2014-08-21 Werner Koch Release 1.6.2. * configure.ac: Set LT version to C20/A0/R2. build: Fix typo in help string. * configure.ac: Fix. sexp: Check args of gcry_sexp_build. * src/sexp.c (do_vsexp_sscan): Return error for invalid args. cipher: Fix a segv in case of calling with wrong parameters. * cipher/md.c (_gcry_md_info): Fix arg testing. cipher: Fix possible NULL deref in call to prime generator. * cipher/primegen.c (_gcry_generate_elg_prime): Change to return an error code. * cipher/dsa.c (generate): Take care of new return code. * cipher/elgamal.c (generate): Change to return an error code. Take care of _gcry_generate_elg_prime return code. (generate_using_x): Take care of _gcry_generate_elg_prime return code. (elg_generate): Propagate return code from generate. 2014-08-20 Werner Koch ecc: Support the non-standard 0x40 compression flag for EdDSA. * cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA. * cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX. (_gcry_ecc_eddsa_encodepoint): Ditto. (_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix. (_gcry_ecc_eddsa_decodepoint): Ditto. * tests/keygrip.c: Check an compresssed with prefix Ed25519 key. * tests/t-ed25519.inp: Ditto. mpi: Extend the internal mpi_get_buffer. * mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC. (_gcry_mpi_get_buffer_extra): New. 2014-08-05 Werner Koch mpi: Fix regression for powerpc-apple-darwin detection. * mpi/config.links: Add separate entry for powerpc-apple-darwin. Fix bug inhibiting the use of the sentinel attribute. * src/gcrypt.h.in: Fix typo in macro. mpi: Use BSD syntax for x86_64-apple-darwin. * mpi/config.links: Add case for x86_64-apple-darwin. 2014-08-05 Kristian Fiskerstrand Fix building for the x32 target without asm modules. * mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI. 2014-05-20 Jussi Kivilinna Fix ARM assembly when building __PIC__ * cipher/camellia-arm.S (GET_DATA_POINTER): New. (_gcry_camellia_arm_encrypt_block): Use GET_DATA_POINTER. (_gcry_camellia_arm_decrypt_block): Ditto. * cipher/cast5-arm.S (GET_DATA_POINTER): New. (_gcry_cast5_arm_encrypt_block, _gcry_cast5_arm_decrypt_block) (_gcry_cast5_arm_enc_blk2, _gcry_cast5_arm_dec_blk2): Use GET_DATA_POINTER. * cipher/rijndael-arm.S (GET_DATA_POINTER): New. (_gcry_aes_arm_encrypt_block, _gcry_aes_arm_decrypt_block): Use GET_DATA_POINTER. 2014-05-09 Werner Koch mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit. * mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear allocated but not used bits before resizing. * tests/t-mpi-bits.c (set_bit_with_resize): New. 2014-04-24 Werner Koch Support building using the latest mingw-w64 toolchain. * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection. Use internal malloc function in fips.c. * src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/. 2014-04-22 Werner Koch random: Small patch for consistency and really burn the stack. * random/rndlinux.c (_gcry_rndlinux_gather_random): s/int/size_t/. (_gcry_rndlinux_gather_random): Replace memset by wipememory. 2014-04-16 Werner Koch pubkey: Re-map all deprecated RSA algo numbers. * cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S. cipher: Fix possible NULL dereference. * cipher/md.c (_gcry_md_selftest): Check for spec being NULL. 2014-02-20 Jussi Kivilinna Fix ARMv6 detection when CFLAGS modify target CPU architecture. * configure.ac (gcry_cv_cc_arm_arch_is_v6): Use compiler test instead of preprocessor test. 2014-01-31 Jussi Kivilinna Parse /proc/cpuinfo for ARM HW features. * src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO) (detect_arm_proc_cpuinfo): New. (_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for HW features. 2014-01-29 Werner Koch cipher: Take care of ENABLE_NEON_SUPPORT. * cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if ENABLE_NEON_SUPPORT is defined. * cipher/serpent.c (USE_NEON): Ditto. * cipher/sha512.c (USE_ARM_NEON_ASM): Ditto. Release 1.6.1. * configure.ac: Set LT version to C20/A0/R1. Reserve control code for FIPS extensions. * src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New. (GCRYCTL_REACTIVATE_FIPS_FLAG): New. * src/global.c (_gcry_vcontrol): Add them but return not_implemented. (cherry picked from commit aea96a64fbc58a0b6f9f435e97e93294c6eb1052) Support non weak symbol pthread platforms. * m4/lock.m4, m4/threadlib.m4: New. From libgpg-error master. * m4/Makefile.am (EXTRA_DIST): Add them. * configure.ac (HAVE_PTHREAD): Remove test and ac_define. (gl_LOCK): Do not use under Windows. (LIBGCRYPT_CONFIG_LIBS): Add LIBTHREAD to support non-ELF pthread systems. * src/Makefile.am (dumpsexp_LDADD, mpicalc_LDADD, hmac256_LDADD) (gcryptrnd_LDADD): Add LIBTHREAD. * src/ath.c: Include pthread for any pthread version. (ath_init, ath_install, ath_mutex_init, ath_mutex_destroy) (ath_mutex_lock, ath_mutex_unlock): Support non-weak symbol pthread systems. * tests/Makefile.am (LDADD): Add LIBTHREAD. * tests/t-lock.c: Replace HAVE_PTHREAD by USE_POSIX_THREADS (run_test): Run only under W32 or pthread. tests: Remove non-portable format specifiers. * tests/basic.c: Replace "%zi" by "%d" and casts. 2014-01-29 NIIBE Yutaka Fix RSA Blinding. * cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse. (cherry picked from commit 121a90d8931944974054f7d94f63b7f89df87fa5) 2014-01-28 Werner Koch sexp: Fix broken gcry_sexp_nth. * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data element. (NODE): Remove unused typedef. (ST_HINT): Comment unused macro. * tests/tsexp.c (bug_1594): New. (main): Run new test. 2014-01-27 Werner Koch mpi: Minor fix for Atari-mint. * mpi/config.links [m68k-atari-mint]: Do not assume 68020. Suggested by Alan Hourihane. 2014-01-27 Dmitry Eremin-Solenikov tests: Pass -no-install to libtool. * tests/Makefile.am: add AM_LDFLAGS = -no-install Fix most of memory leaks in tests code. * tests/basic.c (check_ccm_cipher): Close cipher after use. * tests/basic.c (check_one_cipher): Correct length of used buffer. * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer initialized. * tests/keygen.c (check_ecc_keys): Release generated key. * tests/t-mpi-point.c (context_param): Release mpi Q. * tests/t-sexp.c (check_extract_param): Release extracted number. Fix memory leaks in ecc code. * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi values. * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error path. * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi. 2014-01-24 Werner Koch Check compiler features only for the relevant platform. * mpi/config.links (mpi_cpu_arch): Always set for ARM. Set for HPPA. Set to "undefined" for unknown platforms. (try_asm_modules): Act upon only after having detected the CPU. * configure.ac: Move the call to config.links before the platform specific compiler checks. Check platform specific features only if the platform is targeted. 2014-01-24 Dmitry Eremin-Solenikov Truncate hash values for ECDSA signature scheme. * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque mpis as required for DSA and ECDSA signature schemas. * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to behave like the rest of internal sign/verify functions. * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): as required by ECDSA scheme, truncate hash values to bitlength of used curve. * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash truncation. (cherry picked from commit 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225) 2014-01-24 Werner Koch Support locking under Windows. * src/ath.c: Add support for Windows. * src/global.c (external_lock_test): New. (_gcry_vcontrol): Call new function with formerly reserved code 61. * tests/t-common.h: New. Taken from current libgpg-error. * tests/t-lock.c: New. Based on t-lock.c from libgpg-error. * configure.ac (HAVE_PTHREAD): Set macro to 1 if defined. (AC_CHECK_FUNCS): Check for flockfile. * tests/Makefile.am (tests_bin): Add t-lock. (noinst_HEADERS): Add t-common.h (LDADD): Move value to ... (default_ldadd): new. (t_lock_LDADD): New. 2014-01-20 Werner Koch cipher: Fix commit 77f28793. * cipher/tiger.c (tiger_init): Add arg FLAGS. (tiger1_init, tiger2_init): Ditto. (cherry picked from commit dad06e4d1b835bac778b87090b1d3894b7535b14) md: Add Whirlpool bug emulation feature. * src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New. * src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS. Change all code to implement that flag. * cipher/md.c (gcry_md_context): Replace SECURE and FINALIZED by bit field FLAGS. Add flag BUGEMU1. Change all users. (md_open): Replace args SECURE and HMAC by FLAGS. Init flags.bugemu1. (_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1. (md_enable): Pass bugemu1 flag to the hash init function. (_gcry_md_reset): Ditto. 2014-01-14 Milan Broz PBKDF2: Use gcry_md_reset to speed up calculation. * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset to speed up calculation. 2014-01-13 Werner Koch Fix macro conflict in NetBSD. * cipher/bithelp.h (bswap32): Rename to _gcry_bswap32. (bswap64): Rename to _gcry_bswap64. 2014-01-13 Dmitry Eremin-Solenikov Fix typo in search_oid. * cipher/md.c (search_oid): Invert condition on oid comparison. Correct formatting of gcry_mac_get_algo_keylen documentation. * doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen documentation. Use braces around unsigned int in gcry_mac_get_algo_keylen documentation, otherwise texinfo breaks that and uses 'int' as a function definition. 2014-01-12 Jussi Kivilinna * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'. -- Fix for bug https://bugs.g10code.com/gnupg/issue1584 (cherry picked from commit 7fef7f481c0a1542be34d1dc831f58d41846ac29) Fix buggy/incomplete detection of AVX/AVX2 support. * configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2 inline assembly checks. * src/hwf-x86.c [__i386__] (get_xgetbv): New function. [__x86_64__] (get_xgetbv): New function. [HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are supported by OS. 2014-01-10 Werner Koch Use the generic autogen.sh script. * autogen.rc: New. * Makefile.am (EXTRA_DIST): Add it. * autogen.sh: Update from current GnuPG. (cherry picked from commit b0ac1f9b143aa15855914ba93fef900288d45c9c) Move all helper scripts to build-aux/ * scripts/: Rename to build-aux/. * compile, config.guess, config.rpath, config.sub * depcomp, doc/mdate-sh, doc/texinfo.tex * install-sh, ltmain.sh, missing: Move to build-aux/. * Makefile.am (EXTRA_DIST): Adjust. * configure.ac (AC_CONFIG_AUX_DIR): New. (AM_SILENT_RULES): New. (cherry picked from commit df9b4eabf52faee6f289a4bc62219684442ae383) 2013-12-16 Werner Koch Release 1.6.0. doc: Change yat2m to allow arbitrary condition names. * doc/yat2m.c (MAX_CONDITION_NESTING): New. (gpgone_defined): Remove. (condition_s, condition_stack, condition_stack_idx): New. (cond_is_active, cond_in_verbatim): New. (add_predefined_macro, set_macro, macro_set_p): New. (evaluate_conditions, push_condition, pop_condition): New. (parse_file): Rewrite to use the condition stack. (top_parse_file): Set prefined macros. (main): Change -D to define arbitrary macros. tests: Add SHA-512 to the long hash test. * tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512. * tests/hashtest-256g.in (algos): Add test for SHA-512. Add configure option --enable-large-data-tests. * configure.ac: Add option --enable-large-data-tests. * tests/hashtest-256g.in: New. * tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in. (TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and tests_sh_last. (tests_sh_last): Add hashtest-256g (noinst_PROGRAMS): Add only tests_bin and tests_bin_last. (bench-slope.log, hashtest-256g.log): New rules to enforce serial run. random: Call random progress handler more often. * random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress indicator earlier. cipher: Normalize the MPIs used as input to secret key functions. * cipher/dsa.c (sign): Normalize INPUT. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Reduce DATA before passing to secret. 2013-12-16 Jussi Kivilinna Change dummy variable in mpih-div.c to mpi_limb_t type. * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy variable to 'mpi_limb_t' type from 'int'. Remove duplicate gcry_mac_hd_t typedef. * cipher/mac-internal.h (gcry_mac_hd_t): Remove. 2013-12-15 Jussi Kivilinna Use u64 for CCM data lengths. * cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF]. [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for data lengths. [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt) (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce) (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag) (_gcry_cipher_ccm_check_tag): Dummy functions returning GPG_ERROR_NOT_SUPPORTED. * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm) (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use u64 instead of size_t for CCM data lengths. * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset) (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED for CCM. (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for GCRYCTL_SET_CCM_LENGTHS length parameters. * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF. * tests/bench-slope.c: Ditto. * tests/benchmark.c: Ditto. 2013-12-14 Werner Koch tests: Prevent rare failure of gcry_pk_decrypt test. * tests/basic.c (check_pubkey_crypt): Add special mode 1. (main): Add option --loop. 2013-12-14 Jussi Kivilinna Minor fixes to SHA assembly implementations. * cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'. * cipher/sha1-ssse3-amd64.S: First line, correct filename. * cipher/sha256-ssse3-amd64.S: Return correct stack burn depth. * cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers. * cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn depth. SHA-1/SSSE3: Do not check for Intel syntax assembly support. * cipher/sha1-ssse3-amd64.S: Remove check for HAVE_INTEL_SYNTAX_PLATFORM_AS. * cipher/sha1.c [USE_SSSE3]: Ditto. 2013-12-13 Jussi Kivilinna Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm. * cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to 'sha1-ssse3-amd64.S'. * cipher/sha1-ssse3-amd64.c: Remove. * cipher/sha1-ssse3-amd64.S: New. SHA-1: Add SSSE3 implementation. * cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'. * cipher/sha1-ssse3-amd64.c: New. * cipher/sha1.c (USE_SSSE3): New. (SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. (sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'. (transform): Rename to... (_transform): this. (transform): New. * configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'. Add missing register clearing in to SHA-256 and SHA-512 assembly. * cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return. * cipher/sha512-avx-amd64.S: Ditto. * cipher/sha512-avx2-bmi2-amd64.S: Ditto. * cipher/sha512-ssse3-amd64.S: Ditto. 2013-12-13 Werner Koch Update license information. * LICENSES: New. * Makefile.am (EXTRA_DIST): Add LICENSES. * AUTHORS: Add list of copyright holders. * README: Reference AUTHORS. 2013-12-13 Jussi Kivilinna Fix empty clobber in AVX2 assembly check. * configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly globber. Fix W32 build. * random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to xmalloc, and gcry_xrealloc to xrealloc. 2013-12-12 Jussi Kivilinna SHA-512: Add AVX and AVX2 implementations for x86-64. * cipher/Makefile.am: Add 'sha512-avx-amd64.S' and 'sha512-avx2-bmi2-amd64.S'. * cipher/sha512-avx-amd64.S: New. * cipher/sha512-avx2-bmi2-amd64.S: New. * cipher/sha512.c (USE_AVX, USE_AVX2): New. (SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'. (SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'. (sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'. (sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'. [USE_AVX] (_gcry_sha512_transform_amd64_avx): New. [USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New. (transform) [USE_AVX2]: Add call for AVX2 implementation. (transform) [USE_AVX]: Add call for AVX implementation. * configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check. (sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'. * doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'. * src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New. * src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2". * src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and HWF_INTEL_BMI2. SHA-512: Add SSSE3 implementation for x86-64. * cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'. * cipher/sha512-ssse3-amd64.S: New. * cipher/sha512.c (USE_SSSE3): New. (SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. (sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'. [USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New. (transform) [USE_SSSE3]: Call SSSE3 implementation. * configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'. SHA-256: Add SSSE3 implementation for x86-64. * cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'. * cipher/sha256-ssse3-amd64.S: New. * cipher/sha256.c (USE_SSSE3): New. (SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. (sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'. (transform): Rename to... (_transform): This. [USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New. (transform): New. * configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check. (sha256): Add 'sha256-ssse3-amd64.lo'. * doc/gcrypt.texi: Document 'intel-ssse3'. * src/g10lib.h (HWF_INTEL_SSSE3): New. * src/hwfeatures.c (hwflist): Add "intel-ssse3". * src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3. 2013-12-12 Werner Koch Add a configuration file to disable hardware features. * src/hwfeatures.c: Inclyde syslog.h and ctype.h. (HWF_DENY_FILE): New. (my_isascii): New. (parse_hwf_deny_file): New. (_gcry_detect_hw_features): Call it. * src/mpicalc.c (main): Correctly initialize Libgcrypt. Add options "--print-config" and "--disable-hwf". Move list of hardware features to hwfeatures.c. * src/global.c (hwflist, disabled_hw_features): Move to .. * src/hwfeatures.c: here. (_gcry_disable_hw_feature): New. (_gcry_enum_hw_features): New. (_gcry_detect_hw_features): Remove arg DISABLED_FEATURES. * src/global.c (print_config, _gcry_vcontrol, global_init): Adjust accordingly. Remove macro hacks for internal vs. external functions. Part 2 and last. * src/visibility.h: Remove remaining define/undef hacks for symbol visibility. Add macros to detect the use of the public functions. Change all affected functions by replacing them by the x-macros. * src/g10lib.h: Add internal prototypes. (xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure) (xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure) (xcalloc_secure, xrealloc, xstrdup, xfree): New macros. 2013-12-11 Werner Koch random: Add a feature to close device file descriptors. * src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New. * src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds. * random/random.c (_gcry_random_close_fds): New. * random/random-csprng.c (_gcry_rngcsprng_close_fds): New. * random/random-fips.c (_gcry_rngfips_close_fds): New. * random/random-system.c (_gcry_rngsystem_close_fds): New. * random/rndlinux.c (open_device): Add arg retry. (_gcry_rndlinux_gather_random): Add mode to close open fds. * tests/random.c (check_close_random_device): New. (main): Call new test. 2013-12-10 Werner Koch Fix last commit (9a37470c) * src/secmem.c (lock_pool): Remove remaining line. Reported by Ian Goldberg. 2013-12-09 Werner Koch Fix one-off memory leak when build with Linux capability support. * src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by Mike Crowe . 2013-12-09 David 'Digit' Turner Update libtool to support Android. * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool repository. 2013-12-09 Werner Koch tests: Speed up benchmarks in regression test mode. * tests/tsexp.c (check_extract_param): Fix compiler warning. * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST. * tests/bench-slope.c (main): Speed up if in regression test mode. * tests/benchmark.c (main): Ditto. tests: Add --csv option to bench-slope. * tests/bench-slope.c (STR, STR2): New. (cvs_mode): New. (num_measurement_repetitions): New. Replace use of NUM_MEASUREMENT_REPETITIONS by this. (current_section_name, current_algo_name, current_mode_name): New. (bench_print_result_csv): New. (bench_print_result_std): Rename from bench_print_result. (bench_print_result): New. Divert depending on CSV_MODE. (bench_print_header, bench_print_footer): take care of CSV_MODE. (bench_print_algo, bench_print_mode): New. Use them instead of explicit printfs. (main): Add options --csv and --repetitions. 