2021-08-22  Werner Koch  <wk@gnupg.org>

	Release 1.9.4.
	+ commit 05422ca24a0391dad2a0b7790a904ce348819c10


2021-08-22  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	mpi/longlong.h: fix missing macro parameter parentheses.
	+ commit f91f02e8bba516ff27e841310a47e0a4548304eb
	* mpi/longlong.h [__alpha] (umul_ppmm): Add parentheses around
	used parameters.
	[__i370__] (sdiv_qrnnd): Ditto.
	[__mips__] (umul_ppmm): Ditto.
	[__vax__] (sdiv_qrnnd): Ditto.

	tests/t-mpi-point: add NIST curve multiplication test vectors.
	+ commit 8ce522cfaba134b4824926ffd7c9784e552d095d
	* tests/t-mpi-point.c (mpi_base10_scan, check_ec_mul): New.
	(main): Call 'check_ec_mul'.

2021-08-22  Werner Koch  <wk@gnupg.org>

	ecc: Fix bug in gcry_pk_get_param for Curve25519.
	+ commit 64e4a6a2a43698a604e3933ce261ff77063d64e8
	* cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Simplify.

	* cipher/pubkey.c (map_algo): Also map EDDSA to ECC.
	* tests/curves.c (check_get_params): Add simple param lookup tests by
	for all curves.

2021-08-22  Johannes Schindelin via Gcrypt-devel  <gcrypt-devel@gnupg.org>

	build: Fix broken mlock detection.
	+ commit 84ad6ac02c45a00daad87c614daf278c76ef9a9d
	* acinclude.m4 [GNUPG_CHECK_MLOCK]: Use size_t for the ptr test.

2021-08-22  Werner Koch  <wk@gnupg.org>

	cipher: Extend convenience OID mapping table for AES.
	+ commit a83fb13a3bffcd420b1485d9617ec1fc79f6984c
	* cipher/rijndael.c: Add OIDs for GCM and CCM.

	Minor tweak to gcry_free.
	+ commit 6e1412d6bdcaed29c18638f96f8dd3b2dd5d6e6b
	* src/global.c (_gcry_free): Avoid setting errno again if it did not
	change.

2021-08-22  NIIBE Yutaka  <gniibe@fsij.org>

	random: Silence a warning for building rndjent by Clang.
	+ commit f1ee80baba7a290957a01015870ee769444520ed
	* random/jitterentropy-base.c: Conditionalize by __OPTIMIZE__.

2021-08-22  Tianjia Zhang  <tianjia.zhang@linux.alibaba.com>

	cipher: Fix memory leaks for EdDSA.
	+ commit 41dffbdd51800e0e4e0c3613a383f77deb3c156d
	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Initialize point Q when used.

2021-08-22  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Check the input length for the point.
	+ commit 5632fa359a8c24ffd5da309a2d7d922b0956c99b
	* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
	of valid point representation.

2021-08-22  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	hwf-x86: fix use of wrong operand type.
	+ commit 7529b8e455e3264e148e5076a9eed3be59059e62
	* src/hwf-x86.c (get_cpuid): Use xchg for swapping %ebx back
	and forth between operand register.

2021-05-27  NIIBE Yutaka  <gniibe@fsij.org>

	build: _DARWIN_C_SOURCE should be 1.
	+ commit 7ba5d831d573750af6a1f09713e07eeab6ccf5f3
	* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.

2021-05-26  NIIBE Yutaka  <gniibe@fsij.org>

	cipher: Fix ElGamal encryption for other implementations.
	+ commit 3462280f2e23e16adf3ed5176e0f2413d8861320
	* cipher/elgamal.c (gen_k): Remove support of smaller K.
	(do_encrypt): Never use smaller K.
	(sign): Folllow the change of gen_k.

2021-04-19  Werner Koch  <wk@gnupg.org>

	Release 1.9.3.
	+ commit cb78627203705365d24b48ec4fc4cf2fc804b277


2021-04-15  NIIBE Yutaka  <gniibe@fsij.org>
	    Jakub Jelen  <jjelen@redhat.com>

	cipher: Fix memory leaks for EdDSA.
	+ commit a8d6c6c1b258548260748eefba0532fd35c8ce47
	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Free the point Q.
	(_gcry_ecc_eddsa_verify): Avoid memory leaks for points and MPIs.

2021-04-13  NIIBE Yutaka  <gniibe@fsij.org>

	api: Avoid use of C99 feature.
	+ commit 9c42db0b379c277ee976fcc696e84e31863a85a8
	* src/gcrypt.h.in (enum gcry_md_algos): Remove last comma.

	random: Fix for iOS.
	+ commit 0007f889bda884e40459ad86f13b6cd8b14c91df
	* random/rndlinux.c [TARGET_OS_IPHONE]: Don't define HAVE_GETENTROPY.

	cipher: Hardening ElGamal by introducing exponent blinding too.
	+ commit e8b7f10be275bcedb5fc05ed4837a89bfd605c61
	* cipher/elgamal.c (do_encrypt): Also do exponent blinding.

2021-04-09  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	mpi: harden add_n_cond, sub_n_cond and abs_cond against EM leakage.
	+ commit 9bc3d8de6e2a8cdef37c118f0a70376ed777eeee
	* mpi/mpih-const-time.c (_gcry_mpih_add_n_cond)
	(_gcry_mpih_sub_n_cond): Always perform calculation with both UP and
	VP; Use two masks for selecting output.
	(_gcry_mpih_abs_cond): Always calculate absolute value of UP; Use
	two masks for selecting output.

	mpi: harden set_cond functions against EM leakage.
	+ commit c7c25b6e6e6b52bbed26d8016145c404eb118f19
	* mpi/mpih-const-time.c (_gcry_mpih_set_cond): Use two masks for
	selecting output.
	* mpi/mpiutil.c (_gcry_mpi_set_cond): Use two masks for selecting
	output.

	mpi: harden swap_cond functions against EM leakage.
	+ commit 1266f5bb02b7f76f2e4697ecfb85ef19c2ae04a9
	* mpi/mpih-const-time.c (vzero, vone): New.
	(_gcry_mpih_swap_cond): Use two masks for selecting output.
	* mpi/mpiutil.c (vzero, vone): New.
	(_gcry_mpi_swap_cond): Use to masks for selecting output.

2021-04-02  NIIBE Yutaka  <gniibe@fsij.org>

	cipher: Return GPG_ERR_INV_KEYLEN when wrong key length.
	+ commit 840713de1a685920b6b1e1379902d545eccc74cf
	* cipher/idea.c (do_setkey): Return GPG_ERR_INV_KEYLEN.
	* cipher/rfc2268.c (setkey_core): Likewise.
	* cipher/serpent.c (serpent_setkey_internal): Likewise.
	(serpent_setkey): Likewise.

