comparison changes @ 0:d7da3b1e1540 libtomcrypt

put back the 0.95 makefile which was inadvertently merged over
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:21:40 +0000
parents
children 6362d3854bb4
comparison
equal deleted inserted replaced
-1:000000000000 0:d7da3b1e1540
1 May 12th, 2004
2 v0.95 -- Optimized AES and WHIRLPOOL for SMALL_CODE by taking advantage of the fact
3 the transforms are circulant. AES dropped 5KB and WHIRLPOOL dropped 13KB
4 using the default build options on the x86.
5 -- Updated eax so the eax_done() would clear the state [like hmac,pmac,ocb] when
6 CLEAN_STACK has been defined.
7 -- added LTC_TEST support to rmd160
8 -- updates to mycrypt_pk.h
9 -- updated rand_prime() to faciliate making RSA composites
10 -- DSA/RSA now makes composites of the exact size desired.
11 -- Refactored quite a bit of the code, fewer functions per C file
12 -- cleaned up the makefiles to organize the objects logically
13 -- added ICC makefile along with "profiled" targets for both GNU and ICC compilers
14 -- Marked functions for removal before v1.00 see PLAN for more information
15 -- GCC 3.4.0 tested and seems to work
16 -- Added PKCS #5 support
17 -- Fixed typo in comment header of .C files ;-)
18 -- Added PKCS #1 OAEP and PSS support.
19
20 Feb 20th, 2004
21 v0.94 -- removed unused variables from ocb.c and fixed it to match known test vectors.
22 -- Added PMAC support, minor changes to OMAC/EAX code [I think....]
23 -- Teamed up with Brian Gladman. His code verifies against my vectors and my code
24 verifies against his test vectors. Hazaa for co-operation!
25 -- Various small changes (added missing ARGCHKs and cleaned up indentation)
26 -- Optimization to base64, removed unused variable "c"
27 -- Added base64 gen to demos/tv_gen.c
28 -- Fix to demos/x86_prof.c to correctly identify the i386 architecture... weird...
29 -- Fixed up all of the PK code by adding missing error checking, removed "res" variables,
30 shrunk some stack variables, removed non-required stack variables and added proper
31 error conversion from MPI to LTC codes. I also spotted a few "off by one" error
32 checking which could have been used to force the code to read past the end of
33 the buffer (in theory, haven't checked if it would work) by a few bytes.
34 -- Added checks to OUTPUT_BIGNUM so the *_export() functions cannot overflow the output and I
35 also modded it so it stores in the output provided to the function (that is not on
36 the local stack) which saves memory and time.
37 -- Made SAFER default to disabled for now (plans are to cleanhouse write an implementation later)
38 -- Added the 512-bit one-way hash WHIRLPOOL which clocks in at 138 cycles per byte on my
39 Athlon XP [for comparison, SHA-512 clocks in at 77 cycles per byte]. This code uses the
40 teams new sbox design (not the original NESSIE one).
41
42
43 Jan 25th, 2004
44 v0.93 -- [note: deleted v0.93 changes by accident... recreating from memory...]
45 -- Fix to RC2 to not deference pointer before ARGCHK
46 -- Fix to NOEKEON to match published test vectors as well as cleaned up the code a bit
47 -- Optimized Twofish [down to 28 cycles/byte on my box] and Blowfish
48 -- Fix to OMAC to test cipher block size first [prevents wasting any time]
49 -- Added more OMAC test vectors
50 -- Added EAX Encrypt+Authenticate support
51 -- Fix to DSA to check return of a few LTM functions I forgot [mp_to_unsigned_bin]
52 -- Added common headers to all C files
53 -- CTR mode supports big and little [default] endian counters now.
54 -- fix to find_cipher_any() so that it can handle a fragmented cipher_descriptor table.
55 -- added find_hash_any() akin to find_cipher_any().
56 -- Added EAX code to demos/tv_gen.c Hazaa!
57 -- Removed SONY defines and files from codebase.
58 -- Added OCB support [patents be damned] and to demos/tv_gen.c
59 -- Merge all of the INPUT/OUTPUT BIGNUM macros (less toc) into mycrypt_pk.h
60 -- Made appropriate changes to the debug string in crypt.c
61
62 Dec 24th, 2003
63 v0.92 -- Updated the config.pl script so the options have more details.
64 -- Updated demos/tv_gen to include RIPEMD hashes
65 -- Updated Twofish so when TWOFISH_ALL_TABLES is defined a pre-computed RS table
66 is included [speedup: slight, about 4k cycles on my Athlon].
67 -- Re-wrote the twofish large key generation [the four 8x32 key dependent tables]. Now about twice as fast.
68 With both optimizations [e.g. TWOFISH_ALL_TABLES defined] a 128-bit Twofish key can now be scheduled
69 in 26,000 cycles on my Athlon XP [as opposed to 49,000 before] when optimized for size.
70 -- config.pl has been updated so rmd128.o and rmd160.o are objects included in the build [oops]
71 -- Andrew Mann found a bug in rsa_exptmod() which wouldn't indicate if the wrong type of key was specified
72 (e.g. not PK_PRIVATE or PK_PUBLIC)
73 -- Fixed up demos/x86_prof so it sorts the output now :-)
74 -- The project is now powered by radioactive rubber pants.
75 -- Fixed dh_encrypt_key() so if you pass it a hash with a smaller output than the input key it
76 will return CRYPT_INVALID_HASH [to match what ecc_encrypt_key() will do]
77 -- Merge the store/encrypt key part of ecc_encrypt_key() as per dh_encrypt_key() [can you guess what I'm upto?]
78 -- Massive updates to the prime generation code. I use the LTM random prime functions [and provide a nice
79 interface between the LTC PRNG's and the LTM generic prng prototype]. I also use a variable number of tests
80 depending on the input size. This nicely speeds up most prime generation/testing within the library.
81 -- Added SHA-224 to the list of hashes.
82 -- Made HMAC test vectors constant and static [takes ROM space instead of RAM]
83 -- This release was brought to you by the letter P which stands for Patent Infringement.
84 -- Added generic HASH_PROCESS macro to mycrypt_hash.h which simplifies the hash "process" functions
85 I also optimized the compression functions of all but MD2 to not perform input copies when avoidable.
86 -- Removed the division from the Blowfish setup function [dropped 3k cycles on my Athlon]
87 -- Added stack cleaning to rijndael, cast5 so now all ciphers have CLEAN_STACK code.
88 -- Added Skipjack to the list of ciphers [made appropriate changes to demos/test.c, demos/tv_gen.c and
89 demos/x86_prof.c]
90 -- Added mechanical testing to cipher test vector routines. Now it encrypts 1000 times, then decrypts and
91 compares. Any fault (e.g. bug in code, compiler) in the routines is likely to show through. Doesn't
92 stress test the key gen though...
93 -- Matt Johnson found a bug in the blowfish.c apparently I was out of my mind and put twofish defines in there
94 The code now builds with any config. Thanks.
95 -- Added OMAC1 Message Authentication Code support to the library.
96 -- Re-prototyped the hash "process" and "done" to prevent buffer overflows [which don't seem easy to exploit].
97 Updated HMAC code to use them too. Hazaa!
98 -- Fixed bug in ECC code which wouldn't do an _ARGCHK on stat in ecc_verify_hash().
99 -- Fixed [temp fix] bug in all PK where the OUTPUT_BIGNUM macros would not trap errors on the to_unsigned_bin
100 conversion [now returns CRYPT_MEM, will fix it up better later]
101 -- Added DSA to the list of supported PK algorithms.
