2022-03-28  Werner Koch  <wk@gnupg.org>

	Release 1.10.1.
	+ commit ae0e567820c37f9640440b3cff77d7c185aa6742


	hash: Add more OIDs.
	+ commit 52fd2305ba8a0c53214016c11fdf03d47761ee8e
	* cipher/sha256.c: Add X9.62 OID.
	* cipher/sha512.c: Ditto.

	tests: Add brainpoolP256r1 to bench-slope.
	+ commit eeddd578120c6c28cf600016aae124223ef99e8b
	* tests/bench-slope.c (ECC_ALGO_BRAINP256R1): New.
	(ecc_algo_fips_allowed): Support this curve.
	(ecc_algo_name): Ditto.
	(ecc_algo_curve): Ditto.
	(ecc_nbits): Ditto.
	(bench_ecc_init): Ditto.

2022-02-22  NIIBE Yutaka  <gniibe@fsij.org>

	fips: Clarify what to be hashed for the integrity check.
	+ commit 9fa4c8946ac5e79c37941c6264ac3d6314d9a3c0
	* src/fips.c (get_file_offset): Compute the maximum offset
	of segments.
	* src/gen-note-integrity.sh: Likewise.

	fips: Fix gen-note-integrity.sh script not to use cmp utility.
	+ commit ad8b67f9e21982c841f31e92d2639f726f7ea4be
	* src/gen-note-integrity.sh: Simplify detecting 32-bit machine
	or 64-bit machine.

	fips: More portable integrity check.
	+ commit dcc6979fd2ed32bb5a5e448e2c9da1158c1d93c2
	* src/Makefile.am (EXTRA_DIST): Change the name of the script.
	(libgcrypt.la.done): Invoce OBJCOPY with --add-section.
	(libgcrypt.so.hmac): Specify ECHO_N.
	* src/fips.c (get_file_offset): Rename from get_file_offsets.
	Find the note section and return the value in HMAC.
	(hmac256_check): Simplify by HMAC from the note section, not loaded.
	(check_binary_integrity): Use dladdr instead of dladdr1.
	* src/gen-note-integrity.sh: Rename from genhmac.sh.
	Generate ElfN_Nhdr, and then the hmac.

	fips: Integrity check improvement, with only loadable segments.
	+ commit 974f4c7e698b0c1ffe3de82bad9b3f8813d1f42b
	* configure.ac (READELF): Check the tool.
	* src/Makefile.am (libgcrypt.so.hmac): Use genhmac.sh with hmac256.
	* src/fips.c (get_file_offsets): Rename from get_file_offset.
	Determine the OFFSET2 at the end of loadable segments, too.
	Add fixup of the ELF header to exclude section information.
	(hmac256_check): Finish scanning at the end of loadble segments.
	* src/genhmac.sh: New.

2022-02-22  Clemens Lang  <cllang@redhat.com>

	fips: Use ELF header to find hmac file offset.
	+ commit 4ed49a917212507de8679aaf08504922a95cf6ef
	* src/fips.c [ENABLE_HMAC_BINARY_CHECK] (hmac256_check): Use ELF headers
	  to locate the file offset for the HMAC in addition to information from
	  the loader

2022-02-21  NIIBE Yutaka  <gniibe@fsij.org>

	Silence compiler warnings for possible alignment problem.
	+ commit 64fef214025949a1b0a76355b99c85594caea4ca
	* cipher/kdf.c (_gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
	Fix the cast.

2022-02-18  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix m4/gpg-error.m4.
	+ commit b5b7b8c5c76838350f1857a40c428c9092f9da8e
	* m4/gpg-error.m4: Unset GPGRT_CONFIG when it doesn't work well.

2022-02-14  Clemens Lang via Gcrypt-devel  <gcrypt-devel@lists.gnupg.org>

	hmac: Fix memory leak.
	+ commit 2bdc6614c866b0197f534e5cf3ec35d9f024facd
	* src/hmac.c: Release HMAC256 context

	fips: Fix memory leaks in FIPS mode.
	+ commit a60f8e43dd1b02adf7d1fd54c2e1d27564dd12c1
	* cipher/pubkey.c (_gcry_pk_sign_md): Fix memory leak in FIPS mode when
	  used with SHA1
	* tests/basic.c (check_one_cipher_core): Add missing free in error code
	  triggered in FIPS mode
	* tests/dsa-rfc6979.c (check_dsa_rfc6979): Likewise
	* tests/pubkey.c (check_x931_derived_key): Likewise

2022-02-14  NIIBE Yutaka  <gniibe@fsij.org>

	kdf: Use u64.
	+ commit 6683007d696dfe64640dc741c4332784ec246388
	* cipher/kdf.c (rotr64): We use u64 in libgcrypt.

2022-02-04  Heiko Becker  <heirecka@exherbo.org>

	jitterentropy: Include <fcntl.h> and <limits.h>
	+ commit ffaef0be613121d3ee37867d82932a7a30c2bc6d
	* random/jitterentropy-base-user.h: Include <fcntl.h> for O_RDONLY
	* random/jitterentropy-base-user.h: Include <limits.h> for LONG_MAX

2022-02-01  Werner Koch  <wk@gnupg.org>

	Release 1.10.0.
	+ commit e4ab2147f3e236f7be95f9709ce09193b2ca5c1a


2022-01-31  Werner Koch  <wk@gnupg.org>

	rsa: Fix regression in not returning an error for prime generation.
	+ commit 217bf0a0e7be4a216a405a4bfb719e0fd437c2a3
	* cipher/rsa.c (generate_fips):  Set the default EC again.

2022-01-31  Jakub Jelen  <jjelen@redhat.com>

	cipher: Initialize values not to confuse static analyzers.
	+ commit cb9df21fcbb05d9650df7b45671d335eefad405b
	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Initialize integer values
	  not to confuse static analyzers.
	  (_gcry_ecc_eddsa_verify): Ditto.

	fips: Remove unused assignment.
	+ commit d2003618e6bf733f0c913f5c8961779f8e4dc05c
	* src/fips.c (hmac256_check): Remove unused assignment.

	cipher: Remove dead code in for the siv mode.
	+ commit 0f38e6a877f19db303672ca899b36333fb84c8fa
	* cipher/cipher-siv.c (_gcry_cipher_siv_setkey): Remove dead code

	random: Avoid dereference of the ec before checking for NULL.
	+ commit 904e168bdb2ac4cbfe32db86a6cd11ab462340ad
	* random/jitterentropy-noise.c (jent_memaccess): Move check before
	  dereferencing the pointer.

2022-01-31  NIIBE Yutaka  <gniibe@fsij.org>

	kdf: Fix computation by big-endian machine.
	+ commit 77512c510bf744b341d3173e65e22b9dd0b5df03
	* cipher/kdf.c (beswap64_block): New.
	(argon2_fill_first_blocks): Convert to native endian.
	(pseudo_random_generate): Run in native endian.
	(argon2_compute_segment): Run in native endian.
	(argon2_final): Convert from native endian.

	ciper/blake2: Make sure to clean up the stack.
	+ commit 7dc488ae036addd69878681a4eab6d25e9d99c8e
	* cipher/blake2.c (blake2b_vl_hash): Wipe the memory.