2021-04-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	cipher-gcm-ppc: add big-endian support.
	+ commit aaa30381eac3cdb49a21e279b2d89ef6e695a138
	* cipher/cipher-gcm-ppc.c (ALIGNED_16): New.
	(vec_store_he, vec_load_he): Remove WORDS_BIGENDIAN ifdef.
	(vec_dup_byte_elem): New.
	(_gcry_ghash_setup_ppc_vpmsum): Match function declaration with
	prototype in cipher-gcm.c; Load C2 with VEC_LOAD_BE; Use
	vec_dup_byte_elem; Align constants to 16 bytes.
	(_gcry_ghash_ppc_vpmsum): Match function declaration with
	prototype in cipher-gcm.c; Align constant to 16 bytes.
	* cipher/cipher-gcm.c (ghash_ppc_vpmsum): Return value from
	_gcry_ghash_ppc_vpmsum.
	* cipher/cipher-internal.h (GCM_USE_PPC_VPMSUM): Remove requirement
	for !WORDS_BIGENDIAN.

	mpi/aarch64: use C_SYMBOL_NAME for assembly function names.
	+ commit 1cf5a568f2b2f2c3d83c154cdcf5a40aa1f83c50
	* mpi/aarch64/mpih-add1.S: Add missing C_SYMBOL_NAME.
	* mpi/aarch64/mpih-mul1.S: Add missing C_SYMBOL_NAME.
	* mpi/aarch64/mpih-mul2.S: Add missing C_SYMBOL_NAME.
	* mpi/aarch64/mpih-mul3.S: Add missing C_SYMBOL_NAME.
	* mpi/aarch64/mpih-sub1.S: Add missing C_SYMBOL_NAME.

2021-03-31  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit d2b3d046fc66a3166dc0c003a430ce756532ff74
	* m4/gpg-error.m4: Update from libgpg-error.

2021-03-30  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix for make distcheck, no EPS support.
	+ commit 35917373d64521d9c0d33b5fa9b60abd28964dd4
	* Makefile.am (AM_DISTCHECK_DVI_TARGET): Specify 'pdf'.
	* doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Remove .eps files.

	ecc: Fix the regression of gcry_mpi_ec_add.
	+ commit 45e88b8ec6dfbd8f981ca89ded80ef48eca6f0e9
	* mpi/ec.c (_gcry_mpi_ec_point_resize): Export the routine
	for internal use.
	(add_points_edwards, _gcry_mpi_ec_mul_point): Use mpi_point_resize.
	* src/gcrypt-int.h (_gcry_mpi_ec_point_resize): Declare.

	* src/visibility.c (gcry_mpi_ec_dup, gcry_mpi_ec_add): Make sure for
	the size of limb before calling the internal functions.
	(gcry_mpi_ec_sub): Likewise.

2021-03-25  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rijndael-s390x: fix checksum calculation in OCB decryption.
	+ commit 68bb0ddc5504c9c0f3f52259a4085bb2fc1a02ad
	* cipher/rijndael-s390x.c (aes_s390x_ocb_dec): Calculate checksum
	after decryption instead of inlining.

	tests/basic: OCB large buffer check: make input buffer non-repeatable.
	+ commit 21c273cecfd58408b8d3287f5bc8c246c3010313
	* tests/basic.c (check_ocb_cipher_largebuf_split): Use SHA1 to
	initialize input buffer.
	(check_ocb_cipher): Update largebuf test vectors.

	tests/basic: add decryption check to check_ocb_cipher_checksum.
	+ commit 56da81ac47209dc41af08a129f5e0c15538261b2
	* tests/basic.c (check_ocb_cipher_checksum): Add decryption.

2021-03-25  NIIBE Yutaka  <gniibe@fsij.org>

	build: Remove intermediate PDF files from EXTRA_DIST.
	+ commit 52f6e95159885431f3c7e9f64290d0132ca547ef
	* doc/Makefile.am (EXTRA_DIST): Remove PDF files.
	(BUILT_SOURCES): Likewise.

2021-03-24  Werner Koch  <wk@gnupg.org>

	ecc: Fix keygrip computation for compressed points.
	+ commit c8c38757c428871af980a548bc38f38e5d9238d1
	* cipher/ecc-misc.c (_gcry_ecc_ec2os): Factor most code out to ...
	(_gcry_ecc_ec2os_buf): new.
	* cipher/ecc.c (compute_keygrip): Handle compressed keys.
	* tests/keygrip.c: Add new tests.

2021-03-07  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Compile arch specific GCM implementations only on target arch.
	+ commit 43302b960f546fd60ed7fefb2b0404ee69491e93
	* cipher/Makefile.am: Move arch specific 'cipher-gcm-*.[cS]' files
	from libcipher_la_SOURCES to EXTRA_libcipher_la_SOURCES.
	* configure.ac: Add 'cipher-gcm-intel-pclmul.lo' and
	'cipher-gcm-arm*.lo'.

	configure.ac: fix digest implementations going to cipher list.
	+ commit 8892510bb8f45438144a7449440fcb32ae4c5f7b
	* configure.ac: Add 'crc-arm*.lo', 'crc-ppc.lo', 'sha*-ppc.lo' to
	GCRYPT_DIGESTS instead of GCRYPT_CIPHERS.

	cipher-gcm-ppc: tweak for better performance.
	+ commit 760ef8baee06db5ce4da55eb5648e605aa511d2d
	* cipher/cipher-gcm-ppc.c (asm_xor, asm_mergelo, asm_mergehi)
	(vec_be_swap, vec_load_he, vec_store_he): New.
	(vec_load_be, vec_perm2, vec_aligned_st, vec_aligned_ld): Remove.
	(asm_vpmsumd, asm_swap_u64, vec_perm2, asm_rot_block_left)
	(asm_rot_block_right, asm_ashl_128, vec_aligned_ld)
	(_gcry_ghash_setup_ppc_vpmsum): Update 'bswap_const'.
	(_gcry_ghash_ppc_vpmsum): Update 'bswap_const'; Use 'asm_mergehi'
	and 'asm_mergelo' instead of vec_perm2; Use 'asm_xor' for
	fast path to enforce instruction ordering; Use 'vec_load_he' and
	'vec_be_swap' for big-endian loads.

2021-03-07  Shawn Landden  <shawn@git.icu>

	VPMSUMD acceleration for GCM mode on PPC.
	+ commit 440332532a1c107e2baeafda5464e0707f634be1
	* cipher/Makefile.am: Add 'cipher-gcm-ppc.c'.
	* cipher/cipher-gcm-ppc.c: New.
	* cipher/cipher-gcm.c [GCM_USE_PPC_VPMSUM] (_gcry_ghash_setup_ppc_vpmsum)
	(_gcry_ghash_ppc_vpmsum, ghash_setup_ppc_vpsum, ghash_ppc_vpmsum): New.
	(setupM) [GCM_USE_PPC_VPMSUM]: Select ppc-vpmsum implementation if
	HW feature "ppc-vcrypto" is available.
	* cipher/cipher-internal.h (GCM_USE_PPC_VPMSUM): New.
	(gcry_cipher_handle): Move 'ghash_fn' at end of 'gcm' block to align
	'gcm_table' to 16 bytes.
	* configure.ac: Add 'cipher-gcm-ppc.lo'.
	* tests/basic.c (_check_gcm_cipher): New AES256 test vector.
	* AUTHORS: Add 'CRYPTOGAMS'.
	* LICENSES: Add original license to 3-clause-BSD section.

