1 2019-09-15 Niels Möller <nisse@lysator.liu.se>
3 * testsuite/dlopen-test.c (main): Use libnettle.dylib on MacOS.
5 2019-07-08 Niels Möller <nisse@lysator.liu.se>
7 * nettle-types.h (union nettle_block16): Mark w member as deprecated.
8 * eax.c (block16_xor): Use uint64_t member of nettle_block16.
9 * gcm.c (gcm_gf_add, gcm_gf_shift, gcm_gf_shift_8): Likewise.
11 2019-07-10 Niels Möller <nisse@lysator.liu.se>
13 From Dmitry Eremin-Solenikov:
14 * cmac64.c (_cmac64_block_mulx, cmac64_set_key, cmac64_init)
15 (cmac64_update, cmac64_digest): New file, new functions.
16 * cmac-des3.c (cmac_des3_set_key, cmac_des3_update)
17 (cmac_des3_digest): New file, new functions.
18 * cmac.h: Add cmac64 and cmac_des3 declarations.
19 * Makefile.in (nettle_SOURCES): Add cmac64.c and cmac-des3.c.
20 * testsuite/cmac-test.c (test_main): Add tests for cmac_des3.
22 2019-07-02 Niels Möller <nisse@lysator.liu.se>
24 From Dmitry Eremin-Solenikov:
25 * testsuite/testutils.c (test_mac): New function.
26 * testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256):
27 New algorithm structs.
28 (test_cmac_aes128, test_cmac_aes256): Use test_mac.
30 2019-06-06 Niels Möller <nisse@lysator.liu.se>
32 Update for cmac changes, enabling const for the _message functions.
33 * siv-cmac.c (_siv_s2v): Take a const struct cmac128_key as argument,
34 and use a local struct cmac128_ctx for message-specific state.
35 (siv_cmac_set_key): Take a struct cmac128_key as argument. Updated
37 (siv_cmac_encrypt_message, siv_cmac_decrypt_message): Take a const
38 struct cmac128_key as argument. Updated callers.
40 * siv-cmac.h (SIV_CMAC_CTX): Changed to use struct cmac128_key
41 rather than struct cmac128_ctx.
43 * siv-cmac-aes256.c (siv_cmac_aes256_encrypt_message)
44 (siv_cmac_aes256_decrypt_message): Likewise.
45 * siv-cmac-aes128.c (siv_cmac_aes128_encrypt_message)
46 (siv_cmac_aes128_decrypt_message): The ctx argument made const.
48 2019-05-15 Niels Möller <nisse@lysator.liu.se>
50 * siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE):
52 * testsuite/siv-test.c: Simplify tests a little.
54 * siv-cmac.h (SIV_MIN_NONCE_SIZE): New constant, 1.
55 * siv-cmac.c (_siv_s2v): Require non-empty nonce.
56 * nettle.texinfo (SIV-CMAC): Update documentation.
58 2019-05-06 Niels Möller <nisse@lysator.liu.se>
60 SIV-CMAC mode, based on patch by Nikos Mavrogiannopoulos:
61 * siv-cmac.h (SIV_BLOCK_SIZE, SIV_DIGEST_SIZE): New constants.
62 (SIV_CMAC_CTX): New macro.
63 (struct siv_cmac_aes128_ctx, struct siv_cmac_aes256_ctx): New
65 * siv-cmac.c (_siv_s2v, siv_cmac_set_key)
66 (siv_cmac_encrypt_message)
67 (siv_cmac_decrypt_message): New file, new functions.
68 * siv-cmac-aes128.c (siv_cmac_aes128_set_key)
69 (siv_cmac_aes128_encrypt_message)
70 (siv_cmac_aes128_decrypt_message): New file, new functions.
71 * siv-cmac-aes256.c (siv_cmac_aes256_set_key)
72 (siv_cmac_aes256_encrypt_message)
73 (siv_cmac_aes256_decrypt_message): New file, new functions.
74 * Makefile.in (nettle_SOURCES): Add siv-cmac source files.
75 (HEADERS): Add siv-cmac.h.
76 * testsuite/siv-test.c: New file.
77 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added siv-test.c
78 * nettle.texinfo (SIV-CMAC): Documentation.
80 2019-04-30 Niels Möller <nisse@lysator.liu.se>
82 Based on a patch contributed by Nikos Mavrogiannopoulos.
83 * cmac.c (_cmac128_block_mulx): Renamed function...
84 (block_mulx): ... from old name.
85 * cmac-internal.h (_cmac128_block_mulx): New file, declare function.
86 * Makefile.in (DISTFILES): Added cmac-internal.h.
88 2019-06-26 Niels Möller <nisse@lysator.liu.se>
90 * Released nettle-3.5.1.
92 * configure.ac: Update version number to 3.5.1.
94 * Makefile.in (distdir): Add x86_64/sha_ni to list of distributed
97 * Released nettle-3.5.
99 2019-06-25 Niels Möller <nisse@lysator.liu.se>
101 * config.sub: Update to 2019-05-23 version, from savannah's
103 * config.guess: Update to 2019-06-10 version, from savannah's
104 config.git. Adds recognition of mips R6 and riscv.
106 2019-06-05 Niels Möller <nisse@lysator.liu.se>
108 Further separation of CMAC per-message state from the
109 message-independent subkeys, analogous to the gcm implementation.
110 * cmac.h (struct cmac128_ctx): Remove key, instead a struct
111 cmac128_key should be passed separately to functions that need it.
112 (CMAC128_CTX): Include both a struct cmac128_key and a struct
114 (CMAC128_SET_KEY, CMAC128_DIGEST): Updated accordingly.
116 * cmac.c (cmac128_set_key): Change argument type from cmac128_ctx
117 to cmac128_key. Use a nettle_block16 for the constant zero block.
118 (cmac128_init): New function, to initialize a cmac128_ctx.
119 (cmac128_digest): Add cmac128_key argument. Move padding memset
120 into the block handling a partial block. Call cmac128_init to
123 2019-06-01 Niels Möller <nisse@lysator.liu.se>
125 * cmac.h (struct cmac128_key): New struct.
126 * cmac.h (struct cmac128_ctx): Use struct cmac128_key.
127 * cmac.c (cmac128_set_key, cmac128_digest): Update accordingly.
129 2019-05-12 Niels Möller <nisse@lysator.liu.se>
131 Delete old libdes/openssl compatibility interface.
132 * des-compat.c: Delete file.
133 * des-compat.h: Delete file.
134 * testsuite/des-compat-test.c: Delete file.
135 * nettle.texinfo (Compatibility functions): Delete mention in documentation.
137 2019-05-11 Niels Möller <nisse@lysator.liu.se>
139 * NEWS: More updates for Nettle-3.5.
141 2019-04-27 Niels Möller <nisse@lysator.liu.se>
144 * x86_64/poly1305-internal.asm: Add missing EPILOGUE.
145 * x86_64/serpent-decrypt.asm: Likewise.
146 * x86_64/serpent-encrypt.asm: Likewise.
148 2019-04-14 Niels Möller <nisse@lysator.liu.se>
150 * tools/nettle-pbkdf2.c (main): Check strdup return value.
152 2019-03-29 Niels Möller <nisse@lysator.liu.se>
154 * aes.h (struct aes_ctx): Redefine using a union of key-size
156 * aes-decrypt.c (aes_decrypt): Use switch on key_size.
157 * aes-encrypt.c (aes_encrypt): Likewise.
158 * aes-set-decrypt-key.c (aes_invert_key): Likewise.
159 * aes-set-encrypt-key.c (aes_set_encrypt_key): Likewise.
161 2019-03-27 Niels Möller <nisse@lysator.liu.se>
163 * xts.c (xts_shift): Arrange with a single write to u64[1].
164 * cmac.c (block_mulx): Rewrite to work in the same way as
165 xts_shift, with 64-bit operations. XTS and CMAC use opposite
166 endianness, but otherwise, these two functions are identical.
168 2019-03-24 Niels Möller <nisse@lysator.liu.se>
173 (BE_SHIFT): New macro.
174 (xts_shift, check_length, xts_encrypt_message)
175 (xts_decrypt_message): New functions.
176 * xts-aes128.c (xts_aes128_set_encrypt_key)
177 (xts_aes128_set_decrypt_key, xts_aes128_encrypt_message)
178 (xts_aes128_decrypt_message): New file, new functions.
179 * xts-aes256.c (xts_aes256_set_encrypt_key)
180 (xts_aes256_set_decrypt_key, xts_aes256_encrypt_message)
181 (xts_aes256_decrypt_message): New file, new functions.
182 * nettle.texinfo (XTS): Document XTS mode.
183 * Makefile.in (nettle_SOURCES): Add xts sourcce files.
184 (HEADERS): New installed header xts.h.
185 * testsuite/xts-test.c: New file.
186 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add xts-test.c.
188 2019-02-06 Niels Möller <nisse@lysator.liu.se>
190 * gosthash94.h (struct gosthash94_ctx): Move block buffer last in
192 * md2.h (struct md2_ctx): Likewise.
193 * md4.h (struct md4_ctx): Likewise.
194 * md5.h (struct md5_ctx): Likewise.
195 * ripemd160.h (struct ripemd160_ctx): Likewise.
196 * sha1.h (struct sha1_ctx): Likewise.
197 * sha2.h (struct sha256_ctx, struct sha512_ctx): Likewise.
199 2019-01-19 Niels Möller <nisse@lysator.liu.se>
201 * examples/Makefile.in (TARGETS): Delete eratosthenes, left over
204 * fat-arm.c: Fix declarations of chacha_core functions.
206 From Yuriy M. Kaminskiy:
207 * fat-setup.h (chacha_core_func): New typedef.
208 * fat-arm.c (fat_init): Enable choice between
209 _nettle_chacha_core_c and _nettle_chacha_core_neon.
210 * configure.ac (asm_nettle_optional_list): Add
211 chacha-core-internal-2.asm.
212 * chacha-core-internal.c: Enable fat build with C and asm version.
213 * arm/fat/chacha-core-internal-2.asm: New file.
215 2019-01-12 Niels Möller <nisse@lysator.liu.se>
217 * examples/eratosthenes.c: Deleted program.
218 * examples/Makefile.in: Delete rule to build and distribute it.
220 2019-01-10 Niels Möller <nisse@lysator.liu.se>
222 * testsuite/rsa-compute-root-test.c (test_one): Use %u and
223 corresponding cast, when printing bit sizes.
225 2019-01-09 Niels Möller <nisse@lysator.liu.se>
227 * examples/nettle-benchmark.c (GET_CYCLE_COUNTER): Add volatile to
230 2019-01-08 Niels Möller <nisse@lysator.liu.se>
232 * sha512-compress.c: Add missing include of sha2-internal.h.
234 2019-01-06 Niels Möller <nisse@lysator.liu.se>
236 * testsuite/rsa-compute-root-test.c (generate_keypair): Fix assert
237 call with side-effects.
239 2019-01-06 Niels Möller <nisse@lysator.liu.se>
241 * nettle-types.h: Don't use nettle-stdint.h, include <stdint.h>
243 * nettle-write.h: Likewise.
244 * configure.ac: Delete use of AX_CREATE_STDINT_H.
245 * aclocal.m4 (AX_CREATE_STDINT_H): Delete.
246 * Makefile.in (INSTALL_HEADERS, distclean-here): Delete mention of
249 2018-12-26 Niels Möller <nisse@lysator.liu.se>
251 * examples/hogweed-benchmark.c (make_openssl_rsa_ctx): New helper
252 function. Call openssl's RSA_generate_key_ex rather then the
253 deprecated RSA_generate_key.
254 (bench_openssl_rsa_init, bench_openssl_rsa_tr_init): Use it.
256 * eccdata.c (ecc_pippenger_precompute): Check that table size is
257 at least 2. Intended to silence warning from the clang static
260 * configure.ac: Bump package version to 3.5.
261 (LIBNETTLE_MAJOR): Bump major number, now 7.
262 (LIBHOGWEED_MAJOR): Bump major number, now 5.
263 (LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Reset to zero.
265 * pkcs1-internal.h: New header file, moved declarations of
266 _pkcs1_sec_decrypt and _pkcs1_sec_decrypt_variable here.
267 * rsa-internal.h: ... old location.
268 * Makefile.in (DISTFILES): Added pkcs1-internal.h.
269 * pkcs1-decrypt.c: Include new file.
270 * pkcs1-sec-decrypt.c: Likewise.
271 * rsa-decrypt-tr.c: Likewise.
272 * rsa-sec-decrypt.c: Likewise.
273 * testsuite/pkcs1-sec-decrypt-test.c: Likewise.
275 * tools/nettle-pbkdf2.c: Add #define _GNU_SOURCE, needed for
276 strdup with gcc -std=c89.
277 * testsuite/ed25519-test.c: Add #define _GNU_SOURCE, needed for
278 getline with gcc -std=c89.
280 * rsa-sign-tr.c (sec_equal): Fix accidental use of C99 for loop.
281 Reported by Andreas Gustafsson.
282 * testsuite/rsa-sec-decrypt-test.c (test_main): Likewise.
284 2018-12-04 Niels Möller <nisse@lysator.liu.se>
286 * Released nettle-3.4.1.
288 2018-11-28 Niels Möller <nisse@lysator.liu.se>
290 * configure.ac: Update GMP check. Check for the function
291 mpn_sec_div_r, available since GMP-6.0.0.
293 * testsuite/rsa-encrypt-test.c (test_main): Fix allocation of
294 decrypted storage. Update test of rsa_decrypt, to allow clobbering
295 of all of the passed in message area.
297 * pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around
298 _pkcs1_sec_decrypt_variable. Improves side-channel silence of the
299 only caller, rsa_decrypt.
301 * Makefile.in (DISTFILES): Add rsa-internal.h, needed for make
302 dist. Patch from Simo Sorce.
304 * rsa-internal.h: Add include of rsa.h.
306 2018-11-27 Niels Möller <nisse@lysator.liu.se>
308 * rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New
309 local helper functions, with their own itch functions.
310 (_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to
311 use helpers, for clarity.
313 2018-11-26 Niels Möller <nisse@lysator.liu.se>
315 * testsuite/rsa-compute-root-test.c (generate_keypair): Simplify
316 selection of psize and qsize, and fix so that qsize is used.
317 (test_main): Add outer loop, to test with more than one key.
318 Deallocate storage before exiting.
320 2018-11-25 Niels Möller <nisse@lysator.liu.se>
322 * testsuite/rsa-compute-root-test.c: Renamed, from ...
323 * testsuite/rsa-sec-compute-root-test.c: ... old name.
325 * rsa.h (rsa_sec_compute_root_tr): Deleted declaration, moved to ...
326 * rsa-internal.h (_rsa_sec_compute_root_tr): ... new location.
327 * rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
328 (rsa_sec_compute_root_tr): ... old name. Updated callers.
329 (cnd_mpn_zero): Use a volatile-declared mask variable.
331 * testsuite/testutils.c (mpz_urandomb) [NETTLE_USE_MINI_GMP]: Fix
332 masking of most significant bits.
334 * rsa-decrypt-tr.c (rsa_decrypt_tr): Use
335 NETTLE_OCTET_SIZE_TO_LIMB_SIZE.
337 * testsuite/rsa-sec-decrypt-test.c (rsa_decrypt_for_test): Tweak
338 valgrind marking, and document potential leakage of lowest and
339 highest bits of p and q.
341 * rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to
342 mpz_sizeinbase, since that potentially leaks most significant bits
343 of private key parameters a and b.
345 * testsuite/pkcs1-sec-decrypt-test.c (pkcs1_decrypt_for_test): Fix
346 valgrind marking of return value.
348 Merged below changes from Simo Sorce, to make RSA private key
349 operations side-channel silent.
351 2018-11-08 Simo Sorce <simo@redhat.com>
353 * rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
354 _rsa_sec_compute_root.
356 * testsuite/rsa-sec-compute-root-test.c: Add more tests for new
357 side-channel silent functions.
359 * rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn,
360 since that is required for one of the GMP calls in
361 _rsa_sec_compute_root.
363 * rsa-decrypt-tr.c: Switch to use side-channel silent functions.
365 * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private
366 function. Variable size version for backwards compatibility.
368 * testsuite/rsa-sec-decrypt-test.c: Adds more tests.
370 * rsa-sec-decrypt.c (rsa_sec_decrypt): New function.
371 Fixed length side-channel silent version of rsa-decrypt.
372 * testsuite/rsa-encrypt-test.c: add tests for the new fucntion.
374 * testsuite/pkcs1-sec-decrypt-test.c: Adds tests for
377 * gmp-glue.c (mpn_get_base256): New function.
379 * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function.
380 Fixed length side-channel silent version of pkcs1-decrypt.
382 * cnd-memcpy.c (cnd_memcpy): New function.
383 * memops.h: Declare it.
384 * testsuite/cnd-memcpy-test.c: New test case.
386 * rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses
387 _rsa_sec_compute_root, as well as side-channel silent RSA
389 (rsa_compute_root_tr) Rewritten as a wrapper around
390 rsa_sec_compute_root_tr.
391 (rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root)
392 (cnd_mpn_zero): New helper functions.
393 (rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not
394 side-channel silent wrapper around rsa_compute_root_tr, and the
395 latter function left unchanged.
397 * rsa-sec-compute-root.c (_rsa_sec_compute_root_itch)
398 (_rsa_sec_compute_root): New file, new private functions.
399 Side-channel silent version of rsa_compute_root.
400 * rsa-internal.h: New header file with declarations.
402 * gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro.
404 2018-11-24 Niels Möller <nisse@lysator.liu.se>
406 * configure.ac: Bump package version to 3.4.1.
407 (LIBNETTLE_MINOR): Bump library version to 6.5.
408 (LIBHOGWEED_MINOR): Bump library version to 4.5.
410 2018-11-17 Niels Möller <nisse@lysator.liu.se>
412 * examples/hogweed-benchmark.c (bench_rsa_verify)
413 (bench_openssl_rsa_tr_init): New functions.
414 (alg_list): Benchmark timing-resistant RSA functions, i.e.,
415 including RSA blinding.
416 (main): Increase width of first column, here and in other
419 2018-10-10 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
421 * ctr16.c (_ctr_crypt16): Bugfix for the src == dst case, when
422 processing more than on full block of size CTR_BUFFER_LIMIT, src
423 and dst arguments to memxor3 were not properly updated.
425 2018-10-10 Niels Möller <nisse@lysator.liu.se>
427 * aes-set-encrypt-key.c: Add missing include of stdlib.h.
428 * des-compat.c: Likewise.
430 2018-09-13 Niels Möller <nisse@lysator.liu.se>
432 * rsa-keygen.c (rsa_generate_keypair): Delete unlikely and
433 redundant check for p == q.
435 2018-08-09 Niels Möller <nisse@lysator.liu.se>
437 * rsa-internal.h (_rsa_blind, _rsa_unblind): Mark with
438 _NETTLE_ATTRIBUTE_DEPRECATED.
440 * nettle-types.h (_NETTLE_ATTRIBUTE_PURE)
441 (_NETTLE_ATTRIBUTE_DEPRECATED): New macros, for gcc and
443 * ecc-curve.h: Include nettle-types.h, and use
444 _NETTLE_ATTRIBUTE_PURE instead of local definition.
445 * nettle-meta.h: Use _NETTLE_ATTRIBUTE_PURE, instead of explicit
448 * aes.h: Mark functions using struct aes_ctx interface as
449 deprecated. Add #undef _NETTLE_ATTRIBUTE_DEPRECATED in files where
450 the functions are implemented or tested.
451 * gcm.h: Similarly mark functions using gcm_aes_ctx as deprecated.
453 * nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper)
454 (blowfish128_set_key_wrapper): Wrapper functions, to avoid cast
455 between incompatible function types (which gcc-8 warns about).
456 Wrappers are expected to compile to a single jmp instruction.
458 * des-compat.c (des_compat_des3_encrypt)
459 (des_compat_des3_decrypt): Change length argument type to size_t.
461 2018-08-08 Niels Möller <nisse@lysator.liu.se>
463 * nettle.texinfo (Compatibility): New section on ABI and API
466 2018-07-25 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
468 * examples/nettle-benchmark.c: Add benchmarking for HMAC functions.
470 2018-07-13 Niels Möller <nisse@lysator.liu.se>
472 * examples/eratosthenes.c (vector_alloc): Add assert related to
473 overflow in the size calculation. Fixes a corner case identified
475 (vector_init): Analogous assert.
477 2018-07-12 Niels Möller <nisse@lysator.liu.se>
479 * examples/eratosthenes.c (main): Don't allocate bitmap storage
480 for limit == 2 (early exit), closing memory leak at exit.
481 (main): Fix handling of short -q option.
483 * eccdata.c (output_curve): Replace mpz_init_set_ui by mpz_set_ui,
485 (ecc_curve_clear): New function.
486 (main): Call it, to deallocate storage before exit.
488 2018-07-08 Niels Möller <nisse@lysator.liu.se>
490 * fat-x86_64.c (fat_init): Fix setup for nettle_sha1_compress.
491 * x86_64/fat/sha1-compress.asm: Add leading underscore to symbol name.
492 * x86_64/fat/sha1-compress-2.asm: Likewise.
494 2018-07-07 Niels Möller <nisse@lysator.liu.se>
496 From Nikos Mavrogiannopoulos.
497 * sha1-compress.c (nettle_sha1_compress): Renamed, and promoted to
498 public function, since there's known appliation usage (filezilla).
499 * sha1.h (_nettle_sha1_compress): Old name, now a preprocessor
500 alias for the new name.
501 * md5-compress.c (nettle_md5_compress): Similarly renamed (used by
503 * md5.h (_nettle_md5_compress): Old name,, now a preprocessor
504 alias for the new name.
506 * chacha-internal.h, dsa-internal.h, eddsa-internal.h:
507 * hogweed-internal.h, ripemd160-internal.h, rsa-internal.h:
508 * salsa20-internal.h, sha2-internal.h, sha3-internal.h:
509 * umac-internal.h: Internal declarations moved to new header
510 files, which are not installed..
511 * Makefile.in (DISTFILES): Added above files.
513 * libnettle.map.in: Use a different symbol version for _nettle_*
514 symbols, depending on the minor release. This marks these symbols
515 explicitly not part of the public Nettle ABI.
516 * libhogweed.map.in: Analogous change.
518 2018-06-17 Niels Möller <nisse@lysator.liu.se>
520 * aclocal.m4 (NETTLE_CHECK_IFUNC): Fix quoting. Patch contributed
521 by Dmitry Eremin-Solenikov.
523 * testsuite/symbols-test: Exclude ____chkstk_darwin symbols,
524 produced by Apple's Xcode 10 compiler. Patch contributed by
527 2018-03-25 Niels Möller <nisse@lysator.liu.se>
530 * configure.ac (ASM_WORDS_BIGENDIAN): New substution, set from AC_C_BIGENDIAN.
531 * config.m4.in: Use it to set WORDS_BIGENDIAN.
532 * asm.m4 (IF_BE, IF_LE): New macros.
533 * arm/memxor.asm: Support big-endian ARM.
534 * arm/memxor3.asm: Likewise.
535 * arm/neon/chacha-core-internal.asm: Likewise.
536 * arm/neon/salsa20-core-internal.asm: Likewise.
537 * arm/neon/umac-nh.asm: Likewise.
538 * arm/v6/sha1-compress.asm: Likewise.
539 * arm/v6/sha256-compress.asm: Likewise.
540 * arm/README: Document big-endian considerations.
542 2018-03-17 Niels Möller <nisse@lysator.liu.se>
544 Discourage direct access to data symbols with non-public size.
545 Direct references to these symbols may result in copy-relocations
546 like R_X86_64_COPY, which make the symbol size leak into the ABI.
547 * ecc-curve.h (_nettle_secp_192r1, _nettle_secp_224r1)
548 (_nettle_secp_256r1, _nettle_secp_384r1, _nettle_secp_521r1): Add
549 leading underscore on these data symbols.
551 * nettle-meta.h (_nettle_ciphers, _nettle_hashes, _nettle_aeads)
552 (_nettle_armors): Add leading underscore on these data symbols.
553 Update all internal use. Macros without leading underscore remain,
554 and expand to access via accessor functions nettle_get_ciphers and
557 2018-03-10 Niels Möller <nisse@lysator.liu.se>
559 * eccdata.c (ecc_table_size): New helper function.
560 (ecc_pippenger_precompute): Display warning for poor parameters.
562 * eccparams.c (main): New program, to list parameter alternatives
563 for Pippenger's algorithm.
565 * Makefile.in: Tweak parameters for ecc tables.
566 (ecc-192.h): Change parameters from k = 7, c = 6 to k = 8, c = 6.
567 Reduces table size from 15 KB to 12 KB. Modest speedup, appr. 3%
568 for ecdsa signatures.
569 (ecc-224.h): Change parameters from k = 12, c = 6 to k = 16, c =
570 7. Table size unchanged (14 KB in 32-bit platforms, 18 KB on
571 64-bit platforms. Minor speedup, appr. 1% for ecdsa signatures.
572 (ecc-256.h): Change parameters from k = 14, c = 6 to k = 11, c =
573 6. Table size unchanged, 16 KB. 14% speedup for ecdsa signatures.
574 (ecc-384.h): Changed parameters from k = 41, c = 6 to k = 32, c =
575 6. Table size unchanged. 12% speedup for ecdsa signatures.
576 (ecc-521.h): Changed parameters from k = 56, c = 6 to k 44, c = 6.
577 Table size unchanged (17 KB on 32-bit platforms, 18 KB on 64-bit
578 platforms). 15% speedup for ecdsa signatures.
579 (ecc-255.h): Change parameters from k = 14, c = 6 to k = 11, c =
580 6. Table size unchanged, 16 KB. 24% speedup for eddsa signatures.
582 2018-03-14 Niels Möller <nisse@lysator.liu.se>
584 Merge sha256 code using the x86_64 sha_ni instructions, starting
587 2018-03-11 Niels Möller <nisse@lysator.liu.se>
589 * x86_64/fat/sha256-compress.asm: New file.
590 * x86_64/fat/sha256-compress-2.asm: New file.
591 * fat-x86_64.c (fat_init): Select plain x86_64 assembly version or
592 sha_ni version for sha256_compress.
594 2018-02-21 Niels Möller <nisse@lysator.liu.se>
596 * x86_64/sha_ni/sha256-compress.asm: New implementation using sha_ni
599 2018-02-20 Niels Möller <nisse@lysator.liu.se>
601 * testsuite/cmac-test.c (test_cmac_hash): Deallocate ctx properly.
603 2018-02-19 Niels Möller <nisse@lysator.liu.se>
605 Mostly aesthetic changes. Besides indentation:
606 * cmac.h (struct cmac128): Rename, to cmac128_ctx.
607 (CMAC128_CTX): Rename first member from data to ctx.
609 * cmac.c: Use const void * as the type for cipher arguments.
610 (block_mulx): Un-inline.
611 (cmac128_set_key): Make a constant function local.
613 * testsuite/cmac-test.c: Delete local typedefs.
615 2018-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
617 Add support for CMAC.
619 (struct cmac128): New struct.
620 * cmac.c (block_mulx, cmac128_set_key, cmac128_update)
621 (cmac128_digest): New file, new functions.
622 * cmac-aes128.c (cmac_aes128_set_key, cmac_aes128_update)
623 (cmac_aes128_digest): New file, new functions.
624 * cmac-aes256.c (cmac_aes256_set_key, cmac_aes256_update)
625 (cmac_aes256_digest): New file, new functions.
626 * Makefile.in (nettle_SOURCES): Added cmac.c cmac-aes128.c cmac-aes256.c.
627 (HEADERS): Added cmac.h.
629 * testsuite/cmac-test.c: New tests.
630 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add cmac-test.c.
632 * examples/nettle-benchmark.c (time_cmac): New function.
635 * nettle.texinfo: Document CMAC.
637 2018-02-20 Niels Möller <nisse@lysator.liu.se>
639 * testsuite/cbc-test.c (test_cbc_bulk): Use struct
640 aes256_ctx, instead of the deprecated struct aes_ctx.
641 * testsuite/cfb-test.c (test_cfb_bulk): Likewise.
642 * examples/rsa-session.h (struct rsa_session): Likewise.
643 * examples/rsa-encrypt.c (rsa_session_set_encrypt_key)
644 (process_file): Use aes256_* functions.
645 * examples/rsa-decrypt.c (rsa_session_set_decrypt_key)
646 (process_file): Likewise.
648 2018-02-19 Niels Möller <nisse@lysator.liu.se>
650 * nettle-internal.h: Include sha3.h, needed for the definition of
651 NETTLE_MAX_HASH_CONTEXT_SIZE.
652 (TMP_DECL_ALIGN, TMP_ALLOC_ALIGN): New macros, to support
653 allocation of context structs with alignment requirements.
654 [!HAVE_ALLOCA]: Also use assert, rather than calling abort
657 * pss.c (pss_encode_mgf1, pss_verify_mgf1): Use new macros.
658 * pss-mgf1.c (pss_mgf1): Likewise.
660 2018-02-18 Niels Möller <nisse@lysator.liu.se>
662 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved pss-mgf1-test.c...
663 (TS_HOGWEED_SOURCES): ...to here. Fixes link failure in builds
664 without public-key support.
666 2018-02-18 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
668 * examples/nettle-openssl.c): Move expressions with side effects
671 2018-02-17 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
673 (openssl_evp_set_encrypt_key, openssl_evp_set_decrypt_key): Use
675 * examples/nettle-openssl.c (nettle_openssl_gcm_aes128)
676 (nettle_openssl_gcm_aes192, nettle_openssl_gcm_aes256): New aead
677 algorithms, for benchmarking purposes, and supporting wrapper functions.
678 * nettle-internal.h: Corresponding declarations.
679 * examples/nettle-benchmark.c (main): Include openssl's gcm aes in
682 2018-02-16 Niels Möller <nisse@lysator.liu.se>
684 * nettle.texinfo: Improved index entries.
685 (Cipher functions): Update CAST128/CAST5 docs. Inconsistencies
686 spotted by Henrik Rindlöw.
688 2018-02-10 Niels Möller <nisse@lysator.liu.se>
690 * configure.ac: New configure option --enable-x86-sha-ni.
692 2018-02-07 Niels Möller <nisse@lysator.liu.se>
694 * x86_64/fat/sha1-compress.asm: New file.
695 * x86_64/fat/sha1-compress-2.asm: New file.
696 * fat-x86_64.c (fat_init): Select plain x86_64 assembly version or
697 sha_ni version for sha1_compress.
699 2018-02-05 Niels Möller <nisse@lysator.liu.se>
701 * x86_64/sha_ni/sha1-compress.asm: New implementation using sha_ni
704 * fat-x86_64.c (get_x86_features): Check for sha_ni extension.
706 * x86_64/fat/cpuid.asm: Clear %ecx input to cpuid instruction.
708 2018-02-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
710 * gcm.c (gcm_fill): New function, for use with _ctr_crypt16.
711 (gcm_encrypt, gcm_decrypt): Use _ctr_crypt16. 50% speedup of
712 gcm_aes128, benchmarked on x86_64 with aesni instructions.
714 2018-02-01 Niels Möller <nisse@lysator.liu.se>
716 Based on a patch contributed by Nikos Mavrogiannopoulos.
717 * ctr16.c (_ctr_crypt16): New file, renamed and generalized
718 function. New function pointer argument, used to fill a block with
719 counter values. Use nettle_block16 * as the type for the buffer to
720 be filled. Always process any final and partial block, and return
722 * ctr.c (ctr_crypt): ... previous, replaced, function.
723 (ctr_fill16): Updated to new argument type.
724 (ctr_crypt): Return immediately after using _ctr_crypt16.
726 * ctr-internal.h: New file, declaring _ctr_crypt16.
727 (nettle_fill16_func): New function typedef.
729 * Makefile.in (nettle_SOURCES): Added ctr16.c.
730 (DISTFILES): Added ctr-internal.h.
732 2018-01-30 Niels Möller <nisse@lysator.liu.se>
734 * Makefile.in (clean-here): Don't delete desdata.stamp.
736 2018-01-24 Jay Foad <jay.foad@gmail.com>
738 * Makefile.in (TARGETS): Delete dependencies on aesdata, desdata,
739 twofishdata, shadata and gcmdata. They are not needed for a normal
741 (clean-here): Explicitly delete of above files.
742 (desdata.stamp): New stamp target, to avoid building desdata twice
743 in a parallell build.
745 2018-01-23 Niels Möller <nisse@lysator.liu.se>
747 * configure.ac (asm_path): Recognize "x86", in addition to "i?86",
748 for 32-bit x86 processors. Reportedly needed for x86 android builds.
750 2018-01-20 Niels Möller <nisse@lysator.liu.se>
752 CFB8 support, contributed by Dmitry Eremin-Solenikov.
753 * cfb.c (cfb8_encrypt, cfb8_decrypt): New functions.
754 * cfb.h: Declare them.
755 (CFB8_ENCRYPT, CFB8_DECRYPT): New macros.
756 * testsuite/cfb-test.c: New tests for CFB8.
757 * nettle.texinfo (CFB and CFB8): Documentation.
759 2018-01-16 Niels Möller <nisse@lysator.liu.se>
761 * tools/pkcs1-conv.c (convert_file): Add missing break statements.
763 2018-01-09 Niels Möller <nisse@lysator.liu.se>
765 * testsuite/testutils.c (test_cipher_ctr): Test operations with
768 * testsuite/ctr-test.c: Additional unofficial test vectors, to
769 exercise carry propagation in the counter, and block size
772 2018-01-08 Niels Möller <nisse@lysator.liu.se>
774 * ctr.c (ctr_crypt16): New function, with optimizations specific
775 to 16-byte block size.
776 (ctr_fill16): New helper function, definition depending on
777 WORDS_BIGENDIAN, and little endian version requiring
778 HAVE_BUILTIN_BSWAP64.
779 (ctr_crypt): Use ctr_crypt16, when appropriate.
781 * nettle-types.h (union nettle_block16): Add uint64_t field.
783 * configure.ac: Check for __builtin_bswap64, define
784 HAVE_BUILTIN_BSWAP64 if available.
786 * ctr.c (ctr_fill): New function. Use in ctr_crypt.
788 * ctr.c (ctr_crypt): For in-place operation, increase max buffer
789 size from 4 blocks to 512 bytes, similarly to CBC and CFB.
790 Improves in-place aes128 CTR performance by 25% on x86_64.
792 * examples/nettle-benchmark.c (time_cipher): Benchmark in-place
793 operation separately, for cbc_decrypt and ctr_crypt.
795 * cbc.c (cbc_decrypt): For in-place operation (src == dst case),
796 eliminate use of src variable.
797 * cfb.c (cfb_decrypt): Likewise.
798 * gcm.c (gcm_crypt): Likewise, and replace one memxor3 by memxor.
800 2018-01-03 Niels Möller <nisse@lysator.liu.se>
802 * x86_64/aesni/aes-encrypt-internal.asm: Read subkeys into xmm
803 registers before the block loop, and completely unroll the round
805 * x86_64/aesni/aes-decrypt-internal.asm: Likewise.
807 2017-11-19 Niels Möller <nisse@lysator.liu.se>
809 * Released nettle-3.4.
811 2017-11-12 Niels Möller <nisse@lysator.liu.se>
813 * configure.ac: Update check of GMP_NUMB_BITS declaration in
814 assembly files. Was broken by rename of configure variable
815 GMP_NUMB_BITS --> NUMB_BITS.
817 2017-11-11 Niels Möller <nisse@lysator.liu.se>
819 * nettle.texinfo: Document nettle_get_hashes, nettle_get_ciphers
820 and nettle_get_aeads, and replace nettle_secp_256r1 by
821 nettle_get_secp_256r1. Update version numbers. Delete ancient
822 setting of ispell-skip-region-alist as an emacs file-local
825 2017-11-08 Niels Möller <nisse@lysator.liu.se>
827 * ecc-curve.h (nettle_secp_192r1, nettle_secp_224r1)
828 (nettle_secp_256r1, nettle_secp_384r1, nettle_secp_521r1): Delete
829 macro wrappers, partially reverting below 2017-04-09 change. They
830 didn't work at all for applications that only see a forward
831 declaration of struct ecc_curve. Instead, we will have to make an
832 ABI and API break and delete these symbols, when the size of
833 struct ecc_curve is increased.
835 2017-11-05 Niels Möller <nisse@lysator.liu.se>
837 * configure.ac Bump package version to 3.4.
838 (LIBNETTLE_MINOR): Bump library version to 6.4.
839 (LIBHOGWEED_MINOR): Bump library version to 4.4.
841 2017-10-23 Niels Möller <nisse@lysator.liu.se>
843 * examples/Makefile.in (check): Also set DYLD_LIBRARY_PATH in the
844 environment, to support Mac OSX shared libraries.
845 * testsuite/Makefile.in (LD_LIBRARY_PATH): Likewise.
847 2017-10-23 Niels Möller <nisse@lysator.liu.se>
849 Merge API fixes, starting at 2017-01-12.
851 2017-04-09 Niels Möller <nisse@lysator.liu.se>
853 * ecc-curve.h (nettle_get_secp_192r1, nettle_get_secp_224r1)
854 (nettle_get_secp_256r1, nettle_get_secp_384r1)
855 (nettle_get_secp_521r1): New functions, returning a pointer to
856 corresponding structure.
857 (nettle_secp_192r1, nettle_secp_224r1, nettle_secp_256r1)
858 (nettle_secp_384r1, nettle_secp_521r1): Redefined as macros,
859 calling the corresponding function.
861 * nettle-meta.h (nettle_ciphers, nettle_aeads, nettle_armors): New
862 macros, analogous to below change to nettle_hashes.
864 * nettle-meta-ciphers.c (nettle_get_ciphers): New function.
866 * nettle-meta-aeads.c (nettle_get_aeads): New function.
868 * nettle-meta-armors.c (nettle_get_armors): New function.
870 2017-01-12 Niels Möller <nisse@lysator.liu.se>
872 * tools/nettle-hash.c (find_algorithm): Deleted function.
873 (main): Replaced by call to nettle_lookup_hash.
875 * testsuite/meta-hash-test.c (test_main): Use nettle_lookup_hash.
877 * nettle-meta.h (nettle_hashes): New macro, expanding to a call to
878 nettle_get_hashes. Direct access to the array causes the array
879 size to leak into the ABI, since a plain un-relocatable executable
880 linking with libnettle.so gets copy relocations for any referenced
881 data items in the shared library.
883 * nettle-meta-hashes.c (nettle_get_hashes): New function.
885 2017-10-16 Niels Möller <nisse@lysator.liu.se>
887 CFB support, contributed by Dmitry Eremin-Solenikov.
888 * cfb.c (cfb_encrypt, cfb_decrypt): New file, new functions.
889 * cfb.h: New header file.
890 (CFB_CTX, CFB_SET_IV, CFB_ENCRYPT, CFB_DECRYPT): New macros.
891 * Makefile.in (nettle_SOURCES): Add cfb.c.
892 (HEADERS): Add cfb.h.
893 * testsuite/cfb-test.c: New test case.
894 * testsuite/testutils.c (test_cipher_cfb): New function.
895 * nettle.texinfo (CFB): Documentation.
897 2017-10-16 Niels Möller <nisse@lysator.liu.se>
899 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD): Add -g when compiling with
902 2017-09-27 Niels Möller <nisse@lysator.liu.se>
904 Merged armor-signedness branch, starting 2017-08-27.
906 2017-09-24 Niels Möller <nisse@lysator.liu.se>
908 * tools/pkcs1-conv.c (base64_decode_in_place): New helper
910 (decode_base64): Use it.
912 * sexp-transport-format.c (base64_encode_in_place): New helper
914 (sexp_transport_vformat): Use it.
916 * testsuite/base64-test.c (test_fuzz_once): Update to use char
917 type where appropriate.
918 (test_main): Use helper functions base64_encode_in_place and
919 base64_decode_in_place (copied to this file).
921 * testsuite/testutils.c (tstring_data): Use uint8_t for data
923 * testsuite/testutils.h (SDATA): Use US macro to cast data
926 2017-08-27 Niels Möller <nisse@lysator.liu.se>
928 * base64-encode.c (base64_encode_raw, base64_encode_group)
929 (base64_encode_single, base64_encode_update)
930 (base64_encode_final): Change type of destination to char *.
931 * base16-encode.c (base16_encode_single, base16_encode_update):
933 * base64-decode.c (base64_decode_single, base64_decode_update):
934 Change type of source argument to const char *. Update (almost)
936 * base16-decode.c (base16_decode_single, base16_decode_update):
938 * nettle-types.h (nettle_armor_encode_update_func)
939 (nettle_armor_encode_final_func, nettle_armor_decode_update_func):
940 Corresponding updates to typedefs.
942 2017-09-14 Niels Möller <nisse@lysator.liu.se>
944 * hkdf.c: Delete unneeded includes. Use Nettle licensing notice.
945 * hkdf.h: Include only nettle-types.h, not nettle-meta.h.
947 * ecc-mod.c (ecc_mod): Workaround to silence a false positive from
948 the clang static analyzer.
950 2017-09-12 Niels Möller <nisse@lysator.liu.se>
952 * testsuite/testutils.h (mpn_zero_p): Avoid redefining mpn_zero_p
953 when building with mini-gmp. Since the mini-gmp update, this
954 function is defined by mini-gmp, causing link errors if nettle is
955 configured with --enable-mini-gmp --disable-shared. Reported by
958 2017-09-09 Daiki Ueno <dueno@redhat.com>
960 * testsuite/ecc-mul-g-test.c (test_main): Fixed mpn_cmp call.
961 * testsuite/ecc-mul-a-test.c (test_main): Likewise.
962 * eccdata.c (ecc_point_out): Write to given stream, instead of
964 * eccdata.c (output_curve): In curve448, the bit size of the order
965 is slightly smaller than the one of p's. Adjust ecc_Bmodq_shifted
968 2017-09-09 Niels Möller <nisse@lysator.liu.se>
970 * mini-gmp.c: Updated mini-gmp from the gmp repository, latest
971 change from 2017-07-23.
972 * mini-gmp.h: Likewise.
974 2017-09-06 Niels Möller <nisse@lysator.liu.se>
976 * hkdf.c (hkdf_expand): Eliminate a (signed) ssize_t variable, use
977 break rather than return at loop termination.
979 2017-09-06 Niels Möller <nisse@lysator.liu.se>
981 HKDF implementation, contributed by Nikos Mavrogiannopoulos.
982 * hkdf.c (hkdf_extract, hkdf_expand): New file, new functions.
984 * Makefile.in (nettle_SOURCES): Add hkdf.c.
985 (HEADERS): Add hkdf.h.
986 * testsuite/hkdf-test.c: Tests for hkdf-sha256 and hkdf-sha1.
987 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added hkdf-test.c.
988 * nettle.texinfo (Key derivation functions): Document HKDF.
990 2017-09-04 Andreas Schneider <asn@samba.org>
992 * fat-arm.c: Add missing define for _GNU_SOURCE.
994 2017-08-27 Niels Möller <nisse@lysator.liu.se>
996 * configure.ac (GMP_NUMB_BITS): Set to dummy value "n/a" in
998 (NUMB_BITS): New substituted variable which always holds the
1000 * Makefile.in (GMP_NUMB_BITS): Renamed variable...
1001 (NUMB_BITS): ...new name
1002 * config.make.in: Update corresponding substitution.
1004 2017-08-26 Niels Möller <nisse@lysator.liu.se>
1006 * ecc-mod-inv.c (ecc_mod_inv): Add missing assert. Fixes a
1007 "dead increment" warning from the clang static analyzer.
1009 2017-08-26 Niels Möller <nisse@lysator.liu.se>
1011 * examples/nettle-openssl.c (struct openssl_cipher_ctx): New
1012 struct. Use everywhere, instead of typing EVP_CIPHER_CTX pointers
1015 * configure.ac: Update openssl-related tests. Checks for
1016 cipher-specific headers are replaced by a check for openssl/evp.h,
1017 and the check for the BF_ecb_encrypt function is replaced by a
1018 check for EVP_CIPHER_CTX_new.
1020 2017-08-03 Daniel P. Berrange <berrange@redhat.com>
1022 * examples/nettle-openssl.c: Rewritten to use openssl's EVP APIs.
1023 The older cipher-specific functions always use openssl's generic
1024 software implementation, while the EVP functions enables
1025 platform-specific code, e.g., using the x86 AES-NI instructions.
1026 (nettle_openssl_init): New function.
1028 2017-07-18 Niels Möller <nisse@lysator.liu.se>
1030 * ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
1031 two multiplies. Previously, in-place operation resulted in an
1032 invalid call to mpn_mul with overlapping operands. Reported by
1035 2017-06-09 Niels Möller <nisse@lysator.liu.se>
1037 * pss.c (pss_verify_mgf1): Check for m being too large, fixing an
1038 assertion failure for certain invalid signatures. Based on a patch
1039 contributed by Daiki Ueno.
1041 * testsuite/rsa-pss-sign-tr-test.c (test_main): Add test case
1042 contributed by Daiki Ueno. Problem originally found by oss-fuzz,
1043 see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132.
1044 That problem report is currently embargoed, but will hopefully be
1045 public in a month or two.
1047 2017-05-23 Niels Möller <nisse@lysator.liu.se>
1049 Rework the previous change, which had the unintended effect of
1050 always regenerating .test-rules.make after ./configure is run.
1051 * testsuite/Makefile.in (test-rules.stamp): New stamp file target,
1052 depend on Makefile.in, and run $(MAKE) test-rules.
1053 (.test-rules.make): Add a level of indirection, by depending on
1056 2017-05-20 Niels Möller <nisse@lysator.liu.se>
1058 * testsuite/Makefile.in (test-rules): Use $(srddir)/-prefix for
1059 .test-rules.make target, and change dependency from Makefile.in to
1062 2017-05-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1064 * testsuite/Makefile.in: Ensure .test-rules.make is regenerated
1065 when Makefile.in is modified.
1067 2017-04-09 Niels Möller <nisse@lysator.liu.se>
1069 * testsuite/dlopen-test.c (main): Call dlclose, to fix memory leak
1072 * testsuite/pss-test.c: Delete magic to let valgrind to check if
1073 pss_encode_mgf1 is side-channel silent with respect to the salt
1074 and digest inputs. It turns out that the most significant bits of
1075 the padded bignum, and hence its size, depends on these inputs.
1076 Which results in a data-dependent branch in the normalization code
1077 of at the end of gmp's mpz_import.
1079 2017-04-04 Niels Möller <nisse@lysator.liu.se>
1081 * pss.c (pss_verify_mgf1): Use const for input mpz_t argument.
1082 (pss_encode_mgf1): Avoid unnecessary memset and xor operations.
1084 Merged RSA-PSS support, contributed by Daiki Ueno.
1085 * pss-mgf1.h, pss.h: New header files.
1086 * pss-mgf1.c (pss_mgf1): New file and function.
1087 * pss.c (pss_encode_mgf1, pss_verify_mgf1): New file and
1089 * rsa-verify.c (_rsa_verify_recover): New function.
1090 * rsa-pss-sha256-sign-tr.c: (rsa_pss_sha256_sign_digest_tr): New
1092 * rsa-pss-sha256-verify.c (rsa_pss_sha256_verify_digest): New
1094 * rsa-pss-sha512-sign-tr.c (rsa_pss_sha384_sign_digest_tr)
1095 (rsa_pss_sha512_sign_digest_tr): New file and functions.
1096 * rsa-pss-sha512-verify.c (rsa_pss_sha384_verify_digest)
1097 (rsa_pss_sha512_verify_digest): New file and functions.
1098 * rsa.h: Prototypes for new functions.
1099 * testsuite/rsa-pss-sign-tr-test.c: New test case.
1100 * testsuite/pss-test.c: New test case.
1101 * testsuite/pss-mgf1-test.c: New test case.
1102 * Makefile.in, testsuite/Makefile.in: Added new files.
1103 * nettle.texinfo: Documentation of rsa-pss functions.
1105 2017-03-20 Niels Möller <nisse@lysator.liu.se>
1107 * nettle-internal.h (NETTLE_MAX_HASH_CONTEXT_SIZE): New constant.
1108 * testsuite/meta-hash-test.c (test_main): Add sanity check for
1109 NETTLE_MAX_HASH_CONTEXT_SIZE.
1111 * tools/nettle-hash.c (list_algorithms): Also display the internal
1114 2017-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1116 * ecdsa-verify.c (ecdsa_verify): Eliminated memory leak on error
1119 2016-10-10 Niels Möller <nisse@lysator.liu.se>
1121 * write-be32.c (_nettle_write_be32): Use const for source argument.
1122 * write-le32.c (_nettle_write_le32): Likewise.
1123 * write-le64.c (_nettle_write_le64): Likewise.
1124 * nettle-write.h: Update prototypes.
1126 2016-10-01 Niels Möller <nisse@lysator.liu.se>
1128 * Released nettle-3.3.
1130 2016-09-13 Niels Möller <nisse@lysator.liu.se>
1132 * nettle-meta-hashes.c (nettle_hashes): Added SHA3 hashes.
1133 Reported missing by Thomas Walter.
1134 * testsuite/meta-hash-test.c: Update test accordingly.
1136 2016-09-07 Niels Möller <nisse@lysator.liu.se>
1138 * nettle.texinfo (Elliptic curves): Split into sub-nodes.
1139 (Miscellaneous functions): Document memeql_sec.
1140 * NEWS: Mention memeql_sec.
1142 2016-09-06 Niels Möller <nisse@lysator.liu.se>
1144 * NEWS: Update for 3.3.
1146 * configure.ac: Bump package version to 3.3.
1147 (LIBNETTLE_MINOR): Bump library version to 6.3.
1148 (LIBHOGWEED_MINOR): Bump library version to 4.3.
1150 2016-09-05 Niels Möller <nisse@lysator.liu.se>
1152 * curve25519.h (NETTLE_CURVE25519_RFC7748): New preprocessor
1154 * nettle.texinfo: Document it.
1156 2016-09-03 Niels Möller <nisse@lysator.liu.se>
1158 * config.make.in (.SUFFIXES): Delete no longer used .p$(OBJEXT).
1160 * sexp.h (TOKEN_CHAR): Delete macro and declaration of
1161 sexp_token_chars. They belong in tools/misc.h, not here.
1163 * examples/ecc-benchmark.c (die): Deleted unused function.
1165 * testsuite/testutils.h (US): New macro, for unsigned string
1167 (LDATA): Use the US macro, to eliminate pointer signedness
1170 * testsuite/eddsa-verify-test.c (test_eddsa): Use LDATA.
1171 * testsuite/pbkdf2-test.c (test_main): Likewise.
1172 * testsuite/pkcs1-test.c (test_main): Likewise.
1174 * testsuite/md5-compat-test.c (test_main): Use US macro.
1176 * testsuite/sexp-test.c (test_main): Use const char * for assoc
1177 keys. Overlooked in 2016-08-16 change.
1179 * testsuite/yarrow-test.c (test_main): Fix pointer
1180 signednesss warnings.
1181 * testsuite/sexp-format-test.c (test_main): Likewise.
1182 * testsuite/rsa-encrypt-test.c (test_main): Likewise.
1183 * tools/nettle-lfib-stream.c (main): Likewise.
1184 * tools/output.c (sexp_put_string): Likewise.
1186 * testsuite/testutils.c (test_armor): Change ascii argument to
1188 * testsuite/base16-test.c (test_main): Use LDATA for the non-ascii
1189 argument to test_armor.
1190 * testsuite/base64-test.c (test_main): Likewise.
1192 * tools/nettle-pbkdf2.c (main): Fix some pointer signedness warning.
1193 * tools/nettle-hash.c (hash_file): Likewise.
1195 * examples/rsa-decrypt.c (process_file): Use memeql_sec to check
1198 * memeql-sec.c (memeql_sec): New public function, moved from...
1199 * ccm.c (memeql_sec): ... previous location.
1201 * memops.h: New header file, generalizing memxor.h.
1203 * testsuite/memeql-test.c (test_main): New test case.
1204 (memeql_sec_for_test): Wrapper to get valgrind to check for
1205 side-channel silence.
1207 2016-08-29 Niels Möller <nisse@lysator.liu.se>
1209 * sexp-format.c (strlen_u8): New helper function.
1210 (sexp_vformat): Use uint8_t * for strings instead of char *.
1212 2016-08-16 Niels Möller <nisse@lysator.liu.se>
1214 * examples/io.c (hash_file): Use uint8_t for buffer.
1216 * sexp.c (sexp_iterator_check_type, sexp_iterator_check_types)
1217 (sexp_iterator_assoc): Use const char * for caller's expression
1218 types. Updated all callers.
1220 * rsa2openpgp.c (rsa_keypair_to_openpgp): Added cast to const
1223 * pgp-encode.c (write_string): New helper function, replacing...
1224 (WRITE): ... deleted macro.
1226 * examples/io.c (write_data): Renamed, and use const void * for
1227 the input data. Updated all callers.
1228 (write_string): ... old name.
1229 (write_file): Use const void * for the input data.
1231 2016-08-05 Niels Möller <nisse@lysator.liu.se>
1233 * examples/hogweed-benchmark.c: Use uint8_t for curve25519 values.
1234 (bench_rsa_init): Use unsigned char for sexp strings.
1235 (bench_dsa_init): Likewise.
1236 (hash_string): Delete length argument, calling strlen instead.
1237 Cast string to const uint8_t *. Updated callers.
1239 * examples/io.c (read_file): Use size_t for sizes, and uint8_t for
1242 2016-08-04 Niels Möller <nisse@lysator.liu.se>
1244 * dsa-sign.c (dsa_sign): Return failure if p is even, so that an
1245 invalid key doesn't result in a crash inside mpz_powm_sec.
1247 * rsa-sign-tr.c (rsa_compute_root_tr): Return failure if any of p,
1248 q or n is even, to avoid crashing inside mpz_powm_sec. Invalid
1249 keys with even modulo are rejected by rsa_public_key_prepare and
1250 rsa_private_key_prepare, but some applications, notably gnutls,
1253 2016-07-31 Niels Möller <nisse@lysator.liu.se>
1255 * rsa.c (_rsa_check_size): Check that n is odd. Otherwise, using
1256 an invalid key may crash in mpz_powm_sec. Problem reported by
1259 2016-07-13 Niels Möller <nisse@lysator.liu.se>
1261 * bignum.c (nettle_mpz_from_octets): Unconditionally use
1263 * gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): Deleted
1264 compatibility definitions for older versions of GMP.
1265 * gmp-glue.h (mpn_sqr): Deleted compatibility definition.
1266 * testsuite/testutils.c (mpz_combit): Deleted compatibility
1269 2016-07-12 Niels Möller <nisse@lysator.liu.se>
1271 * configure.ac: Check for mpz_powm_sec, and require GMP-5.0 or
1273 * bignum.h (mpz_powm_sec): Fall back to plain mpz_powm for
1275 * dsa-sign.c (dsa_sign): Use mpz_powm_sec.
1276 * rsa-sign.c (rsa_compute_root): Likewise.
1277 * rsa-sign-tr.c (rsa_blind, rsa_compute_root_tr): Likewise.
1278 * rsa-blind.c (_rsa_blind): Likewise.
1280 2016-05-02 Niels Möller <nisse@lysator.liu.se>
1282 * nettle.texinfo: Update Curve25519 documentation.
1284 * testsuite/curve25519-dh-test.c: Test that inputs bits which must
1285 be ignored really are ignored.
1287 2016-04-25 Niels Möller <nisse@lysator.liu.se>
1289 * curve25519-mul.c (curve25519_mul): Ignore top bit of the input x
1290 coordinate, as required by RFC 7748.
1292 2016-03-30 Niels Möller <nisse@lysator.liu.se>
1294 From Nikos Mavrogiannopoulos.
1295 * configure.ac: Change dll names to follow the libtool convention
1296 with only major version number in the name.
1298 2016-03-15 Niels Möller <nisse@lysator.liu.se>
1300 * twofish.c (gf_multiply): Change return value to uint32_t, to
1301 make shifting of the return value well defined, without any type
1302 casts. Fixes an undefined shift in compute_s, reported by Nikos
1304 (h_byte): Deleted type casts.
1306 * blowfish.c (blowfish_encrypt, blowfish_decrypt): Use READ_UINT32
1307 macro. Fixes an undefined shift, reported by Nikos
1310 From Nikos Mavrogiannopoulos.
1311 * configure.ac (HOGWEED_EXTRA_SYMBOLS): Add "mp_*", when building
1313 * des.c (des_weak_p): Check that the hash value is in the proper
1314 range before using it. Fixes an out-of-bounds read.
1316 2016-03-14 Niels Möller <nisse@lysator.liu.se>
1318 * getopt.c (_getopt_internal_r): Fix c99-ism, move declarations to
1319 top of block. Reported by Henrik Grubbström.
1321 2016-02-16 Niels Möller <nisse@lysator.liu.se>
1323 * tools/input.c (sexp_get_string_length): Process advanced string
1324 syntax only when in advanced mode. Fixes an assertion failure
1325 reported by Hanno Böck, for input where advanced syntax is
1326 improperly wrapped inside transport syntax.
1328 * tools/parse.c (sexp_parse): Fail with an error message for
1329 unexpected ']' characters. Fixes crash reported by Hanno Böck.
1330 Also handle SEXP_DISPLAY (internal error) explicitly, without a
1333 2016-01-28 Niels Möller <nisse@lysator.liu.se>
1335 * Released nettle-3.2.
1337 2016-01-26 Niels Möller <nisse@lysator.liu.se>
1339 * tools/nettle-pbkdf2.c (main): Fix handling of unrecognized
1340 options. Bug reported by Dongsheng Zhang. Display usage message
1341 and exit non-zero. Also added "Usage: "-prefix to the message.
1342 * tools/nettle-hash.c (usage): New function, extracted from main.
1343 (main): Analogous fix for unrecognized options.
1345 2016-01-23 Niels Möller <nisse@lysator.liu.se>
1347 * nettle.texinfo: Set UPDATED-FOR to 3.2.
1349 2016-01-21 Niels Möller <nisse@lysator.liu.se>
1351 * .gitlab-ci.yml: New file. Configuration for gitlab's continuous
1354 2016-01-20 Niels Möller <nisse@lysator.liu.se>
1356 * testsuite/dlopen-test.c (main): Mark arguments as UNUSED.
1358 * testsuite/Makefile.in (clean): Delete dlopen-test.
1360 * configure.ac: Bump package version, to nettle-3.2.
