+catacomb (2.6.99~) experimental; urgency=medium
+
+ * (placeholder for next minor version)
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 29 Aug 2020 00:42:11 +0100
+
+catacomb (2.6.2) experimental; urgency=medium
+
+ * catacomb: Fix incorrect feature test for AESNI on Intel processors.
+ (This was introduced in 2.6.0. Workaround for affected processors on
+ 2.6.0 and 2.6.1: set `CATACOMB_CPUFEAT' to `-x86:aesni'.)
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 13 Jun 2020 18:10:53 +0100
+
+catacomb (2.6.1) experimental; urgency=medium
+
+ * catacomb: Fix segfault from `rand_quick' on i386.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Mon, 25 May 2020 17:45:02 +0100
+
+catacomb (2.6.0) experimental; urgency=medium
+
+ * catacomb: Introduce Mike Hamburg's `STROBE' syymetric encryption
+ framework, based on Keccak.
+ * catacomb: Fix KCDSA prime generation so that it makes primes of
+ exactly the right length. I think this is the last of the prime-
+ generation algorthms that needs fixing.
+ * catacomb: Inttroduce low-level key-file functions to accommodate
+ Python 3 bindings.
+ * catacomb: Support `tag:', `id:' and `type:' prefixes in `bytag' key
+ queries.
+ * catacomb-bin: Be consistent about metasyntax used to denote hash
+ function names.
+ * catacomb: Introduce fast SIMD multiplication for ARM32 and ARM64
+ platforms. I think this finally means that X86 and ARM have similar
+ levels of optimization.
+ * catacomb: Check SIMD feature bit on ARM64 before using the optimized
+ code. I don't know of any ARM64 implementations which lack SIMD
+ instructions, but the bit must be there for a reason, so I might as
+ well use it.
+ * catacomb-dev: Allow reading the current number of passes from a
+ `dsarand' object.
+ * catacomb: Prefer X84 `rdseed' instruction for quick entropy over
+ `rdrand' if it's available.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 09 May 2020 17:38:45 +0100
+
+catacomb (2.5.2) experimental; urgency=medium
+
+ * Merge changes from 2.4.5.
+ * catacomb-dev: Fix ARM32 FP/SIMD register dumping.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 09 May 2020 20:50:57 +0100
+
+catacomb (2.5.1) experimental; urgency=medium
+
+ * Merge changes from 2.4.4.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sun, 29 Sep 2019 17:50:59 +0100
+
+catacomb (2.5.0) experimental; urgency=medium
+
+ * catacomb: MACs based on blockciphers: PMAC1 and CMAC (also known as
+ OMAC).
+ * catacomb: Authenticated Encryption with Additional Data (AEAD)
+ schemes. Some based on blockciphers: CCM, EAX, GCM (with CPU-specific
+ acceleration), OCB1 and OCB3 (OCB2 is broken). Also Salsa20 and
+ ChaCha20 with Poly1305: the RFC7539 scheme, and the NaCl `secret_box'
+ transform.
+ * catacomb: Implement Grantham's Frobenius test. Combine it with
+ Rabin--Miller, as Baillie--PSW, for testing given primes.
+ * catacomb-bin (catcrypt): Support AEAD schemes for bulk crypto.
+ * catacomb-bin (perftest): Options for batching; report cycle counts
+ where available.
+ * Many internal improvements: better documentation, debugging, testing,
+ etc.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 21 Sep 2019 21:26:44 +0100
+
+catacomb (2.4.5) experimental; urgency=medium
+
+ * catacomb: Fix memory leak in key-file error handling.
+ * catacomb: Don't leak internal `exptime' symbol into the global
+ namespace.
+ * catacomb: Check that the X86 `rdrand' instruction actually works
+ before leaning on it. This is in response to the well-publicized AMD
+ bug which always returns all-bits-set with the carry /set/ (indicating
+ success).
+ * catacomb: Mix in the random pool key during `rand_gate' and
+ `rand_stretch' operations.
+ * catacomb: Fix by-tag key lookups: if the query string looks like a hex
+ number, it's treated as a search by id; but if no such id is found,
+ the search wouldn't continue to look for a key by type or tag.
+ * catacomb: Fix reference leak in `key_split'.
+ * catacomb: Fix bug which completely broke `key_copydata'.
+ * catacomb: Fix segfault from `pgen', if it fails before setting up the
+ prime tester.
+ * catacomb: Propagate failure from `pgen' during Lim--Lee prime
+ generation, rather than immediately retrying.
+ * catacomb: Fix memory leak of factor vector from failed Lim--Lee prime
+ generation.
+ * catacomb: Fix segfault when multiplying the identity elliptic-curve
+ point.
+ * catacomb: Fix the `lcrand' descriptor, so that it's not advertised as
+ being cryptographically strong, and to fix a bias in its output.
+ * catacomb: Fix a memory leak in the error case of KCDSA prime
+ generation.
+ * catacomb-bin: Fix segfault from `pixie', if given an empty passphrase
+ to remember.
