Mercurial > dropbear
comparison libtomcrypt/changes @ 435:337c45621e81
merge of 'a9b0496634cdd25647b65e585cc3240f3fa699ee'
and 'c22be8b8f570b48e9662dac32c7b3e7148a42206'
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 22 Feb 2007 14:53:49 +0000 |
parents | 0cbe8f6dbf9e |
children | f849a5ca2efc |
comparison
equal
deleted
inserted
replaced
434:0aaaf68e97dc | 435:337c45621e81 |
---|---|
1 December 16th, 2006 | |
2 v1.16 -- Brian Gladman pointed out that a recent change to GCM broke how the IV was handled. Currently the code complies against his test vectors | |
3 so the code should be considered frozen now. | |
4 -- Trevor from Cryptography Research Inc. submitted patches to convert the ECC code to be generic allowing curve parameters to be submitted | |
5 at runtime. | |
6 -- Fixed various doxygen comments | |
7 -- Added UTF8 support to the ASN1 code | |
8 -- Fixed STOREXXH macros for x86 platforms (Fix found at Elliptic Inc.) | |
9 -- Added makefile.unix which is BSD compatible, you have to manually tweak it since well I don't use it normally | |
10 -- removed a few lingering memcpy's | |
11 -- Fixed memory free errors in ecc_sign_hash() that can arise if the mp_init_multi() fails | |
12 -- Fixed incorrect return value in pkcs_1_pss_decode() which would correctly set res to 0 (indicating an incorrect signature) but | |
13 would return CRYPT_OK to the caller | |
14 -- ltc_ecc_mulmod() could leak memory if mp_init(&mu) failed, fixed. Would you believe that ltc_ecc_mulmod_timing() had the same | |
15 bug? Also fixed. :-) | |
16 -- Added Shamir's trick to the ECC side (defined as LTC_ECC_SHAMIR, enabled by default), gets ~1.34x to ~1.40x faster ECC verifications | |
17 -- Added Brian's vector #46 to the GCM code. It catches the ctr counter error from v1.15. Originally I was going to add all of his vectors, | |
18 but they're not as easy to parse and I got a lot of other things to do. Regression! | |
19 -- Various other small fixes to the ECC code to clean up error handling (I think most of that was from the move in 1.06 to the plugins) | |
20 All of the errors were in cleaning up from heap failures. So they were not likely to be triggered in normal usage | |
21 Made similar fixes to the RSA and DSA code (my bad) | |
22 -- Cryptography Research Inc. contributed a bunch of fixes to silence warnings (with MSVC) w.r.t. assigned data to unsigned char types. | |
23 -- Martin Marko suggested some fixes to make the RNG build with WinCE. | |
24 -- Updates to the manual for print (some fixes thanks to Martin Marko) | |
25 | |
26 | |
27 November 17th, 2006 | |
28 v1.15 -- Andreas Lange found that if sha256_init DID fail in fortuna it wouldn't clean up the state correctly. Thanks. | |
29 Fortunately sha256_init cannot fail (as of v1.14) :-) | |
30 -- Andreas Lange contributed RMD-256 and RMD-320 code. | |
31 -- Removed mutex locks from fortuna_import as they create a deadlock and aren't required anyways [Avi Zelmanovich] | |
32 -- Added LTC_NO_PROTOTYPES to avoid prototyping functions like memset/memcpy. Required for fans of GCC 3.3.x | |
33 -- David Eder caught a off by one overrun bug in pmac_done() which can be exploited if your output tag buffer is | |
34 smaller than the block size of the cipher, e.g. if you have a 4-byte buffer and you tell pmac_done that you want | |
35 a 4-byte TAG it will store 4 bytes but return an outlen of 5. | |
36 -- Added signatures to the ECC and RSA benchmarks | |
37 -- Added LTC_PROFILE to run the PK tests only once in the timing demo (so you can capture events properly) | |
38 -- Andreas contributed PKCS #1 v1.5 code that merged cleanly with the existing PKCS code. w00t. | |
39 (update: I had to fix it to include the digestInfo and what not. Bad Andreas, bad! hehehe) | |
40 -- Fixed a signed variable error in gcm_process() (hard to trigger bug fortunately) | |
41 -- Removed all memcmp/memset/memcpy from the source (replaced with X macros) | |