2013-12-07 Werner Koch sexp: Allow long names and white space in gcry_sexp_extract_param. * src/sexp.c (_gcry_sexp_vextract_param): Skip white space. Support long parameter names. * tests/tsexp.c (check_extract_param): Add test cases for long parameter names and white space. 2013-12-06 Werner Koch ecc: Merge partly duplicated code. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ... (_gcry_ecc_eddsa_compute_h_d): new function. * cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function. (reverse_buffer): Remove. ecc: Remove unused internal function. * src/cipher-proto.h (gcry_pk_spec): Remove get_param. * cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from _gcry_ecc_get_param. (_gcry_ecc_get_param): Remove. * cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param. 2013-12-06 Jussi Kivilinna Fix building on mingw32. * src/gcrypt-int.h: Include . 2013-12-05 Werner Koch ecc: Change OID for Ed25519. * cipher/ecc-curves.c (curve_aliased): Add more suitable OID for Ed25519. Remove macro hacks for internal vs. external functions. Part 1. * src/visibility.h: Remove almost all define/undef hacks for symbol visibility. Add macros to detect the use of the public functions. Change all affected functions by prefixing them explicitly with an underscore and change all internal callers to call the underscore prefixed versions. Provide convenience macros from sexp and mpi functions. * src/visibility.c: Change all functions to use only gpg_err_code_t and translate to gpg_error_t only in visibility.c. 2013-12-04 Jussi Kivilinna mpi: add inline assembly for x86-64. * mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm) (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New. 2013-12-04 NIIBE Yutaka mpi: fix gcry_mpi_powm for negative base. * mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]: Fix for the case where BASE is negative. * tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19. 2013-12-03 Werner Koch Add build support for ppc64le. * config.guess, config.sub: Update to latest version (2013-11-29). * m4/libtool.m4: Add patches for ppc64le. 2013-12-03 Jussi Kivilinna rijndael: fix compiler warning on aarch64. * cipher/rijndael.c (do_setkey): Use braces for empty if statement instead of semicolon. Add aarch64 (arm64) mpi assembly. * mpi/aarch64/mpi-asm-defs.h: New. * mpi/aarch64/mpih-add1.S: New. * mpi/aarch64/mpih-mul1.S: New. * mpi/aarch64/mpih-mul2.S: New. * mpi/aarch64/mpih-mul3.S: New. * mpi/aarch64/mpih-sub1.S: New. * mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64 assembly. * mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm) (count_leading_zeros): New. 2013-12-02 Werner Koch ecc: Use constant time point operation for Twisted Edwards. * mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time operation if needed. * tests/benchmark.c (main): Add option --use-secmem. ecc: Make gcry_pk_testkey work for Ed25519. * cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G and d. Change all callers. * cipher/ecc.c (gen_y_2): Remove. (check_secret_key): Use generic public key compute function. Adjust for use with Ed25519 and EdDSA. (nist_generate_key): Do not use the compliant key thingy for Ed25519. (ecc_check_secret_key): Make parameter parsing similar to the other functions. * cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so that _gcry_ecc_update_curve_param works correctly. * tests/keygen.c (check_ecc_keys): Add "param" flag. Check all Ed25519 keys. ecc: Fix eddsa point decompression. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative case. ecc: Fix gcry_mpi_ec_curve_point for Weierstrass. * mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation. (ec_pow3): New. (ec_p_init): Always copy B. mpi: Introduce 4 user flags for gcry_mpi_t. * src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2) (GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New. * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) (gcry_mpi_get_flag, _gcry_mpi_free): Implement them. (gcry_mpi_set_opaque): Keep user flags. 2013-11-29 Vladimir 'φ-coder/phcoder' Serbinenko Fix armv3 compile error. * mpi/longlong.h [__arm__ && __ARM_ARCH < 4] (umul_ppmm): Use __AND_CLOBBER_CC instead of __CLOBBER_CC. longlong.h on mips with clang. * mpi/longlong.h [__mips__]: Use C-language version with clang. 2013-11-24 Jussi Kivilinna Camellia: Tweaks for AES-NI implementations. * cipher/camellia-aesni-avx-amd64.S: Align stack to 16 bytes; tweak key-setup for small speed up. * cipher/camellia-aesni-avx2-amd64.S: Use vmovdqu even with aligned stack; reorder vinsert128 instructions; use rbp for stack frame. 2013-11-21 Jussi Kivilinna Add GMAC to MAC API. * cipher/Makefile.am: Add 'mac-gmac.c'. * cipher/mac-gmac.c: New. * cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'. (_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish) (_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed) (_gcry_mac_type_spec_gmac_camellia): New externs. * cipher/mac.c (mac_list): Add GMAC specifications. * doc/gcrypt.texi: Add mention of GMAC. * src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms. * tests/basic.c (check_one_mac): Add support for MAC IVs. (check_mac): Add support for MAC IVs and add GMAC test vectors. * tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499. * tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499. GCM: Move gcm_table initialization to setkey. * cipher/cipher-gcm.c: Change all 'c->u_iv.iv' to 'c->u_mode.gcm.u_ghash_key.key'. (_gcry_cipher_gcm_setkey): New. (_gcry_cipher_gcm_initiv): Move ghash initialization to function above. * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.u_ghash_key'; Reorder 'u_mode.gcm' members for partial clearing in gcry_cipher_reset. (_gcry_cipher_gcm_setkey): New prototype. * cipher/cipher.c (cipher_setkey): Add GCM setkey. (cipher_reset): Clear 'u_mode' only partially for GCM. 2013-11-20 Jussi Kivilinna GCM: Add support for split data buffers and online operation. * cipher/cipher-gcm.c (do_ghash_buf): Add buffering for less than blocksize length input and padding handling. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Add handling for AAD padding and check if data has already being padded. (_gcry_cipher_gcm_authenticate): Check that AAD or data has not being padded yet. (_gcry_cipher_gcm_initiv): Clear padding marks. (_gcry_cipher_gcm_tag): Add finalization and padding; Clear sensitive data from cipher handle, since they are not used after generating tag. * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.macbuf', 'u_mode.gcm.mac_unused', 'u_mode.gcm.ghash_data_finalized' and 'u_mode.gcm.ghash_aad_finalized'. * tests/basic.c (check_gcm_cipher): Rename to... (_check_gcm_cipher): ...this and add handling for different buffer step lengths; Enable per byte buffer testing. (check_gcm_cipher): Call _check_gcm_cipher with different buffer step sizes. GCM: Use size_t for buffer sizes. * cipher/cipher-gcm.c (ghash, gcm_bytecounter_add, do_ghash_buf) (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_geniv) (_gcry_cipher_gcm_tag): Use size_t for buffer lengths. * cipher/cipher-internal.h (_gcry_cipher_gcm_encrypt) (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Use size_t for buffer lengths. GCM: add FIPS mode restrictions. * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) (_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv was invocated directly. (_gcry_cipher_gcm_setiv): Rename to... (_gcry_cipher_gcm_initiv): ...this. (_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode. [TODO] (_gcry_cipher_gcm_getiv): New. * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'. GCM: Add clearing and checking of marks.tag. * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Make sure that tag has not been finalized yet. (_gcry_cipher_gcm_setiv): Clear 'marks.tag'. GCM: Add stack burning. * cipher/cipher-gcm.c (do_ghash, ghash): Return stack burn depth. (setupM): Wipe 'tmp' buffer. (do_ghash_buf): Wipe 'tmp' buffer and add stack burning. Add aggregated bulk processing for GCM on x86-64. * cipher/cipher-gcm.c [__x86_64__] (gfmul_pclmul_aggr4): New. (ghash) [GCM_USE_INTEL_PCLMUL]: Add aggregated bulk processing for __x86_64__. (setupM) [__x86_64__]: Add initialization for aggregated bulk processing. GCM: Tweak Intel PCLMUL ghash loop for small speed-up. * cipher/cipher-gcm.c (do_ghash): Mark 'inline'. [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): Rename to... [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul): ..this and make inline function. (ghash) [GCM_USE_INTEL_PCLMUL]: Preload data before ghash-pclmul loop. GCM: Use counter mode code for speed-up. * cipher/cipher-gcm.c (ghash): Add process for multiple blocks. (gcm_bytecounter_add, gcm_add32_be128, gcm_check_datalen) (gcm_check_aadlen_or_ivlen, do_ghash_buf): New functions. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_set_iv) (_gcry_cipher_gcm_tag): Adjust to use above new functions and counter mode functions for encryption/decryption. * cipher/cipher-internal.h (gcry_cipher_handle): Remove 'length'; Add 'u_mode.gcm.(addlen|datalen|tagiv|datalen_over_limits)'. (_gcry_cipher_gcm_setiv): Return gcry_err_code_t. * cipher/cipher.c (cipher_setiv): Return error code. (_gcry_cipher_setiv): Handle error code from 'cipher_setiv'. Add Intel PCLMUL acceleration for GCM. * cipher/cipher-gcm.c (fillM): Rename... (do_fillM): ...to this. (ghash): Remove. (fillM): New macro. (GHASH): Use 'do_ghash' instead of 'ghash'. [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): New. (ghash): New. (setupM): New. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_setiv) (_gcry_cipher_gcm_tag): Use 'ghash' instead of 'GHASH' and 'c->u_mode.gcm.u_tag.tag' instead of 'c->u_tag.tag'. * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): New. (gcry_cipher_handle): Move 'u_tag' and 'gcm_table' under 'u_mode.gcm'. * configure.ac (pclmulsupport, gcry_cv_gcc_inline_asm_pclmul): New. * src/g10lib.h (HWF_INTEL_PCLMUL): New. * src/global.c: Add "intel-pclmul". * src/hwf-x86.c (detect_x86_gnuc): Add check for Intel PCLMUL. GCM: GHASH optimizations. * cipher/cipher-gcm.c [GCM_USE_TABLES] (gcmR, ghash): Replace with new. [GCM_USE_TABLES] [GCM_TABLES_USE_U64] (bshift, fillM, do_ghash): New. [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (bshift, fillM): Replace with new. [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (do_ghash): New. (_gcry_cipher_gcm_tag): Remove extra memcpy to outbuf and use buf_eq_const for comparing authentication tag. * cipher/cipher-internal.h (gcry_cipher_handle): Different 'gcm_table' for 32-bit and 64-bit platforms. Add some documentation for GCM mode. * doc/gcrypt.texi: Add mention of GCM mode. 2013-11-19 Dmitry Eremin-Solenikov Initial implementation of GCM. * cipher/Makefile.am: Add 'cipher-gcm.c'. * cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths) (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag) (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change 'c->u_mode.ccm.tag' to 'c->marks.tag'. * cipher/cipher-gcm.c: New. * cipher/cipher-internal.h (GCM_USE_TABLES): New. (gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and 'gcm_table'; Remove 'u_mode.ccm.tag'. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) (_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate) (_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New. * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) (_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling. * src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM. (GCRY_GCM_BLOCK_LEN): New. * tests/basic.c (check_gcm_cipher): New. (check_ciphers): Add GCM check. (check_cipher_modes): Call 'check_gcm_cipher'. * tests/bench-slope.c (bench_gcm_encrypt_do_bench) (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench) (gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New. (cipher_modes): Add GCM enc/dec/auth. (cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size. * tests/benchmark.c (cipher_bench): Add GCM. 2013-11-19 Jussi Kivilinna Camellia: fix compiler warning. * cipher/camellia-glue.c (camellia_setkey): Use braces around empty if statement. Tweak Camellia-AVX key-setup for small speed-up. * cipher/camellia-aesni-avx-amd64.S (camellia_f): Merge S-function output rotation with P-function. Add CMAC (Cipher-based MAC) to MAC API. * cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'. * cipher/cipher-cmac.c: New. * cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'. * cipher/cipher.c (gcry_cipher_open): Rename to... (_gcry_cipher_open_internal): ...this and add CMAC. (gcry_cipher_open): New wrapper that disallows use of internal modes (CMAC) from outside. (cipher_setkey, cipher_encrypt, cipher_decrypt) (_gcry_cipher_authenticate, _gcry_cipher_gettag) (_gcry_cipher_checktag): Add handling for CMAC mode. (cipher_reset): Do not reset 'marks.key' and do not clear subkeys in 'u_mode' in CMAC mode. * cipher/mac-cmac.c: New. * cipher/mac-internal.h: Add CMAC support and algorithms. * cipher/mac.c: Add CMAC algorithms. * doc/gcrypt.texi: Add documentation for CMAC. * src/cipher.h (gcry_cipher_internal_modes): New. (_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate) (_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag) (_gcry_cipher_cmac_set_subkeys): New prototypes. * src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms. * tests/basic.c (check_mac): Add CMAC test vectors. 2013-11-16 Jussi Kivilinna Add new MAC API, initially with HMAC. * cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'. * cipher/bufhelp.h (buf_eq_const): New. * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for constant-time compare. * cipher/mac-hmac.c: New. * cipher/mac-internal.h: New. * cipher/mac.c: New. * doc/gcrypt.texi: Add documentation for MAC API. * src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13] (GPG_ERR_MAC_ALGO): New. * src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos) (gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name) (gcry_mac_reset, gcry_mac_test_algo): New. * src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * tests/basic.c (check_one_mac, check_mac): New. (main): Call 'check_mac'. * tests/bench-slope.c (bench_print_header, bench_print_footer): Allow variable algorithm name width. (_cipher_bench, hash_bench): Update to above change. (bench_hash_do_bench): Add 'gcry_md_reset'. (bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench) (mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New. (main): Add 'mac' benchmark options. * tests/benchmark.c (mac_repetitions, mac_bench): New. (main): Add 'mac' benchmark options. Use correct blocksize of 32 bytes for GOSTR3411-94 HMAC. * cipher/md.c (md_open): Set macpads_Bsize to 32 for GCRY_MD_GOST24311_94. 2013-11-15 Jussi Kivilinna cipher: use size_t for internal buffer lengths. * cipher/arcfour.c (do_encrypt_stream, encrypt_stream): Use 'size_t' for buffer lengths. * cipher/blowfish.c (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) (_gcry_blowfish_cfb_dec): Ditto. * cipher/camellia-glue.c (_gcry_camellia_ctr_enc) (_gcry_camellia_cbc_dec, _gcry_blowfish_cfb_dec): Ditto. * cipher/cast5.c (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec) (_gcry_cast5_cfb_dec): Ditto. * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) (_gcry_cipher_aeswrap_decrypt): Ditto. * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) (_gcry_cipher_cbc_decrypt): Ditto. * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt) (_gcry_cipher_ccm_decrypt): Ditto. * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) (_gcry_cipher_cfb_decrypt): Ditto. * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. * cipher/cipher-internal.h (gcry_cipher_handle->bulk) (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt) (_gcry_cipher_cfb_encrypt, _gcry_cipher_cfb_decrypt) (_gcry_cipher_ofb_encrypt, _gcry_cipher_ctr_encrypt) (_gcry_cipher_aeswrap_encrypt, _gcry_cipher_aeswrap_decrypt) (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Ditto. * cipher/cipher-ofb.c (_gcry_cipher_cbc_encrypt): Ditto. * cipher/cipher-selftest.h (gcry_cipher_bulk_cbc_dec_t) (gcry_cipher_bulk_cfb_dec_t, gcry_cipher_bulk_ctr_enc_t): Ditto. * cipher/cipher.c (cipher_setkey, cipher_setiv, do_ecb_crypt) (do_ecb_encrypt, do_ecb_decrypt, cipher_encrypt) (cipher_decrypt): Ditto. * cipher/rijndael.c (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) (_gcry_aes_cfb_dec, _gcry_aes_cbc_enc, _gcry_aes_cfb_enc): Ditto. * cipher/salsa20.c (salsa20_setiv, salsa20_do_encrypt_stream) (salsa20_encrypt_stream, salsa20r12_encrypt_stream): Ditto. * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) (_gcry_serpent_cfb_dec): Ditto. * cipher/twofish.c (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) (_gcry_twofish_cfb_dec): Ditto. * src/cipher-proto.h (gcry_cipher_stencrypt_t) (gcry_cipher_stdecrypt_t, cipher_setiv_fuct_t): Ditto. * src/cipher.h (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec) (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec, _gcry_aes_ctr_enc) (_gcry_blowfish_cfb_dec, _gcry_blowfish_cbc_dec) (_gcry_blowfish_ctr_enc, _gcry_cast5_cfb_dec, _gcry_cast5_cbc_dec) (_gcry_cast5_ctr_enc, _gcry_camellia_cfb_dec, _gcry_camellia_cbc_dec) (_gcry_camellia_ctr_enc, _gcry_serpent_cfb_dec, _gcry_serpent_cbc_dec) (_gcry_serpent_ctr_enc, _gcry_twofish_cfb_dec, _gcry_twofish_cbc_dec) (_gcry_twofish_ctr_enc): Ditto. Camellia: Add AVX/AES-NI key setup. * cipher/camellia-aesni-avx-amd64.S (key_bitlength, key_table): New order of fields in ctx. (camellia_f, vec_rol128, vec_ror128): New macros. (__camellia_avx_setup128, __camellia_avx_setup256) (_gcry_camellia_aesni_avx_keygen): New functions. * cipher/camellia-aesni-avx2-amd64.S (key_bitlength, key_table): New order of fields in ctx. * cipher/camellia-arm.S (CAMELLIA_TABLE_BYTE_LEN, key_length): Remove unused macros. * cipher/camellia-glue.c (CAMELLIA_context): Move keytable to head for better alignment; Make 'use_aesni_avx' and 'use_aesni_avx2' bitfield members. [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_keygen): New prototype. (camellia_setkey) [USE_AESNI_AVX || USE_AESNI_AVX2]: Read hw features to variable 'hwf' and match features from it. (camellia_setkey) [USE_AESNI_AVX]: Use AES-NI/AVX key setup if available. Avoid unneeded stack burning with AES-NI and reduce number of 'decryption_prepared' checks * cipher/rijndael.c (RIJNDAEL_context): Make 'decryption_prepared', 'use_padlock' and 'use_aesni' 1-bit members in bitfield. (do_setkey): Move 'hwfeatures' inside [USE_AESNI || USE_PADLOCK]. (do_aesni_enc_aligned): Rename to... (do_aesni_enc): ...this, as function does not require aligned input. (do_aesni_dec_aligned): Rename to... (do_aesni_dec): ...this, as function does not require aligned input. (do_aesni): Remove. (rijndael_encrypt): Call 'do_aesni_enc' instead of 'do_aesni'. (rijndael_decrypt): Call 'do_aesni_dec' instead of 'do_aesni'. (check_decryption_preparation): New. (do_decrypt): Remove 'decryption_prepared' check. (rijndael_decrypt): Ditto and call 'check_decryption_preparation'. (_gcry_aes_cbc_dec): Ditto. (_gcry_aes_cfb_enc): Add 'burn_depth' and burn stack only when needed. (_gcry_aes_cbc_enc): Ditto. (_gcry_aes_ctr_enc): Ditto. (_gcry_aes_cfb_dec): Ditto. (_gcry_aes_cbc_dec): Ditto and correct clearing of 'savebuf'. 2013-11-14 Werner Koch md: Fix hashing for data >= 256 GB. * cipher/hash-common.h (gcry_md_block_ctx): Add "nblocks_high". * cipher/hash-common.c (_gcry_md_block_write): Bump NBLOCKS_HIGH. * cipher/md4.c (md4_init, md4_final): Take care of NBLOCKS_HIGH. * cipher/md5.c (md5_init, md5_final): Ditto. * cipher/rmd160.c (_gcry_rmd160_init, rmd160_final): Ditto. * cipher/sha1.c (sha1_init, sha1_final): Ditto. * cipher/sha256.c (sha256_init, sha224_init, sha256_final): Ditto. * cipher/sha512.c (sha512_init, sha384_init, sha512_final): Ditto. * cipher/tiger.c (do_init, tiger_final): Ditto. * cipher/whirlpool.c (whirlpool_final): Ditto. * cipher/md.c (gcry_md_algo_info): Add GCRYCTL_SELFTEST. (_gcry_md_selftest): Return "not implemented" as required. * tests/hashtest.c: New. * tests/genhashdata.c: New. * tests/Makefile.am (TESTS): Add hashtest. (noinst_PROGRAMS): Add genhashdata 2013-11-13 Christian Grothoff ecc: Fix key generation for a plain Ed25519 key. * cipher/ecc.c (nist_generate_key): Use custom code for ED25519. ecc: Fix some memory leaks. * cipher/ecc-curves.c (_gcry_mpi_ec_new): Free ec->b before assigning. * cipher/ecc.c (nist_generate_key): Release Q. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. 2013-11-11 Werner Koch ecc: Change keygrip computation for Ed25519+EdDSA. * cipher/ecc.c (compute_keygrip): Rework. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): New. * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): New. * tests/keygrip.c (key_grips): Add flag param and test cases for Ed25519. mpi: Add special format GCRYMPI_FMT_OPAQUE. * src/gcrypt.h.in (GCRYMPI_FMT_OPAQUE): New. (_gcry_sexp_nth_opaque_mpi): Remove. * src/sexp.c (gcry_sexp_nth_mpi): Add support for GCRYMPI_FMT_OPAQUE. (_gcry_sexp_vextract_param): Replace removed function by GCRYMPI_FMT_OPAQUE. 2013-11-10 Jussi Kivilinna Fix error output in CTR selftest. * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Change fprintf(stderr,...) to syslog(); Correct error output for bulk IV check, plaintext mismatch => ciphertext mismatch. 2013-11-09 Jussi Kivilinna Fix Serpent-AVX2 and Camellia-AVX2 counter modes. * cipher/camellia-aesni-avx2-amd64.S (_gcry_camellia_aesni_avx2_ctr_enc): Byte-swap before checking for overflow handling. * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128) (selftest_cbc_128): Add 16 to nblocks. * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Add test with non-overflowing IV and modify overflow IV to detect broken endianness handling. * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc): Byte-swap before checking for overflow handling; Fix crazy-mixed-endian IV construction to big-endian. * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128) (selftest_cbc_128): Add 8 to nblocks. 2013-11-09 Sergey V cipher/gost28147: optimization: use precomputed S-box tables. * cipher/gost.h (GOST28147_context): Remove unneeded subst and subst_set members. * cipher/gost28147.c (max): Remove unneeded macro. (test_sbox): Replace with new precomputed tables. (gost_set_subst): Remove function. (gost_val): Use new S-box tables. (gost_encrypt_block, gost_decrypt_block): Tweak to use new ctx and S-box tables. 2013-11-09 Jussi Kivilinna Fix tail handling for AES-NI counter mode. * cipher/rijndael.c (do_aesni_ctr): Fix outputting of updated counter-IV. 2013-11-08 Werner Koch ecc: Improve gcry_pk_get_curve. * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Factor some code out to .. (find_domain_parms_idx): new. (_gcry_ecc_get_curve): Find by curve name on error. cipher: Avoid signed divisions in idea.c. * cipher/idea.c (mul_inv): Use unsigned division. ecc: Implement the "nocomp" flag for key generation. * cipher/ecc.c (ecc_generate): Support the "nocomp" flag. * tests/keygen.c (check_ecc_keys): Add a test for it. ecc: Make "noparam" the default and replace by "param". * src/cipher.h (PUBKEY_FLAG_NOCOMP): New. (PUBKEY_FLAG_NOPARAM): Remove. (PUBKEY_FLAG_PARAM): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new flags and ignore the obsolete "noparam" flag. * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name also for curves selected by NBITS. (_gcry_mpi_ec_new): Support the "param" flag. * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto. * tests/keygen.c (check_ecc_keys): Remove the "noparam" flag. 2013-11-07 Jussi Kivilinna Fix decryption function size in AES AMD64 assembly. * cipher/rijndael-amd64.S (_gcry_aes_amd64_decrypt_block): Set '.size' for '_gcry_aes_amd64_decrypt_block', not '..._encrypt_block'. Change 64-bit shift to 32-bit in AES AMD64 assembly. * cipher/rijndael-amd64.S (do16bit_shr): Change 'shrq' to 'shrl'. 2013-11-06 Jussi Kivilinna Speed-up AES-NI key setup. * cipher/rijndael.c [USE_AESNI] (m128i_t): Remove. [USE_AESNI] (u128_t): New. [USE_AESNI] (aesni_do_setkey): New. (do_setkey) [USE_AESNI]: Move AES-NI accelerated key setup to 'aesni_do_setkey'. (do_setkey): Call _gcry_get_hw_features only once. Clear stack after use in generic key setup part. (rijndael_setkey): Remove stack burning. (prepare_decryption) [USE_AESNI]: Use 'u128_t' instead of 'm128i_t' to avoid compiler generated SSE2 instructions and XMM register usage, unroll 'aesimc' setup loop (prepare_decryption): Clear stack after use. [USE_AESNI] (do_aesni_enc_aligned): Update comment about alignment. (do_decrypt): Do not burning stack after prepare_decryption. Avoid burn stack in Arcfour setkey. * cipher/arcfour.c (arcfour_setkey): Remove stack burning. Avoid burn_stack in CAST5 setkey. * cipher/cast5.c (do_cast_setkey): Use wipememory instead of memset. (cast_setkey): Remove stack burning. Improve Serpent key setup speed. * cipher/serpent.c (SBOX, SBOX_INVERSE): Remove index argument. (serpent_subkeys_generate): Use smaller temporary arrays for subkey generation and perform stack clearing locally. (serpent_setkey_internal): Use wipememory to clear stack and remove _gcry_burn_stack. (serpent_setkey): Remove unneeded _gcry_burn_stack. Modify encrypt/decrypt arguments for in-place. * cipher/cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Modify local arguments if in-place operation. Speed up Stribog. * cipher/stribog.c (STRIBOG_TABLES): Remove. (Pi): Remove. [!STRIBOG_TABLES] (A, strido): Remove. (stribog_table): New table pre-reordered with Pi values. (strido): Rewrite for new table. (LPSX): Rewrite for new table. (xor): Remove. (g): Small tweaks. Tweak AES-NI bulk CTR mode slightly. * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_2_5): Rename to... (aesni_cleanup_2_6): ...this and clear also 'xmm6'. [USE_AESNI && __i386__] (do_aesni_ctr, do_aesni_ctr_4): Prevent inlining only on i386, allow on AMD64. [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Use counter block from 'xmm5' and byte-swap mask from 'xmm6'. (_gcry_aes_ctr_enc) [USE_AESNI]: Preload counter block to 'xmm5' and byte-swap mask to 'xmm6'. (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use 'aesni_cleanup_2_6'. Tweak bench-slope parameters. * tests/bench-slope.c (BUF_STEP_SIZE): Half step size to 64. (NUM_MEASUREMENT_REPETITIONS): Double repetitions to 64. Optimize Blowfish weak key check. * cipher/blowfish.c (hashset_elem, val_to_hidx, add_val): New. (do_bf_setkey): Use faster algorithm for detecting weak keys. (bf_setkey): Move stack burning to do_bf_setkey. Fix __builtin_bswap32/64 checks. * configure.ac (gcry_cv_have_builtin_bswap32) (gcry_cv_have_builtin_bswap64): Change compile checks to link checks. Fix 'u32' build error with Camellia. * cipher/camellia.c: Add include for and "types.h". (u32): Remove. (u8): Typedef as 'byte'. 2013-11-06 Werner Koch pubkey: Add forward compatibility feature. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add "igninvflag". 2013-11-05 Werner Koch ecc: Require "eddsa" flag for curve Ed25519. * src/cipher.h (PUBKEY_FLAG_ECDSA): Remove. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa". * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag. * cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag. * tests/benchmark.c, tests/keygen.c, tests/pubkey.c * tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags. ecc: Fully implement Ed25519 compression in ECDSA mode. * src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS. * mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it. * cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as opaque mpi and use eddsa decoding depending on the flag. (_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the curve. mpi: Add function gcry_mpi_set_opaque_copy. * src/gcrypt.h.in (gcry_mpi_set_opaque_copy): New. * src/visibility.c (gcry_mpi_set_opaque_copy): New. * src/visibility.h (gcry_mpi_set_opaque_copy): Mark visible. * src/libgcrypt.def, src/libgcrypt.vers: Add new API. * tests/mpitests.c (test_opaque): Add test. 2013-11-04 Jussi Kivilinna Make test vectors 'static const' * cipher/arcfour.c (selftest): Change test vectors to 'static const'. * cipher/blowfish.c (selftest): Ditto. * cipher/camellia-glue.c (selftest): Ditto. * cipher/cast5.c (selftest): Ditto. * cipher/des.c (selftest): Ditto. * cipher/rijndael.c (selftest): Ditto. * tests/basic.c (cipher_cbc_mac_cipher, check_aes128_cbc_cts_cipher) (check_ctr_cipher, check_cfb_cipher, check_ofb_cipher) (check_ccm_cipher, check_stream_cipher) (check_stream_cipher_large_block, check_bulk_cipher_modes) (check_ciphers, check_digests, check_hmac, check_pubkey_sign) (check_pubkey_sign_ecdsa, check_pubkey_crypt, check_pubkey): Ditto. 2013-11-03 Jussi Kivilinna Make jump labels local in Salsa20 assembly. * cipher/salsa20-amd64.S: Rename '._labels' to '.L_labels'. * cipher/salsa20-armv7-neon.S: Ditto. 2013-10-30 Jussi Kivilinna bithelp: fix undefined behaviour with rol and ror. * cipher/bithelp.h (rol, ror): Mask shift with 31. 2013-10-29 Werner Koch tests: Add feature to skip benchmarks. * tests/benchmark.c (main): Add feature to skip the test. * tests/bench-slope.c (main): Ditto. (get_slope): Repace C++ style comment. (double_cmp, cipher_bench, _hash_bench): Repalce system reserved symbols. ecc: Finish Ed25519/ECDSA hack. * cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case. (ecc_verify): Implement ED25519/ECDSA uncompression. ecc: Add flags "noparam" and "comp". * src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags and change code for possible faster parsing. * cipher/ecc.c (ecc_generate): Implement the "noparam" flag. (ecc_sign): Ditto. (ecc_verify): Ditto. * tests/keygen.c (check_ecc_keys): Use the "noparam" flag. * cipher/ecc.c (ecc_generate): Fix parsing of the deprecated transient-flag parameter. (ecc_verify): Do not make Q optional in the extract-param call. 2013-10-28 Jussi Kivilinna Fix typos in documentation. * doc/gcrypt.texi: Fix some typos. Add ARM NEON assembly implementation of Serpent. * cipher/Makefile.am: Add 'serpent-armv7-neon.S'. * cipher/serpent-armv7-neon.S: New. * cipher/serpent.c (USE_NEON): New macro. (serpent_context_t) [USE_NEON]: Add 'use_neon'. [USE_NEON] (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec) (_gcry_serpent_neon_cbc_dec): New prototypes. (serpent_setkey_internal) [USE_NEON]: Detect NEON support. (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec) (_gcry_serpent_neon_cbc_dec) [USE_NEON]: Use NEON implementations to process eight blocks in parallel. * configure.ac [neonsupport]: Add 'serpent-armv7-neon.lo'. Add ARM NEON assembly implementation of Salsa20. * cipher/Makefile.am: Add 'salsa20-armv7-neon.S'. * cipher/salsa20-armv7-neon.S: New. * cipher/salsa20.c [USE_ARM_NEON_ASM]: New macro. (struct SALSA20_context_s, salsa20_core_t, salsa20_keysetup_t) (salsa20_ivsetup_t): New. (SALSA20_context_t) [USE_ARM_NEON_ASM]: Add 'use_neon'. (SALSA20_context_t): Add 'keysetup', 'ivsetup' and 'core'. (salsa20_core): Change 'src' argument to 'ctx'. [USE_ARM_NEON_ASM] (_gcry_arm_neon_salsa20_encrypt): New prototype. [USE_ARM_NEON_ASM] (salsa20_core_neon, salsa20_keysetup_neon) (salsa20_ivsetup_neon): New. (salsa20_do_setkey): Setup keysetup, ivsetup and core with default functions. (salsa20_do_setkey) [USE_ARM_NEON_ASM]: When NEON support detect, set keysetup, ivsetup and core with ARM NEON functions. (salsa20_do_setkey): Call 'ctx->keysetup'. (salsa20_setiv): Call 'ctx->ivsetup'. (salsa20_do_encrypt_stream) [USE_ARM_NEON_ASM]: Process large buffers in ARM NEON implementation. (salsa20_do_encrypt_stream): Call 'ctx->core' instead of directly calling 'salsa20_core'. (selftest): Add test to check large buffer processing and block counter updating. * configure.ac [neonsupport]: 'Add salsa20-armv7-neon.lo'. Add AMD64 assembly implementation of Salsa20. * cipher/Makefile.am: Add 'salsa20-amd64.S'. * cipher/salsa20-amd64.S: New. * cipher/salsa20.c (USE_AMD64): New macro. [USE_AMD64] (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup) (_gcry_salsa20_amd64_encrypt_blocks): New prototypes. [USE_AMD64] (salsa20_keysetup, salsa20_ivsetup, salsa20_core): New. [!USE_AMD64] (salsa20_core): Change 'src' to non-constant, update block counter in 'salsa20_core' and return burn stack depth. [!USE_AMD64] (salsa20_keysetup, salsa20_ivsetup): New. (salsa20_do_setkey): Move generic key setup to 'salsa20_keysetup'. (salsa20_setkey): Fix burn stack depth. (salsa20_setiv): Move generic IV setup to 'salsa20_ivsetup'. (salsa20_do_encrypt_stream) [USE_AMD64]: Process large buffers in AMD64 implementation. (salsa20_do_encrypt_stream): Move stack burning to this function... (salsa20_encrypt_stream, salsa20r12_encrypt_stream): ...from these functions. * configure.ac [x86-64]: Add 'salsa20-amd64.lo'. Add new benchmarking utility, bench-slope. * tests/Makefile.am (TESTS): Add 'bench-slope'. * tests/bench-slope.c: New. Change .global to .globl in assembly files. * cipher/blowfish-arm.S: Change '.global' to '.globl'. * cipher/camellia-aesni-avx-amd64.S: Ditto. * cipher/camellia-aesni-avx2-amd64.S: Ditto. * cipher/camellia-arm.S: Ditto. * cipher/cast5-amd64.S: Ditto. * cipher/rijndael-amd64.S: Ditto. * cipher/rijndael-arm.S: Ditto. * cipher/serpent-avx2-amd64.S: Ditto. * cipher/serpent-sse2-amd64.S: Ditto. * cipher/twofish-amd64.S: Ditto. * cipher/twofish-arm.S: Ditto. 2013-10-26 Jussi Kivilinna Deduplicate code for ECB encryption and decryption. * cipher/cipher.c (do_ecb_crypt): New, based on old 'do_ecb_encrypt'. (do_ecb_encrypt): Use 'do_ecb_crypt', pass encryption function. (do_ecb_decrypt): Use 'do_ecb_crypt', pass decryption function. 2013-10-26 Dmitry Eremin-Solenikov Drop _gcry_cipher_ofb_decrypt as it duplicates _gcry_cipher_ofb_encrypt. * cipher/cipher.c (cipher_decrypt): Use _gcry_cipher_ofb_encrypt for OFB decryption. * cipher/cipher-internal.h: Remove _gcry_cipher_ofb_decrypt declaration. * cipher/cipher-ofb.c (_gcry_cipher_ofb_decrypt): Remove. (_gcry_cipher_ofb_encrypt): remove copying of IV to lastiv, it's unused there. 2013-10-25 Werner Koch tests: Add tests for mpi_cmp. * tests/mpitests.c (die): Modernize. (fail): New. (test_opaque, test_add, test_sub, test_mul): Use gcry_log_xx (main): Return error count. (test_cmp): New. 2013-10-24 Werner Koch ecc: Change algorithm for Ed25519 x recovery. * cipher/ecc-eddsa.c (scanval): Add as temporary hack. (_gcry_ecc_eddsa_recover_x): Use the algorithm from page 15 of the paper. Return an error code. (_gcry_ecc_eddsa_decodepoint): Take care of the error code. * mpi/mpi-mul.c (gcry_mpi_mulm): Use truncated division. ecc: Refactor _gcry_ecc_eddsa_decodepoint. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Factor some code out to .. (_gcry_ecc_eddsa_recover_x): new. 2013-10-24 Jussi Kivilinna ecc-gost: Add missing include. * ecc-gost.c: Include "pubkey-internal.h". 2013-10-23 Jussi Kivilinna Replace architecture specific fast_wipememory2 with generic. * src/g10lib.h (fast_wipememory2): Remove architecture specific implementations and add generic implementation. Improve the speed of the cipher mode code. * cipher/bufhelp.h (buf_cpy): New. (buf_xor, buf_xor_2dst): If buffers unaligned, always jump to per-byte processing. (buf_xor_n_copy_2): New. (buf_xor_n_copy): Use 'buf_xor_n_copy_2'. * cipher/blowfish.c (_gcry_blowfish_cbc_dec): Avoid extra memory copy and use new 'buf_xor_n_copy_2'. * cipher/camellia-glue.c (_gcry_camellia_cbc_dec): Ditto. * cipher/cast5.c (_gcry_cast_cbc_dec): Ditto. * cipher/serpent.c (_gcry_serpent_cbc_dec): Ditto. * cipher/twofish.c (_gcry_twofish_cbc_dec): Ditto. * cipher/rijndael.c (_gcry_aes_cbc_dec): Ditto. (do_encrypt, do_decrypt): Use 'buf_cpy' instead of 'memcpy'. (_gcry_aes_cbc_enc): Avoid copying IV, use 'last_iv' pointer instead. * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt): Avoid copying IV, update pointer to IV instead. (_gcry_cipher_cbc_decrypt): Avoid extra memory copy and use new 'buf_xor_n_copy_2'. (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Avoid extra accesses to c->spec, use 'buf_cpy' instead of memcpy. * cipher/cipher-ccm.c (do_cbc_mac): Ditto. * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) (_gcry_cipher_cfb_decrypt): Ditto. * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) (_gcry_cipher_ofb_decrypt): Ditto. * cipher/cipher.c (do_ecb_encrypt, do_ecb_decrypt): Ditto. bufhelp: enable unaligned memory accesses for AArch64 (64-bit ARM) * cipher/bufhelp.h [__aarch64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set macro on AArch64. 2013-10-23 Dmitry Eremin-Solenikov Enable assembler optimizations on earlier ARM cores. * cipher/blowfish-armv6.S => cipher/blowfish-arm.S: adapt to pre-armv6 CPUs. * cipher/blowfish.c: enable assembly on armv4/armv5 little-endian CPUs. * cipher/camellia-armv6.S => cipher/camellia-arm.S: adapt to pre-armv6 CPUs. * cipher/camellia.c, cipher-camellia-glue.c: enable assembly on armv4/armv5 little-endian CPUs. * cipher/cast5-armv6.S => cipher/cast5-arm.S: adapt to pre-armv6 CPUs. * cipher/cast5.c: enable assembly on armv4/armv5 little-endian CPUs. * cipher/rijndael-armv6.S => cipher/rijndael-arm.S: adapt to pre-armv6 CPUs. * cipher/rijndael.c: enable assembly on armv4/armv5 little-endian CPUs. * cipher/twofish-armv6.S => cipher/twofish-arm.S: adapt to pre-armv6 CPUs. * cipher/twofish.c: enable assembly on armv4/armv5 little-endian CPUs. mpi: enable assembler on all arm architectures. * mpi/config.links: remove check for arm >= v6 * mpi/armv6 => mpi/arm: rename directory to reflect that is is generic enough Correct ASM assembly test in configure.ac. * configure.ac: correct HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS test to require neither ARMv6, nor thumb mode. Our assembly code works perfectly even on ARMv4 now. 2013-10-23 Werner Koch ecc: Refactor ecc.c. * cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files. * cipher/ecc.c (point_init, point_free): Move to ecc-common.h. (sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign. (verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify. (sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign. (verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify. (sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign. (verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify. (eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey. (reverse_buffer): Move to ecc-eddsa.c. (eddsa_encodempi, eddsa_encode_x_y): Ditto. (_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto. mpi: Fix scanning of negative SSH formats and add more tests. * mpi/mpicoder.c (gcry_mpi_scan): Fix sign setting for SSH format. * tests/t-convert.c (negative_zero): Test all formats. (check_formats): Add tests for PGP and scan tests for SSH and USG. * src/gcrypt.h.in (mpi_is_neg): Fix macro. * mpi/mpi-scan.c (_gcry_mpi_getbyte, _gcry_mpi_putbyte): Comment out these unused functions. 2013-10-22 Jussi Kivilinna twofish: add ARMv6 assembly implementation. * cipher/Makefile.am: Add 'twofish-armv6.S'. * cipher/twofish-armv6.S: New. * cipher/twofish.c (USE_ARMV6_ASM): New macro. [USE_ARMV6_ASM] (_gcry_twofish_armv6_encrypt_block) (_gcry_twofish_armv6_decrypt_block): New prototypes. [USE_AMDV6_ASM] (twofish_encrypt, twofish_decrypt): Add. [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt): Remove. (_gcry_twofish_ctr_enc, _gcry_twofish_cfb_dec): Use 'twofish_encrypt' instead of 'do_twofish_encrypt'. (_gcry_twofish_cbc_dec): Use 'twofish_decrypt' instead of 'do_twofish_decrypt'. * configure.ac [arm]: Add 'twofish-armv6.lo'. mpi: allow building with clang on ARM. * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss, umul_ppmm) (count_leading_zeros): Do not cast assembly output arguments. [__arm__] (umul_ppmm): Remove the extra '%' ahead of assembly comment. [_ARM_ARCH >= 4] (umul_ppmm): Use correct inputs and outputs instead of registers. serpent-amd64: do not use GAS macros. * cipher/serpent-avx2-amd64.S: Remove use of GAS macros. * cipher/serpent-sse2-amd64.S: Ditto. * configure.ac [HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Do not check for GAS macros. Add Counter with CBC-MAC mode (CCM) * cipher/Makefile.am: Add 'cipher-ccm.c'. * cipher/cipher-ccm.c: New. * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'. (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt) (_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate) (_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag) (_gcry_cipher_ccm_set_lengths): New prototypes. * cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt) (_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag) (_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode. * doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM. * src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'. (gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'. (GCRY_CCM_BLOCK_LEN): New. * tests/basic.c (check_ccm_cipher): New. (check_cipher_modes): Call 'check_ccm_cipher'. * tests/benchmark.c (ccm_aead_init): New. (cipher_bench): Add handling for AEAD modes and add CCM benchmarking. Add API to support AEAD cipher modes. * cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag) (_gcry_cipher_gettag): New. * doc/gcrypt.texi: Add documentation for new API functions. * src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag) (gcry_cipher_gettag): New. * src/gcrypt.h.in, src/visibility.h: add declarations of these functions. * src/libgcrypt.defs, src/libgcrypt.vers: export functions. 