2020-10-23  Werner Koch  <wk@gnupg.org>

	Release 1.8.7.
	+ commit 04c156a48b35b56cf201091ddd43883957a042e5


	random: Allow for a Unicode random seed file on Windows.
	+ commit 6b79963f3f09c82b684293dbcd1951d65101fedd
	* random/random-csprng.c (utf8_to_wchar) [W32]: New.
	(any8bitchar) [W32]: New.
	(my_open): New.  Replace all calls to open with this.

2020-08-26  Werner Koch  <wk@gnupg.org>

	build: Allow customization of the signing key.
	+ commit 9c42c068c37411bfda9851b1bd60e927cb81ec7c
	* Makefile.am (sign-release): Read variabales from user configuration.

2020-08-04  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	random/jitterentropy: fix USE_JENT == JENT_USES_GETTIME code path.
	+ commit 01b441308838e5b9b12022b40754855bda8670bf
	* random/jitterentropy-base-user.h (jent_get_nstime): Use 'tv' variable
	instead of non-existing 'time'.

2020-07-30  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Support opaque MPI with gcry_mpi_print.
	+ commit d9103048d11bcd8c9cce42dd450b394acd8949ac
	* mpi/mpicoder.c (_gcry_mpi_get_buffer): Return the bytes as-is.

2020-07-06  Werner Koch  <wk@gnupg.org>

	Post release updates.
	+ commit c917ebb48d1b784f6f29bc5b292bab78469aabfb


	mpi: Consider +0 and -0 the same in mpi_cmp.
	+ commit 31bb4f3210df76c3036b03ce6dfd2b7c0c6af9ed
	* mpi/mpi-cmp.c (do_mpi_cmp): Check size of U an V.

2020-06-09  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Fix flags in mpi_copy for opaque MPI.
	+ commit 47e8977d24e5becb83b6ca2824ee1d4c48704a8b
	* mpi/mpiutil.c (_gcry_mpi_copy): Copy flags.

2020-04-27  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Fix the return value of mpi_invm_generic.
	+ commit 99007cbfd104330538141b9b1574ec3044079699
	* mpi/mpi-inv.c (mpi_invm_generic): Return correct value.

	mpi: Fix return value of mpi_invm_generic.
	+ commit 986aa2728715ea312c607a6b95f3c5419d174ee7
	* mpi/mpi-inv.c (mpi_invm_generic): Return 0 if inverse does not exist.

2020-03-18  NIIBE Yutaka  <gniibe@fsij.org>

	DSA,ECDSA: Fix use of mpi_invm.
	+ commit 3a16c19d4d63d9e67297edf369f0a48546ea0ab7
	* cipher/dsa.c (sign): Call mpi_invm before _gcry_dsa_modify_k.
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.

	mpi: Constant time mpi_inv with some conditions.
	+ commit 90b7339b0654daaf873b3a113459d3024d2837b5
	* mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
	(mpih_abs_cond): New.
	(mpi_invm_odd): New.
	(mpi_invm_generic): Rename from _gcry_mpi_invm.
	(_gcry_mpi_invm): Use mpi_invm_odd for usual odd cases.

2020-03-09  Werner Koch  <wk@gnupg.org>

	mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr.
	+ commit ffbc5702ab16109ab9439bd947871ab90269bf34
	* mpi/mpi-div.c (_gcry_mpi_tdiv_qr): Error out on division by zero.

2020-02-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Fix wrong code execution in Poly1305 ARM/NEON implementation.
	+ commit 761a1a0d30ea0c1ba385963cdc4c06d03ce126bc
	* cipher/poly1305-armv7-neon.S
	(_gcry_poly1305_armv7_neon_init_ext): Set r14 to -1 at function entry.

2020-02-03  Marvin W  <git@larma.de>

	Set vZZ.16b register to zero before use in armv8 gcm implementation.
	+ commit ec7db47e9998bc68f8e849d0f2a454fb17cc144c
	* cipher/cipher-gcm-armv8-aarch64-ce.S
	(_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero.

2020-01-23  NIIBE Yutaka  <gniibe@fsij.org>

	random: Fix include of config.h.
	+ commit 03e6d6597198ee45d715c2d00bd174622f2875a8
	* random/random-drbg.c: Include config.h earlier.

2020-01-21  NIIBE Yutaka  <gniibe@fsij.org>

	Fix declaration of internal function _gcry_mpi_get_ui.
	+ commit a29e058ff1145428c97e7a87e9d90ebdd86c0360
	* src/gcrypt-int.h (_gcry_mpi_get_ui): Don't use ulong.

2019-10-24  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Fix wrong handling of shorten PK bytes.
	+ commit 006e51cd83a1c36509d124c251cea2f515bcc1ad
	* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Zeros are
	already recovered.

2019-08-29  Werner Koch  <wk@gnupg.org>

	Release 1.8.5.
	+ commit 56606331bc2a80536db9fc11ad53695126007298


2019-08-16  NIIBE Yutaka  <gniibe@fsij.org>

	ecdsa: Fix unblinding too early.
	+ commit 1862f402d363dce946c3169d4f4f48c5eee052f1
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Keep the blinding until
	the last step.

2019-08-09  NIIBE Yutaka  <gniibe@fsij.org>

	dsa,ecdsa: Fix use of nonce, use larger one.
	+ commit db4e9976cc31b314aafad6626b2894e86ee44d60
	* cipher/dsa-common.c (_gcry_dsa_modify_k): New.
	* cipher/pubkey-internal.h (_gcry_dsa_modify_k): New.
	* cipher/dsa.c (sign): Use _gcry_dsa_modify_k.
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
	* cipher/ecc-gost.c (_gcry_ecc_gost_sign): Likewise.

