ChangeLog

	* dsa-verify.c (_dsa_verify): New general verification function,
	for any hash.
	* dsa-sign.c (_dsa_sign): New general signing function, for any
	hash. Returns success code, like the rsa signture functions.

2010-03-29  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac (ABI): Attempt to use a better, ABI-dependant,
	default value for libdir.

	* x86/md5-compress.asm: Fixed function name in epilogue.

	* asm.m4 (EPILOGUE): Use . to refer to current address.

	* configure.ac (ABI): Detect which ABI the compiler is using.
	On x86_64, also check for __arch64__.

2010-03-28  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac (asm_path): For x86_64, check if compiler is
	generating 32-bit code.

2010-03-27  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
	HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
	RFC 4231.

	* Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
	hmac-sha384.c.

	* hmac.h: Added declarations of hmac-sha224 and hmac-sha384.

	* hmac-sha224.c: New file.

2010-03-26  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/hmac-test.c (HMAC_TEST): New macro.
	(test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
	test vectors from Daniel Kahn Gillmor.

	* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.

	* Makefile.in (nettle_SOURCES): Added sha224-meta.c and
	write-be32.c.
	(DISTFILES): Added nettle-write.h.

	* sha.h: Added declarations for sha224. Some are aliases for the
	corresponding sha256 definition.

	* sha256.c (sha256_digest): Use _nettle_write_be32.
	(sha224_init): New function.
	(sha224_digest): New function.

	* sha1.c (sha1_digest): Use _nettle_write_be32.

	* nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
	(NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
	account.

	* nettle-write.h: New file.

	* write-be32.c (_nettle_write_be32): New file, new function.

	* sha224-meta.c: New file.

2010-03-25  Niels Mller  <nisse@lysator.liu.se>

	* hmac-sha384.c: New file.

	* testsuite/sha224-test.c: New file.

	* testsuite/md4-test.c (test_main): More test vectors, provided by
	Daniel Kahn Gillmor.
	* testsuite/md5-test.c (test_main): Likewise.
	* testsuite/sha1-test.c (test_main): Likewise.
	* testsuite/sha256-test.c (test_main): Likewise.
	* testsuite/sha384-test.c (test_main): Likewise.
	* testsuite/sha512-test.c (test_main): Likewise.

	* configure.ac: Bumped version numbers. Package version
	nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.

	* examples/nettle-benchmark.c (main): Benchmark sha384.

	* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.

	* testsuite/sha384-test.c: New file.

	* Makefile.in (nettle_SOURCES): Added sha384-meta.c.

	* sha384-meta.c: New file.

	* sha.h: Added declarations for sha384. Some are aliases for the
	corresponding sha512 definition.

	* sha512.c (sha512_write_digest): New function.
	(sha512_digest): Use it.
	(sha384_init): New function.
	(sha384_digest): New function.

2010-03-24  Niels Mller  <nisse@lysator.liu.se>

	* sha512.c: (sha512_digest): Simplified handling of any final
	partial word of the digest.

	* sha512.c: Reorganized to use _nettle_sha512_compress.

	* sha512-compress.c (_nettle_sha512_compress): Compression
	function extracted from sha512.c to a new file.

	* Makefile.in (nettle_SOURCES): Added sha256-compress.c and
	sha512-compress.c.

	* sha256.c: Reorganized to use _nettle_sha256_compress.

	* sha256-compress.c (_nettle_sha256_compress): Compression
	function extracted from sha256.c to a new file.

	* examples/nettle-benchmark.c (main): Benchmark sha512.

	* rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
	is less than bit size of n, and check for the unlikely case p = q.

	* rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
	correspond to pkcs#1 encryption of single byte messagees.

	* pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
	from rsa_sha1_sign.
	* rsa-compat.c (R_SignFinal): Likewise.

	* rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
	from pkcs1_rsa_md5_encode.
	(rsa_md5_sign_digest): Check and propagate return value from
	pkcs1_rsa_md5_encode_digest.
	* rsa-md5-verify.c (rsa_md5_verify): Check return value from
	pkcs1_rsa_md5_encode.
	(rsa_md5_verify_digest): Check return value from
	pkcs1_rsa_md5_encode_digest.
	* rsa-sha1-sign.c: Analogous changes.
	* rsa-sha1-verify.c: Analogous changes.
	* rsa-sha256-sign.c: Analogous changes.
	* rsa-sha256-verify.c: Analogous changes.
	* rsa-sha512-sign.c: Analogous changes.
	* rsa-sha512-verify.c: Analogous changes.

	* pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
	(pkcs1_rsa_md5_encode_digest): Added return value. Check and
	propagate return value from pkcs1_signature_prefix.
	* pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
	(pkcs1_rsa_sha256_encode_digest): Likewise.
	* pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
	(pkcs1_rsa_sha1_encode_digest): Likewise.
	* pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
	(pkcs1_rsa_sha512_encode_digest): Likewise.

	* pkcs1.c (pkcs1_signature_prefix): Interface change, take both
	the total size and digest size as arguments, and return a status
	code to say if the size was large enough.

	* testsuite/Makefile.in: Added hogweed dependency for the test
	programs.

2010-03-23  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/rsa-test.c (test_main): Test signing with sha512.

	* testsuite/testutils.c (test_rsa_sha512): New function.

	* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
	rsa-sha512-sign.c and rsa-sha512-verify.c.

	* rsa.h: Added prototypes for sha512-related functions.
	(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
	* pkcs1.h: Added prototypes for sha512-related functions.

	* rsa-sha512-verify.c: New file.
	* rsa-sha512-sign.c: New file.
	* pkcs1-rsa-sha512.c: New file.

2010-03-22  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (nettle_SOURCES): Added hmac-sha512.c.

	* testsuite/hmac-test.c (test_main): Added test cases for
	hmac-sha512.

	* hmac.h: Declare functions sha512-related functions.
	* hmac-sha512.c (hmac_sha512_set_key): New file.

	Basic sha512 support.
	* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
	* testsuite/sha512-test.c: New file.

	* macros.h (READ_UINT64, WRITE_UINT64): New macros.

	* Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
	* sha.h: Added sha512-related declarations.
	* nettle-meta.h: Likewise.
	* sha512-meta.c: New file.
	* sha512.c: New file.

2010-03-06  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (distdir): Include x86_64 assembler files.

2010-01-20  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: Check for mpz_powm_sec.

2010-01-13  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
	$(LIBNETTLE_FORLINK).

	* configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
	default case. Follows debian, and also makes dlopen of
	libhogweed.so work, without having to use RTLD_GLOBAL.
	(LIBHOGWEED_LINK): Added -L., to find our libnettle.so.

2009-10-21  Niels Mller  <nisse@lysator.liu.se>

	* tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
	../libhogweed.a.

2009-10-19  Niels Mller  <nisse@lysator.liu.se>

	* tools/pkcs1-conv.c: Updated for dsa/der interface change.

	* der2dsa.c (dsa_public_key_from_der_iterators): Split into two
	new functions...
	(dsa_params_from_der_iterator): New function.
	(dsa_public_key_from_der_iterator): New function.
	(dsa_openssl_private_key_from_der_iterator): Renamed, was
	dsa_private_key_from_der_iterator.
	(dsa_openssl_private_key_from_der): Likewise.
	* dsa.h: Corresponding changees to prototypes and #defines.

2009-10-12  Niels Mller  <nisse@lysator.liu.se>

	* sexp-format.c: Removed conditioning on HAVE_LIBGMP.

	* tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
	Holmgren.

	* Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.

	* der2dsa.c: New file, contributed by Magnus Holmgren.
	* dsa2sexp.c: Likewise.
	* dsa.h: Added prototypes.

	* configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
	version, now it's 1.1.

	* testsuite/rsa2sexp-test.c (test_main): Updated testcase for
	"rsa-pkcs1".

2009-10-11  Niels Mller  <nisse@lysator.liu.se>

	* rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
	to "rsa-pkcs1".

2009-09-20  Niels Mller  <nisse@lysator.liu.se>

	* x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
	by letting loopmix scramble the instruction order.

2009-09-15  Niels Mller  <nisse@lysator.liu.se>

	* x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
	improvement to ROUND_F1_NOEXP. Slight reduction of
	dependency-chains.

2009-08-25  Niels Mller  <nisse@lysator.liu.se>

	* x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.

