1 2014-08-25 Niels Möller <nisse@lysator.liu.se>
3 * ecc-internal.h (ecc_mul_g_func, ecc_mul_func, ecc_h_to_a_func):
5 (struct ecc_curve): New function pointers mul, mul_g, h_to_a, and
6 constans for their scratch requirements. Updated all instances.
8 * ecc-point.c (ecc_point_set): Handle curve25519 as a special
9 case, when checking if the point is on the curve.
11 2014-08-24 Niels Möller <nisse@lysator.liu.se>
13 * testsuite/ecdh-test.c: Test ecc_point_mul and ecc_point_mul_g,
14 using test data generated by ecc-ref.gp. Tests for all curves
15 except curve25519, which doesn't yet work with the general
18 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecdh-test.c.
20 * misc/ecc-ref.gp: Script to generate ECDH test data.
22 2014-08-23 Niels Möller <nisse@lysator.liu.se>
24 * ecc-a-to-j.c (ecc_a_to_j): Deleted INITIAL argument.
25 * ecc.h (ecc_a_to_j): Updated prototype.
26 * ecc-mul-a.c (ecc_mul_a, table_init): Updated calls to ecc_a_to_j.
28 * ecc-mul-a.c (ecc_mul_a): Deleted INITIAL argument, all callers,
29 except the tests, pass 1. Updated all callers.
30 (table_init): Likewise deleted INITIAL.
31 * ecc.h (ecc_mul_a): Updated prototype.
32 * testsuite/ecc-mul-a-test.c (test_main): Deleted tests for
33 ecc_mul_a with INITIAL == 0.
35 * ecc-internal.h (struct ecc_curve): Reordered struct, moved
36 function pointers before pointers to bignum constants.
38 * sec-modinv.c (sec_modinv): Document that for a == 0 (mod m), we
39 should produce the "inverse" 0.
41 * testsuite/ecc-modinv-test.c (test_main): Check that ecc_modp_inv
42 produces 0 if a == 0 or a == p.
44 2014-08-22 Niels Möller <nisse@lysator.liu.se>
46 * x86_64/ecc-25519-modp.asm: New file. Assembly implementation,
47 initial version yields 30% speedup of ecc_25519_modp. Early
48 folding eliminates one pass of carry propagation, and yields
49 almost 20% additional speedup.
51 * ecc-25519.c [HAVE_NATIVE_ecc_25519_modp]: Use assembly version
54 * configure.ac (asm_hogweed_optional_list): Added ecc-25519-modp.asm.
55 Also add HAVE_NATIVE_ecc_25519_modp to config.h.in.
57 2014-08-19 Niels Möller <nisse@lysator.liu.se>
59 * examples/ecc-benchmark.c (bench_curve): Support benchmarking of
60 curve25519, for now handled as a special case.
61 (curves): Added nettle_curve25519.
62 (bench_dup_eh, bench_add_eh, bench_add_ehh, bench_mul_g_eh): New
65 2014-08-18 Niels Möller <nisse@lysator.liu.se>
67 * testsuite/curve25519-dh-test.c (test_a): Use curve25519_mul.
68 (test_main): Use little-endian inputs for test_a.
69 (curve25519_sqrt, curve_25519): Deleted static helper functions,
72 * curve25519-mul.c (curve25519_mul): New file and function.
73 * curve25519.h (curve25519_mul): Declare it.
74 * Makefile.in (hogweed_SOURCES): Added curve25519-mul.c.
76 * curve25519-mul-g.c (curve25519_mul_g): Renamed file and
77 function, updated callers.
78 * curve25519-base.c (curve25519_base): ... old names.
79 * Makefile.in (hogweed_SOURCES): Updated for rename.
81 * eccdata.c (output_curve): Compute constants needed for
83 * ecc-25519.c (ecc_modp_powm_2kp1, ecc_25519_sqrt): New functions.
84 * ecc-internal.h (ecc_25519_sqrt): Declare it.
86 2014-08-06 Niels Möller <nisse@lysator.liu.se>
88 * testsuite/curve25519-dh-test.c (test_g): Use curve25519_base.
89 (test_main): Use little-endian inputs for test_g.
91 * curve25519-base.c (curve25519_base): New file, new function.
92 Analogous to NaCl's crypto_scalarmult_base.
93 * curve25519.h: New file.
94 * Makefile.in (hogweed_SOURCES): Added curve25519-base.c.
95 (HEADERS): Added curve25519.h.
97 * gmp-glue.c (mpn_set_base256_le, mpn_get_base256_le): New functions.
98 * gmp-glue.h: Declare them.
100 2014-08-02 Niels Möller <nisse@lysator.liu.se>
102 * testsuite/curve25519-dh-test.c (curve25519_sqrt): Fixed memory
103 leak, a mpz_clear call was missing.
105 * ecc-internal.h (ECC_MUL_A_EH_WBITS): Set to 4, to enable
106 window-based scalar multiplication.
108 * ecc-mul-a-eh.c (table_init) [ECC_MUL_A_EH_WBITS > 0]: Fixed
109 initialization of TABLE(1).
111 2014-07-29 Niels Möller <nisse@lysator.liu.se>
113 * ecc-internal.h (ECC_MUL_A_EH_WBITS): New constant.
114 (ECC_A_TO_EH_ITCH, ECC_MUL_A_EH_ITCH): New macros.
115 * ecc-a-to-eh.c (ecc_a_to_eh, ecc_a_to_eh_itch): New file, new
117 * ecc-mul-a-eh.c: New file.
118 (ecc_mul_a_eh): New function. The case [ECC_MUL_A_EH_WBITS > 0]
120 (ecc_mul_a_eh_itch): New function.
121 * ecc.h: Declare new functions.
122 * Makefile.in (hogweed_SOURCES): Added ecc-a-to-eh.c and
125 * testsuite/curve25519-dh-test.c (curve25519_sqrt): New function.
126 (curve_25519): Use ecc_mul_a_eh.
127 (test_a): New function.
128 (test_main): Test construction of shared secret, using scalar
129 multiplication with points other than the fix generator.
131 2014-07-26 Niels Möller <nisse@lysator.liu.se>
133 * ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
134 * ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
136 2014-07-23 Niels Möller <nisse@lysator.liu.se>
138 * testsuite/curve25519-dh-test.c: New test case, based on
139 draft-josefsson-tls-curve25519-05 test vectors.
140 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added curve25519-dh-test.c.
142 2014-07-18 Niels Möller <nisse@lysator.liu.se>
144 * ecc-mul-g-eh.c (ecc_mul_g_eh, ecc_mul_g_eh_itch): New file and
146 * ecc.h (ecc_mul_g_eh_itch): Declare new functions.
147 * ecc-internal.h (ECC_MUL_G_EH_ITCH): New macro.
148 * Makefile.in (hogweed_SOURCES): Added ecc-mul-g-eh.c.
150 2014-07-17 Niels Möller <nisse@lysator.liu.se>
152 * ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
153 * ecc-internal.h (ECC_ADD_EH_ITCH): Reduced to 6*size.
155 * testsuite/curve25519-dup-test.c (test_main): Free allocated
158 2014-07-15 Niels Möller <nisse@lysator.liu.se>
160 * ecc-add-eh.c (ecc_add_eh, ecc_add_eh_itch): New file, new
162 * ecc.h: Declare new functions.
163 * ecc-internal.h (ECC_ADD_EH_ITCH): New macro.
164 * Makefile.in (hogweed_SOURCES): Added ecc-add-eh.c.
165 * testsuite/curve25519-add-test.c (test_main): Test ecc_add_eh.
166 Additional test for g2+g2. Free allocated storage.
168 2014-07-14 Niels Möller <nisse@lysator.liu.se>
170 * testsuite/curve25519-add-test.c: New test case.
171 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
172 curve25519-add-test.c.
174 * ecc-add-ehh.c (ecc_add_ehh, ecc_add_ehh_itch): New file, new
176 * ecc.h (ecc_add_ehh, ecc_add_ehh_itch): Declare them.
177 * ecc-internal.h (ECC_ADD_EHH_ITCH): New macro.
178 * Makefile.in (hogweed_SOURCES): Added ecc-add-ehh.c.
180 * ecc-25519.c (nettle_curve25519): Use ecc_d instead of ecc_b.
182 * eccdata.c: For curve25519, output the Edwards curve constant,
183 ecc_d = (121665/121666) mod p.
185 * testsuite/curve25519-dup-test.c (test_main): Add test for 4g.
186 Delete some left-over debug output.
188 2014-07-11 Niels Möller <nisse@lysator.liu.se>
190 * misc/ecc-formulas.tex: Some ECC notes.
192 * testsuite/curve25519-dup-test.c: New testcase.
193 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
194 curve25519-dup-test.c.
196 * testsuite/testutils.c (test_ecc_point): Made non-static.
197 * testsuite/testutils.h (struct ecc_ref_point): Moved here, from
199 (test_ecc_point): Declare it.
201 * ecc-dup-eh.c (ecc_dup_eh, ecc_dup_eh_itch): New file, new functions.
202 * ecc-eh-to-a.c (ecc_eh_to_a, ecc_eh_to_a_itch): New file, new
204 * ecc.h: Declare new functions.
205 * ecc-internal.h (ECC_EH_TO_A_ITCH, ECC_DUP_EH_ITCH): New macros.
206 * Makefile.in (hogweed_SOURCES): Added ecc-dup-eh.c and
209 * ecc-internal.h (struct ecc_curve): New constant edwards_root.
210 * ecc-192.c (nettle_secp_192r1): Updated accordingly, additional
212 * ecc-224.c (nettle_secp_224r1): Likewise.
213 * ecc-256.c (nettle_secp_256r1): Likewise.
214 * ecc-384.c (nettle_secp_384r1): Likewise.
215 * ecc-521.c (nettle_secp_521r1): Likewise.
216 * ecc-25519.c (nettle_curve25519): Initialize new constant.
218 * eccdata.c (ecc_curve_init): For curve 25519, use correct
219 constant for edwards coordinate transform, and output the constant
222 2014-07-06 Niels Möller <nisse@lysator.liu.se>
224 * eccdata.c: Use separate is_zero flag to represent the neutral
226 (output_point, output_point_redc): Unified to a single function,
227 with a use_redc flag argument. Also support conversion to Edwards
229 (ecc_curve_init_str): New argument for Edwards curve conversion
232 2014-07-04 Niels Möller <nisse@lysator.liu.se>
234 * ecc-25519.c: New file.
235 (ecc_25519_modp): New function.
236 (nettle_curve25519): New curve.
238 * ecc-curve.h (nettle_curve25519): Declare it.
240 * Makefile.in (hogweed_SOURCES): Added ecc-25519.c.
241 (ecc-25519.h): New generated file. Add as explicit dependency for
244 * testsuite/ecc-mod-test.c (test_curve): New function, extracted
245 from test_main. Tolerate NULL modq function pointer.
246 (test_main): Use test_curve, iterate over supported curves, and
247 also test curve_25519 for the new modp function.
249 2014-07-02 Niels Möller <nisse@lysator.liu.se>
251 * eccdata.c (ecc_dup): Use mpz_submul_ui, now available in
253 (ecc_type): New enum, for Weierstrass and Montgomery curves
254 (ecc_curve): New field type.
255 (ecc_dup): Support montgomery curves.
257 (ecc_curve_init_str): New argument, for the curve type.
258 (ecc_curve_init): Pass curve type to all ecc_curve_init_str calls.
259 Recognize curve25519, for bit_size 255.
260 (output_modulo): Deleted assert, which isn't true for curve25519.
262 2014-06-30 Niels Möller <nisse@lysator.liu.se>
264 * camellia-absorb.c: Include <limits.h>, needed for correct use of
265 HAVE_NATIVE_64_BIT. Reported and debugged by Magnus Holmgren.
266 Fixes debian build failure on s390x.
268 2014-06-26 Niels Möller <nisse@lysator.liu.se>
271 * configure.ac (IF_NOT_SHARED): New substituted variable.
272 * hogweed.pc.in: Use @LIBS@, instead of hardcoding -lgmp. When
273 shared libraries are disabled, move needed libraries from
274 Requires.private: to Requires: and from Libs.private: to Libs:.
276 From Nikos Mavrogiannopoulos.
277 * examples/hogweed-benchmark.c (bench_alg): Tolerate alg->init
279 (bench_openssl_ecdsa_init): Return NULL if
280 EC_KEY_new_by_curve_name fails, indicating the curve is not
283 2014-06-25 Niels Möller <nisse@lysator.liu.se>
285 Support for building with mini-gmp instead of the real GMP. Loosely
286 based on work by Nikos Mavrogiannopoulos.
287 * configure.ac: New command line option --enable-mini-gmp. Also
288 disable all libgmp-related checks when enabled.
289 (NETTLE_USE_MINI_GMP): New substituted variable.
290 (LIBHOGWEED_LIBS): Use $(LIBS) instead of -lgmp.
291 (IF_MINI_GMP): New Makefile conditional.
292 (GMP_NUMB_BITS): Alternative test for the mini-gmp case.
293 Substituted also in bignum.h.
294 (HAVE_MPZ_POWM_SEC): Drop this unused check.
296 * bignum.h: Renamed, to...
297 * bignum.h.in: New name.
298 (NETTLE_USE_MINI_GMP): Substituted by configure.
299 (GMP_NUMB_BITS): Substituted by configure, for the mini-gmp case.
301 * Makefile.in (OPT_HOGWEED_SOURCES): New variable, value
302 conditional on @IF_MINI_GMP@.
303 (hogweed_SOURCES): Add $(OPT_HOGWEED_SOURCES).
304 (PRE_CPPFLAGS): Add -I$(srcdir).
305 (HEADERS): Delete bignum.h.
306 (INSTALL_HEADERS): Add bignum.h. Also add mini-gmp.h, if mini-gmp
308 (DISTFILES): Added bignum.h.in.
309 (bignum.h): New target.
310 (distclean-here): Delete bignum.h.
312 * examples/ecc-benchmark.c (modinv_gcd) [NETTLE_USE_MINI_GMP]:
313 Disable this benchmark.
314 (mpn_random) [NETTLE_USE_MINI_GMP]: Provide a simple implementation.
316 * testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Skip test, it
317 depends on gmp_randstate_t.
318 * testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Likewise.
319 * testsuite/ecc-mul-a-test.c [NETTLE_USE_MINI_GMP]: Likewise.
320 * testsuite/ecc-mul-g-test.c [NETTLE_USE_MINI_GMP]: Likewise.
321 * testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Likewise.
323 Various preparations for mini-gmp support.
324 * testsuite/bignum-test.c: Use WITH_HOGWEED instead of HAVE_LIBGMP
325 for preprocessor conditionals.
326 * testsuite/testutils.h: Likewise.
327 * testsuite/sexp-format-test.c: Likewise.
329 * testsuite/ecdsa-keygen-test.c (test_main): Use printf,
330 mpz_out_str and write_mpn instead of gmp_fprintf.
331 * testsuite/ecdsa-sign-test.c (test_ecdsa): Likewise.
332 * testsuite/ecdsa-verify-test.c (test_ecdsa): Likewise.
334 * dsa.h: Include bignum.h instead of gmp.h.
335 * ecc-internal.h: Likewise.
337 * gmp-glue.h: Likewise.
341 * testsuite/testutils.c (die): Use plain vfprintf, not
343 (write_mpn): New function.
344 (test_ecc_point): Use it, replacing gmp_fprintf.
345 * testsuite/testutils.h (write_mpn): Declare it.
347 * der-iterator.c: Deleted HAVE_LIBGMP conditionals.
349 2014-06-07 Niels Möller <nisse@lysator.liu.se>
351 * Released nettle-3.0
353 2014-06-04 Niels Möller <nisse@lysator.liu.se>
355 * NEWS: List des-compat.h as a candidate for removal in the next
358 * testsuite/des-compat-test.c (test_main): Fixed out of bounds
359 memory read, reported by Nikos Mavrogiannopoulos.
361 * nettle-write.h: Include <stddef.h>, fixing compilation on
364 * aclocal.m4 (ac_stdint): Fixed "unsinged" typo, spotted by Andy
367 2014-06-01 Niels Möller <nisse@lysator.liu.se>
369 * x86_64/gcm-hash8.asm: Pass correct argument count to W64_EXIT.
370 * x86_64/camellia-crypt-internal.asm: Pass correct argument count
371 to W64_ENTRY and W64_EXIT.
373 * x86_64/machine.m4 [W64_ABI]: Fix for the case of 6 function
374 arguments. Also push %rdi unconditionally, and use aligned
375 accesses for save and restore %xmm registers (movdqa).
377 2014-05-31 Niels Möller <nisse@lysator.liu.se>
379 * configure.ac: Check for COFF type directives.
380 (ASM_COFF_STYLE): New substituted variable.
381 * config.m4.in: Set COFF_STYLE from configure.
382 * asm.m4 (PROLOGUE): Use COFF type directive, if enabled by
383 configure. Fixes problem with windows dll linking.
385 * asm.m4: Deleted unused offsets for struct aes_ctx.
387 2014-05-28 Niels Möller <nisse@lysator.liu.se>
389 * testsuite/nettle-pbkdf2-test: Delete carriage return characters
392 * configure.ac (LIBHOGWEED_LIBS): Be explicit and link
393 libhogweed.so with libnettle.so, not -lnettle.
394 (LIBHOGWEED_LINK): Drop -L. flag, no longer needed, and previously
395 not at the correct position in the link command line.
397 2014-05-27 Niels Möller <nisse@lysator.liu.se>
399 * examples/ecc-benchmark.c: If mpn_sec_powm is available,
400 benchmark it, for modinv.
401 (bench_modinv_powm): New function.
402 (bench_curve): Use it.
404 2014-05-22 Niels Möller <nisse@lysator.liu.se>
407 * Makefile.in ($(des_headers)): Use the EXEEXT_FOR_BUILD.
409 2014-05-15 Niels Möller <nisse@lysator.liu.se>
411 * NEWS: Updated with library version numbers.
413 * configure.ac (dummy-dep-files): Use simpler and more portable
414 sed expression. Problem reported by Peter Eriksson.
415 (LIBHOGWEED_MAJOR): Bumped shared library version to 3.0.
416 (LIBHOGWEED_MINOR): Reset to zero. Also increased the package
417 version number to 3.0.
419 * getopt.c: Don't use gettext.
421 2014-05-14 Niels Möller <nisse@lysator.liu.se>
423 * testsuite/nettle-pbkdf2-test: Avoid the bash construction
426 * getopt.c: Copied from glibc tree, tag glibc-2.19.
427 * getopt.h: Likewise.
428 * getopt1.c: Likewise.
429 * getopt_int.h: New file, also copied from glibc.
430 * Makefile.in (DISTFILES): Added getopt_int.h.
432 2014-05-09 Niels Möller <nisse@lysator.liu.se>
434 * mini-gmp.c: Updated, use version from gmp-6.0.0.
435 * mini-gmp.h: Likewise.
437 * testsuite/Makefile.in (all): Drop dependency on $(TARGETS), to
438 delay building of test programs until make check.
440 2014-05-08 Niels Möller <nisse@lysator.liu.se>
442 * nettle.texinfo (nettle_aead abstraction): Document nettle_aead.
444 * Makefile.in (nettle_SOURCES): Added nettle-meta-aeads.c.
445 * nettle-meta.h (nettle_aeads): Declare array.
446 * nettle-meta-aeads.c (nettle_aeads): New file, new array.
447 * testsuite/meta-aead-test.c: New test case.
448 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
451 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD): If CC_FOR_BUILD is gcc, add
452 -O option. This makes eccdata twice as fast.
454 2014-05-06 Niels Möller <nisse@lysator.liu.se>
456 * nettle.texinfo: Document SHA3 and ChaCha-Poly1305 as
459 2014-05-05 Niels Möller <nisse@lysator.liu.se>
461 * nettle.texinfo (POLY1305): Document poly1305-aes.
462 (Authenticated encryption): Move AEAD algorithms to their own
464 (RSA, DSA, ECDSA): Change some subsections to subsubsections.
465 (ChaCha-Poly1305): Document ChaCha-Poly1305.
467 2014-05-04 Niels Möller <nisse@lysator.liu.se>
469 * nettle.texinfo (DSA): Document new DSA interface.
470 (Salsa20): Update salsa20 docs.
471 (ChaCha): Document ChaCha.
473 2014-05-03 Niels Möller <nisse@lysator.liu.se>
475 * configure.ac: Check for SIZEOF_SIZE_T.
476 * ccm.c (ccm_set_nonce): Skip code for 64-bit encoding when size_t
479 * nettle.texinfo (CCM): Document new ccm macros and constants.
480 Describe ccm restrictions.
482 * ccm.h (CCM_DIGEST_SIZE): New constant.
484 2014-04-30 Niels Möller <nisse@lysator.liu.se>
486 * ccm.c (CCM_IV_MAX_SIZE, CCM_IV_MIN_SIZE): Deleted, replaced by
487 public constants CCM_MIN_NONCE_SIZE and CCM_MAX_NONCE_SIZE.
488 (ccm_build_iv): Updated for above rename.
489 (CCM_L_MAX_SIZE): Deleted, no longer used.
491 * ccm.h (CCM_MIN_NONCE_SIZE, CCM_MAX_NONCE_SIZE): New constants.
492 (CCM_MAX_MSG_SIZE): New macro.
494 2014-04-27 Niels Möller <nisse@lysator.liu.se>
496 * nettle.texinfo (Cipher modes): Subsection on AEAD constructions.
497 (GCM): Update GCM documentation, including functions for
498 gcm_aes128, gcm_camellia128, ...
500 2014-04-26 Niels Möller <nisse@lysator.liu.se>
502 * nettle.texinfo: Update for introduction of nettle_cipher_func.
503 (GCM): Document GCM_DIGEST_SIZE.
504 (UMAC): Document new UMAC constants.
505 (Keyed hash functions): Make HMAC and UMAC their own info nodes.
508 * umac.h (UMAC_MIN_NONCE_SIZE, UMAC_MAX_NONCE_SIZE): New
511 2014-04-25 Niels Möller <nisse@lysator.liu.se>
513 * All hash-related files: Renamed all _DATA_SIZE constants to
514 _BLOCK_SIZE, for consistency. Old names kept for backwards
517 * nettle.texinfo (CCM): Documentation for CCM mode, contributed by
520 * testsuite/ccm-test.c (test_cipher_ccm): And tests.
522 * ccm.c (ccm_decrypt_message): Change length argument, should now
523 be clear text (dst) length.
524 * ccm-aes128.c (ccm_aes128_decrypt_message): Likewise.
525 * ccm-aes192.c (ccm_aes192_decrypt_message): Likewise.
526 * ccm-aes256.c (ccm_aes256_decrypt_message): Likewise.
527 * ccm.h: Updated prototypes.
529 2014-04-22 Niels Möller <nisse@lysator.liu.se>
531 * nettle.texinfo (Recommended hash functions): Document additional
534 * sha2.h (sha512_224_ctx, sha512_256_ctx): New aliases for the
535 sha512_ctx struct tag.
537 2014-04-17 Niels Möller <nisse@lysator.liu.se>
539 * examples/Makefile.in (SOURCES): Deleted next-prime.c (forgotten
540 in 2014-04-13 change).
542 2014-04-16 Niels Möller <nisse@lysator.liu.se>
544 * testsuite/ccm-test.c (test_cipher_ccm): Deleted check for NULL
547 * sha3-224.c (sha3_224_init): Pass pointer to context struct, not
548 pointer to first element, to memset.
549 * sha3-256.c (sha3_256_init): Likewise.
550 * sha3-384.c (sha3_384_init): Likewise.
551 * sha3-512.c (sha3_512_init): Likewise.
553 * examples/eratosthenes.c (vector_alloc): Use sizeof(*vector)
554 instead of explicit type in malloc call.
555 (vector_init): Make constant explicitly unsigned long.
557 * tools/input.c (sexp_get_quoted_char): Deleted useless for loop.
559 2014-04-13 Niels Möller <nisse@lysator.liu.se>
561 * rsa-compat.c: Deleted file.
562 * rsa-compat.h: Deleted file.
563 * Makefile.in (hogweed_SOURCES): Deleted rsa-compat.c.
564 (HEADERS): Deleted rsa-compat.h.
566 * examples/next-prime.c: Deleted file.
567 * bignum-next-prime.c (nettle_next_prime): Deleted file and
569 * prime-list.h: Deleted file.
570 * bignum.h (nettle_next_prime): Deleted prototype.
571 * Makefile.in (hogweed_SOURCES): Deleted bignum-next-prime.c.
572 (DISTFILES): Deleted prime-list.h.
573 * examples/Makefile.in (HOGWEED_TARGETS): Deleted next-prime, and
574 corresponding make target.
576 2014-04-12 Niels Möller <nisse@lysator.liu.se>
578 * nettle.texinfo (Copyright): Updated licensing info.
581 * Makefile.in (DISTFILES): Distribute new COPYING* files.
583 * COPYING.LESSERv3: New file.
584 * COPYINGv3: New file.
585 * COPYING.LIB: Deleted.
586 * COPYINGv2: New name for GPL version 2 file.
587 * COPYING: Old name, deleted.
589 * Update license headers for LGPL3+ and GPL2+ dual licensing.
591 2014-04-11 Niels Möller <nisse@lysator.liu.se>
593 * testsuite/testutils.c (test_aead): Use aead->digest_size.
595 * configure.ac: Skip GMP tests if public key support is disabled.
597 * eax.c (block16_xor): Fixed bug effecting 32-bit platforms.
599 * Makefile.in (DISTFILES): Deleted memxor.c, already included via
601 * tools/Makefile.in (SOURCES): Add nettle-pbkdf2.c.
603 2014-04-10 Niels Möller <nisse@lysator.liu.se>
605 From Nikos Mavrogiannopoulos:
606 * examples/hogweed-benchmark.c (bench_openssl_ecdsa_init): Support
607 for secp192r1 and secp256r1.
608 (alg_list): Add them.
610 2014-04-09 Niels Möller <nisse@lysator.liu.se>
612 * examples/nettle-benchmark.c (main): Benchmark sha512_224 and
615 * testsuite/sha512-224-test.c: New file.
616 * testsuite/sha512-256-test.c: New file.
617 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new files.
619 * nettle-meta.h (nettle_sha512_224, nettle_sha512_256): Declare.
620 * sha512-224-meta.c (nettle_sha512_224): New file, new nettle_hash.
621 * sha512-256-meta.c (nettle_sha512_256): New file, new nettle_hash.
623 * sha2.h (SHA512_224_DIGEST_SIZE, SHA512_224_DATA_SIZE)
624 (SHA512_256_DIGEST_SIZE, SHA512_256_DATA_SIZE): New constants.
626 * sha512.c (sha512_256_digest): Typo fix, call sha512_256_init.
628 * testsuite/testutils.c (test_hash): Removed redundant init call.
629 Tests that digest implies init.
631 2014-03-28 Niels Möller <nisse@lysator.liu.se>
633 * testsuite/dsa-keygen-test.c (test_main): Explicitly use
634 dsa_compat_generate_keypair.
635 (test_main): Test dsa_generate_params and dsa_generate_keypair
636 with a large q; p_bits = 1024, q_bits = 768.
638 * testsuite/testutils.h: Undo dsa-compat.h name mangling.
640 * dsa-keygen.c (dsa_generate_keypair): New interface, generating
641 only a keypair, and no new parameters.
642 * dsa-compat-keygen.c (dsa_compat_generate_keypair): New file.
643 Moved old key generation function here. Use dsa_generate_keypair.
645 2014-03-27 Niels Möller <nisse@lysator.liu.se>
647 * dsa-compat.c (dsa_public_key_init, dsa_public_key_clear)
648 (dsa_private_key_init, dsa_private_key_clear): : Move deprecated
649 DSA functions to a separate file...
650 * dsa.c: ...from here.
651 * dsa-compat.h: New file, declaring deprecated DSA interface.
652 Include in corresponding C files.
653 * Makefile.in (hogweed_SOURCES): Add dsa-compat.c.
654 (HEADERS): Add dsa-compat.h.
656 * dsa-gen-params.c (dsa_generate_params): New file and function,
657 extracted from DSA key generation.
658 * dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
660 2014-03-26 Niels Möller <nisse@lysator.liu.se>
662 * der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA
663 interface. Allow q_size == 0, meaning any q < p is allowed.
664 Additional validity checks.
665 (dsa_public_key_from_der_iterator): Converted to new DSA
666 interface. Also check that the public value is in the correct
668 (dsa_openssl_private_key_from_der_iterator): Converted
669 to new DSA interface. Additional validity checks.
670 (dsa_openssl_private_key_from_der): Converted to new DSA
672 * tools/pkcs1-conv.c (convert_dsa_private_key): Update to use
673 struct dsa_params, and adapt to the der decoding changes.
674 (convert_public_key): Likewise.
676 * examples/hogweed-benchmark.c: Update dsa benchmarking to use new
679 * dsa.c (dsa_params_init, dsa_params_clear): New functions.
680 (dsa_public_key_init): Use dsa_params_init.
681 (dsa_public_key_clear): Use dsa_params_clear.
683 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Converted to new DSA
684 interface. Allow q_size == 0, meaning any q < p is allowed.
685 Additional validity checks.
686 (dsa_sha1_keypair_from_sexp, dsa_sha256_keypair_from_sexp):
687 Converted to new DSA interface.
689 * dsa2sexp.c (dsa_keypair_to_sexp): Converted to new DSA
691 * tools/pkcs1-conv.c: Updated uses of dsa_keypair_to_sexp.
693 * dsa.h (struct dsa_params): New struct.
695 * dsa-sign.c (dsa_sign): Use struct dsa_params, with key as a
697 * dsa-verify.c (dsa_verify): Likewise.
698 * dsa-sha1-verify.c (dsa_sha1_verify_digest, dsa_sha1_verify): Use
699 dsa_verify, cast the struct dsa_public_key * input to a struct
701 * dsa-sha256-verify.c (dsa_sha256_verify_digest)
702 (dsa_sha256_verify): Likewise.
703 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise
704 use dsa_sign, with a cast from struct dsa_public_key * to struct
706 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
709 * testsuite/testutils.c (test_dsa_verify): Use struct dsa_params.
710 (test_dsa_key): Likewise.
711 * testsuite/dsa-test.c (test_main): Adapt to test_dsa_key and
712 test_dsa_verify changes.
713 * testsuite/dsa-keygen-test.c (test_main): Adapt to
716 * testsuite/testutils.c (test_dsa_sign): #if out, currently
719 2014-03-23 Niels Möller <nisse@lysator.liu.se>
724 * ccm-aes128.c: New file.
725 * ccm-aes192.c: New file.
726 * ccm-aes256.c: New file.
727 * Makefile.in (nettle_SOURCES): Added ccm source files.
728 (HEADERS): Added ccm.h.
729 * testsuite/ccm-test.c: New file.
730 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added ccm-test.c.
732 2014-03-20 Niels Möller <nisse@lysator.liu.se>
734 From Joachim Strömbergson:
735 * sha512.c (K): Indentation fix.
736 (sha512_224_init, sha512_224_digest, sha512_256_init)
737 (sha512_256_digest): New functions.
738 * sha2.h: Add prototypes.
739 (sha512_224_update, sha512_256_update): New aliases for
742 2014-03-18 Niels Möller <nisse@lysator.liu.se>
744 * examples/nettle-benchmark.c (main): Add benchmarking of arcfour,
745 salsa20 and chacha, via time_aead.
747 * nettle-internal.c (nettle_arcfour128): Define, as a struct
748 nettle_aead (with NULL set_nonce, update, and digest methods).
749 * examples/nettle-openssl.c (nettle_openssl_arcfour128): Likewise.
750 * nettle-internal.h (nettle_arcfour128)
751 (nettle_openssl_arcfour128): Declare.
753 * nettle-types.h (nettle_cipher_func): New typedef, similar to
754 nettle_crypt_func, but with a const context, intended for block
756 * nettle-meta.h (struct nettle_cipher): Use the nettle_cipher_func
758 * Many other files affected: aes*-meta.c, camellia*-meta.c,
759 cast128-meta.c, serpent-meta.c, twofish-meta.c, cbc.[ch],
760 ctr.[ch], ctr.[ch], des-compat.c, eax.[ch], gcm*.[ch],
761 nettle-internal.*, testsuite/aes-test.c,
762 examples/nettle-benchmark.c, examples/nettle-openssl.c.
764 2014-03-16 Niels Möller <nisse@lysator.liu.se>
766 * chacha-set-key.c: Include string.h.
768 * arcfour-meta.c: Deleted file.
769 * nettle-meta.h (nettle_arcfour128): Deleted declaration.
770 * nettle-meta-ciphers.c (nettle_ciphers): Deleted
771 nettle_arcfour128 from list.
772 * Makefile.in (nettle_SOURCES): Deleted arcfour-meta.c.
773 * examples/nettle-openssl.c (nettle_openssl_arcfour128): Deleted.
774 * testsuite/meta-cipher-test.c: Adjust test for removal of
777 2014-03-15 Niels Möller <nisse@lysator.liu.se>
779 * examples/nettle-benchmark.c (struct bench_aead_info): New
781 (bench_aead_crypt, bench_aead_update, init_nonce, time_aead): New
782 functions, for benchmarking aead algorithms.
783 (time_gcm, time_eax): Deleted functions.
784 (main): Use time_aead to benchmark gcm, eax and chacha-poly1305.
786 * salsa20.h (SALSA20_NONCE_SIZE): Renamed constant, old name
787 SALSA20_IV_SIZE kept as an alias.
788 (salsa20_set_nonce): Update prototype for the 2014-01-20 rename.
790 * Makefile.in (.asm.s): Add dependencies.
791 (.s.o, .s.po): Empty any dependency .d file.
793 2014-03-04 Niels Möller <nisse@lysator.liu.se>
795 * testsuite/chacha-test.c (test_main): Additional test cases, for
798 * Makefile.in (nettle_SOURCES): Deleted chacha128-set-key.c and
801 * chacha.h (CHACHA256_KEY_SIZE): Deleted.
802 (chacha_set_key): Updated prototype.
803 * chacha256-set-key.c (chacha256_set_key): Deleted file and
804 function, moved to...
805 * chacha-set-key.c (chacha_set_key): Do 256-bit keys only. Deleted
806 length argument. Updated all callers.
808 * chacha128-set-key.c (chacha128_set_key): Deleted file and
809 function. Support for 128-bit chacha keys may be reintroduced
810 later, if really needed.
811 * chacha.h: Deleted chacha128-related declarations.
812 * chacha-set-key.c (chacha_set_key): Drop support for 128-bit
814 * testsuite/chacha-test.c (test_main): #if:ed out all tests with
817 2014-02-16 Niels Möller <nisse@lysator.liu.se>
819 * gcm.h: Declarations for gcm-camellia256.
820 * gcm-camellia256.c: New file.
821 * gcm-camellia256-meta.c: New file.
822 * nettle-meta.h (nettle_gcm_camellia256): Declare.
823 * Makefile.in (nettle_SOURCES): Added gcm-camellia256.c and
824 gcm-camellia256-meta.c.
825 * testsuite/gcm-test.c (test_main): Test cases for
826 nettle_gcm_camellia256.
828 * gcm.h: Include camellia.h. Declarations for gcm-camellia128.
829 * gcm-camellia128.c: New file.
830 * gcm-camellia128-meta.c: New file.
831 * nettle-meta.h (nettle_gcm_camellia128): Declare.
832 * Makefile.in (nettle_SOURCES): Added gcm-camellia128.c and
833 gcm-camellia128-meta.c.
834 * testsuite/gcm-test.c (test_main): Test cases for
835 nettle_gcm_camellia128. From Nikos Mavrogiannopoulos.
837 2014-02-13 Niels Möller <nisse@lysator.liu.se>
839 * Makefile.in (nettle_SOURCES): Added eax-aes128.c
841 * examples/nettle-benchmark.c: Include eax.h.
842 * nettle-meta.h (nettle_eax_aes128): Declare, moved from
844 * eax.h: Declare eax_aes128_ctx and related functions. Moved from
846 (EAX_IV_SIZE): New constant.
847 * eax-aes128-meta.c (nettle_eax_aes128): Moved definition to new
849 * eax-aes128.c (eax_aes128_set_key, eax_aes128_set_nonce)
850 (eax_aes128_update, eax_aes128_encrypt, eax_aes128_decrypt)
851 (eax_aes128_digest): Moved functions to a new file.
852 * nettle-internal.c: ... from old location.
853 * nettle-internal.h: Moved eax declarations elsewhere.
855 * tools/nettle-pbkdf2.c (main): Added missing deallocation.
857 2014-02-12 Niels Möller <nisse@lysator.liu.se>
859 * chacha-poly1305.h: New file.
860 * chacha-poly1305.c: New file.
861 * chacha-poly1305-meta.c (nettle_chacha_poly1305): New file, new
863 * nettle-meta.h (nettle_chacha_poly1305): Declare.
865 * Makefile.in (nettle_SOURCES): Added chacha-poly1305.c and
866 chacha-poly1305-meta.c.
867 (HEADERS): Added chacha-poly1305.h.
869 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
870 chacha-poly1305-test.c.
871 * testsuite/chacha-poly1305-test.c: New file.
873 * nettle-meta.h (struct nettle_aead): New generalized version
875 (nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256)
876 (nettle_eax_aes128): Declare, moved from nettle-internal.h.
877 * nettle-internal.h (struct nettle_aead): Deleted struct, moved to
878 nettle-meta.h. Deleted declarations of unused instances.
879 (_NETTLE_AEAD): Deleted macro.
880 * nettle-internal.c (nettle_eax_aes128): Updated for new
882 (nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256):
883 Deleted, moved to new files.
884 * gcm-aes128-meta.c (nettle_gcm_aes128): Moved to new file,
885 updated for new nettle_aead struct.
886 * gcm-aes192-meta.c (nettle_gcm_aes192): Likewise.
887 * gcm-aes256-meta.c (nettle_gcm_aes256): Likewise.
888 * testsuite/testutils.c (test_aead): Take alternative set_nonce
889 function as argument, and use it when nonce size differs from
891 * testsuite/testutils.h (test_aead): Updated prototype.
892 * testsuite/gcm-test.c (nettle_gcm_unified_aes128): Updated for
893 new nettle_aead struct.
894 (test_main): Pass additional argument to test_aead.
895 * testsuite/eax-test.c (test_main): Pass additional NULL argument
898 * eax.h (EAX_DIGEST_SIZE): New constant.
899 * gcm.h (GCM_DIGEST_SIZE): Likewise.
901 2014-02-10 Niels Möller <nisse@lysator.liu.se>
903 * chacha-set-nonce.c (chacha_set_nonce): Renamed file and
904 function, updated callers and Makefile.in.
905 * chacha-set-iv.c (chacha_set_iv): ... from old names.
907 2014-02-08 Niels Möller <nisse@lysator.liu.se>
909 * testsuite/chacha-test.c (test_chacha): For 20 rounds, use
910 chacha_crypt, and test varying the message length.
911 (test_main): Add second key stream block, for all testcases with
914 * chacha-crypt.c (chacha_crypt): Fixed block counter update.
916 2014-02-07 Niels Möller <nisse@lysator.liu.se>
918 * nettle.texinfo (ASCII encoding): Document that
919 base16_encode_update and base64_encode_update now uses dst_length
922 * testsuite/base64-test.c (test_main): Updated
923 base64_decode_update test case.
925 * sexp-transport.c (sexp_transport_iterator_first): For
926 base64_decode_update, omit initialization of coded_length.
927 * examples/base64dec.c (main): Likewise.
928 * examples/base16dec.c (main): Likewise, for base16_decode_update.
930 * base64-decode.c (base64_decode_update): Use *dst_length for
931 output only. Don't require callers to pass a sane value.
932 * base16-decode.c (base16_decode_update): Likewise.
934 2014-02-06 Niels Möller <nisse@lysator.liu.se>
936 * NEWS: List _set_key incompatibilities.
938 * nettle-meta.h (_NETTLE_CIPHER_SEP, _NETTLE_CIPHER_SEP_SET_KEY)
939 (_NETTLE_CIPHER_FIX, _NETTLE_CIPHER): Deleted unused macros.
941 * nettle-internal.c (nettle_blowfish128): Deleted only use of
944 * blowfish.c (blowfish128_set_key): New function.
945 * blowfish.h (BLOWFISH128_KEY_SIZE): New constant.
947 * cast128-meta.c (nettle_cast128): Deleted only use of
950 * examples/nettle-benchmark.c (time_cipher): Fixed memset calls.
952 2014-01-30 Niels Möller <nisse@lysator.liu.se>
954 * Makefile.in (nettle_SOURCES): Arrange in alphabetic order.
956 * nettle.texinfo: Updated, document size_t for length arguments.
957 Document new AES and Camellia interfaces.
959 * ecc-size.c (ecc_bit_size): New function.
960 * ecc.h (ecc_bit_size): Declare it.
962 2014-01-29 Niels Möller <nisse@lysator.liu.se>
964 * nettle-types.h (typedef nettle_set_key_func): Deleted length
967 * arctwo.c (arctwo40_set_key, arctwo64_set_key)
968 (arctwo128_set_key, arctwo128_set_key_gutmann): New functions.
969 * arctwo.h: Declare them.
970 * arctwo-meta.c (ARCTWO): New macro.
971 (nettle_arctwo40, nettle_arctwo64, nettle_arctwo128)
972 (nettle_arctwo_gutmann128): Use new _set_key functions.
974 * arcfour.h (ARCFOUR128_KEY_SIZE): New constant.
975 * arcfour.c (arcfour128_set_key): New function.
976 * arcfour-meta.c (nettle_arcfour128): Use arcfour128_set_key and
979 * cast128.c (cast5_set_key): Renamed, was cast128_set_key.
980 (cast128_set_key): New definition, with fixed key size.
981 * cast128.h (CAST128_MIN_KEY_SIZE, CAST128_MAX_KEY_SIZE): Renamed
983 (CAST5_MIN_KEY_SIZE, CAST5_MAX_KEY_SIZE): ... new names.
985 * eax.h (EAX_SET_KEY): Deleted length argument.
987 * aes128-meta.c: Deleted _set_key wrappers.
988 * aes192-meta.c: Likewise.
989 * aes256-meta.c: Likewise.
990 * camellia128-meta.c: Likewise.
991 * camellia192-meta.c: Likewise.
992 * camellia256-meta.c: Likewise.
994 * gcm-aes128.c (gcm_aes128_set_key): Deleted length argument.
995 * gcm-aes192.c (gcm_aes192_set_key): Likewise.
996 * gcm-aes256.c (gcm_aes256_set_key): Likewise.
997 * gcm.h: Updated prototypes.
999 * serpent-set-key.c (serpent128_set_key, serpent192_set_key)
1000 (serpent256_set_key): New functions.
1001 * serpent.h: Declare new functions.
1002 (SERPENT128_KEY_SIZE, SERPENT192_KEY_SIZE)
1003 (SERPENT256_KEY_SIZE): New constants.
1004 * serpent-meta.c (SERPENT): New macro.
1005 (nettle_serpent128, nettle_serpent192, nettle_serpent256): Use new
1008 * twofish-set-key.c (twofish128_set_key, twofish192_set_key)
1009 (twofish256_set_key): New functions.
1010 * twofish.h: Declare new functions.
1011 (TWOFISH128_KEY_SIZE, TWOFISH192_KEY_SIZE)
1012 (TWOFISH256_KEY_SIZE): New constants.
1013 * twofish-meta.c (TWOFISH): New macro.
1014 (nettle_twofish128, nettle_twofish192, nettle_twofish256): Use new
1017 * nettle-internal.h (struct nettle_aead): Use
1018 nettle_hash_update_func for the set_iv function pointer.
1020 * nettle-internal.c (des_set_key_hack, des3_set_key_hack): Deleted
1022 (chacha_set_key_hack): Deleted length argument. Use
1024 (salsa20_set_key_hack): Deleted length argument. Use
1025 salsa20_256_set_key.
1026 (nettle_unified_aes128, nettle_unified_aes192)
1027 (nettle_unified_aes256): Deleted, moved to test program.
1028 (eax_aes128_set_key): Deleted length argument. Use EAX_SET_KEY.
1030 * examples/nettle-benchmark.c: Updated for _set_key changes.
1031 * examples/nettle-openssl.c: Likewise.