2022-01-28  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	kdf: handle errors from thread dispatch/wait functions.
	+ commit 54369c66bedd20d6846ed8fab678082ec8eecf5d
	* cipher/kdf.c (argon2_compute): Handle failed job dispatch/wait.
	* tests/t-kdf.c (pthread_jobs_launch_job)
	(wait_all_jobs_completion): Handle errors returned from pthread functions.

	kdf/argon2: use BLAKE2b hash_buffers function instead of _gcry_md_*
	+ commit 409f69167983deacee6d6c85c80a4be0e4b5d7c1
	* cipher/kdf.c (argon2_fill_first_blocks): Convert to use iov
	hash_buffers API instead of _gcry_md_*.

	Rename KDF job functions and function types.
	+ commit c5aead8aebc7dfb699597eb6adf334bd2edbc374
	* src/gcrypt.h.in (gcry_kdf_job_fn_t): New.
	(gcry_kdf_dispatch_job_fn_t): Renamed from 'gcry_kdf_lauch_job_t'; Use
	'gcry_kdf_job_fn_t' for function pointer parameter.
	(gcry_kdf_wait_all_jobs_fn_t): Renamed from
	'gcry_kdf_wait_all_jobs_completion_t'.
	(gcry_kdf_thread_ops_t): Rename functions to 'dispatch_job' and
	'wait_all_jobs'.
	* cipher/kdf.c (argon2_compute): Change to use 'dispatch_job' and
	'wait_all_jobs'.
	* tests/t-kdf.c (job_thread_param, pthread_jobs_launch_job): Use
	'gcry_kdf_job_fn_t' type for 'job'.

	tests/t-kdf: few changes to pthread example and fix win32/win64 builds.
	+ commit 03a0eedefe3e8b979aee6fb9800fe8e794f50089
	* src/gcrypt.h.in (gcry_kdf_thread_ops_t): New based on
	'struct gcry_kdf_thread_ops'.
	(gcry_kdf_compute): Use 'gcry_kdf_thread_ops_t' instead of
	'struct gcry_kdf_thread_ops'.
	* tests/Makefile.am: Define 't_kdf_LDADD' and 't_kdf_CFLAGS' on
	win32/win64 target too.
	* tests/t-kdf.c (pthread_jobs_launch_job): Set 'oldest_thread_idx' on
	first thread creation.
	(wait_all_jobs_completion): Reset 'oldest_thread_idx' to -1.
	(my_kdf_derive): Merge HAVE_PTHREAD ifdefs; Initialize 'oldest_thread_idx'
	to -1.

2022-01-28  NIIBE Yutaka  <gniibe@fsij.org>
	    Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	kdf: Change new KDF API.
	+ commit 254fb14044cfce87b619138dec7bb78a2534d1b3
	* cipher/kdf.c (argon2_ctl): Remove.
	(argon2_iterator): Remove.
	(argon2_compute_segment): Change the API.
	(argon2_compute): New.
	(argon2_open): No optional N_THERADS any more.
	(_gcry_kdf_ctl): Remove.
	(_gcry_kdf_iterator, _gcry_kdf_compute_segment): Remove.
	(_gcry_kdf_compute): New.
	* src/gcrypt-int.h: Update declarations.
	* src/gcrypt.h.in: Likewise.
	* src/libgcrypt.def: Update.
	* src/libgcrypt.vers: Update.
	* src/visibility.c: Update.
	* src/visibility.h: Update.
	* tests/t-kdf.c (check_argon2): Update the test with change of new
	API.

2022-01-28  NIIBE Yutaka  <gniibe@fsij.org>

	kdf: Implement Argon2 KDF using blake2b_vl_hash function.
	+ commit 4cbbd87e2af00c7b3f0236a56f12bd51e9295816
	* cipher/kdf.c (hash): Remove, as it's not possible to implement with
	_gcry_md_* programming interface.
	(xor_block): New.
	(argon2_fill_first_blocks): Rename from argon2_genh0_first_blocks.
	(argon2_init): Don't use ->HD any more.
	(fill_block, pseudo_random_generate, index_alpha): New.
	(argon2_compute_segment): Implement ARGOND, ARGON2I and ARGON2ID.
	(argon2_final): Fix using blake2b_vl_hash.
	(argon2_open): Fix for parameters and the restriction for output length.
	* tests/t-kdf.c (check_argon2): Update test vector for version 0x13.
	(main): Enable the test.

	cipher: Implement variable-length hash function for Argon2.
	+ commit 6467287ba121df9e5965d5a3a7a4f349793d49d2
	* cipher/blake2.c (blake2b_vl_hash): New.

2022-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	kdf: Improve new KDF API.
	+ commit 5d1da2c61981243729365724f14e3d4abacb0e6a
	* cipher/kdf.c (struct argon2_thread_data): Change layout.
	(argon2_iterator): Use struct gcry_kdf_pt_head.
	(argon2_compute_segment): Rename from argon2_compute_row.
	(argon2_open): Handle N_THREAD maximum.
	(_gcry_kdf_iterator): Use struct gcry_kdf_pt_head.
	(_gcry_kdf_compute_segment): Rename from _gcry_kdf_compute_row.
	* src/gcrypt-int.h: Update declarations.
	* src/gcrypt.h.in (struct gcry_kdf_pt_head): Expose the data type.
	* src/libgcrypt.def, src/libgcrypt.vers: Update.
	* src/visibility.c, src/visibility.h: Update.
	* tests/t-kdf.c (start_thread, my_kdf_derive): Follow the change.

	kdf: Improve new KDF API.
	+ commit f21871e241e96148cef3ad4314ad596178cf8967
	* cipher/kdf.c (struct argon2_thread_data): Change layout.
	(argon2_iterator): Use struct gcry_kdf_pt_head.
	(argon2_compute_segment): Rename from argon2_compute_row.
	(argon2_open): Handle N_THREAD maximum.
	(_gcry_kdf_iterator): Use struct gcry_kdf_pt_head.
	(_gcry_kdf_compute_segment): Rename from _gcry_kdf_compute_row.
	* src/gcrypt-int.h: Update declarations.
	* src/gcrypt.h.in (struct gcry_kdf_pt_head): Expose the data type.
	* src/libgcrypt.def, src/libgcrypt.vers: Update.
	* src/visibility.c, src/visibility.h: Update.
	* tests/t-kdf.c (start_thread, my_kdf_derive): Follow the change.