	* examples/nettle-benchmark.c (bench_sha1_compress): New function,
	for precise benchmarking of the compression function.

2009-06-08  Niels Mller  <nisse@lysator.liu.se>

	* Released nettle-2.0.

2009-06-04  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: Set version to 2.0

2009-05-30  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (.texinfo.info): Don't use a temporary output file
	$@T, trust makeinfo to remove output file on errors.

2009-05-19  Niels Mller  <nisse@lysator.liu.se>

	* nettle.texinfo: Changed license to public domain.

2009-05-11  Niels Mller  <nisse@lysator.liu.se>

	* nettle.texinfo: Fixes from Karl Berry. Added some more index
	terms.

2009-03-06  Niels Mller  <nisse@lysator.liu.se>

	* x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
	in %eax--%edx only.
	* x86_64/aes-decrypt-internal.asm: Likewise.

	* x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
	(AES_STORE): Reduced offsets.
	(AES_ROUND): Use HREG directly, not MOVE_HREG.

	* x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
	Put SA--SD in %eax--%edx, so the second byte can be accessed as
	%ah-%dh. TD is not needed, SD can be reused. Use the register that
	is saved for the outer loop counter, getting it off the stack.
	* x86_64/aes-encrypt-internal.asm: Likewise.

	* x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
	(XREG): Fixed bug in handling of %r8 and %r9.
	(AES_ROUND): Use MOVE_HREG.

2009-02-10  Niels Mller  <nisse@lysator.liu.se>

	* base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
	as UNUSED.

	* testsuite/sexp-conv-test: Updated testcases for improved
	handling of comments.

	* tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
	to terminate comments, and modify indentation for the case that a
	list starts with a comment.

	* tools/output.c (sexp_output_init): Initialize soft_newline.
	(sexp_put_raw_char): Clear soft_newline.
	(sexp_put_newline): Check and reset soft_newline.
	(sexp_put_soft_newline): New function.

	* tools/output.h (struct sexp_output): Removed union with single
	element, and updated all users. New attribute soft_newline.

2008-12-22  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in ($(des_headers)): Create files in $(srcdir).

2008-11-28  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/cxx-test.cxx: Include <cstdio>.

2008-11-22  Niels Mller  <nisse@lysator.liu.se>

	* yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
	that it is set if and only if the aes context has been initialized
	with aes_set_encrypt_key.
	(yarrow256_seed): No need to set ctx->seeded here.
	(yarrow256_update): Likewise.

2008-11-04  Niels Mller  <nisse@lysator.liu.se>

	* examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
	compatible with gmp-3.1.

2008-11-01  Niels Mller  <nisse@lysator.liu.se>

	* nettle.texinfo: Updated for 2.0. New section on linking.

	* nettle-types.h, nettle-meta.h: Moved all typedefs for function
	types to nettle-types.h. Use non-pointer types, so that the types
	can be used to declare functions. Updated all users.

2008-10-31  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/yarrow-test.c (test_main): Updated for seed file
	changes.

	* sha-example.c (display_hex): Use %02x, not %2x.

2008-10-30  Niels Mller  <nisse@lysator.liu.se>

	* tools/sexp-conv.c (main): Fixed file locking.

2008-10-25  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: Set version to 2.0rc1.

	* examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
	linker.

2008-10-24  Niels Mller  <nisse@lysator.liu.se>

	* sha256.c (ROUND): Simplified macro.

	* yarrow256.c (yarrow256_fast_reseed): Renamed (was
	yarrow_fast_reseed) and made non-static. Don't generate seed file
	here, let the application use yarrow256_random instead.
	(yarrow256_slow_reseed): Renamed (was yarrow_slow_reseed) and made
	non-static.
	(yarrow256_force_reseed): Deleted function, use
	yarrow256_slow_reseed instead. For backwards compatibility,
	yarrow.h defines yarrow256_force_reseed as an alias for that
	function.

	* yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.

2008-09-17  Niels Mller  <nisse@lysator.liu.se>

	* x86/arcfour-crypt.asm: Improved loop logic, and unrolled
	loop twice. Gave a modest speedup.

