Botan Release Log

2010-06-28: 1.9.9

Add new X509::BER_encode and PKCS8::BER_encode
Give all Filter objects a name() function
Add Keyed_Filter::valid_iv_length
Increase default iteration counts for private key encryption
Fix compilation of mp_asm64 on 64-bit MIPS with GCC 4.4 and later
Fix compilation under Apple's GCC 4.2
Expand and update the Doxygen documentation

2010-06-16: 1.8.9

Use constant time multiplication in IDEA
Avoid possible timing attack against OAEP decoding
Add new X509::BER_encode and PKCS8::BER_encode
Enable DLL builds under Windows
Add Win32 installer support
Add support for the Clang compiler
Fix problem in semcem.h preventing build under Clang or GCC 3.4
Fix bug that prevented creation of DSA groups under 1024 bits
Fix crash in GMP_Engine if library is shutdown and reinitialized
Work around problem with recent binutils in x86-64 SHA-1
The Perl build script is no longer supported and refuses to run by default

2010-06-14: 1.9.8

Add support for wide multiplications on 64-bit Windows
Use constant time multiplication in IDEA
Avoid possible timing attack against OAEP decoding
Removed FORK-256; rarely used and it has been broken
Rename --use-boost-python to --with-boost-python
Skip building shared libraries on MinGW/Cygwin
Fix creation of 512 and 768 bit DL groups using the DSA kosherizer
Fix compilation on GCC versions before 4.3 (missing cpuid.h)
Fix complilation under the Clang compiler

2010-04-27: 1.9.7

TLS: Support reading SSLv2 client hellos
TLS: Add support for SEED ciphersuites (RFC 4162)
Add Comb4P hash combiner function
Fix checking of EMSA_Raw signatures with leading 0 bytes

2010-04-09: 1.9.6

TLS: Add support for TLS v1.1
TLS: Support server name indicator extension
TLS: Fix server handshake
TLS: Fix server using DSA certificates
TLS: Avoid timing channel between CBC padding check and MAC verification

2010-03-29: 1.9.5

Numerous ECC optimizations
Fix GOST 34.10-2001 X.509 key loading
Allow PK_Signer's fault protection checks to be toggled off
Avoid using pool-based locking allocator if we can't mlock
Remove all runtime options
New BER_Decoder::{decode_and_check, decode_octet_string_bigint}
Remove SecureBuffer in favor of SecureVector length parameter
HMAC_RNG: Perform a poll along with user-supplied entropy
Fix crash in MemoryRegion if Allocator::get failed
Fix small compilation problem on FreeBSD

2010-03-09: 1.9.4

Add the Ajisai SSLv3/TLSv1.0 implementation
Add GOST 34.10-2001 public key signature scheme
Add SIMD implementation of Noekeon
Add SSE2 implementation of IDEA
Extend Salsa20 to support longer IVs (XSalsa20)
Perform XTS encryption and decryption in parallel where possible
Perform CBC decryption in parallel where possible
Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
Add a block cipher cascade construction
Add support for password hashing for authentication (passhash9.h)
Add support for Win32 high resolution system timers
Major refactoring and API changes in the public key code
Use consistency checking (anti-fault attack) for all signature schemes
Changed S2K interface: derive_key now takes salt, iteration count
Remove dependency on TR1 for ECC and CVC code
Renamed ECKAEG to its more usual name, ECDH
Fix crash in GMP_Engine if library is shutdown and reinitialized
Fix an invalid memory read in MD4
Fix Visual C++ static builds
Remove Timer class entirely
Switch default PKCS #8 encryption algorithm from 3DES to AES-256
New option --gen-amalgamation for creating a SQLite-style amalgamation
Many headers are now explicitly internal-use-only and are not installed
Greatly improve the Win32 installer
Several fixes for Visual C++ debug builds

2009-11-19: 1.9.3

Add new AES implementation using Intel's AES instruction intrinsics
Add an implementation of format preserving encryption
Allow use of any hash function in X.509 certificate creation
Optimizations for MARS, Skipjack, and AES
Set macros for available SIMD instructions in build.h
Add support for using InnoSetup to package Windows builds
By default build a DLL on Windows

2009-11-03: 1.9.2

Add SIMD version of XTEA
Support both SSE2 and AltiVec SIMD for Serpent and XTEA
Optimizations for SHA-1 and SHA-2
Add AltiVec runtime detection
Fix x86 CPU identification with Intel C++ and Visual C++

2009-11-03: 1.8.8

Alter Skein-512 to match the tweaked 1.2 specification
Fix use of inline asm for access to x86 bswap function
Allow building the library without AES enabled
Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild

2009-10-23: 1.9.1

Better support for Python and Perl wrappers
Add an implementation of Blue Midnight Wish (Round 2 tweak version)
Modify Skein-512 to match the tweaked 1.2 specification
Add threshold secret sharing (draft-mcgrew-tss-02)
Add runtime cpu feature detection for x86/x86-64
Add code for general runtime self testing for hashes, MACs, and ciphers
Optimize XTEA; twice as fast as before on Core2 and Opteron
Convert CTR_BE and OFB from filters to stream ciphers
New parsing code for SCAN algorithm names
Enable SSE2 optimizations under Visual C++
Remove all use of C++ exception specifications
Add support for GNU/Hurd and Clang/LLVM

2009-09-09: 1.9.0

Add support for parallel invocation of block ciphers where possible
Add SSE2 implementation of Serpent
Add Rivest's package transform (an all or nothing transform)
Minor speedups to the Turing key schedule
Fix processing multiple messages in XTS mode
Add --no-autoload option to configure.py, for minimized builds
The previously used configure.pl script is no longer supported

2009-09-09: 1.8.7

Fix processing multiple messages in XTS mode
Add --no-autoload option to configure.py, for minimized builds

2009-08-13: 1.8.6

Add Cryptobox, a set of simple password-based encryption routines
Only read world-readable files when walking /proc for entropy
Fix building with TR1 disabled
Fix x86 bswap support for Visual C++
Fixes for compilation under Sun C++
Add support for Dragonfly BSD (contributed by Patrick Georgi)
Add support for the Open64 C++ compiler
Build fixes for MIPS systems running Linux
Minor changes to license, now equivalent to the FreeBSD/NetBSD license

2009-07-23: 1.8.5

Change configure.py to work on stock Python 2.4
Avoid a crash in Skein_512::add_data processing a zero-length input
Small build fixes for SPARC, ARM, and HP-PA processors
The test suite now returns an error code from main() if any tests failed

2009-07-12: 1.8.4

Fix a bug in nonce generation in the Miller-Rabin test

2009-07-11: 1.8.3

Add a new Python configuration script
Add the Skein-512 SHA-3 candidate hash function
Add the XTS block cipher mode from IEEE P1619
Fix random_prime when generating a prime of less than 7 bits
Improve handling of low-entropy situations during PRNG seeding
Change random device polling to prefer /dev/urandom over /dev/random
Use an input insensitive implementation of same_mem instead of memcmp
Correct DataSource::discard_next to return the number of discarded bytes
Provide a default value for AutoSeeded_RNG::reseed
Fix Gentoo bug 272242

2009-04-07: 1.8.2

Make entropy polling more flexible and in most cases faster
GOST 28147 now supports multiple sbox parameters
Added the GOST 34.11 hash function
Fix botan-config problems on MacOS X

2009-01-20: 1.8.1

Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
Fix memory leak in PKCS8 load_key and encrypt_key
Relicense api.tex from CC-By-SA 2.5 to BSD
Fix botan-config on MacOS X, Solaris

