From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 9 May 2020 19:39:18 +0000 (+0100)
Subject: Merge branch '2.4.x' into 2.5.x
X-Git-Tag: 2.5.2~5
X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/8c5956c14f5834a072e1a9345ae1f356b14164ca

Merge branch '2.4.x' into 2.5.x

* 2.4.x:
  Release 2.4.5.
  math/group-parse.c (group-parse): Parse binary-group descriptions.
  math/group-parse.c: Fix copyright notice.
  *.c: Check for ARM64 SIMD before using the accelerated code.
  base/dispatch.c: Recognize `CPUFEAT_ARM_NEON' as requesting ARM64 SIMD.
  symm/t/chacha: Missing test from RFC8439.
  math/t/{mpx,mpmont}: Add some extra tests for flushing out `mul4' bugs.
  math/mpx-mul4-*: Test the `...zc' variants too.
  math/Makefile.am, symm/Makefile.am: Use `--no-install' on oddball tests.
  progs/pixie.c: Don't crash when trying to set an empty passphrase.
  configure.ac, vars.am: Use host-specific link options for test programs.
---

8c5956c14f5834a072e1a9345ae1f356b14164ca
diff --cc base/dispatch.c
index abd019f6,f0531ea9..131e3fdb
--- a/base/dispatch.c
+++ b/base/dispatch.c
@@@ -344,8 -340,8 +344,9 @@@ static unsigned hwcaps = 0
  #  define WANTAUX(_)							\
  	WANT_AT_HWCAP(_)
  #  define CAPMAP(_)							\
+ 	_(ARM_NEON, "arm:neon")						\
 -	_(ARM_AES, "arm:aes")
 +	_(ARM_AES, "arm:aes")						\
 +	_(ARM_PMULL, "arm:pmull")
  #endif
  
  /* Build the bitmask for `hwcaps' from the `CAPMAP' list. */
@@@ -459,13 -455,10 +460,14 @@@ static void probe_hwcaps(void
  #  ifdef HWCAP2_AES
    if (probed.hwcap2 & HWCAP2_AES) hw |= HF_ARM_AES;
  #  endif
 +#  ifdef HWCAP2_PMULL
 +  if (probed.hwcap2 & HWCAP2_PMULL) hw |= HF_ARM_PMULL;
 +#  endif
  #endif
  #if CPUFAM_ARM64
+   if (probed.hwcap & HWCAP_ASIMD) hw |= HF_ARM_NEON;
    if (probed.hwcap & HWCAP_AES) hw |= HF_ARM_AES;
 +  if (probed.hwcap & HWCAP_PMULL) hw |= HF_ARM_PMULL;
  #endif
  
    /* Store the bitmask of features we probed for everyone to see. */
diff --cc debian/changelog
index 066dcc59,6079fd7a..bc7bcb79
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,28 -1,42 +1,67 @@@
 +catacomb (2.5.1) experimental; urgency=medium
 +
 +  * Merge changes from 2.4.4.
 +
 + -- Mark Wooding <mdw@distorted.org.uk>  Sun, 29 Sep 2019 17:50:59 +0100
 +
 +catacomb (2.5.0) experimental; urgency=medium
 +
 +  * catacomb: MACs based on blockciphers: PMAC1 and CMAC (also known as
 +    OMAC).
 +  * catacomb: Authenticated Encryption with Additional Data (AEAD)
 +    schemes.  Some based on blockciphers: CCM, EAX, GCM (with CPU-specific
 +    acceleration), OCB1 and OCB3 (OCB2 is broken).  Also Salsa20 and
 +    ChaCha20 with Poly1305: the RFC7539 scheme, and the NaCl `secret_box'
 +    transform.
 +  * catacomb: Implement Grantham's Frobenius test.  Combine it with
 +    Rabin--Miller, as Baillie--PSW, for testing given primes.
 +  * catacomb-bin (catcrypt): Support AEAD schemes for bulk crypto.
 +  * catacomb-bin (perftest): Options for batching; report cycle counts
 +    where available.
 +  * Many internal improvements: better documentation, debugging, testing,
 +    etc.
 +
 + -- Mark Wooding <mdw@distorted.org.uk>  Sat, 21 Sep 2019 21:26:44 +0100
 +
+ catacomb (2.4.5) experimental; urgency=medium
+ 
+   * catacomb: Fix memory leak in key-file error handling.
+   * catacomb: Don't leak internal `exptime' symbol into the global
+     namespace.
+   * catacomb: Check that the X86 `rdrand' instruction actually works
+     before leaning on it.  This is in response to the well-publicized AMD
+     bug which always returns all-bits-set with the carry /set/ (indicating
+     success).
+   * catacomb: Mix in the random pool key during `rand_gate' and
+     `rand_stretch' operations.
+   * catacomb: Fix by-tag key lookups: if the query string looks like a hex
+     number, it's treated as a search by id; but if no such id is found,
+     the search wouldn't continue to look for a key by type or tag.
+   * catacomb: Fix reference leak in `key_split'.
+   * catacomb: Fix bug which completely broke `key_copydata'.
+   * catacomb: Fix segfault from `pgen', if it fails before setting up the
+     prime tester.
+   * catacomb: Propagate failure from `pgen' during Lim--Lee prime
+     generation, rather than immediately retrying.
+   * catacomb: Fix memory leak of factor vector from failed Lim--Lee prime
+     generation.
+   * catacomb: Fix segfault when multiplying the identity elliptic-curve
+     point.
+   * catacomb: Fix the `lcrand' descriptor, so that it's not advertised as
+     being cryptographically strong, and to fix a bias in its output.
+   * catacomb: Fix a memory leak in the error case of KCDSA prime
+     generation.
+   * catacomb-bin: Fix segfault from `pixie', if given an empty passphrase
+     to remember.
+   * catacomb: Check SIMD feature bit on ARM64 before using the optimized
+     code.  I don't know of any ARM64 implementations which lack SIMD
+     instructions, but the bit must be there for a reason, so I might as
+     well use it.
+   * catacomb: Support parsing binary-group descriptions.  This is a long-
+     standing lacuna that I've only recently noticed.
+ 
+  -- Mark Wooding <mdw@distorted.org.uk>  Sat, 09 May 2020 17:46:24 +0100
+ 
  catacomb (2.4.4) experimental; urgency=medium
  
    * debian: Bump to Debhelper 10.