
.. _relnotes:

Release Notes
========================================

Series 1.9
----------------------------------------

Version 1.9.18, 2011-06-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fourth release candidate for 1.10.0

* The GOST 34.10 verification operation was not ensuring that s and r
  were both greater than zero. This could potentially have meant it
  would have accepted an invalid all-zero signature as valid for any
  message. Due to how ECC points are internally represented it instead
  resulted in an exception being thrown.

* A simple multiexponentation algorithm is now used in ECDSA and
  GOST-34.10 signature verification, leading to 20 to 25% improvements
  in ECDSA and 25% to 40% improvements in GOST-34.10 verification
  performance.

* The internal representation of elliptic curve points has been
  modified to use Montgomery representation exclusively, resulting in
  reduced memory usage and a 10 to 20% performance improvement for
  ECDSA and ECDH.

* In OAEP decoding, scan for the delimiter bytes using a loop that is
  written without conditionals so as to help avoid timing analysis.
  Unfortunately GCC at least is 'smart' enough to compile it to
  jumps anyway.

* The SSE2 implementation of IDEA did not work correctly when compiled
  by Clang, because the trick it used to emulate a 16 bit unsigned
  compare in SSE (which doesn't contain one natively) relied on signed
  overflow working in the 'usual' way. A different method that doesn't
  rely on signed overflow is now used.

* Add support for compiling SSL using Visual C++ 2010's TR1
  implementation.

* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to
  crash if given a zero-sized input to encode.

* A new build option ``--via-amalgamation`` will first generate the
  single-file amalgamation, then build the library from that single
  file. This option requires a lot of memory and does not parallelize,
  but the resulting library is smaller and may be faster.

* On Unix, the library and header paths have been changed to allow
  parallel installation of different versions of the library. Headers
  are installed into ``<prefix>/include/botan-1.9/botan``, libraries
  are named ``libbotan-1.9``, and ``botan-config`` is now namespaced
  (so in this release ``botan-config-1.9``). All of these embedded
  versions will be 1.10 in the upcoming stable release.

* The soname system has been modified. In this release the library
  soname is ``libbotan-1.9.so.0``, with the full library being named
  ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be
  incremented whenever a breaking ABI change is made.

* TR1 support is not longer automatically assumed under older versions
  of GCC

* Functions for base64 decoding that work standalone (without needing
  to use a pipe) have been added to ``base64.h``

* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11
  and has been added back.

* The function ``BigInt::get_substring`` did not work correctly with a
  *length* argument of 32.

* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and
  assumes the caller included ``string.h`` on its behalf. Do so to
  fix compilation in the ``dev_random`` and ``unix_procs`` entropy
  sources. Patch from Jeremy C. Reed.

* Add two different configuration targets for Atom, since some are
  32-bit and some are 64-bit. The 'atom' target now refers to the
  64-bit implementations, use 'atom32' to target the 32-bit
  processors.

* The (incomplete) support for CMS and card verifiable certificates
  are disabled by default; add ``--enable-modules=cms`` or
  ``--enable-modules=cvc`` during configuration to turn them back on.

Version 1.9.17, 2011-04-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Third release candidate for 1.10.0

* The format preserving encryption method currently available was
  presented in the header ``fpe.h`` and the functions ``fpe_encrypt``
  and ``fpe_decrypt``. These were renamed as it is likely that other
  FPE schemes will be included in the future. The header is now
  ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and
  ``fe1_decrypt``. See :doc:`fpe` for more information.

* New options to ``configure.py`` control what tools are used for
  documentation generation. The ``--with-sphinx`` option enables using
  Sphinx to convert ReST into HTML; otherwise the ReST sources are
  installed directly. If ``--with-doxygen`` is used, Doxygen will run
  as well. Documentation generation can be triggered via the ``docs``
  target in the makefile; it will also be installed by the install
  target on Unix.

* A bug in 1.9.16 effectively disabled support for runtime CPU feature
  detection on x86 under GCC in that release.

* A mostly internal change, all references to "ia32" and "amd64" have
  been changed to the vendor neutral and probably easier to understand
  "x86-32" and "x86-64". For instance, the "mp_amd64" module has been
  renamed "mp_x86_64", and the macro indicating x86-32 has changed
  from ``BOTAN_TARGET_ARCH_IS_IA32`` to
  ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have
  also been renamed.

* Similiarly to the above change, the AES implemenations using the
  AES-NI instruction set have been renamed from AES_XXX_Intel to
  AES_XXX_NI.

* Systems that are identified as `sun4u` will default to compiling for
  32-bit SPARCv9 code rather than 64-bit. This matches the still
  common convention for 32-bit SPARC userspaces. If you want 64-bit
  code on such as system, use ``--cpu=sparc64``.

* Some minor fixes for compiling botan under the BeOS
  clone/continuation `Haiku <http://haiku-os.org>`_.

* Further updates to the documentation

Version 1.9.16, 2011-04-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Second release candidate for 1.10.0

* The documentation, previously written in LaTeX, is now in
  reStructuredText suitable for processing by `Sphinx
  <http://sphinx.pocoo.org>`_, which can generate nicely formatted
  HTML and PDFs. The documentation has also been greatly updated and
  expanded.

* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a
  typedef for backwards compatability.

* ``EC_Group``'s string constructor didn't understand the standard
  names like "secp160r1", forcing use of the OIDs.

* Two constructors for ECDSA private keys, the one that creates a new
  random key, and the one that provides a preset private key as a
  ``BigInt``, have been merged. This matches the existing interface
  for DSA and DH keys. If you previously used the version taking a
  ``BigInt`` private key, you'll have to additionally pass in a
  ``RandomNumberGenerator`` object starting in this release.

* It is now possible to create ECDH keys with a preset ``BigInt``
  private key; previously no method for this was available.

* The overload of ``generate_passhash9`` that takes an explicit
  algorithm identifier has been merged with the one that does not.
  The algorithm identifier code has been moved from the second
  parameter to the fourth. See :ref:`passhash9` for details.

* Change shared library versioning to match the normal Unix
  conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is
  named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do
  its runtime linky magic. It can be safely presumed that any change
  in the major or minor version indicates ABI incompatability.

* Remove the socket wrapper code; it was not actually used by anything
  in the library, only in the examples, and you can use whatever kind
  of (blocking) socket interface you like with the SSL/TLS code. It's
  available as socket.h in the examples directory if you want to use
  it.

* Disable the by-default 'strong' checking of private keys that are
  loaded from storage. You can always request key material sanity
  checking using Private_Key::check_key.

* Bring back removed functions ``min_keylength_of``,
  ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to
  avoid breaking applications written against 1.8

Version 1.9.15, 2011-03-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* First release candidate for 1.10.0

* Modify how message expansion is done in SHA-256 and SHA-512.
  Instead of expanding the entire message at the start, compute them
  in the minimum number of registers. Values are computed 15 rounds
  before they are needed. On a Core i7-860, GCC 4.5.2, went from 143
  to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512.

* Pipe will delete empty output queues as soon as they are no longer
  needed, even if earlier messages still have data unread. However an
  (empty) entry in a deque of pointers will remain until all prior
  messages are completely emptied.

* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike
  Linux the kernel will not trap and emulate it for us, causing a
  illegal instruction crash.

* Improve detection and autoconfiguration for ARM processors.

Version 1.9.14, 2011-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add support for bcrypt, OpenBSD's password hashing scheme. It is
  described in :ref:`bcrypt`.

* Add support for NIST's AES key wrapping algorithm, as described in
  :rfc:`3394`. It is available by including ``rfc3394.h``.

* Fix an infinite loop in zlib filters introduced in 1.9.11 (PR 142)

Version 1.9.13, 2011-02-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Update Keccak to the round 3 variant
* Fix ordering in GOST 34.10 signatures to match DNSSEC specifications
* Use ``size_t`` instead of ``u32bit`` for small integers in DER/BER codecs
* Add new build option ``--distribution-info``
* Fix problems in the amalgamation build
* Fix building under Clang 2.9 and Sun Studio 12

Version 1.9.12, 2010-12-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add the Keccak hash function
* Fix compilation problems in Python wrappers
* Fix compilation problem in OpenSSL engine
* Update SQLite3 database encryption codec

Version 1.9.11, 2010-11-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Many SSL/TLS APIs have changed. This API is still unstable.
* The SSL interface requires TR1 (uses std::tr1::function)
* Fix SSL handshake failures when using RC4 ciphersuites
* Fix a number of CRL encoding and decoding bugs
* Counter mode now always encrypts 256 blocks in parallel
* Code where u32bit was used to represent a length now uses size_t
* Use small tables in the first round of AES
* Removed AES class: app must choose AES-128, AES-192, or AES-256
* Add hex encoding/decoding functions that can be used without a Pipe
* Add base64 encoding functions that can be used without a Pipe
* Add to_string function to X509_Certificate
* Add support for dynamic engine loading on Windows
* Replace BlockCipher::BLOCK_SIZE attribute with function block_size()
* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size()
* Changed semantics of MemoryRegion::resize and clear to match STL
* Removed MemoryRegion::append, replaced by push_back and operator+=
* Move PBKDF lookup to engine system
* The IDEA key schedule has been changed to run in constant time
* Avoid a possible timing vulnerability in Montgomery reduction
* Add Algorithm and Key_Length_Specification classes
* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256
* Update Skein-512 to match the v1.3 specification
* Allow using PBKDF2 with empty passphrases
* Add compile-time deprecation warnings for GCC, Clang, and MSVC
* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9
* Improve support for Intel Atom processors
* Fix compilation problems under Sun Studio and Clang

