summaryrefslogtreecommitdiffhomepage
path: root/libtomcrypt/changes
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2007-01-11 02:41:05 +0000
committerMatt Johnston <matt@ucc.asn.au>2007-01-11 02:41:05 +0000
commita938f4cfe140e8561d9dbf108b896492a662a893 (patch)
treef2a74322f959ff6a505ba5e87274ebe3d17d5e74 /libtomcrypt/changes
parent692d737a821c5e401c227d936b8f0d76b955650f (diff)
parent28ad393b008b34bc3cdbaa192440b8cc615329f0 (diff)
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 2af22fb4e878750b88f80f90d439b316d229796f)
to branch 'au.asn.ucc.matt.dropbear' (head 02c413252c90e9de8e03d91e9939dde3029f5c0a) --HG-- extra : convert_revision : 52ccb0ad0587a62bc64aecb939adbb76546aac16
Diffstat (limited to 'libtomcrypt/changes')
-rw-r--r--libtomcrypt/changes238
1 files changed, 234 insertions, 4 deletions
diff --git a/libtomcrypt/changes b/libtomcrypt/changes
index 65ccd16..b2c7014 100644
--- a/libtomcrypt/changes
+++ b/libtomcrypt/changes
@@ -1,3 +1,233 @@
+December 16th, 2006
+v1.16 -- Brian Gladman pointed out that a recent change to GCM broke how the IV was handled. Currently the code complies against his test vectors
+ so the code should be considered frozen now.
+ -- Trevor from Cryptography Research Inc. submitted patches to convert the ECC code to be generic allowing curve parameters to be submitted
+ at runtime.
+ -- Fixed various doxygen comments
+ -- Added UTF8 support to the ASN1 code
+ -- Fixed STOREXXH macros for x86 platforms (Fix found at Elliptic Inc.)
+ -- Added makefile.unix which is BSD compatible, you have to manually tweak it since well I don't use it normally
+ -- removed a few lingering memcpy's
+ -- Fixed memory free errors in ecc_sign_hash() that can arise if the mp_init_multi() fails
+ -- Fixed incorrect return value in pkcs_1_pss_decode() which would correctly set res to 0 (indicating an incorrect signature) but
+ would return CRYPT_OK to the caller
+ -- ltc_ecc_mulmod() could leak memory if mp_init(&mu) failed, fixed. Would you believe that ltc_ecc_mulmod_timing() had the same
+ bug? Also fixed. :-)
+ -- Added Shamir's trick to the ECC side (defined as LTC_ECC_SHAMIR, enabled by default), gets ~1.34x to ~1.40x faster ECC verifications
+ -- Added Brian's vector #46 to the GCM code. It catches the ctr counter error from v1.15. Originally I was going to add all of his vectors,
+ but they're not as easy to parse and I got a lot of other things to do. Regression!
+ -- Various other small fixes to the ECC code to clean up error handling (I think most of that was from the move in 1.06 to the plugins)
+ All of the errors were in cleaning up from heap failures. So they were not likely to be triggered in normal usage
+ Made similar fixes to the RSA and DSA code (my bad)
+ -- Cryptography Research Inc. contributed a bunch of fixes to silence warnings (with MSVC) w.r.t. assigned data to unsigned char types.
+ -- Martin Marko suggested some fixes to make the RNG build with WinCE.
+ -- Updates to the manual for print (some fixes thanks to Martin Marko)
+
+
+November 17th, 2006
+v1.15 -- Andreas Lange found that if sha256_init DID fail in fortuna it wouldn't clean up the state correctly. Thanks.
+ Fortunately sha256_init cannot fail (as of v1.14) :-)
+ -- Andreas Lange contributed RMD-256 and RMD-320 code.
+ -- Removed mutex locks from fortuna_import as they create a deadlock and aren't required anyways [Avi Zelmanovich]
+ -- Added LTC_NO_PROTOTYPES to avoid prototyping functions like memset/memcpy. Required for fans of GCC 3.3.x
+ -- David Eder caught a off by one overrun bug in pmac_done() which can be exploited if your output tag buffer is
+ smaller than the block size of the cipher, e.g. if you have a 4-byte buffer and you tell pmac_done that you want
+ a 4-byte TAG it will store 4 bytes but return an outlen of 5.
+ -- Added signatures to the ECC and RSA benchmarks
+ -- Added LTC_PROFILE to run the PK tests only once in the timing demo (so you can capture events properly)
+ -- Andreas contributed PKCS #1 v1.5 code that merged cleanly with the existing PKCS code. w00t.
