+2022-11-09 Niels Möller <nisse@lysator.liu.se>
+
+ From Mamone Tarsha:
+ * powerpc64/p9/poly1305-blocks.asm: New file, multi-block radix
+ 2^44 implementation. Benchmarked to give a speedup of 3.2 times on
+ Power9.
+ * powerpc64/p9/poly1305.m4 (DEFINES_BLOCK_R64, BLOCK_R64): New
+ file, new macros.
+ * powerpc64/p9/poly1305-internal.asm: Use BLOCK_R64 macro.
+ * powerpc64/machine.m4 (INC_GPR, INC_VR): New macros.
+ * powerpc64/fat/poly1305-blocks.asm: New file.
+ * poly1305-update.c: Check HAVE_NATIVE_fat_poly1305_blocks, and
+ define _nettle_poly1305_blocks_c when needed.
+ * fat-ppc.c: Fat setup for _nettle_poly1305_blocks.
+
+2022-11-07 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (ASM_FLAGS): New configure environment variable.
+ * aclocal.m4 (GMP_TRY_ASSEMBLE): Use $ASM_FLAGS.
+ * config.make.in (ASM_FLAGS): Add substitution.
+ * Makefile.in: Use $(ASM_FLAGS) when compiling .asm files.
+
+2022-10-31 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: (asm_file_list): Add HAVE_NATIVE_poly1305_blocks.
+ (asm_nettle_optional_list): Add poly1305-blocks.asm.
+ * x86_64/poly1305-blocks.asm: New file.
+
+ * md-internal.h (MD_FILL_OR_RETURN_INDEX): New macro.
+ * poly1305-update.c (_nettle_poly1305_update): New file and
+ function.
+ * poly1305-internal.h: Declare _nettle_poly1305_blocks and
+ _nettle_poly1305_update.
+ * chacha-poly1305.c (poly1305_update): Use _nettle_poly1305_update.
+ * poly1305-aes.c (poly1305_aes_update): Likewise.
+ * Makefile.in (nettle_SOURCES): Add poly1305-update.c.
+
+2022-10-13 Niels Möller <nisse@lysator.liu.se>
+
+ * gmp-glue.c (mpn_sec_tabselect) [NETTLE_USE_MINI_GMP]: Add back
+ here, to support mini-gmp builds. Updated signature to be
+ compatible with the gmp version.
+ * gmp-glue.h: Add declaration.
+
+2022-10-11 Niels Möller <nisse@lysator.liu.se>
+
+ * sec-tabselect.c (sec_tabselect): Delete file and function. All
+ callers updated to use gmp's mpn_sec_tabselect instead, which is
+ implemented in assembly on many platforms.
+
+2022-10-02 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/ecc-benchmark.c (bench_curve): Add benchmarking of
+ modulo q inversion.
+
+2022-09-29 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Call ecc_mul_g and ecc_mul_a directly, not via
+ function pointers.
+ (ecc_ecdsa_verify_itch): Use ECC_MUL_A_ITCH
+ rather than ecc->mul_itch.
+ * ecc-gostdsa-verify.c (ecc_gostdsa_verify_itch)
+ (ecc_gostdsa_verify): Analogous changes.
+
+ * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Call ecc_mul_g and ecc_j_to_a
+ directly, not via function pointers.
+ (ecc_ecdsa_sign_itch): Use ECC_MUL_G_ITCH rather than
+ ecc->mul_g_itch.
+ * ecc-gostdsa-sign.c (ecc_gostdsa_sign_itch, ecc_gostdsa_sign):
+ Analogous changes.
+
+2022-09-28 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/meta-hash-test.c (test_main): Add check of
+ NETTLE_MAX_HASH_BLOCK_SIZE.
+ * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE): Increase to 144,
+ to accommodate sha3_224.
+ * testsuite/meta-cipher-test.c (test_main): Check that cipher
+ metadata doesn't exceed NETTLE_MAX_CIPHER_BLOCK_SIZE or
+ NETTLE_MAX_CIPHER_KEY_SIZE.
+
+ From Daiki Ueno:
+ * siv-gcm.c (siv_gcm_encrypt_message, siv_gcm_decrypt_message):
+ New file, implementation of SIV-GCM.
+ * siv-gcm.h (SIV_GCM_BLOCK_SIZE, SIV_GCM_DIGEST_SIZE)
+ (SIV_GCM_NONCE_SIZE): New header file, new constants and
+ declarations.
+ * siv-gcm-aes128.c (siv_gcm_aes128_encrypt_message)
+ (siv_gcm_aes128_decrypt_message): New file and functions.
+ * siv-gcm-aes256.c (siv_gcm_aes256_encrypt_message)
+ (siv_gcm_aes256_decrypt_message): Likewise.
+ * siv-ghash-set-key.c (_siv_ghash_set_key): New file, new internal
+ function.
+ * siv-ghash-update.c (_siv_ghash_update): Likewise.
+ * block-internal.h (block16_bswap): New inline function.
+ * bswap-internal.h (bswap64_if_be): New macro.
+ * nettle-internal.h (NETTLE_MAX_CIPHER_KEY_SIZE): New constant.
+ * Makefile.in (nettle_SOURCES): Add new source files.
