catacomb (2.6.99~) experimental; urgency=medium * (placeholder for next minor version) -- Mark Wooding Sat, 29 Aug 2020 00:42:11 +0100 catacomb (2.6.2) experimental; urgency=medium * catacomb: Fix incorrect feature test for AESNI on Intel processors. (This was introduced in 2.6.0. Workaround for affected processors on 2.6.0 and 2.6.1: set `CATACOMB_CPUFEAT' to `-x86:aesni'.) -- Mark Wooding Sat, 13 Jun 2020 18:10:53 +0100 catacomb (2.6.1) experimental; urgency=medium * catacomb: Fix segfault from `rand_quick' on i386. -- Mark Wooding Mon, 25 May 2020 17:45:02 +0100 catacomb (2.6.0) experimental; urgency=medium * catacomb: Introduce Mike Hamburg's `STROBE' syymetric encryption framework, based on Keccak. * catacomb: Fix KCDSA prime generation so that it makes primes of exactly the right length. I think this is the last of the prime- generation algorthms that needs fixing. * catacomb: Inttroduce low-level key-file functions to accommodate Python 3 bindings. * catacomb: Support `tag:', `id:' and `type:' prefixes in `bytag' key queries. * catacomb-bin: Be consistent about metasyntax used to denote hash function names. * catacomb: Introduce fast SIMD multiplication for ARM32 and ARM64 platforms. I think this finally means that X86 and ARM have similar levels of optimization. * catacomb: Check SIMD feature bit on ARM64 before using the optimized code. I don't know of any ARM64 implementations which lack SIMD instructions, but the bit must be there for a reason, so I might as well use it. * catacomb-dev: Allow reading the current number of passes from a `dsarand' object. * catacomb: Prefer X84 `rdseed' instruction for quick entropy over `rdrand' if it's available. -- Mark Wooding Sat, 09 May 2020 17:38:45 +0100 catacomb (2.5.2) experimental; urgency=medium * Merge changes from 2.4.5. * catacomb-dev: Fix ARM32 FP/SIMD register dumping. -- Mark Wooding Sat, 09 May 2020 20:50:57 +0100 catacomb (2.5.1) experimental; urgency=medium * Merge changes from 2.4.4. -- Mark Wooding Sun, 29 Sep 2019 17:50:59 +0100 catacomb (2.5.0) experimental; urgency=medium * catacomb: MACs based on blockciphers: PMAC1 and CMAC (also known as OMAC). * catacomb: Authenticated Encryption with Additional Data (AEAD) schemes. Some based on blockciphers: CCM, EAX, GCM (with CPU-specific acceleration), OCB1 and OCB3 (OCB2 is broken). Also Salsa20 and ChaCha20 with Poly1305: the RFC7539 scheme, and the NaCl `secret_box' transform. * catacomb: Implement Grantham's Frobenius test. Combine it with Rabin--Miller, as Baillie--PSW, for testing given primes. * catacomb-bin (catcrypt): Support AEAD schemes for bulk crypto. * catacomb-bin (perftest): Options for batching; report cycle counts where available. * Many internal improvements: better documentation, debugging, testing, etc. -- Mark Wooding Sat, 21 Sep 2019 21:26:44 +0100 catacomb (2.4.5) experimental; urgency=medium * catacomb: Fix memory leak in key-file error handling. * catacomb: Don't leak internal `exptime' symbol into the global namespace. * catacomb: Check that the X86 `rdrand' instruction actually works before leaning on it. This is in response to the well-publicized AMD bug which always returns all-bits-set with the carry /set/ (indicating success). * catacomb: Mix in the random pool key during `rand_gate' and `rand_stretch' operations. * catacomb: Fix by-tag key lookups: if the query string looks like a hex number, it's treated as a search by id; but if no such id is found, the search wouldn't continue to look for a key by type or tag. * catacomb: Fix reference leak in `key_split'. * catacomb: Fix bug which completely broke `key_copydata'. * catacomb: Fix segfault from `pgen', if it fails before setting up the prime tester. * catacomb: Propagate failure from `pgen' during Lim--Lee prime