+ (update: I had to fix it to include the digestInfo and what not. Bad Andreas, bad! hehehe)
+ -- Fixed a signed variable error in gcm_process() (hard to trigger bug fortunately)
+ -- Removed all memcmp/memset/memcpy from the source (replaced with X macros)
+ -- Renamed macros HMAC/OMAC/PMAC to have a LTC_ prefix. If you pass these on the command line please update your makefiles
+ -- Added XCBC-MAC support [RFC 3566]
+ -- fixed LOAD32H and LOAD64H to stop putting out that darn warning :-)
+ -- Added the Korean SEED block cipher [RFC 4269]
+ -- Added LTC_VALGRIND define which makes SOBER-128 and RC4 a pure PRNG (and not a stream cipher). Useful if you use
+ Valgrind to debug your code (reported by Andreas Lange)
+ -- Made SOBER-128 more portable by removing the ASCII key in the test function (my bad, sorry).
+ -- Martin Mocko pointed out that if you have no PRNGs defined the lib won't build. Fixed, also fixed for if you have no
+ hashes defined.
+ -- Sped up F8 mode with LTC_FAST
+ -- Made CTR mode RFC 3686 compliant (increment counter first), to enable, OR the value LTC_CTR_RFC3686 to the "mode"
+ parameter you pass to ctr_start(), otherwise it will be LTC compliant (e.g. encrypt then increment)
+ -- Added ctr_test() to test CTR mode against RFC 3686
+ -- Added crypt_fsa() ... O_o
+ -- Fixed LTC_ECC_TIMING_RESISTANT so it once again builds properly (pt add/dbl are through the plugin now)
+ -- Added ANSI X9.63 (sec 4.3.6) import/export of public keys (cannot export to compressed formats but will import
+ hybrid compressed)
+ -- Added SECP curves for 112, 128, and 160 bits (only the 'r1' curves)
+ -- Added 3GPP-F9 MAC (thanks to Greg Rose for the test vectors)
+ -- Added the KASUMI block cipher
+ -- Added F9/XCBC/OMAC callbacks to the cipher plugin
+ -- Added RSA PKCS #1 v1.5 signature/encrypt tests to rsa_test.c
+ -- Fix to yarrow_test() to not call yarrow_done() which is invalid in that context (thanks Valgrind)
+ -- Christophe Devine pointed out that Anubis would fail on various 64-bit UNIX boxes when "x>>24" was used as an index, we needed
+ to mask it with 0xFF. Thanks. Fixed.
+
+August 0x1E, 0x07D6
+v1.14 -- Renamed the chaining mode macros from XXX to LTC_XXX_MODE. Should help avoid polluting the macro name space.
+ -- clean up of SHA-256
+ -- Chris Colman pointed out that der_decode_sequence_* allows LTC_ASN1_SETOF to accept SEQUENCEs and vice versa.
+ Decoder [non-flexi decoder that is] is more strict now and requires a match.
+ -- Steffen Jaeckel pointed out a typo in the user manual (re: rsa_exptmod). Fixed. This disproves the notion that
+ nobody reads it. :-)
+ -- Made GCM a bit more portable w.r.t. handling the CTR IV (e.g. & with 255)
+ -- Add LTC_VERBOSE if you really want to see what test is doing :-)
+ -- Added SSE2 support to GCM [use GCM_TABLES_SSE2 to enable], shaves 2 cycles per byte on Opteron processors
+ Shaved 4 cycles on a Prescott (Intel P4)
+ Requires you align your gcm_state on a 16 byte boundary, see gcm_memory() for more info
+ -- Added missing prototype for f8_test_mode()
+ -- two fixes to CCM for corner cases [L+noncelen > 15] and fixing the CTR pad to encrypt the CBC-MAC tag
+ -- Franz Glasner pointed out the ARGTYPE=4 is not actually valid. Fixed.
+ -- Fixed bug in f8_start() if your key < saltkey unspecified behaviour occurs. :-(
+ -- Documented F8 mode. Yeah, because you read the manual.
+ -- Minor updates to the technotes.
+
+
+June 17th, 2006
+v1.13 -- Fixed to fortuna_start() to clean up state if an error occurs. Not really useful at this stage (sha256 can't fail) but useful
+ if I ever make fortuna pluggable
+ -- Mike Marin submitted a whole bunch of patches for fixing up the libs on traditional UNIX platforms. Go AIX! Thanks!
