1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
|
.. _relnotes:
Release Notes
========================================
Series 1.10
----------------------------------------
Version 1.10.2, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Pipe::reset no longer requires that message processing be completed,
a requirement that caused problems when a Filter's end_msg call
threw an exception, after which point the Pipe object was no longer
usable.
* The SSL/TLS code is disabled by default in this release. A new
version is being developed and the current iteration should not be
used unless needed for existing code.
* Add support for the rdrand instruction introduced in Intel's Ivy
Bridge processors.
* CPUID::has_rdrand was checking the wrong cpuid bit, and would false
positive on AMD Bulldozer processors.
* Add the Camellia block cipher
* An implementation of SRP-6a compatible with the specification in
RFC 5054 is now available in srp6.h
* The exception catching syntax of configure.py has been changed to
the Python 3.x syntax. This syntax also works with Python 2.6 and
2.7, but not with any earlier Python 2 release. A simple search and
replace will allow running it under Python 2.5::
perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
* If clock_gettime is available on the system, poll all available
clock types in the hres_timer poll.
* Add AltiVec detection for IBM POWER7 processors.
* Add AltiVec detection for OpenBSD, contributed by Brad Smith (PR 162)
* Add Google's Native Client as an compile target
* The Qt mutex wrapper was broken and would not compile with any recent
version of Qt. It has been removed.
* If targetting GCC on a Windows system, configure.py will warn that
likely you wanted to configure for either MinGW or Cygwin, not the
generic Windows target which is oriented to Win32 plus the Visual
C++ runtime.
* Fixed a compilation problem of the dynamic loader hooks under MinGW GCC
* Don't set a soname on OpenBSD, as it doesn't support it (PR 158)
* Fix a configure.py incompatability with the subprocess module
included in Python 3.1 (PR 157)
* A bug in configure.py would cause it to interpret `--cpu=s390x` as
`s390`. This may have affected other CPUs as well. Now configure.py
searches for an exact match, and only if no exact match is found
will it search for substring matches.
Version 1.10.1, 2011-07-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* A race condition in `Algorithm_Factory` could cause crashes in
multithreaded code. See `this thread on botan-devel
<http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_
for details and workarounds.
* The return value of ``name`` has changed for GOST 28147-89 and
Skein-512. GOST's ``name`` now includes the name of the sbox, and
Skein's includes the personalization string (if nonempty). This
allows an object to be properly roundtripped, which is necessary to
fix the race condition described above.
* A new distribution script is now included, as
``src/build-data/scripts/dist.py``
* The ``build.h`` header now includes, if available, an identifier of
the source revision that was used. This identifier is also included
in the result of ``version_string``.
Version 1.10.0, 2011-06-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Detection for the rdrand instruction being added to upcoming Intel
Ivy Bridge processors has been added.
* A template specialization of std::swap was added for the memory
container types.
Series 1.9
----------------------------------------
Version 1.9.18, 2011-06-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fourth release candidate for 1.10.0
* The GOST 34.10 verification operation was not ensuring that s and r
were both greater than zero. This could potentially have meant it
would have accepted an invalid all-zero signature as valid for any
message. Due to how ECC points are internally represented it instead
resulted in an exception being thrown.
* A simple multiexponentation algorithm is now used in ECDSA and
GOST-34.10 signature verification, leading to 20 to 25% improvements
in ECDSA and 25% to 40% improvements in GOST-34.10 verification
performance.
* The internal representation of elliptic curve points has been
modified to use Montgomery representation exclusively, resulting in
reduced memory usage and a 10 to 20% performance improvement for
ECDSA and ECDH.
* In OAEP decoding, scan for the delimiter bytes using a loop that is
written without conditionals so as to help avoid timing analysis.
Unfortunately GCC at least is 'smart' enough to compile it to
jumps anyway.
* The SSE2 implementation of IDEA did not work correctly when compiled
by Clang, because the trick it used to emulate a 16 bit unsigned
compare in SSE (which doesn't contain one natively) relied on signed
overflow working in the 'usual' way. A different method that doesn't
rely on signed overflow is now used.
* Add support for compiling SSL using Visual C++ 2010's TR1
implementation.
* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to
crash if given a zero-sized input to encode.
* A new build option ``--via-amalgamation`` will first generate the
single-file amalgamation, then build the library from that single
file. This option requires a lot of memory and does not parallelize,
but the resulting library is smaller and may be faster.
* On Unix, the library and header paths have been changed to allow
parallel installation of different versions of the library. Headers
are installed into ``<prefix>/include/botan-1.9/botan``, libraries
are named ``libbotan-1.9``, and ``botan-config`` is now namespaced
(so in this release ``botan-config-1.9``). All of these embedded
versions will be 1.10 in the upcoming stable release.
* The soname system has been modified. In this release the library
soname is ``libbotan-1.9.so.0``, with the full library being named
``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be
incremented whenever a breaking ABI change is made.
* TR1 support is not longer automatically assumed under older versions
of GCC
* Functions for base64 decoding that work standalone (without needing
to use a pipe) have been added to ``base64.h``
* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11
and has been added back.
* The function ``BigInt::get_substring`` did not work correctly with a
*length* argument of 32.
* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and
assumes the caller included ``string.h`` on its behalf. Do so to
fix compilation in the ``dev_random`` and ``unix_procs`` entropy
sources. Patch from Jeremy C. Reed.
* Add two different configuration targets for Atom, since some are
32-bit and some are 64-bit. The 'atom' target now refers to the
64-bit implementations, use 'atom32' to target the 32-bit
processors.
* The (incomplete) support for CMS and card verifiable certificates
are disabled by default; add ``--enable-modules=cms`` or
``--enable-modules=cvc`` during configuration to turn them back on.
Version 1.9.17, 2011-04-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Third release candidate for 1.10.0
* The format preserving encryption method currently available was
presented in the header ``fpe.h`` and the functions ``fpe_encrypt``
and ``fpe_decrypt``. These were renamed as it is likely that other
FPE schemes will be included in the future. The header is now
``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and
``fe1_decrypt``. See :doc:`fpe` for more information.
* New options to ``configure.py`` control what tools are used for
documentation generation. The ``--with-sphinx`` option enables using
Sphinx to convert ReST into HTML; otherwise the ReST sources are
installed directly. If ``--with-doxygen`` is used, Doxygen will run
as well. Documentation generation can be triggered via the ``docs``
target in the makefile; it will also be installed by the install
target on Unix.
* A bug in 1.9.16 effectively disabled support for runtime CPU feature
detection on x86 under GCC in that release.
* A mostly internal change, all references to "ia32" and "amd64" have
been changed to the vendor neutral and probably easier to understand
"x86-32" and "x86-64". For instance, the "mp_amd64" module has been
renamed "mp_x86_64", and the macro indicating x86-32 has changed
from ``BOTAN_TARGET_ARCH_IS_IA32`` to
``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have
also been renamed.
* Similiarly to the above change, the AES implemenations using the
AES-NI instruction set have been renamed from AES_XXX_Intel to
AES_XXX_NI.
* Systems that are identified as `sun4u` will default to compiling for
32-bit SPARCv9 code rather than 64-bit. This matches the still
common convention for 32-bit SPARC userspaces. If you want 64-bit
code on such as system, use ``--cpu=sparc64``.
* Some minor fixes for compiling botan under the BeOS
clone/continuation `Haiku <http://haiku-os.org>`_.
* Further updates to the documentation
Version 1.9.16, 2011-04-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Second release candidate for 1.10.0
* The documentation, previously written in LaTeX, is now in
reStructuredText suitable for processing by `Sphinx
<http://sphinx.pocoo.org>`_, which can generate nicely formatted
HTML and PDFs. The documentation has also been greatly updated and
expanded.
* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a
typedef for backwards compatability.
* ``EC_Group``'s string constructor didn't understand the standard
names like "secp160r1", forcing use of the OIDs.
* Two constructors for ECDSA private keys, the one that creates a new
random key, and the one that provides a preset private key as a
``BigInt``, have been merged. This matches the existing interface
for DSA and DH keys. If you previously used the version taking a
``BigInt`` private key, you'll have to additionally pass in a
``RandomNumberGenerator`` object starting in this release.
* It is now possible to create ECDH keys with a preset ``BigInt``
private key; previously no method for this was available.
* The overload of ``generate_passhash9`` that takes an explicit
algorithm identifier has been merged with the one that does not.
The algorithm identifier code has been moved from the second
parameter to the fourth. See :ref:`passhash9` for details.
* Change shared library versioning to match the normal Unix
conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is
named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do
its runtime linky magic. It can be safely presumed that any change
in the major or minor version indicates ABI incompatability.
* Remove the socket wrapper code; it was not actually used by anything
in the library, only in the examples, and you can use whatever kind
of (blocking) socket interface you like with the SSL/TLS code. It's
available as socket.h in the examples directory if you want to use
it.
* Disable the by-default 'strong' checking of private keys that are
loaded from storage. You can always request key material sanity
checking using Private_Key::check_key.
* Bring back removed functions ``min_keylength_of``,
``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to
avoid breaking applications written against 1.8
Version 1.9.15, 2011-03-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* First release candidate for 1.10.0
* Modify how message expansion is done in SHA-256 and SHA-512.
