++2014-01-21 Niels Möller <nisse@lysator.liu.se>
++
++ Merged camellia-reorg changes (starting at 2013-10-07).
++
+ 2013-10-10 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (nettle_SOURCES): Updated list of camellia files.
+
+ * testsuite/camellia-test.c (test_invert): Updated for new
+ camellia interface.
+
+ * camellia.h: Reorganized camellia interface, with distinct
+ context structs and functions for camellia128 and camellia256.
+
+ * camellia-meta.c: Deleted file.
+ * camellia256-meta.c: New file.
+ * camellia192-meta.c: New file.
+ * camellia128-meta.c: New file.
+
+ * camellia-set-decrypt-key.c: Deleted file, code moved to:
+ * camellia128-set-decrypt-key.c: New file.
+ (camellia128_invert_key, camellia128_set_decrypt_key): New
+ functions.
+ * camellia256-set-decrypt-key.c: New file.
+ (camellia256_invert_key, camellia256_set_decrypt_key)
+ (camellia192_set_decrypt_key): New functions.
+ * camellia-invert-key.c (_camellia_invert_key): New file and
+ function.
+
+ * camellia-set-encrypt-key.c: Deleted file, code moved to:
+ * camellia128-set-encrypt-key.c: New file.
+ (camellia128_set_encrypt_key): New function.
+ * camellia256-set-encrypt-key.c: New file.
+ (_camellia256_set_encrypt_key, camellia256_set_encrypt_key)
+ (camellia192_set_encrypt_key): New functions.
+ * camellia-absorb.c (_camellia_absorb): New file and function.
+ * camellia-internal.h: Moved key schedule macros here.
+
+ * camellia-crypt.c: Deleted file, code moved to:
+ * camellia128-crypt.c (camellia128_crypt): New file and function.
+ * camellia256-crypt.c (camellia256_crypt): New file and function.
+
+ 2013-10-07 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Delete check for ALIGNOF_UINT64_T, no longer
+ needed.
+ * config.m4.in: Likewise delete ALIGNOF_UINT64_T.
+
+ * camellia-crypt.c (camellia_crypt): Updated call to
+ _camellia_crypt.
+ * camellia-internal.h (_camellia_crypt): Updated prototype.
+ * camellia-crypt-internal.c (_camellia_crypt): Take separate
+ arguments for rounds and subkey array.
+ * x86_64/camellia-crypt-internal.asm: Likewise. Also corrected
+ .file pseudo-ops.
+ * x86/camellia-crypt-internal.asm: Likewise.
+
+2014-01-20 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-internal.c (poly1305_digest): Use union nettle_block16
+ for s argument.
+ * poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
+ change.
+
+ Merged poly1305 changes (starting at 2013-11-08).
+ * x86_64/poly1305-internal.asm: Update to new interface.
+ poly1305_digest much simplified.
+
+ * poly1305.h (struct poly1305_ctx): Moved block and index
+ fields...
+ (struct poly1305_aes_ctx): ... to here.
+ * asm.m4: Delete also from the assembly definition of struct
+ poly1305_ctx.
+
+ * poly1305-internal.c (poly1305_digest): Don't do final padding
+ here, leave that to caller. Add digest to the provided nonce s,
+ and deleted length and dst arguments. Also reset h0-h4 to zero
+ when done.
+ (_poly1305_block): Renamed, from...
+ (poly1305_block): ...old name.
+
+ * poly1305-aes.c (poly1305_aes_update): New function.
+ (poly1305_aes_digest): Update for poly1305_digest changes, do
+ final padding here.
+
+ * poly1305.c (poly1305_update): Deleted file and function. Moved
+ to poly1305-aes.c.
+ * Makefile.in (nettle_SOURCES): Deleted poly1305.c.
+
+2014-01-17 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-internal.c (poly1305_block): Additional argument with
+ the high bit.
+ (poly1305_block_internal): Deleted function, code moved into the
+ poly1305_block.