2022-01-25  NIIBE Yutaka  <gniibe@fsij.org>

	random: Include sys/random.h when available.
	+ commit 5e2d792eb8d9e5aaf1b71205f9298286b8145462
	* configure.ac (AC_CHECK_HEADERS): Check sys/random.h.
	* random/rndgetentropy.c [HAVE_SYS_RANDOM_H]: Include it.

	cipher: Add new API for modern KDF function.
	+ commit bafdb90d97b65db541ea917088ca956e6a364f6b
	* cipher/kdf.c (hash, argon2_genh0_first_blocks): New for Argon2.
	(argon2_init, argon2_ctl, argon2_iterator): Likewise.
	(argon2_compute_row, argon2_final, argon2_close): Likewise.
	(argon2_open): Likewise.
	(balloon_open): New for Balloon.
	(_gcry_kdf_open, _gcry_kdf_ctl, _gcry_kdf_iterator): Add new API.
	(_gcry_kdf_compute_row, _gcry_kdf_final, _gcry_kdf_close): Likewise.
	* src/gcrypt-int.h: Add declarations for new API.
	* src/gcrypt.h.in: Likewise.
	(enum gcry_kdf_algos): Add GCRY_KDF_ARGON2 and GCRY_KDF_BALLOON.
	(enum gcry_kdf_subalgo_argon2): Add GCRY_KDF_ARGON2D,
	GCRY_KDF_ARGON2I, and GCRY_KDF_ARGON2ID.
	* src/libgcrypt.def, src/libgcrypt.vers: Update.
	* src/visibility.h: Likewise.
	* src/visibility.c: Add new API.
	* tests/Makefile.am (t_kdf_LDADD, t_kdf_CFLAGS): Enable use of pthread.
	* tests/t-kdf.c (check_argon2): New, not enabled yet.

	Prefer uint64_t for the definition of u64.
	+ commit 3d353782d84b9720262d7b05adfae3aef7ff843b
	* src/types.h (u64): Prefer use of uint64_t with C99 compliant
	compiler.

	tests: Fix variable initialization for tests.
	+ commit 99642f18ccbe45fb4cae55945af49f7884bcaceb
	* tests/t-rsa-15.c (one_test_sexp): Initialize OUT_LEN.
	* tests/t-rsa-pss.c (one_test_sexp): Initialize CTX and OUT_LEN.
	Fix the if condition.

2022-01-25  Jakub Jelen  <jjelen@redhat.com>

	mpi: Add missing header file to the tarball.
	+ commit 08f3e0909f8c4fefc2c020dca206037693282186
	* mpi/Makefile.am: Add missing header file.

	doc: Update more information about FIPS selftests and algorithms.
	+ commit 1f299cb16afdfd0ccc3cd9e9ae65a789be6514f7
	* doc/gcrypt.texi: List implemented GOST curves.
	  Update location of the HMAC selftests and add SHA3 ones.
	  Add information about ECC selftests.
	  Add information about KDF selftests.
	  Update information about additional MAC selftests.
	  Update ifnromation about FIPS allowed algorithms.

2022-01-22  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	tests/t-kdf: fix format string argument type mismatch.
	+ commit e9e723d5e320ff2c67bf9a9841777749a44e54d0
	* tests/t-kdf.c (check_pbkdf2, check_scrypt): Change fprintf format
	for plen from "%ld" to "%u" and cast plen to 'unsigned int'.

	Fix building GCM when GCM_USE_ARM_NEON defined but GCM_USE_ARM_PMULL not
	+ commit a35ac62ee7b5a6e799eb4a89a934da0313fb1158
	* cipher/cipher-gcm.c (setupM): Remove ifdef around 'features'.

2022-01-20  NIIBE Yutaka  <gniibe@fsij.org>

	scrypt: Fix the last step of SCRYPT.
	+ commit 867435cf8847fb80e922eb818fbcfac131863b8c
	* cipher/scrypt.c (_gcry_kdf_scrypt): Single call to PBKDF2.

	fips: Recover test cases for selftest, add skipping in FIPS mode.
	+ commit 535a4d345872aa2cd2ab3a5f9c4411d0a0313328
	* cipher/kdf.c (check_one): Skip a test with shorter passphrase in
	FIPS mode.
	(selftest_pbkdf2): Recover selftest cases.
	* cipher/mac-hmac.c (check_one): Skip a test with shorter key in FIPS
	mode.
	(selftests_sha224, selftests_sha256): Recover selftest cases.
	(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.

2022-01-19  NIIBE Yutaka  <gniibe@fsij.org>

	fips: Reject shorter key for HMAC in FIPS mode.
	+ commit 76aad97dd312e83f2f9b8d086553f2b72ab6546f
	* cipher/md.c (prepare_macpads): Reject < 112-bit key.
	* cipher/kdf.c (selftest_pbkdf2): Remove selftest cases with shorter
	key.
	* cipher/mac-hmac.c (selftests_sha224, selftests_sha256): Likewise.
	(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.
	* tests/basic.c (check_one_hmac) Handle an error when shorter key
	is rejected.
	(check_one_mac): Likewise.
	* tests/t-kdf.c (check_pbkdf2, check_scrypt): Likewise.

2022-01-18  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix .m4 files in distribution.
	+ commit 6f225308d3e59f8749403ad743d8e6c591142f8f
	* m4/Makefile.am (EXTRA_DIST): Remove sys_socket_h.m4.

2022-01-17  NIIBE Yutaka  <gniibe@fsij.org>

	fips: Remove GCRYCTL_FIPS_SERVICE_INDICATOR and renumber the enum.
	+ commit d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f
	* src/gcrypt.h.in (enum gcry_ctl_cmds): Remove
	GCRYCTL_FIPS_SERVICE_INDICATOR.
	* src/fips.c (_gcry_fips_indicator_cipher): Use gcry_kdf_algos.
	* tests/basic.c: Use GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER.

2022-01-17  Jakub Jelen  <jjelen@redhat.com>

	Update documentation related to FIPS.
	+ commit e023e10ee89baf5d5909de4d8c13ba6dfbc8ed99
	* cipher/rsa.c (selftest_encr_2048): Fix error message
	* doc/gcrypt.texi: Add missing hwfeatures
	  Add description of the service indicator API
	  Fix typo in tampered word
	  Add some missing curves
	  Remove algoriths no longer used in FIPS mode and update claims given

	fips: Add support for KDF FIPS indicators.
	+ commit 8611c9f276ad0f51fcdd4da0481108880104338f
	* src/fips.c (_gcry_fips_indicator): rename to
	  _gcry_fips_indicator_cipher().
	  (_gcry_fips_indicator_kdf): New function.
	* src/g10lib.h: Rename _gcry_fips_indicator to
	  _gcry_fips_indicator_cipher() and add _gcry_fips_indicator_kdf()
	* src/gcrypt.h.in (enum gcry_ctl_cmds): Add
	  GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER and
	  GCRYCTL_FIPS_SERVICE_INDICATOR_KDF.
	* src/global.c (_gcry_vcontrol): Implement support for KDF FIPS
	  Indicator separate from the cipher one.