1032 * testsuite/testutils.c: Likewise.
1033 * testsuite/gcm-test.c: Likewise.
1035 * testsuite/aes-test.c (UNIFIED_AES): New macro. Moved glue for
1036 testing the old aes interface (struct aes_ctx) here.
1038 * testsuite/arcfour-test.c (test_arcfour): New function, for key
1040 (test_main): Use it.
1042 * testsuite/blowfish-test.c (test_blowfish): New function.
1043 (test_main): Use it. Also deleted old #if:ed out code.
1045 * testsuite/cast128-test.c (test_cast5): New function.
1046 (test_main): Use it, for 40-bit and 80-bit tests.
1048 * testsuite/serpent-test.c (test_serpent): New function.
1049 (test_main): Use it.
1051 2014-01-27 Niels Möller <nisse@lysator.liu.se>
1053 * eax.h (struct eax_key, struct eax_ctx): Use union
1054 nettle_block16, for alignment.
1055 * eax.c: Updated everything to use nettle_block16.
1056 (block16_xor): New function.
1058 * examples/nettle-benchmark.c (time_eax): New function.
1061 * x86_64/chacha-core-internal.asm: Use pshufhw + pshuflw for the
1064 * configure.ac (asm_replace_list): Added chacha-core-internal.asm.
1065 * x86_64/chacha-core-internal.asm: New file.
1067 * examples/nettle-benchmark.c (main): Add benchmarking of chacha.
1068 * nettle-internal.c (nettle_chacha): New const struct, for the
1071 Chacha implementation, based on contribution by Joachim
1073 * chacha.h: New file.
1074 * chacha256-set-key.c (chacha256_set_key): New file and function.
1075 * chacha128-set-key.c (chacha128_set_key): New file and function.
1076 * chacha-set-key.c (chacha_set_key): New file and function.
1077 * chacha-set-iv.c (chacha_set_iv): New file and function.
1078 * chacha-core-internal.c (_chacha_core): New file and function.
1079 * chacha-crypt.c (chacha_crypt): New file and function.
1080 * Makefile.in (nettle_SOURCES): Added chacha files.
1081 (HEADERS): Added chacha.h.
1082 * testsuite/chacha-test.c: New file.
1083 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added chacha-test.c.
1085 2014-01-26 Niels Möller <nisse@lysator.liu.se>
1087 * nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to...
1088 (_NETTLE_AEAD): ... new name, and deleted old definition. Also use
1089 _set_nonce instead of _set_iv.
1090 * nettle-internal.c (nettle_gcm_aes128, nettle_gcm_aes192)
1091 (nettle_gcm_aes256): Define in terms of new interface.
1092 (nettle_eax_aes128): Updated for _NETTLE_AEAD changes.
1094 * testsuite/gcm-test.c (test_gcm_hash): Likewise use struct
1096 (test_main): Added a testcase using the old interface based on
1099 * examples/nettle-benchmark.c (time_gcm): Update to use new struct
1100 gcm_aes128_ctx. Also use name "gcm-aes128" in output.
1102 * gcm.h: New interface for gcm_aes128, gcm_aes192, gcm_aes256,
1103 using the new AES interface.
1104 (GCM_CTX): Reorder fields, putting the cipher context
1107 * Makefile.in (nettle_SOURCES): Added gcm-aes128.c, gcm-aes192.c,
1110 * gcm-aes128.c: New file.
1111 * gcm-aes192.c: New file
1112 * gcm-aes256.c: New file.
1114 2014-01-25 Niels Möller <nisse@lysator.liu.se>
1116 * gcm.h (GCM_SET_KEY): Deleted length argument.
1117 * gcm-aes.c (gcm_aes_set_key): Use aes_set_encrypt_key and
1118 gcm_set_key, can no longer use GCM_SET_KEY macro.
1120 2014-01-23 Niels Möller <nisse@lysator.liu.se>
1122 * testsuite/gcm-test.c (test_main): Use the correct
1123 nettle_gcm_aes128/192/256 object.
1125 2014-01-21 Niels Möller <nisse@lysator.liu.se>
1127 Merged camellia-reorg changes (starting at 2013-10-07).
1129 2013-10-10 Niels Möller <nisse@lysator.liu.se>
1131 * Makefile.in (nettle_SOURCES): Updated list of camellia files.
1133 * testsuite/camellia-test.c (test_invert): Updated for new
1136 * camellia.h: Reorganized camellia interface, with distinct
1137 context structs and functions for camellia128 and camellia256.
1139 * camellia-meta.c: Deleted file.
1140 * camellia256-meta.c: New file.
1141 * camellia192-meta.c: New file.
1142 * camellia128-meta.c: New file.
1144 * camellia-set-decrypt-key.c: Deleted file, code moved to:
1145 * camellia128-set-decrypt-key.c: New file.
1146 (camellia128_invert_key, camellia128_set_decrypt_key): New
1148 * camellia256-set-decrypt-key.c: New file.
1149 (camellia256_invert_key, camellia256_set_decrypt_key)
1150 (camellia192_set_decrypt_key): New functions.
1151 * camellia-invert-key.c (_camellia_invert_key): New file and
1154 * camellia-set-encrypt-key.c: Deleted file, code moved to:
1155 * camellia128-set-encrypt-key.c: New file.
1156 (camellia128_set_encrypt_key): New function.
1157 * camellia256-set-encrypt-key.c: New file.
1158 (_camellia256_set_encrypt_key, camellia256_set_encrypt_key)
1159 (camellia192_set_encrypt_key): New functions.
1160 * camellia-absorb.c (_camellia_absorb): New file and function.
1161 * camellia-internal.h: Moved key schedule macros here.
1163 * camellia-crypt.c: Deleted file, code moved to:
1164 * camellia128-crypt.c (camellia128_crypt): New file and function.
1165 * camellia256-crypt.c (camellia256_crypt): New file and function.
1167 2013-10-07 Niels Möller <nisse@lysator.liu.se>
1169 * configure.ac: Delete check for ALIGNOF_UINT64_T, no longer
1171 * config.m4.in: Likewise delete ALIGNOF_UINT64_T.
1173 * camellia-crypt.c (camellia_crypt): Updated call to
1175 * camellia-internal.h (_camellia_crypt): Updated prototype.
1176 * camellia-crypt-internal.c (_camellia_crypt): Take separate
1177 arguments for rounds and subkey array.
1178 * x86_64/camellia-crypt-internal.asm: Likewise. Also corrected
1180 * x86/camellia-crypt-internal.asm: Likewise.
1182 2014-01-20 Niels Möller <nisse@lysator.liu.se>
1184 * poly1305-internal.c (poly1305_digest): Use union nettle_block16
1186 * poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
1189 Merged poly1305 changes (starting at 2013-11-08).
1190 * x86_64/poly1305-internal.asm: Update to new interface.
1191 poly1305_digest much simplified.
1193 * poly1305.h (struct poly1305_ctx): Moved block and index
1195 (struct poly1305_aes_ctx): ... to here.
1196 * asm.m4: Delete also from the assembly definition of struct
1199 * poly1305-internal.c (poly1305_digest): Don't do final padding
1200 here, leave that to caller. Add digest to the provided nonce s,
1201 and deleted length and dst arguments. Also reset h0-h4 to zero
1203 (_poly1305_block): Renamed, from...
1204 (poly1305_block): ...old name.
1206 * poly1305-aes.c (poly1305_aes_update): New function.
1207 (poly1305_aes_digest): Update for poly1305_digest changes, do
1210 * poly1305.c (poly1305_update): Deleted file and function. Moved
1212 * Makefile.in (nettle_SOURCES): Deleted poly1305.c.
1214 2014-01-17 Niels Möller <nisse@lysator.liu.se>
1216 * poly1305-internal.c (poly1305_block): Additional argument with
1218 (poly1305_block_internal): Deleted function, code moved into the
1220 (poly1305_digest): Simplified padding code, call poly1305_block
1222 * poly1305.h (poly1305_block): Update prototype.
1223 * poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
1224 * x86_64/poly1305-internal.asm (poly1305_block): Handle new
1227 * poly1305.h (struct poly1305_ctx): Moved nonce field from here...
1228 (struct poly1305_aes_ctx): ... to here.
1229 * poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
1231 * poly1305.c (poly1305_set_nonce): Deleted function.
1232 * asm.m4: Delete nonce also from the assembly definition of struct
1235 2014-01-16 Niels Möller <nisse@lysator.liu.se>
1237 * poly1305-aes.c: Include poly1305.h. Rewrite functions without
1238 using the POLY1305_* macros.
1240 * Makefile.in (HEADERS): Deleted poly1305-aes.h.
1242 * poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE)
1243 (POLY1305_DIGEST): Deleted macros. Only implemented variant is
1245 (POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE):
1247 (POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here,
1248 from poly1305-aes.h.
1249 (struct poly1305_aes_ctx): Likewise.
1250 (poly1305_aes_set_key, poly1305_aes_set_nonce)
1251 (poly1305_aes_update, poly1305_aes_digest): Likewise.
1252 * poly1305-aes.h: Deleted file, declarations moved to poly1305.h.
1255 * poly1305-internal.c (s2, s3, s4): Fixed macros.
1257 * poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx
1258 by struct aes128_ctx.
1259 * poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest):
1260 Update to use aes128_* functions.
1261 * poly1305.h (POLY1305_SET_KEY): Drop key size argument when
1264 2013-12-19 Niels Möller <nisse@lysator.liu.se>
1266 * poly1305-aes.h (poly1305_aes_update): Define as an alias for
1267 poly1305_update, using preprocessor and a type cast.
1269 * poly1305-aes.c (poly1305_aes_update): Deleted function.
1271 * poly1305.h (poly1305_update): Declare.
1272 (_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros.
1274 * poly1305.c (poly1305_update): New function.
1276 2013-11-21 Niels Möller <nisse@lysator.liu.se>
1278 * x86_64/poly1305-internal.asm: New file. Almost a factor of two
1281 * configure.ac (asm_replace_list): Added poly1305-internal.asm.
1283 * asm.m4: Define struct offsets for 64-bit poly1305_ctx.
1285 * poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
1286 additional argument to poly1305_digest.
1287 (struct poly1305_ctx): Introduce unions, to support either 26-bit
1288 or 64-bit implementation.
1290 * poly1305-internal.c (poly1305_digest): Added s argument.
1292 * poly1305.c (poly1305_set_s): Deleted function.
1294 2013-11-12 Niels Möller <nisse@lysator.liu.se>
1296 * poly1305-internal.c: New file, for poly1305 functions depending
1297 on the internal mod (2^130 - 5) representation.
1298 (poly1305_block_internal): New helper function.
1299 (poly1305_block, poly1305_digest): Use it.
1301 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1303 * poly1305.h: New file.
1304 * poly1305.c: New file.
1305 * poly1305-aes.h: New file.
1306 * poly1305-aes.c: New file.
1307 * Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
1308 (HEADERS): Added poly1305-aes.h and poly1305.h.
1310 * testsuite/poly1305-test.c: New file.
1311 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
1313 * examples/nettle-benchmark.c (time_poly1305_aes): New function.
1314 (main): Benchmark poly1305.
1316 2014-01-20 Niels Möller <nisse@lysator.liu.se>
1318 * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
1319 salsa20-128-set-key.c, and salsa20-256-set-key.c.
1321 * salsa20.h: Declare new functions.
1322 (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
1323 (salsa20_set_iv): Define as an alias for salsa20_set_nonce.
1325 * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
1326 salsa20_256_set_key.
1327 (salsa20_set_iv): Renamed and moved...
1328 * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
1330 * salsa20-256-set-key.c (salsa20_256_set_key): New file and
1332 * salsa20-128-set-key.c (salsa20_128_set_key): New file and
1335 2014-01-13 Niels Möller <nisse@lysator.liu.se>
1337 * nettle-types.h (union nettle_block16): New type, replacing union
1339 * gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
1340 * gcm.c: Replaced all use of gcm_block by nettle_block16.
1342 2014-01-04 Niels Möller <nisse@lysator.liu.se>
1344 * config.guess: Updated to 2014-01-01 version, from
1345 git://git.sv.gnu.org/config.git.
1346 * config.sub: Likewise.
1348 * testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark):
1350 (test_memxor, test_memxor3): Use test_mark to tell valgrind the
1351 start and end of src and destination areas.
1353 * configure.ac: Check for valgrind/memcheck.h.
1355 * testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes,
1356 needed for the way unaligned data is handled in, e.g., memxor.
1358 2014-01-03 Niels Möller <nisse@lysator.liu.se>
1360 * shadata.c (main): Zero-pad output values to 8 hex digits.
1361 * sha256.c (K): Updated table.
1363 2013-12-17 Niels Möller <nisse@lysator.liu.se>
1365 * configure.ac (ASM_RODATA): New substituted variable. Needed for
1366 portability to darwin.
1367 * config.m4.in: Define RODATA, using configure variable ASM_RODATA
1368 * x86_64/gcm-hash8.asm: Use RODATA macro.
1370 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Use
1371 stronger variants of Pocklington's theorem, to allow p0 of size
1374 2013-12-15 Niels Möller <nisse@lysator.liu.se>
1376 * nettle-internal.h (NETTLE_MAX_BIGNUM_BITS)
1377 (NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits.
1379 2013-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1381 Introduced TMP_GMP_ALLOC macro for temporary allocations of
1382 potentially large data, e.g, sized as an RSA key.
1383 * gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New
1385 * gmp-glue.c (gmp_alloc, gmp_free): New functions.
1386 * bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC.
1387 * bignum-random.c (nettle_mpz_random_size): Likewise.
1388 * pkcs1-decrypt.c (pkcs1_decrypt): Likewise.
1389 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
1390 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise.
1391 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
1392 (pkcs1_rsa_sha512_encode_digest): Likewise.
1393 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
1394 (pkcs1_rsa_sha256_encode_digest): Likewise.
1395 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
1396 (pkcs1_rsa_sha1_encode_digest): Likewise.
1397 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
1398 (pkcs1_rsa_md5_encode_digest): Likewise.
1400 2013-12-14 Niels Möller <nisse@lysator.liu.se>
1402 * x86_64/gcm-hash8.asm: Use .short rather than .hword, for
1403 compatibility with apple's assembler.
1405 2013-12-03 Niels Möller <nisse@lysator.liu.se>
1407 * x86_64/sha1-compress.asm: Reorganized, to get closer to the x86
1408 version. No difference in running time.
1410 * configure.ac (dummy-dep-files): Don't overwrite any existing
1413 * x86_64/md5-compress.asm: New file, similar to the x86 version.
1414 35% speedup on AMD, 15% speedup on Intel.
1416 2013-11-25 Niels Möller <nisse@lysator.liu.se>
1418 * testsuite/dsa-test.c (test_main): Additional tests from NIST
1421 * testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New
1422 functions, supporting arbitrary digest size.
1424 * testsuite/testutils.h (ASSERT): Improved failure message.
1426 * dsa-verify.c (dsa_verify): Renamed, from _dsa_verify.
1427 * dsa-sign.c (dsa_sign): Renamed, from _dsa_sign.
1429 2013-11-24 Niels Möller <nisse@lysator.liu.se>
1431 * testsuite/dsa-keygen-test.c (test_main): Test generating a
1434 * dsa-verify.c (_dsa_verify): Use _dsa_hash.
1436 * dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in
1437 error case, spotted by Nikos.
1439 * dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224.
1441 * dsa-hash.c (_dsa_hash): New file and function. Allows digest
1442 sizes not matching the bitsize of q.
1443 * dsa.h (_dsa_hash): Declare it.
1444 * Makefile.in (hogweed_SOURCES): Added dsa-hash.c.
1446 2013-11-23 Niels Möller <nisse@lysator.liu.se>
1448 * configure.ac: Check also for openssl/ecdsa.h.
1450 2013-10-05 Niels Möller <nisse@lysator.liu.se>
1452 * Makefile.in (nettle_SOURCES): Added eax.c.
1453 (HEADERS): Added eax.h.
1455 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added eax-test.c.
1457 * testsuite/eax-test.c: New file.
1459 * nettle-internal.c (nettle_eax_aes128): New aead algorithm.
1460 (eax_aes128_set_key, eax_aes128_set_nonce, eax_aes128_update)
1461 (eax_aes128_encrypt, eax_aes128_decrypt, eax_aes128_digest): New
1467 * aes.h: Fixed typo in name mangling for new aes functions.
1469 2013-09-28 Niels Möller <nisse@lysator.liu.se>
1471 * Merge aes-reorg branch. Changes below,
1472 dated 2013-05-17 - 2013-08-13.
1474 2013-08-13 Niels Möller <nisse@lysator.liu.se>
1476 * yarrow.h (struct yarrow256_ctx): Use aes256_ctx, not aes_ctx.
1477 * yarrow256.c: Adapted to use new aes256 interface.
1479 2013-08-07 Niels Möller <nisse@lysator.liu.se>
1481 * umac.h (_UMAC_STATE): Use struct aes128_ctx, not aes_ctx.
1482 * umac-set-key.c (umac_kdf, _umac_set_key): Use aes128 interface.
1483 * umac32.c (umac32_digest): Likewise.
1484 * umac64.c (umac64_digest): Likewise.
1485 * umac96.c (umac96_digest): Likewise.
1486 * umac128.c (umac128_digest): Likewise.
1488 2013-06-25 Niels Möller <nisse@lysator.liu.se>
1490 * aes-meta.c: Deleted file.
1492 Analogous changes for new aes192 and aes256 interface.
1494 * aes.h (struct aes128_ctx): New aes128 declarations.
1495 * aes-decrypt.c (aes128_decrypt): New function.
1496 * aes-encrypt.c (aes128_encrypt): New function.
1497 * aes128-meta.c: New file.
1498 * aes128-set-encrypt-key.c (aes128_set_encrypt_key): New file and
1500 * aes128-set-decrypt-key.c (aes128_set_decrypt_key)
1501 (aes128_invert_key): New file and functions.
1502 * Makefile.in (nettle_SOURCES): Added aes128-set-encrypt-key.c,
1503 aes128-set-decrypt-key.c and aes128-meta.c.
1505 * nettle-internal.c (nettle_unified_aes128): For testing the old
1507 * testsuite/aes-test.c (test_cipher2): New function.
1508 (test_main): Test both nettle_aes128 and nettle_unified_aes128.
1510 2013-05-22 Niels Möller <nisse@lysator.liu.se>
1512 * Makefile.in (nettle_SOURCES): Added aes-invert-internal.c and
1513 aes-set-key-internal.c.
1515 * aes.h (AES128_KEY_SIZE, _AES128_ROUNDS): New constants.
1516 Similarly also for aes192 and aes256.
1518 * aes-internal.h: Declare new functions.
1520 * aes-set-key-internal.c (_aes_set_key): New file and funxtion
1521 extracted from aes_set_encrypt_key.
1522 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use _aes_set_key.
1524 * aes-invert-internal.c (_aes_invert): New file and function,
1525 extracted from aes_invert_key.
1526 * aes-set-decrypt-key.c (aes_invert_key): Use _aes_invert.
1528 * arm/v6/aes-encrypt-internal.asm: Adapted to new interface.
1529 Unfortunately, 4% slowdown on Cortex-A9, for unknown reason.
1530 * arm/v6/aes-decrypt-internal.asm: Likewise.
1531 * arm/aes-encrypt-internal.asm: Adapted to new interface.
1532 * arm/aes-decrypt-internal.asm: Likewise.
1534 2013-05-21 Niels Möller <nisse@lysator.liu.se>
1536 * sparc32/aes-encrypt-internal.asm: Adapted to new interface.
1537 * sparc32/aes-decrypt-internal.asm: Likewise.
1538 * sparc64/aes-encrypt-internal.asm: Likewise.
1539 * sparc64/aes-decrypt-internal.asm: Likewise.
1541 * x86/aes-encrypt-internal.asm: Adapted to new interface.
1542 * x86/aes-decrypt-internal.asm: Likewise.
1544 2013-05-20 Niels Möller <nisse@lysator.liu.se>
1546 * x86_64/aes-encrypt-internal.asm: Adapted to new interface.
1547 * x86_64/aes-decrypt-internal.asm: Likewise.
1549 2013-05-17 Niels Möller <nisse@lysator.liu.se>
1551 * aes.h (struct aes_ctx): Renamed nrounds to rounds, and moved
1552 first in the structure.
1553 * aes-set-encrypt-key.c (aes_set_encrypt_key): Updated for renaming.
1554 * aes-set-decrypt-key.c (aes_invert_key): Likewise.
1556 * aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
1557 subkeys as separate arguments, not a struct aes_ctx *. Updated
1559 * aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
1560 * aes-internal.h: Updated prototypes.
1562 * Start of aes-reorg changes.
1564 2013-09-28 Niels Möller <nisse@lysator.liu.se>
1566 * md4.h (struct md4_ctx): Use single uint64_t variable for block
1568 * md4.c: Use new block count variable.
1569 * md5.c, md5.h (struct md5_ctx): Likewise.
1570 * ripemd160.c, ripemd160.h (struct ripemd160_ctx): Likewise.
1571 * sha1.c, sha1.h (struct sha1_ctx): Likewise.
1572 * sha256.c, sha2.h (struct sha256_ctx): Likewise.
1574 * testsuite/testutils.c (test_hash_large): Added simple progress
1577 * macros.h (MD_PAD): Use size argument, don't depend on
1578 sizeof of the count field(s).
1580 2013-09-22 Niels Möller <nisse@lysator.liu.se>
1582 * x86_64/gcm-hash8.asm: New file.
1583 * x86_64/gcm-gf-mul-8.asm: Deleted.
1585 * configure.ac (asm_nettle_optional_list): Look for gcm-hash8.asm,
1586 not gcm-gf-mul-8.asm.
1587 * gcm.c [HAVE_NATIVE_gcm_hash8]: Make use of (optional) assembly
1590 2013-09-21 Niels Möller <nisse@lysator.liu.se>
1592 * Makefile.in (des.po): Add same dependencies as for des.o.
1593 Reported by Vincent Torri.
1595 2013-09-20 Niels Möller <nisse@lysator.liu.se>
1597 * testsuite/gcm-test.c: Added tests with associated data of
1600 * testsuite/testutils.c (tstring_alloc): Add NUL-termination.
1602 2013-09-18 Niels Möller <nisse@lysator.liu.se>
1604 * Makefile.in: New stampfiles, libnettle.stamp and
1605 libhogweed.stamp, updated when both static and shared libraries
1606 are rebuilt. Used as link dependencies in subdirectories.
1607 * examples/Makefile.in: Make executable targets depend on
1608 ../libnettle.stamp and libhogweed.stamp, not directly on the
1609 static library files.
1610 * testsuite/Makefile.in: Likewise.
1611 * tools/Makefile.in: Likewise.
1613 2013-09-09 Niels Möller <nisse@lysator.liu.se>
1615 * gcm.c [HAVE_NATIVE_gcm_gf_mul_8]: Make use of (optional)
1616 assembly implementation.
1618 * configure.ac: Support optional assembly files for both nettle
1619 and hogweed. Replaced OPT_ASM_SOURCES with OPT_ASM_NETTLE_SOURCES,
1620 OPT_ASM_HOGWEED_SOURCES, and asm_optional_list with
1621 asm_nettle_optional_list and asm_hogweed_optional_list.
1622 (asm_nettle_optional_list): Added gcm-gf-mul-8.asm.
1624 2013-06-25 Niels Möller <nisse@lysator.liu.se>
1626 * testsuite/gcm-test.c: Deleted redundant include of aes.h.
1628 * testsuite/testutils.c (test_aead): Allow digest size smaller
1629 than the block size.
1631 * tools/nettle-pbkdf2.c: New command line tool.
1632 * tools/Makefile.in (TARGETS): Added nettle-pbkdf2.
1633 (nettle-pbkdf2$(EXEEXT)): New target.
1634 * testsuite/nettle-pbkdf2-test: New test case.
1635 * testsuite/Makefile.in (TS_SH): Added nettle-pbkdf2-test.
1637 * tools/nettle-hash.c (digest_file): Use stack allocation for the
1638 small hex output buffer.
1640 * examples/io.c (MIN): Deleted unused macro.
1642 2013-05-21 Niels Möller <nisse@lysator.liu.se>
1644 From nettle-2.7-fixes branch:
1645 * Makefile.in (distdir): Distribute files in arm/v6 subdirectory.
1647 2013-05-20 Niels Möller <nisse@lysator.liu.se>
1649 * arm/v6/sha1-compress.asm: Moved into v6 directory, since it uses
1650 the v6 instruction uadd8, sel and rev.
1651 * arm/v6/sha256-compress.asm: Likewise.
1653 * nettle-types.h: Include <stddef.h>, for size_t.
1655 2013-05-17 Niels Möller <nisse@lysator.liu.se>
1657 * macros.h (ROTL32, ROTL64): Avoid undefined behaviour for zero
1658 rotation count. Unfortunately makes CAST128 a bit slower with
1661 * ecc-j-to-a.c (ecc_j_to_a): Fixed ecc_modp_mul call, to avoid
1662 invalid overlap of arguments to mpn_mul_n. Problem tracked down by
1665 2013-05-16 Niels Möller <nisse@lysator.liu.se>
1667 * arm/aes-encrypt-internal.asm: New file, for pre-v6 processors.
1668 * arm/aes-decrypt-internal.asm: New file, likewise.
1670 * arm/aes.m4 (AES_FINAL_ROUND_V5): Variant without using uxtb.
1671 (AES_FINAL_ROUND_V6): New name, updated callers.
1672 (AES_FINAL_ROUND): ... old name. Also eliminated one uxtb
1674 (AES_ENCRYPT_ROUND, AES_DECRYPT): Moved macros to the
1677 * arm/v6/aes-encrypt-internal.asm: Use ALIGN macro. Use 16-byte
1678 alignment for loops.
1679 * arm/v6/aes-decrypt-internal.asm: Likewise. Also added a nop
1680 which mysteriously improves benchmark performance on Cortex-A9.
1682 2013-05-15 Niels Möller <nisse@lysator.liu.se>
1684 * configure.ac (asm_path): Handle armv6 and armv7 differently from
1685 older ARMs. Add the arm/v6 directory to asm_path when appropriate.
1687 * arm/v6/aes-encrypt-internal.asm: Moved into v6 directory. Uses
1688 the uxtb instruction which is not available for older ARMs.
1689 * arm/v6/aes-decrypt-internal.asm: Likewise.
1691 2013-05-03 Niels Möller <nisse@lysator.liu.se>
1693 * cast128.c: Adapt to new struct cast128_ctx.
1694 (cast128_set_key): Rewrite, eliminating lots of conditions and
1695 some false warnings.
1697 * cast128.h (struct cast128_ctx): Separate the small 5-bit
1698 rotation subkeys and the larger 32-bit masking subkeys.
1700 2013-05-02 Niels Möller <nisse@lysator.liu.se>
1702 * testsuite/testutils.c (mpz_combit): Renamed. Define only if not
1703 provided GMP. Updated all uses.
1704 (mpz_togglebit): ... old name.
1706 * sexp-format.c (sexp_vformat): Use type mpz_srcptr rather
1707 than the old MP_INT *.
1709 2013-04-26 Niels Möller <nisse@lysator.liu.se>
1711 * Many files: Use size_t rather than unsigned for data sizes.
1712 * x86_64/aes-encrypt-internal.asm: Accept 64-bit length.
1713 * x86_64/aes-decrypt-internal.asm: Likewise.
1715 2013-04-25 Niels Möller <nisse@lysator.liu.se>
1717 * configure.ac: Changed version number, to 2.8.
1718 (LIBNETTLE_MAJOR): Bumped major number, following
1719 nettle_memxor ABI break.
1720 (LIBNETTLE_MINOR): Reset to zero.
1722 * examples/hogweed-benchmark.c: Add benchmarking of OpenSSL's RSA
1724 (all functions): Deleted unneeded casts.
1726 2013-04-24 Niels Möller <nisse@lysator.liu.se>
1728 * nettle.texinfo (Miscellaneous functions): Updated memxor
1729 prototype. Document memxor3.
1731 * salsa20-crypt.c (salsa20_crypt): Deleted cast of memxor
1732 argument, no longer needed.
1733 * salsa20r12-crypt.c (salsa20r12_crypt): Likewise.
1734 * sha3.c (sha3_absorb): Likewise.
1736 * memxor.h: Updated prototypes. Drop include of nettle-types.h.
1738 * memxor.c: Include nettle-types.h, for uintptr_t. Replace all
1739 internal uses of uint8_t by plain char.
1740 (memxor): Use void * rather than uint8_t * for
1742 (memxor3): Likewise.
1744 * x86_64/memxor.asm: Added nettle_ prefix to symbols.
1745 * arm/memxor.asm: Likewise.
1747 * testsuite/symbols-test: Don't allow memxor functions without
1750 * memxor.h (memxor3): Added name mangling to add "nettle_" prefix
1751 to memxor and memxor3 symbols.
1753 * Makefile.in (nettle_OBJS): Deleted $(LIBOBJS), and also deleted
1754 LIBOBJS substitution.
1755 (nettle_SOURCES): Added memxor.c, to include it in the library
1758 * configure.ac: Deleted AC_REPLACE_FUNCS for memxor.
1760 * Released nettle-2.7.
1762 2013-04-23 Niels Möller <nisse@lysator.liu.se>
1764 From Martin Storsjö:
1765 * x86_64/sha256-compress.asm: Add forgotten W64_EXIT.
1766 * x86_64/sha512-compress.asm: Likewise.
1767 * x86_64/salsa20-crypt.asm (Lpartial): Don't return via W64_EXIT
1768 within this subfunction.
1769 * x86_64/machine.m4 (W64_ENTRY): Use movdqu instead of movdqa for
1770 saving xmm registers, since the stack is not guaranteed to be
1771 16-byte aligned on win64. Take pushed xmm registers into account
1772 when reading the fifth parameter from the stack.
1774 * Makefile.in: Consistently use EXEEXT_FOR_BUILD.
1776 2013-04-21 Niels Möller <nisse@lysator.liu.se>
1778 * Makefile.in (DISTFILES): Added mini-gmp.c and mini-gmp.h.
1779 (distdir): Use find, for identifying assembly files to copy.
1781 2013-04-18 Niels Möller <nisse@lysator.liu.se>
1783 * configure.ac: Recognize cpu type "arm*", not just "armv7*'.
1785 * arm/aes-encrypt-internal.asm: Updated include of aes.m4.
1786 * arm/aes-decrypt-internal.asm: Likewise.
1788 * Makefile.in (distdir): Updated for ARM reorganization.
1790 * configure.ac (asm_path): Generalized, can now be a list of
1791 directories. On ARM, check for neon instructions, and add arm/neon
1792 if appropriate. New command line options
1793 --enable-arm-neon/--disable-arm-neon, for overriding the default.
1795 arm/neon: New subdirectory, for assembly files making use of neon
1798 arm: Renamed directory, from...
1801 * aclocal.m4 (NETTLE_CHECK_ARM_NEON): New macro.
1803 * nettle.texinfo (Keyed hash functions): Document UMAC.
1805 * umac.h (UMAC32_DIGEST_SIZE, UMAC64_DIGEST_SIZE)
1806 (UMAC96_DIGEST_SIZE, UMAC128_DIGEST_SIZE): New constants.
1807 (UMAC_DATA_SIZE): New name, for consistency with hash functions.
1809 (UMAC_BLOCK_SIZE): ... old name.
1811 2013-04-17 Niels Möller <nisse@lysator.liu.se>
1813 * examples/nettle-benchmark.c (main): Benchmark salsa20r12.
1815 * nettle-internal.c (nettle_salsa20r12): Cipher struct for
1817 * nettle-internal.h (nettle_salsa20): Declare it.
1819 * Makefile.in (eccdata): Depend on mini-gmp files. Drop -lgmp.
1821 * eccdata.c: Use mini-gmp, to avoid gmp dependency and associated
1822 configure tests for the *build* system. Replaced mpz_submul_ui by
1823 mpz_mul_ui + mpz_sub, and gmp_printf and gmp_fprintf by calls to
1826 * mini-gmp.h, mini-gmp.c: New files, copied from gmp-5.1.1.
1828 2013-04-16 Niels Möller <nisse@lysator.liu.se>
1830 * umac-set-key.c (BE_SWAP32_N): Fixed dummy definition used for
1833 * Makefile.in (TARGETS): Deleted eccdata, it should be build only
1834 when public key support is enabled.
1835 (clean-here): Exlicitly list it here.
1837 * asm.m4 (m4_log2): New macro, similar to the one in gmp.
1838 (ALIGN): Changed to take alignment in bytes. Updated all callers,
1839 currently used only in x86 and x86_64 files.
1841 * umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
1842 block count an uint64_t. Reorder some elements to put short values
1844 * umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
1845 (_umac_l2): Deleted redundant memcpy.
1846 (_umac_l2, _umac_l2_final): Store input buffer at end of the
1847 poly64/poly128 state. Deleted l1_out from corresponding context
1848 structs, and updated all callers.
1850 * configure.ac: Changed version number to 2.7.
1851 (LIBNETTLE_MINOR): Bumped library version, to 4.6.
1852 (LIBHOGWEED_MINOR): And to 2.4.
1854 * Makefile.in (distdir): Include files from armv7 subdirectory.
1856 * x86_64/umac-nh-n.asm: New file, 3.5 time speedup.
1858 * umac32.c (umac32_digest): Fix nonce caching.
1859 * umac64.c (umac64_digest): Likewise.
1861 * testsuite/umac-test.c (test_incr): New function.
1862 (test_main): Test nonce increment.
1864 * misc/umac/umac.py: UMAC reference implementation.
1865 * misc/umac/rijndael.py: AES implementation used by umac.py.
1866 * misc/umac/mkvectors: Script to generate UMAC test vectors.
1867 * misc/umac/vectors.out: Generated test vectors.
1869 * umac32.c (umac32_digest): Fix nonce increment, use INCREMENT
1871 * umac64.c (umac64_digest): Likewise.
1872 * umac96.c (umac96_digest): Likewise.
1873 * umac128.c (umac128_digest): Likewise.
1875 * macros.h (INCREMENT): Allow size == 1.
1877 2013-04-15 Niels Möller <nisse@lysator.liu.se>
1879 * x86_64/umac-nh.asm: New file. 4.4 time speedup.
1881 * armv7/umac-nh-n.asm: New file. 2.0-2.3 time speedup.
1883 * testsuite/umac-test.c (test_align): Fixed memory leak.
1885 2013-04-12 Niels Möller <nisse@lysator.liu.se>
1887 * armv7/umac-nh.asm: New file. 2.4 time speedup.
1889 * armv7/machine.m4 (D0REG, D1REG): New macros.
1891 * configure.ac (asm_replace_list): Added umac-nh.asm and
1894 * testsuite/umac-test.c: Test different alignments for the
1897 2013-04-11 Niels Möller <nisse@lysator.liu.se>
1899 * umac-nh-n.c (_umac_nh_n): Rewrote as a single pass over the
1902 * examples/nettle-benchmark.c (time_umac): New function.
1905 * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
1906 can be xored directly to the pad in native byteorder.
1907 * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
1908 xor. Updated all callers.
1909 * umac32.c (umac32_digest): Adapt to l3 changes.
1910 * umac64.c (umac64_digest): Likewise.
1911 * umac96.c (umac96_digest): Likewise.
1912 * umac128.c (umac128_digest): Likewise.
1914 Initial implementation of umac.
1916 * umac-nh.c: New file.
1917 * umac-nh-n.c: New file.
1918 * umac-poly64.c: New file.
1919 * umac-poly128.c: New file.
1920 * umac-l2.c: New file.
1921 * umac-l3.c: New file.
1922 * Makefile.in (nettle_SOURCES): Added umac source files.
1923 (HEADERS): Added umac.h.
1924 * testsuite/umac-test.c: New file.
1925 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added umac-test.c.
1927 * ecc-mul-a.c (ecc_mul_a): Avoid using mp_bitcnt_t, for
1928 compatibility with older GMP versions.
1929 * ecc-mul-g.c (ecc_mul_g): Likewise.
1930 * eccdata.c (ecc_mul_binary): Likewise.
1931 * sec-modinv.c (sec_modinv): Likewise.
1933 * x86_64/sha3-permute.asm: Go via memory for moves between general
1934 registers and xmm registers.
1936 2013-04-06 Niels Möller <nisse@lysator.liu.se>
1938 From Edgar E. Iglesias:
1939 * sha3.c (_sha3_update): Fix condition for when the block buffer
1942 2013-04-04 Niels Möller <nisse@lysator.liu.se>
1944 * ecc-point.c (ecc_point_get): Allow NULL x or y, ignore
1945 corresponding coordinate.
1947 * nettle.texinfo (Elliptic curves): Document high-level ECDSA
1950 From Martin Storsjö. Fallback functions for older GMP releases.
1951 * gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): New functions.
1952 * gmp-glue.h: Declare them.
1953 (mpn_sqr): Fallback macro.
1955 * gmp-glue.h (cnd_add_n, cnd_sub_n): Moved here, define in terms
1956 of mpn_cnd_add_n and mpn_sub_n if available, otherwise in terms of
1957 mpn_addmul_1 and mpn_submul_1. This seems to be an improvement for
1958 subtraction, but more questionable for addition.
1960 * ecc-internal.h: Include gmp-glue.h. Deleted corresponding
1961 include in all files using ecc-internal.h.
1962 (cnd_add_n, cnd_sub_n): Moved from here.
1964 2013-04-03 Niels Möller <nisse@lysator.liu.se>
1966 * ecc-point-mul-g.c (ecc_point_mul_g): New file and function.
1967 * ecc-point-mul.c (ecc_point_mul): New file and function.
1968 * ecc.h: Updated declarations and name mangling.
1969 * Makefile.in (hogweed_SOURCES): Added ecc-point-mul.c and
1972 * testsuite/salsa20-test.c (test_main): Tests for salsa20r12,
1973 contributed by Nikos Mavrogiannopoulos.
1975 2013-03-26 Niels Möller <nisse@lysator.liu.se>
1977 * armv7/salsa20-core-internal.asm: New file. 45% speedup.
1979 2013-03-25 Niels Möller <nisse@lysator.liu.se>
1981 From Martin Storsjö:
1982 * examples/timing.c: New file, extracted from nettle-benchmark.c.
1983 * examples/timing.h: New file.
1984 * examples/Makefile.in (SOURCES): Added timing.c.
1985 (DISTFILES): Added timing.h.
1986 (BENCH_OBJS, ECC_BENCH_OBJS, HOGWEED_BENCH_OBJS): Added timing.o.
1987 * examples/nettle-benchmark.c: Use timing.h.
1988 * examples/hogweed-benchmark.c: Likewise.
1989 * examples/ecc-benchmark.c: Likewise.
1991 From Nikos Mavrogiannopoulos:
1992 * salsa20r12-crypt.c (salsa20r12_crypt): New file and function.
1993 * salsa20.h (salsa20r12_crypt): Declare.
1994 * Makefile.in (nettle_SOURCES): Added salsa20r12-crypt.c.
1996 From Martin Storsjö:
1997 * examples/hogweed-benchmark.c: Include local headers.
1998 * testsuite/ecdsa-keygen-test.c: Likewise.
1999 * x86_64/sha3-permute.asm: Workaround for Apple's assembler; write
2000 movq instructions as movd.
2002 * Makefile.in (hogweed_PURE_OBJS): Don't include OPT_ASM_SOURCES
2005 2013-03-15 Niels Möller <nisse@lysator.liu.se>
2007 * armv7/sha3-permute.asm: New file. 4.5 time speedup.
2009 * armv7/machine.m4 (QREG): New macro.
2011 2013-03-14 Niels Möller <nisse@lysator.liu.se>
2013 * configure.ac (asm_replace_list): Added sha3-permute.asm,
2014 revering 2012-12-30 change. 34% speedup on intel i5, from 2190
2015 cycles for the C implementation down to 1630.
2017 * armv7/sha512-compress.asm: Optimized. Keep expanded data in
2018 registers, exploit parallelism. Another 70% speedup.
2020 * testsuite/sha512-test.c (test_main): Additional test vectors,
2021 including some longer than 128 bytes.
2023 2013-03-13 Niels Möller <nisse@lysator.liu.se>
2025 * armv7/sha512-compress.asm: New file, using neon instructions.
2028 * configure.ac (asm_replace_list): Added sha512-compress.asm.
2029 * x86_64/machine.m4 (OFFSET64): New macro.
2030 * x86_64/sha512-compress.asm: New file, 20% speedup.
2032 * sha512-compress.c (ROUND): Eliminated a temporary, analogous to
2033 sha256 change below.
2035 * x86_64/sha256-compress.asm: New file, 16% speedup (benchmarked
2038 2013-03-11 Niels Möller <nisse@lysator.liu.se>
2040 * armv7/sha256-compress.asm: New file, 25% speedup.
2042 * configure.ac (asm_replace_list): Added sha256-compress.asm.
2044 * sha256-compress.c (ROUND): Eliminated a temporary.
2046 * armv7/sha1-compress.asm: New file, 9% speedup.
2048 * testsuite/testutils.c (test_hash): Test different alignments for
2051 2013-03-08 Niels Möller <nisse@lysator.liu.se>
2053 * armv7/aes-decrypt-internal.asm: New file, 15% speedup.
2054 * armv7/aes-encrypt-internal.asm: New file, 25% speedup.
2055 * armv7/aes.m4: New file.
2057 2013-03-07 Niels Möller <nisse@lysator.liu.se>
2059 * gmp-glue.c (mpz_limbs_cmp): Don't use PTR and SIZ macros.
2061 * Makefile.in (aesdata, desdata, twofishdata, shadata, gcmdata)
2062 (eccdata): Arrange for compiling these programs for running on the
2063 build system, also when cross compiling everything else.
2065 * config.make.in (CC_FOR_BUILD, EXEEXT_FOR_BUILD): New variables.
2067 * configure.ac: Use GMP_PROG_CC_FOR_BUILD and
2068 GMP_PROG_EXEEXT_FOR_BUILD.
2070 * aclocal.m4 (GMP_PROG_CC_FOR_BUILD, GMP_PROG_CC_FOR_BUILD_WORKS)
2071 (GMP_PROG_EXEEXT_FOR_BUILD): New macros, based on GMP's.
2073 * aesdata.c: Deleted includes of config.h and nettle-types.h. Use
2074 unsigned char and unsigned long instead of stdint.h types.
2076 * desdata.c: Deleted includes of config.h and desCode.h.
2077 (main): Return 1 on invalid argument. Don't use ROR macro. Use
2078 unsigned long instead of uint32_t, and make it work if unsigned
2079 long is larger than 32 bits.
2081 * gcmdata.c: Deleted include of config.h and use UNUSED macro.
2082 * shadata.c: Likewise.
2084 * twofishdata.c: Deleted include of nettle-types.h. Use unsigned
2085 char instead of stdint.h types.
2087 * x86_64/ecc-521-modp.asm: New file. 2.4 time speedup.
2089 2013-03-06 Niels Möller <nisse@lysator.liu.se>
2091 * x86_64/ecc-384-modp.asm: New file, 3 time speedup.
2092 * x86_64/ecc-256-redc.asm: New file, 2.5 time speedup.
2093 * x86_64/ecc-224-modp.asm: New file, 5 time speedup over C
2096 2013-03-05 Niels Möller <nisse@lysator.liu.se>
2098 * configure.ac (asm_optional_list): Added ecc-521-modp.asm.
2099 * ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
2100 version if available.
2101 * armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
2103 2013-03-04 Niels Möller <nisse@lysator.liu.se>
2105 * configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
2106 bogus reference to $asm_search_list.
2107 * ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
2108 version if available.
2109 * armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
2111 2013-03-03 Niels Möller <nisse@lysator.liu.se>
2113 * ecc-256.c: Fixed definition of USE_REDC.
2115 2013-03-01 Niels Möller <nisse@lysator.liu.se>
2117 * ecc-256.c: Check HAVE_NATIVE_ecc_256_redc, and use native
2118 version if available.
2119 * armv7/ecc-256-redc.asm: New file, 4 time speedup over C version.
2121 * testsuite/ecc-redc-test.c: Increased test count.
2123 * ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
2124 version if available.
2125 * armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
2128 * configure.ac (asm_optional_list): Added ecc-224-modp.asm.
2129 (OPT_ASM_SOURCES): Fixed assignment.