2008-09-15  Niels Mller  <nisse@lysator.liu.se>

	* yarrow256.c (yarrow256_seed): Disallow length == 0.

	* base64-decode.c (decode_table): Added vertical tab (VT) and form
	feed (FF) as white space characters.

	* x86_64/aes-decrypt-internal.asm: New file.

2008-09-13  Niels Mller  <nisse@lysator.liu.se>

	* x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
	loop with movl.	Eliminated redundant movl.
	* x86/aes-decrypt-internal.asm: Likewise.

	* x86_64/aes.m4: New file.

	* x86/aes-encrypt-internal.asm: Updated for AES_FINAL_ROUND. Only
	three times through the substitution loop.
	* x86/aes-decrypt-internal.asm: Likewise.
	* x86_64/aes-encrypt-internal.asm: Likewise.

	* x86/aes.m4 (AES_FINAL_ROUND): Do the substitution on the least
	significant byte here.

	* x86/aes-encrypt-internal.asm: Updated use of AES_SUBST_BYTE. USe
	decl for outer loop.
	* x86/aes-decrypt-internal.asm: Likewise.

	* x86/aes.m4 (LREG, HREG): New macros.
	(AES_SUBST_BYTE): Take state registers as argument. Use LREG to
	get the corresponding byte register.
	(AES_ROUND): Use movzbl together with LREG and HREG.
	(AES_SUBST_BYTE): Likewise.

2008-09-10  Niels Mller  <nisse@lysator.liu.se>

	* x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
	which must be preserved.

2008-09-08  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (stamp-h.in): Use $(AUTOHEADER).

	* x86_64/sha1-compress.asm: New x86_64 assembler, based on the x86
	version.

	* configure.ac (asm_path): Set up asm_path for x86_64.

	* x86_64/machine.m4: New file, new directory.

2008-08-28  Niels Mller  <nisse@lysator.liu.se>

	* examples/eratosthenes.c (main): Rewrote block-wise sieving to
	use less memory. New options -s and -v.

2008-08-27  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
	Updated testcases with comments; comments are now preserved.

	* tools/sexp-conv.c (sexp_convert_item): Keep comments in advanced
	output.
	(parse_options): New --lock option.
	(main): Optionally lock output file.

	* tools/parse.c (sexp_check_token): Removed check for "any" token.
	All callers specify the token they expect.
	(sexp_parse): Pass on comment tokens.

	* tools/output.c (sexp_put_data): Made non-static.

	* tools/input.c (sexp_get_comment): New function.
	(sexp_get_token): Use sexp_get_comment.

	* tools/misc.h (enum sexp_token): Start enumeration with zero, zero
	is no longer used to mean any type. New type SEXP_COMMENT.

	* configure.ac: Check for fcntl file locking.

2008-08-26  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (tags-here): Put TAGS file in the source directory.
	* examples/Makefile.in (tags): Likewise.
	* testsuite/Makefile.in (tags): Likewise.
	* tools/Makefile.in (tags): Likewise.

2008-02-29  Niels Mller  <nisse@lysator.liu.se>

	* examples/Makefile.in (SOURCES): Added next-prime.c.

2008-01-05  Niels Mller  <nisse@lysator.liu.se>

	* examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
	(next-prime, eratosthenes): New rules.
	(nettle-benchmark): Don't rely on $@.

	* examples/eratosthenes.c (find_first_one): Optimized, using
	slightly larger table.
	(main): Use atol, rather than atoi.

	* testsuite/symbols-test: Check symbols also in libhogweed.

	* examples/next-prime.c: New file.
	Deleted code for detailed timing.

	* Makefile.in (hogweed_SOURCES): Added bignum-next-prime.c.
	(DISTFILES): Added prime-list.h.
	(hogweed_OBJS): Removed $(LIBOBJS).

	* bignum-next-prime.c (nettle_next_prime): Renamed function, for
	name space reasons. Was bignum_next_prime. Updated call in
	rsa-keygen.c.
	(primes): Use prime-list.h.
	(nettle_next_prime): Skip Fermat test. Use mpz_millerrabin
	directly, rather than mpz_probab_prime_p, when the former is
	available.

	* bignum.h (nettle_next_prime): New prototype.

