5318 (transform) [USE_SSSE3]: Call SSSE3 implementation.
5319 * configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'.
5321 SHA-256: Add SSSE3 implementation for x86-64.
5322 + commit e1a3931263e67aacec3c0bfcaa86c7d1441d5c6a
5323 * cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'.
5324 * cipher/sha256-ssse3-amd64.S: New.
5325 * cipher/sha256.c (USE_SSSE3): New.
5326 (SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'.
5327 (sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'.
5328 (transform): Rename to...
5330 [USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New.
5332 * configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check.
5333 (sha256): Add 'sha256-ssse3-amd64.lo'.
5334 * doc/gcrypt.texi: Document 'intel-ssse3'.
5335 * src/g10lib.h (HWF_INTEL_SSSE3): New.
5336 * src/hwfeatures.c (hwflist): Add "intel-ssse3".
5337 * src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3.
5339 2013-12-12 Werner Koch <wk@gnupg.org>
5341 Add a configuration file to disable hardware features.
5342 + commit 5e1239b1e2948211ff2675f45cce2b28c3379cfb
5343 * src/hwfeatures.c: Inclyde syslog.h and ctype.h.
5344 (HWF_DENY_FILE): New.
5346 (parse_hwf_deny_file): New.
5347 (_gcry_detect_hw_features): Call it.
5349 * src/mpicalc.c (main): Correctly initialize Libgcrypt. Add options
5350 "--print-config" and "--disable-hwf".
5352 Move list of hardware features to hwfeatures.c.
5353 + commit 4ae77322b681a13da62d01274bcab25be2af12d0
5354 * src/global.c (hwflist, disabled_hw_features): Move to ..
5355 * src/hwfeatures.c: here.
5356 (_gcry_disable_hw_feature): New.
5357 (_gcry_enum_hw_features): New.
5358 (_gcry_detect_hw_features): Remove arg DISABLED_FEATURES.
5359 * src/global.c (print_config, _gcry_vcontrol, global_init): Adjust
5362 Remove macro hacks for internal vs. external functions. Part 2 and last.
5363 + commit 3b30e9840d4b351c4de73b126e561154cb7df4cc
5364 * src/visibility.h: Remove remaining define/undef hacks for symbol
5365 visibility. Add macros to detect the use of the public functions.
5366 Change all affected functions by replacing them by the x-macros.
5367 * src/g10lib.h: Add internal prototypes.
5368 (xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure)
5369 (xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure)
5370 (xcalloc_secure, xrealloc, xstrdup, xfree): New macros.
5372 2013-12-11 Werner Koch <wk@gnupg.org>
5374 random: Add a feature to close device file descriptors.
5375 + commit cd548ba2dc777b8b27d8d33182ba733c20222120
5376 * src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New.
5377 * src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds.
5378 * random/random.c (_gcry_random_close_fds): New.
5379 * random/random-csprng.c (_gcry_rngcsprng_close_fds): New.
5380 * random/random-fips.c (_gcry_rngfips_close_fds): New.
5381 * random/random-system.c (_gcry_rngsystem_close_fds): New.
5382 * random/rndlinux.c (open_device): Add arg retry.
5383 (_gcry_rndlinux_gather_random): Add mode to close open fds.
5385 * tests/random.c (check_close_random_device): New.
5386 (main): Call new test.
5388 2013-12-10 Werner Koch <wk@gnupg.org>
5390 Fix last commit (9a37470c)
5391 + commit eae1e7712e1b687bd77eb37d0eb505fc9d46d93c
5392 * src/secmem.c (lock_pool): Remove remaining line. Reported by Ian
5395 2013-12-09 Werner Koch <wk@gnupg.org>
5397 Fix one-off memory leak when build with Linux capability support.
5398 + commit 9a37470c50ee9966cb2652617a404ddd54a9c096
5399 * src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by
5400 Mike Crowe <mac@mcrowe.com>.
5402 2013-12-09 David 'Digit' Turner <digit@google.com>
5404 Update libtool to support Android.
5405 + commit 2516f0b660b1a7181ad38c44310c627f4f498595
5406 * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool
5409 2013-12-09 Werner Koch <wk@gnupg.org>
5411 tests: Speed up benchmarks in regression test mode.
5412 + commit 2e5354fe8db5288939733d0fb63ad4c87bc20105
5413 * tests/tsexp.c (check_extract_param): Fix compiler warning.
5414 * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST.
5415 * tests/bench-slope.c (main): Speed up if in regression test mode.
5416 * tests/benchmark.c (main): Ditto.
5418 tests: Add --csv option to bench-slope.
5419 + commit 8072e9fa4b42ae8e65e266aa158fd903f1bb0927
5420 * tests/bench-slope.c (STR, STR2): New.
5422 (num_measurement_repetitions): New. Replace use of
5423 NUM_MEASUREMENT_REPETITIONS by this.
5424 (current_section_name, current_algo_name, current_mode_name): New.
5425 (bench_print_result_csv): New.
5426 (bench_print_result_std): Rename from bench_print_result.
5427 (bench_print_result): New. Divert depending on CSV_MODE.
5428 (bench_print_header, bench_print_footer): take care of CSV_MODE.
5429 (bench_print_algo, bench_print_mode): New. Use them instead of
5431 (main): Add options --csv and --repetitions.
5433 2013-12-07 Werner Koch <wk@gnupg.org>
5435 sexp: Allow long names and white space in gcry_sexp_extract_param.
5436 + commit d4555433b6e422fa69a85cae99961f513e55d82b
5437 * src/sexp.c (_gcry_sexp_vextract_param): Skip white space. Support
5438 long parameter names.
5439 * tests/tsexp.c (check_extract_param): Add test cases for long parameter
5440 names and white space.
5442 2013-12-06 Werner Koch <wk@gnupg.org>
5444 ecc: Merge partly duplicated code.
5445 + commit 405021cb6d4e470337302c65dec5bc91491a89c1
5446 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ...
5447 (_gcry_ecc_eddsa_compute_h_d): new function.
5448 * cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function.
5449 (reverse_buffer): Remove.
5451 ecc: Remove unused internal function.
5452 + commit 4cf2c65fe15173c8d68a141a01b34fc1fb9080b7
5453 * src/cipher-proto.h (gcry_pk_spec): Remove get_param.
5454 * cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from
5455 _gcry_ecc_get_param.
5456 (_gcry_ecc_get_param): Remove.
5457 * cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param.
5459 2013-12-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5461 Fix building on mingw32.
5462 + commit 5917ce34e3b3eac4c15f62577e4723974024f818
5463 * src/gcrypt-int.h: Include <types.h>.
5465 2013-12-05 Werner Koch <wk@gnupg.org>
5467 ecc: Change OID for Ed25519.
5468 + commit 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f
5469 * cipher/ecc-curves.c (curve_aliased): Add more suitable OID for
5472 Remove macro hacks for internal vs. external functions. Part 1.
5473 + commit 7bacf1812b55fa78db63abaa1f5a9220e9c6cccc
5474 * src/visibility.h: Remove almost all define/undef hacks for symbol
5475 visibility. Add macros to detect the use of the public functions.
5476 Change all affected functions by prefixing them explicitly with an
5477 underscore and change all internal callers to call the underscore
5478 prefixed versions. Provide convenience macros from sexp and mpi
5480 * src/visibility.c: Change all functions to use only gpg_err_code_t
5481 and translate to gpg_error_t only in visibility.c.
5483 2013-12-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5485 mpi: add inline assembly for x86-64.
5486 + commit 85bb0a98ea5add0296cbcc415d557eaa1f6bd294
5487 * mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm)
5488 (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New.
5490 2013-12-04 NIIBE Yutaka <gniibe@fsij.org>
5492 mpi: fix gcry_mpi_powm for negative base.
5493 + commit c56080c26186d25dec05f01831494c77d8d07e13
5494 * mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]:
5495 Fix for the case where BASE is negative.
5496 * tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19.
5498 2013-12-03 Werner Koch <wk@gnupg.org>
5500 Add build support for ppc64le.
5501 + commit 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51
5502 * config.guess, config.sub: Update to latest version (2013-11-29).
5503 * m4/libtool.m4: Add patches for ppc64le.
5505 2013-12-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5507 rijndael: fix compiler warning on aarch64.
5508 + commit 59b1a1b7ee2923e1bf091071ae716d180c6c6006
5509 * cipher/rijndael.c (do_setkey): Use braces for empty if statement
5510 instead of semicolon.
5512 Add aarch64 (arm64) mpi assembly.
5513 + commit 80896bc8f5e6ed9a627374e34f040ad5f3617584
5514 * mpi/aarch64/mpi-asm-defs.h: New.
5515 * mpi/aarch64/mpih-add1.S: New.
5516 * mpi/aarch64/mpih-mul1.S: New.
5517 * mpi/aarch64/mpih-mul2.S: New.
5518 * mpi/aarch64/mpih-mul3.S: New.
5519 * mpi/aarch64/mpih-sub1.S: New.
5520 * mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64
5522 * mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
5523 (count_leading_zeros): New.
5525 2013-12-02 Werner Koch <wk@gnupg.org>
5527 ecc: Use constant time point operation for Twisted Edwards.
5528 + commit d4ce0cfe0d35d7ec69c115456848b5b735c928ea
5529 * mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time
5530 operation if needed.
5531 * tests/benchmark.c (main): Add option --use-secmem.
5533 ecc: Make gcry_pk_testkey work for Ed25519.
5534 + commit 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2
5535 * cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G
5536 and d. Change all callers.
5537 * cipher/ecc.c (gen_y_2): Remove.
5538 (check_secret_key): Use generic public key compute function. Adjust
5539 for use with Ed25519 and EdDSA.
5540 (nist_generate_key): Do not use the compliant key thingy for Ed25519.
5541 (ecc_check_secret_key): Make parameter parsing similar to the other
5543 * cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so
5544 that _gcry_ecc_update_curve_param works correctly.
5545 * tests/keygen.c (check_ecc_keys): Add "param" flag. Check all
5548 ecc: Fix eddsa point decompression.
5549 + commit 485f35124b1a74af0bad321ed70be3a79d8d11d7
5550 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative
5553 ecc: Fix gcry_mpi_ec_curve_point for Weierstrass.
5554 + commit ecb90f8e7c6f2516080d27ed7da6a25f2314da3c
5555 * mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation.
5557 (ec_p_init): Always copy B.
5559 mpi: Introduce 4 user flags for gcry_mpi_t.
5560 + commit 29eddc2558d4cf39995f66d5fccd62f584d5b203
5561 * src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2)
5562 (GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New.
5563 * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag)
5564 (gcry_mpi_get_flag, _gcry_mpi_free): Implement them.
5565 (gcry_mpi_set_opaque): Keep user flags.
5567 2013-11-29 Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com>
5569 Fix armv3 compile error.
5570 + commit 3b1cc9e6c357574f54160298d731c18f3d717b6c
5571 * mpi/longlong.h [__arm__ && __ARM_ARCH < 4] (umul_ppmm): Use
5572 __AND_CLOBBER_CC instead of __CLOBBER_CC.
5574 longlong.h on mips with clang.
5575 + commit 1ecbd0bca31d462719a2a6590c1d03244e76ef89
5576 * mpi/longlong.h [__mips__]: Use C-language version with clang.
5578 2013-11-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5580 Camellia: Tweaks for AES-NI implementations.
5581 + commit 3ef21e7e1b8003db9792155044db95f9d9ced184
5582 * cipher/camellia-aesni-avx-amd64.S: Align stack to 16 bytes; tweak
5583 key-setup for small speed up.
5584 * cipher/camellia-aesni-avx2-amd64.S: Use vmovdqu even with aligned
5585 stack; reorder vinsert128 instructions; use rbp for stack frame.
5587 2013-11-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5589 Add GMAC to MAC API.
5590 + commit a34448c929b13bfb7b66d69169c89e7319a18b31
5591 * cipher/Makefile.am: Add 'mac-gmac.c'.
5592 * cipher/mac-gmac.c: New.
5593 * cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'.
5594 (_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish)
5595 (_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed)
5596 (_gcry_mac_type_spec_gmac_camellia): New externs.
5597 * cipher/mac.c (mac_list): Add GMAC specifications.
5598 * doc/gcrypt.texi: Add mention of GMAC.
5599 * src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms.
5600 * tests/basic.c (check_one_mac): Add support for MAC IVs.
5601 (check_mac): Add support for MAC IVs and add GMAC test vectors.
5602 * tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499.
5603 * tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499.
5605 GCM: Move gcm_table initialization to setkey.
5606 + commit dbfa651618693da7ea73b4d2d00d4efd411bfb46
5607 * cipher/cipher-gcm.c: Change all 'c->u_iv.iv' to
5608 'c->u_mode.gcm.u_ghash_key.key'.
5609 (_gcry_cipher_gcm_setkey): New.
5610 (_gcry_cipher_gcm_initiv): Move ghash initialization to function above.
5611 * cipher/cipher-internal.h (gcry_cipher_handle): Add
5612 'u_mode.gcm.u_ghash_key'; Reorder 'u_mode.gcm' members for partial
5613 clearing in gcry_cipher_reset.
5614 (_gcry_cipher_gcm_setkey): New prototype.
5615 * cipher/cipher.c (cipher_setkey): Add GCM setkey.
5616 (cipher_reset): Clear 'u_mode' only partially for GCM.
5618 2013-11-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5620 GCM: Add support for split data buffers and online operation.
5621 + commit fb1e52e3fe231671de546eacd6becd31c26c4f7b
5622 * cipher/cipher-gcm.c (do_ghash_buf): Add buffering for less than
5623 blocksize length input and padding handling.
5624 (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Add handling
5625 for AAD padding and check if data has already being padded.
5626 (_gcry_cipher_gcm_authenticate): Check that AAD or data has not being
5628 (_gcry_cipher_gcm_initiv): Clear padding marks.
5629 (_gcry_cipher_gcm_tag): Add finalization and padding; Clear sensitive
5630 data from cipher handle, since they are not used after generating tag.
5631 * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.macbuf',
5632 'u_mode.gcm.mac_unused', 'u_mode.gcm.ghash_data_finalized' and
5633 'u_mode.gcm.ghash_aad_finalized'.
5634 * tests/basic.c (check_gcm_cipher): Rename to...
5635 (_check_gcm_cipher): ...this and add handling for different buffer step
5636 lengths; Enable per byte buffer testing.
5637 (check_gcm_cipher): Call _check_gcm_cipher with different buffer step
5640 GCM: Use size_t for buffer sizes.
5641 + commit 2d870a9142e8c8b3f008e1ad8e83e4bdf7a8e4e7
5642 * cipher/cipher-gcm.c (ghash, gcm_bytecounter_add, do_ghash_buf)
5643 (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
5644 (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_geniv)
5645 (_gcry_cipher_gcm_tag): Use size_t for buffer lengths.
5646 * cipher/cipher-internal.h (_gcry_cipher_gcm_encrypt)
5647 (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Use size_t
5650 GCM: add FIPS mode restrictions.
5651 + commit 56d352d6bdcf7abaa33c3399741f5063e2ddc32a
5652 * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
5653 (_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv
5654 was invocated directly.
5655 (_gcry_cipher_gcm_setiv): Rename to...
5656 (_gcry_cipher_gcm_initiv): ...this.
5657 (_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode.
5658 [TODO] (_gcry_cipher_gcm_getiv): New.
5659 * cipher/cipher-internal.h (gcry_cipher_handle): Add
5660 'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'.
5662 GCM: Add clearing and checking of marks.tag.
5663 + commit 32a2da9abc91394b23cf565c1c833fa964394083
5664 * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
5665 (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Make sure
5666 that tag has not been finalized yet.
5667 (_gcry_cipher_gcm_setiv): Clear 'marks.tag'.
5669 GCM: Add stack burning.
5670 + commit 018f08354b1b116672e82f9ce942884b288aaf9e
5671 * cipher/cipher-gcm.c (do_ghash, ghash): Return stack burn depth.
5672 (setupM): Wipe 'tmp' buffer.
5673 (do_ghash_buf): Wipe 'tmp' buffer and add stack burning.
5675 Add aggregated bulk processing for GCM on x86-64.
5676 + commit c9537fbf8ff0af919cff2bebadc4c6e7caea8076
5677 * cipher/cipher-gcm.c [__x86_64__] (gfmul_pclmul_aggr4): New.
5678 (ghash) [GCM_USE_INTEL_PCLMUL]: Add aggregated bulk processing
5680 (setupM) [__x86_64__]: Add initialization for aggregated bulk
5683 GCM: Tweak Intel PCLMUL ghash loop for small speed-up.
5684 + commit 9b6764944284fed733c2f88619b3d9eb5d5c259a
5685 * cipher/cipher-gcm.c (do_ghash): Mark 'inline'.
5686 [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): Rename to...
5687 [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul): ..this and make inline function.
5688 (ghash) [GCM_USE_INTEL_PCLMUL]: Preload data before ghash-pclmul loop.
5690 GCM: Use counter mode code for speed-up.
5691 + commit bd4bd23a2511a4bce63c3217cca0d4ecf0c79532
5692 * cipher/cipher-gcm.c (ghash): Add process for multiple blocks.
5693 (gcm_bytecounter_add, gcm_add32_be128, gcm_check_datalen)
5694 (gcm_check_aadlen_or_ivlen, do_ghash_buf): New functions.
5695 (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
5696 (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_set_iv)
5697 (_gcry_cipher_gcm_tag): Adjust to use above new functions and
5698 counter mode functions for encryption/decryption.
5699 * cipher/cipher-internal.h (gcry_cipher_handle): Remove 'length'; Add
5700 'u_mode.gcm.(addlen|datalen|tagiv|datalen_over_limits)'.
5701 (_gcry_cipher_gcm_setiv): Return gcry_err_code_t.
5702 * cipher/cipher.c (cipher_setiv): Return error code.
5703 (_gcry_cipher_setiv): Handle error code from 'cipher_setiv'.
5705 Add Intel PCLMUL acceleration for GCM.
5706 + commit 5a65ffabadd50f174ab7375faad7a726cce49e61
5707 * cipher/cipher-gcm.c (fillM): Rename...
5708 (do_fillM): ...to this.
5711 (GHASH): Use 'do_ghash' instead of 'ghash'.
5712 [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): New.
5715 (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
5716 (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_setiv)
5717 (_gcry_cipher_gcm_tag): Use 'ghash' instead of 'GHASH' and
5718 'c->u_mode.gcm.u_tag.tag' instead of 'c->u_tag.tag'.
5719 * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): New.
5720 (gcry_cipher_handle): Move 'u_tag' and 'gcm_table' under
5722 * configure.ac (pclmulsupport, gcry_cv_gcc_inline_asm_pclmul): New.
5723 * src/g10lib.h (HWF_INTEL_PCLMUL): New.
5724 * src/global.c: Add "intel-pclmul".
5725 * src/hwf-x86.c (detect_x86_gnuc): Add check for Intel PCLMUL.
5727 GCM: GHASH optimizations.
5728 + commit 0e9e7d72f3c9eb7ac832746c3034855faaf8d02c
5729 * cipher/cipher-gcm.c [GCM_USE_TABLES] (gcmR, ghash): Replace with new.
5730 [GCM_USE_TABLES] [GCM_TABLES_USE_U64] (bshift, fillM, do_ghash): New.
5731 [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (bshift, fillM): Replace with
5733 [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (do_ghash): New.
5734 (_gcry_cipher_gcm_tag): Remove extra memcpy to outbuf and use
5735 buf_eq_const for comparing authentication tag.
5736 * cipher/cipher-internal.h (gcry_cipher_handle): Different 'gcm_table'
5737 for 32-bit and 64-bit platforms.
5739 Add some documentation for GCM mode.
5740 + commit 332da0ed7c8fab6c2bee841c94d8364c2ab4e30d
5741 * doc/gcrypt.texi: Add mention of GCM mode.
5743 2013-11-19 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5745 Initial implementation of GCM.
5746 + commit 90cce18b9eced4f412ceeec5bcae18c4493322df
5747 * cipher/Makefile.am: Add 'cipher-gcm.c'.
5748 * cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths)
5749 (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag)
5750 (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change
5751 'c->u_mode.ccm.tag' to 'c->marks.tag'.
5752 * cipher/cipher-gcm.c: New.
5753 * cipher/cipher-internal.h (GCM_USE_TABLES): New.
5754 (gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and
5755 'gcm_table'; Remove 'u_mode.ccm.tag'.
5756 (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
5757 (_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate)
5758 (_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New.
5759 * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
5760 (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
5761 (_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling.
5762 * src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM.
5763 (GCRY_GCM_BLOCK_LEN): New.
5764 * tests/basic.c (check_gcm_cipher): New.
5765 (check_ciphers): Add GCM check.
5766 (check_cipher_modes): Call 'check_gcm_cipher'.
5767 * tests/bench-slope.c (bench_gcm_encrypt_do_bench)
5768 (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench)
5769 (gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New.
5770 (cipher_modes): Add GCM enc/dec/auth.
5771 (cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size.
5772 * tests/benchmark.c (cipher_bench): Add GCM.
5774 2013-11-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5776 Camellia: fix compiler warning.
5777 + commit 9816ae9d9931b75e4fdc9a5be10e6af447132313
5778 * cipher/camellia-glue.c (camellia_setkey): Use braces around empty if
5781 Tweak Camellia-AVX key-setup for small speed-up.
5782 + commit 77922a82c3f2e30eca04511fa5a355208349c657
5783 * cipher/camellia-aesni-avx-amd64.S (camellia_f): Merge S-function output
5784 rotation with P-function.
5786 Add CMAC (Cipher-based MAC) to MAC API.
5787 + commit b49cd64aaaff2e5488a84665362ef7150683226c
5788 * cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'.
5789 * cipher/cipher-cmac.c: New.
5790 * cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'.
5791 * cipher/cipher.c (gcry_cipher_open): Rename to...
5792 (_gcry_cipher_open_internal): ...this and add CMAC.
5793 (gcry_cipher_open): New wrapper that disallows use of internal
5794 modes (CMAC) from outside.
5795 (cipher_setkey, cipher_encrypt, cipher_decrypt)
5796 (_gcry_cipher_authenticate, _gcry_cipher_gettag)
5797 (_gcry_cipher_checktag): Add handling for CMAC mode.
5798 (cipher_reset): Do not reset 'marks.key' and do not clear subkeys in
5799 'u_mode' in CMAC mode.
5800 * cipher/mac-cmac.c: New.
5801 * cipher/mac-internal.h: Add CMAC support and algorithms.
5802 * cipher/mac.c: Add CMAC algorithms.
5803 * doc/gcrypt.texi: Add documentation for CMAC.
5804 * src/cipher.h (gcry_cipher_internal_modes): New.
5805 (_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate)
5806 (_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag)
5807 (_gcry_cipher_cmac_set_subkeys): New prototypes.
5808 * src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms.
5809 * tests/basic.c (check_mac): Add CMAC test vectors.
5811 2013-11-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5813 Add new MAC API, initially with HMAC.
5814 + commit fcd6da37d55f248d3558ee0ff385b41b866e7ded
5815 * cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'.
5816 * cipher/bufhelp.h (buf_eq_const): New.
5817 * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for
5818 constant-time compare.
5819 * cipher/mac-hmac.c: New.
5820 * cipher/mac-internal.h: New.
5821 * cipher/mac.c: New.
5822 * doc/gcrypt.texi: Add documentation for MAC API.
5823 * src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13]
5824 (GPG_ERR_MAC_ALGO): New.
5825 * src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos)
5826 (gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
5827 (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
5828 (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
5829 (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name)
5830 (gcry_mac_reset, gcry_mac_test_algo): New.
5831 * src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
5832 (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
5833 (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
5834 (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
5835 * src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
5836 (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
5837 (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
5838 (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
5839 * src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
5840 (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
5841 (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
5842 (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
5843 * src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
5844 (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
5845 (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
5846 (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
5847 * tests/basic.c (check_one_mac, check_mac): New.
5848 (main): Call 'check_mac'.
5849 * tests/bench-slope.c (bench_print_header, bench_print_footer): Allow
5850 variable algorithm name width.
5851 (_cipher_bench, hash_bench): Update to above change.
5852 (bench_hash_do_bench): Add 'gcry_md_reset'.
5853 (bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench)
5854 (mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New.
5855 (main): Add 'mac' benchmark options.
5856 * tests/benchmark.c (mac_repetitions, mac_bench): New.
5857 (main): Add 'mac' benchmark options.
5859 Use correct blocksize of 32 bytes for GOSTR3411-94 HMAC.
5860 + commit b95a557a43aeed68ea5e5ce02aca42ee97bfdb3b
5861 * cipher/md.c (md_open): Set macpads_Bsize to 32 for
5862 GCRY_MD_GOST24311_94.
5864 2013-11-15 Jussi Kivilinna <jussi.kivilinna@iki.fi>
5866 cipher: use size_t for internal buffer lengths.
5867 + commit b787657a9d2c1d8e19f9fcb0b21e31cb062630cf
5868 * cipher/arcfour.c (do_encrypt_stream, encrypt_stream): Use 'size_t'
5870 * cipher/blowfish.c (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
5871 (_gcry_blowfish_cfb_dec): Ditto.
5872 * cipher/camellia-glue.c (_gcry_camellia_ctr_enc)
5873 (_gcry_camellia_cbc_dec, _gcry_blowfish_cfb_dec): Ditto.
5874 * cipher/cast5.c (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec)
5875 (_gcry_cast5_cfb_dec): Ditto.
5876 * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
5877 (_gcry_cipher_aeswrap_decrypt): Ditto.
5878 * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
5879 (_gcry_cipher_cbc_decrypt): Ditto.
5880 * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt)
5881 (_gcry_cipher_ccm_decrypt): Ditto.
5882 * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
5883 (_gcry_cipher_cfb_decrypt): Ditto.
5884 * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
5885 * cipher/cipher-internal.h (gcry_cipher_handle->bulk)
5886 (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt)
5887 (_gcry_cipher_cfb_encrypt, _gcry_cipher_cfb_decrypt)
5888 (_gcry_cipher_ofb_encrypt, _gcry_cipher_ctr_encrypt)
5889 (_gcry_cipher_aeswrap_encrypt, _gcry_cipher_aeswrap_decrypt)
5890 (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Ditto.
5891 * cipher/cipher-ofb.c (_gcry_cipher_cbc_encrypt): Ditto.
5892 * cipher/cipher-selftest.h (gcry_cipher_bulk_cbc_dec_t)
5893 (gcry_cipher_bulk_cfb_dec_t, gcry_cipher_bulk_ctr_enc_t): Ditto.
5894 * cipher/cipher.c (cipher_setkey, cipher_setiv, do_ecb_crypt)
5895 (do_ecb_encrypt, do_ecb_decrypt, cipher_encrypt)
5896 (cipher_decrypt): Ditto.
