3
-- Added Technote #6 which covers the current PK compliance.
4
-- Fixed buffer overflow in OAEP decoder
5
-- Added CHOICE to the list of ASN.1 types
6
-- Added UTCTIME to the list of ASN.1 types
7
-- Added MUTEX locks around descriptor table functions [but not on the functions that are dependent on them]
8
All functions call *_is_valid() before using a descriptor index which means the respective table must be unlocked before
9
it can be accessed. However, during the operation [e.g. CCM] if the descriptor has been altered the results will be
11
-- Minor updates to the manual to reflect recent changes
12
-- Added a catch to for an error that should never come up in rsa_exptmod(). Just being thorough.
16
-- Fixed off by one [bit] error in dsa_make_key() it was too high by one bit [not a security problem just inconsistent]
17
-- ECC-224 curve was wrong [it was an ok curve just not NIST, so no security flaw just interoperability].
18
-- Removed point compression since it slows down ECC ops to save a measly couple bytes.
19
This makes the ecc export format incompatible with 1.03 [it shouldn't change in the future]
20
-- Removed ECC-160 from timing and added the other curves
24
-- Users may want to note that on a P4/GCC3.4 platform "-fno-regmove" greatly accelerates the ciphers/hashes.
25
--------------------------------------------------------------------------------------------------------------
26
-- Made it install the testing library in the icc/static makefiles
27
-- Found bug in ccm_memory.c which would fail to compile when LTC_CLEAN_STACK was enabled
28
-- Simon Johnson proposed I do a fully automated test suite. Hence "testme.sh" was born
29
-- Added LTC_NO_TEST which forces test vectors off (regardless of what tomcrypt_custom.h has)
30
-- Added LTC_NO_TABLES which disables large tables (where possible, regardless of what tomcrypt_custom.h has)
31
-- New test script found a bug in twofish.c when TABLES was disabled. Yeah testing!
32
-- Added a LTC_FAST specific test to the testing software.
33
-- Updated test driver to actually halt on errors and just print them out (useful for say... automated testing...)
34
-- Added bounds checking to Pelican MAC
35
-- Added BIT and OCTET STRING to the ASN.1 side of things.
36
-- Pekka Riikonen pointed out that my ctr_start() function should accept the counter mode.
37
-- Cleaned up warnings in testprof
38
-- Removed redundant mu and point mapping in ecc_verify_hash() so it should be a bit faster now
39
-- Pekka pointed out that the AES key structure was using 32 bytes more than it ought to.
40
-- Added quick defines to remove entire classes of algorithms. This makes it easier if you want to build with just
41
one algorithm (say AES or SHA-256). Defines are LTC_NO_CIPHERS, LTC_NO_MODES, LTC_NO_HASHES, LTC_NO_MACS,
42
LTC_NO_PRNGS, LTC_NO_PK, LTC_NO_PKCS
43
-- As part of the move for ECC to X9.62 I've changed the signature algorithm to EC DSA. No API changes.
44
-- Pekka helped me clean up the PKCS #1 v2.1 [OAEP/PSS] code
45
-- Wrote new DER SEQUENCE coder/decoder
46
-- RSA, DSA and ECDSA now use the DER SEQUENCE code (saves a lot of code!)
47
-- DSA output is now a DER SEQUENCE (so not compatible with previous releases).
48
-- Added Technote #5 which shows how to build LTC on an AMD64 to have a variety of algorithms in only ~80KB of code.
49
-- Changed temp variable in LOAD/STORE macros to "ulong32" for 32-bit ops. Makes it safer on Big endian platforms
50
-- Added INSTALL_GROUP and INSTALL_USER which you can specify on the build to override the default USER/GROUP the library
52
-- Removed "testprof" from the default build.
53
-- Added IA5, NULL and Object Identifier to the list of ASN.1 DER supported types
54
-- The "no_oops" target (part of zipup) now scans for non-cvs files. This helps prevent temp/scratch files from appearing in releases ;-)
55
-- Added DERs for missing hashes, but just the OID not the PKCS #1 v1.5 additions.
56
-- Removed PKCS #1 v1.5 from the tree since it's taking up space and you ought to use v2.1 anyways
57
-- Kevin Kenny pointed out a few stray // comments
58
-- INTEGER code properly supports negatives and zero padding [Pekka!]