	* rsa-keygen.c (bignum_next_prime): Deleted, moved to
	bignum-next-prime.c. Call with a larger prime limit, this improves
	the running time of lsh-keygen by roughly 25%.

	* prime-list.h: List of odd primes < 2^16.

	* configure.ac: Check for sizeof(long).

2008-01-03  Niels Mller  <nisse@lysator.liu.se>

	* examples/nettle-benchmark.c (main): Removed incorrect UNUSED
	from declaration.

	* bignum-next-prime.c: Moved the bignum_next_prime function to a
	separate file.

2007-09-08  Niels Mller  <nisse@lysator.liu.se>

	* sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
	include file was renamed from "sparc" to "sparc32". Updated include.
	* sparc64/aes-decrypt-internal.asm: Likewise.
	* sparc32/aes-encrypt-internal.asm: Likewise.
	* sparc32/aes-decrypt-internal.asm: Likewise.

2007-09-07  Niels Mller  <nisse@lysator.liu.se>

	* examples/read_rsa_key.c: Include stdlib.h.

2007-06-02  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in: Typo fixes to install targets, spotted by Magnus
	Holmgren.

2007-05-14  Niels Mller  <niels@s3.kth.se>

	* configure.ac: Fixed copy-and-paste errors in shared library
	name setup.

	* config.make.in (LIBNETTLE_SONAME, LIBHOGWEED_SONAME): Define.

	* Makefile.in (libnettle.so, libhogweed.so): Fixed rules.

	* Makefile.in: Split nettle library into two files, libnettle.a
	and libhogweed.a, and similarly for the shared libraries.

	* configure.ac: Bumped nettle so-versions to 3.0. Set hogweed
	so-versions to 1.0. New makefile conditionals IF_SHARED and
	IF_HOGWEED. Renamed WITH_PUBLIC_KEY to WITH_HOGWEED. Deleted
	SHLIBTARGET, SHLIBINSTALL, RSA_EXAMPLES and RSA_TOOLS.

	* config.make.in: Updated for hogweed split.

	* C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
	Makefile sorts out which files should be compiled.

	* pgp.h: Include bignum.h, don't pretend to work without bignums.

	* pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
	(pgp_put_rsa_sha1_signature): Define unconditionally. Removed the
	checking of HAVE_LIBGMP and WITH_PUBLIC_KEY.

	* examples/io.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
	* examples/io.c (read_rsa_key): Deleted, moved to...
	* examples/read_rsa_key.c: New file, extracted from io.c.

	* examples/Makefile.in: Use IF_HOGWEED instead of RSA_EXAMPLES.
	Link appropriate programs with -lhogweed.
	(SOURCES): Added read_rsa_key.c.

	* tools/Makefile.in (pkcs1-conv): Use IF_HOGWEED, not @RSA_TOOLS@,
	for configuration. Link with -lhogweed.

	* testsuite/testutils.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
	* testsuite/testutils.c: Likewise.

	* testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
	Separate test cases using nettle and those also using hogweed.

2007-04-05  Niels Mller  <nisse@lysator.liu.se>

	* Moved in CVS tree. Also renamed directory sparc to sparc32.

2007-02-24  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (clean-here): Remove .lib directory.
	(distclean-here): Remove machine.m4.

2006-12-05  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.

	* config.make.in (datarootdir): New directory variable (for
	autoconf-2.61).

2006-11-28  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: Bumped version to 1.16.

	* Released nettle-1.15.

2006-11-27  Niels Mller  <nisse@lysator.liu.se>

	* NEWS: New entry for nettle-1.15.

	* configure.ac (SHLIBMINOR): Bumped version. Library name is now
	libnettle.so.2.6.

	* sha256.c: Changed copyright notice to use the LGPL.

	* Makefile.in (DISTFILES): Added COPYING.LIB.

	* COPYING.LIB: New file (previously only the plain GPL was
	included in the distribution).

	* nettle.texinfo: Updated vor nettle-1.15.

	* testsuite/rsa-test.c (test_main): Use test_rsa_sha256.
	* testsuite/testutils.c (test_rsa_sha256): New function.

	* testsuite/Makefile.in (DISTFILES): Replaces rfc1750.txt by
	gold-bug.txt.

