ChangeLog 343 KB
Newer Older
1
2
3
4
2016-01-28  Niels Möller  <nisse@lysator.liu.se>

	* Released nettle-3.2.

5
6
7
8
9
10
11
12
2016-01-26  Niels Möller  <nisse@lysator.liu.se>

	* tools/nettle-pbkdf2.c (main): Fix handling of unrecognized
	options. Bug reported by Dongsheng Zhang. Display usage message
	and exit non-zero. Also added "Usage: "-prefix to the message.
	* tools/nettle-hash.c (usage): New function, extracted from main.
	(main): Analogous fix for unrecognized options.

13
14
15
16
2016-01-23  Niels Möller  <nisse@lysator.liu.se>

	* nettle.texinfo: Set UPDATED-FOR to 3.2.

Niels Möller's avatar
Niels Möller committed
17
18
19
20
21
2016-01-21  Niels Möller  <nisse@lysator.liu.se>

	* .gitlab-ci.yml: New file. Configuration for gitlab's continuous
	integration system.

22
23
2016-01-20  Niels Möller  <nisse@lysator.liu.se>

24
25
	* testsuite/dlopen-test.c (main): Mark arguments as UNUSED.

26
27
	* testsuite/Makefile.in (clean): Delete dlopen-test.

Niels Möller's avatar
Niels Möller committed
28
29
30
31
	* configure.ac: Bump package version, to nettle-3.2.
	(LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
	libnettle.so.6.2 and and libhogweed.so.4.2.

Niels Möller's avatar
Niels Möller committed
32
33
2016-01-10  Niels Möller  <nisse@lysator.liu.se>

34
35
36
	* base64-encode.c (encode_raw): Use const uint8_t * for the
	alphabet argument.

Niels Möller's avatar
Niels Möller committed
37
38
39
	* nettle.texinfo (RSA): Document the rsa_pkcs1_verify and
	rsa_pkcs1_sign functions, and the new rsa_*_tr functions.

40
41
2015-12-18  Niels Möller  <nisse@lysator.liu.se>

42
43
44
45
46
	* testsuite/testutils.h: Fix include order, system headers before
	nettle headers. Always include version.h, needed by
	version-test.c. It was included indirectly via bignum.h, but only
	if configured with publickey support.

47
48
	* configure.ac (IF_DLOPEN_TEST): Fixed shell conditional.

49
50
51
	* testsuite/ecc-mod-test.c (test_main): Handle random seeding if
	NETTLE_TEST_SEED is set in the environment.

52
53
54
55
56
57
58
59
2015-12-15  Niels Möller  <nisse@lysator.liu.se>

	* x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
	reported by Hanno Böck. Simplified the folding to always use
	non-negative carry, the old code attempted to add in a carry which
	could be either positive or negative, but didn't get that case
	right.

60
61
62
63
64
65
2015-12-10  Niels Möller  <nisse@lysator.liu.se>

	* ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
	reported by Hanno Böck.
	(ecc_256_modq): Fixed another carry propagation bug.

66
67
68
69
70
2015-11-23  Niels Möller  <nisse@lysator.liu.se>

	* nettle.texinfo: Document rsa_encrypt, rsa_decrypt and
	rsa_decrypt_tr. Text contributed by Andy Lawrence.

71
72
73
74
2015-11-15  Niels Möller  <nisse@lysator.liu.se>

	* rsa.h (_rsa_blind, _rsa_unblind): Mark as deprecated.

75
76
77
78
79
80
81
82
83
84
85
86
87
2015-09-17  Niels Möller  <nisse@lysator.liu.se>

	* rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
	file, new functions.
	* rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
	Likewise.
	* rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
	(rsa_sha256_sign_digest_tr): Likewise.
	* rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
	(rsa_sha512_sign_digest_tr): Likewise.
	* rsa.h: Added corresponding prototypes.
	* Makefile.in (hogweed_SOURCES): Added new files.

88
89
90
	* testsuite/testutils.c (SIGN): Extend macro to test new
	functions, and the rsa_*_sign_digest functions. Updated callers.

91
92
2015-09-14  Niels Möller  <nisse@lysator.liu.se>

93
94
95
96
97
98
99
	* rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
	Mainly for simplicity and consistency, I'm not aware of any CRT
	fault attacks on RSA decryption.

	* testsuite/rsa-encrypt-test.c (test_main): Added test with
	invalid private key.

100
101
102
103
104
105
106
107
	* rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
	* rsa.h: Declare it.
	* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
	(rsa_verify_res): Deleted, replaced by rsa_compute_root_tr.
	* testsuite/rsa-sign-tr-test.c (test_rsa_sign_tr): Check that
	signature argument is unchanged on failure.
	* Makefile.in (hogweed_SOURCES): Added rsa-sign-tr.c.

108
109
2015-09-07  Niels Möller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
110
111
112
	* testsuite/rsa-sign-tr-test.c: Drop include of nettle-internal.h.
	(test_main): Fix incorrect use of sizeof, and use LDATA macro.

113
114
115
116
117
118
119
	From Nikos Mavrogiannopoulos.
	* rsa-pkcs1-sign-tr.c (rsa_verify_res): New function.
	(rsa_pkcs1_sign_tr): Check result of private key operation, to
	protect against hardware or software errors leaking the private
	key.
	* testsuite/rsa-sign-tr-test.c: New testcase.

Niels Möller's avatar
Niels Möller committed
120
121
122
123
2015-09-06  Niels Möller  <nisse@lysator.liu.se>

	* nettle.texinfo: Updated SHA3 documentation.

Niels Möller's avatar
Niels Möller committed
124
125
2015-09-02  Niels Möller  <nisse@lysator.liu.se>

126
127
128
129
130
131
132
133
134
135
136
137
	* testsuite/dlopen-test.c: New test program, exposing the problem
	with ifunc and RTLD_NOW.

	* testsuite/Makefile.in (TS_ALL): Conditionally add dlopen-test.
	(SOURCES): Added dlopen-test.c.
	(dlopen-test): New target, unlike other test programs, *not*
	linked with -lnettle.

	* configure.ac: Check for dlfcn.h and the dlopen function.
	(IF_DLOPEN_TEST): New substituted variable, true if dlopen is
	available and we are building a shared library.