2022-01-11  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rijndael-aesni: small optimization for cbc-enc and cfb-enc.
	+ commit dfd53c7eddf0beaf9e85daaed92c0bd756112470
	* cipher/rijndael-aesni.c (_gcry_aes_aesni_cfb_enc)
	(_gcry_aes_aesni_cbc_enc): Copy contents of 'do_aesni_enc' here and
	merge input/output and first/last round key xoring to shorten critical
	path.

	mpi/amd64: remove extra 'ret' from assembly functions.
	+ commit 0c0f27a89205842b5ef8e56a9726074f6b738f73
	* mpi/amd64/mpih-add1.S: Remove 'ret' as it is already included by
	FUNC_EXIT macro.
	* mpi/amd64/mpih-lshift.S: Likewise.
	* mpi/amd64/mpih-mul1.S: Likewise.
	* mpi/amd64/mpih-mul2.S: Likewise.
	* mpi/amd64/mpih-mul3.S: Likewise.
	* mpi/amd64/mpih-rshift.S: Likewise.
	* mpi/amd64/mpih-sub1.S: Likewise.

	mpi/config.links: merge i586 targets with rest i*86 targets.
	+ commit 9bbb6c2c5d03c19b7f4356628a76eb8bde3ab026
	* mpi/config.links: Merge i586 targets with rest i[3467]86 targets.

	mpi: remove unused i586 and pentium4 assembly.
	+ commit 2800de892585c405099039d6f9dc346c3a71c16e
	* mpi/config.links: Remove 'i586' from paths.
	* mpi/i586*: Remove.
	* mpi/pentium4/*: Remove.

	Add straight-line speculation hardening for aarch64 assembly.
	+ commit 34bcc102158a651781f4e7639e2654068a39db6d
	* cipher/asm-common-aarch64.h (ret_spec_stop): New.
	* cipher/asm-poly1305-aarch64.h: Use 'ret_spec_stop' for 'ret'
	instruction.
	* cipher/camellia-aarch64.S: Likewise.
	* cipher/chacha20-aarch64.S: Likewise.
	* cipher/cipher-gcm-armv8-aarch64-ce.S: Likewise.
	* cipher/crc-armv8-aarch64-ce.S: Likewise.
	* cipher/rijndael-aarch64.S: Likewise.
	* cipher/rijndael-armv8-aarch64-ce.S: Likewise.
	* cipher/sha1-armv8-aarch64-ce.S: Likewise.
	* cipher/sha256-armv8-aarch64-ce.S: Likewise.
	* cipher/sm3-aarch64.S: Likewise.
	* cipher/twofish-aarch64.S: Likewise.
	* mpi/aarch64/mpih-add1.S: Likewise.
	* mpi/aarch64/mpih-mul1.S: Likewise.
	* mpi/aarch64/mpih-mul2.S: Likewise.
	* mpi/aarch64/mpih-mul3.S: Likewise.
	* mpi/aarch64/mpih-sub1.S: Likewise.

	Add straight-line speculation hardening for amd64 and i386 assembly.
	+ commit 11ade08efbfbc36dbf3571f1026946269950bc40
	* cipher/asm-common-amd64.h (ret_spec_stop): New.
	* cipher/arcfour-amd64.S: Use 'ret_spec_stop' for 'ret' instruction.
	* cipher/blake2b-amd64-avx2.S: Likewise.
	* cipher/blake2s-amd64-avx.S: Likewise.
	* cipher/blowfish-amd64.S: Likewise.
	* cipher/camellia-aesni-avx-amd64.S: Likewise.
	* cipher/camellia-aesni-avx2-amd64.h: Likewise.
	* cipher/cast5-amd64.S: Likewise.
	* cipher/chacha20-amd64-avx2.S: Likewise.
	* cipher/chacha20-amd64-ssse3.S: Likewise.
	* cipher/des-amd64.S: Likewise.
	* cipher/rijndael-aarch64.S: Likewise.
	* cipher/rijndael-amd64.S: Likewise.
	* cipher/rijndael-ssse3-amd64-asm.S: Likewise.
	* cipher/rijndael-vaes-avx2-amd64.S: Likewise.
	* cipher/salsa20-amd64.S: Likewise.
	* cipher/serpent-avx2-amd64.S: Likewise.
	* cipher/serpent-sse2-amd64.S: Likewise.
	* cipher/sha1-avx-amd64.S: Likewise.
	* cipher/sha1-avx-bmi2-amd64.S: Likewise.
	* cipher/sha1-avx2-bmi2-amd64.S: Likewise.
	* cipher/sha1-ssse3-amd64.S: Likewise.
	* cipher/sha256-avx-amd64.S: Likewise.
	* cipher/sha256-avx2-bmi2-amd64.S: Likewise.
	* cipher/sha256-ssse3-amd64.S: Likewise.
	* cipher/sha512-avx-amd64.S: Likewise.
	* cipher/sha512-avx2-bmi2-amd64.S: Likewise.
	* cipher/sha512-ssse3-amd64.S: Likewise.
	* cipher/sm3-avx-bmi2-amd64.S: Likewise.
	* cipher/sm4-aesni-avx-amd64.S: Likewise.
	* cipher/sm4-aesni-avx2-amd64.S: Likewise.
	* cipher/twofish-amd64.S: Likewise.
	* cipher/twofish-avx2-amd64.S: Likewise.
	* cipher/whirlpool-sse2-amd64.S: Likewise.
	* mpi/amd64/func_abi.h (CFI_*): Remove, include from "asm-common-amd64.h"
	instead.
	(FUNC_EXIT): Use 'ret_spec_stop' for 'ret' instruction.
	* mpi/asm-common-amd64.h: New.
	* mpi/i386/mpih-add1.S: Use 'ret_spec_stop' for 'ret' instruction.
	* mpi/i386/mpih-lshift.S: Likewise.
	* mpi/i386/mpih-mul1.S: Likewise.
	* mpi/i386/mpih-mul2.S: Likewise.
	* mpi/i386/mpih-mul3.S: Likewise.
	* mpi/i386/mpih-rshift.S: Likewise.
	* mpi/i386/mpih-sub1.S: Likewise.
	* mpi/i386/syntax.h (ret_spec_stop): New.

