2025-08-04  Werner Koch  <wk@gnupg.org>

	Release 1.11.2.
	+ commit 737cc63600146f196738a6768679eb016cf866e9


2025-07-31  NIIBE Yutaka  <gniibe@fsij.org>

	Mark nonstring use cases with __nonstring__ attribute.
	+ commit db55dfb74e64520a4a1c67ecb67d4a3f31979087
	* src/gcrypt.h.in (_GCRY_GCC_ATTR_NONSTRING): New.
	* cipher/chacha20.c (chacha20_keysetup): Use _GCRY_GCC_ATTR_NONSTRING.
	* cipher/cipher-gcm-siv.c (gcm_siv_selftest): Likewise.
	* cipher/ecc.c (compute_keygrip): Likewise.
	* cipher/serpent.c (serpent_test): Likewise.
	* tests/basic.c (check_aes128_cbc_cts_cipher): Likewise.
	(_check_gcm_cipher, check_gcm_siv_cipher): Likewise.
	(check_ocb_cipher_largebuf_split, check_ocb_cipher_checksum): Likewise.
	* tests/keygrip.c (key_grips): Likewise.

2025-07-31  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	poly1305-p10le: use '.rodata' section for read-only data.
	+ commit c720dd8927a5c3f6b132527276fde2780067653e
	* cipher/poly1305-p10le.s: Change '.data' section to '.rodata'.

	Add missing abiversion tag for PowerPC assembly.
	+ commit 013bcc18676dfe8f3b5a7da1ff9a2de97dfc4979
	* cipher/chacha20-p10le-8x.s: Add abiversion tag.
	* cipher/poly1305-p10le.s: Likewise.
	* configure.ac (gcry_cv_gcc_inline_asm_ppc_altivec)
	(gcry_cv_gcc_inline_asm_ppc_arch_3_00): Likewise.

	Add missing machine tags for PowerPC assembly.
	+ commit 210562de650d14701356633ad7a27809e7250c49
	* cipher/chacha20-p10le-8x.s: Add "any" machine tag.
	* cipher/poly1305-p10le.s: Likewise.
	* configure.ac (gcry_cv_gcc_inline_asm_ppc_altivec)
	(gcry_cv_gcc_inline_asm_ppc_arch_3_00): Likewise.

2025-07-31  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Provide the function prototype of __udiv_qrnnd.
	+ commit aced8fd2323650f4fc85fdedcb8a28bab4792372
	* mpi/longlong.h [__alpha] (__udiv_qrnnd): Add the prototype.
	[__hppa] (__udiv_qrnnd): Likewise.
	[__sparc__] (__udiv_qrnnd): Likewise.

	cipher:ecc: Silence GCC 15 warning.
	+ commit 7ebe90e5553b59f0e5c1421f293f1ca29948ef31
	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): Initialize
	ENC and ENCLEN before use.

2025-07-18  NIIBE Yutaka  <gniibe@fsij.org>

	cipher:rsa: Fix missing initialization in generate_fips.
	+ commit 448693047fac163960f132528cff6a9d5e5444d6
	* cipher/rsa.c (generate_fips): Initialize E, P and Q.

	build: More changes to allow build with no Kyber.
	+ commit d54d834eb43453bd4749df89fa709f6429d4d5d4
	* cipher/Makefile.am (libcipher_la_SOURCES): Move kyber.c and kyber.h
	to ...
	(EXTRA_libcipher_la_SOURCES): ... here.
	* cipher/kem.c: [USE_KYBER]: Only include kyber.h when USE_KYBER.
	(_gcry_kem_genkey, _gcry_kem_encap, _gcry_kem_decap): [USE_KYBER]:
	Enable Kyber when USE_KYBER.
	* tests/keygen.c (check_kem_keys): [USE_KYBER]: Enable Kyber when
	USE_KYBER.

	build: Allow build with no Kyber.
	+ commit acd0b4347002d002bb4f141894e757da6df70c57
	* configure.ac (GCRYPT_PUBKEY_CIPHERS): It's kyber.lo.
	* tests/Makefile.am (tests_bin): [USE_KYBER]: Add t-mlkem only when
	USE_KYBER.
	* tests/t-kem.c: Allow building with no Kyber.

2025-07-17  NIIBE Yutaka  <gniibe@fsij.org>

	cipher:kem: Provide each enum constant as macro.
	+ commit f7e06f8a29fc4c347016fc32f0878ad6a3ffee8e
	src/gcrypt.h.in (GCRY_KEM_CM6688128F, GCRY_KEM_DHKEM25519)
	(GCRY_KEM_DHKEM448, GCRY_KEM_DHKEMP256R1, GCRY_KEM_DHKEMP384R1)
	(GCRY_KEM_DHKEMP521R1, GCRY_KEM_RAW_BP256, GCRY_KEM_RAW_BP384)
	(GCRY_KEM_RAW_BP512, GCRY_KEM_RAW_MLKEM512, GCRY_KEM_RAW_MLKEM768)
	(GCRY_KEM_RAW_MLKEM1024, GCRY_KEM_RAW_P256K1, GCRY_KEM_RAW_P256R1)
	(GCRY_KEM_RAW_P384R1, GCRY_KEM_RAW_P521R1, GCRY_KEM_RAW_X25519)
	(GCRY_KEM_RAW_X448, GCRY_KEM_SNTRUP761): New defines.

	cipher:kem:ecc: Support secp256k1 by KEM API.
	+ commit d9ebc6c4e8b514704defd27f8115e1f6311da19c
	* src/gcrypt.h.in (GCRY_KEM_RAW_P256K1): New.
	* cipher/kem-ecc.c (algo_to_curve, algo_to_seckey_len): Support
	GCRY_KEM_RAW_P256K1.

2025-05-19  Collin Funk via Gcrypt-devel  <gcrypt-devel@gnupg.org>

	Fix missing simd-common-riscv.h in libgcrypt tarball.
	+ commit 62f84bb3040fc138f061032889574f82ce72a0bc
	* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add
	simd-common-riscv.h.

2025-05-15  Collin Funk  <collin.funk1@gmail.com>

	tests: Fix link errors for t-thread-local.
	+ commit a47fb91496554316045a8a62f49b1a45aef25d4c
	On platforms where pthread_create is not in libc t-thread-local fails to
	link.  Issue found on NetBSD 10.0.
	* tests/Makefile.am (t_thread_local_LDADD): Add $(standard_ldadd),
	$(GPG_ERROR_MT_LIBS), and @LDADD_FOR_TESTS_KLUDGE@.
	(t_thread_local_CFLAGS): Add $(GPG_ERROR_MT_CFLAGS).

2025-05-12  Paul Eggert  <eggert@cs.ucla.edu>

	Fix ungrammatical use of "allow to"
	+ commit a1806adc5e7f7149f044c73176fa51b96d384b5b


2025-05-07  Werner Koch  <wk@gnupg.org>

	Release 1.11.1.
	+ commit 81ce5321b1b79bde6dfdc3c164efb40c13cf656b


	Disable new constants in gcrypt.h unless used internally.
	+ commit 4d1a42d082aef66413f3ee822b0afc8b72cd7af5
	* src/gcrypt.h.in: Disable unless _GCRYPT_IN_LIBGCRYPT is defined.

