diff options
Diffstat (limited to 'doc/log.txt')
| -rw-r--r-- | doc/log.txt | 3425 |
1 files changed, 1882 insertions, 1543 deletions
diff --git a/doc/log.txt b/doc/log.txt index 8ceb13a60..d4dd96430 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -1,1545 +1,1884 @@ -* 1.9.16-dev, ????-??-?? - - Second release candidate for 1.10.0 - - Disable the by-default 'strong' checking of private keys that are - loaded from storage. You can always request key material sanity - checking using check_key. - - Bring back removed functions min_keylength_of, max_keylength_of, - keylength_multiple_of in lookup.h to avoid breaking applications. - -* 1.9.15, 2011-03-21 - - First release candidate for 1.10.0 - - Modify how message expansion is done in SHA-256 and SHA-512. - Instead of expanding the entire message at the start, compute them - in the minimum number of registers. Values are computed 15 rounds - before they are needed. On a Core i7-860, GCC 4.5.2, went from - 143 to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. - - Pipe will delete empty output queues as soon as they are no longer - needed, even if earlier messages still have data unread. However an - (empty) entry in a deque of pointers will remain until all prior - messages are completely emptied. - - Avoid reading the SPARC %tick register on OpenBSD as unlike Linux - the kernel will not trap and emulate it for us, causing a illegal - instruction crash. - - Improve detection and autoconfiguration for ARM processors. - -* 1.9.14, 2011-03-01 - - Add support for bcrypt, OpenBSD's password hashing scheme - - Add support for NIST's AES key wrapping algorithm - - Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142) - -* 1.9.13, 2011-02-19 - - Update Keccak to the round 3 variant - - Fix ordering in GOST 34.10 signatures to match DNSSEC specifications - - Use size_t instead of u32bit for small integers in DER/BER codecs - - Add new build option --distribution-info - - Fix problems in the amalgamation build - - Fix building under Clang 2.9 and Sun Studio 12 - -* 1.9.12, 2010-12-13 - - Add the Keccak hash function - - Fix compilation problems in Python wrappers - - Fix compilation problem in OpenSSL engine - - Update SQLite3 database encryption codec - -* 1.9.11, 2010-11-29 - - Many SSL/TLS APIs have changed. This API is still unstable. - - The SSL interface requires TR1 (uses std::tr1::function) - - Fix SSL handshake failures when using RC4 ciphersuites - - Fix a number of CRL encoding and decoding bugs - - Counter mode now always encrypts 256 blocks in parallel - - Code where u32bit was used to represent a length now uses size_t - - Use small tables in the first round of AES - - Removed AES class: app must choose AES-128, AES-192, or AES-256 - - Add hex encoding/decoding functions that can be used without a Pipe - - Add base64 encoding functions that can be used without a Pipe - - Add to_string function to X509_Certificate - - Add support for dynamic engine loading on Windows - - Replace BlockCipher::BLOCK_SIZE attribute with function block_size() - - Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() - - Changed semantics of MemoryRegion::resize and clear to match STL - - Removed MemoryRegion::append, replaced by push_back and operator+= - - Move PBKDF lookup to engine system - - The IDEA key schedule has been changed to run in constant time - - Avoid a possible timing vulnerability in Montgomery reduction - - Add Algorithm and Key_Length_Specification classes - - Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 - - Update Skein-512 to match the v1.3 specification - - Allow using PBKDF2 with empty passphrases - - Add compile-time deprecation warnings for GCC, Clang, and MSVC - - Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 - - Improve support for Intel Atom processors - - Fix compilation problems under Sun Studio and Clang - -* 1.8.11, 2010-11-02 - - Fix a number of CRL encoding and decoding bugs - - When building a debug library under VC++, use the debug runtime - - Fix compilation under Sun Studio on Linux and Solaris - - Add several functions for compatability with 1.9 - - In the examples, read most input files as binary - - The Perl build script has been removed in this release - -* 1.8.10, 2010-08-31 - - Switch default PKCS #8 encryption algorithm from 3DES to AES-256 - - Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 - - Use small tables in the first round of AES - - Add PBKDF typedef and get_pbkdf for better compatability with 1.9 - - Add version of S2K::derive_key taking salt and iteration count - - Enable the /proc-walking entropy source on NetBSD - - Fix the doxygen makefile target - -* 1.9.10, 2010-08-12 - - Add a constant time AES implementation using SSSE3 - - Add support for loading new Engines at runtime - - Use GCC byteswap intrinsics where possible - - Drop support for building with Python 2.4 - - Fix benchmarking of block ciphers in ECB mode - - Consolidate the two x86 assembly engines - - Rename S2K to PBKDF - -* 1.9.9, 2010-06-28 - - Add new X509::BER_encode and PKCS8::BER_encode - - Give all Filter objects a name() function - - Add Keyed_Filter::valid_iv_length - - Increase default iteration counts for private key encryption - - Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later - - Fix compilation under Apple's GCC 4.2 - - Expand and update the Doxygen documentation - -* 1.8.9, 2010-06-16 - - Use constant time multiplication in IDEA - - Avoid possible timing attack against OAEP decoding - - Add new X509::BER_encode and PKCS8::BER_encode - - Enable DLL builds under Windows - - Add Win32 installer support - - Add support for the Clang compiler - - Fix problem in semcem.h preventing build under Clang or GCC 3.4 - - Fix bug that prevented creation of DSA groups under 1024 bits - - Fix crash in GMP_Engine if library is shutdown and reinitialized - - Work around problem with recent binutils in x86-64 SHA-1 - - The Perl build script is no longer supported and refuses to run by default - -* 1.9.8, 2010-06-14 - - Add support for wide multiplications on 64-bit Windows - - Use constant time multiplication in IDEA - - Avoid possible timing attack against OAEP decoding - - Removed FORK-256; rarely used and it has been broken - - Rename --use-boost-python to --with-boost-python - - Skip building shared libraries on MinGW/Cygwin - - Fix creation of 512 and 768 bit DL groups using the DSA kosherizer - - Fix compilation on GCC versions before 4.3 (missing cpuid.h) - - Fix compilation under the Clang compiler - -* 1.9.7, 2010-04-27 - - TLS: Support reading SSLv2 client hellos - - TLS: Add support for SEED ciphersuites (RFC 4162) - - Add Comb4P hash combiner function - - Fix checking of EMSA_Raw signatures with leading 0 bytes - -* 1.9.6, 2010-04-09 - - TLS: Add support for TLS v1.1 - - TLS: Support server name indicator extension - - TLS: Fix server handshake - - TLS: Fix server using DSA certificates - - TLS: Avoid timing channel between CBC padding check and MAC verification - -* 1.9.5, 2010-03-29 - - Numerous ECC optimizations - - Fix GOST 34.10-2001 X.509 key loading - - Allow PK_Signer's fault protection checks to be toggled off - - Avoid using pool-based locking allocator if we can't mlock - - Remove all runtime options - - New BER_Decoder::{decode_and_check, decode_octet_string_bigint} - - Remove SecureBuffer in favor of SecureVector length parameter - - HMAC_RNG: Perform a poll along with user-supplied entropy - - Fix crash in MemoryRegion if Allocator::get failed - - Fix small compilation problem on FreeBSD - -* 1.9.4, 2010-03-09 - - Add the Ajisai SSLv3/TLSv1.0 implementation - - Add GOST 34.10-2001 public key signature scheme - - Add SIMD implementation of Noekeon - - Add SSE2 implementation of IDEA - - Extend Salsa20 to support longer IVs (XSalsa20) - - Perform XTS encryption and decryption in parallel where possible - - Perform CBC decryption in parallel where possible - - Add SQLite3 db encryption codec, contributed by Olivier de Gaalon - - Add a block cipher cascade construction - - Add support for password hashing for authentication (passhash9.h) - - Add support for Win32 high resolution system timers - - Major refactoring and API changes in the public key code - - Use consistency checking (anti-fault attack) for all signature schemes - - Changed S2K interface: derive_key now takes salt, iteration count - - Remove dependency on TR1 for ECC and CVC code - - Renamed ECKAEG to its more usual name, ECDH - - Fix crash in GMP_Engine if library is shutdown and reinitialized - - Fix an invalid memory read in MD4 - - Fix Visual C++ static builds - - Remove Timer class entirely - - Switch default PKCS #8 encryption algorithm from 3DES to AES-128 - - New option --gen-amalgamation for creating a SQLite-style amalgamation - - Many headers are now explicitly internal-use-only and are not installed - - Greatly improve the Win32 installer - - Several fixes for Visual C++ debug builds - -* 1.9.3, 2009-11-19 - - Add new AES implementation using Intel's AES instruction intrinsics - - Add an implementation of format preserving encryption - - Allow use of any hash function in X.509 certificate creation - - Optimizations for MARS, Skipjack, and AES - - Set macros for available SIMD instructions in build.h - - Add support for using InnoSetup to package Windows builds - - By default build a DLL on Windows - -* 1.9.2, 2009-11-03 - - Add SIMD version of XTEA - - Support both SSE2 and AltiVec SIMD for Serpent and XTEA - - Optimizations for SHA-1 and SHA-2 - - Add AltiVec runtime detection - - Fix x86 CPU identification with Intel C++ and Visual C++ - -* 1.8.8, 2009-11-03 - - Alter Skein-512 to match the tweaked 1.2 specification - - Fix use of inline asm for access to x86 bswap function - - Allow building the library without AES enabled - - Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild - -* 1.9.1, 2009-10-23 - - Better support for Python and Perl wrappers - - Add an implementation of Blue Midnight Wish (Round 2 tweak version) - - Modify Skein-512 to match the tweaked 1.2 specification - - Add threshold secret sharing (draft-mcgrew-tss-02) - - Add runtime cpu feature detection for x86/x86-64 - - Add code for general runtime self testing for hashes, MACs, and ciphers - - Optimize XTEA; twice as fast as before on Core2 and Opteron - - Convert CTR_BE and OFB from filters to stream ciphers - - New parsing code for SCAN algorithm names - - Enable SSE2 optimizations under Visual C++ - - Remove all use of C++ exception specifications - - Add support for GNU/Hurd and Clang/LLVM - -* 1.9.0, 2009-09-09 - - Add support for parallel invocation of block ciphers where possible - - Add SSE2 implementation of Serpent - - Add Rivest's package transform (an all or nothing transform) - - Minor speedups to the Turing key schedule - - Fix processing multiple messages in XTS mode - - Add --no-autoload option to configure.py, for minimized builds - - The previously used configure.pl script is no longer supported - -* 1.8.7, 2009-09-09 - - Fix processing multiple messages in XTS mode - - Add --no-autoload option to configure.py, for minimized builds - -* 1.8.6, 2009-08-13 - - Add Cryptobox, a set of simple password-based encryption routines - - Only read world-readable files when walking /proc for entropy - - Fix building with TR1 disabled - - Fix x86 bswap support for Visual C++ - - Fixes for compilation under Sun C++ - - Add support for Dragonfly BSD (contributed by Patrick Georgi) - - Add support for the Open64 C++ compiler - - Build fixes for MIPS systems running Linux - - Minor changes to license, now equivalent to the FreeBSD/NetBSD license - -* 1.8.5, 2009-07-23 - - Change configure.py to work on stock Python 2.4 - - Avoid a crash in Skein_512::add_data processing a zero-length input - - Small build fixes for SPARC, ARM, and HP-PA processors - - The test suite now returns an error code from main() if any tests failed - -* 1.8.4, 2009-07-12 - - Fix a bug in nonce generation in the Miller-Rabin test - -* 1.8.3, 2009-07-11 - - Add a new Python configuration script - - Add the Skein-512 SHA-3 candidate hash function - - Add the XTS block cipher mode from IEEE P1619 - - Fix random_prime when generating a prime of less than 7 bits - - Improve handling of low-entropy situations during PRNG seeding - - Change random device polling to prefer /dev/urandom over /dev/random - - Use an input insensitive implementation of same_mem instead of memcmp - - Correct DataSource::discard_next to return the number of discarded bytes - - Provide a default value for AutoSeeded_RNG::reseed - - Fix Gentoo bug 272242 - -* 1.8.2, 2009-04-07 - - Make entropy polling more flexible and in most cases faster - - GOST 28147 now supports multiple sbox parameters - - Added the GOST 34.11 hash function - - Fix botan-config problems on MacOS X - -* 1.8.1, 2009-01-20 - - Avoid a valgrind warning in es_unix.cpp on 32-bit Linux - - Fix memory leak in PKCS8 load_key and encrypt_key - - Relicense api.tex from CC-By-SA 2.5 to BSD - - Fix botan-config on MacOS X, Solaris - -* 1.8.0, 2008-12-08 - - Fix compilation on Solaris with GCC - -* 1.7.24, 2008-12-01 - - Fix a compatibility problem with SHA-512/EMSA3 signature padding - - Fix bug preventing EGD/PRNGD entropy poller from working - - Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) - - Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 - - Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes - - Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 - - Wrap private structs in SSE2 SHA-1 code in anonymous namespace - - Change configure.pl's CPU autodetection output to be more consistent - - Disable using OpenSSL's AES due to crashes of unknown cause - - Fix warning in /proc walking entropy poller - - Fix compilation with IBM XLC for Cell 0.9-200709 - -* 1.7.23, 2008-11-23 - - Change to use TR1 (thus enabling ECDSA) with GCC and ICC - - Optimize almost all hash functions, especially MD4 and Tiger - - Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} - - Change Timer to be pure virtual, and add ANSI_Clock_Timer - - Cache socket descriptors in the EGD entropy source - - Avoid bogging down startup in /proc walking entropy source - - Remove Buffered_EntropySource helper class - - Add a Default_Benchmark_Timer typedef in benchmark.h - - Add examples using benchmark.h and Algorithm_Factory - - Add ECC tests from InSiTo - - Minor documentation updates - -* 1.7.22, 2008-11-17 - - Add provider preferences to Algorithm_Factory - - Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 - - Optimize AES encryption and decryption (about 10% faster) - - Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs - - Fix nanoseconds overflow in benchmark code - - Remove Engine::add_engine - -* 1.7.21, 2008-11-11 - - Make algorithm lookup much more configuable - - Add facilities for runtime performance testing of algorithms - - Drop use of entropy estimation in the PRNGs - - Increase intervals between HMAC_RNG automatic reseeding - - Drop InitializerOptions class, all options but thread safety - -* 1.7.20, 2008-11-09 - - Namespace pkg-config file by major and minor versions - - Cache device descriptors in Device_EntropySource - - Split base.h into {block_cipher,stream_cipher,mac,hash}.h - - Removed get_mgf function from lookup.h - -* 1.7.19, 2008-11-06 - - Add HMAC_RNG, based on a design by Hugo Krawczyk - - Optimized the Turing stream cipher (about 20% faster on x86-64) - - Modify Randpool's reseeding algorithm to poll more sources - - Add a new AutoSeeded_RNG in auto_rng.h - - OpenPGP_S2K changed to take hash object instead of name - - Add automatic identification for Intel's Prescott processors - -* 1.7.18, 2008-10-22 - - Add Doxygen comments from InSiTo - - Add ECDSA and ECKAEG benchmarks - - Add configure.pl switch --with-tr1-implementation - - Fix configure.pl's --with-endian and --with-unaligned-mem options - - Added support for pkg-config - - Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow - - Use const references to avoid copying overhead in CurveGFp, GFpModulus - -* 1.7.17, 2008-10-12 - - Add missing ECDSA object identifiers - - Fix error in x86 and x86-64 assembler affecting GF(p) math - - Remove Boost dependency from GF(p) math - - Modify botan-config to not print -L/usr/lib or -L/usr/local/lib - - Add BOTAN_DLL macro to over 30 classes missing it - - Rename the two SHA-2 base classes for consistency - -* 1.7.16, 2008-10-09 - - Add several missing pieces needed for ECDSA and ECKAEG - - Add Card Verifiable Certificates from InSiTo - - Add SHA-224 from InSiTo - - Add BSI variant of EMSA1 from InSiTo - - Add GF(p) and ECDSA tests from InSiTo - - Split ECDSA and ECKAEG into distinct modules - - Allow OpenSSL and GNU MP engines to be built with public key algos disabled - - Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h - -* 1.7.15, 2008-10-07 - - Add GF(p) arithmetic from InSiTo - - Add ECDSA and ECKAEG implementations from InSiTo - - Minimize internal dependencies, allowing for smaller build configurations - - Add new User Manual and Architecture Guide from FlexSecure GmbH - - Alter configure.pl options for better autotools compatibility - - Update build instructions for recent changes to configure.pl - - Fix CPU detection using /proc/cpuinfo - -* 1.7.14, 2008-09-30 - - Split library into parts allowing modular builds - - Add (very preliminary) CMS support to the main library - - Some constructors now require object pointers instead of names - - Support multiple implementations of the same algorithm - - Build support for Pentium-M processors, from Derek Scherger - - Build support for MinGW/MSYS, from Zbigniew Zagorski - - Use inline assembly for bswap on 32-bit x86 - -* 1.7.13, 2008-09-27 - - Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai - - Allow all examples to compile even if compression not enabled - - Make CMAC's polynomial doubling operation a public class method - - Use the -m64 flag when compiling with Sun Forte on x86-64 - - Clean up and slightly optimize CMAC::final_result - -* 1.7.12, 2008-09-18 - - Add x86 assembly for Visual Studio C++, by Luca Piccarreta - - Add a Perl XS module, by Vaclav Ovsik - - Add SWIG-based wrapper for Botan - - Add SSE2 implementation of SHA-1, by Dean Gaudet - - Remove the BigInt::sig_words cache due to bugs - - Combined the 4 Blowfish sboxes, suggested by Yves Jerschow - - Changed BigInt::grow_by and BigInt::grow_to to be non-const - - Add private assignment operators to classes that don't support assignment - - Benchmark RSA encryption and signatures - - Added test programs for random_prime and ressol - - Add high resolution timers for IA-64, HP-PA, S390x - - Reduce use of the RNG during benchmarks - - Fix builds on STI Cell PPU - - Add support for IBM's XLC compiler - - Add IETF 8192 bit MODP group - -* 1.7.11, 2008-09-11 - - Added the Salsa20 stream cipher - - Optimized Montgomery reduction, Karatsuba squaring - - Added 16x16->32 word Comba multiplication and squaring - - Use a much larger Karatsuba cutoff point - - Remove bigint_mul_add_words - - Inlined several BigInt functions - - Add useful information to the generated build.h - - Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} - - Fix the Windows build - -* 1.7.10, 2008-09-05 - - Public key benchmarks run using a selection of random keys - - New benchmark timer options are clock_gettime, gettimeofday, times, clock - - Including reinterpret_cast optimization for xor_buf in default header - - Split byte swapping and word rotation functions into distinct headers - - Add IETF modp 6144 group and 2048 and 3072 bit DSS groups - - Optimizes BigInt right shift - - Add aliases in DL_Group::Format enum - - BigInt now caches the significant word count - -* 1.7.9, 2008-08-27 - - Make clear() in most algorithm base classes a pure virtual - - Add noexec stack marker for GNU linker in assembly code - - Avoid string operations in ressol - - Compilation fixes for MinGW and Visual Studio C++ 2008 - - Some autoconfiguration fixes for Windows - -* 1.6.5, 2008-08-27 - - Add noexec stack marker for GNU linker in assembly code - - Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 - -* 1.7.8, 2008-07-15 - - Added the block cipher Noekeon - - Remove global deref_alias function - - X509_Store takes timeout options as constructor arguments - - Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH - - Extend random_prime() for generating primes of any bit length - - Remove Config class - - Allow adding new entropy via base RNG interface - - Reseeding a X9.31 PRNG also reseeds the underlying PRNG - -* 1.7.7, 2008-06-28 - - Remove the global PRNG object - - The PK filter objects were removed - - Add a test suite for the ANSI X9.31 PRNG - - Much cleaner and (mostly) thread-safe reimplementation of es_ftw - - Remove both default arguments to ANSI_X931_RNG's constructor - - Remove the randomizing version of OctetString::change - - Make the cipher and MAC to use in Randpool configurable - - Move RandomNumberGenerator declaration to rng.h - - RSA_PrivateKey will not generate keys smaller than 1024 bits - - Fix an error decoding BER UNIVERSAL types with special taggings - -* 1.7.6, 2008-05-05 - - Initial support for Windows DLLs, from Joel Low - - Reset the position pointer when a new block is generated in X9.32 PRNG - - Timer objects are now treated as entropy sources - - Moved several ASN.1-related enums from enums.h to an appropriate header - - Removed the AEP module, due to inability to test - - Removed Global_RNG and rng.h - - Removed system_clock - - Removed Library_State::UI and the pulse callback logic - -* 1.7.5, 2008-04-12 - - The API of X509_CA::sign_request was altered to avoid race conditions - - New type Pipe::message_id to represent the Pipe message number - - Remove the Named_Mutex_Holder for a small performance gain - - Removed several unused or rarely used functions from Config - - Ignore spaces inside of a decimal string in BigInt::decode - - Allow using a std::istream to initialize a DataSource_Stream object - - Fix compilation problem in zlib compression module - - The chunk sized used by Pooling_Allocator is now a compile time setting - - The size of random blinding factors is now a compile time setting - - The install target no longer tries to set a particular owner/group - -* 1.7.4, 2008-03-10 - - Use unaligned memory read/writes on systems that allow it, for performance - - Assembly for x86-64 for accessing the bswap instruction - - Use larger buffers in ARC4 and WiderWAKE for significant throughput increase - - Unroll loops in SHA-160 for a few percent increase in performance - - Fix compilation with GCC 3.2 in es_ftw and es_unix - - Build fix for NetBSD systems - - Prevent es_dev from being built except on Unix systems - -* 1.6.4, 2008-03-08 - - Fix a compilation problem with Visual Studio C++ 2003 - -* 1.7.3, 2008-01-23 - - New invocation syntax for configure.pl with several new options - - Support for IPv4 addresses in a subject alternative name - - New fast poll for the generic Unix entropy source (es_unix) - - The es_file entropy source has been replaced by the es_dev module - - The malloc allocator does not inherit from Pooling_Allocator anymore - - The path that es_unix will search in are now fully user-configurable - - Truncate X9.42 PRF output rather than allow counter overflow - - PowerPC is now assumed to be big-endian - -* 1.7.2, 2007-10-13 - - Initialize the global library state lazily - - Add plain CBC-MAC for backwards compatibility with old systems - - Clean up some of the self test code - - Throw a sensible exception if a DL_Group is not found - - Truncate KDF2 output rather than allowing counter overflow - - Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 - - Fix a Visual Studio compilation problem in x509stat.cpp - -* 1.7.1, 2007-07-23 - - Fix a race condition in the algorithm object cache - - HMAC key schedule optimization - - The build header sets a macro defining endianness, if known - - New word load/store abstraction allowing further optimization - - Modify most of the library to avoid use the C-style casts - - Use higher resolution timers in symmetric benchmarks - -* 1.6.3, 2007-07-23 - - Fix a race condition in the algorithm lookup cache - - Fix problems building the memory pool on some versions of Visual C++ - -* 1.7.0, 2007-05-19 - - DSA parameter generation now follows FIPS 186-3 - - Added OIDs for Rabin-Williams and Nyberg-Rueppel - - Somewhat better support for out of tree builds - - Minor optimizations for RC2 and Tiger - - Documentation updates - - Update the todo list - -* 1.6.2, 2007-03-24 - - Fix autodection on Athlon64s running Linux - - Fix builds on QNX and compilers using STLport - - Remove a call to abort() that crept into production - -* 1.6.1, 2007-01-20 - - Fix some base64 decoder bugs - - Add a new option to base64 encoding, to always append a newline - - Fix some build problems under Visual Studio with debug enabled - - Fix a bug in BER_Decoder that was triggered under some compilers - -* 1.6.0, 2006-12-17 - - Minor cleanups versus 1.5.13 - -* 1.5.13, 2006-12-10 - - Compilation fixes for the bzip2, zlib, and GNU MP modules - - Better support for Intel C++ and EKOpath C++ on x86-64 - -* 1.5.12, 2006-10-27 - - Cleanups in the initialization routines - - Add some x86-64 assembly for multiply-add - - Fix problems generating very small (below 384 bit) RSA keys - - Support out of tree builds - - Bring some of the documentation up to date - - More improvements to the Python bindings - -* 1.5.11, 2006-09-10 - - Removed the Algorithm base class - - Various cleanups in the public key inheritance hierarchy - - Major overhaul of the configure/build setup - - Added x86 assembler implementations of Serpent and low-level MPI code - - Optimizations for the SHA-1 x86 assembler - - Various improvements to the Python wrappers - - Work around a Visual Studio compiler bug - -* 1.5.10, 2006-08-13 - - Add x86 assembler versions of MD4, MD5, and SHA-1 - - Expand InitializerOptions' language to support on/off switches - - Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 - - Fix possible resource leaks in the mmap allocator - - Slightly optimized buffering in MDx_HashFunction - - Initialization failures are dealt with somewhat better - - Add an example implementing Pollard's Rho algorithm - - Better option handling in the test/benchmark tool - - Expand the xor_ciph example to support longer keys - - Some updates to the documentation - -* 1.5.9, 2006-07-12 - - Fixed bitrot in the AEP engine - - Fix support for marking certificate/CRL extensions as critical - - Significant cleanups in the library state / initialization code - - LibraryInitializer takes an explicit InitializerOptions object - - Make Mutex_Factory an abstract class, add Default_Mutex_Factory - - Change configuration access to using global_state() - - Add support for global named mutexes throughout the library - - Add some STL wrappers for the delete operator - - Change how certificates are created to be more flexible and general - -* 1.5.8, 2006-06-23 - - Many internal cleanups to the X.509 cert/CRL code - - Allow for application code to support new X.509 extensions - - Change the return type of X509_Certificate::{subject,issuer}_info - - Allow for alternate character set handling mechanisms - - Fix a bug that was slowing squaring performance somewhat - - Fix a very hard to hit overflow bug in the C version of word3_muladd - - Minor cleanups to the assembler modules - - Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 - - Support for GCC 2.95.x has been dropped in this release - -* 1.5.7, 2006-05-28 - - Further, major changes to the BER/DER coding system - - Updated the Qt mutex module to use Mutex_Factory - - Moved the library global state object into an anonymous namespace - - Drop the Visual C++ x86 assembly module due to bugs - -* 1.5.6, 2006-03-01 - - The low-level DER/BER coding system was redesigned and rewritten - - Portions of the certificate code were cleaned up internally - - Use macros to substantially clean up the GCC assembly code - - Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) - - Avoid a couple of spurious warnings under Visual C++ - - Some slight cleanups in X509_PublicKey::key_id - -* 1.5.5, 2006-02-04 - - Fixed a potential infinite loop in the memory pool code (Matt Johnston) - - Made Pooling_Allocator::Memory_Block an actual class of sorts - - Some small optimizations to the division and modulo computations - - Cleaned up the implementation of some of the BigInt operators - - Reduced use of dynamic memory allocation in low-level BigInt functions - - A few simplifications in the Randpool mixing function - - Removed power(), as it was not particularly useful (or fast) - - Fixed some annoying bugs in the benchmark code - - Added a real credits file - -* 1.5.4, 2006-01-29 - - Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta - - Fixed a memory access off-by-one in the Karatsuba code - - Changed Pooling_Allocator's free list search to a log(N) algorithm - - Merged ModularReducer with its only subclass, Barrett_Reducer - - Fixed sign-handling bugs in some of the division and modulo code - - Renamed the module description files to modinfo.txt - - Further cleanups in the initialization code - - Removed BigInt::add and BigInt::sub - - Merged all the division-related functions into just divide() - - Modified the <mp_asmi.h> functions to allow for better optimizations - - Made the number of bits polled from an EntropySource user configurable - - Avoid including <algorithm> in <botan/secmem.h> - - Fixed some build problems with Sun Forte - - Removed some dead code from bigint_modop - - Fix the definition of same_mem - -* 1.5.3, 2006-01-24 - - Many optimizations in the low-level multiple precision integer code - - Added hooks for assembly implementations of the MPI code - - Support for the X.509 issuer alternative name extension in new certs - - Fixed a bug in the decompression modules; found and patched by Matt Johnston - - New Windows mutex module (mux_win32), by Luca Piccarreta - - Changed the Windows timer module to use QueryPerformanceCounter - - mem_pool.cpp was using std::set iterators instead of std::multiset ones - - Fixed a bug in X509_CA preventing users from disabling particular extensions - - Fixed the mp_asm64 module, which was entirely broken in 1.5.2 - - Fixed some module build problems on FreeBSD and Tru64 - -* 1.5.2, 2006-01-15 - - Fixed an off-by-one memory read in MISTY1::key() - - Fixed a nasty memory leak in Output_Buffers::retire() - - Reimplemented the memory allocator from scratch - - Improved memory caching in Montgomery exponentiation - - Optimizations for multiple precision addition and subtraction - - Fixed a build problem in the hardware timer module on 64-bit PowerPC - - Changed default Karatsuba cutoff to 12 words (was 14) - - Removed MemoryRegion::bits(), which was unused and incorrect - - Changed maximum HMAC keylength to 1024 bits - - Various minor Makefile and build system changes - - Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution - - Switched checks/clock.cpp back to using clock() by default - - Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 - - Removed the Default_Mutex's unused clone() member function - -* 1.4.12, 2006-01-15 - - Fixed an off-by-one memory read in MISTY1::key() - - Fixed a nasty memory leak in Output_Buffers::retire() - - Changed maximum HMAC keylength to 1024 bits - - Fixed a build problem in the hardware timer module on 64-bit PowerPC - -* 1.5.1, 2006-01-08 - - Implemented Montgomery exponentiation - - Implemented generalized Karatsuba multiplication and squaring - - Implemented Comba squaring for 4, 6, and 8 word inputs - - Added new Modular_Exponentiator and Power_Mod classes - - Removed FixedBase_Exp and FixedExponent_Exp - - Fixed a performance regression in get_allocator introduced in 1.5.0 - - Engines can now offer S2K algorithms and block cipher padding methods - - Merged the remaining global 'algolist' code into Default_Engine - - The low-level MPI code is linked as C again - - Replaced BigInt's get_nibble with the more general get_substring - - Some documentation updates - -* 1.5.0, 2006-01-01 - - Moved all global/shared library state into a single object - - Mutex objects are created through mutex factories instead of a global - - Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() - - Removed the RNG_Quality enum entirely - - There is now only a single global-use PRNG - - Removed the no_aliases and no_oids options for LibraryInitializer - - Removed the deprecated algorithms SEAL, ISAAC, and HAVAL - - Change es_ftw to use unbuffered I/O - -* 1.4.11, 2005-12-31 - - Changed Whirlpool diffusion matrix to match updated algorithm spec - - Fixed several engine module build errors introduced in 1.4.10 - - Fixed two build problems in es_capi; reported by Matthew Gregan - - Added a constructor to DataSource_Memory taking a std::string - - Placing the same Filter in multiple Pipes triggers an exception - - The configure script accepts --docdir and --libdir - - Merged doc/rngs.txt into the main API document - - Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 - -* 1.4.10, 2005-12-18 - - Added an implementation of KASUMI, the block cipher used in 3G phones - - Refactored Pipe; output queues are now managed by a distinct class - - Made certain Filter facilities only available to subclasses of Fanout_Filter - - There is no longer any overhead in Pipe for a message that has been read out - - It is now possible to generate RSA keys as small as 128 bits - - Changed some of the core classes to derive from Algorithm as a virtual base - - Changed Randpool to use HMAC instead of a plain hash as the mixing function - - Fixed a bug in the allocators; found and fixed by Matthew Gregan - - Enabled the use of binary file I/O, when requested by the application - - The OpenSSL engine's block cipher code was missing some deallocation calls - - Disabled the es_ftw module on NetBSD, due to header problems there - - Fixed a problem preventing tm_hard from building on MacOS X on PowerPC - - Some cleanups for the modules that use inline assembler - - config.h is now stored in build/ instead of build/include/botan/ - - The header util.h was split into bit_ops.h, parsing.h, and util.h - - Cleaned up some redundant include directives - -* 1.4.9, 2005-11-06 - - Added the IBM-created AES candidate algorithm MARS - - Added the South Korean block cipher SEED - - Added the stream cipher Turing - - Added the new hash function FORK-256 - - Deprecated the ISAAC stream cipher - - Twofish and RC6 are significantly faster with GCC - - Much better support for 64-bit PowerPC - - Added support for high-resolution PowerPC timers - - Fixed a bug in the configure script causing problems on FreeBSD - - Changed ANSI X9.31 to support arbitrary block ciphers - - Make the configure script a bit less noisy - - Added more test vectors for some algorithms, including all the AES finalists - - Various cosmetic source code cleanups - -* 1.4.8, 2005-10-16 - - Resolved a bad performance problem in the allocators; fix by Matt Johnston - - Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 - - Renamed OMAC to CMAC to match the official NIST naming - - Added single byte versions of update() to PK_Signer and PK_Verifier - - Removed the unused reverse_bits and reverse_bytes functions - -* 1.4.7, 2005-09-25 - - Fixed major performance problems with recent versions of GNU C++ - - Added an implementation of the X9.31 PRNG - - Removed the X9.17 and FIPS 186-2 PRNG algorithms - - Changed defaults to use X9.31 PRNGs as global PRNG objects - - Documentation updates to reflect the PRNG changes - - Some cleanups related to the engine code - - Removed two useless headers, base_eng.h and secalloc.h - - Removed PK_Verifier::valid_signature - - Fixed configure/build system bugs affecting MacOS X builds - - Added support for the EKOPath x86-64 compiler - - Added missing destructor for BlockCipherModePaddingMethod - - Fix some build problems with Visual C++ 2005 beta - - Fix some build problems with Visual C++ 2003 Workshop - -* 1.4.6, 2005-03-13 - - Fix an error in the shutdown code introduced in 1.4.5 - - Setting base/pkcs8_tries to 0 disables the builtin fail-out - - Support for XMPP identifiers in X.509 certificates - - Duplicate entries in X.509 DNs are removed - - More fixes for Borland C++, from Friedemann Kleint - - Add a workaround for buggy iostreams - -* 1.4.5, 2005-02-26 - - Add support for AES encryption of private keys - - Minor fixes for PBES2 parameter decoding - - Internal cleanups for global state variables - - GCC 3.x version detection was broken in non-English locales - - Work around a Sun Forte bug affecting mem_pool.h - - Several fixes for Borland C++ 5.5, from Friedemann Kleint - - Removed inclusion of init.h into base.h - - Fixed a major bug in reading from certificate stores - - Cleaned up a couple of mutex leaks - - Removed some left-over debugging code - - Removed SSL3_MAC, SSL3_PRF, and TLS_PRF - -* 1.4.4, 2004-12-02 - - Further tweaks to the pooling allocator - - Modified EMSA3 to support SSL/TLS signatures - - Changes to support Qt/QCA, from Justin Karneges - - Moved mux_qt module code into mod_qt - - Fixes for HP-UX from Mike Desjardins - -* 