1 catacomb (2.6.2) experimental; urgency=medium
3 * catacomb: Fix incorrect feature test for AESNI on Intel processors.
4 (This was introduced in 2.6.0. Workaround for affected processors on
5 2.6.0 and 2.6.1: set `CATACOMB_CPUFEAT' to `-x86:aesni'.)
7 -- Mark Wooding <mdw@distorted.org.uk> Sat, 13 Jun 2020 18:10:53 +0100
9 catacomb (2.6.1) experimental; urgency=medium
11 * catacomb: Fix segfault from `rand_quick' on i386.
13 -- Mark Wooding <mdw@distorted.org.uk> Mon, 25 May 2020 17:45:02 +0100
15 catacomb (2.6.0) experimental; urgency=medium
17 * catacomb: Introduce Mike Hamburg's `STROBE' syymetric encryption
18 framework, based on Keccak.
19 * catacomb: Fix KCDSA prime generation so that it makes primes of
20 exactly the right length. I think this is the last of the prime-
21 generation algorthms that needs fixing.
22 * catacomb: Inttroduce low-level key-file functions to accommodate
24 * catacomb: Support `tag:', `id:' and `type:' prefixes in `bytag' key
26 * catacomb-bin: Be consistent about metasyntax used to denote hash
28 * catacomb: Introduce fast SIMD multiplication for ARM32 and ARM64
29 platforms. I think this finally means that X86 and ARM have similar
30 levels of optimization.
31 * catacomb: Check SIMD feature bit on ARM64 before using the optimized
32 code. I don't know of any ARM64 implementations which lack SIMD
33 instructions, but the bit must be there for a reason, so I might as
35 * catacomb-dev: Allow reading the current number of passes from a
37 * catacomb: Prefer X84 `rdseed' instruction for quick entropy over
38 `rdrand' if it's available.
40 -- Mark Wooding <mdw@distorted.org.uk> Sat, 09 May 2020 17:38:45 +0100
42 catacomb (2.5.2) experimental; urgency=medium
44 * Merge changes from 2.4.5.
45 * catacomb-dev: Fix ARM32 FP/SIMD register dumping.
47 -- Mark Wooding <mdw@distorted.org.uk> Sat, 09 May 2020 20:50:57 +0100
49 catacomb (2.5.1) experimental; urgency=medium
51 * Merge changes from 2.4.4.
53 -- Mark Wooding <mdw@distorted.org.uk> Sun, 29 Sep 2019 17:50:59 +0100
55 catacomb (2.5.0) experimental; urgency=medium
57 * catacomb: MACs based on blockciphers: PMAC1 and CMAC (also known as
59 * catacomb: Authenticated Encryption with Additional Data (AEAD)
60 schemes. Some based on blockciphers: CCM, EAX, GCM (with CPU-specific
61 acceleration), OCB1 and OCB3 (OCB2 is broken). Also Salsa20 and
62 ChaCha20 with Poly1305: the RFC7539 scheme, and the NaCl `secret_box'
64 * catacomb: Implement Grantham's Frobenius test. Combine it with
65 Rabin--Miller, as Baillie--PSW, for testing given primes.
66 * catacomb-bin (catcrypt): Support AEAD schemes for bulk crypto.
67 * catacomb-bin (perftest): Options for batching; report cycle counts
69 * Many internal improvements: better documentation, debugging, testing,
72 -- Mark Wooding <mdw@distorted.org.uk> Sat, 21 Sep 2019 21:26:44 +0100
74 catacomb (2.4.5) experimental; urgency=medium
76 * catacomb: Fix memory leak in key-file error handling.
77 * catacomb: Don't leak internal `exptime' symbol into the global
79 * catacomb: Check that the X86 `rdrand' instruction actually works
80 before leaning on it. This is in response to the well-publicized AMD
81 bug which always returns all-bits-set with the carry /set/ (indicating
83 * catacomb: Mix in the random pool key during `rand_gate' and
84 `rand_stretch' operations.
85 * catacomb: Fix by-tag key lookups: if the query string looks like a hex
86 number, it's treated as a search by id; but if no such id is found,
87 the search wouldn't continue to look for a key by type or tag.
88 * catacomb: Fix reference leak in `key_split'.
89 * catacomb: Fix bug which completely broke `key_copydata'.
90 * catacomb: Fix segfault from `pgen', if it fails before setting up the
92 * catacomb: Propagate failure from `pgen' during Lim--Lee prime
93 generation, rather than immediately retrying.
