-*- mode: outline -*-

* Version 0.11, released 10-11-2005

** bugfixes

Fixed tests HMAC.0 and HMAC.1 (which would have worked had they referred
to the proper ASCII-STRING-TO-BYTE-ARRAY...).  (Thanks to Raymond Toy.)

Fixed CBC mode decryption to match CBC mode encryption.  *blush*
(Thanks to Travis Cross.)  Sanity checks have been added to the test
suite to make this sort of thing less likely to happen in the future.

Fixed the initializer for CRC24; CRC24 now works properly.

Fixed a hashing bug common to MD{2,4,5}, SHA-1, SHA-256, RIPEMD-128,
RIPEMD-160, and Tiger when updating the digest state with an amount of
data smaller than the space remaining in the internal buffer.  Tests
have been added to ensure this doesn't happen again.

Fixed DIGEST-SEQUENCE on SBCL and CMUCL to respect the fill-pointer of
a vector.  (Thanks to Steve Smith.)

** new features

A new generic function to inspect supported key lengths for ciphers has
been added.  By no small coincidence, it is named KEY-LENGTHS.  Please
see its documentation string for details.  (Thanks to Travis Cross.)

Counter mode (:CTR) encryption and decryption has been added.

Octet streams, which are like string-streams, only for octet vectors,
have been added.  As of this release, they only work in SBCL and
OpenMCL; if your favorite implementation is not supported, patches are
welcome.

Asymmetric encryption routines have been included in this release; only
DSA (signing and verification) routines are included.  Although test
vectors are not (yet) included, this release of Ironclad was signed
using routines from Ironclad.

IMPORTANT: Please note that DSA signing of messages is on the *digest*
of the message, not the message itself.  Please also note that the
DSA signing routine requires *random* numbers; it currently uses
CL:RANDOM for this purpose, which is probably *NOT* secure enough for
your needs.  Please make any changes you deem necessary to the signing
routine to accomodate your security level.

Feedback is sought on the interface to the routines:

- MAKE-PUBLIC-KEY
- MAKE-PRIVATE-KEY
- SIGN-MESSAGE
- VERIFY-MESSAGE

DEFGENERICs for ENCRYPT-MESSAGE and DECRYPT-MESSAGE have been included.
No methods on them are currently defined.  Methods for RSA keys and
ElGamal keys will likely be forthcoming in a future release.  Feedback
is also requested for those functions as well.

* Version 0.10, released 01-11-2005

** bugfixes

Exported several block cipher context class names that were previously
unexported.

Digesting files and streams now works properly on MCL and other Lisps
that "mangle" stream-element-type.  (Thanks to Hoan Ton-That.)

** new features

Functions ASCII-STRING-TO-BYTE-ARRAY and BYTE-ARRAY-TO-HEX-STRING
were moved from the IRONCLAD-TESTS package into Ironclad itself.  These
functions seem useful enough to have around at all times.  Please see
the docstrings for these functions for usage documentation.  (Thanks to
kire on #lisp for suggesting this.)

** improvements

The memory footprint of Ironclad should be slightly reduced.

MAKE-CIPHER throws real errors for unsupported ciphers
(IRONCLAD:UNSUPPORTED-CIPHER) or modes (IRONCLAD:UNSUPPORTED-MODE),
rather than NO-APPLICABLE-METHOD.

* Version 0.9.1, released 13-09-2005

** bugfixes

Fixed problems related to non-ANSI use of SUBSEQ on circular lists.

* Version 0.9, released 13-09-2005

** bugfixes

The TripleDES block cipher now passes all included test vectors.

** new features

The RC6 block cipher has been added, with tests.

The MISTY1 block cipher has been added, with tests.  MISTY1 is unique
among the current crop of ciphers supported by Ironclad, as an
implementation that uses 16-bit arithmetic rather than 32-bit is
straightforward.  Therefore, MISTY1's performance should be better than,
say, DES or Blowfish on Common Lisp implementations that do not support
unboxed 32-bit arithmetic.

** performance improvements

The performance of the SHA-1 and SHA-256 hash functions should be
significantly improved.

* Version 0.8, released 29-08-2005

** bugfixes

Added missing :LOAD-TOPLEVEL to EVAL-WHEN in blowfish.lisp; tests now
pass on ACL 7.0, Linux/x86.  (Thanks to chavatar on #lisp.)

Fixed a case when digesting a file would throw a TYPE-ERROR.  (Thanks to
Hoan Ton-That.)