generation, rather than immediately retrying. * catacomb: Fix memory leak of factor vector from failed Lim--Lee prime generation. * catacomb: Fix segfault when multiplying the identity elliptic-curve point. * catacomb: Fix the `lcrand' descriptor, so that it's not advertised as being cryptographically strong, and to fix a bias in its output. * catacomb: Fix a memory leak in the error case of KCDSA prime generation. * catacomb-bin: Fix segfault from `pixie', if given an empty passphrase to remember. * catacomb: Check SIMD feature bit on ARM64 before using the optimized code. I don't know of any ARM64 implementations which lack SIMD instructions, but the bit must be there for a reason, so I might as well use it. * catacomb: Support parsing binary-group descriptions. This is a long- standing lacuna that I've only recently noticed. -- Mark Wooding Sat, 09 May 2020 17:46:24 +0100 catacomb (2.4.4) experimental; urgency=medium * debian: Bump to Debhelper 10. * debian: Ship a shared-library `symbols' file for more precise dependencies. -- Mark Wooding Sun, 29 Sep 2019 15:58:26 +0100 catacomb (2.4.3) experimental; urgency=medium * catacomb (idea): Fix key-length descriptor. * catacomb (xchachaNN): Fix nonce-size descriptor. * catacomb (key-management): Fix incorrect handling of keyring modifiability. * catacomb-dev: Configure `pkg-config' correctly for static linking. * catacomb, catacomb-bin (cookie, dsig): Fix hash-function length padding on very long messages, and handling of large datestamps. * catacomb-bin (catsign): Don't open temporary files unnecessarily. * catacomb-bin (catcrypt): Fix key-attribute parsing. * catacomb-bin (perftest): Add missing help-string text for `-n' used with `enc' and `hash' -- Mark Wooding Sat, 21 Sep 2019 17:43:59 +0100 catacomb (2.4.2) experimental; urgency=medium * catacomb2: Support multi-arch at last. * catacomb2: Fix mangled key-size data for HMAC. * rspit: Support generating large files. * pixie: Improve error-handling around dropping privilege. * ed25519, ed448: Very minor performance improvement. * salsa20, chacha: Fix crash if nonce is none, as it is when invoked by `rspit'. * salsa20, chacha: Fix declaration of cipher classes to prevent them ending up as (useless) common symbols in client code. * limlee: Improve the prime size heuristics. * sha, sha256, sha512: Restructure compression function to improve performance and use less memory. * rijndael: Include enough round constants to make very tiny keys work correctly. -- Mark Wooding Tue, 12 Jun 2018 01:15:59 +0100 catacomb (2.4.1) experimental; urgency=low * catacomb2: Two's-complement fix from 2.3.x release branch. -- Mark Wooding Thu, 22 Jun 2017 09:37:40 +0100 catacomb (2.4.0.1) experimental; urgency=low * Fix build failure with later ARM assemblers. -- Mark Wooding Sun, 14 May 2017 21:05:35 +0100 catacomb (2.4.0) experimental; urgency=low * catacomb2: Implemented Bernstein's Poly1305 message-authentication code. * catacomb2: Support RFC7539's different nonce/counter split in ChaCha and Salsa20. * catacomb2: Implement Bernstein's X25519. * catacomb2: Implement Hamburg's X448 (RFC7748). * catacomb2: Implement Bernstein, Duif, Lange, Schwabe, Yang's Ed25519, as defined in RFC8032. * catacomb2: Implement Ed448, based on Hamburg's curve, as defined in RFC8032. * catacomb2: Implement Keccak-p[1600, n] as defined in FIPS202. * catacomb2: Implement SHA3, SHAKE, as defined in FIPS202. * catacomb2: Implement cSHAKE, KMAC, as defined in SP800-185. * catacomb2: Allow RSA key generation with chosen public exponent. * catacomb2: Optimize RSA public-key operations with common public exponents. * catacomb-bin: Support new algorithms in the provided tools. * catacomb-bin: Allow parameters keys for all key types. -- Mark Wooding Sun, 