2008-12-08: 1.8.0

Fix compilation on Solaris with GCC

2008-12-01: 1.7.24

Fix a compatibility problem with SHA-512/EMSA3 signature padding
Fix bug preventing EGD/PRNGD entropy poller from working
Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27)
Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11
Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4
Wrap private structs in SSE2 SHA-1 code in anonymous namespace
Change configure.pl's CPU autodetection output to be more consistent
Disable using OpenSSL's AES due to crashes of unknown cause
Fix warning in /proc walking entropy poller
Fix compilation with IBM XLC for Cell 0.9-200709

2008-11-23: 1.7.23

Change to use TR1 (thus enabling ECDSA) with GCC and ICC
Optimize almost all hash functions, especially MD4 and Tiger
Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump}
Change Timer to be pure virtual, and add ANSI_Clock_Timer
Cache socket descriptors in the EGD entropy source
Avoid bogging down startup in /proc walking entropy source
Remove Buffered_EntropySource helper class
Add a Default_Benchmark_Timer typedef in benchmark.h
Add examples using benchmark.h and Algorithm_Factory
Add ECC tests from InSiTo
Minor documentation updates

2008-11-17: 1.7.22

Add provider preferences to Algorithm_Factory
Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21
Optimize AES encryption and decryption (about 10% faster)
Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs
Fix nanoseconds overflow in benchmark code
Remove Engine::add_engine

2008-11-11: 1.7.21

Make algorithm lookup much more configuable
Add facilities for runtime performance testing of algorithms
Drop use of entropy estimation in the PRNGs
Increase intervals between HMAC_RNG automatic reseeding
Drop InitializerOptions class, all options but thread safety

2008-11-09: 1.7.20

Namespace pkg-config file by major and minor versions
Cache device descriptors in Device_EntropySource
Split base.h into {block_cipher,stream_cipher,mac,hash}.h
Removed get_mgf function from lookup.h

2008-11-06: 1.7.19

Add HMAC_RNG, based on a design by Hugo Krawczyk
Optimized the Turing stream cipher (about 20% faster on x86-64)
Modify Randpool's reseeding algorithm to poll more sources
Add a new AutoSeeded_RNG in auto_rng.h
OpenPGP_S2K changed to take hash object instead of name
Add automatic identification for Intel's Prescott processors

2008-10-22: 1.7.18

Add Doxygen comments from InSiTo
Add ECDSA and ECKAEG benchmarks
Add configure.pl switch --with-tr1-implementation
Fix configure.pl's --with-endian and --with-unaligned-mem options
Added support for pkg-config
Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow
Use const references to avoid copying overhead in CurveGFp, GFpModulus

2008-10-12: 1.7.17

Add missing ECDSA object identifiers
Fix error in x86 and x86-64 assembler affecting GF(p) math
Remove Boost dependency from GF(p) math
Modify botan-config to not print -L/usr/lib or -L/usr/local/lib
Add BOTAN_DLL macro to over 30 classes missing it
Rename the two SHA-2 base classes for consistency

2008-10-09: 1.7.16

Add several missing pieces needed for ECDSA and ECKAEG
Add Card Verifiable Certificates from InSiTo
Add SHA-224 from InSiTo
Add BSI variant of EMSA1 from InSiTo
Add GF(p) and ECDSA tests from InSiTo
Split ECDSA and ECKAEG into distinct modules
Allow OpenSSL and GNU MP engines to be built with public key algos disabled
Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h

2008-10-07: 1.7.15

Add GF(p) arithmetic from InSiTo
Add ECDSA and ECKAEG implementations from InSiTo
Minimize internal dependencies, allowing for smaller build configurations
Add new User Manual and Architecture Guide from FlexSecure GmbH
Alter configure.pl options for better autotools compatibility
Update build instructions for recent changes to configure.pl
Fix CPU detection using /proc/cpuinfo

2008-09-30: 1.7.14

Split library into parts allowing modular builds
Add (very preliminary) CMS support to the main library
Some constructors now require object pointers instead of names
Support multiple implementations of the same algorithm
Build support for Pentium-M processors, from Derek Scherger
Build support for MinGW/MSYS, from Zbigniew Zagorski
Use inline assembly for bswap on 32-bit x86

2008-09-27: 1.7.13

Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai
Allow all examples to compile even if compression not enabled
Make CMAC's polynomial doubling operation a public class method
Use the -m64 flag when compiling with Sun Forte on x86-64
Clean up and slightly optimize CMAC::final_result

2008-09-18: 1.7.12

Add x86 assembly for Visual Studio C++, by Luca Piccarreta
Add a Perl XS module, by Vaclav Ovsik
Add SWIG-based wrapper for Botan
Add SSE2 implementation of SHA-1, by Dean Gaudet
Remove the BigInt::sig_words cache due to bugs
Combined the 4 Blowfish sboxes, suggested by Yves Jerschow
Changed BigInt::grow_by and BigInt::grow_to to be non-const
Add private assignment operators to classes that don't support assignment
Benchmark RSA encryption and signatures
Added test programs for random_prime and ressol
Add high resolution timers for IA-64, HP-PA, S390x
Reduce use of the RNG during benchmarks
Fix builds on STI Cell PPU
Add support for IBM's XLC compiler
Add IETF 8192 bit MODP group

2008-09-11: 1.7.11

Added the Salsa20 stream cipher
Optimized Montgomery reduction, Karatsuba squaring
Added 16x16->32 word Comba multiplication and squaring
Use a much larger Karatsuba cutoff point
Remove bigint_mul_add_words
Inlined several BigInt functions
Add useful information to the generated build.h
Rename alg_{ia32,amd64} modules to asm_{ia32,amd64}
Fix the Windows build

2008-09-05: 1.7.10

Public key benchmarks run using a selection of random keys
New benchmark timer options are clock_gettime, gettimeofday, times, clock
Including reinterpret_cast optimization for xor_buf in default header
Split byte swapping and word rotation functions into distinct headers
Add IETF modp 6144 group and 2048 and 3072 bit DSS groups
Optimizes BigInt right shift
Add aliases in DL_Group::Format enum
BigInt now caches the significant word count

2008-08-27: 1.6.5

Add noexec stack marker for GNU linker in assembly code
Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3

2008-08-27: 1.7.9

Make clear() in most algorithm base classes a pure virtual
Add noexec stack marker for GNU linker in assembly code
Avoid string operations in ressol
Compilation fixes for MinGW and Visual Studio C++ 2008
Some autoconfiguration fixes for Windows

2008-07-15: 1.7.8

Added the block cipher Noekeon
Remove global deref_alias function
X509_Store takes timeout options as constructor arguments
Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH
Extend random_prime() for generating primes of any bit length
Remove Config class
Allow adding new entropy via base RNG interface
Reseeding a X9.31 PRNG also reseeds the underlying PRNG

2008-06-28: 1.7.7

Remove the global PRNG object
The PK filter objects were removed
Add a test suite for the ANSI X9.31 PRNG
Much cleaner and (mostly) thread-safe reimplementation of es_ftw
Remove both default arguments to ANSI_X931_RNG's constructor
Remove the randomizing version of OctetString::change
Make the cipher and MAC to use in Randpool configurable
Move RandomNumberGenerator declaration to rng.h
RSA_PrivateKey will not generate keys smaller than 1024 bits
Fix an error decoding BER UNIVERSAL types with special taggings

