aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/filters.txt6
-rw-r--r--doc/log.txt2545
-rw-r--r--doc/passhash.txt4
3 files changed, 1284 insertions, 1271 deletions
diff --git a/doc/filters.txt b/doc/filters.txt
index a4e651952..3e337c3c3 100644
--- a/doc/filters.txt
+++ b/doc/filters.txt
@@ -182,7 +182,7 @@ a case where that is useful::
Pipe pipe(new Base64_Decoder,
get_cipher("AES-128", key, iv, DECRYPTION),
new Fork(
- 0
+ 0, // this message gets ciphertext
new MAC_Filter("HMAC(SHA-1)", mac_key)
)
);
@@ -212,7 +212,9 @@ And then called ``start_msg``, inserted some data, then
encoded form, and the other would contain the SHA-512 sum of the input
in raw binary. In many situations you'll want to perform a sequence of
operations on multiple branches of the fork; in which case, use
-``Chain``.
+the filter described in :ref:`chain`.
+
+.. _chain:
Chain
---------------------------------
diff --git a/doc/log.txt b/doc/log.txt
index d3bc51004..ca83c9bfe 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -10,85 +10,94 @@ Release Notes
Version 1.10.0, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Further updates to the documentation
+* Further updates to the documentation
- * New options to ``configure.py`` control what tools are used for
- documentation generation. The ``--use-sphinx`` option enables
- using Sphinx to convert ReST into HTML; otherwise the ReST sources
- are installed directly. If ``--use-doxygen`` is used, Doxygen will
- run as well. Documentation generation can be triggered via the
- ``docs`` target in the makefile; it will also be installed by
- the install target on Unix.
+* New options to ``configure.py`` control what tools are used for
+ documentation generation. The ``--use-sphinx`` option enables using
+ Sphinx to convert ReST into HTML; otherwise the ReST sources are
+ installed directly. If ``--use-doxygen`` is used, Doxygen will run
+ as well. Documentation generation can be triggered via the ``docs``
+ target in the makefile; it will also be installed by the install
+ target on Unix.
Version 1.9.16, 2011-04-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Second release candidate for 1.10.0
+* Second release candidate for 1.10.0
- * The documentation, previously written in LaTeX, is now in
- reStructuredText suitable for processing by Sphinx, which can
- generate nicely formatted HTML and PDFs. The documentation has
- also been greatly updated and expanded.
+* The documentation, previously written in LaTeX, is now in
+ reStructuredText suitable for processing by `Sphinx
+ <http://sphinx.pocoo.org>`_, which can generate nicely formatted
+ HTML and PDFs. The documentation has also been greatly updated and
+ expanded.
- * The class EC_Domain_Params has been renamed EC_Group, with a
- typedef for backwards compatability.
+* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a
+ typedef for backwards compatability.
- * EC_Group's string constructor didn't understand the standard
- names like "secp160r1", forcing use of the OIDs.
+* ``EC_Group``'s string constructor didn't understand the standard
+ names like "secp160r1", forcing use of the OIDs.
- * Change shared library versioning to match the normal Unix
- conventions. Instead of libbotan-X.Y.Z.so, the shared lib is named
- libbotan.so.X.Y.Z; this allows the runtime linker to do its
- runtime linky magic.
+* Change shared library versioning to match the normal Unix
+ conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is
+ named ``libbotan.so.X.Y.Z``; this allows the runtime linker to do
+ its runtime linky magic.
- * Remove the socket wrapper code; it was not actually used by
- anything in the library, only in the examples, and you can use
- whatever kind of (blocking) socket interface you like with the
- SSL/TLS code. It's available as socket.h in the examples directory
- if you want to use it.
+* Remove the socket wrapper code; it was not actually used by anything
+ in the library, only in the examples, and you can use whatever kind
+ of (blocking) socket interface you like with the SSL/TLS code. It's
+ available as socket.h in the examples directory if you want to use
+ it.
- * Disable the by-default 'strong' checking of private keys that are
- loaded from storage. You can always request key material sanity
- checking using Private_Key::check_key.
+* Disable the by-default 'strong' checking of private keys that are
+ loaded from storage. You can always request key material sanity
+ checking using Private_Key::check_key.
- * Bring back removed functions min_keylength_of, max_keylength_of,
- keylength_multiple_of in lookup.h to avoid breaking applications
- written against 1.8
+* Bring back removed functions ``min_keylength_of``,
+ ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to
+ avoid breaking applications written against 1.8
Version 1.9.15, 2011-03-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * First release candidate for 1.10.0
- * Modify how message expansion is done in SHA-256 and SHA-512.
- Instead of expanding the entire message at the start, compute them
- in the minimum number of registers. Values are computed 15 rounds
- before they are needed. On a Core i7-860, GCC 4.5.2, went from
- 143 to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512.
- * Pipe will delete empty output queues as soon as they are no longer
- needed, even if earlier messages still have data unread. However an
- (empty) entry in a deque of pointers will remain until all prior
- messages are completely emptied.
- * Avoid reading the SPARC %tick register on OpenBSD as unlike Linux
- the kernel will not trap and emulate it for us, causing a illegal
- instruction crash.
- * Improve detection and autoconfiguration for ARM processors.
+* First release candidate for 1.10.0
+
+* Modify how message expansion is done in SHA-256 and SHA-512.
+ Instead of expanding the entire message at the start, compute them
+ in the minimum number of registers. Values are computed 15 rounds
+ before they are needed. On a Core i7-860, GCC 4.5.2, went from 143
+ to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512.
+
+* Pipe will delete empty output queues as soon as they are no longer
+ needed, even if earlier messages still have data unread. However an
+ (empty) entry in a deque of pointers will remain until all prior
+ messages are completely emptied.
+
+* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike
+ Linux the kernel will not trap and emulate it for us, causing a
+ illegal instruction crash.
+
+* Improve detection and autoconfiguration for ARM processors.
Version 1.9.14, 2011-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add support for bcrypt, OpenBSD's password hashing scheme
- * Add support for NIST's AES key wrapping algorithm
- * Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142)
+* Add support for bcrypt, OpenBSD's password hashing scheme. It is
+ described in :ref:`bcrypt`.
+
+* Add support for NIST's AES key wrapping algorithm, as described in
+ :rfc:`3394`. It is available by including ``rfc3394.h``.
+
+* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142)
Version 1.9.13, 2011-02-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Update Keccak to the round 3 variant
- * Fix ordering in GOST 34.10 signatures to match DNSSEC specifications
- * Use size_t instead of u32bit for small integers in DER/BER codecs
- * Add new build option --distribution-info
- * Fix problems in the amalgamation build
- * Fix building under Clang 2.9 and Sun Studio 12
+* Update Keccak to the round 3 variant
+* Fix ordering in GOST 34.10 signatures to match DNSSEC specifications
+* Use ``size_t`` instead of ``u32bit`` for small integers in DER/BER codecs
+* Add new build option --distribution-info
+* Fix problems in the amalgamation build
+* Fix building under Clang 2.9 and Sun Studio 12
2010
----------------------------------------
@@ -96,172 +105,172 @@ Version 1.9.13, 2011-02-19
Version 1.9.12, 2010-12-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add the Keccak hash function
- * Fix compilation problems in Python wrappers
- * Fix compilation problem in OpenSSL engine
- * Update SQLite3 database encryption codec
+* Add the Keccak hash function
+* Fix compilation problems in Python wrappers
+* Fix compilation problem in OpenSSL engine
+* Update SQLite3 database encryption codec
Version 1.9.11, 2010-11-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Many SSL/TLS APIs have changed. This API is still unstable.
- * The SSL interface requires TR1 (uses std::tr1::function)
- * Fix SSL handshake failures when using RC4 ciphersuites
- * Fix a number of CRL encoding and decoding bugs
- * Counter mode now always encrypts 256 blocks in parallel
- * Code where u32bit was used to represent a length now uses size_t
- * Use small tables in the first round of AES
- * Removed AES class: app must choose AES-128, AES-192, or AES-256
- * Add hex encoding/decoding functions that can be used without a Pipe
- * Add base64 encoding functions that can be used without a Pipe
- * Add to_string function to X509_Certificate
- * Add support for dynamic engine loading on Windows
- * Replace BlockCipher::BLOCK_SIZE attribute with function block_size()
- * Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size()
- * Changed semantics of MemoryRegion::resize and clear to match STL
- * Removed MemoryRegion::append, replaced by push_back and operator+=
- * Move PBKDF lookup to engine system
- * The IDEA key schedule has been changed to run in constant time
- * Avoid a possible timing vulnerability in Montgomery reduction
- * Add Algorithm and Key_Length_Specification classes
- * Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
- * Update Skein-512 to match the v1.3 specification
- * Allow using PBKDF2 with empty passphrases
- * Add compile-time deprecation warnings for GCC, Clang, and MSVC
- * Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
- * Improve support for Intel Atom processors
- * Fix compilation problems under Sun Studio and Clang
+* Many SSL/TLS APIs have changed. This API is still unstable.
+* The SSL interface requires TR1 (uses std::tr1::function)
+* Fix SSL handshake failures when using RC4 ciphersuites
+* Fix a number of CRL encoding and decoding bugs
+* Counter mode now always encrypts 256 blocks in parallel
+* Code where u32bit was used to represent a length now uses size_t
+* Use small tables in the first round of AES
+* Removed AES class: app must choose AES-128, AES-192, or AES-256
+* Add hex encoding/decoding functions that can be used without a Pipe
+* Add base64 encoding functions that can be used without a Pipe
+* Add to_string function to X509_Certificate
+* Add support for dynamic engine loading on Windows
+* Replace BlockCipher::BLOCK_SIZE attribute with function block_size()
+* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size()
+* Changed semantics of MemoryRegion::resize and clear to match STL
+* Removed MemoryRegion::append, replaced by push_back and operator+=
+* Move PBKDF lookup to engine system
+* The IDEA key schedule has been changed to run in constant time
+* Avoid a possible timing vulnerability in Montgomery reduction
+* Add Algorithm and Key_Length_Specification classes
+* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
+* Update Skein-512 to match the v1.3 specification
+* Allow using PBKDF2 with empty passphrases
+* Add compile-time deprecation warnings for GCC, Clang, and MSVC
+* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
+* Improve support for Intel Atom processors
+* Fix compilation problems under Sun Studio and Clang
Version 1.8.11, 2010-11-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a number of CRL encoding and decoding bugs
- * When building a debug library under VC++, use the debug runtime
- * Fix compilation under Sun Studio on Linux and Solaris
- * Add several functions for compatability with 1.9
- * In the examples, read most input files as binary
- * The Perl build script has been removed in this release
+* Fix a number of CRL encoding and decoding bugs
+* When building a debug library under VC++, use the debug runtime
+* Fix compilation under Sun Studio on Linux and Solaris
+* Add several functions for compatability with 1.9
+* In the examples, read most input files as binary
+* The Perl build script has been removed in this release
Version 1.8.10, 2010-08-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Switch default PKCS #8 encryption algorithm from 3DES to AES-256
- * Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2
- * Use small tables in the first round of AES
- * Add PBKDF typedef and get_pbkdf for better compatability with 1.9
- * Add version of S2K::derive_key taking salt and iteration count
- * Enable the /proc-walking entropy source on NetBSD
- * Fix the doxygen makefile target
+* Switch default PKCS #8 encryption algorithm from 3DES to AES-256
+* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2
+* Use small tables in the first round of AES
+* Add PBKDF typedef and get_pbkdf for better compatability with 1.9
+* Add version of S2K::derive_key taking salt and iteration count
+* Enable the /proc-walking entropy source on NetBSD
+* Fix the doxygen makefile target
Version 1.9.10, 2010-08-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add a constant time AES implementation using SSSE3
- * Add support for loading new Engines at runtime
- * Use GCC byteswap intrinsics where possible
- * Drop support for building with Python 2.4
- * Fix benchmarking of block ciphers in ECB mode
- * Consolidate the two x86 assembly engines
- * Rename S2K to PBKDF
+* Add a constant time AES implementation using SSSE3
+* Add support for loading new Engines at runtime
+* Use GCC byteswap intrinsics where possible
+* Drop support for building with Python 2.4
+* Fix benchmarking of block ciphers in ECB mode
+* Consolidate the two x86 assembly engines
+* Rename S2K to PBKDF
Version 1.9.9, 2010-06-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add new X509::BER_encode and PKCS8::BER_encode
- * Give all Filter objects a name() function
- * Add Keyed_Filter::valid_iv_length
- * Increase default iteration counts for private key encryption
- * Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later
- * Fix compilation under Apple's GCC 4.2
- * Expand and update the Doxygen documentation
+* Add new X509::BER_encode and PKCS8::BER_encode
+* Give all Filter objects a name() function
+* Add Keyed_Filter::valid_iv_length
+* Increase default iteration counts for private key encryption
+* Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later
+* Fix compilation under Apple's GCC 4.2
+* Expand and update the Doxygen documentation
Version 1.8.9, 2010-06-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Use constant time multiplication in IDEA
- * Avoid possible timing attack against OAEP decoding
- * Add new X509::BER_encode and PKCS8::BER_encode
- * Enable DLL builds under Windows
- * Add Win32 installer support
- * Add support for the Clang compiler
- * Fix problem in semcem.h preventing build under Clang or GCC 3.4
- * Fix bug that prevented creation of DSA groups under 1024 bits
- * Fix crash in GMP_Engine if library is shutdown and reinitialized
- * Work around problem with recent binutils in x86-64 SHA-1
- * The Perl build script is no longer supported and refuses to run by default
+* Use constant time multiplication in IDEA
+* Avoid possible timing attack against OAEP decoding
+* Add new X509::BER_encode and PKCS8::BER_encode
+* Enable DLL builds under Windows
+* Add Win32 installer support
+* Add support for the Clang compiler
+* Fix problem in semcem.h preventing build under Clang or GCC 3.4
+* Fix bug that prevented creation of DSA groups under 1024 bits
+* Fix crash in GMP_Engine if library is shutdown and reinitialized
+* Work around problem with recent binutils in x86-64 SHA-1
+* The Perl build script is no longer supported and refuses to run by default
Version 1.9.8, 2010-06-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add support for wide multiplications on 64-bit Windows
- * Use constant time multiplication in IDEA
- * Avoid possible timing attack against OAEP decoding
- * Removed FORK-256; rarely used and it has been broken
- * Rename --use-boost-python to --with-boost-python
- * Skip building shared libraries on MinGW/Cygwin
- * Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
- * Fix compilation on GCC versions before 4.3 (missing cpuid.h)
- * Fix compilation under the Clang compiler
+* Add support for wide multiplications on 64-bit Windows
+* Use constant time multiplication in IDEA
+* Avoid possible timing attack against OAEP decoding
+* Removed FORK-256; rarely used and it has been broken
+* Rename --use-boost-python to --with-boost-python
+* Skip building shared libraries on MinGW/Cygwin
+* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
+* Fix compilation on GCC versions before 4.3 (missing cpuid.h)
+* Fix compilation under the Clang compiler
Version 1.9.7, 2010-04-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * TLS: Support reading SSLv2 client hellos
- * TLS: Add support for SEED ciphersuites (RFC 4162)
- * Add Comb4P hash combiner function
- * Fix checking of EMSA_Raw signatures with leading 0 bytes
+* TLS: Support reading SSLv2 client hellos
+* TLS: Add support for SEED ciphersuites (RFC 4162)
+* Add Comb4P hash combiner function
+* Fix checking of EMSA_Raw signatures with leading 0 bytes
Version 1.9.6, 2010-04-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * TLS: Add support for TLS v1.1
- * TLS: Support server name indicator extension
- * TLS: Fix server handshake
- * TLS: Fix server using DSA certificates
- * TLS: Avoid timing channel between CBC padding check and MAC verification
+* TLS: Add support for TLS v1.1
+* TLS: Support server name indicator extension
+* TLS: Fix server handshake
+* TLS: Fix server using DSA certificates
+* TLS: Avoid timing channel between CBC padding check and MAC verification
Version 1.9.5, 2010-03-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Numerous ECC optimizations
- * Fix GOST 34.10-2001 X.509 key loading
- * Allow PK_Signer's fault protection checks to be toggled off
- * Avoid using pool-based locking allocator if we can't mlock
- * Remove all runtime options
- * New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
- * Remove SecureBuffer in favor of SecureVector length parameter
- * HMAC_RNG: Perform a poll along with user-supplied entropy
- * Fix crash in MemoryRegion if Allocator::get failed
- * Fix small compilation problem on FreeBSD
+* Numerous ECC optimizations
+* Fix GOST 34.10-2001 X.509 key loading