Instead of expanding the entire message at the start, compute them
in the minimum number of registers. Values are computed 15 rounds
before they are needed. On a Core i7-860, GCC 4.5.2, went from 143
to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512.
* Pipe will delete empty output queues as soon as they are no longer
needed, even if earlier messages still have data unread. However an
(empty) entry in a deque of pointers will remain until all prior
messages are completely emptied.
* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike
Linux the kernel will not trap and emulate it for us, causing a
illegal instruction crash.
* Improve detection and autoconfiguration for ARM processors.
Version 1.9.14, 2011-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add support for bcrypt, OpenBSD's password hashing scheme. It is
described in :ref:`bcrypt`.
* Add support for NIST's AES key wrapping algorithm, as described in
:rfc:`3394`. It is available by including ``rfc3394.h``.
* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142)
Version 1.9.13, 2011-02-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Update Keccak to the round 3 variant
* Fix ordering in GOST 34.10 signatures to match DNSSEC specifications
* Use ``size_t`` instead of ``u32bit`` for small integers in DER/BER codecs
* Add new build option ``--distribution-info``
* Fix problems in the amalgamation build
* Fix building under Clang 2.9 and Sun Studio 12
Version 1.9.12, 2010-12-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add the Keccak hash function
* Fix compilation problems in Python wrappers
* Fix compilation problem in OpenSSL engine
* Update SQLite3 database encryption codec
Version 1.9.11, 2010-11-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Many SSL/TLS APIs have changed. This API is still unstable.
* The SSL interface requires TR1 (uses std::tr1::function)
* Fix SSL handshake failures when using RC4 ciphersuites
* Fix a number of CRL encoding and decoding bugs
* Counter mode now always encrypts 256 blocks in parallel
* Code where u32bit was used to represent a length now uses size_t
* Use small tables in the first round of AES
* Removed AES class: app must choose AES-128, AES-192, or AES-256
* Add hex encoding/decoding functions that can be used without a Pipe
* Add base64 encoding functions that can be used without a Pipe
* Add to_string function to X509_Certificate
* Add support for dynamic engine loading on Windows
* Replace BlockCipher::BLOCK_SIZE attribute with function block_size()
* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size()
* Changed semantics of MemoryRegion::resize and clear to match STL
* Removed MemoryRegion::append, replaced by push_back and operator+=
* Move PBKDF lookup to engine system
* The IDEA key schedule has been changed to run in constant time
* Avoid a possible timing vulnerability in Montgomery reduction
* Add Algorithm and Key_Length_Specification classes
* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
* Update Skein-512 to match the v1.3 specification
* Allow using PBKDF2 with empty passphrases
* Add compile-time deprecation warnings for GCC, Clang, and MSVC
* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
* Improve support for Intel Atom processors
* Fix compilation problems under Sun Studio and Clang
Version 1.9.10, 2010-08-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add a constant time AES implementation using SSSE3
* Add support for loading new Engines at runtime
* Use GCC byteswap intrinsics where possible
* Drop support for building with Python 2.4
* Fix benchmarking of block ciphers in ECB mode
* Consolidate the two x86 assembly engines
* Rename S2K to PBKDF
Version 1.9.9, 2010-06-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add new X509::BER_encode and PKCS8::BER_encode
* Give all Filter objects a name() function
* Add Keyed_Filter::valid_iv_length
* Increase default iteration counts for private key encryption
* Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later
* Fix compilation under Apple's GCC 4.2
* Expand and update the Doxygen documentation
Version 1.9.8, 2010-06-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add support for wide multiplications on 64-bit Windows
* Use constant time multiplication in IDEA
* Avoid possible timing attack against OAEP decoding
* Removed FORK-256; rarely used and it has been broken
* Rename ``--use-boost-python`` to ``--with-boost-python``
* Skip building shared libraries on MinGW/Cygwin
* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
* Fix compilation on GCC versions before 4.3 (missing cpuid.h)
* Fix compilation under the Clang compiler
Version 1.9.7, 2010-04-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* TLS: Support reading SSLv2 client hellos
* TLS: Add support for SEED ciphersuites (RFC 4162)
* Add Comb4P hash combiner function
* Fix checking of EMSA_Raw signatures with leading 0 bytes
Version 1.9.6, 2010-04-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* TLS: Add support for TLS v1.1
* TLS: Support server name indicator extension
* TLS: Fix server handshake
* TLS: Fix server using DSA certificates
* TLS: Avoid timing channel between CBC padding check and MAC verification
Version 1.9.5, 2010-03-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Numerous ECC optimizations
* Fix GOST 34.10-2001 X.509 key loading
* Allow PK_Signer's fault protection checks to be toggled off
* Avoid using pool-based locking allocator if we can't mlock
* Remove all runtime options
* New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
* Remove SecureBuffer in favor of SecureVector length parameter
* HMAC_RNG: Perform a poll along with user-supplied entropy
* Fix crash in MemoryRegion if Allocator::get failed
* Fix small compilation problem on FreeBSD
Version 1.9.4, 2010-03-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add the Ajisai SSLv3/TLSv1.0 implementation
* Add GOST 34.10-2001 public key signature scheme
* Add SIMD implementation of Noekeon
* Add SSE2 implementation of IDEA
* Extend Salsa20 to support longer IVs (XSalsa20)
* Perform XTS encryption and decryption in parallel where possible
* Perform CBC decryption in parallel where possible
* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
* Add a block cipher cascade construction
* Add support for password hashing for authentication (passhash9.h)
* Add support for Win32 high resolution system timers
* Major refactoring and API changes in the public key code
* Use consistency checking (anti-fault attack) for all signature schemes
* Changed S2K interface: derive_key now takes salt, iteration count
* Remove dependency on TR1 for ECC and CVC code
* Renamed ECKAEG to its more usual name, ECDH
* Fix crash in GMP_Engine if library is shutdown and reinitialized
* Fix an invalid memory read in MD4
* Fix Visual C++ static builds
* Remove Timer class entirely
* Switch default PKCS #8 encryption algorithm from 3DES to AES-128
* New option --gen-amalgamation for creating a SQLite-style amalgamation
* Many headers are now explicitly internal-use-only and are not installed
* Greatly improve the Win32 installer
* Several fixes for Visual C++ debug builds
Version 1.9.3, 2009-11-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add new AES implementation using Intel's AES instruction intrinsics
* Add an implementation of format preserving encryption
* Allow use of any hash function in X.509 certificate creation
* Optimizations for MARS, Skipjack, and AES
* Set macros for available SIMD instructions in build.h
* Add support for using InnoSetup to package Windows builds
* By default build a DLL on Windows
Version 1.9.2, 2009-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add SIMD version of XTEA
* Support both SSE2 and AltiVec SIMD for Serpent and XTEA
* Optimizations for SHA-1 and SHA-2
* Add AltiVec runtime detection
* Fix x86 CPU identification with Intel C++ and Visual C++
Version 1.9.1, 2009-10-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Better support for Python and Perl wrappers
* Add an implementation of Blue Midnight Wish (Round 2 tweak version)
* Modify Skein-512 to match the tweaked 1.2 specification
* Add threshold secret sharing (draft-mcgrew-tss-02)
* Add runtime cpu feature detection for x86/x86-64
* Add code for general runtime self testing for hashes, MACs, and ciphers
* Optimize XTEA; twice as fast as before on Core2 and Opteron
* Convert CTR_BE and OFB from filters to stream ciphers
* New parsing code for SCAN algorithm names
* Enable SSE2 optimizations under Visual C++
* Remove all use of C++ exception specifications
* Add support for GNU/Hurd and Clang/LLVM
Version 1.9.0, 2009-09-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add support for parallel invocation of block ciphers where possible
* Add SSE2 implementation of Serpent
* Add Rivest's package transform (an all or nothing transform)
* Minor speedups to the Turing key schedule
* Fix processing multiple messages in XTS mode
* Add --no-autoload option to configure.py, for minimized builds
* The previously used configure.pl script is no longer supported
Series 1.8
----------------------------------------
Version 1.8.13, 2011-07-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* A race condition in `Algorithm_Factory` could cause crashes in
multithreaded code. See `this thread on botan-devel
<http://lists.randombit.net/pipermail/botan-devel/2011-July/001455.html>`_
for details and workarounds.
Version 1.8.12, 2011-06-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* If EMSA3(Raw) was used for more than one signature, it would produce
incorrect output.