2008-05-05: 1.7.6

Initial support for Windows DLLs, from Joel Low
Reset the position pointer when a new block is generated in X9.32 PRNG
Timer objects are now treated as entropy sources
Moved several ASN.1-related enums from enums.h to an appropriate header
Removed the AEP module, due to inability to test
Removed Global_RNG and rng.h
Removed system_clock
Removed Library_State::UI and the pulse callback logic

2008-04-12: 1.7.5

The API of X509_CA::sign_request was altered to avoid race conditions
New type Pipe::message_id to represent the Pipe message number
Remove the Named_Mutex_Holder for a small performance gain
Removed several unused or rarely used functions from Config
Ignore spaces inside of a decimal string in BigInt::decode
Allow using a std::istream to initialize a DataSource_Stream object
Fix compilation problem in zlib compression module
The chunk sized used by Pooling_Allocator is now a compile time setting
The size of random blinding factors is now a compile time setting
The install target no longer tries to set a particular owner/group

2008-03-10: 1.7.4

Use unaligned memory read/writes on systems that allow it, for performance
Assembly for x86-64 for accessing the bswap instruction
Use larger buffers in ARC4 and WiderWAKE for significant throughput increase
Unroll loops in SHA-160 for a few percent increase in performance
Fix compilation with GCC 3.2 in es_ftw and es_unix
Build fix for NetBSD systems
Prevent es_dev from being built except on Unix systems

2008-03-08: 1.6.4

Fix a compilation problem with Visual Studio C++ 2003

2008-01-23: 1.7.3

New invocation syntax for configure.pl with several new options
Support for IPv4 addresses in a subject alternative name
New fast poll for the generic Unix entropy source (es_unix)
The es_file entropy source has been replaced by the es_dev module
The malloc allocator does not inherit from Pooling_Allocator anymore
The path that es_unix will search in are now fully user-configurable
Truncate X9.42 PRF output rather than allow counter overflow
PowerPC is now assumed to be big-endian

2007-10-13: 1.7.2

Initialize the global library state lazily
Add plain CBC-MAC for backwards compatibility with old systems
Clean up some of the self test code
Throw a sensible exception if a DL_Group is not found
Truncate KDF2 output rather than allowing counter overflow
Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256
Fix a Visual Studio compilation problem in x509stat.cpp

2007-07-23: 1.6.3

Fix a race condition in the algorithm lookup cache
Fix problems building the memory pool on some versions of Visual C++

2007-07-23: 1.7.1

Fix a race condition in the algorithm object cache
HMAC key schedule optimization
The build header sets a macro defining endianness, if known
New word load/store abstraction allowing further optimization
Modify most of the library to avoid use the C-style casts
Use higher resolution timers in symmetric benchmarks

2007-05-19: 1.7.0

DSA parameter generation now follows FIPS 186-3
Added OIDs for Rabin-Williams and Nyberg-Rueppel
Somewhat better support for out of tree builds
Minor optimizations for RC2 and Tiger
Documentation updates
Update the todo list

2007-03-24: 1.6.2

Fix autodection on Athlon64s running Linux
Fix builds on QNX and compilers using STLport
Remove a call to abort() that crept into production

2007-01-20: 1.6.1

Fix some base64 decoder bugs
Add a new option to base64 encoding, to always append a newline
Fix some build problems under Visual Studio with debug enabled
Fix a bug in BER_Decoder that was triggered under some compilers

2006-12-17: 1.6.0

Minor cleanups versus 1.5.13

2006-12-10: 1.5.13

Compilation fixes for the bzip2, zlib, and GNU MP modules
Better support for Intel C++ and EKOpath C++ on x86-64

2006-10-27: 1.5.12

Cleanups in the initialization routines
Add some x86-64 assembly for multiply-add
Fix problems generating very small (below 384 bit) RSA keys
Support out of tree builds
Bring some of the documentation up to date
More improvements to the Python bindings

2006-09-10: 1.5.11

Removed the Algorithm base class
Various cleanups in the public key inheritance hierarchy
Major overhaul of the configure/build setup
Added x86 assembler implementations of Serpent and low-level MPI code
Optimizations for the SHA-1 x86 assembler
Various improvements to the Python wrappers
Work around a Visual Studio compiler bug

2006-08-13: 1.5.10

Add x86 assembler versions of MD4, MD5, and SHA-1
Expand InitializerOptions' language to support on/off switches
Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9
Fix possible resource leaks in the mmap allocator
Slightly optimized buffering in MDx_HashFunction
Initialization failures are dealt with somewhat better
Add an example implementing Pollard's Rho algorithm
Better option handling in the test/benchmark tool
Expand the xor_ciph example to support longer keys
Some updates to the documentation

2006-07-12: 1.5.9

Fixed bitrot in the AEP engine
Fix support for marking certificate/CRL extensions as critical
Significant cleanups in the library state / initialization code
LibraryInitializer takes an explicit InitializerOptions object
Make Mutex_Factory an abstract class, add Default_Mutex_Factory
Change configuration access to using global_state()
Add support for global named mutexes throughout the library
Add some STL wrappers for the delete operator
Change how certificates are created to be more flexible and general

2006-06-23: 1.5.8

Many internal cleanups to the X.509 cert/CRL code
Allow for application code to support new X.509 extensions
Change the return type of X509_Certificate::{subject,issuer}_info
Allow for alternate character set handling mechanisms
Fix a bug that was slowing squaring performance somewhat
Fix a very hard to hit overflow bug in the C version of word3_muladd
Minor cleanups to the assembler modules
Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1
Support for GCC 2.95.x has been dropped in this release

2006-05-28: 1.5.7

Further, major changes to the BER/DER coding system
Updated the Qt mutex module to use Mutex_Factory
Moved the library global state object into an anonymous namespace
Drop the Visual C++ x86 assembly module due to bugs

2006-03-01: 1.5.6

The low-level DER/BER coding system was redesigned and rewritten
Portions of the certificate code were cleaned up internally
Use macros to substantially clean up the GCC assembly code
Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta)
Avoid a couple of spurious warnings under Visual C++
Some slight cleanups in X509_PublicKey::key_id

2006-02-04: 1.5.5

Fixed a potential infinite loop in the memory pool code (Matt Johnston)
Made Pooling_Allocator::Memory_Block an actual class of sorts
Some small optimizations to the division and modulo computations
Cleaned up the implementation of some of the BigInt operators
Reduced use of dynamic memory allocation in low-level BigInt functions
A few simplifications in the Randpool mixing function
Removed power(), as it was not particularly useful (or fast)
Fixed some annoying bugs in the benchmark code
Added a real credits file

2006-01-29: 1.5.4

Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
Fixed a memory access off-by-one in the Karatsuba code
Changed Pooling_Allocator's free list search to a log(N) algorithm
Merged ModularReducer with its only subclass, Barrett_Reducer
Fixed sign-handling bugs in some of the division and modulo code
Renamed the module description files to modinfo.txt
Further cleanups in the initialization code
Removed BigInt::add and BigInt::sub
Merged all the division-related functions into just divide()
Modified the <mp_asmi.h> functions to allow for better optimizations
Made the number of bits polled from an EntropySource user configurable
Avoid including <algorithm> in <botan/secmem.h>
Fixed some build problems with Sun Forte
Removed some dead code from bigint_modop
Fix the definition of same_mem