	* rsa.h (rsa_sha256_sign, rsa_sha256_verify)
	(rsa_sha256_sign_digest, rsa_sha256_verify_digest): New declarations.
	(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased to
	62 octets and  489 bits, respectively, for supporting sha256.

	* pkcs1.h (pkcs1_rsa_sha256_encode)
	(pkcs1_rsa_sha256_encode_digest): New declarations and name
	mangling symbols.

	* Makefile.in (nettle_SOURCES): Added pkcs1-rsa-sha256.c,
	rsa-sha256-sign.c, rsa-sha256-verify.c.

	* pkcs1-rsa-sha256.c, rsa-sha256-sign.c, rsa-sha256-verify.c: New
	files.

	* COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
	automake-1.10.

2006-11-27  Niels Mller  <niels@s3.kth.se>

	* tools/Makefile.in (install): Use MKDIR_P to create installation
	directory. Install only one file at a time.

	* Makefile.in (MKDIR_P): Use MKDIR_P for creating installation
	directories.

	* configure.ac: Use AC_PROG_MKDIR_P.

2006-11-24  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
	file, instead of rfc1750.txt.

	* testsuite/gold-bug.txt: New test input file for yarrow-test.
	The copyright on this short story by Edgar Allan Poe has expired.

	* testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
	non-free, and it was expired anyway. Replaced by gold-bug.txt.

2006-11-24  Niels Mller  <niels@s3.kth.se>

	* Almost all header files: Added C++ guards.

	* configure.ac: Test if the system has any C++ compiler.

	* config.make.in (CXX, CXXFLAGS, COMPILE_CXX, LINK_CXX): New variables.

	* testsuite/Makefile.in: New variables TS_C and TS_CXX. Setup for
	compiling the C++ file cxx-test.cxx.

	* testsuite/cxx-test.cxx: New testcase, trying to use nettle from
	a C++ program.

2006-08-28  Niels Mller  <niels@s3.kth.se>

	* index.html: Added section on language bindings.

2006-06-10  Niels Mller  <niels@s3.kth.se>

	* configure.ac: Darwin shared library support, from Grant
	Robinsson.

2006-05-18  Niels Mller  <nisse@lysator.liu.se>

	* src/nettle/x86/aes.asm: Deleted unused file.

	* aes-decrypt.c (_aes_decrypt_table): Deleted the indexing array,
	previously commented out.
	* aes-encrypt-table.c (_aes_encrypt_table): Likewise.

	* Makefile.in (.texinfo.info, .dvi.ps): Use more quotes with
	basename.
	(install-here, install-shared, install-info, install-headers): Use
	plain mkdir, not $(INSTALL) -d.

2006-05-16  Niels Mller  <niels@s3.kth.se>
	Merged from the lsh experimental branch.

2006-04-26  Niels Mller  <nisse@lysator.liu.se>

	* examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
	* examples/nettle-benchmark.c: Include "getopt.h".

	* examples/Makefile.in (GETOPT_OBJS): New variable.
	(rsa-keygen, rsa-encrypt, nettle-benchmark): Depend on and link
	with $(GETOPT_OBJS).

	* x86/aes-decrypt-internal.asm: Use ALIGN.
	* x86/aes-encrypt-internal.asm: Likewise.
	* x86/arcfour-crypt.asm: Likewise.
	* x86/md5-compress.asm: Likewise.
	* x86/sha1-compress.asm: Likewise.

	* config.m4.in (ASM_ALIGN_LOG): Substitute.
	* configure.ac (ASM_ALIGN_LOG): Check if .align directive is
	logarithmic.
	* asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
	expands to a .align directive.

2006-04-21  Niels Mller  <nisse@lysator.liu.se>

	* nettle.texinfo (Public-key algorithms): Say that the public key
	operations are undocumented, not unsupported. Reported by Jeronimo
	Pellegrini.

2006-04-08  Niels Mller  <nisse@lysator.liu.se>

	* tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
	Reported by Henrik Grubbstrm.

2006-01-31  Niels Mller  <niels@s3.kth.se>

	* examples/rsa-verify.c: Fixed typo in usage message.

2005-12-05  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: Bumped version to 1.15,

	* Released nettle-1.14.

