1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
Release 1.16.1:
- Make the tests faster and more robust
- Update dependencies and documentation.
Release 1.16:
- Use dune as the build system (contributed by Andrey Mokhov, PR #24)
- Add BLAKE2b and BLAKE2s hash and MAC functions.
Release 1.15:
- Added constant-time `string_equal` and `bytes_equal` comparison functions
(execution time depends on the lengths of the strings but not on their
contents) (issue #13, PR #14)
- Caml FFI: use caml_ long names and CAML_NAME_SPACE; get rid of Begin_roots
- OASIS files regenerated in dynamic mode for OCaml 4.09 compatibility.
For this reason, OASIS is now a build dependency.
Release 1.14:
- Ensure compatibility with OCaml 4.09 and up.
- Detect early AMD Ryzen 3000 bug where the RDRAND instruction always
generates 0xFF...FF, and, in this case, report the hardware RNG as
unavailable.
- Fix formatting of documentation comments (issue #3, PR #5)
- Optional argument to control whether the zlib transform expects a
zlib header (PR #12).
- Fix issue with zlib >= 1.2.9 where internal sanity check is affected
by the stream data block being moved by OCaml's GC (issue #7, PR #17).
- DH.new_parameters: update documentation to suggest at least 2048
bits (PR #18).
- DH.derive_key: use SHA256 instead of SHA1 (PR #19).
Release 1.13:
- Add the Chacha20 stream cipher.
- Add the AES-CMAC (a.k.a. AES-OMAC1) message authentication code.
- Pseudo-random number generator: replace the old AES-CBC-Fibonacci generator
with a faster, simpler generator based on Chacha20.
- Add an alternate pseudo-random number generator based on AES in CTR mode.
- Documentation: warn about known cryptographic weaknesses in Triple DES,
Blowfish, and ARCfour.
- Documentation: warn about problems with variable-length messages in
MACs based on block ciphers in CBC mode.
Release 1.12:
- Fix x86-32 compilation error and improve detection of AES-NI for x86
processors (Jeremie Dimino, Etienne Millon)
(Closes: #1646)
- AES-NI: align key_schedule on a 16 byte boundary (Etienne Millon)
(Closes: #1709)
- Add original Keccak submission to SHA-3 (Yoichi Hirai)
Release 1.11:
- Adapt to "safe string" mode (OCaml 4.02 and later required).
The API should remain backward-compatible for clients compiled
in "unsafe string" mode.
- Update SHA-3 to the official NIST standard (different padding than
in the Keccak submission). (Closes: #1528)
- Fixed bounds checking in "add_substring" methods of hash functions
and other functions that operate on a substring of a string.
(Closes: #1480)
- Use hardware implementation of AES when available on x86 processors.
(Faster than the software implementation and less sensitive to
side channel attacks.)
- Use the Zarith library to implement RSA.
(Faster than the previous implementation and less sensitive to
side channel attacks.)
- Support the hardware random number generator present in recent
x86 processors.
- Rebuilt generated files with Oasis 0.4.6 for OCaml 4.03 compatibility.
Release 1.10:
- Add all SHA-2 hash functions: SHA-224, SHA-384 and SHA-512
in addition to the existing SHA-256. (Closes: #1223)
- Add support for CTR (Counter) chaining mode.
- Fix compilation error with OCaml 4.03+dev.
- Avoid using some obsolete OCaml stdlib functions.
Release 1.9:
- More fixes to build in Windows with zlib (mingw and msvc).
Release 1.8:
- Build .cmxs with C bindings (Closes: #1303)
- Use advapi32 on Windows (Close: #1055)
- Allow to define --zlib-include and --zlib-libdir if zlib is not installed in
the standard location.
Release 1.7:
- Added SHA-3 hash function.
Release 1.6:
- Regenerate setup.ml with oasis 0.3.0~rc6 version
Release 1.5:
- Fix bug check in buffered_output#ensure_capacity (Closes: #879)
- Allow to have padding in Base64 (Closes: #897)
Release 1.4:
- Added Blowfish block cipher.
- Added MAC functions based on HMAC construction applied to
SHA-256 and RIPEMD-160.
- Added OASIS and findlib support (Closes: #589)
Release 1.3:
- Added hash functions SHA-256 and RIPEMD-160.
- Added "flush" method to transforms.
- Fixed infinite loop in decompression of incorrect data.
Release 1.2:
- MS Windows port
Release 1.1:
- Added Diffie-Hellman key agreement
- Exported raw modular arithmetic operations (mod_power, mod_mult)
Release 1.0:
- First public release
|