2019-08-07  NIIBE Yutaka  <gniibe@fsij.org>
	    Ján Jančár  <johny@neuromancer.sk>

	ecc: Add mitigation against timing attack.
	+ commit d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K.
	* mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger.

2019-08-07  NIIBE Yutaka  <gniibe@fsij.org>

	dsa,ecdsa: Allocate secure memory for RFC6979 generation.
	+ commit 5ad654a330859b140ffb69502c99e269f2cca9f3
	* cipher/dsa-common.c (_gcry_dsa_gen_rfc6979_k): Use secure memory
	just like _gcry_dsa_gen_k does.

2019-07-15  NIIBE Yutaka  <gniibe@fsij.org>

	tests: t-mpi-point: Remove implementation dependent checks.
	+ commit 0147a5e69e497fa0433e61faef77aa6ddf071aea
	* tests/t-mpi-point.c (basic_ec_math): Remove comparing X and Y,
	only comparison of Z is relevant, mathematically.
	Remove useless check, where different values in equivalence class
	exist.
	(basic_ec_math_simplified): Likewise.

2018-11-19  Andreas Metzler  <ametzler@bebt.de>

	doc: Fix library initialization examples.
	+ commit 6faeca72b455541ed6da45c5e71c8eb7b10b8c0b


2018-11-14  Werner Koch  <wk@gnupg.org>

	random: Initialize variable as requested by valgrind.
	+ commit 35e002d4b842f25e3fcb6036c21bdafc5214317e
	random/jitterentropy-base.c: Init.

2018-11-13  NIIBE Yutaka  <gniibe@fsij.org>

	libgcrypt.m4: Update from master.
	+ commit 4141caabe76ad092f3487b4516ee481fba837adb
	* src/libgcrypt.m4: Update from master.

2018-10-30  NIIBE Yutaka  <gniibe@fsij.org>

	libgcrypt.m4: Update from master.
	+ commit 0216418ab23a690662764098a17002754202a2c2
	* src/libgcrypt.m4: Update.

	libgrypt.pc: Provide pkg-config file.
	+ commit 813b002eaf3052586f25b36d0b72668cfad3e0ee
	* configure.ac: Generate src/libgcrypt.pc.
	* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
	(EXTRA_DIST): Add libgcrypt.pc.in.
	* src/libgcrypt.pc.in: New.

2018-10-26  Werner Koch  <wk@gnupg.org>

	Release 1.8.4.
	+ commit 93775172713c00c363187b5d6a88895b04ac7c8e


2018-10-26  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	random: use getrandom() on Linux where available.
	+ commit 0973c3f9ee7a9ad7c97b77849ed33ecd6789c787
	* random/rndlinux.c (_gcry_rndlinux_gather_random): use the
	getrandom() syscall on Linux if it exists, regardless of what kind of
	entropy was requested.

2018-10-26  Werner Koch  <wk@gnupg.org>

	random: Make sure to re-open /dev/random after a fork.
	+ commit 60885655756dd0427872b8f01c06da14eab5af70
	* random/rndlinux.c (_gcry_rndlinux_gather_random): Detect fork and
	re-open devices.

	primes: Avoid leaking bits of the prime test to pageable memory.
	+ commit 5b1d022293c5779b1150a7653cce4e3bf494a07c
	* cipher/primegen.c (gen_prime): Allocate MODS in secure memory.

2018-10-24  Werner Koch  <wk@gnupg.org>

	build: Add release make target.
	+ commit 99a5babfd1e759310db8ab8b11d182f2e139dfb1
	* Makefile.am (release, sign-release): New targets.

	(cherry picked from commit 03bb25ee7ed6f1076bf788ab981ca68672880daa)

	Fix memory leak in secmem in out of core conditions.
	+ commit abd267bf239345ceae5c0de239d1530b427a53a1
	* src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor
	if the pool could not be allocated.

	ecc: Fix memory leak in the error case of ecc_encrypt_raw.
	+ commit 60224352f4de1189e0076c6172886dc787a1e6e6
	* cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main
	block.

	ecc: Fix possible memory leakage in parameter check of eddsa.
	+ commit 347987d4cf29b6a611b7fafa14fddeb50c0651d2
	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak.

	ecc: Fix potential unintended freeing of an internal param.
	+ commit be68b3ee4fd1f85edc95eaad11c8fd52ccd27ccd
	* cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error

	sexp: Fix uninitialized use of a var in the error case.
	+ commit 8cc7cac82ec2087c3e1ece56dbd12855a383f090
	* src/sexp.c (_gcry_sexp_vextract_param): Initialize L1.

2018-06-19  Will Dietz  <w@wdtz.org>

	random: Fix hang of _gcry_rndjent_get_version.
	+ commit 20c034865f2dd15ce2871385b6e29c15d1570539
	* random/rndjent.c (_gcry_rndjent_get_version): Move locking.

2018-06-13  Werner Koch  <wk@gnupg.org>

	Release 1.8.3.
	+ commit 5600d2d6b23640b0114655214f18959ee81fe58e


2018-06-13  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Add blinding for ECDSA.
	+ commit 9be06c6b2e5c96edf40e566bbf51d44c4d46fb07
	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
	randomized nonce B.

