.. _relnotes: Release Notes ======================================== Series 1.9 ---------------------------------------- Version 1.9.18, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fourth release candidate for 1.10.0 * Add support for compiling SSL using Visual C++ 2010's TR1 implementation. * The SSE2 implementation of IDEA did not work correctly when compiled by Clang, because the trick it used to emulate a 16 bit unsigned compare in SSE (which doesn't contain one natively) relied on signed overflow working in the 'usual' way. A different method that doesn't rely on signed overflow is now used. * Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to crash if given a zero-sized input to encode. * On Unix, the library and header paths have been changed to allow parallel installation of different versions of the library. Headers are installed into ``/include/botan-1.9/botan``, libraries are named ``libbotan-1.9``, and ``botan-config`` is now namespaced (so in this release ``botan-config-1.9``). All of these embedded versions will be 1.10 in the upcoming stable release. * The soname system has also modified at the suggestion of the Debian maintainer to match the conventional Unix ABI soname scheme. For instance in this release the library soname is ``libbotan-1.9.so.0``, with the full library being named ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be incremented whenever a breaking ABI change is made. * In OAEP decoding, scan for the delimiter bytes using a loop that is written without conditionals so as to help avoid timing analysis. Unfortunately GCC at least is 'smart' enough to compile it to jumps anyway. * TR1 support is not longer automatically assumed under older versions of GCC * Functions for base64 decoding that work standalone (without needing to use a pipe) have been added to ``base64.h`` * The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 and has been added back. * The function ``BigInt::get_substring`` did not work correctly with a *length* argument of 32. * Add two different configuration targets for Atom, since some are 32-bit and some are 64-bit. The 'atom' target now refers to the 64-bit implementations, use 'atom32' to target the 32-bit processors. * The (incomplete) support for CMS and card verifiable certificates are disabled by default; add ``--enable-modules=cms`` or ``--enable-modules=cvc`` during configuration to turn them back on. Version 1.9.17, 2011-04-29 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Third release candidate for 1.10.0 * The format preserving encryption method currently available was presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` and ``fpe_decrypt``. These were renamed as it is likely that other FPE schemes will be included in the future. The header is now ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and ``fe1_decrypt``. See :doc:`fpe` for more information. * New options to ``configure.py`` control what tools are used for documentation generation. The ``--with-sphinx`` option enables using Sphinx to convert ReST into HTML; otherwise the ReST sources are installed directly. If ``--with-doxygen`` is used, Doxygen will run as well. Documentation generation can be triggered via the ``docs`` target in the makefile; it will also be installed by the install target on Unix. * A bug in 1.9.16 effectively disabled support for runtime CPU feature detection on x86 under GCC in that release. * A mostly internal change, all references to "ia32" and "amd64" have been changed to the vendor neutral and probably easier to understand "x86-32" and "x86-64". For instance, the "mp_amd64" module has been renamed "mp_x86_64", and the macro indicating x86-32 has changed from ``BOTAN_TARGET_ARCH_IS_IA32`` to ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have also been renamed. * Similiarly to the above change, the AES implemenations using the AES-NI instruction set have been renamed from AES_XXX_Intel to AES_XXX_NI. * Systems that are identified as `sun4u` will default to compiling for 32-bit SPARCv9 code rather than 64-bit. This matches the still common convention for 32-bit SPARC userspaces. If you want 64-bit code on such as system, use ``--cpu=sparc64``. * Some minor fixes for compiling botan under the BeOS clone/continuation `Haiku `_. * Further updates to the documentation Version 1.9.16, 2011-04-11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Second release candidate for 1.10.0 * The documentation, previously written in LaTeX, is now in reStructuredText suitable for processing by `Sphinx `_, which can generate nicely formatted HTML and PDFs. The documentation has also been greatly updated and expanded. * The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a typedef for backwards compatability. * ``EC_Group``'s string constructor didn't understand the standard names like "secp160r1", forcing use of the OIDs. * Two constructors for ECDSA private keys, the one that creates a new random key, and the one that provides a preset private key as a ``BigInt``, have been merged. This matches the existing interface for DSA and DH keys. If you previously used the version taking a ``BigInt`` private key, you'll have to additionally pass in a ``RandomNumberGenerator`` object starting in this release. * It is now possible to create ECDH keys with a preset ``BigInt`` private key; previously no method for this was available. * The overload of ``generate_passhash9`` that takes an explicit algorithm identifier has been merged with the one that does not. The algorithm identifier code has been moved from the second parameter to the fourth. See :ref:`passhash9` for details. * Change shared library versioning to match the normal Unix conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do its runtime linky magic. It can be safely presumed that any change in the major or minor version indicates ABI incompatability. * Remove the socket wrapper code; it was not actually used by anything in the library, only in the examples, and you can use whatever kind of (blocking) socket interface you like with the SSL/TLS code. It's available as socket.h in the examples directory if you want to use it. * Disable the by-default 'strong' checking of private keys that are loaded from storage. You can always request key material sanity checking using Private_Key::check_key. * Bring back removed functions ``min_keylength_of``, ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to avoid breaking applications written against 1.8 Version 1.9.15, 2011-03-21 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * First release candidate for 1.10.0 * Modify how message expansion is done in SHA-256 and SHA-512. Instead of expanding the entire message at the start, compute them in the minimum number of registers. Values are computed 15 rounds before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. * Pipe will delete empty output queues as soon as they are no longer needed, even if earlier messages still have data unread. However an (empty) entry in a deque of pointers will remain until all prior messages are completely emptied. * Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike Linux the kernel will not trap and emulate it for us, causing a illegal instruction crash. * Improve detection and autoconfiguration for ARM processors. Version 1.9.14, 2011-03-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add support for bcrypt, OpenBSD's password hashing scheme. It is described in :ref:`bcrypt`. * Add support for NIST's AES key wrapping algorithm, as described in :rfc:`3394`. It is available by including ``rfc3394.h``. * Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142) Version 1.9.13, 2011-02-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Update Keccak to the round 3 variant * Fix ordering in GOST 34.10 signatures to match DNSSEC specifications * Use ``size_t`` instead of ``u32bit`` for small integers in DER/BER codecs * Add new build option ``--distribution-info`` * Fix problems in the amalgamation build * Fix building under Clang 2.9 and Sun Studio 12 Version 1.9.12, 2010-12-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add the Keccak hash function * Fix compilation problems in Python wrappers * Fix compilation problem in OpenSSL engine * Update SQLite3 database encryption codec Version 1.9.11, 2010-11-29 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Many SSL/TLS APIs have changed. This API is still unstable. * The SSL interface requires TR1 (uses std::tr1::function) * Fix SSL handshake failures when using RC4 ciphersuites * Fix a number of CRL encoding and decoding bugs * Counter mode now always encrypts 256 blocks in parallel * Code where u32bit was used to represent a length now uses size_t * Use small tables in the first round of AES * Removed AES class: app must choose AES-128, AES-192, or AES-256 * Add hex encoding/decoding functions that can be used without a Pipe * Add base64 encoding functions that can be used without a Pipe * Add to_string function to X509_Certificate * Add support for dynamic engine loading on Windows * Replace BlockCipher::BLOCK_SIZE attribute with function block_size() * Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() * Changed semantics of MemoryRegion::resize and clear to match STL * Removed MemoryRegion::append, replaced by push_back and operator+= * Move PBKDF lookup to engine system * The IDEA key schedule has been changed to run in constant time * Avoid a possible timing vulnerability in Montgomery reduction * Add Algorithm and Key_Length_Specification classes * Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 * Update Skein-512 to match the v1.3 specification * Allow using PBKDF2 with empty passphrases * Add compile-time deprecation warnings for GCC, Clang, and MSVC * Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 * Improve support for Intel Atom processors * Fix compilation problems under Sun Studio and Clang Version 1.9.10, 2010-08-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add a constant time AES implementation using SSSE3 * Add support for loading new Engines at runtime * Use GCC byteswap intrinsics where possible * Drop support for building with Python 2.4 * Fix benchmarking of block ciphers in ECB mode * Consolidate the two x86 assembly engines * Rename S2K to PBKDF Version 1.9.9, 