forked from gnutls/nettle
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathChangeLog
More file actions
12770 lines (9077 loc) · 430 KB
/
ChangeLog
File metadata and controls
12770 lines (9077 loc) · 430 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2020-11-14 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv): Use passed in scratch for all
scratch needs, don't use memory after the result area.
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Update invert call.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Likewise.
* ecc-eh-to-a.c (ecc_eh_to_a): Likewise.
* ecc-j-to-a.c (ecc_j_to_a): Likewise.
* ecc-gostdsa-verify.c (ecc_gostdsa_verify): Likewise.
* curve25519-eh-to-x.c (curve25519_eh_to_x): Likewise.
* curve448-eh-to-x.c (curve448_eh_to_x): Update invert call, and
reduce scratch need from 9*size to 5*size.
* ecc-internal.h (ECC_MOD_INV_ITCH, ECC_J_TO_A_ITCH)
(ECC_EH_TO_A_ITCH): Update accordingly, but no change in total
scratch need.
2020-11-13 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (ECC_J_TO_A_ITCH): Generalize, and take invert
itch as an argument, similarly to ECC_EH_TO_A_ITCH. Updated all
secp and gost curve definitions to use it.
2020-10-21 Niels Möller <nisse@lysator.liu.se>
* ecc-secp384r1.c (ecc_secp384r1_inv): New function, modular
inverse using powering.
(_nettle_secp_384r1): Analogous updates. Increases signing
performance roughly 15% on x86_64.
2020-10-20 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv_redc): Deleted, no longer needed.
(ecc_mod_inv_destructive): Deleted, merged with ecc_mod_inv.
* ecc-secp256r1.c (ecc_secp256r1_inv): New function, modular
inverse using powering.
(_nettle_secp_256r1): Analogous updates. Increases signing
performance roughly 6% on x86_64.
* ecc-secp224r1.c (ecc_secp224r1_inv): New function, modular
inverse using powering.
(_nettle_secp_224r1): Analogous updates. Increases signing
performance roughly 17% on x86_64.
2020-10-19 Niels Möller <nisse@lysator.liu.se>
* ecc-secp521r1.c (ecc_secp521r1_inv): New function, modular
inverse using powering.
(_nettle_secp_521r1): Analogous updates. Increases signing
performance roughly 15% on x86_64.
2020-10-15 Niels Möller <nisse@lysator.liu.se>
* ecc-secp192r1.c (ecc_secp192r1_inv): New function, modular
inverse using powering.
(_nettle_secp_192r1): Use it for p.invert, and also update
h_to_a_itch. Increases signing performance roughly 25% on x86_64.
* testsuite/ecc-modinv-test.c (test_modulo): Allow invert function
to return a non-canonical representation.
2020-11-08 Niels Möller <nisse@lysator.liu.se>
Merge refactoring of ecc modulo and reduce functions.
* eddsa-sign.c (_eddsa_sign_itch): Update, since now point
multiplication needs less scratch than point compression.
* eddsa-pubkey.c (_eddsa_public_key_itch): Likewise.
* ecc-internal.h: Update *_ITCH macros for point multiplication
and signatures. They need slightly less scratch after optimization
of the point addition functions.
* ecc-mul-m.c (ecc_mul_m): Reduce scratch need.
(ecc_mul_m): Optimize swapping, with only a single mpn_cnd_swap
per iteration.
* ecc-add-jja.c (ecc_add_jja): Reduce scratch need.
* ecc-add-jjj.c (ecc_add_jjj): Reduce scratch need.
* ecc-internal.h (ECC_ADD_JJA_ITCH, ECC_ADD_JJJ_ITCH): Now 5*size.
(ECC_MUL_M_ITCH): New 8*size.
2020-11-06 Niels Möller <nisse@lysator.liu.se>
After these changes, both curve25519 and curve448 need 4*size for
invert and 6*size for sqrt.
* ecc-curve448.c (ecc_mod_pow_446m224m1): Reduce scratch need.
(ecc_curve448_inv): Likewise.
(ecc_curve448_sqrt): Likewise.
* ecc-curve25519.c (ecc_curve25519_sqrt): Reduce scratch need.
* ecc-add-jja.c (ecc_add_jja): Delete an unneeded copy.
2020-11-05 Niels Möller <nisse@lysator.liu.se>
* ecc-dup-jj.c (ecc_dup_jj): Reduce scratch need.
* ecc-internal.h (ECC_DUP_JJ_ITCH): Now 4*size.
2020-11-03 Niels Möller <nisse@lysator.liu.se>
* ecc-dup-eh.c (ecc_dup_eh): Reduce scratch need.
* ecc-dup-th.c (ecc_dup_th): Analogous changes.
* ecc-internal.h (ECC_DUP_EH_ITCH, ECC_DUP_TH_ITCH): Now 3*size.
* ecc-internal.h (ecc_add_func): Document in-place operation.
* ecc-mul-a-eh.c (ecc_mul_a_eh): Fix call to ecc->add_hhh accordingly.
* testsuite/ecc-add-test.c (test_main): Likewise.
* ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
* ecc-add-th.c (ecc_add_th): Analogous changes.
* ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
* ecc-add-thh.c (ecc_add_thh): Analogous changes.
* ecc-internal.h (ECC_ADD_EH_ITCH, ECC_ADD_EHH_ITCH)
(ECC_ADD_TH_ITCH, ECC_ADD_THH_ITCH): Now 4*size.
