diff options
Diffstat (limited to 'doc')
175 files changed, 2635 insertions, 2318 deletions
diff --git a/doc/bigint.txt b/doc/bigint.txt index 7eb884039..89c4a0cb9 100644 --- a/doc/bigint.txt +++ b/doc/bigint.txt @@ -21,13 +21,13 @@ Encoding Functions These transform the normal representation of a ``BigInt`` into some other form, such as a decimal string: -.. cpp:function:: SecureVector<byte> BigInt::encode(const BigInt& n, Encoding enc = Binary) +.. cpp:function:: secure_vector<byte> BigInt::encode(const BigInt& n, Encoding enc = Binary) This function encodes the BigInt n into a memory vector. ``Encoding`` is an enum that has values ``Binary``, ``Octal``, ``Decimal``, and ``Hexadecimal``. -.. cpp:function:: BigInt BigInt::decode(const MemoryRegion<byte>& vec, Encoding enc) +.. cpp:function:: BigInt BigInt::decode(const std::vector<byte>& vec, Encoding enc) Decode the integer from ``vec`` using the encoding specified. @@ -35,7 +35,7 @@ These functions are static member functions, so they would be called like this:: BigInt n1 = ...; // some number - SecureVector<byte> n1_encoded = BigInt::encode(n1); + secure_vector<byte> n1_encoded = BigInt::encode(n1); BigInt n2 = BigInt::decode(n1_encoded); assert(n1 == n2); diff --git a/doc/building.txt b/doc/building.txt index e16531de4..cc6f0af5d 100644 --- a/doc/building.txt +++ b/doc/building.txt @@ -331,18 +331,9 @@ for calculations with the MPI implementation in Botan. You can choose on the processor. Unless you are building for a 8 or 16-bit CPU, this isn't worth messing with. -``BOTAN_VECTOR_OVER_ALLOCATE``: The memory container ``SecureVector`` -will over-allocate requests by this amount (in elements). In several -areas of the library, we grow a vector fairly often. By -over-allocating by a small amount, we don't have to do allocations as -often (which is good, because the allocators can be quite slow). If -you *really* want to reduce memory usage, set it to 0. Otherwise, the -default should be perfectly fine. - ``BOTAN_DEFAULT_BUFFER_SIZE``: This constant is used as the size of -buffers throughout Botan. A good rule of thumb would be to use the -page size of your machine. The default should be fine for most -purposes. +buffers throughout Botan. The default should be fine for most +purposes, reduce if you are very concerned about runtime memory usage. Building Applications ---------------------------------------- diff --git a/doc/conf.py b/doc/conf.py index 65f40314a..99ee64a54 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -186,10 +186,10 @@ html_static_path = [] #html_show_sourcelink = True # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True +html_show_sphinx = False # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -#html_show_copyright = True +html_show_copyright = False # If true, an OpenSearch description file will be output, and all pages will # contain a <link> tag referring to it. The value of this option must be the diff --git a/doc/contents.txt b/doc/contents.txt index 141c9188f..75286c945 100644 --- a/doc/contents.txt +++ b/doc/contents.txt @@ -23,11 +23,11 @@ Contents rng fpe python + relnotes/index .. toctree:: :hidden: - log license credits faq diff --git a/doc/download.txt b/doc/download.txt index 0891adc8c..185126e19 100644 --- a/doc/download.txt +++ b/doc/download.txt @@ -11,14 +11,20 @@ Unsure which release you want? Check the :ref:`FAQ <devel_vs_stable>`. .. note:: If you are viewing this documentation offline, a more recent - release `may be available <http://botan.randombit.net/download.html>`_ + release `may be available <http://botan.randombit.net/download.html>`_. + +Current Development Release (1.11) +---------------------------------------- + +The current development release (from branch ``net.randombit.botan``) is +:doc:`relnotes/1_11_0` + Current Stable Release (1.10) ---------------------------------------- -The current stable release is `1.10.2 -<http://botan.randombit.net/news/releases/1_10_2.html>`_ which was -released on 2012-06-17. +The current stable release (from branch ``net.randombit.botan.1_10``) +is :doc:`relnotes/1_10_2` Sources: @@ -40,9 +46,8 @@ Sources: Previous Stable Release (1.8) ---------------------------------------- -The previous stable release is `1.8.13 -<http://botan.randombit.net/news/releases/1_8_13.html>`_ which was -released on 2011-07-02. +The previous stable release (from branch ``net.randombit.botan.1_8``) +is :doc:`relnotes/1_8_13` Sources: @@ -65,12 +70,9 @@ Accessing Version Control ---------------------------------------- Botan's development occurs using a distributed version control system -called `Monotone <http://www.monotone.ca>`_. - -The main branch of development occurs on the branch named -``net.randombit.botan``; this is probably the branch you want (for -1.8, use ``net.randombit.botan.1_8`` instead). To download that branch -and set up a new workspace, run:: +called `Monotone <http://www.monotone.ca>`_. The main branch of +development occurs on the branch named ``net.randombit.botan``. To +download that branch and set up a new workspace, run:: $ mtn db init --db=botan.mtn $ mtn pull --db=botan.mtn randombit.net 'net.randombit.botan' @@ -78,10 +80,10 @@ and set up a new workspace, run:: $ mtn checkout --db=botan.mtn --branch=net.randombit.botan [...] -By default the ``checkout`` command will place the workspace in a directory -with the same name as the branch you are checking out. If you want a -different directory name, just include it after the ``--branch`` option (you -can also rename this directory at any time). +By default the ``checkout`` command will place the workspace in a +directory with the same name as the branch you are checking out. If +you want a different directory name, just include it after the +``--branch`` option (you can also rename this directory at any time). If this is the first time you've connected to the server, Monotone will print:: @@ -90,14 +92,15 @@ will print:: mtn: I'll assume it's really them, but you might want to double-check mtn: their key's fingerprint: 8c0b868f2247215c63c96983b1c8ca0f0f0cfd9a -The fingerprint shown above was the correct one as of September 21, 2010. +The fingerprint shown above was the correct one as of June 20, 2012. -To pull further changes, from anywhere in the workspace run these commands:: +To pull further changes, from anywhere in the workspace run these +commands:: $ mtn pull [...] $ mtn update [summary of changes] -The ``mtn update`` command will give you a summary of which files changed; -to view the full changelog, run ``mtn log``. +The ``mtn update`` command will give you a summary of which files +changed; to view the full changelog, run ``mtn log``. diff --git a/doc/filters.txt b/doc/filters.txt index 2355005aa..d71df1225 100644 --- a/doc/filters.txt +++ b/doc/filters.txt @@ -59,7 +59,7 @@ Here's code that uses one of them to encrypt a string with AES:: pipe.process_msg("secrets"); pipe.process_msg("more secrets"); - MemoryVector<byte> c1 = pipe.read_all(0); + secure_vector<byte> c1 = pipe.read_all(0); byte c2[4096] = { 0 }; size_t got_out = pipe.read(c2, sizeof(c2), 1); @@ -216,7 +216,7 @@ a case where that is useful:: pipe.process_msg(ciphertext); std::string plaintext = pipe.read_all_as_string(0); - SecureVector<byte> mac = pipe.read_all(1); + secure_vector<byte> mac = pipe.read_all(1); if(mac != auth_code) error(); @@ -380,7 +380,7 @@ another message, without either read affecting any other messages). .. cpp:function:: void Pipe::write(const byte* input, size_t length) -.. cpp:function:: void Pipe::write(const MemoryRegion<byte>& input) +.. cpp:function:: void Pipe::write(const std::vector<byte>& input) .. cpp:function:: void Pipe::write(const std::string& input) @@ -429,7 +429,7 @@ Functions in ``Pipe`` related to reading include: Acts exactly like `read`, except the data is not actually read; the next read will return the same data. -.. cpp:function:: SecureVector<byte> Pipe::read_all() +.. cpp:function:: secure_vector<byte> Pipe::read_all() Reads the entire message into a buffer and returns it diff --git a/doc/firststep.txt b/doc/firststep.txt index fb4eb583e..427bcadf0 100644 --- a/doc/firststep.txt +++ b/doc/firststep.txt @@ -76,13 +76,6 @@ destroyed. This implies you can't have static variables that are Botan objects inside functions or classes; in many C++ runtimes, these objects will be destroyed after main has returned. -The memory object classes (``MemoryRegion``, ``MemoryVector``, -``SecureVector``) are extremely primitive, and meant only for -secure storage of potentially sensitive data like keys. They do not -meet the requirements for an STL container object and you should not -try to use them with STL algorithms. For a general-purpose container, -use ``std::vector``. - Use a ``try``/``catch`` block inside your ``main`` function, and catch any ``std::exception`` throws (remember to catch by reference, as ``std::exception::what`` is polymorphic):: diff --git a/doc/fpe.txt b/doc/fpe.txt index 5c035f0b7..776189d4f 100644 --- a/doc/fpe.txt +++ b/doc/fpe.txt @@ -22,7 +22,7 @@ included in the future. To use FE1, use these functions, from ``fpe_fe1.h``: .. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \ - const SymmetricKey& key, const MemoryRegion<byte>& tweak) + const SymmetricKey& key, const std::vector<byte>& tweak) Encrypts the value *X* modulo the value *n* using the *key* and *tweak* specified. Returns an integer less than *n*. The *tweak* is @@ -40,7 +40,7 @@ To use FE1, use these functions, from ``fpe_fe1.h``: checksum is for the new (ciphertext) number. .. cpp:function:: BigInt FPE::fe1_decrypt(const BigInt& n, const BigInt& X, \ - const SymmetricKey& key, const MemoryRegion<byte>& tweak) + const SymmetricKey& key, const std::vector<byte>& tweak) Decrypts an FE1 ciphertext produced by :cpp:func:`fe1_encrypt`; the *n*, *key* and *tweak* should be the same as that provided to the diff --git a/doc/index.txt b/doc/index.txt index cab41f776..535f8e171 100644 --- a/doc/index.txt +++ b/doc/index.txt @@ -53,9 +53,8 @@ It was started as a personal project by `Jack Lloyd <http://www.randombit.net>`_,who continues to be the maintainer and release manager. Since the first release in 2001, a number of :doc:`individuals and organizations <credits>` have contributed bug -fixes and new features. Check out the :doc:`release notes <log>` and -`news archive <http://botan.randombit.net/news>`_ for more project -history. +fixes and new features. Check out the :doc:`release notes +<relnotes/index>` for more project history. If you need help or have questions, send a mail to the `development mailing list diff --git a/doc/kdf.txt b/doc/kdf.txt index da916dcb3..4ab2fd5dc 100644 --- a/doc/kdf.txt +++ b/doc/kdf.txt @@ -11,19 +11,19 @@ shared secret created using Diffie-Hellman key agreement. .. cpp:class:: KDF - .. cpp:function:: SecureVector<byte> derive_key( \ - size_t key_len, const MemoryRegion<byte>& secret, \ + .. cpp:function:: secure_vector<byte> derive_key( \ + size_t key_len, const std::vector<byte>& secret, \ const std::string& salt = "") const - .. cpp:function:: SecureVector<byte> derive_key( \ - size_t key_len, const MemoryRegion<byte>& secret, \ - const MemoryRegion<byte>& salt) const + .. cpp:function:: secure_vector<byte> derive_key( \ + size_t key_len, const std::vector<byte>& secret, \ + const std::vector<byte>& salt) const - .. cpp:function:: SecureVector<byte> derive_key( \ - size_t key_len, const MemoryRegion<byte>& secret, \ + .. cpp:function:: secure_vector<byte> derive_key( \ + size_t key_len, const std::vector<byte>& secret, \ const byte* salt, size_t salt_len) const - .. cpp:function:: SecureVector<byte> derive_key( \ + .. cpp:function:: secure_vector<byte> derive_key( \ size_t key_len, const byte* secret, size_t secret_len, \ const std::string& salt) const diff --git a/doc/log.txt b/doc/log.txt deleted file mode 100644 index bc0990747..000000000 --- a/doc/log.txt +++ /dev/null @@ -1,2230 +0,0 @@ - -.. _relnotes: - -Release Notes -======================================== - -Series 1.11 ----------------------------------------- - -Version 1.11.0, Not Yet Released -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The codebase has converted to C++11. Currently GCC 4.7 and Clang 3.1 - are known to work. - -* The MemoryVector and SecureVector container types have been removed. - An alias of std::vector using an allocator that clears memory named - secure_vector is used for key material, and std::vector is used for - everything else. - -* The method of mlocking memory is much improved, and if the process - can mlock memory then it will be used automatically. - -* The TLS interface is now non-blocking and does not directly interact - with sockets. An example TLS server using asio is included which - scales to at least 64 processors. - -* X509_Store has been removed. x509_path_validate in x509path.h now - handles path validation and Certificate_Store handles storage of - certificates and CRLs. - -* Add support for OCSP - -* TLS v1.2 is now supported - -* TLS now supports session resumption. Session information can be - saved in memory or to an encrypted SQLite database. - -* TLS renegotiation is now supported - -* TLS client authentication is now supported - -* TLS SRP and PSK ciphersuites are now supported - -* TLS session tickets are now supported - -* TLS ECDH key exchange and ECDSA certificates are now supported - -* Add support for SHA-2 ciphersuites - -* Add support for anonymous DH/ECDH ciphersuites - - -Series 1.10 ----------------------------------------- - -Version 1.10.2, 2012-06-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* To protect clients against renegotiation attacks, the TLS client - now sends the renegotiation extension SCSV. - -* TLS renegotiation is completely disabled in this release. All hello - requests, and all client hellos after the initial negotiation, are - ignored. - -* Fix bugs in TLS affecting DSA servers. - -* Pipe::reset no longer requires that message processing be completed, - a requirement that caused problems when a Filter's end_msg call - threw an exception, after which point the Pipe object was no longer - usable. - -* Add support for the rdrand instruction introduced in Intel's Ivy - Bridge processors. - -* CPUID::has_rdrand was checking the wrong cpuid bit, and would false - positive on AMD Bulldozer processors. - -* Add the Camellia block cipher - -* An implementation of SRP-6a compatible with the specification in - RFC 5054 is now available in srp6.h - -* The exception catching syntax of configure.py has been changed to - the Python 3.x syntax. This syntax also works with Python 2.6 and - 2.7, but not with any earlier Python 2 release. A simple search and - replace will allow running it under Python 2.5:: - perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py - -* If clock_gettime is available on the system, poll all available - clock types in the hres_timer poll. - -* Add AltiVec detection for IBM POWER7 processors. - -* Add AltiVec detection for OpenBSD, contributed by Brad Smith (PR 162) - -* Add Google's Native Client as an compile target - -* The Qt mutex wrapper was broken and would not compile with any recent - version of Qt. It has been removed. - -* If targetting GCC on a Windows system, configure.py will warn that - likely you wanted to configure for either MinGW or Cygwin, not the - generic Windows target which is oriented to Win32 plus the Visual - C++ runtime. - -* Fixed a compilation problem of the dynamic loader hooks under MinGW GCC - -* Don't set a soname on OpenBSD, as it doesn't support it (PR 158) - -* Fix a configure.py incompatability with the subprocess module - included in Python 3.1 (PR 157) - -* A bug in configure.py would cause it to interpret `--cpu=s390x` as - `s390`. This may have affected other CPUs as well. Now configure.py - searches for an exact match, and only if no exact match is found - will it search for substring matches. - -Version 1.10.1, 2011-07-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A race condition in `Algorithm_Factory` could cause crashes in - multithreaded code. See `this thread on botan-devel - <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_ - for details and workarounds. - -* The return value of ``name`` has changed for GOST 28147-89 and - Skein-512. GOST's ``name`` now includes the name of the sbox, and - Skein's includes the personalization string (if nonempty). This - allows an object to be properly roundtripped, which is necessary to - fix the race condition described above. - -* A new distribution script is now included, as - ``src/build-data/scripts/dist.py`` - -* The ``build.h`` header now includes, if available, an identifier of - the source revision that was used. This identifier is also included - in the result of ``version_string``. - -Version 1.10.0, 2011-06-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Detection for the rdrand instruction being added to upcoming Intel - Ivy Bridge processors has been added. - -* A template specialization of std::swap was added for the memory - container types. - -Series 1.9 ----------------------------------------- - -Version 1.9.18, 2011-06-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fourth release candidate for 1.10.0 - -* The GOST 34.10 verification operation was not ensuring that s and r - were both greater than zero. This could potentially have meant it - would have accepted an invalid all-zero signature as valid for any - message. Due to how ECC points are internally represented it instead - resulted in an exception being thrown. - -* A simple multiexponentation algorithm is now used in ECDSA and - GOST-34.10 signature verification, leading to 20 to 25% improvements - in ECDSA and 25% to 40% improvements in GOST-34.10 verification - performance. - -* The internal representation of elliptic curve points has been - modified to use Montgomery representation exclusively, resulting in - reduced memory usage and a 10 to 20% performance improvement for - ECDSA and ECDH. - -* In OAEP decoding, scan for the delimiter bytes using a loop that is - written without conditionals so as to help avoid timing analysis. - Unfortunately GCC at least is 'smart' enough to compile it to - jumps anyway. - -* The SSE2 implementation of IDEA did not work correctly when compiled - by Clang, because the trick it used to emulate a 16 bit unsigned - compare in SSE (which doesn't contain one natively) relied on signed - overflow working in the 'usual' way. A different method that doesn't - rely on signed overflow is now used. - -* Add support for compiling SSL using Visual C++ 2010's TR1 - implementation. - -* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to - crash if given a zero-sized input to encode. - -* A new build option ``--via-amalgamation`` will first generate the - single-file amalgamation, then build the library from that single - file. This option requires a lot of memory and does not parallelize, - but the resulting library is smaller and may be faster. - -* On Unix, the library and header paths have been changed to allow - parallel installation of different versions of the library. Headers - are installed into ``<prefix>/include/botan-1.9/botan``, libraries - are named ``libbotan-1.9``, and ``botan-config`` is now namespaced - (so in this release ``botan-config-1.9``). All of these embedded - versions will be 1.10 in the upcoming stable release. - -* The soname system has been modified. In this release the library - soname is ``libbotan-1.9.so.0``, with the full library being named - ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be - incremented whenever a breaking ABI change is made. - -* TR1 support is not longer automatically assumed under older versions - of GCC - -* Functions for base64 decoding that work standalone (without needing - to use a pipe) have been added to ``base64.h`` - -* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 - and has been added back. - -* The function ``BigInt::get_substring`` did not work correctly with a - *length* argument of 32. - -* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and - assumes the caller included ``string.h`` on its behalf. Do so to - fix compilation in the ``dev_random`` and ``unix_procs`` entropy - sources. Patch from Jeremy C. Reed. - -* Add two different configuration targets for Atom, since some are - 32-bit and some are 64-bit. The 'atom' target now refers to the - 64-bit implementations, use 'atom32' to target the 32-bit - processors. - -* The (incomplete) support for CMS and card verifiable certificates - are disabled by default; add ``--enable-modules=cms`` or - ``--enable-modules=cvc`` during configuration to turn them back on. - -Version 1.9.17, 2011-04-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Third release candidate for 1.10.0 - -* The format preserving encryption method currently available was - presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` - and ``fpe_decrypt``. These were renamed as it is likely that other - FPE schemes will be included in the future. The header is now - ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and - ``fe1_decrypt``. See :doc:`fpe` for more information. - -* New options to ``configure.py`` control what tools are used for - documentation generation. The ``--with-sphinx`` option enables using - Sphinx to convert ReST into HTML; otherwise the ReST sources are - installed directly. If ``--with-doxygen`` is used, Doxygen will run - as well. Documentation generation can be triggered via the ``docs`` - target in the makefile; it will also be installed by the install - target on Unix. - -* A bug in 1.9.16 effectively disabled support for runtime CPU feature - detection on x86 under GCC in that release. - -* A mostly internal change, all references to "ia32" and "amd64" have - been changed to the vendor neutral and probably easier to understand - "x86-32" and "x86-64". For instance, the "mp_amd64" module has been - renamed "mp_x86_64", and the macro indicating x86-32 has changed - from ``BOTAN_TARGET_ARCH_IS_IA32`` to - ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have - also been renamed. - -* Similiarly to the above change, the AES implemenations using the - AES-NI instruction set have been renamed from AES_XXX_Intel to - AES_XXX_NI. - -* Systems that are identified as `sun4u` will default to compiling for - 32-bit SPARCv9 code rather than 64-bit. This matches the still - common convention for 32-bit SPARC userspaces. If you want 64-bit - code on such as system, use ``--cpu=sparc64``. - -* Some minor fixes for compiling botan under the BeOS - clone/continuation `Haiku <http://haiku-os.org>`_. - -* Further updates to the documentation - -Version 1.9.16, 2011-04-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Second release candidate for 1.10.0 - -* The documentation, previously written in LaTeX, is now in - reStructuredText suitable for processing by `Sphinx - <http://sphinx.pocoo.org>`_, which can generate nicely formatted - HTML and PDFs. The documentation has also been greatly updated and - expanded. - -* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a - typedef for backwards compatability. - -* ``EC_Group``'s string constructor didn't understand the standard - names like "secp160r1", forcing use of the OIDs. - -* Two constructors for ECDSA private keys, the one that creates a new - random key, and the one that provides a preset private key as a - ``BigInt``, have been merged. This matches the existing interface - for DSA and DH keys. If you previously used the version taking a - ``BigInt`` private key, you'll have to additionally pass in a - ``RandomNumberGenerator`` object starting in this release. - -* It is now possible to create ECDH keys with a preset ``BigInt`` - private key; previously no method for this was available. - -* The overload of ``generate_passhash9`` that takes an explicit - algorithm identifier has been merged with the one that does not. - The algorithm identifier code has been moved from the second - parameter to the fourth. See :ref:`passhash9` for details. - -* Change shared library versioning to match the normal Unix - conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is - named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do - its runtime linky magic. It can be safely presumed that any change - in the major or minor version indicates ABI incompatability. - -* Remove the socket wrapper code; it was not actually used by anything - in the library, only in the examples, and you can use whatever kind - of (blocking) socket interface you like with the SSL/TLS code. It's - available as socket.h in the examples directory if you want to use - it. - -* Disable the by-default 'strong' checking of private keys that are - loaded from storage. You can always request key material sanity - checking using Private_Key::check_key. - -* Bring back removed functions ``min_keylength_of``, - ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to - avoid breaking applications written against 1.8 - -Version 1.9.15, 2011-03-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* First release candidate for 1.10.0 - -* Modify how message expansion is done in SHA-256 and SHA-512. - Instead of expanding the entire message at the start, compute them - in the minimum number of registers. Values are computed 15 rounds - before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 - to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. - -* Pipe will delete empty output queues as soon as they are no longer - needed, even if earlier messages still have data unread. However an - (empty) entry in a deque of pointers will remain until all prior - messages are completely emptied. - -* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike - Linux the kernel will not trap and emulate it for us, causing a - illegal instruction crash. - -* Improve detection and autoconfiguration for ARM processors. - -Version 1.9.14, 2011-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for bcrypt, OpenBSD's password hashing scheme. It is - described in :ref:`bcrypt`. - -* Add support for NIST's AES key wrapping algorithm, as described in - :rfc:`3394`. It is available by including ``rfc3394.h``. - -* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142) - -Version 1.9.13, 2011-02-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Update Keccak to the round 3 variant -* Fix ordering in GOST 34.10 signatures to match DNSSEC specifications -* Use ``size_t`` instead of ``u32bit`` for small integers in DER/BER codecs -* Add new build option ``--distribution-info`` -* Fix problems in the amalgamation build -* Fix building under Clang 2.9 and Sun Studio 12 - -Version 1.9.12, 2010-12-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add the Keccak hash function -* Fix compilation problems in Python wrappers -* Fix compilation problem in OpenSSL engine -* Update SQLite3 database encryption codec - -Version 1.9.11, 2010-11-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many SSL/TLS APIs have changed. This API is still unstable. -* The SSL interface requires TR1 (uses std::tr1::function) -* Fix SSL handshake failures when using RC4 ciphersuites -* Fix a number of CRL encoding and decoding bugs -* Counter mode now always encrypts 256 blocks in parallel -* Code where u32bit was used to represent a length now uses size_t -* Use small tables in the first round of AES -* Removed AES class: app must choose AES-128, AES-192, or AES-256 -* Add hex encoding/decoding functions that can be used without a Pipe -* Add base64 encoding functions that can be used without a Pipe -* Add to_string function to X509_Certificate -* Add support for dynamic engine loading on Windows -* Replace BlockCipher::BLOCK_SIZE attribute with function block_size() -* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() -* Changed semantics of MemoryRegion::resize and clear to match STL -* Removed MemoryRegion::append, replaced by push_back and operator+= -* Move PBKDF lookup to engine system -* The IDEA key schedule has been changed to run in constant time -* Avoid a possible timing vulnerability in Montgomery reduction -* Add Algorithm and Key_Length_Specification classes -* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 -* Update Skein-512 to match the v1.3 specification -* Allow using PBKDF2 with empty passphrases -* Add compile-time deprecation warnings for GCC, Clang, and MSVC -* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 -* Improve support for Intel Atom processors -* Fix compilation problems under Sun Studio and Clang - -Version 1.9.10, 2010-08-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a constant time AES implementation using SSSE3 -* Add support for loading new Engines at runtime -* Use GCC byteswap intrinsics where possible -* Drop support for building with Python 2.4 -* Fix benchmarking of block ciphers in ECB mode -* Consolidate the two x86 assembly engines -* Rename S2K to PBKDF - -Version 1.9.9, 2010-06-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add new X509::BER_encode and PKCS8::BER_encode -* Give all Filter objects a name() function -* Add Keyed_Filter::valid_iv_length -* Increase default iteration counts for private key encryption -* Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later -* Fix compilation under Apple's GCC 4.2 -* Expand and update the Doxygen documentation - -Version 1.9.8, 2010-06-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for