2021-03-06  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	src/hwfeatures: add reminder about documenting new HW features.
	+ commit 7c4c992fe96f781e387bd26a11b17e70a27aa3c0
	* src/hwfeatures.c (hwflist): Add comment about updating
	'doc/gcrypt.texi' with new HW features.

2021-03-06  Jakub Jelen  <jjelen@redhat.com>

	doc: Document newly added optimizations.
	+ commit 49ab649c69951cd7b6d40d3527e21db51d93a207
	* doc/gcrypt.texi: Add HW features 'intel-vaes-vpclmul', 'ppc-vcrypto',
	'ppc-arch_3_00', 'ppc-arch_2_07', 's390x-msa', 's390x-msa-4',
	's390x-msa-8' and 's390x-vx'.

2021-03-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	poly1305: make --disable-asm work on x86, aarch64 and ppc.
	+ commit 2b84da922660918129c610f4d27cb5c510ab0489
	* cipher/poly1305.c [__aarch64__] (ADD_1305_64): Check for
	HAVE_CPU_ARCH_ARM.
	[__x86_64__] (ADD_1305_64): Check for HAVE_CPU_ARCH_X86.
	[__powerpc__] (ADD_1305_64): Check for HAVE_CPU_ARCH_PPC.
	[__i386__] (ADD_1305_32): Check for HAVE_CPU_ARCH_X86.

	poly1305: fix compiling on i386 gcc-4.7.
	+ commit bcb180190e8921356c039b0475fd71f2c45d986d
	* cipher/poly1305.c [__i386__]: Limit i386 variant of ADD_1305_32 to
	GCC-5 or newer.

	cipher-gcm-intel-pclmul: fix compiling with i386 gcc-4.7.
	+ commit d1fcf3975c57c5312890199832100c8c363d5b18
	* cipher/cipher-gcm-intel-pclmul.c (gcm_lsh): Pass '*pconst' instead of
	'pconst' to asm block.

2021-02-28  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rijndael: add x86_64 VAES/AVX2 accelerated implementation.
	+ commit e72498a54fdead503fb0c1c93e2b747cd91e7681
	* cipher/Makefile.am: Add 'rijndael-vaes.c' and
	'rijndael-vaes-avx2-amd64.S'.
	* cipher/rijndael-internal.h (USE_VAES): New.
	* cipher/rijndael-vaes-avx2-amd64.S: New.
	* cipher/rijndael-vaes.c: New.
	* cipher/rijndael.c (_gcry_aes_vaes_cfb_dec, _gcry_aes_vaes_cbc_dec)
	(_gcry_aes_vaes_ctr_enc, _gcry_aes_vaes_ocb_crypt)
	(_gcry_aes_vaes_xts_crypt): New.
	(do_setkey) [USE_VAES]: Add detection for VAES.
	(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128)
	[USE_VAES]: Increase number of selftest blocks.
	* configure.ac: Add 'rijndael-vaes.lo' and
	'rijndael-vaes-avx2-amd64.lo'.

	rijndael-aesni: add 8-block parallel code path for XTS.
	+ commit ffe1d53197031eeb65601c5aeafe55e78079a75e
	* cipher/rijndael-aesni.c (xts_gfmul_const): Fix array size from 16
	to 2.
	(_gcry_aes_aesni_xts_enc, _gcry_aes_aesni_xts_dec) [__x86_64__]: Add
	8-block parallel code paths.

	camellia: add x86_64 VAES/AVX2 accelerated implementation.
	+ commit 0e7e60241a0d054eae7a98116636a831ec6ccc97
	* cipher/Makefile.am: Add 'camellia-aesni-avx2-amd64.h' and
	'camellia-vaes-avx2-amd64.S'.
	* cipher/camellia-aesni-avx2-amd64.S: New, old content moved to...
	* cipher/camellia-aesni-avx2-amd64.h: ...here.
	(IF_AESNI, IF_VAES, FUNC_NAME): New.
	* cipher/camellia-vaes-avx2-amd64.S: New.
	* cipher/camellia-glue.c (USE_VAES_AVX2): New.
	(CAMELLIA_context): New member 'use_vaes_avx2'.
	(_gcry_camellia_vaes_avx2_ctr_enc, _gcry_camellia_vaes_avx2_cbc_dec)
	(_gcry_camellia_vaes_avx2_cfb_dec, _gcry_camellia_vaes_avx2_ocb_enc)
	(_gcry_camellia_vaes_avx2_ocb_dec)
	(_gcry_camellia_vaes_avx2_ocb_auth): New.
	(camellia_setkey): Check for HWF_INTEL_VAES.
	(_gcry_camellia_ctr_enc, _gcry_camellia_cbc_dec)
	(_gcry_camellia_cfb_dec, _gcry_camellia_ocb_crypt)
	(_gcry_camellia_ocb_auth): Add USE_VAES_AVX2 code.
	* configure.ac: Add 'camellia-vaes-avx2-amd64.lo'.

	hwf-x86: add "intel-vaes-vpclmul" HW feature.
	+ commit eb404d8904532f6dca82421c952be286a1f4e11c
	* configure.ac (HAVE_GCC_INLINE_ASM_VAES_VPCLMUL): New.
	* src/g10lib.h (HWF_INTEL_VAES_VPCLMUL): New.
	* src/hwf-x86.c (detect_x86_gnuc): Check for VAES and VPCLMUL.
	* src/hwfeatures.c (hwflist): Add "intel-vaes-vpclmul".

2021-02-17  Werner Koch  <wk@gnupg.org>

	Release 1.9.2.
	+ commit 24bd7e8215f7982b0c8db46fd87b47b370a52ec6


2021-02-16  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit 8e3cd4c4677c3b10ac6265a1b31f84c63c95cac4
	* m4/gpg-error.m4: Update from libgpg-error.

2021-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	random: Fix build for macOS.
	+ commit d78cdf42854b17e2216890e7b78f9e7e05c0b1f8
	* random/rndlinux.c [__APPLE__] (HAVE_GETENTROPY): Valid only when the
	macro __MAC_10_11 is available.

2021-02-08  Werner Koch  <wk@gnupg.org>

	tests: Fix minor glitches.
	+ commit 82395f11b444651f544f5e51c62fc6b65c04f9ef
	* tests/basic.c (ALWAYS_INLINE): Make sure it is defined.
	* tests/version.c (main): Print the config info to stdout.