2020-11-02 Niels Möller <nisse@lysator.liu.se>
* ecc-curve25519.c (ecc_mod_pow_252m3): Reduce scratch need.
(ecc_curve25519_inv): Likewise.
(ecc_curve25519_sqrt): Likewise.
2020-11-01 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_mul, ecc_mod_sqr): Separate argument
for scratch area, reducing required size of result area. Update
all callers to naïvely keep using result in scratch area.
(ecc_mod_pow_2k, ecc_mod_pow_2k_mul): Simplified, also reducing
required size of result area.
* testsuite/testutils.c (test_ecc_point): Show curve bits on failure.
2020-10-31 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (typedef ecc_mod_func): Updated all assembly
implementations.
* testsuite/ecc-mod-test.c (test_one): Extend tests, to also test
with different destination area.
* testsuite/ecc-redc-test.c (test_main): Likewise.
2020-10-30 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (typedef ecc_mod_func): Add separate result
argument. Updated all C implementations and callers.
2020-10-29 Niels Möller <nisse@lysator.liu.se>
* ecc-mod.c (ecc_mod): More unified handling of final carry
folding. Also eliminates a goto statement.
2020-11-07 Niels Möller <nisse@lysator.liu.se>
Merged initial powerpc64 implementation of chacha.
* configure.ac: New command line option --enable-power-altivec.
Update asm_path logic, and add altivec to FAT_TEST_LIST.
* fat-ppc.c (get_ppc_features): Add logic to check for altivec and
vsx support, and select aither C or altivec implementation of
chacha_core.
* powerpc64/p7/chacha-core-internal.asm: New file.
2020-09-25 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-core-internal.asm: New file.
* Makefile.in (distdir): Add powerpc64/p7.
2020-10-29 Niels Möller <nisse@lysator.liu.se>
* blowfish.c (blowfish_set_key): Add casts to uint32_t. Avoids
undefined behavior, since shifting an 8-bit value left by 24 bits
overflows the range of signed int. Reported by Guido Vranken.
2020-10-28 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.h (cnd_add_n, cnd_sub_n, cnd_swap): Deleted, use
corresponding functions mpn_cnd_add_n, mpn_cnd_sub_n,
mpn_cnd_swap, available from GMP version 6.1.0. Update all
callers, in particular, mpn_cnd_add_n and mpn_cnd_sub_n has one
more argument than the old functions.
* gmp-glue.c (mpn_cnd_add_n, mpn_cnd_sub_n, mpn_cnd_swap)
[NETTLE_USE_MINI_GMP]: Fallback definitions or mini-gmp builds.
2020-10-14 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_pow_2k, ecc_mod_pow_2k_mul): Moved
functions here.
* ecc-internal.h (ecc_mod_pow_2kp1): New macro, calling the more
general ecc_mod_pow_2k_mul.
* ecc-curve25519.c (ecc_mod_pow_2kp1): Deleted static function.
* ecc-curve448.c (ecc_mod_pow_2k, ecc_mod_pow_2kp1): Deleted
static functions.
2020-10-13 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv_destructive): New helper function,
not preserving input argument. Extracted from old ecc_mod_inv.
(ecc_mod_inv): Call ecc_mod_inv_destructive.
(ecc_mod_inv_redc): New inversion function, with input and output
in redc form.
* ecc-secp224r1.c: Select between ecc_mod_inv and ecc_mod_inv_redc.
* ecc-secp256r1.c: Likewise.
* ecc-j-to-a.c (ecc_j_to_a): Simplify redc-related logic, taking
advantage of ecc->p.invert handling redc, when appropriate. Reduce
scratch need from 5n to 4n in the process (assuming inversion
needs 2n).
* testsuite/ecc-modinv-test.c (ref_modinv): Updated to do redc, if
appropriate.
2020-09-25 Niels Möller <nisse@lysator.liu.se>
* gcm.c (gcm_fill): Added separate implementations for big- and
little-endian, to use uint64_t stores and less overhead.
2020-09-24 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): Prefer to use register
names. Can be tested by configuring with CC='gcc -Wa,-mregnames'.
2020-09-21 Niels Möller <nisse@lysator.liu.se>
* m4-utils.m4: New file with m4 utilities, copied from GMP's
mpn/asm-defs.m4.
* Makefile.in (DISTFILES): Add m4-utils.m4.
(%.asm): Include m4-utils.m4 for preprocessing of .asm files, and
include config.m4 before machine.m4.
* aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): New configure test,
adapted from corresponding test in GMP's acinlude.m4.
* configure.ac (ASM_PPC_WANT_R_REGISTERS): New substituted
variable. Set using GMP_ASM_POWERPC_R_REGISTERS, when powerpc64
assembly code is enabled.
* config.m4.in: Substituted here.
* powerpc64/machine.m4: Check ASM_PPC_WANT_R_REGISTERS, and
if needed, replace register names like r0, r1, ... with integers.
2020-09-15 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DISTFILES): Add missing file blowfish-internal.h.
2020-09-14 Niels Möller <nisse@lysator.liu.se>
* asm.m4: Delete use of changequote, stick to the m4 default
quoting characters `'. Updated all assembly and m4 files.
* x86_64/machine.m4 (W64_ENTRY, W64_EXIT): Delete quoting workaround.
2020-09-12 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-2core.asm: Fix incorrect W64_EXIT.