2006-01-24: 1.5.3

Many optimizations in the low-level multiple precision integer code
Added hooks for assembly implementations of the MPI code
Support for the X.509 issuer alternative name extension in new certs
Fixed a bug in the decompression modules; found and patched by Matt Johnston
New Windows mutex module (mux_win32), by Luca Piccarreta
Changed the Windows timer module to use QueryPerformanceCounter
mem_pool.cpp was using std::set iterators instead of std::multiset ones
Fixed a bug in X509_CA preventing users from disabling particular extensions
Fixed the mp_asm64 module, which was entirely broken in 1.5.2
Fixed some module build problems on FreeBSD and Tru64

2006-01-15: 1.4.12

Fixed an off-by-one memory read in MISTY1::key()
Fixed a nasty memory leak in Output_Buffers::retire()
Changed maximum HMAC keylength to 1024 bits
Fixed a build problem in the hardware timer module on 64-bit PowerPC

2006-01-15: 1.5.2

Fixed an off-by-one memory read in MISTY1::key()
Fixed a nasty memory leak in Output_Buffers::retire()
Reimplemented the memory allocator from scratch
Improved memory caching in Montgomery exponentiation
Optimizations for multiple precision addition and subtraction
Fixed a build problem in the hardware timer module on 64-bit PowerPC
Changed default Karatsuba cutoff to 12 words (was 14)
Removed MemoryRegion::bits(), which was unused and incorrect
Changed maximum HMAC keylength to 1024 bits
Various minor Makefile and build system changes
Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
Switched checks/clock.cpp back to using clock() by default
Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1
Removed the Default_Mutex's unused clone() member function

2006-01-08: 1.5.1

Implemented Montgomery exponentiation
Implemented generalized Karatsuba multiplication and squaring
Implemented Comba squaring for 4, 6, and 8 word inputs
Added new Modular_Exponentiator and Power_Mod classes
Removed FixedBase_Exp and FixedExponent_Exp
Fixed a performance regression in get_allocator introduced in 1.5.0
Engines can now offer S2K algorithms and block cipher padding methods
Merged the remaining global 'algolist' code into Default_Engine
The low-level MPI code is linked as C again
Replaced BigInt's get_nibble with the more general get_substring
Some documentation updates

2006-01-01: 1.5.0

Moved all global/shared library state into a single object
Mutex objects are created through mutex factories instead of a global
Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
Removed the RNG_Quality enum entirely
There is now only a single global-use PRNG
Removed the no_aliases and no_oids options for LibraryInitializer
Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
Change es_ftw to use unbuffered I/O

2005-12-31: 1.4.11

Changed Whirlpool diffusion matrix to match updated algorithm spec
Fixed several engine module build errors introduced in 1.4.10
Fixed two build problems in es_capi; reported by Matthew Gregan
Added a constructor to DataSource_Memory taking a std::string
Placing the same Filter in multiple Pipes triggers an exception
The configure script accepts --docdir and --libdir
Merged doc/rngs.txt into the main API document
Thanks to Joel Low for several bug reports on early tarballs of 1.4.11

2005-12-18: 1.4.10

Added an implementation of KASUMI, the block cipher used in 3G phones
Refactored Pipe; output queues are now managed by a distinct class
Made certain Filter facilities only available to subclasses of Fanout_Filter
There is no longer any overhead in Pipe for a message that has been read out
It is now possible to generate RSA keys as small as 128 bits
Changed some of the core classes to derive from Algorithm as a virtual base
Changed Randpool to use HMAC instead of a plain hash as the mixing function
Fixed a bug in the allocators; found and fixed by Matthew Gregan
Enabled the use of binary file I/O, when requested by the application
The OpenSSL engine's block cipher code was missing some deallocation calls
Disabled the es_ftw module on NetBSD, due to header problems there
Fixed a problem preventing tm_hard from building on MacOS X on PowerPC
Some cleanups for the modules that use inline assembler
config.h is now stored in build/ instead of build/include/botan/
The header util.h was split into bit_ops.h, parsing.h, and util.h
Cleaned up some redundant include directives

2005-11-06: 1.4.9

Added the IBM-created AES candidate algorithm MARS
Added the South Korean block cipher SEED
Added the stream cipher Turing
Added the new hash function FORK-256
Deprecated the ISAAC stream cipher
Twofish and RC6 are significantly faster with GCC
Much better support for 64-bit PowerPC
Added support for high-resolution PowerPC timers
Fixed a bug in the configure script causing problems on FreeBSD
Changed ANSI X9.31 to support arbitrary block ciphers
Make the configure script a bit less noisy
Added more test vectors for some algorithms, including all the AES finalists
Various cosmetic source code cleanups

2005-10-16: 1.4.8

Resolved a bad performance problem in the allocators; fix by Matt Johnston
Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7
Renamed OMAC to CMAC to match the official NIST naming
Added single byte versions of update() to PK_Signer and PK_Verifier
Removed the unused reverse_bits and reverse_bytes functions

2005-09-25: 1.4.7

Fixed major performance problems with recent versions of GNU C++
Added an implementation of the X9.31 PRNG
Removed the X9.17 and FIPS 186-2 PRNG algorithms
Changed defaults to use X9.31 PRNGs as global PRNG objects
Documentation updates to reflect the PRNG changes
Some cleanups related to the engine code
Removed two useless headers, base_eng.h and secalloc.h
Removed PK_Verifier::valid_signature
Fixed configure/build system bugs affecting MacOS X builds
Added support for the EKOPath x86-64 compiler
Added missing destructor for BlockCipherModePaddingMethod
Fix some build problems with Visual C++ 2005 beta
Fix some build problems with Visual C++ 2003 Workshop

2005-03-13: 1.4.6

Fix an error in the shutdown code introduced in 1.4.5
Setting base/pkcs8_tries to 0 disables the builtin fail-out
Support for XMPP identifiers in X.509 certificates
Duplicate entries in X.509 DNs are removed
More fixes for Borland C++, from Friedemann Kleint
Add a workaround for buggy iostreams

2005-02-26: 1.4.5

Add support for AES encryption of private keys
Minor fixes for PBES2 parameter decoding
Internal cleanups for global state variables
GCC 3.x version detection was broken in non-English locales
Work around a Sun Forte bug affecting mem_pool.h
Several fixes for Borland C++ 5.5, from Friedemann Kleint
Removed inclusion of init.h into base.h
Fixed a major bug in reading from certificate stores
Cleaned up a couple of mutex leaks
Removed some left-over debugging code
Removed SSL3_MAC, SSL3_PRF, and TLS_PRF

2004-12-02: 1.4.4

Further tweaks to the pooling allocator
Modified EMSA3 to support SSL/TLS signatures
Changes to support Qt/QCA, from Justin Karneges
Moved mux_qt module code into mod_qt
Fixes for HP-UX from Mike Desjardins

2004-11-06: 1.4.3

Split up SecureAllocator into Allocator and Pooling_Allocator
Memory locking allocators are more likely to be used
Fixed the placement of includes in some modules
Fixed broken installation procedure
Fixes in configure script to support alternate install programs
Modules can specify the minimum version they support

2004-10-31: 1.4.2

Fixed a major CRL handling bug
Cipher and hash operations can be offloaded to engines
Added support for cipher and hash offload in OpenSSL engine
Improvements for 64-bit CPUs without a widening multiply instruction
Support for SHA2-* and Whirlpool with EMSA2
Fixed a long-standing build problem with conflicting include files
Fixed some examples that hadn't been updated for 1.4.x
Portability fixes for Solaris, *BSD, HP-UX, and others
Lots of fixes and cleanups in the configure script
Updated the Gentoo ebuild file