2131 2013-02-28 Niels Möller <nisse@lysator.liu.se>
2133 * x86_64/ecc-192-modp.asm: Reorganized to reduce number of
2134 additions. Use setc instruction.
2136 * examples/Makefile.in: Let $(HOGWEED_TARGETS) depend on
2139 * armv7/ecc-192-modp.asm: New file. 2.5 time speedup over C
2142 2013-02-27 Niels Möller <nisse@lysator.liu.se>
2144 * ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
2145 version if available.
2146 (ecc_192_modp): Fixed carry handling bug in 32-bit version.
2148 * x86_64/ecc-192-modp.asm: New file. 3.8 times speedup over C
2151 * configure.ac (OPT_ASM_SOURCES): New substituted variable.
2152 (asm_replace_list, asm_optional_list): New variables. For files in
2153 asm_optional_list, also add them to OPT_ASM_SOURCES and define
2154 appropriate HAVE_NATIVE_* symbols found.
2156 * Makefile.in (OPT_ASM_SOURCES): New variable. Used for setting
2157 hogweed_OBJS and hogweed_PURE_OBJS.
2159 * testsuite/ecc-mod-test.c: Increased test count.
2161 * ecc-384.c (ecc_384_modp): Fixed typo which broke carry handling
2162 in the 64-bit version.
2164 * examples/ecc-benchmark.c (bench_add_jjj): Typo fix, benchmark
2167 * gmp-glue.h: Check if GMP provides mpz_limbs_read (expected in
2169 * gmp-glue.c: Use GMP's mpz_limbs_read and friends if available.
2170 Renamed all functions for consistency with GMP. Updated all
2173 2013-02-20 Niels Möller <nisse@lysator.liu.se>
2175 * examples/Makefile.in (HOGWEED_TARGETS): Added
2176 hogweed-benchmark$(EXEEXT).
2177 (SOURCES): Added hogweed-benchmark.c.
2178 (hogweed-benchmark$(EXEEXT)): New target.
2180 * examples/hogweed-benchmark.c: New file.
2182 * ecdsa-keygen.c (ecdsa_generate_keypair): New file and function.
2183 * Makefile.in (hogweed_SOURCES): Added ecdsa-keygen.c.
2184 * testsuite/ecdsa-keygen-test.c: New testcase.
2185 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2186 ecdsa-keygen-test.c.
2188 * nettle-internal.h (TMP_ALLOC): Added missing parentheses.
2190 2013-02-18 Niels Möller <nisse@lysator.liu.se>
2192 * testsuite/ecdsa-verify-test.c: New testcase.
2193 * testsuite/ecdsa-sign-test.c: New testcase.
2194 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2195 ecdsa-sign-test.c and ecdsa-verify-test.c.
2196 * testsuite/testutils.h: Include ecdsa.h.
2197 (SHEX): Deleted const cast.
2199 * ecc-point.c: New file, struct ecc_point abstraction.
2200 * ecc-scalar.c: New file, struct ecc_scalar abstraction.
2201 * ecc-random.c (ecc_modq_random, ecc_scalar_random): New file, new
2203 * ecc-hash.c (ecc_hash): New file and function.
2204 * ecc-ecdsa-sign.c: New file, low-level signing interface.
2205 * ecc-ecdsa-verify.c: New file, low-level ecdsa verify.
2206 * ecdsa-sign.c: (ecdsa_sign): New file and function.
2207 * ecdsa-verify.c (ecdsa_verify): New file and function.
2208 * ecdsa.h: New header file.
2209 * ecc.h: Declare ecc_point and ecc_scalar functions.
2210 * ecc-internal.h: Added declarations.
2211 * Makefile.in (hogweed_SOURCES): Added new source files.
2212 (HEADERS): Added ecdsa.h.
2214 * gmp-glue.c (_mpz_set_mpn): New convenience function.
2215 (_mpn_set_base256): New function.
2216 (_gmp_alloc_limbs): New function.
2217 (_gmp_free_limbs): New function.
2218 * gmp-glue.h: Corresponding declarations. Include nettle-stdinh.h.
2220 * examples/Makefile.in (HOGWEED_TARGETS): Renamed, was
2221 RSA_TARGETS. Added ecc-benchmark$(EXEEXT).
2222 (SOURCES): Added ecc-benchmark.c.
2223 (ecc-benchmark$(EXEEXT)): New target.
2225 * examples/ecc-benchmark.c: New file, benchmarking ecc primitives.
2227 2013-02-15 Niels Möller <nisse@lysator.liu.se>
2229 Integrate ecc_mul_a.
2230 * ecc-a-to-j.c: New file.
2231 * ecc-add-jjj.c: New file.
2232 * ecc-mul-a.c: New file.
2233 * Makefile.in (hogweed_SOURCES): Added new files.
2234 * testsuite/ecc-mul-a-test.c: New file.
2235 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2238 * testsuite/testutils.c: Removed redundant includes.
2239 (die): New function.
2241 Integrate ecc_mul_g.
2243 * ecc-j-to-a.c: New file.
2244 * ecc-size.c: New file.
2245 * ecc-add-jja.c: New file.
2246 * ecc-dup-jj.c: New file.
2247 * ecc-mul-g.c: New file.
2248 * sec-tabselect.c: New file.
2249 * Makefile.in (hogweed_SOURCES): Added new files.
2250 (HEADERS): Added ecc.h
2251 * testsuite/ecc-mul-g-test.c: New file.
2252 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
2254 * testsuite/testutils.c (xalloc_limbs): New function.
2255 (test_mpn): New function.
2256 (test_ecc_point): New function.
2257 (test_ecc_mul_a): New function.
2258 (test_ecc_mul_j): New function.
2259 * testsuite/testutils.h: Corresponding declarations.
2261 Integrate ECC internals.
2262 * ecc-curve.h: New file.
2263 * ecc-internal.h: New file.
2264 * cnd-copy.c: New file.
2265 * ecc-192.c: New file.
2266 * ecc-224.c: New file.
2267 * ecc-256.c: New file.
2268 * ecc-384.c: New file.
2269 * ecc-521.c: New file.
2270 * ecc-generic-modp.c: New file.
2271 * ecc-generic-modq.c: New file.
2272 * ecc-generic-redc.c: New file.
2273 * ecc-mod.c: New file.
2274 * ecc-modp.c: New file.
2275 * ecc-modq.c: New file.
2276 * sec-add-1.c: New file.
2277 * sec-modinv.c: New file.
2278 * sec-sub-1.c: New file.
2279 * Makefile.in (hogweed_SOURCES): Added new files.
2280 (HEADERS): Added ecc-curve.h.
2281 (DISTFILES): Added ecc-internal.h.
2282 * testsuite/ecc-mod-test.c: New file.
2283 * testsuite/ecc-modinv-test.c: New file.
2284 * testsuite/ecc-redc-test.c: New file.
2285 * testsuite/testutils.c (ecc_curves): New constant array.
2286 * testsuite/testutils.h: Include ecc-related headers. Declare
2288 * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-mod-test.c
2289 ecc-modinv-test.c ecc-redc-test.c.
2291 * gmp-glue.c: New file, mpn <-> mpz conversions.
2292 * gmp-glue.h: New file.
2293 * Makefile.in: Added to hogweed_SOURCES and DISTFILES, respectively.
2295 * eccdata.c: New program, for generating ECC-related tables.
2296 * Makefile.in (ecc-192.h, ecc-224.h, ecc-256.h, ecc-384.h)
2297 (ecc-512.h): New generated files.
2299 2013-02-19 Niels Möller <nisse@lysator.liu.se>
2301 * armv7/memxor.asm (memxor): Software pipelining for the aligned
2302 case. Runs at 6 cycles (0.5 cycles per byte). Delayed push of
2303 registers until we know how many registers we need.
2304 (memxor3): Use 3-way unrolling also for aligned memxor3.
2305 Runs at 8 cycles (0.67 cycles per byte)
2307 2013-02-14 Niels Möller <nisse@lysator.liu.se>
2309 * configure.ac: Find GMP's GMP_NUMB_BITS. Substitute in Makefile.
2310 * config.make.in (GMP_NUMB_BITS): New variable.
2312 * examples/rsa-keygen.c (uint_arg): New function.
2313 (main): New options -s and -e, to specify key size and public
2314 exponent. Increased default key size to 2048.
2316 2013-02-12 Niels Möller <nisse@lysator.liu.se>
2318 * armv7/memxor.asm (memxor): Optimized aligned case, using 3-way
2321 2013-02-06 Niels Möller <nisse@lysator.liu.se>
2323 * armv7/memxor.asm (memxor, memxor3): Optimized aligned case, now
2324 runs at 0.75 cycles/byte.
2326 * armv7/README: New file.
2327 * armv7/machine.m4: New (empty) file.
2328 * armv7/memxor.asm: Initial assembly implementation.
2330 * config.m4.in: Substitute ASM_TYPE_PROGBITS as TYPE_PROGBITS.
2332 * config.make.in: Added .s to the suffix list.
2334 * Makefile.in (.asm.s): Use a separate make target for .asm
2335 preprocessing. Include asm.d, which the corresponding
2338 * configure.ac (asm_file_list): Collect assembly files into this
2340 (asm.d): Make config.status write dependencies for .s files into
2342 (ASM_ALIGN_LOG): Set to "no" when appropriate.
2343 (ASM_TYPE_FUNCTION): Default to "@function".
2344 (ASM_TYPE_PROGBITS): New substituted variable, set in the same way
2345 as ASM_TYPE_FUNCTION.
2346 (ASM_MARK_NOEXEC_STACK): Use TYPE_PROGBITS.
2347 (asm_path): Set up asm_path for armv7.
2349 * asm.m4: Use changecom to disable m4 quoting. Use divert to
2352 2013-02-05 Niels Möller <nisse@lysator.liu.se>
2354 * testsuite/rsa-keygen-test.c (test_main): Updated expected
2355 signatures, after the nettle_mpz_random change below.
2356 * testsuite/dsa-test.c (test_main): Likewise. Also fixed the
2357 dsa256 test to actually use the expected signature.
2359 2013-01-31 Niels Möller <nisse@lysator.liu.se>
2361 * bignum-random.c (nettle_mpz_random): Increased number of extra
2362 bits to 64, following FIPS 186-3.
2364 2013-01-16 Niels Möller <nisse@lysator.liu.se>
2366 * Released nettle-2.6.
2368 2013-01-12 Niels Möller <nisse@lysator.liu.se>
2370 * configure.ac: Use AC_LANG_SOURCE.
2372 2013-01-02 Niels Möller <nisse@lysator.liu.se>
2374 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.5.
2375 (LIBHOGWEED_MINOR): And to 2.3.
2377 * examples/Makefile.in: Explicit rules for building objects in
2379 * tools/Makefile.in: Likewise.
2380 * testsuite/Makefile.in: Likewise.
2382 2013-01-01 Niels Möller <nisse@lysator.liu.se>
2384 * nettle.texinfo (Recommended hash functions): Document additional
2387 * examples/nettle-benchmark.c (main): Benchmark additional sha3
2390 2012-12-30 Niels Möller <nisse@lysator.liu.se>
2392 * sha3-224.c, sha3-224-meta.c: New files.
2393 * sha3-384.c, sha3-384-meta.c: New files.
2394 * sha3-512.c, sha3-512-meta.c: New files.
2395 * sha3.h: Prototypes for sha3 with sizes 224, 384 and 512.
2396 * nettle-meta.h: Declare nettle_sha3_224, nettle_sha3_384 and
2398 * Makefile.in (nettle_SOURCES): Added new sha3 files.
2400 * testsuite/sha3-224-test.c: New file.
2401 * testsuite/sha3-384-test.c: New file.
2402 * testsuite/sha3-512-test.c: New file.
2403 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new sha3 test files.
2405 * configure.ac: Disabled use of sha3-permute.asm.
2407 2012-12-20 Niels Möller <nisse@lysator.liu.se>
2410 * testsuite/des-compat-test.c (pt): Use proper prototype, use
2412 * testsuite/testutils.c (test_dsa_key): Deleted spurious
2415 2012-12-15 Niels Möller <nisse@lysator.liu.se>
2417 Based on a patch from Alon Bar-Lev:
2418 * Makefile.in (LIBTARGETS, SHLIBTARGET): Define as empty if static
2419 or shared libraries, respectively, are disabled.
2420 (TARGETS): Deleted @IF_SHARED@ conditional, now in the definition
2424 * configure.ac: Check for ar program. New option --disable-static.
2425 * config.make.in (AR): Use configured value.
2427 2012-12-13 Niels Möller <nisse@lysator.liu.se>
2429 * x86_64/sha3-permute.asm: Rewrote, to keep all state in
2430 registers. 2400 cycles on x86_64, only slightly faster than the
2433 2012-12-09 Niels Möller <nisse@lysator.liu.se>
2435 * sha3-permute.c (sha3_permute): Rewrote to do permutation in
2436 place. 80% speedup on x86_64, 2500 cycles.
2438 2012-12-04 Niels Möller <nisse@lysator.liu.se>
2440 * ctr.c (ctr_crypt): Fix bug reported by Tim Kosse. Don't
2441 increment the counter when length is zero (was broken for the
2444 * testsuite/ctr-test.c (test_main): Added test with zero-length
2446 * testsuite/testutils.c (test_cipher_ctr): Check the ctr value
2447 after encrypt and decrypt.
2449 2012-12-03 Niels Möller <nisse@lysator.liu.se>
2451 * sha3-permute.c (sha3_permute): Optimized, to reduce number of
2452 passes over the data. 20% speedup on x86_64, 4700 cycles.
2454 * configure.ac: Added sha3-permute.asm.
2456 * x86_64/sha3-permute.asm: New file. 30% speedup over current C
2459 * nettle.texinfo (Hash functions): Split into several sections,
2460 separating recommended hash functions and legacy hash functions.
2463 2012-12-02 Niels Möller <nisse@lysator.liu.se>
2465 Split sha.h into new files sha1.h and sha2.h. Replaced all
2466 internal usage of sha.h in all files.
2467 * sha.h: Kept for compatibility, just includes both new files.
2470 * Makefile.in (HEADERS): Added sha1.h and sha2.h.
2472 2012-11-28 Niels Möller <nisse@lysator.liu.se>
2474 From Fredrik Thulin:
2475 * testsuite/pbkdf2-test.c (test_main): Add PBKDF2-HMAC-SHA512 test
2478 2012-11-15 Niels Möller <nisse@lysator.liu.se>
2480 * sha3-permute.c (sha3_permute): Use ULL suffix on round
2481 constants. Avoid passing shift count 0 to ROTL64.
2483 * sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
2485 * macros.h (LE_READ_UINT64): New macro.
2487 2012-11-13 Niels Möller <nisse@lysator.liu.se>
2489 * sha3-permute.c (sha3_permute): Micro optimizations. Partial
2490 unrolling. Use lookup table for the permutation. On an x86_64,
2491 execution time reduced from appr. 13000 cycles to appr. 6000.
2493 * examples/nettle-benchmark.c (TIME_CYCLES): New macro.
2494 (bench_sha1_compress, bench_salsa20_core): Use it.
2495 (bench_sha3_permute): New function.
2496 (main): Call bench_sha3_permute.
2498 2012-11-12 Niels Möller <nisse@lysator.liu.se>
2500 * examples/nettle-benchmark.c (main): Benchmark sha3_256.
2502 * sha3-permute.c: New file. Permutation function for sha3, aka
2504 * sha3.h: New header file.
2505 * sha3.c: New file, absorption and padding for sha3.
2506 * sha3-256.c: New file.
2507 * sha3-256-meta.c: New file.
2508 * nettle-meta.h (nettle_sha3_256): Declare.
2509 * Makefile.in (nettle_SOURCES): Added sha3 files.
2510 (HEADERS): Added sha3.h.
2511 * testsuite/sha3.awk: New file. Script to extract test vectors.
2512 * testsuite/sha3-256-test.c: New file.
2513 * testsuite/sha3-permute-test.c: New file.
2514 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
2515 sha3-permute-test.c and sha3-256-test.c.
2516 (DISTFILES): Added sha3.awk.
2517 * testsuite/.test-rules.make: Added sha3 targets.
2519 * macros.h (LE_WRITE_UINT64): New macro.
2520 * write-le64.c (_nettle_write_le64): New file and function.
2521 * nettle-write.h (_nettle_write_le64): Declare. Also deleted
2522 declaration of non-existent _nettle_write_be64.
2523 * Makefile.in (nettle_SOURCES): Added write-le64.c.
2525 * macros.h (ROTL64): New macro, moved from...
2526 * sha512-compress.c (ROTL64): ... old location, deleted.
2528 * serpent-internal.h [HAVE_NATIVE_64_BIT] (DROTL32): Renamed from...
2529 (ROTL64): ... old name.
2530 (DRSHIFT32): Renamed from ...
2531 (RSHIFT64): ... old name.
2532 * serpent-encrypt.c (LINEAR_TRANSFORMATION64): Updated for above
2534 * serpent-decrypt.c (LINEAR_TRANSFORMATION64_INVERSE): Likewise.
2536 2012-11-11 Niels Möller <nisse@lysator.liu.se>
2538 From Nikos Mavrogiannopoulos:
2539 * nettle.texinfo (Hash functions): Added documentation for
2541 * examples/nettle-benchmark.c (main): Benchmark gosthash94.
2543 2012-11-10 Niels Möller <nisse@lysator.liu.se>
2545 * nettle.texinfo (nettle_hashes, nettle_ciphers): Use deftypevr,
2546 not deftypevrx. Spotted by Nikos Mavrogiannopoulos.
2548 2012-11-08 Niels Möller <nisse@lysator.liu.se>
2550 Gost hash function, ported from Aleksey Kravchenko's rhash library
2551 by Nikos Mavrogiannopoulos.
2552 * gosthash94.c: New file.
2553 * gosthash94.h: New file.
2554 * gosthash94-meta.c: New file.
2555 * nettle-meta.h (nettle_gosthash94): Declare.
2556 * Makefile.in (nettle_SOURCES): Added gosthash94.c and
2558 (HEADERS): Added gosthash94.h.
2559 * testsuite/gosthash94-test.c: New file.
2560 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
2563 2012-10-29 Niels Möller <nisse@lysator.liu.se>
2565 From Martin Storsjö:
2566 * configure.ac (dummy-dep-files): Avoid non-posix \|-operator in
2569 2012-10-29 Niels Möller <nisse@lysator.liu.se>
2571 * x86_64/salsa20-core-internal.asm: New file.
2572 * configure.ac: Added salsa20-core-internal.asm.
2573 * examples/nettle-benchmark.c (bench_salsa20_core): New function.
2575 2012-10-27 Niels Möller <nisse@lysator.liu.se>
2577 * testsuite/Makefile.in (TS_SOURCES, CXX_SOURCES): Include sources
2579 (TS_CXX): Moved @IF_CXX@ conditional here.
2580 (DISTFILES): Use $(SOURCES), which now includes all C source
2581 files. testutils.c was lost in a the 2012-09-20 change.
2583 * x86_64/salsa20-crypt.asm: Include x86_64/salsa20.m4.
2584 Make all exits go via .Lend and W64_EXIT.
2586 * x86_64/salsa20.m4: New file, extracted from
2587 x86_64/salsa20-crypt.asm.
2589 2012-10-26 Niels Möller <nisse@lysator.liu.se>
2591 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LIBS): Add $(CFLAGS) on
2592 the link command line. Reported by Dennis Clarke.
2594 2012-10-03 Niels Möller <nisse@lysator.liu.se>
2596 From: Nikos Mavrogiannopoulos:
2597 * testsuite/testutils.c (test_hash): On failure, print the
2598 expected and returned hash values.
2600 2012-09-23 Niels Möller <nisse@lysator.liu.se>
2602 * Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
2604 * salsa20-core-internal.c (_salsa20_core): New file and function,
2605 extracted from salsa20_crypt.
2606 * salsa20.h (_salsa20_core): Declare it.
2607 * salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
2609 2012-09-21 Niels Möller <nisse@lysator.liu.se>
2611 * pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized
2614 * nettle.texinfo (Cipher functions): Stress that the salsa20 hash
2615 function is not suitable as a general hash function.
2617 2012-09-20 Simon Josefsson <simon@josefsson.org>
2619 * pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
2620 * pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
2621 * Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
2622 pbkdf2-hmac-sha256.c.
2623 * nettle.texinfo (Key derivation functions): Improve.
2624 * testsuite/pbkdf2-test.c (test_main): Test new functions.
2626 2012-09-20 Niels Möller <nisse@lysator.liu.se>
2628 * pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
2629 * pbkdf2.h (PBKDF2): Analogous reordering.
2630 * testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
2632 * nettle.texinfo (Key derivation functions): Updated documented
2635 * testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
2638 * configure.ac: New substitution IF_CXX, replacing CXX_TESTS.
2639 (dummy-dep-files): Handle .cxx files.
2641 * testsuite/Makefile.in: Use IF_CXX. Include dependency file for
2644 2012-09-19 Niels Möller <nisse@lysator.liu.se>
2647 * examples/rsa-encrypt.c (main): Added missing mpz_clear.
2648 * examples/rsa-keygen.c (main): Added missing deallocation.
2650 * testsuite/meta-hash-test.c (test_main): Validate
2651 NETTLE_MAX_HASH_DIGEST_SIZE.
2653 * pbkdf2.h (PBKDF2): New macro.
2654 * testsuite/pbkdf2-test.c: Use it.
2656 2012-09-12 Simon Josefsson <simon@josefsson.org>
2658 * NEWS: Mention addition of PBKDF2.
2659 * pbkdf2.c (pbkdf2): New file and function.
2660 * pbkdf2.h: Declare it.
2661 * Makefile.in (nettle_SOURCES): Add pbkdf2.c.
2662 (HEADERS): Add pbkdf2.h.
2663 * nettle.texinfo (Key derivation functions): New section.
2664 * testsuite/pbkdf2-test.c: New test case.
2665 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
2666 * testsuite/.test-rules.make (pbkdf2-test): New target.
2668 2012-09-16 Niels Möller <nisse@lysator.liu.se>
2670 * testsuite/: Overhaul of testsuite, affecting almost all files.
2671 + Use struct tstring for allocated strings, and deallocate before
2673 + Changed most test functions to take struct tstring as arguments.
2674 + Made all test_main return on success.
2676 * testsuite/testutils.h (struct tstring): New struct type.
2677 (H2, HL, MEMEQH, SUCCESS): Deleted macros.
2678 (SHEX, SDATA): New macros.
2679 (H): Redefined to track storage.
2681 * testsuite/testutils.c (tstring_alloc): New function.
2682 (tstring_clear): New function.
2683 (tstring_data): New function.
2684 (tstring_hex): New function.
2685 (tstring_print_hex): New function.
2686 (decode_hex_length): Made static.
2687 (decode_hex): Made static. No return value, abort on error.
2688 (main): Expect test_main to return, and call tstring_clear before
2690 (test_dsa_key): Added missing mpz_clear.
2691 (test_mac): Deleted unused function.
2693 * testsuite/rsa2sexp-test.c (test_main): Added missing
2694 nettle_buffer_clear.
2696 * testsuite/yarrow-test.c (open_file): Don't leak filename.
2697 (test_main): fclose input file properly.
2699 * testsuite/sexp-format-test.c (test_main): Added missing calls to
2700 nettle_buffer_clear and mpz_clear.
2702 * testsuite/serpent-test.c (tstring_hex_reverse): New function,
2704 (decode_hex_reverse): ... deleted function.
2705 (RHEX): New macro, replacing...
2706 (RH, RHL): ... deleted macros.
2708 * testsuite/rsa2sexp-test.c (test_main): Added missing
2709 nettle_buffer_clear.
2711 * testsuite/random-prime-test.c (test_main): Added missing
2714 * realloc.c (nettle_realloc): Only call libc realloc if length >
2715 0, otherwise call free. Fixes a small memory leak.
2716 (nettle_xrealloc): Likewise.
2718 * run-tests (test_program): Don't quote $EMULATOR; allow it to
2719 expand to program and arguments (e.g., valgrind).
2721 * tools/pkcs1-conv.c (convert_public_key): Added missing calls to
2722 dsa_public_key_clear and rsa_public_key_clear.
2723 (main): Added missing nettle_buffer_clear.
2725 2012-09-10 Niels Möller <nisse@lysator.liu.se>
2727 * examples/eratosthenes.c (main): Explicitly deallocate storage
2730 * examples/io.c (read_file): Explicitly treat an empty file as an
2731 error. Rearrange loop, check for short fread return value.
2733 * desdata.c: Don't declare printf, include <stdio.h> instead. Also
2734 deleted casts of printf return value.
2737 * examples/nettle-benchmark.c (die): Use PRINTF_STYLE attribute.
2738 * pgp-encode.c (pgp_put_rsa_sha1_signature): Deleted unused variable.
2739 * rsa2openpgp.c (rsa_keypair_to_openpgp): Likewise.
2740 * examples/base16enc.c (main): Deleted useless allocations.
2742 2012-09-07 Niels Möller <nisse@lysator.liu.se>
2744 * examples/nettle-benchmark.c (die): Add NORETURN attribute. Patch
2746 * tools/misc.h (die, werror): Use PRINTF_STYLE and NORETURN macros
2747 for attributes. Patch from Tim Rühsen.
2749 * examples/io.h (werror): Use PRINTF_STYLE macro.
2751 2012-08-22 Niels Möller <nisse@lysator.liu.se>
2753 From Sam Thursfield <sam.thursfield@codethink.co.uk>:
2754 * configure.ac: Make documentation optional, to avoid requiring
2755 TeX. New option --disable-documentation, and Makefile substitution
2757 * Makefile.in: Use IF_DOCUMENTATION.
2759 2012-07-12 Niels Möller <nisse@lysator.liu.se>
2761 * asm.m4 (ALIGN): Use << operator rather than **, with m4 eval.
2762 The latter is not supported by BSD m4.
2764 2012-07-07 Niels Möller <nisse@lysator.liu.se>
2766 Copyright headers: Updated FSF address. Patch from David Woodhouse.
2768 * examples/Makefile.in (BENCH_LIBS): Added -lm, needed for the
2769 ldexp function. Reported by Anthony G. Basile.
2771 * configure.ac: Changed version number to 2.6.
2773 * Released nettle-2.5.
2775 2012-07-05 Niels Möller <nisse@lysator.liu.se>
2777 * x86_64/salsa20-crypt.asm (salsa20_crypt): Write the 64-bit movq
2778 instructions as "movd", since that makes the osx assembler
2779 happier. Assembles to the same machine code on gnu/linux.
2781 2012-07-03 Niels Möller <nisse@lysator.liu.se>
2783 * aclocal.m4 (LSH_FUNC_ALLOCA): In the config.h boilerplate,
2784 include malloc.h if it exists, also when compiling with gcc.
2785 Needed for cross-compiling with --host=i586-mingw32msvc.
2787 * examples/base16dec.c: Don't #include files using <nettle/...>,
2788 we don't want to pick up installed versions. On windows, include
2789 <fcntl.h>, needed for _setmode.
2790 * examples/base16enc.c: Likewise.
2791 * examples/base64dec.c: Likewise.
2792 * examples/base64enc.c: Likewise
2794 * nettle.texinfo (Cipher functions): Document Salsa20.
2796 2012-06-25 Niels Möller <nisse@lysator.liu.se>
2798 * pkcs1.c (_pkcs1_signature_prefix): Renamed function, adding a
2799 leading underscore. Updated all callers.
2801 * bignum-next-prime.c (nettle_next_prime): Consistently use the
2802 type nettle_random_func * (rather then just nettle_random_func)
2803 when passing the function pointer as argument. Similar change for
2804 nettle_progress_func. Should have been done for the 2.0 release,
2805 but a few arguments were overlooked.
2806 * bignum-random-prime.c (_nettle_generate_pocklington_prime)
2807 (nettle_random_prime): Likewise.
2808 * bignum-random.c (nettle_mpz_random_size, nettle_mpz_random):
2810 * dsa-keygen.c (dsa_generate_keypair): Likewise.
2811 * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise.
2812 * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
2814 * dsa-sign.c (_dsa_sign): Likewise.
2815 * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
2816 * rsa-blind.c (_rsa_blind): Likewise.
2817 * rsa-decrypt-tr.c (rsa_decrypt_tr): Likewise.
2818 * rsa-encrypt.c (rsa_encrypt): Likewise.
2819 * rsa-keygen.c (rsa_generate_keypair): Likewise.
2820 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Likewise.
2822 * cbc.c (cbc_encrypt, cbc_decrypt): Similarly, use the type
2823 nettle_crypt_func * rather than just nettle_crypt_func.
2824 * ctr.c (ctr_crypt): Likewise.
2825 * gcm.c (gcm_set_key): Likewise.
2827 * testsuite/des-compat-test.c (test_main): Disable declarations of
2828 disabled functions and variables, to avoid warnings. No verbose
2829 output unless verbose flag is set.
2831 2012-06-09 Niels Möller <nisse@lysator.liu.se>
2833 * examples/Makefile.in (SOURCES): Added base16dec.c, forgotten
2836 General pkcs1 signatures, with a "DigestInfo" input. Suggested by
2837 Nikos Mavrogiannopoulos.
2838 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
2839 rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
2841 * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
2843 * pkcs1.h: Declare it.
2845 * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
2846 * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
2847 * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
2848 contributed by Nikos Mavrogiannopoulos.
2849 * rsa.h: Declare new functions.
2851 * rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
2852 * rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
2853 separate file, renamed and made non-static. Moved from...
2854 * rsa-decrypt-tr.c: ... here.
2856 2012-06-03 Niels Möller <nisse@lysator.liu.se>
2858 * testsuite/pkcs1-test.c (test_main): Include leading zero in
2861 * pkcs1.c (pkcs1_signature_prefix): Return pointer to where the
2862 digest should be written. Let the size input be the key size in
2863 octets, rather then key size - 1.
2864 * pkcs1-rsa-*.c: Updated for above.
2865 * rsa-*-sign.c, rsa-*-verify.c: Pass key->size, not key->size - 1.
2867 2012-05-18 Niels Möller <nisse@lysator.liu.se>
2869 * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
2870 * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
2872 2012-05-09 Niels Möller <nisse@lysator.liu.se>
2874 * rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
2875 spotted by Nikos Mavrogiannopoulos.
2877 2012-05-07 Niels Möller <nisse@lysator.liu.se>
2879 * nettle-types.h (_STDINT_HAVE_INT_FAST32_T): Define here, to
2880 force nettle-stdint.h to not try to define the int_fast*_t types.
2881 Avoids compilation problems with gnutls on SunOS-5.8, where the
2882 definitions here collide with gnulib's.
2884 2012-04-23 Niels Möller <nisse@lysator.liu.se>
2886 * nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
2887 on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
2888 NETTLE_MAX_BIGNUM_BITS.
2890 2012-04-19 Niels Möller <nisse@lysator.liu.se>
2892 * list-obj-sizes.awk: Use decimal rather than hexadecimal output.
2893 (hex2int): Use local variables.
2895 2012-04-18 Niels Möller <nisse@lysator.liu.se>
2897 * x86_64/salsa20-crypt.asm: New file.
2899 2012-04-17 Niels Möller <nisse@lysator.liu.se>
2901 * testsuite/salsa20-test.c (test_salsa20_stream): Check that
2902 salsa20_crypt doesn't write beyond the given destination area.
2903 (test_salsa20): Likewise.
2905 * salsa20-crypt.c: Renamed file, from...
2906 * salsa20.c: ... old name.
2908 * x86_64/machine.m4 (WREG): New macro.
2910 * salsa20.c (salsa20_hash): Deleted function, inlined into
2912 (salsa20_set_key, salsa20_set_iv): Moved, to...
2913 * salsa20-set-key.c: ...new file.
2915 2012-04-15 Niels Möller <nisse@lysator.liu.se>
2917 * testsuite/salsa20-test.c (test_salsa20_stream): New function.
2918 (test_main): Tests for encrypting more than one block at a time.
2920 2012-04-14 Niels Möller <nisse@lysator.liu.se>
2922 * examples/io.c (write_file): Use write_string.
2924 * examples/Makefile.in (base64enc): New targets. Also
2925 added missing io.o dependency to several other targets.
2926 (base64dec, base16enc, base16dec): Likewise.
2928 * examples/base64enc.c: New file, based on example code
2929 contributed by Jeronimo Pellegrini.
2930 * examples/base64dec.c: Likewise.
2931 * examples/base16enc.c: Likewise.
2932 * examples/base16dec.c: Likewise.
2934 * examples/rsa-encrypt.c (process_file): Reorganized fread loop.
2935 (usage): New function.
2936 (main): Implemented --help option.
2938 * examples/rsa-decrypt.c (process_file): Improved error message
2939 for too short input file.
2941 * aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
2942 (mult, inv_mix_column): Deleted functions.
2943 (mtable): New table.
2944 (MIX_COLUMN): New macro.
2945 (aes_invert_key): Use MIX_COLUMN and mtable.
2947 * aesdata.c (compute_mtable): New table, for the inv mix column
2948 operation in aes_invert_key.
2950 2012-04-13 Niels Möller <nisse@lysator.liu.se>
2952 * aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.
2953 Tabulate the needed "round constants".
2954 (xtime): Deleted function.
2956 * aes-internal.h (SUBBYTE): Cast to uint32_t. Use B0, ..., B3
2959 2012-04-09 Niels Möller <nisse@lysator.liu.se>
2961 Timing resistant RSA decryption, based on RSA blinding code
2962 contributed by Nikos Mavrogiannopoulos.
2963 * rsa-decrypt-tr.c (rsa_decrypt_tr): New function.
2964 (rsa_blind): Helper function.
2965 (rsa_unblind): Helper function.
2966 * rsa.h: Declare rsa_decrypt_tr. Some cleanups, no longer include
2967 nettle-meta.h, more consistent declarations of function pointer
2969 * testsuite/rsa-encrypt-test.c (test_main): Test rsa_decrypt_tr.
2970 Check for writes past the end of the message area.
2972 * Makefile.in (hogweed_SOURCES): Added pkcs1-decrypt.c.
2973 * rsa-decrypt.c (rsa_decrypt): Use pkcs1_decrypt.
2974 * pkcs1-decrypt.c (pkcs1_decrypt): New file and function,
2975 extracted from rsa_decrypt.
2977 2012-04-01 Niels Möller <nisse@lysator.liu.se>
2979 * salsa20.c (LE_SWAP32): Typo fix for big-endian case.
2980 (QROUND): New macro.
2981 (salsa20_hash): Use it.
2983 2012-03-31 Niels Möller <nisse@lysator.liu.se>
2985 * salsa20.c: (salsa20_set_iv): Deleted size argument, only one
2987 (U8TO32_LITTLE): Deleted macro. Use LE_READ_UINT32 instead, which
2988 avoids unaligned reads.
2989 (salsa20_set_key): Rearranged slightly, to avoid unnecessary
2990 byte-to-word conversions.
2992 (LE_SWAP32): Renamed macro from...
2993 (U32TO32_LITTLE): ... old name.
2994 (U32TO8_LITTLE): Deleted macro.
2995 (salsa20_wordtobyte): Renamed function to...
2996 (salsa20_hash): ... new name. Changed output argument from byte
2997 array to word array. Use memxor3, which brings a considerable
3000 * nettle-internal.c (salsa20_set_key_hack): Updated salsa20_set_iv
3002 * testsuite/salsa20-test.c (test_salsa20): Deleted iv_length
3003 argument, updated all calls.
3005 * salsa20.h (SALSA20_BLOCK_SIZE): New constant.
3006 (_SALSA20_INPUT_LENGTH): New constant.
3007 * salsa20.c: Use these constants.
3009 * salsa20.c (ROTL32): Deleted macro, use the one from macros.h
3010 instead, with reversed order of arguments.
3011 (ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
3012 builtin operators directly.
3014 Unification of rotation macros.
3015 * macros.h (ROTL32): New macro, to replace (almost) all other
3018 * aes-set-encrypt-key.c: Include macros.h.
3019 (aes_set_encrypt_key): Use ROTL32.
3020 * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
3022 * camellia-internal.h (ROL32): Deleted macro.
3023 (ROTL128): Renamed for consistency, from...
3024 (ROL128): ... old name.
3025 * camellia-crypt-internal.c: Updated for renamed rotation macros.
3026 * camellia-set-encrypt-key.c: Likewise.
3027 * cast128.c (ROL): Deleted macro.
3028 (F1, F2, F3): Updated to use ROTL32 (reversed order of arguments).
3029 Also added proper do { ... } while (0) wrappers.
3031 * ripemd160-compress.c (ROL32): Deleted macro.
3032 (R): Updated to use ROTL32 (reversed order of arguments).
3034 * serpent-internal.h (ROL32): Deleted macro.
3035 (ROTL64): Renamed (from ROL64) and reorderd arguments, for
3037 (RSHIFT64): Reordered arguments, for consistency.
3038 * serpent-decrypt.c: Updated for renamed rotation macros, with
3039 reversed argument order.
3040 * serpent-encrypt.c: Likewise.
3041 * serpent-set-key.c: Likewise.
3043 * sha1-compress.c (ROTL): Deleted macro, use ROTL32 instead.
3045 * sha256-compress.c (ROTR): Deleted macro. Replaced by ROTL32,
3046 with complemented shift count.
3047 (SHR): Deleted macro, use plain shift operator instead.
3049 * sha512-compress.c (ROTR): Deleted macro, replaced by...
3050 (ROTL64): ...new macro, with complemented shift count
3051 (SHR): Deleted macro, use plain shift operator instead.
3052 (S0, S1, s0, s1): Updated accordingly.
3054 2012-03-30 Niels Möller <nisse@lysator.liu.se>
3056 * nettle-internal.c (nettle_salsa20): Cipher struct for
3057 benchmarking only. Sets a fix zero IV, and ignores block size.
3058 * nettle-internal.h (nettle_salsa20): Declare it.
3060 * examples/nettle-benchmark.c (block_cipher_p): New function.
3061 (time_cipher): Use block_cipher_p.
3062 (main): Include salsa20 in benchmark.
3064 * Makefile.in (soname link): Fixed logic.
3065 (nettle_SOURCES): Removed nettle-internal.c, so that it's not
3066 part of the library...
3067 (internal_SOURCES): ...and put it here.
3068 * testsuite/Makefile.in (TEST_OBJS): Added ../nettle-internal.o.
3069 * examples/Makefile.in (BENCH_OBJS): New variable, to simplify the
3070 nettle-benchmark rule. Also link with ../nettle-internal.o.
3072 2012-03-29 Niels Möller <nisse@lysator.liu.se>
3074 Implementation of Salsa20, contributed by Simon Josefsson.
3075 * salsa20.h: New file.
3076 * salsa20.c: New file.
3077 * Makefile.in (nettle_SOURCES): Added salsa20.c
3078 (HEADERS): Added salsa20.h.
3079 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added salsa20-test.c.
3080 * testsuite/salsa20-test.c: New test case.
3082 * Makefile.in (soname links): Adding missing space before ].
3084 2012-03-23 Niels Möller <nisse@lysator.liu.se>
3086 * arcfour.h (arcfour_stream): Deleted obsolete prototype.
3088 2012-03-05 Niels Möller <nisse@lysator.liu.se>
3090 * configure.ac (enable_shared): Build shared libraries by default.
3092 2012-03-04 Niels Möller <nisse@lysator.liu.se>
3094 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.4.
3095 (LIBHOGWEED_MINOR): And to 2.2.
3097 2012-02-27 Niels Möller <nisse@lysator.liu.se>
3099 * list-obj-sizes.awk: Recognize elf64 objects.
3101 * Makefile.in (.texinfo.dvi): Pass -b option to texi2dvi.
3103 * Makefile.in (TARGETS): Added twofishdata.
3104 (SOURCES): Added twofishdata.c.
3105 (twofishdata): New rule.
3107 * twofish.c (q0, q1): Made const, and reformatted to match the
3108 twofishdata program.
3110 * twofishdata.c: Resurrected old file. Used to be called
3111 generate_q.c, when the twofish code was contributed back in 1999.
3113 * nettle.texinfo: Documentation for base16 and base64 encoding.
3114 Text contributed by Jeronimo Pellegrini
3115 <pellegrini@mpcnet.com.br>, back in April 2006.
3117 2012-02-18 Niels Möller <nisse@lysator.liu.se>
3119 * run-tests, getopt.c, getopt1.c, getopt.h: These files were moved
3120 to the top-level in the conversion to an independent git
3121 repository. They used to be symlinks to lsh files, from the
3122 subdirectories which use them.
3124 * Makefile.in: Build and distribute getopt files. Distribute
3126 * examples/Makefile.in: Adapt to getopt files and the run-tests
3127 script now located in the parent directory.
3128 * testsuite/Makefile.in: Likewise.
3129 * tools/Makefile.in: Likewise.
3131 * index.html: Converted to xhtml (from lsh repository, change
3132 dated 2012-02-03). Updated git instructions.
3134 * nettle.texinfo: Updated charset declaration.
3135 * misc/plan.html: Likewise.
3137 2012-01-17 Niels Möller <nisse@lysator.liu.se>
3139 * testsuite/Makefile.in (DISTFILES): Added setup-env.
3141 * examples/rsa-decrypt.c (main): Use _setmode rather than setmode,
3142 suggested by Eli Zaretskii. Affects windows builds only.
3143 * examples/rsa-encrypt.c: Likewise.
3145 * Makefile.in ($(LIBNETTLE_FORLINK)): Always create a .lib symlink
3146 to the library file. Use LN_S.
3147 ($(LIBHOGWEED_FORLINK)): Likewise.
3149 (install-shared-nettle): Use LN_S.
3150 (install-shared-hogweed): Likewise.
3152 * configure.ac: Use AC_PROG_LN_S.
3153 * config.make.in (LN_S): New substitution.
3155 * testsuite/setup-env: New file. Wine workaround. Can't get
3156 ../.lib into wine's dll search path, so create additional
3158 * testsuite/teardown-env: ...and delete them here. Also delete
3160 * examples/setup-env: Similar links setup here.
3161 * examples/teardown-env: ... and deleted.
3163 2012-01-07 Niels Möller <nisse@lysator.liu.se>
3165 * examples/Makefile.in (check): Add ../.lib to PATH, like in
3166 testsuite/Makefile. Needed for w*ndows. Reported by Eli Zaretskii.
3168 2011-11-25 Niels Möller <nisse@lysator.liu.se>
3170 From Martin Storsjö:
3171 * x86_64/machine.m4 (W64_ENTRY, W64_EXIT): New macros for
3173 * x86_64: Updated all assembly files to use them.
3175 * configure.ac (W64_ABI): New variable, set when compiling for
3176 W64 ABI (64-bit M$ windows).
3177 * config.m4.in (W64_ABI): Define, from configure substitution.
3179 2011-11-24 Niels Möller <nisse@lysator.liu.se>
3181 From Martin Storsjö:
3182 * examples/Makefile.in (check): Pass $(EMULATOR) and $(EXEEXT) in
3183 the environment of run-tests.
3184 * examples/rsa-encrypt-test: Use $EXEEXT and $EMULATOR.
3185 * examples/rsa-sign-test: Likewise.
3186 * examples/rsa-verify-test: Likewise.
3187 * examples/setup-env: Likewise.
3189 * testsuite/Makefile.in (check): Pass $(EXEEXT) in the environment of
3191 * testsuite/pkcs1-conv-test: Use $EXEEXT and $EMULATOR. Ignore \r
3194 * examples/rsa-decrypt.c (main) [WIN32]: Set stdout/stdin to
3196 * examples/rsa-encrypt.c (main): Likewise.
3198 2011-11-24 Niels Möller <nisse@lysator.liu.se>
3200 * configure.ac (HAVE_NATIVE_64_BIT): Workaround to get it set to 1
3203 * serpent-internal.h (ROL64): Use (uint64_t) 1 rather than 1L, for
3205 (RSHIFT64): Likewise. Also added a missing parenthesis.
3207 2011-11-24 Niels Möller <nisse@lysator.liu.se>
3209 From Martin Storsjö:
3210 * testsuite/symbols-test: Use $NM, falling back to nm if undefined.
3211 * testsuite/Makefile.in (check): Pass $(NM) in the environment of
3213 * config.make.in (NM): Set NM.
