|
143
|
1 October 29th, 2004
|
|
|
2 v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes
|
|
|
3 -- Deprecated LTMSSE and removed it (to be replaced with TFM later on)
|
|
|
4 -- Stefan Arentz pointed out that mp_s_rmap should be extern
|
|
|
5 -- Kristian Gj�steen pointed out that there are typos in the
|
|
|
6 "test" makefile and minor issues in Yarrow and Sober [just cosmetics really]
|
|
|
7 -- Matthew P. Cashdollar pointed out that "export" is a C++ keyword
|
|
|
8 so changed the PRNG api to use "pexport" and "pimport"
|
|
|
9 -- Updated "hashsum" demo so it builds ;-)
|
|
|
10 -- Added automatic support for x86-64 (will configure for 64-bit little endian automagically)
|
|
|
11 -- Zhi Chen pointed out a bug in rsa_exptmod which would leak memory on error.
|
|
|
12 -- Made hash functions "init" return an int. slight change to API ;-(
|
|
|
13 -- Added "CHC" mode which turns any cipher into a hash the other LTC functions can use
|
|
|
14 -- Added CHC mode stuff to demos such as tv_gen and hashsum
|
|
|
15 -- Added "makefile.shared" which builds and installs shared/static object copies
|
|
|
16 of the library.
|
|
|
17 -- Added DER for bignum support
|
|
|
18 -- RSA is now fully joy. rsa_export/rsa_import use PKCS #1 encodings and should be
|
|
|
19 compatible with other crypto libs that use the format.
|
|
|
20 -- Added support for x86-64 for the ROL/ROR macros
|
|
|
21 -- Changed the DLL and SO makefiles to optimize for speed, commented SMALL_CODE in
|
|
|
22 mycrypt_custom.h and added -DSMALL_CODE to the default makefile
|
|
|
23 -- Updated primality testing code so it does a minimum of 5 tests [of Miller-Rabin]
|
|
|
24 (AFAIK not a security fix, just warm fuzzies)
|
|
|
25 -- Minor updates to the OMAC code (additional __ARGCHK and removed printf from omac_test... oops!)
|
|
|
26 -- Update build and configuration info which was really really really out of date. (Chapter 14)
|
|
|
27 ++ Minor update, switch RSA to use the PKCS style CRT
|
|
|
28
|
|
|
29 August 6th, 2004
|
|
|
30 v0.98 -- Update to hmac_init to free all allocated memory on error
|
|
|
31 -- Update to PRNG API to fix import/export functions of Fortuna and Yarrow
|
|
|
32 -- Added test functions to PRNG api, RC4 now conforms ;-) [was a minor issue]
|
|
|
33 -- Added the SOBER-128 PRNG based off of code donated by Greg Rose.
|
|
|
34 -- Added Tech Note #4 [notes/tech0004.txt]
|
|
|
35 -- Changed RC4 back [due to request]. It will now XOR the output so you can use it like
|
|
|
36 a stream cipher easily.
|
|
|
37 -- Update Fortuna's export() to emit a hash of each pool. This means that the accumulated
|
|
|
38 entropy that was spread over all the pools isn't entirely lost when you export/import.
|
|
|
39 -- Zhi Chen suggested a comment for rsa_encrypt_key() to let users know [easily] that it was
|
|
|
40 PKCS #1 v2.0 padding. (updated other rsa_* functions)
|
|
|
41 -- Cleaned up Noekeon to remove unrolling [wasn't required, was messy and actually slower with GCC/ICC]
|
|
|
42 -- Updated RC4 so that when you feed it >256 bytes of entropy it quietly ignores additional
|
|
|
43 bytes. Also removed the % from the key setup to speed it up a bit.
|
|
|
44 -- Added cipher/hash/prng tests to x86_prof to help catch bugs while testing
|
|
|
45 -- Made the PRNG "done" return int, fixed sprng_done to not require prng* to be non-null
|
|
|
46 -- Spruced up mycrypt_custom.h to trap more errors and also help prevent LTMSSE from being defined
|
|
|
47 on non-i386 platforms by accident.
|
|
|
48 -- Added RSA/ECC/DH speed tests to x86_prof and cleaned it up to build with zero warnings
|
|
|
49 -- Changed Fortuna to count only entropy [not the 2 byte header] added to pool[0] into the
|
|
|
50 reseed mechanism.
|
|
|
51 -- Added "export_size" member to prng_descriptor tables so you can know in advance the size of
|
|
|
52 the exported state for any given PRNG.
|
|
|
53 -- Ported over patch on LTM 0.30 [not ready to release LTM 0.31] that fixes bug in mp_mul()/mp_div()
|
|
|
54 that used to result in negative zeroes when you multiplied zero by a negative integer.
|
|
|
55 (patch due to "Wolfgang Ehrhardt" <[email protected]>)
|
|
|
56 -- Fixed rsa_*decrypt_key() and rsa_*verify_hash() to default to invalid "stat" or "res". This way
|
|
|
57 if any of the higher level functions fail [before you get to the padding] the result will be in
|
|
|
58 a known state]. Applied to both v2 and v1.5 padding helpers.
|
|
|
59 -- Added MACs to x86_prof
|
|
|
60 -- Fixed up "warnings" in x86_prof and tv_gen
|
|
|
61 -- Added a "profiled" target back [for GCC 3.4 and ICC v8]. Doesn't seem to help but might be worth
|
|
|
62 tinkering with.
|
|
|
63 -- Beefed up load/store test in demos/test
|
|
|
64
|
|
|
65 ++ New note, in order to use the optimized LOAD/STORE macros your platform
|
|
|
66 must support unaligned 32/64 bit load/stores. The x86s support this
|
|
|
67 but some [ARM for instance] do not. If your platform cannot perform
|
|
|
68 unaligned operations you must use the endian neutral code which is safe for
|
|
|
69 any sort of platform.
|
|
|
70
|
|
|
71 July 23rd, 2004
|
|
|
72 v0.97b -- Added PKCS #1 v1.5 RSA encrypt/sign helpers (like rsa_sign_hash, etc...)
|
|
|
73 -- Added missing prng check to rsa_decrypt_key() [not critical as I don't use
|
|
|
74 descriptors directly in that function]
|
|
|
75 -- Merged in LTM-SSE, define LTMSSE before you build and you will get SSE2 optimized math ;-)
|
|
|
76 (roughly 3x faster on a P4 Northwood). By default it will compile as ISO C portable
|
|
|
77 code (when LTMSSE is undefined).
|
|
|
78 -- Fixed bug in ltc_tommath.h where I had the kara/toom cutoffs not marked as ``extern''
|
|
|
79 Thanks to "Stefan Arentz" <stefan at organicnetwork.net>
|
|
|
80 -- Steven Dake <[email protected]> and Richard Amacker <[email protected]> submitted patches to
|
|
|
81 fix pkcs_5_2(). It now matches the output of another crypto library. Whoops... hehehe
|
|
|
82 -- Updated PRNG api. Added Fortuna PRNG to the list of supported PRNGs
|
|
|
83 -- Fixed up the descriptor tables since globals are automatically zero'ed on startup.
|
|
|
84 -- Changed RC4 to store it's output. If you want to encrypt with RC4
|
|
|
85 you'll have to do the XOR yourself.
|
|
|
86 -- Fixed buffer overflows/overruns in the HMAC code.
|
|
|
87
|
|
|
88 ++ API change for the PRNGs there now is a done() function per PRNG. You
|
|
|
89 should call it when you are done with a prng state. So far it's
|
|
|
90 not absolutely required (won't cause problems) but is a good idea to
|
|
|
91 start.
|
|
|
92
|
|
|
93
|
|
|
94 June 23rd, 2004
|
|
|
95 v0.97a ++ Fixed several potentially crippling bugs... [read on]
|
|
|
96 -- Fixed bug in OAEP decoder that would incorrectly report
|
|
|
97 buffer overflows. [Zhi Chen]
|
|
|
98 -- Fixed headers which had various C++ missing [extern "C"]'s
|
|
|
99 -- Added "extern" to sha384_desc descriptor which I removed by mistake
|
|
|
100 -- Fixed bugs in ENDIAN_BIG macros using the wrong byte order [Matt Johnston]
|
|
|
101 -- Updated tiger.c and des.c to not shadow "round" which is intrinsic on
|
|
|
102 some C compilers.
|
|
|
103 -- Updated demos/test/rsa_test.c to test the RSA functionality better
|
|
|
104 ++ This update has been tested with GCC [v3.3.3], ICC [v8] and MSVC [v6+SP6]
|
|
|
105 all on a x86 P4 [GCC/ICC tested in Gentoo Linux, MSVC in WinXP]
|
|
|
106 ++ Outcome: The bug Zhi Chen pointed out has been fixed. So have the bugs
|
|
|
107 that Matt Johnston found.
|
|
|
108
|
|
|
109 June 19th, 2004
|
|
|
110 v0.97 -- Removed spurious unused files [arrg!]
|
|
|
111 -- Patched buffer overflow in tim_exptmod()
|
|
|
112 -- Fixed buffer overrun bug in pkcs_1_v15_es_decode()
|
|
|
113 -- Reduced stack usage in PKCS #1 v2.0 padding functions (by several KBs)
|
|
|
114 -- Removed useless extern's that were an artifact from the project start... ;-)
|
|
|
115 -- Replaced memcpy/memset with XMEMCPY and XMEMSET for greater flexibility
|
|
|
116 -- fixed bugs in hmac_done()/hmac_init()/[various others()] where I didn't trap errors
|
|
|
117 -- Reduced stack usage in OMAC/PMAC/HMAC/EAX/OCB/PKCS#5 by mallocing any significant sized
|
|
|
118 arrays (e.g. > 100 bytes or so). Only in non-critical functions (e.g. eax_init())
|
|
|
119 -- "Zhi Chen" <[email protected]> pointed out that rsa_decrypt_key() requires
|
|
|
120 an incorrect output size (too large). Fixed.
|
|
|
121 -- Added a "pretty" target to the GCC makefile. Requires PERL. It is NEAT!
|
|
|
122 -- Minor updates to ch1 of the manual.
|
|
|
123 -- Cleaned up the indentation and added comments to rsa_make_key(), rsa_exptmod() and
|
|
|
124 rsa_verify_hash()
|
|
|
125 -- Updated makefile.icc so the "install" target would work ;-)
|
|
|
126 -- Removed demos/test.c [deprecated from demos/test/test.c]
|
|
|
127 -- Changed MAXBLOCKSIZE from 128 to 64 to reflect the true size...
|
|
|
128
|
|
15
|
129 May 30th, 2004
|
|
|
130 v0.96 -- Removed GF and Keyring code
|
|
|
131 -- Extended OAEP decoder to distinguish better [and use a more uniform API]
|
|
|
132 -- Changed PSS/OAEP API slightly to be more consistent with other PK functions (order of arguments)
|
|
|
133 -- rsa_exptmod() now pads with leading zeroes as per I2OSP.