2018-06-11  Werner Koch  <wk@gnupg.org>

	ecc: Improve gcry_mpi_ec_curve_point.
	+ commit 846f8fe8b3be6d235592db184361df1bc2b07a8a
	* mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates.
	* tests/t-mpi-point.c (point_on_curve): New.

	mpi: New internal function _gcry_mpi_cmpabs.
	+ commit 54620a27f4503e703e219e6e11c4be14ce4e3d35
	* mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ...
	(do_mpi_cmp): New.  Add arg absmode.
	(_gcry_mpi_cmpabs): New.
	* src/gcrypt-int.h (mpi_cmpabs): New macro.

	(cherry picked from commit 6606ae44e0de1069b29dd4215ee9748280940e1b)

2018-04-29  Werner Koch  <wk@gnupg.org>

	build: Convince gcc not to delete NULL ptr checks.
	+ commit 1a0289daa408773e1a6cefb2562288245f49651c
	* configure.ac: Try to use -fno-delete-null-pointer-checks.

	(cherry picked from commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062)

	prime: Avoid rare assertion failure in gcry_prime_check.
	+ commit c5bed9df96337b1553cdcd4a85eec10e78b4d14a
	* cipher/primegen.c (is_prime): Don't fail on the assert X > 1.

2018-04-17  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Make BMI2 inline assembly check more robust.
	+ commit 22db6237de00cafb85c0112073b55d0d750e6b03
	* configure.ac (gcry_cv_gcc_inline_asm_bmi2): New assembly test.

2018-04-17  Stephan Mueller  <smueller@chronox.de>

	AES-KW: fix in-place encryption.
	+ commit bbf88f0e9d481486ceca079e2611e84db8d039c7
	* cipher/cipher-aeswrap.c: move memmove call before KW IV setting

2018-04-17  Werner Koch  <wk@gnupg.org>

	mpi: Fix for buidling for MIPS64 with Clang.
	+ commit a0e016e29409ccd78966a5eb82dea236ad44d9c9
	* mpi/longlong.h [MIPS64][__clang__]: Use the C version like we
	already do for 32 bit MIPS.

2018-04-17  NIIBE Yutaka  <gniibe@fsij.org>

	hmac: Use xtrymalloc.
	+ commit 06fdc074eb29faf584ffd13feea4c063936446fb
	* src/hmac256.c (_gcry_hmac256_new): Use xtrymalloc.
	(_gcry_hmac256_file): Likewise.

	random: Protect another use of jent_rng_collector.
	+ commit 0da4a237661cd273303ae6baaaba2d9f6292b990
	* random/rndjent.c (_gcry_rndjent_get_version): Lock the access.

	(cherry picked from commit 0de2a22fcf6607d0aecb550feefa414cee3731b2)

2018-04-17  Martin Storsjö  <martin@martin.st>

	random: Don't assume that _WIN64 implies x86_64.
	+ commit e1695a8f6ca1135d777450cf9ce64628b0778ccb
	* random/rndw32.c: Change _WIN64 ifdef into __x86_64__.

2018-04-17  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Improve constant-time buffer compare.
	+ commit 4e11e9d988181cf9cd87c7c86fa8e7a0f643a573
	* cipher/bufhelp.h (buf_eq_const): Rewrite logic.

	Fix incorrect counter overflow handling for GCM.
	+ commit 0a391b259adcd7ea734dc03c2048a135e018166d
	* cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle
	32-bit CTR increment for GCM.
	(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use
	generic CTR implementation directly, use gcm_ctr_encrypt instead.
	* tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit
	CTR overflow.
	(check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes'
	test-runs.

	doc: fix double "See" in front of reference.
	+ commit c114ffd6da837e7aace318e37bbcf9325dd985b7
	* doc/gcrypt.texi: Change @xref to @ref when text already has 'see' in
	the front.

2017-12-13  Werner Koch  <wk@gnupg.org>

	Release 1.8.2.
	+ commit eb84e429950b6a61c00112e70a584940c1d352e4


2017-11-24  Werner Koch  <wk@gnupg.org>

	sexp: Avoid a fatal error in case of ENOMEM in called functions.
	+ commit 59df8d6295426d0a9cf7646c381df2ea29fdb8c5
	* src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error
	return.  Replace sprintf by snprintf.
	(convert_to_hex): Replace sprintf by snprintf.
	(convert_to_string): Ditto.
	(_gcry_sexp_sprint): Ditto.

2017-11-23  Werner Koch  <wk@gnupg.org>

	api: Add auto expand secmem feature.
	+ commit f4582f8c429f22b18f8ca8a40660a91d721f5c96
	* src/global.c (_gcry_vcontrol): Implement control value 78.
	* src/secmem.c (auto_expand): New var.
	(_gcry_secmem_set_auto_expand): New.
	(_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND.

2017-11-14  NIIBE Yutaka  <gniibe@fsij.org>

	tests: Add HAVE_MMAP check for MinGW.
	+ commit 334e1a1cfc8f59db765a0bff0ca29090aa11b0f6
	* tests/t-secmem.c (main): Conditionalize with HAVE_MMAP.

2017-11-09  NIIBE Yutaka  <gniibe@fsij.org>

	Fix secmem test for machine with larger page.
	+ commit da127f7505ff7681fc9dbfbf332121d2998e88aa
	* tests/t-secmem.c (main): Detect page size and setup chunk size.
	* src/secmem.c (init_pool): Simplify the expression.

2017-08-27  Werner Koch  <wk@gnupg.org>

	Release 1.8.1.
	+ commit 80fd8615048c3897b91a315cca22ab139b056ccd
	* configure.ac: Set LT version to C22/A2/R1.

2017-08-27  NIIBE Yutaka  <gniibe@fsij.org>

	ecc: Add input validation for X25519.
	+ commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
	* cipher/ecc.c (ecc_decrypt_raw): Add input validation.
	* mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
	(_gcry_mpi_ec_bad_point): New.