+ (poly1305_digest): Simplified padding code, call poly1305_block
+ with high bit 0.
+ * poly1305.h (poly1305_block): Update prototype.
+ * poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
+ * x86_64/poly1305-internal.asm (poly1305_block): Handle new
+ argument.
+
+ * poly1305.h (struct poly1305_ctx): Moved nonce field from here...
+ (struct poly1305_aes_ctx): ... to here.
+ * poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
+ Updated for above.
+ * poly1305.c (poly1305_set_nonce): Deleted function.
+ * asm.m4: Delete nonce also from the assembly definition of struct
+ poly1305_ctx.
+
+2014-01-16 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-aes.c: Include poly1305.h. Rewrite functions without
+ using the POLY1305_* macros.
+
+ * Makefile.in (HEADERS): Deleted poly1305-aes.h.
+
+ * poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE)
+ (POLY1305_DIGEST): Deleted macros. Only implemented variant is
+ poly1305-aes.
+ (POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE):
+ New constants.
+ (POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here,
+ from poly1305-aes.h.
+ (struct poly1305_aes_ctx): Likewise.
+ (poly1305_aes_set_key, poly1305_aes_set_nonce)
+ (poly1305_aes_update, poly1305_aes_digest): Likewise.
+ * poly1305-aes.h: Deleted file, declarations moved to poly1305.h.
+ Update all users.
+
+ * poly1305-internal.c (s2, s3, s4): Fixed macros.
+
+ * poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx
+ by struct aes128_ctx.
+ * poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest):
+ Update to use aes128_* functions.
+ * poly1305.h (POLY1305_SET_KEY): Drop key size argument when
+ calling set_key.
+
+2013-12-19 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-aes.h (poly1305_aes_update): Define as an alias for
+ poly1305_update, using preprocessor and a type cast.
+
+ * poly1305-aes.c (poly1305_aes_update): Deleted function.
+
+ * poly1305.h (poly1305_update): Declare.
+ (_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros.
+
+ * poly1305.c (poly1305_update): New function.
+
+2013-11-21 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/poly1305-internal.asm: New file. Almost a factor of two
+ speedup.
+
+ * configure.ac (asm_replace_list): Added poly1305-internal.asm.
+
+ * asm.m4: Define struct ffsets for 64-bit poly1305_ctx.
+
+ * poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
+ additional argument to poly1305_digest.
+ (struct poly1305_ctx): Introduce unions, to support either 26-bit
+ or 64-bit implementation.
+
+ * poly1305-internal.c (poly1305_digest): Added s argument.
+
+ * poly1305.c (poly1305_set_s): Deleted function.
+
+2013-11-12 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-internal.c: New file, for poly1305 functions depending
+ on the internal mod (2^130 - 5) representation.
+ (poly1305_block_internal): New helper function.
+ (poly1305_block, poly1305_digest): Use it.
+
+2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * poly1305.h: New file.
+ * poly1305.c: New file.
+ * poly1305-aes.h: New file.
+ * poly1305-aes.c: New file.
+ * Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
+ (HEADERS): Added poly1305-aes.h and poly1305.h.
+
+ * testsuite/poly1305-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
+
+ * examples/nettle-benchmark.c (time_poly1305_aes): New function.
+ (main): Benchmark poly1305.
+
+2014-01-20 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
+ salsa20-128-set-key.c, and salsa20-256-set-key.c.
+
+ * salsa20.h: Declare new functions.
+ (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
+ (salsa20_set_iv): Define as an alias for salsa20_set_nonce.
+
+ * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
+ salsa20_256_set_key.
+ (salsa20_set_iv): Renamed and moved...
+ * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
+
+ * salsa20-256-set-key.c (salsa20_256_set_key): New file and
+ function.
+ * salsa20-128-set-key.c (salsa20_128_set_key): New file and
+ function.