+ (HEADERS): Add siv-gcm.h.
+ * testsuite/siv-gcm-test.c: New tests.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add siv-gcm-test.c.
+ * nettle.texinfo (SIV-GCM): Documentation.
+
+ From Zoltan Fridrich:
+ * balloon.c (balloon, balloon_itch): Implementation of balloon
+ password hash.
+ * balloon.h: New header file.
+ * balloon-sha1.c (balloon_sha1): New file and function.
+ * balloon-sha256.c (balloon_sha256): Likewise.
+ * balloon-sha384.c (balloon_sha384): Likewise.
+ * balloon-sha512.c (balloon_sha512): Likewise.
+ * Makefile.in (nettle_SOURCES): Add balloon source files.
+ (HEADERS): Add ballon.h.
+ * testsuite/balloon-test.c: New tests.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add balloon-test.c.
+
+2022-09-14 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-nonsec-add-jjj.c (ecc_nonsec_add_jjj): New file and
+ function.
+ * ecc-internal.h: Declare it.
+ * Makefile.in (hogweed_SOURCES): Add ecc-nonsec-add-jjj.c.
+ * testsuite/ecc-add-test.c (test_main): Add tests for ecc_nonsec_add_jjj.
+
+ * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_nonsec_add_jjj,
+ to produce correct result in a corner case where point addition
+ needs to use point duplication. Also use ecc_j_to_a rather than
+ ecc->h_to_a, since ecdsa supports only weierstrass curves.
+ * ecc-gostdsa-verify.c (ecc_gostdsa_verify): Analogous change.
+
+ * testsuite/ecdsa-verify-test.c (test_main): Add corresponding test.
+ * testsuite/ecdsa-sign-test.c (test_main): And a test producing
+ the problematic signature.
+
+2022-09-08 Niels Möller <nisse@lysator.liu.se>
+
+ * eccdata.c (string_toupper): New utility function.
+ (output_modulo): Move more of the per-modulo output here.
+ (output_curve): Remove corresponding code.
+
+2022-08-31 Niels Möller <nisse@lysator.liu.se>
+
+ * bswap-internal.h (nettle_bswap64, nettle_bswap32)
+ (bswap64_if_le): New header file, new inline functions/macros.
+ * gcm.c (gcm_hash_sizes): Use bswap64_if_le, and bswap-internal.h,
+ replacing local definition of bswap_if_le.
+ * nist-keywrap.c (nist_keywrap16): Likewise.
+ * blowfish-bcrypt.c (swap32): Renamed function, to...
+ (bswap32_if_le): ...new name, rewritten to use nettle_bswap32.
+ Update call sites.
+ * Makefile.in (DISTFILES): Add bswap-internal.h.
+
+2022-08-18 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (HEADERS): Add sm4.h.
+
+ From Tianjia Zhang: SM4 block cipher.
+ * sm4.c: New file.
+ * sm4.h: New file.
+ * sm4-meta.c: New file.
+ * gcm-sm4.c: New file
+ * gcm-sm4-meta.c: New file.
+ * nettle.texinfo: Document SM4.
+ * testsuite/gcm-test.c (test_main): Add SM4 tests.
+ * testsuite/sm4-test.c: New file.
+
+ * configure.ac (ABI): Change mips abi check to apply only to mips64.
+
+2022-08-17 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/testutils.c (mpz_urandomm) [NETTLE_USE_MINI_GMP]: New
+ fallback definition when building with mini-gmp.
+
+2022-08-16 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-mod-arith.c (ecc_mod_sub): Ensure that if inputs are in the
+ range 0 <= a, b < 2m, then output is in the same range.
+ * eccdata.c (output_curve): New outputs ecc_Bm2p and ecc_Bm2q.
+ * ecc-internal.h (struct ecc_modulo): New member Bm2m (B^size -
+ 2m), needed by ecc_mod_sub. Update all curves.
+ * testsuite/ecc-mod-arith-test.c: New tests for ecc_mod_add and
+ ecc_mod_sub.
+
+ * eccdata.c (output_modulo): Output the limb size, delete return
+ value.
+ (output_curve): Update calls to output_modulo, other minor cleanup.
+
+ 2022-08-07 Niels Möller <nisse@lysator.liu.se>
+
+ Delete all arcfour assembly code.
+ * arcfour.c (arcfour_crypt): Moved function here, from...
+ * arcfour-crypt.c: ... deleted file.
+ * sparc32/arcfour-crypt.asm: Deleted.
+ * sparc64/arcfour-crypt.asm: Deleted.
+ * x86/arcfour-crypt.asm: Deleted.
+ * asm.m4: Delete arcfour structure offsets.
+
+2022-08-07 Niels Möller <nisse@lysator.liu.se>
+
+ Based on patch from Corentin Labbe:
+ * nettle.texinfo: Document sha256_compress, sha512_compress,
+ md5_compress and sha1_compress.
+
+ * configure.ac: Refer to nettle-types.h, rather than arcfour.c,
+ for AC_CONFIG_SRCDIR.
+
2022-08-05 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h: Include stdlib.h, fix alloca warnings on BSD.
projects / thirdparty / nettle.git / commitdiff
