+2017-10-23 Niels Möller <nisse@lysator.liu.se>
+
+ Undo added underscores on public symbols.
+
+2017-04-09 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-curve.h (nettle_get_secp_192r1, nettle_get_secp_224r1)
+ (nettle_get_secp_256r1, nettle_get_secp_384r1)
+ (nettle_get_secp_521r1): New functions, returning a pointer to
+ corresponding structure.
+ (nettle_secp_192r1, nettle_secp_224r1, nettle_secp_256r1)
+ (nettle_secp_384r1, nettle_secp_521r1): Redefined as macros,
+ calling the corresponding function.
+
+ * nettle-meta.h (nettle_ciphers, nettle_aeads, nettle_armors): New
+ macros, analogous to below change to nettle_hashes.
+
+ * nettle-meta-ciphers.c (_nettle_ciphers): Renamed array, from...
+ (nettle_ciphers: ... old name.
+ (nettle_get_ciphers): New function.
+
+ * nettle-meta-aeads.c (_nettle_aeads): Renamed array, from...
+ (nettle_aeads: ... old name.
+ (nettle_get_aeads): New function.
+
+ * nettle-meta-armors.c (_nettle_armors): Renamed array, from...
+ (nettle_armors: ... old name.
+ (nettle_get_armors): New function.
+
+2017-01-12 Niels Möller <nisse@lysator.liu.se>
+
+ * tools/nettle-hash.c (find_algorithm): Deleted function.
+ (main): Replaced by call to nettle_lookup_hash.
+
+ * testsuite/meta-hash-test.c (test_main): Use nettle_lookup_hash.
+
+ * nettle-meta.h (nettle_hashes): New macro, expanding to a call to
+ nettle_get_hashes. Direct access to the array causes the array
+ size to leak into the ABI, since a plain un-relocatable executable
+ linking with libnettle.so gets copy relocations for any referenced
+ data items in the shared library.
+
+ * nettle-meta-hashes.c (_nettle_hashes): Renamed array, from...
+ (nettle_hashes): ... old name.
+ (nettle_get_hashes): New function.
+
+ 2017-10-16 Niels Möller <nisse@lysator.liu.se>
+
+ CFB support, contributed by Dmitry Eremin-Solenikov.
+ * cfb.c (cfb_encrypt, cfb_decrypt): New file, new functions.
+ * cfb.h: New header file.
+ (CFB_CTX, CFB_SET_IV, CFB_ENCRYPT, CFB_DECRYPT): New macros.
+ * Makefile.in (nettle_SOURCES): Add cfb.c.
+ (HEADERS): Add cfb.h.
+ * testsuite/cfb-test.c: New test case.
+ * testsuite/testutils.c (test_cipher_cfb): New function.
+ * nettle.texinfo (CFB): Documentation.
+
+ 2017-10-16 Niels Möller <nisse@lysator.liu.se>
+
+ * aclocal.m4 (GMP_PROG_CC_FOR_BUILD): Add -g when compiling with
+ gcc.
+
+ 2017-09-24 Niels Möller <nisse@lysator.liu.se>
+
+ * tools/pkcs1-conv.c (base64_decode_in_place): New helper
+ function.
+ (decode_base64): Use it.
+
+ * sexp-transport-format.c (base64_encode_in_place): New helper
+ function.
+ (sexp_transport_vformat): Use it.
+
+ * testsuite/base64-test.c (test_fuzz_once): Update to use char
+ type where appropriate.
+ (test_main): Use helper functions base64_encode_in_place and
+ base64_decode_in_place (copied to this file).
+
+ * testsuite/testutils.c (tstring_data): Use uint8_t for data
+ argument.
+ * testsuite/testutils.h (SDATA): Use US macro to cast data
+ argument.
+
+ 2017-09-14 Niels Möller <nisse@lysator.liu.se>
+
+ * hkdf.c: Delete unneeded includes. Use Nettle licensing notice.