42 -- Renamed macros HMAC/OMAC/PMAC to have a LTC_ prefix. If you pass these on the command line please update your makefiles | |
43 -- Added XCBC-MAC support [RFC 3566] | |
44 -- fixed LOAD32H and LOAD64H to stop putting out that darn warning :-) | |
45 -- Added the Korean SEED block cipher [RFC 4269] | |
46 -- Added LTC_VALGRIND define which makes SOBER-128 and RC4 a pure PRNG (and not a stream cipher). Useful if you use | |
47 Valgrind to debug your code (reported by Andreas Lange) | |
48 -- Made SOBER-128 more portable by removing the ASCII key in the test function (my bad, sorry). | |
49 -- Martin Mocko pointed out that if you have no PRNGs defined the lib won't build. Fixed, also fixed for if you have no | |
50 hashes defined. | |
51 -- Sped up F8 mode with LTC_FAST | |
52 -- Made CTR mode RFC 3686 compliant (increment counter first), to enable, OR the value LTC_CTR_RFC3686 to the "mode" | |
53 parameter you pass to ctr_start(), otherwise it will be LTC compliant (e.g. encrypt then increment) | |
54 -- Added ctr_test() to test CTR mode against RFC 3686 | |
55 -- Added crypt_fsa() ... O_o | |
56 -- Fixed LTC_ECC_TIMING_RESISTANT so it once again builds properly (pt add/dbl are through the plugin now) | |
57 -- Added ANSI X9.63 (sec 4.3.6) import/export of public keys (cannot export to compressed formats but will import | |
58 hybrid compressed) | |
59 -- Added SECP curves for 112, 128, and 160 bits (only the 'r1' curves) | |
60 -- Added 3GPP-F9 MAC (thanks to Greg Rose for the test vectors) | |
61 -- Added the KASUMI block cipher | |
62 -- Added F9/XCBC/OMAC callbacks to the cipher plugin | |
63 -- Added RSA PKCS #1 v1.5 signature/encrypt tests to rsa_test.c | |
64 -- Fix to yarrow_test() to not call yarrow_done() which is invalid in that context (thanks Valgrind) | |
65 -- Christophe Devine pointed out that Anubis would fail on various 64-bit UNIX boxes when "x>>24" was used as an index, we needed | |
66 to mask it with 0xFF. Thanks. Fixed. | |
67 | |
68 August 0x1E, 0x07D6 | |
69 v1.14 -- Renamed the chaining mode macros from XXX to LTC_XXX_MODE. Should help avoid polluting the macro name space. | |
70 -- clean up of SHA-256 | |
71 -- Chris Colman pointed out that der_decode_sequence_* allows LTC_ASN1_SETOF to accept SEQUENCEs and vice versa. | |
72 Decoder [non-flexi decoder that is] is more strict now and requires a match. | |
73 -- Steffen Jaeckel pointed out a typo in the user manual (re: rsa_exptmod). Fixed. This disproves the notion that | |
74 nobody reads it. :-) | |
75 -- Made GCM a bit more portable w.r.t. handling the CTR IV (e.g. & with 255) | |
76 -- Add LTC_VERBOSE if you really want to see what test is doing :-) | |
77 -- Added SSE2 support to GCM [use GCM_TABLES_SSE2 to enable], shaves 2 cycles per byte on Opteron processors | |
78 Shaved 4 cycles on a Prescott (Intel P4) | |
79 Requires you align your gcm_state on a 16 byte boundary, see gcm_memory() for more info | |
80 -- Added missing prototype for f8_test_mode() | |
81 -- two fixes to CCM for corner cases [L+noncelen > 15] and fixing the CTR pad to encrypt the CBC-MAC tag | |
82 -- Franz Glasner pointed out the ARGTYPE=4 is not actually valid. Fixed. | |
83 -- Fixed bug in f8_start() if your key < saltkey unspecified behaviour occurs. :-( | |
84 -- Documented F8 mode. Yeah, because you read the manual. | |
85 -- Minor updates to the technotes. | |
86 | |
87 | |
88 June 17th, 2006 | |
89 v1.13 -- Fixed to fortuna_start() to clean up state if an error occurs. Not really useful at this stage (sha256 can't fail) but useful | |
90 if I ever make fortuna pluggable | |
91 -- Mike Marin submitted a whole bunch of patches for fixing up the libs on traditional UNIX platforms. Go AIX! Thanks! | |
92 -- One of bugs found in the multi demo highlights that at least with gcc you need to pass integers with a UL prefix to ensure | |