2020-08-29 Niels Möller <nisse@lysator.liu.se>
Initial powerpc64 assembly support, contributed by Mamone Tarsha:
* configure.ac: New configure option --enable-power-crypto-ext.
(asm_path): Setup this and related variables for powerpc64.
* powerpc64/machine.m4: New file.
* powerpc64/README: New file.
* powerpc64/p8/aes-encrypt-internal.asm: New file.
* powerpc64/p8/aes-decrypt-internal.asm: New file.
* powerpc64/fat/aes-encrypt-internal-2.asm: New file.
* powerpc64/fat/aes-decrypt-internal-2.asm: New file.
* fat-ppc.c: New file.
* Makefile.in (OPT_SOURCES): Add fat-ppc.c.
(distdir): Add powerpc64 directories.
* aes-decrypt-internal.c (_nettle_aes_decrypt_c): Alternative
name, for fat builds.
* aes-encrypt-internal.c (_nettle_aes_encrypt_c): Likewise.
2020-07-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac (FAT_TEST_LIST): New substituted variable. Set for
fat builds, otherwise empty.
* Makefile.in (check-fat): New target, using $(FAT_TEST_LIST).
2020-07-13 Niels Möller <nisse@lysator.liu.se>
* chacha-crypt.c (chacha_crypt) [HAVE_NATIVE_chacha_3core]: Use
_chacha_3core.
* arm/neon/chacha-3core.asm: New file, 3-way interleaving of
chacha.
2020-07-11 Niels Möller <nisse@lysator.liu.se>
* testsuite/chacha-test.c (test_main): Delete obsolete tests for
chacha with 128-bit keys. #if:ed out since 2014-03-04, see below.
(test_chacha_core): New function, test chacha with simple input
structure.
2020-07-10 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-2core.asm: New file.
* x86_64/salsa20-crypt.asm: Deleted, siince the 2core assembly is
faster.
2020-07-08 Niels Möller <nisse@lysator.liu.se>
Rearrange salsa20, enabling ARM fat builds to use sala20_2core.
* salsa20-crypt-internal.c (_salsa20_crypt_2core)
(_salsa20_crypt_1core): New file, new functions. One or the other
is used for implementing salsa20_crypt and salsa20r12_crypt,
depending on availability of salsa20_2core.
* salsa20-crypt.c (salsa20_crypt): Call _salsa20_crypt.
* salsa20r12-crypt.c (salsa20r12_crypt): Likewise.
* salsa20-internal.h: Declare new internal functions.
* Makefile.in (nettle_SOURCES): Add salsa20-crypt-internal.c.
* fat-setup.h (salsa20_crypt_func): New typedef.
* fat-arm.c (_salsa20_crypt): Select _salsa20_crypt
implementation, use 2core version when Neon instructions are
available.
* arm/fat/salsa20-2core.asm: New file, including Neon
implementation. Trigger configure's HAVE_NATIVE_fat_salsa20_2core,
* configure.ac: Add HAVE_NATIVE_fat_salsa20_2core, to identify the
case that salsa20_2core is defined, but runtime checks are needed
to determine if it is usable.
2020-07-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/salsa20-test.c (test_salsa20_core): New function, test
salsa20 with simple input structure.
* configure.ac: Obey --enable-arm-neon=yes, even if not explicitly
targetting ARM v6 or later.
2020-07-01 Niels Möller <nisse@lysator.liu.se>
* testsuite/bcrypt-test.c: New file. Moved bcrypt tests here.
Support for bcrypt, contributed by Stephen R. van den Berg.
* blowfish-bcrypt.c (blowfish_bcrypt_hash)
(blowfish_bcrypt_verify): New file, new functions.
* blowfish-internal.h: New header file, declaring internals needed
for bcrypt.
* testsuite/blowfish-test.c: Add bcrypt tests.
* nettle.texinfo (Cipher functions): Document bcrypt.
2020-06-30 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Miscellaneous hash functions): New section, with
Streebog documentation, contributed by Dmitry Baryshkov.
(Top): Added some missing entries to the detailed node listing
2020-06-29 Niels Möller <nisse@lysator.liu.se>
* .gitlab-ci.yml: Add cross tests for powerpc64le, based on patch
by Maamoun TK.
2020-06-25 Niels Möller <nisse@lysator.liu.se>
* x86_64/chacha-core-internal.asm (QROUND): Fix use of macro
arguments. Spotted by Torbjörn Granlund.
2020-06-02 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Delete call to
time_overhead. The attempt to measure function call overhead is
not very useful or accurate. The benchmarking loop is optimized
away by gcc-10, making the benchmark program hang.
(bench_nothing, time_overhead): Deleted.
2020-04-29 Niels Möller <nisse@lysator.liu.se>
* Released Nettle-3.6.
2020-04-27 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Tweak gcc command line options. Delete checks for
older gcc versions. Add -Wno-sign-compare, since warnings for
signed/unsigned comparisons adds a lot of noise, in particular
when building mini-gmp.
* mini-gmp.c: Updated mini-gmp from the gmp repository, latest
change from 2020-04-20.
* mini-gmp.h: Likewise.
2020-04-25 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.c (mpz_limbs_read, mpz_limbs_write, mpz_limbs_modify)
(mpz_limbs_finish, mpz_roinit_n): Delete compatibility
definitions. These functions available in GMP since version 6.0.0.
* gmp-glue.h: Delete corresponding declarations, and preprocessor
conditions.
* configure.ac: Update required version of GMP to 6.1.0, needed
for mpn_zero_p.