3215 * testsuite/sexp-conv-test: Use $EMULATOR when running test
3216 programs. Also ignore \r for output in the non-canonical output
3218 * testsuite/Makefile.in (check): Pass $(EMULATOR) in the
3219 environment of run-tests.
3220 * configure.ac (EMULATOR): New substituted variable. Set to wine
3221 or wine64 when cross compiling for windows, otherwise empty.
3222 * config.make.in (EMULATOR): Set from autoconf value.
3224 2011-11-20 Niels Möller <nisse@lysator.liu.se>
3226 * x86/camellia-crypt-internal.asm: Take ALIGNOF_UINT64_T into
3227 account when getting the offset for the subkeys. Differs between
3228 w32 and other systems. w32 problem identified by Martin Storsjö.
3230 * config.m4.in: Define ALIGNOF_UINT64_T (from configure).
3232 * configure.ac: Check alignment of uint64_t, and also use AC_SUBST
3233 for use in config.m4.in.
3235 2011-11-19 Niels Möller <nisse@lysator.liu.se>
3237 Cygwin/mingw32 improvements contributed by Martin Storsjö:
3238 * Makefile.in (IMPLICIT_TARGETS): New variable for DLL link
3240 (clean-here): Delete the DLL import libraries.
3242 * configure.ac: Setup installation of DLL files in $bindir.
3243 (IF_DLL, LIBNETTLE_FILE_SRC, LIBHOGWEED_FILE_SRC): New
3246 * config.make.in (LIBNETTLE_FILE_SRC): Substitute new autoconf
3248 (LIBHOGWEED_FILE_SRC): Likewise.
3250 * Makefile.in (install-dll-nettle, uninstall-dll-nettle): New
3251 target for installing the DLL file in $bindir.
3252 (install-shared-nettle): Conditionally
3253 depend on install-dll-nettle. Use LIBNETTLE_FILE_SRC.
3254 (uninstall-shared-nettle): Conditionally depend on
3256 (various hogweed targets): Analogous changes.
3258 * configure.ac: Unify shared lib setup for cygwin and mingw.
3260 2011-10-31 Niels Möller <nisse@lysator.liu.se>
3262 * configure.ac (LIBHOGWEED_LIBS): Typo fix for the darwin case.
3263 Spotted by Martin Storsjö.
3265 2011-10-25 Niels Möller <nisse@lysator.liu.se>
3267 * configure.ac (LIBHOGWEED_LIBS): cygwin fix, added
3268 libnettle.dll.a. Reported by Volker Zell.
3270 2011-10-18 Niels Möller <nisse@lysator.liu.se>
3272 * configure.ac: Improved setup för darwin shared libraries.
3273 Patch contributed by Ryan Schmidt.
3275 2011-10-03 Niels Möller <nisse@lysator.liu.se>
3277 * x86_64/memxor.asm: Implemented sse2-loop. Configured at compile
3278 time, and currently disabled.
3280 * testsuite/testutils.h (ASSERT): Write message to stderr.
3282 * testsuite/memxor-test.c: Use 16-byte alignment for "fully
3285 2011-09-03 Niels Möller <nisse@lysator.liu.se>
3287 * x86/camellia-crypt-internal.asm: Use "l"-suffix on instructions
3288 more consistently. Reportedly, freebsd and netbsd systems with
3289 clang are more picky about this.
3291 * configure.ac: Changed version number to 2.5.
3293 * Released nettle-2.4.
3295 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.3.
3297 * gcm-aes.c: Include config.h.
3298 * tools/nettle-lfib-stream.c: Likewise.
3300 * ripemd160-compress.c: Added missing include of config.h. Needed
3301 for correct operation on big-endian systems.
3303 2011-09-02 Niels Möller <nisse@amfibolit.hack.org>
3305 * configure.ac: Changed version number to 2.4.
3307 * Released nettle-2.3.
3309 2011-08-30 Niels Möller <nisse@lysator.liu.se>
3311 * testsuite/hmac-test.c: Added tests for hmac-ripemd160.
3313 * hmac.h: Declare hmac-ripemd160 related functions.
3315 * Makefile.in (nettle_SOURCES): Added hmac-ripemd160.c.
3317 2011-08-30 Niels Möller <nisse@amfibolit.hack.org>
3319 * nettle.texinfo (Hash functions): Document ripemd-160.
3321 * hmac-ripemd160.c: New file.
3323 * hmac.h: Declare hmac-ripemd160 functions.
3325 2011-08-29 Niels Möller <nisse@lysator.liu.se>
3327 * sha256.c (sha256_update): Updated MD_UPDATE call for new
3329 (sha256_write_digest): Use MD_PAD rather than MD_FINAL, and insert
3330 the length manually.
3331 * sha512.c: Analogous changes.
3333 * sha1.c (COMPRESS): New macro.
3334 (sha1_update): Updated MD_UPDATE call for new conventions.
3335 (sha1_digest): Use MD_PAD rather than MD_FINAL, and insert the
3338 * ripemd160.c (ripemd160_init): Use memcpy for initializing the
3340 (COMPRESS): New macro.
3341 (ripemd160_update): Use MD_UPDATE.
3342 (ripemd160_digest): Inline ripemd160_final processing. Use MD_PAD
3343 and _nettle_write_le32.
3344 (ripemd160_final): Deleted function.
3346 * ripemd160.h (struct ripemd160_ctx): Use a 64-bit block count.
3347 Renamed digest to state.
3349 * md5.c (md5_init): Use memcpy for initializing the state vector.
3350 (COMPRESS): New macro, wrapping _nettle_md5_compress.
3351 (md5_update): Use MD_UPDATE.
3352 (md5_digest): Inline md5_final processing. Use MD_PAD and
3354 (md5_final): Deleted.
3356 * md5.h (struct md5_ctx): Renamed some fields, for consistency.
3358 * md4.h (struct md4_ctx): Renamed some fields, for consistency.
3360 * md4.c (md4_init): Use memcpy for initializing the state vector.
3361 (md4_update): Use MD_UPDATE.
3362 (md4_digest): Inline md4_final processing, using MD_PAD. Use
3364 (md4_block): Renamed, to...
3365 (md4_compress): ... new name. Take ctx pinter as argument.
3366 (md4_final): Deleted function.
3368 * md2.c (md2_update): Use MD_UPDATE.
3370 * macros.h (MD_UPDATE): Added incr argument. Invoke compression
3371 function with ctx pointer as argument, rather than ctx->state.
3372 (MD_FINAL): Just pad, don't store length field. Renamed to MD_PAD.
3373 (MD_PAD): Analogous change of compression invocations.
3375 * sha512.c: (COMPRESS): New macro wrapping _nettle_sha512_compress.
3376 (sha512_update): Use MD_UPDATE.
3377 (sha512_final): Deleted function.
3378 (sha512_write_digest): Use MD_FINAL.
3380 * sha256.c (COMPRESS): New macro wrapping _nettle_sha256_compress.
3381 (SHA256_INCR): Deleted macro.
3382 (sha256_update): Use MD_UPDATE.
3383 (sha256_final): Deleted function.
3384 (sha256_write_digest): New function, replacing sha256_final, and
3386 (sha256_digest): Use sha256_write_digest.
3387 (sha224_digest): Likewise.
3389 * tools/nettle-hash.c (list_algorithms): Fixed typo in header.
3391 * sha1.c (SHA1_DATA_LENGTH): Deleted unused macro.
3392 (sha1_init): Use memcpy to initialize the state vector.
3393 (SHA1_INCR): Deleted macro.
3394 (sha1_update): Use MD_UPDATE macro, to reduce code duplication.
3395 (sha1_digest): Use MD_FINAL macro.
3396 (sha1_final): Deleted function.
3398 * sha.h (struct sha1_ctx): Renamed attribute digest to state.
3400 * macros.h (MD_UPDATE): New macro.
3401 (MD_FINAL): New macro.
3403 2011-08-28 Niels Möller <nisse@lysator.liu.se>
3405 * ripemd160.c (ripemd160_final): Use LE_WRITE_UINT32. Deleted byte
3406 swapping at the end, leaving it to ripemd160_digest.
3407 (ripemd160_digest): Use _nettle_write_le32.
3409 * Makefile.in (nettle_SOURCES): Added write-le32.c.
3411 * md5.c (md5_digest): Use _nettle_write_le32.
3413 * write-le32.c (_nettle_write_le32): New file and function.
3415 * ripemd160-compress.c (ROL32): Renamed macro (was "rol"). Deleted
3416 x86 version using inline assembly; at least gcc-4.4.5 recognizes
3417 shift-and-or expressions which are in fact rotations.
3418 (_nettle_ripemd160_compress): Use LE_READ_UINT32.
3420 * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.2.
3422 * testsuite/meta-hash-test.c: Updated for the addition of
3425 * testsuite/.test-rules.make: Added rule for ripemd160-test.
3427 * examples/nettle-benchmark.c (main): Benchmark ripemd-160.
3429 2011-08-28 Niels Möller <nisse@lysator.liu.se>
3431 RIPEMD-160 hash function. Ported from libgcrypt by Andres Mejia.
3432 * testsuite/ripemd160-test.c: New file.
3433 * ripemd160.h: New file.
3434 * nettle-meta.h: Declare nettle_ripemd160.
3435 * ripemd160.c: New file, ported from libgcrypt.
3436 * ripemd160-compress.c: Likewise.
3437 * ripemd160-meta.c: New file.
3438 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
3440 * nettle-meta-hashes.c (nettle_hashes): Added nettle_ripemd160.
3441 * Makefile.in (nettle_SOURCES): Added ripemd160.c,
3442 ripemd160-compress.c, and ripemd160-meta.c.
3443 (HEADERS): Added ripemd160.h.
3445 2011-08-10 Niels Möller <nisse@amfibolit.hack.org>
3447 * nettle.texinfo: Fixed mis-placed const in various prototypes.
3448 Spotted by Tatsuhiro Tsujikawa.
3450 2011-07-24 Niels Möller <nisse@lysator.liu.se>
3452 * Makefile.in (PKGCONFIG_FILES, pkgconfigdir): New variables.
3453 (DISTFILES): Added nettle.pc.in and hogweed.pc.in.
3454 (nettle.pc, hogweed.pc): New targets (invoking config.status).
3455 (install-pkgconfig, uninstall-pkgconfig): New targets.
3456 (install-here): Depend on install-pkgconfig.
3457 (uninstall-here): Depend on uninstall-pkgconfig.
3458 (distclean-here): Delete nettle.pc and hogweed.pc.
3460 2011-07-20 Niels Möller <nisse@lysator.liu.se>
3462 * configure.ac: Generate nettle.pc and hogweed.pc.
3464 * nettle.pc.in, hogweed.pc.in: New files.
3466 2011-07-17 Niels Möller <nisse@lysator.liu.se>
3468 * nettle-internal.h: Added missing extern declarations.
3470 2011-07-11 Niels Möller <nisse@lysator.liu.se>
3472 * configure.ac: Changed version number to 2.3.
3474 * Released nettle-2.2.
3476 * Makefile.in (DISTFILES): Distribute COPYING.LIB, not COPYING,
3478 2011-07-07 Niels Möller <nisse@lysator.liu.se>
3480 * tools/misc.h (werror): Removed incorrect noreturn attribute from
3483 * examples/io.c (read_file): Bug fix, in dependence of initial
3486 2011-07-01 Niels Möller <nisse@lysator.liu.se>
3488 * cbc.c (CBC_BUFFER_LIMIT): Reduced to 512 bytes.
3489 (cbc_decrypt): For in-place operation, use overlapping memxor3 and
3492 * ctr.c (ctr_crypt): Reorganized to call the encryption function
3493 with several blocks at a time. Handle the case of a single block
3496 * x86_64/memxor.asm: Added ALIGN for shifting loop. Deleted
3499 2011-06-30 Niels Möller <nisse@lysator.liu.se>
3501 * configure.ac: Link in serpent-decrypt.asm, if found.
3503 * x86_64/serpent-decrypt.asm: Added an SSE2 loop, doing four
3504 blocks at a time in parallel.
3506 * x86_64/serpent-encrypt.asm: Include serpent.m4. Deleted a
3509 * x86_64/serpent.m4: New file, with serpent-related macros.
3511 2011-06-29 Niels Möller <nisse@lysator.liu.se>
3513 * x86_64/serpent-decrypt.asm: Wrote main (32-bit) loop.
3514 (SBOX0I, SBOX1I, SBOX7I): Fixed bugs.
3516 * nettle.texinfo (Copyright): Updated for license change to
3517 LGPLv2+. Updated copyright info on serpent.
3519 * NEWS: Updated information for nettle-2.2.
3521 * x86_64/serpent-decrypt.asm: New file.
3523 * x86_64/serpent-encrypt.asm: Fixed .file pseudo op.
3525 * testsuite/testutils.c (test_cipher_ctr): Display more info on
3528 * examples/nettle-benchmark.c (bench_ctr): New function.
3529 (time_cipher): Also benchmark CTR mode.
3531 * configure.ac (LIBNETTLE_MINOR): Updated library version number
3533 (LIBHOGWEED_MINOR): And to 2.1.
3535 2011-06-22 Niels Möller <nisse@lysator.liu.se>
3537 * configure.ac: Use pwd -P when examining lib directories.
3538 Link in serpent-encrypt.asm, if found.
3540 2011-06-21 Niels Möller <nisse@lysator.liu.se>
3542 * serpent-decrypt.c (SBOX3_INVERSE): Eliminated temporaries.
3543 (SBOX4_INVERSE): Likewise.
3544 (SBOX5_INVERSE): Likewise.
3545 (SBOX6_INVERSE): Likewise.
3546 (SBOX7_INVERSE): Likewise.
3547 (All SBOX_INVERSE-macros): Deleted type argument, and updated users.
3549 2011-06-20 Niels Möller <nisse@lysator.liu.se>
3551 * serpent-decrypt.c: Renamed arguments in sbox macros.
3552 (SBOX0_INVERSE): Eliminated temporaries.
3553 (SBOX1_INVERSE): Likewise.
3554 (SBOX2_INVERSE): Likewise.
3556 * x86_64/serpent-encrypt.asm: Added an SSE2 loop, doing four
3557 blocks at a time in parallel.
3559 * testsuite/serpent-test.c (test_main): Added some more multiple
3562 2011-06-15 Niels Möller <nisse@lysator.liu.se>
3564 * configure.ac (libdir): On 64-bit Linux, we used to assume that
3565 libraries are installed according to the FHS. Since at least
3566 Fedora and Gentoo follow the FHS convention, while at least Debian
3567 doesn't, we have to try to figure out which convention is used.
3569 2011-06-14 Niels Möller <nisse@lysator.liu.se>
3571 * x86_64/serpent-encrypt.asm: Slight simplification of loop logic.
3573 * x86_64/serpent-encrypt.asm: New file.
3575 2011-06-12 Niels Möller <nisse@lysator.liu.se>
3577 * testsuite/serpent-test.c (test_main): Added tests with multiple
3580 * serpent-encrypt.c (SBOX6): Renamed arguments. Eliminated
3583 (All SBOX-macros): Deleted type argument, and updated users.
3585 * configure.ac: Display summary at the end of configure..
3586 (asm_path): Set only if enable_assember is yes.
3588 2011-06-10 Niels Möller <nisse@lysator.liu.se>
3590 * serpent-encrypt.c (SBOX5): Renamed arguments. Eliminated
3593 2011-06-09 Niels Möller <nisse@lysator.liu.se>
3595 * serpent-encrypt.c (SBOX4): Renamed arguments. Eliminated
3598 * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LINK): Cygwin fix, from
3601 2011-06-08 Niels Möller <nisse@lysator.liu.se>
3603 * examples/eratosthenes.c (find_first_one): Fixed c99-style
3604 declaration. Reported by Sebastian Reitenbach.
3605 (find_first_one): Declare the lookup table as static const, and
3606 use unsigned char rather than unsigned..
3608 2011-06-07 Niels Möller <nisse@lysator.liu.se>
3610 * serpent-encrypt.c (SBOX0): Renamed arguments. Eliminated
3616 2011-06-06 Niels Möller <nisse@lysator.liu.se>
3618 * Makefile.in (DISTFILES): Added serpent-internal.h.
3619 (nettle_SOURCES): Replaced serpent.c by serpent-set-key.c,
3620 serpent-encrypt.c, and serpent-decrypt.c.
3622 * serpent.c: Replaced by several new files.
3623 * serpent-set-key.c: New file.
3624 * serpent-encrypt.c: New file.
3625 * serpent-decrypt.c: New file.
3626 * serpent-internal.h: New file.
3628 * serpent.c [HAVE_NATIVE_64_BIT]: Process two blocks at a time in
3629 parallel. Measured speedup of 10%--25% (higher for encryption) on
3632 2011-06-01 Niels Möller <nisse@lysator.liu.se>
3634 * serpent.c (ROUNDS): Deleted macro.
3635 (serpent_block_t): Deleted array typedef.
3636 (KEYXOR): New macro, replacing BLOCK_XOR.
3637 (BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
3638 (LINEAR_TRANSFORMATION): Use four separate arguments.
3639 (LINEAR_TRANSFORMATION_INVERSE): Likewise.
3640 (ROUND): Take separate arguments for all input and output words.
3641 (ROUND_INVERSE): Likewise.
3642 (ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
3643 (serpent_set_key): Moved loop termination test.
3644 (serpent_encrypt): Rewrote with unrolling of just eight rounds,
3645 and without serpent_block_t.
3646 (serpent_decrypt): Likewise.
3648 * serpent.c: Added do { ... } while (0) around block macros.
3649 (serpent_key_t): Deleted array typedef.
3650 (ROL32, ROR32): Renamed macros, were rol and ror.
3651 (KS_RECURRENCE, KS): New macros.
3652 (serpent_key_pad): Renamed, from...
3653 (serpent_key_prepare): ...old name.
3654 (serpent_subkeys_generate): Deleted function.
3655 (serpent_set_key): Rewrote the generation of subkeys. Reduced both
3656 temporary storage and code size (less unrolling)
3658 2011-05-31 Niels Möller <nisse@lysator.liu.se>
3660 * testsuite/serpent-test.c (test_main): Enabled test with short,
3663 * serpent.c (byte_swap_32): Deleted macro.
3664 (serpent_key_prepare): Use LE_READ_UINT32. Don't require aligned
3665 input, and support arbitrary key sizes.
3667 2011-05-30 Simon Josefsson <simon@josefsson.org>
3669 * serpent.c: Rewrite, based on libgcrypt code. License changed
3671 * serpent_sboxes.h: Removed.
3672 * Makefile.in: Drop serpent_sboxes.h.
3674 2011-05-31 Niels Möller <nisse@lysator.liu.se>
3676 * testsuite/serpent-test.c (test_main): Added some tests for
3677 padding of keys of length which is not a multiple of four bytes.
3679 2011-05-30 Simon Josefsson <simon@josefsson.org>
3681 * testsuite/serpent-test.c (test_main): Add test vectors from
3684 2011-05-21 Niels Möller <nisse@lysator.liu.se>
3686 * dsa-keygen.c (dsa_generate_keypair): Avoid double init of mpz
3687 variable. Spotted by Nikos Mavrogiannopoulos.
3689 2011-05-06 Niels Möller <nisse@lysator.liu.se>
3691 * configure.ac: Fix link flags for shared libraries on Solaris,
3692 which needs -h to set the soname. Patch contributed by Dagobert
3695 2011-05-06 Niels Möller <nisse@lysator.liu.se>
3697 * configure.ac: New configure option --enable-gcov.
3699 * arcfour.h (arcfour_stream): Deleted obsolete define.
3701 2011-04-27 Niels Möller <nisse@lysator.liu.se>
3703 * tools/nettle-hash.c (find_algorithm): Require exact match.
3705 2011-04-15 Niels Möller <nisse@lysator.liu.se>
3707 Reverted broken byte-order change from 2001-06-17:
3708 * serpent.c (serpent_set_key): Use correct byteorder.
3709 (serpent_encrypt): Likewise.
3710 (serpent_decrypt): Likewise.
3712 * testsuite/serpent-test.c (decode_hex_reverse): New function.
3713 (RH, RHL): New macros.
3714 (test_main): Byte reverse inputs and outputs for the testvectors
3715 taken from the serpent submission package. Enable test vectors
3716 from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
3718 2011-03-23 Niels Möller <nisse@lysator.liu.se>
3720 * tools/sexp-conv.c (xalloc): Deleted function, now it's in misc.c
3723 * configure.ac: Use LSH_FUNC_STRERROR.
3725 * tools/Makefile.in (TARGETS): Added nettle-hash, and related
3727 (SOURCES): Added nettle-hash.c.
3729 * tools/misc.c (xalloc): New function.
3731 * tools/pkcs1-conv.c (main): Made the OPT_* constants local, and
3732 fixed numerical values to start with non-ASCII 0x300.
3734 * tools/nettle-hash.c: New file.
3736 2011-03-23 Niels Möller <nisse@lysator.liu.se>
3738 Contributed by Daniel Kahn Gillmor:
3739 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
3740 meta-hash-test.c, meta-cipher-test.c, and meta-armor-test.c.
3742 * testsuite/meta-hash-test.c: New file.
3743 * testsuite/meta-cipher-test.c: New file.
3744 * testsuite/meta-armor-test.c: New file.
3746 * nettle.texinfo: Document nettle_hashes and nettle_ciphers.
3748 * nettle-meta.h: Declare algorithm lists nettle_ciphers,
3749 nettle_hashes, nettle_armors.
3751 * Makefile.in (nettle_SOURCES): Added nettle-meta-hashes.c,
3752 nettle-meta-ciphers.c, and nettle-meta-armors.c.
3754 * nettle-meta-armors.c: New file.
3755 * nettle-meta-ciphers.c: New file.
3756 * nettle-meta-hashes.c: New file.
3758 2011-02-18 Niels Möller <nisse@lysator.liu.se>
3760 * arcfour.c (arcfour_stream): Deleted function. It's not very
3761 useful, and neither documented nor tested.
3763 2011-02-16 Niels Möller <nisse@lysator.liu.se>
3765 * cbc.h (CBC_ENCRYPT): Avoid using NULL; we don't ensure that it
3767 (CBC_DECRYPT): Likewise.
3769 * gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
3770 (gcm_aes_set_key): Deleted cast.
3771 (gcm_aes_encrypt): Likewise.
3772 (gcm_aes_decrypt): Likewise.
3773 (gcm_aes_digest): Likewise.
3774 (gcm_aes_update): One less argument to GCM_UPDATE.
3776 * gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
3777 compiler type checking despite this cast.
3778 (GCM_ENCRYPT): Likewise.
3779 (GCM_DECRYPT): Likewise.
3780 (GCM_DIGEST): Likewise.
3781 (GCM_SET_IV): New macro, for completeness.
3782 (GCM_UPDATE): Deleted unused argument encrypt.
3784 2011-02-14 Niels Möller <nisse@lysator.liu.se>
3786 * nettle.texinfo: Split node on cipher modes, and started on
3787 the GCM documentation.
3789 * testsuite/gcm-test.c (test_gcm_aes): Deleted function, replaced
3791 (test_main): Use test_aead.
3793 * testsuite/testutils.c (test_aead): New function, replacing
3794 test_gcm_aes and before that test_cipher_gcm.
3796 * nettle-internal.c (nettle_gcm_aes128): New const struct.
3797 (nettle_gcm_aes192): Likewise.
3798 (nettle_gcm_aes256): Likewise.
3800 * nettle-internal.h (struct nettle_aead): Tentative interface for
3801 authenticated encryption with associated data.
3803 * examples/nettle-benchmark.c (time_gcm): Renamed. Updated for
3804 gcm_aes_auth to gcm_aes_update renaming. Benchmark both encryption
3806 (time_gmac): ...old name.
3808 * nettle-internal.c (des_set_key_hack): Don't touch the bits
3809 parity, since thay are now ignored.
3810 (des3_set_key_hack): Likewise.
3812 * cast128-meta.c (nettle_cast128): Don't pass keysize.
3813 * nettle-meta.h (_NETTLE_CIPHER_FIX): Deleted keysize parameter
3814 derived from the appropriate constant instead.
3816 * testsuite/gcm-test.c (test_gcm_aes): Updated for gcm_aes_auth to
3817 gcm_aes_update renaming.
3819 2011-02-13 Niels Möller <nisse@lysator.liu.se>
3821 * gcm.h (GCM_UPDATE): Renamed, from...
3822 (GCM_AUTH): ...old name.
3824 * gcm-aes.c (gcm_aes_update): Renamed, from...
3825 (gcm_aes_auth): ...old name.
3827 * gcm.c (gcm_update): Renamed, and fixed an assert. From...
3828 (gcm_auth): ...old name.
3830 * gcm.h (GCM_TABLE_BITS): Increase table size to 8 bits,
3831 corresponding to 4 KByte of key-dependent tables.
3833 2011-02-10 Niels Möller <nisse@lysator.liu.se>
3835 * x86_64/memxor.asm: New file. Improves performance by 22% for the
3836 unaligned01 case and 35% for the unaligned12 case, benchmarked on
3839 * examples/nettle-benchmark.c (cgt_works_p): New function.
3840 (cgt_time_start): Likewise.
3841 (cgt_time_end): Likewise.
3842 (clock_time_start): Likewise.
3843 (clock_time_end): Likewise.
3844 (time_function): Read clock via function pointers time_start and
3845 time_end, so we can select method at runtime.
3846 (xalloc): Use die function.
3847 (main): Choose timing function. If available, try clock_gettime,
3848 and fall back to clock if it doesn't exist.
3850 * examples/nettle-benchmark.c (die): New function.
3851 (TIME_END, TIME_START): Check return value from clock_gettime.
3853 * gcm.h (union gcm_block): Use correct length for w array.
3855 * testsuite/gcm-test.c (test_main): Added the rest of the
3856 testcases from the spec.
3858 2011-02-09 Niels Möller <nisse@lysator.liu.se>
3860 * testsuite/gcm-test.c (test_main): Enabled testcases 5 and 6,
3861 with different IV lengths.
3863 * gcm-aes.c (gcm_aes_set_iv): Updated for gcm_set_iv change.
3865 * gcm.c (gcm_hash_sizes): New function.
3866 (gcm_set_iv): Added support for IVs of arbitrary size. Needed
3867 another argument, for the hash subkey.
3868 (gcm_digest): Use gcm_hash_sizes.
3870 * examples/nettle-benchmark.c (time_gmac): Use gcm_aes interface.
3872 * testsuite/gcm-test.c (test_gcm_aes): New function, replacing
3873 test_cipher_gcm and using the new gcm_aes interface.
3874 (test_main): Updated to use test_gcm_aes.
3875 * testsuite/testutils.c (test_cipher_gcm): Deleted function.
3877 * Makefile.in (nettle_SOURCES): Added gcm-aes.c.
3879 * gcm.c (gcm_set_key): Replaced context argument by a struct
3881 (gcm_hash): Replaced context argument by a struct gcm_key * and a
3882 pointer to the hashing state block.
3883 (gcm_auth): Added struct gcm_key * argument.
3884 (gcm_encrypt): Likewise.
3885 (gcm_decrypt): Likewise.
3886 (gcm_digest): Likewise.
3888 * gcm-aes.c: New file.
3889 (gcm_aes_set_key): New function.
3890 (gcm_aes_set_iv): Likewise.
3891 (gcm_aes_auth): Likewise.
3892 (gcm_aes_encrypt): Likewise.
3893 (gcm_aes_decrypt): Likewise.
3894 (gcm_aes_digest): Likewise.
3896 * gcm.h (struct gcm_key): Moved the key-dependent and
3897 message-independent state to its own struct.
3898 (struct gcm_ctx): ... and removed it here.
3899 (GCM_CTX): New macro.
3900 (GCM_SET_KEY): Likewise.
3901 (GCM_AUTH): Likewise.
3902 (GCM_ENCRYPT): Likewise.
3903 (GCM_DECRYPT): Likewise.
3904 (GCM_DIGEST): Likewise.
3905 (struct gcm_aes_ctx): New struct.
3907 2011-02-08 Niels Möller <nisse@lysator.liu.se>
3909 * gcm.h (struct gcm_ctx): The hash key is now always an array,
3910 named h, with array size depending on GCM_TABLE_BITS.
3911 * gcm.c (gcm_gf_shift): Added a separate result argument.
3912 (gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
3913 0. Simplified interface with just two arguments pointing to
3915 (gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
3916 (gcm_gf_shift_chunk): ... old name.
3917 (gcm_gf_mul): Renamed both table-based versions and made the
3918 argument types compatible with the bitwise gcm_gf_mul.
3919 (gcm_gf_mul_chunk): ... the old name.
3920 (gcm_set_key): Initialize the table using adds and shifts only.
3921 When GCM_TABLE_BITS > 0, this eliminates the only use of the
3922 bitwise multiplication.
3923 (gcm_hash): Simplified, now that we have the same interface for
3924 gcm_gf_mul, regardless of table size.
3926 * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
3927 (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
3928 e.g., sparc64. For both 4-bit and 8-bit tables.
3930 * gcm.c: Use the new union gcm_block for all gf operations.
3932 * gcm.h (union gcm_block): New union, used to enforce alignment.
3934 2011-02-07 Niels Möller <nisse@lysator.liu.se>
3936 * gcm.c (gcm_gf_shift_chunk) : Bug fix for little-endian 8-bit
3939 * gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
3940 (gcm_gf_add): New function, a special case of memxor. Use it for
3941 all memxor calls with word-aligned 16 byte blocks. Improves
3942 performance to 152 cycles/byte with no tables, 28 cycles per byte
3943 with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
3945 Introduced 8-bit tables. If enabled, gives gmac performance of 19
3946 cycles per byte (still on intel x86_64).
3947 * gcm.c (gcm_gf_shift_chunk): New implementation for 8-bit tables.
3948 (gcm_gf_mul_chunk): Likewise.
3949 (gcm_set_key): Generate 8-bit tables.
3951 * Makefile.in (SOURCES): Added gcmdata.c.
3953 * gcm.h (GCM_TABLE_BITS): Set to 4.
3955 2011-02-06 Niels Möller <nisse@lysator.liu.se>
3957 * Makefile.in (TARGETS): Added gcmdata.
3958 (gcmdata): New rule.
3960 Introduced 4-bit tables. Gives gmac performance of 45 cycles per
3961 byte (still on intel x86_64).
3962 * gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
3963 (gcm_rightshift): ... old name.
3964 (gcm_gf_mul): New argument for the output. Added length argument
3965 for one of the inputs (implicitly padding with zeros).
3966 (shift_table): New table (in 4-bit and 8-bit versions), generated
3968 (gcm_gf_shift_chunk): New function shifting 4 bits at
3970 (gcm_gf_mul_chunk): New function processing 4 bits at a time.
3971 (gcm_set_key): Generation of 4-bit key table.
3972 (gcm_hash): Use tables, when available.
3974 * gcmdata.c (main): New file.
3976 * gcm.c (gcm_rightshift): Moved the reduction of the shifted out
3978 (gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
3979 performance to 181 cycles/byte.
3981 * gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
3982 specification, but with separate byte and bit loops. Improves gmac
3983 performance a bit further, to 227 cycles/byte.
3985 * gcm.c (gcm_rightshift): Complete rewrite, to use word rather
3986 than byte operations. Improves gmac performance from 830 cycles /
3987 byte to (still poor) 268 cycles per byte on intel x86_64.
3989 2011-02-05 Niels Möller <nisse@lysator.liu.se>
3991 * examples/nettle-benchmark.c (time_gmac): New function.
3992 (main): Call time_gmac.
3994 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
3996 * testsuite/testutils.c (test_cipher_gcm): New function,
3997 contributed by Nikos Mavrogiannopoulos.
3999 * testsuite/gcm-test.c: New file, contributed by Nikos
4002 * Makefile.in (nettle_SOURCES): Added gcm.c.
4003 (HEADERS): Added gcm.h.
4005 * gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
4006 * gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
4008 * macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
4010 * ctr.c: Use INCREMENT macro from macros.h, deleted local version.
4012 2011-01-07 Niels Möller <nisse@lysator.liu.se>
4014 * testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
4015 where w*ndows looks for dlls.
4017 * testsuite/testutils.c (test_cipher_stream): More debug output on
4020 2010-12-14 Niels Möller <nisse@lysator.liu.se>
4022 * nettle-types.h: Deleted some unnecessary parenthesis from
4024 (nettle_realloc_func): Moved typedef here...
4025 * realloc.h: ...from here.
4027 * buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
4028 for realloc argument.
4030 2010-12-07 Niels Möller <nisse@lysator.liu.se>
4032 * nettle.texinfo (Copyright): Updated info on blowfish.
4034 2010-11-26 Niels Möller <nisse@lysator.liu.se>
4036 Reapplied optimizations (150% speedup on x86_32) and other fixes,
4037 relicensing them as LGPL.
4038 * blowfish.c (do_encrypt): Renamed, to...
4039 (encrypt): ...new name.
4040 (F): Added context argument. Shift input explicitly, instead of
4041 reading individual bytes via memory.
4042 (R): Added context argument.
4043 (encrypt): Deleted a bunch of local variables. Using the context
4044 pointer for everything should consume less registers.
4045 (decrypt): Likewise.
4046 (initial_ctx): Arrange constants into a struct, to simplify key
4048 (blowfish_set_key): Some simplification.
4050 2010-11-26 Simon Josefsson <simon@josefsson.org>
4052 * blowfish.c: New version ported from libgcrypt. License changed
4055 2010-11-25 Niels Möller <nisse@lysator.liu.se>
4057 * Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
4058 clears the execute permission bits.
4059 (install-shared-hogweed): Likewise.
4061 2010-11-16 Niels Möller <nisse@lysator.liu.se>
4063 * configure.ac: Updated gmp url.
4065 2010-11-01 Niels Möller <nisse@lysator.liu.se>
4067 * tools/misc.c (werror): Don't call exit (copy&paste-error).
4069 2010-10-26 Niels Möller <nisse@lysator.liu.se>
4071 * examples/rsa-encrypt.c (main): No extra message for bad options.
4073 * examples/rsa-keygen.c (main): Added long options. Deleted -?,
4074 and fixed handling of bad options.
4076 * examples/next-prime.c (main): Deleted -?, and fixed handling of
4078 * examples/random-prime.c (main): Likewise.
4080 2010-10-22 Niels Möller <nisse@lysator.liu.se>
4082 * examples/nettle-benchmark.c (main): Added long options. Deleted -?,
4083 and fixed handling of bad options.
4085 * examples/eratosthenes.c (main): Added long options. Deleted -?,
4086 and fixed handling of bad options. Renamed -s to -q (long option
4089 * tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
4090 and fixed handling of bad options.
4091 * tools/sexp-conv.c (parse_options): Likewise.
4093 2010-10-06 Niels Möller <nisse@lysator.liu.se>
4095 * memxor.c (memxor3): Optimized.
4096 (memxor3_common_alignment): New function.
4097 (memxor3_different_alignment_b): New function.
4098 (memxor3_different_alignment_ab): New function.
4099 (memxor3_different_alignment_all): New function.
4101 * examples/nettle-benchmark.c (time_function): Reorganized, to
4103 (time_memxor): Also benchmark memxor3.
4105 * x86_64/memxor.asm: New file.
4107 * examples/nettle-benchmark.c (overhead): New global variable.
4108 (time_function): Compensate for call overhead.
4109 (bench_nothing, time_overhead): New functions.
4110 (time_memxor): Tweaked src size, making it an integral number of
4112 (main): Call time_overhead.
4114 2010-10-01 Niels Möller <nisse@lysator.liu.se>
4116 * x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
4119 * testsuite/memxor-test.c: Also test memxor3.
4121 2010-09-30 Niels Möller <nisse@lysator.liu.se>
4123 * configure.ac: Link in memxor.asm, if found.
4125 * testsuite/testutils.c (test_cipher_cbc): Print more info when
4128 * testsuite/memxor-test.c (test_xor): Added verbose printout.
4130 * examples/nettle-benchmark.c (time_memxor): Count size of
4131 unsigned long as "block size" for memxor.
4133 2010-09-24 Niels Möller <nisse@lysator.liu.se>
4135 * testsuite/.test-rules.make: Added rule for memxor-test.
4136 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
4137 * testsuite/memxor-test.c: New file.
4139 * memxor.c (memxor_common_alignment): New function.
4140 (memxor_different_alignment): New function.
4141 (memxor): Optimized to do word-operations rather than byte
4144 * configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
4146 Partial revert of 2010-09-20 changes.
4147 * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
4148 Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
4149 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
4150 differing in where addition of the key is done.
4151 * x86/camellia-crypt-internal.asm: Moved addition of key.
4153 2010-09-22 Niels Möller <nisse@lysator.liu.se>
4155 * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
4157 (time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
4158 if available. This gives better accuracy, at least on recent
4160 (BENCH_INTERVAL): Reduced to 0.1 s.
4161 (struct bench_memxor_info): New struct.
4162 (bench_memxor): New function.
4163 (time_memxor): New function.
4164 (main): Use time_memxor. Added optional argument used to limit the
4165 algorithms being benchmarked.
4166 (GET_CYCLE_COUNTER): Define also for x86_64.
4167 (time_memxor): Improved display.
4169 * examples/Makefile.in (nettle-benchmark): Link using
4170 $(BENCH_LIBS) rather than $(LIBS).
4172 * configure.ac: Check for clock_gettime, and add -lrt to
4173 BENCH_LIBS if needed.
4175 2010-09-20 Niels Möller <nisse@lysator.liu.se>
4177 * configure.ac: Less quoting when invoking $CC, to allow CC="gcc
4180 * x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
4181 convention, moving key xor to the end.
4183 * camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
4184 (camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
4185 operations intended for moving the key xor into the middle of the
4188 * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
4189 key to the end, to use a 64-bit xor operation.
4191 * x86_64/camellia-crypt-internal.asm: New file.
4193 * x86_64/machine.m4 (LREG, HREG, XREG): New macros.
4195 2010-09-17 Niels Möller <nisse@lysator.liu.se>
4197 * configure.ac: Support shared libraries (dlls) with mingw32.
4198 Contributed by David Hoyt.
4200 2010-07-25 Niels Möller <nisse@lysator.liu.se>
4202 * configure.ac: Changed version number to nettle-2.2.
4204 * Released nettle-2.1.
4206 * configure.ac: Use camellia-crypt-internal.asm, if available.
4207 Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
4210 * x86/machine.m4 (LREG, HREG): Moved macros here, from...
4211 * x86/aes.m4: ...here.
4213 * x86/camellia-crypt-internal.asm: New file.
4215 * nettle.texinfo: Updated and expanded section on DSA.
4216 Document aes_invert_key, and camellia. Added missing functions
4217 rsa_sha512_verify and rsa_sha512_verify_digest.
4219 * camellia.h (struct camellia_ctx): Eliminate the two unused
4220 subkeys, and renumber the remaining ones.
4221 * camellia-crypt-internal.c (_camellia_crypt): Updated for
4223 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
4224 * camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
4226 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
4227 the expansion of camellia_setup128 and camellia_setup256, keeping
4228 the unexpanded key in scalar variables.
4229 (camellia_setup128): Deleted.
4230 (camellia_setup256): Deleted.
4232 2010-07-24 Niels Möller <nisse@lysator.liu.se>
4234 * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
4235 code size, no complete loop unroll. Use one loop for each phase of
4236 the post-processing.
4238 * testsuite/camellia-test.c: New tests for camellia_invert_key.
4239 * testsuite/aes-test.c: New tests for aes_invert_key.
4241 * aes.h (aes_invert_key): Declare it.
4243 * aes-set-decrypt-key.c (aes_invert_key): New function, key
4244 inversion code extracted from aes_set_decrypt_key.
4245 (aes_set_decrypt_key): Use aes_invert_key.
4247 * camellia-set-encrypt-key.c (camellia_setup128): Generate
4248 unmodified subkeys according to the spec. Moved clever combination
4249 of subkeys to camellia_set_encrypt_key.
4250 (camellia_setup256): Likewise.
4251 (camellia_set_encrypt_key): Moved subkey post-processing code
4252 here, and reduce code duplication between 128-bit keys and larger
4255 * camellia.c: Deleted file, split into several new files...
4256 * camellia-table.c (_camellia_table): New file with the constant
4258 * camellia-set-encrypt-key.c: New file.
4259 (camellia_setup128): Generate unmodified subkeys according to the
4260 spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
4261 (camellia_setup256): Likewise.
4263 * camellia-set-decrypt-key.c: New file.
4264 (camellia_invert_key): Key inversion function.
4265 (camellia_set_decrypt_key): New key setup function.
4266 * camellia-internal.h: New file.
4267 * camellia-crypt.c (camellia_crypt): New file, new wrapper
4268 function passing the sbox table to _camellia_crypt.
4269 * camellia-crypt-internal.c (_camellia_crypt): New file, with main
4270 encrypt/decrypt function.
4271 * Makefile.in (nettle_SOURCES): Updated list of camellia source files.
4272 (DISTFILES): Added camellia-internal.h.
4274 2010-07-20 Niels Möller <nisse@lysator.liu.se>
4276 * camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
4278 * camellia.h (struct camellia_ctx): Replaced flag camellia128 by
4279 expanded key length nkeys.
4281 * camellia.c (camellia_set_encrypt_key): Renamed, from...
4282 (camellia_set_key): ... old name.
4283 (camellia_invert_key): New function.
4284 (camellia_set_decrypt_key): New function, using
4285 camellia_invert_key.
4286 (camellia_crypt): Renamed, from...
4287 (camellia_encrypt): ... old name.
4288 (camellia_decrypt): Deleted, no longer needed. camellia_crypt used
4289 for both encryption and decryption.
4291 * nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
4293 * dsa-keygen.c: Removed unnecessary include of memxor.h.
4295 * camellia.c: Rewrote to use 64-bit type for subkeys and use
4296 64-bit operations throughout. Performance on x86_32, when compiled
4297 with gcc-4.4.4, is reduced by roughly 15%, this should be fixed
4300 * camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
4302 2010-07-07 Niels Möller <nisse@lysator.liu.se>
4304 * aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
4305 Also updated implementation.
4306 * blowfish.h (blowfish_encrypt, blowfish_decrypt): Likewise.
4307 * cast128.h (cast128_encrypt, cast128_decrypt): Likewise.
4308 * serpent.h (serpent_encrypt, serpent_decrypt): Likewise.
4309 * twofish.h (twofish_encrypt, twofish_decrypt): Likewise.
4311 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
4314 * examples/nettle-benchmark.c: Added camellia ciphers.
4316 * Makefile.in (nettle_SOURCES): Added camellia.c and
4318 (HEADERS): Added camellia.h.
4320 * nettle-meta.h (nettle_camellia128): Declare.
4321 (nettle_camellia192): Likewise.
4322 (nettle_camellia256): Likewise.
4324 * camellia-meta.c: New file.
4326 * camellia.h: Rewrote interface to match nettle conventions.
4328 * camellia.c: Converted to nettle conventions.
4329 (camellia_encrypt128, camellia_encrypt256): Unified to new
4331 (camellia_encrypt): ...New function, with a loop doing 6
4332 regular rounds, one FL round and one FLINV round per iteration,
4333 with iteration count depending on the key size.
4335 (camellia_decrypt128, camellia_decrypt256): Similarly unified
4337 (camellia_decrypt): ...New function, analogous to
4340 2010-07-06 Niels Möller <nisse@lysator.liu.se>
4342 * camellia.c, camellia.h: New files, copied from
4343 http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
4345 * testsuite/camellia-test.c: New file.
4347 2010-07-05 Niels Möller <nisse@lysator.liu.se>
4349 * nettle.texinfo: Document new conventions for weak key and des
4350 parity checks. Document des_check_parity.
4352 * testsuite/des-test.c (test_weak): Don't check the deleted status
4355 * des-compat.c (des_key_sched): Rewrote error checking logic for
4356 the case of non-zero des_check_key.
4358 * des3.c (des3_set_key): Changed weak key detection logic.
4359 Complete key setup also for weak keys, and don't set the status
4362 * des.c (des_set_key): New iteration logic, to keep key pointer
4363 unchanged. Moved weak key check to the end, and don't set the
4365 (des_encrypt): Ignore status attribute.
4366 (des_decrypt): Likewise.
4368 * des.h (enum des_error): Deleted.
4369 (struct des_ctx): Deleted status attribute.
4370 (struct des3_ctx): Likewise.