2025-03-14  NIIBE Yutaka  <gniibe@fsij.org>

	Merge commit '4876a1a4' into LIBGCRYPT-1.11-BRANCH.
	+ commit a6267ad91dcdff34e2a7c0fc8fbfcfb90a04be59


	cipher:kyber: No change ABI/API for gcry_kem_genkey.
	+ commit f3bad2deb0246f9f70c0aaae5d210148d9090193
	* src/gcrypt.h.in (gcry_kem_genkey): Revert the change.
	* src/libgcrypt.def (gcry_kem_genkey): Likewise.
	* src/libgcrypt.vers (gcry_kem_genkey): Likewise.
	* src/visibility.c (gcry_kem_genkey): Likewise.
	* src/visibility.h (gcry_kem_genkey): Likewise.

2025-03-13  NIIBE Yutaka  <gniibe@fsij.org>

	doc: Add about GCRYCTL_FIPS_SERVICE_INDICATOR.
	+ commit 636f40cb78587635ef663bfc3430937cf140f245
	* doc/gcrypt.texi (GCRYCTL_FIPS_SERVICE_INDICATOR): Add a description.
	(GCRYCTL_FIPS_REJECT_NON_FIPS): Likewise.

	fips: Fix GCRY_FIPS_FLAG_REJECT_MD.
	+ commit b9eb8f4cb81801d68580627ad2188607a8c5f2ec
	* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_MD): Include SHA1.

2025-03-11  NIIBE Yutaka  <gniibe@fsij.org>
	    Lucas Mulling  <lucas.mulling@suse.com>

	md: Make SHA-1 non-FIPS internally for 1.12 API.
	+ commit 4ee91a94bcdad32aed4364d09e3daf8841fa579f
	* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_MD_SHA1): New.
	* cipher/md.c (check_digest_algo_spec, _gcry_md_open, md_enable)
	(_gcry_md_enable, md_copy): Care about SHA1.
	* cipher/sha1.c (_gcry_digest_spec_sha1): Make SHA1 non-FIPS.
	* tests/t-fips-service-ind.c (check_mac_o_w_r_c): SHA1 is non-FIPS.
	(check_md_o_w_r_c, check_hash_buffer, check_hash_buffers): Likewise.
	(main): Add GCRY_FIPS_FLAG_REJECT_MD_SHA1 for gcry_control.

2025-03-06  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Use const-time modular exponentiation on 64-bit arch.
	+ commit 71d17c0b4c01728aec2b587a85a60354ba67f354
	* mpi/mpi-pow.c (USE_ALGORITHM_LLI_EXPONENTIATION): Enable on 64-bit.
	* src/global.c (print_config): Fix to "mpi-powm".

	cipher,fips: Fix for random-override.
	+ commit ca8bf05e111b41e482a2a4b34cda6bcf5aa1f27e
	* cipher/pubkey-util.c (gcry_pk_util_data_to_mpi): Keep
	the behavior of 1.10.
	* src/visibility.c (gcry_pk_random_override_new): Likewise.
	* tests/t-fips-service-ind.c (main): Use GCRY_FIPS_FLAG_REJECT_PK_FLAGS.

2025-03-06  Lucas Mulling via Gcrypt-devel  <gcrypt-devel@gnupg.org>

	cipher,visibility: Differentiate use of random-override in the SLI.
	+ commit 234eb316b0a04c50e8511a570775ded45060f18b
	* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi,
	_gcry_pk_single_data_push, _gcry_pk_util_free_encoding_ctx):
	Differentiate use of random-override in the SLI.
	* src/visibility.c (gcry_pk_random_override_new):
	Differentiate use explicit random override in the SLI.

2025-03-06  NIIBE Yutaka  <gniibe@fsij.org>

	cipher,ecc: Fix for supplied K.
	+ commit 755e6dce727915249cbb1a98f22832d940b99c24
	* cipher/ecc.c (ecc_sign): Check if it's under FIPS mode.
	(ecc_verify): Supplied K does no sense for verification, but add
	comment of clarification mark/reject-ing under FIPS mode.

	fips,cipher: Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS.
	+ commit 0414e126b939f0b11ecf441908d923e87c1caf02
	* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_PK_FLAGS): New.
	* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Keep the
	behavior of 1.10.
	* cipher/rsa.c (rsa_decrypt, rsa_sign): Likewise.

2025-03-05  Lucas Mulling via Gcrypt-devel  <gcrypt-devel@gnupg.org>

	cipher: Differentiate no-blinding flag in the SLI.
	+ commit cc0a40bd74120dc06fd80f163b30abb91f60b63b
	* cipher/rsa.c (rsa_decrypt, rsa_encrypt): Differentiate use of flag
	no-blinding in the service level indicator.

	cipher: Differentiate igninvflag in the SLI.
	+ commit 3bdb59c21b77711cf7d44d692a7a02f5f469033e
	* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Differentiate use
	of igninvflag.

2025-03-04  Lucas Mulling via Gcrypt-devel  <gcrypt-devel@gnupg.org>

	cipher: Differentiate use of label K in the SLI.
	+ commit 2f6d2db1a4c28775a568c1f81ca127d2daebaf1c
	* cipher/ecc.c (ecc_sign, ecc_verify): Use of label K is not allowed in
	fips mode, differentiate with the GCRY_FIPS_FLAG_REJECT_PK_ECC_K flag.
	* src/gcrypt.h.in: New GCRY_FIPS_FLAG_REJECT_PK_ECC_K.
	* tests/t-fips-service-ind.c (check_pk_hash_sign_verify): Mark non
	compliant use of label.

	cipher: Add KAT for non-rfc6979 ECDSA with fixed k.
	+ commit be57179f42f8a7cb64f72f73ccea753400573b4f
	* cipher/ecc.c (run_selftests): Implement KAT for non-deterministic
	ECDSA.
	* cipher/ecc. (rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,
	rfc6979_ecdsa_data_tmpl): New.

2025-03-04  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Allow tests with !USE_RSA.
	+ commit 8404a048b7c58eb903717e09cffaa7735f7d8520
	* tests/t-fips-service-ind.c [USE_RSA] (check_pk_s_v): Ifdef-out.

	fips,cipher: Do the computation when marking non-compliant.
	+ commit 54a6617b3679cfeb6d986ddf3c9c73641929f02c
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Continue the computation
	when marking non-compliant.
	* cipher/pubkey.c (_gcry_pk_encrypt, _gcry_pk_sign): Likewise.
	(_gcry_pk_sign_md, _gcry_pk_verify, _gcry_pk_verify_md): Likewise.
	(_gcry_pk_testkey): Likewise.

2025-02-26  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Update t-fips-service-ind using GCRY_MD_SHA256 for KDF tests.
	+ commit e5989e08a556117ec3f19f098765963358b71051
	* tests/t-fips-service-ind.c (check_kdf_derive): Use GCRY_MD_SHA256.

	md: Use check_digest_algo_spec in _gcry_md_selftest.
	+ commit ce4755d5c5500cede6d7d380fdab2d15f5d77796
	* cipher/md.c (check_digest_algo_spec): New.
	(check_digest_algo): Use check_digest_algo_spec.
	(_gcry_md_selftest): Likewise.

	md: Fix gcry_md_algo_info to mark/reject under FIPS mode.
	+ commit 2f17a98a80b155e750ab77d4703e33612e545d58
	* cipher/md.c (check_digest_algo): Fix for marking non-compliance.
	* src/visibility.c (gcry_md_algo_info): Add check with
	fips_is_operational.