Version 1.9.10, 2010-08-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add a constant time AES implementation using SSSE3
* Add support for loading new Engines at runtime
* Use GCC byteswap intrinsics where possible
* Drop support for building with Python 2.4
* Fix benchmarking of block ciphers in ECB mode
* Consolidate the two x86 assembly engines
* Rename S2K to PBKDF

Version 1.9.9, 2010-06-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add new X509::BER_encode and PKCS8::BER_encode
* Give all Filter objects a name() function
* Add Keyed_Filter::valid_iv_length
* Increase default iteration counts for private key encryption
* Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later
* Fix compilation under Apple's GCC 4.2
* Expand and update the Doxygen documentation

Version 1.9.8, 2010-06-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add support for wide multiplications on 64-bit Windows
* Use constant time multiplication in IDEA
* Avoid possible timing attack against OAEP decoding
* Removed FORK-256; rarely used and it has been broken
* Rename ``--use-boost-python`` to ``--with-boost-python``
* Skip building shared libraries on MinGW/Cygwin
* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
* Fix compilation on GCC versions before 4.3 (missing cpuid.h)
* Fix compilation under the Clang compiler

Version 1.9.7, 2010-04-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* TLS: Support reading SSLv2 client hellos
* TLS: Add support for SEED ciphersuites (RFC 4162)
* Add Comb4P hash combiner function
* Fix checking of EMSA_Raw signatures with leading 0 bytes

Version 1.9.6, 2010-04-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* TLS: Add support for TLS v1.1
* TLS: Support server name indicator extension
* TLS: Fix server handshake
* TLS: Fix server using DSA certificates
* TLS: Avoid timing channel between CBC padding check and MAC verification

Version 1.9.5, 2010-03-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Numerous ECC optimizations
* Fix GOST 34.10-2001 X.509 key loading
* Allow PK_Signer's fault protection checks to be toggled off
* Avoid using pool-based locking allocator if we can't mlock
* Remove all runtime options
* New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
* Remove SecureBuffer in favor of SecureVector length parameter
* HMAC_RNG: Perform a poll along with user-supplied entropy
* Fix crash in MemoryRegion if Allocator::get failed
* Fix small compilation problem on FreeBSD

Version 1.9.4, 2010-03-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add the Ajisai SSLv3/TLSv1.0 implementation
* Add GOST 34.10-2001 public key signature scheme
* Add SIMD implementation of Noekeon
* Add SSE2 implementation of IDEA
* Extend Salsa20 to support longer IVs (XSalsa20)
* Perform XTS encryption and decryption in parallel where possible
* Perform CBC decryption in parallel where possible
* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
* Add a block cipher cascade construction
* Add support for password hashing for authentication (passhash9.h)
* Add support for Win32 high resolution system timers
* Major refactoring and API changes in the public key code
* Use consistency checking (anti-fault attack) for all signature schemes
* Changed S2K interface: derive_key now takes salt, iteration count
* Remove dependency on TR1 for ECC and CVC code
* Renamed ECKAEG to its more usual name, ECDH
* Fix crash in GMP_Engine if library is shutdown and reinitialized
* Fix an invalid memory read in MD4
* Fix Visual C++ static builds
* Remove Timer class entirely
* Switch default PKCS #8 encryption algorithm from 3DES to AES-128
* New option --gen-amalgamation for creating a SQLite-style amalgamation
* Many headers are now explicitly internal-use-only and are not installed
* Greatly improve the Win32 installer
* Several fixes for Visual C++ debug builds

Version 1.9.3, 2009-11-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add new AES implementation using Intel's AES instruction intrinsics
* Add an implementation of format preserving encryption
* Allow use of any hash function in X.509 certificate creation
* Optimizations for MARS, Skipjack, and AES
* Set macros for available SIMD instructions in build.h
* Add support for using InnoSetup to package Windows builds
* By default build a DLL on Windows

Version 1.9.2, 2009-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add SIMD version of XTEA
* Support both SSE2 and AltiVec SIMD for Serpent and XTEA
* Optimizations for SHA-1 and SHA-2
* Add AltiVec runtime detection
* Fix x86 CPU identification with Intel C++ and Visual C++

Version 1.9.1, 2009-10-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Better support for Python and Perl wrappers
* Add an implementation of Blue Midnight Wish (Round 2 tweak version)
* Modify Skein-512 to match the tweaked 1.2 specification
* Add threshold secret sharing (draft-mcgrew-tss-02)
* Add runtime cpu feature detection for x86/x86-64
* Add code for general runtime self testing for hashes, MACs, and ciphers
* Optimize XTEA; twice as fast as before on Core2 and Opteron
* Convert CTR_BE and OFB from filters to stream ciphers
* New parsing code for SCAN algorithm names
* Enable SSE2 optimizations under Visual C++
* Remove all use of C++ exception specifications
* Add support for GNU/Hurd and Clang/LLVM

Version 1.9.0, 2009-09-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add support for parallel invocation of block ciphers where possible
* Add SSE2 implementation of Serpent
* Add Rivest's package transform (an all or nothing transform)
* Minor speedups to the Turing key schedule
* Fix processing multiple messages in XTS mode
* Add --no-autoload option to configure.py, for minimized builds
* The previously used configure.pl script is no longer supported

Series 1.8
----------------------------------------

Version 1.8.11, 2010-11-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a number of CRL encoding and decoding bugs
* When building a debug library under VC++, use the debug runtime
* Fix compilation under Sun Studio on Linux and Solaris
* Add several functions for compatability with 1.9
* In the examples, read most input files as binary
* The Perl build script has been removed in this release

Version 1.8.10, 2010-08-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Switch default PKCS #8 encryption algorithm from 3DES to AES-256
* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2
* Use small tables in the first round of AES
* Add PBKDF typedef and get_pbkdf for better compatability with 1.9
* Add version of S2K::derive_key taking salt and iteration count
* Enable the /proc-walking entropy source on NetBSD
* Fix the doxygen makefile target

Version 1.8.9, 2010-06-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Use constant time multiplication in IDEA
* Avoid possible timing attack against OAEP decoding
* Add new X509::BER_encode and PKCS8::BER_encode
* Enable DLL builds under Windows
* Add Win32 installer support
* Add support for the Clang compiler
* Fix problem in semcem.h preventing build under Clang or GCC 3.4
* Fix bug that prevented creation of DSA groups under 1024 bits
* Fix crash in GMP_Engine if library is shutdown and reinitialized
* Work around problem with recent binutils in x86-64 SHA-1
* The Perl build script is no longer supported and refuses to run by default

Version 1.8.8, 2009-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Alter Skein-512 to match the tweaked 1.2 specification
* Fix use of inline asm for access to x86 bswap function
* Allow building the library without AES enabled
* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild

Version 1.8.7, 2009-09-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix processing multiple messages in XTS mode
* Add --no-autoload option to configure.py, for minimized builds

Version 1.8.6, 2009-08-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add Cryptobox, a set of simple password-based encryption routines
* Only read world-readable files when walking /proc for entropy
* Fix building with TR1 disabled
* Fix x86 bswap support for Visual C++
* Fixes for compilation under Sun C++
* Add support for Dragonfly BSD (contributed by Patrick Georgi)
* Add support for the Open64 C++ compiler
* Build fixes for MIPS systems running Linux
* Minor changes to license, now equivalent to the FreeBSD/NetBSD license

Version 1.8.5, 2009-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Change configure.py to work on stock Python 2.4
* Avoid a crash in Skein_512::add_data processing a zero-length input
* Small build fixes for SPARC, ARM, and HP-PA processors
* The test suite now returns an error code from main() if any tests failed

Version 1.8.4, 2009-07-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a bug in nonce generation in the Miller-Rabin test

Version 1.8.3, 2009-07-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add a new Python configuration script
* Add the Skein-512 SHA-3 candidate hash function
* Add the XTS block cipher mode from IEEE P1619
* Fix random_prime when generating a prime of less than 7 bits
* Improve handling of low-entropy situations during PRNG seeding
* Change random device polling to prefer /dev/urandom over /dev/random
* Use an input insensitive implementation of same_mem instead of memcmp
* Correct DataSource::discard_next to return the number of discarded bytes
* Provide a default value for AutoSeeded_RNG::reseed
* Fix Gentoo bug 272242