	New test Makefile target xtestsuite.
	+ commit ebc4d5670a1ada54ad907a4836eb8f6f573c2c38
	* tests/Makefile.am (xtestsuite, xcheck): New targets.

	New test driver to allow for standalone regression tests.
	+ commit b142da4c88deef4798ef96061dac399df3ddd73d
	* tests/testdrv.c: New.

2021-02-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	sha256-avx2: fix reading beyond end of input buffer.
	+ commit 24af2a55d862d45fe3aef6b5626a52d9bb0fb17e
	* cipher/sha256-avx2-bmi2-amd64.S
	(_gcry_sha256_transform_amd64_avx2): Use 'last block' code path if
	input length is only one block.
	* tests/basic.c (check_one_md_final): Use dynamic allocated buffer
	so that in future similar access errors get detected by
	tests/basic + valgrind.

	ecc-ecdh: fix memory leak.
	+ commit 289543544e41cd5fe90352c5c7548ac09da533cc
	* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Free 'ec' at function exit.

	tests: allow running 'make check' with ASAN.
	+ commit f46a6bd9b3d7ef7d1a72c5b6da5cf34ace2ff156
	* tests/t-secmem.c (main): Skip test if environment variable
	GCRYPT_IN_ASAN_TEST is defined.
	* tests/t-sexp.c (main): Do not initialize secmem if environment
	variable GCRYPT_IN_ASAN_TEST is defined.

	global: make sure that bulk config string is null-terminated.
	+ commit 8716e4b2ada21456802aee67c2bc8edfec78f820
	* src/global.c (_gcry_get_config): Append null-terminator to output
	in the 'what == NULL' case.

	Add handling for -Og with O-flag munging.
	+ commit a71b7de32b0c7c41359335a488cfe4dd70c65121
	* cipher/Makefile.am (o_flag_munging): Add handling for '-Og'.
	* random/Makefile.am (o_flag_munging): Add handling for '-Og'.

	jent: silence ubsan warning about signed overflow.
	+ commit 6fc11291282a668839040c72a1d558a6ebbd4972
	* random/jitterentropy-base.c (jent_stuck): Cast 'delta2' values to
	'uint64_t' for calculation.

	Fix ubsan warnings for i386 build.
	+ commit 364e9e9d10503b36f98fbb1b489e00026f22c9d7
	* mpi/mpicoder.c (_gcry_mpi_set_buffer) [BYTES_PER_MPI_LIMB == 4]: Cast
	"*p--" values to mpi_limb_t before left shifting.
	* tests/t-lock.c (main): Cast 'time(NULL)' to unsigned type.

	Fix building with --disable-asm on x86.
	+ commit af23ab5c5482d625ff52e60606cf044e2b0106c8
	* cipher/keccak.c (USE_64BIT_BMI2, USE_64BIT_SHLD)
	(USE_32BIT_BMI2): Depend also on HAVE_CPU_ARCH_X86.
	* random/rndjent.c [__i386__ || __x86_64__] (USE_JENT): Depend
	also on HAVE_CPU_ARCH_X86.

	md: clear bctx.count at final function.
	+ commit cb95fc53003e9f34ff80fc33627ceda605de223c
	* cipher/md4.c (md4_final): Set bctx.count zero after
	finalizing.
	* cipher/md5.c (md5_final): Ditto.
	* cipher/rmd160.c (rmd160_final): Ditto.
	* cipher/sha1.c (sha1_final): Ditto.
	* cipher/sha256.c (sha256_final): Ditto.
	* cipher/sha512.c (sha512_final): Ditto.
	* cipher/sm3.c (sm3_final): Ditto.
	* cipher/stribog.c (stribog_final): Ditto.
	* cipher/tiger.c (tiger_final): Ditto.

2021-02-02  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Add checking key for ECDSA.
	+ commit 598d0f3e0294a487e01b88cc714a8cd0a47329bb
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): Validate public key.
	* cipher/ecc-gost.c (_gcry_ecc_gost_verify): Likewise.
	* cipher/ecc-sm2.c (_gcry_ecc_sm2_verify): Likewise.

2021-01-29  Werner Koch  <wk@gnupg.org>

	Release 1.9.1.
	+ commit 466299b1ceb82ec7c4dd0ca376de50399a896adf
	* configure.ac: Bump LT version to C23/A3/R1.

2021-01-29  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	hash-common: fix heap overflow when writing more data after final.
	+ commit 512c0c75276949f13b6373b5c04f7065af750b08
	* tests/basic.c (check_one_md): Test writing to digest after read.
	* cipher/hash-common.c (_gcry_md_block_write): Reset 'hd->count' if
	greater than blocksize.

2021-01-28  Werner Koch  <wk@gnupg.org>

	Add a compliance keyword to gcry_get_config.
	+ commit aa3f595341eb263980210776c7fe377b2ed24c5e
	* src/global.c (print_config): New config line.

2021-01-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	asm-common-aarch64: add MacOS support for GET_DATA_POINTER.
	+ commit 014fed5153647641376b9131ea1d87dc5e88cf42
	* cipher/asm-common-aarch64.h [__APPLE__] (GET_DATA_POINTER): Add MacOS
	variant of macro.

2021-01-27  NIIBE Yutaka  <gniibe@fsij.org>

	random: Use getentropy on macOS when available.
	+ commit 6cb0faf6ceec5b2e799e6fb5f04b85d135a7da9b
	* random/rndlinux.c [__APPLE__ && __MACH__] (getentropy): Declare.
	(_gcry_rndlinux_gather_random): Check the symbol and use getentropy.

	mpi: Fix _gcry_mpih_mod implementation.
	+ commit f06ff4e31c8e162f4a59986241c7ab43d5085927
	* mpi/mpih-const-time.c (_gcry_mpih_mod): Handle the overflow.

	build: Check spawn.h for MacOS X Tiger.
	+ commit fc901e978a0c18a3524cad5d1ef3451ed11b9347
	* configure.ac: Add check for spawn.h.
	* tests/random.c: Only use posix_spawn if available.

2021-01-26  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	global: fix compile error at pragma GCC diagnostic.
	+ commit 3d095206c30d772d5fc68bf69bfc384e43f766e9
	* src/global.c (_gcry_vcontrol): Move "pragma GCC diagnostics" outside
	function.

	cipher-proto: remove forward typedef of cipher_bulk_ops_t.
	+ commit 17aad639d29c7c835a7effb89181c7c99b16cb6a
	* cipher/cipher-proto (cipher_bulk_ops_t): Remove typedef, leave
	forward declaration of 'struct cipher_bulk_ops'.
	(gcry_cipher_setkey_t): Change 'bulk_ops' to
	'struct cipher_bulk_ops *'.
	* cipher/arcfour.c: Include 'cipher-internal.h'.
	* cipher/gost28147.c: Ditto.
	* cipher/idea.c: Ditto.
	* cipher/rfc2268.c: Ditto.
	* cipher/salsa20.c: Ditto.
	* cipher/seed.c: Ditto.
	* cipher/mac-internal.h (CTX_MAGIC_NORMAL): Rename to...
	(CTX_MAC_MAGIC_NORMAL): ... this.
	(CTX_MAGIC_SECURE): Rename to...
	(CTX_MAC_MAGIC_SECURE): ... this.
	* cipher/mac-cmac.c (cmac_open): Use CTX_MAC_MAGIC_SECURE.
	* cipher/mac-gmac.c (gmac_open): Ditto.
	* cipher/mac-hmac.c (hmac_open): Ditto.
	* cipher/mac-poly1305.c (poly1305mac_open): Ditto.
	* cipher/mac.c (mac_open): Use CTX_MAC_MAGIC_SECURE and
	CTX_MAC_MAGIC_NORMAL.