Niels Möller's avatar
Niels Möller committed
138
139
140
	* fat-setup.h: Disable use of ifunc, since it breaks dlopen with
	RTLD_NOW.

141
142
2015-08-25  Niels Möller  <nisse@lysator.liu.se>

143
144
	* NEWS: Started on entries for Nettle-3.2.

145
146
	* sha3.h (NETTLE_SHA3_FIPS202): New preprocessor constant.

147
148
149
150
151
152
153
154
155
156
157
2015-08-24  Niels Möller  <nisse@lysator.liu.se>

	* testsuite/sha3.awk: Document origin of test vectors.

	From Nikos Mavrogiannopoulos.
	* sha3.c (_sha3_pad): Update for NIST version.
	* testsuite/sha3-224-test.c: Updated test vectors.
	* testsuite/sha3-256-test.c: Likewise.
	* testsuite/sha3-384-test.c: Likewise.
	* testsuite/sha3-512-test.c: Likewise.

158
159
160
161
162
2015-06-03  Niels Möller  <nisse@lysator.liu.se>

	* arm/neon/chacha-core-internal.asm: New file. 55% speedup over C
	version on Cortex-A9.

163
164
165
166
167
2015-05-19  Niels Möller  <nisse@lysator.liu.se>

	* configure.ac: ABI detection (n32 or n64) on Irix, and
	appropriate default for libdir. Patch from Klaus Ziegler.

168
169
170
171
172
173
174
175
176
2015-05-12  Niels Möller  <nisse@lysator.liu.se>

	* version.c (nettle_version_major, nettle_version_minor): New
	file. New functions, returning the value of the corresponding
	preprocessor constant.
	* Makefile.in (nettle_SOURCES): Added version.c.
	* testsuite/version-test.c: New testcase.
	* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added version-test.c.

177
178
2015-04-29  Niels Möller  <nisse@lysator.liu.se>

179
180
	* arm/v6/sha256-compress.asm: Fix syntax error in offset
	addressing. Spotted by Jukka Ukkonen.
181
182
183
	* arm/v6/aes-decrypt-internal.asm: Drop %-prefix on r12 register.
	* arm/v6/aes-encrypt-internal.asm: Likewise.

Niels Möller's avatar
Niels Möller committed
184
185
2015-04-24  Niels Möller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
186
187
	* Released nettle-3.1.1.

Niels Möller's avatar
Niels Möller committed
188
189
190
191
	* configure.ac: Bump package version, to nettle-3.1.1.
	(LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
	libnettle.so.6.1 and and libhogweed.so.4.1.

192
193
194
195
196
2015-04-22  Niels Möller  <nisse@lysator.liu.se>

	* x86_64/gcm-hash8.asm: Use ".value" instead of ".short", since
	the latter is not supported by the Sun/Oracle assembler.

197
198
199
200
201
2015-04-13  Niels Möller  <nisse@lysator.liu.se>

	* configure.ac: Fix shell quoting in test of GMP_NUMB_BITS asm
	compatibility. Reported by Edward Sheldrake.

202
203
204
205
2015-04-07  Niels Möller  <nisse@lysator.liu.se>

	* Released nettle-3.1.

206
2015-03-31  Niels Möller  <nisse@lysator.liu.se>
207

208
209
210
211
212
213
214
	* x86_64/ecc-224-modp.asm: Require that GMP_NUMB_BITS == 64.
	* x86_64/ecc-521-modp.asm: Likewise. Note that the other
	ecc-*-modp.asm files happen to work fine on x86_64, with either 32
	or 64 bits.

	* asm.m4 (GMP_NUMB_BITS): New macro, expanding to nothing.

215
216
	* configure.ac: Move tests for compiler characteristics,
	libraries, and GMP_NUMB_BITS, before assembler-related tests.
217
218
219
	For files in $asm_hogweed_optional_list, check if they declare
	a GMP_NUMB_BITS requirement, and skip files which are incompatible
	with the configuration. Needed for --enable-mini-gmp om w64.
220

221
222
223
	* Makefile.in (clean-here): Unconditionally delete *.a (including
	stub libraries like *.dll.a).

224
2015-03-30  Niels Möller  <nisse@lysator.liu.se>
225

226
227
228
229
	* version.h.in (GMP_NUMB_BITS) [NETTLE_USE_MINI_GMP]: Move
	definition here (uses configure substitution).
	* bignum.h (GMP_NUMB_BITS): ...old location.

Niels Möller's avatar
Niels Möller committed
230
231
232
	* nettle.texinfo: Updated version number.
	(Installation): Document some more configure options.

233
	* testsuite/symbols-test: Look for NETTLE_USE_MINI_GMP in
234
235
	version.h, not bignum.h. Allow leading underscore on mini-gmp
	symbols.
236

237
2015-03-26  Niels Möller  <nisse@lysator.liu.se>
238

239
240
241
242
243
244
245
246
247
248
249
250
251
	* Makefile.in (PRE_CPPFLAGS): Drop -I$(srcdir), no longer needed.
	(HEADERS): Added bignum.h. Removed version.h.
	(INSTALL_HEADERS): Added version.h.
	(DISTFILES): Removed bignum.h.in.
	(bignum.h): Deleted make target.
	(distclean-here): Don't delete bignum.h.

	* configure.ac: No longer generate bignum.h.

	* bignum.h: Renamed. Removed substitution of NETTLE_USE_MINI_GMP,
	and include version.h instead.
	* bignum.h.in: ... old name.

252
253
	* version.h.in (NETTLE_USE_MINI_GMP): Substitute here.

254
2015-03-25  Niels Möller  <nisse@lysator.liu.se>
255

256
257
258
	* configure.ac (MAJOR_VERSION, MINOR_VERSION): Tweak sed
	expressions, to tolerate version suffixes.

259
260
261
	* Makefile.in (distdir): Include assembly files from the new
	x86_64/aesni, x86_64/fat, and arm/fat directories.

262
263
264
	* ed25519-sha512-pubkey.c: Fix stack overwrite. The digest array
	must have room for a complete sha512 digest.