1361 (LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
1362 libnettle.so.6.2 and and libhogweed.so.4.2.
1364 2016-01-10 Niels Möller <nisse@lysator.liu.se>
1366 * base64-encode.c (encode_raw): Use const uint8_t * for the
1369 * nettle.texinfo (RSA): Document the rsa_pkcs1_verify and
1370 rsa_pkcs1_sign functions, and the new rsa_*_tr functions.
1372 2015-12-18 Niels Möller <nisse@lysator.liu.se>
1374 * testsuite/testutils.h: Fix include order, system headers before
1375 nettle headers. Always include version.h, needed by
1376 version-test.c. It was included indirectly via bignum.h, but only
1377 if configured with publickey support.
1379 * configure.ac (IF_DLOPEN_TEST): Fixed shell conditional.
1381 * testsuite/ecc-mod-test.c (test_main): Handle random seeding if
1382 NETTLE_TEST_SEED is set in the environment.
1384 2015-12-15 Niels Möller <nisse@lysator.liu.se>
1386 * x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
1387 reported by Hanno Böck. Simplified the folding to always use
1388 non-negative carry, the old code attempted to add in a carry which
1389 could be either positive or negative, but didn't get that case
1392 2015-12-10 Niels Möller <nisse@lysator.liu.se>
1394 * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
1395 reported by Hanno Böck.
1396 (ecc_256_modq): Fixed another carry propagation bug.
1398 2015-11-23 Niels Möller <nisse@lysator.liu.se>
1400 * nettle.texinfo: Document rsa_encrypt, rsa_decrypt and
1401 rsa_decrypt_tr. Text contributed by Andy Lawrence.
1403 2015-11-15 Niels Möller <nisse@lysator.liu.se>
1405 * rsa.h (_rsa_blind, _rsa_unblind): Mark as deprecated.
1407 2015-09-17 Niels Möller <nisse@lysator.liu.se>
1409 * rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
1410 file, new functions.
1411 * rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
1413 * rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
1414 (rsa_sha256_sign_digest_tr): Likewise.
1415 * rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
1416 (rsa_sha512_sign_digest_tr): Likewise.
1417 * rsa.h: Added corresponding prototypes.
1418 * Makefile.in (hogweed_SOURCES): Added new files.
1420 * testsuite/testutils.c (SIGN): Extend macro to test new
1421 functions, and the rsa_*_sign_digest functions. Updated callers.
1423 2015-09-14 Niels Möller <nisse@lysator.liu.se>
1425 * rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
1426 Mainly for simplicity and consistency, I'm not aware of any CRT
1427 fault attacks on RSA decryption.
1429 * testsuite/rsa-encrypt-test.c (test_main): Added test with
1430 invalid private key.
1432 * rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
1433 * rsa.h: Declare it.
1434 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
1435 (rsa_verify_res): Deleted, replaced by rsa_compute_root_tr.
1436 * testsuite/rsa-sign-tr-test.c (test_rsa_sign_tr): Check that
1437 signature argument is unchanged on failure.
1438 * Makefile.in (hogweed_SOURCES): Added rsa-sign-tr.c.
1440 2015-09-07 Niels Möller <nisse@lysator.liu.se>
1442 * testsuite/rsa-sign-tr-test.c: Drop include of nettle-internal.h.
1443 (test_main): Fix incorrect use of sizeof, and use LDATA macro.
1445 From Nikos Mavrogiannopoulos.
1446 * rsa-pkcs1-sign-tr.c (rsa_verify_res): New function.
1447 (rsa_pkcs1_sign_tr): Check result of private key operation, to
1448 protect against hardware or software errors leaking the private
1450 * testsuite/rsa-sign-tr-test.c: New testcase.
1452 2015-09-06 Niels Möller <nisse@lysator.liu.se>
1454 * nettle.texinfo: Updated SHA3 documentation.
1456 2015-09-02 Niels Möller <nisse@lysator.liu.se>
1458 * testsuite/dlopen-test.c: New test program, exposing the problem
1459 with ifunc and RTLD_NOW.
1461 * testsuite/Makefile.in (TS_ALL): Conditionally add dlopen-test.
1462 (SOURCES): Added dlopen-test.c.
1463 (dlopen-test): New target, unlike other test programs, *not*
1464 linked with -lnettle.
1466 * configure.ac: Check for dlfcn.h and the dlopen function.
1467 (IF_DLOPEN_TEST): New substituted variable, true if dlopen is
1468 available and we are building a shared library.
1470 * fat-setup.h: Disable use of ifunc, since it breaks dlopen with
1473 2015-08-25 Niels Möller <nisse@lysator.liu.se>
1475 * NEWS: Started on entries for Nettle-3.2.
1477 * sha3.h (NETTLE_SHA3_FIPS202): New preprocessor constant.
1479 2015-08-24 Niels Möller <nisse@lysator.liu.se>
1481 * testsuite/sha3.awk: Document origin of test vectors.
1483 From Nikos Mavrogiannopoulos.
1484 * sha3.c (_sha3_pad): Update for NIST version.
1485 * testsuite/sha3-224-test.c: Updated test vectors.
1486 * testsuite/sha3-256-test.c: Likewise.
1487 * testsuite/sha3-384-test.c: Likewise.
1488 * testsuite/sha3-512-test.c: Likewise.
1490 2015-06-03 Niels Möller <nisse@lysator.liu.se>
1492 * arm/neon/chacha-core-internal.asm: New file. 55% speedup over C
1493 version on Cortex-A9.
1495 2015-05-19 Niels Möller <nisse@lysator.liu.se>
1497 * configure.ac: ABI detection (n32 or n64) on Irix, and
1498 appropriate default for libdir. Patch from Klaus Ziegler.
1500 2015-05-12 Niels Möller <nisse@lysator.liu.se>
1502 * version.c (nettle_version_major, nettle_version_minor): New
1503 file. New functions, returning the value of the corresponding
1504 preprocessor constant.
1505 * Makefile.in (nettle_SOURCES): Added version.c.
1506 * testsuite/version-test.c: New testcase.
1507 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added version-test.c.
1509 2015-04-29 Niels Möller <nisse@lysator.liu.se>
1511 * arm/v6/sha256-compress.asm: Fix syntax error in offset
1512 addressing. Spotted by Jukka Ukkonen.
1513 * arm/v6/aes-decrypt-internal.asm: Drop %-prefix on r12 register.
1514 * arm/v6/aes-encrypt-internal.asm: Likewise.
1516 2015-04-24 Niels Möller <nisse@lysator.liu.se>
1518 * Released nettle-3.1.1.
1520 * configure.ac: Bump package version, to nettle-3.1.1.
1521 (LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
1522 libnettle.so.6.1 and and libhogweed.so.4.1.
1524 2015-04-22 Niels Möller <nisse@lysator.liu.se>
1526 * x86_64/gcm-hash8.asm: Use ".value" instead of ".short", since
1527 the latter is not supported by the Sun/Oracle assembler.
1529 2015-04-13 Niels Möller <nisse@lysator.liu.se>
1531 * configure.ac: Fix shell quoting in test of GMP_NUMB_BITS asm
1532 compatibility. Reported by Edward Sheldrake.
1534 2015-04-07 Niels Möller <nisse@lysator.liu.se>
1536 * Released nettle-3.1.
1538 2015-03-31 Niels Möller <nisse@lysator.liu.se>
1540 * x86_64/ecc-224-modp.asm: Require that GMP_NUMB_BITS == 64.
1541 * x86_64/ecc-521-modp.asm: Likewise. Note that the other
1542 ecc-*-modp.asm files happen to work fine on x86_64, with either 32
1545 * asm.m4 (GMP_NUMB_BITS): New macro, expanding to nothing.
1547 * configure.ac: Move tests for compiler characteristics,
1548 libraries, and GMP_NUMB_BITS, before assembler-related tests.
1549 For files in $asm_hogweed_optional_list, check if they declare
1550 a GMP_NUMB_BITS requirement, and skip files which are incompatible
1551 with the configuration. Needed for --enable-mini-gmp om w64.
1553 * Makefile.in (clean-here): Unconditionally delete *.a (including
1554 stub libraries like *.dll.a).
1556 2015-03-30 Niels Möller <nisse@lysator.liu.se>
1558 * version.h.in (GMP_NUMB_BITS) [NETTLE_USE_MINI_GMP]: Move
1559 definition here (uses configure substitution).
1560 * bignum.h (GMP_NUMB_BITS): ...old location.
1562 * nettle.texinfo: Updated version number.
1563 (Installation): Document some more configure options.
1565 * testsuite/symbols-test: Look for NETTLE_USE_MINI_GMP in
1566 version.h, not bignum.h. Allow leading underscore on mini-gmp
1569 2015-03-26 Niels Möller <nisse@lysator.liu.se>
1571 * Makefile.in (PRE_CPPFLAGS): Drop -I$(srcdir), no longer needed.
1572 (HEADERS): Added bignum.h. Removed version.h.
1573 (INSTALL_HEADERS): Added version.h.
1574 (DISTFILES): Removed bignum.h.in.
1575 (bignum.h): Deleted make target.
1576 (distclean-here): Don't delete bignum.h.
1578 * configure.ac: No longer generate bignum.h.
1580 * bignum.h: Renamed. Removed substitution of NETTLE_USE_MINI_GMP,
1581 and include version.h instead.
1582 * bignum.h.in: ... old name.
1584 * version.h.in (NETTLE_USE_MINI_GMP): Substitute here.
1586 2015-03-25 Niels Möller <nisse@lysator.liu.se>
1588 * configure.ac (MAJOR_VERSION, MINOR_VERSION): Tweak sed
1589 expressions, to tolerate version suffixes.
1591 * Makefile.in (distdir): Include assembly files from the new
1592 x86_64/aesni, x86_64/fat, and arm/fat directories.
1594 * ed25519-sha512-pubkey.c: Fix stack overwrite. The digest array
1595 must have room for a complete sha512 digest.
1597 2015-03-19 Niels Möller <nisse@lysator.liu.se>
1599 * Makefile.in (OPT_HOGWEED_SOURCES): Deleted make variable.
1600 (nettle_SOURCES, hogweed_SOURCES): Don't include optional sources
1602 (OPT_SOURCES): New variable.
1603 (SOURCES): Include OPT_SOURCES.
1604 (DISTFILES): Drop mini-gmp.c here, included via OPT_SOURCES.
1605 (nettle_OBJS, hogweed_OBJS): Add the object files corresponding to
1606 the optional source files included in the build.
1608 * ecc-curve.h (nettle_curve25519): Removed public declaration.
1609 * ecc-internal.h (_nettle_curve25519): New location, new name.
1612 * nettle.texinfo: Updated EdDSA documentation.
1614 * Makefile.in (DISTFILES): Added version.h.in, libnettle.map.in,
1615 and libhogweed.map.in (latter two patch by Nikos).
1616 (version.h): New make target.
1617 (distclean-here): Added version.h, libnettle.map, and
1620 From Nikos Mavrogiannopoulos.
1621 * configure.ac (MAJOR_VERSION, MINOR_VERSION): New substituted
1623 * version.h.in: New file, defining version numbers.
1625 2015-03-18 Niels Möller <nisse@lysator.liu.se>
1627 EdDSA interface change, use plain strings to represent keys.
1628 * eddsa.h (_ED25519_LIMB_SIZE): Deleted constant.
1629 (struct ed25519_private_key, ed25519_public_key): Deleted.
1630 * eddsa-expand.c (_eddsa_expand_key): Don't compute the public
1632 (_eddsa_expand_key_itch): Deleted function.
1633 * eddsa-pubkey.c (_eddsa_public_key, _eddsa_public_key_itch): New
1634 file, new functions.
1635 * ed25519-sha512-pubkey.c (ed25519_sha512_public_key): New file
1637 * ed25519-sha512-verify.c (ed25519_sha512_set_public_key): Deleted
1639 (ed25519_sha512_verify): Use a string to represent the public key.
1640 * ed25519-sha512-sign.c (ed25519_sha512_set_private_key): Deleted
1642 (ed25519_sha512_sign): Use strings for the input key pair.
1643 * Makefile.in (hogweed_SOURCES): Added eddsa-pubkey.c and
1644 ed25519-sha512-pubkey.c.
1645 * testsuite/eddsa-sign-test.c (test_eddsa_sign): Adapt to
1646 _eddsa_expand_key changes, and use _eddsa_public_key.
1647 * testsuite/ed25519-test.c (test_one): Test
1648 ed25519_sha512_public_key, and adapt to new ed25519 interface.
1650 2015-03-14 Niels Möller <nisse@lysator.liu.se>
1652 * ccm.c (memeql_sec): New function, more side-channel silent than
1654 (ccm_decrypt_message): Use it.
1656 2015-03-12 Niels Möller <nisse@lysator.liu.se>
1658 * base64.h (struct base64_encode_ctx): Micro optimization of
1659 struct layout, saving a few bytes.
1660 (struct base64_decode_ctx): Likewise.
1661 * base16.h (struct base16_decode_ctx): Likewise.
1663 * nettle.texinfo (ASCII encoding): Document base64url functions.
1665 2015-03-10 Niels Möller <nisse@lysator.liu.se>
1667 * nettle.texinfo: Update documentation of curve25519_mul. Say that
1668 the output is undefined for points belonging to the twist rather
1669 than the proper curve.
1671 * curve25519-mul.c (curve25519_mul): Changed return type to void.
1672 * curve25519.h (curve25519_mul): Updated prototype.
1673 * examples/hogweed-benchmark.c (bench_curve25519_mul): Drop check
1674 of curve25519_mul return value.
1675 * testsuite/curve25519-dh-test.c (test_a): Likewise.
1677 2015-02-26 Niels Möller <nisse@lysator.liu.se>
1679 * nettle.texinfo: Document curve25519 and eddsa.
1681 2015-02-10 Niels Möller <nisse@lysator.liu.se>
1683 * base64url-meta.c (nettle_base64url): New file.
1684 * nettle-meta.h (nettle_base64url): Declare it.
1685 * nettle-meta-armors.c (nettle_armors): Added nettle_base64url.
1686 * testsuite/meta-armor-test.c: Updated testcase.
1687 * testsuite/base64-test.c (test_main): Additional tests, using
1689 * Makefile.in (nettle_SOURCES): Added base64url-meta.c.
1691 Base-64 generalization to support RFC4648 URL safe alphabet,
1692 contributed by Amos Jeffries.
1693 * base64url-decode.c (base64url_decode_init): New file and
1695 * base64url-encode.c (base64url_encode_init): New file and
1697 * Makefile.in (nettle_SOURCES): Added base64url-encode.c and
1699 * base64.h: Declare new functions.
1700 * testsuite/base64-test.c (test_fuzz): Test base64url encoding and
1703 * base64.h (struct base64_encode_ctx): Added pointer to alphabet.
1704 (struct base64_decode_ctx): Added pointer to decoding table.
1705 * base64-decode.c (base64_decode_init): Initialize table pointer.
1706 Moved definition of table to local scope.
1707 (base64_decode_single): Use the context's decoding table.
1708 * base64-encode.c (ENCODE): Added alphabet argument. Updated all
1710 (encode_raw): New static function, like base64_encode_raw
1711 but with an alphabet argument.
1712 (base64_encode_raw): Call encode_raw.
1713 (base64_encode_init): Initialize alphabet pointer.
1714 (base64_encode_single, base64_encode_update, base64_encode_final):
1715 Use the context's alphabet.
1717 2015-02-09 Niels Möller <nisse@lysator.liu.se>
1719 * base64-encode.c (base64_encode): Deleted old #if:ed out
1722 * testsuite/base64-test.c (test_fuzz_once, test_fuzz): Additional
1723 tests, based on contribution by Amos Jeffries.
1725 2015-02-05 Niels Möller <nisse@lysator.liu.se>
1727 * configure.ac (LIBHOGWEED_MAJOR): Undo latest bump, 4 should be
1728 enough (previous release, nettle-3.0, used 3).
1730 2015-01-30 Niels Möller <nisse@lysator.liu.se>
1732 Update chacha-poly1305 for draft-irtf-cfrg-chacha20-poly1305-08.
1733 * chacha-poly1305.h (CHACHA_POLY1305_NONCE_SIZE): Increase to 12
1734 bytes, i.e., CHACHA_NONCE96_SIZE.
1735 * chacha-poly1305.c (chacha_poly1305_set_nonce): Use
1737 (poly1305_pad): New function.
1738 (chacha_poly1305_encrypt): Use poly1305_pad.
1739 (chacha_poly1305_digest): Call poly1305_pad, and format length
1740 fields as a single poly1305 block.
1742 * chacha-set-nonce.c (chacha_set_nonce96): New function.
1743 * chacha.h (CHACHA_NONCE96_SIZE): New constant.
1744 * testsuite/chacha-test.c: Add test for chacha with 96-bit nonce.
1746 2015-01-27 Niels Möller <nisse@lysator.liu.se>
1748 * ecc.h: Deleted declarations of unused itch functions. Moved
1749 declarations of internal functions to...
1750 * ecc-internal.h: ...new location. Also added a leading under
1751 score on the symbols.
1752 (ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja)
1753 (ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g)
1754 (ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions.
1756 2015-01-26 Niels Möller <nisse@lysator.liu.se>
1758 * ecc-add-eh.c (ecc_add_eh_itch): Deleted.
1759 * ecc-add-ehh.c (ecc_add_ehh_itch): Deleted.
1760 * ecc-add-jja.c (ecc_add_jja_itch): Deleted.
1761 * ecc-add-jjj.c (ecc_add_jjj_itch): Deleted.
1762 * ecc-dup-eh.c (ecc_dup_eh_itch): Deleted.
1763 * ecc-dup-jj.c (ecc_dup_jj_itch): Deleted.
1764 * ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted.
1765 * ecc-j-to-a.c (ecc_j_to_a_itch): Deleted.
1766 * ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted.
1767 * ecc-mul-a.c (ecc_mul_a_itch): Deleted.
1768 * ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted.
1769 * ecc-mul-g.c (ecc_mul_g_itch): Deleted.
1771 2015-01-25 Niels Möller <nisse@lysator.liu.se>
1773 * arm/fat/sha1-compress-2.asm: New file.
1774 * arm/fat/sha256-compress-2.asm: Likewise.
1775 * fat-arm.c (fat_init): Setup for use of additional v6 assembly
1778 * sha1-compress.c: Prepare for fat build with C and assembly
1780 * sha256-compress.c: Likewise.
1782 * fat-setup.h (sha1_compress_func, sha256_compress_func): New typedefs.
1784 * configure.ac (asm_nettle_optional_list): Added
1785 sha1-compress-2.asm and sha256-compress-2.asm, and corresponding
1788 From Martin Storsjö:
1789 * arm: Add .arch directives for armv6. This allows building these
1790 files as part of a fat build, even if the assembler by default
1791 targets a lower architecture version.
1793 2015-01-23 Niels Möller <nisse@lysator.liu.se>
1795 * fat-setup.h (DEFINE_FAT_FUNC): Check value of function pointer,
1796 before calling fat_init. Should be correct even without memory
1798 * fat-x86_64.c (fat_init): Deleted static variable initialized.
1799 The checks of the relevant pointer in DEFINE_FAT_FUNC is more
1801 * fat-arm.c (fat_init): Likewise.
1803 2015-01-21 Niels Möller <nisse@lysator.liu.se>
1805 * fat-arm.c (fat_init): Setup for use of neon assembly functions.
1807 * arm/fat/salsa20-core-internal-2.asm: New file.
1808 * arm/fat/sha3-permute-2.asm: New file.
1809 * arm/fat/sha512-compress-2.asm: New file.
1810 * arm/fat/umac-nh-2.asm: New file.
1811 * arm/fat/umac-nh-n-2.asm: New file.
1813 * salsa20-core-internal.c: Prepare for fat build with C and
1814 assembly implementations.
1815 * sha512-compress.c: Likewise.
1816 * sha3-permute.c: Likewise.
1817 * umac-nh.c: Likewise.
1818 * umac-nh-n.c: Likewise.
1820 * configure.ac (asm_nettle_optional_list): Added more *-2.asm
1821 files, and corresponding HAVE_NATIVE_* defines. Recognize PROLOGUE
1822 macro in asm files, also when not at the start of the line.
1824 2015-01-20 Niels Möller <nisse@lysator.liu.se>
1826 * fat-arm.c (get_arm_features): Check NETTLE_FAT_OVERRIDE
1827 environment variable.
1829 * fat-x86_64.c (get_x86_features): New function. Check
1830 NETTLE_FAT_OVERRIDE environment variable.
1833 * fat-setup.h (secure_getenv) [!HAVE_SECURE_GETENV]: Dummy
1834 definition, returning NULL.
1835 (ENV_OVERRIDE): New constant.
1837 * configure.ac: Check for secure_getenv function.
1839 2015-01-19 Niels Möller <nisse@lysator.liu.se>
1841 * configure.ac: Fat library setup for arm.
1842 * fat-arm.c: New file.
1843 * arm/fat/aes-encrypt-internal.asm: New files.
1844 * arm/fat/aes-encrypt-internal-2.asm: New file.
1845 * arm/fat/aes-decrypt-internal.asm: New file.
1846 * arm/fat/aes-decrypt-internal-2.asm: New file.
1848 * Makefile.in (DISTFILES): Added fat-setup.h.
1850 * fat-setup.h: New file, declarations moved from...
1851 * fat-x86_64.c: ... old location
1853 2015-01-17 Niels Möller <nisse@lysator.liu.se>
1855 * fat-x86_64.c (DECLARE_FAT_FUNC, DEFINE_FAT_FUNC)
1856 (DECLARE_FAT_FUNC_VAR): New macros, to define needed resolver and
1859 * config.m4.in (SYMBOL_PREFIX): Define from from autoconf
1861 (C_NAMS): move definition to...
1862 * asm.m4 (C_NAME): Define here, also take fat_transform.
1863 (fat_suffix): Replaced by...
1864 (fat_transform): New macro, taking symbol name as argument.
1865 Updated all uses of fat_suffix.
1866 * fat-x86_64.c: Updated for internal "_nettle" prefix on
1867 cpu-specific memxor functions.
1869 * fat-x86_64.c: Set up for sse2 vs non-sse2 memxor. Patch by Nikos
1871 * configure.ac (asm_nettle_optional_list): Added memxor-2.asm.
1872 * x86_64/fat/memxor-2.asm: New file.
1873 * x86_64/fat/memxor.asm: New file.
1875 * x86_64/memxor.asm: Use ifdef, not ifelse, for testing USE_SSE2.
1877 2015-01-16 Niels Möller <nisse@lysator.liu.se>
1879 * configure.ac (OPT_NETTLE_SOURCES): New substituted variable.
1880 (asm_path): Fixed x86_64 fat setup. Include only x86_64 and
1881 x86_64/fat in the asm_path. Put fat-x86_64.c in
1882 OPT_NETTLE_SOURCES, with no symlinking.
1884 * fat-x86_64.c: Renamed,...
1885 * x86_64/fat/fat.c: ... from old name.
1887 2015-01-13 Niels Möller <nisse@lysator.liu.se>
1889 * x86_64/fat/fat.c: For constructor hack, check
1890 HAVE_GCC_ATTRIBUTE, not __GNUC__. Also support sun compilers, as
1891 suggested by Nikos Mavrogiannopoulos, and attch the constructor
1892 attribute directly to fat_init.
1893 (fat_constructor): Deleted wrapper function.
1895 * x86_64/fat/fat.c: New file, initialization for x86_64 fat
1898 * x86_64/fat/cpuid.asm (_nettle_cpuid): New file and function.
1900 * x86_64/fat/aes-encrypt-internal.asm: New file, including
1901 x86_64/aes-encrypt-internal.asm, after setting fat_suffix to
1903 * x86_64/fat/aes-decrypt-internal.asm: New file, analogous setup.
1904 * x86_64/fat/aes-encrypt-internal-2.asm: New file, including
1905 x86_64/aesni/aes-encrypt-internal.asm, after setting fat_suffix to
1907 * x86_64/fat/aes-decrypt-internal.asm-2: New file, analogous
1910 * configure.ac: New command line option --enable-fat.
1911 (asm_nettle_optional_list): Added cpuid.asm, fat.c,
1912 aes-encrypt-internal-2.asm, and aes-decrypt-internal-2.asm.
1914 * asm.m4 (fat_suffix): New suffix added to symbol names.
1916 * x86_64/aesni/aes-encrypt-internal.asm: Use explicit .byte
1917 sequences for aes instructions, don't rely on assembler support.
1918 * x86_64/aesni/aes-decrypt-internal.asm: Likewise.
1920 * aclocal.m4 (NETTLE_CHECK_IFUNC): New macro, checking for ifunc
1921 and settting HAVE_LINK_IFUNC if working.
1922 * configure.ac: Use it.
1924 2015-01-12 Niels Möller <nisse@lysator.liu.se>
1926 * asm.m4 (DECLARE_FUNC): New macro, extracted from PROLOGUE.
1929 * configure.ac (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Renamed
1930 substituted variables, and list the object files rather than
1932 (OPT_ASM_NETTLE_SOURCES, OPT_ASM_HOGWEED_SOURCES): ...Old names.
1933 * Makefile.in (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Use new
1936 2015-01-11 Niels Möller <nisse@lysator.liu.se>
1938 * x86_64/aesni/aes-decrypt-internal.asm: New file.
1939 * x86_64/aesni/aes-encrypt-internal.asm: New file.
1940 * configure.ac: New configure flag --enable-x86-aesni.
1942 * aclocal.m4 (LSH_RPATH_INIT): Handle freebsd, in the same way as
1943 gnu/linux, with -Wl,-rpath,.
1945 Merged memxor-reorg changes, starting at 2014-10-23.
1947 2015-01-10 Niels Möller <nisse@lysator.liu.se>
1949 * arm/memxor.asm (memxor3): Moved to new file.
1950 * arm/memxor3.asm: New file.
1952 2014-11-24 Niels Möller <nisse@lysator.liu.se>
1954 * x86_64/memxor3.asm (memxor3): New file, code moved from old
1956 * x86_64/memxor.asm (memxor): Rewritten, no longer jumps into
1959 * configure.ac (asm_replace_list): Added memxor.asm and
1962 2014-10-23 Niels Möller <nisse@lysator.liu.se>
1964 * configure.ac (IF_ASM): New substituted variable.
1965 * testsuite/Makefile.in (VALGRIND): Allow partial loads only when
1966 build includes assembly files.
1968 * memxor-internal.h (READ_PARTIAL): New macro.
1969 * memxor.c (memxor_different_alignment): Avoid out-of-bounds
1970 reads, corresponding to valgrind's --partial-loads-ok. Use
1972 * memxor3.c: Analogous changes for unaligned operations.
1974 * configure.ac (asm_replace_list): Deleted memxor.asm, now
1975 incompatible with the memxor/memxor3 split.
1977 * memxor3.c: New file, split off from memxor.c.
1978 * memxor-internal.h: New file, declarations shared by memxor.c and
1980 * memxor.c: memxor3 functions moved out from this file.
1981 * Makefile.in (nettle_SOURCES): Added memxor3.c.
1982 (DISTFILES): Added memxor-internal.h.
1984 * memxor.c (memxor_common_alignment, memxor_different_alignment)
1985 (memxor): Change loop order, iterate from the end.
1986 (memxor3_common_alignment): Unroll twice.
1987 (word_t): On x86_64, unconditionally define as uint64_t, to get 64
1988 bits also in M$ windows. Replaced all uses of SIZEOF_LONG.
1990 2014-12-12 Niels Möller <nisse@lysator.liu.se>
1992 * cbc.h (CBC_ENCRYPT, CBC_DECRYPT): Make type-checking hack
1993 stricter, warn if type of length argument is smaller than size_t.
1994 * ctr.h (CTR_CRYPT): Likewise.
1995 * eax.h (EAX_SET_KEY, EAX_SET_NONCE, EAX_UPDATE, EAX_ENCRYPT)
1996 (EAX_DECRYPT, EAX_DIGEST): Likewise.
1997 * gcm.h (GCM_SET_KEY, GCM_ENCRYPT, GCM_DECRYPT, GCM_DIGEST):
2000 2014-12-08 Niels Möller <nisse@lysator.liu.se>
2002 * aclocal.m4 (LD_VERSION_SCRIPT): Linker scripts no longer located
2005 * configure.ac (LIBNETTLE_MAJOR): Bump major number, now 6.
2006 (LIBHOGWEED_MAJOR): Bump major number, now 5.
2008 From Nikos Mavrogiannopoulos. Support for versioned symbols.
2009 * aclocal.m4 (LD_VERSION_SCRIPT): New macro. Substitute
2010 EXTRA_LINKER_FLAGS and EXTRA_HOGWEED_LINKER_FLAGS.
2011 * configure.ac: Use LD_VERSION_SCRIPT. Generate libnettle.map
2013 (HOGWEED_EXTRA_SYMBOLS): New substituted variable.
2014 * libnettle.map.in: New file, libnettle.so linker script
2015 * libhogweed.map.in: New file, libhogweed.so linker script.
2016 * Makefile.in ($(LIBNETTLE_FORLINK)): Use EXTRA_LINKER_FLAGS.
2017 ($(LIBHOGWEED_FORLINK)): Use EXTRA_HOGWEED_LINKER_FLAGS.
2019 2014-11-24 Niels Möller <nisse@lysator.liu.se>
2021 * gcm.h (GCM_SET_KEY): Rename macro argument KEY to avoid
2022 collision with a struct tag. Spotted by Nikos Mavrogiannopoulos.
2024 * testsuite/eddsa-verify-test.c (test_eddsa): Fixed test case bug,
2025 showing up as use of uninitialized data with valgrind.
2027 2014-10-23 Niels Möller <nisse@lysator.liu.se>
2029 * examples/nettle-benchmark.c (time_memxor): Allocate buffers as
2030 arrays of unsigned long, for more reliable alignment.
2032 2014-10-22 Niels Möller <nisse@lysator.liu.se>
2034 * configure.ac: Check for getline function.
2035 * testsuite/ed25519-test.c (getline) [!HAVE_GETLINE]: Fallback
2038 * Makefile.in (clean-here): Unconditionally delete .so and .dll
2040 (IMPLICIT_TARGETS): Deleted variable.
2042 2014-10-21 Niels Möller <nisse@lysator.liu.se>
2044 * testsuite/ed25519-test.c: New test case. Optionally reads the
2045 file pointed to by $ED25519_SIGN_INPUT.
2047 * testsuite/testutils.c (tstring_hex): Rewrite, using Nettle's
2049 (decode_hex, decode_hex_length): Deleted functions.
2051 2014-10-20 Niels Möller <nisse@lysator.liu.se>
2053 * eddsa.h (ED25519_KEY_SIZE): New constant.
2054 (ED25519_SIGNATURE_SIZE): New constant.
2055 (struct ed25519_private_key): New struct.
2056 (struct ed25519_public_key): New struct.
2058 * ed25519-sha512-sign.c (ed25519_sha512_set_private_key)
2059 (ed25519_sha512_sign): New file and functions.
2060 * ed25519-sha512-verify.c (ed25519_sha512_set_public_key)
2061 (ed25519_sha512_verify): New file and functions.
2062 * Makefile.in (hogweed_SOURCES): Added ed25519-sha512-sign.c and
2063 ed25519-sha512-verify.c.
2066 2014-10-18 Niels Möller <nisse@lysator.liu.se>
2068 * eddsa-verify.c (_eddsa_verify): Change argument order, putting A
2070 * eddsa.h: Updated prototype.
2071 * testsuite/eddsa-verify-test.c (test_eddsa): Updated
2072 _eddsa_verify calls.
2074 2014-10-14 Niels Möller <nisse@lysator.liu.se>
2076 * eddsa-verify.c (equal_h): New function.
2077 (_eddsa_verify): Use it for a proper point compare, replacing an
2080 * testsuite/eddsa-verify-test.c: New testcase.
2081 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2082 eddsa-verify-test.c.
2084 * eddsa-verify.c (_eddsa_verify, eddsa_verify_itch): New file, new
2086 * eddsa.h: Declare new functions.
2087 * Makefile.in (hogweed_SOURCES): Added eddsa-verify.c.
2089 2014-10-08 Niels Möller <nisse@lysator.liu.se>
2091 * testsuite/eddsa-sign-test.c (test_eddsa_sign): Use
2092 _eddsa_expand_key, and check its public key output.
2094 * eddsa-expand.c (_eddsa_expand_key): New file, new function.
2095 * eddsa.h (_eddsa_expand_key): Declare it.
2096 * Makefile.in (hogweed_SOURCES): Added eddsa-expand.c.
2098 * eddsa-sign.c: Drop unneeded include of nettle-internal.h.
2100 2014-10-04 Niels Möller <nisse@lysator.liu.se>
2102 * testsuite/eddsa-sign-test.c: New testcase.
2103 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2106 * eddsa-sign.c (_eddsa_sign, _eddsa_sign_itch): New file, new
2108 * eddsa-hash.c (_eddsa_hash): New file and function.
2109 * eddsa.h: Declare new functions.
2110 * Makefile.in (hogweed_SOURCES): Added eddsa-hash.c and
2113 2014-10-03 Niels Möller <nisse@lysator.liu.se>
2115 * testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Enable test.
2116 (test_main): Replace gmp_fprintf calls.
2117 * testsuite/ecc-mul-a-test.c: Likewise.
2118 * testsuite/ecc-mul-g-test.c: Likewise.
2120 * testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Enable test.
2121 (ref_modinv): Use mpz_gcdext, instead of mpn_gcdext.
2122 (test_modulo): Replace gmp_fprintf calls.
2124 * testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Enable test.
2125 (ref_mod): Use mpz_mod and mpz_limbs_copy, instead of mpn_tdiv_qr.
2126 (test_modulo): Replace gmp_fprintf calls by plain fprintf and
2129 * testsuite/testutils.c (mpn_out_str): New function, needed to
2130 replace uses of gmp_fprintf.
2132 * testsuite/ecc-sqrt-test.c (mpz_ui_kronecker)
2133 [NETTLE_USE_MINI_GMP]: New fallback definition when building with
2135 * testsuite/testutils.c (gmp_randinit_default)
2136 [NETTLE_USE_MINI_GMP]: Likewise.
2137 (mpz_urandomb): Likewise.
2138 * testsuite/testutils.h (gmp_randstate_t) [NETTLE_USE_MINI_GMP]:
2139 Fallback typedef, using knuth_lfib_ctx.
2141 2014-10-02 Niels Möller <nisse@lysator.liu.se>
2143 * testsuite/eddsa-compress-test.c: New testcase.
2144 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2145 eddsa-compress-test.c.
2147 * eddsa-decompress.c (_eddsa_decompress): New file, new function.
2148 * eddsa-compress.c (_eddsa_compress): New file, new function.
2149 * eddsa.h: New file.
2150 * Makefile.in (HEADERS): Added eddsa.h.
2151 (hogweed_SOURCES): Added eddsa-compress.c and eddsa-decompress.c.
2153 * testsuite/ecc-sqrt-test.c: New test case.
2154 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2157 * ecc-25519.c (PHIGH_BITS): Always define this constant.
2158 (ecc_25519_zero_p): New function.
2159 (ecc_25519_sqrt): Take a ratio u/v as input. Added scratch
2160 argument. Made static.
2161 * ecc-internal.h (ecc_mod_sqrt_func): New typedef.
2162 (struct ecc_modulo): Added sqrt_itch and sqrt function pointer.
2163 Updated all instances.
2164 (ecc_25519_sqrt): Deleted declaration, function now static.
2166 2014-09-24 Niels Möller <nisse@lysator.liu.se>
2168 * curve25519.h [__cplusplus]: Fixed extern "C" block.
2170 2014-09-23 Niels Möller <nisse@lysator.liu.se>
2172 * ecc-hash.c (ecc_hash): Changed argument type from struct
2173 ecc_curve to struct ecc_modulo. Updated callers.
2174 * testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
2175 signature s. Changed since the hash value is truncated a few bits
2176 more, to match the size of q.
2177 * testsuite/ecdsa-verify-test.c (test_main): Likewise.
2179 * testsuite/ecc-modinv-test.c (zero_p): New function, checking for
2181 (test_modulo): Use zero_p. Switch to dynamic allocation. Updated
2182 for larger modinv result area, and use invert_itch.
2184 * ecc-25519.c (ecc_mod_pow_2kp1): Renamed, and take a struct
2185 ecc_modulo * as argument.
2186 (ecc_modp_powm_2kp1): ... old name.
2187 (ecc_mod_pow_252m3): New function, extracted from ecc_25519_sqrt.
2188 (ecc_25519_inv): New modp invert function, about 5.5 times faster
2190 (ecc_25519_sqrt): Use ecc_mod_pow_252m3.
2191 (nettle_curve25519): Point to ecc_25519_inv. Updated p.invert_itch
2194 * ecc-internal.h (struct ecc_modulo): New field invert_itch.
2195 Updated all implementations.
2196 (ECC_EH_TO_A_ITCH): Updated, and take invert itch as an argument.
2197 * ecc-eh-to-a.c (ecc_eh_to_a_itch): Take invert scratch into account.
2199 * testsuite/testutils.c (test_ecc_mul_h): Use ecc->h_to_a_itch.
2201 * ecc-mod-inv.c (ecc_mod_inv): Interface change, make ap input
2202 const, and require 2n limbs at rp. Preparing for powm-based
2203 alternative implementations. Drop #if:ed out code and dp
2204 temporary. Updated all callers, more complicated cases described
2206 * ecc-internal.h (typedef ecc_mod_inv_func): Added const to input
2208 (ECC_MOD_INV_ITCH): Renamed, was ECC_MODINV_ITCH, and reduced to
2210 * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Overhauled allocation,
2211 putting mod_inv scratch at the end.
2213 2014-09-22 Niels Möller <nisse@lysator.liu.se>
2215 * ecc-random.c (ecc_mod_random): Renamed, and take a const struct
2216 ecc_modulo * as argument. Updated callers.
2217 (ecc_modq_random): ... old name.
2219 * ecc-mod-arith.c: New file, replacing ecc-modp.c and ecc-modq.c.
2220 All functions take a struct ecc_modulo as argument.
2221 (ecc_mod_add, ecc_mod_sub, ecc_mod_mul_1, ecc_mod_addmul_1)
2222 (ecc_mod_submul_1, ecc_mod_mul, ecc_mod_sqr): New functions,
2223 replacing the corresponding ecc_modp_* functions. For convenience,
2224 old names are defined as macros wrapping the new functions.
2225 * ecc-modp.c: Deleted file.
2226 * ecc-modq.c: Deleted file.
2227 * Makefile.in (hogweed_SOURCES): Updated accordingly.
2229 * testsuite/ecc-redc-test.c (test_main): Relaxed tests for which
2232 * testsuite/ecc-modinv-test.c (test_modulo): New function, same
2233 organization as in ecc-mod-test.c below.
2235 * testsuite/ecc-mod-test.c (test_modulo): New function, testing
2236 one modulo. Replacing...
2237 (test_curve): ... old function.
2238 (test_main): Invoke test_modulo for p and q of each curve.
2240 * ecc-internal.h (ecc_mod_inv_func): New typedef.
2241 (struct ecc_modulo): Added mp1h constant and invert function
2242 pointer. Updated all callers.
2243 * ecc-modp.c (ecc_modp_inv): Deleted wrapper function.
2244 * ecc-modq.c (ecc_modq_inv): Deleted wrapper function.
2246 * ecc-mod-inv.c (ecc_mod_inv): Renamed file and function. Also
2247 take a struct ecc_modulo * as argument.
2248 * sec-modinv.c (sec_modinv): ... the old names. Deleted.
2249 * Makefile.in (hogweed_SOURCES): Updated accordingly.
2251 * examples/ecc-benchmark.c (bench_modinv_powm, bench_curve):
2252 Updated benchmarking of mpn_sec_powm.
2254 * ecc-internal.h (struct ecc_curve): Deleted redc function
2255 pointer. Use only reduce pointer, which is redc or modp as
2256 applicable. Updated all users.
2257 (struct ecc_modulo): Moved mod and reduce function pointers to
2260 * ecc-generic-modp.c (ecc_generic_modp): Deleted file and
2261 function. We no longer need a wrapper around ecc_mod.
2262 * ecc-generic-modq.c (ecc_generic_modq): Likewise deleted.
2263 * Makefile.in (hogweed_SOURCES): Removed ecc-generic-modp.c and
2266 * ecc-internal.h (typedef ecc_mod_func): Take a const struct
2267 ecc_modulo * argument, not const struct ecc_curve *. Updated all
2268 implementations and all callers.
2270 * ecc-mod.c (ecc_mod): Use struct ecc_modulo to specify the
2271 modulo. Drop input size argument, always reduce from 2*size to
2274 * ecc-internal.h (struct ecc_modulo): New struct, collecting
2275 constants needed for modulo arithmetic.
2276 (struct ecc_curve): Use struct ecc_modulo for p and q arithmetic.
2277 Updated all ecc-related files.
2279 2014-09-17 Niels Möller <nisse@lysator.liu.se>
2281 * gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn
2282 counter, making the function clear some bytes beyond the end of
2283 the output buffer. The bug triggered a make check failure on ARM.
2285 * testsuite/testutils.c (ecc_curves): Include curve25519 in list.
2286 (test_ecc_mul_a): Include reference points for curve25519 (with
2287 Edwards coordinates). Allow n == 0 and n == 1, comparing to zero
2288 and the generator, respectively.
2289 * testsuite/ecc-add-test.c (point_zero_p): Deleted function.
2290 (test_main): Replace calls to point_zero_p by calls to
2291 test_ecc_mul_h with n == 0.
2292 * testsuite/ecc-dup-test.c: Likewise.
2294 * testsuite/ecc-modinv-test.c (mpn_zero_p): Moved function, to...
2295 * testsuite/testutils.c (mpn_zero_p): New location. Also make
2298 * testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add special case
2301 * testsuite/ecc-mul-a-test.c (test_main): Fix point negation to
2303 * testsuite/ecc-mul-g-test.c (test_main): Likewise.
2305 * ecc-a-to-eh.c (ecc_a_to_eh_itch, ecc_a_to_eh): Deleted file and
2307 * ecc.h: Deleted corresponding declarations.
2308 * ecc-internal.h (ECC_A_TO_EH_ITCH): Deleted macro.
2309 * Makefile.in (hogweed_SOURCES): Removed ecc-a-to-eh.c.
2311 * testsuite/ecdh-test.c (test_main): Update curve25519 test to use
2312 Edwards coordinates.
2313 * testsuite/ecdsa-sign-test.c (test_main): Likewise.
2314 * testsuite/ecdsa-verify-test.c (test_main): Likewise.
2316 * ecc-point.c (ecc_point_set): Use Edwards rather than Montgomery
2319 * ecc-mul-a-eh.c (ecc_mul_a_eh, table_init): Take an Edwards point
2320 as input, not a Montgomery point. Hence, use ecc_a_to_j, not
2323 * ecc-eh-to-a.c (ecc_eh_to_a): Just convert to affine coordinates,
2324 don't transform from Edwards to Montgomery form. Also reduces
2325 scratch need slightly.
2326 * ecc-internal.h (ECC_EH_TO_A_ITCH): Reduced.
2328 * ecdsa-keygen.c (ecdsa_generate_keypair): Use struct ecc_curve
2331 * testsuite/curve25519-dup-test.c: Deleted file. In the way for
2332 conversion to Edwards coordinate convention, and in the end
2333 the tests will be done by ecc-dup-test.c.
2334 * testsuite/curve25519-add-test.c: Similarly deleted.
2335 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Removed
2336 curve25519-dup-test.c and curve25519-add-test.c.
2338 2014-09-16 Niels Möller <nisse@lysator.liu.se>
2340 * testsuite/ecc-add-test.c: New generalized testcase, to replace
2341 curve25519-add-test.c.
2342 * testsuite/ecc-dup-test.c: New generalized testcase, to replace
2343 curve25519-dup-test.c.
2344 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-add-test.c
2347 2014-09-14 Niels Möller <nisse@lysator.liu.se>
2349 * testsuite/ecc-mul-a-test.c (test_main): Use struct ecc_curve
2351 * testsuite/ecc-mul-g-test.c (test_main): Likewise.
2353 2014-09-09 Niels Möller <nisse@lysator.liu.se>
2355 * curve25519-mul.c (curve25519_mul): Switch to use Montgomery
2356 ladder. About 20% faster than current Edwards curve operations.
2357 Difference is expected to shrink when Edwards operations are
2358 optimized to take advantage of the twist, but it seems unlikely to
2359 get significantly faster than the Montgomery ladder.
2361 * gmp-glue.c (cnd_swap): Moved function here, made non-static.
2362 Changed cnd type to mp_limb_t, for consistency with GMP
2364 * sec-modinv.c (cnd_swap): ... old location.
2365 * gmp-glue.h (cnd_swap): Declare function.
2367 2014-09-06 Niels Möller <nisse@lysator.liu.se>
2369 * examples/hogweed-benchmark.c (bench_curve25519_mul_g)
2370 (bench_curve25519_mul, bench_curve25519): New functions.
2371 (main): Added benchmarking of curve25519 functions.
2373 2014-09-03 Niels Möller <nisse@lysator.liu.se>
2375 * Makefile.in: Revert 2013-02-06 Makefile changes: use a single
2376 rule for transforming .asm to .o, and drop include of asm.d.
2377 Possible now since we generate a single object file from each asm
2378 file. This change also helps Solaris' make recognize .asm files.
2379 * config.make.in (.SUFFIXES): Drop .s from list.
2380 * configure.ac: Delete code to generate asm.d.
2382 * Makefile.in: Delete all uses of *.po files, use the same object
2383 files for both shared and static libraries.
2384 * configure.ac (dummy-dep-files): Don't create any .po.d files.
2386 * aclocal.m4 (LSH_CCPIC): Don't substitute CCPIC here, let
2387 configure.ac do that if needed.
2389 * configure.ac (CCPIC_MAYBE, SHLIBCFLAGS): Deleted substituted
2390 variables. Instead, use CCPIC directly when compiling all library
2392 (CCPIC): Set to empty, if --disable-pic is used.
2394 * config.make.in (SHLIBCFLAGS, CCPIC_MAYBE): Deleted.
2395 (COMPILE, COMPILE_CXX): Drop CCPIC. New variable EXTRA_CFLAGS,
2396 which can be set by individual Makefiles.
2398 * Makefile.in (EXTRA_CFLAGS): Set using CCPIC.
2399 Also delete all uses of CCPIC_MAYBE and SHLIBCFLAGS.
2401 2014-09-02 Niels Möller <nisse@lysator.liu.se>
2403 * curve25519-eh-to-x.c (curve25519_eh_to_x): New file, new
2404 function. The curve25519 transform currently done by ecc_eh_to_a,
2405 but which should eventually be eliminted from that function.
2406 * Makefile.in (hogweed_SOURCES): Added curve25519-eh-to-x.c.
2407 * ecc-internal.h (curve25519_eh_to_x): Declare it.
2409 * curve25519-mul.c (curve25519_mul): Use it.
2410 * curve25519-mul-g.c (curve25519_mul_g): Likewise. Also introduce
2411 local variable ecc, and use ecc->mul_g_itch.
2413 2014-08-29 Niels Möller <nisse@lysator.liu.se>
2415 * testsuite/testutils.c (test_ecc_mul_j): Renamed, to ...
2416 (test_ecc_mul_h): ... new name. Use ecc->h_to_a function pointer.
2419 * examples/ecc-benchmark.c (bench_add_jjj): Renamed, to ...
2420 (bench_add_hhh): ... new name. Use ecc->add_hhh function pointer.
2421 (bench_add_ehh): Deleted.
2422 (bench_curve): Use bench_add_hhh for all curves. Use ecc->mul_itch
2425 Switch the curve25519 implementation to use the isomorphism to the
2426 twisted Edwards curve which is used for Ed25519 signatures.
2427 * eccdata.c (ecc_curve_init): Tweaked the transformation constant
2428 for the isomorphism between curve25519 and the twisted Edwards
2430 * ecc-add-ehh.c (ecc_add_ehh): Updated formulas for the twist curve.
2431 * ecc-add-eh.c (ecc_add_eh): Likewise.
2432 * ecc-dup-eh.c (ecc_dup_eh): Likewise.
2434 2014-08-28 Niels Möller <nisse@lysator.liu.se>
2436 * ecdsa-verify.c (ecdsa_verify): Drop include of ecc-internal.h,
2437 use ecc_size function instead.
2439 * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use the struct ecc_curve
2440 function pointers: mul, mul_g, add_hhh, h_to_a.
2442 * ecc-internal.h (ECC_ECDSA_VERIFY_ITCH): Deleted macro. Needed
2443 scratch depends on curve type, not just size.
2444 (ecc_add_func): New typedef.
2445 (struct ecc_curve): New function pointer add_hhh, and constant
2446 add_hhh_itch. Updated all instances.
2448 * ecdsa-verify.c (ecdsa_verify): Use the ecc_ecdsa_verify_itch
2449 function, not the corresponding macro.
2450 * ecc-ecdsa-verify.c (ecc_ecdsa_verify_itch): Take ecc->mul_itch
2451 into account. Also reduce to 5*ecc->size + ecc->mul_itch.
2453 * testsuite/ecdsa-sign-test.c (test_main): Added test for the
2454 obscure case of ecdsa using curve25519.
2455 * testsuite/ecdsa-verify-test.c (test_main): Likewise (depends on
2458 * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Use mul_g and h_to_a function
2459 pointers. Implies (obscure) support for curve25519.
2461 * ecc-25519.c (ecc_25519_modq): Access q via the ecc struct.
2463 * ecc-eh-to-a.c (ecc_eh_to_a): Analogous change as for ecc_j_to_a.
2464 The modulo q case (op == 2) is hardcoded for curve25519.
2466 * ecc-j-to-a.c (ecc_j_to_a): For curves using redc, always convert
2467 back from redc form. When producing x coordinate only, optionally
2468 reduce it modulo q. Completely changes the meaning of the "flags"
2469 argument, and renames it to "op". Update all users of this
2470 function or ecc->h_to_a.
2472 * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Use new ecc_j_to_a modulo q
2474 * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Likewise.
2476 * testsuite/symbols-test: Regexp fixes, to better filter out
2477 get_pc_thunk functions.
2479 * ecc-generic-redc.c (ecc_generic_redc): Deleted file and
2480 function. Split into...
2481 * ecc-pp1-redc.c (ecc_pp1_redc): New file and function.
2482 * ecc-pm1-redc.c (ecc_pm1_redc): New file and function.
2483 * ecc-internal.h: Updated declarations.
2484 * Makefile.in (hogweed_SOURCES): Replace ecc-generic-redc.c by
2485 ecc-pp1-redc.c and ecc-pm1-redc.c.
2486 * ecc-192.c: Use ecc_pp1_redc (benchmarking only).
2487 * ecc-224.c: Use ecc_pm1_redc when applicable.
2488 * ecc-256.c: Use ecc_pp1_redc when applicable.
2489 * ecc-384.c: Use ecc_pp1_redc (benchmarking only).
2490 * ecc-521.c: Use ecc_pp1_redc (benchmarking only).
2491 * testsuite/ecc-redc-test.c (test_main): Replace use of
2492 ecc_generic_redc by ecc_pp1_redc and ecc_pm1_redc.
2494 * eccdata.c (output_curve): Don't output ecc_redc_g.
2495 * ecc-internal.h (struct ecc_curve): Deleted unused field redc_g.
2496 Updated all instances.
2498 2014-08-27 Niels Möller <nisse@lysator.liu.se>
2500 * ecc-modq.c (ecc_modq_inv): Use q_bit_size.
2502 * ecc-internal.h (struct ecc_curve): New field q_bit_size. Updated
2505 * configure.ac: Bumped package version number to 3.1.
2506 (LIBHOGWEED_MAJOR): Bumped library version to 4.0.
2508 Merged curve25519 changes (starting at 2014-07-04).
2509 * Makefile.in (clean-here): Added ecc-25519.h.
2511 2014-08-26 Niels Möller <nisse@lysator.liu.se>
2513 * examples/ecc-benchmark.c (bench_mul_g, bench_mul_a): Use struct
2514 ecc_curve function pointers.
2515 (bench_mul_g_eh, bench_mul_a_eh): Deleted.
2516 (bench_curve): Make modq benchmark unconditional. Use bench_mul_g
2517 and bench_mul_a also for curve25519.
2519 * testsuite/ecc-mod-test.c (test_curve): Make modq test
2520 unconditional, partially reverting 2014-07-04 change.
2522 * ecc-25519.c (ecc_25519_modq): New function.
2524 * eccdata.c (output_curve): Precomputation for curve25519 mod q.
2526 * mini-gmp.c (mpz_abs_sub_bit): Do full normalization, needed in
2527 case the most significant bit is cleared.
2529 2014-08-25 Niels Möller <nisse@lysator.liu.se>
2531 * testsuite/ecdh-test.c (set_point): Check return value of
2533 (test_main): Enable curve25519 test.
2535 * ecc-point-mul-g.c (ecc_point_mul_g): Use ecc->mul_g and
2536 ecc->h_to_a function pointers.
2537 * ecc-point-mul.c (ecc_point_mul): Use the ecc->mul and
2538 ecc->h_to_a function pointers.
2540 * ecc-internal.h (ecc_mul_g_func, ecc_mul_func, ecc_h_to_a_func):
2542 (struct ecc_curve): New function pointers mul, mul_g, h_to_a, and
2543 constans for their scratch requirements. Updated all instances.
2545 * ecc-point.c (ecc_point_set): Handle curve25519 as a special
2546 case, when checking if the point is on the curve.
2548 2014-08-24 Niels Möller <nisse@lysator.liu.se>
2550 * testsuite/ecdh-test.c: Test ecc_point_mul and ecc_point_mul_g,
2551 using test data generated by ecc-ref.gp. Tests for all curves
2552 except curve25519, which doesn't yet work with the general
2553 ecc_point interface.
2555 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecdh-test.c.
2557 * misc/ecc-ref.gp: Script to generate ECDH test data.
2559 2014-08-23 Niels Möller <nisse@lysator.liu.se>
2561 * ecc-a-to-j.c (ecc_a_to_j): Deleted INITIAL argument.
2562 * ecc.h (ecc_a_to_j): Updated prototype.
2563 * ecc-mul-a.c (ecc_mul_a, table_init): Updated calls to ecc_a_to_j.
2565 * ecc-mul-a.c (ecc_mul_a): Deleted INITIAL argument, all callers,
2566 except the tests, pass 1. Updated all callers.
2567 (table_init): Likewise deleted INITIAL.
2568 * ecc.h (ecc_mul_a): Updated prototype.
2569 * testsuite/ecc-mul-a-test.c (test_main): Deleted tests for
2570 ecc_mul_a with INITIAL == 0.
2572 * ecc-internal.h (struct ecc_curve): Reordered struct, moved
2573 function pointers before pointers to bignum constants.
2575 * sec-modinv.c (sec_modinv): Document that for a == 0 (mod m), we
2576 should produce the "inverse" 0.
2578 * testsuite/ecc-modinv-test.c (test_main): Check that ecc_modp_inv
2579 produces 0 if a == 0 or a == p.
2581 2014-08-22 Niels Möller <nisse@lysator.liu.se>
2583 * x86_64/ecc-25519-modp.asm: New file. Assembly implementation,
2584 initial version yields 30% speedup of ecc_25519_modp. Early
2585 folding eliminates one pass of carry propagation, and yields
2586 almost 20% additional speedup.
2588 * ecc-25519.c [HAVE_NATIVE_ecc_25519_modp]: Use assembly version
2591 * configure.ac (asm_hogweed_optional_list): Added ecc-25519-modp.asm.
2592 Also add HAVE_NATIVE_ecc_25519_modp to config.h.in.
2594 2014-08-19 Niels Möller <nisse@lysator.liu.se>
2596 * examples/ecc-benchmark.c (bench_curve): Support benchmarking of
2597 curve25519, for now handled as a special case.
2598 (curves): Added nettle_curve25519.
2599 (bench_dup_eh, bench_add_eh, bench_add_ehh, bench_mul_g_eh): New
2602 2014-08-18 Niels Möller <nisse@lysator.liu.se>
2604 * testsuite/curve25519-dh-test.c (test_a): Use curve25519_mul.
2605 (test_main): Use little-endian inputs for test_a.
2606 (curve25519_sqrt, curve_25519): Deleted static helper functions,
2609 * curve25519-mul.c (curve25519_mul): New file and function.
2610 * curve25519.h (curve25519_mul): Declare it.
2611 * Makefile.in (hogweed_SOURCES): Added curve25519-mul.c.
2613 * curve25519-mul-g.c (curve25519_mul_g): Renamed file and
2614 function, updated callers.
2615 * curve25519-base.c (curve25519_base): ... old names.
2616 * Makefile.in (hogweed_SOURCES): Updated for rename.
2618 * eccdata.c (output_curve): Compute constants needed for
2620 * ecc-25519.c (ecc_modp_powm_2kp1, ecc_25519_sqrt): New functions.
2621 * ecc-internal.h (ecc_25519_sqrt): Declare it.
2623 2014-08-06 Niels Möller <nisse@lysator.liu.se>
2625 * testsuite/curve25519-dh-test.c (test_g): Use curve25519_base.
2626 (test_main): Use little-endian inputs for test_g.
2628 * curve25519-base.c (curve25519_base): New file, new function.
2629 Analogous to NaCl's crypto_scalarmult_base.
2630 * curve25519.h: New file.
2631 * Makefile.in (hogweed_SOURCES): Added curve25519-base.c.
2632 (HEADERS): Added curve25519.h.
2634 * gmp-glue.c (mpn_set_base256_le, mpn_get_base256_le): New functions.
2635 * gmp-glue.h: Declare them.
2637 2014-08-02 Niels Möller <nisse@lysator.liu.se>
2639 * testsuite/curve25519-dh-test.c (curve25519_sqrt): Fixed memory
2640 leak, a mpz_clear call was missing.
2642 * ecc-internal.h (ECC_MUL_A_EH_WBITS): Set to 4, to enable
2643 window-based scalar multiplication.
2645 * ecc-mul-a-eh.c (table_init) [ECC_MUL_A_EH_WBITS > 0]: Fixed
2646 initialization of TABLE(1).
2648 2014-07-29 Niels Möller <nisse@lysator.liu.se>
2650 * ecc-internal.h (ECC_MUL_A_EH_WBITS): New constant.