102 -- Fixed up various ciphers to &255 the input key bytes where required [e.g. where used to index a table] to prevent
103 problems on platforms where CHAR_BIT != 8
104 -- Merged in LibTomMath v0.28
105 -- Updated demos/x86_prof.c to use Yarrow during the key sched testing [was horribly slow on platforms with blockable
106 /dev/random].
107 -- Added OMAC/HMAC tests to demos/tv_gen and I now store the output of this in notes/
108 -- Fixed a bug in config.pl that wouldn't have TWOFISH_TABLES defined by default (too many commas on the line)
109 -- Fixed bug in hmac_done(). Apparently FIPS-198 [HMAC] specifies that the output can be truncated. My code
110 would not support that (does now just like the new OMAC code).
111 -- Removed "hashsize" from hmac_state as it wasn't being used.
112 -- Made demos/test.c stop if OMAC or HMAC tests fail (instead of just printing a failed message and keep going).
113 -- Updated notes/tech0003.txt to take into account the existence of Skipjack [also I fixed a few typos].
114 -- Slight changes to Noekeon, with SMALL_CODE undefined it uses a fully unrolled version. Dropped +10 cycles/byte
115 on my Athlon (35 cycles per byte or 410.4Mbit/sec at 1795Mhz)
116 -- Added _ARGCHK() calls to is_prime() for the two input pointers.
117
118 Sept 25th, 2003
119 v0.91 -- HMAC fix of 0.90 was incorrect for keys larger than the block size of the hash.
120 -- Added error CRYPT_FILE_NOTFOUND for the file [hmac/hash] routines.
121 -- Added RIPEMD hashes to the hashsum demo.
122 -- Added hashsum demo to MSVC makefile.
123 -- Added RMD160 to the x86_prof demo [oops]
124 -- Merged in LibTomMath-0.27 with a patch to mp_shrink() that will be in LibTomMath-0.28
125 Fixes another potential memory leak.
126
127 Sept 7th, 2003
128 v0.90 -- new ROL/ROR for x86 GCC
129 -- Jochen Katz submitted a patch to the makefile to prevent "make" from making the .a library
130 when not required.
131 == By default the KR code is not enabled [it's only a demo anyways!]
132 -- changed the "buf" in ecc_make_key from 4KB to 128 bytes [since the largest key is 65 bytes]
133 -- hmac_done() now requires you pass it the size of the destination buffer to prevent
134 buffer overflows. (API CHANGE)
135 -- hmac/hash filebased routines now return CRYPT_NOP if NO_FILE is defined.
136 -- I've removed the primes from dh.c and replaced them with DR safe primes suitable for the default
137 configuration of LibTomMath. Check out these comparisons on a 1.3Ghz Athlon XP, optimized for size,
138
139 768-bit, 4 vs. 10
140 1024-bit, 8 vs. 18
141 1280-bit, 12 vs. 34
142 1536-bit, 20 vs. 56
143 1792-bit 28 vs. 88
144 2048-bit, 40 vs. 124
145 2560-bit, 71 vs. 234
146 3072-bit, 113 vs. 386
147 4096-bit, 283 vs. 916
148
149 Times are all in milliseconds for key generation. New primes times on the left. This makes the code binary
150 incompatible with previous releases. However, this addition is long overdue as LibTomMath has supported DR
151 reductions for quite some time.
152 -- Added RIPE-MD 128 and 160 to the list of supported hashes [10 in total].
153 -- The project has been released as public domain. TDCAL no longer applies.
154
155 July 15th, 2003
156 v0.89 -- Fix a bug in bits.c which would prevent it from building with msvc
157 -- Merged in LibTomMath v0.24 [and I used the alloc/free macros this time!]
158 -- Removed the LTC version of next_prime() and replaced it with a call to the
159 mp_prime_next_prime() from LibTomMath
160 -- reverted bits.c to the 0.86 copy since the new one doesn't build in MSVC
161 or cygwin.
162
163 Jul 10th, 2003
164 v0.88 -- Sped up CAST5 key schedule for MSVC
165 -- added "ulong32" which allows people on 64-bit platforms to force the 32-bit tables in
166 ciphers like blowfish and AES to be 32-bits. E.g. when unsigned long is 64-bits.
167 -- Optimized the SAFER-SK64, SAFER-SK128, SAFER+, RC5 and RC6 key schedule [big time!]
168 -- Optimized SHA-1 and SHA-256 quite a bit too.
169 -- Fixed up the makefile to use -fomit-frame-pointer more liberally
170 -- Added tv_gen program which makes test vectors for ciphers/hashes
171 -- Merged in LibTomMath v0.22
172
173 Jun 19th, 2003
174 v0.87 -- Many MSVC optimizations to the code base
175 -- Improved the AES and Twofish key schedule [faster, more constant time]
176 -- Tons of optimizations here and there.
177
178 Jun 15th, 2003
179 v0.86 -- Fixed up AES to workaround MSVC optimizer bug
180 -- Merged in fresh LTM base [based on v0.20] so there are no warnings with MSVC
181 -- Wrote x86_prof which will time the hashes and ciphers downto cycles per byte.
182 -- Fixed up demos/encrypt to remove serpent_desc from the list
183 -- Re-enabled MSVC optimizations w00t w00t
184 -- Replaced "errno" with "err" in all functions that had it so it wouldn't clash
185 with the global "errno"
186 -- Removed a set of unused variables from certain functions
187 -- Removed {#line 0 "..."} stuff from mpi.c to comply with ISO C :-)
188
189 Jun 11th, 2003
190 v0.85 -- Swapped in a new AES routine
191 -- Removed Serpent
192 -- Added TDCAL policy document
193
194 Jun 1st, 2003
195 v0.84 -- Removed a 4KB buffer from rsa_decrypt_key that wasn't being used no more
196 -- Fixed another potential buffer problem. Not an overflow but could cause the
197 PK import routines to read past the end of the buffer.
198 -- Optimized the ECC mulmod more by removing a if condition that will always be false
199 -- Optimized prime.c to not include a 2nd prime table, removed code from is_prime calls prime
200 test from LibTomMath now
201 -- Added LTC_TEST define which when defined will enable the test vector routines [see mycrypt_custom.h]
202 -- Removed ampi.o from the depends cuz it ain't no not working in *nix with it [routines are in mpi.c now].
203
204
205 Mar 29th, 2003
206 v0.83 -- Optimized the ecc_mulmod, it's faster and takes less heap/stack space
207 -- Fixed a free memory error in ecc_mulmod and del_point which would try to free NULL
208 -- Fixed two serious bugs in rsa_decrypt_key and rsa_verify_hash that would allow a trivialy
209 buffer overflow.
210 -- Fixed a bug in the hmac testing code if you don't register all the hashes it won't return
211 errors now.
212
213 Mar 15th, 2003
214 v0.82 -- Manual updated
215 -- Added MSVC makefile [back, actually its written from scratch to work with NMAKE]
216 -- Change to HMAC helper functions API to avoid buffer overflow [source changes]
217 -- the rsa_encrypt_key was supposed to reject key sizes out of bounds ...
218 same fix to the rsa_sign_hash
219 -- Added code to ensure that that chaining mode code (cfb/ofb/ctr/cbc) have valid
220 structures when being called. E.g. the indexes to the pad/ivs are not out of bounds
221 -- Cleaned up the DES code and simplified the core desfunc routine.