|
|
|
134 -- added error checking to yarrow code
|
|
143
|
135 -- pointed out that tommath.h from this distro will overwrite tommath.h
|
|
15
|
136 from libtommath. I changed this to ltc_tommath.h to avoid any such problems.
|
|
|
137 -- Fixed bug in PSS encoder/decoder that didn't handle the MSB properly
|
|
|
138 -- refactored AES, now sports an "encrypt only" descriptor which uses half as much code space.
|
|
|
139 -- modded Yarrow to try and use refactored AES code and added WHIRLPOOL support (d'oh) ;-)
|
|
|
140 -- updated ECB, OCB and CBC decrypt functions to detect when "encrypt only" descriptor is used.
|
|
|
141 -- replaced old RSA code with new code that uses PKCS #1 v2.0 padding
|
|
|
142 -- replaced old test harness with new over-engineer'ed one in /demos/test/
|
|
|
143 -- updated cbc/cfb/ofb/ctr code with setiv/getiv functions to change/read the IV without re-keying.
|
|
|
144 -- Added PKCS #1 v1.5 RSA encryption and signature padding routines
|
|
|
145 -- Added DER OID's to most hash descriptors (as many as I could find)
|
|
|
146 -- modded rsa_exptmod() to use timing-resilient tim_exptmod() when doing private key operations
|
|
|
147 added #define RSA_TIMING which can turn on/off this feature.
|
|
|
148 -- No more config.pl so please just read mycrypt_custom.h for build-time tweaks
|
|
|
149 -- Small update to rand_prime()
|
|
|
150 -- Updated sha1, md5 and sha256 so they are smaller when SMALL_CODE is defined. If you want speed though,
|
|
|
151 you're going to have to undefine SMALL_CODE ;-)
|
|
|
152 -- Worked over AES so that it's even smaller now [in both modes].
|
|
|
153
|
|
3
|
154 May 12th, 2004
|
|
|
155 v0.95 -- Optimized AES and WHIRLPOOL for SMALL_CODE by taking advantage of the fact
|
|
|
156 the transforms are circulant. AES dropped 5KB and WHIRLPOOL dropped 13KB
|
|
|
157 using the default build options on the x86.
|
|
|
158 -- Updated eax so the eax_done() would clear the state [like hmac,pmac,ocb] when
|
|
|
159 CLEAN_STACK has been defined.
|
|
|
160 -- added LTC_TEST support to rmd160
|
|
|
161 -- updates to mycrypt_pk.h
|
|
|
162 -- updated rand_prime() to faciliate making RSA composites
|
|
|
163 -- DSA/RSA now makes composites of the exact size desired.
|
|
|
164 -- Refactored quite a bit of the code, fewer functions per C file
|
|
|
165 -- cleaned up the makefiles to organize the objects logically
|
|
|
166 -- added ICC makefile along with "profiled" targets for both GNU and ICC compilers
|
|
|
167 -- Marked functions for removal before v1.00 see PLAN for more information
|
|
|
168 -- GCC 3.4.0 tested and seems to work
|
|
|
169 -- Added PKCS #5 support
|
|
|
170 -- Fixed typo in comment header of .C files ;-)
|
|
|
171 -- Added PKCS #1 OAEP and PSS support.
|
|
|
172
|
|
|
173 Feb 20th, 2004
|
|
|
174 v0.94 -- removed unused variables from ocb.c and fixed it to match known test vectors.
|
|
|
175 -- Added PMAC support, minor changes to OMAC/EAX code [I think....]
|
|
|
176 -- Teamed up with Brian Gladman. His code verifies against my vectors and my code
|
|
|
177 verifies against his test vectors. Hazaa for co-operation!
|
|
|
178 -- Various small changes (added missing ARGCHKs and cleaned up indentation)
|
|
|
179 -- Optimization to base64, removed unused variable "c"
|
|
|
180 -- Added base64 gen to demos/tv_gen.c
|
|
|
181 -- Fix to demos/x86_prof.c to correctly identify the i386 architecture... weird...
|
|
|
182 -- Fixed up all of the PK code by adding missing error checking, removed "res" variables,
|
|
|
183 shrunk some stack variables, removed non-required stack variables and added proper
|
|
|
184 error conversion from MPI to LTC codes. I also spotted a few "off by one" error
|
|
|
185 checking which could have been used to force the code to read past the end of
|
|
|
186 the buffer (in theory, haven't checked if it would work) by a few bytes.
|
|
|
187 -- Added checks to OUTPUT_BIGNUM so the *_export() functions cannot overflow the output and I
|
|
|
188 also modded it so it stores in the output provided to the function (that is not on
|
|
|
189 the local stack) which saves memory and time.
|
|
|
190 -- Made SAFER default to disabled for now (plans are to cleanhouse write an implementation later)
|
|
|
191 -- Added the 512-bit one-way hash WHIRLPOOL which clocks in at 138 cycles per byte on my
|
|
|
192 Athlon XP [for comparison, SHA-512 clocks in at 77 cycles per byte]. This code uses the
|
|
|
193 teams new sbox design (not the original NESSIE one).
|
|
|
194
|
|
|
195
|
|
|
196 Jan 25th, 2004
|
|
|
197 v0.93 -- [note: deleted v0.93 changes by accident... recreating from memory...]
|
|
|
198 -- Fix to RC2 to not deference pointer before ARGCHK
|
|
|
199 -- Fix to NOEKEON to match published test vectors as well as cleaned up the code a bit
|
|
|
200 -- Optimized Twofish [down to 28 cycles/byte on my box] and Blowfish
|
|
|
201 -- Fix to OMAC to test cipher block size first [prevents wasting any time]
|
|
|
202 -- Added more OMAC test vectors
|
|
|
203 -- Added EAX Encrypt+Authenticate support
|
|
|
204 -- Fix to DSA to check return of a few LTM functions I forgot [mp_to_unsigned_bin]
|
|
|
205 -- Added common headers to all C files
|
|
|
206 -- CTR mode supports big and little [default] endian counters now.
|
|
|
207 -- fix to find_cipher_any() so that it can handle a fragmented cipher_descriptor table.
|
|
|
208 -- added find_hash_any() akin to find_cipher_any().
|
|
|
209 -- Added EAX code to demos/tv_gen.c Hazaa!
|
|
|
210 -- Removed SONY defines and files from codebase.
|
|
|
211 -- Added OCB support [patents be damned] and to demos/tv_gen.c
|
|
|
212 -- Merge all of the INPUT/OUTPUT BIGNUM macros (less toc) into mycrypt_pk.h
|
|
|
213 -- Made appropriate changes to the debug string in crypt.c
|
|
|
214
|
|
|
215 Dec 24th, 2003
|
|
|
216 v0.92 -- Updated the config.pl script so the options have more details.
|
|
|
217 -- Updated demos/tv_gen to include RIPEMD hashes
|
|
|
218 -- Updated Twofish so when TWOFISH_ALL_TABLES is defined a pre-computed RS table
|
|
|
219 is included [speedup: slight, about 4k cycles on my Athlon].
|
|
|
220 -- Re-wrote the twofish large key generation [the four 8x32 key dependent tables]. Now about twice as fast.
|
|
|
221 With both optimizations [e.g. TWOFISH_ALL_TABLES defined] a 128-bit Twofish key can now be scheduled
|
|
|
222 in 26,000 cycles on my Athlon XP [as opposed to 49,000 before] when optimized for size.
|
|
|
223 -- config.pl has been updated so rmd128.o and rmd160.o are objects included in the build [oops]
|
|
|
224 -- Andrew Mann found a bug in rsa_exptmod() which wouldn't indicate if the wrong type of key was specified
|
|
|
225 (e.g. not PK_PRIVATE or PK_PUBLIC)
|
|
|
226 -- Fixed up demos/x86_prof so it sorts the output now :-)
|
|
|
227 -- The project is now powered by radioactive rubber pants.
|
|
|
228 -- Fixed dh_encrypt_key() so if you pass it a hash with a smaller output than the input key it
|
|
|
229 will return CRYPT_INVALID_HASH [to match what ecc_encrypt_key() will do]
|
|
|
230 -- Merge the store/encrypt key part of ecc_encrypt_key() as per dh_encrypt_key() [can you guess what I'm upto?]
|
|
|
231 -- Massive updates to the prime generation code. I use the LTM random prime functions [and provide a nice
|
|
|
232 interface between the LTC PRNG's and the LTM generic prng prototype]. I also use a variable number of tests
|
|
|
233 depending on the input size. This nicely speeds up most prime generation/testing within the library.
|
|
|
234 -- Added SHA-224 to the list of hashes.
|
|
|
235 -- Made HMAC test vectors constant and static [takes ROM space instead of RAM]
|
|
|
236 -- This release was brought to you by the letter P which stands for Patent Infringement.
|
|
|
237 -- Added generic HASH_PROCESS macro to mycrypt_hash.h which simplifies the hash "process" functions
|
|
|
238 I also optimized the compression functions of all but MD2 to not perform input copies when avoidable.
|
|
|
239 -- Removed the division from the Blowfish setup function [dropped 3k cycles on my Athlon]
|
|
|
240 -- Added stack cleaning to rijndael, cast5 so now all ciphers have CLEAN_STACK code.
|
|
|
241 -- Added Skipjack to the list of ciphers [made appropriate changes to demos/test.c, demos/tv_gen.c and
|
|
|
242 demos/x86_prof.c]
|
|
|
243 -- Added mechanical testing to cipher test vector routines. Now it encrypts 1000 times, then decrypts and
|
|
|
244 compares. Any fault (e.g. bug in code, compiler) in the routines is likely to show through. Doesn't
|
|
|
245 stress test the key gen though...
|
|
|
246 -- Matt Johnson found a bug in the blowfish.c apparently I was out of my mind and put twofish defines in there
|
|
|
247 The code now builds with any config. Thanks.
|
|
|
248 -- Added OMAC1 Message Authentication Code support to the library.
|
|
|
249 -- Re-prototyped the hash "process" and "done" to prevent buffer overflows [which don't seem easy to exploit].
|
|
|
250 Updated HMAC code to use them too. Hazaa!
|
|
|
251 -- Fixed bug in ECC code which wouldn't do an _ARGCHK on stat in ecc_verify_hash().
|
|
|
252 -- Fixed [temp fix] bug in all PK where the OUTPUT_BIGNUM macros would not trap errors on the to_unsigned_bin
|
|
|
253 conversion [now returns CRYPT_MEM, will fix it up better later]
|
|
|
254 -- Added DSA to the list of supported PK algorithms.
|
|
|
255 -- Fixed up various ciphers to &255 the input key bytes where required [e.g. where used to index a table] to prevent
|
|
|
256 problems on platforms where CHAR_BIT != 8
|
|
|
257 -- Merged in LibTomMath v0.28
|
|
|
258 -- Updated demos/x86_prof.c to use Yarrow during the key sched testing [was horribly slow on platforms with blockable
|
|
|
259 /dev/random].