2010-06-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add new X509::BER_encode and PKCS8::BER_encode * Give all Filter objects a name() function * Add Keyed_Filter::valid_iv_length * Increase default iteration counts for private key encryption * Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later * Fix compilation under Apple's GCC 4.2 * Expand and update the Doxygen documentation Version 1.9.8, 2010-06-14 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add support for wide multiplications on 64-bit Windows * Use constant time multiplication in IDEA * Avoid possible timing attack against OAEP decoding * Removed FORK-256; rarely used and it has been broken * Rename ``--use-boost-python`` to ``--with-boost-python`` * Skip building shared libraries on MinGW/Cygwin * Fix creation of 512 and 768 bit DL groups using the DSA kosherizer * Fix compilation on GCC versions before 4.3 (missing cpuid.h) * Fix compilation under the Clang compiler Version 1.9.7, 2010-04-27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * TLS: Support reading SSLv2 client hellos * TLS: Add support for SEED ciphersuites (RFC 4162) * Add Comb4P hash combiner function * Fix checking of EMSA_Raw signatures with leading 0 bytes Version 1.9.6, 2010-04-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * TLS: Add support for TLS v1.1 * TLS: Support server name indicator extension * TLS: Fix server handshake * TLS: Fix server using DSA certificates * TLS: Avoid timing channel between CBC padding check and MAC verification Version 1.9.5, 2010-03-29 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Numerous ECC optimizations * Fix GOST 34.10-2001 X.509 key loading * Allow PK_Signer's fault protection checks to be toggled off * Avoid using pool-based locking allocator if we can't mlock * Remove all runtime options * New BER_Decoder::{decode_and_check, decode_octet_string_bigint} * Remove SecureBuffer in favor of SecureVector length parameter * HMAC_RNG: Perform a poll along with user-supplied entropy * Fix crash in MemoryRegion if Allocator::get failed * Fix small compilation problem on FreeBSD Version 1.9.4, 2010-03-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add the Ajisai SSLv3/TLSv1.0 implementation * Add GOST 34.10-2001 public key signature scheme * Add SIMD implementation of Noekeon * Add SSE2 implementation of IDEA * Extend Salsa20 to support longer IVs (XSalsa20) * Perform XTS encryption and decryption in parallel where possible * Perform CBC decryption in parallel where possible * Add SQLite3 db encryption codec, contributed by Olivier de Gaalon * Add a block cipher cascade construction * Add support for password hashing for authentication (passhash9.h) * Add support for Win32 high resolution system timers * Major refactoring and API changes in the public key code * Use consistency checking (anti-fault attack) for all signature schemes * Changed S2K interface: derive_key now takes salt, iteration count * Remove dependency on TR1 for ECC and CVC code * Renamed ECKAEG to its more usual name, ECDH * Fix crash in GMP_Engine if library is shutdown and reinitialized * Fix an invalid memory read in MD4 * Fix Visual C++ static builds * Remove Timer class entirely * Switch default PKCS #8 encryption algorithm from 3DES to AES-128 * New option --gen-amalgamation for creating a SQLite-style amalgamation * Many headers are now explicitly internal-use-only and are not installed * Greatly improve the Win32 installer * Several fixes for Visual C++ debug builds Version 1.9.3, 2009-11-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add new AES implementation using Intel's AES instruction intrinsics * Add an implementation of format preserving encryption * Allow use of any hash function in X.509 certificate creation * Optimizations for MARS, Skipjack, and AES * Set macros for available SIMD instructions in build.h * Add support for using InnoSetup to package Windows builds * By default build a DLL on Windows Version 1.9.2, 2009-11-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add SIMD version of XTEA * Support both SSE2 and AltiVec SIMD for Serpent and XTEA * Optimizations for SHA-1 and SHA-2 * Add AltiVec runtime detection * Fix x86 CPU identification with Intel C++ and Visual C++ Version 1.9.1, 2009-10-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Better support for Python and Perl wrappers * Add an implementation of Blue Midnight Wish (Round 2 tweak version) * Modify Skein-512 to match the tweaked 1.2 specification * Add threshold secret sharing (draft-mcgrew-tss-02) * Add runtime cpu feature detection for x86/x86-64 * Add code for general runtime self testing for hashes, MACs, and ciphers * Optimize XTEA; twice as fast as before on Core2 and Opteron * Convert CTR_BE and OFB from filters to stream ciphers * New parsing code for SCAN algorithm names * Enable SSE2 optimizations under Visual C++ * Remove all use of C++ exception specifications * Add support for GNU/Hurd and Clang/LLVM Version 1.9.0, 2009-09-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add support for parallel invocation of block ciphers where possible * Add SSE2 implementation of Serpent * Add Rivest's package transform (an all or nothing transform) * Minor speedups to the Turing key schedule * Fix processing multiple messages in XTS mode * Add --no-autoload option to configure.py, for minimized builds * The previously used configure.pl script is no longer supported Series 1.8 ---------------------------------------- Version 1.8.11, 2010-11-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a number of CRL encoding and decoding bugs * When building a debug library under VC++, use the debug runtime * Fix compilation under Sun Studio on Linux and Solaris * Add several functions for compatability with 1.9 * In the examples, read most input files as binary * The Perl build script has been removed in this release Version 1.8.10, 2010-08-31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Switch default PKCS #8 encryption algorithm from 3DES to AES-256 * Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 * Use small tables in the first round of AES * Add PBKDF typedef and get_pbkdf for better compatability with 1.9 * Add version of S2K::derive_key taking salt and iteration count * Enable the /proc-walking entropy source on NetBSD * Fix the doxygen makefile target Version 1.8.9, 2010-06-16 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Use constant time multiplication in IDEA * Avoid possible timing attack against OAEP decoding * Add new X509::BER_encode and PKCS8::BER_encode * Enable DLL builds under Windows * Add Win32 installer support * Add support for the Clang compiler * Fix problem in semcem.h preventing build under Clang or GCC 3.4 * Fix bug that prevented creation of DSA groups under 1024 bits * Fix crash in GMP_Engine if library is shutdown and reinitialized * Work around problem with recent binutils in x86-64 SHA-1 * The Perl build script is no longer supported and refuses to run by default Version 1.8.8, 2009-11-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Alter Skein-512 to match the tweaked 1.2 specification * Fix use of inline asm for access to x86 bswap function * Allow building the library without AES enabled * Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild Version 1.8.7, 2009-09-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix processing multiple messages in XTS mode * Add --no-autoload option to configure.py, for minimized builds Version 1.8.6, 2009-08-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add Cryptobox, a set of simple password-based encryption routines * Only read world-readable files when walking /proc for entropy * Fix building with TR1 disabled * Fix x86 bswap support for Visual C++ * Fixes for compilation under Sun C++ * Add support for Dragonfly BSD (contributed by Patrick Georgi) * Add support for the Open64 C++ compiler * Build fixes for MIPS systems running Linux * Minor changes to license, now equivalent to the FreeBSD/NetBSD license Version 1.8.5, 2009-07-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Change configure.py to work on stock Python 2.4 * Avoid a crash in Skein_512::add_data processing a zero-length input * Small build fixes for SPARC, ARM, and HP-PA processors * The test suite now returns an error code from main() if any tests failed Version 1.8.4, 2009-07-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a bug in nonce generation in the Miller-Rabin test Version 1.8.3, 2009-07-11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add a new Python configuration script * Add the Skein-512 SHA-3 candidate hash function * Add the XTS block cipher mode from IEEE P1619 * Fix random_prime when generating a prime of less than 7 bits * Improve handling of low-entropy situations during PRNG seeding * Change random device polling to prefer /dev/urandom over /dev/random * Use an input insensitive implementation of same_mem instead of memcmp * Correct DataSource::discard_next to return the number of discarded bytes * Provide a default value for AutoSeeded_RNG::reseed * Fix Gentoo bug 272242 Version 1.8.2, 2009-04-07 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Make entropy polling more flexible and in most cases faster * GOST 28147 now supports multiple sbox parameters * Added the GOST 34.11 hash function * Fix botan-config problems on MacOS X Version 1.8.1, 2009-01-20 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Avoid a valgrind warning in es_unix.cpp on 32-bit Linux * Fix memory leak in PKCS8 load_key and encrypt_key * Relicense api.tex from CC-By-SA 2.5 to BSD * Fix botan-config on MacOS X, Solaris Version 1.8.0, 2008-12-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix compilation on Solaris with GCC Series 1.7 ---------------------------------------- Version 1.7.24, 2008-12-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a compatibility problem with SHA-512/EMSA3 signature padding * Fix bug preventing EGD/PRNGD entropy poller from working * Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) * Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 * Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes * Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 * Wrap private structs in SSE2 SHA-1 code in anonymous namespace * Change configure.pl's CPU autodetection output to be more consistent * Disable using OpenSSL's AES due to crashes of unknown cause * Fix warning in /proc walking entropy poller * Fix compilation with IBM XLC for Cell 0.9-200709 Version 1.7.23, 2008-11-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Change to use TR1 (thus enabling ECDSA) with GCC and ICC * Optimize almost all hash functions, especially MD4 and Tiger * Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} * Change Timer to be pure virtual, and add ANSI_Clock_Timer * Cache socket descriptors in the EGD entropy source * Avoid bogging down startup in /proc walking entropy source * Remove Buffered_EntropySource helper class * Add a Default_Benchmark_Timer typedef in benchmark.h * Add examples using benchmark.h and Algorithm_Factory * Add ECC tests from InSiTo * Minor documentation updates Version 1.7.22, 2008-11-17 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add provider preferences to Algorithm_Factory * Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 * Optimize AES encryption and decryption (about 10% faster) * Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs * Fix nanoseconds overflow in benchmark code * Remove Engine::add_engine Version 1.7.21, 2008-11-11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Make algorithm lookup much more configuable * Add facilities for runtime performance testing of algorithms * Drop use of entropy estimation in the PRNGs * Increase intervals between HMAC_RNG automatic reseeding * Drop InitializerOptions class, all options but thread safety Version 1.7.20, 2008-11-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Namespace pkg-config file by major and minor versions * Cache device descriptors in Device_EntropySource * Split base.h into {block_cipher,stream_cipher,mac,hash}.h * Removed get_mgf function from lookup.h Version 1.7.19, 2008-11-06 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add HMAC_RNG, based on a design by Hugo Krawczyk * Optimized the Turing stream cipher (about 20% faster on x86-64) * Modify Randpool's reseeding algorithm to poll more sources * Add a new AutoSeeded_RNG in auto_rng.h * OpenPGP_S2K changed to take hash object instead of name * Add automatic identification for Intel's Prescott processors Version 1.7.18, 2008-10-22 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add Doxygen comments from InSiTo * Add ECDSA and ECKAEG benchmarks * Add configure.pl switch --with-tr1-implementation * Fix configure.pl's --with-endian and --with-unaligned-mem options * Added support for pkg-config * Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow * Use const references to avoid copying overhead in CurveGFp, GFpModulus Version 1.7.17, 2008-10-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add missing ECDSA object identifiers * Fix error in x86 and x86-64 assembler affecting GF(p) math * Remove Boost dependency from GF(p) math * Modify botan-config to not print -L/usr/lib or -L/usr/local/lib * Add BOTAN_DLL macro to over 30 classes missing it * Rename the two SHA-2 base classes for consistency Version 1.7.16, 2008-10-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add several missing pieces needed for ECDSA and ECKAEG * Add Card Verifiable Certificates from InSiTo * Add SHA-224 from InSiTo * Add BSI variant of EMSA1 from InSiTo * Add GF(p) and ECDSA tests from InSiTo * Split ECDSA and ECKAEG into distinct modules * Allow OpenSSL and GNU MP engines to be built with public key algos disabled * Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h Version 1.7.15, 2008-10-07 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add GF(p) arithmetic from InSiTo * Add ECDSA and ECKAEG implementations from InSiTo * Minimize internal dependencies, allowing for smaller build configurations * Add new User Manual and Architecture Guide from FlexSecure GmbH * Alter configure.pl options for better autotools compatibility * Update build instructions for recent changes to configure.pl * Fix CPU detection using /proc/cpuinfo Version 1.7.14, 2008-09-30 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Split library into parts allowing modular builds * Add (very preliminary) CMS support to the main library * Some constructors now require object pointers instead of names * Support multiple implementations of the same algorithm * Build support for Pentium-M processors, from Derek Scherger * Build support for MinGW/MSYS, from Zbigniew Zagorski * Use inline assembly for bswap on 32-bit x86 Version 1.7.13, 2008-09-27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai * Allow all examples to compile even if compression not enabled * Make CMAC's polynomial doubling operation a public class method * Use the -m64 flag when compiling with Sun Forte on x86-64 * Clean up and slightly optimize CMAC::final_result Version 1.7.12, 2008-09-18 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add x86 assembly for Visual Studio C++, by Luca Piccarreta * Add a Perl XS module, by Vaclav Ovsik * Add SWIG-based wrapper for Botan * Add SSE2 implementation of SHA-1, by Dean Gaudet * Remove the BigInt::sig_words cache due to bugs * Combined the 4 Blowfish sboxes, suggested by Yves Jerschow * Changed BigInt::grow_by and BigInt::grow_to to be non-const * Add private assignment operators to classes that don't support assignment * Benchmark RSA encryption and signatures * Added test programs for random_prime and ressol * Add high resolution timers for IA-64, HP-PA, S390x * Reduce use of the RNG during benchmarks * Fix builds on STI Cell PPU * Add support for IBM's XLC compiler * Add IETF 8192 bit MODP group Version 1.7.11, 2008-09-11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added the Salsa20 stream cipher * Optimized Montgomery reduction, Karatsuba squaring * Added 16x16->32 word Comba multiplication and squaring * Use a much larger Karatsuba cutoff point * Remove bigint_mul_add_words * Inlined several BigInt functions * Add useful information to the generated build.h * Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} * Fix the Windows build Version 1.7.10, 2008-09-05 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Public key benchmarks run using a selection of random keys * New benchmark timer options are clock_gettime, gettimeofday, times, clock * Including reinterpret_cast optimization for xor_buf in default header * Split byte swapping and word rotation functions into distinct headers * Add IETF modp 6144 group and 2048 and 3072 bit DSS groups * Optimizes BigInt right shift * Add aliases in DL_Group::Format enum * BigInt now caches the significant word count Version 1.7.9, 2008-08-27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Make clear() in most algorithm base classes a pure virtual * Add noexec stack marker for GNU linker in assembly code * Avoid string operations in ressol * Compilation fixes for MinGW and Visual Studio C++ 2008 * Some autoconfiguration fixes for Windows Version 1.7.8, 2008-07-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added the block cipher Noekeon * Remove global deref_alias function * X509_Store takes timeout options as constructor arguments * Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH * Extend random_prime() for generating primes of any bit length * Remove Config class * Allow adding new entropy via base RNG interface * Reseeding a X9.31 PRNG also reseeds the underlying PRNG Version 1.7.7, 2008-06-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Remove the global PRNG object * The PK filter objects were removed * Add a test suite for the ANSI X9.31 PRNG * Much cleaner and (mostly) thread-safe reimplementation of es_ftw * Remove both default arguments to ANSI_X931_RNG's constructor * Remove the randomizing version of OctetString::change * Make the cipher and MAC to use in Randpool configurable * Move RandomNumberGenerator declaration to rng.h * RSA_PrivateKey will not generate keys smaller than 1024 bits * Fix an error decoding BER UNIVERSAL types with special taggings Version 1.7.6, 2008-05-05 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Initial support for Windows DLLs, from Joel Low * Reset the position pointer when a new block is generated in X9.32 PRNG * Timer objects are now treated as entropy sources * Moved several ASN.1-related enums from enums.h to an appropriate header * Removed the AEP module, due to inability to test * Removed Global_RNG and rng.h * Removed system_clock * Removed Library_State::UI and the pulse callback logic Version 1.7.5, 2008-04-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The API of X509_CA::sign_request was altered to avoid race conditions * New type Pipe::message_id to represent the Pipe message number * Remove the Named_Mutex_Holder for a small performance gain * Removed several unused or rarely used functions from Config * Ignore spaces inside of a decimal string in BigInt::decode * Allow using a std::istream to initialize a DataSource_Stream object * Fix compilation problem in zlib compression module * The chunk sized used by Pooling_Allocator is now a compile time setting * The size of random blinding factors is now a compile time setting * The install target no longer tries to set a particular owner/group Version 1.7.4, 2008-03-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Use unaligned memory read/writes on systems that allow it, for performance * Assembly for x86-64 for accessing the bswap instruction * Use larger buffers in ARC4 and WiderWAKE for significant throughput increase * Unroll loops in SHA-160 for a few percent increase in performance * Fix compilation with GCC 3.2 in es_ftw and es_unix * Build fix for NetBSD systems * Prevent es_dev from being built except on Unix systems Version 1.7.3, 2008-01-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * New invocation syntax for configure.pl with several new options * Support for IPv4 addresses in a subject alternative name * New fast poll for the generic Unix entropy source (es_unix) * The es_file entropy source has been replaced by the es_dev module * The malloc allocator does not inherit from Pooling_Allocator anymore * The path that es_unix will search in are now fully user-configurable * Truncate X9.42 PRF output rather than allow counter overflow * PowerPC is now assumed to be big-endian Version 1.7.2, 2007-10-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Initialize the global library