aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/bigint.txt6
-rw-r--r--doc/building.txt13
-rw-r--r--doc/conf.py4
-rw-r--r--doc/contents.txt2
-rw-r--r--doc/download.txt45
-rw-r--r--doc/filters.txt8
-rw-r--r--doc/firststep.txt7
-rw-r--r--doc/fpe.txt4
-rw-r--r--doc/index.txt5
-rw-r--r--doc/kdf.txt16
-rw-r--r--doc/log.txt2230
-rw-r--r--doc/lowlevel.txt2
-rw-r--r--doc/pbkdf.txt2
-rw-r--r--doc/pubkey.txt38
-rw-r--r--doc/reading.txt6
-rw-r--r--doc/relnotes/0_7_0.txt5
-rw-r--r--doc/relnotes/0_7_1.txt14
-rw-r--r--doc/relnotes/0_7_10.txt17
-rw-r--r--doc/relnotes/0_7_2.txt11
-rw-r--r--doc/relnotes/0_7_3.txt9
-rw-r--r--doc/relnotes/0_7_4.txt14
-rw-r--r--doc/relnotes/0_7_5.txt19
-rw-r--r--doc/relnotes/0_7_6.txt11
-rw-r--r--doc/relnotes/0_7_7.txt15
-rw-r--r--doc/relnotes/0_7_8.txt16
-rw-r--r--doc/relnotes/0_7_9.txt16
-rw-r--r--doc/relnotes/0_8_0.txt21
-rw-r--r--doc/relnotes/0_8_1.txt11
-rw-r--r--doc/relnotes/0_8_2.txt16
-rw-r--r--doc/relnotes/0_8_3.txt19
-rw-r--r--doc/relnotes/0_8_4.txt17
-rw-r--r--doc/relnotes/0_8_5.txt19
-rw-r--r--doc/relnotes/0_8_6.txt23
-rw-r--r--doc/relnotes/0_8_7.txt11
-rw-r--r--doc/relnotes/0_9_0.txt8
-rw-r--r--doc/relnotes/0_9_1.txt17
-rw-r--r--doc/relnotes/0_9_2.txt10
-rw-r--r--doc/relnotes/1_0_0.txt10
-rw-r--r--doc/relnotes/1_0_1.txt8
-rw-r--r--doc/relnotes/1_0_2.txt6
-rw-r--r--doc/relnotes/1_10_0.txt10
-rw-r--r--doc/relnotes/1_10_1.txt21
-rw-r--r--doc/relnotes/1_10_2.txt68
-rw-r--r--doc/relnotes/1_11_0.txt45
-rw-r--r--doc/relnotes/1_1_0.txt20
-rw-r--r--doc/relnotes/1_1_1.txt15
-rw-r--r--doc/relnotes/1_1_10.txt13
-rw-r--r--doc/relnotes/1_1_11.txt11
-rw-r--r--doc/relnotes/1_1_12.txt12
-rw-r--r--doc/relnotes/1_1_13.txt16
-rw-r--r--doc/relnotes/1_1_2.txt17
-rw-r--r--doc/relnotes/1_1_3.txt15
-rw-r--r--doc/relnotes/1_1_4.txt14
-rw-r--r--doc/relnotes/1_1_5.txt8
-rw-r--r--doc/relnotes/1_1_6.txt10
-rw-r--r--doc/relnotes/1_1_7.txt8
-rw-r--r--doc/relnotes/1_1_8.txt13
-rw-r--r--doc/relnotes/1_1_9.txt10
-rw-r--r--doc/relnotes/1_2_0.txt9
-rw-r--r--doc/relnotes/1_2_1.txt10
-rw-r--r--doc/relnotes/1_2_2.txt13
-rw-r--r--doc/relnotes/1_2_3.txt14
-rw-r--r--doc/relnotes/1_2_4.txt8
-rw-r--r--doc/relnotes/1_2_5.txt23
-rw-r--r--doc/relnotes/1_2_6.txt10
-rw-r--r--doc/relnotes/1_2_7.txt15
-rw-r--r--doc/relnotes/1_2_8.txt5
-rw-r--r--doc/relnotes/1_3_0.txt11
-rw-r--r--doc/relnotes/1_3_1.txt7
-rw-r--r--doc/relnotes/1_3_10.txt10
-rw-r--r--doc/relnotes/1_3_11.txt12
-rw-r--r--doc/relnotes/1_3_12.txt15
-rw-r--r--doc/relnotes/1_3_13.txt9
-rw-r--r--doc/relnotes/1_3_14.txt26
-rw-r--r--doc/relnotes/1_3_2.txt21
-rw-r--r--doc/relnotes/1_3_3.txt18
-rw-r--r--doc/relnotes/1_3_4.txt11
-rw-r--r--doc/relnotes/1_3_5.txt21
-rw-r--r--doc/relnotes/1_3_6.txt8
-rw-r--r--doc/relnotes/1_3_7.txt13
-rw-r--r--doc/relnotes/1_3_8.txt26
-rw-r--r--doc/relnotes/1_3_9.txt10
-rw-r--r--doc/relnotes/1_4_0.txt12
-rw-r--r--doc/relnotes/1_4_1.txt11
-rw-r--r--doc/relnotes/1_4_10.txt20
-rw-r--r--doc/relnotes/1_4_11.txt12
-rw-r--r--doc/relnotes/1_4_12.txt8
-rw-r--r--doc/relnotes/1_4_2.txt14
-rw-r--r--doc/relnotes/1_4_3.txt10
-rw-r--r--doc/relnotes/1_4_4.txt9
-rw-r--r--doc/relnotes/1_4_5.txt15
-rw-r--r--doc/relnotes/1_4_6.txt10
-rw-r--r--doc/relnotes/1_4_7.txt17
-rw-r--r--doc/relnotes/1_4_8.txt9
-rw-r--r--doc/relnotes/1_4_9.txt17
-rw-r--r--doc/relnotes/1_5_0.txt13
-rw-r--r--doc/relnotes/1_5_1.txt15
-rw-r--r--doc/relnotes/1_5_10.txt14
-rw-r--r--doc/relnotes/1_5_11.txt11
-rw-r--r--doc/relnotes/1_5_12.txt10
-rw-r--r--doc/relnotes/1_5_13.txt6
-rw-r--r--doc/relnotes/1_5_2.txt18
-rw-r--r--doc/relnotes/1_5_3.txt14
-rw-r--r--doc/relnotes/1_5_4.txt19
-rw-r--r--doc/relnotes/1_5_5.txt13
-rw-r--r--doc/relnotes/1_5_6.txt10
-rw-r--r--doc/relnotes/1_5_7.txt8
-rw-r--r--doc/relnotes/1_5_8.txt13
-rw-r--r--doc/relnotes/1_5_9.txt13
-rw-r--r--doc/relnotes/1_6_0.txt6
-rw-r--r--doc/relnotes/1_6_1.txt8
-rw-r--r--doc/relnotes/1_6_2.txt7
-rw-r--r--doc/relnotes/1_6_3.txt6
-rw-r--r--doc/relnotes/1_6_4.txt5
-rw-r--r--doc/relnotes/1_6_5.txt6
-rw-r--r--doc/relnotes/1_7_0.txt11
-rw-r--r--doc/relnotes/1_7_1.txt10
-rw-r--r--doc/relnotes/1_7_10.txt12
-rw-r--r--doc/relnotes/1_7_11.txt13
-rw-r--r--doc/relnotes/1_7_12.txt19
-rw-r--r--doc/relnotes/1_7_13.txt9
-rw-r--r--doc/relnotes/1_7_14.txt11
-rw-r--r--doc/relnotes/1_7_15.txt11
-rw-r--r--doc/relnotes/1_7_16.txt12
-rw-r--r--doc/relnotes/1_7_17.txt10
-rw-r--r--doc/relnotes/1_7_18.txt11
-rw-r--r--doc/relnotes/1_7_19.txt10
-rw-r--r--doc/relnotes/1_7_2.txt11
-rw-r--r--doc/relnotes/1_7_20.txt8
-rw-r--r--doc/relnotes/1_7_21.txt9
-rw-r--r--doc/relnotes/1_7_22.txt10
-rw-r--r--doc/relnotes/1_7_23.txt15
-rw-r--r--doc/relnotes/1_7_24.txt15
-rw-r--r--doc/relnotes/1_7_3.txt12
-rw-r--r--doc/relnotes/1_7_4.txt11
-rw-r--r--doc/relnotes/1_7_5.txt14
-rw-r--r--doc/relnotes/1_7_6.txt12
-rw-r--r--doc/relnotes/1_7_7.txt14
-rw-r--r--doc/relnotes/1_7_8.txt12
-rw-r--r--doc/relnotes/1_7_9.txt9
-rw-r--r--doc/relnotes/1_8_0.txt6
-rw-r--r--doc/relnotes/1_8_1.txt8
-rw-r--r--doc/relnotes/1_8_10.txt11
-rw-r--r--doc/relnotes/1_8_11.txt10
-rw-r--r--doc/relnotes/1_8_12.txt14
-rw-r--r--doc/relnotes/1_8_13.txt8
-rw-r--r--doc/relnotes/1_8_2.txt8
-rw-r--r--doc/relnotes/1_8_3.txt14
-rw-r--r--doc/relnotes/1_8_4.txt5
-rw-r--r--doc/relnotes/1_8_5.txt8
-rw-r--r--doc/relnotes/1_8_6.txt13
-rw-r--r--doc/relnotes/1_8_7.txt6
-rw-r--r--doc/relnotes/1_8_8.txt8
-rw-r--r--doc/relnotes/1_8_9.txt27
-rw-r--r--doc/relnotes/1_9_0.txt12
-rw-r--r--doc/relnotes/1_9_1.txt16
-rw-r--r--doc/relnotes/1_9_10.txt26
-rw-r--r--doc/relnotes/1_9_11.txt44
-rw-r--r--doc/relnotes/1_9_12.txt7
-rw-r--r--doc/relnotes/1_9_13.txt30
-rw-r--r--doc/relnotes/1_9_14.txt11
-rw-r--r--doc/relnotes/1_9_15.txt25
-rw-r--r--doc/relnotes/1_9_16.txt52
-rw-r--r--doc/relnotes/1_9_17.txt45
-rw-r--r--doc/relnotes/1_9_18.txt81
-rw-r--r--doc/relnotes/1_9_2.txt9
-rw-r--r--doc/relnotes/1_9_3.txt11
-rw-r--r--doc/relnotes/1_9_4.txt57
-rw-r--r--doc/relnotes/1_9_5.txt14
-rw-r--r--doc/relnotes/1_9_6.txt9
-rw-r--r--doc/relnotes/1_9_7.txt11
-rw-r--r--doc/relnotes/1_9_8.txt13
-rw-r--r--doc/relnotes/1_9_9.txt26
-rw-r--r--doc/relnotes/index.txt252
-rw-r--r--doc/x509.txt4
175 files changed, 2635 insertions, 2318 deletions
diff --git a/doc/bigint.txt b/doc/bigint.txt
index 7eb884039..89c4a0cb9 100644
--- a/doc/bigint.txt
+++ b/doc/bigint.txt
@@ -21,13 +21,13 @@ Encoding Functions
These transform the normal representation of a ``BigInt`` into some
other form, such as a decimal string:
-.. cpp:function:: SecureVector<byte> BigInt::encode(const BigInt& n, Encoding enc = Binary)
+.. cpp:function:: secure_vector<byte> BigInt::encode(const BigInt& n, Encoding enc = Binary)
This function encodes the BigInt n into a memory
vector. ``Encoding`` is an enum that has values ``Binary``,
``Octal``, ``Decimal``, and ``Hexadecimal``.
-.. cpp:function:: BigInt BigInt::decode(const MemoryRegion<byte>& vec, Encoding enc)
+.. cpp:function:: BigInt BigInt::decode(const std::vector<byte>& vec, Encoding enc)
Decode the integer from ``vec`` using the encoding specified.
@@ -35,7 +35,7 @@ These functions are static member functions, so they would be called
like this::
BigInt n1 = ...; // some number
- SecureVector<byte> n1_encoded = BigInt::encode(n1);
+ secure_vector<byte> n1_encoded = BigInt::encode(n1);
BigInt n2 = BigInt::decode(n1_encoded);
assert(n1 == n2);
diff --git a/doc/building.txt b/doc/building.txt
index e16531de4..cc6f0af5d 100644
--- a/doc/building.txt
+++ b/doc/building.txt
@@ -331,18 +331,9 @@ for calculations with the MPI implementation in Botan. You can choose
on the processor. Unless you are building for a 8 or 16-bit CPU, this
isn't worth messing with.
-``BOTAN_VECTOR_OVER_ALLOCATE``: The memory container ``SecureVector``
-will over-allocate requests by this amount (in elements). In several
-areas of the library, we grow a vector fairly often. By
-over-allocating by a small amount, we don't have to do allocations as
-often (which is good, because the allocators can be quite slow). If
-you *really* want to reduce memory usage, set it to 0. Otherwise, the
-default should be perfectly fine.
-
``BOTAN_DEFAULT_BUFFER_SIZE``: This constant is used as the size of
-buffers throughout Botan. A good rule of thumb would be to use the
-page size of your machine. The default should be fine for most
-purposes.
+buffers throughout Botan. The default should be fine for most
+purposes, reduce if you are very concerned about runtime memory usage.
Building Applications
----------------------------------------
diff --git a/doc/conf.py b/doc/conf.py
index 65f40314a..99ee64a54 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -186,10 +186,10 @@ html_static_path = []
#html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
-#html_show_sphinx = True
+html_show_sphinx = False
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
-#html_show_copyright = True
+html_show_copyright = False
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
diff --git a/doc/contents.txt b/doc/contents.txt
index 141c9188f..75286c945 100644
--- a/doc/contents.txt
+++ b/doc/contents.txt
@@ -23,11 +23,11 @@ Contents
rng
fpe
python
+ relnotes/index
.. toctree::
:hidden:
- log
license
credits
faq
diff --git a/doc/download.txt b/doc/download.txt
index 0891adc8c..185126e19 100644
--- a/doc/download.txt
+++ b/doc/download.txt
@@ -11,14 +11,20 @@ Unsure which release you want? Check the :ref:`FAQ <devel_vs_stable>`.
.. note::
If you are viewing this documentation offline, a more recent
- release `may be available <http://botan.randombit.net/download.html>`_
+ release `may be available <http://botan.randombit.net/download.html>`_.
+
+Current Development Release (1.11)
+----------------------------------------
+
+The current development release (from branch ``net.randombit.botan``) is
+:doc:`relnotes/1_11_0`
+
Current Stable Release (1.10)
----------------------------------------
-The current stable release is `1.10.2
-<http://botan.randombit.net/news/releases/1_10_2.html>`_ which was
-released on 2012-06-17.
+The current stable release (from branch ``net.randombit.botan.1_10``)
+is :doc:`relnotes/1_10_2`
Sources:
@@ -40,9 +46,8 @@ Sources:
Previous Stable Release (1.8)
----------------------------------------
-The previous stable release is `1.8.13
-<http://botan.randombit.net/news/releases/1_8_13.html>`_ which was
-released on 2011-07-02.
+The previous stable release (from branch ``net.randombit.botan.1_8``)
+is :doc:`relnotes/1_8_13`
Sources:
@@ -65,12 +70,9 @@ Accessing Version Control
----------------------------------------
Botan's development occurs using a distributed version control system
-called `Monotone <http://www.monotone.ca>`_.
-
-The main branch of development occurs on the branch named
-``net.randombit.botan``; this is probably the branch you want (for
-1.8, use ``net.randombit.botan.1_8`` instead). To download that branch
-and set up a new workspace, run::
+called `Monotone <http://www.monotone.ca>`_. The main branch of
+development occurs on the branch named ``net.randombit.botan``. To
+download that branch and set up a new workspace, run::
$ mtn db init --db=botan.mtn
$ mtn pull --db=botan.mtn randombit.net 'net.randombit.botan'
@@ -78,10 +80,10 @@ and set up a new workspace, run::
$ mtn checkout --db=botan.mtn --branch=net.randombit.botan
[...]
-By default the ``checkout`` command will place the workspace in a directory
-with the same name as the branch you are checking out. If you want a
-different directory name, just include it after the ``--branch`` option (you
-can also rename this directory at any time).
+By default the ``checkout`` command will place the workspace in a
+directory with the same name as the branch you are checking out. If
+you want a different directory name, just include it after the
+``--branch`` option (you can also rename this directory at any time).
If this is the first time you've connected to the server, Monotone
will print::
@@ -90,14 +92,15 @@ will print::
mtn: I'll assume it's really them, but you might want to double-check
mtn: their key's fingerprint: 8c0b868f2247215c63c96983b1c8ca0f0f0cfd9a
-The fingerprint shown above was the correct one as of September 21, 2010.
+The fingerprint shown above was the correct one as of June 20, 2012.
-To pull further changes, from anywhere in the workspace run these commands::
+To pull further changes, from anywhere in the workspace run these
+commands::
$ mtn pull
[...]
$ mtn update
[summary of changes]
-The ``mtn update`` command will give you a summary of which files changed;
-to view the full changelog, run ``mtn log``.
+The ``mtn update`` command will give you a summary of which files
+changed; to view the full changelog, run ``mtn log``.
diff --git a/doc/filters.txt b/doc/filters.txt
index 2355005aa..d71df1225 100644
--- a/doc/filters.txt
+++ b/doc/filters.txt
@@ -59,7 +59,7 @@ Here's code that uses one of them to encrypt a string with AES::
pipe.process_msg("secrets");
pipe.process_msg("more secrets");
- MemoryVector<byte> c1 = pipe.read_all(0);
+ secure_vector<byte> c1 = pipe.read_all(0);
byte c2[4096] = { 0 };
size_t got_out = pipe.read(c2, sizeof(c2), 1);
@@ -216,7 +216,7 @@ a case where that is useful::
pipe.process_msg(ciphertext);
std::string plaintext = pipe.read_all_as_string(0);
- SecureVector<byte> mac = pipe.read_all(1);
+ secure_vector<byte> mac = pipe.read_all(1);
if(mac != auth_code)
error();
@@ -380,7 +380,7 @@ another message, without either read affecting any other messages).
.. cpp:function:: void Pipe::write(const byte* input, size_t length)
-.. cpp:function:: void Pipe::write(const MemoryRegion<byte>& input)
+.. cpp:function:: void Pipe::write(const std::vector<byte>& input)
.. cpp:function:: void Pipe::write(const std::string& input)
@@ -429,7 +429,7 @@ Functions in ``Pipe`` related to reading include:
Acts exactly like `read`, except the data is not actually read; the
next read will return the same data.
-.. cpp:function:: SecureVector<byte> Pipe::read_all()
+.. cpp:function:: secure_vector<byte> Pipe::read_all()
Reads the entire message into a buffer and returns it
diff --git a/doc/firststep.txt b/doc/firststep.txt
index fb4eb583e..427bcadf0 100644
--- a/doc/firststep.txt
+++ b/doc/firststep.txt
@@ -76,13 +76,6 @@ destroyed. This implies you can't have static variables that are Botan
objects inside functions or classes; in many C++ runtimes, these
objects will be destroyed after main has returned.
-The memory object classes (``MemoryRegion``, ``MemoryVector``,
-``SecureVector``) are extremely primitive, and meant only for
-secure storage of potentially sensitive data like keys. They do not
-meet the requirements for an STL container object and you should not
-try to use them with STL algorithms. For a general-purpose container,
-use ``std::vector``.
-
Use a ``try``/``catch`` block inside your ``main`` function, and catch
any ``std::exception`` throws (remember to catch by reference, as
``std::exception::what`` is polymorphic)::
diff --git a/doc/fpe.txt b/doc/fpe.txt
index 5c035f0b7..776189d4f 100644
--- a/doc/fpe.txt
+++ b/doc/fpe.txt
@@ -22,7 +22,7 @@ included in the future.
To use FE1, use these functions, from ``fpe_fe1.h``:
.. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \
- const SymmetricKey& key, const MemoryRegion<byte>& tweak)
+ const SymmetricKey& key, const std::vector<byte>& tweak)
Encrypts the value *X* modulo the value *n* using the *key* and
*tweak* specified. Returns an integer less than *n*. The *tweak* is
@@ -40,7 +40,7 @@ To use FE1, use these functions, from ``fpe_fe1.h``:
checksum is for the new (ciphertext) number.
.. cpp:function:: BigInt FPE::fe1_decrypt(const BigInt& n, const BigInt& X, \
- const SymmetricKey& key, const MemoryRegion<byte>& tweak)
+ const SymmetricKey& key, const std::vector<byte>& tweak)
Decrypts an FE1 ciphertext produced by :cpp:func:`fe1_encrypt`; the
*n*, *key* and *tweak* should be the same as that provided to the
diff --git a/doc/index.txt b/doc/index.txt
index cab41f776..535f8e171 100644
--- a/doc/index.txt
+++ b/doc/index.txt
@@ -53,9 +53,8 @@ It was started as a personal project by `Jack Lloyd
<http://www.randombit.net>`_,who continues to be the maintainer and
release manager. Since the first release in 2001, a number of
:doc:`individuals and organizations <credits>` have contributed bug
-fixes and new features. Check out the :doc:`release notes <log>` and
-`news archive <http://botan.randombit.net/news>`_ for more project
-history.
+fixes and new features. Check out the :doc:`release notes
+<relnotes/index>` for more project history.
If you need help or have questions, send a mail to the `development
mailing list
diff --git a/doc/kdf.txt b/doc/kdf.txt
index da916dcb3..4ab2fd5dc 100644
--- a/doc/kdf.txt
+++ b/doc/kdf.txt
@@ -11,19 +11,19 @@ shared secret created using Diffie-Hellman key agreement.
.. cpp:class:: KDF
- .. cpp:function:: SecureVector<byte> derive_key( \
- size_t key_len, const MemoryRegion<byte>& secret, \
+ .. cpp:function:: secure_vector<byte> derive_key( \
+ size_t key_len, const std::vector<byte>& secret, \
const std::string& salt = "") const
- .. cpp:function:: SecureVector<byte> derive_key( \
- size_t key_len, const MemoryRegion<byte>& secret, \
- const MemoryRegion<byte>& salt) const
+ .. cpp:function:: secure_vector<byte> derive_key( \
+ size_t key_len, const std::vector<byte>& secret, \
+ const std::vector<byte>& salt) const
- .. cpp:function:: SecureVector<byte> derive_key( \
- size_t key_len, const MemoryRegion<byte>& secret, \
+ .. cpp:function:: secure_vector<byte> derive_key( \
+ size_t key_len, const std::vector<byte>& secret, \
const byte* salt, size_t salt_len) const
- .. cpp:function:: SecureVector<byte> derive_key( \
+ .. cpp:function:: secure_vector<byte> derive_key( \
size_t key_len, const byte* secret, size_t secret_len, \
const std::string& salt) const
diff --git a/doc/log.txt b/doc/log.txt
deleted file mode 100644
index bc0990747..000000000
--- a/doc/log.txt
+++ /dev/null
@@ -1,2230 +0,0 @@
-
-.. _relnotes:
-
-Release Notes
-========================================
-
-Series 1.11
-----------------------------------------
-
-Version 1.11.0, Not Yet Released
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* The codebase has converted to C++11. Currently GCC 4.7 and Clang 3.1
- are known to work.
-
-* The MemoryVector and SecureVector container types have been removed.
- An alias of std::vector using an allocator that clears memory named
- secure_vector is used for key material, and std::vector is used for
- everything else.
-
-* The method of mlocking memory is much improved, and if the process
- can mlock memory then it will be used automatically.
-
-* The TLS interface is now non-blocking and does not directly interact
- with sockets. An example TLS server using asio is included which
- scales to at least 64 processors.
-
-* X509_Store has been removed. x509_path_validate in x509path.h now
- handles path validation and Certificate_Store handles storage of
- certificates and CRLs.
-
-* Add support for OCSP
-
-* TLS v1.2 is now supported
-
-* TLS now supports session resumption. Session information can be
- saved in memory or to an encrypted SQLite database.
-
-* TLS renegotiation is now supported
-
-* TLS client authentication is now supported
-
-* TLS SRP and PSK ciphersuites are now supported
-
-* TLS session tickets are now supported
-
-* TLS ECDH key exchange and ECDSA certificates are now supported
-
-* Add support for SHA-2 ciphersuites
-
-* Add support for anonymous DH/ECDH ciphersuites
-
-
-Series 1.10
-----------------------------------------
-
-Version 1.10.2, 2012-06-17
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* To protect clients against renegotiation attacks, the TLS client
- now sends the renegotiation extension SCSV.
-
-* TLS renegotiation is completely disabled in this release. All hello
- requests, and all client hellos after the initial negotiation, are
- ignored.
-
-* Fix bugs in TLS affecting DSA servers.
-
-* Pipe::reset no longer requires that message processing be completed,
- a requirement that caused problems when a Filter's end_msg call
- threw an exception, after which point the Pipe object was no longer
- usable.
-
-* Add support for the rdrand instruction introduced in Intel's Ivy
- Bridge processors.
-
-* CPUID::has_rdrand was checking the wrong cpuid bit, and would false
- positive on AMD Bulldozer processors.
-
-* Add the Camellia block cipher
-
-* An implementation of SRP-6a compatible with the specification in
- RFC 5054 is now available in srp6.h
-
-* The exception catching syntax of configure.py has been changed to
- the Python 3.x syntax. This syntax also works with Python 2.6 and
- 2.7, but not with any earlier Python 2 release. A simple search and
- replace will allow running it under Python 2.5::
- perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
-
-* If clock_gettime is available on the system, poll all available
- clock types in the hres_timer poll.
-
-* Add AltiVec detection for IBM POWER7 processors.
-
-* Add AltiVec detection for OpenBSD, contributed by Brad Smith (PR 162)
-
-* Add Google's Native Client as an compile target
-
-* The Qt mutex wrapper was broken and would not compile with any recent
- version of Qt. It has been removed.
-
-* If targetting GCC on a Windows system, configure.py will warn that
- likely you wanted to configure for either MinGW or Cygwin, not the
- generic Windows target which is oriented to Win32 plus the Visual
- C++ runtime.
-
-* Fixed a compilation problem of the dynamic loader hooks under MinGW GCC
-
-* Don't set a soname on OpenBSD, as it doesn't support it (PR 158)
-
-* Fix a configure.py incompatability with the subprocess module
- included in Python 3.1 (PR 157)
-
-* A bug in configure.py would cause it to interpret `--cpu=s390x` as
- `s390`. This may have affected other CPUs as well. Now configure.py
- searches for an exact match, and only if no exact match is found
- will it search for substring matches.
-
-Version 1.10.1, 2011-07-11
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* A race condition in `Algorithm_Factory` could cause crashes in
- multithreaded code. See `this thread on botan-devel
- <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_
- for details and workarounds.
-
-* The return value of ``name`` has changed for GOST 28147-89 and
- Skein-512. GOST's ``name`` now includes the name of the sbox, and
- Skein's includes the personalization string (if nonempty). This
- allows an object to be properly roundtripped, which is necessary to
- fix the race condition described above.
-
-* A new distribution script is now included, as
- ``src/build-data/scripts/dist.py``
-
-* The ``build.h`` header now includes, if available, an identifier of
- the source revision that was used. This identifier is also included
- in the result of ``version_string``.
-
-Version 1.10.0, 2011-06-20
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Detection for the rdrand instruction being added to upcoming Intel
- Ivy Bridge processors has been added.
-
-* A template specialization of std::swap was added for the memory
- container types.
-
-Series 1.9
-----------------------------------------
-
-Version 1.9.18, 2011-06-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fourth release candidate for 1.10.0
-
-* The GOST 34.10 verification operation was not ensuring that s and r
- were both greater than zero. This could potentially have meant it
- would have accepted an invalid all-zero signature as valid for any
- message. Due to how ECC points are internally represented it instead
- resulted in an exception being thrown.
-
-* A simple multiexponentation algorithm is now used in ECDSA and
- GOST-34.10 signature verification, leading to 20 to 25% improvements
- in ECDSA and 25% to 40% improvements in GOST-34.10 verification
- performance.
-
-* The internal representation of elliptic curve points has been
- modified to use Montgomery representation exclusively, resulting in
- reduced memory usage and a 10 to 20% performance improvement for
- ECDSA and ECDH.
-
-* In OAEP decoding, scan for the delimiter bytes using a loop that is
- written without conditionals so as to help avoid timing analysis.
- Unfortunately GCC at least is 'smart' enough to compile it to
- jumps anyway.
-
-* The SSE2 implementation of IDEA did not work correctly when compiled
- by Clang, because the trick it used to emulate a 16 bit unsigned
- compare in SSE (which doesn't contain one natively) relied on signed
- overflow working in the 'usual' way. A different method that doesn't
- rely on signed overflow is now used.
-
-* Add support for compiling SSL using Visual C++ 2010's TR1
- implementation.
-
-* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to
- crash if given a zero-sized input to encode.
-
-* A new build option ``--via-amalgamation`` will first generate the
- single-file amalgamation, then build the library from that single
- file. This option requires a lot of memory and does not parallelize,
- but the resulting library is smaller and may be faster.
-
-* On Unix, the library and header paths have been changed to allow
- parallel installation of different versions of the library. Headers
- are installed into ``<prefix>/include/botan-1.9/botan``, libraries
- are named ``libbotan-1.9``, and ``botan-config`` is now namespaced
- (so in this release ``botan-config-1.9``). All of these embedded
- versions will be 1.10 in the upcoming stable release.
-
-* The soname system has been modified. In this release the library
- soname is ``libbotan-1.9.so.0``, with the full library being named
- ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be
- incremented whenever a breaking ABI change is made.
-
-* TR1 support is not longer automatically assumed under older versions
- of GCC
-
-* Functions for base64 decoding that work standalone (without needing
- to use a pipe) have been added to ``base64.h``
-
-* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11
- and has been added back.
-
-* The function ``BigInt::get_substring`` did not work correctly with a
- *length* argument of 32.
-
-* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and
- assumes the caller included ``string.h`` on its behalf. Do so to
- fix compilation in the ``dev_random`` and ``unix_procs`` entropy
- sources. Patch from Jeremy C. Reed.
