May 30th, 2004v0.96  -- Removed GF and Keyring code       -- Extended OAEP decoder to distinguish better [and use a more uniform API]       -- Changed PSS/OAEP API slightly to be more consistent with other PK functions (order of arguments)       -- rsa_exptmod() now pads with leading zeroes as per I2OSP.       -- added error checking to yarrow code       -- Mike Frysinger pointed out that tommath.h from this distro will overwrite tommath.h          from libtommath.  I changed this to ltc_tommath.h to avoid any such problems.       -- Fixed bug in PSS encoder/decoder that didn't handle the MSB properly       -- refactored AES, now sports an "encrypt only" descriptor which uses half as much code space.       -- modded Yarrow to try and use refactored AES code and added WHIRLPOOL support (d'oh) ;-)       -- updated ECB, OCB and CBC decrypt functions to detect when "encrypt only" descriptor is used.       -- replaced old RSA code with new code that uses PKCS #1 v2.0 padding       -- replaced old test harness with new over-engineer'ed one in /demos/test/       -- updated cbc/cfb/ofb/ctr code with setiv/getiv functions to change/read the IV without re-keying.       -- Added PKCS #1 v1.5 RSA encryption and signature padding routines       -- Added DER OID's to most hash descriptors (as many as I could find)        -- modded rsa_exptmod() to use timing-resilient tim_exptmod() when doing private key operations           added #define RSA_TIMING which can turn on/off this feature.       -- No more config.pl so please just read mycrypt_custom.h for build-time tweaks       -- Small update to rand_prime()       -- Updated sha1, md5 and sha256 so they are smaller when SMALL_CODE is defined.  If you want speed though,          you're going to have to undefine SMALL_CODE ;-)       -- Worked over AES so that it's even smaller now [in both modes].       May 12th, 2004v0.95  -- Optimized AES and WHIRLPOOL for SMALL_CODE by taking advantage of the fact          the transforms are circulant.  AES dropped 5KB and WHIRLPOOL dropped 13KB          using the default build options on the x86.       -- Updated eax so the eax_done() would clear the state [like hmac,pmac,ocb] when          CLEAN_STACK has been defined.       -- added LTC_TEST support to rmd160       -- updates to mycrypt_pk.h       -- updated rand_prime() to faciliate making RSA composites        -- DSA/RSA now makes composites of the exact size desired.       -- Refactored quite a bit of the code, fewer functions per C file       -- cleaned up the makefiles to organize the objects logically       -- added ICC makefile along with "profiled" targets for both GNU and ICC compilers       -- Marked functions for removal before v1.00 see PLAN for more information       -- GCC 3.4.0 tested and seems to work       -- Added PKCS #5 support       -- Fixed typo in comment header of .C files  ;-)       -- Added PKCS #1 OAEP and PSS support.         Feb 20th, 2004v0.94  -- removed unused variables from ocb.c and fixed it to match known test vectors.       -- Added PMAC support, minor changes to OMAC/EAX code [I think....]       -- Teamed up with Brian Gladman.  His code verifies against my vectors and my code          verifies against his test vectors.  Hazaa for co-operation!       -- Various small changes (added missing ARGCHKs and cleaned up indentation)       -- Optimization to base64, removed unused variable "c"       -- Added base64 gen to demos/tv_gen.c       -- Fix to demos/x86_prof.c to correctly identify the i386 architecture... weird...       -- Fixed up all of the PK code by adding missing error checking, removed "res" variables,          shrunk some stack variables, removed non-required stack variables and added proper          error conversion from MPI to LTC codes.  I also spotted a few "off by one" error          checking which could have been used to force the code to read past the end of          the buffer (in theory, haven't checked if it would work) by a few bytes.       -- Added checks to OUTPUT_BIGNUM so the *_export() functions cannot overflow the output and I           also modded it so it stores in the output provided to the function (that is not on          the local stack) which saves memory and time.       -- Made SAFER default to disabled for now (plans are to cleanhouse write an implementation later)       -- Added the 512-bit one-way hash WHIRLPOOL which clocks in at 138 cycles per byte on my          Athlon XP [for comparison, SHA-512 clocks in at 77 cycles per byte].  