+ * hkdf.h: Include only nettle-types.h, not nettle-meta.h.
+
+ * ecc-mod.c (ecc_mod): Workaround to silence a false positive from
+ the clang static analyzer.
+
+ 2017-09-12 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/testutils.h (mpn_zero_p): Avoid redefining mpn_zero_p
+ when building with mini-gmp. Since the mini-gmp update, this
+ function is defined by mini-gmp, causing link errors if nettle is
+ configured with --enable-mini-gmp --disable-shared. Reported by
+ Tim Rühsen.
+
+ 2017-09-09 Daiki Ueno <dueno@redhat.com>
+
+ * testsuite/ecc-mul-g-test.c (test_main): Fixed mpn_cmp call.
+ * testsuite/ecc-mul-a-test.c (test_main): Likewise.
+ * eccdata.c (ecc_point_out): Write to given stream, instead of
+ stderr.
+ * eccdata.c (output_curve): In curve448, the bit size of the order
+ is slightly smaller than the one of p's. Adjust ecc_Bmodq_shifted
+ accordingly.
+
+ 2017-09-09 Niels Möller <nisse@lysator.liu.se>
+
+ * mini-gmp.c: Updated mini-gmp from the gmp repository, latest
+ change from 2017-07-23.
+ * mini-gmp.h: Likewise.
+
+ 2017-09-06 Niels Möller <nisse@lysator.liu.se>
+
+ * hkdf.c (hkdf_expand): Eliminate a (signed) ssize_t variable, use
+ break rather than return at loop termination.
+
+ 2017-09-06 Niels Möller <nisse@lysator.liu.se>
+
+ HKDF implementation, contributed by Nikos Mavrogiannopoulos.
+ * hkdf.c (hkdf_extract, hkdf_expand): New file, new functions.
+ * hkdf.h: New file.
+ * Makefile.in (nettle_SOURCES): Add hkdf.c.
+ (HEADERS): Add hkdf.h.
+ * testsuite/hkdf-test.c: Tests for hkdf-sha256 and hkdf-sha1.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added hkdf-test.c.
+ * nettle.texinfo (Key derivation functions): Document HKDF.
+
+ 2017-09-04 Andreas Schneider <asn@samba.org>
+
+ * fat-arm.c: Add missing define for _GNU_SOURCE.
+
+ 2017-08-27 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (GMP_NUMB_BITS): Set to dummy value "n/a" in
+ mini-gmp builds.
+ (NUMB_BITS): New substituted variable which always holds the
+ configured value.
+ * Makefile.in (GMP_NUMB_BITS): Renamed variable...
+ (NUMB_BITS): ...new name
+ * config.make.in: Update corresponding substitution.
+
+ 2017-08-26 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-mod-inv.c (ecc_mod_inv): Add missing assert. Fixes a
+ "dead increment" warning from the clang static analyzer.
+
+ 2017-08-26 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-openssl.c (struct openssl_cipher_ctx): New
+ struct. Use everywhere, instead of typing EVP_CIPHER_CTX pointers
+ directly.
+
+ * configure.ac: Update openssl-related tests. Checks for
+ cipher-specific headers are replaced by a check for openssl/evp.h,
+ and the check for the BF_ecb_encrypt function is replaced by a
+ check for EVP_CIPHER_CTX_new.
+
+ 2017-08-03 Daniel P. Berrange <berrange@redhat.com>
+
+ * examples/nettle-openssl.c: Rewritten to use openssl's EVP APIs.
+ The older cipher-specific functions always use openssl's generic
+ software implementation, while the EVP functions enables
+ platform-specific code, e.g., using the x86 AES-NI instructions.
+ (nettle_openssl_init): New function.
+
+ 2017-07-18 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
+ two multiplies. Previously, in-place operation resulted in an
+ invalid call to mpn_mul with overlapping operands. Reported by
+ Sergei Trofimovich.