265
2015-03-19  Niels Möller  <nisse@lysator.liu.se>
266

267
268
269
270
271
272
273
274
275
	* Makefile.in (OPT_HOGWEED_SOURCES): Deleted make variable.
	(nettle_SOURCES, hogweed_SOURCES): Don't include optional sources
	here.
	(OPT_SOURCES): New variable.
	(SOURCES): Include OPT_SOURCES.
	(DISTFILES): Drop mini-gmp.c here, included via OPT_SOURCES.
	(nettle_OBJS, hogweed_OBJS): Add the object files corresponding to
	the optional source files included in the build.

276
277
278
279
	* ecc-curve.h (nettle_curve25519): Removed public declaration.
	* ecc-internal.h (_nettle_curve25519): New location, new name.
	Updated all users.

Niels Möller's avatar
Niels Möller committed
280
281
	* nettle.texinfo: Updated EdDSA documentation.

282
283
284
285
286
287
	* Makefile.in (DISTFILES): Added version.h.in, libnettle.map.in,
	and libhogweed.map.in (latter two patch by Nikos).
	(version.h): New make target.
	(distclean-here): Added version.h, libnettle.map, and
	libhogweed.map.

288
289
290
291
292
	From Nikos Mavrogiannopoulos.
	* configure.ac (MAJOR_VERSION, MINOR_VERSION): New substituted
	variables.
	* version.h.in: New file, defining version numbers.

293
2015-03-18  Niels Möller  <nisse@lysator.liu.se>
294

295
296
297
298
299
300
	EdDSA interface change, use plain strings to represent keys.
	* eddsa.h (_ED25519_LIMB_SIZE): Deleted constant.
	(struct ed25519_private_key, ed25519_public_key): Deleted.
	* eddsa-expand.c (_eddsa_expand_key): Don't compute the public
	key.
	(_eddsa_expand_key_itch): Deleted function.
301
302
	* eddsa-pubkey.c (_eddsa_public_key, _eddsa_public_key_itch): New
	file, new functions.
303
304
305
306
307
308
309
310
311
312
313
314
315
316
	* ed25519-sha512-pubkey.c (ed25519_sha512_public_key): New file
	and function.
	* ed25519-sha512-verify.c (ed25519_sha512_set_public_key): Deleted
	function.
	(ed25519_sha512_verify): Use a string to represent the public key.
	* ed25519-sha512-sign.c (ed25519_sha512_set_private_key): Deleted
	function.
	(ed25519_sha512_sign): Use strings for the input key pair.
	* Makefile.in (hogweed_SOURCES): Added eddsa-pubkey.c and
	ed25519-sha512-pubkey.c.
	* testsuite/eddsa-sign-test.c (test_eddsa_sign): Adapt to
	_eddsa_expand_key changes, and use _eddsa_public_key.
	* testsuite/ed25519-test.c (test_one): Test
	ed25519_sha512_public_key, and adapt to new ed25519 interface.
317

318
2015-03-14  Niels Möller  <nisse@lysator.liu.se>
Niels Möller's avatar
Niels Möller committed
319
320
321
322
323

	* ccm.c (memeql_sec): New function, more side-channel silent than
	memcmp.
	(ccm_decrypt_message): Use it.

324
2015-03-12  Niels Möller  <nisse@lysator.liu.se>
Niels Möller's avatar
Niels Möller committed
325

326
327
328
329
330
	* base64.h (struct base64_encode_ctx): Micro optimization of
	struct layout, saving a few bytes.
	(struct base64_decode_ctx): Likewise.
	* base16.h (struct base16_decode_ctx): Likewise.

Niels Möller's avatar
Niels Möller committed
331
332
	* nettle.texinfo (ASCII encoding): Document base64url functions.

333
2015-03-10  Niels Möller  <nisse@lysator.liu.se>
334

335
336
337
338
	* nettle.texinfo: Update documentation of curve25519_mul. Say that
	the output is undefined for points belonging to the twist rather
	than the proper curve.

339
	* curve25519-mul.c (curve25519_mul): Changed return type to void.
340
	* curve25519.h (curve25519_mul): Updated prototype.
341
342
343
344
	* examples/hogweed-benchmark.c (bench_curve25519_mul): Drop check
	of curve25519_mul return value.
	* testsuite/curve25519-dh-test.c (test_a): Likewise.

345
2015-02-26  Niels Möller  <nisse@lysator.liu.se>
346
347
348

	* nettle.texinfo: Document curve25519 and eddsa.

349
350
2015-02-10  Niels Möller  <nisse@lysator.liu.se>

351
352
353
354
355
356
357
358
	* base64url-meta.c (nettle_base64url): New file.
	* nettle-meta.h (nettle_base64url): Declare it.
	* nettle-meta-armors.c (nettle_armors): Added nettle_base64url.
	* testsuite/meta-armor-test.c: Updated testcase.
	* testsuite/base64-test.c (test_main): Additional tests, using
	nettle_base64url.
	* Makefile.in (nettle_SOURCES): Added base64url-meta.c.

359
360
361
362
363
364
365
366
367
368
369
370
	Base-64 generalization to support RFC4648 URL safe alphabet,
	contributed by Amos Jeffries.
	* base64url-decode.c (base64url_decode_init): New file and
	function.
	* base64url-encode.c (base64url_encode_init): New file and
	function.
	* Makefile.in (nettle_SOURCES): Added base64url-encode.c and
	base64url-decode.c.
	* base64.h: Declare new functions.
	* testsuite/base64-test.c (test_fuzz): Test base64url encoding and
	decoding.

371
372
373
374
375
376
377
378
379
380
381
382
383
384
	* base64.h (struct base64_encode_ctx): Added pointer to alphabet.
	(struct base64_decode_ctx): Added pointer to decoding table.
	* base64-decode.c (base64_decode_init): Initialize table pointer.
	Moved definition of table to local scope.
	(base64_decode_single): Use the context's decoding table.
	* base64-encode.c (ENCODE): Added alphabet argument. Updated all
	uses.
	(encode_raw): New static function, like base64_encode_raw
	but with an alphabet argument.
	(base64_encode_raw): Call encode_raw.
	(base64_encode_init): Initialize alphabet pointer.
	(base64_encode_single, base64_encode_update, base64_encode_final):
	Use the context's alphabet.

385
386
2015-02-09  Niels Möller  <nisse@lysator.liu.se>

387
388
389
	* base64-encode.c (base64_encode): Deleted old #if:ed out
	function.

390
391
392
	* testsuite/base64-test.c (test_fuzz_once, test_fuzz): Additional
	tests, based on contribution by Amos Jeffries.