	Optimizations for AES aarch64-ce assembly implementation.
	+ commit ff2a647d36677f6ad9edbe992a6c0ab0f7cf9510
	* cipher/rijndael-armv8-aarch64-ce.S (vk14): Remove.
	(vklast, __, _): New.
	(aes_preload_keys): Setup vklast.
	(do_aes_one128/192/256): Split to ...
	(do_aes_one_part1, do_aes_part2_128/192/256): ... these and add
	interleave ops.
	(do_aes_one128/192/256): New using above part1 and part2 macros.
	(aes_round_4): Rename to ...
	(aes_round_4_multikey): ... this and allow different key used for
	parallel blocks.
	(aes_round_4): New using above multikey macro.
	(aes_lastround_4): Reorder AES round and xor instructions, allow
	different last key for parallel blocks.
	(do_aes_4_128/192/256): Split to ...
	(do_aes_4_part1_multikey, do_aes_4_part1)
	(do_aes_4_part2_128/192/256): ... these.
	(do_aes_4_128/192/256): New using above part1 and part2 macros.
	(CLEAR_REG): Use movi for clearing registers.
	(aes_clear_keys): Remove branching and clear all key registers.
	(_gcry_aes_enc_armv8_ce, _gcry_aes_dec_armv8_ce): Adjust to macro
	changes.
	(_gcry_aes_cbc_enc_armv8_ce, _gcry_aes_cbc_dec_armv8_ce)
	(_gcry_aes_cfb_enc_armv8_ce, _gcry_aes_cfb_enc_armv8_ce)
	(_gcry_aes_ctr32le_enc_armv8_ce): Apply entry/loop-body/exit
	optimization for better interleaving of input/output processing;
	First/last round key and input/output xoring optimization to reduce
	critical path length.
	(_gcry_aes_ctr_enc_armv8_ce): Add fast path for counter incrementing
	without byte-swaps when counter does not overflow 8-bit; Apply
	entry/loop-body/exit optimization for better interleaving of
	input/output processing; First/last round key and input/output
	xoring optimization to reduce critical path length.
	(_gcry_aes_ocb_enc_armv8_ce, _gcry_aes_ocb_dec_armv8_ce): Add aligned
	processing for nblk and OCB offsets; Apply entry/loop-body/exit
	optimization for better interleaving of input/output processing;
	First/last round key and input/output xoring optimization to reduce
	critical path length; Change to use same function body macro for
	both encryption and decryption.
	(_gcry_aes_xts_enc_armv8_ce, _gcry_aes_xts_dec_armv8_ce): Apply
	entry/loop-body/exit optimization for better interleaving of
	input/output processing; First/last round key and input/output
	xoring optimization to reduce critical path length; Change to use
	same function body macro for both encryption and decryption.

	Add armv8/pmull accelerated POLYVAL for GCM-SIV.
	+ commit 4e6f1ef5a00e15128e5f2398e2c282d31152d276
	* cipher/cipher-gcm-armv8-aarch32-ce.S
	(_gcry_polyval_armv8_ce_pmull): New.
	* cipher/cipher-gcm-armv8-aarch64-ce.S
	(_gcry_polyval_armv8_ce_pmull): New.
	* cipher/cipher-gcm.c (_gcry_polyval_armv8_ce_pmull)
	(polyval_armv8_ce_pmull): New.
	(setupM) [GCM_USE_ARM_PMULL]: Setup 'polyval_armv8_ce_pmull' as POLYVAL
	function.

	Use 'vmov' and 'movi' for vector register clearing in ARM assembly.
	+ commit 859b6ac7fbdb6ec18d1536e14b9ee83c1add224e
	* cipher/chacha20-aarch64.S (clear): Use 'movi'.
	* cipher/chacha20-armv7-neon.S (clear): Use 'vmov'.
	* cipher/cipher-gcm-armv7-neon.S (clear): Use 'vmov'.
	* cipher/cipher-gcm-armv8-aarch32-ce.S (CLEAR_REG): Use 'vmov'.
	* cipher/cipher-gcm-armv8-aarch64-ce.S (CLEAR_REG): Use 'movi'.
	* cipher/rijndael-armv8-aarch32-ce.S (CLEAR_REG): Use 'vmov'.
	* cipher/sha1-armv7-neon.S (clear): Use 'vmov'.
	* cipher/sha1-armv8-aarch32-ce.S (CLEAR_REG): Use 'vmov'.
	* cipher/sha1-armv8-aarch64-ce.S (CLEAR_REG): Use 'movi'.
	* cipher/sha256-armv8-aarch32-ce.S (CLEAR_REG): Use 'vmov'.
	* cipher/sha256-armv8-aarch64-ce.S (CLEAR_REG): Use 'movi'.
	* cipher/sha512-armv7-neon.S (CLEAR_REG): New using 'vmov'.
	(_gcry_sha512_transform_armv7_neon): Use CLEAR_REG for clearing
	registers.

	Add SM3 ARM/AArch64 assembly implementation.
	+ commit f664333a4749eab03c6b19bae2f28863b8501a24
	* cipher/Makefile.am: Add 'sm3-aarch64.S'.
	* cipher/sm3-aarch64.S: New.
	* cipher/sm3.c (USE_AARCH64_SIMD): New.
	[USE_AARCH64_SIMD] (_gcry_sm3_transform_aarch64)
	(do_sm3_transform_aarch64): New.
	(sm3_init) [USE_AARCH64_SIMD]: New.
	* configure.ac: Add 'sm3-aarch64.lo'.
	* tests/basic.c (main): Add command-line option '--hash' for running
	only hash algorithm tests.

2022-01-11  NIIBE Yutaka  <gniibe@fsij.org>

	random: Rename rndlinux module to rndoldlinux.
	+ commit 560943805a525a6f479b666578b0ff7d51e6f833
	* configure.ac (USE_RNDOLDLINUX): Rename from USE_RNDLINUX.
	(GCRYPT_RANDOM): Use rndoldlinux.lo.
	* doc/gcrypt.texi: Update.
	* random/Makefile.am (EXTRA_librandom_la_SOURCES): Update.
	* random/rndoldlinux.c: Rename from rndlinux.c.  Rename the function.
	* random/rand-internal.h: Update the function name.
	* random/random-csprng.c: Update the calls to the function.
	* random/random-drbg.c: Likewise.
	* random/random-system.c: Likewise.
	* src/global.c: Use USE_RNDOLDLINUX.

2022-01-11  Jakub Jelen  <jjelen@redhat.com>

	configure: Fix help text for the fips module version.
	+ commit 83e58191d3d960b3efda960dd6fe50e8f0b02bda
	* configure.ac: Fix unmatched parenthesis and add more verbose
	  description of the --with-fips-module-version configure option.

2022-01-11  NIIBE Yutaka  <gniibe@fsij.org>

	fips: Provide a mechanizm to put libgcrypt in non-FIPS mode.
	+ commit 2a8b3fed1a80e74dfb12c03e426373a300407eda
	* doc/gcrypt.texi (Disabling FIPS mode): Add.
	* src/gcrypt.h.in (GCRYCTL_NO_FIPS_MODE): New.
	* src/global.c (_gcry_vcontrol): Support GCRYCTL_NO_FIPS_MODE.
	* tests/t-ed25519.c: Add --no-fips option to test non-FIPS mode.

	cipher: Keep original behavior of Key Unwrap when not extended.
	+ commit 383866f014f2ae8487d15e3fd99fe688b489d364
	* cipher/cipher-aeswrap.c (_gcry_cipher_keywrap_decrypt_auto): Only
	allow unwrapping by KWP when GCRY_CIPHER_EXTENDED is specified.