5897 * cipher/rijndael.c (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec)
5898 (_gcry_aes_cfb_dec, _gcry_aes_cbc_enc, _gcry_aes_cfb_enc): Ditto.
5899 * cipher/salsa20.c (salsa20_setiv, salsa20_do_encrypt_stream)
5900 (salsa20_encrypt_stream, salsa20r12_encrypt_stream): Ditto.
5901 * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
5902 (_gcry_serpent_cfb_dec): Ditto.
5903 * cipher/twofish.c (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
5904 (_gcry_twofish_cfb_dec): Ditto.
5905 * src/cipher-proto.h (gcry_cipher_stencrypt_t)
5906 (gcry_cipher_stdecrypt_t, cipher_setiv_fuct_t): Ditto.
5907 * src/cipher.h (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec)
5908 (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec, _gcry_aes_ctr_enc)
5909 (_gcry_blowfish_cfb_dec, _gcry_blowfish_cbc_dec)
5910 (_gcry_blowfish_ctr_enc, _gcry_cast5_cfb_dec, _gcry_cast5_cbc_dec)
5911 (_gcry_cast5_ctr_enc, _gcry_camellia_cfb_dec, _gcry_camellia_cbc_dec)
5912 (_gcry_camellia_ctr_enc, _gcry_serpent_cfb_dec, _gcry_serpent_cbc_dec)
5913 (_gcry_serpent_ctr_enc, _gcry_twofish_cfb_dec, _gcry_twofish_cbc_dec)
5914 (_gcry_twofish_ctr_enc): Ditto.
5916 Camellia: Add AVX/AES-NI key setup.
5917 + commit ef9f52cbb39e46918c96200b09c21e931eff174f
5918 * cipher/camellia-aesni-avx-amd64.S (key_bitlength, key_table): New
5919 order of fields in ctx.
5920 (camellia_f, vec_rol128, vec_ror128): New macros.
5921 (__camellia_avx_setup128, __camellia_avx_setup256)
5922 (_gcry_camellia_aesni_avx_keygen): New functions.
5923 * cipher/camellia-aesni-avx2-amd64.S (key_bitlength, key_table): New
5924 order of fields in ctx.
5925 * cipher/camellia-arm.S (CAMELLIA_TABLE_BYTE_LEN, key_length): Remove
5927 * cipher/camellia-glue.c (CAMELLIA_context): Move keytable to head for
5928 better alignment; Make 'use_aesni_avx' and 'use_aesni_avx2' bitfield
5930 [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_keygen): New prototype.
5931 (camellia_setkey) [USE_AESNI_AVX || USE_AESNI_AVX2]: Read hw features
5932 to variable 'hwf' and match features from it.
5933 (camellia_setkey) [USE_AESNI_AVX]: Use AES-NI/AVX key setup if
5936 Avoid unneeded stack burning with AES-NI and reduce number of 'decryption_prepared' checks
5937 + commit c8ad83fb605fdbf6dc0b0dbcc8aedfbd477640da
5938 * cipher/rijndael.c (RIJNDAEL_context): Make 'decryption_prepared',
5939 'use_padlock' and 'use_aesni' 1-bit members in bitfield.
5940 (do_setkey): Move 'hwfeatures' inside [USE_AESNI || USE_PADLOCK].
5941 (do_aesni_enc_aligned): Rename to...
5942 (do_aesni_enc): ...this, as function does not require aligned input.
5943 (do_aesni_dec_aligned): Rename to...
5944 (do_aesni_dec): ...this, as function does not require aligned input.
5946 (rijndael_encrypt): Call 'do_aesni_enc' instead of 'do_aesni'.
5947 (rijndael_decrypt): Call 'do_aesni_dec' instead of 'do_aesni'.
5948 (check_decryption_preparation): New.
5949 (do_decrypt): Remove 'decryption_prepared' check.
5950 (rijndael_decrypt): Ditto and call 'check_decryption_preparation'.
5951 (_gcry_aes_cbc_dec): Ditto.
5952 (_gcry_aes_cfb_enc): Add 'burn_depth' and burn stack only when needed.
5953 (_gcry_aes_cbc_enc): Ditto.
5954 (_gcry_aes_ctr_enc): Ditto.
5955 (_gcry_aes_cfb_dec): Ditto.
5956 (_gcry_aes_cbc_dec): Ditto and correct clearing of 'savebuf'.
5958 2013-11-14 Werner Koch <wk@gnupg.org>
5960 md: Fix hashing for data >= 256 GB.
5961 + commit c43a8c0d81a711161f7a81b24ef7c33a1353eee0
5962 * cipher/hash-common.h (gcry_md_block_ctx): Add "nblocks_high".
5963 * cipher/hash-common.c (_gcry_md_block_write): Bump NBLOCKS_HIGH.
5964 * cipher/md4.c (md4_init, md4_final): Take care of NBLOCKS_HIGH.
5965 * cipher/md5.c (md5_init, md5_final): Ditto.
5966 * cipher/rmd160.c (_gcry_rmd160_init, rmd160_final): Ditto.
5967 * cipher/sha1.c (sha1_init, sha1_final): Ditto.
5968 * cipher/sha256.c (sha256_init, sha224_init, sha256_final): Ditto.
5969 * cipher/sha512.c (sha512_init, sha384_init, sha512_final): Ditto.
5970 * cipher/tiger.c (do_init, tiger_final): Ditto.
5971 * cipher/whirlpool.c (whirlpool_final): Ditto.
5973 * cipher/md.c (gcry_md_algo_info): Add GCRYCTL_SELFTEST.
5974 (_gcry_md_selftest): Return "not implemented" as required.
5975 * tests/hashtest.c: New.
5976 * tests/genhashdata.c: New.
5977 * tests/Makefile.am (TESTS): Add hashtest.
5978 (noinst_PROGRAMS): Add genhashdata
5980 2013-11-13 Christian Grothoff <christian@grothoff.org>
5982 ecc: Fix key generation for a plain Ed25519 key.
5983 + commit 7d91e99bcd30a463dd4faed014b8521a663d8316
5984 * cipher/ecc.c (nist_generate_key): Use custom code for ED25519.
5986 ecc: Fix some memory leaks.
5987 + commit c4f9af49f228df59c218381a25fa3c0f93ccbeae
5988 * cipher/ecc-curves.c (_gcry_mpi_ec_new): Free ec->b before assigning.
5989 * cipher/ecc.c (nist_generate_key): Release Q.
5990 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
5992 2013-11-11 Werner Koch <wk@gnupg.org>
5994 ecc: Change keygrip computation for Ed25519+EdDSA.
5995 + commit 4fb3c8e5a7fc6a1568f54bcc0be17fecf75e0742
5996 * cipher/ecc.c (compute_keygrip): Rework.
5997 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): New.
5998 * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): New.
5999 * tests/keygrip.c (key_grips): Add flag param and test cases for
6002 mpi: Add special format GCRYMPI_FMT_OPAQUE.
6003 + commit 8b3eecee2d89179297e43de7d650f74759c61a58
6004 * src/gcrypt.h.in (GCRYMPI_FMT_OPAQUE): New.
6005 (_gcry_sexp_nth_opaque_mpi): Remove.
6006 * src/sexp.c (gcry_sexp_nth_mpi): Add support for GCRYMPI_FMT_OPAQUE.
6007 (_gcry_sexp_vextract_param): Replace removed function by
6010 2013-11-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6012 Fix error output in CTR selftest.
6013 + commit 7b26586e35a6d407ca31b41528b0810b1408fd4b
6014 * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Change
6015 fprintf(stderr,...) to syslog(); Correct error output for bulk
6016 IV check, plaintext mismatch => ciphertext mismatch.
6018 2013-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6020 Fix Serpent-AVX2 and Camellia-AVX2 counter modes.
6021 + commit df29831d008e32faf74091d080a415731418d158
6022 * cipher/camellia-aesni-avx2-amd64.S
6023 (_gcry_camellia_aesni_avx2_ctr_enc): Byte-swap before checking for
6025 * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128)
6026 (selftest_cbc_128): Add 16 to nblocks.
6027 * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Add test with
6028 non-overflowing IV and modify overflow IV to detect broken endianness
6030 * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc): Byte-swap
6031 before checking for overflow handling; Fix crazy-mixed-endian IV
6032 construction to big-endian.
6033 * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128)
6034 (selftest_cbc_128): Add 8 to nblocks.
6036 2013-11-09 Sergey V <sftp.mtuci@gmail.com>
6038 cipher/gost28147: optimization: use precomputed S-box tables.
6039 + commit 51501b638546665163bbb85a14308fdb99211a28
6040 * cipher/gost.h (GOST28147_context): Remove unneeded subst and
6042 * cipher/gost28147.c (max): Remove unneeded macro.
6043 (test_sbox): Replace with new precomputed tables.
6044 (gost_set_subst): Remove function.
6045 (gost_val): Use new S-box tables.
6046 (gost_encrypt_block, gost_decrypt_block): Tweak to use new ctx and
6049 2013-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6051 Fix tail handling for AES-NI counter mode.
6052 + commit 60ed0abbbc7cb15812f1e713143c72555acea69e
6053 * cipher/rijndael.c (do_aesni_ctr): Fix outputting of updated
6056 2013-11-08 Werner Koch <wk@gnupg.org>
6058 ecc: Improve gcry_pk_get_curve.
6059 + commit 03aed1acec611362285db5156a6b92c91604fba4
6060 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Factor some code out
6062 (find_domain_parms_idx): new.
6063 (_gcry_ecc_get_curve): Find by curve name on error.
6065 cipher: Avoid signed divisions in idea.c.
6066 + commit e241dde1420475459e32608137829e52748d0212
6067 * cipher/idea.c (mul_inv): Use unsigned division.
6069 ecc: Implement the "nocomp" flag for key generation.
6070 + commit 9f63c0f7a3b2c15c7e258cd17395cabd0a8f00cc
6071 * cipher/ecc.c (ecc_generate): Support the "nocomp" flag.
6072 * tests/keygen.c (check_ecc_keys): Add a test for it.
6074 ecc: Make "noparam" the default and replace by "param".
6075 + commit ed45fd2e60c88e2f005282e6eadd018b59dcf65b
6076 * src/cipher.h (PUBKEY_FLAG_NOCOMP): New.
6077 (PUBKEY_FLAG_NOPARAM): Remove.
6078 (PUBKEY_FLAG_PARAM): New.
6079 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new
6080 flags and ignore the obsolete "noparam" flag.
6081 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name
6082 also for curves selected by NBITS.
6083 (_gcry_mpi_ec_new): Support the "param" flag.
6084 * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto.
6085 * tests/keygen.c (check_ecc_keys): Remove the "noparam" flag.
6087 2013-11-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6089 Fix decryption function size in AES AMD64 assembly.
6090 + commit bfe4f6523b80bae0040328ef324b9000ee5b38a4
6091 * cipher/rijndael-amd64.S (_gcry_aes_amd64_decrypt_block): Set '.size'
6092 for '_gcry_aes_amd64_decrypt_block', not '..._encrypt_block'.
6094 Change 64-bit shift to 32-bit in AES AMD64 assembly.
6095 + commit 57b296ea3a5204cd3711b7bf57c8fb14d8542402
6096 * cipher/rijndael-amd64.S (do16bit_shr): Change 'shrq' to 'shrl'.
6098 2013-11-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6100 Speed-up AES-NI key setup.
6101 + commit f702d62d888b30e24c19f203566a1473098b2b31
6102 * cipher/rijndael.c [USE_AESNI] (m128i_t): Remove.
6103 [USE_AESNI] (u128_t): New.
6104 [USE_AESNI] (aesni_do_setkey): New.
6105 (do_setkey) [USE_AESNI]: Move AES-NI accelerated key setup to
6107 (do_setkey): Call _gcry_get_hw_features only once. Clear stack after
6108 use in generic key setup part.
6109 (rijndael_setkey): Remove stack burning.
6110 (prepare_decryption) [USE_AESNI]: Use 'u128_t' instead of 'm128i_t' to
6111 avoid compiler generated SSE2 instructions and XMM register usage,
6112 unroll 'aesimc' setup loop
6113 (prepare_decryption): Clear stack after use.
6114 [USE_AESNI] (do_aesni_enc_aligned): Update comment about alignment.
6115 (do_decrypt): Do not burning stack after prepare_decryption.
6117 Avoid burn stack in Arcfour setkey.
6118 + commit a50a6ba3540f49fc7dcdb32e691327d5942e3509
6119 * cipher/arcfour.c (arcfour_setkey): Remove stack burning.
6121 Avoid burn_stack in CAST5 setkey.
6122 + commit 5797ebc268b4e953cedd0c729c5cdb1f8fd764e4
6123 * cipher/cast5.c (do_cast_setkey): Use wipememory instead of memset.
6124 (cast_setkey): Remove stack burning.
6126 Improve Serpent key setup speed.
6127 + commit 9897ccb381503455edc490679b2e9251a09ac5cb
6128 * cipher/serpent.c (SBOX, SBOX_INVERSE): Remove index argument.
6129 (serpent_subkeys_generate): Use smaller temporary arrays for subkey
6130 generation and perform stack clearing locally.
6131 (serpent_setkey_internal): Use wipememory to clear stack and remove
6133 (serpent_setkey): Remove unneeded _gcry_burn_stack.
6135 Modify encrypt/decrypt arguments for in-place.
6136 + commit b8515aa70b00baba3fba8121ed305edcd029c8c7
6137 * cipher/cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Modify
6138 local arguments if in-place operation.
6141 + commit a48d07ccadee4cb8b666a9a4ba2f00129bad5b2f
6142 * cipher/stribog.c (STRIBOG_TABLES): Remove.
6144 [!STRIBOG_TABLES] (A, strido): Remove.
6145 (stribog_table): New table pre-reordered with Pi values.
6146 (strido): Rewrite for new table.
6147 (LPSX): Rewrite for new table.
6151 Tweak AES-NI bulk CTR mode slightly.
6152 + commit 3b5058b58a183fa23ecf3ef819e2ae6ac64c0216
6153 * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_2_5): Rename to...
6154 (aesni_cleanup_2_6): ...this and clear also 'xmm6'.
6155 [USE_AESNI && __i386__] (do_aesni_ctr, do_aesni_ctr_4): Prevent
6156 inlining only on i386, allow on AMD64.
6157 [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Use counter block from
6158 'xmm5' and byte-swap mask from 'xmm6'.
6159 (_gcry_aes_ctr_enc) [USE_AESNI]: Preload counter block to 'xmm5' and
6160 byte-swap mask to 'xmm6'.
6161 (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use
6162 'aesni_cleanup_2_6'.
6164 Tweak bench-slope parameters.
6165 + commit 7e98eecc1a955bc253765f92a166b6560f085b8c
6166 * tests/bench-slope.c (BUF_STEP_SIZE): Half step size to 64.
6167 (NUM_MEASUREMENT_REPETITIONS): Double repetitions to 64.
6169 Optimize Blowfish weak key check.
6170 + commit 8e1c0f9b894c39b6554c544208dc000682f520c7
6171 * cipher/blowfish.c (hashset_elem, val_to_hidx, add_val): New.
6172 (do_bf_setkey): Use faster algorithm for detecting weak keys.
6173 (bf_setkey): Move stack burning to do_bf_setkey.
6175 Fix __builtin_bswap32/64 checks.
6176 + commit 2590a5df6f5fc884614c8c379324027d2d61b9b5
6177 * configure.ac (gcry_cv_have_builtin_bswap32)
6178 (gcry_cv_have_builtin_bswap64): Change compile checks to link checks.
6180 Fix 'u32' build error with Camellia.
6181 + commit 84bcb400e7db7268abfc29b5ab1513b0c063b293
6182 * cipher/camellia.c: Add include for <config.h> and "types.h".
6184 (u8): Typedef as 'byte'.
6186 2013-11-06 Werner Koch <wk@gnupg.org>
6188 pubkey: Add forward compatibility feature.
6189 + commit 6d169b654c7ff04c10f73afe80b2c70cefa410c1
6190 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add
6193 2013-11-05 Werner Koch <wk@gnupg.org>
6195 ecc: Require "eddsa" flag for curve Ed25519.
6196 + commit b9fd3988b54b50109f4e7179e7fe0739bb1d97c5
6197 * src/cipher.h (PUBKEY_FLAG_ECDSA): Remove.
6198 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa".
6199 * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag.
6200 * cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag.
6201 * tests/benchmark.c, tests/keygen.c, tests/pubkey.c
6202 * tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags.
6204 ecc: Fully implement Ed25519 compression in ECDSA mode.
6205 + commit f09ffe8a4802af65a116e79eceeb1cb4ed4fa2f4
6206 * src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS.
6207 * mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it.
6208 * cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as
6209 opaque mpi and use eddsa decoding depending on the flag.
6210 (_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the
6213 mpi: Add function gcry_mpi_set_opaque_copy.
6214 + commit 630aca794ddf057fb7265b7dc346374743036af4
6215 * src/gcrypt.h.in (gcry_mpi_set_opaque_copy): New.
6216 * src/visibility.c (gcry_mpi_set_opaque_copy): New.
6217 * src/visibility.h (gcry_mpi_set_opaque_copy): Mark visible.
6218 * src/libgcrypt.def, src/libgcrypt.vers: Add new API.
6219 * tests/mpitests.c (test_opaque): Add test.
6221 2013-11-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6223 Make test vectors 'static const'
6224 + commit d50a88d1e29124d038196fec6082fd093e922604
6225 * cipher/arcfour.c (selftest): Change test vectors to 'static const'.
6226 * cipher/blowfish.c (selftest): Ditto.
6227 * cipher/camellia-glue.c (selftest): Ditto.
6228 * cipher/cast5.c (selftest): Ditto.
6229 * cipher/des.c (selftest): Ditto.
6230 * cipher/rijndael.c (selftest): Ditto.
6231 * tests/basic.c (cipher_cbc_mac_cipher, check_aes128_cbc_cts_cipher)
6232 (check_ctr_cipher, check_cfb_cipher, check_ofb_cipher)
6233 (check_ccm_cipher, check_stream_cipher)
6234 (check_stream_cipher_large_block, check_bulk_cipher_modes)
6235 (check_ciphers, check_digests, check_hmac, check_pubkey_sign)
6236 (check_pubkey_sign_ecdsa, check_pubkey_crypt, check_pubkey): Ditto.
6238 2013-11-03 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6240 Make jump labels local in Salsa20 assembly.
6241 + commit d4697862266f3c96b6946dc92139dd8f3e81e5f6
6242 * cipher/salsa20-amd64.S: Rename '._labels' to '.L_labels'.
6243 * cipher/salsa20-armv7-neon.S: Ditto.
6245 2013-10-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6247 bithelp: fix undefined behaviour with rol and ror.
6248 + commit d1cadd145199040299538891ab2ccd1208f7776e
6249 * cipher/bithelp.h (rol, ror): Mask shift with 31.
6251 2013-10-29 Werner Koch <wk@gnupg.org>
6253 tests: Add feature to skip benchmarks.
6254 + commit ba6bffafd17bea11985afc500022d66da261d59a
6255 * tests/benchmark.c (main): Add feature to skip the test.
6256 * tests/bench-slope.c (main): Ditto.
6257 (get_slope): Repace C++ style comment.
6258 (double_cmp, cipher_bench, _hash_bench): Repalce system reserved
6261 ecc: Finish Ed25519/ECDSA hack.
6262 + commit c284f15db99e9cb135612de710199abb23baafd3
6263 * cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case.
6264 (ecc_verify): Implement ED25519/ECDSA uncompression.
6266 ecc: Add flags "noparam" and "comp".
6267 + commit ba892a0a874c8b2a83dbf0940608cd7e2911ce01
6268 * src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New.
6269 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags
6270 and change code for possible faster parsing.
6271 * cipher/ecc.c (ecc_generate): Implement the "noparam" flag.
6273 (ecc_verify): Ditto.
6274 * tests/keygen.c (check_ecc_keys): Use the "noparam" flag.
6276 * cipher/ecc.c (ecc_generate): Fix parsing of the deprecated
6277 transient-flag parameter.
6278 (ecc_verify): Do not make Q optional in the extract-param call.
6280 2013-10-28 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6282 Fix typos in documentation.
6283 + commit 1faa61845f180bd47e037e400dde2d864ee83c89
6284 * doc/gcrypt.texi: Fix some typos.
6286 Add ARM NEON assembly implementation of Serpent.
6287 + commit 2cb6e1f323d24359b1c5b113be5c2f79a2a4cded
6288 * cipher/Makefile.am: Add 'serpent-armv7-neon.S'.
6289 * cipher/serpent-armv7-neon.S: New.
6290 * cipher/serpent.c (USE_NEON): New macro.
6291 (serpent_context_t) [USE_NEON]: Add 'use_neon'.
6292 [USE_NEON] (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec)
6293 (_gcry_serpent_neon_cbc_dec): New prototypes.
6294 (serpent_setkey_internal) [USE_NEON]: Detect NEON support.
6295 (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec)
6296 (_gcry_serpent_neon_cbc_dec) [USE_NEON]: Use NEON implementations
6297 to process eight blocks in parallel.
6298 * configure.ac [neonsupport]: Add 'serpent-armv7-neon.lo'.
6300 Add ARM NEON assembly implementation of Salsa20.
6301 + commit 3ff9d2571c18cd7a34359f9c60a10d3b0f932b23
6302 * cipher/Makefile.am: Add 'salsa20-armv7-neon.S'.
6303 * cipher/salsa20-armv7-neon.S: New.
6304 * cipher/salsa20.c [USE_ARM_NEON_ASM]: New macro.
6305 (struct SALSA20_context_s, salsa20_core_t, salsa20_keysetup_t)
6306 (salsa20_ivsetup_t): New.
6307 (SALSA20_context_t) [USE_ARM_NEON_ASM]: Add 'use_neon'.
6308 (SALSA20_context_t): Add 'keysetup', 'ivsetup' and 'core'.
6309 (salsa20_core): Change 'src' argument to 'ctx'.
6310 [USE_ARM_NEON_ASM] (_gcry_arm_neon_salsa20_encrypt): New prototype.
6311 [USE_ARM_NEON_ASM] (salsa20_core_neon, salsa20_keysetup_neon)
6312 (salsa20_ivsetup_neon): New.
6313 (salsa20_do_setkey): Setup keysetup, ivsetup and core with default
6315 (salsa20_do_setkey) [USE_ARM_NEON_ASM]: When NEON support detect,
6316 set keysetup, ivsetup and core with ARM NEON functions.
6317 (salsa20_do_setkey): Call 'ctx->keysetup'.
6318 (salsa20_setiv): Call 'ctx->ivsetup'.
6319 (salsa20_do_encrypt_stream) [USE_ARM_NEON_ASM]: Process large buffers
6320 in ARM NEON implementation.
6321 (salsa20_do_encrypt_stream): Call 'ctx->core' instead of directly
6322 calling 'salsa20_core'.
6323 (selftest): Add test to check large buffer processing and block counter
6325 * configure.ac [neonsupport]: 'Add salsa20-armv7-neon.lo'.
6327 Add AMD64 assembly implementation of Salsa20.
6328 + commit 5a3d43485efdc09912be0967ee0a3ce345b3b15a
6329 * cipher/Makefile.am: Add 'salsa20-amd64.S'.
6330 * cipher/salsa20-amd64.S: New.
6331 * cipher/salsa20.c (USE_AMD64): New macro.
6332 [USE_AMD64] (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup)
6333 (_gcry_salsa20_amd64_encrypt_blocks): New prototypes.
6334 [USE_AMD64] (salsa20_keysetup, salsa20_ivsetup, salsa20_core): New.
6335 [!USE_AMD64] (salsa20_core): Change 'src' to non-constant, update block
6336 counter in 'salsa20_core' and return burn stack depth.
6337 [!USE_AMD64] (salsa20_keysetup, salsa20_ivsetup): New.
6338 (salsa20_do_setkey): Move generic key setup to 'salsa20_keysetup'.
6339 (salsa20_setkey): Fix burn stack depth.
6340 (salsa20_setiv): Move generic IV setup to 'salsa20_ivsetup'.
6341 (salsa20_do_encrypt_stream) [USE_AMD64]: Process large buffers in AMD64
6343 (salsa20_do_encrypt_stream): Move stack burning to this function...
6344 (salsa20_encrypt_stream, salsa20r12_encrypt_stream): ...from these
6346 * configure.ac [x86-64]: Add 'salsa20-amd64.lo'.
6348 Add new benchmarking utility, bench-slope.
6349 + commit e214e8392671dd30e9c33260717b5e756debf3bf
6350 * tests/Makefile.am (TESTS): Add 'bench-slope'.
6351 * tests/bench-slope.c: New.
6353 Change .global to .globl in assembly files.
6354 + commit ebc8abfcb09d6106fcfce40f240a513e276f46e9
6355 * cipher/blowfish-arm.S: Change '.global' to '.globl'.
6356 * cipher/camellia-aesni-avx-amd64.S: Ditto.
6357 * cipher/camellia-aesni-avx2-amd64.S: Ditto.
6358 * cipher/camellia-arm.S: Ditto.
6359 * cipher/cast5-amd64.S: Ditto.
6360 * cipher/rijndael-amd64.S: Ditto.
6361 * cipher/rijndael-arm.S: Ditto.
6362 * cipher/serpent-avx2-amd64.S: Ditto.
6363 * cipher/serpent-sse2-amd64.S: Ditto.
6364 * cipher/twofish-amd64.S: Ditto.
6365 * cipher/twofish-arm.S: Ditto.
6367 2013-10-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6369 Deduplicate code for ECB encryption and decryption.
6370 + commit 51f1beab3d1e879942a95f58b08de7dbcce75dce
6371 * cipher/cipher.c (do_ecb_crypt): New, based on old 'do_ecb_encrypt'.
6372 (do_ecb_encrypt): Use 'do_ecb_crypt', pass encryption function.
6373 (do_ecb_decrypt): Use 'do_ecb_crypt', pass decryption function.
6375 2013-10-26 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
6377 Drop _gcry_cipher_ofb_decrypt as it duplicates _gcry_cipher_ofb_encrypt.
6378 + commit d9431725952e40f201c7eda000d3c8511ebd5b33
6379 * cipher/cipher.c (cipher_decrypt): Use _gcry_cipher_ofb_encrypt for OFB
6381 * cipher/cipher-internal.h: Remove _gcry_cipher_ofb_decrypt declaration.
6382 * cipher/cipher-ofb.c (_gcry_cipher_ofb_decrypt): Remove.
6383 (_gcry_cipher_ofb_encrypt): remove copying of IV to lastiv, it's
6386 2013-10-25 Werner Koch <wk@gnupg.org>
6388 tests: Add tests for mpi_cmp.
6389 + commit 6c6d4810927de7310ae7bac61b4ff5467d7cb485
6390 * tests/mpitests.c (die): Modernize.
6392 (test_opaque, test_add, test_sub, test_mul): Use gcry_log_xx
6393 (main): Return error count.