* ecc-ecdsa-verify.c (zero_p): Deleted static function, usage
replaced with mpn_zero_p.
* testsuite/testutils.c (mpn_zero_p): Delete conditional
definition.
* testsuite/testutils.h: Delete corresponding declarations.
* Makefile.in (DISTFILES): Add poly1305-internal.h.
* testsuite/Makefile.in (DISTFILES): Delete setup-env.
2020-04-23 Niels Möller <nisse@lysator.liu.se>
* run-tests: Set WINEPATH, since it appears wine doesn't search
for dlls in the unix PATH.
* examples/setup-env: Delete creation of extra dll symlinks.
* examples/teardown-env: Delete corresponding cleanup.
* testsuite/setup-env: Deleted file (same symlink creation).
* testsuite/teardown-env: Delete corresponding cleanup.
* testsuite/ecc-add-test.c (test_main): Delete ASSERTs with
functions pointer comparisons. They provide little value, and fail
when linking with hogweed.dll on windows.
* testsuite/ecc-dup-test.c (test_main): Likewise.
2020-04-22 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in: Use pattern rules for test executables,
replacing...
(test-rules): ...deleted rule.
* testsuite/.test-rules.make: Deleted file.
2020-04-21 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* gostdsa-vko.c (gostdsa_vko): New file and function.
* testsuite/gostdsa-vko-test.c (test_vko): New test.
* nettle.texinfo (GOSTDSA): Document it.
2020-04-19 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* gosthash94.h (struct gosthash94_ctx): Rearrange struct to enable
use of MD_UPDATE macro, in particular, replacing byte count with
block count and index. Also move buffer last, for consistency with
other hash functions.
* gosthash94.c (gosthash94_update_int): Use MD_UPDATE macro.
(gosthash94_write_digest): Update for block count rather than byte
count.
2020-04-17 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBNETTLE_MAJOR): Increase libnettle version
number to 8.0, for move of internal poly1305 functions.
(LIBNETTLE_MINOR): Reset to zero.
2020-04-15 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* poly1305.h (poly1305_set_key, poly1305_digest, _poly1305_block):
Removed declarations from this public header file.
* poly1305-internal.h: New file, with declarations of internal
poly1305 functions.
(_poly1305_set_key, _poly1305_digest): Renamed, with leading
underscore. Updated definitions and all uses.
2020-04-12 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DISTFILES): Reorder to ensure that generated des
headers can't be older than desdata.stamp.
* testsuite/ed448-test.c: Define _GNU_SOURCE, for getline with gcc
-std=c89.
2020-04-06 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBHOGWEED_MAJOR): Increase libhogweed version
number to 6.0, at request of Gnutls team.
(LIBHOGWEED_MINOR): Reset to zero.
2020-04-01 Niels Möller <nisse@lysator.liu.se>
* config.guess: Update to 2020-01-01 version, from savannah's
config.git.
* config.sub: Likewise.
2020-03-31 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (LSH_TYPE_SOCKLEN_T, LSH_CHECK_KRB_LIB, LSH_LIB_ARGP)
(LSH_MAKE_CONDITIONAL): Delete unused macros.
* config.make.in (abs_top_builddir, TEST_SHLIB_DIR): New variables.
* run-tests: Check TEST_SHLIB_DIR, and set up LD_LIBRARY_PATH and
related member variables.
* testsuite/Makefile.in (check): Pass only TEST_SHLIB_DIR
to the run-tests script, and leave setting of LD_LIBRARY_PATH and
related variables to that script.
* examples/Makefile.in (check): Likewise.
2020-03-26 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version to 3.6.
(LIBNETTLE_MINOR): Bump minor number, now 7.1.
(LIBHOGWEED_MINOR): Bump minor numbers, now 5.1
2020-03-14 Niels Möller <nisse@lysator.liu.se>
From H.J. Lu:
* configure.ac (ASM_X86_ENDBR)
(ASM_X86_MARK_CETASM_X86_MARK_CET_ALIGN): New substituted
variables.
* config.m4.in: Substituted here. Add ASM_X86_MARK_CET to
diversion inserted at end of assembly files.
* asm.m4 (PROLOGUE): Add ASM_X86_ENDBR at entry point.
2020-03-09 Niels Möller <nisse@lysator.liu.se>
From Daiki Ueno:
* chacha-crypt.c (chacha_crypt32): New function.
* chacha-set-nonce.c (chacha_set_counter, chacha_set_counter32):
New functions.
* chacha.h (CHACHA_COUNTER_SIZE, CHACHA_COUNTER32_SIZE): New constants.
* chacha-poly1305.c (chacha_poly1305_encrypt)
(chacha_poly1305_decrypt): Use chacha_crypt32.
* testsuite/chacha-test.c: Update tests to use new functions.
* nettle.texinfo: Document new chacha functions, and update
out-of-date chacha-poly1305 documentation.
2020-03-08 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* cmac-des3-meta.c (nettle_cmac_des): New file, moving definition
from...
* testsuite/cmac-test.c: ... old location.
* nettle-meta.h (nettle_cmac_des): Declare it.
2020-02-15 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* ecc-internal.h (ecc_modq_add, ecc_modq_mul, ecc_modp_sqr)
(ecc_modp_mul, ecc_mod_submul_1, ecc_modp_mul_1, ecc_modp_add)
(ecc_modp_sub): Deleted macros. Updated callers to use respective
functions instead.