4372 * blowfish.c (initial_ctx): Deleted status value.
4373 (blowfish_encrypt): Ignore status attribute.
4374 (blowfish_decrypt): Likewise.
4375 (blowfish_set_key): Return result from weak key check, without
4376 setting the status attribute.
4378 * blowfish.h (enum blowfish_error): Deleted.
4379 (struct blowfish_ctx): Deleted status attribute.
4381 * Makefile.in (des_headers): Deleted parity.h.
4383 2010-06-30 Niels Möller <nisse@lysator.liu.se>
4385 * testsuite/des-test.c (test_des): New function.
4386 (test_weak): New function.
4387 (test_main): Use test_des and test_weak. Added tests for all the
4388 weak keys. Added some tests with invalid (to be ignored) parity
4391 * des.c (parity_16): New smaller parity table.
4392 (des_check_parity): New function.
4393 (des_fix_parity): Use parity_16.
4394 (des_weak_p): New weak-key detection. Ignores parity bits, and
4396 (des_set_key): Deleted parity checking code. Replaced old weak-key
4397 detection code by a call to des_weak_p.
4399 2010-06-04 Niels Möller <nisse@lysator.liu.se>
4401 * testsuite/testutils.c (test_dsa_key): Updated for new name
4402 DSA_SHA1_MIN_P_BITS.
4404 * dsa-keygen.c (dsa_generate_keypair): Use DSA_SHA1_MIN_P_BITS and
4405 DSA_SHA256_MIN_P_BITS.
4407 * dsa.h (DSA_MIN_P_BITS, DSA_Q_OCTETS, DSA_Q_BITS): Renamed to...
4408 (DSA_SHA1_MIN_P_BITS, DSA_SHA1_Q_OCTETS, DSA_SHA1_Q_BITS): New
4411 * sexp2dsa.c (dsa_keypair_from_sexp_alist): New argument q_bits.
4412 Renamed parameter limit to p_max_bits.
4413 (dsa_sha1_keypair_from_sexp): Renamed, was dsa_keypair_from_sexp.
4414 Updated to call dsa_keypair_from_sexp_alist with the new argument.
4415 (dsa_sha256_keypair_from_sexp): New function.
4416 (dsa_signature_from_sexp): New argument q_bits.
4418 * der2dsa.c (dsa_params_from_der_iterator): Enforce 160-bit limit
4419 on q. Renamed parameter limit to p_max_bits.
4420 (dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
4421 on q and x. Renamed parameter limit to p_max_bits.
4423 2010-06-03 Niels Möller <nisse@lysator.liu.se>
4425 * testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
4427 2010-06-02 Niels Möller <nisse@lysator.liu.se>
4429 * testsuite/dsa-test.c (test_main): Provide expected value of the
4432 * testsuite/testutils.c (test_dsa160): Added argument for expected
4434 (test_dsa256): Likewise.
4436 2010-06-01 Niels Möller <nisse@lysator.liu.se>
4438 * testsuite/rsa-keygen-test.c (test_main): Updated expected
4441 * examples/random-prime.c (main): Updated for nettle_random_prime
4443 * testsuite/random-prime-test.c (test_main): Likewise.
4445 * rsa-keygen.c (bignum_random_prime): Deleted function.
4446 (rsa_generate_keypair): Use new nettle_random_prime. Generate
4447 secret factors p and q with the two most significant bits set.
4449 * dsa-keygen.c (dsa_generate_keypair): Updated for changes in
4450 nettle_random_prime and _nettle_generate_pocklington_prime. Invoke
4453 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
4454 argument top_bits_set, to optionally generate primes with the two
4455 most significant bits set. Reordered argument list.
4456 (nettle_random_prime): Likewise, added top_bits_set argument.
4457 Invoke progress callback when a prime is generated.
4459 2010-05-26 Niels Möller <nisse@lysator.liu.se>
4461 * dsa-keygen.c (dsa_generate_keypair): Use
4462 _nettle_generate_pocklington_prime. Deleted old key generation
4465 * bignum-random-prime.c (_nettle_generate_pocklington_prime): Also
4466 return the used r. Updated caller.
4468 * examples/random-prime.c (main): Allow sizes down to 3 bits.
4470 * bignum-random-prime.c (_nettle_generate_pocklington_prime): New
4471 function. Rely on mpz_probab_prime_p (for lack of a trial division
4472 function) for trial division.
4473 (nettle_random_prime): Rewritten. Uses the prime table for the
4474 smallest sizes, then trial division using a new set of tables, and
4475 then Maurer's algorithm, calling the new
4476 _nettle_generate_pocklington_prime for the final search.
4478 2010-05-25 Niels Möller <nisse@lysator.liu.se>
4480 * testsuite/dsa-test.c (test_main): Updated for dsa testing
4483 * testsuite/dsa-keygen-test.c (test_main): Test dsa256.
4485 * testsuite/testutils.h (struct nettle_mac): New struct, currently
4488 * testsuite/testutils.c (test_mac): New function (currently not
4490 (test_dsa): Replaced by two new functions...
4491 (test_dsa160): New function.
4492 (test_dsa256): New function.
4493 (test_dsa_key): New argument q_size.
4494 (DSA_VERIFY): Generalized.
4496 * dsa-keygen.c (dsa_generate_keypair): Rewritten, now generating
4497 primes using Pocklington's theorem. Takes both p_size and q_size
4500 2010-05-20 Niels Möller <nisse@lysator.liu.se>
4502 * bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
4503 logic when Miller-rabin succeeds early.
4505 2010-04-09 Niels Möller <nisse@lysator.liu.se>
4507 * bignum-next-prime.c: Include stdlib.h, needed for alloca on
4511 * examples/Makefile.in (SOURCES): Added random-prime.c.
4513 * examples/random-prime.c: New program.
4515 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved
4516 knuth-lfib-test.c, cbc-test.c, ctr-test.c, hmac-test.c here, from
4518 (TS_HOGWEED_SOURCES): Added random-prime-test.c.
4520 * testsuite/random-prime-test.c: New test case.
4522 * examples/next-prime.c (main): With no command line arguments.
4523 exit after dislaying usage message.
4525 * examples/io.c (simple_random): Free buffer when done.
4527 * configure.ac: Changed message, say CC is the recommended
4528 way to configure the ABI.
4530 * bignum-random.c: Deleted test of HAVE_LIBGMP.
4531 * bignum.c: Likewise.
4532 * sexp2bignum.c: Likewise.
4534 * Makefile.in (hogweed_SOURCES): Added bignum-random-prime.c.
4536 * bignum-random-prime.c (nettle_random_prime): New file, new
4539 2010-03-31 Niels Möller <nisse@lysator.liu.se>
4541 * examples/nettle-benchmark.c (main): Benchmark sha224.
4543 2010-03-30 Niels Möller <nisse@lysator.liu.se>
4545 * testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
4547 (test_dsa): Check return value from dsa_sha1_sign.
4549 * Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
4550 dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
4552 * dsa.h: Updated and added dsa declarations.
4554 * dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
4556 (dsa_sha256_verify): New function.
4557 * dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
4559 (dsa_sha256_sign): New function.
4561 * dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
4562 renamed function, from dsa_verify_digest, rewrote to use
4564 (dsa_sha1_verify): Analogous change, renamed from dsa_verify.
4565 * dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
4566 renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
4567 and added return value.
4568 (dsa_sha1_sign): Analogous change, renamed from dsa_sign.
4570 * dsa-verify.c (_dsa_verify): New general verification function,
4572 * dsa-sign.c (_dsa_sign): New general signing function, for any
4573 hash. Returns success code, like the rsa signture functions.
4575 2010-03-29 Niels Möller <nisse@lysator.liu.se>
4577 * configure.ac (ABI): Attempt to use a better, ABI-dependant,
4578 default value for libdir.
4580 * x86/md5-compress.asm: Fixed function name in epilogue.
4582 * asm.m4 (EPILOGUE): Use . to refer to current address.
4584 * configure.ac (ABI): Detect which ABI the compiler is using.
4585 On x86_64, also check for __arch64__.
4587 2010-03-28 Niels Möller <nisse@lysator.liu.se>
4589 * configure.ac (asm_path): For x86_64, check if compiler is
4590 generating 32-bit code.
4592 2010-03-27 Niels Möller <nisse@lysator.liu.se>
4594 * testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
4595 HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
4598 * Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
4601 * hmac.h: Added declarations of hmac-sha224 and hmac-sha384.
4603 * hmac-sha224.c: New file.
4605 2010-03-26 Niels Möller <nisse@lysator.liu.se>
4607 * testsuite/hmac-test.c (HMAC_TEST): New macro.
4608 (test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
4609 test vectors from Daniel Kahn Gillmor.
4611 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.
4613 * Makefile.in (nettle_SOURCES): Added sha224-meta.c and
4615 (DISTFILES): Added nettle-write.h.
4617 * sha.h: Added declarations for sha224. Some are aliases for the
4618 corresponding sha256 definition.
4620 * sha256.c (sha256_digest): Use _nettle_write_be32.
4621 (sha224_init): New function.
4622 (sha224_digest): New function.
4624 * sha1.c (sha1_digest): Use _nettle_write_be32.
4626 * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
4627 (NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
4630 * nettle-write.h: New file.
4632 * write-be32.c (_nettle_write_be32): New file, new function.
4634 * sha224-meta.c: New file.
4636 2010-03-25 Niels Möller <nisse@lysator.liu.se>
4638 * hmac-sha384.c: New file.
4640 * testsuite/sha224-test.c: New file.
4642 * testsuite/md4-test.c (test_main): More test vectors, provided by
4643 Daniel Kahn Gillmor.
4644 * testsuite/md5-test.c (test_main): Likewise.
4645 * testsuite/sha1-test.c (test_main): Likewise.
4646 * testsuite/sha256-test.c (test_main): Likewise.
4647 * testsuite/sha384-test.c (test_main): Likewise.
4648 * testsuite/sha512-test.c (test_main): Likewise.
4650 * configure.ac: Bumped version numbers. Package version
4651 nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.
4653 * examples/nettle-benchmark.c (main): Benchmark sha384.
4655 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.
4657 * testsuite/sha384-test.c: New file.
4659 * Makefile.in (nettle_SOURCES): Added sha384-meta.c.
4661 * sha384-meta.c: New file.
4663 * sha.h: Added declarations for sha384. Some are aliases for the
4664 corresponding sha512 definition.
4666 * sha512.c (sha512_write_digest): New function.
4667 (sha512_digest): Use it.
4668 (sha384_init): New function.
4669 (sha384_digest): New function.
4671 2010-03-24 Niels Möller <nisse@lysator.liu.se>
4673 * sha512.c: (sha512_digest): Simplified handling of any final
4674 partial word of the digest.
4676 * sha512.c: Reorganized to use _nettle_sha512_compress.
4678 * sha512-compress.c (_nettle_sha512_compress): Compression
4679 function extracted from sha512.c to a new file.
4681 * Makefile.in (nettle_SOURCES): Added sha256-compress.c and
4684 * sha256.c: Reorganized to use _nettle_sha256_compress.
4686 * sha256-compress.c (_nettle_sha256_compress): Compression
4687 function extracted from sha256.c to a new file.
4689 * examples/nettle-benchmark.c (main): Benchmark sha512.
4691 * rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
4692 is less than bit size of n, and check for the unlikely case p = q.
4694 * rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
4695 correspond to pkcs#1 encryption of single byte messagees.
4697 * pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
4699 * rsa-compat.c (R_SignFinal): Likewise.
4701 * rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
4702 from pkcs1_rsa_md5_encode.
4703 (rsa_md5_sign_digest): Check and propagate return value from
4704 pkcs1_rsa_md5_encode_digest.
4705 * rsa-md5-verify.c (rsa_md5_verify): Check return value from
4706 pkcs1_rsa_md5_encode.
4707 (rsa_md5_verify_digest): Check return value from
4708 pkcs1_rsa_md5_encode_digest.
4709 * rsa-sha1-sign.c: Analogous changes.
4710 * rsa-sha1-verify.c: Analogous changes.
4711 * rsa-sha256-sign.c: Analogous changes.
4712 * rsa-sha256-verify.c: Analogous changes.
4713 * rsa-sha512-sign.c: Analogous changes.
4714 * rsa-sha512-verify.c: Analogous changes.
4716 * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
4717 (pkcs1_rsa_md5_encode_digest): Added return value. Check and
4718 propagate return value from pkcs1_signature_prefix.
4719 * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
4720 (pkcs1_rsa_sha256_encode_digest): Likewise.
4721 * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
4722 (pkcs1_rsa_sha1_encode_digest): Likewise.
4723 * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
4724 (pkcs1_rsa_sha512_encode_digest): Likewise.
4726 * pkcs1.c (pkcs1_signature_prefix): Interface change, take both
4727 the total size and digest size as arguments, and return a status
4728 code to say if the size was large enough.
4730 * testsuite/Makefile.in: Added hogweed dependency for the test
4733 2010-03-23 Niels Möller <nisse@lysator.liu.se>
4735 * testsuite/rsa-test.c (test_main): Test signing with sha512.
4737 * testsuite/testutils.c (test_rsa_sha512): New function.
4739 * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
4740 rsa-sha512-sign.c and rsa-sha512-verify.c.
4742 * rsa.h: Added prototypes for sha512-related functions.
4743 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
4744 * pkcs1.h: Added prototypes for sha512-related functions.
4746 * rsa-sha512-verify.c: New file.
4747 * rsa-sha512-sign.c: New file.
4748 * pkcs1-rsa-sha512.c: New file.
4750 2010-03-22 Niels Möller <nisse@lysator.liu.se>
4752 * Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
4754 * testsuite/hmac-test.c (test_main): Added test cases for
4757 * hmac.h: Declare functions sha512-related functions.
4758 * hmac-sha512.c (hmac_sha512_set_key): New file.
4760 Basic sha512 support.
4761 * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
4762 * testsuite/sha512-test.c: New file.
4764 * macros.h (READ_UINT64, WRITE_UINT64): New macros.
4766 * Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
4767 * sha.h: Added sha512-related declarations.
4768 * nettle-meta.h: Likewise.
4769 * sha512-meta.c: New file.
4770 * sha512.c: New file.
4772 2010-03-06 Niels Möller <nisse@lysator.liu.se>
4774 * Makefile.in (distdir): Include x86_64 assembler files.
4776 2010-01-20 Niels Möller <nisse@lysator.liu.se>
4778 * configure.ac: Check for mpz_powm_sec.
4780 2010-01-13 Niels Möller <nisse@lysator.liu.se>
4782 * Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
4783 $(LIBNETTLE_FORLINK).
4785 * configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
4786 default case. Follows debian, and also makes dlopen of
4787 libhogweed.so work, without having to use RTLD_GLOBAL.
4788 (LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
4790 2009-10-21 Niels Möller <nisse@lysator.liu.se>
4792 * tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
4795 2009-10-19 Niels Möller <nisse@lysator.liu.se>
4797 * tools/pkcs1-conv.c: Updated for dsa/der interface change.
4799 * der2dsa.c (dsa_public_key_from_der_iterators): Split into two
4801 (dsa_params_from_der_iterator): New function.
4802 (dsa_public_key_from_der_iterator): New function.
4803 (dsa_openssl_private_key_from_der_iterator): Renamed, was
4804 dsa_private_key_from_der_iterator.
4805 (dsa_openssl_private_key_from_der): Likewise.
4806 * dsa.h: Corresponding changees to prototypes and #defines.
4808 2009-10-12 Niels Möller <nisse@lysator.liu.se>
4810 * sexp-format.c: Removed conditioning on HAVE_LIBGMP.
4812 * tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
4815 * Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.
4817 * der2dsa.c: New file, contributed by Magnus Holmgren.
4818 * dsa2sexp.c: Likewise.
4819 * dsa.h: Added prototypes.
4821 * configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
4822 version, now it's 1.1.
4824 * testsuite/rsa2sexp-test.c (test_main): Updated testcase for
4827 2009-10-11 Niels Möller <nisse@lysator.liu.se>
4829 * rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
4832 2009-09-20 Niels Möller <nisse@lysator.liu.se>
4834 * x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
4835 by letting loopmix scramble the instruction order.
4837 2009-09-15 Niels Möller <nisse@lysator.liu.se>
4839 * x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
4840 improvement to ROUND_F1_NOEXP. Slight reduction of
4843 2009-08-25 Niels Möller <nisse@lysator.liu.se>
4845 * x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
4847 * examples/nettle-benchmark.c (bench_sha1_compress): New function,
4848 for precise benchmarking of the compression function.
4850 2009-06-08 Niels Möller <nisse@lysator.liu.se>
4852 * Released nettle-2.0.
4854 2009-06-04 Niels Möller <nisse@lysator.liu.se>
4856 * configure.ac: Set version to 2.0
4858 2009-05-30 Niels Möller <nisse@lysator.liu.se>
4860 * Makefile.in (.texinfo.info): Don't use a temporary output file
4861 $@T, trust makeinfo to remove output file on errors.
4863 2009-05-19 Niels Möller <nisse@lysator.liu.se>
4865 * nettle.texinfo: Changed license to public domain.
4867 2009-05-11 Niels Möller <nisse@lysator.liu.se>
4869 * nettle.texinfo: Fixes from Karl Berry. Added some more index
4872 2009-03-06 Niels Möller <nisse@lysator.liu.se>
4874 * x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
4876 * x86_64/aes-decrypt-internal.asm: Likewise.
4878 * x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
4879 (AES_STORE): Reduced offsets.
4880 (AES_ROUND): Use HREG directly, not MOVE_HREG.
4882 * x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
4883 Put SA--SD in %eax--%edx, so the second byte can be accessed as
4884 %ah-%dh. TD is not needed, SD can be reused. Use the register that
4885 is saved for the outer loop counter, getting it off the stack.
4886 * x86_64/aes-encrypt-internal.asm: Likewise.
4888 * x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
4889 (XREG): Fixed bug in handling of %r8 and %r9.
4890 (AES_ROUND): Use MOVE_HREG.
4892 2009-02-10 Niels Möller <nisse@lysator.liu.se>
4894 * base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
4897 * testsuite/sexp-conv-test: Updated testcases for improved
4898 handling of comments.
4900 * tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
4901 to terminate comments, and modify indentation for the case that a
4902 list starts with a comment.
4904 * tools/output.c (sexp_output_init): Initialize soft_newline.
4905 (sexp_put_raw_char): Clear soft_newline.
4906 (sexp_put_newline): Check and reset soft_newline.
4907 (sexp_put_soft_newline): New function.
4909 * tools/output.h (struct sexp_output): Removed union with single
4910 element, and updated all users. New attribute soft_newline.
4912 2008-12-22 Niels Möller <nisse@lysator.liu.se>
4914 * Makefile.in ($(des_headers)): Create files in $(srcdir).
4916 2008-11-28 Niels Möller <nisse@lysator.liu.se>
4918 * testsuite/cxx-test.cxx: Include <cstdio>.
4920 2008-11-22 Niels Möller <nisse@lysator.liu.se>
4922 * yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
4923 that it is set if and only if the aes context has been initialized
4924 with aes_set_encrypt_key.
4925 (yarrow256_seed): No need to set ctx->seeded here.
4926 (yarrow256_update): Likewise.
4928 2008-11-04 Niels Möller <nisse@lysator.liu.se>
4930 * examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
4931 compatible with gmp-3.1.
4933 2008-11-01 Niels Möller <nisse@lysator.liu.se>
4935 * nettle.texinfo: Updated for 2.0. New section on linking.
4937 * nettle-types.h, nettle-meta.h: Moved all typedefs for function
4938 types to nettle-types.h. Use non-pointer types, so that the types
4939 can be used to declare functions. Updated all users.
4941 2008-10-31 Niels Möller <nisse@lysator.liu.se>
4943 * testsuite/yarrow-test.c (test_main): Updated for seed file
4946 * sha-example.c (display_hex): Use %02x, not %2x.
4948 2008-10-30 Niels Möller <nisse@lysator.liu.se>
4950 * tools/sexp-conv.c (main): Fixed file locking.
4952 2008-10-25 Niels Möller <nisse@lysator.liu.se>
4954 * configure.ac: Set version to 2.0rc1.
4956 * examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
4959 2008-10-24 Niels Möller <nisse@lysator.liu.se>
4961 * sha256.c (ROUND): Simplified macro.
4963 * yarrow256.c (yarrow256_fast_reseed): Renamed (was
4964 yarrow_fast_reseed) and made non-static. Don't generate seed file
4965 here, let the application use yarrow256_random instead.
4966 (yarrow256_slow_reseed): Renamed (was yarrow_slow_reseed) and made
4968 (yarrow256_force_reseed): Deleted function, use
4969 yarrow256_slow_reseed instead. For backwards compatibility,
4970 yarrow.h defines yarrow256_force_reseed as an alias for that
4973 * yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.
4975 2008-09-17 Niels Möller <nisse@lysator.liu.se>
4977 * x86/arcfour-crypt.asm: Improved loop logic, and unrolled
4978 loop twice. Gave a modest speedup.
4980 2008-09-15 Niels Möller <nisse@lysator.liu.se>
4982 * yarrow256.c (yarrow256_seed): Disallow length == 0.
4984 * base64-decode.c (decode_table): Added vertical tab (VT) and form
4985 feed (FF) as white space characters.
4987 * x86_64/aes-decrypt-internal.asm: New file.
4989 2008-09-13 Niels Möller <nisse@lysator.liu.se>
4991 * x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
4992 loop with movl. Eliminated redundant movl.
4993 * x86/aes-decrypt-internal.asm: Likewise.
4995 * x86_64/aes.m4: New file.
4997 * x86/aes-encrypt-internal.asm: Updated for AES_FINAL_ROUND. Only
4998 three times through the substitution loop.
4999 * x86/aes-decrypt-internal.asm: Likewise.
5000 * x86_64/aes-encrypt-internal.asm: Likewise.
5002 * x86/aes.m4 (AES_FINAL_ROUND): Do the substitution on the least
5003 significant byte here.
5005 * x86/aes-encrypt-internal.asm: Updated use of AES_SUBST_BYTE. USe
5006 decl for outer loop.
5007 * x86/aes-decrypt-internal.asm: Likewise.
5009 * x86/aes.m4 (LREG, HREG): New macros.
5010 (AES_SUBST_BYTE): Take state registers as argument. Use LREG to
5011 get the corresponding byte register.
5012 (AES_ROUND): Use movzbl together with LREG and HREG.
5013 (AES_SUBST_BYTE): Likewise.
5015 2008-09-10 Niels Möller <nisse@lysator.liu.se>
5017 * x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
5018 which must be preserved.
5020 2008-09-08 Niels Möller <nisse@lysator.liu.se>
5022 * Makefile.in (stamp-h.in): Use $(AUTOHEADER).
5024 * x86_64/sha1-compress.asm: New x86_64 assembler, based on the x86
5027 * configure.ac (asm_path): Set up asm_path for x86_64.
5029 * x86_64/machine.m4: New file, new directory.
5031 2008-08-28 Niels Möller <nisse@lysator.liu.se>
5033 * examples/eratosthenes.c (main): Rewrote block-wise sieving to
5034 use less memory. New options -s and -v.
5036 2008-08-27 Niels Möller <nisse@lysator.liu.se>
5038 * testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
5039 Updated testcases with comments; comments are now preserved.
5041 * tools/sexp-conv.c (sexp_convert_item): Keep comments in advanced
5043 (parse_options): New --lock option.
5044 (main): Optionally lock output file.
5046 * tools/parse.c (sexp_check_token): Removed check for "any" token.
5047 All callers specify the token they expect.
5048 (sexp_parse): Pass on comment tokens.
5050 * tools/output.c (sexp_put_data): Made non-static.
5052 * tools/input.c (sexp_get_comment): New function.
5053 (sexp_get_token): Use sexp_get_comment.
5055 * tools/misc.h (enum sexp_token): Start enumeration with zero, zero
5056 is no longer used to mean any type. New type SEXP_COMMENT.
5058 * configure.ac: Check for fcntl file locking.
5060 2008-08-26 Niels Möller <nisse@lysator.liu.se>
5062 * Makefile.in (tags-here): Put TAGS file in the source directory.
5063 * examples/Makefile.in (tags): Likewise.
5064 * testsuite/Makefile.in (tags): Likewise.
5065 * tools/Makefile.in (tags): Likewise.
5067 2008-02-29 Niels Möller <nisse@lysator.liu.se>
5069 * examples/Makefile.in (SOURCES): Added next-prime.c.
5071 2008-01-05 Niels Möller <nisse@lysator.liu.se>
5073 * examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
5074 (next-prime, eratosthenes): New rules.
5075 (nettle-benchmark): Don't rely on $@.
5077 * examples/eratosthenes.c (find_first_one): Optimized, using
5078 slightly larger table.
5079 (main): Use atol, rather than atoi.
5081 * testsuite/symbols-test: Check symbols also in libhogweed.
5083 * examples/next-prime.c: New file.
5084 Deleted code for detailed timing.
5086 * Makefile.in (hogweed_SOURCES): Added bignum-next-prime.c.
5087 (DISTFILES): Added prime-list.h.
5088 (hogweed_OBJS): Removed $(LIBOBJS).
5090 * bignum-next-prime.c (nettle_next_prime): Renamed function, for
5091 name space reasons. Was bignum_next_prime. Updated call in
5093 (primes): Use prime-list.h.
5094 (nettle_next_prime): Skip Fermat test. Use mpz_millerrabin
5095 directly, rather than mpz_probab_prime_p, when the former is
5098 * bignum.h (nettle_next_prime): New prototype.
5100 * rsa-keygen.c (bignum_next_prime): Deleted, moved to
5101 bignum-next-prime.c. Call with a larger prime limit, this improves
5102 the running time of lsh-keygen by roughly 25%.
5104 * prime-list.h: List of odd primes < 2^16.
5106 * configure.ac: Check for sizeof(long).
5108 2008-01-03 Niels Möller <nisse@lysator.liu.se>
5110 * examples/nettle-benchmark.c (main): Removed incorrect UNUSED
5113 * bignum-next-prime.c: Moved the bignum_next_prime function to a
5116 2007-09-08 Niels Möller <nisse@lysator.liu.se>
5118 * sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
5119 include file was renamed from "sparc" to "sparc32". Updated include.
5120 * sparc64/aes-decrypt-internal.asm: Likewise.
5121 * sparc32/aes-encrypt-internal.asm: Likewise.
5122 * sparc32/aes-decrypt-internal.asm: Likewise.
5124 2007-09-07 Niels Möller <nisse@lysator.liu.se>
5126 * examples/read_rsa_key.c: Include stdlib.h.
5128 2007-06-02 Niels Möller <nisse@lysator.liu.se>
5130 * Makefile.in: Typo fixes to install targets, spotted by Magnus
5133 2007-05-14 Niels Möller <niels@s3.kth.se>
5135 * configure.ac: Fixed copy-and-paste errors in shared library
5138 * config.make.in (LIBNETTLE_SONAME, LIBHOGWEED_SONAME): Define.
5140 * Makefile.in (libnettle.so, libhogweed.so): Fixed rules.
5142 * Makefile.in: Split nettle library into two files, libnettle.a
5143 and libhogweed.a, and similarly for the shared libraries.
5145 * configure.ac: Bumped nettle so-versions to 3.0. Set hogweed
5146 so-versions to 1.0. New makefile conditionals IF_SHARED and
5147 IF_HOGWEED. Renamed WITH_PUBLIC_KEY to WITH_HOGWEED. Deleted
5148 SHLIBTARGET, SHLIBINSTALL, RSA_EXAMPLES and RSA_TOOLS.
5150 * config.make.in: Updated for hogweed split.
5152 * C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
5153 Makefile sorts out which files should be compiled.
5155 * pgp.h: Include bignum.h, don't pretend to work without bignums.
5157 * pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
5158 (pgp_put_rsa_sha1_signature): Define unconditionally. Removed the
5159 checking of HAVE_LIBGMP and WITH_PUBLIC_KEY.
5161 * examples/io.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
5162 * examples/io.c (read_rsa_key): Deleted, moved to...
5163 * examples/read_rsa_key.c: New file, extracted from io.c.
5165 * examples/Makefile.in: Use IF_HOGWEED instead of RSA_EXAMPLES.
5166 Link appropriate programs with -lhogweed.
5167 (SOURCES): Added read_rsa_key.c.
5169 * tools/Makefile.in (pkcs1-conv): Use IF_HOGWEED, not @RSA_TOOLS@,
5170 for configuration. Link with -lhogweed.
5172 * testsuite/testutils.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
5173 * testsuite/testutils.c: Likewise.
5175 * testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
5176 Separate test cases using nettle and those also using hogweed.
5178 2007-04-05 Niels Möller <nisse@lysator.liu.se>
5180 * Moved in CVS tree. Also renamed directory sparc to sparc32.
5182 2007-02-24 Niels Möller <nisse@lysator.liu.se>
5184 * Makefile.in (clean-here): Remove .lib directory.
5185 (distclean-here): Remove machine.m4.
5187 2006-12-05 Niels Möller <nisse@lysator.liu.se>
5189 * configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.
5191 * config.make.in (datarootdir): New directory variable (for
5194 2006-11-28 Niels Möller <nisse@lysator.liu.se>
5196 * configure.ac: Bumped version to 1.16.
5198 * Released nettle-1.15.
5200 2006-11-27 Niels Möller <nisse@lysator.liu.se>
5202 * NEWS: New entry for nettle-1.15.
5204 * configure.ac (SHLIBMINOR): Bumped version. Library name is now
5207 * sha256.c: Changed copyright notice to use the LGPL.
5209 * Makefile.in (DISTFILES): Added COPYING.LIB.
5211 * COPYING.LIB: New file (previously only the plain GPL was
5212 included in the distribution).
5214 * nettle.texinfo: Updated vor nettle-1.15.
5216 * testsuite/rsa-test.c (test_main): Use test_rsa_sha256.
5217 * testsuite/testutils.c (test_rsa_sha256): New function.
5219 * testsuite/Makefile.in (DISTFILES): Replaces rfc1750.txt by
5222 * rsa.h (rsa_sha256_sign, rsa_sha256_verify)
5223 (rsa_sha256_sign_digest, rsa_sha256_verify_digest): New declarations.
5224 (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased to
5225 62 octets and 489 bits, respectively, for supporting sha256.
5227 * pkcs1.h (pkcs1_rsa_sha256_encode)
5228 (pkcs1_rsa_sha256_encode_digest): New declarations and name
5231 * Makefile.in (nettle_SOURCES): Added pkcs1-rsa-sha256.c,
5232 rsa-sha256-sign.c, rsa-sha256-verify.c.
5234 * pkcs1-rsa-sha256.c, rsa-sha256-sign.c, rsa-sha256-verify.c: New
5237 * COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
5240 2006-11-27 Niels Möller <niels@s3.kth.se>
5242 * tools/Makefile.in (install): Use MKDIR_P to create installation
5243 directory. Install only one file at a time.
5245 * Makefile.in (MKDIR_P): Use MKDIR_P for creating installation
5248 * configure.ac: Use AC_PROG_MKDIR_P.
5250 2006-11-24 Niels Möller <nisse@lysator.liu.se>
5252 * testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
5253 file, instead of rfc1750.txt.
5255 * testsuite/gold-bug.txt: New test input file for yarrow-test.
5256 The copyright on this short story by Edgar Allan Poe has expired.
5258 * testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
5259 non-free, and it was expired anyway. Replaced by gold-bug.txt.
5261 2006-11-24 Niels Möller <niels@s3.kth.se>
5263 * Almost all header files: Added C++ guards.
5265 * configure.ac: Test if the system has any C++ compiler.
5267 * config.make.in (CXX, CXXFLAGS, COMPILE_CXX, LINK_CXX): New variables.
5269 * testsuite/Makefile.in: New variables TS_C and TS_CXX. Setup for
5270 compiling the C++ file cxx-test.cxx.
5272 * testsuite/cxx-test.cxx: New testcase, trying to use nettle from
5275 2006-08-28 Niels Möller <niels@s3.kth.se>
5277 * index.html: Added section on language bindings.
5279 2006-06-10 Niels Möller <niels@s3.kth.se>
5281 * configure.ac: Darwin shared library support, from Grant
5284 2006-05-18 Niels Möller <nisse@lysator.liu.se>
5286 * src/nettle/x86/aes.asm: Deleted unused file.
5288 * aes-decrypt.c (_aes_decrypt_table): Deleted the indexing array,
5289 previously commented out.
5290 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
5292 * Makefile.in (.texinfo.info, .dvi.ps): Use more quotes with
5294 (install-here, install-shared, install-info, install-headers): Use
5295 plain mkdir, not $(INSTALL) -d.
5297 2006-05-16 Niels Möller <niels@s3.kth.se>
5298 Merged from the lsh experimental branch.
5300 2006-04-26 Niels Möller <nisse@lysator.liu.se>
5302 * examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
5303 * examples/nettle-benchmark.c: Include "getopt.h".
5305 * examples/Makefile.in (GETOPT_OBJS): New variable.
5306 (rsa-keygen, rsa-encrypt, nettle-benchmark): Depend on and link
5307 with $(GETOPT_OBJS).
5309 * x86/aes-decrypt-internal.asm: Use ALIGN.
5310 * x86/aes-encrypt-internal.asm: Likewise.
5311 * x86/arcfour-crypt.asm: Likewise.
5312 * x86/md5-compress.asm: Likewise.
5313 * x86/sha1-compress.asm: Likewise.
5315 * config.m4.in (ASM_ALIGN_LOG): Substitute.
5316 * configure.ac (ASM_ALIGN_LOG): Check if .align directive is
5318 * asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
5319 expands to a .align directive.
5321 2006-04-21 Niels Möller <nisse@lysator.liu.se>
5323 * nettle.texinfo (Public-key algorithms): Say that the public key
5324 operations are undocumented, not unsupported. Reported by Jeronimo
5327 2006-04-08 Niels Möller <nisse@lysator.liu.se>
5329 * tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
5330 Reported by Henrik Grubbström.
5332 2006-01-31 Niels Möller <niels@s3.kth.se>
5334 * examples/rsa-verify.c: Fixed typo in usage message.
5336 2005-12-05 Niels Möller <nisse@lysator.liu.se>
5338 * configure.ac: Bumped version to 1.15,
5340 * Released nettle-1.14.
5342 * NEWS: Updated for 1.14.
5344 * configure.ac (SHLIBMINOR): Increased minor number. Library
5345 version is now libnettle.so.2.5, soname still libnettle.so.2.
5347 2005-11-28 Niels Möller <nisse@lysator.liu.se>
5349 * config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
5350 and friends here, to get a correct a relative filename for
5351 install-sh when used in tools/Makefile.
5353 * tools/Makefile.in (INSTALL): Substitute INSTALL, INSTALL_DATA
5355 * Makefile.in (INSTALL): Likewise.
5357 2005-11-27 Niels Möller <nisse@lysator.liu.se>
5359 * Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
5360 intermediate .dvi and .ps files.
5362 * testsuite/Makefile.in (clean): Delete sha1-huge-test.
5364 * Makefile.in (install-info, install-headers): Don't use $< and
5365 $?; Solaris make doesn't support them in explicit rules.
5367 2005-11-26 Niels Möller <nisse@lysator.liu.se>
5369 * testsuite/Makefile.in: Include .test-rules.make, which contains
5370 the rules for all the test executables.
5371 (test-rules): New rule, to update this file.
5372 (DISTFILES): Added $(EXTRA_SOURCES).
5374 * testsuite/.test-rules.make: Automatically generated file for
5375 building the test programs.
5377 2005-11-25 Niels Möller <nisse@lysator.liu.se>
5379 * configure.ac: Disable assembler when compiling with rntcl.
5381 * tools/Makefile.in (pkcs1_conv_SOURCES): New variable.
5382 (pkcs1-conv): Link with getopt.o and getopt1.o.
5384 * Makefile.in (aesdata, desdata, shadata): Use explicit rules for
5387 * testsuite/Makefile.in: Use %-rules for building the -test
5388 executables, in addition to the suffix rules. Hopefully, this
5389 should make all of GNU make, BSD make and Solaris make happy.
5390 Use $(EXEEXT) and $(OBJEXT) more consistently.
5392 * examples/Makefile.in: Use explicit rules for all executable
5393 targets. Use $(EXEEXT) and $(OBJEXT) more consistently.
5395 2005-11-25 Niels Möller <niels@s3.kth.se>
5397 * testsuite/Makefile.in: Avoid using single-suffix rule to build
5400 2005-11-24 Niels Möller <niels@s3.kth.se>
5402 * Makefile.in (distdir): Use [ -f, not [ -e, since the latter
5403 is less portable, and not supported by Solaris /bin/sh.
5405 2005-11-23 Niels Möller <niels@s3.kth.se>
5407 * testsuite/Makefile.in (DISTFILES): Added teardown-env.
5408 * testsuite/teardown-env: New file. Delete files created by the
5411 2005-11-21 Niels Möller <nisse@lysator.liu.se>
5413 * testsuite/testutils.c (main): Fixed check for -v option. Spotted
5416 2005-11-21 Niels Möller <niels@s3.kth.se>
5418 * ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.
5420 2005-11-20 Niels Möller <nisse@lysator.liu.se>
5422 * Makefile.in (nettle_SOURCES): Added der2rsa.c.
5424 * testsuite/Makefile.in (TS_SH): Added pkcs1-conv-test.
5426 * tools/Makefile.in (TARGETS): Added @RSA_TOOLS@.
5427 (SOURCES): Added pkcs1-conv.c.
5428 (pkcs1-conv): New rule.
5430 * tools/pkcs1-conv.c: New program.
5432 * testsuite/pkcs1-conv-test: New file.
5434 * examples/rsa-verify-test: Use rsa-sign to create signature.
5436 * examples/io.c (read_file): Fixed spelling in error message.
5438 * rsa.h (rsa_public_key_from_der_iterator)
5439 (rsa_private_key_from_der_iterator, rsa_keypair_from_der): Declare
5442 * der2rsa.c: New file.
5444 * der-iterator.c (asn1_der_iterator_init): Initialize length and
5446 (asn1_der_iterator_next): Support for lengths >= 0x80.
5447 (asn1_der_decode_constructed_last, asn1_der_decode_bitstring)
5448 (asn1_der_decode_bitstring_last): New functions.
5449 (asn1_der_get_bignum): Check for non-mininal encodings.
5451 * configure.ac (RSA_TOOLS): New substituted variable. Includes
5452 pkcs1-conv, when public-key support is enabled.
5454 * bignum.h (nettle_asn1_der_get_bignum): Include nettle_-prefix in
5457 * asn1.h: Added name mangling defines, and a few new declarations.
5459 2005-11-13 Niels Möller <nisse@lysator.liu.se>
5461 * Makefile.in (nettle_SOURCES): Added der-iterator.c.
5462 (HEADERS): Added asn1.h.
5464 * bignum.h (asn1_der_get_bignum): Declare function.
5466 * der-iterator.c: New file.
5469 2005-11-07 Niels Möller <nisse@lysator.liu.se>
5471 * examples/nettle-benchmark.c: Check HAVE_UNISTD_H.
5473 * examples/Makefile.in (TARGETS): Use $(EXEEXT).
5474 * tools/Makefile.in (TARGETS, sexp-conv, nettle-lfib-stream): Likewise.
5476 * configure.ac: Use $host_cpu, not $host, when setting up the
5477 assembler path. Use $host_os, not uname, when setting up shared
5480 * Makefile.in (des.$(OBJEXT)): Use OBJEXT.
5482 * config.guess, config.sub: In the CVS tree, moved files to the
5483 lsh top-level directory.
5485 2005-10-23 Niels Möller <nisse@lysator.liu.se>
5487 * sparc64/arcfour-crypt.asm: New file, almost the same as
5488 sparc/arcfour-crypt.asm.
5490 * examples/nettle-benchmark.c (display): Use two decimal places.
5492 * sparc/arcfour-crypt.asm: Reorganized. Main loop unrolled four
5493 times. Uses aligned 32-bit write accesses at DST. Still uses 8-bit
5494 read accesses at SRC; could be improved int he case that SRC and
5495 DST have compatible alignment.
5497 2005-10-19 Niels Möller <niels@s3.kth.se>
5499 * testsuite/arcfour-test.c (test_main): New testcase with 512
5502 2005-10-19 Niels Möller <nisse@lysator.liu.se>
5504 * sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
5505 must order the store at [CTX+I] before the load of [CTX+SI+SJ].
5507 2005-10-18 Niels Möller <nisse@lysator.liu.se>
5509 * sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
5510 have compatible alignment. Improves performance by 20%, but I'm
5511 not sure it's worth the extra complexity.
5513 * bignum.c (nettle_mpz_from_octets): Removed sign argument. If
5514 mpz_import is available, define nettle_mpz_from_octets as a macro
5516 (nettle_mpz_from_octets): Start by setting x to zero; callers no
5517 longer need to do that.
5518 (nettle_mpz_set_str_256_s): New logic for the handling of negative
5519 numbers. Convert in the same way as for positive numbers, and then
5520 subtract the appropriate power of two.
5522 2005-10-17 Niels Möller <nisse@lysator.liu.se>
5524 * bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
5525 digit temporary (suggested by Torbjörn Granlund).
5527 * sparc/arcfour-crypt.asm: Improved instruction scheduling.
5529 * sparc/arcfour-crypt.asm: Bugfix, use lduh and stuh.
5531 * sparc/arcfour-crypt.asm: New file.
5533 * sparc64/aes.asm: Deleted unused file.
5535 * x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
5536 * asm.m4 (ARCFOUR): New struct.
5538 2005-10-17 Niels Möller <niels@s3.kth.se>
5540 * aes-internal.h (struct aes_table): Deleted idx and sparc_idx
5542 * aes-encrypt-table.c (_aes_encrypt_table): Likewise.
5543 * aes-decrypt.c (_aes_decrypt_table): Likewise.
5544 * asm.m4 (AES): Likewise
5546 2005-10-16 Niels Möller <nisse@lysator.liu.se>
5548 * tools/input.c (sexp_get_char): Use unsigned for the done flag.
5550 * sparc64/aes-encrypt-internal.asm: Include sparc/aes.m4.
5551 * sparc64/aes-decrypt-internal.asm: Likewise.
5553 * sparc64/machine.m4: Use .register pseudo op to say that we use
5554 %g2 and %g3 as scratch registers.
5556 * sparc/aes-encrypt-internal.asm: Explicitly include sparc/aes.m4.
5557 * sparc/aes-decrypt-internal.asm: Likewise.
5559 * sparc/aes.m4: New file. Moved aes-related macros here...
5560 * sparc/machine.m4: ... removed aes macros.
5562 * x86/aes-encrypt-internal.asm: Explicitly include x86/aes.m4.
5563 * x86/aes-decrypt-internal.asm: Likewise.
5565 * x86/aes.m4: New file. Moved aes-related macros here, from...
5566 * x86/machine.m4: ... removed aes macros.
5568 * sparc64/aes-encrypt-internal.asm: New file.
5569 * sparc64/aes-decrypt-internal.asm: New file.
5571 * sparc64/machine.m4: Include the same aes macros used for
5573 (BIAS): Define magic stack bias constant.
5575 * sparc/aes-encrypt-internal.asm, sparc/aes-decrypt-internal.asm:
5576 Reduced frame size to 104 bytes, since we no longer need wtxt and
5579 * sparc/aes.asm: Deleted old aes implementation.
5581 * sparc/aes-decrypt-internal.asm: New file.
5583 * sparc/machine.m4: Don't use m4 eval, instead rely on the
5584 assembler's arithmetic.
5586 * sparc/machine.m4 (AES_FINAL_ROUND): Better scheduling, by
5587 interleaving independent operations.
5589 * sparc/machine.m4 (TMP3): A third temporary register.
5590 (AES_FINAL_ROUND): Prepared for scheduling.
5592 * sparc/machine.m4 (AES_ROUND): Deleted unused argument T. Updated
5593 all calls in aes-encrypt-internal.asm.
5595 * sparc/machine.m4 (AES_ROUND): New loop invariants T0-T3, to
5596 avoid the additions of the AES_TABLEx constants in the inner loop.
5598 * sparc/machine.m4 (AES_ROUND): Better scheduling, by
5599 interleaving independent operations.