14 May 2017 16:07:00 +0100 catacomb (2.3.2) experimental; urgency=low * catacomb2: Fix bignum loading and storing in two's complement form. -- Mark Wooding Thu, 22 Jun 2017 09:34:59 +0100 catacomb (2.3.1) experimental; urgency=low * catacomb2: Fix memory corruption when allocating `salsa20' and `chacha'-based RNGs. * catacomb2: Fix segfault when opening read-only keyring with no associated file. * catacomb2: Return the correct stream offset in `chacha_tell*'. * catacomb2: Produce correct keyring files when they contain empty keys. * catacomb2: Fix cross-compilation-unit type incompatibility in prime and binary group implementations. * catacomb-dev: Add missing licence notices to `salsa20.h'. * catacomb-bin: Fix assertion failure in RSA-PSS signing. * catacomb-bin: Fix uninitialized structure slot in RSA-PSS signing and verifying. * catacomb-bin: Compare MAC tags in constant time. * catacomb2: Fix a (minor) source of bias in BBS and RSA key generation. -- Mark Wooding Sun, 14 May 2017 04:05:00 +0100 catacomb (2.3.0.1) experimental; urgency=low * catacomb2: Actually make the stack non-executable rather than just pretending. -- Mark Wooding Wed, 05 Apr 2017 09:00:55 +0100 catacomb (2.3.0) experimental; urgency=low * catacomb2: Use the correct Oakley 2048 group. For a long time, this was a duplicate of the Oakley 1536 group. There's a compatibility break here, but it's for the best. * catacomb2: Include `.note.GNU-stack' sections in the assembler code, so that the process stack doesn't get marked executable. * catacomb2: New SSE2-based multipliers for i386 and AMD64. * catacomb2: Lots of other improvements to the assembler code. -- Mark Wooding Mon, 03 Apr 2017 10:24:17 +0100 catacomb (2.2.5) experimental; urgency=low * catacomb2 (ARM AES): Fix crash from `rijndael*_init' when key material is unaligned. * build: Use less obsolete macro names in configure script. -- Mark Wooding Tue, 12 Jul 2016 10:27:05 +0100 catacomb (2.2.4) experimental; urgency=low * build: Fix build failures on post-wheezy Debian versions. * catacomb2: Use ARM AES instructions if available. (But they can't be assembled using wheezy's version of gas, so this doesn't work in the binary package.) * catacomb2: Fix poor performance (and wrong answers for very small numbers) in prime generation. * catacomb2: Return numbers of exactly the requested length in prime and public-key generation. The `strongprime' and `limlee' algorithms have changed as a result; previously verifiable parameters generated using this algorithm won't be verifiable any more. * catacomb-dev: Deprecate the old `dsa' functions. Use `gdsa' instead. -- Mark Wooding Sun, 26 Jun 2016 14:18:14 +0100 catacomb (2.2.3) experimental; urgency=low * rand: Make the main generator resiliant in the face of fork(2). * rand: Introduce `rand_quick', which may also mix in CPU-level randomness sources. * rand: Use higher-resolution timer in the quick-win noise source. * debian: Pick up correct `catacomb-dev' Depends entry from 2.2.1.1 which got lost down the side of the sofas. -- Mark Wooding Mon, 13 Jun 2016 22:22:33 +0100 catacomb (2.2.2) experimental; urgency=low * build: Cope with newer Autotools and related equipment. * Miscellaneous small fixes for Cygwin. * catacomb2 (mp_testbit): Fix overread on reading one-bit-past-the-end; particularly, this causes a segfault reading bit zero of a zero-length integer. -- Mark Wooding Sat, 04 Jun 2016 01:12:01 +0100 catacomb (2.2.1.1) experimental; urgency=low * Arrange that catacomb-dev Depends on correct version of mlib-dev. It really won't work well without it. -- Mark Wooding Fri, 19 Feb 2016 09:04:50 +0000 catacomb (2.2.1) experimental; urgency=low * Some internal improvements. * Debian packaging cleanups (fix build-depends, update mLib