This code uses the           teams new sbox design (not the original NESSIE one).      Jan 25th, 2004v0.93  -- [note: deleted v0.93 changes by accident... recreating from memory...]       -- Fix to RC2 to not deference pointer before ARGCHK       -- Fix to NOEKEON to match published test vectors as well as cleaned up the code a bit       -- Optimized Twofish [down to 28 cycles/byte on my box] and Blowfish       -- Fix to OMAC to test cipher block size first [prevents wasting any time]       -- Added more OMAC test vectors       -- Added EAX Encrypt+Authenticate support       -- Fix to DSA to check return of a few LTM functions I forgot [mp_to_unsigned_bin]       -- Added common headers to all C files       -- CTR mode supports big and little [default] endian counters now.         -- fix to find_cipher_any() so that it can handle a fragmented cipher_descriptor table.       -- added find_hash_any() akin to find_cipher_any().       -- Added EAX code to demos/tv_gen.c  Hazaa!        -- Removed SONY defines and files from codebase.       -- Added OCB support [patents be damned] and to demos/tv_gen.c       -- Merge all of the INPUT/OUTPUT BIGNUM macros (less toc) into mycrypt_pk.h       -- Made appropriate changes to the debug string in crypt.cDec 24th, 2003v0.92  -- Updated the config.pl script so the options have more details.       -- Updated demos/tv_gen to include RIPEMD hashes       -- Updated Twofish so when TWOFISH_ALL_TABLES is defined a pre-computed RS table          is included [speedup: slight, about 4k cycles on my Athlon].       -- Re-wrote the twofish large key generation [the four 8x32 key dependent tables].  Now about twice as fast.          With both optimizations [e.g. TWOFISH_ALL_TABLES defined] a 128-bit Twofish key can now be scheduled          in 26,000 cycles on my Athlon XP [as opposed to 49,000 before] when optimized for size.       -- config.pl has been updated so rmd128.o and rmd160.o are objects included in the build [oops]       -- Andrew Mann found a bug in rsa_exptmod() which wouldn't indicate if the wrong type of key was specified          (e.g. not PK_PRIVATE or PK_PUBLIC)       -- Fixed up demos/x86_prof so it sorts the output now :-)         -- The project is now powered by radioactive rubber pants.       -- Fixed dh_encrypt_key() so if you pass it a hash with a smaller output than the input key it           will return CRYPT_INVALID_HASH [to match what ecc_encrypt_key() will do]       -- Merge the store/encrypt key part of ecc_encrypt_key() as per dh_encrypt_key() [can you guess what I'm upto?]       -- Massive updates to the prime generation code.  I use the LTM random prime functions [and provide a nice           interface between the LTC PRNG's and the LTM generic prng prototype].  I also use a variable number of tests          depending on the input size.  This nicely speeds up most prime generation/testing within the library.       -- Added SHA-224 to the list of hashes.       -- Made HMAC test vectors constant and static [takes ROM space instead of RAM]       -- This release was brought to you by the letter P which stands for Patent Infringement.       -- Added generic HASH_PROCESS macro to mycrypt_hash.h which simplifies the hash "process" functions          I also optimized the compression functions of all but MD2 to not perform input copies when avoidable.       -- Removed the division from the Blowfish setup function [dropped 3k cycles on my Athlon]       -- Added stack cleaning to rijndael, cast5 so now all ciphers have CLEAN_STACK code.         -- Added Skipjack to the list of ciphers [made appropriate changes to demos/test.c, demos/tv_gen.c and           demos/x86_prof.c]       -- Added mechanical testing to cipher test vector routines.  Now it encrypts 1000 times, then decrypts and          compares.  Any fault (e.g. bug in code, compiler) in the routines is likely to show through.  Doesn't          stress test the key gen though...       -- Matt Johnson found a bug in the blowfish.c  apparently I was out of my mind and put twofish defines in there           The code now builds with any config.  Thanks.       -- Added OMAC1 Message Authentication Code support to the library.       -- Re-prototyped the hash "process" and "done" to prevent buffer overflows [which don't seem easy to exploit].            Updated HMAC code to use them too.  Hazaa!       -- Fixed bug in ECC code which wouldn't do an _ARGCHK on stat in ecc_verify_hash().       -- Fixed [temp fix] bug in all PK where the OUTPUT_BIGNUM macros would not trap errors on the to_unsigned_bin           conversion [now returns CRYPT_MEM, will fix it up better later]       -- Added DSA to the list of supported PK algorithms.         -- Fixed up various ciphers to &255 the input key bytes where required [e.g. where used to index a table] to prevent          problems on platforms where CHAR_BIT != 8        -- Merged in LibTomMath v0.28       -- Updated demos/x86_prof.c to use Yarrow during the key sched testing [was horribly slow on platforms with blockable          /dev/random].        -- Added OMAC/HMAC tests to demos/tv_gen and I now store the output of this in notes/        -- Fixed a bug in config.pl that wouldn't have TWOFISH_TABLES defined by default (too many commas on the line)       -- Fixed bug in hmac_done().  Apparently FIPS-198 [HMAC] specifies that the output can be truncated.  My code          would not support that (does now just like the new OMAC code).       -- Removed "hashsize" from hmac_state as it wasn't being used.       -- Made demos/test.c stop if OMAC or HMAC tests fail (instead of just printing a failed message and keep going).       -- Updated notes/tech0003.txt to take into account the existence of Skipjack [also I fixed a few typos].       -- Slight changes to Noekeon, with SMALL_CODE undefined it uses a fully unrolled version.  Dropped +10 cycles/byte          on my Athlon (35 cycles per byte or 410.4Mbit/sec at 1795Mhz)       -- Added _ARGCHK() calls to is_prime() for the two input pointers.Sept 25th, 2003v0.91  -- HMAC fix of 0.90 was incorrect for keys larger than the block size of the hash.       -- Added error CRYPT_FILE_NOTFOUND for the file [hmac/hash] routines.       -- Added RIPEMD hashes to the hashsum demo.       -- Added hashsum demo to MSVC makefile.       -- Added RMD160 to the x86_prof demo [oops]       -- Merged in LibTomMath-0.27 with a patch to mp_shrink() that will be in LibTomMath-0.28          Fixes another potential memory leak.Sept 7th, 2003v0.90  -- new ROL/ROR for x86 GCC       -- Jochen Katz submitted a patch to the makefile to prevent "make" from making the .a library          when not required.       == By default the KR code is not enabled [it's only a demo anyways!]       -- changed the "buf" in ecc_make_key from 4KB to 128 bytes [since the largest key is 65 bytes]       -- hmac_done() now requires you pass it the size of the destination buffer to prevent          buffer overflows.  (API CHANGE)       -- hmac/hash filebased routines now return CRYPT_NOP if NO_FILE is defined.       -- I've removed the primes from dh.c and replaced them with DR safe primes suitable for the default          configuration of LibTomMath.  Check out these comparisons on a 1.3Ghz Athlon XP, optimized for size,768-bit,     4 vs.  101024-bit,    8 vs.  181280-bit,   12 vs.  341536-bit,   20 vs.  561792-bit    28 vs.  882048-bit,   40 vs. 1242560-bit,   71 vs. 2343072-bit,  113 vs. 3864096-bit,  283 vs. 916          Times are all in milliseconds for key generation.  New primes times on the left.  This makes the code binary          incompatible with previous releases.  However, this addition is long overdue as LibTomMath has supported DR          reductions for quite some time.       -- Added RIPE-MD 128 and 160 to the list of supported hashes [10 in total].       -- The project has been released as public domain.  TDCAL no longer applies.July 15th, 2003v0.89  -- Fix a bug in bits.c which would prevent it from building with msvc       -- Merged in LibTomMath v0.24 [and I used the alloc/free macros this time!]       -- Removed the LTC version of next_prime() and replaced it with a call to the          mp_prime_next_prime() from LibTomMath       -- reverted bits.c to the 0.86 copy since the new one doesn't build in MSVC          or cygwin.Jul 10th, 2003v0.88  -- Sped up CAST5 key schedule for MSVC       -- added "ulong32" which allows people on 64-bit platforms to force the 32-bit tables in          ciphers like blowfish and AES to be 32-bits.  E.g. when unsigned long is 64-bits.       -- Optimized the SAFER-SK64, SAFER-SK128, SAFER+, RC5 and RC6 key schedule [big time!]       -- Optimized SHA-1 and SHA-256 quite a bit too.       -- Fixed up the makefile to use -fomit-frame-pointer more liberally       -- Added tv_gen program which makes test vectors for ciphers/hashes       -- Merged in LibTomMath v0.22