-
-* Add two different configuration targets for Atom, since some are
- 32-bit and some are 64-bit. The 'atom' target now refers to the
- 64-bit implementations, use 'atom32' to target the 32-bit
- processors.
-
-* The (incomplete) support for CMS and card verifiable certificates
- are disabled by default; add ``--enable-modules=cms`` or
- ``--enable-modules=cvc`` during configuration to turn them back on.
-
-Version 1.9.17, 2011-04-29
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Third release candidate for 1.10.0
-
-* The format preserving encryption method currently available was
- presented in the header ``fpe.h`` and the functions ``fpe_encrypt``
- and ``fpe_decrypt``. These were renamed as it is likely that other
- FPE schemes will be included in the future. The header is now
- ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and
- ``fe1_decrypt``. See :doc:`fpe` for more information.
-
-* New options to ``configure.py`` control what tools are used for
- documentation generation. The ``--with-sphinx`` option enables using
- Sphinx to convert ReST into HTML; otherwise the ReST sources are
- installed directly. If ``--with-doxygen`` is used, Doxygen will run
- as well. Documentation generation can be triggered via the ``docs``
- target in the makefile; it will also be installed by the install
- target on Unix.
-
-* A bug in 1.9.16 effectively disabled support for runtime CPU feature
- detection on x86 under GCC in that release.
-
-* A mostly internal change, all references to "ia32" and "amd64" have
- been changed to the vendor neutral and probably easier to understand
- "x86-32" and "x86-64". For instance, the "mp_amd64" module has been
- renamed "mp_x86_64", and the macro indicating x86-32 has changed
- from ``BOTAN_TARGET_ARCH_IS_IA32`` to
- ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have
- also been renamed.
-
-* Similiarly to the above change, the AES implemenations using the
- AES-NI instruction set have been renamed from AES_XXX_Intel to
- AES_XXX_NI.
-
-* Systems that are identified as `sun4u` will default to compiling for
- 32-bit SPARCv9 code rather than 64-bit. This matches the still
- common convention for 32-bit SPARC userspaces. If you want 64-bit
- code on such as system, use ``--cpu=sparc64``.
-
-* Some minor fixes for compiling botan under the BeOS
- clone/continuation `Haiku <http://haiku-os.org>`_.
-
-* Further updates to the documentation
-
-Version 1.9.16, 2011-04-11
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Second release candidate for 1.10.0
-
-* The documentation, previously written in LaTeX, is now in
- reStructuredText suitable for processing by `Sphinx
- <http://sphinx.pocoo.org>`_, which can generate nicely formatted
- HTML and PDFs. The documentation has also been greatly updated and
- expanded.
-
-* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a
- typedef for backwards compatability.
-
-* ``EC_Group``'s string constructor didn't understand the standard
- names like "secp160r1", forcing use of the OIDs.
-
-* Two constructors for ECDSA private keys, the one that creates a new
- random key, and the one that provides a preset private key as a
- ``BigInt``, have been merged. This matches the existing interface
- for DSA and DH keys. If you previously used the version taking a
- ``BigInt`` private key, you'll have to additionally pass in a
- ``RandomNumberGenerator`` object starting in this release.
-
-* It is now possible to create ECDH keys with a preset ``BigInt``
- private key; previously no method for this was available.
-
-* The overload of ``generate_passhash9`` that takes an explicit
- algorithm identifier has been merged with the one that does not.
- The algorithm identifier code has been moved from the second
- parameter to the fourth. See :ref:`passhash9` for details.
-
-* Change shared library versioning to match the normal Unix
- conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is
- named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do
- its runtime linky magic. It can be safely presumed that any change
- in the major or minor version indicates ABI incompatability.
-
-* Remove the socket wrapper code; it was not actually used by anything
- in the library, only in the examples, and you can use whatever kind
- of (blocking) socket interface you like with the SSL/TLS code. It's
- available as socket.h in the examples directory if you want to use
- it.
-
-* Disable the by-default 'strong' checking of private keys that are
- loaded from storage. You can always request key material sanity
- checking using Private_Key::check_key.
-
-* Bring back removed functions ``min_keylength_of``,
- ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to
- avoid breaking applications written against 1.8
-
-Version 1.9.15, 2011-03-21
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* First release candidate for 1.10.0
-
-* Modify how message expansion is done in SHA-256 and SHA-512.
- Instead of expanding the entire message at the start, compute them
- in the minimum number of registers. Values are computed 15 rounds
- before they are needed. On a Core i7-860, GCC 4.5.2, went from 143
- to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512.
-
-* Pipe will delete empty output queues as soon as they are no longer
- needed, even if earlier messages still have data unread. However an
- (empty) entry in a deque of pointers will remain until all prior
- messages are completely emptied.
-
-* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike
- Linux the kernel will not trap and emulate it for us, causing a
- illegal instruction crash.
-
-* Improve detection and autoconfiguration for ARM processors.
-
-Version 1.9.14, 2011-03-01
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add support for bcrypt, OpenBSD's password hashing scheme. It is
- described in :ref:`bcrypt`.
-
-* Add support for NIST's AES key wrapping algorithm, as described in
- :rfc:`3394`. It is available by including ``rfc3394.h``.
-
-* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142)
-
-Version 1.9.13, 2011-02-19
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Update Keccak to the round 3 variant
-* Fix ordering in GOST 34.10 signatures to match DNSSEC specifications
-* Use ``size_t`` instead of ``u32bit`` for small integers in DER/BER codecs
-* Add new build option ``--distribution-info``
-* Fix problems in the amalgamation build
-* Fix building under Clang 2.9 and Sun Studio 12
-
-Version 1.9.12, 2010-12-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add the Keccak hash function
-* Fix compilation problems in Python wrappers
-* Fix compilation problem in OpenSSL engine
-* Update SQLite3 database encryption codec
-
-Version 1.9.11, 2010-11-29
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Many SSL/TLS APIs have changed. This API is still unstable.
-* The SSL interface requires TR1 (uses std::tr1::function)
-* Fix SSL handshake failures when using RC4 ciphersuites
-* Fix a number of CRL encoding and decoding bugs
-* Counter mode now always encrypts 256 blocks in parallel
-* Code where u32bit was used to represent a length now uses size_t
-* Use small tables in the first round of AES
-* Removed AES class: app must choose AES-128, AES-192, or AES-256
-* Add hex encoding/decoding functions that can be used without a Pipe
-* Add base64 encoding functions that can be used without a Pipe
-* Add to_string function to X509_Certificate
-* Add support for dynamic engine loading on Windows
-* Replace BlockCipher::BLOCK_SIZE attribute with function block_size()
-* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size()
-* Changed semantics of MemoryRegion::resize and clear to match STL
-* Removed MemoryRegion::append, replaced by push_back and operator+=
-* Move PBKDF lookup to engine system
-* The IDEA key schedule has been changed to run in constant time
-* Avoid a possible timing vulnerability in Montgomery reduction
-* Add Algorithm and Key_Length_Specification classes
-* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
-* Update Skein-512 to match the v1.3 specification
-* Allow using PBKDF2 with empty passphrases
-* Add compile-time deprecation warnings for GCC, Clang, and MSVC
-* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
-* Improve support for Intel Atom processors
-* Fix compilation problems under Sun Studio and Clang
-
-Version 1.9.10, 2010-08-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add a constant time AES implementation using SSSE3
-* Add support for loading new Engines at runtime
-* Use GCC byteswap intrinsics where possible
-* Drop support for building with Python 2.4
-* Fix benchmarking of block ciphers in ECB mode
-* Consolidate the two x86 assembly engines
-* Rename S2K to PBKDF
-
-Version 1.9.9, 2010-06-28
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add new X509::BER_encode and PKCS8::BER_encode
-* Give all Filter objects a name() function
-* Add Keyed_Filter::valid_iv_length
-* Increase default iteration counts for private key encryption
-* Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later
-* Fix compilation under Apple's GCC 4.2
-* Expand and update the Doxygen documentation
-
-Version 1.9.8, 2010-06-14
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add support for wide multiplications on 64-bit Windows
-* Use constant time multiplication in IDEA
-* Avoid possible timing attack against OAEP decoding
-* Removed FORK-256; rarely used and it has been broken
-* Rename ``--use-boost-python`` to ``--with-boost-python``
-* Skip building shared libraries on MinGW/Cygwin
-* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
-* Fix compilation on GCC versions before 4.3 (missing cpuid.h)
-* Fix compilation under the Clang compiler
-
-Version 1.9.7, 2010-04-27
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* TLS: Support reading SSLv2 client hellos
-* TLS: Add support for SEED ciphersuites (RFC 4162)
-* Add Comb4P hash combiner function
-* Fix checking of EMSA_Raw signatures with leading 0 bytes
-
-Version 1.9.6, 2010-04-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* TLS: Add support for TLS v1.1
-* TLS: Support server name indicator extension
-* TLS: Fix server handshake
-* TLS: Fix server using DSA certificates
-* TLS: Avoid timing channel between CBC padding check and MAC verification
-
-Version 1.9.5, 2010-03-29
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Numerous ECC optimizations
-* Fix GOST 34.10-2001 X.509 key loading
-* Allow PK_Signer's fault protection checks to be toggled off
-* Avoid using pool-based locking allocator if we can't mlock
-* Remove all runtime options
-* New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
-* Remove SecureBuffer in favor of SecureVector length parameter
-* HMAC_RNG: Perform a poll along with user-supplied entropy
-* Fix crash in MemoryRegion if Allocator::get failed
-* Fix small compilation problem on FreeBSD
-
-Version 1.9.4, 2010-03-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add the Ajisai SSLv3/TLSv1.0 implementation
-* Add GOST 34.10-2001 public key signature scheme
-* Add SIMD implementation of Noekeon
-* Add SSE2 implementation of IDEA
-* Extend Salsa20 to support longer IVs (XSalsa20)
-* Perform XTS encryption and decryption in parallel where possible
-* Perform CBC decryption in parallel where possible
-* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
-* Add a block cipher cascade construction
-* Add support for password hashing for authentication (passhash9.h)
-* Add support for Win32 high resolution system timers
-* Major refactoring and API changes in the public key code
-* Use consistency checking (anti-fault attack) for all signature schemes
-* Changed S2K interface: derive_key now takes salt, iteration count
-* Remove dependency on TR1 for ECC and CVC code
-* Renamed ECKAEG to its more usual name, ECDH
-* Fix crash in GMP_Engine if library is shutdown and reinitialized
-* Fix an invalid memory read in MD4
-* Fix Visual C++ static builds
-* Remove Timer class entirely
-* Switch default PKCS #8 encryption algorithm from 3DES to AES-128
-* New option --gen-amalgamation for creating a SQLite-style amalgamation
-* Many headers are now explicitly internal-use-only and are not installed
-* Greatly improve the Win32 installer
-* Several fixes for Visual C++ debug builds
-
-Version 1.9.3, 2009-11-19
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add new AES implementation using Intel's AES instruction intrinsics
-* Add an implementation of format preserving encryption
-* Allow use of any hash function in X.509 certificate creation
-* Optimizations for MARS, Skipjack, and AES
-* Set macros for available SIMD instructions in build.h
-* Add support for using InnoSetup to package Windows builds
-* By default build a DLL on Windows
-
-Version 1.9.2, 2009-11-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add SIMD version of XTEA
-* Support both SSE2 and AltiVec SIMD for Serpent and XTEA
-* Optimizations for SHA-1 and SHA-2
-* Add AltiVec runtime detection
-* Fix x86 CPU identification with Intel C++ and Visual C++
-
-Version 1.9.1, 2009-10-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Better support for Python and Perl wrappers
-* Add an implementation of Blue Midnight Wish (Round 2 tweak version)
-* Modify Skein-512 to match the tweaked 1.2 specification
-* Add threshold secret sharing (draft-mcgrew-tss-02)
-* Add runtime cpu feature detection for x86/x86-64
-* Add code for general runtime self testing for hashes, MACs, and ciphers
-* Optimize XTEA; twice as fast as before on Core2 and Opteron
-* Convert CTR_BE and OFB from filters to stream ciphers
-* New parsing code for SCAN algorithm names
-* Enable SSE2 optimizations under Visual C++
-* Remove all use of C++ exception specifications
-* Add support for GNU/Hurd and Clang/LLVM
-
-Version 1.9.0, 2009-09-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add support for parallel invocation of block ciphers where possible
-* Add SSE2 implementation of Serpent
-* Add Rivest's package transform (an all or nothing transform)
-* Minor speedups to the Turing key schedule
-* Fix processing multiple messages in XTS mode
-* Add --no-autoload option to configure.py, for minimized builds
-* The previously used configure.pl script is no longer supported
-
-Series 1.8
-----------------------------------------
-
-Version 1.8.13, 2011-07-02
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* A race condition in `Algorithm_Factory` could cause crashes in
- multithreaded code. See `this thread on botan-devel
- <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_
- for details and workarounds.
-
-Version 1.8.12, 2011-06-20
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-* If EMSA3(Raw) was used for more than one signature, it would produce
- incorrect output.
-
-* Fix the --enable-debug option to configure.py
-
-* Improve OS detection on Cygwin
-
-* Fix compilation under Sun Studio 12 on Solaris
-
-* Fix a memory leak in the constructors of DataSource_Stream and
- DataSink_Stream which would occur if opening the file failed. PR 144
-
-Version 1.8.11, 2010-11-02
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix a number of CRL encoding and decoding bugs
-* When building a debug library under VC++, use the debug runtime
-* Fix compilation under Sun Studio on Linux and Solaris
-* Add several functions for compatability with 1.9
-* In the examples, read most input files as binary
-* The Perl build script has been removed in this release
-
-Version 1.8.10, 2010-08-31
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Switch default PKCS #8 encryption algorithm from 3DES to AES-256
-* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2
-* Use small tables in the first round of AES
-* Add PBKDF typedef and get_pbkdf for better compatability with 1.9
-* Add version of S2K::derive_key taking salt and iteration count
-* Enable the /proc-walking entropy source on NetBSD
-* Fix the doxygen makefile target
-
-Version 1.8.9, 2010-06-16
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Use constant time multiplication in IDEA
-* Avoid possible timing attack against OAEP decoding
-* Add new X509::BER_encode and PKCS8::BER_encode
-* Enable DLL builds under Windows
-* Add Win32 installer support
-* Add support for the Clang compiler
-* Fix problem in semcem.h preventing build under Clang or GCC 3.4
-* Fix bug that prevented creation of DSA groups under 1024 bits
-* Fix crash in GMP_Engine if library is shutdown and reinitialized
-* Work around problem with recent binutils in x86-64 SHA-1
-* The Perl build script is no longer supported and refuses to run by default
-
-Version 1.8.8, 2009-11-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Alter Skein-512 to match the tweaked 1.2 specification
-* Fix use of inline asm for access to x86 bswap function
-* Allow building the library without AES enabled
-* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild
-
-Version 1.8.7, 2009-09-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix processing multiple messages in XTS mode
-* Add --no-autoload option to configure.py, for minimized builds
-
-Version 1.8.6, 2009-08-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add Cryptobox, a set of simple password-based encryption routines
-* Only read world-readable files when walking /proc for entropy
-* Fix building with TR1 disabled
-* Fix x86 bswap support for Visual C++
-* Fixes for compilation under Sun C++
-* Add support for Dragonfly BSD (contributed by Patrick Georgi)
-* Add support for the Open64 C++ compiler
-* Build fixes for MIPS systems running Linux
-* Minor changes to license, now equivalent to the FreeBSD/NetBSD license
-
-Version 1.8.5, 2009-07-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Change configure.py to work on stock Python 2.4
-* Avoid a crash in Skein_512::add_data processing a zero-length input
-* Small build fixes for SPARC, ARM, and HP-PA processors
-* The test suite now returns an error code from main() if any tests failed
-
-Version 1.8.4, 2009-07-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix a bug in nonce generation in the Miller-Rabin test
-
-Version 1.8.3, 2009-07-11
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add a new Python configuration script
-* Add the Skein-512 SHA-3 candidate hash function
-* Add the XTS block cipher mode from IEEE P1619
-* Fix random_prime when generating a prime of less than 7 bits
-* Improve handling of low-entropy situations during PRNG seeding
-* Change random device polling to prefer /dev/urandom over /dev/random
-* Use an input insensitive implementation of same_mem instead of memcmp
-* Correct DataSource::discard_next to return the number of discarded bytes
-* Provide a default value for AutoSeeded_RNG::reseed
-* Fix Gentoo bug 272242
-
-Version 1.8.2, 2009-04-07
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Make entropy polling more flexible and in most cases faster
-* GOST 28147 now supports multiple sbox parameters
-* Added the GOST 34.11 hash function
-* Fix botan-config problems on MacOS X
-
-Version 1.8.1, 2009-01-20
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
-* Fix memory leak in PKCS8 load_key and encrypt_key
-* Relicense api.tex from CC-By-SA 2.5 to BSD
-* Fix botan-config on MacOS X, Solaris
-
-Version 1.8.0, 2008-12-08
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix compilation on Solaris with GCC
-
-Series 1.7
-----------------------------------------
-
-Version 1.7.24, 2008-12-01
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix a compatibility problem with SHA-512/EMSA3 signature padding
-* Fix bug preventing EGD/PRNGD entropy poller from working
-* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
-* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
-* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
-* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
-* Wrap private structs in SSE2 SHA-1 code in anonymous namespace
-* Change configure.pl's CPU autodetection output to be more consistent
-* Disable using OpenSSL's AES due to crashes of unknown cause
-* Fix warning in /proc walking entropy poller
-* Fix compilation with IBM XLC for Cell 0.9-200709
-
-Version 1.7.23, 2008-11-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Change to use TR1 (thus enabling ECDSA) with GCC and ICC
-* Optimize almost all hash functions, especially MD4 and Tiger
-* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
-* Change Timer to be pure virtual, and add ANSI_Clock_Timer
-* Cache socket descriptors in the EGD entropy source
-* Avoid bogging down startup in /proc walking entropy source
-* Remove Buffered_EntropySource helper class
-* Add a Default_Benchmark_Timer typedef in benchmark.h
-* Add examples using benchmark.h and Algorithm_Factory
-* Add ECC tests from InSiTo
-* Minor documentation updates
-
-Version 1.7.22, 2008-11-17
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add provider preferences to Algorithm_Factory
-* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
-* Optimize AES encryption and decryption (about 10% faster)
-* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
-* Fix nanoseconds overflow in benchmark code
-* Remove Engine::add_engine
-
-Version 1.7.21, 2008-11-11
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Make algorithm lookup much more configuable
-* Add facilities for runtime performance testing of algorithms
-* Drop use of entropy estimation in the PRNGs
-* Increase intervals between HMAC_RNG automatic reseeding
-* Drop InitializerOptions class, all options but thread safety
-
-Version 1.7.20, 2008-11-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Namespace pkg-config file by major and minor versions
-* Cache device descriptors in Device_EntropySource
-* Split base.h into {block_cipher,stream_cipher,mac,hash}.h
-* Removed get_mgf function from lookup.h
-
-Version 1.7.19, 2008-11-06
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add HMAC_RNG, based on a design by Hugo Krawczyk
-* Optimized the Turing stream cipher (about 20% faster on x86-64)
-* Modify Randpool's reseeding algorithm to poll more sources
-* Add a new AutoSeeded_RNG in auto_rng.h
-* OpenPGP_S2K changed to take hash object instead of name
-* Add automatic identification for Intel's Prescott processors
-
-Version 1.7.18, 2008-10-22
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add Doxygen comments from InSiTo
-* Add ECDSA and ECKAEG benchmarks
-* Add configure.pl switch --with-tr1-implementation
-* Fix configure.pl's --with-endian and --with-unaligned-mem options
-* Added support for pkg-config
-* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
-* Use const references to avoid copying overhead in CurveGFp, GFpModulus
-
-Version 1.7.17, 2008-10-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add missing ECDSA object identifiers
-* Fix error in x86 and x86-64 assembler affecting GF(p) math
-* Remove Boost dependency from GF(p) math
-* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
-* Add BOTAN_DLL macro to over 30 classes missing it
-* Rename the two SHA-2 base classes for consistency
-
-Version 1.7.16, 2008-10-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add several missing pieces needed for ECDSA and ECKAEG
-* Add Card Verifiable Certificates from InSiTo
-* Add SHA-224 from InSiTo
-* Add BSI variant of EMSA1 from InSiTo
-* Add GF(p) and ECDSA tests from InSiTo
-* Split ECDSA and ECKAEG into distinct modules
-* Allow OpenSSL and GNU MP engines to be built with public key algos disabled
-* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h
-
-Version 1.7.15, 2008-10-07
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add GF(p) arithmetic from InSiTo
-* Add ECDSA and ECKAEG implementations from InSiTo
-* Minimize internal dependencies, allowing for smaller build configurations
-* Add new User Manual and Architecture Guide from FlexSecure GmbH
-* Alter configure.pl options for better autotools compatibility
-* Update build instructions for recent changes to configure.pl
-* Fix CPU detection using /proc/cpuinfo
-
-Version 1.7.14, 2008-09-30
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Split library into parts allowing modular builds
-* Add (very preliminary) CMS support to the main library
-* Some constructors now require object pointers instead of names
-* Support multiple implementations of the same algorithm
-* Build support for Pentium-M processors, from Derek Scherger
-* Build support for MinGW/MSYS, from Zbigniew Zagorski
-* Use inline assembly for bswap on 32-bit x86
-
-Version 1.7.13, 2008-09-27
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
-* Allow all examples to compile even if compression not enabled
-* Make CMAC's polynomial doubling operation a public class method
-* Use the -m64 flag when compiling with Sun Forte on x86-64
-* Clean up and slightly optimize CMAC::final_result
-
-Version 1.7.12, 2008-09-18
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add x86 assembly for Visual Studio C++, by Luca Piccarreta
-* Add a Perl XS module, by Vaclav Ovsik
-* Add SWIG-based wrapper for Botan
-* Add SSE2 implementation of SHA-1, by Dean Gaudet
-* Remove the BigInt::sig_words cache due to bugs
-* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
-* Changed BigInt::grow_by and BigInt::grow_to to be non-const
-* Add private assignment operators to classes that don't support assignment
-* Benchmark RSA encryption and signatures
-* Added test programs for random_prime and ressol
-* Add high resolution timers for IA-64, HP-PA, S390x
-* Reduce use of the RNG during benchmarks
-* Fix builds on STI Cell PPU
-* Add support for IBM's XLC compiler
-* Add IETF 8192 bit MODP group
-
-Version 1.7.11, 2008-09-11
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added the Salsa20 stream cipher
-* Optimized Montgomery reduction, Karatsuba squaring
-* Added 16x16->32 word Comba multiplication and squaring
-* Use a much larger Karatsuba cutoff point
-* Remove bigint_mul_add_words
-* Inlined several BigInt functions
-* Add useful information to the generated build.h
-* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
-* Fix the Windows build
-
-Version 1.7.10, 2008-09-05
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Public key benchmarks run using a selection of random keys
-* New benchmark timer options are clock_gettime, gettimeofday, times, clock
-* Including reinterpret_cast optimization for xor_buf in default header
-* Split byte swapping and word rotation functions into distinct headers
-* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
-* Optimizes BigInt right shift
-* Add aliases in DL_Group::Format enum
-* BigInt now caches the significant word count
-
-Version 1.7.9, 2008-08-27
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Make clear() in most algorithm base classes a pure virtual
-* Add noexec stack marker for GNU linker in assembly code
-* Avoid string operations in ressol
-* Compilation fixes for MinGW and Visual Studio C++ 2008
-* Some autoconfiguration fixes for Windows
-
-Version 1.7.8, 2008-07-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added the block cipher Noekeon
-* Remove global deref_alias function
-* X509_Store takes timeout options as constructor arguments
-* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
-* Extend random_prime() for generating primes of any bit length
-* Remove Config class
-* Allow adding new entropy via base RNG interface
-* Reseeding a X9.31 PRNG also reseeds the underlying PRNG
-
-Version 1.7.7, 2008-06-28
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Remove the global PRNG object
-* The PK filter objects were removed
-* Add a test suite for the ANSI X9.31 PRNG
-* Much cleaner and (mostly) thread-safe reimplementation of es_ftw
-* Remove both default arguments to ANSI_X931_RNG's constructor
-* Remove the randomizing version of OctetString::change
-* Make the cipher and MAC to use in Randpool configurable
-* Move RandomNumberGenerator declaration to rng.h
-* RSA_PrivateKey will not generate keys smaller than 1024 bits
-* Fix an error decoding BER UNIVERSAL types with special taggings
-
-Version 1.7.6, 2008-05-05
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Initial support for Windows DLLs, from Joel Low
-* Reset the position pointer when a new block is generated in X9.32 PRNG
-* Timer objects are now treated as entropy sources
-* Moved several ASN.1-related enums from enums.h to an appropriate header
-* Removed the AEP module, due to inability to test
-* Removed Global_RNG and rng.h
-* Removed system_clock
-* Removed Library_State::UI and the pulse callback logic
-
-Version 1.7.5, 2008-04-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* The API of X509_CA::sign_request was altered to avoid race conditions
-* New type Pipe::message_id to represent the Pipe message number
-* Remove the Named_Mutex_Holder for a small performance gain
-* Removed several unused or rarely used functions from Config
-* Ignore spaces inside of a decimal string in BigInt::decode
-* Allow using a std::istream to initialize a DataSource_Stream object
-* Fix compilation problem in zlib compression module
-* The chunk sized used by Pooling_Allocator is now a compile time setting
-* The size of random blinding factors is now a compile time setting
-* The install target no longer tries to set a particular owner/group
-
-Version 1.7.4, 2008-03-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Use unaligned memory read/writes on systems that allow it, for performance
-* Assembly for x86-64 for accessing the bswap instruction
-* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
-* Unroll loops in SHA-160 for a few percent increase in performance
-* Fix compilation with GCC 3.2 in es_ftw and es_unix
-* Build fix for NetBSD systems
-* Prevent es_dev from being built except on Unix systems
-
-Version 1.7.3, 2008-01-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* New invocation syntax for configure.pl with several new options
-* Support for IPv4 addresses in a subject alternative name
-* New fast poll for the generic Unix entropy source (es_unix)
-* The es_file entropy source has been replaced by the es_dev module
-* The malloc allocator does not inherit from Pooling_Allocator anymore
-* The path that es_unix will search in are now fully user-configurable
-* Truncate X9.42 PRF output rather than allow counter overflow
-* PowerPC is now assumed to be big-endian
-
-Version 1.7.2, 2007-10-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Initialize the global library state lazily
-* Add plain CBC-MAC for backwards compatibility with old systems
-* Clean up some of the self test code
-* Throw a sensible exception if a DL_Group is not found
-* Truncate KDF2 output rather than allowing counter overflow
-* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
-* Fix a Visual Studio compilation problem in x509stat.cpp
-
-Version 1.7.1, 2007-07-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix a race condition in the algorithm object cache
-* HMAC key schedule optimization
-* The build header sets a macro defining endianness, if known
-* New word load/store abstraction allowing further optimization
-* Modify most of the library to avoid use the C-style casts
-* Use higher resolution timers in symmetric benchmarks
-
-Version 1.7.0, 2007-05-19
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* DSA parameter generation now follows FIPS 186-3
-* Added OIDs for Rabin-Williams and Nyberg-Rueppel
-* Somewhat better support for out of tree builds
-* Minor optimizations for RC2 and Tiger
-* Documentation updates
-* Update the todo list
-
-Series 1.6
-----------------------------------------
-
-Version 1.6.5, 2008-08-27
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add noexec stack marker for GNU linker in assembly code
-* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3
-
-Version 1.6.4, 2008-03-08
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix a compilation problem with Visual Studio C++ 2003
-
-Version 1.6.3, 2007-07-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix a race condition in the algorithm lookup cache
-* Fix problems building the memory pool on some versions of Visual C++
-
-Version 1.6.2, 2007-03-24
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix autodection on Athlon64s running Linux
-* Fix builds on QNX and compilers using STLport
-* Remove a call to abort() that crept into production
-
-Version 1.6.1, 2007-01-20
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix some base64 decoder bugs
-* Add a new option to base64 encoding, to always append a newline
-* Fix some build problems under Visual Studio with debug enabled
-* Fix a bug in BER_Decoder that was triggered under some compilers
-
-Version 1.6.0, 2006-12-17
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Minor cleanups versus 1.5.13
-
-Series 1.5
-----------------------------------------
-
-Version 1.5.13, 2006-12-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Compilation fixes for the bzip2, zlib, and GNU MP modules
-* Better support for Intel C++ and EKOpath C++ on x86-64
-
-Version 1.5.12, 2006-10-27
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Cleanups in the initialization routines
-* Add some x86-64 assembly for multiply-add
-* Fix problems generating very small (below 384 bit) RSA keys
-* Support out of tree builds
-* Bring some of the documentation up to date
-* More improvements to the Python bindings
-
-Version 1.5.11, 2006-09-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Removed the Algorithm base class
-* Various cleanups in the public key inheritance hierarchy
-* Major overhaul of the configure/build setup
-* Added x86 assembler implementations of Serpent and low-level MPI code
-* Optimizations for the SHA-1 x86 assembler
-* Various improvements to the Python wrappers
-* Work around a Visual Studio compiler bug
-
-Version 1.5.10, 2006-08-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add x86 assembler versions of MD4, MD5, and SHA-1
-* Expand InitializerOptions' language to support on/off switches
-* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
-* Fix possible resource leaks in the mmap allocator
-* Slightly optimized buffering in MDx_HashFunction
-* Initialization failures are dealt with somewhat better
-* Add an example implementing Pollard's Rho algorithm
-* Better option handling in the test/benchmark tool
-* Expand the xor_ciph example to support longer keys
-* Some updates to the documentation
-
-Version 1.5.9, 2006-07-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed bitrot in the AEP engine
-* Fix support for marking certificate/CRL extensions as critical
-* Significant cleanups in the library state / initialization code
-* LibraryInitializer takes an explicit InitializerOptions object
-* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
-* Change configuration access to using global_state()
-* Add support for global named mutexes throughout the library
-* Add some STL wrappers for the delete operator
-* Change how certificates are created to be more flexible and general
-
-Version 1.5.8, 2006-06-23
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Many internal cleanups to the X.509 cert/CRL code
-* Allow for application code to support new X.509 extensions
-* Change the return type of X509_Certificate::{subject,issuer}_info
-* Allow for alternate character set handling mechanisms
-* Fix a bug that was slowing squaring performance somewhat
-* Fix a very hard to hit overflow bug in the C version of word3_muladd
-* Minor cleanups to the assembler modules
-* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
-* Support for GCC 2.95.x has been dropped in this release
-
-Version 1.5.7, 2006-05-28
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Further, major changes to the BER/DER coding system
-* Updated the Qt mutex module to use Mutex_Factory
-* Moved the library global state object into an anonymous namespace
-* Drop the Visual C++ x86 assembly module due to bugs
-
-Version 1.5.6, 2006-03-01
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* The low-level DER/BER coding system was redesigned and rewritten
-* Portions of the certificate code were cleaned up internally
-* Use macros to substantially clean up the GCC assembly code
-* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
-* Avoid a couple of spurious warnings under Visual C++
-* Some slight cleanups in X509_PublicKey::key_id
-
-Version 1.5.5, 2006-02-04
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
-* Made Pooling_Allocator::Memory_Block an actual class of sorts
-* Some small optimizations to the division and modulo computations
-* Cleaned up the implementation of some of the BigInt operators
-* Reduced use of dynamic memory allocation in low-level BigInt functions
-* A few simplifications in the Randpool mixing function
-* Removed power(), as it was not particularly useful (or fast)
-* Fixed some annoying bugs in the benchmark code
-* Added a real credits file
-
-Version 1.5.4, 2006-01-29
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
-* Fixed a memory access off-by-one in the Karatsuba code
-* Changed Pooling_Allocator's free list search to a log(N) algorithm
-* Merged ModularReducer with its only subclass, Barrett_Reducer
-* Fixed sign-handling bugs in some of the division and modulo code
-* Renamed the module description files to modinfo.txt
-* Further cleanups in the initialization code
-* Removed BigInt::add and BigInt::sub
-* Merged all the division-related functions into just divide()
-* Modified the <mp_asmi.h> functions to allow for better optimizations
-* Made the number of bits polled from an EntropySource user configurable
-* Avoid including <algorithm> in <botan/secmem.h>
-* Fixed some build problems with Sun Forte
-* Removed some dead code from bigint_modop
-* Fix the definition of same_mem
-
-Version 1.5.3, 2006-01-24
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Many optimizations in the low-level multiple precision integer code
-* Added hooks for assembly implementations of the MPI code
-* Support for the X.509 issuer alternative name extension in new certs
-* Fixed a bug in the decompression modules; found and patched by Matt Johnston
-* New Windows mutex module (mux_win32), by Luca Piccarreta
-* Changed the Windows timer module to use QueryPerformanceCounter
-* mem_pool.cpp was using std::set iterators instead of std::multiset ones
-* Fixed a bug in X509_CA preventing users from disabling particular extensions
-* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
-* Fixed some module build problems on FreeBSD and Tru64
-