2017-08-07  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

	cipher: Add OID for SHA384WithECDSA.
	+ commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315
	* cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA.

2017-08-02  Werner Koch  <wk@gnupg.org>

	tests: Fix a printf glitch for a Windows test.
	+ commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19
	* tests/t-convert.c (check_formats): Fix print format glitch on
	Windows.
	* tests/t-ed25519.c: Typo fix.

	tests: Add benchmarking option to tests/random.
	+ commit 21d0f068a721c022f955084c28304934fd198c5e
	* tests/random.c: Always include unistd.h.
	(prepend_srcdir): New.
	(run_benchmark): New.
	(main): Add options --benchmark and --with-seed-file.  Print whetehr
	JENT has been used.
	* tests/t-common.h (split_fields_colon): New. Taken from GnuPG.
	License of that code changed to LGPLv2.1.

	random: Add more bytes to the pool in addition to the seed file.
	+ commit eea36574f37830a6a80b4fad884825e815b2912f
	* random/random-csprng.c (read_seed_file): Read 128 or 32 butes
	depending on whether we have the Jitter RNG.

2017-08-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add script to run basic tests with all supported HWF combinations.
	+ commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004
	* tests/basic_all_hwfeature_combinations.sh: New.
	* tests/Makefile.am: Add basic_all_hwfeature_combinations.sh.

2017-07-29  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Fix return value type for _gcry_md_extract.
	+ commit cf1528e7f2761774d06ace0de48f39c96b52dc4f
	* src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of
	gpg_error_t for internal function return type.

	Fix building AArch32 CE implementations when target is ARMv6 arch.
	+ commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748
	* cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure.
	* cipher/rijndael-armv8-aarch32-ce.S: Ditto.
	* cipher/sha1-armv8-aarch32-ce.S: Ditto.
	* cipher/sha256-armv8-aarch32-ce.S: Ditto.
	* configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto.

2017-07-25  NIIBE Yutaka  <gniibe@fsij.org>

	sexp: Add fall through annotation.
	+ commit b7cd44335d9cde43be6f693dca6399ed0762649c
	* src/dumpsexp.c (parse_and_print): It's fall through.

2017-07-24  Werner Koch  <wk@gnupg.org>

	random: Fix the command line munging for jitterbase.
	+ commit ac39522ab08fcd2483edc223334c6ab9d19e91f3
	* random/Makefile.am (o_flag_munging): Make the first sed term also
	global.

2017-07-19  NIIBE Yutaka  <gniibe@fsij.org>

	Remove byte order mark.
	+ commit 1d8e4c2c3a7d0a4154caf5bd720a9a0b04179390
	* random/jitterentropy-base.c, random/jitterentropy.h: Remove
	byte order mark.

2017-07-18  Werner Koch  <wk@gnupg.org>

	Release 1.8.0.
	+ commit 850aca744eeda5fd410f478a0778e353045ac962


	mac: Add selftests for HMAC-SHA3-xxx.
	+ commit 95194c550443e8d5558856633f920daec8a975c4
	* cipher/hmac-tests.c (check_one): Add arg trunc and change all
	callers to pass false.
	(selftests_sha3): New.
	(run_selftests): Call new selftests.

	api: New function gcry_mpi_point_copy.
	+ commit ecf73dafb7aafed0d0f339d07235b58c2113f94c
	* src/gcrypt.h.in (gcry_mpi_point_copy): New.
	(mpi_point_copy): New macro.
	* src/visibility.c (gcry_mpi_point_copy): New.
	* src/libgcrypt.def, src/libgcrypt.vers: Add function.
	* mpi/ec.c (_gcry_mpi_point_copy): New.
	* tests/t-mpi-point.c (set_get_point): Add test.

2017-07-17  Werner Koch  <wk@gnupg.org>

	random: Minor fix for getting the rndjent version.
	+ commit 9d99c6b973caa7fdf93b53cf764066214f763803
	* random/rndjent.c (_gcry_rndjent_get_version): Always set R_ACTIVE.
	* tests/version.c (test_get_config): Check number of fields for
	rng-type.

2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Minor fix of mpi_pow.
	+ commit 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b
	* mpi/mpi-pow.c (_gcry_mpi_powm): Allocate size fix.

	mpi: Fix mpi_pow alternative implementation.
	+ commit 66ed4d53789892def7b237756d8a0ab28df9d222
	* mpi/mpi-pow.c
	  [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Use
	  mpi_set_cond.

	Fix mpi_pow alternative implementation.
	+ commit 619ebae9847831f43314a95cc3180f4b329b4d3b
	* mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm):
	Allocate size fix.

2017-07-06  Werner Koch  <wk@gnupg.org>

	rsa: Use modern MPI allocation function.
	+ commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887
	* cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew.

2017-07-05  Werner Koch  <wk@gnupg.org>

	build: Minor API fixes to fix build problems on AIX.
	+ commit 85a9a913da9ecc6b2cd6f743e90e49983251d706
	* src/gcrypt.h.in (gcry_error_from_errno): Fix return type.
	* src/visibility.c (gcry_md_extract): Change return type to match the
	prototype.

	tools: Add left shift to mpicalc.
	+ commit 0d30a4a9791d20c8881b5b12bd44611d9f4274cd
	* src/mpicalc.c (do_lshift): New.
	(main): Handle '<'.

2017-07-04  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Fix mpi_set_secure.
	+ commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2
	* mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced.