(ecc_modp_addmul_1): Delete unused macro.
2020-02-09 Niels Möller <nisse@lysator.liu.se>
Addition of struct nettle_mac based on patches by Daiki Ueno.
* nettle-meta-macs.c (nettle_get_macs): New file, new function.
* testsuite/meta-mac-test.c: New test.
* nettle-meta.h (_NETTLE_HMAC): New macro.
(nettle_hmac_md5, nettle_hmac_ripemd160, nettle_hmac_sha1)
(nettle_hmac_sha224, nettle_hmac_sha256, nettle_hmac_sha384)
(nettle_hmac_sha512): Declare.
(struct nettle_mac): New public struct,
* testsuite/testutils.h: ...moved from this file.
* hmac-md5-meta.c: New file.
* hmac-ripemd160-meta.c: Likewise.
* hmac-sha1-meta.c: Likewise.
* hmac-sha224-meta.c: Likewise.
* hmac-sha256-meta.c: Likewise.
* hmac-sha384-meta.c: Likewise.
* hmac-sha512-meta.c: Likewise.
* Makefile.in (nettle_SOURCES): Add new files.
* testsuite/testutils.h (_NETTLE_HMAC): Delete unused version of
this macro.
* testsuite/testutils.c (test_mac): Allow testing with smaller
digest size.
* testsuite/hmac-test.c (test_main): Use test_mac for tests using
key size == digest size.
* testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256):
Moved to...
* cmac-aes128-meta.c: New file.
* cmac-aes256-meta.c: New file.
* nettle-meta.h (struct nettle_mac): New public struct,
* testsuite/testutils.h: ...moved from this file.
2020-02-06 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* gost28147.h: Deleted, move declarations to gost28147-internal.h.
2020-02-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: On Solaris, link shared libraries with --shared
rather than -G. For gcc, --shared is the proper way. For Solaris'
proprietary cc, according to docs, it accepts --shared as an alias
for -G since Oracle Solaris Studio 12.4, and it was made more gcc
compatible in later versions. Since 12.4 was released in 2014,
don't attempt to cater for older versions.
2020-01-26 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (struct ecc_curve): Delete g, the curve
generator, since it was used only by tests. Update all curve
instances.
* eccdata.c (output_curve): Delete output of ecc_g.
(output_point): Delete name argument, and update callers.
* testsuite/testutils.c (ecc_ref): Table of reference points moved
out of test_ecc_mul_a. Add generator to the list of points.
(test_ecc_mul_a): Use ecc_ref table also for the n == 1 case.
(test_ecc_ga, test_ecc_get_g, test_ecc_get_ga): New functions,
using the tabulated generator.
* testsuite/ecc-add-test.c: Use test_ecc_get_g, instead of
accessing ecc->g.
* testsuite/ecc-dup-test.c: Likewise.
* testsuite/ecc-mul-a-test.c: Use test_ecc_get_ga and test_ecc_ga.
Delete special case for n == 1.
* testsuite/ecc-mul-g-test.c: Use test_ecc_ga.
Support for GOST DSA, contributed by Dmitry Baryshkov.
* gostdsa-verify.c (gostdsa_verify): New file and function.
* gostdsa-sign.c (gostdsa_sign): New file and function.
* ecc-gostdsa-verify.c (ecdsa_in_range, ecc_gostdsa_verify_itch)
(ecc_gostdsa_verify): New file and functions.
* ecc-gostdsa-sign.c (ecc_gostdsa_sign_itch, ecc_gostdsa_sign):
New file and functions.
* ecc-internal.h (ECC_GOSTDSA_SIGN_ITCH): New macro.
* ecc-hash.c (gost_hash): New function.
* testsuite/gostdsa-verify-test.c: New test.
* testsuite/gostdsa-sign-test.c: New test.
* testsuite/gostdsa-keygen-test.c: New test.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add new tests.
Support for GOST gc256b and gc512a curves, contributed by Dmitry
Baryshkov.
* eccdata.c (ecc_curve_init): Add parameters for gost_gc256b and
gost_gc512a.
* ecc-gost-gc256b.c: New file, define _nettle_gost_gc256b.
* ecc-gost-gc512a.c: New file, define _nettle_gost_gc512a.
* Makefile.in: Add rules to generate ecc-gost-gc256b.h and
ecc-gost-gc512a.h.
(hogweed_SOURCES): Add ecc-gost-gc256b.c ecc-gost-gc512a.c.
* examples/ecc-benchmark.c (curves): Add to list.
* testsuite/testutils.c (ecc_curves): Add to list.
(test_ecc_mul_a): Reference points for new curves.
* NEWS: Started on entries for Nettle-3.6.
2020-01-25 Niels Möller <nisse@lysator.liu.se>
* examples/hogweed-benchmark.c (bench_curve_init): Pass correct
sizes to knuth_lfib_random. Patch contributed by Dmitry Baryshkov.
2020-01-15 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Replace suffix rules by pattern rules. Move .asm
rule above .c rule, since now the order of rules in the Makefile
matters, rather than the order in the .SUFFIXES list.
(aesdata, desdata, twofishdata, shadata, gcmdata, eccparams):
Individual rules replaced by a pattern rule.
(eccdata): Add explicit dependencies, to complement the pattern
rule.
* examples/Makefile.in: Replace suffix rules by pattern rules.
* testsuite/Makefile.in: Likewise.
* tools/Makefile.in: Likewise.