state lazily * Add plain CBC-MAC for backwards compatibility with old systems * Clean up some of the self test code * Throw a sensible exception if a DL_Group is not found * Truncate KDF2 output rather than allowing counter overflow * Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 * Fix a Visual Studio compilation problem in x509stat.cpp Version 1.7.1, 2007-07-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a race condition in the algorithm object cache * HMAC key schedule optimization * The build header sets a macro defining endianness, if known * New word load/store abstraction allowing further optimization * Modify most of the library to avoid use the C-style casts * Use higher resolution timers in symmetric benchmarks Version 1.7.0, 2007-05-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * DSA parameter generation now follows FIPS 186-3 * Added OIDs for Rabin-Williams and Nyberg-Rueppel * Somewhat better support for out of tree builds * Minor optimizations for RC2 and Tiger * Documentation updates * Update the todo list Series 1.6 ---------------------------------------- Version 1.6.5, 2008-08-27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add noexec stack marker for GNU linker in assembly code * Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 Version 1.6.4, 2008-03-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a compilation problem with Visual Studio C++ 2003 Version 1.6.3, 2007-07-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix a race condition in the algorithm lookup cache * Fix problems building the memory pool on some versions of Visual C++ Version 1.6.2, 2007-03-24 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix autodection on Athlon64s running Linux * Fix builds on QNX and compilers using STLport * Remove a call to abort() that crept into production Version 1.6.1, 2007-01-20 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix some base64 decoder bugs * Add a new option to base64 encoding, to always append a newline * Fix some build problems under Visual Studio with debug enabled * Fix a bug in BER_Decoder that was triggered under some compilers Version 1.6.0, 2006-12-17 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Minor cleanups versus 1.5.13 Series 1.5 ---------------------------------------- Version 1.5.13, 2006-12-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Compilation fixes for the bzip2, zlib, and GNU MP modules * Better support for Intel C++ and EKOpath C++ on x86-64 Version 1.5.12, 2006-10-27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Cleanups in the initialization routines * Add some x86-64 assembly for multiply-add * Fix problems generating very small (below 384 bit) RSA keys * Support out of tree builds * Bring some of the documentation up to date * More improvements to the Python bindings Version 1.5.11, 2006-09-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Removed the Algorithm base class * Various cleanups in the public key inheritance hierarchy * Major overhaul of the configure/build setup * Added x86 assembler implementations of Serpent and low-level MPI code * Optimizations for the SHA-1 x86 assembler * Various improvements to the Python wrappers * Work around a Visual Studio compiler bug Version 1.5.10, 2006-08-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add x86 assembler versions of MD4, MD5, and SHA-1 * Expand InitializerOptions' language to support on/off switches * Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 * Fix possible resource leaks in the mmap allocator * Slightly optimized buffering in MDx_HashFunction * Initialization failures are dealt with somewhat better * Add an example implementing Pollard's Rho algorithm * Better option handling in the test/benchmark tool * Expand the xor_ciph example to support longer keys * Some updates to the documentation Version 1.5.9, 2006-07-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed bitrot in the AEP engine * Fix support for marking certificate/CRL extensions as critical * Significant cleanups in the library state / initialization code * LibraryInitializer takes an explicit InitializerOptions object * Make Mutex_Factory an abstract class, add Default_Mutex_Factory * Change configuration access to using global_state() * Add support for global named mutexes throughout the library * Add some STL wrappers for the delete operator * Change how certificates are created to be more flexible and general Version 1.5.8, 2006-06-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Many internal cleanups to the X.509 cert/CRL code * Allow for application code to support new X.509 extensions * Change the return type of X509_Certificate::{subject,issuer}_info * Allow for alternate character set handling mechanisms * Fix a bug that was slowing squaring performance somewhat * Fix a very hard to hit overflow bug in the C version of word3_muladd * Minor cleanups to the assembler modules * Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 * Support for GCC 2.95.x has been dropped in this release Version 1.5.7, 2006-05-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Further, major changes to the BER/DER coding system * Updated the Qt mutex module to use Mutex_Factory * Moved the library global state object into an anonymous namespace * Drop the Visual C++ x86 assembly module due to bugs Version 1.5.6, 2006-03-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The low-level DER/BER coding system was redesigned and rewritten * Portions of the certificate code were cleaned up internally * Use macros to substantially clean up the GCC assembly code * Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) * Avoid a couple of spurious warnings under Visual C++ * Some slight cleanups in X509_PublicKey::key_id Version 1.5.5, 2006-02-04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a potential infinite loop in the memory pool code (Matt Johnston) * Made Pooling_Allocator::Memory_Block an actual class of sorts * Some small optimizations to the division and modulo computations * Cleaned up the implementation of some of the BigInt operators * Reduced use of dynamic memory allocation in low-level BigInt functions * A few simplifications in the Randpool mixing function * Removed power(), as it was not particularly useful (or fast) * Fixed some annoying bugs in the benchmark code * Added a real credits file Version 1.5.4, 2006-01-29 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta * Fixed a memory access off-by-one in the Karatsuba code * Changed Pooling_Allocator's free list search to a log(N) algorithm * Merged ModularReducer with its only subclass, Barrett_Reducer * Fixed sign-handling bugs in some of the division and modulo code * Renamed the module description files to modinfo.txt * Further cleanups in the initialization code * Removed BigInt::add and BigInt::sub * Merged all the division-related functions into just divide() * Modified the functions to allow for better optimizations * Made the number of bits polled from an EntropySource user configurable * Avoid including in * Fixed some build problems with Sun Forte * Removed some dead code from bigint_modop * Fix the definition of same_mem Version 1.5.3, 2006-01-24 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Many optimizations in the low-level multiple precision integer code * Added hooks for assembly implementations of the MPI code * Support for the X.509 issuer alternative name extension in new certs * Fixed a bug in the decompression modules; found and patched by Matt Johnston * New Windows mutex module (mux_win32), by Luca Piccarreta * Changed the Windows timer module to use QueryPerformanceCounter * mem_pool.cpp was using std::set iterators instead of std::multiset ones * Fixed a bug in X509_CA preventing users from disabling particular extensions * Fixed the mp_asm64 module, which was entirely broken in 1.5.2 * Fixed some module build problems on FreeBSD and Tru64 Version 1.5.2, 2006-01-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed an off-by-one memory read in MISTY1::key() * Fixed a nasty memory leak in Output_Buffers::retire() * Reimplemented the memory allocator from scratch * Improved memory caching in Montgomery exponentiation * Optimizations for multiple precision addition and subtraction * Fixed a build problem in the hardware timer module on 64-bit PowerPC * Changed default Karatsuba cutoff to 12 words (was 14) * Removed MemoryRegion::bits(), which was unused and incorrect * Changed maximum HMAC keylength to 1024 bits * Various minor Makefile and build system changes * Avoid using std::min in to bypass Windows libc macro pollution * Switched checks/clock.cpp back to using clock() by default * Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 * Removed the Default_Mutex's unused clone() member function Version 1.5.1, 2006-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Implemented Montgomery exponentiation * Implemented generalized Karatsuba multiplication and squaring * Implemented Comba squaring for 4, 6, and 8 word inputs * Added new Modular_Exponentiator and Power_Mod classes * Removed FixedBase_Exp and FixedExponent_Exp * Fixed a performance regression in get_allocator introduced in 1.5.0 * Engines can now offer S2K algorithms and block cipher padding methods * Merged the remaining global 'algolist' code into Default_Engine * The low-level MPI code is linked as C again * Replaced BigInt's get_nibble with the more general get_substring * Some documentation updates Version 1.5.0, 2006-01-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Moved all global/shared library state into a single object * Mutex objects are created through mutex factories instead of a global * Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() * Removed the RNG_Quality enum entirely * There is now only a single global-use PRNG * Removed the no_aliases and no_oids options for LibraryInitializer * Removed the deprecated algorithms SEAL, ISAAC, and HAVAL * Change es_ftw to use unbuffered I/O Series 1.4 ---------------------------------------- Version 1.4.12, 2006-01-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed an off-by-one memory read in MISTY1::key() * Fixed a nasty memory leak in Output_Buffers::retire() * Changed maximum HMAC keylength to 1024 bits * Fixed a build problem in the hardware timer module