Version 1.8.2, 2009-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Make entropy polling more flexible and in most cases faster
* GOST 28147 now supports multiple sbox parameters
* Added the GOST 34.11 hash function
* Fix botan-config problems on MacOS X

Version 1.8.1, 2009-01-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
* Fix memory leak in PKCS8 load_key and encrypt_key
* Relicense api.tex from CC-By-SA 2.5 to BSD
* Fix botan-config on MacOS X, Solaris

Version 1.8.0, 2008-12-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix compilation on Solaris with GCC

Series 1.7
----------------------------------------

Version 1.7.24, 2008-12-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a compatibility problem with SHA-512/EMSA3 signature padding
* Fix bug preventing EGD/PRNGD entropy poller from working
* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
* Wrap private structs in SSE2 SHA-1 code in anonymous namespace
* Change configure.pl's CPU autodetection output to be more consistent
* Disable using OpenSSL's AES due to crashes of unknown cause
* Fix warning in /proc walking entropy poller
* Fix compilation with IBM XLC for Cell 0.9-200709

Version 1.7.23, 2008-11-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Change to use TR1 (thus enabling ECDSA) with GCC and ICC
* Optimize almost all hash functions, especially MD4 and Tiger
* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
* Change Timer to be pure virtual, and add ANSI_Clock_Timer
* Cache socket descriptors in the EGD entropy source
* Avoid bogging down startup in /proc walking entropy source
* Remove Buffered_EntropySource helper class
* Add a Default_Benchmark_Timer typedef in benchmark.h
* Add examples using benchmark.h and Algorithm_Factory
* Add ECC tests from InSiTo
* Minor documentation updates

Version 1.7.22, 2008-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add provider preferences to Algorithm_Factory
* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
* Optimize AES encryption and decryption (about 10% faster)
* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
* Fix nanoseconds overflow in benchmark code
* Remove Engine::add_engine

Version 1.7.21, 2008-11-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Make algorithm lookup much more configuable
* Add facilities for runtime performance testing of algorithms
* Drop use of entropy estimation in the PRNGs
* Increase intervals between HMAC_RNG automatic reseeding
* Drop InitializerOptions class, all options but thread safety

Version 1.7.20, 2008-11-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Namespace pkg-config file by major and minor versions
* Cache device descriptors in Device_EntropySource
* Split base.h into {block_cipher,stream_cipher,mac,hash}.h
* Removed get_mgf function from lookup.h

Version 1.7.19, 2008-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add HMAC_RNG, based on a design by Hugo Krawczyk
* Optimized the Turing stream cipher (about 20% faster on x86-64)
* Modify Randpool's reseeding algorithm to poll more sources
* Add a new AutoSeeded_RNG in auto_rng.h
* OpenPGP_S2K changed to take hash object instead of name
* Add automatic identification for Intel's Prescott processors

Version 1.7.18, 2008-10-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add Doxygen comments from InSiTo
* Add ECDSA and ECKAEG benchmarks
* Add configure.pl switch --with-tr1-implementation
* Fix configure.pl's --with-endian and --with-unaligned-mem options
* Added support for pkg-config
* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
* Use const references to avoid copying overhead in CurveGFp, GFpModulus

Version 1.7.17, 2008-10-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add missing ECDSA object identifiers
* Fix error in x86 and x86-64 assembler affecting GF(p) math
* Remove Boost dependency from GF(p) math
* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
* Add BOTAN_DLL macro to over 30 classes missing it
* Rename the two SHA-2 base classes for consistency

Version 1.7.16, 2008-10-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add several missing pieces needed for ECDSA and ECKAEG
* Add Card Verifiable Certificates from InSiTo
* Add SHA-224 from InSiTo
* Add BSI variant of EMSA1 from InSiTo
* Add GF(p) and ECDSA tests from InSiTo
* Split ECDSA and ECKAEG into distinct modules
* Allow OpenSSL and GNU MP engines to be built with public key algos disabled
* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h

Version 1.7.15, 2008-10-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add GF(p) arithmetic from InSiTo
* Add ECDSA and ECKAEG implementations from InSiTo
* Minimize internal dependencies, allowing for smaller build configurations
* Add new User Manual and Architecture Guide from FlexSecure GmbH
* Alter configure.pl options for better autotools compatibility
* Update build instructions for recent changes to configure.pl
* Fix CPU detection using /proc/cpuinfo

Version 1.7.14, 2008-09-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Split library into parts allowing modular builds
* Add (very preliminary) CMS support to the main library
* Some constructors now require object pointers instead of names
* Support multiple implementations of the same algorithm
* Build support for Pentium-M processors, from Derek Scherger
* Build support for MinGW/MSYS, from Zbigniew Zagorski
* Use inline assembly for bswap on 32-bit x86

Version 1.7.13, 2008-09-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
* Allow all examples to compile even if compression not enabled
* Make CMAC's polynomial doubling operation a public class method
* Use the -m64 flag when compiling with Sun Forte on x86-64
* Clean up and slightly optimize CMAC::final_result

Version 1.7.12, 2008-09-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add x86 assembly for Visual Studio C++, by Luca Piccarreta
* Add a Perl XS module, by Vaclav Ovsik
* Add SWIG-based wrapper for Botan
* Add SSE2 implementation of SHA-1, by Dean Gaudet
* Remove the BigInt::sig_words cache due to bugs
* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
* Changed BigInt::grow_by and BigInt::grow_to to be non-const
* Add private assignment operators to classes that don't support assignment
* Benchmark RSA encryption and signatures
* Added test programs for random_prime and ressol
* Add high resolution timers for IA-64, HP-PA, S390x
* Reduce use of the RNG during benchmarks
* Fix builds on STI Cell PPU
* Add support for IBM's XLC compiler
* Add IETF 8192 bit MODP group

Version 1.7.11, 2008-09-11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added the Salsa20 stream cipher
* Optimized Montgomery reduction, Karatsuba squaring
* Added 16x16->32 word Comba multiplication and squaring
* Use a much larger Karatsuba cutoff point
* Remove bigint_mul_add_words
* Inlined several BigInt functions
* Add useful information to the generated build.h
* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
* Fix the Windows build

Version 1.7.10, 2008-09-05
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Public key benchmarks run using a selection of random keys
* New benchmark timer options are clock_gettime, gettimeofday, times, clock
* Including reinterpret_cast optimization for xor_buf in default header
* Split byte swapping and word rotation functions into distinct headers
* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
* Optimizes BigInt right shift
* Add aliases in DL_Group::Format enum
* BigInt now caches the significant word count

Version 1.7.9, 2008-08-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Make clear() in most algorithm base classes a pure virtual
* Add noexec stack marker for GNU linker in assembly code
* Avoid string operations in ressol
* Compilation fixes for MinGW and Visual Studio C++ 2008
* Some autoconfiguration fixes for Windows

Version 1.7.8, 2008-07-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added the block cipher Noekeon
* Remove global deref_alias function
* X509_Store takes timeout options as constructor arguments
* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
* Extend random_prime() for generating primes of any bit length
* Remove Config class
* Allow adding new entropy via base RNG interface
* Reseeding a X9.31 PRNG also reseeds the underlying PRNG

Version 1.7.7, 2008-06-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Remove the global PRNG object
* The PK filter objects were removed
* Add a test suite for the ANSI X9.31 PRNG
* Much cleaner and (mostly) thread-safe reimplementation of es_ftw
* Remove both default arguments to ANSI_X931_RNG's constructor
* Remove the randomizing version of OctetString::change
* Make the cipher and MAC to use in Randpool configurable
* Move RandomNumberGenerator declaration to rng.h
* RSA_PrivateKey will not generate keys smaller than 1024 bits
* Fix an error decoding BER UNIVERSAL types with special taggings

Version 1.7.6, 2008-05-05
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Initial support for Windows DLLs, from Joel Low
* Reset the position pointer when a new block is generated in X9.32 PRNG
* Timer objects are now treated as entropy sources
* Moved several ASN.1-related enums from enums.h to an appropriate header
* Removed the AEP module, due to inability to test
* Removed Global_RNG and rng.h
* Removed system_clock
* Removed Library_State::UI and the pulse callback logic

Version 1.7.5, 2008-04-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* The API of X509_CA::sign_request was altered to avoid race conditions
* New type Pipe::message_id to represent the Pipe message number
* Remove the Named_Mutex_Holder for a small performance gain
* Removed several unused or rarely used functions from Config
* Ignore spaces inside of a decimal string in BigInt::decode
* Allow using a std::istream to initialize a DataSource_Stream object
* Fix compilation problem in zlib compression module
* The chunk sized used by Pooling_Allocator is now a compile time setting
* The size of random blinding factors is now a compile time setting
* The install target no longer tries to set a particular owner/group

Version 1.7.4, 2008-03-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Use unaligned memory read/writes on systems that allow it, for performance
* Assembly for x86-64 for accessing the bswap instruction
* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
* Unroll loops in SHA-160 for a few percent increase in performance
* Fix compilation with GCC 3.2 in es_ftw and es_unix
* Build fix for NetBSD systems
* Prevent es_dev from being built except on Unix systems