2004-10-10: 1.4.1

Fixed major errors in the X.509 and PKCS #8 copy_key functions
Added a LAST_MESSAGE meta-message number for Pipe
Added new aliases (3DES and DES-EDE) for Triple-DES
Added some new functions to PK_Verifier
Cleaned up the KDF interface
Disabled tm_posix on *BSD due to header issues
Fixed a build problem on PowerPC with GNU C++ pre-3.4

2004-06-26: 1.4.0

Added the FIPS 186 RNG back
Added copy_key functions for X.509 public keys and PKCS #8 private keys
Fixed PKCS #1 signatures with RIPEMD-128
Moved some code around to avoid warnings with Sun ONE compiler
Fixed a bug in botan-config affecting OpenBSD
Fixed some build problems on Tru64, HP-UX
Fixed compile problems with Intel C++, Compaq C++

2004-06-12: 1.3.14

Added support for AEP's AEP1000/AEP2000 crypto cards
Added a Mutex module using Qt, from Justin Karneges
Added support for engine loading in LibraryInitializer
Tweaked SecureAllocator, giving 20% better performance under heavy load
Added timer and memory locking modules for Win32 (tm_win32, ml_win32)
Renamed PK_Engine to Engine_Core
Improved the Karatsuba cutoff points
Fixes for compiling with GCC 3.4 and Sun C++ 5.5
Fixes for Linux/s390, OpenBSD, and Solaris
Added support for Linux/s390x
The configure script was totally broken for 'generic' OS
Removed Montgomery reduction due to bugs
Removed an unused header, pkcs8alg.h
check --validate returns an error code if any tests failed
Removed duplicate entry in Unix command list for es_unix
Moved the Cert_Usage enumeration into X509_Store
Added new timing methods for PK benchmarks, clock_gettime and RDTSC
Fixed a few minor bugs in the configure script
Removed some deprecated functions from x509cert.h and pkcs10.h
Removed the 'minimal' module, has to be updated for Engine support
Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace
Documentation updates

2004-05-15: 1.3.13

Major fixes for Cygwin builds
Minor MacOS X install fixes
The configure script is a little better at picking the right modules
Removed ml_unix from the 'unix' module set for Cygwin compatibility
Fixed a stupid compile problem in pkcs10.h

2004-05-02: 1.3.12

Added ability to remove old entries from CRLs
Swapped the first two arguments of X509_CA::update_crl()
Added an < operator for MemoryRegion, so it can be used as a std::map key
Changed X.509 searching by DNS name from substring to full string compares
Renamed a few X509_Certificate and PKCS10_Request member functions
Fixed a problem when decoding some PKCS #10 requests
Hex_Decoder would not check inputs, reported by Vaclav Ovsik
Changed default CRL expire time from 30 days to 7 days
X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility
Corrected errors in the API doc, fixes from Ken Perano
More documentation about the Pipe/Filter code

2004-04-01: 1.3.11

Fixed two show-stopping bugs in PKCS10_Request
Added some sanity checks in Pipe/Filter
The DNS and URI entries would get swapped in subjectAlternativeNames
MAC_Filter is now willing to not take a key at creation time
Setting the expiration times of certs and CRLs is more flexible
Fixed problems building on AIX with GCC
Fixed some problems in the tutorial pointed out by Dominik Vogt
Documentation updates

2004-03-27: 1.3.10

Added support for OpenPGP's ASCII armor format
Cleaned up the RNG system; seeding is much more flexible
Added simple autoconfiguration abilities to configure.pl
Fixed a GCC 2.95.x compile problem
Updated the example configuration file
Documentation updates

2004-03-07: 1.3.9

Added an engine using OpenSSL (requires 0.9.7 or later)
X509_Certificate would lose email addresses stored in the DN
Fixed a missing initialization in a BigInt constructor
Fixed several Visual C++ compile problems
Fixed some BeOS build problems
Fixed the WiderWake benchmark

2003-12-30: 1.3.8

Internal changes to PK algorithms to divide data and algorithms
DSA/DH/NR/ElGamal constructors accept taking just the private key again
ElGamal keys now support being imported/exported as ASN.1 objects
Much more consistent and complete error checking in PK algorithms
Support for arbitrary backends (engines) for PK operations
Added Montgomery reductions
Added an engine that uses GNU MP (requires 4.1 or later)
Removed the obsolete mp_gmp module
Moved several initialization/shutdown functions to init.h
Major refactoring of the memory containers
New non-locking container, MemoryVector
Fixed 64-bit problems in BigInt::set_bit/clear_bit
Renamed PK_Key::check_params() to check_key()
Some incompatible changes to OctetString
Added version checking macros in version.h
Removed the fips140 module pending rewrite
Added some functions and hooks to help GUIs
Moved more shared code into MDx_HashFunction
Added a policy hook for specifying the encoding of X.509 strings

2003-12-12: 1.3.7

Fixed a big security problem in es_unix
Fixed several stability problems in es_unix
Expanded the list of programs es_unix will try to use
SecureAllocator now only preallocates blocks in special cases
Added a special case in Global_RNG::seed for forcing a full poll
Removed the FIPS 186 RNG added in 1.3.5 pending further testing
Configure updates for PowerPC CPUs
Removed the (never tested) VAX support
Added support for S/390 Linux

2003-12-07: 1.3.6

Added a new module 'minimal', which disables most algorithms
SecureAllocator allocates a few blocks at startup
A few minor MPI cleanups
RPM spec file cleanups and fixes

2003-11-30: 1.3.5

Major improvements in ASN.1 string handling
Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs
Added partial support for the X.509v3 certificate policies extension
Centralized the handling of character set information
Added FIPS 140-2 startup self tests
Added a module (fips140) for doing extra FIPS 140-2 tests
Added FIPS 186-2 RNG
Improved ASN.1 BIT STRING handling
Removed a memory leak in PKCS10_Request
The encoding of DirectoryString now follows PKIX guidelines
Fixed some of the character set dependencies
Fixed a DER encoding error for tags greater than 30
The BER decoder can now handle tags larger than 30
Fixed tm_hard.cpp to recognize SPARC on more systems
Workarounds for a GCC 2.95.x bug in x509find.cpp
RPM changed to install into /usr instead of /usr/local
Added support for QNX

2003-11-21: 1.3.4

Added a module that does certain MPI operations using GNU MP
Added the X9.42 Diffie-Hellman PRF
The Zlib and Bzip2 objects now use custom allocators
Added member functions for directly hashing/MACing SecureVectors
Minor optimizations to the MPI addition and subtraction algorithms
Some cleanups in the low-level MPI code
Created separate AES-{128,192,256} objects

2003-11-21: 1.2.8

Merged several important bug fixes from 1.3.x

2003-11-17: 1.3.3

The library can now be repeatedly initialized and shutdown without crashing
Fixed an off-by-one error in the CTS code
Fixed an error in the EMSA4 verification code
Fixed a memory leak in mutex.cpp (pointed out by James Widener)
Fixed a memory leak in Pthread_Mutex
Fixed several memory leaks in the testing code
Bulletproofed the EMSA/EME/KDF/MGF retrieval functions
Minor cleanups in SecureAllocator
Removed a needless mutex guarding the (stateless) global timer
Fixed a piece of bash-specific code in botan-config
X.509 objects report more information about decoding errors
Cleaned up some of the exception handling
Updated the example config file with new OIDSs
Moved the build instructions into a separate document, building.tex