2651 (ECC_A_TO_EH_ITCH, ECC_MUL_A_EH_ITCH): New macros.
2652 * ecc-a-to-eh.c (ecc_a_to_eh, ecc_a_to_eh_itch): New file, new
2654 * ecc-mul-a-eh.c: New file.
2655 (ecc_mul_a_eh): New function. The case [ECC_MUL_A_EH_WBITS > 0]
2657 (ecc_mul_a_eh_itch): New function.
2658 * ecc.h: Declare new functions.
2659 * Makefile.in (hogweed_SOURCES): Added ecc-a-to-eh.c and
2662 * testsuite/curve25519-dh-test.c (curve25519_sqrt): New function.
2663 (curve_25519): Use ecc_mul_a_eh.
2664 (test_a): New function.
2665 (test_main): Test construction of shared secret, using scalar
2666 multiplication with points other than the fix generator.
2668 2014-07-26 Niels Möller <nisse@lysator.liu.se>
2670 * ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
2671 * ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
2673 2014-07-23 Niels Möller <nisse@lysator.liu.se>
2675 * testsuite/curve25519-dh-test.c: New test case, based on
2676 draft-josefsson-tls-curve25519-05 test vectors.
2677 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added curve25519-dh-test.c.
2679 2014-07-18 Niels Möller <nisse@lysator.liu.se>
2681 * ecc-mul-g-eh.c (ecc_mul_g_eh, ecc_mul_g_eh_itch): New file and
2682 functions. Untested.
2683 * ecc.h (ecc_mul_g_eh_itch): Declare new functions.
2684 * ecc-internal.h (ECC_MUL_G_EH_ITCH): New macro.
2685 * Makefile.in (hogweed_SOURCES): Added ecc-mul-g-eh.c.
2687 2014-07-17 Niels Möller <nisse@lysator.liu.se>
2689 * ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
2690 * ecc-internal.h (ECC_ADD_EH_ITCH): Reduced to 6*size.
2692 * testsuite/curve25519-dup-test.c (test_main): Free allocated
2695 2014-07-15 Niels Möller <nisse@lysator.liu.se>
2697 * ecc-add-eh.c (ecc_add_eh, ecc_add_eh_itch): New file, new
2699 * ecc.h: Declare new functions.
2700 * ecc-internal.h (ECC_ADD_EH_ITCH): New macro.
2701 * Makefile.in (hogweed_SOURCES): Added ecc-add-eh.c.
2702 * testsuite/curve25519-add-test.c (test_main): Test ecc_add_eh.
2703 Additional test for g2+g2. Free allocated storage.
2705 2014-07-14 Niels Möller <nisse@lysator.liu.se>
2707 * testsuite/curve25519-add-test.c: New test case.
2708 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2709 curve25519-add-test.c.
2711 * ecc-add-ehh.c (ecc_add_ehh, ecc_add_ehh_itch): New file, new
2713 * ecc.h (ecc_add_ehh, ecc_add_ehh_itch): Declare them.
2714 * ecc-internal.h (ECC_ADD_EHH_ITCH): New macro.
2715 * Makefile.in (hogweed_SOURCES): Added ecc-add-ehh.c.
2717 * ecc-25519.c (nettle_curve25519): Use ecc_d instead of ecc_b.
2719 * eccdata.c: For curve25519, output the Edwards curve constant,
2720 ecc_d = (121665/121666) mod p.
2722 * testsuite/curve25519-dup-test.c (test_main): Add test for 4g.
2723 Delete some left-over debug output.
2725 2014-07-11 Niels Möller <nisse@lysator.liu.se>
2727 * misc/ecc-formulas.tex: Some ECC notes.
2729 * testsuite/curve25519-dup-test.c: New testcase.
2730 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2731 curve25519-dup-test.c.
2733 * testsuite/testutils.c (test_ecc_point): Made non-static.
2734 * testsuite/testutils.h (struct ecc_ref_point): Moved here, from
2736 (test_ecc_point): Declare it.
2738 * ecc-dup-eh.c (ecc_dup_eh, ecc_dup_eh_itch): New file, new functions.
2739 * ecc-eh-to-a.c (ecc_eh_to_a, ecc_eh_to_a_itch): New file, new
2741 * ecc.h: Declare new functions.
2742 * ecc-internal.h (ECC_EH_TO_A_ITCH, ECC_DUP_EH_ITCH): New macros.
2743 * Makefile.in (hogweed_SOURCES): Added ecc-dup-eh.c and
2746 * ecc-internal.h (struct ecc_curve): New constant edwards_root.
2747 * ecc-192.c (nettle_secp_192r1): Updated accordingly, additional
2749 * ecc-224.c (nettle_secp_224r1): Likewise.
2750 * ecc-256.c (nettle_secp_256r1): Likewise.
2751 * ecc-384.c (nettle_secp_384r1): Likewise.
2752 * ecc-521.c (nettle_secp_521r1): Likewise.
2753 * ecc-25519.c (nettle_curve25519): Initialize new constant.
2755 * eccdata.c (ecc_curve_init): For curve 25519, use correct
2756 constant for edwards coordinate transform, and output the constant
2759 2014-07-06 Niels Möller <nisse@lysator.liu.se>
2761 * eccdata.c: Use separate is_zero flag to represent the neutral
2763 (output_point, output_point_redc): Unified to a single function,
2764 with a use_redc flag argument. Also support conversion to Edwards
2766 (ecc_curve_init_str): New argument for Edwards curve conversion
2769 2014-07-04 Niels Möller <nisse@lysator.liu.se>
2771 Started curve25519 branch.
2772 * ecc-25519.c: New file.
2773 (ecc_25519_modp): New function.
2774 (nettle_curve25519): New curve.
2776 * ecc-curve.h (nettle_curve25519): Declare it.
2778 * Makefile.in (hogweed_SOURCES): Added ecc-25519.c.
2779 (ecc-25519.h): New generated file. Add as explicit dependency for
2782 * testsuite/ecc-mod-test.c (test_curve): New function, extracted
2783 from test_main. Tolerate NULL modq function pointer.
2784 (test_main): Use test_curve, iterate over supported curves, and
2785 also test curve_25519 for the new modp function.
2787 2014-08-23 Niels Möller <nisse@lysator.liu.se>
2789 * ecc-modp.c (ecc_modp_sub_1): Deleted unused function.
2790 * ecc-internal.h: Deleted corresponding declaration.
2792 * examples/nettle-benchmark.c (time_cipher): Fixed memset calls,
2793 amending the totally broken change from 2014-02-06.
2795 2014-07-02 Niels Möller <nisse@lysator.liu.se>
2797 * eccdata.c (ecc_dup): Use mpz_submul_ui, now available in
2799 (ecc_type): New enum, for Weierstrass and Montgomery curves
2800 (ecc_curve): New field type.
2801 (ecc_dup): Support montgomery curves.
2802 (ecc_add): Likewise.
2803 (ecc_curve_init_str): New argument, for the curve type.
2804 (ecc_curve_init): Pass curve type to all ecc_curve_init_str calls.
2805 Recognize curve25519, for bit_size 255.
2806 (output_modulo): Deleted assert, which isn't true for curve25519.
2808 2014-06-30 Niels Möller <nisse@lysator.liu.se>
2810 * camellia-absorb.c: Include <limits.h>, needed for correct use of
2811 HAVE_NATIVE_64_BIT. Reported and debugged by Magnus Holmgren.
2812 Fixes debian build failure on s390x.
2814 2014-06-26 Niels Möller <nisse@lysator.liu.se>
2816 From Martin Storsjö:
2817 * configure.ac (IF_NOT_SHARED): New substituted variable.
2818 * hogweed.pc.in: Use @LIBS@, instead of hardcoding -lgmp. When
2819 shared libraries are disabled, move needed libraries from
2820 Requires.private: to Requires: and from Libs.private: to Libs:.
2822 From Nikos Mavrogiannopoulos.
2823 * examples/hogweed-benchmark.c (bench_alg): Tolerate alg->init
2825 (bench_openssl_ecdsa_init): Return NULL if
2826 EC_KEY_new_by_curve_name fails, indicating the curve is not
2829 2014-06-25 Niels Möller <nisse@lysator.liu.se>
2831 Support for building with mini-gmp instead of the real GMP. Loosely
2832 based on work by Nikos Mavrogiannopoulos.
2833 * configure.ac: New command line option --enable-mini-gmp. Also
2834 disable all libgmp-related checks when enabled.
2835 (NETTLE_USE_MINI_GMP): New substituted variable.
2836 (LIBHOGWEED_LIBS): Use $(LIBS) instead of -lgmp.
2837 (IF_MINI_GMP): New Makefile conditional.
2838 (GMP_NUMB_BITS): Alternative test for the mini-gmp case.
2839 Substituted also in bignum.h.
2840 (HAVE_MPZ_POWM_SEC): Drop this unused check.
2842 * bignum.h: Renamed, to...
2843 * bignum.h.in: New name.
2844 (NETTLE_USE_MINI_GMP): Substituted by configure.
2845 (GMP_NUMB_BITS): Substituted by configure, for the mini-gmp case.
2847 * Makefile.in (OPT_HOGWEED_SOURCES): New variable, value
2848 conditional on @IF_MINI_GMP@.
2849 (hogweed_SOURCES): Add $(OPT_HOGWEED_SOURCES).
2850 (PRE_CPPFLAGS): Add -I$(srcdir).
2851 (HEADERS): Delete bignum.h.
2852 (INSTALL_HEADERS): Add bignum.h. Also add mini-gmp.h, if mini-gmp
2854 (DISTFILES): Added bignum.h.in.
2855 (bignum.h): New target.
2856 (distclean-here): Delete bignum.h.
2858 * examples/ecc-benchmark.c (modinv_gcd) [NETTLE_USE_MINI_GMP]:
2859 Disable this benchmark.
2860 (mpn_random) [NETTLE_USE_MINI_GMP]: Provide a simple implementation.
2862 * testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Skip test, it
2863 depends on gmp_randstate_t.
2864 * testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Likewise.
2865 * testsuite/ecc-mul-a-test.c [NETTLE_USE_MINI_GMP]: Likewise.
2866 * testsuite/ecc-mul-g-test.c [NETTLE_USE_MINI_GMP]: Likewise.
2867 * testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Likewise.
2869 Various preparations for mini-gmp support.
2870 * testsuite/bignum-test.c: Use WITH_HOGWEED instead of HAVE_LIBGMP
2871 for preprocessor conditionals.
2872 * testsuite/testutils.h: Likewise.
2873 * testsuite/sexp-format-test.c: Likewise.
2875 * testsuite/ecdsa-keygen-test.c (test_main): Use printf,
2876 mpz_out_str and write_mpn instead of gmp_fprintf.
2877 * testsuite/ecdsa-sign-test.c (test_ecdsa): Likewise.
2878 * testsuite/ecdsa-verify-test.c (test_ecdsa): Likewise.
2880 * dsa.h: Include bignum.h instead of gmp.h.
2881 * ecc-internal.h: Likewise.
2883 * gmp-glue.h: Likewise.
2884 * pkcs1.h: Likewise.
2887 * testsuite/testutils.c (die): Use plain vfprintf, not
2889 (write_mpn): New function.
2890 (test_ecc_point): Use it, replacing gmp_fprintf.
2891 * testsuite/testutils.h (write_mpn): Declare it.
2893 * der-iterator.c: Deleted HAVE_LIBGMP conditionals.
2895 2014-06-07 Niels Möller <nisse@lysator.liu.se>
2897 * Released nettle-3.0.
2899 2014-06-04 Niels Möller <nisse@lysator.liu.se>
2901 * NEWS: List des-compat.h as a candidate for removal in the next
2904 * testsuite/des-compat-test.c (test_main): Fixed out of bounds
2905 memory read, reported by Nikos Mavrogiannopoulos.
2907 * nettle-write.h: Include <stddef.h>, fixing compilation on
2910 * aclocal.m4 (ac_stdint): Fixed "unsinged" typo, spotted by Andy
2913 2014-06-01 Niels Möller <nisse@lysator.liu.se>
2915 * x86_64/gcm-hash8.asm: Pass correct argument count to W64_EXIT.
2916 * x86_64/camellia-crypt-internal.asm: Pass correct argument count
2917 to W64_ENTRY and W64_EXIT.
2919 * x86_64/machine.m4 [W64_ABI]: Fix for the case of 6 function
2920 arguments. Also push %rdi unconditionally, and use aligned
2921 accesses for save and restore %xmm registers (movdqa).
2923 2014-05-31 Niels Möller <nisse@lysator.liu.se>
2925 * configure.ac: Check for COFF type directives.
2926 (ASM_COFF_STYLE): New substituted variable.
2927 * config.m4.in: Set COFF_STYLE from configure.
2928 * asm.m4 (PROLOGUE): Use COFF type directive, if enabled by
2929 configure. Fixes problem with windows dll linking.
2931 * asm.m4: Deleted unused offsets for struct aes_ctx.
2933 2014-05-28 Niels Möller <nisse@lysator.liu.se>
2935 * testsuite/nettle-pbkdf2-test: Delete carriage return characters
2938 * configure.ac (LIBHOGWEED_LIBS): Be explicit and link
2939 libhogweed.so with libnettle.so, not -lnettle.
2940 (LIBHOGWEED_LINK): Drop -L. flag, no longer needed, and previously
2941 not at the correct position in the link command line.
2943 2014-05-27 Niels Möller <nisse@lysator.liu.se>
2945 * examples/ecc-benchmark.c: If mpn_sec_powm is available,
2946 benchmark it, for modinv.
2947 (bench_modinv_powm): New function.
2948 (bench_curve): Use it.
2950 2014-05-22 Niels Möller <nisse@lysator.liu.se>
2953 * Makefile.in ($(des_headers)): Use the EXEEXT_FOR_BUILD.
2955 2014-05-15 Niels Möller <nisse@lysator.liu.se>
2957 * NEWS: Updated with library version numbers.
2959 * configure.ac (dummy-dep-files): Use simpler and more portable
2960 sed expression. Problem reported by Peter Eriksson.
2961 (LIBHOGWEED_MAJOR): Bumped shared library version to 3.0.
2962 (LIBHOGWEED_MINOR): Reset to zero. Also increased the package
2963 version number to 3.0.
2965 * getopt.c: Don't use gettext.
2967 2014-05-14 Niels Möller <nisse@lysator.liu.se>
2969 * testsuite/nettle-pbkdf2-test: Avoid the bash construction
2972 * getopt.c: Copied from glibc tree, tag glibc-2.19.
2973 * getopt.h: Likewise.
2974 * getopt1.c: Likewise.
2975 * getopt_int.h: New file, also copied from glibc.
2976 * Makefile.in (DISTFILES): Added getopt_int.h.
2978 2014-05-09 Niels Möller <nisse@lysator.liu.se>
2980 * mini-gmp.c: Updated, use version from gmp-6.0.0.
2981 * mini-gmp.h: Likewise.
2983 * testsuite/Makefile.in (all): Drop dependency on $(TARGETS), to
2984 delay building of test programs until make check.
2986 2014-05-08 Niels Möller <nisse@lysator.liu.se>
2988 * nettle.texinfo (nettle_aead abstraction): Document nettle_aead.
2990 * Makefile.in (nettle_SOURCES): Added nettle-meta-aeads.c.
2991 * nettle-meta.h (nettle_aeads): Declare array.
2992 * nettle-meta-aeads.c (nettle_aeads): New file, new array.
2993 * testsuite/meta-aead-test.c: New test case.
2994 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
2997 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD): If CC_FOR_BUILD is gcc, add
2998 -O option. This makes eccdata twice as fast.
3000 2014-05-06 Niels Möller <nisse@lysator.liu.se>
3002 * nettle.texinfo: Document SHA3 and ChaCha-Poly1305 as
3005 2014-05-05 Niels Möller <nisse@lysator.liu.se>
3007 * nettle.texinfo (POLY1305): Document poly1305-aes.
3008 (Authenticated encryption): Move AEAD algorithms to their own
3010 (RSA, DSA, ECDSA): Change some subsections to subsubsections.
3011 (ChaCha-Poly1305): Document ChaCha-Poly1305.
3013 2014-05-04 Niels Möller <nisse@lysator.liu.se>
3015 * nettle.texinfo (DSA): Document new DSA interface.
3016 (Salsa20): Update salsa20 docs.
3017 (ChaCha): Document ChaCha.
3019 2014-05-03 Niels Möller <nisse@lysator.liu.se>
3021 * configure.ac: Check for SIZEOF_SIZE_T.
3022 * ccm.c (ccm_set_nonce): Skip code for 64-bit encoding when size_t
3025 * nettle.texinfo (CCM): Document new ccm macros and constants.
3026 Describe ccm restrictions.
3028 * ccm.h (CCM_DIGEST_SIZE): New constant.
3030 2014-04-30 Niels Möller <nisse@lysator.liu.se>
3032 * ccm.c (CCM_IV_MAX_SIZE, CCM_IV_MIN_SIZE): Deleted, replaced by
3033 public constants CCM_MIN_NONCE_SIZE and CCM_MAX_NONCE_SIZE.
3034 (ccm_build_iv): Updated for above rename.
3035 (CCM_L_MAX_SIZE): Deleted, no longer used.
3037 * ccm.h (CCM_MIN_NONCE_SIZE, CCM_MAX_NONCE_SIZE): New constants.
3038 (CCM_MAX_MSG_SIZE): New macro.
3040 2014-04-27 Niels Möller <nisse@lysator.liu.se>
3042 * nettle.texinfo (Cipher modes): Subsection on AEAD constructions.
3043 (GCM): Update GCM documentation, including functions for
3044 gcm_aes128, gcm_camellia128, ...
3046 2014-04-26 Niels Möller <nisse@lysator.liu.se>
3048 * nettle.texinfo: Update for introduction of nettle_cipher_func.
3049 (GCM): Document GCM_DIGEST_SIZE.
3050 (UMAC): Document new UMAC constants.
3051 (Keyed hash functions): Make HMAC and UMAC their own info nodes.
3052 (EAX): Document EAX.
3054 * umac.h (UMAC_MIN_NONCE_SIZE, UMAC_MAX_NONCE_SIZE): New
3057 2014-04-25 Niels Möller <nisse@lysator.liu.se>
3059 * All hash-related files: Renamed all _DATA_SIZE constants to
3060 _BLOCK_SIZE, for consistency. Old names kept for backwards
3063 * nettle.texinfo (CCM): Documentation for CCM mode, contributed by
3066 * testsuite/ccm-test.c (test_cipher_ccm): And tests.
3068 * ccm.c (ccm_decrypt_message): Change length argument, should now
3069 be clear text (dst) length.
3070 * ccm-aes128.c (ccm_aes128_decrypt_message): Likewise.
3071 * ccm-aes192.c (ccm_aes192_decrypt_message): Likewise.
3072 * ccm-aes256.c (ccm_aes256_decrypt_message): Likewise.
3073 * ccm.h: Updated prototypes.
3075 2014-04-22 Niels Möller <nisse@lysator.liu.se>
3077 * nettle.texinfo (Recommended hash functions): Document additional
3080 * sha2.h (sha512_224_ctx, sha512_256_ctx): New aliases for the
3081 sha512_ctx struct tag.
3083 2014-04-17 Niels Möller <nisse@lysator.liu.se>
3085 * examples/Makefile.in (SOURCES): Deleted next-prime.c (forgotten
3086 in 2014-04-13 change).
3088 2014-04-16 Niels Möller <nisse@lysator.liu.se>
3090 * testsuite/ccm-test.c (test_cipher_ccm): Deleted check for NULL
3093 * sha3-224.c (sha3_224_init): Pass pointer to context struct, not
3094 pointer to first element, to memset.
3095 * sha3-256.c (sha3_256_init): Likewise.
3096 * sha3-384.c (sha3_384_init): Likewise.
3097 * sha3-512.c (sha3_512_init): Likewise.
3099 * examples/eratosthenes.c (vector_alloc): Use sizeof(*vector)
3100 instead of explicit type in malloc call.
3101 (vector_init): Make constant explicitly unsigned long.
3103 * tools/input.c (sexp_get_quoted_char): Deleted useless for loop.
3105 2014-04-13 Niels Möller <nisse@lysator.liu.se>
3107 * rsa-compat.c: Deleted file.
3108 * rsa-compat.h: Deleted file.
3109 * Makefile.in (hogweed_SOURCES): Deleted rsa-compat.c.
3110 (HEADERS): Deleted rsa-compat.h.
3112 * examples/next-prime.c: Deleted file.
3113 * bignum-next-prime.c (nettle_next_prime): Deleted file and
3115 * prime-list.h: Deleted file.
3116 * bignum.h (nettle_next_prime): Deleted prototype.
3117 * Makefile.in (hogweed_SOURCES): Deleted bignum-next-prime.c.
3118 (DISTFILES): Deleted prime-list.h.
3119 * examples/Makefile.in (HOGWEED_TARGETS): Deleted next-prime, and
3120 corresponding make target.
3122 2014-04-12 Niels Möller <nisse@lysator.liu.se>
3124 * nettle.texinfo (Copyright): Updated licensing info.
3127 * Makefile.in (DISTFILES): Distribute new COPYING* files.
3129 * COPYING.LESSERv3: New file.
3130 * COPYINGv3: New file.
3131 * COPYING.LIB: Deleted.
3132 * COPYINGv2: New name for GPL version 2 file.
3133 * COPYING: Old name, deleted.
3135 * Update license headers for LGPL3+ and GPL2+ dual licensing.
3137 2014-04-11 Niels Möller <nisse@lysator.liu.se>
3139 * testsuite/testutils.c (test_aead): Use aead->digest_size.
3141 * configure.ac: Skip GMP tests if public key support is disabled.
3143 * eax.c (block16_xor): Fixed bug effecting 32-bit platforms.
3145 * Makefile.in (DISTFILES): Deleted memxor.c, already included via
3147 * tools/Makefile.in (SOURCES): Add nettle-pbkdf2.c.
3149 2014-04-10 Niels Möller <nisse@lysator.liu.se>
3151 From Nikos Mavrogiannopoulos:
3152 * examples/hogweed-benchmark.c (bench_openssl_ecdsa_init): Support
3153 for secp192r1 and secp256r1.
3154 (alg_list): Add them.
3156 2014-04-09 Niels Möller <nisse@lysator.liu.se>
3158 * examples/nettle-benchmark.c (main): Benchmark sha512_224 and
3161 * testsuite/sha512-224-test.c: New file.
3162 * testsuite/sha512-256-test.c: New file.
3163 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new files.
3165 * nettle-meta.h (nettle_sha512_224, nettle_sha512_256): Declare.
3166 * sha512-224-meta.c (nettle_sha512_224): New file, new nettle_hash.
3167 * sha512-256-meta.c (nettle_sha512_256): New file, new nettle_hash.
3169 * sha2.h (SHA512_224_DIGEST_SIZE, SHA512_224_DATA_SIZE)
3170 (SHA512_256_DIGEST_SIZE, SHA512_256_DATA_SIZE): New constants.
3172 * sha512.c (sha512_256_digest): Typo fix, call sha512_256_init.
3174 * testsuite/testutils.c (test_hash): Removed redundant init call.
3175 Tests that digest implies init.
3177 2014-03-28 Niels Möller <nisse@lysator.liu.se>
3179 * testsuite/dsa-keygen-test.c (test_main): Explicitly use
3180 dsa_compat_generate_keypair.
3181 (test_main): Test dsa_generate_params and dsa_generate_keypair
3182 with a large q; p_bits = 1024, q_bits = 768.
3184 * testsuite/testutils.h: Undo dsa-compat.h name mangling.
3186 * dsa-keygen.c (dsa_generate_keypair): New interface, generating
3187 only a keypair, and no new parameters.
3188 * dsa-compat-keygen.c (dsa_compat_generate_keypair): New file.
3189 Moved old key generation function here. Use dsa_generate_keypair.
3191 2014-03-27 Niels Möller <nisse@lysator.liu.se>
3193 * dsa-compat.c (dsa_public_key_init, dsa_public_key_clear)
3194 (dsa_private_key_init, dsa_private_key_clear): : Move deprecated
3195 DSA functions to a separate file...
3196 * dsa.c: ...from here.
3197 * dsa-compat.h: New file, declaring deprecated DSA interface.
3198 Include in corresponding C files.
3199 * Makefile.in (hogweed_SOURCES): Add dsa-compat.c.
3200 (HEADERS): Add dsa-compat.h.
3202 * dsa-gen-params.c (dsa_generate_params): New file and function,
3203 extracted from DSA key generation.
3204 * dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
3206 2014-03-26 Niels Möller <nisse@lysator.liu.se>
3208 * der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA
3209 interface. Allow q_size == 0, meaning any q < p is allowed.
3210 Additional validity checks.
3211 (dsa_public_key_from_der_iterator): Converted to new DSA
3212 interface. Also check that the public value is in the correct
3214 (dsa_openssl_private_key_from_der_iterator): Converted
3215 to new DSA interface. Additional validity checks.
3216 (dsa_openssl_private_key_from_der): Converted to new DSA
3218 * tools/pkcs1-conv.c (convert_dsa_private_key): Update to use
3219 struct dsa_params, and adapt to the der decoding changes.
3220 (convert_public_key): Likewise.
3222 * examples/hogweed-benchmark.c: Update dsa benchmarking to use new
3225 * dsa.c (dsa_params_init, dsa_params_clear): New functions.
3226 (dsa_public_key_init): Use dsa_params_init.
3227 (dsa_public_key_clear): Use dsa_params_clear.
3229 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Converted to new DSA
3230 interface. Allow q_size == 0, meaning any q < p is allowed.
3231 Additional validity checks.
3232 (dsa_sha1_keypair_from_sexp, dsa_sha256_keypair_from_sexp):
3233 Converted to new DSA interface.
3235 * dsa2sexp.c (dsa_keypair_to_sexp): Converted to new DSA
3237 * tools/pkcs1-conv.c: Updated uses of dsa_keypair_to_sexp.
3239 * dsa.h (struct dsa_params): New struct.
3241 * dsa-sign.c (dsa_sign): Use struct dsa_params, with key as a
3243 * dsa-verify.c (dsa_verify): Likewise.
3244 * dsa-sha1-verify.c (dsa_sha1_verify_digest, dsa_sha1_verify): Use
3245 dsa_verify, cast the struct dsa_public_key * input to a struct
3247 * dsa-sha256-verify.c (dsa_sha256_verify_digest)
3248 (dsa_sha256_verify): Likewise.
3249 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise
3250 use dsa_sign, with a cast from struct dsa_public_key * to struct
3252 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
3255 * testsuite/testutils.c (test_dsa_verify): Use struct dsa_params.
3256 (test_dsa_key): Likewise.
3257 * testsuite/dsa-test.c (test_main): Adapt to test_dsa_key and
3258 test_dsa_verify changes.
3259 * testsuite/dsa-keygen-test.c (test_main): Adapt to
3260 test_dsa_key change.
3262 * testsuite/testutils.c (test_dsa_sign): #if out, currently
3265 2014-03-23 Niels Möller <nisse@lysator.liu.se>
3270 * ccm-aes128.c: New file.
3271 * ccm-aes192.c: New file.
3272 * ccm-aes256.c: New file.
3273 * Makefile.in (nettle_SOURCES): Added ccm source files.
3274 (HEADERS): Added ccm.h.
3275 * testsuite/ccm-test.c: New file.
3276 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added ccm-test.c.
3278 2014-03-20 Niels Möller <nisse@lysator.liu.se>
3280 From Joachim Strömbergson:
3281 * sha512.c (K): Indentation fix.
3282 (sha512_224_init, sha512_224_digest, sha512_256_init)
3283 (sha512_256_digest): New functions.
3284 * sha2.h: Add prototypes.
3285 (sha512_224_update, sha512_256_update): New aliases for
3288 2014-03-18 Niels Möller <nisse@lysator.liu.se>
3290 * examples/nettle-benchmark.c (main): Add benchmarking of arcfour,
3291 salsa20 and chacha, via time_aead.
3293 * nettle-internal.c (nettle_arcfour128): Define, as a struct
3294 nettle_aead (with NULL set_nonce, update, and digest methods).
3295 * examples/nettle-openssl.c (nettle_openssl_arcfour128): Likewise.
3296 * nettle-internal.h (nettle_arcfour128)
3297 (nettle_openssl_arcfour128): Declare.
3299 * nettle-types.h (nettle_cipher_func): New typedef, similar to
3300 nettle_crypt_func, but with a const context, intended for block
3302 * nettle-meta.h (struct nettle_cipher): Use the nettle_cipher_func
3304 * Many other files affected: aes*-meta.c, camellia*-meta.c,
3305 cast128-meta.c, serpent-meta.c, twofish-meta.c, cbc.[ch],
3306 ctr.[ch], ctr.[ch], des-compat.c, eax.[ch], gcm*.[ch],
3307 nettle-internal.*, testsuite/aes-test.c,
3308 examples/nettle-benchmark.c, examples/nettle-openssl.c.
3310 2014-03-16 Niels Möller <nisse@lysator.liu.se>
3312 * chacha-set-key.c: Include string.h.
3314 * arcfour-meta.c: Deleted file.
3315 * nettle-meta.h (nettle_arcfour128): Deleted declaration.
3316 * nettle-meta-ciphers.c (nettle_ciphers): Deleted
3317 nettle_arcfour128 from list.
3318 * Makefile.in (nettle_SOURCES): Deleted arcfour-meta.c.
3319 * examples/nettle-openssl.c (nettle_openssl_arcfour128): Deleted.
3320 * testsuite/meta-cipher-test.c: Adjust test for removal of
3323 2014-03-15 Niels Möller <nisse@lysator.liu.se>
3325 * examples/nettle-benchmark.c (struct bench_aead_info): New
3327 (bench_aead_crypt, bench_aead_update, init_nonce, time_aead): New
3328 functions, for benchmarking aead algorithms.
3329 (time_gcm, time_eax): Deleted functions.
3330 (main): Use time_aead to benchmark gcm, eax and chacha-poly1305.
3332 * salsa20.h (SALSA20_NONCE_SIZE): Renamed constant, old name
3333 SALSA20_IV_SIZE kept as an alias.
3334 (salsa20_set_nonce): Update prototype for the 2014-01-20 rename.
3336 * Makefile.in (.asm.s): Add dependencies.
3337 (.s.o, .s.po): Empty any dependency .d file.
3339 2014-03-04 Niels Möller <nisse@lysator.liu.se>
3341 * testsuite/chacha-test.c (test_main): Additional test cases, for
3344 * Makefile.in (nettle_SOURCES): Deleted chacha128-set-key.c and
3345 chacha256-set-key.c.
3347 * chacha.h (CHACHA256_KEY_SIZE): Deleted.
3348 (chacha_set_key): Updated prototype.
3349 * chacha256-set-key.c (chacha256_set_key): Deleted file and
3350 function, moved to...
3351 * chacha-set-key.c (chacha_set_key): Do 256-bit keys only. Deleted
3352 length argument. Updated all callers.
3354 * chacha128-set-key.c (chacha128_set_key): Deleted file and
3355 function. Support for 128-bit chacha keys may be reintroduced
3356 later, if really needed.
3357 * chacha.h: Deleted chacha128-related declarations.
3358 * chacha-set-key.c (chacha_set_key): Drop support for 128-bit
3360 * testsuite/chacha-test.c (test_main): #if:ed out all tests with
3363 2014-02-16 Niels Möller <nisse@lysator.liu.se>
3365 * gcm.h: Declarations for gcm-camellia256.
3366 * gcm-camellia256.c: New file.
3367 * gcm-camellia256-meta.c: New file.
3368 * nettle-meta.h (nettle_gcm_camellia256): Declare.
3369 * Makefile.in (nettle_SOURCES): Added gcm-camellia256.c and
3370 gcm-camellia256-meta.c.
3371 * testsuite/gcm-test.c (test_main): Test cases for
3372 nettle_gcm_camellia256.
3374 * gcm.h: Include camellia.h. Declarations for gcm-camellia128.
3375 * gcm-camellia128.c: New file.
3376 * gcm-camellia128-meta.c: New file.
3377 * nettle-meta.h (nettle_gcm_camellia128): Declare.
3378 * Makefile.in (nettle_SOURCES): Added gcm-camellia128.c and
3379 gcm-camellia128-meta.c.
3380 * testsuite/gcm-test.c (test_main): Test cases for
3381 nettle_gcm_camellia128. From Nikos Mavrogiannopoulos.
3383 2014-02-13 Niels Möller <nisse@lysator.liu.se>
3385 * Makefile.in (nettle_SOURCES): Added eax-aes128.c
3387 * examples/nettle-benchmark.c: Include eax.h.
3388 * nettle-meta.h (nettle_eax_aes128): Declare, moved from
3390 * eax.h: Declare eax_aes128_ctx and related functions. Moved from
3392 (EAX_IV_SIZE): New constant.
3393 * eax-aes128-meta.c (nettle_eax_aes128): Moved definition to new
3395 * eax-aes128.c (eax_aes128_set_key, eax_aes128_set_nonce)
3396 (eax_aes128_update, eax_aes128_encrypt, eax_aes128_decrypt)
3397 (eax_aes128_digest): Moved functions to a new file.
3398 * nettle-internal.c: ... from old location.
3399 * nettle-internal.h: Moved eax declarations elsewhere.
3401 * tools/nettle-pbkdf2.c (main): Added missing deallocation.
3403 2014-02-12 Niels Möller <nisse@lysator.liu.se>
3405 * chacha-poly1305.h: New file.
3406 * chacha-poly1305.c: New file.
3407 * chacha-poly1305-meta.c (nettle_chacha_poly1305): New file, new
3409 * nettle-meta.h (nettle_chacha_poly1305): Declare.
3411 * Makefile.in (nettle_SOURCES): Added chacha-poly1305.c and
3412 chacha-poly1305-meta.c.
3413 (HEADERS): Added chacha-poly1305.h.
3415 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
3416 chacha-poly1305-test.c.
3417 * testsuite/chacha-poly1305-test.c: New file.
3419 * nettle-meta.h (struct nettle_aead): New generalized version
3421 (nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256)
3422 (nettle_eax_aes128): Declare, moved from nettle-internal.h.
3423 * nettle-internal.h (struct nettle_aead): Deleted struct, moved to
3424 nettle-meta.h. Deleted declarations of unused instances.
3425 (_NETTLE_AEAD): Deleted macro.
3426 * nettle-internal.c (nettle_eax_aes128): Updated for new
3428 (nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256):
3429 Deleted, moved to new files.
3430 * gcm-aes128-meta.c (nettle_gcm_aes128): Moved to new file,
3431 updated for new nettle_aead struct.
3432 * gcm-aes192-meta.c (nettle_gcm_aes192): Likewise.
3433 * gcm-aes256-meta.c (nettle_gcm_aes256): Likewise.
3434 * testsuite/testutils.c (test_aead): Take alternative set_nonce
3435 function as argument, and use it when nonce size differs from
3437 * testsuite/testutils.h (test_aead): Updated prototype.
3438 * testsuite/gcm-test.c (nettle_gcm_unified_aes128): Updated for
3439 new nettle_aead struct.
3440 (test_main): Pass additional argument to test_aead.
3441 * testsuite/eax-test.c (test_main): Pass additional NULL argument
3444 * eax.h (EAX_DIGEST_SIZE): New constant.
3445 * gcm.h (GCM_DIGEST_SIZE): Likewise.
3447 2014-02-10 Niels Möller <nisse@lysator.liu.se>
3449 * chacha-set-nonce.c (chacha_set_nonce): Renamed file and
3450 function, updated callers and Makefile.in.
3451 * chacha-set-iv.c (chacha_set_iv): ... from old names.
3453 2014-02-08 Niels Möller <nisse@lysator.liu.se>
3455 * testsuite/chacha-test.c (test_chacha): For 20 rounds, use
3456 chacha_crypt, and test varying the message length.
3457 (test_main): Add second key stream block, for all testcases with
3460 * chacha-crypt.c (chacha_crypt): Fixed block counter update.
3462 2014-02-07 Niels Möller <nisse@lysator.liu.se>
3464 * nettle.texinfo (ASCII encoding): Document that
3465 base16_encode_update and base64_encode_update now uses dst_length
3468 * testsuite/base64-test.c (test_main): Updated
3469 base64_decode_update test case.
3471 * sexp-transport.c (sexp_transport_iterator_first): For
3472 base64_decode_update, omit initialization of coded_length.
3473 * examples/base64dec.c (main): Likewise.
3474 * examples/base16dec.c (main): Likewise, for base16_decode_update.
3476 * base64-decode.c (base64_decode_update): Use *dst_length for
3477 output only. Don't require callers to pass a sane value.
3478 * base16-decode.c (base16_decode_update): Likewise.
3480 2014-02-06 Niels Möller <nisse@lysator.liu.se>
3482 * NEWS: List _set_key incompatibilities.
3484 * nettle-meta.h (_NETTLE_CIPHER_SEP, _NETTLE_CIPHER_SEP_SET_KEY)
3485 (_NETTLE_CIPHER_FIX, _NETTLE_CIPHER): Deleted unused macros.
3487 * nettle-internal.c (nettle_blowfish128): Deleted only use of
3490 * blowfish.c (blowfish128_set_key): New function.
3491 * blowfish.h (BLOWFISH128_KEY_SIZE): New constant.
3493 * cast128-meta.c (nettle_cast128): Deleted only use of
3496 * examples/nettle-benchmark.c (time_cipher): Fixed memset calls.
3498 2014-01-30 Niels Möller <nisse@lysator.liu.se>
3500 * Makefile.in (nettle_SOURCES): Arrange in alphabetic order.
3502 * nettle.texinfo: Updated, document size_t for length arguments.
3503 Document new AES and Camellia interfaces.
3505 * ecc-size.c (ecc_bit_size): New function.
3506 * ecc.h (ecc_bit_size): Declare it.
3508 2014-01-29 Niels Möller <nisse@lysator.liu.se>
3510 * nettle-types.h (typedef nettle_set_key_func): Deleted length
3513 * arctwo.c (arctwo40_set_key, arctwo64_set_key)
3514 (arctwo128_set_key, arctwo128_set_key_gutmann): New functions.
3515 * arctwo.h: Declare them.
3516 * arctwo-meta.c (ARCTWO): New macro.
3517 (nettle_arctwo40, nettle_arctwo64, nettle_arctwo128)
3518 (nettle_arctwo_gutmann128): Use new _set_key functions.
3520 * arcfour.h (ARCFOUR128_KEY_SIZE): New constant.
3521 * arcfour.c (arcfour128_set_key): New function.
3522 * arcfour-meta.c (nettle_arcfour128): Use arcfour128_set_key and
3523 ARCFOUR128_KEY_SIZE.
3525 * cast128.c (cast5_set_key): Renamed, was cast128_set_key.
3526 (cast128_set_key): New definition, with fixed key size.
3527 * cast128.h (CAST128_MIN_KEY_SIZE, CAST128_MAX_KEY_SIZE): Renamed
3529 (CAST5_MIN_KEY_SIZE, CAST5_MAX_KEY_SIZE): ... new names.
3531 * eax.h (EAX_SET_KEY): Deleted length argument.
3533 * aes128-meta.c: Deleted _set_key wrappers.
3534 * aes192-meta.c: Likewise.
3535 * aes256-meta.c: Likewise.
3536 * camellia128-meta.c: Likewise.
3537 * camellia192-meta.c: Likewise.
3538 * camellia256-meta.c: Likewise.
3540 * gcm-aes128.c (gcm_aes128_set_key): Deleted length argument.
3541 * gcm-aes192.c (gcm_aes192_set_key): Likewise.
3542 * gcm-aes256.c (gcm_aes256_set_key): Likewise.
3543 * gcm.h: Updated prototypes.
3545 * serpent-set-key.c (serpent128_set_key, serpent192_set_key)
3546 (serpent256_set_key): New functions.
3547 * serpent.h: Declare new functions.
3548 (SERPENT128_KEY_SIZE, SERPENT192_KEY_SIZE)
3549 (SERPENT256_KEY_SIZE): New constants.
3550 * serpent-meta.c (SERPENT): New macro.
3551 (nettle_serpent128, nettle_serpent192, nettle_serpent256): Use new
3554 * twofish-set-key.c (twofish128_set_key, twofish192_set_key)
3555 (twofish256_set_key): New functions.
3556 * twofish.h: Declare new functions.
3557 (TWOFISH128_KEY_SIZE, TWOFISH192_KEY_SIZE)
3558 (TWOFISH256_KEY_SIZE): New constants.
3559 * twofish-meta.c (TWOFISH): New macro.
3560 (nettle_twofish128, nettle_twofish192, nettle_twofish256): Use new
3563 * nettle-internal.h (struct nettle_aead): Use
3564 nettle_hash_update_func for the set_iv function pointer.
3566 * nettle-internal.c (des_set_key_hack, des3_set_key_hack): Deleted
3568 (chacha_set_key_hack): Deleted length argument. Use
3570 (salsa20_set_key_hack): Deleted length argument. Use
3571 salsa20_256_set_key.
3572 (nettle_unified_aes128, nettle_unified_aes192)
3573 (nettle_unified_aes256): Deleted, moved to test program.
3574 (eax_aes128_set_key): Deleted length argument. Use EAX_SET_KEY.
3576 * examples/nettle-benchmark.c: Updated for _set_key changes.
3577 * examples/nettle-openssl.c: Likewise.
3578 * testsuite/testutils.c: Likewise.
3579 * testsuite/gcm-test.c: Likewise.
3581 * testsuite/aes-test.c (UNIFIED_AES): New macro. Moved glue for
3582 testing the old aes interface (struct aes_ctx) here.
3584 * testsuite/arcfour-test.c (test_arcfour): New function, for key
3586 (test_main): Use it.
3588 * testsuite/blowfish-test.c (test_blowfish): New function.
3589 (test_main): Use it. Also deleted old #if:ed out code.
3591 * testsuite/cast128-test.c (test_cast5): New function.
3592 (test_main): Use it, for 40-bit and 80-bit tests.
3594 * testsuite/serpent-test.c (test_serpent): New function.
3595 (test_main): Use it.
3597 2014-01-27 Niels Möller <nisse@lysator.liu.se>
3599 * eax.h (struct eax_key, struct eax_ctx): Use union
3600 nettle_block16, for alignment.
3601 * eax.c: Updated everything to use nettle_block16.
3602 (block16_xor): New function.
3604 * examples/nettle-benchmark.c (time_eax): New function.
3607 * x86_64/chacha-core-internal.asm: Use pshufhw + pshuflw for the
3610 * configure.ac (asm_replace_list): Added chacha-core-internal.asm.
3611 * x86_64/chacha-core-internal.asm: New file.
3613 * examples/nettle-benchmark.c (main): Add benchmarking of chacha.
3614 * nettle-internal.c (nettle_chacha): New const struct, for the
3617 Chacha implementation, based on contribution by Joachim
3619 * chacha.h: New file.
3620 * chacha256-set-key.c (chacha256_set_key): New file and function.
3621 * chacha128-set-key.c (chacha128_set_key): New file and function.
3622 * chacha-set-key.c (chacha_set_key): New file and function.
3623 * chacha-set-iv.c (chacha_set_iv): New file and function.
3624 * chacha-core-internal.c (_chacha_core): New file and function.
3625 * chacha-crypt.c (chacha_crypt): New file and function.
3626 * Makefile.in (nettle_SOURCES): Added chacha files.
3627 (HEADERS): Added chacha.h.
3628 * testsuite/chacha-test.c: New file.
3629 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added chacha-test.c.
3631 2014-01-26 Niels Möller <nisse@lysator.liu.se>
3633 * nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to...
3634 (_NETTLE_AEAD): ... new name, and deleted old definition. Also use
3635 _set_nonce instead of _set_iv.
3636 * nettle-internal.c (nettle_gcm_aes128, nettle_gcm_aes192)
3637 (nettle_gcm_aes256): Define in terms of new interface.
3638 (nettle_eax_aes128): Updated for _NETTLE_AEAD changes.
3640 * testsuite/gcm-test.c (test_gcm_hash): Likewise use struct
3642 (test_main): Added a testcase using the old interface based on
3645 * examples/nettle-benchmark.c (time_gcm): Update to use new struct
3646 gcm_aes128_ctx. Also use name "gcm-aes128" in output.
3648 * gcm.h: New interface for gcm_aes128, gcm_aes192, gcm_aes256,
3649 using the new AES interface.
3650 (GCM_CTX): Reorder fields, putting the cipher context
3653 * Makefile.in (nettle_SOURCES): Added gcm-aes128.c, gcm-aes192.c,
3656 * gcm-aes128.c: New file.
3657 * gcm-aes192.c: New file
3658 * gcm-aes256.c: New file.
3660 2014-01-25 Niels Möller <nisse@lysator.liu.se>
3662 * gcm.h (GCM_SET_KEY): Deleted length argument.
3663 * gcm-aes.c (gcm_aes_set_key): Use aes_set_encrypt_key and
3664 gcm_set_key, can no longer use GCM_SET_KEY macro.
3666 2014-01-23 Niels Möller <nisse@lysator.liu.se>
3668 * testsuite/gcm-test.c (test_main): Use the correct
3669 nettle_gcm_aes128/192/256 object.
3671 2014-01-21 Niels Möller <nisse@lysator.liu.se>
3673 Merged camellia-reorg changes (starting at 2013-10-07).
3675 2013-10-10 Niels Möller <nisse@lysator.liu.se>
3677 * Makefile.in (nettle_SOURCES): Updated list of camellia files.
3679 * testsuite/camellia-test.c (test_invert): Updated for new
3682 * camellia.h: Reorganized camellia interface, with distinct
3683 context structs and functions for camellia128 and camellia256.
3685 * camellia-meta.c: Deleted file.
3686 * camellia256-meta.c: New file.
3687 * camellia192-meta.c: New file.
3688 * camellia128-meta.c: New file.
3690 * camellia-set-decrypt-key.c: Deleted file, code moved to:
3691 * camellia128-set-decrypt-key.c: New file.
3692 (camellia128_invert_key, camellia128_set_decrypt_key): New
3694 * camellia256-set-decrypt-key.c: New file.
3695 (camellia256_invert_key, camellia256_set_decrypt_key)
3696 (camellia192_set_decrypt_key): New functions.
3697 * camellia-invert-key.c (_camellia_invert_key): New file and
3700 * camellia-set-encrypt-key.c: Deleted file, code moved to:
3701 * camellia128-set-encrypt-key.c: New file.
3702 (camellia128_set_encrypt_key): New function.
3703 * camellia256-set-encrypt-key.c: New file.
3704 (_camellia256_set_encrypt_key, camellia256_set_encrypt_key)
3705 (camellia192_set_encrypt_key): New functions.
3706 * camellia-absorb.c (_camellia_absorb): New file and function.
3707 * camellia-internal.h: Moved key schedule macros here.
3709 * camellia-crypt.c: Deleted file, code moved to:
3710 * camellia128-crypt.c (camellia128_crypt): New file and function.
3711 * camellia256-crypt.c (camellia256_crypt): New file and function.
3713 2013-10-07 Niels Möller <nisse@lysator.liu.se>
3715 * configure.ac: Delete check for ALIGNOF_UINT64_T, no longer
3717 * config.m4.in: Likewise delete ALIGNOF_UINT64_T.
3719 * camellia-crypt.c (camellia_crypt): Updated call to
3721 * camellia-internal.h (_camellia_crypt): Updated prototype.
3722 * camellia-crypt-internal.c (_camellia_crypt): Take separate
3723 arguments for rounds and subkey array.
3724 * x86_64/camellia-crypt-internal.asm: Likewise. Also corrected
3726 * x86/camellia-crypt-internal.asm: Likewise.
3728 2014-01-20 Niels Möller <nisse@lysator.liu.se>
3730 * poly1305-internal.c (poly1305_digest): Use union nettle_block16
3732 * poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
3735 Merged poly1305 changes (starting at 2013-11-08).
3736 * x86_64/poly1305-internal.asm: Update to new interface.
3737 poly1305_digest much simplified.
3739 * poly1305.h (struct poly1305_ctx): Moved block and index
3741 (struct poly1305_aes_ctx): ... to here.
3742 * asm.m4: Delete also from the assembly definition of struct
3745 * poly1305-internal.c (poly1305_digest): Don't do final padding
3746 here, leave that to caller. Add digest to the provided nonce s,
3747 and deleted length and dst arguments. Also reset h0-h4 to zero
3749 (_poly1305_block): Renamed, from...
3750 (poly1305_block): ...old name.
3752 * poly1305-aes.c (poly1305_aes_update): New function.
3753 (poly1305_aes_digest): Update for poly1305_digest changes, do
3756 * poly1305.c (poly1305_update): Deleted file and function. Moved
3758 * Makefile.in (nettle_SOURCES): Deleted poly1305.c.
3760 2014-01-17 Niels Möller <nisse@lysator.liu.se>
3762 * poly1305-internal.c (poly1305_block): Additional argument with
3764 (poly1305_block_internal): Deleted function, code moved into the
3766 (poly1305_digest): Simplified padding code, call poly1305_block
3768 * poly1305.h (poly1305_block): Update prototype.
3769 * poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
3770 * x86_64/poly1305-internal.asm (poly1305_block): Handle new
3773 * poly1305.h (struct poly1305_ctx): Moved nonce field from here...
3774 (struct poly1305_aes_ctx): ... to here.
3775 * poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
3777 * poly1305.c (poly1305_set_nonce): Deleted function.
3778 * asm.m4: Delete nonce also from the assembly definition of struct
3781 2014-01-16 Niels Möller <nisse@lysator.liu.se>
3783 * poly1305-aes.c: Include poly1305.h. Rewrite functions without
3784 using the POLY1305_* macros.
3786 * Makefile.in (HEADERS): Deleted poly1305-aes.h.
3788 * poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE)
3789 (POLY1305_DIGEST): Deleted macros. Only implemented variant is
3791 (POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE):
3793 (POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here,
3794 from poly1305-aes.h.
3795 (struct poly1305_aes_ctx): Likewise.
3796 (poly1305_aes_set_key, poly1305_aes_set_nonce)
3797 (poly1305_aes_update, poly1305_aes_digest): Likewise.
3798 * poly1305-aes.h: Deleted file, declarations moved to poly1305.h.
3801 * poly1305-internal.c (s2, s3, s4): Fixed macros.
3803 * poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx
3804 by struct aes128_ctx.
3805 * poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest):
3806 Update to use aes128_* functions.
3807 * poly1305.h (POLY1305_SET_KEY): Drop key size argument when
3810 2013-12-19 Niels Möller <nisse@lysator.liu.se>
3812 * poly1305-aes.h (poly1305_aes_update): Define as an alias for
3813 poly1305_update, using preprocessor and a type cast.
3815 * poly1305-aes.c (poly1305_aes_update): Deleted function.
3817 * poly1305.h (poly1305_update): Declare.
3818 (_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros.
3820 * poly1305.c (poly1305_update): New function.
3822 2013-11-21 Niels Möller <nisse@lysator.liu.se>
3824 * x86_64/poly1305-internal.asm: New file. Almost a factor of two
3827 * configure.ac (asm_replace_list): Added poly1305-internal.asm.
3829 * asm.m4: Define struct offsets for 64-bit poly1305_ctx.
3831 * poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
3832 additional argument to poly1305_digest.
3833 (struct poly1305_ctx): Introduce unions, to support either 26-bit
3834 or 64-bit implementation.
3836 * poly1305-internal.c (poly1305_digest): Added s argument.
3838 * poly1305.c (poly1305_set_s): Deleted function.
3840 2013-11-12 Niels Möller <nisse@lysator.liu.se>
3842 * poly1305-internal.c: New file, for poly1305 functions depending
3843 on the internal mod (2^130 - 5) representation.
3844 (poly1305_block_internal): New helper function.
3845 (poly1305_block, poly1305_digest): Use it.
3847 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3849 * poly1305.h: New file.
3850 * poly1305.c: New file.
3851 * poly1305-aes.h: New file.
3852 * poly1305-aes.c: New file.
3853 * Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
3854 (HEADERS): Added poly1305-aes.h and poly1305.h.
3856 * testsuite/poly1305-test.c: New file.
3857 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
3859 * examples/nettle-benchmark.c (time_poly1305_aes): New function.
3860 (main): Benchmark poly1305.
3862 2014-01-20 Niels Möller <nisse@lysator.liu.se>
3864 * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
3865 salsa20-128-set-key.c, and salsa20-256-set-key.c.
3867 * salsa20.h: Declare new functions.
3868 (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
3869 (salsa20_set_iv): Define as an alias for salsa20_set_nonce.
3871 * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
3872 salsa20_256_set_key.
3873 (salsa20_set_iv): Renamed and moved...
3874 * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
3876 * salsa20-256-set-key.c (salsa20_256_set_key): New file and
3878 * salsa20-128-set-key.c (salsa20_128_set_key): New file and
3881 2014-01-13 Niels Möller <nisse@lysator.liu.se>
3883 * nettle-types.h (union nettle_block16): New type, replacing union
3885 * gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
3886 * gcm.c: Replaced all use of gcm_block by nettle_block16.
3888 2014-01-04 Niels Möller <nisse@lysator.liu.se>
3890 * config.guess: Updated to 2014-01-01 version, from
3891 git://git.sv.gnu.org/config.git.
3892 * config.sub: Likewise.
3894 * testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark):
3896 (test_memxor, test_memxor3): Use test_mark to tell valgrind the
3897 start and end of src and destination areas.
3899 * configure.ac: Check for valgrind/memcheck.h.
3901 * testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes,
3902 needed for the way unaligned data is handled in, e.g., memxor.
3904 2014-01-03 Niels Möller <nisse@lysator.liu.se>
3906 * shadata.c (main): Zero-pad output values to 8 hex digits.
3907 * sha256.c (K): Updated table.
3909 2013-12-17 Niels Möller <nisse@lysator.liu.se>
3911 * configure.ac (ASM_RODATA): New substituted variable. Needed for
3912 portability to darwin.
3913 * config.m4.in: Define RODATA, using configure variable ASM_RODATA
3914 * x86_64/gcm-hash8.asm: Use RODATA macro.
3916 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Use
3917 stronger variants of Pocklington's theorem, to allow p0 of size
3920 2013-12-15 Niels Möller <nisse@lysator.liu.se>
3922 * nettle-internal.h (NETTLE_MAX_BIGNUM_BITS)
3923 (NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits.
3925 2013-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3927 Introduced TMP_GMP_ALLOC macro for temporary allocations of
3928 potentially large data, e.g, sized as an RSA key.
3929 * gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New
3931 * gmp-glue.c (gmp_alloc, gmp_free): New functions.
3932 * bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC.
3933 * bignum-random.c (nettle_mpz_random_size): Likewise.
3934 * pkcs1-decrypt.c (pkcs1_decrypt): Likewise.
3935 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
3936 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise.
3937 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
3938 (pkcs1_rsa_sha512_encode_digest): Likewise.
3939 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
3940 (pkcs1_rsa_sha256_encode_digest): Likewise.
3941 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
3942 (pkcs1_rsa_sha1_encode_digest): Likewise.
3943 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
3944 (pkcs1_rsa_md5_encode_digest): Likewise.
3946 2013-12-14 Niels Möller <nisse@lysator.liu.se>
3948 * x86_64/gcm-hash8.asm: Use .short rather than .hword, for
3949 compatibility with apple's assembler.
3951 2013-12-03 Niels Möller <nisse@lysator.liu.se>
3953 * x86_64/sha1-compress.asm: Reorganized, to get closer to the x86
3954 version. No difference in running time.
3956 * configure.ac (dummy-dep-files): Don't overwrite any existing
3959 * x86_64/md5-compress.asm: New file, similar to the x86 version.
3960 35% speedup on AMD, 15% speedup on Intel.
3962 2013-11-25 Niels Möller <nisse@lysator.liu.se>
3964 * testsuite/dsa-test.c (test_main): Additional tests from NIST
3967 * testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New
3968 functions, supporting arbitrary digest size.
3970 * testsuite/testutils.h (ASSERT): Improved failure message.
3972 * dsa-verify.c (dsa_verify): Renamed, from _dsa_verify.
3973 * dsa-sign.c (dsa_sign): Renamed, from _dsa_sign.
3975 2013-11-24 Niels Möller <nisse@lysator.liu.se>
3977 * testsuite/dsa-keygen-test.c (test_main): Test generating a
3980 * dsa-verify.c (_dsa_verify): Use _dsa_hash.
3982 * dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in
3983 error case, spotted by Nikos.
3985 * dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224.
3987 * dsa-hash.c (_dsa_hash): New file and function. Allows digest
3988 sizes not matching the bitsize of q.
3989 * dsa.h (_dsa_hash): Declare it.
3990 * Makefile.in (hogweed_SOURCES): Added dsa-hash.c.
3992 2013-11-23 Niels Möller <nisse@lysator.liu.se>
3994 * configure.ac: Check also for openssl/ecdsa.h.
3996 2013-10-05 Niels Möller <nisse@lysator.liu.se>
3998 * Makefile.in (nettle_SOURCES): Added eax.c.
3999 (HEADERS): Added eax.h.
4001 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added eax-test.c.
4003 * testsuite/eax-test.c: New file.
4005 * nettle-internal.c (nettle_eax_aes128): New aead algorithm.
4006 (eax_aes128_set_key, eax_aes128_set_nonce, eax_aes128_update)
4007 (eax_aes128_encrypt, eax_aes128_decrypt, eax_aes128_digest): New
4013 * aes.h: Fixed typo in name mangling for new aes functions.
4015 2013-09-28 Niels Möller <nisse@lysator.liu.se>
4017 * Merge aes-reorg branch. Changes below,
4018 dated 2013-05-17 - 2013-08-13.
4020 2013-08-13 Niels Möller <nisse@lysator.liu.se>
4022 * yarrow.h (struct yarrow256_ctx): Use aes256_ctx, not aes_ctx.
4023 * yarrow256.c: Adapted to use new aes256 interface.
4025 2013-08-07 Niels Möller <nisse@lysator.liu.se>
4027 * umac.h (_UMAC_STATE): Use struct aes128_ctx, not aes_ctx.
4028 * umac-set-key.c (umac_kdf, _umac_set_key): Use aes128 interface.
4029 * umac32.c (umac32_digest): Likewise.
4030 * umac64.c (umac64_digest): Likewise.
4031 * umac96.c (umac96_digest): Likewise.
4032 * umac128.c (umac128_digest): Likewise.
4034 2013-06-25 Niels Möller <nisse@lysator.liu.se>
4036 * aes-meta.c: Deleted file.