2025-02-25  NIIBE Yutaka  <gniibe@fsij.org>

	cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation.
	+ commit 60e5039793c2474d29ded039cf1a6b8107733a20
	* cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig): We can't
	determine if it's compliant when raw PKCS1 encoding is used.
	(_gcry_rsa_pss_encode): Add the behavior of marking non-compliant use.
	(_gcry_rsa_pss_verify): Likewise.
	* cipher/rsa.c (rsa_sign): Handle the check for SHA1.
	(rsa_verify): Likewise.
	* tests/t-fips-service-ind.c (check_pk_s_v): Add use cases for RSA
	and Ed25519.

	Revert "md: Make SHA1 non-FIPS and differentiate in the SLI"
	+ commit 1e815a00c302921adb9b41b372a8f6f908e23620
	This reverts commit 13a71215c255377863b0154ac602c86fe5450c49.

	cipher:(EC)DSA: Simply use mpi_clear_highbit in _gcry_dsa_gen_k.
	+ commit 54caef02afa90ad43d70f5772cd5550bb2055555
	* cipher/dsa-common.c (_gcry_dsa_gen_k): Use mpi_clear_highbit.

	mpi: Avoid normalizing MPI in _gcry_mpi_invm.
	+ commit c1da86e45a6e9c462cdb511c4c9c7fd375da1303
	* mpi/mpi-inv.c (_gcry_mpi_invm): Use _gcry_mpih_cmp_ui.

2025-02-20  NIIBE Yutaka  <gniibe@fsij.org>

	cipher,mpi: Expose some MPI helper functions by mpi.h.
	+ commit 88ae76d069c331ad947ecab8419df9a00f979b0e
	* cipher/dsa-common.c: Don't include mpi-internal.h.
	* mpi/mpi-inline.h (_gcry_mpih_add_lli): Move this to ...
	* src/mpi.h (_gcry_mpih_add_lli): ... here.
	(_gcry_mpih_rshift, _gcry_mpih_add_n_cond): Add.
	(_gcry_mpih_cmp_ui, _gcry_mpih_cmp_lli): Add.
	(_gcry_mpih_add_n): Add.
	* mpi/mpi-internal.h (_gcry_mpih_cmp_ui, _gcry_mpih_cmp_lli): Remove.

2025-02-19  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Fix _gcry_mpih_add_lli, as macro.
	+ commit bd53c51b03383ade2b63132d0034a75ab526c546
	* mpi/mpi-inline.h (_gcry_mpih_add_lli): Use _gcry_mpih_add_n.
	* mpi/mpi-internal.h (_gcry_mpih_add_lli): Remove.
	* mpi/mpih-const-time.c (_gcry_mpih_add_lli): Remove.

2025-02-18  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Add MPI helper modular exponentiation, Least Leak Intended.
	+ commit 2039d93289dbc1a90089466390777c756660ba5a
	* mpi/Makefile.am (libmpi_la_SOURCES): Add mpih-pow.c.
	* mpi/mpi-internal.h (_gcry_mpih_powm_lli): New.
	* mpi/mpi-pow.c (_gcry_mpi_get_powm_config): New.
	(USE_ALGORITHM_LLI_EXPONENTIATION): New, enabled as default.
	[USE_ALGORITHM_LLI_EXPONENTIATION] (_gcry_mpi_powm): Call
	_gcry_mpih_powm_lli when it's on secure memory.
	* mpi/mpih-pow.c (_gcry_mpih_powm_lli): New.
	* src/gcrypt-int.h (_gcry_mpi_get_powm_config): New.
	* src/global.c (print_config): Call _gcry_mpi_get_powm_config.

	mpi: Add MPH helper of table lookup, Least Leak Intended.
	+ commit 8fd2aab881c733a29c26459ed1d1d7f234728314
	* mpi/mpi-internal.h (ct_limb_select): New.
	(_gcry_mpih_lookup_lli): New.
	* mpi/mpih-const-time.c (_gcry_mpih_lookup_lli): New.

	cipher:(EC)DSA: Fix _gcry_dsa_gen_*k not to normalize MPI.
	+ commit bb5e893456b10c8a4fa336a281bf3008c0f9eb5e
	* cipher/dsa-common.c (_gcry_dsa_gen_k): Use _gcry_mpih_cmp_lli
	and _gcry_mpih_cmp_ui.
	(_gcry_dsa_gen_rfc6979_k): Likewise.

	cipher:(EC)DSA: Avoid MPI normalize by mpi_rshift.
	+ commit 0b794c208db39d959f8f532bc9920daefa853d2a
	* cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use
	_gcry_mpi_set_buffer and _gcry_mpih_rshift, instead of _gcry_mpi_scan
	and mpi_rshift.

	cipher:(EC)DSA: Fix _gcry_dsa_modify_k to least leak.
	+ commit d05cdb31689a45733751393a819a71c7c3386675
	* cipher/dsa-common.c (_gcry_dsa_modify_k): Use _gcry_mpih_add_lli.

2025-02-17  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Add _gcry_mpih_add_lli.
	+ commit 58e72af4eac4711993191919b6890b5ebb554acc
	* mpi/mpi-internal.h (_gcry_mpih_add_lli): New.
	* mpi/mpih-const-time.c (_gcry_mpih_add_lli): New.

2025-02-17  NIIBE Yutaka  <gniibe@fsij.org>
	    Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	mpi: Add _gcry_mpih_cmp_lli, Least Leak Intended.
	+ commit 459a6c9c81ee28ddf5baa9fe47f3138fd34334d5
	* mpi/mpi-internal.h (_gcry_mpih_cmp_lli): New.
	* mpi/mpih-const-time.c (_gcry_mpih_cmp_lli): New.

	mpi: Add _gcry_mpih_add_1_lli as Least Leak Intended.
	+ commit 06de5bc277532d1ef42b81464af81d2a22b90ad4
	* mpi/mpi-inline.h (_gcry_mpih_add_1_lli): New.

2025-02-14  Lucas Mulling  <lucas.mulling@suse.com>

	md: Make SHA1 non-FIPS and differentiate in the SLI.
	+ commit 13a71215c255377863b0154ac602c86fe5450c49
	* cipher/md.c (_gcry_md_open, md_enable, _gcry_md_enable, md_copy):
	Differentiate SHA1.
	* cipher/sha1.c (_gcry_digest_spec_sha1): Make SHA1 not FIPS.
	* src/fips.c (_gcry_fips_indicator_mac, _gcry_fips_indicator_md,
	run_digest_selftests, run_mac_selftests): Differentiate SHA1.
	* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_MD_SHA1): New.
	* tests/basic.c: (check_pubkey_sign): Use sha256 for baddata, add
	FLAG_NOFIPS to non FIPS compliant tests that use SHA1, and improve error
	messages.
	* tests/pkcs1v2.c (main): Skip tests in FIPS mode.
	* tests/t-fips-service-ind.c (check_kdf_derive): Use sha256 as pbkdf2
	subalgo.
	* tests/t-fips-service-ind.c (check_mac_o_w_r_c): Check for rejection of
	SHA1 test cases if in FIPS mode.

2025-02-13  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	mpih-const-time: fix return value for _gcry_mpih_cmp_ui.
	+ commit 957ac97097d0960a621ea1ea9f751b422afa8949
	* mpi/mpih-const-time.c (_gcry_mpih_cmp_ui): Return '1' when
	upper part of MPI is not all zeros.
	* tests/mpitests.c (test_invm_cmpui, test_invm): Add tests
	for gcry_mpi_invm().