2017-06-29  NIIBE Yutaka  <gniibe@fsij.org>
	    Werner Koch  <wk@gnupg.org>

	rsa: Add exponent blinding.
	+ commit 8725c99ffa41778f382ca97233183bcd687bb0ce
	* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
	nonce R for mpi_powm computation.

2017-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	Same computation for square and multiply.
	+ commit 78130828e9a140a9de4dafadbc844dbb64cb709a
	* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
	the assignment to base_u into the loop.  Copy content refered by RP to
	BASE_U except the last of the loop.

2017-06-24  Werner Koch  <wk@gnupg.org>

	rsa: Minor refactoring.
	+ commit e6a3dc9900433bbc8ad362a595a3837318c28fa9
	* cipher/rsa.c (secret): Factor code out to ...
	(secret_core_std, secret_core_crt): new functions.

2017-06-23  Werner Koch  <wk@gnupg.org>

	random: Add missing dependency.
	+ commit d091610377b2c92cf385282b1adfc30fa6cd5c75
	* random/Makefile.am (EXTRA_librandom_la_SOURCES): Fix file name.
	(rndjent.o, rndjent.lo): Depend on jitterentropy-base-user.h.

	random: Update jitterentropy to 2.1.0.
	+ commit 8dfae89ecd3e9ae0967586cb38d12ef9111fc7cd
	* random/rndjent.c (jent_get_nstime, jent_zfree)
	(jent_fips_enabled, jent_zalloc): Move functions and macros to ...
	* random/jitterentropy-base-user.h: this file.   That files was not
	used before.
	* random/Makefile.am (EXTRA_librandom_la_SOURCES): Add
	jitterentropy-base-user.
	* random/jitterentropy-base.c: Update to version 2.1.0.
	* random/jitterentropy.h: Ditto.

2017-06-21  Werner Koch  <wk@gnupg.org>

	api: New function gcry_get_config.
	+ commit 27148e60ba15b0cb73b47a75c688fcb48a1a3444
	* src/misc.c (_gcry_log_info_with_dummy_fp): Remove.
	* src/global.c (print_config): New arg WHAT.  Remove arg FNC and use
	gpgrt_fprintf directly.
	(_gcry_get_config): New.
	(_gcry_vcontrol) <GCRYCTL_PRINT_CONFIG>: Use _gcry_get_config instead
	of print_config.
	* src/gcrypt.h.in (gcry_get_config): New.
	* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
	* src/visibility.c (gcry_get_config): New.
	* src/visibility.h: Mark new function.

	* tests/version.c (test_get_config): New.
	(main): Call new test.

	random: Allow building rndjent on non-x86.
	+ commit c2319464b03e61aaf34ef6d5f4b59b0c0483a373
	* random/jitterentropy-base.c (jent_version): Uncomment function.
	* random/rndjent.c: Include time.h
	(JENT_USES_RDTSC): New.
	(JENT_USES_GETTIME): New.
	(JENT_USES_READ_REAL_TIME): New.
	(jent_get_nstime): Support clock_gettime and AIX specific
	function.  Taken from Stephan Müller's code.
	(is_rng_available): New.
	(_gcry_rndjent_dump_stats): Use that function.
	(_gcry_rndjent_poll): Use that fucntion.  Allow an ADD of NULL for an
	intialize only mode.
	(_gcry_rndjent_get_version): New.

2017-06-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rijndael-padlock: change asm operands from read-only to read/write.
	+ commit 32b4ab209067f6f08b87b27bc78ec27dc497b708
	* cipher/rijndael-padlock.c (do_padlock): Change ESI/EDI/ECX to use
	read/write operands as XCRYPT instruction modifies these registers.

2017-06-16  Werner Koch  <wk@gnupg.org>

	random: Make rndjent.c NTG.1 compliant.
	+ commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9
	* random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.

	md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512.
	+ commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f
	* cipher/sha256.c (_gcry_sha256_hash_buffer): New.
	(_gcry_sha256_hash_buffers): New.
	* cipher/sha512.c (_gcry_sha512_hash_buffer): New.
	(_gcry_sha512_hash_buffers): New.
	* cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
	(_gcry_md_hash_buffers): Ditto.

	random: Allow building rndjent.c with stats collecting enabled.
	+ commit ee3a74f5539cbc5182ce089994e37c16ce612149
	* random/rndjent.c: Change license to the one used by jitterentropy.h.
	(jent_init_statistic): New.
	(jent_bit_count): New.
	(jent_statistic_copy_stat): new.
	(jent_calc_statistic): New.

	New global config option "only-urandom".
	+ commit 8f6082e95f30c1ba68d2de23da90146f87f0c66c
	* random/rand-internal.h (RANDOM_CONF_ONLY_URANDOM): New.
	* random/random.c (_gcry_random_read_conf): Add option "only-urandom".
	* random/rndlinux.c (_gcry_rndlinux_gather_random): Implement that
	option.
	* tests/keygen.c (main): Add option --no-quick for better manual
	tests.

	Implement global config file /etc/gcrypt/random.conf.
	+ commit b05a4abc358b204dba343d9cfbd59fdc828c1686
	* src/hwfeatures.c (my_isascii): Move macro to ...
	* src/g10lib.h: here.
	* tests/random.c (main): Dump random stats.
	* random/random.c (RANDOM_CONF_FILE): New.
	(_gcry_random_read_conf): New.
	(_gcry_random_dump_stats): Call rndjent stats.
	* random/rndjent.c (jent_rng_totalcalls, jent_rng_totalbytes): New.
	(_gcry_rndjent_poll): Take care of config option disable-jent.  Wipe
	buffer.  Bump counters.
	(_gcry_rndjent_dump_stats): New.