+* Allow PK_Signer's fault protection checks to be toggled off
+* Avoid using pool-based locking allocator if we can't mlock
+* Remove all runtime options
+* New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
+* Remove SecureBuffer in favor of SecureVector length parameter
+* HMAC_RNG: Perform a poll along with user-supplied entropy
+* Fix crash in MemoryRegion if Allocator::get failed
+* Fix small compilation problem on FreeBSD
Version 1.9.4, 2010-03-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add the Ajisai SSLv3/TLSv1.0 implementation
- * Add GOST 34.10-2001 public key signature scheme
- * Add SIMD implementation of Noekeon
- * Add SSE2 implementation of IDEA
- * Extend Salsa20 to support longer IVs (XSalsa20)
- * Perform XTS encryption and decryption in parallel where possible
- * Perform CBC decryption in parallel where possible
- * Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
- * Add a block cipher cascade construction
- * Add support for password hashing for authentication (passhash9.h)
- * Add support for Win32 high resolution system timers
- * Major refactoring and API changes in the public key code
- * Use consistency checking (anti-fault attack) for all signature schemes
- * Changed S2K interface: derive_key now takes salt, iteration count
- * Remove dependency on TR1 for ECC and CVC code
- * Renamed ECKAEG to its more usual name, ECDH
- * Fix crash in GMP_Engine if library is shutdown and reinitialized
- * Fix an invalid memory read in MD4
- * Fix Visual C++ static builds
- * Remove Timer class entirely
- * Switch default PKCS #8 encryption algorithm from 3DES to AES-128
- * New option --gen-amalgamation for creating a SQLite-style amalgamation
- * Many headers are now explicitly internal-use-only and are not installed
- * Greatly improve the Win32 installer
- * Several fixes for Visual C++ debug builds
+* Add the Ajisai SSLv3/TLSv1.0 implementation
+* Add GOST 34.10-2001 public key signature scheme
+* Add SIMD implementation of Noekeon
+* Add SSE2 implementation of IDEA
+* Extend Salsa20 to support longer IVs (XSalsa20)
+* Perform XTS encryption and decryption in parallel where possible
+* Perform CBC decryption in parallel where possible
+* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
+* Add a block cipher cascade construction
+* Add support for password hashing for authentication (passhash9.h)
+* Add support for Win32 high resolution system timers
+* Major refactoring and API changes in the public key code
+* Use consistency checking (anti-fault attack) for all signature schemes
+* Changed S2K interface: derive_key now takes salt, iteration count
+* Remove dependency on TR1 for ECC and CVC code
+* Renamed ECKAEG to its more usual name, ECDH
+* Fix crash in GMP_Engine if library is shutdown and reinitialized
+* Fix an invalid memory read in MD4
+* Fix Visual C++ static builds
+* Remove Timer class entirely
+* Switch default PKCS #8 encryption algorithm from 3DES to AES-128
+* New option --gen-amalgamation for creating a SQLite-style amalgamation
+* Many headers are now explicitly internal-use-only and are not installed
+* Greatly improve the Win32 installer
+* Several fixes for Visual C++ debug builds
2009
----------------------------------------
@@ -269,119 +278,119 @@ Version 1.9.4, 2010-03-09
Version 1.9.3, 2009-11-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add new AES implementation using Intel's AES instruction intrinsics
- * Add an implementation of format preserving encryption
- * Allow use of any hash function in X.509 certificate creation
- * Optimizations for MARS, Skipjack, and AES
- * Set macros for available SIMD instructions in build.h
- * Add support for using InnoSetup to package Windows builds
- * By default build a DLL on Windows
+* Add new AES implementation using Intel's AES instruction intrinsics
+* Add an implementation of format preserving encryption
+* Allow use of any hash function in X.509 certificate creation
+* Optimizations for MARS, Skipjack, and AES
+* Set macros for available SIMD instructions in build.h
+* Add support for using InnoSetup to package Windows builds
+* By default build a DLL on Windows
Version 1.9.2, 2009-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add SIMD version of XTEA
- * Support both SSE2 and AltiVec SIMD for Serpent and XTEA
- * Optimizations for SHA-1 and SHA-2
- * Add AltiVec runtime detection
- * Fix x86 CPU identification with Intel C++ and Visual C++
+* Add SIMD version of XTEA
+* Support both SSE2 and AltiVec SIMD for Serpent and XTEA
+* Optimizations for SHA-1 and SHA-2
+* Add AltiVec runtime detection
+* Fix x86 CPU identification with Intel C++ and Visual C++
Version 1.8.8, 2009-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Alter Skein-512 to match the tweaked 1.2 specification
- * Fix use of inline asm for access to x86 bswap function
- * Allow building the library without AES enabled
- * Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild
+* Alter Skein-512 to match the tweaked 1.2 specification
+* Fix use of inline asm for access to x86 bswap function
+* Allow building the library without AES enabled
+* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild
Version 1.9.1, 2009-10-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Better support for Python and Perl wrappers
- * Add an implementation of Blue Midnight Wish (Round 2 tweak version)
- * Modify Skein-512 to match the tweaked 1.2 specification
- * Add threshold secret sharing (draft-mcgrew-tss-02)
- * Add runtime cpu feature detection for x86/x86-64
- * Add code for general runtime self testing for hashes, MACs, and ciphers
- * Optimize XTEA; twice as fast as before on Core2 and Opteron
- * Convert CTR_BE and OFB from filters to stream ciphers
- * New parsing code for SCAN algorithm names
- * Enable SSE2 optimizations under Visual C++
- * Remove all use of C++ exception specifications
- * Add support for GNU/Hurd and Clang/LLVM
+* Better support for Python and Perl wrappers
+* Add an implementation of Blue Midnight Wish (Round 2 tweak version)
+* Modify Skein-512 to match the tweaked 1.2 specification
+* Add threshold secret sharing (draft-mcgrew-tss-02)
+* Add runtime cpu feature detection for x86/x86-64
+* Add code for general runtime self testing for hashes, MACs, and ciphers
+* Optimize XTEA; twice as fast as before on Core2 and Opteron
+* Convert CTR_BE and OFB from filters to stream ciphers
+* New parsing code for SCAN algorithm names
+* Enable SSE2 optimizations under Visual C++
+* Remove all use of C++ exception specifications
+* Add support for GNU/Hurd and Clang/LLVM
Version 1.9.0, 2009-09-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add support for parallel invocation of block ciphers where possible
- * Add SSE2 implementation of Serpent
- * Add Rivest's package transform (an all or nothing transform)
- * Minor speedups to the Turing key schedule
- * Fix processing multiple messages in XTS mode
- * Add --no-autoload option to configure.py, for minimized builds
- * The previously used configure.pl script is no longer supported
+* Add support for parallel invocation of block ciphers where possible
+* Add SSE2 implementation of Serpent
+* Add Rivest's package transform (an all or nothing transform)
+* Minor speedups to the Turing key schedule
+* Fix processing multiple messages in XTS mode
+* Add --no-autoload option to configure.py, for minimized builds
+* The previously used configure.pl script is no longer supported
Version 1.8.7, 2009-09-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix processing multiple messages in XTS mode
- * Add --no-autoload option to configure.py, for minimized builds
+* Fix processing multiple messages in XTS mode
+* Add --no-autoload option to configure.py, for minimized builds
Version 1.8.6, 2009-08-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add Cryptobox, a set of simple password-based encryption routines
- * Only read world-readable files when walking /proc for entropy
- * Fix building with TR1 disabled
- * Fix x86 bswap support for Visual C++
- * Fixes for compilation under Sun C++
- * Add support for Dragonfly BSD (contributed by Patrick Georgi)
- * Add support for the Open64 C++ compiler
- * Build fixes for MIPS systems running Linux
- * Minor changes to license, now equivalent to the FreeBSD/NetBSD license
+* Add Cryptobox, a set of simple password-based encryption routines
+* Only read world-readable files when walking /proc for entropy
+* Fix building with TR1 disabled
+* Fix x86 bswap support for Visual C++
+* Fixes for compilation under Sun C++
+* Add support for Dragonfly BSD (contributed by Patrick Georgi)
+* Add support for the Open64 C++ compiler
+* Build fixes for MIPS systems running Linux
+* Minor changes to license, now equivalent to the FreeBSD/NetBSD license
Version 1.8.5, 2009-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Change configure.py to work on stock Python 2.4
- * Avoid a crash in Skein_512::add_data processing a zero-length input
- * Small build fixes for SPARC, ARM, and HP-PA processors
- * The test suite now returns an error code from main() if any tests failed
+* Change configure.py to work on stock Python 2.4
+* Avoid a crash in Skein_512::add_data processing a zero-length input
+* Small build fixes for SPARC, ARM, and HP-PA processors
+* The test suite now returns an error code from main() if any tests failed
Version 1.8.4, 2009-07-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a bug in nonce generation in the Miller-Rabin test
+* Fix a bug in nonce generation in the Miller-Rabin test
Version 1.8.3, 2009-07-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add a new Python configuration script
- * Add the Skein-512 SHA-3 candidate hash function
- * Add the XTS block cipher mode from IEEE P1619
- * Fix random_prime when generating a prime of less than 7 bits
- * Improve handling of low-entropy situations during PRNG seeding
- * Change random device polling to prefer /dev/urandom over /dev/random
- * Use an input insensitive implementation of same_mem instead of memcmp
- * Correct DataSource::discard_next to return the number of discarded bytes
- * Provide a default value for AutoSeeded_RNG::reseed
- * Fix Gentoo bug 272242
+* Add a new Python configuration script
+* Add the Skein-512 SHA-3 candidate hash function
+* Add the XTS block cipher mode from IEEE P1619
+* Fix random_prime when generating a prime of less than 7 bits
+* Improve handling of low-entropy situations during PRNG seeding
+* Change random device polling to prefer /dev/urandom over /dev/random
+* Use an input insensitive implementation of same_mem instead of memcmp
+* Correct DataSource::discard_next to return the number of discarded bytes
+* Provide a default value for AutoSeeded_RNG::reseed
+* Fix Gentoo bug 272242
Version 1.8.2, 2009-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Make entropy polling more flexible and in most cases faster
- * GOST 28147 now supports multiple sbox parameters
- * Added the GOST 34.11 hash function
- * Fix botan-config problems on MacOS X
+* Make entropy polling more flexible and in most cases faster
+* GOST 28147 now supports multiple sbox parameters
+* Added the GOST 34.11 hash function
+* Fix botan-config problems on MacOS X
Version 1.8.1, 2009-01-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
- * Fix memory leak in PKCS8 load_key and encrypt_key
- * Relicense api.tex from CC-By-SA 2.5 to BSD
- * Fix botan-config on MacOS X, Solaris
+* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
+* Fix memory leak in PKCS8 load_key and encrypt_key
+* Relicense api.tex from CC-By-SA 2.5 to BSD
+* Fix botan-config on MacOS X, Solaris
2008
----------------------------------------
@@ -389,277 +398,277 @@ Version 1.8.1, 2009-01-20
Version 1.8.0, 2008-12-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix compilation on Solaris with GCC
+* Fix compilation on Solaris with GCC
Version 1.7.24, 2008-12-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a compatibility problem with SHA-512/EMSA3 signature padding
- * Fix bug preventing EGD/PRNGD entropy poller from working
- * Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
- * Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
- * Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
- * Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
- * Wrap private structs in SSE2 SHA-1 code in anonymous namespace
- * Change configure.pl's CPU autodetection output to be more consistent
- * Disable using OpenSSL's AES due to crashes of unknown cause
- * Fix warning in /proc walking entropy poller
- * Fix compilation with IBM XLC for Cell 0.9-200709
+* Fix a compatibility problem with SHA-512/EMSA3 signature padding
+* Fix bug preventing EGD/PRNGD entropy poller from working
+* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
+* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
+* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
+* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
+* Wrap private structs in SSE2 SHA-1 code in anonymous namespace
+* Change configure.pl's CPU autodetection output to be more consistent
+* Disable using OpenSSL's AES due to crashes of unknown cause
+* Fix warning in /proc walking entropy poller
+* Fix compilation with IBM XLC for Cell 0.9-200709
Version 1.7.23, 2008-11-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Change to use TR1 (thus enabling ECDSA) with GCC and ICC
- * Optimize almost all hash functions, especially MD4 and Tiger
- * Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
- * Change Timer to be pure virtual, and add ANSI_Clock_Timer
- * Cache socket descriptors in the EGD entropy source
- * Avoid bogging down startup in /proc walking entropy source
- * Remove Buffered_EntropySource helper class
- * Add a Default_Benchmark_Timer typedef in benchmark.h
- * Add examples using benchmark.h and Algorithm_Factory
- * Add ECC tests from InSiTo
- * Minor documentation updates
+* Change to use TR1 (thus enabling ECDSA) with GCC and ICC
+* Optimize almost all hash functions, especially MD4 and Tiger
+* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
+* Change Timer to be pure virtual, and add ANSI_Clock_Timer
+* Cache socket descriptors in the EGD entropy source
+* Avoid bogging down startup in /proc walking entropy source
+* Remove Buffered_EntropySource helper class
+* Add a Default_Benchmark_Timer typedef in benchmark.h
+* Add examples using benchmark.h and Algorithm_Factory
+* Add ECC tests from InSiTo
+* Minor documentation updates
Version 1.7.22, 2008-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add provider preferences to Algorithm_Factory
- * Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
- * Optimize AES encryption and decryption (about 10% faster)
- * Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
- * Fix nanoseconds overflow in benchmark code
- * Remove Engine::add_engine
+* Add provider preferences to Algorithm_Factory
+* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
+* Optimize AES encryption and decryption (about 10% faster)
+* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
+* Fix nanoseconds overflow in benchmark code
+* Remove Engine::add_engine
Version 1.7.21, 2008-11-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Make algorithm lookup much more configuable
- * Add facilities for runtime performance testing of algorithms
- * Drop use of entropy estimation in the PRNGs
- * Increase intervals between HMAC_RNG automatic reseeding
- * Drop InitializerOptions class, all options but thread safety
+* Make algorithm lookup much more configuable
+* Add facilities for runtime performance testing of algorithms
+* Drop use of entropy estimation in the PRNGs
+* Increase intervals between HMAC_RNG automatic reseeding
+* Drop InitializerOptions class, all options but thread safety
Version 1.7.20, 2008-11-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Namespace pkg-config file by major and minor versions
- * Cache device descriptors in Device_EntropySource
- * Split base.h into {block_cipher,stream_cipher,mac,hash}.h
- * Removed get_mgf function from lookup.h
+* Namespace pkg-config file by major and minor versions
+* Cache device descriptors in Device_EntropySource
+* Split base.h into {block_cipher,stream_cipher,mac,hash}.h
+* Removed get_mgf function from lookup.h
Version 1.7.19, 2008-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add HMAC_RNG, based on a design by Hugo Krawczyk
- * Optimized the Turing stream cipher (about 20% faster on x86-64)
- * Modify Randpool's reseeding algorithm to poll more sources
- * Add a new AutoSeeded_RNG in auto_rng.h
- * OpenPGP_S2K changed to take hash object instead of name
- * Add automatic identification for Intel's Prescott processors
+* Add HMAC_RNG, based on a design by Hugo Krawczyk
+* Optimized the Turing stream cipher (about 20% faster on x86-64)
+* Modify Randpool's reseeding algorithm to poll more sources
+* Add a new AutoSeeded_RNG in auto_rng.h
+* OpenPGP_S2K changed to take hash object instead of name
+* Add automatic identification for Intel's Prescott processors
Version 1.7.18, 2008-10-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add Doxygen comments from InSiTo
- * Add ECDSA and ECKAEG benchmarks
- * Add configure.pl switch --with-tr1-implementation
- * Fix configure.pl's --with-endian and --with-unaligned-mem options
- * Added support for pkg-config
- * Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
- * Use const references to avoid copying overhead in CurveGFp, GFpModulus
+* Add Doxygen comments from InSiTo
+* Add ECDSA and ECKAEG benchmarks
+* Add configure.pl switch --with-tr1-implementation
+* Fix configure.pl's --with-endian and --with-unaligned-mem options
+* Added support for pkg-config
+* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
+* Use const references to avoid copying overhead in CurveGFp, GFpModulus
Version 1.7.17, 2008-10-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add missing ECDSA object identifiers
- * Fix error in x86 and x86-64 assembler affecting GF(p) math
- * Remove Boost dependency from GF(p) math
- * Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
- * Add BOTAN_DLL macro to over 30 classes missing it
- * Rename the two SHA-2 base classes for consistency
+* Add missing ECDSA object identifiers
+* Fix error in x86 and x86-64 assembler affecting GF(p) math
+* Remove Boost dependency from GF(p) math
+* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
+* Add BOTAN_DLL macro to over 30 classes missing it
+* Rename the two SHA-2 base classes for consistency