|
|
|
260 -- Added OMAC/HMAC tests to demos/tv_gen and I now store the output of this in notes/
|
|
|
261 -- Fixed a bug in config.pl that wouldn't have TWOFISH_TABLES defined by default (too many commas on the line)
|
|
|
262 -- Fixed bug in hmac_done(). Apparently FIPS-198 [HMAC] specifies that the output can be truncated. My code
|
|
|
263 would not support that (does now just like the new OMAC code).
|
|
|
264 -- Removed "hashsize" from hmac_state as it wasn't being used.
|
|
|
265 -- Made demos/test.c stop if OMAC or HMAC tests fail (instead of just printing a failed message and keep going).
|
|
|
266 -- Updated notes/tech0003.txt to take into account the existence of Skipjack [also I fixed a few typos].
|
|
|
267 -- Slight changes to Noekeon, with SMALL_CODE undefined it uses a fully unrolled version. Dropped +10 cycles/byte
|
|
|
268 on my Athlon (35 cycles per byte or 410.4Mbit/sec at 1795Mhz)
|
|
|
269 -- Added _ARGCHK() calls to is_prime() for the two input pointers.
|
|
|
270
|
|
|
271 Sept 25th, 2003
|
|
|
272 v0.91 -- HMAC fix of 0.90 was incorrect for keys larger than the block size of the hash.
|
|
|
273 -- Added error CRYPT_FILE_NOTFOUND for the file [hmac/hash] routines.
|
|
|
274 -- Added RIPEMD hashes to the hashsum demo.
|
|
|
275 -- Added hashsum demo to MSVC makefile.
|
|
|
276 -- Added RMD160 to the x86_prof demo [oops]
|
|
|
277 -- Merged in LibTomMath-0.27 with a patch to mp_shrink() that will be in LibTomMath-0.28
|
|
|
278 Fixes another potential memory leak.
|
|
|
279
|
|
|
280 Sept 7th, 2003
|
|
|
281 v0.90 -- new ROL/ROR for x86 GCC
|
|
|
282 -- Jochen Katz submitted a patch to the makefile to prevent "make" from making the .a library
|
|
|
283 when not required.
|
|
|
284 == By default the KR code is not enabled [it's only a demo anyways!]
|
|
|
285 -- changed the "buf" in ecc_make_key from 4KB to 128 bytes [since the largest key is 65 bytes]
|
|
|
286 -- hmac_done() now requires you pass it the size of the destination buffer to prevent
|
|
|
287 buffer overflows. (API CHANGE)
|
|
|
288 -- hmac/hash filebased routines now return CRYPT_NOP if NO_FILE is defined.
|
|
|
289 -- I've removed the primes from dh.c and replaced them with DR safe primes suitable for the default
|
|
|
290 configuration of LibTomMath. Check out these comparisons on a 1.3Ghz Athlon XP, optimized for size,
|
|
|
291
|
|
|
292 768-bit, 4 vs. 10
|
|
|
293 1024-bit, 8 vs. 18
|
|
|
294 1280-bit, 12 vs. 34
|
|
|
295 1536-bit, 20 vs. 56
|
|
|
296 1792-bit 28 vs. 88
|
|
|
297 2048-bit, 40 vs. 124
|
|
|
298 2560-bit, 71 vs. 234
|
|
|
299 3072-bit, 113 vs. 386
|
|
|
300 4096-bit, 283 vs. 916
|
|
|
301
|
|
|
302 Times are all in milliseconds for key generation. New primes times on the left. This makes the code binary
|
|
|
303 incompatible with previous releases. However, this addition is long overdue as LibTomMath has supported DR
|
|
|
304 reductions for quite some time.
|
|
|
305 -- Added RIPE-MD 128 and 160 to the list of supported hashes [10 in total].
|
|
|
306 -- The project has been released as public domain. TDCAL no longer applies.
|
|
|
307
|
|
|
308 July 15th, 2003
|
|
|
309 v0.89 -- Fix a bug in bits.c which would prevent it from building with msvc
|
|
|
310 -- Merged in LibTomMath v0.24 [and I used the alloc/free macros this time!]
|
|
|
311 -- Removed the LTC version of next_prime() and replaced it with a call to the
|
|
|
312 mp_prime_next_prime() from LibTomMath
|
|
|
313 -- reverted bits.c to the 0.86 copy since the new one doesn't build in MSVC
|
|
|
314 or cygwin.
|
|
|
315
|
|
|
316 Jul 10th, 2003
|
|
|
317 v0.88 -- Sped up CAST5 key schedule for MSVC
|
|
|
318 -- added "ulong32" which allows people on 64-bit platforms to force the 32-bit tables in
|
|
|
319 ciphers like blowfish and AES to be 32-bits. E.g. when unsigned long is 64-bits.
|
|
|
320 -- Optimized the SAFER-SK64, SAFER-SK128, SAFER+, RC5 and RC6 key schedule [big time!]
|
|
|
321 -- Optimized SHA-1 and SHA-256 quite a bit too.
|
|
|
322 -- Fixed up the makefile to use -fomit-frame-pointer more liberally
|
|
|
323 -- Added tv_gen program which makes test vectors for ciphers/hashes
|
|
|
324 -- Merged in LibTomMath v0.22
|
|
|
325
|
|
|
326 Jun 19th, 2003
|
|
|
327 v0.87 -- Many MSVC optimizations to the code base
|
|
|
328 -- Improved the AES and Twofish key schedule [faster, more constant time]
|
|
|
329 -- Tons of optimizations here and there.
|
|
|
330
|
|
|
331 Jun 15th, 2003
|
|
|
332 v0.86 -- Fixed up AES to workaround MSVC optimizer bug
|
|
|
333 -- Merged in fresh LTM base [based on v0.20] so there are no warnings with MSVC
|
|
|
334 -- Wrote x86_prof which will time the hashes and ciphers downto cycles per byte.
|
|
|
335 -- Fixed up demos/encrypt to remove serpent_desc from the list
|
|
|
336 -- Re-enabled MSVC optimizations w00t w00t
|
|
|
337 -- Replaced "errno" with "err" in all functions that had it so it wouldn't clash
|
|
|
338 with the global "errno"
|
|
|
339 -- Removed a set of unused variables from certain functions
|
|
|
340 -- Removed {#line 0 "..."} stuff from mpi.c to comply with ISO C :-)
|
|
|
341
|
|
|
342 Jun 11th, 2003
|
|
|
343 v0.85 -- Swapped in a new AES routine
|
|
|
344 -- Removed Serpent
|
|
|
345 -- Added TDCAL policy document
|
|
|
346
|
|
|
347 Jun 1st, 2003
|
|
|
348 v0.84 -- Removed a 4KB buffer from rsa_decrypt_key that wasn't being used no more
|
|
|
349 -- Fixed another potential buffer problem. Not an overflow but could cause the
|
|
|
350 PK import routines to read past the end of the buffer.
|
|
|
351 -- Optimized the ECC mulmod more by removing a if condition that will always be false
|
|
|
352 -- Optimized prime.c to not include a 2nd prime table, removed code from is_prime calls prime
|
|
|
353 test from LibTomMath now
|
|
|
354 -- Added LTC_TEST define which when defined will enable the test vector routines [see mycrypt_custom.h]
|
|
|
355 -- Removed ampi.o from the depends cuz it ain't no not working in *nix with it [routines are in mpi.c now].
|
|
|
356
|
|
|
357
|
|
|
358 Mar 29th, 2003
|
|
|
359 v0.83 -- Optimized the ecc_mulmod, it's faster and takes less heap/stack space
|
|
|
360 -- Fixed a free memory error in ecc_mulmod and del_point which would try to free NULL
|
|
|
361 -- Fixed two serious bugs in rsa_decrypt_key and rsa_verify_hash that would allow a trivialy
|
|
|
362 buffer overflow.
|
|
|
363 -- Fixed a bug in the hmac testing code if you don't register all the hashes it won't return
|
|
|
364 errors now.
|
|
|
365
|
|
|
366 Mar 15th, 2003
|
|
|
367 v0.82 -- Manual updated
|
|
|
368 -- Added MSVC makefile [back, actually its written from scratch to work with NMAKE]
|
|
|
369 -- Change to HMAC helper functions API to avoid buffer overflow [source changes]
|
|
|
370 -- the rsa_encrypt_key was supposed to reject key sizes out of bounds ...
|
|
|
371 same fix to the rsa_sign_hash
|
|
|
372 -- Added code to ensure that that chaining mode code (cfb/ofb/ctr/cbc) have valid
|
|
|
373 structures when being called. E.g. the indexes to the pad/ivs are not out of bounds
|
|
|
374 -- Cleaned up the DES code and simplified the core desfunc routine.
|
|
|
375 -- Simplified one of the boolean functions in MD4
|
|
|
376
|
|
|
377 Jan 16th, 2003
|
|
|
378 v0.81 -- Merged in new makefile from Clay Culver and Mike Frysinger
|
|
|
379 -- Sped up the ECC mulmod() routine by making the word size adapt to the input. Saves a whopping 9 point
|
|
|
380 operations on 521-bit keys now (translates to about 8ms on my Athlon XP). I also now use barrett reduction
|
|
|
381 as much as possible. This sped the routine up quite a bit.
|
|
|
382 -- Fixed a huge flaw in ecc_verify_hash() where it would return CRYPT_OK on error... Now fixed.
|
|
|
383 -- Fixed up config.pl by fixing an invalid query and the file is saved in non-windows [e.g. not CR/LF] format
|
|
|
384 (fix due to Mika Bostr�m)
|
|
|
385 -- Merged in LibTomMath for kicks
|
|
|
386 -- Changed the build process so that by default "mycrypt_custom.h" is included and provided
|
|
|
387 The makefile doesn't include any build options anymore
|
|
|
388 -- Removed the PS2 and VC makefiles.
|
|
|
389
|
|
|
390 Dec 16th, 2002
|
|
|
391 v0.80 -- Found a change I made to the MPI that is questionable. Not quite a bug but definately not desired. Had todo
|
|
|
392 with the digit shifting. In v0.79 I simply truncated without zeroing. It didn't cause problems during my
|
|
|
393 testing but I fixed it up none the less.
|
|
|
394 -- Optimized s_mp_mul_dig() from MPI to do a minimal number of passes.
|
|
|
395 -- Fixed in rsa_exptmod() where I was getting the size of the result. Basically it accomplishes the same thing
|
|
|
396 but the fixed code is more readable.
|
|
|
397 -- Fixed slight bug in dh_sign_hash() where the random "k" value was 1 byte shorter than it should have been. I've
|
|
|
398 also made the #define FAST_PK speed up signatures as well. Essentially FAST_PK tells the DH sub-system to
|
|
|
399 limit any private exponent to 256-bits. Note that when FAST_PK is defined does not make the library
|
|
|
400 binary or source incompatible with a copy of the library with it undefined.