4038 Analogous changes for new aes192 and aes256 interface.
4040 * aes.h (struct aes128_ctx): New aes128 declarations.
4041 * aes-decrypt.c (aes128_decrypt): New function.
4042 * aes-encrypt.c (aes128_encrypt): New function.
4043 * aes128-meta.c: New file.
4044 * aes128-set-encrypt-key.c (aes128_set_encrypt_key): New file and
4046 * aes128-set-decrypt-key.c (aes128_set_decrypt_key)
4047 (aes128_invert_key): New file and functions.
4048 * Makefile.in (nettle_SOURCES): Added aes128-set-encrypt-key.c,
4049 aes128-set-decrypt-key.c and aes128-meta.c.
4051 * nettle-internal.c (nettle_unified_aes128): For testing the old
4053 * testsuite/aes-test.c (test_cipher2): New function.
4054 (test_main): Test both nettle_aes128 and nettle_unified_aes128.
4056 2013-05-22 Niels Möller <nisse@lysator.liu.se>
4058 * Makefile.in (nettle_SOURCES): Added aes-invert-internal.c and
4059 aes-set-key-internal.c.
4061 * aes.h (AES128_KEY_SIZE, _AES128_ROUNDS): New constants.
4062 Similarly also for aes192 and aes256.
4064 * aes-internal.h: Declare new functions.
4066 * aes-set-key-internal.c (_aes_set_key): New file and funxtion
4067 extracted from aes_set_encrypt_key.
4068 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use _aes_set_key.
4070 * aes-invert-internal.c (_aes_invert): New file and function,
4071 extracted from aes_invert_key.
4072 * aes-set-decrypt-key.c (aes_invert_key): Use _aes_invert.
4074 * arm/v6/aes-encrypt-internal.asm: Adapted to new interface.
4075 Unfortunately, 4% slowdown on Cortex-A9, for unknown reason.
4076 * arm/v6/aes-decrypt-internal.asm: Likewise.
4077 * arm/aes-encrypt-internal.asm: Adapted to new interface.
4078 * arm/aes-decrypt-internal.asm: Likewise.
4080 2013-05-21 Niels Möller <nisse@lysator.liu.se>
4082 * sparc32/aes-encrypt-internal.asm: Adapted to new interface.
4083 * sparc32/aes-decrypt-internal.asm: Likewise.
4084 * sparc64/aes-encrypt-internal.asm: Likewise.
4085 * sparc64/aes-decrypt-internal.asm: Likewise.
4087 * x86/aes-encrypt-internal.asm: Adapted to new interface.
4088 * x86/aes-decrypt-internal.asm: Likewise.
4090 2013-05-20 Niels Möller <nisse@lysator.liu.se>
4092 * x86_64/aes-encrypt-internal.asm: Adapted to new interface.
4093 * x86_64/aes-decrypt-internal.asm: Likewise.
4095 2013-05-17 Niels Möller <nisse@lysator.liu.se>
4097 * aes.h (struct aes_ctx): Renamed nrounds to rounds, and moved
4098 first in the structure.
4099 * aes-set-encrypt-key.c (aes_set_encrypt_key): Updated for renaming.
4100 * aes-set-decrypt-key.c (aes_invert_key): Likewise.
4102 * aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
4103 subkeys as separate arguments, not a struct aes_ctx *. Updated
4105 * aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
4106 * aes-internal.h: Updated prototypes.
4108 * Start of aes-reorg changes.
4110 2013-09-28 Niels Möller <nisse@lysator.liu.se>
4112 * md4.h (struct md4_ctx): Use single uint64_t variable for block
4114 * md4.c: Use new block count variable.
4115 * md5.c, md5.h (struct md5_ctx): Likewise.
4116 * ripemd160.c, ripemd160.h (struct ripemd160_ctx): Likewise.
4117 * sha1.c, sha1.h (struct sha1_ctx): Likewise.
4118 * sha256.c, sha2.h (struct sha256_ctx): Likewise.
4120 * testsuite/testutils.c (test_hash_large): Added simple progress
4123 * macros.h (MD_PAD): Use size argument, don't depend on
4124 sizeof of the count field(s).
4126 2013-09-22 Niels Möller <nisse@lysator.liu.se>
4128 * x86_64/gcm-hash8.asm: New file.
4129 * x86_64/gcm-gf-mul-8.asm: Deleted.
4131 * configure.ac (asm_nettle_optional_list): Look for gcm-hash8.asm,
4132 not gcm-gf-mul-8.asm.
4133 * gcm.c [HAVE_NATIVE_gcm_hash8]: Make use of (optional) assembly
4136 2013-09-21 Niels Möller <nisse@lysator.liu.se>
4138 * Makefile.in (des.po): Add same dependencies as for des.o.
4139 Reported by Vincent Torri.
4141 2013-09-20 Niels Möller <nisse@lysator.liu.se>
4143 * testsuite/gcm-test.c: Added tests with associated data of
4146 * testsuite/testutils.c (tstring_alloc): Add NUL-termination.
4148 2013-09-18 Niels Möller <nisse@lysator.liu.se>
4150 * Makefile.in: New stampfiles, libnettle.stamp and
4151 libhogweed.stamp, updated when both static and shared libraries
4152 are rebuilt. Used as link dependencies in subdirectories.
4153 * examples/Makefile.in: Make executable targets depend on
4154 ../libnettle.stamp and libhogweed.stamp, not directly on the
4155 static library files.
4156 * testsuite/Makefile.in: Likewise.
4157 * tools/Makefile.in: Likewise.
4159 2013-09-09 Niels Möller <nisse@lysator.liu.se>
4161 * gcm.c [HAVE_NATIVE_gcm_gf_mul_8]: Make use of (optional)
4162 assembly implementation.
4164 * configure.ac: Support optional assembly files for both nettle
4165 and hogweed. Replaced OPT_ASM_SOURCES with OPT_ASM_NETTLE_SOURCES,
4166 OPT_ASM_HOGWEED_SOURCES, and asm_optional_list with
4167 asm_nettle_optional_list and asm_hogweed_optional_list.
4168 (asm_nettle_optional_list): Added gcm-gf-mul-8.asm.
4170 2013-06-25 Niels Möller <nisse@lysator.liu.se>
4172 * testsuite/gcm-test.c: Deleted redundant include of aes.h.
4174 * testsuite/testutils.c (test_aead): Allow digest size smaller
4175 than the block size.
4177 * tools/nettle-pbkdf2.c: New command line tool.
4178 * tools/Makefile.in (TARGETS): Added nettle-pbkdf2.
4179 (nettle-pbkdf2$(EXEEXT)): New target.
4180 * testsuite/nettle-pbkdf2-test: New test case.
4181 * testsuite/Makefile.in (TS_SH): Added nettle-pbkdf2-test.
4183 * tools/nettle-hash.c (digest_file): Use stack allocation for the
4184 small hex output buffer.
4186 * examples/io.c (MIN): Deleted unused macro.
4188 2013-05-21 Niels Möller <nisse@lysator.liu.se>
4190 From nettle-2.7-fixes branch:
4191 * Makefile.in (distdir): Distribute files in arm/v6 subdirectory.
4193 2013-05-20 Niels Möller <nisse@lysator.liu.se>
4195 * arm/v6/sha1-compress.asm: Moved into v6 directory, since it uses
4196 the v6 instruction uadd8, sel and rev.
4197 * arm/v6/sha256-compress.asm: Likewise.
4199 * nettle-types.h: Include <stddef.h>, for size_t.
4201 2013-05-17 Niels Möller <nisse@lysator.liu.se>
4203 * macros.h (ROTL32, ROTL64): Avoid undefined behaviour for zero
4204 rotation count. Unfortunately makes CAST128 a bit slower with
4207 * ecc-j-to-a.c (ecc_j_to_a): Fixed ecc_modp_mul call, to avoid
4208 invalid overlap of arguments to mpn_mul_n. Problem tracked down by
4211 2013-05-16 Niels Möller <nisse@lysator.liu.se>
4213 * arm/aes-encrypt-internal.asm: New file, for pre-v6 processors.
4214 * arm/aes-decrypt-internal.asm: New file, likewise.
4216 * arm/aes.m4 (AES_FINAL_ROUND_V5): Variant without using uxtb.
4217 (AES_FINAL_ROUND_V6): New name, updated callers.
4218 (AES_FINAL_ROUND): ... old name. Also eliminated one uxtb
4220 (AES_ENCRYPT_ROUND, AES_DECRYPT): Moved macros to the
4223 * arm/v6/aes-encrypt-internal.asm: Use ALIGN macro. Use 16-byte
4224 alignment for loops.
4225 * arm/v6/aes-decrypt-internal.asm: Likewise. Also added a nop
4226 which mysteriously improves benchmark performance on Cortex-A9.
4228 2013-05-15 Niels Möller <nisse@lysator.liu.se>
4230 * configure.ac (asm_path): Handle armv6 and armv7 differently from
4231 older ARMs. Add the arm/v6 directory to asm_path when appropriate.
4233 * arm/v6/aes-encrypt-internal.asm: Moved into v6 directory. Uses
4234 the uxtb instruction which is not available for older ARMs.
4235 * arm/v6/aes-decrypt-internal.asm: Likewise.
4237 2013-05-03 Niels Möller <nisse@lysator.liu.se>
4239 * cast128.c: Adapt to new struct cast128_ctx.
4240 (cast128_set_key): Rewrite, eliminating lots of conditions and
4241 some false warnings.
4243 * cast128.h (struct cast128_ctx): Separate the small 5-bit
4244 rotation subkeys and the larger 32-bit masking subkeys.
4246 2013-05-02 Niels Möller <nisse@lysator.liu.se>
4248 * testsuite/testutils.c (mpz_combit): Renamed. Define only if not
4249 provided GMP. Updated all uses.
4250 (mpz_togglebit): ... old name.
4252 * sexp-format.c (sexp_vformat): Use type mpz_srcptr rather
4253 than the old MP_INT *.
4255 2013-04-26 Niels Möller <nisse@lysator.liu.se>
4257 * Many files: Use size_t rather than unsigned for data sizes.
4258 * x86_64/aes-encrypt-internal.asm: Accept 64-bit length.
4259 * x86_64/aes-decrypt-internal.asm: Likewise.
4261 2013-04-25 Niels Möller <nisse@lysator.liu.se>
4263 * configure.ac: Changed version number, to 2.8.
4264 (LIBNETTLE_MAJOR): Bumped major number, following
4265 nettle_memxor ABI break.
4266 (LIBNETTLE_MINOR): Reset to zero.
4268 * examples/hogweed-benchmark.c: Add benchmarking of OpenSSL's RSA
4270 (all functions): Deleted unneeded casts.
4272 2013-04-24 Niels Möller <nisse@lysator.liu.se>
4274 * nettle.texinfo (Miscellaneous functions): Updated memxor
4275 prototype. Document memxor3.
4277 * salsa20-crypt.c (salsa20_crypt): Deleted cast of memxor
4278 argument, no longer needed.
4279 * salsa20r12-crypt.c (salsa20r12_crypt): Likewise.
4280 * sha3.c (sha3_absorb): Likewise.
4282 * memxor.h: Updated prototypes. Drop include of nettle-types.h.
4284 * memxor.c: Include nettle-types.h, for uintptr_t. Replace all
4285 internal uses of uint8_t by plain char.
4286 (memxor): Use void * rather than uint8_t * for
4288 (memxor3): Likewise.
4290 * x86_64/memxor.asm: Added nettle_ prefix to symbols.
4291 * arm/memxor.asm: Likewise.
4293 * testsuite/symbols-test: Don't allow memxor functions without
4296 * memxor.h (memxor3): Added name mangling to add "nettle_" prefix
4297 to memxor and memxor3 symbols.
4299 * Makefile.in (nettle_OBJS): Deleted $(LIBOBJS), and also deleted
4300 LIBOBJS substitution.
4301 (nettle_SOURCES): Added memxor.c, to include it in the library
4304 * configure.ac: Deleted AC_REPLACE_FUNCS for memxor.
4306 * Released nettle-2.7.
4308 2013-04-23 Niels Möller <nisse@lysator.liu.se>
4310 From Martin Storsjö:
4311 * x86_64/sha256-compress.asm: Add forgotten W64_EXIT.
4312 * x86_64/sha512-compress.asm: Likewise.
4313 * x86_64/salsa20-crypt.asm (Lpartial): Don't return via W64_EXIT
4314 within this subfunction.
4315 * x86_64/machine.m4 (W64_ENTRY): Use movdqu instead of movdqa for
4316 saving xmm registers, since the stack is not guaranteed to be
4317 16-byte aligned on win64. Take pushed xmm registers into account
4318 when reading the fifth parameter from the stack.
4320 * Makefile.in: Consistently use EXEEXT_FOR_BUILD.
4322 2013-04-21 Niels Möller <nisse@lysator.liu.se>
4324 * Makefile.in (DISTFILES): Added mini-gmp.c and mini-gmp.h.
4325 (distdir): Use find, for identifying assembly files to copy.
4327 2013-04-18 Niels Möller <nisse@lysator.liu.se>
4329 * configure.ac: Recognize cpu type "arm*", not just "armv7*'.
4331 * arm/aes-encrypt-internal.asm: Updated include of aes.m4.
4332 * arm/aes-decrypt-internal.asm: Likewise.
4334 * Makefile.in (distdir): Updated for ARM reorganization.
4336 * configure.ac (asm_path): Generalized, can now be a list of
4337 directories. On ARM, check for neon instructions, and add arm/neon
4338 if appropriate. New command line options
4339 --enable-arm-neon/--disable-arm-neon, for overriding the default.
4341 arm/neon: New subdirectory, for assembly files making use of neon
4344 arm: Renamed directory, from...
4347 * aclocal.m4 (NETTLE_CHECK_ARM_NEON): New macro.
4349 * nettle.texinfo (Keyed hash functions): Document UMAC.
4351 * umac.h (UMAC32_DIGEST_SIZE, UMAC64_DIGEST_SIZE)
4352 (UMAC96_DIGEST_SIZE, UMAC128_DIGEST_SIZE): New constants.
4353 (UMAC_DATA_SIZE): New name, for consistency with hash functions.
4355 (UMAC_BLOCK_SIZE): ... old name.
4357 2013-04-17 Niels Möller <nisse@lysator.liu.se>
4359 * examples/nettle-benchmark.c (main): Benchmark salsa20r12.
4361 * nettle-internal.c (nettle_salsa20r12): Cipher struct for
4363 * nettle-internal.h (nettle_salsa20): Declare it.
4365 * Makefile.in (eccdata): Depend on mini-gmp files. Drop -lgmp.
4367 * eccdata.c: Use mini-gmp, to avoid gmp dependency and associated
4368 configure tests for the *build* system. Replaced mpz_submul_ui by
4369 mpz_mul_ui + mpz_sub, and gmp_printf and gmp_fprintf by calls to
4372 * mini-gmp.h, mini-gmp.c: New files, copied from gmp-5.1.1.
4374 2013-04-16 Niels Möller <nisse@lysator.liu.se>
4376 * umac-set-key.c (BE_SWAP32_N): Fixed dummy definition used for
4379 * Makefile.in (TARGETS): Deleted eccdata, it should be build only
4380 when public key support is enabled.
4381 (clean-here): Exlicitly list it here.
4383 * asm.m4 (m4_log2): New macro, similar to the one in gmp.
4384 (ALIGN): Changed to take alignment in bytes. Updated all callers,
4385 currently used only in x86 and x86_64 files.
4387 * umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
4388 block count an uint64_t. Reorder some elements to put short values
4390 * umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
4391 (_umac_l2): Deleted redundant memcpy.
4392 (_umac_l2, _umac_l2_final): Store input buffer at end of the
4393 poly64/poly128 state. Deleted l1_out from corresponding context
4394 structs, and updated all callers.
4396 * configure.ac: Changed version number to 2.7.
4397 (LIBNETTLE_MINOR): Bumped library version, to 4.6.
4398 (LIBHOGWEED_MINOR): And to 2.4.
4400 * Makefile.in (distdir): Include files from armv7 subdirectory.
4402 * x86_64/umac-nh-n.asm: New file, 3.5 time speedup.
4404 * umac32.c (umac32_digest): Fix nonce caching.
4405 * umac64.c (umac64_digest): Likewise.
4407 * testsuite/umac-test.c (test_incr): New function.
4408 (test_main): Test nonce increment.
4410 * misc/umac/umac.py: UMAC reference implementation.
4411 * misc/umac/rijndael.py: AES implementation used by umac.py.
4412 * misc/umac/mkvectors: Script to generate UMAC test vectors.
4413 * misc/umac/vectors.out: Generated test vectors.
4415 * umac32.c (umac32_digest): Fix nonce increment, use INCREMENT
4417 * umac64.c (umac64_digest): Likewise.
4418 * umac96.c (umac96_digest): Likewise.
4419 * umac128.c (umac128_digest): Likewise.
4421 * macros.h (INCREMENT): Allow size == 1.
4423 2013-04-15 Niels Möller <nisse@lysator.liu.se>
4425 * x86_64/umac-nh.asm: New file. 4.4 time speedup.
4427 * armv7/umac-nh-n.asm: New file. 2.0-2.3 time speedup.
4429 * testsuite/umac-test.c (test_align): Fixed memory leak.
4431 2013-04-12 Niels Möller <nisse@lysator.liu.se>
4433 * armv7/umac-nh.asm: New file. 2.4 time speedup.
4435 * armv7/machine.m4 (D0REG, D1REG): New macros.
4437 * configure.ac (asm_replace_list): Added umac-nh.asm and
4440 * testsuite/umac-test.c: Test different alignments for the
4443 2013-04-11 Niels Möller <nisse@lysator.liu.se>
4445 * umac-nh-n.c (_umac_nh_n): Rewrote as a single pass over the
4448 * examples/nettle-benchmark.c (time_umac): New function.
4451 * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
4452 can be xored directly to the pad in native byteorder.
4453 * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
4454 xor. Updated all callers.
4455 * umac32.c (umac32_digest): Adapt to l3 changes.
4456 * umac64.c (umac64_digest): Likewise.
4457 * umac96.c (umac96_digest): Likewise.
4458 * umac128.c (umac128_digest): Likewise.
4460 Initial implementation of umac.
4462 * umac-nh.c: New file.
4463 * umac-nh-n.c: New file.
4464 * umac-poly64.c: New file.
4465 * umac-poly128.c: New file.
4466 * umac-l2.c: New file.
4467 * umac-l3.c: New file.
4468 * Makefile.in (nettle_SOURCES): Added umac source files.
4469 (HEADERS): Added umac.h.
4470 * testsuite/umac-test.c: New file.
4471 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added umac-test.c.
4473 * ecc-mul-a.c (ecc_mul_a): Avoid using mp_bitcnt_t, for
4474 compatibility with older GMP versions.
4475 * ecc-mul-g.c (ecc_mul_g): Likewise.
4476 * eccdata.c (ecc_mul_binary): Likewise.
4477 * sec-modinv.c (sec_modinv): Likewise.
4479 * x86_64/sha3-permute.asm: Go via memory for moves between general
4480 registers and xmm registers.
4482 2013-04-06 Niels Möller <nisse@lysator.liu.se>
4484 From Edgar E. Iglesias:
4485 * sha3.c (_sha3_update): Fix condition for when the block buffer
4488 2013-04-04 Niels Möller <nisse@lysator.liu.se>
4490 * ecc-point.c (ecc_point_get): Allow NULL x or y, ignore
4491 corresponding coordinate.
4493 * nettle.texinfo (Elliptic curves): Document high-level ECDSA
4496 From Martin Storsjö. Fallback functions for older GMP releases.
4497 * gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): New functions.
4498 * gmp-glue.h: Declare them.
4499 (mpn_sqr): Fallback macro.
4501 * gmp-glue.h (cnd_add_n, cnd_sub_n): Moved here, define in terms
4502 of mpn_cnd_add_n and mpn_sub_n if available, otherwise in terms of
4503 mpn_addmul_1 and mpn_submul_1. This seems to be an improvement for
4504 subtraction, but more questionable for addition.
4506 * ecc-internal.h: Include gmp-glue.h. Deleted corresponding
4507 include in all files using ecc-internal.h.
4508 (cnd_add_n, cnd_sub_n): Moved from here.
4510 2013-04-03 Niels Möller <nisse@lysator.liu.se>
4512 * ecc-point-mul-g.c (ecc_point_mul_g): New file and function.
4513 * ecc-point-mul.c (ecc_point_mul): New file and function.
4514 * ecc.h: Updated declarations and name mangling.
4515 * Makefile.in (hogweed_SOURCES): Added ecc-point-mul.c and
4518 * testsuite/salsa20-test.c (test_main): Tests for salsa20r12,
4519 contributed by Nikos Mavrogiannopoulos.
4521 2013-03-26 Niels Möller <nisse@lysator.liu.se>
4523 * armv7/salsa20-core-internal.asm: New file. 45% speedup.
4525 2013-03-25 Niels Möller <nisse@lysator.liu.se>
4527 From Martin Storsjö:
4528 * examples/timing.c: New file, extracted from nettle-benchmark.c.
4529 * examples/timing.h: New file.
4530 * examples/Makefile.in (SOURCES): Added timing.c.
4531 (DISTFILES): Added timing.h.
4532 (BENCH_OBJS, ECC_BENCH_OBJS, HOGWEED_BENCH_OBJS): Added timing.o.
4533 * examples/nettle-benchmark.c: Use timing.h.
4534 * examples/hogweed-benchmark.c: Likewise.
4535 * examples/ecc-benchmark.c: Likewise.
4537 From Nikos Mavrogiannopoulos:
4538 * salsa20r12-crypt.c (salsa20r12_crypt): New file and function.
4539 * salsa20.h (salsa20r12_crypt): Declare.
4540 * Makefile.in (nettle_SOURCES): Added salsa20r12-crypt.c.
4542 From Martin Storsjö:
4543 * examples/hogweed-benchmark.c: Include local headers.
4544 * testsuite/ecdsa-keygen-test.c: Likewise.
4545 * x86_64/sha3-permute.asm: Workaround for Apple's assembler; write
4546 movq instructions as movd.
4548 * Makefile.in (hogweed_PURE_OBJS): Don't include OPT_ASM_SOURCES
4551 2013-03-15 Niels Möller <nisse@lysator.liu.se>
4553 * armv7/sha3-permute.asm: New file. 4.5 time speedup.
4555 * armv7/machine.m4 (QREG): New macro.
4557 2013-03-14 Niels Möller <nisse@lysator.liu.se>
4559 * configure.ac (asm_replace_list): Added sha3-permute.asm,
4560 revering 2012-12-30 change. 34% speedup on intel i5, from 2190
4561 cycles for the C implementation down to 1630.
4563 * armv7/sha512-compress.asm: Optimized. Keep expanded data in
4564 registers, exploit parallelism. Another 70% speedup.
4566 * testsuite/sha512-test.c (test_main): Additional test vectors,
4567 including some longer than 128 bytes.
4569 2013-03-13 Niels Möller <nisse@lysator.liu.se>
4571 * armv7/sha512-compress.asm: New file, using neon instructions.
4574 * configure.ac (asm_replace_list): Added sha512-compress.asm.
4575 * x86_64/machine.m4 (OFFSET64): New macro.
4576 * x86_64/sha512-compress.asm: New file, 20% speedup.
4578 * sha512-compress.c (ROUND): Eliminated a temporary, analogous to
4579 sha256 change below.
4581 * x86_64/sha256-compress.asm: New file, 16% speedup (benchmarked
4584 2013-03-11 Niels Möller <nisse@lysator.liu.se>
4586 * armv7/sha256-compress.asm: New file, 25% speedup.
4588 * configure.ac (asm_replace_list): Added sha256-compress.asm.
4590 * sha256-compress.c (ROUND): Eliminated a temporary.
4592 * armv7/sha1-compress.asm: New file, 9% speedup.
4594 * testsuite/testutils.c (test_hash): Test different alignments for
4597 2013-03-08 Niels Möller <nisse@lysator.liu.se>
4599 * armv7/aes-decrypt-internal.asm: New file, 15% speedup.
4600 * armv7/aes-encrypt-internal.asm: New file, 25% speedup.
4601 * armv7/aes.m4: New file.
4603 2013-03-07 Niels Möller <nisse@lysator.liu.se>
4605 * gmp-glue.c (mpz_limbs_cmp): Don't use PTR and SIZ macros.
4607 * Makefile.in (aesdata, desdata, twofishdata, shadata, gcmdata)
4608 (eccdata): Arrange for compiling these programs for running on the
4609 build system, also when cross compiling everything else.
4611 * config.make.in (CC_FOR_BUILD, EXEEXT_FOR_BUILD): New variables.
4613 * configure.ac: Use GMP_PROG_CC_FOR_BUILD and
4614 GMP_PROG_EXEEXT_FOR_BUILD.
4616 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD, GMP_PROG_CC_FOR_BUILD_WORKS)
4617 (GMP_PROG_EXEEXT_FOR_BUILD): New macros, based on GMP's.
4619 * aesdata.c: Deleted includes of config.h and nettle-types.h. Use
4620 unsigned char and unsigned long instead of stdint.h types.
4622 * desdata.c: Deleted includes of config.h and desCode.h.
4623 (main): Return 1 on invalid argument. Don't use ROR macro. Use
4624 unsigned long instead of uint32_t, and make it work if unsigned
4625 long is larger than 32 bits.
4627 * gcmdata.c: Deleted include of config.h and use UNUSED macro.
4628 * shadata.c: Likewise.
4630 * twofishdata.c: Deleted include of nettle-types.h. Use unsigned
4631 char instead of stdint.h types.
4633 * x86_64/ecc-521-modp.asm: New file. 2.4 time speedup.
4635 2013-03-06 Niels Möller <nisse@lysator.liu.se>
4637 * x86_64/ecc-384-modp.asm: New file, 3 time speedup.
4638 * x86_64/ecc-256-redc.asm: New file, 2.5 time speedup.
4639 * x86_64/ecc-224-modp.asm: New file, 5 time speedup over C
4642 2013-03-05 Niels Möller <nisse@lysator.liu.se>
4644 * configure.ac (asm_optional_list): Added ecc-521-modp.asm.
4645 * ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
4646 version if available.
4647 * armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
4649 2013-03-04 Niels Möller <nisse@lysator.liu.se>
4651 * configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
4652 bogus reference to $asm_search_list.
4653 * ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
4654 version if available.
4655 * armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
4657 2013-03-03 Niels Möller <nisse@lysator.liu.se>
4659 * ecc-256.c: Fixed definition of USE_REDC.
4661 2013-03-01 Niels Möller <nisse@lysator.liu.se>
4663 * ecc-256.c: Check HAVE_NATIVE_ecc_256_redc, and use native
4664 version if available.
4665 * armv7/ecc-256-redc.asm: New file, 4 time speedup over C version.
4667 * testsuite/ecc-redc-test.c: Increased test count.
4669 * ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
4670 version if available.
4671 * armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
4674 * configure.ac (asm_optional_list): Added ecc-224-modp.asm.
4675 (OPT_ASM_SOURCES): Fixed assignment.
4677 2013-02-28 Niels Möller <nisse@lysator.liu.se>
4679 * x86_64/ecc-192-modp.asm: Reorganized to reduce number of
4680 additions. Use setc instruction.
4682 * examples/Makefile.in: Let $(HOGWEED_TARGETS) depend on
4685 * armv7/ecc-192-modp.asm: New file. 2.5 time speedup over C
4688 2013-02-27 Niels Möller <nisse@lysator.liu.se>
4690 * ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
4691 version if available.
4692 (ecc_192_modp): Fixed carry handling bug in 32-bit version.
4694 * x86_64/ecc-192-modp.asm: New file. 3.8 times speedup over C
4697 * configure.ac (OPT_ASM_SOURCES): New substituted variable.
4698 (asm_replace_list, asm_optional_list): New variables. For files in
4699 asm_optional_list, also add them to OPT_ASM_SOURCES and define
4700 appropriate HAVE_NATIVE_* symbols found.
4702 * Makefile.in (OPT_ASM_SOURCES): New variable. Used for setting
4703 hogweed_OBJS and hogweed_PURE_OBJS.
4705 * testsuite/ecc-mod-test.c: Increased test count.
4707 * ecc-384.c (ecc_384_modp): Fixed typo which broke carry handling
4708 in the 64-bit version.
4710 * examples/ecc-benchmark.c (bench_add_jjj): Typo fix, benchmark
4713 * gmp-glue.h: Check if GMP provides mpz_limbs_read (expected in
4715 * gmp-glue.c: Use GMP's mpz_limbs_read and friends if available.
4716 Renamed all functions for consistency with GMP. Updated all
4719 2013-02-20 Niels Möller <nisse@lysator.liu.se>
4721 * examples/Makefile.in (HOGWEED_TARGETS): Added
4722 hogweed-benchmark$(EXEEXT).
4723 (SOURCES): Added hogweed-benchmark.c.
4724 (hogweed-benchmark$(EXEEXT)): New target.
4726 * examples/hogweed-benchmark.c: New file.
4728 * ecdsa-keygen.c (ecdsa_generate_keypair): New file and function.
4729 * Makefile.in (hogweed_SOURCES): Added ecdsa-keygen.c.
4730 * testsuite/ecdsa-keygen-test.c: New testcase.
4731 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
4732 ecdsa-keygen-test.c.
4734 * nettle-internal.h (TMP_ALLOC): Added missing parentheses.
4736 2013-02-18 Niels Möller <nisse@lysator.liu.se>
4738 * testsuite/ecdsa-verify-test.c: New testcase.
4739 * testsuite/ecdsa-sign-test.c: New testcase.
4740 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
4741 ecdsa-sign-test.c and ecdsa-verify-test.c.
4742 * testsuite/testutils.h: Include ecdsa.h.
4743 (SHEX): Deleted const cast.
4745 * ecc-point.c: New file, struct ecc_point abstraction.
4746 * ecc-scalar.c: New file, struct ecc_scalar abstraction.
4747 * ecc-random.c (ecc_modq_random, ecc_scalar_random): New file, new
4749 * ecc-hash.c (ecc_hash): New file and function.
4750 * ecc-ecdsa-sign.c: New file, low-level signing interface.
4751 * ecc-ecdsa-verify.c: New file, low-level ecdsa verify.
4752 * ecdsa-sign.c: (ecdsa_sign): New file and function.
4753 * ecdsa-verify.c (ecdsa_verify): New file and function.
4754 * ecdsa.h: New header file.
4755 * ecc.h: Declare ecc_point and ecc_scalar functions.
4756 * ecc-internal.h: Added declarations.
4757 * Makefile.in (hogweed_SOURCES): Added new source files.
4758 (HEADERS): Added ecdsa.h.
4760 * gmp-glue.c (_mpz_set_mpn): New convenience function.
4761 (_mpn_set_base256): New function.
4762 (_gmp_alloc_limbs): New function.
4763 (_gmp_free_limbs): New function.
4764 * gmp-glue.h: Corresponding declarations. Include nettle-stdinh.h.
4766 * examples/Makefile.in (HOGWEED_TARGETS): Renamed, was
4767 RSA_TARGETS. Added ecc-benchmark$(EXEEXT).
4768 (SOURCES): Added ecc-benchmark.c.
4769 (ecc-benchmark$(EXEEXT)): New target.
4771 * examples/ecc-benchmark.c: New file, benchmarking ecc primitives.
4773 2013-02-15 Niels Möller <nisse@lysator.liu.se>
4775 Integrate ecc_mul_a.
4776 * ecc-a-to-j.c: New file.
4777 * ecc-add-jjj.c: New file.
4778 * ecc-mul-a.c: New file.
4779 * Makefile.in (hogweed_SOURCES): Added new files.
4780 * testsuite/ecc-mul-a-test.c: New file.
4781 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
4784 * testsuite/testutils.c: Removed redundant includes.
4785 (die): New function.
4787 Integrate ecc_mul_g.
4789 * ecc-j-to-a.c: New file.
4790 * ecc-size.c: New file.
4791 * ecc-add-jja.c: New file.
4792 * ecc-dup-jj.c: New file.
4793 * ecc-mul-g.c: New file.
4794 * sec-tabselect.c: New file.
4795 * Makefile.in (hogweed_SOURCES): Added new files.
4796 (HEADERS): Added ecc.h
4797 * testsuite/ecc-mul-g-test.c: New file.
4798 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
4800 * testsuite/testutils.c (xalloc_limbs): New function.
4801 (test_mpn): New function.
4802 (test_ecc_point): New function.
4803 (test_ecc_mul_a): New function.
4804 (test_ecc_mul_j): New function.
4805 * testsuite/testutils.h: Corresponding declarations.
4807 Integrate ECC internals.
4808 * ecc-curve.h: New file.
4809 * ecc-internal.h: New file.
4810 * cnd-copy.c: New file.
4811 * ecc-192.c: New file.
4812 * ecc-224.c: New file.
4813 * ecc-256.c: New file.
4814 * ecc-384.c: New file.
4815 * ecc-521.c: New file.
4816 * ecc-generic-modp.c: New file.
4817 * ecc-generic-modq.c: New file.
4818 * ecc-generic-redc.c: New file.
4819 * ecc-mod.c: New file.
4820 * ecc-modp.c: New file.
4821 * ecc-modq.c: New file.
4822 * sec-add-1.c: New file.
4823 * sec-modinv.c: New file.
4824 * sec-sub-1.c: New file.
4825 * Makefile.in (hogweed_SOURCES): Added new files.
4826 (HEADERS): Added ecc-curve.h.
4827 (DISTFILES): Added ecc-internal.h.
4828 * testsuite/ecc-mod-test.c: New file.
4829 * testsuite/ecc-modinv-test.c: New file.
4830 * testsuite/ecc-redc-test.c: New file.
4831 * testsuite/testutils.c (ecc_curves): New constant array.
4832 * testsuite/testutils.h: Include ecc-related headers. Declare
4834 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-mod-test.c
4835 ecc-modinv-test.c ecc-redc-test.c.
4837 * gmp-glue.c: New file, mpn <-> mpz conversions.
4838 * gmp-glue.h: New file.
4839 * Makefile.in: Added to hogweed_SOURCES and DISTFILES, respectively.
4841 * eccdata.c: New program, for generating ECC-related tables.
4842 * Makefile.in (ecc-192.h, ecc-224.h, ecc-256.h, ecc-384.h)
4843 (ecc-512.h): New generated files.
4845 2013-02-19 Niels Möller <nisse@lysator.liu.se>
4847 * armv7/memxor.asm (memxor): Software pipelining for the aligned
4848 case. Runs at 6 cycles (0.5 cycles per byte). Delayed push of
4849 registers until we know how many registers we need.
4850 (memxor3): Use 3-way unrolling also for aligned memxor3.
4851 Runs at 8 cycles (0.67 cycles per byte)
4853 2013-02-14 Niels Möller <nisse@lysator.liu.se>
4855 * configure.ac: Find GMP's GMP_NUMB_BITS. Substitute in Makefile.
4856 * config.make.in (GMP_NUMB_BITS): New variable.
4858 * examples/rsa-keygen.c (uint_arg): New function.
4859 (main): New options -s and -e, to specify key size and public
4860 exponent. Increased default key size to 2048.
4862 2013-02-12 Niels Möller <nisse@lysator.liu.se>
4864 * armv7/memxor.asm (memxor): Optimized aligned case, using 3-way
4867 2013-02-06 Niels Möller <nisse@lysator.liu.se>
4869 * armv7/memxor.asm (memxor, memxor3): Optimized aligned case, now
4870 runs at 0.75 cycles/byte.
4872 * armv7/README: New file.
4873 * armv7/machine.m4: New (empty) file.
4874 * armv7/memxor.asm: Initial assembly implementation.
4876 * config.m4.in: Substitute ASM_TYPE_PROGBITS as TYPE_PROGBITS.
4878 * config.make.in: Added .s to the suffix list.
4880 * Makefile.in (.asm.s): Use a separate make target for .asm
4881 preprocessing. Include asm.d, which the corresponding
4884 * configure.ac (asm_file_list): Collect assembly files into this
4886 (asm.d): Make config.status write dependencies for .s files into
4888 (ASM_ALIGN_LOG): Set to "no" when appropriate.
4889 (ASM_TYPE_FUNCTION): Default to "@function".
4890 (ASM_TYPE_PROGBITS): New substituted variable, set in the same way
4891 as ASM_TYPE_FUNCTION.
4892 (ASM_MARK_NOEXEC_STACK): Use TYPE_PROGBITS.
4893 (asm_path): Set up asm_path for armv7.
4895 * asm.m4: Use changecom to disable m4 quoting. Use divert to
4898 2013-02-05 Niels Möller <nisse@lysator.liu.se>
4900 * testsuite/rsa-keygen-test.c (test_main): Updated expected
4901 signatures, after the nettle_mpz_random change below.
4902 * testsuite/dsa-test.c (test_main): Likewise. Also fixed the
4903 dsa256 test to actually use the expected signature.
4905 2013-01-31 Niels Möller <nisse@lysator.liu.se>
4907 * bignum-random.c (nettle_mpz_random): Increased number of extra
4908 bits to 64, following FIPS 186-3.
4910 2013-01-16 Niels Möller <nisse@lysator.liu.se>
4912 * Released nettle-2.6.
4914 2013-01-12 Niels Möller <nisse@lysator.liu.se>
4916 * configure.ac: Use AC_LANG_SOURCE.
4918 2013-01-02 Niels Möller <nisse@lysator.liu.se>
4920 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.5.
4921 (LIBHOGWEED_MINOR): And to 2.3.
4923 * examples/Makefile.in: Explicit rules for building objects in
4925 * tools/Makefile.in: Likewise.
4926 * testsuite/Makefile.in: Likewise.
4928 2013-01-01 Niels Möller <nisse@lysator.liu.se>
4930 * nettle.texinfo (Recommended hash functions): Document additional
4933 * examples/nettle-benchmark.c (main): Benchmark additional sha3
4936 2012-12-30 Niels Möller <nisse@lysator.liu.se>
4938 * sha3-224.c, sha3-224-meta.c: New files.
4939 * sha3-384.c, sha3-384-meta.c: New files.
4940 * sha3-512.c, sha3-512-meta.c: New files.
4941 * sha3.h: Prototypes for sha3 with sizes 224, 384 and 512.
4942 * nettle-meta.h: Declare nettle_sha3_224, nettle_sha3_384 and
4944 * Makefile.in (nettle_SOURCES): Added new sha3 files.
4946 * testsuite/sha3-224-test.c: New file.
4947 * testsuite/sha3-384-test.c: New file.
4948 * testsuite/sha3-512-test.c: New file.
4949 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new sha3 test files.
4951 * configure.ac: Disabled use of sha3-permute.asm.
4953 2012-12-20 Niels Möller <nisse@lysator.liu.se>
4956 * testsuite/des-compat-test.c (pt): Use proper prototype, use
4958 * testsuite/testutils.c (test_dsa_key): Deleted spurious
4961 2012-12-15 Niels Möller <nisse@lysator.liu.se>
4963 Based on a patch from Alon Bar-Lev:
4964 * Makefile.in (LIBTARGETS, SHLIBTARGET): Define as empty if static
4965 or shared libraries, respectively, are disabled.
4966 (TARGETS): Deleted @IF_SHARED@ conditional, now in the definition
4970 * configure.ac: Check for ar program. New option --disable-static.
4971 * config.make.in (AR): Use configured value.
4973 2012-12-13 Niels Möller <nisse@lysator.liu.se>
4975 * x86_64/sha3-permute.asm: Rewrote, to keep all state in
4976 registers. 2400 cycles on x86_64, only slightly faster than the
4979 2012-12-09 Niels Möller <nisse@lysator.liu.se>
4981 * sha3-permute.c (sha3_permute): Rewrote to do permutation in
4982 place. 80% speedup on x86_64, 2500 cycles.
4984 2012-12-04 Niels Möller <nisse@lysator.liu.se>
4986 * ctr.c (ctr_crypt): Fix bug reported by Tim Kosse. Don't
4987 increment the counter when length is zero (was broken for the
4990 * testsuite/ctr-test.c (test_main): Added test with zero-length
4992 * testsuite/testutils.c (test_cipher_ctr): Check the ctr value
4993 after encrypt and decrypt.
4995 2012-12-03 Niels Möller <nisse@lysator.liu.se>
4997 * sha3-permute.c (sha3_permute): Optimized, to reduce number of
4998 passes over the data. 20% speedup on x86_64, 4700 cycles.
5000 * configure.ac: Added sha3-permute.asm.
5002 * x86_64/sha3-permute.asm: New file. 30% speedup over current C
5005 * nettle.texinfo (Hash functions): Split into several sections,
5006 separating recommended hash functions and legacy hash functions.
5009 2012-12-02 Niels Möller <nisse@lysator.liu.se>
5011 Split sha.h into new files sha1.h and sha2.h. Replaced all
5012 internal usage of sha.h in all files.
5013 * sha.h: Kept for compatibility, just includes both new files.
5016 * Makefile.in (HEADERS): Added sha1.h and sha2.h.
5018 2012-11-28 Niels Möller <nisse@lysator.liu.se>
5020 From Fredrik Thulin:
5021 * testsuite/pbkdf2-test.c (test_main): Add PBKDF2-HMAC-SHA512 test
5024 2012-11-15 Niels Möller <nisse@lysator.liu.se>
5026 * sha3-permute.c (sha3_permute): Use ULL suffix on round
5027 constants. Avoid passing shift count 0 to ROTL64.
5029 * sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
5031 * macros.h (LE_READ_UINT64): New macro.
5033 2012-11-13 Niels Möller <nisse@lysator.liu.se>
5035 * sha3-permute.c (sha3_permute): Micro optimizations. Partial
5036 unrolling. Use lookup table for the permutation. On an x86_64,
5037 execution time reduced from appr. 13000 cycles to appr. 6000.
5039 * examples/nettle-benchmark.c (TIME_CYCLES): New macro.
5040 (bench_sha1_compress, bench_salsa20_core): Use it.
5041 (bench_sha3_permute): New function.
5042 (main): Call bench_sha3_permute.
5044 2012-11-12 Niels Möller <nisse@lysator.liu.se>
5046 * examples/nettle-benchmark.c (main): Benchmark sha3_256.
5048 * sha3-permute.c: New file. Permutation function for sha3, aka
5050 * sha3.h: New header file.
5051 * sha3.c: New file, absorption and padding for sha3.
5052 * sha3-256.c: New file.
5053 * sha3-256-meta.c: New file.
5054 * nettle-meta.h (nettle_sha3_256): Declare.
5055 * Makefile.in (nettle_SOURCES): Added sha3 files.
5056 (HEADERS): Added sha3.h.
5057 * testsuite/sha3.awk: New file. Script to extract test vectors.
5058 * testsuite/sha3-256-test.c: New file.
5059 * testsuite/sha3-permute-test.c: New file.
5060 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
5061 sha3-permute-test.c and sha3-256-test.c.
5062 (DISTFILES): Added sha3.awk.
5063 * testsuite/.test-rules.make: Added sha3 targets.
5065 * macros.h (LE_WRITE_UINT64): New macro.
5066 * write-le64.c (_nettle_write_le64): New file and function.
5067 * nettle-write.h (_nettle_write_le64): Declare. Also deleted
5068 declaration of non-existent _nettle_write_be64.
5069 * Makefile.in (nettle_SOURCES): Added write-le64.c.
5071 * macros.h (ROTL64): New macro, moved from...
5072 * sha512-compress.c (ROTL64): ... old location, deleted.
5074 * serpent-internal.h [HAVE_NATIVE_64_BIT] (DROTL32): Renamed from...
5075 (ROTL64): ... old name.
5076 (DRSHIFT32): Renamed from ...
5077 (RSHIFT64): ... old name.
5078 * serpent-encrypt.c (LINEAR_TRANSFORMATION64): Updated for above
5080 * serpent-decrypt.c (LINEAR_TRANSFORMATION64_INVERSE): Likewise.
5082 2012-11-11 Niels Möller <nisse@lysator.liu.se>
5084 From Nikos Mavrogiannopoulos:
5085 * nettle.texinfo (Hash functions): Added documentation for
5087 * examples/nettle-benchmark.c (main): Benchmark gosthash94.
5089 2012-11-10 Niels Möller <nisse@lysator.liu.se>
5091 * nettle.texinfo (nettle_hashes, nettle_ciphers): Use deftypevr,
5092 not deftypevrx. Spotted by Nikos Mavrogiannopoulos.
5094 2012-11-08 Niels Möller <nisse@lysator.liu.se>
5096 Gost hash function, ported from Aleksey Kravchenko's rhash library
5097 by Nikos Mavrogiannopoulos.
5098 * gosthash94.c: New file.
5099 * gosthash94.h: New file.
5100 * gosthash94-meta.c: New file.
5101 * nettle-meta.h (nettle_gosthash94): Declare.
5102 * Makefile.in (nettle_SOURCES): Added gosthash94.c and
5104 (HEADERS): Added gosthash94.h.
5105 * testsuite/gosthash94-test.c: New file.
5106 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
5109 2012-10-29 Niels Möller <nisse@lysator.liu.se>
5111 From Martin Storsjö:
5112 * configure.ac (dummy-dep-files): Avoid non-posix \|-operator in
5115 2012-10-29 Niels Möller <nisse@lysator.liu.se>
5117 * x86_64/salsa20-core-internal.asm: New file.
5118 * configure.ac: Added salsa20-core-internal.asm.
5119 * examples/nettle-benchmark.c (bench_salsa20_core): New function.
5121 2012-10-27 Niels Möller <nisse@lysator.liu.se>
5123 * testsuite/Makefile.in (TS_SOURCES, CXX_SOURCES): Include sources
5125 (TS_CXX): Moved @IF_CXX@ conditional here.
5126 (DISTFILES): Use $(SOURCES), which now includes all C source
5127 files. testutils.c was lost in a the 2012-09-20 change.
5129 * x86_64/salsa20-crypt.asm: Include x86_64/salsa20.m4.
5130 Make all exits go via .Lend and W64_EXIT.
5132 * x86_64/salsa20.m4: New file, extracted from
5133 x86_64/salsa20-crypt.asm.
5135 2012-10-26 Niels Möller <nisse@lysator.liu.se>
5137 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LIBS): Add $(CFLAGS) on
5138 the link command line. Reported by Dennis Clarke.
5140 2012-10-03 Niels Möller <nisse@lysator.liu.se>
5142 From: Nikos Mavrogiannopoulos:
5143 * testsuite/testutils.c (test_hash): On failure, print the
5144 expected and returned hash values.
5146 2012-09-23 Niels Möller <nisse@lysator.liu.se>
5148 * Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
5150 * salsa20-core-internal.c (_salsa20_core): New file and function,
5151 extracted from salsa20_crypt.
5152 * salsa20.h (_salsa20_core): Declare it.
5153 * salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
5155 2012-09-21 Niels Möller <nisse@lysator.liu.se>
5157 * pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized
5160 * nettle.texinfo (Cipher functions): Stress that the salsa20 hash
5161 function is not suitable as a general hash function.
5163 2012-09-20 Simon Josefsson <simon@josefsson.org>
5165 * pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
5166 * pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
5167 * Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
5168 pbkdf2-hmac-sha256.c.
5169 * nettle.texinfo (Key derivation functions): Improve.
5170 * testsuite/pbkdf2-test.c (test_main): Test new functions.
5172 2012-09-20 Niels Möller <nisse@lysator.liu.se>
5174 * pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
5175 * pbkdf2.h (PBKDF2): Analogous reordering.
5176 * testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
5178 * nettle.texinfo (Key derivation functions): Updated documented
5181 * testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
5184 * configure.ac: New substitution IF_CXX, replacing CXX_TESTS.
5185 (dummy-dep-files): Handle .cxx files.
5187 * testsuite/Makefile.in: Use IF_CXX. Include dependency file for
5190 2012-09-19 Niels Möller <nisse@lysator.liu.se>
5193 * examples/rsa-encrypt.c (main): Added missing mpz_clear.
5194 * examples/rsa-keygen.c (main): Added missing deallocation.
5196 * testsuite/meta-hash-test.c (test_main): Validate
5197 NETTLE_MAX_HASH_DIGEST_SIZE.
5199 * pbkdf2.h (PBKDF2): New macro.
5200 * testsuite/pbkdf2-test.c: Use it.
5202 2012-09-12 Simon Josefsson <simon@josefsson.org>
5204 * NEWS: Mention addition of PBKDF2.
5205 * pbkdf2.c (pbkdf2): New file and function.
5206 * pbkdf2.h: Declare it.
5207 * Makefile.in (nettle_SOURCES): Add pbkdf2.c.
5208 (HEADERS): Add pbkdf2.h.
5209 * nettle.texinfo (Key derivation functions): New section.
5210 * testsuite/pbkdf2-test.c: New test case.
5211 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
5212 * testsuite/.test-rules.make (pbkdf2-test): New target.
5214 2012-09-16 Niels Möller <nisse@lysator.liu.se>
5216 * testsuite/: Overhaul of testsuite, affecting almost all files.
5217 + Use struct tstring for allocated strings, and deallocate before
5219 + Changed most test functions to take struct tstring as arguments.
5220 + Made all test_main return on success.
5222 * testsuite/testutils.h (struct tstring): New struct type.
5223 (H2, HL, MEMEQH, SUCCESS): Deleted macros.
5224 (SHEX, SDATA): New macros.
5225 (H): Redefined to track storage.
5227 * testsuite/testutils.c (tstring_alloc): New function.
5228 (tstring_clear): New function.
5229 (tstring_data): New function.
5230 (tstring_hex): New function.
5231 (tstring_print_hex): New function.
5232 (decode_hex_length): Made static.
5233 (decode_hex): Made static. No return value, abort on error.
5234 (main): Expect test_main to return, and call tstring_clear before
5236 (test_dsa_key): Added missing mpz_clear.
5237 (test_mac): Deleted unused function.
5239 * testsuite/rsa2sexp-test.c (test_main): Added missing
5240 nettle_buffer_clear.
5242 * testsuite/yarrow-test.c (open_file): Don't leak filename.
5243 (test_main): fclose input file properly.
5245 * testsuite/sexp-format-test.c (test_main): Added missing calls to
5246 nettle_buffer_clear and mpz_clear.
5248 * testsuite/serpent-test.c (tstring_hex_reverse): New function,
5250 (decode_hex_reverse): ... deleted function.
5251 (RHEX): New macro, replacing...
5252 (RH, RHL): ... deleted macros.
5254 * testsuite/rsa2sexp-test.c (test_main): Added missing
5255 nettle_buffer_clear.
5257 * testsuite/random-prime-test.c (test_main): Added missing
5260 * realloc.c (nettle_realloc): Only call libc realloc if length >
5261 0, otherwise call free. Fixes a small memory leak.
5262 (nettle_xrealloc): Likewise.
5264 * run-tests (test_program): Don't quote $EMULATOR; allow it to
5265 expand to program and arguments (e.g., valgrind).
5267 * tools/pkcs1-conv.c (convert_public_key): Added missing calls to
5268 dsa_public_key_clear and rsa_public_key_clear.
5269 (main): Added missing nettle_buffer_clear.
5271 2012-09-10 Niels Möller <nisse@lysator.liu.se>
5273 * examples/eratosthenes.c (main): Explicitly deallocate storage
5276 * examples/io.c (read_file): Explicitly treat an empty file as an
5277 error. Rearrange loop, check for short fread return value.
5279 * desdata.c: Don't declare printf, include <stdio.h> instead. Also
5280 deleted casts of printf return value.
5283 * examples/nettle-benchmark.c (die): Use PRINTF_STYLE attribute.
5284 * pgp-encode.c (pgp_put_rsa_sha1_signature): Deleted unused variable.
5285 * rsa2openpgp.c (rsa_keypair_to_openpgp): Likewise.
5286 * examples/base16enc.c (main): Deleted useless allocations.
5288 2012-09-07 Niels Möller <nisse@lysator.liu.se>
5290 * examples/nettle-benchmark.c (die): Add NORETURN attribute. Patch
5292 * tools/misc.h (die, werror): Use PRINTF_STYLE and NORETURN macros
5293 for attributes. Patch from Tim Rühsen.
5295 * examples/io.h (werror): Use PRINTF_STYLE macro.
5297 2012-08-22 Niels Möller <nisse@lysator.liu.se>
5299 From Sam Thursfield <sam.thursfield@codethink.co.uk>:
5300 * configure.ac: Make documentation optional, to avoid requiring
5301 TeX. New option --disable-documentation, and Makefile substitution
5303 * Makefile.in: Use IF_DOCUMENTATION.
5305 2012-07-12 Niels Möller <nisse@lysator.liu.se>
5307 * asm.m4 (ALIGN): Use << operator rather than **, with m4 eval.
5308 The latter is not supported by BSD m4.
5310 2012-07-07 Niels Möller <nisse@lysator.liu.se>
5312 Copyright headers: Updated FSF address. Patch from David Woodhouse.
5314 * examples/Makefile.in (BENCH_LIBS): Added -lm, needed for the
5315 ldexp function. Reported by Anthony G. Basile.
5317 * configure.ac: Changed version number to 2.6.
5319 * Released nettle-2.5.
5321 2012-07-05 Niels Möller <nisse@lysator.liu.se>
5323 * x86_64/salsa20-crypt.asm (salsa20_crypt): Write the 64-bit movq
5324 instructions as "movd", since that makes the osx assembler
5325 happier. Assembles to the same machine code on gnu/linux.
5327 2012-07-03 Niels Möller <nisse@lysator.liu.se>
5329 * aclocal.m4 (LSH_FUNC_ALLOCA): In the config.h boilerplate,
5330 include malloc.h if it exists, also when compiling with gcc.
5331 Needed for cross-compiling with --host=i586-mingw32msvc.
5333 * examples/base16dec.c: Don't #include files using <nettle/...>,
5334 we don't want to pick up installed versions. On windows, include
5335 <fcntl.h>, needed for _setmode.
5336 * examples/base16enc.c: Likewise.
5337 * examples/base64dec.c: Likewise.
5338 * examples/base64enc.c: Likewise
5340 * nettle.texinfo (Cipher functions): Document Salsa20.
5342 2012-06-25 Niels Möller <nisse@lysator.liu.se>
5344 * pkcs1.c (_pkcs1_signature_prefix): Renamed function, adding a
5345 leading underscore. Updated all callers.
5347 * bignum-next-prime.c (nettle_next_prime): Consistently use the
5348 type nettle_random_func * (rather then just nettle_random_func)
5349 when passing the function pointer as argument. Similar change for
5350 nettle_progress_func. Should have been done for the 2.0 release,
5351 but a few arguments were overlooked.
5352 * bignum-random-prime.c (_nettle_generate_pocklington_prime)
5353 (nettle_random_prime): Likewise.
5354 * bignum-random.c (nettle_mpz_random_size, nettle_mpz_random):
5356 * dsa-keygen.c (dsa_generate_keypair): Likewise.
5357 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise.
5358 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
5360 * dsa-sign.c (_dsa_sign): Likewise.
5361 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
5362 * rsa-blind.c (_rsa_blind): Likewise.
5363 * rsa-decrypt-tr.c (rsa_decrypt_tr): Likewise.
5364 * rsa-encrypt.c (rsa_encrypt): Likewise.
5365 * rsa-keygen.c (rsa_generate_keypair): Likewise.
5366 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Likewise.
5368 * cbc.c (cbc_encrypt, cbc_decrypt): Similarly, use the type
5369 nettle_crypt_func * rather than just nettle_crypt_func.
5370 * ctr.c (ctr_crypt): Likewise.
5371 * gcm.c (gcm_set_key): Likewise.
5373 * testsuite/des-compat-test.c (test_main): Disable declarations of
5374 disabled functions and variables, to avoid warnings. No verbose
5375 output unless verbose flag is set.
5377 2012-06-09 Niels Möller <nisse@lysator.liu.se>
5379 * examples/Makefile.in (SOURCES): Added base16dec.c, forgotten
5382 General pkcs1 signatures, with a "DigestInfo" input. Suggested by
5383 Nikos Mavrogiannopoulos.
5384 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
5385 rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
5387 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
5389 * pkcs1.h: Declare it.
5391 * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
5392 * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
5393 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
5394 contributed by Nikos Mavrogiannopoulos.
5395 * rsa.h: Declare new functions.
5397 * rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
5398 * rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
5399 separate file, renamed and made non-static. Moved from...
5400 * rsa-decrypt-tr.c: ... here.
5402 2012-06-03 Niels Möller <nisse@lysator.liu.se>
5404 * testsuite/pkcs1-test.c (test_main): Include leading zero in
5407 * pkcs1.c (pkcs1_signature_prefix): Return pointer to where the
5408 digest should be written. Let the size input be the key size in
5409 octets, rather then key size - 1.
5410 * pkcs1-rsa-*.c: Updated for above.
5411 * rsa-*-sign.c, rsa-*-verify.c: Pass key->size, not key->size - 1.
5413 2012-05-18 Niels Möller <nisse@lysator.liu.se>
5415 * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
5416 * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
5418 2012-05-09 Niels Möller <nisse@lysator.liu.se>
5420 * rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
5421 spotted by Nikos Mavrogiannopoulos.
5423 2012-05-07 Niels Möller <nisse@lysator.liu.se>
5425 * nettle-types.h (_STDINT_HAVE_INT_FAST32_T): Define here, to
5426 force nettle-stdint.h to not try to define the int_fast*_t types.
5427 Avoids compilation problems with gnutls on SunOS-5.8, where the
5428 definitions here collide with gnulib's.
5430 2012-04-23 Niels Möller <nisse@lysator.liu.se>
5432 * nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
5433 on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
5434 NETTLE_MAX_BIGNUM_BITS.
5436 2012-04-19 Niels Möller <nisse@lysator.liu.se>
5438 * list-obj-sizes.awk: Use decimal rather than hexadecimal output.
5439 (hex2int): Use local variables.
5441 2012-04-18 Niels Möller <nisse@lysator.liu.se>
5443 * x86_64/salsa20-crypt.asm: New file.
5445 2012-04-17 Niels Möller <nisse@lysator.liu.se>
5447 * testsuite/salsa20-test.c (test_salsa20_stream): Check that
5448 salsa20_crypt doesn't write beyond the given destination area.
5449 (test_salsa20): Likewise.
5451 * salsa20-crypt.c: Renamed file, from...
5452 * salsa20.c: ... old name.
5454 * x86_64/machine.m4 (WREG): New macro.