Version 1.7.16, 2008-10-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add several missing pieces needed for ECDSA and ECKAEG
- * Add Card Verifiable Certificates from InSiTo
- * Add SHA-224 from InSiTo
- * Add BSI variant of EMSA1 from InSiTo
- * Add GF(p) and ECDSA tests from InSiTo
- * Split ECDSA and ECKAEG into distinct modules
- * Allow OpenSSL and GNU MP engines to be built with public key algos disabled
- * Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h
+* Add several missing pieces needed for ECDSA and ECKAEG
+* Add Card Verifiable Certificates from InSiTo
+* Add SHA-224 from InSiTo
+* Add BSI variant of EMSA1 from InSiTo
+* Add GF(p) and ECDSA tests from InSiTo
+* Split ECDSA and ECKAEG into distinct modules
+* Allow OpenSSL and GNU MP engines to be built with public key algos disabled
+* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h
Version 1.7.15, 2008-10-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add GF(p) arithmetic from InSiTo
- * Add ECDSA and ECKAEG implementations from InSiTo
- * Minimize internal dependencies, allowing for smaller build configurations
- * Add new User Manual and Architecture Guide from FlexSecure GmbH
- * Alter configure.pl options for better autotools compatibility
- * Update build instructions for recent changes to configure.pl
- * Fix CPU detection using /proc/cpuinfo
+* Add GF(p) arithmetic from InSiTo
+* Add ECDSA and ECKAEG implementations from InSiTo
+* Minimize internal dependencies, allowing for smaller build configurations
+* Add new User Manual and Architecture Guide from FlexSecure GmbH
+* Alter configure.pl options for better autotools compatibility
+* Update build instructions for recent changes to configure.pl
+* Fix CPU detection using /proc/cpuinfo
Version 1.7.14, 2008-09-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Split library into parts allowing modular builds
- * Add (very preliminary) CMS support to the main library
- * Some constructors now require object pointers instead of names
- * Support multiple implementations of the same algorithm
- * Build support for Pentium-M processors, from Derek Scherger
- * Build support for MinGW/MSYS, from Zbigniew Zagorski
- * Use inline assembly for bswap on 32-bit x86
+* Split library into parts allowing modular builds
+* Add (very preliminary) CMS support to the main library
+* Some constructors now require object pointers instead of names
+* Support multiple implementations of the same algorithm
+* Build support for Pentium-M processors, from Derek Scherger
+* Build support for MinGW/MSYS, from Zbigniew Zagorski
+* Use inline assembly for bswap on 32-bit x86
Version 1.7.13, 2008-09-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
- * Allow all examples to compile even if compression not enabled
- * Make CMAC's polynomial doubling operation a public class method
- * Use the -m64 flag when compiling with Sun Forte on x86-64
- * Clean up and slightly optimize CMAC::final_result
+* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
+* Allow all examples to compile even if compression not enabled
+* Make CMAC's polynomial doubling operation a public class method
+* Use the -m64 flag when compiling with Sun Forte on x86-64
+* Clean up and slightly optimize CMAC::final_result
Version 1.7.12, 2008-09-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add x86 assembly for Visual Studio C++, by Luca Piccarreta
- * Add a Perl XS module, by Vaclav Ovsik
- * Add SWIG-based wrapper for Botan
- * Add SSE2 implementation of SHA-1, by Dean Gaudet
- * Remove the BigInt::sig_words cache due to bugs
- * Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
- * Changed BigInt::grow_by and BigInt::grow_to to be non-const
- * Add private assignment operators to classes that don't support assignment
- * Benchmark RSA encryption and signatures
- * Added test programs for random_prime and ressol
- * Add high resolution timers for IA-64, HP-PA, S390x
- * Reduce use of the RNG during benchmarks
- * Fix builds on STI Cell PPU
- * Add support for IBM's XLC compiler
- * Add IETF 8192 bit MODP group
+* Add x86 assembly for Visual Studio C++, by Luca Piccarreta
+* Add a Perl XS module, by Vaclav Ovsik
+* Add SWIG-based wrapper for Botan
+* Add SSE2 implementation of SHA-1, by Dean Gaudet
+* Remove the BigInt::sig_words cache due to bugs
+* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
+* Changed BigInt::grow_by and BigInt::grow_to to be non-const
+* Add private assignment operators to classes that don't support assignment
+* Benchmark RSA encryption and signatures
+* Added test programs for random_prime and ressol
+* Add high resolution timers for IA-64, HP-PA, S390x
+* Reduce use of the RNG during benchmarks
+* Fix builds on STI Cell PPU
+* Add support for IBM's XLC compiler
+* Add IETF 8192 bit MODP group
Version 1.7.11, 2008-09-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added the Salsa20 stream cipher
- * Optimized Montgomery reduction, Karatsuba squaring
- * Added 16x16->32 word Comba multiplication and squaring
- * Use a much larger Karatsuba cutoff point
- * Remove bigint_mul_add_words
- * Inlined several BigInt functions
- * Add useful information to the generated build.h
- * Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
- * Fix the Windows build
+* Added the Salsa20 stream cipher
+* Optimized Montgomery reduction, Karatsuba squaring
+* Added 16x16->32 word Comba multiplication and squaring
+* Use a much larger Karatsuba cutoff point
+* Remove bigint_mul_add_words
+* Inlined several BigInt functions
+* Add useful information to the generated build.h
+* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
+* Fix the Windows build
Version 1.7.10, 2008-09-05
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Public key benchmarks run using a selection of random keys
- * New benchmark timer options are clock_gettime, gettimeofday, times, clock
- * Including reinterpret_cast optimization for xor_buf in default header
- * Split byte swapping and word rotation functions into distinct headers
- * Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
- * Optimizes BigInt right shift
- * Add aliases in DL_Group::Format enum
- * BigInt now caches the significant word count
+* Public key benchmarks run using a selection of random keys
+* New benchmark timer options are clock_gettime, gettimeofday, times, clock
+* Including reinterpret_cast optimization for xor_buf in default header
+* Split byte swapping and word rotation functions into distinct headers
+* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
+* Optimizes BigInt right shift
+* Add aliases in DL_Group::Format enum
+* BigInt now caches the significant word count
Version 1.7.9, 2008-08-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Make clear() in most algorithm base classes a pure virtual
- * Add noexec stack marker for GNU linker in assembly code
- * Avoid string operations in ressol
- * Compilation fixes for MinGW and Visual Studio C++ 2008
- * Some autoconfiguration fixes for Windows
+* Make clear() in most algorithm base classes a pure virtual
+* Add noexec stack marker for GNU linker in assembly code
+* Avoid string operations in ressol
+* Compilation fixes for MinGW and Visual Studio C++ 2008
+* Some autoconfiguration fixes for Windows
Version 1.6.5, 2008-08-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add noexec stack marker for GNU linker in assembly code
- * Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3
+* Add noexec stack marker for GNU linker in assembly code
+* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3
Version 1.7.8, 2008-07-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added the block cipher Noekeon
- * Remove global deref_alias function
- * X509_Store takes timeout options as constructor arguments
- * Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
- * Extend random_prime() for generating primes of any bit length
- * Remove Config class
- * Allow adding new entropy via base RNG interface
- * Reseeding a X9.31 PRNG also reseeds the underlying PRNG
+* Added the block cipher Noekeon
+* Remove global deref_alias function
+* X509_Store takes timeout options as constructor arguments
+* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
+* Extend random_prime() for generating primes of any bit length
+* Remove Config class
+* Allow adding new entropy via base RNG interface
+* Reseeding a X9.31 PRNG also reseeds the underlying PRNG
Version 1.7.7, 2008-06-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Remove the global PRNG object
- * The PK filter objects were removed
- * Add a test suite for the ANSI X9.31 PRNG
- * Much cleaner and (mostly) thread-safe reimplementation of es_ftw
- * Remove both default arguments to ANSI_X931_RNG's constructor
- * Remove the randomizing version of OctetString::change
- * Make the cipher and MAC to use in Randpool configurable
- * Move RandomNumberGenerator declaration to rng.h
- * RSA_PrivateKey will not generate keys smaller than 1024 bits
- * Fix an error decoding BER UNIVERSAL types with special taggings
+* Remove the global PRNG object
+* The PK filter objects were removed
+* Add a test suite for the ANSI X9.31 PRNG
+* Much cleaner and (mostly) thread-safe reimplementation of es_ftw
+* Remove both default arguments to ANSI_X931_RNG's constructor
+* Remove the randomizing version of OctetString::change
+* Make the cipher and MAC to use in Randpool configurable
+* Move RandomNumberGenerator declaration to rng.h
+* RSA_PrivateKey will not generate keys smaller than 1024 bits
+* Fix an error decoding BER UNIVERSAL types with special taggings
Version 1.7.6, 2008-05-05
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Initial support for Windows DLLs, from Joel Low
- * Reset the position pointer when a new block is generated in X9.32 PRNG
- * Timer objects are now treated as entropy sources
- * Moved several ASN.1-related enums from enums.h to an appropriate header
- * Removed the AEP module, due to inability to test
- * Removed Global_RNG and rng.h
- * Removed system_clock
- * Removed Library_State::UI and the pulse callback logic
+* Initial support for Windows DLLs, from Joel Low
+* Reset the position pointer when a new block is generated in X9.32 PRNG
+* Timer objects are now treated as entropy sources
+* Moved several ASN.1-related enums from enums.h to an appropriate header
+* Removed the AEP module, due to inability to test
+* Removed Global_RNG and rng.h
+* Removed system_clock
+* Removed Library_State::UI and the pulse callback logic
Version 1.7.5, 2008-04-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * The API of X509_CA::sign_request was altered to avoid race conditions
- * New type Pipe::message_id to represent the Pipe message number
- * Remove the Named_Mutex_Holder for a small performance gain
- * Removed several unused or rarely used functions from Config
- * Ignore spaces inside of a decimal string in BigInt::decode
- * Allow using a std::istream to initialize a DataSource_Stream object
- * Fix compilation problem in zlib compression module
- * The chunk sized used by Pooling_Allocator is now a compile time setting
- * The size of random blinding factors is now a compile time setting
- * The install target no longer tries to set a particular owner/group
+* The API of X509_CA::sign_request was altered to avoid race conditions
+* New type Pipe::message_id to represent the Pipe message number
+* Remove the Named_Mutex_Holder for a small performance gain
+* Removed several unused or rarely used functions from Config
+* Ignore spaces inside of a decimal string in BigInt::decode
+* Allow using a std::istream to initialize a DataSource_Stream object
+* Fix compilation problem in zlib compression module
+* The chunk sized used by Pooling_Allocator is now a compile time setting
+* The size of random blinding factors is now a compile time setting
+* The install target no longer tries to set a particular owner/group
Version 1.7.4, 2008-03-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Use unaligned memory read/writes on systems that allow it, for performance
- * Assembly for x86-64 for accessing the bswap instruction
- * Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
- * Unroll loops in SHA-160 for a few percent increase in performance
- * Fix compilation with GCC 3.2 in es_ftw and es_unix
- * Build fix for NetBSD systems
- * Prevent es_dev from being built except on Unix systems
+* Use unaligned memory read/writes on systems that allow it, for performance
+* Assembly for x86-64 for accessing the bswap instruction
+* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
+* Unroll loops in SHA-160 for a few percent increase in performance
+* Fix compilation with GCC 3.2 in es_ftw and es_unix
+* Build fix for NetBSD systems
+* Prevent es_dev from being built except on Unix systems
Version 1.6.4, 2008-03-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a compilation problem with Visual Studio C++ 2003
+* Fix a compilation problem with Visual Studio C++ 2003
Version 1.7.3, 2008-01-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * New invocation syntax for configure.pl with several new options
- * Support for IPv4 addresses in a subject alternative name
- * New fast poll for the generic Unix entropy source (es_unix)
- * The es_file entropy source has been replaced by the es_dev module
- * The malloc allocator does not inherit from Pooling_Allocator anymore
- * The path that es_unix will search in are now fully user-configurable
- * Truncate X9.42 PRF output rather than allow counter overflow
- * PowerPC is now assumed to be big-endian
+* New invocation syntax for configure.pl with several new options
+* Support for IPv4 addresses in a subject alternative name
+* New fast poll for the generic Unix entropy source (es_unix)
+* The es_file entropy source has been replaced by the es_dev module
+* The malloc allocator does not inherit from Pooling_Allocator anymore
+* The path that es_unix will search in are now fully user-configurable
+* Truncate X9.42 PRF output rather than allow counter overflow
+* PowerPC is now assumed to be big-endian
2007
----------------------------------------
@@ -667,54 +676,54 @@ Version 1.7.3, 2008-01-23
Version 1.7.2, 2007-10-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Initialize the global library state lazily
- * Add plain CBC-MAC for backwards compatibility with old systems
- * Clean up some of the self test code
- * Throw a sensible exception if a DL_Group is not found
- * Truncate KDF2 output rather than allowing counter overflow
- * Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
- * Fix a Visual Studio compilation problem in x509stat.cpp
+* Initialize the global library state lazily
+* Add plain CBC-MAC for backwards compatibility with old systems
+* Clean up some of the self test code
+* Throw a sensible exception if a DL_Group is not found
+* Truncate KDF2 output rather than allowing counter overflow
+* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
+* Fix a Visual Studio compilation problem in x509stat.cpp
Version 1.7.1, 2007-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a race condition in the algorithm object cache
- * HMAC key schedule optimization
- * The build header sets a macro defining endianness, if known
- * New word load/store abstraction allowing further optimization
- * Modify most of the library to avoid use the C-style casts
- * Use higher resolution timers in symmetric benchmarks
+* Fix a race condition in the algorithm object cache
+* HMAC key schedule optimization
+* The build header sets a macro defining endianness, if known
+* New word load/store abstraction allowing further optimization
+* Modify most of the library to avoid use the C-style casts
+* Use higher resolution timers in symmetric benchmarks
Version 1.6.3, 2007-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix a race condition in the algorithm lookup cache
- * Fix problems building the memory pool on some versions of Visual C++
+* Fix a race condition in the algorithm lookup cache
+* Fix problems building the memory pool on some versions of Visual C++
Version 1.7.0, 2007-05-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * DSA parameter generation now follows FIPS 186-3
- * Added OIDs for Rabin-Williams and Nyberg-Rueppel
- * Somewhat better support for out of tree builds
- * Minor optimizations for RC2 and Tiger
- * Documentation updates
- * Update the todo list
+* DSA parameter generation now follows FIPS 186-3
+* Added OIDs for Rabin-Williams and Nyberg-Rueppel
+* Somewhat better support for out of tree builds
+* Minor optimizations for RC2 and Tiger
+* Documentation updates
+* Update the todo list
Version 1.6.2, 2007-03-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix autodection on Athlon64s running Linux
- * Fix builds on QNX and compilers using STLport
- * Remove a call to abort() that crept into production
+* Fix autodection on Athlon64s running Linux
+* Fix builds on QNX and compilers using STLport
+* Remove a call to abort() that crept into production
Version 1.6.1, 2007-01-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix some base64 decoder bugs
- * Add a new option to base64 encoding, to always append a newline
- * Fix some build problems under Visual Studio with debug enabled
- * Fix a bug in BER_Decoder that was triggered under some compilers
+* Fix some base64 decoder bugs
+* Add a new option to base64 encoding, to always append a newline
+* Fix some build problems under Visual Studio with debug enabled
+* Fix a bug in BER_Decoder that was triggered under some compilers
2006
----------------------------------------
@@ -722,191 +731,191 @@ Version 1.6.1, 2007-01-20
Version 1.6.0, 2006-12-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Minor cleanups versus 1.5.13
+* Minor cleanups versus 1.5.13
Version 1.5.13, 2006-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Compilation fixes for the bzip2, zlib, and GNU MP modules
- * Better support for Intel C++ and EKOpath C++ on x86-64
+* Compilation fixes for the bzip2, zlib, and GNU MP modules
+* Better support for Intel C++ and EKOpath C++ on x86-64
Version 1.5.12, 2006-10-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Cleanups in the initialization routines
- * Add some x86-64 assembly for multiply-add
- * Fix problems generating very small (below 384 bit) RSA keys
- * Support out of tree builds
- * Bring some of the documentation up to date
- * More improvements to the Python bindings
+* Cleanups in the initialization routines
+* Add some x86-64 assembly for multiply-add
+* Fix problems generating very small (below 384 bit) RSA keys
+* Support out of tree builds