wide multiplications on 64-bit Windows -* Use constant time multiplication in IDEA -* Avoid possible timing attack against OAEP decoding -* Removed FORK-256; rarely used and it has been broken -* Rename ``--use-boost-python`` to ``--with-boost-python`` -* Skip building shared libraries on MinGW/Cygwin -* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer -* Fix compilation on GCC versions before 4.3 (missing cpuid.h) -* Fix compilation under the Clang compiler - -Version 1.9.7, 2010-04-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS: Support reading SSLv2 client hellos -* TLS: Add support for SEED ciphersuites (RFC 4162) -* Add Comb4P hash combiner function -* Fix checking of EMSA_Raw signatures with leading 0 bytes - -Version 1.9.6, 2010-04-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS: Add support for TLS v1.1 -* TLS: Support server name indicator extension -* TLS: Fix server handshake -* TLS: Fix server using DSA certificates -* TLS: Avoid timing channel between CBC padding check and MAC verification - -Version 1.9.5, 2010-03-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Numerous ECC optimizations -* Fix GOST 34.10-2001 X.509 key loading -* Allow PK_Signer's fault protection checks to be toggled off -* Avoid using pool-based locking allocator if we can't mlock -* Remove all runtime options -* New BER_Decoder::{decode_and_check, decode_octet_string_bigint} -* Remove SecureBuffer in favor of SecureVector length parameter -* HMAC_RNG: Perform a poll along with user-supplied entropy -* Fix crash in MemoryRegion if Allocator::get failed -* Fix small compilation problem on FreeBSD - -Version 1.9.4, 2010-03-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add the Ajisai SSLv3/TLSv1.0 implementation -* Add GOST 34.10-2001 public key signature scheme -* Add SIMD implementation of Noekeon -* Add SSE2 implementation of IDEA -* Extend Salsa20 to support longer IVs (XSalsa20) -* Perform XTS encryption and decryption in parallel where possible -* Perform CBC decryption in parallel where possible -* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon -* Add a block cipher cascade construction -* Add support for password hashing for authentication (passhash9.h) -* Add support for Win32 high resolution system timers -* Major refactoring and API changes in the public key code -* Use consistency checking (anti-fault attack) for all signature schemes -* Changed S2K interface: derive_key now takes salt, iteration count -* Remove dependency on TR1 for ECC and CVC code -* Renamed ECKAEG to its more usual name, ECDH -* Fix crash in GMP_Engine if library is shutdown and reinitialized -* Fix an invalid memory read in MD4 -* Fix Visual C++ static builds -* Remove Timer class entirely -* Switch default PKCS #8 encryption algorithm from 3DES to AES-128 -* New option --gen-amalgamation for creating a SQLite-style amalgamation -* Many headers are now explicitly internal-use-only and are not installed -* Greatly improve the Win32 installer -* Several fixes for Visual C++ debug builds - -Version 1.9.3, 2009-11-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add new AES implementation using Intel's AES instruction intrinsics -* Add an implementation of format preserving encryption -* Allow use of any hash function in X.509 certificate creation -* Optimizations for MARS, Skipjack, and AES -* Set macros for available SIMD instructions in build.h -* Add support for using InnoSetup to package Windows builds -* By default build a DLL on Windows - -Version 1.9.2, 2009-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add SIMD version of XTEA -* Support both SSE2 and AltiVec SIMD for Serpent and XTEA -* Optimizations for SHA-1 and SHA-2 -* Add AltiVec runtime detection -* Fix x86 CPU identification with Intel C++ and Visual C++ - -Version 1.9.1, 2009-10-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Better support for Python and Perl wrappers -* Add an implementation of Blue Midnight Wish (Round 2 tweak version) -* Modify Skein-512 to match the tweaked 1.2 specification -* Add threshold secret sharing (draft-mcgrew-tss-02) -* Add runtime cpu feature detection for x86/x86-64 -* Add code for general runtime self testing for hashes, MACs, and ciphers -* Optimize XTEA; twice as fast as before on Core2 and Opteron -* Convert CTR_BE and OFB from filters to stream ciphers -* New parsing code for SCAN algorithm names -* Enable SSE2 optimizations under Visual C++ -* Remove all use of C++ exception specifications -* Add support for GNU/Hurd and Clang/LLVM - -Version 1.9.0, 2009-09-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for parallel invocation of block ciphers where possible -* Add SSE2 implementation of Serpent -* Add Rivest's package transform (an all or nothing transform) -* Minor speedups to the Turing key schedule -* Fix processing multiple messages in XTS mode -* Add --no-autoload option to configure.py, for minimized builds -* The previously used configure.pl script is no longer supported - -Series 1.8 ----------------------------------------- - -Version 1.8.13, 2011-07-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A race condition in `Algorithm_Factory` could cause crashes in - multithreaded code. See `this thread on botan-devel - <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_ - for details and workarounds. - -Version 1.8.12, 2011-06-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* If EMSA3(Raw) was used for more than one signature, it would produce - incorrect output. - -* Fix the --enable-debug option to configure.py - -* Improve OS detection on Cygwin - -* Fix compilation under Sun Studio 12 on Solaris - -* Fix a memory leak in the constructors of DataSource_Stream and - DataSink_Stream which would occur if opening the file failed. PR 144 - -Version 1.8.11, 2010-11-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a number of CRL encoding and decoding bugs -* When building a debug library under VC++, use the debug runtime -* Fix compilation under Sun Studio on Linux and Solaris -* Add several functions for compatability with 1.9 -* In the examples, read most input files as binary -* The Perl build script has been removed in this release - -Version 1.8.10, 2010-08-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Switch default PKCS #8 encryption algorithm from 3DES to AES-256 -* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 -* Use small tables in the first round of AES -* Add PBKDF typedef and get_pbkdf for better compatability with 1.9 -* Add version of S2K::derive_key taking salt and iteration count -* Enable the /proc-walking entropy source on NetBSD -* Fix the doxygen makefile target - -Version 1.8.9, 2010-06-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Use constant time multiplication in IDEA -* Avoid possible timing attack against OAEP decoding -* Add new X509::BER_encode and PKCS8::BER_encode -* Enable DLL builds under Windows -* Add Win32 installer support -* Add support for the Clang compiler -* Fix problem in semcem.h preventing build under Clang or GCC 3.4 -* Fix bug that prevented creation of DSA groups under 1024 bits -* Fix crash in GMP_Engine if library is shutdown and reinitialized -* Work around problem with recent binutils in x86-64 SHA-1 -* The Perl build script is no longer supported and refuses to run by default - -Version 1.8.8, 2009-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Alter Skein-512 to match the tweaked 1.2 specification -* Fix use of inline asm for access to x86 bswap function -* Allow building the library without AES enabled -* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild - -Version 1.8.7, 2009-09-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix processing multiple messages in XTS mode -* Add --no-autoload option to configure.py, for minimized builds - -Version 1.8.6, 2009-08-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Cryptobox, a set of simple password-based encryption routines -* Only read world-readable files when walking /proc for entropy -* Fix building with TR1 disabled -* Fix x86 bswap support for Visual C++ -* Fixes for compilation under Sun C++ -* Add support for Dragonfly BSD (contributed by Patrick Georgi) -* Add support for the Open64 C++ compiler -* Build fixes for MIPS systems running Linux -* Minor changes to license, now equivalent to the FreeBSD/NetBSD license - -Version 1.8.5, 2009-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Change configure.py to work on stock Python 2.4 -* Avoid a crash in Skein_512::add_data processing a zero-length input -* Small build fixes for SPARC, ARM, and HP-PA processors -* The test suite now returns an error code from main() if any tests failed - -Version 1.8.4, 2009-07-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in nonce generation in the Miller-Rabin test - -Version 1.8.3, 2009-07-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a new Python configuration script -* Add the Skein-512 SHA-3 candidate hash function -* Add the XTS block cipher mode from IEEE P1619 -* Fix random_prime when generating a prime of less than 7 bits -* Improve handling of low-entropy situations during PRNG seeding -* Change random device polling to prefer /dev/urandom over /dev/random -* Use an input insensitive implementation of same_mem instead of memcmp -* Correct DataSource::discard_next to return the number of discarded bytes -* Provide a default value for AutoSeeded_RNG::reseed -* Fix Gentoo bug 272242 - -Version 1.8.2, 2009-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make entropy polling more flexible and in most cases faster -* GOST 28147 now supports multiple sbox parameters -* Added the GOST 34.11 hash function -* Fix botan-config problems on MacOS X - -Version 1.8.1, 2009-01-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux -* Fix memory leak in PKCS8 load_key and encrypt_key -* Relicense api.tex from CC-By-SA 2.5 to BSD -* Fix botan-config on MacOS X, Solaris - -Version 1.8.0, 2008-12-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix compilation on Solaris with GCC - -Series 1.7 ----------------------------------------- - -Version 1.7.24, 2008-12-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a compatibility problem with SHA-512/EMSA3 signature padding -* Fix bug preventing EGD/PRNGD entropy poller from working -* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) -* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 -* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes -* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 -* Wrap private structs in SSE2 SHA-1 code in anonymous namespace -* Change configure.pl's CPU autodetection output to be more consistent -* Disable using OpenSSL's AES due to crashes of unknown cause -* Fix warning in /proc walking entropy poller -* Fix compilation with IBM XLC for Cell 0.9-200709 - -Version 1.7.23, 2008-11-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Change to use TR1 (thus enabling ECDSA) with GCC and ICC -* Optimize almost all hash functions, especially MD4 and Tiger -* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} -* Change Timer to be pure virtual, and add ANSI_Clock_Timer -* Cache socket descriptors in the EGD entropy source -* Avoid bogging down startup in /proc walking entropy source -* Remove Buffered_EntropySource helper class -* Add a Default_Benchmark_Timer typedef in benchmark.h -* Add examples using benchmark.h and Algorithm_Factory -* Add ECC tests from InSiTo -* Minor documentation updates - -Version 1.7.22, 2008-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add provider preferences to Algorithm_Factory -* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 -* Optimize AES encryption and decryption (about 10% faster) -* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs -* Fix nanoseconds overflow in benchmark code -* Remove Engine::add_engine - -Version 1.7.21, 2008-11-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make algorithm lookup much more configuable -* Add facilities for runtime performance testing of algorithms -* Drop use of entropy estimation in the PRNGs -* Increase intervals between HMAC_RNG automatic reseeding -* Drop InitializerOptions class, all options but thread safety - -Version 1.7.20, 2008-11-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Namespace pkg-config file by major and minor versions -* Cache device descriptors in Device_EntropySource -* Split base.h into {block_cipher,stream_cipher,mac,hash}.h -* Removed get_mgf function from lookup.h - -Version 1.7.19, 2008-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add HMAC_RNG, based on a design by Hugo Krawczyk -* Optimized the Turing stream cipher (about 20% faster on x86-64) -* Modify Randpool's reseeding algorithm to poll more sources -* Add a new AutoSeeded_RNG in auto_rng.h -* OpenPGP_S2K changed to take hash object instead of name -* Add automatic identification for Intel's Prescott processors - -Version 1.7.18, 2008-10-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Doxygen comments from InSiTo -* Add ECDSA and ECKAEG benchmarks -* Add configure.pl switch --with-tr1-implementation -* Fix configure.pl's --with-endian and --with-unaligned-mem options -* Added support for pkg-config -* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow -* Use const references to avoid copying overhead in CurveGFp, GFpModulus - -Version 1.7.17, 2008-10-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add missing ECDSA object identifiers -* Fix error in x86 and x86-64 assembler affecting GF(p) math -* Remove Boost dependency from GF(p) math -* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib -* Add BOTAN_DLL macro to over 30 classes missing it -* Rename the two SHA-2 base classes for consistency - -Version 1.7.16, 2008-10-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add several missing pieces needed for ECDSA and ECKAEG -* Add Card Verifiable Certificates from InSiTo -* Add SHA-224 from InSiTo -* Add BSI variant of EMSA1 from InSiTo -* Add GF(p) and ECDSA tests from InSiTo -* Split ECDSA and ECKAEG into distinct modules -* Allow OpenSSL and GNU MP engines to be built with public key algos disabled -* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h - -Version 1.7.15, 2008-10-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add GF(p) arithmetic from InSiTo -* Add ECDSA and ECKAEG implementations from InSiTo -* Minimize internal dependencies, allowing for smaller build configurations -* Add new User Manual and Architecture Guide from FlexSecure GmbH -* Alter configure.pl options for better autotools compatibility -* Update build instructions for recent changes to configure.pl -* Fix CPU detection using /proc/cpuinfo - -Version 1.7.14, 2008-09-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split library into parts allowing modular builds -* Add (very preliminary) CMS support to the main library -* Some constructors now require object pointers instead of names -* Support multiple implementations of the same algorithm -* Build support for Pentium-M processors, from Derek Scherger -* Build support for MinGW/MSYS, from Zbigniew Zagorski -* Use inline assembly for bswap on 32-bit x86 - -Version 1.7.13, 2008-09-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai -* Allow all examples to compile even if compression not enabled -* Make CMAC's polynomial doubling operation a public class method -* Use the -m64 flag when compiling with Sun Forte on x86-64 -* Clean up and slightly optimize CMAC::final_result - -Version 1.7.12, 2008-09-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add x86 assembly for Visual Studio C++, by Luca Piccarreta -* Add a Perl XS module, by Vaclav Ovsik -* Add SWIG-based wrapper for Botan -* Add SSE2 implementation of SHA-1, by Dean Gaudet -* Remove the BigInt::sig_words cache due to bugs -* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow -* Changed BigInt::grow_by and BigInt::grow_to to be non-const -* Add private assignment operators to classes that don't support assignment -* Benchmark RSA encryption and signatures -* Added test programs for random_prime and ressol -* Add high resolution timers for IA-64, HP-PA, S390x -* Reduce use of the RNG during benchmarks -* Fix builds on STI Cell PPU -* Add support for IBM's XLC compiler -* Add IETF 8192 bit MODP group - -Version 1.7.11, 2008-09-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the Salsa20 stream cipher -* Optimized Montgomery reduction, Karatsuba squaring -* Added 16x16->32 word Comba multiplication and squaring -* Use a much larger Karatsuba cutoff point -* Remove bigint_mul_add_words -* Inlined several BigInt functions -* Add useful information to the generated build.h -* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} -* Fix the Windows build - -Version 1.7.10, 2008-09-05 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Public key benchmarks run using a selection of random keys -* New benchmark timer options are clock_gettime, gettimeofday, times, clock -* Including reinterpret_cast optimization for xor_buf in default header -* Split byte swapping and word rotation functions into distinct headers -* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups -* Optimizes BigInt right shift -* Add aliases in DL_Group::Format enum -* BigInt now caches the significant word count - -Version 1.7.9, 2008-08-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make clear() in most algorithm base classes a pure virtual -* Add noexec stack marker for GNU linker in assembly code -* Avoid string operations in ressol -* Compilation fixes for MinGW and Visual Studio C++ 2008 -* Some autoconfiguration fixes for Windows - -Version 1.7.8, 2008-07-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the block cipher Noekeon -* Remove global deref_alias function -* X509_Store takes timeout options as constructor arguments -* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH -* Extend random_prime() for generating primes of any bit length -* Remove Config class -* Allow adding new entropy via base RNG interface -* Reseeding a X9.31 PRNG also reseeds the underlying PRNG - -Version 1.7.7, 2008-06-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Remove the global PRNG object -* The PK filter objects were removed -* Add a test suite for the ANSI X9.31 PRNG -* Much cleaner and (mostly) thread-safe reimplementation of es_ftw -* Remove both default arguments to ANSI_X931_RNG's constructor -* Remove the randomizing version of OctetString::change -* Make the cipher and MAC to use in Randpool configurable -* Move RandomNumberGenerator declaration to rng.h -* RSA_PrivateKey will not generate keys smaller than 1024 bits -* Fix an error decoding BER UNIVERSAL types with special taggings - -Version 1.7.6, 2008-05-05 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial support for Windows DLLs, from Joel Low -* Reset the position pointer when a new block is generated in X9.32 PRNG -* Timer objects are now treated as entropy sources -* Moved several ASN.1-related enums from enums.h to an appropriate header -* Removed the AEP module, due to inability to test -* Removed Global_RNG and rng.h -* Removed system_clock -* Removed Library_State::UI and the pulse callback logic - -Version 1.7.5, 2008-04-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The API of X509_CA::sign_request was altered to avoid race conditions -* New type Pipe::message_id to represent the Pipe message number -* Remove the Named_Mutex_Holder for a small performance gain -* Removed several unused or rarely used functions from Config -* Ignore spaces inside of a decimal string in BigInt::decode -* Allow using a std::istream to initialize a DataSource_Stream object -* Fix compilation problem in zlib compression module -* The chunk sized used by Pooling_Allocator is now a compile time setting -* The size of random blinding factors is now a compile time setting -* The install target no longer tries to set a particular owner/group - -Version 1.7.4, 2008-03-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Use unaligned memory read/writes on systems that allow it, for performance -* Assembly for x86-64 for accessing the bswap instruction -* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase -* Unroll loops in SHA-160 for a few percent increase in performance -* Fix compilation with GCC 3.2 in es_ftw and es_unix -* Build fix for NetBSD systems -* Prevent es_dev from being built except on Unix systems - -Version 1.7.3, 2008-01-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* New invocation syntax for configure.pl with several new options -* Support for IPv4 addresses in a subject alternative name -* New fast poll for the generic Unix entropy source (es_unix) -* The es_file entropy source has been replaced by the es_dev module -* The malloc allocator does not inherit from Pooling_Allocator anymore -* The path that es_unix will search in are now fully user-configurable -* Truncate X9.42 PRF output rather than allow counter overflow -* PowerPC is now assumed to be big-endian - -Version 1.7.2, 2007-10-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initialize the global library state lazily -* Add plain CBC-MAC for backwards compatibility with old systems -* Clean up some of the self test code -* Throw a sensible exception if a DL_Group is not found -* Truncate KDF2 output rather than allowing counter overflow -* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 -* Fix a Visual Studio compilation problem in x509stat.cpp - -Version 1.7.1, 2007-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a race condition in the algorithm object cache -* HMAC key schedule optimization -* The build header sets a macro defining endianness, if known -* New word load/store abstraction allowing further optimization -* Modify most of the library to avoid use the C-style casts -* Use higher resolution timers in symmetric benchmarks - -Version 1.7.0, 2007-05-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* DSA parameter generation now follows FIPS 186-3 -* Added OIDs for Rabin-Williams and Nyberg-Rueppel -* Somewhat better support for out of tree builds -* Minor optimizations for RC2 and Tiger -* Documentation updates -* Update the todo list - -Series 1.6 ----------------------------------------- - -Version 1.6.5, 2008-08-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add noexec stack marker for GNU linker in assembly code -* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 - -Version 1.6.4, 2008-03-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a compilation problem with Visual Studio C++ 2003 - -Version 1.6.3, 2007-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a race condition in the algorithm lookup cache -* Fix problems building the memory pool on some versions of Visual C++ - -Version 1.6.2, 2007-03-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix autodection on Athlon64s running Linux -* Fix builds on QNX and compilers using STLport -* Remove a call to abort() that crept into production - -Version 1.6.1, 2007-01-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix some base64 decoder bugs -* Add a new option to base64 encoding, to always append a newline -* Fix some build problems under Visual Studio with debug enabled -* Fix a bug in BER_Decoder that was triggered under some compilers - -Version 1.6.0, 2006-12-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Minor cleanups versus 1.5.13 - -Series 1.5 ----------------------------------------- - -Version 1.5.13, 2006-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Compilation fixes for the bzip2, zlib, and GNU MP modules -* Better support for Intel C++ and EKOpath C++ on x86-64 - -Version 1.5.12, 2006-10-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Cleanups in the initialization routines -* Add some x86-64 assembly for multiply-add -* Fix problems generating very small (below 384 bit) RSA keys -* Support out of tree builds -* Bring some of the documentation up to date -* More improvements to the Python bindings - -Version 1.5.11, 2006-09-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Removed the Algorithm base class -* Various cleanups in the public key inheritance hierarchy -* Major overhaul of the configure/build setup -* Added x86 assembler implementations of Serpent and low-level MPI code -* Optimizations for the SHA-1 x86 assembler -* Various improvements to the Python wrappers -* Work around a Visual Studio compiler bug - -Version 1.5.10, 2006-08-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add x86 assembler versions of MD4, MD5, and SHA-1 -* Expand InitializerOptions' language to support on/off switches -* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 -* Fix possible resource leaks in the mmap allocator -* Slightly optimized buffering in MDx_HashFunction -* Initialization failures are dealt with somewhat better -* Add an example implementing Pollard's Rho algorithm -* Better option handling in the test/benchmark tool -* Expand the xor_ciph example to support longer keys -* Some updates to the documentation - -Version 1.5.9, 2006-07-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed bitrot in the AEP engine -* Fix support for marking certificate/CRL extensions as critical -* Significant cleanups in the library state / initialization code -* LibraryInitializer takes an explicit InitializerOptions object -* Make Mutex_Factory an abstract class, add Default_Mutex_Factory -* Change configuration access to using global_state() -* Add support for global named mutexes throughout the library -* Add some STL wrappers for the delete operator -* Change how certificates are created to be more flexible and general - -Version 1.5.8, 2006-06-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many internal cleanups to the X.509 cert/CRL code -* Allow for application code to support new X.509 extensions -* Change the return type of X509_Certificate::{subject,issuer}_info -* Allow for alternate character set handling mechanisms -* Fix a bug that was slowing squaring performance somewhat -* Fix a very hard to hit overflow bug in the C version of word3_muladd -* Minor cleanups to the assembler modules -* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 -* Support for GCC 2.95.x has been dropped in this release - -Version 1.5.7, 2006-05-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Further, major changes to the BER/DER coding system -* Updated the Qt mutex module to use Mutex_Factory -* Moved the library global state object into an anonymous namespace -* Drop the Visual C++ x86 assembly module due to bugs - -Version 1.5.6, 2006-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The low-level DER/BER coding system was redesigned and rewritten -* Portions of the certificate code were cleaned up internally -* Use macros to substantially clean up the GCC assembly code -* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) -* Avoid a couple of spurious warnings under Visual C++ -* Some slight cleanups in X509_PublicKey::key_id - -Version 1.5.5, 2006-02-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a potential infinite loop in the memory pool code (Matt Johnston) -* Made Pooling_Allocator::Memory_Block an actual class of sorts -* Some small optimizations to the division and modulo computations -* Cleaned up the implementation of some of the BigInt operators -* Reduced use of dynamic memory allocation in low-level BigInt functions -* A few simplifications in the Randpool mixing function -* Removed power(), as it was not particularly useful (or fast) -* Fixed some annoying bugs in the benchmark code -* Added a real credits file - -Version 1.5.4, 2006-01-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta -* Fixed a memory access off-by-one in the Karatsuba code -* Changed Pooling_Allocator's free list search to a log(N) algorithm -* Merged ModularReducer with its only subclass, Barrett_Reducer -* Fixed sign-handling bugs in some of the division and modulo code -* Renamed the module description files to modinfo.txt -* Further cleanups in the initialization code -* Removed BigInt::add and BigInt::sub -* Merged all the division-related functions into just divide() -* Modified the <mp_asmi.h> functions to allow for better optimizations -* Made the number of bits polled from an EntropySource user configurable -* Avoid including <algorithm> in <botan/secmem.h> -* Fixed some build problems with Sun Forte -* Removed some dead code from bigint_modop -* Fix the definition of same_mem - -Version 1.5.3, 2006-01-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many optimizations in the low-level multiple precision integer code -* Added hooks for assembly implementations of the MPI code -* Support for the X.509 issuer alternative name extension in new certs -* Fixed a bug in the decompression modules; found and patched by Matt Johnston -* New Windows mutex module (mux_win32), by Luca Piccarreta -* Changed the Windows timer module to use QueryPerformanceCounter -* mem_pool.cpp was using std::set iterators instead of std::multiset ones -* Fixed a bug in X509_CA preventing users from disabling particular extensions -* Fixed the mp_asm64 module, which was entirely broken in 1.5.2 -* Fixed some module build problems on FreeBSD and Tru64 - -Version 1.5.2, 2006-01-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an off-by-one memory read in MISTY1::key() -* Fixed a nasty memory leak in Output_Buffers::retire() -* Reimplemented the