222 -- Simplified one of the boolean functions in MD4
223
224 Jan 16th, 2003
225 v0.81 -- Merged in new makefile from Clay Culver and Mike Frysinger
226 -- Sped up the ECC mulmod() routine by making the word size adapt to the input. Saves a whopping 9 point
227 operations on 521-bit keys now (translates to about 8ms on my Athlon XP). I also now use barrett reduction
228 as much as possible. This sped the routine up quite a bit.
229 -- Fixed a huge flaw in ecc_verify_hash() where it would return CRYPT_OK on error... Now fixed.
230 -- Fixed up config.pl by fixing an invalid query and the file is saved in non-windows [e.g. not CR/LF] format
231 (fix due to Mika Bostr�m)
232 -- Merged in LibTomMath for kicks
233 -- Changed the build process so that by default "mycrypt_custom.h" is included and provided
234 The makefile doesn't include any build options anymore
235 -- Removed the PS2 and VC makefiles.
236
237 Dec 16th, 2002
238 v0.80 -- Found a change I made to the MPI that is questionable. Not quite a bug but definately not desired. Had todo
239 with the digit shifting. In v0.79 I simply truncated without zeroing. It didn't cause problems during my
240 testing but I fixed it up none the less.
241 -- Optimized s_mp_mul_dig() from MPI to do a minimal number of passes.
242 -- Fixed in rsa_exptmod() where I was getting the size of the result. Basically it accomplishes the same thing
243 but the fixed code is more readable.
244 -- Fixed slight bug in dh_sign_hash() where the random "k" value was 1 byte shorter than it should have been. I've
245 also made the #define FAST_PK speed up signatures as well. Essentially FAST_PK tells the DH sub-system to
246 limit any private exponent to 256-bits. Note that when FAST_PK is defined does not make the library
247 binary or source incompatible with a copy of the library with it undefined.
248 -- Removed the DSA code. If you want fast diffie-hellman just define FAST_PK :-)
249 -- Updated dh_sign_hash()/dh_verify_hash() to export "unsigned" bignums. Saves two bytes but is not binary
250 compatible with the previous release... sorry! I've performed the same fix to the ecc code as well.
251 -- Fixed up the PK code to remove all use of mp_toraw() and mp_read_raw() [get all the changes out of the way now]
252 -- Fixed a bug in the DH code where it missed trapping a few errors if they occurred.
253 -- Fixed a slight "its-not-a-bug-but-could-be-done-better" bug in the next_prime() function. Essentially it was
254 testing to ensure that in the loop that searches for the next candidate that the step never grows beyond
255 65000. Should have been testing for MP_DIGIT_MAX
256 -- Spruced up the config.pl script. It now makes a header file "mycrypt_custom.h" which can be included *before*
257 you include mycrypt.h. This allows you to add libtomcrypt to a project without completely changing your make
258 system around. Note that you should use the makefile it writes to at least build the library initially.
259 -- Used splint to check alot of the code out. Tons of minor fixes and explicit casts added.
260 -- Also made all the internal functions of MPI are now static to avoid poluting the namespace
261 -- **Notice**: There are no planned future releases for at least a month from the this release date.
262
263 Dec 14th, 2002
264 v0.79 -- Change to PK code [binary and source]. I made it so you have to pass the buffer size to the *_decrypt_key and
265 *_verify_hash functions. This prevents malformed packets from performing buffer overflows. I've also trimmed
266 the packet header size [by 4 bytes].
267 -- Made the test program halt on the first error it occurs. Also made it trap more errors than before.
268 -- Wrote the first chapter of my new book [DRAFT!], not in this package but check my website!
269 -- Included a perl script "config.pl" that will make "makefile.out" according to the users needs.
270 -- Added shell script to look for latest release
271 -- Merge DH and ECC key defines from mycrypt_cfg.h into the makefiles
272 -- updated the makefile to use BSD friendly archiving invokations
273 -- Changed the DH and ECC code to use base64 static key settings [e.g. the primes]. Dropped the code size by 3KB
274 and is ever-so-slightly faster than before.
275 -- added "mp_shrink" function to shrink the size of bignums. Specially useful for PK code :-)
276 -- Added new exptmod function that calculates a^b mod c with fewer multiplies then before [~20% for crypto
277 sized numbers]. Also added a "low mem" variant that doesn't use more than 20KB [upto 4096 bit nums] of
278 heap todo the calculation. Both are #define'able controlled
279 -- Added XREALLOC macro to provide realloc() functionality.
280 -- Added fix where in rsa_import() if you imported a public key or a non-optimized key it would free the mp_int's
281 not being used.
282 -- Fixed potential bug in the ECC code. Only would occur on platforms where char is not eight bits [which isn't
283 often!]
284 -- Fixed up the ECC point multiplication, its about 15% faster now
285 -- While I was at it [since the lib isn't binary backwards compatible anyways] I've fixed the PK export routines
286 so they export as "unsigned" types saving 1 byte per bignum outputted. Not a lot but heck why not.
287
288 Nov 28th, 2002
289 v0.78 -- Made the default ARGCHK macro a function call instead which reduced the code size from 264KB to 239KB.
290 -- Fixed a bug in the XTEA keysize function which called ARGCHK incorrectly.
291 -- Added Noekeon block cipher at 2,800 bytes of object code and 345Mbit/sec it is a welcome addition.
292 -- Made the KR code check if the other PK systems are included [provides error when building otherwise].
293 -- Made "aes" an alias for Rijndael via a pre-processor macro. Now you can use "aes_ecb_encrypt", etc... :-)
294 Thanks to Jean-Luc Cooke for the "buzzword conformance" suggestion.
295 -- Removed the old PK code entirely (e.g. rsa_sign, dh_encrypt). The *_sign_hash and *_encrypt_key functions
296 are all that is to remain.
297 -- **NOTE** Changed the PK *_import (including the keyring) routine to accept a "inlen" parameter. This fixes a
298 bug where improperly made key packets could result in reading passed the end of the buffer. This means
299 the code is no longer source compatible but still binary compatible.
300 -- Fixed a few other minor bugs in the PK import code while I was at it.
301
302 Nov 26th, 2002
303 v0.77 -- Updated the XTEA code to use pre-computed keys. With optimizations for speed it achieves 222Mbit/sec
304 compared to the 121Mbit/sec before. It is 288 bytes bigger than before.
305 -- Cleaned up some of the ciphers and hashes (coding style, cosmetic changes)
306 -- Optimized AES slightly for 256-bit keys [only one if statement now, still two for 192-bit keys]
307 -- Removed most test cases from Blowfish, left three of them there. Makes it smaller and faster to test.
308 -- Changed the primality routines around. I now use 8 rounds of Rabin-Miller, I use 256 primes in the sieve
309 step and the "rand_prime" function uses a modified sieve that avoids alot of un-needed bignum work.
310 -- Fixed a bug in the ECC/DH signatures where the keys "setting" value was not checked for validity. This means
311 that a invalid value could have caused segfaults, etc...
312 -- **NOTE** Changed the way the ECC/DH export/import functions work. They are source but not binary compatible
313 with v0.76. Essentially insteading of exporting the setting index like before I export the key size. Now
314 if you ever re-configure which key settings are supported the lib will still be able to make use of your
315 keys.
316 -- Optimized Blowfish by inlining the round function, unrolling it for four rounds then using a for loop for the
317 rest. It achieves a rate of 425Mbit/sec with the new code compared to 314Mbit/sec before. The new blowfish
318 object file is 7,813 bytes compared to 8,663 before and is 850 bytes smaller. So the code is both smaller and
319 faster!
320 -- Optimized Twofish as well by inlining the round function. Gets ~400Mbit/sec compared to 280Mbit/sec before
321 and the code is only 78 bytes larger than the previous copy.