59
-- Sorted asn1/der/ directory ... less of a mess now ;-)
60
-- Added PRINTABLE STRING type
61
-- Removed ECC-160 as it wasn't a standard curve
62
-- Made ecc_shared_secret() ANSI X9.63 compliant
63
-- Changed "printf" to "fprintf(stderr, " in the testbench... ;-)
64
-- Optimized the GCM table creation. On 1KB packets [with key switching] the new GCM is 12.7x faster than before.
65
-- Changed OID representation for hashes to be just a list of unsigned longs (so you can compare against them nicely after decoding a sequence)
66
-- ECC code now uses Montgomery reduction ... it's even faster [ECC-256 make key down from 37.4M to 4.6M cycles on an Athlon64]
67
-- Added SHORT_INTEGER so users can easily store DER encoded INTEGER types without using the bignum math library
68
-- Fixed OMAC code so that with LTC_FAST it doesn't require that LTC_FAST_TYPE divides 16 [it has to divide the block size instead]
69
-- ECC key export is now a simple [and documented] SEQUENCE, the "encrypt_key" also uses a new SEQUENCE format.
70
-- Thanks goes to the following testers
71
Michael Brown - Solaris 10/uSPARCII
72
Richard Outerbridge - MacOS
73
Martin Carpenter - Solaris 8/uSPARCII [Thanks for cleaning up the scripts]
74
Greg Rose - ... SunOS 5.8/SPARC [... what's with the SPARCS?]
75
Matt Johnston - MacOS X [Thanks for pointing out GCC 4 problems with -Os]
79
-- Added LTC_TEST support to gcm_test()
80
-- "pt/ct" can now be NULL in gcm_process() if you are processing zero bytes
81
-- Optimized GCM by removing the "double copy" handling of the plaintext/aad
82
-- Richard Outerbridge pointed out that x86_prof won't build on MACOS and that the manual
83
erroneously refers to "mycrypt" all over the place. Fixed.
87
** Secure Science Corporation has supported this release cycle by sponsoring the development time taken. Their
88
continuing support of this project has helped me maintain a steady pace in order to keep LibTomCrypt up to date,
89
stable and more efficient.
90
-----------------------------------------------------------------------------------------------------
91
-- Updated base64_decode.c so if there are more than 3 '=' signs it would stop parsing
92
-- Merged in latest mpi that fixed a few bugs here and there
93
-- Updated OAEP encoder/decoder to catch when the hash output is too large
94
Cleaned up PSS code too
95
-- Andy Bontoft fixed a bug in my demos/tests/makefile.msvc ... seems "dsa_test.c" isn't an object
97
-- Made invalid ECC key sizes (configuration) not hard fault the program (it returns an error code now)
98
-- SAFER has been re-enabled after I was pointed to http://www.ciphersbyritter.com/NEWS2/95032301.HTM
100
-- Added CCM mode to the encauth list (now has EAX, OCB and CCM, c'est un treo magnifique!)
101
-- Added missing ASN.1 header to the RSA keys ... oops... now the rsa_export/import are FULLY compatible
102
with other libs like OpenSSL (comment: Test vectors would go a long way RSA...)
103
-- Manually merged in fix to the prime_random_ex() LTM function that ensures the 2nd MSB is set properly. Now
104
When you say "I want a 1024/8 byte RSA key" the MSB bit of the modulus is set as expected. Note I generally
105
don't view this as a "huge issue" but it's just one less nit to worry about. [Bryan Klisch]
106
-- A new CVS has been setup on my Athlon64 box... if you want developer access send me an email (and at this point the email would have to be awesome).
107
-- Updated API for ECB and CBC shell code. Now can process N whole blocks in one call (like $DEITY intended)
108
-- Introduced a new "hardware accel" framework that can be used to speed up cipher ECB, CBC and CTR mode
109
calls. Later on dependent code (e.g. OMAC, CCM) will be re-written to use the generic cbc/ctr functions. But now
110
if you [say] call ctr_encrypt() with a cipher descriptor that has hardware CTR it will automatically
111
be used (e.g. no code rewrites)
112
-- Now ships with 20% more love.