* config.make.in: Empty .SUFFIXES, to not accidentally use any
suffix rules.
* aclocal.m4 (DEP_INCLUDE): Delete substituted variable.
* Makefile.in: Use the GNU make directive -include to include
dependency .d files. Delete dependency files on make clean.
* examples/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise. Also use $(OBJEXT) properly.
* tools/Makefile.in: Likewise.
* configure.ac (dummy-dep-files): Delete these config commands.
2020-01-10 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov: Consistently rename ecc files and
internal functions to include curve name rather than just number
of bits. E.g.,
* ecc-256.c (nettle_ecc_256_redc): File and function renamed to...
* ecc-secp256r1.c (_nettle_ecc_256_redc): ... new names.
* eccdata.c (ecc_curve_init, main): Take curve name as input, not
bit size.
2020-01-03 Niels Möller <nisse@lysator.liu.se>
Add benchmarking of ed25519, ed448 and curve448.
* examples/hogweed-benchmark.c: (struct eddsa_ctx): New struct.
(bench_eddsa_init, bench_eddsa_sign, bench_eddsa_verify)
(bench_eddsa_clear): New functions.
(struct curve_ctx): New struct, generalizing struct curve25519_ctx.
(bench_curve_init, bench_curve_mul_g, bench_curve_mul)
(bench_curve_clear): New functions.
(struct curve25519_ctx, bench_curve25519_mul_g)
(bench_curve25519_mul, bench_curve25519): Deleted.
(alg_list): Add eddsa and curve entries.
(main): Delete call to bench_curve25519.
2020-01-02 Niels Möller <nisse@lysator.liu.se>
* eddsa-internal.h (nettle_eddsa_dom_func): New typedef.
(struct ecc_eddsa): Use function pointer to represent eddsa dom
string. To avoid calling sha512_update with empty input for
ed25519.
* ed448-shake256.c (ed448_dom): New function, calling
sha3_256_update with the magic dom prefix.
(_nettle_ed448_shake256): Point to it.
* ed25519-sha512.c (_nettle_ed25519_sha512): Add do-nothing dom function.
* eddsa-sign.c (_eddsa_sign): Update to use dom function pointer.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-internal.h (struct ecc_eddsa): Add magic dom string,
needed for ed448.
* ed25519-sha512.c (_nettle_ed25519_sha512): Empty dom string.
* ed448-shake256.c (_nettle_ed448_shake256): New file and
parameter struct.
* eddsa-hash.c (_eddsa_hash): Add digest_size as input argument.
Handle ed448 digests with two extra bytes. Update callers.
* eddsa-verify.c (_eddsa_verify): Hash dom string.
* eddsa-sign.c (_eddsa_sign_itch): Assert that
_eddsa_compress_itch isn't too large.
(_eddsa_sign): New argument k1, with the hash prefix. Add hashing
of this prefix and the dom string. Update callers. Fix final
reduction, it's different for ed25519, with q slightly larger than
a power of two, and ed448, with q slightly smaller.
* eddsa-pubkey.c (_eddsa_public_key_itch): Assert that
_eddsa_compress_itch isn't too large.
Implementation of ed448-shake256, based on patch by Daiki Ueno.
* ed448-shake256-pubkey.c (ed448_shake256_public_key): New file
and function.
* ed448-shake256-sign.c (ed448_shake256_sign): New file and function.
* ed448-shake256-verify.c (ed448_shake256_verify): New file and function.
* Makefile.in (hogweed_SOURCES): Add new ed448 files.
* testsuite/eddsa-verify-test.c (test_ed448): New function.
(test_main): New ed448 tests.
* testsuite/eddsa-sign-test.c (test_ed448_sign): New function.
(test_main): New ed448 tests.
* testsuite/ed448-test.c: New tests.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add ed448-test.c.
* nettle.texinfo (Curve 25519 and Curve 448): Document ed448.
2020-01-01 Niels Möller <nisse@lysator.liu.se>
* ecc-448.c (ecc_mod_pow_2kp1): New function.
(ecc_mod_pow_446m224m1): Reduce scratch usage from 6*n to 5*n, at
the cost of one copy operation. Also use ecc_mod_pow_2kp1 where
applicable.
(ECC_448_INV_ITCH): Reduce to 5*ECC_LIMB_SIZE.
(ECC_448_SQRT_ITCH): Reduce to 9*ECC_LIMB_SIZE.
* testsuite/eddsa-compress-test.c: Test also with curve448.
2019-12-30 Niels Möller <nisse@lysator.liu.se>
Preparation for ed448, based on patch by Daiki Ueno.
* eddsa-internal.h (struct ecc_eddsa): New struct for eddsa
parameters.
* ed25519-sha512.c (_nettle_ed25519_sha512): New parameter struct.
* eddsa-expand.c (_eddsa_expand_key): Replace input
struct nettle_hash with struct ecc_eddsa, and generalize for
ed448. Update all callers.
* eddsa-sign.c (_eddsa_sign): Likewise.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-compress.c (_eddsa_compress): Store sign bit in most
significant bit of last byte, as specified by RFC 8032.
* eddsa-decompress.c (_eddsa_decompress): Corresponding update.
Also generalize to support ed448, and make validity checks
stricter.
* testsuite/eddsa-sign-test.c (test_ed25519_sign): New function.
(test_main): Use it.
* testsuite/eddsa-verify-test.c (test_ed25519): New function.
(test_main): Use it.
