-- In md4 I made the PADDING array const [again to store it in ROM]       -- in hash_file I switched the constant "512" to "sizeof(buf)" to be a bit safer       -- in SHA-1's test routine I fixed the string literal to say SHA-1 not sha1       -- Fixed a logical error in the CTR code which would make it skip the first IV value.  This means          the CTR code from v0.52 will be incompatible [binary wise] with previous releases but it makes more          sense this way.       -- Added {} braces for as many if/for/blocks of code I could find.  My rule is that every for/if/while/do block          must have {} braces around it.       -- made the rounds table in saferp_setup const [again for the ROM think about the ROM!]       -- fixed RC5 since it no longer requires rc5 to be registered in the lib.  It used to since the descriptors used to           be part of the table...       -- the packet.c code now makes crypt_error literal string errors when an error occurs       -- cleaned up the SAFER+ key schedule to be a bit easier to read.       -- fixed a huge bug in Twofish with the TWOFISH_SMALL define.  Because I clean the stack now I had          changed the "g_func()" to be called indirectly.  I forgot to actually return the return of the Twofish          g_func() function which caused it not to work... [does now :-)]July 11th, 2002v0.51  -- Fixed a bug in SHA512/384 code for multi-block messages.       -- Added more test vectors to the SHA384/512 and TIGER hash functions       -- cleaned up the hash done routines to make more sense July 10th, 2002v0.50  -- Fixed yarrow.c so that the cipher/hash used would be registered.  Also fixed          a bug where the SAFER+ name was "safer" but should have been "safer+".       -- Added an element to the hash descriptors that gives the size of a block [sent into the compressor]       -- Cleaned up the support for HMAC's       -- Cleaned up the test vector routines to make the test vector data const.  This means on some platforms it will be          placed in ROM not RAM now.       -- Added MD4 code submited by Dobes Vandermeer (dobes@smartt.com)       -- Added "burn_stack" function [idea taken from another source of crypto code].  The idea is if a function has          alot of variables it will clean up better.  Functions like the ecb serpent and twofish code will now have their          stacks cleaned and the rest of the code is getting much more straightforward.       -- Added a hashing demo by Daniel Richards (kyhwana@world-net.co.nz)       -- I (Tom) modified some of the test vector routines to use more vectors ala Dobes style.          For example, the MD5/SHA1 code now uses all of the test vectors from the RFC/FIPS spec.       -- Fixed the register/unregister functions to properly report errors in crypt_error       -- Correctly updated yarrow code to remove a few unused variables.       -- Updated manual to fix a few erroneous examples.       -- Added section on Hash based Message Authentication Codes (HMAC) to the manualJune 19th, 2002v0.46  -- Added in HMAC code from Dobes Vandermeer (dobes@smartt.com)June 8th, 2002v0.45  -- Fixed bug in rc5.c where if you called rc5_setup() before registering RC5 it would cause          undefined behaviour.       -- Fixed mycrypt_cfg.h to eliminate the 224 bit ECC key.       -- made the "default" makefile target have depends on mycrypt.h and mycrypt_cfg.hApr 4th, 2002v0.44  -- Fixed bug in ecc.c::new_point() where if the initial malloc fails it would not catch it.Mar 22nd, 2002v0.43  -- Changed the ZLIB code over to the 1.1.4 code base to avoid the "double free" bug.         -- Updated the GCC makefile not to use -O3 or -funroll-loops       -- Version tag in mycrypt.h has been updated :-)Mar 10th, 2002v0.42  -- The RNG code can now use /dev/urandom before trying /dev/random (J. Klapste)Mar 3rd, 2002v0.41  -- Added support to link and use ciphers at compile time.  This can greatly reduce the code size!       -- Added a demo to show off how small an application can get... 46kb!       -- Disastry pointed out that Blowfish is supposed to be high endian.       -- Made registry code for the PRNGs as well [now the smallest useable link is 43kb]Feb 11th, 2002v0.40  -- RSA signatures use [and check for] fixed padding scheme.       -- I'm developing in Linux now :-)       -- No more warnings from GCC 2.96Feb 5th, 2002v0.39  -- Updated the XTEA code to work in accordance with the XTEA designJanuary 24th, 2002v0.38  -- CFB and OFB modes can now handle blocks of variable size like the CTR code       -- Wrote a wrapper around the memory compress functions in Zlib that act like the functions          in the rest of my crypto libJanuary 23rd, 2002v0.37  -- Added support code so that if a hash size and key size for a cipher don't match up they will          use the next lower key supported.  (mainly for the PK code).  So you can now use SHA-1 with          Twofish, etc...       -- Added more options for Twofish.  You can now tell it to use precomputed sboxes and MDS multiplications          This will speed up the TWOFISH_SMALL implementation by increasing the code size by 1024 bytes.       -- Fixed a bug in prime.c that would not use the correct table if you undefined SMALL_PRIME_TAB       -- Fixed all of the PK packet code to use the same header format [see packet.c].  This makes the PK code          binary wise incompatible with previous releases while the API has not changed at all.January 22nd, 2002v0.36  -- Corrections to the manual       -- Made a modification to Twofish which lets you build a "small ram" variant.  It requires          about 190 bytes of ram for the key storage compared to the 4,200 bytes the normal           variant requires.       -- Reduced the stack space used in all of the PK routines.January 19th, 2002v0.35  -- If you removed the first hash or cipher from the library it wouldn't return an error if           you used an ID=0 [i.e blowfish or sha256] in any routine.  Now it checks for that and will          return an error like it should       -- Merged in new routines from Clay Culver.  These routines are for the PK code so you can easily           encode a symmetric key for multiple recipients.       -- Made the ecc and DH make_key() routines make secret keys of the same size as the keysize listed.          Originally I wanted to ensure that the keys were smaller than the order of the field used          However, the bias is so insignifcant using full sizes.  