93 they're unsigned long | |
94 -- Updated the FP ECC code to use affine points. It's teh fast. | |
95 -- Made it so many functions which return CRYPT_BUFFER_OVERFLOW now also indicate the required buffer size, note that not all functions | |
96 do this (most do though). | |
97 -- Added F8 chaining mode. It's super neato. | |
98 | |
99 May 29th, 2006 | |
100 v1.12 -- Fixed OID encoder/decoder/length to properly handle the first two parts of an OID, matches 2002 X.690 now. | |
101 -- [Wesley Shields] Allows both GMP/LTM and TFM to be defined now. | |
102 -- [Wesley Shields] GMP pluggin is cleaner now and doesn't use deprecated symbols. Yipee | |
103 -- Added count_lsb_bits to get the number of leading LSB zero bits there are. | |
104 -- Fixed a bug in the INTEGER encoders for values of -(256**k)/2 | |
105 -- Added BOOLEAN type to ASN.1 thingy-ma-do-hicky | |
106 -- Testprof doesn't strictly require GMP ... oops [Nils Durner] | |
107 -- Added LTC_CALL and LTC_EXPORT macros in tomcrypt_cfg.h to support various calling and linker conventions | |
108 (Thanks to John Kirk from Demonware) | |
109 -- In what has to be the best thing since sliced bread I bring you MECC_FP which is the fixed point | |
110 ECC point multiplier. It's fast, it's sexy and what's more it's hella fast [did I mention it's fast?] | |
111 You can tune it somewhat with FP_LUT (default to 8) for look-up width. | |
112 Read section 8.2 of the manual for more info. | |
113 It is disabled by default, you'll have to build LTC with it defined to get it. | |
114 -- Fixed bug in ecc_test.c (from testprof) to include the 521 [not 512] bit curve. :-) | |
115 | |
116 April 4th, 2006 | |
117 v1.11 -- Removed printf's from lrw_test ... whoops | |
118 -- lrw_process now checks the return of the cipher ecb encrypt/decrypt calls | |
119 -- lrw_start was not using num_rounds ... | |
120 -- Adam Miller reported a bug in the flexi decoder with elements past the end of a sequence. Fixed. | |
121 -- Bruce Guenter suggested I use --tag=CC for libtool builds where the compiler may think it's C++. (I applied this to LTM and TFM) | |
122 -- Optimized the ECC for TFM a bit by removing the useless "if" statements (most TFM functions don't return error codes) | |
123 Actually shaved a good chunk of time off and made the code smaller. By default with TFM the stock LTC point add/dbl functions | |
124 will be totally omitted (ECC-256 make key times on a Prescott for old vs. new are 11.03M vs. 9.59M cycles) | |
125 -- added missing CVS tags to ltc_ecc_mulmod.c | |
126 -- corrected typo in tomcrypt_cfg.h about what the file has been called | |
127 -- corrected my address in the user manual. A "bit" out of date. | |
128 -- added lrw_gen to tv_gen | |
129 -- added GMP plugin, only tested on a AMD64 and x86_32 Gentoo Linux box so be aware | |
130 -- made testme.sh runs diff case insensitivityly [whatever...] cuz GMP outputs lowercase satan text | |
131 -- added LDFLAGS to the makefile to allow cross porting linking options | |
132 -- added lrw_test() to the header file ... whoops | |
133 -- changed libtomcrypt.org to libtomcrypt.com .... mumble mumble | |
134 -- Updates to detect __STRICT_ANSI__ which is defined in --std=c99 modes (note -ansi is not supported as it lacks long long) so you can | |
135 build LTC out of the box with c99 (note: it'll be slower as there is no asm in this case) | |
136 -- Updated pelican.c and aes_tab.c to undef tables not-required. The tables are static so both AES and Pelican MAC would have copies. Save a few KB in the final binary. | |
137 -- Added LTC_NO_FAST to the makefile.icc to compensate for the fact ICC v9 can't handle it (Pelican MAC fails for instance) | |
138 | |
139 February 11th, 2006 | |
140 v1.10 -- Free ecb/cbc/ctr/lrw structures in timing code by calling the "done" function | |
141 -- fixed bug in lrw_process() which would always use the slow update ... | |