113
-- x86_prof now uses ECB shell code (hint: accelerators) and outputs cycles per BLOCK not byte. This will make it a bit
114
easier to compare hardware vs. software cipher implementations. It also emits timings for CBC and CTR modes
115
-- [Peter LaDow] fixed a typo w.r.t. XREALLOC macro (spelling counts kids!)
116
-- Fixed bug with __x86_64__ where ROL64/ROR64 with LTC_NO_ROLC would be the 32-bit versions instead...
117
-- Shipping with preliminary GCM code (disabled). It's buggy (stack overflow hidden somewhere). If anyone can spot it let me know.
118
-- Added Pelican MAC [it's an AES based fast MAC] to the list of supported MACs
119
-- Added LTC_FAST [and you can disable by defining LTC_NO_FAST] so that CBC and CTR mode XOR whole words [e.g. 32 or 64 bits] at a time
120
instead of one byte. On my AMD64 this reduced the overhead for AES-128-CBC from 4.56 cycles/byte to around 1 cycle/byte. This requires
121
that you either allow unaligned read/writes [e.g. x86_32/x86_64] or align all your data. It won't go out of it's way to ensure
122
aligned access. Only enabled for x86_* platforms by default since they allow unaligned read/writes.
123
-- Added LTC_FAST support to PMAC (drops the cycle/byte by about 9 cycles on my AMD64) [note: I later rewrote this prior to release]
124
-- Updated "profiled" target to work with the new directory layout
125
-- Added [demo only] optimized RC5-CTR code to x86_prof demo to show off how to make an accelerator
126
[This has been removed prior to release... It may re-appear later]
127
-- Added CCM acelerator callbacks to the list [now supports ECB, CTR, CBC and now CCM].
128
-- Added chapter to manual about accelerators (you know you want it)
129
-- Added "bswap" optimizations to x86 LOAD/STORE with big endian. Can be disabled by defining LTC_NO_BSWAP
130
-- LTC_NO_ASM is now the official "disable all non-portable stuff" macro. When defined it will make the code endian-neutral,
131
disable any form of ASM and disable LTC_FAST load/stores. Essentially build the library with this defined if you're having
132
trouble building the library (old GCCs for instance dislike the ROLc macro)
133
-- Added tomcrypt_mac.h and moved MAC/encMAC functions from tomcrypt_hash.h into it
134
-- Added "done" function to ciphers and the five chaining modes [and things like omac/pmac/etc]
135
-- Changed install group to "wheel" from "root".
136
-- Replaced // comments with /**/ so it will build on older UNIX-like platforms
137
-- x86_prof builds and runs with IntelCC fine now
138
-- Added "stest" build to intel CC to test static linked from within the dir (so you don't have to install to test)
139
-- Moved testing/benchmark into testprof directory and build it as part of the build. Now you can link against libtomcrypt_prof.a to get
140
testing info (hint: hardware developers ;-) )
141
-- Added CCM to tv_gen
142
-- Added demos to MSVC makefile
143
-- Removed -funroll-all-loops from GCC makefile and replaced with -funroll-loops which is a bit more sane (P4 ain't got much cache for the IDATA)
144
-- Fixed GCM prior to release and re-enabled it. It has not been optimized but it does conform when compiled with optimizations.
145
-- I've since optimized GCM and CCM. They're close in speed but GCM is more flexible imho (though EAX is more flexible than both)
146
-- For kicks I optimized the ECC code to use projective points. Gets between 3.21x (Prescott P4) to 4.53x (AMD64) times faster than before at 160-bit keys and the
147
speedup grows as the keysize grows. Basically removing most practical reasons to "not use the ECC code". Enjoy.
148
-- Added LTC_FAST support to OMAC/PMAC and doubled it's speed on my amd64 [faster on the P4 too I guess]
149
-- Added GCM to tv_gen
150
-- Removed "makefile.cygwin_dll" as it's not really used by anyone and not worth the effort (hell I hardly maintain the MSVC makefiles ...)
151
-- Updated a few files in the "misc" directory to have correct @file comments for doxygen
152
-- Removed "profile" target since it was slower anyways (go figure...)