6396 2013-10-24 Werner Koch <wk@gnupg.org>
6398 ecc: Change algorithm for Ed25519 x recovery.
6399 + commit c630fd71b336eb9209e914d24dc1e26a34521882
6400 * cipher/ecc-eddsa.c (scanval): Add as temporary hack.
6401 (_gcry_ecc_eddsa_recover_x): Use the algorithm from page 15 of the
6402 paper. Return an error code.
6403 (_gcry_ecc_eddsa_decodepoint): Take care of the error code.
6404 * mpi/mpi-mul.c (gcry_mpi_mulm): Use truncated division.
6406 ecc: Refactor _gcry_ecc_eddsa_decodepoint.
6407 + commit 1cf5699b6febab1ef9d300531acc2ee33a7df739
6408 * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Factor some code
6410 (_gcry_ecc_eddsa_recover_x): new.
6412 2013-10-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6414 ecc-gost: Add missing include.
6415 + commit 9ce54e5b512418ddf45ce18f2cbd48cdced779f5
6416 * ecc-gost.c: Include "pubkey-internal.h".
6418 2013-10-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6420 Replace architecture specific fast_wipememory2 with generic.
6421 + commit 54df6fcd806f8c150cffe6cc09925bb8b638bb5b
6422 * src/g10lib.h (fast_wipememory2): Remove architecture specific
6423 implementations and add generic implementation.
6425 Improve the speed of the cipher mode code.
6426 + commit 293e93672fdabc829e35cc624c397276342bafe4
6427 * cipher/bufhelp.h (buf_cpy): New.
6428 (buf_xor, buf_xor_2dst): If buffers unaligned, always jump to per-byte
6430 (buf_xor_n_copy_2): New.
6431 (buf_xor_n_copy): Use 'buf_xor_n_copy_2'.
6432 * cipher/blowfish.c (_gcry_blowfish_cbc_dec): Avoid extra memory copy
6433 and use new 'buf_xor_n_copy_2'.
6434 * cipher/camellia-glue.c (_gcry_camellia_cbc_dec): Ditto.
6435 * cipher/cast5.c (_gcry_cast_cbc_dec): Ditto.
6436 * cipher/serpent.c (_gcry_serpent_cbc_dec): Ditto.
6437 * cipher/twofish.c (_gcry_twofish_cbc_dec): Ditto.
6438 * cipher/rijndael.c (_gcry_aes_cbc_dec): Ditto.
6439 (do_encrypt, do_decrypt): Use 'buf_cpy' instead of 'memcpy'.
6440 (_gcry_aes_cbc_enc): Avoid copying IV, use 'last_iv' pointer instead.
6441 * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt): Avoid copying IV,
6442 update pointer to IV instead.
6443 (_gcry_cipher_cbc_decrypt): Avoid extra memory copy and use new
6445 (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Avoid extra
6446 accesses to c->spec, use 'buf_cpy' instead of memcpy.
6447 * cipher/cipher-ccm.c (do_cbc_mac): Ditto.
6448 * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
6449 (_gcry_cipher_cfb_decrypt): Ditto.
6450 * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
6451 * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
6452 (_gcry_cipher_ofb_decrypt): Ditto.
6453 * cipher/cipher.c (do_ecb_encrypt, do_ecb_decrypt): Ditto.
6455 bufhelp: enable unaligned memory accesses for AArch64 (64-bit ARM)
6456 + commit 2901a10dbf1264707debc8402546c07eeac60932
6457 * cipher/bufhelp.h [__aarch64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set
6460 2013-10-23 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
6462 Enable assembler optimizations on earlier ARM cores.
6463 + commit 2fd83faa876d0be91ab7884b1a9eaa7793559eb9
6464 * cipher/blowfish-armv6.S => cipher/blowfish-arm.S: adapt to pre-armv6 CPUs.
6465 * cipher/blowfish.c: enable assembly on armv4/armv5 little-endian CPUs.
6466 * cipher/camellia-armv6.S => cipher/camellia-arm.S: adapt to pre-armv6 CPUs.
6467 * cipher/camellia.c, cipher-camellia-glue.c: enable assembly on armv4/armv5
6469 * cipher/cast5-armv6.S => cipher/cast5-arm.S: adapt to pre-armv6 CPUs.
6470 * cipher/cast5.c: enable assembly on armv4/armv5 little-endian CPUs.
6471 * cipher/rijndael-armv6.S => cipher/rijndael-arm.S: adapt to pre-armv6 CPUs.
6472 * cipher/rijndael.c: enable assembly on armv4/armv5 little-endian CPUs.
6473 * cipher/twofish-armv6.S => cipher/twofish-arm.S: adapt to pre-armv6 CPUs.
6474 * cipher/twofish.c: enable assembly on armv4/armv5 little-endian CPUs.
6476 mpi: enable assembler on all arm architectures.
6477 + commit 0b39fce7e3ce6761d6bd5195d093ec6857edb7c2
6478 * mpi/config.links: remove check for arm >= v6
6479 * mpi/armv6 => mpi/arm: rename directory to reflect that is is generic
6482 Correct ASM assembly test in configure.ac.
6483 + commit 10bf6a7e16ed193f90d2749970a420f00d1d3320
6484 * configure.ac: correct HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS test to
6485 require neither ARMv6, nor thumb mode. Our assembly code works
6486 perfectly even on ARMv4 now.
6488 2013-10-23 Werner Koch <wk@gnupg.org>
6490 ecc: Refactor ecc.c.
6491 + commit 164eb8c85d773ef4f0939115ec45f5e4b47c1700
6492 * cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New.
6493 * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files.
6494 * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files.
6495 * cipher/ecc.c (point_init, point_free): Move to ecc-common.h.
6496 (sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign.
6497 (verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify.
6498 (sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign.
6499 (verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify.
6500 (sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign.
6501 (verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify.
6502 (eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey.
6503 (reverse_buffer): Move to ecc-eddsa.c.
6504 (eddsa_encodempi, eddsa_encode_x_y): Ditto.
6505 (_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto.
6507 mpi: Fix scanning of negative SSH formats and add more tests.
6508 + commit 45f6e6268bfdc4b608beaba6b7086b2286e33c71
6509 * mpi/mpicoder.c (gcry_mpi_scan): Fix sign setting for SSH format.
6510 * tests/t-convert.c (negative_zero): Test all formats.
6511 (check_formats): Add tests for PGP and scan tests for SSH and USG.
6513 * src/gcrypt.h.in (mpi_is_neg): Fix macro.
6515 * mpi/mpi-scan.c (_gcry_mpi_getbyte, _gcry_mpi_putbyte): Comment out
6516 these unused functions.
6518 2013-10-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6520 twofish: add ARMv6 assembly implementation.
6521 + commit 98674fdaa30ab22a3ac86ca05d688b5b6112895d
6522 * cipher/Makefile.am: Add 'twofish-armv6.S'.
6523 * cipher/twofish-armv6.S: New.
6524 * cipher/twofish.c (USE_ARMV6_ASM): New macro.
6525 [USE_ARMV6_ASM] (_gcry_twofish_armv6_encrypt_block)
6526 (_gcry_twofish_armv6_decrypt_block): New prototypes.
6527 [USE_AMDV6_ASM] (twofish_encrypt, twofish_decrypt): Add.
6528 [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt): Remove.
6529 (_gcry_twofish_ctr_enc, _gcry_twofish_cfb_dec): Use 'twofish_encrypt'
6530 instead of 'do_twofish_encrypt'.
6531 (_gcry_twofish_cbc_dec): Use 'twofish_decrypt' instead of
6532 'do_twofish_decrypt'.
6533 * configure.ac [arm]: Add 'twofish-armv6.lo'.
6535 mpi: allow building with clang on ARM.
6536 + commit e67c67321ce240c93dd0fa2b21c649c0a8e233f7
6537 * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
6538 (count_leading_zeros): Do not cast assembly output arguments.
6539 [__arm__] (umul_ppmm): Remove the extra '%' ahead of assembly comment.
6540 [_ARM_ARCH >= 4] (umul_ppmm): Use correct inputs and outputs instead of
6543 serpent-amd64: do not use GAS macros.
6544 + commit c7efaa5fe0ee92e321a7b49d56752cc12eb75fe0
6545 * cipher/serpent-avx2-amd64.S: Remove use of GAS macros.
6546 * cipher/serpent-sse2-amd64.S: Ditto.
6547 * configure.ac [HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Do not check
6550 Add Counter with CBC-MAC mode (CCM)
6551 + commit 335d9bf7b035815750b63a3a8334d6ce44dc4449
6552 * cipher/Makefile.am: Add 'cipher-ccm.c'.
6553 * cipher/cipher-ccm.c: New.
6554 * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'.
6555 (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt)
6556 (_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate)
6557 (_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag)
6558 (_gcry_cipher_ccm_set_lengths): New prototypes.
6559 * cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt)
6560 (_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag)
6561 (_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode.
6562 * doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM.
6563 * src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'.
6564 (gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'.
6565 (GCRY_CCM_BLOCK_LEN): New.
6566 * tests/basic.c (check_ccm_cipher): New.
6567 (check_cipher_modes): Call 'check_ccm_cipher'.
6568 * tests/benchmark.c (ccm_aead_init): New.
6569 (cipher_bench): Add handling for AEAD modes and add CCM benchmarking.
6571 Add API to support AEAD cipher modes.
6572 + commit 95654041f2aa62f71aac4d8614dafe8433d10f95
6573 * cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag)
6574 (_gcry_cipher_gettag): New.
6575 * doc/gcrypt.texi: Add documentation for new API functions.
6576 * src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag)
6577 (gcry_cipher_gettag): New.
6578 * src/gcrypt.h.in, src/visibility.h: add declarations of these
6580 * src/libgcrypt.defs, src/libgcrypt.vers: export functions.
6582 2013-10-22 NIIBE Yutaka <gniibe@fsij.org>
6584 ecc: Correct compliant key generation for Edwards curves.
6585 + commit a5a277a9016ccb34f1858a65e0ed1791b2fc3db3
6586 * cipher/ecc.c: Add case for Edwards curves.
6588 2013-10-17 Werner Koch <wk@gnupg.org>
6590 tests: Add test options to keygen.
6591 + commit f7711e6eb5f02d03c74911f6f037ab28075e7c0d
6592 * tests/keygen.c (usage): New.
6593 (main): Print usage info. Allow running just one algo.
6595 mpi: Do not clear the sign of the mpi_mod result.
6596 + commit 91e007606f1f6f8e1416c403fe809d47fddf9b1f
6597 * mpi/mpi-mod.c (_gcry_mpi_mod): Remove sign setting.
6599 ecc: Put the curve name again into the output of gcry_pk_genkey.
6600 + commit 4776dcd394ce59fa50d959921857b3427c5a63c8
6601 * cipher/ecc.c (ecc_generate): Use the correct var. Release
6604 ecc: Support Weierstrass curves in gcry_mpi_ec_curve_point.
6605 + commit b22417158c50ec3a0b2ff55b4ade063b42a87e8f
6606 * mpi/ec.c (_gcry_mpi_ec_curve_point): Support MPI_EC_WEIERSTRASS.
6608 2013-10-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6610 arcfour: more optimized version for non-i386 architectures.
6611 + commit f9371c026aad09ff48746d22c8333746c886e773
6612 * cipher/arcfour.c (ARCFOUR_context): Reorder members.
6613 (do_encrypt_stream) [!__i386__]: Faster implementation for non-i386.
6614 (do_arcfour_setkey): Avoid modulo operations.
6616 Avoid void* pointer arithmetic.
6617 + commit c89ab921ccfaefe6c4f6a724d01e0df41a1a381f
6618 * tests/tsexp.c (check_extract_param): Cast void* pointers to char*
6619 before doing arithmetics.
6621 2013-10-16 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
6623 ecc: Add support for GOST R 34.10-2001/-2012 signatures.
6624 + commit 83902f1f1dbc8263a0c3f61be59cd2eb95293c97
6625 * src/cipher.h: define PUBKEY_FLAG_GOST
6626 * cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves
6627 defined in standards. Typical applications would use either those
6628 curves, or curves defined in RFC 4357 (will be added later).
6629 * cipher/ecc.c (sign_gost, verify_gost): New.
6630 (ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST
6632 (ecc_names): add "gost" for gost signatures.
6633 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
6634 _gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag
6635 is present in s-exp.
6636 * tests/benchmark.c (ecc_bench): also benchmark GOST signatures.
6637 * tests/basic.c (check_pubkey): add two public keys from
6638 GOST R 34.10-2012 standard.
6639 (check_pubkey_sign_ecdsa): add two data sets to check gost signatures.
6640 * tests/curves.c: correct N_CURVES as we now have 2 more curves.
6643 Removed some comments from the new curve definitions in ecc-curves.c
6644 to avoid line wrapping. Eventually we will develop a precompiler to
6645 avoid parsing those hex strings. -wk
6647 Fix 256-bit ecdsa test key definition.
6648 + commit 187b2bb541b985255aee262d181434a7cb4ae2e7
6649 * tests/basic.c (check_pubkey): fix nistp256 testing key declaration -
6652 2013-10-16 Werner Koch <wk@gnupg.org>
6654 sexp: Add function gcry_sexp_extract_param.
6655 + commit a329b6abf00c990faf1986f9fbad7b4d71c13bcb
6656 * src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New.
6657 (gcry_sexp_extract_param): New.
6658 * src/visibility.c (gcry_sexp_extract_param): New.
6659 * src/visibility.h (gcry_sexp_extract_param): Add hack to detect
6661 * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split
6663 * src/sexp.c (_gcry_sexp_vextract_param)
6664 (_gcry_sexp_extract_param): this. Change all callers. Add support for buffer
6665 descriptors and a path option/
6667 * tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New.
6668 (cmp_mpihex, cmp_bufhex): New.
6669 (check_extract_param): New.
6671 2013-10-16 NIIBE Yutaka <gniibe@fsij.org>
6673 mpi: mpi-pow improvement.
6674 + commit 45aa6131e93fac89d46733b3436d960f35fb99b2
6675 * mpi/mpi-pow.c (gcry_mpi_powm): New implementation of left-to-right
6676 k-ary exponentiation.
6678 2013-10-15 Werner Koch <wk@gnupg.org>
6680 ecc: Support use of Ed25519 with ECDSA.
6681 + commit 537969fbbb1104b8305a7edb331b7666d54eff2c
6682 * src/cipher.h (PUBKEY_FLAG_ECDSA): New.
6683 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa".
6684 * cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output.
6685 (ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA.
6686 * tests/keygen.c (check_ecc_keys): Create such a test key.
6687 * tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New.
6688 Take from dsa-6979.c
6689 (check_ed25519ecdsa_sample_key): new.
6690 (main): Call new test.
6692 2013-10-14 Werner Koch <wk@gnupg.org>
6694 pubkey: Support flags list in gcry_pk_genkey.
6695 + commit d3a605d7827b8a73ef844e9e5183590bd6b1389a
6696 * src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
6697 (PUBKEY_FLAG_USE_X931): New.
6698 (PUBKEY_FLAG_USE_FIPS186): New.
6699 (PUBKEY_FLAG_USE_FIPS186_2): New.
6700 * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from
6701 parse_flags_list. Parse new flags.
6702 * cipher/dsa.c (dsa_generate): Support flag list.
6703 * cipher/ecc.c (ecc_generate): Ditto.
6704 * cipher/rsa.c (rsa_generate): Ditto.
6706 pubkey: Remove duplicated flag parsing code.
6707 + commit 5be2345ddec4147e535d5b039ee74f84bcacf9e4
6708 * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval)
6709 (_gcry_pk_util_data_to_mpi): Factor flag parsing code out to ..
6710 (parse_flag_list): New.
6711 * src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New.
6713 mpicalc: Accept lowercase hex digits.
6714 + commit 0cd551faa775ad5309a40629ae30bf86b75fca09
6715 * src/mpicalc.c (main): Test for lowercase hex digits.
6717 2013-10-11 Werner Koch <wk@gnupg.org>
6719 pubkey: Move sexp parsing of remaining fucntions to the modules.
6720 + commit a951c061523e1c13f1358c9760fc3a9d787ab2d4
6721 * cipher/pubkey.c (release_mpi_array): Remove.
6722 (pubkey_check_secret_key): Remove.
6723 (sexp_elements_extract): Remove.
6724 (sexp_elements_extract_ecc): Remove.
6725 (sexp_to_key): Remove.
6726 (get_hash_algo): Remove.
6727 (gcry_pk_testkey): Revamp.
6728 (gcry_pk_get_curve): Revamp.
6729 * cipher/rsa.c (rsa_check_secret_key): Revamp.
6730 * cipher/elgamal.c (elg_check_secret_key): Revamp.
6731 * cipher/dsa.c (dsa_check_secret_key): Revamp.
6732 * cipher/ecc.c (ecc_check_secret_key): Revamp.
6733 * cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h
6734 (_gcry_ecc_get_curve): Revamp.
6736 * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and
6737 used parameters on error to NULL.
6739 pubkey: Move sexp parsing for gcry_pk_decrypt to the modules.
6740 + commit 07950c865a901afc48acb46f0695040cadfd5068
6741 * cipher/rsa.c (rsa_decrypt): Revamp.
6742 * cipher/elgamal.c (elg_decrypt): Revamp.
6743 * cipher/ecc.c (ecc_decrypt_raw): Revamp.
6744 * cipher/pubkey.c (gcry_pk_decrypt): Simplify.
6745 (sexp_to_enc): Remove.
6746 * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New.
6748 pubkey: Move sexp parsing for gcry_pk_encrypt to the modules.
6749 + commit 6bd5d18c45a4a3ce8f0f66f56c83b80594877f53
6750 * cipher/rsa.c (rsa_encrypt): Revamp.
6751 * cipher/elgamal.c (elg_encrypt): Revamp.
6752 * cipher/ecc.c (ecc_encrypt_raw): Revamp.
6753 * cipher/pubkey.c (gcry_pk_encrypt): Simplify.
6755 * tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so
6756 that they are initialized even after an encrypt failure.
6758 pubkey: Move sexp parsing for gcry_pk_sign to the modules.
6759 + commit d0ae6635e4e6ae273c3a137c513d518f28f6eab3
6760 * cipher/rsa.c (rsa_sign): Revamp.
6761 * cipher/dsa.c (dsa_sign): Revamp.
6762 * cipher/elgamal.c (elg_sign): Revamp.
6763 * cipher/ecc.c (ecc_sign): Revamp.
6764 * cipher/pubkey.c (gcry_pk_sign): Simplify.
6766 2013-10-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6768 Prevent tail call optimization with _gcry_burn_stack.
6769 + commit 150c0313f971bcea62d2802f0389c883e11ebb31
6770 * configure.ac: New check, HAVE_GCC_ASM_VOLATILE_MEMORY.
6771 * src/g10lib.h (_gcry_burn_stack): Rename to __gcry_burn_stack.
6772 (__gcry_burn_stack_dummy): New.
6773 (_gcry_burn_stack): New macro.
6774 * src/misc.c (_gcry_burn_stack): Rename to __gcry_burn_stack.
6775 (__gcry_burn_stack_dummy): New.
6777 2013-10-09 Werner Koch <wk@gnupg.org>
6779 pubkey: Move sexp parsing for gcry_pk_verify to the modules.
6780 + commit 94b652ecb006c29fa2ffb1badc9f02b758581737
6781 * cipher/rsa.c (rsa_verify): Revamp.
6782 * cipher/dsa.c (dsa_verify): Revamp.
6783 * cipher/elgamal.c (elg_verify): Revamp.
6784 * cipher/ecc.c (ecc_verify): Revamp.
6785 * cipher/pubkey.c (sexp_to_sig): Remove.
6786 (pss_verify_cmp): Move to pubkey-util.c
6787 (sexp_data_to_mpi): Ditto.
6788 (init_encoding_ctx): Ditto.
6789 (gcry_pk_verify): Simplify.
6790 * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take
6792 (get_hash_algo): Ditto.
6793 (_gcry_pk_util_data_to_mpi): Ditto.
6794 (pss_verify_cmp): Ditto.
6795 (_gcry_pk_util_extract_mpis): New.
6796 (_gcry_pk_util_preparse_sigval): New.
6797 (_gcry_pk_util_free_encoding_ctx): New.
6798 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init
6801 * src/g10lib.h (GCC_ATTR_SENTINEL): New.
6803 * tests/basic.c (check_pubkey_sign): Print the algo name.
6804 (main): Add option --pubkey.
6806 2013-10-08 Werner Koch <wk@gnupg.org>
6808 pubkey: Move sexp parsing for gcry_pk_get_nbits to the modules.
6809 + commit 4645f3728bb0900591b0aef85831fdee52c59e3c
6810 * cipher/pubkey.c (spec_from_sexp): New.
6811 (gcry_pk_get_nbits): Simplify.
6812 * cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp
6814 * cipher/dsa.c (dsa_get_nbits): Ditto.
6815 * cipher/elgamal.c (elg_get_nbits): Ditto.
6816 * cipher/ecc.c (ecc_get_nbits): Ditto.
6817 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg
6820 pubkey: Move sexp parsing for gcry_pk_getkey to the modules.
6821 + commit 3816e46ce211e63adf46dbc775510aa137572248
6822 * cipher/pubkey-util.c: New.
6823 (_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey.
6824 (_gcry_pk_util_get_rsa_use_e): Ditto.
6825 * cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass.
6826 * cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE.
6827 Call new fucntions to get these values.
6828 * cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE.
6829 Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms.
6830 * cipher/elgamal.c (elg_generate): Ditto.
6831 * cipher/ecc.c (ecc_generate): Ditto.
6833 cipher: Deprecate GCRY_PK_ELG_E.
6834 + commit f79d3e13d3229115c47cbe5007647cb44105fe3f
6835 * cipher/elgamal.c (_gcry_pubkey_spec_elg_e): Remove.
6836 * cipher/pubkey.c (pubkey_list): Remove double included
6837 _gcry_pubkey_spec_elg.
6838 (map_algo): MAke ELG_E to ELG.
6840 2013-10-02 Werner Koch <wk@gnupg.org>
6842 Provide Pth compatiblity for use with GnuPG 2.0.
6843 + commit 2f767f6a17f7e99da4075882f7fe3ca597b31bdb
6844 * src/ath.c (ath_install): Call ath_init and declare Pth as
6847 2013-10-02 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6849 sha512: fix building on ARM.
6850 + commit 6410152338a2b2ac1216e70c153cd16f9199c94e
6851 * cipher/sha512.c (transform) [USE_ARM_NEON_ASM]: Fix 'hd' to 'ctx'.
6853 2013-10-02 Werner Koch <wk@gnupg.org>
6855 Remove deprecated control codes.
6856 + commit f04a1db22d982627ba87da4e5df52df9b994c779
6857 * src/gcrypt.h.in (GCRYCTL_SET_KEY): Remove.
6858 (GCRYCTL_SET_IV): Remove.
6859 (GCRYCTL_SET_CTR): Remove.
6860 * cipher/md.c (gcry_md_ctl): Remove deprecated GCRYCTL_SET_KEY.
6861 * cipher/cipher.c (gcry_cipher_ctl): Remove deprecated
6862 GCRYCTL_SET_KEY, GCRYCTL_SET_IV, GCRYCTL_SET_CTR.
6864 2013-10-02 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
6866 Fix errors when building with Clang on PPC.
6867 + commit 33757c1e03f1d885920633edf543cd1c77999455
6868 * mpi/longlong.h (add_ssaaaa, sub_ddmmss, count_leading_zeros,
6869 umul_ppmm): Do not cast asm output to USItype.
6871 2013-10-02 Werner Koch <wk@gnupg.org>
6873 Remove last remains of the former module system.
6874 + commit 628ed5ba0ef4b1f04b5a77e29e4bc49a1fe13c07
6875 * src/gcrypt-module.h, src/module.c: Remove.
6876 * src/visibility.h: Do not include gcrypt-module.h.
6877 * src/g10lib.h: Remove all prototypes from module.c
6878 (gcry_module): Remove.
6879 * cipher/cipher-internal.h (gcry_cipher_handle): Remove unused field.
6881 Fix missing prototype warning in visibility.c.
6882 + commit 52783d483293d48cd468143ae6ae2cccbfe17200
6883 * src/ec-context.h (_gcry_mpi_ec_new): Move prototype to mpi.h.
6885 md: Simplify the message digest dispatcher md.c.
6886 + commit 0d39997932617ba20656f8bcc230ba744b76c87e
6887 * src/gcrypt-module.h (gcry_md_spec_t): Move to ...
6888 * src/cipher-proto.h: here. Merge with md_extra_spec_t. Add fields
6889 ALGO and FLAGS. Set these fields in all digest modules.
6890 * cipher/md.c: Change most code to replace the former module
6891 system by a simpler system to gain information about the algorithms.
6893 2013-10-01 Werner Koch <wk@gnupg.org>
6895 cipher: Simplify the cipher dispatcher cipher.c.
6896 + commit 3ca180b25e8df252fc16f802cfdc27496e307830
6897 * src/gcrypt-module.h (gcry_cipher_spec_t): Move to ...
6898 * src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with
6899 cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in
6901 * cipher/cipher.c: Change most code to replace the former module
6902 system by a simpler system to gain information about the algorithms.
6903 (disable_pubkey_algo): Simplified. Not anymore thread-safe, though.
6905 * cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real
6906 problem because both define the same function as their first field.
6908 * cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag.
6910 mpi: Fix gcry_mpi_neg.
6911 + commit 4153fa859816e799e506055321a22e6450aacdcc
6912 * mpi/mpiutil.c (_gcry_mpi_neg): Copy U to W.
6914 2013-10-01 Peter Wu <lekensteyn@gmail.com>
6916 cipher: Add support for 128-bit keys in RC2.
6917 + commit 738177ec0eae05069ec61bc4f724a69d4e052e42
6918 * cipher/rfc2268.c (oids_rfc2268_128): New
6919 (_gcry_cipher_spec_rfc2268_128): New.
6920 * cipher/cipher.c (cipher_table_entry): Add GCRY_CIPHER_RFC2268_128.
6922 2013-09-30 Werner Koch <wk@gnupg.org>
6924 ecc: Use faster b parameter for Ed25519.
6925 + commit 1d85452412b65e7976bc94969fc513ff6b880ed8
6926 * cipher/ecc-curves.c (domain_parms): Replace b.
6927 * tests/t-mpi-point.c (test_curve): Ditto.
6929 ecc: Prepare for future Ed25519 optimization.
6930 + commit a2618c822e666d4121cba29bee3fd50bf70c9743
6931 * mpi/ec-ed25519.c: New but empty file.
6932 * mpi/ec-internal.h: New.
6933 * mpi/ec.c: Include ec-internal.h.
6935 (ec_addm): Use ec_mod.
6936 (ec_mulm): Remove commented code. Use ec_mod.