322 -- Removed SMALL_PRIME_TAB build option. I use the smaller table always.
323 -- Fixed some mistakes concerning prime generation in the manual.
324 -- [Note: sizes/speeds are for GCC 3.2 on an x86 Athlon XP @ 1.53Ghz]
325
326 Nov 25th, 2002
327 v0.76 -- Updated makefiles a bit more, use "-Os" instead of "-O2" to optimize for size. Got the lib
328 downto 265KB using GCC 3.2 on my x86 box.
329 -- Updated the SAFER+, Twofish and Rijndael test vector routine to use the table driven design.
330 -- Updated all other test vector routines to return as soon as an error is found
331 -- fixed a bug in the test program where errors in the hash test routines would not be reported
332 correctly. I found this by temporarily changing one of the bytes of the test vectors. All the
333 hashes check out [the demos/test.c would still have reported an error, just the wrong one].
334
335
336 Nov 24th, 2002
337 v0.75 -- Fixed a flaw in hash_filehandle, it should ARGCHK that the filehandle is not NULL
338 -- Fixed a bug where in hash_file if the call to hash_filehandle failed the open file would
339 not be closed.
340 -- Added more strict rules to build process, starting to weed out "oh this works in GCC" style code
341 In the next release "-Wconversion" will be enabled which will deal with all implicit casts.
342
343 Nov 22nd, 2002 [later in the day]
344 v0.74 -- Wrote a small variant of SAFER+ which shaved 50KB off the size of the library on x86 platforms
345 -- Wrote a build option to remove the PK packet functions [keeps the encrypt_key/sign_hash functions]
346 -- Wrote a small variant of Rijndael (trimmed 13KB)
347 -- Trimmed the TIGER/192 hash function a bit
348 -- Overall the entire lib compiled is 295KB [down from 400KB before]
349 -- Fixed a few minor oversights in the MSVC makefile
350
351 Nov 22nd, 2002
352 v0.73 -- Fixed bug in RC4 code where it could only use 255 byte keys.
353 -- Fixed bug in yarrow code where it would allow cast5 or md2 to be used with it...
354 -- Removed the ecc compress/expand points from the global scope. Reduces namespace polution
355 -- Fixed bug where if you used the SPRNG you couldn't pass NULL as your prng_state which you should be
356 able todo since the SPRNG has no state...
357 -- Corrected some oversights in the manual and the examples...
358 -- By default the GF(2^W) math library is excluded from the build. The source is maintained because I wrote it
359 and like it :-). This way the built library is a tad smaller
360 -- the MSVC makefile will now build for a SPACE optimized library rather than TIME optimized.
361
362 Nov 21th, 2002
363 v0.72 -- Fixed bug in the prime testing. In the Miller-Rabin test I was raising the base to "N-1" not "r".
364 The math still worked out fine because in effect it was performing a Fermat test. Tested the new code and it
365 works properly
366 -- Fixed some of the code where it was still using the old error syntax
367 -- Sped up the RSA decrypt/sign routines
368 -- Optimized the ecc_shared_secret routine to not use so much stack
369 -- Fixed up the makefile to make releases where the version # is in the file name and directory it will unzip
370 to
371
372 Nov 19th, 2002
373 v0.71 -- HELP TOM. I need tuition for the January semester. Now I don't want to force donations [nor will I ever]
374 but I really need the help! See my website http://tom.iahu.ca/help_tom.html for more details. Please help
375 if you can!
376 --------------------------------------------------------------------------------------------------------------
377 -- Officially the library is no longer supported in GCC 3.2 in windows [cygwin].
378 In windows you can either use GCC 2.95.3 or try your luck with 3.2 It seems that
379 "-fomit-frame-pointer" is broken in the windows build [but not the linux x86 build???]
380 If you simply must use 3.2 then I suggest you limit the optimizations to simply "-O2"
381 -- Started new error handling API. Similar to the previous except there are more error codes than just
382 CRYPT_ERROR
383 -- Added my implementation of the MD2 hash function [despite the errors in the RFC I managed to get it right!]
384 -- Merged in more changes from Sky Schulz. I have to make mention here that he has been a tremendous help in
385 getting me motivated to make some much needed updates to the library!
386 -- Fixed one of the many mistakes in the manual as pointed out by Daniel Richards
387 -- Fixed a bug in the RC4 code [wasn't setting up the key correctly]
388 -- Added my implementation of the CAST5 [aka CAST-128] block cipher (conforms...)
389 -- Fixed numerous bugs in the PK code. Essentially I was "freeing" keys when the import failed. This is neither
390 required nor a good a idea [double free].
391 -- Tom needs a job.
392 -- Fixed up the test harness as requested by Sky Schulz. Also modifed the timing routines to run for X seconds
393 and count # of ops performed. This is more suitable than say encrypting 10 million blocks on a slow processor
394 where it could take minutes!
395 -- Modified test programs hashsum/encrypt to use the new algorithms and error handling syntax
396 -- Removed the PKCS code since it was incomplete. In the future I plan on writing a "add-on" library that
397 provides PKCS support...
398 -- updated the config system so the #defines are in the makefiles instead of mycrypt_cfg.h
399 -- Willing to work on an hourly basis for 15$ CDN per hour.
400 -- updated the test program to not test ciphers not included
401 -- updated the makefile to make "rsa_sys.c" a dependency of rsa.o [helps develop the code...]
402 -- fixed numerous failures to detect buffer overflows [minor] in the PK code.
403 -- fixed the safer [64-bit block version] test routines which didn't check the returns of the setup
404 function
405 -- check out my CV at http://tom.iahu.ca/cv.html
406 -- removed the GBA makefile and code from demos/test.c [not a particularly useful demo...]
407 -- merged in rudimentary [for testing] PS2 RNG from Sky Schulz
408 -- merged in PS2 timer code [only shell included due to NDA reasons...]
409 -- updated HMAC code to return errors where possible
410 -- Thanks go to Sky Schulz who bought me a RegCode for TextPad [the official editor of libtomcrypt]
411
412 Nov 12th, 2002
413 v0.70 -- Updated so you can swap out the default malloc/calloc/free routines at build time with others. (Sky Schulz)
414 -- Sky Schulz contributed some code towards autodetecting the PS2 in mycrypt_cfg.h
415 -- Added PS2 makefile contributed by Sky Schulz [see a pattern forming?]
416 -- Added ability to have no FILE I/O functions at all (see makefile), Sky Schulz....
417 -- Added support for substituting out the clock() function (Sky Schulz)
418 -- Fixed up makefile to include new headers in the HEADERS variable
419 -- Removed "coin.c" as its not really useful anyways
420 -- Removed many "debug" printfs that would show up on failures. Basically I wanted to ensure the only output
421 would be from the developer themselves.
422 -- Added "rc4.c" a RC4 implementation with a PRNG interface. Since RC4 isn't a block cipher it wouldn't work
423 too well as a block cipher.
424 -- Fixed ARGCHK macro usage when ARGTYPE=1 throughout the code
425 -- updated makefile to make subdirectory properly (Sku Schulz)
426 -- Started towards new API setup. Instead of checking for "== CRYPT_ERROR" you should check "!= CRYPT_OK"
427 In future releases functions will return things other than CRYPT_ERROR on error to give more useful
428 thread safe error reporting. The manual will be updated to reflect this. For this release all
429 errors are returned as CRYPT_ERROR (except as noted) but in future releases this will change.