2013-10-22 NIIBE Yutaka ecc: Correct compliant key generation for Edwards curves. * cipher/ecc.c: Add case for Edwards curves. 2013-10-17 Werner Koch tests: Add test options to keygen. * tests/keygen.c (usage): New. (main): Print usage info. Allow running just one algo. mpi: Do not clear the sign of the mpi_mod result. * mpi/mpi-mod.c (_gcry_mpi_mod): Remove sign setting. ecc: Put the curve name again into the output of gcry_pk_genkey. * cipher/ecc.c (ecc_generate): Use the correct var. Release CURVE_FLAGS. ecc: Support Weierstrass curves in gcry_mpi_ec_curve_point. * mpi/ec.c (_gcry_mpi_ec_curve_point): Support MPI_EC_WEIERSTRASS. 2013-10-16 Jussi Kivilinna arcfour: more optimized version for non-i386 architectures. * cipher/arcfour.c (ARCFOUR_context): Reorder members. (do_encrypt_stream) [!__i386__]: Faster implementation for non-i386. (do_arcfour_setkey): Avoid modulo operations. Avoid void* pointer arithmetic. * tests/tsexp.c (check_extract_param): Cast void* pointers to char* before doing arithmetics. 2013-10-16 Dmitry Eremin-Solenikov ecc: Add support for GOST R 34.10-2001/-2012 signatures. * src/cipher.h: define PUBKEY_FLAG_GOST * cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves defined in standards. Typical applications would use either those curves, or curves defined in RFC 4357 (will be added later). * cipher/ecc.c (sign_gost, verify_gost): New. (ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST is set. (ecc_names): add "gost" for gost signatures. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist, _gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag is present in s-exp. * tests/benchmark.c (ecc_bench): also benchmark GOST signatures. * tests/basic.c (check_pubkey): add two public keys from GOST R 34.10-2012 standard. (check_pubkey_sign_ecdsa): add two data sets to check gost signatures. * tests/curves.c: correct N_CURVES as we now have 2 more curves. Removed some comments from the new curve definitions in ecc-curves.c to avoid line wrapping. Eventually we will develop a precompiler to avoid parsing those hex strings. -wk Fix 256-bit ecdsa test key definition. * tests/basic.c (check_pubkey): fix nistp256 testing key declaration - add missing comma. 2013-10-16 Werner Koch sexp: Add function gcry_sexp_extract_param. * src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New. (gcry_sexp_extract_param): New. * src/visibility.c (gcry_sexp_extract_param): New. * src/visibility.h (gcry_sexp_extract_param): Add hack to detect internal use. * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split into ... * src/sexp.c (_gcry_sexp_vextract_param) (_gcry_sexp_extract_param): this. Change all callers. Add support for buffer descriptors and a path option/ * tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New. (cmp_mpihex, cmp_bufhex): New. (check_extract_param): New. 2013-10-16 NIIBE Yutaka mpi: mpi-pow improvement. * mpi/mpi-pow.c (gcry_mpi_powm): New implementation of left-to-right k-ary exponentiation. 2013-10-15 Werner Koch ecc: Support use of Ed25519 with ECDSA. * src/cipher.h (PUBKEY_FLAG_ECDSA): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa". * cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output. (ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA. * tests/keygen.c (check_ecc_keys): Create such a test key. * tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New. Take from dsa-6979.c (check_ed25519ecdsa_sample_key): new. (main): Call new test. 2013-10-14 Werner Koch pubkey: Support flags list in gcry_pk_genkey. * src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New. (PUBKEY_FLAG_USE_X931): New. (PUBKEY_FLAG_USE_FIPS186): New. (PUBKEY_FLAG_USE_FIPS186_2): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from parse_flags_list. Parse new flags. * cipher/dsa.c (dsa_generate): Support flag list. * cipher/ecc.c (ecc_generate): Ditto. * cipher/rsa.c (rsa_generate): Ditto. pubkey: Remove duplicated flag parsing code. * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval) (_gcry_pk_util_data_to_mpi): Factor flag parsing code out to .. (parse_flag_list): New. * src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New. mpicalc: Accept lowercase hex digits. * src/mpicalc.c (main): Test for lowercase hex digits. 2013-10-11 Werner Koch pubkey: Move sexp parsing of remaining fucntions to the modules. * cipher/pubkey.c (release_mpi_array): Remove. (pubkey_check_secret_key): Remove. (sexp_elements_extract): Remove. (sexp_elements_extract_ecc): Remove. (sexp_to_key): Remove. (get_hash_algo): Remove. (gcry_pk_testkey): Revamp. (gcry_pk_get_curve): Revamp. * cipher/rsa.c (rsa_check_secret_key): Revamp. * cipher/elgamal.c (elg_check_secret_key): Revamp. * cipher/dsa.c (dsa_check_secret_key): Revamp. * cipher/ecc.c (ecc_check_secret_key): Revamp. * cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h (_gcry_ecc_get_curve): Revamp. * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and used parameters on error to NULL. pubkey: Move sexp parsing for gcry_pk_decrypt to the modules. * cipher/rsa.c (rsa_decrypt): Revamp. * cipher/elgamal.c (elg_decrypt): Revamp. * cipher/ecc.c (ecc_decrypt_raw): Revamp. * cipher/pubkey.c (gcry_pk_decrypt): Simplify. (sexp_to_enc): Remove. * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New. pubkey: Move sexp parsing for gcry_pk_encrypt to the modules. * cipher/rsa.c (rsa_encrypt): Revamp. * cipher/elgamal.c (elg_encrypt): Revamp. * cipher/ecc.c (ecc_encrypt_raw): Revamp. * cipher/pubkey.c (gcry_pk_encrypt): Simplify. * tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so that they are initialized even after an encrypt failure. pubkey: Move sexp parsing for gcry_pk_sign to the modules. * cipher/rsa.c (rsa_sign): Revamp. * cipher/dsa.c (dsa_sign): Revamp. * cipher/elgamal.c (elg_sign): Revamp. * cipher/ecc.c (ecc_sign): Revamp. * cipher/pubkey.c (gcry_pk_sign): Simplify. 2013-10-10 Jussi Kivilinna Prevent tail call optimization with _gcry_burn_stack. * configure.ac: New check, HAVE_GCC_ASM_VOLATILE_MEMORY. * src/g10lib.h (_gcry_burn_stack): Rename to __gcry_burn_stack. (__gcry_burn_stack_dummy): New. (_gcry_burn_stack): New macro. * src/misc.c (_gcry_burn_stack): Rename to __gcry_burn_stack. (__gcry_burn_stack_dummy): New. 2013-10-09 Werner Koch pubkey: Move sexp parsing for gcry_pk_verify to the modules. * cipher/rsa.c (rsa_verify): Revamp. * cipher/dsa.c (dsa_verify): Revamp. * cipher/elgamal.c (elg_verify): Revamp. * cipher/ecc.c (ecc_verify): Revamp. * cipher/pubkey.c (sexp_to_sig): Remove. (pss_verify_cmp): Move to pubkey-util.c (sexp_data_to_mpi): Ditto. (init_encoding_ctx): Ditto. (gcry_pk_verify): Simplify. * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take from pubkey.c (get_hash_algo): Ditto. (_gcry_pk_util_data_to_mpi): Ditto. (pss_verify_cmp): Ditto. (_gcry_pk_util_extract_mpis): New. (_gcry_pk_util_preparse_sigval): New. (_gcry_pk_util_free_encoding_ctx): New. * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init optional. * src/g10lib.h (GCC_ATTR_SENTINEL): New. * tests/basic.c (check_pubkey_sign): Print the algo name. (main): Add option --pubkey. 2013-10-08 Werner Koch pubkey: Move sexp parsing for gcry_pk_get_nbits to the modules. * cipher/pubkey.c (spec_from_sexp): New. (gcry_pk_get_nbits): Simplify. * cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp parsing here. * cipher/dsa.c (dsa_get_nbits): Ditto. * cipher/elgamal.c (elg_get_nbits): Ditto. * cipher/ecc.c (ecc_get_nbits): Ditto. * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg CURVE. pubkey: Move sexp parsing for gcry_pk_getkey to the modules. * cipher/pubkey-util.c: New. (_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey. (_gcry_pk_util_get_rsa_use_e): Ditto. * cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass. * cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE. Call new fucntions to get these values. * cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE. Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms. * cipher/elgamal.c (elg_generate): Ditto. * cipher/ecc.c (ecc_generate): Ditto. cipher: Deprecate GCRY_PK_ELG_E. * cipher/elgamal.c (_gcry_pubkey_spec_elg_e): Remove. * cipher/pubkey.c (pubkey_list): Remove double included _gcry_pubkey_spec_elg. (map_algo): MAke ELG_E to ELG. 2013-10-02 Werner Koch Provide Pth compatiblity for use with GnuPG 2.0. * src/ath.c (ath_install): Call ath_init and declare Pth as compatible. 2013-10-02 Jussi Kivilinna sha512: fix building on ARM. * cipher/sha512.c (transform) [USE_ARM_NEON_ASM]: Fix 'hd' to 'ctx'. 2013-10-02 Werner Koch Remove deprecated control codes. * src/gcrypt.h.in (GCRYCTL_SET_KEY): Remove. (GCRYCTL_SET_IV): Remove. (GCRYCTL_SET_CTR): Remove. * cipher/md.c (gcry_md_ctl): Remove deprecated GCRYCTL_SET_KEY. * cipher/cipher.c (gcry_cipher_ctl): Remove deprecated GCRYCTL_SET_KEY, GCRYCTL_SET_IV, GCRYCTL_SET_CTR. 2013-10-02 Dmitry Eremin-Solenikov Fix errors when building with Clang on PPC. * mpi/longlong.h (add_ssaaaa, sub_ddmmss, count_leading_zeros, umul_ppmm): Do not cast asm output to USItype. 2013-10-02 Werner Koch Remove last remains of the former module system. * src/gcrypt-module.h, src/module.c: Remove. * src/visibility.h: Do not include gcrypt-module.h. * src/g10lib.h: Remove all prototypes from module.c (gcry_module): Remove. * cipher/cipher-internal.h (gcry_cipher_handle): Remove unused field. Fix missing prototype warning in visibility.c. * src/ec-context.h (_gcry_mpi_ec_new): Move prototype to mpi.h. md: Simplify the message digest dispatcher md.c. * src/gcrypt-module.h (gcry_md_spec_t): Move to ... * src/cipher-proto.h: here. Merge with md_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in all digest modules. * cipher/md.c: Change most code to replace the former module system by a simpler system to gain information about the algorithms. 2013-10-01 Werner Koch cipher: Simplify the cipher dispatcher cipher.c. * src/gcrypt-module.h (gcry_cipher_spec_t): Move to ... * src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in all cipher modules. * cipher/cipher.c: Change most code to replace the former module system by a simpler system to gain information about the algorithms. (disable_pubkey_algo): Simplified. Not anymore thread-safe, though. * cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real problem because both define the same function as their first field. * cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag. mpi: Fix gcry_mpi_neg. * mpi/mpiutil.c (_gcry_mpi_neg): Copy U to W. 2013-10-01 Peter Wu cipher: Add support for 128-bit keys in RC2. * cipher/rfc2268.c (oids_rfc2268_128): New (_gcry_cipher_spec_rfc2268_128): New. * cipher/cipher.c (cipher_table_entry): Add GCRY_CIPHER_RFC2268_128. 2013-09-30 Werner Koch ecc: Use faster b parameter for Ed25519. * cipher/ecc-curves.c (domain_parms): Replace b. * tests/t-mpi-point.c (test_curve): Ditto. ecc: Prepare for future Ed25519 optimization. * mpi/ec-ed25519.c: New but empty file. * mpi/ec-internal.h: New. * mpi/ec.c: Include ec-internal.h. (ec_mod): New. (ec_addm): Use ec_mod. (ec_mulm): Remove commented code. Use ec_mod. (ec_subm): Call simple sub. (ec_pow2): Use ec_mulm. (ec_mul2): New. (dup_point_weierstrass): Use ec_mul2. (dup_point_twistededwards): Add special case for a == -1. Use ec_mul2. (add_points_weierstrass): Use ec_mul2. (add_points_twistededwards): Add special case for a == -1. (_gcry_mpi_ec_curve_point): Ditto. (ec_p_init): Add hack to test Barrett functions. * src/ec-context.h (mpi_ec_ctx_s): Add P_BARRETT. * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Fix sign problem. ecc: Fix recomputing of Q for Ed25519. * cipher/ecc-misc.c (reverse_buffer): New. (_gcry_ecc_compute_public): Add ED255519 specific code. * cipher/ecc.c (sign_eddsa): Allocate DIGEST in secure memory. Get rid of HASH_D. * tests/t-mpi-point.c (context_param): Test recomputing of Q for Ed25519. log: Try to print s-expressions in a more compact format. * src/misc.c (count_closing_parens): New. (_gcry_log_printsxp): Use new function. * mpi/ec.c (_gcry_mpi_point_log): Take care of a NULL point. 2013-09-30 Jussi Kivilinna Make Whirlpool use the _gcry_md_block_write helper. * cipher/whirlpool.c (whirlpool_context_t): Add 'bctx', remove 'buffer', 'count' and 'nblocks'. (whirlpool_init): Initialize 'bctx'. (whirlpool_transform): Adjust context argument type and burn stack depth. (whirlpool_add): Remove. (whirlpool_write): Use _gcry_md_block_write. (whirlpool_final, whirlpool_read): Adjust for 'bctx' usage. whirlpool: add stack burning after transform. * cipher/whirlpool.c (whirlpool_transform): Return burn stack depth. (whirlpool_add): Do burn_stack. whirlpool: do bitcount calculation in finalization part. * cipher/whirlpool.c (whirlpool_context_t): Remove 'length', add 'nblocks'. (whirlpool_add): Update 'nblocks' instead of 'length', and add early return at one spot. (whirlpool_write): Check for 'nblocks' overflow. (whirlpool_final): Convert 'nblocks' to bit-counter, and use whirlpool_write instead of whirlpool_add. 2013-09-30 Werner Koch Add logging functions to the API. * src/gcrypt.h.in (_GCRY_GCC_ATTR_PRINTF): New. (gcry_log_debug, gcry_log_debughex, gcry_log_debugmpi): New. (gcry_log_debugpnt, gcry_log_debugsxp): New. * src/visibility.c (gcry_log_debug): New. (gcry_log_debughex, gcry_log_debugmpi, gcry_log_debugpnt): New. (gcry_log_debugsxp): New. * src/libgcrypt.def, src/libgcrypt.vers: Add new functions. * src/misc.c (_gcry_logv): Make public. (_gcry_log_printsxp): New. * src/g10lib.h (log_printsxp): New macro. 2013-09-26 Jussi Kivilinna Make libgcrypt build with Clang on i386. * cipher/longlong.h [__i386__] (add_ssaaaa, sub_ddmmss) (umul_ppmm, udiv_qrnnd): Do not cast asm output to USItype. 2013-09-25 Werner Koch mpi: Change not yet used _gcry_mpi_set_opaque_copy. * mpi/mpiutil.c (_gcry_mpi_set_opaque_copy): Change prototype. (_gcry_mpi_get_opaque_copy): Take care of gcry_malloc failure. sexp: Improve printing of data with a leading zero. * src/sexp.c (suitable_encoding): Detect leading zero byte. ecc: Allow the name "q@eddsa" to get/set the public key. * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Support "q@eddsa". (_gcry_ecc_set_mpi): Support "q". * cipher/ecc.c (eddsa_encodepoint): Rename to ... (_gcry_ecc_eddsa_encodepoint): this and make global. Remove arg MINLEN and take from context. (eddsa_decodepoint): Rename to (_gcry_ecc_eddsa_decodepoint): this and make global. Remove arg LEN and take from context. (sign_eddsa, verify_eddsa): Take B from context. (ecc_sign, ecc_verify): Add hack to set DIALECT. (_gcry_pk_ecc_get_sexp): Use _gcry_ecc_compute_public. Handle EdDSA. * src/ec-context.h (mpi_ec_ctx_s): Add field NBITS. * mpi/ec.c (ec_p_init): Init NBITS. * tests/t-mpi-point.c (test_curve): Add Ed25519. (sample_ed25519_q): New. (context_param): Check new sample key. (hex2buffer, hex2mpiopa): New. (cmp_mpihex): Take care of opaque MPIs. mpicalc: Add statement to compute the number of bits. * src/mpicalc.c (do_nbits): New. (main): Add statement 'b'. ecc: Refactor low-level access functions. * mpi/ec.c (point_copy): Move to cipher/ecc-curves.c. (ec_get_reset): Rename to _gcry_mpi_ec_get_reset and make global. (_gcry_mpi_ec_get_mpi): Factor most code out to _gcry_ecc_get_mpi. (_gcry_mpi_ec_get_point): Factor most code out to _gcry_ecc_get_point. (_gcry_mpi_ec_set_mpi): Factor most code out to _gcry_ecc_set_mpi. (_gcry_mpi_ec_set_point): Factor most code out to _gcry_ecc_set_point. * cipher/ecc-curves.c (_gcry_ecc_get_mpi): New. (_gcry_ecc_get_point, _gcry_ecc_set_mpi, _gcry_ecc_set_point): New. * cipher/ecc-misc.c (_gcry_ecc_compute_public): New. ecc: Fix highly unlikely endless loop in sign_ecdsa. * cipher/ecc.c (sign_ecdsa): Turn while-do into do-while loops. 2013-09-24 Werner Koch ecc: Allow the use of an uncompressed public key. * cipher/ecc.c (eddsa_encodepoint): Factor most code out to ... (eddsa_encode_x_y): new fucntion. (eddsa_decodepoint): Allow use of an uncompressed public key. * tests/t-ed25519.c (N_TESTS): Adjust. * tests/t-ed25519.inp: Add test 1025. 2013-09-23 Werner Koch pk: Add algo id GCRY_PK_ECC and deprecate ECDSA and ECDH. * src/gcrypt.h.in (GCRY_PK_ECC): New. * cipher/pubkey.c (map_algo): New. (spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it. * cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC. (run_selftests): Simplify. (ecdh_names, ecdsa_names): Merge into a new ecc_names. (_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new _gcry_pubkey_spec_ecc. ec: Use mpi_mulm instead of mpi_powm. * mpi/ec.c (ec_pow2): New. (ec_powm): Remove call to mpi_abs. (dup_point_weierstrass, dup_point_twistededwards) (add_points_weierstrass, add_points_twistededwards) (_gcry_mpi_ec_curve_point): Use ec_pow2. 2013-09-21 Jussi Kivilinna bufhelp: enable fast unaligned memory accesses on powerpc. * cipher/bufhelp.h [__powerpc__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set macro enabled. [__powerpc64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Ditto. Remove i386 inline assembly version of rotation functions. * cipher/bithelp.h (rol, ror): Remove i386 version, change macros to inline functions. * src/hmac256.c (ror): Ditto. Optimize and cleanup 32-bit and 64-bit endianess transforms. * cipher/bithelp.h (bswap32, bswap64, le_bswap32, be_bswap32) (le_bswap64, be_bswap64): New. * cipher/bufhelp.h (buf_get_be32, buf_get_le32, buf_put_le32) (buf_put_be32, buf_get_be64, buf_get_le64, buf_put_be64) (buf_put_le64): New. * cipher/blowfish.c (do_encrypt_block, do_decrypt_block): Use new endian conversion helpers. (do_bf_setkey): Turn endian specific code to generic. * cipher/camellia.c (GETU32, PUTU32): Use new endian conversion helpers. * cipher/cast5.c (rol): Remove, use rol from bithelp. (F1, F2, F3): Fix to use rol from bithelp. (do_encrypt_block, do_decrypt_block, do_cast_setkey): Use new endian conversion helpers. * cipher/des.c (READ_64BIT_DATA, WRITE_64BIT_DATA): Ditto. * cipher/md4.c (transform, md4_final): Ditto. * cipher/md5.c (transform, md5_final): Ditto. * cipher/rmd160.c (transform, rmd160_final): Ditto. * cipher/salsa20.c (LE_SWAP32, LE_READ_UINT32): Ditto. * cipher/scrypt.c (READ_UINT64, LE_READ_UINT64, LE_SWAP32): Ditto. * cipher/seed.c (GETU32, PUTU32): Ditto. * cipher/serpent.c (byte_swap_32): Remove. (serpent_key_prepare, serpent_encrypt_internal) (serpent_decrypt_internal): Use new endian conversion helpers. * cipher/sha1.c (transform, sha1_final): Ditto. * cipher/sha256.c (transform, sha256_final): Ditto. * cipher/sha512.c (__transform, sha512_final): Ditto. * cipher/stribog.c (transform, stribog_final): Ditto. * cipher/tiger.c (transform, tiger_final): Ditto. * cipher/twofish.c (INPACK, OUTUNPACK): Ditto. * cipher/whirlpool.c (buffer_to_block, block_to_buffer): Ditto. * configure.ac (gcry_cv_have_builtin_bswap32): Check for compiler provided __builtin_bswap32. (gcry_cv_have_builtin_bswap64): Check for compiler provided __builtin_bswap64. gostr3411_94: set better burn stack depth estimate. * cipher/gost28147.c (_gcry_gost_enc_one): Account function stack to burn stack depth. * cipher/gostr3411-94.c (max): New macro. (do_hash_step, transform): Return stack burn depth. Use hash transform function return type for passing burn stack depth. * cipher/gostr4311-94.c (transform): Return stack burn depth. * cipher/hash-common.c (_gcry_md_block_write): Use stack burn depth returned by 'hd->bwrite'. * cipher/hash-common.h (_gcry_md_block_write_t): Change return type to 'unsigned int'. (gry_md_block_ctx_t): Remove 'stack_burn'. * cipher/md4.c (transform): Return stack burn depth. (md4_final): Use stack burn depth from transform. * cipher/md5.c (transform): Return stack burn depth. (md5_final): Use stack burn depth from transform. * cipher/rmd160.c (transform): Return stack burn depth. (rmd160_final): Use stack burn depth from transform. * cipher/sha1.c (transform): Return stack burn depth. (sha1_final): Use stack burn depth from transform. * cipher/sha256.c (transform): Return stack burn depth. (sha256_final): Use stack burn depth from transform. * cipher/sha512.c (__transform, transform): Return stack burn depth. (sha512_final): Use stack burn depth from transform. * cipher/stribog.c (transform64): Return stack burn depth. * cipher/tiger.c (transform): Return stack burn depth. (tiger_final): Use stack burn depth from transform. Make STRIBOG use the new _gcry_md_block_write helper. * cipher/stribog.c (STRIBOG_STRUCT): Add 'bctx' and remove 'buf' and 'count'. (stribog_init_512): Initialize 'bctx'. (transform64): New function. (stribog_write): Remove. (stribog_final): Use _gcry_md_block_write and bctx. (_gcry_digest_spec_stribog_256, _gcry_digest_spec_stribog_512): Use _gcry_md_block_write. Make SHA-512 use the new _gcry_md_block_write helper. * cipher/hash-common.c (_gcry_md_block_write): Check that hd->buf is large enough. * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE, MD_NBLOCKS_TYPE): New macros. (gcry_md_block_ctx_t): Use above macros for 'nblocks' and 'buf'. * cipher/sha512.c (SHA512_STATE): New struct. (SHA512_CONTEXT): Add 'bctx' and 'state'. (sha512_init, sha384_init): Initialize 'bctx'. (__transform, _gcry_sha512_transform_armv7_neon): Use SHA512_STATE for 'hd'. (transform): For now, do not return burn stack. (sha512_write): Remove. (sha512_final): Use _gcry_md_block_write and bctx. (_gcry_digest_spec_sha512, _gcry_digest_spec_sha384): Use _gcry_md_block_write. 