diff --git a/History.txt b/History.txt index 51412912..e0cdbebb 100644 --- a/History.txt +++ b/History.txt @@ -1,392 +1,392 @@ -*** History *** - -The History file contains the items that comprise the release notes. The -items in the list below used to be in Readme.txt. Readme.txt now contans the -last several releases. - -1.0 - First public release. Withdrawn at the request of RSA DSI. - - included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA, - MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression - - had a serious bug in the RSA key generation code. - -1.1 - Removed RSA, RC4, RC5 - - Disabled calls to RSAREF's non-public functions - - Minor bugs fixed - -2.0 - a completely new, faster multiprecision integer class - - added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser, - elliptic curve algorithms - - added the Lucas strong probable primality test - - ElGamal encryption and signature schemes modified to avoid weaknesses - - Diamond changed to Diamond2 because of key schedule weakness - - fixed bug in WAKE key setup - - SHS class renamed to SHA - - lots of miscellaneous optimizations - -2.1 - added Tiger, HMAC, GOST, RIPE-MD160, LUCELG, LUCDIF, XOR-MAC, - OAEP, PSSR, SHARK - - added precomputation to DH, ElGamal, DSA, and elliptic curve algorithms - - added back RC5 and a new RSA - - optimizations in elliptic curves over GF(p) - - changed Rabin to use OAEP and PSSR - - changed many classes to allow copy constructors to work correctly - - improved exception generation and handling - -2.2 - added SEAL, CAST-128, Square - - fixed bug in HAVAL (padding problem) - - fixed bug in triple-DES (decryption order was reversed) - - fixed bug in RC5 (couldn't handle key length not a multiple of 4) - - changed HMAC to conform to RFC-2104 (which is not compatible - with the original HMAC) - - changed secret sharing and information dispersal to use GF(2^32) - instead of GF(65521) - - removed zero knowledge prover/verifier for graph isomorphism - - removed several utility classes in favor of the C++ standard library - -2.3 - ported to EGCS - - fixed incomplete workaround of min/max conflict in MSVC - -3.0 - placed all names into the "CryptoPP" namespace - - added MD2, RC2, RC6, MARS, RW, DH2, MQV, ECDHC, CBC-CTS - - added abstract base classes PK_SimpleKeyAgreementDomain and - PK_AuthenticatedKeyAgreementDomain - - changed DH and LUCDIF to implement the PK_SimpleKeyAgreementDomain - interface and to perform domain parameter and key validation - - changed interfaces of PK_Signer and PK_Verifier to sign and verify - messages instead of message digests - - changed OAEP to conform to PKCS#1 v2.0 - - changed benchmark code to produce HTML tables as output - - changed PSSR to track IEEE P1363a - - renamed ElGamalSignature to NR and changed it to track IEEE P1363 - - renamed ECKEP to ECMQVC and changed it to track IEEE P1363 - - renamed several other classes for clarity - - removed support for calling RSAREF - - removed option to compile old SHA (SHA-0) - - removed option not to throw exceptions - -3.1 - added ARC4, Rijndael, Twofish, Serpent, CBC-MAC, DMAC - - added interface for querying supported key lengths of symmetric ciphers - and MACs - - added sample code for RSA signature and verification - - changed CBC-CTS to be compatible with RFC 2040 - - updated SEAL to version 3.0 of the cipher specification - - optimized multiprecision squaring and elliptic curves over GF(p) - - fixed bug in MARS key setup - - fixed bug with attaching objects to Deflator - -3.2 - added DES-XEX3, ECDSA, DefaultEncryptorWithMAC - - renamed DES-EDE to DES-EDE2 and TripleDES to DES-EDE3 - - optimized ARC4 - - generalized DSA to allow keys longer than 1024 bits - - fixed bugs in GF2N and ModularArithmetic that can cause calculation errors - - fixed crashing bug in Inflator when given invalid inputs - - fixed endian bug in Serpent - - fixed padding bug in Tiger - -4.0 - added Skipjack, CAST-256, Panama, SHA-2 (SHA-256, SHA-384, and SHA-512), - and XTR-DH - - added a faster variant of Rabin's Information Dispersal Algorithm (IDA) - - added class wrappers for these operating system features: - * high resolution timers on Windows, Unix, and MacOS - * Berkeley and Windows style sockets - * Windows named pipes - * /dev/random and /dev/urandom on Linux and FreeBSD - * Microsoft's CryptGenRandom on Windows - - added support for SEC 1 elliptic curve key format and compressed points - - added support for X.509 public key format (subjectPublicKeyInfo) for - RSA, DSA, and elliptic curve schemes - - added support for DER and OpenPGP signature format for DSA - - added support for ZLIB compressed data format (RFC 1950) - - changed elliptic curve encryption to use ECIES (as defined in SEC 1) - - changed MARS key schedule to reflect the latest specification - - changed BufferedTransformation interface to support multiple channels - and messages - - changed CAST and SHA-1 implementations to use public domain source code - - fixed bug in StringSource - - optmized multi-precision integer code for better performance - -4.1 - added more support for the recommended elliptic curve parameters in SEC 2 - - added Panama MAC, MARC4 - - added IV stealing feature to CTS mode - - added support for PKCS #8 private key format for RSA, DSA, and elliptic - curve schemes - - changed Deflate, MD5, Rijndael, and Twofish to use public domain code - - fixed a bug with flushing compressed streams - - fixed a bug with decompressing stored blocks - - fixed a bug with EC point decompression using non-trinomial basis - - fixed a bug in NetworkSource::GeneralPump() - - fixed a performance issue with EC over GF(p) decryption - - fixed syntax to allow GCC to compile without -fpermissive - - relaxed some restrictions in the license - -4.2 - added support for longer HMAC keys - - added MD4 (which is not secure so use for compatibility purposes only) - - added compatibility fixes/workarounds for STLport 4.5, GCC 3.0.2, - and MSVC 7.0 - - changed MD2 to use public domain code - - fixed a bug with decompressing multiple messages with the same object - - fixed a bug in CBC-MAC with MACing multiple messages with the same object - - fixed a bug in RC5 and RC6 with zero-length keys - - fixed a bug in Adler32 where incorrect checksum may be generated - -5.0 - added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5 - - added key validation for encryption and signature public/private keys - - renamed StreamCipher interface to SymmetricCipher, which is now implemented - by both stream ciphers and block cipher modes including ECB and CBC - - added keying interfaces to support resetting of keys and IVs without - having to destroy and recreate objects - - changed filter interface to support non-blocking input/output - - changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows - - grouped related classes inside structs to help templates, for example - AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption - - where possible, typedefs have been added to improve backwards - compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined - - changed Serpent, HAVAL and IDEA to use public domain code - - implemented SSE2 optimizations for Integer operations - - fixed a bug in HMAC::TruncatedFinal() - - fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02 - -5.01 - added known answer test for X9.17 RNG in FIPS 140 power-up self test - - submitted to NIST/CSE, but not publicly released - -5.02 - changed EDC test to MAC integrity check using HMAC/SHA1 - - improved performance of integrity check - - added blinding to defend against RSA timing attack - -5.03 - created DLL version of Crypto++ for FIPS 140-2 validation - - fixed vulnerabilities in GetNextIV for CTR and OFB modes - -5.0.4 - Removed DES, SHA-256, SHA-384, SHA-512 from DLL - -5.1 - added PSS padding and changed PSSR to track IEEE P1363a draft standard - - added blinding for RSA and Rabin to defend against timing attacks - on decryption operations - - changed signing and decryption APIs to support the above - - changed WaitObjectContainer to allow waiting for more than 64 - objects at a time on Win32 platforms - - fixed a bug in CBC and ECB modes with processing non-aligned data - - fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 - signature scheme (these fixes are not backwards compatible) - - fixed a number of compiler warnings, minor bugs, and portability problems - - removed Sapphire - -5.2 - merged in changes for 5.01 - 5.0.4 - - added support for using encoding parameters and key derivation parameters - with public key encryption (implemented by OAEP and DL/ECIES) - - added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320, - RIPEMD-128, RIPEMD-256, Base-32 coding, FIPS variant of CFB mode - - added ThreadUserTimer for timing thread CPU usage - - added option for password-based key derivation functions - to iterate until a mimimum elapsed thread CPU time is reached - - added option (on by default) for DEFLATE compression to detect - uncompressible files and process them more quickly - - improved compatibility and performance on 64-bit platforms, - including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64 - - fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding. - - fixed encoding/decoding of PKCS #8 privateKeyInfo to properly - handle optional attributes - -5.2.1 - fixed bug in the "dlltest" DLL testing program - - fixed compiling with STLport using VC .NET - - fixed compiling with -fPIC using GCC - - fixed compiling with -msse2 on systems without memalign() - - fixed inability to instantiate PanamaMAC - - fixed problems with inline documentation - -5.2.2 - added SHA-224 - - put SHA-256, SHA-384, SHA-512, RSASSA-PSS into DLL - -5.2.3 - fixed issues with FIPS algorithm test vectors - - put RSASSA-ISO into DLL - -5.3 - ported to MSVC 2005 with support for x86-64 - - added defense against AES timing attacks, and more AES test vectors - - changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR" - -5.4 - added Salsa20 - - updated Whirlpool to version 3.0 - - ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006 - -5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly) - - improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, - Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2) - - optimized Camellia and added defense against timing attacks - - updated benchmarks code to show cycles per byte and to time key/IV setup - - started using OpenMP for increased multi-core speed - - enabled GCC optimization flags by default in GNUmakefile - - added blinding and computational error checking for RW signing - - changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce - the risk of reusing random numbers and IVs after virtual machine state - rollback - - changed default FIPS mode RNG from AutoSeededX917RNG to - AutoSeededX917RNG - - fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV - - moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak" - - removed HAVAL, MD5-MAC, XMAC - -5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines - -5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama - to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64) - - fixed Salsa20 initialization crash on non-SSE2 machines - - fixed Whirlpool crash on Pentium 2 machines - - fixed possible branch prediction analysis (BPA) vulnerability in - MontgomeryReduce(), which may affect security of RSA, RW, LUC - - fixed link error with MSVC 2003 when using "debug DLL" form of runtime library - - fixed crash in SSE2_Add on P4 machines when compiled with - MSVC 6.0 SP5 with Processor Pack - - ported to MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, - and Borland C++Builder 2007 - -5.6.0 - added AuthenticatedSymmetricCipher interface class and Filter wrappers - - added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED - - added support for variable length IVs - - added OIDs for Brainpool elliptic curve parameters - - improved AES and SHA-256 speed on x86 and x64 - - changed BlockTransformation interface to no longer assume data alignment - - fixed incorrect VMAC computation on message lengths - that are >64 mod 128 (x86 assembly version is not affected) - - fixed compiler error in vmac.cpp on x86 with GCC -fPIC - - fixed run-time validation error on x86-64 with GCC 4.3.2 -O2 - - fixed HashFilter bug when putMessage=true - - fixed AES-CTR data alignment bug that causes incorrect encryption on ARM - - removed WORD64_AVAILABLE; compiler support for 64-bit int is now required - - ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11 - -5.6.1 - added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM - - removed WAKE-CFB - - fixed several bugs in the SHA-256 x86/x64 assembly code: - * incorrect hash on non-SSE2 x86 machines on non-aligned input - * incorrect hash on x86 machines when input crosses 0x80000000 - * incorrect hash on x64 when compiled with GCC with optimizations enabled - - fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations - - switched to a public domain implementation of MARS - - ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1 - - renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010 - -5.6.2 - changed license to Boost Software License 1.0 - - added SHA-3 (Keccak) - - updated DSA to FIPS 186-3 (see DSA2 class) - - fixed Blowfish minimum keylength to be 4 bytes (32 bits) - - fixed Salsa validation failure when compiling with GCC 4.6 - - fixed infinite recursion when on x64, assembly disabled, and no AESNI - - ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0 - -5.6.3 - maintenance release, honored API/ABI/Versioning requirements - - expanded processes to include community and its input - * 12 unique contributors for this release - - fixed CVE-2015-2141 - - cleared most Undefined Behavior Sanitizer (UBsan) findings - - cleared all Address Sanitizer (Asan) findings - - cleared all Valgrind findings - - cleared all Coverity findings - - cleared all Enterprise Analysis (/analyze) findings - - cleared most GCC warnings with -Wall - - cleared most Clang warnings with -Wall - - cleared most MSVC warnings with /W4 - - added -fPIC 64-bit builds. Off by default for i386 - - added HKDF class from RFC 5868 - - switched to member_ptr due to C++ 11 warnings for auto_ptr - - initialization of C++ static objects, off by default - * GCC and init_priotirty/constructor attributes - * MSVC and init_seg(lib) - * CRYPTOPP_INIT_PRIORITY disabled by default, but available - - improved OS X support - - improved GNUmakefile support for Testing and QA - - added self tests for additional Testing and QA - - added cryptest.sh for systematic Testing and QA - - added GNU Gold linker support - - added Visual Studio 2010 solution and project files in vs2010.zip - - added Clang integrated assembler support - - unconditionally define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS for Makefile - target 'ubsan' and at -O3 due to GCC vectorization on x86 and x86_64 - - workaround ARMEL/GCC 5.2 bug and failed self test - - fixed crash in MQV due to GCC 4.9+ and inlining - - fixed hang in SHA due to GCC 4.9+ and inlining - - fixed missing rdtables::Te under VS with ALIGNED_DATA_ACCESS - - fixed S/390 and big endian feature detection - - fixed S/390 and int128_t/uint128_t detection - - fixed X32 (ILP32) feature detection - - removed _CRT_SECURE_NO_DEPRECATE for Microsoft platforms - - utilized bound checking interfaces from ISO/IEC TR 24772 when available - - improved ARM, ARM64, MIPS, MIPS64, S/390 and X32 (ILP32) support - - introduced CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 - - added additional Doxygen-based documentation - - ported to MSVC 2015, Xcode 7.2, GCC 5.2, Clang 3.7, Intel C++ 16.00 - -5.6.4 - maintenance release, honored API/ABI/Versioning requirements - - expanded community input and support - * 22 unique contributors for this release - - fixed CVE-2016-3995 - - changed SHA3 to FIPS 202 (F1600, XOF d=0x06) - - added Keccak (F1600, XOF d=0x01) - - added ChaCha (ChaCha8/12/20) - - added HMQV and FHMQV - * Hashed and Fully Hashed MQV - - added BLAKE2 (BLAKE2s and BLAKE2b) - * C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD - - added CRC32-C - * C/C++, Amd64 CRC, and ARMv8 CRC - - improved Rabin-William signatures - * Tweaked roots e and f - - improved C++11 support - * atomics, threads and fences - * alginof, alignas - * constexpr - * noexcept - - improved GCM mode - * ARM NEON and ARMv8 ASIMD - * ARMv8 carry-less multiply - - improved Windows 8 and 10 support - * Windows Phone, Universal Windows Platform, Windows Store - - improved MIPS, ARMv7 and ARMv8 support - * added scripts setenv-{android|embedded|ios}.sh for GNUmakefile-cross - * aggressive use of -march= and -mfpu= in cryptest.sh - - improved build systems - * Visual Studio 2010 default - * added CMake support (lacks FindCryptopp.cmake) - * archived VC++ 5/0/6.0 project files (vc60.zip) - * archived VS2005 project files (vs2005.zip) - * archived Borland project files (bds10.zip) - - improved Testing and QA - * expanded platforms and compilers - * added code generation tests based on CPU features - * added C++03, C++11, C++14, C++17 testing - * added -O3, -O5, -Ofast and -Os testing - - ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0, - MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00 - -5.6.5 - maintenance release, recompile of programs recommended - - expanded community input and support - * 25 unique contributors as of this release - - fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release) - - fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea) - - shipped library in recommended state - * backwards compatibility achieved with - - Visual Studio project file cleanup - * improved X86 and X64 MSBuild support - * added ARM-based MSBuild awareness - - improved Testing and QA - * expanded platforms and compilers - * expanded Coverity into OS X and Windows platforms - * added Windows test scripts using Strawberry Perl - - ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, - MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00 - -6.0.0 - Major release, recompile of programs required - - expanded community input and support - * 43 unique contributors as of this release - - fixed CVE-2016-9939 (Issue 346, transient DoS) - - fixed CVE-2017-9434 (Issue 414, misidentified memory error) - - converted to BASE+SIMD implementation - * BASE provides an architecture neutral C++ implementation - * SIMD provides architecture specific hardware acceleration - - improved PowerPC Power4, Power7 and Power8 support - - added ARIA, EC German DSA, Deterministic signatures (RFC 6979), - Kalyna, NIST Hash and HMAC DRBG, Padlock RNG, Poly1305, SipHash, - Simon, Speck, SM3, SM4, Threefish algorithms - - added NaCl interface from the compact library - * x25519 key exhange and ed25519 signing provided through NaCl interface - - improved Testing and QA - - ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.0, +*** History *** + +The History file contains the items that comprise the release notes. The +items in the list below used to be in Readme.txt. Readme.txt now contans the +last several releases. + +1.0 - First public release. Withdrawn at the request of RSA DSI. + - included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA, + MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression + - had a serious bug in the RSA key generation code. + +1.1 - Removed RSA, RC4, RC5 + - Disabled calls to RSAREF's non-public functions + - Minor bugs fixed + +2.0 - a completely new, faster multiprecision integer class + - added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser, + elliptic curve algorithms + - added the Lucas strong probable primality test + - ElGamal encryption and signature schemes modified to avoid weaknesses + - Diamond changed to Diamond2 because of key schedule weakness + - fixed bug in WAKE key setup + - SHS class renamed to SHA + - lots of miscellaneous optimizations + +2.1 - added Tiger, HMAC, GOST, RIPE-MD160, LUCELG, LUCDIF, XOR-MAC, + OAEP, PSSR, SHARK + - added precomputation to DH, ElGamal, DSA, and elliptic curve algorithms + - added back RC5 and a new RSA + - optimizations in elliptic curves over GF(p) + - changed Rabin to use OAEP and PSSR + - changed many classes to allow copy constructors to work correctly + - improved exception generation and handling + +2.2 - added SEAL, CAST-128, Square + - fixed bug in HAVAL (padding problem) + - fixed bug in triple-DES (decryption order was reversed) + - fixed bug in RC5 (couldn't handle key length not a multiple of 4) + - changed HMAC to conform to RFC-2104 (which is not compatible + with the original HMAC) + - changed secret sharing and information dispersal to use GF(2^32) + instead of GF(65521) + - removed zero knowledge prover/verifier for graph isomorphism + - removed several utility classes in favor of the C++ standard library + +2.3 - ported to EGCS + - fixed incomplete workaround of min/max conflict in MSVC + +3.0 - placed all names into the "CryptoPP" namespace + - added MD2, RC2, RC6, MARS, RW, DH2, MQV, ECDHC, CBC-CTS + - added abstract base classes PK_SimpleKeyAgreementDomain and + PK_AuthenticatedKeyAgreementDomain + - changed DH and LUCDIF to implement the PK_SimpleKeyAgreementDomain + interface and to perform domain parameter and key validation + - changed interfaces of PK_Signer and PK_Verifier to sign and verify + messages instead of message digests + - changed OAEP to conform to PKCS#1 v2.0 + - changed benchmark code to produce HTML tables as output + - changed PSSR to track IEEE P1363a + - renamed ElGamalSignature to NR and changed it to track IEEE P1363 + - renamed ECKEP to ECMQVC and changed it to track IEEE P1363 + - renamed several other classes for clarity + - removed support for calling RSAREF + - removed option to compile old SHA (SHA-0) + - removed option not to throw exceptions + +3.1 - added ARC4, Rijndael, Twofish, Serpent, CBC-MAC, DMAC + - added interface for querying supported key lengths of symmetric ciphers + and MACs + - added sample code for RSA signature and verification + - changed CBC-CTS to be compatible with RFC 2040 + - updated SEAL to version 3.0 of the cipher specification + - optimized multiprecision squaring and elliptic curves over GF(p) + - fixed bug in MARS key setup + - fixed bug with attaching objects to Deflator + +3.2 - added DES-XEX3, ECDSA, DefaultEncryptorWithMAC + - renamed DES-EDE to DES-EDE2 and TripleDES to DES-EDE3 + - optimized ARC4 + - generalized DSA to allow keys longer than 1024 bits + - fixed bugs in GF2N and ModularArithmetic that can cause calculation errors + - fixed crashing bug in Inflator when given invalid inputs + - fixed endian bug in Serpent + - fixed padding bug in Tiger + +4.0 - added Skipjack, CAST-256, Panama, SHA-2 (SHA-256, SHA-384, and SHA-512), + and XTR-DH + - added a faster variant of Rabin's Information Dispersal Algorithm (IDA) + - added class wrappers for these operating system features: + * high resolution timers on Windows, Unix, and MacOS + * Berkeley and Windows style sockets + * Windows named pipes + * /dev/random and /dev/urandom on Linux and FreeBSD + * Microsoft's CryptGenRandom on Windows + - added support for SEC 1 elliptic curve key format and compressed points + - added support for X.509 public key format (subjectPublicKeyInfo) for + RSA, DSA, and elliptic curve schemes + - added support for DER and OpenPGP signature format for DSA + - added support for ZLIB compressed data format (RFC 1950) + - changed elliptic curve encryption to use ECIES (as defined in SEC 1) + - changed MARS key schedule to reflect the latest specification + - changed BufferedTransformation interface to support multiple channels + and messages + - changed CAST and SHA-1 implementations to use public domain source code + - fixed bug in StringSource + - optmized multi-precision integer code for better performance + +4.1 - added more support for the recommended elliptic curve parameters in SEC 2 + - added Panama MAC, MARC4 + - added IV stealing feature to CTS mode + - added support for PKCS #8 private key format for RSA, DSA, and elliptic + curve schemes + - changed Deflate, MD5, Rijndael, and Twofish to use public domain code + - fixed a bug with flushing compressed streams + - fixed a bug with decompressing stored blocks + - fixed a bug with EC point decompression using non-trinomial basis + - fixed a bug in NetworkSource::GeneralPump() + - fixed a performance issue with EC over GF(p) decryption + - fixed syntax to allow GCC to compile without -fpermissive + - relaxed some restrictions in the license + +4.2 - added support for longer HMAC keys + - added MD4 (which is not secure so use for compatibility purposes only) + - added compatibility fixes/workarounds for STLport 4.5, GCC 3.0.2, + and MSVC 7.0 + - changed MD2 to use public domain code + - fixed a bug with decompressing multiple messages with the same object + - fixed a bug in CBC-MAC with MACing multiple messages with the same object + - fixed a bug in RC5 and RC6 with zero-length keys + - fixed a bug in Adler32 where incorrect checksum may be generated + +5.0 - added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5 + - added key validation for encryption and signature public/private keys + - renamed StreamCipher interface to SymmetricCipher, which is now implemented + by both stream ciphers and block cipher modes including ECB and CBC + - added keying interfaces to support resetting of keys and IVs without + having to destroy and recreate objects + - changed filter interface to support non-blocking input/output + - changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows + - grouped related classes inside structs to help templates, for example + AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption + - where possible, typedefs have been added to improve backwards + compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined + - changed Serpent, HAVAL and IDEA to use public domain code + - implemented SSE2 optimizations for Integer operations + - fixed a bug in HMAC::TruncatedFinal() + - fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02 + +5.01 - added known answer test for X9.17 RNG in FIPS 140 power-up self test + - submitted to NIST/CSE, but not publicly released + +5.02 - changed EDC test to MAC integrity check using HMAC/SHA1 + - improved performance of integrity check + - added blinding to defend against RSA timing attack + +5.03 - created DLL version of Crypto++ for FIPS 140-2 validation + - fixed vulnerabilities in GetNextIV for CTR and OFB modes + +5.0.4 - Removed DES, SHA-256, SHA-384, SHA-512 from DLL + +5.1 - added PSS padding and changed PSSR to track IEEE P1363a draft standard + - added blinding for RSA and Rabin to defend against timing attacks + on decryption operations + - changed signing and decryption APIs to support the above + - changed WaitObjectContainer to allow waiting for more than 64 + objects at a time on Win32 platforms + - fixed a bug in CBC and ECB modes with processing non-aligned data + - fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 + signature scheme (these fixes are not backwards compatible) + - fixed a number of compiler warnings, minor bugs, and portability problems + - removed Sapphire + +5.2 - merged in changes for 5.01 - 5.0.4 + - added support for using encoding parameters and key derivation parameters + with public key encryption (implemented by OAEP and DL/ECIES) + - added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320, + RIPEMD-128, RIPEMD-256, Base-32 coding, FIPS variant of CFB mode + - added ThreadUserTimer for timing thread CPU usage + - added option for password-based key derivation functions + to iterate until a mimimum elapsed thread CPU time is reached + - added option (on by default) for DEFLATE compression to detect + uncompressible files and process them more quickly + - improved compatibility and performance on 64-bit platforms, + including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64 + - fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding. + - fixed encoding/decoding of PKCS #8 privateKeyInfo to properly + handle optional attributes + +5.2.1 - fixed bug in the "dlltest" DLL testing program + - fixed compiling with STLport using VC .NET + - fixed compiling with -fPIC using GCC + - fixed compiling with -msse2 on systems without memalign() + - fixed inability to instantiate PanamaMAC + - fixed problems with inline documentation + +5.2.2 - added SHA-224 + - put SHA-256, SHA-384, SHA-512, RSASSA-PSS into DLL + +5.2.3 - fixed issues with FIPS algorithm test vectors + - put RSASSA-ISO into DLL + +5.3 - ported to MSVC 2005 with support for x86-64 + - added defense against AES timing attacks, and more AES test vectors + - changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR" + +5.4 - added Salsa20 + - updated Whirlpool to version 3.0 + - ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006 + +5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly) + - improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, + Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2) + - optimized Camellia and added defense against timing attacks + - updated benchmarks code to show cycles per byte and to time key/IV setup + - started using OpenMP for increased multi-core speed + - enabled GCC optimization flags by default in GNUmakefile + - added blinding and computational error checking for RW signing + - changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce + the risk of reusing random numbers and IVs after virtual machine state + rollback + - changed default FIPS mode RNG from AutoSeededX917RNG to + AutoSeededX917RNG + - fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV + - moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak" + - removed HAVAL, MD5-MAC, XMAC + +5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines + +5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama + to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64) + - fixed Salsa20 initialization crash on non-SSE2 machines + - fixed Whirlpool crash on Pentium 2 machines + - fixed possible branch prediction analysis (BPA) vulnerability in + MontgomeryReduce(), which may affect security of RSA, RW, LUC + - fixed link error with MSVC 2003 when using "debug DLL" form of runtime library + - fixed crash in SSE2_Add on P4 machines when compiled with + MSVC 6.0 SP5 with Processor Pack + - ported to MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, + and Borland C++Builder 2007 + +5.6.0 - added AuthenticatedSymmetricCipher interface class and Filter wrappers + - added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED + - added support for variable length IVs + - added OIDs for Brainpool elliptic curve parameters + - improved AES and SHA-256 speed on x86 and x64 + - changed BlockTransformation interface to no longer assume data alignment + - fixed incorrect VMAC computation on message lengths + that are >64 mod 128 (x86 assembly version is not affected) + - fixed compiler error in vmac.cpp on x86 with GCC -fPIC + - fixed run-time validation error on x86-64 with GCC 4.3.2 -O2 + - fixed HashFilter bug when putMessage=true + - fixed AES-CTR data alignment bug that causes incorrect encryption on ARM + - removed WORD64_AVAILABLE; compiler support for 64-bit int is now required + - ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11 + +5.6.1 - added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM + - removed WAKE-CFB + - fixed several bugs in the SHA-256 x86/x64 assembly code: + * incorrect hash on non-SSE2 x86 machines on non-aligned input + * incorrect hash on x86 machines when input crosses 0x80000000 + * incorrect hash on x64 when compiled with GCC with optimizations enabled + - fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations + - switched to a public domain implementation of MARS + - ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1 + - renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010 + +5.6.2 - changed license to Boost Software License 1.0 + - added SHA-3 (Keccak) + - updated DSA to FIPS 186-3 (see DSA2 class) + - fixed Blowfish minimum keylength to be 4 bytes (32 bits) + - fixed Salsa validation failure when compiling with GCC 4.6 + - fixed infinite recursion when on x64, assembly disabled, and no AESNI + - ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0 + +5.6.3 - maintenance release, honored API/ABI/Versioning requirements + - expanded processes to include community and its input + * 12 unique contributors for this release + - fixed CVE-2015-2141 + - cleared most Undefined Behavior Sanitizer (UBsan) findings + - cleared all Address Sanitizer (Asan) findings + - cleared all Valgrind findings + - cleared all Coverity findings + - cleared all Enterprise Analysis (/analyze) findings + - cleared most GCC warnings with -Wall + - cleared most Clang warnings with -Wall + - cleared most MSVC warnings with /W4 + - added -fPIC 64-bit builds. Off by default for i386 + - added HKDF class from RFC 5868 + - switched to member_ptr due to C++ 11 warnings for auto_ptr + - initialization of C++ static objects, off by default + * GCC and init_priotirty/constructor attributes + * MSVC and init_seg(lib) + * CRYPTOPP_INIT_PRIORITY disabled by default, but available + - improved OS X support + - improved GNUmakefile support for Testing and QA + - added self tests for additional Testing and QA + - added cryptest.sh for systematic Testing and QA + - added GNU Gold linker support + - added Visual Studio 2010 solution and project files in vs2010.zip + - added Clang integrated assembler support + - unconditionally define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS for Makefile + target 'ubsan' and at -O3 due to GCC vectorization on x86 and x86_64 + - workaround ARMEL/GCC 5.2 bug and failed self test + - fixed crash in MQV due to GCC 4.9+ and inlining + - fixed hang in SHA due to GCC 4.9+ and inlining + - fixed missing rdtables::Te under VS with ALIGNED_DATA_ACCESS + - fixed S/390 and big endian feature detection + - fixed S/390 and int128_t/uint128_t detection + - fixed X32 (ILP32) feature detection + - removed _CRT_SECURE_NO_DEPRECATE for Microsoft platforms + - utilized bound checking interfaces from ISO/IEC TR 24772 when available + - improved ARM, ARM64, MIPS, MIPS64, S/390 and X32 (ILP32) support + - introduced CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + - added additional Doxygen-based documentation + - ported to MSVC 2015, Xcode 7.2, GCC 5.2, Clang 3.7, Intel C++ 16.00 + +5.6.4 - maintenance release, honored API/ABI/Versioning requirements + - expanded community input and support + * 22 unique contributors for this release + - fixed CVE-2016-3995 + - changed SHA3 to FIPS 202 (F1600, XOF d=0x06) + - added Keccak (F1600, XOF d=0x01) + - added ChaCha (ChaCha8/12/20) + - added HMQV and FHMQV + * Hashed and Fully Hashed MQV + - added BLAKE2 (BLAKE2s and BLAKE2b) + * C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD + - added CRC32-C + * C/C++, Amd64 CRC, and ARMv8 CRC + - improved Rabin-William signatures + * Tweaked roots e and f + - improved C++11 support + * atomics, threads and fences + * alginof, alignas + * constexpr + * noexcept + - improved GCM mode + * ARM NEON and ARMv8 ASIMD + * ARMv8 carry-less multiply + - improved Windows 8 and 10 support + * Windows Phone, Universal Windows Platform, Windows Store + - improved MIPS, ARMv7 and ARMv8 support + * added scripts setenv-{android|embedded|ios}.sh for GNUmakefile-cross + * aggressive use of -march= and -mfpu= in cryptest.sh + - improved build systems + * Visual Studio 2010 default + * added CMake support (lacks FindCryptopp.cmake) + * archived VC++ 5/0/6.0 project files (vc60.zip) + * archived VS2005 project files (vs2005.zip) + * archived Borland project files (bds10.zip) + - improved Testing and QA + * expanded platforms and compilers + * added code generation tests based on CPU features + * added C++03, C++11, C++14, C++17 testing + * added -O3, -O5, -Ofast and -Os testing + - ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0, + MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00 + +5.6.5 - maintenance release, recompile of programs recommended + - expanded community input and support + * 25 unique contributors as of this release + - fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release) + - fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea) + - shipped library in recommended state + * backwards compatibility achieved with + - Visual Studio project file cleanup + * improved X86 and X64 MSBuild support + * added ARM-based MSBuild awareness + - improved Testing and QA + * expanded platforms and compilers + * expanded Coverity into OS X and Windows platforms + * added Windows test scripts using Strawberry Perl + - ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, + MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00 + +6.0.0 - Major release, recompile of programs required + - expanded community input and support + * 43 unique contributors as of this release + - fixed CVE-2016-9939 (Issue 346, transient DoS) + - fixed CVE-2017-9434 (Issue 414, misidentified memory error) + - converted to BASE+SIMD implementation + * BASE provides an architecture neutral C++ implementation + * SIMD provides architecture specific hardware acceleration + - improved PowerPC Power4, Power7 and Power8 support + - added ARIA, EC German DSA, Deterministic signatures (RFC 6979), + Kalyna, NIST Hash and HMAC DRBG, Padlock RNG, Poly1305, SipHash, + Simon, Speck, SM3, SM4, Threefish algorithms + - added NaCl interface from the compact library + * x25519 key exhange and ed25519 signing provided through NaCl interface + - improved Testing and QA + - ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1 \ No newline at end of file