94 * catacomb: Fix memory leak of factor vector from failed Lim--Lee prime
96 * catacomb: Fix segfault when multiplying the identity elliptic-curve
98 * catacomb: Fix the `lcrand' descriptor, so that it's not advertised as
99 being cryptographically strong, and to fix a bias in its output.
100 * catacomb: Fix a memory leak in the error case of KCDSA prime
102 * catacomb-bin: Fix segfault from `pixie', if given an empty passphrase
104 * catacomb: Check SIMD feature bit on ARM64 before using the optimized
105 code. I don't know of any ARM64 implementations which lack SIMD
106 instructions, but the bit must be there for a reason, so I might as
108 * catacomb: Support parsing binary-group descriptions. This is a long-
109 standing lacuna that I've only recently noticed.
111 -- Mark Wooding <mdw@distorted.org.uk> Sat, 09 May 2020 17:46:24 +0100
113 catacomb (2.4.4) experimental; urgency=medium
115 * debian: Bump to Debhelper 10.
116 * debian: Ship a shared-library `symbols' file for more precise
119 -- Mark Wooding <mdw@distorted.org.uk> Sun, 29 Sep 2019 15:58:26 +0100
121 catacomb (2.4.3) experimental; urgency=medium
123 * catacomb (idea): Fix key-length descriptor.
124 * catacomb (xchachaNN): Fix nonce-size descriptor.
125 * catacomb (key-management): Fix incorrect handling of keyring
127 * catacomb-dev: Configure `pkg-config' correctly for static linking.
128 * catacomb, catacomb-bin (cookie, dsig): Fix hash-function length
129 padding on very long messages, and handling of large datestamps.
130 * catacomb-bin (catsign): Don't open temporary files unnecessarily.
131 * catacomb-bin (catcrypt): Fix key-attribute parsing.
132 * catacomb-bin (perftest): Add missing help-string text for `-n' used
133 with `enc' and `hash'
135 -- Mark Wooding <mdw@distorted.org.uk> Sat, 21 Sep 2019 17:43:59 +0100
137 catacomb (2.4.2) experimental; urgency=medium
139 * catacomb2: Support multi-arch at last.
140 * catacomb2: Fix mangled key-size data for HMAC.
141 * rspit: Support generating large files.
142 * pixie: Improve error-handling around dropping privilege.
143 * ed25519, ed448: Very minor performance improvement.
144 * salsa20, chacha: Fix crash if nonce is none, as it is when invoked by
146 * salsa20, chacha: Fix declaration of cipher classes to prevent them
147 ending up as (useless) common symbols in client code.
148 * limlee: Improve the prime size heuristics.
149 * sha, sha256, sha512: Restructure compression function to improve
150 performance and use less memory.
151 * rijndael: Include enough round constants to make very tiny keys work
154 -- Mark Wooding <mdw@distorted.org.uk> Tue, 12 Jun 2018 01:15:59 +0100
156 catacomb (2.4.1) experimental; urgency=low
158 * catacomb2: Two's-complement fix from 2.3.x release branch.
160 -- Mark Wooding <mdw@distorted.org.uk> Thu, 22 Jun 2017 09:37:40 +0100
162 catacomb (2.4.0.1) experimental; urgency=low
164 * Fix build failure with later ARM assemblers.
166 -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 21:05:35 +0100
168 catacomb (2.4.0) experimental; urgency=low
170 * catacomb2: Implemented Bernstein's Poly1305 message-authentication
172 * catacomb2: Support RFC7539's different nonce/counter split in ChaCha
174 * catacomb2: Implement Bernstein's X25519.
175 * catacomb2: Implement Hamburg's X448 (RFC7748).
176 * catacomb2: Implement Bernstein, Duif, Lange, Schwabe, Yang's Ed25519,
177 as defined in RFC8032.
178 * catacomb2: Implement Ed448, based on Hamburg's curve, as defined in
180 * catacomb2: Implement Keccak-p[1600, n] as defined in FIPS202.
181 * catacomb2: Implement SHA3, SHAKE, as defined in FIPS202.
182 * catacomb2: Implement cSHAKE, KMAC, as defined in SP800-185.
183 * catacomb2: Allow RSA key generation with chosen public exponent.
184 * catacomb2: Optimize RSA public-key operations with common public
186 * catacomb-bin: Support new algorithms in the provided tools.
187 * catacomb-bin: Allow parameters keys for all key types.
189 -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 16:07:00 +0100
191 catacomb (2.3.2) experimental; urgency=low
193 * catacomb2: Fix bignum loading and storing in two's complement form.