6937 (ec_subm): Call simple sub.
6938 (ec_pow2): Use ec_mulm.
6940 (dup_point_weierstrass): Use ec_mul2.
6941 (dup_point_twistededwards): Add special case for a == -1. Use
6943 (add_points_weierstrass): Use ec_mul2.
6944 (add_points_twistededwards): Add special case for a == -1.
6945 (_gcry_mpi_ec_curve_point): Ditto.
6946 (ec_p_init): Add hack to test Barrett functions.
6947 * src/ec-context.h (mpi_ec_ctx_s): Add P_BARRETT.
6949 * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Fix sign problem.
6951 ecc: Fix recomputing of Q for Ed25519.
6952 + commit c325adb8f5092b80a626bd3bb5e49cf7f3a29fc8
6953 * cipher/ecc-misc.c (reverse_buffer): New.
6954 (_gcry_ecc_compute_public): Add ED255519 specific code.
6955 * cipher/ecc.c (sign_eddsa): Allocate DIGEST in secure memory. Get
6957 * tests/t-mpi-point.c (context_param): Test recomputing of Q for
6960 log: Try to print s-expressions in a more compact format.
6961 + commit d69a13d3d1c14ad6a6aa7cd349d6d2dfb152d422
6962 * src/misc.c (count_closing_parens): New.
6963 (_gcry_log_printsxp): Use new function.
6964 * mpi/ec.c (_gcry_mpi_point_log): Take care of a NULL point.
6966 2013-09-30 Jussi Kivilinna <jussi.kivilinna@iki.fi>
6968 Make Whirlpool use the _gcry_md_block_write helper.
6969 + commit 68cefd0f1d60ac33b58031df9b1d165cb1bf0f14
6970 * cipher/whirlpool.c (whirlpool_context_t): Add 'bctx', remove
6971 'buffer', 'count' and 'nblocks'.
6972 (whirlpool_init): Initialize 'bctx'.
6973 (whirlpool_transform): Adjust context argument type and burn stack
6975 (whirlpool_add): Remove.
6976 (whirlpool_write): Use _gcry_md_block_write.
6977 (whirlpool_final, whirlpool_read): Adjust for 'bctx' usage.
6979 whirlpool: add stack burning after transform.
6980 + commit a96d622e1a36d40d1504b7ada567e90ec9957443
6981 * cipher/whirlpool.c (whirlpool_transform): Return burn stack depth.
6982 (whirlpool_add): Do burn_stack.
6984 whirlpool: do bitcount calculation in finalization part.
6985 + commit 10d7351411f19bb2c03d2e24ca5a38dabe45023b
6986 * cipher/whirlpool.c (whirlpool_context_t): Remove 'length', add
6988 (whirlpool_add): Update 'nblocks' instead of 'length', and add early
6990 (whirlpool_write): Check for 'nblocks' overflow.
6991 (whirlpool_final): Convert 'nblocks' to bit-counter, and use
6992 whirlpool_write instead of whirlpool_add.
6994 2013-09-30 Werner Koch <wk@gnupg.org>
6996 Add logging functions to the API.
6997 + commit d2076f27bb7c5d505abf25fc622d21794c4a5df3
6998 * src/gcrypt.h.in (_GCRY_GCC_ATTR_PRINTF): New.
6999 (gcry_log_debug, gcry_log_debughex, gcry_log_debugmpi): New.
7000 (gcry_log_debugpnt, gcry_log_debugsxp): New.
7001 * src/visibility.c (gcry_log_debug): New.
7002 (gcry_log_debughex, gcry_log_debugmpi, gcry_log_debugpnt): New.
7003 (gcry_log_debugsxp): New.
7004 * src/libgcrypt.def, src/libgcrypt.vers: Add new functions.
7005 * src/misc.c (_gcry_logv): Make public.
7006 (_gcry_log_printsxp): New.
7007 * src/g10lib.h (log_printsxp): New macro.
7009 2013-09-26 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7011 Make libgcrypt build with Clang on i386.
7012 + commit db60d828137c4f3682ca4ca2a54fe3d96d3db5f9
7013 * cipher/longlong.h [__i386__] (add_ssaaaa, sub_ddmmss)
7014 (umul_ppmm, udiv_qrnnd): Do not cast asm output to USItype.
7016 2013-09-25 Werner Koch <wk@gnupg.org>
7018 mpi: Change not yet used _gcry_mpi_set_opaque_copy.
7019 + commit 1c6660debdbf1e4c3e80074c846a3e3097f214bb
7020 * mpi/mpiutil.c (_gcry_mpi_set_opaque_copy): Change prototype.
7021 (_gcry_mpi_get_opaque_copy): Take care of gcry_malloc failure.
7023 sexp: Improve printing of data with a leading zero.
7024 + commit 9b7c49971588edf6acfc74bfb797eb79d19cb350
7025 * src/sexp.c (suitable_encoding): Detect leading zero byte.
7027 ecc: Allow the name "q@eddsa" to get/set the public key.
7028 + commit d6683d2a6065986a9198d2d2eaa02c005b68cea4
7029 * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Support "q@eddsa".
7030 (_gcry_ecc_set_mpi): Support "q".
7031 * cipher/ecc.c (eddsa_encodepoint): Rename to ...
7032 (_gcry_ecc_eddsa_encodepoint): this and make global. Remove arg
7033 MINLEN and take from context.
7034 (eddsa_decodepoint): Rename to
7035 (_gcry_ecc_eddsa_decodepoint): this and make global. Remove arg LEN
7036 and take from context.
7037 (sign_eddsa, verify_eddsa): Take B from context.
7038 (ecc_sign, ecc_verify): Add hack to set DIALECT.
7039 (_gcry_pk_ecc_get_sexp): Use _gcry_ecc_compute_public. Handle EdDSA.
7040 * src/ec-context.h (mpi_ec_ctx_s): Add field NBITS.
7041 * mpi/ec.c (ec_p_init): Init NBITS.
7042 * tests/t-mpi-point.c (test_curve): Add Ed25519.
7043 (sample_ed25519_q): New.
7044 (context_param): Check new sample key.
7045 (hex2buffer, hex2mpiopa): New.
7046 (cmp_mpihex): Take care of opaque MPIs.
7048 mpicalc: Add statement to compute the number of bits.
7049 + commit 9a4447ccd1b90bcd701941e80a7f484a1825fcea
7050 * src/mpicalc.c (do_nbits): New.
7051 (main): Add statement 'b'.
7053 ecc: Refactor low-level access functions.
7054 + commit 64a7d347847d606eb5f4c156e24ba060271b8f6b
7055 * mpi/ec.c (point_copy): Move to cipher/ecc-curves.c.
7056 (ec_get_reset): Rename to _gcry_mpi_ec_get_reset and make global.
7057 (_gcry_mpi_ec_get_mpi): Factor most code out to _gcry_ecc_get_mpi.
7058 (_gcry_mpi_ec_get_point): Factor most code out to _gcry_ecc_get_point.
7059 (_gcry_mpi_ec_set_mpi): Factor most code out to _gcry_ecc_set_mpi.
7060 (_gcry_mpi_ec_set_point): Factor most code out to _gcry_ecc_set_point.
7061 * cipher/ecc-curves.c (_gcry_ecc_get_mpi): New.
7062 (_gcry_ecc_get_point, _gcry_ecc_set_mpi, _gcry_ecc_set_point): New.
7063 * cipher/ecc-misc.c (_gcry_ecc_compute_public): New.
7065 ecc: Fix highly unlikely endless loop in sign_ecdsa.
7066 + commit 1f5f4452e5bca105ec2197a4facbf9778e7dc31e
7067 * cipher/ecc.c (sign_ecdsa): Turn while-do into do-while loops.
7069 2013-09-24 Werner Koch <wk@gnupg.org>
7071 ecc: Allow the use of an uncompressed public key.
7072 + commit df013c9820709421ef9550158ac5df0060d73379
7073 * cipher/ecc.c (eddsa_encodepoint): Factor most code out to ...
7074 (eddsa_encode_x_y): new fucntion.
7075 (eddsa_decodepoint): Allow use of an uncompressed public key.
7076 * tests/t-ed25519.c (N_TESTS): Adjust.
7077 * tests/t-ed25519.inp: Add test 1025.
7079 2013-09-23 Werner Koch <wk@gnupg.org>
7081 pk: Add algo id GCRY_PK_ECC and deprecate ECDSA and ECDH.
7082 + commit d5f91466695c5736f441c9bf1998436184a4bf61
7083 * src/gcrypt.h.in (GCRY_PK_ECC): New.
7084 * cipher/pubkey.c (map_algo): New.
7085 (spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it.
7086 * cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC.
7087 (run_selftests): Simplify.
7088 (ecdh_names, ecdsa_names): Merge into a new ecc_names.
7089 (_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new
7090 _gcry_pubkey_spec_ecc.
7092 ec: Use mpi_mulm instead of mpi_powm.
7093 + commit 4552437bb3c5ff96a889fd31e4bc504b2a12fac7
7094 * mpi/ec.c (ec_pow2): New.
7095 (ec_powm): Remove call to mpi_abs.
7096 (dup_point_weierstrass, dup_point_twistededwards)
7097 (add_points_weierstrass, add_points_twistededwards)
7098 (_gcry_mpi_ec_curve_point): Use ec_pow2.
7100 2013-09-21 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7102 bufhelp: enable fast unaligned memory accesses on powerpc.
7103 + commit 925d4fb3e8f2df3c5566ec6b5df7620a3d3504e5
7104 * cipher/bufhelp.h [__powerpc__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set
7106 [__powerpc64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Ditto.
7108 Remove i386 inline assembly version of rotation functions.
7109 + commit cfea5c28a3822e1e7e401e5107ebe07ba7fdcf37
7110 * cipher/bithelp.h (rol, ror): Remove i386 version, change
7111 macros to inline functions.
7112 * src/hmac256.c (ror): Ditto.
7114 Optimize and cleanup 32-bit and 64-bit endianess transforms.
7115 + commit 9337e03824a5bdd3bbbcb8382cabefe6d6c32e1e
7116 * cipher/bithelp.h (bswap32, bswap64, le_bswap32, be_bswap32)
7117 (le_bswap64, be_bswap64): New.
7118 * cipher/bufhelp.h (buf_get_be32, buf_get_le32, buf_put_le32)
7119 (buf_put_be32, buf_get_be64, buf_get_le64, buf_put_be64)
7120 (buf_put_le64): New.
7121 * cipher/blowfish.c (do_encrypt_block, do_decrypt_block): Use new
7122 endian conversion helpers.
7123 (do_bf_setkey): Turn endian specific code to generic.
7124 * cipher/camellia.c (GETU32, PUTU32): Use new endian conversion
7126 * cipher/cast5.c (rol): Remove, use rol from bithelp.
7127 (F1, F2, F3): Fix to use rol from bithelp.
7128 (do_encrypt_block, do_decrypt_block, do_cast_setkey): Use new endian
7130 * cipher/des.c (READ_64BIT_DATA, WRITE_64BIT_DATA): Ditto.
7131 * cipher/md4.c (transform, md4_final): Ditto.
7132 * cipher/md5.c (transform, md5_final): Ditto.
7133 * cipher/rmd160.c (transform, rmd160_final): Ditto.
7134 * cipher/salsa20.c (LE_SWAP32, LE_READ_UINT32): Ditto.
7135 * cipher/scrypt.c (READ_UINT64, LE_READ_UINT64, LE_SWAP32): Ditto.
7136 * cipher/seed.c (GETU32, PUTU32): Ditto.
7137 * cipher/serpent.c (byte_swap_32): Remove.
7138 (serpent_key_prepare, serpent_encrypt_internal)
7139 (serpent_decrypt_internal): Use new endian conversion helpers.
7140 * cipher/sha1.c (transform, sha1_final): Ditto.
7141 * cipher/sha256.c (transform, sha256_final): Ditto.
7142 * cipher/sha512.c (__transform, sha512_final): Ditto.
7143 * cipher/stribog.c (transform, stribog_final): Ditto.
7144 * cipher/tiger.c (transform, tiger_final): Ditto.
7145 * cipher/twofish.c (INPACK, OUTUNPACK): Ditto.
7146 * cipher/whirlpool.c (buffer_to_block, block_to_buffer): Ditto.
7147 * configure.ac (gcry_cv_have_builtin_bswap32): Check for compiler
7148 provided __builtin_bswap32.
7149 (gcry_cv_have_builtin_bswap64): Check for compiler provided
7152 gostr3411_94: set better burn stack depth estimate.
7153 + commit 7409de7bc28ff8847c9d71d8c3e35e1968d59d60
7154 * cipher/gost28147.c (_gcry_gost_enc_one): Account function stack to
7156 * cipher/gostr3411-94.c (max): New macro.
7157 (do_hash_step, transform): Return stack burn depth.
7159 Use hash transform function return type for passing burn stack depth.
7160 + commit 592c2ab3deeeccbb6d3b078ed7bf0e6627c8e1fb
7161 * cipher/gostr4311-94.c (transform): Return stack burn depth.
7162 * cipher/hash-common.c (_gcry_md_block_write): Use stack burn depth
7163 returned by 'hd->bwrite'.
7164 * cipher/hash-common.h (_gcry_md_block_write_t): Change return type to
7166 (gry_md_block_ctx_t): Remove 'stack_burn'.
7167 * cipher/md4.c (transform): Return stack burn depth.
7168 (md4_final): Use stack burn depth from transform.
7169 * cipher/md5.c (transform): Return stack burn depth.
7170 (md5_final): Use stack burn depth from transform.
7171 * cipher/rmd160.c (transform): Return stack burn depth.
7172 (rmd160_final): Use stack burn depth from transform.
7173 * cipher/sha1.c (transform): Return stack burn depth.
7174 (sha1_final): Use stack burn depth from transform.
7175 * cipher/sha256.c (transform): Return stack burn depth.
7176 (sha256_final): Use stack burn depth from transform.
7177 * cipher/sha512.c (__transform, transform): Return stack burn depth.
7178 (sha512_final): Use stack burn depth from transform.
7179 * cipher/stribog.c (transform64): Return stack burn depth.
7180 * cipher/tiger.c (transform): Return stack burn depth.
7181 (tiger_final): Use stack burn depth from transform.
7183 Make STRIBOG use the new _gcry_md_block_write helper.
7184 + commit 902ea6052c11108bd19333c31b03e084bed1fb86
7185 * cipher/stribog.c (STRIBOG_STRUCT): Add 'bctx' and remove 'buf' and
7187 (stribog_init_512): Initialize 'bctx'.
7188 (transform64): New function.
7189 (stribog_write): Remove.
7190 (stribog_final): Use _gcry_md_block_write and bctx.
7191 (_gcry_digest_spec_stribog_256, _gcry_digest_spec_stribog_512): Use
7192 _gcry_md_block_write.
7194 Make SHA-512 use the new _gcry_md_block_write helper.
7195 + commit cce7449efe471b076c5a97929ac8907162011394
7196 * cipher/hash-common.c (_gcry_md_block_write): Check that hd->buf is
7198 * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE, MD_NBLOCKS_TYPE): New
7200 (gcry_md_block_ctx_t): Use above macros for 'nblocks' and 'buf'.
7201 * cipher/sha512.c (SHA512_STATE): New struct.
7202 (SHA512_CONTEXT): Add 'bctx' and 'state'.
7203 (sha512_init, sha384_init): Initialize 'bctx'.
7204 (__transform, _gcry_sha512_transform_armv7_neon): Use SHA512_STATE for
7206 (transform): For now, do not return burn stack.
7207 (sha512_write): Remove.
7208 (sha512_final): Use _gcry_md_block_write and bctx.
7209 (_gcry_digest_spec_sha512, _gcry_digest_spec_sha384): Use
7210 _gcry_md_block_write.
7212 2013-09-20 Werner Koch <wk@gnupg.org>
7214 sexp: Change internal versions to always use gpg_err_code_t.
7215 + commit 3e5cfa20acfeccb9df2c3fae2730344b40b36104
7216 * src/sexp.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_build)
7217 (gcry_sexp_build_array, gcry_sexp_canon_len): Change error return type
7218 from gpg_error_t to gpg_err_code_t. Remove all calls to gpg_error.
7219 * src/visibility.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_sscan)
7220 (gcry_sexp_build, gcry_sexp_build_array, gcry_sexp_canon_len): Map
7221 error codes via gpg_error.
7222 * cipher/dsa.c, cipher/ecc.c, cipher/elgamal.c, cipher/rsa.c: Remove
7223 use gpg_err_code wrappers.
7225 pk: Move s-exp creation for gcry_pk_decrypt to the modules.
7226 + commit 722bfc1e5f2268453db62f38cc46b5ec6ef3adee
7227 * cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it
7229 (gcry_pk_decrypt): Move result s-exp building into the modules.
7230 * src/cipher-proto.h (gcry_pk_decrypt_t): Add some args.
7231 * cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp.
7232 * cipher/elgamal.c (elg_decrypt): Ditto.
7233 * cipher/rsa.c (rsa_decrypt): Ditto.
7234 (rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several
7235 extra MPI allocations.
7237 pk: Remove unused function.
7238 + commit 64cd7ab93da7c95cc8aa320c61c6e29f9e2399c4
7239 * cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove
7241 2013-09-19 Werner Koch <wk@gnupg.org>
7243 Beautify debug output of the prime generator.
7244 + commit 6576f0a7684292cb5691bfcabad0acca4c06c014
7245 * cipher/primegen.c: Adjust output of log_mpidump to recently changed
7246 log_mpidump code changes.
7248 pk: Move s-expr creation for genkey to the modules.
7249 + commit 1bf08850bf9343146c938bc03917417e16393e9a
7250 * cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey
7251 (gcry_pk_genkey): Move result s-exp creation into the modules.
7252 * cipher/dsa.c (dsa_generate): Create result as s-exp.
7253 * cipher/elgamal.c (elg_generate): Ditto.
7254 * cipher/rsa.c (rsa_generate): Ditto.
7255 * cipher/ecc.c (ecc_generate): Ditto.
7256 * src/cipher-proto.h (pk_ext_generate_t): Remove type
7257 (gcry_pk_spec): and remove from struct.
7259 tests: Beautify some diagnostics.
7260 + commit 2fe084873333c4d67bcfba0b527d63cd3cff6c47
7261 * tests/benchmark.c (ecc_bench): Print the key sexp in very verbose
7263 (main): Add option --pk-count.
7264 * tests/keygen.c: Add Elgamal generation and improved diagnostics.
7265 * tests/t-ed25519.c (check_ed25519): Print running number of tests
7268 sexp: Improve printing data representing a negative number.
7269 + commit b3f3d47d347c14ed41d755cee580f000309b9c03
7270 * src/sexp.c (suitable_encoding): Detect a negative number.
7272 pk: Move RSA encoding functions to a new file.
7273 + commit 071f70b9a766187fc70f6abc6a69d50752449285
7274 * cipher/rsa-common: New.
7275 * cipher/pubkey.c (pkcs1_encode_for_encryption): Move to rsa-common.c
7276 and rename to _gcry_rsa_pkcs1_encode_for_enc.
7277 (pkcs1_decode_for_encryption): Move to rsa-common.c and rename to
7278 _gcry_rsa_pkcs1_decode_for_enc.
7279 (pkcs1_encode_for_signature): Move to rsa-common.c and rename to
7280 _gcry_rsa_pkcs1_encode_for_sig.
7281 (oaep_encode): Move to rsa-common.c and rename to
7282 _gcry_rsa_oaep_encode.
7283 (oaep_decode): Move to rsa-common.c and rename to
7284 _gcry_rsa_oaep_decode.
7285 (pss_encode): Move to rsa-common.c and rename to _gcry_rsa_pss_encode.
7286 (pss_verify): Move to rsa-common.c and rename to _gcry_rsa_pss_decode.
7287 (octet_string_from_mpi, mgf1): Move to rsa-common.c.
7289 pk: Move s-expr creation for sign and encrypt to the modules.
7290 + commit eca9e2e50ddd4c9020fe1d4a9a3c77d20ebb90f6
7291 * cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt.
7292 (pubkey_decrypt): Fold into gcry_pk_decrypt.
7293 (pubkey_sign): Fold into gcry_pk_sign.
7294 (pubkey_verify): Fold into gcry_pk_verify.
7295 (octet_string_from_mpi): Make it a wrapper and factor code out to ...
7296 * mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function.
7298 * src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New.
7299 * cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings.
7300 (gcry_pk_encrypt): Simply by moving the s-expr generation to the modules.
7301 (gcry_pk_sign): Ditto.
7302 * cipher/dsa.c (dsa_sign): Create s-expr.
7303 * cipher/elgamal.c (elg_encrypt, elg_sign): Ditto.
7304 * cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto.
7305 * cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto.
7306 (ecdsa_names): Add "eddsa".
7307 * tests/t-ed25519.c (one_test): Expect "eddsa" token.
7309 2013-09-19 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
7311 Fix Stribog digest on bigendian platforms.
7312 + commit d399faf5db71d429bfd6fa4a9cfc82e2a55055f0
7313 * cipher/stribog.c (stribog_final): swap bytes in the result of digest
7316 2013-09-18 Werner Koch <wk@gnupg.org>
7318 pk: Simplify the public key dispatcher pubkey.c.
7319 + commit 85722afb379f7a392a8117b895de273fd88c4ebc
7320 * src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS.
7321 * cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields.
7322 * cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto.
7323 (_gcry_pubkey_spec_ecdh): Ditto.
7324 * cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto.
7325 * cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto
7326 (_gcry_pubkey_spec_elg_e): New.
7327 * cipher/pubkey.c: Change most code to replace the former module
7328 system by a simpler system to gain information about the algorithms.
7329 (disable_pubkey_algo): SImplified. Not anymore thread-safe, though.
7331 pk: Merge extraspecs struct with standard specs struct.
7332 + commit 89103ce00e862cc709e80fa41f2ee13d54093ec5
7333 * src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the
7334 corresponding function typedefs to ...
7335 * src/cipher-proto.h: here.
7336 (pk_extra_spec_t): Remove typedef and merge fields into
7338 * cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto.
7339 * cipher/pubkey.c: Change accordingly.
7340 * src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove.
7341 (_gcry_pubkey_extraspec_dsa): Remove.
7342 (_gcry_pubkey_extraspec_elg): Remove.
7343 (_gcry_pubkey_extraspec_ecdsa): Remove.
7345 2013-09-18 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7347 Fix encryption/decryption return type for GOST28147.
7348 + commit 2ad7ea9cb388fd31e4b0852b68d77f599ef4adce
7349 * cipher/gost.h (_gcry_gost_enc_one): Change return type to
7351 * cipher/gost28147.c (max): New macro.
7352 (gost_encrypt_block, gost_decrypt_block): Return burn stack depth.
7353 (_gcry_gost_enc_one): Return burn stack depth from gost_encrypt_block.
7355 2013-09-18 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
7357 doc: fix building of ps and pdf documentation.
7358 + commit bd33fa21c9afc6c81e0da24016fc13001e9c7390
7359 * doc/gcrypt.texi, doc/gpl.texi, doc/lgpl.texi: fix texinfo errors.
7361 Add GOST R 34.11-2012 implementation (Stribog)
7362 + commit c22064bdd773a807801e300aa9214b2fdcafcf20
7363 * src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256)
7364 (GCRY_MD_GOSTR3411_12_512): New.
7365 * cipher/stribog.c: New.
7366 * configure.ac (available_digests_64): Add stribog.
7367 * src/cipher.h: Declare Stribog declarations.
7368 * cipher/md.c: Register Stribog digest.
7369 * tests/basic.c (check_digests) Add 4 testcases for Stribog from
7371 * doc/gcrypt.texi: Document new constants.
7373 Add basic implementation of GOST R 34.11-94 message digest.
7374 + commit b0579baaa04fb91eabbbdc295bcabea04cf84056
7375 * src/gcrypt.h.in (GCRY_MD_GOSTR3411_94): New.
7376 * cipher/gostr3411-94.c: New.
7377 * configure.ac (available_digests): Add gostr3411-94.
7378 * src/cipher.h: Add gostr3411-94 definitions.
7379 * cipher/md.c: Register GOST R 34.11-94.
7380 * tests/basic.c (check_digests): Add 4 tests for GOST R 34.11-94
7381 hash algo. Two are defined in the standard itself, two other are
7382 more or less common tests - an empty string an exclamation mark.
7383 * doc/gcrypt.texi: Add an entry describing GOST R 34.11-94 to the MD
7386 Separate common md block code.
7387 + commit ecde77ad98690540abb21db08e5531297ed72bd0
7388 * cipher/hash-common.c (_gcry_md_block_write): New function to handle
7389 block md operations. The current implementation is limited to 64 byte
7390 buffer and u32 block counter.
7392 * cipher/md4.c, cipher/md5.c, cipher/rmd.h, cipher/rmd160.c
7393 *cipher/sha1.c, cipher/sha256.c, cipher/tiger.c: Convert to use
7394 _gcry_md_block_write.
7396 Add limited implementation of GOST 28147-89 cipher.
7397 + commit 56b5949f71f501744998f5ebc12488ebf6f1c0b5
7398 * src/gcrypt.h.in (GCRY_CIPHER_GOST28147): New.
7399 * cipher/gost.h, cipher/gost28147.c: New.
7400 * configure.ac (available_ciphers): Add gost28147.
7401 * src/cipher.h: Add gost28147 definitions.
7402 * cipher/cipher.c: Register gost28147.
7403 * tests/basic.c (check_ciphers): Enable simple test for gost28147.
7404 * doc/gcrypt.texi: document GCRY_CIPHER_GOST28147.
7406 2013-09-18 Werner Koch <wk@gnupg.org>
7408 ecc: Add Ed25519 key generation and prepare for optimizations.
7409 + commit 63cd3474425cb5a7ec4d1a56be15b248ecda4680
7410 * src/mpi.h (enum ecc_dialects): New.
7411 * src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT.
7412 * cipher/ecc-common.h (elliptic_curve_t): Ditto.
7413 * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
7414 (domain_parms): Add dialect values.
7415 (_gcry_ecc_fill_in_curve): Set dialect.
7416 (_gcry_ecc_get_curve): Ditto.
7417 (_gcry_mpi_ec_new): Ditto.
7418 (_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now.
7419 * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect.
7420 (_gcry_ecc_dialect2str): New.
7421 * mpi/ec.c (ec_p_init): Add arg DIALECT.
7422 (_gcry_mpi_ec_p_internal_new): Ditto.
7423 (_gcry_mpi_ec_p_new): Ditto.
7425 * mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag.
7426 (_gcry_mpi_set_opaque_copy): New.
7428 * cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI.
7429 * cipher/ecc.c (eddsa_generate_key): New.
7430 (generate_key): Rename to nist_generate_key and factor some code out
7432 (ecc_generate_ext): here. Divert to eddsa_generate_key if desired.