5601 * sparc/machine.m4 (AES_ROUND): Alternate between using TMP1 and
5602 TMP2, to prepare for scheduling.
5604 * sparc/aes-encrypt-internal.asm: Renamed Ti -> Xi.
5606 * sparc/aes-encrypt-internal.asm: Fixed bugs. Now passes the
5609 * sparc/machine.m4 (AES_ROUND, AES_FINAL_ROUND): Bugfixes. Put
5610 NOPs in the load dely slots.
5612 * sparc/aes-encrypt-internal.asm: Implemented. Not yet working,
5615 * sparc/machine.m4: Use TMP1 and TMP2, so we don't need to pass
5617 (AES_FINAL_ROUND): New macro.
5619 2005-10-15 Niels Möller <nisse@lysator.liu.se>
5621 * configure.ac (OBJDUMP): Substitute the program false if objdump
5624 * asm.m4 (PROLOGUE): Use TYPE_FUNCTION.
5626 * config.m4.in: Substitute ASM_TYPE_FUNCTION as TYPE_FUNCTION.
5628 * configure.ac (ASM_ELF_STYLE): Check for %function and #function,
5629 but not for @function.
5630 (ASM_TYPE_FUNCTION): New substituted variable.
5632 * configure.ac (ASM_ELF_STYLE): Fixed .type foo,@function statement
5633 used when checking for pseudo operations.
5635 * sparc/machine.m4 (AES_LOAD, AES_ROUND): Started writing new AES
5638 * sparc/aes-encrypt-internal.asm: New file.
5640 2005-10-14 Niels Möller <nisse@lysator.liu.se>
5642 * x86/aes-decrypt.asm, x86/aes-encrypt.asm: Deleted files.
5644 * x86/aes-decrypt-internal.asm: New file.
5646 * x86/machine.m4: Changed AES macros, to handle a table register.
5647 Also take more of the used registers as argument.
5649 * x86/aes-encrypt-internal.asm: Rewritten to match new interface,
5650 with the table pointer as an argument. Unlike the old code, this
5651 should really be position independent.
5653 * configure.ac: When looking for assembler files, link in
5654 aes-encrypt-internal.asm and aes-decrypt-internal.asm. Don't look
5655 for aes.asm, aes-encrypt.asm and aes-decrypt.asm.
5657 * configure.ac (OBJDUMP): Use AC_CHECK_TOOL to check for objdump.
5658 (ASM_MARK_NOEXEC_STACK): Use $OBJDUMP when examining the object file.
5660 * Makefile.in (nettle_SOURCES): Removed aes.c,
5661 aes-decrypt-table.c. Added aes-decrypt-internal.c and aes-encrypt-internal.c.
5663 * aes.c, aes-decrypt-table.c: Deleted files.
5665 * aes-decrypt.c (_aes_decrypt_table): Moved table here, and made
5668 * aes-internal.h (_aes_decrypt_table): Don't declare, it's no
5669 longer globally visible.
5671 * aes-decrypt-internal.c (_nettle_aes_decrypt): New AES decryption
5672 function, analogous to _nettle_aes_encrypt.
5674 2005-10-14 Niels Möller <niels@s3.kth.se>
5676 * aes-internal.h (AES_ROUND, AES_FINAL_ROUND): New macros.
5678 * aes-encrypt-internal.c (_nettle_aes_encrypt): New AES encryption
5679 function, avoiding the table-based indexing.
5681 * sha1-compress.c: Added debugging code.
5682 * md5-compress.c: Likewise.
5684 2005-10-13 Niels Möller <niels@s3.kth.se>
5686 * config.m4.in (ASM_MARK_NOEXEC_STACK): Use a diversion, to
5687 substitute the value of ASM_MARK_NOEXEC_STACK at the end of each
5690 * configure.ac (ASM_MARK_NOEXEC_STACK): Check if the C compiler
5691 generates a .note.GNU-stack section. If so, we should do the same
5692 in our assembler files.
5694 * sparc64/aes.asm: New file. Copy of sparc/aes.asm, with minor
5695 changes to the stack frame layout. Patch contributed by Henrik
5696 Grubbström. Not yet tested.
5698 * x86/md5-compress.asm: Skip copying of input to the stack, and
5699 don't allocate space for it.
5702 * testsuite/md5-test.c: Document intermediate values for first
5705 * configure.ac (asm_path): Check for sparc64, and use sparc64
5706 subdirectory. Link in md5-compress.asm, if it exists.
5708 2005-10-13 Niels Möller <nisse@lysator.liu.se>
5710 * x86/md5-compress.asm (REF): Fixed calculation of offset.
5712 2005-10-12 Niels Möller <nisse@lysator.liu.se>
5714 * x86/machine.m4 (OFFSET): Moved macro, used to be in...
5715 * x86/sha1-compress.asm (OFFSET): ... removed macro.
5717 * x86/md5-compress.asm: New file, with first attempt at md5
5718 assembler. Not yet working.
5720 2005-10-11 Niels Möller <nisse@lysator.liu.se>
5722 * Makefile.in (nettle_SOURCES): Added md5-compress.c.
5724 * md5.c: Reorganized to use _nettle_md5_compress, in analogy with
5727 * md5-compress.c (_nettle_md5_compress): New file and new function.
5729 2005-10-10 Niels Möller <niels@s3.kth.se>
5731 * testsuite/Makefile.in (EXTRA_SOURCES, EXTRA_TARGETS): New
5732 variables, for test cases that are not run by default.
5734 * testsuite/sha1-huge-test.c (test_main): New test case, with a
5735 very large sha1 input.
5737 * testsuite/testutils.c (test_hash_large): New function.
5739 * sha1.c (sha1_block): Deleted function; inlined where used.
5740 (SHA1_INCR): New macro for incrementing the block count.
5742 2005-10-06 Niels Möller <nisse@lysator.liu.se>
5744 * configure.ac: Bumped version to 1.14.
5746 * Released nettle-1.13.
5748 * configure.ac: Check for openssl/aes.h.
5750 * Makefile.in (distdir): Use a loop to pick up the contents of
5751 $(DISTFILES) from source and build directories. For some reason,
5752 $? failed to find stamp-h.in in the source directory.
5754 2005-10-05 Niels Möller <nisse@lysator.liu.se>
5756 * x86/aes-decrypt.asm: Use C_NAME(_nettle_aes_decrypt_table) when
5757 using the AES_SUBST_BYTE macro. Use PROLOGUE and EPILOGUE.
5758 * x86/sha1-compress.asm: Use PROLOGUE and EPILOGUE.
5759 * x86/arcfour-crypt.asm: Likewise.
5760 * x86/aes-encrypt.asm: Likewise.
5762 * config.m4.in (ELF_STYLE): Substitute configure's ASM_ELF_STYLE.
5764 * asm.m4 (PROLOGUE, EPILOGUE): New macros, checking the value of
5765 ELF_STYLE. So far, used and tested only for the x86 assembler
5766 files, and needed to make the assembler happy both with ELF
5767 (linux, solaris) and COFF (windows).
5769 * configure.ac (NM): Use AC_CHECK_TOOL to check for nm.
5770 (ASM_SYMBOL_PREFIX): Use $NM when examining the object file.
5771 (ASM_ELF_STYLE): New variable. Set to 'yes' if assembling a file
5772 with ELF-style .type and .size pseudo ops works.
5774 * Makefile.in (TARGETS, DISTFILES): Added nettle.pdf.
5775 (.texinfo.dvi, .dvi.ps, .ps.pdf): New targets, to build nettle.pdf.
5776 (DOCTARGETS): New variable with targets that shouldn't be deleted
5778 (maintainer-clean-here): New target. Deletes generated
5779 documentation files.
5781 * nettle.texinfo: Define AUTHOR with accents, when running in TeX
5782 mode, which doesn't handle latin-1 properly. Set UPDATED-FOR to
5783 1.13. Updated copyright years, and introduced a COPYRIGHT-YEARS
5784 symbol. Updated copyright section, to mention assembler
5786 (Cipher modes): Transformed the Cipher Block Chaining to a section
5787 Cipher modes, describing both CBC and the new CTR mode.
5789 * src/nettle/x86/aes_tables.asm: Deleted unused file.
5791 * x86/aes.asm: Deleted contents. This file is needed just to
5792 override aes.c, which isn't needed for the x86 implementation.
5794 * configure.ac (SHLIBMINOR): Increased minor number. Library
5795 version is now libnettle.so.2.4, soname still libnettle.so.2.
5797 * examples/nettle-benchmark.c (main): Reordered hash benchmarks.
5799 * x86/sha1-compress.asm (EXPAND): Use % 16 instead of & 15 to
5800 compute offsets mod 16, since m4 on FreeBSD 49.RELEASE and NetBSD
5801 doesn't implement & correctly in eval.
5803 2005-10-03 Niels Möller <nisse@lysator.liu.se>
5805 * x86/sha1-compress.asm (OFFSET): New macro.
5806 (F3): Eliminated a movl.
5807 (ROUND): New argument, for k. When using F3, it's TMP3, on the
5808 stack, otherwise, it is kept in TMP2, a register.
5810 2005-10-03 Niels Möller <niels@s3.kth.se>
5812 * examples/nettle-openssl.c: Use correct block sizes for openssl
5815 * examples/nettle-benchmark.c: Also display cycles per block.
5817 2005-10-02 Niels Möller <nisse@lysator.liu.se>
5819 * sha1-compress.c (_nettle_sha1_compress): Updated to new
5820 interface. Now responsible for byte conversion.
5822 * x86/sha1-compress.asm (_nettle_sha1_compress): Do byte order
5823 conversion, and store the input data on the stack. This leaves one
5824 more register free for other uses.
5826 * examples/nettle-benchmark.c: Now display cycles/byte, if the -f
5827 option is used to say what the clock frequency is.
5829 * sha1.c (sha1_block): Don't convert data from uint8_t to
5830 uint32_t, that's now the responsibility of _nettle_sha1_compress.
5832 * sha.h (_nettle_sha1_compress): Changed interface. Second
5833 argument is now a pointer to the input data in unaligned,
5836 2005-09-28 Niels Möller <niels@s3.kth.se>
5838 * sha1.c (sha1_final): Call sha1_block, don't call the compression
5839 function _nettle_sha1_compress directly.
5841 * nettle-internal.h (nettle_openssl_md5)
5842 (nettle_openssl_sha1): Declare.
5844 * examples/nettle-benchmark.c (main): Benchmark openssl md5 and
5847 * examples/nettle-openssl.c (nettle_openssl_md5)
5848 (nettle_openssl_sha1): Added glue for openssl hash functions.
5850 * nettle-internal.h (nettle_openssl_aes128, nettle_openssl_aes192)
5851 (nettle_openssl_aes256, nettle_openssl_arcfour128): Declare.
5853 * examples/nettle-benchmark.c: Check WITH_OPENSSL, not
5854 HAVE_LIBCRYPTO. Benchmark openssl's aes and arcfour code.
5856 * examples/nettle-openssl.c: Updated openssl des glue to use the
5857 new openssl des interface. Added glue for arcfour and aes.
5859 2005-09-27 Niels Möller <nisse@lysator.liu.se>
5861 * nettle.texinfo (RSA): Improved text about the RSA patent.
5862 Use @documentencoding ISO-8859-1.
5864 2005-09-07 Niels Möller <niels@s3.kth.se>
5866 * tools/sexp-conv.c (parse_options): New option --raw-hash, for
5867 compatibility with lsh-1.x. Equivalent to --hash.
5869 2005-09-06 Niels Möller <niels@s3.kth.se>
5871 * tools/sexp-conv.c (main): With --hash, output a newline after
5874 2005-07-02 Niels Möller <nisse@lysator.liu.se>
5876 * testsuite/Makefile.in (TS_SOURCES): Added ctr-test.c.
5878 * testsuite/testutils.c (test_cipher_ctr): New function.
5880 * testsuite/ctr-test.c: New file.
5882 * testsuite/cbc-test.c (test_main): Use static const for msg.
5884 * Makefile.in (nettle_SOURCES): Added ctr.c.
5885 (HEADERS): Added ctr.h.
5886 (HEADERS): Added nettle-types.h.
5887 (INSTALL_HEADERS): Install nettle-stdint.h.
5888 (distclean-here): Delete nettle-stdint.h, not nettle-types.h.
5890 * ctr.c (ctr_crypt): New file, new function.
5892 * memxor.c (memxor3): New function, suggested by Adam Langley.
5894 * nettle-internal.h (NETTLE_MAX_CIPHER_BLOCK_SIZE): New constant.
5896 * nettle.texinfo (Cipher functions): Fixed typo in prototype for
5897 arctwo_encrypt (noticed by Adam Langley).
5899 * nettle-meta.h: No longer needs to include cbc.h.
5901 * cbc.h (nettle_crypt_func): Moved typedef to nettle-types.h.
5902 (CBC_ENCRYPT, CBC_DECRYPT): Deleted older #if:ed out versions.
5904 * configure.ac (AX_CREATE_STDINT_H): Use the file name
5905 nettle-stdint.h, not nettle-types.h.
5907 * nettle-types.h: New file. Automatically generated declarations
5908 are now in nettle-stdint.h.
5910 2005-03-17 Niels Möller <niels@s3.kth.se>
5912 * config.guess: Support Solaris on x86_64. Fix by Henrik
5915 2005-01-03 Niels Möller <niels@s3.kth.se>
5917 * examples/io.h: Include RSA declarations only when public key
5918 algorithms are enabled. Problem reported by Meilof Veeningen
5921 2004-12-07 Niels Möller <nisse@lysator.liu.se>
5923 * Makefile.in: Install directories, using $(INSTALL) -d, only if
5924 they don't exist already.
5926 2004-12-05 Niels Möller <nisse@lysator.liu.se>
5928 * config.make.in (.PRECIOUS): Reverted earlier change. We need
5929 .PRECIOUS to stop GNU make from deleting object files for the test
5932 2004-12-02 Niels Möller <nisse@lysator.liu.se>
5934 * Makefile.in (.SUFFIXES): Moved from Makefile.in to...
5935 * config.make.in (.SUFFIXES): ... here. This helps compilation
5937 * testsuite/Makefile.in (.SUFFIXES): Deleted target.
5939 * config.make.in (.c): Disable default rule for BSD-make.
5941 * Makefile.in (all check install uninstall)
5942 (clean distclean mostlyclean maintainer-clean): Don't use the -C
5943 flag when invoking make, for compatibility with Solaris make.
5945 2004-12-02 Niels Möller <niels@s3.kth.se>
5947 * Makefile.in (aesdata, desdata): Commented out the explicit
5949 (shadata): Avoid using $< in non-pattern rule.
5951 2004-12-01 Niels Möller <nisse@lysator.liu.se>
5953 * config.make.in: Added a default target.
5955 2004-11-29 Niels Möller <nisse@lysator.liu.se>
5957 * testsuite/Makefile.in: Use .$(OBJEXT). Explicitly set .SUFFIXES.
5959 * Makefile.in: Use .$(OBJEXT).
5961 2004-11-28 Niels Möller <nisse@lysator.liu.se>
5963 * tools/Makefile.in (nettle-lfib-stream): Avoid using $< in
5966 * Makefile.in (distdir): Handle absolute $distdir.
5967 Avoid using the GNU extension $^.
5969 * examples/Makefile.in: Avoid using the GNU extension $^.
5970 * tools/Makefile.in: Likewise.
5971 * testsuite/Makefile.in: Likewise.
5973 2004-11-24 Niels Möller <niels@s3.kth.se>
5975 * configure.ac: Fixed typo, preventing the creation of dependency
5978 2004-11-23 Niels Möller <nisse@lysator.liu.se>
5980 * Makefile.in: Use DEP_INCLUDE.
5981 * tools/Makefile.in: Likewise.
5982 * testsuite/Makefile.in: Likewise.
5983 * examples/Makefile.in: Likewise.
5985 * configure.ac (dummy-dep-files): Generate only of dependency
5986 tracking is enabled.
5988 2004-11-18 Niels Möller <nisse@lysator.liu.se>
5990 * Makefile.in (clean-here): The clean target should not delete the
5991 dependency files. Moved to the distclean target.
5992 * examples/Makefile.in: Likewise.
5993 * testsuite/Makefile.in: Likewise.
5994 * tools/Makefile.in: Likewise.
5996 * configure.ac (ASM_SYMBOL_PREFIX): Fixed test.
5997 (dummy-dep-files): Added quotes to sed command.
5999 2004-11-17 Niels Möller <nisse@lysator.liu.se>
6001 * testsuite/symbols-test: Try plain nm if nm -g doesn't work.
6003 * x86/sha1-compress.asm: Use C_NAME for global symbols.
6004 * x86/aes-encrypt.asm: Likewise.
6005 * x86/aes-decrypt.asm: Likewise.
6006 * x86/arcfour-crypt.asm: Likewise.
6008 * Makefile.in (config.m4): New rule.
6010 * config.m4.in (C_NAME): New macro.
6012 * configure.ac (ASM_SYMBOL_PREFIX): Check if global symbols have a
6015 2004-11-16 Niels Möller <nisse@lysator.liu.se>
6017 * Deleted getopt.c, getopt.h and getopt1.c from the CVS tree. Link
6018 them from shared copies in lsh/misc instead.
6020 2004-11-14 Niels Möller <nisse@lysator.liu.se>
6022 * Makefile.in (DEP_FILES): Try include with only one macro
6023 argument to be expanted.
6025 * configure.ac (dummy-dep-files): Create dummy dependency files,
6026 so that they can be included by the makefiles.
6028 2004-11-13 Niels Möller <nisse@lysator.liu.se>
6030 * Makefile.in: Don't use -include, as it's GNU make specific.
6031 * examples/Makefile.in, tools/Makefile.in, testsuite/Makefile.in:
6034 * examples/nettle-openssl.c: Check WITH_OPENSSL, not HAVE_LIBCRYPTO.
6036 * configure.ac: Check for individual openssl headers blowfish.h,
6037 cast.h, des.h. Renamed symbol HAVE_LIBCRYPTO to WITH_OPENSSL. New
6038 configure option --disable-openssl.
6040 2004-11-04 Niels Möller <nisse@lysator.liu.se>
6042 * configure.ac: Bumped version to 1.13.
6044 * Released nettle-1.12.
6046 2004-11-04 Niels Möller <niels@s3.kth.se>
6048 * nettle.texinfo (UPDATED-FOR): Bumped to 1.12.
6050 2004-11-02 Niels Möller <nisse@lysator.liu.se>
6052 * nettle.texinfo (Cipher functions): Updated AES documentation,
6053 for aes_set_encrypt_key and aes_set_decrypt_key.
6054 (UPDATED-FOR): Set to 1.11. I think the manual should be updated
6055 with all user-visible changes.
6057 * aclocal.m4 (LSH_DEPENDENCY_TRACKING): Need extra quoting in case
6058 pattern. (This file really lives in the lsh tree, as
6059 lsh/acinclude.m4. For a complete ChangeLog, see lsh/Changelog).
6061 2004-10-26 Niels Möller <nisse@lysator.liu.se>
6063 * configure.ac: Bumped version to 1.12.
6065 * Released nettle-1.11.
6067 * Makefile.in (clean-here): Delete *.s files.
6068 (PRE_CPPFLAGS): Use this variable, not INCLUDES. Removed
6071 * x86/arcfour-crypt.asm: Use movzbl when extending %cl to 32 bits.
6073 2004-10-24 Niels Möller <nisse@lysator.liu.se>
6075 * x86/arcfour-crypt.asm: Reverted the latest two changes; update
6076 bost src and dst pointers in the loop, and use plain addb when
6077 updating j. These two previous changes slowed the code down on AMD
6080 2004-10-21 Niels Möller <nisse@lysator.liu.se>
6082 * Makefile.in (install-shared): Use $(INSTALL_PROGRAM).
6084 * configure.ac (SHLIBMINOR): Updated, shared library version is
6085 now libnettle.so.2.3, soname still libnettle.so.2.
6087 * Makefile.in (DISTFILES): Added asm.m4.
6089 2004-10-21 Niels Möller <niels@s3.kth.se>
6091 * examples/Makefile.in: Deleted all configure-related rules,
6092 except the one rebuilding this Makefile. One should run make at
6093 top level if other configure related files change.
6094 * tools/Makefile.in: Likewise.
6095 * testsuite/Makefile.in: Likewise.
6097 * configure.ac: Replaced AC_OUTPUT(list...) with an AC_OUTPUT
6098 without arguments, and AC_CONFIG_FILES listing the files.
6100 * Makefile.in: Changed the assembler rules as suffix rules.
6101 Rewrote the configure-related rules, mostly based on the example
6102 in the autoconf manual.
6104 2004-10-20 Niels Möller <nisse@lysator.liu.se>
6106 * examples/nettle-openssl.c (NCOMPAT): Disable openssl backwards
6109 * config.make.in: Insert $(PRE_CPPFLAGS) and $(PRE_LDFLAGS) before
6110 $(CPPFLAGS) and $(LDFLAGS). This mechanism replaces $(INCLUDES).
6112 * examples/Makefile.in (PRE_CPPFLAGS, PRE_LDFLAGS): Use these
6113 flags to get -I.. and -L.. early on the command line.
6114 * testsuite/Makefile.in: Likewise
6115 * tools/Makefile.in: Likewise.
6117 2004-10-20 Niels Möller <niels@s3.kth.se>
6119 * Makefile.in: In the assembler rules, there's no need to look in
6120 $(srcdir) for the input file.
6122 * x86/arcfour-crypt.asm: Reduced inner loop by one instruction, by
6123 precomputing the offset between src and dst.
6125 * tools/Makefile.in (.c.$(OBJEXT)): Removed redundant -I.. flag.
6127 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replaced addb ->
6128 addl + andl $0xff, improving speed on PPro by another 15%.
6130 2004-10-20 Niels Möller <nisse@lysator.liu.se>
6132 * tools/Makefile.in (install): Support DESTDIR.
6133 (uninstall): New target.
6135 * testsuite/Makefile.in (uninstall): New dummy target.
6137 * config.sub: Copied from automake-1.8.5.
6139 * examples/Makefile.in (SOURCES): Added rsa-sign.c and rsa-verify.c.
6140 (DISTFILES): Added getopt.h.
6141 (install uninstall): New dummy targets.
6143 * config.make.in (.PHONY): Added more targets.
6145 * Makefile.in (.texinfo.info, .texinfo.html): New targets. Added
6146 support for uninstall and DESTDIR. Various fixes to install and
6149 * examples/Makefile.in (INCLUDES): Added -I flags.
6150 (distdir): Use $^ to refer to the files.
6151 (distclean): New target.
6152 * testsuite/Makefile.in: Likewise.
6153 * tools/Makefile.in: Likewise.
6155 * Makefile.in (INCLUDES): Need -I flags for VPATH build.
6156 (clean distclean mostlyclean maintainer-clean): Clean
6157 subdirectories first.
6158 (DISTFILES): Added a bunch of files.
6159 (des_headers): Added desCore rules.
6160 (install-here): Split off target install-headers, which uses $^ to
6162 (distdir): Use $^ to refer to the files.
6165 * config.make.in (COMPILE): Add $(INCLUDE) to the line.
6167 2004-10-19 Niels Möller <nisse@lysator.liu.se>
6169 Stop using automake. Replaced each Makefile.am with a hand-written
6171 * configure.ac: New output variable CCPIC_MAYBE. New output file
6172 config.make. Replaced automake constructions.
6173 * .bootstrap: Don't run aclocal and automake.
6174 * config.make.in: New file, with shared Makefile variables and rules.
6176 2004-10-18 Niels Möller <nisse@lysator.liu.se>
6178 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replace incb ->
6179 incl + andl, to improve speed on PPro and PII. Suggested by
6182 2004-10-08 Niels Möller <niels@s3.kth.se>
6184 * examples/rsa-encrypt-test: Avoid reading and executing a file at
6186 * examples/setup-env: Likewise.
6188 2004-10-06 Niels Möller <niels@s3.kth.se>
6190 * testsuite/symbols-test: Ignore __i686.get_pc_thunk.bx and
6193 2004-10-05 Niels Möller <nisse@lysator.liu.se>
6195 * twofish.c (q_table): Use a const pointer array.
6197 * sexp2dsa.c (dsa_keypair_from_sexp_alist): Use a const pointer
6198 array for the keywords.
6199 (dsa_signature_from_sexp): Likewise.
6200 * sexp2rsa.c (rsa_keypair_from_sexp_alist): Likewise.
6201 (rsa_keypair_from_sexp): Likewise.
6203 * sexp.c (sexp_iterator_check_types): Use an argument of type
6204 "const uint8_t * const *" for the types list.
6205 (sexp_iterator_assoc): Likewise, for the keys list.
6207 * list-obj-sizes.awk: Fixes to handle multiple .data and .rodata
6208 sections. Also fixed to handle the last file correctly.
6210 2004-09-23 Niels Möller <nisse@lysator.liu.se>
6212 * configure.ac (SHLIBLINK, SHLIBLIBS): On cygwin, linking needs
6213 -Wl,--whole-archive $(OBJECTS) -Wl,--no-whole-archive $(LIBS).
6215 2004-09-22 Niels Möller <niels@s3.kth.se>
6217 * configure.ac: Setup SHLIBFORLINK and friends for cygwin.
6219 * list-obj-sizes.awk: Strip *_a-prefix from all file names.
6221 * Makefile.am (libnettle_a_SOURCES): List only .c files. Headers
6222 moved to noinst_HEADERS.
6223 (SHLIBOBJECTS): Substitute from libnettle_a_SOURCES, not
6224 am_libnettle_a_OBJECTS, since the latter includes
6225 libnettle_a-prefixes with some automake versions.
6226 (SHLIBSONAME): Check if this name is empty, which is the case on
6227 cygwin, before using it.
6229 2004-08-31 Niels Möller <nisse@lysator.liu.se>
6231 * configure.ac: New command line option --disable-pic. Use
6234 * Makefile.am (libnettle_a_CFLAGS): Added $(CCPIC), to attempt to
6235 build also the static library as position independent code.
6237 2004-08-24 Niels Möller <nisse@lysator.liu.se>
6239 * des-compat.c (des_cbc_cksum): Pad input with NUL's, if it's not
6240 an integral number of blocks.
6242 2004-08-24 Niels Möller <niels@s3.kth.se>
6244 * testsuite/arctwo-test.c, arctwo.h, arctwo.c
6245 (arctwo_set_key_ekb): Fixed typo; it should be "ekb", not "ebk".
6247 Integrated arctwo patch from Simon Josefsson.
6248 * testsuite/Makefile.am (noinst_PROGRAMS): Added arctwo-test.
6250 * Makefile.am (libnettleinclude_HEADERS): Added arctwo.h.
6251 (libnettle_a_SOURCES): Added arctwo.c, arctwo.h and arctwo-meta.c.
6253 * nettle-meta.h (nettle_arctwo40, nettle_arctwo64)
6254 (nettle_arctwo64, nettle_arctwo_gutmann128): Declare ciphers.
6256 * arctwo-meta.c, arctwo.c, arctwo.h, testsuite/arctwo-test.c: New
6259 * macros.h (LE_READ_UINT16, LE_WRITE_UINT16): New macros.
6261 2004-08-23 Niels Möller <nisse@lysator.liu.se>
6263 * testsuite/md5-test.c (test_main): Added collision, found in 2004.
6264 (test_main): Added second collision.
6266 2004-08-23 Niels Möller <niels@s3.kth.se>
6268 * testsuite/md5-test.c (test_main): Added first half of a
6269 collision test case.
6271 * des-compat.c (des_cbc_cksum): Changed input argument to be of
6272 type const uint8_t * (was const des_cblock *).
6274 * des-compat.h (const_des_cblock): New bogus type. Disabled use of
6275 const, for compatibility with openssl.
6277 2004-06-08 Niels Möller <niels@s3.kth.se>
6279 * aesdata.c: Renamed log and ilog to gf2_log and gf2_exp.
6281 2004-04-07 Niels Möller <nisse@lysator.liu.se>
6283 * aes-set-encrypt-key.c (log, ilog): Deleted unused tables.
6285 * aes-set-decrypt-key.c (gf2_log, gf2_exp, mult): Renamed tables,
6288 2004-03-20 Niels Möller <nisse@lysator.liu.se>
6290 * configure.ac: Use AC_CONFIG_AUX_DIR([.]).
6292 2004-03-18 Niels Möller <niels@s3.kth.se>
6294 * examples/io.c (read_file): Display a message if fopen fails.
6296 2004-03-05 Niels Möller <nisse@lysator.liu.se>
6298 * Released nettle-1.10.
6300 * configure.ac (SHLIBMINOR): Shared library version is now 2.2.
6302 2004-03-04 Niels Möller <nisse@lysator.liu.se>
6304 * testsuite/symbols-test: Pass -g flag to nm.
6306 2004-03-02 Niels Möller <nisse@lysator.liu.se>
6308 * configure.ac: Fixed EXEEXT workaround.
6310 2004-03-02 Niels Möller <niels@s3.kth.se>
6312 * configure.ac: Added workaround to get the correct $(EXEEXT)=''
6313 when compiling with rntcl.
6315 2004-03-02 Niels Möller <nisse@lysator.liu.se>
6317 * testsuite/Makefile.am (noinst_PROGRAMS): Put test program list
6318 here, to let automake add $(EXEEXT).
6320 * configure.ac (RSA_EXAMPLES): Append $(EXEEXT) to the filenames.
6322 2004-03-01 Niels Möller <nisse@lysator.liu.se>
6324 * examples/rsa-keygen.c, examples/rsa-encrypt.c,
6325 examples/rsa-decrypt.c: Include "getopt.h" instead of <unistd.h>.
6327 * examples/Makefile.am (rsa_encrypt_SOURCES, rsa_decrypt_SOURCES)
6328 (rsa_keygen_SOURCES): Added getopt.h, getopt.c and getopt1.c.
6330 * examples/getopt.h, examples/getopt.c, examples/getopt1.c: New
6333 * testsuite/des-compat-test.c: Don't include <unistd.h>.
6335 * testsuite/testutils.c (main): Don't use getopt. Then we don't
6336 need to include <unistd.h>.
6338 2004-03-01 Niels Möller <niels@s3.kth.se>
6340 * config.guess: Copied from automake-1.8.2. Hacked to recognize
6341 Windows_NT (and Windows_95 and Windows_98) running on "x86" and
6344 * install-sh: Removed from CVS repository. Let automake supply it.
6346 2004-02-26 Niels Möller <nisse@lysator.liu.se>
6348 * nettle-meta.h (nettle_crypt_func): Typedef moved to cbc.h.
6349 Include cbc.h instead.
6351 * des-compat.c: Reverted const change, now all the des_key_sched
6352 arguments are not const. This is also what openssl's interface
6354 (cbc_crypt_func): Deleted typedef, use nettle_crypt_func instead.
6356 * cbc.h (nettle_crypt_func): Moved typedef here.
6357 * cbc.c (cbc_encrypt, cbc_decrypt_internal, cbc_decrypt): Use it
6358 for typing the f argument. Reverted the const change, for
6359 compatibility with nettle_crypt_func.
6361 2004-02-25 Niels Möller <nisse@lysator.liu.se>
6363 * testsuite/des-compat-test.c: Use des_cblock for typing more of
6364 the variables. Use const. Got rid of most of the explicit casts.
6365 Disabled the input/output alignment tests.
6367 * des.c (des_encrypt, des_decrypt): Use a const context pointer.
6368 * des3.c (des3_encrypt, des3_decrypt): Likewise.
6370 * cbc.c (cbc_encrypt, cbc_decrypt): Use a _const_ void *ctx argument.
6372 * des-compat.c: Use const for all unchanged arguments.
6373 (des_key_sched): Use a copy of the key if we need to fix the
6376 * testsuite/des-compat-test.c (C_Block, Key_schedule): Deleted
6377 defines. Deleted some of the explicit casts.
6379 * des-compat.c (des_cbc_cksum): Dereference DST pointer.
6381 2004-02-25 Niels Möller <niels@s3.kth.se>
6383 * pgp.h: Include nettle-types.h.
6385 2004-02-24 Niels Möller <nisse@lysator.liu.se>
6387 * testsuite/symbols-test: Allow symbols starting with double
6388 underscores, like on darwin.
6390 2004-02-17 Niels Möller <niels@s3.kth.se>
6392 * Makefile.am: Protected %-rules used for building pure objects,
6393 and for assembler files, by automake conditionals. Needed for
6394 makes such as tru64's, which tries to understand %-patterns, but
6395 doesn't get it right.
6396 (SUFFIXES): Added .html.
6397 (.texinfo.html): Rewrote rule to use a traditional suffix target.
6399 * configure.ac (enable_assembler): Explicitly set
6400 enable_assembler=no, on architectures where we have no assembler
6402 (ENABLE_ASSEMBLER, ENABLE_SHARED): New automake conditionals.
6404 * testsuite/testutils.c (xalloc): xalloc(0) should work also on
6405 systems where malloc(0) returns NULL.
6407 2004-02-16 Niels Möller <niels@s3.kth.se>
6409 * Makefile.am (%.o: %.asm): Added comment about OSF1 make problem.
6411 2004-02-15 Niels Möller <nisse@lysator.liu.se>
6413 * testsuite/testutils.h: #include nettle-types.h instead of
6416 2004-02-12 Niels Möller <nisse@lysator.liu.se>
6418 * examples/rsa-encrypt-test: Use -r option when invoking
6419 rsa-encrypt. Needed for the test to work on systems with no
6422 2004-02-12 Niels Möller <niels@s3.kth.se>
6424 * configure.ac (CPPFLAGS, LDFLAGS): No spaces after -I and -L, as
6425 some C compilers, in particular True64 cc, don't like that.
6427 2004-02-08 Niels Möller <nisse@lysator.liu.se>
6429 * configure.ac: Bumped version number to 1.10.
6431 2004-02-07 Niels Möller <nisse@lysator.liu.se>
6433 * Released nettle-1.9.
6435 * configure.ac (SHLIBMINOR): Bumped, library version is now 2.1.
6437 * testsuite/sexp-format-test.c: Include bignum.h only if HAVE_LIBGMP.
6438 * testsuite/rsa-encrypt-test.c: Include rsa.h only if WITH_PUBLIC_KEY.
6439 * testsuite/pkcs1-test.c: Include pkcs1.h only if WITH_PUBLIC_KEY.
6441 * pgp-encode.c [!HAVE_LIBGMP]: Kludge around the pgp.h's
6442 dependency on gmp.h.
6443 (pgp_put_mpi): Condition on HAVE_LIBGMP.
6445 * pgp.h: Don't include bignum.h, to make it possible to compile
6446 the non-bignum parts of pgp-encode.c without bignum support. Needs
6447 to be fixed properly before the pgp interface is advertised.
6449 * tools/sexp-conv.c (xalloc): New function.
6452 * tools/output.c (sexp_put_digest): Use TMP_DECL instead of alloca.
6454 * testsuite/testutils.c (xalloc): New function. Made all other
6455 functions use xalloc instead of alloca.
6457 * examples/rsa-keygen.c (main): Use xalloc for allocation.
6458 * examples/rsa-encrypt.c (write_bignum): Likewise.
6459 * examples/rsa-decrypt.c (read_bignum): Likewise.
6460 * testsuite/yarrow-test.c (open_file): Likewise.
6461 * testsuite/rsa-encrypt-test.c (test_main): Likewise.
6462 * testsuite/bignum-test.c (test_bignum): Likewise.
6464 * examples/nettle-openssl.c: When calling des_key_sched and
6465 des_ecb_encrypt, cst arguments to (void *). Openssl's typedefs
6466 des_cblock and const_des_cblock are too broken.
6468 * examples/nettle-benchmark.c (xalloc): New function. Use instead
6469 of alloca, for better portability.
6471 * examples/io.c (xalloc): New function.
6473 * Makefile.am (nodist_libnettleinclude_HEADERS): nettle-types.h
6474 should not be distributed.
6476 2004-02-06 Niels Möller <niels@s3.kth.se>
6478 * x86/sha1-compress.asm: Rename round -> ROUND.
6480 * x86/sha1-compress.asm: Store the magic constants on stack.
6481 Accessing them via %esp should be a little faster than using large
6484 * Makefile.am (EXTRA_DIST, DISTCLEANFILES): Handle
6487 * configure.ac: Use assembler file sha1-compress.asm if available.
6489 * x86/sha1-compress.asm (EXPAND): Fixed the rotation part of the
6492 2004-02-06 Niels Möller <nisse@lysator.liu.se>
6494 * x86/sha1-compress.asm: Assembler implementation of
6495 sha1_compress. (Not yet working).
6497 * Makefile.am (libnettle_a_SOURCES): Added sha1-compress.c.
6499 * sha1.c (sha1_transform): Function renamed to sha1_compress, and
6501 * sha1-compress.c: ... New file.
6503 2004-02-05 Niels Möller <nisse@lysator.liu.se>
6505 * examples/rsa-encrypt.c (process_file): Copy the leftover to the
6506 start of the buffer, when preparing for the final processing.
6508 * examples/nettle-benchmark.c (bench_hash, time_hash): New functions.
6509 (main): Benchmark hash functions too.
6510 (BENCH_BLOCK): Increased 10K.
6511 (BENCH_INTERVAL): Decreased to 0.25s.
6513 * examples/nettle-benchmark.c (time_function): Loop around calling
6514 f, until 1s has elapsed. Returns seconds per call. Updated bench
6515 functions to not loop themselves.
6516 (display): Updated MB/s calculation.
6518 * testsuite/arcfour-test.c (test_main): Use test_cipher_stream.
6520 * testsuite/testutils.c (test_cipher_stream): New function, that
6521 tries dividing the input into varying size blocks before
6524 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Bug fix, half of
6525 the S array swap was forgotten.
6526 * arcfour.c (arcfour_stream): Likewise.
6527 * arcfour-crypt.c (arcfour_crypt): Likewise.
6529 2004-02-05 Niels Möller <niels@s3.kth.se>
6531 * x86/arcfour-crypt.asm (nettle_arcfour_crypt): Must store the new
6532 i, j at the end of the loop.
6534 * Makefile.am (EXTRA_DIST): Make sure x86 assembler files are
6536 (DISTCLEANFILES): And that the symlinks and .s files are deleted.
6538 * x86/aes-encrypt.asm, x86/aes-decrypt.asm, x86/arcfour-crypt.asm:
6539 Fixed debug information.
6541 * x86/arcfour-crypt.asm: New file. About three times faster than
6542 the optimized C code.
6544 * configure.ac: Use assembler file arcfour-crypt.asm if available.
6546 * arcfour.c (arcfour_crypt): Moved function too...
6547 * arcfour-crypt.c (arcfour_crypt): New file.
6549 * arcfour.c (arcfour_crypt): Optimization suggested by Jonas
6550 Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
6551 probably on other architectures as well.
6553 2004-01-31 Niels Möller <nisse@lysator.liu.se>
6555 * configure.ac (AX_CREATE_STDINT_H): Also look for uint32_t and
6556 friends in sys/types.h.
6558 2004-01-11 Niels Möller <nisse@harpo.hack.org>
6560 * Makefile.am (libnettleinclude_HEADERS): Added bignum.h,
6561 memxor.h, pkcs1.h and rsa-compat.h.
6563 * configure.ac: Bumped version to 1.9.
6565 2004-01-10 Niels Möller <nisse@harpo.hack.org>
6567 * Released nettle-1.8.
6569 * examples/teardown-env: Delete more test files.
6571 * nettle.texinfo (Hash functions): Documented md2 and md4.
6573 * configure.ac (SHLIBMAJOR): Bumped to 2.
6575 2004-01-09 Niels Möller <nisse@harpo.hack.org>
6577 * examples/rsa-encrypt-test: New testcase.
6579 * examples/rsa-encrypt.c, examples/rsa-session.h: Expanded the
6580 comment describing the file format, and moved to rsa-session.h.
6582 * examples/rsa-decrypt.c (process_file): Finished this function.
6583 (main): Initialize x. Check the size of the session key after rsa
6586 * examples/io.c (write_string): Treat short item count as an error.
6588 2004-01-08 Niels Möller <niels@s3.kth.se>
6590 * index.html: Added instructions for CVS access.
6592 * dsa-keygen.c (dsa_nist_gen): Fixed declaration/statement order.
6594 * rsa-keygen.c (bignum_next_prime): Fixed off-by-one error when
6595 comparing input to the largest listed prime. General cleanup, as
6596 prime_limit > 0 always. Use TMP_DECL and TMP_ALLOC.
6598 * nettle-internal.h (TMP_DECL, TMP_ALLOC): New macros. When alloca
6599 is unavailable, they work by allocating a fix amount of stack and
6600 imposing a hard limit on what can be allocated. Updated all users
6603 2004-01-07 Niels Möller <nisse@harpo.hack.org>
6605 * nettle-types.h: New (generated) file, to be used instead of
6606 including <inttypes.h> directly. Updated all users of inttypes.h.
6608 * Makefile.am (DISTCLEANFILES, libnettleinclude_HEADERS): Added
6611 * configure.ac (AX_CREATE_STDINT_H): Create nettle-types.h.
6613 2003-11-16 Niels Möller <nisse@harpo.hack.org>
6615 * yarrow256.c (yarrow256_seed): Use const for the seed_file input.
6617 2003-11-12 Niels Möller <niels@s3.kth.se>
6619 * list-obj-sizes.awk: New function for decoding hex values, with a
6620 new function hex2int. Also implemented calculation of total
6621 storage, removed the dependence on the .comment section, and use
6622 the $FILTER environment variable as a regexp for restricting the
6623 object files that are considered.
6625 2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
6627 * testsuite/rsa-encrypt-test.c (test_main): Don't use gmp_printf,
6628 as it seems it's only available with the newer gmp. Use
6629 mpz_out_str instead.
6631 2003-09-19 Niels Möller <niels@s3.kth.se>
6633 * examples/Makefile.am (EXTRA_DIST): Added rsa-session.h.
6635 * tools/nettle-lfib-stream.c: New tool, which outputs a sequence
6636 of pseudorandom (non-cryptographic) bytes, using Knuth's lagged
6637 fibonacci generator.
6639 * examples/rsa-decrypt.c: Fixes to get the file to compile. It
6642 * examples/Makefile.am (EXTRA_PROGRAMS): Added rsa-encrypt and
6645 * examples/io.c (write_file): New function.
6646 (write_string): Simplified error check, it's no real point in
6647 calling ferror unless we also call fflush.
6649 * examples/rsa-keygen.c (main): Check return value from
6652 * examples/rsa-decrypt.c, examples/rsa-encrypt.c,
6653 examples/rsa-session.h: New files, demonstrating rsa encryption
6656 * configure.ac (RSA_EXAMPLES): Added rsa-encrypt and rsa-decrypt.
6658 2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
6660 * testsuite/testutils.c (print_hex): Use const.
6662 2003-08-30 Niels Möller <niels@s3.kth.se>
6664 * md2.c, md2.h: Added reference to RFC 1319.
6665 * md4.c, md4.h: Added reference to RFC 1320
6667 2003-08-26 Niels Möller <niels@s3.kth.se>
6669 * Makefile.am: Added md2 and md5 files. Deleted the print-path
6672 * configure.ac: Bumped version to 1.8.
6674 * testsuite/testutils.c (test_rsa_set_key_1): New function.
6675 * testsuite/rsa-test.c (test_main): Use it.
6677 * testsuite/dsa-keygen-test.c: Deleted definition of UNUSED, it's
6679 * testsuite/rsa-keygen-test.c: Likewise.
6681 * testsuite/Makefile.am (TS_PROGS): Added rsa-encrypt-test,
6682 md4-test, and md2-test.
6684 * testsuite/rsa-encrypt-test.c, testsuite/md4-test.c,
6685 testsuite/md2-test.c: New test cases.
6687 * nettle-meta.h: Declare nettle_md2 and nettle_md4.
6689 * md5.c: Reorderd functions, putting md5_final at the end.
6691 * md2.c, md2.h, md2-meta.c: New files, implemented md2.
6692 * md4.c, md4.h, md4-meta.c: New files, implemented md4.
6694 2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
6696 * desCode.h (des_keymap, des_bigmap): Deleted extern declarations,
6697 they conficted with the static definition in des.c. Reported by
6700 * des.c (DesSmallFipsEncrypt, DesSmallFipsDecrypt): Moved
6701 definitions after the definition of the des_kemap array.
