-- changed the MSVC makefile to build with a warning level of three, no warnings!January 8th, 2002v0.26  -- updated SHA-256 to use ROR() for a rotate so 64-bit machines won't corrupt          the output       -- Changed #include <> to #include "" for local .h files as per Richard Heathfields' suggestions.       -- Fixed bug in MPI [well bug in MSVC] that compiled code incorrectly in mp_set_int()          I added a work around that catches the error and continues normally.January 8th, 2002v0.25  -- Added a stupid define so MSVC 6.00 can build the library.       -- Big thanks to sci.crypt and "Ajay K. Agrawal" for helping me port this to MSVCJanuary 7th, 2002v0.24  -- Sped up Blowfish by unrolling and removing the swaps.       -- Made the code comply with more traditional ANSI C standards          Should compile with MSVC with less errors       -- moved the demos and documentation into their own directories          so you can easily build the library with other tool chains          by compiling the files in the root       -- converted functions with length of outputs to use           "unsigned long" so 16-bit platforms will like this library more.January 5th, 2002v0.23  -- Fixed a small error in the MPI config it should build fine anywhere.January 4th, 2002v0.22  -- faster gf_mul() code       -- gf_shl() and gf_shr() are safe on 64-bit platforms now       -- Fixed an error in the hashes that Brian Gladman found.            Basically if the message has exactly 56 bytes left to be           compressed I handled them incorrectly.January 4th, 2002v0.21  -- sped up the ECC code by removing redundant divisions in the           point add and double routines.  I also extract the bits more          efficiently in "ecc_mulmod()" now.       -- sped up [and documented] the rand_prime() function.  Now it just          makes a random integer and increments by two until a prime is found          This is faster since it doesn't require alot of calls to the PRNG and          it doesn't require loading huge integers over and over.  rand_prime()          can also make primes congruent to 3 mod 4 [i.e for a blum integer]       -- added a gf_sqrt() function that finds square roots in a GF(2^w) field       -- fixed a bug in gf_div() that would return the wrong results if the divisor had a greator          divisor than the dividend.January 4th, 2002v0.20  -- Added the fixed MPI back in so RSA and DH are much faster againv0.19  -- Updated the manual to reflect the fact that Brian Gladman wrote the AES and Serpent code.       -- DH, ECC and RSA signature/decryption functions check if the key is private       -- new DH signature/verification code works just like the RSA/ECC versionsJanuary 3rd, 2002v0.18  -- Added way more comments to each .C file        -- fixed a bug in cbc_decrypt(pt, ct, key) where pt == ct [i.e same buffer]       -- fixed RC5 so it reads the default rounds out of the cipher_descriptor table       -- cleaned up ecc_export()       -- Cleaned up dh_import() and ecc_import() which also perform more           error checking now       -- Fixed a serious flaw in rsa_import() with private keys.January 2nd, 2002v0.17  -- Fixed a bug in the random prime generator that fixes the wrong bits to one       -- ECC and DH code verify that the moduli and orders are in fact prime.  That           slows down the test routines alot but what are you gonna do?        -- Fixed a huge bug in the mp_exptmod() function which incorrectly calculates g^x mod p for some          values of p.  I replaced it with a slow function.  Once the author of MPI fixes his faster routine          I will switch back.  January 1st, 2002 [whoa new year!]v0.16  -- Improved GF division code that is faster.       -- documented the GF codeDecember 31st, 2001v0.15  -- A 1792-bit and 2048-bit DH setting was added.  Took me all night to           find a 1792 and 2048-bit strong prime but what the heck       -- Library now has polynomial-basis GF(2^w) routines I wrote myself.  Can be used to perform          ECC over GF(2^w) later on....       -- Fixed a bug with the defines that allows it to build in windows       December 30th, 2001v0.14  -- Fixed the xxx_encrypt() packet routines to make an IV of appropriate size           for the cipher used.  It was defaulting to making a 256-bit IV...       -- base64_encode() now appends a NULL byte, um "duh" stupid mistake now fixed...       -- spell checked the manual again... :-)December 30th, 2001v0.13  -- Switching back to older copy of MPI since it works! arrg..       -- Added sign/verify functions for ECC       -- all signature verification routines default to invalid signatures.       -- Changed all calls to memset to zeromem.  Fixed up some buffer problems           in other routines.  