+ * catacomb: Check SIMD feature bit on ARM64 before using the optimized
+ code. I don't know of any ARM64 implementations which lack SIMD
+ instructions, but the bit must be there for a reason, so I might as
+ well use it.
+ * catacomb: Support parsing binary-group descriptions. This is a long-
+ standing lacuna that I've only recently noticed.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 09 May 2020 17:46:24 +0100
+
+catacomb (2.4.4) experimental; urgency=medium
+
+ * debian: Bump to Debhelper 10.
+ * debian: Ship a shared-library `symbols' file for more precise
+ dependencies.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sun, 29 Sep 2019 15:58:26 +0100
+
+catacomb (2.4.3) experimental; urgency=medium
+
+ * catacomb (idea): Fix key-length descriptor.
+ * catacomb (xchachaNN): Fix nonce-size descriptor.
+ * catacomb (key-management): Fix incorrect handling of keyring
+ modifiability.
+ * catacomb-dev: Configure `pkg-config' correctly for static linking.
+ * catacomb, catacomb-bin (cookie, dsig): Fix hash-function length
+ padding on very long messages, and handling of large datestamps.
+ * catacomb-bin (catsign): Don't open temporary files unnecessarily.
+ * catacomb-bin (catcrypt): Fix key-attribute parsing.
+ * catacomb-bin (perftest): Add missing help-string text for `-n' used
+ with `enc' and `hash'
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 21 Sep 2019 17:43:59 +0100
+
+catacomb (2.4.2) experimental; urgency=medium
+
+ * catacomb2: Support multi-arch at last.
+ * catacomb2: Fix mangled key-size data for HMAC.
+ * rspit: Support generating large files.
+ * pixie: Improve error-handling around dropping privilege.
+ * ed25519, ed448: Very minor performance improvement.
+ * salsa20, chacha: Fix crash if nonce is none, as it is when invoked by
+ `rspit'.
+ * salsa20, chacha: Fix declaration of cipher classes to prevent them
+ ending up as (useless) common symbols in client code.
+ * limlee: Improve the prime size heuristics.
+ * sha, sha256, sha512: Restructure compression function to improve
+ performance and use less memory.
+ * rijndael: Include enough round constants to make very tiny keys work
+ correctly.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Tue, 12 Jun 2018 01:15:59 +0100
+
+catacomb (2.4.1) experimental; urgency=low
+
+ * catacomb2: Two's-complement fix from 2.3.x release branch.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Thu, 22 Jun 2017 09:37:40 +0100
+
+catacomb (2.4.0.1) experimental; urgency=low
+
+ * Fix build failure with later ARM assemblers.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 21:05:35 +0100
+
+catacomb (2.4.0) experimental; urgency=low
+
+ * catacomb2: Implemented Bernstein's Poly1305 message-authentication
+ code.
+ * catacomb2: Support RFC7539's different nonce/counter split in ChaCha
+ and Salsa20.
+ * catacomb2: Implement Bernstein's X25519.
+ * catacomb2: Implement Hamburg's X448 (RFC7748).
+ * catacomb2: Implement Bernstein, Duif, Lange, Schwabe, Yang's Ed25519,
+ as defined in RFC8032.
+ * catacomb2: Implement Ed448, based on Hamburg's curve, as defined in
+ RFC8032.
+ * catacomb2: Implement Keccak-p[1600, n] as defined in FIPS202.
+ * catacomb2: Implement SHA3, SHAKE, as defined in FIPS202.
+ * catacomb2: Implement cSHAKE, KMAC, as defined in SP800-185.
+ * catacomb2: Allow RSA key generation with chosen public exponent.
+ * catacomb2: Optimize RSA public-key operations with common public
+ exponents.
+ * catacomb-bin: Support new algorithms in the provided tools.
+ * catacomb-bin: Allow parameters keys for all key types.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 16:07:00 +0100
+
+catacomb (2.3.2) experimental; urgency=low
+
+ * catacomb2: Fix bignum loading and storing in two's complement form.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Thu, 22 Jun 2017 09:34:59 +0100
+
+catacomb (2.3.1) experimental; urgency=low
+
+ * catacomb2: Fix memory corruption when allocating `salsa20' and
+ `chacha'-based RNGs.
+ * catacomb2: Fix segfault when opening read-only keyring with no
+ associated file.
+ * catacomb2: Return the correct stream offset in `chacha_tell*'.
+ * catacomb2: Produce correct keyring files when they contain empty
+ keys.
+ * catacomb2: Fix cross-compilation-unit type incompatibility in prime
+ and binary group implementations.
+ * catacomb-dev: Add missing licence notices to `salsa20.h'.
+ * catacomb-bin: Fix assertion failure in RSA-PSS signing.
+ * catacomb-bin: Fix uninitialized structure slot in RSA-PSS signing and
+ verifying.
+ * catacomb-bin: Compare MAC tags in constant time.