* Fix the --enable-debug option to configure.py
* Improve OS detection on Cygwin
* Fix compilation under Sun Studio 12 on Solaris
* Fix a memory leak in the constructors of DataSource_Stream and
DataSink_Stream which would occur if opening the file failed. PR 144
Version 1.8.11, 2010-11-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a number of CRL encoding and decoding bugs
* When building a debug library under VC++, use the debug runtime
* Fix compilation under Sun Studio on Linux and Solaris
* Add several functions for compatability with 1.9
* In the examples, read most input files as binary
* The Perl build script has been removed in this release
Version 1.8.10, 2010-08-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Switch default PKCS #8 encryption algorithm from 3DES to AES-256
* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2
* Use small tables in the first round of AES
* Add PBKDF typedef and get_pbkdf for better compatability with 1.9
* Add version of S2K::derive_key taking salt and iteration count
* Enable the /proc-walking entropy source on NetBSD
* Fix the doxygen makefile target
Version 1.8.9, 2010-06-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Use constant time multiplication in IDEA
* Avoid possible timing attack against OAEP decoding
* Add new X509::BER_encode and PKCS8::BER_encode
* Enable DLL builds under Windows
* Add Win32 installer support
* Add support for the Clang compiler
* Fix problem in semcem.h preventing build under Clang or GCC 3.4
* Fix bug that prevented creation of DSA groups under 1024 bits
* Fix crash in GMP_Engine if library is shutdown and reinitialized
* Work around problem with recent binutils in x86-64 SHA-1
* The Perl build script is no longer supported and refuses to run by default
Version 1.8.8, 2009-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Alter Skein-512 to match the tweaked 1.2 specification
* Fix use of inline asm for access to x86 bswap function
* Allow building the library without AES enabled
* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild
Version 1.8.7, 2009-09-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix processing multiple messages in XTS mode
* Add --no-autoload option to configure.py, for minimized builds
Version 1.8.6, 2009-08-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add Cryptobox, a set of simple password-based encryption routines
* Only read world-readable files when walking /proc for entropy
* Fix building with TR1 disabled
* Fix x86 bswap support for Visual C++
* Fixes for compilation under Sun C++
* Add support for Dragonfly BSD (contributed by Patrick Georgi)
* Add support for the Open64 C++ compiler
* Build fixes for MIPS systems running Linux
* Minor changes to license, now equivalent to the FreeBSD/NetBSD license
Version 1.8.5, 2009-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Change configure.py to work on stock Python 2.4
* Avoid a crash in Skein_512::add_data processing a zero-length input
* Small build fixes for SPARC, ARM, and HP-PA processors
* The test suite now returns an error code from main() if any tests failed
Version 1.8.4, 2009-07-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a bug in nonce generation in the Miller-Rabin test
Version 1.8.3, 2009-07-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add a new Python configuration script
* Add the Skein-512 SHA-3 candidate hash function
* Add the XTS block cipher mode from IEEE P1619
* Fix random_prime when generating a prime of less than 7 bits
* Improve handling of low-entropy situations during PRNG seeding
* Change random device polling to prefer /dev/urandom over /dev/random
* Use an input insensitive implementation of same_mem instead of memcmp
* Correct DataSource::discard_next to return the number of discarded bytes
* Provide a default value for AutoSeeded_RNG::reseed
* Fix Gentoo bug 272242
Version 1.8.2, 2009-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Make entropy polling more flexible and in most cases faster
* GOST 28147 now supports multiple sbox parameters
* Added the GOST 34.11 hash function
* Fix botan-config problems on MacOS X
Version 1.8.1, 2009-01-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
* Fix memory leak in PKCS8 load_key and encrypt_key
* Relicense api.tex from CC-By-SA 2.5 to BSD
* Fix botan-config on MacOS X, Solaris
Version 1.8.0, 2008-12-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix compilation on Solaris with GCC
Series 1.7
----------------------------------------
Version 1.7.24, 2008-12-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a compatibility problem with SHA-512/EMSA3 signature padding
* Fix bug preventing EGD/PRNGD entropy poller from working
* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
* Wrap private structs in SSE2 SHA-1 code in anonymous namespace
* Change configure.pl's CPU autodetection output to be more consistent
* Disable using OpenSSL's AES due to crashes of unknown cause
* Fix warning in /proc walking entropy poller
* Fix compilation with IBM XLC for Cell 0.9-200709
Version 1.7.23, 2008-11-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Change to use TR1 (thus enabling ECDSA) with GCC and ICC
* Optimize almost all hash functions, especially MD4 and Tiger
* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
* Change Timer to be pure virtual, and add ANSI_Clock_Timer
* Cache socket descriptors in the EGD entropy source
* Avoid bogging down startup in /proc walking entropy source
* Remove Buffered_EntropySource helper class
* Add a Default_Benchmark_Timer typedef in benchmark.h
* Add examples using benchmark.h and Algorithm_Factory
* Add ECC tests from InSiTo
* Minor documentation updates
Version 1.7.22, 2008-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add provider preferences to Algorithm_Factory
* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
* Optimize AES encryption and decryption (about 10% faster)
* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
* Fix nanoseconds overflow in benchmark code
* Remove Engine::add_engine
Version 1.7.21, 2008-11-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Make algorithm lookup much more configuable
* Add facilities for runtime performance testing of algorithms
* Drop use of entropy estimation in the PRNGs
* Increase intervals between HMAC_RNG automatic reseeding
* Drop InitializerOptions class, all options but thread safety
Version 1.7.20, 2008-11-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Namespace pkg-config file by major and minor versions
* Cache device descriptors in Device_EntropySource
* Split base.h into {block_cipher,stream_cipher,mac,hash}.h
* Removed get_mgf function from lookup.h
Version 1.7.19, 2008-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add HMAC_RNG, based on a design by Hugo Krawczyk
* Optimized the Turing stream cipher (about 20% faster on x86-64)
* Modify Randpool's reseeding algorithm to poll more sources
* Add a new AutoSeeded_RNG in auto_rng.h
* OpenPGP_S2K changed to take hash object instead of name
* Add automatic identification for Intel's Prescott processors
Version 1.7.18, 2008-10-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add Doxygen comments from InSiTo
* Add ECDSA and ECKAEG benchmarks
* Add configure.pl switch --with-tr1-implementation
* Fix configure.pl's --with-endian and --with-unaligned-mem options
* Added support for pkg-config
* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
* Use const references to avoid copying overhead in CurveGFp, GFpModulus
Version 1.7.17, 2008-10-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add missing ECDSA object identifiers
* Fix error in x86 and x86-64 assembler affecting GF(p) math
* Remove Boost dependency from GF(p) math
* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
* Add BOTAN_DLL macro to over 30 classes missing it
* Rename the two SHA-2 base classes for consistency
Version 1.7.16, 2008-10-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add several missing pieces needed for ECDSA and ECKAEG
* Add Card Verifiable Certificates from InSiTo
* Add SHA-224 from InSiTo
* Add BSI variant of EMSA1 from InSiTo
* Add GF(p) and ECDSA tests from InSiTo
* Split ECDSA and ECKAEG into distinct modules
* Allow OpenSSL and GNU MP engines to be built with public key algos disabled
* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h
Version 1.7.15, 2008-10-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add GF(p) arithmetic from InSiTo
* Add ECDSA and ECKAEG implementations from InSiTo
* Minimize internal dependencies, allowing for smaller build configurations
* Add new User Manual and Architecture Guide from FlexSecure GmbH
* Alter configure.pl options for better autotools compatibility
* Update build instructions for recent changes to configure.pl
* Fix CPU detection using /proc/cpuinfo
Version 1.7.14, 2008-09-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Split library into parts allowing modular builds
* Add (very preliminary) CMS support to the main library
* Some constructors now require object pointers instead of names
* Support multiple implementations of the same algorithm
* Build support for Pentium-M processors, from Derek Scherger
* Build support for MinGW/MSYS, from Zbigniew Zagorski
* Use inline assembly for bswap on 32-bit x86
Version 1.7.13, 2008-09-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
* Allow all examples to compile even if compression not enabled
* Make CMAC's polynomial doubling operation a public class method
* Use the -m64 flag when compiling with Sun Forte on x86-64
* Clean up and slightly optimize CMAC::final_result
Version 1.7.12, 2008-09-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add x86 assembly for Visual Studio C++, by Luca Piccarreta
* Add a Perl XS module, by Vaclav Ovsik
* Add SWIG-based wrapper for Botan
* Add SSE2 implementation of SHA-1, by Dean Gaudet
* Remove the BigInt::sig_words cache due to bugs
* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
* Changed BigInt::grow_by and BigInt::grow_to to be non-const
* Add private assignment operators to classes that don't support assignment
* Benchmark RSA encryption and signatures
* Added test programs for random_prime and ressol
* Add high resolution timers for IA-64, HP-PA, S390x
* Reduce use of the RNG during benchmarks
* Fix builds on STI Cell PPU
* Add support for IBM's XLC compiler
* Add IETF 8192 bit MODP group
Version 1.7.11, 2008-09-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added the Salsa20 stream cipher
* Optimized Montgomery reduction, Karatsuba squaring
* Added 16x16->32 word Comba multiplication and squaring
* Use a much larger Karatsuba cutoff point
* Remove bigint_mul_add_words
* Inlined several BigInt functions
* Add useful information to the generated build.h
* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
* Fix the Windows build
Version 1.7.10, 2008-09-05
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Public key benchmarks run using a selection of random keys