2003-11-13: 1.3.2

Fixed a bug preventing DSA signatures from verifying on X.509 objects
Made the X509_Store search routines more efficient and flexible
Added a function to X509_PublicKey to do easy public/private key matching
Added support for decoding indefinite length BER data
Changed Pipe's peek() to take an offset
Removed Filter::set_owns in favor of the new incr_owns function
Removed BigInt::zero() and BigInt::one()
Renamed the PEM related options from base/pem_* to pem/*
Added an option to specify the line width when encoding PEM
Removed the "rng/safe_longterm" option; it's always on now
Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1
Cleaned up the base64/hex encoders and decoders
Added an ASN.1/BER decoder as an example
AES had its internals marked 'public' in previous versions
Changed the value of the ASN.1 NO_OBJECT enum
Various new hacks in the configure script
Removed the already nominal support for SunOS

2003-11-04: 1.3.1

Generalized a few pieces of the DER encoder
PKCS8::load_key would fail if handed an unencrypted key
Added a failsafe so PKCS #8 key decoding can't go into an infinite loop

2003-11-02: 1.3.0

Major redesign of the PKCS #8 private key import/export system
Added a small amount of UI interface code for getting passphrases
Added heuristics that tell if a key, cert, etc is stored as PEM or BER
Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC
Removed certain deprecated constructors of RSA, DSA, DH, RW, NR
Made PEM decoding more forgiving of extra text before the header

2003-10-31: 1.2.7

Added support for reading configuration files
Added constructors so NR and RW keys can be imported easily
Fixed mp_asm64, which was completely broken in 1.2.6
Removed tm_hw_ia32 module; replaced by tm_hard
Added support for loading certain oddly formed RSA certificates
Fixed spelling of NON_REPUDIATION enum
Renamed the option default_to_ca to v1_assume_ca
Fixed a minor bug in X.509 certificate generation
Fixed a latent bug in the OID lookup code
Updated the RPM spec file
Added to the tutorial

2003-07-04: 1.2.6

Major performance increase for PK algorithms on most 64-bit systems
Cleanups in the low-level MPI code to support asm implementations
Fixed build problems with some versions of Compaq's C++ compiler
Removed useless constructors for NR public and private keys
Removed support for the patch_file directive in module files
Removed several deprecated functions

2003-06-22: 1.2.5

Fixed a tricky and long-standing memory leak in Pipe
Major cleanups and fixes in the memory allocation system
Removed alloc_mlock, which has been superseded by the ml_unix module
Removed a denial of service vulnerability in X509_Store
Fixed compilation problems with VS .NET 2003 and Codewarrior 8
Added another variant of PKCS8::load_key, taking a memory buffer
Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32
BigInt::operator%=(word) was a no-op if the input was a power of 2
Fixed portability problems in BigInt::to_u32bit
Fixed major bugs in SSL3-MAC
Cleaned up some messes in the PK algorithms
Cleanups and extensions for OMAC and EAX
Made changes to the entropy estimation function
Added a 'beos' module set for use on BeOS
Officially deprecated a few X509:: and PKCS8:: functions
Moved the contents of primes.h to numthry.h
Moved the contents of x509opt.h to x509self.h
Removed the (empty) desx.h header
Documentation updates

2003-05-29: 1.2.4

Fixed a bug in EMSA1 affecting NR signature verification
Fixed a few latent bugs in BigInt related to word size
Removed an unused function, mp_add2_nc, from the MPI implementation
Reorganized the core MPI files

2003-05-20: 1.2.3

Fixed a bug that prevented DSA/NR key generation
Fixed a bug that prevented importing some root CA certs
Fixed a bug in the BER decoder when handing optional bit or byte strings
Fixed the encoding of authorityKeyIdentifier in X509_CA
Added a sanity check in PBKDF2 for zero length passphrases
Added versions of X509::load_key and PKCS8::load_key that take a file name
X509_CA generates 128 bit serial numbers now
Added tests to check PK key generation
Added a simplistic X.509 CA example
Cleaned up some of the examples

2003-05-13: 1.2.2

Add checks to prevent any BigInt bugs from revealing an RSA or RW key
Changed the interface of Global_RNG::seed
Major improvements for the es_unix module
Added another Win32 entropy source, es_win32
The Win32 CryptoAPI entropy source can now poll multiple providers
Improved the BeOS entropy source
Renamed pipe_unixfd module to fd_unix
Fixed a file descriptor leak in the EGD module
Fixed a few locking bugs

2003-05-06: 1.2.1

Added ANSI X9.23 compatible CBC padding
Added an entropy source using Win32 CryptoAPI
Removed the Pipe I/O operators taking a FILE*
Moved the BigInt encoding/decoding functions into the BigInt class
Integrated several fixes for VC++ 7 (from Hany Greiss)
Fixed the configure.pl script for Windows builds

2003-04-28: 1.2.0

Tweaked the Karatsuba cut-off points
Increased the allowed keylength of HMAC and Blowfish
Removed the 'mpi_ia32' module, pending rewrite
Workaround a GCC 2.95.x bug in eme1.cpp

2003-04-22: 1.1.13

Added OMAC
Added EAX authenticated cipher mode
Diffie-Hellman would not do blinding in some cases
Optimized the OFB and CTR modes
Corrected Skipjack's word ordering, as per NIST clarification
Support for all subject/issuer attribute types required by RFC 3280
The removeFromCRL CRL reason code is now handled correctly
Increased the flexibility of the allocators
Renamed Rijndael to AES, created aes.h, deleted rijndael.h
Removed support for the 'no_timer' LibraryInitializer option
Removed 'es_pthr' module, pending further testing
Cleaned up get_ciph.cpp

2003-04-15: 1.1.12

Fixed a ASN.1 string encoding bug
Fixed a pair of X509_DN encoding problems
Base64_Decoder and Hex_Decoder can now validate input
Removed support for the LibraryInitializer option 'egd_path'
Added tests for DSA X.509 and PKCS #8 key formats
Removed a long deprecated feature of DH_PrivateKey's constructor
Updated the RPM .spec file
Major documentation updates

2003-04-07: 1.1.11

Added PKCS #10 certificate requests
Changed X509_Store searching interface to be more flexible
Added a generic Certificate_Store interface
Added a function for generating self-signed X.509 certs
Cleanups and changes to X509_CA
New examples for PKCS #10 and self-signed certificates
Some documentation updates

2003-04-03: 1.1.10

X509_CA can now generate new X.509 CRLs
Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks
More certificate and CRL extensions/attributes are supported
Better DN handling in X.509 certificates/CRLs
Added a DataSink hierarchy (suggested by Jim Darby)
Consolidated SecureAllocator and ManagedAllocator
Many cleanups and generalizations
Added a (slow) pthreads based EntropySource
Fixed some threading bugs

2003-02-25: 1.1.9

Added support for using X.509v2 CRLs
Fixed several bugs in the path validation algorithm
Certificates can be verified for a particular usage
Algorithm for comparing distinguished names now follows X.509
Cleaned up the code for the es_beos, es_ftw, es_unix modules
Documentation updates

2003-01-29: 1.1.8

Fixes for the certificate path validation algorithm in X509_Store
Fixed a bug affecting X509_Certificate::is_ca_cert()
Added a general configuration interface for policy issues
Cleanups and API changes in the X.509 CA, cert, and store code
Made various options available for X509_CA users
Changed X509_Time's interface to work around time_t problems
Fixed a theoretical weakness in Randpool's entropy mixing function
Fixed problems compiling with GCC 2.95.3 and GCC 2.96
Fixed a configure bug (reported by Jon Wilson) affecting MinGW