-Version 1.5.2, 2006-01-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed an off-by-one memory read in MISTY1::key()
-* Fixed a nasty memory leak in Output_Buffers::retire()
-* Reimplemented the memory allocator from scratch
-* Improved memory caching in Montgomery exponentiation
-* Optimizations for multiple precision addition and subtraction
-* Fixed a build problem in the hardware timer module on 64-bit PowerPC
-* Changed default Karatsuba cutoff to 12 words (was 14)
-* Removed MemoryRegion::bits(), which was unused and incorrect
-* Changed maximum HMAC keylength to 1024 bits
-* Various minor Makefile and build system changes
-* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
-* Switched checks/clock.cpp back to using clock() by default
-* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
-* Removed the Default_Mutex's unused clone() member function
-
-Version 1.5.1, 2006-01-08
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Implemented Montgomery exponentiation
-* Implemented generalized Karatsuba multiplication and squaring
-* Implemented Comba squaring for 4, 6, and 8 word inputs
-* Added new Modular_Exponentiator and Power_Mod classes
-* Removed FixedBase_Exp and FixedExponent_Exp
-* Fixed a performance regression in get_allocator introduced in 1.5.0
-* Engines can now offer S2K algorithms and block cipher padding methods
-* Merged the remaining global 'algolist' code into Default_Engine
-* The low-level MPI code is linked as C again
-* Replaced BigInt's get_nibble with the more general get_substring
-* Some documentation updates
-
-Version 1.5.0, 2006-01-01
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Moved all global/shared library state into a single object
-* Mutex objects are created through mutex factories instead of a global
-* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
-* Removed the RNG_Quality enum entirely
-* There is now only a single global-use PRNG
-* Removed the no_aliases and no_oids options for LibraryInitializer
-* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
-* Change es_ftw to use unbuffered I/O
-
-Series 1.4
-----------------------------------------
-
-Version 1.4.12, 2006-01-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed an off-by-one memory read in MISTY1::key()
-* Fixed a nasty memory leak in Output_Buffers::retire()
-* Changed maximum HMAC keylength to 1024 bits
-* Fixed a build problem in the hardware timer module on 64-bit PowerPC
-
-Version 1.4.11, 2005-12-31
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Changed Whirlpool diffusion matrix to match updated algorithm spec
-* Fixed several engine module build errors introduced in 1.4.10
-* Fixed two build problems in es_capi; reported by Matthew Gregan
-* Added a constructor to DataSource_Memory taking a std::string
-* Placing the same Filter in multiple Pipes triggers an exception
-* The configure script accepts --docdir and --libdir
-* Merged doc/rngs.txt into the main API document
-* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11
-
-Version 1.4.10, 2005-12-18
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added an implementation of KASUMI, the block cipher used in 3G phones
-* Refactored Pipe; output queues are now managed by a distinct class
-* Made certain Filter facilities only available to subclasses of Fanout_Filter
-* There is no longer any overhead in Pipe for a message that has been read out
-* It is now possible to generate RSA keys as small as 128 bits
-* Changed some of the core classes to derive from Algorithm as a virtual base
-* Changed Randpool to use HMAC instead of a plain hash as the mixing function
-* Fixed a bug in the allocators; found and fixed by Matthew Gregan
-* Enabled the use of binary file I/O, when requested by the application
-* The OpenSSL engine's block cipher code was missing some deallocation calls
-* Disabled the es_ftw module on NetBSD, due to header problems there
-* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
-* Some cleanups for the modules that use inline assembler
-* config.h is now stored in build/ instead of build/include/botan/
-* The header util.h was split into bit_ops.h, parsing.h, and util.h
-* Cleaned up some redundant include directives
-
-Version 1.4.9, 2005-11-06
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added the IBM-created AES candidate algorithm MARS
-* Added the South Korean block cipher SEED
-* Added the stream cipher Turing
-* Added the new hash function FORK-256
-* Deprecated the ISAAC stream cipher
-* Twofish and RC6 are significantly faster with GCC
-* Much better support for 64-bit PowerPC
-* Added support for high-resolution PowerPC timers
-* Fixed a bug in the configure script causing problems on FreeBSD
-* Changed ANSI X9.31 to support arbitrary block ciphers
-* Make the configure script a bit less noisy
-* Added more test vectors for some algorithms, including all the AES finalists
-* Various cosmetic source code cleanups
-
-Version 1.4.8, 2005-10-16
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Resolved a bad performance problem in the allocators; fix by Matt Johnston
-* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
-* Renamed OMAC to CMAC to match the official NIST naming
-* Added single byte versions of update() to PK_Signer and PK_Verifier
-* Removed the unused reverse_bits and reverse_bytes functions
-
-Version 1.4.7, 2005-09-25
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed major performance problems with recent versions of GNU C++
-* Added an implementation of the X9.31 PRNG
-* Removed the X9.17 and FIPS 186-2 PRNG algorithms
-* Changed defaults to use X9.31 PRNGs as global PRNG objects
-* Documentation updates to reflect the PRNG changes
-* Some cleanups related to the engine code
-* Removed two useless headers, base_eng.h and secalloc.h
-* Removed PK_Verifier::valid_signature
-* Fixed configure/build system bugs affecting MacOS X builds
-* Added support for the EKOPath x86-64 compiler
-* Added missing destructor for BlockCipherModePaddingMethod
-* Fix some build problems with Visual C++ 2005 beta
-* Fix some build problems with Visual C++ 2003 Workshop
-
-Version 1.4.6, 2005-03-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix an error in the shutdown code introduced in 1.4.5
-* Setting base/pkcs8_tries to 0 disables the builtin fail-out
-* Support for XMPP identifiers in X.509 certificates
-* Duplicate entries in X.509 DNs are removed
-* More fixes for Borland C++, from Friedemann Kleint
-* Add a workaround for buggy iostreams
-
-Version 1.4.5, 2005-02-26
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add support for AES encryption of private keys
-* Minor fixes for PBES2 parameter decoding
-* Internal cleanups for global state variables
-* GCC 3.x version detection was broken in non-English locales
-* Work around a Sun Forte bug affecting mem_pool.h
-* Several fixes for Borland C++ 5.5, from Friedemann Kleint
-* Removed inclusion of init.h into base.h
-* Fixed a major bug in reading from certificate stores
-* Cleaned up a couple of mutex leaks
-* Removed some left-over debugging code
-* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF
-
-Version 1.4.4, 2004-12-02
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Further tweaks to the pooling allocator
-* Modified EMSA3 to support SSL/TLS signatures
-* Changes to support Qt/QCA, from Justin Karneges
-* Moved mux_qt module code into mod_qt
-* Fixes for HP-UX from Mike Desjardins
-
-Version 1.4.3, 2004-11-06
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Split up SecureAllocator into Allocator and Pooling_Allocator
-* Memory locking allocators are more likely to be used
-* Fixed the placement of includes in some modules
-* Fixed broken installation procedure
-* Fixes in configure script to support alternate install programs
-* Modules can specify the minimum version they support
-
-Version 1.4.2, 2004-10-31
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a major CRL handling bug
-* Cipher and hash operations can be offloaded to engines
-* Added support for cipher and hash offload in OpenSSL engine
-* Improvements for 64-bit CPUs without a widening multiply instruction
-* Support for SHA2-* and Whirlpool with EMSA2
-* Fixed a long-standing build problem with conflicting include files
-* Fixed some examples that hadn't been updated for 1.4.x
-* Portability fixes for Solaris, BSD, HP-UX, and others
-* Lots of fixes and cleanups in the configure script
-* Updated the Gentoo ebuild file
-
-Version 1.4.1, 2004-10-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed major errors in the X.509 and PKCS #8 copy_key functions
-* Added a LAST_MESSAGE meta-message number for Pipe
-* Added new aliases (3DES and DES-EDE) for Triple-DES
-* Added some new functions to PK_Verifier
-* Cleaned up the KDF interface
-* Disabled tm_posix on BSD due to header issues
-* Fixed a build problem on PowerPC with GNU C++ pre-3.4
-
-Version 1.4.0, 2004-06-26
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added the FIPS 186 RNG back
-* Added copy_key functions for X.509 public keys and PKCS #8 private keys
-* Fixed PKCS #1 signatures with RIPEMD-128
-* Moved some code around to avoid warnings with Sun ONE compiler
-* Fixed a bug in botan-config affecting OpenBSD
-* Fixed some build problems on Tru64, HP-UX
-* Fixed compile problems with Intel C++, Compaq C++
-
-Series 1.3
-----------------------------------------
-
-Version 1.3.14, 2004-06-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added support for AEP's AEP1000/AEP2000 crypto cards
-* Added a Mutex module using Qt, from Justin Karneges
-* Added support for engine loading in LibraryInitializer
-* Tweaked SecureAllocator, giving 20% better performance under heavy load
-* Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
-* Renamed PK_Engine to Engine_Core
-* Improved the Karatsuba cutoff points
-* Fixes for compiling with GCC 3.4 and Sun C++ 5.5
-* Fixes for Linux/s390, OpenBSD, and Solaris
-* Added support for Linux/s390x
-* The configure script was totally broken for 'generic' OS
-* Removed Montgomery reduction due to bugs
-* Removed an unused header, pkcs8alg.h
-* check --validate returns an error code if any tests failed
-* Removed duplicate entry in Unix command list for es_unix
-* Moved the Cert_Usage enumeration into X509_Store
-* Added new timing methods for PK benchmarks, clock_gettime and RDTSC
-* Fixed a few minor bugs in the configure script
-* Removed some deprecated functions from x509cert.h and pkcs10.h
-* Removed the 'minimal' module, has to be updated for Engine support
-* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
-* Documentation updates
-
-Version 1.3.13, 2004-05-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Major fixes for Cygwin builds
-* Minor MacOS X install fixes
-* The configure script is a little better at picking the right modules
-* Removed ml_unix from the 'unix' module set for Cygwin compatibility
-* Fixed a stupid compile problem in pkcs10.h
-
-Version 1.3.12, 2004-05-02
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added ability to remove old entries from CRLs
-* Swapped the first two arguments of X509_CA::update_crl()
-* Added an < operator for MemoryRegion, so it can be used as a std::map key
-* Changed X.509 searching by DNS name from substring to full string compares
-* Renamed a few X509_Certificate and PKCS10_Request member functions
-* Fixed a problem when decoding some PKCS #10 requests
-* Hex_Decoder would not check inputs, reported by Vaclav Ovsik
-* Changed default CRL expire time from 30 days to 7 days
-* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
-* Corrected errors in the API doc, fixes from Ken Perano
-* More documentation about the Pipe/Filter code
-
-Version 1.3.11, 2004-04-01
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed two show-stopping bugs in PKCS10_Request
-* Added some sanity checks in Pipe/Filter
-* The DNS and URI entries would get swapped in subjectAlternativeNames
-* MAC_Filter is now willing to not take a key at creation time
-* Setting the expiration times of certs and CRLs is more flexible
-* Fixed problems building on AIX with GCC
-* Fixed some problems in the tutorial pointed out by Dominik Vogt
-* Documentation updates
-
-Version 1.3.10, 2004-03-27
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added support for OpenPGP's ASCII armor format
-* Cleaned up the RNG system; seeding is much more flexible
-* Added simple autoconfiguration abilities to configure.pl
-* Fixed a GCC 2.95.x compile problem
-* Updated the example configuration file
-* Documentation updates
-
-Version 1.3.9, 2004-03-07
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added an engine using OpenSSL (requires 0.9.7 or later)
-* X509_Certificate would lose email addresses stored in the DN
-* Fixed a missing initialization in a BigInt constructor
-* Fixed several Visual C++ compile problems
-* Fixed some BeOS build problems
-* Fixed the WiderWake benchmark
-
-Version 1.3.8, 2003-12-30
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Internal changes to PK algorithms to divide data and algorithms
-* DSA/DH/NR/ElGamal constructors accept taking just the private key again
-* ElGamal keys now support being imported/exported as ASN.1 objects
-* Much more consistent and complete error checking in PK algorithms
-* Support for arbitrary backends (engines) for PK operations
-* Added Montgomery reductions
-* Added an engine that uses GNU MP (requires 4.1 or later)
-* Removed the obsolete mp_gmp module
-* Moved several initialization/shutdown functions to init.h
-* Major refactoring of the memory containers
-* New non-locking container, MemoryVector
-* Fixed 64-bit problems in BigInt::set_bit/clear_bit
-* Renamed PK_Key::check_params() to check_key()
-* Some incompatible changes to OctetString
-* Added version checking macros in version.h
-* Removed the fips140 module pending rewrite
-* Added some functions and hooks to help GUIs
-* Moved more shared code into MDx_HashFunction
-* Added a policy hook for specifying the encoding of X.509 strings
-
-Version 1.3.7, 2003-12-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a big security problem in es_unix
-* Fixed several stability problems in es_unix
-* Expanded the list of programs es_unix will try to use
-* SecureAllocator now only preallocates blocks in special cases
-* Added a special case in Global_RNG::seed for forcing a full poll
-* Removed the FIPS 186 RNG added in 1.3.5 pending further testing
-* Configure updates for PowerPC CPUs
-* Removed the (never tested) VAX support
-* Added support for S/390 Linux
-
-Version 1.3.6, 2003-12-07
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added a new module 'minimal', which disables most algorithms
-* SecureAllocator allocates a few blocks at startup
-* A few minor MPI cleanups
-* RPM spec file cleanups and fixes
-
-Version 1.3.5, 2003-11-30
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Major improvements in ASN.1 string handling
-* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
-* Added partial support for the X.509v3 certificate policies extension
-* Centralized the handling of character set information
-* Added FIPS 140-2 startup self tests
-* Added a module (fips140) for doing extra FIPS 140-2 tests
-* Added FIPS 186-2 RNG
-* Improved ASN.1 BIT STRING handling
-* Removed a memory leak in PKCS10_Request
-* The encoding of DirectoryString now follows PKIX guidelines
-* Fixed some of the character set dependencies
-* Fixed a DER encoding error for tags greater than 30
-* The BER decoder can now handle tags larger than 30
-* Fixed tm_hard.cpp to recognize SPARC on more systems
-* Workarounds for a GCC 2.95.x bug in x509find.cpp
-* RPM changed to install into /usr instead of /usr/local
-* Added support for QNX
-
-Version 1.3.4, 2003-11-21
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added a module that does certain MPI operations using GNU MP
-* Added the X9.42 Diffie-Hellman PRF
-* The Zlib and Bzip2 objects now use custom allocators
-* Added member functions for directly hashing/MACing SecureVectors
-* Minor optimizations to the MPI addition and subtraction algorithms
-* Some cleanups in the low-level MPI code
-* Created separate AES-{128,192,256} objects
-
-Version 1.3.3, 2003-11-17
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* The library can now be repeatedly initialized and shutdown without crashing
-* Fixed an off-by-one error in the CTS code
-* Fixed an error in the EMSA4 verification code
-* Fixed a memory leak in mutex.cpp (pointed out by James Widener)
-* Fixed a memory leak in Pthread_Mutex
-* Fixed several memory leaks in the testing code
-* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
-* Minor cleanups in SecureAllocator
-* Removed a needless mutex guarding the (stateless) global timer
-* Fixed a piece of bash-specific code in botan-config
-* X.509 objects report more information about decoding errors
-* Cleaned up some of the exception handling
-* Updated the example config file with new OIDSs
-* Moved the build instructions into a separate document, building.tex
-
-Version 1.3.2, 2003-11-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a bug preventing DSA signatures from verifying on X.509 objects
-* Made the X509_Store search routines more efficient and flexible
-* Added a function to X509_PublicKey to do easy public/private key matching
-* Added support for decoding indefinite length BER data
-* Changed Pipe's peek() to take an offset
-* Removed Filter::set_owns in favor of the new incr_owns function
-* Removed BigInt::zero() and BigInt::one()
-* Renamed the PEM related options from base/pem_* to pem/*
-* Added an option to specify the line width when encoding PEM
-* Removed the "rng/safe_longterm" option; it's always on now
-* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
-* Cleaned up the base64/hex encoders and decoders
-* Added an ASN.1/BER decoder as an example
-* AES had its internals marked 'public' in previous versions
-* Changed the value of the ASN.1 NO_OBJECT enum
-* Various new hacks in the configure script
-* Removed the already nominal support for SunOS
-
-Version 1.3.1, 2003-11-04
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Generalized a few pieces of the DER encoder
-* PKCS8::load_key would fail if handed an unencrypted key
-* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop
-
-Version 1.3.0, 2003-11-02
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Major redesign of the PKCS #8 private key import/export system
-* Added a small amount of UI interface code for getting passphrases
-* Added heuristics that tell if a key, cert, etc is stored as PEM or BER
-* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
-* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
-* Made PEM decoding more forgiving of extra text before the header
-
-Series 1.2
-----------------------------------------
-
-Version 1.2.8, 2003-11-21
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Merged several important bug fixes from 1.3.x
-
-Version 1.2.7, 2003-10-31
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added support for reading configuration files
-* Added constructors so NR and RW keys can be imported easily
-* Fixed mp_asm64, which was completely broken in 1.2.6
-* Removed tm_hw_ia32 module; replaced by tm_hard
-* Added support for loading certain oddly formed RSA certificates
-* Fixed spelling of NON_REPUDIATION enum
-* Renamed the option default_to_ca to v1_assume_ca
-* Fixed a minor bug in X.509 certificate generation
-* Fixed a latent bug in the OID lookup code
-* Updated the RPM spec file
-* Added to the tutorial
-
-Version 1.2.6, 2003-07-04
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Major performance increase for PK algorithms on most 64-bit systems
-* Cleanups in the low-level MPI code to support asm implementations
-* Fixed build problems with some versions of Compaq's C++ compiler
-* Removed useless constructors for NR public and private keys
-* Removed support for the patch_file directive in module files
-* Removed several deprecated functions
-
-Version 1.2.5, 2003-06-22
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a tricky and long-standing memory leak in Pipe
-* Major cleanups and fixes in the memory allocation system
-* Removed alloc_mlock, which has been superseded by the ml_unix module
-* Removed a denial of service vulnerability in X509_Store
-* Fixed compilation problems with VS .NET 2003 and Codewarrior 8
-* Added another variant of PKCS8::load_key, taking a memory buffer
-* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
-* BigInt::operator%=(word) was a no-op if the input was a power of 2
-* Fixed portability problems in BigInt::to_u32bit
-* Fixed major bugs in SSL3-MAC
-* Cleaned up some messes in the PK algorithms
-* Cleanups and extensions for OMAC and EAX
-* Made changes to the entropy estimation function
-* Added a 'beos' module set for use on BeOS
-* Officially deprecated a few X509:: and PKCS8:: functions
-* Moved the contents of primes.h to numthry.h
-* Moved the contents of x509opt.h to x509self.h
-* Removed the (empty) desx.h header
-* Documentation updates
-
-Version 1.2.4, 2003-05-29
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a bug in EMSA1 affecting NR signature verification
-* Fixed a few latent bugs in BigInt related to word size
-* Removed an unused function, mp_add2_nc, from the MPI implementation
-* Reorganized the core MPI files
-
-Version 1.2.3, 2003-05-20
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a bug that prevented DSA/NR key generation
-* Fixed a bug that prevented importing some root CA certs
-* Fixed a bug in the BER decoder when handing optional bit or byte strings
-* Fixed the encoding of authorityKeyIdentifier in X509_CA
-* Added a sanity check in PBKDF2 for zero length passphrases
-* Added versions of X509::load_key and PKCS8::load_key that take a file name
-* X509_CA generates 128 bit serial numbers now
-* Added tests to check PK key generation
-* Added a simplistic X.509 CA example
-* Cleaned up some of the examples
-
-Version 1.2.2, 2003-05-13
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Add checks to prevent any BigInt bugs from revealing an RSA or RW key
-* Changed the interface of Global_RNG::seed
-* Major improvements for the es_unix module
-* Added another Win32 entropy source, es_win32
-* The Win32 CryptoAPI entropy source can now poll multiple providers
-* Improved the BeOS entropy source
-* Renamed pipe_unixfd module to fd_unix
-* Fixed a file descriptor leak in the EGD module
-* Fixed a few locking bugs
-
-Version 1.2.1, 2003-05-06
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added ANSI X9.23 compatible CBC padding
-* Added an entropy source using Win32 CryptoAPI
-* Removed the Pipe I/O operators taking a FILE*
-* Moved the BigInt encoding/decoding functions into the BigInt class
-* Integrated several fixes for VC++ 7 (from Hany Greiss)
-* Fixed the configure.pl script for Windows builds
-
-Version 1.2.0, 2003-04-28
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Tweaked the Karatsuba cut-off points
-* Increased the allowed keylength of HMAC and Blowfish
-* Removed the 'mpi_ia32' module, pending rewrite
-* Workaround a GCC 2.95.x bug in eme1.cpp
-
-Series 1.1
-----------------------------------------
-
-Version 1.1.13, 2003-04-22
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added OMAC
-* Added EAX authenticated cipher mode
-* Diffie-Hellman would not do blinding in some cases
-* Optimized the OFB and CTR modes
-* Corrected Skipjack's word ordering, as per NIST clarification
-* Support for all subject/issuer attribute types required by RFC 3280
-* The removeFromCRL CRL reason code is now handled correctly
-* Increased the flexibility of the allocators
-* Renamed Rijndael to AES, created aes.h, deleted rijndael.h
-* Removed support for the 'no_timer' LibraryInitializer option
-* Removed 'es_pthr' module, pending further testing
-* Cleaned up get_ciph.cpp
-
-Version 1.1.12, 2003-04-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a ASN.1 string encoding bug
-* Fixed a pair of X509_DN encoding problems
-* Base64_Decoder and Hex_Decoder can now validate input
-* Removed support for the LibraryInitializer option 'egd_path'
-* Added tests for DSA X.509 and PKCS #8 key formats
-* Removed a long deprecated feature of DH_PrivateKey's constructor
-* Updated the RPM .spec file
-* Major documentation updates
-
-Version 1.1.11, 2003-04-07
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added PKCS #10 certificate requests
-* Changed X509_Store searching interface to be more flexible
-* Added a generic Certificate_Store interface
-* Added a function for generating self-signed X.509 certs
-* Cleanups and changes to X509_CA
-* New examples for PKCS #10 and self-signed certificates
-* Some documentation updates
-
-Version 1.1.10, 2003-04-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* X509_CA can now generate new X.509 CRLs
-* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
-* More certificate and CRL extensions/attributes are supported
-* Better DN handling in X.509 certificates/CRLs
-* Added a DataSink hierarchy (suggested by Jim Darby)
-* Consolidated SecureAllocator and ManagedAllocator
-* Many cleanups and generalizations
-* Added a (slow) pthreads based EntropySource
-* Fixed some threading bugs
-
-Version 1.1.9, 2003-02-25
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added support for using X.509v2 CRLs
-* Fixed several bugs in the path validation algorithm
-* Certificates can be verified for a particular usage
-* Algorithm for comparing distinguished names now follows X.509
-* Cleaned up the code for the es_beos, es_ftw, es_unix modules
-* Documentation updates
-
-Version 1.1.8, 2003-01-29
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixes for the certificate path validation algorithm in X509_Store
-* Fixed a bug affecting X509_Certificate::is_ca_cert()
-* Added a general configuration interface for policy issues
-* Cleanups and API changes in the X.509 CA, cert, and store code
-* Made various options available for X509_CA users
-* Changed X509_Time's interface to work around time_t problems
-* Fixed a theoretical weakness in Randpool's entropy mixing function
-* Fixed problems compiling with GCC 2.95.3 and GCC 2.96
-* Fixed a configure bug (reported by Jon Wilson) affecting MinGW
-
-Version 1.1.7, 2003-01-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed an obscure but dangerous bug in SecureVector::swap
-* Consolidated SHA-384 and SHA-512 to save code space
-* Added SSL3-MAC and SSL3-PRF
-* Documentation updates, including a new tutorial
-
-Version 1.1.6, 2002-12-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Initial support for X.509v3 certificates and CAs
-* Major redesign/rewrite of the ASN.1 encoding/decoding code
-* Added handling for DSA/NR signatures encoded as DER SEQUENCEs
-* Documented the generic cipher lookup interface
-* Added an (untested) entropy source for BeOS
-* Various cleanups and bug fixes
-
-Version 1.1.5, 2002-11-17
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added the discrete logarithm integrated encryption system (DLIES)
-* Various optimizations for BigInt
-* Added support for assembler optimizations in modules
-* Added BigInt x86 optimizations module (mpi_ia32)
-
-Version 1.1.4, 2002-11-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Speedup of 15-30% for PK algorithms
-* Implemented the PBES2 encryption scheme
-* Fixed a potential bug in decoding RSA and RW private keys
-* Changed the DL_Group class interface to handle different formats better
-* Added support for PKCS #3 encoded DH parameters
-* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
-* Added key pair consistency checking
-* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
-* A botan-config script is generated at configure time
-* Documentation updates
-
-Version 1.1.3, 2002-11-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added a generic public/private key loading interface
-* Fixed a small encoding bug in RSA, RW, and DH
-* Changed the PK encryption/decryption interface classes
-* ECB supports using padding methods
-* Added a function-based interface for library initialization
-* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
-* The cipher mode benchmarks now use 128-bit AES instead of DES
-* Removed some obsolete typedefs
-* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
-* Added tests for PKCS #8 encoding/decoding
-* Added more tests for ECB and CBC
-
-Version 1.1.2, 2002-10-21
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Support for PKCS #8 encoded RSA, DSA, and DH private keys
-* Support for Diffie-Hellman X.509 public keys
-* Major reorganization of how X.509 keys are handled
-* Added PKCS #5 v2.0's PBES1 encryption scheme
-* Added a generic cipher lookup interface
-* Added the WiderWake4+1 stream cipher
-* Added support for sync-able stream ciphers
-* Added a 'paranoia level' option for the LibraryInitializer
-* More security for RNG output meant for long term keys
-* Added documentation for some of the new 1.1.x features
-* CFB's feedback argument is now specified in bits
-* Renamed CTR class to CTR_BE
-* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats
-
-Version 1.1.1, 2002-10-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added the Korean hash function HAS-160
-* Partial support for RSA and DSA X.509 public keys
-* Added a mostly functional BER encoder/decoder
-* Added support for non-deterministic MAC functions
-* Initial support for PEM encoding/decoding
-* Internal cleanups in the PK algorithms
-* Several new convenience functions in Pipe
-* Fixed two nasty bugs in Pipe
-* Messed with the entropy sources for es_unix
-* Discrete logarithm groups are checked for safety more closely now
-* For compatibility with GnuPG, ElGamal now supports DSA-style groups
-
-Version 1.1.0, 2002-09-14
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added entropy estimation to the RNGs
-* Improved the overall design of both Randpool and ANSI_X917_RNG
-* Added a separate RNG for nonce generation
-* Added window exponentiation support in power_mod
-* Added a get_s2k function and the PKCS #5 S2K algorithms
-* Added the TLSv1 PRF
-* Replaced BlockCipherModeIV typedef with InitializationVector class
-* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
-* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
-* Added support for RIPEMD-160 PKCS#1 v1.5 signatures
-* Changed the key agreement scheme interface
-* Changed the S2K and KDF interfaces
-* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
-* Added support for variable-pass Tiger
-* Major speedup for Rabin-Williams key generation
-
-Series 1.0
-----------------------------------------
-
-Version 1.0.2, 2003-01-12
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed an obscure SEGFAULT causing bug in Pipe
-* Fixed an obscure but dangerous bug in SecureVector::swap
-
-Version 1.0.1, 2002-09-14
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed a minor bug in Randpool::random()
-* Added some new aliases and typedefs for 1.1.x compatibility
-* The 4096-bit RSA benchmark key was decimal instead of hex
-* EMAC was returning an incorrect name
-
-Version 1.0.0, 2002-08-26
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Octal I/O of BigInt is now supported
-* Fixed portability problems in the es_egd module
-* Generalized IV handling in the block cipher modes
-* Added Karatsuba multiplication and k-ary exponentiation
-* Fixed a problem in the multiplication routines
-
-Series 0.9
-----------------------------------------
-
-Version 0.9.2, 2002-08-18
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* DH_PrivateKey::public_value() was returning the wrong value
-* Various BigInt optimizations
-* The filters.h header now includes hex.h and base64.h
-* Moved Counter mode to ctr.h
-* Fixed a couple minor problems with VC++ 7
-* Fixed problems with the RPM spec file
-
-Version 0.9.1, 2002-08-10
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Grand rename from OpenCL to Botan
-* Major optimizations for the PK algorithms
-* Added ElGamal encryption
-* Added Whirlpool
-* Tweaked memory allocation parameters
-* Improved the method of seeding the global RNG
-* Moved pkcs1.h to eme_pkcs.h
-* Added more test vectors for some algorithms
-* Fixed error reporting in the BigInt tests
-* Removed Default_Timer, it was pointless
-* Added some new example applications
-* Removed some old examples that weren't that interesting
-* Documented the compression modules
-
-Version 0.9.0, 2002-08-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* EMSA4 supports variable salt size
-* PK_* can take a string naming the encoding method to use
-* Started writing some internals documentation
-
-Series 0.8
-----------------------------------------
-
-Version 0.8.7, 2002-07-30
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed bugs in EME1 and EMSA4
-* Fixed a potential crash at shutdown
-* Cipher modes returned an ill-formed name
-* Removed various deprecated types and headers
-* Cleaned up the Pipe interface a bit
-* Minor additions to the documentation
-* First stab at a Visual C++ makefile (doc/Makefile.vc7)
-
-Version 0.8.6, 2002-07-25
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added EMSA4 (aka PSS)
-* Brought the manual up to date; many corrections and additions
-* Added a parallel hash function construction
-* Lookup supports all available algorithms now
-* Lazy initialization of the lookup tables
-* Made more discrete logarithm groups available through get_dl_group()
-* StreamCipher_Filter supports seeking (if the underlying cipher does)
-* Minor optimization for GCD calculations
-* Renamed SAFER_SK128 to SAFER_SK
-* Removed many previously deprecated functions
-* Some now-obsolete functions, headers, and types have been deprecated
-* Fixed some bugs in DSA prime generation
-* DL_Group had a constructor for DSA-style prime gen but it wasn't defined
-* Reversed the ordering of the two arguments to SEAL's constructor
-* Fixed a threading problem in the PK algorithms
-* Fixed a minor memory leak in lookup.cpp
-* Fixed pk_types.h (it was broken in 0.8.5)
-* Made validation tests more verbose
-* Updated the check and example applications
-
-Version 0.8.5, 2002-07-21
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
-* Added a DL_Group class
-* Reworking of the pubkey internals
-* Support in lookup for aliases and PK algorithms
-* Renamed CAST5 to CAST_128 and CAST256 to CAST_256
-* Added EMSA1
-* Reorganization of header files
-* LibraryInitializer will install new allocator types if requested
-* Fixed a bug in Diffie-Hellman key generation
-* Did a workaround in pipe.cpp for GCC 2.95.x on Linux
-* Removed some debugging code from init.cpp that made FTW ES useless
-* Better checking for invalid arguments in the PK algorithms
-* Reduced Base64 and Hex default line length (if line breaking is used)
-* Fixes for HP's aCC compiler
-* Cleanups in BigInt
-
-Version 0.8.4, 2002-07-14
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added Nyberg-Rueppel signatures
-* Added Diffie-Hellman key exchange (kex interface is subject to change)
-* Added KDF2
-* Enhancements to the lookup API
-* Many things formerly taking pointers to algorithms now take names
-* Speedups for prime generation
-* LibraryInitializer has support for seeding the global RNG
-* Reduced SAFER-SK128 memory consumption
-* Reversed the ordering of public and private key values in DSA constructor
-* Fixed serious bugs in MemoryMapping_Allocator
-* Fixed memory leak in Lion
-* FTW_EntropySource was not closing the files it read
-* Fixed line breaking problem in Hex_Encoder
-
-Version 0.8.3, 2002-06-09
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added DSA and Rabin-Williams signature schemes
-* Added EMSA3
-* Added PKCS#1 v1.5 encryption padding
-* Added Filters for PK algorithms
-* Added a Keyed_Filter class
-* LibraryInitializer processes arguments now
-* Major revamp of the PK interface classes
-* Changed almost all of the Filters for non-template operation
-* Changed HMAC, Lion, Luby-Rackoff to non-template classes
-* Some fairly minor BigInt optimizations
-* Added simple benchmarking for PK algorithms
-* Added hooks for fixed base and fixed exponent modular exponentiation
-* Added some examples for using RSA
-* Numerous bugfixes and cleanups
-* Documentation updates
-
-Version 0.8.2, 2002-05-18
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added an (experimental) algorithm lookup interface
-* Added code for directly testing BigInt
-* Added SHA2-384
-* Optimized SHA2-512
-* Major optimization for Adler32 (thanks to Dan Nicolaescu)
-* Various minor optimizations in BigInt and related areas
-* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
-* Fixed a bug in BufferingFilter
-* Made a few fixes for MacOS X
-* Added a workaround in configure.pl for GCC 2.95.x
-* Better support for PowerPC, ARM, and Alpha
-* Some more cleanups
-
-Version 0.8.1, 2002-05-06
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Major code cleanup (check doc/deprecated.txt)
-* Various bugs fixed, including several portability problems
-* Renamed MessageAuthCode to MessageAuthenticationCode
-* A replacement for X917 is in x917_rng.h
-* Changed EMAC to non-template class
-* Added ANSI X9.19 compatible CBC-MAC
-* TripleDES now supports 128 bit keys
-
-Version 0.8.0, 2002-04-24
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Merged BigInt: many bugfixes and optimizations since alpha2
-* Added RSA (rsa.h)
-* Added EMSA2 (emsa2.h)
-* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
-* Changed some interfaces, including SymmetricKey, to support the global rng
-* Fixed a serious bug in ManagedAllocator
-* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
-* Removed some deprecated stuff
-* Added a global random number generator (rng.h)
-* Added clone functions to most of the basic algorithms
-* Added a library initializer class (init.h)
-* Version macros in version.h
-* Moved the base classes from opencl.h to base.h
-* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
-* Documentation updates for the new stuff (still incomplete)
-* Many new deprecated things: check doc/deprecated.txt
-
-Series 0.7
-----------------------------------------
-
-Version 0.7.10, 2002-04-07
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Added EGD_EntropySource module (es_egd)
-* Added a file tree walking EntropySource (es_ftw)
-* Added MemoryLocking_Allocator module (alloc_mlock)
-* Renamed the pthr_mux, unix_rnd, and mmap_mem modules
-* Changed timer mechanism; the clock method can be switched on the fly.