7433 (eddsa_decodepoint): Take care of an opaque MPI.
7434 (ecc_check_secret_key): Ditto.
7436 * cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret
7438 (gcry_pk_genkey): Add the curve_name also to the private key part of
7441 * tests/benchmark.c (ecc_bench): Support Ed25519.
7442 (main): Add option --debug.
7443 * tests/curves.c (sample_key_2): Make sure that P and N are positive.
7444 * tests/keygen.c (show): New.
7445 (check_ecc_keys): Support Ed25519.
7447 2013-09-17 Werner Koch <wk@gnupg.org>
7449 mpi: Support printing of negative numbers.
7450 + commit 89fe2173649a72019d75e059e6c6938efd10421f
7451 * mpi/mpicoder.c (twocompl, onecompl): New.
7452 (gcry_mpi_print): Use it for STD and SSH.
7453 (gcry_mpi_scan): Use it for STD and SSH. Always set NSCANNED.
7454 (gcry_mpi_aprint): Clear the extra allocated byte.
7455 * tests/t-convert.c (showhex, showmpi): New.
7456 (mpi2bitstr_nlz): New.
7457 (check_formats): New.
7458 (main): Call new test.
7460 2013-09-16 Werner Koch <wk@gnupg.org>
7462 Fix bug in _gcry_mpi_tdiv_q_2exp.
7463 + commit a7a9cdcaaf3979baa18dad51e722882581349f45
7464 * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.
7466 ecc: Implement Curve Ed25519 signing and verification.
7467 + commit bc5199a02abe428ad377443280b3eda60141a1d6
7468 * cipher/ecc-curves.c (domain_parms): Add curve "Ed25519".
7469 * cipher/ecc.c (reverse_buffer): New.
7470 (eddsa_encodempi): New.
7471 (eddsa_encodepoint): New.
7472 (eddsa_decodepoint): New.
7473 (sign_eddsa): Implement.
7474 (verify_eddsa): Implement.
7475 (ecc_sign): Init unused Q. Pass public key to sign_eddsa.
7476 (ecc_verify): Init pk.Q if not used. Pass public key verbatim to
7478 * cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all
7480 (sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract.
7481 (sexp_data_to_mpi): Allow for a zero length "value".
7482 (gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as
7484 * mpi/ec.c (ec_invm): Print a warning if the inverse does not exist.
7485 (_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve
7487 (dup_point_twistededwards): Implement.
7488 (add_points_twistededwards): Implement.
7489 (_gcry_mpi_ec_mul_point): Support Twisted Edwards.
7491 * mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE.
7492 (_gcry_mpi_get_buffer): Ditto. Change all callers.
7493 (_gcry_mpi_get_secure_buffer): Ditto.
7495 * src/sexp.c (_gcry_sexp_nth_opaque_mpi): New.
7497 * tests/t-ed25519.c: New.
7498 * tests/t-ed25519.inp: New.
7499 * tests/t-mpi-point.c (basic_ec_math_simplified): Print some output
7501 (twistededwards_math): New test.
7502 (main): Call new test.
7504 mpi: Add internal convenience function.
7505 + commit 44a2c34e90ed7de149952398787906d8823b636b
7506 * mpi/mpiutil.c (_gcry_mpi_get_opaque_copy): New.
7508 mpi: Add debug function to print a point.
7509 + commit 8ebc94d11a1eb93f2365c93f555e958700fdfbd4
7510 * mpi/ec.c (_gcry_mpi_point_log): New.
7511 * src/mpi.h (log_printpnt): new macro.
7513 tests: Factor time measurement code out.
7514 + commit 58eaf0c4332ac2f645ede28c4d18337389dfa753
7515 * tests/benchmark.c (started_at, stopped_at, start_timer, stop_timer)
7516 (elapsed time): Factor out to ..
7517 * tests/stopwatch.h: new file.
7519 2013-09-12 Werner Koch <wk@gnupg.org>
7521 Fix _gcry_log_printmpi to print 00 instead of a sole sign.
7522 + commit 1c76349c69c70a62b516a4f837c6287def640807
7523 * src/misc.c: Special case an mpi length of 0.
7525 2013-09-11 Werner Koch <wk@gnupg.org>
7527 Streamline the use of the internal mpi and hex debug functions.
7528 + commit e35ed615acc624a8b6c07576ea0650aac2bdb0db
7529 * mpi/mpicoder.c (gcry_mpi_dump): Remove.
7530 (_gcry_log_mpidump): Remove.
7531 * src/misc.c (_gcry_log_printhex): Factor all code out to ...
7532 (do_printhex): new. Add line wrapping a and compact printing.
7533 (_gcry_log_printmpi): New.
7534 * src/mpi.h (log_mpidump): Remove macro.
7535 * src/g10lib.h (log_mpidump): Add compatibility macro.
7536 (log_printmpi): New macro
7537 * src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi.
7538 * cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump
7540 (gcry_prime_group_generator): Ditto.
7541 * cipher/pubkey.c: Remove extra colons from log_mpidump call.
7542 * cipher/rsa.c (stronger_key_check): Use log_printmpi.
7544 2013-09-10 Werner Koch <wk@gnupg.org>
7546 md: Add function gcry_md_hash_buffers.
7547 + commit f3bca0c77c4979504f95fdbc618f7458e61e3e45
7548 * src/gcrypt.h.in (gcry_buffer_t): new.
7549 (gcry_md_hash_buffers): New.
7550 * src/visibility.c, src/visibility.h: Add wrapper for new function.
7551 * src/libgcrypt.def, src/libgcrypt.vers: Export new function.
7552 * cipher/md.c (gcry_md_hash_buffers): New.
7553 * cipher/sha1.c (_gcry_sha1_hash_buffers): New.
7554 * tests/basic.c (check_one_md_multi): New.
7555 (check_digests): Run that test.
7556 * tests/hmac.c (check_hmac_multi): New.
7557 (main): Run that test.
7559 md: Fix Whirlpool flaw.
7560 + commit 0a28b2d2c9181a536fc894e24626714832619923
7561 * cipher/whirlpool.c (whirlpool_add): Remove shortcut return so that
7562 byte counter is always properly updated.
7564 2013-09-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7566 Fix static build on AMD64.
7567 + commit 90fdf25f0dcc5feac7195ede55bd15948a11363e
7568 * cipher/rijndael-amd64.S: Correct 'RIP' macro for non-PIC build.
7570 scrypt: fix for big-endian systems.
7571 + commit 38a038a135d82231eff9d84f1ae3c4a25c6a5e75
7572 * cipher/scrypt.c (_salsa20_core): Fix endianess issues.
7574 2013-09-07 Werner Koch <wk@gnupg.org>
7576 Use gcc "unused" attribute only with gcc >= 3.5.
7577 + commit f7135e299e659d78906aac3dfdf30f380b5cf9c6
7578 * src/g10lib.h (GCC_ATTR_UNUSED): Fix gcc version detection.
7580 2013-09-07 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
7582 Add support for Salsa20/12 - 12 round version of Salsa20.
7583 + commit ae6f6c47d2e0c536f3eab0823b5f23d26956cda2
7584 * src/gcrypt.h.in (GCRY_CIPHER_SALSA20R12): New.
7585 * src/salsa20.c (salsa20_core, salsa20_do_encrypt_stream): Add support
7586 for reduced round versions.
7587 (salsa20r12_encrypt_stream, _gcry_cipher_spec_salsa20r12): Implement
7588 Salsa20/12 - a 12 round version of Salsa20 selected by eStream.
7589 * src/cipher.h: Declsare Salsa20/12 definition.
7590 * cipher/cipher.c: Register Salsa20/12
7591 * tests/basic.c: (check_stream_cipher, check_stream_cipher_large_block):
7592 Populate Salsa20/12 tests with test vectors from ecrypt
7593 (check_ciphers): Add simple test for Salsa20/12
7595 2013-09-07 Werner Koch <wk@gnupg.org>
7597 Add configure option --disable-amd64-as-feature-detection.
7598 + commit 49d5b9dcd622cdc87fb02a211bd51e3d46345bf2
7599 * configure.ac: Implement new disable flag.
7601 mpi: Improve support for non-Weierstrass support.
7602 + commit 4d8c8c7aa88cddb1624301957e6245405f46d027
7603 * mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers.
7604 (_gcry_mpi_ec_p_internal_new): Ditto.
7605 (_gcry_mpi_ec_p_new): Ditto.
7606 * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return
7607 GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model.
7608 * cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto.
7609 * cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking.
7611 mpi: Add gcry_mpi_ec_curve_point.
7612 + commit ddfefe429660cc5d798f3517208936449247ae5c
7613 * mpi/ec.c (_gcry_mpi_ec_curve_point): New.
7614 (ec_powm): Return the absolute value.
7615 * src/visibility.c, src/visibility.c: Add wrappers.
7616 * src/libgcrypt.def, src/libgcrypt.vers: Export them.
7618 mpi: Add functions to manipulate the sign.
7619 + commit 1bd2c67aa55b40589654d3fa5dea05cf1ed7dc5f
7620 * src/gcrypt.h.in (gcry_mpi_is_neg): New.
7621 (gcry_mpi_neg, gcry_mpi_abs): New.
7622 * mpi/mpiutil.c (_gcry_mpi_is_neg): New.
7623 (_gcry_mpi_neg, _gcry_mpi_abs): New.
7624 * src/visibility.c, src/visibility.h: Add wrappers.
7625 * src/libgcrypt.def, src/libgcrypt.vers: Export them.
7626 * src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign.
7627 * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign.
7628 * mpi/mpi-mpow.c (calc_barrett): Ditto.
7629 * cipher/primegen.c (_gcry_derive_x931_prime): Ditto
7630 * cipher/rsa.c (secret): Ditto.
7632 2013-09-06 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7634 Tune armv6 mpi assembly.
7635 + commit 4e4440153258e2f0dfdcaa8443820af06984ecb1
7636 * mpi/armv6/mpih-mul1.S: Tune assembly for Cortex-A8.
7637 * mpi/armv6/mpih-mul2.S: Ditto.
7638 * mpi/armv6/mpih-mul3.S: Ditto.
7640 2013-09-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7642 Change _gcry_burn_stack take burn depth as unsigned integer.
7643 + commit e0ae31fcce3bd57b24751ff3c82cba820e493c3a
7644 * src/misc.c (_gcry_burn_stack): Change to handle 'unsigned int' bytes.
7646 mpicalc: fix building on linux and win32.
7647 + commit 50ec983666f0ca9d50c84aa1afad0d7bd5810779
7648 * src/Makefile.am (mpicalc): Adjust CFLAGS and LDADD.
7650 2013-09-04 Werner Koch <wk@gnupg.org>
7652 Change mpicalc to use Libgcrypt and install it.
7653 + commit 1d23040b659661b4086c079cb9fd5f37189a7020
7654 * src/mpicalc.c: Make use of gcry_ functions.
7655 (MPICALC_VERSION): New. Set to 2.0.
7657 (scan_mpi): New. Replaces mpi_fromstr.
7658 (print_mpi): New. Replaces mpi_print.
7661 (main): Use simple option parser and print version info.
7662 * src/Makefile.am (bin_PROGRAMS): Add mpicalc.
7663 (mpicalc_SOURCES, mpicalc_CFLAGS, mpicalc_LDADD): New.
7665 Add mpicalc.c to help with testing.
7666 + commit a70c46e29c480fa0f56ab4814666a5b115f84fd7
7667 * src/mpicalc.c: Take from GnuPG 1.4
7669 Prepare support for EdDSA.
7670 + commit c47d4001033f68212d2847b3074a0bdda990342e
7671 * src/cipher.h (PUBKEY_FLAG_EDDSA): New.
7672 * cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by
7673 CTX. Pass flags and hash algo to the verify function. Change all
7674 verify functions to accept these args.
7675 (sexp_data_to_mpi): Implement new flag "eddsa".
7676 (gcry_pk_verify): Pass CTX instead of the compare function to
7678 * cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers.
7679 (verify): Rename to verify_ecdsa. Change all callers.
7680 (sign_eddsa, verify_eddsa): New stub functions.
7681 (ecc_sign): Divert to sign_ecdsa or sign_eddsa.
7682 (ecc_verify): Divert to verify_ecdsa or verify_eddsa.
7684 Prepare support for non-Weierstrass EC equations.
7685 + commit c26be7a337d0bf98193bc58e043209e46d0769bb
7686 * src/mpi.h (gcry_mpi_ec_models): New.
7687 * src/ec-context.h (mpi_ec_ctx_s): Add MODEL.
7688 * cipher/ecc-common.h (elliptic_curve_t): Ditto.
7689 * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
7690 (domain_parms): Mark als as Weierstrass.
7691 (_gcry_ecc_fill_in_curve): Check model.
7692 (_gcry_ecc_get_curve): Set model to Weierstrass.
7693 * cipher/ecc-misc.c (_gcry_ecc_model2str): New.
7694 * cipher/ecc.c (generate_key, ecc_generate_ext): Print model in the
7697 * mpi/ec.c (_gcry_mpi_ec_dup_point): Switch depending on model.
7698 Factor code out to ...
7699 (dup_point_weierstrass): new.
7700 (dup_point_montgomery, dup_point_twistededwards): New stub functions.
7701 (_gcry_mpi_ec_add_points): Switch depending on model. Factor code out
7703 (add_points_weierstrass): new.
7704 (add_points_montgomery, add_points_twistededwards): New stub
7707 * tests/Makefile.am (TESTS): Reorder tests.
7709 mpi: Suppress newer gcc warnings.
7710 + commit 8698530b2f9ef95542f1dd550961de7af86cc256
7711 * src/g10lib.h (GCC_ATTR_UNUSED): Define for gcc >= 3.5.
7712 * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Mark dummy
7714 * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.
7716 Do not check with cpp for typedefed constants.
7717 + commit b28b1f732e1b4f9c62a9de87c22c6bb0d3f8fdb8
7718 * src/gcrypt-int.h: Include error code replacements depeding on the
7719 version of libgpg-error.
7721 2013-09-04 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7723 Make _gcry_burn_stack use variable length array.
7724 + commit 4b0edf53440239d3bcc95941980c062a0801a149
7725 * configure.ac (HAVE_VLA): Add check.
7726 * src/misc.c (_gcry_burn_stack) [HAVE_VLA]: Add VLA code.
7728 Move stack burning from block ciphers to cipher modes.
7729 + commit a3aaa6ad03388ea3eaa24304b604cb864633332f
7730 * src/gcrypt-module.h (gcry_cipher_encrypt_t)
7731 (gcry_cipher_decrypt_t): Return 'unsigned int'.
7732 * cipher/cipher.c (dummy_encrypt_block, dummy_decrypt_block): Return
7734 (do_ecb_encrypt, do_ecb_decrypt): Get largest stack burn depth from
7735 block cipher crypt function and burn stack at end.
7736 * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
7737 (_gcry_cipher_aeswrap_decrypt): Ditto.
7738 * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
7739 (_gcry_cipher_cbc_decrypt): Ditto.
7740 * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
7741 (_gcry_cipher_cfb_decrypt): Ditto.
7742 * cipher/cipher-ctr.c (_gcry_cipher_cbc_encrypt): Ditto.
7743 * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
7744 (_gcry_cipher_ofb_decrypt): Ditto.
7745 * cipher/blowfish.c (encrypt_block, decrypt_block): Return burn stack
7747 * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Ditto.
7748 * cipher/cast5.c (encrypt_block, decrypt_block): Ditto.
7749 * cipher/des.c (do_tripledes_encrypt, do_tripledes_decrypt)
7750 (do_des_encrypt, do_des_decrypt): Ditto.
7751 * cipher/idea.c (idea_encrypt, idea_decrypt): Ditto.
7752 * cipher/rijndael.c (rijndael_encrypt, rijndael_decrypt): Ditto.
7753 * cipher/seed.c (seed_encrypt, seed_decrypt): Ditto.
7754 * cipher/serpent.c (serpent_encrypt, serpent_decrypt): Ditto.
7755 * cipher/twofish.c (twofish_encrypt, twofish_decrypt): Ditto.
7756 * cipher/rfc2268.c (encrypt_block, decrypt_block): New.
7757 (_gcry_cipher_spec_rfc2268_40): Use encrypt_block and decrypt_block.
7759 2013-09-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7761 camellia-aesni-avx2-amd64: Move register clearing to assembly functions.
7762 + commit f3515240de9513ead975985c9f8ab714022cac8e
7763 * cipher/camellia-aesni-avx2-amd64.S
7764 (_gcry_camellia_aesni_avx2_ctr_enc): Add 'vzeroall'.
7765 (_gcry_camellia_aesni_avx2_cbc_dec)
7766 (_gcry_camellia_aesni_avx2_cfb_dec): Add 'vzeroupper' at head and
7768 * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
7769 (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX2]: Remove register
7772 camellia-aesni-avx-amd64: Move register clearing to assembly functions.
7773 + commit 8b735cb563dff7aafbf8a970972522b5621e665c
7774 * cipher/camellia-aesni-avx-amd64.S (_gcry_camellia_aesni_avx_ctr_enc)
7775 (_gcry_camellia_aesni_avx_cbc_dec)
7776 (_gcry_camellia_aesni_avx_cfb_dec): Add 'vzeroupper' at head and
7778 * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
7779 (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX]: Remove register clearing.
7781 serpent-avx2-amd64: Move register clearing to assembly.
7782 + commit d12828cd821a4b4428eae19de5aee02cf536e536
7783 * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc)
7784 (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Change last
7785 'vzeroupper' to 'vzeroall'.
7786 * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
7787 (_gcry_serpent_avx2_cfb_dec) [USE_AVX2]: Remove register clearing with
7790 Fix building for x32 target.
7791 + commit fd6721c235a5bdcb332c8eb708fbd4f96e52e824
7792 * mpi/amd64/mpi-asm-defs.h: New file.
7793 * random/rndhw.c (poll_padlock) [__x86_64__]: Also check if __LP64__ is
7795 [USE_DRNG, __x86_64__]: Also check if __LP64__ is defined.
7797 2013-08-31 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7799 sha512: add ARM/NEON assembly version of transform function.
7800 + commit 99d15543b8d94a8f1ef66c6ccb862b0ce82c514d
7801 * cipher/Makefile.am: Add 'sha512-armv7-neon.S'.
7802 * cipher/sha512-armv7-neon.S: New file.
7803 * cipher/sha512.c (USE_ARM_NEON_ASM): New macro.
7804 (SHA512_CONTEXT) [USE_ARM_NEON_ASM]: Add 'use_neon'.
7805 (sha512_init, sha384_init) [USE_ARM_NEON_ASM]: Enable 'use_neon' if
7806 CPU support NEON instructions.
7807 (k): Round constant array moved outside of 'transform' function.
7808 (__transform): Renamed from 'tranform' function.
7809 [USE_ARM_NEON_ASM] (_gcry_sha512_transform_armv7_neon): New prototype.
7810 (transform): New wrapper function for different transform versions.
7811 (sha512_write, sha512_final): Burn stack by the amount returned by
7813 * configure.ac (sha512) [neonsupport]: Add 'sha512-armv7-neon.lo'.
7815 sha512: reduce stack use in transform function by 512 bytes.
7816 + commit 03da7f8ba3ec24d4639a2bcebbc0d9d831734c08
7817 * cipher/sha512.c (transform): Change 'u64 w[80]' to 'u64 w[16]' and
7818 inline input expansion to first 64 rounds.
7819 (sha512_write, sha512_final): Reduce burn_stack depth by 512 bytes.
7821 Add ARM HW feature detection module and add NEON detection.
7822 + commit 9c95be105f518d18407115c2c06893857c24b116
7823 * configure.ac: Add option --disable-neon-support.
7824 (HAVE_GCC_INLINE_ASM_NEON): New.
7825 (ENABLE_NEON_SUPPORT): New.
7826 [arm]: Add 'hwf-arm.lo' as HW feature module.
7827 * src/Makefile.am: Add 'hwf-arm.c'.
7828 * src/g10lib.h (HWF_ARM_NEON): New macro.
7829 * src/global.c (hwflist): Add HWF_ARM_NEON entry.
7830 * src/hwf-arm.c: New file.
7831 * src/hwf-common.h (_gcry_hwf_detect_arm): New prototype.
7832 * src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add
7833 call to _gcry_hwf_detect_arm.
7835 Correct mpi_cpu_arch for ARMv6.
7836 + commit 7b0ebe69fe35f2ee13e1e1beb2766a1eaadb7f0c
7837 * mpi/config.links [armv6]: Set mpi_cpu_arch to "arm", instead of
7840 2013-08-30 Werner Koch <wk@gnupg.org>
7842 mpi: Make gcry_mpi_print work with negative zeroes.
7843 + commit e9b711e6ddb480a71d2996465074e436c752c005
7844 * mpi/mpicoder.c (gcry_mpi_print): Take care of negative zero.
7845 (gcry_mpi_aprint): Allocate at least 1 byte.
7846 * tests/t-convert.c: New.
7847 * tests/Makefile.am (TESTS): Add t-convert.
7849 Refactor the ECC code into 3 files.
7850 + commit 800d4e01376d52a94a157b53978c7c3f957fc476
7851 * cipher/ecc-common.h, cipher/ecc-curves.c, cipher/ecc-misc.c: New.
7852 * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files.
7853 * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new .c files.
7854 * cipher/ecc.c (curve_aliases, ecc_domain_parms_t, domain_parms)
7855 (scanval): Move to ecc-curves.c.
7856 (fill_in_curve): Move to ecc-curve.c as _gcry_ecc_fill_in_curve.
7857 (ecc_get_curve): Move to ecc-curve.c as _gcry_ecc_get_curve.
7858 (_gcry_mpi_ec_ec2os): Move to ecc-misc.c.
7859 (ec2os): Move to ecc-misc.c as _gcry_ecc_ec2os.
7860 (os2ec): Move to ecc-misc.c as _gcry_ecc_os2ec.
7861 (point_set): Move as inline function to ecc-common.h.
7862 (_gcry_ecc_curve_free): Move to ecc-misc.c as _gcry_ecc_curve_free.
7863 (_gcry_ecc_curve_copy): Move to ecc-misc.c as _gcry_ecc_curve_copy.
7864 (mpi_from_keyparam, point_from_keyparam): Move to ecc-curves.c.
7865 (_gcry_mpi_ec_new): Move to ecc-curves.c.
7866 (ecc_get_param): Move to ecc-curves.c as _gcry_ecc_get_param.
7867 (ecc_get_param_sexp): Move to ecc-curves.c as _gcry_ecc_get_param_sexp.
7869 2013-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7871 serpent-sse2-amd64: Move register clearing to assembly functions.
7872 + commit 040aa7688296e93659cb32ca31e9a001a6ab1edd
7873 cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_ctr_enc)
7874 (_gcry_serpent_sse2_cbc_dec, _gcry_serpent_sse2_cfb_dec): Clear used
7876 cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
7877 ( _gcry_serpent_cfb_dec) [USE_SSE2]: Remove XMM register clearing from
7880 twofish-amd64: do not make __twofish_dec_blk3 global.
7881 + commit 82db04a6a0058cf870485459abe7c1659b138ec5
7882 * cipher/twofish-amd64.S (__twofish_dec_blk3): Do not export symbol as
7884 (__twofish_dec_blk3): Mark symbol as function.
7886 2013-08-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7888 mpi: add ARMv6 assembly.
7889 + commit da327aef3fe24fdf98fffbc8aea69de42ed12456
7890 * mpi/armv6/mpi-asm-defs.h: New.
7891 * mpi/armv6/mpih-add1.S: New.
7892 * mpi/armv6/mpih-mul1.S: New.
7893 * mpi/armv6/mpih-mul2.S: New.
7894 * mpi/armv6/mpih-mul3.S: New.
7895 * mpi/armv6/mpih-sub1.S: New.
7896 * mpi/config.links [arm]: Enable ARMv6 assembly.
7898 Move ARMv6 detection to configure.ac.
7899 + commit 151f1e518be2d16bed748ba832384b0472ddcf9b
7900 * cipher/blowfish-armv6.S: Replace __ARM_ARCH >= 6 checks with
7902 * cipher/blowfish.c: Ditto.
7903 * cipher/camellia-armv6.S: Ditto.
7904 * cipher/camellia.h: Ditto.
7905 * cipher/cast5-armv6.S: Ditto.
7906 * cipher/cast5.c: Ditto.
7907 * cipher/rijndael-armv6.S: Ditto.
7908 * cipher/rijndael.c: Ditto.
7909 * configure.ac: Add HAVE_ARM_ARCH_V6 check.
7911 2013-08-19 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7913 Add optimized wipememory for ARM.
7914 + commit c030e33533fb819afe195eff5f89ec39863b1fbc
7915 src/g10lib.h [__arm__] (fast_wipememory2_unaligned_head)
7916 (fast_wipememory2): New macros.
7918 cipher: bufhelp: allow unaligned memory accesses on ARM.
7919 + commit 796dda37b957b20dba391343937c6325a8c8b288
7920 * cipher/bufhelp.h [__arm__ && __ARM_FEATURE_UNALIGNED]: Enable
7921 BUFHELP_FAST_UNALIGNED_ACCESS.
7923 2013-08-17 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7925 Remove burn_stack optimization.
7926 + commit 79895b9459b9bf8c60cb7abf09d5bf16ed0cf6e3
7927 * src/misc.c (_gcry_burn_stack): Remove SIZEOF_UNSIGNED_LONG == 4 or 8
7930 2013-08-16 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7932 camellia: add ARMv6 assembly implementation.
7933 + commit cafadc1e4fb97581262b0081ba251e05613d4394
7934 * cipher/Makefile.am: Add 'camellia-armv6.S'.
7935 * cipher/camellia-armv6.S: New file.
7936 * cipher/camellia-glue.c [USE_ARMV6_ASM]
7937 (_gcry_camellia_armv6_encrypt_block)
7938 (_gcry_camellia_armv6_decrypt_block): New prototypes.
7939 [USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock)
7940 (camellia_encrypt, camellia_decrypt): New functions.
7941 * cipher/camellia.c [!USE_ARMV6_ASM]: Compile encryption and decryption
7942 routines if USE_ARMV6_ASM macro is _not_ defined.
7943 * cipher/camellia.h (USE_ARMV6_ASM): New macro.
7944 [!USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock): If
7945 USE_ARMV6_ASM is defined, disable these function prototypes.
7946 (camellia) [arm]: Add 'camellia-armv6.lo'.
7948 blowfish: add ARMv6 assembly implementation.
7949 + commit 31e4b1a96a07e9a3698fcb7be0643a136ebb8e5c
7950 * cipher/Makefile.am: Add 'blowfish-armv6.S'.
7951 * cipher/blowfish-armv6.S: New file.
7952 * cipher/blowfish.c (USE_ARMV6_ASM): New macro.