142 -- vastly sped up gcm_gf_mult() when LTC_FAST is defined. This speeds up LRW and GCM state creation, useful for servers with GCM | |
143 -- Removed NLS since there are some attacks against it. | |
144 -- fixed memory leak in rsa_import reported by John Kuhns | |
145 ++ re-released as the rsa fix was incorrect (bad John bad ... hehehe) and I missed some NULLs in the static descriptor entry for ciphers | |
146 | |
147 January 26th, 2006 | |
148 v1.09 -- Added missing doxygen comments to some of the ASN.1 routines | |
149 -- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos. Reduces build times for typical | |
150 configurations. Tunable [see tomcrypt_custom.h] | |
151 -- Added some error detection to reg_algs() of the testprof.a library to detect when the PRNG is not setup correctly (took me 10 mins to figure out, PITA!) | |
152 -- Similar fixes to timing demo (MD5 not defined when EASY is defined) | |
153 -- Added the NLS enc+mac stream cipher from QUALCOMM, disabled for this release, waiting on test vectors | |
154 -- Finally added an auto-update script for the makefiles. So when I add new files/dirs it can automatically fix up the makefiles [all four of them...] | |
155 -- Added LRW to the list of cipher modes supported | |
156 -- cleaned up ciphers definitions to remove cbc/cfb/ofb/ctr/etc from the namespace when not used. | |
157 | |
158 November 24th, 2005 | |
159 v1.08 -- Added SET and SET OF support to the ASN.1 side | |
160 -- Fixed up X macros, added QSORT to the mix [thanks SET/SETOF] | |
161 -- Added XMEMCMP to the list of X macros | |
162 -- In der_decode_sequence() the SHORT_INTEGER type was not being handled correctly [oddly enough it worked just enough to make RSA work ... go figure!] | |
163 -- Fixed bug in math descriptors where if you hadn't defined MECC (ECC support) you would get linker errors | |
164 -- Added RSA accelerators to the math descriptors to make it possible to not include the stock routines if you supply your own. | |
165 -- dsa_decrypt_key() was erroneously dependent on MECC not MDSA ... whoops | |
166 -- Moved DSA size limits to tomcrypt_pk.h so they're defined with LTC_NO_PK+MDSA | |
167 -- cleaned up tomcrypt_custom.h to make customizable PK easier (and also cleaned up the error traps so they're correctly reported) | |
168 | |
169 November 18th, 2005 | |
170 v1.07 -- Craig Schlenter pointed out the "encrypt" demo doesn't call ctr_start() correctly. That's because as of a few releases ago | |
171 I added support to set the mode of the counter at init time | |
172 -- Fixed some "testprof" make issues | |
173 -- Added RSA keygen to the math descriptors | |
174 -- Fixed install_test target ... oops | |
175 -- made the "ranlib" program renamable useful for cross-compiling | |
176 -- Made the cipher accelerators return error codes. :-) | |
177 -- Made CCM accept a pre-scheduled key to speed it up if you use the same key for multiple packets | |
178 -- Added "Katja" public key crypto. It's based on the recent N = p^2q work by Katja. I added OAEP padding | |
179 to it. Note this code has been disabled not because it doesn't work but because it hasn't been thoroughly | |
180 analyzed. It does carry some advantages over RSA (slightly smaller public key, faster decrypt) but also | |
181 some annoying "setup" issues like the primes are smaller which makes ECM factoring more plausible. | |
182 -- Made makefile accept a NODOCS flag to disable the requirement of tetex to install LTC for you no tetex people... all 3 of ya :-) | |
183 -- Cleaned up rsa_export() since "zero" was handled with a SHORT_INTEGER | |
184 -- Cleaned up the LIBTEST_S definitions in both GNU makefiles. A few minor touchups as well. | |
185 -- Made the cipher ecb encrypt/decrypt return an int as well, changed ALL dependent code to check for this. | |
186 -- der_decode_choice() would fail to mark a NULL as "used" when decoding. Fixed | |