on 64-bit PowerPC Version 1.4.11, 2005-12-31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Changed Whirlpool diffusion matrix to match updated algorithm spec * Fixed several engine module build errors introduced in 1.4.10 * Fixed two build problems in es_capi; reported by Matthew Gregan * Added a constructor to DataSource_Memory taking a std::string * Placing the same Filter in multiple Pipes triggers an exception * The configure script accepts --docdir and --libdir * Merged doc/rngs.txt into the main API document * Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 Version 1.4.10, 2005-12-18 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added an implementation of KASUMI, the block cipher used in 3G phones * Refactored Pipe; output queues are now managed by a distinct class * Made certain Filter facilities only available to subclasses of Fanout_Filter * There is no longer any overhead in Pipe for a message that has been read out * It is now possible to generate RSA keys as small as 128 bits * Changed some of the core classes to derive from Algorithm as a virtual base * Changed Randpool to use HMAC instead of a plain hash as the mixing function * Fixed a bug in the allocators; found and fixed by Matthew Gregan * Enabled the use of binary file I/O, when requested by the application * The OpenSSL engine's block cipher code was missing some deallocation calls * Disabled the es_ftw module on NetBSD, due to header problems there * Fixed a problem preventing tm_hard from building on MacOS X on PowerPC * Some cleanups for the modules that use inline assembler * config.h is now stored in build/ instead of build/include/botan/ * The header util.h was split into bit_ops.h, parsing.h, and util.h * Cleaned up some redundant include directives Version 1.4.9, 2005-11-06 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added the IBM-created AES candidate algorithm MARS * Added the South Korean block cipher SEED * Added the stream cipher Turing * Added the new hash function FORK-256 * Deprecated the ISAAC stream cipher * Twofish and RC6 are significantly faster with GCC * Much better support for 64-bit PowerPC * Added support for high-resolution PowerPC timers * Fixed a bug in the configure script causing problems on FreeBSD * Changed ANSI X9.31 to support arbitrary block ciphers * Make the configure script a bit less noisy * Added more test vectors for some algorithms, including all the AES finalists * Various cosmetic source code cleanups Version 1.4.8, 2005-10-16 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Resolved a bad performance problem in the allocators; fix by Matt Johnston * Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 * Renamed OMAC to CMAC to match the official NIST naming * Added single byte versions of update() to PK_Signer and PK_Verifier * Removed the unused reverse_bits and reverse_bytes functions Version 1.4.7, 2005-09-25 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed major performance problems with recent versions of GNU C++ * Added an implementation of the X9.31 PRNG * Removed the X9.17 and FIPS 186-2 PRNG algorithms * Changed defaults to use X9.31 PRNGs as global PRNG objects * Documentation updates to reflect the PRNG changes * Some cleanups related to the engine code * Removed two useless headers, base_eng.h and secalloc.h * Removed PK_Verifier::valid_signature * Fixed configure/build system bugs affecting MacOS X builds * Added support for the EKOPath x86-64 compiler * Added missing destructor for BlockCipherModePaddingMethod * Fix some build problems with Visual C++ 2005 beta * Fix some build problems with Visual C++ 2003 Workshop Version 1.4.6, 2005-03-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix an error in the shutdown code introduced in 1.4.5 * Setting base/pkcs8_tries to 0 disables the builtin fail-out * Support for XMPP identifiers in X.509 certificates * Duplicate entries in X.509 DNs are removed * More fixes for Borland C++, from Friedemann Kleint * Add a workaround for buggy iostreams Version 1.4.5, 2005-02-26 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add support for AES encryption of private keys * Minor fixes for PBES2 parameter decoding * Internal cleanups for global state variables * GCC 3.x version detection was broken in non-English locales * Work around a Sun Forte bug affecting mem_pool.h * Several fixes for Borland C++ 5.5, from Friedemann Kleint * Removed inclusion of init.h into base.h * Fixed a major bug in reading from certificate stores * Cleaned up a couple of mutex leaks * Removed some left-over debugging code * Removed SSL3_MAC, SSL3_PRF, and TLS_PRF Version 1.4.4, 2004-12-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Further tweaks to the pooling allocator * Modified EMSA3 to support SSL/TLS signatures * Changes to support Qt/QCA, from Justin Karneges * Moved mux_qt module code into mod_qt * Fixes for HP-UX from Mike Desjardins Version 1.4.3, 2004-11-06 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Split up SecureAllocator into Allocator and Pooling_Allocator * Memory locking allocators are more likely to be used * Fixed the placement of includes in some modules * Fixed broken installation procedure * Fixes in configure script to support alternate install programs * Modules can specify the minimum version they support Version 1.4.2, 2004-10-31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a major CRL handling bug * Cipher and hash operations can be offloaded to engines * Added support for cipher and hash offload in OpenSSL engine * Improvements for 64-bit CPUs without a widening multiply instruction * Support for SHA2-* and Whirlpool with EMSA2 * Fixed a long-standing build problem with conflicting include files * Fixed some examples that hadn't been updated for 1.4.x * Portability fixes for Solaris, BSD, HP-UX, and others * Lots of fixes and cleanups in the configure script * Updated the Gentoo ebuild file Version 1.4.1, 2004-10-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed major errors in the X.509 and PKCS #8 copy_key functions * Added a LAST_MESSAGE meta-message number for Pipe * Added new aliases (3DES and DES-EDE) for Triple-DES * Added some new functions to PK_Verifier * Cleaned up the KDF interface * Disabled tm_posix on BSD due to header issues * Fixed a build problem on PowerPC with GNU C++ pre-3.4 Version 1.4.0, 2004-06-26 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added the FIPS 186 RNG back * Added copy_key functions for X.509 public keys and PKCS #8 private keys * Fixed PKCS #1 signatures with RIPEMD-128 * Moved some code around to avoid warnings with Sun ONE compiler * Fixed a bug in botan-config affecting OpenBSD * Fixed some build problems on Tru64, HP-UX * Fixed compile problems with Intel C++, Compaq C++ Series 1.3 ---------------------------------------- Version 1.3.14, 2004-06-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added support for AEP's AEP1000/AEP2000 crypto cards * Added a Mutex module using Qt, from Justin Karneges * Added support for engine loading in LibraryInitializer * Tweaked SecureAllocator, giving 20% better performance under heavy load * Added timer and memory locking modules for Win32 (tm_win32, ml_win32) * Renamed PK_Engine to Engine_Core * Improved the Karatsuba cutoff points * Fixes for compiling with GCC 3.4 and Sun C++ 5.5 * Fixes for Linux/s390, OpenBSD, and Solaris * Added support for Linux/s390x * The configure script was totally broken for 'generic' OS * Removed Montgomery reduction due to bugs * Removed an unused header, pkcs8alg.h * check --validate returns an error code if any tests failed * Removed duplicate entry in Unix command list for es_unix * Moved the Cert_Usage enumeration into X509_Store * Added new timing methods for PK benchmarks, clock_gettime and RDTSC * Fixed a few minor bugs in the configure script * Removed some deprecated functions from x509cert.h and pkcs10.h * Removed the 'minimal' module, has to be updated for Engine support * Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace * Documentation updates Version 1.3.13, 2004-05-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Major fixes for Cygwin builds * Minor MacOS X install fixes * The configure script is a little better at picking the right modules * Removed ml_unix from the 'unix' module set for Cygwin compatibility * Fixed a stupid compile problem in pkcs10.h Version 1.3.12, 2004-05-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added ability to remove old entries from CRLs * Swapped the first two arguments of X509_CA::update_crl() * Added an < operator for MemoryRegion, so it can be used as a std::map key * Changed X.509 searching by DNS name from substring to full string compares * Renamed a few X509_Certificate and PKCS10_Request member functions * Fixed a problem when decoding some PKCS #10 requests * Hex_Decoder would not check inputs, reported by Vaclav Ovsik * Changed default CRL expire time from 30 days to 7 days * X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility * Corrected errors in the API doc, fixes from Ken Perano * More documentation about the Pipe/Filter code Version 1.3.11, 2004-04-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed two show-stopping bugs in PKCS10_Request * Added some sanity checks in Pipe/Filter * The DNS and URI entries would get swapped in subjectAlternativeNames * MAC_Filter is now willing to not take a key at creation time * Setting the expiration times of certs and CRLs is more flexible * Fixed problems building on AIX with GCC * Fixed some problems in the tutorial pointed out by Dominik Vogt * Documentation updates Version 1.3.10, 2004-03-27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added support for OpenPGP's ASCII armor format * Cleaned up the RNG system; seeding is much more flexible * Added simple autoconfiguration abilities to configure.pl * Fixed a GCC 2.95.x compile problem * Updated the example configuration file * Documentation updates Version 1.3.9, 2004-03-07 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added an engine using OpenSSL (requires 0.9.7 or later) * X509_Certificate would lose email addresses stored in the DN * Fixed a missing initialization in a BigInt constructor * Fixed several Visual C++ compile problems * Fixed some BeOS build problems * Fixed the WiderWake benchmark