Version 1.7.3, 2008-01-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* New invocation syntax for configure.pl with several new options
* Support for IPv4 addresses in a subject alternative name
* New fast poll for the generic Unix entropy source (es_unix)
* The es_file entropy source has been replaced by the es_dev module
* The malloc allocator does not inherit from Pooling_Allocator anymore
* The path that es_unix will search in are now fully user-configurable
* Truncate X9.42 PRF output rather than allow counter overflow
* PowerPC is now assumed to be big-endian

Version 1.7.2, 2007-10-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Initialize the global library state lazily
* Add plain CBC-MAC for backwards compatibility with old systems
* Clean up some of the self test code
* Throw a sensible exception if a DL_Group is not found
* Truncate KDF2 output rather than allowing counter overflow
* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
* Fix a Visual Studio compilation problem in x509stat.cpp

Version 1.7.1, 2007-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a race condition in the algorithm object cache
* HMAC key schedule optimization
* The build header sets a macro defining endianness, if known
* New word load/store abstraction allowing further optimization
* Modify most of the library to avoid use the C-style casts
* Use higher resolution timers in symmetric benchmarks

Version 1.7.0, 2007-05-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* DSA parameter generation now follows FIPS 186-3
* Added OIDs for Rabin-Williams and Nyberg-Rueppel
* Somewhat better support for out of tree builds
* Minor optimizations for RC2 and Tiger
* Documentation updates
* Update the todo list

Series 1.6
----------------------------------------

Version 1.6.5, 2008-08-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add noexec stack marker for GNU linker in assembly code
* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3

Version 1.6.4, 2008-03-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a compilation problem with Visual Studio C++ 2003

Version 1.6.3, 2007-07-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix a race condition in the algorithm lookup cache
* Fix problems building the memory pool on some versions of Visual C++

Version 1.6.2, 2007-03-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix autodection on Athlon64s running Linux
* Fix builds on QNX and compilers using STLport
* Remove a call to abort() that crept into production

Version 1.6.1, 2007-01-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix some base64 decoder bugs
* Add a new option to base64 encoding, to always append a newline
* Fix some build problems under Visual Studio with debug enabled
* Fix a bug in BER_Decoder that was triggered under some compilers

Version 1.6.0, 2006-12-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Minor cleanups versus 1.5.13

Series 1.5
----------------------------------------

Version 1.5.13, 2006-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Compilation fixes for the bzip2, zlib, and GNU MP modules
* Better support for Intel C++ and EKOpath C++ on x86-64

Version 1.5.12, 2006-10-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Cleanups in the initialization routines
* Add some x86-64 assembly for multiply-add
* Fix problems generating very small (below 384 bit) RSA keys
* Support out of tree builds
* Bring some of the documentation up to date
* More improvements to the Python bindings

Version 1.5.11, 2006-09-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Removed the Algorithm base class
* Various cleanups in the public key inheritance hierarchy
* Major overhaul of the configure/build setup
* Added x86 assembler implementations of Serpent and low-level MPI code
* Optimizations for the SHA-1 x86 assembler
* Various improvements to the Python wrappers
* Work around a Visual Studio compiler bug

Version 1.5.10, 2006-08-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add x86 assembler versions of MD4, MD5, and SHA-1
* Expand InitializerOptions' language to support on/off switches
* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
* Fix possible resource leaks in the mmap allocator
* Slightly optimized buffering in MDx_HashFunction
* Initialization failures are dealt with somewhat better
* Add an example implementing Pollard's Rho algorithm
* Better option handling in the test/benchmark tool
* Expand the xor_ciph example to support longer keys
* Some updates to the documentation

Version 1.5.9, 2006-07-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed bitrot in the AEP engine
* Fix support for marking certificate/CRL extensions as critical
* Significant cleanups in the library state / initialization code
* LibraryInitializer takes an explicit InitializerOptions object
* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
* Change configuration access to using global_state()
* Add support for global named mutexes throughout the library
* Add some STL wrappers for the delete operator
* Change how certificates are created to be more flexible and general

Version 1.5.8, 2006-06-23
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Many internal cleanups to the X.509 cert/CRL code
* Allow for application code to support new X.509 extensions
* Change the return type of X509_Certificate::{subject,issuer}_info
* Allow for alternate character set handling mechanisms
* Fix a bug that was slowing squaring performance somewhat
* Fix a very hard to hit overflow bug in the C version of word3_muladd
* Minor cleanups to the assembler modules
* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
* Support for GCC 2.95.x has been dropped in this release

Version 1.5.7, 2006-05-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Further, major changes to the BER/DER coding system
* Updated the Qt mutex module to use Mutex_Factory
* Moved the library global state object into an anonymous namespace
* Drop the Visual C++ x86 assembly module due to bugs

Version 1.5.6, 2006-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* The low-level DER/BER coding system was redesigned and rewritten
* Portions of the certificate code were cleaned up internally
* Use macros to substantially clean up the GCC assembly code
* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
* Avoid a couple of spurious warnings under Visual C++
* Some slight cleanups in X509_PublicKey::key_id

Version 1.5.5, 2006-02-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
* Made Pooling_Allocator::Memory_Block an actual class of sorts
* Some small optimizations to the division and modulo computations
* Cleaned up the implementation of some of the BigInt operators
* Reduced use of dynamic memory allocation in low-level BigInt functions
* A few simplifications in the Randpool mixing function
* Removed power(), as it was not particularly useful (or fast)
* Fixed some annoying bugs in the benchmark code
* Added a real credits file

Version 1.5.4, 2006-01-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
* Fixed a memory access off-by-one in the Karatsuba code
* Changed Pooling_Allocator's free list search to a log(N) algorithm
* Merged ModularReducer with its only subclass, Barrett_Reducer
* Fixed sign-handling bugs in some of the division and modulo code
* Renamed the module description files to modinfo.txt
* Further cleanups in the initialization code
* Removed BigInt::add and BigInt::sub
* Merged all the division-related functions into just divide()
* Modified the <mp_asmi.h> functions to allow for better optimizations
* Made the number of bits polled from an EntropySource user configurable
* Avoid including <algorithm> in <botan/secmem.h>
* Fixed some build problems with Sun Forte
* Removed some dead code from bigint_modop
* Fix the definition of same_mem

Version 1.5.3, 2006-01-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Many optimizations in the low-level multiple precision integer code
* Added hooks for assembly implementations of the MPI code
* Support for the X.509 issuer alternative name extension in new certs
* Fixed a bug in the decompression modules; found and patched by Matt Johnston
* New Windows mutex module (mux_win32), by Luca Piccarreta
* Changed the Windows timer module to use QueryPerformanceCounter
* mem_pool.cpp was using std::set iterators instead of std::multiset ones
* Fixed a bug in X509_CA preventing users from disabling particular extensions
* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
* Fixed some module build problems on FreeBSD and Tru64

Version 1.5.2, 2006-01-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed an off-by-one memory read in MISTY1::key()
* Fixed a nasty memory leak in Output_Buffers::retire()
* Reimplemented the memory allocator from scratch
* Improved memory caching in Montgomery exponentiation
* Optimizations for multiple precision addition and subtraction
* Fixed a build problem in the hardware timer module on 64-bit PowerPC
* Changed default Karatsuba cutoff to 12 words (was 14)
* Removed MemoryRegion::bits(), which was unused and incorrect
* Changed maximum HMAC keylength to 1024 bits
* Various minor Makefile and build system changes
* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
* Switched checks/clock.cpp back to using clock() by default
* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
* Removed the Default_Mutex's unused clone() member function

Version 1.5.1, 2006-01-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Implemented Montgomery exponentiation
* Implemented generalized Karatsuba multiplication and squaring
* Implemented Comba squaring for 4, 6, and 8 word inputs
* Added new Modular_Exponentiator and Power_Mod classes
* Removed FixedBase_Exp and FixedExponent_Exp
* Fixed a performance regression in get_allocator introduced in 1.5.0
* Engines can now offer S2K algorithms and block cipher padding methods
* Merged the remaining global 'algolist' code into Default_Engine
* The low-level MPI code is linked as C again
* Replaced BigInt's get_nibble with the more general get_substring
* Some documentation updates

Version 1.5.0, 2006-01-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Moved all global/shared library state into a single object
* Mutex objects are created through mutex factories instead of a global
* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
* Removed the RNG_Quality enum entirely
* There is now only a single global-use PRNG
* Removed the no_aliases and no_oids options for LibraryInitializer
* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
* Change es_ftw to use unbuffered I/O

Series 1.4
----------------------------------------

Version 1.4.12, 2006-01-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed an off-by-one memory read in MISTY1::key()
* Fixed a nasty memory leak in Output_Buffers::retire()
* Changed maximum HMAC keylength to 1024 bits
* Fixed a build problem in the hardware timer module on 64-bit PowerPC