+ -- One of bugs found in the multi demo highlights that at least with gcc you need to pass integers with a UL prefix to ensure
+ they're unsigned long
+ -- Updated the FP ECC code to use affine points. It's teh fast.
+ -- Made it so many functions which return CRYPT_BUFFER_OVERFLOW now also indicate the required buffer size, note that not all functions
+ do this (most do though).
+ -- Added F8 chaining mode. It's super neato.
+
+May 29th, 2006
+v1.12 -- Fixed OID encoder/decoder/length to properly handle the first two parts of an OID, matches 2002 X.690 now.
+ -- [Wesley Shields] Allows both GMP/LTM and TFM to be defined now.
+ -- [Wesley Shields] GMP pluggin is cleaner now and doesn't use deprecated symbols. Yipee
+ -- Added count_lsb_bits to get the number of leading LSB zero bits there are.
+ -- Fixed a bug in the INTEGER encoders for values of -(256**k)/2
+ -- Added BOOLEAN type to ASN.1 thingy-ma-do-hicky
+ -- Testprof doesn't strictly require GMP ... oops [Nils Durner]
+ -- Added LTC_CALL and LTC_EXPORT macros in tomcrypt_cfg.h to support various calling and linker conventions
+ (Thanks to John Kirk from Demonware)
+ -- In what has to be the best thing since sliced bread I bring you MECC_FP which is the fixed point
+ ECC point multiplier. It's fast, it's sexy and what's more it's hella fast [did I mention it's fast?]
+ You can tune it somewhat with FP_LUT (default to 8) for look-up width.
+ Read section 8.2 of the manual for more info.
+ It is disabled by default, you'll have to build LTC with it defined to get it.
+ -- Fixed bug in ecc_test.c (from testprof) to include the 521 [not 512] bit curve. :-)
+
+April 4th, 2006
+v1.11 -- Removed printf's from lrw_test ... whoops
+ -- lrw_process now checks the return of the cipher ecb encrypt/decrypt calls
+ -- lrw_start was not using num_rounds ...
+ -- Adam Miller reported a bug in the flexi decoder with elements past the end of a sequence. Fixed.
+ -- Bruce Guenter suggested I use --tag=CC for libtool builds where the compiler may think it's C++. (I applied this to LTM and TFM)
+ -- Optimized the ECC for TFM a bit by removing the useless "if" statements (most TFM functions don't return error codes)
+ Actually shaved a good chunk of time off and made the code smaller. By default with TFM the stock LTC point add/dbl functions
+ will be totally omitted (ECC-256 make key times on a Prescott for old vs. new are 11.03M vs. 9.59M cycles)
+ -- added missing CVS tags to ltc_ecc_mulmod.c
+ -- corrected typo in tomcrypt_cfg.h about what the file has been called
+ -- corrected my address in the user manual. A "bit" out of date.
+ -- added lrw_gen to tv_gen
+ -- added GMP plugin, only tested on a AMD64 and x86_32 Gentoo Linux box so be aware
+ -- made testme.sh runs diff case insensitivityly [whatever...] cuz GMP outputs lowercase satan text
+ -- added LDFLAGS to the makefile to allow cross porting linking options
+ -- added lrw_test() to the header file ... whoops
+ -- changed libtomcrypt.org to libtomcrypt.com .... mumble mumble
+ -- Updates to detect __STRICT_ANSI__ which is defined in --std=c99 modes (note -ansi is not supported as it lacks long long) so you can
+ build LTC out of the box with c99 (note: it'll be slower as there is no asm in this case)
+ -- Updated pelican.c and aes_tab.c to undef tables not-required. The tables are static so both AES and Pelican MAC would have copies. Save a few KB in the final binary.
+ -- Added LTC_NO_FAST to the makefile.icc to compensate for the fact ICC v9 can't handle it (Pelican MAC fails for instance)
+
+February 11th, 2006
+v1.10 -- Free ecb/cbc/ctr/lrw structures in timing code by calling the "done" function
+ -- fixed bug in lrw_process() which would always use the slow update ...
+ -- vastly sped up gcm_gf_mult() when LTC_FAST is defined. This speeds up LRW and GCM state creation, useful for servers with GCM
+ -- Removed NLS since there are some attacks against it.