2022-01-05  NIIBE Yutaka  <gniibe@fsij.org>

	cipher: Add an API to retrieve unwrapped key length for KWP.
	+ commit 746b8e29969be56e086191dbe93978f7e0355aa0
	* cipher/cipher-aeswrap.c (_gcry_cipher_keywrap_decrypt)
	(_gcry_cipher_keywrap_decrypt_padding): Merged into...
	(_gcry_cipher_keywrap_decrypt_auto): ... this.
	Write length information to struct gcry_cipher_handle.
	* cipher/cipher-internal.h (struct gcry_cipher_handle): Add
	u_mode.wrap.
	* cipher/cipher.c (_gcry_cipher_setup_mode_ops): Use
	_gcry_cipher_keywrap_decrypt_auto.
	(_gcry_cipher_info): Support GCRYCTL_GET_KEYLEN for
	GCRY_CIPHER_MODE_AESWRAP.  Not that it's not length of KEK,
	but length of unwrapped key.
	* tests/aeswrap.c (check_one_with_padding): Add check
	for length of unwrapped key.

2022-01-04  NIIBE Yutaka  <gniibe@fsij.org>

	cipher: Use const for *_spec_t, if possible.
	+ commit f9ba07942b10c72af50bd73c92c4851b6981546e
	* cipher/blake2.c: Use const.
	* cipher/camellia-glue.c, cipher/cipher.c, cipher/crc.c: Likewise.
	* cipher/des.c, cipher/gost28147.c, cipher/gostr3411-94.c: Likewise.
	* cipher/keccak.c, cipher/mac-cmac.c, cipher/mac-gmac.c: Likewise.
	* cipher/mac-hmac.c, cipher/mac-internal.h: Likewise.
	* cipher/mac-poly1305.c, cipher/mac.c, cipher/md.c: Likewise.
	* cipher/md.c, cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
	* cipher/pubkey.c, cipher/rfc2268.c, cipher/rijndael.c: Likewise.
	* cipher/rmd160.c, cipher/seed.c, cipher/serpent.c: Likewise.
	* cipher/sha1.c, cipher/sha256.c, cipher/sha512.c: Likewise.
	* cipher/sm3.c, cipher/sm4.c, cipher/stribog.c: Likewise.
	* cipher/pubkey.c, cipher/rfc2268.c, cipher/rijndael.c: Likewise.
	* src/cipher-proto.h, src/cipher.h: Likewise.

	fips: Use flags.fips to check algo availability.
	+ commit 034e4402dade7a4bcc239913b78c702c5c6f0dbb
	* cipher/cipher.c (check_cipher_algo): Check ->flags.fips.
	(_gcry_cipher_open_internal, _gcry_cipher_selftest): Likewise.
	(_gcry_cipher_init): Don't modify ->flags.disabled.
	* cipher/mac.c (_gcry_mac_init): Don't modify ->flags.disabled.
	(check_mac_algo): Check ->flags.fips.
	(mac_open, _gcry_mac_selftest): Likewise.
	* cipher/md.c (check_digest_algo): Check ->flags.fips.
	(md_enable, _gcry_md_hash_buffer): Likewise.
	(_gcry_md_hash_buffers_extract, _gcry_md_selftest): Likewise.
	(_gcry_md_init): Don't modify ->flags.disabled.

	doc: Update doc/gcrypt.texi for random/.
	+ commit 11ef7b50a708b92d94e1e1f47433fc53b3fd2cf3
	* doc/gcrypt.texi: Address rndgetentropy module.  Remove X9.31 RPNG
	documentation, as the implementation has been removed already.

2022-01-03  NIIBE Yutaka  <gniibe@fsij.org>

	cipher: Add support of Key wrap with padding (KWP).
	+ commit 2914f169f95467b9c789000105773b38ad2dea5a
	* src/gcrypt.h.in (GCRY_CIPHER_EXTENDED): New enum value.
	* cipher/cipher-aeswrap.c (wrap): New.
	(_gcry_cipher_keywrap_encrypt, unwrap): Use wrap.
	(_gcry_cipher_keywrap_encrypt_padding): New.
	(_gcry_cipher_keywrap_decrypt): Use unwrap.
	(_gcry_cipher_keywrap_decrypt_padding): New.
	* cipher/cipher-internal.h: Add declarations.
	* cipher/cipher.c (_gcry_cipher_open_internal): Support
	GCRY_CIPHER_EXTENDED.
	(_gcry_cipher_setup_mode_ops): Extend for GCRY_CIPHER_MODE_AESWRAP.
	* tests/aeswrap.c: Add two tests from RFC5649.

2021-12-22  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update for newer autoconf.
	+ commit 3204c3827e9840915af2b6cbf603f3cf51664568
	* configure.ac (AC_PREREQ): Require >= 2.69.
	(AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER.
	(AC_HEADER_STDC): Remove.
	* m4/sys_socket_h.m4: Remove.

2021-12-21  Danny Tsen  <dtsen@us.ibm.com>

	AES-GCM: Bulk implementation of AES-GCM acceleration for ppc64le.
	+ commit 7205c715b3e0f6fd0b853e8916d174048f43c03b
	* configure.ac: Added p10 assembly implementation file and assiciated file.
	* cipher/Makefile.am: Added p10 assembly implementation file and associated
	file.
	* cipher/rijndael.c: Added p10 function.
	* cipher/rijndael-p10le.c: New wrapper file for AES-GCM call.
	* cipher/rijndael-gcm-p10le.s: New implementation of AES-GCM bulk function in
	Power Assembly.
	* src/g10lib.h: Added Power arch 3.1 definition for p10.
	* src/hwf-ppc.c: Added Power arch 3.1 definition for p10.
	* src/hwfeatures.c: Added Power arch 3.1 definition for p10.

2021-12-21  Tianjia Zhang  <tianjia.zhang@linux.alibaba.com>

	cipher: Fix SM3 avx/bmi2 compilation error.
	+ commit 3b9f746c2fb16234dffe0582059dfe36b2c21bf8
	* cipher/sm3-avx-bmi2-amd64.S: Change K0-K63 macros to signed decimal.

2021-12-17  NIIBE Yutaka  <gniibe@fsij.org>

	random: Keep --enable-random-daemon, but not its use from runtime.
	+ commit 27d945084f6926d0ebe8066fb60db785f3a8fb57
	* configure.ac (--enable-random-daemon): Don't define
	USE_RANDOM_DAEMON, but use the conditional ENABLE_RANDOM_DAEMON.
	* src/Makefile.am: Use the conditional ENABLE_RANDOM_DAEMON.

	random: Remove random-daemon use remained.
	+ commit 14f5d73e2731b83b18e9771eb3068c6dbba6f069
	* configure.ac (--enable-random-daemon): Fix the message.
	* random/random-csprng.c [USE_RANDOM_DAEMON] (initialize_basics):
	Remove the dependency to random daemon.
	* random/random.h [USE_RANDOM_DAEMON]: Likewise.

	fips: Add constructor to run selftests.
	+ commit 45974d87753978b953940045280e9f28f951dbe0
	* src/fips.c (_gcry_fips_to_activate): New.
	* src/g10lib.h (_gcry_fips_to_activate): New.
	* src/global.c [ENABLE_HMAC_BINARY_CHECK] (_gcry_global_constructor):
	New.