430 -- Removed the zlib branch since its not really required anyways. Makes the package smaller
431
432 Nov 11th, 2002
433 v0.69 -- Added ARGCHK (see mycrypt_argchk.h) "arguement checking" to all functions that accept pointers
434 -- Note I forgot to change the CRYPT version tag in v0.68... fixed now.
435
436 Nov 8th, 2002
437 v0.68 -- Fixed flaw in kr_import/kr_export that wasted 4 bytes. Source but not binary compatible with v0.67
438 -- Fixed bug in kr_find_name that used memcmp to match strings. Uses strncmp now.
439 -- kr_clear now sets the pointer to NULL to facilate debugging [e.g. using the keyring after clearing]
440 -- static functions in _write/_read in keyring.c now check the return of ctr_encrypt/ctr_decrypt.
441 -- Updated blowfish/rc2/rc5/rc6 keysize() function to not reject keys larger than the biggest key the
442 respective ciphers can use.
443 -- Fixed a bug in hashsum demo that would report the hash for files that don't exist!
444
445 Oct 16th, 2002
446 v0.67 -- Moved the function prototypes into files mycrypt_*.h. To "install" the lib just copy all the
447 header files "*.h" from the base of this project into your global include path.
448 -- Made the OFB/CFB/CTR functions use "unsigned long" for the length instead of "int"
449 -- Added keyring support for the PK functions
450 -- ***API CHANGE*** changed the ecc_make_key and dh_make_key to act more like rsa_make_key. Basically
451 move the first argument to the next to last.
452 -- Fixed bug in dh_test() that wouldn't test the primality of the order of the sub-group
453 -- replaced the primes in the DH code with new ones that are larger than the size they are
454 associated with. That is a 1024-bit DH key will have a 1025-bit prime as the modulus
455 -- cleaned up all the PK code, changed a bit of the API around [not source compatible with v0.66]
456 -- major editing of the manual, started Docer program
457 -- added 160 and 224 bit key settings for ECC. This makes the DH and ECC binary wise incompatible with v0.66
458 -- Added an additional check for memory errors in is_prime() and cleaned up prime.c a bit
459 -- Removed ID_TAG from all files [meh, not a big fan...]
460 -- Removed unused variable from yarrow state and made AES/SHA256 the default cipher/hash combo
461 -- Fixed a bug in the Yarrow code that called prng_is_valid instead of cipher_is_valid from yarrow_start()
462 -- The ECB/CBC/OFB/CFB/CTR wrappers now check that the cipher is valid in the encrypt/decrypt calls
463 Returns int now instead of void.
464
465 Sept 24th, 2002
466 v0.66 -- Updated the /demos/test.c program to time the hashes correctly. Also it uses the yarrow PRNG for all of the
467 tests meaning its possible to run on RNG less platforms
468 -- Updated the /demos/hashsum.c program to hash from the standard input
469 -- Updated the RSA code to make keys a bit quicker [update by Wayne Scott] by not making both primes at the same
470 time.
471 -- Dan Kaminsky suggested some cleanups for the code and the MPI config
472 Code ships in unix LF format by default now too... will still build in MSVC and all... but if you want
473 to read the stuff you'll have to convert it
474 -- Changes to the manual to reflect new API [e.g. hash_memory/file have v0.65 prototypes]and some typos fixed
475
476 Sept 20th, 2002
477 v0.65 -- Wayne Scott ([email protected]) made a few of suggestions to improve the library. Most
478 importantly he pointed out the math lib is not really required. He's also tested the lib on 18
479 different platforms. According to him with only a few troubles [lack of /dev/random, etc] the
480 library worked as it was supposed to. You can find the list at
481 http://www.bitkeeper.com/Products.BitKeeper.Platforms.html
482 -- Updated the hash_file and hash_memory functions to keep track of the size of the output
483 -- Wayne Scott updated the demos/test.c file to use the SPRNG less and Yarrow more
484 -- Modified the mycrypt_cfg.h to autodetect x86-32 machines
485
486 Sept 19th, 2002
487 v0.64 -- wrote makefile for the GBA device [and hacked the demos/test.c file to support it conditionally]
488 -- Fixed error in PK (e.g. ECC, RSA, DH) import functions where I was clobbering the packet error messages
489 -- fixed more typos in the manual
490 -- removed all unused variables from the core library (ignore the ID_TAG stuff)
491 -- added "const char *crypt_build_settings" string which is a build time constant that gives a listing
492 of all the build time options. Useful for debugging since you can send that to me and I will know what
493 exactly you had set for the mycrypt_cfg.h file.
494 -- Added control over endianess. Out of the box it defaults to endianess neutral but you can trivially
495 configure the library for your platform. Using this I boosted RC5 from 660Mbit/sec to 785Mbit/sec on my
496 Athlon box. See "mycrypt_cfg.h" for more information.
497
498 Sept 11th, 2002
499 v0.63 -- Made hashsum demo output like the original md5sum program
500 -- Made additions to the examples in the manual (fixed them up a bunch)
501 -- Merged in the base64 code from Wayne Scott ([email protected])
502
503 Aug 29th, 2002
504 v0.62 -- Added the CLEAN_STACK functionality to several of the hashes I forgot to update.
505
506 Aug 9th, 2002
507 v0.61 -- Fixed a bug in the DES code [oops I read something wrong].
508
509 Aug 8th, 2002
510 v0.60 -- Merged in DES code [and wrote 3DES-EDE code based on it] from Dobes V.
511
512 Aug 7th, 2002
513 v0.59 -- Fixed a "unsigned long long" bug that caused v0.58 not to build in MSVC.
514 -- Cleaned up a little in the makefile
515 -- added code that times the hash functions too in the test program
516
517 Aug 3rd, 2002
518 v0.58 -- Added more stack cleaning conditionals throughout the code.
519 -- corrected some CLEAR_STACK conditionals... should have been CLEAN_STACK
520 -- Simplified the RSA, DH and ECC encrypt() routines where they use CTR to encode the message
521 now they only make one call to ctr_encrypt()/ctr_decrypt().
522
523 Aug 2nd, 2002
524 v0.57 -- Fixed a few errors messages in the SAFER code to actually report the correct cipher name.
525 -- rsa_encrypt() uses the "keysize()" method of the cipher being used to more accurately pick a
526 key size. By default rsa_encrypt() will choose to use a 256-bit key but the cipher can turn that
527 down if required.
528 -- The rsa_exptmod() function will now more reliably detect invalid inputs (e.g. greater than the modulus).
529 -- The padding method for RSA is more clearly documented. Namely if you want to encrypt/sign something of length
530 N then your modulus must be of length 1+3N. So to sign a message with say SHA-384 [48 bytes] you need a
531 145 byte (1160 bits) modulus. This is all in the manual now.
532 -- Added build option CLEAN_STACK which will allow you to choose whether you want to clean the stack or not after every
533 cipher/hash call
534 -- Sped up the hash "process()" functions by not copying one byte at a time.
535 ++ (added just after I uploaded...)
536 MD4 process() now handles input buffers > 64 bytes
537
538 Aug 1st, 2002
539 v0.56 -- Cleaned up the comments in the Blowfish code.
540 -- Oh yeah, in v0.55 I made all of the descriptor elements constant. I just forgot to mention it.
541 -- fixed a couple of places where descriptor indexes were tested wrong. Not a huge bug but now its harder
542 to mess up.
543 -- Added the SAFER [64-bit block] ciphers K64, SK64, K128 and SK128 to the library.
544 -- Added the RC2 block cipher to the library.
545 -- Changed the SAFER define for the SAFER+ cipher to SAFERP so that the new SAFER [64-bit] ciphers
546 can use them with less confusion.