	* NEWS: Updated for 1.14.

	* configure.ac (SHLIBMINOR): Increased minor number. Library
	version is now libnettle.so.2.5, soname still libnettle.so.2.

2005-11-28  Niels Mller  <nisse@lysator.liu.se>

	* config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
	and friends here, to get a correct a relative filename for
	install-sh when used in tools/Makefile.

	* tools/Makefile.in (INSTALL): Substitute INSTALL, INSTALL_DATA
	and friends here.
	* Makefile.in (INSTALL): Likewise.

2005-11-27  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
	intermediate .dvi and .ps files.

	* testsuite/Makefile.in (clean): Delete sha1-huge-test.

	* Makefile.in (install-info, install-headers): Don't use $< and
	$?; Solaris make doesn't support them in explicit rules.

2005-11-26  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/Makefile.in: Include .test-rules.make, which contains
	the rules for all the test executables.
	(test-rules): New rule, to update this file.
	(DISTFILES): Added $(EXTRA_SOURCES).

	* testsuite/.test-rules.make: Automatically generated file for
	building the test programs.

2005-11-25  Niels Mller  <nisse@lysator.liu.se>

	* configure.ac: Disable assembler when compiling with rntcl.

	* tools/Makefile.in (pkcs1_conv_SOURCES): New variable.
	(pkcs1-conv): Link with getopt.o and getopt1.o.

	* Makefile.in (aesdata, desdata, shadata): Use explicit rules for
	executables.

	* testsuite/Makefile.in: Use %-rules for building the -test
	executables, in addition to the suffix rules. Hopefully, this
	should make all of GNU make, BSD make and Solaris make happy.
	Use $(EXEEXT) and $(OBJEXT) more consistently.

	* examples/Makefile.in: Use explicit rules for all executable
	targets. Use $(EXEEXT) and $(OBJEXT) more consistently.

2005-11-25  Niels Mller  <niels@s3.kth.se>

	* testsuite/Makefile.in: Avoid using single-suffix rule to build
	executables.

2005-11-24  Niels Mller  <niels@s3.kth.se>

	* Makefile.in (distdir): Use [ -f, not [ -e, since the latter
	is less portable, and not supported by Solaris /bin/sh.

2005-11-23  Niels Mller  <niels@s3.kth.se>

	* testsuite/Makefile.in (DISTFILES): Added teardown-env.
	* testsuite/teardown-env: New file. Delete files created by the
	testsuite.

2005-11-21  Niels Mller  <nisse@lysator.liu.se>

	* testsuite/testutils.c (main): Fixed check for -v option. Spotted
	by Goran K.

2005-11-21  Niels Mller  <niels@s3.kth.se>

	* ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.

2005-11-20  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (nettle_SOURCES): Added der2rsa.c.

	* testsuite/Makefile.in (TS_SH): Added pkcs1-conv-test.

	* tools/Makefile.in (TARGETS): Added @RSA_TOOLS@.
	(SOURCES): Added pkcs1-conv.c.
	(pkcs1-conv): New rule.

	* tools/pkcs1-conv.c: New program.

	* testsuite/pkcs1-conv-test: New file.

	* examples/rsa-verify-test: Use rsa-sign to create signature.

	* examples/io.c (read_file): Fixed spelling in error message.

	* rsa.h (rsa_public_key_from_der_iterator)
	(rsa_private_key_from_der_iterator, rsa_keypair_from_der): Declare
	functions.

	* der2rsa.c: New file.

	* der-iterator.c (asn1_der_iterator_init): Initialize length and
	data.
	(asn1_der_iterator_next): Support for lengths >= 0x80.
	(asn1_der_decode_constructed_last, asn1_der_decode_bitstring)
	(asn1_der_decode_bitstring_last): New functions.
	(asn1_der_get_bignum): Check for non-mininal encodings.

	* configure.ac (RSA_TOOLS): New substituted variable. Includes
	pkcs1-conv, when public-key support is enabled.

	* bignum.h (nettle_asn1_der_get_bignum): Include nettle_-prefix in
	declaration.

	* asn1.h: Added name mangling defines, and a few new declarations.

2005-11-13  Niels Mller  <nisse@lysator.liu.se>

	* Makefile.in (nettle_SOURCES): Added der-iterator.c.
	(HEADERS): Added asn1.h.