187 -- ecc_decrypt_key() now uses find_hash_oid() to clean up the code ;-) | |
188 -- Added mp_neg() to the math descriptors. | |
189 -- Swapped arguments for the pkcs_1_mgf1() function so the hash_idx is the first param (to be more consistent) | |
190 -- Made the math descriptors buildable when RSA has been undefined | |
191 -- ECC timing demo now capable of detecting which curves have been defined | |
192 -- Refactored the ECC code so it's easier to maintain. (note: the form of this code hasn't really changed since I first added ECC ... :-/) | |
193 -- Updated the documentation w.r.t. ECC and the accelerators to keep it current | |
194 -- Fixed bug in ltc_init_multi() which would fail to free all allocated memory on error. | |
195 -- Fixed bug in ecc_decrypt_key() which could possibly lead to overflows (if MAXBLOCKSIZE > ECC_BUF_SIZE and you have a hash that emits MAXBLOCKSIZE bytes) | |
196 -- Added encrypt/decrypt to the DSA side (basically DH with DSA parameters) | |
197 -- Updated makefiles to remove references to the old DH object files and the ecc_sys.o crap ... clean code ahead! | |
198 -- ecc_import() now checks if the point it reads in lies on the curve (to prevent degenerative points from being used) | |
199 -- ECC code now ALWAYS uses the accelerator interface. This allows people who use the accelerators to not have the stock | |
200 ECC point add/dbl/mul code linked in. Yeah space savings! Rah Rah Rah. | |
201 -- Added LTC_MUTEX_* support to Yarrow and Fortuna allowing you to use respective prng_state as a global PRNG state [e.g. thread-safe] if you define one of the LTC_* defines at | |
202 build time (e.g. LTC_PTHREAD == pthreads) | |
203 -- Added PPC32 support to the rotate macros (tested on an IBM PPC 405) and LTC_FAST macros (it aint fast but it's faster than stock) | |
204 -- Added ltc_mp checks in all *_make_key() and *_import() which will help catch newbs who don't register their bignum first :-) | |
205 -- the UTCTIME type was missing from der_length_sequence() [oops, oh like you've never done that] | |
206 -- the main makefile allows you to rename the make command [e.g. MAKE=gmake gmake install] so you can build LTC on platforms where the default make command sucks [e.g. BSD] | |
207 -- Added DER flexi decoder which allows the decoding of arbitrary DER encoded packets without knowing | |
208 their structure in advance (thanks to MSVC for finding 3 bugs in it just prior to release! ... don't ask) | |
209 | |
210 August 1st, 2005 | |
211 v1.06 -- Fixed rand_prime() to accept negative inputs as a signal for BBS primes. [Fredrik Olsson] | |
212 -- Added fourth ARGCHK type which outputs to stderr and continues. Useful if you trap sigsegv. [Valient Gough] | |
213 -- Removed the DH code from the tree | |
214 -- Made the ECC code fully public (you can access ecc_mulmod directly now) useful for debuging | |
215 -- Added ecc test to tv_gen | |
216 -- Added hmac callback to hash descriptors. | |
217 -- Fixed two doxy comment errors in the UTCTIME functions | |
218 -- rsa_import() can now read OpenSSL format DER public keys as well as the PKCS #1 RSAPublicKey format. | |
219 Note that rsa_export() **ONLY** writes PKCS #1 formats | |
220 -- Changed MIN/MAX to only define if not already present. -- Kirk J from Demonware ... | |
221 -- Ported tv_gen to new framework (and yes, I made ecc vectors BEFORE changing the API and YES they match now :-)) | |
222 -- ported testing scripts to support pluggable math. yipee! | |
223 -- Wrote a TFM descriptor ... yipee | |
224 -- Cleaned up LTC_FAST in CBC mode a bit | |
225 -- Merged in patches from Michael Brown for the sparc/sparc64 targets | |
226 -- Added find_hash_oid() to search for a hash by its OID | |
227 -- Cleaned up a few stray CLEAN_STACKs that should have been LTC_CLEAN_STACK | |
228 -- Added timing resistant ECC, enable by defining LTC_ECC_TIMING_RESISTANT then use ECC API as normal | |