2025-02-12  Lucas Mulling  <lucas.mulling@suse.com>

	cipher: Don't differentiate GCRY_CIPHER_MODE_CMAC in FIPS mode.
	+ commit 608ff4b2261e2d8961f0ef4189e74b1173b2802c
	* cipher/cipher.c (_gcry_cipher_mode_fips_compliance): Allow
	GCRY_CIPHER_MODE_CMAC in fips mode.
	* cipher/cipher.c (cipher_modes_fips_compliance)
	(cipher_int_modes_fips_compliance): New.

	cipher: Rename _gcry_cipher_is_mode_fips_compliant.
	+ commit 6b0fbb7e5e0da77787e3a87d74359ee21c44904e
	* cipher/cipher.c (_gcry_cipher_is_mode_fips_compliant): Rename to
	_gcry_cipher_mode_fips_compliance for better clarity and change the
	return type to gcry_err_code_t.
	* cipher/cipher.c (_gcry_cipher_mode_fips_compliance): Use
	gcry_cipher_modes instead of int for mode.
	* tests/t-fips-service-ind.c (check_cipher_o_s_e_d_c): Fix typo in fail.

2025-02-11  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	mpi/longlong: prevent optimization of carry instructions to branches.
	+ commit dd480b1e797463f71a7e69e9509833ff7a923bd6
	* mpi/longlong.h: Include "const-time.h"
	(add_ssaaaa, sub_ddmmss): Prevent optimization of carry handling to
	conditional branches in generic variant of double width addition and
	subtraction as was seen with GCC on riscv64.
	(umul_ppmm): Avoid conditional branch in generic 16x16=>32bit
	multiplication version of umul_ppmm.
	* src/const-time.h (CT_DEOPTIMIZE_VAR): New.

	mpih-const-time: avoid branches in _gcry_mpih_cmp_ui.
	+ commit 9c658cc8214f277d43b18d722bbc316972802d47
	* mpi/mpih-const-time.c (_gcry_mpih_cmp_ui): Avoid conditional
	branches for return value selection.

2025-02-06  NIIBE Yutaka  <gniibe@fsij.org>

	Fix _gcry_dsa_modify_k.
	+ commit 35a6a6feb9dcd0f4650a0fe73eb2581f481602c6
	* cipher/dsa-common.c (_gcry_dsa_modify_k): Don't use ! to negate the
	logical value.

2025-02-03  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Rename _gcry_mpih_mod as the one of Least Leak Intended.
	+ commit ff6c905bea7b2fb5526423ec9fba53f8d08f014b
	* mpi/mpi-internal.h (mpih_mod_lli): Add _lli suffix.
	(_gcry_mpih_mod_lli): Likewise.
	* mpi/mpih-const-time.c (_gcry_mpih_mod_lli): Rename.
	* mpi/mpi-inv.c (_gcry_mpi_invm): Follow the change.

	mpi: Add _gcry_mpih_mul_lli as Least Leak Intended.
	+ commit 5c5089ba36205ee5af0c83eec782eac68bf55d2e
	* mpi/mpi-internal.h (_gcry_mpih_mul_lli): New.
	* mpi/mpih-mul.c (_gcry_mpih_mul_lli): New.

2025-01-31  NIIBE Yutaka  <gniibe@fsij.org>

	cipher:prime: Fix long standing bug for PRIME % 2 == 0.
	+ commit 639b0fca15054f18c83fe3a6132a7765e558b984
	* cipher/primegen.c (check_prime): Check if it's even.

2025-01-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add SHA3 acceleration for RISC-V Zbb extension.
	+ commit 1a660068ba5b58861de2c71b119ae2b6b6db0263
	* cipher/keccak.c (USE_RISCV_ZBB): New.
	[NEED_COMMON64, HAVE_GCC_INLINE_ASM_RISCV] (load_aligned_u64)
	(HAVE_ALIGNED_ABSORB_LANES64, aligned_absorb_lanes64_8)
	(aligned_absorb_lanes64_4, aligned_absorb_lanes64_2)
	(aligned_absorb_lanes64_1, HAVE_ALIGNED_EXTRACT64)
	(aligned_extract64): New.
	[NEED_COMMON64] (keccak_extract64): Add 'aligned_extract64' path.
	[USE_64BIT] (absorb_lanes64_8, absorb_lanes64_4, absorb_lanes64_2)
	(absorb_lanes64_1): Rename these functions to …
	[USE_64BIT] (unaligned_absorb_lanes64_8, unaligned_absorb_lanes64_4)
	(unaligned_absorb_lanes64_2, unaligned_absorb_lanes64_1): … these.
	[USE_64BIT] (absorb_lanes64_21, absorb_lanes64_18, absorb_lanes64_17)
	(absorb_lanes64_13, absorb_lanes64_9): New.
	[USE_RISCV_ZBB]: (ANDN64, ROL64, keccak_riscv_zbb_64_ops): New.
	(keccak_init) [USE_RISCV_ZBB]: Use 'keccak_riscv_zbb_64_ops' if
	HWF_RISCV_IMAFDC and HWF_RISCV_ZBB available.
	* cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Use
	absorb_lanes64_21, absorb_lanes64_18, absorb_lanes64_17,
	absorb_lanes64_13 and absorb_lanes64_9.

	chacha20: add RISC-V vector intrinsics implementation.
	+ commit 8dbee93ac2f1bba095a0519a6e0656319cfddfa4
	* cipher/Makefile.am: Add 'chacha20-riscv-v.c' and
	add ENABLE_RISCV_VECTOR_INTRINSICS_EXTRA_CFLAGS handling for
	'chacha20-riscv-v.o' and 'chacha20-riscv-v.lo'.
	* cipher/chacha20-riscv-v.c: New.
	* cipher/chacha20.c (USE_RISCV_V): New.
	(CHACHA20_context_s): Add 'use_riscv_v'.
	[USE_RISCV_V] (_gcry_chacha20_riscv_v_blocks)
	(_gcry_chacha20_riscv_v_check_hw): New.
	(chacha20_blocks) [USE_RISCV_V]: Add RISC-V vector code path.
	(chacha20_do_setkey) [USE_RISCV_V]: Add HW feature detection for
	RISC-V vector implementation.
	* configure.ac: Add 'chacha20-riscv-v.lo'.

	Add GHASH RISC-V Zbb+Zbc implementation.
	+ commit 0f1fec12b0e9c952afaf78d3c973df41627cb3ff
	* cipher/Makefile.am: Add 'cipher-gcm-riscv-zbb-zbc.c'.
	* cipher/cipher-gcm-riscv-zbb-zbc.c: New.
	* cipher/cipher-gcm.c [GCM_USE_RISCV_ZBB_ZBC]
	(_gcry_ghash_setup_riscv_zbb_zbc, _gcry_ghash_riscv_zbb_zbc): New.
	(setupM) [GCM_USE_RISCV_ZBB_ZBC]: Check for HWF_RISCV_IMAFDC,
	HWF_RISCV_ZBB and HWF_RISCV_ZBC to enable RISC-V Zbb+Zbc implementation.
	* cipher/cipher-internal.h (GCM_USE_RISCV_ZBB_ZBC): New.
	* configure.ac: Add 'cipher-gcm-riscv-zbb-zbc.lo'.