2019-12-28 Niels Möller <nisse@lysator.liu.se>
* bignum.h: Drop unrelated include of nettle-meta.h.
* pss.h: Include nettle-meta.h explicitly.
* eddsa-internal.h: Likewise.
2019-12-25 Niels Möller <nisse@lysator.liu.se>
Support for SHAKE256, based on patch by Daiki Ueno.
* shake256.c (sha3_256_shake): New file and function.
* Makefile.in (nettle_SOURCES): Add shake256.c.
* testsuite/testutils.c (test_hash): Allow arbitrary digest size,
if hash->digest_size == 0.
* testsuite/shake.awk: New script to extract test vectors.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add shake256-test.c.
(DISTFILES): Add shake.awk.
* nettle.texinfo (Recommended hash functions): Document SHAKE-256.
* sha3.c (_sha3_pad): Generalized with an argument for the magic
suffix defining the sha3 instance.
* sha3-internal.h (_sha3_pad_hash): New macro, for SHA3 hashes.
Updated all callers of _sha3_pad.
(_sha3_pad_shake): New macro, using the SHAKE magic byte 0x1f.
2019-12-19 Niels Möller <nisse@lysator.liu.se>
* ecc-mul-a-eh.c (ecc_mul_a_eh) [ECC_MUL_A_EH_WBITS == 0]: Use
add_hh rather than add_hhh.
(table_init) [[ECC_MUL_A_EH_WBITS > 0]: Likewise.
* ecc-internal.h (ECC_MUL_A_EH_ITCH) [ECC_MUL_A_EH_WBITS == 0]:
Reduced from 13*n to 12*n.
2019-12-18 Niels Möller <nisse@lysator.liu.se>
Rename add and dup functions for Edwards curves.
* ecc-dup-th.c (ecc_dup_th): New file, move and rename ecc_dup_eh.
* ecc-add-th.c (ecc_add_th): New file, move and rename ecc_add_eh.
* ecc-add-thh.c (ecc_add_thh): New file, move and rename
ecc_add_ehh.
* ecc-dup-eh.c (ecc_dup_eh_untwisted): Rename to just ecc_dup_eh.
* ecc-add-eh.c (ecc_add_ehh_untwisted): Rename to just ecc_add_eh.
* ecc-add-ehh.c (ecc_add_ehh_untwisted): Rename to just ecc_add_ehh.
* ecc-internal.h (ecc_dup_th, ecc_add_th, ecc_add_thh): Declare
new functions, delete declarations of ecc_*_untwisted variants.
(ECC_DUP_TH_ITCH, ECC_ADD_TH_ITCH, ECC_ADD_THH_ITCH): New macros.
* ecc-25519.c (_nettle_curve25519): Update, use ecc_dup_th and
friends.
* ecc-448.c (_nettle_curve448): Update for rename, without
_untwisted suffix.
* Makefile.in (hogweed_SOURCES): Added ecc-dup-th.c, ecc-add-th.c,
and ecc-add-thh.c
* testsuite/ecc-dup-test.c (test_main): Update asserts.
* testsuite/ecc-add-test.c (test_main): Likewise.
* eddsa-verify.c (_eddsa_verify): Use function pointer rather than
calling ecc_add_eh directly. Preparation for eddsa over curve448.
2019-12-17 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c (bench_dup_hh): Rename, and use
ecc->dup pointer.
(bench_dup_jj): ... old name.
(bench_add_hh): Rename, and use ecc->addd_hh pointer.
(bench_add_jja): ... old name.
(bench_dup_eh, bench_add_eh): Deleted.
(bench_curve): Update, and delete curve25519 special case.
(main): Update table headers accordingly.
2019-12-15 Niels Möller <nisse@lysator.liu.se>
* ecc-dup-eh.c (ecc_dup_eh): Eliminate one unneeded ecc_modp_add.
2019-12-14 Niels Möller <nisse@lysator.liu.se>
* ecc-mul-m.c (ecc_mul_m): New file and function. Implements
multipliction for curves in Montgomery representation, as used for
curve25519 and curve448. Extracted from curve25519_mul.
* ecc-internal.h (ecc_mul_m): Declare.
(ECC_MUL_M_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Add ecc-mul-m.c.
* curve25519-mul.c (curve25519_mul): Use ecc_mul_m.
* curve448-mul.c (curve448_mul): Likewise.
2019-12-13 Niels Möller <nisse@lysator.liu.se>
* Merge curve448 implementation.
2019-12-09 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h: Revert itch macro changes. We now have
h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few places
relying on this.
(ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
(ECC_ECDSA_SIGN_ITCH): Revert previous change.
* ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
to 6*n.
(ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.
* curve448-mul.c (curve448_mul): Reduce allocation from 14*n to 12*n.
2019-12-08 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-curve448-modp.asm (nettle_ecc_curve448_modp): New
assembly function.
* ecc-448.c (ecc_448_modp) [HAVE_NATIVE_ecc_curve448_modp]: Use
native nettle_ecc_curve448_modp if available.
* configure.ac (asm_hogweed_optional_list): Add ecc-curve448-modp.asm.
(HAVE_NATIVE_ecc_curve448_modp): New config.h define.
2019-12-03 Niels Möller <nisse@lysator.liu.se>
* ecc-448.c (ecc_448_modp) [GMP_NUMB_BITS == 64]: New function.
2019-12-01 Niels Möller <nisse@lysator.liu.se>
Curve 448 support contributed by Daiki Ueno.