Version 1.4.11, 2005-12-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Changed Whirlpool diffusion matrix to match updated algorithm spec
* Fixed several engine module build errors introduced in 1.4.10
* Fixed two build problems in es_capi; reported by Matthew Gregan
* Added a constructor to DataSource_Memory taking a std::string
* Placing the same Filter in multiple Pipes triggers an exception
* The configure script accepts --docdir and --libdir
* Merged doc/rngs.txt into the main API document
* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11

Version 1.4.10, 2005-12-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added an implementation of KASUMI, the block cipher used in 3G phones
* Refactored Pipe; output queues are now managed by a distinct class
* Made certain Filter facilities only available to subclasses of Fanout_Filter
* There is no longer any overhead in Pipe for a message that has been read out
* It is now possible to generate RSA keys as small as 128 bits
* Changed some of the core classes to derive from Algorithm as a virtual base
* Changed Randpool to use HMAC instead of a plain hash as the mixing function
* Fixed a bug in the allocators; found and fixed by Matthew Gregan
* Enabled the use of binary file I/O, when requested by the application
* The OpenSSL engine's block cipher code was missing some deallocation calls
* Disabled the es_ftw module on NetBSD, due to header problems there
* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
* Some cleanups for the modules that use inline assembler
* config.h is now stored in build/ instead of build/include/botan/
* The header util.h was split into bit_ops.h, parsing.h, and util.h
* Cleaned up some redundant include directives

Version 1.4.9, 2005-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added the IBM-created AES candidate algorithm MARS
* Added the South Korean block cipher SEED
* Added the stream cipher Turing
* Added the new hash function FORK-256
* Deprecated the ISAAC stream cipher
* Twofish and RC6 are significantly faster with GCC
* Much better support for 64-bit PowerPC
* Added support for high-resolution PowerPC timers
* Fixed a bug in the configure script causing problems on FreeBSD
* Changed ANSI X9.31 to support arbitrary block ciphers
* Make the configure script a bit less noisy
* Added more test vectors for some algorithms, including all the AES finalists
* Various cosmetic source code cleanups

Version 1.4.8, 2005-10-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Resolved a bad performance problem in the allocators; fix by Matt Johnston
* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
* Renamed OMAC to CMAC to match the official NIST naming
* Added single byte versions of update() to PK_Signer and PK_Verifier
* Removed the unused reverse_bits and reverse_bytes functions

Version 1.4.7, 2005-09-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed major performance problems with recent versions of GNU C++
* Added an implementation of the X9.31 PRNG
* Removed the X9.17 and FIPS 186-2 PRNG algorithms
* Changed defaults to use X9.31 PRNGs as global PRNG objects
* Documentation updates to reflect the PRNG changes
* Some cleanups related to the engine code
* Removed two useless headers, base_eng.h and secalloc.h
* Removed PK_Verifier::valid_signature
* Fixed configure/build system bugs affecting MacOS X builds
* Added support for the EKOPath x86-64 compiler
* Added missing destructor for BlockCipherModePaddingMethod
* Fix some build problems with Visual C++ 2005 beta
* Fix some build problems with Visual C++ 2003 Workshop

Version 1.4.6, 2005-03-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix an error in the shutdown code introduced in 1.4.5
* Setting base/pkcs8_tries to 0 disables the builtin fail-out
* Support for XMPP identifiers in X.509 certificates
* Duplicate entries in X.509 DNs are removed
* More fixes for Borland C++, from Friedemann Kleint
* Add a workaround for buggy iostreams

Version 1.4.5, 2005-02-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add support for AES encryption of private keys
* Minor fixes for PBES2 parameter decoding
* Internal cleanups for global state variables
* GCC 3.x version detection was broken in non-English locales
* Work around a Sun Forte bug affecting mem_pool.h
* Several fixes for Borland C++ 5.5, from Friedemann Kleint
* Removed inclusion of init.h into base.h
* Fixed a major bug in reading from certificate stores
* Cleaned up a couple of mutex leaks
* Removed some left-over debugging code
* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF

Version 1.4.4, 2004-12-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Further tweaks to the pooling allocator
* Modified EMSA3 to support SSL/TLS signatures
* Changes to support Qt/QCA, from Justin Karneges
* Moved mux_qt module code into mod_qt
* Fixes for HP-UX from Mike Desjardins

Version 1.4.3, 2004-11-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Split up SecureAllocator into Allocator and Pooling_Allocator
* Memory locking allocators are more likely to be used
* Fixed the placement of includes in some modules
* Fixed broken installation procedure
* Fixes in configure script to support alternate install programs
* Modules can specify the minimum version they support

Version 1.4.2, 2004-10-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a major CRL handling bug
* Cipher and hash operations can be offloaded to engines
* Added support for cipher and hash offload in OpenSSL engine
* Improvements for 64-bit CPUs without a widening multiply instruction
* Support for SHA2-* and Whirlpool with EMSA2
* Fixed a long-standing build problem with conflicting include files
* Fixed some examples that hadn't been updated for 1.4.x
* Portability fixes for Solaris, BSD, HP-UX, and others
* Lots of fixes and cleanups in the configure script
* Updated the Gentoo ebuild file

Version 1.4.1, 2004-10-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed major errors in the X.509 and PKCS #8 copy_key functions
* Added a LAST_MESSAGE meta-message number for Pipe
* Added new aliases (3DES and DES-EDE) for Triple-DES
* Added some new functions to PK_Verifier
* Cleaned up the KDF interface
* Disabled tm_posix on BSD due to header issues
* Fixed a build problem on PowerPC with GNU C++ pre-3.4

Version 1.4.0, 2004-06-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added the FIPS 186 RNG back
* Added copy_key functions for X.509 public keys and PKCS #8 private keys
* Fixed PKCS #1 signatures with RIPEMD-128
* Moved some code around to avoid warnings with Sun ONE compiler
* Fixed a bug in botan-config affecting OpenBSD
* Fixed some build problems on Tru64, HP-UX
* Fixed compile problems with Intel C++, Compaq C++

Series 1.3
----------------------------------------

Version 1.3.14, 2004-06-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added support for AEP's AEP1000/AEP2000 crypto cards
* Added a Mutex module using Qt, from Justin Karneges
* Added support for engine loading in LibraryInitializer
* Tweaked SecureAllocator, giving 20% better performance under heavy load
* Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
* Renamed PK_Engine to Engine_Core
* Improved the Karatsuba cutoff points
* Fixes for compiling with GCC 3.4 and Sun C++ 5.5
* Fixes for Linux/s390, OpenBSD, and Solaris
* Added support for Linux/s390x
* The configure script was totally broken for 'generic' OS
* Removed Montgomery reduction due to bugs
* Removed an unused header, pkcs8alg.h
* check --validate returns an error code if any tests failed
* Removed duplicate entry in Unix command list for es_unix
* Moved the Cert_Usage enumeration into X509_Store
* Added new timing methods for PK benchmarks, clock_gettime and RDTSC
* Fixed a few minor bugs in the configure script
* Removed some deprecated functions from x509cert.h and pkcs10.h
* Removed the 'minimal' module, has to be updated for Engine support
* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
* Documentation updates

Version 1.3.13, 2004-05-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Major fixes for Cygwin builds
* Minor MacOS X install fixes
* The configure script is a little better at picking the right modules
* Removed ml_unix from the 'unix' module set for Cygwin compatibility
* Fixed a stupid compile problem in pkcs10.h

Version 1.3.12, 2004-05-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added ability to remove old entries from CRLs
* Swapped the first two arguments of X509_CA::update_crl()
* Added an < operator for MemoryRegion, so it can be used as a std::map key
* Changed X.509 searching by DNS name from substring to full string compares
* Renamed a few X509_Certificate and PKCS10_Request member functions
* Fixed a problem when decoding some PKCS #10 requests
* Hex_Decoder would not check inputs, reported by Vaclav Ovsik
* Changed default CRL expire time from 30 days to 7 days
* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
* Corrected errors in the API doc, fixes from Ken Perano
* More documentation about the Pipe/Filter code

Version 1.3.11, 2004-04-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed two show-stopping bugs in PKCS10_Request
* Added some sanity checks in Pipe/Filter
* The DNS and URI entries would get swapped in subjectAlternativeNames
* MAC_Filter is now willing to not take a key at creation time
* Setting the expiration times of certs and CRLs is more flexible
* Fixed problems building on AIX with GCC
* Fixed some problems in the tutorial pointed out by Dominik Vogt
* Documentation updates

Version 1.3.10, 2004-03-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added support for OpenPGP's ASCII armor format
* Cleaned up the RNG system; seeding is much more flexible
* Added simple autoconfiguration abilities to configure.pl
* Fixed a GCC 2.95.x compile problem
* Updated the example configuration file
* Documentation updates