547
548 July 29th, 2002
549 v0.55 -- My god stupid Blowfish has yet again been fixed. I swear I hate that cipher. Next bug in it and boom its out of the
550 library. Use AES or something else cuz I really hate Blowfish at this stage....
551 -- Partial PKCS support [hint DONT USE IT YET CUZ ITS UNTESTED!]
552
553 July 19th, 2002
554 v0.54 -- Blowfish now conforms to known test vectors. Silly bad coding tom!
555 -- RC5/RC6/Serpent all have more test vectors now [and they seemed to have been working before]
556
557 July 18th, 2002
558 v0.53 -- Added more test vectors to the blowfish code just for kicks [and they are const now too :-)]
559 -- added prng/hash/cipher is_valid functions and used them in all of the PK code so you can't enter the code
560 with an invalid index ever now.
561 -- Simplified the Yarrow code once again :-)
562
563 July 12th, 2002
564 v0.52 -- Fixed a bug in MD4 where the hash descriptor ID was the same as SHA-512. Now MD4 will work with
565 all the routines...
566 -- Fixed the comments in SHA-512 to be a bit more meaningful
567 -- In md4 I made the PADDING array const [again to store it in ROM]
568 -- in hash_file I switched the constant "512" to "sizeof(buf)" to be a bit safer
569 -- in SHA-1's test routine I fixed the string literal to say SHA-1 not sha1
570 -- Fixed a logical error in the CTR code which would make it skip the first IV value. This means
571 the CTR code from v0.52 will be incompatible [binary wise] with previous releases but it makes more
572 sense this way.
573 -- Added {} braces for as many if/for/blocks of code I could find. My rule is that every for/if/while/do block
574 must have {} braces around it.
575 -- made the rounds table in saferp_setup const [again for the ROM think about the ROM!]
576 -- fixed RC5 since it no longer requires rc5 to be registered in the lib. It used to since the descriptors used to
577 be part of the table...
578 -- the packet.c code now makes crypt_error literal string errors when an error occurs
579 -- cleaned up the SAFER+ key schedule to be a bit easier to read.
580 -- fixed a huge bug in Twofish with the TWOFISH_SMALL define. Because I clean the stack now I had
581 changed the "g_func()" to be called indirectly. I forgot to actually return the return of the Twofish
582 g_func() function which caused it not to work... [does now :-)]
583
584 July 11th, 2002
585 v0.51 -- Fixed a bug in SHA512/384 code for multi-block messages.
586 -- Added more test vectors to the SHA384/512 and TIGER hash functions
587 -- cleaned up the hash done routines to make more sense
588
589 July 10th, 2002
590 v0.50 -- Fixed yarrow.c so that the cipher/hash used would be registered. Also fixed
591 a bug where the SAFER+ name was "safer" but should have been "safer+".
592 -- Added an element to the hash descriptors that gives the size of a block [sent into the compressor]
593 -- Cleaned up the support for HMAC's
594 -- Cleaned up the test vector routines to make the test vector data const. This means on some platforms it will be
595 placed in ROM not RAM now.
596 -- Added MD4 code submited by Dobes Vandermeer ([email protected])
597 -- Added "burn_stack" function [idea taken from another source of crypto code]. The idea is if a function has
598 alot of variables it will clean up better. Functions like the ecb serpent and twofish code will now have their
599 stacks cleaned and the rest of the code is getting much more straightforward.
600 -- Added a hashing demo by Daniel Richards ([email protected])
601 -- I (Tom) modified some of the test vector routines to use more vectors ala Dobes style.
602 For example, the MD5/SHA1 code now uses all of the test vectors from the RFC/FIPS spec.
603 -- Fixed the register/unregister functions to properly report errors in crypt_error
604 -- Correctly updated yarrow code to remove a few unused variables.
605 -- Updated manual to fix a few erroneous examples.
606 -- Added section on Hash based Message Authentication Codes (HMAC) to the manual
607
608 June 19th, 2002
609 v0.46 -- Added in HMAC code from Dobes Vandermeer ([email protected])
610
611 June 8th, 2002
612 v0.45 -- Fixed bug in rc5.c where if you called rc5_setup() before registering RC5 it would cause
613 undefined behaviour.
614 -- Fixed mycrypt_cfg.h to eliminate the 224 bit ECC key.
615 -- made the "default" makefile target have depends on mycrypt.h and mycrypt_cfg.h
616
617 Apr 4th, 2002
618 v0.44 -- Fixed bug in ecc.c::new_point() where if the initial malloc fails it would not catch it.
619
620 Mar 22nd, 2002
621 v0.43 -- Changed the ZLIB code over to the 1.1.4 code base to avoid the "double free" bug.
622 -- Updated the GCC makefile not to use -O3 or -funroll-loops
623 -- Version tag in mycrypt.h has been updated :-)
624
625 Mar 10th, 2002
626 v0.42 -- The RNG code can now use /dev/urandom before trying /dev/random (J. Klapste)
627
628 Mar 3rd, 2002
629 v0.41 -- Added support to link and use ciphers at compile time. This can greatly reduce the code size!
630 -- Added a demo to show off how small an application can get... 46kb!
631 -- Disastry pointed out that Blowfish is supposed to be high endian.
632 -- Made registry code for the PRNGs as well [now the smallest useable link is 43kb]
633
634 Feb 11th, 2002
635 v0.40 -- RSA signatures use [and check for] fixed padding scheme.
636 -- I'm developing in Linux now :-)
637 -- No more warnings from GCC 2.96
638
639 Feb 5th, 2002
640 v0.39 -- Updated the XTEA code to work in accordance with the XTEA design
641
642 January 24th, 2002
643 v0.38 -- CFB and OFB modes can now handle blocks of variable size like the CTR code
644 -- Wrote a wrapper around the memory compress functions in Zlib that act like the functions
645 in the rest of my crypto lib
646
647 January 23rd, 2002
648 v0.37 -- Added support code so that if a hash size and key size for a cipher don't match up they will
649 use the next lower key supported. (mainly for the PK code). So you can now use SHA-1 with
650 Twofish, etc...
651 -- Added more options for Twofish. You can now tell it to use precomputed sboxes and MDS multiplications
652 This will speed up the TWOFISH_SMALL implementation by increasing the code size by 1024 bytes.
653 -- Fixed a bug in prime.c that would not use the correct table if you undefined SMALL_PRIME_TAB
654 -- Fixed all of the PK packet code to use the same header format [see packet.c]. This makes the PK code
655 binary wise incompatible with previous releases while the API has not changed at all.
656
657 January 22nd, 2002
658 v0.36 -- Corrections to the manual
659 -- Made a modification to Twofish which lets you build a "small ram" variant. It requires
660 about 190 bytes of ram for the key storage compared to the 4,200 bytes the normal
661 variant requires.
662 -- Reduced the stack space used in all of the PK routines.
663
664 January 19th, 2002
665 v0.35 -- If you removed the first hash or cipher from the library it wouldn't return an error if
666 you used an ID=0 [i.e blowfish or sha256] in any routine. Now it checks for that and will
667 return an error like it should
668 -- Merged in new routines from Clay Culver. These routines are for the PK code so you can easily
669 encode a symmetric key for multiple recipients.
670 -- Made the ecc and DH make_key() routines make secret keys of the same size as the keysize listed.
671 Originally I wanted to ensure that the keys were smaller than the order of the field used
672 However, the bias is so insignifcant using full sizes. For example, with a ECC-192 key the order
673 is about 2^191.99, so instead I rounded down and used a 184-bit secret key. Now I simply use a full 192-bit
674 key the code will work just the same except that some 192-bit keys will be duplicates which is not a big
675 deal since 1/2^192 is a very small bias!
676 -- Made the configuration a bit simpler and more exacting. You can for example now select which DH or ECC
677 key settings you wish to support without including the data for all other key settings. I put the #defines
678 in a new file called "mycrypt_cfg.h"
679 -- Configured "mpi-config.h" so its a bit more conservative with the memory required and code space used
680 -- Jason Klapste submitted bug fixes to the yarrow, hash and various other issues. The yarrow code will now
681 use what ever remaining hash/cipher combo is left [after you #undef them] at build time. He also suggested
682 a fix to remove unused structures from the symmetric_key and hash_state unions.
683 -- Made the CTR code handle variable length blocks better. It will buffer the encryption pad so you can
684 encrypt messages any size block at a time.
685 -- Simplified the yarrow code to take advantage of the new CTR code.
686 -- Added a 4096-bit DH key setting. That took me about 36 hours to find!
687 -- Changed the base64 routines to use a real base64 encoding scheme.
688 -- Added in DH and ECC "encrypt_key()" functions. They are still rather "beta"ish.
689 -- Added **Twofish** to the list of ciphers!
690
691 January 18th, 2002
692 v0.34 -- Added "sha512" to the list of hashes. Produces a 512-bit message digest. Note that with the current
693 padding with the rsa_sign() function you cannot use sha512 with a key less than 1536 bits for signatures.
694 -- Cleaned up the other hash functions to use the LOAD and STORE macros...
695
696 January 17th, 2002
697 v0.33 -- Made the lower limit on keysizes for RSA 1024 bits again because I realized that 768 bit keys wouldn't
698 work with the padding scheme and large symmetric keys.
699 -- Added information concerning the Zlib license to the manual
700 -- Added a 3072-bit key setting for the DH code.
701 -- Made the "find_xyz()" routines take "const char *" as per Clay Culver's suggestion.
702 -- Fixed an embarassing typo in the manual concerning the hashes. Thank's Clay for finding it!
703 -- Fixed rand_prime() so that it makes primes bigger than the setting you give. For example,
704 if you want a 1024-bit prime it would make a 1023-bit one. Now it ensures that the prime
705 it makes is always greater than 2^(8n) (n == bytes in prime). This doesn't have a huge
706 impact on security but I corrected it just the same.
707 -- Fixed the CTR routine to work on platforms where char != 8-bits
708 -- Fixed sha1/sha256/md5/blowfish to not assume "unsigned long == 32-bits", Basically any operation with carries
709 I "AND" with 0xFFFFFFFF. That forces only the lower 32-bits to have information in it. On x86 platforms
710 most compilers optimize out the AND operation since its a nop.
711
712 January 16th, 2002
713 v0.32 -- Made Rijndael's setup function fully static so it is thread safe
714 -- Svante Seleborg suggested a cosmetic style fixup for aes.c,
715 basically to remove some of the #defines to clean it up
716 -- Made the PK routines not export the ASCII version of the names of ciphers/hashes which makes
717 the PK message formats *incompatible* with previous releases.
718 -- Merge in Zlib :-)
719
720
721 January 15th, 2002
722 v0.31 -- The RSA routines can now use CRT to speed up decryption/signatures. The routines are backwards
723 compatible with previous releases.
724 -- Fixed another bug that Svante Seleborg found. Basically you could buffer-overrun the
725 rsa_exptmod() function itself if you're not careful. That's fixed now. Fixed another bug in
726 rsa_exptmod() where if it knows the buffer you passed is too small it wouldn't free all used
727 memory.
728 -- improved the readability of the PK import/export functions
729 -- Added a fix to RSA.C by Clay Culver
730 -- Changed the CONST64 macro for MSVC to use the "unsigned __int64" type, e.g. "ui64" instead of "i64".
731
732 January 14th, 2002
733 v0.30 -- Major change to the Yarrow PRNG code, fixed a bug that Eugene Starokoltsev found.
734 Basically if you added entropy to the pool in small increments it could in fact
735 cancel out. Now I hash the pool with the new data which is way smarter.
736
737 January 12th, 2002
738 v0.29 -- Added MPI code written by Svante Seleborg to the library. This will make the PK code much
739 easier to follow and debug. Actually I've already fixed a memory leak in dh_shared_secret().
740 -- Memory leaks found and correct in all three PK routines. The leaks would occur when a bignum
741 operation fails so it wouldn't normally turn up in the course of a program
742 -- Fixed bugs in dh_key_size and ecc_key_size which would return garbage for invalid key idx'es
743
744 January 11th, 2002
745 v0.28 -- Cleaned up some code so that it doesn't assume "char == 8bits". Mainly SAFER+ has been
746 changed.
747 -- ***HUGE*** changes in the PK code. I check all return values in the bignum code so if there
748 are errors [insufficient memory, etc..] it will be reported. This makes the code fairly more
749 robust and likely to catch any errors.
750 -- Updated the is_prime() function to use a new prototype [it can return errors now] and it also
751 does trial divisions against more primes before the Rabin Miller steps
752 -- Added OFB, CFB and ECB generic wrappers for the symmetric ciphers to round out the implementations.
753 -- Added Xtea to the list of ciphers, to the best of my ability I have verified this implementation.
754 I should note that there is not alot of concrete information about the cipher. "Ansi C" versions
755 I found did not address endianess and were not even portable!. This code is portable and to the
756 best of my knowledge implements the Xtea algorithm as per the [short] X-Tea paper.
757 -- Reformated the manual to include the **FULL** source code optimized to be pritable.
758
759 January 9th, 2002
760 v0.27 -- Changed the char constants to numerical values. It is backwards compatible and should work on
761 platforms where 'd' != 100 [for example].
762 -- Made a change to rand_prime() which takes the input length as a signed type so you can pass
763 a negative len to get a "3 mod 4" style prime... oops
764 -- changed the MSVC makefile to build with a warning level of three, no warnings!
765
766 January 8th, 2002
767 v0.26 -- updated SHA-256 to use ROR() for a rotate so 64-bit machines won't corrupt
768 the output
769 -- Changed #include <> to #include "" for local .h files as per Richard Heathfields' suggestions.
770 -- Fixed bug in MPI [well bug in MSVC] that compiled code incorrectly in mp_set_int()
771 I added a work around that catches the error and continues normally.
772
773 January 8th, 2002
774 v0.25 -- Added a stupid define so MSVC 6.00 can build the library.
775 -- Big thanks to sci.crypt and "Ajay K. Agrawal" for helping me port this to MSVC
776
777 January 7th, 2002
778 v0.24 -- Sped up Blowfish by unrolling and removing the swaps.
779 -- Made the code comply with more traditional ANSI C standards
780 Should compile with MSVC with less errors
781 -- moved the demos and documentation into their own directories
782 so you can easily build the library with other tool chains
783 by compiling the files in the root
784 -- converted functions with length of outputs to use
785 "unsigned long" so 16-bit platforms will like this library more.
786
787 January 5th, 2002
788 v0.23 -- Fixed a small error in the MPI config it should build fine anywhere.
789
790 January 4th, 2002
791 v0.22 -- faster gf_mul() code
792 -- gf_shl() and gf_shr() are safe on 64-bit platforms now
793 -- Fixed an error in the hashes that Brian Gladman found.
794 Basically if the message has exactly 56 bytes left to be
795 compressed I handled them incorrectly.
796
797 January 4th, 2002
798 v0.21 -- sped up the ECC code by removing redundant divisions in the
799 point add and double routines. I also extract the bits more
800 efficiently in "ecc_mulmod()" now.