* New benchmark timer options are clock_gettime, gettimeofday, times, clock
* Including reinterpret_cast optimization for xor_buf in default header
* Split byte swapping and word rotation functions into distinct headers
* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
* Optimizes BigInt right shift
* Add aliases in DL_Group::Format enum
* BigInt now caches the significant word count
Version 1.7.9, 2008-08-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Make clear() in most algorithm base classes a pure virtual
* Add noexec stack marker for GNU linker in assembly code
* Avoid string operations in ressol
* Compilation fixes for MinGW and Visual Studio C++ 2008
* Some autoconfiguration fixes for Windows
Version 1.7.8, 2008-07-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added the block cipher Noekeon
* Remove global deref_alias function
* X509_Store takes timeout options as constructor arguments
* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
* Extend random_prime() for generating primes of any bit length
* Remove Config class
* Allow adding new entropy via base RNG interface
* Reseeding a X9.31 PRNG also reseeds the underlying PRNG
Version 1.7.7, 2008-06-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Remove the global PRNG object
* The PK filter objects were removed
* Add a test suite for the ANSI X9.31 PRNG
* Much cleaner and (mostly) thread-safe reimplementation of es_ftw
* Remove both default arguments to ANSI_X931_RNG's constructor
* Remove the randomizing version of OctetString::change
* Make the cipher and MAC to use in Randpool configurable
* Move RandomNumberGenerator declaration to rng.h
* RSA_PrivateKey will not generate keys smaller than 1024 bits
* Fix an error decoding BER UNIVERSAL types with special taggings
Version 1.7.6, 2008-05-05
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Initial support for Windows DLLs, from Joel Low
* Reset the position pointer when a new block is generated in X9.32 PRNG
* Timer objects are now treated as entropy sources
* Moved several ASN.1-related enums from enums.h to an appropriate header
* Removed the AEP module, due to inability to test
* Removed Global_RNG and rng.h
* Removed system_clock
* Removed Library_State::UI and the pulse callback logic
Version 1.7.5, 2008-04-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The API of X509_CA::sign_request was altered to avoid race conditions
* New type Pipe::message_id to represent the Pipe message number
* Remove the Named_Mutex_Holder for a small performance gain
* Removed several unused or rarely used functions from Config
* Ignore spaces inside of a decimal string in BigInt::decode
* Allow using a std::istream to initialize a DataSource_Stream object
* Fix compilation problem in zlib compression module
* The chunk sized used by Pooling_Allocator is now a compile time setting
* The size of random blinding factors is now a compile time setting
* The install target no longer tries to set a particular owner/group
Version 1.7.4, 2008-03-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Use unaligned memory read/writes on systems that allow it, for performance
* Assembly for x86-64 for accessing the bswap instruction
* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
* Unroll loops in SHA-160 for a few percent increase in performance
* Fix compilation with GCC 3.2 in es_ftw and es_unix
* Build fix for NetBSD systems
* Prevent es_dev from being built except on Unix systems
Version 1.7.3, 2008-01-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* New invocation syntax for configure.pl with several new options
* Support for IPv4 addresses in a subject alternative name
* New fast poll for the generic Unix entropy source (es_unix)
* The es_file entropy source has been replaced by the es_dev module
* The malloc allocator does not inherit from Pooling_Allocator anymore
* The path that es_unix will search in are now fully user-configurable
* Truncate X9.42 PRF output rather than allow counter overflow
* PowerPC is now assumed to be big-endian
Version 1.7.2, 2007-10-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Initialize the global library state lazily
* Add plain CBC-MAC for backwards compatibility with old systems
* Clean up some of the self test code
* Throw a sensible exception if a DL_Group is not found
* Truncate KDF2 output rather than allowing counter overflow
* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
* Fix a Visual Studio compilation problem in x509stat.cpp
Version 1.7.1, 2007-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a race condition in the algorithm object cache
* HMAC key schedule optimization
* The build header sets a macro defining endianness, if known
* New word load/store abstraction allowing further optimization
* Modify most of the library to avoid use the C-style casts
* Use higher resolution timers in symmetric benchmarks
Version 1.7.0, 2007-05-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* DSA parameter generation now follows FIPS 186-3
* Added OIDs for Rabin-Williams and Nyberg-Rueppel
* Somewhat better support for out of tree builds
* Minor optimizations for RC2 and Tiger
* Documentation updates
* Update the todo list
Series 1.6
----------------------------------------
Version 1.6.5, 2008-08-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add noexec stack marker for GNU linker in assembly code
* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3
Version 1.6.4, 2008-03-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a compilation problem with Visual Studio C++ 2003
Version 1.6.3, 2007-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a race condition in the algorithm lookup cache
* Fix problems building the memory pool on some versions of Visual C++
Version 1.6.2, 2007-03-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix autodection on Athlon64s running Linux
* Fix builds on QNX and compilers using STLport
* Remove a call to abort() that crept into production
Version 1.6.1, 2007-01-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix some base64 decoder bugs
* Add a new option to base64 encoding, to always append a newline
* Fix some build problems under Visual Studio with debug enabled
* Fix a bug in BER_Decoder that was triggered under some compilers
Version 1.6.0, 2006-12-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Minor cleanups versus 1.5.13
Series 1.5
----------------------------------------
Version 1.5.13, 2006-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Compilation fixes for the bzip2, zlib, and GNU MP modules
* Better support for Intel C++ and EKOpath C++ on x86-64
Version 1.5.12, 2006-10-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Cleanups in the initialization routines
* Add some x86-64 assembly for multiply-add
* Fix problems generating very small (below 384 bit) RSA keys
* Support out of tree builds
* Bring some of the documentation up to date
* More improvements to the Python bindings
Version 1.5.11, 2006-09-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Removed the Algorithm base class
* Various cleanups in the public key inheritance hierarchy
* Major overhaul of the configure/build setup
* Added x86 assembler implementations of Serpent and low-level MPI code
* Optimizations for the SHA-1 x86 assembler
* Various improvements to the Python wrappers
* Work around a Visual Studio compiler bug
Version 1.5.10, 2006-08-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add x86 assembler versions of MD4, MD5, and SHA-1
* Expand InitializerOptions' language to support on/off switches
* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
* Fix possible resource leaks in the mmap allocator
* Slightly optimized buffering in MDx_HashFunction
* Initialization failures are dealt with somewhat better
* Add an example implementing Pollard's Rho algorithm
* Better option handling in the test/benchmark tool
* Expand the xor_ciph example to support longer keys
* Some updates to the documentation
Version 1.5.9, 2006-07-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed bitrot in the AEP engine
* Fix support for marking certificate/CRL extensions as critical
* Significant cleanups in the library state / initialization code
* LibraryInitializer takes an explicit InitializerOptions object
* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
* Change configuration access to using global_state()
* Add support for global named mutexes throughout the library
* Add some STL wrappers for the delete operator
* Change how certificates are created to be more flexible and general
Version 1.5.8, 2006-06-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Many internal cleanups to the X.509 cert/CRL code
* Allow for application code to support new X.509 extensions
* Change the return type of X509_Certificate::{subject,issuer}_info
* Allow for alternate character set handling mechanisms
* Fix a bug that was slowing squaring performance somewhat
* Fix a very hard to hit overflow bug in the C version of word3_muladd
* Minor cleanups to the assembler modules
* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
* Support for GCC 2.95.x has been dropped in this release
Version 1.5.7, 2006-05-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Further, major changes to the BER/DER coding system
* Updated the Qt mutex module to use Mutex_Factory
* Moved the library global state object into an anonymous namespace
* Drop the Visual C++ x86 assembly module due to bugs
Version 1.5.6, 2006-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The low-level DER/BER coding system was redesigned and rewritten
* Portions of the certificate code were cleaned up internally
* Use macros to substantially clean up the GCC assembly code
* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
* Avoid a couple of spurious warnings under Visual C++
* Some slight cleanups in X509_PublicKey::key_id
Version 1.5.5, 2006-02-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
* Made Pooling_Allocator::Memory_Block an actual class of sorts
* Some small optimizations to the division and modulo computations
* Cleaned up the implementation of some of the BigInt operators
* Reduced use of dynamic memory allocation in low-level BigInt functions
* A few simplifications in the Randpool mixing function
* Removed power(), as it was not particularly useful (or fast)
* Fixed some annoying bugs in the benchmark code
* Added a real credits file
Version 1.5.4, 2006-01-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
* Fixed a memory access off-by-one in the Karatsuba code
* Changed Pooling_Allocator's free list search to a log(N) algorithm
* Merged ModularReducer with its only subclass, Barrett_Reducer
* Fixed sign-handling bugs in some of the division and modulo code
* Renamed the module description files to modinfo.txt
* Further cleanups in the initialization code
* Removed BigInt::add and BigInt::sub
* Merged all the division-related functions into just divide()
* Modified the <mp_asmi.h> functions to allow for better optimizations