	Add RISC-V vector permute AES.
	+ commit b24ebd61630486600530ebfc2cc81634a0fb373e
	* cipher/Makefile.am: Add 'rinjdael-vp-riscv.c' and
	CFLAG handling for 'rijndael-vp-riscv.o' and 'rijndael-vp-riscv.lo'.
	(ENABLE_RISCV_VECTOR_INTRINSICS_EXTRA_CFLAGS): New.
	* cipher/rijndael-internal.h (USE_VP_RISCV): New.
	* cipher/rijndael-vp-simd128.h [__ARM_NEON]: Move ARM NEON macros to ...
	* cipher/rijndael-vp-aarch64.c: ... here.
	* cipher/rijndael-vp-riscv.c: New.
	* cipher/rijndael-vp-simd128.h: Use '__m128i_const' type for constant
	vector values and use *_amemld() macros to load these values to vector
	registers.
	[__x86_64__] (vpaddd128, vpaddb128): Remove.
	[__x86_64__] (psrl_byte_128, movdqa128_memld, pand128_amemld)
	(paddq128_amemld, paddd128_amemld, pshufb128_amemld): New.
	[HAVE_SIMD256] (aes_encrypt_core_4blks_simd256)
	(aes_decrypt_core_4blks_simd256): New.
	(FUNC_CTR_ENC, FUNC_CTR32LE_ENC, FUNC_CFB_DEC, FUNC_CBC_DEC)
	(aes_simd128_ocb_enc, aes_simd128_ocb_dec, FUNC_OCB_AUTH)
	(aes_simd128_ecb_enc, aes_simd128_ecb_dec, aes_simd128_xts_enc)
	(aes_simd128_xts_dec) [HAVE_SIMD256]: Add 4 block parallel code paths
	for HW with 256-bit wide vectors.
	* cipher/rijndael.c [USE_VP_RISCV]
	(_gcry_aes_vp_riscv_setup_acceleration, _gcry_aes_vp_riscv_do_setkey)
	(_gcry_aes_vp_riscv_prepare_decryption, _gcry_aes_vp_riscv_encrypt)
	(_gcry_aes_vp_riscv_decrypt, _gcry_aes_vp_riscv_cfb_enc)
	(_gcry_aes_vp_riscv_cbc_enc, _gcry_aes_vp_riscv_ctr_enc)
	(_gcry_aes_vp_riscv_ctr32le_enc, _gcry_aes_vp_riscv_cfb_dec)
	(_gcry_aes_vp_riscv_cbc_dec, _gcry_aes_vp_riscv_ocb_crypt)
	(_gcry_aes_vp_riscv_ocb_auth, _gcry_aes_vp_riscv_ecb_crypt)
	(_gcry_aes_vp_riscv_xts_crypt): New.
	(do_setkey) [USE_VP_RISCV]: Setup vector permute AES for RISC-V with
	HWF_RISCV_IMAFDC and HWF_RISCV_V.
	* cipher/simd-common-riscv.h: New.
	* configure.ac: Add 'rijndael-vp-riscv.lo'.
	(gcry_cv_cc_riscv_vector_intrinsics)
	(gcry_cv_cc_riscv_vector_intrinsics_cflags): New.

	bithelp: add count trailing zero bits variant for RISC-V.
	+ commit 60104c2f92dc0d89bc67aa12a403533a65c34a2f
	* cipher/bithelp.h (_gcry_ctz_no_zero): New.
	(_gcry_ctz): Use '_gcry_ctz_no_zero'.
	* cipher/cipher-internal.h (ocb_get_l): Use '_gcry_ctz_no_zero'.

	hwf: add detection of RISC-V (64-bit) hardware features.
	+ commit df9de2a5e5a847fa4f11a923cf3397bf1cf7a562
	* configure.ac
	(gcry_cv_gcc_inline_asm_riscv, gcry_cv_gcc_inline_asm_riscv_v)
	(HAVE_GCC_INLINE_ASM_RISCV_V, HAVE_CPU_ARCH_RISCV): Add RISC-V
	detection support.
	* mpi/config.links: Add setup for RISC-V links.
	* src/Makefile.am: Add 'hwf-riscv.c'.
	* src/g10lib.h (HWF_RISCV_IMAFDC, HWF_RISCV_V, HWF_RISCV_ZBB)
	(HWF_RISCV_ZBC): New.
	* src/hwf_common.h (_gcry_hwf_detect_riscv): New.
	* src/hwf-riscv.c: New.
	* src/hwfeatures.c: Add "riscv-imafdc", "riscv-v", "riscv-zbb",
	and "riscv-zbc".

2025-01-27  Lucas Mulling  <lucas.mulling@suse.com>

	cipher: Check and mark non-compliant cipher modes in the SLI.
	+ commit 9f0fd2656d7d7ba26fcf95cc64d2514ae9ac8ec1
	* cipher/cipher.c (_gcry_cipher_open_internal): Check and mark if the
	cipher mode is compliant and reject accordingly.
	(_gcry_cipher_is_mode_fips_compliant): New.
	* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_CIPHER_MODE): New.
	* tests/t-fips-service-ind.c (check_cipher_o_s_e_d_c): Add test to
	verify that the service level indication is correctly set for non-
	compliant cipher modes, and correctly rejected if
	GCRY_FIPS_FLAG_REJECT_CIPHER_MODE is set.

2025-01-16  NIIBE Yutaka  <gniibe@fsij.org>

	Remove WindowsCE support.
	+ commit 24a2ca672b2198d3f420399bd01cc626d9de99f8
	* compat/clock.c, compat/getpid.c, random/rndw32ce.c: Remove.
	* compat/Makefile.am: Remove comment for clock.c and getpid.c.
	* compat/libcompat.h: Remove replacement functions.
	* configure.ac (GPG_ERR_ENABLE_ERRNO_MACROS): Remove.
	(have_w32ce_system, HAVE_W32CE_SYSTEM): Remove.
	(AC_REPLACE_FUNCS): Remove.
	(USE_RNDW32CE): Remove.
	* random/Makefile.am (EXTRA_librandom_la_SOURCES): Remove rndw32ce.c.
	* random/random-csprng.c [USE_RNDW32CE] (getfnc_gather_random):
	Remove WindowsCE support.
	(getfnc_fast_random_poll): Likewise.
	* src/Makefile.am [HAVE_W32CE_SYSTEM]: Remove WindowsCE support.
	* src/dumpsexp.c [__MINGW32CE__]: Remove WindowsCE support.
	* tests/stopwatch.h [__MINGW32CE__] (start_timer, stop_timer): Remove
	WindowsCE support.

2025-01-09  NIIBE Yutaka  <gniibe@fsij.org>

	build: Improve __thread specifier check.
	+ commit 42e8858566e32080aaf818b168f34c698a9ef084
	* configure.ac (AC_COMPILE_IFELSE __thread): Move the declaration to
	global, referring the variable with (void) in main to avoid an error
	buidling with -Werror=unused-variable.  Don't need to include
	stdlib.h.

2025-01-06  NIIBE Yutaka  <gniibe@fsij.org>

	fips,cipher: Fix memory leak for gcry_pk_hash_sign.
	+ commit 5e925e6c348450bf80b4560abac9a035903bff59
	* cipher/pubkey.c (prepare_datasexp_to_be_signed): Release
	copied HD when error.

2024-12-26  NIIBE Yutaka  <gniibe@fsij.org>

	fips,ecc: Check DATA in gcry_pk_sign/verify in FIPS mode.
	+ commit 53c97483b17fee280e24f595bc0d82d9b362ffde
	* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_PK_MD): New.
	(GCRY_FIPS_FLAG_REJECT_PK_GOST_SM2): New.

	* cipher/ecc.c (ecc_sign): Check if GOST or SM2.  Check if hash is
	compliant.
	(ecc_verify): Likewise.
	* tests/t-fips-service-ind.c (check_pk_s_v): Modify tests including
	hash compliance.