393
394
395
2015-02-05  Niels Möller  <nisse@lysator.liu.se>

	* configure.ac (LIBHOGWEED_MAJOR): Undo latest bump, 4 should be
396
	enough (previous release, nettle-3.0, used 3).
397

398
399
2015-01-30  Niels Möller  <nisse@lysator.liu.se>

400
401
402
403
404
405
406
407
408
409
	Update chacha-poly1305 for draft-irtf-cfrg-chacha20-poly1305-08.
	* chacha-poly1305.h (CHACHA_POLY1305_NONCE_SIZE): Increase to 12
	bytes, i.e., CHACHA_NONCE96_SIZE.
	* chacha-poly1305.c (chacha_poly1305_set_nonce): Use
	chacha_set_nonce96.
	(poly1305_pad): New function.
	(chacha_poly1305_encrypt): Use poly1305_pad.
	(chacha_poly1305_digest): Call poly1305_pad, and format length
	fields as a single poly1305 block.

410
411
412
413
	* chacha-set-nonce.c (chacha_set_nonce96): New function.
	* chacha.h (CHACHA_NONCE96_SIZE): New constant.
	* testsuite/chacha-test.c: Add test for chacha with 96-bit nonce.

414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
2015-01-27  Niels Möller  <nisse@lysator.liu.se>

	* ecc.h: Deleted declarations of unused itch functions. Moved
	declarations of internal functions to...
	* ecc-internal.h: ...new location. Also added a leading under
	score on the symbols.
	(ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja)
	(ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g)
	(ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions.

2015-01-26  Niels Möller  <nisse@lysator.liu.se>

	* ecc-add-eh.c (ecc_add_eh_itch): Deleted.
	* ecc-add-ehh.c (ecc_add_ehh_itch): Deleted.
	* ecc-add-jja.c (ecc_add_jja_itch): Deleted.
	* ecc-add-jjj.c (ecc_add_jjj_itch): Deleted.
	* ecc-dup-eh.c (ecc_dup_eh_itch): Deleted.
	* ecc-dup-jj.c (ecc_dup_jj_itch): Deleted.
	* ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted.
	* ecc-j-to-a.c (ecc_j_to_a_itch): Deleted.
	* ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted.
	* ecc-mul-a.c (ecc_mul_a_itch): Deleted.
	* ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted.
	* ecc-mul-g.c (ecc_mul_g_itch): Deleted.

439
440
2015-01-25  Niels Möller  <nisse@lysator.liu.se>

441
442
443
444
445
	* arm/fat/sha1-compress-2.asm: New file.
	* arm/fat/sha256-compress-2.asm: Likewise.
	* fat-arm.c (fat_init): Setup for use of additional v6 assembly
	functions.

446
447
448
449
450
451
452
453
454
455
	* sha1-compress.c: Prepare for fat build with C and assembly
	implementations.
	* sha256-compress.c: Likewise.

	* fat-setup.h (sha1_compress_func, sha256_compress_func): New typedefs.

	* configure.ac (asm_nettle_optional_list): Added
	sha1-compress-2.asm and sha256-compress-2.asm, and corresponding
	HAVE_NATIVE_*.

456
457
458
459
460
	From Martin Storsjö:
	* arm: Add .arch directives for armv6. This allows building these
	files as part of a fat build, even if the assembler by default
	targets a lower architecture version.

461
462
463
464
465
466
467
468
469
470
2015-01-23  Niels Möller  <nisse@lysator.liu.se>

	* fat-setup.h (DEFINE_FAT_FUNC): Check value of function pointer,
	before calling fat_init. Should be correct even without memory
	barrier.
	* fat-x86_64.c (fat_init): Deleted static variable initialized.
	The checks of the relevant pointer in DEFINE_FAT_FUNC is more
	robust.
	* fat-arm.c (fat_init): Likewise.

471
472
2015-01-21  Niels Möller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
473
474
475
476
477
478
479
480
	* fat-arm.c (fat_init): Setup for use of neon assembly functions.

	* arm/fat/salsa20-core-internal-2.asm: New file.
	* arm/fat/sha3-permute-2.asm: New file.
	* arm/fat/sha512-compress-2.asm: New file.
	* arm/fat/umac-nh-2.asm: New file.
	* arm/fat/umac-nh-n-2.asm: New file.

481
482
483
484
485
486
487
488
489
490
491
	* salsa20-core-internal.c: Prepare for fat build with C and
	assembly implementations.
	* sha512-compress.c: Likewise.
	* sha3-permute.c: Likewise.
	* umac-nh.c: Likewise.
	* umac-nh-n.c: Likewise.

	* configure.ac (asm_nettle_optional_list): Added more *-2.asm
	files, and corresponding HAVE_NATIVE_* defines. Recognize PROLOGUE
	macro in asm files, also when not at the start of the line.

492
493
2015-01-20  Niels Möller  <nisse@lysator.liu.se>

494
495
496
	* fat-arm.c (get_arm_features): Check NETTLE_FAT_OVERRIDE
	environment variable.

497
498
499
500
501
502
503
504
	* fat-x86_64.c (get_x86_features): New function. Check
	NETTLE_FAT_OVERRIDE environment variable.
	(fat_init): Use it.

	* fat-setup.h (secure_getenv) [!HAVE_SECURE_GETENV]: Dummy
	definition, returning NULL.
	(ENV_OVERRIDE): New constant.

505
506
	* configure.ac: Check for secure_getenv function.

507
508
2015-01-19  Niels Möller  <nisse@lysator.liu.se>

509
510
511
512
513
514
515
	* configure.ac: Fat library setup for arm.
	* fat-arm.c: New file.
	* arm/fat/aes-encrypt-internal.asm: New files.
	* arm/fat/aes-encrypt-internal-2.asm: New file.
	* arm/fat/aes-decrypt-internal.asm: New file.
	* arm/fat/aes-decrypt-internal-2.asm: New file.

516
517
518
519
520
	* Makefile.in (DISTFILES): Added fat-setup.h.

	* fat-setup.h: New file, declarations moved from...
	* fat-x86_64.c: ... old location

521
522
2015-01-17  Niels Möller  <nisse@lysator.liu.se>

523
524
525
526
	* fat-x86_64.c (DECLARE_FAT_FUNC, DEFINE_FAT_FUNC)
	(DECLARE_FAT_FUNC_VAR): New macros, to define needed resolver and
	wrapper functions.

