1
2009-01-22 Werner Koch <wk@g10code.com>
3
* ecc.c (compute_keygrip): Remove superfluous const.
5
2009-01-06 Werner Koch <wk@g10code.com>
7
* rmd160.c (oid_spec_rmd160): Add TeleTrust identifier.
9
2008-12-10 Werner Koch <wk@g10code.com>
11
* dsa.c (generate): Add arg DOMAIN and use it if specified.
12
(generate_fips186): Ditto.
13
(dsa_generate_ext): Parse and check the optional "domain"
14
parameter and pass them to the generate functions.
16
* rijndael.c (rijndael_names): Add "AES128" and "AES-128".
17
(rijndael192_names): Add "AES-192".
18
(rijndael256_names): Add "AES-256".
20
2008-12-05 Werner Koch <wk@g10code.com>
22
* dsa.c (generate): Add arg TRANSIENT_KEY and use it to detrmine
23
the RNG quality needed.
24
(dsa_generate_ext): Parse the transient-key flag und pass it to
27
2008-11-28 Werner Koch <wk@g10code.com>
29
* dsa.c (generate_fips186): Add arg DERIVEPARMS and use the seed
32
* primegen.c (_gcry_generate_fips186_2_prime): Fix inner p loop.
34
2008-11-26 Werner Koch <wk@g10code.com>
36
* primegen.c (_gcry_generate_fips186_3_prime): New.
37
* dsa.c (generate_fips186): Add arg USE_FIPS186_2.
38
(dsa_generate_ext): Parse new flag use-fips183-2.
40
2008-11-25 Werner Koch <wk@g10code.com>
42
* dsa.c (generate_fips186): New.
43
(dsa_generate_ext): Use new function if derive-parms are given or
45
* primegen.c (_gcry_generate_fips186_2_prime): New.
47
2008-11-24 Werner Koch <wk@g10code.com>
49
* pubkey.c (gcry_pk_genkey): Insert code to output extrainfo.
50
(pubkey_generate): Add arg R_EXTRAINFO and pass it to the extended
51
key generation function.
52
* rsa.c (gen_x931_parm_xp, gen_x931_parm_xi): New.
53
(generate_x931): Generate params if not given.
54
(rsa_generate_ext): Parse use-x931 flag. Return p-q-swapped
56
* dsa.c (dsa_generate_ext): Put RETFACTORS into R_EXTRAINFO if
59
* pubkey.c (gcry_pk_genkey): Remove parsing of almost all
60
parameters and pass the parameter S-expression to pubkey_generate.
61
(pubkey_generate): Simplify by requitring modules to parse the
62
parameters. Remove the special cases for Elgamal and ECC.
63
(sexp_elements_extract_ecc): Add arg EXTRASPEC and use it. Fix
65
(sexp_to_key): Pass EXTRASPEC to sexp_elements_extract_ecc.
66
(pubkey_table) [USE_ELGAMAL]: Add real extraspec.
67
* rsa.c (rsa_generate_ext): Adjust for new calling convention.
68
* dsa.c (dsa_generate_ext): Ditto.
69
* elgamal.c (_gcry_elg_generate): Ditto. Rename to elg_generate_ext.
71
(_gcry_elg_generate_using_x): Remove after merging code with
73
(_gcry_pubkey_extraspec_elg): New.
74
(_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign)
75
(_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove
77
* ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and
78
adjust for new calling convention.
79
(_gcry_ecc_get_param): Rename to ecc_get_param and make static.
80
(_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and
83
2008-11-20 Werner Koch <wk@g10code.com>
85
* pubkey.c (pubkey_generate): Add arg DERIVEPARMS.
86
(gcry_pk_genkey): Parse derive-parms and pass it to above.
87
* rsa.c (generate_x931): New.
88
(rsa_generate_ext): Add arg DERIVEPARMS and call new function in
89
fips mode or if DERIVEPARMS is given.
90
* primegen.c (_gcry_derive_x931_prime, find_x931_prime): New.
92
2008-11-19 Werner Koch <wk@g10code.com>
94
* rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding.