|
|
|
401 -- Removed the DSA code. If you want fast diffie-hellman just define FAST_PK :-)
|
|
|
402 -- Updated dh_sign_hash()/dh_verify_hash() to export "unsigned" bignums. Saves two bytes but is not binary
|
|
|
403 compatible with the previous release... sorry! I've performed the same fix to the ecc code as well.
|
|
|
404 -- Fixed up the PK code to remove all use of mp_toraw() and mp_read_raw() [get all the changes out of the way now]
|
|
|
405 -- Fixed a bug in the DH code where it missed trapping a few errors if they occurred.
|
|
|
406 -- Fixed a slight "its-not-a-bug-but-could-be-done-better" bug in the next_prime() function. Essentially it was
|
|
|
407 testing to ensure that in the loop that searches for the next candidate that the step never grows beyond
|
|
|
408 65000. Should have been testing for MP_DIGIT_MAX
|
|
|
409 -- Spruced up the config.pl script. It now makes a header file "mycrypt_custom.h" which can be included *before*
|
|
|
410 you include mycrypt.h. This allows you to add libtomcrypt to a project without completely changing your make
|
|
|
411 system around. Note that you should use the makefile it writes to at least build the library initially.
|
|
|
412 -- Used splint to check alot of the code out. Tons of minor fixes and explicit casts added.
|
|
|
413 -- Also made all the internal functions of MPI are now static to avoid poluting the namespace
|
|
|
414 -- **Notice**: There are no planned future releases for at least a month from the this release date.
|
|
|
415
|
|
|
416 Dec 14th, 2002
|
|
|
417 v0.79 -- Change to PK code [binary and source]. I made it so you have to pass the buffer size to the *_decrypt_key and
|
|
|
418 *_verify_hash functions. This prevents malformed packets from performing buffer overflows. I've also trimmed
|
|
|
419 the packet header size [by 4 bytes].
|
|
|
420 -- Made the test program halt on the first error it occurs. Also made it trap more errors than before.
|
|
|
421 -- Wrote the first chapter of my new book [DRAFT!], not in this package but check my website!
|
|
|
422 -- Included a perl script "config.pl" that will make "makefile.out" according to the users needs.
|
|
|
423 -- Added shell script to look for latest release
|
|
|
424 -- Merge DH and ECC key defines from mycrypt_cfg.h into the makefiles
|
|
|
425 -- updated the makefile to use BSD friendly archiving invokations
|
|
|
426 -- Changed the DH and ECC code to use base64 static key settings [e.g. the primes]. Dropped the code size by 3KB
|
|
|
427 and is ever-so-slightly faster than before.
|
|
|
428 -- added "mp_shrink" function to shrink the size of bignums. Specially useful for PK code :-)
|
|
|
429 -- Added new exptmod function that calculates a^b mod c with fewer multiplies then before [~20% for crypto
|
|
|
430 sized numbers]. Also added a "low mem" variant that doesn't use more than 20KB [upto 4096 bit nums] of
|
|
|
431 heap todo the calculation. Both are #define'able controlled
|
|
|
432 -- Added XREALLOC macro to provide realloc() functionality.
|
|
|
433 -- Added fix where in rsa_import() if you imported a public key or a non-optimized key it would free the mp_int's
|
|
|
434 not being used.
|
|
|
435 -- Fixed potential bug in the ECC code. Only would occur on platforms where char is not eight bits [which isn't
|
|
|
436 often!]
|
|
|
437 -- Fixed up the ECC point multiplication, its about 15% faster now
|
|
|
438 -- While I was at it [since the lib isn't binary backwards compatible anyways] I've fixed the PK export routines
|
|
|
439 so they export as "unsigned" types saving 1 byte per bignum outputted. Not a lot but heck why not.
|
|
|
440
|
|
|
441 Nov 28th, 2002
|
|
|
442 v0.78 -- Made the default ARGCHK macro a function call instead which reduced the code size from 264KB to 239KB.
|
|
|
443 -- Fixed a bug in the XTEA keysize function which called ARGCHK incorrectly.
|
|
|
444 -- Added Noekeon block cipher at 2,800 bytes of object code and 345Mbit/sec it is a welcome addition.
|
|
|
445 -- Made the KR code check if the other PK systems are included [provides error when building otherwise].
|
|
|
446 -- Made "aes" an alias for Rijndael via a pre-processor macro. Now you can use "aes_ecb_encrypt", etc... :-)
|
|
|
447 Thanks to Jean-Luc Cooke for the "buzzword conformance" suggestion.
|
|
|
448 -- Removed the old PK code entirely (e.g. rsa_sign, dh_encrypt). The *_sign_hash and *_encrypt_key functions
|
|
|
449 are all that is to remain.
|
|
|
450 -- **NOTE** Changed the PK *_import (including the keyring) routine to accept a "inlen" parameter. This fixes a
|
|
|
451 bug where improperly made key packets could result in reading passed the end of the buffer. This means
|
|
|
452 the code is no longer source compatible but still binary compatible.
|
|
|
453 -- Fixed a few other minor bugs in the PK import code while I was at it.
|
|
|
454
|
|
|
455 Nov 26th, 2002
|
|
|
456 v0.77 -- Updated the XTEA code to use pre-computed keys. With optimizations for speed it achieves 222Mbit/sec
|
|
|
457 compared to the 121Mbit/sec before. It is 288 bytes bigger than before.
|
|
|
458 -- Cleaned up some of the ciphers and hashes (coding style, cosmetic changes)
|
|
|
459 -- Optimized AES slightly for 256-bit keys [only one if statement now, still two for 192-bit keys]
|
|
|
460 -- Removed most test cases from Blowfish, left three of them there. Makes it smaller and faster to test.
|
|
|
461 -- Changed the primality routines around. I now use 8 rounds of Rabin-Miller, I use 256 primes in the sieve
|
|
|
462 step and the "rand_prime" function uses a modified sieve that avoids alot of un-needed bignum work.
|
|
|
463 -- Fixed a bug in the ECC/DH signatures where the keys "setting" value was not checked for validity. This means
|
|
|
464 that a invalid value could have caused segfaults, etc...
|
|
|
465 -- **NOTE** Changed the way the ECC/DH export/import functions work. They are source but not binary compatible
|
|
|
466 with v0.76. Essentially insteading of exporting the setting index like before I export the key size. Now
|
|
|
467 if you ever re-configure which key settings are supported the lib will still be able to make use of your
|
|
|
468 keys.
|
|
|
469 -- Optimized Blowfish by inlining the round function, unrolling it for four rounds then using a for loop for the
|
|
|
470 rest. It achieves a rate of 425Mbit/sec with the new code compared to 314Mbit/sec before. The new blowfish
|
|
|
471 object file is 7,813 bytes compared to 8,663 before and is 850 bytes smaller. So the code is both smaller and
|
|
|
472 faster!
|
|
|
473 -- Optimized Twofish as well by inlining the round function. Gets ~400Mbit/sec compared to 280Mbit/sec before
|
|
|
474 and the code is only 78 bytes larger than the previous copy.
|
|
|
475 -- Removed SMALL_PRIME_TAB build option. I use the smaller table always.
|
|
|
476 -- Fixed some mistakes concerning prime generation in the manual.
|
|
|
477 -- [Note: sizes/speeds are for GCC 3.2 on an x86 Athlon XP @ 1.53Ghz]
|
|
|
478
|
|
|
479 Nov 25th, 2002
|
|
|
480 v0.76 -- Updated makefiles a bit more, use "-Os" instead of "-O2" to optimize for size. Got the lib
|
|
|
481 downto 265KB using GCC 3.2 on my x86 box.
|
|
|
482 -- Updated the SAFER+, Twofish and Rijndael test vector routine to use the table driven design.
|
|
|
483 -- Updated all other test vector routines to return as soon as an error is found
|
|
|
484 -- fixed a bug in the test program where errors in the hash test routines would not be reported
|
|
|
485 correctly. I found this by temporarily changing one of the bytes of the test vectors. All the
|
|
|
486 hashes check out [the demos/test.c would still have reported an error, just the wrong one].
|
|
|
487
|
|
|
488
|
|
|
489 Nov 24th, 2002
|
|
|
490 v0.75 -- Fixed a flaw in hash_filehandle, it should ARGCHK that the filehandle is not NULL
|
|
|
491 -- Fixed a bug where in hash_file if the call to hash_filehandle failed the open file would
|
|
|
492 not be closed.
|
|
|
493 -- Added more strict rules to build process, starting to weed out "oh this works in GCC" style code
|
|
|
494 In the next release "-Wconversion" will be enabled which will deal with all implicit casts.
|
|
|
495
|
|
|
496 Nov 22nd, 2002 [later in the day]
|
|
|
497 v0.74 -- Wrote a small variant of SAFER+ which shaved 50KB off the size of the library on x86 platforms
|
|
|
498 -- Wrote a build option to remove the PK packet functions [keeps the encrypt_key/sign_hash functions]
|
|
|
499 -- Wrote a small variant of Rijndael (trimmed 13KB)
|
|
|
500 -- Trimmed the TIGER/192 hash function a bit
|
|
|
501 -- Overall the entire lib compiled is 295KB [down from 400KB before]
|
|
|
502 -- Fixed a few minor oversights in the MSVC makefile
|
|
|
503
|
|
|
504 Nov 22nd, 2002
|
|
|
505 v0.73 -- Fixed bug in RC4 code where it could only use 255 byte keys.
|
|
|
506 -- Fixed bug in yarrow code where it would allow cast5 or md2 to be used with it...
|
|
|
507 -- Removed the ecc compress/expand points from the global scope. Reduces namespace polution
|
|
|
508 -- Fixed bug where if you used the SPRNG you couldn't pass NULL as your prng_state which you should be
|
|
|
509 able todo since the SPRNG has no state...
|
|
|
510 -- Corrected some oversights in the manual and the examples...
|
|
|
511 -- By default the GF(2^W) math library is excluded from the build. The source is maintained because I wrote it
|
|
|
512 and like it :-). This way the built library is a tad smaller
|
|
|
513 -- the MSVC makefile will now build for a SPACE optimized library rather than TIME optimized.
|
|
|
514
|
|
|
515 Nov 21th, 2002
|
|
|
516 v0.72 -- Fixed bug in the prime testing. In the Miller-Rabin test I was raising the base to "N-1" not "r".