229 -- Updated the ECC documentation as it was a bit out of date | |
230 | |
1 June 27th, 2005 | 231 June 27th, 2005 |
2 v1.05 | 232 v1.05 |
3 -- Added Technote #6 which covers the current PK compliance. | 233 -- Added Technote #6 which covers the current PK compliance. |
4 -- Fixed buffer overflow in OAEP decoder | 234 -- Fixed buffer overflow in OAEP decoder |
5 -- Added CHOICE to the list of ASN.1 types | 235 -- Added CHOICE to the list of ASN.1 types |
211 | 441 |
212 October 29th, 2004 | 442 October 29th, 2004 |
213 v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes | 443 v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes |
214 -- Deprecated LTMSSE and removed it (to be replaced with TFM later on) | 444 -- Deprecated LTMSSE and removed it (to be replaced with TFM later on) |
215 -- Stefan Arentz pointed out that mp_s_rmap should be extern | 445 -- Stefan Arentz pointed out that mp_s_rmap should be extern |
216 -- Kristian Gj�steen pointed out that there are typos in the | 446 -- Kristian Gj?steen pointed out that there are typos in the |
217 "test" makefile and minor issues in Yarrow and Sober [just cosmetics really] | 447 "test" makefile and minor issues in Yarrow and Sober [just cosmetics really] |
218 -- Matthew P. Cashdollar pointed out that "export" is a C++ keyword | 448 -- Matthew P. Cashdollar pointed out that "export" is a C++ keyword |
219 so changed the PRNG api to use "pexport" and "pimport" | 449 so changed the PRNG api to use "pexport" and "pimport" |
220 -- Updated "hashsum" demo so it builds ;-) | 450 -- Updated "hashsum" demo so it builds ;-) |
221 -- Added automatic support for x86-64 (will configure for 64-bit little endian automagically) | 451 -- Added automatic support for x86-64 (will configure for 64-bit little endian automagically) |
590 -- Sped up the ECC mulmod() routine by making the word size adapt to the input. Saves a whopping 9 point | 820 -- Sped up the ECC mulmod() routine by making the word size adapt to the input. Saves a whopping 9 point |
591 operations on 521-bit keys now (translates to about 8ms on my Athlon XP). I also now use barrett reduction | 821 operations on 521-bit keys now (translates to about 8ms on my Athlon XP). I also now use barrett reduction |
592 as much as possible. This sped the routine up quite a bit. | 822 as much as possible. This sped the routine up quite a bit. |
593 -- Fixed a huge flaw in ecc_verify_hash() where it would return CRYPT_OK on error... Now fixed. | 823 -- Fixed a huge flaw in ecc_verify_hash() where it would return CRYPT_OK on error... Now fixed. |
594 -- Fixed up config.pl by fixing an invalid query and the file is saved in non-windows [e.g. not CR/LF] format | 824 -- Fixed up config.pl by fixing an invalid query and the file is saved in non-windows [e.g. not CR/LF] format |
595 (fix due to Mika Bostr�m) | 825 (fix due to Mika Bostr?m) |
596 -- Merged in LibTomMath for kicks | 826 -- Merged in LibTomMath for kicks |
597 -- Changed the build process so that by default "mycrypt_custom.h" is included and provided | 827 -- Changed the build process so that by default "mycrypt_custom.h" is included and provided |
598 The makefile doesn't include any build options anymore | 828 The makefile doesn't include any build options anymore |
599 -- Removed the PS2 and VC makefiles. | 829 -- Removed the PS2 and VC makefiles. |
600 | 830 |
1319 -- Added more to the manual. | 1549 -- Added more to the manual. |
1320 | 1550 |
1321 v0.01 -- We will call this the first version. | 1551 v0.01 -- We will call this the first version. |
1322 | 1552 |
1323 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */ | 1553 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */ |
1324 /* $Revision: 1.106 $ */ | 1554 /* $Revision: 1.274 $ */ |
1325 /* $Date: 2005/06/27 12:37:06 $ */ | 1555 /* $Date: 2006/12/16 19:08:17 $ */ |
1326 | 1556 |