memory allocator from scratch -* Improved memory caching in Montgomery exponentiation -* Optimizations for multiple precision addition and subtraction -* Fixed a build problem in the hardware timer module on 64-bit PowerPC -* Changed default Karatsuba cutoff to 12 words (was 14) -* Removed MemoryRegion::bits(), which was unused and incorrect -* Changed maximum HMAC keylength to 1024 bits -* Various minor Makefile and build system changes -* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution -* Switched checks/clock.cpp back to using clock() by default -* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 -* Removed the Default_Mutex's unused clone() member function - -Version 1.5.1, 2006-01-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Implemented Montgomery exponentiation -* Implemented generalized Karatsuba multiplication and squaring -* Implemented Comba squaring for 4, 6, and 8 word inputs -* Added new Modular_Exponentiator and Power_Mod classes -* Removed FixedBase_Exp and FixedExponent_Exp -* Fixed a performance regression in get_allocator introduced in 1.5.0 -* Engines can now offer S2K algorithms and block cipher padding methods -* Merged the remaining global 'algolist' code into Default_Engine -* The low-level MPI code is linked as C again -* Replaced BigInt's get_nibble with the more general get_substring -* Some documentation updates - -Version 1.5.0, 2006-01-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Moved all global/shared library state into a single object -* Mutex objects are created through mutex factories instead of a global -* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() -* Removed the RNG_Quality enum entirely -* There is now only a single global-use PRNG -* Removed the no_aliases and no_oids options for LibraryInitializer -* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL -* Change es_ftw to use unbuffered I/O - -Series 1.4 ----------------------------------------- - -Version 1.4.12, 2006-01-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an off-by-one memory read in MISTY1::key() -* Fixed a nasty memory leak in Output_Buffers::retire() -* Changed maximum HMAC keylength to 1024 bits -* Fixed a build problem in the hardware timer module on 64-bit PowerPC - -Version 1.4.11, 2005-12-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Changed Whirlpool diffusion matrix to match updated algorithm spec -* Fixed several engine module build errors introduced in 1.4.10 -* Fixed two build problems in es_capi; reported by Matthew Gregan -* Added a constructor to DataSource_Memory taking a std::string -* Placing the same Filter in multiple Pipes triggers an exception -* The configure script accepts --docdir and --libdir -* Merged doc/rngs.txt into the main API document -* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 - -Version 1.4.10, 2005-12-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an implementation of KASUMI, the block cipher used in 3G phones -* Refactored Pipe; output queues are now managed by a distinct class -* Made certain Filter facilities only available to subclasses of Fanout_Filter -* There is no longer any overhead in Pipe for a message that has been read out -* It is now possible to generate RSA keys as small as 128 bits -* Changed some of the core classes to derive from Algorithm as a virtual base -* Changed Randpool to use HMAC instead of a plain hash as the mixing function -* Fixed a bug in the allocators; found and fixed by Matthew Gregan -* Enabled the use of binary file I/O, when requested by the application -* The OpenSSL engine's block cipher code was missing some deallocation calls -* Disabled the es_ftw module on NetBSD, due to header problems there -* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC -* Some cleanups for the modules that use inline assembler -* config.h is now stored in build/ instead of build/include/botan/ -* The header util.h was split into bit_ops.h, parsing.h, and util.h -* Cleaned up some redundant include directives - -Version 1.4.9, 2005-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the IBM-created AES candidate algorithm MARS -* Added the South Korean block cipher SEED -* Added the stream cipher Turing -* Added the new hash function FORK-256 -* Deprecated the ISAAC stream cipher -* Twofish and RC6 are significantly faster with GCC -* Much better support for 64-bit PowerPC -* Added support for high-resolution PowerPC timers -* Fixed a bug in the configure script causing problems on FreeBSD -* Changed ANSI X9.31 to support arbitrary block ciphers -* Make the configure script a bit less noisy -* Added more test vectors for some algorithms, including all the AES finalists -* Various cosmetic source code cleanups - -Version 1.4.8, 2005-10-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Resolved a bad performance problem in the allocators; fix by Matt Johnston -* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 -* Renamed OMAC to CMAC to match the official NIST naming -* Added single byte versions of update() to PK_Signer and PK_Verifier -* Removed the unused reverse_bits and reverse_bytes functions - -Version 1.4.7, 2005-09-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed major performance problems with recent versions of GNU C++ -* Added an implementation of the X9.31 PRNG -* Removed the X9.17 and FIPS 186-2 PRNG algorithms -* Changed defaults to use X9.31 PRNGs as global PRNG objects -* Documentation updates to reflect the PRNG changes -* Some cleanups related to the engine code -* Removed two useless headers, base_eng.h and secalloc.h -* Removed PK_Verifier::valid_signature -* Fixed configure/build system bugs affecting MacOS X builds -* Added support for the EKOPath x86-64 compiler -* Added missing destructor for BlockCipherModePaddingMethod -* Fix some build problems with Visual C++ 2005 beta -* Fix some build problems with Visual C++ 2003 Workshop - -Version 1.4.6, 2005-03-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix an error in the shutdown code introduced in 1.4.5 -* Setting base/pkcs8_tries to 0 disables the builtin fail-out -* Support for XMPP identifiers in X.509 certificates -* Duplicate entries in X.509 DNs are removed -* More fixes for Borland C++, from Friedemann Kleint -* Add a workaround for buggy iostreams - -Version 1.4.5, 2005-02-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for AES encryption of private keys -* Minor fixes for PBES2 parameter decoding -* Internal cleanups for global state variables -* GCC 3.x version detection was broken in non-English locales -* Work around a Sun Forte bug affecting mem_pool.h -* Several fixes for Borland C++ 5.5, from Friedemann Kleint -* Removed inclusion of init.h into base.h -* Fixed a major bug in reading from certificate stores -* Cleaned up a couple of mutex leaks -* Removed some left-over debugging code -* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF - -Version 1.4.4, 2004-12-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Further tweaks to the pooling allocator -* Modified EMSA3 to support SSL/TLS signatures -* Changes to support Qt/QCA, from Justin Karneges -* Moved mux_qt module code into mod_qt -* Fixes for HP-UX from Mike Desjardins - -Version 1.4.3, 2004-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split up SecureAllocator into Allocator and Pooling_Allocator -* Memory locking allocators are more likely to be used -* Fixed the placement of includes in some modules -* Fixed broken installation procedure -* Fixes in configure script to support alternate install programs -* Modules can specify the minimum version they support - -Version 1.4.2, 2004-10-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a major CRL handling bug -* Cipher and hash operations can be offloaded to engines -* Added support for cipher and hash offload in OpenSSL engine -* Improvements for 64-bit CPUs without a widening multiply instruction -* Support for SHA2-* and Whirlpool with EMSA2 -* Fixed a long-standing build problem with conflicting include files -* Fixed some examples that hadn't been updated for 1.4.x -* Portability fixes for Solaris, BSD, HP-UX, and others -* Lots of fixes and cleanups in the configure script -* Updated the Gentoo ebuild file - -Version 1.4.1, 2004-10-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed major errors in the X.509 and PKCS #8 copy_key functions -* Added a LAST_MESSAGE meta-message number for Pipe -* Added new aliases (3DES and DES-EDE) for Triple-DES -* Added some new functions to PK_Verifier -* Cleaned up the KDF interface -* Disabled tm_posix on BSD due to header issues -* Fixed a build problem on PowerPC with GNU C++ pre-3.4 - -Version 1.4.0, 2004-06-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the FIPS 186 RNG back -* Added copy_key functions for X.509 public keys and PKCS #8 private keys -* Fixed PKCS #1 signatures with RIPEMD-128 -* Moved some code around to avoid warnings with Sun ONE compiler -* Fixed a bug in botan-config affecting OpenBSD -* Fixed some build problems on Tru64, HP-UX -* Fixed compile problems with Intel C++, Compaq C++ - -Series 1.3 ----------------------------------------- - -Version 1.3.14, 2004-06-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for AEP's AEP1000/AEP2000 crypto cards -* Added a Mutex module using Qt, from Justin Karneges -* Added support for engine loading in LibraryInitializer -* Tweaked SecureAllocator, giving 20% better performance under heavy load -* Added timer and memory locking modules for Win32 (tm_win32, ml_win32) -* Renamed PK_Engine to Engine_Core -* Improved the Karatsuba cutoff points -* Fixes for compiling with GCC 3.4 and Sun C++ 5.5 -* Fixes for Linux/s390, OpenBSD, and Solaris -* Added support for Linux/s390x -* The configure script was totally broken for 'generic' OS -* Removed Montgomery reduction due to bugs -* Removed an unused header, pkcs8alg.h -* check --validate returns an error code if any tests failed -* Removed duplicate entry in Unix command list for es_unix -* Moved the Cert_Usage enumeration into X509_Store -* Added new timing methods for PK benchmarks, clock_gettime and RDTSC -* Fixed a few minor bugs in the configure script -* Removed some deprecated functions from x509cert.h and pkcs10.h -* Removed the 'minimal' module, has to be updated for Engine support -* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace -* Documentation updates - -Version 1.3.13, 2004-05-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major fixes for Cygwin builds -* Minor MacOS X install fixes -* The configure script is a little better at picking the right modules -* Removed ml_unix from the 'unix' module set for Cygwin compatibility -* Fixed a stupid compile problem in pkcs10.h - -Version 1.3.12, 2004-05-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added ability to remove old entries from CRLs -* Swapped the first two arguments of X509_CA::update_crl() -* Added an < operator for MemoryRegion, so it can be used as a std::map key -* Changed X.509 searching by DNS name from substring to full string compares -* Renamed a few X509_Certificate and PKCS10_Request member functions -* Fixed a problem when decoding some PKCS #10 requests -* Hex_Decoder would not check inputs, reported by Vaclav Ovsik -* Changed default CRL expire time from 30 days to 7 days -* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility -* Corrected errors in the API doc, fixes from Ken Perano -* More documentation about the Pipe/Filter code - -Version 1.3.11, 2004-04-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed two show-stopping bugs in PKCS10_Request -* Added some sanity checks in Pipe/Filter -* The DNS and URI entries would get swapped in subjectAlternativeNames -* MAC_Filter is now willing to not take a key at creation time -* Setting the expiration times of certs and CRLs is more flexible -* Fixed problems building on AIX with GCC -* Fixed some problems in the tutorial pointed out by Dominik Vogt -* Documentation updates - -Version 1.3.10, 2004-03-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for OpenPGP's ASCII armor format -* Cleaned up the RNG system; seeding is much more flexible -* Added simple autoconfiguration abilities to configure.pl -* Fixed a GCC 2.95.x compile problem -* Updated the example configuration file -* Documentation updates - -Version 1.3.9, 2004-03-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an engine using OpenSSL (requires 0.9.7 or later) -* X509_Certificate would lose email addresses stored in the DN -* Fixed a missing initialization in a BigInt constructor -* Fixed several Visual C++ compile problems -* Fixed some BeOS build problems -* Fixed the WiderWake benchmark - -Version 1.3.8, 2003-12-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Internal changes to PK algorithms to divide data and algorithms -* DSA/DH/NR/ElGamal constructors accept taking just the private key again -* ElGamal keys now support being imported/exported as ASN.1 objects -* Much more consistent and complete error checking in PK algorithms -* Support for arbitrary backends (engines) for PK operations -* Added Montgomery reductions -* Added an engine that uses GNU MP (requires 4.1 or later) -* Removed the obsolete mp_gmp module -* Moved several initialization/shutdown functions to init.h -* Major refactoring of the memory containers -* New non-locking container, MemoryVector -* Fixed 64-bit problems in BigInt::set_bit/clear_bit -* Renamed PK_Key::check_params() to check_key() -* Some incompatible changes to OctetString -* Added version checking macros in version.h -* Removed the fips140 module pending rewrite -* Added some functions and hooks to help GUIs -* Moved more shared code into MDx_HashFunction -* Added a policy hook for specifying the encoding of X.509 strings - -Version 1.3.7, 2003-12-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a big security problem in es_unix -* Fixed several stability problems in es_unix -* Expanded the list of programs es_unix will try to use -* SecureAllocator now only preallocates blocks in special cases -* Added a special case in Global_RNG::seed for forcing a full poll -* Removed the FIPS 186 RNG added in 1.3.5 pending further testing -* Configure updates for PowerPC CPUs -* Removed the (never tested) VAX support -* Added support for S/390 Linux - -Version 1.3.6, 2003-12-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a new module 'minimal', which disables most algorithms -* SecureAllocator allocates a few blocks at startup -* A few minor MPI cleanups -* RPM spec file cleanups and fixes - -Version 1.3.5, 2003-11-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major improvements in ASN.1 string handling -* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs -* Added partial support for the X.509v3 certificate policies extension -* Centralized the handling of character set information -* Added FIPS 140-2 startup self tests -* Added a module (fips140) for doing extra FIPS 140-2 tests -* Added FIPS 186-2 RNG -* Improved ASN.1 BIT STRING handling -* Removed a memory leak in PKCS10_Request -* The encoding of DirectoryString now follows PKIX guidelines -* Fixed some of the character set dependencies -* Fixed a DER encoding error for tags greater than 30 -* The BER decoder can now handle tags larger than 30 -* Fixed tm_hard.cpp to recognize SPARC on more systems -* Workarounds for a GCC 2.95.x bug in x509find.cpp -* RPM changed to install into /usr instead of /usr/local -* Added support for QNX - -Version 1.3.4, 2003-11-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a module that does certain MPI operations using GNU MP -* Added the X9.42 Diffie-Hellman PRF -* The Zlib and Bzip2 objects now use custom allocators -* Added member functions for directly hashing/MACing SecureVectors -* Minor optimizations to the MPI addition and subtraction algorithms -* Some cleanups in the low-level MPI code -* Created separate AES-{128,192,256} objects - -Version 1.3.3, 2003-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The library can now be repeatedly initialized and shutdown without crashing -* Fixed an off-by-one error in the CTS code -* Fixed an error in the EMSA4 verification code -* Fixed a memory leak in mutex.cpp (pointed out by James Widener) -* Fixed a memory leak in Pthread_Mutex -* Fixed several memory leaks in the testing code -* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions -* Minor cleanups in SecureAllocator -* Removed a needless mutex guarding the (stateless) global timer -* Fixed a piece of bash-specific code in botan-config -* X.509 objects report more information about decoding errors -* Cleaned up some of the exception handling -* Updated the example config file with new OIDSs -* Moved the build instructions into a separate document, building.tex - -Version 1.3.2, 2003-11-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug preventing DSA signatures from verifying on X.509 objects -* Made the X509_Store search routines more efficient and flexible -* Added a function to X509_PublicKey to do easy public/private key matching -* Added support for decoding indefinite length BER data -* Changed Pipe's peek() to take an offset -* Removed Filter::set_owns in favor of the new incr_owns function -* Removed BigInt::zero() and BigInt::one() -* Renamed the PEM related options from base/pem_* to pem/* -* Added an option to specify the line width when encoding PEM -* Removed the "rng/safe_longterm" option; it's always on now -* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 -* Cleaned up the base64/hex encoders and decoders -* Added an ASN.1/BER decoder as an example -* AES had its internals marked 'public' in previous versions -* Changed the value of the ASN.1 NO_OBJECT enum -* Various new hacks in the configure script -* Removed the already nominal support for SunOS - -Version 1.3.1, 2003-11-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Generalized a few pieces of the DER encoder -* PKCS8::load_key would fail if handed an unencrypted key -* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop - -Version 1.3.0, 2003-11-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major redesign of the PKCS #8 private key import/export system -* Added a small amount of UI interface code for getting passphrases -* Added heuristics that tell if a key, cert, etc is stored as PEM or BER -* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC -* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR -* Made PEM decoding more forgiving of extra text before the header - -Series 1.2 ----------------------------------------- - -Version 1.2.8, 2003-11-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Merged several important bug fixes from 1.3.x - -Version 1.2.7, 2003-10-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for reading configuration files -* Added constructors so NR and RW keys can be imported easily -* Fixed mp_asm64, which was completely broken in 1.2.6 -* Removed tm_hw_ia32 module; replaced by tm_hard -* Added support for loading certain oddly formed RSA certificates -* Fixed spelling of NON_REPUDIATION enum -* Renamed the option default_to_ca to v1_assume_ca -* Fixed a minor bug in X.509 certificate generation -* Fixed a latent bug in the OID lookup code -* Updated the RPM spec file -* Added to the tutorial - -Version 1.2.6, 2003-07-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major performance increase for PK algorithms on most 64-bit systems -* Cleanups in the low-level MPI code to support asm implementations -* Fixed build problems with some versions of Compaq's C++ compiler -* Removed useless constructors for NR public and private keys -* Removed support for the patch_file directive in module files -* Removed several deprecated functions - -Version 1.2.5, 2003-06-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a tricky and long-standing memory leak in Pipe -* Major cleanups and fixes in the memory allocation system -* Removed alloc_mlock, which has been superseded by the ml_unix module -* Removed a denial of service vulnerability in X509_Store -* Fixed compilation problems with VS .NET 2003 and Codewarrior 8 -* Added another variant of PKCS8::load_key, taking a memory buffer -* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 -* BigInt::operator%=(word) was a no-op if the input was a power of 2 -* Fixed portability problems in BigInt::to_u32bit -* Fixed major bugs in SSL3-MAC -* Cleaned up some messes in the PK algorithms -* Cleanups and extensions for OMAC and EAX -* Made changes to the entropy estimation function -* Added a 'beos' module set for use on BeOS -* Officially deprecated a few X509:: and PKCS8:: functions -* Moved the contents of primes.h to numthry.h -* Moved the contents of x509opt.h to x509self.h -* Removed the (empty) desx.h header -* Documentation updates - -Version 1.2.4, 2003-05-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug in EMSA1 affecting NR signature verification -* Fixed a few latent bugs in BigInt related to word size -* Removed an unused function, mp_add2_nc, from the MPI implementation -* Reorganized the core MPI files - -Version 1.2.3, 2003-05-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug that prevented DSA/NR key generation -* Fixed a bug that prevented importing some root CA certs -* Fixed a bug in the BER decoder when handing optional bit or byte strings -* Fixed the encoding of authorityKeyIdentifier in X509_CA -* Added a sanity check in PBKDF2 for zero length passphrases -* Added versions of X509::load_key and PKCS8::load_key that take a file name -* X509_CA generates 128 bit serial numbers now -* Added tests to check PK key generation -* Added a simplistic X.509 CA example -* Cleaned up some of the examples - -Version 1.2.2, 2003-05-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add checks to prevent any BigInt bugs from revealing an RSA or RW key -* Changed the interface of Global_RNG::seed -* Major improvements for the es_unix module -* Added another Win32 entropy source, es_win32 -* The Win32 CryptoAPI entropy source can now poll multiple providers -* Improved the BeOS entropy source -* Renamed pipe_unixfd module to fd_unix -* Fixed a file descriptor leak in the EGD module -* Fixed a few locking bugs - -Version 1.2.1, 2003-05-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added ANSI X9.23 compatible CBC padding -* Added an entropy source using Win32 CryptoAPI -* Removed the Pipe I/O operators taking a FILE* -* Moved the BigInt encoding/decoding functions into the BigInt class -* Integrated several fixes for VC++ 7 (from Hany Greiss) -* Fixed the configure.pl script for Windows builds - -Version 1.2.0, 2003-04-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Tweaked the Karatsuba cut-off points -* Increased the allowed keylength of HMAC and Blowfish -* Removed the 'mpi_ia32' module, pending rewrite -* Workaround a GCC 2.95.x bug in eme1.cpp - -Series 1.1 ----------------------------------------- - -Version 1.1.13, 2003-04-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added OMAC -* Added EAX authenticated cipher mode -* Diffie-Hellman would not do blinding in some cases -* Optimized the OFB and CTR modes -* Corrected Skipjack's word ordering, as per NIST clarification -* Support for all subject/issuer attribute types required by RFC 3280 -* The removeFromCRL CRL reason code is now handled correctly -* Increased the flexibility of the allocators -* Renamed Rijndael to AES, created aes.h, deleted rijndael.h -* Removed support for the 'no_timer' LibraryInitializer option -* Removed 'es_pthr' module, pending further testing -* Cleaned up get_ciph.cpp - -Version 1.1.12, 2003-04-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a ASN.1 string encoding bug -* Fixed a pair of X509_DN encoding problems -* Base64_Decoder and Hex_Decoder can now validate input -* Removed support for the LibraryInitializer option 'egd_path' -* Added tests for DSA X.509 and PKCS #8 key formats -* Removed a long deprecated feature of DH_PrivateKey's constructor -* Updated the RPM .spec file -* Major documentation updates - -Version 1.1.11, 2003-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added PKCS #10 certificate requests -* Changed X509_Store searching interface to be more flexible -* Added a generic Certificate_Store interface -* Added a function for generating self-signed X.509 certs -* Cleanups and changes to X509_CA -* New examples for PKCS #10 and self-signed certificates -* Some documentation updates - -Version 1.1.10, 2003-04-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* X509_CA can now generate new X.509 CRLs -* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks -* More certificate and CRL extensions/attributes are supported -* Better DN handling in X.509 certificates/CRLs -* Added a DataSink hierarchy (suggested by Jim Darby) -* Consolidated SecureAllocator and ManagedAllocator -* Many cleanups and generalizations -* Added a (slow) pthreads based EntropySource -* Fixed some threading bugs - -Version 1.1.9, 2003-02-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for using X.509v2 CRLs -* Fixed several bugs in the path validation algorithm -* Certificates can be verified for a particular usage -* Algorithm for comparing distinguished names now follows X.509 -* Cleaned up the code for the es_beos, es_ftw, es_unix modules -* Documentation updates - -Version 1.1.8, 2003-01-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixes for the certificate path validation algorithm in X509_Store -* Fixed a bug affecting X509_Certificate::is_ca_cert() -* Added a general configuration interface for policy issues -* Cleanups and API changes in the X.509 CA, cert, and store code -* Made various options available for X509_CA users -* Changed X509_Time's interface to work around time_t problems -* Fixed a theoretical weakness in Randpool's entropy mixing function -* Fixed problems compiling with GCC 2.95.3 and GCC 2.96 -* Fixed a configure bug (reported by Jon Wilson) affecting MinGW - -Version 1.1.7, 2003-01-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an obscure but dangerous bug in SecureVector::swap -* Consolidated SHA-384 and SHA-512 to save code space -* Added SSL3-MAC and SSL3-PRF -* Documentation updates, including a new tutorial - -Version 1.1.6, 2002-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial support for X.509v3 certificates and CAs -* Major redesign/rewrite of the ASN.1 encoding/decoding code -* Added handling for DSA/NR signatures encoded as DER SEQUENCEs -* Documented the generic cipher lookup interface -* Added an (untested) entropy source for BeOS -* Various cleanups and bug fixes - -Version 1.1.5, 2002-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the discrete logarithm integrated encryption system (DLIES) -* Various optimizations for BigInt -* Added support for assembler optimizations in modules -* Added BigInt x86 optimizations module (mpi_ia32) - -Version 1.1.4, 2002-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Speedup of 15-30% for PK algorithms -* Implemented the PBES2 encryption scheme -* Fixed a potential bug in decoding RSA and RW private keys -* Changed the DL_Group class interface to handle different formats better -* Added support for PKCS #3 encoded DH parameters -* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' -* Added key pair consistency checking -* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) -* A botan-config script is generated at configure time -* Documentation updates - -Version 1.1.3, 2002-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a generic public/private key loading interface -* Fixed a small encoding bug in RSA, RW, and DH -* Changed the PK encryption/decryption interface classes -* ECB supports using padding methods -* Added a function-based interface for library initialization -* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures -* The cipher mode benchmarks now use 128-bit AES instead of DES -* Removed some obsolete typedefs -* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) -* Added tests for PKCS #8 encoding/decoding -* Added more tests for ECB and CBC - -Version 1.1.2, 2002-10-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Support for PKCS #8 encoded RSA, DSA, and DH private keys -* Support for Diffie-Hellman X.509 public keys -* Major reorganization of how X.509 keys are handled -* Added PKCS #5 v2.0's PBES1 encryption scheme -* Added a generic cipher lookup interface -* Added the WiderWake4+1 stream cipher -* Added support for sync-able stream ciphers -* Added a 'paranoia level' option for the LibraryInitializer -* More security for RNG output meant for long term keys -* Added documentation for some of the new 1.1.x features -* CFB's feedback argument is now specified in bits -* Renamed CTR class to CTR_BE -* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats - -Version 1.1.1, 2002-10-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the Korean hash function HAS-160 -* Partial support for RSA and DSA X.509 public keys -* Added a mostly functional BER encoder/decoder -* Added support for non-deterministic MAC functions -* Initial support for PEM encoding/decoding -* Internal cleanups in the PK algorithms -* Several new convenience functions in Pipe -* Fixed two nasty bugs in Pipe -* Messed with the entropy sources for es_unix -* Discrete logarithm groups are checked for safety more closely now -* For compatibility with GnuPG, ElGamal now supports DSA-style