7953 [USE_ARMV6_ASM] (_gcry_blowfish_armv6_do_encrypt)
7954 (_gcry_blowfish_armv6_encrypt_block)
7955 (_gcry_blowfish_armv6_decrypt_block, _gcry_blowfish_armv6_ctr_enc)
7956 (_gcry_blowfish_armv6_cbc_dec, _gcry_blowfish_armv6_cfb_dec): New
7958 [USE_ARMV6_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block)
7959 (encrypt_block, decrypt_block): New functions.
7960 (_gcry_blowfish_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7961 (_gcry_blowfish_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7962 (_gcry_blowfish_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7963 * configure.ac (blowfish) [arm]: Add 'blowfish-armv6.lo'.
7965 cast5: add ARMv6 assembly implementation.
7966 + commit 8d1faf56714598301580ce370e0bfa6d65e73644
7967 * cipher/Makefile.am: Add 'cast5-armv6.S'.
7968 * cipher/cast5-armv6.S: New file.
7969 * cipher/cast5.c (USE_ARMV6_ASM): New macro.
7970 (CAST5_context) [USE_ARMV6_ASM]: New members 'Kr_arm_enc' and
7972 [USE_ARMV6_ASM] (_gcry_cast5_armv6_encrypt_block)
7973 (_gcry_cast5_armv6_decrypt_block, _gcry_cast5_armv6_ctr_enc)
7974 (_gcry_cast5_armv6_cbc_dec, _gcry_cast5_armv6_cfb_dec): New prototypes.
7975 [USE_ARMV6_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block)
7976 (decrypt_block): New functions.
7977 (_gcry_cast5_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7978 (_gcry_cast5_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7979 (_gcry_cast5_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7980 (do_cast_setkey) [USE_ARMV6_ASM]: Initialize 'Kr_arm_enc' and
7982 * configure.ac (cast5) [arm]: Add 'cast5-armv6.lo'.
7984 2013-08-14 Jussi Kivilinna <jussi.kivilinna@iki.fi>
7986 rijndael: add ARMv6 assembly implementation.
7987 + commit f365961422f1c8b3d89b8bcd9c99828f38c1f158
7988 * cipher/Makefile.am: Add 'rijndael-armv6.S'.
7989 * cipher/rijndael-armv6.S: New file.
7990 * cipher/rijndael.c (USE_ARMV6_ASM): New macro.
7991 [USE_ARMV6_ASM] (_gcry_aes_armv6_encrypt_block)
7992 (_gcry_aes_armv6_decrypt_block): New prototypes.
7993 (do_encrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7994 (do_encrypt): Disable input/output alignment when USE_ARMV6_ASM.
7995 (do_decrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function.
7996 (do_decrypt): Disable input/output alignment when USE_ARMV6_ASM.
7997 * configure.ac (HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS): New check for
7998 gcc/as compatibility with ARM assembly implementations.
7999 (aes) [arm]: Add 'rijndael-armv6.lo'.
8001 2013-08-09 NIIBE Yutaka <gniibe@fsij.org>
8003 cipher: fix memory leak.
8004 + commit 2b5bbe264fcd61e5e458e5f71a6507ba0271c729
8005 * cipher/pubkey.c (gcry_pk_sign): Handle the specific case of ECC,
8006 where there is NULL whichi is not the sentinel.
8008 2013-08-08 Werner Koch <wk@gnupg.org>
8010 mpi: Clear immutable flag on the result of gcry_mpi_set.
8011 + commit 426cbc9feca0c8f46208fb3670adab95f9e46087
8012 * mpi/mpiutil.c (gcry_mpi_set): Reset immutable and const flags.
8013 * tests/mpitests.c (test_const_and_immutable): Add a test for this.
8015 2013-08-07 NIIBE Yutaka <gniibe@fsij.org>
8017 tests: fix memory leaks.
8018 + commit cc082642c1b0f2a3e9ca78e1ffd3f64417c204bd
8019 * tests/benchmark.c (dsa_bench): Release SIG.
8021 * tests/mpitests.c (test_powm): Release BASE, EXP, MOD, and RES.
8023 * tests/prime.c (check_primes): Release PRIME.
8025 * tests/tsexp.c (basic): Use intermediate variable M for constant.
8026 Release S1, S2 and A.
8028 2013-08-07 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8030 Fix building on W32 (cannot export symbol 'gcry_sexp_get_buffer')
8031 + commit 065d446478bf68553339fc77a89b8369bd110a18
8032 * src/libgcrypt.def: Change 'gcry_sexp_get_buffer' to
8033 'gcry_sexp_nth_buffer'.
8035 2013-08-06 NIIBE Yutaka <gniibe@fsij.org>
8037 cipher: fix another memory leak.
8038 + commit 9a421813123a2f5db0a91eaee4a45138efc9ad34
8039 * cipher/ecc.c (ecc_get_curve): Free TMP.
8041 tests: fix memory leaks.
8042 + commit 87eddc31ccba6decbddd1761dd42a208666cd311
8043 * tests/pubkey.c (check_keys_crypt): Release L, X0, and X1.
8044 (check_keys): Release X.
8046 cipher: fix memory leaks.
8047 + commit ae6ffd9af38cbcac57c220960f683aab91db85cb
8048 * cipher/elgamal.c (elg_generate_ext): Free XVALUE.
8050 * cipher/pubkey.c (sexp_elements_extract): Don't use IDX for loop.
8052 (sexp_elements_extract_ecc): Call mpi_free.
8054 2013-08-05 Werner Koch <wk@gnupg.org>
8056 mpi: Improve gcry_mpi_invm to detect bad input.
8057 + commit d8e99a04dba6a606e879464cd11deee760d1e000
8058 * mpi/mpi-inv.c (gcry_mpi_invm): Return 0 for bad input.
8060 2013-07-31 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
8062 Correct checks for ecc secret key.
8063 + commit 10dfa41b43a906031bc674ea41cd3073701011f3
8064 * cipher/ecc.c (check_secret_key): replace wrong comparison of Q and
8065 sk->Q points with correct one.
8067 2013-07-29 Werner Koch <wk@gnupg.org>
8069 sexp: Allow white space anywhere in a hex format.
8070 + commit 43320961a8751ee28dc95cdb0ae01ea8a7ff7f91
8071 * src/sexp.c (hextobyte): Remove.
8073 (vsexp_sscan): Skip whtespace between hex nibbles.
8075 Implement deterministic ECDSA as specified by rfc-6979.
8076 + commit 6e0a9786637d649b48aae0e611a12e12beef9b3b
8077 * cipher/ecc.c (sign): Add args FLAGS and HASHALGO. Convert an opaque
8078 MPI as INPUT. Implement rfc-6979.
8079 (ecc_sign): Remove the opaque MPI code and pass FLAGS to sign.
8080 (verify): Do not allocate and compute Y; it is not used.
8081 (ecc_verify): Truncate the hash value if needed.
8082 * tests/dsa-rfc6979.c (check_dsa_rfc6979): Add ECDSA test cases.
8084 2013-07-26 Werner Koch <wk@gnupg.org>
8086 Implement deterministic DSA as specified by rfc-6979.
8087 + commit 1cfa79aabc5d0fd8d124901054475e90ab7d9cde
8088 * cipher/dsa.c (dsa_sign): Move opaque mpi extraction to sign.
8089 (sign): Add args FLAGS and HASHALGO. Implement deterministic DSA.
8090 Add code path for R==0 to comply with the standard.
8091 (dsa_verify): Left fill opaque mpi based hash values.
8092 * cipher/dsa-common.c (int2octets, bits2octets): New.
8093 (_gcry_dsa_gen_rfc6979_k): New.
8094 * tests/dsa-rfc6979.c: New.
8095 * tests/Makefile.am (TESTS): Add dsa-rfc6979.
8097 Allow the use of a private-key s-expression with gcry_pk_verify.
8098 + commit b72d312ad11887fc416aa821786f6bdb663c0f4a
8099 * cipher/pubkey.c (sexp_to_key): Fallback to private key.
8101 2013-07-25 Werner Koch <wk@gnupg.org>
8103 Mitigate a flush+reload cache attack on RSA secret exponents.
8104 + commit 287bf0e543f244d784cf8b58340bf0ab3c6aba97
8105 * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
8106 exponents in secure memory.
8108 2013-07-19 Werner Koch <wk@gnupg.org>
8110 pk: Allow the use of a hash element for DSA sign and verify.
8111 + commit 37d0a1ebdc2dc74df4fb6bf0621045018122a68f
8112 * cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign
8114 (gcry_pk_sign): Pass CTX to pubkey_sign.
8115 (sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA
8116 * cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque
8117 MPI is given for DATA/HASH.
8118 * cipher/elgamal.c (elg_sign, elg_verify): Ditto.
8119 * cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI.
8120 * cipher/ecc.c (ecc_sign, ecc_verify): Ditto.
8121 * tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash
8124 sexp: Add function gcry_sexp_nth_buffer.
8125 + commit 2d3e8d4d9562d666420aadd9ffa8ac0456a1cd91
8126 * src/sexp.c (gcry_sexp_nth_buffer): New.
8127 * src/visibility.c, src/visibility.h: Add function wrapper.
8128 * src/libgcrypt.vers, src/libgcrypt.def: Add to API.
8129 * src/gcrypt.h.in: Add prototype.
8131 2013-07-18 Werner Koch <wk@gnupg.org>
8133 Add support for Salsa20.
8134 + commit c4885092088431e7928e4459fda20cc0e8ceb201
8135 * src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New.
8136 * cipher/salsa20.c: New.
8137 * configure.ac (available_ciphers): Add Salsa20.
8138 * cipher/cipher.c: Register Salsa20.
8139 (cipher_setiv): Allow to divert an IV to a cipher module.
8140 * src/cipher-proto.h (cipher_setiv_func_t): New.
8141 (cipher_extra_spec): Add field setiv.
8142 * src/cipher.h: Declare Salsa20 definitions.
8143 * tests/basic.c (check_stream_cipher): New.
8144 (check_stream_cipher_large_block): New.
8145 (check_cipher_modes): Run new test functions.
8146 (check_ciphers): Add simple test for Salsa20.
8148 2013-07-17 Werner Koch <wk@gnupg.org>
8150 Allow gcry_mpi_dump to print opaque MPIs.
8151 + commit 364d019e3ffedfcb434576702f73e767cb9389ef
8152 * mpi/mpicoder.c (gcry_mpi_dump): Detect abd print opaque MPIs.
8153 * tests/mpitests.c (test_opaque): New.
8154 (main): Call new test.
8156 cipher: Prepare to pass extra info to the sign functions.
8157 + commit 5940e66cbefea3de5924f494f18aed69bb694bff
8158 * src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo.
8159 * cipher/rsa.c (rsa_sign): Add parms and mark them as unused.
8160 * cipher/dsa.c (dsa_sign): Ditto.
8161 * cipher/elgamal.c (elg_sign): Ditto.
8162 * cipher/pubkey.c (dummy_sign): Ditto.
8163 (pubkey_sign): Pass 0 for the new args.
8165 Fix a special case bug in mpi_powm for e==0.
8166 + commit 6e1adb05d290aeeb1c230c763970695f4a538526
8167 * mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that
8168 the result has been allocated.
8170 2013-07-15 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
8172 Fix memory leak in t-mpi-point test.
8173 + commit a7b80e9fba6b1b095f7c53469747967b40ebfbfd
8174 * tests/t-mpi-point.c (basic_ec_math, basic_ec_math_simplified): add
8175 calls to gcry_ctx_release() to free contexts after they become unused.
8177 2013-07-10 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8179 Fix 'Please include winsock2.h before windows.h' warnings with mingw32.
8180 + commit d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104
8181 * random/rndw32.c: include winsock2.h before windows.h.
8182 * src/ath.h [_WIN32]: Ditto.
8183 * tests/benchmark.c [_WIN32]: Ditto.
8185 Remove duplicate header from mpi/amd64/mpih-mul2.S.
8186 + commit c64a0dcbefc5b0055954e37a3c86b32ff7a1b1da
8187 * mpi/amd64/mpih-mul2.S: remove duplicated header.
8189 Fix i386/amd64 inline assembly "cc" clobbers.
8190 + commit ed0a598172208ec67234a4edd73189bf6808fd04
8191 * cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber
8192 for inline assembly.
8193 * cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto.
8194 * random/rndhw.c [USE_DRNG] (rdrand_long): Ditto.
8195 * src/hmac256.c [__GNUC__, __i386__] (ror): Ditto.
8196 * mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
8197 (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto.
8199 bufhelp: Suppress 'cast increases required alignment' warning.
8200 + commit c3902a6b5cea9acef2e15fbee24eb601eeb25168
8201 * cipher/bufhelp.h (buf_xor, buf_xor_2dst, buf_xor_n_copy): Cast
8202 to larger element pointer through (void *) to suppress -Wcast-error.
8204 mpi: Add __ARM_ARCH for older GCC.
8205 + commit 97f392f43cf2e4da1297cbecacbfbff33a869478
8206 * mpi/longlong.h [__arm__]: Construct __ARM_ARCH if not provided by
8209 mpi: add missing "cc" clobber for ARM assembly.
8210 + commit 8aa4f2161cf643ce36d87d2e2786b546736f8232
8211 * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
8212 [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Ditto.
8214 Tweak ARM inline assembly for mpi.
8215 + commit 71dda4507053379433dc8b0fc6462c15de7299df
8216 mpi/longlong.h [__arm__]: Enable inline assembly if __thumb2__ is
8218 [__arm__]: Use __ARCH_ARM when defined.
8219 [__arm__] [__ARM_ARCH >= 5] (count_leading_zeros): New.
8221 2013-06-26 Werner Koch <wk@gnupg.org>
8223 Make gpg-error replacement defines more robust.
8224 + commit 6540b84a6e9113813e7e49e3ad2024d4a0073300
8225 * configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ...
8226 * src/gcrypt-int.h: new file.
8227 * src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h.
8228 * tests/: Ditto for all test files.
8230 2013-06-20 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8232 Check if assembler is compatible with AMD64 assembly implementations.
8233 + commit 3544fa8aa63bef9a35abf236e9376191b5ec206b
8234 * cipher/blowfish-amd64.S: Enable only if
8235 HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined.
8236 * cipher/camellia-aesni-avx-amd64.S: Ditto.
8237 * cipher/camellia-aesni-avx2-amd64.S: Ditto.
8238 * cipher/cast5-amd64.S: Ditto.
8239 * cipher/rinjdael-amd64.S: Ditto.
8240 * cipher/serpent-avx2-amd64.S: Ditto.
8241 * cipher/serpent-sse2-amd64.S: Ditto.
8242 * cipher/twofish-amd64.S: Ditto.
8243 * cipher/blowfish.c: Use AMD64 assembly implementation only if
8244 HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined
8245 * cipher/camellia-glue.c: Ditto.
8246 * cipher/cast5.c: Ditto.
8247 * cipher/rijndael.c: Ditto.
8248 * cipher/serpent.c: Ditto.
8249 * cipher/twofish.c: Ditto.
8250 * configure.ac: Check gcc/as compatibility with AMD64 assembly
8253 2013-06-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8255 Optimize _gcry_burn_stack for 32-bit and 64-bit architectures.
8256 + commit ec2f8de409a93c80efa658134df22074a9bca5a4
8257 * src/misc.c (_gcry_burn_stack): Add optimization for 32-bit and 64-bit
8260 Add Camellia AES-NI/AVX2 implementation.
8261 + commit d94ec5f5f8a5d40a7d344025aa466f276f9718df
8262 * cipher/Makefile.am: Add 'camellia-aesni-avx2-amd64.S'.
8263 * cipher/camellia-aesni-avx2-amd64.S: New file.
8264 * cipher/camellia-glue.c (USE_AESNI_AVX2): New macro.
8265 (CAMELLIA_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'.
8266 [USE_AESNI_AVX2] (_gcry_camellia_aesni_avx2_ctr_enc)
8267 (_gcry_camellia_aesni_avx2_cbc_dec)
8268 (_gcry_camellia_aesni_avx2_cfb_dec): New prototypes.
8269 (camellia_setkey) [USE_AESNI_AVX2]: Check AVX2+AES-NI capable hardware
8270 and set 'ctx->use_aesni_avx2'.
8271 (_gcry_camellia_ctr_enc) [USE_AESNI_AVX2]: Add AVX2 accelerated code.
8272 (_gcry_camellia_cbc_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code.
8273 (_gcry_camellia_cfb_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code.
8274 (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks'
8275 so that AVX2 codepaths get tested.
8276 * configure.ac (camellia) [avx2support, aesnisupport]: Add
8277 'camellia-aesni-avx2-amd64.lo'.
8279 Add Serpent AVX2 implementation.
8280 + commit e7ab4e1a7396f4609b9033207015b239ab4a5140
8281 * cipher/Makefile.am: Add 'serpent-avx2-amd64.S'.
8282 * cipher/serpent-avx2-amd64.S: New file.
8283 * cipher/serpent.c (USE_AVX2): New macro.
8284 (serpent_context_t) [USE_AVX2]: Add 'use_avx2'.
8285 [USE_AVX2] (_gcry_serpent_avx2_ctr_enc, _gcry_serpent_avx2_cbc_dec)
8286 (_gcry_serpent_avx2_cfb_dec): New prototypes.
8287 (serpent_setkey_internal) [USE_AVX2]: Check for AVX2 capable hardware
8289 (_gcry_serpent_ctr_enc) [USE_AVX2]: Use AVX2 accelerated functions.
8290 (_gcry_serpent_cbc_dec) [USE_AVX2]: Use AVX2 accelerated functions.
8291 (_gcry_serpent_cfb_dec) [USE_AVX2]: Use AVX2 accelerated functions.
8292 (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks'
8293 so that AVX2 codepaths are tested.
8294 * configure.ac (serpent) [avx2support]: Add 'serpent-avx2-amd64.lo'.
8296 Add detection for Intel AVX2 instruction set.
8297 + commit 3289bca708bdd02c69a331095ac6ca9a1efd74cc
8298 * configure.ac: Add option --disable-avx2-support.
8299 (HAVE_GCC_INLINE_ASM_AVX2): New.
8300 (ENABLE_AVX2_SUPPORT): New.
8301 * src/g10lib.h (HWF_INTEL_AVX2): New.
8302 * src/global.c (hwflist): Add HWF_INTEL_AVX2.
8303 * src/hwf-x86.c [__i386__] (get_cpuid): Initialize registers to zero
8305 [__x86_64__] (get_cpuid): Initialize registers to zero before cpuid.
8306 (detect_x86_gnuc): Store maximum cpuid level.
8307 (detect_x86_gnuc) [ENABLE_AVX2_SUPPORT]: Add detection for AVX2.
8309 twofish: add amd64 assembly implementation.
8310 + commit d325ab5d86e6107a46007a4d0131122bbd719f8c
8311 * cipher/Makefile.am: Add 'twofish-amd64.S'.
8312 * cipher/twofish-amd64.S: New file.
8313 * cipher/twofish.c (USE_AMD64_ASM): New macro.
8314 [USE_AMD64_ASM] (_gcry_twofish_amd64_encrypt_block)
8315 (_gcry_twofish_amd64_decrypt_block, _gcry_twofish_amd64_ctr_enc)
8316 (_gcry_twofish_amd64_cbc_dec, _gcry_twofish_amd64_cfb_dec): New
8318 [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt)
8319 (twofish_encrypt, twofish_decrypt): New functions.
8320 (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec)
8321 (selftest_ctr, selftest_cbc, selftest_cfb): New functions.
8322 (selftest): Call new bulk selftests.
8323 * cipher/cipher.c (gcry_cipher_open) [USE_TWOFISH]: Register Twofish
8324 bulk functions for ctr-enc, cbc-dec and cfb-dec.
8325 * configure.ac (twofish) [x86_64]: Add 'twofish-amd64.lo'.
8326 * src/cipher.h (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
8327 (gcry_twofish_cfb_dec): New prototypes.
8329 2013-05-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8331 rinjdael: add amd64 assembly implementation.
8332 + commit 7317fcfadf00789df140e51c0d16b60f6b144b59
8333 * cipher/Makefile.am: Add 'rijndael-amd64.S'.
8334 * cipher/rijndael-amd64.S: New file.
8335 * cipher/rijndael.c (USE_AMD64_ASM): New macro.
8336 [USE_AMD64_ASM] (_gcry_aes_amd64_encrypt_block)
8337 (_gcry_aes_amd64_decrypt_block): New prototypes.
8338 (do_encrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function.
8339 (do_encrypt): Disable input/output alignment when USE_AMD64_ASM is set.
8340 (do_decrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function.
8341 (do_decrypt): Disable input/output alignment when USE_AMD64_AES is set.
8342 * configure.ac (aes) [x86-64]: Add 'rijndael-amd64.lo'.
8344 blowfish: add amd64 assembly implementation.
8345 + commit 9a61edd1f00cefe8ffa3ad54a53eed163883053c
8346 * cipher/Makefile.am: Add 'blowfish-amd64.S'.
8347 * cipher/blowfish-amd64.S: New file.
8348 * cipher/blowfish.c (USE_AMD64_ASM): New macro.
8349 [USE_AMD64_ASM] (_gcry_blowfish_amd64_do_encrypt)
8350 (_gcry_blowfish_amd64_encrypt_block)
8351 (_gcry_blowfish_amd64_decrypt_block, _gcry_blowfish_amd64_ctr_enc)
8352 (_gcry_blowfish_amd64_cbc_dec, _gcry_blowfish_amd64_cfb_dec): New
8354 [USE_AMD64_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block)
8355 (encrypt_block, decrypt_block): New functions.
8356 (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
8357 (_gcry_blowfish_cfb_dec, selftest_ctr, selftest_cbc, selftest_cfb): New
8359 (selftest): Call new bulk selftests.
8360 * cipher/cipher.c (gcry_cipher_open) [USE_BLOWFISH]: Register Blowfish
8361 bulk functions for ctr-enc, cbc-dec and cfb-dec.
8362 * configure.ac (blowfish) [x86_64]: Add 'blowfish-amd64.lo'.
8363 * src/cipher.h (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
8364 (gcry_blowfish_cfb_dec): New prototypes.
8366 2013-05-24 Werner Koch <wk@gnupg.org>
8368 ecc: Simplify the compliant point generation.
8369 + commit 99b18aa536703ef90c9a1f5c8f40bc68b2064593
8370 * cipher/ecc.c (generate_key): Use point_snatch_set, replaces unneeded
8371 variable copies, etc.
8373 ecc: Fix a minor flaw in the generation of K.
8374 + commit 9711384f75564a71979e3fb971b5f4cadcf1afef
8375 * cipher/dsa.c (gen_k): Factor code out to ..
8376 * cipher/dsa-common.c (_gcry_dsa_gen_k): new file and function. Add
8377 arg security_level and re-indent a bit.
8378 * cipher/ecc.c (gen_k): Remove and change callers to _gcry_dsa_gen_k.
8379 * cipher/dsa.c: Include pubkey-internal.
8380 * cipher/Makefile.am (libcipher_la_SOURCES): Add dsa-common.c
8382 2013-05-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8384 cast5: add amd64 assembly implementation.
8385 + commit 0bdf26eea8cdbffefe7e37578f8f896c4f5f5275
8386 * cipher/Makefile.am: Add 'cast5-amd64.S'.
8387 * cipher/cast5-amd64.S: New file.
8388 * cipher/cast5.c (USE_AMD64_ASM): New macro.
8389 (_gcry_cast5_s1tos4): Merge arrays s1, s2, s3, s4 to single array to
8390 simplify access from assembly implementation.
8391 (s1, s2, s3, s4): New macros pointing to subarrays in
8393 [USE_AMD64_ASM] (_gcry_cast5_amd64_encrypt_block)
8394 (_gcry_cast5_amd64_decrypt_block, _gcry_cast5_amd64_ctr_enc)
8395 (_gcry_cast5_amd64_cbc_dec, _gcry_cast5_amd64_cfb_dec): New prototypes.
8396 [USE_AMD64_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block)
8397 (decrypt_block): New functions.
8398 (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec)
8399 (selftest_ctr, selftest_cbc, selftest_cfb): New functions.
8400 (selftest): Call new bulk selftests.
8401 * cipher/cipher.c (gcry_cipher_open) [USE_CAST5]: Register CAST5 bulk
8402 functions for ctr-enc, cbc-dec and cfb-dec.
8403 * configure.ac (cast5) [x86_64]: Add 'cast5-amd64.lo'.
8404 * src/cipher.h (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec)
8405 (gcry_cast5_cfb_dec): New prototypes.
8407 cipher-selftest: make selftest work with any block-size.
8408 + commit ab8fc70b5f0c396a5bc941267f59166e860b8c5d
8409 * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128)
8410 (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed
8411 functions from '<name>_128' to '<name>'.
8412 (_gcry_selftest_helper_cbc, _gcry_selftest_helper_cfb)
8413 (_gcry_selftest_helper_ctr): Make work with different block sizes.
8414 * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc_128)
8415 (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed
8416 prototypes from '<name>_128' to '<name>'.
8417 * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128)
8418 (selftest_ctr_128): Change to use new function names.
8419 * cipher/rijndael.c (selftest_ctr_128, selftest_cfb_128)
8420 (selftest_ctr_128): Change to use new function names.
8421 * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128)
8422 (selftest_ctr_128): Change to use new function names.
8424 2013-05-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8426 serpent: add parallel processing for CFB decryption.
8427 + commit 6deb0ccdf718a0670f80e6762a3842caf76437d6
8428 * cipher/cipher.c (gcry_cipher_open): Add bulf CFB decryption function
8430 * cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_cfb_dec): New
8432 * cipher/serpent.c (_gcry_serpent_sse2_cfb_dec): New prototype.
8433 (_gcry_serpent_cfb_dec) New function.
8434 (selftest_cfb_128) New function.
8435 (selftest) Call selftest_cfb_128.
8436 * src/cipher.h (_gcry_serpent_cfb_dec): New prototype.
8438 camellia: add parallel processing for CFB decryption.
8439 + commit b60f06f70227c1e69e1010da8b47ea51ade48145
8440 * cipher/camellia-aesni-avx-amd64.S
8441 (_gcry_camellia_aesni_avx_cfb_dec): New function.
8442 * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_cfb_dec): New
8444 (_gcry_camellia_cfb_dec): New function.
8445 (selftest_cfb_128): New function.
8446 (selftest): Call selftest_cfb_128.
8447 * cipher/cipher.c (gry_cipher_open): Add bulk CFB decryption function
8449 * src/cipher.h (_gcry_camellia_cfb_dec): New prototype.
8451 rinjdael: add parallel processing for CFB decryption with AES-NI.
8452 + commit 319ee14f2aab8db56a830fd7ac8926f91b4f738a
8453 * cipher/cipher-selftest.c (_gcry_selftest_helper_cfb_128): New
8454 function for CFB selftests.
8455 * cipher/cipher-selftest.h (_gcry_selftest_helper_cfb_128): New
8457 * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_vec4): New function.