2003-01-12: 1.0.2

Fixed an obscure SEGFAULT causing bug in Pipe
Fixed an obscure but dangerous bug in SecureVector::swap

2003-01-12: 1.1.7

Fixed an obscure but dangerous bug in SecureVector::swap
Consolidated SHA-384 and SHA-512 to save code space
Added SSL3-MAC and SSL3-PRF
Documentation updates, including a new tutorial

2002-12-10: 1.1.6

Initial support for X.509v3 certificates and CAs
Major redesign/rewrite of the ASN.1 encoding/decoding code
Added handling for DSA/NR signatures encoded as DER SEQUENCEs
Documented the generic cipher lookup interface
Added an (untested) entropy source for BeOS
Various cleanups and bug fixes

2002-11-17: 1.1.5

Added the discrete logarithm integrated encryption system (DLIES)
Various optimizations for BigInt
Added support for assembler optimizations in modules
Added BigInt x86 optimizations module (mpi_ia32)

2002-11-10: 1.1.4

Speedup of 15-30% for PK algorithms
Implemented the PBES2 encryption scheme
Fixed a potential bug in decoding RSA and RW private keys
Changed the DL_Group class interface to handle different formats better
Added support for PKCS #3 encoded DH parameters
X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS'
Added key pair consistency checking
Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss)
A botan-config script is generated at configure time
Documentation updates

2002-11-03: 1.1.3

Added a generic public/private key loading interface
Fixed a small encoding bug in RSA, RW, and DH
Changed the PK encryption/decryption interface classes
ECB supports using padding methods
Added a function-based interface for library initialization
Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures
The cipher mode benchmarks now use 128-bit AES instead of DES
Removed some obsolete typedefs
Removed OpenCL support (opencl.h, the OPENCL_* macros, etc)
Added tests for PKCS #8 encoding/decoding
Added more tests for ECB and CBC

2002-10-21: 1.1.2

Support for PKCS #8 encoded RSA, DSA, and DH private keys
Support for Diffie-Hellman X.509 public keys
Major reorganization of how X.509 keys are handled
Added PKCS #5 v2.0's PBES1 encryption scheme
Added a generic cipher lookup interface
Added the WiderWake4+1 stream cipher
Added support for sync-able stream ciphers
Added a 'paranoia level' option for the LibraryInitializer
More security for RNG output meant for long term keys
Added documentation for some of the new 1.1.x features
CFB's feedback argument is now specified in bits
Renamed CTR class to CTR_BE
Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats

2002-10-15: 1.1.1

Added the Korean hash function HAS-160
Partial support for RSA and DSA X.509 public keys
Added a mostly functional BER encoder/decoder
Added support for non-deterministic MAC functions
Initial support for PEM encoding/decoding
Internal cleanups in the PK algorithms
Several new convenience functions in Pipe
Fixed two nasty bugs in Pipe
Messed with the entropy sources for es_unix
Discrete logarithm groups are checked for safety more closely now
For compatibility with GnuPG, ElGamal now supports DSA-style groups

2002-09-14: 1.0.1

Fixed a minor bug in Randpool::random()
Added some new aliases and typedefs for 1.1.x compatibility
The 4096-bit RSA benchmark key was decimal instead of hex
EMAC was returning an incorrect name

2002-09-14: 1.1.0

Added entropy estimation to the RNGs
Improved the overall design of both Randpool and ANSI_X917_RNG
Added a separate RNG for nonce generation
Added window exponentiation support in power_mod
Added a get_s2k function and the PKCS #5 S2K algorithms
Added the TLSv1 PRF
Replaced BlockCipherModeIV typedef with InitializationVector class
Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement
Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x
Added support for RIPEMD-160 PKCS#1 v1.5 signatures
Changed the key agreement scheme interface
Changed the S2K and KDF interfaces
Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK
Added support for variable-pass Tiger
Major speedup for Rabin-Williams key generation

2002-08-26: 1.0.0

Octal I/O of BigInt is now supported
Fixed portability problems in the es_egd module
Generalized IV handling in the block cipher modes
Added Karatsuba multiplication and k-ary exponentiation
Fixed a problem in the multiplication routines

2002-08-18: 0.9.2

DH_PrivateKey::public_value() was returning the wrong value
Various BigInt optimizations
The filters.h header now includes hex.h and base64.h
Moved Counter mode to ctr.h
Fixed a couple minor problems with VC++ 7
Fixed problems with the RPM spec file

2002-08-10: 0.9.1

Grand rename from OpenCL to Botan
Major optimizations for the PK algorithms
Added ElGamal encryption
Added Whirlpool
Tweaked memory allocation parameters
Improved the method of seeding the global RNG
Moved pkcs1.h to eme_pkcs.h
Added more test vectors for some algorithms
Fixed error reporting in the BigInt tests
Removed Default_Timer, it was pointless
Added some new example applications
Removed some old examples that weren't that interesting
Documented the compression modules

2002-08-03: 0.9.0

EMSA4 supports variable salt size
PK_* can take a string naming the encoding method to use
Started writing some internals documentation

2002-07-30: 0.8.7

Fixed bugs in EME1 and EMSA4
Fixed a potential crash at shutdown
Cipher modes returned an ill-formed name
Removed various deprecated types and headers
Cleaned up the Pipe interface a bit
Minor additions to the documentation
First stab at a Visual C++ makefile (doc/Makefile.vc7)

2002-07-25: 0.8.6

Added EMSA4 (aka PSS)
Brought the manual up to date; many corrections and additions
Added a parallel hash function construction
Lookup supports all available algorithms now
Lazy initialization of the lookup tables
Made more discrete logarithm groups available through get_dl_group()
StreamCipher_Filter supports seeking (if the underlying cipher does)
Minor optimization for GCD calculations
Renamed SAFER_SK128 to SAFER_SK
Removed many previously deprecated functions
Some now-obsolete functions, headers, and types have been deprecated
Fixed some bugs in DSA prime generation
DL_Group had a constructor for DSA-style prime gen but it wasn't defined
Reversed the ordering of the two arguments to SEAL's constructor
Fixed a threading problem in the PK algorithms
Fixed a minor memory leak in lookup.cpp
Fixed pk_types.h (it was broken in 0.8.5)
Made validation tests more verbose
Updated the check and example applications

2002-07-21: 0.8.5

Major changes to constructors for DL-based cryptosystems (DSA, NR, DH)
Added a DL_Group class
Reworking of the pubkey internals
Support in lookup for aliases and PK algorithms
Renamed CAST5 to CAST_128 and CAST256 to CAST_256
Added EMSA1
Reorganization of header files
LibraryInitializer will install new allocator types if requested
Fixed a bug in Diffie-Hellman key generation
Did a workaround in pipe.cpp for GCC 2.95.x on Linux
Removed some debugging code from init.cpp that made FTW ES useless
Better checking for invalid arguments in the PK algorithms
Reduced Base64 and Hex default line length (if line breaking is used)
Fixes for HP's aCC compiler
Cleanups in BigInt