groups - -Version 1.1.0, 2002-09-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added entropy estimation to the RNGs -* Improved the overall design of both Randpool and ANSI_X917_RNG -* Added a separate RNG for nonce generation -* Added window exponentiation support in power_mod -* Added a get_s2k function and the PKCS #5 S2K algorithms -* Added the TLSv1 PRF -* Replaced BlockCipherModeIV typedef with InitializationVector class -* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement -* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x -* Added support for RIPEMD-160 PKCS#1 v1.5 signatures -* Changed the key agreement scheme interface -* Changed the S2K and KDF interfaces -* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK -* Added support for variable-pass Tiger -* Major speedup for Rabin-Williams key generation - -Series 1.0 ----------------------------------------- - -Version 1.0.2, 2003-01-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an obscure SEGFAULT causing bug in Pipe -* Fixed an obscure but dangerous bug in SecureVector::swap - -Version 1.0.1, 2002-09-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a minor bug in Randpool::random() -* Added some new aliases and typedefs for 1.1.x compatibility -* The 4096-bit RSA benchmark key was decimal instead of hex -* EMAC was returning an incorrect name - -Version 1.0.0, 2002-08-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Octal I/O of BigInt is now supported -* Fixed portability problems in the es_egd module -* Generalized IV handling in the block cipher modes -* Added Karatsuba multiplication and k-ary exponentiation -* Fixed a problem in the multiplication routines - -Series 0.9 ----------------------------------------- - -Version 0.9.2, 2002-08-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* DH_PrivateKey::public_value() was returning the wrong value -* Various BigInt optimizations -* The filters.h header now includes hex.h and base64.h -* Moved Counter mode to ctr.h -* Fixed a couple minor problems with VC++ 7 -* Fixed problems with the RPM spec file - -Version 0.9.1, 2002-08-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Grand rename from OpenCL to Botan -* Major optimizations for the PK algorithms -* Added ElGamal encryption -* Added Whirlpool -* Tweaked memory allocation parameters -* Improved the method of seeding the global RNG -* Moved pkcs1.h to eme_pkcs.h -* Added more test vectors for some algorithms -* Fixed error reporting in the BigInt tests -* Removed Default_Timer, it was pointless -* Added some new example applications -* Removed some old examples that weren't that interesting -* Documented the compression modules - -Version 0.9.0, 2002-08-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* EMSA4 supports variable salt size -* PK_* can take a string naming the encoding method to use -* Started writing some internals documentation - -Series 0.8 ----------------------------------------- - -Version 0.8.7, 2002-07-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed bugs in EME1 and EMSA4 -* Fixed a potential crash at shutdown -* Cipher modes returned an ill-formed name -* Removed various deprecated types and headers -* Cleaned up the Pipe interface a bit -* Minor additions to the documentation -* First stab at a Visual C++ makefile (doc/Makefile.vc7) - -Version 0.8.6, 2002-07-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added EMSA4 (aka PSS) -* Brought the manual up to date; many corrections and additions -* Added a parallel hash function construction -* Lookup supports all available algorithms now -* Lazy initialization of the lookup tables -* Made more discrete logarithm groups available through get_dl_group() -* StreamCipher_Filter supports seeking (if the underlying cipher does) -* Minor optimization for GCD calculations -* Renamed SAFER_SK128 to SAFER_SK -* Removed many previously deprecated functions -* Some now-obsolete functions, headers, and types have been deprecated -* Fixed some bugs in DSA prime generation -* DL_Group had a constructor for DSA-style prime gen but it wasn't defined -* Reversed the ordering of the two arguments to SEAL's constructor -* Fixed a threading problem in the PK algorithms -* Fixed a minor memory leak in lookup.cpp -* Fixed pk_types.h (it was broken in 0.8.5) -* Made validation tests more verbose -* Updated the check and example applications - -Version 0.8.5, 2002-07-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) -* Added a DL_Group class -* Reworking of the pubkey internals -* Support in lookup for aliases and PK algorithms -* Renamed CAST5 to CAST_128 and CAST256 to CAST_256 -* Added EMSA1 -* Reorganization of header files -* LibraryInitializer will install new allocator types if requested -* Fixed a bug in Diffie-Hellman key generation -* Did a workaround in pipe.cpp for GCC 2.95.x on Linux -* Removed some debugging code from init.cpp that made FTW ES useless -* Better checking for invalid arguments in the PK algorithms -* Reduced Base64 and Hex default line length (if line breaking is used) -* Fixes for HP's aCC compiler -* Cleanups in BigInt - -Version 0.8.4, 2002-07-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added Nyberg-Rueppel signatures -* Added Diffie-Hellman key exchange (kex interface is subject to change) -* Added KDF2 -* Enhancements to the lookup API -* Many things formerly taking pointers to algorithms now take names -* Speedups for prime generation -* LibraryInitializer has support for seeding the global RNG -* Reduced SAFER-SK128 memory consumption -* Reversed the ordering of public and private key values in DSA constructor -* Fixed serious bugs in MemoryMapping_Allocator -* Fixed memory leak in Lion -* FTW_EntropySource was not closing the files it read -* Fixed line breaking problem in Hex_Encoder - -Version 0.8.3, 2002-06-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added DSA and Rabin-Williams signature schemes -* Added EMSA3 -* Added PKCS#1 v1.5 encryption padding -* Added Filters for PK algorithms -* Added a Keyed_Filter class -* LibraryInitializer processes arguments now -* Major revamp of the PK interface classes -* Changed almost all of the Filters for non-template operation -* Changed HMAC, Lion, Luby-Rackoff to non-template classes -* Some fairly minor BigInt optimizations -* Added simple benchmarking for PK algorithms -* Added hooks for fixed base and fixed exponent modular exponentiation -* Added some examples for using RSA -* Numerous bugfixes and cleanups -* Documentation updates - -Version 0.8.2, 2002-05-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an (experimental) algorithm lookup interface -* Added code for directly testing BigInt -* Added SHA2-384 -* Optimized SHA2-512 -* Major optimization for Adler32 (thanks to Dan Nicolaescu) -* Various minor optimizations in BigInt and related areas -* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore -* Fixed a bug in BufferingFilter -* Made a few fixes for MacOS X -* Added a workaround in configure.pl for GCC 2.95.x -* Better support for PowerPC, ARM, and Alpha -* Some more cleanups - -Version 0.8.1, 2002-05-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major code cleanup (check doc/deprecated.txt) -* Various bugs fixed, including several portability problems -* Renamed MessageAuthCode to MessageAuthenticationCode -* A replacement for X917 is in x917_rng.h -* Changed EMAC to non-template class -* Added ANSI X9.19 compatible CBC-MAC -* TripleDES now supports 128 bit keys - -Version 0.8.0, 2002-04-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Merged BigInt: many bugfixes and optimizations since alpha2 -* Added RSA (rsa.h) -* Added EMSA2 (emsa2.h) -* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) -* Changed some interfaces, including SymmetricKey, to support the global rng -* Fixed a serious bug in ManagedAllocator -* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 -* Removed some deprecated stuff -* Added a global random number generator (rng.h) -* Added clone functions to most of the basic algorithms -* Added a library initializer class (init.h) -* Version macros in version.h -* Moved the base classes from opencl.h to base.h -* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib -* Documentation updates for the new stuff (still incomplete) -* Many new deprecated things: check doc/deprecated.txt - -Series 0.7 ----------------------------------------- - -Version 0.7.10, 2002-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added EGD_EntropySource module (es_egd) -* Added a file tree walking EntropySource (es_ftw) -* Added MemoryLocking_Allocator module (alloc_mlock) -* Renamed the pthr_mux, unix_rnd, and mmap_mem modules -* Changed timer mechanism; the clock method can be switched on the fly. -* Renamed MmapDisk_Allocator to MemoryMapping_Allocator -* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) -* Fixed several bugs in MemoryMapping_Allocator -* Added more default sources for Unix_EntropySource -* Changed SecureBuffer to use same allocation methods as SecureVector -* Added bigint_divcore into mp_core to support BigInt alpha2 release -* Removed some Pipe functions deprecated since 0.7.8 -* Some fixes for the configure program - -Version 0.7.9, 2002-03-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Memory allocation substantially revamped -* Added memory allocation method based on mmap(2) in the mmap_mem module -* Added ECB and CTS block cipher modes (ecb.h, cts.h) -* Added a Mutex interface (mutex.h) -* Added module pthr_mux, implementing the Mutex interface -* Added Threaded Filter interface (thr_filt.h) -* All algorithms can now by keyed with SymmetricKey objects -* More testing occurs with --validate (expected failures) -* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 -* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress -* Made X917 safer (and about 1/3 as fast) -* Documentation updates - -Version 0.7.8, 2002-02-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* More capabilities for Pipe, inspired by SysV STREAMS, including peeking, - better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION -* Added a BufferingFilter class -* Added popen() based EntropySource for generic Unix systems (unix_rnd) -* Moved 'devrand' module into main distribution (ent_file.h), renamed to - File_EntropySource, and changed interface somewhat. -* Made Randpool somewhat more conservative and also 25% faster -* Minor fixes and updates for the configure script -* Added some tweaks for memory allocation -* Documentation updates for the new Pipe interface -* Fixed various minor bugs -* Added a couple of new example programs (stack and hasher2) - -Version 0.7.7, 2001-11-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Filter::send now works in the constructor of a Filter subclass -* You may now have to include <opencl/pipe.h> explicitly in some code -* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h -* Enhancements to SecureVector (append, destroy functions) -* New infrastructure for secure memory allocation -* Added IEEE P1363 primitives MGF1, EME1, KDF1 -* Rijndael optimizations and cleanups -* Changed CipherMode<B> to BlockCipherMode(B*) -* Fixed a nasty bug in pipe_unixfd -* Added portions of the BigInt code into the main library -* Support for VAX, SH, POWER, PowerPC-64, Intel C++ - -Version 0.7.6, 2001-10-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed several serious bugs in SecureVector created in 0.7.5 -* Square optimizations -* Fixed shared objects on MacOS X and HP-UX -* Fixed static libs for KCC 4.0; works with KCC 3.4g as well -* Full support for Athlon and K6 processors using GCC -* Added a table of prime numbers < 2**16 (primes.h) -* Some minor documentation updates - -Version 0.7.5, 2001-08-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split checksum.h into adler32.h, crc24.h, and crc32.h -* Split modes.h into cbc.h, cfb.h, and ofb.h -* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption -* Added OneAndZeros and NoPadding methods for CBC -* Added Lion, a very fast block cipher construction -* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) -* Basic types (ciphers, hashes, etc) know their names now (call name()) -* Changed the EntropySource type somewhat -* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 -* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 -* Some semantics of SecureVector have changed slightly -* The mlock module has been removed for the time being -* Added string handling functions for hashes and MACs -* Various non-user-visible cleanups -* Shared library soname is now set to the full version number - -Version 0.7.4, 2001-07-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe -* Fixed a vast number of errors in the config script/makefile/specfile -* Pipe now has a stdio(3) interface as well as C++ iostreams -* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) -* Bzip2 supports decompressing multiple concatenated streams, and flushing -* Added a simple 'overall average' score to the benchmarks -* Fixed a small bug in the POSIX timer module -* Removed a very-unlikely-to-occur bug in most of the hash functions -* filtbase.h now includes <iosfwd>, not <iostream> -* Minor documentation updates - -Version 0.7.3, 2001-06-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix build problems on Solaris/SPARC -* Fix build problems with Perl versions < 5.6 -* Fixed some stupid code that broke on a few compilers -* Added string handling functions to Pipe -* MISTY1 optimizations - -Version 0.7.2, 2001-06-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Build system supports modules -* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers -* Added Bzip2 compression filter, contributed by Peter Jones -* GNU make no longer required (tested with 4.4BSD pmake and Solaris make) -* Fixed minor bug in several of the hash functions -* Various other minor fixes and changes -* Updates to the documentation - -Version 0.7.1, 2001-05-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Rewrote configure script: more consistent and complete -* Made it easier to find out parameters of types at run time (opencl.h) -* New functions for finding the version being used (version.h) -* New SymmetricKey interface for Filters (symkey.h) -* InvalidKeyLength now records what the invalid key length was -* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA -* Changed GOST to use correct S-box ordering (incompatible change) -* Benchmark code was almost totally rewritten -* Many more entries in the test vector file -* Fixed minor and idiotic bug in check.cpp - -Version 0.7.0, 2001-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* First public release - diff --git a/doc/lowlevel.txt b/doc/lowlevel.txt index 852d7eb43..cd343063a 100644 --- a/doc/lowlevel.txt +++ b/doc/lowlevel.txt @@ -198,7 +198,7 @@ Updates the hash/mac calculation with *input*. .. cpp:function:: void BufferedComputation::final(byte* out) -.. cpp:function:: SecureVector<byte> BufferedComputation::final() +.. cpp:function:: secure_vector<byte> BufferedComputation::final() Complete the hash/MAC calculation and place the result into ``out``. For the argument taking an array, exactly ``output_length`` bytes will diff --git a/doc/pbkdf.txt b/doc/pbkdf.txt index f24dcd188..14434f63e 100644 --- a/doc/pbkdf.txt +++ b/doc/pbkdf.txt @@ -46,7 +46,7 @@ iterations and a 16 byte salt is recommend for new applications. PBKDF* pbkdf = get_pbkdf("PBKDF2(SHA-256)"); AutoSeeded_RNG rng; - SecureVector<byte> salt = rng.random_vec(16); + secure_vector<byte> salt = rng.random_vec(16); OctetString aes256_key = pbkdf->derive_key(32, "password", &salt[0], salt.size(), 10000); diff --git a/doc/pubkey.txt b/doc/pubkey.txt index 6ff016038..6e6bc6ed8 100644 --- a/doc/pubkey.txt +++ b/doc/pubkey.txt @@ -112,7 +112,7 @@ The standard format for serializing a private key is PKCS #8, the operations for which are defined in ``pkcs8.h``. It supports both unencrypted and encrypted storage. -.. cpp:function:: SecureVector<byte> PKCS8::BER_encode(const Private_Key& key, \ +.. cpp:function:: secure_vector<byte> PKCS8::BER_encode(const Private_Key& key, \ RandomNumberGenerator& rng, const std::string& password, const std::string& pbe_algo = "") Takes any private key object, serializes it, encrypts it using @@ -143,7 +143,7 @@ Unencrypted serialization is also supported. security requirements, always use the versions that encrypt the key based on a passphrase, described above. -.. cpp:function:: SecureVector<byte> PKCS8::BER_encode(const Private_Key& key) +.. cpp:function:: secure_vector<byte> PKCS8::BER_encode(const Private_Key& key) Serializes the private key and returns the result. @@ -223,13 +223,13 @@ Serializing Public Keys To import and export public keys, use: -.. cpp:function:: MemoryVector<byte> X509::BER_encode(const Public_Key& key) +.. cpp:function:: std::vector<byte> X509::BER_encode(const Public_Key& key) .. cpp:function:: std::string X509::PEM_encode(const Public_Key& key) .. cpp:function:: Public_Key* X509::load_key(DataSource& in) -.. cpp:function:: Public_Key* X509::load_key(const SecureVector<byte>& buffer) +.. cpp:function:: Public_Key* X509::load_key(const secure_vector<byte>& buffer) .. cpp:function:: Public_Key* X509::load_key(const std::string& filename) @@ -283,7 +283,7 @@ You can generate a new random group using You can serialize a ``DL_Group`` using -.. cpp:function:: SecureVector<byte> DL_Group::DER_Encode(Format format) +.. cpp:function:: secure_vector<byte> DL_Group::DER_Encode(Format format) or @@ -344,11 +344,11 @@ The primary interface for encryption is .. cpp:class:: PK_Encryptor - .. cpp:function:: SecureVector<byte> encrypt( \ + .. cpp:function:: secure_vector<byte> encrypt( \ const byte* in, size_t length, RandomNumberGenerator& rng) const - .. cpp:function:: SecureVector<byte> encrypt( \ - const MemoryRegion<byte>& in, RandomNumberGenerator& rng) const + .. cpp:function:: secure_vector<byte> encrypt( \ + const std::vector<byte>& in, RandomNumberGenerator& rng) const These encrypt a message, returning the ciphertext. @@ -428,22 +428,22 @@ Signature generation is performed using SEQUENCE value. .. cpp:function:: void update(const byte* in, size_t length) - .. cpp:function:: void update(const MemoryRegion<byte>& in) + .. cpp:function:: void update(const std::vector<byte>& in) .. cpp:function:: void update(byte in) These add more data to be included in the signature computation. Typically, the input will be provided directly to a hash function. - .. cpp:function:: SecureVector<byte> signature(RandomNumberGenerator& rng) + .. cpp:function:: secure_vector<byte> signature(RandomNumberGenerator& rng) Creates the signature and returns it - .. cpp:function:: SecureVector<byte> sign_message( \ + .. cpp:function:: secure_vector<byte> sign_message( \ const byte* in, size_t length, RandomNumberGenerator& rng) - .. cpp:function:: SecureVector<byte> sign_message( \ - const MemoryRegion<byte>& in, RandomNumberGenerator& rng) + .. cpp:function:: secure_vector<byte> sign_message( \ + const std::vector<byte>& in, RandomNumberGenerator& rng) These functions are equivalent to calling :cpp:func:`PK_Signer::update` and then @@ -462,14 +462,14 @@ Signatures are verified using that used by the signer. .. cpp:function:: void update(const byte* in, size_t length) - .. cpp:function:: void update(const MemoryRegion<byte>& in) + .. cpp:function:: void update(const std::vector<byte>& in) .. cpp:function:: void update(byte in) Add further message data that is purportedly assocated with the signature that will be checked. .. cpp:function:: bool check_signature(const byte* sig, size_t length) - .. cpp:function:: bool check_signature(const MemoryRegion<byte>& sig) + .. cpp:function:: bool check_signature(const std::vector<byte>& sig) Check to see if *sig* is a valid signature for the message data that was written in. Return true if so. This function clears the @@ -480,8 +480,8 @@ Signatures are verified using .. cpp:function:: bool verify_message(const byte* msg, size_t msg_length, \ const byte* sig, size_t sig_length) - .. cpp:function:: bool verify_message(const MemoryRegion<byte>& msg, \ - const MemoryRegion<byte>& sig) + .. cpp:function:: bool verify_message(const std::vector<byte>& msg, \ + const std::vector<byte>& sig) These are equivalent to calling :cpp:func:`PK_Verifier::update` on *msg* and then calling :cpp:func:`PK_Verifier::check_signature` @@ -514,7 +514,7 @@ other party, and then each of you runs a computation with the other's value and your key (this should return the same result to both parties). This computation can be called by using ``derive_key`` with either a byte array/length pair, or a -``SecureVector<byte>`` than holds the public value of the other +``secure_vector<byte>`` than holds the public value of the other party. The last argument to either call is a number that specifies how long a key you want. @@ -529,7 +529,7 @@ symmetric algorithm. The public value that should be used can be obtained by calling ``public_data``, which exists for any key that is associated with a -key agreement algorithm. It returns a ``SecureVector<byte>``. +key agreement algorithm. It returns a ``secure_vector<byte>``. "KDF2(SHA-256)" is by far the preferred algorithm for key derivation in new applications. The X9.42 algorithm may be useful in some diff --git a/doc/reading.txt b/doc/reading.txt index a0e547296..3b3545e28 100644 --- a/doc/reading.txt +++ b/doc/reading.txt @@ -13,11 +13,11 @@ system. Especially recommended are: - *Cryptography Engineering* - Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno + by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno - *Security Engineering -- A Guide to Building Dependable Distributed Systems* - Ross Anderson + by Ross Anderson - *Handbook of Applied Cryptography* - Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone + by Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone (`available online <http://www.cacr.math.uwaterloo.ca/hac/>`_) diff --git a/doc/relnotes/0_7_0.txt b/doc/relnotes/0_7_0.txt new file mode 100644 index 000000000..5339b7b10 --- /dev/null +++ b/doc/relnotes/0_7_0.txt @@ -0,0 +1,5 @@ +Version 0.7.0, 2001-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* First public release + diff --git a/doc/relnotes/0_7_1.txt b/doc/relnotes/0_7_1.txt new file mode 100644 index 000000000..cc57ef0ee --- /dev/null +++ b/doc/relnotes/0_7_1.txt @@ -0,0 +1,14 @@ +Version 0.7.1, 2001-05-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Rewrote configure script: more consistent and complete +* Made it easier to find out parameters of types at run time (opencl.h) +* New functions for finding the version being used (version.h) +* New SymmetricKey interface for Filters (symkey.h) +* InvalidKeyLength now records what the invalid key length was +* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA +* Changed GOST to use correct S-box ordering (incompatible change) +* Benchmark code was almost totally rewritten +* Many more entries in the test vector file +* Fixed minor and idiotic bug in check.cpp + diff --git a/doc/relnotes/0_7_10.txt b/doc/relnotes/0_7_10.txt new file mode 100644 index 000000000..df08df532 --- /dev/null +++ b/doc/relnotes/0_7_10.txt @@ -0,0 +1,17 @@ +Version 0.7.10, 2002-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added EGD_EntropySource module (es_egd) +* Added a file tree walking EntropySource (es_ftw) +* Added MemoryLocking_Allocator module (alloc_mlock) +* Renamed the pthr_mux, unix_rnd, and mmap_mem modules +* Changed timer mechanism; the clock method can be switched on the fly. +* Renamed MmapDisk_Allocator to MemoryMapping_Allocator +* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) +* Fixed several bugs in MemoryMapping_Allocator +* Added more default sources for Unix_EntropySource +* Changed SecureBuffer to use same allocation methods as SecureVector +* Added bigint_divcore into mp_core to support BigInt alpha2 release +* Removed some Pipe functions deprecated since 0.7.8 +* Some fixes for the configure program + diff --git a/doc/relnotes/0_7_2.txt b/doc/relnotes/0_7_2.txt new file mode 100644 index 000000000..a9b6ae452 --- /dev/null +++ b/doc/relnotes/0_7_2.txt @@ -0,0 +1,11 @@ +Version 0.7.2, 2001-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Build system supports modules +* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers +* Added Bzip2 compression filter, contributed by Peter Jones +* GNU make no longer required (tested with 4.4BSD pmake and Solaris make) +* Fixed minor bug in several of the hash functions +* Various other minor fixes and changes +* Updates to the documentation + diff --git a/doc/relnotes/0_7_3.txt b/doc/relnotes/0_7_3.txt new file mode 100644 index 000000000..57b7a630a --- /dev/null +++ b/doc/relnotes/0_7_3.txt @@ -0,0 +1,9 @@ +Version 0.7.3, 2001-06-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix build problems on Solaris/SPARC +* Fix build problems with Perl versions < 5.6 +* Fixed some stupid code that broke on a few compilers +* Added string handling functions to Pipe +* MISTY1 optimizations + diff --git a/doc/relnotes/0_7_4.txt b/doc/relnotes/0_7_4.txt new file mode 100644 index 000000000..523a6bccc --- /dev/null +++ b/doc/relnotes/0_7_4.txt @@ -0,0 +1,14 @@ +Version 0.7.4, 2001-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe +* Fixed a vast number of errors in the config script/makefile/specfile +* Pipe now has a stdio(3) interface as well as C++ iostreams +* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) +* Bzip2 supports decompressing multiple concatenated streams, and flushing +* Added a simple 'overall average' score to the benchmarks +* Fixed a small bug in the POSIX timer module +* Removed a very-unlikely-to-occur bug in most of the hash functions +* filtbase.h now includes <iosfwd>, not <iostream> +* Minor documentation updates + diff --git a/doc/relnotes/0_7_5.txt b/doc/relnotes/0_7_5.txt new file mode 100644 index 000000000..cb729d182 --- /dev/null +++ b/doc/relnotes/0_7_5.txt @@ -0,0 +1,19 @@ +Version 0.7.5, 2001-08-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split checksum.h into adler32.h, crc24.h, and crc32.h +* Split modes.h into cbc.h, cfb.h, and ofb.h +* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption +* Added OneAndZeros and NoPadding methods for CBC +* Added Lion, a very fast block cipher construction +* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) +* Basic types (ciphers, hashes, etc) know their names now (call name()) +* Changed the EntropySource type somewhat +* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 +* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 +* Some semantics of SecureVector have changed slightly +* The mlock module has been removed for the time being +* Added string handling functions for hashes and MACs +* Various non-user-visible cleanups +* Shared library soname is now set to the full version number + diff --git a/doc/relnotes/0_7_6.txt b/doc/relnotes/0_7_6.txt new file mode 100644 index 000000000..13294e7a5 --- /dev/null +++ b/doc/relnotes/0_7_6.txt @@ -0,0 +1,11 @@ +Version 0.7.6, 2001-10-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed several serious bugs in SecureVector created in 0.7.5 +* Square optimizations +* Fixed shared objects on MacOS X and HP-UX +* Fixed static libs for KCC 4.0; works with KCC 3.4g as well +* Full support for Athlon and K6 processors using GCC +* Added a table of prime numbers < 2**16 (primes.h) +* Some minor documentation updates + diff --git a/doc/relnotes/0_7_7.txt b/doc/relnotes/0_7_7.txt new file mode 100644 index 000000000..83dfd2d2f --- /dev/null +++ b/doc/relnotes/0_7_7.txt @@ -0,0 +1,15 @@ +Version 0.7.7, 2001-11-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Filter::send now works in the constructor of a Filter subclass +* You may now have to include <opencl/pipe.h> explicitly in some code +* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h +* Enhancements to SecureVector (append, destroy functions) +* New infrastructure for secure memory allocation +* Added IEEE P1363 primitives MGF1, EME1, KDF1 +* Rijndael optimizations and cleanups +* Changed CipherMode<B> to BlockCipherMode(B*) +* Fixed a nasty bug in pipe_unixfd +* Added portions of the BigInt code into the main library +* Support for VAX, SH, POWER, PowerPC-64, Intel C++ + diff --git a/doc/relnotes/0_7_8.txt b/doc/relnotes/0_7_8.txt new file mode 100644 index 000000000..92b9291b1 --- /dev/null +++ b/doc/relnotes/0_7_8.txt @@ -0,0 +1,16 @@ +Version 0.7.8, 2002-02-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* More capabilities for Pipe, inspired by SysV STREAMS, including peeking, + better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION +* Added a BufferingFilter class +* Added popen() based EntropySource for generic Unix systems (unix_rnd) +* Moved 'devrand' module into main distribution (ent_file.h), renamed to + File_EntropySource, and changed interface somewhat. +* Made Randpool somewhat more conservative and also 25% faster +* Minor fixes and updates for the configure script +* Added some tweaks for memory allocation +* Documentation updates for the new Pipe interface +* Fixed various minor bugs +* Added a couple of new example programs (stack and hasher2) + diff --git a/doc/relnotes/0_7_9.txt b/doc/relnotes/0_7_9.txt new file mode 100644 index 000000000..cb48eef3e --- /dev/null +++ b/doc/relnotes/0_7_9.txt @@ -0,0 +1,16 @@ +Version 