* 1.3.14, June 12, 2004 - Added support for AEP's AEP1000/AEP2000 crypto cards - Added a Mutex module using Qt, from Justin Karneges - Added support for engine loading in LibraryInitializer - Tweaked SecureAllocator, giving 20% better performance under heavy load - Added timer and memory locking modules for Win32 (tm_win32, ml_win32) - Renamed PK_Engine to Engine_Core - Improved the Karatsuba cutoff points - Fixes for compiling with GCC 3.4 and Sun C++ 5.5 - Fixes for Linux/s390, OpenBSD, and Solaris - Added support for Linux/s390x - The configure script was totally broken for 'generic' OS - Removed Montgomery reduction due to bugs - Removed an unused header, pkcs8alg.h - check --validate returns an error code if any tests failed - Removed duplicate entry in Unix command list for es_unix - Moved the Cert_Usage enumeration into X509_Store - Added new timing methods for PK benchmarks, clock_gettime and RDTSC - Fixed a few minor bugs in the configure script - Removed some deprecated functions from x509cert.h and pkcs10.h - Removed the 'minimal' module, has to be updated for Engine support - Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace - Documentation updates * 1.3.13, May 15, 2004 - Major fixes for Cygwin builds - Minor MacOS X install fixes - The configure script is a little better at picking the right modules - Removed ml_unix from the 'unix' module set for Cygwin compatibility - Fixed a stupid compile problem in pkcs10.h * 1.3.12, May 2, 2004 - Added ability to remove old entries from CRLs - Swapped the first two arguments of X509_CA::update_crl() - Added an < operator for MemoryRegion, so it can be used as a std::map key - Changed X.509 searching by DNS name from substring to full string compares - Renamed a few X509_Certificate and PKCS10_Request member functions - Fixed a problem when decoding some PKCS #10 requests - Hex_Decoder would not check inputs, reported by Vaclav Ovsik - Changed default CRL expire time from 30 days to 7 days - X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility - Corrected errors in the API doc, fixes from Ken Perano - More documentation about the Pipe/Filter code * 1.3.11, April 1, 2004 - Fixed two show-stopping bugs in PKCS10_Request - Added some sanity checks in Pipe/Filter - The DNS and URI entries would get swapped in subjectAlternativeNames - MAC_Filter is now willing to not take a key at creation time - Setting the expiration times of certs and CRLs is more flexible - Fixed problems building on AIX with GCC - Fixed some problems in the tutorial pointed out by Dominik Vogt - Documentation updates * 1.3.10, March 27, 2004 - Added support for OpenPGP's ASCII armor format - Cleaned up the RNG system; seeding is much more flexible - Added simple autoconfiguration abilities to configure.pl - Fixed a GCC 2.95.x compile problem - Updated the example configuration file - Documentation updates * 1.3.9, March 7, 2004 - Added an engine using OpenSSL (requires 0.9.7 or later) - X509_Certificate would lose email addresses stored in the DN - Fixed a missing initialization in a BigInt constructor - Fixed several Visual C++ compile problems - Fixed some BeOS build problems - Fixed the WiderWake benchmark * 1.3.8, December 30, 2003 - Internal changes to PK algorithms to divide data and algorithms - DSA/DH/NR/ElGamal constructors accept taking just the private key again - ElGamal keys now support being imported/exported as ASN.1 objects - Much more consistent and complete error checking in PK algorithms - Support for arbitrary backends (engines) for PK operations - Added Montgomery reductions - Added an engine that uses GNU MP (requires 4.1 or later) - Removed the obsolete mp_gmp module - Moved several initialization/shutdown functions to init.h - Major refactoring of the memory containers - New non-locking container, MemoryVector - Fixed 64-bit problems in BigInt::set_bit/clear_bit - Renamed PK_Key::check_params() to check_key() - Some incompatible changes to OctetString - Added version checking macros in version.h - Removed the fips140 module pending rewrite - Added some functions and hooks to help GUIs - Moved more shared code into MDx_HashFunction - Added a policy hook for specifying the encoding of X.509 strings * 1.3.7, December 12, 2003 - Fixed a big security