527
528
529
530
531
	* config.m4.in (SYMBOL_PREFIX): Define from from autoconf
	ASM_SYMBOL_PREFIX.
	(C_NAMS): move definition to...
	* asm.m4 (C_NAME): Define here, also take fat_transform.
	(fat_suffix): Replaced by...
Niels Möller's avatar
Niels Möller committed
532
	(fat_transform): New macro, taking symbol name as argument.
533
534
535
536
	Updated all uses of fat_suffix.
	* fat-x86_64.c: Updated for internal "_nettle" prefix on
	cpu-specific memxor functions.

537
538
539
540
541
542
543
544
	* fat-x86_64.c: Set up for sse2 vs non-sse2 memxor. Patch by Nikos
	Mavrogiannopoulos.
	* configure.ac (asm_nettle_optional_list): Added memxor-2.asm.
	* x86_64/fat/memxor-2.asm: New file.
	* x86_64/fat/memxor.asm: New file.

	* x86_64/memxor.asm: Use ifdef, not ifelse, for testing USE_SSE2.

545
546
547
548
549
550
551
552
553
554
2015-01-16  Niels Möller  <nisse@lysator.liu.se>

	* configure.ac (OPT_NETTLE_SOURCES): New substituted variable.
	(asm_path): Fixed x86_64 fat setup. Include only x86_64 and
	x86_64/fat in the asm_path. Put fat-x86_64.c in
	OPT_NETTLE_SOURCES, with no symlinking.

	* fat-x86_64.c: Renamed,...
	* x86_64/fat/fat.c: ... from old name.

555
556
2015-01-13  Niels Möller  <nisse@lysator.liu.se>

557
558
559
560
561
562
	* x86_64/fat/fat.c: For constructor hack, check
	HAVE_GCC_ATTRIBUTE, not __GNUC__. Also support sun compilers, as
	suggested by Nikos Mavrogiannopoulos, and attch the constructor
	attribute directly to fat_init.
	(fat_constructor): Deleted wrapper function.

563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
	* x86_64/fat/fat.c: New file, initialization for x86_64 fat
	library.

	* x86_64/fat/cpuid.asm (_nettle_cpuid): New file and function.

	* x86_64/fat/aes-encrypt-internal.asm: New file, including
	x86_64/aes-encrypt-internal.asm, after setting fat_suffix to
	_x86_64.
	* x86_64/fat/aes-decrypt-internal.asm: New file, analogous setup.
	* x86_64/fat/aes-encrypt-internal-2.asm: New file, including
	x86_64/aesni/aes-encrypt-internal.asm, after setting fat_suffix to
	_aesni.
	* x86_64/fat/aes-decrypt-internal.asm-2: New file, analogous
	setup.

	* configure.ac: New command line option --enable-fat.
	(asm_nettle_optional_list): Added cpuid.asm, fat.c,
	aes-encrypt-internal-2.asm, and aes-decrypt-internal-2.asm.

	* asm.m4 (fat_suffix): New suffix added to symbol names.

584
585
586
587
	* x86_64/aesni/aes-encrypt-internal.asm: Use explicit .byte
	sequences for aes instructions, don't rely on assembler support.
	* x86_64/aesni/aes-decrypt-internal.asm: Likewise.

588
589
590
591
	* aclocal.m4 (NETTLE_CHECK_IFUNC): New macro, checking for ifunc
	and settting HAVE_LINK_IFUNC if working.
	* configure.ac: Use it.

592
593
2015-01-12  Niels Möller  <nisse@lysator.liu.se>

594
595
596
	* asm.m4 (DECLARE_FUNC): New macro, extracted from PROLOGUE.
	(PROLOGUE): Use it.

597
598
599
600
601
602
603
	* configure.ac (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Renamed
	substituted variables, and list the object files rather than
	source files.
	(OPT_ASM_NETTLE_SOURCES, OPT_ASM_HOGWEED_SOURCES): ...Old names.
	* Makefile.in (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Use new
	variables.

604
605
2015-01-11  Niels Möller  <nisse@lysator.liu.se>

606
607
608
609
	* x86_64/aesni/aes-decrypt-internal.asm: New file.
	* x86_64/aesni/aes-encrypt-internal.asm: New file.
	* configure.ac: New configure flag --enable-x86-aesni.

610
611
612
	* aclocal.m4 (LSH_RPATH_INIT): Handle freebsd, in the same way as
	gnu/linux, with -Wl,-rpath,.

613
614
	Merged memxor-reorg changes, starting at 2014-10-23.

615
616
617
618
619
2015-01-10  Niels Möller  <nisse@lysator.liu.se>

	* arm/memxor.asm (memxor3): Moved to new file.
	* arm/memxor3.asm: New file.

Niels Möller's avatar
Niels Möller committed
620
621
622
623
624
625
626
627
628
629
2014-11-24  Niels Möller  <nisse@lysator.liu.se>

	* x86_64/memxor3.asm (memxor3): New file, code moved from old
	memxor.asm.
	* x86_64/memxor.asm (memxor): Rewritten, no longer jumps into
	memxor3.

	* configure.ac (asm_replace_list): Added memxor.asm and
	memxor3.asm.

630
631
2014-10-23  Niels Möller  <nisse@lysator.liu.se>

632
633
634
635
	* configure.ac (IF_ASM): New substituted variable.
	* testsuite/Makefile.in (VALGRIND): Allow partial loads only when
	build includes assembly files.

636
	* memxor-internal.h (READ_PARTIAL): New macro.
637
	* memxor.c (memxor_different_alignment): Avoid out-of-bounds
638
639
	reads, corresponding to valgrind's --partial-loads-ok. Use
	READ_PARTIAL.
640
	* memxor3.c: Analogous changes for unaligned operations.
641

642
643
644
645
646
647
	* configure.ac (asm_replace_list): Deleted memxor.asm, now
	incompatible with the memxor/memxor3 split.

	* memxor3.c: New file, split off from memxor.c.
	* memxor-internal.h: New file, declarations shared by memxor.c and
	memxor3.c.
Niels Möller's avatar
Niels Möller committed
648
	* memxor.c: memxor3 functions moved out from this file.
649
650
651
	* Makefile.in (nettle_SOURCES): Added memxor3.c.
	(DISTFILES): Added memxor-internal.h.