8458 (_gcry_aes_cfb_dec) [USE_AESNI]: Add parallelized CFB decryption.
8459 (selftest_cfb_128): New function.
8460 (selftest): Call selftest_cfb_128.
8462 2013-05-23 Werner Koch <wk@gnupg.org>
8464 Avoid compiler warning due to the global symbol setkey.
8465 + commit b402de8b9c4a9f269faf03ca952b1eb68a1f33c8
8466 * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128)
8467 (_gcry_selftest_helper_ctr_128): Rename setkey to setkey_func.
8469 2013-05-23 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8471 serpent: add SSE2 accelerated amd64 implementation.
8472 + commit 2fd06e207dcea1d8a7f0e7e92f3359615a99421b
8473 * configure.ac (serpent): Add 'serpent-sse2-amd64.lo'.
8474 * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add
8475 'serpent-sse2-amd64.S'.
8476 * cipher/cipher.c (gcry_cipher_open) [USE_SERPENT]: Register bulk
8477 functions for CBC-decryption and CTR-mode.
8478 * cipher/serpent.c (USE_SSE2): New macro.
8479 [USE_SSE2] (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec):
8480 New prototypes to assembler functions.
8481 (serpent_setkey): Set 'serpent_init_done' before calling serpent_test.
8482 (_gcry_serpent_ctr_enc): New function.
8483 (_gcry_serpent_cbc_dec): New function.
8484 (selftest_ctr_128): New function.
8485 (selftest_cbc_128): New function.
8486 (selftest): Call selftest_ctr_128 and selftest_cbc_128.
8487 * cipher/serpent-sse2-amd64.S: New file.
8488 * src/cipher.h (_gcry_serpent_ctr_enc): New prototype.
8489 (_gcry_serpent_cbc_dec): New prototype.
8491 Serpent: faster S-box implementation.
8492 + commit c85501af8222913f0a1e20e77fceb88e93417925
8493 * cipher/serpent.c (SBOX0, SBOX1, SBOX2, SBOX3, SBOX4, SBOX5, SBOX6)
8494 (SBOX7, SBOX0_INVERSE, SBOX1_INVERSE, SBOX2_INVERSE, SBOX3_INVERSE)
8495 (SBOX4_INVERSE, SBOX5_INVERSE, SBOX6_INVERSE, SBOX7_INVERSE): Replace
8496 with new definitions.
8498 2013-05-22 Werner Koch <wk@gnupg.org>
8500 w32: Fix installing of .def file.
8501 + commit 4e46d8bc78008ba06f106b368cefb0dddf15fe38
8502 * src/Makefile.am (install-def-file): Create libdir first.
8504 Add control commands to disable mlock and setuid dropping.
8505 + commit 2b8014af202c9e0f7619f7a4377f5eb752235220
8506 * src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New.
8507 (GCRYCTL_DISABLE_PRIV_DROP): New.
8508 * src/global.c (_gcry_vcontrol): Implement them.
8509 * src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New.
8510 (GCRY_SECMEM_FLAG_NO_PRIV_DROP): New.
8511 * src/secmem.c (no_mlock, no_priv_drop): New.
8512 (_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them.
8513 (lock_pool): Handle no_mlock and no_priv_drop.
8515 Fix libtool 2.4.2 to correctly detect .def files.
8516 + commit 05b3e2dda61d3d532a7f1ffd2487a85ed1c4f3ab
8517 * ltmain.sh (sed_uncomment_deffile): New.
8518 (orig_export_symbols): Uncomment def file before testing for EXPORTS.
8519 * m4/libtool.m4: Do the same for the generated code.
8521 2013-05-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
8523 Add AES bulk CBC decryption selftest.
8524 + commit b65281a1b76d7898eb7607932246b78277d8570b
8525 * cipher/rinjdael.c (selftest_cbc_128): New.
8526 (selftest): Call selftest_cbc_128.
8528 Change AES bulk CTR encryption selftest use new selftest helper function
8529 + commit 3637bdbb5f30a5e06745d448a6a8ad00e5cdd740
8530 * cipher/rinjdael.c: (selftest_ctr_128): Change to use new selftest
8533 Convert bulk CTR and CBC selftest functions in Camellia to generic selftest helper functions
8534 + commit eed4042fa028b3f73bad6a768f5b0a82f642e545
8535 * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-selftest files.
8536 * cipher/camellia-glue.c (selftest_ctr_128, selftest_cbc_128): Change
8537 to use the new selftest helper functions.
8538 * cipher/cipher-selftest.c: New.
8539 * cipher/cipher-selftest.h: New.
8541 camellia: add bulk CBC decryption selftest.
8542 + commit f2986f03d1ae59f973bae56ce4333e5457003de5
8543 * cipher/camellia-glue.c: (selftest_cbc_128): New selftest function for
8544 bulk CBC decryption.
8545 (selftest): Add call to selftest_cbc_128.
8547 camellia: Rename camellia_aesni_avx_x86-64.S to camellia-aesni-avx-amd64.S
8548 + commit 194ae35da7830a76b96e9b21121a2e1248762d3f
8549 * cipher/camellia_aesni_avx_x86-64.S: Remove.
8550 * cipher/camellia-aesni-avx-amd64.S: New.
8551 * cipher/Makefile.am: Use the new filename.
8552 * configure.ac: Use the new filename.
8554 2013-05-21 Werner Koch <wk@gnupg.org>
8556 Fix indentation and save on string space.
8557 + commit 2ac3a7c2b7154379738d17cfde8cd9017dc142f0
8558 * cipher/ecc.c (generate_key): Use the same string for both fatal
8561 2013-05-20 Andrey <andrey@brainhub.org>
8563 cipher: Fix segv in last ECC change.
8564 + commit eb4937914db3fb7317502e97e4f0e40c1857f59d
8565 * cipher/ecc.c (generate_key): Make sure R is initialized.
8567 2013-05-09 Andrey <andrey@brainhub.org>
8569 cipher: Generate compliant ECC keys.
8570 + commit 296f38a2bd2e25788643a42e4881faed00884a40
8571 * cipher/ecc.c (generate_key): Make sure a key is compliant for
8572 using the compact representation.
8574 2013-04-18 Werner Koch <wk@gnupg.org>
8576 cipher: Fix regression in Padlock support.
8577 + commit 6c942ec4d63032539f1fc56c3b970cfec2369e2b
8578 * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case
8579 and use the standard one.
8581 mpi: Yet another fix to get option flag munging right.
8582 + commit 03557687a09b9c8878c77cbfdd0f5049940c72da
8583 * cipher/Makefile.am (o_flag_munging): Yet another fix.
8585 mpi: Make using gcc's -Ofast easier.
8586 + commit 1ab26bc304c559b0a8d29823d656f7ad8d10a59d
8587 * cipher/Makefile.am (o_flag_munging): Take -Ofast in account.
8589 Fix alignment problem in idea.c.
8590 + commit 3271b0dfda67e26c381d7ed667737f08f865ee40
8591 * cipher/idea.c (cipher): Rework parameter use to fix alignment
8594 * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros.
8596 Fix alignment problem in idea.c.
8598 * cipher/idea.c (cipher): Rework parameter use to fix alignment
8601 * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros.
8604 (cherry picked from 4cd279556777e02eda79973f68efaa4b741f9175)
8606 2013-04-18 Vladimir Serbinenko <phcoder@gmail.com>
8608 Add some const attributes.
8609 + commit ff0b94c22b36600fff1db9f1d48f9de61f9038f7
8610 * cipher/md4.c (transform): Add const attribute.
8611 * cipher/md5.c (transform): Ditto.
8612 * cipher/rmd160.c (transform): Ditto.
8614 Fix alignment problem in serpent.c.
8615 + commit 86e72b490a5790a9c23341067c7e4d3e38be1634
8616 * cipher/serpent.c (serpent_key_prepare): Fix misaligned access.
8617 (serpent_setkey): Likewise.
8618 (serpent_encrypt_internal): Likewise.
8619 (serpent_decrypt_internal): Likewise.
8620 (serpent_encrypt): Don't put an alignment-increasing cast.
8621 (serpent_decrypt): Likewise.
8622 (serpent_test): Likewise.
8624 2013-04-16 Werner Koch <wk@wheatstone.g10code.de>
8626 Fix multiply by zero in gcry_mpi_ec_mul.
8627 + commit 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4
8628 * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0.
8629 * tests/t-mpi-point.c (basic_ec_math): Add a test case for this.
8631 2013-04-15 Werner Koch <wk@gnupg.org>
8633 Add macros to return pre-defined MPIs.
8634 + commit bd3afc27459a44df8cf501a7e1ae37bb849a8b0e
8635 * src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO)
8636 (GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New.
8637 (_gcry_mpi_get_const): New private function.
8638 * src/visibility.c (_gcry_mpi_get_const): New.
8639 * src/visibility.h: Mark it visible.
8641 Fix addition of EC points.
8642 + commit 71b25a5562f68aad81eae52cc1bab9ca7731a7e9
8643 * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine
8646 2013-04-12 Werner Koch <wk@gnupg.org>
8648 Add hack to allow using an "ecc" key for "ecdsa" or "ecdh".
8649 + commit af8a79aea80217a0c85a592db1fa001792a6bf0f
8650 * cipher/pubkey.c (sexp_to_key): Add optional arg USE.
8651 (gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign.
8652 (gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt.
8653 * tests/basic.c (show_sexp): New.
8654 (check_pubkey_sign): Print test number and add cases for ecc.
8655 (check_pubkey_sign_ecdsa): New.
8656 (do_check_one_pubkey): Divert to new function.
8658 2013-04-11 Werner Koch <wk@gnupg.org>
8660 Add gcry_pubkey_get_sexp.
8661 + commit 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c
8662 * src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New.
8663 (GCRY_PK_GET_SECKEY): New.
8664 (gcry_pubkey_get_sexp): New.
8665 * src/visibility.c (gcry_pubkey_get_sexp): New.
8666 * src/visibility.h (gcry_pubkey_get_sexp): Mark visible.
8667 * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
8668 * cipher/pubkey-internal.h: New.
8669 * cipher/Makefile.am (libcipher_la_SOURCES): Add new file.
8670 * cipher/ecc.c: Include pubkey-internal.h
8671 (_gcry_pk_ecc_get_sexp): New.
8672 * cipher/pubkey.c: Include pubkey-internal.h and context.h.
8673 (_gcry_pubkey_get_sexp): New.
8674 * src/context.c (_gcry_ctx_find_pointer): New.
8675 * src/cipher-proto.h: Add _gcry_pubkey_get_sexp.
8676 * tests/t-mpi-point.c (print_sexp): New.
8677 (context_param, basic_ec_math_simplified): Add tests for the new
8680 * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
8681 (AH_BOTTOM) Add error codes from gpg-error 1.12
8682 * src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL.
8684 * mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q.
8685 (_gcry_mpi_ec_get_point): Ditto.
8688 + commit 7524da2ba83d83a766c22d704006380c893e1c49
8689 * cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release)
8690 (_gcry_pk_get_elements): Remove.
8692 2013-04-05 Werner Koch <wk@gnupg.org>
8694 Make the Q parameter optional for ECC signing.
8695 + commit fe91a642c7c257aca095b96406fbcace88fa3df4
8696 * cipher/ecc.c (ecc_sign): Remove the need for Q.
8697 * cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a
8699 (sexp_to_key): Add optional arg R_IS_ECC.
8700 (gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys.
8701 * tests/pubkey.c (die): Make sure to print a LF.
8702 (check_ecc_sample_key): New.
8703 (main): Call new test.
8705 Add test case for SCRYPT and rework the code.
8706 + commit f23a068bcb6ec9788710698578d8be0a2a006dbc
8707 * tests/t-kdf.c (check_scrypt): New.
8708 (main): Call new test.
8710 * configure.ac: Support disabling of the scrypt algorithm. Make KDF
8711 enabling similar to the other algorithm classes. Disable scrypt if we
8712 don't have a 64 bit type.
8713 * cipher/memxor.c, cipher/memxor.h: Remove.
8714 * cipher/scrypt.h: Remove.
8715 * cipher/kdf-internal.h: New.
8716 * cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to
8717 EXTRA_libcipher_la_SOURCES.
8718 (GCRYPT_MODULES): Add GCRYPT_KDFS.
8719 * src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value.
8720 * cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2.
8721 (_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0.
8722 (gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check
8723 for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt.
8724 (gcry_kdf_derive) [!USE_SCRYPT]: Return an error.
8725 * cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by
8726 kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined.
8727 Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types.
8728 (_SALSA20_INPUT_LENGTH): Remove underscore from identifier.
8729 (_scryptBlockMix): Replace memxor by buf_xor.
8730 (_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer
8731 overflow. Add hack to support blocksize of 1 for tests. Return
8732 errors from calls to _gcry_kdf_pkdf2.
8734 * cipher/kdf.c (openpgp_s2k): Make static.
8736 2013-04-04 Christian Grothoff <christian@grothoff.org>
8738 Add the SCRYPT KDF function.
8739 + commit 855b1a8f81b5a3b5b31d0c3c303675425f58a5af
8740 * scrypt.c, scrypt.h: New files.
8741 * memxor.c, memxor.h: New files.
8742 * cipher/Makefile.am: Add new files.
8743 * cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT.
8744 * src/gcrypt.h.in (GCRY_KDF_SCRYPT): New.
8746 2013-03-22 Werner Koch <wk@gnupg.org>
8748 Replace deprecated AM_CONFIG_HEADER macro.
8749 + commit d0c8fda5af45354ac32928c9a01e688d6893599d
8750 * configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADER/
8752 Disable AES-NI support if as does not support SSSE3.
8753 + commit 9f4df1612ae21a5ce70d98930cb194e5193f5e2d
8754 * configure.ac (HAVE_GCC_INLINE_ASM_SSSE3): New test.
8755 (ENABLE_AESNI_SUPPORT): Do not define without SSSE3 support.
8756 (HAVE_GCC_INLINE_ASM_SSSE3, ENABLE_AVX_SUPPORT): Split up detection
8759 2013-03-21 Werner Koch <wk@gnupg.org>
8761 Fix make dependency regression.
8762 + commit 2a1e03c5a481689c43d197dd8034a1d73de0a1a4
8763 * src/Makefile.am (libgcrypt_la_DEPENDENCIES): Add missing backslash.
8766 2013-03-20 Werner Koch <wk@gnupg.org>
8768 Use finer grained on-the-fly helper computations for EC.
8769 + commit 5fb3501aa0cf5f2b2a9012706bb9ad2b1c4bfd7d
8770 * src/ec-context.h (mpi_ec_ctx_s): Replace NEED_SYNC by a bitfield.
8771 * mpi/ec.c (ec_p_sync): Remove.
8772 (ec_get_reset, ec_get_a_is_pminus3, ec_get_two_inv_p): New.
8773 (ec_p_init): Use ec_get_reset.
8774 (_gcry_mpi_ec_set_mpi, _gcry_mpi_ec_dup_point)
8775 (_gcry_mpi_ec_add_points): Replace ec_p_sync by the ec_get_ accessors.
8777 Allow building with w64-mingw32.
8778 + commit b402e550041782b770a6ae267c7c28ca8324a12e
8779 * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also
8780 prepare for 64 bit building.
8782 Provide GCRYPT_VERSION_NUMBER macro, add build info to the binary.
8783 + commit 1eaad0a8c4cab227685a6a8768e539df2f1f4dac
8784 * src/gcrypt.h.in (GCRYPT_VERSION_NUMBER): New.
8785 * configure.ac (VERSION_NUMBER): New ac_subst.
8786 * src/global.c (_gcry_vcontrol): Move call to above function ...
8787 (gcry_check_version): .. here.
8789 * configure.ac (BUILD_REVISION, BUILD_FILEVERSION)
8790 (BUILD_TIMESTAMP): Define on all platforms.
8791 * compat/compat.c (_gcry_compat_identification): Include revision and
8794 Fix a memory leak in the new EC code.
8795 + commit de07974d807b703a2554d6ba885ea249e648bd44
8796 * cipher/ecc.c (point_from_keyparam): Always call mpi_free on A.
8798 2013-03-19 Werner Koch <wk@gnupg.org>
8800 Extend the new EC interface and fix two bugs.
8801 + commit 931e409e877d1e444edd53dead327ec8e64daf9a
8802 * src/ec-context.h (mpi_ec_ctx_s): Add field NEED_SYNC.
8803 * mpi/ec.c (ec_p_sync): New.
8804 (ec_p_init): Only set NEED_SYNC.
8805 (_gcry_mpi_ec_set_mpi): Set NEED_SYNC for 'p' and 'a'.
8806 (_gcry_mpi_ec_dup_point, _gcry_mpi_ec_add_points)
8807 (_gcry_mpi_ec_mul_point): Call ec_p_sync.
8808 (_gcry_mpi_ec_get_point): Recompute 'q' is needed.
8809 (_gcry_mpi_ec_get_mpi): Ditto. Also allow for names 'q', 'q.x',
8811 * cipher/ecc.c (_gcry_mpi_ec_ec2os): New.
8813 * cipher/ecc.c (_gcry_mpi_ec_new): Fix init from parameters 'Q'->'q',
8816 2013-03-15 Werner Koch <wk@gnupg.org>
8818 mpi: Add functions to manipulate an EC context.
8819 + commit 229f3219f80c9369ed9624242c0436ae6d293201
8820 * src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove.
8821 (gcry_mpi_ec_new): New.
8822 (gcry_mpi_ec_get_mpi): New.
8823 (gcry_mpi_ec_get_point): New.
8824 (gcry_mpi_ec_set_mpi): New.
8825 (gcry_mpi_ec_set_point): New.
8826 * src/visibility.c (gcry_mpi_ec_p_new): Remove.
8827 * mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and
8828 change to return an error code.
8829 (_gcry_mpi_ec_get_mpi): New.
8830 (_gcry_mpi_ec_get_point): New.
8831 (_gcry_mpi_ec_set_mpi): New.
8832 (_gcry_mpi_ec_set_point): New.
8833 * src/mpi.h: Add new prototypes.
8834 * src/ec-context.h: New.
8835 * mpi/ec.c: Include that header.
8836 (mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some
8837 fields into an inner struct.
8839 * cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS.
8840 (mpi_from_keyparam, point_from_keyparam): New.
8841 (_gcry_mpi_ec_new): New.
8843 * tests/t-mpi-point.c (test-curve): New.
8844 (ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new.
8845 (get_and_cmp_mpi, get_and_cmp_point): New.
8846 (context_param): New test.
8847 (basic_ec_math_simplified): New test.
8848 (main): Call new tests.
8850 * src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX.
8852 2013-03-13 Werner Koch <wk@gnupg.org>
8854 Add GCRYMPI_FLAG_CONST and make use constants.
8855 + commit e005629bd7bebb3e13945645c6e1230b44ab16a2
8856 * src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New.
8857 * src/mpi.h (mpi_is_const, mpi_const): New.
8858 (enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New.
8859 * mpi/mpiutil.c (_gcry_mpi_init): New.
8861 (_gcry_mpi_free): Do not release a constant flagged MPI.
8862 (gcry_mpi_copy): Clear the const and immutable flags.
8863 (gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support
8865 (_gcry_mpi_const): New.
8866 * src/global.c (global_init): Call _gcry_mpi_init.
8867 * mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and
8868 eight. Change all users to call mpi_const() instead.
8870 * src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag.
8872 Add GCRYMPI_FLAG_IMMUTABLE to help debugging.
8873 + commit 1fecae98ee7e0fa49b29f98efa6817ca121ed98a
8874 * src/gcrypt.h.in (GCRYMPI_FLAG_IMMUTABLE): New.
8875 * src/mpi.h (mpi_is_immutable): New macro.
8876 * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag)
8877 (gcry_mpi_get_flag): Implement new flag
8878 (_gcry_mpi_immutable_failed): New.
8880 * mpi/mpiutil.c (_gcry_mpi_clear, _gcry_mpi_free, gcry_mpi_snatch)
8881 (gcry_mpi_set, gcry_mpi_randomize): Act upon the immutable flag.
8882 * mpi/mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit)
8883 (gcry_mpi_clear_highbit, gcry_mpi_clear_bit)
8884 (_gcry_mpi_rshift_limbs, gcry_mpi_lshift): Ditto.
8885 * mpi/mpicoder.c (_gcry_mpi_set_buffer): Ditto.
8887 2013-03-08 Werner Koch <wk@gnupg.org>
8889 mpi: Add an API for EC math.
8890 + commit 8ac9e756d3ca545a9b97e61ad3d42fc2e877d788
8891 * src/context.c, src/context.h: New.
8892 * src/Makefile.am (libgcrypt_la_SOURCES): Add new files.
8893 * src/gcrypt.h.in (struct gcry_context, gcry_ctx_t): New types.
8894 (gcry_ctx_release): New prototype.
8895 (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup)
8896 (gcry_mpi_ec_add, gcry_mpi_ec_mul): New prototypes.
8897 * mpi/ec.c: Include errno.h and context.h.
8898 (_gcry_mpi_ec_init): Rename to ..
8899 (ec_p_init): this, make static, remove allocation and add arg CTX.
8900 (_gcry_mpi_ec_p_internal_new): New; to replace _gcry_mpi_ec_init.
8901 Change all callers to use this func.
8902 (_gcry_mpi_ec_free): Factor code out to ..
8903 (ec_deinit): New func.
8904 (gcry_mpi_ec_p_new): New.
8905 * src/visibility.c: Include context.h and mpi.h.
8906 (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup)
8907 (gcry_mpi_ec_add, gcry_mpi_ec_mul)
8908 (gcry_ctx_release): New wrapper functions.
8909 * src/visibility.h: Mark new wrapper functions visible.
8910 * src/libgcrypt.def, src/libgcrypt.vers: Add new symbols.
8911 * tests/t-mpi-point.c (print_mpi, hex2mpi, cmp_mpihex): New.
8912 (context_alloc): New.
8913 (make_point, basic_ec_math): New.
8915 mpi: Add an API for EC point operations.
8916 + commit 7cce620acddac2df024ca421ed3abc32a88f3738
8917 * mpi/ec.c (gcry_mpi_point_new, gcry_mpi_point_release): New.
8918 (gcry_mpi_point_get, gcry_mpi_point_snatch_get): New.
8919 (gcry_mpi_point_set, gcry_mpi_point_snatch_set): New.
8920 * src/visibility.h, src/visibility.c: Add corresponding macros and
8922 * src/gcrypt.h.in (struct gcry_mpi_point, gcry_mpi_point_t): New.
8923 (gcry_mpi_point_new, gcry_mpi_point_release, gcry_mpi_point_get)
8924 (gcry_mpi_point_snatch_get, gcry_mpi_point_set)
8925 (gcry_mpi_point_snatch_set): New prototypes.
8926 (mpi_point_new, mpi_point_release, mpi_point_get, mpi_point_snatch_get)
8927 (mpi_point_set, mpi_point_snatch_set): New macros.
8928 * src/libgcrypt.vers (gcry_mpi_point_new, gcry_mpi_point_release)
8929 (gcry_mpi_point_get, gcry_mpi_point_snatch_get, gcry_mpi_point_set)
8930 (gcry_mpi_point_snatch_set): New symbols.
8931 * src/libgcrypt.def: Ditto.
8932 * tests/t-mpi-point.c: New.
8933 * tests/Makefile.am (TESTS): Add t-mpi-point
8935 2013-03-07 Werner Koch <wk@gnupg.org>
8937 mpi: Add mpi_snatch and change an internal typedef.
8938 + commit 6c4767637c512127a4362732b3ec51068554d328
8939 * src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point.
8940 (mpi_point_struct): New typedef.
8941 (mpi_point_t): Change typedef to a pointer. Replace all occurrences
8942 to use mpi_point_struct.
8943 * mpi/ec.c (_gcry_mpi_ec_point_init): Rename to ..
8944 (_gcry_mpi_point_init): this. Change all callers.
8945 (_gcry_mpi_ec_point_free): Rename to ..
8946 (_gcry_mpi_point_free_parts): this. Change all callers.
8948 * mpi/mpiutil.c (gcry_mpi_snatch): New function.
8949 * src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and
8951 * src/visibility.c (gcry_mpi_snatch): Add wrapper.
8952 * src/visibility.h (gcry_mpi_snatch): Add macro magic.
8953 * src/libgcrypt.def, src/libgcrypt.vers: Add new function.
8955 Pretty print the configure feedback.
8956 + commit c620099e4ab2f35e0196b395a805bb655c984ac2
8957 * acinclude.m4 (GNUPG_MSG_PRINT): Remove.
8958 (GCRY_MSG_SHOW, GCRY_MSG_WRAP): New.
8959 * configure.ac: Use new macros for the feedback.
8961 2013-02-20 Werner Koch <wk@gnupg.org>
8963 Fix building of hwf-x86.c.
8964 + commit 70dcac663de06b012417015c175973d64e6980df
8965 * src/Makefile.am (AM_CFLAGS): Set to GPG_ERROR_CFLAGS
8966 (AM_CCASFLAGS): Set NOEXECSTACK_FLAGS.
8968 Remove build hacks for FreeBSD.
8969 + commit fb48ebf7081400a24ee48f8a9894a361e8834b6e
8970 * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
8973 2013-02-19 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
8975 Rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni.
8976 + commit 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa
8977 * cipher/rijndael.c (_gcry_aes_cbc_enc): Check if AES-NI is enabled before
8978 calling aesni_prepare() and aesni_cleanup().
8980 Add AES-NI/AVX accelerated Camellia implementation.
8981 + commit 63ac3ba07dba82fde040d31b90b4eff627bd92b9
8982 * configure.ac: Add option --disable-avx-support.
8983 (HAVE_GCC_INLINE_ASM_AVX): New.
8984 (ENABLE_AVX_SUPPORT): New.
8985 (camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add
8986 camellia_aesni_avx_x86-64.lo.
8987 * cipher/Makefile.am (AM_CCASFLAGS): Add.
8988 (EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S
8989 * cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT]
8990 [__x86_64__] (USE_AESNI_AVX): Add macro.
8991 (struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx.
8992 [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc)
8993 (_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly
8995 (camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware
8997 (_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code.
8998 (_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code.
8999 * cipher/camellia_aesni_avx_x86-64.S: New.
9000 * src/g10lib.h (HWF_INTEL_AVX): New.
9001 * src/global.c (hwflist): Add HWF_INTEL_AVX.
9002 * src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection
9005 camellia.c: Prepare for AES-NI/AVX implementation.
9006 + commit 4de62d80644228fc5db2a9f9c94a7eb633d8de2e
9007 * cipher/camellia-glue.c (CAMELLIA_encrypt_stack_burn_size)
9008 (CAMELLIA_decrypt_stack_burn_size): Increase stack burn size.
9009 * cipher/camellia.c (CAMELLIA_ROUNDSM): Move key-material mixing in
9011 (camellia_setup128, camellia_setup256): Remove now unneeded
9012 key-material mangling.