2021-12-16  NIIBE Yutaka  <gniibe@fsij.org>

	Simplify the logic for no_secure_memory.
	+ commit 209d98dcf66bd7baeca37cd6b13b31c7f00f4625
	* src/global.c (_gcry_vcontrol): Don't set NO_SECURE_MEMORY when
	FIPS mode is enabled.
	(get_no_secure_memory): Remove.  Don't touch NO_SECURE_MEMORY,
	when examining the variable.
	(do_malloc, _gcry_is_secure): Just use NO_SECURE_MEMORY.

2021-12-14  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add SM3 x86-64 AVX/BMI2 assembly implementation.
	+ commit 0c1d55a84c8970b8568ae645f24ce534bebdb5a4
	* cipher/Makefile.am: Add 'sm3-avx-bmi2-amd64.S'.
	* cipher/sm3-avx-bmi2-amd64.S: New.
	* cipher/sm3.c (USE_AVX_BMI2, ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
	(SM3_CONTEXT): Define 'h' as array instead of separate fields 'h1',
	'h2', etc.
	[USE_AVX_BMI2] (_gcry_sm3_transform_amd64_avx_bmi2)
	(do_sm3_transform_amd64_avx_bmi2): New.
	(sm3_init): Select AVX/BMI2 transform function if support by HW; Update
	to use 'hd->h' as array.
	(transform_blk, sm3_final): Update to use 'hd->h' as array.
	* configure.ac: Add 'sm3-avx-bmi2-amd64.lo'.

2021-12-10  Jakub Jelen  <jjelen@redhat.com>

	tests: Include the new input files for tests.
	+ commit 02583e1216bc7e6f9f4219771bb274d1fe4491c8
	* tests/Makefile.am: Include the new .inp files needed for tests

2021-12-09  NIIBE Yutaka  <gniibe@fsij.org>

	tests,fips: Align the use of variable in_fips_mode.
	+ commit 7d8403b59a105d2d3e5d0fd9d5d25b7e3b2d2787
	* tests/pubkey.c (check_run): Fix use of pkey and skey.
	* tests/*.c (in_fips_mode): No initialize by 0.

2021-12-09  Jakub Jelen  <jjelen@redhat.com>

	Adjust tests for proper disablement of non-approve PK operations.
	+ commit 5b82f4b4dbf393d0ce901fc9e0c559c488b013cb
	* cipher/pubkey.c (_gcry_pk_genkey): Do not allow key generation of
	  disabled key types
	* tests/benchmark.c (elg_bench): Skip Elgamal keys benchmark in FIPS
	  mode
	  (dsa_bench): Skip DSA keys benchmarking in FIPS mode
	* tests/dsa-rfc6979.c (check_dsa_rfc6979): DSA keys are no longer
	  allowed in FIPS mode
	* tests/fips186-dsa.c (global): Use global in_fips_mode flag
	  (check_dsa_gen_186_2): Expect DSA keygen fail in FIPS mode
	  (check_dsa_gen_186_3): Ditto.
	  (main): Use global fips mode flag.
	* tests/keygen.c (check_elg_keys): Verify Elgamal keys can not be
	  generated in FIPS mode
	  (check_dsa_keys): Verify DSA keys can not be generated in FIPS mode.
	* tests/pubkey.c (get_elg_key_new): Expect key generation to fail in
	  FIPS mode
	  (get_dsa_key_new): Expect DSA key generation to fail in FIPS mode
	  (get_dsa_key_fips186_new): Ditto.
	  (get_dsa_key_with_domain_new): Ditto.
	  (get_dsa_key_fips186_with_seed_new): Ditto.
	  (check_run): Do not try the Elgamal and DSA key operations in FIPS
	  mode.
	* tests/t-dsa.c (one_test_sexp): Skip the DSA tests in FIPS mode.

2021-12-08  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add tests for gcry_pk_hash_sign/verify API.
	+ commit a0a2b6796f58f9aac0fe49100b1ee4c68f9bdc72
	* tests/Makefile.am (tests_bin): Add t-dsa t-ecdsa t-rsa-pss t-rsa-15.
	* tests/t-dsa.c, tests/t-ecdsa.c: New tests.
	* tests/t-rsa-15.c, tests/t-rsa-pss.c: New tests.
	* tests/t-dsa.inp, tests/t-ecdsa.inp: New data for tests.
	* tests/t-rsa-15.inp, tests/t-rsa-pss.inp: New data for tests.

2021-12-08  Jakub Jelen  <jjelen@redhat.com>

	fips: Disable DSA in FIPS mode.
	+ commit ea362090fc11caa28643153fc6444442243c8765
	* cipher/dsa.c (run_selftests): Disable DSA spec in FIPS mode.
	* src/fips.c (run_pubkey_selftests): Skip DSA power-on selftests.

2021-12-08  NIIBE Yutaka  <gniibe@fsij.org>

	random: Remove random-fips.c from repo.
	+ commit 5521cac32d75f2b94894cd5a94deb2c5d25f43a5
	* random/random-fips.c: Remove.

2021-12-07  Alexander Kanavin  <alex.kanavin@gmail.com>

	build: cipher/Makefile.am, doc/Makefile.am: add a missing space.
	+ commit 05472c1882df2fb84b867c0bdbbff510065785ba
	* cipher/Makefile.am: Add a space.
	* doc/Makefile.am: Ditto.

2021-12-07  NIIBE Yutaka  <gniibe@fsij.org>

	md: Fix disabled check.
	+ commit 8ca3fe07d03e9329ee97534f40208593cde11bf7
	* cipher/md.c (md_enable): Fix accessing the disabled flag.

2021-12-07  Jakub Jelen  <jjelen@redhat.com>

	Properly enforce disablement in other pubkey API.
	+ commit e96980022e5ec079c9d4e3492eb6a1131c68e0f2
	* cipher/pubkey.c (_gcry_pk_encrypt): Fail if algo is disabled
	  (_gcry_pk_decrypt): Ditto.
	  (_gcry_pk_sign): Ditto.
	  (_gcry_pk_sign_md): Ditto.
	  (_gcry_pk_verify): Ditto.
	  (_gcry_pk_verify_md): Ditto.
	  (_gcry_pk_testkey): Ditto.
	  (_gcry_pk_get_nbits): Ditto.
	  (_gcry_pk_get_curve): Ditto.
	* tests/basic.c (check_pubkey): Test also other API in FIPS mode to
	  verify they fail as expected.