95
(generate): Rename to generate_std.
97
2008-11-05 Werner Koch <wk@g10code.com>
99
* md.c (md_open): Use a switch to set the Bsize.
100
(prepare_macpads): Fix long key case for SHA384 and SHA512.
102
* cipher.c (gcry_cipher_handle): Add field EXTRASPEC.
103
(gcry_cipher_open): Set it.
104
(gcry_cipher_ctl): Add private control code to disable weak key
105
detection and to return the current input block.
106
* des.c (_tripledes_ctx): Add field FLAGS.
107
(do_tripledes_set_extra_info): New.
108
(_gcry_cipher_extraspec_tripledes): Add new function.
109
(do_tripledes_setkey): Disable weak key detection.
111
2008-10-24 Werner Koch <wk@g10code.com>
113
* md.c (digest_table): Allow MD5 in fips mode.
114
(md_register_default): Take special action for MD5.
115
(md_enable, gcry_md_hash_buffer): Ditto.
117
2008-09-30 Werner Koch <wk@g10code.com>
119
* rijndael.c (do_setkey): Properly align "t" and "tk".
120
(prepare_decryption): Properly align "w". Fixes bug #936.
122
2008-09-18 Werner Koch <wk@g10code.com>
124
* pubkey.c (gcry_pk_genkey): Parse domain parameter.
125
(pubkey_generate): Add new arg DOMAIN and remove special case for
127
* rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and
128
rename to rsa_generate_ext. Change caller.
129
(_gcry_rsa_generate, _gcry_rsa_check_secret_key)
130
(_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign)
131
(_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove
133
(_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names.
134
* dsa.c (dsa_generate_ext): New.
135
(_gcry_dsa_generate): Replace code by a call to dsa_generate.
136
(_gcry_dsa_check_secret_key, _gcry_dsa_sign, _gcry_dsa_verify)
137
(_gcry_dsa_get_nbits): Make static and remove _gcry prefix.
138
(_gcry_dsa_generate2): Remove.
139
(_gcry_pubkey_spec_dsa): Adjust to name changes.
140
(_gcry_pubkey_extraspec_rsa): Add dsa_generate_ext.
142
2008-09-16 Werner Koch <wk@g10code.com>
144
* ecc.c (run_selftests): Add arg EXTENDED.
146
2008-09-12 Werner Koch <wk@g10code.com>
148
* rsa.c (test_keys): Do a bad case signature check.
149
* dsa.c (test_keys): Do a bad case check.
151
* cipher.c (_gcry_cipher_selftest): Add arg EXTENDED and pass it
153
* md.c (_gcry_md_selftest): Ditto.
154
* pubkey.c (_gcry_pk_selftest): Ditto.
155
* rijndael.c (run_selftests): Add arg EXTENDED and pass it to the
157
(selftest_fips_128): Add arg EXTENDED and run only one test
159
(selftest_fips_192): Add dummy arg EXTENDED.
160
(selftest_fips_256): Ditto.
161
* hmac-tests.c (_gcry_hmac_selftest): Ditto.
162
(run_selftests): Ditto.
163
(selftests_sha1): Add arg EXTENDED and run only one test
165
(selftests_sha224, selftests_sha256): Ditto.
166
(selftests_sha384, selftests_sha512): Ditto.
167
* sha1.c (run_selftests): Add arg EXTENDED and pass it to the
169
(selftests_sha1): Add arg EXTENDED and run only one test
171
* sha256.c (run_selftests): Add arg EXTENDED and pass it to the
173
(selftests_sha224): Add arg EXTENDED and run only one test
175
(selftests_sha256): Ditto.
176
* sha512.c (run_selftests): Add arg EXTENDED and pass it to the
178
(selftests_sha384): Add arg EXTENDED and run only one test
180
(selftests_sha512): Ditto.
181
* des.c (run_selftests): Add arg EXTENDED and pass it to the
183
(selftest_fips): Add dummy arg EXTENDED.
184
* rsa.c (run_selftests): Add dummy arg EXTENDED.