1.4.3, 2004-11-06 - - Split up SecureAllocator into Allocator and Pooling_Allocator - - Memory locking allocators are more likely to be used - - Fixed the placement of includes in some modules - - Fixed broken installation procedure - - Fixes in configure script to support alternate install programs - - Modules can specify the minimum version they support - -* 1.4.2, 2004-10-31 - - Fixed a major CRL handling bug - - Cipher and hash operations can be offloaded to engines - - Added support for cipher and hash offload in OpenSSL engine - - Improvements for 64-bit CPUs without a widening multiply instruction - - Support for SHA2-* and Whirlpool with EMSA2 - - Fixed a long-standing build problem with conflicting include files - - Fixed some examples that hadn't been updated for 1.4.x - - Portability fixes for Solaris, *BSD, HP-UX, and others - - Lots of fixes and cleanups in the configure script - - Updated the Gentoo ebuild file - -* 1.4.1, 2004-10-10 - - Fixed major errors in the X.509 and PKCS #8 copy_key functions - - Added a LAST_MESSAGE meta-message number for Pipe - - Added new aliases (3DES and DES-EDE) for Triple-DES - - Added some new functions to PK_Verifier - - Cleaned up the KDF interface - - Disabled tm_posix on *BSD due to header issues - - Fixed a build problem on PowerPC with GNU C++ pre-3.4 - -* 1.4.0, 2004-06-26 - - Added the FIPS 186 RNG back - - Added copy_key functions for X.509 public keys and PKCS #8 private keys - - Fixed PKCS #1 signatures with RIPEMD-128 - - Moved some code around to avoid warnings with Sun ONE compiler - - Fixed a bug in botan-config affecting OpenBSD - - Fixed some build problems on Tru64, HP-UX - - Fixed compile problems with Intel C++, Compaq C++ - -* 1.3.14, 2004-06-12 - - Added support for AEP's AEP1000/AEP2000 crypto cards - - Added a Mutex module using Qt, from Justin Karneges - - Added support for engine loading in LibraryInitializer - - Tweaked SecureAllocator, giving 20% better performance under heavy load - - Added timer and memory locking modules for Win32 (tm_win32, ml_win32) - - Renamed PK_Engine to Engine_Core - - Improved the Karatsuba cutoff points - - Fixes for compiling with GCC 3.4 and Sun C++ 5.5 - - Fixes for Linux/s390, OpenBSD, and Solaris - - Added support for Linux/s390x - - The configure script was totally broken for 'generic' OS - - Removed Montgomery reduction due to bugs - - Removed an unused header, pkcs8alg.h - - check --validate returns an error code if any tests failed - - Removed duplicate entry in Unix command list for es_unix - - Moved the Cert_Usage enumeration into X509_Store - - Added new timing methods for PK benchmarks, clock_gettime and RDTSC - - Fixed a few minor bugs in the configure script - - Removed some deprecated functions from x509cert.h and pkcs10.h - - Removed the 'minimal' module, has to be updated for Engine support - - Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace - - Documentation updates - -* 1.3.13, 2004-05-15 - - Major fixes for Cygwin builds - - Minor MacOS X install fixes - - The configure script is a little better at picking the right modules - - Removed ml_unix from the 'unix' module set for Cygwin compatibility - - Fixed a stupid compile problem in pkcs10.h - -* 1.3.12, 2004-05-02 - - Added ability to remove old entries from CRLs - - Swapped the first two arguments of X509_CA::update_crl() - - Added an < operator for MemoryRegion, so it can be used as a std::map key - - Changed X.509 searching by DNS name from substring to full string compares - - Renamed a few X509_Certificate and PKCS10_Request member functions - - Fixed a problem when decoding some PKCS #10 requests - - Hex_Decoder would not check inputs, reported by Vaclav Ovsik - - Changed default CRL expire time from 30 days to 7 days - - X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility - - Corrected errors in the API doc, fixes from Ken Perano - - More documentation about the Pipe/Filter code - -* 1.3.11, 2004-04-01 - - Fixed two show-stopping bugs in PKCS10_Request - - Added some sanity checks in Pipe/Filter - - The DNS and URI entries would get swapped in subjectAlternativeNames - - MAC_Filter is now willing to not take a key at creation time - - Setting the expiration times of certs and CRLs is more flexible - - Fixed problems building on AIX with GCC - - Fixed some problems in the tutorial pointed out by Dominik Vogt - - Documentation updates - -* 1.3.10, 2004-03-27 - - Added support for OpenPGP's ASCII armor format - - Cleaned up the RNG system; seeding is much more flexible - - Added simple autoconfiguration abilities to configure.pl - - Fixed a GCC 2.95.x compile problem - - Updated the example configuration file - - Documentation updates - -* 1.3.9, 2004-03-07 - - Added an engine using OpenSSL (requires 0.9.7 or later) - - X509_Certificate would lose email addresses stored in the DN - - Fixed a missing initialization in a BigInt constructor - - Fixed several Visual C++ compile problems - - Fixed some BeOS build problems - - Fixed the WiderWake benchmark - -* 1.3.8, 2003-12-30 - - Internal changes to PK algorithms to divide data and algorithms - - DSA/DH/NR/ElGamal constructors accept taking just the private key again - - ElGamal keys now support being imported/exported as ASN.1 objects - - Much more consistent and complete error checking in PK algorithms - - Support for arbitrary backends (engines) for PK operations - - Added Montgomery reductions - - Added an engine that uses GNU MP (requires 4.1 or later) - - Removed the obsolete mp_gmp module - - Moved several initialization/shutdown functions to init.h - - Major refactoring of the memory containers - - New non-locking container, MemoryVector - - Fixed 64-bit problems in BigInt::set_bit/clear_bit - - Renamed PK_Key::check_params() to check_key() - - Some incompatible changes to OctetString - - Added version checking macros in version.h - - Removed the fips140 module pending rewrite - - Added some functions and hooks to help GUIs - - Moved more shared code into MDx_HashFunction - - Added a policy hook for specifying the encoding of X.509 strings - -* 1.3.7, 2003-12-12 - - Fixed a big security problem in es_unix - - Fixed several stability problems in es_unix - - Expanded the list of programs es_unix will try to use - - SecureAllocator now only preallocates blocks in special cases - - Added a special case in Global_RNG::seed for forcing a full poll - - Removed the FIPS 186 RNG added in 1.3.5 pending further testing - - Configure updates for PowerPC CPUs - - Removed the (never tested) VAX support - - Added support for S/390 Linux - -* 1.3.6, 2003-12-07 - - Added a new module 'minimal', which disables most algorithms - - SecureAllocator allocates a few blocks at startup - - A few minor MPI cleanups - - RPM spec file cleanups and fixes - -* 1.3.5, 2003-11-30 - - Major improvements in ASN.1 string handling - - Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs - - Added partial support for the X.509v3 certificate policies extension - - Centralized the handling of character set information - - Added FIPS 140-2 startup self tests - - Added a module (fips140) for doing extra FIPS 140-2 tests - - Added FIPS 186-2 RNG - - Improved ASN.1 BIT STRING handling - - Removed a memory leak in PKCS10_Request - - The encoding of DirectoryString now follows PKIX guidelines - - Fixed some of the character set dependencies - - Fixed a DER encoding error for tags greater than 30 - - The BER decoder can now handle tags larger than 30 - - Fixed tm_hard.cpp to recognize SPARC on more systems - - Workarounds for a GCC 2.95.x bug in x509find.cpp - - RPM changed to install into /usr instead of /usr/local - - Added support for QNX - -* 1.2.8, 2003-11-21 - - Merged several important bug fixes from 1.3.x - -* 1.3.4, 2003-11-21 - - Added a module that does certain MPI operations using GNU MP - - Added the X9.42 Diffie-Hellman PRF - - The Zlib and Bzip2 objects now use custom allocators - - Added member functions for directly hashing/MACing SecureVectors - - Minor optimizations to the MPI addition and subtraction algorithms - - Some cleanups in the low-level MPI code - - Created separate AES-{128,192,256} objects - -* 1.3.3, 2003-11-17 - - The library can now be repeatedly initialized and shutdown without crashing - - Fixed an off-by-one error in the CTS code - - Fixed an error in the EMSA4 verification code - - Fixed a memory leak in mutex.cpp (pointed out by James Widener) - - Fixed a memory leak in Pthread_Mutex - - Fixed several memory leaks in the testing code - - Bulletproofed the EMSA/EME/KDF/MGF retrieval functions - - Minor cleanups in SecureAllocator - - Removed a needless mutex guarding the (stateless) global timer - - Fixed a piece of bash-specific code in botan-config - - X.509 objects report more information about decoding errors - - Cleaned up some of the exception handling - - Updated the example config file with new OIDSs - - Moved the build instructions into a separate document, building.tex - -* 1.3.2, 2003-11-13 - - Fixed a bug preventing DSA signatures from verifying on X.509 objects - - Made the X509_Store search routines more efficient and flexible - - Added a function to X509_PublicKey to do easy public/private key matching - - Added support for decoding indefinite length BER data - - Changed Pipe's peek() to take an offset - - Removed Filter::set_owns in favor of the new incr_owns function - - Removed BigInt::zero() and BigInt::one() - - Renamed the PEM related options from base/pem_* to pem/* - - Added an option to specify the line width when encoding PEM - - Removed the "rng/safe_longterm" option; it's always on now - - Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 - - Cleaned up the base64/hex encoders and decoders - - Added an ASN.1/BER decoder as an example - - AES had its internals marked 'public' in previous versions - - Changed the value of the ASN.1 NO_OBJECT enum - - Various new hacks in the configure script - - Removed the already nominal support for SunOS - -* 1.3.1, 2003-11-04 - - Generalized a few pieces of the DER encoder - - PKCS8::load_key would fail if handed an unencrypted key - - Added a failsafe so PKCS #8 key decoding can't go into an infinite loop - -* 1.3.0, 2003-11-02 - - Major redesign of the PKCS #8 private key import/export system - - Added a small amount of UI interface code for getting passphrases - - Added heuristics that tell if a key, cert, etc is stored as PEM or BER - - Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC - - Removed certain deprecated constructors of RSA, DSA, DH, RW, NR - - Made PEM decoding more forgiving of extra text before the header - -* 1.2.7, 2003-10-31 - - Added support for reading configuration files - - Added constructors so NR and RW keys can be imported easily - - Fixed mp_asm64, which was completely broken in 1.2.6 - - Removed tm_hw_ia32 module; replaced by tm_hard - - Added support for loading certain oddly formed RSA certificates - - Fixed spelling of NON_REPUDIATION enum - - Renamed the option default_to_ca to v1_assume_ca - - Fixed a minor bug in X.509 certificate generation - - Fixed a latent bug in the OID lookup code - - Updated the RPM spec file - - Added to the tutorial - -* 1.2.6, 2003-07-04 - - Major performance increase for PK algorithms on most 64-bit systems - - Cleanups in the low-level MPI code to support asm implementations - - Fixed build problems with some versions of Compaq's C++ compiler - - Removed useless constructors for NR public and private keys - - Removed support for the patch_file directive in module files - - Removed several deprecated functions - -* 1.2.5, 2003-06-22 - - Fixed a tricky and long-standing memory leak in Pipe - - Major cleanups and fixes in the memory allocation system - - Removed alloc_mlock, which has been superseded by the ml_unix module - - Removed a denial of service vulnerability in X509_Store - - Fixed compilation problems with VS .NET 2003 and Codewarrior 8 - - Added another variant of PKCS8::load_key, taking a memory buffer - - Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 - - BigInt::operator%=(word) was a no-op if the input was a power of 2 - - Fixed portability problems in BigInt::to_u32bit - - Fixed major bugs in SSL3-MAC - - Cleaned up some messes in the PK algorithms - - Cleanups and extensions for OMAC and EAX - - Made changes to the entropy estimation function - - Added a 'beos' module set for use on BeOS - - Officially deprecated a few X509:: and PKCS8:: functions - - Moved the contents of primes.h to numthry.h - - Moved the contents of x509opt.h to x509self.h - - Removed the (empty) desx.h header - - Documentation updates - -* 1.2.4, 2003-05-29 - - Fixed a bug in EMSA1 affecting NR signature verification - - Fixed a few latent bugs in BigInt related to word size - - Removed an unused function, mp_add2_nc, from the MPI implementation - - Reorganized the core MPI files - -* 1.2.3, 2003-05-20 - - Fixed a bug that prevented DSA/NR key generation - - Fixed a bug that prevented importing some root CA certs - - Fixed a bug in the BER decoder when handing optional bit or byte strings - - Fixed the encoding of authorityKeyIdentifier in X509_CA - - Added a sanity check in PBKDF2 for zero length passphrases - - Added versions of X509::load_key and PKCS8::load_key that take a file name - - X509_CA generates 128 bit serial numbers now - - Added tests to check PK key generation - - Added a simplistic X.509 CA example - - Cleaned up some of the examples - -* 1.2.2, 2003-05-13 - - Add checks to prevent any BigInt bugs from revealing an RSA or RW key - - Changed the interface of Global_RNG::seed - - Major improvements for the es_unix module - - Added another Win32 entropy source, es_win32 - - The Win32 CryptoAPI entropy source can now poll multiple providers - - Improved the BeOS entropy source - - Renamed pipe_unixfd module to fd_unix - - Fixed a file descriptor leak in the EGD module - - Fixed a few locking bugs - -* 1.2.1, 2003-05-06 - - Added ANSI X9.23 compatible CBC padding - - Added an entropy source using Win32 CryptoAPI - - Removed the Pipe I/O operators taking a FILE* - - Moved the BigInt encoding/decoding functions into the BigInt class - - Integrated several fixes for VC++ 7 (from Hany Greiss) - - Fixed the configure.pl script for Windows builds - -* 1.2.0, 2003-04-28 - - Tweaked the Karatsuba cut-off points - - Increased the allowed keylength of HMAC and Blowfish - - Removed the 'mpi_ia32' module, pending rewrite - - Workaround a GCC 2.95.x bug in eme1.cpp - -* 1.1.13, 2003-04-22 - - Added OMAC - - Added EAX authenticated cipher mode - - Diffie-Hellman would not do blinding in some cases - - Optimized the OFB and CTR modes - - Corrected Skipjack's word ordering, as per NIST clarification - - Support for all subject/issuer attribute types required by RFC 3280 - - The removeFromCRL CRL reason code is now handled correctly - - Increased the flexibility of the allocators - - Renamed Rijndael to AES, created aes.h, deleted rijndael.h - - Removed support for the 'no_timer' LibraryInitializer option - - Removed 'es_pthr' module, pending further testing - - Cleaned up get_ciph.cpp - -* 1.1.12, 2003-04-15 - - Fixed a ASN.1 string encoding bug - - Fixed a pair of X509_DN encoding problems - - Base64_Decoder and Hex_Decoder can now validate input - - Removed support for the LibraryInitializer option 'egd_path' - - Added tests for DSA X.509 and PKCS #8 key formats - - Removed a long deprecated feature of DH_PrivateKey's constructor - - Updated the RPM .spec file - - Major documentation updates - -* 1.1.11, 2003-04-07 - - Added PKCS #10 certificate requests - - Changed X509_Store searching interface to be more flexible - - Added a generic Certificate_Store interface - - Added a function for generating self-signed X.509 certs - - Cleanups and changes to X509_CA - - New examples for PKCS #10 and self-signed certificates - - Some documentation updates - -* 1.1.10, 2003-04-03 - - X509_CA can now generate new X.509 CRLs - - Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks - - More certificate and CRL extensions/attributes are supported - - Better DN handling in X.509 certificates/CRLs - - Added a DataSink hierarchy (suggested by Jim Darby) - - Consolidated SecureAllocator and ManagedAllocator - - Many cleanups and generalizations - - Added a (slow) pthreads based EntropySource - - Fixed some threading bugs - -* 1.1.9, 2003-02-25 - - Added support for using X.509v2 CRLs - - Fixed several bugs in the path validation algorithm - - Certificates can be verified for a particular usage - - Algorithm for comparing distinguished names now follows X.509 - - Cleaned up the code for the es_beos, es_ftw, es_unix modules - - Documentation updates - -* 1.1.8, 2003-01-29 - - Fixes for the certificate path validation algorithm in X509_Store - - Fixed a bug affecting X509_Certificate::is_ca_cert() - - Added a general configuration interface for policy issues - - Cleanups and API changes in the X.509 CA, cert, and store code - - Made various options available for X509_CA users - - Changed X509_Time's interface to work around time_t problems - - Fixed a theoretical weakness in Randpool's entropy mixing function - - Fixed problems compiling with GCC 2.95.3 and GCC 2.96 - - Fixed a configure bug (reported by Jon Wilson) affecting MinGW - -* 1.1.7, 2003-01-12 - - Fixed an obscure but dangerous bug in SecureVector::swap - - Consolidated SHA-384 and SHA-512 to save code space - - Added SSL3-MAC and SSL3-PRF - - Documentation updates, including a new tutorial - -* 1.0.2, 2003-01-12 - - Fixed an obscure SEGFAULT causing bug in Pipe - - Fixed an obscure but dangerous bug in SecureVector::swap - -* 1.1.6, 2002-12-10 - - Initial support for X.509v3 certificates and CAs - - Major redesign/rewrite of the ASN.1 encoding/decoding code - - Added handling for DSA/NR signatures encoded as DER SEQUENCEs - - Documented the generic cipher lookup interface - - Added an (untested) entropy source for BeOS - - Various cleanups and bug fixes - -* 1.1.5, 2002-11-17 - - Added the discrete logarithm integrated encryption system (DLIES) - - Various optimizations for BigInt - - Added support for assembler optimizations in modules - - Added BigInt x86 optimizations module (mpi_ia32) - -* 1.1.4, 2002-11-10 - - Speedup of 15-30% for PK algorithms - - Implemented the PBES2 encryption scheme - - Fixed a potential bug in decoding RSA and RW private keys - - Changed the DL_Group class interface to handle different formats better - - Added support for PKCS #3 encoded DH parameters - - X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' - - Added key pair consistency checking - - Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) - - A botan-config script is generated at configure time - - Documentation updates - -* 1.1.3, 2002-11-03 - - Added a generic public/private key loading interface - - Fixed a small encoding bug in RSA, RW, and DH - - Changed the PK encryption/decryption interface classes - - ECB supports using padding methods - - Added a function-based interface for library initialization - - Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures - - The cipher mode benchmarks now use 128-bit AES instead of DES - - Removed some obsolete typedefs - - Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) - - Added tests for PKCS #8 encoding/decoding - - Added more tests for ECB and CBC - -* 1.1.2, 2002-10-21 - - Support for PKCS #8 encoded RSA, DSA, and DH private keys - - Support for Diffie-Hellman X.509 public keys - - Major reorganization of how X.509 keys are handled - - Added PKCS #5 v2.0's PBES1 encryption scheme - - Added a generic cipher lookup interface - - Added the WiderWake4+1 stream cipher - - Added support for sync-able stream ciphers - - Added a 'paranoia level' option for the LibraryInitializer - - More security for RNG output meant for long term keys - - Added documentation for some of the new 1.1.x features - - CFB's feedback argument is now specified in bits - - Renamed CTR class to CTR_BE - - Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats - -* 1.1.1, 2002-10-15 - - Added the Korean hash function HAS-160 - - Partial support for RSA and DSA X.509 public keys - - Added a mostly functional BER encoder/decoder - - Added support for non-deterministic MAC functions - - Initial support for PEM encoding/decoding - - Internal cleanups in the PK algorithms - - Several new convenience functions in Pipe - - Fixed two nasty bugs in Pipe - - Messed with the entropy sources for es_unix - - Discrete logarithm groups are checked for safety more closely now - - For compatibility with GnuPG, ElGamal now supports DSA-style groups - -* 1.1.0, 2002-09-14 - - Added entropy estimation to the RNGs - - Improved the overall design of both Randpool and ANSI_X917_RNG - - Added a separate RNG for nonce generation - - Added window exponentiation support in power_mod - - Added a get_s2k function and the PKCS #5 S2K algorithms - - Added the TLSv1 PRF - - Replaced BlockCipherModeIV typedef with InitializationVector class - - Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement - - Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x - - Added support for RIPEMD-160 PKCS#1 v1.5 signatures - - Changed the key agreement scheme interface - - Changed the S2K and KDF interfaces - - Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK - - Added support for variable-pass Tiger - - Major speedup for Rabin-Williams key generation - -* 1.0.1, 2002-09-14 - - Fixed a minor bug in Randpool::random() - - Added some new aliases and typedefs for 1.1.x compatibility - - The 4096-bit RSA benchmark key was decimal instead of hex - - EMAC was returning an incorrect name - -* 1.0.0, 2002-08-26 - - Octal I/O of BigInt is now supported - - Fixed portability problems in the es_egd module - - Generalized IV handling in the block cipher modes - - Added Karatsuba multiplication and k-ary exponentiation - - Fixed a problem in the multiplication routines - -* 0.9.2, 2002-08-18 - - DH_PrivateKey::public_value() was returning the wrong value - - Various BigInt optimizations - - The filters.h header now includes hex.h and base64.h - - Moved Counter mode to ctr.h - - Fixed a couple minor problems with VC++ 7 - - Fixed problems with the RPM spec file - -* 0.9.1, 2002-08-10 - - Grand rename from OpenCL to Botan - - Major optimizations for the PK algorithms - - Added ElGamal encryption - - Added Whirlpool - - Tweaked memory allocation parameters - - Improved the method of seeding the global RNG - - Moved pkcs1.h to eme_pkcs.h - - Added more test vectors for some algorithms - - Fixed error reporting in the BigInt tests - - Removed Default_Timer, it was pointless - - Added some new example applications - - Removed some old examples that weren't that interesting - - Documented the compression modules - -* 0.9.0, 2002-08-03 - - EMSA4 supports variable salt size - - PK_* can take a string naming the encoding method to use - - Started writing some internals documentation - -* 0.8.7, 2002-07-30 - - Fixed bugs in EME1 and EMSA4 - - Fixed a potential crash at shutdown - - Cipher modes returned an ill-formed name - - Removed various deprecated types and headers - - Cleaned up the Pipe interface a bit - - Minor additions to the documentation - - First stab at a Visual C++ makefile (doc/Makefile.vc7) - -* 0.8.6, 2002-07-25 - - Added EMSA4 (aka PSS) - - Brought the manual up to date; many corrections and additions - - Added a parallel hash function construction - - Lookup supports all available algorithms now - - Lazy initialization of the lookup tables - - Made more discrete logarithm groups available through get_dl_group() - - StreamCipher_Filter supports seeking (if the underlying cipher does) - - Minor optimization for GCD calculations - - Renamed SAFER_SK128 to SAFER_SK - - Removed many previously deprecated functions - - Some now-obsolete functions, headers, and types have been deprecated - - Fixed some bugs in DSA prime generation - - DL_Group had a constructor for DSA-style prime gen but it wasn't defined - - Reversed the ordering of the two arguments to SEAL's constructor - - Fixed a threading problem in the PK algorithms - - Fixed a minor memory leak in lookup.cpp - - Fixed pk_types.h (it was broken in 0.8.5) - - Made validation tests more verbose - - Updated the check and example applications - -* 0.8.5, 2002-07-21 - - Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) - - Added a DL_Group class - - Reworking of the pubkey internals - - Support in lookup for aliases and PK algorithms - - Renamed CAST5 to CAST_128 and CAST256 to CAST_256 - - Added EMSA1 - - Reorganization of header files - - LibraryInitializer will install new allocator types if requested - - Fixed a bug in Diffie-Hellman key generation - - Did a workaround in pipe.cpp for GCC 2.95.x on Linux - - Removed some debugging code from init.cpp that made FTW ES useless - - Better checking for invalid arguments in the PK algorithms - - Reduced Base64 and Hex default line length (if line breaking is used) - - Fixes for HP's aCC compiler - - Cleanups in BigInt - -* 0.8.4, 2002-07-14 - - Added Nyberg-Rueppel signatures - - Added Diffie-Hellman key exchange (kex interface is subject to change) - - Added KDF2 - - Enhancements to the lookup API - - Many things formerly taking pointers to algorithms now take names - - Speedups for prime generation - - LibraryInitializer has support for seeding the global RNG - - Reduced SAFER-SK128 memory consumption - - Reversed the ordering of public and private key values in DSA constructor - - Fixed serious bugs in MemoryMapping_Allocator - - Fixed memory leak in Lion - - FTW_EntropySource was not closing the files it read - - Fixed line breaking problem in Hex_Encoder - -* 0.8.3, 2002-06-09 - - Added DSA and Rabin-Williams signature schemes - - Added EMSA3 - - Added PKCS#1 v1.5 encryption padding - - Added Filters for PK algorithms - - Added a Keyed_Filter class - - LibraryInitializer processes arguments now - - Major revamp of the PK interface classes - - Changed almost all of the Filters for non-template operation - - Changed HMAC, Lion, Luby-Rackoff to non-template classes - - Some fairly minor BigInt optimizations - - Added simple benchmarking for PK algorithms - - Added hooks for fixed base and fixed exponent modular exponentiation - - Added some examples for using RSA - - Numerous bugfixes and cleanups - - Documentation updates - -* 0.8.2, 2002-05-18 - - Added an (experimental) algorithm lookup interface - - Added code for directly testing BigInt - - Added SHA2-384 - - Optimized SHA2-512 - - Major optimization for Adler32 (thanks to Dan Nicolaescu) - - Various minor optimizations in BigInt and related areas - - Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore - - Fixed a bug in BufferingFilter - - Made a few fixes for MacOS X - - Added a workaround in configure.pl for GCC 2.95.x - - Better support for PowerPC, ARM, and Alpha - - Some more cleanups - -* 0.8.1, 2002-05-06 - - Major code cleanup (check doc/deprecated.txt) - - Various bugs fixed, including several portability problems - - Renamed MessageAuthCode to MessageAuthenticationCode - - A replacement for X917 is in x917_rng.h - - Changed EMAC to non-template class - - Added ANSI X9.19 compatible CBC-MAC - - TripleDES now supports 128 bit keys - -* 0.8.0, 2002-04-24 - - Merged BigInt: many bugfixes and optimizations since alpha2 - - Added RSA (rsa.h) - - Added EMSA2 (emsa2.h) - - Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) - - Changed some interfaces, including SymmetricKey, to support the global rng - - Fixed a serious bug in ManagedAllocator - - Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 - - Removed some deprecated stuff - - Added a global random number generator (rng.h) - - Added clone functions to most of the basic algorithms - - Added a library initializer class (init.h) - - Version macros in version.h - - Moved the base classes from opencl.h to base.h - - Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib - - Documentation updates for the new stuff (still incomplete) - - Many new deprecated things: check doc/deprecated.txt - -* 0.7.10, 2002-04-07 - - Added EGD_EntropySource module (es_egd) - - Added a file tree walking EntropySource (es_ftw) - - Added MemoryLocking_Allocator module (alloc_mlock) - - Renamed the pthr_mux, unix_rnd, and mmap_mem modules - - Changed timer mechanism; the clock method can be switched on the fly. - - Renamed MmapDisk_Allocator to MemoryMapping_Allocator - - Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) - - Fixed several bugs in MemoryMapping_Allocator - - Added more default sources for Unix_EntropySource - - Changed SecureBuffer to use same allocation methods as SecureVector - - Added bigint_divcore into mp_core to support BigInt alpha2 release - - Removed some Pipe functions deprecated since 0.7.8 - - Some fixes for the configure program - -* 0.7.9, 2002-03-19 - - Memory allocation substantially revamped - - Added memory allocation method based on mmap(2) in the mmap_mem module - - Added ECB and CTS block cipher modes (ecb.h, cts.h) - - Added a Mutex interface (mutex.h) - - Added module pthr_mux, implementing the Mutex interface - - Added Threaded Filter interface (thr_filt.h) - - All algorithms can now by keyed with SymmetricKey objects - - More testing occurs with --validate (expected failures) - - Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 - - Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress - - Made X917 safer (and about 1/3 as fast) - - Documentation updates - -* 0.7.8, 2002-02-28 - - More capabilities for Pipe, inspired by SysV STREAMS, including peeking, - better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION - - Added a BufferingFilter class - - Added popen() based EntropySource for generic Unix systems (unix_rnd) - - Moved 'devrand' module into main distribution (ent_file.h), renamed to - File_EntropySource, and changed interface somewhat. - - Made Randpool somewhat more conservative and also 25% faster - - Minor fixes and updates for the configure script - - Added some tweaks for memory allocation - - Documentation updates for the new Pipe interface - - Fixed various minor bugs - - Added a couple of new example programs (stack and hasher2) - -* 0.7.7, 2001-11-24 - - Filter::send now works in the constructor of a Filter subclass - - You may now have to include <opencl/pipe.h> explicitly in some code - - Added preliminary PK infrastructure classes in pubkey.h and pkbase.h - - Enhancements to SecureVector (append, destroy functions) - - New infrastructure for secure memory allocation - - Added IEEE P1363 primitives MGF1, EME1, KDF1 - - Rijndael optimizations and cleanups - - Changed CipherMode<B> to BlockCipherMode(B*) - - Fixed a nasty bug in pipe_unixfd - - Added portions of the BigInt code into the main library - - Support for VAX, SH, POWER, PowerPC-64, Intel C++ - -* 0.7.6, 2001-10-14 - - Fixed several serious bugs in SecureVector created in 0.7.5 - - Square optimizations - - Fixed shared objects on MacOS X and HP-UX - - Fixed static libs for KCC 4.0; works with KCC 3.4g as well - - Full support for Athlon and K6 processors using GCC - - Added a table of prime numbers < 2**16 (primes.h) - - Some minor documentation updates - -* 0.7.5, 2001-08-19 - - Split checksum.h into adler32.h, crc24.h, and crc32.h - - Split modes.h into cbc.h, cfb.h, and ofb.h - - CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption - - Added OneAndZeros and NoPadding methods for CBC - - Added Lion, a very fast block cipher construction - - Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) - - Basic types (ciphers, hashes, etc) know their names now (call name()) - - Changed the EntropySource type somewhat - - Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 - - Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 - - Some semantics of SecureVector have changed slightly - - The mlock module has been removed for the time being - - Added string handling functions for hashes and MACs - - Various non-user-visible cleanups - - Shared library soname is now set to the full version number - -* 0.7.4, 2001-07-15 - - New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe - - Fixed a vast number of errors in the config script/makefile/specfile - - Pipe now has a stdio(3) interface as well as C++ iostreams - - ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) - - Bzip2 supports decompressing multiple concatenated streams, and flushing - - Added a simple 'overall average' score to the benchmarks - - Fixed a small bug in the POSIX timer module - - Removed a very-unlikely-to-occur bug in most of the hash functions - - filtbase.h now includes <iosfwd>, not <iostream> - - Minor documentation updates - -* 0.7.3, 2001-06-08 - - Fix build problems on Solaris/SPARC - - Fix build problems with Perl versions < 5.6 - - Fixed some stupid code that broke on a few compilers - - Added string handling functions to Pipe - - MISTY1 optimizations - -* 0.7.2, 2001-06-03 - - Build system supports modules - - Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers - - Added Bzip2 compression filter, contributed by Peter Jones - - GNU make no longer required (tested with 4.4BSD pmake and Solaris make) - - Fixed minor bug in several of the hash functions - - Various other minor fixes and changes - - Updates to the documentation - -* 0.7.1, 2001-05-16 - - Rewrote configure script: more consistent and complete - - Made it easier to find out parameters of types at run time (opencl.h) - - New functions for finding the version being used (version.h) - - New SymmetricKey interface for Filters (symkey.h) - - InvalidKeyLength now records what the invalid key length was - - Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA - - Changed GOST to use correct S-box ordering (incompatible change) - - Benchmark code was almost totally rewritten - - Many more entries in the test vector file - - Fixed minor and idiotic bug in check.cpp - -* 0.7.0, 2001-03-01 - - First public release +Release Notes +======================================== + +2011 +---------------------------------------- + +1.9.16-dev, ????-??-?? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Second release candidate for 1.10.0 + * The documenation, previously written in LaTeX, is now in + reStructuredText suitable for processing by Sphinx, which can + generate HTML, PDFs, or man pages. + * Disable the by-default 'strong' checking of private keys that are + loaded from storage. You can always request key material sanity + checking using check_key. + * Bring back removed functions min_keylength_of, max_keylength_of, + keylength_multiple_of in lookup.h to avoid breaking applications. + +1.9.15, 2011-03-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * First release candidate for 1.10.0 + * Modify how message expansion is done in SHA-256 and SHA-512. + Instead of expanding the entire message at the start, compute them + in the minimum number of registers. Values are computed 15 rounds + before they are needed. On a Core i7-860, GCC 4.5.2, went from + 143 to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. + * Pipe will delete empty output queues as soon as they are no longer + needed, even if earlier messages still have data unread. However an + (empty) entry in a deque of pointers will remain until all prior + messages are completely emptied. + * Avoid reading the SPARC %tick register on OpenBSD as unlike Linux + the kernel will not trap and emulate it for us, causing a illegal + instruction crash. + * Improve detection and autoconfiguration for ARM processors. + +1.9.14, 2011-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add support for bcrypt, OpenBSD's password hashing scheme + * Add support for NIST's AES key wrapping algorithm + * Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142) + +1.9.13, 2011-02-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Update Keccak to the round 3 variant + * Fix ordering in GOST 34.10 signatures to match DNSSEC specifications + * Use size_t instead of u32bit for small integers in DER/BER codecs + * Add new build option --distribution-info + * Fix problems in the amalgamation build + * Fix building under Clang 2.9 and Sun Studio 12 + +2010 +---------------------------------------- + +1.9.12, 2010-12-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add the Keccak hash function + * Fix compilation problems in Python wrappers + * Fix compilation problem in OpenSSL engine + * Update SQLite3 database encryption codec + +1.9.11, 2010-11-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Many SSL/TLS APIs have changed. This API is still unstable. + * The SSL interface requires TR1 (uses std::tr1::function) + * Fix SSL handshake failures when using RC4 ciphersuites + * Fix a number of CRL encoding and decoding bugs + * Counter mode now always encrypts 256 blocks in parallel + * Code where u32bit was used to represent a length now uses size_t + * Use small tables in the first round of AES + * Removed AES class: app must choose AES-128, AES-192, or AES-256 + * Add hex encoding/decoding functions that can be used without a Pipe + * Add base64 encoding functions that can be used without a Pipe + * Add to_string function to X509_Certificate + * Add support for dynamic engine loading