5456 * salsa20.c (salsa20_hash): Deleted function, inlined into
5458 (salsa20_set_key, salsa20_set_iv): Moved, to...
5459 * salsa20-set-key.c: ...new file.
5461 2012-04-15 Niels Möller <nisse@lysator.liu.se>
5463 * testsuite/salsa20-test.c (test_salsa20_stream): New function.
5464 (test_main): Tests for encrypting more than one block at a time.
5466 2012-04-14 Niels Möller <nisse@lysator.liu.se>
5468 * examples/io.c (write_file): Use write_string.
5470 * examples/Makefile.in (base64enc): New targets. Also
5471 added missing io.o dependency to several other targets.
5472 (base64dec, base16enc, base16dec): Likewise.
5474 * examples/base64enc.c: New file, based on example code
5475 contributed by Jeronimo Pellegrini.
5476 * examples/base64dec.c: Likewise.
5477 * examples/base16enc.c: Likewise.
5478 * examples/base16dec.c: Likewise.
5480 * examples/rsa-encrypt.c (process_file): Reorganized fread loop.
5481 (usage): New function.
5482 (main): Implemented --help option.
5484 * examples/rsa-decrypt.c (process_file): Improved error message
5485 for too short input file.
5487 * aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
5488 (mult, inv_mix_column): Deleted functions.
5489 (mtable): New table.
5490 (MIX_COLUMN): New macro.
5491 (aes_invert_key): Use MIX_COLUMN and mtable.
5493 * aesdata.c (compute_mtable): New table, for the inv mix column
5494 operation in aes_invert_key.
5496 2012-04-13 Niels Möller <nisse@lysator.liu.se>
5498 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.
5499 Tabulate the needed "round constants".
5500 (xtime): Deleted function.
5502 * aes-internal.h (SUBBYTE): Cast to uint32_t. Use B0, ..., B3
5505 2012-04-09 Niels Möller <nisse@lysator.liu.se>
5507 Timing resistant RSA decryption, based on RSA blinding code
5508 contributed by Nikos Mavrogiannopoulos.
5509 * rsa-decrypt-tr.c (rsa_decrypt_tr): New function.
5510 (rsa_blind): Helper function.
5511 (rsa_unblind): Helper function.
5512 * rsa.h: Declare rsa_decrypt_tr. Some cleanups, no longer include
5513 nettle-meta.h, more consistent declarations of function pointer
5515 * testsuite/rsa-encrypt-test.c (test_main): Test rsa_decrypt_tr.
5516 Check for writes past the end of the message area.
5518 * Makefile.in (hogweed_SOURCES): Added pkcs1-decrypt.c.
5519 * rsa-decrypt.c (rsa_decrypt): Use pkcs1_decrypt.
5520 * pkcs1-decrypt.c (pkcs1_decrypt): New file and function,
5521 extracted from rsa_decrypt.
5523 2012-04-01 Niels Möller <nisse@lysator.liu.se>
5525 * salsa20.c (LE_SWAP32): Typo fix for big-endian case.
5526 (QROUND): New macro.
5527 (salsa20_hash): Use it.
5529 2012-03-31 Niels Möller <nisse@lysator.liu.se>
5531 * salsa20.c: (salsa20_set_iv): Deleted size argument, only one
5533 (U8TO32_LITTLE): Deleted macro. Use LE_READ_UINT32 instead, which
5534 avoids unaligned reads.
5535 (salsa20_set_key): Rearranged slightly, to avoid unnecessary
5536 byte-to-word conversions.
5538 (LE_SWAP32): Renamed macro from...
5539 (U32TO32_LITTLE): ... old name.
5540 (U32TO8_LITTLE): Deleted macro.
5541 (salsa20_wordtobyte): Renamed function to...
5542 (salsa20_hash): ... new name. Changed output argument from byte
5543 array to word array. Use memxor3, which brings a considerable
5546 * nettle-internal.c (salsa20_set_key_hack): Updated salsa20_set_iv
5548 * testsuite/salsa20-test.c (test_salsa20): Deleted iv_length
5549 argument, updated all calls.
5551 * salsa20.h (SALSA20_BLOCK_SIZE): New constant.
5552 (_SALSA20_INPUT_LENGTH): New constant.
5553 * salsa20.c: Use these constants.
5555 * salsa20.c (ROTL32): Deleted macro, use the one from macros.h
5556 instead, with reversed order of arguments.
5557 (ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
5558 builtin operators directly.
5560 Unification of rotation macros.
5561 * macros.h (ROTL32): New macro, to replace (almost) all other
5564 * aes-set-encrypt-key.c: Include macros.h.
5565 (aes_set_encrypt_key): Use ROTL32.
5566 * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
5568 * camellia-internal.h (ROL32): Deleted macro.
5569 (ROTL128): Renamed for consistency, from...
5570 (ROL128): ... old name.
5571 * camellia-crypt-internal.c: Updated for renamed rotation macros.
5572 * camellia-set-encrypt-key.c: Likewise.
5573 * cast128.c (ROL): Deleted macro.
5574 (F1, F2, F3): Updated to use ROTL32 (reversed order of arguments).
5575 Also added proper do { ... } while (0) wrappers.
5577 * ripemd160-compress.c (ROL32): Deleted macro.
5578 (R): Updated to use ROTL32 (reversed order of arguments).
5580 * serpent-internal.h (ROL32): Deleted macro.
5581 (ROTL64): Renamed (from ROL64) and reorderd arguments, for
5583 (RSHIFT64): Reordered arguments, for consistency.
5584 * serpent-decrypt.c: Updated for renamed rotation macros, with
5585 reversed argument order.
5586 * serpent-encrypt.c: Likewise.
5587 * serpent-set-key.c: Likewise.
5589 * sha1-compress.c (ROTL): Deleted macro, use ROTL32 instead.
5591 * sha256-compress.c (ROTR): Deleted macro. Replaced by ROTL32,
5592 with complemented shift count.
5593 (SHR): Deleted macro, use plain shift operator instead.
5595 * sha512-compress.c (ROTR): Deleted macro, replaced by...
5596 (ROTL64): ...new macro, with complemented shift count
5597 (SHR): Deleted macro, use plain shift operator instead.
5598 (S0, S1, s0, s1): Updated accordingly.
5600 2012-03-30 Niels Möller <nisse@lysator.liu.se>
5602 * nettle-internal.c (nettle_salsa20): Cipher struct for
5603 benchmarking only. Sets a fix zero IV, and ignores block size.
5604 * nettle-internal.h (nettle_salsa20): Declare it.
5606 * examples/nettle-benchmark.c (block_cipher_p): New function.
5607 (time_cipher): Use block_cipher_p.
5608 (main): Include salsa20 in benchmark.
5610 * Makefile.in (soname link): Fixed logic.
5611 (nettle_SOURCES): Removed nettle-internal.c, so that it's not
5612 part of the library...
5613 (internal_SOURCES): ...and put it here.
5614 * testsuite/Makefile.in (TEST_OBJS): Added ../nettle-internal.o.
5615 * examples/Makefile.in (BENCH_OBJS): New variable, to simplify the
5616 nettle-benchmark rule. Also link with ../nettle-internal.o.
5618 2012-03-29 Niels Möller <nisse@lysator.liu.se>
5620 Implementation of Salsa20, contributed by Simon Josefsson.
5621 * salsa20.h: New file.
5622 * salsa20.c: New file.
5623 * Makefile.in (nettle_SOURCES): Added salsa20.c
5624 (HEADERS): Added salsa20.h.
5625 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added salsa20-test.c.
5626 * testsuite/salsa20-test.c: New test case.
5628 * Makefile.in (soname links): Adding missing space before ].
5630 2012-03-23 Niels Möller <nisse@lysator.liu.se>
5632 * arcfour.h (arcfour_stream): Deleted obsolete prototype.
5634 2012-03-05 Niels Möller <nisse@lysator.liu.se>
5636 * configure.ac (enable_shared): Build shared libraries by default.
5638 2012-03-04 Niels Möller <nisse@lysator.liu.se>
5640 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.4.
5641 (LIBHOGWEED_MINOR): And to 2.2.
5643 2012-02-27 Niels Möller <nisse@lysator.liu.se>
5645 * list-obj-sizes.awk: Recognize elf64 objects.
5647 * Makefile.in (.texinfo.dvi): Pass -b option to texi2dvi.
5649 * Makefile.in (TARGETS): Added twofishdata.
5650 (SOURCES): Added twofishdata.c.
5651 (twofishdata): New rule.
5653 * twofish.c (q0, q1): Made const, and reformatted to match the
5654 twofishdata program.
5656 * twofishdata.c: Resurrected old file. Used to be called
5657 generate_q.c, when the twofish code was contributed back in 1999.
5659 * nettle.texinfo: Documentation for base16 and base64 encoding.
5660 Text contributed by Jeronimo Pellegrini
5661 <pellegrini@mpcnet.com.br>, back in April 2006.
5663 2012-02-18 Niels Möller <nisse@lysator.liu.se>
5665 * run-tests, getopt.c, getopt1.c, getopt.h: These files were moved
5666 to the top-level in the conversion to an independent git
5667 repository. They used to be symlinks to lsh files, from the
5668 subdirectories which use them.
5670 * Makefile.in: Build and distribute getopt files. Distribute
5672 * examples/Makefile.in: Adapt to getopt files and the run-tests
5673 script now located in the parent directory.
5674 * testsuite/Makefile.in: Likewise.
5675 * tools/Makefile.in: Likewise.
5677 * index.html: Converted to xhtml (from lsh repository, change
5678 dated 2012-02-03). Updated git instructions.
5680 * nettle.texinfo: Updated charset declaration.
5681 * misc/plan.html: Likewise.
5683 2012-01-17 Niels Möller <nisse@lysator.liu.se>
5685 * testsuite/Makefile.in (DISTFILES): Added setup-env.
5687 * examples/rsa-decrypt.c (main): Use _setmode rather than setmode,
5688 suggested by Eli Zaretskii. Affects windows builds only.
5689 * examples/rsa-encrypt.c: Likewise.
5691 * Makefile.in ($(LIBNETTLE_FORLINK)): Always create a .lib symlink
5692 to the library file. Use LN_S.
5693 ($(LIBHOGWEED_FORLINK)): Likewise.
5695 (install-shared-nettle): Use LN_S.
5696 (install-shared-hogweed): Likewise.
5698 * configure.ac: Use AC_PROG_LN_S.
5699 * config.make.in (LN_S): New substitution.
5701 * testsuite/setup-env: New file. Wine workaround. Can't get
5702 ../.lib into wine's dll search path, so create additional
5704 * testsuite/teardown-env: ...and delete them here. Also delete
5706 * examples/setup-env: Similar links setup here.
5707 * examples/teardown-env: ... and deleted.
5709 2012-01-07 Niels Möller <nisse@lysator.liu.se>
5711 * examples/Makefile.in (check): Add ../.lib to PATH, like in
5712 testsuite/Makefile. Needed for w*ndows. Reported by Eli Zaretskii.
5714 2011-11-25 Niels Möller <nisse@lysator.liu.se>
5716 From Martin Storsjö:
5717 * x86_64/machine.m4 (W64_ENTRY, W64_EXIT): New macros for
5719 * x86_64: Updated all assembly files to use them.
5721 * configure.ac (W64_ABI): New variable, set when compiling for
5722 W64 ABI (64-bit M$ windows).
5723 * config.m4.in (W64_ABI): Define, from configure substitution.
5725 2011-11-24 Niels Möller <nisse@lysator.liu.se>
5727 From Martin Storsjö:
5728 * examples/Makefile.in (check): Pass $(EMULATOR) and $(EXEEXT) in
5729 the environment of run-tests.
5730 * examples/rsa-encrypt-test: Use $EXEEXT and $EMULATOR.
5731 * examples/rsa-sign-test: Likewise.
5732 * examples/rsa-verify-test: Likewise.
5733 * examples/setup-env: Likewise.
5735 * testsuite/Makefile.in (check): Pass $(EXEEXT) in the environment of
5737 * testsuite/pkcs1-conv-test: Use $EXEEXT and $EMULATOR. Ignore \r
5740 * examples/rsa-decrypt.c (main) [WIN32]: Set stdout/stdin to
5742 * examples/rsa-encrypt.c (main): Likewise.
5744 2011-11-24 Niels Möller <nisse@lysator.liu.se>
5746 * configure.ac (HAVE_NATIVE_64_BIT): Workaround to get it set to 1
5749 * serpent-internal.h (ROL64): Use (uint64_t) 1 rather than 1L, for
5751 (RSHIFT64): Likewise. Also added a missing parenthesis.
5753 2011-11-24 Niels Möller <nisse@lysator.liu.se>
5755 From Martin Storsjö:
5756 * testsuite/symbols-test: Use $NM, falling back to nm if undefined.
5757 * testsuite/Makefile.in (check): Pass $(NM) in the environment of
5759 * config.make.in (NM): Set NM.
5761 * testsuite/sexp-conv-test: Use $EMULATOR when running test
5762 programs. Also ignore \r for output in the non-canonical output
5764 * testsuite/Makefile.in (check): Pass $(EMULATOR) in the
5765 environment of run-tests.
5766 * configure.ac (EMULATOR): New substituted variable. Set to wine
5767 or wine64 when cross compiling for windows, otherwise empty.
5768 * config.make.in (EMULATOR): Set from autoconf value.
5770 2011-11-20 Niels Möller <nisse@lysator.liu.se>
5772 * x86/camellia-crypt-internal.asm: Take ALIGNOF_UINT64_T into
5773 account when getting the offset for the subkeys. Differs between
5774 w32 and other systems. w32 problem identified by Martin Storsjö.
5776 * config.m4.in: Define ALIGNOF_UINT64_T (from configure).
5778 * configure.ac: Check alignment of uint64_t, and also use AC_SUBST
5779 for use in config.m4.in.
5781 2011-11-19 Niels Möller <nisse@lysator.liu.se>
5783 Cygwin/mingw32 improvements contributed by Martin Storsjö:
5784 * Makefile.in (IMPLICIT_TARGETS): New variable for DLL link
5786 (clean-here): Delete the DLL import libraries.
5788 * configure.ac: Setup installation of DLL files in $bindir.
5789 (IF_DLL, LIBNETTLE_FILE_SRC, LIBHOGWEED_FILE_SRC): New
5792 * config.make.in (LIBNETTLE_FILE_SRC): Substitute new autoconf
5794 (LIBHOGWEED_FILE_SRC): Likewise.
5796 * Makefile.in (install-dll-nettle, uninstall-dll-nettle): New
5797 target for installing the DLL file in $bindir.
5798 (install-shared-nettle): Conditionally
5799 depend on install-dll-nettle. Use LIBNETTLE_FILE_SRC.
5800 (uninstall-shared-nettle): Conditionally depend on
5802 (various hogweed targets): Analogous changes.
5804 * configure.ac: Unify shared lib setup for cygwin and mingw.
5806 2011-10-31 Niels Möller <nisse@lysator.liu.se>
5808 * configure.ac (LIBHOGWEED_LIBS): Typo fix for the darwin case.
5809 Spotted by Martin Storsjö.
5811 2011-10-25 Niels Möller <nisse@lysator.liu.se>
5813 * configure.ac (LIBHOGWEED_LIBS): cygwin fix, added
5814 libnettle.dll.a. Reported by Volker Zell.
5816 2011-10-18 Niels Möller <nisse@lysator.liu.se>
5818 * configure.ac: Improved setup för darwin shared libraries.
5819 Patch contributed by Ryan Schmidt.
5821 2011-10-03 Niels Möller <nisse@lysator.liu.se>
5823 * x86_64/memxor.asm: Implemented sse2-loop. Configured at compile
5824 time, and currently disabled.
5826 * testsuite/testutils.h (ASSERT): Write message to stderr.
5828 * testsuite/memxor-test.c: Use 16-byte alignment for "fully
5831 2011-09-03 Niels Möller <nisse@lysator.liu.se>
5833 * x86/camellia-crypt-internal.asm: Use "l"-suffix on instructions
5834 more consistently. Reportedly, freebsd and netbsd systems with
5835 clang are more picky about this.
5837 * configure.ac: Changed version number to 2.5.
5839 * Released nettle-2.4.
5841 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.3.
5843 * gcm-aes.c: Include config.h.
5844 * tools/nettle-lfib-stream.c: Likewise.
5846 * ripemd160-compress.c: Added missing include of config.h. Needed
5847 for correct operation on big-endian systems.
5849 2011-09-02 Niels Möller <nisse@amfibolit.hack.org>
5851 * configure.ac: Changed version number to 2.4.
5853 * Released nettle-2.3.
5855 2011-08-30 Niels Möller <nisse@lysator.liu.se>
5857 * testsuite/hmac-test.c: Added tests for hmac-ripemd160.
5859 * hmac.h: Declare hmac-ripemd160 related functions.
5861 * Makefile.in (nettle_SOURCES): Added hmac-ripemd160.c.
5863 2011-08-30 Niels Möller <nisse@amfibolit.hack.org>
5865 * nettle.texinfo (Hash functions): Document ripemd-160.
5867 * hmac-ripemd160.c: New file.
5869 * hmac.h: Declare hmac-ripemd160 functions.
5871 2011-08-29 Niels Möller <nisse@lysator.liu.se>
5873 * sha256.c (sha256_update): Updated MD_UPDATE call for new
5875 (sha256_write_digest): Use MD_PAD rather than MD_FINAL, and insert
5876 the length manually.
5877 * sha512.c: Analogous changes.
5879 * sha1.c (COMPRESS): New macro.
5880 (sha1_update): Updated MD_UPDATE call for new conventions.
5881 (sha1_digest): Use MD_PAD rather than MD_FINAL, and insert the
5884 * ripemd160.c (ripemd160_init): Use memcpy for initializing the
5886 (COMPRESS): New macro.
5887 (ripemd160_update): Use MD_UPDATE.
5888 (ripemd160_digest): Inline ripemd160_final processing. Use MD_PAD
5889 and _nettle_write_le32.
5890 (ripemd160_final): Deleted function.
5892 * ripemd160.h (struct ripemd160_ctx): Use a 64-bit block count.
5893 Renamed digest to state.
5895 * md5.c (md5_init): Use memcpy for initializing the state vector.
5896 (COMPRESS): New macro, wrapping _nettle_md5_compress.
5897 (md5_update): Use MD_UPDATE.
5898 (md5_digest): Inline md5_final processing. Use MD_PAD and
5900 (md5_final): Deleted.
5902 * md5.h (struct md5_ctx): Renamed some fields, for consistency.
5904 * md4.h (struct md4_ctx): Renamed some fields, for consistency.
5906 * md4.c (md4_init): Use memcpy for initializing the state vector.
5907 (md4_update): Use MD_UPDATE.
5908 (md4_digest): Inline md4_final processing, using MD_PAD. Use
5910 (md4_block): Renamed, to...
5911 (md4_compress): ... new name. Take ctx pinter as argument.
5912 (md4_final): Deleted function.
5914 * md2.c (md2_update): Use MD_UPDATE.
5916 * macros.h (MD_UPDATE): Added incr argument. Invoke compression
5917 function with ctx pointer as argument, rather than ctx->state.
5918 (MD_FINAL): Just pad, don't store length field. Renamed to MD_PAD.
5919 (MD_PAD): Analogous change of compression invocations.
5921 * sha512.c: (COMPRESS): New macro wrapping _nettle_sha512_compress.
5922 (sha512_update): Use MD_UPDATE.
5923 (sha512_final): Deleted function.
5924 (sha512_write_digest): Use MD_FINAL.
5926 * sha256.c (COMPRESS): New macro wrapping _nettle_sha256_compress.
5927 (SHA256_INCR): Deleted macro.
5928 (sha256_update): Use MD_UPDATE.
5929 (sha256_final): Deleted function.
5930 (sha256_write_digest): New function, replacing sha256_final, and
5932 (sha256_digest): Use sha256_write_digest.
5933 (sha224_digest): Likewise.
5935 * tools/nettle-hash.c (list_algorithms): Fixed typo in header.
5937 * sha1.c (SHA1_DATA_LENGTH): Deleted unused macro.
5938 (sha1_init): Use memcpy to initialize the state vector.
5939 (SHA1_INCR): Deleted macro.
5940 (sha1_update): Use MD_UPDATE macro, to reduce code duplication.
5941 (sha1_digest): Use MD_FINAL macro.
5942 (sha1_final): Deleted function.
5944 * sha.h (struct sha1_ctx): Renamed attribute digest to state.
5946 * macros.h (MD_UPDATE): New macro.
5947 (MD_FINAL): New macro.
5949 2011-08-28 Niels Möller <nisse@lysator.liu.se>
5951 * ripemd160.c (ripemd160_final): Use LE_WRITE_UINT32. Deleted byte
5952 swapping at the end, leaving it to ripemd160_digest.
5953 (ripemd160_digest): Use _nettle_write_le32.
5955 * Makefile.in (nettle_SOURCES): Added write-le32.c.
5957 * md5.c (md5_digest): Use _nettle_write_le32.
5959 * write-le32.c (_nettle_write_le32): New file and function.
5961 * ripemd160-compress.c (ROL32): Renamed macro (was "rol"). Deleted
5962 x86 version using inline assembly; at least gcc-4.4.5 recognizes
5963 shift-and-or expressions which are in fact rotations.
5964 (_nettle_ripemd160_compress): Use LE_READ_UINT32.
5966 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.2.
5968 * testsuite/meta-hash-test.c: Updated for the addition of
5971 * testsuite/.test-rules.make: Added rule for ripemd160-test.
5973 * examples/nettle-benchmark.c (main): Benchmark ripemd-160.
5975 2011-08-28 Niels Möller <nisse@lysator.liu.se>
5977 RIPEMD-160 hash function. Ported from libgcrypt by Andres Mejia.
5978 * testsuite/ripemd160-test.c: New file.
5979 * ripemd160.h: New file.
5980 * nettle-meta.h: Declare nettle_ripemd160.
5981 * ripemd160.c: New file, ported from libgcrypt.
5982 * ripemd160-compress.c: Likewise.
5983 * ripemd160-meta.c: New file.
5984 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
5986 * nettle-meta-hashes.c (nettle_hashes): Added nettle_ripemd160.
5987 * Makefile.in (nettle_SOURCES): Added ripemd160.c,
5988 ripemd160-compress.c, and ripemd160-meta.c.
5989 (HEADERS): Added ripemd160.h.
5991 2011-08-10 Niels Möller <nisse@amfibolit.hack.org>
5993 * nettle.texinfo: Fixed mis-placed const in various prototypes.
5994 Spotted by Tatsuhiro Tsujikawa.
5996 2011-07-24 Niels Möller <nisse@lysator.liu.se>
5998 * Makefile.in (PKGCONFIG_FILES, pkgconfigdir): New variables.
5999 (DISTFILES): Added nettle.pc.in and hogweed.pc.in.
6000 (nettle.pc, hogweed.pc): New targets (invoking config.status).
6001 (install-pkgconfig, uninstall-pkgconfig): New targets.
6002 (install-here): Depend on install-pkgconfig.
6003 (uninstall-here): Depend on uninstall-pkgconfig.
6004 (distclean-here): Delete nettle.pc and hogweed.pc.
6006 2011-07-20 Niels Möller <nisse@lysator.liu.se>
6008 * configure.ac: Generate nettle.pc and hogweed.pc.
6010 * nettle.pc.in, hogweed.pc.in: New files.
6012 2011-07-17 Niels Möller <nisse@lysator.liu.se>
6014 * nettle-internal.h: Added missing extern declarations.
6016 2011-07-11 Niels Möller <nisse@lysator.liu.se>
6018 * configure.ac: Changed version number to 2.3.
6020 * Released nettle-2.2.
6022 * Makefile.in (DISTFILES): Distribute COPYING.LIB, not COPYING,
6024 2011-07-07 Niels Möller <nisse@lysator.liu.se>
6026 * tools/misc.h (werror): Removed incorrect noreturn attribute from
6029 * examples/io.c (read_file): Bug fix, in dependence of initial
6032 2011-07-01 Niels Möller <nisse@lysator.liu.se>
6034 * cbc.c (CBC_BUFFER_LIMIT): Reduced to 512 bytes.
6035 (cbc_decrypt): For in-place operation, use overlapping memxor3 and
6038 * ctr.c (ctr_crypt): Reorganized to call the encryption function
6039 with several blocks at a time. Handle the case of a single block
6042 * x86_64/memxor.asm: Added ALIGN for shifting loop. Deleted
6045 2011-06-30 Niels Möller <nisse@lysator.liu.se>
6047 * configure.ac: Link in serpent-decrypt.asm, if found.
6049 * x86_64/serpent-decrypt.asm: Added an SSE2 loop, doing four
6050 blocks at a time in parallel.
6052 * x86_64/serpent-encrypt.asm: Include serpent.m4. Deleted a
6055 * x86_64/serpent.m4: New file, with serpent-related macros.
6057 2011-06-29 Niels Möller <nisse@lysator.liu.se>
6059 * x86_64/serpent-decrypt.asm: Wrote main (32-bit) loop.
6060 (SBOX0I, SBOX1I, SBOX7I): Fixed bugs.
6062 * nettle.texinfo (Copyright): Updated for license change to
6063 LGPLv2+. Updated copyright info on serpent.
6065 * NEWS: Updated information for nettle-2.2.
6067 * x86_64/serpent-decrypt.asm: New file.
6069 * x86_64/serpent-encrypt.asm: Fixed .file pseudo op.
6071 * testsuite/testutils.c (test_cipher_ctr): Display more info on
6074 * examples/nettle-benchmark.c (bench_ctr): New function.
6075 (time_cipher): Also benchmark CTR mode.
6077 * configure.ac (LIBNETTLE_MINOR): Updated library version number
6079 (LIBHOGWEED_MINOR): And to 2.1.
6081 2011-06-22 Niels Möller <nisse@lysator.liu.se>
6083 * configure.ac: Use pwd -P when examining lib directories.
6084 Link in serpent-encrypt.asm, if found.
6086 2011-06-21 Niels Möller <nisse@lysator.liu.se>
6088 * serpent-decrypt.c (SBOX3_INVERSE): Eliminated temporaries.
6089 (SBOX4_INVERSE): Likewise.
6090 (SBOX5_INVERSE): Likewise.
6091 (SBOX6_INVERSE): Likewise.
6092 (SBOX7_INVERSE): Likewise.
6093 (All SBOX_INVERSE-macros): Deleted type argument, and updated users.
6095 2011-06-20 Niels Möller <nisse@lysator.liu.se>
6097 * serpent-decrypt.c: Renamed arguments in sbox macros.
6098 (SBOX0_INVERSE): Eliminated temporaries.
6099 (SBOX1_INVERSE): Likewise.
6100 (SBOX2_INVERSE): Likewise.
6102 * x86_64/serpent-encrypt.asm: Added an SSE2 loop, doing four
6103 blocks at a time in parallel.
6105 * testsuite/serpent-test.c (test_main): Added some more multiple
6108 2011-06-15 Niels Möller <nisse@lysator.liu.se>
6110 * configure.ac (libdir): On 64-bit Linux, we used to assume that
6111 libraries are installed according to the FHS. Since at least
6112 Fedora and Gentoo follow the FHS convention, while at least Debian
6113 doesn't, we have to try to figure out which convention is used.
6115 2011-06-14 Niels Möller <nisse@lysator.liu.se>
6117 * x86_64/serpent-encrypt.asm: Slight simplification of loop logic.
6119 * x86_64/serpent-encrypt.asm: New file.
6121 2011-06-12 Niels Möller <nisse@lysator.liu.se>
6123 * testsuite/serpent-test.c (test_main): Added tests with multiple
6126 * serpent-encrypt.c (SBOX6): Renamed arguments. Eliminated
6129 (All SBOX-macros): Deleted type argument, and updated users.
6131 * configure.ac: Display summary at the end of configure..
6132 (asm_path): Set only if enable_assember is yes.
6134 2011-06-10 Niels Möller <nisse@lysator.liu.se>
6136 * serpent-encrypt.c (SBOX5): Renamed arguments. Eliminated
6139 2011-06-09 Niels Möller <nisse@lysator.liu.se>
6141 * serpent-encrypt.c (SBOX4): Renamed arguments. Eliminated
6144 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LINK): Cygwin fix, from
6147 2011-06-08 Niels Möller <nisse@lysator.liu.se>
6149 * examples/eratosthenes.c (find_first_one): Fixed c99-style
6150 declaration. Reported by Sebastian Reitenbach.
6151 (find_first_one): Declare the lookup table as static const, and
6152 use unsigned char rather than unsigned..
6154 2011-06-07 Niels Möller <nisse@lysator.liu.se>
6156 * serpent-encrypt.c (SBOX0): Renamed arguments. Eliminated
6162 2011-06-06 Niels Möller <nisse@lysator.liu.se>
6164 * Makefile.in (DISTFILES): Added serpent-internal.h.
6165 (nettle_SOURCES): Replaced serpent.c by serpent-set-key.c,
6166 serpent-encrypt.c, and serpent-decrypt.c.
6168 * serpent.c: Replaced by several new files.
6169 * serpent-set-key.c: New file.
6170 * serpent-encrypt.c: New file.
6171 * serpent-decrypt.c: New file.
6172 * serpent-internal.h: New file.
6174 * serpent.c [HAVE_NATIVE_64_BIT]: Process two blocks at a time in
6175 parallel. Measured speedup of 10%--25% (higher for encryption) on
6178 2011-06-01 Niels Möller <nisse@lysator.liu.se>
6180 * serpent.c (ROUNDS): Deleted macro.
6181 (serpent_block_t): Deleted array typedef.
6182 (KEYXOR): New macro, replacing BLOCK_XOR.
6183 (BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
6184 (LINEAR_TRANSFORMATION): Use four separate arguments.
6185 (LINEAR_TRANSFORMATION_INVERSE): Likewise.
6186 (ROUND): Take separate arguments for all input and output words.
6187 (ROUND_INVERSE): Likewise.
6188 (ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
6189 (serpent_set_key): Moved loop termination test.
6190 (serpent_encrypt): Rewrote with unrolling of just eight rounds,
6191 and without serpent_block_t.
6192 (serpent_decrypt): Likewise.
6194 * serpent.c: Added do { ... } while (0) around block macros.
6195 (serpent_key_t): Deleted array typedef.
6196 (ROL32, ROR32): Renamed macros, were rol and ror.
6197 (KS_RECURRENCE, KS): New macros.
6198 (serpent_key_pad): Renamed, from...
6199 (serpent_key_prepare): ...old name.
6200 (serpent_subkeys_generate): Deleted function.
6201 (serpent_set_key): Rewrote the generation of subkeys. Reduced both
6202 temporary storage and code size (less unrolling)
6204 2011-05-31 Niels Möller <nisse@lysator.liu.se>
6206 * testsuite/serpent-test.c (test_main): Enabled test with short,
6209 * serpent.c (byte_swap_32): Deleted macro.
6210 (serpent_key_prepare): Use LE_READ_UINT32. Don't require aligned
6211 input, and support arbitrary key sizes.
6213 2011-05-30 Simon Josefsson <simon@josefsson.org>
6215 * serpent.c: Rewrite, based on libgcrypt code. License changed
6217 * serpent_sboxes.h: Removed.
6218 * Makefile.in: Drop serpent_sboxes.h.
6220 2011-05-31 Niels Möller <nisse@lysator.liu.se>
6222 * testsuite/serpent-test.c (test_main): Added some tests for
6223 padding of keys of length which is not a multiple of four bytes.
6225 2011-05-30 Simon Josefsson <simon@josefsson.org>
6227 * testsuite/serpent-test.c (test_main): Add test vectors from
6230 2011-05-21 Niels Möller <nisse@lysator.liu.se>
6232 * dsa-keygen.c (dsa_generate_keypair): Avoid double init of mpz
6233 variable. Spotted by Nikos Mavrogiannopoulos.
6235 2011-05-06 Niels Möller <nisse@lysator.liu.se>
6237 * configure.ac: Fix link flags for shared libraries on Solaris,
6238 which needs -h to set the soname. Patch contributed by Dagobert
6241 2011-05-06 Niels Möller <nisse@lysator.liu.se>
6243 * configure.ac: New configure option --enable-gcov.
6245 * arcfour.h (arcfour_stream): Deleted obsolete define.
6247 2011-04-27 Niels Möller <nisse@lysator.liu.se>
6249 * tools/nettle-hash.c (find_algorithm): Require exact match.
6251 2011-04-15 Niels Möller <nisse@lysator.liu.se>
6253 Reverted broken byte-order change from 2001-06-17:
6254 * serpent.c (serpent_set_key): Use correct byteorder.
6255 (serpent_encrypt): Likewise.
6256 (serpent_decrypt): Likewise.
6258 * testsuite/serpent-test.c (decode_hex_reverse): New function.
6259 (RH, RHL): New macros.
6260 (test_main): Byte reverse inputs and outputs for the testvectors
6261 taken from the serpent submission package. Enable test vectors
6262 from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
6264 2011-03-23 Niels Möller <nisse@lysator.liu.se>
6266 * tools/sexp-conv.c (xalloc): Deleted function, now it's in misc.c
6269 * configure.ac: Use LSH_FUNC_STRERROR.
6271 * tools/Makefile.in (TARGETS): Added nettle-hash, and related
6273 (SOURCES): Added nettle-hash.c.
6275 * tools/misc.c (xalloc): New function.
6277 * tools/pkcs1-conv.c (main): Made the OPT_* constants local, and
6278 fixed numerical values to start with non-ASCII 0x300.
6280 * tools/nettle-hash.c: New file.
6282 2011-03-23 Niels Möller <nisse@lysator.liu.se>
6284 Contributed by Daniel Kahn Gillmor:
6285 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
6286 meta-hash-test.c, meta-cipher-test.c, and meta-armor-test.c.
6288 * testsuite/meta-hash-test.c: New file.
6289 * testsuite/meta-cipher-test.c: New file.
6290 * testsuite/meta-armor-test.c: New file.
6292 * nettle.texinfo: Document nettle_hashes and nettle_ciphers.
6294 * nettle-meta.h: Declare algorithm lists nettle_ciphers,
6295 nettle_hashes, nettle_armors.
6297 * Makefile.in (nettle_SOURCES): Added nettle-meta-hashes.c,
6298 nettle-meta-ciphers.c, and nettle-meta-armors.c.
6300 * nettle-meta-armors.c: New file.
6301 * nettle-meta-ciphers.c: New file.
6302 * nettle-meta-hashes.c: New file.
6304 2011-02-18 Niels Möller <nisse@lysator.liu.se>
6306 * arcfour.c (arcfour_stream): Deleted function. It's not very
6307 useful, and neither documented nor tested.
6309 2011-02-16 Niels Möller <nisse@lysator.liu.se>
6311 * cbc.h (CBC_ENCRYPT): Avoid using NULL; we don't ensure that it
6313 (CBC_DECRYPT): Likewise.
6315 * gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
6316 (gcm_aes_set_key): Deleted cast.
6317 (gcm_aes_encrypt): Likewise.
6318 (gcm_aes_decrypt): Likewise.
6319 (gcm_aes_digest): Likewise.
6320 (gcm_aes_update): One less argument to GCM_UPDATE.
6322 * gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
6323 compiler type checking despite this cast.
6324 (GCM_ENCRYPT): Likewise.
6325 (GCM_DECRYPT): Likewise.
6326 (GCM_DIGEST): Likewise.
6327 (GCM_SET_IV): New macro, for completeness.
6328 (GCM_UPDATE): Deleted unused argument encrypt.
6330 2011-02-14 Niels Möller <nisse@lysator.liu.se>
6332 * nettle.texinfo: Split node on cipher modes, and started on
6333 the GCM documentation.
6335 * testsuite/gcm-test.c (test_gcm_aes): Deleted function, replaced
6337 (test_main): Use test_aead.
6339 * testsuite/testutils.c (test_aead): New function, replacing
6340 test_gcm_aes and before that test_cipher_gcm.
6342 * nettle-internal.c (nettle_gcm_aes128): New const struct.
6343 (nettle_gcm_aes192): Likewise.
6344 (nettle_gcm_aes256): Likewise.
6346 * nettle-internal.h (struct nettle_aead): Tentative interface for
6347 authenticated encryption with associated data.
6349 * examples/nettle-benchmark.c (time_gcm): Renamed. Updated for
6350 gcm_aes_auth to gcm_aes_update renaming. Benchmark both encryption
6352 (time_gmac): ...old name.
6354 * nettle-internal.c (des_set_key_hack): Don't touch the bits
6355 parity, since thay are now ignored.
6356 (des3_set_key_hack): Likewise.
6358 * cast128-meta.c (nettle_cast128): Don't pass keysize.
6359 * nettle-meta.h (_NETTLE_CIPHER_FIX): Deleted keysize parameter
6360 derived from the appropriate constant instead.
6362 * testsuite/gcm-test.c (test_gcm_aes): Updated for gcm_aes_auth to
6363 gcm_aes_update renaming.
6365 2011-02-13 Niels Möller <nisse@lysator.liu.se>
6367 * gcm.h (GCM_UPDATE): Renamed, from...
6368 (GCM_AUTH): ...old name.
6370 * gcm-aes.c (gcm_aes_update): Renamed, from...
6371 (gcm_aes_auth): ...old name.
6373 * gcm.c (gcm_update): Renamed, and fixed an assert. From...
6374 (gcm_auth): ...old name.
6376 * gcm.h (GCM_TABLE_BITS): Increase table size to 8 bits,
6377 corresponding to 4 KByte of key-dependent tables.
6379 2011-02-10 Niels Möller <nisse@lysator.liu.se>
6381 * x86_64/memxor.asm: New file. Improves performance by 22% for the
6382 unaligned01 case and 35% for the unaligned12 case, benchmarked on
6385 * examples/nettle-benchmark.c (cgt_works_p): New function.
6386 (cgt_time_start): Likewise.
6387 (cgt_time_end): Likewise.
6388 (clock_time_start): Likewise.
6389 (clock_time_end): Likewise.
6390 (time_function): Read clock via function pointers time_start and
6391 time_end, so we can select method at runtime.
6392 (xalloc): Use die function.
6393 (main): Choose timing function. If available, try clock_gettime,
6394 and fall back to clock if it doesn't exist.
6396 * examples/nettle-benchmark.c (die): New function.
6397 (TIME_END, TIME_START): Check return value from clock_gettime.
6399 * gcm.h (union gcm_block): Use correct length for w array.
6401 * testsuite/gcm-test.c (test_main): Added the rest of the
6402 testcases from the spec.
6404 2011-02-09 Niels Möller <nisse@lysator.liu.se>
6406 * testsuite/gcm-test.c (test_main): Enabled testcases 5 and 6,
6407 with different IV lengths.
6409 * gcm-aes.c (gcm_aes_set_iv): Updated for gcm_set_iv change.
6411 * gcm.c (gcm_hash_sizes): New function.
6412 (gcm_set_iv): Added support for IVs of arbitrary size. Needed
6413 another argument, for the hash subkey.
6414 (gcm_digest): Use gcm_hash_sizes.
6416 * examples/nettle-benchmark.c (time_gmac): Use gcm_aes interface.
6418 * testsuite/gcm-test.c (test_gcm_aes): New function, replacing
6419 test_cipher_gcm and using the new gcm_aes interface.
6420 (test_main): Updated to use test_gcm_aes.
6421 * testsuite/testutils.c (test_cipher_gcm): Deleted function.
6423 * Makefile.in (nettle_SOURCES): Added gcm-aes.c.
6425 * gcm.c (gcm_set_key): Replaced context argument by a struct
6427 (gcm_hash): Replaced context argument by a struct gcm_key * and a
6428 pointer to the hashing state block.
6429 (gcm_auth): Added struct gcm_key * argument.
6430 (gcm_encrypt): Likewise.
6431 (gcm_decrypt): Likewise.
6432 (gcm_digest): Likewise.
6434 * gcm-aes.c: New file.
6435 (gcm_aes_set_key): New function.
6436 (gcm_aes_set_iv): Likewise.
6437 (gcm_aes_auth): Likewise.
6438 (gcm_aes_encrypt): Likewise.
6439 (gcm_aes_decrypt): Likewise.
6440 (gcm_aes_digest): Likewise.
6442 * gcm.h (struct gcm_key): Moved the key-dependent and
6443 message-independent state to its own struct.
6444 (struct gcm_ctx): ... and removed it here.
6445 (GCM_CTX): New macro.
6446 (GCM_SET_KEY): Likewise.
6447 (GCM_AUTH): Likewise.
6448 (GCM_ENCRYPT): Likewise.
6449 (GCM_DECRYPT): Likewise.
6450 (GCM_DIGEST): Likewise.
6451 (struct gcm_aes_ctx): New struct.
6453 2011-02-08 Niels Möller <nisse@lysator.liu.se>
6455 * gcm.h (struct gcm_ctx): The hash key is now always an array,
6456 named h, with array size depending on GCM_TABLE_BITS.
6457 * gcm.c (gcm_gf_shift): Added a separate result argument.
6458 (gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
6459 0. Simplified interface with just two arguments pointing to
6461 (gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
6462 (gcm_gf_shift_chunk): ... old name.
6463 (gcm_gf_mul): Renamed both table-based versions and made the
6464 argument types compatible with the bitwise gcm_gf_mul.
6465 (gcm_gf_mul_chunk): ... the old name.
6466 (gcm_set_key): Initialize the table using adds and shifts only.
6467 When GCM_TABLE_BITS > 0, this eliminates the only use of the
6468 bitwise multiplication.
6469 (gcm_hash): Simplified, now that we have the same interface for
6470 gcm_gf_mul, regardless of table size.
6472 * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
6473 (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
6474 e.g., sparc64. For both 4-bit and 8-bit tables.
6476 * gcm.c: Use the new union gcm_block for all gf operations.
6478 * gcm.h (union gcm_block): New union, used to enforce alignment.
6480 2011-02-07 Niels Möller <nisse@lysator.liu.se>
6482 * gcm.c (gcm_gf_shift_chunk) : Bug fix for little-endian 8-bit
6485 * gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
6486 (gcm_gf_add): New function, a special case of memxor. Use it for
6487 all memxor calls with word-aligned 16 byte blocks. Improves
6488 performance to 152 cycles/byte with no tables, 28 cycles per byte
6489 with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
6491 Introduced 8-bit tables. If enabled, gives gmac performance of 19
6492 cycles per byte (still on intel x86_64).
6493 * gcm.c (gcm_gf_shift_chunk): New implementation for 8-bit tables.
6494 (gcm_gf_mul_chunk): Likewise.
6495 (gcm_set_key): Generate 8-bit tables.
6497 * Makefile.in (SOURCES): Added gcmdata.c.
6499 * gcm.h (GCM_TABLE_BITS): Set to 4.
6501 2011-02-06 Niels Möller <nisse@lysator.liu.se>
6503 * Makefile.in (TARGETS): Added gcmdata.
6504 (gcmdata): New rule.
6506 Introduced 4-bit tables. Gives gmac performance of 45 cycles per
6507 byte (still on intel x86_64).
6508 * gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
6509 (gcm_rightshift): ... old name.
6510 (gcm_gf_mul): New argument for the output. Added length argument
6511 for one of the inputs (implicitly padding with zeros).
6512 (shift_table): New table (in 4-bit and 8-bit versions), generated
6514 (gcm_gf_shift_chunk): New function shifting 4 bits at
6516 (gcm_gf_mul_chunk): New function processing 4 bits at a time.
6517 (gcm_set_key): Generation of 4-bit key table.
6518 (gcm_hash): Use tables, when available.
6520 * gcmdata.c (main): New file.
6522 * gcm.c (gcm_rightshift): Moved the reduction of the shifted out
6524 (gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
6525 performance to 181 cycles/byte.
6527 * gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
6528 specification, but with separate byte and bit loops. Improves gmac
6529 performance a bit further, to 227 cycles/byte.
6531 * gcm.c (gcm_rightshift): Complete rewrite, to use word rather
6532 than byte operations. Improves gmac performance from 830 cycles /
6533 byte to (still poor) 268 cycles per byte on intel x86_64.
6535 2011-02-05 Niels Möller <nisse@lysator.liu.se>
6537 * examples/nettle-benchmark.c (time_gmac): New function.
6538 (main): Call time_gmac.
6540 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
6542 * testsuite/testutils.c (test_cipher_gcm): New function,
6543 contributed by Nikos Mavrogiannopoulos.
6545 * testsuite/gcm-test.c: New file, contributed by Nikos
6548 * Makefile.in (nettle_SOURCES): Added gcm.c.
6549 (HEADERS): Added gcm.h.
6551 * gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
6552 * gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
6554 * macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
6556 * ctr.c: Use INCREMENT macro from macros.h, deleted local version.
6558 2011-01-07 Niels Möller <nisse@lysator.liu.se>
6560 * testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
6561 where w*ndows looks for dlls.
6563 * testsuite/testutils.c (test_cipher_stream): More debug output on
6566 2010-12-14 Niels Möller <nisse@lysator.liu.se>
6568 * nettle-types.h: Deleted some unnecessary parenthesis from
6570 (nettle_realloc_func): Moved typedef here...
6571 * realloc.h: ...from here.
6573 * buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
6574 for realloc argument.
6576 2010-12-07 Niels Möller <nisse@lysator.liu.se>
6578 * nettle.texinfo (Copyright): Updated info on blowfish.
6580 2010-11-26 Niels Möller <nisse@lysator.liu.se>
6582 Reapplied optimizations (150% speedup on x86_32) and other fixes,
6583 relicensing them as LGPL.
6584 * blowfish.c (do_encrypt): Renamed, to...
6585 (encrypt): ...new name.
6586 (F): Added context argument. Shift input explicitly, instead of
6587 reading individual bytes via memory.
6588 (R): Added context argument.
6589 (encrypt): Deleted a bunch of local variables. Using the context
6590 pointer for everything should consume less registers.
6591 (decrypt): Likewise.
6592 (initial_ctx): Arrange constants into a struct, to simplify key
6594 (blowfish_set_key): Some simplification.
6596 2010-11-26 Simon Josefsson <simon@josefsson.org>
6598 * blowfish.c: New version ported from libgcrypt. License changed
6601 2010-11-25 Niels Möller <nisse@lysator.liu.se>
6603 * Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
6604 clears the execute permission bits.
6605 (install-shared-hogweed): Likewise.
6607 2010-11-16 Niels Möller <nisse@lysator.liu.se>
6609 * configure.ac: Updated gmp url.
6611 2010-11-01 Niels Möller <nisse@lysator.liu.se>
6613 * tools/misc.c (werror): Don't call exit (copy&paste-error).
6615 2010-10-26 Niels Möller <nisse@lysator.liu.se>
6617 * examples/rsa-encrypt.c (main): No extra message for bad options.
6619 * examples/rsa-keygen.c (main): Added long options. Deleted -?,
6620 and fixed handling of bad options.
6622 * examples/next-prime.c (main): Deleted -?, and fixed handling of
6624 * examples/random-prime.c (main): Likewise.
6626 2010-10-22 Niels Möller <nisse@lysator.liu.se>
6628 * examples/nettle-benchmark.c (main): Added long options. Deleted -?,
6629 and fixed handling of bad options.
6631 * examples/eratosthenes.c (main): Added long options. Deleted -?,
6632 and fixed handling of bad options. Renamed -s to -q (long option
6635 * tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
6636 and fixed handling of bad options.
6637 * tools/sexp-conv.c (parse_options): Likewise.
6639 2010-10-06 Niels Möller <nisse@lysator.liu.se>
6641 * memxor.c (memxor3): Optimized.
6642 (memxor3_common_alignment): New function.
6643 (memxor3_different_alignment_b): New function.
6644 (memxor3_different_alignment_ab): New function.
6645 (memxor3_different_alignment_all): New function.
6647 * examples/nettle-benchmark.c (time_function): Reorganized, to
6649 (time_memxor): Also benchmark memxor3.
6651 * x86_64/memxor.asm: New file.
6653 * examples/nettle-benchmark.c (overhead): New global variable.
6654 (time_function): Compensate for call overhead.
6655 (bench_nothing, time_overhead): New functions.
6656 (time_memxor): Tweaked src size, making it an integral number of
6658 (main): Call time_overhead.
6660 2010-10-01 Niels Möller <nisse@lysator.liu.se>
6662 * x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
6665 * testsuite/memxor-test.c: Also test memxor3.
6667 2010-09-30 Niels Möller <nisse@lysator.liu.se>
6669 * configure.ac: Link in memxor.asm, if found.
6671 * testsuite/testutils.c (test_cipher_cbc): Print more info when
6674 * testsuite/memxor-test.c (test_xor): Added verbose printout.
6676 * examples/nettle-benchmark.c (time_memxor): Count size of
6677 unsigned long as "block size" for memxor.
6679 2010-09-24 Niels Möller <nisse@lysator.liu.se>
6681 * testsuite/.test-rules.make: Added rule for memxor-test.
6682 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
6683 * testsuite/memxor-test.c: New file.
6685 * memxor.c (memxor_common_alignment): New function.
6686 (memxor_different_alignment): New function.
6687 (memxor): Optimized to do word-operations rather than byte
6690 * configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
6692 Partial revert of 2010-09-20 changes.
6693 * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
6694 Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
6695 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
6696 differing in where addition of the key is done.
6697 * x86/camellia-crypt-internal.asm: Moved addition of key.
6699 2010-09-22 Niels Möller <nisse@lysator.liu.se>
6701 * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
6703 (time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
6704 if available. This gives better accuracy, at least on recent
6706 (BENCH_INTERVAL): Reduced to 0.1 s.
6707 (struct bench_memxor_info): New struct.
6708 (bench_memxor): New function.
6709 (time_memxor): New function.
6710 (main): Use time_memxor. Added optional argument used to limit the
6711 algorithms being benchmarked.
6712 (GET_CYCLE_COUNTER): Define also for x86_64.
6713 (time_memxor): Improved display.
6715 * examples/Makefile.in (nettle-benchmark): Link using
6716 $(BENCH_LIBS) rather than $(LIBS).
6718 * configure.ac: Check for clock_gettime, and add -lrt to
6719 BENCH_LIBS if needed.
6721 2010-09-20 Niels Möller <nisse@lysator.liu.se>
6723 * configure.ac: Less quoting when invoking $CC, to allow CC="gcc
6726 * x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
6727 convention, moving key xor to the end.
6729 * camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
6730 (camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
6731 operations intended for moving the key xor into the middle of the
6734 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
6735 key to the end, to use a 64-bit xor operation.
6737 * x86_64/camellia-crypt-internal.asm: New file.
6739 * x86_64/machine.m4 (LREG, HREG, XREG): New macros.
6741 2010-09-17 Niels Möller <nisse@lysator.liu.se>
6743 * configure.ac: Support shared libraries (dlls) with mingw32.
6744 Contributed by David Hoyt.
6746 2010-07-25 Niels Möller <nisse@lysator.liu.se>
6748 * configure.ac: Changed version number to nettle-2.2.
6750 * Released nettle-2.1.
6752 * configure.ac: Use camellia-crypt-internal.asm, if available.
6753 Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
6756 * x86/machine.m4 (LREG, HREG): Moved macros here, from...
6757 * x86/aes.m4: ...here.
6759 * x86/camellia-crypt-internal.asm: New file.
6761 * nettle.texinfo: Updated and expanded section on DSA.
6762 Document aes_invert_key, and camellia. Added missing functions
6763 rsa_sha512_verify and rsa_sha512_verify_digest.
6765 * camellia.h (struct camellia_ctx): Eliminate the two unused
6766 subkeys, and renumber the remaining ones.
6767 * camellia-crypt-internal.c (_camellia_crypt): Updated for
6769 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
6770 * camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
6772 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
6773 the expansion of camellia_setup128 and camellia_setup256, keeping
6774 the unexpanded key in scalar variables.
6775 (camellia_setup128): Deleted.
6776 (camellia_setup256): Deleted.
6778 2010-07-24 Niels Möller <nisse@lysator.liu.se>
6780 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
6781 code size, no complete loop unroll. Use one loop for each phase of
6782 the post-processing.
6784 * testsuite/camellia-test.c: New tests for camellia_invert_key.
6785 * testsuite/aes-test.c: New tests for aes_invert_key.
6787 * aes.h (aes_invert_key): Declare it.
6789 * aes-set-decrypt-key.c (aes_invert_key): New function, key
6790 inversion code extracted from aes_set_decrypt_key.
6791 (aes_set_decrypt_key): Use aes_invert_key.
6793 * camellia-set-encrypt-key.c (camellia_setup128): Generate
6794 unmodified subkeys according to the spec. Moved clever combination
6795 of subkeys to camellia_set_encrypt_key.
6796 (camellia_setup256): Likewise.
6797 (camellia_set_encrypt_key): Moved subkey post-processing code
6798 here, and reduce code duplication between 128-bit keys and larger
6801 * camellia.c: Deleted file, split into several new files...
6802 * camellia-table.c (_camellia_table): New file with the constant
6804 * camellia-set-encrypt-key.c: New file.
6805 (camellia_setup128): Generate unmodified subkeys according to the
6806 spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
6807 (camellia_setup256): Likewise.
6809 * camellia-set-decrypt-key.c: New file.
6810 (camellia_invert_key): Key inversion function.
6811 (camellia_set_decrypt_key): New key setup function.
6812 * camellia-internal.h: New file.
6813 * camellia-crypt.c (camellia_crypt): New file, new wrapper
6814 function passing the sbox table to _camellia_crypt.
6815 * camellia-crypt-internal.c (_camellia_crypt): New file, with main
6816 encrypt/decrypt function.
6817 * Makefile.in (nettle_SOURCES): Updated list of camellia source files.
6818 (DISTFILES): Added camellia-internal.h.
6820 2010-07-20 Niels Möller <nisse@lysator.liu.se>
6822 * camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
6824 * camellia.h (struct camellia_ctx): Replaced flag camellia128 by
6825 expanded key length nkeys.
6827 * camellia.c (camellia_set_encrypt_key): Renamed, from...
6828 (camellia_set_key): ... old name.
6829 (camellia_invert_key): New function.
6830 (camellia_set_decrypt_key): New function, using
6831 camellia_invert_key.
6832 (camellia_crypt): Renamed, from...
6833 (camellia_encrypt): ... old name.
6834 (camellia_decrypt): Deleted, no longer needed. camellia_crypt used
6835 for both encryption and decryption.
6837 * nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
6839 * dsa-keygen.c: Removed unnecessary include of memxor.h.
6841 * camellia.c: Rewrote to use 64-bit type for subkeys and use
6842 64-bit operations throughout. Performance on x86_32, when compiled
6843 with gcc-4.4.4, is reduced by roughly 15%, this should be fixed
6846 * camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
6848 2010-07-07 Niels Möller <nisse@lysator.liu.se>
6850 * aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
6851 Also updated implementation.
6852 * blowfish.h (blowfish_encrypt, blowfish_decrypt): Likewise.
6853 * cast128.h (cast128_encrypt, cast128_decrypt): Likewise.
6854 * serpent.h (serpent_encrypt, serpent_decrypt): Likewise.
6855 * twofish.h (twofish_encrypt, twofish_decrypt): Likewise.
6857 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
6860 * examples/nettle-benchmark.c: Added camellia ciphers.
6862 * Makefile.in (nettle_SOURCES): Added camellia.c and
6864 (HEADERS): Added camellia.h.
6866 * nettle-meta.h (nettle_camellia128): Declare.
6867 (nettle_camellia192): Likewise.
6868 (nettle_camellia256): Likewise.
6870 * camellia-meta.c: New file.
6872 * camellia.h: Rewrote interface to match nettle conventions.
6874 * camellia.c: Converted to nettle conventions.
6875 (camellia_encrypt128, camellia_encrypt256): Unified to new
6877 (camellia_encrypt): ...New function, with a loop doing 6
6878 regular rounds, one FL round and one FLINV round per iteration,
6879 with iteration count depending on the key size.
6881 (camellia_decrypt128, camellia_decrypt256): Similarly unified
6883 (camellia_decrypt): ...New function, analogous to
6886 2010-07-06 Niels Möller <nisse@lysator.liu.se>
6888 * camellia.c, camellia.h: New files, copied from
6889 http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
6891 * testsuite/camellia-test.c: New file.
6893 2010-07-05 Niels Möller <nisse@lysator.liu.se>
6895 * nettle.texinfo: Document new conventions for weak key and des
6896 parity checks. Document des_check_parity.
6898 * testsuite/des-test.c (test_weak): Don't check the deleted status
6901 * des-compat.c (des_key_sched): Rewrote error checking logic for
6902 the case of non-zero des_check_key.
6904 * des3.c (des3_set_key): Changed weak key detection logic.
6905 Complete key setup also for weak keys, and don't set the status
6908 * des.c (des_set_key): New iteration logic, to keep key pointer
6909 unchanged. Moved weak key check to the end, and don't set the
6911 (des_encrypt): Ignore status attribute.
6912 (des_decrypt): Likewise.
6914 * des.h (enum des_error): Deleted.
6915 (struct des_ctx): Deleted status attribute.
6916 (struct des3_ctx): Likewise.
6918 * blowfish.c (initial_ctx): Deleted status value.
6919 (blowfish_encrypt): Ignore status attribute.
6920 (blowfish_decrypt): Likewise.
6921 (blowfish_set_key): Return result from weak key check, without
6922 setting the status attribute.
6924 * blowfish.h (enum blowfish_error): Deleted.
6925 (struct blowfish_ctx): Deleted status attribute.
6927 * Makefile.in (des_headers): Deleted parity.h.
6929 2010-06-30 Niels Möller <nisse@lysator.liu.se>
6931 * testsuite/des-test.c (test_des): New function.
6932 (test_weak): New function.
6933 (test_main): Use test_des and test_weak. Added tests for all the
6934 weak keys. Added some tests with invalid (to be ignored) parity
6937 * des.c (parity_16): New smaller parity table.
6938 (des_check_parity): New function.
6939 (des_fix_parity): Use parity_16.
6940 (des_weak_p): New weak-key detection. Ignores parity bits, and
6942 (des_set_key): Deleted parity checking code. Replaced old weak-key
6943 detection code by a call to des_weak_p.
6945 2010-06-04 Niels Möller <nisse@lysator.liu.se>
6947 * testsuite/testutils.c (test_dsa_key): Updated for new name
6948 DSA_SHA1_MIN_P_BITS.
6950 * dsa-keygen.c (dsa_generate_keypair): Use DSA_SHA1_MIN_P_BITS and
6951 DSA_SHA256_MIN_P_BITS.
6953 * dsa.h (DSA_MIN_P_BITS, DSA_Q_OCTETS, DSA_Q_BITS): Renamed to...