+* Bring some of the documentation up to date
+* More improvements to the Python bindings
Version 1.5.11, 2006-09-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Removed the Algorithm base class
- * Various cleanups in the public key inheritance hierarchy
- * Major overhaul of the configure/build setup
- * Added x86 assembler implementations of Serpent and low-level MPI code
- * Optimizations for the SHA-1 x86 assembler
- * Various improvements to the Python wrappers
- * Work around a Visual Studio compiler bug
+* Removed the Algorithm base class
+* Various cleanups in the public key inheritance hierarchy
+* Major overhaul of the configure/build setup
+* Added x86 assembler implementations of Serpent and low-level MPI code
+* Optimizations for the SHA-1 x86 assembler
+* Various improvements to the Python wrappers
+* Work around a Visual Studio compiler bug
Version 1.5.10, 2006-08-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add x86 assembler versions of MD4, MD5, and SHA-1
- * Expand InitializerOptions' language to support on/off switches
- * Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
- * Fix possible resource leaks in the mmap allocator
- * Slightly optimized buffering in MDx_HashFunction
- * Initialization failures are dealt with somewhat better
- * Add an example implementing Pollard's Rho algorithm
- * Better option handling in the test/benchmark tool
- * Expand the xor_ciph example to support longer keys
- * Some updates to the documentation
+* Add x86 assembler versions of MD4, MD5, and SHA-1
+* Expand InitializerOptions' language to support on/off switches
+* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
+* Fix possible resource leaks in the mmap allocator
+* Slightly optimized buffering in MDx_HashFunction
+* Initialization failures are dealt with somewhat better
+* Add an example implementing Pollard's Rho algorithm
+* Better option handling in the test/benchmark tool
+* Expand the xor_ciph example to support longer keys
+* Some updates to the documentation
Version 1.5.9, 2006-07-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed bitrot in the AEP engine
- * Fix support for marking certificate/CRL extensions as critical
- * Significant cleanups in the library state / initialization code
- * LibraryInitializer takes an explicit InitializerOptions object
- * Make Mutex_Factory an abstract class, add Default_Mutex_Factory
- * Change configuration access to using global_state()
- * Add support for global named mutexes throughout the library
- * Add some STL wrappers for the delete operator
- * Change how certificates are created to be more flexible and general
+* Fixed bitrot in the AEP engine
+* Fix support for marking certificate/CRL extensions as critical
+* Significant cleanups in the library state / initialization code
+* LibraryInitializer takes an explicit InitializerOptions object
+* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
+* Change configuration access to using global_state()
+* Add support for global named mutexes throughout the library
+* Add some STL wrappers for the delete operator
+* Change how certificates are created to be more flexible and general
Version 1.5.8, 2006-06-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Many internal cleanups to the X.509 cert/CRL code
- * Allow for application code to support new X.509 extensions
- * Change the return type of X509_Certificate::{subject,issuer}_info
- * Allow for alternate character set handling mechanisms
- * Fix a bug that was slowing squaring performance somewhat
- * Fix a very hard to hit overflow bug in the C version of word3_muladd
- * Minor cleanups to the assembler modules
- * Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
- * Support for GCC 2.95.x has been dropped in this release
+* Many internal cleanups to the X.509 cert/CRL code
+* Allow for application code to support new X.509 extensions
+* Change the return type of X509_Certificate::{subject,issuer}_info
+* Allow for alternate character set handling mechanisms
+* Fix a bug that was slowing squaring performance somewhat
+* Fix a very hard to hit overflow bug in the C version of word3_muladd
+* Minor cleanups to the assembler modules
+* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
+* Support for GCC 2.95.x has been dropped in this release
Version 1.5.7, 2006-05-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Further, major changes to the BER/DER coding system
- * Updated the Qt mutex module to use Mutex_Factory
- * Moved the library global state object into an anonymous namespace
- * Drop the Visual C++ x86 assembly module due to bugs
+* Further, major changes to the BER/DER coding system
+* Updated the Qt mutex module to use Mutex_Factory
+* Moved the library global state object into an anonymous namespace
+* Drop the Visual C++ x86 assembly module due to bugs
Version 1.5.6, 2006-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * The low-level DER/BER coding system was redesigned and rewritten
- * Portions of the certificate code were cleaned up internally
- * Use macros to substantially clean up the GCC assembly code
- * Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
- * Avoid a couple of spurious warnings under Visual C++
- * Some slight cleanups in X509_PublicKey::key_id
+* The low-level DER/BER coding system was redesigned and rewritten
+* Portions of the certificate code were cleaned up internally
+* Use macros to substantially clean up the GCC assembly code
+* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
+* Avoid a couple of spurious warnings under Visual C++
+* Some slight cleanups in X509_PublicKey::key_id
Version 1.5.5, 2006-02-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a potential infinite loop in the memory pool code (Matt Johnston)
- * Made Pooling_Allocator::Memory_Block an actual class of sorts
- * Some small optimizations to the division and modulo computations
- * Cleaned up the implementation of some of the BigInt operators
- * Reduced use of dynamic memory allocation in low-level BigInt functions
- * A few simplifications in the Randpool mixing function
- * Removed power(), as it was not particularly useful (or fast)
- * Fixed some annoying bugs in the benchmark code
- * Added a real credits file
+* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
+* Made Pooling_Allocator::Memory_Block an actual class of sorts
+* Some small optimizations to the division and modulo computations
+* Cleaned up the implementation of some of the BigInt operators
+* Reduced use of dynamic memory allocation in low-level BigInt functions
+* A few simplifications in the Randpool mixing function
+* Removed power(), as it was not particularly useful (or fast)
+* Fixed some annoying bugs in the benchmark code
+* Added a real credits file
Version 1.5.4, 2006-01-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
- * Fixed a memory access off-by-one in the Karatsuba code
- * Changed Pooling_Allocator's free list search to a log(N) algorithm
- * Merged ModularReducer with its only subclass, Barrett_Reducer
- * Fixed sign-handling bugs in some of the division and modulo code
- * Renamed the module description files to modinfo.txt
- * Further cleanups in the initialization code
- * Removed BigInt::add and BigInt::sub
- * Merged all the division-related functions into just divide()
- * Modified the <mp_asmi.h> functions to allow for better optimizations
- * Made the number of bits polled from an EntropySource user configurable
- * Avoid including <algorithm> in <botan/secmem.h>
- * Fixed some build problems with Sun Forte
- * Removed some dead code from bigint_modop
- * Fix the definition of same_mem
+* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
+* Fixed a memory access off-by-one in the Karatsuba code
+* Changed Pooling_Allocator's free list search to a log(N) algorithm
+* Merged ModularReducer with its only subclass, Barrett_Reducer
+* Fixed sign-handling bugs in some of the division and modulo code
+* Renamed the module description files to modinfo.txt
+* Further cleanups in the initialization code
+* Removed BigInt::add and BigInt::sub
+* Merged all the division-related functions into just divide()
+* Modified the <mp_asmi.h> functions to allow for better optimizations
+* Made the number of bits polled from an EntropySource user configurable
+* Avoid including <algorithm> in <botan/secmem.h>
+* Fixed some build problems with Sun Forte
+* Removed some dead code from bigint_modop
+* Fix the definition of same_mem
Version 1.5.3, 2006-01-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Many optimizations in the low-level multiple precision integer code
- * Added hooks for assembly implementations of the MPI code
- * Support for the X.509 issuer alternative name extension in new certs
- * Fixed a bug in the decompression modules; found and patched by Matt Johnston
- * New Windows mutex module (mux_win32), by Luca Piccarreta
- * Changed the Windows timer module to use QueryPerformanceCounter
- * mem_pool.cpp was using std::set iterators instead of std::multiset ones
- * Fixed a bug in X509_CA preventing users from disabling particular extensions
- * Fixed the mp_asm64 module, which was entirely broken in 1.5.2
- * Fixed some module build problems on FreeBSD and Tru64
+* Many optimizations in the low-level multiple precision integer code
+* Added hooks for assembly implementations of the MPI code
+* Support for the X.509 issuer alternative name extension in new certs
+* Fixed a bug in the decompression modules; found and patched by Matt Johnston
+* New Windows mutex module (mux_win32), by Luca Piccarreta
+* Changed the Windows timer module to use QueryPerformanceCounter
+* mem_pool.cpp was using std::set iterators instead of std::multiset ones
+* Fixed a bug in X509_CA preventing users from disabling particular extensions
+* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
+* Fixed some module build problems on FreeBSD and Tru64
Version 1.5.2, 2006-01-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed an off-by-one memory read in MISTY1::key()
- * Fixed a nasty memory leak in Output_Buffers::retire()
- * Reimplemented the memory allocator from scratch
- * Improved memory caching in Montgomery exponentiation
- * Optimizations for multiple precision addition and subtraction
- * Fixed a build problem in the hardware timer module on 64-bit PowerPC
- * Changed default Karatsuba cutoff to 12 words (was 14)
- * Removed MemoryRegion::bits(), which was unused and incorrect
- * Changed maximum HMAC keylength to 1024 bits
- * Various minor Makefile and build system changes
- * Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
- * Switched checks/clock.cpp back to using clock() by default
- * Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
- * Removed the Default_Mutex's unused clone() member function
+* Fixed an off-by-one memory read in MISTY1::key()
+* Fixed a nasty memory leak in Output_Buffers::retire()
+* Reimplemented the memory allocator from scratch
+* Improved memory caching in Montgomery exponentiation
+* Optimizations for multiple precision addition and subtraction
+* Fixed a build problem in the hardware timer module on 64-bit PowerPC
+* Changed default Karatsuba cutoff to 12 words (was 14)
+* Removed MemoryRegion::bits(), which was unused and incorrect
+* Changed maximum HMAC keylength to 1024 bits
+* Various minor Makefile and build system changes
+* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
+* Switched checks/clock.cpp back to using clock() by default
+* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
+* Removed the Default_Mutex's unused clone() member function
Version 1.4.12, 2006-01-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed an off-by-one memory read in MISTY1::key()
- * Fixed a nasty memory leak in Output_Buffers::retire()
- * Changed maximum HMAC keylength to 1024 bits
- * Fixed a build problem in the hardware timer module on 64-bit PowerPC
+* Fixed an off-by-one memory read in MISTY1::key()
+* Fixed a nasty memory leak in Output_Buffers::retire()
+* Changed maximum HMAC keylength to 1024 bits
+* Fixed a build problem in the hardware timer module on 64-bit PowerPC
Version 1.5.1, 2006-01-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Implemented Montgomery exponentiation
- * Implemented generalized Karatsuba multiplication and squaring
- * Implemented Comba squaring for 4, 6, and 8 word inputs
- * Added new Modular_Exponentiator and Power_Mod classes
- * Removed FixedBase_Exp and FixedExponent_Exp
- * Fixed a performance regression in get_allocator introduced in 1.5.0
- * Engines can now offer S2K algorithms and block cipher padding methods
- * Merged the remaining global 'algolist' code into Default_Engine
- * The low-level MPI code is linked as C again
- * Replaced BigInt's get_nibble with the more general get_substring
- * Some documentation updates
+* Implemented Montgomery exponentiation
+* Implemented generalized Karatsuba multiplication and squaring
+* Implemented Comba squaring for 4, 6, and 8 word inputs
+* Added new Modular_Exponentiator and Power_Mod classes
+* Removed FixedBase_Exp and FixedExponent_Exp
+* Fixed a performance regression in get_allocator introduced in 1.5.0
+* Engines can now offer S2K algorithms and block cipher padding methods
+* Merged the remaining global 'algolist' code into Default_Engine
+* The low-level MPI code is linked as C again
+* Replaced BigInt's get_nibble with the more general get_substring
+* Some documentation updates
Version 1.5.0, 2006-01-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Moved all global/shared library state into a single object
- * Mutex objects are created through mutex factories instead of a global
- * Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
- * Removed the RNG_Quality enum entirely
- * There is now only a single global-use PRNG
- * Removed the no_aliases and no_oids options for LibraryInitializer
- * Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
- * Change es_ftw to use unbuffered I/O
+* Moved all global/shared library state into a single object
+* Mutex objects are created through mutex factories instead of a global
+* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
+* Removed the RNG_Quality enum entirely
+* There is now only a single global-use PRNG
+* Removed the no_aliases and no_oids options for LibraryInitializer
+* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
+* Change es_ftw to use unbuffered I/O
2005
----------------------------------------
@@ -914,102 +923,102 @@ Version 1.5.0, 2006-01-01
Version 1.4.11, 2005-12-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Changed Whirlpool diffusion matrix to match updated algorithm spec
- * Fixed several engine module build errors introduced in 1.4.10
- * Fixed two build problems in es_capi; reported by Matthew Gregan
- * Added a constructor to DataSource_Memory taking a std::string
- * Placing the same Filter in multiple Pipes triggers an exception
- * The configure script accepts --docdir and --libdir
- * Merged doc/rngs.txt into the main API document
- * Thanks to Joel Low for several bug reports on early tarballs of 1.4.11
+* Changed Whirlpool diffusion matrix to match updated algorithm spec
+* Fixed several engine module build errors introduced in 1.4.10
+* Fixed two build problems in es_capi; reported by Matthew Gregan
+* Added a constructor to DataSource_Memory taking a std::string
+* Placing the same Filter in multiple Pipes triggers an exception
+* The configure script accepts --docdir and --libdir
+* Merged doc/rngs.txt into the main API document
+* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11
Version 1.4.10, 2005-12-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added an implementation of KASUMI, the block cipher used in 3G phones
- * Refactored Pipe; output queues are now managed by a distinct class
- * Made certain Filter facilities only available to subclasses of Fanout_Filter
- * There is no longer any overhead in Pipe for a message that has been read out
- * It is now possible to generate RSA keys as small as 128 bits
- * Changed some of the core classes to derive from Algorithm as a virtual base
- * Changed Randpool to use HMAC instead of a plain hash as the mixing function
- * Fixed a bug in the allocators; found and fixed by Matthew Gregan
- * Enabled the use of binary file I/O, when requested by the application
- * The OpenSSL engine's block cipher code was missing some deallocation calls
- * Disabled the es_ftw module on NetBSD, due to header problems there
- * Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
- * Some cleanups for the modules that use inline assembler
- * config.h is now stored in build/ instead of build/include/botan/
- * The header util.h was split into bit_ops.h, parsing.h, and util.h
- * Cleaned up some redundant include directives
+* Added an implementation of KASUMI, the block cipher used in 3G phones
+* Refactored Pipe; output queues are now managed by a distinct class
+* Made certain Filter facilities only available to subclasses of Fanout_Filter
+* There is no longer any overhead in Pipe for a message that has been read out
+* It is now possible to generate RSA keys as small as 128 bits
+* Changed some of the core classes to derive from Algorithm as a virtual base
+* Changed Randpool to use HMAC instead of a plain hash as the mixing function
+* Fixed a bug in the allocators; found and fixed by Matthew Gregan
+* Enabled the use of binary file I/O, when requested by the application
+* The OpenSSL engine's block cipher code was missing some deallocation calls
+* Disabled the es_ftw module on NetBSD, due to header problems there
+* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
+* Some cleanups for the modules that use inline assembler
+* config.h is now stored in build/ instead of build/include/botan/
+* The header util.h was split into bit_ops.h, parsing.h, and util.h
+* Cleaned up some redundant include directives
Version 1.4.9, 2005-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added the IBM-created AES candidate algorithm MARS
- * Added the South Korean block cipher SEED
- * Added the stream cipher Turing
- * Added the new hash function FORK-256
- * Deprecated the ISAAC stream cipher
- * Twofish and RC6 are significantly faster with GCC
- * Much better support for 64-bit PowerPC
- * Added support for high-resolution PowerPC timers
- * Fixed a bug in the configure script causing problems on FreeBSD
- * Changed ANSI X9.31 to support arbitrary block ciphers
- * Make the configure script a bit less noisy
- * Added more test vectors for some algorithms, including all the AES finalists