2013-09-20 Werner Koch sexp: Change internal versions to always use gpg_err_code_t. * src/sexp.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_build) (gcry_sexp_build_array, gcry_sexp_canon_len): Change error return type from gpg_error_t to gpg_err_code_t. Remove all calls to gpg_error. * src/visibility.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_sscan) (gcry_sexp_build, gcry_sexp_build_array, gcry_sexp_canon_len): Map error codes via gpg_error. * cipher/dsa.c, cipher/ecc.c, cipher/elgamal.c, cipher/rsa.c: Remove use gpg_err_code wrappers. pk: Move s-exp creation for gcry_pk_decrypt to the modules. * cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it into FLAGS. (gcry_pk_decrypt): Move result s-exp building into the modules. * src/cipher-proto.h (gcry_pk_decrypt_t): Add some args. * cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp. * cipher/elgamal.c (elg_decrypt): Ditto. * cipher/rsa.c (rsa_decrypt): Ditto. (rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several extra MPI allocations. pk: Remove unused function. * cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove 2013-09-19 Werner Koch Beautify debug output of the prime generator. * cipher/primegen.c: Adjust output of log_mpidump to recently changed log_mpidump code changes. pk: Move s-expr creation for genkey to the modules. * cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey (gcry_pk_genkey): Move result s-exp creation into the modules. * cipher/dsa.c (dsa_generate): Create result as s-exp. * cipher/elgamal.c (elg_generate): Ditto. * cipher/rsa.c (rsa_generate): Ditto. * cipher/ecc.c (ecc_generate): Ditto. * src/cipher-proto.h (pk_ext_generate_t): Remove type (gcry_pk_spec): and remove from struct. tests: Beautify some diagnostics. * tests/benchmark.c (ecc_bench): Print the key sexp in very verbose mode. (main): Add option --pk-count. * tests/keygen.c: Add Elgamal generation and improved diagnostics. * tests/t-ed25519.c (check_ed25519): Print running number of tests done. sexp: Improve printing data representing a negative number. * src/sexp.c (suitable_encoding): Detect a negative number. pk: Move RSA encoding functions to a new file. * cipher/rsa-common: New. * cipher/pubkey.c (pkcs1_encode_for_encryption): Move to rsa-common.c and rename to _gcry_rsa_pkcs1_encode_for_enc. (pkcs1_decode_for_encryption): Move to rsa-common.c and rename to _gcry_rsa_pkcs1_decode_for_enc. (pkcs1_encode_for_signature): Move to rsa-common.c and rename to _gcry_rsa_pkcs1_encode_for_sig. (oaep_encode): Move to rsa-common.c and rename to _gcry_rsa_oaep_encode. (oaep_decode): Move to rsa-common.c and rename to _gcry_rsa_oaep_decode. (pss_encode): Move to rsa-common.c and rename to _gcry_rsa_pss_encode. (pss_verify): Move to rsa-common.c and rename to _gcry_rsa_pss_decode. (octet_string_from_mpi, mgf1): Move to rsa-common.c. pk: Move s-expr creation for sign and encrypt to the modules. * cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt. (pubkey_decrypt): Fold into gcry_pk_decrypt. (pubkey_sign): Fold into gcry_pk_sign. (pubkey_verify): Fold into gcry_pk_verify. (octet_string_from_mpi): Make it a wrapper and factor code out to ... * mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function. * src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New. * cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings. (gcry_pk_encrypt): Simply by moving the s-expr generation to the modules. (gcry_pk_sign): Ditto. * cipher/dsa.c (dsa_sign): Create s-expr. * cipher/elgamal.c (elg_encrypt, elg_sign): Ditto. * cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto. * cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto. (ecdsa_names): Add "eddsa". * tests/t-ed25519.c (one_test): Expect "eddsa" token. 2013-09-19 Dmitry Eremin-Solenikov Fix Stribog digest on bigendian platforms. * cipher/stribog.c (stribog_final): swap bytes in the result of digest calculations. 2013-09-18 Werner Koch pk: Simplify the public key dispatcher pubkey.c. * src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS. * cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields. * cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto. (_gcry_pubkey_spec_ecdh): Ditto. * cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto. * cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto (_gcry_pubkey_spec_elg_e): New. * cipher/pubkey.c: Change most code to replace the former module system by a simpler system to gain information about the algorithms. (disable_pubkey_algo): SImplified. Not anymore thread-safe, though. pk: Merge extraspecs struct with standard specs struct. * src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the corresponding function typedefs to ... * src/cipher-proto.h: here. (pk_extra_spec_t): Remove typedef and merge fields into gcry_pk_spec_t. * cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto. * cipher/pubkey.c: Change accordingly. * src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove. (_gcry_pubkey_extraspec_dsa): Remove. (_gcry_pubkey_extraspec_elg): Remove. (_gcry_pubkey_extraspec_ecdsa): Remove. 2013-09-18 Jussi Kivilinna Fix encryption/decryption return type for GOST28147. * cipher/gost.h (_gcry_gost_enc_one): Change return type to 'unsigned int'. * cipher/gost28147.c (max): New macro. (gost_encrypt_block, gost_decrypt_block): Return burn stack depth. (_gcry_gost_enc_one): Return burn stack depth from gost_encrypt_block. 2013-09-18 Dmitry Eremin-Solenikov doc: fix building of ps and pdf documentation. * doc/gcrypt.texi, doc/gpl.texi, doc/lgpl.texi: fix texinfo errors. Add GOST R 34.11-2012 implementation (Stribog) * src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256) (GCRY_MD_GOSTR3411_12_512): New. * cipher/stribog.c: New. * configure.ac (available_digests_64): Add stribog. * src/cipher.h: Declare Stribog declarations. * cipher/md.c: Register Stribog digest. * tests/basic.c (check_digests) Add 4 testcases for Stribog from standard. * doc/gcrypt.texi: Document new constants. Add basic implementation of GOST R 34.11-94 message digest. * src/gcrypt.h.in (GCRY_MD_GOSTR3411_94): New. * cipher/gostr3411-94.c: New. * configure.ac (available_digests): Add gostr3411-94. * src/cipher.h: Add gostr3411-94 definitions. * cipher/md.c: Register GOST R 34.11-94. * tests/basic.c (check_digests): Add 4 tests for GOST R 34.11-94 hash algo. Two are defined in the standard itself, two other are more or less common tests - an empty string an exclamation mark. * doc/gcrypt.texi: Add an entry describing GOST R 34.11-94 to the MD algorithms table. Separate common md block code. * cipher/hash-common.c (_gcry_md_block_write): New function to handle block md operations. The current implementation is limited to 64 byte buffer and u32 block counter. * cipher/md4.c, cipher/md5.c, cipher/rmd.h, cipher/rmd160.c *cipher/sha1.c, cipher/sha256.c, cipher/tiger.c: Convert to use _gcry_md_block_write. Add limited implementation of GOST 28147-89 cipher. * src/gcrypt.h.in (GCRY_CIPHER_GOST28147): New. * cipher/gost.h, cipher/gost28147.c: New. * configure.ac (available_ciphers): Add gost28147. * src/cipher.h: Add gost28147 definitions. * cipher/cipher.c: Register gost28147. * tests/basic.c (check_ciphers): Enable simple test for gost28147. * doc/gcrypt.texi: document GCRY_CIPHER_GOST28147. 2013-09-18 Werner Koch ecc: Add Ed25519 key generation and prepare for optimizations. * src/mpi.h (enum ecc_dialects): New. * src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT. * cipher/ecc-common.h (elliptic_curve_t): Ditto. * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. (domain_parms): Add dialect values. (_gcry_ecc_fill_in_curve): Set dialect. (_gcry_ecc_get_curve): Ditto. (_gcry_mpi_ec_new): Ditto. (_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now. * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect. (_gcry_ecc_dialect2str): New. * mpi/ec.c (ec_p_init): Add arg DIALECT. (_gcry_mpi_ec_p_internal_new): Ditto. (_gcry_mpi_ec_p_new): Ditto. * mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag. (_gcry_mpi_set_opaque_copy): New. * cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI. * cipher/ecc.c (eddsa_generate_key): New. (generate_key): Rename to nist_generate_key and factor some code out to ... (ecc_generate_ext): here. Divert to eddsa_generate_key if desired. (eddsa_decodepoint): Take care of an opaque MPI. (ecc_check_secret_key): Ditto. (ecc_sign): Ditto. * cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret key as opaque MPIs. (gcry_pk_genkey): Add the curve_name also to the private key part of the result. * tests/benchmark.c (ecc_bench): Support Ed25519. (main): Add option --debug. * tests/curves.c (sample_key_2): Make sure that P and N are positive. * tests/keygen.c (show): New. (check_ecc_keys): Support Ed25519. 2013-09-17 Werner Koch mpi: Support printing of negative numbers. * mpi/mpicoder.c (twocompl, onecompl): New. (gcry_mpi_print): Use it for STD and SSH. (gcry_mpi_scan): Use it for STD and SSH. Always set NSCANNED. (gcry_mpi_aprint): Clear the extra allocated byte. * tests/t-convert.c (showhex, showmpi): New. (mpi2bitstr_nlz): New. (check_formats): New. (main): Call new test. 2013-09-16 Werner Koch Fix bug in _gcry_mpi_tdiv_q_2exp. * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work. ecc: Implement Curve Ed25519 signing and verification. * cipher/ecc-curves.c (domain_parms): Add curve "Ed25519". * cipher/ecc.c (reverse_buffer): New. (eddsa_encodempi): New. (eddsa_encodepoint): New. (eddsa_decodepoint): New. (sign_eddsa): Implement. (verify_eddsa): Implement. (ecc_sign): Init unused Q. Pass public key to sign_eddsa. (ecc_verify): Init pk.Q if not used. Pass public key verbatim to verify_eddsa. * cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all callers to pass 0. (sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract. (sexp_data_to_mpi): Allow for a zero length "value". (gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as required. * mpi/ec.c (ec_invm): Print a warning if the inverse does not exist. (_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve model. (dup_point_twistededwards): Implement. (add_points_twistededwards): Implement. (_gcry_mpi_ec_mul_point): Support Twisted Edwards. * mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE. (_gcry_mpi_get_buffer): Ditto. Change all callers. (_gcry_mpi_get_secure_buffer): Ditto. * src/sexp.c (_gcry_sexp_nth_opaque_mpi): New. * tests/t-ed25519.c: New. * tests/t-ed25519.inp: New. * tests/t-mpi-point.c (basic_ec_math_simplified): Print some output only in debug mode. (twistededwards_math): New test. (main): Call new test. mpi: Add internal convenience function. * mpi/mpiutil.c (_gcry_mpi_get_opaque_copy): New. mpi: Add debug function to print a point. * mpi/ec.c (_gcry_mpi_point_log): New. * src/mpi.h (log_printpnt): new macro. tests: Factor time measurement code out. * tests/benchmark.c (started_at, stopped_at, start_timer, stop_timer) (elapsed time): Factor out to .. * tests/stopwatch.h: new file. 2013-09-12 Werner Koch Fix _gcry_log_printmpi to print 00 instead of a sole sign. * src/misc.c: Special case an mpi length of 0. 2013-09-11 Werner Koch Streamline the use of the internal mpi and hex debug functions. * mpi/mpicoder.c (gcry_mpi_dump): Remove. (_gcry_log_mpidump): Remove. * src/misc.c (_gcry_log_printhex): Factor all code out to ... (do_printhex): new. Add line wrapping a and compact printing. (_gcry_log_printmpi): New. * src/mpi.h (log_mpidump): Remove macro. * src/g10lib.h (log_mpidump): Add compatibility macro. (log_printmpi): New macro * src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi. * cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump by log_printmpi. (gcry_prime_group_generator): Ditto. * cipher/pubkey.c: Remove extra colons from log_mpidump call. * cipher/rsa.c (stronger_key_check): Use log_printmpi. 2013-09-10 Werner Koch md: Add function gcry_md_hash_buffers. * src/gcrypt.h.in (gcry_buffer_t): new. (gcry_md_hash_buffers): New. * src/visibility.c, src/visibility.h: Add wrapper for new function. * src/libgcrypt.def, src/libgcrypt.vers: Export new function. * cipher/md.c (gcry_md_hash_buffers): New. * cipher/sha1.c (_gcry_sha1_hash_buffers): New. * tests/basic.c (check_one_md_multi): New. (check_digests): Run that test. * tests/hmac.c (check_hmac_multi): New. (main): Run that test. md: Fix Whirlpool flaw. * cipher/whirlpool.c (whirlpool_add): Remove shortcut return so that byte counter is always properly updated. 2013-09-07 Jussi Kivilinna Fix static build on AMD64. * cipher/rijndael-amd64.S: Correct 'RIP' macro for non-PIC build. scrypt: fix for big-endian systems. * cipher/scrypt.c (_salsa20_core): Fix endianess issues. 2013-09-07 Werner Koch Use gcc "unused" attribute only with gcc >= 3.5. * src/g10lib.h (GCC_ATTR_UNUSED): Fix gcc version detection. 2013-09-07 Dmitry Eremin-Solenikov Add support for Salsa20/12 - 12 round version of Salsa20. * src/gcrypt.h.in (GCRY_CIPHER_SALSA20R12): New. * src/salsa20.c (salsa20_core, salsa20_do_encrypt_stream): Add support for reduced round versions. (salsa20r12_encrypt_stream, _gcry_cipher_spec_salsa20r12): Implement Salsa20/12 - a 12 round version of Salsa20 selected by eStream. * src/cipher.h: Declsare Salsa20/12 definition. * cipher/cipher.c: Register Salsa20/12 * tests/basic.c: (check_stream_cipher, check_stream_cipher_large_block): Populate Salsa20/12 tests with test vectors from ecrypt (check_ciphers): Add simple test for Salsa20/12 2013-09-07 Werner Koch Add configure option --disable-amd64-as-feature-detection. * configure.ac: Implement new disable flag. mpi: Improve support for non-Weierstrass support. * mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers. (_gcry_mpi_ec_p_internal_new): Ditto. (_gcry_mpi_ec_p_new): Ditto. * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model. * cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto. * cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking. mpi: Add gcry_mpi_ec_curve_point. * mpi/ec.c (_gcry_mpi_ec_curve_point): New. (ec_powm): Return the absolute value. * src/visibility.c, src/visibility.c: Add wrappers. * src/libgcrypt.def, src/libgcrypt.vers: Export them. mpi: Add functions to manipulate the sign. * src/gcrypt.h.in (gcry_mpi_is_neg): New. (gcry_mpi_neg, gcry_mpi_abs): New. * mpi/mpiutil.c (_gcry_mpi_is_neg): New. (_gcry_mpi_neg, _gcry_mpi_abs): New. * src/visibility.c, src/visibility.h: Add wrappers. * src/libgcrypt.def, src/libgcrypt.vers: Export them. * src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign. * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign. * mpi/mpi-mpow.c (calc_barrett): Ditto. * cipher/primegen.c (_gcry_derive_x931_prime): Ditto * cipher/rsa.c (secret): Ditto. 2013-09-06 Jussi Kivilinna Tune armv6 mpi assembly. * mpi/armv6/mpih-mul1.S: Tune assembly for Cortex-A8. * mpi/armv6/mpih-mul2.S: Ditto. * mpi/armv6/mpih-mul3.S: Ditto. 2013-09-05 Jussi Kivilinna Change _gcry_burn_stack take burn depth as unsigned integer. * src/misc.c (_gcry_burn_stack): Change to handle 'unsigned int' bytes. mpicalc: fix building on linux and win32. * src/Makefile.am (mpicalc): Adjust CFLAGS and LDADD. 2013-09-04 Werner Koch Change mpicalc to use Libgcrypt and install it. * src/mpicalc.c: Make use of gcry_ functions. (MPICALC_VERSION): New. Set to 2.0. (strusage): Remove. (scan_mpi): New. Replaces mpi_fromstr. (print_mpi): New. Replaces mpi_print. (my_getc): New. (print_help): New. (main): Use simple option parser and print version info. * src/Makefile.am (bin_PROGRAMS): Add mpicalc. (mpicalc_SOURCES, mpicalc_CFLAGS, mpicalc_LDADD): New. Add mpicalc.c to help with testing. * src/mpicalc.c: Take from GnuPG 1.4 Prepare support for EdDSA. * src/cipher.h (PUBKEY_FLAG_EDDSA): New. * cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by CTX. Pass flags and hash algo to the verify function. Change all verify functions to accept these args. (sexp_data_to_mpi): Implement new flag "eddsa". (gcry_pk_verify): Pass CTX instead of the compare function to pubkey_verify. * cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers. (verify): Rename to verify_ecdsa. Change all callers. (sign_eddsa, verify_eddsa): New stub functions. (ecc_sign): Divert to sign_ecdsa or sign_eddsa. (ecc_verify): Divert to verify_ecdsa or verify_eddsa. Prepare support for non-Weierstrass EC equations. * src/mpi.h (gcry_mpi_ec_models): New. * src/ec-context.h (mpi_ec_ctx_s): Add MODEL. * cipher/ecc-common.h (elliptic_curve_t): Ditto. * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. (domain_parms): Mark als as Weierstrass. (_gcry_ecc_fill_in_curve): Check model. (_gcry_ecc_get_curve): Set model to Weierstrass. * cipher/ecc-misc.c (_gcry_ecc_model2str): New. * cipher/ecc.c (generate_key, ecc_generate_ext): Print model in the debug output. * mpi/ec.c (_gcry_mpi_ec_dup_point): Switch depending on model. Factor code out to ... (dup_point_weierstrass): new. (dup_point_montgomery, dup_point_twistededwards): New stub functions. (_gcry_mpi_ec_add_points): Switch depending on model. Factor code out to ... (add_points_weierstrass): new. (add_points_montgomery, add_points_twistededwards): New stub functions. * tests/Makefile.am (TESTS): Reorder tests. mpi: Suppress newer gcc warnings. * src/g10lib.h (GCC_ATTR_UNUSED): Define for gcc >= 3.5. * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Mark dummy as unused. * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused. Do not check with cpp for typedefed constants. * src/gcrypt-int.h: Include error code replacements depeding on the version of libgpg-error. 2013-09-04 Jussi Kivilinna Make _gcry_burn_stack use variable length array. * configure.ac (HAVE_VLA): Add check. * src/misc.c (_gcry_burn_stack) [HAVE_VLA]: Add VLA code. Move stack burning from block ciphers to cipher modes. * src/gcrypt-module.h (gcry_cipher_encrypt_t) (gcry_cipher_decrypt_t): Return 'unsigned int'. * cipher/cipher.c (dummy_encrypt_block, dummy_decrypt_block): Return zero. (do_ecb_encrypt, do_ecb_decrypt): Get largest stack burn depth from block cipher crypt function and burn stack at end. * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) (_gcry_cipher_aeswrap_decrypt): Ditto. * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) (_gcry_cipher_cbc_decrypt): Ditto. * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) (_gcry_cipher_cfb_decrypt): Ditto. * cipher/cipher-ctr.c (_gcry_cipher_cbc_encrypt): Ditto. * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) (_gcry_cipher_ofb_decrypt): Ditto. * cipher/blowfish.c (encrypt_block, decrypt_block): Return burn stack depth. * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Ditto. * cipher/cast5.c (encrypt_block, decrypt_block): Ditto. * cipher/des.c (do_tripledes_encrypt, do_tripledes_decrypt) (do_des_encrypt, do_des_decrypt): Ditto. * cipher/idea.c (idea_encrypt, idea_decrypt): Ditto. * cipher/rijndael.c (rijndael_encrypt, rijndael_decrypt): Ditto. * cipher/seed.c (seed_encrypt, seed_decrypt): Ditto. * cipher/serpent.c (serpent_encrypt, serpent_decrypt): Ditto. * cipher/twofish.c (twofish_encrypt, twofish_decrypt): Ditto. * cipher/rfc2268.c (encrypt_block, decrypt_block): New. (_gcry_cipher_spec_rfc2268_40): Use encrypt_block and decrypt_block. 