+ -- fixed memory leak in rsa_import reported by John Kuhns
+ ++ re-released as the rsa fix was incorrect (bad John bad ... hehehe) and I missed some NULLs in the static descriptor entry for ciphers
+
+January 26th, 2006
+v1.09 -- Added missing doxygen comments to some of the ASN.1 routines
+ -- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos. Reduces build times for typical
+ configurations. Tunable [see tomcrypt_custom.h]
+ -- Added some error detection to reg_algs() of the testprof.a library to detect when the PRNG is not setup correctly (took me 10 mins to figure out, PITA!)
+ -- Similar fixes to timing demo (MD5 not defined when EASY is defined)
+ -- Added the NLS enc+mac stream cipher from QUALCOMM, disabled for this release, waiting on test vectors
+ -- Finally added an auto-update script for the makefiles. So when I add new files/dirs it can automatically fix up the makefiles [all four of them...]
+ -- Added LRW to the list of cipher modes supported
+ -- cleaned up ciphers definitions to remove cbc/cfb/ofb/ctr/etc from the namespace when not used.
+
+November 24th, 2005
+v1.08 -- Added SET and SET OF support to the ASN.1 side
+ -- Fixed up X macros, added QSORT to the mix [thanks SET/SETOF]
+ -- Added XMEMCMP to the list of X macros
+ -- In der_decode_sequence() the SHORT_INTEGER type was not being handled correctly [oddly enough it worked just enough to make RSA work ... go figure!]
+ -- Fixed bug in math descriptors where if you hadn't defined MECC (ECC support) you would get linker errors
+ -- Added RSA accelerators to the math descriptors to make it possible to not include the stock routines if you supply your own.
+ -- dsa_decrypt_key() was erroneously dependent on MECC not MDSA ... whoops
+ -- Moved DSA size limits to tomcrypt_pk.h so they're defined with LTC_NO_PK+MDSA
+ -- cleaned up tomcrypt_custom.h to make customizable PK easier (and also cleaned up the error traps so they're correctly reported)
+
+November 18th, 2005
+v1.07 -- Craig Schlenter pointed out the "encrypt" demo doesn't call ctr_start() correctly. That's because as of a few releases ago
+ I added support to set the mode of the counter at init time
+ -- Fixed some "testprof" make issues
+ -- Added RSA keygen to the math descriptors
+ -- Fixed install_test target ... oops
+ -- made the "ranlib" program renamable useful for cross-compiling
+ -- Made the cipher accelerators return error codes. :-)
+ -- Made CCM accept a pre-scheduled key to speed it up if you use the same key for multiple packets
+ -- Added "Katja" public key crypto. It's based on the recent N = p^2q work by Katja. I added OAEP padding
+ to it. Note this code has been disabled not because it doesn't work but because it hasn't been thoroughly
+ analyzed. It does carry some advantages over RSA (slightly smaller public key, faster decrypt) but also
+ some annoying "setup" issues like the primes are smaller which makes ECM factoring more plausible.
+ -- Made makefile accept a NODOCS flag to disable the requirement of tetex to install LTC for you no tetex people... all 3 of ya :-)
+ -- Cleaned up rsa_export() since "zero" was handled with a SHORT_INTEGER
+ -- Cleaned up the LIBTEST_S definitions in both GNU makefiles. A few minor touchups as well.
+ -- Made the cipher ecb encrypt/decrypt return an int as well, changed ALL dependent code to check for this.
+ -- der_decode_choice() would fail to mark a NULL as "used" when decoding. Fixed
+ -- ecc_decrypt_key() now uses find_hash_oid() to clean up the code ;-)
+ -- Added mp_neg() to the math descriptors.
+ -- Swapped arguments for the pkcs_1_mgf1() function so the hash_idx is the first param (to be more consistent)
+ -- Made the math descriptors buildable when RSA has been undefined
+ -- ECC timing demo now capable of detecting which curves have been defined
+ -- Refactored the ECC code so it's easier to maintain. (note: the form of this code hasn't really changed since I first added ECC ... :-/)
+ -- Updated the documentation w.r.t. ECC and the accelerators to keep it current
+ -- Fixed bug in ltc_init_multi() which would fail to free all allocated memory on error.
+ -- Fixed bug in ecc_decrypt_key() which could possibly lead to overflows (if MAXBLOCKSIZE > ECC_BUF_SIZE and you have a hash that emits MAXBLOCKSIZE bytes)
+ -- Added encrypt/decrypt to the DSA side (basically DH with DSA parameters)
+ -- Updated makefiles to remove references to the old DH object files and the ecc_sys.o crap ... clean code ahead!