156
-- Added "r,s == 0" check to dsa_verify_hash()
157
-- Added "multi block" helpers for hash, hmac, pmac and omac routines so you can process multiple non-adjacent
158
blocks of data with one call (added demos/multi.c to make sure they work)
159
-- Note these are not documented but they do have doxygen comments inside them
160
-- Also I don't use them in other functions (like pkcs_5_2()) because I didn't have the time. Job for the new LTC maintainer ;-)
161
-- Added tweaked Anubis test vectors and made it default (undefined ANUBIS_TWEAK to get original Anubis)
162
-- Merged in fix for mp_prime_random_ex() to deal with MSB and LSB "bugs"
163
-- Removed tim_exptmod() completely, updated several RSA functions (notably v15 and the decrypt/verify) so they
164
don't require a prng now
165
-- This release brought to you by the fine tunes of Macy Gray. We miss you.
169
-- Renamed "mycrypt_*" to "tomcrypt_*" to be more specific and professional
170
Now just include "tomcrypt.h" instead of "mycrypt.h" to get LTC ;-)
171
-- Cleaned up makefiles to ensure all headers are correctly installed
172
-- Added "rotate by constant" macros for portable, x86-32 and x86-64
173
You can disable this new code with LTC_NO_ROLC which is useful for older GCCs
174
-- Cleaned up detection of x86-64 so it works for ROL/ROR macros
175
-- Fixed rsa_import() so that it would detect multi-prime RSA keys and error appropriately
176
-- Sorted the source files by category and updated the makefiles appropriately
177
-- Added LTC_DER define so you can trim out DER code if not required
178
-- Fixed up RSA's decrypt functions changing "res" to "stat" to be more in sync
179
with the signature variables nomenclature. (no code change just renamed the arguments)
180
-- Removed all labels starting with __ and replaced with LBL_ to avoid namespace conflicts (Randy Howard)
181
-- Merged in LTM fix to mp_prime_random_ex() which zap'ed the most significant byte if the bit size
182
requested was a multiple of eight.
183
-- Made RSA_TIMING off by default as it's not terribly useful [and likely to be deprecated]
184
-- Renamed SMALL_CODE, CLEAN_STACK and NO_FILE to have a LTC_ prefix to avoid namespace collisions
185
with other programs. e.g. SMALL_CODE => LTC_SMALL_CODE
186
-- Zed Shaw pointed out that on certain systems installing libs as "root" isn't possible as the super-user
187
is not root. Now the makefiles allow this to be changed easily.
188
-- Renamed "struct _*_descriptor" to "struct ltc_*_descriptor" to avoid using a leading _
189
Also renamed _ARGCHK to LTC_ARGCHK
190
-- Zed Shaw pointed out that I still defined the prng structs in tomcrypt_prng.h even if they
191
weren't defined. This made undef'ing FORTUNA break the build.
192
-- Added LTC_NO_ASM to disable inline asm macros [ROL/ROR/etc]
193
-- Changed RSA decrypt functions to change the output length variable name from "keylen" to "outlen" to make
195
-- Added the 64-bit Khazad block cipher [NESSIE]
196
-- Added the 128-bit Anubis block cipher [with key support for 128...320 bit keys] [NESSIE]
197
-- Changes to several MAC functions to rename input arguments to more sensible names
198
-- Removed FAST_PK support from dh_sys.c
199
-- Declared deskey() from des.c as static instead of a global
200
-- Added pretty much all practical GCC warning tests to the GCC [related] makefiles. These additional
201
warnings can easily be disabled for those with older copies of GCC [or even non GNU cc's]
202
-- Added doxygen @ tags to the code... phew that was a hell of a lot of [repetitive] work
203
-- Also added pre-configured Doxygen script.
204
-- Cleaned up quite a few functions [ciphers, pk, etc] to make the parameters naming style consistent
205
E.g. ciphers keys are called "skey" consistently now. The input to PK encryption is called "in", etc.
206
These changes require no code changes on the behalf of developers fortunately
207
-- Started a SAFER+ optimizer [does encrypt only] which shaves a good 30 or so cycles/byte on my AMD64
208
at an expense of huge code. It's in notes/etc/saferp_optimizer.c
209
-- DSA sign/verify now uses DER encoded output/inputs and no LTC style headers.
210
-- Matt Johnston found a missing semi-colon in mp_exptmod(). Fix has been merged in.
2
213
v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes
3
214
-- Deprecated LTMSSE and removed it (to be replaced with TFM later on)