+
+2014-01-13 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-types.h (union nettle_block16): New type, replacing union
+ gcm_block.
+ * gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
+ * gcm.c: Replaced all use of gcm_block by nettle_block16.
+
+2014-01-04 Niels Möller <nisse@lysator.liu.se>
+
+ * config.guess: Updated to 2014-01-01 version, from
+ git://git.sv.gnu.org/config.git.
+ * config.sub: Likewise.
+
+ * testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark):
+ New function.
+ (test_memxor, test_memxor3): Use test_mark to tell valgrind the
+ start and end of src and destination areas.
+
+ * configure.ac: Check for valgrind/memcheck.h.
+
+ * testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes,
+ needed for the way unaligned data is handled in, e.g., memxor.
+
+2014-01-03 Niels Möller <nisse@lysator.liu.se>
+
+ * shadata.c (main): Zero-pad output values to 8 hex digits.
+ * sha256.c (K): Updated table.
+
+2013-12-17 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (ASM_RODATA): New substituted variable. Needed for
+ portability to darwin.
+ * config.m4.in: Define RODATA, using configure variable ASM_RODATA
+ * x86_64/gcm-hash8.asm: Use RODATA macro.
+
+ * bignum-random-prime.c (_nettle_generate_pocklington_prime): Use
+ stronger variants of Pocklington's theorem, to allow p0 of size
+ down to bits/3.
+
+2013-12-15 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.h (NETTLE_MAX_BIGNUM_BITS)
+ (NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits.
+
+2013-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+ Introduced TMP_GMP_ALLOC macro for temporary allocations of
+ potentially large data, e.g, sized as an RSA key.
+ * gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New
+ macros.
+ * gmp-glue.c (gmp_alloc, gmp_free): New functions.
+ * bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC.
+ * bignum-random.c (nettle_mpz_random_size): Likewise.
+ * pkcs1-decrypt.c (pkcs1_decrypt): Likewise.
+ * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
+ * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise.
+ * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
+ (pkcs1_rsa_sha512_encode_digest): Likewise.
+ * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
+ (pkcs1_rsa_sha256_encode_digest): Likewise.
+ * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
+ (pkcs1_rsa_sha1_encode_digest): Likewise.
+ * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
+ (pkcs1_rsa_md5_encode_digest): Likewise.
+
+2013-12-14 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/gcm-hash8.asm: Use .short rather than .hword, for
+ compatibility with apple's assembler.
+
+2013-12-03 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/sha1-compress.asm: Reorganized, to get closer to the x86
+ version. No difference in running time.
+
+ * configure.ac (dummy-dep-files): Don't overwrite any existing
+ dependency files.
+
+ * x86_64/md5-compress.asm: New file, similar to the x86 version.
+ 35% speedup on AMD, 15% speedup on Intel.
+
+2013-11-25 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/dsa-test.c (test_main): Additional tests from NIST
+ test vectors.
+
+ * testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New
+ functions, supporting arbitrary digest size.
+
+ * testsuite/testutils.h (ASSERT): Improved failure message.
+
+ * dsa-verify.c (dsa_verify): Renamed, from _dsa_verify.
+ * dsa-sign.c (dsa_sign): Renamed, from _dsa_sign.
+
+2013-11-24 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/dsa-keygen-test.c (test_main): Test generating a
+ key with 224-bit q.
+
+ * dsa-verify.c (_dsa_verify): Use _dsa_hash.
+
+ * dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in
+ error case, spotted by Nikos.
+
+ * dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224.
+
+ * dsa-hash.c (_dsa_hash): New file and function. Allows digest
+ sizes not matching the bitsize of q.
+ * dsa.h (_dsa_hash): Declare it.
+ * Makefile.in (hogweed_SOURCES): Added dsa-hash.c.
+
+2013-11-23 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Check also for openssl/ecdsa.h.
+
2013-10-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added eax.c.
projects / thirdparty / nettle.git / commitdiff