Test vectors have been added for TripleDES, which immediately caught
several bugs in the current implementation.  However, many of the
TripleDES tests do not pass in the current release.  Using TripleDES
until all tests pass is not recommended.

Test vectors have been added for SHA-1, which immediately caught a bug
in the production of digests.  This bug has been fixed.

** new features

The RC5 cipher has been added, with tests.

The SHA-256 hash function has been added, with tests.

* Version 0.7.2, released 24-08-2005

** bugfixes

Fixed calls to ROL32 to only use positive arguments.  This change should
result in more tests (particularly the Twofish tests) passing on
non-SBCL implementations.  (Thanks to Raymond Toy for tracking this one
down.)

Fixed some ACL 6.2 (trial) warnings related to multiply-defined
functions, non-EVAL-WHEN'd DEFCONSTANT forms, unused variables, and an
incomplete ASDF system definition.  These fixes should also eliminate
warnings in other implementations as well.  (Thanks to chavatar on #lisp
for motivating this.)

* Version 0.7.1, released 23-08-2005

** bugfixes

UPDATE-HMAC now returns the HMAC object upon which it operated, rather
than internal hashing state.  (Thanks to rich_holygoat on #lisp.)

Condition names are now exported from the IRONCLAD package.

FINALIZE-ADLER32-STATE was fixed to properly store and return the
computed digest.  (Thanks to Raymond Toy.)

The test suite now excludes Tiger on non-SBCL Common Lisps (since Tiger
is currently only supported on SBCL).  (Thanks to Raymond Toy.)

* Version 0.7, released 11-08-2005

** incompatible changes

Support for SBCL versions older than 0.9.0 has been removed.

** bugfixes

The RIPEMD family of hash functions now passes all included test vectors.

The MD4 hash function now passes all included test vectors.

The CAST5 block cipher now passes all included test vectors.

When appropriate, ARRAY-DIMENSION-LIMIT is now used to specify types
instead of ARRAY-TOTAL-SIZE-LIMIT.

A bug related to an argument-passing mismatch between the low-level
hashing routines and their high-level counterparts has been fixed.

** new features

TripleDES has been added.

Real conditions (subclasses of IRONCLAD:IRONCLAD-ERROR) are now signaled
in several exceptional situations.

*** introspection changes

New generic functions DIGEST-LENGTH and BLOCK-LENGTH have been added.
Please see the documentation strings for these generic functions for
details.

* Version 0.6, released 21-02-2005

** bugfixes

Due to the addition of a real, functioning test suite, many bugs have
been fixed, including an embarassing one involving decryption.  While
not all of the provided digest functions and ciphers pass the test suite
yet, the number of fixes brought about by adding the test suite called
for a new release.

The AES, Twofish, IDEA, DES, and Blowfish implementations pass the test
suite along with the MD5, SHA-1 and Tiger hash function implementations.

** new features

The checksums Adler32, CRC24, and CRC32 have been added.

The IDEA and Twofish ciphers have been added.

New digest interfaces have been added.  Please check the documentation
strings for MAKE-DIGEST, COPY-DIGEST, UPDATE-DIGEST, and PRODUCE-DIGEST
for details.

Support for HMACs has been added.

** optimizations

FETCH-UB32 and STORE-UB32 are now coded inline, which should eliminate
bignum consing in some implementations.

Better type declarations have been added to make the extraction of
word-sized data from (UNSIGNED-BYTE 32) vectors less expensive.

The Blowfish implementation has been optimized and should cons less.

The AES implementation has been optimized and should be at least 2x faster.

* Version 0.5, released 05-01-2005

** bugfixes

The Square cipher was severly broken in previous releases.  This
oversight has been remedied.  Other ciphers were broken in similar
ways (e.g. argument ordering problems) and the function definitions
for the cipher operation modes were broken as well.  These problems have
been fixed.

** incompatible changes

Strings are no longer "digestable"--you must convert the string to a
byte vector before digesting it.

Hex strings are no longer permitted as keys for ciphers.

** introspection changes

Added functions {DIGEST,CIPHER,MODE}-SUPPORTED-P and
LIST-ALL-{DIGEST,CIPHER,MODE}S so applications can determine on the fly
what algorithms are supported by the package.

** test framework added

Test vectors from official specifications have been added to the package
and ASDF definitions for a test framework have been added as well.  Note
that the testing suite is not yet fully operational. :)

* Version 0.4, released 27-11-2004

Cipher keys can now be specified as hexadecimal strings or as byte
vectors.

Various little cleanups were made.

* Version 0.3, released 26-11-2004

initial release