2021-12-07  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add paren for readability.
	+ commit bea8b9672c3c47c9bffb7edc52fb32cf9091c231
	* tests/basic.c (check_pubkey): Add parentheses.

	md: Fix checking to use ->disabled instead of ->fips directly.
	+ commit 3152a565d9a426b6c984e161d1a95a8df347dc15
	* cipher/md.c (md_enable): Check by ->disabled.
	(_gcry_md_hash_buffer, _gcry_md_hash_buffers_extract): Likewise.

	random: Remove use of experimental random daemon.
	+ commit 754ad5815b5bb7462260414f2bc5f449bee0b1c6
	* random/Makefile.am (librandom_la_SOURCES): Remove random-daemon.c.
	* random/random-daemon.c: Remove.
	* random/rand-internal.h: Remove declarations.
	* random/random-csprng.c (_gcry_rngcsprng_set_daemon_socket)
	(_gcry_rngcsprng_use_daemon): Remove.
	[USE_RANDOM_DAEMON] (_gcry_rngcsprng_randomize): Don't call
	_gcry_daemon_randomize.
	* random/random.c (_gcry_set_random_daemon_socket)
	(_gcry_use_random_daemon): Remove.
	* src/global.c (_gcry_vcontrol): Return GPG_ERR_NOT_SUPPORTED.
	* tests/benchmark.c (main): Remove support of use_random_daemon.

2021-12-06  NIIBE Yutaka  <gniibe@fsij.org>

	random: Release memory in DRBG.
	+ commit 751fcadd34ed42b2e595664e9ec3f88fd074d7b7
	* random/random-drbg.c (_gcry_rngdrbg_close_fds): Release DRBG_STATE.

	fips: Factor out check_fips_system_setting function.
	+ commit 5425052f38cd41a99469e4c3245a1c3e037410fe
	* src/fips.c (check_fips_system_setting): New.
	(_gcry_initialize_fips_mode): Use the new function.

	cipher,tests: Consitent use of #if/#endif for algo selection.
	+ commit b14aaf1a2dc71560e1f7c19ac88a7b16cc491f25
	* cipher/cipher.c: Use #if instead of #ifdef for algo.
	* cipher/mac-cmac.c: Likewise.
	* cipher/mac-hmac.c: Likewise.
	* cipher/mac-internal.h: Likewise.
	* cipher/mac.c: Likewise.
	* tests/basic.c: Likewise.

2021-12-06  Jakub Jelen  <jjelen@redhat.com>

	tests: Conditionalize other algorithms that might not be built-in.
	+ commit 57b61b0f4f1be7513ed064a90321849bb9f47f29
	* tests/basic.c (check_cbc_mac_cipher): Do not run DES tests without DES
	  being built-in.
	  (check_ecb_cipher): Do not run blowfish and DES tests without them
	  being built-in
	  (check_cfb_cipher): Do not run DES tests without DES being built-in.
	  (check_ccm_cipher): Do not run camellia tests without it being
	  built-in.
	  (check_ocb_cipher): Do not run Camellia, Twofish and Serpent tests
	  without them being built-in.
	  (check_digests): Do not run SM3 tests without them being built-in.
	  (check_digests): Do not run DES, Camellia and GOST tests without them
	  being built-in.

	tests: Unbreak tests with SM4 disabled.
	+ commit b601ef4dc9f9a337e3019fc5ad3c7b31fcdc43f3
	* tests/basic.c (check_ecb_cipher): Do not run SM4 tests when SM4 is not
	  built.
	  (check_ctr_cipher): Ditto.
	  (check_cfb_cipher): Ditto.
	  (check_ofb_cipher): Ditto.
	  (check_ocb_cipher): Ditto.

2021-12-03  NIIBE Yutaka  <gniibe@fsij.org>
	    Jakub Jelen  <jjelen@redhat.com>

	rsa: Allow e=0 to select 65537 for keygeneration under X931.
	+ commit e4a450d1d966cf19cc5ba4d772254be08782e463
	* cipher/rsa.c (generate_x931): Use e=65537.

2021-12-03  Jakub Jelen  <jjelen@redhat.com>

	random: Add missing header file to the release tarball.
	+ commit 78ce1f9e0afe296eab916f1b547f967166f80e10
	* random/Makefile.am: Add missing header file.

2021-12-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	gcry_mpi_sub_ui: fix subtracting from negative value.
	+ commit d5bf106468e6c6b0f33b193abf04590e4e9fc011
	* mpi/mpi-add.c (_gcry_mpi_sub_ui): Set output sign bit when 'u'
	is negative.
	* tests/mpitests.c (test_add): Additional tests for mpi_add_ui; Check
	test output and fail if output does not match expected.
	(test_sub): Additional tests for mpi_sub_ui; Check test output and fail
	if output does not match expected.
	(test_mul): Additional tests for mpi_mul_ui; Check test output and fail
	if output does not match expected.

2021-12-01  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Fix basic.c to show useful information on error.
	+ commit bff9ed54285b9a332382589d89e317da987b5b38
	* tests/basic.c (check_ctr_cipher): Assign return value to ERR.
	(check_siv_cipher, check_ccm_cipher): Likewise.

2021-12-01  Jakub Jelen  <jjelen@redhat.com>

	tests: Improve error checking in regards to FIPS.
	+ commit c8d2b0069e3cc97138c4e09224a84bb6ccf1b6b5
	* tests/basic.c (check_cbc_mac_cipher): Improve verbose alignment
	  (check_ecb_cipher): Improve verbose message alignment.
	  (check_ctr_cipher): Improve verbose message alignment.
	  (check_cfb_cipher): Improve verbose message alignment and error
	  reporting.
	  (check_ofb_cipher): Improve verbose message alignment and error
	  reporting.
	  (_check_gcm_cipher): Improve error checking.
	  (_check_eax_cipher): Improve error checking.
	  (check_siv_cipher): Improve error checking.
	  (check_gcm_siv_cipher): Improve error checking and indentation.
	  (_check_poly1305_cipher): Improve verbose message alignment.
	  (check_ccm_cipher): Improve verbose message alignment.
	  (do_check_ocb_cipher): Improve error checking.
	  (check_ocb_cipher_largebuf_split): Improve error checking.
	  (check_ocb_cipher_checksum): Improve error checking.
	  (check_ocb_cipher_splitaad): Improve error checking.
	  (check_gost28147_cipher_basic): Improve verbose message alignment.
	  (check_stream_cipher): Improve verbose message alignment.
	  (check_one_cipher_core): Improve error checking.
	  (check_ciphers): Improve error checking.
	  (check_pubkey): Check explicitly the for failure in FIPS mode.

	Disable 3DES in FIPS mode.
	+ commit 23a58b779e31e6244a481c26096d1ad061eb024c
	* cipher/des.c (_gcry_cipher_spec_tripledes): Mark as non-FIPS
	* cipher/mac-cmac.c ( _gcry_mac_type_spec_cmac_tripledes): Mark non-FIPS
	* src/fips.c (run_cipher_selftests): skip 3DES selftests)
	  (run_mac_selftests): skip CMAC_3DES selftests
	* tests/basic.c (check_cfb_cipher): Do not expect the 3DES working in
	  FIPS mode