+
+ 2017-06-09 Niels Möller <nisse@lysator.liu.se>
+
+ * pss.c (pss_verify_mgf1): Check for m being too large, fixing an
+ assertion failure for certain invalid signatures. Based on a patch
+ contributed by Daiki Ueno.
+
+ * testsuite/rsa-pss-sign-tr-test.c (test_main): Add test case
+ contributed by Daiki Ueno. Problem originally found by oss-fuzz,
+ see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132.
+ That problem report is currently embargoed, but will hopefully be
+ public in a month or two.
+
+ 2017-05-23 Niels Möller <nisse@lysator.liu.se>
+
+ Rework the previous change, which had the unintended effect of
+ always regenerating .test-rules.make after ./configure is run.
+ * testsuite/Makefile.in (test-rules.stamp): New stamp file target,
+ depend on Makefile.in, and run $(MAKE) test-rules.
+ (.test-rules.make): Add a level of indirection, by depending on
+ test-rules.stamp.
+
+ 2017-05-20 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/Makefile.in (test-rules): Use $(srddir)/-prefix for
+ .test-rules.make target, and change dependency from Makefile.in to
+ Makefile.
+
+ 2017-05-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+ * testsuite/Makefile.in: Ensure .test-rules.make is regenerated
+ when Makefile.in is modified.
+
+ 2017-04-09 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/dlopen-test.c (main): Call dlclose, to fix memory leak
+ on success.
+
+ * testsuite/pss-test.c: Delete magic to let valgrind to check if
+ pss_encode_mgf1 is side-channel silent with respect to the salt
+ and digest inputs. It turns out that the most significant bits of
+ the padded bignum, and hence its size, depends on these inputs.
+ Which results in a data-dependent branch in the normalization code
+ of at the end of gmp's mpz_import.
+
+ 2017-04-04 Niels Möller <nisse@lysator.liu.se>
+
+ * pss.c (pss_verify_mgf1): Use const for input mpz_t argument.
+ (pss_encode_mgf1): Avoid unnecessary memset and xor operations.
+
+ Merged RSA-PSS support, contributed by Daiki Ueno.
+ * pss-mgf1.h, pss.h: New header files.
+ * pss-mgf1.c (pss_mgf1): New file and function.
+ * pss.c (pss_encode_mgf1, pss_verify_mgf1): New file and
+ functions.
+ * rsa-verify.c (_rsa_verify_recover): New function.
+ * rsa-pss-sha256-sign-tr.c: (rsa_pss_sha256_sign_digest_tr): New
+ file and function.
+ * rsa-pss-sha256-verify.c (rsa_pss_sha256_verify_digest): New
+ file and function.
+ * rsa-pss-sha512-sign-tr.c (rsa_pss_sha384_sign_digest_tr)
+ (rsa_pss_sha512_sign_digest_tr): New file and functions.
+ * rsa-pss-sha512-verify.c (rsa_pss_sha384_verify_digest)
+ (rsa_pss_sha512_verify_digest): New file and functions.
+ * rsa.h: Prototypes for new functions.
+ * testsuite/rsa-pss-sign-tr-test.c: New test case.
+ * testsuite/pss-test.c: New test case.
+ * testsuite/pss-mgf1-test.c: New test case.
+ * Makefile.in, testsuite/Makefile.in: Added new files.
+ * nettle.texinfo: Documentation of rsa-pss functions.
+
+ 2017-03-20 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.h (NETTLE_MAX_HASH_CONTEXT_SIZE): New constant.
+ * testsuite/meta-hash-test.c (test_main): Add sanity check for
+ NETTLE_MAX_HASH_CONTEXT_SIZE.
+
+ * tools/nettle-hash.c (list_algorithms): Also display the internal
+ context size.
+
+ 2017-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+ * ecdsa-verify.c (ecdsa_verify): Eliminated memory leak on error
+ path.
+
2016-10-10 Niels Möller <nisse@lysator.liu.se>
* write-be32.c (_nettle_write_be32): Use const for source argument.