	* bignum.h (asn1_der_get_bignum): Declare function.

	* der-iterator.c: New file.
	* asn1.h: New file.

2005-11-07  Niels Mller  <nisse@lysator.liu.se>

	* examples/nettle-benchmark.c: Check HAVE_UNISTD_H.

	* examples/Makefile.in (TARGETS): Use $(EXEEXT).
	* tools/Makefile.in (TARGETS, sexp-conv, nettle-lfib-stream): Likewise.

	* configure.ac: Use $host_cpu, not $host, when setting up the
	assembler path. Use $host_os, not uname, when setting up shared
	library flags.

	* Makefile.in (des.$(OBJEXT)): Use OBJEXT.

	* config.guess, config.sub: In the CVS tree, moved files to the
	lsh top-level directory.

2005-10-23  Niels Mller  <nisse@lysator.liu.se>

	* sparc64/arcfour-crypt.asm: New file, almost the same as
	sparc/arcfour-crypt.asm.

	* examples/nettle-benchmark.c (display): Use two decimal places.

	* sparc/arcfour-crypt.asm: Reorganized. Main loop unrolled four
	times. Uses aligned 32-bit write accesses at DST. Still uses 8-bit
	read accesses at SRC; could be improved int he case that SRC and
	DST have compatible alignment.

2005-10-19  Niels Mller  <niels@s3.kth.se>

	* testsuite/arcfour-test.c (test_main): New testcase with 512
	bytes of data.

2005-10-19  Niels Mller  <nisse@lysator.liu.se>

	* sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
	must order the store at [CTX+I] before the load of [CTX+SI+SJ].

2005-10-18  Niels Mller  <nisse@lysator.liu.se>

	* sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
	have compatible alignment. Improves performance by 20%, but I'm
	not sure it's worth the extra complexity.

	* bignum.c (nettle_mpz_from_octets): Removed sign argument. If
	mpz_import is available, define nettle_mpz_from_octets as a macro
	calling mpz_import.
	(nettle_mpz_from_octets): Start by setting x to zero; callers no
	longer need to do that.
	(nettle_mpz_set_str_256_s): New logic for the handling of negative
	numbers. Convert in the same way as for positive numbers, and then
	subtract the appropriate power of two.

2005-10-17  Niels Mller  <nisse@lysator.liu.se>

	* bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
	digit temporary (suggested by Torbjrn Granlund).

	* sparc/arcfour-crypt.asm: Improved instruction scheduling.

	* sparc/arcfour-crypt.asm: Bugfix, use lduh and stuh.

	* sparc/arcfour-crypt.asm: New file.

	* sparc64/aes.asm: Deleted unused file.

	* x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
	* asm.m4 (ARCFOUR): New struct.

2005-10-17  Niels Mller  <niels@s3.kth.se>

	* aes-internal.h (struct aes_table): Deleted idx and sparc_idx
	arrays.
	* aes-encrypt-table.c (_aes_encrypt_table): Likewise.
	* aes-decrypt.c (_aes_decrypt_table): Likewise.
	* asm.m4 (AES): Likewise

2005-10-16  Niels Mller  <nisse@lysator.liu.se>

	* tools/input.c (sexp_get_char): Use unsigned for the done flag.

	* sparc64/aes-encrypt-internal.asm: Include sparc/aes.m4.
	* sparc64/aes-decrypt-internal.asm: Likewise.

	* sparc64/machine.m4: Use .register pseudo op to say that we use
	%g2 and %g3 as scratch registers.

	* sparc/aes-encrypt-internal.asm: Explicitly include sparc/aes.m4.
	* sparc/aes-decrypt-internal.asm: Likewise.

	* sparc/aes.m4: New file. Moved aes-related macros here...
	* sparc/machine.m4: ... removed aes macros.

	* x86/aes-encrypt-internal.asm: Explicitly include x86/aes.m4.
	* x86/aes-decrypt-internal.asm: Likewise.

	* x86/aes.m4: New file. Moved aes-related macros here, from...
	* x86/machine.m4: ... removed aes macros.

	* sparc64/aes-encrypt-internal.asm: New file.