195 -- Mark Wooding <mdw@distorted.org.uk> Thu, 22 Jun 2017 09:34:59 +0100
197 catacomb (2.3.1) experimental; urgency=low
199 * catacomb2: Fix memory corruption when allocating `salsa20' and
201 * catacomb2: Fix segfault when opening read-only keyring with no
203 * catacomb2: Return the correct stream offset in `chacha_tell*'.
204 * catacomb2: Produce correct keyring files when they contain empty
206 * catacomb2: Fix cross-compilation-unit type incompatibility in prime
207 and binary group implementations.
208 * catacomb-dev: Add missing licence notices to `salsa20.h'.
209 * catacomb-bin: Fix assertion failure in RSA-PSS signing.
210 * catacomb-bin: Fix uninitialized structure slot in RSA-PSS signing and
212 * catacomb-bin: Compare MAC tags in constant time.
213 * catacomb2: Fix a (minor) source of bias in BBS and RSA key generation.
215 -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 04:05:00 +0100
217 catacomb (2.3.0.1) experimental; urgency=low
219 * catacomb2: Actually make the stack non-executable rather than just
222 -- Mark Wooding <mdw@distorted.org.uk> Wed, 05 Apr 2017 09:00:55 +0100
224 catacomb (2.3.0) experimental; urgency=low
226 * catacomb2: Use the correct Oakley 2048 group. For a long time, this
227 was a duplicate of the Oakley 1536 group. There's a compatibility
228 break here, but it's for the best.
229 * catacomb2: Include `.note.GNU-stack' sections in the assembler code,
230 so that the process stack doesn't get marked executable.
231 * catacomb2: New SSE2-based multipliers for i386 and AMD64.
232 * catacomb2: Lots of other improvements to the assembler code.
234 -- Mark Wooding <mdw@distorted.org.uk> Mon, 03 Apr 2017 10:24:17 +0100
236 catacomb (2.2.5) experimental; urgency=low
238 * catacomb2 (ARM AES): Fix crash from `rijndael*_init' when key material
240 * build: Use less obsolete macro names in configure script.
242 -- Mark Wooding <mdw@distorted.org.uk> Tue, 12 Jul 2016 10:27:05 +0100
244 catacomb (2.2.4) experimental; urgency=low
246 * build: Fix build failures on post-wheezy Debian versions.
247 * catacomb2: Use ARM AES instructions if available. (But they can't be
248 assembled using wheezy's version of gas, so this doesn't work in the
250 * catacomb2: Fix poor performance (and wrong answers for very small
251 numbers) in prime generation.
252 * catacomb2: Return numbers of exactly the requested length in prime and
253 public-key generation. The `strongprime' and `limlee' algorithms have
254 changed as a result; previously verifiable parameters generated using
255 this algorithm won't be verifiable any more.
256 * catacomb-dev: Deprecate the old `dsa' functions. Use `gdsa' instead.
258 -- Mark Wooding <mdw@distorted.org.uk> Sun, 26 Jun 2016 14:18:14 +0100
260 catacomb (2.2.3) experimental; urgency=low
262 * rand: Make the main generator resiliant in the face of fork(2).
263 * rand: Introduce `rand_quick', which may also mix in CPU-level
265 * rand: Use higher-resolution timer in the quick-win noise source.
266 * debian: Pick up correct `catacomb-dev' Depends entry from 2.2.1.1
267 which got lost down the side of the sofas.
269 -- Mark Wooding <mdw@distorted.org.uk> Mon, 13 Jun 2016 22:22:33 +0100
271 catacomb (2.2.2) experimental; urgency=low
273 * build: Cope with newer Autotools and related equipment.
274 * Miscellaneous small fixes for Cygwin.
275 * catacomb2 (mp_testbit): Fix overread on reading one-bit-past-the-end;
276 particularly, this causes a segfault reading bit zero of a zero-length
279 -- Mark Wooding <mdw@distorted.org.uk> Sat, 04 Jun 2016 01:12:01 +0100
281 catacomb (2.2.1.1) experimental; urgency=low
283 * Arrange that catacomb-dev Depends on correct version of mlib-dev. It
284 really won't work well without it.
286 -- Mark Wooding <mdw@distorted.org.uk> Fri, 19 Feb 2016 09:04:50 +0000
288 catacomb (2.2.1) experimental; urgency=low
290 * Some internal improvements.
291 * Debian packaging cleanups (fix build-depends, update mLib dependency).
293 -- Mark Wooding <mdw@distorted.org.uk> Thu, 18 Feb 2016 16:43:09 +0000
295 catacomb (2.2.0) experimental; urgency=low
297 * catacomb2: Fix rsa_recover crash on even modulus.
298 * catacomb-bin: Report error taking factorial of negative input.
299 * catacomb2: Fix EC_FIND and EC_NEG on 2-torsion points of prime curves.