9013 (camellia_encrypt128, camellia_decrypt128, amellia_encrypt256)
9014 (camellia_decrypt256): Copy block to stack, so that compiler can
9015 optimize it for register usage.
9017 Camellia, prepare glue code for AES-NI/AVX implementation.
9018 + commit 537f12ce072d568f9fa344c447d32b2e0efffbe8
9019 * cipher/camellia-glue.c (ATTR_ALIGNED_16): Add macro.
9020 (CAMELLIA_encrypt_stack_burn_size): Add macro.
9021 (camellia_encrypt): Use macro above for stack burn size.
9022 (CAMELLIA_decrypt_stack_burn_size): Add macro.
9023 (camellia_decrypt): Use macro above for stack burn size.
9024 (_gcry_camellia_ctr_enc): New function.
9025 (_gcry_camellia_cbc_dec): New function.
9026 (selftest_ctr_128): New function.
9027 (selftest): Call function above.
9028 * cipher/cipher.c (gcry_cipher_open) [USE_CAMELLIA]: Register bulk
9029 functions for CBC-decryption and CTR-mode.
9030 * src/cipher.h (_gcry_camellia_ctr_enc): New prototype.
9031 (_gcry_camellia_cbc_dec): New prototype.
9033 2012-12-21 Werner Koch <wk@gnupg.org>
9035 Prepare for hardware feature detection on other platforms.
9036 + commit 09ac5d87d11aa0b1fa0e0a4184ab03b3671a73e2
9037 * configure.ac (GCRYPT_HWF_MODULES): New.
9038 (HAVE_CPU_ARCH_X86, HAVE_CPU_ARCH_ALPHA, HAVE_CPU_ARCH_SPARC)
9039 (HAVE_CPU_ARCH_MIPS, HAVE_CPU_ARCH_M68K, HAVE_CPU_ARCH_PPC)
9040 (HAVE_CPU_ARCH_ARM): New AC_DEFINEs.
9041 * mpi/config.links (mpi_cpu_arch): New.
9042 * src/global.c (print_config): Print new tag "cpu-arch".
9043 * src/Makefile.am (libgcrypt_la_SOURCES): Add hwf-common.h
9044 (EXTRA_libgcrypt_la_SOURCES): New.
9045 (gcrypt_hwf_modules): New.
9046 (libgcrypt_la_DEPENDENCIES, libgcrypt_la_LIBADD): Add that one.
9047 * src/hwfeatures.c: Factor most code out to ...
9048 * src/hwf-x86.c: New file.
9049 (detect_x86_gnuc): Return the feature vector.
9050 (_gcry_hwf_detect_x86): New.
9051 * src/hwf-common.h: New.
9052 * src/hwfeatures.c (_gcry_detect_hw_features): Dispatch using
9053 HAVE_CPU_ARCH_ macros.
9055 2012-12-21 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9057 Clean up i386/x86-64 cpuid usage in hwfeatures.c.
9058 + commit d842eea55e22c05da3959a7a4422b5fcd7884f60
9059 * src/hwfeatures.c [__i386__ && __GNUC__] (detect_ia32_gnuc): Remove.
9060 [__x86_64__ && __GNUC__] (detect_x86_64_gnuc): Remove.
9061 [__i386__ && __GNUC__] (is_cpuid_available, get_cpuid)
9062 (HAS_X86_CPUID): New.
9063 [__x86_64__ && __GNUC__] (is_cpuid_available, get_cpuid)
9064 (HAS_X86_CPUID): New.
9065 [HAS_X86_CPUID] (detect_x86_gnuc): New.
9066 (_gcry_detect_hw_features) [__i386__ && GNUC]: Remove detect_ia32_gnuc
9068 (_gcry_detect_hw_features) [__x86_64__ && GNUC]: Remove
9069 detect_x86_64_gnuc call.
9070 (_gcry_detect_hw_features) [HAS_X86_CPUID]: Add detect_x86_gnuc call.
9072 2012-12-18 Dmitry Kasatkin <dmitry.kasatkin@intel.com>
9074 Add support for using DRNG random number generator.
9075 + commit efd7002188e6d50013e4d9a920a8b9afa9d210e5
9076 * configure.ac: Add option --disable-drng-support.
9077 (ENABLE_DRNG_SUPPORT): New.
9078 * random/rndhw.c (USE_DRNG): New.
9079 (rdrand_long, rdrand_nlong, poll_drng): New.
9080 (_gcry_rndhw_poll_fast, _gcry_rndhw_poll_slow): Call poll function.
9081 * src/g10lib.h (HWF_INTEL_RDRAND): New.
9082 * src/global.c (hwflist): Add "intel-rdrand".
9083 * src/hwfeatures.c (detect_x86_64_gnuc) [ENABLE_DRNG_SUPPORT]: Detect
9085 (detect_ia32_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND.
9087 2012-12-03 Werner Koch <wk@gnupg.org>
9089 random: Add a RNG selection interface and system RNG wrapper.
9090 + commit 7607ab81504ce44060ed0b331d309606f5da1e75
9091 * random/random-system.c: New.
9092 * random/Makefile.am (librandom_la_SOURCES): Add new module.
9093 * random/random.c (struct rng_types): New.
9094 (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New.
9095 (_gcry_random_initialize, gcry_random_add_bytes, do_randomize)
9096 (_gcry_set_random_seed_file, _gcry_update_random_seed_file)
9097 (_gcry_fast_random_poll): Dispatch to the actual RNG.
9098 * src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New.
9099 GCRYCTL_GET_CURRENT_RNG_TYPE): New.
9100 (gcry_rng_types): New.
9101 * src/global.c (print_config): Print the TNG type.
9102 (global_init, _gcry_vcontrol): Implement the new control codes.
9103 * doc/gcrypt.texi (Controlling the library): Document the new control
9106 * tests/benchmark.c (main): Add options to test the RNG types.
9107 * tests/random.c (main): Add new options.
9108 (print_hex): Print to stderr.
9109 (progress_cb, rng_type): New.
9110 (check_rng_type_switching, check_early_rng_type_switching): New.
9111 (run_all_rng_tests): New.
9113 tests: Allow use of random.c under Windows.
9114 + commit 76c622e24a07f7c826812be173aa173b4334776b
9115 * tests/Makefile.am (TESTS): Always include random.c
9116 * tests/random.c [!W32]: Include sys/wait.h.
9118 (check_forking, check_nonce_forking): Print a notice what will be done.
9119 (main) [W32]: Do not call signal.
9121 Make random-fips.c work multi-threaded.
9122 + commit 75760021b511ba438606af746431223357e7a155
9123 * random/random-fips.c (basic_initialization): Fix reversed logic.
9125 Move nonce creation from csprng backend to random main module.
9126 + commit c324644aa14e54fc7051983b38222db32b8ab227
9127 * random/random-csprng.c (_gcry_rngcsprng_create_nonce): Remove.
9128 (nonce_buffer_lock): Remove.
9129 (initialize_basics): Remove init of nonce_buffer_lock.
9130 * random/random.c: Add a few header files.
9131 (nonce_buffer_lock): New.
9132 (_gcry_random_initialize): Init nonce_buffer_lock.
9133 (gcry_create_nonce): Add code from _gcry_rngcsprng_create_nonce.
9135 * random/random-daemon.c (_gcry_daemon_create_nonce): Remove.
9137 2012-12-03 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9139 Fix building with CC="gcc -std=c90".
9140 + commit f851b9a932ee64fa5a06000d1ac763ba4349f07d
9141 * configure.ac: Add check for missing 'asm' keyword in C90 mode and
9142 replacement with '__asm__'.
9144 2012-12-03 Werner Koch <wk@gnupg.org>
9146 Try to use inttypes.h if stdint.h is not available.
9147 + commit d9ec7aec1301b13a89e5c9c54d7ad52e1a29b846
9148 * cipher/bufhelp.h [HAVE_INTTYPES_H]: Include inttypes.h
9150 2012-12-03 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9152 Optimize buffer xoring.
9153 + commit 162791bc08f4fc9b3882671e68ecdfd9e130ae59
9154 * cipher/Makefile.am (libcipher_la_SOURCES): Add 'bufhelp.h'.
9155 * cipher/bufhelp.h: New.
9156 * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
9157 (_gcry_cipher_aeswrap_decrypt): Use 'buf_xor' for buffer xoring.
9158 * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
9159 (_gcry_cipher_cbc_decrypt): Use 'buf_xor' for buffer xoring and remove
9160 resulting unused variables.
9161 * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) Use 'buf_xor_2dst'
9162 for buffer xoring and remove resulting unused variables.
9163 (_gcry_cipher_cfb_decrypt): Use 'buf_xor_n_copy' for buffer xoring and
9164 remove resulting unused variables.
9165 * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Use 'buf_xor' for
9166 buffer xoring and remove resulting unused variables.
9167 * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
9168 (_gcry_cipher_ofb_decrypt): Use 'buf_xor' for buffer xoring and remove
9169 resulting used variables.
9170 * cipher/rijndael.c (_gry_aes_cfb_enc): Use 'buf_xor_2dst' for buffer
9171 xoring and remove resulting unused variables.
9172 (_gry_aes_cfb_dev): Use 'buf_xor_n_copy' for buffer xoring and remove
9173 resulting unused variables.
9174 (_gry_aes_cbc_enc, _gry_aes_ctr_enc, _gry_aes_cbc_dec): Use 'buf_xor'
9175 for buffer xoring and remove resulting unused variables.
9177 2012-11-29 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9179 Optimize AES-NI CTR mode.
9180 + commit 9ee9e25f519696d509b1a5c1cc04ab0121e98a51
9181 * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Make
9182 handling of 64-bit overflow and carry conditional. Avoid generic to
9183 vector register passing of value '1'. Generate and use '-1' instead.
9185 2012-11-28 Werner Koch <wk@gnupg.org>
9187 Make a cpp conditional in rijndael.c better readable.
9188 + commit 6765e0a8618000d3dc7bda035163e0708c43791b
9189 * cipher/rijndael.c (USE_AESNI): Modify cpp conditionals for better
9192 2012-11-28 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9194 Fix building with Clang on x86-64 and i386.
9195 + commit 99e272d938fe23efec25af409bdb91dae0e659e5
9196 * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_aligned)
9197 (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Add
9198 explicit suffix to 'cmp' instructions.
9200 2012-11-26 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9202 Optimize wipememory2 for i386 and x86-64.
9203 + commit faec12e23f03c7cd1614594bfdd51f1302cadb42
9204 * src/g10lib.h (wipememory2): Add call to fast_wipememory2.
9205 (fast_wipememory2): New macros for i386 and x86-64 architectures.
9206 Empty macro provided for other architectures.
9208 Fix missing 64bit carry handling in AES-NI CTR mode.
9209 + commit fc37e805c6394c2e635d1a033670be961f36a6d2
9210 * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Add
9211 carry handling to 64-bit addition.
9212 (selftest_ctr_128): New function for testing IV handling in bulk CTR
9214 (selftest): Add call to selftest_ctr_128.
9216 Add parallelized AES-NI CBC decryption.
9217 + commit 35aff0cd43885b5f5c076432ec614698abeb63d8
9218 * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_5): New macro.
9219 [USE_AESNI] (do_aesni_dec_vec4): New function.
9220 (_gcry_aes_cbc_dec) [USE_AESNI]: Add parallelized CBC loop.
9221 (_gcry_aes_cbc_dec) [USE_AESNI]: Change IV storage register from xmm3
9224 Clear xmm5 after use in AES-NI CTR mode.
9225 + commit 5acd0e5ae2a58dda51c2b56c879b80a1a6d2c42f
9226 * cipher/rijndael.c [USE_AESNI]: Rename aesni_cleanup_2_4 to
9228 [USE_AESNI] (aesni_cleanup_2_5): Clear xmm5 register.
9229 (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) [USE_AESNI]: Use
9230 aesni_cleanup_2_5 instead of aesni_cleanup_2_4.
9232 Optimize AES-NI CBC encryption.
9233 + commit be3768994ad362dfc849a8cd0146b4c9bb287d20
9234 * cipher/rijndeal.c (_gcry_aes_cbc_enc) [USE_AESNI]: Add AES-NI
9235 spesific loop and use SSE2 assembler for xoring and copying of
9238 Improve parallelizability of CBC decryption for AES-NI.
9239 + commit 3369d960158ab4231b83926a0f982e2a8819f173
9240 * cipher/rijndael.c (_gcry_aes_cbc_dec) [USE_AESNI]: Add AES-NI
9241 specific CBC mode loop with temporary block and IV stored in free SSE
9244 Extend test of chained modes for 128bit ciphers.
9245 + commit 55b96be08531664ed3f4230acebe0f45954bbc33
9246 * tests/basic.c (check_one_cipher_core, check_one_cipher): Increase
9247 input and output buffer sizes from 16 bytes to 1024+16=1040 bytes.
9248 (check_one_cipher_core): Add asserts to verify sizes of temporary
9251 2012-11-21 Werner Koch <wk@gnupg.org>
9253 Fix for strict aliasing rules.
9254 + commit dfb4673da8ee52d95e0a62c9f49ca8599943f22e
9255 * cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t for
9258 Do not detect AES-NI support if disabled by configure.
9259 + commit 3047795794eb238aa684bd0729acf64c82a19e09
9260 * src/hwfeatures.c (detect_ia32_gnuc): Detect AESNI support only if
9261 that support has been enabled.
9263 2012-11-21 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
9265 Fix too large burn_stack in camellia-glue.c.
9266 + commit 8afabc2813948778a3db52d9dee9a041a3dd50d4
9267 * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Do not
9268 take full array size of KEY_TABLE_TYPE, but argument size instead.
9270 Add x86_64 support for AES-NI.
9271 + commit d8bdfa42ed582655c180e7db9b16d4e756a12a6e
9272 * cipher/rijndael.c [ENABLE_AESNI_SUPPORT]: Enable USE_AESNI on x86-64.
9273 (do_setkey) [USE_AESNI_is_disabled_here]: Use %[key] and %[ksch]
9274 directly as registers instead of using temporary register %%esi.
9275 [USE_AESNI] (do_aesni_enc_aligned, do_aesni_dec_aligned, do_aesni_cfb,
9276 do_aesni_ctr, do_aesni_ctr_4): Use %[key] directly as register instead
9277 of using temporary register %%esi.
9278 [USE_AESNI] (do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Change %[key]
9279 from generic "g" type to register "r".
9280 * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Do not
9281 clear AES-NI feature flag.
9283 Fix cpuid vendor-id check for i386 and x86-64.
9284 + commit 9e1552517f68459a165ddebbba85e7cf37ff4f0c
9285 * src/hwfeatures.c (detect_x86_64_gnuc, detect_ia32_gnuc): Allow
9286 Intel features be detect from CPU by other vendors too.
9288 Fix hwdetect assembler clobbers.
9289 + commit 19b9efd1f47a5de9c450ce8212dfa3174a029c7a
9290 * src/hwfeatures.c (detect_x86_64_gnuc): Add missing %ebx assembler
9292 (detect_x86_64_gnuc, detect_ia32_gnuc) [ENABLE_PADLOCK_SUPPORT]: Add
9293 missing %ecx assembler clobbers.
9295 2012-11-21 Werner Koch <wk@gnupg.org>
9297 Use configure test for aligned attribute.
9298 + commit 6368ed542150956ff4ba8170a15bbc534143675c
9299 * configure.ac (HAVE_GCC_ATTRIBUTE_ALIGNED): New test and ac_define.
9300 * cipher/cipher-internal.h, cipher/rijndael.c, random/rndhw.c: Use new
9301 macro instead of a fixed test for __GNUC__.
9303 Fix segv with AES-NI on some platforms.
9304 + commit a96974de734beb51a733a89b3283bcf7b433b54c
9305 * cipher/rijndael.c (RIJNDAEL_context): Align on 16 bytes.
9307 2012-11-16 Werner Koch <wk@gnupg.org>
9309 Improve parsing of the GIT revision number.
9310 + commit 4b18e530f417d4af401a3fd721ad2a07e5310e3e
9311 * configure.ac (mmm4_revision): Use git rev-parse.
9313 2012-11-08 Werner Koch <wk@gnupg.org>
9315 Fix extern inline use for gcc > 4.3 in c99 mode.
9316 + commit 5abc06114e91beca0177331e1c79815f5fb6d7be
9317 * mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern
9318 inline semantics in gcc.
9320 2012-11-07 Werner Koch <wk@gnupg.org>
9322 Fix memory leak in gcry_pk_testkey for ECC.
9323 + commit 8cbbad5f94f6e0429fffe66d689aea20f7e35957
9324 * cipher/ecc.c (check_secret_key): Restructure for easier allocation
9325 tracking. Fix memory leak.
9327 2012-11-05 Werner Koch <wk@gnupg.org>
9329 Prepare for a backported interface in 1.5.1.
9330 + commit 7af98ef78d45e813f47ae4e180a02757a379953f
9331 * configure.ac: Bump LT version at C20/A0/R0 to adjust for a planned
9332 API update in 1.5.1.
9334 Adjust for stricter autoconf requirements.
9335 + commit 1241fbbc896e9bbad68f1007a17b20493f6cd1af
9336 * configure.ac: Fix usage of AC_LANG_PROGRAM.
9338 Update build helper scripts.
9339 + commit a5c4d45e8d12737cd21b095c81da5c18e2afc39e
9340 * config.guess, config.sub: Update to version 2012-07-31.
9341 * ltmain.sh: Update to version 2.4.2.
9342 * install-sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4
9343 * m4/lt~obsolete.m4: Update to autoconf 2.69 versions.
9345 Do not distribute a copy of gitlog-to-changelog.
9346 + commit 40976d7da5420453bf93a9c99f0cc4c7044d0774
9347 * Makefile.am (GITLOG_TO_CHANGELOG): New.
9348 (gen-ChangeLog): Require an installed gitlog-to-changelog.
9349 * scripts/gitlog-to-changelog: Remove.
9351 * README.SVN: Remove.
9354 Allow building with w64-mingw32.
9355 + commit 4f6fb150558d0ed250bfbd50352c258a4456ba50
9356 * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also
9357 prepare for 64 bit building.
9358 <git-setup>: Remove option -c from chmod.
9360 Switch to the new automagic beta numbering scheme.
9361 + commit 7d5195be76d9dd4adc28976ad153e8f7761c5855
9362 * configure.ac: Add all the required m4 magic.
9364 Avoid dereferencing pointer right after the end.
9365 + commit 79502e2c1982047dcf2b776f52826f38bbd9b1fe
9366 * mpi/mpicoder.c (do_get_buffer): Check the length before derefing P.
9368 2012-10-30 Werner Koch <wk@gnupg.org>
9370 Make ancient test program useful again.
9371 + commit 66adf76e634423bb72ce1f0b5ed78f4e4798f190
9372 * tests/testapi.c (test_sexp): Adjust to current API. Print the
9373 return code. Mark unused args.
9374 (test_genkey): Mark unused args.
9375 (main): Do not pass NULL to printf.
9377 tests: Add ECC key generation tests.
9378 + commit c13164884ade6b1e945cddacce2d244fd881de6b
9379 * tests/keygen.c (check_generated_ecc_key): New.
9380 (check_ecc_keys): New.
9381 (main): Call simple ECC checks.
9383 2012-10-30 Milan Broz <mbroz@redhat.com>
9385 PBKDF2: Allow empty passphrase.
9386 + commit 8528f1ba40e587dc17e02822e529fbd7ac69a189
9387 * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2.
9388 * tests/t-kdf.c (check_pbkdf2): Add test case for above.
9390 2012-08-16 Xi Wang <xi.wang@gmail.com>
9392 Replace deliberate division by zero with _gcry_divide_by_zero.
9393 + commit 2c54c4da19d3a79e9f749740828026dd41f0521a
9394 * mpi/mpi-pow.c: Replace 1 / msize.
9395 * mpi/mpih-div.c: Replace 1 / dsize.
9396 * src/misc.c: Add _gcry_divide_by_zero.
9398 2012-06-21 Werner Koch <wk@gnupg.org>
9400 Clear AESNI feature flag for x86_64.
9401 + commit 2196728e2252917849c1be94417258076767021b
9402 * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Clear
9405 Beautify last change.
9406 + commit 20e423212c9710ee663e12dd0f62580ceb245a6f
9407 * cipher/rijndael.c: Replace C99 feature from last patch. Keep cpp
9409 * random/rndhw.c: Keep cpp lines short.
9410 * src/hwfeatures.c (_gcry_detect_hw_features): Make cpp def chain
9413 2012-06-21 Rafaël Carré <funman@videolan.org>
9415 Enable VIA Padlock on x86_64 platforms.
9416 + commit baf0dc7e9c26167ab43ba2adebcf2f1abc9d9b3b
9417 * cipher/rijndael.c: Duplicate x86 assembly and convert to x86_64.
9418 * random/rndhw.c: Likewise.
9419 * src/hwfeatures.c: Likewise.
9421 2012-05-14 Werner Koch <wk@gnupg.org>
9423 Add curve aliases from RFC-5656.
9424 + commit 39c123b729a472ace039f8536d07f8b9a5f4675a
9425 * cipher/ecc.c (curve_aliases): Add "nistp???" entries.
9427 2012-04-16 Werner Koch <wk@gnupg.org>
9429 State new contribution rules.
9430 + commit 3bb858551cd5d84e43b800edfa2b07d1529718a9
9432 * doc/HACKING: Document new rules.
9434 2012-04-04 Tomas Mraz <tmraz@fedoraproject.org>
9436 Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command.
9437 + commit 90e49a11733bfba9c3c505ac487282d35757f682
9438 * doc/gcrypt.texi: Add documentation of the new command.
9439 * src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
9440 only when fips mode is enabled.
9441 (_gcry_set_enforced_fips_mode): New function.
9442 * src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
9443 * src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG.
9444 * src/global.c (_gcry_vcontrol): Handle the new command.
9446 2012-02-17 Ulrich Müller <ulm@gentoo.org>
9448 Rework selftest in idea.c.
9449 + commit 70cca617ed75ea292e1fed769114dda5cc1d76f1
9450 * cipher/idea.c (do_setkey): Execute selftest when first called.
9451 (decrypt_block): Remove commented-out code.
9452 (selftest): Execute all selftests. Return NULL on success, or
9453 string in case of error.
9455 2012-02-16 Werner Koch <wk@gnupg.org>
9457 Fix missing prototype.
9458 + commit 46035d28c9b413851d43a4008fdc8e4cdf5d686b
9459 * src/g10lib.h (_gcry_secmem_module_init): Make it a real prototype.
9461 2012-02-16 Ulrich Müller <ulm@gentoo.org>
9463 Add support for the IDEA cipher.
9464 + commit 318fd85f377c060908d371f792d41e599b3b7483
9465 Adapt idea.c to the Libgcrypt framework.
9466 Add IDEA to cipher_table and to the build system.
9468 Patents on IDEA have expired:
9469 Europe: EP0482154 on 2011-05-16,
9470 Japan: JP3225440 on 2011-05-16,
9471 U.S.: 5,214,703 on 2012-01-07.
9473 * configure.ac: Add idea to the list of available ciphers.
9474 Define USE_IDEA if idea is enabled.
9475 * cipher/cipher.c (cipher_table): Add entry for IDEA.
9476 * cipher/idea.c: Update comment about patents.
9477 Include proper header files and remove redundant declarations.
9478 (expand_key, cipher, do_setkey, encrypt_block, decrypt_block):
9479 Define function arguments as const where appropriate.
9480 (cipher): Test for !WORDS_BIGENDIAN instead of LITTLE_ENDIAN_HOST.
9481 (do_setkey, decrypt_block): Don't call selftest.
9482 (idea_setkey): New function, wrapper for do_setkey.
9483 (idea_encrypt): New function, wrapper for encrypt_block.
9484 (_gcry_cipher_spec_idea): Define.
9485 * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add idea.c.
9486 * src/cipher.h (_gcry_cipher_spec_idea): Declare.
9487 * tests/basic.c (check_ciphers): Add GCRY_CIPHER_IDEA.
9489 2012-01-09 Werner Koch <wk@gnupg.org>
9491 Include an IDEA implementation.
9492 + commit 6078b05f5340d886e0b9e6cee1d9b5043e0cb210
9493 The code is the old IDEA test code, written by me back in 1997 and
9494 distributed on a Danish FTP server. This commit is only for
9495 reference. To use the code it has to be adjusted to the Libgcrypt
9498 2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
9500 Fix pthread locking and remove defunctional support for static lock init.
9501 + commit 38fcd59ce774eaa3d65f2f7534c989afd860eb56
9502 * src/ath.c: Include assert.h.
9503 (ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK.
9504 * src/g10lib.h (_gcry_secmem_module_init): New declaration.
9505 * src/global.c (global_init): Call _gcry_secmem_module_init.
9506 * src/secmem.c (_gcry_secmem_module_init): New function.
9508 2011-12-16 Werner Koch <wk@gnupg.org>
9510 Add alignment tests for the cipher tests.
9511 + commit 14cf1f7e338fedb8edaff5631441746605152bd6
9512 * tests/basic.c (check_one_cipher): Factor most code out to
9513 check_one_cipher_core. Call that core function several times using
9514 different alignment settings.
9515 (check_one_cipher_core): New. Add extra args to allow alignment
9518 2011-12-07 Werner Koch <wk@gnupg.org>
9520 tests/prime: Add option to create a well known private key.
9521 + commit 16f5654643d584e3bc739b636752d779176b2191
9522 * tests/prime.c (print_mpi, create_42prime): New.
9523 (main): Add option --42.
9525 2011-12-01 Werner Koch <wk@gnupg.org>
9527 Do not build the random-daemon by make distcheck.
9528 + commit ea1fb538d99f1ec093f2fef86f4f29176ec27826
9529 * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Disable building of the
9532 Generate the ChangeLog from commit logs.
9533 + commit 137d73191c904926ba529376144ee8239af4ca02
9534 * scripts/gitlog-to-changelog: New script. Taken from gnulib.
9535 * scripts/git-log-fix: New file.
9536 * scripts/git-log-footer: New file.
9537 * doc/HACKING: Describe the ChangeLog policy
9538 * ChangeLog: New file.
9539 * Makefile.am (EXTRA_DIST): Add new files.
9540 (gen-ChangeLog): New.
9541 (dist-hook): Run gen-ChangeLog.
9543 Rename all ChangeLog files to ChangeLog-2011.
9545 2011-12-01 Werner Koch <wk@gnupg.org>
9547 NB: Changes done before December 1st, 2011 are described in
9548 per directory files named ChangeLog-2011. See doc/HACKING for
9552 Copyright (C) 2011 Free Software Foundation, Inc.
9554 Copying and distribution of this file and/or the original GIT
9555 commit log messages, with or without modification, are
9556 permitted provided the copyright notice and this notice are
projects / platform / upstream / libgcrypt.git / blob