Niels Möller's avatar
Niels Möller committed
652
653
	* memxor.c (memxor_common_alignment, memxor_different_alignment)
	(memxor): Change loop order, iterate from the end.
654
	(memxor3_common_alignment): Unroll twice.
655
656
	(word_t): On x86_64, unconditionally define as uint64_t, to get 64
	bits also in M$ windows. Replaced all uses of SIZEOF_LONG.
Niels Möller's avatar
Niels Möller committed
657

658
659
660
661
662
663
664
665
666
667
2014-12-12  Niels Möller  <nisse@lysator.liu.se>

	* cbc.h (CBC_ENCRYPT, CBC_DECRYPT): Make type-checking hack
	stricter, warn if type of length argument is smaller than size_t.
	* ctr.h (CTR_CRYPT): Likewise.
	* eax.h (EAX_SET_KEY, EAX_SET_NONCE, EAX_UPDATE, EAX_ENCRYPT)
	(EAX_DECRYPT, EAX_DIGEST): Likewise.
	* gcm.h (GCM_SET_KEY, GCM_ENCRYPT, GCM_DECRYPT, GCM_DIGEST):
	Likewise.

668
669
2014-12-08  Niels Möller  <nisse@lysator.liu.se>

670
671
672
	* aclocal.m4 (LD_VERSION_SCRIPT): Linker scripts no longer located
	in the source tree.

Niels Möller's avatar
Niels Möller committed
673
674
675
	* configure.ac (LIBNETTLE_MAJOR): Bump major number, now 6.
	(LIBHOGWEED_MAJOR): Bump major number, now 5.

676
677
678
679
680
681
682
683
684
685
686
	From Nikos Mavrogiannopoulos. Support for versioned symbols.
	* aclocal.m4 (LD_VERSION_SCRIPT): New macro. Substitute
	EXTRA_LINKER_FLAGS and EXTRA_HOGWEED_LINKER_FLAGS.
	* configure.ac: Use LD_VERSION_SCRIPT. Generate libnettle.map
	and libhogweed.map.
	(HOGWEED_EXTRA_SYMBOLS): New substituted variable.
	* libnettle.map.in: New file, libnettle.so linker script
	* libhogweed.map.in: New file, libhogweed.so linker script.
	* Makefile.in ($(LIBNETTLE_FORLINK)): Use EXTRA_LINKER_FLAGS.
	($(LIBHOGWEED_FORLINK)): Use EXTRA_HOGWEED_LINKER_FLAGS.

Niels Möller's avatar
Niels Möller committed
687
688
2014-11-24  Niels Möller  <nisse@lysator.liu.se>

689
690
691
	* gcm.h (GCM_SET_KEY): Rename macro argument KEY to avoid
	collision with a struct tag. Spotted by Nikos Mavrogiannopoulos.

Niels Möller's avatar
Niels Möller committed
692
693
694
	* testsuite/eddsa-verify-test.c (test_eddsa): Fixed test case bug,
	showing up as use of uninitialized data with valgrind.

695
696
697
698
699
2014-10-23  Niels Möller  <nisse@lysator.liu.se>

	* examples/nettle-benchmark.c (time_memxor): Allocate buffers as
	arrays of unsigned long, for more reliable alignment.

700
701
2014-10-22  Niels Möller  <nisse@lysator.liu.se>

702
703
704
705
	* configure.ac: Check for getline function.
	* testsuite/ed25519-test.c (getline) [!HAVE_GETLINE]: Fallback
	definition.

706
707
708
709
	* Makefile.in (clean-here): Unconditionally delete .so and .dll
	files.
	(IMPLICIT_TARGETS): Deleted variable.

710
711
2014-10-21  Niels Möller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
712
713
714
	* testsuite/ed25519-test.c: New test case. Optionally reads the
	file pointed to by $ED25519_SIGN_INPUT.

715
716
717
718
	* testsuite/testutils.c (tstring_hex): Rewrite, using Nettle's
	base16 functions.
	(decode_hex, decode_hex_length): Deleted functions.

719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
2014-10-20  Niels Möller  <nisse@lysator.liu.se>

	* eddsa.h (ED25519_KEY_SIZE): New constant.
	(ED25519_SIGNATURE_SIZE): New constant.
	(struct ed25519_private_key): New struct.
	(struct ed25519_public_key): New struct.

	* ed25519-sha512-sign.c (ed25519_sha512_set_private_key)
	(ed25519_sha512_sign): New file and functions.
	* ed25519-sha512-verify.c (ed25519_sha512_set_public_key)
	(ed25519_sha512_verify): New file and functions.
	* Makefile.in (hogweed_SOURCES): Added ed25519-sha512-sign.c and
	ed25519-sha512-verify.c.


734
735
736
737
738
739
740
741
2014-10-18  Niels Möller  <nisse@lysator.liu.se>

	* eddsa-verify.c (_eddsa_verify): Change argument order, putting A
	before ctx.
	* eddsa.h: Updated prototype.
	* testsuite/eddsa-verify-test.c (test_eddsa): Updated
	_eddsa_verify calls.

742
743
2014-10-14  Niels Möller  <nisse@lysator.liu.se>

744
745
746
747
	* eddsa-verify.c (equal_h): New function.
	(_eddsa_verify): Use it for a proper point compare, replacing an
	ecc_add_ehh.

Niels Möller's avatar
Niels Möller committed
748
749
750
751
	* testsuite/eddsa-verify-test.c: New testcase.
	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
	eddsa-verify-test.c.

752
753
754
755
756
	* eddsa-verify.c (_eddsa_verify, eddsa_verify_itch): New file, new
	functions.
	* eddsa.h: Declare new functions.
	* Makefile.in (hogweed_SOURCES): Added eddsa-verify.c.

Niels Möller's avatar
Niels Möller committed
757
758
2014-10-08  Niels Möller  <nisse@lysator.liu.se>

759
760
761
	* testsuite/eddsa-sign-test.c (test_eddsa_sign): Use
	_eddsa_expand_key, and check its public key output.