2002-07-14: 0.8.4

Added Nyberg-Rueppel signatures
Added Diffie-Hellman key exchange (kex interface is subject to change)
Added KDF2
Enhancements to the lookup API
Many things formerly taking pointers to algorithms now take names
Speedups for prime generation
LibraryInitializer has support for seeding the global RNG
Reduced SAFER-SK128 memory consumption
Reversed the ordering of public and private key values in DSA constructor
Fixed serious bugs in MemoryMapping_Allocator
Fixed memory leak in Lion
FTW_EntropySource was not closing the files it read
Fixed line breaking problem in Hex_Encoder

2002-06-09: 0.8.3

Added DSA and Rabin-Williams signature schemes
Added EMSA3
Added PKCS#1 v1.5 encryption padding
Added Filters for PK algorithms
Added a Keyed_Filter class
LibraryInitializer processes arguments now
Major revamp of the PK interface classes
Changed almost all of the Filters for non-template operation
Changed HMAC, Lion, Luby-Rackoff to non-template classes
Some fairly minor BigInt optimizations
Added simple benchmarking for PK algorithms
Added hooks for fixed base and fixed exponent modular exponentiation
Added some examples for using RSA
Numerous bugfixes and cleanups
Documentation updates

2002-05-18: 0.8.2

Added an (experimental) algorithm lookup interface
Added code for directly testing BigInt
Added SHA2-384
Optimized SHA2-512
Major optimization for Adler32 (thanks to Dan Nicolaescu)
Various minor optimizations in BigInt and related areas
Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore
Fixed a bug in BufferingFilter
Made a few fixes for MacOS X
Added a workaround in configure.pl for GCC 2.95.x
Better support for PowerPC, ARM, and Alpha
Some more cleanups

2002-05-06: 0.8.1

Major code cleanup (check doc/deprecated.txt)
Various bugs fixed, including several portability problems
Renamed MessageAuthCode to MessageAuthenticationCode
A replacement for X917 is in x917_rng.h
Changed EMAC to non-template class
Added ANSI X9.19 compatible CBC-MAC
TripleDES now supports 128 bit keys

2002-04-24: 0.8.0

Merged BigInt: many bugfixes and optimizations since alpha2
Added RSA (rsa.h)
Added EMSA2 (emsa2.h)
Lots of new interface code for public key algorithms (pk_base.h, pubkey.h)
Changed some interfaces, including SymmetricKey, to support the global rng
Fixed a serious bug in ManagedAllocator
Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160
Removed some deprecated stuff
Added a global random number generator (rng.h)
Added clone functions to most of the basic algorithms
Added a library initializer class (init.h)
Version macros in version.h
Moved the base classes from opencl.h to base.h
Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib
Documentation updates for the new stuff (still incomplete)
Many new deprecated things: check doc/deprecated.txt

2002-04-07: 0.7.10

Added EGD_EntropySource module (es_egd)
Added a file tree walking EntropySource (es_ftw)
Added MemoryLocking_Allocator module (alloc_mlock)
Renamed the pthr_mux, unix_rnd, and mmap_mem modules
Changed timer mechanism; the clock method can be switched on the fly.
Renamed MmapDisk_Allocator to MemoryMapping_Allocator
Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated)
Fixed several bugs in MemoryMapping_Allocator
Added more default sources for Unix_EntropySource
Changed SecureBuffer to use same allocation methods as SecureVector
Added bigint_divcore into mp_core to support BigInt alpha2 release
Removed some Pipe functions deprecated since 0.7.8
Some fixes for the configure program

2002-03-19: 0.7.9

Memory allocation substantially revamped
Added memory allocation method based on mmap(2) in the mmap_mem module
Added ECB and CTS block cipher modes (ecb.h, cts.h)
Added a Mutex interface (mutex.h)
Added module pthr_mux, implementing the Mutex interface
Added Threaded Filter interface (thr_filt.h)
All algorithms can now by keyed with SymmetricKey objects
More testing occurs with --validate (expected failures)
Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6
Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress
Made X917 safer (and about 1/3 as fast)
Documentation updates

2002-02-28: 0.7.8

More capabilities for Pipe, inspired by SysV STREAMS, including peeking,
Added a BufferingFilter class
Added popen() based EntropySource for generic Unix systems (unix_rnd)
Moved 'devrand' module into main distribution (ent_file.h), renamed to
Made Randpool somewhat more conservative and also 25% faster
Minor fixes and updates for the configure script
Added some tweaks for memory allocation
Documentation updates for the new Pipe interface
Fixed various minor bugs
Added a couple of new example programs (stack and hasher2)

2001-11-24: 0.7.7

Filter::send now works in the constructor of a Filter subclass
You may now have to include <opencl/pipe.h> explicitly in some code
Added preliminary PK infrastructure classes in pubkey.h and pkbase.h
Enhancements to SecureVector (append, destroy functions)
New infrastructure for secure memory allocation
Added IEEE P1363 primitives MGF1, EME1, KDF1
Rijndael optimizations and cleanups
Changed CipherMode<B> to BlockCipherMode(B*)
Fixed a nasty bug in pipe_unixfd
Added portions of the BigInt code into the main library
Support for VAX, SH, POWER, PowerPC-64, Intel C++

2001-10-14: 0.7.6

Fixed several serious bugs in SecureVector created in 0.7.5
Square optimizations
Fixed shared objects on MacOS X and HP-UX
Fixed static libs for KCC 4.0; works with KCC 3.4g as well
Full support for Athlon and K6 processors using GCC
Added a table of prime numbers < 2**16 (primes.h)
Some minor documentation updates

2001-08-19: 0.7.5

Split checksum.h into adler32.h, crc24.h, and crc32.h
Split modes.h into cbc.h, cfb.h, and ofb.h
CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption
Added OneAndZeros and NoPadding methods for CBC
Added Lion, a very fast block cipher construction
Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h)
Basic types (ciphers, hashes, etc) know their names now (call name())
Changed the EntropySource type somewhat
Big speed-ups for ISAAC, Adler32, CRC24, and CRC32
Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160
Some semantics of SecureVector have changed slightly
The mlock module has been removed for the time being
Added string handling functions for hashes and MACs
Various non-user-visible cleanups
Shared library soname is now set to the full version number

2001-07-15: 0.7.4

New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe
Fixed a vast number of errors in the config script/makefile/specfile
Pipe now has a stdio(3) interface as well as C++ iostreams
ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4)
Bzip2 supports decompressing multiple concatenated streams, and flushing
Added a simple 'overall average' score to the benchmarks
Fixed a small bug in the POSIX timer module
Removed a very-unlikely-to-occur bug in most of the hash functions
filtbase.h now includes <iosfwd>, not <iostream>
Minor documentation updates

2001-06-08: 0.7.3

Fix build problems on Solaris/SPARC
Fix build problems with Perl versions < 5.6
Fixed some stupid code that broke on a few compilers
Added string handling functions to Pipe
MISTY1 optimizations

2001-06-03: 0.7.2

Build system supports modules
Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers
Added Bzip2 compression filter, contributed by Peter Jones
GNU make no longer required (tested with 4.4BSD pmake and Solaris make)
Fixed minor bug in several of the hash functions
Various other minor fixes and changes
Updates to the documentation

2001-05-16: 0.7.1

Rewrote configure script: more consistent and complete
Made it easier to find out parameters of types at run time (opencl.h)
New functions for finding the version being used (version.h)
New SymmetricKey interface for Filters (symkey.h)
InvalidKeyLength now records what the invalid key length was
Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA
Changed GOST to use correct S-box ordering (incompatible change)
Benchmark code was almost totally rewritten
Many more entries in the test vector file
Fixed minor and idiotic bug in check.cpp

2001-03-01: 0.7.0

First public release