* Made the number of bits polled from an EntropySource user configurable
* Avoid including <algorithm> in <botan/secmem.h>
* Fixed some build problems with Sun Forte
* Removed some dead code from bigint_modop
* Fix the definition of same_mem
Version 1.5.3, 2006-01-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Many optimizations in the low-level multiple precision integer code
* Added hooks for assembly implementations of the MPI code
* Support for the X.509 issuer alternative name extension in new certs
* Fixed a bug in the decompression modules; found and patched by Matt Johnston
* New Windows mutex module (mux_win32), by Luca Piccarreta
* Changed the Windows timer module to use QueryPerformanceCounter
* mem_pool.cpp was using std::set iterators instead of std::multiset ones
* Fixed a bug in X509_CA preventing users from disabling particular extensions
* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
* Fixed some module build problems on FreeBSD and Tru64
Version 1.5.2, 2006-01-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed an off-by-one memory read in MISTY1::key()
* Fixed a nasty memory leak in Output_Buffers::retire()
* Reimplemented the memory allocator from scratch
* Improved memory caching in Montgomery exponentiation
* Optimizations for multiple precision addition and subtraction
* Fixed a build problem in the hardware timer module on 64-bit PowerPC
* Changed default Karatsuba cutoff to 12 words (was 14)
* Removed MemoryRegion::bits(), which was unused and incorrect
* Changed maximum HMAC keylength to 1024 bits
* Various minor Makefile and build system changes
* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
* Switched checks/clock.cpp back to using clock() by default
* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
* Removed the Default_Mutex's unused clone() member function
Version 1.5.1, 2006-01-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Implemented Montgomery exponentiation
* Implemented generalized Karatsuba multiplication and squaring
* Implemented Comba squaring for 4, 6, and 8 word inputs
* Added new Modular_Exponentiator and Power_Mod classes
* Removed FixedBase_Exp and FixedExponent_Exp
* Fixed a performance regression in get_allocator introduced in 1.5.0
* Engines can now offer S2K algorithms and block cipher padding methods
* Merged the remaining global 'algolist' code into Default_Engine
* The low-level MPI code is linked as C again
* Replaced BigInt's get_nibble with the more general get_substring
* Some documentation updates
Version 1.5.0, 2006-01-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Moved all global/shared library state into a single object
* Mutex objects are created through mutex factories instead of a global
* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
* Removed the RNG_Quality enum entirely
* There is now only a single global-use PRNG
* Removed the no_aliases and no_oids options for LibraryInitializer
* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
* Change es_ftw to use unbuffered I/O
Series 1.4
----------------------------------------
Version 1.4.12, 2006-01-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed an off-by-one memory read in MISTY1::key()
* Fixed a nasty memory leak in Output_Buffers::retire()
* Changed maximum HMAC keylength to 1024 bits
* Fixed a build problem in the hardware timer module on 64-bit PowerPC
Version 1.4.11, 2005-12-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Changed Whirlpool diffusion matrix to match updated algorithm spec
* Fixed several engine module build errors introduced in 1.4.10
* Fixed two build problems in es_capi; reported by Matthew Gregan
* Added a constructor to DataSource_Memory taking a std::string
* Placing the same Filter in multiple Pipes triggers an exception
* The configure script accepts --docdir and --libdir
* Merged doc/rngs.txt into the main API document
* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11
Version 1.4.10, 2005-12-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added an implementation of KASUMI, the block cipher used in 3G phones
* Refactored Pipe; output queues are now managed by a distinct class
* Made certain Filter facilities only available to subclasses of Fanout_Filter
* There is no longer any overhead in Pipe for a message that has been read out
* It is now possible to generate RSA keys as small as 128 bits
* Changed some of the core classes to derive from Algorithm as a virtual base
* Changed Randpool to use HMAC instead of a plain hash as the mixing function
* Fixed a bug in the allocators; found and fixed by Matthew Gregan
* Enabled the use of binary file I/O, when requested by the application
* The OpenSSL engine's block cipher code was missing some deallocation calls
* Disabled the es_ftw module on NetBSD, due to header problems there
* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
* Some cleanups for the modules that use inline assembler
* config.h is now stored in build/ instead of build/include/botan/
* The header util.h was split into bit_ops.h, parsing.h, and util.h
* Cleaned up some redundant include directives
Version 1.4.9, 2005-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added the IBM-created AES candidate algorithm MARS
* Added the South Korean block cipher SEED
* Added the stream cipher Turing
* Added the new hash function FORK-256
* Deprecated the ISAAC stream cipher
* Twofish and RC6 are significantly faster with GCC
* Much better support for 64-bit PowerPC
* Added support for high-resolution PowerPC timers
* Fixed a bug in the configure script causing problems on FreeBSD
* Changed ANSI X9.31 to support arbitrary block ciphers
* Make the configure script a bit less noisy
* Added more test vectors for some algorithms, including all the AES finalists
* Various cosmetic source code cleanups
Version 1.4.8, 2005-10-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Resolved a bad performance problem in the allocators; fix by Matt Johnston
* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
* Renamed OMAC to CMAC to match the official NIST naming
* Added single byte versions of update() to PK_Signer and PK_Verifier
* Removed the unused reverse_bits and reverse_bytes functions
Version 1.4.7, 2005-09-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed major performance problems with recent versions of GNU C++
* Added an implementation of the X9.31 PRNG
* Removed the X9.17 and FIPS 186-2 PRNG algorithms
* Changed defaults to use X9.31 PRNGs as global PRNG objects
* Documentation updates to reflect the PRNG changes
* Some cleanups related to the engine code
* Removed two useless headers, base_eng.h and secalloc.h
* Removed PK_Verifier::valid_signature
* Fixed configure/build system bugs affecting MacOS X builds
* Added support for the EKOPath x86-64 compiler
* Added missing destructor for BlockCipherModePaddingMethod
* Fix some build problems with Visual C++ 2005 beta
* Fix some build problems with Visual C++ 2003 Workshop
Version 1.4.6, 2005-03-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix an error in the shutdown code introduced in 1.4.5
* Setting base/pkcs8_tries to 0 disables the builtin fail-out
* Support for XMPP identifiers in X.509 certificates
* Duplicate entries in X.509 DNs are removed
* More fixes for Borland C++, from Friedemann Kleint
* Add a workaround for buggy iostreams
Version 1.4.5, 2005-02-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add support for AES encryption of private keys
* Minor fixes for PBES2 parameter decoding
* Internal cleanups for global state variables
* GCC 3.x version detection was broken in non-English locales
* Work around a Sun Forte bug affecting mem_pool.h
* Several fixes for Borland C++ 5.5, from Friedemann Kleint
* Removed inclusion of init.h into base.h
* Fixed a major bug in reading from certificate stores
* Cleaned up a couple of mutex leaks
* Removed some left-over debugging code
* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF
Version 1.4.4, 2004-12-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Further tweaks to the pooling allocator
* Modified EMSA3 to support SSL/TLS signatures
* Changes to support Qt/QCA, from Justin Karneges
* Moved mux_qt module code into mod_qt
* Fixes for HP-UX from Mike Desjardins
Version 1.4.3, 2004-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Split up SecureAllocator into Allocator and Pooling_Allocator
* Memory locking allocators are more likely to be used
* Fixed the placement of includes in some modules
* Fixed broken installation procedure
* Fixes in configure script to support alternate install programs
* Modules can specify the minimum version they support
Version 1.4.2, 2004-10-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a major CRL handling bug
* Cipher and hash operations can be offloaded to engines
* Added support for cipher and hash offload in OpenSSL engine
* Improvements for 64-bit CPUs without a widening multiply instruction
* Support for SHA2-* and Whirlpool with EMSA2
* Fixed a long-standing build problem with conflicting include files
* Fixed some examples that hadn't been updated for 1.4.x
* Portability fixes for Solaris, BSD, HP-UX, and others
* Lots of fixes and cleanups in the configure script
* Updated the Gentoo ebuild file
Version 1.4.1, 2004-10-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed major errors in the X.509 and PKCS #8 copy_key functions
* Added a LAST_MESSAGE meta-message number for Pipe
* Added new aliases (3DES and DES-EDE) for Triple-DES
* Added some new functions to PK_Verifier
* Cleaned up the KDF interface
* Disabled tm_posix on BSD due to header issues
* Fixed a build problem on PowerPC with GNU C++ pre-3.4
Version 1.4.0, 2004-06-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added the FIPS 186 RNG back
* Added copy_key functions for X.509 public keys and PKCS #8 private keys
* Fixed PKCS #1 signatures with RIPEMD-128
* Moved some code around to avoid warnings with Sun ONE compiler
* Fixed a bug in botan-config affecting OpenBSD
* Fixed some build problems on Tru64, HP-UX
* Fixed compile problems with Intel C++, Compaq C++
Series 1.3
----------------------------------------
Version 1.3.14, 2004-06-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added support for AEP's AEP1000/AEP2000 crypto cards
* Added a Mutex module using Qt, from Justin Karneges
* Added support for engine loading in LibraryInitializer
* Tweaked SecureAllocator, giving 20% better performance under heavy load
* Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
* Renamed PK_Engine to Engine_Core
* Improved the Karatsuba cutoff points
* Fixes for compiling with GCC 3.4 and Sun C++ 5.5
* Fixes for Linux/s390, OpenBSD, and Solaris
* Added support for Linux/s390x
* The configure script was totally broken for 'generic' OS
* Removed Montgomery reduction due to bugs
* Removed an unused header, pkcs8alg.h
* check --validate returns an error code if any tests failed
* Removed duplicate entry in Unix command list for es_unix
* Moved the Cert_Usage enumeration into X509_Store