2017-06-14  Werner Koch  <wk@gnupg.org>

	random: Add jitter RND based entropy collector.
	+ commit f5e7763ddca59dcd9ac9f2f4d50cb41b14a34a9e
	* random/rndjent.c: New.
	* random/rndlinux.c (_gcry_rndlinux_gather_random): Use rndjent.
	* random/rndw32.c (_gcry_rndw32_gather_random): Use rndjent.
	(slow_gatherer): Fix compiler warning.
	* random/Makefile.am (librandom_la_SOURCES): Add rndjent.c
	(EXTRA_librandom_la_SOURCES): Add jitterentropy-base.c and
	jitterentropy.h.
	(rndjent.o, rndjent.lo): New rules.
	* configure.ac: New option --disbale-jent-support
	(ENABLE_JENT_SUPPORT): New ac-define.

	cipher: New helper function rol64.
	+ commit 6c882fb1fdb6c7cba2215fa7391110d63e24b9dc
	* cipher/bithelp.h (rol64): New inline functions.

	New hardware feature flag HWF_INTEL_RDTSC.
	+ commit 06f303a633ea2b992259688bef2b023c3f388f73
	* src/g10lib.h (HWF_INTEL_RDTSC): New.
	* src/hwfeatures.c (hwflist): Add "intel-rdtsc".
	* src/hwf-x86.c (detect_x86_gnuc): Get EDX features and test for TSC.

	random: Changes to original Jitter RNG implementation.
	+ commit a44c45675f8b631e11048a540bb1fbb7a022ebb4
	* random/jitterentropy-base.c: Change double underscore symbols and
	make all functions static.
	* random/jitterentropy.h: Likewise.

2017-06-13  Stephan Mueller  <smueller@chronox.de>

	random: Add original Jitter RNG implementation.
	+ commit f0ae18ecf48fbe2da0b9fb3f354d0dd3173d91d3
	* random/jitterentropy-base-user.h: New.
	* random/jitterentropy-base.c: New.
	* random/jitterentropy.h: New.

2017-06-08  Werner Koch  <wk@gnupg.org>

	build: Fix ChangeLog building for builds from other worktrees.
	+ commit cdfd7ea72a44657f037dd0dbba6e5ea0c2b344aa
	* Makefile.am (gen-ChangeLog): Test for existance of ".git" regardless
	on whether it is a file or directory.

2017-06-02  NIIBE Yutaka  <gniibe@fsij.org>

	secmem: Fix SEGV and stat calculation.
	+ commit e0958debe1a7db1bec1283115cdc6a14bf3b43e5
	* src/secmem (init_pool): Care about the header size.
	(_gcry_secmem_malloc_internal): Likewise.
	(_gcry_secmem_malloc_internal): Use mb->size for stats.

2017-06-01  Jo Van Bulck  <jo.vanbulck@cs.kuleuven.be>

	ecc: Store EdDSA session key in secure memory.
	+ commit 5a22de904a0a366ae79f03ff1e13a1232a89e26b
	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
	session key.

2017-05-31  Werner Koch  <wk@gnupg.org>

	api: Deprecate gcry_md_info.
	+ commit 45c39340c9926c2c5801dbab7609687c41e9ff1f


2017-05-30  Werner Koch  <wk@gnupg.org>

	mpi: Distribute asm files for aarch64 and asm.
	+ commit c65f9558f12ffa2810538ef616e71b4052dacb81
	* mpi/aarch64/distfiles: New.
	* mpi/arm/distfiles: New.

	mpi: Distribute asm definitions for amd64.
	+ commit 87e481137debabb7f989d7fa9b1c21c336e10c98
	* mpi/amd64/distfiles: Add mpi-asm-defs.h.

2017-05-23  Werner Koch  <wk@gnupg.org>

	cipher: Fix compiler warnings.
	+ commit d764c9894013727ff82eb194da6030209c273528
	* cipher/poly1305.c (poly1305_default_ops): Move to the top.  Add
	prototypes and compile only if USE_SSE2 is not defined.
	(poly1305_init_ext_ref32): Compile only if USE_SSE2 is not defined.
	(poly1305_blocks_ref32): Ditto.
	(poly1305_finish_ext_ref32): Ditto.

	doc: Comment fixes.
	+ commit c1bb3d9fdb6fe5f336af1d5a03fc42bfdc1f8b0b


2017-05-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rijndael-ssse3: fix functions calls from assembly blocks.
	+ commit 4cd94994a9abec9b92fa5972869baf089a28fa76
	* cipher/rijndael-ssse3-amd64.c (PUSH_STACK_PTR, POP_STACK_PTR): New.
	(vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
	(_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
	(do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Use PUSH_STACK_PTR and
	POP_STACK_PTR.

	chacha20-armv7-neon: fix to use fast code path when memory is aligned.
	+ commit 68861ae5d3e007d7a39f14ea27dc3dd8ef13ba02
	* cipher/chacha20-armv7-neon.S (UNALIGNED_LDMIA4): Uncomment
	instruction for jump to aligned code path.