-* Renamed MmapDisk_Allocator to MemoryMapping_Allocator
-* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
-* Fixed several bugs in MemoryMapping_Allocator
-* Added more default sources for Unix_EntropySource
-* Changed SecureBuffer to use same allocation methods as SecureVector
-* Added bigint_divcore into mp_core to support BigInt alpha2 release
-* Removed some Pipe functions deprecated since 0.7.8
-* Some fixes for the configure program
-
-Version 0.7.9, 2002-03-19
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Memory allocation substantially revamped
-* Added memory allocation method based on mmap(2) in the mmap_mem module
-* Added ECB and CTS block cipher modes (ecb.h, cts.h)
-* Added a Mutex interface (mutex.h)
-* Added module pthr_mux, implementing the Mutex interface
-* Added Threaded Filter interface (thr_filt.h)
-* All algorithms can now by keyed with SymmetricKey objects
-* More testing occurs with --validate (expected failures)
-* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
-* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
-* Made X917 safer (and about 1/3 as fast)
-* Documentation updates
-
-Version 0.7.8, 2002-02-28
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
- better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION
-* Added a BufferingFilter class
-* Added popen() based EntropySource for generic Unix systems (unix_rnd)
-* Moved 'devrand' module into main distribution (ent_file.h), renamed to
- File_EntropySource, and changed interface somewhat.
-* Made Randpool somewhat more conservative and also 25% faster
-* Minor fixes and updates for the configure script
-* Added some tweaks for memory allocation
-* Documentation updates for the new Pipe interface
-* Fixed various minor bugs
-* Added a couple of new example programs (stack and hasher2)
-
-Version 0.7.7, 2001-11-24
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Filter::send now works in the constructor of a Filter subclass
-* You may now have to include <opencl/pipe.h> explicitly in some code
-* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
-* Enhancements to SecureVector (append, destroy functions)
-* New infrastructure for secure memory allocation
-* Added IEEE P1363 primitives MGF1, EME1, KDF1
-* Rijndael optimizations and cleanups
-* Changed CipherMode<B> to BlockCipherMode(B*)
-* Fixed a nasty bug in pipe_unixfd
-* Added portions of the BigInt code into the main library
-* Support for VAX, SH, POWER, PowerPC-64, Intel C++
-
-Version 0.7.6, 2001-10-14
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fixed several serious bugs in SecureVector created in 0.7.5
-* Square optimizations
-* Fixed shared objects on MacOS X and HP-UX
-* Fixed static libs for KCC 4.0; works with KCC 3.4g as well
-* Full support for Athlon and K6 processors using GCC
-* Added a table of prime numbers < 2**16 (primes.h)
-* Some minor documentation updates
-
-Version 0.7.5, 2001-08-19
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Split checksum.h into adler32.h, crc24.h, and crc32.h
-* Split modes.h into cbc.h, cfb.h, and ofb.h
-* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
-* Added OneAndZeros and NoPadding methods for CBC
-* Added Lion, a very fast block cipher construction
-* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
-* Basic types (ciphers, hashes, etc) know their names now (call name())
-* Changed the EntropySource type somewhat
-* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
-* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
-* Some semantics of SecureVector have changed slightly
-* The mlock module has been removed for the time being
-* Added string handling functions for hashes and MACs
-* Various non-user-visible cleanups
-* Shared library soname is now set to the full version number
-
-Version 0.7.4, 2001-07-15
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
-* Fixed a vast number of errors in the config script/makefile/specfile
-* Pipe now has a stdio(3) interface as well as C++ iostreams
-* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
-* Bzip2 supports decompressing multiple concatenated streams, and flushing
-* Added a simple 'overall average' score to the benchmarks
-* Fixed a small bug in the POSIX timer module
-* Removed a very-unlikely-to-occur bug in most of the hash functions
-* filtbase.h now includes <iosfwd>, not <iostream>
-* Minor documentation updates
-
-Version 0.7.3, 2001-06-08
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Fix build problems on Solaris/SPARC
-* Fix build problems with Perl versions < 5.6
-* Fixed some stupid code that broke on a few compilers
-* Added string handling functions to Pipe
-* MISTY1 optimizations
-
-Version 0.7.2, 2001-06-03
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Build system supports modules
-* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
-* Added Bzip2 compression filter, contributed by Peter Jones
-* GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
-* Fixed minor bug in several of the hash functions
-* Various other minor fixes and changes
-* Updates to the documentation
-
-Version 0.7.1, 2001-05-16
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* Rewrote configure script: more consistent and complete
-* Made it easier to find out parameters of types at run time (opencl.h)
-* New functions for finding the version being used (version.h)
-* New SymmetricKey interface for Filters (symkey.h)
-* InvalidKeyLength now records what the invalid key length was
-* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
-* Changed GOST to use correct S-box ordering (incompatible change)
-* Benchmark code was almost totally rewritten
-* Many more entries in the test vector file
-* Fixed minor and idiotic bug in check.cpp
-
-Version 0.7.0, 2001-03-01
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* First public release
-
diff --git a/doc/lowlevel.txt b/doc/lowlevel.txt
index 852d7eb43..cd343063a 100644
--- a/doc/lowlevel.txt
+++ b/doc/lowlevel.txt
@@ -198,7 +198,7 @@ Updates the hash/mac calculation with *input*.
.. cpp:function:: void BufferedComputation::final(byte* out)
-.. cpp:function:: SecureVector<byte> BufferedComputation::final()
+.. cpp:function:: secure_vector<byte> BufferedComputation::final()
Complete the hash/MAC calculation and place the result into ``out``.
For the argument taking an array, exactly ``output_length`` bytes will
diff --git a/doc/pbkdf.txt b/doc/pbkdf.txt
index f24dcd188..14434f63e 100644
--- a/doc/pbkdf.txt
+++ b/doc/pbkdf.txt
@@ -46,7 +46,7 @@ iterations and a 16 byte salt is recommend for new applications.
PBKDF* pbkdf = get_pbkdf("PBKDF2(SHA-256)");
AutoSeeded_RNG rng;
- SecureVector<byte> salt = rng.random_vec(16);
+ secure_vector<byte> salt = rng.random_vec(16);
OctetString aes256_key = pbkdf->derive_key(32, "password",
&salt[0], salt.size(),
10000);
diff --git a/doc/pubkey.txt b/doc/pubkey.txt
index 6ff016038..6e6bc6ed8 100644
--- a/doc/pubkey.txt
+++ b/doc/pubkey.txt
@@ -112,7 +112,7 @@ The standard format for serializing a private key is PKCS #8, the operations
for which are defined in ``pkcs8.h``. It supports both unencrypted and
encrypted storage.
-.. cpp:function:: SecureVector<byte> PKCS8::BER_encode(const Private_Key& key, \
+.. cpp:function:: secure_vector<byte> PKCS8::BER_encode(const Private_Key& key, \
RandomNumberGenerator& rng, const std::string& password, const std::string& pbe_algo = "")
Takes any private key object, serializes it, encrypts it using
@@ -143,7 +143,7 @@ Unencrypted serialization is also supported.
security requirements, always use the versions that encrypt the key based on
a passphrase, described above.
-.. cpp:function:: SecureVector<byte> PKCS8::BER_encode(const Private_Key& key)
+.. cpp:function:: secure_vector<byte> PKCS8::BER_encode(const Private_Key& key)
Serializes the private key and returns the result.
@@ -223,13 +223,13 @@ Serializing Public Keys
To import and export public keys, use:
-.. cpp:function:: MemoryVector<byte> X509::BER_encode(const Public_Key& key)
+.. cpp:function:: std::vector<byte> X509::BER_encode(const Public_Key& key)
.. cpp:function:: std::string X509::PEM_encode(const Public_Key& key)
.. cpp:function:: Public_Key* X509::load_key(DataSource& in)
-.. cpp:function:: Public_Key* X509::load_key(const SecureVector<byte>& buffer)
+.. cpp:function:: Public_Key* X509::load_key(const secure_vector<byte>& buffer)
.. cpp:function:: Public_Key* X509::load_key(const std::string& filename)
@@ -283,7 +283,7 @@ You can generate a new random group using
You can serialize a ``DL_Group`` using
-.. cpp:function:: SecureVector<byte> DL_Group::DER_Encode(Format format)
+.. cpp:function:: secure_vector<byte> DL_Group::DER_Encode(Format format)
or
@@ -344,11 +344,11 @@ The primary interface for encryption is
.. cpp:class:: PK_Encryptor
- .. cpp:function:: SecureVector<byte> encrypt( \
+ .. cpp:function:: secure_vector<byte> encrypt( \
const byte* in, size_t length, RandomNumberGenerator& rng) const
- .. cpp:function:: SecureVector<byte> encrypt( \
- const MemoryRegion<byte>& in, RandomNumberGenerator& rng) const
+ .. cpp:function:: secure_vector<byte> encrypt( \
+ const std::vector<byte>& in, RandomNumberGenerator& rng) const
These encrypt a message, returning the ciphertext.
@@ -428,22 +428,22 @@ Signature generation is performed using
SEQUENCE value.
.. cpp:function:: void update(const byte* in, size_t length)
- .. cpp:function:: void update(const MemoryRegion<byte>& in)
+ .. cpp:function:: void update(const std::vector<byte>& in)
.. cpp:function:: void update(byte in)
These add more data to be included in the signature
computation. Typically, the input will be provided directly to a
hash function.
- .. cpp:function:: SecureVector<byte> signature(RandomNumberGenerator& rng)
+ .. cpp:function:: secure_vector<byte> signature(RandomNumberGenerator& rng)
Creates the signature and returns it
- .. cpp:function:: SecureVector<byte> sign_message( \
+ .. cpp:function:: secure_vector<byte> sign_message( \
const byte* in, size_t length, RandomNumberGenerator& rng)
- .. cpp:function:: SecureVector<byte> sign_message( \
- const MemoryRegion<byte>& in, RandomNumberGenerator& rng)
+ .. cpp:function:: secure_vector<byte> sign_message( \
+ const std::vector<byte>& in, RandomNumberGenerator& rng)
These functions are equivalent to calling
:cpp:func:`PK_Signer::update` and then
@@ -462,14 +462,14 @@ Signatures are verified using
that used by the signer.
.. cpp:function:: void update(const byte* in, size_t length)
- .. cpp:function:: void update(const MemoryRegion<byte>& in)
+ .. cpp:function:: void update(const std::vector<byte>& in)
.. cpp:function:: void update(byte in)
Add further message data that is purportedly assocated with the
signature that will be checked.
.. cpp:function:: bool check_signature(const byte* sig, size_t length)
- .. cpp:function:: bool check_signature(const MemoryRegion<byte>& sig)
+ .. cpp:function:: bool check_signature(const std::vector<byte>& sig)
Check to see if *sig* is a valid signature for the message data
that was written in. Return true if so. This function clears the
@@ -480,8 +480,8 @@ Signatures are verified using
.. cpp:function:: bool verify_message(const byte* msg, size_t msg_length, \
const byte* sig, size_t sig_length)
- .. cpp:function:: bool verify_message(const MemoryRegion<byte>& msg, \
- const MemoryRegion<byte>& sig)
+ .. cpp:function:: bool verify_message(const std::vector<byte>& msg, \
+ const std::vector<byte>& sig)
These are equivalent to calling :cpp:func:`PK_Verifier::update`
on *msg* and then calling :cpp:func:`PK_Verifier::check_signature`
@@ -514,7 +514,7 @@ other party, and then each of you runs a computation with the other's
value and your key (this should return the same result to both
parties). This computation can be called by using
``derive_key`` with either a byte array/length pair, or a
-``SecureVector<byte>`` than holds the public value of the other
+``secure_vector<byte>`` than holds the public value of the other
party. The last argument to either call is a number that specifies how
long a key you want.
@@ -529,7 +529,7 @@ symmetric algorithm.
The public value that should be used can be obtained by calling
``public_data``, which exists for any key that is associated with a
-key agreement algorithm. It returns a ``SecureVector<byte>``.
+key agreement algorithm. It returns a ``secure_vector<byte>``.
"KDF2(SHA-256)" is by far the preferred algorithm for key derivation
in new applications. The X9.42 algorithm may be useful in some
diff --git a/doc/reading.txt b/doc/reading.txt
index a0e547296..3b3545e28 100644
--- a/doc/reading.txt
+++ b/doc/reading.txt
@@ -13,11 +13,11 @@ system.
Especially recommended are:
- *Cryptography Engineering*
- Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno
+ by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno
- *Security Engineering -- A Guide to Building Dependable Distributed Systems*
- Ross Anderson
+ by Ross Anderson
- *Handbook of Applied Cryptography*
- Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone
+ by Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone
(`available online <http://www.cacr.math.uwaterloo.ca/hac/>`_)
diff --git a/doc/relnotes/0_7_0.txt b/doc/relnotes/0_7_0.txt
new file mode 100644
index 000000000..5339b7b10
--- /dev/null
+++ b/doc/relnotes/0_7_0.txt
@@ -0,0 +1,5 @@
+Version 0.7.0, 2001-03-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* First public release
+
diff --git a/doc/relnotes/0_7_1.txt b/doc/relnotes/0_7_1.txt
new file mode 100644
index 000000000..cc57ef0ee
--- /dev/null
+++ b/doc/relnotes/0_7_1.txt
@@ -0,0 +1,14 @@
+Version 0.7.1, 2001-05-16
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Rewrote configure script: more consistent and complete
+* Made it easier to find out parameters of types at run time (opencl.h)
+* New functions for finding the version being used (version.h)
+* New SymmetricKey interface for Filters (symkey.h)
+* InvalidKeyLength now records what the invalid key length was
+* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
+* Changed GOST to use correct S-box ordering (incompatible change)
+* Benchmark code was almost totally rewritten
+* Many more entries in the test vector file
+* Fixed minor and idiotic bug in check.cpp
+
diff --git a/doc/relnotes/0_7_10.txt b/doc/relnotes/0_7_10.txt
new file mode 100644
index 000000000..df08df532
--- /dev/null
+++ b/doc/relnotes/0_7_10.txt
@@ -0,0 +1,17 @@
+Version 0.7.10, 2002-04-07
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added EGD_EntropySource module (es_egd)
+* Added a file tree walking EntropySource (es_ftw)
+* Added MemoryLocking_Allocator module (alloc_mlock)
+* Renamed the pthr_mux, unix_rnd, and mmap_mem modules
+* Changed timer mechanism; the clock method can be switched on the fly.
+* Renamed MmapDisk_Allocator to MemoryMapping_Allocator
+* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
+* Fixed several bugs in MemoryMapping_Allocator
+* Added more default sources for Unix_EntropySource
+* Changed SecureBuffer to use same allocation methods as SecureVector
+* Added bigint_divcore into mp_core to support BigInt alpha2 release
+* Removed some Pipe functions deprecated since 0.7.8
+* Some fixes for the configure program
+
diff --git a/doc/relnotes/0_7_2.txt b/doc/relnotes/0_7_2.txt
new file mode 100644
index 000000000..a9b6ae452
--- /dev/null
+++ b/doc/relnotes/0_7_2.txt
@@ -0,0 +1,11 @@
+Version 0.7.2, 2001-06-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Build system supports modules
+* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
+* Added Bzip2 compression filter, contributed by Peter Jones
+* GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
+* Fixed minor bug in several of the hash functions
+* Various other minor fixes and changes
+* Updates to the documentation
+
diff --git a/doc/relnotes/0_7_3.txt b/doc/relnotes/0_7_3.txt
new file mode 100644
index 000000000..57b7a630a
--- /dev/null
+++ b/doc/relnotes/0_7_3.txt
@@ -0,0 +1,9 @@
+Version 0.7.3, 2001-06-08
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix build problems on Solaris/SPARC
+* Fix build problems with Perl versions < 5.6
+* Fixed some stupid code that broke on a few compilers
+* Added string handling functions to Pipe
+* MISTY1 optimizations
+
diff --git a/doc/relnotes/0_7_4.txt b/doc/relnotes/0_7_4.txt
new file mode 100644
index 000000000..523a6bccc
--- /dev/null
+++ b/doc/relnotes/0_7_4.txt
@@ -0,0 +1,14 @@
+Version 0.7.4, 2001-07-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
+* Fixed a vast number of errors in the config script/makefile/specfile
+* Pipe now has a stdio(3) interface as well as C++ iostreams
+* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
+* Bzip2 supports decompressing multiple concatenated streams, and flushing
+* Added a simple 'overall average' score to the benchmarks
+* Fixed a small bug in the POSIX timer module
+* Removed a very-unlikely-to-occur bug in most of the hash functions
+* filtbase.h now includes <iosfwd>, not <iostream>
+* Minor documentation updates
+
diff --git a/doc/relnotes/0_7_5.txt b/doc/relnotes/0_7_5.txt
new file mode 100644
index 000000000..cb729d182
--- /dev/null
+++ b/doc/relnotes/0_7_5.txt
@@ -0,0 +1,19 @@
+Version 0.7.5, 2001-08-19
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Split checksum.h into adler32.h, crc24.h, and crc32.h
+* Split modes.h into cbc.h, cfb.h, and ofb.h
+* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
+* Added OneAndZeros and NoPadding methods for CBC
+* Added Lion, a very fast block cipher construction
+* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
+* Basic types (ciphers, hashes, etc) know their names now (call name())
+* Changed the EntropySource type somewhat
+* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
+* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
+* Some semantics of SecureVector have changed slightly
+* The mlock module has been removed for the time being
+* Added string handling functions for hashes and MACs
+* Various non-user-visible cleanups
+* Shared library soname is now set to the full version number
+
diff --git a/doc/relnotes/0_7_6.txt b/doc/relnotes/0_7_6.txt
new file mode 100644
index 000000000..13294e7a5
--- /dev/null
+++ b/doc/relnotes/0_7_6.txt
@@ -0,0 +1,11 @@
+Version 0.7.6, 2001-10-14
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed several serious bugs in SecureVector created in 0.7.5
+* Square optimizations
+* Fixed shared objects on MacOS X and HP-UX
+* Fixed static libs for KCC 4.0; works with KCC 3.4g as well
+* Full support for Athlon and K6 processors using GCC
+* Added a table of prime numbers < 2**16 (primes.h)
+* Some minor documentation updates
+
diff --git a/doc/relnotes/0_7_7.txt b/doc/relnotes/0_7_7.txt
new file mode 100644
index 000000000..83dfd2d2f
--- /dev/null
+++ b/doc/relnotes/0_7_7.txt
@@ -0,0 +1,15 @@
+Version 0.7.7, 2001-11-24
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Filter::send now works in the constructor of a Filter subclass
+* You may now have to include <opencl/pipe.h> explicitly in some code
+* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
+* Enhancements to SecureVector (append, destroy functions)
+* New infrastructure for secure memory allocation
+* Added IEEE P1363 primitives MGF1, EME1, KDF1
+* Rijndael optimizations and cleanups
+* Changed CipherMode<B> to BlockCipherMode(B*)
+* Fixed a nasty bug in pipe_unixfd
+* Added portions of the BigInt code into the main library
+* Support for VAX, SH, POWER, PowerPC-64, Intel C++
+
diff --git a/doc/relnotes/0_7_8.txt b/doc/relnotes/0_7_8.txt
new file mode 100644
index 000000000..92b9291b1
--- /dev/null
+++ b/doc/relnotes/0_7_8.txt
@@ -0,0 +1,16 @@
+Version 0.7.8, 2002-02-28
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
+ better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION
+* Added a BufferingFilter class
+* Added popen() based EntropySource for generic Unix systems (unix_rnd)
+* Moved 'devrand' module into main distribution (ent_file.h), renamed to
+ File_EntropySource, and changed interface somewhat.