|
|
|
517 The math still worked out fine because in effect it was performing a Fermat test. Tested the new code and it
|
|
|
518 works properly
|
|
|
519 -- Fixed some of the code where it was still using the old error syntax
|
|
|
520 -- Sped up the RSA decrypt/sign routines
|
|
|
521 -- Optimized the ecc_shared_secret routine to not use so much stack
|
|
|
522 -- Fixed up the makefile to make releases where the version # is in the file name and directory it will unzip
|
|
|
523 to
|
|
|
524
|
|
|
525 Nov 19th, 2002
|
|
|
526 v0.71 -- HELP TOM. I need tuition for the January semester. Now I don't want to force donations [nor will I ever]
|
|
|
527 but I really need the help! See my website http://tom.iahu.ca/help_tom.html for more details. Please help
|
|
|
528 if you can!
|
|
|
529 --------------------------------------------------------------------------------------------------------------
|
|
|
530 -- Officially the library is no longer supported in GCC 3.2 in windows [cygwin].
|
|
|
531 In windows you can either use GCC 2.95.3 or try your luck with 3.2 It seems that
|
|
|
532 "-fomit-frame-pointer" is broken in the windows build [but not the linux x86 build???]
|
|
|
533 If you simply must use 3.2 then I suggest you limit the optimizations to simply "-O2"
|
|
|
534 -- Started new error handling API. Similar to the previous except there are more error codes than just
|
|
|
535 CRYPT_ERROR
|
|
|
536 -- Added my implementation of the MD2 hash function [despite the errors in the RFC I managed to get it right!]
|
|
|
537 -- Merged in more changes from Sky Schulz. I have to make mention here that he has been a tremendous help in
|
|
|
538 getting me motivated to make some much needed updates to the library!
|
|
|
539 -- Fixed one of the many mistakes in the manual as pointed out by Daniel Richards
|
|
|
540 -- Fixed a bug in the RC4 code [wasn't setting up the key correctly]
|
|
|
541 -- Added my implementation of the CAST5 [aka CAST-128] block cipher (conforms...)
|
|
|
542 -- Fixed numerous bugs in the PK code. Essentially I was "freeing" keys when the import failed. This is neither
|
|
|
543 required nor a good a idea [double free].
|
|
|
544 -- Tom needs a job.
|
|
|
545 -- Fixed up the test harness as requested by Sky Schulz. Also modifed the timing routines to run for X seconds
|
|
|
546 and count # of ops performed. This is more suitable than say encrypting 10 million blocks on a slow processor
|
|
|
547 where it could take minutes!
|
|
|
548 -- Modified test programs hashsum/encrypt to use the new algorithms and error handling syntax
|
|
|
549 -- Removed the PKCS code since it was incomplete. In the future I plan on writing a "add-on" library that
|
|
|
550 provides PKCS support...
|
|
|
551 -- updated the config system so the #defines are in the makefiles instead of mycrypt_cfg.h
|
|
|
552 -- Willing to work on an hourly basis for 15$ CDN per hour.
|
|
|
553 -- updated the test program to not test ciphers not included
|
|
|
554 -- updated the makefile to make "rsa_sys.c" a dependency of rsa.o [helps develop the code...]
|
|
|
555 -- fixed numerous failures to detect buffer overflows [minor] in the PK code.
|
|
|
556 -- fixed the safer [64-bit block version] test routines which didn't check the returns of the setup
|
|
|
557 function
|
|
|
558 -- check out my CV at http://tom.iahu.ca/cv.html
|
|
|
559 -- removed the GBA makefile and code from demos/test.c [not a particularly useful demo...]
|
|
|
560 -- merged in rudimentary [for testing] PS2 RNG from Sky Schulz
|
|
|
561 -- merged in PS2 timer code [only shell included due to NDA reasons...]
|
|
|
562 -- updated HMAC code to return errors where possible
|
|
|
563 -- Thanks go to Sky Schulz who bought me a RegCode for TextPad [the official editor of libtomcrypt]
|
|
|
564
|
|
|
565 Nov 12th, 2002
|
|
|
566 v0.70 -- Updated so you can swap out the default malloc/calloc/free routines at build time with others. (Sky Schulz)
|
|
|
567 -- Sky Schulz contributed some code towards autodetecting the PS2 in mycrypt_cfg.h
|
|
|
568 -- Added PS2 makefile contributed by Sky Schulz [see a pattern forming?]
|
|
|
569 -- Added ability to have no FILE I/O functions at all (see makefile), Sky Schulz....
|
|
|
570 -- Added support for substituting out the clock() function (Sky Schulz)
|
|
|
571 -- Fixed up makefile to include new headers in the HEADERS variable
|
|
|
572 -- Removed "coin.c" as its not really useful anyways
|
|
|
573 -- Removed many "debug" printfs that would show up on failures. Basically I wanted to ensure the only output
|
|
|
574 would be from the developer themselves.
|
|
|
575 -- Added "rc4.c" a RC4 implementation with a PRNG interface. Since RC4 isn't a block cipher it wouldn't work
|
|
|
576 too well as a block cipher.
|
|
|
577 -- Fixed ARGCHK macro usage when ARGTYPE=1 throughout the code
|
|
|
578 -- updated makefile to make subdirectory properly (Sku Schulz)
|
|
|
579 -- Started towards new API setup. Instead of checking for "== CRYPT_ERROR" you should check "!= CRYPT_OK"
|
|
|
580 In future releases functions will return things other than CRYPT_ERROR on error to give more useful
|
|
|
581 thread safe error reporting. The manual will be updated to reflect this. For this release all
|
|
|
582 errors are returned as CRYPT_ERROR (except as noted) but in future releases this will change.
|
|
|
583 -- Removed the zlib branch since its not really required anyways. Makes the package smaller
|
|
|
584
|
|
|
585 Nov 11th, 2002
|
|
|
586 v0.69 -- Added ARGCHK (see mycrypt_argchk.h) "arguement checking" to all functions that accept pointers
|
|
|
587 -- Note I forgot to change the CRYPT version tag in v0.68... fixed now.
|
|
|
588
|
|
|
589 Nov 8th, 2002
|
|
|
590 v0.68 -- Fixed flaw in kr_import/kr_export that wasted 4 bytes. Source but not binary compatible with v0.67
|
|
|
591 -- Fixed bug in kr_find_name that used memcmp to match strings. Uses strncmp now.
|
|
|
592 -- kr_clear now sets the pointer to NULL to facilate debugging [e.g. using the keyring after clearing]
|
|
|
593 -- static functions in _write/_read in keyring.c now check the return of ctr_encrypt/ctr_decrypt.
|
|
|
594 -- Updated blowfish/rc2/rc5/rc6 keysize() function to not reject keys larger than the biggest key the
|
|
|
595 respective ciphers can use.
|
|
|
596 -- Fixed a bug in hashsum demo that would report the hash for files that don't exist!
|
|
|
597
|
|
|
598 Oct 16th, 2002
|
|
|
599 v0.67 -- Moved the function prototypes into files mycrypt_*.h. To "install" the lib just copy all the
|
|
|
600 header files "*.h" from the base of this project into your global include path.
|
|
|
601 -- Made the OFB/CFB/CTR functions use "unsigned long" for the length instead of "int"
|
|
|
602 -- Added keyring support for the PK functions
|
|
|
603 -- ***API CHANGE*** changed the ecc_make_key and dh_make_key to act more like rsa_make_key. Basically
|
|
|
604 move the first argument to the next to last.
|
|
|
605 -- Fixed bug in dh_test() that wouldn't test the primality of the order of the sub-group
|
|
|
606 -- replaced the primes in the DH code with new ones that are larger than the size they are
|
|
|
607 associated with. That is a 1024-bit DH key will have a 1025-bit prime as the modulus
|
|
|
608 -- cleaned up all the PK code, changed a bit of the API around [not source compatible with v0.66]
|
|
|
609 -- major editing of the manual, started Docer program
|
|
|
610 -- added 160 and 224 bit key settings for ECC. This makes the DH and ECC binary wise incompatible with v0.66
|
|
|
611 -- Added an additional check for memory errors in is_prime() and cleaned up prime.c a bit
|
|
|
612 -- Removed ID_TAG from all files [meh, not a big fan...]
|
|
|
613 -- Removed unused variable from yarrow state and made AES/SHA256 the default cipher/hash combo
|
|
|
614 -- Fixed a bug in the Yarrow code that called prng_is_valid instead of cipher_is_valid from yarrow_start()
|
|
|
615 -- The ECB/CBC/OFB/CFB/CTR wrappers now check that the cipher is valid in the encrypt/decrypt calls
|
|
|
616 Returns int now instead of void.
|
|
|
617
|
|
|
618 Sept 24th, 2002
|
|
|
619 v0.66 -- Updated the /demos/test.c program to time the hashes correctly. Also it uses the yarrow PRNG for all of the
|
|
|
620 tests meaning its possible to run on RNG less platforms
|
|
|
621 -- Updated the /demos/hashsum.c program to hash from the standard input
|
|
|
622 -- Updated the RSA code to make keys a bit quicker [update by Wayne Scott] by not making both primes at the same
|
|
|
623 time.
|
|
|
624 -- Dan Kaminsky suggested some cleanups for the code and the MPI config
|
|
|
625 Code ships in unix LF format by default now too... will still build in MSVC and all... but if you want
|
|
|
626 to read the stuff you'll have to convert it
|
|
|
627 -- Changes to the manual to reflect new API [e.g. hash_memory/file have v0.65 prototypes]and some typos fixed
|
|
|
628
|
|
|
629 Sept 20th, 2002
|
|
|
630 v0.65 -- Wayne Scott ([email protected]) made a few of suggestions to improve the library. Most
|
|
|
631 importantly he pointed out the math lib is not really required. He's also tested the lib on 18
|
|
|
632 different platforms. According to him with only a few troubles [lack of /dev/random, etc] the
|
|
|
633 library worked as it was supposed to. You can find the list at
|
|
|
634 http://www.bitkeeper.com/Products.BitKeeper.Platforms.html
|
|
|
635 -- Updated the hash_file and hash_memory functions to keep track of the size of the output
|
|
|
636 -- Wayne Scott updated the demos/test.c file to use the SPRNG less and Yarrow more
|
|
|
637 -- Modified the mycrypt_cfg.h to autodetect x86-32 machines
|
|
|
638
|
|
|
639 Sept 19th, 2002
|
|
|
640 v0.64 -- wrote makefile for the GBA device [and hacked the demos/test.c file to support it conditionally]
|
|
|
641 -- Fixed error in PK (e.g. ECC, RSA, DH) import functions where I was clobbering the packet error messages
|
|
|
642 -- fixed more typos in the manual
|
|
|
643 -- removed all unused variables from the core library (ignore the ID_TAG stuff)
|
|
|
644 -- added "const char *crypt_build_settings" string which is a build time constant that gives a listing
|
|
|
645 of all the build time options. Useful for debugging since you can send that to me and I will know what
|
|
|
646 exactly you had set for the mycrypt_cfg.h file.