762
763
764
765
	* eddsa-expand.c (_eddsa_expand_key): New file, new function.
	* eddsa.h (_eddsa_expand_key): Declare it.
	* Makefile.in (hogweed_SOURCES): Added eddsa-expand.c.

Niels Möller's avatar
Niels Möller committed
766
767
	* eddsa-sign.c: Drop unneeded include of nettle-internal.h.

768
769
2014-10-04  Niels Möller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
770
771
772
773
	* testsuite/eddsa-sign-test.c: New testcase.
	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
	eddsa-sign-test.c.

774
775
776
777
778
779
780
	* eddsa-sign.c (_eddsa_sign, _eddsa_sign_itch): New file, new
	functions.
	* eddsa-hash.c (_eddsa_hash): New file and function.
	* eddsa.h: Declare new functions.
	* Makefile.in (hogweed_SOURCES): Added eddsa-hash.c and
	eddsa-sign.c.

781
782
2014-10-03  Niels Möller  <nisse@lysator.liu.se>

783
	* testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Enable test.
784
	(test_main): Replace gmp_fprintf calls.
785
	* testsuite/ecc-mul-a-test.c: Likewise.
786
	* testsuite/ecc-mul-g-test.c: Likewise.
787

788
789
	* testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Enable test.
	(ref_modinv): Use mpz_gcdext, instead of mpn_gcdext.
790
	(test_modulo): Replace gmp_fprintf calls.
791

792
793
	* testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Enable test.
	(ref_mod): Use mpz_mod and mpz_limbs_copy, instead of mpn_tdiv_qr.
794
795
	(test_modulo): Replace gmp_fprintf calls by plain fprintf and
	mpn_out_str.
796

797
798
799
	* testsuite/testutils.c (mpn_out_str): New function, needed to
	replace uses of gmp_fprintf.

800
801
802
803
804
805
806
807
808
	* testsuite/ecc-sqrt-test.c (mpz_ui_kronecker)
	[NETTLE_USE_MINI_GMP]: New fallback definition when building with
	mini-gmp.
	* testsuite/testutils.c (gmp_randinit_default)
	[NETTLE_USE_MINI_GMP]: Likewise.
	(mpz_urandomb): Likewise.
	* testsuite/testutils.h (gmp_randstate_t) [NETTLE_USE_MINI_GMP]:
	Fallback typedef, using knuth_lfib_ctx.

809
810
2014-10-02  Niels Möller  <nisse@lysator.liu.se>

811
812
813
814
	* testsuite/eddsa-compress-test.c: New testcase.
	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
	eddsa-compress-test.c.

815
816
817
818
819
820
	* eddsa-decompress.c (_eddsa_decompress): New file, new function.
	* eddsa-compress.c (_eddsa_compress): New file, new function.
	* eddsa.h: New file.
	* Makefile.in (HEADERS): Added eddsa.h.
	(hogweed_SOURCES): Added eddsa-compress.c and eddsa-decompress.c.

Niels Möller's avatar
Niels Möller committed
821
822
823
824
	* testsuite/ecc-sqrt-test.c: New test case.
	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
	ecc-sqrt-test.c.

825
826
827
828
829
830
831
832
833
	* ecc-25519.c (PHIGH_BITS): Always define this constant.
	(ecc_25519_zero_p): New function.
	(ecc_25519_sqrt): Take a ratio u/v as input. Added scratch
	argument. Made static.
	* ecc-internal.h (ecc_mod_sqrt_func): New typedef.
	(struct ecc_modulo): Added sqrt_itch and sqrt function pointer.
	Updated all instances.
	(ecc_25519_sqrt): Deleted declaration, function now static.

Niels Möller's avatar
Niels Möller committed
834
835
836
837
2014-09-24  Niels Möller  <nisse@lysator.liu.se>

	* curve25519.h [__cplusplus]: Fixed extern "C" block.

838
839
2014-09-23  Niels Möller  <nisse@lysator.liu.se>

840
841
842
843
844
845
846
	* ecc-hash.c (ecc_hash): Changed argument type from struct
	ecc_curve to struct ecc_modulo. Updated callers.
	* testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
	signature s. Changed since the hash value is truncated a few bits
	more, to match the size of q.
	* testsuite/ecdsa-verify-test.c (test_main): Likewise.

847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
	* testsuite/ecc-modinv-test.c (zero_p): New function, checking for
	zero modulo p.
	(test_modulo): Use zero_p. Switch to dynamic allocation. Updated
	for larger modinv result area, and use invert_itch.

	* ecc-25519.c (ecc_mod_pow_2kp1): Renamed, and take a struct
	ecc_modulo * as argument.
	(ecc_modp_powm_2kp1): ... old name.
	(ecc_mod_pow_252m3): New function, extracted from ecc_25519_sqrt.
	(ecc_25519_inv): New modp invert function, about 5.5 times faster
	then ecc_mod_inv.
	(ecc_25519_sqrt): Use ecc_mod_pow_252m3.
	(nettle_curve25519): Point to ecc_25519_inv. Updated p.invert_itch
	and h_to_a_itch.

	* ecc-internal.h (struct ecc_modulo): New field invert_itch.
	Updated all implementations.
	(ECC_EH_TO_A_ITCH): Updated, and take invert itch as an argument.
	* ecc-eh-to-a.c (ecc_eh_to_a_itch): Take invert scratch into account.

867
868
	* testsuite/testutils.c (test_ecc_mul_h): Use ecc->h_to_a_itch.

869
870
871
872
873
874
875
876
877
878
879
880
	* ecc-mod-inv.c (ecc_mod_inv): Interface change, make ap input
	const, and require 2n limbs at rp. Preparing for powm-based
	alternative implementations. Drop #if:ed out code and dp
	temporary. Updated all callers, more complicated cases described
	below.
	* ecc-internal.h (typedef ecc_mod_inv_func): Added const to input
	argument.
	(ECC_MOD_INV_ITCH): Renamed, was ECC_MODINV_ITCH, and reduced to
	2*n.
	* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Overhauled allocation,
	putting mod_inv scratch at the end.

Niels Möller's avatar
Niels Möller committed
881
882
2014-09-22  Niels Möller  <nisse@lysator.liu.se>

883
884
885
886
	* ecc-random.c (ecc_mod_random): Renamed, and take a const struct
	ecc_modulo * as argument. Updated callers.
	(ecc_modq_random): ... old name.