2021-01-26  David Michael  <fedora.dm0@gmail.com>

	cipher/sha512: Fix non-NEON ARM assembly implementation.
	+ commit 1e72c50f864ae1c77ba80c191224b9ef1d22a2e2
	* cipher/sha512.c (do_transform_generic)
	[USE_ARM_ASM]: Switch to the non-NEON assembly implementation.

2021-01-26  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	blake2: fix RIP register access for AVX/AVX2 implementations.
	+ commit b2f78ae034b8d4aa3d4cc7bf85262317832f6e0a
	* cipher/blake2b-amd64-avx2.S: Use rRIP instead of (RIP).
	* cipher/blake2s-amd64-avx.S: Use rRIP instead of (RIP).

	sha512/sha256: remove assembler macros from AMD64 implementations.
	+ commit 9f49e806f9506533236fd44b17f17b85961b20f1
	* configure.ac (gcry_cv_gcc_platform_as_ok_for_intel_syntax): Remove
	assembler macro check from Intel syntax assembly support check.
	* cipher/sha256-avx-amd64.S: Replace assembler macros with C
	preprocessor counterparts.
	* cipher/sha256-avx2-bmi2-amd64.S: Ditto.
	* cipher/sha256-ssse3-amd64.S: Ditto.
	* cipher/sha512-avx-amd64.S: Ditto.
	* cipher/sha512-avx2-bmi2-amd64.S: Ditto.
	* cipher/sha512-ssse3-amd64.S: Ditto.

	configure.ac: run assembler checks through linker for better LTO support
	+ commit 393bd6c3d1aa2b2a1b05be0e2d7fb2514e6c5ad0
	* configure.ac (gcry_cv_gcc_arm_platform_as_ok)
	(gcry_cv_gcc_aarch64_platform_as_ok)
	(gcry_cv_gcc_inline_asm_ssse3, gcry_cv_gcc_inline_asm_pclmul)
	(gcry_cv_gcc_inline_asm_shaext, gcry_cv_gcc_inline_asm_sse41)
	(gcry_cv_gcc_inline_asm_avx, gcry_cv_gcc_inline_asm_avx2)
	(gcry_cv_gcc_inline_asm_bmi2, gcry_cv_gcc_as_const_division_ok)
	(gcry_cv_gcc_as_const_division_with_wadivide_ok)
	(gcry_cv_gcc_amd64_platform_as_ok, gcry_cv_gcc_win64_platform_as_ok)
	(gcry_cv_gcc_platform_as_ok_for_intel_syntax)
	(gcry_cv_gcc_inline_asm_neon, gcry_cv_gcc_inline_asm_aarch32_crypto)
	(gcry_cv_gcc_inline_asm_aarch64_neon)
	(gcry_cv_gcc_inline_asm_aarch64_crypto)
	(gcry_cv_gcc_inline_asm_ppc_altivec)
	(gcry_cv_gcc_inline_asm_ppc_arch_3_00)
	(gcry_cv_gcc_inline_asm_s390x, gcry_cv_gcc_inline_asm_s390x): Use
	AC_LINK_IFELSE check instead of AC_COMPILE_IFELSE.

	rijndael: remove unused use_xxx flags.
	+ commit a14447f8169aff30a49f5c2ab06bd5bbd1cc3531
	* cipher/rijndael-internal.h (RIJNDAEL_context_s): Remove unused
	'use_padlock', 'use_aesni', 'use_ssse3', 'use_arm_ce', 'use_ppc_crypto'
	and 'use_ppc9le_crypto'.
	* cipher/rijndael.c (do_setkey): Do not setup 'use_padlock',
	'use_aesni', 'use_ssse3', 'use_arm_ce', 'use_ppc_crypto' and
	'use_ppc9le_crypto'.

	Define HW-feature flags per architecture.
	+ commit 8d404a629167d67ed56e45de3e65d1e0b7cdeb24
	* random/rand-internal.h (_gcry_rndhw_poll_slow): Add requested length
	parameter.
	* random/rndhw.c (_gcry_rndhw_poll_slow): Limit accounted bytes to 50%
	(or 25% for RDRAND) - this code is moved from caller side.
	* random/rndlinux.c (_gcry_rndlinux_gather_random): Move
	HWF_INTEL_RDRAND check to _gcry_rndhw_poll_slow.
	* src/g10lib.h (HWF_PADLOCK_*, HWF_INTEL_*): Define only if
	HAVE_CPU_ARCH_X86.
	(HWF_ARM_*): Define only if HAVE_CPU_ARCH_ARM.
	(HWF_PPC_*): Define only if HAVE_CPU_ARCH_PPC.
	(HWF_S390X_*): Define only if HAVE_CPU_ARCH_S390X.

	Add configure option to force enable 'soft' HW feature bits.
	+ commit 3b34bd6e178614d6021ee7d1140646f7c8ed7519
	* configure.ac (force_soft_hwfeatures)
	(ENABLE_FORCE_SOFT_HWFEATURES): New.
	* src/hwf-x86.c (detect_x86_gnuc): Enable HWF_INTEL_FAST_SHLD
	and HWF_INTEL_FAST_VPGATHER if ENABLE_FORCE_SOFT_HWFEATURES enabled.

2021-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Fix Ed25519 private key handling for preceding ZEROs.
	+ commit 1b74f633bd3e358fb07a856a70597019980651d2
	* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fill-up or remove
	preceding ZEROs correctly, fixing the third argument of mpi_set_opaque.

	ecc: Fix initialization of CTX for sign and verify.
	+ commit 652b102697cbfe2d7bc642fc7374cb21a9cf03e6
	* cipher/ecc.c (ecc_sign, ecc_verify): Call
	_gcry_pk_util_init_encoding_ctx at first.

2021-01-21  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix build of tests with non-default installation.
	+ commit fa3420b011c105ca21894489e62c7e882a3ac4dd
	* tests/Makefile.am: Add forgotten @LDADD_FOR_TESTS_KLUDGE@.