+ -- ecc_import() now checks if the point it reads in lies on the curve (to prevent degenerative points from being used)
+ -- ECC code now ALWAYS uses the accelerator interface. This allows people who use the accelerators to not have the stock
+ ECC point add/dbl/mul code linked in. Yeah space savings! Rah Rah Rah.
+ -- Added LTC_MUTEX_* support to Yarrow and Fortuna allowing you to use respective prng_state as a global PRNG state [e.g. thread-safe] if you define one of the LTC_* defines at
+ build time (e.g. LTC_PTHREAD == pthreads)
+ -- Added PPC32 support to the rotate macros (tested on an IBM PPC 405) and LTC_FAST macros (it aint fast but it's faster than stock)
+ -- Added ltc_mp checks in all *_make_key() and *_import() which will help catch newbs who don't register their bignum first :-)
+ -- the UTCTIME type was missing from der_length_sequence() [oops, oh like you've never done that]
+ -- the main makefile allows you to rename the make command [e.g. MAKE=gmake gmake install] so you can build LTC on platforms where the default make command sucks [e.g. BSD]
+ -- Added DER flexi decoder which allows the decoding of arbitrary DER encoded packets without knowing
+ their structure in advance (thanks to MSVC for finding 3 bugs in it just prior to release! ... don't ask)
+
+August 1st, 2005
+v1.06 -- Fixed rand_prime() to accept negative inputs as a signal for BBS primes. [Fredrik Olsson]
+ -- Added fourth ARGCHK type which outputs to stderr and continues. Useful if you trap sigsegv. [Valient Gough]
+ -- Removed the DH code from the tree
+ -- Made the ECC code fully public (you can access ecc_mulmod directly now) useful for debuging
+ -- Added ecc test to tv_gen
+ -- Added hmac callback to hash descriptors.
+ -- Fixed two doxy comment errors in the UTCTIME functions
+ -- rsa_import() can now read OpenSSL format DER public keys as well as the PKCS #1 RSAPublicKey format.
+ Note that rsa_export() **ONLY** writes PKCS #1 formats
+ -- Changed MIN/MAX to only define if not already present. -- Kirk J from Demonware ...
+ -- Ported tv_gen to new framework (and yes, I made ecc vectors BEFORE changing the API and YES they match now :-))
+ -- ported testing scripts to support pluggable math. yipee!
+ -- Wrote a TFM descriptor ... yipee
+ -- Cleaned up LTC_FAST in CBC mode a bit
+ -- Merged in patches from Michael Brown for the sparc/sparc64 targets
+ -- Added find_hash_oid() to search for a hash by its OID
+ -- Cleaned up a few stray CLEAN_STACKs that should have been LTC_CLEAN_STACK
+ -- Added timing resistant ECC, enable by defining LTC_ECC_TIMING_RESISTANT then use ECC API as normal
+ -- Updated the ECC documentation as it was a bit out of date
+
June 27th, 2005
v1.05
-- Added Technote #6 which covers the current PK compliance.
@@ -213,7 +443,7 @@ October 29th, 2004
v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes
-- Deprecated LTMSSE and removed it (to be replaced with TFM later on)
-- Stefan Arentz pointed out that mp_s_rmap should be extern
- -- Kristian Gjøsteen pointed out that there are typos in the
+ -- Kristian Gj?steen pointed out that there are typos in the
"test" makefile and minor issues in Yarrow and Sober [just cosmetics really]
-- Matthew P. Cashdollar pointed out that "export" is a C++ keyword
so changed the PRNG api to use "pexport" and "pimport"
@@ -592,7 +822,7 @@ v0.81 -- Merged in new makefile from Clay Culver and Mike Frysinger
as much as possible. This sped the routine up quite a bit.
-- Fixed a huge flaw in ecc_verify_hash() where it would return CRYPT_OK on error... Now fixed.
-- Fixed up config.pl by fixing an invalid query and the file is saved in non-windows [e.g. not CR/LF] format
- (fix due to Mika Boström)
+ (fix due to Mika Bostr?m)
-- Merged in LibTomMath for kicks
-- Changed the build process so that by default "mycrypt_custom.h" is included and provided
The makefile doesn't include any build options anymore
@@ -1321,6 +1551,6 @@ v0.02 -- Changed RC5 to only allow 12 to 24 rounds
v0.01 -- We will call this the first version.
/* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.106 $ */
-/* $Date: 2005/06/27 12:37:06 $ */
+/* $Revision: 1.274 $ */
+/* $Date: 2006/12/16 19:08:17 $ */