dependency). -- Mark Wooding Thu, 18 Feb 2016 16:43:09 +0000 catacomb (2.2.0) experimental; urgency=low * catacomb2: Fix rsa_recover crash on even modulus. * catacomb-bin: Report error taking factorial of negative input. * catacomb2: Fix EC_FIND and EC_NEG on 2-torsion points of prime curves. * catacomb-dev: Support multiple flavours of EC point compression. * catacomb2: Fix theoretical rsa_recover crash if factoring loop runs out of prime numbers. * catacomb2: Overhaul crypto primitives used in true-random generator. * catacomb-bin: Improve rspit: high-resolution timing, and 64-bit size support. * catacomb-dev: New conversions between MP integers and C integer types. * catacomb2: Change gcipher for Seal incompatibly. The IV is now big-endian bytes (rather than `uint32'), and the `block size' is 4. * catacomb2: Mix a constant string into DSA nonce generation to improve resistance to protocol interference. * catacomb2: Fix the freewheel random source, which hasn't been enabled for ages due to a configure-script bug. * catacomb-bin: The key tool can now read and write multiple presentations for key fingerprints. * catacomb2, catacomb-dev: Support Daniel Bernstein's Salsa20 and ChaCha stream ciphers. -- Mark Wooding Mon, 20 Jul 2015 14:15:31 +0100 catacomb (2.1.7) experimental; urgency=low * A number of entropy-source fixes. * Internal tidying. * Add more elliptic curves, from Brainpool and BADA55. * hashsum: Fix hash file verification. -- Mark Wooding Wed, 16 Jul 2014 10:21:23 +0100 catacomb (2.1.6.1) experimental; urgency=low * Fix building from source tarball. * Fix building with Python 2.5. -- Mark Wooding Sat, 28 Dec 2013 14:21:36 +0000 catacomb (2.1.6) experimental; urgency=low * mpreduce: Extend domain to all positive integers. * gfreduce: Fix out-of-bounds memory access. * gcd: Don't clobber signs of `constants' when GCD calculation is trivial. * pixie: Don't replace existing pixie unless explicitly requested. -- Mark Wooding Fri, 27 Dec 2013 14:28:57 +0000 catacomb (2.1.5) experimental; urgency=low * New build system. -- Mark Wooding Mon, 29 Jun 2013 00:38:58 +0100 catacomb (2.1.4) experimental; urgency=low * Constant-time operations. * Some minor fixes to header files. -- Mark Wooding Mon, 27 May 2013 22:34:23 +0100 catacomb (2.1.3) experimental; urgency=low * Fibonacci sequence computation: mp_fibonacci function and fibonacci(1) example program. * Upper bounds on phrase entropy in mkphrase(1). * Don't make the Pixie setuid-root by default. Make the documentation less scary. -- Mark Wooding Thu, 11 Apr 2013 12:06:28 +0100 catacomb (2.1.2.1) experimental; urgency=low * hashsum: Document `--progress' option in `--help' output. -- Mark Wooding Thu, 28 Feb 2013 17:35:49 +0000 catacomb (2.1.2) experimental; urgency=low * hashsum: Correct return code when running in `-c' mode. * dsig: Fix core dump on large-ish outputs. * dsig: Fix repeat-close bug. * dsig: Accept precomputed hashes when making signatures. * Utilities: New `-p' option for progress bars. * dsig, hashsum: New `-j' option checks for files not covered by manifest. * Various library improvements. -- Mark Wooding Wed, 09 Jan 2013 03:26:44 +0000 catacomb (2.1.1) experimental; urgency=low * Do configuration through pkgconfig. -- Mark Wooding Mon, 17 Mar 2008 18:36:30 +0000 catacomb (2.1.0) experimental; urgency=low * Added support for elliptic curves, on both prime and binary fields (polynomial basis only). No actual crypto, but there's enough already to do ECDH and stuff on well-known curves Testing is currently a bit patchy. -- Mark Wooding Sun, 21 Mar 2004 22:47:56 +0000 catacomb (2.0.1) experimental; urgency=low * Debianization! * (pixie): Don't report uninteresting errors when accepting connections. -- Mark Wooding Thu, 11 Dec 2003 10:47:59 +0000