Version 1.3.8, 2003-12-30 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Internal changes to PK algorithms to divide data and algorithms * DSA/DH/NR/ElGamal constructors accept taking just the private key again * ElGamal keys now support being imported/exported as ASN.1 objects * Much more consistent and complete error checking in PK algorithms * Support for arbitrary backends (engines) for PK operations * Added Montgomery reductions * Added an engine that uses GNU MP (requires 4.1 or later) * Removed the obsolete mp_gmp module * Moved several initialization/shutdown functions to init.h * Major refactoring of the memory containers * New non-locking container, MemoryVector * Fixed 64-bit problems in BigInt::set_bit/clear_bit * Renamed PK_Key::check_params() to check_key() * Some incompatible changes to OctetString * Added version checking macros in version.h * Removed the fips140 module pending rewrite * Added some functions and hooks to help GUIs * Moved more shared code into MDx_HashFunction * Added a policy hook for specifying the encoding of X.509 strings Version 1.3.7, 2003-12-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a big security problem in es_unix * Fixed several stability problems in es_unix * Expanded the list of programs es_unix will try to use * SecureAllocator now only preallocates blocks in special cases * Added a special case in Global_RNG::seed for forcing a full poll * Removed the FIPS 186 RNG added in 1.3.5 pending further testing * Configure updates for PowerPC CPUs * Removed the (never tested) VAX support * Added support for S/390 Linux Version 1.3.6, 2003-12-07 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added a new module 'minimal', which disables most algorithms * SecureAllocator allocates a few blocks at startup * A few minor MPI cleanups * RPM spec file cleanups and fixes Version 1.3.5, 2003-11-30 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Major improvements in ASN.1 string handling * Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs * Added partial support for the X.509v3 certificate policies extension * Centralized the handling of character set information * Added FIPS 140-2 startup self tests * Added a module (fips140) for doing extra FIPS 140-2 tests * Added FIPS 186-2 RNG * Improved ASN.1 BIT STRING handling * Removed a memory leak in PKCS10_Request * The encoding of DirectoryString now follows PKIX guidelines * Fixed some of the character set dependencies * Fixed a DER encoding error for tags greater than 30 * The BER decoder can now handle tags larger than 30 * Fixed tm_hard.cpp to recognize SPARC on more systems * Workarounds for a GCC 2.95.x bug in x509find.cpp * RPM changed to install into /usr instead of /usr/local * Added support for QNX Version 1.3.4, 2003-11-21 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added a module that does certain MPI operations using GNU MP * Added the X9.42 Diffie-Hellman PRF * The Zlib and Bzip2 objects now use custom allocators * Added member functions for directly hashing/MACing SecureVectors * Minor optimizations to the MPI addition and subtraction algorithms * Some cleanups in the low-level MPI code * Created separate AES-{128,192,256} objects Version 1.3.3, 2003-11-17 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The library can now be repeatedly initialized and shutdown without crashing * Fixed an off-by-one error in the CTS code * Fixed an error in the EMSA4 verification code * Fixed a memory leak in mutex.cpp (pointed out by James Widener) * Fixed a memory leak in Pthread_Mutex * Fixed several memory leaks in the testing code * Bulletproofed the EMSA/EME/KDF/MGF retrieval functions * Minor cleanups in SecureAllocator * Removed a needless mutex guarding the (stateless) global timer * Fixed a piece of bash-specific code in botan-config * X.509 objects report more information about decoding errors * Cleaned up some of the exception handling * Updated the example config file with new OIDSs * Moved the build instructions into a separate document, building.tex Version 1.3.2, 2003-11-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a bug preventing DSA signatures from verifying on X.509 objects * Made the X509_Store search routines more efficient and flexible * Added a function to X509_PublicKey to do easy public/private key matching * Added support for decoding indefinite length BER data * Changed Pipe's peek() to take an offset * Removed Filter::set_owns in favor of the new incr_owns function * Removed BigInt::zero() and BigInt::one() * Renamed the PEM related options from base/pem_* to pem/* * Added an option to specify the line width when encoding PEM * Removed the "rng/safe_longterm" option; it's always on now * Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 * Cleaned up the base64/hex encoders and decoders * Added an ASN.1/BER decoder as an example * AES had its internals marked 'public' in previous versions * Changed the value of the ASN.1 NO_OBJECT enum * Various new hacks in the configure script * Removed the already nominal support for SunOS Version 1.3.1, 2003-11-04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Generalized a few pieces of the DER encoder * PKCS8::load_key would fail if handed an unencrypted key * Added a failsafe so PKCS #8 key decoding can't go into an infinite loop Version 1.3.0, 2003-11-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Major redesign of the PKCS #8 private key import/export system * Added a small amount of UI interface code for getting passphrases * Added heuristics that tell if a key, cert, etc is stored as PEM or BER * Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC * Removed certain deprecated constructors of RSA, DSA, DH, RW, NR * Made PEM decoding more forgiving of extra text before the header Series 1.2 ---------------------------------------- Version 1.2.8, 2003-11-21 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Merged several important bug fixes from 1.3.x Version 1.2.7, 2003-10-31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added support for reading configuration files * Added constructors so NR and RW keys can be imported easily * Fixed mp_asm64, which was completely broken in 1.2.6 * Removed tm_hw_ia32 module; replaced by tm_hard * Added support for loading certain oddly formed RSA certificates * Fixed spelling of NON_REPUDIATION enum * Renamed the option default_to_ca to v1_assume_ca * Fixed a minor bug in X.509 certificate generation * Fixed a latent bug in the OID lookup code * Updated the RPM spec file * Added to the tutorial Version 1.2.6, 2003-07-04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Major performance increase for PK algorithms on most 64-bit systems * Cleanups in the low-level MPI code to support asm implementations * Fixed build problems with some versions of Compaq's C++ compiler * Removed useless constructors for NR public and private keys * Removed support for the patch_file directive in module files * Removed several deprecated functions Version 1.2.5, 2003-06-22 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a tricky and long-standing memory leak in Pipe * Major cleanups and fixes in the memory allocation system * Removed alloc_mlock, which has been superseded by the ml_unix module * Removed a denial of service vulnerability in X509_Store * Fixed compilation problems with VS .NET 2003 and Codewarrior 8 * Added another variant of PKCS8::load_key, taking a memory buffer * Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 * BigInt::operator%=(word) was a no-op if the input was a power of 2 * Fixed portability problems in BigInt::to_u32bit * Fixed major bugs in SSL3-MAC * Cleaned up some messes in the PK algorithms * Cleanups and extensions for OMAC and EAX * Made changes to the entropy estimation function * Added a 'beos' module set for use on BeOS * Officially deprecated a few X509:: and PKCS8:: functions * Moved the contents of primes.h to numthry.h * Moved the contents of x509opt.h to x509self.h * Removed the (empty) desx.h header * Documentation updates Version 1.2.4, 2003-05-29 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a bug in EMSA1 affecting NR signature verification * Fixed a few latent bugs in BigInt related to word size * Removed an unused function, mp_add2_nc, from the MPI implementation * Reorganized the core MPI files Version 1.2.3, 2003-05-20 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a bug that prevented DSA/NR key generation * Fixed a bug that prevented importing some root CA certs * Fixed a bug in the BER decoder when handing optional bit or byte strings * Fixed the encoding of authorityKeyIdentifier in X509_CA * Added a sanity check in PBKDF2 for zero length passphrases * Added versions of X509::load_key and PKCS8::load_key that take a file name * X509_CA generates 128 bit serial numbers now * Added tests to check PK key generation * Added a simplistic X.509 CA example * Cleaned up some of the examples Version 1.2.2, 2003-05-13 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Add checks to prevent any BigInt bugs from revealing an RSA or RW key * Changed the interface of Global_RNG::seed * Major improvements for the es_unix module * Added another Win32 entropy source, es_win32 * The Win32 CryptoAPI entropy source can now poll multiple providers * Improved the BeOS entropy source * Renamed pipe_unixfd module to fd_unix * Fixed a file descriptor leak in the EGD module * Fixed a few locking bugs Version 1.2.1, 2003-05-06 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added ANSI X9.23 compatible CBC padding * Added an entropy source using Win32 CryptoAPI * Removed the Pipe I/O operators taking a FILE* * Moved the BigInt encoding/decoding functions into the BigInt class * Integrated several fixes for VC++ 7 (from Hany Greiss) * Fixed the configure.pl script for Windows builds Version 1.2.0, 2003-04-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Tweaked the Karatsuba cut-off points * Increased the allowed keylength of HMAC and Blowfish * Removed the 'mpi_ia32' module, pending rewrite * Workaround a GCC 2.95.x bug in eme1.cpp Series 1.1 ---------------------------------------- Version 1.1.13, 2003-04-22 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added OMAC * Added EAX authenticated cipher mode * Diffie-Hellman would not do blinding in some cases * Optimized the OFB and CTR modes * Corrected Skipjack's word ordering, as per NIST clarification * Support for all subject/issuer attribute types required by RFC 3280 * The removeFromCRL CRL reason code is now handled correctly * Increased the flexibility of the allocators * Renamed Rijndael to AES, created aes.h, deleted rijndael.h * Removed support for the 'no_timer' LibraryInitializer option * Removed 'es_pthr' module, pending further testing * Cleaned up get_ciph.cpp Version 1.1.12, 2003-04-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a ASN.1 string encoding bug * Fixed a pair of X509_DN encoding problems * Base64_Decoder and Hex_Decoder can now validate input * Removed support for the LibraryInitializer option 'egd_path' * Added tests for DSA X.509 and PKCS #8 key formats * Removed a long deprecated feature of DH_PrivateKey's constructor * Updated the RPM .spec file * Major documentation updates Version 1.1.11, 2003-04-07 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added PKCS #10 certificate requests * Changed X509_Store searching interface to be more flexible * Added a generic Certificate_Store interface * Added a function for generating self-signed X.509 certs * Cleanups and changes to X509_CA * New examples for PKCS #10 and self-signed certificates * Some documentation updates Version 1.1.10, 2003-04-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * X509_CA can now generate new X.509 CRLs * Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks * More certificate and CRL extensions/attributes are supported * Better DN handling in X.509 certificates/CRLs * Added a DataSink hierarchy (suggested by Jim Darby) * Consolidated SecureAllocator and ManagedAllocator * Many cleanups and generalizations * Added a (slow) pthreads based EntropySource * Fixed some threading bugs Version 1.1.9, 2003-02-25 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added support for using X.509v2 CRLs * Fixed several bugs in the path validation algorithm * Certificates can be verified for a particular usage * Algorithm for comparing distinguished names now follows X.509 * Cleaned up the code for the es_beos, es_ftw, es_unix modules * Documentation updates Version 1.1.8, 2003-01-29 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixes for the certificate path validation algorithm in X509_Store * Fixed a bug affecting X509_Certificate::is_ca_cert() * Added a general configuration interface for policy issues * Cleanups and API changes in the X.509 CA, cert, and store code * Made various options available for X509_CA users * Changed X509_Time's interface to work around time_t problems * Fixed a theoretical weakness in Randpool's entropy mixing function * Fixed problems compiling with GCC 2.95.3 and GCC 2.96 * Fixed a configure bug (reported by Jon Wilson) affecting MinGW Version 1.1.7, 2003-01-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed an obscure but dangerous bug in SecureVector::swap * Consolidated SHA-384 and SHA-512 to save code space * Added SSL3-MAC and SSL3-PRF * Documentation updates, including a new tutorial Version 1.1.6, 2002-12-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Initial support for X.509v3 certificates and CAs * Major redesign/rewrite of the ASN.1 encoding/decoding code * Added handling for DSA/NR signatures encoded as DER SEQUENCEs * Documented the generic cipher lookup interface * Added an (untested) entropy source for BeOS * Various cleanups and bug fixes Version 1.1.5, 2002-11-17 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added the discrete logarithm integrated encryption system (DLIES) * Various optimizations for BigInt * Added support for assembler optimizations in modules * Added BigInt x86 optimizations module (mpi_ia32) Version 1.1.4, 2002-11-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Speedup of 15-30% for PK algorithms * Implemented the PBES2 encryption scheme * Fixed a potential bug in decoding RSA and RW private keys * Changed the DL_Group class interface to handle different formats better * Added support for PKCS #3 encoded DH parameters * X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' * Added key pair consistency checking * Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) * A botan-config script is generated at configure time * Documentation updates Version 1.1.3, 2002-11-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added a generic public/private key loading interface * Fixed a small encoding bug in RSA, RW, and DH * Changed the PK encryption/decryption interface classes * ECB supports using padding methods * Added a function-based interface for library initialization * Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures * The cipher mode benchmarks now use 128-bit AES instead of DES * Removed some obsolete typedefs * Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) * Added tests for PKCS #8 encoding/decoding * Added more tests for ECB and CBC Version 1.1.2, 2002-10-21 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Support for PKCS #8 encoded RSA, DSA, and DH private keys * Support for Diffie-Hellman X.509 public keys * Major reorganization of how X.509 keys are handled * Added PKCS #5 v2.0's PBES1 encryption scheme * Added a generic cipher lookup interface * Added the WiderWake4+1 stream cipher * Added support for sync-able stream ciphers * Added a 'paranoia level' option for the LibraryInitializer * More security for RNG output meant for long term keys * Added documentation for some of the new 1.1.x features * CFB's feedback argument is now specified in bits * Renamed CTR class to CTR_BE * Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats Version 1.1.1, 2002-10-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added the Korean hash function HAS-160 * Partial support for RSA and DSA X.509 public keys * Added a mostly functional BER encoder/decoder * Added support for non-deterministic MAC functions * Initial support for PEM encoding/decoding * Internal cleanups in the PK algorithms * Several new convenience functions in Pipe * Fixed two nasty bugs in Pipe * Messed with the entropy sources for es_unix * Discrete logarithm groups are checked for safety more closely now * For compatibility with GnuPG, ElGamal now supports DSA-style groups Version 1.1.0, 2002-09-14 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added entropy estimation to the RNGs * Improved the overall design of both Randpool and ANSI_X917_RNG * Added a separate RNG for nonce generation * Added window exponentiation support in power_mod * Added a get_s2k function and the PKCS #5 S2K algorithms * Added the TLSv1 PRF * Replaced BlockCipherModeIV typedef with InitializationVector class * Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement * Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x * Added support for RIPEMD-160 PKCS#1 v1.5 signatures * Changed the key agreement scheme interface * Changed the S2K and KDF interfaces * Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK * Added support for variable-pass Tiger * Major speedup for Rabin-Williams key generation Series 1.0 ---------------------------------------- Version 1.0.2, 2003-01-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed an obscure SEGFAULT causing bug in Pipe * Fixed an obscure but dangerous bug in SecureVector::swap Version 1.0.1, 2002-09-14 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed a minor bug in Randpool::random() * Added some new aliases and typedefs for 1.1.x compatibility * The 4096-bit RSA benchmark key was decimal instead of hex * EMAC was returning an incorrect name Version 1.0.0, 2002-08-26 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Octal I/O of BigInt is now supported * Fixed portability problems in the es_egd module * Generalized IV handling in the block cipher modes * Added Karatsuba multiplication and k-ary exponentiation * Fixed a problem in the multiplication routines Series 0.9 ---------------------------------------- Version 0.9.2, 2002-08-18 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * DH_PrivateKey::public_value() was returning the wrong value * Various BigInt optimizations * The filters.h header now includes hex.h and base64.h * Moved Counter mode to ctr.h * Fixed a couple minor problems with VC++ 7 * Fixed problems with the RPM spec file Version 0.9.1, 2002-08-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Grand rename from OpenCL to Botan * Major optimizations for the PK algorithms * Added ElGamal encryption * Added Whirlpool * Tweaked memory allocation parameters * Improved the method of seeding the global RNG * Moved pkcs1.h to eme_pkcs.h * Added more test vectors for some algorithms * Fixed error reporting in the BigInt tests * Removed Default_Timer, it was pointless * Added some new example applications * Removed some old examples that weren't that interesting * Documented the compression modules Version 0.9.0, 2002-08-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * EMSA4 supports variable salt size * PK_* can take a string naming the encoding method to use * Started writing some internals documentation Series 0.8 ---------------------------------------- Version 0.8.7, 2002-07-30 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed bugs in EME1 and EMSA4 * Fixed a potential crash at shutdown * Cipher modes returned an ill-formed name * Removed various deprecated types and headers * Cleaned up the Pipe interface a bit * Minor additions to the documentation * First stab at a Visual C++ makefile (doc/Makefile.vc7) Version 0.8.6, 2002-07-25 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added EMSA4 (aka PSS) * Brought the manual up to date; many corrections and additions * Added a parallel hash function construction * Lookup supports all available algorithms now * Lazy initialization of the lookup tables * Made more discrete logarithm groups available through get_dl_group() * StreamCipher_Filter supports seeking (if the underlying cipher does) * Minor optimization for GCD calculations * Renamed SAFER_SK128 to SAFER_SK * Removed many previously deprecated functions * Some now-obsolete functions, headers, and types have been deprecated * Fixed some bugs in DSA prime generation * DL_Group had a constructor for DSA-style prime gen but it wasn't defined * Reversed the ordering of the two arguments to SEAL's