- * Various cosmetic source code cleanups
+* Added the IBM-created AES candidate algorithm MARS
+* Added the South Korean block cipher SEED
+* Added the stream cipher Turing
+* Added the new hash function FORK-256
+* Deprecated the ISAAC stream cipher
+* Twofish and RC6 are significantly faster with GCC
+* Much better support for 64-bit PowerPC
+* Added support for high-resolution PowerPC timers
+* Fixed a bug in the configure script causing problems on FreeBSD
+* Changed ANSI X9.31 to support arbitrary block ciphers
+* Make the configure script a bit less noisy
+* Added more test vectors for some algorithms, including all the AES finalists
+* Various cosmetic source code cleanups
Version 1.4.8, 2005-10-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Resolved a bad performance problem in the allocators; fix by Matt Johnston
- * Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
- * Renamed OMAC to CMAC to match the official NIST naming
- * Added single byte versions of update() to PK_Signer and PK_Verifier
- * Removed the unused reverse_bits and reverse_bytes functions
+* Resolved a bad performance problem in the allocators; fix by Matt Johnston
+* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
+* Renamed OMAC to CMAC to match the official NIST naming
+* Added single byte versions of update() to PK_Signer and PK_Verifier
+* Removed the unused reverse_bits and reverse_bytes functions
Version 1.4.7, 2005-09-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed major performance problems with recent versions of GNU C++
- * Added an implementation of the X9.31 PRNG
- * Removed the X9.17 and FIPS 186-2 PRNG algorithms
- * Changed defaults to use X9.31 PRNGs as global PRNG objects
- * Documentation updates to reflect the PRNG changes
- * Some cleanups related to the engine code
- * Removed two useless headers, base_eng.h and secalloc.h
- * Removed PK_Verifier::valid_signature
- * Fixed configure/build system bugs affecting MacOS X builds
- * Added support for the EKOPath x86-64 compiler
- * Added missing destructor for BlockCipherModePaddingMethod
- * Fix some build problems with Visual C++ 2005 beta
- * Fix some build problems with Visual C++ 2003 Workshop
+* Fixed major performance problems with recent versions of GNU C++
+* Added an implementation of the X9.31 PRNG
+* Removed the X9.17 and FIPS 186-2 PRNG algorithms
+* Changed defaults to use X9.31 PRNGs as global PRNG objects
+* Documentation updates to reflect the PRNG changes
+* Some cleanups related to the engine code
+* Removed two useless headers, base_eng.h and secalloc.h
+* Removed PK_Verifier::valid_signature
+* Fixed configure/build system bugs affecting MacOS X builds
+* Added support for the EKOPath x86-64 compiler
+* Added missing destructor for BlockCipherModePaddingMethod
+* Fix some build problems with Visual C++ 2005 beta
+* Fix some build problems with Visual C++ 2003 Workshop
Version 1.4.6, 2005-03-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix an error in the shutdown code introduced in 1.4.5
- * Setting base/pkcs8_tries to 0 disables the builtin fail-out
- * Support for XMPP identifiers in X.509 certificates
- * Duplicate entries in X.509 DNs are removed
- * More fixes for Borland C++, from Friedemann Kleint
- * Add a workaround for buggy iostreams
+* Fix an error in the shutdown code introduced in 1.4.5
+* Setting base/pkcs8_tries to 0 disables the builtin fail-out
+* Support for XMPP identifiers in X.509 certificates
+* Duplicate entries in X.509 DNs are removed
+* More fixes for Borland C++, from Friedemann Kleint
+* Add a workaround for buggy iostreams
Version 1.4.5, 2005-02-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add support for AES encryption of private keys
- * Minor fixes for PBES2 parameter decoding
- * Internal cleanups for global state variables
- * GCC 3.x version detection was broken in non-English locales
- * Work around a Sun Forte bug affecting mem_pool.h
- * Several fixes for Borland C++ 5.5, from Friedemann Kleint
- * Removed inclusion of init.h into base.h
- * Fixed a major bug in reading from certificate stores
- * Cleaned up a couple of mutex leaks
- * Removed some left-over debugging code
- * Removed SSL3_MAC, SSL3_PRF, and TLS_PRF
+* Add support for AES encryption of private keys
+* Minor fixes for PBES2 parameter decoding
+* Internal cleanups for global state variables
+* GCC 3.x version detection was broken in non-English locales
+* Work around a Sun Forte bug affecting mem_pool.h
+* Several fixes for Borland C++ 5.5, from Friedemann Kleint
+* Removed inclusion of init.h into base.h
+* Fixed a major bug in reading from certificate stores
+* Cleaned up a couple of mutex leaks
+* Removed some left-over debugging code
+* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF
2004
----------------------------------------
@@ -1017,139 +1026,139 @@ Version 1.4.5, 2005-02-26
Version 1.4.4, 2004-12-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Further tweaks to the pooling allocator
- * Modified EMSA3 to support SSL/TLS signatures
- * Changes to support Qt/QCA, from Justin Karneges
- * Moved mux_qt module code into mod_qt
- * Fixes for HP-UX from Mike Desjardins
+* Further tweaks to the pooling allocator
+* Modified EMSA3 to support SSL/TLS signatures
+* Changes to support Qt/QCA, from Justin Karneges
+* Moved mux_qt module code into mod_qt
+* Fixes for HP-UX from Mike Desjardins
Version 1.4.3, 2004-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Split up SecureAllocator into Allocator and Pooling_Allocator
- * Memory locking allocators are more likely to be used
- * Fixed the placement of includes in some modules
- * Fixed broken installation procedure
- * Fixes in configure script to support alternate install programs
- * Modules can specify the minimum version they support
+* Split up SecureAllocator into Allocator and Pooling_Allocator
+* Memory locking allocators are more likely to be used
+* Fixed the placement of includes in some modules
+* Fixed broken installation procedure
+* Fixes in configure script to support alternate install programs
+* Modules can specify the minimum version they support
Version 1.4.2, 2004-10-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a major CRL handling bug
- * Cipher and hash operations can be offloaded to engines
- * Added support for cipher and hash offload in OpenSSL engine
- * Improvements for 64-bit CPUs without a widening multiply instruction
- * Support for SHA2-* and Whirlpool with EMSA2
- * Fixed a long-standing build problem with conflicting include files
- * Fixed some examples that hadn't been updated for 1.4.x
- * Portability fixes for Solaris, BSD, HP-UX, and others
- * Lots of fixes and cleanups in the configure script
- * Updated the Gentoo ebuild file
+* Fixed a major CRL handling bug
+* Cipher and hash operations can be offloaded to engines
+* Added support for cipher and hash offload in OpenSSL engine
+* Improvements for 64-bit CPUs without a widening multiply instruction
+* Support for SHA2-* and Whirlpool with EMSA2
+* Fixed a long-standing build problem with conflicting include files
+* Fixed some examples that hadn't been updated for 1.4.x
+* Portability fixes for Solaris, BSD, HP-UX, and others
+* Lots of fixes and cleanups in the configure script
+* Updated the Gentoo ebuild file
Version 1.4.1, 2004-10-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed major errors in the X.509 and PKCS #8 copy_key functions
- * Added a LAST_MESSAGE meta-message number for Pipe
- * Added new aliases (3DES and DES-EDE) for Triple-DES
- * Added some new functions to PK_Verifier
- * Cleaned up the KDF interface
- * Disabled tm_posix on BSD due to header issues
- * Fixed a build problem on PowerPC with GNU C++ pre-3.4
+* Fixed major errors in the X.509 and PKCS #8 copy_key functions
+* Added a LAST_MESSAGE meta-message number for Pipe
+* Added new aliases (3DES and DES-EDE) for Triple-DES
+* Added some new functions to PK_Verifier
+* Cleaned up the KDF interface
+* Disabled tm_posix on BSD due to header issues
+* Fixed a build problem on PowerPC with GNU C++ pre-3.4
Version 1.4.0, 2004-06-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added the FIPS 186 RNG back
- * Added copy_key functions for X.509 public keys and PKCS #8 private keys
- * Fixed PKCS #1 signatures with RIPEMD-128
- * Moved some code around to avoid warnings with Sun ONE compiler
- * Fixed a bug in botan-config affecting OpenBSD
- * Fixed some build problems on Tru64, HP-UX
- * Fixed compile problems with Intel C++, Compaq C++
+* Added the FIPS 186 RNG back
+* Added copy_key functions for X.509 public keys and PKCS #8 private keys
+* Fixed PKCS #1 signatures with RIPEMD-128
+* Moved some code around to avoid warnings with Sun ONE compiler
+* Fixed a bug in botan-config affecting OpenBSD
+* Fixed some build problems on Tru64, HP-UX
+* Fixed compile problems with Intel C++, Compaq C++
Version 1.3.14, 2004-06-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added support for AEP's AEP1000/AEP2000 crypto cards
- * Added a Mutex module using Qt, from Justin Karneges
- * Added support for engine loading in LibraryInitializer
- * Tweaked SecureAllocator, giving 20% better performance under heavy load
- * Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
- * Renamed PK_Engine to Engine_Core
- * Improved the Karatsuba cutoff points
- * Fixes for compiling with GCC 3.4 and Sun C++ 5.5
- * Fixes for Linux/s390, OpenBSD, and Solaris
- * Added support for Linux/s390x
- * The configure script was totally broken for 'generic' OS
- * Removed Montgomery reduction due to bugs
- * Removed an unused header, pkcs8alg.h
- * check --validate returns an error code if any tests failed
- * Removed duplicate entry in Unix command list for es_unix
- * Moved the Cert_Usage enumeration into X509_Store
- * Added new timing methods for PK benchmarks, clock_gettime and RDTSC
- * Fixed a few minor bugs in the configure script
- * Removed some deprecated functions from x509cert.h and pkcs10.h
- * Removed the 'minimal' module, has to be updated for Engine support
- * Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
- * Documentation updates
+* Added support for AEP's AEP1000/AEP2000 crypto cards
+* Added a Mutex module using Qt, from Justin Karneges
+* Added support for engine loading in LibraryInitializer
+* Tweaked SecureAllocator, giving 20% better performance under heavy load
+* Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
+* Renamed PK_Engine to Engine_Core
+* Improved the Karatsuba cutoff points
+* Fixes for compiling with GCC 3.4 and Sun C++ 5.5
+* Fixes for Linux/s390, OpenBSD, and Solaris
+* Added support for Linux/s390x
+* The configure script was totally broken for 'generic' OS
+* Removed Montgomery reduction due to bugs
+* Removed an unused header, pkcs8alg.h
+* check --validate returns an error code if any tests failed
+* Removed duplicate entry in Unix command list for es_unix
+* Moved the Cert_Usage enumeration into X509_Store
+* Added new timing methods for PK benchmarks, clock_gettime and RDTSC
+* Fixed a few minor bugs in the configure script
+* Removed some deprecated functions from x509cert.h and pkcs10.h
+* Removed the 'minimal' module, has to be updated for Engine support
+* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
+* Documentation updates
Version 1.3.13, 2004-05-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Major fixes for Cygwin builds
- * Minor MacOS X install fixes
- * The configure script is a little better at picking the right modules
- * Removed ml_unix from the 'unix' module set for Cygwin compatibility
- * Fixed a stupid compile problem in pkcs10.h
+* Major fixes for Cygwin builds
+* Minor MacOS X install fixes
+* The configure script is a little better at picking the right modules
+* Removed ml_unix from the 'unix' module set for Cygwin compatibility
+* Fixed a stupid compile problem in pkcs10.h
Version 1.3.12, 2004-05-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added ability to remove old entries from CRLs
- * Swapped the first two arguments of X509_CA::update_crl()
- * Added an < operator for MemoryRegion, so it can be used as a std::map key
- * Changed X.509 searching by DNS name from substring to full string compares
- * Renamed a few X509_Certificate and PKCS10_Request member functions
- * Fixed a problem when decoding some PKCS #10 requests
- * Hex_Decoder would not check inputs, reported by Vaclav Ovsik
- * Changed default CRL expire time from 30 days to 7 days
- * X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
- * Corrected errors in the API doc, fixes from Ken Perano
- * More documentation about the Pipe/Filter code
+* Added ability to remove old entries from CRLs
+* Swapped the first two arguments of X509_CA::update_crl()
+* Added an < operator for MemoryRegion, so it can be used as a std::map key
+* Changed X.509 searching by DNS name from substring to full string compares
+* Renamed a few X509_Certificate and PKCS10_Request member functions
+* Fixed a problem when decoding some PKCS #10 requests
+* Hex_Decoder would not check inputs, reported by Vaclav Ovsik
+* Changed default CRL expire time from 30 days to 7 days
+* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
+* Corrected errors in the API doc, fixes from Ken Perano
+* More documentation about the Pipe/Filter code
Version 1.3.11, 2004-04-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed two show-stopping bugs in PKCS10_Request
- * Added some sanity checks in Pipe/Filter
- * The DNS and URI entries would get swapped in subjectAlternativeNames
- * MAC_Filter is now willing to not take a key at creation time
- * Setting the expiration times of certs and CRLs is more flexible
- * Fixed problems building on AIX with GCC
- * Fixed some problems in the tutorial pointed out by Dominik Vogt
- * Documentation updates
+* Fixed two show-stopping bugs in PKCS10_Request
+* Added some sanity checks in Pipe/Filter
+* The DNS and URI entries would get swapped in subjectAlternativeNames
+* MAC_Filter is now willing to not take a key at creation time
+* Setting the expiration times of certs and CRLs is more flexible
+* Fixed problems building on AIX with GCC
+* Fixed some problems in the tutorial pointed out by Dominik Vogt
+* Documentation updates
Version 1.3.10, 2004-03-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added support for OpenPGP's ASCII armor format
- * Cleaned up the RNG system; seeding is much more flexible
- * Added simple autoconfiguration abilities to configure.pl
- * Fixed a GCC 2.95.x compile problem
- * Updated the example configuration file
- * Documentation updates
+* Added support for OpenPGP's ASCII armor format
+* Cleaned up the RNG system; seeding is much more flexible
+* Added simple autoconfiguration abilities to configure.pl
+* Fixed a GCC 2.95.x compile problem
+* Updated the example configuration file
+* Documentation updates
Version 1.3.9, 2004-03-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added an engine using OpenSSL (requires 0.9.7 or later)
- * X509_Certificate would lose email addresses stored in the DN
- * Fixed a missing initialization in a BigInt constructor
- * Fixed several Visual C++ compile problems
- * Fixed some BeOS build problems
- * Fixed the WiderWake benchmark
+* Added an engine using OpenSSL (requires 0.9.7 or later)
+* X509_Certificate would lose email addresses stored in the DN
+* Fixed a missing initialization in a BigInt constructor
+* Fixed several Visual C++ compile problems
+* Fixed some BeOS build problems
+* Fixed the WiderWake benchmark
2003
----------------------------------------
@@ -1157,329 +1166,329 @@ Version 1.3.9, 2004-03-07
Version 1.3.8, 2003-12-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Internal changes to PK algorithms to divide data and algorithms
- * DSA/DH/NR/ElGamal constructors accept taking just the private key again
- * ElGamal keys now support being imported/exported as ASN.1 objects
- * Much more consistent and complete error checking in PK algorithms
- * Support for arbitrary backends (engines) for PK operations
- * Added Montgomery reductions
- * Added an engine that uses GNU MP (requires 4.1 or later)
- * Removed the obsolete mp_gmp module
- * Moved several initialization/shutdown functions to init.h
- * Major refactoring of the memory containers
- * New non-locking container, MemoryVector
- * Fixed 64-bit problems in BigInt::set_bit/clear_bit
- * Renamed PK_Key::check_params() to check_key()
- * Some incompatible changes to OctetString
- * Added version checking macros in version.h
- * Removed the fips140 module pending rewrite
- * Added some functions and hooks to help GUIs
- * Moved more shared code into MDx_HashFunction
- * Added a policy hook for specifying the encoding of X.509 strings
+* Internal changes to PK algorithms to divide data and algorithms
+* DSA/DH/NR/ElGamal constructors accept taking just the private key again
+* ElGamal keys now support being imported/exported as ASN.1 objects
+* Much more consistent and complete error checking in PK algorithms
+* Support for arbitrary backends (engines) for PK operations
+* Added Montgomery reductions
+* Added an engine that uses GNU MP (requires 4.1 or later)
+* Removed the obsolete mp_gmp module
+* Moved several initialization/shutdown functions to init.h
+* Major refactoring of the memory containers
+* New non-locking container, MemoryVector
+* Fixed 64-bit problems in BigInt::set_bit/clear_bit
+* Renamed PK_Key::check_params() to check_key()
+* Some incompatible changes to OctetString
+* Added version checking macros in version.h
+* Removed the fips140 module pending rewrite
+* Added some functions and hooks to help GUIs
+* Moved more shared code into MDx_HashFunction
+* Added a policy hook for specifying the encoding of X.509 strings
Version 1.3.7, 2003-12-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a big security problem in es_unix
- * Fixed several stability problems in es_unix
- * Expanded the list of programs es_unix will try to use
- * SecureAllocator now only preallocates blocks in special cases
- * Added a special case in Global_RNG::seed for forcing a full poll
- * Removed the FIPS 186 RNG added in 1.3.5 pending further testing
- * Configure updates for PowerPC CPUs
- * Removed the (never tested) VAX support
- * Added support for S/390 Linux
+* Fixed a big security problem in es_unix
+* Fixed several stability problems in es_unix
+* Expanded the list of programs es_unix will try to use
+* SecureAllocator now only preallocates blocks in special cases
+* Added a special case in Global_RNG::seed for forcing a full poll