+ * catacomb2: Fix a (minor) source of bias in BBS and RSA key generation.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 04:05:00 +0100
+
+catacomb (2.3.0.1) experimental; urgency=low
+
+ * catacomb2: Actually make the stack non-executable rather than just
+ pretending.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Wed, 05 Apr 2017 09:00:55 +0100
+
+catacomb (2.3.0) experimental; urgency=low
+
+ * catacomb2: Use the correct Oakley 2048 group. For a long time, this
+ was a duplicate of the Oakley 1536 group. There's a compatibility
+ break here, but it's for the best.
+ * catacomb2: Include `.note.GNU-stack' sections in the assembler code,
+ so that the process stack doesn't get marked executable.
+ * catacomb2: New SSE2-based multipliers for i386 and AMD64.
+ * catacomb2: Lots of other improvements to the assembler code.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Mon, 03 Apr 2017 10:24:17 +0100
+
+catacomb (2.2.5) experimental; urgency=low
+
+ * catacomb2 (ARM AES): Fix crash from `rijndael*_init' when key material
+ is unaligned.
+ * build: Use less obsolete macro names in configure script.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Tue, 12 Jul 2016 10:27:05 +0100
+
+catacomb (2.2.4) experimental; urgency=low
+
+ * build: Fix build failures on post-wheezy Debian versions.
+ * catacomb2: Use ARM AES instructions if available. (But they can't be
+ assembled using wheezy's version of gas, so this doesn't work in the
+ binary package.)
+ * catacomb2: Fix poor performance (and wrong answers for very small
+ numbers) in prime generation.
+ * catacomb2: Return numbers of exactly the requested length in prime and
+ public-key generation. The `strongprime' and `limlee' algorithms have
+ changed as a result; previously verifiable parameters generated using
+ this algorithm won't be verifiable any more.
+ * catacomb-dev: Deprecate the old `dsa' functions. Use `gdsa' instead.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sun, 26 Jun 2016 14:18:14 +0100
+
+catacomb (2.2.3) experimental; urgency=low
+
+ * rand: Make the main generator resiliant in the face of fork(2).
+ * rand: Introduce `rand_quick', which may also mix in CPU-level
+ randomness sources.
+ * rand: Use higher-resolution timer in the quick-win noise source.
+ * debian: Pick up correct `catacomb-dev' Depends entry from 2.2.1.1
+ which got lost down the side of the sofas.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Mon, 13 Jun 2016 22:22:33 +0100
+
+catacomb (2.2.2) experimental; urgency=low
+
+ * build: Cope with newer Autotools and related equipment.
+ * Miscellaneous small fixes for Cygwin.
+ * catacomb2 (mp_testbit): Fix overread on reading one-bit-past-the-end;
+ particularly, this causes a segfault reading bit zero of a zero-length
+ integer.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Sat, 04 Jun 2016 01:12:01 +0100
+
+catacomb (2.2.1.1) experimental; urgency=low
+
+ * Arrange that catacomb-dev Depends on correct version of mlib-dev. It
+ really won't work well without it.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Fri, 19 Feb 2016 09:04:50 +0000
+
+catacomb (2.2.1) experimental; urgency=low
+
+ * Some internal improvements.
+ * Debian packaging cleanups (fix build-depends, update mLib dependency).
+
+ -- Mark Wooding <mdw@distorted.org.uk> Thu, 18 Feb 2016 16:43:09 +0000
+
+catacomb (2.2.0) experimental; urgency=low
+
+ * catacomb2: Fix rsa_recover crash on even modulus.
+ * catacomb-bin: Report error taking factorial of negative input.
+ * catacomb2: Fix EC_FIND and EC_NEG on 2-torsion points of prime curves.
+ * catacomb-dev: Support multiple flavours of EC point compression.
+ * catacomb2: Fix theoretical rsa_recover crash if factoring loop runs
+ out of prime numbers.
+ * catacomb2: Overhaul crypto primitives used in true-random generator.
+ * catacomb-bin: Improve rspit: high-resolution timing, and 64-bit size
+ support.
+ * catacomb-dev: New conversions between MP integers and C integer types.
+ * catacomb2: Change gcipher for Seal incompatibly. The IV is now
+ big-endian bytes (rather than `uint32'), and the `block size' is 4.
+ * catacomb2: Mix a constant string into DSA nonce generation to improve
+ resistance to protocol interference.
+ * catacomb2: Fix the freewheel random source, which hasn't been enabled
+ for ages due to a configure-script bug.
+ * catacomb-bin: The key tool can now read and write multiple
+ presentations for key fingerprints.
+ * catacomb2, catacomb-dev: Support Daniel Bernstein's Salsa20 and ChaCha
+ stream ciphers.
+
+ -- Mark Wooding <mdw@distorted.org.uk> Mon, 20 Jul 2015 14:15:31 +0100
+
catacomb (2.1.7) experimental; urgency=low
* A number of entropy-source fixes.
~mdw / catacomb / blobdiff