Version 1.3.9, 2004-03-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added an engine using OpenSSL (requires 0.9.7 or later)
* X509_Certificate would lose email addresses stored in the DN
* Fixed a missing initialization in a BigInt constructor
* Fixed several Visual C++ compile problems
* Fixed some BeOS build problems
* Fixed the WiderWake benchmark

Version 1.3.8, 2003-12-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Internal changes to PK algorithms to divide data and algorithms
* DSA/DH/NR/ElGamal constructors accept taking just the private key again
* ElGamal keys now support being imported/exported as ASN.1 objects
* Much more consistent and complete error checking in PK algorithms
* Support for arbitrary backends (engines) for PK operations
* Added Montgomery reductions
* Added an engine that uses GNU MP (requires 4.1 or later)
* Removed the obsolete mp_gmp module
* Moved several initialization/shutdown functions to init.h
* Major refactoring of the memory containers
* New non-locking container, MemoryVector
* Fixed 64-bit problems in BigInt::set_bit/clear_bit
* Renamed PK_Key::check_params() to check_key()
* Some incompatible changes to OctetString
* Added version checking macros in version.h
* Removed the fips140 module pending rewrite
* Added some functions and hooks to help GUIs
* Moved more shared code into MDx_HashFunction
* Added a policy hook for specifying the encoding of X.509 strings

Version 1.3.7, 2003-12-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a big security problem in es_unix
* Fixed several stability problems in es_unix
* Expanded the list of programs es_unix will try to use
* SecureAllocator now only preallocates blocks in special cases
* Added a special case in Global_RNG::seed for forcing a full poll
* Removed the FIPS 186 RNG added in 1.3.5 pending further testing
* Configure updates for PowerPC CPUs
* Removed the (never tested) VAX support
* Added support for S/390 Linux

Version 1.3.6, 2003-12-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added a new module 'minimal', which disables most algorithms
* SecureAllocator allocates a few blocks at startup
* A few minor MPI cleanups
* RPM spec file cleanups and fixes

Version 1.3.5, 2003-11-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Major improvements in ASN.1 string handling
* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
* Added partial support for the X.509v3 certificate policies extension
* Centralized the handling of character set information
* Added FIPS 140-2 startup self tests
* Added a module (fips140) for doing extra FIPS 140-2 tests
* Added FIPS 186-2 RNG
* Improved ASN.1 BIT STRING handling
* Removed a memory leak in PKCS10_Request
* The encoding of DirectoryString now follows PKIX guidelines
* Fixed some of the character set dependencies
* Fixed a DER encoding error for tags greater than 30
* The BER decoder can now handle tags larger than 30
* Fixed tm_hard.cpp to recognize SPARC on more systems
* Workarounds for a GCC 2.95.x bug in x509find.cpp
* RPM changed to install into /usr instead of /usr/local
* Added support for QNX

Version 1.3.4, 2003-11-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added a module that does certain MPI operations using GNU MP
* Added the X9.42 Diffie-Hellman PRF
* The Zlib and Bzip2 objects now use custom allocators
* Added member functions for directly hashing/MACing SecureVectors
* Minor optimizations to the MPI addition and subtraction algorithms
* Some cleanups in the low-level MPI code
* Created separate AES-{128,192,256} objects

Version 1.3.3, 2003-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* The library can now be repeatedly initialized and shutdown without crashing
* Fixed an off-by-one error in the CTS code
* Fixed an error in the EMSA4 verification code
* Fixed a memory leak in mutex.cpp (pointed out by James Widener)
* Fixed a memory leak in Pthread_Mutex
* Fixed several memory leaks in the testing code
* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
* Minor cleanups in SecureAllocator
* Removed a needless mutex guarding the (stateless) global timer
* Fixed a piece of bash-specific code in botan-config
* X.509 objects report more information about decoding errors
* Cleaned up some of the exception handling
* Updated the example config file with new OIDSs
* Moved the build instructions into a separate document, building.tex

Version 1.3.2, 2003-11-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a bug preventing DSA signatures from verifying on X.509 objects
* Made the X509_Store search routines more efficient and flexible
* Added a function to X509_PublicKey to do easy public/private key matching
* Added support for decoding indefinite length BER data
* Changed Pipe's peek() to take an offset
* Removed Filter::set_owns in favor of the new incr_owns function
* Removed BigInt::zero() and BigInt::one()
* Renamed the PEM related options from base/pem_* to pem/*
* Added an option to specify the line width when encoding PEM
* Removed the "rng/safe_longterm" option; it's always on now
* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
* Cleaned up the base64/hex encoders and decoders
* Added an ASN.1/BER decoder as an example
* AES had its internals marked 'public' in previous versions
* Changed the value of the ASN.1 NO_OBJECT enum
* Various new hacks in the configure script
* Removed the already nominal support for SunOS

Version 1.3.1, 2003-11-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Generalized a few pieces of the DER encoder
* PKCS8::load_key would fail if handed an unencrypted key
* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop

Version 1.3.0, 2003-11-02
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Major redesign of the PKCS #8 private key import/export system
* Added a small amount of UI interface code for getting passphrases
* Added heuristics that tell if a key, cert, etc is stored as PEM or BER
* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
* Made PEM decoding more forgiving of extra text before the header

Series 1.2
----------------------------------------

Version 1.2.8, 2003-11-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Merged several important bug fixes from 1.3.x

Version 1.2.7, 2003-10-31
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added support for reading configuration files
* Added constructors so NR and RW keys can be imported easily
* Fixed mp_asm64, which was completely broken in 1.2.6
* Removed tm_hw_ia32 module; replaced by tm_hard
* Added support for loading certain oddly formed RSA certificates
* Fixed spelling of NON_REPUDIATION enum
* Renamed the option default_to_ca to v1_assume_ca
* Fixed a minor bug in X.509 certificate generation
* Fixed a latent bug in the OID lookup code
* Updated the RPM spec file
* Added to the tutorial

Version 1.2.6, 2003-07-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Major performance increase for PK algorithms on most 64-bit systems
* Cleanups in the low-level MPI code to support asm implementations
* Fixed build problems with some versions of Compaq's C++ compiler
* Removed useless constructors for NR public and private keys
* Removed support for the patch_file directive in module files
* Removed several deprecated functions

Version 1.2.5, 2003-06-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a tricky and long-standing memory leak in Pipe
* Major cleanups and fixes in the memory allocation system
* Removed alloc_mlock, which has been superseded by the ml_unix module
* Removed a denial of service vulnerability in X509_Store
* Fixed compilation problems with VS .NET 2003 and Codewarrior 8
* Added another variant of PKCS8::load_key, taking a memory buffer
* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
* BigInt::operator%=(word) was a no-op if the input was a power of 2
* Fixed portability problems in BigInt::to_u32bit
* Fixed major bugs in SSL3-MAC
* Cleaned up some messes in the PK algorithms
* Cleanups and extensions for OMAC and EAX
* Made changes to the entropy estimation function
* Added a 'beos' module set for use on BeOS
* Officially deprecated a few X509:: and PKCS8:: functions
* Moved the contents of primes.h to numthry.h
* Moved the contents of x509opt.h to x509self.h
* Removed the (empty) desx.h header
* Documentation updates

Version 1.2.4, 2003-05-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a bug in EMSA1 affecting NR signature verification
* Fixed a few latent bugs in BigInt related to word size
* Removed an unused function, mp_add2_nc, from the MPI implementation
* Reorganized the core MPI files

Version 1.2.3, 2003-05-20
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a bug that prevented DSA/NR key generation
* Fixed a bug that prevented importing some root CA certs
* Fixed a bug in the BER decoder when handing optional bit or byte strings
* Fixed the encoding of authorityKeyIdentifier in X509_CA
* Added a sanity check in PBKDF2 for zero length passphrases
* Added versions of X509::load_key and PKCS8::load_key that take a file name
* X509_CA generates 128 bit serial numbers now
* Added tests to check PK key generation
* Added a simplistic X.509 CA example
* Cleaned up some of the examples

Version 1.2.2, 2003-05-13
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add checks to prevent any BigInt bugs from revealing an RSA or RW key
* Changed the interface of Global_RNG::seed
* Major improvements for the es_unix module
* Added another Win32 entropy source, es_win32
* The Win32 CryptoAPI entropy source can now poll multiple providers
* Improved the BeOS entropy source
* Renamed pipe_unixfd module to fd_unix
* Fixed a file descriptor leak in the EGD module
* Fixed a few locking bugs

Version 1.2.1, 2003-05-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added ANSI X9.23 compatible CBC padding
* Added an entropy source using Win32 CryptoAPI
* Removed the Pipe I/O operators taking a FILE*
* Moved the BigInt encoding/decoding functions into the BigInt class
* Integrated several fixes for VC++ 7 (from Hany Greiss)
* Fixed the configure.pl script for Windows builds

Version 1.2.0, 2003-04-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Tweaked the Karatsuba cut-off points
* Increased the allowed keylength of HMAC and Blowfish
* Removed the 'mpi_ia32' module, pending rewrite
* Workaround a GCC 2.95.x bug in eme1.cpp