on Windows + * Replace BlockCipher::BLOCK_SIZE attribute with function block_size() + * Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() + * Changed semantics of MemoryRegion::resize and clear to match STL + * Removed MemoryRegion::append, replaced by push_back and operator+= + * Move PBKDF lookup to engine system + * The IDEA key schedule has been changed to run in constant time + * Avoid a possible timing vulnerability in Montgomery reduction + * Add Algorithm and Key_Length_Specification classes + * Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 + * Update Skein-512 to match the v1.3 specification + * Allow using PBKDF2 with empty passphrases + * Add compile-time deprecation warnings for GCC, Clang, and MSVC + * Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 + * Improve support for Intel Atom processors + * Fix compilation problems under Sun Studio and Clang + +1.8.11, 2010-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix a number of CRL encoding and decoding bugs + * When building a debug library under VC++, use the debug runtime + * Fix compilation under Sun Studio on Linux and Solaris + * Add several functions for compatability with 1.9 + * In the examples, read most input files as binary + * The Perl build script has been removed in this release + +1.8.10, 2010-08-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Switch default PKCS #8 encryption algorithm from 3DES to AES-256 + * Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 + * Use small tables in the first round of AES + * Add PBKDF typedef and get_pbkdf for better compatability with 1.9 + * Add version of S2K::derive_key taking salt and iteration count + * Enable the /proc-walking entropy source on NetBSD + * Fix the doxygen makefile target + +1.9.10, 2010-08-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add a constant time AES implementation using SSSE3 + * Add support for loading new Engines at runtime + * Use GCC byteswap intrinsics where possible + * Drop support for building with Python 2.4 + * Fix benchmarking of block ciphers in ECB mode + * Consolidate the two x86 assembly engines + * Rename S2K to PBKDF + +1.9.9, 2010-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add new X509::BER_encode and PKCS8::BER_encode + * Give all Filter objects a name() function + * Add Keyed_Filter::valid_iv_length + * Increase default iteration counts for private key encryption + * Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later + * Fix compilation under Apple's GCC 4.2 + * Expand and update the Doxygen documentation + +1.8.9, 2010-06-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Use constant time multiplication in IDEA + * Avoid possible timing attack against OAEP decoding + * Add new X509::BER_encode and PKCS8::BER_encode + * Enable DLL builds under Windows + * Add Win32 installer support + * Add support for the Clang compiler + * Fix problem in semcem.h preventing build under Clang or GCC 3.4 + * Fix bug that prevented creation of DSA groups under 1024 bits + * Fix crash in GMP_Engine if library is shutdown and reinitialized + * Work around problem with recent binutils in x86-64 SHA-1 + * The Perl build script is no longer supported and refuses to run by default + +1.9.8, 2010-06-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add support for wide multiplications on 64-bit Windows + * Use constant time multiplication in IDEA + * Avoid possible timing attack against OAEP decoding + * Removed FORK-256; rarely used and it has been broken + * Rename --use-boost-python to --with-boost-python + * Skip building shared libraries on MinGW/Cygwin + * Fix creation of 512 and 768 bit DL groups using the DSA kosherizer + * Fix compilation on GCC versions before 4.3 (missing cpuid.h) + * Fix compilation under the Clang compiler + +1.9.7, 2010-04-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * TLS: Support reading SSLv2 client hellos + * TLS: Add support for SEED ciphersuites (RFC 4162) + * Add Comb4P hash combiner function + * Fix checking of EMSA_Raw signatures with leading 0 bytes + +1.9.6, 2010-04-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * TLS: Add support for TLS v1.1 + * TLS: Support server name indicator extension + * TLS: Fix server handshake + * TLS: Fix server using DSA certificates + * TLS: Avoid timing channel between CBC padding check and MAC verification + +1.9.5, 2010-03-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Numerous ECC optimizations + * Fix GOST 34.10-2001 X.509 key loading + * Allow PK_Signer's fault protection checks to be toggled off + * Avoid using pool-based locking allocator if we can't mlock + * Remove all runtime options + * New BER_Decoder::{decode_and_check, decode_octet_string_bigint} + * Remove SecureBuffer in favor of SecureVector length parameter + * HMAC_RNG: Perform a poll along with user-supplied entropy + * Fix crash in MemoryRegion if Allocator::get failed + * Fix small compilation problem on FreeBSD + +1.9.4, 2010-03-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add the Ajisai SSLv3/TLSv1.0 implementation + * Add GOST 34.10-2001 public key signature scheme + * Add SIMD implementation of Noekeon + * Add SSE2 implementation of IDEA + * Extend Salsa20 to support longer IVs (XSalsa20) + * Perform XTS encryption and decryption in parallel where possible + * Perform CBC decryption in parallel where possible + * Add SQLite3 db encryption codec, contributed by Olivier de Gaalon + * Add a block cipher cascade construction + * Add support for password hashing for authentication (passhash9.h) + * Add support for Win32 high resolution system timers + * Major refactoring and API changes in the public key code + * Use consistency checking (anti-fault attack) for all signature schemes + * Changed S2K interface: derive_key now takes salt, iteration count + * Remove dependency on TR1 for ECC and CVC code + * Renamed ECKAEG to its more usual name, ECDH + * Fix crash in GMP_Engine if library is shutdown and reinitialized + * Fix an invalid memory read in MD4 + * Fix Visual C++ static builds + * Remove Timer class entirely + * Switch default PKCS #8 encryption algorithm from 3DES to AES-128 + * New option --gen-amalgamation for creating a SQLite-style amalgamation + * Many headers are now explicitly internal-use-only and are not installed + * Greatly improve the Win32 installer + * Several fixes for Visual C++ debug builds + +2009 +---------------------------------------- + +1.9.3, 2009-11-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add new AES implementation using Intel's AES instruction intrinsics + * Add an implementation of format preserving encryption + * Allow use of any hash function in X.509 certificate creation + * Optimizations for MARS, Skipjack, and AES + * Set macros for available SIMD instructions in build.h + * Add support for using InnoSetup to package Windows builds + * By default build a DLL on Windows + +1.9.2, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add SIMD version of XTEA + * Support both SSE2 and AltiVec SIMD for Serpent and XTEA + * Optimizations for SHA-1 and SHA-2 + * Add AltiVec runtime detection + * Fix x86 CPU identification with Intel C++ and Visual C++ + +1.8.8, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Alter Skein-512 to match the tweaked 1.2 specification + * Fix use of inline asm for access to x86 bswap function + * Allow building the library without AES enabled + * Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild + +1.9.1, 2009-10-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Better support for Python and Perl wrappers + * Add an implementation of Blue Midnight Wish (Round 2 tweak version) + * Modify Skein-512 to match the tweaked 1.2 specification + * Add threshold secret sharing (draft-mcgrew-tss-02) + * Add runtime cpu feature detection for x86/x86-64 + * Add code for general runtime self testing for hashes, MACs, and ciphers + * Optimize XTEA; twice as fast as before on Core2 and Opteron + * Convert CTR_BE and OFB from filters to stream ciphers + * New parsing code for SCAN algorithm names + * Enable SSE2 optimizations under Visual C++ + * Remove all use of C++ exception specifications + * Add support for GNU/Hurd and Clang/LLVM + +1.9.0, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add support for parallel invocation of block ciphers where possible + * Add SSE2 implementation of Serpent + * Add Rivest's package transform (an all or nothing transform) + * Minor speedups to the Turing key schedule + * Fix processing multiple messages in XTS mode + * Add --no-autoload option to configure.py, for minimized builds + * The previously used configure.pl script is no longer supported + +1.8.7, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix processing multiple messages in XTS mode + * Add --no-autoload option to configure.py, for minimized builds + +1.8.6, 2009-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add Cryptobox, a set of simple password-based encryption routines + * Only read world-readable files when walking /proc for entropy + * Fix building with TR1 disabled + * Fix x86 bswap support for Visual C++ + * Fixes for compilation under Sun C++ + * Add support for Dragonfly BSD (contributed by Patrick Georgi) + * Add support for the Open64 C++ compiler + * Build fixes for MIPS systems running Linux + * Minor changes to license, now equivalent to the FreeBSD/NetBSD license + +1.8.5, 2009-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Change configure.py to work on stock Python 2.4 + * Avoid a crash in Skein_512::add_data processing a zero-length input + * Small build fixes for SPARC, ARM, and HP-PA processors + * The test suite now returns an error code from main() if any tests failed + +1.8.4, 2009-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix a bug in nonce generation in the Miller-Rabin test + +1.8.3, 2009-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add a new Python configuration script + * Add the Skein-512 SHA-3 candidate hash function + * Add the XTS block cipher mode from IEEE P1619 + * Fix random_prime when generating a prime of less than 7 bits + * Improve handling of low-entropy situations during PRNG seeding + * Change random device polling to prefer /dev/urandom over /dev/random + * Use an input insensitive implementation of same_mem instead of memcmp + * Correct DataSource::discard_next to return the number of discarded bytes + * Provide a default value for AutoSeeded_RNG::reseed + * Fix Gentoo bug 272242 + +1.8.2, 2009-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Make entropy polling more flexible and in most cases faster + * GOST 28147 now supports multiple sbox parameters + * Added the GOST 34.11 hash function + * Fix botan-config problems on MacOS X + +1.8.1, 2009-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Avoid a valgrind warning in es_unix.cpp on 32-bit Linux + * Fix memory leak in PKCS8 load_key and encrypt_key + * Relicense api.tex from CC-By-SA 2.5 to BSD + * Fix botan-config on MacOS X, Solaris + +2008 +---------------------------------------- + +1.8.0, 2008-12-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix compilation on Solaris with GCC + +1.7.24, 2008-12-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix a compatibility problem with SHA-512/EMSA3 signature padding + * Fix bug preventing EGD/PRNGD entropy poller from working + * Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) + * Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 + * Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes + * Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 + * Wrap private structs in SSE2 SHA-1 code in anonymous namespace + * Change configure.pl's CPU autodetection output to be more consistent + * Disable using OpenSSL's AES due to crashes of unknown cause + * Fix warning in /proc walking entropy poller + * Fix compilation with IBM XLC for Cell 0.9-200709 + +1.7.23, 2008-11-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Change to use TR1 (thus enabling ECDSA) with GCC and ICC + * Optimize almost all hash functions, especially MD4 and Tiger + * Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} + * Change Timer to be pure virtual, and add ANSI_Clock_Timer + * Cache socket descriptors in the EGD entropy source + * Avoid bogging down startup in /proc walking entropy source + * Remove Buffered_EntropySource helper class + * Add a Default_Benchmark_Timer typedef in benchmark.h + * Add examples using benchmark.h and Algorithm_Factory + * Add ECC tests from InSiTo + * Minor documentation updates + +1.7.22, 2008-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add provider preferences to Algorithm_Factory + * Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 + * Optimize AES encryption and decryption (about 10% faster) + * Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs + * Fix nanoseconds overflow in benchmark code + * Remove Engine::add_engine + +1.7.21, 2008-11-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Make algorithm lookup much more configuable + * Add facilities for runtime performance testing of algorithms + * Drop use of entropy estimation in the PRNGs + * Increase intervals between HMAC_RNG automatic reseeding + * Drop InitializerOptions class, all options but thread safety + +1.7.20, 2008-11-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Namespace pkg-config file by major and minor versions + * Cache device descriptors in Device_EntropySource + * Split base.h into {block_cipher,stream_cipher,mac,hash}.h + * Removed get_mgf function from lookup.h + +1.7.19, 2008-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add HMAC_RNG, based on a design by Hugo Krawczyk + * Optimized the Turing stream cipher (about 20% faster on x86-64) + * Modify Randpool's reseeding algorithm to poll more sources + * Add a new AutoSeeded_RNG in auto_rng.h + * OpenPGP_S2K changed to take hash object instead of name + * Add automatic identification for Intel's Prescott processors + +1.7.18, 2008-10-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add Doxygen comments from InSiTo + * Add ECDSA and ECKAEG benchmarks + * Add configure.pl switch --with-tr1-implementation + * Fix configure.pl's --with-endian and --with-unaligned-mem options + * Added support for pkg-config + * Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow + * Use const references to avoid copying overhead in CurveGFp, GFpModulus + +1.7.17, 2008-10-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add missing ECDSA object identifiers + * Fix error in x86 and x86-64 assembler affecting GF(p) math + * Remove Boost dependency from GF(p) math + * Modify botan-config to not print -L/usr/lib or -L/usr/local/lib + * Add BOTAN_DLL macro to over 30 classes missing it + * Rename the two SHA-2 base classes for consistency + +1.7.16, 2008-10-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add several missing pieces needed for ECDSA and ECKAEG + * Add Card Verifiable Certificates from InSiTo + * Add SHA-224 from InSiTo + * Add BSI variant of EMSA1 from InSiTo + * Add GF(p) and ECDSA tests from InSiTo + * Split ECDSA and ECKAEG into distinct modules + * Allow OpenSSL and GNU MP engines to be built with public key algos disabled + * Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h + +1.7.15, 2008-10-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add GF(p) arithmetic from InSiTo + * Add ECDSA and ECKAEG implementations from InSiTo + * Minimize internal dependencies, allowing for smaller build configurations + * Add new User Manual and Architecture Guide from FlexSecure GmbH + * Alter configure.pl options for better autotools compatibility + * Update build instructions for recent changes to configure.pl + * Fix CPU detection using /proc/cpuinfo + +1.7.14, 2008-09-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Split library into parts allowing modular builds + * Add (very preliminary) CMS support to the main library + * Some constructors now require object pointers instead of names + * Support multiple implementations of the same algorithm + * Build support for Pentium-M processors, from Derek Scherger + * Build support for MinGW/MSYS, from Zbigniew Zagorski + * Use inline assembly for bswap on 32-bit x86 + +1.7.13, 2008-09-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai + * Allow all examples to compile even if compression not enabled + * Make CMAC's polynomial doubling operation a public class method + * Use the -m64 flag when compiling with Sun Forte on x86-64 + * Clean up and slightly optimize CMAC::final_result + +1.7.12, 2008-09-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add x86 assembly for Visual Studio C++, by Luca Piccarreta + * Add a Perl XS module, by Vaclav Ovsik + * Add SWIG-based wrapper for Botan + * Add SSE2 implementation of SHA-1, by Dean Gaudet + * Remove the BigInt::sig_words cache due to bugs + * Combined the 4 Blowfish sboxes, suggested by Yves Jerschow + * Changed BigInt::grow_by and BigInt::grow_to to be non-const + * Add private assignment operators to classes that don't support assignment + * Benchmark RSA encryption and signatures + * Added test programs for random_prime and ressol + * Add high resolution timers for IA-64, HP-PA, S390x + * Reduce use of the RNG during benchmarks + * Fix builds on STI Cell PPU + * Add support for IBM's XLC compiler + * Add IETF 8192 bit MODP group + +1.7.11, 2008-09-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added the Salsa20 stream cipher + * Optimized Montgomery reduction, Karatsuba squaring + * Added 16x16->32 word Comba multiplication and squaring + * Use a much larger Karatsuba cutoff point + * Remove bigint_mul_add_words + * Inlined several BigInt functions + * Add useful information to the generated build.h + * Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} + * Fix the Windows build + +1.7.10, 2008-09-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Public key benchmarks run using a selection of random keys + * New benchmark timer options are clock_gettime, gettimeofday, times, clock + * Including reinterpret_cast optimization for xor_buf in default header + * Split byte swapping and word rotation functions into distinct headers + * Add IETF modp 6144 group and 2048 and 3072 bit DSS groups + * Optimizes BigInt right shift + * Add aliases in DL_Group::Format enum + * BigInt now caches the significant word count + +1.7.9, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Make clear() in most algorithm base classes a pure virtual + * Add noexec stack marker for GNU linker in assembly code + * Avoid string operations in ressol + * Compilation fixes for MinGW and