6954 (DSA_SHA1_MIN_P_BITS, DSA_SHA1_Q_OCTETS, DSA_SHA1_Q_BITS): New
6957 * sexp2dsa.c (dsa_keypair_from_sexp_alist): New argument q_bits.
6958 Renamed parameter limit to p_max_bits.
6959 (dsa_sha1_keypair_from_sexp): Renamed, was dsa_keypair_from_sexp.
6960 Updated to call dsa_keypair_from_sexp_alist with the new argument.
6961 (dsa_sha256_keypair_from_sexp): New function.
6962 (dsa_signature_from_sexp): New argument q_bits.
6964 * der2dsa.c (dsa_params_from_der_iterator): Enforce 160-bit limit
6965 on q. Renamed parameter limit to p_max_bits.
6966 (dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
6967 on q and x. Renamed parameter limit to p_max_bits.
6969 2010-06-03 Niels Möller <nisse@lysator.liu.se>
6971 * testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
6973 2010-06-02 Niels Möller <nisse@lysator.liu.se>
6975 * testsuite/dsa-test.c (test_main): Provide expected value of the
6978 * testsuite/testutils.c (test_dsa160): Added argument for expected
6980 (test_dsa256): Likewise.
6982 2010-06-01 Niels Möller <nisse@lysator.liu.se>
6984 * testsuite/rsa-keygen-test.c (test_main): Updated expected
6987 * examples/random-prime.c (main): Updated for nettle_random_prime
6989 * testsuite/random-prime-test.c (test_main): Likewise.
6991 * rsa-keygen.c (bignum_random_prime): Deleted function.
6992 (rsa_generate_keypair): Use new nettle_random_prime. Generate
6993 secret factors p and q with the two most significant bits set.
6995 * dsa-keygen.c (dsa_generate_keypair): Updated for changes in
6996 nettle_random_prime and _nettle_generate_pocklington_prime. Invoke
6999 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
7000 argument top_bits_set, to optionally generate primes with the two
7001 most significant bits set. Reordered argument list.
7002 (nettle_random_prime): Likewise, added top_bits_set argument.
7003 Invoke progress callback when a prime is generated.
7005 2010-05-26 Niels Möller <nisse@lysator.liu.se>
7007 * dsa-keygen.c (dsa_generate_keypair): Use
7008 _nettle_generate_pocklington_prime. Deleted old key generation
7011 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Also
7012 return the used r. Updated caller.
7014 * examples/random-prime.c (main): Allow sizes down to 3 bits.
7016 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
7017 function. Rely on mpz_probab_prime_p (for lack of a trial division
7018 function) for trial division.
7019 (nettle_random_prime): Rewritten. Uses the prime table for the
7020 smallest sizes, then trial division using a new set of tables, and
7021 then Maurer's algorithm, calling the new
7022 _nettle_generate_pocklington_prime for the final search.
7024 2010-05-25 Niels Möller <nisse@lysator.liu.se>
7026 * testsuite/dsa-test.c (test_main): Updated for dsa testing
7029 * testsuite/dsa-keygen-test.c (test_main): Test dsa256.
7031 * testsuite/testutils.h (struct nettle_mac): New struct, currently
7034 * testsuite/testutils.c (test_mac): New function (currently not
7036 (test_dsa): Replaced by two new functions...
7037 (test_dsa160): New function.
7038 (test_dsa256): New function.
7039 (test_dsa_key): New argument q_size.
7040 (DSA_VERIFY): Generalized.
7042 * dsa-keygen.c (dsa_generate_keypair): Rewritten, now generating
7043 primes using Pocklington's theorem. Takes both p_size and q_size
7046 2010-05-20 Niels Möller <nisse@lysator.liu.se>
7048 * bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
7049 logic when Miller-rabin succeeds early.
7051 2010-04-09 Niels Möller <nisse@lysator.liu.se>
7053 * bignum-next-prime.c: Include stdlib.h, needed for alloca on
7057 * examples/Makefile.in (SOURCES): Added random-prime.c.
7059 * examples/random-prime.c: New program.
7061 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved
7062 knuth-lfib-test.c, cbc-test.c, ctr-test.c, hmac-test.c here, from
7064 (TS_HOGWEED_SOURCES): Added random-prime-test.c.
7066 * testsuite/random-prime-test.c: New test case.
7068 * examples/next-prime.c (main): With no command line arguments.
7069 exit after dislaying usage message.
7071 * examples/io.c (simple_random): Free buffer when done.
7073 * configure.ac: Changed message, say CC is the recommended
7074 way to configure the ABI.
7076 * bignum-random.c: Deleted test of HAVE_LIBGMP.
7077 * bignum.c: Likewise.
7078 * sexp2bignum.c: Likewise.
7080 * Makefile.in (hogweed_SOURCES): Added bignum-random-prime.c.
7082 * bignum-random-prime.c (nettle_random_prime): New file, new
7085 2010-03-31 Niels Möller <nisse@lysator.liu.se>
7087 * examples/nettle-benchmark.c (main): Benchmark sha224.
7089 2010-03-30 Niels Möller <nisse@lysator.liu.se>
7091 * testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
7093 (test_dsa): Check return value from dsa_sha1_sign.
7095 * Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
7096 dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
7098 * dsa.h: Updated and added dsa declarations.
7100 * dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
7102 (dsa_sha256_verify): New function.
7103 * dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
7105 (dsa_sha256_sign): New function.
7107 * dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
7108 renamed function, from dsa_verify_digest, rewrote to use
7110 (dsa_sha1_verify): Analogous change, renamed from dsa_verify.
7111 * dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
7112 renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
7113 and added return value.
7114 (dsa_sha1_sign): Analogous change, renamed from dsa_sign.
7116 * dsa-verify.c (_dsa_verify): New general verification function,
7118 * dsa-sign.c (_dsa_sign): New general signing function, for any
7119 hash. Returns success code, like the rsa signture functions.
7121 2010-03-29 Niels Möller <nisse@lysator.liu.se>
7123 * configure.ac (ABI): Attempt to use a better, ABI-dependant,
7124 default value for libdir.
7126 * x86/md5-compress.asm: Fixed function name in epilogue.
7128 * asm.m4 (EPILOGUE): Use . to refer to current address.
7130 * configure.ac (ABI): Detect which ABI the compiler is using.
7131 On x86_64, also check for __arch64__.
7133 2010-03-28 Niels Möller <nisse@lysator.liu.se>
7135 * configure.ac (asm_path): For x86_64, check if compiler is
7136 generating 32-bit code.
7138 2010-03-27 Niels Möller <nisse@lysator.liu.se>
7140 * testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
7141 HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
7144 * Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
7147 * hmac.h: Added declarations of hmac-sha224 and hmac-sha384.
7149 * hmac-sha224.c: New file.
7151 2010-03-26 Niels Möller <nisse@lysator.liu.se>
7153 * testsuite/hmac-test.c (HMAC_TEST): New macro.
7154 (test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
7155 test vectors from Daniel Kahn Gillmor.
7157 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.
7159 * Makefile.in (nettle_SOURCES): Added sha224-meta.c and
7161 (DISTFILES): Added nettle-write.h.
7163 * sha.h: Added declarations for sha224. Some are aliases for the
7164 corresponding sha256 definition.
7166 * sha256.c (sha256_digest): Use _nettle_write_be32.
7167 (sha224_init): New function.
7168 (sha224_digest): New function.
7170 * sha1.c (sha1_digest): Use _nettle_write_be32.
7172 * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
7173 (NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
7176 * nettle-write.h: New file.
7178 * write-be32.c (_nettle_write_be32): New file, new function.
7180 * sha224-meta.c: New file.
7182 2010-03-25 Niels Möller <nisse@lysator.liu.se>
7184 * hmac-sha384.c: New file.
7186 * testsuite/sha224-test.c: New file.
7188 * testsuite/md4-test.c (test_main): More test vectors, provided by
7189 Daniel Kahn Gillmor.
7190 * testsuite/md5-test.c (test_main): Likewise.
7191 * testsuite/sha1-test.c (test_main): Likewise.
7192 * testsuite/sha256-test.c (test_main): Likewise.
7193 * testsuite/sha384-test.c (test_main): Likewise.
7194 * testsuite/sha512-test.c (test_main): Likewise.
7196 * configure.ac: Bumped version numbers. Package version
7197 nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.
7199 * examples/nettle-benchmark.c (main): Benchmark sha384.
7201 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.
7203 * testsuite/sha384-test.c: New file.
7205 * Makefile.in (nettle_SOURCES): Added sha384-meta.c.
7207 * sha384-meta.c: New file.
7209 * sha.h: Added declarations for sha384. Some are aliases for the
7210 corresponding sha512 definition.
7212 * sha512.c (sha512_write_digest): New function.
7213 (sha512_digest): Use it.
7214 (sha384_init): New function.
7215 (sha384_digest): New function.
7217 2010-03-24 Niels Möller <nisse@lysator.liu.se>
7219 * sha512.c: (sha512_digest): Simplified handling of any final
7220 partial word of the digest.
7222 * sha512.c: Reorganized to use _nettle_sha512_compress.
7224 * sha512-compress.c (_nettle_sha512_compress): Compression
7225 function extracted from sha512.c to a new file.
7227 * Makefile.in (nettle_SOURCES): Added sha256-compress.c and
7230 * sha256.c: Reorganized to use _nettle_sha256_compress.
7232 * sha256-compress.c (_nettle_sha256_compress): Compression
7233 function extracted from sha256.c to a new file.
7235 * examples/nettle-benchmark.c (main): Benchmark sha512.
7237 * rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
7238 is less than bit size of n, and check for the unlikely case p = q.
7240 * rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
7241 correspond to pkcs#1 encryption of single byte messagees.
7243 * pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
7245 * rsa-compat.c (R_SignFinal): Likewise.
7247 * rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
7248 from pkcs1_rsa_md5_encode.
7249 (rsa_md5_sign_digest): Check and propagate return value from
7250 pkcs1_rsa_md5_encode_digest.
7251 * rsa-md5-verify.c (rsa_md5_verify): Check return value from
7252 pkcs1_rsa_md5_encode.
7253 (rsa_md5_verify_digest): Check return value from
7254 pkcs1_rsa_md5_encode_digest.
7255 * rsa-sha1-sign.c: Analogous changes.
7256 * rsa-sha1-verify.c: Analogous changes.
7257 * rsa-sha256-sign.c: Analogous changes.
7258 * rsa-sha256-verify.c: Analogous changes.
7259 * rsa-sha512-sign.c: Analogous changes.
7260 * rsa-sha512-verify.c: Analogous changes.
7262 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
7263 (pkcs1_rsa_md5_encode_digest): Added return value. Check and
7264 propagate return value from pkcs1_signature_prefix.
7265 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
7266 (pkcs1_rsa_sha256_encode_digest): Likewise.
7267 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
7268 (pkcs1_rsa_sha1_encode_digest): Likewise.
7269 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
7270 (pkcs1_rsa_sha512_encode_digest): Likewise.
7272 * pkcs1.c (pkcs1_signature_prefix): Interface change, take both
7273 the total size and digest size as arguments, and return a status
7274 code to say if the size was large enough.
7276 * testsuite/Makefile.in: Added hogweed dependency for the test
7279 2010-03-23 Niels Möller <nisse@lysator.liu.se>
7281 * testsuite/rsa-test.c (test_main): Test signing with sha512.
7283 * testsuite/testutils.c (test_rsa_sha512): New function.
7285 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
7286 rsa-sha512-sign.c and rsa-sha512-verify.c.
7288 * rsa.h: Added prototypes for sha512-related functions.
7289 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
7290 * pkcs1.h: Added prototypes for sha512-related functions.
7292 * rsa-sha512-verify.c: New file.
7293 * rsa-sha512-sign.c: New file.
7294 * pkcs1-rsa-sha512.c: New file.
7296 2010-03-22 Niels Möller <nisse@lysator.liu.se>
7298 * Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
7300 * testsuite/hmac-test.c (test_main): Added test cases for
7303 * hmac.h: Declare functions sha512-related functions.
7304 * hmac-sha512.c (hmac_sha512_set_key): New file.
7306 Basic sha512 support.
7307 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
7308 * testsuite/sha512-test.c: New file.
7310 * macros.h (READ_UINT64, WRITE_UINT64): New macros.
7312 * Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
7313 * sha.h: Added sha512-related declarations.
7314 * nettle-meta.h: Likewise.
7315 * sha512-meta.c: New file.
7316 * sha512.c: New file.
7318 2010-03-06 Niels Möller <nisse@lysator.liu.se>
7320 * Makefile.in (distdir): Include x86_64 assembler files.
7322 2010-01-20 Niels Möller <nisse@lysator.liu.se>
7324 * configure.ac: Check for mpz_powm_sec.
7326 2010-01-13 Niels Möller <nisse@lysator.liu.se>
7328 * Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
7329 $(LIBNETTLE_FORLINK).
7331 * configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
7332 default case. Follows debian, and also makes dlopen of
7333 libhogweed.so work, without having to use RTLD_GLOBAL.
7334 (LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
7336 2009-10-21 Niels Möller <nisse@lysator.liu.se>
7338 * tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
7341 2009-10-19 Niels Möller <nisse@lysator.liu.se>
7343 * tools/pkcs1-conv.c: Updated for dsa/der interface change.
7345 * der2dsa.c (dsa_public_key_from_der_iterators): Split into two
7347 (dsa_params_from_der_iterator): New function.
7348 (dsa_public_key_from_der_iterator): New function.
7349 (dsa_openssl_private_key_from_der_iterator): Renamed, was
7350 dsa_private_key_from_der_iterator.
7351 (dsa_openssl_private_key_from_der): Likewise.
7352 * dsa.h: Corresponding changees to prototypes and #defines.
7354 2009-10-12 Niels Möller <nisse@lysator.liu.se>
7356 * sexp-format.c: Removed conditioning on HAVE_LIBGMP.
7358 * tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
7361 * Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.
7363 * der2dsa.c: New file, contributed by Magnus Holmgren.
7364 * dsa2sexp.c: Likewise.
7365 * dsa.h: Added prototypes.
7367 * configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
7368 version, now it's 1.1.
7370 * testsuite/rsa2sexp-test.c (test_main): Updated testcase for
7373 2009-10-11 Niels Möller <nisse@lysator.liu.se>
7375 * rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
7378 2009-09-20 Niels Möller <nisse@lysator.liu.se>
7380 * x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
7381 by letting loopmix scramble the instruction order.
7383 2009-09-15 Niels Möller <nisse@lysator.liu.se>
7385 * x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
7386 improvement to ROUND_F1_NOEXP. Slight reduction of
7389 2009-08-25 Niels Möller <nisse@lysator.liu.se>
7391 * x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
7393 * examples/nettle-benchmark.c (bench_sha1_compress): New function,
7394 for precise benchmarking of the compression function.
7396 2009-06-08 Niels Möller <nisse@lysator.liu.se>
7398 * Released nettle-2.0.
7400 2009-06-04 Niels Möller <nisse@lysator.liu.se>
7402 * configure.ac: Set version to 2.0
7404 2009-05-30 Niels Möller <nisse@lysator.liu.se>
7406 * Makefile.in (.texinfo.info): Don't use a temporary output file
7407 $@T, trust makeinfo to remove output file on errors.
7409 2009-05-19 Niels Möller <nisse@lysator.liu.se>
7411 * nettle.texinfo: Changed license to public domain.
7413 2009-05-11 Niels Möller <nisse@lysator.liu.se>
7415 * nettle.texinfo: Fixes from Karl Berry. Added some more index
7418 2009-03-06 Niels Möller <nisse@lysator.liu.se>
7420 * x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
7422 * x86_64/aes-decrypt-internal.asm: Likewise.
7424 * x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
7425 (AES_STORE): Reduced offsets.
7426 (AES_ROUND): Use HREG directly, not MOVE_HREG.
7428 * x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
7429 Put SA--SD in %eax--%edx, so the second byte can be accessed as
7430 %ah-%dh. TD is not needed, SD can be reused. Use the register that
7431 is saved for the outer loop counter, getting it off the stack.
7432 * x86_64/aes-encrypt-internal.asm: Likewise.
7434 * x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
7435 (XREG): Fixed bug in handling of %r8 and %r9.
7436 (AES_ROUND): Use MOVE_HREG.
7438 2009-02-10 Niels Möller <nisse@lysator.liu.se>
7440 * base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
7443 * testsuite/sexp-conv-test: Updated testcases for improved
7444 handling of comments.
7446 * tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
7447 to terminate comments, and modify indentation for the case that a
7448 list starts with a comment.
7450 * tools/output.c (sexp_output_init): Initialize soft_newline.
7451 (sexp_put_raw_char): Clear soft_newline.
7452 (sexp_put_newline): Check and reset soft_newline.
7453 (sexp_put_soft_newline): New function.
7455 * tools/output.h (struct sexp_output): Removed union with single
7456 element, and updated all users. New attribute soft_newline.
7458 2008-12-22 Niels Möller <nisse@lysator.liu.se>
7460 * Makefile.in ($(des_headers)): Create files in $(srcdir).
7462 2008-11-28 Niels Möller <nisse@lysator.liu.se>
7464 * testsuite/cxx-test.cxx: Include <cstdio>.
7466 2008-11-22 Niels Möller <nisse@lysator.liu.se>
7468 * yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
7469 that it is set if and only if the aes context has been initialized
7470 with aes_set_encrypt_key.
7471 (yarrow256_seed): No need to set ctx->seeded here.
7472 (yarrow256_update): Likewise.
7474 2008-11-04 Niels Möller <nisse@lysator.liu.se>
7476 * examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
7477 compatible with gmp-3.1.
7479 2008-11-01 Niels Möller <nisse@lysator.liu.se>
7481 * nettle.texinfo: Updated for 2.0. New section on linking.
7483 * nettle-types.h, nettle-meta.h: Moved all typedefs for function
7484 types to nettle-types.h. Use non-pointer types, so that the types
7485 can be used to declare functions. Updated all users.
7487 2008-10-31 Niels Möller <nisse@lysator.liu.se>
7489 * testsuite/yarrow-test.c (test_main): Updated for seed file
7492 * sha-example.c (display_hex): Use %02x, not %2x.
7494 2008-10-30 Niels Möller <nisse@lysator.liu.se>
7496 * tools/sexp-conv.c (main): Fixed file locking.
7498 2008-10-25 Niels Möller <nisse@lysator.liu.se>
7500 * configure.ac: Set version to 2.0rc1.
7502 * examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
7505 2008-10-24 Niels Möller <nisse@lysator.liu.se>
7507 * sha256.c (ROUND): Simplified macro.
7509 * yarrow256.c (yarrow256_fast_reseed): Renamed (was
7510 yarrow_fast_reseed) and made non-static. Don't generate seed file
7511 here, let the application use yarrow256_random instead.
7512 (yarrow256_slow_reseed): Renamed (was yarrow_slow_reseed) and made
7514 (yarrow256_force_reseed): Deleted function, use
7515 yarrow256_slow_reseed instead. For backwards compatibility,
7516 yarrow.h defines yarrow256_force_reseed as an alias for that
7519 * yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.
7521 2008-09-17 Niels Möller <nisse@lysator.liu.se>
7523 * x86/arcfour-crypt.asm: Improved loop logic, and unrolled
7524 loop twice. Gave a modest speedup.
7526 2008-09-15 Niels Möller <nisse@lysator.liu.se>
7528 * yarrow256.c (yarrow256_seed): Disallow length == 0.
7530 * base64-decode.c (decode_table): Added vertical tab (VT) and form
7531 feed (FF) as white space characters.
7533 * x86_64/aes-decrypt-internal.asm: New file.
7535 2008-09-13 Niels Möller <nisse@lysator.liu.se>
7537 * x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
7538 loop with movl. Eliminated redundant movl.
7539 * x86/aes-decrypt-internal.asm: Likewise.
7541 * x86_64/aes.m4: New file.
7543 * x86/aes-encrypt-internal.asm: Updated for AES_FINAL_ROUND. Only
7544 three times through the substitution loop.
7545 * x86/aes-decrypt-internal.asm: Likewise.
7546 * x86_64/aes-encrypt-internal.asm: Likewise.
7548 * x86/aes.m4 (AES_FINAL_ROUND): Do the substitution on the least
7549 significant byte here.
7551 * x86/aes-encrypt-internal.asm: Updated use of AES_SUBST_BYTE. USe
7552 decl for outer loop.
7553 * x86/aes-decrypt-internal.asm: Likewise.
7555 * x86/aes.m4 (LREG, HREG): New macros.
7556 (AES_SUBST_BYTE): Take state registers as argument. Use LREG to
7557 get the corresponding byte register.
7558 (AES_ROUND): Use movzbl together with LREG and HREG.
7559 (AES_SUBST_BYTE): Likewise.
7561 2008-09-10 Niels Möller <nisse@lysator.liu.se>
7563 * x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
7564 which must be preserved.
7566 2008-09-08 Niels Möller <nisse@lysator.liu.se>
7568 * Makefile.in (stamp-h.in): Use $(AUTOHEADER).
7570 * x86_64/sha1-compress.asm: New x86_64 assembler, based on the x86
7573 * configure.ac (asm_path): Set up asm_path for x86_64.
7575 * x86_64/machine.m4: New file, new directory.
7577 2008-08-28 Niels Möller <nisse@lysator.liu.se>
7579 * examples/eratosthenes.c (main): Rewrote block-wise sieving to
7580 use less memory. New options -s and -v.
7582 2008-08-27 Niels Möller <nisse@lysator.liu.se>
7584 * testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
7585 Updated testcases with comments; comments are now preserved.
7587 * tools/sexp-conv.c (sexp_convert_item): Keep comments in advanced
7589 (parse_options): New --lock option.
7590 (main): Optionally lock output file.
7592 * tools/parse.c (sexp_check_token): Removed check for "any" token.
7593 All callers specify the token they expect.
7594 (sexp_parse): Pass on comment tokens.
7596 * tools/output.c (sexp_put_data): Made non-static.
7598 * tools/input.c (sexp_get_comment): New function.
7599 (sexp_get_token): Use sexp_get_comment.
7601 * tools/misc.h (enum sexp_token): Start enumeration with zero, zero
7602 is no longer used to mean any type. New type SEXP_COMMENT.
7604 * configure.ac: Check for fcntl file locking.
7606 2008-08-26 Niels Möller <nisse@lysator.liu.se>
7608 * Makefile.in (tags-here): Put TAGS file in the source directory.
7609 * examples/Makefile.in (tags): Likewise.
7610 * testsuite/Makefile.in (tags): Likewise.
7611 * tools/Makefile.in (tags): Likewise.
7613 2008-02-29 Niels Möller <nisse@lysator.liu.se>
7615 * examples/Makefile.in (SOURCES): Added next-prime.c.
7617 2008-01-05 Niels Möller <nisse@lysator.liu.se>
7619 * examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
7620 (next-prime, eratosthenes): New rules.
7621 (nettle-benchmark): Don't rely on $@.
7623 * examples/eratosthenes.c (find_first_one): Optimized, using
7624 slightly larger table.
7625 (main): Use atol, rather than atoi.
7627 * testsuite/symbols-test: Check symbols also in libhogweed.
7629 * examples/next-prime.c: New file.
7630 Deleted code for detailed timing.
7632 * Makefile.in (hogweed_SOURCES): Added bignum-next-prime.c.
7633 (DISTFILES): Added prime-list.h.
7634 (hogweed_OBJS): Removed $(LIBOBJS).
7636 * bignum-next-prime.c (nettle_next_prime): Renamed function, for
7637 name space reasons. Was bignum_next_prime. Updated call in
7639 (primes): Use prime-list.h.
7640 (nettle_next_prime): Skip Fermat test. Use mpz_millerrabin
7641 directly, rather than mpz_probab_prime_p, when the former is
7644 * bignum.h (nettle_next_prime): New prototype.
7646 * rsa-keygen.c (bignum_next_prime): Deleted, moved to
7647 bignum-next-prime.c. Call with a larger prime limit, this improves
7648 the running time of lsh-keygen by roughly 25%.
7650 * prime-list.h: List of odd primes < 2^16.
7652 * configure.ac: Check for sizeof(long).
7654 2008-01-03 Niels Möller <nisse@lysator.liu.se>
7656 * examples/nettle-benchmark.c (main): Removed incorrect UNUSED
7659 * bignum-next-prime.c: Moved the bignum_next_prime function to a
7662 2007-09-08 Niels Möller <nisse@lysator.liu.se>
7664 * sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
7665 include file was renamed from "sparc" to "sparc32". Updated include.
7666 * sparc64/aes-decrypt-internal.asm: Likewise.
7667 * sparc32/aes-encrypt-internal.asm: Likewise.
7668 * sparc32/aes-decrypt-internal.asm: Likewise.
7670 2007-09-07 Niels Möller <nisse@lysator.liu.se>
7672 * examples/read_rsa_key.c: Include stdlib.h.
7674 2007-06-02 Niels Möller <nisse@lysator.liu.se>
7676 * Makefile.in: Typo fixes to install targets, spotted by Magnus
7679 2007-05-14 Niels Möller <niels@s3.kth.se>
7681 * configure.ac: Fixed copy-and-paste errors in shared library
7684 * config.make.in (LIBNETTLE_SONAME, LIBHOGWEED_SONAME): Define.
7686 * Makefile.in (libnettle.so, libhogweed.so): Fixed rules.
7688 * Makefile.in: Split nettle library into two files, libnettle.a
7689 and libhogweed.a, and similarly for the shared libraries.
7691 * configure.ac: Bumped nettle so-versions to 3.0. Set hogweed
7692 so-versions to 1.0. New makefile conditionals IF_SHARED and
7693 IF_HOGWEED. Renamed WITH_PUBLIC_KEY to WITH_HOGWEED. Deleted
7694 SHLIBTARGET, SHLIBINSTALL, RSA_EXAMPLES and RSA_TOOLS.
7696 * config.make.in: Updated for hogweed split.
7698 * C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
7699 Makefile sorts out which files should be compiled.
7701 * pgp.h: Include bignum.h, don't pretend to work without bignums.
7703 * pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
7704 (pgp_put_rsa_sha1_signature): Define unconditionally. Removed the
7705 checking of HAVE_LIBGMP and WITH_PUBLIC_KEY.
7707 * examples/io.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
7708 * examples/io.c (read_rsa_key): Deleted, moved to...
7709 * examples/read_rsa_key.c: New file, extracted from io.c.
7711 * examples/Makefile.in: Use IF_HOGWEED instead of RSA_EXAMPLES.
7712 Link appropriate programs with -lhogweed.
7713 (SOURCES): Added read_rsa_key.c.
7715 * tools/Makefile.in (pkcs1-conv): Use IF_HOGWEED, not @RSA_TOOLS@,
7716 for configuration. Link with -lhogweed.
7718 * testsuite/testutils.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
7719 * testsuite/testutils.c: Likewise.
7721 * testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
7722 Separate test cases using nettle and those also using hogweed.
7724 2007-04-05 Niels Möller <nisse@lysator.liu.se>
7726 * Moved in CVS tree. Also renamed directory sparc to sparc32.
7728 2007-02-24 Niels Möller <nisse@lysator.liu.se>
7730 * Makefile.in (clean-here): Remove .lib directory.
7731 (distclean-here): Remove machine.m4.
7733 2006-12-05 Niels Möller <nisse@lysator.liu.se>
7735 * configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.
7737 * config.make.in (datarootdir): New directory variable (for
7740 2006-11-28 Niels Möller <nisse@lysator.liu.se>
7742 * configure.ac: Bumped version to 1.16.
7744 * Released nettle-1.15.
7746 2006-11-27 Niels Möller <nisse@lysator.liu.se>
7748 * NEWS: New entry for nettle-1.15.
7750 * configure.ac (SHLIBMINOR): Bumped version. Library name is now
7753 * sha256.c: Changed copyright notice to use the LGPL.
7755 * Makefile.in (DISTFILES): Added COPYING.LIB.
7757 * COPYING.LIB: New file (previously only the plain GPL was
7758 included in the distribution).
7760 * nettle.texinfo: Updated vor nettle-1.15.
7762 * testsuite/rsa-test.c (test_main): Use test_rsa_sha256.
7763 * testsuite/testutils.c (test_rsa_sha256): New function.
7765 * testsuite/Makefile.in (DISTFILES): Replaces rfc1750.txt by
7768 * rsa.h (rsa_sha256_sign, rsa_sha256_verify)
7769 (rsa_sha256_sign_digest, rsa_sha256_verify_digest): New declarations.
7770 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased to
7771 62 octets and 489 bits, respectively, for supporting sha256.
7773 * pkcs1.h (pkcs1_rsa_sha256_encode)
7774 (pkcs1_rsa_sha256_encode_digest): New declarations and name
7777 * Makefile.in (nettle_SOURCES): Added pkcs1-rsa-sha256.c,
7778 rsa-sha256-sign.c, rsa-sha256-verify.c.
7780 * pkcs1-rsa-sha256.c, rsa-sha256-sign.c, rsa-sha256-verify.c: New
7783 * COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
7786 2006-11-27 Niels Möller <niels@s3.kth.se>
7788 * tools/Makefile.in (install): Use MKDIR_P to create installation
7789 directory. Install only one file at a time.
7791 * Makefile.in (MKDIR_P): Use MKDIR_P for creating installation
7794 * configure.ac: Use AC_PROG_MKDIR_P.
7796 2006-11-24 Niels Möller <nisse@lysator.liu.se>
7798 * testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
7799 file, instead of rfc1750.txt.
7801 * testsuite/gold-bug.txt: New test input file for yarrow-test.
7802 The copyright on this short story by Edgar Allan Poe has expired.
7804 * testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
7805 non-free, and it was expired anyway. Replaced by gold-bug.txt.
7807 2006-11-24 Niels Möller <niels@s3.kth.se>
7809 * Almost all header files: Added C++ guards.
7811 * configure.ac: Test if the system has any C++ compiler.
7813 * config.make.in (CXX, CXXFLAGS, COMPILE_CXX, LINK_CXX): New variables.
7815 * testsuite/Makefile.in: New variables TS_C and TS_CXX. Setup for
7816 compiling the C++ file cxx-test.cxx.
7818 * testsuite/cxx-test.cxx: New testcase, trying to use nettle from
7821 2006-08-28 Niels Möller <niels@s3.kth.se>
7823 * index.html: Added section on language bindings.
7825 2006-06-10 Niels Möller <niels@s3.kth.se>
7827 * configure.ac: Darwin shared library support, from Grant
7830 2006-05-18 Niels Möller <nisse@lysator.liu.se>
7832 * src/nettle/x86/aes.asm: Deleted unused file.
7834 * aes-decrypt.c (_aes_decrypt_table): Deleted the indexing array,
7835 previously commented out.
7836 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
7838 * Makefile.in (.texinfo.info, .dvi.ps): Use more quotes with
7840 (install-here, install-shared, install-info, install-headers): Use
7841 plain mkdir, not $(INSTALL) -d.
7843 2006-05-16 Niels Möller <niels@s3.kth.se>
7844 Merged from the lsh experimental branch.
7846 2006-04-26 Niels Möller <nisse@lysator.liu.se>
7848 * examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
7849 * examples/nettle-benchmark.c: Include "getopt.h".
7851 * examples/Makefile.in (GETOPT_OBJS): New variable.
7852 (rsa-keygen, rsa-encrypt, nettle-benchmark): Depend on and link
7853 with $(GETOPT_OBJS).
7855 * x86/aes-decrypt-internal.asm: Use ALIGN.
7856 * x86/aes-encrypt-internal.asm: Likewise.
7857 * x86/arcfour-crypt.asm: Likewise.
7858 * x86/md5-compress.asm: Likewise.
7859 * x86/sha1-compress.asm: Likewise.
7861 * config.m4.in (ASM_ALIGN_LOG): Substitute.
7862 * configure.ac (ASM_ALIGN_LOG): Check if .align directive is
7864 * asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
7865 expands to a .align directive.
7867 2006-04-21 Niels Möller <nisse@lysator.liu.se>
7869 * nettle.texinfo (Public-key algorithms): Say that the public key
7870 operations are undocumented, not unsupported. Reported by Jeronimo
7873 2006-04-08 Niels Möller <nisse@lysator.liu.se>
7875 * tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
7876 Reported by Henrik Grubbström.
7878 2006-01-31 Niels Möller <niels@s3.kth.se>
7880 * examples/rsa-verify.c: Fixed typo in usage message.
7882 2005-12-05 Niels Möller <nisse@lysator.liu.se>
7884 * configure.ac: Bumped version to 1.15,
7886 * Released nettle-1.14.
7888 * NEWS: Updated for 1.14.
7890 * configure.ac (SHLIBMINOR): Increased minor number. Library
7891 version is now libnettle.so.2.5, soname still libnettle.so.2.
7893 2005-11-28 Niels Möller <nisse@lysator.liu.se>
7895 * config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
7896 and friends here, to get a correct a relative filename for
7897 install-sh when used in tools/Makefile.
7899 * tools/Makefile.in (INSTALL): Substitute INSTALL, INSTALL_DATA
7901 * Makefile.in (INSTALL): Likewise.
7903 2005-11-27 Niels Möller <nisse@lysator.liu.se>
7905 * Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
7906 intermediate .dvi and .ps files.
7908 * testsuite/Makefile.in (clean): Delete sha1-huge-test.
7910 * Makefile.in (install-info, install-headers): Don't use $< and
7911 $?; Solaris make doesn't support them in explicit rules.
7913 2005-11-26 Niels Möller <nisse@lysator.liu.se>
7915 * testsuite/Makefile.in: Include .test-rules.make, which contains
7916 the rules for all the test executables.
7917 (test-rules): New rule, to update this file.
7918 (DISTFILES): Added $(EXTRA_SOURCES).
7920 * testsuite/.test-rules.make: Automatically generated file for
7921 building the test programs.
7923 2005-11-25 Niels Möller <nisse@lysator.liu.se>
7925 * configure.ac: Disable assembler when compiling with rntcl.
7927 * tools/Makefile.in (pkcs1_conv_SOURCES): New variable.
7928 (pkcs1-conv): Link with getopt.o and getopt1.o.
7930 * Makefile.in (aesdata, desdata, shadata): Use explicit rules for
7933 * testsuite/Makefile.in: Use %-rules for building the -test
7934 executables, in addition to the suffix rules. Hopefully, this
7935 should make all of GNU make, BSD make and Solaris make happy.
7936 Use $(EXEEXT) and $(OBJEXT) more consistently.
7938 * examples/Makefile.in: Use explicit rules for all executable
7939 targets. Use $(EXEEXT) and $(OBJEXT) more consistently.
7941 2005-11-25 Niels Möller <niels@s3.kth.se>
7943 * testsuite/Makefile.in: Avoid using single-suffix rule to build
7946 2005-11-24 Niels Möller <niels@s3.kth.se>
7948 * Makefile.in (distdir): Use [ -f, not [ -e, since the latter
7949 is less portable, and not supported by Solaris /bin/sh.
7951 2005-11-23 Niels Möller <niels@s3.kth.se>
7953 * testsuite/Makefile.in (DISTFILES): Added teardown-env.
7954 * testsuite/teardown-env: New file. Delete files created by the
7957 2005-11-21 Niels Möller <nisse@lysator.liu.se>
7959 * testsuite/testutils.c (main): Fixed check for -v option. Spotted
7962 2005-11-21 Niels Möller <niels@s3.kth.se>
7964 * ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.
7966 2005-11-20 Niels Möller <nisse@lysator.liu.se>
7968 * Makefile.in (nettle_SOURCES): Added der2rsa.c.
7970 * testsuite/Makefile.in (TS_SH): Added pkcs1-conv-test.
7972 * tools/Makefile.in (TARGETS): Added @RSA_TOOLS@.
7973 (SOURCES): Added pkcs1-conv.c.
7974 (pkcs1-conv): New rule.
7976 * tools/pkcs1-conv.c: New program.
7978 * testsuite/pkcs1-conv-test: New file.
7980 * examples/rsa-verify-test: Use rsa-sign to create signature.
7982 * examples/io.c (read_file): Fixed spelling in error message.
7984 * rsa.h (rsa_public_key_from_der_iterator)
7985 (rsa_private_key_from_der_iterator, rsa_keypair_from_der): Declare
7988 * der2rsa.c: New file.
7990 * der-iterator.c (asn1_der_iterator_init): Initialize length and
7992 (asn1_der_iterator_next): Support for lengths >= 0x80.
7993 (asn1_der_decode_constructed_last, asn1_der_decode_bitstring)
7994 (asn1_der_decode_bitstring_last): New functions.
7995 (asn1_der_get_bignum): Check for non-mininal encodings.
7997 * configure.ac (RSA_TOOLS): New substituted variable. Includes
7998 pkcs1-conv, when public-key support is enabled.
8000 * bignum.h (nettle_asn1_der_get_bignum): Include nettle_-prefix in
8003 * asn1.h: Added name mangling defines, and a few new declarations.
8005 2005-11-13 Niels Möller <nisse@lysator.liu.se>
8007 * Makefile.in (nettle_SOURCES): Added der-iterator.c.
8008 (HEADERS): Added asn1.h.
8010 * bignum.h (asn1_der_get_bignum): Declare function.
8012 * der-iterator.c: New file.
8015 2005-11-07 Niels Möller <nisse@lysator.liu.se>
8017 * examples/nettle-benchmark.c: Check HAVE_UNISTD_H.
8019 * examples/Makefile.in (TARGETS): Use $(EXEEXT).
8020 * tools/Makefile.in (TARGETS, sexp-conv, nettle-lfib-stream): Likewise.
8022 * configure.ac: Use $host_cpu, not $host, when setting up the
8023 assembler path. Use $host_os, not uname, when setting up shared
8026 * Makefile.in (des.$(OBJEXT)): Use OBJEXT.
8028 * config.guess, config.sub: In the CVS tree, moved files to the
8029 lsh top-level directory.
8031 2005-10-23 Niels Möller <nisse@lysator.liu.se>
8033 * sparc64/arcfour-crypt.asm: New file, almost the same as
8034 sparc/arcfour-crypt.asm.
8036 * examples/nettle-benchmark.c (display): Use two decimal places.
8038 * sparc/arcfour-crypt.asm: Reorganized. Main loop unrolled four
8039 times. Uses aligned 32-bit write accesses at DST. Still uses 8-bit
8040 read accesses at SRC; could be improved int he case that SRC and
8041 DST have compatible alignment.
8043 2005-10-19 Niels Möller <niels@s3.kth.se>
8045 * testsuite/arcfour-test.c (test_main): New testcase with 512
8048 2005-10-19 Niels Möller <nisse@lysator.liu.se>
8050 * sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
8051 must order the store at [CTX+I] before the load of [CTX+SI+SJ].
8053 2005-10-18 Niels Möller <nisse@lysator.liu.se>
8055 * sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
8056 have compatible alignment. Improves performance by 20%, but I'm
8057 not sure it's worth the extra complexity.
8059 * bignum.c (nettle_mpz_from_octets): Removed sign argument. If
8060 mpz_import is available, define nettle_mpz_from_octets as a macro
8062 (nettle_mpz_from_octets): Start by setting x to zero; callers no
8063 longer need to do that.
8064 (nettle_mpz_set_str_256_s): New logic for the handling of negative
8065 numbers. Convert in the same way as for positive numbers, and then
8066 subtract the appropriate power of two.
8068 2005-10-17 Niels Möller <nisse@lysator.liu.se>
8070 * bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
8071 digit temporary (suggested by Torbjörn Granlund).
8073 * sparc/arcfour-crypt.asm: Improved instruction scheduling.
8075 * sparc/arcfour-crypt.asm: Bugfix, use lduh and stuh.
8077 * sparc/arcfour-crypt.asm: New file.
8079 * sparc64/aes.asm: Deleted unused file.
8081 * x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
8082 * asm.m4 (ARCFOUR): New struct.
8084 2005-10-17 Niels Möller <niels@s3.kth.se>
8086 * aes-internal.h (struct aes_table): Deleted idx and sparc_idx
8088 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
8089 * aes-decrypt.c (_aes_decrypt_table): Likewise.
8090 * asm.m4 (AES): Likewise
8092 2005-10-16 Niels Möller <nisse@lysator.liu.se>
8094 * tools/input.c (sexp_get_char): Use unsigned for the done flag.
8096 * sparc64/aes-encrypt-internal.asm: Include sparc/aes.m4.
8097 * sparc64/aes-decrypt-internal.asm: Likewise.
8099 * sparc64/machine.m4: Use .register pseudo op to say that we use
8100 %g2 and %g3 as scratch registers.
8102 * sparc/aes-encrypt-internal.asm: Explicitly include sparc/aes.m4.
8103 * sparc/aes-decrypt-internal.asm: Likewise.
8105 * sparc/aes.m4: New file. Moved aes-related macros here...
8106 * sparc/machine.m4: ... removed aes macros.
8108 * x86/aes-encrypt-internal.asm: Explicitly include x86/aes.m4.
8109 * x86/aes-decrypt-internal.asm: Likewise.
8111 * x86/aes.m4: New file. Moved aes-related macros here, from...
8112 * x86/machine.m4: ... removed aes macros.
8114 * sparc64/aes-encrypt-internal.asm: New file.
8115 * sparc64/aes-decrypt-internal.asm: New file.
8117 * sparc64/machine.m4: Include the same aes macros used for
8119 (BIAS): Define magic stack bias constant.
8121 * sparc/aes-encrypt-internal.asm, sparc/aes-decrypt-internal.asm:
8122 Reduced frame size to 104 bytes, since we no longer need wtxt and
8125 * sparc/aes.asm: Deleted old aes implementation.
8127 * sparc/aes-decrypt-internal.asm: New file.
8129 * sparc/machine.m4: Don't use m4 eval, instead rely on the
8130 assembler's arithmetic.
8132 * sparc/machine.m4 (AES_FINAL_ROUND): Better scheduling, by
8133 interleaving independent operations.
8135 * sparc/machine.m4 (TMP3): A third temporary register.
8136 (AES_FINAL_ROUND): Prepared for scheduling.
8138 * sparc/machine.m4 (AES_ROUND): Deleted unused argument T. Updated
8139 all calls in aes-encrypt-internal.asm.
8141 * sparc/machine.m4 (AES_ROUND): New loop invariants T0-T3, to
8142 avoid the additions of the AES_TABLEx constants in the inner loop.
8144 * sparc/machine.m4 (AES_ROUND): Better scheduling, by
8145 interleaving independent operations.
8147 * sparc/machine.m4 (AES_ROUND): Alternate between using TMP1 and
8148 TMP2, to prepare for scheduling.
8150 * sparc/aes-encrypt-internal.asm: Renamed Ti -> Xi.
8152 * sparc/aes-encrypt-internal.asm: Fixed bugs. Now passes the
8155 * sparc/machine.m4 (AES_ROUND, AES_FINAL_ROUND): Bugfixes. Put
8156 NOPs in the load dely slots.
8158 * sparc/aes-encrypt-internal.asm: Implemented. Not yet working,
8161 * sparc/machine.m4: Use TMP1 and TMP2, so we don't need to pass
8163 (AES_FINAL_ROUND): New macro.
8165 2005-10-15 Niels Möller <nisse@lysator.liu.se>
8167 * configure.ac (OBJDUMP): Substitute the program false if objdump
8170 * asm.m4 (PROLOGUE): Use TYPE_FUNCTION.
8172 * config.m4.in: Substitute ASM_TYPE_FUNCTION as TYPE_FUNCTION.
8174 * configure.ac (ASM_ELF_STYLE): Check for %function and #function,
8175 but not for @function.
8176 (ASM_TYPE_FUNCTION): New substituted variable.
8178 * configure.ac (ASM_ELF_STYLE): Fixed .type foo,@function statement
8179 used when checking for pseudo operations.
8181 * sparc/machine.m4 (AES_LOAD, AES_ROUND): Started writing new AES
8184 * sparc/aes-encrypt-internal.asm: New file.
8186 2005-10-14 Niels Möller <nisse@lysator.liu.se>
8188 * x86/aes-decrypt.asm, x86/aes-encrypt.asm: Deleted files.
8190 * x86/aes-decrypt-internal.asm: New file.
8192 * x86/machine.m4: Changed AES macros, to handle a table register.
8193 Also take more of the used registers as argument.
8195 * x86/aes-encrypt-internal.asm: Rewritten to match new interface,
8196 with the table pointer as an argument. Unlike the old code, this
8197 should really be position independent.
8199 * configure.ac: When looking for assembler files, link in
8200 aes-encrypt-internal.asm and aes-decrypt-internal.asm. Don't look
8201 for aes.asm, aes-encrypt.asm and aes-decrypt.asm.
8203 * configure.ac (OBJDUMP): Use AC_CHECK_TOOL to check for objdump.
8204 (ASM_MARK_NOEXEC_STACK): Use $OBJDUMP when examining the object file.
8206 * Makefile.in (nettle_SOURCES): Removed aes.c,
8207 aes-decrypt-table.c. Added aes-decrypt-internal.c and aes-encrypt-internal.c.
8209 * aes.c, aes-decrypt-table.c: Deleted files.
8211 * aes-decrypt.c (_aes_decrypt_table): Moved table here, and made
8214 * aes-internal.h (_aes_decrypt_table): Don't declare, it's no
8215 longer globally visible.
8217 * aes-decrypt-internal.c (_nettle_aes_decrypt): New AES decryption
8218 function, analogous to _nettle_aes_encrypt.
8220 2005-10-14 Niels Möller <niels@s3.kth.se>
8222 * aes-internal.h (AES_ROUND, AES_FINAL_ROUND): New macros.
8224 * aes-encrypt-internal.c (_nettle_aes_encrypt): New AES encryption
8225 function, avoiding the table-based indexing.
8227 * sha1-compress.c: Added debugging code.
8228 * md5-compress.c: Likewise.
8230 2005-10-13 Niels Möller <niels@s3.kth.se>
8232 * config.m4.in (ASM_MARK_NOEXEC_STACK): Use a diversion, to
8233 substitute the value of ASM_MARK_NOEXEC_STACK at the end of each
8236 * configure.ac (ASM_MARK_NOEXEC_STACK): Check if the C compiler
8237 generates a .note.GNU-stack section. If so, we should do the same
8238 in our assembler files.
8240 * sparc64/aes.asm: New file. Copy of sparc/aes.asm, with minor
8241 changes to the stack frame layout. Patch contributed by Henrik
8242 Grubbström. Not yet tested.
8244 * x86/md5-compress.asm: Skip copying of input to the stack, and
8245 don't allocate space for it.
8248 * testsuite/md5-test.c: Document intermediate values for first
8251 * configure.ac (asm_path): Check for sparc64, and use sparc64
8252 subdirectory. Link in md5-compress.asm, if it exists.
8254 2005-10-13 Niels Möller <nisse@lysator.liu.se>
8256 * x86/md5-compress.asm (REF): Fixed calculation of offset.
8258 2005-10-12 Niels Möller <nisse@lysator.liu.se>
8260 * x86/machine.m4 (OFFSET): Moved macro, used to be in...
8261 * x86/sha1-compress.asm (OFFSET): ... removed macro.
8263 * x86/md5-compress.asm: New file, with first attempt at md5
8264 assembler. Not yet working.
8266 2005-10-11 Niels Möller <nisse@lysator.liu.se>
8268 * Makefile.in (nettle_SOURCES): Added md5-compress.c.
8270 * md5.c: Reorganized to use _nettle_md5_compress, in analogy with
8273 * md5-compress.c (_nettle_md5_compress): New file and new function.
8275 2005-10-10 Niels Möller <niels@s3.kth.se>
8277 * testsuite/Makefile.in (EXTRA_SOURCES, EXTRA_TARGETS): New
8278 variables, for test cases that are not run by default.
8280 * testsuite/sha1-huge-test.c (test_main): New test case, with a
8281 very large sha1 input.
8283 * testsuite/testutils.c (test_hash_large): New function.
8285 * sha1.c (sha1_block): Deleted function; inlined where used.
8286 (SHA1_INCR): New macro for incrementing the block count.
8288 2005-10-06 Niels Möller <nisse@lysator.liu.se>
8290 * configure.ac: Bumped version to 1.14.
8292 * Released nettle-1.13.
8294 * configure.ac: Check for openssl/aes.h.
8296 * Makefile.in (distdir): Use a loop to pick up the contents of
8297 $(DISTFILES) from source and build directories. For some reason,
8298 $? failed to find stamp-h.in in the source directory.
8300 2005-10-05 Niels Möller <nisse@lysator.liu.se>
8302 * x86/aes-decrypt.asm: Use C_NAME(_nettle_aes_decrypt_table) when
8303 using the AES_SUBST_BYTE macro. Use PROLOGUE and EPILOGUE.
8304 * x86/sha1-compress.asm: Use PROLOGUE and EPILOGUE.
8305 * x86/arcfour-crypt.asm: Likewise.
8306 * x86/aes-encrypt.asm: Likewise.
8308 * config.m4.in (ELF_STYLE): Substitute configure's ASM_ELF_STYLE.
8310 * asm.m4 (PROLOGUE, EPILOGUE): New macros, checking the value of
8311 ELF_STYLE. So far, used and tested only for the x86 assembler
8312 files, and needed to make the assembler happy both with ELF
8313 (linux, solaris) and COFF (windows).
8315 * configure.ac (NM): Use AC_CHECK_TOOL to check for nm.
8316 (ASM_SYMBOL_PREFIX): Use $NM when examining the object file.
8317 (ASM_ELF_STYLE): New variable. Set to 'yes' if assembling a file
8318 with ELF-style .type and .size pseudo ops works.
8320 * Makefile.in (TARGETS, DISTFILES): Added nettle.pdf.
8321 (.texinfo.dvi, .dvi.ps, .ps.pdf): New targets, to build nettle.pdf.
8322 (DOCTARGETS): New variable with targets that shouldn't be deleted
8324 (maintainer-clean-here): New target. Deletes generated
8325 documentation files.
8327 * nettle.texinfo: Define AUTHOR with accents, when running in TeX
8328 mode, which doesn't handle latin-1 properly. Set UPDATED-FOR to
8329 1.13. Updated copyright years, and introduced a COPYRIGHT-YEARS
8330 symbol. Updated copyright section, to mention assembler
8332 (Cipher modes): Transformed the Cipher Block Chaining to a section
8333 Cipher modes, describing both CBC and the new CTR mode.
8335 * src/nettle/x86/aes_tables.asm: Deleted unused file.
8337 * x86/aes.asm: Deleted contents. This file is needed just to
8338 override aes.c, which isn't needed for the x86 implementation.
8340 * configure.ac (SHLIBMINOR): Increased minor number. Library
8341 version is now libnettle.so.2.4, soname still libnettle.so.2.
8343 * examples/nettle-benchmark.c (main): Reordered hash benchmarks.
8345 * x86/sha1-compress.asm (EXPAND): Use % 16 instead of & 15 to
8346 compute offsets mod 16, since m4 on FreeBSD 49.RELEASE and NetBSD
8347 doesn't implement & correctly in eval.
8349 2005-10-03 Niels Möller <nisse@lysator.liu.se>
8351 * x86/sha1-compress.asm (OFFSET): New macro.
8352 (F3): Eliminated a movl.
8353 (ROUND): New argument, for k. When using F3, it's TMP3, on the
8354 stack, otherwise, it is kept in TMP2, a register.
8356 2005-10-03 Niels Möller <niels@s3.kth.se>
8358 * examples/nettle-openssl.c: Use correct block sizes for openssl
8361 * examples/nettle-benchmark.c: Also display cycles per block.
8363 2005-10-02 Niels Möller <nisse@lysator.liu.se>
8365 * sha1-compress.c (_nettle_sha1_compress): Updated to new
8366 interface. Now responsible for byte conversion.
8368 * x86/sha1-compress.asm (_nettle_sha1_compress): Do byte order
8369 conversion, and store the input data on the stack. This leaves one
8370 more register free for other uses.
8372 * examples/nettle-benchmark.c: Now display cycles/byte, if the -f
8373 option is used to say what the clock frequency is.
8375 * sha1.c (sha1_block): Don't convert data from uint8_t to
8376 uint32_t, that's now the responsibility of _nettle_sha1_compress.
8378 * sha.h (_nettle_sha1_compress): Changed interface. Second
8379 argument is now a pointer to the input data in unaligned,
8382 2005-09-28 Niels Möller <niels@s3.kth.se>
8384 * sha1.c (sha1_final): Call sha1_block, don't call the compression
8385 function _nettle_sha1_compress directly.
8387 * nettle-internal.h (nettle_openssl_md5)
8388 (nettle_openssl_sha1): Declare.
8390 * examples/nettle-benchmark.c (main): Benchmark openssl md5 and
8393 * examples/nettle-openssl.c (nettle_openssl_md5)
8394 (nettle_openssl_sha1): Added glue for openssl hash functions.
8396 * nettle-internal.h (nettle_openssl_aes128, nettle_openssl_aes192)
8397 (nettle_openssl_aes256, nettle_openssl_arcfour128): Declare.
8399 * examples/nettle-benchmark.c: Check WITH_OPENSSL, not
8400 HAVE_LIBCRYPTO. Benchmark openssl's aes and arcfour code.
8402 * examples/nettle-openssl.c: Updated openssl des glue to use the
8403 new openssl des interface. Added glue for arcfour and aes.
8405 2005-09-27 Niels Möller <nisse@lysator.liu.se>
8407 * nettle.texinfo (RSA): Improved text about the RSA patent.
8408 Use @documentencoding ISO-8859-1.
8410 2005-09-07 Niels Möller <niels@s3.kth.se>
8412 * tools/sexp-conv.c (parse_options): New option --raw-hash, for
8413 compatibility with lsh-1.x. Equivalent to --hash.
8415 2005-09-06 Niels Möller <niels@s3.kth.se>
8417 * tools/sexp-conv.c (main): With --hash, output a newline after
8420 2005-07-02 Niels Möller <nisse@lysator.liu.se>
8422 * testsuite/Makefile.in (TS_SOURCES): Added ctr-test.c.
8424 * testsuite/testutils.c (test_cipher_ctr): New function.
8426 * testsuite/ctr-test.c: New file.
8428 * testsuite/cbc-test.c (test_main): Use static const for msg.
8430 * Makefile.in (nettle_SOURCES): Added ctr.c.
8431 (HEADERS): Added ctr.h.
8432 (HEADERS): Added nettle-types.h.
8433 (INSTALL_HEADERS): Install nettle-stdint.h.
8434 (distclean-here): Delete nettle-stdint.h, not nettle-types.h.
8436 * ctr.c (ctr_crypt): New file, new function.
8438 * memxor.c (memxor3): New function, suggested by Adam Langley.
8440 * nettle-internal.h (NETTLE_MAX_CIPHER_BLOCK_SIZE): New constant.
8442 * nettle.texinfo (Cipher functions): Fixed typo in prototype for
8443 arctwo_encrypt (noticed by Adam Langley).
8445 * nettle-meta.h: No longer needs to include cbc.h.
8447 * cbc.h (nettle_crypt_func): Moved typedef to nettle-types.h.
8448 (CBC_ENCRYPT, CBC_DECRYPT): Deleted older #if:ed out versions.
8450 * configure.ac (AX_CREATE_STDINT_H): Use the file name
8451 nettle-stdint.h, not nettle-types.h.
8453 * nettle-types.h: New file. Automatically generated declarations
8454 are now in nettle-stdint.h.
8456 2005-03-17 Niels Möller <niels@s3.kth.se>
8458 * config.guess: Support Solaris on x86_64. Fix by Henrik
8461 2005-01-03 Niels Möller <niels@s3.kth.se>
8463 * examples/io.h: Include RSA declarations only when public key
8464 algorithms are enabled. Problem reported by Meilof Veeningen
8467 2004-12-07 Niels Möller <nisse@lysator.liu.se>
8469 * Makefile.in: Install directories, using $(INSTALL) -d, only if
8470 they don't exist already.
8472 2004-12-05 Niels Möller <nisse@lysator.liu.se>
8474 * config.make.in (.PRECIOUS): Reverted earlier change. We need
8475 .PRECIOUS to stop GNU make from deleting object files for the test
8478 2004-12-02 Niels Möller <nisse@lysator.liu.se>
8480 * Makefile.in (.SUFFIXES): Moved from Makefile.in to...
8481 * config.make.in (.SUFFIXES): ... here. This helps compilation
8483 * testsuite/Makefile.in (.SUFFIXES): Deleted target.
8485 * config.make.in (.c): Disable default rule for BSD-make.
8487 * Makefile.in (all check install uninstall)
8488 (clean distclean mostlyclean maintainer-clean): Don't use the -C
8489 flag when invoking make, for compatibility with Solaris make.
8491 2004-12-02 Niels Möller <niels@s3.kth.se>
8493 * Makefile.in (aesdata, desdata): Commented out the explicit
8495 (shadata): Avoid using $< in non-pattern rule.
8497 2004-12-01 Niels Möller <nisse@lysator.liu.se>
8499 * config.make.in: Added a default target.
8501 2004-11-29 Niels Möller <nisse@lysator.liu.se>
8503 * testsuite/Makefile.in: Use .$(OBJEXT). Explicitly set .SUFFIXES.
8505 * Makefile.in: Use .$(OBJEXT).
8507 2004-11-28 Niels Möller <nisse@lysator.liu.se>
8509 * tools/Makefile.in (nettle-lfib-stream): Avoid using $< in
8512 * Makefile.in (distdir): Handle absolute $distdir.
8513 Avoid using the GNU extension $^.
8515 * examples/Makefile.in: Avoid using the GNU extension $^.
8516 * tools/Makefile.in: Likewise.
8517 * testsuite/Makefile.in: Likewise.
8519 2004-11-24 Niels Möller <niels@s3.kth.se>
8521 * configure.ac: Fixed typo, preventing the creation of dependency
8524 2004-11-23 Niels Möller <nisse@lysator.liu.se>
8526 * Makefile.in: Use DEP_INCLUDE.
8527 * tools/Makefile.in: Likewise.
8528 * testsuite/Makefile.in: Likewise.
8529 * examples/Makefile.in: Likewise.
8531 * configure.ac (dummy-dep-files): Generate only of dependency
8532 tracking is enabled.
8534 2004-11-18 Niels Möller <nisse@lysator.liu.se>
8536 * Makefile.in (clean-here): The clean target should not delete the
8537 dependency files. Moved to the distclean target.