186
* dsa.c (run_selftests): Add dummy arg EXTENDED.
188
* rsa.c (extract_a_from_sexp): New.
189
(selftest_encr_1024): Check that the ciphertext does not match the
191
(test_keys): Improve tests and return an error status.
192
(generate): Return an error if test_keys fails.
193
* dsa.c (test_keys): Add comments and return an error status.
194
(generate): Return an error if test_keys failed.
196
2008-09-11 Werner Koch <wk@g10code.com>
198
* rsa.c (_gcry_rsa_decrypt): Return an error instead of calling
199
BUG in case of a practically impossible condition.
200
(sample_secret_key, sample_public_key): New.
201
(selftest_sign_1024, selftest_encr_1024): New.
202
(selftests_rsa): Implement tests.
203
* dsa.c (sample_secret_key, sample_public_key): New.
204
(selftest_sign_1024): New.
205
(selftests_dsa): Implement tests.
207
2008-09-09 Werner Koch <wk@g10code.com>
209
* hmac-tests.c (selftests_sha1): Add tests.
210
(selftests_sha224, selftests_sha384, selftests_sha512): Make up tests.
212
* hash-common.c, hash-common.h: New.
213
* sha1.c (selftests_sha1): Add 3 tests.
214
* sha256.c (selftests_sha256, selftests_sha224): Ditto.
215
* sha512.c (selftests_sha512, selftests_sha384): Ditto.
217
2008-08-29 Werner Koch <wk@g10code.com>
219
* pubkey.c (gcry_pk_get_keygrip): Remove the special case for RSA
220
and check whether a custom computation function has been setup.
221
* rsa.c (compute_keygrip): New.
222
(_gcry_pubkey_extraspec_rsa): Setup this function.
223
* ecc.c (compute_keygrip): New.
224
(_gcry_pubkey_extraspec_ecdsa): Setup this function.
226
2008-08-28 Werner Koch <wk@g10code.com>
228
* cipher.c (cipher_decrypt, cipher_encrypt): Return an error if
230
(gcry_cipher_open): Allow mode NONE only with a debug flag set and
233
2008-08-26 Werner Koch <wk@g10code.com>
235
* pubkey.c (pubkey_generate): Add arg KEYGEN_FLAGS.
236
(gcry_pk_genkey): Implement new parameter "transient-key" and
237
pass it as flags to pubkey_generate.
238
(pubkey_generate): Make use of an ext_generate function.
239
* rsa.c (generate): Add new arg transient_key and pass appropriate
240
args to the prime generator.
241
(_gcry_rsa_generate): Factor all code out to ...
242
(rsa_generate): .. new func with extra arg KEYGEN_FLAGS.
243
(_gcry_pubkey_extraspec_ecdsa): Setup rsa_generate.
244
* primegen.c (_gcry_generate_secret_prime)
245
(_gcry_generate_public_prime): Add new arg RANDOM_LEVEL.
247
2008-08-21 Werner Koch <wk@g10code.com>
249
* primegen.c (_gcry_generate_secret_prime)
250
(_gcry_generate_public_prime): Use a constant macro for the random
253
2008-08-19 Werner Koch <wk@g10code.com>
255
* pubkey.c (sexp_elements_extract_ecc) [!USE_ECC]: Do not allow
256
allow "curve" parameter.
258
2008-08-15 Werner Koch <wk@g10code.com>
260
* pubkey.c (_gcry_pk_selftest): New.
261
* dsa.c (selftests_dsa, run_selftests): New.
262
* rsa.c (selftests_rsa, run_selftests): New.
263
* ecc.c (selftests_ecdsa, run_selftests): New.
265
* md.c (_gcry_md_selftest): New.
266
* sha1.c (run_selftests, selftests_sha1): New.
267
* sha256.c (selftests_sha224, selftests_sha256, run_selftests): New.
268
* sha512.c (selftests_sha384, selftests_sha512, run_selftests): New.
270
* des.c (selftest): Remove static variable form selftest.