0.7.9, 2002-03-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Memory allocation substantially revamped +* Added memory allocation method based on mmap(2) in the mmap_mem module +* Added ECB and CTS block cipher modes (ecb.h, cts.h) +* Added a Mutex interface (mutex.h) +* Added module pthr_mux, implementing the Mutex interface +* Added Threaded Filter interface (thr_filt.h) +* All algorithms can now by keyed with SymmetricKey objects +* More testing occurs with --validate (expected failures) +* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 +* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress +* Made X917 safer (and about 1/3 as fast) +* Documentation updates + diff --git a/doc/relnotes/0_8_0.txt b/doc/relnotes/0_8_0.txt new file mode 100644 index 000000000..62c3a0384 --- /dev/null +++ b/doc/relnotes/0_8_0.txt @@ -0,0 +1,21 @@ +Version 0.8.0, 2002-04-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Merged BigInt: many bugfixes and optimizations since alpha2 +* Added RSA (rsa.h) +* Added EMSA2 (emsa2.h) +* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) +* Changed some interfaces, including SymmetricKey, to support the global rng +* Fixed a serious bug in ManagedAllocator +* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 +* Removed some deprecated stuff +* Added a global random number generator (rng.h) +* Added clone functions to most of the basic algorithms +* Added a library initializer class (init.h) +* Version macros in version.h +* Moved the base classes from opencl.h to base.h +* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib +* Documentation updates for the new stuff (still incomplete) +* Many new deprecated things: check doc/deprecated.txt + + diff --git a/doc/relnotes/0_8_1.txt b/doc/relnotes/0_8_1.txt new file mode 100644 index 000000000..98175994e --- /dev/null +++ b/doc/relnotes/0_8_1.txt @@ -0,0 +1,11 @@ +Version 0.8.1, 2002-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major code cleanup (check doc/deprecated.txt) +* Various bugs fixed, including several portability problems +* Renamed MessageAuthCode to MessageAuthenticationCode +* A replacement for X917 is in x917_rng.h +* Changed EMAC to non-template class +* Added ANSI X9.19 compatible CBC-MAC +* TripleDES now supports 128 bit keys + diff --git a/doc/relnotes/0_8_2.txt b/doc/relnotes/0_8_2.txt new file mode 100644 index 000000000..1f4c540e8 --- /dev/null +++ b/doc/relnotes/0_8_2.txt @@ -0,0 +1,16 @@ +Version 0.8.2, 2002-05-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an (experimental) algorithm lookup interface +* Added code for directly testing BigInt +* Added SHA2-384 +* Optimized SHA2-512 +* Major optimization for Adler32 (thanks to Dan Nicolaescu) +* Various minor optimizations in BigInt and related areas +* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore +* Fixed a bug in BufferingFilter +* Made a few fixes for MacOS X +* Added a workaround in configure.pl for GCC 2.95.x +* Better support for PowerPC, ARM, and Alpha +* Some more cleanups + diff --git a/doc/relnotes/0_8_3.txt b/doc/relnotes/0_8_3.txt new file mode 100644 index 000000000..88012db05 --- /dev/null +++ b/doc/relnotes/0_8_3.txt @@ -0,0 +1,19 @@ +Version 0.8.3, 2002-06-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added DSA and Rabin-Williams signature schemes +* Added EMSA3 +* Added PKCS#1 v1.5 encryption padding +* Added Filters for PK algorithms +* Added a Keyed_Filter class +* LibraryInitializer processes arguments now +* Major revamp of the PK interface classes +* Changed almost all of the Filters for non-template operation +* Changed HMAC, Lion, Luby-Rackoff to non-template classes +* Some fairly minor BigInt optimizations +* Added simple benchmarking for PK algorithms +* Added hooks for fixed base and fixed exponent modular exponentiation +* Added some examples for using RSA +* Numerous bugfixes and cleanups +* Documentation updates + diff --git a/doc/relnotes/0_8_4.txt b/doc/relnotes/0_8_4.txt new file mode 100644 index 000000000..9b73ca88e --- /dev/null +++ b/doc/relnotes/0_8_4.txt @@ -0,0 +1,17 @@ +Version 0.8.4, 2002-07-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added Nyberg-Rueppel signatures +* Added Diffie-Hellman key exchange (kex interface is subject to change) +* Added KDF2 +* Enhancements to the lookup API +* Many things formerly taking pointers to algorithms now take names +* Speedups for prime generation +* LibraryInitializer has support for seeding the global RNG +* Reduced SAFER-SK128 memory consumption +* Reversed the ordering of public and private key values in DSA constructor +* Fixed serious bugs in MemoryMapping_Allocator +* Fixed memory leak in Lion +* FTW_EntropySource was not closing the files it read +* Fixed line breaking problem in Hex_Encoder + diff --git a/doc/relnotes/0_8_5.txt b/doc/relnotes/0_8_5.txt new file mode 100644 index 000000000..eced09cc2 --- /dev/null +++ b/doc/relnotes/0_8_5.txt @@ -0,0 +1,19 @@ +Version 0.8.5, 2002-07-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) +* Added a DL_Group class +* Reworking of the pubkey internals +* Support in lookup for aliases and PK algorithms +* Renamed CAST5 to CAST_128 and CAST256 to CAST_256 +* Added EMSA1 +* Reorganization of header files +* LibraryInitializer will install new allocator types if requested +* Fixed a bug in Diffie-Hellman key generation +* Did a workaround in pipe.cpp for GCC 2.95.x on Linux +* Removed some debugging code from init.cpp that made FTW ES useless +* Better checking for invalid arguments in the PK algorithms +* Reduced Base64 and Hex default line length (if line breaking is used) +* Fixes for HP's aCC compiler +* Cleanups in BigInt + diff --git a/doc/relnotes/0_8_6.txt b/doc/relnotes/0_8_6.txt new file mode 100644 index 000000000..18c95db10 --- /dev/null +++ b/doc/relnotes/0_8_6.txt @@ -0,0 +1,23 @@ +Version 0.8.6, 2002-07-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added EMSA4 (aka PSS) +* Brought the manual up to date; many corrections and additions +* Added a parallel hash function construction +* Lookup supports all available algorithms now +* Lazy initialization of the lookup tables +* Made more discrete logarithm groups available through get_dl_group() +* StreamCipher_Filter supports seeking (if the underlying cipher does) +* Minor optimization for GCD calculations +* Renamed SAFER_SK128 to SAFER_SK +* Removed many previously deprecated functions +* Some now-obsolete functions, headers, and types have been deprecated +* Fixed some bugs in DSA prime generation +* DL_Group had a constructor for DSA-style prime gen but it wasn't defined +* Reversed the ordering of the two arguments to SEAL's constructor +* Fixed a threading problem in the PK algorithms +* Fixed a minor memory leak in lookup.cpp +* Fixed pk_types.h (it was broken in 0.8.5) +* Made validation tests more verbose +* Updated the check and example applications + diff --git a/doc/relnotes/0_8_7.txt b/doc/relnotes/0_8_7.txt new file mode 100644 index 000000000..28d4bda56 --- /dev/null +++ b/doc/relnotes/0_8_7.txt @@ -0,0 +1,11 @@ +Version 0.8.7, 2002-07-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed bugs in EME1 and EMSA4 +* Fixed a potential crash at shutdown +* Cipher modes returned an ill-formed name +* Removed various deprecated types and headers +* Cleaned up the Pipe interface a bit +* Minor additions to the documentation +* First stab at a Visual C++ makefile (doc/Makefile.vc7) + diff --git a/doc/relnotes/0_9_0.txt b/doc/relnotes/0_9_0.txt new file mode 100644 index 000000000..ef73f6ae2 --- /dev/null +++ b/doc/relnotes/0_9_0.txt @@ -0,0 +1,8 @@ +Version 0.9.0, 2002-08-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* EMSA4 supports variable salt size +* PK_* can take a string naming the encoding method to use +* Started writing some internals documentation + + diff --git a/doc/relnotes/0_9_1.txt b/doc/relnotes/0_9_1.txt new file mode 100644 index 000000000..8d6398d58 --- /dev/null +++ b/doc/relnotes/0_9_1.txt @@ -0,0 +1,17 @@ +Version 0.9.1, 2002-08-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Grand rename from OpenCL to Botan +* Major optimizations for the PK algorithms +* Added ElGamal encryption +* Added Whirlpool +* Tweaked memory allocation parameters +* Improved the method of seeding the global RNG +* Moved pkcs1.h to eme_pkcs.h +* Added more test vectors for some algorithms +* Fixed error reporting in the BigInt tests +* Removed Default_Timer, it was pointless +* Added some new example applications +* Removed some old examples that weren't that interesting +* Documented the compression modules + diff --git a/doc/relnotes/0_9_2.txt b/doc/relnotes/0_9_2.txt new file mode 100644 index 000000000..46eff06f5 --- /dev/null +++ b/doc/relnotes/0_9_2.txt @@ -0,0 +1,10 @@ +Version 0.9.2, 2002-08-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* DH_PrivateKey::public_value() was returning the wrong value +* Various BigInt optimizations +* The filters.h header now includes hex.h and base64.h +* Moved Counter mode to ctr.h +* Fixed a couple minor problems with VC++ 7 +* Fixed problems with the RPM spec file + diff --git a/doc/relnotes/1_0_0.txt b/doc/relnotes/1_0_0.txt new file mode 100644 index 000000000..322aa1472 --- /dev/null +++ b/doc/relnotes/1_0_0.txt @@ -0,0 +1,10 @@ +Version 1.0.0, 2002-08-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Octal I/O of BigInt is now supported +* Fixed portability problems in the es_egd module +* Generalized IV handling in the block cipher modes +* Added Karatsuba multiplication and k-ary exponentiation +* Fixed a problem in the multiplication routines + + diff --git a/doc/relnotes/1_0_1.txt b/doc/relnotes/1_0_1.txt new file mode 100644 index 000000000..d496099ad --- /dev/null +++ b/doc/relnotes/1_0_1.txt @@ -0,0 +1,8 @@ +Version 1.0.1, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a minor bug in Randpool::random() +* Added some new aliases and typedefs for 1.1.x compatibility +* The 4096-bit RSA benchmark key was decimal instead of hex +* EMAC was returning an incorrect name + diff --git a/doc/relnotes/1_0_2.txt b/doc/relnotes/1_0_2.txt new file mode 100644 index 000000000..9e09f198a --- /dev/null +++ b/doc/relnotes/1_0_2.txt @@ -0,0 +1,6 @@ +Version 1.0.2, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an obscure SEGFAULT causing bug in Pipe +* Fixed an obscure but dangerous bug in SecureVector::swap + diff --git a/doc/relnotes/1_10_0.txt b/doc/relnotes/1_10_0.txt new file mode 100644 index 000000000..3b6ba56ac --- /dev/null +++ b/doc/relnotes/1_10_0.txt @@ -0,0 +1,10 @@ +Version 1.10.0, 2011-06-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Detection for the rdrand instruction being added to upcoming Intel + Ivy Bridge processors has been added. + +* A template specialization of std::swap was added for the memory + container types. + + diff --git a/doc/relnotes/1_10_1.txt b/doc/relnotes/1_10_1.txt new file mode 100644 index 000000000..45529e3d5 --- /dev/null +++ b/doc/relnotes/1_10_1.txt @@ -0,0 +1,21 @@ +Version 1.10.1, 2011-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A race condition in `Algorithm_Factory` could cause crashes in + multithreaded code. See `this thread on botan-devel + <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_ + for details and workarounds. + +* The return value of ``name`` has changed for GOST 28147-89 and + Skein-512. GOST's ``name`` now includes the name of the sbox, and + Skein's includes the personalization string (if nonempty). This + allows an object to be properly roundtripped, which is necessary to + fix the race condition described above. + +* A new distribution script is now included, as + ``src/build-data/scripts/dist.py`` + +* The ``build.h`` header now includes, if available, an identifier of + the source revision that was used. This identifier is also included + in the result of ``version_string``. + diff --git a/doc/relnotes/1_10_2.txt b/doc/relnotes/1_10_2.txt new file mode 100644 index 000000000..10cb66176 --- /dev/null +++ b/doc/relnotes/1_10_2.txt @@ -0,0 +1,68 @@ +Version 1.10.2, 2012-06-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Several TLS bugs were fixed in this release, including a major +omission that the renegotiation extension was not being used. As the +1.10 implementation of TLS does not properly support renegotiation, +the approach in this release is simply to send the renegotiation +extension SCSV, which should protect the client against any handshake +splicing. In addition renegotiation attempts are handled properly +instead of causing handshake failures - all hello requests, and all +client hellos after the initial negotiation, are ignored. Some +bugs affecting DSA server authentication were also fixed. + +By popular request, ``Pipe::reset`` no longer requires that message +processing be completed, a requirement that caused problems when a +Filter's end_msg call threw an exception, after which point the Pipe +object was no longer usable. + +Support for getting entropy using the rdrand instruction introduced in +Intel's Ivy Bridge processors has been added. In previous releases, +the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit, +and would false positive on AMD Bulldozer processors. + +An implementation of SRP-6a compatible with the specification in RFC +5054 is now available in ``srp6.h``. In 1.11, this is being used for +TLS-SRP, but may be useful in other environments as well. + +An implementation of the Camellia block cipher was added, again largely +for use in TLS. + +If ``clock_gettime`` is available on the system, hres_timer will poll all +the available clock types. + +AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems. +The OpenBSD support was contributed by Brad Smith. + +The Qt mutex wrapper was broken and would not compile with any recent +version of Qt. Taking this as a clear indication that it is not in use, +it has been removed. + +Avoid setting the soname on OpenBSD, as it doesn't support it (PR 158) + +A compilation problem in the dynamic loader that prevented using +dyn_load under MinGW GCC has been fixed. + +A common error for people using MinGW is to target GCC on Windows, +however the 'Windows' target assumes the existence of Visual C++ +runtime functions which do not exist in MinGW. Now, configuring for +GCC on Windows will cause the configure.py to warn that likely you +wanted to configure for either MinGW or Cygwin, not the generic +Windows target. + +A bug in configure.py would cause it to interpret `--cpu=s390x` as +`s390`. This may have affected other CPUs as well. Now configure.py +searches for an exact match, and only if no exact match is found will +it search for substring matches. + +An incompatability in configure.py with the subprocess module included +in Python 3.1 has been fixed (PR 157). + +The exception catching syntax of configure.py has been changed to the +Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but +not with any earlier Python 2 release. A simple search and replace +will allow running it under Python 2.5:: + + perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py + +Note that Python 2.4 is not supported at all. diff --git a/doc/relnotes/1_11_0.txt b/doc/relnotes/1_11_0.txt new file mode 100644 index 000000000..6321eafbe --- /dev/null +++ b/doc/relnotes/1_11_0.txt @@ -0,0 +1,45 @@ +Version 1.11.0, Not Yet Released +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The codebase has converted to C++11. Currently GCC 4.7 and Clang 3.1 + are known to work. + +* The MemoryVector and SecureVector container types have been removed. + An alias of std::vector using an allocator that clears memory named + secure_vector is used for key material, and std::vector is used for + everything else. + +* The method of mlocking memory is much improved, and if the process + can mlock memory then it will be used automatically. + +* The TLS interface is now non-blocking and does not directly interact + with sockets. An example TLS server using asio is included which + scales to at least 64 processors. + +* X509_Store has been removed. x509_path_validate in x509path.h now + handles path validation and Certificate_Store handles storage of + certificates and CRLs. + +* Add support for OCSP + +* TLS v1.2 is now supported + +* TLS now supports session resumption. Session information can be + saved in memory or to an encrypted SQLite database. + +* TLS renegotiation is now supported + +* TLS client authentication is now supported + +* TLS SRP and PSK ciphersuites are now supported + +* TLS session tickets are now supported + +* TLS ECDH key exchange and ECDSA certificates are now supported + +* Add support for SHA-2 ciphersuites + +* Add support for anonymous DH/ECDH ciphersuites + + + diff --git a/doc/relnotes/1_1_0.txt b/doc/relnotes/1_1_0.txt new file mode 100644 index 000000000..09a08860b --- /dev/null +++ b/doc/relnotes/1_1_0.txt @@ -0,0 +1,20 @@ +Version 1.1.0, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added entropy estimation to the RNGs +* Improved the overall design of both Randpool and ANSI_X917_RNG +* Added a separate RNG for nonce generation +* Added window exponentiation support in power_mod +* Added a get_s2k function and the PKCS #5 S2K algorithms +* Added the TLSv1 PRF +* Replaced BlockCipherModeIV typedef with InitializationVector class +* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement +* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x +* Added support for RIPEMD-160 PKCS#1 v1.5 signatures +* Changed the key agreement scheme interface +* Changed the S2K and KDF interfaces +* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK +* Added support for variable-pass Tiger +* Major speedup for Rabin-Williams key generation + + diff --git a/doc/relnotes/1_1_1.txt b/doc/relnotes/1_1_1.txt new file mode 100644 index 000000000..bdb13f3ff --- /dev/null +++ b/doc/relnotes/1_1_1.txt @@ -0,0 +1,15 @@ +Version 1.1.1, 2002-10-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the Korean hash function HAS-160 +* Partial support for RSA and DSA X.509 public keys +* Added a mostly functional BER encoder/decoder +* Added support for non-deterministic MAC functions +* Initial support for PEM encoding/decoding +* Internal cleanups in the PK algorithms +* Several new convenience functions in Pipe +* Fixed two nasty bugs in Pipe +* Messed with the entropy sources for es_unix +* Discrete logarithm groups are checked for safety more closely now +* For compatibility with GnuPG, ElGamal now supports DSA-style groups + diff --git a/doc/relnotes/1_1_10.txt b/doc/relnotes/1_1_10.txt new file mode 100644 index 000000000..adc295152 --- /dev/null +++ b/doc/relnotes/1_1_10.txt @@ -0,0 +1,13 @@ +Version 1.1.10, 2003-04-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* X509_CA can now generate new X.509 CRLs +* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks +* More certificate and CRL extensions/attributes are supported +* Better DN handling in X.509 certificates/CRLs +* Added a DataSink hierarchy (suggested by Jim Darby) +* Consolidated SecureAllocator and ManagedAllocator +* Many cleanups and generalizations +* Added a (slow) pthreads based EntropySource +* Fixed some threading bugs + diff --git a/doc/relnotes/1_1_11.txt b/doc/relnotes/1_1_11.txt new file mode 100644 index 000000000..ef05a42a0 --- /dev/null +++ b/doc/relnotes/1_1_11.txt @@ -0,0 +1,11 @@ +Version 1.1.11, 2003-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added PKCS #10 certificate requests +* Changed X509_Store searching interface to be more flexible +* Added a generic Certificate_Store interface +* Added a function for generating self-signed X.509 certs +* Cleanups and changes to X509_CA +* New examples for PKCS #10 and self-signed certificates +* Some documentation updates + diff --git a/doc/relnotes/1_1_12.txt b/doc/relnotes/1_1_12.txt new file mode 100644 index 000000000..5f652af52 --- /dev/null +++ b/doc/relnotes/1_1_12.txt @@ -0,0 +1,12 @@ +Version 1.1.12, 2003-04-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a ASN.1 string encoding bug +* Fixed a pair of X509_DN encoding problems +* Base64_Decoder and Hex_Decoder can now validate input +* Removed support for the LibraryInitializer option 'egd_path' +* Added tests for DSA X.509 and PKCS #8 key formats +* Removed a long deprecated feature of DH_PrivateKey's constructor +* Updated the RPM .spec file +* Major documentation updates + diff --git a/doc/relnotes/1_1_13.txt b/doc/relnotes/1_1_13.txt new file mode 100644 index 000000000..b7379ceb8 --- /dev/null +++ b/doc/relnotes/1_1_13.txt @@ -0,0 +1,16 @@ +Version 1.1.13, 2003-04-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added OMAC +* Added EAX authenticated cipher mode +* Diffie-Hellman would not do blinding in some cases +* Optimized the OFB and CTR modes +* Corrected Skipjack's word ordering, as per NIST clarification +* Support for all subject/issuer attribute types required by RFC 3280 +* The removeFromCRL CRL reason code is now handled correctly +* Increased the flexibility of the allocators +* Renamed Rijndael to AES, created aes.h, deleted rijndael.h +* Removed support for the 'no_timer' LibraryInitializer option +* Removed 'es_pthr' module, pending further testing +* Cleaned up get_ciph.cpp + diff --git a/doc/relnotes/1_1_2.txt b/doc/relnotes/1_1_2.txt new file mode 100644 index 000000000..088d66804 --- /dev/null +++ b/doc/relnotes/1_1_2.txt @@ -0,0 +1,17 @@ +Version 1.1.2, 2002-10-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Support for PKCS #8 encoded RSA, DSA, and DH private keys +* Support for Diffie-Hellman X.509 public keys +* Major reorganization of how X.509 keys are handled +* Added PKCS #5 v2.0's PBES1 encryption scheme +* Added a generic cipher lookup interface +* Added the WiderWake4+1 stream cipher +* Added support for sync-able stream ciphers +* Added a 'paranoia level' option for the LibraryInitializer +* More security for RNG output meant for long term keys +* Added documentation for some of the new 1.1.x features +* CFB's feedback argument is now specified in bits +* Renamed CTR class to CTR_BE +* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats + diff --git a/doc/relnotes/1_1_3.txt b/doc/relnotes/1_1_3.txt new file mode 100644 index 000000000..f8c7fc3fc --- /dev/null +++ b/doc/relnotes/1_1_3.txt @@ -0,0 +1,15 @@ +Version 1.1.3, 2002-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a generic public/private key loading interface +* Fixed a small encoding bug in RSA, RW, and DH +* Changed the PK encryption/decryption interface classes +* ECB supports using padding methods +* Added a function-based interface for library initialization +* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures +* The cipher mode benchmarks now use 128-bit AES instead of DES +* Removed some obsolete typedefs +* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) +* Added tests for PKCS #8 encoding/decoding +* Added more tests for ECB and CBC + diff --git a/doc/relnotes/1_1_4.txt b/doc/relnotes/1_1_4.txt new file mode 100644 index 000000000..9d74c3ae5 --- /dev/null +++ b/doc/relnotes/1_1_4.txt @@ -0,0 +1,14 @@ +Version 1.1.4, 2002-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Speedup of 15-30% for PK algorithms +* Implemented the PBES2 encryption scheme +* Fixed a potential bug in decoding RSA and RW private keys +* Changed the DL_Group class interface to handle different formats better +* Added support for PKCS #3 encoded DH parameters +* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' +* Added key pair consistency checking +* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) +* A botan-config script is generated at configure time +* Documentation updates + diff --git a/doc/relnotes/1_1_5.txt b/doc/relnotes/1_1_5.txt new file mode 100644 index 000000000..90101dedb --- /dev/null +++ b/doc/relnotes/1_1_5.txt @@ -0,0 +1,8 @@ +Version 1.1.5, 2002-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the discrete logarithm integrated encryption system (DLIES) +* Various optimizations for BigInt +* Added support for assembler optimizations in modules +* Added BigInt x86 optimizations module (mpi_ia32) + diff --git a/doc/relnotes/1_1_6.txt b/doc/relnotes/1_1_6.txt new file mode 100644 index 000000000..4c638b7e3 --- /dev/null +++ b/doc/relnotes/1_1_6.txt @@ -0,0 +1,10 @@ +Version 1.1.6, 2002-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial support for X.509v3 certificates and CAs +* Major redesign/rewrite of the ASN.1 encoding/decoding code +* Added handling for DSA/NR signatures encoded as DER SEQUENCEs +* Documented the generic cipher lookup interface +* Added an (untested) entropy source for BeOS +* Various cleanups and bug fixes + diff --git a/doc/relnotes/1_1_7.txt b/doc/relnotes/1_1_7.txt new file mode 100644 index 000000000..bd73607e6 --- /dev/null +++ b/doc/relnotes/1_1_7.txt @@ -0,0 +1,8 @@ +Version 1.1.7, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an obscure but dangerous bug in SecureVector::swap +* Consolidated SHA-384 and SHA-512 to save code space +* Added SSL3-MAC and SSL3-PRF +* Documentation updates, including a new tutorial + diff --git a/doc/relnotes/1_1_8.txt b/doc/relnotes/1_1_8.txt new file mode 100644 index 000000000..2ed517ece --- /dev/null +++ b/doc/relnotes/1_1_8.txt @@ -0,0 +1,13 @@ +Version 1.1.8, 2003-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixes for the certificate path validation algorithm in X509_Store +* Fixed a bug affecting X509_Certificate::is_ca_cert() +* Added a general configuration interface for policy issues +* Cleanups and API changes in the X.509 CA, cert, and store code +* Made various options available for X509_CA users +* Changed X509_Time's interface to work around time_t problems +* Fixed a theoretical weakness in Randpool's entropy mixing function +* Fixed problems compiling with GCC 2.95.3 and GCC 2.96 +* Fixed a configure bug (reported by Jon Wilson) affecting MinGW + diff --git a/doc/relnotes/1_1_9.txt b/doc/relnotes/1_1_9.txt new file mode 100644 index 000000000..2ed18080d --- /dev/null +++ b/doc/relnotes/1_1_9.txt @@ -0,0 +1,10 @@ +Version 1.1.9, 2003-02-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for using X.509v2 CRLs +* Fixed several bugs in the path validation algorithm +* Certificates can be verified for a particular usage +* Algorithm for comparing distinguished names now follows X.509 +* Cleaned up the code for the es_beos, es_ftw, es_unix modules +* Documentation updates + diff --git a/doc/relnotes/1_2_0.txt b/doc/relnotes/1_2_0.txt new file mode 100644 index 000000000..2372919fb --- /dev/null +++ b/doc/relnotes/1_2_0.txt @@ -0,0 +1,9 @@ +Version 1.2.0, 2003-04-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Tweaked the Karatsuba cut-off points +* Increased the allowed keylength of HMAC and Blowfish +* Removed the 'mpi_ia32' module, pending rewrite +* Workaround a GCC 2.95.x bug in eme1.cpp + + diff --git a/doc/relnotes/1_2_1.txt b/doc/relnotes/1_2_1.txt new file mode 100644 index 000000000..885d6a10a --- /dev/null +++ b/doc/relnotes/1_2_1.txt @@ -0,0 +1,10 @@ +Version 1.2.1, 2003-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added ANSI X9.23 compatible CBC padding +* Added an entropy source using Win32 CryptoAPI +* Removed the Pipe I/O operators taking a FILE* +* Moved the BigInt encoding/decoding functions into the BigInt class +* Integrated several fixes for VC++ 7 (from Hany Greiss) +* Fixed the configure.pl script for Windows builds + diff --git a/doc/relnotes/1_2_2.txt b/doc/relnotes/1_2_2.txt new file mode 100644 index 000000000..6732daffb --- /dev/null +++ b/doc/relnotes/1_2_2.txt @@ -0,0 +1,13 @@ +Version 1.2.2, 2003-05-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add checks to prevent any BigInt bugs from revealing an RSA or RW key +* Changed the interface of Global_RNG::seed +* Major improvements for the es_unix module +* Added another Win32 entropy source, es_win32 +* The Win32 CryptoAPI entropy source can now poll multiple providers +* Improved the BeOS entropy source +* Renamed pipe_unixfd module to fd_unix +* Fixed a file descriptor leak in the EGD module +* Fixed a few locking bugs + diff --git a/doc/relnotes/1_2_3.txt b/doc/relnotes/1_2_3.txt new file mode 100644 index 000000000..fd12fc09c --- /dev/null +++ b/doc/relnotes/1_2_3.txt @@ -0,0 +1,14 @@ +Version 1.2.3, 2003-05-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug that prevented DSA/NR key generation +* Fixed a bug that prevented importing some root CA certs +* Fixed a bug in the BER decoder when handing optional bit or byte strings +* Fixed the encoding of authorityKeyIdentifier in X509_CA +* Added a sanity check in PBKDF2 for zero length passphrases +* Added versions of X509::load_key and PKCS8::load_key that take a file name +* X509_CA generates 128 bit serial numbers now +* Added tests to check PK key generation +* Added a simplistic X.509 CA example +* Cleaned up some of the examples + diff --git a/doc/relnotes/1_2_4.txt b/doc/relnotes/1_2_4.txt new file mode 100644 index 000000000..600d030c4 --- /dev/null +++ b/doc/relnotes/1_2_4.txt @@ -0,0 +1,8 @@ +Version 1.2.4, 2003-05-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug in EMSA1 affecting NR signature verification +* Fixed a few latent bugs in BigInt related to word size +* Removed an unused function, mp_add2_nc, from the MPI implementation +* Reorganized the core MPI files + diff --git a/doc/relnotes/1_2_5.txt b/doc/relnotes/1_2_5.txt new file mode 100644 index 000000000..b88c37e7e --- /dev/null +++ b/doc/relnotes/1_2_5.txt @@ -0,0 +1,23 @@ +Version 1.2.5, 2003-06-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a tricky and long-standing memory leak in Pipe +* Major cleanups and fixes in the memory allocation system +* Removed alloc_mlock, which has been superseded by the ml_unix module +* Removed a denial of service vulnerability in X509_Store +* Fixed compilation problems with VS .NET 2003 and Codewarrior 8 +* Added another variant of PKCS8::load_key, taking a memory buffer +* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 +* BigInt::operator%=(word) was a no-op if the input was a power of 2 +* Fixed portability problems in BigInt::to_u32bit +* Fixed major bugs in SSL3-MAC +* Cleaned up some messes in the PK algorithms +* Cleanups and extensions for OMAC and EAX +* Made changes to the entropy estimation function +* Added a 'beos' module set for use on BeOS +* Officially deprecated a few X509:: and PKCS8:: functions +* Moved the contents of primes.h to numthry.h +* Moved the contents of x509opt.h to x509self.h +* Removed the (empty) desx.h header +* Documentation updates + diff --git a/doc/relnotes/1_2_6.txt b/doc/relnotes/1_2_6.txt new file mode 100644 index 000000000..9a22648d5 --- /dev/null +++ b/doc/relnotes/1_2_6.txt @@ -0,0 +1,10 @@ +Version 1.2.6, 2003-07-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major performance increase for PK algorithms on most 64-bit systems +* Cleanups in the low-level MPI code to support asm implementations +* Fixed build problems with some versions of Compaq's C++ compiler +* Removed useless constructors for NR public and private keys +* Removed support for the patch_file directive in module files +* Removed several deprecated functions + diff --git a/doc/relnotes/1_2_7.txt b/doc/relnotes/1_2_7.txt new file mode 100644 index 000000000..8121bbef8 --- /dev/null +++ b/doc/relnotes/1_2_7.txt @@ -0,0 +1,15 @@ +Version 1.2.7, 2003-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for reading configuration files +* Added constructors so NR and RW keys can be imported easily +* Fixed mp_asm64, which was completely broken in 1.2.6 +* Removed tm_hw_ia32 module; replaced by tm_hard +* Added support for loading certain oddly formed RSA certificates +* Fixed spelling of NON_REPUDIATION enum +* Renamed the option default_to_ca to v1_assume_ca +* Fixed a minor bug in X.509 certificate generation +* Fixed a latent bug in the OID lookup code +* Updated the RPM spec file +* Added to the tutorial + diff --git a/doc/relnotes/1_2_8.txt b/doc/relnotes/1_2_8.txt new file mode 100644 index 000000000..e234b5ccd --- /dev/null +++ b/doc/relnotes/1_2_8.txt @@ -0,0 +1,5 @@ +Version 1.2.8, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Merged several important bug fixes from 1.3.x + diff --git a/doc/relnotes/1_3_0.txt b/doc/relnotes/1_3_0.txt new file mode 100644 index 000000000..c1229e8d2 --- /dev/null +++ b/doc/relnotes/1_3_0.txt @@ -0,0 +1,11 @@ +Version 1.3.0, 2003-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major redesign of the PKCS #8 private key import/export system +* Added a small amount of UI interface code for getting passphrases +* Added heuristics that tell if a key, cert, etc is stored as PEM or BER +* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC +* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR +* Made PEM decoding more forgiving of extra text before the header + + diff --git a/doc/relnotes/1_3_1.txt b/doc/relnotes/1_3_1.txt new file mode 100644 index 000000000..70bc79d02 --- /dev/null +++ b/doc/relnotes/1_3_1.txt @@ -0,0 +1,7 @@ +Version 1.3.1, 2003-11-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Generalized a few pieces of the DER encoder +* PKCS8::load_key would fail if handed an unencrypted key +* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop + diff --git a/doc/relnotes/1_3_10.txt b/doc/relnotes/1_3_10.txt new file mode 100644 index 000000000..f99d11bc2 --- /dev/null +++ b/doc/relnotes/1_3_10.txt @@ -0,0 +1,10 @@ +Version 1.3.10, 2004-03-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for OpenPGP's ASCII armor format +* Cleaned up the RNG system; seeding is much more flexible +* Added simple autoconfiguration abilities to configure.pl +* Fixed a GCC 2.95.x compile problem +* Updated the example configuration file +* Documentation updates + diff --git a/doc/relnotes/1_3_11.txt b/doc/relnotes/1_3_11.txt new file mode 100644 index 000000000..86c1f13a1 --- /dev/null +++ b/doc/relnotes/1_3_11.txt @@ -0,0 +1,12 @@ +Version 1.3.11, 2004-04-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed two show-stopping bugs in PKCS10_Request +* Added some sanity checks in Pipe/Filter +* The DNS and URI entries would get swapped in subjectAlternativeNames +* MAC_Filter is now willing to not take a key at creation time +* Setting the expiration times of certs and CRLs is more flexible +* Fixed problems building on AIX with GCC +* Fixed some problems in the tutorial pointed out by Dominik Vogt +* Documentation updates + diff --git a/doc/relnotes/1_3_12.txt b/doc/relnotes/1_3_12.txt new file mode 100644 index 000000000..0a5ef7901 --- /dev/null +++ b/doc/relnotes/1_3_12.txt @@ -0,0 +1,15 @@ +Version 1.3.12, 2004-05-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added ability to remove old entries from CRLs +* Swapped the first two arguments of X509_CA::update_crl() +* Added an < operator for MemoryRegion, so it can be used as a std::map key +* Changed X.509 searching by DNS name from substring to full string compares +* Renamed a few X509_Certificate and PKCS10_Request member functions +* Fixed a problem when decoding some PKCS #10 requests +* Hex_Decoder would not check inputs, reported by Vaclav Ovsik +* Changed default CRL expire time from 30 days to 7 days +* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility +* Corrected errors in the API doc, fixes from Ken Perano +* More documentation about the Pipe/Filter code + diff --git a/doc/relnotes/1_3_13.txt b/doc/relnotes/1_3_13.txt new file mode 100644 index 000000000..6b6726aea --- /dev/null +++ b/doc/relnotes/1_3_13.txt @@ -0,0 +1,9 @@ +Version 1.3.13, 2004-05-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major fixes for Cygwin builds +* Minor MacOS X install fixes +* The configure script is a little better at picking the right modules +* Removed ml_unix from the 'unix' module set for Cygwin compatibility +* Fixed a stupid compile problem in pkcs10.h + diff --git a/doc/relnotes/1_3_14.txt b/doc/relnotes/1_3_14.txt new file mode 100644 index 000000000..330a4690b --- /dev/null +++ b/doc/relnotes/1_3_14.txt @@ -0,0 +1,26 @@ +Version 1.3.14, 2004-06-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for AEP's AEP1000/AEP2000 crypto cards +* Added a Mutex module using Qt, from Justin Karneges +* Added support for engine loading in LibraryInitializer +* Tweaked SecureAllocator, giving 20% better performance under heavy load +* Added timer and memory locking modules for Win32 (tm_win32, ml_win32) +* Renamed PK_Engine to Engine_Core +* Improved the Karatsuba cutoff points +* Fixes for compiling with GCC 3.4 and Sun C++ 5.5 +* Fixes for Linux/s390, OpenBSD, and Solaris +* Added support for Linux/s390x +* The configure script was totally broken for 'generic' OS +* Removed Montgomery reduction due to bugs +* Removed an unused header, pkcs8alg.h +* check --validate returns an error code if any tests failed +* Removed duplicate entry in Unix command list for es_unix +* Moved the Cert_Usage enumeration into X509_Store +* Added new timing methods for PK benchmarks, clock_gettime and RDTSC +* Fixed a few minor bugs in the configure script +* Removed some deprecated functions from x509cert.h and pkcs10.h +* Removed the 'minimal' module, has to be updated for Engine support +* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace +* Documentation updates + diff --git a/doc/relnotes/1_3_2.txt b/doc/relnotes/1_3_2.txt new file mode 100644 index 000000000..c4a99be88 --- /dev/null +++ b/doc/relnotes/1_3_2.txt @@ -0,0 +1,21 @@ +Version 1.3.2, 2003-11-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug preventing DSA signatures from verifying on X.509 objects +* Made the X509_Store search routines more efficient and flexible +* Added a function to X509_PublicKey to do easy public/private key matching +* Added support for decoding indefinite length BER data +* Changed Pipe's peek() to take an offset +* Removed Filter::set_owns in favor of the new incr_owns function +* Removed BigInt::zero() and BigInt::one() +* Renamed the PEM related options from base/pem_* to pem/* +* Added an option to specify the line width when encoding PEM +* Removed the "rng/safe_longterm" option; it's always on now +* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 +* Cleaned up the base64/hex encoders and decoders +* Added an ASN.1/BER decoder as an example +* AES had its internals marked 'public' in previous versions +* Changed the value of the ASN.1 NO_OBJECT enum +* Various new hacks in the configure script +* Removed the already nominal support for SunOS + diff --git a/doc/relnotes/1_3_3.txt b/doc/relnotes/1_3_3.txt new file mode 100644 index 000000000..236fbec85 --- /dev/null +++ b/doc/relnotes/1_3_3.txt @@ -0,0 +1,18 @@ +Version 1.3.3, 2003-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The library can now be repeatedly initialized and shutdown without crashing +* Fixed an off-by-one error in the CTS code +* Fixed an error in the EMSA4 verification code +* Fixed a memory leak in mutex.cpp (pointed out by James Widener) +* Fixed a memory leak in Pthread_Mutex +* Fixed several memory leaks in the testing code +* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions +* Minor cleanups in SecureAllocator +* Removed a needless mutex guarding the (stateless) global timer +* Fixed a piece of bash-specific code in botan-config +* X.509 objects report more information about decoding errors +* Cleaned up some of the exception handling +* Updated the example config file with new OIDSs +* Moved the build instructions into a separate document, building.tex + diff --git a/doc/relnotes/1_3_4.txt b/doc/relnotes/1_3_4.txt new file mode 100644 index 000000000..54a12d818 --- /dev/null +++ b/doc/relnotes/1_3_4.txt @@ -0,0 +1,11 @@ +Version 1.3.4, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a module that does certain MPI operations using GNU MP +* Added the X9.42 Diffie-Hellman PRF +* The Zlib and Bzip2 objects now use custom allocators +* Added member functions for directly hashing/MACing SecureVectors +* Minor optimizations to the MPI addition and subtraction algorithms +* Some cleanups in the low-level MPI code +* Created separate AES-{128,192,256} objects + diff --git a/doc/relnotes/1_3_5.txt b/doc/relnotes/1_3_5.txt new file mode 100644 index 000000000..f94df7bd9 --- /dev/null +++ b/doc/relnotes/1_3_5.txt @@ -0,0 +1,21 @@ +Version 1.3.5, 2003-11-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major improvements in ASN.1 string handling +* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs +* Added partial support for the X.509v3 certificate policies extension +* Centralized the handling of character set information +* Added FIPS 140-2 startup self tests +* Added a module (fips140) for doing extra FIPS 140-2 tests +* Added FIPS 186-2 RNG +* Improved ASN.1 BIT STRING handling +* Removed a memory leak in PKCS10_Request +* The encoding of DirectoryString now follows PKIX guidelines +* Fixed some of the character set dependencies +* Fixed a DER encoding error for tags greater than 30 +* The BER decoder can now handle tags larger than 30 +* Fixed tm_hard.cpp to recognize SPARC on more systems +* Workarounds for a GCC 2.95.x bug in x509find.cpp +* RPM changed to install into /usr instead of /usr/local +* Added support for QNX + diff --git a/doc/relnotes/1_3_6.txt b/doc/relnotes/1_3_6.txt new file mode 100644 index 000000000..f8310d315 --- /dev/null +++ b/doc/relnotes/1_3_6.txt @@ -0,0 +1,8 @@ +Version 1.3.6, 2003-12-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a new module 'minimal', which disables most algorithms +* SecureAllocator allocates a few blocks at startup +* A few minor MPI cleanups +* RPM spec file cleanups and fixes + diff --git a/doc/relnotes/1_3_7.txt b/doc/relnotes/1_3_7.txt new file mode 100644 index 000000000..8cbb431f5 --- /dev/null +++ b/doc/relnotes/1_3_7.txt @@ -0,0 +1,13 @@ +Version 1.3.7, 2003-12-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a big security problem in es_unix +* Fixed several stability problems in es_unix +* Expanded the list of programs es_unix will try to use +* SecureAllocator now only preallocates blocks in special cases +* Added a special case in Global_RNG::seed for forcing a full poll +* Removed the FIPS 186 RNG added in 1.3.5 pending further testing +* Configure updates for PowerPC CPUs +* Removed the (never tested) VAX support +* Added support for S/390 Linux + diff --git a/doc/relnotes/1_3_8.txt b/doc/relnotes/1_3_8.txt new file mode 100644 index 000000000..7fac2566a --- /dev/null +++ b/doc/relnotes/1_3_8.txt @@ -0,0 +1,26 @@ +Version 1.3.8, 2003-12-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial introduction of engine support, which separates PK keys from + the underlying operations. An engine using GNU MP was added. + +* DSA, DH, NR, and ElGamal constructors accept taking just the private + key again since the public key is easily derived from it. + +* Montgomery reduction support was added. +* ElGamal keys now support being imported/exported as ASN.1 objects +* Added Montgomery reductions +* Added an engine that uses GNU MP (requires 4.1 or later) +* Removed the obsolete mp_gmp module +* Moved several initialization/shutdown functions to init.h +* Major refactoring of the memory containers +* New non-locking container, MemoryVector +* Fixed 64-bit problems in BigInt::set_bit/clear_bit +* Renamed PK_Key::check_params() to check_key() +* Some incompatible changes to OctetString +* Added version checking macros in version.h +* Removed the fips140 module pending rewrite +* Added some functions and hooks to help GUIs +* Moved more shared code into MDx_HashFunction +* Added a policy hook for specifying the encoding of X.509 strings + diff --git a/doc/relnotes/1_3_9.txt b/doc/relnotes/1_3_9.txt new file mode 100644 index 000000000..1867b8231 --- /dev/null +++ b/doc/relnotes/1_3_9.txt @@ -0,0 +1,10 @@ +Version 1.3.9, 2004-03-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an engine using OpenSSL (requires 0.9.7 or later) +* X509_Certificate would lose email addresses stored in the DN +* Fixed a missing initialization in a BigInt constructor +* Fixed several Visual C++ compile problems +* Fixed some BeOS build problems +* Fixed the WiderWake benchmark + diff --git a/doc/relnotes/1_4_0.txt b/doc/relnotes/1_4_0.txt new file mode 100644 index 000000000..c1cc5ea88 --- /dev/null +++ b/doc/relnotes/1_4_0.txt @@ -0,0 +1,12 @@ +Version 1.4.0, 2004-06-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the FIPS 186 RNG back +* Added copy_key functions for X.509 public keys and PKCS #8 private keys +* Fixed PKCS #1 signatures with RIPEMD-128 +* Moved some code around to avoid warnings with Sun ONE compiler +* Fixed a bug in botan-config affecting OpenBSD +* Fixed some build problems on Tru64, HP-UX +* Fixed compile problems with Intel C++, Compaq C++ + + diff --git a/doc/relnotes/1_4_1.txt b/doc/relnotes/1_4_1.txt new file mode 100644 index 000000000..10f45b8b1 --- /dev/null +++ b/doc/relnotes/1_4_1.txt @@ -0,0 +1,11 @@ +Version 1.4.1, 2004-10-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed major errors in the X.509 and PKCS #8 copy_key functions +* Added a LAST_MESSAGE meta-message number for Pipe +* Added new aliases (3DES and DES-EDE) for Triple-DES +* Added some new functions to PK_Verifier +* Cleaned up the KDF interface +* Disabled tm_posix on BSD due to header issues +* Fixed a build problem on PowerPC with GNU C++ pre-3.4 + diff --git a/doc/relnotes/1_4_10.txt b/doc/relnotes/1_4_10.txt new file mode 100644 index 000000000..277245284 --- /dev/null +++ b/doc/relnotes/1_4_10.txt @@ -0,0 +1,20 @@ +Version 1.4.10, 2005-12-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an implementation of KASUMI, the block cipher used in 3G phones +* Refactored Pipe; output queues are now managed by a distinct class +* Made certain Filter facilities only available to subclasses of Fanout_Filter +* There is no longer any overhead in Pipe for a message that has been read out +* It is now possible to generate RSA keys as small as 128 bits +* Changed some of the core classes to derive from Algorithm as a virtual base +* Changed Randpool to use HMAC instead of a plain hash as the mixing function +* Fixed a bug in the allocators; found and fixed by Matthew Gregan +* Enabled the use of binary file I/O, when requested by the application +* The OpenSSL engine's block cipher code was missing some deallocation calls +* Disabled the es_ftw module on NetBSD, due to header problems there +* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC +* Some cleanups for the modules that use inline assembler +* config.h is now stored in build/ instead of build/include/botan/ +* The header util.h was split into bit_ops.h, parsing.h, and util.h +* Cleaned up some redundant include directives + diff --git a/doc/relnotes/1_4_11.txt b/doc/relnotes/1_4_11.txt new file mode 100644 index 000000000..1bfb5d059 --- /dev/null +++ b/doc/relnotes/1_4_11.txt @@ -0,0 +1,12 @@ +Version 1.4.11, 2005-12-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Changed Whirlpool diffusion matrix to match updated algorithm spec +* Fixed several engine module build errors introduced in 1.4.10 +* Fixed two build problems in es_capi; reported by Matthew Gregan +* Added a constructor to DataSource_Memory taking a std::string +* Placing the same Filter in multiple Pipes triggers an exception +* The configure script accepts --docdir and --libdir +* Merged doc/rngs.txt into the main API document +* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 + diff --git a/doc/relnotes/1_4_12.txt b/doc/relnotes/1_4_12.txt new file mode 100644 index 000000000..d2c134884 --- /dev/null +++ b/doc/relnotes/1_4_12.txt @@ -0,0 +1,8 @@ +Version 1.4.12, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an off-by-one memory read in MISTY1::key() +* Fixed a nasty memory leak in Output_Buffers::retire() +* Changed maximum HMAC keylength to 1024 bits +* Fixed a build problem in the hardware timer module on 64-bit PowerPC + diff --git a/doc/relnotes/1_4_2.txt b/doc/relnotes/1_4_2.txt new file mode 100644 index 000000000..43cc25a42 --- /dev/null +++ b/doc/relnotes/1_4_2.txt @@ -0,0 +1,14 @@ +Version 1.4.2, 2004-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a major CRL handling bug +* Cipher and hash operations can be offloaded to engines +* Added support for cipher and hash offload in OpenSSL engine +* Improvements for 64-bit CPUs without a widening multiply instruction +* Support for SHA2-* and Whirlpool with EMSA2 +* Fixed a long-standing build problem with conflicting include files +* Fixed some examples that hadn't been updated for 1.4.x +* Portability fixes for Solaris, BSD, HP-UX, and others +* Lots of fixes and cleanups in the configure script +* Updated the Gentoo ebuild file + diff --git a/doc/relnotes/1_4_3.txt b/doc/relnotes/1_4_3.txt new file mode 100644 index 000000000..016221c6c --- /dev/null +++ b/doc/relnotes/1_4_3.txt @@ -0,0 +1,10 @@ +Version 1.4.3, 2004-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split up SecureAllocator into Allocator and Pooling_Allocator +* Memory locking allocators are more likely to be used +* Fixed the placement of includes in some modules +* Fixed broken installation procedure +* Fixes in configure script to support alternate install programs +* Modules can specify the minimum version they support + diff --git a/doc/relnotes/1_4_4.txt b/doc/relnotes/1_4_4.txt new file mode 100644 index 000000000..f633751f5 --- /dev/null +++ b/doc/relnotes/1_4_4.txt @@ -0,0 +1,9 @@ +Version 1.4.4, 2004-12-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Further tweaks to the pooling allocator +* Modified EMSA3 to support SSL/TLS signatures +* Changes to support Qt/QCA, from Justin Karneges +* Moved mux_qt module code into mod_qt +* Fixes for HP-UX from Mike Desjardins + diff --git a/doc/relnotes/1_4_5.txt b/doc/relnotes/1_4_5.txt new file mode 100644 index 000000000..cfc8b3455 --- /dev/null +++ b/doc/relnotes/1_4_5.txt @@ -0,0 +1,15 @@ +Version 1.4.5, 2005-02-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for AES encryption of private keys +* Minor fixes for PBES2 parameter decoding +* Internal cleanups for global state variables +* GCC 3.x version detection was broken in non-English locales +* Work around a Sun Forte bug affecting mem_pool.h +* Several fixes for Borland C++ 5.5, from Friedemann Kleint +* Removed inclusion of init.h into base.h +* Fixed a major bug in reading from certificate stores +* Cleaned up a couple of mutex leaks +* Removed some left-over debugging code +* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF + diff --git a/doc/relnotes/1_4_6.txt b/doc/relnotes/1_4_6.txt new file mode 100644 index 000000000..a4450928d --- /dev/null +++ b/doc/relnotes/1_4_6.txt @@ -0,0 +1,10 @@ +Version 1.4.6, 2005-03-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix an error in the shutdown code introduced in 1.4.5 +* Setting base/pkcs8_tries to 0 disables the builtin fail-out +* Support for XMPP identifiers in X.509 certificates +* Duplicate entries in X.509 DNs are removed +* More fixes for Borland C++, from Friedemann Kleint +* Add a workaround for buggy iostreams + diff --git a/doc/relnotes/1_4_7.txt b/doc/relnotes/1_4_7.txt new file mode 100644 index 000000000..1531b1cfe --- /dev/null +++ b/doc/relnotes/1_4_7.txt @@ -0,0 +1,17 @@ +Version 1.4.7, 2005-09-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed major performance problems with recent versions of GNU C++ +* Added an implementation of the X9.31 PRNG +* Removed the X9.17 and FIPS 186-2 PRNG algorithms +* Changed defaults to use X9.31 PRNGs as global PRNG objects +* Documentation updates to reflect the PRNG changes +* Some cleanups related to the engine code +* Removed two useless headers, base_eng.h and secalloc.h +* Removed PK_Verifier::valid_signature +* Fixed configure/build system bugs affecting MacOS X builds +* Added support for the EKOPath x86-64 compiler +* Added missing destructor for BlockCipherModePaddingMethod +* Fix some build problems with Visual C++ 2005 beta +* Fix some build problems with Visual C++ 2003 Workshop + diff --git a/doc/relnotes/1_4_8.txt b/doc/relnotes/1_4_8.txt new file mode 100644 index 000000000..694138ecc --- /dev/null +++ b/doc/relnotes/1_4_8.txt @@ -0,0 +1,9 @@ +Version 1.4.8, 2005-10-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Resolved a bad performance problem in the allocators; fix by Matt Johnston +* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 +* Renamed OMAC to CMAC to match the official NIST naming +* Added single byte versions of update() to PK_Signer and PK_Verifier +* Removed the unused reverse_bits and reverse_bytes functions + diff --git a/doc/relnotes/1_4_9.txt b/doc/relnotes/1_4_9.txt new file mode 100644 index 000000000..ff663a0a5 --- /dev/null +++ b/doc/relnotes/1_4_9.txt @@ -0,0 +1,17 @@ +Version 1.4.9, 2005-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the IBM-created AES candidate algorithm MARS +* Added the South Korean block cipher SEED +* Added the stream cipher Turing +* Added the new hash function FORK-256 +* Deprecated the ISAAC stream cipher +* Twofish and RC6 are significantly faster with GCC +* Much better support for 64-bit PowerPC +* Added support for high-resolution PowerPC timers +* Fixed a bug in the configure script causing problems on FreeBSD +* Changed ANSI X9.31 to support arbitrary block ciphers +* Make the configure script a bit less noisy +* Added more test vectors for some algorithms, including all the AES finalists +* Various cosmetic source code cleanups + diff --git a/doc/relnotes/1_5_0.txt b/doc/relnotes/1_5_0.txt new file mode 100644 index 000000000..6b2926510 --- /dev/null +++ b/doc/relnotes/1_5_0.txt @@ -0,0 +1,13 @@ +Version 1.5.0, 2006-01-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Moved all global/shared library state into a single object +* Mutex objects are created through mutex factories instead of a global +* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() +* Removed the RNG_Quality enum entirely +* There is now only a single global-use PRNG +* Removed the no_aliases and no_oids options for LibraryInitializer +* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL +* Change es_ftw to use unbuffered I/O + + diff --git a/doc/relnotes/1_5_1.txt b/doc/relnotes/1_5_1.txt new file mode 100644 index 000000000..69ba5c6fa --- /dev/null +++ b/doc/relnotes/1_5_1.txt @@ -0,0 +1,15 @@ +Version 1.5.1, 2006-01-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Implemented Montgomery exponentiation +* Implemented generalized Karatsuba multiplication and squaring +* Implemented Comba squaring for 4, 6, and 8 word inputs +* Added new Modular_Exponentiator and Power_Mod classes +* Removed FixedBase_Exp and FixedExponent_Exp +* Fixed a performance regression in get_allocator introduced in 1.5.0 +* Engines can now offer S2K algorithms and block cipher padding methods +* Merged the remaining global 'algolist' code into Default_Engine +* The low-level MPI code is linked as C again +* Replaced BigInt's get_nibble with the more general get_substring +* Some documentation updates + diff --git a/doc/relnotes/1_5_10.txt b/doc/relnotes/1_5_10.txt new file mode 100644 index 000000000..e4af64bb8 --- /dev/null +++ b/doc/relnotes/1_5_10.txt @@ -0,0 +1,14 @@ +Version 1.5.10, 2006-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add x86 assembler versions of MD4, MD5, and SHA-1 +* Expand InitializerOptions' language to support on/off switches +* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 +* Fix possible resource leaks in the mmap allocator +* Slightly optimized buffering in MDx_HashFunction +* Initialization failures are dealt with somewhat better +* Add an example implementing Pollard's Rho algorithm +* Better option handling in the test/benchmark tool +* Expand the xor_ciph example to support longer keys +* Some updates to the documentation + diff --git a/doc/relnotes/1_5_11.txt b/doc/relnotes/1_5_11.txt new file mode 100644 index 000000000..144d8be66 --- /dev/null +++ b/doc/relnotes/1_5_11.txt @@ -0,0 +1,11 @@ +Version 1.5.11, 2006-09-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Removed the Algorithm base class +* Various cleanups in the public key inheritance hierarchy +* Major overhaul of the configure/build setup +* Added x86 assembler implementations of Serpent and low-level MPI code +* Optimizations for the SHA-1 x86 assembler +* Various improvements to the Python wrappers +* Work around a Visual Studio compiler bug + diff --git a/doc/relnotes/1_5_12.txt b/doc/relnotes/1_5_12.txt new file mode 100644 index 000000000..4e57fd99a --- /dev/null +++ b/doc/relnotes/1_5_12.txt @@ -0,0 +1,10 @@ +Version 1.5.12, 2006-10-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Cleanups in the initialization routines +* Add some x86-64 assembly for multiply-add +* Fix problems generating very small (below 384 bit) RSA keys +* Support out of tree builds +* Bring some of the documentation up to date +* More improvements to the Python bindings + diff --git a/doc/relnotes/1_5_13.txt b/doc/relnotes/1_5_13.txt new file mode 100644 index 000000000..b8bcf7684 --- /dev/null +++ b/doc/relnotes/1_5_13.txt @@ -0,0 +1,6 @@ +Version 1.5.13, 2006-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Compilation fixes for the bzip2, zlib, and GNU MP modules +* Better support for Intel C++ and EKOpath C++ on x86-64 + diff --git a/doc/relnotes/1_5_2.txt b/doc/relnotes/1_5_2.txt new file mode 100644 index 000000000..5e5a68d44 --- /dev/null +++ b/doc/relnotes/1_5_2.txt @@ -0,0 +1,18 @@ +Version 1.5.2, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an off-by-one memory read in MISTY1::key() +* Fixed a nasty memory leak in Output_Buffers::retire() +* Reimplemented the memory allocator from scratch +* Improved memory caching in Montgomery exponentiation +* Optimizations for multiple precision addition and subtraction +* Fixed a build problem in the hardware timer module on 64-bit PowerPC +* Changed default Karatsuba cutoff to 12 words (was 14) +* Removed MemoryRegion::bits(), which was unused and incorrect +* Changed maximum HMAC keylength to 1024 bits +* Various minor Makefile and build system changes +* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution +* Switched checks/clock.cpp back to using clock() by default +* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 +* Removed the Default_Mutex's unused clone() member function + diff --git a/doc/relnotes/1_5_3.txt b/doc/relnotes/1_5_3.txt new file mode 100644 index 000000000..60f5f9009 --- /dev/null +++ b/doc/relnotes/1_5_3.txt @@ -0,0 +1,14 @@ +Version 1.5.3, 2006-01-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Many optimizations in the low-level multiple precision integer code +* Added hooks for assembly implementations of the MPI code +* Support for the X.509 issuer alternative name extension in new certs +* Fixed a bug in the decompression modules; found and patched by Matt Johnston +* New Windows mutex