8538 * examples/Makefile.in: Likewise.
8539 * testsuite/Makefile.in: Likewise.
8540 * tools/Makefile.in: Likewise.
8542 * configure.ac (ASM_SYMBOL_PREFIX): Fixed test.
8543 (dummy-dep-files): Added quotes to sed command.
8545 2004-11-17 Niels Möller <nisse@lysator.liu.se>
8547 * testsuite/symbols-test: Try plain nm if nm -g doesn't work.
8549 * x86/sha1-compress.asm: Use C_NAME for global symbols.
8550 * x86/aes-encrypt.asm: Likewise.
8551 * x86/aes-decrypt.asm: Likewise.
8552 * x86/arcfour-crypt.asm: Likewise.
8554 * Makefile.in (config.m4): New rule.
8556 * config.m4.in (C_NAME): New macro.
8558 * configure.ac (ASM_SYMBOL_PREFIX): Check if global symbols have a
8561 2004-11-16 Niels Möller <nisse@lysator.liu.se>
8563 * Deleted getopt.c, getopt.h and getopt1.c from the CVS tree. Link
8564 them from shared copies in lsh/misc instead.
8566 2004-11-14 Niels Möller <nisse@lysator.liu.se>
8568 * Makefile.in (DEP_FILES): Try include with only one macro
8569 argument to be expanted.
8571 * configure.ac (dummy-dep-files): Create dummy dependency files,
8572 so that they can be included by the makefiles.
8574 2004-11-13 Niels Möller <nisse@lysator.liu.se>
8576 * Makefile.in: Don't use -include, as it's GNU make specific.
8577 * examples/Makefile.in, tools/Makefile.in, testsuite/Makefile.in:
8580 * examples/nettle-openssl.c: Check WITH_OPENSSL, not HAVE_LIBCRYPTO.
8582 * configure.ac: Check for individual openssl headers blowfish.h,
8583 cast.h, des.h. Renamed symbol HAVE_LIBCRYPTO to WITH_OPENSSL. New
8584 configure option --disable-openssl.
8586 2004-11-04 Niels Möller <nisse@lysator.liu.se>
8588 * configure.ac: Bumped version to 1.13.
8590 * Released nettle-1.12.
8592 2004-11-04 Niels Möller <niels@s3.kth.se>
8594 * nettle.texinfo (UPDATED-FOR): Bumped to 1.12.
8596 2004-11-02 Niels Möller <nisse@lysator.liu.se>
8598 * nettle.texinfo (Cipher functions): Updated AES documentation,
8599 for aes_set_encrypt_key and aes_set_decrypt_key.
8600 (UPDATED-FOR): Set to 1.11. I think the manual should be updated
8601 with all user-visible changes.
8603 * aclocal.m4 (LSH_DEPENDENCY_TRACKING): Need extra quoting in case
8604 pattern. (This file really lives in the lsh tree, as
8605 lsh/acinclude.m4. For a complete ChangeLog, see lsh/Changelog).
8607 2004-10-26 Niels Möller <nisse@lysator.liu.se>
8609 * configure.ac: Bumped version to 1.12.
8611 * Released nettle-1.11.
8613 * Makefile.in (clean-here): Delete *.s files.
8614 (PRE_CPPFLAGS): Use this variable, not INCLUDES. Removed
8617 * x86/arcfour-crypt.asm: Use movzbl when extending %cl to 32 bits.
8619 2004-10-24 Niels Möller <nisse@lysator.liu.se>
8621 * x86/arcfour-crypt.asm: Reverted the latest two changes; update
8622 bost src and dst pointers in the loop, and use plain addb when
8623 updating j. These two previous changes slowed the code down on AMD
8626 2004-10-21 Niels Möller <nisse@lysator.liu.se>
8628 * Makefile.in (install-shared): Use $(INSTALL_PROGRAM).
8630 * configure.ac (SHLIBMINOR): Updated, shared library version is
8631 now libnettle.so.2.3, soname still libnettle.so.2.
8633 * Makefile.in (DISTFILES): Added asm.m4.
8635 2004-10-21 Niels Möller <niels@s3.kth.se>
8637 * examples/Makefile.in: Deleted all configure-related rules,
8638 except the one rebuilding this Makefile. One should run make at
8639 top level if other configure related files change.
8640 * tools/Makefile.in: Likewise.
8641 * testsuite/Makefile.in: Likewise.
8643 * configure.ac: Replaced AC_OUTPUT(list...) with an AC_OUTPUT
8644 without arguments, and AC_CONFIG_FILES listing the files.
8646 * Makefile.in: Changed the assembler rules as suffix rules.
8647 Rewrote the configure-related rules, mostly based on the example
8648 in the autoconf manual.
8650 2004-10-20 Niels Möller <nisse@lysator.liu.se>
8652 * examples/nettle-openssl.c (NCOMPAT): Disable openssl backwards
8655 * config.make.in: Insert $(PRE_CPPFLAGS) and $(PRE_LDFLAGS) before
8656 $(CPPFLAGS) and $(LDFLAGS). This mechanism replaces $(INCLUDES).
8658 * examples/Makefile.in (PRE_CPPFLAGS, PRE_LDFLAGS): Use these
8659 flags to get -I.. and -L.. early on the command line.
8660 * testsuite/Makefile.in: Likewise
8661 * tools/Makefile.in: Likewise.
8663 2004-10-20 Niels Möller <niels@s3.kth.se>
8665 * Makefile.in: In the assembler rules, there's no need to look in
8666 $(srcdir) for the input file.
8668 * x86/arcfour-crypt.asm: Reduced inner loop by one instruction, by
8669 precomputing the offset between src and dst.
8671 * tools/Makefile.in (.c.$(OBJEXT)): Removed redundant -I.. flag.
8673 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replaced addb ->
8674 addl + andl $0xff, improving speed on PPro by another 15%.
8676 2004-10-20 Niels Möller <nisse@lysator.liu.se>
8678 * tools/Makefile.in (install): Support DESTDIR.
8679 (uninstall): New target.
8681 * testsuite/Makefile.in (uninstall): New dummy target.
8683 * config.sub: Copied from automake-1.8.5.
8685 * examples/Makefile.in (SOURCES): Added rsa-sign.c and rsa-verify.c.
8686 (DISTFILES): Added getopt.h.
8687 (install uninstall): New dummy targets.
8689 * config.make.in (.PHONY): Added more targets.
8691 * Makefile.in (.texinfo.info, .texinfo.html): New targets. Added
8692 support for uninstall and DESTDIR. Various fixes to install and
8695 * examples/Makefile.in (INCLUDES): Added -I flags.
8696 (distdir): Use $^ to refer to the files.
8697 (distclean): New target.
8698 * testsuite/Makefile.in: Likewise.
8699 * tools/Makefile.in: Likewise.
8701 * Makefile.in (INCLUDES): Need -I flags for VPATH build.
8702 (clean distclean mostlyclean maintainer-clean): Clean
8703 subdirectories first.
8704 (DISTFILES): Added a bunch of files.
8705 (des_headers): Added desCore rules.
8706 (install-here): Split off target install-headers, which uses $^ to
8708 (distdir): Use $^ to refer to the files.
8711 * config.make.in (COMPILE): Add $(INCLUDE) to the line.
8713 2004-10-19 Niels Möller <nisse@lysator.liu.se>
8715 Stop using automake. Replaced each Makefile.am with a hand-written
8717 * configure.ac: New output variable CCPIC_MAYBE. New output file
8718 config.make. Replaced automake constructions.
8719 * .bootstrap: Don't run aclocal and automake.
8720 * config.make.in: New file, with shared Makefile variables and rules.
8722 2004-10-18 Niels Möller <nisse@lysator.liu.se>
8724 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replace incb ->
8725 incl + andl, to improve speed on PPro and PII. Suggested by
8728 2004-10-08 Niels Möller <niels@s3.kth.se>
8730 * examples/rsa-encrypt-test: Avoid reading and executing a file at
8732 * examples/setup-env: Likewise.
8734 2004-10-06 Niels Möller <niels@s3.kth.se>
8736 * testsuite/symbols-test: Ignore __i686.get_pc_thunk.bx and
8739 2004-10-05 Niels Möller <nisse@lysator.liu.se>
8741 * twofish.c (q_table): Use a const pointer array.
8743 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Use a const pointer
8744 array for the keywords.
8745 (dsa_signature_from_sexp): Likewise.
8746 * sexp2rsa.c (rsa_keypair_from_sexp_alist): Likewise.
8747 (rsa_keypair_from_sexp): Likewise.
8749 * sexp.c (sexp_iterator_check_types): Use an argument of type
8750 "const uint8_t * const *" for the types list.
8751 (sexp_iterator_assoc): Likewise, for the keys list.
8753 * list-obj-sizes.awk: Fixes to handle multiple .data and .rodata
8754 sections. Also fixed to handle the last file correctly.
8756 2004-09-23 Niels Möller <nisse@lysator.liu.se>
8758 * configure.ac (SHLIBLINK, SHLIBLIBS): On cygwin, linking needs
8759 -Wl,--whole-archive $(OBJECTS) -Wl,--no-whole-archive $(LIBS).
8761 2004-09-22 Niels Möller <niels@s3.kth.se>
8763 * configure.ac: Setup SHLIBFORLINK and friends for cygwin.
8765 * list-obj-sizes.awk: Strip *_a-prefix from all file names.
8767 * Makefile.am (libnettle_a_SOURCES): List only .c files. Headers
8768 moved to noinst_HEADERS.
8769 (SHLIBOBJECTS): Substitute from libnettle_a_SOURCES, not
8770 am_libnettle_a_OBJECTS, since the latter includes
8771 libnettle_a-prefixes with some automake versions.
8772 (SHLIBSONAME): Check if this name is empty, which is the case on
8773 cygwin, before using it.
8775 2004-08-31 Niels Möller <nisse@lysator.liu.se>
8777 * configure.ac: New command line option --disable-pic. Use
8780 * Makefile.am (libnettle_a_CFLAGS): Added $(CCPIC), to attempt to
8781 build also the static library as position independent code.
8783 2004-08-24 Niels Möller <nisse@lysator.liu.se>
8785 * des-compat.c (des_cbc_cksum): Pad input with NUL's, if it's not
8786 an integral number of blocks.
8788 2004-08-24 Niels Möller <niels@s3.kth.se>
8790 * testsuite/arctwo-test.c, arctwo.h, arctwo.c
8791 (arctwo_set_key_ekb): Fixed typo; it should be "ekb", not "ebk".
8793 Integrated arctwo patch from Simon Josefsson.
8794 * testsuite/Makefile.am (noinst_PROGRAMS): Added arctwo-test.
8796 * Makefile.am (libnettleinclude_HEADERS): Added arctwo.h.
8797 (libnettle_a_SOURCES): Added arctwo.c, arctwo.h and arctwo-meta.c.
8799 * nettle-meta.h (nettle_arctwo40, nettle_arctwo64)
8800 (nettle_arctwo64, nettle_arctwo_gutmann128): Declare ciphers.
8802 * arctwo-meta.c, arctwo.c, arctwo.h, testsuite/arctwo-test.c: New
8805 * macros.h (LE_READ_UINT16, LE_WRITE_UINT16): New macros.
8807 2004-08-23 Niels Möller <nisse@lysator.liu.se>
8809 * testsuite/md5-test.c (test_main): Added collision, found in 2004.
8810 (test_main): Added second collision.
8812 2004-08-23 Niels Möller <niels@s3.kth.se>
8814 * testsuite/md5-test.c (test_main): Added first half of a
8815 collision test case.
8817 * des-compat.c (des_cbc_cksum): Changed input argument to be of
8818 type const uint8_t * (was const des_cblock *).
8820 * des-compat.h (const_des_cblock): New bogus type. Disabled use of
8821 const, for compatibility with openssl.
8823 2004-06-08 Niels Möller <niels@s3.kth.se>
8825 * aesdata.c: Renamed log and ilog to gf2_log and gf2_exp.
8827 2004-04-07 Niels Möller <nisse@lysator.liu.se>
8829 * aes-set-encrypt-key.c (log, ilog): Deleted unused tables.
8831 * aes-set-decrypt-key.c (gf2_log, gf2_exp, mult): Renamed tables,
8834 2004-03-20 Niels Möller <nisse@lysator.liu.se>
8836 * configure.ac: Use AC_CONFIG_AUX_DIR([.]).
8838 2004-03-18 Niels Möller <niels@s3.kth.se>
8840 * examples/io.c (read_file): Display a message if fopen fails.
8842 2004-03-05 Niels Möller <nisse@lysator.liu.se>
8844 * Released nettle-1.10.
8846 * configure.ac (SHLIBMINOR): Shared library version is now 2.2.
8848 2004-03-04 Niels Möller <nisse@lysator.liu.se>
8850 * testsuite/symbols-test: Pass -g flag to nm.
8852 2004-03-02 Niels Möller <nisse@lysator.liu.se>
8854 * configure.ac: Fixed EXEEXT workaround.
8856 2004-03-02 Niels Möller <niels@s3.kth.se>
8858 * configure.ac: Added workaround to get the correct $(EXEEXT)=''
8859 when compiling with rntcl.
8861 2004-03-02 Niels Möller <nisse@lysator.liu.se>
8863 * testsuite/Makefile.am (noinst_PROGRAMS): Put test program list
8864 here, to let automake add $(EXEEXT).
8866 * configure.ac (RSA_EXAMPLES): Append $(EXEEXT) to the filenames.
8868 2004-03-01 Niels Möller <nisse@lysator.liu.se>
8870 * examples/rsa-keygen.c, examples/rsa-encrypt.c,
8871 examples/rsa-decrypt.c: Include "getopt.h" instead of <unistd.h>.
8873 * examples/Makefile.am (rsa_encrypt_SOURCES, rsa_decrypt_SOURCES)
8874 (rsa_keygen_SOURCES): Added getopt.h, getopt.c and getopt1.c.
8876 * examples/getopt.h, examples/getopt.c, examples/getopt1.c: New
8879 * testsuite/des-compat-test.c: Don't include <unistd.h>.
8881 * testsuite/testutils.c (main): Don't use getopt. Then we don't
8882 need to include <unistd.h>.
8884 2004-03-01 Niels Möller <niels@s3.kth.se>
8886 * config.guess: Copied from automake-1.8.2. Hacked to recognize
8887 Windows_NT (and Windows_95 and Windows_98) running on "x86" and
8890 * install-sh: Removed from CVS repository. Let automake supply it.
8892 2004-02-26 Niels Möller <nisse@lysator.liu.se>
8894 * nettle-meta.h (nettle_crypt_func): Typedef moved to cbc.h.
8895 Include cbc.h instead.
8897 * des-compat.c: Reverted const change, now all the des_key_sched
8898 arguments are not const. This is also what openssl's interface
8900 (cbc_crypt_func): Deleted typedef, use nettle_crypt_func instead.
8902 * cbc.h (nettle_crypt_func): Moved typedef here.
8903 * cbc.c (cbc_encrypt, cbc_decrypt_internal, cbc_decrypt): Use it
8904 for typing the f argument. Reverted the const change, for
8905 compatibility with nettle_crypt_func.
8907 2004-02-25 Niels Möller <nisse@lysator.liu.se>
8909 * testsuite/des-compat-test.c: Use des_cblock for typing more of
8910 the variables. Use const. Got rid of most of the explicit casts.
8911 Disabled the input/output alignment tests.
8913 * des.c (des_encrypt, des_decrypt): Use a const context pointer.
8914 * des3.c (des3_encrypt, des3_decrypt): Likewise.
8916 * cbc.c (cbc_encrypt, cbc_decrypt): Use a _const_ void *ctx argument.
8918 * des-compat.c: Use const for all unchanged arguments.
8919 (des_key_sched): Use a copy of the key if we need to fix the
8922 * testsuite/des-compat-test.c (C_Block, Key_schedule): Deleted
8923 defines. Deleted some of the explicit casts.
8925 * des-compat.c (des_cbc_cksum): Dereference DST pointer.
8927 2004-02-25 Niels Möller <niels@s3.kth.se>
8929 * pgp.h: Include nettle-types.h.
8931 2004-02-24 Niels Möller <nisse@lysator.liu.se>
8933 * testsuite/symbols-test: Allow symbols starting with double
8934 underscores, like on darwin.
8936 2004-02-17 Niels Möller <niels@s3.kth.se>
8938 * Makefile.am: Protected %-rules used for building pure objects,
8939 and for assembler files, by automake conditionals. Needed for
8940 makes such as tru64's, which tries to understand %-patterns, but
8941 doesn't get it right.
8942 (SUFFIXES): Added .html.
8943 (.texinfo.html): Rewrote rule to use a traditional suffix target.
8945 * configure.ac (enable_assembler): Explicitly set
8946 enable_assembler=no, on architectures where we have no assembler
8948 (ENABLE_ASSEMBLER, ENABLE_SHARED): New automake conditionals.
8950 * testsuite/testutils.c (xalloc): xalloc(0) should work also on
8951 systems where malloc(0) returns NULL.
8953 2004-02-16 Niels Möller <niels@s3.kth.se>
8955 * Makefile.am (%.o: %.asm): Added comment about OSF1 make problem.
8957 2004-02-15 Niels Möller <nisse@lysator.liu.se>
8959 * testsuite/testutils.h: #include nettle-types.h instead of
8962 2004-02-12 Niels Möller <nisse@lysator.liu.se>
8964 * examples/rsa-encrypt-test: Use -r option when invoking
8965 rsa-encrypt. Needed for the test to work on systems with no
8968 2004-02-12 Niels Möller <niels@s3.kth.se>
8970 * configure.ac (CPPFLAGS, LDFLAGS): No spaces after -I and -L, as
8971 some C compilers, in particular True64 cc, don't like that.
8973 2004-02-08 Niels Möller <nisse@lysator.liu.se>
8975 * configure.ac: Bumped version number to 1.10.
8977 2004-02-07 Niels Möller <nisse@lysator.liu.se>
8979 * Released nettle-1.9.
8981 * configure.ac (SHLIBMINOR): Bumped, library version is now 2.1.
8983 * testsuite/sexp-format-test.c: Include bignum.h only if HAVE_LIBGMP.
8984 * testsuite/rsa-encrypt-test.c: Include rsa.h only if WITH_PUBLIC_KEY.
8985 * testsuite/pkcs1-test.c: Include pkcs1.h only if WITH_PUBLIC_KEY.
8987 * pgp-encode.c [!HAVE_LIBGMP]: Kludge around the pgp.h's
8988 dependency on gmp.h.
8989 (pgp_put_mpi): Condition on HAVE_LIBGMP.
8991 * pgp.h: Don't include bignum.h, to make it possible to compile
8992 the non-bignum parts of pgp-encode.c without bignum support. Needs
8993 to be fixed properly before the pgp interface is advertised.
8995 * tools/sexp-conv.c (xalloc): New function.
8998 * tools/output.c (sexp_put_digest): Use TMP_DECL instead of alloca.
9000 * testsuite/testutils.c (xalloc): New function. Made all other
9001 functions use xalloc instead of alloca.
9003 * examples/rsa-keygen.c (main): Use xalloc for allocation.
9004 * examples/rsa-encrypt.c (write_bignum): Likewise.
9005 * examples/rsa-decrypt.c (read_bignum): Likewise.
9006 * testsuite/yarrow-test.c (open_file): Likewise.
9007 * testsuite/rsa-encrypt-test.c (test_main): Likewise.
9008 * testsuite/bignum-test.c (test_bignum): Likewise.
9010 * examples/nettle-openssl.c: When calling des_key_sched and
9011 des_ecb_encrypt, cst arguments to (void *). Openssl's typedefs
9012 des_cblock and const_des_cblock are too broken.
9014 * examples/nettle-benchmark.c (xalloc): New function. Use instead
9015 of alloca, for better portability.
9017 * examples/io.c (xalloc): New function.
9019 * Makefile.am (nodist_libnettleinclude_HEADERS): nettle-types.h
9020 should not be distributed.
9022 2004-02-06 Niels Möller <niels@s3.kth.se>
9024 * x86/sha1-compress.asm: Rename round -> ROUND.
9026 * x86/sha1-compress.asm: Store the magic constants on stack.
9027 Accessing them via %esp should be a little faster than using large
9030 * Makefile.am (EXTRA_DIST, DISTCLEANFILES): Handle
9033 * configure.ac: Use assembler file sha1-compress.asm if available.
9035 * x86/sha1-compress.asm (EXPAND): Fixed the rotation part of the
9038 2004-02-06 Niels Möller <nisse@lysator.liu.se>
9040 * x86/sha1-compress.asm: Assembler implementation of
9041 sha1_compress. (Not yet working).
9043 * Makefile.am (libnettle_a_SOURCES): Added sha1-compress.c.
9045 * sha1.c (sha1_transform): Function renamed to sha1_compress, and
9047 * sha1-compress.c: ... New file.
9049 2004-02-05 Niels Möller <nisse@lysator.liu.se>
9051 * examples/rsa-encrypt.c (process_file): Copy the leftover to the
9052 start of the buffer, when preparing for the final processing.
9054 * examples/nettle-benchmark.c (bench_hash, time_hash): New functions.
9055 (main): Benchmark hash functions too.
9056 (BENCH_BLOCK): Increased 10K.
9057 (BENCH_INTERVAL): Decreased to 0.25s.
9059 * examples/nettle-benchmark.c (time_function): Loop around calling
9060 f, until 1s has elapsed. Returns seconds per call. Updated bench
9061 functions to not loop themselves.
9062 (display): Updated MB/s calculation.
9064 * testsuite/arcfour-test.c (test_main): Use test_cipher_stream.
9066 * testsuite/testutils.c (test_cipher_stream): New function, that
9067 tries dividing the input into varying size blocks before
9070 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Bug fix, half of
9071 the S array swap was forgotten.
9072 * arcfour.c (arcfour_stream): Likewise.
9073 * arcfour-crypt.c (arcfour_crypt): Likewise.
9075 2004-02-05 Niels Möller <niels@s3.kth.se>
9077 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Must store the new
9078 i, j at the end of the loop.
9080 * Makefile.am (EXTRA_DIST): Make sure x86 assembler files are
9082 (DISTCLEANFILES): And that the symlinks and .s files are deleted.
9084 * x86/aes-encrypt.asm, x86/aes-decrypt.asm, x86/arcfour-crypt.asm:
9085 Fixed debug information.
9087 * x86/arcfour-crypt.asm: New file. About three times faster than
9088 the optimized C code.
9090 * configure.ac: Use assembler file arcfour-crypt.asm if available.
9092 * arcfour.c (arcfour_crypt): Moved function too...
9093 * arcfour-crypt.c (arcfour_crypt): New file.
9095 * arcfour.c (arcfour_crypt): Optimization suggested by Jonas
9096 Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
9097 probably on other architectures as well.
9099 2004-01-31 Niels Möller <nisse@lysator.liu.se>
9101 * configure.ac (AX_CREATE_STDINT_H): Also look for uint32_t and
9102 friends in sys/types.h.
9104 2004-01-11 Niels Möller <nisse@harpo.hack.org>
9106 * Makefile.am (libnettleinclude_HEADERS): Added bignum.h,
9107 memxor.h, pkcs1.h and rsa-compat.h.
9109 * configure.ac: Bumped version to 1.9.
9111 2004-01-10 Niels Möller <nisse@harpo.hack.org>
9113 * Released nettle-1.8.
9115 * examples/teardown-env: Delete more test files.
9117 * nettle.texinfo (Hash functions): Documented md2 and md4.
9119 * configure.ac (SHLIBMAJOR): Bumped to 2.
9121 2004-01-09 Niels Möller <nisse@harpo.hack.org>
9123 * examples/rsa-encrypt-test: New testcase.
9125 * examples/rsa-encrypt.c, examples/rsa-session.h: Expanded the
9126 comment describing the file format, and moved to rsa-session.h.
9128 * examples/rsa-decrypt.c (process_file): Finished this function.
9129 (main): Initialize x. Check the size of the session key after rsa
9132 * examples/io.c (write_string): Treat short item count as an error.
9134 2004-01-08 Niels Möller <niels@s3.kth.se>
9136 * index.html: Added instructions for CVS access.
9138 * dsa-keygen.c (dsa_nist_gen): Fixed declaration/statement order.
9140 * rsa-keygen.c (bignum_next_prime): Fixed off-by-one error when
9141 comparing input to the largest listed prime. General cleanup, as
9142 prime_limit > 0 always. Use TMP_DECL and TMP_ALLOC.
9144 * nettle-internal.h (TMP_DECL, TMP_ALLOC): New macros. When alloca
9145 is unavailable, they work by allocating a fix amount of stack and
9146 imposing a hard limit on what can be allocated. Updated all users
9149 2004-01-07 Niels Möller <nisse@harpo.hack.org>
9151 * nettle-types.h: New (generated) file, to be used instead of
9152 including <inttypes.h> directly. Updated all users of inttypes.h.
9154 * Makefile.am (DISTCLEANFILES, libnettleinclude_HEADERS): Added
9157 * configure.ac (AX_CREATE_STDINT_H): Create nettle-types.h.
9159 2003-11-16 Niels Möller <nisse@harpo.hack.org>
9161 * yarrow256.c (yarrow256_seed): Use const for the seed_file input.
9163 2003-11-12 Niels Möller <niels@s3.kth.se>
9165 * list-obj-sizes.awk: New function for decoding hex values, with a
9166 new function hex2int. Also implemented calculation of total
9167 storage, removed the dependence on the .comment section, and use
9168 the $FILTER environment variable as a regexp for restricting the
9169 object files that are considered.
9171 2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
9173 * testsuite/rsa-encrypt-test.c (test_main): Don't use gmp_printf,
9174 as it seems it's only available with the newer gmp. Use
9175 mpz_out_str instead.
9177 2003-09-19 Niels Möller <niels@s3.kth.se>
9179 * examples/Makefile.am (EXTRA_DIST): Added rsa-session.h.
9181 * tools/nettle-lfib-stream.c: New tool, which outputs a sequence
9182 of pseudorandom (non-cryptographic) bytes, using Knuth's lagged
9183 fibonacci generator.
9185 * examples/rsa-decrypt.c: Fixes to get the file to compile. It
9188 * examples/Makefile.am (EXTRA_PROGRAMS): Added rsa-encrypt and
9191 * examples/io.c (write_file): New function.
9192 (write_string): Simplified error check, it's no real point in
9193 calling ferror unless we also call fflush.
9195 * examples/rsa-keygen.c (main): Check return value from
9198 * examples/rsa-decrypt.c, examples/rsa-encrypt.c,
9199 examples/rsa-session.h: New files, demonstrating rsa encryption
9202 * configure.ac (RSA_EXAMPLES): Added rsa-encrypt and rsa-decrypt.
9204 2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
9206 * testsuite/testutils.c (print_hex): Use const.
9208 2003-08-30 Niels Möller <niels@s3.kth.se>
9210 * md2.c, md2.h: Added reference to RFC 1319.
9211 * md4.c, md4.h: Added reference to RFC 1320
9213 2003-08-26 Niels Möller <niels@s3.kth.se>
9215 * Makefile.am: Added md2 and md5 files. Deleted the print-path
9218 * configure.ac: Bumped version to 1.8.
9220 * testsuite/testutils.c (test_rsa_set_key_1): New function.
9221 * testsuite/rsa-test.c (test_main): Use it.
9223 * testsuite/dsa-keygen-test.c: Deleted definition of UNUSED, it's
9225 * testsuite/rsa-keygen-test.c: Likewise.
9227 * testsuite/Makefile.am (TS_PROGS): Added rsa-encrypt-test,
9228 md4-test, and md2-test.
9230 * testsuite/rsa-encrypt-test.c, testsuite/md4-test.c,
9231 testsuite/md2-test.c: New test cases.
9233 * nettle-meta.h: Declare nettle_md2 and nettle_md4.
9235 * md5.c: Reorderd functions, putting md5_final at the end.
9237 * md2.c, md2.h, md2-meta.c: New files, implemented md2.
9238 * md4.c, md4.h, md4-meta.c: New files, implemented md4.
9240 2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
9242 * desCode.h (des_keymap, des_bigmap): Deleted extern declarations,
9243 they conficted with the static definition in des.c. Reported by
9246 * des.c (DesSmallFipsEncrypt, DesSmallFipsDecrypt): Moved
9247 definitions after the definition of the des_kemap array.
9249 2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
9251 * rsa-encrypt.c (rsa_encrypt): Bugfix contributed by
9254 2003-06-10 Niels Möller <niels@s3.kth.se>
9256 * Makefile.am (EXTRA_DIST): Distribute sha-example.c.
9258 2003-06-05 Niels Möller <nisse@lysator.liu.se>
9260 * Makefile.am (DISTCLEANFILES): Delete .s files.
9262 2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
9264 * testsuite/symbols-test: And allow symbols that start at the
9265 beginning of the line, as output by AIX nm.
9267 2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
9269 * testsuite/symbols-test: Allow symbols to start with a dot.
9271 2003-05-14 Niels Möller <niels@s3.kth.se>
9273 * pgp.h (enum pgp_subpacket_tag): Copied values from RFC 2440.
9274 Renamed PGP_SUBPACKET_ISSUER to PGP_SUBPACKET_ISSUER_KEY_ID.
9276 2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
9278 * pgp.h: Do proper namemangling for pgp_put_public_rsa_key and
9279 pgp_put_rsa_sha1_signature.
9281 * pgp-encode.c (pgp_put_mpi): Fixed nettle_mpz_get_str_256 call.
9283 2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
9285 * rsa2openpgp.c (rsa_keypair_to_openpgp): Some bugfixes.
9287 * pgp.h (enum pgp_subpacket_tag): New enum. Definition is bogus
9288 and needs to be fixed.
9289 Added forward declarations of structs, and prototypes for
9290 pgp_put_public_rsa_key and pgp_put_rsa_sha1_signature.
9292 * pgp-encode.c (pgp_put_mpi): Take a const mpz_t argument. Gugfix,
9293 use nettle_mpz_get_str_256.
9294 (pgp_put_public_rsa_key, pgp_put_rsa_sha1_signature):
9295 Constification. Some bugfixes.
9297 * Use "config.h", not <config.h>.
9299 * Reordered includes in most or all .c-files. All should now
9302 2003-05-12 Niels Möller <niels@s3.kth.se>
9304 * configure.ac: Use LSH_FUNC_ALLOCA.
9306 2003-04-25 Niels Möller <niels@s3.kth.se>
9308 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha256.c.
9310 * testsuite/hmac-test.c (test_main): Added tests for hmac-sha256,
9311 from draft-ietf-ipsec-ciph-sha-256-01.txt.
9313 * hmac-sha256.c (hmac_sha256_digest): New file.
9315 2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
9317 * sha-example.c (display_hex): Simplified by using printf better.
9319 * nettle.texinfo (Example): Use @verbatiminclude to include the
9322 * sha-example.c: Example program, for inclusion in the manual.
9323 Fixed bugs reported by Mark Arking.
9325 2003-04-14 Niels Möller <niels@s3.kth.se>
9327 * x86/aes-encrypt.asm (nettle_aes_encrypt): Fixed references to
9328 _nettle_aes_encrypt_table.
9329 * x86/aes-decrypt.asm (nettle_aes_decrypt): Fixed references to
9330 _nettle_aes_decrypt_table.
9332 2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
9334 * testsuite/Makefile.am (TS_SH): New test case symbols-test.
9335 (EXTRA_PROGRAMS): Added testutils, as a kludge to
9336 get automake to track dependencies for testutils.o.
9338 * x86/aes-encrypt.asm (nettle_aes_encrypt): Renamed function to
9339 use the nettle_ prefix.
9340 * x86/aes-decrypt.asm (nettle_aes_decrypt): Likewise.
9341 * sparc/aes.asm (_nettle_aes_crypt): Likewise.
9343 * examples/Makefile.am (EXTRA_PROGRAMS): Add "io", as a kludge to
9344 get automake to track dependencies for io.o.
9345 (LDADD): Added ../libnettle.a, for the dependency.
9347 * des-compat.c: Use names with the nettle_ prefix when using
9348 Nettle's des functions.
9350 * base16-meta.c (base16_encode_update): Need to undef before
9353 * New name mangling, to reduce the risk of link collisions. All
9354 functions (except memxor) now use a nettle_ or _nettle prefix when
9355 seen by the linker. For most functions, the header file that
9356 declares a function also use #define to provide a shorter more
9357 readable name without the prefix.
9359 2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
9361 * Released nettle-1.7.
9363 * configure.ac: Bumped version to 1.7.
9365 * nettle.texinfo (DSA): New section.
9366 (RSA): Updated documentation.
9368 2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
9370 * examples/nettle-benchmark.c (time_cipher): Don't use GNU C
9371 non-constant initializers.
9373 2003-02-23 Niels Moller <nisse@carduelis>
9375 * configure.ac: Use LSH_GCC_ATTRIBUTES.
9377 2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
9379 * acinclude.m4: Deleted file from cvs, use a link to lsh's
9380 acinclude.m4 instead.
9382 2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
9384 * Makefile.am (libnettleinclude_HEADERS): Added macros.h.
9386 * tools/Makefile.am (EXTRA_DIST): Added getopt.h.
9388 2003-02-14 Niels Möller <niels@s3.kth.se>
9390 * Makefile.am (print_path): Added target to print the used PATH,
9392 (print-path): Moved dependency to all-local.
9394 2003-02-11 Niels Möller <niels@s3.kth.se>
9396 * buffer.c (nettle_buffer_copy): Bug fix, it didn't return any
9399 2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
9401 * testsuite/sexp-format-test.c (test_main): Added test for %( and
9404 * sexp-format.c (sexp_vformat): Handle %( and %).
9406 * realloc.c (nettle_xrealloc): Fixed out-of-memory check.
9408 * configure.ac (SHLIBMAJOR): Bumped version number to 1.
9410 * buffer.c (nettle_buffer_init_realloc): New function.
9411 * buffer-init.c (nettle_buffer_init): Use nettle_buffer_init_realloc.
9413 2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
9415 * testsuite/sexp-format-test.c (test_main): New test with tokens
9416 in the format string.
9417 (test_main): Test space-searated literals too.
9419 * rsa2sexp.c (rsa_keypair_to_sexp): New argument ALGORITHM_NAME.
9420 * examples/rsa-keygen.c (main): Updated call to rsa_keypair_to_sexp.
9421 * testsuite/rsa2sexp-test.c (test_main): Likewise.
9423 * sexp-format.c (sexp_vformat): Allow whitespace in format string.
9425 * rsa2sexp.c (rsa_keypair_to_sexp): Use literals with sexp_format.
9427 * sexp-format.c (format_string): New function.
9428 (sexp_vformat): Implemented support for literals in the format
9431 2003-02-06 Niels Möller <nisse@lysator.liu.se>
9433 * testsuite/sexp-conv-test (print_raw, print_nl): New functions.
9434 The testfunctions use these instead of using echo directly.
9435 Use the test input '3:"\x' instead of '2:"\', to be friendlier to
9438 2003-02-05 Niels Möller <nisse@lysator.liu.se>
9440 * des-compat.h (des_set_key): Different name mangling, if this
9441 file is included, des_set_key should refer to a function that
9442 behaves like openssl's.
9444 * des-compat.c (des_key_sched, des_is_weak_key): Use the name
9445 nettle_des_set_key for referring to Nettle's function.
9447 * des.h (des_set_key): Name mangling, linker symbols should use a
9448 "nettle_" prefix, and this one collided with openssl. Perhaps all
9449 symbols should be mangled in a similar way, but that's for later.
9451 * configure.ac (LDFLAGS): --with-lib-path should add to LDFLAGS,
9454 2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
9456 * tools/output.c (sexp_put_string): Fixed handling of escapable
9457 characters. The code generated random escape sequences for
9458 characters in the 0x10-0x1f range.
9460 * testsuite/sexp-conv-test: More tests for hex and base64 input
9463 2003-01-30 Niels Möller <niels@s3.kth.se>
9465 * sexp2bignum.c (nettle_mpz_set_sexp): Call sexp_iterator_next on
9466 success. That means the iterator argument can't be const.
9468 2003-01-29 Niels Möller <niels@s3.kth.se>
9470 * tools/Makefile.am (LDADD): Add libnettle.a, for the dependency.
9472 2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
9474 * sexp2dsa.c (dsa_signature_from_sexp): New function.
9476 RSA renaming. Updated all callers.
9477 * rsa-sign.c (rsa_private_key_init, rsa_private_key_clear)
9478 (rsa_private_key_prepare): Renamed functions.
9479 * rsa.c (rsa_public_key_init, rsa_public_key_clear)
9480 (rsa_public_key_prepare): Renamed functions.
9482 2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
9484 * Makefile.am (libnettle_a_SOURCES): Added new rsa and pkcs1
9485 files. Removed old rsa_md5.c and rsa_sha1.c.
9487 * testsuite/Makefile.am (TS_PROGS): Added pkcs1-test.
9489 * dsa-verify.c (dsa_verify_digest): New function.
9490 (dsa_verify): Most of the code moved to dsa_verify_digest, which
9492 * dsa-sign.c (dsa_sign_digest): New function.
9493 (dsa_sign): Most of the code moved to dsa_sign_digest, which is
9495 * dsa.c (_dsa_hash): Deleted function.
9497 * rsa_md5.c, rsa_sha1.c: Deleted files, contents spread over
9498 several files for signing and verification.
9499 * rsa-sign.c, rsa-sha1-verify.c, rsa-sha1-sign.c,
9500 rsa-md5-verify.c, rsa-md5-sign.c: New files.
9502 * rsa-sha1-verify.c (rsa_sha1_verify_digest): New function.
9503 * rsa-sha1-sign.c (rsa_sha1_sign_digest): New function.
9504 * rsa-md5-verify.c (rsa_md5_verify_digest): New function.
9505 * rsa-md5-sign.c (rsa_md5_sign_digest): New function.
9506 * rsa-verify.c (_rsa_verify): New file, new function.
9508 * rsa.c (_rsa_check_size): Renamed from rsa_check_size, and made
9509 non-static. Private key functions moved to rsa-sign.c.
9511 * pkcs1.c, pkcs1.h, pkcs1-rsa-md5.c, pkcs1-rsa-sha1.c: New files.
9512 (pkcs1_signature_prefix): New function.
9514 * testsuite/pkcs1-test.c: New test.
9516 2003-01-22 Niels Möller <niels@s3.kth.se>
9518 * examples/Makefile.am (nettle_benchmark_LDADD): Use
9521 * configure.ac (OPENSSL_LIBFLAGS): If libcrypto is found, add
9522 -lcrypto to OPENSSL_LIBFLAGS, not the plain LDFLAGS.
9524 2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
9526 * testsuite/Makefile.am (CLEANFILES): Delete test.in, test1.out
9529 2003-01-17 Niels Möller <niels@s3.kth.se>
9531 * examples/Makefile.am (AM_CPPFLAGS): Use AM_CPPFLAGS instead of
9533 * testsuite/Makefile.am (AM_CPPFLAGS): Likewise.
9535 2003-01-16 Niels Möller <niels@s3.kth.se>
9537 * testsuite/Makefile.am (check): Can't use quotes around
9540 2003-01-14 Niels Möller <nisse@lysator.liu.se>
9542 * testsuite/Makefile.am (check): Don't use "run-tests" as a
9543 target, as it's confused with the file with the same name.
9545 * .bootstrap: Added missing #! /bin/sh.
9547 2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
9549 * buffer.c (nettle_buffer_reset): New function.
9550 (nettle_buffer_copy): New function.
9552 * tools/input.c, tools/input.h, tools/output.c, tools/output.h,
9553 tools/parse.c, tools/parse.h, tools/misc.c, tools/misc.h: Moved
9554 parts ov sexp-conv.c to separate files
9556 * tools/sexp-conv.c (sexp_convert_list): Inlined into
9559 * tools/sexp-conv.c (struct sexp_input): Deleted string attribute.
9560 Changed all related functions to take a struct nettle_buffer *
9562 (struct sexp_compound_token): New struct.
9563 (sexp_compound_token_init, sexp_compound_token_clear): New
9565 (struct sexp_parser): Added a struct sexp_compound_token
9566 attribute, as a temporary measure.
9567 (sexp_parse): Take a struct sexp_compound_token * as argument.
9568 Updated all callers. Simplified handling of display types and
9571 * tools/sexp-conv.c (struct sexp_parser): Renamed struct (was
9572 struct sexp_parse_state). Added input pointer. Updated users to
9573 not pass around both parser and input.
9574 (sexp_check_token): handle token == 0.
9575 (sexp_parse): Simplified a little by calling sexp_check_token
9578 * tools/sexp-conv.c (sexp_convert_string): Deleted function.
9579 (sexp_skip_token): Likewise.
9581 * tools/sexp-conv.c (enum sexp_token): New constant SEXP_DISPLAY.
9582 Start constants from 1, to keep 0 free for special uses.
9583 (struct sexp_parse_state): New struct for keeping track of parser
9585 (sexp_parse_init): New function.
9586 (sexp_check_token): New function, replacing sexp_skip_token.
9587 (sexp_parse): New function.
9588 (sexp_convert_item): Simplified by using sexp_parse.
9589 (sexp_convert_list): Use sexp_parse.
9592 2003-01-08 Niels Möller <niels@s3.kth.se>
9594 * tools/sexp-conv.c (parse_options): Initialize prefer_hex.
9596 2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
9598 * Makefile.am (des_headers): Refer to the desdata binary using
9601 2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
9603 * testsuite/sexp-conv-test: New tests for hex and base64 literal
9606 * tools/sexp-conv.c (sexp_put_string): Print binary strings using
9607 either hex or base 64 (in advanced mode).
9608 (parse_options): Implemented -s hex, for output using hex rather
9611 2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
9613 * testsuite/rsa2sexp-test.c: Don't include rsa.h (done by
9614 testutils.h, if enabled).
9615 * testsuite/sexp2rsa-test.c: Likewise.
9617 * rsa-decrypt.c: Make compilation conditional on WITH_PUBLIC_KEY.
9618 * rsa-encrypt.c: Likewise.
9619 * rsa-compat.c: Likewise.
9621 2002-12-04 Niels Möller <niels@s3.kth.se>
9623 * testsuite/Makefile.am (LDADD): Added path to ../libnettle.a,
9624 which is redundant except for the dependency.
9626 2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
9628 * testsuite/sexp-format-test.c (test_main): Use %0s instead of %z.
9631 * sexp-format.c (format_length_string): Deleted function.
9632 (format_string): Deleted function.
9633 (sexp_vformat): New %t specifier, formatting an optional display
9634 type. Deleted %z specifier. Instead, introduced a new modifier "0"
9635 that can be used with %s, %l and %t, which says that the data is
9638 * rsa2sexp.c (rsa_keypair_to_sexp): Use %0s rather than %z, when
9639 formatting s-expressions.
9641 * buffer.c (nettle_buffer_grow): Fixed assertion.
9643 2002-11-22 Niels Möller <niels@s3.kth.se>
9645 * buffer.c: Include assert.h.
9647 2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
9649 * testsuite/testutils.c (print_hex): Add line breaks.
9651 * Makefile.am (libnettleinclude_HEADERS): Added realloc.h.
9652 (libnettle_a_SOURCES): Added buffer-init.c and realloc.c.
9654 * sexp.c (sexp_iterator_exit_lists): New function, #if:ed out for
9657 * desdata.c: Include config.h, to get definition of UNUSED.
9658 * shadata.c: Likewise.
9660 * buffer.c (nettle_buffer_grow): New function, replacing
9662 (nettle_buffer_clear): Rewritten to use buffer->realloc.
9664 * buffer.h (struct nettle_buffer): Replaced the GROW function
9665 pointer with a nettle_realloc_func pointer and a
9667 (NETTLE_BUFFER_GROW): Deleted macro, use function instead.
9669 * buffer-init.c (nettle_buffer_init): Moved to a separate file.
9671 * realloc.c (nettle_realloc): New function.
9672 (nettle_xrealloc): New function.
9674 * realloc.h (nettle_realloc_func): New typedef.
9676 * configure.ac: Check for gcc:s __attribute__.
9678 2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
9680 * sexp2dsa.c, sexp2rsa.c: (macro GET): Check sign of parsed
9683 * sexp2bignum.c (nettle_mpz_set_sexp): In the first check against
9684 limit, added some margin to allow for sign octets.
9686 2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
9688 * testsuite/testutils.h (LDATA): Use sizeof instead of strlen. Now
9689 handles strings including NUL-characters. But works only with
9690 literals and character arrays, no char pointers.
9691 (LLENGTH): New macro, computing length the same way as LDATA.
9693 * testsuite/sexp-test.c (test_main): Test sexp_iterator_get_uint32.
9695 * testsuite/sexp-format-test.c (test_main): Check that %i and %b
9696 generate leading zeroes when needed. Check that %b handles
9699 * testsuite/rsa2sexp-test.c (test_main): Updated test, one leading
9700 zero is needed in the private key expression. In verbose mode,
9701 print the generated keys.
9703 * testsuite/sexp2rsa-test.c (test_main): Added a leading zero in
9704 the private key expression.
9706 * testsuite/bignum-test.c (test_bignum): Use
9707 nettle_mpz_init_set_str_256_s.
9708 (test_size): New function.
9709 (test_main): Test size computation and formatting of negative
9712 * sexp2bignum.c (nettle_mpz_set_sexp): Use
9713 nettle_mpz_set_str_256_s, to handle negative numbers correctly.
9715 * sexp-format.c (sexp_vformat): For %i, output a leading zero when
9716 needed to get a correct, positive, sign. For %b, use
9717 nettle_mpz_sizeinbase_256_s, to handle negative numbers properly.
9719 * bignum.c (nettle_mpz_sizeinbase_256_s): New function.
9720 (nettle_mpz_sizeinbase_256_u): New name, was
9721 nettle_mpz_sizeinbase_256. Updated all callers.
9722 (nettle_mpz_to_octets): New function.
9723 (nettle_mpz_get_str_256): Handle negative numbers.
9724 (nettle_mpz_from_octets): New function.
9725 (nettle_mpz_set_str_256_u): New name, was nettle_mpz_set_str_256.
9726 (nettle_mpz_init_set_str_256_u): New name, was
9727 nettle_mpz_init_set_str_256.
9728 (nettle_mpz_set_str_256_s): New function, handling negative two's
9730 (nettle_mpz_init_set_str_256_s): And an init variant.
9732 * sexp.c (sexp_iterator_get_uint32): New function.
9734 2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
9736 * testsuite/sexp-conv-test: Use input files without any trailing
9737 newline character, in order to stress the end of file handling.
9739 * tools/sexp-conv.c (sexp_get_token_string): Fixed end of file
9741 (sexp_get_string): Fixed end of encoding/end of file handling.
9742 (parse_options): Check for negative width and complain.
9744 * tools/sexp-conv.c: Use supplied getopt.
9745 (werror): New function.
9746 (sexp_output_hash_init): New function.
9747 (sexp_put_char): Made base64 linebreaking configurable.
9748 Implemented hashing.
9749 (sexp_put_code_start, sexp_put_code_end): Don't output any
9751 (sexp_put_string): Output base64 delimiters.
9752 (sexp_put_digest): New function.
9753 (sexp_convert_item): Output transport delimiters.
9754 (sexp_convert_file): Deleted function, folded with main.
9755 (parse_options): New function.
9756 (main): Implemented --hash and --once, needed by lsh-authorize.
9758 * sexp.h (struct sexp_iterator): New field start.
9760 * sexp.c (sexp_iterator_subexpr): New function.
9761 (sexp_iterator_parse): Initialize ITERATOR->start.
9763 * sexp-format.c (sexp_vformat): Abort if format string contains
9764 unhandled characters.
9766 2002-11-08 Niels Möller <niels@s3.kth.se>
9768 * des-compat.c (des_ecb3_encrypt): Don't use struct initialization
9769 (c89 doesn't allow non-constant initializers). Reported by James
9771 (des_ede3_cbc_encrypt): Likewise.
9773 * examples/nettle-openssl.c: Moved from the top-level directory.
9774 Should *not* be included in the nettle library.
9776 2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
9778 * testsuite/testutils.c (test_dsa_key): Bugfix for renamed DSA
9779 constant (noted by James Ralston).
9781 2002-11-07 Niels Möller <niels@s3.kth.se>
9783 * testsuite/run-tests: Copied new version rom lsh/src/testsuite.
9784 This version handles test scripts located in $srcdir.
9786 * examples/Makefile.am (AM_CFLAGS): We need -I$(top_srcdir).
9787 * tools/Makefile.am (AM_CFLAGS): Likewise.
9788 * testsuite/Makefile.am (AM_CFLAGS): Likewise.
9790 2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
9792 * Makefile.am (SUBDIRS): Added tools.
9793 (libnettle_a_SOURCES): Added sexp-transport-format.c,
9794 sexp2bignum.c, sexp2dsa.c.
9796 * sexp2dsa.c (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp):
9797 New file, new functions.
9799 * rsa2sexp.c (rsa_keypair_to_sexp): %s -> %z renaming.
9801 * sexp-transport.c (sexp_transport_iterator_first): Fixed bug,
9802 length was mishandled.
9804 * sexp-transport-format.c (sexp_transport_format,
9805 sexp_transport_vformat): New file, new functions.
9807 * sexp-format.c (sexp_format): Return length of output. Allow
9808 buffer == NULL, and only compute the needed length in this case.
9809 Renamed %s to %z. New format specifiers %s, %i, and %l.
9810 (sexp_vformat): New function.
9811 (format_prefix): Rewrote to not use snprintf.
9813 * sexp2rsa.c (rsa_keypair_from_sexp): New limit argument. Use
9814 nettle_mpz_set_sexp.
9816 * dsa-keygen.c (dsa_generate_keypair): Added some newlines to
9817 progress display. Use DSA_P_MIN_BITS.
9819 * dsa.h (DSA_MIN_P_BITS): New constant (was DSA_MINIMUM_BITS).
9820 (DSA_Q_OCTETS, DSA_Q_BITS): New constants.
9821 (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp): New
9824 * configure.ac: Output tools/Makefile.
9826 * sexp2bignum.c (nettle_mpz_set_sexp): New file, and new function.
9827 Moved from sexp2rsa.c:get_value.
9829 * examples/io.c (read_rsa_key): New limit argument in
9830 call of rsa_keypair_from_sexp_alist.
9832 * examples/Makefile.am (noinst_PROGRAMS): Removed sexp-conv.
9834 * tools/sexp-conv.c: Moved file from examples directory.
9836 * testsuite/Makefile.am (TS_SH): New variable. Added
9839 * testsuite/testutils.h (LDUP): New macro.
9841 * testsuite/sexp2rsa-test.c (test_main): New limit argument in
9842 call of rsa_keypair_from_sexp_alist.
9844 * testsuite/sexp-test.c (test_main): Added test for lengths with
9845 more than one digit. Added tests for transport mode decoding.
9847 * testsuite/sexp-format-test.c (test_main): Added tests for %i and
9850 * testsuite/sexp-conv-test: Moved test from examples directory.
9851 Updated path to sexp-conv, now in ../tools/sexp-conv.
9853 2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
9855 * sexp-format.c, sexp_format.c: Renamed sexp_format.c to
9857 * Makefile.am (libnettle_a_SOURCES): Renamed sexp_format.c to
9860 * examples/Makefile.am: Don't set CFLAGS or CPPFLAGS explicitly,
9861 let automake handle that.
9862 * testsuite/Makefile.am: Likewise.
9864 * sexp2rsa.c (rsa_keypair_from_sexp_alist): New function.
9865 (rsa_keypair_from_sexp): Use it.
9867 2002-11-01 Niels Möller <niels@s3.kth.se>
9869 * examples/Makefile.am (LDADD): Use -lnettle, instead of an
9870 explicit filename libnettle.a, so that we will use the shared
9871 library, if it exists.
9872 (AM_LDFLAGS): Added -L.., so we can find -lnettle.
9873 (run-tests): Set LD_LIBRARY_PATH to ../.lib, when running the
9875 * testsuite/Makefile.am: Similar changes.
9877 * Makefile.am (LIBOBJS): Put @LIBOBJS@ into the make variable
9879 (CLEANFILES): Delete libnettle.so.
9880 (clean-local): Delete the .lib linkfarm.
9881 ($(SHLIBFORLINK)): When building libnettle.so, create a link from
9882 .lib/$SHLIBSONAME. Needed at runtime, for the testsuite.
9884 2002-11-01 Niels Möller <nisse@lysator.liu.se>
9886 * configure.ac: Fixed definitions using SHLIBMAJOR and SHLIBMINOR.
9887 Also AC_SUBST SHLIBMAJOR and SHLIBMINOR. Reported by James
9890 2002-10-31 Niels Möller <niels@s3.kth.se>
9892 * examples/sexp-conv.c(sexp_put_list_start): Deleted function.
9893 (sexp_put_list_end): Likewise.
9894 (sexp_put_display_start): Likewise.
9895 (sexp_put_display_end): Likewise.
9896 (sexp_puts): Likewise.
9898 * examples/sexp-conv.c (sexp_get_quoted_string): Deleted function.
9899 Merged with sexp_get_String.
9900 (sexp_get_hex_string): Likewise.
9901 (sexp_get_base64_string): Likewise.
9902 (sexp_get_string): Do hex and base64 decoding.
9904 * examples/sexp-conv.c (enum sexp_char_type): New enum, for end
9905 markers in the input strem.
9906 (struct sexp_input): Deleted LEVEL attribute. Deleted all usage of
9908 (sexp_get_raw_char): Use INPUT->c and INPUT->ctype to store
9909 results. Deleted OUT argument.
9910 (sexp_get_char): Likewise. Also removed the
9911 INPUT->coding->decode_final call, for symmetry.
9912 (sexp_input_end_coding): Call INPUT->coding->decode_final.
9913 (sexp_next_char): New function.
9914 (sexp_push_char): New function.
9915 (sexp_get_token_char): Deleted function.
9916 (sexp_get_quoted_char): Simplified. Deleted output argument.
9917 (sexp_get_quoted_string): Simplified.
9918 (sexp_get_base64_string): Likewise.
9919 (sexp_get_token_string): Likewise.
9920 (sexp_get_string_length): Skip the character that terminates the
9922 (sexp_get_token): Cleared upp calling conventions. Always consume
9923 the final character of the token.
9924 (sexp_convert_list): Take responsibility for converting the start
9925 and end of the list.
9926 (sexp_convert_file): Call sexp_get_char first, to get the token
9928 (sexp_convert_item): Cleared up calling conventions. Should be
9929 called with INPUT->token being the first token of the expression,
9930 and returns with INPUT->token being the final token of the
9931 expression. Return value changed to void..
9933 * examples/sexp-conv-test: Added test for transport mode input.
9935 * examples/sexp-conv.c (sexp_get_char): Use the nettle_armor
9936 interface for decoding.
9937 (sexp_input_start_coding): New function.
9938 (sexp_input_end_coding): New function.
9939 (sexp_get_base64_string): Rewrote to use sexp_input_start_coding
9940 and sexp_input_end_coding.
9941 (sexp_get_token): Generate SEXP_TRANSPORT_START tokens.
9942 (sexp_convert_list): Lists are ended only by SEXP_LIST_END.
9943 (sexp_convert_item): Implemented transport mode, using
9944 sexp_input_start_coding and sexp_input_end_coding.
9946 2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
9948 * Makefile.am: Added base16 files.
9950 * examples/sexp-conv-test: New tests for transport output.
9952 * examples/sexp-conv.c: Deleted hex functions, moved to Nettle's
9954 (struct sexp_output): Represent the current encoding as a
9955 nettle_armor pointer and a state struct.
9956 (sexp_output_init): Deleted MODE argument. Now passed to functions
9958 (sexp_get_char): Updated to new base64 conventions.
9959 (sexp_get_base64_string): Likewise.
9960 (sexp_put_raw_char): New function.
9961 (sexp_put_newline): Use sexp_put_raw_char.
9962 (sexp_put_char): Use nettle_armor interface for encoding data.
9963 Use OUTPUT->coding_indent for line breaking, so the INDENT
9964 argument was deleted.
9965 (sexp_put_code_start): New function, replacing sexp_put_base64_start.
9966 (sexp_put_code_end): New function, replacing sexp_put_base64_end.
9967 (sexp_put_data): Deleted argument INDENT.
9968 (sexp_puts): Likewise.
9969 (sexp_put_length): Likewise.
9970 (sexp_put_list_start): Likewise.
9971 (sexp_put_list_end): Likewise.
9972 (sexp_put_display_start): Likewise.
9973 (sexp_put_display_end): Likewise.
9974 (sexp_put_string): Likewise. Also changed base64 handling.
9975 (sexp_convert_string): Deleted argument INDENT. New argument
9977 (sexp_convert_list): New argument MODE_OUT.
9978 (sexp_convert_file): Likewise.
9979 (sexp_convert_item): Likewise. Also handle output in transport
9981 (match_argument): Simple string comparison.
9982 (main): Adapted to above changes.
9984 * testsuite/testutils.c (test_armor): Allocate a larger buffer
9985 CHECK, to make decode_update happy. Updated to new base64
9988 * testsuite/base64-test.c (test_main): Fixed overlap test to not
9989 change the base64 before decoding. Updated to new base64
9992 * testsuite/Makefile.am (TS_PROGS): Added base16-test.
9994 * testsuite/base16-test.c: New test.
9996 * sexp-transport.c (sexp_transport_iterator_first): Updated to new
9997 conventions for base64_decode_update and base64_decode_final.
9999 * nettle-meta.h: Updated ascii armor declarations. New declaration
10002 * base64-decode.c (base64_decode_single): Return -1 on error.
10003 Also keep track of the number of padding characters ('=') seen.
10004 (base64_decode_update): New argument dst_length. Return -1 on error.
10005 (base64_decode_status): Renamed function...
10006 (base64_decode_final): ... to this.
10008 * base64.h (struct base64_decode_ctx): Deleted STATUS attribute.
10009 Added PADDING attribute.
10011 * base16.h, base16-encode.c, base16-decode.c, base16-meta.c: New
10014 2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
10016 * examples/sexp-conv.c (struct hex_decode_ctx): New hex decoding
10018 (sexp_get_raw_char): New function.
10019 (sexp_get_char): Use sexp_get_raw_char.
10021 2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
10023 * examples/sexp-conv.c (sexp_put_length): Bugfix, don't output any
10025 (main): Implemented -s option.
10027 * examples/sexp-conv-test: Test for echo -n vs echo '\c'. Added a
10028 few tests for canonical output.