6703 2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
6705 * rsa-encrypt.c (rsa_encrypt): Bugfix contributed by
6708 2003-06-10 Niels Möller <niels@s3.kth.se>
6710 * Makefile.am (EXTRA_DIST): Distribute sha-example.c.
6712 2003-06-05 Niels Möller <nisse@lysator.liu.se>
6714 * Makefile.am (DISTCLEANFILES): Delete .s files.
6716 2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
6718 * testsuite/symbols-test: And allow symbols that start at the
6719 beginning of the line, as output by AIX nm.
6721 2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
6723 * testsuite/symbols-test: Allow symbols to start with a dot.
6725 2003-05-14 Niels Möller <niels@s3.kth.se>
6727 * pgp.h (enum pgp_subpacket_tag): Copied values from RFC 2440.
6728 Renamed PGP_SUBPACKET_ISSUER to PGP_SUBPACKET_ISSUER_KEY_ID.
6730 2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
6732 * pgp.h: Do proper namemangling for pgp_put_public_rsa_key and
6733 pgp_put_rsa_sha1_signature.
6735 * pgp-encode.c (pgp_put_mpi): Fixed nettle_mpz_get_str_256 call.
6737 2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
6739 * rsa2openpgp.c (rsa_keypair_to_openpgp): Some bugfixes.
6741 * pgp.h (enum pgp_subpacket_tag): New enum. Definition is bogus
6742 and needs to be fixed.
6743 Added forward declarations of structs, and prototypes for
6744 pgp_put_public_rsa_key and pgp_put_rsa_sha1_signature.
6746 * pgp-encode.c (pgp_put_mpi): Take a const mpz_t argument. Gugfix,
6747 use nettle_mpz_get_str_256.
6748 (pgp_put_public_rsa_key, pgp_put_rsa_sha1_signature):
6749 Constification. Some bugfixes.
6751 * Use "config.h", not <config.h>.
6753 * Reordered includes in most or all .c-files. All should now
6756 2003-05-12 Niels Möller <niels@s3.kth.se>
6758 * configure.ac: Use LSH_FUNC_ALLOCA.
6760 2003-04-25 Niels Möller <niels@s3.kth.se>
6762 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha256.c.
6764 * testsuite/hmac-test.c (test_main): Added tests for hmac-sha256,
6765 from draft-ietf-ipsec-ciph-sha-256-01.txt.
6767 * hmac-sha256.c (hmac_sha256_digest): New file.
6769 2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
6771 * sha-example.c (display_hex): Simplified by using printf better.
6773 * nettle.texinfo (Example): Use @verbatiminclude to include the
6776 * sha-example.c: Example program, for inclusion in the manual.
6777 Fixed bugs reported by Mark Arking.
6779 2003-04-14 Niels Möller <niels@s3.kth.se>
6781 * x86/aes-encrypt.asm (nettle_aes_encrypt): Fixed references to
6782 _nettle_aes_encrypt_table.
6783 * x86/aes-decrypt.asm (nettle_aes_decrypt): Fixed references to
6784 _nettle_aes_decrypt_table.
6786 2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
6788 * testsuite/Makefile.am (TS_SH): New test case symbols-test.
6789 (EXTRA_PROGRAMS): Added testutils, as a kludge to
6790 get automake to track dependencies for testutils.o.
6792 * x86/aes-encrypt.asm (nettle_aes_encrypt): Renamed function to
6793 use the nettle_ prefix.
6794 * x86/aes-decrypt.asm (nettle_aes_decrypt): Likewise.
6795 * sparc/aes.asm (_nettle_aes_crypt): Likewise.
6797 * examples/Makefile.am (EXTRA_PROGRAMS): Add "io", as a kludge to
6798 get automake to track dependencies for io.o.
6799 (LDADD): Added ../libnettle.a, for the dependency.
6801 * des-compat.c: Use names with the nettle_ prefix when using
6802 Nettle's des functions.
6804 * base16-meta.c (base16_encode_update): Need to undef before
6807 * New name mangling, to reduce the risk of link collisions. All
6808 functions (except memxor) now use a nettle_ or _nettle prefix when
6809 seen by the linker. For most functions, the header file that
6810 declares a function also use #define to provide a shorter more
6811 readable name without the prefix.
6813 2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
6815 * Released nettle-1.7.
6817 * configure.ac: Bumped version to 1.7.
6819 * nettle.texinfo (DSA): New section.
6820 (RSA): Updated documentation.
6822 2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
6824 * examples/nettle-benchmark.c (time_cipher): Don't use GNU C
6825 non-constant initializers.
6827 2003-02-23 Niels Moller <nisse@carduelis>
6829 * configure.ac: Use LSH_GCC_ATTRIBUTES.
6831 2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
6833 * acinclude.m4: Deleted file from cvs, use a link to lsh's
6834 acinclude.m4 instead.
6836 2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
6838 * Makefile.am (libnettleinclude_HEADERS): Added macros.h.
6840 * tools/Makefile.am (EXTRA_DIST): Added getopt.h.
6842 2003-02-14 Niels Möller <niels@s3.kth.se>
6844 * Makefile.am (print_path): Added target to print the used PATH,
6846 (print-path): Moved dependency to all-local.
6848 2003-02-11 Niels Möller <niels@s3.kth.se>
6850 * buffer.c (nettle_buffer_copy): Bug fix, it didn't return any
6853 2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
6855 * testsuite/sexp-format-test.c (test_main): Added test for %( and
6858 * sexp-format.c (sexp_vformat): Handle %( and %).
6860 * realloc.c (nettle_xrealloc): Fixed out-of-memory check.
6862 * configure.ac (SHLIBMAJOR): Bumped version number to 1.
6864 * buffer.c (nettle_buffer_init_realloc): New function.
6865 * buffer-init.c (nettle_buffer_init): Use nettle_buffer_init_realloc.
6867 2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
6869 * testsuite/sexp-format-test.c (test_main): New test with tokens
6870 in the format string.
6871 (test_main): Test space-searated literals too.
6873 * rsa2sexp.c (rsa_keypair_to_sexp): New argument ALGORITHM_NAME.
6874 * examples/rsa-keygen.c (main): Updated call to rsa_keypair_to_sexp.
6875 * testsuite/rsa2sexp-test.c (test_main): Likewise.
6877 * sexp-format.c (sexp_vformat): Allow whitespace in format string.
6879 * rsa2sexp.c (rsa_keypair_to_sexp): Use literals with sexp_format.
6881 * sexp-format.c (format_string): New function.
6882 (sexp_vformat): Implemented support for literals in the format
6885 2003-02-06 Niels Möller <nisse@lysator.liu.se>
6887 * testsuite/sexp-conv-test (print_raw, print_nl): New functions.
6888 The testfunctions use these instead of using echo directly.
6889 Use the test input '3:"\x' instead of '2:"\', to be friendlier to
6892 2003-02-05 Niels Möller <nisse@lysator.liu.se>
6894 * des-compat.h (des_set_key): Different name mangling, if this
6895 file is included, des_set_key should refer to a function that
6896 behaves like openssl's.
6898 * des-compat.c (des_key_sched, des_is_weak_key): Use the name
6899 nettle_des_set_key for referring to Nettle's function.
6901 * des.h (des_set_key): Name mangling, linker symbols should use a
6902 "nettle_" prefix, and this one collided with openssl. Perhaps all
6903 symbols should be mangled in a similar way, but that's for later.
6905 * configure.ac (LDFLAGS): --with-lib-path should add to LDFLAGS,
6908 2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
6910 * tools/output.c (sexp_put_string): Fixed handling of escapable
6911 characters. The code generated random escape sequences for
6912 characters in the 0x10-0x1f range.
6914 * testsuite/sexp-conv-test: More tests for hex and base64 input
6917 2003-01-30 Niels Möller <niels@s3.kth.se>
6919 * sexp2bignum.c (nettle_mpz_set_sexp): Call sexp_iterator_next on
6920 success. That means the iterator argument can't be const.
6922 2003-01-29 Niels Möller <niels@s3.kth.se>
6924 * tools/Makefile.am (LDADD): Add libnettle.a, for the dependency.
6926 2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
6928 * sexp2dsa.c (dsa_signature_from_sexp): New function.
6930 RSA renaming. Updated all callers.
6931 * rsa-sign.c (rsa_private_key_init, rsa_private_key_clear)
6932 (rsa_private_key_prepare): Renamed functions.
6933 * rsa.c (rsa_public_key_init, rsa_public_key_clear)
6934 (rsa_public_key_prepare): Renamed functions.
6936 2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
6938 * Makefile.am (libnettle_a_SOURCES): Added new rsa and pkcs1
6939 files. Removed old rsa_md5.c and rsa_sha1.c.
6941 * testsuite/Makefile.am (TS_PROGS): Added pkcs1-test.
6943 * dsa-verify.c (dsa_verify_digest): New function.
6944 (dsa_verify): Most of the code moved to dsa_verify_digest, which
6946 * dsa-sign.c (dsa_sign_digest): New function.
6947 (dsa_sign): Most of the code moved to dsa_sign_digest, which is
6949 * dsa.c (_dsa_hash): Deleted function.
6951 * rsa_md5.c, rsa_sha1.c: Deleted files, contents spread over
6952 several files for signing and verification.
6953 * rsa-sign.c, rsa-sha1-verify.c, rsa-sha1-sign.c,
6954 rsa-md5-verify.c, rsa-md5-sign.c: New files.
6956 * rsa-sha1-verify.c (rsa_sha1_verify_digest): New function.
6957 * rsa-sha1-sign.c (rsa_sha1_sign_digest): New function.
6958 * rsa-md5-verify.c (rsa_md5_verify_digest): New function.
6959 * rsa-md5-sign.c (rsa_md5_sign_digest): New function.
6960 * rsa-verify.c (_rsa_verify): New file, new function.
6962 * rsa.c (_rsa_check_size): Renamed from rsa_check_size, and made
6963 non-static. Private key functions moved to rsa-sign.c.
6965 * pkcs1.c, pkcs1.h, pkcs1-rsa-md5.c, pkcs1-rsa-sha1.c: New files.
6966 (pkcs1_signature_prefix): New function.
6968 * testsuite/pkcs1-test.c: New test.
6970 2003-01-22 Niels Möller <niels@s3.kth.se>
6972 * examples/Makefile.am (nettle_benchmark_LDADD): Use
6975 * configure.ac (OPENSSL_LIBFLAGS): If libcrypto is found, add
6976 -lcrypto to OPENSSL_LIBFLAGS, not the plain LDFLAGS.
6978 2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
6980 * testsuite/Makefile.am (CLEANFILES): Delete test.in, test1.out
6983 2003-01-17 Niels Möller <niels@s3.kth.se>
6985 * examples/Makefile.am (AM_CPPFLAGS): Use AM_CPPFLAGS instead of
6987 * testsuite/Makefile.am (AM_CPPFLAGS): Likewise.
6989 2003-01-16 Niels Möller <niels@s3.kth.se>
6991 * testsuite/Makefile.am (check): Can't use quotes around
6994 2003-01-14 Niels Möller <nisse@lysator.liu.se>
6996 * testsuite/Makefile.am (check): Don't use "run-tests" as a
6997 target, as it's confused with the file with the same name.
6999 * .bootstrap: Added missing #! /bin/sh.
7001 2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
7003 * buffer.c (nettle_buffer_reset): New function.
7004 (nettle_buffer_copy): New function.
7006 * tools/input.c, tools/input.h, tools/output.c, tools/output.h,
7007 tools/parse.c, tools/parse.h, tools/misc.c, tools/misc.h: Moved
7008 parts ov sexp-conv.c to separate files
7010 * tools/sexp-conv.c (sexp_convert_list): Inlined into
7013 * tools/sexp-conv.c (struct sexp_input): Deleted string attribute.
7014 Changed all related functions to take a struct nettle_buffer *
7016 (struct sexp_compound_token): New struct.
7017 (sexp_compound_token_init, sexp_compound_token_clear): New
7019 (struct sexp_parser): Added a struct sexp_compound_token
7020 attribute, as a temporary measure.
7021 (sexp_parse): Take a struct sexp_compound_token * as argument.
7022 Updated all callers. Simplified handling of display types and
7025 * tools/sexp-conv.c (struct sexp_parser): Renamed struct (was
7026 struct sexp_parse_state). Added input pointer. Updated users to
7027 not pass around both parser and input.
7028 (sexp_check_token): handle token == 0.
7029 (sexp_parse): Simplified a little by calling sexp_check_token
7032 * tools/sexp-conv.c (sexp_convert_string): Deleted function.
7033 (sexp_skip_token): Likewise.
7035 * tools/sexp-conv.c (enum sexp_token): New constant SEXP_DISPLAY.
7036 Start constants from 1, to keep 0 free for special uses.
7037 (struct sexp_parse_state): New struct for keeping track of parser
7039 (sexp_parse_init): New function.
7040 (sexp_check_token): New function, replacing sexp_skip_token.
7041 (sexp_parse): New function.
7042 (sexp_convert_item): Simplified by using sexp_parse.
7043 (sexp_convert_list): Use sexp_parse.
7046 2003-01-08 Niels Möller <niels@s3.kth.se>
7048 * tools/sexp-conv.c (parse_options): Initialize prefer_hex.
7050 2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
7052 * Makefile.am (des_headers): Refer to the desdata binary using
7055 2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
7057 * testsuite/sexp-conv-test: New tests for hex and base64 literal
7060 * tools/sexp-conv.c (sexp_put_string): Print binary strings using
7061 either hex or base 64 (in advanced mode).
7062 (parse_options): Implemented -s hex, for output using hex rather
7065 2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
7067 * testsuite/rsa2sexp-test.c: Don't include rsa.h (done by
7068 testutils.h, if enabled).
7069 * testsuite/sexp2rsa-test.c: Likewise.
7071 * rsa-decrypt.c: Make compilation conditional on WITH_PUBLIC_KEY.
7072 * rsa-encrypt.c: Likewise.
7073 * rsa-compat.c: Likewise.
7075 2002-12-04 Niels Möller <niels@s3.kth.se>
7077 * testsuite/Makefile.am (LDADD): Added path to ../libnettle.a,
7078 which is redundant except for the dependency.
7080 2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
7082 * testsuite/sexp-format-test.c (test_main): Use %0s instead of %z.
7085 * sexp-format.c (format_length_string): Deleted function.
7086 (format_string): Deleted function.
7087 (sexp_vformat): New %t specifier, formatting an optional display
7088 type. Deleted %z specifier. Instead, introduced a new modifier "0"
7089 that can be used with %s, %l and %t, which says that the data is
7092 * rsa2sexp.c (rsa_keypair_to_sexp): Use %0s rather than %z, when
7093 formatting s-expressions.
7095 * buffer.c (nettle_buffer_grow): Fixed assertion.
7097 2002-11-22 Niels Möller <niels@s3.kth.se>
7099 * buffer.c: Include assert.h.
7101 2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
7103 * testsuite/testutils.c (print_hex): Add line breaks.
7105 * Makefile.am (libnettleinclude_HEADERS): Added realloc.h.
7106 (libnettle_a_SOURCES): Added buffer-init.c and realloc.c.
7108 * sexp.c (sexp_iterator_exit_lists): New function, #if:ed out for
7111 * desdata.c: Include config.h, to get definition of UNUSED.
7112 * shadata.c: Likewise.
7114 * buffer.c (nettle_buffer_grow): New function, replacing
7116 (nettle_buffer_clear): Rewritten to use buffer->realloc.
7118 * buffer.h (struct nettle_buffer): Replaced the GROW function
7119 pointer with a nettle_realloc_func pointer and a
7121 (NETTLE_BUFFER_GROW): Deleted macro, use function instead.
7123 * buffer-init.c (nettle_buffer_init): Moved to a separate file.
7125 * realloc.c (nettle_realloc): New function.
7126 (nettle_xrealloc): New function.
7128 * realloc.h (nettle_realloc_func): New typedef.
7130 * configure.ac: Check for gcc:s __attribute__.
7132 2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
7134 * sexp2dsa.c, sexp2rsa.c: (macro GET): Check sign of parsed
7137 * sexp2bignum.c (nettle_mpz_set_sexp): In the first check against
7138 limit, added some margin to allow for sign octets.
7140 2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
7142 * testsuite/testutils.h (LDATA): Use sizeof instead of strlen. Now
7143 handles strings including NUL-characters. But works only with
7144 literals and character arrays, no char pointers.
7145 (LLENGTH): New macro, computing length the same way as LDATA.
7147 * testsuite/sexp-test.c (test_main): Test sexp_iterator_get_uint32.
7149 * testsuite/sexp-format-test.c (test_main): Check that %i and %b
7150 generate leading zeroes when needed. Check that %b handles
7153 * testsuite/rsa2sexp-test.c (test_main): Updated test, one leading
7154 zero is needed in the private key expression. In verbose mode,
7155 print the generated keys.
7157 * testsuite/sexp2rsa-test.c (test_main): Added a leading zero in
7158 the private key expression.
7160 * testsuite/bignum-test.c (test_bignum): Use
7161 nettle_mpz_init_set_str_256_s.
7162 (test_size): New function.
7163 (test_main): Test size computation and formatting of negative
7166 * sexp2bignum.c (nettle_mpz_set_sexp): Use
7167 nettle_mpz_set_str_256_s, to handle negative numbers correctly.
7169 * sexp-format.c (sexp_vformat): For %i, output a leading zero when
7170 needed to get a correct, positive, sign. For %b, use
7171 nettle_mpz_sizeinbase_256_s, to handle negative numbers properly.
7173 * bignum.c (nettle_mpz_sizeinbase_256_s): New function.
7174 (nettle_mpz_sizeinbase_256_u): New name, was
7175 nettle_mpz_sizeinbase_256. Updated all callers.
7176 (nettle_mpz_to_octets): New function.
7177 (nettle_mpz_get_str_256): Handle negative numbers.
7178 (nettle_mpz_from_octets): New function.
7179 (nettle_mpz_set_str_256_u): New name, was nettle_mpz_set_str_256.
7180 (nettle_mpz_init_set_str_256_u): New name, was
7181 nettle_mpz_init_set_str_256.
7182 (nettle_mpz_set_str_256_s): New function, handling negative two's
7184 (nettle_mpz_init_set_str_256_s): And an init variant.
7186 * sexp.c (sexp_iterator_get_uint32): New function.
7188 2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
7190 * testsuite/sexp-conv-test: Use input files without any trailing
7191 newline character, in order to stress the end of file handling.
7193 * tools/sexp-conv.c (sexp_get_token_string): Fixed end of file
7195 (sexp_get_string): Fixed end of encoding/end of file handling.
7196 (parse_options): Check for negative width and complain.
7198 * tools/sexp-conv.c: Use supplied getopt.
7199 (werror): New function.
7200 (sexp_output_hash_init): New function.
7201 (sexp_put_char): Made base64 linebreaking configurable.
7202 Implemented hashing.
7203 (sexp_put_code_start, sexp_put_code_end): Don't output any
7205 (sexp_put_string): Output base64 delimiters.
7206 (sexp_put_digest): New function.
7207 (sexp_convert_item): Output transport delimiters.
7208 (sexp_convert_file): Deleted function, folded with main.
7209 (parse_options): New function.
7210 (main): Implemented --hash and --once, needed by lsh-authorize.
7212 * sexp.h (struct sexp_iterator): New field start.
7214 * sexp.c (sexp_iterator_subexpr): New function.
7215 (sexp_iterator_parse): Initialize ITERATOR->start.
7217 * sexp-format.c (sexp_vformat): Abort if format string contains
7218 unhandled characters.
7220 2002-11-08 Niels Möller <niels@s3.kth.se>
7222 * des-compat.c (des_ecb3_encrypt): Don't use struct initialization
7223 (c89 doesn't allow non-constant initializers). Reported by James
7225 (des_ede3_cbc_encrypt): Likewise.
7227 * examples/nettle-openssl.c: Moved from the top-level directory.
7228 Should *not* be included in the nettle library.
7230 2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
7232 * testsuite/testutils.c (test_dsa_key): Bugfix for renamed DSA
7233 constant (noted by James Ralston).
7235 2002-11-07 Niels Möller <niels@s3.kth.se>
7237 * testsuite/run-tests: Copied new version rom lsh/src/testsuite.
7238 This version handles test scripts located in $srcdir.
7240 * examples/Makefile.am (AM_CFLAGS): We need -I$(top_srcdir).
7241 * tools/Makefile.am (AM_CFLAGS): Likewise.
7242 * testsuite/Makefile.am (AM_CFLAGS): Likewise.
7244 2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
7246 * Makefile.am (SUBDIRS): Added tools.
7247 (libnettle_a_SOURCES): Added sexp-transport-format.c,
7248 sexp2bignum.c, sexp2dsa.c.
7250 * sexp2dsa.c (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp):
7251 New file, new functions.
7253 * rsa2sexp.c (rsa_keypair_to_sexp): %s -> %z renaming.
7255 * sexp-transport.c (sexp_transport_iterator_first): Fixed bug,
7256 length was mishandled.
7258 * sexp-transport-format.c (sexp_transport_format,
7259 sexp_transport_vformat): New file, new functions.
7261 * sexp-format.c (sexp_format): Return length of output. Allow
7262 buffer == NULL, and only compute the needed length in this case.
7263 Renamed %s to %z. New format specifiers %s, %i, and %l.
7264 (sexp_vformat): New function.
7265 (format_prefix): Rewrote to not use snprintf.
7267 * sexp2rsa.c (rsa_keypair_from_sexp): New limit argument. Use
7268 nettle_mpz_set_sexp.
7270 * dsa-keygen.c (dsa_generate_keypair): Added some newlines to
7271 progress display. Use DSA_P_MIN_BITS.
7273 * dsa.h (DSA_MIN_P_BITS): New constant (was DSA_MINIMUM_BITS).
7274 (DSA_Q_OCTETS, DSA_Q_BITS): New constants.
7275 (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp): New
7278 * configure.ac: Output tools/Makefile.
7280 * sexp2bignum.c (nettle_mpz_set_sexp): New file, and new function.
7281 Moved from sexp2rsa.c:get_value.
7283 * examples/io.c (read_rsa_key): New limit argument in
7284 call of rsa_keypair_from_sexp_alist.
7286 * examples/Makefile.am (noinst_PROGRAMS): Removed sexp-conv.
7288 * tools/sexp-conv.c: Moved file from examples directory.
7290 * testsuite/Makefile.am (TS_SH): New variable. Added
7293 * testsuite/testutils.h (LDUP): New macro.
7295 * testsuite/sexp2rsa-test.c (test_main): New limit argument in
7296 call of rsa_keypair_from_sexp_alist.
7298 * testsuite/sexp-test.c (test_main): Added test for lengths with
7299 more than one digit. Added tests for transport mode decoding.
7301 * testsuite/sexp-format-test.c (test_main): Added tests for %i and
7304 * testsuite/sexp-conv-test: Moved test from examples directory.
7305 Updated path to sexp-conv, now in ../tools/sexp-conv.
7307 2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
7309 * sexp-format.c, sexp_format.c: Renamed sexp_format.c to
7311 * Makefile.am (libnettle_a_SOURCES): Renamed sexp_format.c to
7314 * examples/Makefile.am: Don't set CFLAGS or CPPFLAGS explicitly,
7315 let automake handle that.
7316 * testsuite/Makefile.am: Likewise.
7318 * sexp2rsa.c (rsa_keypair_from_sexp_alist): New function.
7319 (rsa_keypair_from_sexp): Use it.
7321 2002-11-01 Niels Möller <niels@s3.kth.se>
7323 * examples/Makefile.am (LDADD): Use -lnettle, instead of an
7324 explicit filename libnettle.a, so that we will use the shared
7325 library, if it exists.
7326 (AM_LDFLAGS): Added -L.., so we can find -lnettle.
7327 (run-tests): Set LD_LIBRARY_PATH to ../.lib, when running the
7329 * testsuite/Makefile.am: Similar changes.
7331 * Makefile.am (LIBOBJS): Put @LIBOBJS@ into the make variable
7333 (CLEANFILES): Delete libnettle.so.
7334 (clean-local): Delete the .lib linkfarm.
7335 ($(SHLIBFORLINK)): When building libnettle.so, create a link from
7336 .lib/$SHLIBSONAME. Needed at runtime, for the testsuite.
7338 2002-11-01 Niels Möller <nisse@lysator.liu.se>
7340 * configure.ac: Fixed definitions using SHLIBMAJOR and SHLIBMINOR.
7341 Also AC_SUBST SHLIBMAJOR and SHLIBMINOR. Reported by James
7344 2002-10-31 Niels Möller <niels@s3.kth.se>
7346 * examples/sexp-conv.c(sexp_put_list_start): Deleted function.
7347 (sexp_put_list_end): Likewise.
7348 (sexp_put_display_start): Likewise.
7349 (sexp_put_display_end): Likewise.
7350 (sexp_puts): Likewise.
7352 * examples/sexp-conv.c (sexp_get_quoted_string): Deleted function.
7353 Merged with sexp_get_String.
7354 (sexp_get_hex_string): Likewise.
7355 (sexp_get_base64_string): Likewise.
7356 (sexp_get_string): Do hex and base64 decoding.
7358 * examples/sexp-conv.c (enum sexp_char_type): New enum, for end
7359 markers in the input strem.
7360 (struct sexp_input): Deleted LEVEL attribute. Deleted all usage of
7362 (sexp_get_raw_char): Use INPUT->c and INPUT->ctype to store
7363 results. Deleted OUT argument.
7364 (sexp_get_char): Likewise. Also removed the
7365 INPUT->coding->decode_final call, for symmetry.
7366 (sexp_input_end_coding): Call INPUT->coding->decode_final.
7367 (sexp_next_char): New function.
7368 (sexp_push_char): New function.
7369 (sexp_get_token_char): Deleted function.
7370 (sexp_get_quoted_char): Simplified. Deleted output argument.
7371 (sexp_get_quoted_string): Simplified.
7372 (sexp_get_base64_string): Likewise.
7373 (sexp_get_token_string): Likewise.
7374 (sexp_get_string_length): Skip the character that terminates the
7376 (sexp_get_token): Cleared upp calling conventions. Always consume
7377 the final character of the token.
7378 (sexp_convert_list): Take responsibility for converting the start
7379 and end of the list.
7380 (sexp_convert_file): Call sexp_get_char first, to get the token
7382 (sexp_convert_item): Cleared up calling conventions. Should be
7383 called with INPUT->token being the first token of the expression,
7384 and returns with INPUT->token being the final token of the
7385 expression. Return value changed to void..
7387 * examples/sexp-conv-test: Added test for transport mode input.
7389 * examples/sexp-conv.c (sexp_get_char): Use the nettle_armor
7390 interface for decoding.
7391 (sexp_input_start_coding): New function.
7392 (sexp_input_end_coding): New function.
7393 (sexp_get_base64_string): Rewrote to use sexp_input_start_coding
7394 and sexp_input_end_coding.
7395 (sexp_get_token): Generate SEXP_TRANSPORT_START tokens.
7396 (sexp_convert_list): Lists are ended only by SEXP_LIST_END.
7397 (sexp_convert_item): Implemented transport mode, using
7398 sexp_input_start_coding and sexp_input_end_coding.
7400 2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
7402 * Makefile.am: Added base16 files.
7404 * examples/sexp-conv-test: New tests for transport output.
7406 * examples/sexp-conv.c: Deleted hex functions, moved to Nettle's
7408 (struct sexp_output): Represent the current encoding as a
7409 nettle_armor pointer and a state struct.
7410 (sexp_output_init): Deleted MODE argument. Now passed to functions
7412 (sexp_get_char): Updated to new base64 conventions.
7413 (sexp_get_base64_string): Likewise.
7414 (sexp_put_raw_char): New function.
7415 (sexp_put_newline): Use sexp_put_raw_char.
7416 (sexp_put_char): Use nettle_armor interface for encoding data.
7417 Use OUTPUT->coding_indent for line breaking, so the INDENT
7418 argument was deleted.
7419 (sexp_put_code_start): New function, replacing sexp_put_base64_start.
7420 (sexp_put_code_end): New function, replacing sexp_put_base64_end.
7421 (sexp_put_data): Deleted argument INDENT.
7422 (sexp_puts): Likewise.
7423 (sexp_put_length): Likewise.
7424 (sexp_put_list_start): Likewise.
7425 (sexp_put_list_end): Likewise.
7426 (sexp_put_display_start): Likewise.
7427 (sexp_put_display_end): Likewise.
7428 (sexp_put_string): Likewise. Also changed base64 handling.
7429 (sexp_convert_string): Deleted argument INDENT. New argument
7431 (sexp_convert_list): New argument MODE_OUT.
7432 (sexp_convert_file): Likewise.
7433 (sexp_convert_item): Likewise. Also handle output in transport
7435 (match_argument): Simple string comparison.
7436 (main): Adapted to above changes.
7438 * testsuite/testutils.c (test_armor): Allocate a larger buffer
7439 CHECK, to make decode_update happy. Updated to new base64
7442 * testsuite/base64-test.c (test_main): Fixed overlap test to not
7443 change the base64 before decoding. Updated to new base64
7446 * testsuite/Makefile.am (TS_PROGS): Added base16-test.
7448 * testsuite/base16-test.c: New test.
7450 * sexp-transport.c (sexp_transport_iterator_first): Updated to new
7451 conventions for base64_decode_update and base64_decode_final.
7453 * nettle-meta.h: Updated ascii armor declarations. New declaration
7456 * base64-decode.c (base64_decode_single): Return -1 on error.
7457 Also keep track of the number of padding characters ('=') seen.
7458 (base64_decode_update): New argument dst_length. Return -1 on error.
7459 (base64_decode_status): Renamed function...
7460 (base64_decode_final): ... to this.
7462 * base64.h (struct base64_decode_ctx): Deleted STATUS attribute.
7463 Added PADDING attribute.
7465 * base16.h, base16-encode.c, base16-decode.c, base16-meta.c: New
7468 2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
7470 * examples/sexp-conv.c (struct hex_decode_ctx): New hex decoding
7472 (sexp_get_raw_char): New function.
7473 (sexp_get_char): Use sexp_get_raw_char.
7475 2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
7477 * examples/sexp-conv.c (sexp_put_length): Bugfix, don't output any
7479 (main): Implemented -s option.
7481 * examples/sexp-conv-test: Test for echo -n vs echo '\c'. Added a
7482 few tests for canonical output.
7484 2002-10-25 Niels Möller <niels@s3.kth.se>
7486 * examples/sexp-conv.c (struct sexp_input): Deleted the mode from
7487 the state, that should be passed as argument to relevant
7488 functions. Instead, introduces enum sexp_coding, to say if base64
7489 coding is in effect.
7490 (struct sexp_output): Added coding attribute.
7491 (sexp_put_char): Use output->coding.
7492 (sexp_put_base64_start): Likewise.
7493 (sexp_put_base64_end): Likewise.
7495 * base64-decode.c (base64_decode_single): Simplified, got rid of
7498 2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
7500 * examples/sexp-conv.c (sexp_put_newline): Return void, die on
7502 (sexp_put_char, sexp_put_data, sexp_puts, sexp_put_length,
7503 sexp_put_base64_start, sexp_put_base64_end, sexp_put_string,
7504 sexp_put_list_start, sexp_put_list_end, sexp_put_display_start,
7505 sexp_put_display_end, sexp_convert_string, sexp_convert_list,
7506 sexp_skip_token): Likewise.
7507 (sexp_convert_item): Die on error.
7509 2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
7511 * examples/sexp-conv-test: Doesn't need echo -n anymore.
7513 * examples/sexp-conv.c (die): New function.
7514 (struct sexp_input): Deleted field ITEM.
7515 (sexp_get_char): Die on failure, never return -1.
7516 (sexp_get_quoted_char): Likewise.
7517 (sexp_get_quoted_string): Die on failure, no returned value.
7518 (sexp_get_base64_string): Likewise.
7519 (sexp_get_token_string): Likewise.
7520 (sexp_get_string): Likewise.
7521 (sexp_get_string_length): Likewise.
7522 (sexp_get_token): Likewise.
7523 (sexp_convert_string): Adapted to sexp_get_token.
7524 (sexp_convert_list): Likewise.
7525 (sexp_convert_file): New function.
7526 (main): Use sexp_convert_file.
7528 2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
7530 * examples/Makefile.am (TS_PROGS): Added sexp-conv-test.
7532 * examples/sexp-conv.c (sexp_input_init): Initialize input->string
7534 (sexp_get_char): Fixed non-transport case.
7535 (sexp_get_quoted_char): Fixed default case.
7536 (sexp_get_token): Loop over sexp_get_char (needed for handling of
7537 white space). Don't modify input->level. Fixed the code that skips
7539 (sexp_put_char): Fixed off-by-one bug in assertion.
7540 (sexp_put_string): Fixed escape handling for output of quoted
7542 (sexp_convert_list): Prettier output, hanging indent after the
7544 (sexp_skip_token): New function.
7545 (sexp_convert_item): Use sexp_skip_token to skip the end of a
7548 2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
7550 * examples/sexp-conv-test: New test program.
7552 * examples/Makefile.am (noinst_PROGRAMS): Added sexp-conv.
7554 * examples/sexp-conv.c (sexp_convert_list): New function.
7555 (sexp_convert_item): New function.
7556 (main): New function. Compiles and runs now, but doesn't work.
7558 * base64-decode.c (base64_decode_single): New function.
7559 (base64_decode_update): Use base64_decode_single.
7561 * examples/sexp-conv.c: Added output functions.
7563 2002-10-21 Pontus Sköld <pont@soua.net>
7565 * base64-encode.c (base64_encode_raw): Fixed null statement
7566 amongst variable declarations, broke compilation for non C99
7569 2002-10-21 Niels Möller <nisse@lysator.liu.se>
7571 * examples/sexp-conv.c: New sexp conversion program.
7573 2002-10-21 Niels Möller <niels@s3.kth.se>
7575 * Makefile.am (libnettle_a_SOURCES): Added
7576 sexp-format-transport.c.
7578 * sexp-transport.c (sexp_transport_iterator_first): New file and
7580 * sexp.h (sexp_transport_iterator_first): Added protoype.
7582 * sexp.c (sexp_iterator_next): Abort if iterator type is boogus.
7584 2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
7586 * testsuite/testutils.c (test_armor): Updated to new armor
7589 * testsuite/base64-test.c (test_main): Test BASE64_ENCODE_LENGTH
7590 and BASE64_DECODE_LENGTH. Updated test of base64_encode_raw (used
7591 to be base64_encode).
7593 * base64.h (BASE64_ENCODE_LENGTH, BASE64_DECODE_LENGTH): Fixed and
7596 * base64-meta.c (base64_encode_length, base64_decode_length): New
7597 functions, corresponding to the macros with the same name.
7599 * Makefile.am (libnettle_a_SOURCES): base64.c replaced by
7600 base64-encode.c and base64-decode.c.
7602 * pgp-encode.c (pgp_armor): Use new base64 conventions.
7604 * nettle-meta.h: Updated nettle_armor definitions.
7606 * base64.h: Major reorganization.
7608 * base64.c: Deleted file, contents moved to base64-encode.c or
7611 * base64-encode.c: New file. New supporting both encode-at-once
7612 and streamed operation.
7614 * base64-decode.c: New file.
7616 2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
7618 * testsuite/Makefile.am (TS_PROGS): Added dsa-keygen-test.
7620 * dsa-keygen.c: Call the progress callback only if it's non-NULL.
7622 * Makefile.am (libnettle_a_SOURCES): Added bignum-random.c and
7625 * testsuite/testutils.c (test_dsa_key): New function to sanity
7626 check a dsa keypair.
7628 * testsuite/dsa-test.c (test_main): Call dsa_test_key.
7630 * testsuite/dsa-keygen-test.c: New test case.
7632 * dsa.h (DSA_MINIMUM_BITS): New constant.
7634 * bignum.h (nettle_mpz_random, nettle_mpz_random_size): Added
7637 * dsa-keygen.c: New file.
7639 * bignum-random.c: New file.
7640 (nettle_mpz_random): New function, moved from...
7641 * dsa-sign.c (nettle_mpz_random): ... here. Also changed argument
7642 ordering and updated callers.
7644 * bignum-random.c: (nettle_mpz_random_size): New function, renamed
7645 and moved here from...
7646 * rsa-keygen.c (bignum_random_size): ... here. Updated all
7649 * testsuite/testutils.c (test_dsa): Needs both public and private
7652 * testsuite/dsa-test.c (test_main): Updated to changes of the
7655 * testsuite/Makefile.am (TS_PROGS): Added dsa-test.
7657 * rsa-decrypt.c (rsa_decrypt): Constification.
7658 * rsa-encrypt.c (rsa_encrypt): Likewise.
7659 * rsa.c (rsa_compute_root): Likewise.
7660 * rsa_md5.c (rsa_md5_sign): Likewise.
7661 (rsa_md5_verify): Likewise.
7662 * rsa_sha1.c (rsa_sha1_sign): Likewise.
7663 (rsa_sha1_verify): Likewise.
7665 * dsa-verify.c (dsa_verify): Use const for the public key
7668 * dsa-sign.c (dsa_sign): Needs the public key as argument, in
7669 addition to the private key. Use const.
7671 * dsa.h (struct dsa_private_key): Don't include the public
7673 * dsa.c (dsa_private_key_init, dsa_private_key_clear): Updated to
7674 new struct dsa_private_key.
7676 * dsa-sign.c (dsa_sign): Bugfix, added missing mpz_init call.
7678 * Makefile.am (libnettle_a_SOURCES): Added dsa files.
7679 (libnettleinclude_HEADERS): Added dsa.h.
7681 * testsuite/testutils.c (test_dsa): New function.
7683 * testsuite/dsa-test.c: New test.
7685 * dsa.h, dsa.c, dsa-sign.c, dsa-verify.c: New files.
7687 * nettle-meta.h: Moved the nettle_random_func and
7688 nettle_progress_func typedefs here...
7689 * rsa.h: ... from here.
7691 2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
7693 * sexp.h (enum sexp_type): Deleted SEXP_START.
7695 * sexp.c (sexp_iterator_parse): New function, similar to the old
7696 sexp_iterator_next, but independent of the previous value of the
7698 (sexp_iterator_first): Use sexp_iterator_parse.
7699 (sexp_iterator_next): Likewise.
7700 (sexp_iterator_enter_list): Use sexp_iterator_parse. SEXP_START
7702 (sexp_iterator_exit_list): Likewise.
7704 2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
7706 * sexp2rsa.c (get_value): No need to call sexp_iterator_next
7709 * sexp.c (sexp_iterator_assoc): Advance the iterator to the
7710 element after a matching tag, before recording it.
7711 * testsuite/sexp-test.c (test_main): Updated test.
7713 * testsuite/sexp-test.c (test_main): No need to call
7714 sexp_iterator_next after sexp_iterator_exit_list.
7716 * sexp2rsa.c (rsa_keypair_from_sexp): No need to call
7717 sexp_iterator_next anymore.
7719 * sexp.c (sexp_iterator_next): Updated to new sexp_iterator_exit_list.
7720 (sexp_iterator_exit_list): Return with iterator pointing to the
7721 element after the list.
7722 (sexp_iterator_check_type): Call sexp_iterator_next before
7724 (sexp_iterator_check_types): Likewise.
7725 (sexp_iterator_assoc): Rearranged calls of sexp_iterator_next.
7727 * sexp.c (sexp_iterator_enter_list): Call sexp_iterator_next to
7728 get to the first element of the list. Updated callers.
7730 * base64.c (base64_encode_group): New function, used by openpgp
7733 * Makefile.am: Added openpgp files.
7735 * sexp2rsa.c (rsa_keypair_from_sexp): Use sexp_iterator_first.
7736 * testsuite/sexp-test.c (test_main): Likewise.
7738 * sexp.c (sexp_iterator_init): Made this function static.
7739 (sexp_iterator_first): New, friendlier, initialization function.
7741 * pgp-encode.c: New file. Functions for writing openpgp data
7744 * pgp.h: New file, with pgp related declarations.
7746 * rsa2openpgp.c (rsa_keypair_to_openpgp): New file, new function.
7748 2002-10-04 Niels Möller <niels@s3.kth.se>
7750 * examples/rsa-keygen.c: Use malloc, instead of asprintf.
7752 2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
7754 * Released nettle-1.6.
7756 * NEWS: Note the aes api change.
7758 * examples/Makefile.am (EXTRA_DIST): Distribute setup-env and
7761 2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
7763 * examples/rsa-keygen.c (main): Comment on the lax security of the
7766 * index.html: Added link to mailing list.
7768 2002-10-02 Niels Möller <niels@s3.kth.se>
7770 * Makefile.am: Fixed assembler rules, and shared libraries.
7772 * configure.ac: Fixed the enable-shared option.
7774 2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
7776 * configure.ac: New option --enable-shared, and a first attempt at
7777 building a shared library (*without* using libtool).
7779 * Makefile.am: A first attempt at rules for building a shared
7782 2002-10-01 Niels Möller <niels@s3.kth.se>
7784 * examples/run-tests (test_program): Use basename.
7786 * examples/teardown-env: Delete some more files.
7788 * examples/run-tests (test_program): Strip directory part of
7791 * examples/Makefile.am (TS_PROGS): New variable. Run tests.
7793 * examples/io.c (read_file): Bug fix, used to overwrite pointer.
7795 * examples/rsa-keygen.c (main): Bug fix, private key wasn't
7798 * testsuite/Makefile.am: Some cleanup of make check.
7800 * examples/setup-env, examples/teardown-env: Test environment scripts.
7801 * examples/rsa-verify-test, examples/rsa-sign-test: New test cases.
7803 * examples/run-tests: New file (copied from lsh testsuite).
7805 * examples/Makefile.am: Use EXTRA_PROGRAMS and @RSA_EXAMPLES@.
7807 * examples/rsa-sign.c: No need to include config.h. Use werror
7809 * examples/rsa-verify.c: Likewise.
7810 * examples/rsa-keygen.c: Likewise.
7812 * examples/io.h: Forward declare struct rsa_public_key and struct
7813 rsa_private_key, to avoid dependences on config.h.
7815 * configure.ac (RSA_EXAMPLES): New substituted variable,
7816 controlling which example programs to build.
7818 * examples/rsa-verify.c: New example program.
7820 * examples/rsa-keygen.c: Use functions from io.c.
7821 * examples/rsa-sign.c: Likewise.
7823 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-verify.
7824 (LDADD): Added io.o.
7826 * configure.ac: New define WITH_PUBLIC_KEY, and new configure flag
7827 --disable-public-key. Updated rsa-files to check for that, rather
7828 than for HAVE_LIBGMP.
7830 * examples/io.c, examples/io.c: New files. Miscellaneous functions
7831 used by the example programs.
7833 * base64.h (BASE64_DECODE_LENGTH): Comment fix.
7835 2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
7837 * sexp2rsa.c (rsa_keypair_from_sexp): Bugfix: Call
7838 rsa_prepare_public_key and rsa_prepare_private_key.
7840 * examples/Makefile.am (noinst_PROGRAMS): Added rsa-sign.
7842 * examples/rsa-sign.c: New example program.
7844 * testsuite/base64-test.c (test_main): Test encoding and decoding
7847 * base64.c (base64_encode): Encode from the end of the data
7848 towards the start, in order to support overlapping areas.
7849 (base64_encode): Broke out some common code from the switch..
7851 2002-09-30 Niels Möller <niels@s3.kth.se>
7853 * sexp_format.c (sexp_format): Don't mix code and declarations.
7855 2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
7857 * testsuite/Makefile.am (TS_PROGS): Added buffer-test
7858 sexp-format-test rsa2sexp-test sexp2rsa-test.
7861 * testsuite/sexp-test.c (test_main): Updated calls to
7862 sexp_iterator_assoc.
7864 * testsuite/testutils.h (MEMEQH): New macro.
7866 * testsuite/sexp2rsa-test.c: New test.
7867 * testsuite/sexp-format-test.c: New test.
7868 * testsuite/rsa2sexp-test.c: New test.
7869 * testsuite/buffer-test.c: New test.
7871 * testsuite/testutils.c (test_rsa_key): Copied this function
7873 testsuite/rsa-keygen-test.c: ... here.
7875 * examples/rsa-keygen.c: New file.
7877 * Makefile.am: Added new source files and headers buffer.h,
7878 buffer.c, sexp_format.c, sexp2rsa.c, rsa2sexp.c.