* Added new timing methods for PK benchmarks, clock_gettime and RDTSC
* Fixed a few minor bugs in the configure script
* Removed some deprecated functions from x509cert.h and pkcs10.h
* Removed the 'minimal' module, has to be updated for Engine support
* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
* Documentation updates
Version 1.3.13, 2004-05-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Major fixes for Cygwin builds
* Minor MacOS X install fixes
* The configure script is a little better at picking the right modules
* Removed ml_unix from the 'unix' module set for Cygwin compatibility
* Fixed a stupid compile problem in pkcs10.h
Version 1.3.12, 2004-05-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added ability to remove old entries from CRLs
* Swapped the first two arguments of X509_CA::update_crl()
* Added an < operator for MemoryRegion, so it can be used as a std::map key
* Changed X.509 searching by DNS name from substring to full string compares
* Renamed a few X509_Certificate and PKCS10_Request member functions
* Fixed a problem when decoding some PKCS #10 requests
* Hex_Decoder would not check inputs, reported by Vaclav Ovsik
* Changed default CRL expire time from 30 days to 7 days
* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
* Corrected errors in the API doc, fixes from Ken Perano
* More documentation about the Pipe/Filter code
Version 1.3.11, 2004-04-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed two show-stopping bugs in PKCS10_Request
* Added some sanity checks in Pipe/Filter
* The DNS and URI entries would get swapped in subjectAlternativeNames
* MAC_Filter is now willing to not take a key at creation time
* Setting the expiration times of certs and CRLs is more flexible
* Fixed problems building on AIX with GCC
* Fixed some problems in the tutorial pointed out by Dominik Vogt
* Documentation updates
Version 1.3.10, 2004-03-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added support for OpenPGP's ASCII armor format
* Cleaned up the RNG system; seeding is much more flexible
* Added simple autoconfiguration abilities to configure.pl
* Fixed a GCC 2.95.x compile problem
* Updated the example configuration file
* Documentation updates
Version 1.3.9, 2004-03-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added an engine using OpenSSL (requires 0.9.7 or later)
* X509_Certificate would lose email addresses stored in the DN
* Fixed a missing initialization in a BigInt constructor
* Fixed several Visual C++ compile problems
* Fixed some BeOS build problems
* Fixed the WiderWake benchmark
Version 1.3.8, 2003-12-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Internal changes to PK algorithms to divide data and algorithms
* DSA/DH/NR/ElGamal constructors accept taking just the private key again
* ElGamal keys now support being imported/exported as ASN.1 objects
* Much more consistent and complete error checking in PK algorithms
* Support for arbitrary backends (engines) for PK operations
* Added Montgomery reductions
* Added an engine that uses GNU MP (requires 4.1 or later)
* Removed the obsolete mp_gmp module
* Moved several initialization/shutdown functions to init.h
* Major refactoring of the memory containers
* New non-locking container, MemoryVector
* Fixed 64-bit problems in BigInt::set_bit/clear_bit
* Renamed PK_Key::check_params() to check_key()
* Some incompatible changes to OctetString
* Added version checking macros in version.h
* Removed the fips140 module pending rewrite
* Added some functions and hooks to help GUIs
* Moved more shared code into MDx_HashFunction
* Added a policy hook for specifying the encoding of X.509 strings
Version 1.3.7, 2003-12-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a big security problem in es_unix
* Fixed several stability problems in es_unix
* Expanded the list of programs es_unix will try to use
* SecureAllocator now only preallocates blocks in special cases
* Added a special case in Global_RNG::seed for forcing a full poll
* Removed the FIPS 186 RNG added in 1.3.5 pending further testing
* Configure updates for PowerPC CPUs
* Removed the (never tested) VAX support
* Added support for S/390 Linux
Version 1.3.6, 2003-12-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added a new module 'minimal', which disables most algorithms
* SecureAllocator allocates a few blocks at startup
* A few minor MPI cleanups
* RPM spec file cleanups and fixes
Version 1.3.5, 2003-11-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Major improvements in ASN.1 string handling
* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
* Added partial support for the X.509v3 certificate policies extension
* Centralized the handling of character set information
* Added FIPS 140-2 startup self tests
* Added a module (fips140) for doing extra FIPS 140-2 tests
* Added FIPS 186-2 RNG
* Improved ASN.1 BIT STRING handling
* Removed a memory leak in PKCS10_Request
* The encoding of DirectoryString now follows PKIX guidelines
* Fixed some of the character set dependencies
* Fixed a DER encoding error for tags greater than 30
* The BER decoder can now handle tags larger than 30
* Fixed tm_hard.cpp to recognize SPARC on more systems
* Workarounds for a GCC 2.95.x bug in x509find.cpp
* RPM changed to install into /usr instead of /usr/local
* Added support for QNX
Version 1.3.4, 2003-11-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added a module that does certain MPI operations using GNU MP
* Added the X9.42 Diffie-Hellman PRF
* The Zlib and Bzip2 objects now use custom allocators
* Added member functions for directly hashing/MACing SecureVectors
* Minor optimizations to the MPI addition and subtraction algorithms
* Some cleanups in the low-level MPI code
* Created separate AES-{128,192,256} objects
Version 1.3.3, 2003-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The library can now be repeatedly initialized and shutdown without crashing
* Fixed an off-by-one error in the CTS code
* Fixed an error in the EMSA4 verification code
* Fixed a memory leak in mutex.cpp (pointed out by James Widener)
* Fixed a memory leak in Pthread_Mutex
* Fixed several memory leaks in the testing code
* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
* Minor cleanups in SecureAllocator
* Removed a needless mutex guarding the (stateless) global timer
* Fixed a piece of bash-specific code in botan-config
* X.509 objects report more information about decoding errors
* Cleaned up some of the exception handling
* Updated the example config file with new OIDSs
* Moved the build instructions into a separate document, building.tex
Version 1.3.2, 2003-11-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a bug preventing DSA signatures from verifying on X.509 objects
* Made the X509_Store search routines more efficient and flexible
* Added a function to X509_PublicKey to do easy public/private key matching
* Added support for decoding indefinite length BER data
* Changed Pipe's peek() to take an offset
* Removed Filter::set_owns in favor of the new incr_owns function
* Removed BigInt::zero() and BigInt::one()
* Renamed the PEM related options from base/pem_* to pem/*
* Added an option to specify the line width when encoding PEM
* Removed the "rng/safe_longterm" option; it's always on now
* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
* Cleaned up the base64/hex encoders and decoders
* Added an ASN.1/BER decoder as an example
* AES had its internals marked 'public' in previous versions
* Changed the value of the ASN.1 NO_OBJECT enum
* Various new hacks in the configure script
* Removed the already nominal support for SunOS
Version 1.3.1, 2003-11-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Generalized a few pieces of the DER encoder
* PKCS8::load_key would fail if handed an unencrypted key
* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop
Version 1.3.0, 2003-11-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Major redesign of the PKCS #8 private key import/export system
* Added a small amount of UI interface code for getting passphrases
* Added heuristics that tell if a key, cert, etc is stored as PEM or BER
* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
* Made PEM decoding more forgiving of extra text before the header
Series 1.2
----------------------------------------
Version 1.2.8, 2003-11-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Merged several important bug fixes from 1.3.x
Version 1.2.7, 2003-10-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added support for reading configuration files
* Added constructors so NR and RW keys can be imported easily
* Fixed mp_asm64, which was completely broken in 1.2.6
* Removed tm_hw_ia32 module; replaced by tm_hard
* Added support for loading certain oddly formed RSA certificates
* Fixed spelling of NON_REPUDIATION enum
* Renamed the option default_to_ca to v1_assume_ca
* Fixed a minor bug in X.509 certificate generation
* Fixed a latent bug in the OID lookup code
* Updated the RPM spec file
* Added to the tutorial
Version 1.2.6, 2003-07-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Major performance increase for PK algorithms on most 64-bit systems
* Cleanups in the low-level MPI code to support asm implementations
* Fixed build problems with some versions of Compaq's C++ compiler
* Removed useless constructors for NR public and private keys
* Removed support for the patch_file directive in module files
* Removed several deprecated functions
Version 1.2.5, 2003-06-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a tricky and long-standing memory leak in Pipe
* Major cleanups and fixes in the memory allocation system
* Removed alloc_mlock, which has been superseded by the ml_unix module
* Removed a denial of service vulnerability in X509_Store
* Fixed compilation problems with VS .NET 2003 and Codewarrior 8
* Added another variant of PKCS8::load_key, taking a memory buffer
* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
* BigInt::operator%=(word) was a no-op if the input was a power of 2
* Fixed portability problems in BigInt::to_u32bit
* Fixed major bugs in SSL3-MAC
* Cleaned up some messes in the PK algorithms
* Cleanups and extensions for OMAC and EAX
* Made changes to the entropy estimation function
* Added a 'beos' module set for use on BeOS
* Officially deprecated a few X509:: and PKCS8:: functions
* Moved the contents of primes.h to numthry.h
* Moved the contents of x509opt.h to x509self.h
* Removed the (empty) desx.h header
* Documentation updates
Version 1.2.4, 2003-05-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a bug in EMSA1 affecting NR signature verification
* Fixed a few latent bugs in BigInt related to word size
* Removed an unused function, mp_add2_nc, from the MPI implementation
* Reorganized the core MPI files
Version 1.2.3, 2003-05-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a bug that prevented DSA/NR key generation
* Fixed a bug that prevented importing some root CA certs