|
|
|
647 -- Added control over endianess. Out of the box it defaults to endianess neutral but you can trivially
|
|
|
648 configure the library for your platform. Using this I boosted RC5 from 660Mbit/sec to 785Mbit/sec on my
|
|
|
649 Athlon box. See "mycrypt_cfg.h" for more information.
|
|
|
650
|
|
|
651 Sept 11th, 2002
|
|
|
652 v0.63 -- Made hashsum demo output like the original md5sum program
|
|
|
653 -- Made additions to the examples in the manual (fixed them up a bunch)
|
|
|
654 -- Merged in the base64 code from Wayne Scott ([email protected])
|
|
|
655
|
|
|
656 Aug 29th, 2002
|
|
|
657 v0.62 -- Added the CLEAN_STACK functionality to several of the hashes I forgot to update.
|
|
|
658
|
|
|
659 Aug 9th, 2002
|
|
|
660 v0.61 -- Fixed a bug in the DES code [oops I read something wrong].
|
|
|
661
|
|
|
662 Aug 8th, 2002
|
|
|
663 v0.60 -- Merged in DES code [and wrote 3DES-EDE code based on it] from Dobes V.
|
|
|
664
|
|
|
665 Aug 7th, 2002
|
|
|
666 v0.59 -- Fixed a "unsigned long long" bug that caused v0.58 not to build in MSVC.
|
|
|
667 -- Cleaned up a little in the makefile
|
|
|
668 -- added code that times the hash functions too in the test program
|
|
|
669
|
|
|
670 Aug 3rd, 2002
|
|
|
671 v0.58 -- Added more stack cleaning conditionals throughout the code.
|
|
|
672 -- corrected some CLEAR_STACK conditionals... should have been CLEAN_STACK
|
|
|
673 -- Simplified the RSA, DH and ECC encrypt() routines where they use CTR to encode the message
|
|
|
674 now they only make one call to ctr_encrypt()/ctr_decrypt().
|
|
|
675
|
|
|
676 Aug 2nd, 2002
|
|
|
677 v0.57 -- Fixed a few errors messages in the SAFER code to actually report the correct cipher name.
|
|
|
678 -- rsa_encrypt() uses the "keysize()" method of the cipher being used to more accurately pick a
|
|
|
679 key size. By default rsa_encrypt() will choose to use a 256-bit key but the cipher can turn that
|
|
|
680 down if required.
|
|
|
681 -- The rsa_exptmod() function will now more reliably detect invalid inputs (e.g. greater than the modulus).
|
|
|
682 -- The padding method for RSA is more clearly documented. Namely if you want to encrypt/sign something of length
|
|
|
683 N then your modulus must be of length 1+3N. So to sign a message with say SHA-384 [48 bytes] you need a
|
|
|
684 145 byte (1160 bits) modulus. This is all in the manual now.
|
|
|
685 -- Added build option CLEAN_STACK which will allow you to choose whether you want to clean the stack or not after every
|
|
|
686 cipher/hash call
|
|
|
687 -- Sped up the hash "process()" functions by not copying one byte at a time.
|
|
|
688 ++ (added just after I uploaded...)
|
|
|
689 MD4 process() now handles input buffers > 64 bytes
|
|
|
690
|
|
|
691 Aug 1st, 2002
|
|
|
692 v0.56 -- Cleaned up the comments in the Blowfish code.
|
|
|
693 -- Oh yeah, in v0.55 I made all of the descriptor elements constant. I just forgot to mention it.
|
|
|
694 -- fixed a couple of places where descriptor indexes were tested wrong. Not a huge bug but now its harder
|
|
|
695 to mess up.
|
|
|
696 -- Added the SAFER [64-bit block] ciphers K64, SK64, K128 and SK128 to the library.
|
|
|
697 -- Added the RC2 block cipher to the library.
|
|
|
698 -- Changed the SAFER define for the SAFER+ cipher to SAFERP so that the new SAFER [64-bit] ciphers
|
|
|
699 can use them with less confusion.
|
|
|
700
|
|
|
701 July 29th, 2002
|
|
|
702 v0.55 -- My god stupid Blowfish has yet again been fixed. I swear I hate that cipher. Next bug in it and boom its out of the
|
|
|
703 library. Use AES or something else cuz I really hate Blowfish at this stage....
|
|
|
704 -- Partial PKCS support [hint DONT USE IT YET CUZ ITS UNTESTED!]
|
|
|
705
|
|
|
706 July 19th, 2002
|
|
|
707 v0.54 -- Blowfish now conforms to known test vectors. Silly bad coding tom!
|
|
|
708 -- RC5/RC6/Serpent all have more test vectors now [and they seemed to have been working before]
|
|
|
709
|
|
|
710 July 18th, 2002
|
|
|
711 v0.53 -- Added more test vectors to the blowfish code just for kicks [and they are const now too :-)]
|
|
|
712 -- added prng/hash/cipher is_valid functions and used them in all of the PK code so you can't enter the code
|
|
|
713 with an invalid index ever now.
|
|
|
714 -- Simplified the Yarrow code once again :-)
|
|
|
715
|
|
|
716 July 12th, 2002
|
|
|
717 v0.52 -- Fixed a bug in MD4 where the hash descriptor ID was the same as SHA-512. Now MD4 will work with
|
|
|
718 all the routines...
|
|
|
719 -- Fixed the comments in SHA-512 to be a bit more meaningful
|
|
|
720 -- In md4 I made the PADDING array const [again to store it in ROM]
|
|
|
721 -- in hash_file I switched the constant "512" to "sizeof(buf)" to be a bit safer
|
|
|
722 -- in SHA-1's test routine I fixed the string literal to say SHA-1 not sha1
|
|
|
723 -- Fixed a logical error in the CTR code which would make it skip the first IV value. This means
|
|
|
724 the CTR code from v0.52 will be incompatible [binary wise] with previous releases but it makes more
|
|
|
725 sense this way.
|
|
|
726 -- Added {} braces for as many if/for/blocks of code I could find. My rule is that every for/if/while/do block
|
|
|
727 must have {} braces around it.
|
|
|
728 -- made the rounds table in saferp_setup const [again for the ROM think about the ROM!]
|
|
|
729 -- fixed RC5 since it no longer requires rc5 to be registered in the lib. It used to since the descriptors used to
|
|
|
730 be part of the table...
|
|
|
731 -- the packet.c code now makes crypt_error literal string errors when an error occurs
|
|
|
732 -- cleaned up the SAFER+ key schedule to be a bit easier to read.
|
|
|
733 -- fixed a huge bug in Twofish with the TWOFISH_SMALL define. Because I clean the stack now I had
|
|
|
734 changed the "g_func()" to be called indirectly. I forgot to actually return the return of the Twofish
|
|
|
735 g_func() function which caused it not to work... [does now :-)]
|
|
|
736
|
|
|
737 July 11th, 2002
|
|
|
738 v0.51 -- Fixed a bug in SHA512/384 code for multi-block messages.
|
|
|
739 -- Added more test vectors to the SHA384/512 and TIGER hash functions
|
|
|
740 -- cleaned up the hash done routines to make more sense
|
|
|
741
|
|
|
742 July 10th, 2002
|
|
|
743 v0.50 -- Fixed yarrow.c so that the cipher/hash used would be registered. Also fixed
|
|
|
744 a bug where the SAFER+ name was "safer" but should have been "safer+".
|
|
|
745 -- Added an element to the hash descriptors that gives the size of a block [sent into the compressor]
|
|
|
746 -- Cleaned up the support for HMAC's
|
|
|
747 -- Cleaned up the test vector routines to make the test vector data const. This means on some platforms it will be
|
|
|
748 placed in ROM not RAM now.
|
|
|
749 -- Added MD4 code submited by Dobes Vandermeer ([email protected])
|
|
|
750 -- Added "burn_stack" function [idea taken from another source of crypto code]. The idea is if a function has
|
|
|
751 alot of variables it will clean up better. Functions like the ecb serpent and twofish code will now have their
|
|
|
752 stacks cleaned and the rest of the code is getting much more straightforward.
|
|
|
753 -- Added a hashing demo by Daniel Richards ([email protected])
|
|
|
754 -- I (Tom) modified some of the test vector routines to use more vectors ala Dobes style.
|
|
|
755 For example, the MD5/SHA1 code now uses all of the test vectors from the RFC/FIPS spec.
|
|
|
756 -- Fixed the register/unregister functions to properly report errors in crypt_error
|
|
|
757 -- Correctly updated yarrow code to remove a few unused variables.
|
|
|
758 -- Updated manual to fix a few erroneous examples.
|
|
|
759 -- Added section on Hash based Message Authentication Codes (HMAC) to the manual
|
|
|
760
|
|
|
761 June 19th, 2002
|
|
|
762 v0.46 -- Added in HMAC code from Dobes Vandermeer ([email protected])
|
|
|
763
|
|
|
764 June 8th, 2002
|
|
|
765 v0.45 -- Fixed bug in rc5.c where if you called rc5_setup() before registering RC5 it would cause
|
|
|
766 undefined behaviour.
|
|
|
767 -- Fixed mycrypt_cfg.h to eliminate the 224 bit ECC key.
|
|
|
768 -- made the "default" makefile target have depends on mycrypt.h and mycrypt_cfg.h
|
|
|
769
|
|
|
770 Apr 4th, 2002
|
|
|
771 v0.44 -- Fixed bug in ecc.c::new_point() where if the initial malloc fails it would not catch it.
|
|
|
772
|
|
|
773 Mar 22nd, 2002
|
|
|
774 v0.43 -- Changed the ZLIB code over to the 1.1.4 code base to avoid the "double free" bug.
|
|
|
775 -- Updated the GCC makefile not to use -O3 or -funroll-loops
|
|
|
776 -- Version tag in mycrypt.h has been updated :-)
|
|
|
777
|
|
|
778 Mar 10th, 2002
|
|
|
779 v0.42 -- The RNG code can now use /dev/urandom before trying /dev/random (J. Klapste)
|
|
|
780
|
|
|
781 Mar 3rd, 2002
|
|
|
782 v0.41 -- Added support to link and use ciphers at compile time. This can greatly reduce the code size!
|
|
|
783 -- Added a demo to show off how small an application can get... 46kb!
|
|
|
784 -- Disastry pointed out that Blowfish is supposed to be high endian.
|
|
|
785 -- Made registry code for the PRNGs as well [now the smallest useable link is 43kb]
|
|
|
786
|
|
|
787 Feb 11th, 2002
|
|
|
788 v0.40 -- RSA signatures use [and check for] fixed padding scheme.