2013-09-01 Jussi Kivilinna camellia-aesni-avx2-amd64: Move register clearing to assembly functions. * cipher/camellia-aesni-avx2-amd64.S (_gcry_camellia_aesni_avx2_ctr_enc): Add 'vzeroall'. (_gcry_camellia_aesni_avx2_cbc_dec) (_gcry_camellia_aesni_avx2_cfb_dec): Add 'vzeroupper' at head and 'vzeroall' at tail. * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX2]: Remove register clearing. camellia-aesni-avx-amd64: Move register clearing to assembly functions. * cipher/camellia-aesni-avx-amd64.S (_gcry_camellia_aesni_avx_ctr_enc) (_gcry_camellia_aesni_avx_cbc_dec) (_gcry_camellia_aesni_avx_cfb_dec): Add 'vzeroupper' at head and 'vzeroall' at tail. * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX]: Remove register clearing. serpent-avx2-amd64: Move register clearing to assembly. * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc) (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Change last 'vzeroupper' to 'vzeroall'. * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) (_gcry_serpent_avx2_cfb_dec) [USE_AVX2]: Remove register clearing with 'vzeroall'. Fix building for x32 target. * mpi/amd64/mpi-asm-defs.h: New file. * random/rndhw.c (poll_padlock) [__x86_64__]: Also check if __LP64__ is defined. [USE_DRNG, __x86_64__]: Also check if __LP64__ is defined. 2013-08-31 Jussi Kivilinna sha512: add ARM/NEON assembly version of transform function. * cipher/Makefile.am: Add 'sha512-armv7-neon.S'. * cipher/sha512-armv7-neon.S: New file. * cipher/sha512.c (USE_ARM_NEON_ASM): New macro. (SHA512_CONTEXT) [USE_ARM_NEON_ASM]: Add 'use_neon'. (sha512_init, sha384_init) [USE_ARM_NEON_ASM]: Enable 'use_neon' if CPU support NEON instructions. (k): Round constant array moved outside of 'transform' function. (__transform): Renamed from 'tranform' function. [USE_ARM_NEON_ASM] (_gcry_sha512_transform_armv7_neon): New prototype. (transform): New wrapper function for different transform versions. (sha512_write, sha512_final): Burn stack by the amount returned by transform function. * configure.ac (sha512) [neonsupport]: Add 'sha512-armv7-neon.lo'. sha512: reduce stack use in transform function by 512 bytes. * cipher/sha512.c (transform): Change 'u64 w[80]' to 'u64 w[16]' and inline input expansion to first 64 rounds. (sha512_write, sha512_final): Reduce burn_stack depth by 512 bytes. Add ARM HW feature detection module and add NEON detection. * configure.ac: Add option --disable-neon-support. (HAVE_GCC_INLINE_ASM_NEON): New. (ENABLE_NEON_SUPPORT): New. [arm]: Add 'hwf-arm.lo' as HW feature module. * src/Makefile.am: Add 'hwf-arm.c'. * src/g10lib.h (HWF_ARM_NEON): New macro. * src/global.c (hwflist): Add HWF_ARM_NEON entry. * src/hwf-arm.c: New file. * src/hwf-common.h (_gcry_hwf_detect_arm): New prototype. * src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add call to _gcry_hwf_detect_arm. Correct mpi_cpu_arch for ARMv6. * mpi/config.links [armv6]: Set mpi_cpu_arch to "arm", instead of "armv6". 2013-08-30 Werner Koch mpi: Make gcry_mpi_print work with negative zeroes. * mpi/mpicoder.c (gcry_mpi_print): Take care of negative zero. (gcry_mpi_aprint): Allocate at least 1 byte. * tests/t-convert.c: New. * tests/Makefile.am (TESTS): Add t-convert. Refactor the ECC code into 3 files. * cipher/ecc-common.h, cipher/ecc-curves.c, cipher/ecc-misc.c: New. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new .c files. * cipher/ecc.c (curve_aliases, ecc_domain_parms_t, domain_parms) (scanval): Move to ecc-curves.c. (fill_in_curve): Move to ecc-curve.c as _gcry_ecc_fill_in_curve. (ecc_get_curve): Move to ecc-curve.c as _gcry_ecc_get_curve. (_gcry_mpi_ec_ec2os): Move to ecc-misc.c. (ec2os): Move to ecc-misc.c as _gcry_ecc_ec2os. (os2ec): Move to ecc-misc.c as _gcry_ecc_os2ec. (point_set): Move as inline function to ecc-common.h. (_gcry_ecc_curve_free): Move to ecc-misc.c as _gcry_ecc_curve_free. (_gcry_ecc_curve_copy): Move to ecc-misc.c as _gcry_ecc_curve_copy. (mpi_from_keyparam, point_from_keyparam): Move to ecc-curves.c. (_gcry_mpi_ec_new): Move to ecc-curves.c. (ecc_get_param): Move to ecc-curves.c as _gcry_ecc_get_param. (ecc_get_param_sexp): Move to ecc-curves.c as _gcry_ecc_get_param_sexp. 2013-08-22 Jussi Kivilinna serpent-sse2-amd64: Move register clearing to assembly functions. cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_ctr_enc) (_gcry_serpent_sse2_cbc_dec, _gcry_serpent_sse2_cfb_dec): Clear used XMM registers. cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) ( _gcry_serpent_cfb_dec) [USE_SSE2]: Remove XMM register clearing from bulk functions. twofish-amd64: do not make __twofish_dec_blk3 global. * cipher/twofish-amd64.S (__twofish_dec_blk3): Do not export symbol as global. (__twofish_dec_blk3): Mark symbol as function. 2013-08-20 Jussi Kivilinna mpi: add ARMv6 assembly. * mpi/armv6/mpi-asm-defs.h: New. * mpi/armv6/mpih-add1.S: New. * mpi/armv6/mpih-mul1.S: New. * mpi/armv6/mpih-mul2.S: New. * mpi/armv6/mpih-mul3.S: New. * mpi/armv6/mpih-sub1.S: New. * mpi/config.links [arm]: Enable ARMv6 assembly. Move ARMv6 detection to configure.ac. * cipher/blowfish-armv6.S: Replace __ARM_ARCH >= 6 checks with HAVE_ARM_ARCH_V6. * cipher/blowfish.c: Ditto. * cipher/camellia-armv6.S: Ditto. * cipher/camellia.h: Ditto. * cipher/cast5-armv6.S: Ditto. * cipher/cast5.c: Ditto. * cipher/rijndael-armv6.S: Ditto. * cipher/rijndael.c: Ditto. * configure.ac: Add HAVE_ARM_ARCH_V6 check. 2013-08-19 Jussi Kivilinna Add optimized wipememory for ARM. src/g10lib.h [__arm__] (fast_wipememory2_unaligned_head) (fast_wipememory2): New macros. cipher: bufhelp: allow unaligned memory accesses on ARM. * cipher/bufhelp.h [__arm__ && __ARM_FEATURE_UNALIGNED]: Enable BUFHELP_FAST_UNALIGNED_ACCESS. 2013-08-17 Jussi Kivilinna Remove burn_stack optimization. * src/misc.c (_gcry_burn_stack): Remove SIZEOF_UNSIGNED_LONG == 4 or 8 optimization. 2013-08-16 Jussi Kivilinna camellia: add ARMv6 assembly implementation. * cipher/Makefile.am: Add 'camellia-armv6.S'. * cipher/camellia-armv6.S: New file. * cipher/camellia-glue.c [USE_ARMV6_ASM] (_gcry_camellia_armv6_encrypt_block) (_gcry_camellia_armv6_decrypt_block): New prototypes. [USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock) (camellia_encrypt, camellia_decrypt): New functions. * cipher/camellia.c [!USE_ARMV6_ASM]: Compile encryption and decryption routines if USE_ARMV6_ASM macro is _not_ defined. * cipher/camellia.h (USE_ARMV6_ASM): New macro. [!USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock): If USE_ARMV6_ASM is defined, disable these function prototypes. (camellia) [arm]: Add 'camellia-armv6.lo'. blowfish: add ARMv6 assembly implementation. * cipher/Makefile.am: Add 'blowfish-armv6.S'. * cipher/blowfish-armv6.S: New file. * cipher/blowfish.c (USE_ARMV6_ASM): New macro. [USE_ARMV6_ASM] (_gcry_blowfish_armv6_do_encrypt) (_gcry_blowfish_armv6_encrypt_block) (_gcry_blowfish_armv6_decrypt_block, _gcry_blowfish_armv6_ctr_enc) (_gcry_blowfish_armv6_cbc_dec, _gcry_blowfish_armv6_cfb_dec): New prototypes. [USE_ARMV6_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block) (encrypt_block, decrypt_block): New functions. (_gcry_blowfish_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (_gcry_blowfish_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (_gcry_blowfish_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. * configure.ac (blowfish) [arm]: Add 'blowfish-armv6.lo'. cast5: add ARMv6 assembly implementation. * cipher/Makefile.am: Add 'cast5-armv6.S'. * cipher/cast5-armv6.S: New file. * cipher/cast5.c (USE_ARMV6_ASM): New macro. (CAST5_context) [USE_ARMV6_ASM]: New members 'Kr_arm_enc' and 'Kr_arm_dec'. [USE_ARMV6_ASM] (_gcry_cast5_armv6_encrypt_block) (_gcry_cast5_armv6_decrypt_block, _gcry_cast5_armv6_ctr_enc) (_gcry_cast5_armv6_cbc_dec, _gcry_cast5_armv6_cfb_dec): New prototypes. [USE_ARMV6_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block) (decrypt_block): New functions. (_gcry_cast5_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (_gcry_cast5_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (_gcry_cast5_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (do_cast_setkey) [USE_ARMV6_ASM]: Initialize 'Kr_arm_enc' and 'Kr_arm_dec'. * configure.ac (cast5) [arm]: Add 'cast5-armv6.lo'. 2013-08-14 Jussi Kivilinna rijndael: add ARMv6 assembly implementation. * cipher/Makefile.am: Add 'rijndael-armv6.S'. * cipher/rijndael-armv6.S: New file. * cipher/rijndael.c (USE_ARMV6_ASM): New macro. [USE_ARMV6_ASM] (_gcry_aes_armv6_encrypt_block) (_gcry_aes_armv6_decrypt_block): New prototypes. (do_encrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (do_encrypt): Disable input/output alignment when USE_ARMV6_ASM. (do_decrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function. (do_decrypt): Disable input/output alignment when USE_ARMV6_ASM. * configure.ac (HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS): New check for gcc/as compatibility with ARM assembly implementations. (aes) [arm]: Add 'rijndael-armv6.lo'. 2013-08-09 NIIBE Yutaka cipher: fix memory leak. * cipher/pubkey.c (gcry_pk_sign): Handle the specific case of ECC, where there is NULL whichi is not the sentinel. 2013-08-08 Werner Koch mpi: Clear immutable flag on the result of gcry_mpi_set. * mpi/mpiutil.c (gcry_mpi_set): Reset immutable and const flags. * tests/mpitests.c (test_const_and_immutable): Add a test for this. 2013-08-07 NIIBE Yutaka tests: fix memory leaks. * tests/benchmark.c (dsa_bench): Release SIG. * tests/mpitests.c (test_powm): Release BASE, EXP, MOD, and RES. * tests/prime.c (check_primes): Release PRIME. * tests/tsexp.c (basic): Use intermediate variable M for constant. Release S1, S2 and A. 2013-08-07 Jussi Kivilinna Fix building on W32 (cannot export symbol 'gcry_sexp_get_buffer') * src/libgcrypt.def: Change 'gcry_sexp_get_buffer' to 'gcry_sexp_nth_buffer'. 2013-08-06 NIIBE Yutaka cipher: fix another memory leak. * cipher/ecc.c (ecc_get_curve): Free TMP. tests: fix memory leaks. * tests/pubkey.c (check_keys_crypt): Release L, X0, and X1. (check_keys): Release X. cipher: fix memory leaks. * cipher/elgamal.c (elg_generate_ext): Free XVALUE. * cipher/pubkey.c (sexp_elements_extract): Don't use IDX for loop. Call mpi_free. (sexp_elements_extract_ecc): Call mpi_free. 2013-08-05 Werner Koch mpi: Improve gcry_mpi_invm to detect bad input. * mpi/mpi-inv.c (gcry_mpi_invm): Return 0 for bad input. 2013-07-31 Dmitry Eremin-Solenikov Correct checks for ecc secret key. * cipher/ecc.c (check_secret_key): replace wrong comparison of Q and sk->Q points with correct one. 2013-07-29 Werner Koch sexp: Allow white space anywhere in a hex format. * src/sexp.c (hextobyte): Remove. (hextonibble): New. (vsexp_sscan): Skip whtespace between hex nibbles. Implement deterministic ECDSA as specified by rfc-6979. * cipher/ecc.c (sign): Add args FLAGS and HASHALGO. Convert an opaque MPI as INPUT. Implement rfc-6979. (ecc_sign): Remove the opaque MPI code and pass FLAGS to sign. (verify): Do not allocate and compute Y; it is not used. (ecc_verify): Truncate the hash value if needed. * tests/dsa-rfc6979.c (check_dsa_rfc6979): Add ECDSA test cases. 2013-07-26 Werner Koch Implement deterministic DSA as specified by rfc-6979. * cipher/dsa.c (dsa_sign): Move opaque mpi extraction to sign. (sign): Add args FLAGS and HASHALGO. Implement deterministic DSA. Add code path for R==0 to comply with the standard. (dsa_verify): Left fill opaque mpi based hash values. * cipher/dsa-common.c (int2octets, bits2octets): New. (_gcry_dsa_gen_rfc6979_k): New. * tests/dsa-rfc6979.c: New. * tests/Makefile.am (TESTS): Add dsa-rfc6979. Allow the use of a private-key s-expression with gcry_pk_verify. * cipher/pubkey.c (sexp_to_key): Fallback to private key. 2013-07-25 Werner Koch Mitigate a flush+reload cache attack on RSA secret exponents. * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for exponents in secure memory. 2013-07-19 Werner Koch pk: Allow the use of a hash element for DSA sign and verify. * cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign module. (gcry_pk_sign): Pass CTX to pubkey_sign. (sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA * cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque MPI is given for DATA/HASH. * cipher/elgamal.c (elg_sign, elg_verify): Ditto. * cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI. * cipher/ecc.c (ecc_sign, ecc_verify): Ditto. * tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash element with DSA. sexp: Add function gcry_sexp_nth_buffer. * src/sexp.c (gcry_sexp_nth_buffer): New. * src/visibility.c, src/visibility.h: Add function wrapper. * src/libgcrypt.vers, src/libgcrypt.def: Add to API. * src/gcrypt.h.in: Add prototype. 2013-07-18 Werner Koch Add support for Salsa20. * src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New. * cipher/salsa20.c: New. * configure.ac (available_ciphers): Add Salsa20. * cipher/cipher.c: Register Salsa20. (cipher_setiv): Allow to divert an IV to a cipher module. * src/cipher-proto.h (cipher_setiv_func_t): New. (cipher_extra_spec): Add field setiv. * src/cipher.h: Declare Salsa20 definitions. * tests/basic.c (check_stream_cipher): New. (check_stream_cipher_large_block): New. (check_cipher_modes): Run new test functions. (check_ciphers): Add simple test for Salsa20. 2013-07-17 Werner Koch Allow gcry_mpi_dump to print opaque MPIs. * mpi/mpicoder.c (gcry_mpi_dump): Detect abd print opaque MPIs. * tests/mpitests.c (test_opaque): New. (main): Call new test. cipher: Prepare to pass extra info to the sign functions. * src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo. * cipher/rsa.c (rsa_sign): Add parms and mark them as unused. * cipher/dsa.c (dsa_sign): Ditto. * cipher/elgamal.c (elg_sign): Ditto. * cipher/pubkey.c (dummy_sign): Ditto. (pubkey_sign): Pass 0 for the new args. Fix a special case bug in mpi_powm for e==0. * mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that the result has been allocated. 2013-07-15 Dmitry Eremin-Solenikov Fix memory leak in t-mpi-point test. * tests/t-mpi-point.c (basic_ec_math, basic_ec_math_simplified): add calls to gcry_ctx_release() to free contexts after they become unused. 2013-07-10 Jussi Kivilinna Fix 'Please include winsock2.h before windows.h' warnings with mingw32. * random/rndw32.c: include winsock2.h before windows.h. * src/ath.h [_WIN32]: Ditto. * tests/benchmark.c [_WIN32]: Ditto. Remove duplicate header from mpi/amd64/mpih-mul2.S. * mpi/amd64/mpih-mul2.S: remove duplicated header. Fix i386/amd64 inline assembly "cc" clobbers. * cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber for inline assembly. * cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto. * random/rndhw.c [USE_DRNG] (rdrand_long): Ditto. * src/hmac256.c [__GNUC__, __i386__] (ror): Ditto. * mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm) (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto. bufhelp: Suppress 'cast increases required alignment' warning. * cipher/bufhelp.h (buf_xor, buf_xor_2dst, buf_xor_n_copy): Cast to larger element pointer through (void *) to suppress -Wcast-error. mpi: Add __ARM_ARCH for older GCC. * mpi/longlong.h [__arm__]: Construct __ARM_ARCH if not provided by compiler. mpi: add missing "cc" clobber for ARM assembly. * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC. [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Ditto. Tweak ARM inline assembly for mpi. mpi/longlong.h [__arm__]: Enable inline assembly if __thumb2__ is defined. [__arm__]: Use __ARCH_ARM when defined. [__arm__] [__ARM_ARCH >= 5] (count_leading_zeros): New. 2013-06-26 Werner Koch Make gpg-error replacement defines more robust. * configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ... * src/gcrypt-int.h: new file. * src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h. * tests/: Ditto for all test files. 2013-06-20 Jussi Kivilinna Check if assembler is compatible with AMD64 assembly implementations. * cipher/blowfish-amd64.S: Enable only if HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined. * cipher/camellia-aesni-avx-amd64.S: Ditto. * cipher/camellia-aesni-avx2-amd64.S: Ditto. * cipher/cast5-amd64.S: Ditto. * cipher/rinjdael-amd64.S: Ditto. * cipher/serpent-avx2-amd64.S: Ditto. * cipher/serpent-sse2-amd64.S: Ditto. * cipher/twofish-amd64.S: Ditto. * cipher/blowfish.c: Use AMD64 assembly implementation only if HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined * cipher/camellia-glue.c: Ditto. * cipher/cast5.c: Ditto. * cipher/rijndael.c: Ditto. * cipher/serpent.c: Ditto. * cipher/twofish.c: Ditto. * configure.ac: Check gcc/as compatibility with AMD64 assembly implementations. 2013-06-09 Jussi Kivilinna Optimize _gcry_burn_stack for 32-bit and 64-bit architectures. * src/misc.c (_gcry_burn_stack): Add optimization for 32-bit and 64-bit architectures. Add Camellia AES-NI/AVX2 implementation. * cipher/Makefile.am: Add 'camellia-aesni-avx2-amd64.S'. * cipher/camellia-aesni-avx2-amd64.S: New file. * cipher/camellia-glue.c (USE_AESNI_AVX2): New macro. (CAMELLIA_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'. [USE_AESNI_AVX2] (_gcry_camellia_aesni_avx2_ctr_enc) (_gcry_camellia_aesni_avx2_cbc_dec) (_gcry_camellia_aesni_avx2_cfb_dec): New prototypes. (camellia_setkey) [USE_AESNI_AVX2]: Check AVX2+AES-NI capable hardware and set 'ctx->use_aesni_avx2'. (_gcry_camellia_ctr_enc) [USE_AESNI_AVX2]: Add AVX2 accelerated code. (_gcry_camellia_cbc_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code. (_gcry_camellia_cfb_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code. (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks' so that AVX2 codepaths get tested. * configure.ac (camellia) [avx2support, aesnisupport]: Add 'camellia-aesni-avx2-amd64.lo'. Add Serpent AVX2 implementation. * cipher/Makefile.am: Add 'serpent-avx2-amd64.S'. * cipher/serpent-avx2-amd64.S: New file. * cipher/serpent.c (USE_AVX2): New macro. (serpent_context_t) [USE_AVX2]: Add 'use_avx2'. [USE_AVX2] (_gcry_serpent_avx2_ctr_enc, _gcry_serpent_avx2_cbc_dec) (_gcry_serpent_avx2_cfb_dec): New prototypes. (serpent_setkey_internal) [USE_AVX2]: Check for AVX2 capable hardware and set 'use_avx2'. (_gcry_serpent_ctr_enc) [USE_AVX2]: Use AVX2 accelerated functions. (_gcry_serpent_cbc_dec) [USE_AVX2]: Use AVX2 accelerated functions. (_gcry_serpent_cfb_dec) [USE_AVX2]: Use AVX2 accelerated functions. (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks' so that AVX2 codepaths are tested. * configure.ac (serpent) [avx2support]: Add 'serpent-avx2-amd64.lo'. Add detection for Intel AVX2 instruction set. * configure.ac: Add option --disable-avx2-support. (HAVE_GCC_INLINE_ASM_AVX2): New. (ENABLE_AVX2_SUPPORT): New. * src/g10lib.h (HWF_INTEL_AVX2): New. * src/global.c (hwflist): Add HWF_INTEL_AVX2. * src/hwf-x86.c [__i386__] (get_cpuid): Initialize registers to zero before cpuid. [__x86_64__] (get_cpuid): Initialize registers to zero before cpuid. (detect_x86_gnuc): Store maximum cpuid level. (detect_x86_gnuc) [ENABLE_AVX2_SUPPORT]: Add detection for AVX2. twofish: add amd64 assembly implementation. * cipher/Makefile.am: Add 'twofish-amd64.S'. * cipher/twofish-amd64.S: New file. * cipher/twofish.c (USE_AMD64_ASM): New macro. [USE_AMD64_ASM] (_gcry_twofish_amd64_encrypt_block) (_gcry_twofish_amd64_decrypt_block, _gcry_twofish_amd64_ctr_enc) (_gcry_twofish_amd64_cbc_dec, _gcry_twofish_amd64_cfb_dec): New prototypes. [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt) (twofish_encrypt, twofish_decrypt): New functions. (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec) (selftest_ctr, selftest_cbc, selftest_cfb): New functions. (selftest): Call new bulk selftests. * cipher/cipher.c (gcry_cipher_open) [USE_TWOFISH]: Register Twofish bulk functions for ctr-enc, cbc-dec and cfb-dec. * configure.ac (twofish) [x86_64]: Add 'twofish-amd64.lo'. * src/cipher.h (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) (gcry_twofish_cfb_dec): New prototypes. 