7880 * rsa.h (rsa_keypair_to_sexp, rsa_keypair_from_sexp): New
7883 * rsa2sexp.c, sexp2rsa.c: New files.
7885 * sexp.c (sexp_iterator_assoc): Don't enter the list, associate
7886 keys within the current list. Still exit the list when done.
7887 (sexp_iterator_assoc): Represent keys as plain NUL-terminated
7889 (sexp_iterator_check_type, sexp_iterator_check_types): New
7892 * sexp_format.c: New file, implementing an sexp canonical syntax
7895 * buffer.c, buffer.h: New files, implementing a bare-bones string
7898 * bignum.c (nettle_mpz_sizeinbase_256): New function.
7900 2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
7902 * sexp.c (sexp_iterator_assoc): Return 0 for missing or duplicate
7903 keys. Now passes all the tests.
7905 * sexp.c (sexp_iterator_simple): Bugfixes. Check earlier that
7906 length doesn't grow too large.
7907 (sexp_iterator_next): Skip the current list only if type is
7908 SEXP_LIST. Handle ')'.
7909 (sexp_iterator_enter_list): Set type to SEXP_START.
7910 (sexp_iterator_exit_list): Likewise. Don't skip the ')' here.
7911 (sexp_iterator_assoc): Bug fix.
7913 * testsuite/sexp-test.c (test_main): Reordered sexp_iterator_assoc
7916 * nettle.texinfo (Randomness): Documented that yarrow256_init can
7917 be called with a zero number of sources.
7919 * testsuite/testutils.h (ASSERT): New macro.
7921 * testsuite/sexp-test.c: Test sexp parser.
7923 * Makefile.am (SUBDIRS): Added sexp files.
7925 * sexp.c, sexp.h: New files, implementing an sexp-parser.
7927 2002-08-27 Niels Möller <niels@s3.kth.se>
7929 * Makefile.am (DISTCLEANFILES): make distclean should delete the
7930 assembler-related symlinks.
7932 2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
7934 * Makefile.am (%.o: %.asm): Create an empty (and unused)
7935 dependency file, to make the make/automake dependency tracking
7938 2002-07-18 Niels Möller <niels@s3.kth.se>
7940 * examples/nettle-benchmark.c (main): Try openssl's ciphers as
7943 * Makefile.am (libnettle_a_SOURCES): Added nettle-openssl.c.
7945 * nettle-openssl.c: New file.
7947 * nettle-internal.h: Declare openssl glue ciphers.
7949 * des-compat.h: Extra name-mangling, to avoid collisions in case a
7950 program links with both nettle and libcrypto (the nettle-benchmark
7953 * configure.ac: Don't use -ggdb3 with gcc-2.96.
7954 Check for openssl's libcrypto (for benchmarking).
7956 2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
7958 * sparc/aes.asm: Deleted registers i and t3.
7959 (_aes_crypt): Moved some registers around. We now use input
7960 registers only for arguments, local registers for loop invariants,
7961 output registers for temporaries and loop variables, and no global
7964 * sparc/aes.asm (AES_FINAL_ROUND): New macro.
7965 (_aes_crypt): Use AES_FINAL_ROUND for the first word of the final
7967 (_aes_crypt): And for the rest of the final round.
7968 (AES_FINAL_ROUND): Don't update dst, just access it offseted by i.
7969 (_aes_crypt): Add 16 to dst at the end of the final round.
7970 (AES_ROUND): Use ldub, not ld + and, to get the third byte
7972 (AES_ROUND): Use ldub, not lduh + and, to get the second
7974 (AES_ROUND): Reordered instructions, so that we can save one
7976 (AES_ROUND): Eliminated use of t3.
7977 (AES_FINAL_ROUND): Eliminated ands.
7978 (AES_FINAL_ROUND): Reordered, so that we can save one register.
7979 (AES_FINAL_ROUND): Eliminated t3.
7980 (AES_LOAD): New macro.
7981 (_aes_crypt): Unrolled source loop.
7982 (_aes_crypt): Use AES_LOAD macro.
7983 (_aes_crypt): Deleted cruft from the old source loop.
7984 (AES_LOAD): Eliminated t3.
7986 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
7988 * sparc/aes.asm (AES_ROUND): New macro.
7989 (_aes_crypt): Use AES_ROUND for first word of the
7991 (_aes_crypt): And for the rest of the round function.
7993 * sparc/aes.asm (_aes_crypt): Deleted a bunch of additions,
7994 after accessing IDX1.
7996 * aes-internal.h (struct aes_table): sparc_idx[0] should now
7997 contain index values shifted by the size of a word, and with 2
7998 added. This saves some additions in the sparc assembler code.
7999 Updates aes-encrypt-table.c and aes-decrypt-table.c.
8001 * sparc/aes.asm (_aes_crypt): Unrolled final loop, preparing for
8003 (_aes_crypt): Eliminated i from forst copy of the loop. Some
8005 (_aes_crypt): And from second copy.
8006 (_aes_crypt): And from third.
8007 (_aes_crypt): And fourth.
8008 (_aes_crypt): Eliminated updates of i from the loop.
8009 (_aes_crypt): Access IDX1 and IDX3 through the T pointer, saving
8012 * aes-internal.h (struct aes_table): Renamed the shift_idx field
8013 to sparc_idx, as it will be tweaked to improve the sparc code.
8014 Also reduced its size to [2][4].
8015 (IDX_FACTOR): Deleted constant.
8016 * aes-encrypt-table.c (_aes_encrypt_table): Adapted initializer of
8018 * aes-decrypt-table.c (_aes_decrypt_table): Likewise.
8019 * asm.m4: Deleted AES_SIDX2, to match struct aes_table.
8021 * sparc/aes.asm (_aes_crypt): Unrolled the inner loop, preparing
8022 for optimizations suggested by Marcus Comstedt.
8023 (_aes_crypt): Eliminated i from the first copy of the inner loop.
8024 (_aes_crypt): And from the second copy.
8025 (_aes_crypt): And from the third copy.
8026 (_aes_crypt): And from the fourth copy.
8027 (_aes_crypt): Renamed .Linner_loop to .Lround_loop.
8028 (_aes_crypt): Eliminated the loop variable i from the unrolled
8030 (_aes_crypt): Deleted moves of constants into t2.
8032 2002-05-15 Niels Möller <niels@s3.kth.se>
8034 * x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
8035 * x86/aes-decrypt.asm (aes_decrypt): Likewise.
8036 (aes_decrypt): Use AES_STORE.
8037 (aes_decrypt): Deleted first xchgl instruction into, permuting the
8038 AES_ROUND calls instead.
8039 (aes_decrypt): Likewise for the final round.
8040 (aes_decrypt): Got rid if the xchgl instruction after the final
8041 round, folding it into the final round.
8043 * x86/machine.m4: Renamed AES_LAST_ROUND to AES_FINAL_ROUND.
8046 * x86/aes-decrypt.asm (aes_decrypt): Use the AES_LOAD macro.
8047 (aes_decrypt): Start using AES_ROUND.
8048 (aes_decrypt): Use AES_LAST_ROUND.
8050 * x86/aes-decrypt.asm (aes_decrypt): Moved function to a separate
8052 * x86/aes.asm: ... from here.
8054 * x86/aes.asm (aes_decrypt): Use _aes_decrypt_table instead of
8055 itbl1-4. Commented out the inclusion of aes_tables.asm.
8056 (aes_decrypt): Use _aes_decrypt_table instead of isbox.
8059 * x86/aes-decrypt.asm: New file, empty at the start.
8061 * Makefile.am (libnettle_a_SOURCES): Added aes-decrypt-table.c.
8063 * aes-decrypt.c (_aes_decrypt_table): Moved from this file...
8064 * aes-decrypt-table.c (_aes_decrypt_table): ... to a new file.
8066 * testsuite/aes-test.out: New file, with the output of
8067 testsuite/aes-test, when aes.c has been compiled with debugging
8068 printouts of intermediate state.
8070 2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
8072 * sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
8073 make %fp available for other uses.
8075 * sparc/aes.asm: The frame setup was broken. Tried to fix it.
8076 Reverted to revision 1.70 + minor changes from the head revision.
8078 * x86/aes-encrypt.asm (aes_encrypt): Use test instead of cmpl $0,.
8080 * x86/machine.m4 (AES_SUBST_BYTE): New macro.
8082 * sparc/aes.asm: wtxt needs no register of it's own, as its
8083 pointed to by %sp. %g5 moved to %l0, the register previously
8084 allocated for wtxt, so that we stay clean of the reserved %g
8087 2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
8089 * sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
8090 operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
8091 (_aes_crypt): Allocate only 32 bytes local storage on the stack.
8092 Calculate wtxt and tmp using offsets from %sp, not %fp.
8094 2002-05-14 Niels Möller <niels@s3.kth.se>
8096 * x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
8097 round function with an invocation of AES_ROUND.
8098 (aes_encrypt): Similarly for the second column.
8099 (aes_encrypt): Similarly for the rest of the round function.
8101 * x86/machine.m4 (AES_ROUND): New macro.
8103 * x86/aes-encrypt.asm (aes_encrypt): Use AES_LOAD macro.
8105 * x86/machine.m4 (AES_LOAD): New macro.
8107 * x86/aes-encrypt.asm (aes_encrypt): Use AES_STORE.
8109 * x86/machine.m4 (AES_STORE): New macro.
8111 * x86/aes-encrypt.asm (aes_encrypt): Use the AES_LAST_ROUND macro
8112 for the first column of the final round.
8113 (aes_encrypt): Similarly for the second column.
8114 (aes_encrypt): Similarly for the third and fourth column.
8116 (aes_encrypt): Deleted xchgl instruction in final round, by
8117 reordering the second and fourth round.
8119 * x86/machine.m4 (AES_LAST_ROUND): New macro.
8121 * x86/aes-encrypt.asm (aes_encrypt): Move code here...
8122 * x86/aes.asm: ...from here.
8124 * x86/aes.asm: Use addl and subl, not add and sub. Replaced
8125 references to dtbl1-4 with references to _aes_encrypt_table.
8127 * configure.ac (asm_path): Enable x86 assembler.
8129 * x86/aes.asm (aes_decrypt): Adapted to the current interface.
8130 Notably, the order of the subkeys was reversed. Single block
8131 encrypt/decrypt works now.
8132 (aes_encrypt, aes_decrypt): Added an outer loop, so that we can
8133 encrypt more than one block at a time.
8135 2002-05-07 Niels Möller <niels@s3.kth.se>
8137 * configure.ac: Generate config.m4.
8139 * x86/aes.asm: Use C for comments, include the tables using
8140 include_src, and commented out the key setup functions.
8141 Fixed the processing of the first handling of the round function.
8142 Now, encryption of a single block works! Multiple blocks, and
8143 decryption, is still broken.
8145 * x86/machine.m4: New file (empty).
8147 * x86/aes-encrypt.asm: New file, empty for now.
8149 * Makefile.am (%.asm): Added asm.m4, machine.m4 and config.m4 to
8150 the m4 command line.
8151 (libnettle_a_SOURCES): Added aes-encrypt-table.c.
8153 * sparc/aes.asm: No need to include asm.m4, that is taken care of
8156 * config.m4.in: New file, configuration for asm.m4.
8158 * asm.m4 (C, include_src): New macros.
8160 * aes-encrypt-table.c: New file, table moved out from
8163 2002-05-06 Niels Möller <niels@s3.kth.se>
8165 * configure.ac (CFLAGS): Don't enable -Waggregate-return.
8167 2002-05-05 Niels Möller <nisse@lysator.liu.se>
8169 * configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
8171 2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
8173 * configure.ac: Update for automake-1.6.
8175 * configure.ac: Renamed file, used to be configure.in.
8177 2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
8179 * testsuite/run-tests (test_program): Added missing single quote.
8181 2002-03-20 Niels Möller <nisse@lysator.liu.se>
8183 * testsuite/run-tests (test_program): Test the exit status of the
8186 2002-03-19 Pontus Sköld <pont@it.uu.se>
8188 * testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
8190 2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
8192 * rsa-keygen.c (rsa_generate_keypair): Output a newline after a
8193 non-empty line of 'e':s (bad e was chosen, try again).
8195 2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
8197 * configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
8200 2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
8202 * sparc/aes.asm, x86/aes.asm: Added copyright notice.
8204 * Makefile.am (libnettle_a_SOURCES): Added aes-internal.h.
8205 (EXTRA_DIST): Added assembler files.
8207 * configure.in (asm_path): Use $srcdir when looking for the files.
8208 * configure.in (asm_path): For now, disable x86 assembler code.
8209 Bumped version to 1.6.
8211 2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
8213 * sparc/aes.asm (_aes_crypt): Moved increment of src into the
8214 source_loop. Also fixed stop condition, the loop was run 5 times,
8215 not 4, as it should.
8216 (_aes_crypt): Use src directly when accessing the source data,
8218 (_aes_crypt): Renamed variables in source_loop.
8219 (_aes_crypt): Changed stop condition in source_loop to not depend
8220 on i. Finally reduced the source_loop to 16 instructions. Also
8221 increased the alignment of the code to 16.
8222 (_aes_crypt): In final_loop, use preshifted indices.
8223 (_aes_crypt): In final_loop, construct the result in t0. Use t0-t3
8224 for intermediate values.
8225 (_aes_crypt): In final_loop, use the register idx.
8226 (_aes_crypt): In final_loop, keep i multiplied by 4. Use key to
8227 get to the current roundkey.
8228 (_aes_crypt): In final_loop, use i for indexing.
8229 (_aes_crypt): Update dst in the output loop. This yields a delay
8230 slot that isn't filled yet.
8231 (_aes_crypt): Decrement round when looping, saving yet some
8233 (_aes_crypt): Reformatted code as blocks of four instructions
8235 (_aes_crypt): Copy the addresses of the indexing tables into
8236 registers at the start. No more need for the idx register.
8237 (_aes_crypt): Deleted idx register.
8238 (_aes_crypt): Some peep hole optimizations, duplicating some
8239 instructions to fill nop:s, and put branch instructions on even
8242 2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
8244 * sparc/aes.asm (_aes_crypt): Moved some more additions out of the
8245 inner loop, using additional registers.
8246 (_aes_crypt): Deleted one more addition from the inner loop, by
8247 using the subkey pointer.
8249 2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
8251 * configure.in (asm_path): Renamed "path" to "asm_path". Also look
8254 2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
8256 * sparc/aes.asm: Use that IDX2(j) == j ^ 2
8258 * Makefile.am (libnettle_a_SOURCES): Reordered aes-decrypt.c and
8259 aes-encrypt.c. For some strange reason it makes the benchmark go
8262 * sparc/aes.asm (_aes_crypt): Use double-buffering, and no
8263 separate loop for adding the round key.
8264 (round): Keep round index muliplied by 16, so it can be used
8265 directly for indexing the subkeys.
8266 (_aes_crypt): In the final loop, use ctx+round to access the
8267 subkeys, no need for an extra register.
8269 2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
8271 * sparc/aes.asm (_aes_crypt): Renaming variables, allocating
8272 locals starting from %l0.
8273 (_aes_crypt): Consistently use %l4, aka i, as the variable for the
8275 (_aes_crypt): Moved reading of ctx->nrounds out of the loop.
8276 (_aes_crypt): In final_loop, deleted a redundant mov, and use i as
8278 (_aes_crypt): Started renumbering registers in the inner loop. The
8279 computation for the table[j] sub-expression should be kept in
8281 (_aes_crypt): Renamed more variables in the inner loop. Now the
8282 primary variables are t0, t1, t2, t3.
8284 * sparc/aes.asm (_aes_crypt): Swapped register %i0 and %o5, %i1
8285 and %o0, %i2 and %o4, %i3 and %o3, %i4 and %o2.
8286 (_aes_crypt): wtxt was stored in both %l1 and %l2 for the entire
8287 function. Freed %l2 for other uses.
8288 (_aes_crypt): Likewise for tmp, freeing register %o1.
8290 * sparc/machine.m4: New file, for sparc-specific macros.
8292 * sparc/aes.asm (_aes_crypt): Hacked the source_loop, to get rid
8293 of yet another redundant loop variable, and one instruction.
8294 (_aes_crypt): Strength reduce loop variable in the
8295 inner loop, getting rid of one register.
8296 (_aes_crypt): Use pre-shifted indices (aes_table.idx_shift), to
8297 avoid some shifts in the inner loop.
8298 (_aes_crypt): Don't check for nrounds==0 at the start of the loop.
8300 * asm.m4: Define and use structure-defining macros.
8302 * Makefile.am (%.asm): Use a GNU pattern rule, to make %.o depend
8303 on both %.asm and asm.m4.
8305 * aes-internal.h (struct aes_table): New subtable idx_shift.
8306 Updated tables in aes_encrypt.c and aes_decrypt.c.
8308 * asm.m4: Use eval to compute values.
8310 * sparc/aes.asm (_aes_crypt): Deleted commented out old version of
8313 * asm.m4: Added constants for individual rows of the aes table.
8315 * aes.c (IDX0, IDX1, IDX2, IDX3): New macros, encapsualting the
8316 structure of the idx table.
8318 * asm.m4: Define various aes struct offsets.
8320 * testsuite/cbc-test.c (test_cbc_bulk): Use aes_set_encrypt_key
8321 and aes_set_decrypt_key.
8323 * sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
8326 2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
8328 * sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
8330 * aesdata.c: New program for generating AES-related tables.
8332 * testsuite/testutils.c (print_hex): New function (moved from
8335 * testsuite/rsa-keygen-test.c (progress): Declare the ctx argument
8338 * testsuite/cbc-test.c (test_cbc_bulk): New function, testing CBC
8341 * yarrow256.c: Replaced uses of aes_set_key with
8342 aes_set_encrypt_key.
8344 * nettle-meta.h (_NETTLE_CIPHER_SEP): New macro, useful for
8345 algorithms with separate encyption and decryption key setup.
8347 * aes-internal.h (struct aes_table): New structure, including all
8348 constant tables needed by the unified encryption or decryption
8349 function _aes_crypt.
8351 * aes.c (_aes_crypt): New function, which unifies encryption and
8354 AES key setup now uses two separate functions for setting
8355 encryption and decryption keys. Applications that don't do
8356 decryption need no inverted subkeys and no code to generate them.
8357 Similarly, the tables (about 4K each for encryption and
8358 decryption), are put into separate files.
8360 * aes.h (struct aes_ctx): Deleted space for inverse subkeys. For
8361 decryption, the inverse subkeys replace the normal subkeys, and
8362 they are stored _in the order they are used_.
8364 * aes-set-key.c (aes_set_key): Deleted file, code moved...
8365 * aes-set-decrypt-key.c, aes-set-encrypt-key.c: New files,
8366 separated normal and inverse key setup.
8368 * aes-tables.c: Deleted, tables moved elsewhere...
8369 * aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
8370 decryption funktions, and needed tables, into separate files.
8372 2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
8374 * aes.c (aes_encrypt): Don't unroll the innerloop.
8375 (aes_encrypt): Don't unroll the loop for the final round.
8376 (aes_decrypt): Likewise, no loop unrolling.
8378 * aes-set-key.c (aes_set_key): Reversed the order of the inverted
8379 subkeys. They are now stored in the same order as they are used.
8381 * aes-tables.c (itable): New bigger table, generated by aesdata.c.
8383 * aes.c (aes_decrypt): Rewrote to use the bigger tables.
8385 2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
8387 * aes.c (aes_encrypt): Interleave computation and output in the
8390 * aes-internal.h (AES_SMALL): New macro.
8392 * aes.c (aes_encrypt): Optionally use smaller rotating inner loop.
8394 * aes-tables.c (dtbl): Replaced with table generated by aesdata.
8396 * aes.c (aes_encrypt): Rewrite, now uses larger tables in order to
8399 * sparc/aes.asm (aes_encrypt): Strength reduced on j, getting rid
8400 of one register and one instruction in the inner loop.
8402 * sparc/aes.asm (idx, aes_encrypt): Multiplied tabled values by 4,
8403 making it possible to get rid of some shifts in the inner loop.
8405 * configure.in: Fixed spelling of --enable-assembler. Commented
8408 * asm.m4: New file. For now, only doing changequote and changecom.
8410 * sparc/aes.asm (aes_encrypt): Added comments.
8411 (aes_encrypt): Cut off redundant instruction per block, also
8412 saving one redundant register pointing to idx.
8413 (idx_row): New macro. Include asm.m4.
8415 2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
8417 * sparc/aes.asm (key_addition_8to32): Cleaned up.
8418 Deleted gcc-generated debugging information.
8420 * sparc/aes.asm (key_addition32): First attempt at optimization.
8423 * sparc/aes.asm (key_addition32): Unrolled loop, gained 4%
8424 speed, payed four instructions compared to gcc
8427 * Makefile.am (.asm.o): New rule for assembling via m4.
8428 (libnettle_a_SOURCES): Added new rsa and aes files.
8430 * configure.in: New command line option --enable-assembler.
8431 Selects assembler code depending on the host system.
8433 * rsa-decrypt.c, rsa-encrypt.c: New files for rsa pkcs#1
8436 * aes-set-key.c, aes-tables.c: New files, split off from aes.c.
8437 Tables are now not static, but use a _aes_ prefix on their names.
8439 * aes-internal.h: New file.
8441 * cast128-meta.c (_NETTLE_CIPHER_FIX): Use _NETTLE_CIPHER_FIX.
8443 * cbc.c (cbc_decrypt_internal): New function, doing the real CBC
8444 procesing and requiring that src != dst.
8445 (cbc_decrypt): Use cbc_decrypt_internal. If src == dst, use a
8446 buffer of limited size to copy the ciphertext.
8448 * nettle-internal.c (nettle_blowfish128): Fixed definition, with
8451 * nettle-meta.h (_NETTLE_CIPHER_FIX): New macro, suitable for
8452 ciphers with a fixed key size.
8454 * examples/nettle-benchmark.c (display): New function for
8455 displaying the results, including MB/s figures.
8457 * sparc/aes.asm: New file. Not yet tuned in any way (it's just the
8458 code generated by gcc).
8460 2002-02-11 Niels Möller <nisse@lysator.liu.se>
8462 * x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
8465 2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
8467 Applied patch from Dan Egnor improving the base64 code.
8468 * base64.h (BASE64_ENCODE_LENGTH): New macro.
8469 (struct base64_ctx): New context struct, for decoding.
8470 (BASE64_DECODE_LENGTH): New macro.
8471 * base64.c (base64_decode_init): New function.
8472 (base64_decode_update): New function, replacing base64_decode.
8473 Takes a struct base64_ctx argument.
8474 * nettle-meta.h: Updated nettle_armor, and related typedefs and
8476 * testsuite/testutils.c (test_armor): Updated.
8477 * configure.in: Use AC_PREREQ(2.50).
8479 2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
8481 * Released nettle-1.5.
8483 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
8485 * acinclude.m4: Commented out gmp-related macros, they're probably
8488 2002-01-31 Niels Möller <nisse@lysator.liu.se>
8490 * configure.in: Added command line options --with-lib-path and
8491 --with-include-path. Use the RPATH-macros to get correct flags for
8492 linking the test programs with gmp.
8494 * acinclude.m4: New file.
8496 2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
8498 * nettle.texinfo (Randomness): New subsection on Yarrow.
8500 2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
8502 * nettle.texinfo (Randomness): New chapter.
8503 Spell checking and ispell configuration.
8505 * md5.c: Added reference to RFC 1321.
8507 2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
8509 * nettle.texinfo (Public-key algorithms): Minor fixes.
8511 2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
8513 * nettle.texinfo (Nettle soup): New chapter.
8514 (Hash functions): New subsection on struct nettle_hash.
8515 (Hash functions): New subsection on struct nettle_cipher.
8516 (Keyed hash functions): New section, describing MAC:s and HMAC.
8517 (Public-key algorithms): New chapter.
8519 * testsuite/testutils.c (test_armor): New function.
8521 * testsuite/base64-test.c: New testcase.
8523 * testsuite/Makefile.am (TS_PROGS): Added base64-test.
8525 * nettle-meta.h (struct nettle_armor): New struct.
8527 * configure.in: Bumped version to 1.5.
8529 * Makefile.am (libnettle_a_SOURCES): Added base64 files, and some
8530 missing header files.
8532 * base64.c, base64.h, base64-meta.c: New files, hacked by Dan
8535 2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
8537 * testsuite/yarrow-test.c: Deleted ran_array code, use
8538 knuth-lfib.h instead.
8540 * testsuite/testutils.c (test_rsa_md5, test_rsa_sha1): Moved
8542 * testsuite/rsa-test.c: ...from here.
8544 * testsuite/rsa-keygen-test.c: New file.
8546 * testsuite/knuth-lfib-test.c: New file.
8548 * Makefile.am (libnettle_a_SOURCES): Added knuth-lfib.c and
8551 * rsa-keygen.c: New file.
8553 * rsa.h (RSA_MINIMUM_N_OCTETS): New constant.
8554 (RSA_MINIMUM_N_BITS): New constant.
8555 (nettle_random_func, nettle_progress_func): New typedefs. Perhaps
8556 they don't really belong in this file.
8557 (rsa_generate_keypair): Added progress-callback argument.
8559 * macros.h (READ_UINT24, WRITE_UINT24, READ_UINT16, WRITE_UINT16):
8562 * knuth-lfib.c, knuth-lfib.h: New files, implementing a
8563 non-cryptographic prng.
8565 2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
8567 * hmac-sha1.c: New file.
8569 2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
8571 * configure.in: Bumped version to 1.1.
8573 * testsuite/hmac-test.c (test_main): Added hmac-sha1 test cases.
8575 * rsa.c (rsa_init_private_key, rsa_clear_private_key): Handle d.
8577 * rsa.h (struct rsa_private_key): Reintroduced d attribute, to be
8578 used only for key generation output.
8579 (rsa_generate_keypair): Wrote a prototype.
8581 * Makefile.am (libnettle_a_SOURCES): Added hmac-sha1.c and
8584 * des.c: Use static const for all tables.
8585 (des_set_key): Use a new const * variable for the parity
8586 procesing, for constness reasons.
8588 * list-obj-sizes.awk: New file.
8590 * nettle-internal.c, nettle-internal.h: New files.
8592 * testsuite/Makefile.am (TS_PROGS): Added hmac-test. Deleted old
8595 * testsuite/testutils.h (LDATA): Moved this macro here,...
8596 * testsuite/rsa-test.c: ... from here.
8598 * testsuite/hmac-test.c: New file.
8600 * hmac.h: General cleanup. Added declarations of hmac-md5,
8601 hmac-sha1 and hmac-sha256.
8603 * hmac.c: Bug fixes.
8605 * hmac-md5.c: First working version.
8607 * Makefile.am (libnettle_a_SOURCES): Added hmac.c and hmac-md5.c.
8608 (libnettleinclude_HEADERS): Added hmac.h.
8610 * testsuite/rsa-test.c: Also test a 777-bit key.
8612 * rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated
8614 (rsa_prepare_private_key): Compute the size of the key by
8615 computing n = p * q.
8617 * rsa-compat.c: Adapted to new private key struct.
8618 * rsa_md5.c: Likesize.
8619 * rsa_sha1.c: Likesize.
8621 * rsa.c (rsa_check_size): New function, for computing and checking
8622 the size of the modulo in octets.
8623 (rsa_prepare_public_key): Usa rsa_check_size.
8624 (rsa_init_private_key): Removed code handling n, e and d.
8625 (rsa_clear_private_key): Likewise.
8626 (rsa_compute_root): Always use CRT.
8628 * rsa.h (struct rsa_private_key): Deleted public key and d from
8629 the struct, as they are not needed. Added size attribute.
8631 2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
8633 * Makefile.am: Added *-meta files.
8635 * rsa.c (rsa_init_public_key): New function.
8636 (rsa_clear_public_key): Likewise.
8637 (rsa_init_private_key): Likewise.
8638 (rsa_clear_private_key): Likewise.
8640 * aes-meta.c: New file.
8641 * arcfour-meta.c: New file.
8642 * cast128-meta.c: New file.
8643 * serpent-meta.c: New file.
8644 * twofish-meta.c: New file.
8646 * examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
8648 2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
8650 Don't use m4 for generating test programs, it's way overkill. Use
8651 the C preprocessor instead.
8652 * testsuite/*-test.c: New file.
8654 * hmac.c, hmac.h, hmac-md5.c: New files.
8656 Defined structures describing the algoriths. Useful for code that
8657 wants to treat an algorithm as a black box.
8658 * nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
8661 2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
8663 * rsa-compat.c: Updated for new md5 and rsa conventions.
8665 * rsa_md5.c: Represent a signature as an mpz_t, not a string.
8666 Updated calls of md5 functions.
8667 * rsa_sha1.c: Likewise.
8669 * rsa.c (rsa_prepare_public_key): Renamed function, was
8670 rsa_init_public_key.
8671 (rsa_prepare_private_key): Renamed function, was
8672 rsa_init_private_key.
8674 * nettle.texinfo (Hash functions): Update for the changed
8675 interface without *_final. Document sha256.
8677 * testsuite/md5-test.m4, testsuite/sha1-test.m4,
8678 testsuite/sha256-test.m4, testsuite/yarrow-test.c: Updated for new
8679 hash function interface.
8681 * yarrow256.c: Removed calls of sha256_final and and some calls of
8684 * md5-compat.c (MD5Final): Call only md5_digest.
8686 * md5.c (md5_digest): Call md5_final and md5_init.
8687 (md5_final): Declared static.
8688 sha1.c, sha256.c: Analogous changes.
8690 * bignum.c (nettle_mpz_get_str_256): Declare the input argument
8693 2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
8695 * Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
8696 dependencies for $(des_headers) to depend only on the source file
8697 desdata.c, not on the executable.
8699 2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
8701 * testsuite/yarrow-test.c (main): Updated testcase to match fixed
8702 generator. Send verbose output to stdout, not stderr.
8704 * yarrow256.c (yarrow_slow_reseed): Bug fix, update the fast pool
8705 with the digest of the slow pool.
8706 (yarrow256_init): Initialize seed_file and counter to zero, to
8709 2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
8711 * bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
8714 2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
8716 * testsuite/yarrow-test.c (main): Updated test to match the fixed
8717 key event estimator.
8719 * yarrow_key_event.c (yarrow_key_event_estimate): Fixed handling
8722 * nettle.texinfo (Copyright): Say that under certain
8723 circumstances, Nettle can be used as if under the LGPL.
8725 * README: Added a paragraph on copyright.
8727 2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
8729 * yarrow256.c (yarrow256_force_reseed): New function.
8731 2001-11-14 Niels Möller <nisse@ehand.com>
8733 * testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
8735 * yarrow256.c (yarrow256_needed_sources): New function.
8736 (yarrow256_is_seeded): New function.
8737 (yarrow256_update): Use yarrow256_needed_sources.
8739 2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
8741 * testsuite/yarrow-test.out: Updated, to match the seed-file aware
8744 * testsuite/yarrow-test.c: Updated expected_output. Check the seed
8745 file contents at the end.
8747 * yarrow256.c (yarrow256_seed): New function.
8748 (yarrow_fast_reseed): Create new seed file contents.
8750 2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
8752 * yarrow.h: Deleted yarrow160 declarations.
8754 2001-11-02 Niels Möller <nisse@ehand.com>
8756 * yarrow256.c (yarrow256_init): Fixed order of code and
8759 2001-10-30 Niels Möller <nisse@ehand.com>
8761 * rsa-compat.h: Added real prototypes and declarations.
8763 * Makefile.am (libnettle_a_SOURCES): Added rsa-compat.h and
8766 * rsa-compat.c: New file, implementing RSA ref signature and
8767 verification functions.
8769 * configure.in: Check for libgmp. Deleted tests for SIZEOF_INT and
8772 * rsa_sha1.c: New file, PKCS#1 rsa-sha1 signatures.
8773 * rsa_md5.c: New file, PKCS#1 rsa-md5 signatures.
8775 * rsa.c: New file with general rsa functions.
8777 * Makefile.am (libnettle_a_SOURCES): Added rsa and bignum files.
8779 * bignum.c, bignum.h: New file, with base256 functions missing in
8782 * testsuite/Makefile.am: Added bignum-test.
8784 * testsuite/run-tests (test_program): Check the exit code more
8785 carefully, and treat 77 as skip. This convention was borrowed from
8788 * testsuite/macros.m4: New macro SKIP which exits with code 77.
8790 * testsuite/bignum-test.m4: New file.
8792 2001-10-15 Niels Möller <nisse@ehand.com>
8794 * testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
8797 2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
8799 * testsuite/des-test.m4: Added testcase taken from applied
8802 * testsuite/yarrow-test.c: Use sha256 instead of sha1 for checking
8803 input and output. Updated the expected values.
8805 * yarrow256.c (YARROW_RESEED_ITERATIONS): New constant.
8806 (yarrow_iterate): New function.
8807 (yarrow_fast_reseed): Call yarrow_iterate.
8809 * testsuite/yarrow-test.c: Added verbose flag, disabled by
8812 2001-10-12 Niels Möller <nisse@ehand.com>
8814 * examples/nettle-benchmark.c: Added more ciphers.
8816 * Makefile.am (SUBDIRS): Added the examples subdir.
8818 * configure.in: Output examples/Makefile.
8820 2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
8822 * examples/nettle-benchmark.c: New benchmarking program.
8824 2001-10-10 Niels Möller <nisse@ehand.com>
8826 * testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
8827 output, and compare to expected values.
8829 * testsuite/Makefile.am (CFLAGS): Don't disable optimization.
8830 (run-tests): Set srcdir in the environment when running run-tests.
8832 * testsuite/rfc1750.txt: Added this rfc as test input for yarrow.
8834 * yarrow_key_event.c (yarrow_key_event_estimate): Check if
8836 (yarrow_key_event_init): Initialize previous to zero.
8838 * yarrow256.c: Added debug some output.
8840 * testsuite/yarrow-test.c (main): Better output of entropy
8841 estimates at the end.
8843 2001-10-09 Niels Möller <nisse@ehand.com>
8845 * testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
8847 * testsuite/yarrow-test.c: New file.
8849 * yarrow256.c (yarrow256_init): Initialize the sources.
8850 (yarrow256_random): Fixed loop condition.
8852 * yarrow.h (YARROW_KEY_EVENT_BUFFER): New constant.
8854 * yarrow_key_event.c: New file.
8856 * Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
8858 2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
8860 * yarrow.h (struct yarrow_key_event_ctx): New struct.
8862 * yarrow256.c (yarrow_fast_reseed): Generate two block of output
8863 using the old key and feed into the pool.
8865 * yarrow.h (struct yarrow256_ctx): Deleted buffer, index and
8868 * yarrow256.c (yarrow_fast_reseed): New function.
8869 (yarrow_slow_reseed): New function.
8870 (yarrow256_update): Check seed/reseed thresholds.
8871 (yarrow_gate): New function, extracted from
8872 yarrow_generate_block_with_gate which was deleted.
8873 (yarrow_generate_block_with_gate): Deleted function.
8874 (yarrow256_random): Don't buffer any output, instead gate after
8876 (YARROW_GATE_THRESHOLD): Deleted constant.
8878 2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
8880 * Makefile.am: Added yarrow files.
8882 * yarrow256.c: New file, implementing Yarrow. Work in progress.
8884 * sha256.c: New file, implementing sha256.
8886 * testsuite/Makefile.am (CFLAGS): Added sha256-test.
8888 * testsuite/sha256-test.m4: New testcases for sha256.
8890 * shadata.c: New file, for generating sha256 constants.
8892 * sha.h: Renamed sha1.h to sha.h, and added declarations for
8895 2001-10-05 Niels Möller <nisse@ehand.com>
8897 * testsuite/aes-test.m4: Added a comment with NIST test vectors.
8899 2001-10-04 Niels Möller <nisse@ehand.com>
8901 * rsa.h, rsa-compat.h, yarrow.h: New files.
8903 2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
8905 * Released version 1.0.
8907 2001-09-25 Niels Möller <nisse@ehand.com>
8909 * sha1.c: Include stdlib.h, for abort.
8911 * md5.c: Include string.h, for memcpy.
8913 * testsuite/Makefile.am (M4_FILES): New variable. Explicitly list
8914 those C source files that should be generated by m4.
8916 * configure.in: Changed package name from "libnettle" to "nettle".
8918 * Makefile.am (EXTRA_DIST): Added .bootstrap.
8920 * AUTHORS: Added a reference to the manual.
8922 2001-09-25 Niels Möller <nisse@lysator.liu.se>
8924 * des-compat.c (des_cbc_cksum): Bug fix, local variable was
8925 declared in the middle of a block.
8927 2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
8929 * nettle.texinfo (Compatibility functions): New section,
8930 mentioning md5-compat.h and des-compat.h.
8932 2001-09-18 Niels Möller <nisse@ehand.com>
8934 * index.html: New file.
8936 2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
8938 * nettle.texinfo: Added description of des3. Minor fixes.
8940 * testsuite/des-compat-test.c (cbc_data): Shorten to 32 bytes (4
8941 blocks), the last block of zeroes wasn't used anyway.
8943 * des-compat.c (des_compat_des3_decrypt): Decrypt in the right
8945 (des_ncbc_encrypt): Bug fixed.
8946 (des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
8948 2001-09-14 Niels Möller <nisse@ehand.com>
8950 * testsuite/des-compat-test.c: New file, copied from libdes
8951 (freeswan). All implemented functions but des_cbc_cksum seems to
8954 * testsuite/Makefile.am (TS_PROGS): Added des-compat-test.
8956 * des-compat.c: Added libdes typedef:s. Had to remove all use of
8957 const in the process.
8958 (des_check_key): New global variable, checked by des_set_key.
8960 * des.c (des_set_key): Go on and expand the key even if it is
8963 * des-compat.c (des_cbc_cksum): Implemented.
8964 (des_key_sched): Fixed return values.
8966 2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
8968 * Makefile.am: Added des-compat.c and des-compat.h
8970 * des-compat.c: Bugfixes, more functions implemented.
8972 * des-compat.h: Define DES_ENCRYPT and DES_DECRYPT. Bugfixes.
8974 2001-09-10 Niels Möller <nisse@ehand.com>
8976 * nettle.texinfo (Copyright): Added copyright information for
8978 (Miscellaneous functions): Started writing documentation on the CBC
8980 (Cipher Block Chaining): This section more or less complete now.
8982 2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
8984 * testsuite/cbc-test.m4: Record intermediate values in a comment.
8985 * testsuite/des3-test.m4: Likewise.
8987 * testsuite/aes-test.m4: Added test case that appeared broken in
8990 * cbc.c (cbc_encrypt): Bug fix, encrypt block *after* XOR:ing the
8993 * Makefile.am (libnettleinclude_HEADERS): Added cbc.h. Deleted
8995 (libnettle_a_SOURCES): Added des3.c.
8997 * testsuite/Makefile.am (TS_PROGS): Added des3-test and cbc-test.
8999 * testsuite/cbc-test.m4: New testcase.
9001 * testsuite/des3-test.m4: New testcase.
9003 * cbc.h (CBC_CTX): New macro.
9004 (CBC_ENCRYPT): New macro.
9005 (CBC_DECRYPT): New macro.
9007 * des.c (des_fix_parity): New function.
9009 * des3.c: New file, implementing triple des.
9011 2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
9013 * cbc.c, cbc.h: New files, for general CBC encryption.
9015 * des-compat.h: Added some prototypes.
9017 2001-09-05 Niels Möller <nisse@ehand.com>
9019 * testsuite/Makefile.am (TS_PROGS): Added md5-compat-test.
9021 * README: Copied introduction from the manual.
9023 * configure.in: Bumped version to 1.0.
9025 * Makefile.am (libnettleinclude_HEADERS): Added missing includes.
9026 (libnettle_a_SOURCES): Added md5-compat.c and md5-compat.h.
9028 * md5-compat.c, md5-compat.h: New files, implementing an RFC
9029 1321-style interface.
9031 2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
9033 * twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
9034 Spotted by Jean-Pierre.
9035 (twofish_encrypt): Likewise.
9037 2001-07-03 Niels Möller <nisse@ehand.com>
9039 * testsuite/testutils.c: Include string.h.
9041 * twofish.c: Include string.h.
9043 2001-06-17 Niels Möller <nisse@lysator.liu.se>
9045 * Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
9046 seems to break with GNU make 3.79.1.
9048 * testsuite/testutils.c, testsuite/testutils.h: Use <inttypes.h>,
9052 2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
9054 * Use <inttypes.h>, not <stdint.h>.
9056 * blowfish.h (BLOWFISH_MAX_KEY_SIZE): Fixed, should be 56.
9058 * Fixed copyright notices.
9060 * Makefile.am (libnettle_a_SOURCES): Added desinfo.h and
9062 (info_TEXINFOS): Added manual.
9063 (EXTRA_DIST): Added nettle.html.
9064 (%.html): Added rule for building nettle.html.
9066 * nettle.texinfo: New manual.
9068 * configure.in: Bumped version to 0.2.
9070 * testsuite/Makefile.am (TS_PROGS): Added cast128 test.
9074 * testsuite/serpent-test.m4: Added a few rudimentary tests
9075 extracted from the serpent package.
9077 * twofish.c: Adapted to nettle. Made constant tables const.
9078 Deleted bytes_to_word and word_to_bytes; use LE_READ_UINT32 and
9079 LE_WRITE_UINT32 instead.
9080 (twofish_selftest): Deleted. Moved the tests to the external
9082 (twofish_set_key): Don't silently truncate too large keys.
9084 * sha1.c (sha1_update): Use unsigned for length.
9086 * serpent.c (serpent_set_key): Read the key backwards. Fixed
9087 padding (but there are no test vectors for key_size not a multiple
9089 (serpent_encrypt): Read and write data in the strange order used
9090 by the reference implementation.
9091 (serpent_decrypt): Likewise.
9093 * macros.h (FOR_BLOCKS): New macro, taken from lsh.
9095 * blowfish.h (struct blowfish_ctx): Use a two-dimensional array
9098 * blowfish.c (initial_ctx): Arrange constants into a struct, to
9100 (F): Deleted all but one definitions of the F function/macro.
9101 Added a context argument, and use that to find the subkeys.
9102 (R): Added context argument, and use that to find the subkeys.
9103 (blowfish_set_key): Some simplification.
9105 (encrypt): Deleted code for non-standard number of rounds. Deleted
9106 a bunch of local variables. Using the context pointer for
9107 everything should consume less registers.
9108 (decrypt): Likewise.
9110 * Makefile.am (libnettle_a_SOURCES): Added twofish.
9112 2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
9114 * testsuite/blowfish-test.m4: Fixed test.
9116 * Added twofish implementation.
9118 * blowfish.h (struct blowfish_ctx): Use the correct size for the p
9121 2001-06-15 Niels Möller <nisse@ehand.com>
9123 * testsuite/blowfish-test.m4: Fixed testcase, use correct key
9126 * Makefile.am (libnettle_a_SOURCES): Added blowfish files.
9127 ($(des_headers)): Strip directory part when passing file name to
9130 * testsuite/blowfish-test.m4: Added one test, from GNUPG.
9132 * Created blowfish.c and blowfish.h (from GNUPG via LSH). Needs
9135 * aes.h: Fixed copyright notice to not mention GNU MP. XXX: Review
9136 all nettle copyrights.
9138 * testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
9141 2001-06-13 Niels Möller <nisse@ehand.com>
9143 * Makefile.am (libnettle_a_SOURCES): Added serpent files.
9145 2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
9147 * des.c (des_encrypt, des_decrypt): Assert that the key setup was
9150 * testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
9152 * testsuite/sha1-test.m4: New file.
9154 * testsuite/des-test.m4: New file.
9158 * Added desCore files.
9160 * Makefile.am: Added desCore and sha1.
9162 2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
9164 * install-sh: Copied the standard install script.
9166 * testsuite/Makefile.am (CFLAGS): Disable optimization. Add
9167 $(top_srcdir) to the include path.
9168 (EXTRA_DIST): Added testutils.h, testutils.c and run-tests.
9169 (run-tests): Fixed path to run-tests.
9171 * Makefile.am (EXTRA_DIST): Added memxor.h.
9172 (libnettleinclude_HEADERS): Install headers in
9173 $(libnettleincludedir).
9175 2001-04-13 Niels Möller <nisse@cuckoo.hack.org>