|
|
|
789 -- I'm developing in Linux now :-)
|
|
|
790 -- No more warnings from GCC 2.96
|
|
|
791
|
|
|
792 Feb 5th, 2002
|
|
|
793 v0.39 -- Updated the XTEA code to work in accordance with the XTEA design
|
|
|
794
|
|
|
795 January 24th, 2002
|
|
|
796 v0.38 -- CFB and OFB modes can now handle blocks of variable size like the CTR code
|
|
|
797 -- Wrote a wrapper around the memory compress functions in Zlib that act like the functions
|
|
|
798 in the rest of my crypto lib
|
|
|
799
|
|
|
800 January 23rd, 2002
|
|
|
801 v0.37 -- Added support code so that if a hash size and key size for a cipher don't match up they will
|
|
|
802 use the next lower key supported. (mainly for the PK code). So you can now use SHA-1 with
|
|
|
803 Twofish, etc...
|
|
|
804 -- Added more options for Twofish. You can now tell it to use precomputed sboxes and MDS multiplications
|
|
|
805 This will speed up the TWOFISH_SMALL implementation by increasing the code size by 1024 bytes.
|
|
|
806 -- Fixed a bug in prime.c that would not use the correct table if you undefined SMALL_PRIME_TAB
|
|
|
807 -- Fixed all of the PK packet code to use the same header format [see packet.c]. This makes the PK code
|
|
|
808 binary wise incompatible with previous releases while the API has not changed at all.
|
|
|
809
|
|
|
810 January 22nd, 2002
|
|
|
811 v0.36 -- Corrections to the manual
|
|
|
812 -- Made a modification to Twofish which lets you build a "small ram" variant. It requires
|
|
|
813 about 190 bytes of ram for the key storage compared to the 4,200 bytes the normal
|
|
|
814 variant requires.
|
|
|
815 -- Reduced the stack space used in all of the PK routines.
|
|
|
816
|
|
|
817 January 19th, 2002
|
|
|
818 v0.35 -- If you removed the first hash or cipher from the library it wouldn't return an error if
|
|
|
819 you used an ID=0 [i.e blowfish or sha256] in any routine. Now it checks for that and will
|
|
|
820 return an error like it should
|
|
|
821 -- Merged in new routines from Clay Culver. These routines are for the PK code so you can easily
|
|
|
822 encode a symmetric key for multiple recipients.
|
|
|
823 -- Made the ecc and DH make_key() routines make secret keys of the same size as the keysize listed.
|
|
|
824 Originally I wanted to ensure that the keys were smaller than the order of the field used
|
|
|
825 However, the bias is so insignifcant using full sizes. For example, with a ECC-192 key the order
|
|
|
826 is about 2^191.99, so instead I rounded down and used a 184-bit secret key. Now I simply use a full 192-bit
|
|
|
827 key the code will work just the same except that some 192-bit keys will be duplicates which is not a big
|
|
|
828 deal since 1/2^192 is a very small bias!
|
|
|
829 -- Made the configuration a bit simpler and more exacting. You can for example now select which DH or ECC
|
|
|
830 key settings you wish to support without including the data for all other key settings. I put the #defines
|
|
|
831 in a new file called "mycrypt_cfg.h"
|
|
|
832 -- Configured "mpi-config.h" so its a bit more conservative with the memory required and code space used
|
|
|
833 -- Jason Klapste submitted bug fixes to the yarrow, hash and various other issues. The yarrow code will now
|
|
|
834 use what ever remaining hash/cipher combo is left [after you #undef them] at build time. He also suggested
|
|
|
835 a fix to remove unused structures from the symmetric_key and hash_state unions.
|
|
|
836 -- Made the CTR code handle variable length blocks better. It will buffer the encryption pad so you can
|
|
|
837 encrypt messages any size block at a time.
|
|
|
838 -- Simplified the yarrow code to take advantage of the new CTR code.
|
|
|
839 -- Added a 4096-bit DH key setting. That took me about 36 hours to find!
|
|
|
840 -- Changed the base64 routines to use a real base64 encoding scheme.
|
|
|
841 -- Added in DH and ECC "encrypt_key()" functions. They are still rather "beta"ish.
|
|
|
842 -- Added **Twofish** to the list of ciphers!
|
|
|
843
|
|
|
844 January 18th, 2002
|
|
|
845 v0.34 -- Added "sha512" to the list of hashes. Produces a 512-bit message digest. Note that with the current
|
|
|
846 padding with the rsa_sign() function you cannot use sha512 with a key less than 1536 bits for signatures.
|
|
|
847 -- Cleaned up the other hash functions to use the LOAD and STORE macros...
|
|
|
848
|
|
|
849 January 17th, 2002
|
|
|
850 v0.33 -- Made the lower limit on keysizes for RSA 1024 bits again because I realized that 768 bit keys wouldn't
|
|
|
851 work with the padding scheme and large symmetric keys.
|
|
|
852 -- Added information concerning the Zlib license to the manual
|
|
|
853 -- Added a 3072-bit key setting for the DH code.
|
|
|
854 -- Made the "find_xyz()" routines take "const char *" as per Clay Culver's suggestion.
|
|
|
855 -- Fixed an embarassing typo in the manual concerning the hashes. Thank's Clay for finding it!
|
|
|
856 -- Fixed rand_prime() so that it makes primes bigger than the setting you give. For example,
|
|
|
857 if you want a 1024-bit prime it would make a 1023-bit one. Now it ensures that the prime
|
|
|
858 it makes is always greater than 2^(8n) (n == bytes in prime). This doesn't have a huge
|
|
|
859 impact on security but I corrected it just the same.
|
|
|
860 -- Fixed the CTR routine to work on platforms where char != 8-bits
|
|
|
861 -- Fixed sha1/sha256/md5/blowfish to not assume "unsigned long == 32-bits", Basically any operation with carries
|
|
|
862 I "AND" with 0xFFFFFFFF. That forces only the lower 32-bits to have information in it. On x86 platforms
|
|
|
863 most compilers optimize out the AND operation since its a nop.
|
|
|
864
|
|
|
865 January 16th, 2002
|
|
|
866 v0.32 -- Made Rijndael's setup function fully static so it is thread safe
|
|
|
867 -- Svante Seleborg suggested a cosmetic style fixup for aes.c,
|
|
|
868 basically to remove some of the #defines to clean it up
|
|
|
869 -- Made the PK routines not export the ASCII version of the names of ciphers/hashes which makes
|
|
|
870 the PK message formats *incompatible* with previous releases.
|
|
|
871 -- Merge in Zlib :-)
|
|
|
872
|
|
|
873
|
|
|
874 January 15th, 2002
|
|
|
875 v0.31 -- The RSA routines can now use CRT to speed up decryption/signatures. The routines are backwards
|
|
|
876 compatible with previous releases.
|
|
|
877 -- Fixed another bug that Svante Seleborg found. Basically you could buffer-overrun the
|
|
|
878 rsa_exptmod() function itself if you're not careful. That's fixed now. Fixed another bug in
|
|
|
879 rsa_exptmod() where if it knows the buffer you passed is too small it wouldn't free all used
|
|
|
880 memory.
|
|
|
881 -- improved the readability of the PK import/export functions
|
|
|
882 -- Added a fix to RSA.C by Clay Culver
|
|
|
883 -- Changed the CONST64 macro for MSVC to use the "unsigned __int64" type, e.g. "ui64" instead of "i64".
|
|
|
884
|
|
|
885 January 14th, 2002
|
|
|
886 v0.30 -- Major change to the Yarrow PRNG code, fixed a bug that Eugene Starokoltsev found.
|
|
|
887 Basically if you added entropy to the pool in small increments it could in fact
|
|
|
888 cancel out. Now I hash the pool with the new data which is way smarter.
|
|
|
889
|
|
|
890 January 12th, 2002
|
|
|
891 v0.29 -- Added MPI code written by Svante Seleborg to the library. This will make the PK code much
|
|
|
892 easier to follow and debug. Actually I've already fixed a memory leak in dh_shared_secret().
|
|
|
893 -- Memory leaks found and correct in all three PK routines. The leaks would occur when a bignum
|
|
|
894 operation fails so it wouldn't normally turn up in the course of a program
|
|
|
895 -- Fixed bugs in dh_key_size and ecc_key_size which would return garbage for invalid key idx'es
|
|
|
896
|
|
|
897 January 11th, 2002
|
|
|
898 v0.28 -- Cleaned up some code so that it doesn't assume "char == 8bits". Mainly SAFER+ has been
|
|
|
899 changed.
|
|
|
900 -- ***HUGE*** changes in the PK code. I check all return values in the bignum code so if there
|
|
|
901 are errors [insufficient memory, etc..] it will be reported. This makes the code fairly more
|
|
|
902 robust and likely to catch any errors.
|
|
|
903 -- Updated the is_prime() function to use a new prototype [it can return errors now] and it also
|
|
|
904 does trial divisions against more primes before the Rabin Miller steps
|
|
|
905 -- Added OFB, CFB and ECB generic wrappers for the symmetric ciphers to round out the implementations.
|
|
|
906 -- Added Xtea to the list of ciphers, to the best of my ability I have verified this implementation.
|
|
|
907 I should note that there is not alot of concrete information about the cipher. "Ansi C" versions
|
|
|
908 I found did not address endianess and were not even portable!. This code is portable and to the
|
|
|
909 best of my knowledge implements the Xtea algorithm as per the [short] X-Tea paper.
|
|
|
910 -- Reformated the manual to include the **FULL** source code optimized to be pritable.
|
|
|
911
|
|
|
912 January 9th, 2002
|
|
|
913 v0.27 -- Changed the char constants to numerical values. It is backwards compatible and should work on
|
|
|
914 platforms where 'd' != 100 [for example].
|
|
|
915 -- Made a change to rand_prime() which takes the input length as a signed type so you can pass
|
|
|
916 a negative len to get a "3 mod 4" style prime... oops
|
|
|
917 -- changed the MSVC makefile to build with a warning level of three, no warnings!
|
|
|
918
|
|
|
919 January 8th, 2002
|
|
|
920 v0.26 -- updated SHA-256 to use ROR() for a rotate so 64-bit machines won't corrupt
|
|
|
921 the output
|
|
|
922 -- Changed #include <> to #include "" for local .h files as per Richard Heathfields' suggestions.
|
|
|
923 -- Fixed bug in MPI [well bug in MSVC] that compiled code incorrectly in mp_set_int()
|
|
|
924 I added a work around that catches the error and continues normally.
|
|
|
925
|
|
|
926 January 8th, 2002
|
|
|
927 v0.25 -- Added a stupid define so MSVC 6.00 can build the library.
|
|
|
928 -- Big thanks to sci.crypt and "Ajay K. Agrawal" for helping me port this to MSVC
|
|
|
929
|
|
|
930 January 7th, 2002
|
|
|
931 v0.24 -- Sped up Blowfish by unrolling and removing the swaps.
|
|
|
932 -- Made the code comply with more traditional ANSI C standards
|
|
|
933 Should compile with MSVC with less errors
|
|
|
934 -- moved the demos and documentation into their own directories
|
|
|
935 so you can easily build the library with other tool chains
|
|
|
936 by compiling the files in the root
|
|
|
937 -- converted functions with length of outputs to use
|
|
|
938 "unsigned long" so 16-bit platforms will like this library more.