* eccdata.c (enum ecc_type): Add ECC_TYPE_EDWARDS.
(ecc_add): Support untwisted edwards curves.
(ecc_curve_init): Add curve448 parameters.
* ecc-internal.h (ECC_ECDSA_KEYGEN_ITCH): New macro.
(ECC_ECDSA_SIGN_ITCH): Increased from 12*size to 13*size.
(ECC_MAX): New macro.
* ecc-448.c: New file.
(ecc_mod_pow_2k, ecc_mod_pow_446m224m1, ecc_448_inv)
(ecc_448_zero_p, ecc_448_sqrt): New functions.
(_nettle_curve448): New curve definition.
* curve448.h (CURVE448_SIZE): New constant.
(curve448_mul_g, curve448_mul): Declare new public functions.
* ecc-eh-to-a.c (ecc_eh_to_a): Update assert to allow the curve448
Edwards curve.
* curve448-mul.c (curve448_mul): New file and function.
* curve448-mul-g.c (curve448_mul_g): New file and function.
* curve448-eh-to-x.c (curve448_eh_to_x): New file and function.
* ecc-dup-eh.c (ecc_dup_eh_untwisted): New function.
* ecc-add-ehh.c (ecc_add_ehh_untwisted): New function.
* ecc-add-eh.c (ecc_add_eh_untwisted): New function.
* ecc-point.c (ecc_point_set): Add point validation for curve448.
* ecc-point-mul.c (ecc_point_mul): Allow h_to_a_itch larger than
mul_itch.
* ecc-point-mul-g.c (ecc_point_mul_g): Allow h_to_a_itch
larger than mul_g_itch. Switch from TMP_DECL/_ALLOC/_FREE to
gmp_alloc_limbs/gmp_free_limbs.
* ecdsa-keygen.c (ecdsa_generate_keypair): Use
ECC_ECDSA_KEYGEN_ITCH.
* Makefile.in (hogweed_SOURCES): Add ecc-448.c, curve448-mul-g.c,
curve448-mul.c, and curve448-eh-to-x.c.
(HEADERS): Add curve448.h.
(ecc-448.h): New generated file.
* testsuite/testutils.c (ecc_curves): Add _nettle_curve448 to list
of tested curves.
(test_ecc_mul_a): Add curve448.
* testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add curve448 support.
* testsuite/ecdh-test.c (test_main): Add tests for (non-standard)
curve448 diffie-hellman.
* testsuite/ecc-add-test.c (test_main): Update for testing of curve448.
* testsuite/ecc-dup-test.c (test_main): Likewise.
* testsuite/ecc-mul-a-test.c (test_main): Likewise. Also increase
scratch allocation for h_to_a_itch.
* testsuite/ecc-mul-g-test.c (test_main): Likewise.
* testsuite/curve448-dh-test.c: Test for curve448.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add curve448-dh-test.c.
* examples/ecc-benchmark.c: Add curve448 to list of benchmarked
curves.
* nettle.texinfo (Curve 25519 and Curve 448): Add docs.
2019-12-07 Niels Möller <nisse@lysator.liu.se>
* ecc-eh-to-a.c (ecc_eh_to_a): Require op == 0, delete code only
used for non-standard ecdsa over curve25519.
* testsuite/ecdsa-sign-test.c (test_main): Delete test of ecdsa
over curve25519.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* testsuite/ecdsa-keygen-test.c (test_main): Exclude curve25519
from test.
2019-12-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Use AC_TRY_LINK rather than AC_TRY_COMPILE to
check for __builtin_bswap64. Since calling an non-existing
function typically results in a warning only at compile time, but
fails at link time. Patch contributed by by George Koehler.
2019-12-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_cipher_cfb8): Add cast of size_t to
unsigned long for argument to fprintf.
2019-11-21 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (ecc_curve_init_str): Delete unused t and d arguments.
Related to the the edwards_root member of struct ecc_curve, which
was used by ecc_a_to_eh before it was deleted, see 2014-09-17
entry below.
(ecc_curve_init): Delete corresponding curve25519 constants, and
NULL arguments passed for the other curves.
* Merge curve448 preparations, from September 2017.
2017-09-23 Niels Möller <nisse@lysator.liu.se>
* eccdata.c: Reorganize curve25519 precomputation to work directly
with the twisted Edwards curve, with new point addition based on a
patch from Daiki Ueno.
* ecc-25519.c (_nettle_curve25519): Update for removed Montgomery
curve constant.
* ecc-internal.h (struct ecc_curve): Delete unused pointer
edwards_root. Update all instances.
* eccdata.c (output_curve): Don't output it.
* testsuite/ecc-add-test.c (test_main): Reduce test duplication.
Use ecc->add_hhh_itch.
* testsuite/ecc-dup-test.c (test_main): Reduce test duplication.
Use ecc->dup_itch.
2017-09-23 Daiki Ueno <dueno@redhat.com>
* ecc-eh-to-a.c (ecc_eh_to_a): Use ecc->q.bit_size, instead of
hard-coded value for curve25519.
* eddsa-sign.c (_eddsa_sign): Likewise.
* ecc-internal.h (ecc_dup_func): New typedef.
(struct ecc_curve): New constants add_hh_itch and dup_itch, new
function pointers add_hh and dup.
* ecc-192.c, ecc-224.c, ecc-256.c, ecc-384.c, ecc-521.c,
ecc-25519.c: Update accordingly.