2024-12-24  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add more tests to tests/t-fips-service-ind.
	+ commit d71c88f78a4f1b72f92de90791fc6fe81a3cb861
	* tests/t-fips-service-ind.c (check_pk_g_t_n_c, check_pk_s_v): New.
	(main): Call check_pk_g_t_n_c and check_pk_s_v.

	fips,ecc: Add rejecting or marking for gcry_pk_get_curve.
	+ commit c6a092abbe7bea315394b15f28fd231dae0e4d7c
	* cipher/ecc-curves.c (_gcry_ecc_get_curve): Check under FIPS mode.

2024-12-20  NIIBE Yutaka  <gniibe@fsij.org>

	fips,cipher: Add behavior not to reject but mark non-compliant.
	+ commit a776b692669af7a6c089779989b626c4795e30b0
	* cipher/dsa.c (dsa_check_keysize): Check reject flag for rejection,
	or mark non-comliant in FIPS mode.
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
	* cipher/ecc.c (ecc_sign, ecc_verify): Likewise.
	* cipher/pubkey.c (_gcry_pk_encrypt, _gcry_pk_sign): Likewise.
	(_gcry_pk_verify, _gcry_pk_testkey, _gcry_pk_genkey): Likewise.
	(_gcry_pk_get_nbits, _gcry_pk_get_curve): Likewise.
	* src/visibility.c (gcry_pk_encrypt): Initialize the indicator.
	(gcry_pk_decrypt, gcry_pk_sign, gcry_pk_verify): Likewise.
	(gcry_pk_testkey, gcry_pk_genkey), gcry_pk_get_nbits)
	(gcry_pk_get_curve): Likewise.

	fips: Rejection by GCRYCTL_FIPS_REJECT_NON_FIPS, not by open flags.
	+ commit d060dd58b82882dec0d8bfcc593536bc0083b4b1
	* src/gcrypt.h.in (GCRY_CIPHER_FLAG_REJECT_NON_FIPS): Remove.
	(GCRY_MD_FLAG_REJECT_NON_FIPS): Remove.
	(GCRY_MAC_FLAG_REJECT_NON_FIPS): Remove.
	* tests/t-fips-service-ind.c: Update tests with
	GCRYCTL_FIPS_REJECT_NON_FIPS.
	* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey): Use
	fips_check_rejection.
	* cipher/mac.c (mac_open): Likewise.
	* cipher/md.c (struct gcry_md_context): Remove reject_non_fips.
	(md_open, md_enable): Use fips_check_rejection.
	(_gcry_md_enable, md_copy): Likewise.

2024-12-19  NIIBE Yutaka  <gniibe@fsij.org>

	Fix the previous change.
	+ commit b4eb23dc01a40e13d542fbfc5169dffa7fae5677
	* cipher/pubkey.c (_gcry_pk_sign_md): Fix memory leak.
	(_gcry_pk_verify_md): Likewise.

	fips: Introduce GCRYCTL_FIPS_REJECT_NON_FIPS.
	+ commit e52adf0948c60b2e9accd7996fcece0f9b443763
	* src/gcrypt.h.in (GCRYCTL_FIPS_REJECT_NON_FIPS): New.
	(GCRY_FIPS_FLAG_REJECT_*): New.
	* src/fips.c (struct gcry_thread_context): Add flags_reject_non_fips.
	(the_tc): Add initial value.
	(_gcry_thread_context_set_reject): New.
	(_gcry_thread_context_check_rejection): New.
	* src/gcrypt-int.h (fips_check_rejection): New.
	* src/global.c (_gcry_vcontrol): Handle GCRYCTL_FIPS_REJECT_NON_FIPS.
	* tests/t-fips-service-ind.c (main): Use GCRYCTL_FIPS_REJECT_NON_FIPS.

2024-12-18  NIIBE Yutaka  <gniibe@fsij.org>

	fips,cipher: Implement FIPS service indicator for gcry_pk_hash_ API.
	+ commit edb43bc290046bd22548bf69ae2fbeb453112e44
	* src/visibility.c (gcry_pk_hash_sign): Initialize the indicator.
	(gcry_pk_hash_verify): Likewise.
	* tests/t-fips-service-ind.c (check_pk_hash_sign_verify): New.
	(main): Call check_pk_hash_sign_verify.
	* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Don't reject, but
	mark non-compliance.
	* cipher/pubkey.c (prepare_datasexp_to_be_signed): Likewise.
	(_gcry_pk_sign_md, _gcry_pk_verify_md): Likewise.

	fips,md: gcry_md_copy should care about FIPS service indicator.
	+ commit 60db2a175d120aba6818de49638b36006878abf7
	* cipher/md.c (md_copy): In a case of non-compliant, mark with
	fips_service_indicator_mark_non_compliant.
	* src/visibility.c (gcry_md_copy): Initialize the indicator.

2024-12-17  NIIBE Yutaka  <gniibe@fsij.org>

	tests,fips: Add gcry_cipher_open tests.
	+ commit cfd2d2f41ad4aef40d83f8f7237d1da13c7e240c
	* tests/t-fips-service-ind.c (check_cipher_o_s_e_d_c): New.
	(main): Call check_cipher_o_s_e_d_c.

2024-12-16  NIIBE Yutaka  <gniibe@fsij.org>

	tests,fips: Move KDF tests to t-fips-service-ind.
	+ commit b59bde31ded9e829e2a53ddb8c533bf35a144972
	* tests/t-fips-service-ind.c (check_kdf_derive): Move from...
	* tests/t-kdf.c (check_fips_gcry_kdf_derive): ... here.

	tests,fips: Rename t-fips-service-ind.
	+ commit 132f346232b33fe41ffee3b3870ec189626676e7
	* tests/t-fips-service-ind.c: Rename from t-digest.c.
	* tests/Makefile.am (tests_bin): Follow the change.

	tests,fips: Add gcry_mac_open tests.
	+ commit c4f75014cb8af732f87c02fe7c2e7a488fe71c6d
	* tests/t-digest.c (check_mac_o_w_r_c): New.
	(main): Call check_mac_o_w_r_c.

	fips,cipher: Implement new FIPS service indicator for cipher_open.
	+ commit 69a5d0ed18a3ddc6f297de783c7cef5ad2257df0
	* src/gcrypt.h.in (GCRY_CIPHER_FLAG_REJECT_NON_FIPS): New.
	* cipher/cipher.c (_gcry_cipher_open_internal): Don't reject
	but mark the service indicator in FIPS mode.
	(cipher_setkey): Likewise.
	* src/visibility.c (gcry_cipher_open): Initialize the service
	indicator.
	(gcry_cipher_setkey): Likewise.

	fips,mac: Implement new FIPS service indicator for gcry_mac_open.
	+ commit fcb0c7004b0b6b318fdcced2bf61d9acb1e28cfc
	* src/gcrypt.h.in (GCRY_MAC_FLAG_REJECT_NON_FIPS): New.
	* cipher/mac.c (mac_open): Have FLAGS, instead of SECURE.  Reject when
	GCRY_MAC_FLAG_REJECT_NON_FIPS, otherwise, mark non compliant.
	(_gcry_mac_open): Follow the change.
	* src/visibility.c (gcry_mac_open): Add initialization for FIPS
	service indicator.
	(gcry_mac_setkey): Likewise.  Don't reject but mark.