2013-05-29 Jussi Kivilinna rinjdael: add amd64 assembly implementation. * cipher/Makefile.am: Add 'rijndael-amd64.S'. * cipher/rijndael-amd64.S: New file. * cipher/rijndael.c (USE_AMD64_ASM): New macro. [USE_AMD64_ASM] (_gcry_aes_amd64_encrypt_block) (_gcry_aes_amd64_decrypt_block): New prototypes. (do_encrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function. (do_encrypt): Disable input/output alignment when USE_AMD64_ASM is set. (do_decrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function. (do_decrypt): Disable input/output alignment when USE_AMD64_AES is set. * configure.ac (aes) [x86-64]: Add 'rijndael-amd64.lo'. blowfish: add amd64 assembly implementation. * cipher/Makefile.am: Add 'blowfish-amd64.S'. * cipher/blowfish-amd64.S: New file. * cipher/blowfish.c (USE_AMD64_ASM): New macro. [USE_AMD64_ASM] (_gcry_blowfish_amd64_do_encrypt) (_gcry_blowfish_amd64_encrypt_block) (_gcry_blowfish_amd64_decrypt_block, _gcry_blowfish_amd64_ctr_enc) (_gcry_blowfish_amd64_cbc_dec, _gcry_blowfish_amd64_cfb_dec): New prototypes. [USE_AMD64_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block) (encrypt_block, decrypt_block): New functions. (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) (_gcry_blowfish_cfb_dec, selftest_ctr, selftest_cbc, selftest_cfb): New functions. (selftest): Call new bulk selftests. * cipher/cipher.c (gcry_cipher_open) [USE_BLOWFISH]: Register Blowfish bulk functions for ctr-enc, cbc-dec and cfb-dec. * configure.ac (blowfish) [x86_64]: Add 'blowfish-amd64.lo'. * src/cipher.h (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) (gcry_blowfish_cfb_dec): New prototypes. 2013-05-24 Werner Koch ecc: Simplify the compliant point generation. * cipher/ecc.c (generate_key): Use point_snatch_set, replaces unneeded variable copies, etc. ecc: Fix a minor flaw in the generation of K. * cipher/dsa.c (gen_k): Factor code out to .. * cipher/dsa-common.c (_gcry_dsa_gen_k): new file and function. Add arg security_level and re-indent a bit. * cipher/ecc.c (gen_k): Remove and change callers to _gcry_dsa_gen_k. * cipher/dsa.c: Include pubkey-internal. * cipher/Makefile.am (libcipher_la_SOURCES): Add dsa-common.c 2013-05-24 Jussi Kivilinna cast5: add amd64 assembly implementation. * cipher/Makefile.am: Add 'cast5-amd64.S'. * cipher/cast5-amd64.S: New file. * cipher/cast5.c (USE_AMD64_ASM): New macro. (_gcry_cast5_s1tos4): Merge arrays s1, s2, s3, s4 to single array to simplify access from assembly implementation. (s1, s2, s3, s4): New macros pointing to subarrays in _gcry_cast5_s1tos4. [USE_AMD64_ASM] (_gcry_cast5_amd64_encrypt_block) (_gcry_cast5_amd64_decrypt_block, _gcry_cast5_amd64_ctr_enc) (_gcry_cast5_amd64_cbc_dec, _gcry_cast5_amd64_cfb_dec): New prototypes. [USE_AMD64_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block) (decrypt_block): New functions. (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec) (selftest_ctr, selftest_cbc, selftest_cfb): New functions. (selftest): Call new bulk selftests. * cipher/cipher.c (gcry_cipher_open) [USE_CAST5]: Register CAST5 bulk functions for ctr-enc, cbc-dec and cfb-dec. * configure.ac (cast5) [x86_64]: Add 'cast5-amd64.lo'. * src/cipher.h (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec) (gcry_cast5_cfb_dec): New prototypes. cipher-selftest: make selftest work with any block-size. * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128) (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed functions from '_128' to ''. (_gcry_selftest_helper_cbc, _gcry_selftest_helper_cfb) (_gcry_selftest_helper_ctr): Make work with different block sizes. * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc_128) (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed prototypes from '_128' to ''. * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128) (selftest_ctr_128): Change to use new function names. * cipher/rijndael.c (selftest_ctr_128, selftest_cfb_128) (selftest_ctr_128): Change to use new function names. * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128) (selftest_ctr_128): Change to use new function names. 2013-05-23 Jussi Kivilinna serpent: add parallel processing for CFB decryption. * cipher/cipher.c (gcry_cipher_open): Add bulf CFB decryption function for Serpent. * cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_cfb_dec): New function. * cipher/serpent.c (_gcry_serpent_sse2_cfb_dec): New prototype. (_gcry_serpent_cfb_dec) New function. (selftest_cfb_128) New function. (selftest) Call selftest_cfb_128. * src/cipher.h (_gcry_serpent_cfb_dec): New prototype. camellia: add parallel processing for CFB decryption. * cipher/camellia-aesni-avx-amd64.S (_gcry_camellia_aesni_avx_cfb_dec): New function. * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_cfb_dec): New prototype. (_gcry_camellia_cfb_dec): New function. (selftest_cfb_128): New function. (selftest): Call selftest_cfb_128. * cipher/cipher.c (gry_cipher_open): Add bulk CFB decryption function for Camellia. * src/cipher.h (_gcry_camellia_cfb_dec): New prototype. rinjdael: add parallel processing for CFB decryption with AES-NI. * cipher/cipher-selftest.c (_gcry_selftest_helper_cfb_128): New function for CFB selftests. * cipher/cipher-selftest.h (_gcry_selftest_helper_cfb_128): New prototype. * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_vec4): New function. (_gcry_aes_cfb_dec) [USE_AESNI]: Add parallelized CFB decryption. (selftest_cfb_128): New function. (selftest): Call selftest_cfb_128. 2013-05-23 Werner Koch Avoid compiler warning due to the global symbol setkey. * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128) (_gcry_selftest_helper_ctr_128): Rename setkey to setkey_func. 2013-05-23 Jussi Kivilinna serpent: add SSE2 accelerated amd64 implementation. * configure.ac (serpent): Add 'serpent-sse2-amd64.lo'. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add 'serpent-sse2-amd64.S'. * cipher/cipher.c (gcry_cipher_open) [USE_SERPENT]: Register bulk functions for CBC-decryption and CTR-mode. * cipher/serpent.c (USE_SSE2): New macro. [USE_SSE2] (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec): New prototypes to assembler functions. (serpent_setkey): Set 'serpent_init_done' before calling serpent_test. (_gcry_serpent_ctr_enc): New function. (_gcry_serpent_cbc_dec): New function. (selftest_ctr_128): New function. (selftest_cbc_128): New function. (selftest): Call selftest_ctr_128 and selftest_cbc_128. * cipher/serpent-sse2-amd64.S: New file. * src/cipher.h (_gcry_serpent_ctr_enc): New prototype. (_gcry_serpent_cbc_dec): New prototype. Serpent: faster S-box implementation. * cipher/serpent.c (SBOX0, SBOX1, SBOX2, SBOX3, SBOX4, SBOX5, SBOX6) (SBOX7, SBOX0_INVERSE, SBOX1_INVERSE, SBOX2_INVERSE, SBOX3_INVERSE) (SBOX4_INVERSE, SBOX5_INVERSE, SBOX6_INVERSE, SBOX7_INVERSE): Replace with new definitions. 2013-05-22 Werner Koch w32: Fix installing of .def file. * src/Makefile.am (install-def-file): Create libdir first. Add control commands to disable mlock and setuid dropping. * src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New. (GCRYCTL_DISABLE_PRIV_DROP): New. * src/global.c (_gcry_vcontrol): Implement them. * src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New. (GCRY_SECMEM_FLAG_NO_PRIV_DROP): New. * src/secmem.c (no_mlock, no_priv_drop): New. (_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them. (lock_pool): Handle no_mlock and no_priv_drop. Fix libtool 2.4.2 to correctly detect .def files. * ltmain.sh (sed_uncomment_deffile): New. (orig_export_symbols): Uncomment def file before testing for EXPORTS. * m4/libtool.m4: Do the same for the generated code. 2013-05-22 Jussi Kivilinna Add AES bulk CBC decryption selftest. * cipher/rinjdael.c (selftest_cbc_128): New. (selftest): Call selftest_cbc_128. Change AES bulk CTR encryption selftest use new selftest helper function * cipher/rinjdael.c: (selftest_ctr_128): Change to use new selftest helper function. Convert bulk CTR and CBC selftest functions in Camellia to generic selftest helper functions * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-selftest files. * cipher/camellia-glue.c (selftest_ctr_128, selftest_cbc_128): Change to use the new selftest helper functions. * cipher/cipher-selftest.c: New. * cipher/cipher-selftest.h: New. camellia: add bulk CBC decryption selftest. * cipher/camellia-glue.c: (selftest_cbc_128): New selftest function for bulk CBC decryption. (selftest): Add call to selftest_cbc_128. camellia: Rename camellia_aesni_avx_x86-64.S to camellia-aesni-avx-amd64.S * cipher/camellia_aesni_avx_x86-64.S: Remove. * cipher/camellia-aesni-avx-amd64.S: New. * cipher/Makefile.am: Use the new filename. * configure.ac: Use the new filename. 2013-05-21 Werner Koch Fix indentation and save on string space. * cipher/ecc.c (generate_key): Use the same string for both fatal messages. 2013-05-20 Andrey cipher: Fix segv in last ECC change. * cipher/ecc.c (generate_key): Make sure R is initialized. 2013-05-09 Andrey cipher: Generate compliant ECC keys. * cipher/ecc.c (generate_key): Make sure a key is compliant for using the compact representation. 2013-04-18 Werner Koch cipher: Fix regression in Padlock support. * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case and use the standard one. mpi: Yet another fix to get option flag munging right. * cipher/Makefile.am (o_flag_munging): Yet another fix. mpi: Make using gcc's -Ofast easier. * cipher/Makefile.am (o_flag_munging): Take -Ofast in account. Fix alignment problem in idea.c. * cipher/idea.c (cipher): Rework parameter use to fix alignment problems. * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. Fix alignment problem in idea.c. * cipher/idea.c (cipher): Rework parameter use to fix alignment problems. * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. (cherry picked from 4cd279556777e02eda79973f68efaa4b741f9175) 2013-04-18 Vladimir Serbinenko Add some const attributes. * cipher/md4.c (transform): Add const attribute. * cipher/md5.c (transform): Ditto. * cipher/rmd160.c (transform): Ditto. Fix alignment problem in serpent.c. * cipher/serpent.c (serpent_key_prepare): Fix misaligned access. (serpent_setkey): Likewise. (serpent_encrypt_internal): Likewise. (serpent_decrypt_internal): Likewise. (serpent_encrypt): Don't put an alignment-increasing cast. (serpent_decrypt): Likewise. (serpent_test): Likewise. 2013-04-16 Werner Koch Fix multiply by zero in gcry_mpi_ec_mul. * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0. * tests/t-mpi-point.c (basic_ec_math): Add a test case for this. 2013-04-15 Werner Koch Add macros to return pre-defined MPIs. * src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO) (GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New. (_gcry_mpi_get_const): New private function. * src/visibility.c (_gcry_mpi_get_const): New. * src/visibility.h: Mark it visible. Fix addition of EC points. * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine coordinates. 2013-04-12 Werner Koch Add hack to allow using an "ecc" key for "ecdsa" or "ecdh". * cipher/pubkey.c (sexp_to_key): Add optional arg USE. (gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign. (gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt. * tests/basic.c (show_sexp): New. (check_pubkey_sign): Print test number and add cases for ecc. (check_pubkey_sign_ecdsa): New. (do_check_one_pubkey): Divert to new function. 2013-04-11 Werner Koch Add gcry_pubkey_get_sexp. * src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New. (GCRY_PK_GET_SECKEY): New. (gcry_pubkey_get_sexp): New. * src/visibility.c (gcry_pubkey_get_sexp): New. * src/visibility.h (gcry_pubkey_get_sexp): Mark visible. * src/libgcrypt.def, src/libgcrypt.vers: Add new function. * cipher/pubkey-internal.h: New. * cipher/Makefile.am (libcipher_la_SOURCES): Add new file. * cipher/ecc.c: Include pubkey-internal.h (_gcry_pk_ecc_get_sexp): New. * cipher/pubkey.c: Include pubkey-internal.h and context.h. (_gcry_pubkey_get_sexp): New. * src/context.c (_gcry_ctx_find_pointer): New. * src/cipher-proto.h: Add _gcry_pubkey_get_sexp. * tests/t-mpi-point.c (print_sexp): New. (context_param, basic_ec_math_simplified): Add tests for the new function. * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11. (AH_BOTTOM) Add error codes from gpg-error 1.12 * src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL. * mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q. (_gcry_mpi_ec_get_point): Ditto. Remove unused code. * cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release) (_gcry_pk_get_elements): Remove. 2013-04-05 Werner Koch Make the Q parameter optional for ECC signing. * cipher/ecc.c (ecc_sign): Remove the need for Q. * cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a private key. (sexp_to_key): Add optional arg R_IS_ECC. (gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys. * tests/pubkey.c (die): Make sure to print a LF. (check_ecc_sample_key): New. (main): Call new test. Add test case for SCRYPT and rework the code. * tests/t-kdf.c (check_scrypt): New. (main): Call new test. * configure.ac: Support disabling of the scrypt algorithm. Make KDF enabling similar to the other algorithm classes. Disable scrypt if we don't have a 64 bit type. * cipher/memxor.c, cipher/memxor.h: Remove. * cipher/scrypt.h: Remove. * cipher/kdf-internal.h: New. * cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to EXTRA_libcipher_la_SOURCES. (GCRYPT_MODULES): Add GCRYPT_KDFS. * src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value. * cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2. (_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0. (gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt. (gcry_kdf_derive) [!USE_SCRYPT]: Return an error. * cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined. Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types. (_SALSA20_INPUT_LENGTH): Remove underscore from identifier. (_scryptBlockMix): Replace memxor by buf_xor. (_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer overflow. Add hack to support blocksize of 1 for tests. Return errors from calls to _gcry_kdf_pkdf2. * cipher/kdf.c (openpgp_s2k): Make static. 2013-04-04 Christian Grothoff Add the SCRYPT KDF function. * scrypt.c, scrypt.h: New files. * memxor.c, memxor.h: New files. * cipher/Makefile.am: Add new files. * cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT. * src/gcrypt.h.in (GCRY_KDF_SCRYPT): New. 2013-03-22 Werner Koch Replace deprecated AM_CONFIG_HEADER macro. * configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADER/ Disable AES-NI support if as does not support SSSE3. * configure.ac (HAVE_GCC_INLINE_ASM_SSSE3): New test. (ENABLE_AESNI_SUPPORT): Do not define without SSSE3 support. (HAVE_GCC_INLINE_ASM_SSSE3, ENABLE_AVX_SUPPORT): Split up detection and definition. 2013-03-21 Werner Koch Fix make dependency regression. * src/Makefile.am (libgcrypt_la_DEPENDENCIES): Add missing backslash. Reported by LRN. 2013-03-20 Werner Koch Use finer grained on-the-fly helper computations for EC. * src/ec-context.h (mpi_ec_ctx_s): Replace NEED_SYNC by a bitfield. * mpi/ec.c (ec_p_sync): Remove. (ec_get_reset, ec_get_a_is_pminus3, ec_get_two_inv_p): New. (ec_p_init): Use ec_get_reset. (_gcry_mpi_ec_set_mpi, _gcry_mpi_ec_dup_point) (_gcry_mpi_ec_add_points): Replace ec_p_sync by the ec_get_ accessors. Allow building with w64-mingw32. * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also prepare for 64 bit building. Provide GCRYPT_VERSION_NUMBER macro, add build info to the binary. * src/gcrypt.h.in (GCRYPT_VERSION_NUMBER): New. * configure.ac (VERSION_NUMBER): New ac_subst. * src/global.c (_gcry_vcontrol): Move call to above function ... (gcry_check_version): .. here. * configure.ac (BUILD_REVISION, BUILD_FILEVERSION) (BUILD_TIMESTAMP): Define on all platforms. * compat/compat.c (_gcry_compat_identification): Include revision and timestamp. Fix a memory leak in the new EC code. * cipher/ecc.c (point_from_keyparam): Always call mpi_free on A. 2013-03-19 Werner Koch Extend the new EC interface and fix two bugs. * src/ec-context.h (mpi_ec_ctx_s): Add field NEED_SYNC. * mpi/ec.c (ec_p_sync): New. (ec_p_init): Only set NEED_SYNC. (_gcry_mpi_ec_set_mpi): Set NEED_SYNC for 'p' and 'a'. (_gcry_mpi_ec_dup_point, _gcry_mpi_ec_add_points) (_gcry_mpi_ec_mul_point): Call ec_p_sync. (_gcry_mpi_ec_get_point): Recompute 'q' is needed. (_gcry_mpi_ec_get_mpi): Ditto. Also allow for names 'q', 'q.x', 'q.y', and 'g'. * cipher/ecc.c (_gcry_mpi_ec_ec2os): New. * cipher/ecc.c (_gcry_mpi_ec_new): Fix init from parameters 'Q'->'q', 'G'->'q'. 2013-03-15 Werner Koch mpi: Add functions to manipulate an EC context. * src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove. (gcry_mpi_ec_new): New. (gcry_mpi_ec_get_mpi): New. (gcry_mpi_ec_get_point): New. (gcry_mpi_ec_set_mpi): New. (gcry_mpi_ec_set_point): New. * src/visibility.c (gcry_mpi_ec_p_new): Remove. * mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and change to return an error code. (_gcry_mpi_ec_get_mpi): New. (_gcry_mpi_ec_get_point): New. (_gcry_mpi_ec_set_mpi): New. (_gcry_mpi_ec_set_point): New. * src/mpi.h: Add new prototypes. * src/ec-context.h: New. * mpi/ec.c: Include that header. (mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some fields into an inner struct. (point_copy): New. * cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS. (mpi_from_keyparam, point_from_keyparam): New. (_gcry_mpi_ec_new): New. * tests/t-mpi-point.c (test-curve): New. (ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new. (get_and_cmp_mpi, get_and_cmp_point): New. (context_param): New test. (basic_ec_math_simplified): New test. (main): Call new tests. * src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX. 2013-03-13 Werner Koch Add GCRYMPI_FLAG_CONST and make use constants. * src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New. * src/mpi.h (mpi_is_const, mpi_const): New. (enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New. * mpi/mpiutil.c (_gcry_mpi_init): New. (constants): New. (_gcry_mpi_free): Do not release a constant flagged MPI. (gcry_mpi_copy): Clear the const and immutable flags. (gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support GCRYMPI_FLAG_CONST. (_gcry_mpi_const): New. * src/global.c (global_init): Call _gcry_mpi_init. * mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and eight. Change all users to call mpi_const() instead. * src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag. Add GCRYMPI_FLAG_IMMUTABLE to help debugging. * src/gcrypt.h.in (GCRYMPI_FLAG_IMMUTABLE): New. * src/mpi.h (mpi_is_immutable): New macro. * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) (gcry_mpi_get_flag): Implement new flag (_gcry_mpi_immutable_failed): New. * mpi/mpiutil.c (_gcry_mpi_clear, _gcry_mpi_free, gcry_mpi_snatch) (gcry_mpi_set, gcry_mpi_randomize): Act upon the immutable flag. * mpi/mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit) (gcry_mpi_clear_highbit, gcry_mpi_clear_bit) (_gcry_mpi_rshift_limbs, gcry_mpi_lshift): Ditto. * mpi/mpicoder.c (_gcry_mpi_set_buffer): Ditto. 2013-03-08 Werner Koch mpi: Add an API for EC math. * src/context.c, src/context.h: New. * src/Makefile.am (libgcrypt_la_SOURCES): Add new files. * src/gcrypt.h.in (struct gcry_context, gcry_ctx_t): New types. (gcry_ctx_release): New prototype. (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup) (gcry_mpi_ec_add, gcry_mpi_ec_mul): New prototypes. * mpi/ec.c: Include errno.h and context.h. (_gcry_mpi_ec_init): Rename to .. (ec_p_init): this, make static, remove allocation and add arg CTX. (_gcry_mpi_ec_p_internal_new): New; to replace _gcry_mpi_ec_init. Change all callers to use this func. (_gcry_mpi_ec_free): Factor code out to .. (ec_deinit): New func. (gcry_mpi_ec_p_new): New. * src/visibility.c: Include context.h and mpi.h. (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup) (gcry_mpi_ec_add, gcry_mpi_ec_mul) (gcry_ctx_release): New wrapper functions. * src/visibility.h: Mark new wrapper functions visible. * src/libgcrypt.def, src/libgcrypt.vers: Add new symbols. * tests/t-mpi-point.c (print_mpi, hex2mpi, cmp_mpihex): New. (context_alloc): New. (make_point, basic_ec_math): New. mpi: Add an API for EC point operations. * mpi/ec.c (gcry_mpi_point_new, gcry_mpi_point_release): New. (gcry_mpi_point_get, gcry_mpi_point_snatch_get): New. (gcry_mpi_point_set, gcry_mpi_point_snatch_set): New. * src/visibility.h, src/visibility.c: Add corresponding macros and wrappers. * src/gcrypt.h.in (struct gcry_mpi_point, gcry_mpi_point_t): New. (gcry_mpi_point_new, gcry_mpi_point_release, gcry_mpi_point_get) (gcry_mpi_point_snatch_get, gcry_mpi_point_set) (gcry_mpi_point_snatch_set): New prototypes. (mpi_point_new, mpi_point_release, mpi_point_get, mpi_point_snatch_get) (mpi_point_set, mpi_point_snatch_set): New macros. * src/libgcrypt.vers (gcry_mpi_point_new, gcry_mpi_point_release) (gcry_mpi_point_get, gcry_mpi_point_snatch_get, gcry_mpi_point_set) (gcry_mpi_point_snatch_set): New symbols. * src/libgcrypt.def: Ditto. * tests/t-mpi-point.c: New. * tests/Makefile.am (TESTS): Add t-mpi-point 2013-03-07 Werner Koch mpi: Add mpi_snatch and change an internal typedef. * src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point. (mpi_point_struct): New typedef. (mpi_point_t): Change typedef to a pointer. Replace all occurrences to use mpi_point_struct. * mpi/ec.c (_gcry_mpi_ec_point_init): Rename to .. (_gcry_mpi_point_init): this. Change all callers. (_gcry_mpi_ec_point_free): Rename to .. (_gcry_mpi_point_free_parts): this. Change all callers. * mpi/mpiutil.c (gcry_mpi_snatch): New function. * src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and macro. * src/visibility.c (gcry_mpi_snatch): Add wrapper. * src/visibility.h (gcry_mpi_snatch): Add macro magic. * src/libgcrypt.def, src/libgcrypt.vers: Add new function. Pretty print the configure feedback. * acinclude.m4 (GNUPG_MSG_PRINT): Remove. (GCRY_MSG_SHOW, GCRY_MSG_WRAP): New. * configure.ac: Use new macros for the feedback. 