+* Made Randpool somewhat more conservative and also 25% faster
+* Minor fixes and updates for the configure script
+* Added some tweaks for memory allocation
+* Documentation updates for the new Pipe interface
+* Fixed various minor bugs
+* Added a couple of new example programs (stack and hasher2)
+
diff --git a/doc/relnotes/0_7_9.txt b/doc/relnotes/0_7_9.txt
new file mode 100644
index 000000000..cb48eef3e
--- /dev/null
+++ b/doc/relnotes/0_7_9.txt
@@ -0,0 +1,16 @@
+Version 0.7.9, 2002-03-19
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Memory allocation substantially revamped
+* Added memory allocation method based on mmap(2) in the mmap_mem module
+* Added ECB and CTS block cipher modes (ecb.h, cts.h)
+* Added a Mutex interface (mutex.h)
+* Added module pthr_mux, implementing the Mutex interface
+* Added Threaded Filter interface (thr_filt.h)
+* All algorithms can now by keyed with SymmetricKey objects
+* More testing occurs with --validate (expected failures)
+* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
+* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
+* Made X917 safer (and about 1/3 as fast)
+* Documentation updates
+
diff --git a/doc/relnotes/0_8_0.txt b/doc/relnotes/0_8_0.txt
new file mode 100644
index 000000000..62c3a0384
--- /dev/null
+++ b/doc/relnotes/0_8_0.txt
@@ -0,0 +1,21 @@
+Version 0.8.0, 2002-04-24
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Merged BigInt: many bugfixes and optimizations since alpha2
+* Added RSA (rsa.h)
+* Added EMSA2 (emsa2.h)
+* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
+* Changed some interfaces, including SymmetricKey, to support the global rng
+* Fixed a serious bug in ManagedAllocator
+* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
+* Removed some deprecated stuff
+* Added a global random number generator (rng.h)
+* Added clone functions to most of the basic algorithms
+* Added a library initializer class (init.h)
+* Version macros in version.h
+* Moved the base classes from opencl.h to base.h
+* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
+* Documentation updates for the new stuff (still incomplete)
+* Many new deprecated things: check doc/deprecated.txt
+
+
diff --git a/doc/relnotes/0_8_1.txt b/doc/relnotes/0_8_1.txt
new file mode 100644
index 000000000..98175994e
--- /dev/null
+++ b/doc/relnotes/0_8_1.txt
@@ -0,0 +1,11 @@
+Version 0.8.1, 2002-05-06
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Major code cleanup (check doc/deprecated.txt)
+* Various bugs fixed, including several portability problems
+* Renamed MessageAuthCode to MessageAuthenticationCode
+* A replacement for X917 is in x917_rng.h
+* Changed EMAC to non-template class
+* Added ANSI X9.19 compatible CBC-MAC
+* TripleDES now supports 128 bit keys
+
diff --git a/doc/relnotes/0_8_2.txt b/doc/relnotes/0_8_2.txt
new file mode 100644
index 000000000..1f4c540e8
--- /dev/null
+++ b/doc/relnotes/0_8_2.txt
@@ -0,0 +1,16 @@
+Version 0.8.2, 2002-05-18
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added an (experimental) algorithm lookup interface
+* Added code for directly testing BigInt
+* Added SHA2-384
+* Optimized SHA2-512
+* Major optimization for Adler32 (thanks to Dan Nicolaescu)
+* Various minor optimizations in BigInt and related areas
+* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
+* Fixed a bug in BufferingFilter
+* Made a few fixes for MacOS X
+* Added a workaround in configure.pl for GCC 2.95.x
+* Better support for PowerPC, ARM, and Alpha
+* Some more cleanups
+
diff --git a/doc/relnotes/0_8_3.txt b/doc/relnotes/0_8_3.txt
new file mode 100644
index 000000000..88012db05
--- /dev/null
+++ b/doc/relnotes/0_8_3.txt
@@ -0,0 +1,19 @@
+Version 0.8.3, 2002-06-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added DSA and Rabin-Williams signature schemes
+* Added EMSA3
+* Added PKCS#1 v1.5 encryption padding
+* Added Filters for PK algorithms
+* Added a Keyed_Filter class
+* LibraryInitializer processes arguments now
+* Major revamp of the PK interface classes
+* Changed almost all of the Filters for non-template operation
+* Changed HMAC, Lion, Luby-Rackoff to non-template classes
+* Some fairly minor BigInt optimizations
+* Added simple benchmarking for PK algorithms
+* Added hooks for fixed base and fixed exponent modular exponentiation
+* Added some examples for using RSA
+* Numerous bugfixes and cleanups
+* Documentation updates
+
diff --git a/doc/relnotes/0_8_4.txt b/doc/relnotes/0_8_4.txt
new file mode 100644
index 000000000..9b73ca88e
--- /dev/null
+++ b/doc/relnotes/0_8_4.txt
@@ -0,0 +1,17 @@
+Version 0.8.4, 2002-07-14
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added Nyberg-Rueppel signatures
+* Added Diffie-Hellman key exchange (kex interface is subject to change)
+* Added KDF2
+* Enhancements to the lookup API
+* Many things formerly taking pointers to algorithms now take names
+* Speedups for prime generation
+* LibraryInitializer has support for seeding the global RNG
+* Reduced SAFER-SK128 memory consumption
+* Reversed the ordering of public and private key values in DSA constructor
+* Fixed serious bugs in MemoryMapping_Allocator
+* Fixed memory leak in Lion
+* FTW_EntropySource was not closing the files it read
+* Fixed line breaking problem in Hex_Encoder
+
diff --git a/doc/relnotes/0_8_5.txt b/doc/relnotes/0_8_5.txt
new file mode 100644
index 000000000..eced09cc2
--- /dev/null
+++ b/doc/relnotes/0_8_5.txt
@@ -0,0 +1,19 @@
+Version 0.8.5, 2002-07-21
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
+* Added a DL_Group class
+* Reworking of the pubkey internals
+* Support in lookup for aliases and PK algorithms
+* Renamed CAST5 to CAST_128 and CAST256 to CAST_256
+* Added EMSA1
+* Reorganization of header files
+* LibraryInitializer will install new allocator types if requested
+* Fixed a bug in Diffie-Hellman key generation
+* Did a workaround in pipe.cpp for GCC 2.95.x on Linux
+* Removed some debugging code from init.cpp that made FTW ES useless
+* Better checking for invalid arguments in the PK algorithms
+* Reduced Base64 and Hex default line length (if line breaking is used)
+* Fixes for HP's aCC compiler
+* Cleanups in BigInt
+
diff --git a/doc/relnotes/0_8_6.txt b/doc/relnotes/0_8_6.txt
new file mode 100644
index 000000000..18c95db10
--- /dev/null
+++ b/doc/relnotes/0_8_6.txt
@@ -0,0 +1,23 @@
+Version 0.8.6, 2002-07-25
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added EMSA4 (aka PSS)
+* Brought the manual up to date; many corrections and additions
+* Added a parallel hash function construction
+* Lookup supports all available algorithms now
+* Lazy initialization of the lookup tables
+* Made more discrete logarithm groups available through get_dl_group()
+* StreamCipher_Filter supports seeking (if the underlying cipher does)
+* Minor optimization for GCD calculations
+* Renamed SAFER_SK128 to SAFER_SK
+* Removed many previously deprecated functions
+* Some now-obsolete functions, headers, and types have been deprecated
+* Fixed some bugs in DSA prime generation
+* DL_Group had a constructor for DSA-style prime gen but it wasn't defined
+* Reversed the ordering of the two arguments to SEAL's constructor
+* Fixed a threading problem in the PK algorithms
+* Fixed a minor memory leak in lookup.cpp
+* Fixed pk_types.h (it was broken in 0.8.5)
+* Made validation tests more verbose
+* Updated the check and example applications
+
diff --git a/doc/relnotes/0_8_7.txt b/doc/relnotes/0_8_7.txt
new file mode 100644
index 000000000..28d4bda56
--- /dev/null
+++ b/doc/relnotes/0_8_7.txt
@@ -0,0 +1,11 @@
+Version 0.8.7, 2002-07-30
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed bugs in EME1 and EMSA4
+* Fixed a potential crash at shutdown
+* Cipher modes returned an ill-formed name
+* Removed various deprecated types and headers
+* Cleaned up the Pipe interface a bit
+* Minor additions to the documentation
+* First stab at a Visual C++ makefile (doc/Makefile.vc7)
+
diff --git a/doc/relnotes/0_9_0.txt b/doc/relnotes/0_9_0.txt
new file mode 100644
index 000000000..ef73f6ae2
--- /dev/null
+++ b/doc/relnotes/0_9_0.txt
@@ -0,0 +1,8 @@
+Version 0.9.0, 2002-08-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* EMSA4 supports variable salt size
+* PK_* can take a string naming the encoding method to use
+* Started writing some internals documentation
+
+
diff --git a/doc/relnotes/0_9_1.txt b/doc/relnotes/0_9_1.txt
new file mode 100644
index 000000000..8d6398d58
--- /dev/null
+++ b/doc/relnotes/0_9_1.txt
@@ -0,0 +1,17 @@
+Version 0.9.1, 2002-08-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Grand rename from OpenCL to Botan
+* Major optimizations for the PK algorithms
+* Added ElGamal encryption
+* Added Whirlpool
+* Tweaked memory allocation parameters
+* Improved the method of seeding the global RNG
+* Moved pkcs1.h to eme_pkcs.h
+* Added more test vectors for some algorithms
+* Fixed error reporting in the BigInt tests
+* Removed Default_Timer, it was pointless
+* Added some new example applications
+* Removed some old examples that weren't that interesting
+* Documented the compression modules
+
diff --git a/doc/relnotes/0_9_2.txt b/doc/relnotes/0_9_2.txt
new file mode 100644
index 000000000..46eff06f5
--- /dev/null
+++ b/doc/relnotes/0_9_2.txt
@@ -0,0 +1,10 @@
+Version 0.9.2, 2002-08-18
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* DH_PrivateKey::public_value() was returning the wrong value
+* Various BigInt optimizations
+* The filters.h header now includes hex.h and base64.h
+* Moved Counter mode to ctr.h
+* Fixed a couple minor problems with VC++ 7
+* Fixed problems with the RPM spec file
+
diff --git a/doc/relnotes/1_0_0.txt b/doc/relnotes/1_0_0.txt
new file mode 100644
index 000000000..322aa1472
--- /dev/null
+++ b/doc/relnotes/1_0_0.txt
@@ -0,0 +1,10 @@
+Version 1.0.0, 2002-08-26
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Octal I/O of BigInt is now supported
+* Fixed portability problems in the es_egd module
+* Generalized IV handling in the block cipher modes
+* Added Karatsuba multiplication and k-ary exponentiation
+* Fixed a problem in the multiplication routines
+
+
diff --git a/doc/relnotes/1_0_1.txt b/doc/relnotes/1_0_1.txt
new file mode 100644
index 000000000..d496099ad
--- /dev/null
+++ b/doc/relnotes/1_0_1.txt
@@ -0,0 +1,8 @@
+Version 1.0.1, 2002-09-14
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a minor bug in Randpool::random()
+* Added some new aliases and typedefs for 1.1.x compatibility
+* The 4096-bit RSA benchmark key was decimal instead of hex
+* EMAC was returning an incorrect name
+
diff --git a/doc/relnotes/1_0_2.txt b/doc/relnotes/1_0_2.txt
new file mode 100644
index 000000000..9e09f198a
--- /dev/null
+++ b/doc/relnotes/1_0_2.txt
@@ -0,0 +1,6 @@
+Version 1.0.2, 2003-01-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed an obscure SEGFAULT causing bug in Pipe
+* Fixed an obscure but dangerous bug in SecureVector::swap
+
diff --git a/doc/relnotes/1_10_0.txt b/doc/relnotes/1_10_0.txt
new file mode 100644
index 000000000..3b6ba56ac
--- /dev/null
+++ b/doc/relnotes/1_10_0.txt
@@ -0,0 +1,10 @@
+Version 1.10.0, 2011-06-20
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Detection for the rdrand instruction being added to upcoming Intel
+ Ivy Bridge processors has been added.
+
+* A template specialization of std::swap was added for the memory
+ container types.
+
+
diff --git a/doc/relnotes/1_10_1.txt b/doc/relnotes/1_10_1.txt
new file mode 100644
index 000000000..45529e3d5
--- /dev/null
+++ b/doc/relnotes/1_10_1.txt
@@ -0,0 +1,21 @@
+Version 1.10.1, 2011-07-11
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* A race condition in `Algorithm_Factory` could cause crashes in
+ multithreaded code. See `this thread on botan-devel
+ <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_
+ for details and workarounds.
+
+* The return value of ``name`` has changed for GOST 28147-89 and
+ Skein-512. GOST's ``name`` now includes the name of the sbox, and
+ Skein's includes the personalization string (if nonempty). This
+ allows an object to be properly roundtripped, which is necessary to
+ fix the race condition described above.
+
+* A new distribution script is now included, as
+ ``src/build-data/scripts/dist.py``
+
+* The ``build.h`` header now includes, if available, an identifier of
+ the source revision that was used. This identifier is also included
+ in the result of ``version_string``.
+
diff --git a/doc/relnotes/1_10_2.txt b/doc/relnotes/1_10_2.txt
new file mode 100644
index 000000000..10cb66176
--- /dev/null
+++ b/doc/relnotes/1_10_2.txt
@@ -0,0 +1,68 @@
+Version 1.10.2, 2012-06-17
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Several TLS bugs were fixed in this release, including a major
+omission that the renegotiation extension was not being used. As the
+1.10 implementation of TLS does not properly support renegotiation,
+the approach in this release is simply to send the renegotiation
+extension SCSV, which should protect the client against any handshake
+splicing. In addition renegotiation attempts are handled properly
+instead of causing handshake failures - all hello requests, and all
+client hellos after the initial negotiation, are ignored. Some
+bugs affecting DSA server authentication were also fixed.
+
+By popular request, ``Pipe::reset`` no longer requires that message
+processing be completed, a requirement that caused problems when a
+Filter's end_msg call threw an exception, after which point the Pipe
+object was no longer usable.
+
+Support for getting entropy using the rdrand instruction introduced in
+Intel's Ivy Bridge processors has been added. In previous releases,
+the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit,
+and would false positive on AMD Bulldozer processors.
+
+An implementation of SRP-6a compatible with the specification in RFC
+5054 is now available in ``srp6.h``. In 1.11, this is being used for
+TLS-SRP, but may be useful in other environments as well.
+
+An implementation of the Camellia block cipher was added, again largely
+for use in TLS.
+
+If ``clock_gettime`` is available on the system, hres_timer will poll all
+the available clock types.
+
+AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems.
+The OpenBSD support was contributed by Brad Smith.
+
+The Qt mutex wrapper was broken and would not compile with any recent
+version of Qt. Taking this as a clear indication that it is not in use,
+it has been removed.
+
+Avoid setting the soname on OpenBSD, as it doesn't support it (PR 158)
+
+A compilation problem in the dynamic loader that prevented using
+dyn_load under MinGW GCC has been fixed.
+
+A common error for people using MinGW is to target GCC on Windows,
+however the 'Windows' target assumes the existence of Visual C++
+runtime functions which do not exist in MinGW. Now, configuring for
+GCC on Windows will cause the configure.py to warn that likely you
+wanted to configure for either MinGW or Cygwin, not the generic
+Windows target.
+
+A bug in configure.py would cause it to interpret `--cpu=s390x` as
+`s390`. This may have affected other CPUs as well. Now configure.py
+searches for an exact match, and only if no exact match is found will
+it search for substring matches.
+
+An incompatability in configure.py with the subprocess module included
+in Python 3.1 has been fixed (PR 157).
+
+The exception catching syntax of configure.py has been changed to the
+Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but
+not with any earlier Python 2 release. A simple search and replace
+will allow running it under Python 2.5::
+
+ perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
+
+Note that Python 2.4 is not supported at all.
diff --git a/doc/relnotes/1_11_0.txt b/doc/relnotes/1_11_0.txt
new file mode 100644
index 000000000..6321eafbe
--- /dev/null
+++ b/doc/relnotes/1_11_0.txt
@@ -0,0 +1,45 @@
+Version 1.11.0, Not Yet Released
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The codebase has converted to C++11. Currently GCC 4.7 and Clang 3.1
+ are known to work.
+
+* The MemoryVector and SecureVector container types have been removed.
+ An alias of std::vector using an allocator that clears memory named
+ secure_vector is used for key material, and std::vector is used for
+ everything else.
+
+* The method of mlocking memory is much improved, and if the process
+ can mlock memory then it will be used automatically.
+
+* The TLS interface is now non-blocking and does not directly interact
+ with sockets. An example TLS server using asio is included which
+ scales to at least 64 processors.
+
+* X509_Store has been removed. x509_path_validate in x509path.h now
+ handles path validation and Certificate_Store handles storage of
+ certificates and CRLs.
+
+* Add support for OCSP
+
+* TLS v1.2 is now supported
+
+* TLS now supports session resumption. Session information can be
+ saved in memory or to an encrypted SQLite database.
+
+* TLS renegotiation is now supported
+
+* TLS client authentication is now supported
+
+* TLS SRP and PSK ciphersuites are now supported
+
+* TLS session tickets are now supported
+
+* TLS ECDH key exchange and ECDSA certificates are now supported
+
+* Add support for SHA-2 ciphersuites
+
+* Add support for anonymous DH/ECDH ciphersuites
+
+
+
diff --git a/doc/relnotes/1_1_0.txt b/doc/relnotes/1_1_0.txt
new file mode 100644
index 000000000..09a08860b
--- /dev/null
+++ b/doc/relnotes/1_1_0.txt
@@ -0,0 +1,20 @@
+Version 1.1.0, 2002-09-14
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added entropy estimation to the RNGs
+* Improved the overall design of both Randpool and ANSI_X917_RNG
+* Added a separate RNG for nonce generation
+* Added window exponentiation support in power_mod
+* Added a get_s2k function and the PKCS #5 S2K algorithms
+* Added the TLSv1 PRF
+* Replaced BlockCipherModeIV typedef with InitializationVector class
+* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
+* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
+* Added support for RIPEMD-160 PKCS#1 v1.5 signatures
+* Changed the key agreement scheme interface
+* Changed the S2K and KDF interfaces
+* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
+* Added support for variable-pass Tiger
+* Major speedup for Rabin-Williams key generation
+
+
diff --git a/doc/relnotes/1_1_1.txt b/doc/relnotes/1_1_1.txt
new file mode 100644
index 000000000..bdb13f3ff
--- /dev/null
+++ b/doc/relnotes/1_1_1.txt
@@ -0,0 +1,15 @@
+Version 1.1.1, 2002-10-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the Korean hash function HAS-160
+* Partial support for RSA and DSA X.509 public keys
+* Added a mostly functional BER encoder/decoder
+* Added support for non-deterministic MAC functions
+* Initial support for PEM encoding/decoding
+* Internal cleanups in the PK algorithms
+* Several new convenience functions in Pipe
+* Fixed two nasty bugs in Pipe
+* Messed with the entropy sources for es_unix
+* Discrete logarithm groups are checked for safety more closely now
+* For compatibility with GnuPG, ElGamal now supports DSA-style groups
+
diff --git a/doc/relnotes/1_1_10.txt b/doc/relnotes/1_1_10.txt
new file mode 100644
index 000000000..adc295152
--- /dev/null
+++ b/doc/relnotes/1_1_10.txt
@@ -0,0 +1,13 @@
+Version 1.1.10, 2003-04-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* X509_CA can now generate new X.509 CRLs
+* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
+* More certificate and CRL extensions/attributes are supported
+* Better DN handling in X.509 certificates/CRLs
+* Added a DataSink hierarchy (suggested by Jim Darby)
+* Consolidated SecureAllocator and ManagedAllocator
+* Many cleanups and generalizations
+* Added a (slow) pthreads based EntropySource
+* Fixed some threading bugs
+
diff --git a/doc/relnotes/1_1_11.txt b/doc/relnotes/1_1_11.txt
new file mode 100644
index 000000000..ef05a42a0
--- /dev/null
+++ b/doc/relnotes/1_1_11.txt
@@ -0,0 +1,11 @@
+Version 1.1.11, 2003-04-07
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added PKCS #10 certificate requests
+* Changed X509_Store searching interface to be more flexible
+* Added a generic Certificate_Store interface
+* Added a function for generating self-signed X.509 certs
+* Cleanups and changes to X509_CA
+* New examples for PKCS #10 and self-signed certificates
+* Some documentation updates
+
diff --git a/doc/relnotes/1_1_12.txt b/doc/relnotes/1_1_12.txt
new file mode 100644
index 000000000..5f652af52
--- /dev/null
+++ b/doc/relnotes/1_1_12.txt
@@ -0,0 +1,12 @@
+Version 1.1.12, 2003-04-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a ASN.1 string encoding bug
+* Fixed a pair of X509_DN encoding problems
+* Base64_Decoder and Hex_Decoder can now validate input
+* Removed support for the LibraryInitializer option 'egd_path'
+* Added tests for DSA X.509 and PKCS #8 key formats
+* Removed a long deprecated feature of DH_PrivateKey's constructor
+* Updated the RPM .spec file
+* Major documentation updates
+
diff --git a/doc/relnotes/1_1_13.txt b/doc/relnotes/1_1_13.txt
new file mode 100644
index 000000000..b7379ceb8
--- /dev/null
+++ b/doc/relnotes/1_1_13.txt
@@ -0,0 +1,16 @@
+Version 1.1.13, 2003-04-22
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added OMAC
+* Added EAX authenticated cipher mode
+* Diffie-Hellman would not do blinding in some cases
+* Optimized the OFB and CTR modes
+* Corrected Skipjack's word ordering, as per NIST clarification
+* Support for all subject/issuer attribute types required by RFC 3280
+* The removeFromCRL CRL reason code is now handled correctly
+* Increased the flexibility of the allocators
+* Renamed Rijndael to AES, created aes.h, deleted rijndael.h
+* Removed support for the 'no_timer' LibraryInitializer option
+* Removed 'es_pthr' module, pending further testing
+* Cleaned up get_ciph.cpp
+
diff --git a/doc/relnotes/1_1_2.txt b/doc/relnotes/1_1_2.txt
new file mode 100644
index 000000000..088d66804
--- /dev/null
+++ b/doc/relnotes/1_1_2.txt
@@ -0,0 +1,17 @@
+Version 1.1.2, 2002-10-21
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Support for PKCS #8 encoded RSA, DSA, and DH private keys
+* Support for Diffie-Hellman X.509 public keys
+* Major reorganization of how X.509 keys are handled
+* Added PKCS #5 v2.0's PBES1 encryption scheme
+* Added a generic cipher lookup interface
+* Added the WiderWake4+1 stream cipher
+* Added support for sync-able stream ciphers
+* Added a 'paranoia level' option for the LibraryInitializer
+* More security for RNG output meant for long term keys
+* Added documentation for some of the new 1.1.x features
+* CFB's feedback argument is now specified in bits
+* Renamed CTR class to CTR_BE
+* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats
+
diff --git a/doc/relnotes/1_1_3.txt b/doc/relnotes/1_1_3.txt
new file mode 100644
index 000000000..f8c7fc3fc
--- /dev/null
+++ b/doc/relnotes/1_1_3.txt
@@ -0,0 +1,15 @@
+Version 1.1.3, 2002-11-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added a generic public/private key loading interface
+* Fixed a small encoding bug in RSA, RW, and DH
+* Changed the PK encryption/decryption interface classes
+* ECB supports using padding methods
+* Added a function-based interface for library initialization
+* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
+* The cipher mode benchmarks now use 128-bit AES instead of DES
+* Removed some obsolete typedefs
+* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
+* Added tests for PKCS #8 encoding/decoding
+* Added more tests for ECB and CBC
+
diff --git a/doc/relnotes/1_1_4.txt b/doc/relnotes/1_1_4.txt
new file mode 100644
index 000000000..9d74c3ae5
--- /dev/null
+++ b/doc/relnotes/1_1_4.txt
@@ -0,0 +1,14 @@
+Version 1.1.4, 2002-11-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Speedup of 15-30% for PK algorithms
+* Implemented the PBES2 encryption scheme
+* Fixed a potential bug in decoding RSA and RW private keys
+* Changed the DL_Group class interface to handle different formats better
+* Added support for PKCS #3 encoded DH parameters
+* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
+* Added key pair consistency checking
+* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
+* A botan-config script is generated at configure time
+* Documentation updates
+
diff --git a/doc/relnotes/1_1_5.txt b/doc/relnotes/1_1_5.txt
new file mode 100644
index 000000000..90101dedb
--- /dev/null
+++ b/doc/relnotes/1_1_5.txt
@@ -0,0 +1,8 @@
+Version 1.1.5, 2002-11-17
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the discrete logarithm integrated encryption system (DLIES)
+* Various optimizations for BigInt
+* Added support for assembler optimizations in modules
+* Added BigInt x86 optimizations module (mpi_ia32)
+
diff --git a/doc/relnotes/1_1_6.txt b/doc/relnotes/1_1_6.txt
new file mode 100644
index 000000000..4c638b7e3
--- /dev/null
+++ b/doc/relnotes/1_1_6.txt
@@ -0,0 +1,10 @@
+Version 1.1.6, 2002-12-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Initial support for X.509v3 certificates and CAs
+* Major redesign/rewrite of the ASN.1 encoding/decoding code
+* Added handling for DSA/NR signatures encoded as DER SEQUENCEs
+* Documented the generic cipher lookup interface
+* Added an (untested) entropy source for BeOS
+* Various cleanups and bug fixes
+
diff --git a/doc/relnotes/1_1_7.txt b/doc/relnotes/1_1_7.txt
new file mode 100644
index 000000000..bd73607e6
--- /dev/null
+++ b/doc/relnotes/1_1_7.txt
@@ -0,0 +1,8 @@
+Version 1.1.7, 2003-01-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed an obscure but dangerous bug in SecureVector::swap
+* Consolidated SHA-384 and SHA-512 to save code space
+* Added SSL3-MAC and SSL3-PRF
+* Documentation updates, including a new tutorial
+
diff --git a/doc/relnotes/1_1_8.txt b/doc/relnotes/1_1_8.txt
new file mode 100644
index 000000000..2ed517ece
--- /dev/null
+++ b/doc/relnotes/1_1_8.txt
@@ -0,0 +1,13 @@
+Version 1.1.8, 2003-01-29
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixes for the certificate path validation algorithm in X509_Store
+* Fixed a bug affecting X509_Certificate::is_ca_cert()
+* Added a general configuration interface for policy issues
+* Cleanups and API changes in the X.509 CA, cert, and store code
+* Made various options available for X509_CA users
+* Changed X509_Time's interface to work around time_t problems
+* Fixed a theoretical weakness in Randpool's entropy mixing function
+* Fixed problems compiling with GCC 2.95.3 and GCC 2.96
+* Fixed a configure bug (reported by Jon Wilson) affecting MinGW
+
diff --git a/doc/relnotes/1_1_9.txt b/doc/relnotes/1_1_9.txt
new file mode 100644
index 000000000..2ed18080d
--- /dev/null
+++ b/doc/relnotes/1_1_9.txt
@@ -0,0 +1,10 @@
+Version 1.1.9, 2003-02-25
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added support for using X.509v2 CRLs
+* Fixed several bugs in the path validation algorithm
+* Certificates can be verified for a particular usage
+* Algorithm for comparing distinguished names now follows X.509
+* Cleaned up the code for the es_beos, es_ftw, es_unix modules
+* Documentation updates
+
diff --git a/doc/relnotes/1_2_0.txt b/doc/relnotes/1_2_0.txt
new file mode 100644
index 000000000..2372919fb
--- /dev/null
+++ b/doc/relnotes/1_2_0.txt
@@ -0,0 +1,9 @@
+Version 1.2.0, 2003-04-28
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Tweaked the Karatsuba cut-off points
+* Increased the allowed keylength of HMAC and Blowfish
+* Removed the 'mpi_ia32' module, pending rewrite
+* Workaround a GCC 2.95.x bug in eme1.cpp
+
+
diff --git a/doc/relnotes/1_2_1.txt b/doc/relnotes/1_2_1.txt
new file mode 100644
index 000000000..885d6a10a
--- /dev/null
+++ b/doc/relnotes/1_2_1.txt
@@ -0,0 +1,10 @@
+Version 1.2.1, 2003-05-06
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added ANSI X9.23 compatible CBC padding
+* Added an entropy source using Win32 CryptoAPI
+* Removed the Pipe I/O operators taking a FILE*
+* Moved the BigInt encoding/decoding functions into the BigInt class
+* Integrated several fixes for VC++ 7 (from Hany Greiss)
+* Fixed the configure.pl script for Windows builds
+
diff --git a/doc/relnotes/1_2_2.txt b/doc/relnotes/1_2_2.txt
new file mode 100644
index 000000000..6732daffb
--- /dev/null
+++ b/doc/relnotes/1_2_2.txt
@@ -0,0 +1,13 @@
+Version 1.2.2, 2003-05-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add checks to prevent any BigInt bugs from revealing an RSA or RW key
+* Changed the interface of Global_RNG::seed
+* Major improvements for the es_unix module
+* Added another Win32 entropy source, es_win32
+* The Win32 CryptoAPI entropy source can now poll multiple providers
+* Improved the BeOS entropy source
+* Renamed pipe_unixfd module to fd_unix
+* Fixed a file descriptor leak in the EGD module
+* Fixed a few locking bugs
+
diff --git a/doc/relnotes/1_2_3.txt b/doc/relnotes/1_2_3.txt
new file mode 100644
index 000000000..fd12fc09c
--- /dev/null
+++ b/doc/relnotes/1_2_3.txt
@@ -0,0 +1,14 @@
+Version 1.2.3, 2003-05-20
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a bug that prevented DSA/NR key generation
+* Fixed a bug that prevented importing some root CA certs
+* Fixed a bug in the BER decoder when handing optional bit or byte strings
+* Fixed the encoding of authorityKeyIdentifier in X509_CA
+* Added a sanity check in PBKDF2 for zero length passphrases
+* Added versions of X509::load_key and PKCS8::load_key that take a file name
+* X509_CA generates 128 bit serial numbers now
+* Added tests to check PK key generation
+* Added a simplistic X.509 CA example
+* Cleaned up some of the examples
+
diff --git a/doc/relnotes/1_2_4.txt b/doc/relnotes/1_2_4.txt
new file mode 100644
index 000000000..600d030c4
--- /dev/null
+++ b/doc/relnotes/1_2_4.txt
@@ -0,0 +1,8 @@
+Version 1.2.4, 2003-05-29
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a bug in EMSA1 affecting NR signature verification
+* Fixed a few latent bugs in BigInt related to word size
+* Removed an unused function, mp_add2_nc, from the MPI implementation
+* Reorganized the core MPI files
+
diff --git a/doc/relnotes/1_2_5.txt b/doc/relnotes/1_2_5.txt
new file mode 100644
index 000000000..b88c37e7e
--- /dev/null
+++ b/doc/relnotes/1_2_5.txt
@@ -0,0 +1,23 @@
+Version 1.2.5, 2003-06-22
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a tricky and long-standing memory leak in Pipe
+* Major cleanups and fixes in the memory allocation system
+* Removed alloc_mlock, which has been superseded by the ml_unix module
+* Removed a denial of service vulnerability in X509_Store
+* Fixed compilation problems with VS .NET 2003 and Codewarrior 8
+* Added another variant of PKCS8::load_key, taking a memory buffer
+* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
+* BigInt::operator%=(word) was a no-op if the input was a power of 2
+* Fixed portability problems in BigInt::to_u32bit
+* Fixed major bugs in SSL3-MAC
+* Cleaned up some messes in the PK algorithms
+* Cleanups and extensions for OMAC and EAX
+* Made changes to the entropy estimation function
+* Added a 'beos' module set for use on BeOS