Series 1.1
----------------------------------------

Version 1.1.13, 2003-04-22
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added OMAC
* Added EAX authenticated cipher mode
* Diffie-Hellman would not do blinding in some cases
* Optimized the OFB and CTR modes
* Corrected Skipjack's word ordering, as per NIST clarification
* Support for all subject/issuer attribute types required by RFC 3280
* The removeFromCRL CRL reason code is now handled correctly
* Increased the flexibility of the allocators
* Renamed Rijndael to AES, created aes.h, deleted rijndael.h
* Removed support for the 'no_timer' LibraryInitializer option
* Removed 'es_pthr' module, pending further testing
* Cleaned up get_ciph.cpp

Version 1.1.12, 2003-04-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a ASN.1 string encoding bug
* Fixed a pair of X509_DN encoding problems
* Base64_Decoder and Hex_Decoder can now validate input
* Removed support for the LibraryInitializer option 'egd_path'
* Added tests for DSA X.509 and PKCS #8 key formats
* Removed a long deprecated feature of DH_PrivateKey's constructor
* Updated the RPM .spec file
* Major documentation updates

Version 1.1.11, 2003-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added PKCS #10 certificate requests
* Changed X509_Store searching interface to be more flexible
* Added a generic Certificate_Store interface
* Added a function for generating self-signed X.509 certs
* Cleanups and changes to X509_CA
* New examples for PKCS #10 and self-signed certificates
* Some documentation updates

Version 1.1.10, 2003-04-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* X509_CA can now generate new X.509 CRLs
* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
* More certificate and CRL extensions/attributes are supported
* Better DN handling in X.509 certificates/CRLs
* Added a DataSink hierarchy (suggested by Jim Darby)
* Consolidated SecureAllocator and ManagedAllocator
* Many cleanups and generalizations
* Added a (slow) pthreads based EntropySource
* Fixed some threading bugs

Version 1.1.9, 2003-02-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added support for using X.509v2 CRLs
* Fixed several bugs in the path validation algorithm
* Certificates can be verified for a particular usage
* Algorithm for comparing distinguished names now follows X.509
* Cleaned up the code for the es_beos, es_ftw, es_unix modules
* Documentation updates

Version 1.1.8, 2003-01-29
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixes for the certificate path validation algorithm in X509_Store
* Fixed a bug affecting X509_Certificate::is_ca_cert()
* Added a general configuration interface for policy issues
* Cleanups and API changes in the X.509 CA, cert, and store code
* Made various options available for X509_CA users
* Changed X509_Time's interface to work around time_t problems
* Fixed a theoretical weakness in Randpool's entropy mixing function
* Fixed problems compiling with GCC 2.95.3 and GCC 2.96
* Fixed a configure bug (reported by Jon Wilson) affecting MinGW

Version 1.1.7, 2003-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed an obscure but dangerous bug in SecureVector::swap
* Consolidated SHA-384 and SHA-512 to save code space
* Added SSL3-MAC and SSL3-PRF
* Documentation updates, including a new tutorial

Version 1.1.6, 2002-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Initial support for X.509v3 certificates and CAs
* Major redesign/rewrite of the ASN.1 encoding/decoding code
* Added handling for DSA/NR signatures encoded as DER SEQUENCEs
* Documented the generic cipher lookup interface
* Added an (untested) entropy source for BeOS
* Various cleanups and bug fixes

Version 1.1.5, 2002-11-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added the discrete logarithm integrated encryption system (DLIES)
* Various optimizations for BigInt
* Added support for assembler optimizations in modules
* Added BigInt x86 optimizations module (mpi_ia32)

Version 1.1.4, 2002-11-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Speedup of 15-30% for PK algorithms
* Implemented the PBES2 encryption scheme
* Fixed a potential bug in decoding RSA and RW private keys
* Changed the DL_Group class interface to handle different formats better
* Added support for PKCS #3 encoded DH parameters
* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
* Added key pair consistency checking
* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
* A botan-config script is generated at configure time
* Documentation updates

Version 1.1.3, 2002-11-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added a generic public/private key loading interface
* Fixed a small encoding bug in RSA, RW, and DH
* Changed the PK encryption/decryption interface classes
* ECB supports using padding methods
* Added a function-based interface for library initialization
* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
* The cipher mode benchmarks now use 128-bit AES instead of DES
* Removed some obsolete typedefs
* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
* Added tests for PKCS #8 encoding/decoding
* Added more tests for ECB and CBC

Version 1.1.2, 2002-10-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Support for PKCS #8 encoded RSA, DSA, and DH private keys
* Support for Diffie-Hellman X.509 public keys
* Major reorganization of how X.509 keys are handled
* Added PKCS #5 v2.0's PBES1 encryption scheme
* Added a generic cipher lookup interface
* Added the WiderWake4+1 stream cipher
* Added support for sync-able stream ciphers
* Added a 'paranoia level' option for the LibraryInitializer
* More security for RNG output meant for long term keys
* Added documentation for some of the new 1.1.x features
* CFB's feedback argument is now specified in bits
* Renamed CTR class to CTR_BE
* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats

Version 1.1.1, 2002-10-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added the Korean hash function HAS-160
* Partial support for RSA and DSA X.509 public keys
* Added a mostly functional BER encoder/decoder
* Added support for non-deterministic MAC functions
* Initial support for PEM encoding/decoding
* Internal cleanups in the PK algorithms
* Several new convenience functions in Pipe
* Fixed two nasty bugs in Pipe
* Messed with the entropy sources for es_unix
* Discrete logarithm groups are checked for safety more closely now
* For compatibility with GnuPG, ElGamal now supports DSA-style groups

Version 1.1.0, 2002-09-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added entropy estimation to the RNGs
* Improved the overall design of both Randpool and ANSI_X917_RNG
* Added a separate RNG for nonce generation
* Added window exponentiation support in power_mod
* Added a get_s2k function and the PKCS #5 S2K algorithms
* Added the TLSv1 PRF
* Replaced BlockCipherModeIV typedef with InitializationVector class
* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
* Added support for RIPEMD-160 PKCS#1 v1.5 signatures
* Changed the key agreement scheme interface
* Changed the S2K and KDF interfaces
* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
* Added support for variable-pass Tiger
* Major speedup for Rabin-Williams key generation

Series 1.0
----------------------------------------

Version 1.0.2, 2003-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed an obscure SEGFAULT causing bug in Pipe
* Fixed an obscure but dangerous bug in SecureVector::swap

Version 1.0.1, 2002-09-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed a minor bug in Randpool::random()
* Added some new aliases and typedefs for 1.1.x compatibility
* The 4096-bit RSA benchmark key was decimal instead of hex
* EMAC was returning an incorrect name

Version 1.0.0, 2002-08-26
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Octal I/O of BigInt is now supported
* Fixed portability problems in the es_egd module
* Generalized IV handling in the block cipher modes
* Added Karatsuba multiplication and k-ary exponentiation
* Fixed a problem in the multiplication routines

Series 0.9
----------------------------------------

Version 0.9.2, 2002-08-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* DH_PrivateKey::public_value() was returning the wrong value
* Various BigInt optimizations
* The filters.h header now includes hex.h and base64.h
* Moved Counter mode to ctr.h
* Fixed a couple minor problems with VC++ 7
* Fixed problems with the RPM spec file

Version 0.9.1, 2002-08-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Grand rename from OpenCL to Botan
* Major optimizations for the PK algorithms
* Added ElGamal encryption
* Added Whirlpool
* Tweaked memory allocation parameters
* Improved the method of seeding the global RNG
* Moved pkcs1.h to eme_pkcs.h
* Added more test vectors for some algorithms
* Fixed error reporting in the BigInt tests
* Removed Default_Timer, it was pointless
* Added some new example applications
* Removed some old examples that weren't that interesting
* Documented the compression modules

Version 0.9.0, 2002-08-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* EMSA4 supports variable salt size
* PK_* can take a string naming the encoding method to use
* Started writing some internals documentation

Series 0.8
----------------------------------------

Version 0.8.7, 2002-07-30
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed bugs in EME1 and EMSA4
* Fixed a potential crash at shutdown
* Cipher modes returned an ill-formed name
* Removed various deprecated types and headers
* Cleaned up the Pipe interface a bit
* Minor additions to the documentation
* First stab at a Visual C++ makefile (doc/Makefile.vc7)

Version 0.8.6, 2002-07-25
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added EMSA4 (aka PSS)
* Brought the manual up to date; many corrections and additions
* Added a parallel hash function construction
* Lookup supports all available algorithms now
* Lazy initialization of the lookup tables
* Made more discrete logarithm groups available through get_dl_group()
* StreamCipher_Filter supports seeking (if the underlying cipher does)
* Minor optimization for GCD calculations
* Renamed SAFER_SK128 to SAFER_SK
* Removed many previously deprecated functions
* Some now-obsolete functions, headers, and types have been deprecated
* Fixed some bugs in DSA prime generation
* DL_Group had a constructor for DSA-style prime gen but it wasn't defined
* Reversed the ordering of the two arguments to SEAL's constructor
* Fixed a threading problem in the PK algorithms
* Fixed a minor memory leak in lookup.cpp
* Fixed pk_types.h (it was broken in 0.8.5)
* Made validation tests more verbose
* Updated the check and example applications