constructor * Fixed a threading problem in the PK algorithms * Fixed a minor memory leak in lookup.cpp * Fixed pk_types.h (it was broken in 0.8.5) * Made validation tests more verbose * Updated the check and example applications Version 0.8.5, 2002-07-21 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) * Added a DL_Group class * Reworking of the pubkey internals * Support in lookup for aliases and PK algorithms * Renamed CAST5 to CAST_128 and CAST256 to CAST_256 * Added EMSA1 * Reorganization of header files * LibraryInitializer will install new allocator types if requested * Fixed a bug in Diffie-Hellman key generation * Did a workaround in pipe.cpp for GCC 2.95.x on Linux * Removed some debugging code from init.cpp that made FTW ES useless * Better checking for invalid arguments in the PK algorithms * Reduced Base64 and Hex default line length (if line breaking is used) * Fixes for HP's aCC compiler * Cleanups in BigInt Version 0.8.4, 2002-07-14 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added Nyberg-Rueppel signatures * Added Diffie-Hellman key exchange (kex interface is subject to change) * Added KDF2 * Enhancements to the lookup API * Many things formerly taking pointers to algorithms now take names * Speedups for prime generation * LibraryInitializer has support for seeding the global RNG * Reduced SAFER-SK128 memory consumption * Reversed the ordering of public and private key values in DSA constructor * Fixed serious bugs in MemoryMapping_Allocator * Fixed memory leak in Lion * FTW_EntropySource was not closing the files it read * Fixed line breaking problem in Hex_Encoder Version 0.8.3, 2002-06-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added DSA and Rabin-Williams signature schemes * Added EMSA3 * Added PKCS#1 v1.5 encryption padding * Added Filters for PK algorithms * Added a Keyed_Filter class * LibraryInitializer processes arguments now * Major revamp of the PK interface classes * Changed almost all of the Filters for non-template operation * Changed HMAC, Lion, Luby-Rackoff to non-template classes * Some fairly minor BigInt optimizations * Added simple benchmarking for PK algorithms * Added hooks for fixed base and fixed exponent modular exponentiation * Added some examples for using RSA * Numerous bugfixes and cleanups * Documentation updates Version 0.8.2, 2002-05-18 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added an (experimental) algorithm lookup interface * Added code for directly testing BigInt * Added SHA2-384 * Optimized SHA2-512 * Major optimization for Adler32 (thanks to Dan Nicolaescu) * Various minor optimizations in BigInt and related areas * Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore * Fixed a bug in BufferingFilter * Made a few fixes for MacOS X * Added a workaround in configure.pl for GCC 2.95.x * Better support for PowerPC, ARM, and Alpha * Some more cleanups Version 0.8.1, 2002-05-06 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Major code cleanup (check doc/deprecated.txt) * Various bugs fixed, including several portability problems * Renamed MessageAuthCode to MessageAuthenticationCode * A replacement for X917 is in x917_rng.h * Changed EMAC to non-template class * Added ANSI X9.19 compatible CBC-MAC * TripleDES now supports 128 bit keys Version 0.8.0, 2002-04-24 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Merged BigInt: many bugfixes and optimizations since alpha2 * Added RSA (rsa.h) * Added EMSA2 (emsa2.h) * Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) * Changed some interfaces, including SymmetricKey, to support the global rng * Fixed a serious bug in ManagedAllocator * Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 * Removed some deprecated stuff * Added a global random number generator (rng.h) * Added clone functions to most of the basic algorithms * Added a library initializer class (init.h) * Version macros in version.h * Moved the base classes from opencl.h to base.h * Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib * Documentation updates for the new stuff (still incomplete) * Many new deprecated things: check doc/deprecated.txt Series 0.7 ---------------------------------------- Version 0.7.10, 2002-04-07 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Added EGD_EntropySource module (es_egd) * Added a file tree walking EntropySource (es_ftw) * Added MemoryLocking_Allocator module (alloc_mlock) * Renamed the pthr_mux, unix_rnd, and mmap_mem modules * Changed timer mechanism; the clock method can be switched on the fly. * Renamed MmapDisk_Allocator to MemoryMapping_Allocator * Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) * Fixed several bugs in MemoryMapping_Allocator * Added more default sources for Unix_EntropySource * Changed SecureBuffer to use same allocation methods as SecureVector * Added bigint_divcore into mp_core to support BigInt alpha2 release * Removed some Pipe functions deprecated since 0.7.8 * Some fixes for the configure program Version 0.7.9, 2002-03-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Memory allocation substantially revamped * Added memory allocation method based on mmap(2) in the mmap_mem module * Added ECB and CTS block cipher modes (ecb.h, cts.h) * Added a Mutex interface (mutex.h) * Added module pthr_mux, implementing the Mutex interface * Added Threaded Filter interface (thr_filt.h) * All algorithms can now by keyed with SymmetricKey objects * More testing occurs with --validate (expected failures) * Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 * Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress * Made X917 safer (and about 1/3 as fast) * Documentation updates Version 0.7.8, 2002-02-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * More capabilities for Pipe, inspired by SysV STREAMS, including peeking, better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION * Added a BufferingFilter class * Added popen() based EntropySource for generic Unix systems (unix_rnd) * Moved 'devrand' module into main distribution (ent_file.h), renamed to File_EntropySource, and changed interface somewhat. * Made Randpool somewhat more conservative and also 25% faster * Minor fixes and updates for the configure script * Added some tweaks for memory allocation * Documentation updates for the new Pipe interface * Fixed various minor bugs * Added a couple of new example programs (stack and hasher2) Version 0.7.7, 2001-11-24 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Filter::send now works in the constructor of a Filter subclass * You may now have to include explicitly in some code * Added preliminary PK infrastructure classes in pubkey.h and pkbase.h * Enhancements to SecureVector (append, destroy functions) * New infrastructure for secure memory allocation * Added IEEE P1363 primitives MGF1, EME1, KDF1 * Rijndael optimizations and cleanups * Changed CipherMode to BlockCipherMode(B*) * Fixed a nasty bug in pipe_unixfd * Added portions of the BigInt code into the main library * Support for VAX, SH, POWER, PowerPC-64, Intel C++ Version 0.7.6, 2001-10-14 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fixed several serious bugs in SecureVector created in 0.7.5 * Square optimizations * Fixed shared objects on MacOS X and HP-UX * Fixed static libs for KCC 4.0; works with KCC 3.4g as well * Full support for Athlon and K6 processors using GCC * Added a table of prime numbers < 2**16 (primes.h) * Some minor documentation updates Version 0.7.5, 2001-08-19 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Split checksum.h into adler32.h, crc24.h, and crc32.h * Split modes.h into cbc.h, cfb.h, and ofb.h * CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption * Added OneAndZeros and NoPadding methods for CBC * Added Lion, a very fast block cipher construction * Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) * Basic types (ciphers, hashes, etc) know their names now (call name()) * Changed the EntropySource type somewhat * Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 * Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 * Some semantics of SecureVector have changed slightly * The mlock module has been removed for the time being * Added string handling functions for hashes and MACs * Various non-user-visible cleanups * Shared library soname is now set to the full version number Version 0.7.4, 2001-07-15 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe * Fixed a vast number of errors in the config script/makefile/specfile * Pipe now has a stdio(3) interface as well as C++ iostreams * ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) * Bzip2 supports decompressing multiple concatenated streams, and flushing * Added a simple 'overall average' score to the benchmarks * Fixed a small bug in the POSIX timer module * Removed a very-unlikely-to-occur bug in most of the hash functions * filtbase.h now includes , not * Minor documentation updates Version 0.7.3, 2001-06-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix build problems on Solaris/SPARC * Fix build problems with Perl versions < 5.6 * Fixed some stupid code that broke on a few compilers * Added string handling functions to Pipe * MISTY1 optimizations Version 0.7.2, 2001-06-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Build system supports modules * Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers * Added Bzip2 compression filter, contributed by Peter Jones * GNU make no longer required (tested with 4.4BSD pmake and Solaris make) * Fixed minor bug in several of the hash functions * Various other minor fixes and changes * Updates to the documentation Version 0.7.1, 2001-05-16 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Rewrote configure script: more consistent and complete * Made it easier to find out parameters of types at run time (opencl.h) * New functions for finding the version being used (version.h) * New SymmetricKey interface for Filters (symkey.h) * InvalidKeyLength now records what the invalid key length was * Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA * Changed GOST to use correct S-box ordering (incompatible change) * Benchmark code was almost totally rewritten * Many more entries in the test vector file * Fixed minor and idiotic bug in check.cpp Version 0.7.0, 2001-03-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * First public release