	Move data in AMD64 assembly to text section.
	+ commit 1a094bc5b2aa730833faf593a931d4e5d7f9ab4d
	* cipher/camellia-aesni-avx-amd64.S: Move data to .text section to
	ensure that RIP relative addressing of data will work.
	* cipher/camellia-aesni-avx2-amd64.S: Ditto.
	* cipher/chacha20-avx2-amd64.S: Ditto.
	* cipher/chacha20-ssse3-amd64.S: Ditto.
	* cipher/des-amd64.S: Ditto.
	* cipher/serpent-avx2-amd64.S: Ditto.
	* cipher/sha1-avx-amd64.S: Ditto.
	* cipher/sha1-avx-bmi2-amd64.S: Ditto.
	* cipher/sha1-ssse3-amd64.S: Ditto.
	* cipher/sha256-avx-amd64.S: Ditto.
	* cipher/sha256-avx2-bmi2-amd64.S: Ditto.
	* cipher/sha256-ssse3-amd64.S: Ditto.
	* cipher/sha512-avx-amd64.S: Ditto.
	* cipher/sha512-avx2-bmi2-amd64.S: Ditto.
	* cipher/sha512-ssse3-amd64.S: Ditto.

	cast5-amd64: use 64-bit relocation with large PIC memory model.
	+ commit ff02fca39c83bcf30c79368611ac65e273e77f6c
	* cipher/cast5-amd64.S [__code_model_large__]
	(GET_EXTERN_POINTER): New.

2017-05-13  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Fix building with x86-64 medium and large memory models.
	+ commit 434d4f2af39033fc626044ba9a060da298522293
	* cipher/cast5-amd64.S [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
	(GET_EXTERN_POINTER): Load 64-bit address instead of 32-bit.
	* cipher/rijndael.c (do_encrypt, do_decrypt)
	[USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Load
	table pointer through register instead of generic reference.

2017-04-04  NIIBE Yutaka  <gniibe@fsij.org>

	mpi: Simplify mpi_powm.
	+ commit 719468e53133d3bdf12156c5bfdea2bf15f9f6f1
	* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

2017-03-08  Justus Winter  <justus@g10code.com>

	build: Use macOS' compatibility macros to enable all features.
	+ commit 654024081cfa103c87bb163b117ea3568171d408
	* configure.ac: On macOS, use the compatibility macros to expose every
	feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
	libc.

2017-02-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add BLAKE2b and BLAKE2s hash algorithms (RFC 7693)
	+ commit 5bd530b8a4624f101b8d42e68f1b28bcc13f4f76
	* cipher/blake2.c: New.
	* cipher/Makefile.am: Add 'blake2.c'.
	* cipher/md.c (digest_list, prepare_macpads): Add BLAKE2.
	(md_setkey): New.
	(_gcry_md_setkey): Call 'md_setkey' for non-HMAC md.
	* configure.ac: Add BLAKE2 digest.
	* doc/gcrypt.texi: Add BLAKE2.
	* src/cipher.h (_gcry_blake2_init_with_key)
	(_gcry_digest_spec_blake2b_512, _gcry_digest_spec_blake2b_384)
	(_gcry_digest_spec_blake2b_256, _gcry_digest_spec_blake2b_160)
	(_gcry_digest_spec_blake2s_256, _gcry_digest_spec_blake2s_224)
	(_gcry_digest_spec_blake2s_160, _gcry_digest_spec_blake2s_128): New.
	* src/gcrypt.h.in (GCRY_MD_BLAKE2B_512, GCRY_MD_BLAKE2B_384)
	(GCRY_MD_BLAKE2B_256, GCRY_MD_BLAKE2B_160, GCRY_MD_BLAKE2S_256)
	(GCRY_MD_BLAKE2S_224, GCRY_MD_BLAKE2S_160, GCRY_MD_BLAKE2S_128): New.
	* tests/basic.c (check_one_md): Add testing for keyed hashes.
	(check_digests): Add BLAKE2 test vectors; Add testing for keyed hashes.
	* tests/blake2b.h: New.
	* tests/blake2s.h: New.
	* tests/Makefile.am: Add 'blake2b.h' and 'blake2s.h'.

	Fix building with clang on ARM64/FreeBSD.
	+ commit da213db2c6cda6f57e5853e8c591d69bfa1cfa74
	* cipher/cipher-gcm-armv8-aarch64-ce.S: Use '.cpu generic+simd+crypto'
	instead of '.arch armv8-a+crypto'.
	* cipher/rijndael-armv8-aarch64-ce.S: Ditto.
	* cipher/sha1-armv8-aarch64-ce.S: Ditto.
	* cipher/sha256-armv8-aarch64-ce.S: Ditto.
	* configure.ac (gcry_cv_gcc_inline_asm_aarch64_neon): Ditto.
	(gcry_cv_gcc_inline_asm_aarch64_crypto): Ditto; and include NEON
	instructions to crypto instructions check.

2017-02-07  Justus Winter  <justus@g10code.com>

	Fix building with a pre C99 compiler.
	+ commit 75d91ffeaf83098ade325bb3b6b2c8a76eb1f6a6
	* cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt): Move the
	declaration of 'i' out of the loop.
	(_gcry_cipher_cfb8_decrypt): Likewise.

2017-02-04  Mathias L. Baumann  <mathias.baumann_at_sociomantic.com>

	Implement CFB with 8-bit mode.
	+ commit d1ee9a660571ce4a998c9ab2299d4f2419f99127
	* cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt)
	(_gcry_cipher_cfg8_decrypt): Add 8-bit variants of decrypt/encrypt
	functions.
	* cipher/cipher-internal.h (_gcry_cipher_cfb8_encrypt)
	(_gcry_cipher_cfg8_decrypt): Ditto.
	* cipher/cipher.c: Adjust code flow to work with GCRY_CIPHER_MODE_CFB8.
	* tests/basic.c: Add tests for cfb8 with AES and 3DES.

2017-02-04  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rndhw: add missing "memory" clobbers.
	+ commit c67c728478e8f47b6e8296b643fd35d66d4a1052
	* random/rndhw.c: (poll_padlock, rdrand_long): Add "memory" to asm
	clobbers.