+* Removed the FIPS 186 RNG added in 1.3.5 pending further testing
+* Configure updates for PowerPC CPUs
+* Removed the (never tested) VAX support
+* Added support for S/390 Linux
Version 1.3.6, 2003-12-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added a new module 'minimal', which disables most algorithms
- * SecureAllocator allocates a few blocks at startup
- * A few minor MPI cleanups
- * RPM spec file cleanups and fixes
+* Added a new module 'minimal', which disables most algorithms
+* SecureAllocator allocates a few blocks at startup
+* A few minor MPI cleanups
+* RPM spec file cleanups and fixes
Version 1.3.5, 2003-11-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Major improvements in ASN.1 string handling
- * Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
- * Added partial support for the X.509v3 certificate policies extension
- * Centralized the handling of character set information
- * Added FIPS 140-2 startup self tests
- * Added a module (fips140) for doing extra FIPS 140-2 tests
- * Added FIPS 186-2 RNG
- * Improved ASN.1 BIT STRING handling
- * Removed a memory leak in PKCS10_Request
- * The encoding of DirectoryString now follows PKIX guidelines
- * Fixed some of the character set dependencies
- * Fixed a DER encoding error for tags greater than 30
- * The BER decoder can now handle tags larger than 30
- * Fixed tm_hard.cpp to recognize SPARC on more systems
- * Workarounds for a GCC 2.95.x bug in x509find.cpp
- * RPM changed to install into /usr instead of /usr/local
- * Added support for QNX
+* Major improvements in ASN.1 string handling
+* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
+* Added partial support for the X.509v3 certificate policies extension
+* Centralized the handling of character set information
+* Added FIPS 140-2 startup self tests
+* Added a module (fips140) for doing extra FIPS 140-2 tests
+* Added FIPS 186-2 RNG
+* Improved ASN.1 BIT STRING handling
+* Removed a memory leak in PKCS10_Request
+* The encoding of DirectoryString now follows PKIX guidelines
+* Fixed some of the character set dependencies
+* Fixed a DER encoding error for tags greater than 30
+* The BER decoder can now handle tags larger than 30
+* Fixed tm_hard.cpp to recognize SPARC on more systems
+* Workarounds for a GCC 2.95.x bug in x509find.cpp
+* RPM changed to install into /usr instead of /usr/local
+* Added support for QNX
Version 1.2.8, 2003-11-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Merged several important bug fixes from 1.3.x
+* Merged several important bug fixes from 1.3.x
Version 1.3.4, 2003-11-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added a module that does certain MPI operations using GNU MP
- * Added the X9.42 Diffie-Hellman PRF
- * The Zlib and Bzip2 objects now use custom allocators
- * Added member functions for directly hashing/MACing SecureVectors
- * Minor optimizations to the MPI addition and subtraction algorithms
- * Some cleanups in the low-level MPI code
- * Created separate AES-{128,192,256} objects
+* Added a module that does certain MPI operations using GNU MP
+* Added the X9.42 Diffie-Hellman PRF
+* The Zlib and Bzip2 objects now use custom allocators
+* Added member functions for directly hashing/MACing SecureVectors
+* Minor optimizations to the MPI addition and subtraction algorithms
+* Some cleanups in the low-level MPI code
+* Created separate AES-{128,192,256} objects
Version 1.3.3, 2003-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * The library can now be repeatedly initialized and shutdown without crashing
- * Fixed an off-by-one error in the CTS code
- * Fixed an error in the EMSA4 verification code
- * Fixed a memory leak in mutex.cpp (pointed out by James Widener)
- * Fixed a memory leak in Pthread_Mutex
- * Fixed several memory leaks in the testing code
- * Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
- * Minor cleanups in SecureAllocator
- * Removed a needless mutex guarding the (stateless) global timer
- * Fixed a piece of bash-specific code in botan-config
- * X.509 objects report more information about decoding errors
- * Cleaned up some of the exception handling
- * Updated the example config file with new OIDSs
- * Moved the build instructions into a separate document, building.tex
+* The library can now be repeatedly initialized and shutdown without crashing
+* Fixed an off-by-one error in the CTS code
+* Fixed an error in the EMSA4 verification code
+* Fixed a memory leak in mutex.cpp (pointed out by James Widener)
+* Fixed a memory leak in Pthread_Mutex
+* Fixed several memory leaks in the testing code
+* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
+* Minor cleanups in SecureAllocator
+* Removed a needless mutex guarding the (stateless) global timer
+* Fixed a piece of bash-specific code in botan-config
+* X.509 objects report more information about decoding errors
+* Cleaned up some of the exception handling
+* Updated the example config file with new OIDSs
+* Moved the build instructions into a separate document, building.tex
Version 1.3.2, 2003-11-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a bug preventing DSA signatures from verifying on X.509 objects
- * Made the X509_Store search routines more efficient and flexible
- * Added a function to X509_PublicKey to do easy public/private key matching
- * Added support for decoding indefinite length BER data
- * Changed Pipe's peek() to take an offset
- * Removed Filter::set_owns in favor of the new incr_owns function
- * Removed BigInt::zero() and BigInt::one()
- * Renamed the PEM related options from base/pem_* to pem/*
- * Added an option to specify the line width when encoding PEM
- * Removed the "rng/safe_longterm" option; it's always on now
- * Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
- * Cleaned up the base64/hex encoders and decoders
- * Added an ASN.1/BER decoder as an example
- * AES had its internals marked 'public' in previous versions
- * Changed the value of the ASN.1 NO_OBJECT enum
- * Various new hacks in the configure script
- * Removed the already nominal support for SunOS
+* Fixed a bug preventing DSA signatures from verifying on X.509 objects
+* Made the X509_Store search routines more efficient and flexible
+* Added a function to X509_PublicKey to do easy public/private key matching
+* Added support for decoding indefinite length BER data
+* Changed Pipe's peek() to take an offset
+* Removed Filter::set_owns in favor of the new incr_owns function
+* Removed BigInt::zero() and BigInt::one()
+* Renamed the PEM related options from base/pem_* to pem/*
+* Added an option to specify the line width when encoding PEM
+* Removed the "rng/safe_longterm" option; it's always on now
+* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
+* Cleaned up the base64/hex encoders and decoders
+* Added an ASN.1/BER decoder as an example
+* AES had its internals marked 'public' in previous versions
+* Changed the value of the ASN.1 NO_OBJECT enum
+* Various new hacks in the configure script
+* Removed the already nominal support for SunOS
Version 1.3.1, 2003-11-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Generalized a few pieces of the DER encoder
- * PKCS8::load_key would fail if handed an unencrypted key
- * Added a failsafe so PKCS #8 key decoding can't go into an infinite loop
+* Generalized a few pieces of the DER encoder
+* PKCS8::load_key would fail if handed an unencrypted key
+* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop
Version 1.3.0, 2003-11-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Major redesign of the PKCS #8 private key import/export system
- * Added a small amount of UI interface code for getting passphrases
- * Added heuristics that tell if a key, cert, etc is stored as PEM or BER
- * Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
- * Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
- * Made PEM decoding more forgiving of extra text before the header
+* Major redesign of the PKCS #8 private key import/export system
+* Added a small amount of UI interface code for getting passphrases
+* Added heuristics that tell if a key, cert, etc is stored as PEM or BER
+* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
+* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
+* Made PEM decoding more forgiving of extra text before the header
Version 1.2.7, 2003-10-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added support for reading configuration files
- * Added constructors so NR and RW keys can be imported easily
- * Fixed mp_asm64, which was completely broken in 1.2.6
- * Removed tm_hw_ia32 module; replaced by tm_hard
- * Added support for loading certain oddly formed RSA certificates
- * Fixed spelling of NON_REPUDIATION enum
- * Renamed the option default_to_ca to v1_assume_ca
- * Fixed a minor bug in X.509 certificate generation
- * Fixed a latent bug in the OID lookup code
- * Updated the RPM spec file
- * Added to the tutorial
+* Added support for reading configuration files
+* Added constructors so NR and RW keys can be imported easily
+* Fixed mp_asm64, which was completely broken in 1.2.6
+* Removed tm_hw_ia32 module; replaced by tm_hard
+* Added support for loading certain oddly formed RSA certificates
+* Fixed spelling of NON_REPUDIATION enum
+* Renamed the option default_to_ca to v1_assume_ca
+* Fixed a minor bug in X.509 certificate generation
+* Fixed a latent bug in the OID lookup code
+* Updated the RPM spec file
+* Added to the tutorial
Version 1.2.6, 2003-07-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Major performance increase for PK algorithms on most 64-bit systems
- * Cleanups in the low-level MPI code to support asm implementations
- * Fixed build problems with some versions of Compaq's C++ compiler
- * Removed useless constructors for NR public and private keys
- * Removed support for the patch_file directive in module files
- * Removed several deprecated functions
+* Major performance increase for PK algorithms on most 64-bit systems
+* Cleanups in the low-level MPI code to support asm implementations
+* Fixed build problems with some versions of Compaq's C++ compiler
+* Removed useless constructors for NR public and private keys
+* Removed support for the patch_file directive in module files
+* Removed several deprecated functions
Version 1.2.5, 2003-06-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a tricky and long-standing memory leak in Pipe
- * Major cleanups and fixes in the memory allocation system
- * Removed alloc_mlock, which has been superseded by the ml_unix module
- * Removed a denial of service vulnerability in X509_Store
- * Fixed compilation problems with VS .NET 2003 and Codewarrior 8
- * Added another variant of PKCS8::load_key, taking a memory buffer
- * Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
- * BigInt::operator%=(word) was a no-op if the input was a power of 2
- * Fixed portability problems in BigInt::to_u32bit
- * Fixed major bugs in SSL3-MAC
- * Cleaned up some messes in the PK algorithms
- * Cleanups and extensions for OMAC and EAX
- * Made changes to the entropy estimation function
- * Added a 'beos' module set for use on BeOS
- * Officially deprecated a few X509:: and PKCS8:: functions
- * Moved the contents of primes.h to numthry.h
- * Moved the contents of x509opt.h to x509self.h
- * Removed the (empty) desx.h header
- * Documentation updates
+* Fixed a tricky and long-standing memory leak in Pipe
+* Major cleanups and fixes in the memory allocation system
+* Removed alloc_mlock, which has been superseded by the ml_unix module
+* Removed a denial of service vulnerability in X509_Store
+* Fixed compilation problems with VS .NET 2003 and Codewarrior 8
+* Added another variant of PKCS8::load_key, taking a memory buffer
+* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
+* BigInt::operator%=(word) was a no-op if the input was a power of 2
+* Fixed portability problems in BigInt::to_u32bit
+* Fixed major bugs in SSL3-MAC
+* Cleaned up some messes in the PK algorithms
+* Cleanups and extensions for OMAC and EAX
+* Made changes to the entropy estimation function
+* Added a 'beos' module set for use on BeOS
+* Officially deprecated a few X509:: and PKCS8:: functions
+* Moved the contents of primes.h to numthry.h
+* Moved the contents of x509opt.h to x509self.h
+* Removed the (empty) desx.h header
+* Documentation updates
Version 1.2.4, 2003-05-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a bug in EMSA1 affecting NR signature verification
- * Fixed a few latent bugs in BigInt related to word size
- * Removed an unused function, mp_add2_nc, from the MPI implementation
- * Reorganized the core MPI files
+* Fixed a bug in EMSA1 affecting NR signature verification
+* Fixed a few latent bugs in BigInt related to word size
+* Removed an unused function, mp_add2_nc, from the MPI implementation
+* Reorganized the core MPI files
Version 1.2.3, 2003-05-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a bug that prevented DSA/NR key generation
- * Fixed a bug that prevented importing some root CA certs
- * Fixed a bug in the BER decoder when handing optional bit or byte strings
- * Fixed the encoding of authorityKeyIdentifier in X509_CA
- * Added a sanity check in PBKDF2 for zero length passphrases
- * Added versions of X509::load_key and PKCS8::load_key that take a file name
- * X509_CA generates 128 bit serial numbers now
- * Added tests to check PK key generation
- * Added a simplistic X.509 CA example
- * Cleaned up some of the examples
+* Fixed a bug that prevented DSA/NR key generation
+* Fixed a bug that prevented importing some root CA certs
+* Fixed a bug in the BER decoder when handing optional bit or byte strings
+* Fixed the encoding of authorityKeyIdentifier in X509_CA
+* Added a sanity check in PBKDF2 for zero length passphrases
+* Added versions of X509::load_key and PKCS8::load_key that take a file name
+* X509_CA generates 128 bit serial numbers now
+* Added tests to check PK key generation
+* Added a simplistic X.509 CA example
+* Cleaned up some of the examples
Version 1.2.2, 2003-05-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Add checks to prevent any BigInt bugs from revealing an RSA or RW key
- * Changed the interface of Global_RNG::seed
- * Major improvements for the es_unix module
- * Added another Win32 entropy source, es_win32
- * The Win32 CryptoAPI entropy source can now poll multiple providers
- * Improved the BeOS entropy source
- * Renamed pipe_unixfd module to fd_unix
- * Fixed a file descriptor leak in the EGD module
- * Fixed a few locking bugs
+* Add checks to prevent any BigInt bugs from revealing an RSA or RW key
+* Changed the interface of Global_RNG::seed
+* Major improvements for the es_unix module
+* Added another Win32 entropy source, es_win32
+* The Win32 CryptoAPI entropy source can now poll multiple providers
+* Improved the BeOS entropy source
+* Renamed pipe_unixfd module to fd_unix
+* Fixed a file descriptor leak in the EGD module
+* Fixed a few locking bugs
Version 1.2.1, 2003-05-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added ANSI X9.23 compatible CBC padding
- * Added an entropy source using Win32 CryptoAPI
- * Removed the Pipe I/O operators taking a FILE*
- * Moved the BigInt encoding/decoding functions into the BigInt class
- * Integrated several fixes for VC++ 7 (from Hany Greiss)
- * Fixed the configure.pl script for Windows builds
+* Added ANSI X9.23 compatible CBC padding
+* Added an entropy source using Win32 CryptoAPI
+* Removed the Pipe I/O operators taking a FILE*
+* Moved the BigInt encoding/decoding functions into the BigInt class
+* Integrated several fixes for VC++ 7 (from Hany Greiss)
+* Fixed the configure.pl script for Windows builds
Version 1.2.0, 2003-04-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Tweaked the Karatsuba cut-off points
- * Increased the allowed keylength of HMAC and Blowfish
- * Removed the 'mpi_ia32' module, pending rewrite
- * Workaround a GCC 2.95.x bug in eme1.cpp
+* Tweaked the Karatsuba cut-off points
+* Increased the allowed keylength of HMAC and Blowfish
+* Removed the 'mpi_ia32' module, pending rewrite
+* Workaround a GCC 2.95.x bug in eme1.cpp
Version 1.1.13, 2003-04-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added OMAC
- * Added EAX authenticated cipher mode
- * Diffie-Hellman would not do blinding in some cases
- * Optimized the OFB and CTR modes
- * Corrected Skipjack's word ordering, as per NIST clarification
- * Support for all subject/issuer attribute types required by RFC 3280
- * The removeFromCRL CRL reason code is now handled correctly
- * Increased the flexibility of the allocators
- * Renamed Rijndael to AES, created aes.h, deleted rijndael.h
- * Removed support for the 'no_timer' LibraryInitializer option
- * Removed 'es_pthr' module, pending further testing
- * Cleaned up get_ciph.cpp
+* Added OMAC
+* Added EAX authenticated cipher mode
+* Diffie-Hellman would not do blinding in some cases
+* Optimized the OFB and CTR modes
+* Corrected Skipjack's word ordering, as per NIST clarification
+* Support for all subject/issuer attribute types required by RFC 3280
+* The removeFromCRL CRL reason code is now handled correctly
+* Increased the flexibility of the allocators
+* Renamed Rijndael to AES, created aes.h, deleted rijndael.h
+* Removed support for the 'no_timer' LibraryInitializer option
+* Removed 'es_pthr' module, pending further testing
+* Cleaned up get_ciph.cpp
Version 1.1.12, 2003-04-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a ASN.1 string encoding bug
- * Fixed a pair of X509_DN encoding problems
- * Base64_Decoder and Hex_Decoder can now validate input
- * Removed support for the LibraryInitializer option 'egd_path'
- * Added tests for DSA X.509 and PKCS #8 key formats
- * Removed a long deprecated feature of DH_PrivateKey's constructor
- * Updated the RPM .spec file
- * Major documentation updates
+* Fixed a ASN.1 string encoding bug
+* Fixed a pair of X509_DN encoding problems
+* Base64_Decoder and Hex_Decoder can now validate input
+* Removed support for the LibraryInitializer option 'egd_path'
+* Added tests for DSA X.509 and PKCS #8 key formats
+* Removed a long deprecated feature of DH_PrivateKey's constructor
+* Updated the RPM .spec file
+* Major documentation updates
Version 1.1.11, 2003-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added PKCS #10 certificate requests
- * Changed X509_Store searching interface to be more flexible
- * Added a generic Certificate_Store interface
- * Added a function for generating self-signed X.509 certs
- * Cleanups and changes to X509_CA