+* Officially deprecated a few X509:: and PKCS8:: functions
+* Moved the contents of primes.h to numthry.h
+* Moved the contents of x509opt.h to x509self.h
+* Removed the (empty) desx.h header
+* Documentation updates
+
diff --git a/doc/relnotes/1_2_6.txt b/doc/relnotes/1_2_6.txt
new file mode 100644
index 000000000..9a22648d5
--- /dev/null
+++ b/doc/relnotes/1_2_6.txt
@@ -0,0 +1,10 @@
+Version 1.2.6, 2003-07-04
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Major performance increase for PK algorithms on most 64-bit systems
+* Cleanups in the low-level MPI code to support asm implementations
+* Fixed build problems with some versions of Compaq's C++ compiler
+* Removed useless constructors for NR public and private keys
+* Removed support for the patch_file directive in module files
+* Removed several deprecated functions
+
diff --git a/doc/relnotes/1_2_7.txt b/doc/relnotes/1_2_7.txt
new file mode 100644
index 000000000..8121bbef8
--- /dev/null
+++ b/doc/relnotes/1_2_7.txt
@@ -0,0 +1,15 @@
+Version 1.2.7, 2003-10-31
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added support for reading configuration files
+* Added constructors so NR and RW keys can be imported easily
+* Fixed mp_asm64, which was completely broken in 1.2.6
+* Removed tm_hw_ia32 module; replaced by tm_hard
+* Added support for loading certain oddly formed RSA certificates
+* Fixed spelling of NON_REPUDIATION enum
+* Renamed the option default_to_ca to v1_assume_ca
+* Fixed a minor bug in X.509 certificate generation
+* Fixed a latent bug in the OID lookup code
+* Updated the RPM spec file
+* Added to the tutorial
+
diff --git a/doc/relnotes/1_2_8.txt b/doc/relnotes/1_2_8.txt
new file mode 100644
index 000000000..e234b5ccd
--- /dev/null
+++ b/doc/relnotes/1_2_8.txt
@@ -0,0 +1,5 @@
+Version 1.2.8, 2003-11-21
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Merged several important bug fixes from 1.3.x
+
diff --git a/doc/relnotes/1_3_0.txt b/doc/relnotes/1_3_0.txt
new file mode 100644
index 000000000..c1229e8d2
--- /dev/null
+++ b/doc/relnotes/1_3_0.txt
@@ -0,0 +1,11 @@
+Version 1.3.0, 2003-11-02
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Major redesign of the PKCS #8 private key import/export system
+* Added a small amount of UI interface code for getting passphrases
+* Added heuristics that tell if a key, cert, etc is stored as PEM or BER
+* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
+* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
+* Made PEM decoding more forgiving of extra text before the header
+
+
diff --git a/doc/relnotes/1_3_1.txt b/doc/relnotes/1_3_1.txt
new file mode 100644
index 000000000..70bc79d02
--- /dev/null
+++ b/doc/relnotes/1_3_1.txt
@@ -0,0 +1,7 @@
+Version 1.3.1, 2003-11-04
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Generalized a few pieces of the DER encoder
+* PKCS8::load_key would fail if handed an unencrypted key
+* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop
+
diff --git a/doc/relnotes/1_3_10.txt b/doc/relnotes/1_3_10.txt
new file mode 100644
index 000000000..f99d11bc2
--- /dev/null
+++ b/doc/relnotes/1_3_10.txt
@@ -0,0 +1,10 @@
+Version 1.3.10, 2004-03-27
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added support for OpenPGP's ASCII armor format
+* Cleaned up the RNG system; seeding is much more flexible
+* Added simple autoconfiguration abilities to configure.pl
+* Fixed a GCC 2.95.x compile problem
+* Updated the example configuration file
+* Documentation updates
+
diff --git a/doc/relnotes/1_3_11.txt b/doc/relnotes/1_3_11.txt
new file mode 100644
index 000000000..86c1f13a1
--- /dev/null
+++ b/doc/relnotes/1_3_11.txt
@@ -0,0 +1,12 @@
+Version 1.3.11, 2004-04-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed two show-stopping bugs in PKCS10_Request
+* Added some sanity checks in Pipe/Filter
+* The DNS and URI entries would get swapped in subjectAlternativeNames
+* MAC_Filter is now willing to not take a key at creation time
+* Setting the expiration times of certs and CRLs is more flexible
+* Fixed problems building on AIX with GCC
+* Fixed some problems in the tutorial pointed out by Dominik Vogt
+* Documentation updates
+
diff --git a/doc/relnotes/1_3_12.txt b/doc/relnotes/1_3_12.txt
new file mode 100644
index 000000000..0a5ef7901
--- /dev/null
+++ b/doc/relnotes/1_3_12.txt
@@ -0,0 +1,15 @@
+Version 1.3.12, 2004-05-02
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added ability to remove old entries from CRLs
+* Swapped the first two arguments of X509_CA::update_crl()
+* Added an < operator for MemoryRegion, so it can be used as a std::map key
+* Changed X.509 searching by DNS name from substring to full string compares
+* Renamed a few X509_Certificate and PKCS10_Request member functions
+* Fixed a problem when decoding some PKCS #10 requests
+* Hex_Decoder would not check inputs, reported by Vaclav Ovsik
+* Changed default CRL expire time from 30 days to 7 days
+* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
+* Corrected errors in the API doc, fixes from Ken Perano
+* More documentation about the Pipe/Filter code
+
diff --git a/doc/relnotes/1_3_13.txt b/doc/relnotes/1_3_13.txt
new file mode 100644
index 000000000..6b6726aea
--- /dev/null
+++ b/doc/relnotes/1_3_13.txt
@@ -0,0 +1,9 @@
+Version 1.3.13, 2004-05-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Major fixes for Cygwin builds
+* Minor MacOS X install fixes
+* The configure script is a little better at picking the right modules
+* Removed ml_unix from the 'unix' module set for Cygwin compatibility
+* Fixed a stupid compile problem in pkcs10.h
+
diff --git a/doc/relnotes/1_3_14.txt b/doc/relnotes/1_3_14.txt
new file mode 100644
index 000000000..330a4690b
--- /dev/null
+++ b/doc/relnotes/1_3_14.txt
@@ -0,0 +1,26 @@
+Version 1.3.14, 2004-06-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added support for AEP's AEP1000/AEP2000 crypto cards
+* Added a Mutex module using Qt, from Justin Karneges
+* Added support for engine loading in LibraryInitializer
+* Tweaked SecureAllocator, giving 20% better performance under heavy load
+* Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
+* Renamed PK_Engine to Engine_Core
+* Improved the Karatsuba cutoff points
+* Fixes for compiling with GCC 3.4 and Sun C++ 5.5
+* Fixes for Linux/s390, OpenBSD, and Solaris
+* Added support for Linux/s390x
+* The configure script was totally broken for 'generic' OS
+* Removed Montgomery reduction due to bugs
+* Removed an unused header, pkcs8alg.h
+* check --validate returns an error code if any tests failed
+* Removed duplicate entry in Unix command list for es_unix
+* Moved the Cert_Usage enumeration into X509_Store
+* Added new timing methods for PK benchmarks, clock_gettime and RDTSC
+* Fixed a few minor bugs in the configure script
+* Removed some deprecated functions from x509cert.h and pkcs10.h
+* Removed the 'minimal' module, has to be updated for Engine support
+* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
+* Documentation updates
+
diff --git a/doc/relnotes/1_3_2.txt b/doc/relnotes/1_3_2.txt
new file mode 100644
index 000000000..c4a99be88
--- /dev/null
+++ b/doc/relnotes/1_3_2.txt
@@ -0,0 +1,21 @@
+Version 1.3.2, 2003-11-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a bug preventing DSA signatures from verifying on X.509 objects
+* Made the X509_Store search routines more efficient and flexible
+* Added a function to X509_PublicKey to do easy public/private key matching
+* Added support for decoding indefinite length BER data
+* Changed Pipe's peek() to take an offset
+* Removed Filter::set_owns in favor of the new incr_owns function
+* Removed BigInt::zero() and BigInt::one()
+* Renamed the PEM related options from base/pem_* to pem/*
+* Added an option to specify the line width when encoding PEM
+* Removed the "rng/safe_longterm" option; it's always on now
+* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
+* Cleaned up the base64/hex encoders and decoders
+* Added an ASN.1/BER decoder as an example
+* AES had its internals marked 'public' in previous versions
+* Changed the value of the ASN.1 NO_OBJECT enum
+* Various new hacks in the configure script
+* Removed the already nominal support for SunOS
+
diff --git a/doc/relnotes/1_3_3.txt b/doc/relnotes/1_3_3.txt
new file mode 100644
index 000000000..236fbec85
--- /dev/null
+++ b/doc/relnotes/1_3_3.txt
@@ -0,0 +1,18 @@
+Version 1.3.3, 2003-11-17
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The library can now be repeatedly initialized and shutdown without crashing
+* Fixed an off-by-one error in the CTS code
+* Fixed an error in the EMSA4 verification code
+* Fixed a memory leak in mutex.cpp (pointed out by James Widener)
+* Fixed a memory leak in Pthread_Mutex
+* Fixed several memory leaks in the testing code
+* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
+* Minor cleanups in SecureAllocator
+* Removed a needless mutex guarding the (stateless) global timer
+* Fixed a piece of bash-specific code in botan-config
+* X.509 objects report more information about decoding errors
+* Cleaned up some of the exception handling
+* Updated the example config file with new OIDSs
+* Moved the build instructions into a separate document, building.tex
+
diff --git a/doc/relnotes/1_3_4.txt b/doc/relnotes/1_3_4.txt
new file mode 100644
index 000000000..54a12d818
--- /dev/null
+++ b/doc/relnotes/1_3_4.txt
@@ -0,0 +1,11 @@
+Version 1.3.4, 2003-11-21
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added a module that does certain MPI operations using GNU MP
+* Added the X9.42 Diffie-Hellman PRF
+* The Zlib and Bzip2 objects now use custom allocators
+* Added member functions for directly hashing/MACing SecureVectors
+* Minor optimizations to the MPI addition and subtraction algorithms
+* Some cleanups in the low-level MPI code
+* Created separate AES-{128,192,256} objects
+
diff --git a/doc/relnotes/1_3_5.txt b/doc/relnotes/1_3_5.txt
new file mode 100644
index 000000000..f94df7bd9
--- /dev/null
+++ b/doc/relnotes/1_3_5.txt
@@ -0,0 +1,21 @@
+Version 1.3.5, 2003-11-30
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Major improvements in ASN.1 string handling
+* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
+* Added partial support for the X.509v3 certificate policies extension
+* Centralized the handling of character set information
+* Added FIPS 140-2 startup self tests
+* Added a module (fips140) for doing extra FIPS 140-2 tests
+* Added FIPS 186-2 RNG
+* Improved ASN.1 BIT STRING handling
+* Removed a memory leak in PKCS10_Request
+* The encoding of DirectoryString now follows PKIX guidelines
+* Fixed some of the character set dependencies
+* Fixed a DER encoding error for tags greater than 30
+* The BER decoder can now handle tags larger than 30
+* Fixed tm_hard.cpp to recognize SPARC on more systems
+* Workarounds for a GCC 2.95.x bug in x509find.cpp
+* RPM changed to install into /usr instead of /usr/local
+* Added support for QNX
+
diff --git a/doc/relnotes/1_3_6.txt b/doc/relnotes/1_3_6.txt
new file mode 100644
index 000000000..f8310d315
--- /dev/null
+++ b/doc/relnotes/1_3_6.txt
@@ -0,0 +1,8 @@
+Version 1.3.6, 2003-12-07
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added a new module 'minimal', which disables most algorithms
+* SecureAllocator allocates a few blocks at startup
+* A few minor MPI cleanups
+* RPM spec file cleanups and fixes
+
diff --git a/doc/relnotes/1_3_7.txt b/doc/relnotes/1_3_7.txt
new file mode 100644
index 000000000..8cbb431f5
--- /dev/null
+++ b/doc/relnotes/1_3_7.txt
@@ -0,0 +1,13 @@
+Version 1.3.7, 2003-12-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a big security problem in es_unix
+* Fixed several stability problems in es_unix
+* Expanded the list of programs es_unix will try to use
+* SecureAllocator now only preallocates blocks in special cases
+* Added a special case in Global_RNG::seed for forcing a full poll
+* Removed the FIPS 186 RNG added in 1.3.5 pending further testing
+* Configure updates for PowerPC CPUs
+* Removed the (never tested) VAX support
+* Added support for S/390 Linux
+
diff --git a/doc/relnotes/1_3_8.txt b/doc/relnotes/1_3_8.txt
new file mode 100644
index 000000000..7fac2566a
--- /dev/null
+++ b/doc/relnotes/1_3_8.txt
@@ -0,0 +1,26 @@
+Version 1.3.8, 2003-12-30
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Initial introduction of engine support, which separates PK keys from
+ the underlying operations. An engine using GNU MP was added.
+
+* DSA, DH, NR, and ElGamal constructors accept taking just the private
+ key again since the public key is easily derived from it.
+
+* Montgomery reduction support was added.
+* ElGamal keys now support being imported/exported as ASN.1 objects
+* Added Montgomery reductions
+* Added an engine that uses GNU MP (requires 4.1 or later)
+* Removed the obsolete mp_gmp module
+* Moved several initialization/shutdown functions to init.h
+* Major refactoring of the memory containers
+* New non-locking container, MemoryVector
+* Fixed 64-bit problems in BigInt::set_bit/clear_bit
+* Renamed PK_Key::check_params() to check_key()
+* Some incompatible changes to OctetString
+* Added version checking macros in version.h
+* Removed the fips140 module pending rewrite
+* Added some functions and hooks to help GUIs
+* Moved more shared code into MDx_HashFunction
+* Added a policy hook for specifying the encoding of X.509 strings
+
diff --git a/doc/relnotes/1_3_9.txt b/doc/relnotes/1_3_9.txt
new file mode 100644
index 000000000..1867b8231
--- /dev/null
+++ b/doc/relnotes/1_3_9.txt
@@ -0,0 +1,10 @@
+Version 1.3.9, 2004-03-07
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added an engine using OpenSSL (requires 0.9.7 or later)
+* X509_Certificate would lose email addresses stored in the DN
+* Fixed a missing initialization in a BigInt constructor
+* Fixed several Visual C++ compile problems
+* Fixed some BeOS build problems
+* Fixed the WiderWake benchmark
+
diff --git a/doc/relnotes/1_4_0.txt b/doc/relnotes/1_4_0.txt
new file mode 100644
index 000000000..c1cc5ea88
--- /dev/null
+++ b/doc/relnotes/1_4_0.txt
@@ -0,0 +1,12 @@
+Version 1.4.0, 2004-06-26
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the FIPS 186 RNG back
+* Added copy_key functions for X.509 public keys and PKCS #8 private keys
+* Fixed PKCS #1 signatures with RIPEMD-128
+* Moved some code around to avoid warnings with Sun ONE compiler
+* Fixed a bug in botan-config affecting OpenBSD
+* Fixed some build problems on Tru64, HP-UX
+* Fixed compile problems with Intel C++, Compaq C++
+
+
diff --git a/doc/relnotes/1_4_1.txt b/doc/relnotes/1_4_1.txt
new file mode 100644
index 000000000..10f45b8b1
--- /dev/null
+++ b/doc/relnotes/1_4_1.txt
@@ -0,0 +1,11 @@
+Version 1.4.1, 2004-10-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed major errors in the X.509 and PKCS #8 copy_key functions
+* Added a LAST_MESSAGE meta-message number for Pipe
+* Added new aliases (3DES and DES-EDE) for Triple-DES
+* Added some new functions to PK_Verifier
+* Cleaned up the KDF interface
+* Disabled tm_posix on BSD due to header issues
+* Fixed a build problem on PowerPC with GNU C++ pre-3.4
+
diff --git a/doc/relnotes/1_4_10.txt b/doc/relnotes/1_4_10.txt
new file mode 100644
index 000000000..277245284
--- /dev/null
+++ b/doc/relnotes/1_4_10.txt
@@ -0,0 +1,20 @@
+Version 1.4.10, 2005-12-18
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added an implementation of KASUMI, the block cipher used in 3G phones
+* Refactored Pipe; output queues are now managed by a distinct class
+* Made certain Filter facilities only available to subclasses of Fanout_Filter
+* There is no longer any overhead in Pipe for a message that has been read out
+* It is now possible to generate RSA keys as small as 128 bits
+* Changed some of the core classes to derive from Algorithm as a virtual base
+* Changed Randpool to use HMAC instead of a plain hash as the mixing function
+* Fixed a bug in the allocators; found and fixed by Matthew Gregan
+* Enabled the use of binary file I/O, when requested by the application
+* The OpenSSL engine's block cipher code was missing some deallocation calls
+* Disabled the es_ftw module on NetBSD, due to header problems there
+* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
+* Some cleanups for the modules that use inline assembler
+* config.h is now stored in build/ instead of build/include/botan/
+* The header util.h was split into bit_ops.h, parsing.h, and util.h
+* Cleaned up some redundant include directives
+
diff --git a/doc/relnotes/1_4_11.txt b/doc/relnotes/1_4_11.txt
new file mode 100644
index 000000000..1bfb5d059
--- /dev/null
+++ b/doc/relnotes/1_4_11.txt
@@ -0,0 +1,12 @@
+Version 1.4.11, 2005-12-31
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Changed Whirlpool diffusion matrix to match updated algorithm spec
+* Fixed several engine module build errors introduced in 1.4.10
+* Fixed two build problems in es_capi; reported by Matthew Gregan
+* Added a constructor to DataSource_Memory taking a std::string
+* Placing the same Filter in multiple Pipes triggers an exception
+* The configure script accepts --docdir and --libdir
+* Merged doc/rngs.txt into the main API document
+* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11
+
diff --git a/doc/relnotes/1_4_12.txt b/doc/relnotes/1_4_12.txt
new file mode 100644
index 000000000..d2c134884
--- /dev/null
+++ b/doc/relnotes/1_4_12.txt
@@ -0,0 +1,8 @@
+Version 1.4.12, 2006-01-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed an off-by-one memory read in MISTY1::key()
+* Fixed a nasty memory leak in Output_Buffers::retire()
+* Changed maximum HMAC keylength to 1024 bits
+* Fixed a build problem in the hardware timer module on 64-bit PowerPC
+
diff --git a/doc/relnotes/1_4_2.txt b/doc/relnotes/1_4_2.txt
new file mode 100644
index 000000000..43cc25a42
--- /dev/null
+++ b/doc/relnotes/1_4_2.txt
@@ -0,0 +1,14 @@
+Version 1.4.2, 2004-10-31
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a major CRL handling bug
+* Cipher and hash operations can be offloaded to engines
+* Added support for cipher and hash offload in OpenSSL engine
+* Improvements for 64-bit CPUs without a widening multiply instruction
+* Support for SHA2-* and Whirlpool with EMSA2
+* Fixed a long-standing build problem with conflicting include files
+* Fixed some examples that hadn't been updated for 1.4.x
+* Portability fixes for Solaris, BSD, HP-UX, and others
+* Lots of fixes and cleanups in the configure script
+* Updated the Gentoo ebuild file
+
diff --git a/doc/relnotes/1_4_3.txt b/doc/relnotes/1_4_3.txt
new file mode 100644
index 000000000..016221c6c
--- /dev/null
+++ b/doc/relnotes/1_4_3.txt
@@ -0,0 +1,10 @@
+Version 1.4.3, 2004-11-06
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Split up SecureAllocator into Allocator and Pooling_Allocator
+* Memory locking allocators are more likely to be used
+* Fixed the placement of includes in some modules
+* Fixed broken installation procedure
+* Fixes in configure script to support alternate install programs
+* Modules can specify the minimum version they support
+
diff --git a/doc/relnotes/1_4_4.txt b/doc/relnotes/1_4_4.txt
new file mode 100644
index 000000000..f633751f5
--- /dev/null
+++ b/doc/relnotes/1_4_4.txt
@@ -0,0 +1,9 @@
+Version 1.4.4, 2004-12-02
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Further tweaks to the pooling allocator
+* Modified EMSA3 to support SSL/TLS signatures
+* Changes to support Qt/QCA, from Justin Karneges
+* Moved mux_qt module code into mod_qt
+* Fixes for HP-UX from Mike Desjardins
+
diff --git a/doc/relnotes/1_4_5.txt b/doc/relnotes/1_4_5.txt
new file mode 100644
index 000000000..cfc8b3455
--- /dev/null
+++ b/doc/relnotes/1_4_5.txt
@@ -0,0 +1,15 @@
+Version 1.4.5, 2005-02-26
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add support for AES encryption of private keys
+* Minor fixes for PBES2 parameter decoding
+* Internal cleanups for global state variables
+* GCC 3.x version detection was broken in non-English locales
+* Work around a Sun Forte bug affecting mem_pool.h
+* Several fixes for Borland C++ 5.5, from Friedemann Kleint
+* Removed inclusion of init.h into base.h
+* Fixed a major bug in reading from certificate stores
+* Cleaned up a couple of mutex leaks
+* Removed some left-over debugging code
+* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF
+
diff --git a/doc/relnotes/1_4_6.txt b/doc/relnotes/1_4_6.txt
new file mode 100644
index 000000000..a4450928d
--- /dev/null
+++ b/doc/relnotes/1_4_6.txt
@@ -0,0 +1,10 @@
+Version 1.4.6, 2005-03-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix an error in the shutdown code introduced in 1.4.5
+* Setting base/pkcs8_tries to 0 disables the builtin fail-out
+* Support for XMPP identifiers in X.509 certificates
+* Duplicate entries in X.509 DNs are removed
+* More fixes for Borland C++, from Friedemann Kleint
+* Add a workaround for buggy iostreams
+
diff --git a/doc/relnotes/1_4_7.txt b/doc/relnotes/1_4_7.txt
new file mode 100644
index 000000000..1531b1cfe
--- /dev/null
+++ b/doc/relnotes/1_4_7.txt
@@ -0,0 +1,17 @@
+Version 1.4.7, 2005-09-25
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed major performance problems with recent versions of GNU C++
+* Added an implementation of the X9.31 PRNG
+* Removed the X9.17 and FIPS 186-2 PRNG algorithms
+* Changed defaults to use X9.31 PRNGs as global PRNG objects
+* Documentation updates to reflect the PRNG changes
+* Some cleanups related to the engine code
+* Removed two useless headers, base_eng.h and secalloc.h
+* Removed PK_Verifier::valid_signature
+* Fixed configure/build system bugs affecting MacOS X builds
+* Added support for the EKOPath x86-64 compiler
+* Added missing destructor for BlockCipherModePaddingMethod
+* Fix some build problems with Visual C++ 2005 beta
+* Fix some build problems with Visual C++ 2003 Workshop
+
diff --git a/doc/relnotes/1_4_8.txt b/doc/relnotes/1_4_8.txt
new file mode 100644
index 000000000..694138ecc
--- /dev/null
+++ b/doc/relnotes/1_4_8.txt
@@ -0,0 +1,9 @@
+Version 1.4.8, 2005-10-16
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Resolved a bad performance problem in the allocators; fix by Matt Johnston
+* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
+* Renamed OMAC to CMAC to match the official NIST naming
+* Added single byte versions of update() to PK_Signer and PK_Verifier
+* Removed the unused reverse_bits and reverse_bytes functions
+
diff --git a/doc/relnotes/1_4_9.txt b/doc/relnotes/1_4_9.txt
new file mode 100644
index 000000000..ff663a0a5
--- /dev/null
+++ b/doc/relnotes/1_4_9.txt
@@ -0,0 +1,17 @@
+Version 1.4.9, 2005-11-06
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the IBM-created AES candidate algorithm MARS
+* Added the South Korean block cipher SEED
+* Added the stream cipher Turing
+* Added the new hash function FORK-256
+* Deprecated the ISAAC stream cipher
+* Twofish and RC6 are significantly faster with GCC
+* Much better support for 64-bit PowerPC
+* Added support for high-resolution PowerPC timers
+* Fixed a bug in the configure script causing problems on FreeBSD
+* Changed ANSI X9.31 to support arbitrary block ciphers
+* Make the configure script a bit less noisy
+* Added more test vectors for some algorithms, including all the AES finalists
+* Various cosmetic source code cleanups
+
diff --git a/doc/relnotes/1_5_0.txt b/doc/relnotes/1_5_0.txt
new file mode 100644
index 000000000..6b2926510
--- /dev/null
+++ b/doc/relnotes/1_5_0.txt
@@ -0,0 +1,13 @@
+Version 1.5.0, 2006-01-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Moved all global/shared library state into a single object
+* Mutex objects are created through mutex factories instead of a global
+* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
+* Removed the RNG_Quality enum entirely
+* There is now only a single global-use PRNG
+* Removed the no_aliases and no_oids options for LibraryInitializer
+* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
+* Change es_ftw to use unbuffered I/O
+
+
diff --git a/doc/relnotes/1_5_1.txt b/doc/relnotes/1_5_1.txt
new file mode 100644
index 000000000..69ba5c6fa
--- /dev/null
+++ b/doc/relnotes/1_5_1.txt
@@ -0,0 +1,15 @@
+Version 1.5.1, 2006-01-08
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Implemented Montgomery exponentiation
+* Implemented generalized Karatsuba multiplication and squaring
+* Implemented Comba squaring for 4, 6, and 8 word inputs
+* Added new Modular_Exponentiator and Power_Mod classes
+* Removed FixedBase_Exp and FixedExponent_Exp
+* Fixed a performance regression in get_allocator introduced in 1.5.0
+* Engines can now offer S2K algorithms and block cipher padding methods
+* Merged the remaining global 'algolist' code into Default_Engine
+* The low-level MPI code is linked as C again
+* Replaced BigInt's get_nibble with the more general get_substring
+* Some documentation updates
+
diff --git a/doc/relnotes/1_5_10.txt b/doc/relnotes/1_5_10.txt
new file mode 100644
index 000000000..e4af64bb8
--- /dev/null
+++ b/doc/relnotes/1_5_10.txt
@@ -0,0 +1,14 @@
+Version 1.5.10, 2006-08-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add x86 assembler versions of MD4, MD5, and SHA-1
+* Expand InitializerOptions' language to support on/off switches
+* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
+* Fix possible resource leaks in the mmap allocator
+* Slightly optimized buffering in MDx_HashFunction
+* Initialization failures are dealt with somewhat better
+* Add an example implementing Pollard's Rho algorithm
+* Better option handling in the test/benchmark tool
+* Expand the xor_ciph example to support longer keys
+* Some updates to the documentation
+
diff --git a/doc/relnotes/1_5_11.txt b/doc/relnotes/1_5_11.txt
new file mode 100644
index 000000000..144d8be66
--- /dev/null
+++ b/doc/relnotes/1_5_11.txt
@@ -0,0 +1,11 @@
+Version 1.5.11, 2006-09-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Removed the Algorithm base class
+* Various cleanups in the public key inheritance hierarchy
+* Major overhaul of the configure/build setup
+* Added x86 assembler implementations of Serpent and low-level MPI code
+* Optimizations for the SHA-1 x86 assembler
+* Various improvements to the Python wrappers
+* Work around a Visual Studio compiler bug
+
diff --git a/doc/relnotes/1_5_12.txt b/doc/relnotes/1_5_12.txt
new file mode 100644
index 000000000..4e57fd99a
--- /dev/null
+++ b/doc/relnotes/1_5_12.txt
@@ -0,0 +1,10 @@
+Version 1.5.12, 2006-10-27
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Cleanups in the initialization routines
+* Add some x86-64 assembly for multiply-add
+* Fix problems generating very small (below 384 bit) RSA keys
+* Support out of tree builds
+* Bring some of the documentation up to date
+* More improvements to the Python bindings
+
diff --git a/doc/relnotes/1_5_13.txt b/doc/relnotes/1_5_13.txt
new file mode 100644
index 000000000..b8bcf7684
--- /dev/null
+++ b/doc/relnotes/1_5_13.txt
@@ -0,0 +1,6 @@
+Version 1.5.13, 2006-12-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Compilation fixes for the bzip2, zlib, and GNU MP modules
+* Better support for Intel C++ and EKOpath C++ on x86-64
+
diff --git a/doc/relnotes/1_5_2.txt b/doc/relnotes/1_5_2.txt
new file mode 100644
index 000000000..5e5a68d44
--- /dev/null
+++ b/doc/relnotes/1_5_2.txt
@@ -0,0 +1,18 @@
+Version 1.5.2, 2006-01-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed an off-by-one memory read in MISTY1::key()
+* Fixed a nasty memory leak in Output_Buffers::retire()
+* Reimplemented the memory allocator from scratch
+* Improved memory caching in Montgomery exponentiation
+* Optimizations for multiple precision addition and subtraction
+* Fixed a build problem in the hardware timer module on 64-bit PowerPC
+* Changed default Karatsuba cutoff to 12 words (was 14)
+* Removed MemoryRegion::bits(), which was unused and incorrect
+* Changed maximum HMAC keylength to 1024 bits
+* Various minor Makefile and build system changes
+* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
+* Switched checks/clock.cpp back to using clock() by default
+* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
+* Removed the Default_Mutex's unused clone() member function
+
diff --git a/doc/relnotes/1_5_3.txt b/doc/relnotes/1_5_3.txt
new file mode 100644
index 000000000..60f5f9009
--- /dev/null
+++ b/doc/relnotes/1_5_3.txt
@@ -0,0 +1,14 @@
+Version 1.5.3, 2006-01-24
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Many optimizations in the low-level multiple precision integer code
+* Added hooks for assembly implementations of the MPI code
+* Support for the X.509 issuer alternative name extension in new certs
+* Fixed a bug in the decompression modules; found and patched by Matt Johnston
+* New Windows mutex module (mux_win32), by Luca Piccarreta
+* Changed the Windows timer module to use QueryPerformanceCounter
+* mem_pool.cpp was using std::set iterators instead of std::multiset ones
+* Fixed a bug in X509_CA preventing users from disabling particular extensions
+* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
+* Fixed some module build problems on FreeBSD and Tru64
+
diff --git a/doc/relnotes/1_5_4.txt b/doc/relnotes/1_5_4.txt
new file mode 100644
index 000000000..44eae0598
--- /dev/null
+++ b/doc/relnotes/1_5_4.txt
@@ -0,0 +1,19 @@
+Version 1.5.4, 2006-01-29
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
+* Fixed a memory access off-by-one in the Karatsuba code
+* Changed Pooling_Allocator's free list search to a log(N) algorithm
+* Merged ModularReducer with its only subclass, Barrett_Reducer
+* Fixed sign-handling bugs in some of the division and modulo code
+* Renamed the module description files to modinfo.txt
+* Further cleanups in the initialization code
+* Removed BigInt::add and BigInt::sub
+* Merged all the division-related functions into just divide()
+* Modified the <mp_asmi.h> functions to allow for better optimizations
+* Made the number of bits polled from an EntropySource user configurable
+* Avoid including <algorithm> in <botan/secmem.h>
+* Fixed some build problems with Sun Forte
+* Removed some dead code from bigint_modop
+* Fix the definition of same_mem
+
diff --git a/doc/relnotes/1_5_5.txt b/doc/relnotes/1_5_5.txt
new file mode 100644
index 000000000..e4ab22fb5
--- /dev/null
+++ b/doc/relnotes/1_5_5.txt
@@ -0,0 +1,13 @@
+Version 1.5.5, 2006-02-04
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
+* Made Pooling_Allocator::Memory_Block an actual class of sorts
+* Some small optimizations to the division and modulo computations
+* Cleaned up the implementation of some of the BigInt operators
+* Reduced use of dynamic memory allocation in low-level BigInt functions
+* A few simplifications in the Randpool mixing function
+* Removed power(), as it was not particularly useful (or fast)
+* Fixed some annoying bugs in the benchmark code
+* Added a real credits file
+
diff --git a/doc/relnotes/1_5_6.txt b/doc/relnotes/1_5_6.txt
new file mode 100644