|
|
|
939
|
|
|
940 January 5th, 2002
|
|
|
941 v0.23 -- Fixed a small error in the MPI config it should build fine anywhere.
|
|
|
942
|
|
|
943 January 4th, 2002
|
|
|
944 v0.22 -- faster gf_mul() code
|
|
|
945 -- gf_shl() and gf_shr() are safe on 64-bit platforms now
|
|
|
946 -- Fixed an error in the hashes that Brian Gladman found.
|
|
|
947 Basically if the message has exactly 56 bytes left to be
|
|
|
948 compressed I handled them incorrectly.
|
|
|
949
|
|
|
950 January 4th, 2002
|
|
|
951 v0.21 -- sped up the ECC code by removing redundant divisions in the
|
|
|
952 point add and double routines. I also extract the bits more
|
|
|
953 efficiently in "ecc_mulmod()" now.
|
|
|
954 -- sped up [and documented] the rand_prime() function. Now it just
|
|
|
955 makes a random integer and increments by two until a prime is found
|
|
|
956 This is faster since it doesn't require alot of calls to the PRNG and
|
|
|
957 it doesn't require loading huge integers over and over. rand_prime()
|
|
|
958 can also make primes congruent to 3 mod 4 [i.e for a blum integer]
|
|
|
959 -- added a gf_sqrt() function that finds square roots in a GF(2^w) field
|
|
|
960 -- fixed a bug in gf_div() that would return the wrong results if the divisor had a greator
|
|
|
961 divisor than the dividend.
|
|
|
962
|
|
|
963 January 4th, 2002
|
|
|
964 v0.20 -- Added the fixed MPI back in so RSA and DH are much faster again
|
|
|
965
|
|
|
966 v0.19 -- Updated the manual to reflect the fact that Brian Gladman wrote the AES and Serpent code.
|
|
|
967 -- DH, ECC and RSA signature/decryption functions check if the key is private
|
|
|
968 -- new DH signature/verification code works just like the RSA/ECC versions
|
|
|
969
|
|
|
970 January 3rd, 2002
|
|
|
971 v0.18 -- Added way more comments to each .C file
|
|
|
972 -- fixed a bug in cbc_decrypt(pt, ct, key) where pt == ct [i.e same buffer]
|
|
|
973 -- fixed RC5 so it reads the default rounds out of the cipher_descriptor table
|
|
|
974 -- cleaned up ecc_export()
|
|
|
975 -- Cleaned up dh_import() and ecc_import() which also perform more
|
|
|
976 error checking now
|
|
|
977 -- Fixed a serious flaw in rsa_import() with private keys.
|
|
|
978
|
|
|
979 January 2nd, 2002
|
|
|
980 v0.17 -- Fixed a bug in the random prime generator that fixes the wrong bits to one
|
|
|
981 -- ECC and DH code verify that the moduli and orders are in fact prime. That
|
|
|
982 slows down the test routines alot but what are you gonna do?
|
|
|
983 -- Fixed a huge bug in the mp_exptmod() function which incorrectly calculates g^x mod p for some
|
|
|
984 values of p. I replaced it with a slow function. Once the author of MPI fixes his faster routine
|
|
|
985 I will switch back.
|
|
|
986
|
|
|
987 January 1st, 2002 [whoa new year!]
|
|
|
988 v0.16 -- Improved GF division code that is faster.
|
|
|
989 -- documented the GF code
|
|
|
990
|
|
|
991 December 31st, 2001
|
|
|
992 v0.15 -- A 1792-bit and 2048-bit DH setting was added. Took me all night to
|
|
|
993 find a 1792 and 2048-bit strong prime but what the heck
|
|
|
994 -- Library now has polynomial-basis GF(2^w) routines I wrote myself. Can be used to perform
|
|
|
995 ECC over GF(2^w) later on....
|
|
|
996 -- Fixed a bug with the defines that allows it to build in windows
|
|
|
997
|
|
|
998 December 30th, 2001
|
|
|
999 v0.14 -- Fixed the xxx_encrypt() packet routines to make an IV of appropriate size
|
|
|
1000 for the cipher used. It was defaulting to making a 256-bit IV...
|
|
|
1001 -- base64_encode() now appends a NULL byte, um "duh" stupid mistake now fixed...
|
|
|
1002 -- spell checked the manual again... :-)
|
|
|
1003
|
|
|
1004 December 30th, 2001
|
|
|
1005 v0.13 -- Switching back to older copy of MPI since it works! arrg..
|
|
|
1006 -- Added sign/verify functions for ECC
|
|
|
1007 -- all signature verification routines default to invalid signatures.
|
|
|
1008 -- Changed all calls to memset to zeromem. Fixed up some buffer problems
|
|
|
1009 in other routines. All calls to zeromem let the compiler determine the size
|
|
|
1010 of the data to wipe.
|
|
|
1011
|
|
|
1012 December 29th, 2001
|
|
|
1013 v0.12 -- Imported a new version of MPI [the bignum library] that should
|
|
|
1014 be a bit more stable [if you want to write your own bignum
|
|
|
1015 routines with the library that is...]
|
|
|
1016 -- Manual has way more info
|
|
|
1017 -- hash_file() clears stack now [like it should]
|
|
|
1018 -- The artificial cap on the hash input size of 2^32 bits has been
|
|
|
1019 removed. Basically I was too lazy todo 64-bit math before
|
|
|
1020 [don't ask why... I can't remember]. Anyways the hashes
|
|
|
1021 support the size of 2^64 bits [if you ever use that many bits in a message
|
|
|
1022 that's just wierd...]
|
|
|
1023 -- The hashes now wipe the "hash_state" after the digest is computed. This helps
|
|
|
1024 prevent the internal state of the hash being leaked accidently [i.e stack problems]
|
|
|
1025
|
|
|
1026 December 29th, 2001
|
|
|
1027 v0.11 -- Made #define's so you can trim the library down by removing
|
|
|
1028 ciphers, hashs, modes of operation, prngs, and even PK algorithms
|
|
|
1029 For example, the library with rijndael+ctr+sha1+ECC is 91KB compared
|
|
|
1030 to the 246kb the full library takes.
|
|
|
1031 -- Added ECC packet routines for encrypt/decrypt/sign/verify much akin to
|
|
|
1032 the RSA packet routines.
|
|
|
1033 -- ECC now compresses the public key, a ECC-192 public key takes 33 bytes
|
|
|
1034 for example....
|
|
|
1035
|
|
|
1036 December 28th, 2001
|
|
|
1037 v0.10 -- going to restart the manual from scratch to make it more
|
|
|
1038 clear and professional
|
|
|
1039 -- Added ECC over Z/pZ. Basically provides as much as DH
|
|
|
1040 except its faster since the numbers are smaller. For example,
|
|
|
1041 A comparable 256-bit ECC key provides as much security as expected
|
|
|
1042 from a DH key over 1024-bits.
|
|
|
1043 -- Cleaned up the DH code to not export the symbol "sets[]"
|
|
|
1044 -- Fixed a bug in the DH code that would not make the correct size
|
|
|
1045 random string if you made the key short. For instance if you wanted
|
|
|
1046 a 512-bit DH key it would make a 768-bit one but only make up 512-bits
|
|
|
1047 for the exponent... now it makes the full 768 bits [or whatever the case
|
|
|
1048 is]
|
|
|
1049 -- Fixed another ***SERIOUS*** bug in the DH code that would default to 768-bit
|
|
|
1050 keys by mistake.
|
|
|
1051
|
|
|
1052 December 25th, 2001
|
|
|
1053 v0.09 -- Includes a demo program called file_crypt which shows off
|
|
|
1054 how to use the library to make a command line tool which
|
|
|
1055 allows the user to encode/decode a file with any
|
|
|
1056 hash (on the passphrase) and cipher in CTR mode.
|
|
|
1057 -- Switched everything to use typedef's now to clear up the code.
|
|
|
1058 -- Added AES (128/192 and 256 bit key modes)
|
|
|
1059
|
|
|
1060 December 24th, 2001
|
|
|
1061 v0.08 -- fixed a typo in the manual. MPI stores its bignums in
|
|
|
1062 BIG endian not little.
|
|
|
1063 -- Started adding a RNG to the library. Right now it tries
|
|
|
1064 to open /dev/random and if that fails it uses either the
|
|
|
1065 MS CSP or the clock drift RNG. It also allows callbacks
|
|
|
1066 since the drift RNG is slow (about 3.5 bytes/sec)
|
|
|
1067 -- the RNG can also automatically setup a PRNG as well now
|
|
|
1068
|
|
|
1069 v0.07 -- Added basic DH routines sufficient to
|
|
|
1070 negotiate shared secrets
|
|
|
1071 [see the manual for a complete example!]
|
|
|
1072 -- Fixed rsa_import to detect when the input
|
|
|
1073 could be corrupt.
|
|
|
1074 -- added more to the manual.
|
|
|
1075
|
|
|
1076 December 22nd, 2001
|
|
|
1077 v0.06 -- Fixed some formatting errors in
|
|
|
1078 the hash functions [just source code cleaning]
|
|
|
1079 -- Fixed a typo in the error message for sha256 :-)
|
|
|
1080 -- Fixed an error in base64_encode() that
|
|
|
1081 would fail to catch all buffer overruns
|
|
|
1082 -- Test program times the RSA and symmetric cipher
|
|
|
1083 routines for kicks...
|
|
|
1084 -- Added the "const" modifier to alot of routines to
|
|
|
1085 clear up the purpose of each function.
|
|
|
1086 -- Changed the name of the library to "TomCrypt"
|
|
|
1087 following a suggestion from a sci.crypt reader....
|
|
|
1088
|
|
|
1089 v0.05 -- Fixed the ROL/ROR macro to be safe on platforms
|
|
|
1090 where unsigned long is not 32-bits
|
|
|
1091 -- I have added a bit more to the documentation
|
|
|
1092 manual "crypt.pdf" provided.
|
|
|
1093 -- I have added a makefile for LCC-Win32. It should be
|
|
|
1094 easy to port to other LCC platforms by changing a few lines.
|
|
|
1095 -- Ran a spell checker over the manual.
|
|
|
1096 -- Changed the header and library from "crypt" to "mycrypt" to not
|
|
|
1097 clash with the *nix package "crypt".
|
|
|
1098
|
|
|
1099 v0.04 -- Fixed a bug in the RC5,RC6,Blowfish key schedules
|
|
|
1100 where if the key was not a multiple of 4 bytes it would
|
|
|
1101 not get loaded correctly.
|
|
|
1102
|
|
|
1103 December 21st, 2001
|
|
|
1104
|
|
|
1105 v0.03 -- Added Serpent to the list of ciphers.
|
|
|
1106
|
|
|
1107 v0.02 -- Changed RC5 to only allow 12 to 24 rounds
|
|
|
1108 -- Added more to the manual.
|
|
|
1109
|
|
|
1110 v0.01 -- We will call this the first version.
|