Visual Studio C++ 2008 + * Some autoconfiguration fixes for Windows + +1.6.5, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add noexec stack marker for GNU linker in assembly code + * Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 + +1.7.8, 2008-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added the block cipher Noekeon + * Remove global deref_alias function + * X509_Store takes timeout options as constructor arguments + * Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH + * Extend random_prime() for generating primes of any bit length + * Remove Config class + * Allow adding new entropy via base RNG interface + * Reseeding a X9.31 PRNG also reseeds the underlying PRNG + +1.7.7, 2008-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Remove the global PRNG object + * The PK filter objects were removed + * Add a test suite for the ANSI X9.31 PRNG + * Much cleaner and (mostly) thread-safe reimplementation of es_ftw + * Remove both default arguments to ANSI_X931_RNG's constructor + * Remove the randomizing version of OctetString::change + * Make the cipher and MAC to use in Randpool configurable + * Move RandomNumberGenerator declaration to rng.h + * RSA_PrivateKey will not generate keys smaller than 1024 bits + * Fix an error decoding BER UNIVERSAL types with special taggings + +1.7.6, 2008-05-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Initial support for Windows DLLs, from Joel Low + * Reset the position pointer when a new block is generated in X9.32 PRNG + * Timer objects are now treated as entropy sources + * Moved several ASN.1-related enums from enums.h to an appropriate header + * Removed the AEP module, due to inability to test + * Removed Global_RNG and rng.h + * Removed system_clock + * Removed Library_State::UI and the pulse callback logic + +1.7.5, 2008-04-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * The API of X509_CA::sign_request was altered to avoid race conditions + * New type Pipe::message_id to represent the Pipe message number + * Remove the Named_Mutex_Holder for a small performance gain + * Removed several unused or rarely used functions from Config + * Ignore spaces inside of a decimal string in BigInt::decode + * Allow using a std::istream to initialize a DataSource_Stream object + * Fix compilation problem in zlib compression module + * The chunk sized used by Pooling_Allocator is now a compile time setting + * The size of random blinding factors is now a compile time setting + * The install target no longer tries to set a particular owner/group + +1.7.4, 2008-03-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Use unaligned memory read/writes on systems that allow it, for performance + * Assembly for x86-64 for accessing the bswap instruction + * Use larger buffers in ARC4 and WiderWAKE for significant throughput increase + * Unroll loops in SHA-160 for a few percent increase in performance + * Fix compilation with GCC 3.2 in es_ftw and es_unix + * Build fix for NetBSD systems + * Prevent es_dev from being built except on Unix systems + +1.6.4, 2008-03-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix a compilation problem with Visual Studio C++ 2003 + +1.7.3, 2008-01-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * New invocation syntax for configure.pl with several new options + * Support for IPv4 addresses in a subject alternative name + * New fast poll for the generic Unix entropy source (es_unix) + * The es_file entropy source has been replaced by the es_dev module + * The malloc allocator does not inherit from Pooling_Allocator anymore + * The path that es_unix will search in are now fully user-configurable + * Truncate X9.42 PRF output rather than allow counter overflow + * PowerPC is now assumed to be big-endian + +2007 +---------------------------------------- + +1.7.2, 2007-10-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Initialize the global library state lazily + * Add plain CBC-MAC for backwards compatibility with old systems + * Clean up some of the self test code + * Throw a sensible exception if a DL_Group is not found + * Truncate KDF2 output rather than allowing counter overflow + * Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 + * Fix a Visual Studio compilation problem in x509stat.cpp + +1.7.1, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix a race condition in the algorithm object cache + * HMAC key schedule optimization + * The build header sets a macro defining endianness, if known + * New word load/store abstraction allowing further optimization + * Modify most of the library to avoid use the C-style casts + * Use higher resolution timers in symmetric benchmarks + +1.6.3, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix a race condition in the algorithm lookup cache + * Fix problems building the memory pool on some versions of Visual C++ + +1.7.0, 2007-05-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * DSA parameter generation now follows FIPS 186-3 + * Added OIDs for Rabin-Williams and Nyberg-Rueppel + * Somewhat better support for out of tree builds + * Minor optimizations for RC2 and Tiger + * Documentation updates + * Update the todo list + +1.6.2, 2007-03-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix autodection on Athlon64s running Linux + * Fix builds on QNX and compilers using STLport + * Remove a call to abort() that crept into production + +1.6.1, 2007-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix some base64 decoder bugs + * Add a new option to base64 encoding, to always append a newline + * Fix some build problems under Visual Studio with debug enabled + * Fix a bug in BER_Decoder that was triggered under some compilers + +2006 +---------------------------------------- + +1.6.0, 2006-12-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Minor cleanups versus 1.5.13 + +1.5.13, 2006-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Compilation fixes for the bzip2, zlib, and GNU MP modules + * Better support for Intel C++ and EKOpath C++ on x86-64 + +1.5.12, 2006-10-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Cleanups in the initialization routines + * Add some x86-64 assembly for multiply-add + * Fix problems generating very small (below 384 bit) RSA keys + * Support out of tree builds + * Bring some of the documentation up to date + * More improvements to the Python bindings + +1.5.11, 2006-09-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Removed the Algorithm base class + * Various cleanups in the public key inheritance hierarchy + * Major overhaul of the configure/build setup + * Added x86 assembler implementations of Serpent and low-level MPI code + * Optimizations for the SHA-1 x86 assembler + * Various improvements to the Python wrappers + * Work around a Visual Studio compiler bug + +1.5.10, 2006-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add x86 assembler versions of MD4, MD5, and SHA-1 + * Expand InitializerOptions' language to support on/off switches + * Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 + * Fix possible resource leaks in the mmap allocator + * Slightly optimized buffering in MDx_HashFunction + * Initialization failures are dealt with somewhat better + * Add an example implementing Pollard's Rho algorithm + * Better option handling in the test/benchmark tool + * Expand the xor_ciph example to support longer keys + * Some updates to the documentation + +1.5.9, 2006-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed bitrot in the AEP engine + * Fix support for marking certificate/CRL extensions as critical + * Significant cleanups in the library state / initialization code + * LibraryInitializer takes an explicit InitializerOptions object + * Make Mutex_Factory an abstract class, add Default_Mutex_Factory + * Change configuration access to using global_state() + * Add support for global named mutexes throughout the library + * Add some STL wrappers for the delete operator + * Change how certificates are created to be more flexible and general + +1.5.8, 2006-06-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Many internal cleanups to the X.509 cert/CRL code + * Allow for application code to support new X.509 extensions + * Change the return type of X509_Certificate::{subject,issuer}_info + * Allow for alternate character set handling mechanisms + * Fix a bug that was slowing squaring performance somewhat + * Fix a very hard to hit overflow bug in the C version of word3_muladd + * Minor cleanups to the assembler modules + * Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 + * Support for GCC 2.95.x has been dropped in this release + +1.5.7, 2006-05-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Further, major changes to the BER/DER coding system + * Updated the Qt mutex module to use Mutex_Factory + * Moved the library global state object into an anonymous namespace + * Drop the Visual C++ x86 assembly module due to bugs + +1.5.6, 2006-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * The low-level DER/BER coding system was redesigned and rewritten + * Portions of the certificate code were cleaned up internally + * Use macros to substantially clean up the GCC assembly code + * Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) + * Avoid a couple of spurious warnings under Visual C++ + * Some slight cleanups in X509_PublicKey::key_id + +1.5.5, 2006-02-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a potential infinite loop in the memory pool code (Matt Johnston) + * Made Pooling_Allocator::Memory_Block an actual class of sorts + * Some small optimizations to the division and modulo computations + * Cleaned up the implementation of some of the BigInt operators + * Reduced use of dynamic memory allocation in low-level BigInt functions + * A few simplifications in the Randpool mixing function + * Removed power(), as it was not particularly useful (or fast) + * Fixed some annoying bugs in the benchmark code + * Added a real credits file + +1.5.4, 2006-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta + * Fixed a memory access off-by-one in the Karatsuba code + * Changed Pooling_Allocator's free list search to a log(N) algorithm + * Merged ModularReducer with its only subclass, Barrett_Reducer + * Fixed sign-handling bugs in some of the division and modulo code + * Renamed the module description files to modinfo.txt + * Further cleanups in the initialization code + * Removed BigInt::add and BigInt::sub + * Merged all the division-related functions into just divide() + * Modified the <mp_asmi.h> functions to allow for better optimizations + * Made the number of bits polled from an EntropySource user configurable + * Avoid including <algorithm> in <botan/secmem.h> + * Fixed some build problems with Sun Forte + * Removed some dead code from bigint_modop + * Fix the definition of same_mem + +1.5.3, 2006-01-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Many optimizations in the low-level multiple precision integer code + * Added hooks for assembly implementations of the MPI code + * Support for the X.509 issuer alternative name extension in new certs + * Fixed a bug in the decompression modules; found and patched by Matt Johnston + * New Windows mutex module (mux_win32), by Luca Piccarreta + * Changed the Windows timer module to use QueryPerformanceCounter + * mem_pool.cpp was using std::set iterators instead of std::multiset ones + * Fixed a bug in X509_CA preventing users from disabling particular extensions + * Fixed the mp_asm64 module, which was entirely broken in 1.5.2 + * Fixed some module build problems on FreeBSD and Tru64 + +1.5.2, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed an off-by-one memory read in MISTY1::key() + * Fixed a nasty memory leak in Output_Buffers::retire() + * Reimplemented the memory allocator from scratch + * Improved memory caching in Montgomery exponentiation + * Optimizations for multiple precision addition and subtraction + * Fixed a build problem in the hardware timer module on 64-bit PowerPC + * Changed default Karatsuba cutoff to 12 words (was 14) + * Removed MemoryRegion::bits(), which was unused and incorrect + * Changed maximum HMAC keylength to 1024 bits + * Various minor Makefile and build system changes + * Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution + * Switched checks/clock.cpp back to using clock() by default + * Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 + * Removed the Default_Mutex's unused clone() member function + +1.4.12, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed an off-by-one memory read in MISTY1::key() + * Fixed a nasty memory leak in Output_Buffers::retire() + * Changed maximum HMAC keylength to 1024 bits + * Fixed a build problem in the hardware timer module on 64-bit PowerPC + +1.5.1, 2006-01-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Implemented Montgomery exponentiation + * Implemented generalized Karatsuba multiplication and squaring + * Implemented Comba squaring for 4, 6, and 8 word inputs + * Added new Modular_Exponentiator and Power_Mod classes + * Removed FixedBase_Exp and FixedExponent_Exp + * Fixed a performance regression in get_allocator introduced in 1.5.0 + * Engines can now offer S2K algorithms and block cipher padding methods + * Merged the remaining global 'algolist' code into Default_Engine + * The low-level MPI code is linked as C again + * Replaced BigInt's get_nibble with the more general get_substring + * Some documentation updates + +1.5.0, 2006-01-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Moved all global/shared library state into a single object + * Mutex objects are created through mutex factories instead of a global + * Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() + * Removed the RNG_Quality enum entirely + * There is now only a single global-use PRNG + * Removed the no_aliases and no_oids options for LibraryInitializer + * Removed the deprecated algorithms SEAL, ISAAC, and HAVAL + * Change es_ftw to use unbuffered I/O + +2005 +---------------------------------------- + +1.4.11, 2005-12-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Changed Whirlpool diffusion matrix to match updated algorithm spec + * Fixed several engine module build errors introduced in 1.4.10 + * Fixed two build problems in es_capi; reported by Matthew Gregan + * Added a constructor to DataSource_Memory taking a std::string + * Placing the same Filter in multiple Pipes triggers an exception + * The configure script accepts --docdir and --libdir + * Merged doc/rngs.txt into the main API document + * Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 + +1.4.10, 2005-12-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added an implementation of KASUMI, the block cipher used in 3G phones + * Refactored Pipe; output queues are now managed by a distinct class + * Made certain Filter facilities only available to subclasses of Fanout_Filter + * There is no longer any overhead in Pipe for a message that has been read out + * It is now possible to generate RSA keys as small as 128 bits + * Changed some of the core classes to derive from Algorithm as a virtual base + * Changed Randpool to use HMAC instead of a plain hash as the mixing function + * Fixed a bug in the allocators; found and fixed by Matthew Gregan + * Enabled the use of binary file I/O, when requested by the application + * The OpenSSL engine's block cipher code was missing some deallocation calls + * Disabled the es_ftw module on NetBSD, due to header problems there + * Fixed a problem preventing tm_hard from building on MacOS X on PowerPC + * Some cleanups for the modules that use inline assembler + * config.h is now stored in build/ instead of build/include/botan/ + * The header util.h was split into bit_ops.h, parsing.h, and util.h + * Cleaned up some redundant include directives + +1.4.9, 2005-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added the IBM-created AES candidate algorithm MARS + * Added the South Korean block cipher SEED + * Added the stream cipher Turing + * Added the new hash function FORK-256 + * Deprecated the ISAAC stream cipher + * Twofish and RC6 are significantly faster with GCC + * Much better support for 64-bit PowerPC + * Added support for high-resolution PowerPC timers + * Fixed a bug in the configure script causing problems on FreeBSD + * Changed ANSI X9.31 to support arbitrary block ciphers + * Make the configure script a bit less noisy + * Added more test vectors for some algorithms, including all the AES finalists + * Various cosmetic source code cleanups + +1.4.8, 2005-10-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Resolved a bad performance problem in the allocators; fix by Matt Johnston + * Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 + * Renamed OMAC to CMAC to match the official NIST naming + * Added single byte versions of update() to PK_Signer and PK_Verifier + * Removed the unused reverse_bits and reverse_bytes functions + +1.4.7, 2005-09-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed major performance problems with recent versions of GNU C++ + * Added an implementation of the X9.31 PRNG + * Removed the X9.17 and FIPS 186-2 PRNG algorithms + * Changed defaults to use X9.31 PRNGs as global PRNG objects + * Documentation updates to reflect the PRNG changes + * Some cleanups related to the engine code + * Removed two useless headers, base_eng.h and secalloc.h + * Removed PK_Verifier::valid_signature + * Fixed configure/build system bugs affecting MacOS X builds + * Added support for the EKOPath x86-64 compiler + * Added missing destructor for BlockCipherModePaddingMethod + * Fix some build problems with Visual C++ 2005 beta + * Fix some build problems with Visual C++ 2003 Workshop + +1.4.6, 2005-03-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix an error in the shutdown code introduced in 1.4.5 + * Setting base/pkcs8_tries to 0 disables the builtin fail-out + * Support for XMPP identifiers in X.509 certificates + * Duplicate entries in X.509 DNs are removed + * More fixes for Borland C++, from Friedemann Kleint + * Add a workaround for buggy iostreams + +1.4.5, 2005-02-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add support for AES encryption of private keys + * Minor fixes for PBES2 parameter decoding + * Internal cleanups for global state variables + * GCC 3.x version detection was broken in non-English locales + * Work around a Sun Forte bug affecting mem_pool.h + * Several fixes for Borland C++ 5.5, from Friedemann Kleint + * Removed inclusion of init.h into base.h + * Fixed a major bug in reading from certificate stores + * Cleaned up a couple of