- * New examples for PKCS #10 and self-signed certificates
- * Some documentation updates
+* Added PKCS #10 certificate requests
+* Changed X509_Store searching interface to be more flexible
+* Added a generic Certificate_Store interface
+* Added a function for generating self-signed X.509 certs
+* Cleanups and changes to X509_CA
+* New examples for PKCS #10 and self-signed certificates
+* Some documentation updates
Version 1.1.10, 2003-04-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * X509_CA can now generate new X.509 CRLs
- * Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
- * More certificate and CRL extensions/attributes are supported
- * Better DN handling in X.509 certificates/CRLs
- * Added a DataSink hierarchy (suggested by Jim Darby)
- * Consolidated SecureAllocator and ManagedAllocator
- * Many cleanups and generalizations
- * Added a (slow) pthreads based EntropySource
- * Fixed some threading bugs
+* X509_CA can now generate new X.509 CRLs
+* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
+* More certificate and CRL extensions/attributes are supported
+* Better DN handling in X.509 certificates/CRLs
+* Added a DataSink hierarchy (suggested by Jim Darby)
+* Consolidated SecureAllocator and ManagedAllocator
+* Many cleanups and generalizations
+* Added a (slow) pthreads based EntropySource
+* Fixed some threading bugs
Version 1.1.9, 2003-02-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added support for using X.509v2 CRLs
- * Fixed several bugs in the path validation algorithm
- * Certificates can be verified for a particular usage
- * Algorithm for comparing distinguished names now follows X.509
- * Cleaned up the code for the es_beos, es_ftw, es_unix modules
- * Documentation updates
+* Added support for using X.509v2 CRLs
+* Fixed several bugs in the path validation algorithm
+* Certificates can be verified for a particular usage
+* Algorithm for comparing distinguished names now follows X.509
+* Cleaned up the code for the es_beos, es_ftw, es_unix modules
+* Documentation updates
Version 1.1.8, 2003-01-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixes for the certificate path validation algorithm in X509_Store
- * Fixed a bug affecting X509_Certificate::is_ca_cert()
- * Added a general configuration interface for policy issues
- * Cleanups and API changes in the X.509 CA, cert, and store code
- * Made various options available for X509_CA users
- * Changed X509_Time's interface to work around time_t problems
- * Fixed a theoretical weakness in Randpool's entropy mixing function
- * Fixed problems compiling with GCC 2.95.3 and GCC 2.96
- * Fixed a configure bug (reported by Jon Wilson) affecting MinGW
+* Fixes for the certificate path validation algorithm in X509_Store
+* Fixed a bug affecting X509_Certificate::is_ca_cert()
+* Added a general configuration interface for policy issues
+* Cleanups and API changes in the X.509 CA, cert, and store code
+* Made various options available for X509_CA users
+* Changed X509_Time's interface to work around time_t problems
+* Fixed a theoretical weakness in Randpool's entropy mixing function
+* Fixed problems compiling with GCC 2.95.3 and GCC 2.96
+* Fixed a configure bug (reported by Jon Wilson) affecting MinGW
Version 1.1.7, 2003-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed an obscure but dangerous bug in SecureVector::swap
- * Consolidated SHA-384 and SHA-512 to save code space
- * Added SSL3-MAC and SSL3-PRF
- * Documentation updates, including a new tutorial
+* Fixed an obscure but dangerous bug in SecureVector::swap
+* Consolidated SHA-384 and SHA-512 to save code space
+* Added SSL3-MAC and SSL3-PRF
+* Documentation updates, including a new tutorial
Version 1.0.2, 2003-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed an obscure SEGFAULT causing bug in Pipe
- * Fixed an obscure but dangerous bug in SecureVector::swap
+* Fixed an obscure SEGFAULT causing bug in Pipe
+* Fixed an obscure but dangerous bug in SecureVector::swap
2002
----------------------------------------
@@ -1487,336 +1496,336 @@ Version 1.0.2, 2003-01-12
Version 1.1.6, 2002-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Initial support for X.509v3 certificates and CAs
- * Major redesign/rewrite of the ASN.1 encoding/decoding code
- * Added handling for DSA/NR signatures encoded as DER SEQUENCEs
- * Documented the generic cipher lookup interface
- * Added an (untested) entropy source for BeOS
- * Various cleanups and bug fixes
+* Initial support for X.509v3 certificates and CAs
+* Major redesign/rewrite of the ASN.1 encoding/decoding code
+* Added handling for DSA/NR signatures encoded as DER SEQUENCEs
+* Documented the generic cipher lookup interface
+* Added an (untested) entropy source for BeOS
+* Various cleanups and bug fixes
Version 1.1.5, 2002-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added the discrete logarithm integrated encryption system (DLIES)
- * Various optimizations for BigInt
- * Added support for assembler optimizations in modules
- * Added BigInt x86 optimizations module (mpi_ia32)
+* Added the discrete logarithm integrated encryption system (DLIES)
+* Various optimizations for BigInt
+* Added support for assembler optimizations in modules
+* Added BigInt x86 optimizations module (mpi_ia32)
Version 1.1.4, 2002-11-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Speedup of 15-30% for PK algorithms
- * Implemented the PBES2 encryption scheme
- * Fixed a potential bug in decoding RSA and RW private keys
- * Changed the DL_Group class interface to handle different formats better
- * Added support for PKCS #3 encoded DH parameters
- * X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
- * Added key pair consistency checking
- * Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
- * A botan-config script is generated at configure time
- * Documentation updates
+* Speedup of 15-30% for PK algorithms
+* Implemented the PBES2 encryption scheme
+* Fixed a potential bug in decoding RSA and RW private keys
+* Changed the DL_Group class interface to handle different formats better
+* Added support for PKCS #3 encoded DH parameters
+* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
+* Added key pair consistency checking
+* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
+* A botan-config script is generated at configure time
+* Documentation updates
Version 1.1.3, 2002-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added a generic public/private key loading interface
- * Fixed a small encoding bug in RSA, RW, and DH
- * Changed the PK encryption/decryption interface classes
- * ECB supports using padding methods
- * Added a function-based interface for library initialization
- * Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
- * The cipher mode benchmarks now use 128-bit AES instead of DES
- * Removed some obsolete typedefs
- * Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
- * Added tests for PKCS #8 encoding/decoding
- * Added more tests for ECB and CBC
+* Added a generic public/private key loading interface
+* Fixed a small encoding bug in RSA, RW, and DH
+* Changed the PK encryption/decryption interface classes
+* ECB supports using padding methods
+* Added a function-based interface for library initialization
+* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
+* The cipher mode benchmarks now use 128-bit AES instead of DES
+* Removed some obsolete typedefs
+* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
+* Added tests for PKCS #8 encoding/decoding
+* Added more tests for ECB and CBC
Version 1.1.2, 2002-10-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Support for PKCS #8 encoded RSA, DSA, and DH private keys
- * Support for Diffie-Hellman X.509 public keys
- * Major reorganization of how X.509 keys are handled
- * Added PKCS #5 v2.0's PBES1 encryption scheme
- * Added a generic cipher lookup interface
- * Added the WiderWake4+1 stream cipher
- * Added support for sync-able stream ciphers
- * Added a 'paranoia level' option for the LibraryInitializer
- * More security for RNG output meant for long term keys
- * Added documentation for some of the new 1.1.x features
- * CFB's feedback argument is now specified in bits
- * Renamed CTR class to CTR_BE
- * Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats
+* Support for PKCS #8 encoded RSA, DSA, and DH private keys
+* Support for Diffie-Hellman X.509 public keys
+* Major reorganization of how X.509 keys are handled
+* Added PKCS #5 v2.0's PBES1 encryption scheme
+* Added a generic cipher lookup interface
+* Added the WiderWake4+1 stream cipher
+* Added support for sync-able stream ciphers
+* Added a 'paranoia level' option for the LibraryInitializer
+* More security for RNG output meant for long term keys
+* Added documentation for some of the new 1.1.x features
+* CFB's feedback argument is now specified in bits
+* Renamed CTR class to CTR_BE
+* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats
Version 1.1.1, 2002-10-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added the Korean hash function HAS-160
- * Partial support for RSA and DSA X.509 public keys
- * Added a mostly functional BER encoder/decoder
- * Added support for non-deterministic MAC functions
- * Initial support for PEM encoding/decoding
- * Internal cleanups in the PK algorithms
- * Several new convenience functions in Pipe
- * Fixed two nasty bugs in Pipe
- * Messed with the entropy sources for es_unix
- * Discrete logarithm groups are checked for safety more closely now
- * For compatibility with GnuPG, ElGamal now supports DSA-style groups
+* Added the Korean hash function HAS-160
+* Partial support for RSA and DSA X.509 public keys
+* Added a mostly functional BER encoder/decoder
+* Added support for non-deterministic MAC functions
+* Initial support for PEM encoding/decoding
+* Internal cleanups in the PK algorithms
+* Several new convenience functions in Pipe
+* Fixed two nasty bugs in Pipe
+* Messed with the entropy sources for es_unix
+* Discrete logarithm groups are checked for safety more closely now
+* For compatibility with GnuPG, ElGamal now supports DSA-style groups
Version 1.1.0, 2002-09-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added entropy estimation to the RNGs
- * Improved the overall design of both Randpool and ANSI_X917_RNG
- * Added a separate RNG for nonce generation
- * Added window exponentiation support in power_mod
- * Added a get_s2k function and the PKCS #5 S2K algorithms
- * Added the TLSv1 PRF
- * Replaced BlockCipherModeIV typedef with InitializationVector class
- * Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
- * Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
- * Added support for RIPEMD-160 PKCS#1 v1.5 signatures
- * Changed the key agreement scheme interface
- * Changed the S2K and KDF interfaces
- * Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
- * Added support for variable-pass Tiger
- * Major speedup for Rabin-Williams key generation
+* Added entropy estimation to the RNGs
+* Improved the overall design of both Randpool and ANSI_X917_RNG
+* Added a separate RNG for nonce generation
+* Added window exponentiation support in power_mod
+* Added a get_s2k function and the PKCS #5 S2K algorithms
+* Added the TLSv1 PRF
+* Replaced BlockCipherModeIV typedef with InitializationVector class
+* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
+* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
+* Added support for RIPEMD-160 PKCS#1 v1.5 signatures
+* Changed the key agreement scheme interface
+* Changed the S2K and KDF interfaces
+* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
+* Added support for variable-pass Tiger
+* Major speedup for Rabin-Williams key generation
Version 1.0.1, 2002-09-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed a minor bug in Randpool::random()
- * Added some new aliases and typedefs for 1.1.x compatibility
- * The 4096-bit RSA benchmark key was decimal instead of hex
- * EMAC was returning an incorrect name
+* Fixed a minor bug in Randpool::random()
+* Added some new aliases and typedefs for 1.1.x compatibility
+* The 4096-bit RSA benchmark key was decimal instead of hex
+* EMAC was returning an incorrect name
Version 1.0.0, 2002-08-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Octal I/O of BigInt is now supported
- * Fixed portability problems in the es_egd module
- * Generalized IV handling in the block cipher modes
- * Added Karatsuba multiplication and k-ary exponentiation
- * Fixed a problem in the multiplication routines
+* Octal I/O of BigInt is now supported
+* Fixed portability problems in the es_egd module
+* Generalized IV handling in the block cipher modes
+* Added Karatsuba multiplication and k-ary exponentiation
+* Fixed a problem in the multiplication routines
Version 0.9.2, 2002-08-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * DH_PrivateKey::public_value() was returning the wrong value
- * Various BigInt optimizations
- * The filters.h header now includes hex.h and base64.h
- * Moved Counter mode to ctr.h
- * Fixed a couple minor problems with VC++ 7
- * Fixed problems with the RPM spec file
+* DH_PrivateKey::public_value() was returning the wrong value
+* Various BigInt optimizations
+* The filters.h header now includes hex.h and base64.h
+* Moved Counter mode to ctr.h
+* Fixed a couple minor problems with VC++ 7
+* Fixed problems with the RPM spec file
Version 0.9.1, 2002-08-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Grand rename from OpenCL to Botan
- * Major optimizations for the PK algorithms
- * Added ElGamal encryption
- * Added Whirlpool
- * Tweaked memory allocation parameters
- * Improved the method of seeding the global RNG
- * Moved pkcs1.h to eme_pkcs.h
- * Added more test vectors for some algorithms
- * Fixed error reporting in the BigInt tests
- * Removed Default_Timer, it was pointless
- * Added some new example applications
- * Removed some old examples that weren't that interesting
- * Documented the compression modules
+* Grand rename from OpenCL to Botan
+* Major optimizations for the PK algorithms
+* Added ElGamal encryption
+* Added Whirlpool
+* Tweaked memory allocation parameters
+* Improved the method of seeding the global RNG
+* Moved pkcs1.h to eme_pkcs.h
+* Added more test vectors for some algorithms
+* Fixed error reporting in the BigInt tests
+* Removed Default_Timer, it was pointless
+* Added some new example applications
+* Removed some old examples that weren't that interesting
+* Documented the compression modules
Version 0.9.0, 2002-08-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * EMSA4 supports variable salt size
- * PK_* can take a string naming the encoding method to use
- * Started writing some internals documentation
+* EMSA4 supports variable salt size
+* PK_* can take a string naming the encoding method to use
+* Started writing some internals documentation
Version 0.8.7, 2002-07-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed bugs in EME1 and EMSA4
- * Fixed a potential crash at shutdown
- * Cipher modes returned an ill-formed name
- * Removed various deprecated types and headers
- * Cleaned up the Pipe interface a bit
- * Minor additions to the documentation
- * First stab at a Visual C++ makefile (doc/Makefile.vc7)
+* Fixed bugs in EME1 and EMSA4
+* Fixed a potential crash at shutdown
+* Cipher modes returned an ill-formed name
+* Removed various deprecated types and headers
+* Cleaned up the Pipe interface a bit
+* Minor additions to the documentation
+* First stab at a Visual C++ makefile (doc/Makefile.vc7)
Version 0.8.6, 2002-07-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added EMSA4 (aka PSS)
- * Brought the manual up to date; many corrections and additions
- * Added a parallel hash function construction
- * Lookup supports all available algorithms now
- * Lazy initialization of the lookup tables
- * Made more discrete logarithm groups available through get_dl_group()
- * StreamCipher_Filter supports seeking (if the underlying cipher does)
- * Minor optimization for GCD calculations
- * Renamed SAFER_SK128 to SAFER_SK
- * Removed many previously deprecated functions
- * Some now-obsolete functions, headers, and types have been deprecated
- * Fixed some bugs in DSA prime generation
- * DL_Group had a constructor for DSA-style prime gen but it wasn't defined
- * Reversed the ordering of the two arguments to SEAL's constructor
- * Fixed a threading problem in the PK algorithms
- * Fixed a minor memory leak in lookup.cpp
- * Fixed pk_types.h (it was broken in 0.8.5)
- * Made validation tests more verbose
- * Updated the check and example applications
+* Added EMSA4 (aka PSS)
+* Brought the manual up to date; many corrections and additions
+* Added a parallel hash function construction
+* Lookup supports all available algorithms now
+* Lazy initialization of the lookup tables
+* Made more discrete logarithm groups available through get_dl_group()
+* StreamCipher_Filter supports seeking (if the underlying cipher does)
+* Minor optimization for GCD calculations
+* Renamed SAFER_SK128 to SAFER_SK
+* Removed many previously deprecated functions
+* Some now-obsolete functions, headers, and types have been deprecated
+* Fixed some bugs in DSA prime generation
+* DL_Group had a constructor for DSA-style prime gen but it wasn't defined
+* Reversed the ordering of the two arguments to SEAL's constructor
+* Fixed a threading problem in the PK algorithms
+* Fixed a minor memory leak in lookup.cpp
+* Fixed pk_types.h (it was broken in 0.8.5)
+* Made validation tests more verbose
+* Updated the check and example applications
Version 0.8.5, 2002-07-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
- * Added a DL_Group class
- * Reworking of the pubkey internals
- * Support in lookup for aliases and PK algorithms
- * Renamed CAST5 to CAST_128 and CAST256 to CAST_256
- * Added EMSA1
- * Reorganization of header files
- * LibraryInitializer will install new allocator types if requested
- * Fixed a bug in Diffie-Hellman key generation
- * Did a workaround in pipe.cpp for GCC 2.95.x on Linux
- * Removed some debugging code from init.cpp that made FTW ES useless
- * Better checking for invalid arguments in the PK algorithms
- * Reduced Base64 and Hex default line length (if line breaking is used)
- * Fixes for HP's aCC compiler
- * Cleanups in BigInt
+* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
+* Added a DL_Group class
+* Reworking of the pubkey internals
+* Support in lookup for aliases and PK algorithms
+* Renamed CAST5 to CAST_128 and CAST256 to CAST_256
+* Added EMSA1