2024-12-13  NIIBE Yutaka  <gniibe@fsij.org>

	fips,tests: Add tests for md_open/write/read/close for t-digest.
	+ commit 917fc6000dfebd8854f0d1c220b85dec0dbf4676
	* tests/t-digest.c (check_md_o_w_r_c): New.
	(main): Call check_md_o_w_r_c.

	fips,md: Implement new FIPS service indicator for gcry_md_open API.
	+ commit 9757e280794f537efc82c4eaa9a2944ece6a068a
	* src/gcrypt.h.in (GCRY_MD_FLAG_FIPS_NO_REJECTION): Remove.
	(GCRY_MD_FLAG_REJECT_NON_FIPS): New.
	* cipher/md.c (struct gcry_md_context): Add reject_non_fips.
	(md_enable): Remove NO_REJECT argument.
	(md_open): Change the FLAGS handling.
	(_gcry_md_open): Add checking of FIPS compliance against ALGO.
	(_gcry_md_enable): Likewise.
	(_gcry_md_hash_buffer): Follow the change of md_open change
	which now defaults to no rejection.
	(_gcry_md_hash_buffers_extract): Likewise.
	* src/visibility.c (gcry_md_open): Add fips_service_indicator_init.
	(gcry_md_enable): Likewise.
	(gcry_md_setkey): Don't reject but mark non-compliance.
	* tests/t-kdf.c (check_fips_gcry_kdf_derive): Add a test with
	non-compliant hash function.
	* cipher/mac-hmac.c (_gcry_mac_type_spec_hmac_md5): It's not
	compliant.
	* cipher/md5.c (gcry_md_oid_spec_t oid_spec_md5): It's not compliant.
	* tests/t-digest.c (check_hash_buffer, check_hash_buffers): MD5
	tests enabled.

	fips: Change the internal API for new FIPS service indicator.
	+ commit 4799914966a7f94f41e1ed5b7b62fded7ba09704
	* src/gcrypt-int.h (fips_service_indicator_init): Initialize by 0.
	(fips_service_indicator_mark_success): Remove.
	(fips_service_indicator_mark_non_compliant): New.
	* cipher/kdf.c (_gcry_kdf_derive): Follow the change of the API.
	* cipher/md.c (_gcry_md_hash_buffer): Likewise.
	(_gcry_md_hash_buffers_extract): Likewise.

2024-12-12  Simon Josefsson  <simon@josefsson.org>

	cipher: Add script to re-generate mceliece6688128f.c.
	+ commit 47ed744465ae7461771a3ca08799264a3d32a7fd
	* cipher/mceliece6688128f.sh: Add.
	* cipher/mceliece6688128f.c: Regenerate from script.

2024-12-11  Milan Broz  <gmazyland@gmail.com>

	kdf: Fix memory cost overflow in Argon2 KDF.
	+ commit 28327dba6b5ffae4a5e33da827fe0e2b48e99adb
	* cipher/kdf.c (argon2_init) Fix memory cost overflow in Argon2 KDF.

2024-12-11  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Fix comment in t-thread-local.
	+ commit 75744f721d8d9c3bfc0ee1f8fec760718eb924a2
	* tests/t-thread-local.c: Fix the name.

2024-12-10  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Extend tests/t-digest to test hmac too.
	+ commit 41cbcc0f0e786364972a4df213eff1b0ae362a40
	* tests/t-digest.c (check_hash_buffer): Rename.
	(check_hash_buffers): New.
	(main): Call check_hash_buffer and check_hash_buffers.

	tests: Fix t-digest for a minimal configuration.
	+ commit 06f6aafedc9f53d54468611744c67e0b7aa13c0c
	* tests/t-digest.c (check_digests): Care about minimal configuration.

2024-12-09  NIIBE Yutaka  <gniibe@fsij.org>

	fips,tests: Add t-digest.
	+ commit 7faf542f157330f3b247fa2542182ac805f06737
	* tests/Makefile.am (tests_bin): Add t-digest.
	* tests/t-digest.c: New.

2024-12-06  NIIBE Yutaka  <gniibe@fsij.org>

	fips,md: Implement new FIPS service indicator for gcry_md_hash_*.
	+ commit 3478caac62c712547f7c0e07f4cf9602bc317997
	* cipher/md.c (md_enable): Add an NO_REJECT argument.
	(md_open): Check flags against GCRY_MD_FLAG_FIPS_NO_REJECTION to
	call md_enable.
	(_gcry_md_enable): Follow the change.
	(_gcry_md_hash_buffer): Don't reject but keep the computation.
	Call fips_service_indicator_mark_success.
	(_gcry_md_hash_buffers_extract): Likewise.
	* src/gcrypt.h.in (GCRY_MD_FLAG_FIPS_NO_REJECTION): New.
	* src/visibility.c (gcry_md_hash_buffer, gcry_md_hash_buffers): Call
	fips_service_indicator_init.
	(gcry_md_hash_buffers_ext): Likewise.

2024-12-05  NIIBE Yutaka  <gniibe@fsij.org>
	    David Sugar  <david@atsec.com>

	fips,kdf: Implement new FIPS service indicator for gcry_kdf_derive.
	+ commit 5cfa1aee5b98baf0d66333344e0fa45b79cca28b
	* cipher/kdf.c (_gcry_kdf_derive): Don't reject by GPG_ERR_INV_VALUE
	but continue the computation, clearing IS_COMPLIANT.  After successful
	computation, call fips_service_indicator_mark_success with
	IS_COMPLIANT.
	* src/visibility.c (gcry_kdf_derive): Call fips_service_indicator_init.
	* tests/t-kdf.c (check_fips_gcry_kdf_derive): New.
	(main): Call check_fips_gcry_kdf_derive.

2024-12-05  NIIBE Yutaka  <gniibe@fsij.org>

	fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.
	+ commit f51f4e98930e6b2175e85fe8a95b8b6a15ad5efa
	* src/fips.c (_gcry_fips_indicator): New.
	* src/g10lib.h (_gcry_fips_indicator): New.
	* src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR): New.
	(gcry_get_fips_service_indicator): New.
	* src/global.c (_gcry_vcontrol): Handle GCRYCTL_FIPS_SERVICE_INDICATOR.

	fips: Introduce an internal API for FIPS service indicator.
	+ commit e1cf3123282525693b646499eb7efe4f2be4010a
	* configure.ac (HAVE_GCC_STORAGE_CLASS__THREAD): New.
	* src/fips.c (struct gcry_thread_context): New.
	(_gcry_thread_context_set_fsi, _gcry_thread_context_get_fsi): New.
	* src/gcrypt-int.h (fips_service_indicator_init): New macro.
	(fips_service_indicator_mark_success): New macro.
	* tests/Makefile.am (tests_bin): Add t-thread-local.
	* tests/t-thread-local.c: New.