mutex leaks + * Removed some left-over debugging code + * Removed SSL3_MAC, SSL3_PRF, and TLS_PRF + +2004 +---------------------------------------- + +1.4.4, 2004-12-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Further tweaks to the pooling allocator + * Modified EMSA3 to support SSL/TLS signatures + * Changes to support Qt/QCA, from Justin Karneges + * Moved mux_qt module code into mod_qt + * Fixes for HP-UX from Mike Desjardins + +1.4.3, 2004-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Split up SecureAllocator into Allocator and Pooling_Allocator + * Memory locking allocators are more likely to be used + * Fixed the placement of includes in some modules + * Fixed broken installation procedure + * Fixes in configure script to support alternate install programs + * Modules can specify the minimum version they support + +1.4.2, 2004-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a major CRL handling bug + * Cipher and hash operations can be offloaded to engines + * Added support for cipher and hash offload in OpenSSL engine + * Improvements for 64-bit CPUs without a widening multiply instruction + * Support for SHA2-* and Whirlpool with EMSA2 + * Fixed a long-standing build problem with conflicting include files + * Fixed some examples that hadn't been updated for 1.4.x + * Portability fixes for Solaris, BSD, HP-UX, and others + * Lots of fixes and cleanups in the configure script + * Updated the Gentoo ebuild file + +1.4.1, 2004-10-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed major errors in the X.509 and PKCS #8 copy_key functions + * Added a LAST_MESSAGE meta-message number for Pipe + * Added new aliases (3DES and DES-EDE) for Triple-DES + * Added some new functions to PK_Verifier + * Cleaned up the KDF interface + * Disabled tm_posix on BSD due to header issues + * Fixed a build problem on PowerPC with GNU C++ pre-3.4 + +1.4.0, 2004-06-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added the FIPS 186 RNG back + * Added copy_key functions for X.509 public keys and PKCS #8 private keys + * Fixed PKCS #1 signatures with RIPEMD-128 + * Moved some code around to avoid warnings with Sun ONE compiler + * Fixed a bug in botan-config affecting OpenBSD + * Fixed some build problems on Tru64, HP-UX + * Fixed compile problems with Intel C++, Compaq C++ + +1.3.14, 2004-06-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added support for AEP's AEP1000/AEP2000 crypto cards + * Added a Mutex module using Qt, from Justin Karneges + * Added support for engine loading in LibraryInitializer + * Tweaked SecureAllocator, giving 20% better performance under heavy load + * Added timer and memory locking modules for Win32 (tm_win32, ml_win32) + * Renamed PK_Engine to Engine_Core + * Improved the Karatsuba cutoff points + * Fixes for compiling with GCC 3.4 and Sun C++ 5.5 + * Fixes for Linux/s390, OpenBSD, and Solaris + * Added support for Linux/s390x + * The configure script was totally broken for 'generic' OS + * Removed Montgomery reduction due to bugs + * Removed an unused header, pkcs8alg.h + * check --validate returns an error code if any tests failed + * Removed duplicate entry in Unix command list for es_unix + * Moved the Cert_Usage enumeration into X509_Store + * Added new timing methods for PK benchmarks, clock_gettime and RDTSC + * Fixed a few minor bugs in the configure script + * Removed some deprecated functions from x509cert.h and pkcs10.h + * Removed the 'minimal' module, has to be updated for Engine support + * Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace + * Documentation updates + +1.3.13, 2004-05-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Major fixes for Cygwin builds + * Minor MacOS X install fixes + * The configure script is a little better at picking the right modules + * Removed ml_unix from the 'unix' module set for Cygwin compatibility + * Fixed a stupid compile problem in pkcs10.h + +1.3.12, 2004-05-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added ability to remove old entries from CRLs + * Swapped the first two arguments of X509_CA::update_crl() + * Added an < operator for MemoryRegion, so it can be used as a std::map key + * Changed X.509 searching by DNS name from substring to full string compares + * Renamed a few X509_Certificate and PKCS10_Request member functions + * Fixed a problem when decoding some PKCS #10 requests + * Hex_Decoder would not check inputs, reported by Vaclav Ovsik + * Changed default CRL expire time from 30 days to 7 days + * X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility + * Corrected errors in the API doc, fixes from Ken Perano + * More documentation about the Pipe/Filter code + +1.3.11, 2004-04-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed two show-stopping bugs in PKCS10_Request + * Added some sanity checks in Pipe/Filter + * The DNS and URI entries would get swapped in subjectAlternativeNames + * MAC_Filter is now willing to not take a key at creation time + * Setting the expiration times of certs and CRLs is more flexible + * Fixed problems building on AIX with GCC + * Fixed some problems in the tutorial pointed out by Dominik Vogt + * Documentation updates + +1.3.10, 2004-03-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added support for OpenPGP's ASCII armor format + * Cleaned up the RNG system; seeding is much more flexible + * Added simple autoconfiguration abilities to configure.pl + * Fixed a GCC 2.95.x compile problem + * Updated the example configuration file + * Documentation updates + +1.3.9, 2004-03-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added an engine using OpenSSL (requires 0.9.7 or later) + * X509_Certificate would lose email addresses stored in the DN + * Fixed a missing initialization in a BigInt constructor + * Fixed several Visual C++ compile problems + * Fixed some BeOS build problems + * Fixed the WiderWake benchmark + +2003 +---------------------------------------- + +1.3.8, 2003-12-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Internal changes to PK algorithms to divide data and algorithms + * DSA/DH/NR/ElGamal constructors accept taking just the private key again + * ElGamal keys now support being imported/exported as ASN.1 objects + * Much more consistent and complete error checking in PK algorithms + * Support for arbitrary backends (engines) for PK operations + * Added Montgomery reductions + * Added an engine that uses GNU MP (requires 4.1 or later) + * Removed the obsolete mp_gmp module + * Moved several initialization/shutdown functions to init.h + * Major refactoring of the memory containers + * New non-locking container, MemoryVector + * Fixed 64-bit problems in BigInt::set_bit/clear_bit + * Renamed PK_Key::check_params() to check_key() + * Some incompatible changes to OctetString + * Added version checking macros in version.h + * Removed the fips140 module pending rewrite + * Added some functions and hooks to help GUIs + * Moved more shared code into MDx_HashFunction + * Added a policy hook for specifying the encoding of X.509 strings + +1.3.7, 2003-12-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a big security problem in es_unix + * Fixed several stability problems in es_unix + * Expanded the list of programs es_unix will try to use + * SecureAllocator now only preallocates blocks in special cases + * Added a special case in Global_RNG::seed for forcing a full poll + * Removed the FIPS 186 RNG added in 1.3.5 pending further testing + * Configure updates for PowerPC CPUs + * Removed the (never tested) VAX support + * Added support for S/390 Linux + +1.3.6, 2003-12-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added a new module 'minimal', which disables most algorithms + * SecureAllocator allocates a few blocks at startup + * A few minor MPI cleanups + * RPM spec file cleanups and fixes + +1.3.5, 2003-11-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Major improvements in ASN.1 string handling + * Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs + * Added partial support for the X.509v3 certificate policies extension + * Centralized the handling of character set information + * Added FIPS 140-2 startup self tests + * Added a module (fips140) for doing extra FIPS 140-2 tests + * Added FIPS 186-2 RNG + * Improved ASN.1 BIT STRING handling + * Removed a memory leak in PKCS10_Request + * The encoding of DirectoryString now follows PKIX guidelines + * Fixed some of the character set dependencies + * Fixed a DER encoding error for tags greater than 30 + * The BER decoder can now handle tags larger than 30 + * Fixed tm_hard.cpp to recognize SPARC on more systems + * Workarounds for a GCC 2.95.x bug in x509find.cpp + * RPM changed to install into /usr instead of /usr/local + * Added support for QNX + +1.2.8, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Merged several important bug fixes from 1.3.x + +1.3.4, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added a module that does certain MPI operations using GNU MP + * Added the X9.42 Diffie-Hellman PRF + * The Zlib and Bzip2 objects now use custom allocators + * Added member functions for directly hashing/MACing SecureVectors + * Minor optimizations to the MPI addition and subtraction algorithms + * Some cleanups in the low-level MPI code + * Created separate AES-{128,192,256} objects + +1.3.3, 2003-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * The library can now be repeatedly initialized and shutdown without crashing + * Fixed an off-by-one error in the CTS code + * Fixed an error in the EMSA4 verification code + * Fixed a memory leak in mutex.cpp (pointed out by James Widener) + * Fixed a memory leak in Pthread_Mutex + * Fixed several memory leaks in the testing code + * Bulletproofed the EMSA/EME/KDF/MGF retrieval functions + * Minor cleanups in SecureAllocator + * Removed a needless mutex guarding the (stateless) global timer + * Fixed a piece of bash-specific code in botan-config + * X.509 objects report more information about decoding errors + * Cleaned up some of the exception handling + * Updated the example config file with new OIDSs + * Moved the build instructions into a separate document, building.tex + +1.3.2, 2003-11-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a bug preventing DSA signatures from verifying on X.509 objects + * Made the X509_Store search routines more efficient and flexible + * Added a function to X509_PublicKey to do easy public/private key matching + * Added support for decoding indefinite length BER data + * Changed Pipe's peek() to take an offset + * Removed Filter::set_owns in favor of the new incr_owns function + * Removed BigInt::zero() and BigInt::one() + * Renamed the PEM related options from base/pem_* to pem/* + * Added an option to specify the line width when encoding PEM + * Removed the "rng/safe_longterm" option; it's always on now + * Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 + * Cleaned up the base64/hex encoders and decoders + * Added an ASN.1/BER decoder as an example + * AES had its internals marked 'public' in previous versions + * Changed the value of the ASN.1 NO_OBJECT enum + * Various new hacks in the configure script + * Removed the already nominal support for SunOS + +1.3.1, 2003-11-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Generalized a few pieces of the DER encoder + * PKCS8::load_key would fail if handed an unencrypted key + * Added a failsafe so PKCS #8 key decoding can't go into an infinite loop + +1.3.0, 2003-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Major redesign of the PKCS #8 private key import/export system + * Added a small amount of UI interface code for getting passphrases + * Added heuristics that tell if a key, cert, etc is stored as PEM or BER + * Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC + * Removed certain deprecated constructors of RSA, DSA, DH, RW, NR + * Made PEM decoding more forgiving of extra text before the header + +1.2.7, 2003-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added support for reading configuration files + * Added constructors so NR and RW keys can be imported easily + * Fixed mp_asm64, which was completely broken in 1.2.6 + * Removed tm_hw_ia32 module; replaced by tm_hard + * Added support for loading certain oddly formed RSA certificates + * Fixed spelling of NON_REPUDIATION enum + * Renamed the option default_to_ca to v1_assume_ca + * Fixed a minor bug in X.509 certificate generation + * Fixed a latent bug in the OID lookup code + * Updated the RPM spec file + * Added to the tutorial + +1.2.6, 2003-07-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Major performance increase for PK algorithms on most 64-bit systems + * Cleanups in the low-level MPI code to support asm implementations + * Fixed build problems with some versions of Compaq's C++ compiler + * Removed useless constructors for NR public and private keys + * Removed support for the patch_file directive in module files + * Removed several deprecated functions + +1.2.5, 2003-06-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a tricky and long-standing memory leak in Pipe + * Major cleanups and fixes in the memory allocation system + * Removed alloc_mlock, which has been superseded by the ml_unix module + * Removed a denial of service vulnerability in X509_Store + * Fixed compilation problems with VS .NET 2003 and Codewarrior 8 + * Added another variant of PKCS8::load_key, taking a memory buffer + * Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 + * BigInt::operator%=(word) was a no-op if the input was a power of 2 + * Fixed portability problems in BigInt::to_u32bit + * Fixed major bugs in SSL3-MAC + * Cleaned up some messes in the PK algorithms + * Cleanups and extensions for OMAC and EAX + * Made changes to the entropy estimation function + * Added a 'beos' module set for use on BeOS + * Officially deprecated a few X509:: and PKCS8:: functions + * Moved the contents of primes.h to numthry.h + * Moved the contents of x509opt.h to x509self.h + * Removed the (empty) desx.h header + * Documentation updates + +1.2.4, 2003-05-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a bug in EMSA1 affecting NR signature verification + * Fixed a few latent bugs in BigInt related to word size + * Removed an unused function, mp_add2_nc, from the MPI implementation + * Reorganized the core MPI files + +1.2.3, 2003-05-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a bug that prevented DSA/NR key generation + * Fixed a bug that prevented importing some root CA certs + * Fixed a bug in the BER decoder when handing optional bit or byte strings + * Fixed the encoding of authorityKeyIdentifier in X509_CA + * Added a sanity check in PBKDF2 for zero length passphrases + * Added versions of X509::load_key and PKCS8::load_key that take a file name + * X509_CA generates 128 bit serial numbers now + * Added tests to check PK key generation + * Added a simplistic X.509 CA example + * Cleaned up some of the examples + +1.2.2, 2003-05-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Add checks to prevent any BigInt bugs from revealing an RSA or RW key + * Changed the interface of Global_RNG::seed + * Major improvements for the es_unix module + * Added another Win32 entropy source, es_win32 + * The Win32 CryptoAPI entropy source can now poll multiple providers + * Improved the BeOS entropy source + * Renamed pipe_unixfd module to fd_unix + * Fixed a file descriptor leak in the EGD module + * Fixed a few locking bugs + +1.2.1, 2003-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added ANSI X9.23 compatible CBC padding + * Added an entropy source using Win32 CryptoAPI + * Removed the Pipe I/O operators taking a FILE* + * Moved the BigInt encoding/decoding functions into the BigInt class + * Integrated several fixes for VC++ 7 (from Hany Greiss) + * Fixed the configure.pl script for Windows builds + +1.2.0, 2003-04-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Tweaked the Karatsuba cut-off points + * Increased the allowed keylength of HMAC and Blowfish + * Removed the 'mpi_ia32' module, pending rewrite + * Workaround a GCC 2.95.x bug in eme1.cpp + +1.1.13, 2003-04-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added OMAC + * Added EAX authenticated cipher mode + * Diffie-Hellman would not do blinding in some cases + * Optimized the OFB and CTR modes + * Corrected Skipjack's word ordering, as per NIST clarification + * Support for all subject/issuer attribute types required by RFC 3280 + * The removeFromCRL CRL reason code is now handled correctly + * Increased the flexibility of the allocators + * Renamed Rijndael to AES, created aes.h, deleted rijndael.h + * Removed support for the 'no_timer' LibraryInitializer option + * Removed 'es_pthr' module, pending further testing + * Cleaned up get_ciph.cpp + +1.1.12, 2003-04-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a ASN.1 string encoding bug + * Fixed a pair of X509_DN encoding problems + * Base64_Decoder and Hex_Decoder can now validate input + * Removed support for the LibraryInitializer option 'egd_path' + * Added tests for DSA X.509 and PKCS #8 key formats + * Removed a long deprecated feature of DH_PrivateKey's constructor + * Updated the RPM .spec file + * Major documentation updates + +1.1.11, 2003-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added PKCS #10 certificate requests + * Changed X509_Store searching interface to be more flexible + * Added a generic Certificate_Store interface + * Added a function for generating self-signed X.509 certs + * Cleanups and changes to X509_CA + * New examples for PKCS #10 and self-signed certificates + * Some documentation updates + +1.1.10, 2003-04-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * X509_CA can now generate new X.509 CRLs + * Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks + * More certificate and CRL extensions/attributes are supported + * Better DN handling in X.509 certificates/CRLs + * Added a DataSink hierarchy (suggested by Jim Darby) + * Consolidated SecureAllocator and ManagedAllocator + * Many cleanups and generalizations + * Added a (slow) pthreads based EntropySource + * Fixed some threading bugs + +1.1.9, 2003-02-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added support for using X.509v2 CRLs + * Fixed several bugs in the path validation algorithm + * Certificates can be verified for a particular usage + * Algorithm for comparing distinguished names now follows X.509 + * Cleaned up the code for the es_beos, es_ftw, es_unix modules + * Documentation updates + +1.1.8, 2003-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixes for the certificate path validation algorithm in X509_Store + * Fixed a bug affecting X509_Certificate::is_ca_cert() + * Added a general configuration interface for policy issues + * Cleanups and API changes in the X.509 CA, cert, and store code + * Made various options available for X509_CA users + * Changed X509_Time's interface to work around time_t problems + * Fixed a theoretical weakness in Randpool's entropy mixing function + * Fixed problems compiling with GCC 2.95.3 and GCC 2.96 + * Fixed a configure bug (reported by Jon Wilson) affecting MinGW + +1.1.7, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed an obscure but dangerous bug in SecureVector::swap + * Consolidated SHA-384 and SHA-512 to save code space + * Added SSL3-MAC and SSL3-PRF + * Documentation updates, including a new tutorial + +1.0.2, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed an obscure SEGFAULT causing bug in Pipe + * Fixed an obscure but dangerous bug in SecureVector::swap + +2002 +---------------------------------------- + +1.1.6, 2002-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Initial support for X.509v3 certificates and CAs + * Major redesign/rewrite of the ASN.1 encoding/decoding code + * Added handling for DSA/NR signatures encoded as DER SEQUENCEs + * Documented the generic cipher lookup interface + * Added an (untested) entropy source for BeOS + * Various cleanups and bug fixes + +1.1.5, 2002-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added the discrete logarithm integrated encryption system (DLIES) + * Various optimizations for BigInt + * Added support for assembler optimizations in modules + * Added BigInt x86 optimizations module (mpi_ia32) + +1.1.4, 2002-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Speedup of 15-30% for PK algorithms + * Implemented the PBES2 encryption scheme + * Fixed a potential bug in decoding RSA and RW private keys + * Changed the DL_Group class interface to handle different formats better + * Added support for PKCS #3 encoded DH parameters + * X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' + * Added key pair consistency checking + * Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) + * A botan-config script is generated at configure time + * Documentation updates + +1.1.3, 2002-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added a generic public/private key loading interface + * Fixed a small encoding bug in RSA, RW, and DH + * Changed the PK encryption/decryption interface classes + * ECB supports using padding methods + * Added a function-based interface for library initialization + * Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures + * The cipher mode benchmarks now use 128-bit AES instead of DES + * Removed some obsolete typedefs + * Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) + * Added tests for PKCS #8 encoding/decoding + * Added more tests for ECB and CBC + +1.1.2, 2002-10-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Support for PKCS #8 encoded RSA, DSA, and DH private keys + * Support for Diffie-Hellman X.509 public keys + * Major reorganization of how X.509 keys are handled + * Added PKCS #5 v2.0's PBES1 encryption scheme + * Added a generic cipher lookup interface + * Added the WiderWake4+1 stream cipher + * Added support for sync-able stream ciphers + * Added a 'paranoia level' option for the LibraryInitializer + * More security for RNG output meant for long term keys + * Added documentation for some of the new 1.1.x features + * CFB's feedback argument is now specified in bits + * Renamed CTR class to CTR_BE + * Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats + +1.1.1, 2002-10-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added the Korean hash function HAS-160 + * Partial support for RSA and DSA X.509 public keys + * Added a mostly functional BER encoder/decoder + * Added support for non-deterministic MAC functions + * Initial support for PEM encoding/decoding + * Internal cleanups in the PK algorithms + * Several new convenience functions in Pipe + * Fixed two nasty bugs in Pipe + * Messed with the entropy sources for es_unix + * Discrete logarithm groups are checked for safety more closely now + * For compatibility with GnuPG, ElGamal now supports DSA-style groups + +1.1.0, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added entropy estimation to the RNGs + * Improved the overall design of both Randpool and ANSI_X917_RNG + * Added a separate RNG for nonce generation + * Added window exponentiation support in power_mod + * Added a get_s2k function and the PKCS #5 S2K algorithms + * Added the TLSv1 PRF + * Replaced BlockCipherModeIV typedef with InitializationVector class + * Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement + * Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x + * Added support for RIPEMD-160 PKCS#1 v1.5 signatures + * Changed the key agreement scheme interface + * Changed the S2K and KDF interfaces + * Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK + * Added support for variable-pass Tiger + * Major speedup for Rabin-Williams key generation + +1.0.1, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed a minor bug in Randpool::random() + * Added some new aliases and typedefs for 1.1.x compatibility + * The 4096-bit RSA benchmark key was decimal instead of hex + * EMAC was returning an incorrect name + +1.0.0, 2002-08-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Octal I/O of BigInt is now supported + * Fixed portability problems in the es_egd module + * Generalized IV handling in the block cipher modes + * Added Karatsuba multiplication and k-ary exponentiation + * Fixed a problem in the multiplication routines + +0.9.2, 2002-08-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * DH_PrivateKey::public_value() was returning the wrong value + * Various BigInt optimizations + * The filters.h header now includes hex.h and base64.h + * Moved Counter mode to ctr.h + * Fixed a couple minor problems with VC++ 7 + * Fixed problems with the RPM spec file + +0.9.1, 2002-08-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Grand rename from OpenCL to Botan + * Major optimizations for the PK algorithms + * Added ElGamal encryption + * Added Whirlpool + * Tweaked memory allocation parameters + * Improved the method of seeding the global RNG + * Moved pkcs1.h to eme_pkcs.h + * Added more test vectors for some algorithms + * Fixed error reporting in the BigInt tests + * Removed Default_Timer, it was pointless + * Added some new example applications + * Removed some old examples that weren't that interesting + * Documented the compression modules + +0.9.0, 2002-08-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * EMSA4 supports variable salt size + * PK_* can take a string naming the encoding method to use + * Started writing some internals documentation + +0.8.7, 2002-07-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed bugs in EME1 and EMSA4 + * Fixed a potential crash at shutdown + * Cipher modes returned an ill-formed name + * Removed various deprecated types and headers + * Cleaned up the Pipe interface a bit + * Minor additions to the documentation + * First stab at a Visual C++ makefile (doc/Makefile.vc7) + +0.8.6, 2002-07-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added EMSA4 (aka PSS) + * Brought the manual up to date; many corrections and additions + * Added a parallel hash function construction + * Lookup supports all available algorithms now + * Lazy initialization of the lookup tables + * Made more discrete logarithm groups available through get_dl_group() + * StreamCipher_Filter supports seeking (if the underlying cipher does) + * Minor optimization for GCD calculations + * Renamed SAFER_SK128 to SAFER_SK + * Removed many previously deprecated functions + * Some now-obsolete functions, headers, and types have been deprecated + * Fixed some bugs in DSA prime generation + * DL_Group had a constructor for DSA-style prime gen but it wasn't defined + * Reversed the ordering of the two arguments to SEAL's constructor + * Fixed a threading problem in the PK algorithms + * Fixed a minor memory leak in lookup.cpp + * Fixed pk_types.h (it was broken in 0.8.5) + * Made validation tests more verbose + * Updated the check and example applications + +0.8.5, 2002-07-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) + * Added a DL_Group class + * Reworking of the pubkey internals + * Support in lookup for aliases and PK algorithms + * Renamed CAST5 to CAST_128 and CAST256 to CAST_256 + * Added EMSA1 + * Reorganization of header files + * LibraryInitializer will install new allocator types if requested + * Fixed a bug in Diffie-Hellman key generation + * Did a workaround in pipe.cpp for GCC 2.95.x on Linux + * Removed some debugging code from init.cpp that made FTW ES useless + * Better checking for invalid arguments in the PK algorithms + * Reduced Base64 and Hex default line length (if line breaking is used) + * Fixes for HP's aCC compiler + * Cleanups in BigInt + +0.8.4, 2002-07-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added Nyberg-Rueppel signatures + * Added Diffie-Hellman key exchange (kex interface is subject to change) + * Added KDF2 + * Enhancements to the lookup API + * Many things formerly taking pointers to algorithms now take names + * Speedups for prime generation + * LibraryInitializer has support for seeding the global RNG + * Reduced SAFER-SK128 memory consumption + * Reversed the ordering of public and private key values in DSA constructor + * Fixed serious bugs in MemoryMapping_Allocator + * Fixed memory leak in Lion + * FTW_EntropySource was not closing the files it read + * Fixed line breaking problem in Hex_Encoder + +0.8.3, 2002-06-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added DSA and Rabin-Williams signature schemes + * Added EMSA3 + * Added PKCS#1 v1.5 encryption padding + * Added Filters for PK algorithms + * Added a Keyed_Filter class + * LibraryInitializer processes arguments now + * Major revamp of the PK interface classes + * Changed almost all of the Filters for non-template operation + * Changed HMAC, Lion, Luby-Rackoff to non-template classes + * Some fairly minor BigInt optimizations + * Added simple benchmarking for PK algorithms + * Added hooks for fixed base and fixed exponent modular exponentiation + * Added some examples for using RSA + * Numerous bugfixes and cleanups + * Documentation updates + +0.8.2, 2002-05-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added an (experimental) algorithm lookup interface + * Added code for directly testing BigInt + * Added SHA2-384 + * Optimized SHA2-512 + * Major optimization for Adler32 (thanks to Dan Nicolaescu) + * Various minor optimizations in BigInt and related areas + * Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore + * Fixed a bug in BufferingFilter + * Made a few fixes for MacOS X + * Added a workaround in configure.pl for GCC 2.95.x + * Better support for PowerPC, ARM, and Alpha + * Some more cleanups + +0.8.1, 2002-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Major code cleanup (check doc/deprecated.txt) + * Various bugs fixed, including several portability problems + * Renamed MessageAuthCode to MessageAuthenticationCode + * A replacement for X917 is in x917_rng.h + * Changed EMAC to non-template class + * Added ANSI X9.19 compatible CBC-MAC + * TripleDES now supports 128 bit keys + +0.8.0, 2002-04-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Merged BigInt: many bugfixes and optimizations since alpha2 + * Added RSA (rsa.h) + * Added EMSA2 (emsa2.h) + * Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) + * Changed some interfaces, including SymmetricKey, to support the global rng + * Fixed a serious bug in ManagedAllocator + * Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 + * Removed some deprecated stuff + * Added a global random number generator (rng.h) + * Added clone functions to most of the basic algorithms + * Added a library initializer class (init.h) + * Version macros in version.h + * Moved the base classes from opencl.h to base.h + * Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib + * Documentation updates for the new stuff (still incomplete) + * Many new deprecated things: check doc/deprecated.txt + +0.7.10, 2002-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Added EGD_EntropySource module (es_egd) + * Added a file tree walking EntropySource (es_ftw) + * Added MemoryLocking_Allocator module (alloc_mlock) + * Renamed the pthr_mux, unix_rnd, and mmap_mem modules + * Changed timer mechanism; the clock method can be switched on the fly. + * Renamed MmapDisk_Allocator to MemoryMapping_Allocator + * Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) + * Fixed several bugs in MemoryMapping_Allocator + * Added more default sources for Unix_EntropySource + * Changed SecureBuffer to use same allocation methods as SecureVector + * Added bigint_divcore into mp_core to support BigInt alpha2 release + * Removed some Pipe functions deprecated since 0.7.8 + * Some fixes for the configure program + +0.7.9, 2002-03-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Memory allocation substantially revamped + * Added memory allocation method based on mmap(2) in the mmap_mem module + * Added ECB and CTS block cipher modes (ecb.h, cts.h) + * Added a Mutex interface (mutex.h) + * Added module pthr_mux, implementing the Mutex interface + * Added Threaded Filter interface (thr_filt.h) + * All algorithms can now by keyed with SymmetricKey objects + * More testing occurs with --validate (expected failures) + * Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 + * Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress + * Made X917 safer (and about 1/3 as fast) + * Documentation updates + +0.7.8, 2002-02-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * More capabilities for Pipe, inspired by SysV STREAMS, including peeking, + better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION + * Added a BufferingFilter class + * Added popen() based EntropySource for generic Unix systems (unix_rnd) + * Moved 'devrand' module into main distribution (ent_file.h), renamed to + File_EntropySource, and changed interface somewhat. + * Made Randpool somewhat more conservative and also 25% faster + * Minor fixes and updates for the configure script + * Added some tweaks for memory allocation + * Documentation updates for the new Pipe interface + * Fixed various minor bugs + * Added a couple of new example programs (stack and hasher2) + +2001 +---------------------------------------- + +0.7.7, 2001-11-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Filter::send now works in the constructor of a Filter subclass + * You may now have to include <opencl/pipe.h> explicitly in some code + * Added preliminary PK infrastructure classes in pubkey.h and pkbase.h + * Enhancements to SecureVector (append, destroy functions) + * New infrastructure for secure memory allocation + * Added IEEE P1363 primitives MGF1, EME1, KDF1 + * Rijndael optimizations and cleanups + * Changed CipherMode<B> to BlockCipherMode(B*) + * Fixed a nasty bug in pipe_unixfd + * Added portions of the BigInt code into the main library + * Support for VAX, SH, POWER, PowerPC-64, Intel C++ + +0.7.6, 2001-10-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fixed several serious bugs in SecureVector created in 0.7.5 + * Square optimizations + * Fixed shared objects on MacOS X and HP-UX + * Fixed static libs for KCC 4.0; works with KCC 3.4g as well + * Full support for Athlon and K6 processors using GCC + * Added a table of prime numbers < 2**16 (primes.h) + * Some minor documentation updates + +0.7.5, 2001-08-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Split checksum.h into adler32.h, crc24.h, and crc32.h + * Split modes.h into cbc.h, cfb.h, and ofb.h + * CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption + * Added OneAndZeros and NoPadding methods for CBC + * Added Lion, a very fast block cipher construction + * Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) + * Basic types (ciphers, hashes, etc) know their names now (call name()) + * Changed the EntropySource type somewhat + * Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 + * Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 + * Some semantics of SecureVector have changed slightly + * The mlock module has been removed for the time being + * Added string handling functions for hashes and MACs + * Various non-user-visible cleanups + * Shared library soname is now set to the full version number + +0.7.4, 2001-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe + * Fixed a vast number of errors in the config script/makefile/specfile + * Pipe now has a stdio(3) interface as well as C++ iostreams + * ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) + * Bzip2 supports decompressing multiple concatenated streams, and flushing + * Added a simple 'overall average' score to the benchmarks + * Fixed a small bug in the POSIX timer module + * Removed a very-unlikely-to-occur bug in most of the hash functions + * filtbase.h now includes <iosfwd>, not <iostream> + * Minor documentation updates + +0.7.3, 2001-06-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Fix build problems on Solaris/SPARC + * Fix build problems with Perl versions < 5.6 + * Fixed some stupid code that broke on a few compilers + * Added string handling functions to Pipe + * MISTY1 optimizations + +0.7.2, 2001-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Build system supports modules + * Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers + * Added Bzip2 compression filter, contributed by Peter Jones + * GNU make no longer required (tested with 4.4BSD pmake and Solaris make) + * Fixed minor bug in several of the hash functions + * Various other minor fixes and changes + * Updates to the documentation + +0.7.1, 2001-05-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * Rewrote configure script: more consistent and complete + * Made it easier to find out parameters of types at run time (opencl.h) + * New functions for finding the version being used (version.h) + * New SymmetricKey interface for Filters (symkey.h) + * InvalidKeyLength now records what the invalid key length was + * Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA + * Changed GOST to use correct S-box ordering (incompatible change) + * Benchmark code was almost totally rewritten + * Many more entries in the test vector file + * Fixed minor and idiotic bug in check.cpp + +0.7.0, 2001-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + * First public release |