801 -- sped up [and documented] the rand_prime() function. Now it just
802 makes a random integer and increments by two until a prime is found
803 This is faster since it doesn't require alot of calls to the PRNG and
804 it doesn't require loading huge integers over and over. rand_prime()
805 can also make primes congruent to 3 mod 4 [i.e for a blum integer]
806 -- added a gf_sqrt() function that finds square roots in a GF(2^w) field
807 -- fixed a bug in gf_div() that would return the wrong results if the divisor had a greator
808 divisor than the dividend.
809
810 January 4th, 2002
811 v0.20 -- Added the fixed MPI back in so RSA and DH are much faster again
812
813 v0.19 -- Updated the manual to reflect the fact that Brian Gladman wrote the AES and Serpent code.
814 -- DH, ECC and RSA signature/decryption functions check if the key is private
815 -- new DH signature/verification code works just like the RSA/ECC versions
816
817 January 3rd, 2002
818 v0.18 -- Added way more comments to each .C file
819 -- fixed a bug in cbc_decrypt(pt, ct, key) where pt == ct [i.e same buffer]
820 -- fixed RC5 so it reads the default rounds out of the cipher_descriptor table
821 -- cleaned up ecc_export()
822 -- Cleaned up dh_import() and ecc_import() which also perform more
823 error checking now
824 -- Fixed a serious flaw in rsa_import() with private keys.
825
826 January 2nd, 2002
827 v0.17 -- Fixed a bug in the random prime generator that fixes the wrong bits to one
828 -- ECC and DH code verify that the moduli and orders are in fact prime. That
829 slows down the test routines alot but what are you gonna do?
830 -- Fixed a huge bug in the mp_exptmod() function which incorrectly calculates g^x mod p for some
831 values of p. I replaced it with a slow function. Once the author of MPI fixes his faster routine
832 I will switch back.
833
834 January 1st, 2002 [whoa new year!]
835 v0.16 -- Improved GF division code that is faster.
836 -- documented the GF code
837
838 December 31st, 2001
839 v0.15 -- A 1792-bit and 2048-bit DH setting was added. Took me all night to
840 find a 1792 and 2048-bit strong prime but what the heck
841 -- Library now has polynomial-basis GF(2^w) routines I wrote myself. Can be used to perform
842 ECC over GF(2^w) later on....
843 -- Fixed a bug with the defines that allows it to build in windows
844
845 December 30th, 2001
846 v0.14 -- Fixed the xxx_encrypt() packet routines to make an IV of appropriate size
847 for the cipher used. It was defaulting to making a 256-bit IV...
848 -- base64_encode() now appends a NULL byte, um "duh" stupid mistake now fixed...
849 -- spell checked the manual again... :-)
850
851 December 30th, 2001
852 v0.13 -- Switching back to older copy of MPI since it works! arrg..
853 -- Added sign/verify functions for ECC
854 -- all signature verification routines default to invalid signatures.
855 -- Changed all calls to memset to zeromem. Fixed up some buffer problems
856 in other routines. All calls to zeromem let the compiler determine the size
857 of the data to wipe.
858
859 December 29th, 2001
860 v0.12 -- Imported a new version of MPI [the bignum library] that should
861 be a bit more stable [if you want to write your own bignum
862 routines with the library that is...]
863 -- Manual has way more info
864 -- hash_file() clears stack now [like it should]
865 -- The artificial cap on the hash input size of 2^32 bits has been
866 removed. Basically I was too lazy todo 64-bit math before
867 [don't ask why... I can't remember]. Anyways the hashes
868 support the size of 2^64 bits [if you ever use that many bits in a message
869 that's just wierd...]
870 -- The hashes now wipe the "hash_state" after the digest is computed. This helps
871 prevent the internal state of the hash being leaked accidently [i.e stack problems]
872
873 December 29th, 2001
874 v0.11 -- Made #define's so you can trim the library down by removing
875 ciphers, hashs, modes of operation, prngs, and even PK algorithms
876 For example, the library with rijndael+ctr+sha1+ECC is 91KB compared
877 to the 246kb the full library takes.
878 -- Added ECC packet routines for encrypt/decrypt/sign/verify much akin to
879 the RSA packet routines.
880 -- ECC now compresses the public key, a ECC-192 public key takes 33 bytes
881 for example....
882
883 December 28th, 2001
884 v0.10 -- going to restart the manual from scratch to make it more
885 clear and professional
886 -- Added ECC over Z/pZ. Basically provides as much as DH
887 except its faster since the numbers are smaller. For example,
888 A comparable 256-bit ECC key provides as much security as expected
889 from a DH key over 1024-bits.
890 -- Cleaned up the DH code to not export the symbol "sets[]"
891 -- Fixed a bug in the DH code that would not make the correct size
892 random string if you made the key short. For instance if you wanted
893 a 512-bit DH key it would make a 768-bit one but only make up 512-bits
894 for the exponent... now it makes the full 768 bits [or whatever the case
895 is]
896 -- Fixed another ***SERIOUS*** bug in the DH code that would default to 768-bit
897 keys by mistake.
898
899 December 25th, 2001
900 v0.09 -- Includes a demo program called file_crypt which shows off
901 how to use the library to make a command line tool which
902 allows the user to encode/decode a file with any
903 hash (on the passphrase) and cipher in CTR mode.
904 -- Switched everything to use typedef's now to clear up the code.
905 -- Added AES (128/192 and 256 bit key modes)
906
907 December 24th, 2001
908 v0.08 -- fixed a typo in the manual. MPI stores its bignums in
909 BIG endian not little.
910 -- Started adding a RNG to the library. Right now it tries
911 to open /dev/random and if that fails it uses either the
912 MS CSP or the clock drift RNG. It also allows callbacks
913 since the drift RNG is slow (about 3.5 bytes/sec)
914 -- the RNG can also automatically setup a PRNG as well now
915
916 v0.07 -- Added basic DH routines sufficient to
917 negotiate shared secrets
918 [see the manual for a complete example!]
919 -- Fixed rsa_import to detect when the input
920 could be corrupt.
921 -- added more to the manual.
922
923 December 22nd, 2001
924 v0.06 -- Fixed some formatting errors in
925 the hash functions [just source code cleaning]
926 -- Fixed a typo in the error message for sha256 :-)
927 -- Fixed an error in base64_encode() that
928 would fail to catch all buffer overruns
929 -- Test program times the RSA and symmetric cipher
930 routines for kicks...
931 -- Added the "const" modifier to alot of routines to
932 clear up the purpose of each function.
933 -- Changed the name of the library to "TomCrypt"
934 following a suggestion from a sci.crypt reader....
935
936 v0.05 -- Fixed the ROL/ROR macro to be safe on platforms
937 where unsigned long is not 32-bits
938 -- I have added a bit more to the documentation
939 manual "crypt.pdf" provided.
940 -- I have added a makefile for LCC-Win32. It should be
941 easy to port to other LCC platforms by changing a few lines.
942 -- Ran a spell checker over the manual.
943 -- Changed the header and library from "crypt" to "mycrypt" to not
944 clash with the *nix package "crypt".
945
946 v0.04 -- Fixed a bug in the RC5,RC6,Blowfish key schedules
947 where if the key was not a multiple of 4 bytes it would
948 not get loaded correctly.
949
950 December 21st, 2001
951
952 v0.03 -- Added Serpent to the list of ciphers.
953
954 v0.02 -- Changed RC5 to only allow 12 to 24 rounds
955 -- Added more to the manual.
956
957 v0.01 -- We will call this the first version.