2021-01-20  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Split inline assembly blocks with many memory operands.
	+ commit 00df9f27181d77166ceb55f319329400bf2e6a48
	* cipher/rijndael-aesni.c (aesni_ocb_checksum, aesni_ocb_enc)
	(aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Split assembly blocks
	with more than 4 memory operands to smaller blocks.
	* cipher/sha512-ssse3-i386.c (W2): Split big assembly block to
	three smaller blocks.

	tests/basic: fix build on ARM32 when NEON disabled.
	+ commit 81354e911bfa3e135d3e07f6a8d9e98033cd921a
	* tests/basic.c (CLUTTER_VECTOR_REGISTER_NEON)
	(CLUTTER_VECTOR_REGISTER_AARCH64): Remove check for __ARM_FEATURE_SIMD32.

	kdf: make self-test test-vector array read-only.
	+ commit 097148bc89ec8c18b9e4795733e0f0b1ae0ecd1d
	* cipher/kdf.c (selftest_pbkdf2): Make 'tv[]' constant.

	kdf: add missing null-terminator for self-test test-vector array.
	+ commit c6425a5537294dfe2beaafc9105f7af4ceac677f
	* cipher/kdf.c (selftest_pbkdf2): Add null-terminator to TV array.

	cipher/bithelp: use __builtin_ctzl when available.
	+ commit 807827cda3bacf5f475167ee6d34657713111838
	* cipher/bithelp.h (_gcry_ctz64): Use __builtin_ctzl if available.

	mpi/longlong: make use of compiler provided __builtin_ctz/__builtin_clz.
	+ commit 477355047e5c75ad2b2238a8716e4646b861184c
	* configure.ac (gcry_cv_have_builtin_ctzl, gcry_cv_have_builtin_clz)
	(gcry_cv_have_builtin_clzl): New checks.
	* mpi/longlong.h (count_leading_zeros, count_trailing_zeros): Use
	__buildin_clz[l]/__builtin_ctz[l] if available and bit counting
	macros not yet provided by inline assembly.

2021-01-19  Werner Koch  <wk@gnupg.org>

	Release 1.9.0.
	+ commit 0dc49af9b5371c5e2f766b70c3bede2b10db9f7e


2021-01-19  NIIBE Yutaka  <gniibe@fsij.org>

	Fix DSA for FIPS 186-3.
	+ commit 30ed9593f632c728d918598037358deaeccd1968
	* cipher/dsa.c (generate_fips186): Supply INITIAL_SEED to
	_gcry_generate_fips186_3_prime.
	* tests/fips186-dsa.c (check_dsa_gen_186_2): Add where tv comes from.
	(check_dsa_gen_186_3): Implement tests.
	* tests/pubkey.c (get_dsa_key_fips186_with_seed_new): Use the qbits
	and seed of tests/fips186-dsa.c.

2021-01-19  NIIBE Yutaka  <gniibe@fsij.org>
	    Tomáš Mráz  <tm@t8m.info>

	Check if FIPS is operational and error return if not.
	+ commit ebeae53222648c637907f4b358888fc0e7123dc9
	* src/visibility.c (gcry_kdf_derive): Add the check.
	(gcry_prime_generate, gcry_prime_group_generator): Likewise.
	(gcry_mpi_randomize): Likewise, but no return.

2021-01-18  Werner Koch  <wk@gnupg.org>

	ecc: Change an error code of gcry_ecc_mul_point.
	+ commit ca5a90bf70598247589078478d237287ca524453
	* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Return
	GPG_ERR_UNKNOWN_CURVE.

2021-01-15  NIIBE Yutaka  <gniibe@fsij.org>
	    Tomáš Mráz  <tm@t8m.info>

	kdf: Add selftest.
	+ commit 7a0da24925361a3109474d0e433511467a9e35d1
	* src/cipher-proto.h (_gcry_kdf_selftest): New.
	* cipher/kdf.c (check_one, selftest_pbkdf2): New.
	(_gcry_kdf_selftest): New.
	* src/fips.c (run_kdf_selftests): New.
	(_gcry_fips_run_selftests): Call run_kdf_selftests.

2021-01-13  NIIBE Yutaka  <gniibe@fsij.org>
	    Tomáš Mráz  <tm@t8m.info>

	cmac: Add selftest.
	+ commit 385a89e35b0b95f15b4c6e4d5482b1fc6906f7c5
	* cipher/mac-cmac.c (check_one, selftests_cmac_3des): New.
	(selftests_cmac_aes, cmac_selftest): New.
	(cmac_ops): Add cmac_selftest.
	* src/fips.c (run_mac_selftests): Add CMAC selftests.

2021-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	sexp: Raise an error when an integer is negative with USG.
	+ commit 00d7c1c632019066a4884930d413ccc044d81af5
	* src/sexp.c (do_vsexp_sscan): Return GPG_ERR_INV_ARG if negative.

2021-01-08  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Add backward compatibility support for Ed25519 key in SEXP.
	+ commit 4768baf74be03d8973d004725f796aef329c45bf
	* cipher/ecc-curves.c (_gcry_ecc_get_curve): Support Ed25519 keys with
	parameter {p,a,b,g,n}.

	ecc: Minor implementation change for _gcry_ecc_get_curve.
	+ commit 3fe7036d05f283df9441d42242f0047b6ea11a32
	* cipher/ecc-curves.c (_gcry_ecc_get_curve): Flatten.

2020-12-30  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add s390x/zSeries implementation of Poly1305.
	+ commit 1f75681cbba895ea2f7ea0637900721f4522e729
	* cipher/Makefile.am: Add 'poly1305-s390x.S' and
	'asm-poly1305-s390x.h'.
	* cipher/asm-poly1305-s390x.h: New
	* cipher/chacha20-s390x.S (_gcry_chacha20_poly1305_s390x_vx_blocks8)
	(_gcry_chacha20_poly1305_s390x_vx_blocks4_2_1): New, stitched
	chacha20-poly1305 implementation.
	* cipher/chacha20.c (USE_S390X_VX_POLY1305): New.
	(_gcry_chacha20_poly1305_s390x_vx_blocks8)
	(_gcry_chacha20_poly1305_s390x_vx_blocks4_2_1): New prototypes.
	(_gcry_chacha20_poly1305_encrypt, _gcry_chacha20_poly1305_decrypt): Add
	s390x/VX stitched chacha20-poly1305 code-path.
	* cipher/poly1305-s390x.S: New.
	* cipher/poly1305.c (USE_S390X_ASM, HAVE_ASM_POLY1305_BLOCKS): New.
	[USE_S390X_ASM] (_gcry_poly1305_s390x_blocks1, poly1305_blocks): New.
	* configure.ac (gcry_cv_gcc_inline_asm_s390x): Check for 'risbgn' and
	'algrk' instructions.
	* tests/basic.c (_check_poly1305_cipher): Add large chacha20-poly1305
	test vector.