2013-02-20 Werner Koch Fix building of hwf-x86.c. * src/Makefile.am (AM_CFLAGS): Set to GPG_ERROR_CFLAGS (AM_CCASFLAGS): Set NOEXECSTACK_FLAGS. Remove build hacks for FreeBSD. * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and LDFLAGS. 2013-02-19 Jussi Kivilinna Rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni. * cipher/rijndael.c (_gcry_aes_cbc_enc): Check if AES-NI is enabled before calling aesni_prepare() and aesni_cleanup(). Add AES-NI/AVX accelerated Camellia implementation. * configure.ac: Add option --disable-avx-support. (HAVE_GCC_INLINE_ASM_AVX): New. (ENABLE_AVX_SUPPORT): New. (camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add camellia_aesni_avx_x86-64.lo. * cipher/Makefile.am (AM_CCASFLAGS): Add. (EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S * cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT] [__x86_64__] (USE_AESNI_AVX): Add macro. (struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx. [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc) (_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly functions. (camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware support both. (_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code. (_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code. * cipher/camellia_aesni_avx_x86-64.S: New. * src/g10lib.h (HWF_INTEL_AVX): New. * src/global.c (hwflist): Add HWF_INTEL_AVX. * src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection for AVX. camellia.c: Prepare for AES-NI/AVX implementation. * cipher/camellia-glue.c (CAMELLIA_encrypt_stack_burn_size) (CAMELLIA_decrypt_stack_burn_size): Increase stack burn size. * cipher/camellia.c (CAMELLIA_ROUNDSM): Move key-material mixing in the front. (camellia_setup128, camellia_setup256): Remove now unneeded key-material mangling. (camellia_encrypt128, camellia_decrypt128, amellia_encrypt256) (camellia_decrypt256): Copy block to stack, so that compiler can optimize it for register usage. Camellia, prepare glue code for AES-NI/AVX implementation. * cipher/camellia-glue.c (ATTR_ALIGNED_16): Add macro. (CAMELLIA_encrypt_stack_burn_size): Add macro. (camellia_encrypt): Use macro above for stack burn size. (CAMELLIA_decrypt_stack_burn_size): Add macro. (camellia_decrypt): Use macro above for stack burn size. (_gcry_camellia_ctr_enc): New function. (_gcry_camellia_cbc_dec): New function. (selftest_ctr_128): New function. (selftest): Call function above. * cipher/cipher.c (gcry_cipher_open) [USE_CAMELLIA]: Register bulk functions for CBC-decryption and CTR-mode. * src/cipher.h (_gcry_camellia_ctr_enc): New prototype. (_gcry_camellia_cbc_dec): New prototype. 2012-12-21 Werner Koch Prepare for hardware feature detection on other platforms. * configure.ac (GCRYPT_HWF_MODULES): New. (HAVE_CPU_ARCH_X86, HAVE_CPU_ARCH_ALPHA, HAVE_CPU_ARCH_SPARC) (HAVE_CPU_ARCH_MIPS, HAVE_CPU_ARCH_M68K, HAVE_CPU_ARCH_PPC) (HAVE_CPU_ARCH_ARM): New AC_DEFINEs. * mpi/config.links (mpi_cpu_arch): New. * src/global.c (print_config): Print new tag "cpu-arch". * src/Makefile.am (libgcrypt_la_SOURCES): Add hwf-common.h (EXTRA_libgcrypt_la_SOURCES): New. (gcrypt_hwf_modules): New. (libgcrypt_la_DEPENDENCIES, libgcrypt_la_LIBADD): Add that one. * src/hwfeatures.c: Factor most code out to ... * src/hwf-x86.c: New file. (detect_x86_gnuc): Return the feature vector. (_gcry_hwf_detect_x86): New. * src/hwf-common.h: New. * src/hwfeatures.c (_gcry_detect_hw_features): Dispatch using HAVE_CPU_ARCH_ macros. 2012-12-21 Jussi Kivilinna Clean up i386/x86-64 cpuid usage in hwfeatures.c. * src/hwfeatures.c [__i386__ && __GNUC__] (detect_ia32_gnuc): Remove. [__x86_64__ && __GNUC__] (detect_x86_64_gnuc): Remove. [__i386__ && __GNUC__] (is_cpuid_available, get_cpuid) (HAS_X86_CPUID): New. [__x86_64__ && __GNUC__] (is_cpuid_available, get_cpuid) (HAS_X86_CPUID): New. [HAS_X86_CPUID] (detect_x86_gnuc): New. (_gcry_detect_hw_features) [__i386__ && GNUC]: Remove detect_ia32_gnuc call. (_gcry_detect_hw_features) [__x86_64__ && GNUC]: Remove detect_x86_64_gnuc call. (_gcry_detect_hw_features) [HAS_X86_CPUID]: Add detect_x86_gnuc call. 2012-12-18 Dmitry Kasatkin Add support for using DRNG random number generator. * configure.ac: Add option --disable-drng-support. (ENABLE_DRNG_SUPPORT): New. * random/rndhw.c (USE_DRNG): New. (rdrand_long, rdrand_nlong, poll_drng): New. (_gcry_rndhw_poll_fast, _gcry_rndhw_poll_slow): Call poll function. * src/g10lib.h (HWF_INTEL_RDRAND): New. * src/global.c (hwflist): Add "intel-rdrand". * src/hwfeatures.c (detect_x86_64_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND. (detect_ia32_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND. 2012-12-03 Werner Koch random: Add a RNG selection interface and system RNG wrapper. * random/random-system.c: New. * random/Makefile.am (librandom_la_SOURCES): Add new module. * random/random.c (struct rng_types): New. (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New. (_gcry_random_initialize, gcry_random_add_bytes, do_randomize) (_gcry_set_random_seed_file, _gcry_update_random_seed_file) (_gcry_fast_random_poll): Dispatch to the actual RNG. * src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New. GCRYCTL_GET_CURRENT_RNG_TYPE): New. (gcry_rng_types): New. * src/global.c (print_config): Print the TNG type. (global_init, _gcry_vcontrol): Implement the new control codes. * doc/gcrypt.texi (Controlling the library): Document the new control codes. * tests/benchmark.c (main): Add options to test the RNG types. * tests/random.c (main): Add new options. (print_hex): Print to stderr. (progress_cb, rng_type): New. (check_rng_type_switching, check_early_rng_type_switching): New. (run_all_rng_tests): New. tests: Allow use of random.c under Windows. * tests/Makefile.am (TESTS): Always include random.c * tests/random.c [!W32]: Include sys/wait.h. (inf): New. (check_forking, check_nonce_forking): Print a notice what will be done. (main) [W32]: Do not call signal. Make random-fips.c work multi-threaded. * random/random-fips.c (basic_initialization): Fix reversed logic. Move nonce creation from csprng backend to random main module. * random/random-csprng.c (_gcry_rngcsprng_create_nonce): Remove. (nonce_buffer_lock): Remove. (initialize_basics): Remove init of nonce_buffer_lock. * random/random.c: Add a few header files. (nonce_buffer_lock): New. (_gcry_random_initialize): Init nonce_buffer_lock. (gcry_create_nonce): Add code from _gcry_rngcsprng_create_nonce. * random/random-daemon.c (_gcry_daemon_create_nonce): Remove. 2012-12-03 Jussi Kivilinna Fix building with CC="gcc -std=c90". * configure.ac: Add check for missing 'asm' keyword in C90 mode and replacement with '__asm__'. 2012-12-03 Werner Koch Try to use inttypes.h if stdint.h is not available. * cipher/bufhelp.h [HAVE_INTTYPES_H]: Include inttypes.h 2012-12-03 Jussi Kivilinna Optimize buffer xoring. * cipher/Makefile.am (libcipher_la_SOURCES): Add 'bufhelp.h'. * cipher/bufhelp.h: New. * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) (_gcry_cipher_aeswrap_decrypt): Use 'buf_xor' for buffer xoring. * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) (_gcry_cipher_cbc_decrypt): Use 'buf_xor' for buffer xoring and remove resulting unused variables. * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) Use 'buf_xor_2dst' for buffer xoring and remove resulting unused variables. (_gcry_cipher_cfb_decrypt): Use 'buf_xor_n_copy' for buffer xoring and remove resulting unused variables. * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Use 'buf_xor' for buffer xoring and remove resulting unused variables. * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) (_gcry_cipher_ofb_decrypt): Use 'buf_xor' for buffer xoring and remove resulting used variables. * cipher/rijndael.c (_gry_aes_cfb_enc): Use 'buf_xor_2dst' for buffer xoring and remove resulting unused variables. (_gry_aes_cfb_dev): Use 'buf_xor_n_copy' for buffer xoring and remove resulting unused variables. (_gry_aes_cbc_enc, _gry_aes_ctr_enc, _gry_aes_cbc_dec): Use 'buf_xor' for buffer xoring and remove resulting unused variables. 2012-11-29 Jussi Kivilinna Optimize AES-NI CTR mode. * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Make handling of 64-bit overflow and carry conditional. Avoid generic to vector register passing of value '1'. Generate and use '-1' instead. 2012-11-28 Werner Koch Make a cpp conditional in rijndael.c better readable. * cipher/rijndael.c (USE_AESNI): Modify cpp conditionals for better readability. 2012-11-28 Jussi Kivilinna Fix building with Clang on x86-64 and i386. * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_aligned) (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Add explicit suffix to 'cmp' instructions. 2012-11-26 Jussi Kivilinna Optimize wipememory2 for i386 and x86-64. * src/g10lib.h (wipememory2): Add call to fast_wipememory2. (fast_wipememory2): New macros for i386 and x86-64 architectures. Empty macro provided for other architectures. Fix missing 64bit carry handling in AES-NI CTR mode. * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Add carry handling to 64-bit addition. (selftest_ctr_128): New function for testing IV handling in bulk CTR function. (selftest): Add call to selftest_ctr_128. Add parallelized AES-NI CBC decryption. * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_5): New macro. [USE_AESNI] (do_aesni_dec_vec4): New function. (_gcry_aes_cbc_dec) [USE_AESNI]: Add parallelized CBC loop. (_gcry_aes_cbc_dec) [USE_AESNI]: Change IV storage register from xmm3 to xmm5. Clear xmm5 after use in AES-NI CTR mode. * cipher/rijndael.c [USE_AESNI]: Rename aesni_cleanup_2_4 to aesni_cleanup_2_5. [USE_AESNI] (aesni_cleanup_2_5): Clear xmm5 register. (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) [USE_AESNI]: Use aesni_cleanup_2_5 instead of aesni_cleanup_2_4. Optimize AES-NI CBC encryption. * cipher/rijndeal.c (_gcry_aes_cbc_enc) [USE_AESNI]: Add AES-NI spesific loop and use SSE2 assembler for xoring and copying of blocks. Improve parallelizability of CBC decryption for AES-NI. * cipher/rijndael.c (_gcry_aes_cbc_dec) [USE_AESNI]: Add AES-NI specific CBC mode loop with temporary block and IV stored in free SSE registers. Extend test of chained modes for 128bit ciphers. * tests/basic.c (check_one_cipher_core, check_one_cipher): Increase input and output buffer sizes from 16 bytes to 1024+16=1040 bytes. (check_one_cipher_core): Add asserts to verify sizes of temporary buffers. 2012-11-21 Werner Koch Fix for strict aliasing rules. * cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t for casting. Do not detect AES-NI support if disabled by configure. * src/hwfeatures.c (detect_ia32_gnuc): Detect AESNI support only if that support has been enabled. 2012-11-21 Jussi Kivilinna Fix too large burn_stack in camellia-glue.c. * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Do not take full array size of KEY_TABLE_TYPE, but argument size instead. Add x86_64 support for AES-NI. * cipher/rijndael.c [ENABLE_AESNI_SUPPORT]: Enable USE_AESNI on x86-64. (do_setkey) [USE_AESNI_is_disabled_here]: Use %[key] and %[ksch] directly as registers instead of using temporary register %%esi. [USE_AESNI] (do_aesni_enc_aligned, do_aesni_dec_aligned, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Use %[key] directly as register instead of using temporary register %%esi. [USE_AESNI] (do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Change %[key] from generic "g" type to register "r". * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Do not clear AES-NI feature flag. Fix cpuid vendor-id check for i386 and x86-64. * src/hwfeatures.c (detect_x86_64_gnuc, detect_ia32_gnuc): Allow Intel features be detect from CPU by other vendors too. Fix hwdetect assembler clobbers. * src/hwfeatures.c (detect_x86_64_gnuc): Add missing %ebx assembler clobbers. (detect_x86_64_gnuc, detect_ia32_gnuc) [ENABLE_PADLOCK_SUPPORT]: Add missing %ecx assembler clobbers. 2012-11-21 Werner Koch Use configure test for aligned attribute. * configure.ac (HAVE_GCC_ATTRIBUTE_ALIGNED): New test and ac_define. * cipher/cipher-internal.h, cipher/rijndael.c, random/rndhw.c: Use new macro instead of a fixed test for __GNUC__. Fix segv with AES-NI on some platforms. * cipher/rijndael.c (RIJNDAEL_context): Align on 16 bytes. 2012-11-16 Werner Koch Improve parsing of the GIT revision number. * configure.ac (mmm4_revision): Use git rev-parse. 2012-11-08 Werner Koch Fix extern inline use for gcc > 4.3 in c99 mode. * mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern inline semantics in gcc. 2012-11-07 Werner Koch Fix memory leak in gcry_pk_testkey for ECC. * cipher/ecc.c (check_secret_key): Restructure for easier allocation tracking. Fix memory leak. 2012-11-05 Werner Koch Prepare for a backported interface in 1.5.1. * configure.ac: Bump LT version at C20/A0/R0 to adjust for a planned API update in 1.5.1. Adjust for stricter autoconf requirements. * configure.ac: Fix usage of AC_LANG_PROGRAM. Update build helper scripts. * config.guess, config.sub: Update to version 2012-07-31. * ltmain.sh: Update to version 2.4.2. * install-sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4 * m4/lt~obsolete.m4: Update to autoconf 2.69 versions. Do not distribute a copy of gitlog-to-changelog. * Makefile.am (GITLOG_TO_CHANGELOG): New. (gen-ChangeLog): Require an installed gitlog-to-changelog. * scripts/gitlog-to-changelog: Remove. * README.SVN: Remove. * REMOVE.GIT: New. Allow building with w64-mingw32. * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also prepare for 64 bit building. : Remove option -c from chmod. Switch to the new automagic beta numbering scheme. * configure.ac: Add all the required m4 magic. Avoid dereferencing pointer right after the end. * mpi/mpicoder.c (do_get_buffer): Check the length before derefing P. 2012-10-30 Werner Koch Make ancient test program useful again. * tests/testapi.c (test_sexp): Adjust to current API. Print the return code. Mark unused args. (test_genkey): Mark unused args. (main): Do not pass NULL to printf. tests: Add ECC key generation tests. * tests/keygen.c (check_generated_ecc_key): New. (check_ecc_keys): New. (main): Call simple ECC checks. 2012-10-30 Milan Broz PBKDF2: Allow empty passphrase. * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2. * tests/t-kdf.c (check_pbkdf2): Add test case for above. 2012-08-16 Xi Wang Replace deliberate division by zero with _gcry_divide_by_zero. * mpi/mpi-pow.c: Replace 1 / msize. * mpi/mpih-div.c: Replace 1 / dsize. * src/misc.c: Add _gcry_divide_by_zero. 2012-06-21 Werner Koch Clear AESNI feature flag for x86_64. * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Clear AESNI feature flag. Beautify last change. * cipher/rijndael.c: Replace C99 feature from last patch. Keep cpp lines short. * random/rndhw.c: Keep cpp lines short. * src/hwfeatures.c (_gcry_detect_hw_features): Make cpp def chain better readable. 2012-06-21 Rafaël Carré Enable VIA Padlock on x86_64 platforms. * cipher/rijndael.c: Duplicate x86 assembly and convert to x86_64. * random/rndhw.c: Likewise. * src/hwfeatures.c: Likewise. 2012-05-14 Werner Koch Add curve aliases from RFC-5656. * cipher/ecc.c (curve_aliases): Add "nistp???" entries. 2012-04-16 Werner Koch State new contribution rules. * doc/DCO: New. * doc/HACKING: Document new rules. 2012-04-04 Tomas Mraz Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command. * doc/gcrypt.texi: Add documentation of the new command. * src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode only when fips mode is enabled. (_gcry_set_enforced_fips_mode): New function. * src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype. * src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG. * src/global.c (_gcry_vcontrol): Handle the new command. 2012-02-17 Ulrich Müller Rework selftest in idea.c. * cipher/idea.c (do_setkey): Execute selftest when first called. (decrypt_block): Remove commented-out code. (selftest): Execute all selftests. Return NULL on success, or string in case of error. 2012-02-16 Werner Koch Fix missing prototype. * src/g10lib.h (_gcry_secmem_module_init): Make it a real prototype. 2012-02-16 Ulrich Müller Add support for the IDEA cipher. Adapt idea.c to the Libgcrypt framework. Add IDEA to cipher_table and to the build system. Patents on IDEA have expired: Europe: EP0482154 on 2011-05-16, Japan: JP3225440 on 2011-05-16, U.S.: 5,214,703 on 2012-01-07. * configure.ac: Add idea to the list of available ciphers. Define USE_IDEA if idea is enabled. * cipher/cipher.c (cipher_table): Add entry for IDEA. * cipher/idea.c: Update comment about patents. Include proper header files and remove redundant declarations. (expand_key, cipher, do_setkey, encrypt_block, decrypt_block): Define function arguments as const where appropriate. (cipher): Test for !WORDS_BIGENDIAN instead of LITTLE_ENDIAN_HOST. (do_setkey, decrypt_block): Don't call selftest. (idea_setkey): New function, wrapper for do_setkey. (idea_encrypt): New function, wrapper for encrypt_block. (_gcry_cipher_spec_idea): Define. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add idea.c. * src/cipher.h (_gcry_cipher_spec_idea): Declare. * tests/basic.c (check_ciphers): Add GCRY_CIPHER_IDEA. 2012-01-09 Werner Koch Include an IDEA implementation. The code is the old IDEA test code, written by me back in 1997 and distributed on a Danish FTP server. This commit is only for reference. To use the code it has to be adjusted to the Libgcrypt framework. 2012-01-03 Marcus Brinkmann Fix pthread locking and remove defunctional support for static lock init. * src/ath.c: Include assert.h. (ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK. * src/g10lib.h (_gcry_secmem_module_init): New declaration. * src/global.c (global_init): Call _gcry_secmem_module_init. * src/secmem.c (_gcry_secmem_module_init): New function. 2011-12-16 Werner Koch Add alignment tests for the cipher tests. * tests/basic.c (check_one_cipher): Factor most code out to check_one_cipher_core. Call that core function several times using different alignment settings. (check_one_cipher_core): New. Add extra args to allow alignment testing. 2011-12-07 Werner Koch tests/prime: Add option to create a well known private key. * tests/prime.c (print_mpi, create_42prime): New. (main): Add option --42. 2011-12-01 Werner Koch Do not build the random-daemon by make distcheck. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Disable building of the random daemon Generate the ChangeLog from commit logs. * scripts/gitlog-to-changelog: New script. Taken from gnulib. * scripts/git-log-fix: New file. * scripts/git-log-footer: New file. * doc/HACKING: Describe the ChangeLog policy * ChangeLog: New file. * Makefile.am (EXTRA_DIST): Add new files. (gen-ChangeLog): New. (dist-hook): Run gen-ChangeLog. Rename all ChangeLog files to ChangeLog-2011. 2011-12-01 Werner Koch NB: Changes done before December 1st, 2011 are described in per directory files named ChangeLog-2011. See doc/HACKING for details. ----- Copyright (C) 2011 Free Software Foundation, Inc. Copying and distribution of this file and/or the original GIT commit log messages, with or without modification, are permitted provided the copyright notice and this notice are preserved.