271
(des_setkey): No on-the-fly self test in fips mode.
272
(tripledes_set3keys): Ditto.
274
* cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv):
276
* dsa.c (generate): Bail out in fips mode if NBITS is less than 1024.
277
* rsa.c (generate): Return an error code if the the requested size
278
is less than 1024 and we are in fpis mode.
279
(_gcry_rsa_generate): Take care of that error code.
281
* ecc.c (generate_curve): In fips mode enable only NIST curves.
283
* cipher.c (_gcry_cipher_selftest): New.
285
* sha512.c (_gcry_digest_extraspec_sha384)
286
(_gcry_digest_extraspec_sha512): New.
287
* sha256.c (_gcry_digest_extraspec_sha224)
288
(_gcry_digest_extraspec_sha256): New.
289
* sha1.c (_gcry_digest_extraspec_sha1): New.
290
* ecc.c (_gcry_pubkey_extraspec_ecdsa): New.
291
* dsa.c (_gcry_pubkey_extraspec_dsa): New.
292
* rsa.c (_gcry_pubkey_extraspec_rsa): New.
293
* rijndael.c (_gcry_cipher_extraspec_aes)
294
(_gcry_cipher_extraspec_aes192, _gcry_cipher_extraspec_aes256): New.
295
* des.c (_gcry_cipher_extraspec_tripledes): New.
297
* cipher.c (gcry_cipher_register): Rename to _gcry_cipher_register.
299
(dummy_extra_spec): New.
300
(cipher_table_entry): Add extraspec field.
301
* md.c (_gcry_md_register): Rename to _gcry_md_register. Add
303
(dummy_extra_spec): New.
304
(digest_table_entry): Add extraspec field.
305
* pubkey.c (gcry_pk_register): Rename to _gcry_pk_register. Add
307
(dummy_extra_spec): New.
308
(pubkey_table_entry): Add extraspec field.
310
* ac.c: Let most public functions return GPG_ERR_UNSUPPORTED in
313
* pubkey.c (pubkey_table_entry): Add field FIPS_ALLOWED and mark
314
appropriate algorithms.
315
(dummy_generate, dummy_check_secret_key, dummy_encrypt)
316
(dummy_decrypt, dummy_sign, dummy_verify, dummy_get_nbits): Signal
317
a fips error when used.
318
(gcry_pk_register): In fips mode do not allow to register new
321
* md.c (digest_table): Add field FIPS_ALLOWED and mark appropriate
323
(md_register_default): In fips mode register only fips algorithms.
324
(gcry_md_register): In fips mode do not allow to register new
326
(gcry_md_get): Signal a fips error if called.
327
(gcry_md_hash_buffer): Do not allow rmd160 when not in fips mode.
328
(md_start_debug): Disable in fips_mode.
330
* md.c (gcry_md_register_default): Rename to ..
331
(md_register_default): .. this.
332
(md_digest): Remove this commented fucntion.
333
* pubkey.c (gcry_pk_register_default): Rename to ..
334
(pk_register_default): .. this.
336
* cipher.c (cipher_table_entry): Add field FIPS_ALLOWED.
337
(gcry_cipher_register_default): Register only fips approved
339
(gcry_cipher_register): Do not allow to register new ciphers.
340
(cipher_setiv): Signal fips error.
342
* cipher (gcry_cipher_register_default): Rename to ..
343
(cipher_register_default): .. this.
344
(REGISTER_DEFAULT_CIPHERS): Adjust for that change.
346
2008-07-05 Werner Koch <wk@g10code.com>
348
* random-daemon.c, random.h, rndhw.c, rndunix.c, rand-internal.h
349
* random.c, rndegd.c, rndlinux.c, rndw32.c: Move to ../cipher.
350
* Makefile.am: Remove random stuff.
352
2008-06-24 Szakats Istvan <szaki.ms@gmail.com> (wk)
354
* ac.c (_gcry_ac_key_destroy, _gcry_ac_key_pair_generate): Relase
1
357
2008-04-22 Werner Koch <wk@g10code.com>
3
359
* rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc)