1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
Release 1.20:
- Name space depollution: make C implementations of ciphers local to the
OCaml/C stub code, so that they do not conflict with other C libraries
implementing crypto functions with the same names (#35, #36)
Release 1.19:
- Fix missing root registration in some Chacha20, Blake2, and
Blake3 functions (#34)
Release 1.18:
- Add BLAKE3 hash and MAC functions.
- Fix compile-time error "SSE4.1 instruction set not enabled" (#32, #33).
Release 1.17:
- Add interfaces for authenticated encryption (AEAD) and two implementations:
AES-GCM and Chacha20-Poly1305.
- Use `getentropy()` for `system_rng` when available (Linux, macOS, BSD).
- Removed support for EGD (the Entropy Gathering Daemon).
- Added compile-time alerts on uses of broken or weak ciphers and hashes.
(Can be silenced with "-alert -crypto".)
- Add the hmac_sha384 MAC (#8).
- Add the SipHash MAC.
- Set file descriptor to close-on-exec in `device_rng` (#27).
- Improve compatibility with OCaml 5.0 (#28).
- Make sure CryptokitBignum is installed like before the switch to Dune (#31).
Release 1.16.1:
- Make the tests faster and more robust
- Update dependencies and documentation.
Release 1.16:
- Use dune as the build system (contributed by Andrey Mokhov, PR #24)
- Add BLAKE2b and BLAKE2s hash and MAC functions.
Release 1.15:
- Added constant-time `string_equal` and `bytes_equal` comparison functions
(execution time depends on the lengths of the strings but not on their
contents) (issue #13, PR #14)
- Caml FFI: use caml_ long names and CAML_NAME_SPACE; get rid of Begin_roots
- OASIS files regenerated in dynamic mode for OCaml 4.09 compatibility.
For this reason, OASIS is now a build dependency.
Release 1.14:
- Ensure compatibility with OCaml 4.09 and up.
- Detect early AMD Ryzen 3000 bug where the RDRAND instruction always
generates 0xFF...FF, and, in this case, report the hardware RNG as
unavailable.
- Fix formatting of documentation comments (issue #3, PR #5)
- Optional argument to control whether the zlib transform expects a
zlib header (PR #12).
- Fix issue with zlib >= 1.2.9 where internal sanity check is affected
by the stream data block being moved by OCaml's GC (issue #7, PR #17).
- DH.new_parameters: update documentation to suggest at least 2048
bits (PR #18).
- DH.derive_key: use SHA256 instead of SHA1 (PR #19).
Release 1.13:
- Add the Chacha20 stream cipher.
- Add the AES-CMAC (a.k.a. AES-OMAC1) message authentication code.
- Pseudo-random number generator: replace the old AES-CBC-Fibonacci generator
with a faster, simpler generator based on Chacha20.
- Add an alternate pseudo-random number generator based on AES in CTR mode.
- Documentation: warn about known cryptographic weaknesses in Triple DES,
Blowfish, and ARCfour.
- Documentation: warn about problems with variable-length messages in
MACs based on block ciphers in CBC mode.
Release 1.12:
- Fix x86-32 compilation error and improve detection of AES-NI for x86
processors (Jeremie Dimino, Etienne Millon)
(Closes: #1646)
- AES-NI: align key_schedule on a 16 byte boundary (Etienne Millon)
(Closes: #1709)
- Add original Keccak submission to SHA-3 (Yoichi Hirai)
Release 1.11:
- Adapt to "safe string" mode (OCaml 4.02 and later required).
The API should remain backward-compatible for clients compiled
in "unsafe string" mode.
- Update SHA-3 to the official NIST standard (different padding than
in the Keccak submission). (Closes: #1528)
- Fixed bounds checking in "add_substring" methods of hash functions
and other functions that operate on a substring of a string.
(Closes: #1480)
- Use hardware implementation of AES when available on x86 processors.
(Faster than the software implementation and less sensitive to
side channel attacks.)
- Use the Zarith library to implement RSA.
(Faster than the previous implementation and less sensitive to
side channel attacks.)
- Support the hardware random number generator present in recent
x86 processors.
- Rebuilt generated files with Oasis 0.4.6 for OCaml 4.03 compatibility.
Release 1.10:
- Add all SHA-2 hash functions: SHA-224, SHA-384 and SHA-512
in addition to the existing SHA-256. (Closes: #1223)
- Add support for CTR (Counter) chaining mode.
- Fix compilation error with OCaml 4.03+dev.
- Avoid using some obsolete OCaml stdlib functions.
Release 1.9:
- More fixes to build in Windows with zlib (mingw and msvc).
Release 1.8:
- Build .cmxs with C bindings (Closes: #1303)
- Use advapi32 on Windows (Close: #1055)
- Allow to define --zlib-include and --zlib-libdir if zlib is not installed in
the standard location.
Release 1.7:
- Added SHA-3 hash function.
Release 1.6:
- Regenerate setup.ml with oasis 0.3.0~rc6 version
Release 1.5:
- Fix bug check in buffered_output#ensure_capacity (Closes: #879)
- Allow to have padding in Base64 (Closes: #897)
Release 1.4:
- Added Blowfish block cipher.
- Added MAC functions based on HMAC construction applied to
SHA-256 and RIPEMD-160.
- Added OASIS and findlib support (Closes: #589)
Release 1.3:
- Added hash functions SHA-256 and RIPEMD-160.
- Added "flush" method to transforms.
- Fixed infinite loop in decompression of incorrect data.
Release 1.2:
- MS Windows port
Release 1.1:
- Added Diffie-Hellman key agreement
- Exported raw modular arithmetic operations (mod_power, mod_mult)
Release 1.0:
- First public release
|