+* Reorganization of header files
+* LibraryInitializer will install new allocator types if requested
+* Fixed a bug in Diffie-Hellman key generation
+* Did a workaround in pipe.cpp for GCC 2.95.x on Linux
+* Removed some debugging code from init.cpp that made FTW ES useless
+* Better checking for invalid arguments in the PK algorithms
+* Reduced Base64 and Hex default line length (if line breaking is used)
+* Fixes for HP's aCC compiler
+* Cleanups in BigInt
Version 0.8.4, 2002-07-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added Nyberg-Rueppel signatures
- * Added Diffie-Hellman key exchange (kex interface is subject to change)
- * Added KDF2
- * Enhancements to the lookup API
- * Many things formerly taking pointers to algorithms now take names
- * Speedups for prime generation
- * LibraryInitializer has support for seeding the global RNG
- * Reduced SAFER-SK128 memory consumption
- * Reversed the ordering of public and private key values in DSA constructor
- * Fixed serious bugs in MemoryMapping_Allocator
- * Fixed memory leak in Lion
- * FTW_EntropySource was not closing the files it read
- * Fixed line breaking problem in Hex_Encoder
+* Added Nyberg-Rueppel signatures
+* Added Diffie-Hellman key exchange (kex interface is subject to change)
+* Added KDF2
+* Enhancements to the lookup API
+* Many things formerly taking pointers to algorithms now take names
+* Speedups for prime generation
+* LibraryInitializer has support for seeding the global RNG
+* Reduced SAFER-SK128 memory consumption
+* Reversed the ordering of public and private key values in DSA constructor
+* Fixed serious bugs in MemoryMapping_Allocator
+* Fixed memory leak in Lion
+* FTW_EntropySource was not closing the files it read
+* Fixed line breaking problem in Hex_Encoder
Version 0.8.3, 2002-06-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added DSA and Rabin-Williams signature schemes
- * Added EMSA3
- * Added PKCS#1 v1.5 encryption padding
- * Added Filters for PK algorithms
- * Added a Keyed_Filter class
- * LibraryInitializer processes arguments now
- * Major revamp of the PK interface classes
- * Changed almost all of the Filters for non-template operation
- * Changed HMAC, Lion, Luby-Rackoff to non-template classes
- * Some fairly minor BigInt optimizations
- * Added simple benchmarking for PK algorithms
- * Added hooks for fixed base and fixed exponent modular exponentiation
- * Added some examples for using RSA
- * Numerous bugfixes and cleanups
- * Documentation updates
+* Added DSA and Rabin-Williams signature schemes
+* Added EMSA3
+* Added PKCS#1 v1.5 encryption padding
+* Added Filters for PK algorithms
+* Added a Keyed_Filter class
+* LibraryInitializer processes arguments now
+* Major revamp of the PK interface classes
+* Changed almost all of the Filters for non-template operation
+* Changed HMAC, Lion, Luby-Rackoff to non-template classes
+* Some fairly minor BigInt optimizations
+* Added simple benchmarking for PK algorithms
+* Added hooks for fixed base and fixed exponent modular exponentiation
+* Added some examples for using RSA
+* Numerous bugfixes and cleanups
+* Documentation updates
Version 0.8.2, 2002-05-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added an (experimental) algorithm lookup interface
- * Added code for directly testing BigInt
- * Added SHA2-384
- * Optimized SHA2-512
- * Major optimization for Adler32 (thanks to Dan Nicolaescu)
- * Various minor optimizations in BigInt and related areas
- * Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
- * Fixed a bug in BufferingFilter
- * Made a few fixes for MacOS X
- * Added a workaround in configure.pl for GCC 2.95.x
- * Better support for PowerPC, ARM, and Alpha
- * Some more cleanups
+* Added an (experimental) algorithm lookup interface
+* Added code for directly testing BigInt
+* Added SHA2-384
+* Optimized SHA2-512
+* Major optimization for Adler32 (thanks to Dan Nicolaescu)
+* Various minor optimizations in BigInt and related areas
+* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
+* Fixed a bug in BufferingFilter
+* Made a few fixes for MacOS X
+* Added a workaround in configure.pl for GCC 2.95.x
+* Better support for PowerPC, ARM, and Alpha
+* Some more cleanups
Version 0.8.1, 2002-05-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Major code cleanup (check doc/deprecated.txt)
- * Various bugs fixed, including several portability problems
- * Renamed MessageAuthCode to MessageAuthenticationCode
- * A replacement for X917 is in x917_rng.h
- * Changed EMAC to non-template class
- * Added ANSI X9.19 compatible CBC-MAC
- * TripleDES now supports 128 bit keys
+* Major code cleanup (check doc/deprecated.txt)
+* Various bugs fixed, including several portability problems
+* Renamed MessageAuthCode to MessageAuthenticationCode
+* A replacement for X917 is in x917_rng.h
+* Changed EMAC to non-template class
+* Added ANSI X9.19 compatible CBC-MAC
+* TripleDES now supports 128 bit keys
Version 0.8.0, 2002-04-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Merged BigInt: many bugfixes and optimizations since alpha2
- * Added RSA (rsa.h)
- * Added EMSA2 (emsa2.h)
- * Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
- * Changed some interfaces, including SymmetricKey, to support the global rng
- * Fixed a serious bug in ManagedAllocator
- * Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
- * Removed some deprecated stuff
- * Added a global random number generator (rng.h)
- * Added clone functions to most of the basic algorithms
- * Added a library initializer class (init.h)
- * Version macros in version.h
- * Moved the base classes from opencl.h to base.h
- * Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
- * Documentation updates for the new stuff (still incomplete)
- * Many new deprecated things: check doc/deprecated.txt
+* Merged BigInt: many bugfixes and optimizations since alpha2
+* Added RSA (rsa.h)
+* Added EMSA2 (emsa2.h)
+* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
+* Changed some interfaces, including SymmetricKey, to support the global rng
+* Fixed a serious bug in ManagedAllocator
+* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
+* Removed some deprecated stuff
+* Added a global random number generator (rng.h)
+* Added clone functions to most of the basic algorithms
+* Added a library initializer class (init.h)
+* Version macros in version.h
+* Moved the base classes from opencl.h to base.h
+* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
+* Documentation updates for the new stuff (still incomplete)
+* Many new deprecated things: check doc/deprecated.txt
Version 0.7.10, 2002-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Added EGD_EntropySource module (es_egd)
- * Added a file tree walking EntropySource (es_ftw)
- * Added MemoryLocking_Allocator module (alloc_mlock)
- * Renamed the pthr_mux, unix_rnd, and mmap_mem modules
- * Changed timer mechanism; the clock method can be switched on the fly.
- * Renamed MmapDisk_Allocator to MemoryMapping_Allocator
- * Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
- * Fixed several bugs in MemoryMapping_Allocator
- * Added more default sources for Unix_EntropySource
- * Changed SecureBuffer to use same allocation methods as SecureVector
- * Added bigint_divcore into mp_core to support BigInt alpha2 release
- * Removed some Pipe functions deprecated since 0.7.8
- * Some fixes for the configure program
+* Added EGD_EntropySource module (es_egd)
+* Added a file tree walking EntropySource (es_ftw)
+* Added MemoryLocking_Allocator module (alloc_mlock)
+* Renamed the pthr_mux, unix_rnd, and mmap_mem modules
+* Changed timer mechanism; the clock method can be switched on the fly.
+* Renamed MmapDisk_Allocator to MemoryMapping_Allocator
+* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
+* Fixed several bugs in MemoryMapping_Allocator
+* Added more default sources for Unix_EntropySource
+* Changed SecureBuffer to use same allocation methods as SecureVector
+* Added bigint_divcore into mp_core to support BigInt alpha2 release
+* Removed some Pipe functions deprecated since 0.7.8
+* Some fixes for the configure program
Version 0.7.9, 2002-03-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Memory allocation substantially revamped
- * Added memory allocation method based on mmap(2) in the mmap_mem module
- * Added ECB and CTS block cipher modes (ecb.h, cts.h)
- * Added a Mutex interface (mutex.h)
- * Added module pthr_mux, implementing the Mutex interface
- * Added Threaded Filter interface (thr_filt.h)
- * All algorithms can now by keyed with SymmetricKey objects
- * More testing occurs with --validate (expected failures)
- * Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
- * Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
- * Made X917 safer (and about 1/3 as fast)
- * Documentation updates
+* Memory allocation substantially revamped
+* Added memory allocation method based on mmap(2) in the mmap_mem module
+* Added ECB and CTS block cipher modes (ecb.h, cts.h)
+* Added a Mutex interface (mutex.h)
+* Added module pthr_mux, implementing the Mutex interface
+* Added Threaded Filter interface (thr_filt.h)
+* All algorithms can now by keyed with SymmetricKey objects
+* More testing occurs with --validate (expected failures)
+* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
+* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
+* Made X917 safer (and about 1/3 as fast)
+* Documentation updates
Version 0.7.8, 2002-02-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
+* More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION
- * Added a BufferingFilter class
- * Added popen() based EntropySource for generic Unix systems (unix_rnd)
- * Moved 'devrand' module into main distribution (ent_file.h), renamed to
+* Added a BufferingFilter class
+* Added popen() based EntropySource for generic Unix systems (unix_rnd)
+* Moved 'devrand' module into main distribution (ent_file.h), renamed to
File_EntropySource, and changed interface somewhat.
- * Made Randpool somewhat more conservative and also 25% faster
- * Minor fixes and updates for the configure script
- * Added some tweaks for memory allocation
- * Documentation updates for the new Pipe interface
- * Fixed various minor bugs
- * Added a couple of new example programs (stack and hasher2)
+* Made Randpool somewhat more conservative and also 25% faster
+* Minor fixes and updates for the configure script
+* Added some tweaks for memory allocation
+* Documentation updates for the new Pipe interface
+* Fixed various minor bugs
+* Added a couple of new example programs (stack and hasher2)
2001
----------------------------------------
@@ -1824,98 +1833,98 @@ Version 0.7.8, 2002-02-28
Version 0.7.7, 2001-11-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Filter::send now works in the constructor of a Filter subclass
- * You may now have to include <opencl/pipe.h> explicitly in some code
- * Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
- * Enhancements to SecureVector (append, destroy functions)
- * New infrastructure for secure memory allocation
- * Added IEEE P1363 primitives MGF1, EME1, KDF1
- * Rijndael optimizations and cleanups
- * Changed CipherMode<B> to BlockCipherMode(B*)
- * Fixed a nasty bug in pipe_unixfd
- * Added portions of the BigInt code into the main library
- * Support for VAX, SH, POWER, PowerPC-64, Intel C++
+* Filter::send now works in the constructor of a Filter subclass
+* You may now have to include <opencl/pipe.h> explicitly in some code
+* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
+* Enhancements to SecureVector (append, destroy functions)
+* New infrastructure for secure memory allocation
+* Added IEEE P1363 primitives MGF1, EME1, KDF1
+* Rijndael optimizations and cleanups
+* Changed CipherMode<B> to BlockCipherMode(B*)
+* Fixed a nasty bug in pipe_unixfd
+* Added portions of the BigInt code into the main library
+* Support for VAX, SH, POWER, PowerPC-64, Intel C++
Version 0.7.6, 2001-10-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fixed several serious bugs in SecureVector created in 0.7.5
- * Square optimizations
- * Fixed shared objects on MacOS X and HP-UX
- * Fixed static libs for KCC 4.0; works with KCC 3.4g as well
- * Full support for Athlon and K6 processors using GCC
- * Added a table of prime numbers < 2**16 (primes.h)
- * Some minor documentation updates
+* Fixed several serious bugs in SecureVector created in 0.7.5
+* Square optimizations
+* Fixed shared objects on MacOS X and HP-UX
+* Fixed static libs for KCC 4.0; works with KCC 3.4g as well
+* Full support for Athlon and K6 processors using GCC
+* Added a table of prime numbers < 2**16 (primes.h)
+* Some minor documentation updates
Version 0.7.5, 2001-08-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Split checksum.h into adler32.h, crc24.h, and crc32.h
- * Split modes.h into cbc.h, cfb.h, and ofb.h
- * CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
- * Added OneAndZeros and NoPadding methods for CBC
- * Added Lion, a very fast block cipher construction
- * Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
- * Basic types (ciphers, hashes, etc) know their names now (call name())
- * Changed the EntropySource type somewhat
- * Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
- * Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
- * Some semantics of SecureVector have changed slightly
- * The mlock module has been removed for the time being
- * Added string handling functions for hashes and MACs
- * Various non-user-visible cleanups
- * Shared library soname is now set to the full version number
+* Split checksum.h into adler32.h, crc24.h, and crc32.h
+* Split modes.h into cbc.h, cfb.h, and ofb.h
+* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
+* Added OneAndZeros and NoPadding methods for CBC
+* Added Lion, a very fast block cipher construction
+* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
+* Basic types (ciphers, hashes, etc) know their names now (call name())
+* Changed the EntropySource type somewhat
+* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
+* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
+* Some semantics of SecureVector have changed slightly
+* The mlock module has been removed for the time being
+* Added string handling functions for hashes and MACs
+* Various non-user-visible cleanups
+* Shared library soname is now set to the full version number
Version 0.7.4, 2001-07-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
- * Fixed a vast number of errors in the config script/makefile/specfile
- * Pipe now has a stdio(3) interface as well as C++ iostreams
- * ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
- * Bzip2 supports decompressing multiple concatenated streams, and flushing
- * Added a simple 'overall average' score to the benchmarks
- * Fixed a small bug in the POSIX timer module
- * Removed a very-unlikely-to-occur bug in most of the hash functions
- * filtbase.h now includes <iosfwd>, not <iostream>
- * Minor documentation updates
+* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
+* Fixed a vast number of errors in the config script/makefile/specfile
+* Pipe now has a stdio(3) interface as well as C++ iostreams
+* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
+* Bzip2 supports decompressing multiple concatenated streams, and flushing
+* Added a simple 'overall average' score to the benchmarks
+* Fixed a small bug in the POSIX timer module
+* Removed a very-unlikely-to-occur bug in most of the hash functions
+* filtbase.h now includes <iosfwd>, not <iostream>
+* Minor documentation updates
Version 0.7.3, 2001-06-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Fix build problems on Solaris/SPARC
- * Fix build problems with Perl versions < 5.6
- * Fixed some stupid code that broke on a few compilers
- * Added string handling functions to Pipe
- * MISTY1 optimizations
+* Fix build problems on Solaris/SPARC
+* Fix build problems with Perl versions < 5.6
+* Fixed some stupid code that broke on a few compilers
+* Added string handling functions to Pipe
+* MISTY1 optimizations
Version 0.7.2, 2001-06-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Build system supports modules
- * Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
- * Added Bzip2 compression filter, contributed by Peter Jones
- * GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
- * Fixed minor bug in several of the hash functions
- * Various other minor fixes and changes
- * Updates to the documentation
+* Build system supports modules
+* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
+* Added Bzip2 compression filter, contributed by Peter Jones
+* GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
+* Fixed minor bug in several of the hash functions
+* Various other minor fixes and changes
+* Updates to the documentation
Version 0.7.1, 2001-05-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * Rewrote configure script: more consistent and complete
- * Made it easier to find out parameters of types at run time (opencl.h)
- * New functions for finding the version being used (version.h)
- * New SymmetricKey interface for Filters (symkey.h)
- * InvalidKeyLength now records what the invalid key length was
- * Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
- * Changed GOST to use correct S-box ordering (incompatible change)
- * Benchmark code was almost totally rewritten
- * Many more entries in the test vector file
- * Fixed minor and idiotic bug in check.cpp
+* Rewrote configure script: more consistent and complete
+* Made it easier to find out parameters of types at run time (opencl.h)
+* New functions for finding the version being used (version.h)
+* New SymmetricKey interface for Filters (symkey.h)
+* InvalidKeyLength now records what the invalid key length was
+* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
+* Changed GOST to use correct S-box ordering (incompatible change)
+* Benchmark code was almost totally rewritten
+* Many more entries in the test vector file
+* Fixed minor and idiotic bug in check.cpp
Version 0.7.0, 2001-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * First public release
+* First public release
diff --git a/doc/passhash.txt b/doc/passhash.txt
index 7874f8e22..005043e44 100644
--- a/doc/passhash.txt
+++ b/doc/passhash.txt
@@ -103,7 +103,9 @@ hosts).
Botan provides two techniques for password hashing, bcrypt and
passhash9.
-Bcrypt
+.. _bcrypt:
+
+Bcrypt Password Hashing
----------------------------------------
Bcrypt is a password hashing scheme originally designed for use in