index 000000000..8925a8003
--- /dev/null
+++ b/doc/relnotes/1_5_6.txt
@@ -0,0 +1,10 @@
+Version 1.5.6, 2006-03-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The low-level DER/BER coding system was redesigned and rewritten
+* Portions of the certificate code were cleaned up internally
+* Use macros to substantially clean up the GCC assembly code
+* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
+* Avoid a couple of spurious warnings under Visual C++
+* Some slight cleanups in X509_PublicKey::key_id
+
diff --git a/doc/relnotes/1_5_7.txt b/doc/relnotes/1_5_7.txt
new file mode 100644
index 000000000..45ded103f
--- /dev/null
+++ b/doc/relnotes/1_5_7.txt
@@ -0,0 +1,8 @@
+Version 1.5.7, 2006-05-28
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Further, major changes to the BER/DER coding system
+* Updated the Qt mutex module to use Mutex_Factory
+* Moved the library global state object into an anonymous namespace
+* Drop the Visual C++ x86 assembly module due to bugs
+
diff --git a/doc/relnotes/1_5_8.txt b/doc/relnotes/1_5_8.txt
new file mode 100644
index 000000000..c7a2c549d
--- /dev/null
+++ b/doc/relnotes/1_5_8.txt
@@ -0,0 +1,13 @@
+Version 1.5.8, 2006-06-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Many internal cleanups to the X.509 cert/CRL code
+* Allow for application code to support new X.509 extensions
+* Change the return type of X509_Certificate::{subject,issuer}_info
+* Allow for alternate character set handling mechanisms
+* Fix a bug that was slowing squaring performance somewhat
+* Fix a very hard to hit overflow bug in the C version of word3_muladd
+* Minor cleanups to the assembler modules
+* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
+* Support for GCC 2.95.x has been dropped in this release
+
diff --git a/doc/relnotes/1_5_9.txt b/doc/relnotes/1_5_9.txt
new file mode 100644
index 000000000..fa7c130fa
--- /dev/null
+++ b/doc/relnotes/1_5_9.txt
@@ -0,0 +1,13 @@
+Version 1.5.9, 2006-07-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fixed bitrot in the AEP engine
+* Fix support for marking certificate/CRL extensions as critical
+* Significant cleanups in the library state / initialization code
+* LibraryInitializer takes an explicit InitializerOptions object
+* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
+* Change configuration access to using global_state()
+* Add support for global named mutexes throughout the library
+* Add some STL wrappers for the delete operator
+* Change how certificates are created to be more flexible and general
+
diff --git a/doc/relnotes/1_6_0.txt b/doc/relnotes/1_6_0.txt
new file mode 100644
index 000000000..32b4d7ae8
--- /dev/null
+++ b/doc/relnotes/1_6_0.txt
@@ -0,0 +1,6 @@
+Version 1.6.0, 2006-12-17
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Minor cleanups versus 1.5.13
+
+
diff --git a/doc/relnotes/1_6_1.txt b/doc/relnotes/1_6_1.txt
new file mode 100644
index 000000000..cf1de29a0
--- /dev/null
+++ b/doc/relnotes/1_6_1.txt
@@ -0,0 +1,8 @@
+Version 1.6.1, 2007-01-20
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix some base64 decoder bugs
+* Add a new option to base64 encoding, to always append a newline
+* Fix some build problems under Visual Studio with debug enabled
+* Fix a bug in BER_Decoder that was triggered under some compilers
+
diff --git a/doc/relnotes/1_6_2.txt b/doc/relnotes/1_6_2.txt
new file mode 100644
index 000000000..3fdea578f
--- /dev/null
+++ b/doc/relnotes/1_6_2.txt
@@ -0,0 +1,7 @@
+Version 1.6.2, 2007-03-24
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix autodection on Athlon64s running Linux
+* Fix builds on QNX and compilers using STLport
+* Remove a call to abort() that crept into production
+
diff --git a/doc/relnotes/1_6_3.txt b/doc/relnotes/1_6_3.txt
new file mode 100644
index 000000000..c6d9f4364
--- /dev/null
+++ b/doc/relnotes/1_6_3.txt
@@ -0,0 +1,6 @@
+Version 1.6.3, 2007-07-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a race condition in the algorithm lookup cache
+* Fix problems building the memory pool on some versions of Visual C++
+
diff --git a/doc/relnotes/1_6_4.txt b/doc/relnotes/1_6_4.txt
new file mode 100644
index 000000000..8f5295bcc
--- /dev/null
+++ b/doc/relnotes/1_6_4.txt
@@ -0,0 +1,5 @@
+Version 1.6.4, 2008-03-08
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a compilation problem with Visual Studio C++ 2003
+
diff --git a/doc/relnotes/1_6_5.txt b/doc/relnotes/1_6_5.txt
new file mode 100644
index 000000000..827adff95
--- /dev/null
+++ b/doc/relnotes/1_6_5.txt
@@ -0,0 +1,6 @@
+Version 1.6.5, 2008-08-27
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add noexec stack marker for GNU linker in assembly code
+* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3
+
diff --git a/doc/relnotes/1_7_0.txt b/doc/relnotes/1_7_0.txt
new file mode 100644
index 000000000..b9ad37914
--- /dev/null
+++ b/doc/relnotes/1_7_0.txt
@@ -0,0 +1,11 @@
+Version 1.7.0, 2007-05-19
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* DSA parameter generation now follows FIPS 186-3
+* Added OIDs for Rabin-Williams and Nyberg-Rueppel
+* Somewhat better support for out of tree builds
+* Minor optimizations for RC2 and Tiger
+* Documentation updates
+* Update the todo list
+
+
diff --git a/doc/relnotes/1_7_1.txt b/doc/relnotes/1_7_1.txt
new file mode 100644
index 000000000..e53bf66d9
--- /dev/null
+++ b/doc/relnotes/1_7_1.txt
@@ -0,0 +1,10 @@
+Version 1.7.1, 2007-07-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a race condition in the algorithm object cache
+* HMAC key schedule optimization
+* The build header sets a macro defining endianness, if known
+* New word load/store abstraction allowing further optimization
+* Modify most of the library to avoid use the C-style casts
+* Use higher resolution timers in symmetric benchmarks
+
diff --git a/doc/relnotes/1_7_10.txt b/doc/relnotes/1_7_10.txt
new file mode 100644
index 000000000..edaec7b71
--- /dev/null
+++ b/doc/relnotes/1_7_10.txt
@@ -0,0 +1,12 @@
+Version 1.7.10, 2008-09-05
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Public key benchmarks run using a selection of random keys
+* New benchmark timer options are clock_gettime, gettimeofday, times, clock
+* Including reinterpret_cast optimization for xor_buf in default header
+* Split byte swapping and word rotation functions into distinct headers
+* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
+* Optimizes BigInt right shift
+* Add aliases in DL_Group::Format enum
+* BigInt now caches the significant word count
+
diff --git a/doc/relnotes/1_7_11.txt b/doc/relnotes/1_7_11.txt
new file mode 100644
index 000000000..be23f0d72
--- /dev/null
+++ b/doc/relnotes/1_7_11.txt
@@ -0,0 +1,13 @@
+Version 1.7.11, 2008-09-11
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the Salsa20 stream cipher
+* Optimized Montgomery reduction, Karatsuba squaring
+* Added 16x16->32 word Comba multiplication and squaring
+* Use a much larger Karatsuba cutoff point
+* Remove bigint_mul_add_words
+* Inlined several BigInt functions
+* Add useful information to the generated build.h
+* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
+* Fix the Windows build
+
diff --git a/doc/relnotes/1_7_12.txt b/doc/relnotes/1_7_12.txt
new file mode 100644
index 000000000..21bd3da8c
--- /dev/null
+++ b/doc/relnotes/1_7_12.txt
@@ -0,0 +1,19 @@
+Version 1.7.12, 2008-09-18
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add x86 assembly for Visual Studio C++, by Luca Piccarreta
+* Add a Perl XS module, by Vaclav Ovsik
+* Add SWIG-based wrapper for Botan
+* Add SSE2 implementation of SHA-1, by Dean Gaudet
+* Remove the BigInt::sig_words cache due to bugs
+* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
+* Changed BigInt::grow_by and BigInt::grow_to to be non-const
+* Add private assignment operators to classes that don't support assignment
+* Benchmark RSA encryption and signatures
+* Added test programs for random_prime and ressol
+* Add high resolution timers for IA-64, HP-PA, S390x
+* Reduce use of the RNG during benchmarks
+* Fix builds on STI Cell PPU
+* Add support for IBM's XLC compiler
+* Add IETF 8192 bit MODP group
+
diff --git a/doc/relnotes/1_7_13.txt b/doc/relnotes/1_7_13.txt
new file mode 100644
index 000000000..66591df88
--- /dev/null
+++ b/doc/relnotes/1_7_13.txt
@@ -0,0 +1,9 @@
+Version 1.7.13, 2008-09-27
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
+* Allow all examples to compile even if compression not enabled
+* Make CMAC's polynomial doubling operation a public class method
+* Use the -m64 flag when compiling with Sun Forte on x86-64
+* Clean up and slightly optimize CMAC::final_result
+
diff --git a/doc/relnotes/1_7_14.txt b/doc/relnotes/1_7_14.txt
new file mode 100644
index 000000000..6bf5c50d2
--- /dev/null
+++ b/doc/relnotes/1_7_14.txt
@@ -0,0 +1,11 @@
+Version 1.7.14, 2008-09-30
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Split library into parts allowing modular builds
+* Add (very preliminary) CMS support to the main library
+* Some constructors now require object pointers instead of names
+* Support multiple implementations of the same algorithm
+* Build support for Pentium-M processors, from Derek Scherger
+* Build support for MinGW/MSYS, from Zbigniew Zagorski
+* Use inline assembly for bswap on 32-bit x86
+
diff --git a/doc/relnotes/1_7_15.txt b/doc/relnotes/1_7_15.txt
new file mode 100644
index 000000000..9cd34ab64
--- /dev/null
+++ b/doc/relnotes/1_7_15.txt
@@ -0,0 +1,11 @@
+Version 1.7.15, 2008-10-07
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add GF(p) arithmetic from InSiTo
+* Add ECDSA and ECKAEG implementations from InSiTo
+* Minimize internal dependencies, allowing for smaller build configurations
+* Add new User Manual and Architecture Guide from FlexSecure GmbH
+* Alter configure.pl options for better autotools compatibility
+* Update build instructions for recent changes to configure.pl
+* Fix CPU detection using /proc/cpuinfo
+
diff --git a/doc/relnotes/1_7_16.txt b/doc/relnotes/1_7_16.txt
new file mode 100644
index 000000000..8b964da3f
--- /dev/null
+++ b/doc/relnotes/1_7_16.txt
@@ -0,0 +1,12 @@
+Version 1.7.16, 2008-10-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add several missing pieces needed for ECDSA and ECKAEG
+* Add Card Verifiable Certificates from InSiTo
+* Add SHA-224 from InSiTo
+* Add BSI variant of EMSA1 from InSiTo
+* Add GF(p) and ECDSA tests from InSiTo
+* Split ECDSA and ECKAEG into distinct modules
+* Allow OpenSSL and GNU MP engines to be built with public key algos disabled
+* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h
+
diff --git a/doc/relnotes/1_7_17.txt b/doc/relnotes/1_7_17.txt
new file mode 100644
index 000000000..b364d6112
--- /dev/null
+++ b/doc/relnotes/1_7_17.txt
@@ -0,0 +1,10 @@
+Version 1.7.17, 2008-10-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add missing ECDSA object identifiers
+* Fix error in x86 and x86-64 assembler affecting GF(p) math
+* Remove Boost dependency from GF(p) math
+* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
+* Add BOTAN_DLL macro to over 30 classes missing it
+* Rename the two SHA-2 base classes for consistency
+
diff --git a/doc/relnotes/1_7_18.txt b/doc/relnotes/1_7_18.txt
new file mode 100644
index 000000000..2bc1bf970
--- /dev/null
+++ b/doc/relnotes/1_7_18.txt
@@ -0,0 +1,11 @@
+Version 1.7.18, 2008-10-22
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add Doxygen comments from InSiTo
+* Add ECDSA and ECKAEG benchmarks
+* Add configure.pl switch --with-tr1-implementation
+* Fix configure.pl's --with-endian and --with-unaligned-mem options
+* Added support for pkg-config
+* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
+* Use const references to avoid copying overhead in CurveGFp, GFpModulus
+
diff --git a/doc/relnotes/1_7_19.txt b/doc/relnotes/1_7_19.txt
new file mode 100644
index 000000000..c54ce354d
--- /dev/null
+++ b/doc/relnotes/1_7_19.txt
@@ -0,0 +1,10 @@
+Version 1.7.19, 2008-11-06
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add HMAC_RNG, based on a design by Hugo Krawczyk
+* Optimized the Turing stream cipher (about 20% faster on x86-64)
+* Modify Randpool's reseeding algorithm to poll more sources
+* Add a new AutoSeeded_RNG in auto_rng.h
+* OpenPGP_S2K changed to take hash object instead of name
+* Add automatic identification for Intel's Prescott processors
+
diff --git a/doc/relnotes/1_7_2.txt b/doc/relnotes/1_7_2.txt
new file mode 100644
index 000000000..3b182d246
--- /dev/null
+++ b/doc/relnotes/1_7_2.txt
@@ -0,0 +1,11 @@
+Version 1.7.2, 2007-10-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Initialize the global library state lazily
+* Add plain CBC-MAC for backwards compatibility with old systems
+* Clean up some of the self test code
+* Throw a sensible exception if a DL_Group is not found
+* Truncate KDF2 output rather than allowing counter overflow
+* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
+* Fix a Visual Studio compilation problem in x509stat.cpp
+
diff --git a/doc/relnotes/1_7_20.txt b/doc/relnotes/1_7_20.txt
new file mode 100644
index 000000000..38a4b6b1c
--- /dev/null
+++ b/doc/relnotes/1_7_20.txt
@@ -0,0 +1,8 @@
+Version 1.7.20, 2008-11-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Namespace pkg-config file by major and minor versions
+* Cache device descriptors in Device_EntropySource
+* Split base.h into {block_cipher,stream_cipher,mac,hash}.h
+* Removed get_mgf function from lookup.h
+
diff --git a/doc/relnotes/1_7_21.txt b/doc/relnotes/1_7_21.txt
new file mode 100644
index 000000000..d3eaf48f8
--- /dev/null
+++ b/doc/relnotes/1_7_21.txt
@@ -0,0 +1,9 @@
+Version 1.7.21, 2008-11-11
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Make algorithm lookup much more configuable
+* Add facilities for runtime performance testing of algorithms
+* Drop use of entropy estimation in the PRNGs
+* Increase intervals between HMAC_RNG automatic reseeding
+* Drop InitializerOptions class, all options but thread safety
+
diff --git a/doc/relnotes/1_7_22.txt b/doc/relnotes/1_7_22.txt
new file mode 100644
index 000000000..52a286e83
--- /dev/null
+++ b/doc/relnotes/1_7_22.txt
@@ -0,0 +1,10 @@
+Version 1.7.22, 2008-11-17
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add provider preferences to Algorithm_Factory
+* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
+* Optimize AES encryption and decryption (about 10% faster)
+* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
+* Fix nanoseconds overflow in benchmark code
+* Remove Engine::add_engine
+
diff --git a/doc/relnotes/1_7_23.txt b/doc/relnotes/1_7_23.txt
new file mode 100644
index 000000000..bd30238d2
--- /dev/null
+++ b/doc/relnotes/1_7_23.txt
@@ -0,0 +1,15 @@
+Version 1.7.23, 2008-11-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Change to use TR1 (thus enabling ECDSA) with GCC and ICC
+* Optimize almost all hash functions, especially MD4 and Tiger
+* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
+* Change Timer to be pure virtual, and add ANSI_Clock_Timer
+* Cache socket descriptors in the EGD entropy source
+* Avoid bogging down startup in /proc walking entropy source
+* Remove Buffered_EntropySource helper class
+* Add a Default_Benchmark_Timer typedef in benchmark.h
+* Add examples using benchmark.h and Algorithm_Factory
+* Add ECC tests from InSiTo
+* Minor documentation updates
+
diff --git a/doc/relnotes/1_7_24.txt b/doc/relnotes/1_7_24.txt
new file mode 100644
index 000000000..f43c752ff
--- /dev/null
+++ b/doc/relnotes/1_7_24.txt
@@ -0,0 +1,15 @@
+Version 1.7.24, 2008-12-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a compatibility problem with SHA-512/EMSA3 signature padding
+* Fix bug preventing EGD/PRNGD entropy poller from working
+* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
+* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
+* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
+* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
+* Wrap private structs in SSE2 SHA-1 code in anonymous namespace
+* Change configure.pl's CPU autodetection output to be more consistent
+* Disable using OpenSSL's AES due to crashes of unknown cause
+* Fix warning in /proc walking entropy poller
+* Fix compilation with IBM XLC for Cell 0.9-200709
+
diff --git a/doc/relnotes/1_7_3.txt b/doc/relnotes/1_7_3.txt
new file mode 100644
index 000000000..8426978cd
--- /dev/null
+++ b/doc/relnotes/1_7_3.txt
@@ -0,0 +1,12 @@
+Version 1.7.3, 2008-01-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* New invocation syntax for configure.pl with several new options
+* Support for IPv4 addresses in a subject alternative name
+* New fast poll for the generic Unix entropy source (es_unix)
+* The es_file entropy source has been replaced by the es_dev module
+* The malloc allocator does not inherit from Pooling_Allocator anymore
+* The path that es_unix will search in are now fully user-configurable
+* Truncate X9.42 PRF output rather than allow counter overflow
+* PowerPC is now assumed to be big-endian
+
diff --git a/doc/relnotes/1_7_4.txt b/doc/relnotes/1_7_4.txt
new file mode 100644
index 000000000..608b7ffb1
--- /dev/null
+++ b/doc/relnotes/1_7_4.txt
@@ -0,0 +1,11 @@
+Version 1.7.4, 2008-03-10
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Use unaligned memory read/writes on systems that allow it, for performance
+* Assembly for x86-64 for accessing the bswap instruction
+* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
+* Unroll loops in SHA-160 for a few percent increase in performance
+* Fix compilation with GCC 3.2 in es_ftw and es_unix
+* Build fix for NetBSD systems
+* Prevent es_dev from being built except on Unix systems
+
diff --git a/doc/relnotes/1_7_5.txt b/doc/relnotes/1_7_5.txt
new file mode 100644
index 000000000..f5ec97e14
--- /dev/null
+++ b/doc/relnotes/1_7_5.txt
@@ -0,0 +1,14 @@
+Version 1.7.5, 2008-04-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The API of X509_CA::sign_request was altered to avoid race conditions
+* New type Pipe::message_id to represent the Pipe message number
+* Remove the Named_Mutex_Holder for a small performance gain
+* Removed several unused or rarely used functions from Config
+* Ignore spaces inside of a decimal string in BigInt::decode
+* Allow using a std::istream to initialize a DataSource_Stream object
+* Fix compilation problem in zlib compression module
+* The chunk sized used by Pooling_Allocator is now a compile time setting
+* The size of random blinding factors is now a compile time setting
+* The install target no longer tries to set a particular owner/group
+
diff --git a/doc/relnotes/1_7_6.txt b/doc/relnotes/1_7_6.txt
new file mode 100644
index 000000000..3fb6064fd
--- /dev/null
+++ b/doc/relnotes/1_7_6.txt
@@ -0,0 +1,12 @@
+Version 1.7.6, 2008-05-05
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Initial support for Windows DLLs, from Joel Low
+* Reset the position pointer when a new block is generated in X9.32 PRNG
+* Timer objects are now treated as entropy sources
+* Moved several ASN.1-related enums from enums.h to an appropriate header
+* Removed the AEP module, due to inability to test
+* Removed Global_RNG and rng.h
+* Removed system_clock
+* Removed Library_State::UI and the pulse callback logic
+
diff --git a/doc/relnotes/1_7_7.txt b/doc/relnotes/1_7_7.txt
new file mode 100644
index 000000000..9934959e0
--- /dev/null
+++ b/doc/relnotes/1_7_7.txt
@@ -0,0 +1,14 @@
+Version 1.7.7, 2008-06-28
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Remove the global PRNG object
+* The PK filter objects were removed
+* Add a test suite for the ANSI X9.31 PRNG
+* Much cleaner and (mostly) thread-safe reimplementation of es_ftw
+* Remove both default arguments to ANSI_X931_RNG's constructor
+* Remove the randomizing version of OctetString::change
+* Make the cipher and MAC to use in Randpool configurable
+* Move RandomNumberGenerator declaration to rng.h
+* RSA_PrivateKey will not generate keys smaller than 1024 bits
+* Fix an error decoding BER UNIVERSAL types with special taggings
+
diff --git a/doc/relnotes/1_7_8.txt b/doc/relnotes/1_7_8.txt
new file mode 100644
index 000000000..b02451214
--- /dev/null
+++ b/doc/relnotes/1_7_8.txt
@@ -0,0 +1,12 @@
+Version 1.7.8, 2008-07-15
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the block cipher Noekeon
+* Remove global deref_alias function
+* X509_Store takes timeout options as constructor arguments
+* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
+* Extend random_prime() for generating primes of any bit length
+* Remove Config class
+* Allow adding new entropy via base RNG interface
+* Reseeding a X9.31 PRNG also reseeds the underlying PRNG
+
diff --git a/doc/relnotes/1_7_9.txt b/doc/relnotes/1_7_9.txt
new file mode 100644
index 000000000..039106d71
--- /dev/null
+++ b/doc/relnotes/1_7_9.txt
@@ -0,0 +1,9 @@
+Version 1.7.9, 2008-08-27
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Make clear() in most algorithm base classes a pure virtual
+* Add noexec stack marker for GNU linker in assembly code
+* Avoid string operations in ressol
+* Compilation fixes for MinGW and Visual Studio C++ 2008
+* Some autoconfiguration fixes for Windows
+
diff --git a/doc/relnotes/1_8_0.txt b/doc/relnotes/1_8_0.txt
new file mode 100644
index 000000000..e9ebbe43f
--- /dev/null
+++ b/doc/relnotes/1_8_0.txt
@@ -0,0 +1,6 @@
+Version 1.8.0, 2008-12-08
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix compilation on Solaris with GCC
+
+
diff --git a/doc/relnotes/1_8_1.txt b/doc/relnotes/1_8_1.txt
new file mode 100644
index 000000000..532842fba
--- /dev/null
+++ b/doc/relnotes/1_8_1.txt
@@ -0,0 +1,8 @@
+Version 1.8.1, 2009-01-20
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
+* Fix memory leak in PKCS8 load_key and encrypt_key
+* Relicense api.tex from CC-By-SA 2.5 to BSD
+* Fix botan-config on MacOS X, Solaris
+
diff --git a/doc/relnotes/1_8_10.txt b/doc/relnotes/1_8_10.txt
new file mode 100644
index 000000000..3c4f62b09
--- /dev/null
+++ b/doc/relnotes/1_8_10.txt
@@ -0,0 +1,11 @@
+Version 1.8.10, 2010-08-31
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Switch default PKCS #8 encryption algorithm from 3DES to AES-256
+* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2
+* Use small tables in the first round of AES
+* Add PBKDF typedef and get_pbkdf for better compatability with 1.9
+* Add version of S2K::derive_key taking salt and iteration count
+* Enable the /proc-walking entropy source on NetBSD
+* Fix the doxygen makefile target
+
diff --git a/doc/relnotes/1_8_11.txt b/doc/relnotes/1_8_11.txt
new file mode 100644
index 000000000..688023ab4
--- /dev/null
+++ b/doc/relnotes/1_8_11.txt
@@ -0,0 +1,10 @@
+Version 1.8.11, 2010-11-02
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a number of CRL encoding and decoding bugs
+* When building a debug library under VC++, use the debug runtime
+* Fix compilation under Sun Studio on Linux and Solaris
+* Add several functions for compatability with 1.9
+* In the examples, read most input files as binary
+* The Perl build script has been removed in this release
+
diff --git a/doc/relnotes/1_8_12.txt b/doc/relnotes/1_8_12.txt
new file mode 100644
index 000000000..83955b7e5
--- /dev/null
+++ b/doc/relnotes/1_8_12.txt
@@ -0,0 +1,14 @@
+Version 1.8.12, 2011-06-20
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* If EMSA3(Raw) was used for more than one signature, it would produce
+ incorrect output.
+
+* Fix the --enable-debug option to configure.py
+
+* Improve OS detection on Cygwin
+
+* Fix compilation under Sun Studio 12 on Solaris
+
+* Fix a memory leak in the constructors of DataSource_Stream and
+ DataSink_Stream which would occur if opening the file failed. PR 144
+
diff --git a/doc/relnotes/1_8_13.txt b/doc/relnotes/1_8_13.txt
new file mode 100644
index 000000000..9de12cf07
--- /dev/null
+++ b/doc/relnotes/1_8_13.txt
@@ -0,0 +1,8 @@
+Version 1.8.13, 2011-07-02
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* A race condition in `Algorithm_Factory` could cause crashes in
+ multithreaded code. See `this thread on botan-devel
+ <http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_
+ for details and workarounds.
+
diff --git a/doc/relnotes/1_8_2.txt b/doc/relnotes/1_8_2.txt
new file mode 100644
index 000000000..8ba19973b
--- /dev/null
+++ b/doc/relnotes/1_8_2.txt
@@ -0,0 +1,8 @@
+Version 1.8.2, 2009-04-07
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Make entropy polling more flexible and in most cases faster
+* GOST 28147 now supports multiple sbox parameters
+* Added the GOST 34.11 hash function
+* Fix botan-config problems on MacOS X
+
diff --git a/doc/relnotes/1_8_3.txt b/doc/relnotes/1_8_3.txt
new file mode 100644
index 000000000..3bfe7bde0
--- /dev/null
+++ b/doc/relnotes/1_8_3.txt
@@ -0,0 +1,14 @@
+Version 1.8.3, 2009-07-11
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add a new Python configuration script
+* Add the Skein-512 SHA-3 candidate hash function
+* Add the XTS block cipher mode from IEEE P1619
+* Fix random_prime when generating a prime of less than 7 bits
+* Improve handling of low-entropy situations during PRNG seeding
+* Change random device polling to prefer /dev/urandom over /dev/random
+* Use an input insensitive implementation of same_mem instead of memcmp
+* Correct DataSource::discard_next to return the number of discarded bytes
+* Provide a default value for AutoSeeded_RNG::reseed
+* Fix Gentoo bug 272242
+
diff --git a/doc/relnotes/1_8_4.txt b/doc/relnotes/1_8_4.txt
new file mode 100644
index 000000000..b103db11f
--- /dev/null
+++ b/doc/relnotes/1_8_4.txt
@@ -0,0 +1,5 @@
+Version 1.8.4, 2009-07-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a bug in nonce generation in the Miller-Rabin test
+
diff --git a/doc/relnotes/1_8_5.txt b/doc/relnotes/1_8_5.txt
new file mode 100644
index 000000000..f2675de99
--- /dev/null
+++ b/doc/relnotes/1_8_5.txt
@@ -0,0 +1,8 @@
+Version 1.8.5, 2009-07-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Change configure.py to work on stock Python 2.4
+* Avoid a crash in Skein_512::add_data processing a zero-length input
+* Small build fixes for SPARC, ARM, and HP-PA processors
+* The test suite now returns an error code from main() if any tests failed
+
diff --git a/doc/relnotes/1_8_6.txt b/doc/relnotes/1_8_6.txt
new file mode 100644
index 000000000..6e4fa8c56
--- /dev/null
+++ b/doc/relnotes/1_8_6.txt
@@ -0,0 +1,13 @@
+Version 1.8.6, 2009-08-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add Cryptobox, a set of simple password-based encryption routines
+* Only read world-readable files when walking /proc for entropy
+* Fix building with TR1 disabled
+* Fix x86 bswap support for Visual C++
+* Fixes for compilation under Sun C++
+* Add support for Dragonfly BSD (contributed by Patrick Georgi)
+* Add support for the Open64 C++ compiler
+* Build fixes for MIPS systems running Linux
+* Minor changes to license, now equivalent to the FreeBSD/NetBSD license
+
diff --git a/doc/relnotes/1_8_7.txt b/doc/relnotes/1_8_7.txt
new file mode 100644
index 000000000..e5bf54649
--- /dev/null
+++ b/doc/relnotes/1_8_7.txt
@@ -0,0 +1,6 @@
+Version 1.8.7, 2009-09-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix processing multiple messages in XTS mode
+* Add --no-autoload option to configure.py, for minimized builds
+
diff --git a/doc/relnotes/1_8_8.txt b/doc/relnotes/1_8_8.txt
new file mode 100644
index 000000000..a46032c20
--- /dev/null
+++ b/doc/relnotes/1_8_8.txt
@@ -0,0 +1,8 @@
+Version 1.8.8, 2009-11-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Alter Skein-512 to match the tweaked 1.2 specification
+* Fix use of inline asm for access to x86 bswap function
+* Allow building the library without AES enabled
+* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild
+
diff --git a/doc/relnotes/1_8_9.txt b/doc/relnotes/1_8_9.txt
new file mode 100644
index 000000000..c66198364
--- /dev/null
+++ b/doc/relnotes/1_8_9.txt
@@ -0,0 +1,27 @@
+Version 1.8.9, 2010-06-16
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Use constant time multiplication in IDEA
+
+* Avoid possible timing attack against OAEP decoding
+
+* Add new X509::BER_encode and PKCS8::BER_encode
+
+* Enable DLL builds under Windows
+
+* Add Win32 installer support
+
+* Add support for the Clang compiler
+
+* Fix problem in semcem.h preventing build under Clang or GCC 3.4
+
+* Fix bug that prevented creation of DSA groups under 1024 bits
+
+* Fix crash in GMP_Engine if library is shutdown and reinitialized and
+ a PK algorithm was used after the second init
+
+* Work around problem with recent binutils in x86-64 SHA-1
+
+* The Perl build script is no longer supported and refuses to run by
+ default. If you really want to use it, pass
+ ``--i-know-this-is-broken`` to the script.
diff --git a/doc/relnotes/1_9_0.txt b/doc/relnotes/1_9_0.txt
new file mode 100644
index 000000000..3e0407887
--- /dev/null
+++ b/doc/relnotes/1_9_0.txt
@@ -0,0 +1,12 @@
+Version 1.9.0, 2009-09-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add support for parallel invocation of block ciphers where possible
+* Add SSE2 implementation of Serpent
+* Add Rivest's package transform (an all or nothing transform)
+* Minor speedups to the Turing key schedule
+* Fix processing multiple messages in XTS mode
+* Add --no-autoload option to configure.py, for minimized builds
+* The previously used configure.pl script is no longer supported
+
+
diff --git a/doc/relnotes/1_9_1.txt b/doc/relnotes/1_9_1.txt
new file mode 100644
index 000000000..e044f1d3c
--- /dev/null
+++ b/doc/relnotes/1_9_1.txt
@@ -0,0 +1,16 @@
+Version 1.9.1, 2009-10-23
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Better support for Python and Perl wrappers
+* Add an implementation of Blue Midnight Wish (Round 2 tweak version)
+* Modify Skein-512 to match the tweaked 1.2 specification
+* Add threshold secret sharing (draft-mcgrew-tss-02)
+* Add runtime cpu feature detection for x86/x86-64
+* Add code for general runtime self testing for hashes, MACs, and ciphers
+* Optimize XTEA; twice as fast as before on Core2 and Opteron
+* Convert CTR_BE and OFB from filters to stream ciphers
+* New parsing code for SCAN algorithm names
+* Enable SSE2 optimizations under Visual C++
+* Remove all use of C++ exception specifications
+* Add support for GNU/Hurd and Clang/LLVM
+
diff --git a/doc/relnotes/1_9_10.txt b/doc/relnotes/1_9_10.txt
new file mode 100644
index 000000000..296c34ca3
--- /dev/null
+++ b/doc/relnotes/1_9_10.txt
@@ -0,0 +1,26 @@
+Version 1.9.10, 2010-08-12
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add a constant-time AES implementation using SSSE3. This code is
+ based on public domain assembly written by `Mike Hamburg
+ <http://crypto.stanford.edu/vpaes/>`_, and described in his CHES
+ 2009 paper "Accelerating AES with Vector Permute Instructions". In
+ addition to being constant time, it is also significantly faster
+ than the table-based implementation on some processors. The current
+ code has been tested with GCC 4.5, Visual C++ 2008, and Clang 2.8.