887
888
889
890
891
892
893
894
895
896
	* ecc-mod-arith.c: New file, replacing ecc-modp.c and ecc-modq.c.
	All functions take a struct ecc_modulo as argument.
	(ecc_mod_add, ecc_mod_sub, ecc_mod_mul_1, ecc_mod_addmul_1)
	(ecc_mod_submul_1, ecc_mod_mul, ecc_mod_sqr): New functions,
	replacing the corresponding ecc_modp_* functions. For convenience,
	old names are defined as macros wrapping the new functions.
	* ecc-modp.c: Deleted file.
	* ecc-modq.c: Deleted file.
	* Makefile.in (hogweed_SOURCES): Updated accordingly.

897
898
899
	* testsuite/ecc-redc-test.c (test_main): Relaxed tests for which
	tests to run.

Niels Möller's avatar
Niels Möller committed
900
901
902
	* testsuite/ecc-modinv-test.c (test_modulo): New function, same
	organization as in ecc-mod-test.c below.

Niels Möller's avatar
Niels Möller committed
903
904
905
906
907
	* testsuite/ecc-mod-test.c (test_modulo): New function, testing
	one modulo. Replacing...
	(test_curve): ... old function.
	(test_main): Invoke test_modulo for p and q of each curve.

908
909
910
911
912
913
914
915
916
917
918
	* ecc-internal.h (ecc_mod_inv_func): New typedef.
	(struct ecc_modulo): Added mp1h constant and invert function
	pointer. Updated all callers.
	* ecc-modp.c (ecc_modp_inv): Deleted wrapper function.
	* ecc-modq.c (ecc_modq_inv): Deleted wrapper function.

	* ecc-mod-inv.c (ecc_mod_inv): Renamed file and function. Also
	take a struct ecc_modulo * as argument.
	* sec-modinv.c (sec_modinv): ... the old names. Deleted.
	* Makefile.in (hogweed_SOURCES): Updated accordingly.

919
920
921
	* examples/ecc-benchmark.c (bench_modinv_powm, bench_curve):
	Updated benchmarking of mpn_sec_powm.

Niels Möller's avatar
Niels Möller committed
922
923
924
	* ecc-internal.h (struct ecc_curve): Deleted redc function
	pointer. Use only reduce pointer, which is redc or modp as
	applicable. Updated all users.
925
926
	(struct ecc_modulo): Moved mod and reduce function pointers to
	this struct.
Niels Möller's avatar
Niels Möller committed
927

928
929
930
931
932
933
934
935
936
937
938
939
940
941
	* ecc-generic-modp.c (ecc_generic_modp): Deleted file and
	function. We no longer need a wrapper around ecc_mod.
	* ecc-generic-modq.c (ecc_generic_modq): Likewise deleted.
	* Makefile.in (hogweed_SOURCES): Removed ecc-generic-modp.c and
	ecc-generic-modq.c.

	* ecc-internal.h (typedef ecc_mod_func): Take a const struct
	ecc_modulo * argument, not const struct ecc_curve *. Updated all
	implementations and all callers.

	* ecc-mod.c (ecc_mod): Use struct ecc_modulo to specify the
	modulo. Drop input size argument, always reduce from 2*size to
	size.

Niels Möller's avatar
Niels Möller committed
942
943
944
945
946
	* ecc-internal.h (struct ecc_modulo): New struct, collecting
	constants needed for modulo arithmetic.
	(struct ecc_curve): Use struct ecc_modulo for p and q arithmetic.
	Updated all ecc-related files.

947
948
2014-09-17  Niels Möller  <nisse@lysator.liu.se>

949
950
951
952
	* gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn
	counter, making the function clear some bytes beyond the end of
	the output buffer. The bug triggered a make check failure on ARM.

953
954
955
956
957
958
959
960
961
	* testsuite/testutils.c (ecc_curves): Include curve25519 in list.
	(test_ecc_mul_a): Include reference points for curve25519 (with
	Edwards coordinates). Allow n == 0 and n == 1, comparing to zero
	and the generator, respectively.
	* testsuite/ecc-add-test.c (point_zero_p): Deleted function.
	(test_main): Replace calls to point_zero_p by calls to
	test_ecc_mul_h with n == 0.
	* testsuite/ecc-dup-test.c: Likewise.

962
963
964
965
	* testsuite/ecc-modinv-test.c (mpn_zero_p): Moved function, to...
	* testsuite/testutils.c (mpn_zero_p): New location. Also make
	non-static.

966
967
968
969
970
971
972
	* testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add special case
	for curve25519.

	* testsuite/ecc-mul-a-test.c (test_main): Fix point negation to
	support curve25519.
	* testsuite/ecc-mul-g-test.c (test_main): Likewise.

Niels Möller's avatar
Niels Möller committed
973
974
975
976
977
978
	* ecc-a-to-eh.c (ecc_a_to_eh_itch, ecc_a_to_eh): Deleted file and
	functions.
	* ecc.h: Deleted corresponding declarations.
	* ecc-internal.h (ECC_A_TO_EH_ITCH): Deleted macro.
	* Makefile.in (hogweed_SOURCES): Removed ecc-a-to-eh.c.

979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
	* testsuite/ecdh-test.c (test_main): Update curve25519 test to use
	Edwards coordinates.
	* testsuite/ecdsa-sign-test.c (test_main): Likewise.
	* testsuite/ecdsa-verify-test.c (test_main): Likewise.

	* ecc-point.c (ecc_point_set): Use Edwards rather than Montgomery
	curve.

	* ecc-mul-a-eh.c (ecc_mul_a_eh, table_init): Take an Edwards point
	as input, not a Montgomery point. Hence, use ecc_a_to_j, not
	ecc_a_to_eh.

	* ecc-eh-to-a.c (ecc_eh_to_a): Just convert to affine coordinates,
	don't transform from Edwards to Montgomery form. Also reduces
	scratch need slightly.
	* ecc-internal.h (ECC_EH_TO_A_ITCH): Reduced.

996
997
998
	* ecdsa-keygen.c (ecdsa_generate_keypair): Use struct ecc_curve
	function pointers.

999
	* testsuite/curve25519-dup-test.c: Deleted file. In the way for
Niels Möller's avatar
Niels Möller committed
1000
	conversion to Edwards coordinate convention, and in the end