* Fixed a bug in the BER decoder when handing optional bit or byte strings
* Fixed the encoding of authorityKeyIdentifier in X509_CA
* Added a sanity check in PBKDF2 for zero length passphrases
* Added versions of X509::load_key and PKCS8::load_key that take a file name
* X509_CA generates 128 bit serial numbers now
* Added tests to check PK key generation
* Added a simplistic X.509 CA example
* Cleaned up some of the examples
Version 1.2.2, 2003-05-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add checks to prevent any BigInt bugs from revealing an RSA or RW key
* Changed the interface of Global_RNG::seed
* Major improvements for the es_unix module
* Added another Win32 entropy source, es_win32
* The Win32 CryptoAPI entropy source can now poll multiple providers
* Improved the BeOS entropy source
* Renamed pipe_unixfd module to fd_unix
* Fixed a file descriptor leak in the EGD module
* Fixed a few locking bugs
Version 1.2.1, 2003-05-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added ANSI X9.23 compatible CBC padding
* Added an entropy source using Win32 CryptoAPI
* Removed the Pipe I/O operators taking a FILE*
* Moved the BigInt encoding/decoding functions into the BigInt class
* Integrated several fixes for VC++ 7 (from Hany Greiss)
* Fixed the configure.pl script for Windows builds
Version 1.2.0, 2003-04-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Tweaked the Karatsuba cut-off points
* Increased the allowed keylength of HMAC and Blowfish
* Removed the 'mpi_ia32' module, pending rewrite
* Workaround a GCC 2.95.x bug in eme1.cpp
Series 1.1
----------------------------------------
Version 1.1.13, 2003-04-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added OMAC
* Added EAX authenticated cipher mode
* Diffie-Hellman would not do blinding in some cases
* Optimized the OFB and CTR modes
* Corrected Skipjack's word ordering, as per NIST clarification
* Support for all subject/issuer attribute types required by RFC 3280
* The removeFromCRL CRL reason code is now handled correctly
* Increased the flexibility of the allocators
* Renamed Rijndael to AES, created aes.h, deleted rijndael.h
* Removed support for the 'no_timer' LibraryInitializer option
* Removed 'es_pthr' module, pending further testing
* Cleaned up get_ciph.cpp
Version 1.1.12, 2003-04-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a ASN.1 string encoding bug
* Fixed a pair of X509_DN encoding problems
* Base64_Decoder and Hex_Decoder can now validate input
* Removed support for the LibraryInitializer option 'egd_path'
* Added tests for DSA X.509 and PKCS #8 key formats
* Removed a long deprecated feature of DH_PrivateKey's constructor
* Updated the RPM .spec file
* Major documentation updates
Version 1.1.11, 2003-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added PKCS #10 certificate requests
* Changed X509_Store searching interface to be more flexible
* Added a generic Certificate_Store interface
* Added a function for generating self-signed X.509 certs
* Cleanups and changes to X509_CA
* New examples for PKCS #10 and self-signed certificates
* Some documentation updates
Version 1.1.10, 2003-04-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* X509_CA can now generate new X.509 CRLs
* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
* More certificate and CRL extensions/attributes are supported
* Better DN handling in X.509 certificates/CRLs
* Added a DataSink hierarchy (suggested by Jim Darby)
* Consolidated SecureAllocator and ManagedAllocator
* Many cleanups and generalizations
* Added a (slow) pthreads based EntropySource
* Fixed some threading bugs
Version 1.1.9, 2003-02-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added support for using X.509v2 CRLs
* Fixed several bugs in the path validation algorithm
* Certificates can be verified for a particular usage
* Algorithm for comparing distinguished names now follows X.509
* Cleaned up the code for the es_beos, es_ftw, es_unix modules
* Documentation updates
Version 1.1.8, 2003-01-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixes for the certificate path validation algorithm in X509_Store
* Fixed a bug affecting X509_Certificate::is_ca_cert()
* Added a general configuration interface for policy issues
* Cleanups and API changes in the X.509 CA, cert, and store code
* Made various options available for X509_CA users
* Changed X509_Time's interface to work around time_t problems
* Fixed a theoretical weakness in Randpool's entropy mixing function
* Fixed problems compiling with GCC 2.95.3 and GCC 2.96
* Fixed a configure bug (reported by Jon Wilson) affecting MinGW
Version 1.1.7, 2003-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed an obscure but dangerous bug in SecureVector::swap
* Consolidated SHA-384 and SHA-512 to save code space
* Added SSL3-MAC and SSL3-PRF
* Documentation updates, including a new tutorial
Version 1.1.6, 2002-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Initial support for X.509v3 certificates and CAs
* Major redesign/rewrite of the ASN.1 encoding/decoding code
* Added handling for DSA/NR signatures encoded as DER SEQUENCEs
* Documented the generic cipher lookup interface
* Added an (untested) entropy source for BeOS
* Various cleanups and bug fixes
Version 1.1.5, 2002-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added the discrete logarithm integrated encryption system (DLIES)
* Various optimizations for BigInt
* Added support for assembler optimizations in modules
* Added BigInt x86 optimizations module (mpi_ia32)
Version 1.1.4, 2002-11-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Speedup of 15-30% for PK algorithms
* Implemented the PBES2 encryption scheme
* Fixed a potential bug in decoding RSA and RW private keys
* Changed the DL_Group class interface to handle different formats better
* Added support for PKCS #3 encoded DH parameters
* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
* Added key pair consistency checking
* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
* A botan-config script is generated at configure time
* Documentation updates
Version 1.1.3, 2002-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added a generic public/private key loading interface
* Fixed a small encoding bug in RSA, RW, and DH
* Changed the PK encryption/decryption interface classes
* ECB supports using padding methods
* Added a function-based interface for library initialization
* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
* The cipher mode benchmarks now use 128-bit AES instead of DES
* Removed some obsolete typedefs
* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
* Added tests for PKCS #8 encoding/decoding
* Added more tests for ECB and CBC
Version 1.1.2, 2002-10-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Support for PKCS #8 encoded RSA, DSA, and DH private keys
* Support for Diffie-Hellman X.509 public keys
* Major reorganization of how X.509 keys are handled
* Added PKCS #5 v2.0's PBES1 encryption scheme
* Added a generic cipher lookup interface
* Added the WiderWake4+1 stream cipher
* Added support for sync-able stream ciphers
* Added a 'paranoia level' option for the LibraryInitializer
* More security for RNG output meant for long term keys
* Added documentation for some of the new 1.1.x features
* CFB's feedback argument is now specified in bits
* Renamed CTR class to CTR_BE
* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats
Version 1.1.1, 2002-10-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added the Korean hash function HAS-160
* Partial support for RSA and DSA X.509 public keys
* Added a mostly functional BER encoder/decoder
* Added support for non-deterministic MAC functions
* Initial support for PEM encoding/decoding
* Internal cleanups in the PK algorithms
* Several new convenience functions in Pipe
* Fixed two nasty bugs in Pipe
* Messed with the entropy sources for es_unix
* Discrete logarithm groups are checked for safety more closely now
* For compatibility with GnuPG, ElGamal now supports DSA-style groups
Version 1.1.0, 2002-09-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added entropy estimation to the RNGs
* Improved the overall design of both Randpool and ANSI_X917_RNG
* Added a separate RNG for nonce generation
* Added window exponentiation support in power_mod
* Added a get_s2k function and the PKCS #5 S2K algorithms
* Added the TLSv1 PRF
* Replaced BlockCipherModeIV typedef with InitializationVector class
* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
* Added support for RIPEMD-160 PKCS#1 v1.5 signatures
* Changed the key agreement scheme interface
* Changed the S2K and KDF interfaces
* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
* Added support for variable-pass Tiger
* Major speedup for Rabin-Williams key generation
Series 1.0
----------------------------------------
Version 1.0.2, 2003-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed an obscure SEGFAULT causing bug in Pipe
* Fixed an obscure but dangerous bug in SecureVector::swap
Version 1.0.1, 2002-09-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed a minor bug in Randpool::random()
* Added some new aliases and typedefs for 1.1.x compatibility
* The 4096-bit RSA benchmark key was decimal instead of hex
* EMAC was returning an incorrect name
Version 1.0.0, 2002-08-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Octal I/O of BigInt is now supported
* Fixed portability problems in the es_egd module
* Generalized IV handling in the block cipher modes
* Added Karatsuba multiplication and k-ary exponentiation
* Fixed a problem in the multiplication routines
Series 0.9
----------------------------------------
Version 0.9.2, 2002-08-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* DH_PrivateKey::public_value() was returning the wrong value
* Various BigInt optimizations
* The filters.h header now includes hex.h and base64.h
* Moved Counter mode to ctr.h
* Fixed a couple minor problems with VC++ 7
* Fixed problems with the RPM spec file
Version 0.9.1, 2002-08-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Grand rename from OpenCL to Botan
* Major optimizations for the PK algorithms
* Added ElGamal encryption
* Added Whirlpool
* Tweaked memory allocation parameters
* Improved the method of seeding the global RNG
* Moved pkcs1.h to eme_pkcs.h
* Added more test vectors for some algorithms
* Fixed error reporting in the BigInt tests
* Removed Default_Timer, it was pointless
* Added some new example applications
* Removed some old examples that weren't that interesting
* Documented the compression modules
Version 0.9.0, 2002-08-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* EMSA4 supports variable salt size
* PK_* can take a string naming the encoding method to use
* Started writing some internals documentation
Series 0.8
----------------------------------------
Version 0.8.7, 2002-07-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed bugs in EME1 and EMSA4
* Fixed a potential crash at shutdown
* Cipher modes returned an ill-formed name