300 * catacomb-dev: Support multiple flavours of EC point compression.
301 * catacomb2: Fix theoretical rsa_recover crash if factoring loop runs
302 out of prime numbers.
303 * catacomb2: Overhaul crypto primitives used in true-random generator.
304 * catacomb-bin: Improve rspit: high-resolution timing, and 64-bit size
306 * catacomb-dev: New conversions between MP integers and C integer types.
307 * catacomb2: Change gcipher for Seal incompatibly. The IV is now
308 big-endian bytes (rather than `uint32'), and the `block size' is 4.
309 * catacomb2: Mix a constant string into DSA nonce generation to improve
310 resistance to protocol interference.
311 * catacomb2: Fix the freewheel random source, which hasn't been enabled
312 for ages due to a configure-script bug.
313 * catacomb-bin: The key tool can now read and write multiple
314 presentations for key fingerprints.
315 * catacomb2, catacomb-dev: Support Daniel Bernstein's Salsa20 and ChaCha
318 -- Mark Wooding <mdw@distorted.org.uk> Mon, 20 Jul 2015 14:15:31 +0100
320 catacomb (2.1.7) experimental; urgency=low
322 * A number of entropy-source fixes.
324 * Add more elliptic curves, from Brainpool and BADA55.
325 * hashsum: Fix hash file verification.
327 -- Mark Wooding <mdw@distorted.org.uk> Wed, 16 Jul 2014 10:21:23 +0100
329 catacomb (2.1.6.1) experimental; urgency=low
331 * Fix building from source tarball.
332 * Fix building with Python 2.5.
334 -- Mark Wooding <mdw@distorted.org.uk> Sat, 28 Dec 2013 14:21:36 +0000
336 catacomb (2.1.6) experimental; urgency=low
338 * mpreduce: Extend domain to all positive integers.
339 * gfreduce: Fix out-of-bounds memory access.
340 * gcd: Don't clobber signs of `constants' when GCD calculation is trivial.
341 * pixie: Don't replace existing pixie unless explicitly requested.
343 -- Mark Wooding <mdw@distorted.org.uk> Fri, 27 Dec 2013 14:28:57 +0000
345 catacomb (2.1.5) experimental; urgency=low
349 -- Mark Wooding <mdw@distorted.org.uk> Mon, 29 Jun 2013 00:38:58 +0100
351 catacomb (2.1.4) experimental; urgency=low
353 * Constant-time operations.
354 * Some minor fixes to header files.
356 -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 May 2013 22:34:23 +0100
358 catacomb (2.1.3) experimental; urgency=low
360 * Fibonacci sequence computation: mp_fibonacci function and fibonacci(1)
362 * Upper bounds on phrase entropy in mkphrase(1).
363 * Don't make the Pixie setuid-root by default. Make the documentation
366 -- Mark Wooding <mdw@distorted.org.uk> Thu, 11 Apr 2013 12:06:28 +0100
368 catacomb (2.1.2.1) experimental; urgency=low
370 * hashsum: Document `--progress' option in `--help' output.
372 -- Mark Wooding <mdw@distorted.org.uk> Thu, 28 Feb 2013 17:35:49 +0000
374 catacomb (2.1.2) experimental; urgency=low
376 * hashsum: Correct return code when running in `-c' mode.
377 * dsig: Fix core dump on large-ish outputs.
378 * dsig: Fix repeat-close bug.
379 * dsig: Accept precomputed hashes when making signatures.
380 * Utilities: New `-p' option for progress bars.
381 * dsig, hashsum: New `-j' option checks for files not covered by
383 * Various library improvements.
385 -- Mark Wooding <mdw@distorted.org.uk> Wed, 09 Jan 2013 03:26:44 +0000
387 catacomb (2.1.1) experimental; urgency=low
389 * Do configuration through pkgconfig.
391 -- Mark Wooding <mdw@distorted.org.uk> Mon, 17 Mar 2008 18:36:30 +0000
393 catacomb (2.1.0) experimental; urgency=low
395 * Added support for elliptic curves, on both prime and binary fields
396 (polynomial basis only). No actual crypto, but there's enough already
397 to do ECDH and stuff on well-known curves Testing is currently a bit
400 -- Mark Wooding <mdw@nsict.org> Sun, 21 Mar 2004 22:47:56 +0000
402 catacomb (2.0.1) experimental; urgency=low
405 * (pixie): Don't report uninteresting errors when accepting connections.
407 -- Mark Wooding <mdw@nsict.org> Thu, 11 Dec 2003 10:47:59 +0000
~mdw / catacomb / blob