module (mux_win32), by Luca Piccarreta +* Changed the Windows timer module to use QueryPerformanceCounter +* mem_pool.cpp was using std::set iterators instead of std::multiset ones +* Fixed a bug in X509_CA preventing users from disabling particular extensions +* Fixed the mp_asm64 module, which was entirely broken in 1.5.2 +* Fixed some module build problems on FreeBSD and Tru64 + diff --git a/doc/relnotes/1_5_4.txt b/doc/relnotes/1_5_4.txt new file mode 100644 index 000000000..44eae0598 --- /dev/null +++ b/doc/relnotes/1_5_4.txt @@ -0,0 +1,19 @@ +Version 1.5.4, 2006-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta +* Fixed a memory access off-by-one in the Karatsuba code +* Changed Pooling_Allocator's free list search to a log(N) algorithm +* Merged ModularReducer with its only subclass, Barrett_Reducer +* Fixed sign-handling bugs in some of the division and modulo code +* Renamed the module description files to modinfo.txt +* Further cleanups in the initialization code +* Removed BigInt::add and BigInt::sub +* Merged all the division-related functions into just divide() +* Modified the <mp_asmi.h> functions to allow for better optimizations +* Made the number of bits polled from an EntropySource user configurable +* Avoid including <algorithm> in <botan/secmem.h> +* Fixed some build problems with Sun Forte +* Removed some dead code from bigint_modop +* Fix the definition of same_mem + diff --git a/doc/relnotes/1_5_5.txt b/doc/relnotes/1_5_5.txt new file mode 100644 index 000000000..e4ab22fb5 --- /dev/null +++ b/doc/relnotes/1_5_5.txt @@ -0,0 +1,13 @@ +Version 1.5.5, 2006-02-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a potential infinite loop in the memory pool code (Matt Johnston) +* Made Pooling_Allocator::Memory_Block an actual class of sorts +* Some small optimizations to the division and modulo computations +* Cleaned up the implementation of some of the BigInt operators +* Reduced use of dynamic memory allocation in low-level BigInt functions +* A few simplifications in the Randpool mixing function +* Removed power(), as it was not particularly useful (or fast) +* Fixed some annoying bugs in the benchmark code +* Added a real credits file + diff --git a/doc/relnotes/1_5_6.txt b/doc/relnotes/1_5_6.txt new file mode 100644 index 000000000..8925a8003 --- /dev/null +++ b/doc/relnotes/1_5_6.txt @@ -0,0 +1,10 @@ +Version 1.5.6, 2006-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The low-level DER/BER coding system was redesigned and rewritten +* Portions of the certificate code were cleaned up internally +* Use macros to substantially clean up the GCC assembly code +* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) +* Avoid a couple of spurious warnings under Visual C++ +* Some slight cleanups in X509_PublicKey::key_id + diff --git a/doc/relnotes/1_5_7.txt b/doc/relnotes/1_5_7.txt new file mode 100644 index 000000000..45ded103f --- /dev/null +++ b/doc/relnotes/1_5_7.txt @@ -0,0 +1,8 @@ +Version 1.5.7, 2006-05-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Further, major changes to the BER/DER coding system +* Updated the Qt mutex module to use Mutex_Factory +* Moved the library global state object into an anonymous namespace +* Drop the Visual C++ x86 assembly module due to bugs + diff --git a/doc/relnotes/1_5_8.txt b/doc/relnotes/1_5_8.txt new file mode 100644 index 000000000..c7a2c549d --- /dev/null +++ b/doc/relnotes/1_5_8.txt @@ -0,0 +1,13 @@ +Version 1.5.8, 2006-06-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Many internal cleanups to the X.509 cert/CRL code +* Allow for application code to support new X.509 extensions +* Change the return type of X509_Certificate::{subject,issuer}_info +* Allow for alternate character set handling mechanisms +* Fix a bug that was slowing squaring performance somewhat +* Fix a very hard to hit overflow bug in the C version of word3_muladd +* Minor cleanups to the assembler modules +* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 +* Support for GCC 2.95.x has been dropped in this release + diff --git a/doc/relnotes/1_5_9.txt b/doc/relnotes/1_5_9.txt new file mode 100644 index 000000000..fa7c130fa --- /dev/null +++ b/doc/relnotes/1_5_9.txt @@ -0,0 +1,13 @@ +Version 1.5.9, 2006-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed bitrot in the AEP engine +* Fix support for marking certificate/CRL extensions as critical +* Significant cleanups in the library state / initialization code +* LibraryInitializer takes an explicit InitializerOptions object +* Make Mutex_Factory an abstract class, add Default_Mutex_Factory +* Change configuration access to using global_state() +* Add support for global named mutexes throughout the library +* Add some STL wrappers for the delete operator +* Change how certificates are created to be more flexible and general + diff --git a/doc/relnotes/1_6_0.txt b/doc/relnotes/1_6_0.txt new file mode 100644 index 000000000..32b4d7ae8 --- /dev/null +++ b/doc/relnotes/1_6_0.txt @@ -0,0 +1,6 @@ +Version 1.6.0, 2006-12-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Minor cleanups versus 1.5.13 + + diff --git a/doc/relnotes/1_6_1.txt b/doc/relnotes/1_6_1.txt new file mode 100644 index 000000000..cf1de29a0 --- /dev/null +++ b/doc/relnotes/1_6_1.txt @@ -0,0 +1,8 @@ +Version 1.6.1, 2007-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix some base64 decoder bugs +* Add a new option to base64 encoding, to always append a newline +* Fix some build problems under Visual Studio with debug enabled +* Fix a bug in BER_Decoder that was triggered under some compilers + diff --git a/doc/relnotes/1_6_2.txt b/doc/relnotes/1_6_2.txt new file mode 100644 index 000000000..3fdea578f --- /dev/null +++ b/doc/relnotes/1_6_2.txt @@ -0,0 +1,7 @@ +Version 1.6.2, 2007-03-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix autodection on Athlon64s running Linux +* Fix builds on QNX and compilers using STLport +* Remove a call to abort() that crept into production + diff --git a/doc/relnotes/1_6_3.txt b/doc/relnotes/1_6_3.txt new file mode 100644 index 000000000..c6d9f4364 --- /dev/null +++ b/doc/relnotes/1_6_3.txt @@ -0,0 +1,6 @@ +Version 1.6.3, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a race condition in the algorithm lookup cache +* Fix problems building the memory pool on some versions of Visual C++ + diff --git a/doc/relnotes/1_6_4.txt b/doc/relnotes/1_6_4.txt new file mode 100644 index 000000000..8f5295bcc --- /dev/null +++ b/doc/relnotes/1_6_4.txt @@ -0,0 +1,5 @@ +Version 1.6.4, 2008-03-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a compilation problem with Visual Studio C++ 2003 + diff --git a/doc/relnotes/1_6_5.txt b/doc/relnotes/1_6_5.txt new file mode 100644 index 000000000..827adff95 --- /dev/null +++ b/doc/relnotes/1_6_5.txt @@ -0,0 +1,6 @@ +Version 1.6.5, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add noexec stack marker for GNU linker in assembly code +* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 + diff --git a/doc/relnotes/1_7_0.txt b/doc/relnotes/1_7_0.txt new file mode 100644 index 000000000..b9ad37914 --- /dev/null +++ b/doc/relnotes/1_7_0.txt @@ -0,0 +1,11 @@ +Version 1.7.0, 2007-05-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* DSA parameter generation now follows FIPS 186-3 +* Added OIDs for Rabin-Williams and Nyberg-Rueppel +* Somewhat better support for out of tree builds +* Minor optimizations for RC2 and Tiger +* Documentation updates +* Update the todo list + + diff --git a/doc/relnotes/1_7_1.txt b/doc/relnotes/1_7_1.txt new file mode 100644 index 000000000..e53bf66d9 --- /dev/null +++ b/doc/relnotes/1_7_1.txt @@ -0,0 +1,10 @@ +Version 1.7.1, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a race condition in the algorithm object cache +* HMAC key schedule optimization +* The build header sets a macro defining endianness, if known +* New word load/store abstraction allowing further optimization +* Modify most of the library to avoid use the C-style casts +* Use higher resolution timers in symmetric benchmarks + diff --git a/doc/relnotes/1_7_10.txt b/doc/relnotes/1_7_10.txt new file mode 100644 index 000000000..edaec7b71 --- /dev/null +++ b/doc/relnotes/1_7_10.txt @@ -0,0 +1,12 @@ +Version 1.7.10, 2008-09-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Public key benchmarks run using a selection of random keys +* New benchmark timer options are clock_gettime, gettimeofday, times, clock +* Including reinterpret_cast optimization for xor_buf in default header +* Split byte swapping and word rotation functions into distinct headers +* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups +* Optimizes BigInt right shift +* Add aliases in DL_Group::Format enum +* BigInt now caches the significant word count + diff --git a/doc/relnotes/1_7_11.txt b/doc/relnotes/1_7_11.txt new file mode 100644 index 000000000..be23f0d72 --- /dev/null +++ b/doc/relnotes/1_7_11.txt @@ -0,0 +1,13 @@ +Version 1.7.11, 2008-09-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the Salsa20 stream cipher +* Optimized Montgomery reduction, Karatsuba squaring +* Added 16x16->32 word Comba multiplication and squaring +* Use a much larger Karatsuba cutoff point +* Remove bigint_mul_add_words +* Inlined several BigInt functions +* Add useful information to the generated build.h +* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} +* Fix the Windows build + diff --git a/doc/relnotes/1_7_12.txt b/doc/relnotes/1_7_12.txt new file mode 100644 index 000000000..21bd3da8c --- /dev/null +++ b/doc/relnotes/1_7_12.txt @@ -0,0 +1,19 @@ +Version 1.7.12, 2008-09-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add x86 assembly for Visual Studio C++, by Luca Piccarreta +* Add a Perl XS module, by Vaclav Ovsik +* Add SWIG-based wrapper for Botan +* Add SSE2 implementation of SHA-1, by Dean Gaudet +* Remove the BigInt::sig_words cache due to bugs +* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow +* Changed BigInt::grow_by and BigInt::grow_to to be non-const +* Add private assignment operators to classes that don't support assignment +* Benchmark RSA encryption and signatures +* Added test programs for random_prime and ressol +* Add high resolution timers for IA-64, HP-PA, S390x +* Reduce use of the RNG during benchmarks +* Fix builds on STI Cell PPU +* Add support for IBM's XLC compiler +* Add IETF 8192 bit MODP group + diff --git a/doc/relnotes/1_7_13.txt b/doc/relnotes/1_7_13.txt new file mode 100644 index 000000000..66591df88 --- /dev/null +++ b/doc/relnotes/1_7_13.txt @@ -0,0 +1,9 @@ +Version 1.7.13, 2008-09-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai +* Allow all examples to compile even if compression not enabled +* Make CMAC's polynomial doubling operation a public class method +* Use the -m64 flag when compiling with Sun Forte on x86-64 +* Clean up and slightly optimize CMAC::final_result + diff --git a/doc/relnotes/1_7_14.txt b/doc/relnotes/1_7_14.txt new file mode 100644 index 000000000..6bf5c50d2 --- /dev/null +++ b/doc/relnotes/1_7_14.txt @@ -0,0 +1,11 @@ +Version 1.7.14, 2008-09-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split library into parts allowing modular builds +* Add (very preliminary) CMS support to the main library +* Some constructors now require object pointers instead of names +* Support multiple implementations of the same algorithm +* Build support for Pentium-M processors, from Derek Scherger +* Build support for MinGW/MSYS, from Zbigniew Zagorski +* Use inline assembly for bswap on 32-bit x86 + diff --git a/doc/relnotes/1_7_15.txt b/doc/relnotes/1_7_15.txt new file mode 100644 index 000000000..9cd34ab64 --- /dev/null +++ b/doc/relnotes/1_7_15.txt @@ -0,0 +1,11 @@ +Version 1.7.15, 2008-10-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add GF(p) arithmetic from InSiTo +* Add ECDSA and ECKAEG implementations from InSiTo +* Minimize internal dependencies, allowing for smaller build configurations +* Add new User Manual and Architecture Guide from FlexSecure GmbH +* Alter configure.pl options for better autotools compatibility +* Update build instructions for recent changes to configure.pl +* Fix CPU detection using /proc/cpuinfo + diff --git a/doc/relnotes/1_7_16.txt b/doc/relnotes/1_7_16.txt new file mode 100644 index 000000000..8b964da3f --- /dev/null +++ b/doc/relnotes/1_7_16.txt @@ -0,0 +1,12 @@ +Version 1.7.16, 2008-10-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add several missing pieces needed for ECDSA and ECKAEG +* Add Card Verifiable Certificates from InSiTo +* Add SHA-224 from InSiTo +* Add BSI variant of EMSA1 from InSiTo +* Add GF(p) and ECDSA tests from InSiTo +* Split ECDSA and ECKAEG into distinct modules +* Allow OpenSSL and GNU MP engines to be built with public key algos disabled +* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h + diff --git a/doc/relnotes/1_7_17.txt b/doc/relnotes/1_7_17.txt new file mode 100644 index 000000000..b364d6112 --- /dev/null +++ b/doc/relnotes/1_7_17.txt @@ -0,0 +1,10 @@ +Version 1.7.17, 2008-10-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add missing ECDSA object identifiers +* Fix error in x86 and x86-64 assembler affecting GF(p) math +* Remove Boost dependency from GF(p) math +* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib +* Add BOTAN_DLL macro to over 30 classes missing it +* Rename the two SHA-2 base classes for consistency + diff --git a/doc/relnotes/1_7_18.txt b/doc/relnotes/1_7_18.txt new file mode 100644 index 000000000..2bc1bf970 --- /dev/null +++ b/doc/relnotes/1_7_18.txt @@ -0,0 +1,11 @@ +Version 1.7.18, 2008-10-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Doxygen comments from InSiTo +* Add ECDSA and ECKAEG benchmarks +* Add configure.pl switch --with-tr1-implementation +* Fix configure.pl's --with-endian and --with-unaligned-mem options +* Added support for pkg-config +* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow +* Use const references to avoid copying overhead in CurveGFp, GFpModulus + diff --git a/doc/relnotes/1_7_19.txt b/doc/relnotes/1_7_19.txt new file mode 100644 index 000000000..c54ce354d --- /dev/null +++ b/doc/relnotes/1_7_19.txt @@ -0,0 +1,10 @@ +Version 1.7.19, 2008-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add HMAC_RNG, based on a design by Hugo Krawczyk +* Optimized the Turing stream cipher (about 20% faster on x86-64) +* Modify Randpool's reseeding algorithm to poll more sources +* Add a new AutoSeeded_RNG in auto_rng.h +* OpenPGP_S2K changed to take hash object instead of name +* Add automatic identification for Intel's Prescott processors + diff --git a/doc/relnotes/1_7_2.txt b/doc/relnotes/1_7_2.txt new file mode 100644 index 000000000..3b182d246 --- /dev/null +++ b/doc/relnotes/1_7_2.txt @@ -0,0 +1,11 @@ +Version 1.7.2, 2007-10-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initialize the global library state lazily +* Add plain CBC-MAC for backwards compatibility with old systems +* Clean up some of the self test code +* Throw a sensible exception if a DL_Group is not found +* Truncate KDF2 output rather than allowing counter overflow +* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 +* Fix a Visual Studio compilation problem in x509stat.cpp + diff --git a/doc/relnotes/1_7_20.txt b/doc/relnotes/1_7_20.txt new file mode 100644 index 000000000..38a4b6b1c --- /dev/null +++ b/doc/relnotes/1_7_20.txt @@ -0,0 +1,8 @@ +Version 1.7.20, 2008-11-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Namespace pkg-config file by major and minor versions +* Cache device descriptors in Device_EntropySource +* Split base.h into {block_cipher,stream_cipher,mac,hash}.h +* Removed get_mgf function from lookup.h + diff --git a/doc/relnotes/1_7_21.txt b/doc/relnotes/1_7_21.txt new file mode 100644 index 000000000..d3eaf48f8 --- /dev/null +++ b/doc/relnotes/1_7_21.txt @@ -0,0 +1,9 @@ +Version 1.7.21, 2008-11-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make algorithm lookup much more configuable +* Add facilities for runtime performance testing of algorithms +* Drop use of entropy estimation in the PRNGs +* Increase intervals between HMAC_RNG automatic reseeding +* Drop InitializerOptions class, all options but thread safety + diff --git a/doc/relnotes/1_7_22.txt b/doc/relnotes/1_7_22.txt new file mode 100644 index 000000000..52a286e83 --- /dev/null +++ b/doc/relnotes/1_7_22.txt @@ -0,0 +1,10 @@ +Version 1.7.22, 2008-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add provider preferences to Algorithm_Factory +* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 +* Optimize AES encryption and decryption (about 10% faster) +* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs +* Fix nanoseconds overflow in benchmark code +* Remove Engine::add_engine + diff --git a/doc/relnotes/1_7_23.txt b/doc/relnotes/1_7_23.txt new file mode 100644 index 000000000..bd30238d2 --- /dev/null +++ b/doc/relnotes/1_7_23.txt @@ -0,0 +1,15 @@ +Version 1.7.23, 2008-11-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Change to use TR1 (thus enabling ECDSA) with GCC and ICC +* Optimize almost all hash functions, especially MD4 and Tiger +* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} +* Change Timer to be pure virtual, and add ANSI_Clock_Timer +* Cache socket descriptors in the EGD entropy source +* Avoid bogging down startup in /proc walking entropy source +* Remove Buffered_EntropySource helper class +* Add a Default_Benchmark_Timer typedef in benchmark.h +* Add examples using benchmark.h and Algorithm_Factory +* Add ECC tests from InSiTo +* Minor documentation updates + diff --git a/doc/relnotes/1_7_24.txt b/doc/relnotes/1_7_24.txt new file mode 100644 index 000000000..f43c752ff --- /dev/null +++ b/doc/relnotes/1_7_24.txt @@ -0,0 +1,15 @@ +Version 1.7.24, 2008-12-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a compatibility problem with SHA-512/EMSA3 signature padding +* Fix bug preventing EGD/PRNGD entropy poller from working +* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) +* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 +* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes +* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 +* Wrap private structs in SSE2 SHA-1 code in anonymous namespace +* Change configure.pl's CPU autodetection output to be more consistent +* Disable using OpenSSL's AES due to crashes of unknown cause +* Fix warning in /proc walking entropy poller +* Fix compilation with IBM XLC for Cell 0.9-200709 + diff --git a/doc/relnotes/1_7_3.txt b/doc/relnotes/1_7_3.txt new file mode 100644 index 000000000..8426978cd --- /dev/null +++ b/doc/relnotes/1_7_3.txt @@ -0,0 +1,12 @@ +Version 1.7.3, 2008-01-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* New invocation syntax for configure.pl with several new options +* Support for IPv4 addresses in a subject alternative name +* New fast poll for the generic Unix entropy source (es_unix) +* The es_file entropy source has been replaced by the es_dev module +* The malloc allocator does not inherit from Pooling_Allocator anymore +* The path that es_unix will search in are now fully user-configurable +* Truncate X9.42 PRF output rather than allow counter overflow +* PowerPC is now assumed to be big-endian + diff --git a/doc/relnotes/1_7_4.txt b/doc/relnotes/1_7_4.txt new file mode 100644 index 000000000..608b7ffb1 --- /dev/null +++ b/doc/relnotes/1_7_4.txt @@ -0,0 +1,11 @@ +Version 1.7.4, 2008-03-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Use unaligned memory read/writes on systems that allow it, for performance +* Assembly for x86-64 for accessing the bswap instruction +* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase +* Unroll loops in SHA-160 for a few percent increase in performance +* Fix compilation with GCC 3.2 in es_ftw and es_unix +* Build fix for NetBSD systems +* Prevent es_dev from being built except on Unix systems + diff --git a/doc/relnotes/1_7_5.txt b/doc/relnotes/1_7_5.txt new file mode 100644 index 000000000..f5ec97e14 --- /dev/null +++ b/doc/relnotes/1_7_5.txt @@ -0,0 +1,14 @@ +Version 1.7.5, 2008-04-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The API of X509_CA::sign_request was altered to avoid race conditions +* New type Pipe::message_id to represent the Pipe message number +* Remove the Named_Mutex_Holder for a small performance gain +* Removed several unused or rarely used functions from Config +* Ignore spaces inside of a decimal string in BigInt::decode +* Allow using a std::istream to initialize a DataSource_Stream object +* Fix compilation problem in zlib compression module +* The chunk sized used by Pooling_Allocator is now a compile time setting +* The size of random blinding factors is now a compile time setting +* The install target no longer tries to set a particular owner/group + diff --git a/doc/relnotes/1_7_6.txt b/doc/relnotes/1_7_6.txt new file mode 100644 index 000000000..3fb6064fd --- /dev/null +++ b/doc/relnotes/1_7_6.txt @@ -0,0 +1,12 @@ +Version 1.7.6, 2008-05-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial support for Windows DLLs, from Joel Low +* Reset the position pointer when a new block is generated in X9.32 PRNG +* Timer objects are now treated as entropy sources +* Moved several ASN.1-related enums from enums.h to an appropriate header +* Removed the AEP module, due to inability to test +* Removed Global_RNG and rng.h +* Removed system_clock +* Removed Library_State::UI and the pulse callback logic + diff --git a/doc/relnotes/1_7_7.txt b/doc/relnotes/1_7_7.txt new file mode 100644 index 000000000..9934959e0 --- /dev/null +++ b/doc/relnotes/1_7_7.txt @@ -0,0 +1,14 @@ +Version 1.7.7, 2008-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Remove the global PRNG object +* The PK filter objects were removed +* Add a test suite for the ANSI X9.31 PRNG +* Much cleaner and (mostly) thread-safe reimplementation of es_ftw +* Remove both default arguments to ANSI_X931_RNG's constructor +* Remove the randomizing version of OctetString::change +* Make the cipher and MAC to use in Randpool configurable +* Move RandomNumberGenerator declaration to rng.h +* RSA_PrivateKey will not generate keys smaller than 1024 bits +* Fix an error decoding BER UNIVERSAL types with special taggings + diff --git a/doc/relnotes/1_7_8.txt b/doc/relnotes/1_7_8.txt new file mode 100644 index 000000000..b02451214 --- /dev/null +++ b/doc/relnotes/1_7_8.txt @@ -0,0 +1,12 @@ +Version 1.7.8, 2008-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the block cipher Noekeon +* Remove global deref_alias function +* X509_Store takes timeout options as constructor arguments +* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH +* Extend random_prime() for generating primes of any bit length +* Remove Config class +* Allow adding new entropy via base RNG interface +* Reseeding a X9.31 PRNG also reseeds the underlying PRNG + diff --git a/doc/relnotes/1_7_9.txt b/doc/relnotes/1_7_9.txt new file mode 100644 index 000000000..039106d71 --- /dev/null +++ b/doc/relnotes/1_7_9.txt @@ -0,0 +1,9 @@ +Version 1.7.9, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make clear() in most algorithm base classes a pure virtual +* Add noexec stack marker for GNU linker in assembly code +* Avoid string operations in ressol +* Compilation fixes for MinGW and Visual Studio C++ 2008 +* Some autoconfiguration fixes for Windows + diff --git a/doc/relnotes/1_8_0.txt b/doc/relnotes/1_8_0.txt new file mode 100644 index 000000000..e9ebbe43f --- /dev/null +++ b/doc/relnotes/1_8_0.txt @@ -0,0 +1,6 @@ +Version 1.8.0, 2008-12-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix compilation on Solaris with GCC + + diff --git a/doc/relnotes/1_8_1.txt b/doc/relnotes/1_8_1.txt new file mode 100644 index 000000000..532842fba --- /dev/null +++ b/doc/relnotes/1_8_1.txt @@ -0,0 +1,8 @@ +Version 1.8.1, 2009-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux +* Fix memory leak in PKCS8 load_key and encrypt_key +* Relicense api.tex from CC-By-SA 2.5 to BSD +* Fix botan-config on MacOS X, Solaris + diff --git a/doc/relnotes/1_8_10.txt b/doc/relnotes/1_8_10.txt new file mode 100644 index 000000000..3c4f62b09 --- /dev/null +++ b/doc/relnotes/1_8_10.txt @@ -0,0 +1,11 @@ +Version 1.8.10, 2010-08-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Switch default PKCS #8 encryption algorithm from 3DES to AES-256 +* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 +* Use small tables in the first round of AES +* Add PBKDF typedef and get_pbkdf for better compatability with 1.9 +* Add version of S2K::derive_key taking salt and iteration count +* Enable the /proc-walking entropy source on NetBSD +* Fix the doxygen makefile target + diff --git a/doc/relnotes/1_8_11.txt b/doc/relnotes/1_8_11.txt new file mode 100644 index 000000000..688023ab4 --- /dev/null +++ b/doc/relnotes/1_8_11.txt @@ -0,0 +1,10 @@ +Version 1.8.11, 2010-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a number of CRL encoding and decoding bugs +* When building a debug library under VC++, use the debug runtime +* Fix compilation under Sun Studio on Linux and Solaris +* Add several functions for compatability with 1.9 +* In the examples, read most input files as binary +* The Perl build script has been removed in this release + diff --git a/doc/relnotes/1_8_12.txt b/doc/relnotes/1_8_12.txt new file mode 100644 index 000000000..83955b7e5 --- /dev/null +++ b/doc/relnotes/1_8_12.txt @@ -0,0 +1,14 @@ +Version 1.8.12, 2011-06-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* If EMSA3(Raw) was used for more than one signature, it would produce + incorrect output. + +* Fix the --enable-debug option to configure.py + +* Improve OS detection on Cygwin + +* Fix compilation under Sun Studio 12 on Solaris + +* Fix a memory leak in the constructors of DataSource_Stream and + DataSink_Stream which would occur if opening the file failed. PR 144 + diff --git a/doc/relnotes/1_8_13.txt b/doc/relnotes/1_8_13.txt new file mode 100644 index 000000000..9de12cf07 --- /dev/null +++ b/doc/relnotes/1_8_13.txt @@ -0,0 +1,8 @@ +Version 1.8.13, 2011-07-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A race condition in `Algorithm_Factory` could cause crashes in + multithreaded code. See `this thread on botan-devel + <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_ + for details and workarounds. + diff --git a/doc/relnotes/1_8_2.txt b/doc/relnotes/1_8_2.txt new file mode 100644 index 000000000..8ba19973b --- /dev/null +++ b/doc/relnotes/1_8_2.txt @@ -0,0 +1,8 @@ +Version 1.8.2, 2009-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make entropy polling more flexible and in most cases faster +* GOST 28147 now supports multiple sbox parameters +* Added the GOST 34.11 hash function +* Fix botan-config problems on MacOS X + diff --git a/doc/relnotes/1_8_3.txt b/doc/relnotes/1_8_3.txt new file mode 100644 index 000000000..3bfe7bde0 --- /dev/null +++ b/doc/relnotes/1_8_3.txt @@ -0,0 +1,14 @@ +Version 1.8.3, 2009-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a new Python configuration script +* Add the Skein-512 SHA-3 candidate hash function +* Add the XTS block cipher mode from IEEE P1619 +* Fix random_prime when generating a prime of less than 7 bits +* Improve handling of low-entropy situations during PRNG seeding +* Change random device polling to prefer /dev/urandom over /dev/random +* Use an input insensitive implementation of same_mem instead of memcmp +* Correct DataSource::discard_next to return the number of discarded bytes +* Provide a default value for AutoSeeded_RNG::reseed +* Fix Gentoo bug 272242 + diff --git a/doc/relnotes/1_8_4.txt b/doc/relnotes/1_8_4.txt new file mode 100644 index 000000000..b103db11f --- /dev/null +++ b/doc/relnotes/1_8_4.txt @@ -0,0 +1,5 @@ +Version 1.8.4, 2009-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in nonce generation in the Miller-Rabin test + diff --git a/doc/relnotes/1_8_5.txt b/doc/relnotes/1_8_5.txt new file mode 100644 index 000000000..f2675de99 --- /dev/null +++ b/doc/relnotes/1_8_5.txt @@ -0,0 +1,8 @@ +Version 1.8.5, 2009-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Change configure.py to work on stock Python 2.4 +* Avoid a crash in Skein_512::add_data processing a zero-length input +* Small build fixes for SPARC, ARM, and HP-PA processors +* The test suite now returns an error code from main() if any tests failed + diff --git a/doc/relnotes/1_8_6.txt b/doc/relnotes/1_8_6.txt new file mode 100644 index 000000000..6e4fa8c56 --- /dev/null +++ b/doc/relnotes/1_8_6.txt @@ -0,0 +1,13 @@ +Version 1.8.6, 2009-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Cryptobox, a set of simple password-based encryption routines +* Only read world-readable files when walking /proc for entropy +* Fix building with TR1 disabled +* Fix x86 bswap support for Visual C++ +* Fixes for compilation under Sun C++ +* Add support for Dragonfly BSD (contributed by Patrick Georgi) +* Add support for the Open64 C++ compiler +* Build fixes for MIPS systems running Linux +* Minor changes to license, now equivalent to the FreeBSD/NetBSD license + diff --git a/doc/relnotes/1_8_7.txt b/doc/relnotes/1_8_7.txt new file mode 100644 index 000000000..e5bf54649 --- /dev/null +++ b/doc/relnotes/1_8_7.txt @@ -0,0 +1,6 @@ +Version 1.8.7, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix processing multiple messages in XTS mode +* Add --no-autoload option to configure.py, for minimized builds + diff --git a/doc/relnotes/1_8_8.txt b/doc/relnotes/1_8_8.txt new file mode 100644 index 000000000..a46032c20 --- /dev/null +++ b/doc/relnotes/1_8_8.txt @@ -0,0 +1,8 @@ +Version 1.8.8, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Alter Skein-512 to match the tweaked 1.2 specification +* Fix use of inline asm for access to x86 bswap function +* Allow building the library without AES enabled +* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild + diff --git a/doc/relnotes/1_8_9.txt b/doc/relnotes/1_8_9.txt new file mode 100644 index 000000000..c66198364 --- /dev/null +++ b/doc/relnotes/1_8_9.txt @@ -0,0 +1,27 @@ +Version 1.8.9, 2010-06-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Use constant time multiplication in IDEA + +* Avoid possible timing attack against OAEP decoding + +* Add new X509::BER_encode and PKCS8::BER_encode + +* Enable DLL builds under Windows + +* Add Win32 installer support + +* Add support for the Clang compiler + +* Fix problem in semcem.h preventing build under Clang or GCC 3.4 + +* Fix bug that prevented creation of DSA groups under 1024 bits + +* Fix crash in GMP_Engine if library is shutdown and reinitialized and + a PK algorithm was used after the second init + +* Work around problem with recent binutils in x86-64 SHA-1 + +* The Perl build script is no longer supported and refuses to run by + default. If you really want to use it, pass + ``--i-know-this-is-broken`` to the script. diff --git a/doc/relnotes/1_9_0.txt b/doc/relnotes/1_9_0.txt new file mode 100644 index 000000000..3e0407887 --- /dev/null +++ b/doc/relnotes/1_9_0.txt @@ -0,0 +1,12 @@ +Version 1.9.0, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for parallel invocation of block ciphers where possible +* Add SSE2 implementation of Serpent +* Add Rivest's package transform (an all or nothing transform) +* Minor speedups to the Turing key schedule +* Fix processing multiple messages in XTS mode +* Add --no-autoload option to configure.py, for minimized builds +* The previously used configure.pl script is no longer supported + + diff --git a/doc/relnotes/1_9_1.txt b/doc/relnotes/1_9_1.txt new file mode 100644 index 000000000..e044f1d3c --- /dev/null +++ b/doc/relnotes/1_9_1.txt @@ -0,0 +1,16 @@ +Version 1.9.1, 2009-10-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Better support for Python and Perl wrappers +* Add an implementation of Blue Midnight Wish (Round 2 tweak version) +* Modify Skein-512 to match the tweaked 1.2 specification +* Add threshold secret sharing (draft-mcgrew-tss-02) +* Add runtime cpu feature detection for x86/x86-64 +* Add code for general runtime self testing for hashes, MACs, and ciphers +* Optimize XTEA; twice as fast as before on Core2 and Opteron +* Convert CTR_BE and OFB from filters to stream ciphers +* New parsing code for SCAN algorithm names +* Enable SSE2 optimizations under Visual C++ +* Remove all use of C++ exception specifications +* Add support for GNU/Hurd and Clang/LLVM + diff --git a/doc/relnotes/1_9_10.txt b/doc/relnotes/1_9_10.txt new file mode 100644 index 000000000..296c34ca3 --- /dev/null +++ b/doc/relnotes/1_9_10.txt @@ -0,0 +1,26 @@ +Version 1.9.10, 2010-08-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a constant-time AES implementation using SSSE3. This code is + based on public domain assembly written by `Mike Hamburg + <http://crypto.stanford.edu/vpaes/>`_, and described in his CHES + 2009 paper "Accelerating AES with Vector Permute Instructions". In + addition to being constant time, it is also significantly faster + than the table-based implementation on some processors. The current + code has been tested with GCC 4.5, Visual C++ 2008, and Clang 2.8. + + +* Support for dynamically loading Engine objects at runtime was also + added. Currently only system that use ``dlopen``-style dynamic + linking are supported. + +* On GCC 4.3 and later, use the byteswap intrinsic functions. + +* Drop support for building with Python 2.4 + +* Fix benchmarking of block ciphers in ECB mode + +* Consolidate the two x86 assembly engines + +* Rename S2K to PBKDF + diff --git a/doc/relnotes/1_9_11.txt b/doc/relnotes/1_9_11.txt new file mode 100644 index 000000000..ea48fb9e5 --- /dev/null +++ b/doc/relnotes/1_9_11.txt @@ -0,0 +1,44 @@ +Version 1.9.11, 2010-11-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The TLS API has changed substantially and now relies heavily on + TR1's ``std::function`` is now required. Additionally, it is + required that all callers derive a subclass of TLS_Policy and pass + it to a client or server object. Please remember that the TLS + interface/API is currently unstable and will very likely change + further before TLS is included in a stable release. A handshake + failure that occured when RC4 was negotiated has also been fixed. + +* Some possible timing channels in the implementations of Montgomery + reduction and the IDEA key schedule were removed. The table-based + AES implementation uses smaller tables in the first round to help + make some timing/cache attacks harder. + +* The library now uses size_t instead of u32bit to represent + lengths. Also the interfaces for the memory containers have changed + substantially to better match STL container interfaces; + MemoryRegion::append, MemoryRegion::destroy, and MemoryRegion::set + were all removed, and several other functions, like clear and + resize, have changed meaning. + +* Update Skein-512 to match the v1.3 specification +* Fix a number of CRL encoding and decoding bugs +* Counter mode now always encrypts 256 blocks in parallel +* Use small tables in the first round of AES +* Removed AES class: app must choose AES-128, AES-192, or AES-256 +* Add hex encoding/decoding functions that can be used without a Pipe +* Add base64 encoding functions that can be used without a Pipe +* Add to_string function to X509_Certificate +* Add support for dynamic engine loading on Windows +* Replace BlockCipher::BLOCK_SIZE attribute with function block_size() +* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() +* Move PBKDF lookup to engine system +* The IDEA key schedule has been changed to run in constant time +* Add Algorithm and Key_Length_Specification classes +* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 +* Allow using PBKDF2 with empty passphrases +* Add compile-time deprecation warnings for GCC, Clang, and MSVC +* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 +* Improve support for Intel Atom processors +* Fix compilation problems under Sun Studio and Clang + diff --git a/doc/relnotes/1_9_12.txt b/doc/relnotes/1_9_12.txt new file mode 100644 index 000000000..21ad561d5 --- /dev/null +++ b/doc/relnotes/1_9_12.txt @@ -0,0 +1,7 @@ +Version 1.9.12, 2010-12-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add the Keccak hash function +* Fix compilation problems in Python wrappers +* Fix compilation problem in OpenSSL engine +* Update SQLite3 database encryption codec diff --git a/doc/relnotes/1_9_13.txt b/doc/relnotes/1_9_13.txt new file mode 100644 index 000000000..701b6e5f0 --- /dev/null +++ b/doc/relnotes/1_9_13.txt @@ -0,0 +1,30 @@ +Version 1.9.13, 2011-02-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +GOST 34.10 signatures were being formatted in a way that was not +compatible with other implemenations, and specifically how GOST is +used in DNSSEC. + +The Keccak hash function was updated to the tweaked variant proposed +for round 3 of the NIST hash competition. This version is not +compatible with the previous algorithm. + +A new option ``--distribution-info`` was added to the configure +script. It allows the user building the library to set any +distribution-specific notes on the build, which are available as a +macro ``BOTAN_DISTRIBUTION_INFO``. The default value is +'unspecified'. If you are building an unmodified version of botan +(especially for distribution), and want to indicate to applications +that this is the case, consider using +``--distribution-info=pristine``. If you are making any patches or +modifications, it is recommended to use +``--distribution-info=[Distribution Name] [Version]``, for instance +'FooNix 1.9.13-r3'. + +Some bugs preventing compilation under Clang 2.9 and Sun Studio 12 +were fixed. + +The DER/BER codecs use ``size_t`` instead of ``u32bit`` for small +integers + + diff --git a/doc/relnotes/1_9_14.txt b/doc/relnotes/1_9_14.txt new file mode 100644 index 000000000..dec238f3a --- /dev/null +++ b/doc/relnotes/1_9_14.txt @@ -0,0 +1,11 @@ +Version 1.9.14, 2011-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for bcrypt, OpenBSD's password hashing scheme. It is + described in :ref:`bcrypt`. + +* Add support for NIST's AES key wrapping algorithm, as described in + :rfc:`3394`. It is available by including ``rfc3394.h``. + +* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142) + diff --git a/doc/relnotes/1_9_15.txt b/doc/relnotes/1_9_15.txt new file mode 100644 index 000000000..77b8dbde9 --- /dev/null +++ b/doc/relnotes/1_9_15.txt @@ -0,0 +1,25 @@ +Version 1.9.15, 2011-03-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* First release candidate for 1.10.0 + +* Modify how message expansion is done in SHA-256 and SHA-512. + Instead of expanding the entire message at the start, compute them + in the minimum number of registers. Values are computed 15 rounds + before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 + to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. + +* Pipe will delete empty output queues as soon as they are no longer + needed, even if earlier messages still have data unread. However an + (empty) entry in a deque of pointers will remain until all prior + messages are completely emptied. + +* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike the + Linux and NetBSD kernels, it will not trap and emulate it for us, + causing a illegal instruction crash. + +* Improve detection and autoconfiguration for ARM processors. Thanks + go out to the the `Tahoe-LAFS Software Foundation + <http://tahoe-lafs.org>`_, who donated a Sheevaplug that I'll be + using to figure out how to make the cryptographic primitives + Tahoe-LAFS relies on faster, particularly targeting the ARMv5TE. diff --git a/doc/relnotes/1_9_16.txt b/doc/relnotes/1_9_16.txt new file mode 100644 index 000000000..549e243f3 --- /dev/null +++ b/doc/relnotes/1_9_16.txt @@ -0,0 +1,52 @@ +Version 1.9.16, 2011-04-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Second release candidate for 1.10.0 + +* The documentation, previously written in LaTeX, is now in + reStructuredText suitable for processing by `Sphinx + <http://sphinx.pocoo.org>`_, which can generate nicely formatted + HTML and PDFs. The documentation has also been greatly updated and + expanded. + +* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a + typedef for backwards compatability. + +* ``EC_Group``'s string constructor didn't understand the standard + names like "secp160r1", forcing use of the OIDs. + +* Two constructors for ECDSA private keys, the one that creates a new + random key, and the one that provides a preset private key as a + ``BigInt``, have been merged. This matches the existing interface + for DSA and DH keys. If you previously used the version taking a + ``BigInt`` private key, you'll have to additionally pass in a + ``RandomNumberGenerator`` object starting in this release. + +* It is now possible to create ECDH keys with a preset ``BigInt`` + private key; previously no method for this was available. + +* The overload of ``generate_passhash9`` that takes an explicit + algorithm identifier has been merged with the one that does not. + The algorithm identifier code has been moved from the second + parameter to the fourth. See :ref:`passhash9` for details. + +* Change shared library versioning to match the normal Unix + conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is + named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do + its runtime linky magic. It can be safely presumed that any change + in the major or minor version indicates ABI incompatability. + +* Remove the socket wrapper code; it was not actually used by anything + in the library, only in the examples, and you can use whatever kind + of (blocking) socket interface you like with the SSL/TLS code. It's + available as socket.h in the examples directory if you want to use + it. + +* Disable the by-default 'strong' checking of private keys that are + loaded from storage. You can always request key material sanity + checking using Private_Key::check_key. + +* Bring back removed functions ``min_keylength_of``, + ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to + avoid breaking applications written against 1.8 + diff --git a/doc/relnotes/1_9_17.txt b/doc/relnotes/1_9_17.txt new file mode 100644 index 000000000..fbf9b3dee --- /dev/null +++ b/doc/relnotes/1_9_17.txt @@ -0,0 +1,45 @@ +Version 1.9.17, 2011-04-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Third release candidate for 1.10.0 + +* The format preserving encryption method currently available was + presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` + and ``fpe_decrypt``. These were renamed as it is likely that other + FPE schemes will be included in the future. The header is now + ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and + ``fe1_decrypt``. See :doc:`../fpe` for more information. + +* New options to ``configure.py`` control what tools are used for + documentation generation. The ``--with-sphinx`` option enables using + Sphinx to convert ReST into HTML; otherwise the ReST sources are + installed directly. If ``--with-doxygen`` is used, Doxygen will run + as well. Documentation generation can be triggered via the ``docs`` + target in the makefile; it will also be installed by the install + target on Unix. + +* A bug in 1.9.16 effectively disabled support for runtime CPU feature + detection on x86 under GCC in that release. + +* A mostly internal change, all references to "ia32" and "amd64" have + been changed to the vendor neutral and probably easier to understand + "x86-32" and "x86-64". For instance, the "mp_amd64" module has been + renamed "mp_x86_64", and the macro indicating x86-32 has changed + from ``BOTAN_TARGET_ARCH_IS_IA32`` to + ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have + also been renamed. + +* Similiarly to the above change, the AES implemenations using the + AES-NI instruction set have been renamed from AES_XXX_Intel to + AES_XXX_NI. + +* Systems that are identified as `sun4u` will default to compiling for + 32-bit SPARCv9 code rather than 64-bit. This matches the still + common convention for 32-bit SPARC userspaces. If you want 64-bit + code on such as system, use ``--cpu=sparc64``. + +* Some minor fixes for compiling botan under the BeOS + clone/continuation `Haiku <http://haiku-os.org>`_. + +* Further updates to the documentation + diff --git a/doc/relnotes/1_9_18.txt b/doc/relnotes/1_9_18.txt new file mode 100644 index 000000000..b82167bdf --- /dev/null +++ b/doc/relnotes/1_9_18.txt @@ -0,0 +1,81 @@ +Version 1.9.18, 2011-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fourth release candidate for 1.10.0 + +* The GOST 34.10 verification operation was not ensuring that s and r + were both greater than zero. This could potentially have meant it + would have accepted an invalid all-zero signature as valid for any + message. Due to how ECC points are internally represented it instead + resulted in an exception being thrown. + +* A simple multiexponentation algorithm is now used in ECDSA and + GOST-34.10 signature verification, leading to 20 to 25% improvements + in ECDSA and 25% to 40% improvements in GOST-34.10 verification + performance. + +* The internal representation of elliptic curve points has been + modified to use Montgomery representation exclusively, resulting in + reduced memory usage and a 10 to 20% performance improvement for + ECDSA and ECDH. + +* In OAEP decoding, scan for the delimiter bytes using a loop that is + written without conditionals so as to help avoid timing analysis. + Unfortunately GCC at least is 'smart' enough to compile it to + jumps anyway. + +* The SSE2 implementation of IDEA did not work correctly when compiled + by Clang, because the trick it used to emulate a 16 bit unsigned + compare in SSE (which doesn't contain one natively) relied on signed + overflow working in the 'usual' way. A different method that doesn't + rely on signed overflow is now used. + +* Add support for compiling SSL using Visual C++ 2010's TR1 + implementation. + +* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to + crash if given a zero-sized input to encode. + +* A new build option ``--via-amalgamation`` will first generate the + single-file amalgamation, then build the library from that single + file. This option requires a lot of memory and does not parallelize, + but the resulting library is smaller and may be faster. + +* On Unix, the library and header paths have been changed to allow + parallel installation of different versions of the library. Headers + are installed into ``<prefix>/include/botan-1.9/botan``, libraries + are named ``libbotan-1.9``, and ``botan-config`` is now namespaced + (so in this release ``botan-config-1.9``). All of these embedded + versions will be 1.10 in the upcoming stable release. + +* The soname system has been modified. In this release the library + soname is ``libbotan-1.9.so.0``, with the full library being named + ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be + incremented whenever a breaking ABI change is made. + +* TR1 support is not longer automatically assumed under older versions + of GCC + +* Functions for base64 decoding that work standalone (without needing + to use a pipe) have been added to ``base64.h`` + +* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 + and has been added back. + +* The function ``BigInt::get_substring`` did not work correctly with a + *length* argument of 32. + +* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and + assumes the caller included ``string.h`` on its behalf. Do so to + fix compilation in the ``dev_random`` and ``unix_procs`` entropy + sources. Patch from Jeremy C. Reed. + +* Add two different configuration targets for Atom, since some are + 32-bit and some are 64-bit. The 'atom' target now refers to the + 64-bit implementations, use 'atom32' to target the 32-bit + processors. + +* The (incomplete) support for CMS and card verifiable certificates + are disabled by default; add ``--enable-modules=cms`` or + ``--enable-modules=cvc`` during configuration to turn them back on. + diff --git a/doc/relnotes/1_9_2.txt b/doc/relnotes/1_9_2.txt new file mode 100644 index 000000000..e3a46b770 --- /dev/null +++ b/doc/relnotes/1_9_2.txt @@ -0,0 +1,9 @@ +Version 1.9.2, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add SIMD version of XTEA +* Support both SSE2 and AltiVec SIMD for Serpent and XTEA +* Optimizations for SHA-1 and SHA-2 +* Add AltiVec runtime detection +* Fix x86 CPU identification with Intel C++ and Visual C++ + diff --git a/doc/relnotes/1_9_3.txt b/doc/relnotes/1_9_3.txt new file mode 100644 index 000000000..7e7b27efc --- /dev/null +++ b/doc/relnotes/1_9_3.txt @@ -0,0 +1,11 @@ +Version 1.9.3, 2009-11-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add new AES implementation using Intel's AES instruction intrinsics +* Add an implementation of format preserving encryption +* Allow use of any hash function in X.509 certificate creation +* Optimizations for MARS, Skipjack, and AES +* Set macros for available SIMD instructions in build.h +* Add support for using InnoSetup to package Windows builds +* By default build a DLL on Windows + diff --git a/doc/relnotes/1_9_4.txt b/doc/relnotes/1_9_4.txt new file mode 100644 index 000000000..60e02ffd6 --- /dev/null +++ b/doc/relnotes/1_9_4.txt @@ -0,0 +1,57 @@ +Version 1.9.4, 2010-03-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add the Ajisai SSLv3/TLSv1.0 implementation + +* Add GOST 34.10-2001 public key signature scheme +* Add SIMD implementation of Noekeon + +* Add SSE2 implementation of IDEA + +* Extend Salsa20 to support longer IVs (XSalsa20) + +* Perform XTS encryption and decryption in parallel where possible + +* Perform CBC decryption in parallel where possible + +* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon + +* Add a block cipher cascade construction + +* Add support for password hashing for authentication (passhash9.h) + +* Add support for Win32 high resolution system timers + +* Major refactoring and API changes in the public key code + +* PK_Signer class now verifies all signatures before releasing them to + the caller; this should help prevent a wide variety of fault + attacks, though it does have the downside of hurting signature + performance, particularly for DSA/ECDSA. + +* Changed S2K interface: derive_key now takes salt, iteration count + +* Remove dependency on TR1 shared_ptr in ECC and CVC code + +* Renamed ECKAEG to its more usual name, ECDH + +* Fix crash in GMP_Engine if library is shutdown and reinitialized + +* Fix an invalid memory read in MD4 + +* Fix Visual C++ static builds + +* Remove Timer class entirely + +* Switch default PKCS #8 encryption algorithm from 3DES to AES-128 + +* New configuration option, ``--gen-amalgamation``, creates a pair of + files (``botan_all.cpp`` and ``botan_all.h``) which contain the + contents of the library as it would have normally been compiled + based on the set configuration. + +* Many headers are now explicitly internal-use-only and are not installed + +* Greatly improve the Win32 installer + +* Several fixes for Visual C++ debug builds diff --git a/doc/relnotes/1_9_5.txt b/doc/relnotes/1_9_5.txt new file mode 100644 index 000000000..cdcd8db4b --- /dev/null +++ b/doc/relnotes/1_9_5.txt @@ -0,0 +1,14 @@ +Version 1.9.5, 2010-03-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Numerous ECC optimizations +* Fix GOST 34.10-2001 X.509 key loading +* Allow PK_Signer's fault protection checks to be toggled off +* Avoid using pool-based locking allocator if we can't mlock +* Remove all runtime options +* New BER_Decoder::{decode_and_check, decode_octet_string_bigint} +* Remove SecureBuffer in favor of SecureVector length parameter +* HMAC_RNG: Perform a poll along with user-supplied entropy +* Fix crash in MemoryRegion if Allocator::get failed +* Fix small compilation problem on FreeBSD + diff --git a/doc/relnotes/1_9_6.txt b/doc/relnotes/1_9_6.txt new file mode 100644 index 000000000..971da7bca --- /dev/null +++ b/doc/relnotes/1_9_6.txt @@ -0,0 +1,9 @@ +Version 1.9.6, 2010-04-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS: Add support for TLS v1.1 +* TLS: Support server name indicator extension +* TLS: Fix server handshake +* TLS: Fix server using DSA certificates +* TLS: Avoid timing channel between CBC padding check and MAC verification + diff --git a/doc/relnotes/1_9_7.txt b/doc/relnotes/1_9_7.txt new file mode 100644 index 000000000..4c6e2c21d --- /dev/null +++ b/doc/relnotes/1_9_7.txt @@ -0,0 +1,11 @@ +Version 1.9.7, 2010-04-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS: Support reading SSLv2 client hellos +* TLS: Add support for SEED ciphersuites (RFC 4162) +* Add Comb4P hash combiner function + +* Fix checking of EMSA_Raw signatures with leading 0 bytes, valid + signatures could be rejected in certain scenarios. + + diff --git a/doc/relnotes/1_9_8.txt b/doc/relnotes/1_9_8.txt new file mode 100644 index 000000000..a671d946c --- /dev/null +++ b/doc/relnotes/1_9_8.txt @@ -0,0 +1,13 @@ +Version 1.9.8, 2010-06-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for wide multiplications on 64-bit Windows +* Use constant time multiplication in IDEA +* Avoid possible timing attack against OAEP decoding +* Removed FORK-256; rarely used and it has been broken +* Rename ``--use-boost-python`` to ``--with-boost-python`` +* Skip building shared libraries on MinGW/Cygwin +* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer +* Fix compilation on GCC versions before 4.3 (missing cpuid.h) +* Fix compilation under the Clang compiler + diff --git a/doc/relnotes/1_9_9.txt b/doc/relnotes/1_9_9.txt new file mode 100644 index 000000000..4ff1a9c0c --- /dev/null +++ b/doc/relnotes/1_9_9.txt @@ -0,0 +1,26 @@ +Version 1.9.9, 2010-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A new pure virtual function has been added to ``Filter``, ``name`` +which simply returns some useful identifier for the object. Any +out-of-tree ``Filter`` implementations will need to be updated. + +Add ``Keyed_Filter::valid_iv_length`` which makes it possible to query +as to what IV length(s) a particular filter allows. Previously, +partially because there was no such query mechanism, if a filter did +not support IVs at all, then calls to ``set_iv`` would be silently +ignored. Now an exception about the invalid IV length will be thrown. + +The default iteration count for the password based encryption schemes +has been increased from 2048 to 10000. This should make +password-guessing attacks against private keys encrypted with versions +after this release somewhat harder. + +New functions for encoding public and private keys to binary, +``X509::BER_encode`` and ``PKCS8::BER_encode`` have been added. + +Problems compiling under Apple's version of GCC 4.2.1 and on 64-bit +MIPS systems using GCC 4.4 or later were fixed. + +The coverage of Doxygen documentation comments has significantly +improved in this release. diff --git a/doc/relnotes/index.txt b/doc/relnotes/index.txt new file mode 100644 index 000000000..f8cdcdb72 --- /dev/null +++ b/doc/relnotes/index.txt @@ -0,0 +1,252 @@ +.. toctree:: + +Release Notes +======================================== + +Series 1.11 +---------------------------------------- + +.. toctree:: + + 1_11_0 + +Series 1.10 +---------------------------------------- + +.. toctree:: + + 1_10_2 + 1_10_1 + 1_10_0 + +Series 1.9 +---------------------------------------- + +.. toctree:: + + 1_9_18 + 1_9_17 + 1_9_16 + 1_9_15 + 1_9_14 + 1_9_13 + 1_9_12 + 1_9_11 + 1_9_10 + 1_9_9 + 1_9_8 + 1_9_7 + 1_9_6 + 1_9_5 + 1_9_4 + 1_9_3 + 1_9_2 + 1_9_1 + 1_9_0 + +Series 1.8 +---------------------------------------- + +.. toctree:: + + 1_8_13 + 1_8_12 + 1_8_11 + 1_8_10 + 1_8_9 + 1_8_8 + 1_8_7 + 1_8_6 + 1_8_5 + 1_8_4 + 1_8_3 + 1_8_2 + 1_8_1 + 1_8_0 + +Series 1.7 +---------------------------------------- + +.. toctree:: + + 1_7_24 + 1_7_23 + 1_7_22 + 1_7_21 + 1_7_20 + 1_7_19 + 1_7_18 + 1_7_17 + 1_7_16 + 1_7_15 + 1_7_14 + 1_7_13 + 1_7_12 + 1_7_11 + 1_7_10 + 1_7_9 + 1_7_8 + 1_7_7 + 1_7_6 + 1_7_5 + 1_7_4 + 1_7_3 + 1_7_2 + 1_7_1 + 1_7_0 + +Series 1.6 +---------------------------------------- + +.. toctree:: + + 1_6_5 + 1_6_4 + 1_6_3 + 1_6_2 + 1_6_1 + 1_6_0 + +Series 1.5 +---------------------------------------- + +.. toctree:: + + 1_5_13 + 1_5_12 + 1_5_11 + 1_5_10 + 1_5_9 + 1_5_8 + 1_5_7 + 1_5_6 + 1_5_5 + 1_5_4 + 1_5_3 + 1_5_2 + 1_5_1 + 1_5_0 + +Series 1.4 +---------------------------------------- + +.. toctree:: + + 1_4_12 + 1_4_11 + 1_4_10 + 1_4_9 + 1_4_8 + 1_4_7 + 1_4_6 + 1_4_5 + 1_4_4 + 1_4_3 + 1_4_2 + 1_4_1 + 1_4_0 + +Series 1.3 +---------------------------------------- + +.. toctree:: + + 1_3_14 + 1_3_13 + 1_3_12 + 1_3_11 + 1_3_10 + 1_3_9 + 1_3_8 + 1_3_7 + 1_3_6 + 1_3_5 + 1_3_4 + 1_3_3 + 1_3_2 + 1_3_1 + 1_3_0 + +Series 1.2 +---------------------------------------- + +.. toctree:: + + 1_2_8 + 1_2_7 + 1_2_6 + 1_2_5 + 1_2_4 + 1_2_3 + 1_2_2 + 1_2_1 + 1_2_0 + +Series 1.1 +---------------------------------------- + +.. toctree:: + + 1_1_13 + 1_1_12 + 1_1_11 + 1_1_10 + 1_1_9 + 1_1_8 + 1_1_7 + 1_1_6 + 1_1_5 + 1_1_4 + 1_1_3 + 1_1_2 + 1_1_1 + 1_1_0 + +Series 1.0 +---------------------------------------- + +.. toctree:: + + 1_0_2 + 1_0_1 + 1_0_0 + +Series 0.9 +---------------------------------------- + +.. toctree:: + + 0_9_2 + 0_9_1 + 0_9_0 + +Series 0.8 +---------------------------------------- + +.. toctree:: + + 0_8_7 + 0_8_6 + 0_8_5 + 0_8_4 + 0_8_3 + 0_8_2 + 0_8_1 + 0_8_0 + +Series 0.7 +---------------------------------------- + +.. toctree:: + + 0_7_10 + 0_7_9 + 0_7_8 + 0_7_7 + 0_7_6 + 0_7_5 + 0_7_4 + 0_7_3 + 0_7_2 + 0_7_1 + 0_7_0 diff --git a/doc/x509.txt b/doc/x509.txt index d31a84498..8bbcd54ba 100644 --- a/doc/x509.txt +++ b/doc/x509.txt @@ -243,7 +243,7 @@ The three certificate lookup methods are ``by_SKID`` (Subject Key Identifier), ``by_name`` (the CommonName DN entry), and ``by_email`` (stored in either the distinguished name, or in a subjectAlternativeName extension). The name and email versions take a ``std::string``, while the SKID version takes a -``SecureVector<byte>`` containing the subject key identifier in raw binary. You +``secure_vector<byte>`` containing the subject key identifier in raw binary. You can choose not to implement ``by_name`` or ``by_email``, but ``by_SKID`` is mandatory to implement, and, currently, is the only version that is used by ``X509_Store``. @@ -417,7 +417,7 @@ The ``CRL_Entry`` type is a structure that contains, at a minimum, the serial number of the revoked certificate. As serial numbers are never repeated, the pairing of an issuer and a serial number (should) distinctly identify any certificate. In this case, we represent the serial number as a -``SecureVector<byte>`` called ``serial``. There are two additional (optional) +``secure_vector<byte>`` called ``serial``. There are two additional (optional) values, an enumeration called ``CRL_Code`` that specifies the reason for revocation (``reason``), and an object that represents the time that the certificate became invalid (if this information is known). |