changes

NIST推荐的素域上的椭圆曲线

Nov 24th, 2002
v0.75  -- Fixed a flaw in hash_filehandle, it should ARGCHK that the filehandle is not NULL
       -- Fixed a bug where in hash_file if the call to hash_filehandle failed the open file would 
          not be closed.
       -- Added more strict rules to build process, starting to weed out "oh this works in GCC" style code
          In the next release "-Wconversion" will be enabled which will deal with all implicit casts.

Nov 22nd, 2002 [later in the day]
v0.74  -- Wrote a small variant of SAFER+ which shaved 50KB off the size of the library on x86 platforms
       -- Wrote a build option to remove the PK packet functions [keeps the encrypt_key/sign_hash functions]
       -- Wrote a small variant of Rijndael (trimmed 13KB)
       -- Trimmed the TIGER/192 hash function a bit
       -- Overall the entire lib compiled is 295KB [down from 400KB before]
       -- Fixed a few minor oversights in the MSVC makefile

Nov 22nd, 2002
v0.73  -- Fixed bug in RC4 code where it could only use 255 byte keys.
       -- Fixed bug in yarrow code where it would allow cast5 or md2 to be used with it...
       -- Removed the ecc compress/expand points from the global scope.  Reduces namespace polution
       -- Fixed bug where if you used the SPRNG you couldn't pass NULL as your prng_state which you should be
          able todo since the SPRNG has no state...
       -- Corrected some oversights in the manual and the examples...
       -- By default the GF(2^W) math library is excluded from the build.  The source is maintained because I wrote it
          and like it :-).  This way the built library is a tad smaller
       -- the MSVC makefile will now build for a SPACE optimized library rather than TIME optimized.

Nov 21th, 2002
v0.72  -- Fixed bug in the prime testing.  In the Miller-Rabin test I was raising the base to "N-1" not "r".
          The math still worked out fine because in effect it was performing a Fermat test.  Tested the new code and it 
          works properly
       -- Fixed some of the code where it was still using the old error syntax
       -- Sped up the RSA decrypt/sign routines
       -- Optimized the ecc_shared_secret routine to not use so much stack
       -- Fixed up the makefile to make releases where the version # is in the file name and directory it will unzip
          to

Nov 19th, 2002
v0.71  -- HELP TOM.  I need tuition for the January semester.  Now I don't want to force donations [nor will I ever]
          but I really need the help!  See my website http://tom.iahu.ca/help_tom.html for more details.  Please help
          if you can! 
       --------------------------------------------------------------------------------------------------------------
       -- Officially the library is no longer supported in GCC 3.2 in windows [cygwin].
          In windows you can either use GCC 2.95.3 or try your luck with 3.2  It seems that
          "-fomit-frame-pointer" is broken in the windows build [but not the linux x86 build???]
          If you simply must use 3.2 then I suggest you limit the optimizations to simply "-O2"
       -- Started new error handling API.  Similar to the previous except there are more error codes than just
          CRYPT_ERROR
       -- Added my implementation of the MD2 hash function [despite the errors in the RFC I managed to get it right!]
       -- Merged in more changes from Sky Schulz.  I have to make mention here that he has been a tremendous help in 
          getting me motivated to make some much needed updates to the library!
       -- Fixed one of the many mistakes in the manual as pointed out by Daniel Richards
       -- Fixed a bug in the RC4 code [wasn't setting up the key correctly]
       -- Added my implementation of the CAST5 [aka CAST-128] block cipher (conforms...)
       -- Fixed numerous bugs in the PK code.  Essentially I was "freeing" keys when the import failed.  This is neither
          required nor a good a idea [double free].  
       -- Tom needs a job.
       -- Fixed up the test harness as requested by Sky Schulz.  Also modifed the timing routines to run for X seconds
          and count # of ops performed.  This is more suitable than say encrypting 10 million blocks on a slow processor
          where it could take minutes!
       -- Modified test programs hashsum/encrypt to use the new algorithms and error handling syntax
       -- Removed the PKCS code since it was incomplete.  In the future I plan on writing a "add-on" library that
          provides PKCS support... 
       -- updated the config system so the #defines are in the makefiles instead of mycrypt_cfg.h  
       -- Willing to work on an hourly basis for 15$ CDN per hour.
       -- updated the test program to not test ciphers not included
       -- updated the makefile to make "rsa_sys.c" a dependency of rsa.o [helps develop the code...]
       -- fixed numerous failures to detect buffer overflows [minor] in the PK code.
       -- fixed the safer [64-bit block version] test routines which didn't check the returns of the setup
          function
       -- check out my CV at http://tom.iahu.ca/cv.html
       -- removed the GBA makefile and code from demos/test.c [not a particularly useful demo...]
       -- merged in rudimentary [for testing] PS2 RNG from Sky Schulz
       -- merged in PS2 timer code [only shell included due to NDA reasons...]
       -- updated HMAC code to return errors where possible
       -- Thanks go to Sky Schulz who bought me a RegCode for TextPad [the official editor of libtomcrypt]

Nov 12th, 2002
v0.70  -- Updated so you can swap out the default malloc/calloc/free routines at build time with others. (Sky Schulz)
       -- Sky Schulz contributed some code towards autodetecting the PS2 in mycrypt_cfg.h
       -- Added PS2 makefile contributed by Sky Schulz [see a pattern forming?]
       -- Added ability to have no FILE I/O functions at all (see makefile), Sky Schulz....
       -- Added support for substituting out the clock() function (Sky Schulz)
       -- Fixed up makefile to include new headers in the HEADERS variable
       -- Removed "coin.c" as its not really useful anyways
       -- Removed many "debug" printfs that would show up on failures.  Basically I wanted to ensure the only output
          would be from the developer themselves.
       -- Added "rc4.c" a RC4 implementation with a PRNG interface.  Since RC4 isn't a block cipher it wouldn't work
          too well as a block cipher.
       -- Fixed ARGCHK macro usage when ARGTYPE=1 throughout the code
       -- updated makefile to make subdirectory properly (Sku Schulz)
       -- Started towards new API setup.  Instead of checking for "== CRYPT_ERROR" you should check "!= CRYPT_OK"
          In future releases functions will return things other than CRYPT_ERROR on error to give more useful
          thread safe error reporting.  The manual will be updated to reflect this.  For this release all
          errors are returned as CRYPT_ERROR (except as noted) but in future releases this will change.         
       -- Removed the zlib branch since its not really required anyways.  Makes the package smaller

Nov 11th, 2002
v0.69  -- Added ARGCHK (see mycrypt_argchk.h) "arguement checking" to all functions that accept pointers
       -- Note I forgot to change the CRYPT version tag in v0.68... fixed now.

Nov 8th, 2002
v0.68  -- Fixed flaw in kr_import/kr_export that wasted 4 bytes.  Source but not binary compatible with v0.67
       -- Fixed bug in kr_find_name that used memcmp to match strings.  Uses strncmp now.
       -- kr_clear now sets the pointer to NULL to facilate debugging [e.g. using the keyring after clearing]
       -- static functions in _write/_read in keyring.c now check the return of ctr_encrypt/ctr_decrypt.
       -- Updated blowfish/rc2/rc5/rc6 keysize() function to not reject keys larger than the biggest key the
          respective ciphers can use.  
       -- Fixed a bug in hashsum demo that would report the hash for files that don't exist!

Oct 16th, 2002
v0.67  -- Moved the function prototypes into files mycrypt_*.h.  To "install" the lib just copy all the 
          header files "*.h" from the base of this project into your global include path.
       -- Made the OFB/CFB/CTR functions use "unsigned long" for the length instead of "int"
       -- Added keyring support for the PK functions
       -- ***API CHANGE*** changed the ecc_make_key and dh_make_key to act more like rsa_make_key.  Basically
          move the first argument to the next to last.
       -- Fixed bug in dh_test() that wouldn't test the primality of the order of the sub-group
       -- replaced the primes in the DH code with new ones that are larger than the size they are 
          associated with.  That is a 1024-bit DH key will have a 1025-bit prime as the modulus
       -- cleaned up all the PK code, changed a bit of the API around [not source compatible with v0.66]
       -- major editing of the manual, started Docer program
       -- added 160 and 224 bit key settings for ECC.  This makes the DH and ECC binary wise incompatible with v0.66
       -- Added an additional check for memory errors in is_prime() and cleaned up prime.c a bit
       -- Removed ID_TAG from all files [meh, not a big fan...]
       -- Removed unused variable from yarrow state and made AES/SHA256 the default cipher/hash combo
       -- Fixed a bug in the Yarrow code that called prng_is_valid instead of cipher_is_valid from yarrow_start()
       -- The ECB/CBC/OFB/CFB/CTR wrappers now check that the cipher is valid in the encrypt/decrypt calls
          Returns int now instead of void.