Version 0.8.5, 2002-07-21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
* Added a DL_Group class
* Reworking of the pubkey internals
* Support in lookup for aliases and PK algorithms
* Renamed CAST5 to CAST_128 and CAST256 to CAST_256
* Added EMSA1
* Reorganization of header files
* LibraryInitializer will install new allocator types if requested
* Fixed a bug in Diffie-Hellman key generation
* Did a workaround in pipe.cpp for GCC 2.95.x on Linux
* Removed some debugging code from init.cpp that made FTW ES useless
* Better checking for invalid arguments in the PK algorithms
* Reduced Base64 and Hex default line length (if line breaking is used)
* Fixes for HP's aCC compiler
* Cleanups in BigInt

Version 0.8.4, 2002-07-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added Nyberg-Rueppel signatures
* Added Diffie-Hellman key exchange (kex interface is subject to change)
* Added KDF2
* Enhancements to the lookup API
* Many things formerly taking pointers to algorithms now take names
* Speedups for prime generation
* LibraryInitializer has support for seeding the global RNG
* Reduced SAFER-SK128 memory consumption
* Reversed the ordering of public and private key values in DSA constructor
* Fixed serious bugs in MemoryMapping_Allocator
* Fixed memory leak in Lion
* FTW_EntropySource was not closing the files it read
* Fixed line breaking problem in Hex_Encoder

Version 0.8.3, 2002-06-09
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added DSA and Rabin-Williams signature schemes
* Added EMSA3
* Added PKCS#1 v1.5 encryption padding
* Added Filters for PK algorithms
* Added a Keyed_Filter class
* LibraryInitializer processes arguments now
* Major revamp of the PK interface classes
* Changed almost all of the Filters for non-template operation
* Changed HMAC, Lion, Luby-Rackoff to non-template classes
* Some fairly minor BigInt optimizations
* Added simple benchmarking for PK algorithms
* Added hooks for fixed base and fixed exponent modular exponentiation
* Added some examples for using RSA
* Numerous bugfixes and cleanups
* Documentation updates

Version 0.8.2, 2002-05-18
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added an (experimental) algorithm lookup interface
* Added code for directly testing BigInt
* Added SHA2-384
* Optimized SHA2-512
* Major optimization for Adler32 (thanks to Dan Nicolaescu)
* Various minor optimizations in BigInt and related areas
* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
* Fixed a bug in BufferingFilter
* Made a few fixes for MacOS X
* Added a workaround in configure.pl for GCC 2.95.x
* Better support for PowerPC, ARM, and Alpha
* Some more cleanups

Version 0.8.1, 2002-05-06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Major code cleanup (check doc/deprecated.txt)
* Various bugs fixed, including several portability problems
* Renamed MessageAuthCode to MessageAuthenticationCode
* A replacement for X917 is in x917_rng.h
* Changed EMAC to non-template class
* Added ANSI X9.19 compatible CBC-MAC
* TripleDES now supports 128 bit keys

Version 0.8.0, 2002-04-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Merged BigInt: many bugfixes and optimizations since alpha2
* Added RSA (rsa.h)
* Added EMSA2 (emsa2.h)
* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
* Changed some interfaces, including SymmetricKey, to support the global rng
* Fixed a serious bug in ManagedAllocator
* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
* Removed some deprecated stuff
* Added a global random number generator (rng.h)
* Added clone functions to most of the basic algorithms
* Added a library initializer class (init.h)
* Version macros in version.h
* Moved the base classes from opencl.h to base.h
* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
* Documentation updates for the new stuff (still incomplete)
* Many new deprecated things: check doc/deprecated.txt

Series 0.7
----------------------------------------

Version 0.7.10, 2002-04-07
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Added EGD_EntropySource module (es_egd)
* Added a file tree walking EntropySource (es_ftw)
* Added MemoryLocking_Allocator module (alloc_mlock)
* Renamed the pthr_mux, unix_rnd, and mmap_mem modules
* Changed timer mechanism; the clock method can be switched on the fly.
* Renamed MmapDisk_Allocator to MemoryMapping_Allocator
* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
* Fixed several bugs in MemoryMapping_Allocator
* Added more default sources for Unix_EntropySource
* Changed SecureBuffer to use same allocation methods as SecureVector
* Added bigint_divcore into mp_core to support BigInt alpha2 release
* Removed some Pipe functions deprecated since 0.7.8
* Some fixes for the configure program

Version 0.7.9, 2002-03-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Memory allocation substantially revamped
* Added memory allocation method based on mmap(2) in the mmap_mem module
* Added ECB and CTS block cipher modes (ecb.h, cts.h)
* Added a Mutex interface (mutex.h)
* Added module pthr_mux, implementing the Mutex interface
* Added Threaded Filter interface (thr_filt.h)
* All algorithms can now by keyed with SymmetricKey objects
* More testing occurs with --validate (expected failures)
* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
* Made X917 safer (and about 1/3 as fast)
* Documentation updates

Version 0.7.8, 2002-02-28
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
    better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION
* Added a BufferingFilter class
* Added popen() based EntropySource for generic Unix systems (unix_rnd)
* Moved 'devrand' module into main distribution (ent_file.h), renamed to
    File_EntropySource, and changed interface somewhat.
* Made Randpool somewhat more conservative and also 25% faster
* Minor fixes and updates for the configure script
* Added some tweaks for memory allocation
* Documentation updates for the new Pipe interface
* Fixed various minor bugs
* Added a couple of new example programs (stack and hasher2)

Version 0.7.7, 2001-11-24
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Filter::send now works in the constructor of a Filter subclass
* You may now have to include <opencl/pipe.h> explicitly in some code
* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
* Enhancements to SecureVector (append, destroy functions)
* New infrastructure for secure memory allocation
* Added IEEE P1363 primitives MGF1, EME1, KDF1
* Rijndael optimizations and cleanups
* Changed CipherMode<B> to BlockCipherMode(B*)
* Fixed a nasty bug in pipe_unixfd
* Added portions of the BigInt code into the main library
* Support for VAX, SH, POWER, PowerPC-64, Intel C++

Version 0.7.6, 2001-10-14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fixed several serious bugs in SecureVector created in 0.7.5
* Square optimizations
* Fixed shared objects on MacOS X and HP-UX
* Fixed static libs for KCC 4.0; works with KCC 3.4g as well
* Full support for Athlon and K6 processors using GCC
* Added a table of prime numbers < 2**16 (primes.h)
* Some minor documentation updates

Version 0.7.5, 2001-08-19
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Split checksum.h into adler32.h, crc24.h, and crc32.h
* Split modes.h into cbc.h, cfb.h, and ofb.h
* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
* Added OneAndZeros and NoPadding methods for CBC
* Added Lion, a very fast block cipher construction
* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
* Basic types (ciphers, hashes, etc) know their names now (call name())
* Changed the EntropySource type somewhat
* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
* Some semantics of SecureVector have changed slightly
* The mlock module has been removed for the time being
* Added string handling functions for hashes and MACs
* Various non-user-visible cleanups
* Shared library soname is now set to the full version number

Version 0.7.4, 2001-07-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
* Fixed a vast number of errors in the config script/makefile/specfile
* Pipe now has a stdio(3) interface as well as C++ iostreams
* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
* Bzip2 supports decompressing multiple concatenated streams, and flushing
* Added a simple 'overall average' score to the benchmarks
* Fixed a small bug in the POSIX timer module
* Removed a very-unlikely-to-occur bug in most of the hash functions
* filtbase.h now includes <iosfwd>, not <iostream>
* Minor documentation updates

Version 0.7.3, 2001-06-08
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Fix build problems on Solaris/SPARC
* Fix build problems with Perl versions < 5.6
* Fixed some stupid code that broke on a few compilers
* Added string handling functions to Pipe
* MISTY1 optimizations

Version 0.7.2, 2001-06-03
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Build system supports modules
* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
* Added Bzip2 compression filter, contributed by Peter Jones
* GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
* Fixed minor bug in several of the hash functions
* Various other minor fixes and changes
* Updates to the documentation

Version 0.7.1, 2001-05-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Rewrote configure script: more consistent and complete
* Made it easier to find out parameters of types at run time (opencl.h)
* New functions for finding the version being used (version.h)
* New SymmetricKey interface for Filters (symkey.h)
* InvalidKeyLength now records what the invalid key length was
* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
* Changed GOST to use correct S-box ordering (incompatible change)
* Benchmark code was almost totally rewritten
* Many more entries in the test vector file
* Fixed minor and idiotic bug in check.cpp

Version 0.7.0, 2001-03-01
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* First public release