+
+
+* Support for dynamically loading Engine objects at runtime was also
+ added. Currently only system that use ``dlopen``-style dynamic
+ linking are supported.
+
+* On GCC 4.3 and later, use the byteswap intrinsic functions.
+
+* Drop support for building with Python 2.4
+
+* Fix benchmarking of block ciphers in ECB mode
+
+* Consolidate the two x86 assembly engines
+
+* Rename S2K to PBKDF
+
diff --git a/doc/relnotes/1_9_11.txt b/doc/relnotes/1_9_11.txt
new file mode 100644
index 000000000..ea48fb9e5
--- /dev/null
+++ b/doc/relnotes/1_9_11.txt
@@ -0,0 +1,44 @@
+Version 1.9.11, 2010-11-29
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The TLS API has changed substantially and now relies heavily on
+ TR1's ``std::function`` is now required. Additionally, it is
+ required that all callers derive a subclass of TLS_Policy and pass
+ it to a client or server object. Please remember that the TLS
+ interface/API is currently unstable and will very likely change
+ further before TLS is included in a stable release. A handshake
+ failure that occured when RC4 was negotiated has also been fixed.
+
+* Some possible timing channels in the implementations of Montgomery
+ reduction and the IDEA key schedule were removed. The table-based
+ AES implementation uses smaller tables in the first round to help
+ make some timing/cache attacks harder.
+
+* The library now uses size_t instead of u32bit to represent
+ lengths. Also the interfaces for the memory containers have changed
+ substantially to better match STL container interfaces;
+ MemoryRegion::append, MemoryRegion::destroy, and MemoryRegion::set
+ were all removed, and several other functions, like clear and
+ resize, have changed meaning.
+
+* Update Skein-512 to match the v1.3 specification
+* Fix a number of CRL encoding and decoding bugs
+* Counter mode now always encrypts 256 blocks in parallel
+* Use small tables in the first round of AES
+* Removed AES class: app must choose AES-128, AES-192, or AES-256
+* Add hex encoding/decoding functions that can be used without a Pipe
+* Add base64 encoding functions that can be used without a Pipe
+* Add to_string function to X509_Certificate
+* Add support for dynamic engine loading on Windows
+* Replace BlockCipher::BLOCK_SIZE attribute with function block_size()
+* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size()
+* Move PBKDF lookup to engine system
+* The IDEA key schedule has been changed to run in constant time
+* Add Algorithm and Key_Length_Specification classes
+* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
+* Allow using PBKDF2 with empty passphrases
+* Add compile-time deprecation warnings for GCC, Clang, and MSVC
+* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
+* Improve support for Intel Atom processors
+* Fix compilation problems under Sun Studio and Clang
+
diff --git a/doc/relnotes/1_9_12.txt b/doc/relnotes/1_9_12.txt
new file mode 100644
index 000000000..21ad561d5
--- /dev/null
+++ b/doc/relnotes/1_9_12.txt
@@ -0,0 +1,7 @@
+Version 1.9.12, 2010-12-13
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add the Keccak hash function
+* Fix compilation problems in Python wrappers
+* Fix compilation problem in OpenSSL engine
+* Update SQLite3 database encryption codec
diff --git a/doc/relnotes/1_9_13.txt b/doc/relnotes/1_9_13.txt
new file mode 100644
index 000000000..701b6e5f0
--- /dev/null
+++ b/doc/relnotes/1_9_13.txt
@@ -0,0 +1,30 @@
+Version 1.9.13, 2011-02-19
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+GOST 34.10 signatures were being formatted in a way that was not
+compatible with other implemenations, and specifically how GOST is
+used in DNSSEC.
+
+The Keccak hash function was updated to the tweaked variant proposed
+for round 3 of the NIST hash competition. This version is not
+compatible with the previous algorithm.
+
+A new option ``--distribution-info`` was added to the configure
+script. It allows the user building the library to set any
+distribution-specific notes on the build, which are available as a
+macro ``BOTAN_DISTRIBUTION_INFO``. The default value is
+'unspecified'. If you are building an unmodified version of botan
+(especially for distribution), and want to indicate to applications
+that this is the case, consider using
+``--distribution-info=pristine``. If you are making any patches or
+modifications, it is recommended to use
+``--distribution-info=[Distribution Name] [Version]``, for instance
+'FooNix 1.9.13-r3'.
+
+Some bugs preventing compilation under Clang 2.9 and Sun Studio 12
+were fixed.
+
+The DER/BER codecs use ``size_t`` instead of ``u32bit`` for small
+integers
+
+
diff --git a/doc/relnotes/1_9_14.txt b/doc/relnotes/1_9_14.txt
new file mode 100644
index 000000000..dec238f3a
--- /dev/null
+++ b/doc/relnotes/1_9_14.txt
@@ -0,0 +1,11 @@
+Version 1.9.14, 2011-03-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add support for bcrypt, OpenBSD's password hashing scheme. It is
+ described in :ref:`bcrypt`.
+
+* Add support for NIST's AES key wrapping algorithm, as described in
+ :rfc:`3394`. It is available by including ``rfc3394.h``.
+
+* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142)
+
diff --git a/doc/relnotes/1_9_15.txt b/doc/relnotes/1_9_15.txt
new file mode 100644
index 000000000..77b8dbde9
--- /dev/null
+++ b/doc/relnotes/1_9_15.txt
@@ -0,0 +1,25 @@
+Version 1.9.15, 2011-03-21
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* First release candidate for 1.10.0
+
+* Modify how message expansion is done in SHA-256 and SHA-512.
+ Instead of expanding the entire message at the start, compute them
+ in the minimum number of registers. Values are computed 15 rounds
+ before they are needed. On a Core i7-860, GCC 4.5.2, went from 143
+ to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512.
+
+* Pipe will delete empty output queues as soon as they are no longer
+ needed, even if earlier messages still have data unread. However an
+ (empty) entry in a deque of pointers will remain until all prior
+ messages are completely emptied.
+
+* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike the
+ Linux and NetBSD kernels, it will not trap and emulate it for us,
+ causing a illegal instruction crash.
+
+* Improve detection and autoconfiguration for ARM processors. Thanks
+ go out to the the `Tahoe-LAFS Software Foundation
+ <http://tahoe-lafs.org>`_, who donated a Sheevaplug that I'll be
+ using to figure out how to make the cryptographic primitives
+ Tahoe-LAFS relies on faster, particularly targeting the ARMv5TE.
diff --git a/doc/relnotes/1_9_16.txt b/doc/relnotes/1_9_16.txt
new file mode 100644
index 000000000..549e243f3
--- /dev/null
+++ b/doc/relnotes/1_9_16.txt
@@ -0,0 +1,52 @@
+Version 1.9.16, 2011-04-11
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Second release candidate for 1.10.0
+
+* The documentation, previously written in LaTeX, is now in
+ reStructuredText suitable for processing by `Sphinx
+ <http://sphinx.pocoo.org>`_, which can generate nicely formatted
+ HTML and PDFs. The documentation has also been greatly updated and
+ expanded.
+
+* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a
+ typedef for backwards compatability.
+
+* ``EC_Group``'s string constructor didn't understand the standard
+ names like "secp160r1", forcing use of the OIDs.
+
+* Two constructors for ECDSA private keys, the one that creates a new
+ random key, and the one that provides a preset private key as a
+ ``BigInt``, have been merged. This matches the existing interface
+ for DSA and DH keys. If you previously used the version taking a
+ ``BigInt`` private key, you'll have to additionally pass in a
+ ``RandomNumberGenerator`` object starting in this release.
+
+* It is now possible to create ECDH keys with a preset ``BigInt``
+ private key; previously no method for this was available.
+
+* The overload of ``generate_passhash9`` that takes an explicit
+ algorithm identifier has been merged with the one that does not.
+ The algorithm identifier code has been moved from the second
+ parameter to the fourth. See :ref:`passhash9` for details.
+
+* Change shared library versioning to match the normal Unix
+ conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is
+ named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do
+ its runtime linky magic. It can be safely presumed that any change
+ in the major or minor version indicates ABI incompatability.
+
+* Remove the socket wrapper code; it was not actually used by anything
+ in the library, only in the examples, and you can use whatever kind
+ of (blocking) socket interface you like with the SSL/TLS code. It's
+ available as socket.h in the examples directory if you want to use
+ it.
+
+* Disable the by-default 'strong' checking of private keys that are
+ loaded from storage. You can always request key material sanity
+ checking using Private_Key::check_key.
+
+* Bring back removed functions ``min_keylength_of``,
+ ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to
+ avoid breaking applications written against 1.8
+
diff --git a/doc/relnotes/1_9_17.txt b/doc/relnotes/1_9_17.txt
new file mode 100644
index 000000000..fbf9b3dee
--- /dev/null
+++ b/doc/relnotes/1_9_17.txt
@@ -0,0 +1,45 @@
+Version 1.9.17, 2011-04-29
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Third release candidate for 1.10.0
+
+* The format preserving encryption method currently available was
+ presented in the header ``fpe.h`` and the functions ``fpe_encrypt``
+ and ``fpe_decrypt``. These were renamed as it is likely that other
+ FPE schemes will be included in the future. The header is now
+ ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and
+ ``fe1_decrypt``. See :doc:`../fpe` for more information.
+
+* New options to ``configure.py`` control what tools are used for
+ documentation generation. The ``--with-sphinx`` option enables using
+ Sphinx to convert ReST into HTML; otherwise the ReST sources are
+ installed directly. If ``--with-doxygen`` is used, Doxygen will run
+ as well. Documentation generation can be triggered via the ``docs``
+ target in the makefile; it will also be installed by the install
+ target on Unix.
+
+* A bug in 1.9.16 effectively disabled support for runtime CPU feature
+ detection on x86 under GCC in that release.
+
+* A mostly internal change, all references to "ia32" and "amd64" have
+ been changed to the vendor neutral and probably easier to understand
+ "x86-32" and "x86-64". For instance, the "mp_amd64" module has been
+ renamed "mp_x86_64", and the macro indicating x86-32 has changed
+ from ``BOTAN_TARGET_ARCH_IS_IA32`` to
+ ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have
+ also been renamed.
+
+* Similiarly to the above change, the AES implemenations using the
+ AES-NI instruction set have been renamed from AES_XXX_Intel to
+ AES_XXX_NI.
+
+* Systems that are identified as `sun4u` will default to compiling for
+ 32-bit SPARCv9 code rather than 64-bit. This matches the still
+ common convention for 32-bit SPARC userspaces. If you want 64-bit
+ code on such as system, use ``--cpu=sparc64``.
+
+* Some minor fixes for compiling botan under the BeOS
+ clone/continuation `Haiku <http://haiku-os.org>`_.
+
+* Further updates to the documentation
+
diff --git a/doc/relnotes/1_9_18.txt b/doc/relnotes/1_9_18.txt
new file mode 100644
index 000000000..b82167bdf
--- /dev/null
+++ b/doc/relnotes/1_9_18.txt
@@ -0,0 +1,81 @@
+Version 1.9.18, 2011-06-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fourth release candidate for 1.10.0
+
+* The GOST 34.10 verification operation was not ensuring that s and r
+ were both greater than zero. This could potentially have meant it
+ would have accepted an invalid all-zero signature as valid for any
+ message. Due to how ECC points are internally represented it instead
+ resulted in an exception being thrown.
+
+* A simple multiexponentation algorithm is now used in ECDSA and
+ GOST-34.10 signature verification, leading to 20 to 25% improvements
+ in ECDSA and 25% to 40% improvements in GOST-34.10 verification
+ performance.
+
+* The internal representation of elliptic curve points has been
+ modified to use Montgomery representation exclusively, resulting in
+ reduced memory usage and a 10 to 20% performance improvement for
+ ECDSA and ECDH.
+
+* In OAEP decoding, scan for the delimiter bytes using a loop that is
+ written without conditionals so as to help avoid timing analysis.
+ Unfortunately GCC at least is 'smart' enough to compile it to
+ jumps anyway.
+
+* The SSE2 implementation of IDEA did not work correctly when compiled
+ by Clang, because the trick it used to emulate a 16 bit unsigned
+ compare in SSE (which doesn't contain one natively) relied on signed
+ overflow working in the 'usual' way. A different method that doesn't
+ rely on signed overflow is now used.
+
+* Add support for compiling SSL using Visual C++ 2010's TR1
+ implementation.
+
+* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to
+ crash if given a zero-sized input to encode.
+
+* A new build option ``--via-amalgamation`` will first generate the
+ single-file amalgamation, then build the library from that single
+ file. This option requires a lot of memory and does not parallelize,
+ but the resulting library is smaller and may be faster.
+
+* On Unix, the library and header paths have been changed to allow
+ parallel installation of different versions of the library. Headers
+ are installed into ``<prefix>/include/botan-1.9/botan``, libraries
+ are named ``libbotan-1.9``, and ``botan-config`` is now namespaced
+ (so in this release ``botan-config-1.9``). All of these embedded
+ versions will be 1.10 in the upcoming stable release.
+
+* The soname system has been modified. In this release the library
+ soname is ``libbotan-1.9.so.0``, with the full library being named
+ ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be
+ incremented whenever a breaking ABI change is made.
+
+* TR1 support is not longer automatically assumed under older versions
+ of GCC
+
+* Functions for base64 decoding that work standalone (without needing
+ to use a pipe) have been added to ``base64.h``
+
+* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11
+ and has been added back.
+
+* The function ``BigInt::get_substring`` did not work correctly with a
+ *length* argument of 32.
+
+* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and
+ assumes the caller included ``string.h`` on its behalf. Do so to
+ fix compilation in the ``dev_random`` and ``unix_procs`` entropy
+ sources. Patch from Jeremy C. Reed.
+
+* Add two different configuration targets for Atom, since some are
+ 32-bit and some are 64-bit. The 'atom' target now refers to the
+ 64-bit implementations, use 'atom32' to target the 32-bit
+ processors.
+
+* The (incomplete) support for CMS and card verifiable certificates
+ are disabled by default; add ``--enable-modules=cms`` or
+ ``--enable-modules=cvc`` during configuration to turn them back on.
+
diff --git a/doc/relnotes/1_9_2.txt b/doc/relnotes/1_9_2.txt
new file mode 100644
index 000000000..e3a46b770
--- /dev/null
+++ b/doc/relnotes/1_9_2.txt
@@ -0,0 +1,9 @@
+Version 1.9.2, 2009-11-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add SIMD version of XTEA
+* Support both SSE2 and AltiVec SIMD for Serpent and XTEA
+* Optimizations for SHA-1 and SHA-2
+* Add AltiVec runtime detection
+* Fix x86 CPU identification with Intel C++ and Visual C++
+
diff --git a/doc/relnotes/1_9_3.txt b/doc/relnotes/1_9_3.txt
new file mode 100644
index 000000000..7e7b27efc
--- /dev/null
+++ b/doc/relnotes/1_9_3.txt
@@ -0,0 +1,11 @@
+Version 1.9.3, 2009-11-19
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add new AES implementation using Intel's AES instruction intrinsics
+* Add an implementation of format preserving encryption
+* Allow use of any hash function in X.509 certificate creation
+* Optimizations for MARS, Skipjack, and AES
+* Set macros for available SIMD instructions in build.h
+* Add support for using InnoSetup to package Windows builds
+* By default build a DLL on Windows
+
diff --git a/doc/relnotes/1_9_4.txt b/doc/relnotes/1_9_4.txt
new file mode 100644
index 000000000..60e02ffd6
--- /dev/null
+++ b/doc/relnotes/1_9_4.txt
@@ -0,0 +1,57 @@
+Version 1.9.4, 2010-03-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add the Ajisai SSLv3/TLSv1.0 implementation
+
+* Add GOST 34.10-2001 public key signature scheme
+* Add SIMD implementation of Noekeon
+
+* Add SSE2 implementation of IDEA
+
+* Extend Salsa20 to support longer IVs (XSalsa20)
+
+* Perform XTS encryption and decryption in parallel where possible
+
+* Perform CBC decryption in parallel where possible
+
+* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
+
+* Add a block cipher cascade construction
+
+* Add support for password hashing for authentication (passhash9.h)
+
+* Add support for Win32 high resolution system timers
+
+* Major refactoring and API changes in the public key code
+
+* PK_Signer class now verifies all signatures before releasing them to
+ the caller; this should help prevent a wide variety of fault
+ attacks, though it does have the downside of hurting signature
+ performance, particularly for DSA/ECDSA.
+
+* Changed S2K interface: derive_key now takes salt, iteration count
+
+* Remove dependency on TR1 shared_ptr in ECC and CVC code
+
+* Renamed ECKAEG to its more usual name, ECDH
+
+* Fix crash in GMP_Engine if library is shutdown and reinitialized
+
+* Fix an invalid memory read in MD4
+
+* Fix Visual C++ static builds
+
+* Remove Timer class entirely
+
+* Switch default PKCS #8 encryption algorithm from 3DES to AES-128
+
+* New configuration option, ``--gen-amalgamation``, creates a pair of
+ files (``botan_all.cpp`` and ``botan_all.h``) which contain the
+ contents of the library as it would have normally been compiled
+ based on the set configuration.
+
+* Many headers are now explicitly internal-use-only and are not installed
+
+* Greatly improve the Win32 installer
+
+* Several fixes for Visual C++ debug builds
diff --git a/doc/relnotes/1_9_5.txt b/doc/relnotes/1_9_5.txt
new file mode 100644
index 000000000..cdcd8db4b
--- /dev/null
+++ b/doc/relnotes/1_9_5.txt
@@ -0,0 +1,14 @@
+Version 1.9.5, 2010-03-29
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Numerous ECC optimizations
+* Fix GOST 34.10-2001 X.509 key loading
+* Allow PK_Signer's fault protection checks to be toggled off
+* Avoid using pool-based locking allocator if we can't mlock
+* Remove all runtime options
+* New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
+* Remove SecureBuffer in favor of SecureVector length parameter
+* HMAC_RNG: Perform a poll along with user-supplied entropy
+* Fix crash in MemoryRegion if Allocator::get failed
+* Fix small compilation problem on FreeBSD
+
diff --git a/doc/relnotes/1_9_6.txt b/doc/relnotes/1_9_6.txt
new file mode 100644
index 000000000..971da7bca
--- /dev/null
+++ b/doc/relnotes/1_9_6.txt
@@ -0,0 +1,9 @@
+Version 1.9.6, 2010-04-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* TLS: Add support for TLS v1.1
+* TLS: Support server name indicator extension
+* TLS: Fix server handshake
+* TLS: Fix server using DSA certificates
+* TLS: Avoid timing channel between CBC padding check and MAC verification
+
diff --git a/doc/relnotes/1_9_7.txt b/doc/relnotes/1_9_7.txt
new file mode 100644
index 000000000..4c6e2c21d
--- /dev/null
+++ b/doc/relnotes/1_9_7.txt
@@ -0,0 +1,11 @@
+Version 1.9.7, 2010-04-27
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* TLS: Support reading SSLv2 client hellos
+* TLS: Add support for SEED ciphersuites (RFC 4162)
+* Add Comb4P hash combiner function
+
+* Fix checking of EMSA_Raw signatures with leading 0 bytes, valid
+ signatures could be rejected in certain scenarios.
+
+
diff --git a/doc/relnotes/1_9_8.txt b/doc/relnotes/1_9_8.txt
new file mode 100644
index 000000000..a671d946c
--- /dev/null
+++ b/doc/relnotes/1_9_8.txt
@@ -0,0 +1,13 @@
+Version 1.9.8, 2010-06-14
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add support for wide multiplications on 64-bit Windows
+* Use constant time multiplication in IDEA
+* Avoid possible timing attack against OAEP decoding
+* Removed FORK-256; rarely used and it has been broken
+* Rename ``--use-boost-python`` to ``--with-boost-python``
+* Skip building shared libraries on MinGW/Cygwin
+* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
+* Fix compilation on GCC versions before 4.3 (missing cpuid.h)
+* Fix compilation under the Clang compiler
+
diff --git a/doc/relnotes/1_9_9.txt b/doc/relnotes/1_9_9.txt
new file mode 100644
index 000000000..4ff1a9c0c
--- /dev/null
+++ b/doc/relnotes/1_9_9.txt
@@ -0,0 +1,26 @@
+Version 1.9.9, 2010-06-28
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A new pure virtual function has been added to ``Filter``, ``name``
+which simply returns some useful identifier for the object. Any
+out-of-tree ``Filter`` implementations will need to be updated.
+
+Add ``Keyed_Filter::valid_iv_length`` which makes it possible to query
+as to what IV length(s) a particular filter allows. Previously,
+partially because there was no such query mechanism, if a filter did
+not support IVs at all, then calls to ``set_iv`` would be silently
+ignored. Now an exception about the invalid IV length will be thrown.
+
+The default iteration count for the password based encryption schemes
+has been increased from 2048 to 10000. This should make
+password-guessing attacks against private keys encrypted with versions
+after this release somewhat harder.
+
+New functions for encoding public and private keys to binary,
+``X509::BER_encode`` and ``PKCS8::BER_encode`` have been added.
+
+Problems compiling under Apple's version of GCC 4.2.1 and on 64-bit
+MIPS systems using GCC 4.4 or later were fixed.
+
+The coverage of Doxygen documentation comments has significantly
+improved in this release.
diff --git a/doc/relnotes/index.txt b/doc/relnotes/index.txt
new file mode 100644
index 000000000..f8cdcdb72
--- /dev/null
+++ b/doc/relnotes/index.txt
@@ -0,0 +1,252 @@
+.. toctree::
+
+Release Notes
+========================================
+
+Series 1.11
+----------------------------------------
+
+.. toctree::
+
+ 1_11_0
+
+Series 1.10
+----------------------------------------
+
+.. toctree::
+
+ 1_10_2
+ 1_10_1
+ 1_10_0
+
+Series 1.9
+----------------------------------------
+
+.. toctree::
+
+ 1_9_18
+ 1_9_17
+ 1_9_16
+ 1_9_15
+ 1_9_14
+ 1_9_13
+ 1_9_12
+ 1_9_11
+ 1_9_10
+ 1_9_9
+ 1_9_8
+ 1_9_7
+ 1_9_6
+ 1_9_5
+ 1_9_4
+ 1_9_3
+ 1_9_2
+ 1_9_1
+ 1_9_0
+
+Series 1.8
+----------------------------------------
+
+.. toctree::
+
+ 1_8_13
+ 1_8_12
+ 1_8_11
+ 1_8_10
+ 1_8_9
+ 1_8_8
+ 1_8_7
+ 1_8_6
+ 1_8_5
+ 1_8_4
+ 1_8_3
+ 1_8_2
+ 1_8_1
+ 1_8_0
+
+Series 1.7
+----------------------------------------
+
+.. toctree::
+
+ 1_7_24
+ 1_7_23
+ 1_7_22
+ 1_7_21
+ 1_7_20
+ 1_7_19
+ 1_7_18
+ 1_7_17
+ 1_7_16
+ 1_7_15
+ 1_7_14
+ 1_7_13
+ 1_7_12
+ 1_7_11
+ 1_7_10
+ 1_7_9
+ 1_7_8
+ 1_7_7
+ 1_7_6
+ 1_7_5
+ 1_7_4
+ 1_7_3
+ 1_7_2
+ 1_7_1
+ 1_7_0
+
+Series 1.6
+----------------------------------------
+
+.. toctree::
+
+ 1_6_5
+ 1_6_4
+ 1_6_3
+ 1_6_2
+ 1_6_1
+ 1_6_0
+
+Series 1.5
+----------------------------------------
+
+.. toctree::
+
+ 1_5_13
+ 1_5_12
+ 1_5_11
+ 1_5_10
+ 1_5_9
+ 1_5_8
+ 1_5_7
+ 1_5_6
+ 1_5_5
+ 1_5_4
+ 1_5_3
+ 1_5_2
+ 1_5_1
+ 1_5_0
+
+Series 1.4
+----------------------------------------
+
+.. toctree::
+
+ 1_4_12
+ 1_4_11
+ 1_4_10
+ 1_4_9
+ 1_4_8
+ 1_4_7
+ 1_4_6
+ 1_4_5
+ 1_4_4
+ 1_4_3
+ 1_4_2
+ 1_4_1
+ 1_4_0
+
+Series 1.3
+----------------------------------------
+
+.. toctree::
+
+ 1_3_14
+ 1_3_13
+ 1_3_12
+ 1_3_11
+ 1_3_10
+ 1_3_9
+ 1_3_8
+ 1_3_7
+ 1_3_6
+ 1_3_5
+ 1_3_4
+ 1_3_3
+ 1_3_2
+ 1_3_1
+ 1_3_0
+
+Series 1.2
+----------------------------------------
+
+.. toctree::
+
+ 1_2_8
+ 1_2_7
+ 1_2_6
+ 1_2_5
+ 1_2_4
+ 1_2_3
+ 1_2_2
+ 1_2_1
+ 1_2_0
+
+Series 1.1
+----------------------------------------
+
+.. toctree::
+
+ 1_1_13
+ 1_1_12
+ 1_1_11
+ 1_1_10
+ 1_1_9
+ 1_1_8
+ 1_1_7
+ 1_1_6
+ 1_1_5
+ 1_1_4
+ 1_1_3
+ 1_1_2
+ 1_1_1
+ 1_1_0
+
+Series 1.0
+----------------------------------------
+
+.. toctree::
+
+ 1_0_2
+ 1_0_1
+ 1_0_0
+
+Series 0.9
+----------------------------------------
+
+.. toctree::
+
+ 0_9_2
+ 0_9_1
+ 0_9_0
+
+Series 0.8
+----------------------------------------
+
+.. toctree::
+
+ 0_8_7
+ 0_8_6
+ 0_8_5
+ 0_8_4
+ 0_8_3
+ 0_8_2
+ 0_8_1
+ 0_8_0
+
+Series 0.7
+----------------------------------------
+
+.. toctree::
+
+ 0_7_10
+ 0_7_9
+ 0_7_8
+ 0_7_7
+ 0_7_6
+ 0_7_5
+ 0_7_4
+ 0_7_3
+ 0_7_2
+ 0_7_1
+ 0_7_0
diff --git a/doc/x509.txt b/doc/x509.txt
index d31a84498..8bbcd54ba 100644
--- a/doc/x509.txt
+++ b/doc/x509.txt
@@ -243,7 +243,7 @@ The three certificate lookup methods are ``by_SKID`` (Subject Key Identifier),
``by_name`` (the CommonName DN entry), and ``by_email`` (stored in either the
distinguished name, or in a subjectAlternativeName extension). The name and
email versions take a ``std::string``, while the SKID version takes a
-``SecureVector<byte>`` containing the subject key identifier in raw binary. You
+``secure_vector<byte>`` containing the subject key identifier in raw binary. You
can choose not to implement ``by_name`` or ``by_email``, but ``by_SKID`` is
mandatory to implement, and, currently, is the only version that is used by
``X509_Store``.
@@ -417,7 +417,7 @@ The ``CRL_Entry`` type is a structure that contains, at a minimum, the serial
number of the revoked certificate. As serial numbers are never repeated, the
pairing of an issuer and a serial number (should) distinctly identify any
certificate. In this case, we represent the serial number as a
-``SecureVector<byte>`` called ``serial``. There are two additional (optional)
+``secure_vector<byte>`` called ``serial``. There are two additional (optional)
values, an enumeration called ``CRL_Code`` that specifies the reason for
revocation (``reason``), and an object that represents the time that the
certificate became invalid (if this information is known).