Sept 24th, 2002
v0.66  -- Updated the /demos/test.c program to time the hashes correctly.  Also it uses the yarrow PRNG for all of the 
          tests meaning its possible to run on RNG less platforms 
       -- Updated the /demos/hashsum.c program to hash from the standard input
       -- Updated the RSA code to make keys a bit quicker [update by Wayne Scott] by not making both primes at the same
          time.
       -- Dan Kaminsky suggested some cleanups for the code and the MPI config
          Code ships in unix LF format by default now too... will still build in MSVC and all... but if you want
          to read the stuff you'll have to convert it 
       -- Changes to the manual to reflect new API [e.g. hash_memory/file have v0.65 prototypes]and some typos fixed

Sept 20th, 2002
v0.65  -- Wayne Scott (wscott@bitmover.com) made a few of suggestions to improve the library.  Most 
          importantly he pointed out the math lib is not really required.  He's also tested the lib on 18 
          different platforms.  According to him with only a few troubles [lack of /dev/random, etc] the 
          library worked as it was supposed to.  You can find the list at 
          http://www.bitkeeper.com/Products.BitKeeper.Platforms.html
       -- Updated the hash_file and hash_memory functions to keep track of the size of the output
       -- Wayne Scott updated the demos/test.c file to use the SPRNG less and Yarrow more
       -- Modified the mycrypt_cfg.h to autodetect x86-32 machines

Sept 19th, 2002
v0.64  -- wrote makefile for the GBA device [and hacked the demos/test.c file to support it conditionally]
       -- Fixed error in PK (e.g. ECC, RSA, DH) import functions where I was clobbering the packet error messages
       -- fixed more typos in the manual
       -- removed all unused variables from the core library (ignore the ID_TAG stuff)
       -- added "const char *crypt_build_settings" string which is a build time constant that gives a listing
          of all the build time options.  Useful for debugging since you can send that to me and I will know what 
          exactly you had set for the mycrypt_cfg.h file.
       -- Added control over endianess.  Out of the box it defaults to endianess neutral but you can trivially 
          configure the library for your platform.  Using this I boosted RC5 from 660Mbit/sec to 785Mbit/sec on my 
          Athlon box.  See "mycrypt_cfg.h" for more information.

Sept 11th, 2002
v0.63  -- Made hashsum demo output like the original md5sum program 
       -- Made additions to the examples in the manual (fixed them up a bunch)
       -- Merged in the base64 code from Wayne Scott (wscott@bitmover.com)

Aug 29th, 2002
v0.62  -- Added the CLEAN_STACK functionality to several of the hashes I forgot to update.

Aug 9th, 2002
v0.61  -- Fixed a bug in the DES code [oops I read something wrong].

Aug 8th, 2002
v0.60  -- Merged in DES code [and wrote 3DES-EDE code based on it] from Dobes V.

Aug 7th, 2002
v0.59  -- Fixed a "unsigned long long" bug that caused v0.58 not to build in MSVC.
       -- Cleaned up a little in the makefile
       -- added code that times the hash functions too in the test program

Aug 3rd, 2002
v0.58  -- Added more stack cleaning conditionals throughout the code.  
       -- corrected some CLEAR_STACK conditionals... should have been CLEAN_STACK
       -- Simplified the RSA, DH and ECC encrypt() routines where they use CTR to encode the message
          now they only make one call to ctr_encrypt()/ctr_decrypt().

Aug 2nd, 2002
v0.57  -- Fixed a few errors messages in the SAFER code to actually report the correct cipher name.
       -- rsa_encrypt() uses the "keysize()" method of the cipher being used to more accurately pick a
          key size.  By default rsa_encrypt() will choose to use a 256-bit key but the cipher can turn that 
          down if required.
       -- The rsa_exptmod() function will now more reliably detect invalid inputs (e.g. greater than the modulus).
       -- The padding method for RSA is more clearly documented.  Namely if you want to encrypt/sign something of length
          N then your modulus must be of length 1+3N.  So to sign a message with say SHA-384 [48 bytes] you need a 
          145 byte (1160 bits) modulus.  This is all in the manual now.
       -- Added build option CLEAN_STACK which will allow you to choose whether you want to clean the stack or not after every
          cipher/hash call
       -- Sped up the hash "process()" functions by not copying one byte at a time.
       ++ (added just after I uploaded...)
          MD4 process() now handles input buffers > 64 bytes

Aug 1st, 2002
v0.56  -- Cleaned up the comments in the Blowfish code.
       -- Oh yeah, in v0.55 I made all of the descriptor elements constant.  I just forgot to mention it.
       -- fixed a couple of places where descriptor indexes were tested wrong.  Not a huge bug but now its harder
          to mess up.
       -- Added the SAFER [64-bit block] ciphers K64, SK64, K128 and SK128 to the library.