	Add s390x/zSeries implementation of ChaCha20.
	+ commit 6a0bb9ab7f886087d7edb0725c90485086a1c0b4
	* cipher/Makefile.am: Add 'asm-common-s390x.h' and 'chacha20-s390x.S'.
	* cipher/asm-common-s390x.h: New.
	* cipher/chacha20-s390x.S: New.
	* cipher/chacha20.c (USE_S390X_VX): New.
	(CHACHA20_context_t): Change 'use_*' bit-field to unsigned type; Add
	'use_s390x'.
	(_gcry_chacha20_s390x_vx_blocks8)
	(_gcry_chacha20_s390x_vx_blocks4_2_1): New.
	(chacha20_do_setkey): Add HW feature detect for s390x/VX.
	(chacha20_blocks, do_chacha20_encrypt_stream_tail): Add s390x/VX
	code-path.
	* configure.ac: Add 'chacha20-s390x.lo'.

	hwf-s390x: add VX vector instruction set detection.
	+ commit 1d13794780e3d052cd5ed6f900bf5900cf44b377
	* configure.ac (gcry_cv_gcc_inline_asm_s390x_vx): New check.
	* src/g10lib.h (HWF_S390X_VX): New.
	* src/hwf-s390x.c (HWCAP_S390_VXRS): New.
	(s390x_features) [HAVE_GCC_INLINE_ASM_S390X_VX]: Add VX feature check.
	* src/hwfeatures.c (hwlist): Add "s390x-vx".

	mpi/longlong: add s390x/zSeries macros.
	+ commit 0252cc9b62dfe20c77211f093b4fda54786177d3
	* mpi/longlong.h [__s390x__] (add_ssaaaa, sub_ddmmss, UTItype)
	(umul_ppmm, udiv_qrnnd): New.

2020-12-22  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32.
	+ commit 6b6bfd57d0a6b2b4577c084db35078cd9fadafa5
	* src/hwf-arm.c (HWCAP2_SHA1, HWCAP2_SHA2): Change from bit indexes to
	flags.

	Add missing prototype for _gcry_mac_selftest.
	+ commit e47f04b4a28947c90db70ccaf93e149cfd5213c9
	* src/cipher-proto.h (_gcry_hmac_selftest): Rename to...
	(_gcry_mac_selftest): ... this.

2020-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	Merge hmac-tests.c into mac-hmac.c.
	+ commit 2ab14b23afc092fd25395954c2a94db932ca4d95
	* cipher/Makefile.am (EXTRA_DIST): Remove hmac-tests.c.
	* cipher/hmac-tests.c: Remove, merge into...
	* cipher/mac-hmac.c: ... here.

2020-12-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add s390x/zSeries acceleration for SHA3.
	+ commit 7532e27cacb74c92fd561524a0897163b0fcd7f4
	* cipher/asm-inline-s390x.h (KLMD_PADDING_STATE): New.
	(kimd_execute): Change 'reg0' from read-only to read/write.
	(klmd_shake_execute): New.
	* cipher/keccak.c (USE_S390X_CRYPTO): New.
	(KECCAK_CONTEXT) [USE_S390X_CRYPTO]: New members.
	[USE_S390X_CRYPTO] (keccak_bwrite_s390x, keccak_final_s390x)
	(keccak_bextract_s390x, keccak_write_s390x, keccak_extract_s390x): New.
	(keccak_write) [USE_S390X_CRYPTO]: Use accelerated function if enabled.
	(keccak_final) [USE_S390X_CRYPTO]: Likewise.
	(keccak_extract) [USE_S390X_CRYPTO]: Likewise.
	(keccak_init) [USE_S390X_CRYPTO]: Detect and setup zSeries
	acceleration.

	Add s390x/zSeries acceleration for SHA512.
	+ commit 45f0ec0c4e3b08627cbf7e65f5f110c321710d01
	* cipher/sha512.c (USE_S390X_CRYPTO): New.
	(SHA512_CONTEXT) [USE_S390X_CRYPTO]: New members.
	(do_sha512_transform_s390x, do_sha512_final_s390x): New.
	(sha512_init_common) [USE_S390X_CRYPTO]: Detect and setup s390x/zSeries
	acceleration.
	(sha512_final) [USE_S390X_CRYPTO]: Use accelerated final function.

	Add s390x/zSeries acceleration for SHA256.
	+ commit 0b555c3cc7c2b80ec2628685946a6139a1996911
	* cipher/sha256.c (USE_S390X_CRYPTO): New.
	(SHA256_CONTEXT) [USE_S390X_CRYPTO]: New members.
	(do_sha256_transform_s390x, do_sha256_final_s390x): New.
	(sha256_common_init) [USE_S390X_CRYPTO]: Detect and setup s390x/zSeries
	acceleration.
	(sha256_final) [USE_S390X_CRYPTO]: Use accelerated final function.

	Add s390x/zSeries acceleration for SHA1.
	+ commit 88570515b4ca92a44c4e40c31f877c11cc00ab68
	* cipher/asm-inline-s390x.h (ALWAYS_INLINE): New.
	(klmd_query): New.
	(km_function_to_mask, kimd_execute, klmd_execute): Mark as always
	inline.
	* cipher/rijndael-s390x.c (ALWAYS_INLINE): Remove.
	* cipher/sha1.c (do_sha1_transform_s390x, do_sha1_final_s390x): New.
	(sha1_init) [SHA1_USE_S390X_CRYPTO]: Detect and setup s390x/zSeries
	acceleration.
	(sha1_final) [SHA1_USE_S390X_CRYPTO]: Use accelerated final function.
	* cipher/sha1.h (SHA1_USE_S390X_CRYPTO): New.
	(SHA1_CONTEXT) [SHA1_USE_S390X_CRYPTO]: New.

	Add bulk AES-GCM acceleration for s390x/zSeries.
	+ commit 5aeb091f911398217b2e9facb9bdeb05c63d7844
	* cipher/Makefile.am: Add 'asm-inline-s390x.h'.
	* cipher/asm-inline-s390x.h: New.
	* cipher/cipher-gcm.c [GCM_USE_S390X_CRYPTO] (ghash_s390x_kimd): New.
	(setupM) [GCM_USE_S390X_CRYPTO]: Add setup for s390x GHASH function.
	* cipher/cipher-internal.h (GCM_USE_S390X_CRYPTO): New.
	* cipher/rijndael-s390x.c (u128_t, km_functions_e): Move to
	'asm-inline-s390x.h'.
	(aes_s390x_gcm_crypt): New.
	(_gcry_aes_s390x_setup_acceleration): Use 'km_function_to_mask'; Add
	setup for GCM bulk function.

	Add bulk function interface for GCM mode.
	+ commit f4e63e92dc0b79633f48b11d292dd7bdf2752ede
	* cipher/cipher-gcm.c (do_ghash_buf): Proper handling for the case
	where 'unused' gets filled to full blocksize.
	(gcm_crypt_inner): New.
	(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Use
	'gcm_crypt_inner'.
	* cipher/cipher-internal.h (cipher_bulk_ops_t): Add 'gcm_crypt'.