* Removed various deprecated types and headers
* Cleaned up the Pipe interface a bit
* Minor additions to the documentation
* First stab at a Visual C++ makefile (doc/Makefile.vc7)
Version 0.8.6, 2002-07-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added EMSA4 (aka PSS)
* Brought the manual up to date; many corrections and additions
* Added a parallel hash function construction
* Lookup supports all available algorithms now
* Lazy initialization of the lookup tables
* Made more discrete logarithm groups available through get_dl_group()
* StreamCipher_Filter supports seeking (if the underlying cipher does)
* Minor optimization for GCD calculations
* Renamed SAFER_SK128 to SAFER_SK
* Removed many previously deprecated functions
* Some now-obsolete functions, headers, and types have been deprecated
* Fixed some bugs in DSA prime generation
* DL_Group had a constructor for DSA-style prime gen but it wasn't defined
* Reversed the ordering of the two arguments to SEAL's constructor
* Fixed a threading problem in the PK algorithms
* Fixed a minor memory leak in lookup.cpp
* Fixed pk_types.h (it was broken in 0.8.5)
* Made validation tests more verbose
* Updated the check and example applications
Version 0.8.5, 2002-07-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
* Added a DL_Group class
* Reworking of the pubkey internals
* Support in lookup for aliases and PK algorithms
* Renamed CAST5 to CAST_128 and CAST256 to CAST_256
* Added EMSA1
* Reorganization of header files
* LibraryInitializer will install new allocator types if requested
* Fixed a bug in Diffie-Hellman key generation
* Did a workaround in pipe.cpp for GCC 2.95.x on Linux
* Removed some debugging code from init.cpp that made FTW ES useless
* Better checking for invalid arguments in the PK algorithms
* Reduced Base64 and Hex default line length (if line breaking is used)
* Fixes for HP's aCC compiler
* Cleanups in BigInt
Version 0.8.4, 2002-07-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added Nyberg-Rueppel signatures
* Added Diffie-Hellman key exchange (kex interface is subject to change)
* Added KDF2
* Enhancements to the lookup API
* Many things formerly taking pointers to algorithms now take names
* Speedups for prime generation
* LibraryInitializer has support for seeding the global RNG
* Reduced SAFER-SK128 memory consumption
* Reversed the ordering of public and private key values in DSA constructor
* Fixed serious bugs in MemoryMapping_Allocator
* Fixed memory leak in Lion
* FTW_EntropySource was not closing the files it read
* Fixed line breaking problem in Hex_Encoder
Version 0.8.3, 2002-06-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added DSA and Rabin-Williams signature schemes
* Added EMSA3
* Added PKCS#1 v1.5 encryption padding
* Added Filters for PK algorithms
* Added a Keyed_Filter class
* LibraryInitializer processes arguments now
* Major revamp of the PK interface classes
* Changed almost all of the Filters for non-template operation
* Changed HMAC, Lion, Luby-Rackoff to non-template classes
* Some fairly minor BigInt optimizations
* Added simple benchmarking for PK algorithms
* Added hooks for fixed base and fixed exponent modular exponentiation
* Added some examples for using RSA
* Numerous bugfixes and cleanups
* Documentation updates
Version 0.8.2, 2002-05-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added an (experimental) algorithm lookup interface
* Added code for directly testing BigInt
* Added SHA2-384
* Optimized SHA2-512
* Major optimization for Adler32 (thanks to Dan Nicolaescu)
* Various minor optimizations in BigInt and related areas
* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
* Fixed a bug in BufferingFilter
* Made a few fixes for MacOS X
* Added a workaround in configure.pl for GCC 2.95.x
* Better support for PowerPC, ARM, and Alpha
* Some more cleanups
Version 0.8.1, 2002-05-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Major code cleanup (check doc/deprecated.txt)
* Various bugs fixed, including several portability problems
* Renamed MessageAuthCode to MessageAuthenticationCode
* A replacement for X917 is in x917_rng.h
* Changed EMAC to non-template class
* Added ANSI X9.19 compatible CBC-MAC
* TripleDES now supports 128 bit keys
Version 0.8.0, 2002-04-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Merged BigInt: many bugfixes and optimizations since alpha2
* Added RSA (rsa.h)
* Added EMSA2 (emsa2.h)
* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
* Changed some interfaces, including SymmetricKey, to support the global rng
* Fixed a serious bug in ManagedAllocator
* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
* Removed some deprecated stuff
* Added a global random number generator (rng.h)
* Added clone functions to most of the basic algorithms
* Added a library initializer class (init.h)
* Version macros in version.h
* Moved the base classes from opencl.h to base.h
* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
* Documentation updates for the new stuff (still incomplete)
* Many new deprecated things: check doc/deprecated.txt
Series 0.7
----------------------------------------
Version 0.7.10, 2002-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Added EGD_EntropySource module (es_egd)
* Added a file tree walking EntropySource (es_ftw)
* Added MemoryLocking_Allocator module (alloc_mlock)
* Renamed the pthr_mux, unix_rnd, and mmap_mem modules
* Changed timer mechanism; the clock method can be switched on the fly.
* Renamed MmapDisk_Allocator to MemoryMapping_Allocator
* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
* Fixed several bugs in MemoryMapping_Allocator
* Added more default sources for Unix_EntropySource
* Changed SecureBuffer to use same allocation methods as SecureVector
* Added bigint_divcore into mp_core to support BigInt alpha2 release
* Removed some Pipe functions deprecated since 0.7.8
* Some fixes for the configure program
Version 0.7.9, 2002-03-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Memory allocation substantially revamped
* Added memory allocation method based on mmap(2) in the mmap_mem module
* Added ECB and CTS block cipher modes (ecb.h, cts.h)
* Added a Mutex interface (mutex.h)
* Added module pthr_mux, implementing the Mutex interface
* Added Threaded Filter interface (thr_filt.h)
* All algorithms can now by keyed with SymmetricKey objects
* More testing occurs with --validate (expected failures)
* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
* Made X917 safer (and about 1/3 as fast)
* Documentation updates
Version 0.7.8, 2002-02-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION
* Added a BufferingFilter class
* Added popen() based EntropySource for generic Unix systems (unix_rnd)
* Moved 'devrand' module into main distribution (ent_file.h), renamed to
File_EntropySource, and changed interface somewhat.
* Made Randpool somewhat more conservative and also 25% faster
* Minor fixes and updates for the configure script
* Added some tweaks for memory allocation
* Documentation updates for the new Pipe interface
* Fixed various minor bugs
* Added a couple of new example programs (stack and hasher2)
Version 0.7.7, 2001-11-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Filter::send now works in the constructor of a Filter subclass
* You may now have to include <opencl/pipe.h> explicitly in some code
* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
* Enhancements to SecureVector (append, destroy functions)
* New infrastructure for secure memory allocation
* Added IEEE P1363 primitives MGF1, EME1, KDF1
* Rijndael optimizations and cleanups
* Changed CipherMode<B> to BlockCipherMode(B*)
* Fixed a nasty bug in pipe_unixfd
* Added portions of the BigInt code into the main library
* Support for VAX, SH, POWER, PowerPC-64, Intel C++
Version 0.7.6, 2001-10-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fixed several serious bugs in SecureVector created in 0.7.5
* Square optimizations
* Fixed shared objects on MacOS X and HP-UX
* Fixed static libs for KCC 4.0; works with KCC 3.4g as well
* Full support for Athlon and K6 processors using GCC
* Added a table of prime numbers < 2**16 (primes.h)
* Some minor documentation updates
Version 0.7.5, 2001-08-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Split checksum.h into adler32.h, crc24.h, and crc32.h
* Split modes.h into cbc.h, cfb.h, and ofb.h
* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
* Added OneAndZeros and NoPadding methods for CBC
* Added Lion, a very fast block cipher construction
* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
* Basic types (ciphers, hashes, etc) know their names now (call name())
* Changed the EntropySource type somewhat
* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
* Some semantics of SecureVector have changed slightly
* The mlock module has been removed for the time being
* Added string handling functions for hashes and MACs
* Various non-user-visible cleanups
* Shared library soname is now set to the full version number
Version 0.7.4, 2001-07-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
* Fixed a vast number of errors in the config script/makefile/specfile
* Pipe now has a stdio(3) interface as well as C++ iostreams
* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
* Bzip2 supports decompressing multiple concatenated streams, and flushing
* Added a simple 'overall average' score to the benchmarks
* Fixed a small bug in the POSIX timer module
* Removed a very-unlikely-to-occur bug in most of the hash functions
* filtbase.h now includes <iosfwd>, not <iostream>
* Minor documentation updates
Version 0.7.3, 2001-06-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix build problems on Solaris/SPARC
* Fix build problems with Perl versions < 5.6
* Fixed some stupid code that broke on a few compilers
* Added string handling functions to Pipe
* MISTY1 optimizations
Version 0.7.2, 2001-06-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Build system supports modules
* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
* Added Bzip2 compression filter, contributed by Peter Jones
* GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
* Fixed minor bug in several of the hash functions
* Various other minor fixes and changes
* Updates to the documentation
Version 0.7.1, 2001-05-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Rewrote configure script: more consistent and complete
* Made it easier to find out parameters of types at run time (opencl.h)
* New functions for finding the version being used (version.h)
* New SymmetricKey interface for Filters (symkey.h)
* InvalidKeyLength now records what the invalid key length was
* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
* Changed GOST to use correct S-box ordering (incompatible change)
* Benchmark code was almost totally rewritten
* Many more entries in the test vector file
* Fixed minor and idiotic bug in check.cpp
Version 0.7.0, 2001-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* First public release
|