For example, with a ECC-192 key the order          is about 2^191.99, so instead I rounded down and used a 184-bit secret key.  Now I simply use a full 192-bit          key the code will work just the same except that some 192-bit keys will be duplicates which is not a big          deal since 1/2^192 is a very small bias!       -- Made the configuration a bit simpler and more exacting.  You can for example now select which DH or ECC          key settings you wish to support without including the data for all other key settings.  I put the #defines          in a new file called "mycrypt_cfg.h"       -- Configured "mpi-config.h" so its a bit more conservative with the memory required and code space used       -- Jason Klapste submitted bug fixes to the yarrow, hash and various other issues.  The yarrow code will now          use what ever remaining hash/cipher combo is left [after you #undef them] at build time.   He also suggested          a fix to remove unused structures from the symmetric_key and hash_state unions.       -- Made the CTR code handle variable length blocks better. It will buffer the encryption pad so you can          encrypt messages any size block at a time.       -- Simplified the yarrow code to take advantage of the new CTR code.       -- Added a 4096-bit DH key setting.  That took me about 36 hours to find!       -- Changed the base64 routines to use a real base64 encoding scheme.       -- Added in DH and ECC "encrypt_key()" functions.  They are still rather "beta"ish.       -- Added **Twofish** to the list of ciphers!January 18th, 2002v0.34  -- Added "sha512" to the list of hashes.  Produces a 512-bit message digest.  Note that with the current          padding with the rsa_sign() function you cannot use sha512 with a key less than 1536 bits for signatures.       -- Cleaned up the other hash functions to use the LOAD and STORE macros...January 17th, 2002v0.33  -- Made the lower limit on keysizes for RSA 1024 bits again because I realized that 768 bit keys wouldn't          work with the padding scheme and large symmetric keys.       -- Added information concerning the Zlib license to the manual       -- Added a 3072-bit key setting for the DH code.       -- Made the "find_xyz()" routines take "const char *" as per Clay Culver's suggestion.       -- Fixed an embarassing typo in the manual concerning the hashes.  Thank's Clay for finding it!       -- Fixed rand_prime() so that it makes primes bigger than the setting you give.  For example,          if you want a 1024-bit prime it would make a 1023-bit one.  Now it ensures that the prime          it makes is always greater than 2^(8n) (n == bytes in prime).  This doesn't have a huge          impact on security but I corrected it just the same.       -- Fixed the CTR routine to work on platforms where char != 8-bits        -- Fixed sha1/sha256/md5/blowfish to not assume "unsigned long == 32-bits", Basically any operation with carries          I "AND" with 0xFFFFFFFF.  That forces only the lower 32-bits to have information in it.  On x86 platforms          most compilers optimize out the AND operation since its a nop.January 16th, 2002v0.32  -- Made Rijndael's setup function fully static so it is thread safe       -- Svante Seleborg suggested a cosmetic style fixup for aes.c,           basically to remove some of the #defines to clean it up       -- Made the PK routines not export the ASCII version of the names of ciphers/hashes which makes          the PK message formats *incompatible* with previous releases.       -- Merge in Zlib :-)   January 15th, 2002v0.31  -- The RSA routines can now use CRT to speed up decryption/signatures.  The routines are backwards           compatible with previous releases.       -- Fixed another bug that Svante Seleborg found.  Basically you could buffer-overrun the           rsa_exptmod() function itself if you're not careful.  That's fixed now.  Fixed another bug in          rsa_exptmod() where if it knows the buffer you passed is too small it wouldn't free all used           memory.              -- improved the readability of the PK import/export functions       -- Added a fix to RSA.C by Clay Culver       -- Changed the CONST64 macro for MSVC to use the "unsigned __int64" type, e.g. "ui64" instead of "i64".January 14th, 2002v0.30  -- Major change to the Yarrow PRNG code, fixed a bug that Eugene Starokoltsev found.          Basically if you added entropy to the pool in small increments it could in fact          cancel out.  Now I hash the pool with the new data which is way smarter.January 12th, 2002v0.29  -- Added MPI code written by Svante Seleborg to the library.  This will make the PK code much          easier to follow and debug.  Actually I've already fixed a memory leak in dh_shared_secret().       -- Memory leaks found and correct in all three PK routines.  The leaks would occur when a bignum          operation fails so it wouldn't normally turn up in the course of a program       -- Fixed bugs in dh_key_size and ecc_key_size which would return garbage for invalid key idx'esJanuary 11th, 2002v0.28  -- Cleaned up some code so that it doesn't assume "char == 8bits".  Mainly SAFER+ has been           changed.       -- ***HUGE*** changes in the PK code.  I check all return values in the bignum code so if there          are errors [insufficient memory, etc..] it will be reported.  This makes the code fairly more          robust and likely to catch any errors.       -- Updated the is_prime() function to use a new prototype [it can return errors now] and it also          does trial divisions against more primes before the Rabin Miller steps       -- Added OFB, CFB and ECB generic wrappers for the symmetric ciphers to round out the implementations.       -- Added Xtea to the list of ciphers, to the best of my ability I have verified this implementation.          I should note that there is not alot of concrete information about the cipher.  "Ansi C" versions          I found did not address endianess and were not even portable!.  This code is portable and to the          best of my knowledge implements the Xtea algorithm as per the [short] X-Tea paper.       -- Reformated the manual to include the **FULL** source code optimized to be pritable.January 9th, 2002v0.27  -- Changed the char constants to numerical values.  It is backwards compatible and should work on          platforms where 'd' != 100 [for example].       -- Made a change to rand_prime() which takes the input length as a signed type so you can pass          a negative len to get a "3 mod 4" style prime... oops