2024-11-06  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add vector register clearing for PowerPC implementations.
	+ commit 022f44b6d894ba631cb20623a1e39267a953dff9
	* cipher/Makefile.am: Add 'simd-common-ppc.h'.
	* cipher/camellia-simd128.h
	[HAVE_GCC_INLINE_ASM_PPC_ALTIVEC]: Include "simd-common-ppc.h".
	[HAVE_GCC_INLINE_ASM_PPC_ALTIVEC] (memory_barrier_with_vec)
	(clear_vec_regs): Remove.
	* cipher/chacha20-p10le-8x.s (clear_vec_regs): New.
	(_gcry_chacha20_p10le_8x): Add clear_vec_regs.
	* cipher/chacha20-ppc.c: Include "simd-common-ppc.h".
	(chacha20_ppc_blocks1, chacha20_ppc_blocks4)
	(chacha20_poly1305_ppc_blocks4): Add clear_vec_regs.
	* cipher/cipher-gcm-ppc.c: Include "simd-common-ppc.h".
	(_gcry_ghash_setup_ppc_vpmsum, _gcry_ghash_ppc_vpmsum): Add
	clear_vec_regs.
	* cipher/poly1305-p10le.s (clear_vec_regs): New.
	(gcry_poly1305_p10le_4blocks): Add clear_vec_regs.
	* cipher/rijndael-p10le.c: Include "simd-common-ppc.h".
	(_gcry_aes_p10le_gcm_crypt): Add clear_vec_regs.
	* cipher/rijndael-ppc-common.h: Include "simd-common-ppc.h".
	* cipher/rijndael-ppc-functions.h (ENCRYPT_BLOCK_FUNC):
	(DECRYPT_BLOCK_FUNC, CFB_ENC_FUNC, ECB_CRYPT_FUNC, CFB_DEC_FUNC)
	(CBC_ENC_FUNC, CBC_DEC_FUNC, CTR_ENC_FUNC, OCB_CRYPT_FUNC)
	(OCB_AUTH_FUNC, XTS_CRYPT_FUNC, CTR32LE_ENC_FUNC): Add
	clear_vec_regs.
	* cipher/rijndael-ppc.c (_gcry_aes_ppc8_setkey)
	(_gcry_aes_ppc8_prepare_decryption): Add clear_vec_regs.
	* cipher/sha256-ppc.c: Include "simd-common-ppc.h".
	(sha256_transform_ppc): Add clear_vec_regs.
	* cipher/sha512-ppc.c: Include "simd-common-ppc.h".
	(sha512_transform_ppc): Add clear_vec_regs.
	* cipher/simd-common-ppc.h: New.
	* cipher/sm4-ppc.c: Include "simd-common-ppc.h".
	(sm4_ppc_crypt_blk1_16): Add clear_vec_regs.

	rijndael-ppc: fix 'may be used uninitialized' warnings.
	+ commit 52bd6fc0c0383c183870966069a7548dc2b8641a
	* cipher/rijndael-ppc-common.h (PRELOAD_ROUND_KEYS_ALL): Load
	rkey10-rkey13 with zero value by default.

	salsa20-amd64: clear vectors registers.
	+ commit 6a128b2380a4deb6086a904f17a1ff40c5af9b64
	* cipher/salsa20-amd64.S (CLEAR_REG): New.
	(_gcry_salsa20_amd64_encrypt_blocks): Clear vectors registers
	at exit.

	whirlpool-sse2-amd64: clear vectors registers.
	+ commit c479b9dd5a3863d81d88c305da1b61e3aa2d274e
	* cipher/whirlpool-sse2-amd64.S (CLEAR_REG): New.
	(_gcry_whirlpool_transform_amd64): Clear vectors registers
	at exit.

	camellia-aarch64-ce: clear volatile vectors registers.
	+ commit 762ccf64429d94530727bf8508e4d499fcfd062c
	* cipher/camellia-simd128.h [__powerpc__] (clear_vec_regs): New.
	[__ARM_NEON]: Include 'simd-common-aarch64.h'.
	[__ARM_NEON] (memory_barrier_with_vec): Remove.
	[__x86_64__] (clear_vec_regs): New.
	(FUNC_ENC_BLK16, FUNC_DEC_BLK16, camellia_setup128)
	(camellia_setup256): Add clear_vec_regs.

	gcm-aarch64-ce: clear volatile vector registers at setup function.
	+ commit 3d3e346cc3f52a423d67118203f0543feb430545
	* cipher/cipher-gcm-armv8-aarch64-ce.S
	(_gcry_ghash_setup_armv8_ce_pmull): Clear used vectors registers
	before function exit.

	sm3-aarch64-ce: clear volatile vector registers.
	+ commit af84aa32427d841eedbad0c2d1e53cf1df6dd732
	* cipher/sm3-armv8-aarch64-ce.S: Add CLEAR_ALL_REGS.

	sm4-aarch64-ce: clear volatile vector registers.
	+ commit 42495ad3a80eadb0b853c95377777fe9435b03ac
	* cipher/sm4-armv8-aarch64-ce.S (_gcry_sm4_armv8_ce_expand_key)
	(_gcry_sm4_armv8_ce_crypt_blk1_8, _gcry_sm4_armv8_ce_crypt)
	(_gcry_sm4_armv8_ce_cbc_dec, _gcry_sm4_armv8_ce_cfb_dec)
	(_gcry_sm4_armv8_ce_ctr_enc, _gcry_sm4_armv8_ce_xts_crypt): Add
	CLEAR_ALL_REGS.

	sm4-aarch64: clear volatile vectors registers.
	+ commit f6cebb330d87b88543949ae36a2bfef8b45c41d8
	* cipher/sm4-aarch64.S (clear_volatile_vec_regs): New.
	(_gcry_sm4_aarch64_crypt_blk1_8, _gcry_sm4_aarch64_crypt)
	(_gcry_sm4_aarch64_cbc_dec, _gcry_sm4_aarch64_cfb_dec)
	(_gcry_sm4_aarch64_ctr_enc): Add clear_volatile_vec_regs.

	sm4-aarch64-sve: clear volatile vectors registers.
	+ commit fb78bc85dfe183f381ad83142e5abf46f4096ca6
	* cipher/asm-common-aarch64.h (CLEAR_ALL_REGS): New.
	* cipher/sm4-armv9-aarch64-sve-ce.S
	(_gcry_sm4_armv9_sve_ce_cbc_dec, _gcry_sm4_armv9_sve_ce_cfb_dec)
	(_gcry_sm4_armv9_sve_ce_ctr_enc): Add CLEAR_ALL_REGS.

	sm4-aarch64-sve: add missing .text section.
	+ commit 341945ae9651b42e07fe5c29d6634b8af110ce4c
	* cipher/sm4-armv9-aarch64-sve-ce.S: Add missing '.text'.

	Add GHASH AArch64/SIMD intrinsics implementation.
	+ commit fec871fd18c73d790ac64a2a3b9e422212c2a6af
	* cipher/Makefile.am: Add 'cipher-gcm-aarch64-simd.c'.
	* cipher/cipher-gcm-aarch64-simd.c: New.
	* cipher/cipher-gcm.c [GCM_USE_AARCH64]: Add function
	prototypes for AArch64/SIMD implementation.
	(setupM) [GCM_USE_AARCH64]: Add setup for AArch64/SIMD
	implementation.
	* cipher/cipher-internal.h (GCM_USE_AARCH64): New.
	* configure.ac: Add 'cipher-gcm-aarch64-simd.c'.

	Add AES Vector Permute intrinsics implementation for AArch64.
	+ commit 94a63aedbbd252305c865912e59400dc6f3bc3b8
	* cipher/Makefile: Add 'rijndael-vp-aarch64.c',
	'rijndael-vp-simd128.h' and 'simd-common-aarch64.h'.
	* cipher/rijndael-internal.h (USE_VP_AARCH64): New.
	* cipher/rijndael-vp-aarch64.c: New.
	* cipher/rijndael-vp-simd128.h: New.
	* cipher/rijndael.c [USE_VP_AARCH64]: Add function prototypes
	for AArch64 vector permutation implementation.
	(do_setkey) [USE_VP_AARCH64]: Setup function pointers for
	AArch64 vector permutation implementation.
	* cipher/simd-common-aarch64.h: New.
	* configure.ac: Add 'rijndael-vp-aarch64.lo'.