	Add s390x/zSeries acceleration for AES.
	+ commit 9219d9d1b60c01a4c7dbde05ee6b5b52e0d7d072
	* configure.ac: Add 'rijndael-s390x.lo'.
	* cipher/Makefile.am: Add 'rijndael-s390x.c'.
	* cipher/rijndael-internal.c (USE_S390X_CRYPTO): New.
	(RIJNDAEL_context_s) [USE_S390X_CRYPTO]: New 'km*_func' members.
	* cipher/rijndael-s390x.c: New.
	* cipher/rijndael.c (_gcry_aes_s390x_setup_acceleration)
	(_gcry_aes_s390x_setup_setkey)
	(_gcry_aes_s390x_setup_prepare_decryption, _gcry_aes_s390x_encrypt)
	(_gcry_aes_s390x_decrypt): New.
	(do_setkey) [USE_S390X_CRYPTO]: Add s390x acceleration setup.

	Add bulk function interface for OFB mode.
	+ commit f12b6788f2297391265af93a7794bfbc503de6d7
	* cipher/cipher-internal.h (cipher_bulk_ops): Add 'ofb_enc'.
	* cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Use bulk encryption
	function if defined.
	* cipher/basic.c (check_bulk_cipher_modes): Add OFB-AES test vectors.

	hwf: add detection of s390x/zSeries hardware features.
	+ commit 128054767d5f864798a39d432997f7d38c4bf729
	* configure.ac (gcry_cv_gcc_inline_asm_s390x)
	(HAVE_CPU_ARCH_S390X): Add s390x detection support.
	* mpi/config.links: Add setup for s390x links.
	* src/Makefile.am: Add 'hwf-s390x.c'.
	* src/g10lib.h (HWF_S390X_MSA, HWF_S390X_MSA_4, HWF_S390X_8): New.
	* src/hwf_common.h (_gcry_hwf_detect_s390x): New.
	* src/hwf-s390x.c: New.
	* src/hwfeatures.c: Add "s390x-msa", "s390x-msa-4" and "s390x-msa-8".

	tests/bench-slope: use same benchmarking for XTS as for other modes.
	+ commit 0e37bb32e215feb4716341f7053c4f54806645cb
	* tests/bench-slope.c (bench_xts_encrypt_init): Use same buffer
	sizes as other tests.
	(bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench): Remove.
	(xts_encrypt_ops): Use 'bench_encrypt_do_bench'.
	(xts_decrypt_ops): Use 'bench_decrypt_do_bench'.

	aarch64: mpi/longlong.h: fix operand size mismatch.
	+ commit c59b5b03a063ebc73935dbb10bc4f568faddbedf
	* mpi/longlong.h [__aarch64__] (count_leading_zeros): Use correctly
	sized temporary variable for asm output.

	aarch64: use configure check for assembly ELF directives support.
	+ commit 8352b0ece5237e3f86f1525b072e8f690ad0fa94
	* configure.ac (gcry_cv_gcc_asm_elf_directives): New check.
	(HAVE_GCC_ASM_ELF_DIRECTIVES): New 'config.h' macro.
	* cipher/asm-common-aarch64.h (ELF): Change feature macro check from
	__ELF__ to HAVE_GCC_ASM_ELF_DIRECTIVES.

2020-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	Reorganize self-tests for HMAC.
	+ commit c90fb0d8fb7a84bbcc8d6832de6a554405591850
	* cipher/Makefile.am: Prepare merge of hmac-test.c into mac-hmac.c.
	* cipher/hmac-tests.c: Ifdef-out run_selftests and _gcry_hmac_selftest.
	* cipher/mac-internal.h: Include cipher-proto.h for selftest.
	(gcry_mac_spec_ops): Add selftest field.
	* cipher/mac-hmac.c: Include hmac-tests.c for migration.
	(hmac_selftest) New.
	(hmac_ops): Add hmac_selftest.
	* cipher/gost28147.c, cipher/mac-cmac.c: Add new field for selftest.
	* cipher/mac-gmac.c, cipher/mac-poly1305.c: Likewise..
	* cipher/mac.c (_gcry_mac_selftest): New.
	* src/fips.c (run_mac_selftests): Rename from run_hmac_selftests.
	Use GCRY_MAC_HMAC_*, and call _gcry_mac_selftest.
	(_gcry_fips_run_selftests): Use run_mac_selftests.

2020-12-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Prevent link-time optimization from inlining __gcry_burn_stack.
	+ commit 1a83df98b198902ee6d71549231a3af37088d452
	* src/g10lib.h (NOINLINE_FUNC): New attribute macro.
	* src/misc.c (__gcry_burn_stack): Add NOINLINE_FUNC attribute.

	tests/basic: check 32-bit and 64-bit overflow for CTR and ChaCha20.
	+ commit 2065720b5b0642cc1a0e08086a434244ebb1abf2
	* tests/basic.c (check_one_cipher_ctr_reset)
	(check_one_cipher_ctr_overflow): New.
	(check_one_cipher): Add counter overflow tests for ChaCha20 and CTR
	mode.

	chacha20-ppc: fix 32-bit counter overflow handling.
	+ commit ed45eac3b721c1313902b977379fbd4886ccca7b
	* cipher/chacha20-ppc.c (vec_add_ctr_u64, ADD_U64): New.
	(_gcry_chacha20_ppc8_blocks1, _gcry_chacha20_ppc8_blocks4)
	(_gcry_chacha20_poly1305_ppc8_blocks4): Use ADD_U64 when incrementing
	counter.

2020-12-03  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Put a work around to tests/random for macOS.
	+ commit 9769b40b54cf010a0c41c4ab05a7a88e17d70613
	* configure.ac [*-apple-darwin*] (USE_POSIX_SPAWN_FOR_TESTS): New.
	* tests/random.c [USE_POSIX_SPAWN_FOR_TESTS] (run_all_rng_tests): New.

2020-11-18  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update to newer autoconf constructs.
	+ commit 9485ca7b5bf11194cff59edbfa6a0fba3bf6162a
	* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Use AS_MESSAGE_LOG_FD
	instead of AC_FD_CC.
	(GNUPG_CHECK_MLOCK): Use AC_LINK_IFELSE instead of AC_TRY_LINK.
	Use AC_RUN_IFELSE instead of AC_TRY_RUN.
	* configure.ac (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
	Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
	Use AS_HELP_STRING instead of AC_HELP_STRING.
	(AC_TYPE_SIGNAL): Remove.
	(AC_DECL_SYS_SIGLIST): Remove.
	* m4/Makefile.am (EXTRA_DIST): Update.
	* m4/onceonly.m4: Remove.
	* m4/socklen.m4: Update from gnulib.
	* m4/libtool.m4: Update from libgpg-error.
	* m4/gpg-error.m4: Update from libgpg-error.
	* m4/noexecstack.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.

	build: Use modern Autoconf check for type.