All calls to zeromem let the compiler determine the size          of the data to wipe.December 29th, 2001v0.12  -- Imported a new version of MPI [the bignum library] that should          be a bit more stable [if you want to write your own bignum          routines with the library that is...]       -- Manual has way more info       -- hash_file() clears stack now [like it should]       -- The artificial cap on the hash input size of 2^32 bits has been          removed.  Basically I was too lazy todo 64-bit math before          [don't ask why... I can't remember].  Anyways the hashes          support the size of 2^64 bits [if you ever use that many bits in a message          that's just wierd...]       -- The hashes now wipe the "hash_state" after the digest is computed.  This helps          prevent the internal state of the hash being leaked accidently [i.e stack problems]December 29th, 2001v0.11  -- Made #define's so you can trim the library down by removing          ciphers, hashs, modes of operation, prngs, and even PK algorithms          For example, the library with rijndael+ctr+sha1+ECC is 91KB compared          to the 246kb the full library takes.       -- Added ECC packet routines for encrypt/decrypt/sign/verify much akin to          the RSA packet routines.       -- ECC now compresses the public key, a ECC-192 public key takes 33 bytes           for example....December 28th, 2001v0.10  -- going to restart the manual from scratch to make it more           clear and professional       -- Added ECC over Z/pZ.  Basically provides as much as DH          except its faster since the numbers are smaller.  For example,          A comparable 256-bit ECC key provides as much security as expected          from a DH key over 1024-bits.       -- Cleaned up the DH code to not export the symbol "sets[]"       -- Fixed a bug in the DH code that would not make the correct size           random string if you made the key short.  For instance if you wanted           a 512-bit DH key it would make a 768-bit one but only make up 512-bits           for the exponent... now it makes the full 768 bits [or whatever the case           is]       -- Fixed another ***SERIOUS*** bug in the DH code that would default to 768-bit          keys by mistake.December 25th, 2001v0.09  -- Includes a demo program called file_crypt which shows off          how to use the library to make a command line tool which          allows the user to encode/decode a file with any          hash (on the passphrase) and cipher in CTR mode.       -- Switched everything to use typedef's now to clear up the code.       -- Added AES (128/192 and 256 bit key modes)December 24th, 2001v0.08  -- fixed a typo in the manual. MPI stores its bignums in          BIG endian not little.       -- Started adding a RNG to the library.  Right now it tries          to open /dev/random and if that fails it uses either the           MS CSP or the clock drift RNG.  It also allows callbacks           since the drift RNG is slow (about 3.5 bytes/sec)       -- the RNG can also automatically setup a PRNG as well nowv0.07  -- Added basic DH routines sufficient to           negotiate shared secrets           [see the manual for a complete example!]       -- Fixed rsa_import to detect when the input          could be corrupt.         -- added more to the manual.December 22nd, 2001v0.06  -- Fixed some formatting errors in           the hash functions [just source code cleaning]       -- Fixed a typo in the error message for sha256 :-)       -- Fixed an error in base64_encode() that           would fail to catch all buffer overruns       -- Test program times the RSA and symmetric cipher           routines for kicks...       -- Added the "const" modifier to alot of routines to           clear up the purpose of each function.       -- Changed the name of the library to "TomCrypt"           following a suggestion from a sci.crypt reader....v0.05  -- Fixed the ROL/ROR macro to be safe on platforms           where unsigned long is not 32-bits       -- I have added a bit more to the documentation           manual "crypt.pdf" provided.       -- I have added a makefile for LCC-Win32.  It should be           easy to port to other LCC platforms by changing a few lines.       -- Ran a spell checker over the manual.       -- Changed the header and library from "crypt" to "mycrypt" to not          clash with the *nix package "crypt".v0.04  -- Fixed a bug in the RC5,RC6,Blowfish key schedules          where if the key was not a multiple of 4 bytes it would          not get loaded correctly.December 21st, 2001v0.03  -- Added Serpent to the list of ciphers.v0.02  -- Changed RC5 to only allow 12 to 24 rounds       -- Added more to the manual.v0.01  -- We will call this the first version.