	Add UNLIKELY and LIKELY macros.
	+ commit 4b7451d3e8e7b87d8e407fbbd924ad5b13bd0f00
	* src/g10lib.h (LIKELY, UNLIKELY): New.
	(gcry_assert): Use LIKELY for assert check.
	(fast_wipememory2_unaligned_head): Use UNLIKELY for unaligned
	branching.
	* cipher/bufhelp.h (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst)
	(buf_xor_n_copy_2): Ditto.

	rndhw: avoid type-punching.
	+ commit 37b537600f33fcf8e1c8dc2c658a142fbba44199
	* random/rndhw.c (rdrand_long, rdrand_nlong): Add 'volatile' for
	pointer.
	(poll_drng): Convert buffer to 'unsigned long[]' and make use of DIM
	macro.

2017-01-28  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	hwf-x86: avoid type-punching.
	+ commit 1407317a6112a23d4fec5827a9d74faef4196f66
	* src/hwf-x86.c (detect_x86_gnuc): Use union for vendor_id.

	cipher: add explicit blocksize checks to allow better optimization.
	+ commit efa9042f82ffed3d076b8e26ac62d29e00bb756a
	* cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
	(_gcry_cipher_cbc_decrypt): Add explicit check for cipher blocksize of
	64-bit or 128-bit.
	* cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
	(_gcry_cipher_cfb_decrypt): Ditto.
	* cipher/cipher-cmac.c (cmac_write, cmac_generate_subkeys)
	(cmac_final): Ditto.
	* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
	* cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Ditto.

	bufhelp: use unaligned dword and qword types for endianess helpers.
	+ commit e7b941c3de9c9b6319298c02f844cc0cadbf8562
	* cipher/bufhelp.h (BUFHELP_UNALIGNED_ACCESS): New, defined
	if attributes 'packed', 'aligned' and 'may_alias' are supported.
	(BUFHELP_FAST_UNALIGNED_ACCESS): Define if have
	BUFHELP_UNALIGNED_ACCESS.

	rijndael-aesni: fix u128_t strict-aliasing rule breaking.
	+ commit 92b4a29d2453712192ced2d7226abc49679dcb1e
	* cipher/rijndael-aesni.c (u128_t): Add attributes to tell GCC and clang
	that casting from 'char *' to 'u128_t *' is ok.

	cipher-xts: fix pointer casting to wrong alignment and aliasing.
	+ commit 4f31d816dcc1e95dc647651e92acbdfed53f5c14
	* cipher/cipher-xts.c (xts_gfmul_byA, xts_inc128): Use buf_get_le64
	and buf_put_le64 for accessing data; Change parameter pointers to
	'unsigned char *' type.
	(_gcry_cipher_xts_crypt): Do not cast buffer pointers to 'u64 *'
	for helper functions.

	crc-intel-pclmul: fix undefined behavior with unaligned access.
	+ commit 55cf1b5588705cab5f45e2817c4aa1d204dc0042
	* cipher/crc-intel-pclmul.c (u16_unaligned_s): New.
	(crc32_reflected_less_than_16, crc32_less_than_16): Use
	'u16_unaligned_s' for unaligned memory access.

	configure.ac: fix attribute checks.
	+ commit b29b1b9f576f501d4b993be0a751567045274a1a
	* configure.ac: Add -Werror flag for attribute checks.

	configure.ac: fix may_alias attribute check.
	+ commit 136c8416ea540dd126be3997d94d7063b3aaf577
	* configure.ac: Test may_alias attribute on type, not on variable.

	bufhelp: add 'may_alias' attribute for properly aligned 'bufhelp_int_t'
	+ commit d1ae52a0e23308f33b78cffeba56005b687f23c0
	* cipher/bufhelp.h [!BUFHELP_FAST_UNALIGNED_ACCESS]
	(bufhelp_int_t): Add 'may_alias' attribute.

2017-01-27  Werner Koch  <wk@gnupg.org>

	w32: New envvar GCRYPT_RNDW32_DBG.
	+ commit a351fbde8548ce3f57298c618426f043844fbc78
	* random/rndw32.c (_gcry_rndw32_gather_random): Use getenv to set
	DEBUG_ME.

2017-01-23  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	rijndael-ssse3-amd64: fix building on x32.
	+ commit 39b9302da5d08bd52688d20befe626fee0b6c41d
	* cipher/rijndael-ssse3-amd64.c: Use 64-bit call instructions
	with 64-bit registers.

	bufhelp: use 'may_alias' attribute unaligned pointer types.
	+ commit bf9e0b79e620ca2324224893b07522462b125412
	* configure.ac (gcry_cv_gcc_attribute_may_alias)
	(HAVE_GCC_ATTRIBUTE_MAY_ALIAS): New check for 'may_alias' attribute.
	* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only if
	HAVE_GCC_ATTRIBUTE_MAY_ALIAS is defined.
	[BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_int_t, bufhelp_u32_t)
	(bufhelp_u64_t): Add 'may_alias' attribute.
	* src/g10lib.h (fast_wipememory_t): Add HAVE_GCC_ATTRIBUTE_MAY_ALIAS
	defined check; Add 'may_alias' attribute.

2017-01-18  Werner Koch  <wk@gnupg.org>

	random: Call getrandom before select and emitting a progress callback.
	+ commit 623aab8a940ea61afe3fef650ad485a755ed9fe7
	* random/rndlinux.c (_gcry_rndlinux_gather_random): Move the getrandom
	call before the select.

2017-01-06  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	mpi: amd64: fix too large jump alignment in mpih-rshift.
	+ commit ddcfe31e2425e88b280e7cdaf3f0eaaad8ccc023