problem in es_unix - Fixed several stability problems in es_unix - Expanded the list of programs es_unix will try to use - SecureAllocator now only preallocates blocks in special cases - Added a special case in Global_RNG::seed for forcing a full poll - Removed the FIPS 186 RNG added in 1.3.5 pending further testing - Configure updates for PowerPC CPUs - Removed the (never tested) VAX support - Added support for S/390 Linux * 1.3.6, December 7, 2003 - Added a new module 'minimal', which disables most algorithms - SecureAllocator allocates a few blocks at startup - A few minor MPI cleanups - RPM spec file cleanups and fixes * 1.3.5, November 30, 2003 - Major improvements in ASN.1 string handling - Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs - Added partial support for the X.509v3 certificate policies extension - Centralized the handling of character set information - Added FIPS 140-2 startup self tests - Added a module (fips140) for doing extra FIPS 140-2 tests - Added FIPS 186-2 RNG - Improved ASN.1 BIT STRING handling - Removed a memory leak in PKCS10_Request - The encoding of DirectoryString now follows PKIX guidelines - Fixed some of the character set dependencies - Fixed a DER encoding error for tags greater than 30 - The BER decoder can now handle tags larger than 30 - Fixed tm_hard.cpp to recognize SPARC on more systems - Workarounds for a GCC 2.95.x bug in x509find.cpp - RPM changed to install into /usr instead of /usr/local - Added support for QNX * 1.3.4, November 21, 2003 - Added a module that does certain MPI operations using GNU MP - Added the X9.42 Diffie-Hellman PRF - The Zlib and Bzip2 objects now use custom allocators - Added member functions for directly hashing/MACing SecureVectors - Minor optimizations to the MPI addition and subtraction algorithms - Some cleanups in the low-level MPI code - Created separate AES-{128,192,256} objects * 1.3.3, November 17, 2003 - The library can now be repeatedly initialized and shutdown without crashing - Fixed an off-by-one error in the CTS code - Fixed an error in the EMSA4 verification code - Fixed a memory leak in mutex.cpp (pointed out by James Widener) - Fixed a memory leak in Pthread_Mutex - Fixed several memory leaks in the testing code - Bulletproofed the EMSA/EME/KDF/MGF retrieval functions - Minor cleanups in SecureAllocator - Removed a needless mutex guarding the (stateless) global timer - Fixed a piece of bash-specific code in botan-config - X.509 objects report more information about decoding errors - Cleaned up some of the exception handling - Updated the example config file with new OIDSs - Moved the build instructions into a separate document, building.tex * 1.3.2, November 13, 2003 - Fixed a bug preventing DSA signatures from verifying on X.509 objects - Made the X509_Store search routines more efficient and flexible - Added a function to X509_PublicKey to do easy public/private key matching - Added support for decoding indefinite length BER data - Changed Pipe's peek() to take an offset - Removed Filter::set_owns in favor of the new incr_owns function - Removed BigInt::zero() and BigInt::one() - Renamed the PEM related options from base/pem_* to pem/* - Added an option to specify the line width when encoding PEM - Removed the "rng/safe_longterm" option; it's always on now - Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 - Cleaned up the base64/hex encoders and decoders - Added an ASN.1/BER decoder as an example - AES had its internals marked 'public' in previous versions - Changed the value of the ASN.1 NO_OBJECT enum - Various new hacks in the configure script - Removed the already nominal support for SunOS * 1.3.1, November 4, 2003 - Generalized a few pieces of the DER encoder - PKCS8::load_key would fail if handed an unencrypted key - Added a failsafe so PKCS #8 key decoding can't go into an infinite loop * 1.3.0, November 2, 2003 - Major redesign of the PKCS #8 private key import/export system - Added a small amount of UI interface code for getting passphrases - Added heuristics that tell if a key, cert, etc is stored as PEM or BER - Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC - Removed certain deprecated constructors of RSA, DSA, DH, RW, NR - Made PEM decoding more forgiving of extra text before the header