10030 2002-10-25 Niels Möller <niels@s3.kth.se>
10032 * examples/sexp-conv.c (struct sexp_input): Deleted the mode from
10033 the state, that should be passed as argument to relevant
10034 functions. Instead, introduces enum sexp_coding, to say if base64
10035 coding is in effect.
10036 (struct sexp_output): Added coding attribute.
10037 (sexp_put_char): Use output->coding.
10038 (sexp_put_base64_start): Likewise.
10039 (sexp_put_base64_end): Likewise.
10041 * base64-decode.c (base64_decode_single): Simplified, got rid of
10044 2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
10046 * examples/sexp-conv.c (sexp_put_newline): Return void, die on
10048 (sexp_put_char, sexp_put_data, sexp_puts, sexp_put_length,
10049 sexp_put_base64_start, sexp_put_base64_end, sexp_put_string,
10050 sexp_put_list_start, sexp_put_list_end, sexp_put_display_start,
10051 sexp_put_display_end, sexp_convert_string, sexp_convert_list,
10052 sexp_skip_token): Likewise.
10053 (sexp_convert_item): Die on error.
10055 2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
10057 * examples/sexp-conv-test: Doesn't need echo -n anymore.
10059 * examples/sexp-conv.c (die): New function.
10060 (struct sexp_input): Deleted field ITEM.
10061 (sexp_get_char): Die on failure, never return -1.
10062 (sexp_get_quoted_char): Likewise.
10063 (sexp_get_quoted_string): Die on failure, no returned value.
10064 (sexp_get_base64_string): Likewise.
10065 (sexp_get_token_string): Likewise.
10066 (sexp_get_string): Likewise.
10067 (sexp_get_string_length): Likewise.
10068 (sexp_get_token): Likewise.
10069 (sexp_convert_string): Adapted to sexp_get_token.
10070 (sexp_convert_list): Likewise.
10071 (sexp_convert_file): New function.
10072 (main): Use sexp_convert_file.
10074 2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
10076 * examples/Makefile.am (TS_PROGS): Added sexp-conv-test.
10078 * examples/sexp-conv.c (sexp_input_init): Initialize input->string
10080 (sexp_get_char): Fixed non-transport case.
10081 (sexp_get_quoted_char): Fixed default case.
10082 (sexp_get_token): Loop over sexp_get_char (needed for handling of
10083 white space). Don't modify input->level. Fixed the code that skips
10085 (sexp_put_char): Fixed off-by-one bug in assertion.
10086 (sexp_put_string): Fixed escape handling for output of quoted
10088 (sexp_convert_list): Prettier output, hanging indent after the
10089 first list element.
10090 (sexp_skip_token): New function.
10091 (sexp_convert_item): Use sexp_skip_token to skip the end of a
10094 2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
10096 * examples/sexp-conv-test: New test program.
10098 * examples/Makefile.am (noinst_PROGRAMS): Added sexp-conv.
10100 * examples/sexp-conv.c (sexp_convert_list): New function.
10101 (sexp_convert_item): New function.
10102 (main): New function. Compiles and runs now, but doesn't work.
10104 * base64-decode.c (base64_decode_single): New function.
10105 (base64_decode_update): Use base64_decode_single.
10107 * examples/sexp-conv.c: Added output functions.
10109 2002-10-21 Pontus Sköld <pont@soua.net>
10111 * base64-encode.c (base64_encode_raw): Fixed null statement
10112 amongst variable declarations, broke compilation for non C99
10115 2002-10-21 Niels Möller <nisse@lysator.liu.se>
10117 * examples/sexp-conv.c: New sexp conversion program.
10119 2002-10-21 Niels Möller <niels@s3.kth.se>
10121 * Makefile.am (libnettle_a_SOURCES): Added
10122 sexp-format-transport.c.
10124 * sexp-transport.c (sexp_transport_iterator_first): New file and
10126 * sexp.h (sexp_transport_iterator_first): Added protoype.
10128 * sexp.c (sexp_iterator_next): Abort if iterator type is boogus.
10130 2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
10132 * testsuite/testutils.c (test_armor): Updated to new armor
10135 * testsuite/base64-test.c (test_main): Test BASE64_ENCODE_LENGTH
10136 and BASE64_DECODE_LENGTH. Updated test of base64_encode_raw (used
10137 to be base64_encode).
10139 * base64.h (BASE64_ENCODE_LENGTH, BASE64_DECODE_LENGTH): Fixed and
10142 * base64-meta.c (base64_encode_length, base64_decode_length): New
10143 functions, corresponding to the macros with the same name.
10145 * Makefile.am (libnettle_a_SOURCES): base64.c replaced by
10146 base64-encode.c and base64-decode.c.
10148 * pgp-encode.c (pgp_armor): Use new base64 conventions.
10150 * nettle-meta.h: Updated nettle_armor definitions.
10152 * base64.h: Major reorganization.
10154 * base64.c: Deleted file, contents moved to base64-encode.c or
10157 * base64-encode.c: New file. New supporting both encode-at-once
10158 and streamed operation.
10160 * base64-decode.c: New file.
10162 2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
10164 * testsuite/Makefile.am (TS_PROGS): Added dsa-keygen-test.
10166 * dsa-keygen.c: Call the progress callback only if it's non-NULL.
10168 * Makefile.am (libnettle_a_SOURCES): Added bignum-random.c and
10171 * testsuite/testutils.c (test_dsa_key): New function to sanity
10172 check a dsa keypair.
10174 * testsuite/dsa-test.c (test_main): Call dsa_test_key.
10176 * testsuite/dsa-keygen-test.c: New test case.
10178 * dsa.h (DSA_MINIMUM_BITS): New constant.
10180 * bignum.h (nettle_mpz_random, nettle_mpz_random_size): Added
10183 * dsa-keygen.c: New file.
10185 * bignum-random.c: New file.
10186 (nettle_mpz_random): New function, moved from...
10187 * dsa-sign.c (nettle_mpz_random): ... here. Also changed argument
10188 ordering and updated callers.
10190 * bignum-random.c: (nettle_mpz_random_size): New function, renamed
10191 and moved here from...
10192 * rsa-keygen.c (bignum_random_size): ... here. Updated all
10195 * testsuite/testutils.c (test_dsa): Needs both public and private
10198 * testsuite/dsa-test.c (test_main): Updated to changes of the
10199 private key struct.
10201 * testsuite/Makefile.am (TS_PROGS): Added dsa-test.
10203 * rsa-decrypt.c (rsa_decrypt): Constification.
10204 * rsa-encrypt.c (rsa_encrypt): Likewise.
10205 * rsa.c (rsa_compute_root): Likewise.
10206 * rsa_md5.c (rsa_md5_sign): Likewise.
10207 (rsa_md5_verify): Likewise.
10208 * rsa_sha1.c (rsa_sha1_sign): Likewise.
10209 (rsa_sha1_verify): Likewise.
10211 * dsa-verify.c (dsa_verify): Use const for the public key
10214 * dsa-sign.c (dsa_sign): Needs the public key as argument, in
10215 addition to the private key. Use const.
10217 * dsa.h (struct dsa_private_key): Don't include the public
10219 * dsa.c (dsa_private_key_init, dsa_private_key_clear): Updated to
10220 new struct dsa_private_key.
10222 * dsa-sign.c (dsa_sign): Bugfix, added missing mpz_init call.
10224 * Makefile.am (libnettle_a_SOURCES): Added dsa files.
10225 (libnettleinclude_HEADERS): Added dsa.h.
10227 * testsuite/testutils.c (test_dsa): New function.
10229 * testsuite/dsa-test.c: New test.
10231 * dsa.h, dsa.c, dsa-sign.c, dsa-verify.c: New files.
10233 * nettle-meta.h: Moved the nettle_random_func and
10234 nettle_progress_func typedefs here...
10235 * rsa.h: ... from here.
10237 2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
10239 * sexp.h (enum sexp_type): Deleted SEXP_START.
10241 * sexp.c (sexp_iterator_parse): New function, similar to the old
10242 sexp_iterator_next, but independent of the previous value of the
10244 (sexp_iterator_first): Use sexp_iterator_parse.
10245 (sexp_iterator_next): Likewise.
10246 (sexp_iterator_enter_list): Use sexp_iterator_parse. SEXP_START
10247 not needed anymore.
10248 (sexp_iterator_exit_list): Likewise.
10250 2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
10252 * sexp2rsa.c (get_value): No need to call sexp_iterator_next
10255 * sexp.c (sexp_iterator_assoc): Advance the iterator to the
10256 element after a matching tag, before recording it.
10257 * testsuite/sexp-test.c (test_main): Updated test.
10259 * testsuite/sexp-test.c (test_main): No need to call
10260 sexp_iterator_next after sexp_iterator_exit_list.
10262 * sexp2rsa.c (rsa_keypair_from_sexp): No need to call
10263 sexp_iterator_next anymore.
10265 * sexp.c (sexp_iterator_next): Updated to new sexp_iterator_exit_list.
10266 (sexp_iterator_exit_list): Return with iterator pointing to the
10267 element after the list.
10268 (sexp_iterator_check_type): Call sexp_iterator_next before
10270 (sexp_iterator_check_types): Likewise.
10271 (sexp_iterator_assoc): Rearranged calls of sexp_iterator_next.
10273 * sexp.c (sexp_iterator_enter_list): Call sexp_iterator_next to
10274 get to the first element of the list. Updated callers.
10276 * base64.c (base64_encode_group): New function, used by openpgp
10279 * Makefile.am: Added openpgp files.
10281 * sexp2rsa.c (rsa_keypair_from_sexp): Use sexp_iterator_first.
10282 * testsuite/sexp-test.c (test_main): Likewise.
10284 * sexp.c (sexp_iterator_init): Made this function static.
10285 (sexp_iterator_first): New, friendlier, initialization function.
10287 * pgp-encode.c: New file. Functions for writing openpgp data
10290 * pgp.h: New file, with pgp related declarations.
10292 * rsa2openpgp.c (rsa_keypair_to_openpgp): New file, new function.
10294 2002-10-04 Niels Möller <niels@s3.kth.se>
10296 * examples/rsa-keygen.c: Use malloc, instead of asprintf.
10298 2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
10300 * Released nettle-1.6.
10302 * NEWS: Note the aes api change.
10304 * examples/Makefile.am (EXTRA_DIST): Distribute setup-env and
10307 2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
10309 * examples/rsa-keygen.c (main): Comment on the lax security of the
10312 * index.html: Added link to mailing list.
10314 2002-10-02 Niels Möller <niels@s3.kth.se>
10316 * Makefile.am: Fixed assembler rules, and shared libraries.
10318 * configure.ac: Fixed the enable-shared option.
10320 2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
10322 * configure.ac: New option --enable-shared, and a first attempt at
10323 building a shared library (*without* using libtool).
10325 * Makefile.am: A first attempt at rules for building a shared
10328 2002-10-01 Niels Möller <niels@s3.kth.se>
10330 * examples/run-tests (test_program): Use basename.
10332 * examples/teardown-env: Delete some more files.
10334 * examples/run-tests (test_program): Strip directory part of
10337 * examples/Makefile.am (TS_PROGS): New variable. Run tests.
10339 * examples/io.c (read_file): Bug fix, used to overwrite pointer.
10341 * examples/rsa-keygen.c (main): Bug fix, private key wasn't
10344 * testsuite/Makefile.am: Some cleanup of make check.
10346 * examples/setup-env, examples/teardown-env: Test environment scripts.
10347 * examples/rsa-verify-test, examples/rsa-sign-test: New test cases.
10349 * examples/run-tests: New file (copied from lsh testsuite).
10351 * examples/Makefile.am: Use EXTRA_PROGRAMS and @RSA_EXAMPLES@.
10353 * examples/rsa-sign.c: No need to include config.h. Use werror
10354 instead of fprintf.
10355 * examples/rsa-verify.c: Likewise.
10356 * examples/rsa-keygen.c: Likewise.
10358 * examples/io.h: Forward declare struct rsa_public_key and struct
10359 rsa_private_key, to avoid dependences on config.h.
10361 * configure.ac (RSA_EXAMPLES): New substituted variable,
10362 controlling which example programs to build.
10364 * examples/rsa-verify.c: New example program.
10366 * examples/rsa-keygen.c: Use functions from io.c.
10367 * examples/rsa-sign.c: Likewise.
10369 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-verify.
10370 (LDADD): Added io.o.
10372 * configure.ac: New define WITH_PUBLIC_KEY, and new configure flag
10373 --disable-public-key. Updated rsa-files to check for that, rather
10374 than for HAVE_LIBGMP.
10376 * examples/io.c, examples/io.c: New files. Miscellaneous functions
10377 used by the example programs.
10379 * base64.h (BASE64_DECODE_LENGTH): Comment fix.
10381 2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
10383 * sexp2rsa.c (rsa_keypair_from_sexp): Bugfix: Call
10384 rsa_prepare_public_key and rsa_prepare_private_key.
10386 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-sign.
10388 * examples/rsa-sign.c: New example program.
10390 * testsuite/base64-test.c (test_main): Test encoding and decoding
10393 * base64.c (base64_encode): Encode from the end of the data
10394 towards the start, in order to support overlapping areas.
10395 (base64_encode): Broke out some common code from the switch..
10397 2002-09-30 Niels Möller <niels@s3.kth.se>
10399 * sexp_format.c (sexp_format): Don't mix code and declarations.
10401 2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
10403 * testsuite/Makefile.am (TS_PROGS): Added buffer-test
10404 sexp-format-test rsa2sexp-test sexp2rsa-test.
10407 * testsuite/sexp-test.c (test_main): Updated calls to
10408 sexp_iterator_assoc.
10410 * testsuite/testutils.h (MEMEQH): New macro.
10412 * testsuite/sexp2rsa-test.c: New test.
10413 * testsuite/sexp-format-test.c: New test.
10414 * testsuite/rsa2sexp-test.c: New test.
10415 * testsuite/buffer-test.c: New test.
10417 * testsuite/testutils.c (test_rsa_key): Copied this function
10419 testsuite/rsa-keygen-test.c: ... here.
10421 * examples/rsa-keygen.c: New file.
10423 * Makefile.am: Added new source files and headers buffer.h,
10424 buffer.c, sexp_format.c, sexp2rsa.c, rsa2sexp.c.
10426 * rsa.h (rsa_keypair_to_sexp, rsa_keypair_from_sexp): New
10429 * rsa2sexp.c, sexp2rsa.c: New files.
10431 * sexp.c (sexp_iterator_assoc): Don't enter the list, associate
10432 keys within the current list. Still exit the list when done.
10433 (sexp_iterator_assoc): Represent keys as plain NUL-terminated
10435 (sexp_iterator_check_type, sexp_iterator_check_types): New
10438 * sexp_format.c: New file, implementing an sexp canonical syntax
10441 * buffer.c, buffer.h: New files, implementing a bare-bones string
10444 * bignum.c (nettle_mpz_sizeinbase_256): New function.
10446 2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
10448 * sexp.c (sexp_iterator_assoc): Return 0 for missing or duplicate
10449 keys. Now passes all the tests.
10451 * sexp.c (sexp_iterator_simple): Bugfixes. Check earlier that
10452 length doesn't grow too large.
10453 (sexp_iterator_next): Skip the current list only if type is
10454 SEXP_LIST. Handle ')'.
10455 (sexp_iterator_enter_list): Set type to SEXP_START.
10456 (sexp_iterator_exit_list): Likewise. Don't skip the ')' here.
10457 (sexp_iterator_assoc): Bug fix.
10459 * testsuite/sexp-test.c (test_main): Reordered sexp_iterator_assoc
10462 * nettle.texinfo (Randomness): Documented that yarrow256_init can
10463 be called with a zero number of sources.
10465 * testsuite/testutils.h (ASSERT): New macro.
10467 * testsuite/sexp-test.c: Test sexp parser.
10469 * Makefile.am (SUBDIRS): Added sexp files.
10471 * sexp.c, sexp.h: New files, implementing an sexp-parser.
10473 2002-08-27 Niels Möller <niels@s3.kth.se>
10475 * Makefile.am (DISTCLEANFILES): make distclean should delete the
10476 assembler-related symlinks.
10478 2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
10480 * Makefile.am (%.o: %.asm): Create an empty (and unused)
10481 dependency file, to make the make/automake dependency tracking
10484 2002-07-18 Niels Möller <niels@s3.kth.se>
10486 * examples/nettle-benchmark.c (main): Try openssl's ciphers as
10487 well, if available.
10489 * Makefile.am (libnettle_a_SOURCES): Added nettle-openssl.c.
10491 * nettle-openssl.c: New file.
10493 * nettle-internal.h: Declare openssl glue ciphers.
10495 * des-compat.h: Extra name-mangling, to avoid collisions in case a
10496 program links with both nettle and libcrypto (the nettle-benchmark
10499 * configure.ac: Don't use -ggdb3 with gcc-2.96.
10500 Check for openssl's libcrypto (for benchmarking).
10502 2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
10504 * sparc/aes.asm: Deleted registers i and t3.
10505 (_aes_crypt): Moved some registers around. We now use input
10506 registers only for arguments, local registers for loop invariants,
10507 output registers for temporaries and loop variables, and no global
10510 * sparc/aes.asm (AES_FINAL_ROUND): New macro.
10511 (_aes_crypt): Use AES_FINAL_ROUND for the first word of the final
10513 (_aes_crypt): And for the rest of the final round.
10514 (AES_FINAL_ROUND): Don't update dst, just access it offseted by i.
10515 (_aes_crypt): Add 16 to dst at the end of the final round.
10516 (AES_ROUND): Use ldub, not ld + and, to get the third byte
10518 (AES_ROUND): Use ldub, not lduh + and, to get the second
10520 (AES_ROUND): Reordered instructions, so that we can save one
10522 (AES_ROUND): Eliminated use of t3.
10523 (AES_FINAL_ROUND): Eliminated ands.
10524 (AES_FINAL_ROUND): Reordered, so that we can save one register.
10525 (AES_FINAL_ROUND): Eliminated t3.
10526 (AES_LOAD): New macro.
10527 (_aes_crypt): Unrolled source loop.
10528 (_aes_crypt): Use AES_LOAD macro.
10529 (_aes_crypt): Deleted cruft from the old source loop.
10530 (AES_LOAD): Eliminated t3.
10532 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
10534 * sparc/aes.asm (AES_ROUND): New macro.
10535 (_aes_crypt): Use AES_ROUND for first word of the
10537 (_aes_crypt): And for the rest of the round function.
10539 * sparc/aes.asm (_aes_crypt): Deleted a bunch of additions,
10540 after accessing IDX1.
10542 * aes-internal.h (struct aes_table): sparc_idx[0] should now
10543 contain index values shifted by the size of a word, and with 2
10544 added. This saves some additions in the sparc assembler code.
10545 Updates aes-encrypt-table.c and aes-decrypt-table.c.
10547 * sparc/aes.asm (_aes_crypt): Unrolled final loop, preparing for
10549 (_aes_crypt): Eliminated i from forst copy of the loop. Some
10551 (_aes_crypt): And from second copy.
10552 (_aes_crypt): And from third.
10553 (_aes_crypt): And fourth.
10554 (_aes_crypt): Eliminated updates of i from the loop.
10555 (_aes_crypt): Access IDX1 and IDX3 through the T pointer, saving
10558 * aes-internal.h (struct aes_table): Renamed the shift_idx field
10559 to sparc_idx, as it will be tweaked to improve the sparc code.
10560 Also reduced its size to [2][4].
10561 (IDX_FACTOR): Deleted constant.
10562 * aes-encrypt-table.c (_aes_encrypt_table): Adapted initializer of
10564 * aes-decrypt-table.c (_aes_decrypt_table): Likewise.
10565 * asm.m4: Deleted AES_SIDX2, to match struct aes_table.
10567 * sparc/aes.asm (_aes_crypt): Unrolled the inner loop, preparing
10568 for optimizations suggested by Marcus Comstedt.
10569 (_aes_crypt): Eliminated i from the first copy of the inner loop.
10570 (_aes_crypt): And from the second copy.
10571 (_aes_crypt): And from the third copy.
10572 (_aes_crypt): And from the fourth copy.
10573 (_aes_crypt): Renamed .Linner_loop to .Lround_loop.
10574 (_aes_crypt): Eliminated the loop variable i from the unrolled
10576 (_aes_crypt): Deleted moves of constants into t2.
10578 2002-05-15 Niels Möller <niels@s3.kth.se>
10580 * x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
10581 * x86/aes-decrypt.asm (aes_decrypt): Likewise.
10582 (aes_decrypt): Use AES_STORE.
10583 (aes_decrypt): Deleted first xchgl instruction into, permuting the
10584 AES_ROUND calls instead.
10585 (aes_decrypt): Likewise for the final round.
10586 (aes_decrypt): Got rid if the xchgl instruction after the final
10587 round, folding it into the final round.
10589 * x86/machine.m4: Renamed AES_LAST_ROUND to AES_FINAL_ROUND.
10592 * x86/aes-decrypt.asm (aes_decrypt): Use the AES_LOAD macro.
10593 (aes_decrypt): Start using AES_ROUND.
10594 (aes_decrypt): Use AES_LAST_ROUND.
10596 * x86/aes-decrypt.asm (aes_decrypt): Moved function to a separate
10598 * x86/aes.asm: ... from here.
10600 * x86/aes.asm (aes_decrypt): Use _aes_decrypt_table instead of
10601 itbl1-4. Commented out the inclusion of aes_tables.asm.
10602 (aes_decrypt): Use _aes_decrypt_table instead of isbox.
10605 * x86/aes-decrypt.asm: New file, empty at the start.
10607 * Makefile.am (libnettle_a_SOURCES): Added aes-decrypt-table.c.
10609 * aes-decrypt.c (_aes_decrypt_table): Moved from this file...
10610 * aes-decrypt-table.c (_aes_decrypt_table): ... to a new file.
10612 * testsuite/aes-test.out: New file, with the output of
10613 testsuite/aes-test, when aes.c has been compiled with debugging
10614 printouts of intermediate state.
10616 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
10618 * sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
10619 make %fp available for other uses.
10621 * sparc/aes.asm: The frame setup was broken. Tried to fix it.
10622 Reverted to revision 1.70 + minor changes from the head revision.
10624 * x86/aes-encrypt.asm (aes_encrypt): Use test instead of cmpl $0,.
10626 * x86/machine.m4 (AES_SUBST_BYTE): New macro.
10628 * sparc/aes.asm: wtxt needs no register of it's own, as its
10629 pointed to by %sp. %g5 moved to %l0, the register previously
10630 allocated for wtxt, so that we stay clean of the reserved %g
10633 2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
10635 * sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
10636 operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
10637 (_aes_crypt): Allocate only 32 bytes local storage on the stack.
10638 Calculate wtxt and tmp using offsets from %sp, not %fp.
10640 2002-05-14 Niels Möller <niels@s3.kth.se>
10642 * x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
10643 round function with an invocation of AES_ROUND.
10644 (aes_encrypt): Similarly for the second column.
10645 (aes_encrypt): Similarly for the rest of the round function.
10647 * x86/machine.m4 (AES_ROUND): New macro.
10649 * x86/aes-encrypt.asm (aes_encrypt): Use AES_LOAD macro.
10651 * x86/machine.m4 (AES_LOAD): New macro.
10653 * x86/aes-encrypt.asm (aes_encrypt): Use AES_STORE.
10655 * x86/machine.m4 (AES_STORE): New macro.
10657 * x86/aes-encrypt.asm (aes_encrypt): Use the AES_LAST_ROUND macro
10658 for the first column of the final round.
10659 (aes_encrypt): Similarly for the second column.
10660 (aes_encrypt): Similarly for the third and fourth column.
10662 (aes_encrypt): Deleted xchgl instruction in final round, by
10663 reordering the second and fourth round.
10665 * x86/machine.m4 (AES_LAST_ROUND): New macro.
10667 * x86/aes-encrypt.asm (aes_encrypt): Move code here...
10668 * x86/aes.asm: ...from here.
10670 * x86/aes.asm: Use addl and subl, not add and sub. Replaced
10671 references to dtbl1-4 with references to _aes_encrypt_table.
10673 * configure.ac (asm_path): Enable x86 assembler.
10675 * x86/aes.asm (aes_decrypt): Adapted to the current interface.
10676 Notably, the order of the subkeys was reversed. Single block
10677 encrypt/decrypt works now.
10678 (aes_encrypt, aes_decrypt): Added an outer loop, so that we can
10679 encrypt more than one block at a time.
10681 2002-05-07 Niels Möller <niels@s3.kth.se>
10683 * configure.ac: Generate config.m4.
10685 * x86/aes.asm: Use C for comments, include the tables using
10686 include_src, and commented out the key setup functions.
10687 Fixed the processing of the first handling of the round function.
10688 Now, encryption of a single block works! Multiple blocks, and
10689 decryption, is still broken.
10691 * x86/machine.m4: New file (empty).
10693 * x86/aes-encrypt.asm: New file, empty for now.
10695 * Makefile.am (%.asm): Added asm.m4, machine.m4 and config.m4 to
10696 the m4 command line.
10697 (libnettle_a_SOURCES): Added aes-encrypt-table.c.
10699 * sparc/aes.asm: No need to include asm.m4, that is taken care of
10702 * config.m4.in: New file, configuration for asm.m4.
10704 * asm.m4 (C, include_src): New macros.
10706 * aes-encrypt-table.c: New file, table moved out from
10709 2002-05-06 Niels Möller <niels@s3.kth.se>
10711 * configure.ac (CFLAGS): Don't enable -Waggregate-return.
10713 2002-05-05 Niels Möller <nisse@lysator.liu.se>
10715 * configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
10717 2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
10719 * configure.ac: Update for automake-1.6.
10721 * configure.ac: Renamed file, used to be configure.in.
10723 2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
10725 * testsuite/run-tests (test_program): Added missing single quote.
10727 2002-03-20 Niels Möller <nisse@lysator.liu.se>
10729 * testsuite/run-tests (test_program): Test the exit status of the
10732 2002-03-19 Pontus Sköld <pont@it.uu.se>
10734 * testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
10736 2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
10738 * rsa-keygen.c (rsa_generate_keypair): Output a newline after a
10739 non-empty line of 'e':s (bad e was chosen, try again).
10741 2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
10743 * configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
10746 2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
10748 * sparc/aes.asm, x86/aes.asm: Added copyright notice.
10750 * Makefile.am (libnettle_a_SOURCES): Added aes-internal.h.
10751 (EXTRA_DIST): Added assembler files.
10753 * configure.in (asm_path): Use $srcdir when looking for the files.
10754 * configure.in (asm_path): For now, disable x86 assembler code.
10755 Bumped version to 1.6.
10757 2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
10759 * sparc/aes.asm (_aes_crypt): Moved increment of src into the
10760 source_loop. Also fixed stop condition, the loop was run 5 times,
10761 not 4, as it should.
10762 (_aes_crypt): Use src directly when accessing the source data,
10764 (_aes_crypt): Renamed variables in source_loop.
10765 (_aes_crypt): Changed stop condition in source_loop to not depend
10766 on i. Finally reduced the source_loop to 16 instructions. Also
10767 increased the alignment of the code to 16.
10768 (_aes_crypt): In final_loop, use preshifted indices.
10769 (_aes_crypt): In final_loop, construct the result in t0. Use t0-t3
10770 for intermediate values.
10771 (_aes_crypt): In final_loop, use the register idx.
10772 (_aes_crypt): In final_loop, keep i multiplied by 4. Use key to
10773 get to the current roundkey.
10774 (_aes_crypt): In final_loop, use i for indexing.
10775 (_aes_crypt): Update dst in the output loop. This yields a delay
10776 slot that isn't filled yet.
10777 (_aes_crypt): Decrement round when looping, saving yet some
10779 (_aes_crypt): Reformatted code as blocks of four instructions
10781 (_aes_crypt): Copy the addresses of the indexing tables into
10782 registers at the start. No more need for the idx register.
10783 (_aes_crypt): Deleted idx register.
10784 (_aes_crypt): Some peep hole optimizations, duplicating some
10785 instructions to fill nop:s, and put branch instructions on even
10788 2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
10790 * sparc/aes.asm (_aes_crypt): Moved some more additions out of the
10791 inner loop, using additional registers.
10792 (_aes_crypt): Deleted one more addition from the inner loop, by
10793 using the subkey pointer.
10795 2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
10797 * configure.in (asm_path): Renamed "path" to "asm_path". Also look
10800 2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
10802 * sparc/aes.asm: Use that IDX2(j) == j ^ 2
10804 * Makefile.am (libnettle_a_SOURCES): Reordered aes-decrypt.c and
10805 aes-encrypt.c. For some strange reason it makes the benchmark go
10808 * sparc/aes.asm (_aes_crypt): Use double-buffering, and no
10809 separate loop for adding the round key.
10810 (round): Keep round index muliplied by 16, so it can be used
10811 directly for indexing the subkeys.
10812 (_aes_crypt): In the final loop, use ctx+round to access the
10813 subkeys, no need for an extra register.
10815 2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
10817 * sparc/aes.asm (_aes_crypt): Renaming variables, allocating
10818 locals starting from %l0.
10819 (_aes_crypt): Consistently use %l4, aka i, as the variable for the
10821 (_aes_crypt): Moved reading of ctx->nrounds out of the loop.
10822 (_aes_crypt): In final_loop, deleted a redundant mov, and use i as
10824 (_aes_crypt): Started renumbering registers in the inner loop. The
10825 computation for the table[j] sub-expression should be kept in
10827 (_aes_crypt): Renamed more variables in the inner loop. Now the
10828 primary variables are t0, t1, t2, t3.
10830 * sparc/aes.asm (_aes_crypt): Swapped register %i0 and %o5, %i1
10831 and %o0, %i2 and %o4, %i3 and %o3, %i4 and %o2.
10832 (_aes_crypt): wtxt was stored in both %l1 and %l2 for the entire
10833 function. Freed %l2 for other uses.
10834 (_aes_crypt): Likewise for tmp, freeing register %o1.
10836 * sparc/machine.m4: New file, for sparc-specific macros.
10838 * sparc/aes.asm (_aes_crypt): Hacked the source_loop, to get rid
10839 of yet another redundant loop variable, and one instruction.
10840 (_aes_crypt): Strength reduce loop variable in the
10841 inner loop, getting rid of one register.
10842 (_aes_crypt): Use pre-shifted indices (aes_table.idx_shift), to
10843 avoid some shifts in the inner loop.
10844 (_aes_crypt): Don't check for nrounds==0 at the start of the loop.
10846 * asm.m4: Define and use structure-defining macros.
10848 * Makefile.am (%.asm): Use a GNU pattern rule, to make %.o depend
10849 on both %.asm and asm.m4.
10851 * aes-internal.h (struct aes_table): New subtable idx_shift.
10852 Updated tables in aes_encrypt.c and aes_decrypt.c.
10854 * asm.m4: Use eval to compute values.
10856 * sparc/aes.asm (_aes_crypt): Deleted commented out old version of
10859 * asm.m4: Added constants for individual rows of the aes table.
10861 * aes.c (IDX0, IDX1, IDX2, IDX3): New macros, encapsualting the
10862 structure of the idx table.
10864 * asm.m4: Define various aes struct offsets.
10866 * testsuite/cbc-test.c (test_cbc_bulk): Use aes_set_encrypt_key
10867 and aes_set_decrypt_key.
10869 * sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
10872 2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
10874 * sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
10876 * aesdata.c: New program for generating AES-related tables.
10878 * testsuite/testutils.c (print_hex): New function (moved from
10881 * testsuite/rsa-keygen-test.c (progress): Declare the ctx argument
10884 * testsuite/cbc-test.c (test_cbc_bulk): New function, testing CBC
10885 with larger blocks.
10887 * yarrow256.c: Replaced uses of aes_set_key with
10888 aes_set_encrypt_key.
10890 * nettle-meta.h (_NETTLE_CIPHER_SEP): New macro, useful for
10891 algorithms with separate encyption and decryption key setup.
10893 * aes-internal.h (struct aes_table): New structure, including all
10894 constant tables needed by the unified encryption or decryption
10895 function _aes_crypt.
10897 * aes.c (_aes_crypt): New function, which unifies encryption and
10900 AES key setup now uses two separate functions for setting
10901 encryption and decryption keys. Applications that don't do
10902 decryption need no inverted subkeys and no code to generate them.
10903 Similarly, the tables (about 4K each for encryption and
10904 decryption), are put into separate files.
10906 * aes.h (struct aes_ctx): Deleted space for inverse subkeys. For
10907 decryption, the inverse subkeys replace the normal subkeys, and
10908 they are stored _in the order they are used_.
10910 * aes-set-key.c (aes_set_key): Deleted file, code moved...
10911 * aes-set-decrypt-key.c, aes-set-encrypt-key.c: New files,
10912 separated normal and inverse key setup.
10914 * aes-tables.c: Deleted, tables moved elsewhere...
10915 * aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
10916 decryption funktions, and needed tables, into separate files.
10918 2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
10920 * aes.c (aes_encrypt): Don't unroll the innerloop.
10921 (aes_encrypt): Don't unroll the loop for the final round.
10922 (aes_decrypt): Likewise, no loop unrolling.
10924 * aes-set-key.c (aes_set_key): Reversed the order of the inverted
10925 subkeys. They are now stored in the same order as they are used.
10927 * aes-tables.c (itable): New bigger table, generated by aesdata.c.
10929 * aes.c (aes_decrypt): Rewrote to use the bigger tables.
10931 2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
10933 * aes.c (aes_encrypt): Interleave computation and output in the
10936 * aes-internal.h (AES_SMALL): New macro.
10938 * aes.c (aes_encrypt): Optionally use smaller rotating inner loop.
10940 * aes-tables.c (dtbl): Replaced with table generated by aesdata.
10942 * aes.c (aes_encrypt): Rewrite, now uses larger tables in order to
10945 * sparc/aes.asm (aes_encrypt): Strength reduced on j, getting rid
10946 of one register and one instruction in the inner loop.
10948 * sparc/aes.asm (idx, aes_encrypt): Multiplied tabled values by 4,
10949 making it possible to get rid of some shifts in the inner loop.
10951 * configure.in: Fixed spelling of --enable-assembler. Commented
10954 * asm.m4: New file. For now, only doing changequote and changecom.
10956 * sparc/aes.asm (aes_encrypt): Added comments.
10957 (aes_encrypt): Cut off redundant instruction per block, also
10958 saving one redundant register pointing to idx.
10959 (idx_row): New macro. Include asm.m4.
10961 2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
10963 * sparc/aes.asm (key_addition_8to32): Cleaned up.
10964 Deleted gcc-generated debugging information.
10966 * sparc/aes.asm (key_addition32): First attempt at optimization.
10969 * sparc/aes.asm (key_addition32): Unrolled loop, gained 4%
10970 speed, payed four instructions compared to gcc
10973 * Makefile.am (.asm.o): New rule for assembling via m4.
10974 (libnettle_a_SOURCES): Added new rsa and aes files.
10976 * configure.in: New command line option --enable-assembler.
10977 Selects assembler code depending on the host system.
10979 * rsa-decrypt.c, rsa-encrypt.c: New files for rsa pkcs#1
10982 * aes-set-key.c, aes-tables.c: New files, split off from aes.c.
10983 Tables are now not static, but use a _aes_ prefix on their names.
10985 * aes-internal.h: New file.
10987 * cast128-meta.c (_NETTLE_CIPHER_FIX): Use _NETTLE_CIPHER_FIX.
10989 * cbc.c (cbc_decrypt_internal): New function, doing the real CBC
10990 procesing and requiring that src != dst.
10991 (cbc_decrypt): Use cbc_decrypt_internal. If src == dst, use a
10992 buffer of limited size to copy the ciphertext.
10994 * nettle-internal.c (nettle_blowfish128): Fixed definition, with
10997 * nettle-meta.h (_NETTLE_CIPHER_FIX): New macro, suitable for
10998 ciphers with a fixed key size.
11000 * examples/nettle-benchmark.c (display): New function for
11001 displaying the results, including MB/s figures.
11003 * sparc/aes.asm: New file. Not yet tuned in any way (it's just the
11004 code generated by gcc).
11006 2002-02-11 Niels Möller <nisse@lysator.liu.se>
11008 * x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
11011 2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
11013 Applied patch from Dan Egnor improving the base64 code.
11014 * base64.h (BASE64_ENCODE_LENGTH): New macro.
11015 (struct base64_ctx): New context struct, for decoding.
11016 (BASE64_DECODE_LENGTH): New macro.
11017 * base64.c (base64_decode_init): New function.
11018 (base64_decode_update): New function, replacing base64_decode.
11019 Takes a struct base64_ctx argument.
11020 * nettle-meta.h: Updated nettle_armor, and related typedefs and
11022 * testsuite/testutils.c (test_armor): Updated.
11023 * configure.in: Use AC_PREREQ(2.50).
11025 2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
11027 * Released nettle-1.5.
11029 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
11031 * acinclude.m4: Commented out gmp-related macros, they're probably
11032 not needed anymore.
11034 2002-01-31 Niels Möller <nisse@lysator.liu.se>
11036 * configure.in: Added command line options --with-lib-path and
11037 --with-include-path. Use the RPATH-macros to get correct flags for
11038 linking the test programs with gmp.
11040 * acinclude.m4: New file.
11042 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
11044 * nettle.texinfo (Randomness): New subsection on Yarrow.
11046 2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
11048 * nettle.texinfo (Randomness): New chapter.
11049 Spell checking and ispell configuration.
11051 * md5.c: Added reference to RFC 1321.
11053 2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
11055 * nettle.texinfo (Public-key algorithms): Minor fixes.
11057 2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
11059 * nettle.texinfo (Nettle soup): New chapter.
11060 (Hash functions): New subsection on struct nettle_hash.
11061 (Hash functions): New subsection on struct nettle_cipher.
11062 (Keyed hash functions): New section, describing MAC:s and HMAC.
11063 (Public-key algorithms): New chapter.
11065 * testsuite/testutils.c (test_armor): New function.
11067 * testsuite/base64-test.c: New testcase.
11069 * testsuite/Makefile.am (TS_PROGS): Added base64-test.
11071 * nettle-meta.h (struct nettle_armor): New struct.
11073 * configure.in: Bumped version to 1.5.
11075 * Makefile.am (libnettle_a_SOURCES): Added base64 files, and some
11076 missing header files.
11078 * base64.c, base64.h, base64-meta.c: New files, hacked by Dan
11081 2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
11083 * testsuite/yarrow-test.c: Deleted ran_array code, use
11084 knuth-lfib.h instead.
11086 * testsuite/testutils.c (test_rsa_md5, test_rsa_sha1): Moved
11088 * testsuite/rsa-test.c: ...from here.
11090 * testsuite/rsa-keygen-test.c: New file.
11092 * testsuite/knuth-lfib-test.c: New file.
11094 * Makefile.am (libnettle_a_SOURCES): Added knuth-lfib.c and
11097 * rsa-keygen.c: New file.
11099 * rsa.h (RSA_MINIMUM_N_OCTETS): New constant.
11100 (RSA_MINIMUM_N_BITS): New constant.
11101 (nettle_random_func, nettle_progress_func): New typedefs. Perhaps
11102 they don't really belong in this file.
11103 (rsa_generate_keypair): Added progress-callback argument.
11105 * macros.h (READ_UINT24, WRITE_UINT24, READ_UINT16, WRITE_UINT16):
11108 * knuth-lfib.c, knuth-lfib.h: New files, implementing a
11109 non-cryptographic prng.
11111 2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
11113 * hmac-sha1.c: New file.
11115 2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
11117 * configure.in: Bumped version to 1.1.
11119 * testsuite/hmac-test.c (test_main): Added hmac-sha1 test cases.
11121 * rsa.c (rsa_init_private_key, rsa_clear_private_key): Handle d.
11123 * rsa.h (struct rsa_private_key): Reintroduced d attribute, to be
11124 used only for key generation output.
11125 (rsa_generate_keypair): Wrote a prototype.
11127 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha1.c and
11130 * des.c: Use static const for all tables.
11131 (des_set_key): Use a new const * variable for the parity
11132 procesing, for constness reasons.
11134 * list-obj-sizes.awk: New file.
11136 * nettle-internal.c, nettle-internal.h: New files.
11138 * testsuite/Makefile.am (TS_PROGS): Added hmac-test. Deleted old
11141 * testsuite/testutils.h (LDATA): Moved this macro here,...
11142 * testsuite/rsa-test.c: ... from here.
11144 * testsuite/hmac-test.c: New file.
11146 * hmac.h: General cleanup. Added declarations of hmac-md5,
11147 hmac-sha1 and hmac-sha256.
11149 * hmac.c: Bug fixes.
11151 * hmac-md5.c: First working version.
11153 * Makefile.am (libnettle_a_SOURCES): Added hmac.c and hmac-md5.c.
11154 (libnettleinclude_HEADERS): Added hmac.h.
11156 * testsuite/rsa-test.c: Also test a 777-bit key.
11158 * rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated
11160 (rsa_prepare_private_key): Compute the size of the key by
11161 computing n = p * q.
11163 * rsa-compat.c: Adapted to new private key struct.
11164 * rsa_md5.c: Likewise.
11165 * rsa_sha1.c: Likewise.
11167 * rsa.c (rsa_check_size): New function, for computing and checking
11168 the size of the modulo in octets.
11169 (rsa_prepare_public_key): Usa rsa_check_size.
11170 (rsa_init_private_key): Removed code handling n, e and d.
11171 (rsa_clear_private_key): Likewise.
11172 (rsa_compute_root): Always use CRT.
11174 * rsa.h (struct rsa_private_key): Deleted public key and d from
11175 the struct, as they are not needed. Added size attribute.
11177 2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
11179 * Makefile.am: Added *-meta files.
11181 * rsa.c (rsa_init_public_key): New function.
11182 (rsa_clear_public_key): Likewise.
11183 (rsa_init_private_key): Likewise.
11184 (rsa_clear_private_key): Likewise.
11186 * aes-meta.c: New file.
11187 * arcfour-meta.c: New file.
11188 * cast128-meta.c: New file.
11189 * serpent-meta.c: New file.
11190 * twofish-meta.c: New file.
11192 * examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
11194 2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
11196 Don't use m4 for generating test programs, it's way overkill. Use
11197 the C preprocessor instead.
11198 * testsuite/*-test.c: New file.
11200 * hmac.c, hmac.h, hmac-md5.c: New files.
11202 Defined structures describing the algoriths. Useful for code that
11203 wants to treat an algorithm as a black box.
11204 * nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
11207 2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
11209 * rsa-compat.c: Updated for new md5 and rsa conventions.
11211 * rsa_md5.c: Represent a signature as an mpz_t, not a string.
11212 Updated calls of md5 functions.
11213 * rsa_sha1.c: Likewise.
11215 * rsa.c (rsa_prepare_public_key): Renamed function, was
11216 rsa_init_public_key.
11217 (rsa_prepare_private_key): Renamed function, was
11218 rsa_init_private_key.
11220 * nettle.texinfo (Hash functions): Update for the changed
11221 interface without *_final. Document sha256.
11223 * testsuite/md5-test.m4, testsuite/sha1-test.m4,
11224 testsuite/sha256-test.m4, testsuite/yarrow-test.c: Updated for new
11225 hash function interface.
11227 * yarrow256.c: Removed calls of sha256_final and and some calls of
11230 * md5-compat.c (MD5Final): Call only md5_digest.
11232 * md5.c (md5_digest): Call md5_final and md5_init.
11233 (md5_final): Declared static.
11234 sha1.c, sha256.c: Analogous changes.
11236 * bignum.c (nettle_mpz_get_str_256): Declare the input argument
11239 2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
11241 * Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
11242 dependencies for $(des_headers) to depend only on the source file
11243 desdata.c, not on the executable.
11245 2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
11247 * testsuite/yarrow-test.c (main): Updated testcase to match fixed
11248 generator. Send verbose output to stdout, not stderr.
11250 * yarrow256.c (yarrow_slow_reseed): Bug fix, update the fast pool
11251 with the digest of the slow pool.
11252 (yarrow256_init): Initialize seed_file and counter to zero, to
11255 2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
11257 * bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
11260 2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
11262 * testsuite/yarrow-test.c (main): Updated test to match the fixed
11263 key event estimator.
11265 * yarrow_key_event.c (yarrow_key_event_estimate): Fixed handling
11268 * nettle.texinfo (Copyright): Say that under certain
11269 circumstances, Nettle can be used as if under the LGPL.
11271 * README: Added a paragraph on copyright.
11273 2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
11275 * yarrow256.c (yarrow256_force_reseed): New function.
11277 2001-11-14 Niels Möller <nisse@ehand.com>
11279 * testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
11281 * yarrow256.c (yarrow256_needed_sources): New function.
11282 (yarrow256_is_seeded): New function.
11283 (yarrow256_update): Use yarrow256_needed_sources.
11285 2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
11287 * testsuite/yarrow-test.out: Updated, to match the seed-file aware
11290 * testsuite/yarrow-test.c: Updated expected_output. Check the seed
11291 file contents at the end.
11293 * yarrow256.c (yarrow256_seed): New function.
11294 (yarrow_fast_reseed): Create new seed file contents.
11296 2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
11298 * yarrow.h: Deleted yarrow160 declarations.
11300 2001-11-02 Niels Möller <nisse@ehand.com>
11302 * yarrow256.c (yarrow256_init): Fixed order of code and
11305 2001-10-30 Niels Möller <nisse@ehand.com>
11307 * rsa-compat.h: Added real prototypes and declarations.
11309 * Makefile.am (libnettle_a_SOURCES): Added rsa-compat.h and
11312 * rsa-compat.c: New file, implementing RSA ref signature and
11313 verification functions.
11315 * configure.in: Check for libgmp. Deleted tests for SIZEOF_INT and
11318 * rsa_sha1.c: New file, PKCS#1 rsa-sha1 signatures.
11319 * rsa_md5.c: New file, PKCS#1 rsa-md5 signatures.
11321 * rsa.c: New file with general rsa functions.
11323 * Makefile.am (libnettle_a_SOURCES): Added rsa and bignum files.
11325 * bignum.c, bignum.h: New file, with base256 functions missing in
11328 * testsuite/Makefile.am: Added bignum-test.
11330 * testsuite/run-tests (test_program): Check the exit code more
11331 carefully, and treat 77 as skip. This convention was borrowed from
11334 * testsuite/macros.m4: New macro SKIP which exits with code 77.
11336 * testsuite/bignum-test.m4: New file.
11338 2001-10-15 Niels Möller <nisse@ehand.com>
11340 * testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
11343 2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
11345 * testsuite/des-test.m4: Added testcase taken from applied
11348 * testsuite/yarrow-test.c: Use sha256 instead of sha1 for checking
11349 input and output. Updated the expected values.
11351 * yarrow256.c (YARROW_RESEED_ITERATIONS): New constant.
11352 (yarrow_iterate): New function.
11353 (yarrow_fast_reseed): Call yarrow_iterate.
11355 * testsuite/yarrow-test.c: Added verbose flag, disabled by
11358 2001-10-12 Niels Möller <nisse@ehand.com>
11360 * examples/nettle-benchmark.c: Added more ciphers.
11362 * Makefile.am (SUBDIRS): Added the examples subdir.
11364 * configure.in: Output examples/Makefile.
11366 2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
11368 * examples/nettle-benchmark.c: New benchmarking program.
11370 2001-10-10 Niels Möller <nisse@ehand.com>
11372 * testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
11373 output, and compare to expected values.
11375 * testsuite/Makefile.am (CFLAGS): Don't disable optimization.
11376 (run-tests): Set srcdir in the environment when running run-tests.
11378 * testsuite/rfc1750.txt: Added this rfc as test input for yarrow.
11380 * yarrow_key_event.c (yarrow_key_event_estimate): Check if
11382 (yarrow_key_event_init): Initialize previous to zero.
11384 * yarrow256.c: Added debug some output.
11386 * testsuite/yarrow-test.c (main): Better output of entropy
11387 estimates at the end.
11389 2001-10-09 Niels Möller <nisse@ehand.com>
11391 * testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
11393 * testsuite/yarrow-test.c: New file.
11395 * yarrow256.c (yarrow256_init): Initialize the sources.
11396 (yarrow256_random): Fixed loop condition.
11398 * yarrow.h (YARROW_KEY_EVENT_BUFFER): New constant.
11400 * yarrow_key_event.c: New file.
11402 * Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
11404 2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
11406 * yarrow.h (struct yarrow_key_event_ctx): New struct.
11408 * yarrow256.c (yarrow_fast_reseed): Generate two block of output
11409 using the old key and feed into the pool.
11411 * yarrow.h (struct yarrow256_ctx): Deleted buffer, index and
11414 * yarrow256.c (yarrow_fast_reseed): New function.
11415 (yarrow_slow_reseed): New function.
11416 (yarrow256_update): Check seed/reseed thresholds.
11417 (yarrow_gate): New function, extracted from
11418 yarrow_generate_block_with_gate which was deleted.
11419 (yarrow_generate_block_with_gate): Deleted function.
11420 (yarrow256_random): Don't buffer any output, instead gate after
11422 (YARROW_GATE_THRESHOLD): Deleted constant.
11424 2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
11426 * Makefile.am: Added yarrow files.
11428 * yarrow256.c: New file, implementing Yarrow. Work in progress.
11430 * sha256.c: New file, implementing sha256.
11432 * testsuite/Makefile.am (CFLAGS): Added sha256-test.
11434 * testsuite/sha256-test.m4: New testcases for sha256.
11436 * shadata.c: New file, for generating sha256 constants.
11438 * sha.h: Renamed sha1.h to sha.h, and added declarations for
11441 2001-10-05 Niels Möller <nisse@ehand.com>
11443 * testsuite/aes-test.m4: Added a comment with NIST test vectors.
11445 2001-10-04 Niels Möller <nisse@ehand.com>
11447 * rsa.h, rsa-compat.h, yarrow.h: New files.
11449 2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
11451 * Released version 1.0.
11453 2001-09-25 Niels Möller <nisse@ehand.com>
11455 * sha1.c: Include stdlib.h, for abort.
11457 * md5.c: Include string.h, for memcpy.
11459 * testsuite/Makefile.am (M4_FILES): New variable. Explicitly list
11460 those C source files that should be generated by m4.
11462 * configure.in: Changed package name from "libnettle" to "nettle".
11464 * Makefile.am (EXTRA_DIST): Added .bootstrap.
11466 * AUTHORS: Added a reference to the manual.
11468 2001-09-25 Niels Möller <nisse@lysator.liu.se>
11470 * des-compat.c (des_cbc_cksum): Bug fix, local variable was
11471 declared in the middle of a block.
11473 2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
11475 * nettle.texinfo (Compatibility functions): New section,
11476 mentioning md5-compat.h and des-compat.h.
11478 2001-09-18 Niels Möller <nisse@ehand.com>
11480 * index.html: New file.
11482 2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
11484 * nettle.texinfo: Added description of des3. Minor fixes.
11486 * testsuite/des-compat-test.c (cbc_data): Shorten to 32 bytes (4
11487 blocks), the last block of zeroes wasn't used anyway.
11489 * des-compat.c (des_compat_des3_decrypt): Decrypt in the right
11491 (des_ncbc_encrypt): Bug fixed.
11492 (des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
11494 2001-09-14 Niels Möller <nisse@ehand.com>
11496 * testsuite/des-compat-test.c: New file, copied from libdes
11497 (freeswan). All implemented functions but des_cbc_cksum seems to
11500 * testsuite/Makefile.am (TS_PROGS): Added des-compat-test.
11502 * des-compat.c: Added libdes typedef:s. Had to remove all use of
11503 const in the process.
11504 (des_check_key): New global variable, checked by des_set_key.
11506 * des.c (des_set_key): Go on and expand the key even if it is
11509 * des-compat.c (des_cbc_cksum): Implemented.
11510 (des_key_sched): Fixed return values.
11512 2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
11514 * Makefile.am: Added des-compat.c and des-compat.h
11516 * des-compat.c: Bugfixes, more functions implemented.
11518 * des-compat.h: Define DES_ENCRYPT and DES_DECRYPT. Bugfixes.
11520 2001-09-10 Niels Möller <nisse@ehand.com>
11522 * nettle.texinfo (Copyright): Added copyright information for
11524 (Miscellaneous functions): Started writing documentation on the CBC
11526 (Cipher Block Chaining): This section more or less complete now.
11528 2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
11530 * testsuite/cbc-test.m4: Record intermediate values in a comment.
11531 * testsuite/des3-test.m4: Likewise.
11533 * testsuite/aes-test.m4: Added test case that appeared broken in
11536 * cbc.c (cbc_encrypt): Bug fix, encrypt block *after* XOR:ing the
11539 * Makefile.am (libnettleinclude_HEADERS): Added cbc.h. Deleted
11541 (libnettle_a_SOURCES): Added des3.c.
11543 * testsuite/Makefile.am (TS_PROGS): Added des3-test and cbc-test.
11545 * testsuite/cbc-test.m4: New testcase.
11547 * testsuite/des3-test.m4: New testcase.
11549 * cbc.h (CBC_CTX): New macro.
11550 (CBC_ENCRYPT): New macro.
11551 (CBC_DECRYPT): New macro.
11553 * des.c (des_fix_parity): New function.
11555 * des3.c: New file, implementing triple des.
11557 2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
11559 * cbc.c, cbc.h: New files, for general CBC encryption.
11561 * des-compat.h: Added some prototypes.
11563 2001-09-05 Niels Möller <nisse@ehand.com>
11565 * testsuite/Makefile.am (TS_PROGS): Added md5-compat-test.
11567 * README: Copied introduction from the manual.
11569 * configure.in: Bumped version to 1.0.
11571 * Makefile.am (libnettleinclude_HEADERS): Added missing includes.
11572 (libnettle_a_SOURCES): Added md5-compat.c and md5-compat.h.
11574 * md5-compat.c, md5-compat.h: New files, implementing an RFC
11575 1321-style interface.
11577 2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
11579 * twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
11580 Spotted by Jean-Pierre.
11581 (twofish_encrypt): Likewise.
11583 2001-07-03 Niels Möller <nisse@ehand.com>
11585 * testsuite/testutils.c: Include string.h.
11587 * twofish.c: Include string.h.
11589 2001-06-17 Niels Möller <nisse@lysator.liu.se>
11591 * Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
11592 seems to break with GNU make 3.79.1.
11594 * testsuite/testutils.c, testsuite/testutils.h: Use <inttypes.h>,
11596 Include <stdlib.h>.
11598 2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
11600 * Use <inttypes.h>, not <stdint.h>.
11602 * blowfish.h (BLOWFISH_MAX_KEY_SIZE): Fixed, should be 56.
11604 * Fixed copyright notices.
11606 * Makefile.am (libnettle_a_SOURCES): Added desinfo.h and
11608 (info_TEXINFOS): Added manual.
11609 (EXTRA_DIST): Added nettle.html.
11610 (%.html): Added rule for building nettle.html.
11612 * nettle.texinfo: New manual.
11614 * configure.in: Bumped version to 0.2.
11616 * testsuite/Makefile.am (TS_PROGS): Added cast128 test.
11620 * testsuite/serpent-test.m4: Added a few rudimentary tests
11621 extracted from the serpent package.
11623 * twofish.c: Adapted to nettle. Made constant tables const.
11624 Deleted bytes_to_word and word_to_bytes; use LE_READ_UINT32 and
11625 LE_WRITE_UINT32 instead.
11626 (twofish_selftest): Deleted. Moved the tests to the external
11628 (twofish_set_key): Don't silently truncate too large keys.
11630 * sha1.c (sha1_update): Use unsigned for length.
11632 * serpent.c (serpent_set_key): Read the key backwards. Fixed
11633 padding (but there are no test vectors for key_size not a multiple
11635 (serpent_encrypt): Read and write data in the strange order used
11636 by the reference implementation.
11637 (serpent_decrypt): Likewise.
11639 * macros.h (FOR_BLOCKS): New macro, taken from lsh.
11641 * blowfish.h (struct blowfish_ctx): Use a two-dimensional array
11644 * blowfish.c (initial_ctx): Arrange constants into a struct, to
11645 simplify key setup.
11646 (F): Deleted all but one definitions of the F function/macro.
11647 Added a context argument, and use that to find the subkeys.
11648 (R): Added context argument, and use that to find the subkeys.
11649 (blowfish_set_key): Some simplification.
11651 (encrypt): Deleted code for non-standard number of rounds. Deleted
11652 a bunch of local variables. Using the context pointer for
11653 everything should consume less registers.
11654 (decrypt): Likewise.
11656 * Makefile.am (libnettle_a_SOURCES): Added twofish.
11658 2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
11660 * testsuite/blowfish-test.m4: Fixed test.
11662 * Added twofish implementation.
11664 * blowfish.h (struct blowfish_ctx): Use the correct size for the p
11667 2001-06-15 Niels Möller <nisse@ehand.com>
11669 * testsuite/blowfish-test.m4: Fixed testcase, use correct key
11672 * Makefile.am (libnettle_a_SOURCES): Added blowfish files.
11673 ($(des_headers)): Strip directory part when passing file name to
11676 * testsuite/blowfish-test.m4: Added one test, from GNUPG.
11678 * Created blowfish.c and blowfish.h (from GNUPG via LSH). Needs
11681 * aes.h: Fixed copyright notice to not mention GNU MP. XXX: Review
11682 all nettle copyrights.
11684 * testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
11687 2001-06-13 Niels Möller <nisse@ehand.com>
11689 * Makefile.am (libnettle_a_SOURCES): Added serpent files.
11691 2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
11693 * des.c (des_encrypt, des_decrypt): Assert that the key setup was
11696 * testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
11698 * testsuite/sha1-test.m4: New file.
11700 * testsuite/des-test.m4: New file.
11702 * Added sha1 files.
11704 * Added desCore files.
11706 * Makefile.am: Added desCore and sha1.
11708 2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
11710 * install-sh: Copied the standard install script.
11712 * testsuite/Makefile.am (CFLAGS): Disable optimization. Add
11713 $(top_srcdir) to the include path.
11714 (EXTRA_DIST): Added testutils.h, testutils.c and run-tests.
11715 (run-tests): Fixed path to run-tests.
11717 * Makefile.am (EXTRA_DIST): Added memxor.h.
11718 (libnettleinclude_HEADERS): Install headers in
11719 $(libnettleincludedir).
11721 2001-04-13 Niels Möller <nisse@cuckoo.hack.org>